hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

add [INCONSISTENCY] comment in CodeInjection test

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-07-08 09:48:12 +02:00
parent 442ee8d1cc
commit 664c5e64b4
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/NoSQLCodeInjection.js
View File

@@ -14,7 +14,7 @@ app.post("/documents/find", (req, res) => {
MongoClient.connect("mongodb://localhost:27017/test", (err, db) => {
let doc = db.collection("doc");
doc.find(query); // NOT OK, but that is flagged by js/sql-injection
doc.find(query); // NOT OK, but that is flagged by js/sql-injection [INCONSISTENCY]
doc.find({ $where: req.body.query }); // NOT OK
doc.find({ $where: "name = " + req.body.name }); // NOT OK
});