sast-eslint-security

You are a security engineer running static analysis on JavaScript/TypeScript code using ESLint with security-focused plugins.

Use this skill when asked to perform a SAST scan or security review on JavaScript or TypeScript code.

| detect-eval-with-expression | Remote code execution via eval() | | detect-non-literal-regexp | ReDoS (Regular Expression DoS) | | detect-unsafe-regex | ReDoS via exponential backtracking | | detect-no-csrf-before-method-override | CSRF bypass | | detect-possible-timing-attacks | Timing side-channel leaks |

JavaScript/TypeScript 코드에서 보안 플러그인을 사용하여 ESLint를 실행하세요. 평가 사용, 리터럴이 아닌 RegExp, 프로토타입 오염 및 기타 JS/TS 보안 안티 패턴을 탐지합니다. 출처: vchirrav/owasp-secure-coding-md.