hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
revert-4653-feature/csharp9-relational-pattern
codeql/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjectionBad.js
Erik Krogh Kristensen 45b6906a0d move comments to match alert location for CWE-834
2020-07-08 10:16:04 +02:00

57 lines
1.0 KiB
JavaScript
Raw Permalink Blame History

'use strict';
var express = require('express');
var router = new express.Router();
var rootRoute = router.route('foobar');
rootRoute.post(function(req, res) {
problem(req.body);
whileLoop(req.body);
useLengthIndirectly(req.body);
noNullPointer(req.body);
});
function problem(val) {
var ret = [];
for (var i = 0; i < val.length; i++) { // NOT OK!
ret.push(val[i]);
}
}
function whileLoop(val) {
var ret = [];
var i = 0;
while (i < val.length) { // NOT OK!
ret.push(val[i]);
i++;
}
}
function useLengthIndirectly(val) {
var ret = [];
var len = val.length; // NOT OK!
for (var i = 0; i < len; i++) {
ret.push(val[i]);
}
}
// The obvious null-pointer detection should not hit this one.
function noNullPointer(val) {
var ret = [];
const c = 0;
for (var i = 0; i < val.length; i++) { // NOT OK!
// Constantly accessing element 0, therefore not guaranteed null-pointer.
ret.push(val[c].foo);
}
}
Reference in New Issue View Git Blame Copy Permalink