Skip to content

Commit

Permalink
fix(JS rules): make express eval rule stricter (#714)
Browse files Browse the repository at this point in the history 
fix: make express eval rule stricter
  • Loading branch information
@elsapet
elsapet committed Mar 3, 2023
1 parent 7658ca0 commit 383492f
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions pkg/commands/process/settings/rules/javascript/express/eval_user_input.yml
View file
@@ -1,21 +1,21 @@
patterns:
- pattern: |
eval($<...>$<USER_INPUT>$<...>)
eval($<USER_INPUT>)
filters:
- variable: USER_INPUT
detection: javascript_express_eval_user_input_user_input
- pattern: |
new Function($<...>$<USER_INPUT>$<...>)
new Function($<USER_INPUT>)
filters:
- variable: USER_INPUT
detection: javascript_express_eval_user_input_user_input
- pattern: |
setTimeout($<...>$<USER_INPUT>$<...>)
setTimeout($<USER_INPUT>)
filters:
- variable: USER_INPUT
detection: javascript_express_eval_user_input_user_input
- pattern: |
setInterval($<...>$<USER_INPUT>$<...>)
setInterval($<USER_INPUT>)
filters:
- variable: USER_INPUT
detection: javascript_express_eval_user_input_user_input
Expand Down

0 comments on commit 383492f

Please sign in to comment.