mirror of
https://github.com/github/codeql.git
synced 2025-12-18 01:33:15 +01:00
120 lines
2.7 KiB
JavaScript
120 lines
2.7 KiB
JavaScript
var express = require('express');
|
|
|
|
var app = express();
|
|
|
|
app.get('/user/:id', function(req, res) {
|
|
// OK
|
|
process.exit();
|
|
|
|
if(req.params.shutDown) { // NOT OK: depends on user input
|
|
process.exit();
|
|
}
|
|
|
|
if (req.cookies.loginThing) { // NOT OK: depends on user input
|
|
o.login();
|
|
}
|
|
|
|
if (req.cookies.loginThing) { // OK: not a sensitive action
|
|
o.getLogin();
|
|
}
|
|
|
|
// OK
|
|
process.exit();
|
|
|
|
function id(v) {
|
|
return v;
|
|
}
|
|
var v3 = id(req.cookies.cookieId);
|
|
if (v3) { // NOT OK, depends on user input
|
|
process.exit();
|
|
}
|
|
|
|
if (otherCondition) {
|
|
if (req.cookies.cookieId) { // NOT OK: depends on user input
|
|
process.exit();
|
|
}
|
|
}
|
|
|
|
if (req.cookies.cookieId) { // OK: but flagged anyway due to plain dominance analysis [INCONSISTENCY]
|
|
if (otherCondition) {
|
|
process.exit();
|
|
}
|
|
}
|
|
|
|
if(req.params.login) { // NOT OK: depends on user input
|
|
|
|
} else {
|
|
login()
|
|
}
|
|
|
|
|
|
if(req.params.login && somethingElse) { // OK: depends on something else
|
|
|
|
} else {
|
|
login()
|
|
}
|
|
|
|
if(req.params.login && somethingElse) { // NOT OK: depends on user input
|
|
login()
|
|
}
|
|
|
|
if (req.cookies.cookieId === req.params.requestId) { // NOT OK: depends on user input
|
|
process.exit();
|
|
}
|
|
|
|
var v1 = req.cookies.cookieId === req.params.requestId; // NOT OK: depends on user input
|
|
if (v1) {
|
|
process.exit();
|
|
}
|
|
|
|
function cmp(p, q) {
|
|
return p === q;
|
|
}
|
|
var v2 = cmp(req.cookies.cookieId, req.params.requestId); // NOT OK, but not detected due to flow limitations [INCONSISTENCY]
|
|
if (v2) {
|
|
process.exit();
|
|
}
|
|
|
|
if (req.cookies.cookieId === "secret") { // NOT OK: depends on user input
|
|
process.exit();
|
|
}
|
|
|
|
if (req.cookies.loginThing) {
|
|
// OK: not a sensitive action
|
|
unauthorized();
|
|
// OK: not a sensitive action
|
|
console.log(commit.author().toString());
|
|
}
|
|
});
|
|
|
|
app.get('/user/:id', function(req, res) {
|
|
if (!req.body || !username || !password || riskAssessnment == null) { // OK: early return below
|
|
res.status(400).send({ error: '...', id: '...' });
|
|
return
|
|
}
|
|
customerLogin.customerLogin(username, password, riskAssessment, clientIpAddress);
|
|
|
|
while (!verified) {
|
|
if (req.query.vulnerable) { // NOT OK
|
|
break;
|
|
}
|
|
verify();
|
|
}
|
|
|
|
while (!verified) {
|
|
if (req.query.vulnerable) { // NOT OK
|
|
break;
|
|
} else {
|
|
verify();
|
|
}
|
|
}
|
|
|
|
while (!verified) {
|
|
if (req.query.vulnerable) { // OK: early return
|
|
return;
|
|
}
|
|
verify();
|
|
}
|
|
|
|
});
|