2020-06-30 12:48:07 +02:00
When loading modules dynamically, malicious user input could find its way to the parameter specifying the module path and name. This could allow an attacker to load and run arbitrary code, or access arbitrary files.
2021-02-02 15:02:10 +01:00
2020-06-30 12:48:07 +02:00
This rule raises an issue for each use of dynamic module loading.
== Noncompliant Code Example
2022-02-04 17:28:24 +01:00
[source,javascript]
2020-06-30 12:48:07 +02:00
----
const mod = require(modPath);
----
== Compliant Solution
2022-02-04 17:28:24 +01:00
[source,javascript]
2020-06-30 12:48:07 +02:00
----
const mod = require('path/module');
----
include::../see.adoc[]
2021-06-02 20:44:38 +02:00
2021-06-03 09:05:38 +02:00
ifdef::env-github,rspecator-view[]
2021-09-20 15:38:42 +02:00
'''
== Implementation Specification
(visible only on this page)
include::message.adoc[]
2021-06-08 15:52:13 +02:00
'''
2021-06-02 20:44:38 +02:00
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
2021-06-03 09:05:38 +02:00
endif::env-github,rspecator-view[]
