javascript.puppeteer.security.audit.puppeteer-exposed-chrome-devtools.puppeteer-exposed-chrome-devtools

semgrep

Author

3,406

Download Count*

LGPL Commons Clause

License

Remote debugging protocol does not perform any authentication, so exposing it too widely can be a security risk.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: puppeteer-exposed-chrome-devtools
    message: Remote debugging protocol does not perform any authentication, so
      exposing it too widely can be a security risk.
    metadata:
      owasp:
        - A03:2021 - Injection
      cwe:
        - "CWE-94: Improper Control of Generation of Code ('Code Injection')"
      category: security
      technology:
        - puppeteer
      cwe2022-top25: true
      subcategory:
        - audit
      likelihood: LOW
      impact: LOW
      confidence: LOW
      references:
        - https://owasp.org/Top10/A03_2021-Injection
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Code Injection
    languages:
      - javascript
      - typescript
    severity: WARNING
    patterns:
      - pattern-inside: |
          require('puppeteer');
          ...
      - pattern-either:
          - pattern-regex: --remote-debugging-address
          - pattern-regex: --remote-debugging-port
          - pattern-regex: --remote-debugging-socket-name
          - pattern-regex: --remote-debugging-targets

Examples

puppeteer-exposed-chrome-devtools.js

const puppeteer = require('puppeteer');

(async () => {
  // ruleid:puppeteer-exposed-chrome-devtools
  const browser = await puppeteer.launch({args:['--remote-debugging-address=123','--somethin-else']});
  const page = await browser.newPage();
  await page.goto('https://example.com');
  await browser.close();
})();

(async () => {
  var port = 9222;
  // ruleid:puppeteer-exposed-chrome-devtools
  const browser = await puppeteer.launch({args:[`--remote-debugging-port=${port}`,'--somethin-else']});
  const page = await browser.newPage();
  await page.goto('https://example.com');
  await browser.close();
})();

(async () => {
  // ok:puppeteer-exposed-chrome-devtools
  const browser = await puppeteer.launch({args:['--somethin-else', '--more-examples']});
  const page = await browser.newPage();
  await page.goto('https://example.com');
  await browser.close();
})();

Short Link: https://sg.run/3xEW