microsoft
/
eslint-plugin-sdl
зеркало из https://github.com/microsoft/eslint-plugin-sdl.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Do not allow trailing commas in code style

This commit is contained in:
Martin Kačmar 2024-10-01 15:30:42 +02:00
Родитель b575f2856b
Коммит 5974046e6f
48 изменённых файлов: 405 добавлений и 404 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
.prettierrc
Просмотреть файл

@ -1,3 +1,4 @@
{
"printWidth": 100
"printWidth": 100,
"trailingComma": "none"
}

6
README.md
Просмотреть файл

@ -39,9 +39,9 @@ module.exports = [
{
rules: {
"no-eval": "error",
"@microsoft/sdl/no-inner-html": "error",
},
},
"@microsoft/sdl/no-inner-html": "error"
}
}
];
```

8
config/angular.js поставляемый
Просмотреть файл

@ -8,11 +8,11 @@ module.exports = (pluginSdl) => {
return [
{
plugins: {
"@microsoft/sdl": pluginSdl,
"@microsoft/sdl": pluginSdl
},
rules: {
"@microsoft/sdl/no-angular-bypass-sanitizer": "error",
},
},
"@microsoft/sdl/no-angular-bypass-sanitizer": "error"
}
}
];
};

8
config/angularjs.js поставляемый
Просмотреть файл

@ -8,13 +8,13 @@ module.exports = (pluginSdl) => {
return [
{
plugins: {
"@microsoft/sdl": pluginSdl,
"@microsoft/sdl": pluginSdl
},
rules: {
"@microsoft/sdl/no-angularjs-enable-svg": "error",
"@microsoft/sdl/no-angularjs-sanitization-whitelist": "error",
"@microsoft/sdl/no-angularjs-bypass-sce": "error",
},
},
"@microsoft/sdl/no-angularjs-bypass-sce": "error"
}
}
];
};

8
config/common.js
Просмотреть файл

@ -7,7 +7,7 @@ module.exports = (pluginSdl) => {
return [
{
plugins: {
"@microsoft/sdl": pluginSdl,
"@microsoft/sdl": pluginSdl
},
rules: {
"no-caller": "error",
@ -23,8 +23,8 @@ module.exports = (pluginSdl) => {
"@microsoft/sdl/no-insecure-url": "error",
"@microsoft/sdl/no-msapp-exec-unsafe": "error",
"@microsoft/sdl/no-postmessage-star-origin": "error",
"@microsoft/sdl/no-winjs-html-unsafe": "error",
},
},
"@microsoft/sdl/no-winjs-html-unsafe": "error"
}
}
];
};

8
config/electron.js
Просмотреть файл

@ -7,11 +7,11 @@ module.exports = (pluginSdl) => {
return [
{
plugins: {
"@microsoft/sdl": pluginSdl,
"@microsoft/sdl": pluginSdl
},
rules: {
"@microsoft/sdl/no-electron-node-integration": "error",
},
},
"@microsoft/sdl/no-electron-node-integration": "error"
}
}
];
};

14
config/node.js
Просмотреть файл

@ -9,19 +9,19 @@ module.exports = (pluginSdl) => {
return [
{
plugins: {
n: pluginN,
n: pluginN
},
rules: {
"n/no-deprecated-api": "error",
},
"n/no-deprecated-api": "error"
}
},
{
plugins: {
"@microsoft/sdl": pluginSdl,
"@microsoft/sdl": pluginSdl
},
rules: {
"@microsoft/sdl/no-unsafe-alloc": "error",
},
},
"@microsoft/sdl/no-unsafe-alloc": "error"
}
}
];
};

26
config/react.js поставляемый
Просмотреть файл

@ -11,14 +11,14 @@ module.exports = (pluginSdl) => {
languageOptions: {
parserOptions: {
ecmaFeatures: {
jsx: true,
},
},
},
jsx: true
}
}
}
},
{
plugins: {
react: pluginReact,
react: pluginReact
},
rules: {
"react/no-danger": "error",
@ -27,18 +27,18 @@ module.exports = (pluginSdl) => {
{
allowReferrer: false,
enforceDynamicLinks: "always",
warnOnSpreadAttributes: true,
},
],
},
warnOnSpreadAttributes: true
}
]
}
},
{
plugins: {
"@microsoft/sdl": pluginSdl,
"@microsoft/sdl": pluginSdl
},
rules: {
"@microsoft/sdl/react-iframe-missing-sandbox": "error",
},
},
"@microsoft/sdl/react-iframe-missing-sandbox": "error"
}
}
];
};

20
config/typescript.js
Просмотреть файл

@ -13,28 +13,28 @@ module.exports = () => {
ecmaVersion: 6,
sourceType: "module",
ecmaFeatures: {
jsx: true,
},
},
},
jsx: true
}
}
}
},
{
files: ["**/*.{ts,tsx}"],
languageOptions: {
parserOptions: {
parser: "@typescript-eslint/parser",
},
parser: "@typescript-eslint/parser"
}
},
plugins: {
"@typescript-eslint": pluginTypescript,
"@typescript-eslint": pluginTypescript
},
rules: {
"@typescript-eslint/no-implied-eval": "error",
// @typescript-eslint/no-implied-eval offers more accurate results for typescript.
// thus we turn the more generic rule off for ts and tsx files.
// This also avoids duplicate hits.
