hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
66737402c20fc83b3d3a654dcccf4b26c901b100
codeql/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.js
Asger F e8c5e4d006 Merge branch 'main' into js/test-suite
2025-03-11 13:17:08 +01:00

125 lines
3.5 KiB
JavaScript
Raw Blame History

var express = require('express');
var app = express();
app.get('/user/:id', function(req, res) {
if (!isValidUserId(req.params.id)) {
res.send("Unknown user: " + req.params.id); // $ Alert - a request parameter is incorporated without validation into the response
moreBadStuff(req.params, res);
} else {
// TODO: do something exciting
;
}
});
function moreBadStuff(params, res) {
res.send("Unknown user: " + params.id); // $ Alert
}
var marked = require("marked");
app.get('/user/:id', function(req, res) {
res.send(req.body); // $ Alert
res.send(marked(req.body)); // $ Alert
});
var table = require('markdown-table')
app.get('/user/:id', function(req, res) {
res.send(req.body); // $ Alert
var mytable = table([
['Name', 'Content'],
['body', req.body] // $ Source
]);
res.send(mytable); // $ Alert
});
var showdown = require('showdown');
var converter = new showdown.Converter();
app.get('/user/:id', function(req, res) {
res.send(req.body); // $ Alert
res.send(converter.makeHtml(req.body)); // $ Alert
});
var unified = require('unified');
var markdown = require('remark-parse');
var remark2rehype = require('remark-rehype');
var doc = require('rehype-document');
var format = require('rehype-format');
var html = require('rehype-stringify');
var remark = require("remark");
var sanitize = require("rehype-sanitize");
const { resetExtensions } = require('showdown');
app.get('/user/:id', function (req, res) {
res.send(req.body); // $ Alert
unified()
.use(markdown)
.use(remark2rehype)
.use(doc, { title: '👋🌍' })
.use(format)
.use(html)
.process(req.body, function (err, file) { // $ Source
res.send(file); // $ Alert
});
res.send(remark().processSync(req.body).toString()); // $ Alert
res.send(remark().use(sanitize).processSync(req.body).toString());
res.send(unified().use(markdown).processSync(req.body).toString); // $ Alert
remark().process(req.body, (e, f) => { // $ Source
res.send(f); // $ Alert
})
});
import snarkdown from 'snarkdown';
var snarkdown2 = require("snarkdown");
app.get('/user/:id', function (req, res) {
res.send(req.body); // $ Alert
res.send(snarkdown(req.body)); // $ Alert
res.send(snarkdown2(req.body)); // $ Alert
});
const markdownIt = require('markdown-it')({
html: true
});
const markdownIt2 = require('markdown-it')({});
const markdownIt3 = require('markdown-it')({html: true})
.use(require('markdown-it-highlightjs'));
app.get('/user/:id', function (req, res) {
res.send(req.body); // $ Alert
res.send(markdownIt.render(req.body)); // $ Alert
res.send(markdownIt2.render(req.body)); // OK - no html
res.send(markdownIt3.render(req.body)); // $ Alert
res.send(markdownIt.use(require('markdown-it-sanitizer')).render(req.body)); // OK - HTML is sanitized.
res.send(markdownIt.use(require('markdown-it-abbr')).use(unknown).render(req.body)); // $ Alert
});
var Hapi = require('hapi');
var hapi = new Hapi.Server();
hapi.route({
handler: function (request){
return request.query.p; // $ Alert
}});
app.get("invalid/keys/:id", async (req, res) => {
const { keys: queryKeys } = req.query; // $ Source
const paramKeys = req.params;
const keys = queryKeys || paramKeys?.keys; // $ Source
const keyArray = typeof keys === 'string' ? [keys] : keys;
const invalidKeys = keyArray.filter(key => !whitelist.includes(key));
if (invalidKeys.length) {
res.status(400).send(`${invalidKeys.join(', ')} not in whitelist`); // $ Alert
return;
}
});
Reference in New Issue View Git Blame Copy Permalink