hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9718 from asgerf/js/case-sensitive-middleware

Browse Source 
JS: Add 'case sensitive middleware' query
This commit is contained in:
Asger F
2022-07-14 10:47:58 +02:00
committed by GitHub
parent 43a82004b2 18c5a8c8da
commit 855d4c2ea1
11 changed files with 306 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/test/query-tests/Security/CWE-178/CaseSensitiveMiddlewarePath.expected Normal file
View File

@@ -0,0 +1,3 @@
| tst.js:8:9:8:19 | /\\/foo\\/.*/ | This route uses a case-sensitive path $@, but is guarding a case-insensitive path $@. A path such as '/FOO/' will bypass the middleware. | tst.js:8:9:8:19 | /\\/foo\\/.*/ | pattern | tst.js:60:1:61:2 | app.get ... ware\\n}) | here |
| tst.js:14:5:14:28 | new Reg ... (.*)?') | This route uses a case-sensitive path $@, but is guarding a case-insensitive path $@. A path such as '/FOO' will bypass the middleware. | tst.js:14:5:14:28 | new Reg ... (.*)?') | pattern | tst.js:60:1:61:2 | app.get ... ware\\n}) | here |
| tst.js:41:9:41:25 | /\\/foo\\/([0-9]+)/ | This route uses a case-sensitive path $@, but is guarding a case-insensitive path $@. A path such as '/FOO/' will bypass the middleware. | tst.js:41:9:41:25 | /\\/foo\\/([0-9]+)/ | pattern | tst.js:60:1:61:2 | app.get ... ware\\n}) | here |

1
javascript/ql/test/query-tests/Security/CWE-178/CaseSensitiveMiddlewarePath.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE-178/CaseSensitiveMiddlewarePath.ql

9
javascript/ql/test/query-tests/Security/CWE-178/charclass.js Normal file
View File

@@ -0,0 +1,9 @@
const express = require('express');
const app = express();
app.get(/\/[a-zA-Z]+/, (req, res, next) => { // OK - regexp term is case insensitive
next();
});
app.get('/foo', (req, res) => {
});

61
javascript/ql/test/query-tests/Security/CWE-178/tst.js Normal file
View File

@@ -0,0 +1,61 @@
const express = require('express');
const app = express();
const unknown = require('~something/blah');
app.all(/\/.*/, unknown()); // OK - does not contain letters
app.all(/\/.*/i, unknown()); // OK
app.all(/\/foo\/.*/, unknown()); // NOT OK
app.all(/\/foo\/.*/i, unknown()); // OK - case insensitive
app.use(/\/x\/#\d{6}/, express.static('images/')); // OK - not a middleware
app.get(
new RegExp('^/foo(.*)?'), // NOT OK - case sensitive
unknown(),
function(req, res, next) {
if (req.params.blah) {
next();
}
}
);
app.get(
new RegExp('^/foo(.*)?', 'i'), // OK - case insensitive
unknown(),
function(req, res, next) {
if (req.params.blah) {
next();
}
}
);
app.get(
new RegExp('^/foo(.*)?'), // OK - not a middleware
unknown(),
function(req,res) {
res.send('Hello World!');
}
);
app.use(/\/foo\/([0-9]+)/, (req, res, next) => { // NOT OK - case sensitive
unknown(req);
next();
});
app.use(/\/foo\/([0-9]+)/i, (req, res, next) => { // OK - case insensitive
unknown(req);
next();
});
app.use(/\/foo\/([0-9]+)/, (req, res) => { // OK - not middleware
unknown(req, res);
});
app.use(/\/foo\/([0-9]+)/i, (req, res) => { // OK - not middleware (also case insensitive)
unknown(req, res);
});
app.get('/foo/:param', (req, res) => { // OK - not a middleware
});