contrib.nodejsscan.good_helmet_checks.helmet_header_check_csp

profile photo of returntocorpreturntocorp
Author
99
Download Count*
GPLv3
License

Content Security Policy header is present. More Information: https://helmetjs.github.io/docs/csp/

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: helmet_header_check_csp
    message: "Content Security Policy header is present. More Information:
      https://helmetjs.github.io/docs/csp/"
    languages:
      - javascript
    severity: WARNING
    patterns:
      - pattern-not: |
          $HELMET(..., {contentSecurityPolicy: false}, ...)
      - pattern-either:
          - pattern: |
              helmet({contentSecurityPolicy: {directives: ...}})
          - pattern: |
              helmet.contentSecurityPolicy({directives: ...})
          - pattern: |
              csp({directives: ...})
    metadata:
      category: security
      technology:
        - node.js
        - express
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]