hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
1d05bccd8766c652dbb959f0b1d35cda12642f45
codeql/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-sendFile.js
Jason Reed 23d37c7167 JS: Unbreak TaintedPath
2019-02-28 15:45:26 -05:00

19 lines
630 B
JavaScript
Raw Blame History

var express = require('express');
var app = express();
app.get('/some/path', function(req, res) {
// BAD: sending a file based on un-sanitized query parameters
res.sendFile(req.param("gimme"));
// BAD: same as above
res.sendfile(req.param("gimme"));
// GOOD: ensures files cannot be accessed outside of root folder
res.sendFile(req.param("gimme"), { root: process.cwd() });
// GOOD: ensures files cannot be accessed outside of root folder
res.sendfile(req.param("gimme"), { root: process.cwd() });
// BAD: doesn't help if user controls root
res.sendFile(req.param("file"), { root: req.param("dir") });
});
Reference in New Issue View Git Blame Copy Permalink