Skip to content

Commit a453405

Browse files
mattrothenbergmattrothenberg
authored
Update RequestForgeryBad.js
1 parent 2ae0c7e commit a453405

File tree

1 file changed

+2
-3
lines changed

1 file changed

+2
-3
lines changed

javascript/ql/src/Security/CWE-918/examples/RequestForgeryBad.js

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,7 @@
11
import http from 'http';
2-
import url from 'url';
32

4-
var server = http.createServer(function(req, res) {
5-
var target = url.parse(req.url, true).query.target;
3+
const server = http.createServer(function(req, res) {
4+
const target = new URL(req.url).searchParams.get("target");
65

76
// BAD: `target` is controlled by the attacker
87
http.get('https://' + target + ".example.com/data/", res => {

0 commit comments

Comments
 (0)