hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

initial tests

Browse Source
This commit is contained in:
Alvaro Muñoz
2022-10-13 11:32:21 +02:00
parent 2ab34c85b2
commit ea8edb8408
2 changed files with 26 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/test/library-tests/frameworks/Express/XSS.qll Normal file
View File

@@ -0,0 +1,6 @@
import javascript
import semmle.javascript.security.dataflow.ReflectedXssCustomizations
query predicate test_XSS(ReflectedXss::Sink sink, Http::ResponseSendArgument res) {
sink = res
}

22
javascript/ql/test/library-tests/frameworks/Express/src/express.js
View File

@@ -34,12 +34,12 @@ app.post('/some/other/path', function(req, res) {
app.get('/', require('./exportedHandler.js').handler);
function getHandler() {
return function (req, res){}
return function(req, res) { }
}
app.use(getHandler());
function getArrowHandler() {
return (req, res) => f();
return (req, res) => f();
}
app.use(getArrowHandler());
@@ -49,3 +49,21 @@ app.post('/headers', function(req, res) {
req.hostname;
req.headers[config.headerName];
});
app.get('/some/xss1', function(req, res) {
res.header("Content-Type", "text/html");
res.send(req.params.foo)
foo(res);
});
app.get('/some/xss2', function(req, res) {
res.header("Content-Type", "application/xml");
res.send(req.params.foo)
foo(res);
});
app.get('/some/non-xss1', function(req, res) {
res.header("Content-Type", "text/plain");
res.send(req.params.foo)
foo(res);
});