hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-23 07:56:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
9a9bbac99e3b3d91697eccc12042b94de32f0204
codeql/javascript/ql/test/query-tests/Security/CWE-843/tst.js
Pavel Avgustinov b55526aa58 QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00

53 lines
1.0 KiB
JavaScript
Raw Blame History

var express = require('express');
var Koa = require('koa');
express().get('/some/path', function(req, res) {
var foo = req.query.foo;
foo.indexOf(); // NOT OK
foo.concat(); // NOT OK
function f() {
foo.concat(); // NOT OK
}
function g(bar) {
bar.concat(); // NOT OK
}
g(foo);
req.url.indexOf(); // OK
foo.indexOf(prefix) === 0; // OK
foo.indexOf(prefix) == 0; // OK
foo.indexOf(prefix) !== 0; // OK
foo.slice(-1) === 'x'; // OK
foo.indexOf(prefix) == 1; // NOT OK
foo.slice(1) === 'x'; // NOT OK
if (typeof foo === "string") {
foo.indexOf(); // OK
} else {
foo.indexOf(); // OK
}
if (foo instanceof Array) {
foo.indexOf(); // OK, but still flagged
}
(foo + f()).indexOf(); // OK
foo.length; // NOT OK
});
new Koa().use(function handler(ctx){
var foo = ctx.request.query.foo;
foo.indexOf(); // NOT OK
});
express().get('/some/path/:foo', function(req, res) {
var foo = req.params.foo;
foo.indexOf(); // OK
});
Reference in New Issue View Git Blame Copy Permalink