hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.20.1
codeql/javascript/ql/test/query-tests/Security/CWE-730/tst.js
Asger F 699d3a0a0a JS: Update a RegExp injection test 
RegExpInjection does not use client-side sources, but one of its tests was using postMessage events
as the taint source. Updating the test to use a different taint source.
2024-08-16 14:20:34 +02:00

8 lines
180 B
JavaScript
Raw Permalink Blame History

const express = require('express');
const app = express();
app.get('/foo', (req, res) => {
let data = req.query.data;
new RegExp("^"+ data.name + "$", "i"); // NOT OK
});
Reference in New Issue View Git Blame Copy Permalink