detect-child-process false-positive with spawn
See original GitHub issueconst { spawn } = require('child_process');
Gives the Found require("child_process")
error.
According to Avoiding Command Injection in Node.js, child_process.spawn
is safer than child_process.exec
.
So is it a false-positive, or does the detect-child-process
rule tell me to completely avoid using child_process
?
Issue Analytics
- State:
- Created 4 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
How to mock the Node.js child_process spawn function?
Is there an easy way to mock the Node.js child_process spawn function? I have code like the following, and would like to test...
Read more >Child process | Node.js v19.3.0 Documentation
The node:child_process module provides the ability to spawn subprocesses in a manner that is similar, but not identical, to popen(3) .
Read more >child_process.spawn: does not throw error when uv_spawn ...
Calling child_process.spawn() with for example a non-existing path does not throw an error. I believe that any synchronously available error ...
Read more >Child process - node - Read the Docs
A Readable Stream that represents the child process's stdout . If the child was not spawned with stdio[1] set to 'pipe' , then...
Read more >Detecting Parent PID Spoofing - F-Secure Blog
The use of parent-child process analysis in particular has been a useful ... you're going to see false positives from legitimate spoofing.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@modestfake Your case is different. You should open a separate issue for it.
I found the case when this rule is false-positive
UPDATE: created a separate issue #64