scenario.iterationInTest results in CWE check failure

I am using shared array with scenario.iterationInTest as I can’t re-use data in my tests. Using this however is generating a security error on CWE scans, semgrep (configured in pipeline scans) as Semgrep
I am using the standard bracket object notation as below to get the data from shared array as documented

How do we mitigate this ? Since scenario.iterationInTest is an index (not a property that I can replace with dot notation or put some checks prior accessing the object key)


Hi @sumanta.r86,
you shouldn’t mitigate it, you can just add a rule to instrument better your linter, because the k6/execution variables are generated by the k6 runtime and are not user inputs.
The quick way should be to just exclude the line for that detect-object-injection linter, instead if you have a big codebase with a lot of them, you could consider creating a more general rule in your eslint configuration.

Let me know if it helps.

1 Like