-
Notifications
You must be signed in to change notification settings - Fork 410
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Published Rules - harishumasankar18_personal_org.detect-new-function #3526
base: develop
Are you sure you want to change the base?
Conversation
let res = `with(a='${activity}', hp=${health}, w=${weight}, hs=${happiness}) { | ||
if (a == 'feed') { hp += 1; w += 5; hs += 3; } if (a == 'play') { w -= 5; hp += 2; hs += 3; } if (a == 'sleep') { hp += 2; w += 3; hs += 3; } if ((a == 'feed' || a == 'sleep' ) && w > 70) { hp -= 10; hs -= 10; } else if ((a == 'feed' || a == 'sleep' ) && w < 40) { hp += 10; hs += 5; } else if (a == 'play' && w < 40) { hp -= 10; hs -= 10; } else if ( hs > 70 && (hp < 40 || w < 30)) { hs -= 10; } if ( hs > 70 ) { m = 'kissy' } else if ( hs < 40 ) { m = 'cry' } else { m = 'awkward'; } if ( hs > 100) { hs = 100; } if ( hs < 5) { hs = 5; } if ( hp < 5) { hp = 5; } if ( hp > 100) { hp = 100; } if (w < 10) { w = 10 } return {m, hp, w, hs} | ||
}`; | ||
quickMaths = new Function(res); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
quickMaths = new Function(res); | |
//ruleid: detect-new-function | |
quickMaths = new Function(res); | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your contribution @harish36000 !
It looks like you are missing some test syntax, as well as some of the metadata is not passing our rule lints. I have made some suggestions.
cwe: | ||
- 'CWE 94: Improper Control of Generation of Code (''Code Injection'')' | ||
owasp: | ||
- A3:2021 Injection | ||
technology: | ||
- javascript | ||
references: | ||
- https://nvd.nist.gov/vuln/detail/cve-2023-23623 | ||
subcategory: | ||
- guardrail |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cwe: | |
- 'CWE 94: Improper Control of Generation of Code (''Code Injection'')' | |
owasp: | |
- A3:2021 Injection | |
technology: | |
- javascript | |
references: | |
- https://nvd.nist.gov/vuln/detail/cve-2023-23623 | |
subcategory: | |
- guardrail | |
cwe: | |
- 'CWE-94: Improper Control of Generation of Code (''Code Injection'')' | |
owasp: | |
- A3:2021 Injection | |
technology: | |
- javascript | |
references: | |
- https://nvd.nist.gov/vuln/detail/cve-2023-23623 | |
subcategory: | |
- secure default |
Wahoo! New published rules with
harishumasankar18_personal_org.detect-new-function
from @harish36000.See semgrep.dev/s/6J7pB for more details.
Thanks for your contribution! ❤️