hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
sauyon/java-spring-stringutils
codeql/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-access-paths.js
Erik Krogh Kristensen 926f2c139f require that a write must dominate the enclosing stmt of a read
2020-06-25 23:00:52 +02:00

35 lines
684 B
JavaScript
Raw Permalink Blame History

var fs = require('fs'),
http = require('http'),
url = require('url');
var server = http.createServer(function(req, res) {
let path = url.parse(req.url, true).query.path;
fs.readFileSync(path); // NOT OK
var obj = bla ? something() : path;
fs.readFileSync(obj.sub); // NOT OK
obj.sub = "safe";
fs.readFileSync(obj.sub); // OK
obj.sub2 = "safe";
if (random()) {
fs.readFileSync(obj.sub2); // OK
}
if (random()) {
obj.sub3 = "safe"
}
fs.readFileSync(obj.sub3); // NOT OK
obj.sub4 =
fs.readFileSync(obj.sub4) ? // NOT OK
fs.readFileSync(obj.sub4) : // NOT OK
fs.readFileSync(obj.sub4); // NOT OK
});
server.listen();
Reference in New Issue View Git Blame Copy Permalink