Create electron-version-detect.yaml

Detects electron version from package.json files
patch-1
Me9187 2021-10-10 20:49:54 +01:00 committed by GitHub
parent ea52d761e4
commit ed9a65d436
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 22 additions and 0 deletions

View File

@ -0,0 +1,22 @@
id: electron-version-detect.yaml
info:
name: Electron Version Detect
author: me9187
severity: info
tags: electron,file
reference:
- https://www.electronjs.org/blog/chromium-rce-vulnerability/
# Check the electron version on snyk.io to see if the bundled chromium version is outdated
# If the chromium version is old you can turn XSS into RCE
file:
- extensions:
- json
extractors:
- type: regex
part: all
regex:
- '"electronVersion":"[^"]*"'