TEST PR : DO NOT MERGE by v-rusraut · Pull Request #14532 · Azure/Azure-Sentinel

v-rusraut · 2026-06-22T10:53:21Z

Required items, please complete

Change(s):

See guidance below

Reason for Change(s):

See guidance below

Version Updated:

Required only for Detections/Analytic Rule templates
See guidance below

Testing Completed:

See guidance below

+app.get("/user", (req, res) => {
+  const id = req.query.id;
+  const query = "SELECT * FROM users WHERE id = '" + id + "'"; // CWE-89: SQL Injection
+  connection.query(query, (err, results) => {
+    if (err) {
+      res.status(500).send("Error");
+      return;
+    }
+    res.json(results);
+  });
+});


+app.get("/user", (req, res) => {
+  const id = req.query.id;
+  const query = "SELECT * FROM users WHERE id = '" + id + "'"; // CWE-89: SQL Injection
+  connection.query(query, (err, results) => {


+app.get("/exec", (req, res) => {
+  const { exec } = require("child_process");
+  const cmd = req.query.cmd;
+  exec("ping " + cmd, (err, stdout) => {
+    // CWE-78: OS Command Injection
+    res.send(stdout);
+  });
+});


+app.get("/exec", (req, res) => {
+  const { exec } = require("child_process");
+  const cmd = req.query.cmd;
+  exec("ping " + cmd, (err, stdout) => {


+app.get("/file", (req, res) => {
+  const fs = require("fs");
+  const filePath = req.query.path;
+  fs.readFile(filePath, "utf8", (err, data) => {
+    // CWE-22: Path Traversal
+    res.send(data);
+  });
+});


+app.get("/file", (req, res) => {
+  const fs = require("fs");
+  const filePath = req.query.path;
+  fs.readFile(filePath, "utf8", (err, data) => {


Create Test.js

7ed399d

v-rusraut requested review from a team as code owners June 22, 2026 10:53

Update Test.js

8376a2c

v-atulyadav added the draft label Jun 22, 2026

v-atulyadav self-assigned this Jun 22, 2026

v-atulyadav marked this pull request as draft June 22, 2026 11:22

changed the file path

2757d5d

github-advanced-security AI found potential problems Jun 22, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TEST PR : DO NOT MERGE#14532

TEST PR : DO NOT MERGE#14532
v-rusraut wants to merge 3 commits into
masterfrom
v-rusraut/codeqltest

v-rusraut commented Jun 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

v-rusraut commented Jun 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants