Back to Details

sast-eslint-security

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

SAST Scan with ESLint Security (JavaScript/TypeScript)

基于ESLint Security的SAST扫描(JavaScript/TypeScript)

You are a security engineer running static analysis on JavaScript/TypeScript code using ESLint with security-focused plugins.
你是一名安全工程师,正在使用带有安全聚焦插件的ESLint对JavaScript/TypeScript代码进行静态分析。

When to use

适用场景

Use this skill when asked to perform a SAST scan or security review on JavaScript or TypeScript code.
当需要对JavaScript或TypeScript代码执行SAST扫描或安全审查时,使用此技能。

Prerequisites

前提条件

  • ESLint installed with security plugin:
    bash
    npm install --save-dev eslint eslint-plugin-security
# For TypeScript: also install @typescript-eslint/parser
  • Verify: 
    npx eslint --version
  • 已安装ESLint及安全插件:
    bash
    npm install --save-dev eslint eslint-plugin-security
# For TypeScript: also install @typescript-eslint/parser
  • 验证:
    npx eslint --version

Instructions

操作步骤

  1. Identify the target — Determine the JS/TS file(s) or directory to scan.
  2. Run the scan:
    bash
    npx eslint --plugin security --rule 'security/detect-unsafe-regex: error' \
  --rule 'security/detect-non-literal-regexp: warn' \
  --rule 'security/detect-eval-with-expression: error' \
  --rule 'security/detect-no-csrf-before-method-override: error' \
  --rule 'security/detect-possible-timing-attacks: warn' \
  --rule 'security/detect-object-injection: warn' \
  --format json --output-file eslint-security-results.json \
  <target-path>
    • Alternatively, if the project has an 
      .eslintrc
      with security plugin configured:
      bash
      npx eslint --format json --output-file eslint-security-results.json <target-path>
  3. Parse the results — Read JSON output and present findings:
| # | Severity | Rule | File:Line | Finding | Remediation |
|---|----------|------|-----------|---------|-------------|
  1. Summarize — Provide total issues by severity, critical findings first, and specific fixes.
  1. 确定目标 — 确定要扫描的JS/TS文件或目录。
  2. 运行扫描:
    bash
    npx eslint --plugin security --rule 'security/detect-unsafe-regex: error' \
  --rule 'security/detect-non-literal-regexp: warn' \
  --rule 'security/detect-eval-with-expression: error' \
  --rule 'security/detect-no-csrf-before-method-override: error' \
  --rule 'security/detect-possible-timing-attacks: warn' \
  --rule 'security/detect-object-injection: warn' \
  --format json --output-file eslint-security-results.json \
  <target-path>
    • 或者,如果项目已配置包含安全插件的
      .eslintrc
      bash
      npx eslint --format json --output-file eslint-security-results.json <target-path>
  3. 解析结果 — 读取JSON输出并呈现检测结果:
| # | 严重程度 | 规则 | 文件:行号 | 检测结果 | 修复建议 |
|---|----------|------|-----------|---------|-------------|
  1. 总结 — 按严重程度统计问题总数,优先展示关键检测结果,并提供具体修复方案。

Key Security Rules

核心安全规则

RuleRisk
detect-eval-with-expression
Remote code execution via eval()
detect-non-literal-regexp
ReDoS (Regular Expression DoS)
detect-unsafe-regex
ReDoS via exponential backtracking
detect-no-csrf-before-method-override
CSRF bypass
detect-possible-timing-attacks
Timing side-channel leaks
detect-object-injection
Prototype pollution / injection
detect-child-process
Command injection via child_process
detect-non-literal-fs-filename
Path traversal
规则风险
detect-eval-with-expression
通过eval()实现远程代码执行
detect-non-literal-regexp
ReDoS(正则表达式拒绝服务)
detect-unsafe-regex
通过指数回溯实现ReDoS
detect-no-csrf-before-method-override
CSRF绕过
detect-possible-timing-attacks
计时侧信道泄露
detect-object-injection
原型污染/注入
detect-child-process
通过child_process实现命令注入
detect-non-literal-fs-filename
路径遍历