gitlab.eslint.detect-eval-with-expression

178

Download Count*

MIT

License

Detected eval(variable), which could allow a malicious actor to run arbitrary code.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: eslint.detect-eval-with-expression
    metadata:
      cwe: "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated
        Code ('Eval Injection')"
      owasp: "A1: Injection"
      source-rule-url: https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-eval-with-expression.js
      primary_identifier: eslint.detect-eval-with-expression
      secondary_identifiers:
        - name: ESLint rule ID security/detect-eval-with-expression
          type: eslint_rule_id
          value: security/detect-eval-with-expression
      license: MIT
    message: >
      Detected eval(variable), which could allow a malicious actor to run
      arbitrary code.
    patterns:
      - pattern: eval($OBJ)
      - pattern-not: eval("...")
    severity: WARNING
    languages:
      - javascript
      - typescript

Short Link: https://sg.run/ZeD4