hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
75b13da4e422c6f00519b51a3d29017cebf40aab
codeql/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/examples/TaintedPath.js
Max Schaefer dfffa1e237 Apply suggestions from code review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
2023-11-21 10:07:11 +00:00

12 lines
367 B
JavaScript
Raw Blame History

const fs = require('fs'),
http = require('http'),
url = require('url');
const ROOT = "/var/www/";
var server = http.createServer(function(req, res) {
let filePath = url.parse(req.url, true).query.path;
// BAD: This function uses unsanitized input that can read any file on the file system.
res.write(fs.readFileSync(ROOT + filePath, 'utf8'));
});
Reference in New Issue View Git Blame Copy Permalink