mcp-server-semgrep
Version:
MCP Server for Semgrep Integration - static code analysis with AI
61 lines (60 loc) • 1.92 kB
YAML
rules:
- id: express-data-exfiltration
message: >-
Depending on the context, user control data in `Object.assign` can cause web response to include data
that it should not have or can lead to a mass assignment vulnerability.
metadata:
owasp:
- A08:2021 - Software and Data Integrity Failures
cwe:
- 'CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes'
references:
- https://en.wikipedia.org/wiki/Mass_assignment_vulnerability
- https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html
category: security
technology:
- express
subcategory:
- audit
likelihood: LOW
impact: MEDIUM
confidence: LOW
languages:
- javascript
- typescript
severity: WARNING
mode: taint
pattern-sources:
- patterns:
- pattern-either:
- pattern-inside: function ... ($REQ, $RES) {...}
- pattern-inside: function ... ($REQ, $RES, $NEXT) {...}
- patterns:
- pattern-either:
- pattern-inside: $APP.$METHOD(..., function $FUNC($REQ, $RES) {...})
- pattern-inside: $APP.$METHOD(..., function $FUNC($REQ, $RES, $NEXT) {...})
- metavariable-regex:
metavariable: $METHOD
regex: ^(get|post|put|head|delete|options)$
- pattern-either:
- pattern: $REQ.query
- pattern: $REQ.body
- pattern: $REQ.params
- pattern: $REQ.cookies
- pattern: $REQ.headers
- patterns:
- pattern-either:
- pattern-inside: |
({ $REQ }: Request,$RES: Response, $NEXT: NextFunction) =>
{...}
- pattern-inside: |
({ $REQ }: Request,$RES: Response) => {...}
- focus-metavariable: $REQ
- pattern-either:
- pattern: params
- pattern: query
- pattern: cookies
- pattern: headers
- pattern: body
pattern-sinks:
- pattern: Object.assign(...)