hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update RequestForgeryBad.js

Browse Source
This commit is contained in:
Matt Rothenberg
2022-12-02 14:03:37 +01:00
committed by GitHub
parent 2ae0c7e115
commit a453405365
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
javascript/ql/src/Security/CWE-918/examples/RequestForgeryBad.js
View File

@@ -1,8 +1,7 @@
import http from 'http';
import url from 'url';
var server = http.createServer(function(req, res) {
var target = url.parse(req.url, true).query.target;
const server = http.createServer(function(req, res) {
const target = new URL(req.url).searchParams.get("target");
// BAD: `target` is controlled by the attacker
http.get('https://' + target + ".example.com/data/", res => {