hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
d249b51a5e94a2682b3aec519e7f31e82df12d59
codeql/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss.js
Erik Krogh Kristensen bace2994c3 add test for type-tracking req.params
2020-07-01 11:38:54 +02:00

19 lines
458 B
JavaScript
Raw Blame History

var express = require('express');
var app = express();
app.get('/user/:id', function(req, res) {
if (!isValidUserId(req.params.id)) {
// BAD: a request parameter is incorporated without validation into the response
res.send("Unknown user: " + req.params.id);
moreBadStuff(req.params, res);
} else {
// TODO: do something exciting
;
}
});
function moreBadStuff(params, res) {
res.send("Unknown user: " + params.id); // NOT OK
}
Reference in New Issue View Git Blame Copy Permalink