hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Update OK-style comments to $-style

Browse Source
This commit is contained in:
Asger F
2025-02-06 13:34:01 +01:00
parent 7e5c24a8ec
commit 9be041e27d
536 changed files with 4408 additions and 4762 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/test/query-tests/Security/CWE-352/csurf_api_example.js
View File

@@ -26,7 +26,7 @@ app.get('/form', function (req, res) {
res.render('send', { csrfToken: req.csrfToken() })
})
app.post('/process', function (req, res) { // OK
app.post('/process', function (req, res) {
let newEmail = req.cookies["newEmail"];
res.send('csrf was required to get here')
})

4
javascript/ql/test/query-tests/Security/CWE-352/csurf_example.js
View File

@@ -17,13 +17,13 @@ var app = express()
// we need this because "cookie" is true in csrfProtection
app.use(cookieParser()) // $ Alert
app.get('/form', csrfProtection, function (req, res) { // OK
app.get('/form', csrfProtection, function (req, res) {
let newEmail = req.cookies["newEmail"];
// pass the csrfToken to the view
res.render('send', { csrfToken: req.csrfToken() })
})
app.post('/process', parseForm, csrfProtection, function (req, res) { // OK
app.post('/process', parseForm, csrfProtection, function (req, res) {
let newEmail = req.cookies["newEmail"];
res.send('data is being processed')
})

2
javascript/ql/test/query-tests/Security/CWE-352/fastify.js
View File

@@ -8,7 +8,7 @@ app.register(require('fastify-csrf'));
app.route({
method: 'GET',
path: '/getter',
handler: async (req, reply) => { // OK
handler: async (req, reply) => {
return 'hello';
}
})

2
javascript/ql/test/query-tests/Security/CWE-352/fastify2.js
View File

@@ -12,7 +12,7 @@ app.register(fp(plugin));
app.route({
method: 'GET',
path: '/getter',
handler: async (req, reply) => { // OK
handler: async (req, reply) => {
return 'hello';
}
})

6
javascript/ql/test/query-tests/Security/CWE-352/lusca_example.js
View File

@@ -8,17 +8,17 @@ var lusca = require('lusca');
var app = express()
app.use(cookieParser()) // $ Alert
app.post('/process', parseForm, lusca.csrf(), function (req, res) { // OK
app.post('/process', parseForm, lusca.csrf(), function (req, res) {
let newEmail = req.cookies["newEmail"];
res.send('data is being processed')
})
app.post('/process', parseForm, lusca({csrf:true}), function (req, res) { // OK
app.post('/process', parseForm, lusca({csrf:true}), function (req, res) {
let newEmail = req.cookies["newEmail"];
res.send('data is being processed')
})
app.post('/process', parseForm, lusca({csrf:{}}), function (req, res) { // OK
app.post('/process', parseForm, lusca({csrf:{}}), function (req, res) {
let newEmail = req.cookies["newEmail"];
res.send('data is being processed')
})

2
javascript/ql/test/query-tests/Security/CWE-352/tst.js
View File

@@ -17,6 +17,6 @@ function middlewares() {
app.use(middlewares());
app.post('/safe', (req, res) => { // OK
app.post('/safe', (req, res) => {
req.cookies.x;
});