Skip to content
/ data-flow-js Public

A sample repository with 3 examples of the JS analyzer's data flow analysis capabilities

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

srijanpaul-deepsource/data-flow-js

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
src
src
 
 
.deepsource.toml
.deepsource.toml
 
 
README.md
README.md
 
 
package.json
package.json
 
 
pnpm-lock.yaml
pnpm-lock.yaml
 
 

Repository files navigation

Data flow analysis - JavaScript

A sample repository showcasing the data flow analysis capabilities of the DeepSource JavaScript analyzer. There are three examples, and each one is a security rule, since these are one of the best use cases for DFA.

Command injection

Some data passed as the URL parameter in an express route is eventually passed to a cp.exec, where cp is the "child_process" module is Node DeepSource is able to follow the tainted variable through function boundaries.

Vulnerable execa.

Similar to the command injection rule, we now see the tainted data pass through multiple aliases. If the handler function is not used in an express.js callback, DeepSource will not raise the issue.

SQL injection

A real use case from one of our customers, where some data is fed into a query from the db-mysql function.

About

A sample repository with 3 examples of the JS analyzer's data flow analysis capabilities

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages