hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.20.4
codeql/javascript/ql/test/experimental/Security/CWE-942/apollo-test.js
Maiky 07ad596f77 Add coverage for express
2023-10-16 16:48:32 +02:00

28 lines
711 B
JavaScript
Raw Permalink Blame History

import { ApolloServer } from 'apollo-server';
var https = require('https'),
url = require('url');
var server = https.createServer(function () { });
server.on('request', function (req, res) {
let user_origin = url.parse(req.url, true).query.origin;
// BAD: CORS too permissive
const server_1 = new ApolloServer({
cors: { origin: true }
});
// GOOD: restrictive CORS
const server_2 = new ApolloServer({
cors: false
});
// BAD: CORS too permissive
const server_3 = new ApolloServer({
cors: { origin: null }
});
// BAD: CORS is controlled by user
const server_4 = new ApolloServer({
cors: { origin: user_origin }
});
});
Reference in New Issue View Git Blame Copy Permalink