hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.21.0
codeql/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/examples/TaintedPath.js
Asger F 64d39da5f8 JS: Accept Sources/Sink tags
2025-02-28 13:29:30 +01:00

11 lines
382 B
JavaScript
Raw Permalink Blame History

const fs = require('fs'),
http = require('http'),
url = require('url');
const ROOT = "/var/www/";
var server = http.createServer(function(req, res) {
let filePath = url.parse(req.url, true).query.path; // $ Source
res.write(fs.readFileSync(ROOT + filePath, 'utf8')); // $ Alert - This function uses unsanitized input that can read any file on the file system.
});
Reference in New Issue View Git Blame Copy Permalink