|
1 | 1 | // Test file with various vulnerabilities |
2 | 2 |
|
3 | | -// CRITICAL: Eval execution |
| 3 | +// CRITICAL EXECUTION VULNERABILITIES |
| 4 | +// CWE-95: Eval injection |
4 | 5 | eval('console.log("hello")'); |
5 | 6 |
|
6 | | -// CRITICAL: Command injection |
| 7 | +// CWE-77: Command injection |
7 | 8 | const exec = require('child_process').exec; |
8 | 9 | exec('ls -la'); |
9 | 10 |
|
10 | | -// HIGH: XSS vulnerability |
| 11 | +// CWE-502: Unsafe deserialization |
| 12 | +const userData = JSON.parse(userInput); |
| 13 | +const obj = unserialize(userInput); |
| 14 | + |
| 15 | +// INJECTION VULNERABILITIES |
| 16 | +// CWE-79: XSS vulnerability |
11 | 17 | document.innerHTML = userInput; |
12 | 18 |
|
13 | | -// MEDIUM: Memory leak potential |
14 | | -setInterval(() => { |
15 | | - // Some operation |
16 | | -}, 1000); |
| 19 | +// CWE-89: SQL injection |
| 20 | +const query = "SELECT * FROM users WHERE id = " + userId; |
| 21 | + |
| 22 | +// CWE-943: NoSQL injection |
| 23 | +db.users.find({ $where: "this.password === '" + userInput + "'" }); |
| 24 | +collection.find({ username: { $regex: userInput } }); |
17 | 25 |
|
18 | | -// Test credentials |
| 26 | +// AUTHENTICATION & CREDENTIALS |
| 27 | +// CWE-798: Hardcoded credentials |
19 | 28 | const password = "supersecret123"; |
20 | 29 | const apiKey = "abcd1234"; |
21 | 30 |
|
22 | | -// SQL query |
23 | | -const query = "SELECT * FROM users WHERE id = " + userId; |
| 31 | +// CWE-916: Weak password hashing |
| 32 | +const passwordHash = crypto.createHash('md5').update(password).digest('hex'); |
| 33 | +bcrypt.hash(password, 10); // Work factor too low |
| 34 | + |
| 35 | +// ACCESS CONTROL |
| 36 | +// CWE-639: Insecure Direct Object Reference |
| 37 | +const userId = req.params.userId; |
| 38 | +const documentId = req.query.docId; |
| 39 | + |
| 40 | +// CRYPTOGRAPHIC ISSUES |
| 41 | +// CWE-326: Weak cryptography |
| 42 | +const dataHash = crypto.createHash('sha1').update(data).digest('hex'); |
| 43 | + |
| 44 | +// ERROR HANDLING |
| 45 | +// CWE-209: Sensitive error info |
| 46 | +try { |
| 47 | + // Some operation that might throw |
| 48 | + processUserData(userData); |
| 49 | +} catch (err) { |
| 50 | + console.error(err); |
| 51 | + res.json({ error: err.message }); |
| 52 | +} |
| 53 | + |
| 54 | +// MEMORY & RESOURCE ISSUES |
| 55 | +// CWE-401: Memory leak |
| 56 | +setInterval(() => { |
| 57 | + // Some operation |
| 58 | +}, 1000); |
| 59 | + |
| 60 | +// CWE-23: Path traversal |
| 61 | +const filePath = "../" + userInput; |
| 62 | +const file = "../../" + fileName; |
| 63 | + |
| 64 | +// CWE-601: Open redirect |
| 65 | +res.redirect(req.query.returnUrl); |
| 66 | +window.location = userInput; |
| 67 | + |
| 68 | +// NEW VULNERABILITIES |
| 69 | + |
| 70 | +// CWE-918: Server-Side Request Forgery (SSRF) |
| 71 | +// Making HTTP requests with user-supplied URLs |
| 72 | +axios.get(req.query.url); |
| 73 | +fetch(req.body.endpoint); |
| 74 | +request(req.params.target); |
| 75 | + |
| 76 | +// CWE-384: Session Fixation |
| 77 | +// Setting session ID from user input |
| 78 | +req.session.id = req.query.sessionId; |
| 79 | +session.id = req.body.session; |
0 commit comments