hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
sauyon/java-spring-stringutils
codeql/javascript/ql/test/query-tests/Security/CWE-200/lib/tst.js
Erik Krogh Kristensen 167239e745 add query to detect accidential leak of private files
2020-06-08 23:41:14 +02:00

11 lines
280 B
JavaScript
Raw Permalink Blame History

var express = require('express');
var path = require("path");
var app = express();
app.use('basedir', express.static(__dirname)); // BAD
const rootDir = __dirname;
app.use('basedir', express.static(rootDir)); // BAD
app.use('/monthly', express.static(__dirname + '/')); // BAD
Reference in New Issue View Git Blame Copy Permalink