hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.23.7
codeql/javascript/ql/test/query-tests/Security/CWE-918/serverSide2.js
Napalys Klicius 060b98d36c JS: enchance middleware taint tracking via local source
2025-06-17 08:30:19 +02:00

28 lines
1008 B
JavaScript
Raw Permalink Blame History

const express = require('express');
const axios = require('axios');
const qs = require('qs');
const app = express();
const PORT = 3000;
app.use((req, res, next) => {
req.parsedQueryFromParsedUrl = qs.parse(req._parsedUrl.query); // $Source[js/request-forgery]
req.parsedQuery.url = req.url || {}; // $Source[js/request-forgery]
req.SomeObject.url = req.url; // $Source[js/request-forgery]
next();
});
app.get('/proxy', async (req, res) => {
const targetUrl = req.parsedQuery.url;
const response = await axios.get(targetUrl); // $Alert[js/request-forgery]
const targetUrl1 = req.parsedQueryFromParsedUrl.url;
const response1 = await axios.get(targetUrl1); // $Alert[js/request-forgery]
const targetUrl2 = req.url || {}; // $Source[js/request-forgery]
const response2 = await axios.get(targetUrl2); // $Alert[js/request-forgery]
const targetUrl3 = req.SomeObject.url || {};
const response3 = await axios.get(targetUrl3); // $Alert[js/request-forgery]
});
Reference in New Issue View Git Blame Copy Permalink