hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
66737402c20fc83b3d3a654dcccf4b26c901b100
codeql/javascript/ql/test/query-tests/Security/CWE-807/tst.js
Asger F 64d39da5f8 JS: Accept Sources/Sink tags
2025-02-28 13:29:30 +01:00

120 lines
3.1 KiB
JavaScript
Raw Blame History

var express = require('express');
var app = express();
app.get('/user/:id', function(req, res) {
process.exit();
if(req.params.shutDown) { // $ Alert[js/user-controlled-bypass] - depends on user input
process.exit();
}
if (req.cookies.loginThing) { // $ Alert[js/user-controlled-bypass] - depends on user input
o.login();
}
if (req.cookies.loginThing) { // OK - not a sensitive action
o.getLogin();
}
process.exit();
function id(v) {
return v;
}
var v3 = id(req.cookies.cookieId); // $ Source[js/user-controlled-bypass]
if (v3) { // $ Alert[js/user-controlled-bypass] - depends on user input
process.exit();
}
if (otherCondition) {
if (req.cookies.cookieId) { // $ Alert[js/user-controlled-bypass] - depends on user input
process.exit();
}
}
if (req.cookies.cookieId) { // $ SPURIOUS: Alert[js/user-controlled-bypass] - flagged anyway due to plain dominance analysis
if (otherCondition) {
process.exit();
}
}
if(req.params.login) { // $ Alert[js/user-controlled-bypass] - depends on user input
} else {
login()
}
if(req.params.login && somethingElse) { // OK - depends on something else
} else {
login()
}
if(req.params.login && somethingElse) { // $ Alert[js/user-controlled-bypass] - depends on user input
login()
}
if (req.cookies.cookieId === req.params.requestId) { // $ Alert[js/different-kinds-comparison-bypass]
process.exit();
}
var v1 = req.cookies.cookieId === req.params.requestId; // $ Alert[js/different-kinds-comparison-bypass]
if (v1) {
process.exit();
}
function cmp(p, q) {
return p === q; // $ Alert[js/different-kinds-comparison-bypass]
}
var v2 = cmp(req.cookies.cookieId, req.params.requestId); // $ MISSING: Alert - not detected due to flow limitations
if (v2) {
process.exit();
}
if (req.cookies.cookieId === "secret") { // $ Alert[js/user-controlled-bypass] - depends on user input
process.exit();
}
if (req.cookies.loginThing) {
// OK - not a sensitive action
unauthorized();
// OK - not a sensitive action
console.log(commit.author().toString());
}
});
app.get('/user/:id', function(req, res) {
if (!req.body || !username || !password || riskAssessnment == null) { // OK - early return below
res.status(400).send({ error: '...', id: '...' });
return
}
customerLogin.customerLogin(username, password, riskAssessment, clientIpAddress);
while (!verified) {
if (req.query.vulnerable) { // $ Alert[js/user-controlled-bypass]
break;
}
verify();
}
while (!verified) {
if (req.query.vulnerable) { // $ Alert[js/user-controlled-bypass]
break;
} else {
verify();
}
}
while (!verified) {
if (req.query.vulnerable) { // OK - early return
return;
}
verify();
}
});
Reference in New Issue View Git Blame Copy Permalink