Skip to content

Commit 19cc3e3

Browse files
NapalysNapalys
committed
JS: Add test case for RequestForgery with url wrapped via package URL 
1 parent a519eab commit 19cc3e3

File tree

1 file changed

+9
-0
lines changed

1 file changed

+9
-0
lines changed

javascript/ql/test/query-tests/Security/CWE-918/serverSide.js

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -133,3 +133,12 @@ var server2 = http.createServer(function(req, res) {
133133
var myEncodedUrl = `${something}/bla/${encodeURIComponent(tainted)}`;
134134
axios.get(myEncodedUrl);
135135
})
136+
137+
var server2 = http.createServer(function(req, res) {
138+
const { URL } = require('url');
139+
const input = req.query.url; // $MISSING:Source[js/request-forgery]
140+
const target = new URL(input);
141+
axios.get(target.toString()); // $MISSING:Alert[js/request-forgery]
142+
axios.get(target); // $MISSING:Alert[js/request-forgery]
143+
axios.get(target.href); // $MISSING:Alert[js/request-forgery]
144+
});

0 commit comments

Comments
 (0)