ajinabraham.njsscan.security_electron.electron_allow_http

profile photo of ajinabrahamajinabraham
Author
1,129
Download Count*
GPLv3
License

Application can load content over HTTP and that makes the app vulnerable to Man in the middle attacks.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: electron_allow_http
    patterns:
      - pattern-either:
          - pattern: >
              new BrowserWindow({webPreferences: {allowRunningInsecureContent:
              true}})
          - pattern: |
              var $X = {webPreferences: {allowRunningInsecureContent: true}};
    message: Application can load content over HTTP and that makes the app
      vulnerable to Man in the middle attacks.
    languages:
      - javascript
    severity: ERROR
    metadata:
      owasp-web: a6
      cwe: cwe-319
      license: LGPL-3.0-or-later