hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
cs/assembly-prefix
codeql/javascript/ql/test/query-tests/Security/CWE-079/formatting.js
Esben Sparre Andreasen bbdf6b0f1d JS: mark PrintfStyleCall as a taint step
2018-08-21 09:02:35 +02:00

9 lines
317 B
JavaScript
Raw Permalink Blame History

var express = require('express');
express().get('/user/', function(req, res) {
var evil = req.query.evil;
res.send(console.log("<div>%s</div>", evil)); // OK (returns undefined)
res.send(util.format("<div>%s</div>", evil)); // NOT OK
res.send(require("printf")("<div>%s</div>", evil)); // NOT OK
});
Reference in New Issue View Git Blame Copy Permalink