ajinabraham.njsscan.express_bodyparser_dos.express_bodyparser

ajinabraham

Author

1,129

Download Count*

GPLv3

License

POST Request to Express Body Parser 'bodyParser()' can create Temporary files and consume space.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: express_bodyparser
    patterns:
      - pattern-inside: |
          $APP = express()
          ...
      - pattern-inside: |
          $APP.use(...)
      - pattern: $X.bodyParser(...)
    message: POST Request to Express Body Parser 'bodyParser()' can create Temporary
      files and consume space.
    languages:
      - javascript
    severity: ERROR
    metadata:
      owasp-web: a9
      cwe: cwe-400
      license: LGPL-3.0-or-later

Short Link: https://sg.run/x1pj