codeql/javascript/ql/test/query-tests/Security/CWE-730/Threat-models-enabled/RegExpInjection.js at 3f9061abdbb20c1a42da631ddc9e90924db6b290 · Napalys/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
var express = require('express');
var app = express();

app.get('/test-environment', function(req, res) {
  // Environment variables should be detected when "environment" threat model is enabled
  new RegExp(`^${process.env.HOME}/Foo/bar.app$`); // $ Alert[js/regex-injection]

  new RegExp(`^${process.env.PATH}/bin$`); // $ Alert[js/regex-injection]

  var envVar = process.env.NODE_ENV; // $ Source[js/regex-injection]
  new RegExp(envVar); // $ Alert[js/regex-injection]

  // Command line arguments should still be detected
  new RegExp(`^${process.argv[1]}/Foo/bar.app$`); // $ Alert[js/regex-injection]

  var argv = process.argv[2]; // $ Source[js/regex-injection]
  new RegExp(argv); // $ Alert[js/regex-injection]

  // Regular user input should still be detected
  var userInput = req.param("input"); // $ Source[js/regex-injection]
  new RegExp(userInput); // $ Alert[js/regex-injection]
});