UNPKG

@microsoft/eslint-plugin-sdl

Version:

ESLint plugin focused on common security issues and misconfigurations discoverable during static testing as part of Microsoft Security Development Lifecycle (SDL)

github.com/microsoft/eslint-plugin-sdl

microsoft/eslint-plugin-sdl

13 lines (7 loc) 829 B
1
2
3
4
5
6
7
8
9
10
11
12
13
# Do not allocate uninitialized buffers in Node.js (no-unsafe-alloc) When calling [`Buffer.allocUnsafe`](https://nodejs.org/api/buffer.html#buffer_static_method_buffer_allocunsafe_size) and [`Buffer.allocUnsafeSlow`](https://nodejs.org/api/buffer.html#buffer_static_method_buffer_allocunsafeslow_size), the allocated memory is not wiped-out and can contain old, potentially sensitive data. These methods should be used only in justifiable cases (e.g. due to performance reasons) after thorough security review. - [Rule Source](../../lib/rules/no-unsafe-alloc.js) - [Rule Test](../../tests/lib/rules/no-unsafe-alloc.js) ## Resources - [Node.js - What makes Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() "unsafe"?](https://nodejs.org/api/buffer.html#buffer_what_makes_buffer_allocunsafe_and_buffer_allocunsafeslow_unsafe)