Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

False positive detect-non-literal-fs-filename on _.exists

See original GitHub issue

Using lodash 4.17.4 and lodash-exists 1.0.3.

const _ = require('lodash');
require('lodash-exists');

...

if (_.exists(memberId)) {
  this.memberId = memberId;
}

Found fs.exists with non literal argument at index 0 security/detect-non-literal-fs-filename

Issue Analytics

  • State:open
  • Created 6 years ago
  • Reactions:11
  • Comments:9 (1 by maintainers)

github_iconTop GitHub Comments

22reactions
ZuBBcommented, Apr 13, 2020

same for window.open()

9reactions
MeenaAlfonscommented, Feb 3, 2019

More false positives for security/detect-non-literal-fs-filename. Example:

screen shot 2019-02-03 at 13 21 14

Error:

Found fs.open with non literal argument at index 0 eslint(security/detect-non-literal-fs-filename)

Read more comments on GitHub >

github_iconTop Results From Across the Web

False positive detect-non-literal-fs-filename on _.exists #26
This needs to be re-written to actually see if fs was used, track it's assignment and make sure that method calls are on...
Read more >
How to fix "Found fs.readFile with non literal argument at index ...
I am trying to add eslint-plugin-security in a TypeScript project. However, for these codes import { promises as fsp } from 'fs'; import...
Read more >
detect-non-literal-fs-filename - Semgrep
Detected that function argument `$ARG` has entered the fs module. An attacker could potentially control the location of this file, to include going ......
Read more >
nodesecurity - Bountysource
False positive detect-non-literal-fs-filename on _.exists $ 0. Created 5 years ago in nodesecurity/eslint-plugin-security with 7 comments.
Read more >
Remove non-literal-regexp and -fs-filename rules ... - GitLab
A number of eslint, and the matching semgrep eslint, rules output a significant amount of false positives. The detect-object-injection rule ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Better unsafe regex detector

Next page

[prefer-tacit] should not consider as error when the user intentionally skipped some parameters