mirror of
https://github.com/github/codeql.git
synced 2025-12-17 17:23:36 +01:00
bdfe938d02
It now also flags exposure of the entire exception object (not just the `stack` property).
19 lines
456 B
JavaScript
19 lines
456 B
JavaScript
var http = require('http');
|
|
|
|
http.createServer(function onRequest(req, res) {
|
|
try {
|
|
throw new Error();
|
|
} catch (e) {
|
|
res.end(e); // NOT OK
|
|
fail(res, e);
|
|
res.end(e.message); // OK
|
|
res.end("Caught exception " + e); // OK
|
|
res.end(e.toString()); // OK
|
|
res.end(`Caught exception ${e}.`); // OK
|
|
}
|
|
});
|
|
|
|
function fail(res, e) {
|
|
res.end(e.stack); // NOT OK
|
|
}
|