"no-implied-eval": "off",
},
},
"no-implied-eval": "off"
}
}
];
};

2
lib/ast-utils.js
Просмотреть файл

@ -65,5 +65,5 @@ module.exports = {
);
}
return false;
},
}
};

14
lib/index.js
Просмотреть файл

@ -11,7 +11,7 @@ const pkg = require(path.join("..", "package.json"));
const plugin = {
meta: {
name: pkg.name,
version: pkg.version,
version: pkg.version
},
rules: {
"no-angular-bypass-sanitizer": require("./rules/no-angular-bypass-sanitizer"),
@ -31,10 +31,10 @@ const plugin = {
"no-postmessage-star-origin": require("./rules/no-postmessage-star-origin"),
"no-unsafe-alloc": require("./rules/no-unsafe-alloc"),
"no-winjs-html-unsafe": require("./rules/no-winjs-html-unsafe"),
"react-iframe-missing-sandbox": require("./rules/react-iframe-missing-sandbox"),
"react-iframe-missing-sandbox": require("./rules/react-iframe-missing-sandbox")
},
// Filled in later in order to reference plugin itself.
configs: {},
configs: {}
};
plugin.configs["angular"] = require("../config/angular")(plugin);
@ -51,7 +51,7 @@ plugin.configs["required"] = [
...plugin.configs["common"],
...plugin.configs["electron"],
...plugin.configs["node"],
...plugin.configs["react"],
...plugin.configs["react"]
];
plugin.configs["recommended"] = [
@ -59,9 +59,9 @@ plugin.configs["recommended"] = [
...plugin.configs["typescript"],
{
plugins: {
security: pluginSecurity,
},
},
security: pluginSecurity
}
}
];
module.exports = plugin;

14
lib/rules/no-angular-bypass-sanitizer.js
Просмотреть файл

@ -17,22 +17,22 @@ module.exports = {
category: "Security",
description:
"Calls to bypassSecurityTrustHtml, bypassSecurityTrustScript and similar methods bypass DomSanitizer in Angular and need to be reviewed.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angular-bypass-sanitizer.md",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angular-bypass-sanitizer.md"
},
messages: {
noBypass: "Do not bypass Angular's built-in sanitizer",
},
noBypass: "Do not bypass Angular's built-in sanitizer"
}
},
create: function (context) {
return {
"CallExpression[arguments!=''][callee.property.name=/bypassSecurityTrust(Html|ResourceUrl|Script|Style|Url)/]"(
node,
node
) {
context.report({
node: node,
messageId: "noBypass",
messageId: "noBypass"
});
},
}
};
},
}
};

14
lib/rules/no-angular-sanitization-trusted-urls.js
Просмотреть файл

@ -17,22 +17,22 @@ module.exports = {
category: "Security",
description:
"Calls to [`$compileProvider.aHrefSanitizationTrustedUrlList`](https://docs.angularjs.org/api/ng/provider/$compileProvider#aHrefSanitizationTrustedUrlList) configure allowed Url list in AngularJS sanitizer and need to be reviewed.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angular-sanitization-trusted-urls.md",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angular-sanitization-trusted-urls.md"
},
messages: {
noSanitizationTrustedUrls: "Do not modify the trusted Urls list in AngularJS",
},
noSanitizationTrustedUrls: "Do not modify the trusted Urls list in AngularJS"
}
},
create: function (context) {
return {
"CallExpression[arguments!=''][callee.object.name='$compileProvider'][callee.property.name=/(aHref|imgSrc)SanitizationTrustedUrlList/]"(
node,
node
) {
context.report({
node: node,
messageId: "noSanitizationTrustedUrls",
messageId: "noSanitizationTrustedUrls"
});
},
}
};
},
}
};

16
lib/rules/no-angularjs-bypass-sce.js
Просмотреть файл

@ -17,23 +17,23 @@ module.exports = {
category: "Security",
description:
"Calls to $sceProvider.enabled(false), $sceDelegate.trustAs(), $sce.trustAs() and relevant shorthand methods (e.g. trustAsHtml or trustAsJs) bypass Strict Contextual Escaping (SCE) in AngularJS and need to be reviewed.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-bypass-sce.md",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-bypass-sce.md"
},
messages: {
doNotBypass: "Do not bypass Strict Contextual Escaping (SCE) in AngularJS",
},
doNotBypass: "Do not bypass Strict Contextual Escaping (SCE) in AngularJS"
}
},
create: function (context) {
function reportIt(node) {
context.report({
node: node,
messageId: "doNotBypass",
messageId: "doNotBypass"
});
}
return {
"CallExpression[arguments!=''][callee.object.name='$sceProvider'][callee.property.name='enabled']"(
node,
node
) {
// Known false positives
if (
@ -48,7 +48,7 @@ module.exports = {
"CallExpression[arguments!=''][callee.object.name='$sceDelegate'][callee.property.name='trustAs']":
reportIt,
"CallExpression[arguments!=''][callee.object.name='$sce'][callee.property.name=/trustAs(Css|Html|Js|ResourceUrl|Url)?/]"(
node,
node
) {
// Known false positives
if (
@ -61,9 +61,9 @@ module.exports = {
}
return reportIt(node);
},
}
};
},
}
};
// TODO: Review https://docs.angularjs.org/api/ng/provider/$sceDelegateProvider#resourceUrlWhitelist and https://docs.angularjs.org/api/ng/provider/$sceDelegateProvider#resourceUrlBlacklist

