contrib.nodejsscan.express_bodyparser_dos.express_bodyparser
returntocorpAuthor
99
Download Count*
License
POST Request to Express Body Parser 'bodyParser()' can create Temporary files and consume space.
Run Locally
Run in CI
Defintion
rules:
- id: express_bodyparser
patterns:
- pattern-inside: $APP = express(); ...
- pattern-inside: |
$APP.use(...);
- pattern: $X.bodyParser(...)
message: POST Request to Express Body Parser 'bodyParser()' can create Temporary
files and consume space.
languages:
- javascript
severity: ERROR
metadata:
owasp: A09:2017 - Using Components with Known Vulnerabilities
cwe: "CWE-400: Uncontrolled Resource Consumption"
category: security
technology:
- node.js
- express
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
Examples
express_bodyparser_dos.js
const express = require('express')
, cors = require('cors')
, bodyParser = require('body-parser');
var app = express();
app.configure(function () {
app.set('port', process.env.PORT || 3000);
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');
app.use(express.favicon());
app.use(express.logger('dev'));
// ruleid:express_bodyparser
app.use(express.bodyParser());
app.use(cors());
});
Short Link: https://sg.run/PJZ3