hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added test case for fastify.all

Browse Source
This commit is contained in:
Napalys Klicius
2025-04-30 14:50:35 +02:00
parent 8ebbfb198e
commit 6d61766366
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/fastify.js
View File

@@ -101,3 +101,10 @@ fastify.get('/flow-through-reply', async (request, reply) => {
}
return { result: null };
});
fastify.all('/eval', async (request, reply) => {
const userInput = request.query.code; // $ MISSING: Source[js/code-injection]
const result = eval(userInput); // $ MISSING: Alert[js/code-injection]
const replyResult = eval(reply.locals.nestedCode); // $ MISSING: Alert[js/code-injection]
return { method: request.method, result };
});