Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Published Rules - harishumasankar18_personal_org.detect-new-function #3526

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

New Published Rules - harishumasankar18_personal_org.detect-new-function #3526

wants to merge 2 commits into from

Conversation

semgrep-dev-pr-bot[bot]
Copy link
Contributor

Wahoo! New published rules with harishumasankar18_personal_org.detect-new-function from @harish36000.

See semgrep.dev/s/6J7pB for more details.

Thanks for your contribution! ❤️

0xDC0DE
0xDC0DE reviewed Dec 11, 2024
View reviewed changes
harishumasankar18_personal_org/detect-new-function.jsx
let res = `with(a='${activity}', hp=${health}, w=${weight}, hs=${happiness}) {
if (a == 'feed') { hp += 1; w += 5; hs += 3; } if (a == 'play') { w -= 5; hp += 2; hs += 3; } if (a == 'sleep') { hp += 2; w += 3; hs += 3; } if ((a == 'feed' || a == 'sleep' ) && w > 70) { hp -= 10; hs -= 10; } else if ((a == 'feed' || a == 'sleep' ) && w < 40) { hp += 10; hs += 5; } else if (a == 'play' && w < 40) { hp -= 10; hs -= 10; } else if ( hs > 70 && (hp < 40 || w < 30)) { hs -= 10; } if ( hs > 70 ) { m = 'kissy' } else if ( hs < 40 ) { m = 'cry' } else { m = 'awkward'; } if ( hs > 100) { hs = 100; } if ( hs < 5) { hs = 5; } if ( hp < 5) { hp = 5; } if ( hp > 100) { hp = 100; } if (w < 10) { w = 10 } return {m, hp, w, hs}
}`;
quickMaths = new Function(res);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
quickMaths = new Function(res);
//ruleid: detect-new-function
quickMaths = new Function(res);

0xDC0DE
0xDC0DE requested changes Dec 11, 2024
View reviewed changes
Copy link
Contributor

@0xDC0DE 0xDC0DE left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your contribution @harish36000 !

It looks like you are missing some test syntax, as well as some of the metadata is not passing our rule lints. I have made some suggestions.

harishumasankar18_personal_org/detect-new-function.yaml
Comment on lines +15 to +24
cwe:
- 'CWE 94: Improper Control of Generation of Code (''Code Injection'')'
owasp:
- A3:2021 Injection
technology:
- javascript
references:
- https://nvd.nist.gov/vuln/detail/cve-2023-23623
subcategory:
- guardrail
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
cwe:
- 'CWE 94: Improper Control of Generation of Code (''Code Injection'')'
owasp:
- A3:2021 Injection
technology:
- javascript
references:
- https://nvd.nist.gov/vuln/detail/cve-2023-23623
subcategory:
- guardrail
cwe:
- 'CWE-94: Improper Control of Generation of Code (''Code Injection'')'
owasp:
- A3:2021 Injection
technology:
- javascript
references:
- https://nvd.nist.gov/vuln/detail/cve-2023-23623
subcategory:
- secure default

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0xDC0DE 0xDC0DE 0xDC0DE requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@0xDC0DE @harish36000