Audit

playwright-exposed-chrome-devtools

Remote debugging protocol does not perform any authentication, so exposing it too widely can be a security risk.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-94: Improper Control of Generation of Code (‘Code Injection’)
OWASP:
- A03:2021 - Injection

playwright-setcontent-injection

If unverified user data can reach the setContent method it can result in Server-Side Request Forgery vulnerabilities
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-918: Server-Side Request Forgery (SSRF)
OWASP:
- A10:2021 - Server-Side Request Forgery (SSRF)

playwright-addinitscript-code-injection

If unverified user data can reach the addInitScript method it can result in Server-Side Request Forgery vulnerabilities
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-918: Server-Side Request Forgery (SSRF)
OWASP:
- A10:2021 - Server-Side Request Forgery (SSRF)

playwright-evaluate-code-injection

If unverified user data can reach the evaluate method it can result in Server-Side Request Forgery vulnerabilities
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-918: Server-Side Request Forgery (SSRF)
OWASP:
- A10:2021 - Server-Side Request Forgery (SSRF)

playwright-goto-injection

If unverified user data can reach the goto method it can result in Server-Side Request Forgery vulnerabilities
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-918: Server-Side Request Forgery (SSRF)
OWASP:
- A10:2021 - Server-Side Request Forgery (SSRF)

playwright-evaluate-arg-injection

Start Here

Setup

Pull Request Review

Scan center

Integrations

IDE

Rule Reference

Resources