forked from snyk-labs/nodejs-goof
-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy path.snyk
43 lines (43 loc) · 1.13 KB
/
.snyk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
exclude:
code:
- tests/**
- test.spec.js
version: v1.25.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
'npm:mem:20180117':
- '*':
reason: I don't want to fix this
expires: 2023-01-13T14:50:13.540Z
created: 2022-12-14T14:50:13.544Z
patch: {}
custom_rules:
- id: HardcodedUrl
description: >-
Use of hardcoded URLs can cause failures in the future if the URL changes.
They are also error prone as a dev or QA environment URL may used in place
of the production URL by mistake.
severity: high
cwe:
- CWE-547
fix_analysis: Use an environment variable instead to reference a hardcoded URL.
rule_code: >
StringLiteral<~"(http|ftp|https):\/\/([\w_-]+(?:(?:\.[\w_-]+)+))([\w.,@?^=%&:\/~+#-]*[\w@?^=%&\/~+#-])">
languages:
- apex
- c
- cpp
- csharp
- go
- html
- java
- javascript
- kotlin
- php
- python
- ruby
- scala
- swift
- typescript
- vb