Welcome to the Code Scanning JavaScript Tutorial! This tutorial will take you through how to set up GitHub Advanced Security: Code Scanning the Pull Request. We will introduce a vulnerability CVE-2018-20835 (aka Zip Slip) in a Pull Request.
- Duplicate this repository into your GitHub Organization
- Enable GitHub Advanced Security
- Configure the CodeQL Code Scanning workflow
- Complete a CodeQL scan for the main branch
- Edit Line 264 of
index.js
and commit this to a new branch
OLD: var srcpath = path.join(cwd, path.join('/', header.linkname))
NEW: var srcpath = path.resolve(cwd, header.linkname)
- Create a Pull Request to
main
from the new branch - Allow CodeQL scan to complete for the PR