Added matchAll test which is not marked as vulnurability by CodeQL

github · Nov 7, 2024 · a96f9fc · a96f9fc
1 parent 514375d
commit a96f9fc
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/javascript/ql/test/query-tests/Security/CWE-117/logInjectionGood.js b/javascript/ql/test/query-tests/Security/CWE-117/logInjectionGood.js
@@ -27,3 +27,9 @@ const server = http.createServer((req, res) => {
         console.error(`[ERROR] Error: "${error}"`);
     }
 });
+
+const serverMatchAll = http.createServer((req, res) => {
+    let username = url.parse(req.url, true).query.username;
+    let otherStr = username.matchAll(/.*/g)[0]; // BAD - this is suppose to be cought by Taint Tracking, works for match but not matchAll
+    console.log(otherStr);
+});