Create express-lfr.yaml

file/nodejs/express-lfr.yaml

@@ -0,0 +1,21 @@
+id: express-lfr
+
+info:
+  name: Express LFR
+  author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
+  severity: info
+  description: Untrusted user input in express render() function can result in arbitrary file read if hbs templating is used.
+  tags: file,nodejs,express,lfr
+
+file:
+  - extensions:
+      - all
+
+    matchers:
+      - type: regex
+        regex:
+          - "$INP = <... \\$REQ\\.\\$QUERY ...>\\;"
+          - "$RES\\.render\\(\\$VIEW, <... \\$INP ...>\\)"
+          - "$RES.render\\($VIEW, <... $REQ.$QUERY.$FOO ...>\\)"
+          - "$RES\\.render\\(\\$VIEW, <... \\$REQ\\.\\$BODY ...>\\)"
+        condition: or