ajinabraham.njsscan.eval_vm2_injection.vm2_context_injection
ajinabrahamAuthor
1,129
Download Count*
License
Untrusted user input reaching vm2 sandbox can result in context injection.
Run Locally
Run in CI
Defintion
rules:
- id: vm2_context_injection
patterns:
- pattern-inside: |
require('vm2')
...
- pattern-either:
- pattern-inside: function ($REQ, $RES, ...) {...}
- pattern-inside: function $FUNC($REQ, $RES, ...) {...}
- pattern-inside: $X = function $FUNC($REQ, $RES, ...) {...}
- pattern-inside: var $X = function $FUNC($REQ, $RES, ...) {...};
- pattern-inside: $APP.$METHOD(..., function $FUNC($REQ, $RES, ...) {...})
- pattern-either:
- pattern: |
new VM({sandbox: <... $REQ.$QUERY.$FOO ...>},...)
- pattern: |
$CONTEXT = <... $REQ.$QUERY.$FOO ...>;
...
new VM({sandbox: <... $CONTEXT ...>},...)
- pattern: |
$CONTEXT = <... {$NAME:$REQ.$QUERY.$FOO} ...>;
...
new VM({sandbox: <... $CONTEXT ...>},...)
- pattern: |
$CONTEXT = {$NAME: <... $REQ.$QUERY.$FOO ...>};
...
new VM({sandbox: <... $CONTEXT ...>},...)
- pattern: |
$VAR = <... $REQ.$QUERY.$FOO ...>;
...
$CONTEXT = {$NAME: <... $VAR ...>};
...
new VM({sandbox: <... $CONTEXT ...>},...)
- pattern: |
$OPTS = {sandbox: <... $REQ.$QUERY.$FOO ...>};
...
new VM($OPTS,...)
- pattern: |
$CONTEXT = <... $REQ.$QUERY.$FOO ...>;
...
$OPTS = {sandbox: <... $CONTEXT ...>};
...
new VM($OPTS,...)
- pattern: |
$CONTEXT = {$NAME: <... $REQ.$QUERY.$FOO ...>};
...
$OPTS = {sandbox: <... $CONTEXT ...>};
...
new VM($OPTS,...)
- pattern: |
$VAR = <... $REQ.$QUERY.$FOO ...>;
...
$CONTEXT = {$NAME: <... $VAR ...>};
...
$OPTS = {sandbox: <... $CONTEXT ...>};
...
new VM($OPTS,...)
- pattern: |
new NodeVM({sandbox: <... $REQ.$QUERY.$FOO ...>},...)
- pattern: |
$CONTEXT = <... $REQ.$QUERY.$FOO ...>;
...
new NodeVM({sandbox: <... $CONTEXT ...>},...)
- pattern: |
$CONTEXT = <... {$NAME:$REQ.$QUERY.$FOO} ...>;
...
new NodeVM({sandbox: <... $CONTEXT ...>},...)
- pattern: |
$CONTEXT = {$NAME: <... $REQ.$QUERY.$FOO ...>};
...
new NodeVM({sandbox: <... $CONTEXT ...>},...)
- pattern: |
$VAR = <... $REQ.$QUERY.$FOO ...>;
...
$CONTEXT = {$NAME: <... $VAR ...>};
...
new NodeVM({sandbox: <... $CONTEXT ...>},...)
- pattern: |
$OPTS = {sandbox: <... $REQ.$QUERY.$FOO ...>};
...
new NodeVM($OPTS,...)
- pattern: |
$CONTEXT = <... $REQ.$QUERY.$FOO ...>;
...
$OPTS = {sandbox: <... $CONTEXT ...>};
...
new NodeVM($OPTS,...)
- pattern: |
$CONTEXT = {$NAME: <... $REQ.$QUERY.$FOO ...>};
...
$OPTS = {sandbox: <... $CONTEXT ...>};
...
new NodeVM($OPTS,...)
- pattern: |
$VAR = <... $REQ.$QUERY.$FOO ...>;
...
$CONTEXT = {$NAME: <... $VAR ...>};
...
$OPTS = {sandbox: <... $CONTEXT ...>};
...
new NodeVM($OPTS,...)
- pattern: |
new VM({sandbox: <... $REQ.$BODY ...>},...)
- pattern: |
$CONTEXT = <... $REQ.$BODY ...>;
...
new VM({sandbox: <... $CONTEXT ...>},...)
- pattern: |
$CONTEXT = <... {$NAME:$REQ.$BODY} ...>;
...
new VM({sandbox: <... $CONTEXT ...>},...)
- pattern: |
$CONTEXT = {$NAME: <... $REQ.$BODY ...>};
...
new VM({sandbox: <... $CONTEXT ...>},...)
- pattern: |
$VAR = <... $REQ.$BODY ...>;
...
$CONTEXT = {$NAME: <... $VAR ...>};
...
new VM({sandbox: <... $CONTEXT ...>},...)
- pattern: |
$OPTS = {sandbox: <... $REQ.$BODY ...>};
...
new VM($OPTS,...)
- pattern: |
$CONTEXT = <... $REQ.$BODY ...>;
...
$OPTS = {sandbox: <... $CONTEXT ...>};
...
new VM($OPTS,...)
- pattern: |
$CONTEXT = {$NAME: <... $REQ.$BODY ...>};
...
$OPTS = {sandbox: <... $CONTEXT ...>};
...
new VM($OPTS,...)
- pattern: |
$VAR = <... $REQ.$BODY ...>;
...
$CONTEXT = {$NAME: <... $VAR ...>};
...
$OPTS = {sandbox: <... $CONTEXT ...>};
...
new VM($OPTS,...)
- pattern: |
new NodeVM({sandbox: <... $REQ.$BODY ...>},...)
- pattern: |
$CONTEXT = <... $REQ.$BODY ...>;
...
new NodeVM({sandbox: <... $CONTEXT ...>},...)
- pattern: |
$CONTEXT = <... {$NAME:$REQ.$BODY} ...>;
...
new NodeVM({sandbox: <... $CONTEXT ...>},...)
- pattern: |
$CONTEXT = {$NAME: <... $REQ.$BODY ...>};
...
new NodeVM({sandbox: <... $CONTEXT ...>},...)
- pattern: |
$VAR = <... $REQ.$BODY ...>;
...
$CONTEXT = {$NAME: <... $VAR ...>};
...
new NodeVM({sandbox: <... $CONTEXT ...>},...)
- pattern: |
$OPTS = {sandbox: <... $REQ.$BODY ...>};
...
new NodeVM($OPTS,...)
- pattern: |
$CONTEXT = <... $REQ.$BODY ...>;
...
$OPTS = {sandbox: <... $CONTEXT ...>};
...
new NodeVM($OPTS,...)
- pattern: |
$CONTEXT = {$NAME: <... $REQ.$BODY ...>};
...
$OPTS = {sandbox: <... $CONTEXT ...>};
...
new NodeVM($OPTS,...)
- pattern: |-
$VAR = <... $REQ.$BODY ...>;
...
$CONTEXT = {$NAME: <... $VAR ...>};
...
$OPTS = {sandbox: <... $CONTEXT ...>};
...
new NodeVM($OPTS,...)
message: Untrusted user input reaching `vm2` sandbox can result in context
injection.
severity: ERROR
languages:
- javascript
metadata:
owasp-web: a1
cwe: cwe-94
license: LGPL-3.0-or-later
Short Link: https://sg.run/5Qzk