14
lib/rules/no-angularjs-enable-svg.js
Просмотреть файл

@ -17,16 +17,16 @@ module.exports = {
category: "Security",
description:
"Calls to $sanitizeProvider.enableSvg(true) increase attack surface of the application by enabling SVG support in AngularJS sanitizer and need to be reviewed.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-enable-svg.md",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-enable-svg.md"
},
messages: {
doNotEnableSVG: "Do not enable SVG support in AngularJS",
},
doNotEnableSVG: "Do not enable SVG support in AngularJS"
}
},
create: function (context) {
return {
"CallExpression[callee.object.name='$sanitizeProvider'][callee.property.name='enableSvg']"(
node,
node
) {
// Known false positives
if (
@ -38,11 +38,11 @@ module.exports = {
}
context.report({
node: node,
messageId: "doNotEnableSVG",
messageId: "doNotEnableSVG"
});
},
}
};
},
}
};
// TODO: Add rules for $sanitizeProvider.addValidElements() and $sanitizeProvider.addValidAttrs()

14
lib/rules/no-angularjs-sanitization-whitelist.js
Просмотреть файл

@ -17,22 +17,22 @@ module.exports = {
category: "Security",
description:
"Calls to [`$compileProvider.aHrefSanitizationWhitelist`](https://docs.angularjs.org/api/ng/provider/$compileProvider#aHrefSanitizationWhitelist) or [`$compileProvider.imgSrcSanitizationWhitelist`](https://docs.angularjs.org/api/ng/provider/$compileProvider#imgSrcSanitizationWhitelist) configure whitelists in AngularJS sanitizer and need to be reviewed.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-sanitization-whitelist.md",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-sanitization-whitelist.md"
},
messages: {
noSanitizationWhitelist: "Do not modify sanitization whitelist in AngularJS",
},
noSanitizationWhitelist: "Do not modify sanitization whitelist in AngularJS"
}
},
create: function (context) {
return {
"CallExpression[arguments!=''][callee.object.name='$compileProvider'][callee.property.name=/(aHref|imgSrc)SanitizationWhitelist/]"(
node,
node
) {
context.report({
node: node,
messageId: "noSanitizationWhitelist",
messageId: "noSanitizationWhitelist"
});
},
}
};
},
}
};

12
lib/rules/no-cookies.js
Просмотреть файл

@ -19,11 +19,11 @@ module.exports = {
category: "Security",
description:
"HTTP cookies are an old client-side storage mechanism with inherent risks and limitations. Use Web Storage, IndexedDB or other more modern methods instead.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-cookies.md",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-cookies.md"
},
messages: {
doNotUseCookies: "Do not use HTTP cookies in modern applications",
},
doNotUseCookies: "Do not use HTTP cookies in modern applications"
}
},
create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context);
@ -32,10 +32,10 @@ module.exports = {
if (astUtils.isDocumentObject(node.object, context, fullTypeChecker)) {
context.report({
node: node,
messageId: "doNotUseCookies",
messageId: "doNotUseCookies"
});
}
},
}
};
},
}
};

12
lib/rules/no-document-domain.js
Просмотреть файл

@ -19,11 +19,11 @@ module.exports = {
category: "Security",
description:
"Writes to [`document.domain`](https://developer.mozilla.org/en-US/docs/Web/API/Document/domain) property must be reviewed to avoid bypass of [same-origin checks](https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy#Changing_origin). Usage of top level domains such as `azurewebsites.net` is strictly prohibited.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-document-domain.md",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-document-domain.md"
},
messages: {
default: "Do not write to document.domain property",
},
default: "Do not write to document.domain property"
}
},
create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context);
@ -32,10 +32,10 @@ module.exports = {
if (astUtils.isDocumentObject(node.left.object, context, fullTypeChecker)) {
context.report({
node: node,
messageId: "default",
messageId: "default"
});
}
},
}
};
},
}
};

12
lib/rules/no-document-write.js
Просмотреть файл

@ -19,11 +19,11 @@ module.exports = {
category: "Security",
description:
"Calls to document.write or document.writeln manipulate DOM directly without any sanitization and should be avoided. Use document.createElement() or similar methods instead.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-document-write.md",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-document-write.md"
},
messages: {
default: "Do not write to DOM directly using document.write or document.writeln methods",
},
default: "Do not write to DOM directly using document.write or document.writeln methods"
}
},
create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context);
@ -32,10 +32,10 @@ module.exports = {
if (astUtils.isDocumentObject(node.callee.object, context, fullTypeChecker)) {
context.report({
