hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add test case with encodeURI for request forgery

Browse Source
This commit is contained in:
Napalys Klicius
2025-06-13 11:15:16 +02:00
parent 55eb9fb838
commit deb715a517
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/test/query-tests/Security/CWE-918/serverSide.js
View File

@@ -141,4 +141,8 @@ var server2 = http.createServer(function(req, res) {
axios.get(target.toString()); // $Alert[js/request-forgery]
axios.get(target); // $Alert[js/request-forgery]
axios.get(target.href); // $Alert[js/request-forgery]
const encodedUrl = encodeURI(input);
axios.get(encodedUrl); // $MISSING:Alert[js/request-forgery]
const escapedUrl = escape(input);
axios.get(escapedUrl); // $MISSING:Alert[js/request-forgery]
});