hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-25 13:16:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ba3ea700f57a25f0187baca710ea29abba5019eb
codeql/javascript/ql/src/Electron/DisablingWebSecurity.ql
Calum Grant 771e686946 Update security-severity scores
2021-06-15 13:25:17 +01:00

21 lines
627 B
Plaintext
Raw Blame History

/**
* @name Disabling Electron webSecurity
* @description Disabling webSecurity can cause critical security vulnerabilities.
* @kind problem
* @problem.severity error
* @security-severity 6.1
* @precision very-high
* @tags security
* frameworks/electron
* external/cwe/cwe-79
* @id js/disabling-electron-websecurity
*/
import javascript
from DataFlow::PropWrite webSecurity, Electron::WebPreferences preferences
where
webSecurity = preferences.getAPropertyWrite("webSecurity") and
webSecurity.getRhs().mayHaveBooleanValue(false)
select webSecurity, "Disabling webSecurity is strongly discouraged."
Reference in New Issue View Git Blame Copy Permalink