2020-06-30 14:41:58 +02:00
|
|
|
include::../description.adoc[]
|
|
|
|
|
|
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
|
|
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
|
|
|
|
|
|
== Sensitive Code Example
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
// The process object is a global that provides information about, and control over, the current Node.js process
|
|
|
|
|
// All uses of process.stdin are security-sensitive and should be reviewed
|
|
|
|
|
|
|
|
|
|
process.stdin.on('readable', () => {
|
|
|
|
|
const chunk = process.stdin.read(); // Sensitive
|
|
|
|
|
if (chunk !== null) {
|
|
|
|
|
dosomething(chunk);
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const readline = require('readline');
|
|
|
|
|
readline.createInterface({
|
|
|
|
|
input: process.stdin // Sensitive
|
|
|
|
|
}).on('line', (input) => {
|
|
|
|
|
dosomething(input);
|
|
|
|
|
});
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
include::../see.adoc[]
|
2021-06-02 20:44:38 +02:00
|
|
|
|
2021-06-03 09:05:38 +02:00
|
|
|
ifdef::env-github,rspecator-view[]
|
2021-06-02 20:44:38 +02:00
|
|
|
== Comments And Links
|
|
|
|
|
(visible only on this page)
|
|
|
|
|
|
|
|
|
|
include::comments-and-links.adoc[]
|
2021-06-03 09:05:38 +02:00
|
|
|
endif::env-github,rspecator-view[]
|
