To parse the regexes in rule files, we are using eval(). This is a potential attack vector to take over the victim's machine.
|
lineRules[rule].paramSyntaxRegex = eval(lineRules[rule].paramSyntaxRegex); |
|
lineRules[rule].rules[semanticRule].regex = eval(lineRules[ |
|
rule].rules[semanticRule].regex); |
|
if (rule.keyRegex && !eval(rule.keyRegex).exec(key)) { |
|
if (rule.valueRegex && !eval(rule.valueRegex).exec(value)) { |
|
if (rule.valueRegex && !eval(rule.valueRegex) |
To parse the regexes in rule files, we are using
eval(). This is a potential attack vector to take over the victim's machine.dockerfile_lint/lib/linter-utils.js
Line 39 in 9dd5e91
dockerfile_lint/lib/linter-utils.js
Lines 41 to 42 in 9dd5e91
dockerfile_lint/lib/linter-utils.js
Line 162 in 9dd5e91
dockerfile_lint/lib/linter-utils.js
Line 173 in 9dd5e91
dockerfile_lint/lib/linter-utils.js
Line 292 in 9dd5e91