javascript.playwright.security.audit.playwright-exposed-chrome-devtools.playwright-exposed-chrome-devtools

profile photo of semgrepsemgrep
Author
3,406
Download Count*

Remote debugging protocol does not perform any authentication, so exposing it too widely can be a security risk.

Run Locally

Run in CI

Defintion

rules:
  - id: playwright-exposed-chrome-devtools
    message: Remote debugging protocol does not perform any authentication, so
      exposing it too widely can be a security risk.
    metadata:
      owasp:
        - A03:2021 - Injection
      cwe:
        - "CWE-94: Improper Control of Generation of Code ('Code Injection')"
      category: security
      technology:
        - playwright
      cwe2022-top25: true
      subcategory:
        - audit
      likelihood: LOW
      impact: LOW
      confidence: LOW
      references:
        - https://owasp.org/Top10/A03_2021-Injection
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Code Injection
    languages:
      - javascript
      - typescript
    severity: WARNING
    patterns:
      - pattern-inside: |
          require('playwright');
          ...
      - pattern-either:
          - pattern-regex: --remote-debugging-address
          - pattern-regex: --remote-debugging-port
          - pattern-regex: --remote-debugging-socket-name
          - pattern-regex: --remote-debugging-targets

Examples

playwright-exposed-chrome-devtools.js

const { chromium } = require('playwright');

(async () => {
  // ruleid:playwright-exposed-chrome-devtools
  const browser = await chromium.launch({args:['--remote-debugging-address=123','--somethin-else']});
  const page = await browser.newPage();
  await page.goto('https://example.com');
  await browser.close();
})();

(async () => {
  var port = 9222;
  // ruleid:playwright-exposed-chrome-devtools
  const browser = await chromium.launch({args:[`--remote-debugging-port=${port}`,'--somethin-else']});
  const page = await browser.newPage();
  await page.goto('https://example.com');
  await browser.close();
})();

(async () => {
  // ok:playwright-exposed-chrome-devtools
  const browser = await chromium.launch({args:['--somethin-else', '--more-examples']});
  const page = await browser.newPage();
  await page.goto('https://example.com');
  await browser.close();
})();