hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
sauyon/java-spring-stringutils
codeql/javascript/ql/test/query-tests/Security/CWE-506/tst.js
Erik Krogh Kristensen ce6a211340 update inconsistency comment for CWE-506
2020-07-08 10:01:40 +02:00

14 lines
501 B
JavaScript
Raw Permalink Blame History

var totallyHarmlessString = '636f6e736f6c652e6c6f672827636f646520696e6a656374696f6e2729';
eval(Buffer.from(totallyHarmlessString, 'hex').toString()); // NOT OK: eval("console.log('code injection')")
eval(totallyHarmlessString); // OK: throws parse error
var test = "0123456789";
try {
eval(test+"n"); // OK, but currently flagged [INCONSISTENCY]
console.log("Bigints supported.");
} catch(e) {
console.log("Bigints not supported.");
}
require('babeface'); // OK
Reference in New Issue View Git Blame Copy Permalink