Sign upLogin

mountain-pass/addressr

View on GitHub
Star

Showing 1,425 of 1,425 total issues

debug Regular Expression Denial of Service
Open

        "debug": {
          "version": "2.2.0",
          "resolved": "https://registry.npmjs.org/debug/-/debug-2.2.0.tgz",
          "integrity": "sha1-+HBX6ZWxofauaklgZkE3vFbwOdo=",
          "dev": true,
Severity: Minor
Found in package-lock.json by nodesecurity

Regular Expression Denial of Service

Overview:

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.

Recommendation:

Upgrade to version 2.6.9 or greater if you are on the 2.6.x series or 3.1.0 or greater.

minimatch Regular Expression Denial of Service
Open

        "minimatch": {
          "version": "2.0.10",
          "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-2.0.10.tgz",
          "integrity": "sha1-jQh8OcazjAAbl/ynzm0OHoCvusc=",
          "dev": true,
Severity: Minor
Found in package-lock.json by nodesecurity

Regular Expression Denial of Service

Overview:

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatch(path, pattern) is vulnerable to ReDoS in the pattern parameter. This is because of the regular expression on line 521 of minimatch.js: /((?:\\{2})*)(\\?)\|/g,. The problematic portion of the regex is ((?:\\{2})*) which matches against \\.

A proof of concept is as follows: ``` var minimatch = require(“minimatch”);

// utility function for generating long strings var genstr = function (len, chr) { var result = “”; for (i=0; i<=len; i++) { result = result + chr; } return result; }

var exploit = “[!” + genstr(1000000, “\”) + “A”;

// minimatch exploit. console.log(“starting minimatch”); minimatch(“foo”, exploit); console.log(“finishing minimatch”); ```

Recommendation:

Updated to version 3.0.2 or greater

Insert ;
Open

import { esConnect } from './client/elasticsearch'
Severity: Minor
Found in server.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Insert ;
Open

  logger('connecting es client')
Severity: Minor
Found in server.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Insert ;
Open

          )
Severity: Minor
Found in swagger.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Definition for rule 'unicorn/prevent-abbreviations' was not found.
Open

#!/usr/bin/env node
Severity: Minor
Found in deploy/create-deployment-archive.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Definition for rule 'unicorn/no-null' was not found.
Open

#!/usr/bin/env node
Severity: Minor
Found in deploy/create-deployment-archive.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Insert ;
Open

const fs = require('fs')
Severity: Minor
Found in deploy/create-deployment-archive.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Replace ··const·{·name,·version,·description,·author,·contributors,·engines,·keywords,·license,·private:·privateKey,·repository,·bugs,·homepage with const·{⏎····name,⏎····version,⏎····description,⏎····author,⏎····contributors,⏎····engines,⏎····keywords,⏎····license,⏎····private:·privateKey,⏎····repository,⏎····bugs,⏎····homepage,⏎·
Open

    const { name, version, description, author, contributors, engines, keywords, license, private: privateKey, repository, bugs, homepage } = context;
Severity: Minor
Found in deploy/create-deployment-archive.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Replace ········"name" with ····name
Open

        "name": `${name}-deployment`,
Severity: Minor
Found in deploy/create-deployment-archive.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Delete ····
Open

        author,
Severity: Minor
Found in deploy/create-deployment-archive.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Delete ····
Open

        engines,
Severity: Minor
Found in deploy/create-deployment-archive.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Definition for rule 'unicorn/filename-case' was not found.
Open

import debug from 'debug'
Severity: Minor
Found in src/server2.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Insert ;
Open

    global.esClient = esClient
Severity: Minor
Found in src/server2.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Insert ;
Open

  })
Severity: Minor
Found in src/waycharterServer.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Insert ,
Open

    }
Severity: Minor
Found in src/waycharterServer.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Insert ;
Open

const fsp = fs.promises
Severity: Minor
Found in service/address-service.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Insert ;
Open

var logger = debug('api')
Severity: Minor
Found in service/address-service.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Insert ;
Open

  const cachedResponse = await cache.get(packageUrl)
Severity: Minor
Found in service/address-service.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Insert ,
Open

      headers: response.headers
Severity: Minor
Found in service/address-service.js by eslint

For more information visit Source: http://eslint.org/docs/rules/

Severity
Category
Status
Source
Language