hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: add tests with res.sendFile root option

Browse Source
This commit is contained in:
Asger F
2018-12-14 10:59:55 +00:00
parent c37d655fe8
commit f84301e476
2 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath.expected
View File

@@ -84,6 +84,9 @@ nodes
| tainted-require.js:7:19:7:37 | req.param("module") |
| tainted-sendFile.js:7:16:7:33 | req.param("gimme") |
| tainted-sendFile.js:9:16:9:33 | req.param("gimme") |
| tainted-sendFile.js:12:16:12:33 | req.param("gimme") |
| tainted-sendFile.js:14:16:14:33 | req.param("gimme") |
| tainted-sendFile.js:17:16:17:32 | req.param("file") |
| views.js:1:43:1:55 | req.params[0] |
edges
| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path |
@@ -188,4 +191,7 @@ edges
| tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | This path depends on $@. | tainted-require.js:7:19:7:37 | req.param("module") | a user-provided value |
| tainted-sendFile.js:7:16:7:33 | req.param("gimme") | tainted-sendFile.js:7:16:7:33 | req.param("gimme") | tainted-sendFile.js:7:16:7:33 | req.param("gimme") | This path depends on $@. | tainted-sendFile.js:7:16:7:33 | req.param("gimme") | a user-provided value |
| tainted-sendFile.js:9:16:9:33 | req.param("gimme") | tainted-sendFile.js:9:16:9:33 | req.param("gimme") | tainted-sendFile.js:9:16:9:33 | req.param("gimme") | This path depends on $@. | tainted-sendFile.js:9:16:9:33 | req.param("gimme") | a user-provided value |
| tainted-sendFile.js:12:16:12:33 | req.param("gimme") | tainted-sendFile.js:12:16:12:33 | req.param("gimme") | tainted-sendFile.js:12:16:12:33 | req.param("gimme") | This path depends on $@. | tainted-sendFile.js:12:16:12:33 | req.param("gimme") | a user-provided value |
| tainted-sendFile.js:14:16:14:33 | req.param("gimme") | tainted-sendFile.js:14:16:14:33 | req.param("gimme") | tainted-sendFile.js:14:16:14:33 | req.param("gimme") | This path depends on $@. | tainted-sendFile.js:14:16:14:33 | req.param("gimme") | a user-provided value |
| tainted-sendFile.js:17:16:17:32 | req.param("file") | tainted-sendFile.js:17:16:17:32 | req.param("file") | tainted-sendFile.js:17:16:17:32 | req.param("file") | This path depends on $@. | tainted-sendFile.js:17:16:17:32 | req.param("file") | a user-provided value |
| views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | This path depends on $@. | views.js:1:43:1:55 | req.params[0] | a user-provided value |

8
javascript/ql/test/query-tests/Security/CWE-022/tainted-sendFile.js
View File

@@ -7,4 +7,12 @@ app.get('/some/path', function(req, res) {
res.sendFile(req.param("gimme"));
// BAD: same as above
res.sendfile(req.param("gimme"));
// GOOD: ensures files cannot be accessed outside of root folder
res.sendFile(req.param("gimme"), { root: process.cwd() });
// GOOD: ensures files cannot be accessed outside of root folder
res.sendfile(req.param("gimme"), { root: process.cwd() });
// BAD: doesn't help if user controls root
res.sendFile(req.param("file"), { root: req.param("dir") });
});