Skip to content

Commit 6e0322d

Browse files
asgerfasgerf
committed
JS: Add DeepResourceExhaustion test
1 parent 88e5348 commit 6e0322d

File tree

3 files changed

+21
-0
lines changed

3 files changed

+21
-0
lines changed

javascript/ql/test/query-tests/Security/CWE-400/DeepObjectResourceExhaustion/DeepObjectResourceExhaustion.expected

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
nodes
2+
| tst.js:9:29:9:36 | req.body |
3+
| tst.js:9:29:9:36 | req.body |
4+
| tst.js:9:29:9:36 | req.body |
5+
edges
6+
| tst.js:9:29:9:36 | req.body | tst.js:9:29:9:36 | req.body |
7+
#select
8+
| tst.js:9:29:9:36 | req.body | tst.js:9:29:9:36 | req.body | tst.js:9:29:9:36 | req.body | Denial of service caused by processing user input from $@ with $@. | tst.js:9:29:9:36 | req.body | here | tst.js:4:21:4:35 | allErrors: true | allErrors: true |

javascript/ql/test/query-tests/Security/CWE-400/DeepObjectResourceExhaustion/DeepObjectResourceExhaustion.qlref

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Security/CWE-400/DeepObjectResourceExhaustion.ql

javascript/ql/test/query-tests/Security/CWE-400/DeepObjectResourceExhaustion/tst.js

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
import express from 'express';
2+
import Ajv from 'ajv';
3+
4+
let ajv = new Ajv({ allErrors: true });
5+
ajv.addSchema(require('./input-schema'), 'input');
6+
7+
var app = express();
8+
app.get('/user/:id', function(req, res) {
9+
if (!ajv.validate('input', req.body)) { // NOT OK
10+
return;
11+
}
12+
});

0 commit comments

Comments
 (0)