hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2dd862661bfa62080e68f4ac8281da5d901b6986
codeql/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/tst2.js
Erik Krogh Kristensen 0adc001df0 add taint-step for serialize-javascript
2021-06-06 22:48:53 +02:00

52 lines
946 B
JavaScript
Raw Blame History

var express = require('express');
var app = express();
app.get('/user/:id', function(req, res) {
let { p, q: r } = req.params;
res.send(p); // NOT OK
res.send(r); // NOT OK
});
const aKnownValue = "foo";
app.get('/bar', function(req, res) {
let { p } = req.params;
if (p == aKnownValue)
res.send(p); // OK
res.send(p); // NOT OK
if (p != aKnownValue)
res.send(p); // NOT OK
else
res.send(p); // OK
});
const clone = require('clone');
app.get('/baz', function(req, res) {
let { p } = req.params;
var obj = {};
obj.p = p;
var other = clone(obj);
res.send(p); // NOT OK
res.send(other.p); // NOT OK
});
const serializeJavaScript = require('serialize-javascript');
app.get('/baz', function(req, res) {
let { p } = req.params;
var serialized = serializeJavaScript(p);
res.send(serialized); // OK
var unsafe = serializeJavaScript(p, {unsafe: true});
res.send(unsafe); // NOT OK
});
Reference in New Issue View Git Blame Copy Permalink