caller and arguments properties should not be accessed on strict mode function

  • STRICT_MODE_FUNC_PROPERTY
  • Error
  • High
  • No tags

This rule applies when strict mode function's caller and arguments properties are used.

caller and arguments properties for accessing the call stack implies security problems that unsafe code can gain access to privileged functions. Therefore, accessing caller and arguments properties is prohibited for strict mode function objects.

Noncompliant Code Example

function f() {
    'use strict';
}
f.caller; // STRICT_MODE_FUNC_PROPERTY alarm
f.arguments; // STRICT_MODE_FUNC_PROPERTY alarm
f.arguments = 1; // STRICT_MODE_FUNC_PROPERTY alarm

Compliant Code Example

function f() {
}
f.caller;
f.arguments;
f.arguments = 1;

Version

This rule was introduced in DeepScan 1.0.0-alpha.

See