ajinabraham.njsscan.buffer_noassert.buffer_noassert
ajinabrahamAuthor
1,129
Download Count*
License
Detected usage of noassert in Buffer API, which allows the offset the be beyond the end of the buffer. This could result in writing or reading beyond the end of the buffer.
Run Locally
Run in CI
Defintion
rules:
- id: buffer_noassert
pattern-either:
- pattern: $OBJ.readUInt8(..., true)
- pattern: $OBJ.readUInt16LE(..., true)
- pattern: $OBJ.readUInt16BE(..., true)
- pattern: $OBJ.readUInt32LE(..., true)
- pattern: $OBJ.readUInt32BE(..., true)
- pattern: $OBJ.readInt8(..., true)
- pattern: $OBJ.readInt16LE(..., true)
- pattern: $OBJ.readInt16BE(..., true)
- pattern: $OBJ.readInt32LE(..., true)
- pattern: $OBJ.readInt32BE(..., true)
- pattern: $OBJ.readFloatLE(..., true)
- pattern: $OBJ.readFloatBE(..., true)
- pattern: $OBJ.readDoubleLE(..., true)
- pattern: $OBJ.readDoubleBE(..., true)
- pattern: $OBJ.writeUInt8(..., true)
- pattern: $OBJ.writeUInt16LE(..., true)
- pattern: $OBJ.writeUInt16BE(..., true)
- pattern: $OBJ.writeUInt32LE(..., true)
- pattern: $OBJ.writeUInt32BE(..., true)
- pattern: $OBJ.writeInt8(..., true)
- pattern: $OBJ.writeInt16LE(..., true)
- pattern: $OBJ.writeInt16BE(..., true)
- pattern: $OBJ.writeInt32LE(..., true)
- pattern: $OBJ.writeInt32BE(..., true)
- pattern: $OBJ.writeFloatLE(..., true)
- pattern: $OBJ.writeFloatBE(..., true)
- pattern: $OBJ.writeDoubleLE(..., true)
- pattern: $OBJ.writeDoubleBE(..., true)
severity: WARNING
languages:
- javascript
metadata:
owasp-web: a6
cwe: cwe-119
license: LGPL-3.0-or-later
message: Detected usage of noassert in Buffer API, which allows the offset the
be beyond the end of the buffer. This could result in writing or reading
beyond the end of the buffer.
Short Link: https://sg.run/KlYj