Feature/vulnerable demo #39
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| const serializedData = req.body.data; | ||
| try { | ||
| const deserializedData = JSON.parse(serializedData); | ||
| res.send(`Deserialized data: ${deserializedData}`); |
Check failure
Code scanning / CodeQL
Reflected cross-site scripting High
| // Cross-Site Scripting (XSS) | ||
| app.get('/greet', (req, res) => { | ||
| const name = req.query.name; | ||
| res.send(`<h1>Hello, ${name}</h1>`); |
Check failure
Code scanning / CodeQL
Reflected cross-site scripting High
| // Insecure JWT Handling | ||
| app.post('/login', (req, res) => { | ||
| const user = { id: 1, username: req.body.username }; | ||
| const token = jwt.sign(user, 'secretkey'); // Weak secret |
Check failure
Code scanning / CodeQL
Hard-coded credentials Critical
| app.get('/read-file', (req, res) => { | ||
| const filename = req.query.filename; | ||
| fs.readFile(`/var/data/${filename}`, 'utf8', (err, data) => { | ||
| if (err) { | ||
| res.status(500).send('File read error'); | ||
| return; | ||
| } | ||
| res.send(`File content: ${data}`); | ||
| }); | ||
| }); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
| // Unsafe File Operations | ||
| app.get('/read-file', (req, res) => { | ||
| const filename = req.query.filename; | ||
| fs.readFile(`/var/data/${filename}`, 'utf8', (err, data) => { |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High
| app.post('/execute', (req, res) => { | ||
| const code = req.body.code; | ||
| try { | ||
| const result = vm.runInNewContext(code, {}); |
Check failure
Code scanning / CodeQL
Code injection Critical
No description provided.