node: node,
messageId: "default",
messageId: "default"
});
}
},
}
};
},
}
};

14
lib/rules/no-electron-node-integration.js
Просмотреть файл

@ -16,22 +16,22 @@ module.exports = {
category: "Security",
description:
"[Node.js Integration](https://www.electronjs.org/docs/tutorial/security#2-do-not-enable-nodejs-integration-for-remote-content) must not be enabled in any renderer that loads remote content to avoid remote code execution attacks.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-electron-node-integration.md",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-electron-node-integration.md"
},
messages: {
default: "Do not enable Node.js Integration for Remote Content",
},
default: "Do not enable Node.js Integration for Remote Content"
}
},
create: function (context) {
return {
"NewExpression[callee.name=/BrowserWindow|BrowserView/] > ObjectExpression.arguments > Property.properties[key.name=webPreferences] > ObjectExpression.value > Property.properties[key.name=/nodeIntegration|nodeIntegrationInWorker|nodeIntegrationInSubFrames/][value.value='true']"(
node,
node
) {
context.report({
node: node,
messageId: "default",
messageId: "default"
});
},
}
};
},
}
};

12
lib/rules/no-html-method.js
Просмотреть файл

@ -18,11 +18,11 @@ module.exports = {
docs: {
description:
"Direct calls to method `html()` often (e.g. in jQuery framework) manipulate DOM without any sanitization and should be avoided. Use document.createElement() or similar methods instead.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-html-method.md",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-html-method.md"
},
messages: {
default: "Do not write to DOM directly using jQuery html() method",
},
default: "Do not write to DOM directly using jQuery html() method"
}
},
create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context);
@ -42,9 +42,9 @@ module.exports = {
}
context.report({
node: node,
messageId: "default",
messageId: "default"
});
},
}
};
},
}
};

18
lib/rules/no-inner-html.js
Просмотреть файл

@ -18,12 +18,12 @@ module.exports = {
docs: {
description:
"Assignments to [innerHTML](https://developer.mozilla.org/en-US/docs/Web/API/Element/innerHTML)/[outerHTML](https://developer.mozilla.org/en-US/docs/Web/API/Element/outerHTML) properties or calls to [insertAdjacentHTML](https://developer.mozilla.org/en-US/docs/Web/API/Element/insertAdjacentHTML) method manipulate DOM directly without any sanitization and should be avoided. Use document.createElement() or similar methods instead.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-inner-html.md",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-inner-html.md"
},
messages: {
noInnerHtml: "Do not write to DOM directly using innerHTML/outerHTML property",
noInsertAdjacentHTML: "Do not write to DOM using insertAdjacentHTML method",
},
noInsertAdjacentHTML: "Do not write to DOM using insertAdjacentHTML method"
}
},
create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context);
@ -35,7 +35,7 @@ module.exports = {
return {
"CallExpression[arguments.length=2] > MemberExpression.callee[property.name='insertAdjacentHTML']"(
node,
node
) {
// Ignore known false positives
if (
@ -53,12 +53,12 @@ module.exports = {
if (mightBeHTMLElement(node.object)) {
context.report({
node: node,
messageId: "noInsertAdjacentHTML",
messageId: "noInsertAdjacentHTML"
});
}
},
"AssignmentExpression[left.type='MemberExpression'][left.property.name=/innerHTML|outerHTML/]"(
node,
node
) {
// Ignore known false positives
if (
@ -73,10 +73,10 @@ module.exports = {
if (mightBeHTMLElement(node.left.object)) {
context.report({
node: node,
messageId: "noInnerHtml",
messageId: "noInnerHtml"
});
}
},
}
};
},
}
};

20
lib/rules/no-insecure-random.js
Просмотреть файл

@ -17,7 +17,7 @@ const bannedRandomLibraries = [
"random-int",
"random-float",
"random-seed",
"unique-random",
"unique-random"
];
module.exports = {
@ -31,12 +31,12 @@ module.exports = {
Use crypto.randomBytes() or window.crypto.getRandomValues() instead.
`,
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-insecure-random.md",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-insecure-random.md"
},
messages: {
default:
"Do not use pseudo-random number generators for generating secret values such as tokens, passwords or keys.",
},
"Do not use pseudo-random number generators for generating secret values such as tokens, passwords or keys."
}
},
create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context);
@ -54,7 +54,7 @@ module.exports = {
if (notFalsePositive) {
context.report({
node: node,
messageId: "default",
messageId: "default"
});
}
},
@ -70,7 +70,7 @@ module.exports = {
if (notFalsePositive) {
context.report({
node: node,
messageId: "default",
messageId: "default"
});
}
},
@ -78,7 +78,7 @@ module.exports = {
