mirror of
https://github.com/github/codeql.git
synced 2025-12-17 09:13:20 +01:00
35 lines
625 B
JavaScript
35 lines
625 B
JavaScript
const fastify = require('fastify')
|
|
|
|
const app = fastify();
|
|
|
|
app.register(require('fastify-cookie')); // $ Alert
|
|
app.register(require('fastify-csrf'));
|
|
|
|
app.route({
|
|
method: 'GET',
|
|
path: '/getter',
|
|
handler: async (req, reply) => {
|
|
return 'hello';
|
|
}
|
|
})
|
|
|
|
// unprotected route
|
|
app.route({
|
|
method: 'POST',
|
|
path: '/',
|
|
handler: async (req, reply) => { // lacks CSRF protection
|
|
req.session.blah;
|
|
return req.body
|
|
} // $ RelatedLocation
|
|
})
|
|
|
|
|
|
app.route({
|
|
method: 'POST',
|
|
path: '/',
|
|
onRequest: app.csrfProtection,
|
|
handler: async (req, reply) => { // OK - has CSRF protection
|
|
return req.body
|
|
}
|
|
})
|