hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into js/shared-dataflow-merge-main

Browse Source
This commit is contained in:
Asger F
2024-11-20 14:05:03 +01:00
parent 33b7ba41ca b4718792d1
commit d52bc971b8
2341 changed files with 169482 additions and 106842 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
javascript/ql/test/experimental/Security/CWE-918/check-regex.js
View File

@@ -25,7 +25,7 @@ app.get('/check-with-axios', req => {
} else {
axios.get(baseURL + req.params.tainted); // OK
}
// Blacklists are not safe
if (!req.query.tainted.match(/^[/\.%]+$/)) {
axios.get("test.com/" + req.query.tainted); // SSRF
@@ -39,8 +39,29 @@ app.get('/check-with-axios', req => {
}
axios.get("test.com/" + req.query.tainted); // OK - False Positive
if (req.query.tainted.matchAll(/^[0-9a-z]+$/g)) { // letters and numbers
axios.get("test.com/" + req.query.tainted); // OK
}
if (req.query.tainted.matchAll(/^[0-9a-z\-_]+$/g)) { // letters, numbers, - and _
axios.get("test.com/" + req.query.tainted); // OK
}
});
const isValidPath = path => path.match(/^[0-9a-z]+$/);
const isInBlackList = path => path.match(/^[/\.%]+$/);
app.get('/check-with-axios', req => {
const baseURL = "test.com/"
if (isValidPathMatchAll(req.params.tainted) ) {
axios.get(baseURL + req.params.tainted); // OK
}
if (!isValidPathMatchAll(req.params.tainted) ) {
axios.get(baseURL + req.params.tainted); // NOT OK - SSRF
} else {
axios.get(baseURL + req.params.tainted); // OK
}
});
const isValidPathMatchAll = path => path.matchAll(/^[0-9a-z]+$/g);