hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.20.5
codeql/javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/jszip.js
amammad 5a49f6bb9b fix tests
2023-10-06 22:10:57 +02:00

44 lines
1.2 KiB
JavaScript
Raw Permalink Blame History

const jszipp = require("jszip");
const express = require('express')
const fileUpload = require("express-fileupload");
const app = express();
const port = 3000;
app.use(fileUpload());
app.listen(port, () => {
console.log(`Example app listening on port ${port}`)
});
app.post('/upload', (req, res) => {
zipBomb(req.files.zipBombFile.data)
zipBombSafe(req.files.zipBombFile.data)
res.send("OK")
});
function zipBombSafe(zipFile) {
jszipp.loadAsync(zipFile.data).then(function (zip) {
if (zip.file("10GB")["_data"]["uncompressedSize"] > 1024 * 1024 * 8) {
console.log("error")
return
}
zip.files["10GB"].async("uint8array").then(function (u8) {
console.log(u8);
});
zip.file("10GB").async("uint8array").then(function (u8) {
console.log(u8);
});
});
}
function zipBomb(zipFile) {
jszipp.loadAsync(zipFile.data).then(function (zip) {
zip.files["10GB"].async("uint8array").then(function (u8) {
console.log(u8);
});
zip.file("10GB").async("uint8array").then(function (u8) {
console.log(u8);
});
});
}
module.exports = { localZipLoad };
Reference in New Issue View Git Blame Copy Permalink