ajinabraham.njsscan.electronjs.security_electron.electron_allow_http

ajinabraham

Author

unknown

Download Count*

GPLv3

License

Application can load content over HTTP and that makes the app vulnerable to Man in the middle attacks.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: electron_allow_http
    patterns:
      - pattern-either:
          - pattern: >
              new BrowserWindow({webPreferences: {allowRunningInsecureContent:
              true}})
          - pattern: |
              var $X = {webPreferences: {allowRunningInsecureContent: true}};
    message: Application can load content over HTTP and that makes the app
      vulnerable to Man in the middle attacks.
    languages:
      - javascript
    severity: ERROR
    metadata:
      owasp-web: a6
      cwe: cwe-319
      license: LGPL-3.0-or-later
      vulnerability_class:
        - Other

Short Link: https://sg.run/1lKv