hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4521 from erik-krogh/moreMiddle

Browse Source 
Approved by asgerf
This commit is contained in:
CodeQL CI
2020-10-20 07:14:14 -07:00
committed by GitHub
parent 17155b64f5 e061c6a006
commit 7ea8652f49
2 changed files with 41 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
javascript/ql/test/query-tests/Security/CWE-352/MissingCsrfMiddlewareGood2.js
View File

@@ -89,4 +89,31 @@ var passport = require('passport');
app.post('/changeEmail', function (req, res) {
let newEmail = req.cookies["newEmail"];
})
});
});
(function () {
var app = express()
app.use(cookieParser())
app.use(passport.authorize({ session: true }))
function checkToken(req) {
if (req.headers.xsrfToken !== req.session.xsrfToken) {
throw new Error("Halt and catch fire!")
}
}
function setCsrfToken(req, response, next) {
req.session.xsrfToken = req.csrfToken();
next();
}
app.use(checkToken);
app.post('/changeEmail', function (req, res) {
let newEmail = req.cookies["newEmail"];
});
app.use(setCsrfToken); // There is nothing wrong with setting the token late, as long as it is checked early.
});