Skip to content

Commit

Permalink
nodejs-insecure-url-parse: add inline require('url')
Browse files Browse the repository at this point in the history
  • Loading branch information
thypon committed Aug 4, 2023
1 parent fe58917 commit 0438f47
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion assets/semgrep_rules/web/nodejs-insecure-url-parse
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,9 @@ rules:
assignees: |
thypon
fmarier
pattern: url.parse(...)
pattern-either:
- pattern: url.parse(...)
- pattern: require('url').parse(...)
message: Avoid using url.parse() as it may cause security issues. Consider using the URL class instead.
languages:
- javascript

0 comments on commit 0438f47

Please sign in to comment.