hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
bc6133de5c1ff734a5fa475a5dd6e0af7ed9ff3c
codeql/go/ql/test/query-tests/Security/CWE-079/stored.go
Owen Mansel-Chan 1926ffd450 Convert XSS tests to use inline expectations
2025-05-01 15:39:19 +01:00

66 lines
1.3 KiB
Go
Raw Blame History

package main
import (
"database/sql"
"io"
"io/fs"
"log"
"net/http"
"path/filepath"
)
var db *sql.DB
var q string
func storedserve1() {
http.HandleFunc("/user", func(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
rows, _ := db.Query(q, 32) // $ Source[go/stored-xss]
for rows.Next() {
var (
id int64
name string
)
if err := rows.Scan(&id, &name); err != nil {
log.Fatal(err)
}
// BAD: the stored XSS query assumes all query results are untrusted
io.WriteString(w, name) // $ Alert[go/stored-xss]
}
})
}
func storedserve2() {
http.HandleFunc("/user", func(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
rows, _ := db.Query(q, 32)
for rows.Next() {
var (
id int64
name string
)
if err := rows.Scan(&id, &name); err != nil {
log.Fatal(err)
}
// GOOD: name is checked against a constant value
if name == "Sam" {
io.WriteString(w, name)
}
}
})
}
func storedserve3() {
http.HandleFunc("/user", func(w http.ResponseWriter, r *http.Request) {
filepath.WalkDir(".", func(path string, _ fs.DirEntry, err error) error { // $ Source[go/stored-xss]
// BAD: filenames are considered to be untrusted
io.WriteString(w, path) // $ Alert[go/stored-xss]
return nil
})
})
}
Reference in New Issue View Git Blame Copy Permalink