hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b4f400fb23f24c835658858899faba4c14943d06
codeql/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/angularjs.js

67 lines
2.3 KiB
JavaScript
Raw Blame History

angular.module('myModule', [])
.controller('MyController', function($scope) {
$scope.$on(location.search); // OK
})
.controller('MyController', function($scope) {
$scope.$apply('hello'); // OK
})
.controller('MyController', function($scope) {
var scope = $scope;
scope.$apply(location.search); // BAD
})
.controller('MyController', function($scope) {
$scope.$apply(location.search); // BAD
})
.controller('MyController', function($scope) {
$scope.$applyAsync(location.search); // BAD
})
.controller('MyController', function($scope) {
$scope.$eval(location.search); // BAD
})
.controller('MyController', function($scope) {
$scope.$evalAsync(location.search); // BAD
})
.controller('MyController', function($scope) {
$scope.$watch(location.search); // BAD
})
.controller('MyController', function($scope) {
$scope.$watchCollection(location.search); // BAD
})
.controller('MyController', function($scope) {
$scope.$watchGroup(location.search); // BAD
})
.controller('MyController', function($compile) {
$compile(location.search); // BAD
})
.controller('MyController', function($compile) {
$compile('hello'); // OK
})
.controller('MyController', function($compile) {
$compile(location.search); // BAD
})
.controller('MyController', function($compile) {
var compile = $compile;
compile(location.search); // BAD
})
.controller('MyController', function($parse) {
$parse(location.search); // BAD
})
.controller('MyController', function($interpolate) {
$interpolate(location.search); // BAD
})
.controller('MyController', function($filter) {
$filter('orderBy')([], location.search); // BAD
})
.controller('MyController', function($filter) {
$filter('orderBy')([], 'hello'); // OK
})
.controller('MyController', function($filter) {
$filter('random')([], location.search); // OK
})
.controller('MyController', function($someService) {
$someService('orderBy')([], location.search); // OK
})
.controller('MyController', function($someService) {
$someService(location.search); // OK
});
Reference in New Issue View Git Blame Copy Permalink