hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added test case @apollo/server with SSRF.

Browse Source
This commit is contained in:
Napalys
2025-03-19 12:31:54 +01:00
parent 179bae8791
commit 23fdc3534f
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
javascript/ql/test/query-tests/Security/CWE-918/apollo.serverSide.ts Normal file
View File

@@ -0,0 +1,14 @@
import { ApolloServer } from '@apollo/server';
import { get } from 'https';
function createApolloServer(typeDefs) {
const resolvers = {
Mutation: {
downloadFiles: async (_, { files }) => { // $ MISSING: Source[js/request-forgery]
files.forEach((file) => { get(file.url, (res) => {}); }); // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery]
return true;
},
},
};
const server = new ApolloServer({typeDefs, resolvers});
}