mirror of
https://github.com/github/codeql.git
synced 2026-02-06 10:11:07 +01:00
215 lines
6.9 KiB
JavaScript
215 lines
6.9 KiB
JavaScript
var restify = require('restify');
|
||
const restifyPlugins = require('restify-plugins');
|
||
var clients = require('restify-clients');
|
||
|
||
const opts = {
|
||
formatters: {
|
||
'text/plain': function(req, res, body) { // test: formatter
|
||
if (body instanceof Error) {
|
||
return '<html><body>' + body.message + '</body></html>'; // test: stackTraceExposureSink
|
||
} else {
|
||
return '<html><body>' + body + req.params.name + '</body></html>'; // test: source, stackTraceExposureSink, !xssSink, !xss
|
||
}
|
||
}
|
||
}
|
||
}
|
||
const _server = restify.createServer(opts)
|
||
|
||
const server = restify.createServer({
|
||
formatters: {
|
||
'text/html': function(req, res, body) { // test: formatter
|
||
if (body instanceof Error) {
|
||
return '<html><body>' + body.message + '</body></html>'; // test: stackTraceExposureSink, xssSink
|
||
} else {
|
||
return '<html><body>' + body + req.params.name + '</body></html>'; // test: source, stackTraceExposureSink, xssSink, xss
|
||
}
|
||
}
|
||
}
|
||
});
|
||
|
||
// The pre handler chain is executed before routing. That means these handlers will execute for an incoming request even if it’s for a route that you did not register.
|
||
server.pre(restify.plugins.pre.dedupeSlashes());
|
||
server.pre(function(req, res, next) { // test: handler
|
||
return next();
|
||
});
|
||
|
||
// The use handler chains is executed after a route has been chosen to service the request.
|
||
server.use(restifyPlugins.jsonBodyParser({ mapParams: true })); // TODO: prototype pollution?
|
||
server.use(restifyPlugins.acceptParser(server.acceptable));
|
||
server.use(restifyPlugins.queryParser({ mapParams: true })); // TODO: prototype pollution?
|
||
server.use(restifyPlugins.fullResponse());
|
||
server.use(function(req, res, next) { // test: handler
|
||
return next();
|
||
});
|
||
function filter(req, res, next) { // test: handler
|
||
return next();
|
||
}
|
||
function filter1(req, res, next) { // test: handler
|
||
return next();
|
||
}
|
||
function filter2(req, res, next) { // test: handler
|
||
return next();
|
||
}
|
||
function filter3(req, res, next) { // test: handler
|
||
return next();
|
||
}
|
||
function filter4(req, res, next) { // test: handler
|
||
return next();
|
||
}
|
||
function filter5(req, res, next) { // test: handler
|
||
return next();
|
||
}
|
||
function filter6(req, res, next) { // test: handler
|
||
return next();
|
||
}
|
||
const handlers = [filter5, filter6];
|
||
server.use(filter); // test: setup
|
||
server.use(filter1, filter2); // test: setup
|
||
server.use([filter3, filter4]); // test: setup
|
||
server.use(handlers); // setup
|
||
|
||
function respond(req, res, next) { // test: handler
|
||
res.send('hello ' + req.params.name); // test: source, stackTraceExposureSink
|
||
res.send('hello ' + req.params["name"]); // test: source, stackTraceExposureSink
|
||
res.send('hello ' + req.query.name); // test: source, stackTraceExposureSink
|
||
res.send('hello ' + req.params[0]); // test: source, stackTraceExposureSink
|
||
|
||
res.redirect({
|
||
hostname: req.params.name, // test: source, redirectSink
|
||
pathname: '/bar',
|
||
port: 80,
|
||
secure: true,
|
||
permanent: true,
|
||
query: {
|
||
a: 1
|
||
}
|
||
}, next);
|
||
res.redirect(301, req.params.name, next); // test: source, redirectSink
|
||
res.redirect(req.params.name, next); // test: source, redirectSink
|
||
next();
|
||
}
|
||
server.get('/hello/:name', respond); // test: setup
|
||
server.head('/hello/:name', respond); // test: setup
|
||
server.get('/', function(req, res, next) { // test: setup, handler
|
||
res.send('home')
|
||
return next();
|
||
});
|
||
|
||
server.get('/foo', // test: setup
|
||
function(req, res, next) { // test: handler
|
||
req.someData = req.params.name; // test: source
