hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-23 07:56:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b671ef504da698483cd2e9dcccec2bc4e5d75bd3
codeql/javascript/ql/test/query-tests/Security/CWE-089/mongodb_bodySafe.js
Asger F d72d7345b8 JS: make NosqlInjection use object taint
2018-10-10 17:05:59 +01:00

32 lines
835 B
JavaScript
Raw Blame History

const express = require('express'),
mongodb = require('mongodb'),
bodyParser = require('body-parser');
const MongoClient = mongodb.MongoClient;
const app = express();
app.use(bodyParser.urlencoded({ extended: false }));
app.post('/documents/find', (req, res) => {
const query = {};
query.title = req.body.title;
MongoClient.connect('mongodb://localhost:27017/test', (err, db) => {
let doc = db.collection('doc');
// OK: req.body is safe
doc.find(query);
});
});
app.post('/documents/find', (req, res) => {
const query = {};
query.title = req.query.title;
MongoClient.connect('mongodb://localhost:27017/test', (err, db) => {
let doc = db.collection('doc');
// NOT OK: regardless of body parser, query value is still tainted
doc.find(query);
});
});
Reference in New Issue View Git Blame Copy Permalink