False positive detect-non-literal-fs-filename on _.exists
See original GitHub issueUsing lodash
4.17.4
and lodash-exists
1.0.3
.
const _ = require('lodash');
require('lodash-exists');
...
if (_.exists(memberId)) {
this.memberId = memberId;
}
Found fs.exists with non literal argument at index 0 security/detect-non-literal-fs-filename
Issue Analytics
- State:
- Created 6 years ago
- Reactions:11
- Comments:9 (1 by maintainers)
Top Results From Across the Web
False positive detect-non-literal-fs-filename on _.exists #26
This needs to be re-written to actually see if fs was used, track it's assignment and make sure that method calls are on...
Read more >How to fix "Found fs.readFile with non literal argument at index ...
I am trying to add eslint-plugin-security in a TypeScript project. However, for these codes import { promises as fsp } from 'fs'; import...
Read more >detect-non-literal-fs-filename - Semgrep
Detected that function argument `$ARG` has entered the fs module. An attacker could potentially control the location of this file, to include going ......
Read more >nodesecurity - Bountysource
False positive detect-non-literal-fs-filename on _.exists $ 0. Created 5 years ago in nodesecurity/eslint-plugin-security with 7 comments.
Read more >Remove non-literal-regexp and -fs-filename rules ... - GitLab
A number of eslint, and the matching semgrep eslint, rules output a significant amount of false positives. The detect-object-injection rule ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
same for
window.open()
More false positives for
security/detect-non-literal-fs-filename
. Example:Error: