contrib.nodejsscan.security_electronjs.electron_blink_integration

returntocorp

Author

Download Count*

License

Blink's experimental features are enabled in this application. Some of the features may affect the security of the application.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: electron_blink_integration
    patterns:
      - pattern-either:
          - pattern: |
              new BrowserWindow({webPreferences: {enableBlinkFeatures: '...'}});
          - pattern: |
              var $X = {webPreferences: {enableBlinkFeatures: '...'}};
    message: Blink's experimental features are enabled in this application. Some of
      the features may affect the security of the application.
    languages:
      - javascript
    severity: WARNING
    metadata:
      owasp: A06:2017 - Security Misconfiguration
      cwe: "CWE-272: Least Privilege Violation"
      category: security
      technology:
        - electron
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Short Link: https://sg.run/W8nZ