if (bannedRandomLibraries.includes(path.basename(node.source.value))) {
context.report({
node: node,
messageId: "default",
messageId: "default"
});
}
},
@ -87,10 +87,10 @@ module.exports = {
if (bannedRandomLibraries.includes(requireName)) {
context.report({
node: node,
messageId: "default",
messageId: "default"
});
}
},
}
};
},
}
};

36
lib/rules/no-insecure-url.js
Просмотреть файл

@ -15,7 +15,7 @@ const DEFAULT_EXCEPTIONS = [
/^http:(\/\/|\\u002f\\u002f)schemas\.openxmlformats\.org(\/\/|\\u002f\\u002f)?.*/i,
/^http:(\/|\\u002f){2}localhost(:|\/|\\u002f)*/i,
/^http:(\/\/)www\.w3\.org\/1999\/xhtml/i,
/^http:(\/\/)www\.w3\.org\/2000\/svg/i,
/^http:(\/\/)www\.w3\.org\/2000\/svg/i
];
const DEFAULT_VARIABLES_EXECEPTIONS = [];
@ -34,34 +34,34 @@ module.exports = {
blocklist: {
type: "array",
items: {
type: "string",
},
type: "string"
}
},
exceptions: {
type: "array",
items: {
type: "string",
},
type: "string"
}
},
varExceptions: {
type: "array",
items: {
type: "string",
},
},
type: "string"
}
}
},
additionalProperties: false,
},
additionalProperties: false
}
],
docs: {
category: "Security",
description:
"Insecure protocols such as [HTTP](https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol) or [FTP](https://en.wikipedia.org/wiki/File_Transfer_Protocol) should be replaced by their encrypted counterparts ([HTTPS](https://en.wikipedia.org/wiki/HTTPS), [FTPS](https://en.wikipedia.org/wiki/FTPS)) to avoid sending (potentially sensitive) data over untrusted network in plaintext.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-insecure-url.md",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-insecure-url.md"
},
messages: {
doNotUseInsecureUrl: "Do not use insecure URLs",
},
doNotUseInsecureUrl: "Do not use insecure URLs"
}
},
create: function (context) {
const options = context.options[0] || {};
@ -74,7 +74,7 @@ module.exports = {
const varExceptions = (options.varExceptions || DEFAULT_VARIABLES_EXECEPTIONS).map(
(pattern) => {
return new RegExp(pattern, "i");
},
}
);
function matches(patterns, value) {
@ -120,7 +120,7 @@ module.exports = {
//insert an "s" before ":/" to change http:/ to https:/
return fixer.replaceText(node, JSON.stringify(fixedString));
}
},
}
});
}
}
@ -149,11 +149,11 @@ module.exports = {
//insert an "s" before ":/" to change http:/ to https:/
return fixer.replaceText(node, fixedString);
}
},
}
});
}
}
},
}
};
},
}
};

14
lib/rules/no-msapp-exec-unsafe.js
Просмотреть файл

@ -16,22 +16,22 @@ module.exports = {
docs: {
description:
"Calls to [`MSApp.execUnsafeLocalFunction()`](https://docs.microsoft.com/en-us/previous-versions/hh772324(v=vs.85)) bypass script injection validation and should be avoided.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-msapp-exec-unsafe.md",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-msapp-exec-unsafe.md"
},
messages: {
default: "Do not bypass script injection validation",
},
default: "Do not bypass script injection validation"
}
},
create: function (context) {
return {
"CallExpression[arguments.length=1][callee.object.name='MSApp'][callee.property.name='execUnsafeLocalFunction']"(
node,
node
) {
context.report({
node: node,
messageId: "default",
messageId: "default"
});
},
}
};
},
}
};

16
lib/rules/no-postmessage-star-origin.js
Просмотреть файл

@ -17,17 +17,17 @@ module.exports = {
docs: {
description:
"Always provide specific target origin, not * when sending data to other windows using [`postMessage`](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage#Security_concerns) to avoid data leakage outside of trust boundary.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-postmessage-star-origin.md",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-postmessage-star-origin.md"
},
messages: {
default: "Do not use * as target origin when sending data to other windows",
},
default: "Do not use * as target origin when sending data to other windows"
}
},
create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context);
return {
"CallExpression[arguments.length>=2][arguments.length<=3][callee.property.name=postMessage]"(
node,
node
) {
// Check that second argument (target origin) is Literal "*"
if (!(node.arguments[1].type === "Literal" && node.arguments[1].value == "*")) {
@ -37,7 +37,7 @@ module.exports = {
// Check that object type is Window when full type information is available
if (fullTypeChecker) {
const tsNode = context.sourceCode.parserServices.esTreeNodeToTSNodeMap.get(
node.callee.object,
node.callee.object
);
const tsType = fullTypeChecker.getTypeAtLocation(tsNode);
const type = fullTypeChecker.typeToString(tsType);
@ -48,9 +48,9 @@ module.exports = {
context.report({
node: node,
messageId: "default",
messageId: "default"
});
},
}
};
},
}
};

12
lib/rules/no-unsafe-alloc.js
Просмотреть файл

@ -11,11 +11,11 @@ module.exports = {
docs: {
description:
