Injection: Dangerous Dynamic Code Execution in JavaScript¶
Identifier:
js_dangerous_eval
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Dynamic code execution via eval() or Function() with user-controlled input can lead to code injection attacks.
How we test: We statically analyze first-party JavaScript bundles to detect usage of eval(), new Function(), setTimeout/setInterval with string arguments, and similar patterns that execute dynamically constructed code.
References:
Configuration¶
Example¶
Example configuration:
Reference¶
issues_count_limit¶
Type : integer
The maximum number of issues to report. Use 0 to report all issues.
skip¶
Type : boolean
Skip the test if true.