hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
sauyon/java-spring-stringutils
codeql/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjectionExitGood.js
Erik Krogh Kristensen 9dc9adda64 fix capitalization in test case 
Co-Authored-By: shati-patel <42641846+shati-patel@users.noreply.github.com>
2019-09-13 14:54:18 +01:00

58 lines
990 B
JavaScript
Raw Permalink Blame History

var express = require('express');
var router = new express.Router();
var rootRoute = router.route('foobar');
var _ = require("lodash");
rootRoute.post(function (req, res) {
breaks(req.body);
throws(req.body);
returns(req.body);
lodashThrow(req.body);
});
function breaks(val) {
var ret = [];
for (var i = 0; i < val.length; i++) { // OK
if (val[i] == null) {
break; // Prevents DoS.
}
ret.push(val[i]);
}
}
function throws(val) {
var ret = [];
for (var i = 0; i < val.length; i++) { // OK
if (val[i] == null) {
throw 2; // Prevents DoS.
}
ret.push(val[i]);
}
}
// The obvious null-pointer detection should not hit this one.
function returns(val) {
var ret = [];
for (var i = 0; i < val.length; i++) { // OK
if (val[i] == null) {
return 2; // Prevents DoS.
}
ret.push(val[i]);
}
}
function lodashThrow(val) {
_.map(val, function (e) { // OK
if (!e) {
throw new Error(); // Prevents DoS.
}
})
}
Reference in New Issue View Git Blame Copy Permalink