javascript.thenify.security.audit.multiargs-code-execution.multiargs-code-execution
semgrep
Author
5,133
Download Count*
License
Potential arbitrary code execution, piped to eval
Run Locally
Run in CI
Defintion
rules:
- id: multiargs-code-execution
message: Potential arbitrary code execution, piped to eval
metadata:
cwe:
- "CWE-94: Improper Control of Generation of Code ('Code Injection')"
owasp:
- A03:2021 - Injection
category: security
technology:
- thenify
cwe2022-top25: true
subcategory:
- audit
likelihood: LOW
impact: HIGH
confidence: LOW
references:
- https://owasp.org/Top10/A03_2021-Injection
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Code Injection
languages:
- javascript
- typescript
severity: WARNING
patterns:
- pattern-either:
- pattern: |
$THENIFY($FN, {multiArgs: ...},...)
- pattern: |
$OPTS = {multiArgs: ...};
...
$THENIFY($FN,$OPTS,...);
- pattern-not: |
$THENIFY($FN, {multiArgs: false},...)
- pattern-not: |
$OPTS = {multiArgs: false};
...
$THENIFY($FN,$OPTS,...)
- pattern-either:
- pattern-inside: |
$THENIFY = require('thenify');
...
- pattern-inside: |
import 'thenify';
...
Examples
multiargs-code-execution.js
var thenify = require('thenify');
function bad1() {
// ruleid: multiargs-code-execution
var promise = thenify(function (callback) {
callback(null, 1, 2, 3);
}, { multiArgs: [ 'one', 'tow', 'three' ] });
}
function bad2() {
// ruleid: multiargs-code-execution
var params = { multiArgs: [ 'one', 'tow', 'three' ] };
var promise = thenify(function (callback) {
callback(null, 1, 2, 3);
}, params);
}
function ok1() {
// ok: multiargs-code-execution
var promise = thenify(function (callback) {
callback(null, 1, 2, 3);
}, { multiArgs: false });
}
function ok2() {
// ok: multiargs-code-execution
var params = { multiArgs: false };
var promise = thenify(function (callback) {
callback(null, 1, 2, 3);
}, params);
}
Short Link: https://sg.run/BkER