javascript.lang.security.insecure-object-assign.insecure-object-assign
semgrep
Author
444
Download Count*
License
Depending on the context, user control data in Object.assign
can cause web response to include data that it should not have or can lead to a mass assignment vulnerability.
Run Locally
Run in CI
Defintion
rules:
- id: insecure-object-assign
message: Depending on the context, user control data in `Object.assign` can
cause web response to include data that it should not have or can lead to
a mass assignment vulnerability.
metadata:
cwe:
- "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"
owasp:
- A01:2021 - Broken Access Control
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html
- https://en.wikipedia.org/wiki/Mass_assignment_vulnerability
category: security
technology:
- javascript
subcategory:
- vuln
likelihood: LOW
impact: MEDIUM
confidence: LOW
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Open Redirect
languages:
- javascript
- typescript
severity: WARNING
mode: taint
pattern-sources:
- patterns:
- pattern: JSON.parse(...)
- pattern-not: JSON.parse("...",...)
pattern-sinks:
- pattern: Object.assign(...)
Examples
insecure-object-assign.js
function test1(untrustedInput) {
// ruleid: insecure-object-assign
let data = Object.assign(systemData, JSON.parse(untrustedInput))
return doSmthWith(data)
}
function test2(untrustedInput) {
const jsonData = JSON.parse(untrustedInput)
// ruleid: insecure-object-assign
let data = Object.assign(systemData, {foo: true}, jsonData)
return doSmthWith(data)
}
function okTest1() {
const jsonData = JSON.parse('{"one": 1}')
// ok: insecure-object-assign
let data = Object.assign(systemData, {foo: true}, jsonData)
return doSmthWith(data)
}
function okTest2() {
const input = '{"one": 1}'
const jsonData = JSON.parse(input)
// ok: insecure-object-assign
let data = Object.assign(systemData, {foo: true}, jsonData)
return doSmthWith(data)
}
Short Link: https://sg.run/2R0D