"When calling [`Buffer.allocUnsafe`](https://nodejs.org/api/buffer.html#buffer_static_method_buffer_allocunsafe_size) and [`Buffer.allocUnsafeSlow`](https://nodejs.org/api/buffer.html#buffer_static_method_buffer_allocunsafeslow_size), the allocated memory is not wiped-out and can contain old, potentially sensitive data.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-unsafe-alloc.md",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-unsafe-alloc.md"
},
messages: {
default: "Do not allocate uninitialized buffers in Node.js",
},
default: "Do not allocate uninitialized buffers in Node.js"
}
},
create: function (context) {
return {
@ -36,9 +36,9 @@ module.exports = {
}
context.report({
node: node,
messageId: "default",
messageId: "default"
});
},
}
};
},
}
};

14
lib/rules/no-winjs-html-unsafe.js
Просмотреть файл

@ -16,22 +16,22 @@ module.exports = {
docs: {
description:
"Calls to [`WinJS.Utilities.setInnerHTMLUnsafe()`](https://docs.microsoft.com/en-us/previous-versions/windows/apps/br211696(v=win.10)) and similar methods do not perform any input validation and should be avoided. Use [`WinJS.Utilities.setInnerHTML()`](https://docs.microsoft.com/en-us/previous-versions/windows/apps/br211697(v=win.10)) instead.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-winjs-html-unsafe.md",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-winjs-html-unsafe.md"
},
messages: {
default: "Do not set HTML using unsafe methods from WinJS.Utilities",
},
default: "Do not set HTML using unsafe methods from WinJS.Utilities"
}
},
create: function (context) {
return {
"CallExpression[callee.object.object.name='WinJS'][callee.object.property.name='Utilities'][callee.property.name=/(insertAdjacent|setInner|setOuter)HTMLUnsafe/]"(
node,
node
) {
context.report({
node: node,
messageId: "default",
messageId: "default"
});
},
}
};
},
}
};

20
lib/rules/react-iframe-missing-sandbox.js поставляемый
Просмотреть файл

@ -18,15 +18,15 @@ module.exports = {
category: "Security",
description:
"The [sandbox](https://www.w3schools.com/tags/att_iframe_sandbox.asp) attribute enables an extra set of restrictions for the content in the iframe and should always be specified.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/react-iframe-missing-sandbox.md",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/react-iframe-missing-sandbox.md"
},
messages: {
attributeMissing: "An iframe element is missing a sandbox attribute",
invalidValue:
'An iframe element defines a sandbox attribute with invalid value "{{ value }}"',
invalidCombination:
"An iframe element defines a sandbox attribute with both allow-scripts and allow-same-origin which is invalid",
},
"An iframe element defines a sandbox attribute with both allow-scripts and allow-same-origin which is invalid"
}
},
create(context) {
@ -43,7 +43,7 @@ module.exports = {
"allow-same-origin",
"allow-scripts",
"allow-top-navigation",
"allow-top-navigation-by-user-activation",
"allow-top-navigation-by-user-activation"
];
function validateSandboxAttribute(node, attribute) {
@ -57,8 +57,8 @@ module.exports = {
node,
messageId: "invalidValue",
data: {
value: trimmedAttributeValue,
},
value: trimmedAttributeValue
}
});
}
if (trimmedAttributeValue === "allow-scripts") {
@ -71,7 +71,7 @@ module.exports = {
if (allowScripts && allowSameOrigin) {
context.report({
node,
messageId: "invalidCombination",
messageId: "invalidCombination"
});
}
}
@ -96,10 +96,10 @@ module.exports = {
if (!sandboxAttributeFound) {
context.report({
node,
messageId: "attributeMissing",
messageId: "attributeMissing"
});
}
},
}
};
},
}
};

20
tests/lib/rules/no-angular-bypass-sanitizer.js
Просмотреть файл

@ -11,7 +11,7 @@ ruleTester.run(ruleId, rule, {
valid: [
"bypassSecurityTrustHtml('XSS')",
"x.bypassSecurityTrustHtml()",
"x.BypassSecurityTrustHtml('XSS')",
"x.BypassSecurityTrustHtml('XSS')"
],
invalid: [
{
@ -22,25 +22,25 @@ ruleTester.run(ruleId, rule, {
line: 1,
endLine: 1,
column: 1,
endColumn: 38,
},
],
endColumn: 38
}
]
},
{
code: "$('p').bypassSecurityTrustResourceUrl('XSS')",
errors: [{ messageId: "noBypass" }],
errors: [{ messageId: "noBypass" }]
},
{
code: "$('p').bypassSecurityTrustScript('XSS')",
errors: [{ messageId: "noBypass" }],
errors: [{ messageId: "noBypass" }]
},
{
code: "$('p').bypassSecurityTrustStyle('XSS')",
errors: [{ messageId: "noBypass" }],
errors: [{ messageId: "noBypass" }]
},
{
code: "$('p').bypassSecurityTrustUrl('XSS')",
errors: [{ messageId: "noBypass" }],
},
],
errors: [{ messageId: "noBypass" }]
}
]
});

18
tests/lib/rules/no-angular-sanitization-trusted-urls.js
Просмотреть файл

@ -12,7 +12,7 @@ ruleTester.run(ruleId, rule, {
"aHrefSanitizationTrustedUrlList ('.*')",
"x.aHrefSanitizationTrustedUrlList ('.*')",
"$compileProvider.aHrefSanitizationTrustedUrlList ()",
"$compileProvider.AHrefSanitizationTrustedUrlList ('.*')",
