hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
cef845ac47faa110296d992334fa054cbba6523a
codeql/javascript/ql/test/query-tests/Security/CWE-1004/test_httpserver.js
edvraa cef845ac47 Support string expressions
2021-05-03 13:46:56 +03:00

91 lines
2.8 KiB
JavaScript
Raw Blame History

const http = require('http');
function test1() {
const server = http.createServer((req, res) => {
res.setHeader('Content-Type', 'text/html');
// BAD
res.setHeader("Set-Cookie", "auth=ninja");
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('ok');
});
}
function test2() {
const server = http.createServer((req, res) => {
res.setHeader('Content-Type', 'text/html');
// GOOD
res.setHeader("Set-Cookie", "auth=ninja; HttpOnly");
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('ok');
});
}
function test3() {
const server = http.createServer((req, res) => {
res.setHeader('Content-Type', 'text/html');
// BAD
res.setHeader("Set-Cookie", ["auth=ninja", "token=javascript"]);
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('ok');
});
}
function test4() {
const server = http.createServer((req, res) => {
res.setHeader('Content-Type', 'text/html');
// GOOD
res.setHeader("Set-Cookie", ["auth=ninja; HttpOnly"]);
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('ok');
});
}
function test5() {
const server = http.createServer((req, res) => {
res.setHeader('Content-Type', 'text/html');
// GOOD, case insensitive
res.setHeader("Set-Cookie", ["auth=ninja; httponly"]);
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('ok');
});
}
function test6() {
const server = http.createServer((req, res) => {
res.setHeader('Content-Type', 'text/html');
// BAD
res.setHeader("Set-Cookie", ["auth=ninja; httponly", "token=javascript"]);
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('ok');
});
}
function test7() {
const server = http.createServer((req, res) => {
res.setHeader('Content-Type', 'text/html');
// Good, not auth related
res.setHeader("Set-Cookie", ["foo=ninja", "bar=javascript"]);
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('ok');
});
}
function test8() {
const server = http.createServer((req, res) => {
res.setHeader('Content-Type', 'text/html');
let attr = "; httponly"
res.setHeader("Set-Cookie", `session=ninja ${attr}`); // Good, httponly string expression
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('ok');
});
}
function test9() {
const server = http.createServer((req, res) => {
res.setHeader('Content-Type', 'text/html');
let attr = "; secure"
res.setHeader("Set-Cookie", `session=ninja ${attr}`); // Bad, not httponly string expression
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('ok');
});
}
Reference in New Issue View Git Blame Copy Permalink