eslint-plugin-security
eslint-plugin-security copied to clipboard
A more relevant "detect-object-injection"
Is there any way that we can work towards a more helpful/relevant report of Object injection sinks?
I can't think of a relevant security use case where Object injection would be relevant outside of the scope of a function directly linked to a web service.
I can understand based on tree traversal that determining the difference in between functions that are used in response to direct network calls would be [near] impossible to determine, but if I use bracket notation at the top level of my module, likely this rule should not notify.