hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
revert-4653-feature/csharp9-relational-pattern
codeql/javascript/ql/test/query-tests/Security/CWE-312/build-leaks.js
Erik Krogh Kristensen 02c4a0477d add tests for js/build-artifact-leak
2020-06-12 10:21:37 +02:00

43 lines
1.1 KiB
JavaScript
Raw Permalink Blame History

const webpack = require("webpack");
var plugin = new webpack.DefinePlugin({ // NOT OK
"process.env": JSON.stringify(process.env)
});
// OK
new webpack.DefinePlugin({ 'process.env': JSON.stringify({ DEBUG: process.env.DEBUG }) })
function getEnv(env) {
const raw = Object.keys(process.env)
.reduce((env, key) => {
env[key] = process.env[key]
return env
}, {
NODE_ENV: process.env.NODE_ENV || env || 'development'
})
const stringifed = {
'process.env': Object.keys(raw).reduce((env, key) => {
env[key] = JSON.stringify(raw[key])
return env
}, {})
}
return {
raw: raw,
stringified: stringifed
}
}
new webpack.DefinePlugin(getEnv('production').stringified); // NOT OK
var https = require('https');
var url = require('url');
var server = https.createServer(function (req, res) {
let pw = url.parse(req.url, true).query.current_password;
var plugin = new webpack.DefinePlugin({ "process.env.secret": JSON.stringify(pw) }); // NOT OK
});
Reference in New Issue View Git Blame Copy Permalink