Skip to content

Commit

Permalink
Add a little more info to the url.parse warning
Browse files Browse the repository at this point in the history
It's a bit vague to say "may cause security issues".
  • Loading branch information
bcaller committed Oct 4, 2023
1 parent 2dd111c commit 04e3a24
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion assets/semgrep_rules/services/nodejs-insecure-url-parse.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,13 @@ rules:
assignees: |
thypon
fmarier
references:
- https://nodejs.org/api/url.html#urlparseurlstring-parsequerystring-slashesdenotehost
- https://nodejs.org/api/url.html#the-whatwg-url-api
pattern-either:
- pattern: url.parse(...)
- pattern: require('url').parse(...)
message: Avoid using url.parse() as it may cause security issues. Consider using the URL class instead.
message: Avoid using url.parse() as it is prone to security issues such as hostname spoofing. Use the URL class instead.
severity: ERROR
languages:
- javascript

0 comments on commit 04e3a24

Please sign in to comment.