hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
66737402c20fc83b3d3a654dcccf4b26c901b100
codeql/javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/gunzip-maybe.js
amammad 5a49f6bb9b fix tests
2023-10-06 22:10:57 +02:00

14 lines
429 B
JavaScript
Raw Blame History

const gunzipmaybe = require("gunzip-maybe");
const express = require('express')
const fileUpload = require("express-fileupload");
const { Readable } = require('stream');
const app = express();
app.use(fileUpload());
app.listen(3000, () => {
});
app.post('/upload', async (req, res) => {
// Unsafe
const RemoteStream = Readable.from(req.files.ZipFile.data);
RemoteStream.pipe(gunzipmaybe).createWriteStream("tmp")
});
Reference in New Issue View Git Blame Copy Permalink