hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
8c34b7eaeab01a60e32194b5442c8e79c28d55bd
codeql/javascript/ql/test/query-tests/Security/CWE-942/apollo-test.js
Napalys Klicius 95743d7109 Added inline test expectations for cors permissive config
2025-07-30 10:42:55 +00:00

28 lines
756 B
JavaScript
Raw Blame History

import { ApolloServer } from 'apollo-server';
var https = require('https'),
url = require('url');
var server = https.createServer(function () { });
server.on('request', function (req, res) {
let user_origin = url.parse(req.url, true).query.origin; // $ Source
// BAD: CORS too permissive
const server_1 = new ApolloServer({
cors: { origin: true } // $ Alert
});
// GOOD: restrictive CORS
const server_2 = new ApolloServer({
cors: false
});
// BAD: CORS too permissive
const server_3 = new ApolloServer({
cors: { origin: null } // $ Alert
});
// BAD: CORS is controlled by user
const server_4 = new ApolloServer({
cors: { origin: user_origin } // $ Alert
});
});
Reference in New Issue View Git Blame Copy Permalink