Add new rule

2022-03-21 15:48:09 +01:00 · 2022-03-21 15:48:09 +01:00 · 0904528284
--- a/lib/rules/no-angular-sanitization-trusted-urls.js
+++ b/lib/rules/no-angular-sanitization-trusted-urls.js
@ -0,0 +1,39 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+/**
+ * @fileoverview Rule to disallow modifying sanitization allowed url list in AngularJS. Update fron the deprecate SanitizationWhitelist
+ * @author Vivien Flouirac
+ */
+
+ "use strict";
+
+ //------------------------------------------------------------------------------
+ // Rule Definition
+ //------------------------------------------------------------------------------
+ module.exports = {
+     meta: {
+         type: "suggestion",
+         fixable: "code",
+         schema: [],
+         docs: {
+             category: "Security",
+             description: "Calls to [`$compileProvider.aHrefSanitizationTrustedUrlList`](https://docs.angularjs.org/api/ng/provider/$compileProvider#aHrefSanitizationTrustedUrlList) configure allowed Url list in AngularJS sanitizer and need to be reviewed.",
+             url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angular-sanitization-trusted-urls.md"
+         },
+         messages: {
+            noSanitizationTrustedUrls: "Do not modify the trusted Urls list in AngularJS"
+         }
+     },
+     create: function(context) {
+         return {
+             "CallExpression[arguments!=''][callee.object.name='$compileProvider'][callee.property.name=/(aHref|imgSrc)SanitizationTrustedUrlList/]"(node) {
+                 context.report(
+                 {
+                     node: node,
+                     messageId: "noSanitizationTrustedUrls"
+                 });
+             }
+         };
+     }
+ };
--- a/lib/rules/no-angularjs-sanitization-whitelist.js
+++ b/lib/rules/no-angularjs-sanitization-whitelist.js
@ -6,34 +6,34 @@
 * @author Antonios Katopodis
 */

-"use strict";
+ "use strict";

-//------------------------------------------------------------------------------
-// Rule Definition
-//------------------------------------------------------------------------------
-module.exports = {
-    meta: {
-        type: "suggestion",
-        fixable: "code",
-        schema: [],
-        docs: {
-            category: "Security",
-            description: "Calls to [`$compileProvider.aHrefSanitizationWhitelist`](https://docs.angularjs.org/api/ng/provider/$compileProvider#aHrefSanitizationWhitelist) or [`$compileProvider.imgSrcSanitizationWhitelist`](https://docs.angularjs.org/api/ng/provider/$compileProvider#imgSrcSanitizationWhitelist) configure whitelists in AngularJS sanitizer and need to be reviewed.",
-            url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-sanitization-whitelist.md"
-        },
-        messages: {
-            noSanitizationWhitelist: "Do not modify sanitization whitelist in AngularJS"
-        }
-    },
-    create: function(context) {
-        return {
-            "CallExpression[arguments!=''][callee.object.name='$compileProvider'][callee.property.name=/(aHref|imgSrc)SanitizationTrustedUrlList/]"(node) {
-                context.report(
-                {
-                    node: node,
-                    messageId: "noSanitizationWhitelist"
-                });
-            }
-        };
-    }
-};
+ //------------------------------------------------------------------------------
+ // Rule Definition
+ //------------------------------------------------------------------------------
+ module.exports = {
+     meta: {
+         type: "suggestion",
+         fixable: "code",
+         schema: [],
+         docs: {
+             category: "Security",
+             description: "Calls to [`$compileProvider.aHrefSanitizationWhitelist`](https://docs.angularjs.org/api/ng/provider/$compileProvider#aHrefSanitizationWhitelist) or [`$compileProvider.imgSrcSanitizationWhitelist`](https://docs.angularjs.org/api/ng/provider/$compileProvider#imgSrcSanitizationWhitelist) configure whitelists in AngularJS sanitizer and need to be reviewed.",
+             url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-sanitization-whitelist.md"
+         },
+         messages: {
+             noSanitizationWhitelist: "Do not modify sanitization whitelist in AngularJS"
+         }
+     },
+     create: function(context) {
+         return {
+             "CallExpression[arguments!=''][callee.object.name='$compileProvider'][callee.property.name=/(aHref|imgSrc)SanitizationWhitelist/]"(node) {
+                 context.report(
+                 {
+                     node: node,
+                     messageId: "noSanitizationWhitelist"
+                 });
+             }
+         };
+     }
+ };
--- a/tests/lib/rules/no-angular-sanitization-trusted-urls.js
+++ b/tests/lib/rules/no-angular-sanitization-trusted-urls.js
@ -0,0 +1,43 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+const path = require("path");
+const ruleId = path.parse(__filename).name;
+const rule = require(path.join('../../../lib/rules/', ruleId));
+const RuleTester = require("eslint").RuleTester;
+var ruleTester = new RuleTester();
+
+ruleTester.run(ruleId, rule, {
+  valid: [
+    "aHrefSanitizationTrustedUrlList ('.*')",
+    "x.aHrefSanitizationTrustedUrlList ('.*')",
+    "$compileProvider.aHrefSanitizationTrustedUrlList ()",
+    "$compileProvider.aHrefSanitizationTrustedUrlList ('.*')"
+  ],
+  invalid: [
+    {
+      code: "$compileProvider.aHrefSanitizationTrustedUrlList ('.*');",
+      errors: [
+        {
+          messageId: "noSanitizationTrustedUrls",
+          line: 1,
+          endLine: 1,
+          column: 1,
+          endColumn: 50
+        }
+      ]
+    },
+    {
+      code: "$compileProvider.imgSrcSanitizationTrustedUrlList('.*');",
+      errors: [
+        {
+          messageId: "noSanitizationTrustedUrls",
+          line: 1,
+          endLine: 1,
+          column: 1,
+          endColumn: 51
+        }
+      ]
+    }
+  ]
+});
--- a/tests/lib/rules/no-angularjs-sanitization-whitelist.js
+++ b/tests/lib/rules/no-angularjs-sanitization-whitelist.js
@ -9,14 +9,14 @@ var ruleTester = new RuleTester();

 ruleTester.run(ruleId, rule, {
  valid: [
-    "aHrefSanitizationTrustedUrlList ('.*')",
-    "x.aHrefSanitizationTrustedUrlList ('.*')",
-    "$compileProvider.aHrefSanitizationTrustedUrlList ()",
-    "$compileProvider.aHrefSanitizationTrustedUrlList ('.*')"
+    "aHrefSanitizationWhitelist('.*')",
+    "x.aHrefSanitizationWhitelist('.*')",
+    "$compileProvider.aHrefSanitizationWhitelist()",
+    "$compileProvider.AHrefSanitizationWhitelist('.*')"
  ],
  invalid: [
    {
-      code: "$compileProvider.aHrefSanitizationTrustedUrlList ('.*');",
+      code: "$compileProvider.aHrefSanitizationWhitelist('.*');",
      errors: [
        {
          messageId: "noSanitizationWhitelist",
@ -28,7 +28,7 @@ ruleTester.run(ruleId, rule, {
      ]
    },
    {
-      code: "$compileProvider.imgSrcSanitizationTrustedUrlList('.*');",
+      code: "$compileProvider.imgSrcSanitizationWhitelist('.*');",
      errors: [
        {
          messageId: "noSanitizationWhitelist",