hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-16 06:53:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
61bd8682dfc8092940eddedfc8a11b7fd7e91c73
codeql/javascript/ql/test/query-tests/Security/CWE-094/angularjs.js
Pavel Avgustinov b55526aa58 QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00

67 lines
2.3 KiB
JavaScript
Raw Blame History

angular.module('myModule', [])
.controller('MyController', function($scope) {
$scope.$on(document.cookie); // OK
})
.controller('MyController', function($scope) {
$scope.$apply('hello'); // OK
})
.controller('MyController', function($scope) {
var scope = $scope;
scope.$apply(document.cookie); // BAD
})
.controller('MyController', function($scope) {
$scope.$apply(document.cookie); // BAD
})
.controller('MyController', function($scope) {
$scope.$applyAsync(document.cookie); // BAD
})
.controller('MyController', function($scope) {
$scope.$eval(document.cookie); // BAD
})
.controller('MyController', function($scope) {
$scope.$evalAsync(document.cookie); // BAD
})
.controller('MyController', function($scope) {
$scope.$watch(document.cookie); // BAD
})
.controller('MyController', function($scope) {
$scope.$watchCollection(document.cookie); // BAD
})
.controller('MyController', function($scope) {
$scope.$watchGroup(document.cookie); // BAD
})
.controller('MyController', function($compile) {
$compile(document.cookie); // BAD
})
.controller('MyController', function($compile) {
$compile('hello'); // OK
})
.controller('MyController', function($compile) {
$compile(document.cookie); // BAD
})
.controller('MyController', function($compile) {
var compile = $compile;
compile(document.cookie); // BAD
})
.controller('MyController', function($parse) {
$parse(document.cookie); // BAD
})
.controller('MyController', function($interpolate) {
$interpolate(document.cookie); // BAD
})
.controller('MyController', function($filter) {
$filter('orderBy')([], document.cookie); // BAD
})
.controller('MyController', function($filter) {
$filter('orderBy')([], 'hello'); // OK
})
.controller('MyController', function($filter) {
$filter('random')([], document.cookie); // OK
})
.controller('MyController', function($someService) {
$someService('orderBy')([], document.cookie); // OK
})
.controller('MyController', function($someService) {
$someService(document.cookie); // OK
})
Reference in New Issue View Git Blame Copy Permalink