gitlab.eslint.detect-buffer-noassert

178
Download Count*
MIT
License

Detected usage of noassert in Buffer API, which allows the offset the be beyond the end of the buffer. This could result in writing or reading beyond the end of the buffer.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: eslint.detect-buffer-noassert
    metadata:
      cwe: "CWE-119: Improper Restriction of Operations within the Bounds of a Memory
        Buffer"
      source-rule-url: https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-buffer-noassert.js
      primary_identifier: eslint.detect-buffer-noassert
      secondary_identifiers:
        - name: ESLint rule ID security/detect-buffer-noassert
          type: eslint_rule_id
          value: security/detect-buffer-noassert
      license: MIT
    message: >
      Detected usage of noassert in Buffer API, which allows the offset the be
      beyond the

      end of the buffer. This could result in writing or reading beyond the end of the buffer.
    pattern-either:
      - pattern: $OBJ.readUInt8(..., true)
      - pattern: $OBJ.readUInt16LE(..., true)
      - pattern: $OBJ.readUInt16BE(..., true)
      - pattern: $OBJ.readUInt32LE(..., true)
      - pattern: $OBJ.readUInt32BE(..., true)
      - pattern: $OBJ.readInt8(..., true)
      - pattern: $OBJ.readInt16LE(..., true)
      - pattern: $OBJ.readInt16BE(..., true)
      - pattern: $OBJ.readInt32LE(..., true)
      - pattern: $OBJ.readInt32BE(..., true)
      - pattern: $OBJ.readFloatLE(..., true)
      - pattern: $OBJ.readFloatBE(..., true)
      - pattern: $OBJ.readDoubleLE(..., true)
      - pattern: $OBJ.readDoubleBE(..., true)
      - pattern: $OBJ.writeUInt8(..., true)
      - pattern: $OBJ.writeUInt16LE(..., true)
      - pattern: $OBJ.writeUInt16BE(..., true)
      - pattern: $OBJ.writeUInt32LE(..., true)
      - pattern: $OBJ.writeUInt32BE(..., true)
      - pattern: $OBJ.writeInt8(..., true)
      - pattern: $OBJ.writeInt16LE(..., true)
      - pattern: $OBJ.writeInt16BE(..., true)
      - pattern: $OBJ.writeInt32LE(..., true)
      - pattern: $OBJ.writeInt32BE(..., true)
      - pattern: $OBJ.writeFloatLE(..., true)
      - pattern: $OBJ.writeFloatBE(..., true)
      - pattern: $OBJ.writeDoubleLE(..., true)
      - pattern: $OBJ.writeDoubleBE(..., true)
    severity: WARNING
    languages:
      - javascript
      - typescript