hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
sauyon/java-spring-stringutils
codeql/javascript/ql/test/query-tests/Security/CWE-073/tst.js
Erik Krogh Kristensen caf1dbdc46 move TemplateObjectInjection out of experimental
2021-03-09 11:29:45 +01:00

28 lines
770 B
JavaScript
Raw Permalink Blame History

var app = require('express')();
app.set('view engine', 'hbs');
app.post('/path', function(req, res) {
var bodyParameter = req.body.bodyParameter;
var queryParameter = req.query.queryParameter;
res.render('template', bodyParameter); // NOT OK
res.render('template', queryParameter); // NOT OK
if (typeof bodyParameter === "string") {
res.render('template', bodyParameter); // OK
}
res.render('template', queryParameter + ""); // OK
res.render('template', {profile: bodyParameter}); // OK
indirect(res, queryParameter);
});
function indirect(res, obj) {
res.render("template", obj); // NOT OK
const str = obj + "";
res.render("template", str); // OK
res.render("template", JSON.parse(str)); // NOT OK
}
Reference in New Issue View Git Blame Copy Permalink