hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
yo-h/java15
codeql/javascript/ql/test/query-tests/Security/CWE-643/tst.js
Pavel Avgustinov b55526aa58 QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00

13 lines
350 B
JavaScript
Raw Permalink Blame History

const express = require('express');
const xpath = require('xpath');
const app = express();
app.get('/some/route', function(req, res) {
let tainted = req.param("userName");
xpath.parse(tainted); // NOT OK
xpath.select(tainted); // NOT OK
xpath.select1(tainted); // NOT OK
let expr = xpath.useNamespaces(map);
expr(tainted); // NOT OK
});
Reference in New Issue View Git Blame Copy Permalink