hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
rc/1.24
codeql/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjectionBad.js
Erik Krogh Kristensen 3fb64abb09 fix consistency and spelling in the documentation 
suggestions from the documentation team

Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
2019-09-13 14:52:11 +01:00

57 lines
1.0 KiB
JavaScript
Raw Permalink Blame History

'use strict';
var express = require('express');
var router = new express.Router();
var rootRoute = router.route('foobar');
rootRoute.post(function(req, res) {
problem(req.body);
whileLoop(req.body);
useLengthIndirectly(req.body);
noNullPointer(req.body);
});
function problem(val) {
var ret = [];
for (var i = 0; i < val.length; i++) { // NOT OK!
ret.push(val[i]);
}
}
function whileLoop(val) {
var ret = [];
var i = 0;
while (i < val.length) { // NOT OK!
ret.push(val[i]);
i++;
}
}
function useLengthIndirectly(val) {
var ret = [];
var len = val.length;
for (var i = 0; i < len; i++) { // NOT OK!
ret.push(val[i]);
}
}
// The obvious null-pointer detection should not hit this one.
function noNullPointer(val) {
var ret = [];
const c = 0;
for (var i = 0; i < val.length; i++) { // NOT OK!
// Constantly accessing element 0, therefore not guaranteed null-pointer.
ret.push(val[c].foo);
}
}
Reference in New Issue View Git Blame Copy Permalink