False positive for detect-non-literal-fs-filename
See original GitHub issuedetect-non-literal-fs-filename
seems to also be triggered when passing fs.writeFile
to other functions, especially explicitly safe ones like util.promisify
.
The message is also quite wrong (“Found fs.writeFile
with non literal argument at index 0”) while the actual warning is more that it’s being passed in to a function and who knows what that function does with it?
Issue Analytics
- State:
- Created 4 years ago
- Reactions:2
- Comments:9 (2 by maintainers)
Top Results From Across the Web
False positive detect-non-literal-fs-filename on _.exists #26
This needs to be re-written to actually see if fs was used, track it's assignment and make sure that method calls are on...
Read more >Remove non-literal-regexp and -fs-filename rules ... - GitLab
Problem to solve. A number of eslint, and the matching semgrep eslint, rules output a significant amount of false positives.
Read more >detect-non-literal-fs-filename - Semgrep
Detected that function argument `$ARG` has entered the fs module. An attacker could potentially control the location of this file, to include going ......
Read more >How to fix "Found fs.readFile with non literal argument at index ...
I am trying to add eslint-plugin-security in a TypeScript project. However, for these codes import { promises as fsp } from 'fs'; import...
Read more >nodesecurity - Bountysource
False positive detect-non-literal-fs-filename on _.exists $ 0. Created 5 years ago in nodesecurity/eslint-plugin-security with 7 comments.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
+1 on this issue.
Any fix for the same?