hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Update koa testcase

Browse Source
This commit is contained in:
Asger F
2019-11-22 12:27:15 +00:00
parent b407de01f8
commit bbb6dad726
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/koa.js
View File

@@ -1,5 +1,5 @@
const Koa = require('koa');
const url = require('url');
const urlLib = require('url');
const app = new Koa();
app.use(async ctx => {
@@ -7,14 +7,14 @@ app.use(async ctx => {
ctx.redirect(url); // NOT OK
ctx.redirect(`${url}${x}`); // NOT OK
var isCrossDomainRedirect = url.parse(url || '', false, true).hostname;
var isCrossDomainRedirect = urlLib.parse(url || '', false, true).hostname;
if(!url || isCrossDomainRedirect) {
ctx.redirect('/'); // OK
} else {
ctx.redirect(url); // NOT OK
}
if(!url || isCrossDomainRedirect || ! url.match(VALID)) {
if(!url || isCrossDomainRedirect || url.match(/[^\w/-]/)) {
ctx.redirect('/'); // OK
} else {
ctx.redirect(url); // OK