Hello JavaScript and TypeScript developers,
The JS and TS analyzers were upgraded to detect 7 injection vulnerabilities for applications relying on Node or Express. These 7 rules use in the background the same taint analysis that we already use for Java, C#, PHP and Python. This technology detects if a user-tainted data can flow into your code to reach an given API (aka: “sink”) that can be misused by a malicious user.
If you are not yet familiar with “taint analysis”, I invite your to read the blog post written by @ganncamp: What is ‘taint analysis’ and why do I care?
Here is the list of the 7 Injection Vulnerabilities that can be detected for the JavaScript and TypeScript engines:
- S5131: Endpoints should not be vulnerable to reflected cross-site scripting (XSS) attacks
- S3649: Database queries should not be vulnerable to injection attacks
- S5147: NoSQL operations should not be vulnerable to injection attacks
- S2083: I/O function calls should not be vulnerable to path injection attacks
- S2631: Regular expressions should not be vulnerable to Denial of Service attacks
- S5334: Dynamic code execution should not be vulnerable to injection attacks
- S6096: Extracting archives should not lead to zip slip vulnerabilities
These rules are available now on SonarCloud, and will be included in SonarQube 8.7 Developer Edition in Feb 2021.
Alex