hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
66737402c20fc83b3d3a654dcccf4b26c901b100
codeql/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjectionExitGood.js
Asger F 9be041e27d JS: Update OK-style comments to $-style
2025-02-28 13:27:28 +01:00

58 lines
966 B
JavaScript
Raw Blame History

var express = require('express');
var router = new express.Router();
var rootRoute = router.route('foobar');
var _ = require("lodash");
rootRoute.post(function (req, res) {
breaks(req.body);
throws(req.body);
returns(req.body);
lodashThrow(req.body);
});
function breaks(val) {
var ret = [];
for (var i = 0; i < val.length; i++) {
if (val[i] == null) {
break; // Prevents DoS.
}
ret.push(val[i]);
}
}
function throws(val) {
var ret = [];
for (var i = 0; i < val.length; i++) {
if (val[i] == null) {
throw 2; // Prevents DoS.
}
ret.push(val[i]);
}
}
// The obvious null-pointer detection should not hit this one.
function returns(val) {
var ret = [];
for (var i = 0; i < val.length; i++) {
if (val[i] == null) {
return 2; // Prevents DoS.
}
ret.push(val[i]);
}
}
function lodashThrow(val) {
_.map(val, function (e) {
if (!e) {
throw new Error(); // Prevents DoS.
}
})
}
Reference in New Issue View Git Blame Copy Permalink