mirror of
https://github.com/github/codeql.git
synced 2025-12-17 09:13:20 +01:00
74 lines
1.6 KiB
JavaScript
74 lines
1.6 KiB
JavaScript
'use strict';
|
|
|
|
var express = require('express');
|
|
var router = new express.Router();
|
|
var rootRoute = router.route('foobar');
|
|
|
|
rootRoute.post(function(req, res) {
|
|
sanitized(req.body);
|
|
|
|
sanitized2(req.body);
|
|
|
|
sanitized3(req.body);
|
|
|
|
sanitized4(req.body);
|
|
});
|
|
|
|
function sanitized(val) {
|
|
var ret = [];
|
|
|
|
if (!Array.isArray(val)) {
|
|
return [];
|
|
}
|
|
// At this point we know that val must be an Array, and an attacker is
|
|
// therefore not able to send a cheap request that spends a lot of time
|
|
// inside the loop.
|
|
for (var i = 0; i < val.length; i++) {
|
|
ret.push(val[i] + 42);
|
|
}
|
|
}
|
|
|
|
function sanitized2(val) {
|
|
var ret = [];
|
|
|
|
if (typeof val === "object") {
|
|
return [];
|
|
}
|
|
// Val can only be a primitive. Therefore no issue!
|
|
for (var i = 0; i < val.length; i++) {
|
|
ret.push(val[i] + 42);
|
|
}
|
|
}
|
|
|
|
function isArray(foo) {
|
|
return foo instanceof Array;
|
|
}
|
|
|
|
function sanitized3(val) {
|
|
var ret = [];
|
|
|
|
if (!isArray(val)) {
|
|
return [];
|
|
}
|
|
// At this point we know that val must be an Array, and an attacker is
|
|
// therefore not able to send a cheap request that spends a lot of time
|
|
// inside the loop.
|
|
for (var i = 0; i < val.length; i++) {
|
|
ret.push(val[i] + 42);
|
|
}
|
|
}
|
|
|
|
function sanitized4(val) {
|
|
var ret = [];
|
|
|
|
if (!(val instanceof Array)) {
|
|
return [];
|
|
}
|
|
// At this point we know that val must be an Array, and an attacker is
|
|
// therefore not able to send a cheap request that spends a lot of time
|
|
// inside the loop.
|
|
for (var i = 0; i < val.length; i++) {
|
|
ret.push(val[i] + 42);
|
|
}
|
|
}
|