Update generic-path-traversal.yaml
Prince Chaddha
GitHub
parent
5a98340f2b
commit
9a179323ff
|
|
@ -14,26 +14,8 @@ file:
|
|||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "function \\(\\$REQ, \\$RES, ...\\) {...}"
|
||||
- "function \\$FUNC\\(\\$REQ, \\$RES, ...\\) {...}"
|
||||
- "\\$X = function \\$FUNC\\(\\$REQ, \\$RES, ...\\) {...}"
|
||||
- "var \\$X = function \\$FUNC\\(\\$REQ, \\$RES, ...\\) {...};"
|
||||
- "\\$APP.\\$METHOD\\(..., function \\$FUNC\\(\\$REQ, \\$RES, ...\\) {...}\\)"
|
||||
- "\\$X\\.createReadStream\\(..., <... \\$REQ\\.\\$QUERY\\.\\$VAR ...>, ...\\)"
|
||||
- "\\$X\\.createReadStream\\(..., <... \\$REQ\\.\\$QUERY ...>, ...\\)"
|
||||
- "\\$X\\.readFile\\(..., <... \\$REQ\\.\\$QUERY\\.\\$VAR ...>, ...\\)"
|
||||
- "\\$X\\.readFile\\(..., <... \\$REQ\\.\\$QUERY ...>, ...\\)"
|
||||
- "\\$X\\.readFileSync\\(..., <... \\$REQ\\.\\$QUERY\\.\\$VAR ...>, ...\\)"
|
||||
- "\\$X\\.readFileSync\\(..., <... \\$REQ\\.\\$QUERY ...>, ...\\)"
|
||||
- "\\$X\\.readFileAsync\\(..., <... \\$REQ\\.\\$QUERY\\.\\$VAR ...>, ...\\)"
|
||||
- "\\$X\\.readFileAsync\\(..., <... \\$REQ\\.\\$QUERY ...>, ...\\)"
|
||||
- "\\$INP = <... \\$REQ\\.\\$QUERY\\.\\$VAR ...>\\;"
|
||||
- "\\$X\\.createReadStream\\(..., <... \\$INP ...>, ...\\)"
|
||||
- "\\$INP = <... \\$REQ\\.\\$QUERY ...>\\;"
|
||||
- "\\$X\\.readFile\\(..., <... \\$INP ...>, ...\\)"
|
||||
- "\\$X\\.readFileSync\\(..., <... \\$INP ...>, ...\\)"
|
||||
- "\\$Y = \\$REQ\\.\\$QUERY\\.\\$VAR\\;"
|
||||
- "\\$INP = <... \\$Y ...>\\;"
|
||||
- "\\$Y = \\$REQ\\.\\$QUERY\\;"
|
||||
- "\\$X\\.readFileAsync\\(..., <... \\$INP ...>, ...\\)"
|
||||
- "[^\\.]*\\.createReadStream\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
|
||||
- "[^\\.]*\\.readFile\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
|
||||
- "[^\\.]*\\.readFileSync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
|
||||
- "[^\\.]*\\.readFileAsync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
|
||||
condition: or
|
||||
|
|
|
|||
Loading…
Reference in New Issue