hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
66737402c20fc83b3d3a654dcccf4b26c901b100
codeql/javascript/ql/test/query-tests/Security/CWE-352/lusca_example.js
Asger F 9be041e27d JS: Update OK-style comments to $-style
2025-02-28 13:27:28 +01:00

35 lines
1.1 KiB
JavaScript
Raw Blame History

var express = require('express')
var cookieParser = require('cookie-parser')
var bodyParser = require('body-parser')
var parseForm = bodyParser.urlencoded({ extended: false })
var lusca = require('lusca');
var app = express()
app.use(cookieParser()) // $ Alert
app.post('/process', parseForm, lusca.csrf(), function (req, res) {
let newEmail = req.cookies["newEmail"];
res.send('data is being processed')
})
app.post('/process', parseForm, lusca({csrf:true}), function (req, res) {
let newEmail = req.cookies["newEmail"];
res.send('data is being processed')
})
app.post('/process', parseForm, lusca({csrf:{}}), function (req, res) {
let newEmail = req.cookies["newEmail"];
res.send('data is being processed')
})
app.post('/process', parseForm, lusca(), function (req, res) { // missing csrf option
let newEmail = req.cookies["newEmail"];
res.send('data is being processed')
}) // $ RelatedLocation
app.post('/process_unsafe', parseForm, function (req, res) {
let newEmail = req.cookies["newEmail"];
res.send('data is being processed')
}) // $ RelatedLocation
Reference in New Issue View Git Blame Copy Permalink