From cf60eb7913dbf9d24bbb51a6ef43a473d9cbcfcd Mon Sep 17 00:00:00 2001 From: Alejandro Lagos Date: Tue, 21 Apr 2026 18:13:57 -0500 Subject: [PATCH] essentials-examples\feat(back): #1 example pr - add example pr for baseline flow --- vulnerable_examples/package.json | 3 +++ vulnerable_examples/route.js | 22 ++++++++++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 vulnerable_examples/route.js diff --git a/vulnerable_examples/package.json b/vulnerable_examples/package.json index 8e20159..0e72ec3 100644 --- a/vulnerable_examples/package.json +++ b/vulnerable_examples/package.json @@ -12,6 +12,9 @@ "devDependencies": { "xmldom": "0.4.0" }, + "scripts": { + "goodbye": "echo 'Goodbye'" + }, "license": "MIT", "main": "index.js", "name": "test", diff --git a/vulnerable_examples/route.js b/vulnerable_examples/route.js new file mode 100644 index 0000000..9c39dac --- /dev/null +++ b/vulnerable_examples/route.js @@ -0,0 +1,22 @@ +import { Router } from "express"; +var xpath = require("xpath"); +let fs = require("fs"); +var router = Router(); + +router.get("/test142/", function (req, res) { + + let userData = req.body; + let userName = userData.username; + let password = userData.password; + + fs.readFinding("test", (error, data) => { + + var findUserXPath = `//Employee[UserName/text()='${userName}' and Password/text()='${password}']`; + let result = xpath.select(findUserXPath, doc); + return result; + + }); + +}); + +export default router;