hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
d9ba5a1cabf8e34824aace5893e97c37f2080e49
codeql/javascript/ql/test/query-tests/Security/CWE-022/tainted-array-steps.js
Asger F d9ba5a1cab JavaScript: add test cases for new array steps
2018-08-13 12:27:12 +01:00

19 lines
525 B
JavaScript
Raw Blame History

var fs = require('fs'),
http = require('http'),
url = require('url'),
sanitize = require('sanitize-filename'),
pathModule = require('path')
;
var server = http.createServer(function(req, res) {
let path = url.parse(req.url, true).query.path;
// BAD: taint is preserved
res.write(fs.readFileSync(['public', path].join('/')));
// BAD: taint is preserved
let parts = ['public', path];
parts = parts.map(x => x.toLowerCase());
res.write(fs.readFileSync(parts.join('/')));
});
server.listen();
Reference in New Issue View Git Blame Copy Permalink