hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add DeepResourceExhaustion test

Browse Source
This commit is contained in:
Asger Feldthaus
2021-03-02 13:56:28 +00:00
parent 88e5348da9
commit 6e0322dc60
3 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/test/query-tests/Security/CWE-400/DeepObjectResourceExhaustion/DeepObjectResourceExhaustion.expected Normal file
View File

@@ -0,0 +1,8 @@
nodes
| tst.js:9:29:9:36 | req.body |
| tst.js:9:29:9:36 | req.body |
| tst.js:9:29:9:36 | req.body |
edges
| tst.js:9:29:9:36 | req.body | tst.js:9:29:9:36 | req.body |
#select
| tst.js:9:29:9:36 | req.body | tst.js:9:29:9:36 | req.body | tst.js:9:29:9:36 | req.body | Denial of service caused by processing user input from $@ with $@. | tst.js:9:29:9:36 | req.body | here | tst.js:4:21:4:35 | allErrors: true | allErrors: true |

1
javascript/ql/test/query-tests/Security/CWE-400/DeepObjectResourceExhaustion/DeepObjectResourceExhaustion.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE-400/DeepObjectResourceExhaustion.ql

12
javascript/ql/test/query-tests/Security/CWE-400/DeepObjectResourceExhaustion/tst.js Normal file
View File

@@ -0,0 +1,12 @@
import express from 'express';
import Ajv from 'ajv';
let ajv = new Ajv({ allErrors: true });
ajv.addSchema(require('./input-schema'), 'input');
var app = express();
app.get('/user/:id', function(req, res) {
if (!ajv.validate('input', req.body)) { // NOT OK
return;
}
});