rule:ajinabraham.njsscan.regex_dos.regex_dos: Ensure that the regex used to compare with user supplied input is safe from regular expression denial of service. Details: https://sg.run/eLgR
rule:ajinabraham.njsscan.regex_dos.regex_dos: Ensure that the regex used to compare with user supplied input is safe from regular expression denial of service. Details: https://sg.run/eLgR
68: let exp: ExpressionNode | undefined = dir.exp as
69: | SimpleExpressionNode
70: | undefined
71: if (exp && !exp.content.trim()) {
72: exp = undefined
73: }
74: let shouldCache: boolean = context.cacheHandlers && !exp && !context.inVOnce
-------- [hid 69 additional lines, adjust with --max-lines-per-finding] --------
packages/compiler-core/src/validateExpression.ts
rule:ajinabraham.njsscan.eval_node.eval_nodejs: User controlled data in eval() or similar functions may result in Server Side Injection or Remote Code Injection Details: https://sg.run/3x6D
35: const exp = node.content
36:
37: // empty expressions are validated per-directive since some directives
38: // do allow empty expressions.
39: if (!exp.trim()) {
40: return
41: }
42:
43: try {
44: new Function(
-------- [hid 21 additional lines, adjust with --max-lines-per-finding] --------
rule:ajinabraham.njsscan.regex_dos.regex_dos: Ensure that the regex used to compare with user supplied input is safe from regular expression denial of service. Details: https://sg.run/eLgR
149: : false) || dataAriaRE.test(name)
packages/compiler-sfc/__tests__/parse.spec.ts
rule:ajinabraham.njsscan.crypto_node.node_insecure_random_generator: crypto.pseudoRandomBytes()/Math.random() is a cryptographically weak random number generator. Details: https://sg.run/1Zlk
rule:ajinabraham.njsscan.regex_dos.regex_dos: Ensure that the regex used to compare with user supplied input is safe from regular expression denial of service. Details: https://sg.run/eLgR
rule:ajinabraham.njsscan.regex_dos.regex_dos: Ensure that the regex used to compare with user supplied input is safe from regular expression denial of service. Details: https://sg.run/eLgR
rule:ajinabraham.njsscan.crypto_node.node_insecure_random_generator: crypto.pseudoRandomBytes()/Math.random() is a cryptographically weak random number generator. Details: https://sg.run/1Zlk
rule:ajinabraham.njsscan.regex_dos.regex_dos: Ensure that the regex used to compare with user supplied input is safe from regular expression denial of service. Details: https://sg.run/eLgR