hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added inline test expectations for cors permissive config

Browse Source
This commit is contained in:
Napalys Klicius
2025-07-30 10:42:55 +00:00
parent 92daa7d42c
commit 95743d7109
3 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/test/query-tests/Security/CWE-942/CorsPermissiveConfiguration.qlref
View File

@@ -1 +1,2 @@
Security/CWE-942/CorsPermissiveConfiguration.ql
query: Security/CWE-942/CorsPermissiveConfiguration.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql

8
javascript/ql/test/query-tests/Security/CWE-942/apollo-test.js
View File

@@ -5,10 +5,10 @@ var https = require('https'),
var server = https.createServer(function () { });
server.on('request', function (req, res) {
let user_origin = url.parse(req.url, true).query.origin;
let user_origin = url.parse(req.url, true).query.origin; // $ Source
// BAD: CORS too permissive
const server_1 = new ApolloServer({
cors: { origin: true }
cors: { origin: true } // $ Alert
});
// GOOD: restrictive CORS
@@ -18,11 +18,11 @@ server.on('request', function (req, res) {
// BAD: CORS too permissive
const server_3 = new ApolloServer({
cors: { origin: null }
cors: { origin: null } // $ Alert
});
// BAD: CORS is controlled by user
const server_4 = new ApolloServer({
cors: { origin: user_origin }
cors: { origin: user_origin } // $ Alert
});
});

6
javascript/ql/test/query-tests/Security/CWE-942/express-test.js
View File

@@ -7,7 +7,7 @@ var https = require('https'),
var server = https.createServer(function () { });
server.on('request', function (req, res) {
let user_origin = url.parse(req.url, true).query.origin;
let user_origin = url.parse(req.url, true).query.origin; // $ Source
// BAD: CORS too permissive, default value is *
var app1 = express();
@@ -23,14 +23,14 @@ server.on('request', function (req, res) {
// BAD: CORS too permissive
var app3 = express();
var corsOption3 = {
origin: '*'
origin: '*' // $ Alert
};
app3.use(cors(corsOption3));
// BAD: CORS is controlled by user
var app4 = express();
var corsOption4 = {
origin: user_origin
origin: user_origin // $ Alert
};
app4.use(cors(corsOption4));
});