hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-12 06:00:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
aa6cb51bbac9f2fca2b7d6e558d9f4e1340c0d2f
codeql/javascript/ql/src/Electron/DisablingWebSecurity.ql
Max Schaefer 31bb39a810 JavaScript: Autoformat all QL files.
2019-01-07 10:15:45 +00:00

19 lines
572 B
Plaintext
Raw Blame History

/**
* @name Disabling Electron webSecurity
* @description Disabling webSecurity can cause critical security vulnerabilities.
* @kind problem
* @problem.severity error
* @precision very-high
* @tags security
* frameworks/electron
* @id js/disabling-electron-websecurity
*/
import javascript
from DataFlow::PropWrite webSecurity, Electron::WebPreferences preferences
where
webSecurity = preferences.getAPropertyWrite("webSecurity") and
webSecurity.getRhs().mayHaveBooleanValue(false)
select webSecurity, "Disabling webSecurity is strongly discouraged."
Reference in New Issue View Git Blame Copy Permalink