ajinabraham.njsscan.security_electron.electron_nodejs_integration

ajinabraham

Author

1,129

Download Count*

License

Node integration exposes node.js APIs to the electron app and this can introduce remote code execution vulnerabilities to the application if the app is vulnerable to Cross Site Scripting (XSS).

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: electron_nodejs_integration
    patterns:
      - pattern-either:
          - pattern: |
              new BrowserWindow({webPreferences: {nodeIntegration: true}})
          - pattern: |
              var $X = {webPreferences: {nodeIntegration: true}};
    message: Node integration exposes node.js APIs to the electron app and this can
      introduce remote code execution vulnerabilities to the application if the
      app is vulnerable to Cross Site Scripting (XSS).
    languages:
      - javascript
    severity: WARNING
    metadata:
      owasp-web: a6
      cwe: cwe-272
      license: LGPL-3.0-or-later

Short Link: https://sg.run/8ngg