hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
revert-4653-feature/csharp9-relational-pattern
codeql/javascript/ql/test/query-tests/Security/CWE-352/unused_cookies.js
Asger Feldthaus b98db62e82 JS: Recognize req.user a cookie access
2020-01-24 09:44:20 +00:00

40 lines
1.0 KiB
JavaScript
Raw Permalink Blame History

let express = require('express');
let cookieParser = require('cookie-parser');
let app = express();
app.use(cookieParser());
app.post('/doSomethingTerrible', (req, res) => { // NOT OK - uses cookies
if (req.cookies['secret'] === app.secret) {
somethingTerrible();
}
res.end('Ok');
});
app.post('/doSomethingElse', (req, res) => { // OK - doesn't actually use cookies
somethingElse(req.query['data']);
res.end('Ok');
});
app.post('/doWithCaptcha', (req, res) => { // OK - attacker can't guess the captcha value either
if (req.session['captcha'] !== req.query['captcha']) {
res.end("You guessed wrong, that 'u' was actually a 'U'. Try again.");
return;
}
somethingElse(req.query['data']);
res.end('Ok');
});
app.post('/user', (req, res) => { // NOT OK - access to req.user is unprotected
somethingElse(req.user.name);
res.end('Ok');
});
app.post('/session', (req, res) => { // NOT OK - access to req.session is unprotected
somethingElse(req.session.name);
res.end('Ok');
});
app.listen();
Reference in New Issue View Git Blame Copy Permalink