From 0438f4740645e0aa9a3483236b81c68257b97107 Mon Sep 17 00:00:00 2001 From: Andrea Brancaleoni Date: Fri, 4 Aug 2023 14:10:51 +0200 Subject: [PATCH] nodejs-insecure-url-parse: add inline require('url') --- assets/semgrep_rules/web/nodejs-insecure-url-parse | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/assets/semgrep_rules/web/nodejs-insecure-url-parse b/assets/semgrep_rules/web/nodejs-insecure-url-parse index cef83451..8a3e3ae5 100644 --- a/assets/semgrep_rules/web/nodejs-insecure-url-parse +++ b/assets/semgrep_rules/web/nodejs-insecure-url-parse @@ -6,7 +6,9 @@ rules: assignees: | thypon fmarier - pattern: url.parse(...) + pattern-either: + - pattern: url.parse(...) + - pattern: require('url').parse(...) message: Avoid using url.parse() as it may cause security issues. Consider using the URL class instead. languages: - javascript