mirror of
https://github.com/github/codeql.git
synced 2025-12-17 17:23:36 +01:00
31 lines
1.0 KiB
JavaScript
31 lines
1.0 KiB
JavaScript
const os = require('os');
|
|
const uuid = require('node-uuid');
|
|
const fs = require('fs');
|
|
const path = require('path');
|
|
|
|
(function main() {
|
|
var tmpLocation = path.join(
|
|
os.tmpdir ? os.tmpdir() : os.tmpDir(), // $ Source
|
|
'something',
|
|
uuid.v4().slice(0, 8)
|
|
);
|
|
|
|
fs.writeFileSync(tmpLocation, content); // $ Alert
|
|
|
|
var tmpPath = "/tmp/something"; // $ Source
|
|
fs.writeFileSync(path.join("./foo/", tmpPath), content);
|
|
fs.writeFileSync(path.join(tmpPath, "./foo/"), content); // $ Alert
|
|
|
|
fs.writeFileSync(path.join(tmpPath, "./foo/"), content, {mode: 0o600});
|
|
|
|
fs.writeFileSync(path.join(tmpPath, "./foo/"), content, {mode: mode}); // OK - assumed unknown mode is secure
|
|
|
|
fs.writeFileSync(path.join(tmpPath, "./foo/"), content, {mode: 0o666}); // $ Alert - explicitly insecure
|
|
|
|
const tmpPath2 = path.join(os.tmpdir(), `tmp_${Math.floor(Math.random() * 1000000)}.md`); // $ Source
|
|
fs.writeFileSync(tmpPath2, content); // $ Alert
|
|
|
|
fs.openSync(tmpPath2, 'w'); // $ Alert
|
|
fs.openSync(tmpPath2, 'w', 0o600);
|
|
})
|