yaml.semgrep.slow-pattern-general-function.slow-pattern-general-func

Author
161
Download Count*
License
Using patterns like function (...) {...}
is too general it will probably slow down the rule performance.
Run Locally
Run in CI
Defintion
rules:
- id: slow-pattern-general-func
languages:
- yaml
message: Using patterns like `function (...) {...}` is too general it will
probably slow down the rule performance.
patterns:
- pattern-either:
- pattern-inside: |
pattern-inside: $X
- pattern-inside: |
pattern-not-inside: $X
- pattern-inside: |
pattern: $X
- pattern-inside: |
pattern-not: $X
- pattern-regex: function[^{]*{[\s\n]*\.\.\.[\s\n]*}
- pattern-either:
- pattern-inside: |
languages: [...,"javascript",...]
...
- pattern-inside: |
languages: [...,"typescript",...]
...
severity: WARNING
metadata:
category: performance
technology:
- semgrep
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
Examples
slow-pattern-general-function.test.yaml
rules:
- id: express-sandbox-code-injection
message: >-
Make sure that unverified user data can not reach `sandbox`.
severity: ERROR
languages: [javascript]
metadata:
owasp: "A01:2017 - Injection"
cwe: "CWE-94: Improper Control of Generation of Code ('Code Injection')"
patterns:
- pattern-either:
- pattern-inside: |
# ruleid: slow-pattern-general-func
function ($REQ, $RES, ...) {
...
}
# ruleid: slow-pattern-general-func
- pattern-inside: function $FUNC($REQ, $RES, ...) {...}
# ruleid: slow-pattern-general-func
- pattern-inside: $X = function $FUNC($REQ, $RES, ...) {...}
- pattern-either:
- pattern: |
$S = new $SANDBOX(...);
...
$S.run(<... $REQ.$QUERY.$FOO ...>,...);
Short Link: https://sg.run/Al26