Reading Standard Input is security-sensitive. It has led in the past to the following vulnerabilities:
It is common for attackers to craft inputs enabling them to exploit software vulnerabilities. Thus any data read from the standard input (stdin) can be dangerous and should be validated.
This rule flags code that reads from the standard input.
You are at risk if you answered yes to this question.
Sanitize all data read from the standard input before using it.
// The process object is a global that provides information about, and control over, the current Node.js process
// All uses of process.stdin are security-sensitive and should be reviewed
process.stdin.on('readable', () => {
const chunk = process.stdin.read(); // Questionable
if (chunk !== null) {
dosomething(chunk);
}
});
const readline = require('readline');
readline.createInterface({
input: process.stdin // Questionable
}).on('line', (input) => {
dosomething(input);
});