ajinabraham.njsscan.security_electronjs.electron_experimental_features

1,129

Download Count*

GPLv3

License

Experimental features are not expected to be in production ready applications.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: electron_experimental_features
    patterns:
      - pattern-either:
          - pattern: |
              new BrowserWindow({webPreferences: {experimentalFeatures: true}})
          - pattern: |
              var $X = {webPreferences: {experimentalFeatures: true}};
    message: Experimental features are not expected to be in production ready
      applications.
    languages:
      - javascript
    severity: WARNING
    metadata:
      owasp: "A6: Security Misconfiguration"
      cwe: "CWE-272: Least Privilege Violation"

Short Link: https://sg.run/Lwpn