Merge pull request #213 from asger-semmle/sendfile

Approved by xiemaisi
2026-05-01 11:45:14 +02:00 · 2018-09-24 11:32:46 +01:00
parent d2f11dc18c 6f109a742f
commit 46178271d1
3 changed files with 5 additions and 1 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath.expected
@@ -25,4 +25,5 @@
 | tainted-array-steps.js:15:29:15:43 | parts.join('/') | This path depends on $@. | tainted-array-steps.js:9:24:9:30 | req.url | a user-provided value |
 | tainted-require.js:7:19:7:37 | req.param("module") | This path depends on $@. | tainted-require.js:7:19:7:37 | req.param("module") | a user-provided value |
 | tainted-sendFile.js:7:16:7:33 | req.param("gimme") | This path depends on $@. | tainted-sendFile.js:7:16:7:33 | req.param("gimme") | a user-provided value |
+| tainted-sendFile.js:9:16:9:33 | req.param("gimme") | This path depends on $@. | tainted-sendFile.js:9:16:9:33 | req.param("gimme") | a user-provided value |
 | views.js:1:43:1:55 | req.params[0] | This path depends on $@. | views.js:1:43:1:55 | req.params[0] | a user-provided value |
--- a/javascript/ql/test/query-tests/Security/CWE-022/tainted-sendFile.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/tainted-sendFile.js
@@ -5,4 +5,6 @@ var app = express();
 app.get('/some/path', function(req, res) {
  // BAD: sending a file based on un-sanitized query parameters
  res.sendFile(req.param("gimme"));
+  // BAD: same as above
+  res.sendfile(req.param("gimme"));
 });