hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added test case for escape.

Browse Source
This commit is contained in:
Napalys
2025-03-14 08:48:45 +01:00
parent a3ef137a8e
commit c4b717b86c
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.js
View File

@@ -208,3 +208,10 @@ var server = http.createServer(function(req, res) {
}
});
var srv = http.createServer(function(req, res) {
let path = url.parse(req.url, true).query.path; // $ MISSING: Source
const improperEscape = escape(path);
res.write(fs.readFileSync(improperEscape)); // $ MISSING: Alert
const improperEscape2 = unescape(path);
res.write(fs.readFileSync(improperEscape2)); // $ MISSING: Alert
});