LoFP / puppeteer invocation exceptions often contain child_process related errors, that doesn't necessarily mean that the app is vulnerable.

Techniques

• t1190

Sample rules

Potential RCE Exploitation Attempt In NodeJS

• source: sigma
• technicques:
  • t1190

Description

Detects process execution related errors in NodeJS. If the exceptions are caused due to user input then they may suggest an RCE vulnerability.

Detection logic

condition: keywords
keywords:
- node:child_process