hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added test case for axios.interceptors.request

Browse Source
This commit is contained in:
Napalys
2025-03-24 11:32:35 +01:00
parent a3c84d9feb
commit ea181e4173
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
javascript/ql/test/query-tests/Security/CWE-918/axiosInterceptors.serverSide.js Normal file
View File

@@ -0,0 +1,22 @@
const express = require("express");
const axios = require("axios");
const app = express();
let userProvidedUrl = "";
axios.interceptors.request.use(
function (config) {
if (userProvidedUrl) {
config.url = userProvidedUrl; // $ MISSING: Alert[js/request-forgery]
}
return config;
},
error => error
);
app.post("/fetch", (req, res) => {
const { url } = req.body; // $ MISSING: Source[js/request-forgery]
userProvidedUrl = url;
axios.get("placeholder");
});