You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recently, NPM removed a set of OSS libs that contained reverse shell code and read local sys environment vars. Application Inspector can detect the spawn and socket use but only detects environment var writes not reads.
Feature: add detection of environment var reads generally and add a pattern for process.env use for Node specifically.
The text was updated successfully, but these errors were encountered:
* Adds required policheck task to sdl pipeline.
* Enables ability to see Guardian exports for code scans like Policheck
* Minor edit for regional lang scanner and enhancement to environment read/write rule support i.e. #309
* Correction to regex needed. Note rulespacker binaries need updating to align to new verification checks.
Recently, NPM removed a set of OSS libs that contained reverse shell code and read local sys environment vars. Application Inspector can detect the spawn and socket use but only detects environment var writes not reads.
Feature: add detection of environment var reads generally and add a pattern for process.env use for Node specifically.
The text was updated successfully, but these errors were encountered: