hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Remove duplicate '$ Alert' in libxml test

Browse Source
This commit is contained in:
Asger F
2025-03-10 14:21:26 +01:00
parent 6a47678b60
commit 75ed0d0b46
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/test/query-tests/Security/CWE-611/libxml.noent.js
View File

@@ -2,14 +2,14 @@ const express = require('express');
const libxmljs = require('libxmljs');
express().get('/some/path', function (req) {
libxmljs.parseXml(req.param("some-xml"), { noent: true }); // $ Alert // $ Alert - unguarded entity expansion
libxmljs.parseXml(req.param("some-xml"), { noent: true }); // $ Alert - unguarded entity expansion
});
express().post('/some/path', function (req, res) {
libxmljs.parseXml(req.param("some-xml"), { noent: true }); // $ Alert // $ Alert - unguarded entity expansion
libxmljs.parseXml(req.param("some-xml"), { noent: true }); // $ Alert - unguarded entity expansion
libxmljs.parseXmlString(req.param("some-xml"), { noent: true }) // $ Alert // $ Alert - unguarded entity expansion
libxmljs.parseXmlString(req.files.products.data.toString('utf8'), { noent: true })// $ Alert // $ Alert - unguarded entity expansion
libxmljs.parseXmlString(req.param("some-xml"), { noent: true }) // $ Alert - unguarded entity expansion
libxmljs.parseXmlString(req.files.products.data.toString('utf8'), { noent: true })// $ Alert - unguarded entity expansion
// OK - no entity expansion
libxmljs.parseXmlString(req.files.products.data.toString('utf8'), { noent: false })