hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
530b29ccdfb42bcb8173f270e2f89d76bc20c2bc
codeql/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/lib/index.js
Erik Krogh Kristensen f71a64b99d recognize when the js engine in gray-matter is set to something safe
2022-06-30 09:00:10 +02:00

36 lines
695 B
JavaScript
Raw Blame History

export function unsafeDeserialize(data) {
return eval("(" + data + ")"); // NOT OK
}
export function unsafeGetter(obj, name) {
return eval("obj." + name); // NOT OK
}
export function safeAssignment(obj, value) {
eval("obj.foo = " + JSON.stringify(value)); // OK
}
global.unsafeDeserialize = function (data) {
return eval("(" + data + ")"); // NOT OK
}
const matter = require("gray-matter");
export function greySink(data) {
const str = `
---js
${data}
---
`
const res = matter(str);
console.log(res);
matter(str, { // OK
engines: {
js: function (data) {
console.log("NOPE");
}
}
});
}
Reference in New Issue View Git Blame Copy Permalink