hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.22.1
codeql/javascript/ql/test/query-tests/Security/CWE-918/axiosInterceptors.serverSide.js
Napalys 10498bbaa4 Added support for axios.interceptors.request.
2025-03-25 10:54:56 +01:00

23 lines
502 B
JavaScript
Raw Permalink Blame History

const express = require("express");
const axios = require("axios");
const app = express();
let userProvidedUrl = "";
axios.interceptors.request.use(
function (config) {
if (userProvidedUrl) {
config.url = userProvidedUrl; // $ Alert[js/request-forgery]
}
return config;
},
error => error
);
app.post("/fetch", (req, res) => {
const { url } = req.body; // $ Source[js/request-forgery]
userProvidedUrl = url;
axios.get("placeholder");
});
Reference in New Issue View Git Blame Copy Permalink