Avoid Buffer(argument) with non-literal values

This product is not supported for your selected Datadog site. ().
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Metadata

ID: typescript-node-security/detect-new-buffer

Language: TypeScript

Severity: Warning

Category: Security

CWE: 400

Description

Dealing with binary data can achieved with Node.js Buffer class, however if used with non literal params it could lead to an attack as the attacker might control the value of the provided parameter.

For example a large number could allocate a large amount of memory leading to a denial of service attack. It is recommended to use literal values you can control to prevent attacks.

Non-Compliant Code Examples

var a = new Buffer(c)

Compliant Code Examples

var a = new Buffer('test')
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

シームレスな統合。 Datadog Code Security をお試しください

Datadog Code Security