|
||
return next();
|
||
},
|
||
function(req, res, next) { // test: handler
|
||
res.header("Content-Type", "text/html"); // test: headerDefinition
|
||
res.send(req.someData); // test: stackTraceExposureSink, xssSink, xss
|
||
return next();
|
||
}
|
||
);
|
||
|
||
server.get('/foo2', // test: setup
|
||
[function(req, res, next) { // test: handler
|
||
req.someData = 'foo';
|
||
return next();
|
||
},
|
||
function(req, res, next) { // test: handler
|
||
res.send(req.someData); // test: stackTraceExposureSink
|
||
return next();
|
||
}]
|
||
);
|
||
|
||
function xss(req, res, next) { // test: handler
|
||
res.header("Content-Type", "text/html"); // test: headerDefinition
|
||
res.send('hello ' + req.query.name); // test: source, stackTraceExposureSink, xssSink, xss
|
||
next();
|
||
}
|
||
|
||
function xss2(req, res, next) { // test: candidateHandler
|
||
next()
|
||
}
|
||
|
||
function xss3(req, res, next) { // test: handler
|
||
res.header("Content-Type", "text/html"); // test: headerDefinition
|
||
res.send('hello ' + req.header("foo")); // test: source, stackTraceExposureSink, xssSink, !xss
|
||
next();
|
||
}
|
||
|
||
function xss4(req, res, next) { // test: handler
|
||
var body = req.params.name; // test: source
|
||
res.writeHead(200, {
|
||
'Content-Length': Buffer.byteLength(body),
|
||
'Content-Type': 'text/html'
|
||
});
|
||
res.write(body); // test: stackTraceExposureSink, xssSink, xss
|
||
res.end();
|
||
next();
|
||
}
|
||
|
||
server["get"]('/xss', xss); // test: setup
|
||
["get", "head"].forEach(method => {
|
||
server[method]('/xss2', xss2);
|
||
});
|
||
server["get"]('/xss3', xss3); // test: setup
|
||
server["get"]('/xss4', xss4); // test: setup
|
||
|
||
|
||
server.get('/testv2', function(req, res, next) { // test: handler
|
||
res.set({
|
||
"Content-Type": "text/html",
|
||
"access-control-allow-origin": "*", // test: corsMiconfigurationSink
|
||
"access-control-allow-headers": "Content-Type, Authorization, Content-Length, X-Requested-With",
|
||
"access-control-allow-methods": "GET, POST, PUT, DELETE, OPTIONS",
|
||
"access-control-allow-credentials": "true"
|
||
})
|
||
res.send('hello ' + req.params.name); // test: source, stackTraceExposureSink, xssSink, xss
|
||
clients.createJsonClient({
|
||
url: req.params.uri, // test: source, ssrfSink
|
||
});
|
||
clients.createJsonClient(req.params.uri); // test: source, ssrfSink
|
||
|
||
next();
|
||
})
|
||
|
||
server.get('/hello2/:name', restify.plugins.conditionalHandler([ // test: setup
|
||
{ version: ['2.0.0', '2.1.0', '2.2.0'], handler: sendV2 }
|
||
]));
|
||
|
||
server.get('/version/test', restify.plugins.conditionalHandler([ //test: setup
|
||
{
|
||
version: ['2.0.0', '2.1.0', '2.2.0'],
|
||
handler: function(req, res, next) { // test: candidateHandler
|
||
res.send(200, {
|
||
requestedVersion: req.version(),
|
||
matchedVersion: req.matchedVersion()
|
||
});
|
||
return next();
|
||
}
|
||
}
|
||
]));
|
||
|
||
server.on('InternalServer', function(req, res, err, callback) { // test: setup, handler
|
||
return callback();
|
||
});
|
||
|
||
server.on('restifyError', function(req, res, err, callback) { // test: setup, handler
|
||
return callback();
|
||
});
|
||
server.on('after', function(req, res, route, error) { // test: setup, handler
|
||
});
|
||
server.on('pre', function(req, res) { // test: setup, handler
|
||
});
|
||
server.on('routed', function(req, res, route) { // test: setup, handler
|
||
res.header("Content-Type", "text/plain")
|
||
res.send(req.params.foo) // test: source, !xssSink, !xss
|
||
});
|
||
server.on('uncaughtException', function(req, res, route, err) { // test: setup, handler
|
||
res.header("Content-Type", "text/html")
|
||
res.send(req.params.foo) // test: source, xssSink, xss
|
||
});
|
||
|
||
|
||
server.listen(8080, function() {
|
||
console.log('%s listening at %s', server.name, server.url);
|
||
});
|
||
|