There is a single pattern instance and it is not having a vulnerability. The expectation in that json file should be fixed. However, other changes could be proposed.
Proposed changes
The obstacle code seems to focus on a variable comparison where one of the variable a is attacker-controlled and b is a constant. However, this variable is strictly constrained to the constant when the dangerous operation is applied:
if(a === b){
//no vulnerability
res.write(a);
}
Multiple instances could then be created:
considering either == or ===
make the write targeting either the constrained attacker-controlled variable a or a different totally unconstrained attacker-controlled variable
Testability pattern
JS pattern 48. It has only one instance.
Problem statement
There is a single pattern instance and it is not having a vulnerability. The
expectation
in that json file should be fixed. However, other changes could be proposed.Proposed changes
The obstacle code seems to focus on a variable comparison where one of the variable
a
is attacker-controlled andb
is a constant. However, this variable is strictly constrained to the constant when the dangerous operation is applied:Multiple instances could then be created:
==
or===
write
targeting either the constrained attacker-controlled variablea
or a different totally unconstrained attacker-controlled variableOther