hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-22 23:49:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
9a9bbac99e3b3d91697eccc12042b94de32f0204
codeql/javascript/ql/test/query-tests/Security/CWE-807/tst.js
Pavel Avgustinov b55526aa58 QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00

102 lines
2.1 KiB
JavaScript
Raw Blame History

var express = require('express');
var app = express();
app.get('/user/:id', function(req, res) {
// OK
process.exit();
if(req.params.shutDown) {
// NOT OK: depends on user input
process.exit();
}
if (req.cookies.loginThing) {
// NOT OK: depends on user input
o.login();
}
if (req.cookies.loginThing) {
// OK: not a sensitive action
o.getLogin();
}
// OK
process.exit();
function id(v) {
return v;
}
var v3 = id(req.cookies.cookieId);
if (v3) {
// NOT OK, depends on user input
process.exit();
}
if (otherCondition) {
if (req.cookies.cookieId) {
// NOT OK: depends on user input
process.exit();
}
}
if (req.cookies.cookieId) {
if (otherCondition) {
// OK: but flagged anyway due to plain dominance analysis
process.exit();
}
}
if(req.params.login) {
} else {
// NOT OK: depends on user input
login()
}
if(req.params.login && somethingElse) {
} else {
// OK: depends on something else
login()
}
if(req.params.login && somethingElse) {
// NOT OK: depends on user input
login()
}
if (req.cookies.cookieId === req.params.requestId) {
// NOT OK: depends on user input
process.exit();
}
var v1 = req.cookies.cookieId === req.params.requestId;
if (v1) {
// NOT OK: depends on user input
process.exit();
}
function cmp(p, q) {
return p === q;
}
var v2 = cmp(req.cookies.cookieId, req.params.requestId);
if (v2) {
// NOT OK, but not detected due to flow limitations
process.exit();
}
if (req.cookies.cookieId === "secret") {
// NOT OK: depends on user input
process.exit();
}
if (req.cookies.loginThing) {
// OK: not a sensitive action
unauthorized();
// OK: not a sensitive action
console.log(commit.author().toString());
}
});
Reference in New Issue View Git Blame Copy Permalink