yaml.semgrep.slow-pattern-general-property.slow-pattern-general-property
returntocorpAuthor
161
Download Count*
License
Using patterns like $X.$Y may be too general and may slow down the rule performance.
Run Locally
Run in CI
Defintion
rules:
- id: slow-pattern-general-property
languages:
- yaml
message: Using patterns like `$X.$Y` may be too general and may slow down the
rule performance.
patterns:
- pattern-either:
- pattern-inside: |
pattern-inside: $X
- pattern-inside: |
pattern-not-inside: $X
- pattern-inside: |
pattern: $X
- pattern-inside: |
pattern-not: $X
- pattern-regex: \$[A-Z]*\.\$[A-Z]*
severity: WARNING
metadata:
category: performance
technology:
- semgrep
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
Examples
slow-pattern-general-property.test.yaml
rules:
- id: express-sandbox-code-injection
message: >-
Make sure that unverified user data can not reach `sandbox`.
severity: ERROR
languages: [javascript]
metadata:
owasp: "A01:2017 - Injection"
cwe: "CWE-94: Improper Control of Generation of Code ('Code Injection')"
patterns:
- pattern-inside: |
...
$SANDBOX = require('sandbox');
...
- pattern-either:
# ok: slow-pattern-general-property
- pattern-inside: function ($REQ, $RES, ...) {...}
# ok: slow-pattern-general-property
- pattern-inside: function $FUNC($REQ, $RES, ...) {...}
# ok: slow-pattern-general-property
- pattern-inside: $X = function $FUNC($REQ, $RES, ...) {...}
# ok: slow-pattern-general-property
- pattern-inside: var $X = function $FUNC($REQ, $RES, ...) {...};
# ruleid: slow-pattern-general-property
- pattern-inside: $APP.$METHOD(..., function $FUNC($REQ, $RES, ...) {...})
- pattern-either:
# ruleid: slow-pattern-general-property
- pattern: $S.run(<... $REQ.$QUERY.$FOO ...>,...);
Short Link: https://sg.run/B4X9