Node Integration Exposure
Description
Node integration exposes node.js APIs to the electron app and this can introduce remote code execution vulnerabilities to the application if the app is vulnerable to Cross Site Scripting (XSS).
Examples
Insecure Code
javascript
new BrowserWindow({webPreferences: {nodeIntegration: true}})Secure Code
javascript
new BrowserWindow({webPreferences: {nodeIntegration: false}})Remediation
Set nodeIntegration to false in BrowserWindow webPreferences to prevent exposure of node.js APIs.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0372 |
| Category | InsecureConfig |
| Severity | MEDIUM |
| CWE | CWE-272 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | Node.js, Electron |
| OWASP | A6:2017-Security Misconfiguration, A05:2021-Security Misconfiguration |