hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
sauyon/java-spring-stringutils
codeql/javascript/ql/test/query-tests/Security/CWE-807/tst-different-kinds-comparison-bypass.js
Pavel Avgustinov b55526aa58 QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00

26 lines
654 B
JavaScript
Raw Permalink Blame History

var express = require('express');
var app = express();
app.get('/user/:id', function(req, res) {
req.query.userId == req.cookies.userId; // NOT OK
req.query.userId1 == req.query.userId2; // OK, same kind of source
req.url == req.body; // NOT OK
check(req.query.userId, req.cookies.userId);
function check(a, b) {
a == b; // NOT OK
}
// CSRF protection
req.cookies.csrf == req.query.csrf; // OK
req.cookies.csrfToken == req.query.csrfToken; // OK
req.cookies.state == req.query.state; // OK
req.cookies.authState == req.query.authState; // OK
req.cookies.token == req.query.token; // OK
});
Reference in New Issue View Git Blame Copy Permalink