hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Ignore calls and csrf/captcha access

Browse Source
This commit is contained in:
Asger Feldthaus
2020-01-23 15:32:05 +00:00
parent b1ec3e1bf2
commit a68bb9ffd1
2 changed files with 22 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
javascript/ql/test/query-tests/Security/CWE-352/unused_cookies.js
View File

@@ -17,4 +17,13 @@ app.post('/doSomethingElse', (req, res) => { // OK - doesn't actually use cookie
res.end('Ok');
});
app.post('/doWithCaptcha', (req, res) => { // OK - attacker can't guess the captcha value either
if (req.session['captcha'] !== req.query['captcha']) {
res.end("You guessed wrong, that 'u' was actually a 'U'. Try again.");
return;
}
somethingElse(req.query['data']);
res.end('Ok');
});
app.listen();