Skip to content

Commit

Permalink
Disable security/detect-es-literal-regexp eslint rule
Browse files Browse the repository at this point in the history 
see:
- https://github.com/gkouziik/eslint-plugin-security-node/blob/master/docs/rules/non-literal-reg-expr.md

Assessment:
The Delivery-Dashboard does not use server-side resources for regex
evaluation, hence an attack which would lead to an outstanding amount of
CPU usage would not cause any harm.
  • Loading branch information
@8R0WNI3
8R0WNI3 committed Feb 10, 2025
1 parent 4672f4f commit d12c29b
Show file tree
Hide file tree
Showing 3 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions eslint.config.mjs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ export default [
'eol-last': ['warn'],
'jsx-a11y/no-autofocus': ['off'],
'security/detect-object-injection': ['off'],
'security/detect-non-literal-regexp': ['off'],
},

settings: {
Expand Down
1 change: 1 addition & 0 deletions eslint.sast.config.mjs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ export default [
{
rules: {
'security/detect-object-injection': ['off'],
'security/detect-non-literal-regexp': ['off'],
},

settings: {
Expand Down
1 change: 0 additions & 1 deletion src/findings.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -316,7 +316,6 @@ const filterMatchesOcmNode = ({
if (!patterns?.length > 0) return true
if (!string) return filter.semantics === FILTER_SEMANTICS.INCLUDE

// eslint-disable-next-line security/detect-non-literal-regexp
return Boolean(patterns.find((pattern) => (new RegExp(pattern)).test(string)))
}

Expand Down

0 comments on commit d12c29b

Please sign in to comment.