-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathtst.js
More file actions
119 lines (92 loc) · 3.05 KB
/
tst.js
File metadata and controls
119 lines (92 loc) · 3.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
var express = require('express');
var app = express();
app.get('/user/:id', function(req, res) {
process.exit();
if(req.params.shutDown) { // $ Alert[js/user-controlled-bypass] - depends on user input
process.exit();
}
if (req.cookies.loginThing) { // $ Alert[js/user-controlled-bypass] - depends on user input
o.login();
}
if (req.cookies.loginThing) { // OK - not a sensitive action
o.getLogin();
}
process.exit();
function id(v) {
return v;
}
var v3 = id(req.cookies.cookieId); // $ Source[js/user-controlled-bypass]
if (v3) { // $ Alert[js/user-controlled-bypass] - depends on user input
process.exit();
}
if (otherCondition) {
if (req.cookies.cookieId) { // $ Alert[js/user-controlled-bypass] - depends on user input
process.exit();
}
}
if (req.cookies.cookieId) { // $ SPURIOUS: Alert[js/user-controlled-bypass] - flagged anyway due to plain dominance analysis
if (otherCondition) {
process.exit();
}
}
if(req.params.login) { // $ Alert[js/user-controlled-bypass] - depends on user input
} else {
login()
}
if(req.params.login && somethingElse) { // OK - depends on something else
} else {
login()
}
if(req.params.login && somethingElse) { // $ Alert[js/user-controlled-bypass] - depends on user input
login()
}
if (req.cookies.cookieId === req.params.requestId) { // $ Alert[js/different-kinds-comparison-bypass]
process.exit();
}
var v1 = req.cookies.cookieId === req.params.requestId; // $ Alert[js/different-kinds-comparison-bypass]
if (v1) {
process.exit();
}
function cmp(p, q) {
return p === q; // $ Alert[js/different-kinds-comparison-bypass]
}
var v2 = cmp(req.cookies.cookieId, req.params.requestId); // $ MISSING: Alert - not detected due to flow limitations
if (v2) {
process.exit();
}
if (req.cookies.cookieId === "secret") { // $ Alert[js/user-controlled-bypass] - depends on user input
process.exit();
}
if (req.cookies.loginThing) {
// OK - not a sensitive action
unauthorized();
// OK - not a sensitive action
console.log(commit.author().toString());
}
});
app.get('/user/:id', function(req, res) {
if (!req.body || !username || !password || riskAssessnment == null) { // OK - early return below
res.status(400).send({ error: '...', id: '...' });
return
}
customerLogin.customerLogin(username, password, riskAssessment, clientIpAddress);
while (!verified) {
if (req.query.vulnerable) { // $ Alert[js/user-controlled-bypass]
break;
}
verify();
}
while (!verified) {
if (req.query.vulnerable) { // $ Alert[js/user-controlled-bypass]
break;
} else {
verify();
}
}
while (!verified) {
if (req.query.vulnerable) { // OK - early return
return;
}
verify();
}
});