16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
42 lines
898 B
Plaintext
42 lines
898 B
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
const fs = require('fs'); // review how the 'fs' module is used
|
|
// All 'fs' operations accepting a path as a parameter are security-sensitive and should be reviewed
|
|
// Examples:
|
|
var res = fs.readdirSync(path); // Sensitive
|
|
var fd = fs.openSync(path, 'r'); // Sensitive
|
|
var ws = fs.createWriteStream(path); // Sensitive
|
|
----
|
|
|
|
== Exceptions
|
|
|
|
No issue will be raised if the path is fully hard-coded.
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== on 6 Dec 2018, 08:11:25 Alexandre Gigleux wrote:
|
|
https://nodejs.org/api/fs.html
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|