Merge pull request #8 from shiftleft-chuck/ReIntroduce_XSS

Update ImageLookup.js

Author: shiftleft-chuck

src/Controllers/ImageLookup.js

@@ -7,9 +7,22 @@ class ImageLookup {
     /* Can read any file in the server by passing the filename (image) in the query params */
     /* ex: http GET http://localhost:8089/api/v1/image-lookup image=="package.json" */
     const fileContent = fs.readFileSync(req.query.image).toString();
-    string sanitizedString = sanitizeString(fileContent)
-    logger.debug(sanitizedString);
-//    logger.debug(fileContent);
+
+    // **************************************************
+    // ************************************************** Vulnerable Code Block *****
+    
+    logger.debug(fileContent);
+    
+    // **************************************************
+    
+    // ************************************************** Remediated Code Block *****
+    
+//    string sanitizedStr = sanitizeString(fileContent)
+//    fileContent = sanitizedStr;
+//    logger.debug(sanitizedStr);
+    
+    // **************************************************
+    
     res.send(fileContent);
   }