"$compileProvider.AHrefSanitizationTrustedUrlList ('.*')"
],
invalid: [
{
@ -23,9 +23,9 @@ ruleTester.run(ruleId, rule, {
line: 1,
endLine: 1,
column: 1,
endColumn: 56,
},
],
endColumn: 56
}
]
},
{
code: "$compileProvider.imgSrcSanitizationTrustedUrlList('.*');",
@ -35,9 +35,9 @@ ruleTester.run(ruleId, rule, {
line: 1,
endLine: 1,
column: 1,
endColumn: 56,
},
],
},
],
endColumn: 56
}
]
}
]
});

26
tests/lib/rules/no-angularjs-bypass-sce.js
Просмотреть файл

@ -16,48 +16,48 @@ ruleTester.run(ruleId, rule, {
"x.trustAsHtml('XSS')",
"$sceProvider.enabled()",
"$sceProvider.enabled(true)",
"$sceProvider.enabled(1)",
"$sceProvider.enabled(1)"
],
invalid: [
{
code: "$sceDelegate.trustAs($sce.HTML, 'XSS')",
errors: [{ messageId: "doNotBypass" }],
errors: [{ messageId: "doNotBypass" }]
},
{
code: "$sce.trustAs($sce.HTML, 'XSS')",
errors: [{ messageId: "doNotBypass" }],
errors: [{ messageId: "doNotBypass" }]
},
{
code: "$sce.trustAsCss('XSS')",
errors: [{ messageId: "doNotBypass" }],
errors: [{ messageId: "doNotBypass" }]
},
{
code: "$sce.trustAsHtml('XSS')",
errors: [{ messageId: "doNotBypass" }],
errors: [{ messageId: "doNotBypass" }]
},
{
code: "$sce.trustAsJs('XSS')",
errors: [{ messageId: "doNotBypass" }],
errors: [{ messageId: "doNotBypass" }]
},
{
code: "$sce.trustAsResourceUrl('XSS')",
errors: [{ messageId: "doNotBypass" }],
errors: [{ messageId: "doNotBypass" }]
},
{
code: "$sce.trustAsUrl('XSS')",
errors: [{ messageId: "doNotBypass" }],
errors: [{ messageId: "doNotBypass" }]
},
{
code: "$sceProvider.enabled(false)",
errors: [{ messageId: "doNotBypass" }],
errors: [{ messageId: "doNotBypass" }]
},
{
code: "$sceProvider.enabled(0)",
errors: [{ messageId: "doNotBypass" }],
errors: [{ messageId: "doNotBypass" }]
},
{
code: "$sceProvider.enabled(true != true)",
errors: [{ messageId: "doNotBypass" }],
},
],
errors: [{ messageId: "doNotBypass" }]
}
]
});

10
tests/lib/rules/no-angularjs-enable-svg.js
Просмотреть файл

@ -14,16 +14,16 @@ ruleTester.run(ruleId, rule, {
"$sanitizeProvider.enableSvg()",
"$sanitizeProvider.enableSvg(false)",
"$sanitizeProvider.enableSvg(0)",
"$sanitizeProvider.EnableSvg(0)",
"$sanitizeProvider.EnableSvg(0)"
],
invalid: [
{
code: "$sanitizeProvider.enableSvg(true)",
errors: [{ messageId: "doNotEnableSVG" }],
errors: [{ messageId: "doNotEnableSVG" }]
},
{
code: "$sanitizeProvider.enableSvg(1)",
errors: [{ messageId: "doNotEnableSVG" }],
},
],
errors: [{ messageId: "doNotEnableSVG" }]
}
]
});

18
tests/lib/rules/no-angularjs-sanitization-whitelist.js
Просмотреть файл

@ -12,7 +12,7 @@ ruleTester.run(ruleId, rule, {
"aHrefSanitizationWhitelist('.*')",
"x.aHrefSanitizationWhitelist('.*')",
"$compileProvider.aHrefSanitizationWhitelist()",
"$compileProvider.AHrefSanitizationWhitelist('.*')",
"$compileProvider.AHrefSanitizationWhitelist('.*')"
],
invalid: [
{
@ -23,9 +23,9 @@ ruleTester.run(ruleId, rule, {
line: 1,
endLine: 1,
column: 1,
endColumn: 50,
},
],
endColumn: 50
}
]
},
{
code: "$compileProvider.imgSrcSanitizationWhitelist('.*');",
@ -35,9 +35,9 @@ ruleTester.run(ruleId, rule, {
line: 1,
endLine: 1,
column: 1,
endColumn: 51,
},
],
},
],
endColumn: 51
}
]
}
]
});

20
tests/lib/rules/no-cookies.js
Просмотреть файл

@ -39,25 +39,25 @@ function X() {
}
documentLikeAPIFunction().cookie = '...';
`,
},
`
}
],
invalid: [
{
code: "document.cookie = '...'",
errors: [{ messageId: "doNotUseCookies" }],
errors: [{ messageId: "doNotUseCookies" }]
},
{
code: "window.document.cookie = '...'",
errors: [{ messageId: "doNotUseCookies" }],
errors: [{ messageId: "doNotUseCookies" }]
},
{
code: "this.window.document.cookie = '...'",
errors: [{ messageId: "doNotUseCookies" }],
errors: [{ messageId: "doNotUseCookies" }]
},
{
code: "globalThis.window.document.cookie = '...'",
errors: [{ messageId: "doNotUseCookies" }],
errors: [{ messageId: "doNotUseCookies" }]
},
{
languageOptions: testUtils.tsLanguageOptions,
@ -67,7 +67,7 @@ function documentFunction(): Document {
}
documentFunction().cookie = '...';
`,
errors: [{ messageId: "doNotUseCookies" }],
errors: [{ messageId: "doNotUseCookies" }]
},
{
languageOptions: testUtils.tsLanguageOptions,
@ -78,7 +78,7 @@ namespace Sample {
}
}
`,
errors: [{ messageId: "doNotUseCookies" }],
},
],
errors: [{ messageId: "doNotUseCookies" }]
}
]
});

24
tests/lib/rules/no-document-domain.js
Просмотреть файл

@ -23,22 +23,22 @@ function main() {
var document: DocumentLikeAPI = documentLikeAPIFunction();
document.domain = 'somevalue';
}
`,
},
`
}
],
invalid: [
{
languageOptions: testUtils.tsLanguageOptions,
code: "var doc = window.document; doc.domain = 'somevalue';",
errors: [{ messageId: "default" }],
errors: [{ messageId: "default" }]
},
{
code: "document.domain = 'somevalue'",
errors: [{ messageId: "default" }],
errors: [{ messageId: "default" }]
},
{
code: "window.document.domain = 'somevalue'",
errors: [{ messageId: "default" }],
