Add Node rule pattern for process.env use #309
Assignees
Labels
enhancement
New feature or request
Comments
guyacosta
added a commit
that referenced
this issue
Oct 27, 2020
* Adds required policheck task to sdl pipeline. * Enables ability to see Guardian exports for code scans like Policheck * Minor edit for regional lang scanner and enhancement to environment read/write rule support i.e. #309 * Correction to regex needed. Note rulespacker binaries need updating to align to new verification checks.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Recently, NPM removed a set of OSS libs that contained reverse shell code and read local sys environment vars. Application Inspector can detect the spawn and socket use but only detects environment var writes not reads.
Feature: add detection of environment var reads generally and add a pattern for process.env use for Node specifically.
The text was updated successfully, but these errors were encountered: