hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
z80coder/query-pack-release-candidate-2
codeql/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-require.js
Erik Krogh Kristensen 5961dd1459 add another test for the resolve library
2021-06-06 22:54:12 +02:00

17 lines
558 B
JavaScript
Raw Permalink Blame History

var express = require('express');
var app = express();
app.get('/some/path', function(req, res) {
// BAD: loading a module based on un-sanitized query parameters
var m = require(req.param("module"));
});
const resolve = require("resolve");
app.get('/some/path', function(req, res) {
var module = resolve.sync(req.param("module")); // NOT OK - resolving module based on query parameters
resolve(req.param("module"), { basedir: __dirname }, function(err, res) { // NOT OK - resolving module based on query parameters
var module = res;
});
});
Reference in New Issue View Git Blame Copy Permalink