JavaScript and TypeScript analyzers detect 7 injection vulnerabilities

Hello JavaScript and TypeScript developers,

The JS and TS analyzers were upgraded to detect 7 injection vulnerabilities for applications relying on Node or Express. These 7 rules use in the background the same taint analysis that we already use for Java, C#, PHP and Python. This technology detects if a user-tainted data can flow into your code to reach an given API (aka: “sink”) that can be misused by a malicious user.
If you are not yet familiar with “taint analysis”, I invite your to read the blog post written by @ganncamp: What is ‘taint analysis’ and why do I care?

Here is the list of the 7 Injection Vulnerabilities that can be detected for the JavaScript and TypeScript engines:

  • S5131: Endpoints should not be vulnerable to reflected cross-site scripting (XSS) attacks
  • S3649: Database queries should not be vulnerable to injection attacks
  • S5147: NoSQL operations should not be vulnerable to injection attacks
  • S2083: I/O function calls should not be vulnerable to path injection attacks
  • S2631: Regular expressions should not be vulnerable to Denial of Service attacks
  • S5334: Dynamic code execution should not be vulnerable to injection attacks
  • S6096: Extracting archives should not lead to zip slip vulnerabilities

These rules are available now on SonarCloud, and will be included in SonarQube 8.7 Developer Edition in Feb 2021.

Alex

1 Like