mirror of
https://github.com/github/codeql.git
synced 2025-12-17 09:13:20 +01:00
17 lines
730 B
JavaScript
17 lines
730 B
JavaScript
const express = require('express');
|
|
const libxmljs = require('libxmljs');
|
|
|
|
express().get('/some/path', function (req) {
|
|
libxmljs.parseXml(req.param("some-xml"), { noent: true }); // $ Alert - unguarded entity expansion
|
|
});
|
|
|
|
express().post('/some/path', function (req, res) {
|
|
libxmljs.parseXml(req.param("some-xml"), { noent: true }); // $ Alert - unguarded entity expansion
|
|
|
|
libxmljs.parseXmlString(req.param("some-xml"), { noent: true }) // $ Alert - unguarded entity expansion
|
|
libxmljs.parseXmlString(req.files.products.data.toString('utf8'), { noent: true })// $ Alert - unguarded entity expansion
|
|
|
|
// OK - no entity expansion
|
|
libxmljs.parseXmlString(req.files.products.data.toString('utf8'), { noent: false })
|
|
});
|