Skip to content

Aps 15770 cypress cli better ts support v2 #995

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
RutvikChandla wants to merge 16 commits into from

Add security related patches

7ad5ef5
Select commit
Loading
Failed to load commit list.
Closed

Aps 15770 cypress cli better ts support v2 #995

Add security related patches
7ad5ef5
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Semgrep OSS failed Aug 19, 2025 in 6s

14 new alerts including 3 errors

New alerts in code changed by this pull request

  • 3 errors
  • 11 warnings

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 36 in bin/helpers/readCypressConfigUtil.js

See this annotation in the file changed.

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal Warning

Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Check warning on line 42 in bin/helpers/readCypressConfigUtil.js

See this annotation in the file changed.

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal Warning

Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Check warning on line 81 in bin/helpers/readCypressConfigUtil.js

See this annotation in the file changed.

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal Warning

Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Check warning on line 82 in bin/helpers/readCypressConfigUtil.js

See this annotation in the file changed.

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal Warning

Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Check warning on line 147 in bin/helpers/readCypressConfigUtil.js

See this annotation in the file changed.

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal Warning

Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Check failure on line 183 in bin/helpers/readCypressConfigUtil.js

See this annotation in the file changed.

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.detect-child-process.detect-child-process Error

Detected calls to child_process from a function argument bsConfig. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed.

Check failure on line 183 in bin/helpers/readCypressConfigUtil.js

See this annotation in the file changed.

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.detect-child-process.detect-child-process Error

Detected calls to child_process from a function argument bstack_node_modules_path. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed.

Check failure on line 183 in bin/helpers/readCypressConfigUtil.js

See this annotation in the file changed.

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.detect-child-process.detect-child-process Error

Detected calls to child_process from a function argument cypress_config_filepath. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed.

Check warning on line 1860 in bin/helpers/utils.js

See this annotation in the file changed.

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal Warning

Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Check warning on line 1956 in bin/helpers/utils.js

See this annotation in the file changed.

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp Warning

RegExp() called with a excludePatterns function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.

Check warning on line 2050 in bin/helpers/utils.js

See this annotation in the file changed.

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal Warning

Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Check warning on line 2050 in bin/helpers/utils.js

See this annotation in the file changed.

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal Warning

Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Check warning on line 2051 in bin/helpers/utils.js

See this annotation in the file changed.

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal Warning

Detected possible user input going into a path.join or path.resolve function. This could possibly lead to a path traversal vulnerability, where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.

Check warning on line 2103 in bin/helpers/utils.js

See this annotation in the file changed.

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp Warning

RegExp() called with a pattern function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.