mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
37 lines
760 B
JavaScript
37 lines
760 B
JavaScript
const express = require('express');
|
|
const { graphql, buildSchema } = require('graphql');
|
|
|
|
const app = express();
|
|
app.use(express.json());
|
|
|
|
const schema = buildSchema(`
|
|
type Query {
|
|
greet(name: String!): String
|
|
calc(expr: String!): String
|
|
}
|
|
`);
|
|
|
|
const root = {
|
|
greet: ({ name }) => {
|
|
return `Hello, ${name}!`;
|
|
},
|
|
calc: ({ expr }) => {
|
|
try {
|
|
return eval(expr).toString(); // $ Alert[js/code-injection]
|
|
} catch (e) {
|
|
return `Error: ${e.message}`;
|
|
}
|
|
}
|
|
};
|
|
|
|
app.post('/graphql', async (req, res) => {
|
|
const { query, variables } = req.body; // $ Source[js/code-injection]
|
|
const result = await graphql({
|
|
schema,
|
|
source: query,
|
|
rootValue: root,
|
|
variableValues: variables
|
|
});
|
|
res.json(result);
|
|
});
|