Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create vulnerable.js #2

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Create vulnerable.js #2

wants to merge 1 commit into from

Conversation

shwetarkadam
Copy link
Contributor

No description provided.

const serializedData = req.body.data;
try {
const deserializedData = JSON.parse(serializedData);
res.send(`Deserialized data: ${deserializedData}`);

Check failure

Code scanning / CodeQL

Reflected cross-site scripting High

Cross-site scripting vulnerability due to a
user-provided value
.
// Cross-Site Scripting (XSS)
app.get('/greet', (req, res) => {
const name = req.query.name;
res.send(`<h1>Hello, ${name}</h1>`);

Check failure

Code scanning / CodeQL

Reflected cross-site scripting High

Cross-site scripting vulnerability due to a
user-provided value
.
// Insecure JWT Handling
app.post('/login', (req, res) => {
const user = { id: 1, username: req.body.username };
const token = jwt.sign(user, 'secretkey'); // Weak secret

Check failure

Code scanning / CodeQL

Hard-coded credentials Critical

The hard-coded value "secretkey" is used as
jwt key
.
Comment on lines +35 to +44
app.get('/read-file', (req, res) => {
const filename = req.query.filename;
fs.readFile(`/var/data/${filename}`, 'utf8', (err, data) => {
if (err) {
res.status(500).send('File read error');
return;
}
res.send(`File content: ${data}`);
});
});

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a file system access
, but is not rate-limited.
// Unsafe File Operations
app.get('/read-file', (req, res) => {
const filename = req.query.filename;
fs.readFile(`/var/data/${filename}`, 'utf8', (err, data) => {

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
.
app.post('/execute', (req, res) => {
const code = req.body.code;
try {
const result = vm.runInNewContext(code, {});

Check failure

Code scanning / CodeQL

Code injection Critical

This code execution depends on a
user-provided value
.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant