This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!


ID: javascript-node-security/detect-new-buffer

Language: JavaScript

Severity: Warning

Category: Security


Dealing with binary data can be achieved with the Node.js Buffer class. However, if you use non-literal params, this could lead to malicious control over the value, resulting in an attack.

For example, a large number could allocate a significant amount of memory leading to a denial of service attack. It is recommended to use literal values that you can control to prevent these attacks.

Non-Compliant Code Examples

var a = new Buffer(c)

Compliant Code Examples

var a = new Buffer('test')