hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
8d49f26f3ded540d5e5c4c88899731ea0879fde4
codeql/javascript/ql/test/query-tests/Security/CWE-312/build-leaks.js

104 lines
2.8 KiB
JavaScript
Raw Blame History

const webpack = require("webpack");
var plugin = new webpack.DefinePlugin({
"process.env": JSON.stringify(process.env) // $ Source[js/build-artifact-leak]
}); // $ Alert[js/build-artifact-leak]
new webpack.DefinePlugin({ 'process.env': JSON.stringify({ DEBUG: process.env.DEBUG }) })
function getEnv(env) {
const raw = Object.keys(process.env)
.reduce((env, key) => {
env[key] = process.env[key] // $ Source[js/build-artifact-leak]
return env
}, {
NODE_ENV: process.env.NODE_ENV || env || 'development'
})
const stringifed = {
'process.env': Object.keys(raw).reduce((env, key) => {
env[key] = JSON.stringify(raw[key])
return env
}, {})
}
return {
raw: raw,
stringified: stringifed
}
}
new webpack.DefinePlugin(getEnv('production').stringified); // $ Alert[js/build-artifact-leak]
var https = require('https');
var url = require('url');
var server = https.createServer(function (req, res) {
let pw = url.parse(req.url, true).query.current_password; // $ Source[js/build-artifact-leak]
var plugin = new webpack.DefinePlugin({ "process.env.secret": JSON.stringify(pw) }); // $ Alert[js/build-artifact-leak]
});
(function () {
const REACT_APP = /^REACT_APP_/i;
function getOnlyReactVariables() {
const raw = Object.keys(process.env)
.filter(key => REACT_APP.test(key)) // This filters makes it safe.
.reduce(
(env, key) => {
env[key] = process.env[key];
return env;
},
{}
);
return raw;
}
new webpack.DefinePlugin(getOnlyReactVariables());
function getOnlyReactVariables2() {
const raw = Object.keys(process.env)
.reduce(
(env, key) => {
if (REACT_APP.test(key)) {
env[key] = process.env[key];
}
return env;
},
{}
);
return raw;
}
new webpack.DefinePlugin(getOnlyReactVariables2());
function getOnlyReactVariables3() {
const raw = Object.keys(process.env)
.reduce(
(env, key) => {
if (key == ["1", "2", "3"]) {
env[key] = process.env[key];
}
return env;
},
{}
);
return raw;
}
new webpack.DefinePlugin(getOnlyReactVariables3());
function getFilteredEnv4() {
return ["FOO", "BAR", "BAZ"]
.reduce((env, key) => {
env[key] = JSON.stringify(process.env[key]);
return env;
}, {});
}
new webpack.DefinePlugin(getFilteredEnv4());
})();
Reference in New Issue View Git Blame Copy Permalink