Unsanitized user input in resource rendering

Rule ID: javascript_express_external_resource
Languages: javascript
Source: external_resource.yml

Description

Unsanitized user input in resource rendering can lead to security vulnerabilities. This issue arises when user-provided data is used directly in rendering resources without proper sanitization, potentially leading to unauthorized access or manipulation of data.

Remediations

Do not pass user or request input directly to res.render() without sanitization. Directly using user input in resource rendering can introduce security risks.
```
res.render(req.body.page); // unsafe
```
Do sanitize the input or use a safelist if you must rely on user input for resource rendering. This ensures that only expected and safe resources are rendered.
```
var path = req.body.path;
if (['users', 'posts', 'pages'].includes(path)) {
  return res.render(`${path}/success`);
}
```

Associated CWE

CWE-706: Use of Incorrectly-Resolved Name or Reference

OWASP Top 10

A01:2021 - Broken Access Control

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=javascript_express_external_resource

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=javascript_express_external_resource