hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
rc/1.24
codeql/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/express.js
Asger F bc3b983768 JS: move CodeInjection tests into subfolder
2018-11-20 14:24:37 +00:00

14 lines
396 B
JavaScript
Raw Permalink Blame History

var express = require('express');
var app = express();
app.get('/some/path', function(req, res) {
// NOT OK
var f = new Function("return wibbles[" + req.param("wobble") + "];");
// NOT OK
require("vm").runInThisContext("return wibbles[" + req.param("wobble") + "];");
var runC = require("vm").runInNewContext;
// NOT OK
runC("return wibbles[" + req.param("wobble") + "];");
});
Reference in New Issue View Git Blame Copy Permalink