gitlab.eslint.detect-non-literal-require
178
Download Count*
License
Detected the use of require(variable). Calling require with a non-literal argument might allow an attacker to load an run arbitrary code, or access arbitrary files.
Run Locally
Run in CI
Defintion
rules:
- id: eslint.detect-non-literal-require
metadata:
cwe: "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated
Code ('Eval Injection')"
owasp: "A1: Injection"
source-rule-url: https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-require.js
primary_identifier: eslint.detect-non-literal-require
secondary_identifiers:
- name: ESLint rule ID security/detect-non-literal-require
type: eslint_rule_id
value: security/detect-non-literal-require
license: MIT
message: >
Detected the use of require(variable). Calling require with a non-literal
argument might
allow an attacker to load an run arbitrary code, or access arbitrary files.
patterns:
- pattern: require($OBJ)
- pattern-not: require('...')
severity: WARNING
languages:
- javascript
- typescript
Short Link: https://sg.run/5JJ6