hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
66737402c20fc83b3d3a654dcccf4b26c901b100
codeql/javascript/ql/test/query-tests/Security/CWE-073/tst.js
Asger F 64d39da5f8 JS: Accept Sources/Sink tags
2025-02-28 13:29:30 +01:00

34 lines
944 B
JavaScript
Raw Blame History

var app = require('express')();
app.set('view engine', 'hbs');
app.use(require('body-parser').json());
app.use(require('body-parser').urlencoded({ extended: false }));
app.post('/path', function(req, res) {
var bodyParameter = req.body.bodyParameter; // $ Source
var queryParameter = req.query.queryParameter; // $ Source
res.render('template', bodyParameter); // $ Alert
res.render('template', queryParameter); // $ Alert
if (typeof bodyParameter === "string") {
res.render('template', bodyParameter);
}
res.render('template', queryParameter + "");
res.render('template', {profile: bodyParameter});
indirect(res, queryParameter);
});
function indirect(res, obj) {
res.render("template", obj); // $ Alert
const str = obj + "";
res.render("template", str);
res.render("template", JSON.parse(str)); // $ Alert
}
let routes = require('./routes');
app.post('/foo', routes.foo);
Reference in New Issue View Git Blame Copy Permalink