gitlab.eslint.detect-non-literal-require

178

Download Count*

License

Detected the use of require(variable). Calling require with a non-literal argument might allow an attacker to load an run arbitrary code, or access arbitrary files.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: eslint.detect-non-literal-require
    metadata:
      cwe: "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated
        Code ('Eval Injection')"
      owasp: "A1: Injection"
      source-rule-url: https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-require.js
      primary_identifier: eslint.detect-non-literal-require
      secondary_identifiers:
        - name: ESLint rule ID security/detect-non-literal-require
          type: eslint_rule_id
          value: security/detect-non-literal-require
      license: MIT
    message: >
      Detected the use of require(variable). Calling require with a non-literal
      argument might

      allow an attacker to load an run arbitrary code, or access arbitrary files.
    patterns:
      - pattern: require($OBJ)
      - pattern-not: require('...')
    severity: WARNING
    languages:
      - javascript
      - typescript

Short Link: https://sg.run/5JJ6