Skip to content

Demo-Proj-Org/Code-Scan-Repo-Js

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

152 Commits
.github/workflows
.github/workflows
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

Code Scanning JavaScript Tutorial

Welcome to the Code Scanning JavaScript Tutorial! This tutorial will take you through how to set up GitHub Advanced Security: Code Scanning the Pull Request. We will introduce a vulnerability CVE-2018-20835 (aka Zip Slip) in a Pull Request.

Procedure

  1. Duplicate this repository into your GitHub Organization
  2. Enable GitHub Advanced Security
  3. Configure the CodeQL Code Scanning workflow
  4. Complete a CodeQL scan for the main branch
  5. Edit Line 264 of index.js and commit this to a new branch

OLD: var srcpath = path.join(cwd, path.join('/', header.linkname))

NEW: var srcpath = path.resolve(cwd, header.linkname)

  1. Create a Pull Request to main from the new branch
  2. Allow CodeQL scan to complete for the PR

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages