forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMissingCsrfMiddlewareBad.js
More file actions
48 lines (36 loc) · 1.32 KB
/
MissingCsrfMiddlewareBad.js
File metadata and controls
48 lines (36 loc) · 1.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
var express = require('express');
var cookieParser = require('cookie-parser');
var passport = require('passport');
var app = express();
app.use(cookieParser()); // $ Alert
app.use(passport.authorize({ session: true }));
app.post('/changeEmail', function (req, res) {
let newEmail = req.cookies["newEmail"];
}); // $ RelatedLocation
(function () {
var app = express();
app.use(cookieParser()); // $ Alert
app.use(passport.authorize({ session: true }));
const errorCatch = (fn) =>
(req, res, next) => {
fn(req, res, next).catch((e) => console.log("Caught " + e));
};
app.post('/changeEmail', errorCatch(async function (req, res) {
let newEmail = req.cookies["newEmail"];
})); // $ RelatedLocation
})
(function () {
var app = express();
app.use(cookieParser()); // $ Alert
app.use(passport.authorize({ session: true }));
const errorCatch = (fn) =>
(req, res, next) => {
fn.call(this, req, res, next).catch((e) => console.log("Caught " + e));
};
app.post('/changeEmail', errorCatch(async function (req, res) {
let newEmail = req.cookies["newEmail"];
})); // $ RelatedLocation
app.post('/doLoginStuff', errorCatch(async function (req, res) {
req.session.user = loginStuff(req);
})); // $ RelatedLocation
})