hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
66737402c20fc83b3d3a654dcccf4b26c901b100
codeql/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-require.js
Asger F 9be041e27d JS: Update OK-style comments to $-style
2025-02-28 13:27:28 +01:00

16 lines
563 B
JavaScript
Raw Blame History

var express = require('express');
var app = express();
app.get('/some/path', function(req, res) {
var m = require(req.param("module")); // $ Alert - loading a module based on un-sanitized query parameters
});
const resolve = require("resolve");
app.get('/some/path', function(req, res) {
var module = resolve.sync(req.param("module")); // $ Alert - resolving module based on query parameters
resolve(req.param("module"), { basedir: __dirname }, function(err, res) { // $ Alert - resolving module based on query parameters
var module = res;
});
});
Reference in New Issue View Git Blame Copy Permalink