-
-
Notifications
You must be signed in to change notification settings - Fork 109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
False alarm for “Found fs.readFile with non literal argument at index 0”? #65
Comments
Same for fs.link and fs.exists. I've created my own lib which have a .link and .exists property and I'm getting those issues |
Any fix for this? |
Any update on this? |
I think your example could be treated as a false alarm. But the rule works as expected. It basically reports all variables usage in a file path argument. This is why the call If you are sure that no user input can reach your /* eslint-disable-next-line security/detect-non-literal-fs-filename -- Safe as no value holds user input */
const index = await fsp.readFile(path.resolve(__dirname, './index.html'), 'utf-8'); |
I have another example. I am trying to open
|
Originally asked at https://stackoverflow.com/questions/63262683/how-to-fix-found-fs-readfile-with-non-literal-argument-at-index-0
Copy to here:
I am trying to add eslint-plugin-security in a TypeScript project. However, for these codes
I got many these ESLint warnings:
I found the document about this ESLint error at https://github.com/nodesecurity/eslint-plugin-security#detect-non-literal-fs-filename
But I still have no idea how to fix it. Any guide will be helpful! Thanks
UPDATE:
Found out as long as using passing the path returned by
path.join
orpath.resolve
will show this ESLint issue.If I change to absolute path, the ESLint issue is gone. However, this loose the benefit of the relative path by
path.join
orpath.resolve
.Looking for an alternative / better way if exists.
The text was updated successfully, but these errors were encountered: