hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-21 15:06:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
9a9bbac99e3b3d91697eccc12042b94de32f0204
codeql/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.js
Pavel Avgustinov b55526aa58 QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00

50 lines
1.1 KiB
JavaScript
Raw Blame History

var express = require('express');
var app = express();
app.get('/findKey', function(req, res) {
var key = req.param("key"), input = req.param("input");
// BAD: Unsanitized user input is used to construct a regular expression
var re = new RegExp("\\b" + key + "=(.*)\n");
function wrap(s) {
return "\\b" + wrap2(s);
}
function wrap2(s) {
return s + "=(.*)\n";
}
// NOT OK
new RegExp(wrap(key));
// NOT OK (duplicated to test precision of flow tracking)
new RegExp(wrap(key));
function getKey() {
return req.param("key");
}
// NOT OK
new RegExp(getKey());
function mkRegExp(s) {
// NOT OK
return new RegExp(s);
}
mkRegExp(key);
mkRegExp(getKey());
var defString = "someString";
var likelyString = x? defString: 42;
var notString = {};
defString.match(input); // NOT OK
likelyString.match(input); // NOT OK
maybeString.match(input); // NOT OK
notString.match(input); // OK
defString.search(input); // NOT OK
likelyString.search(input); // NOT OK
maybeString.search(input); // NOT OK
notString.search(input); // OK
});
Reference in New Issue View Git Blame Copy Permalink