hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
66737402c20fc83b3d3a654dcccf4b26c901b100
codeql/javascript/ql/test/query-tests/Security/CWE-506/tst.js
Asger F 64d39da5f8 JS: Accept Sources/Sink tags
2025-02-28 13:29:30 +01:00

14 lines
498 B
JavaScript
Raw Blame History

var totallyHarmlessString = '636f6e736f6c652e6c6f672827636f646520696e6a656374696f6e2729'; // $ Source
eval(Buffer.from(totallyHarmlessString, 'hex').toString()); // $ Alert - eval("console.log('code injection')")
eval(totallyHarmlessString); // OK - throws parse error
var test = "0123456789"; // $ Source
try {
eval(test+"n"); // $ SPURIOUS: Alert
console.log("Bigints supported.");
} catch(e) {
console.log("Bigints not supported.");
}
require('babeface');
Reference in New Issue View Git Blame Copy Permalink