juice-shop
A ruleset of javascript and typescript rules made for OWASP Juice Shop.
Run Locally
Rules (3)
Semgrep found a match
User data from `$USERDATA` is being compiled into the template, which can lead to a Server Side Template Injection (SSTI) vulnerability.
Putting request data into a mongo query can leadto a NoSQL Injection. Be sure to properly sanitize thedata if you absolutely must pass request data into a query.