eslint-community/eslint-plugin-security
View on GitHubA more relevant "detect-object-injection"
Open
#21 opened on Aug 30, 2017
help wanted
Repository metrics
- Stars
- (2,074 stars)
- PR merge metrics
- (Avg merge 2d 18h) (4 merged PRs in 30d)
Description
Is there any way that we can work towards a more helpful/relevant report of Object injection sinks?
I can't think of a relevant security use case where Object injection would be relevant outside of the scope of a function directly linked to a web service.
I can understand based on tree traversal that determining the difference in between functions that are used in response to direct network calls would be [near] impossible to determine, but if I use bracket notation at the top level of my module, likely this rule should not notify.