Unsanitized User Input in Resource Rendering

Overview

Rule ID: javascript_express_external_resource
Applicable Languages: Javascript
Weakness ID: CWE-706

Description

Exception messages that expose sensitive information can be a critical security vulnerability. When exception details are printed directly to the default output, they might reveal crucial information about the application’s configuration or environment, such as file paths, server details, or database configurations. This not only aids attackers in identifying potential entry points but also risks exposing user-specific data, leading to privacy violations.

Remediation Guidelines

Do not pass user or request input directly to res.render() without sanitization. Using user input directly in resource rendering can introduce security risks.
```
res.render(req.body.page); // unsafe
System.out.println(e); // Unsafe
```
Instead, sanitize the input or use a safelist if you need to rely on user input for resource rendering. This ensures that only expected and safe resources are rendered.
```
var path = req.body.path;
if (['users', 'posts', 'pages'].includes(path)) {
    return res.render(`${path}/success`);
}
```

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUnsanitized user input in regular expression NextUnsanitized input in SQL query

Last updated 1 year ago

hashtagOverview

hashtagDescription

hashtagRemediation Guidelines

hashtagReferences

hashtagConfiguration

Overview

Description

Remediation Guidelines

References

Configuration