mirror of
https://github.com/github/codeql.git
synced 2025-12-18 01:33:15 +01:00
23 lines
623 B
JavaScript
23 lines
623 B
JavaScript
import express from 'express';
|
|
import * as pug from 'pug';
|
|
import * as jade from 'jade';
|
|
import * as dot from 'dot';
|
|
import * as ejs from 'ejs';
|
|
import * as nunjucks from 'nunjucks';
|
|
import * as lodash from 'lodash';
|
|
|
|
var app = express();
|
|
|
|
app.get('/some/path', function(req, res) {
|
|
let tainted = req.query.foo;
|
|
|
|
pug.compile(tainted); // NOT OK
|
|
pug.render(tainted); // NOT OK
|
|
jade.compile(tainted); // NOT OK
|
|
jade.render(tainted); // NOT OK
|
|
dot.template(tainted); // NOT OK
|
|
ejs.render(tainted); // NOT OK
|
|
nunjucks.renderString(tainted); // NOT OK
|
|
lodash.template(tainted); // NOT OK
|
|
});
|