Node.jsScan: A semantic aware static code analysis tool for Node.js applications (github.com) 27 points by geeklord 6y ago ↗ HN
[–] danenania 6y ago ↗ A quick summary of what exactly this scans for at the top of the README would be nice.From the screenshots at the bottom, it looks like mainly SQL injection and outdated dependencies? [–] nailer 6y ago ↗ Probably JSON injection too. You can handle this in middleware, but I suspect lot of people don't.
[–] nailer 6y ago ↗ Probably JSON injection too. You can handle this in middleware, but I suspect lot of people don't.
[–] 29athrowaway 6y ago ↗ https://github.com/ajinabraham/njsscan/blob/master/njsscan/r...Does this mean that if I use single quotes or add whitespace inside the parentheses the vulnerability will not be detected?
[–] narrationbox 6y ago ↗ Static analysis software is quite valuable if you can successfully sell it.https://github.blog/2019-09-18-github-welcomes-semmle/
5 comments
[ 1.8 ms ] story [ 22.5 ms ] threadFrom the screenshots at the bottom, it looks like mainly SQL injection and outdated dependencies?
Does this mean that if I use single quotes or add whitespace inside the parentheses the vulnerability will not be detected?
https://github.blog/2019-09-18-github-welcomes-semmle/