hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-19 14:04:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update RequestForgeryBad.js

Browse Source
This commit is contained in:
Matt Rothenberg
2022-12-02 14:17:37 +01:00
committed by GitHub
parent 7d674e7cdc
commit 95f994a82b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/Security/CWE-918/examples/RequestForgeryBad.js
View File

@@ -1,7 +1,7 @@
import http from 'http';
const server = http.createServer(function(req, res) {
const target = new URL(req.url).searchParams.get("target");
const target = new URL(req.url, "http://example.com").searchParams.get("target");
// BAD: `target` is controlled by the attacker
http.get('https://' + target + ".example.com/data/", res => {