Typescript Implied Eval In Timer
Description
Detects potential code execution vulnerabilities when string expressions are passed to setTimeout or setInterval functions in TypeScript. This is dangerous because these timing functions can execute string parameters as code, similar to eval(), potentially allowing injection of malicious code.
Detection Strategy
• Check for calls to setTimeout or setInterval functions
• Examine if the first argument (callback parameter) is provided as a string expression rather than a function reference
• Flag as vulnerable if string expressions are found as first arguments since they can lead to dynamic code execution
Vulnerable code example
import express from 'express';
const app = express();
app.get('/api/task/:code', (req: express.Request, res: express.Response) => {
const userInput = req.params.code;
// VULNERABLE: User input directly concatenated into setTimeout string argument
setTimeout("console.log('" + userInput + "')", 1000);...✅ Secure code example
import express from 'express';
const app = express();
app.get('/api/task/:code', (req: express.Request, res: express.Response) => {
const userInput = req.params.code;
// SECURE: Pass a function to setTimeout instead of a string to prevent code injection
setTimeout(() => {...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.