Skip to content

Commit bbb6dad

Browse files
asger-semmleasger-semmle
committed
JS: Update koa testcase
1 parent b407de0 commit bbb6dad

File tree

1 file changed

+3
-3
lines changed
  • javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect

1 file changed

+3
-3
lines changed

javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/koa.js

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,20 @@
11
const Koa = require('koa');
2-
const url = require('url');
2+
const urlLib = require('url');
33
const app = new Koa();
44

55
app.use(async ctx => {
66
var url = ctx.query.target;
77
ctx.redirect(url); // NOT OK
88
ctx.redirect(`${url}${x}`); // NOT OK
99

10-
var isCrossDomainRedirect = url.parse(url || '', false, true).hostname;
10+
var isCrossDomainRedirect = urlLib.parse(url || '', false, true).hostname;
1111
if(!url || isCrossDomainRedirect) {
1212
ctx.redirect('/'); // OK
1313
} else {
1414
ctx.redirect(url); // NOT OK
1515
}
1616

17-
if(!url || isCrossDomainRedirect || ! url.match(VALID)) {
17+
if(!url || isCrossDomainRedirect || url.match(/[^\w/-]/)) {
1818
ctx.redirect('/'); // OK
1919
} else {
2020
ctx.redirect(url); // OK

0 commit comments

Comments
 (0)