javascript.ajv.security.audit.ajv-allerrors-true.ajv-allerrors-true
semgrep
Author
unknown
Download Count*
License
By setting allErrors: true
in Ajv
library, all error objects will be allocated without limit. This allows the attacker to produce a huge number of errors which can lead to denial of service. Do not use allErrors: true
in production.
Run Locally
Run in CI
Defintion
rules:
- id: ajv-allerrors-true
message: "By setting `allErrors: true` in `Ajv` library, all error objects will
be allocated without limit. This allows the attacker to produce a huge
number of errors which can lead to denial of service. Do not use
`allErrors: true` in production."
metadata:
cwe:
- "CWE-400: Uncontrolled Resource Consumption"
category: security
technology:
- ajv
references:
- https://ajv.js.org/options.html#allerrors
cwe2022-top25: true
subcategory:
- audit
likelihood: LOW
impact: LOW
confidence: LOW
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Denial-of-Service (DoS)
languages:
- javascript
- typescript
severity: WARNING
pattern-either:
- pattern: |
new Ajv({...,allErrors: true,...},...)
- patterns:
- pattern: |
new Ajv($SETTINGS,...)
- pattern-inside: |
$SETTINGS = {...,allErrors: true,...}
...
Examples
ajv-allerrors-true.js
import express from 'express';
import Ajv from 'ajv';
function test1() {
const settings = { allErrors: true, smth: 'else' }
// ruleid: ajv-allerrors-true
const ajv1 = new Ajv(settings);
return ajv1
}
function test2() {
// ruleid: ajv-allerrors-true
var ajv = new Ajv({ allErrors: true, smth: 'else' });
ajv.addSchema(schema, 'input');
}
function test3() {
// ruleid: ajv-allerrors-true
var ajv = new Ajv({ smth: 'else', allErrors: true });
ajv.addSchema(schema, 'input');
}
function test4() {
// ruleid: ajv-allerrors-true
var ajv = new Ajv({ smth: 'else', smth: 'else', allErrors: true, smth: 'else' });
ajv.addSchema(schema, 'input');
}
function okTest1() {
// ok: ajv-allerrors-true
let ajv = new Ajv({ allErrors: process.env.DEBUG });
ajv.addSchema(schema, 'input');
}
function okTest2() {
// ok: ajv-allerrors-true
var ajv = new Ajv({ smth: 'else', allErrors: false });
ajv.addSchema(schema, 'input');
}
Short Link: https://sg.run/d2jY