hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 08:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added matchAll test which is not marked as vulnurability by CodeQL

Browse Source
This commit is contained in:
Napalys
2024-11-07 13:09:15 +01:00
parent 514375dbf9
commit a4fe728af2
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/test/query-tests/Security/CWE-117/logInjectionBad.js
View File

@@ -116,4 +116,10 @@ const server4 = http.createServer((req, res) => {
});
server.start();
}
});
});
const serverMatchAll = http.createServer((req, res) => {
let username = url.parse(req.url, true).query.username;
let otherStr = username.matchAll(/.*/g)[0]; // BAD - this is suppose to be cought by Taint Tracking, works for match but not matchAll
console.log(otherStr);
});