51369b610e
When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again.
42 lines
806 B
Plaintext
42 lines
806 B
Plaintext
== Why is this an issue?
|
|
|
|
When loading modules dynamically, malicious user input could find its way to the parameter specifying the module path and name. This could allow an attacker to load and run arbitrary code, or access arbitrary files.
|
|
|
|
|
|
This rule raises an issue for each use of dynamic module loading.
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,javascript]
|
|
----
|
|
const mod = require(modPath);
|
|
----
|
|
|
|
=== Compliant solution
|
|
|
|
[source,javascript]
|
|
----
|
|
const mod = require('path/module');
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Remove this use of dynamic module loading.
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|