hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
z80coder/query-pack-release-candidate-2
codeql/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath-es6.js
Jason Reed 23d37c7167 JS: Unbreak TaintedPath
2019-02-28 15:45:26 -05:00

12 lines
332 B
JavaScript
Raw Permalink Blame History

import { readFileSync } from 'fs';
import { createServer } from 'http';
import { parse } from 'url';
import { join } from 'path';
var server = createServer(function(req, res) {
let path = parse(req.url, true).query.path;
// BAD: This could read any file on the file system
res.write(readFileSync(join("public", path)));
});
Reference in New Issue View Git Blame Copy Permalink