gitlab.eslint.detect-non-literal-require

178
Download Count*
License

Detected the use of require(variable). Calling require with a non-literal argument might allow an attacker to load an run arbitrary code, or access arbitrary files.

Run Locally

Run in CI

Defintion

rules:
  - id: eslint.detect-non-literal-require
    metadata:
      cwe: "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated
        Code ('Eval Injection')"
      owasp: "A1: Injection"
      source-rule-url: https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-require.js
      primary_identifier: eslint.detect-non-literal-require
      secondary_identifiers:
        - name: ESLint rule ID security/detect-non-literal-require
          type: eslint_rule_id
          value: security/detect-non-literal-require
      license: MIT
    message: >
      Detected the use of require(variable). Calling require with a non-literal
      argument might

      allow an attacker to load an run arbitrary code, or access arbitrary files.
    patterns:
      - pattern: require($OBJ)
      - pattern-not: require('...')
    severity: WARNING
    languages:
      - javascript
      - typescript