hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update qhelp for js/path-injection.

Browse Source
This commit is contained in:
Max Schaefer
2023-11-16 11:55:28 +00:00
parent 8b6a9180dc
commit d147faba4e
6 changed files with 254 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
javascript/ql/src/Security/CWE-022/examples/TaintedPath.js
View File

@@ -1,13 +1,12 @@
var fs = require('fs'),
http = require('http'),
url = require('url');
const fs = require('fs'),
http = require('http'),
url = require('url');
const ROOT = "/var/www/";
var server = http.createServer(function(req, res) {
let path = url.parse(req.url, true).query.path;
let filePath = url.parse(req.url, true).query.path;
// BAD: This could read any file on the file system
res.write(fs.readFileSync(path));
// BAD: This could still read any file on the file system
res.write(fs.readFileSync("/home/user/" + path));
});
res.write(fs.readFileSync(ROOT + filePath, 'utf8'));
});

19
javascript/ql/src/Security/CWE-022/examples/TaintedPathGood.js Normal file
View File

@@ -0,0 +1,19 @@
const fs = require('fs'),
http = require('http'),
path = require('path'),
url = require('url');
const ROOT = "/var/www/";
var server = http.createServer(function(req, res) {
let filePath = url.parse(req.url, true).query.path;
// GOOD: Verify that the file path is under the root directory
filePath = fs.realpathSync(path.resolve(ROOT, filePath));
if (!filePath.startsWith(ROOT)) {
res.statusCode = 403;
res.end();
return;
}
res.write(fs.readFileSync(filePath, 'utf8'));
});