eslint-community/eslint-plugin-security

A more relevant "detect-object-injection"

Open

#21 aperta il 30 ago 2017

Vedi su GitHub
 (20 commenti) (12 reazioni) (0 assegnatari)JavaScript (131 fork)batch import
help wanted

Metriche repository

Star
 (2074 star)
Metriche merge PR
 (Merge medio 2g 18h) (4 PR mergiate in 30 g)

Descrizione

Is there any way that we can work towards a more helpful/relevant report of Object injection sinks?

I can't think of a relevant security use case where Object injection would be relevant outside of the scope of a function directly linked to a web service.

I can understand based on tree traversal that determining the difference in between functions that are used in response to direct network calls would be [near] impossible to determine, but if I use bracket notation at the top level of my module, likely this rule should not notify.

Guida contributor