errors: [{ messageId: "default" }]
},
{
code: `
@ -50,17 +50,17 @@ newWindow.document.domain = somevalue;
errors: [
{
line: 3,
messageId: "default",
messageId: "default"
},
{
line: 4,
messageId: "default",
messageId: "default"
},
{
line: 5,
messageId: "default",
},
],
},
],
messageId: "default"
}
]
}
]
});

18
tests/lib/rules/no-document-write.js
Просмотреть файл

@ -23,7 +23,7 @@ ruleTester.run(ruleId, rule, {
writeln: () => {},
};
}
`,
`
},
{
code: `
@ -43,8 +43,8 @@ ruleTester.run(ruleId, rule, {
document.write('', '');
document.writeln();
document.writeln('', '');
`,
},
`
}
],
invalid: [
{
@ -63,8 +63,8 @@ ruleTester.run(ruleId, rule, {
{ messageId: "default", line: 3 },
{ messageId: "default", line: 4 },
{ messageId: "default", line: 8 },
{ messageId: "default", line: 9 },
],
{ messageId: "default", line: 9 }
]
},
{
code: `
@ -81,8 +81,8 @@ ruleTester.run(ruleId, rule, {
{ messageId: "default", line: 4 },
{ messageId: "default", line: 5 },
{ messageId: "default", line: 6 },
{ messageId: "default", line: 7 },
],
},
],
{ messageId: "default", line: 7 }
]
}
]
});

16
tests/lib/rules/no-electron-node-integration.js
Просмотреть файл

@ -23,8 +23,8 @@ ruleTester.run(ruleId, rule, {
nodeIntegration: false
}
});
`,
},
`
}
],
invalid: [
{
@ -40,8 +40,8 @@ ruleTester.run(ruleId, rule, {
errors: [
{ messageId: "default", line: 4 },
{ messageId: "default", line: 5 },
{ messageId: "default", line: 6 },
],
{ messageId: "default", line: 6 }
]
},
{
code: `
@ -56,8 +56,8 @@ ruleTester.run(ruleId, rule, {
errors: [
{ messageId: "default", line: 4 },
{ messageId: "default", line: 5 },
{ messageId: "default", line: 6 },
],
},
],
{ messageId: "default", line: 6 }
]
}
]
});

12
tests/lib/rules/no-html-method.js
Просмотреть файл

@ -14,16 +14,16 @@ ruleTester.run(ruleId, rule, {
"test.html()",
"test.html('','')",
"element.html('');",
"element.html(null);",
"element.html(null);"
],
invalid: [
{
code: "$('p').html('XSS')",
errors: [{ messageId: "default", line: 1 }],
errors: [{ messageId: "default", line: 1 }]
},
{
code: "$(selector).html(sample_function())",
errors: [{ messageId: "default", line: 1 }],
errors: [{ messageId: "default", line: 1 }]
},
{
languageOptions: testUtils.es6LanguageOptions,
@ -31,7 +31,7 @@ ruleTester.run(ruleId, rule, {
import $ from "jquery";
test.html('XSS');
`,
errors: [{ messageId: "default", line: 3 }],
},
],
errors: [{ messageId: "default", line: 3 }]
}
]
});

22
tests/lib/rules/no-inner-html.js
Просмотреть файл

@ -29,8 +29,8 @@ ruleTester.run(ruleId, rule, {
let test = new Test("test");
test.innerHTML = test;
test.outerHTML = test;
`,
},
`
}
],
invalid: [
// TypeScript with full type information
@ -45,8 +45,8 @@ ruleTester.run(ruleId, rule, {
errors: [
{ messageId: "noInnerHtml", line: 3 },
{ messageId: "noInnerHtml", line: 4 },
{ messageId: "noInsertAdjacentHTML", line: 5 },
],
{ messageId: "noInsertAdjacentHTML", line: 5 }
]
},
{
code: `
@ -55,8 +55,8 @@ ruleTester.run(ruleId, rule, {
`,
errors: [
{ messageId: "noInnerHtml", line: 2 },
{ messageId: "noInnerHtml", line: 3 },
],
{ messageId: "noInnerHtml", line: 3 }
]
},
{
code: `
@ -65,12 +65,12 @@ ruleTester.run(ruleId, rule, {
`,
errors: [
{ messageId: "noInnerHtml", line: 2 },
{ messageId: "noInnerHtml", line: 3 },
],
{ messageId: "noInnerHtml", line: 3 }
]
},
{
code: "element.insertAdjacentHTML('beforebegin', 'foo')",
errors: [{ messageId: "noInsertAdjacentHTML", line: 1 }],
},
],
errors: [{ messageId: "noInsertAdjacentHTML", line: 1 }]
}
]
});

44
tests/lib/rules/no-insecure-random.js
Просмотреть файл

@ -20,7 +20,7 @@ ruleTester.run(ruleId, rule, {
Math.random;
math.random();
random();
`,
`
},
{
code: `
@ -30,7 +30,7 @@ ruleTester.run(ruleId, rule, {
require('random-package');
require('random-float2');
require('random2-seed');
`,
`
},
{
languageOptions: testUtils.es6LanguageOptions,
@ -41,7 +41,7 @@ ruleTester.run(ruleId, rule, {
import 'eslint';
import 'eslint-plugin-sdl';
import 'testing';
`,
`
},
{
code: `
@ -49,7 +49,7 @@ ruleTester.run(ruleId, rule, {
pseudoRandomBytes();
pseudoRandomByte();
cryptos.pseudoRondomBytes();
`,
`
},
{
languageOptions: testUtils.tsLanguageOptions,
@ -60,7 +60,7 @@ ruleTester.run(ruleId, rule, {
Math.Random;
Math.random;
`,
`
},
{
languageOptions: testUtils.tsLanguageOptions,
@ -72,8 +72,8 @@ ruleTester.run(ruleId, rule, {
pseudoRandomByte();
cryptos.pseudoRondomBytes();
cryptos.pseudoRondomBytes();
`,
},
`
}
],
invalid: [
{
@ -83,8 +83,8 @@ ruleTester.run(ruleId, rule, {
`,
errors: [
{ messageId: "default", line: 2 },
{ messageId: "default", line: 3 },
],
{ messageId: "default", line: 3 }
]
},
{
languageOptions: testUtils.tsLanguageOptions,
@ -94,8 +94,8 @@ ruleTester.run(ruleId, rule, {
`,
errors: [
{ messageId: "default", line: 2 },
{ messageId: "default", line: 3 },
],
{ messageId: "default", line: 3 }
]
},
{
languageOptions: testUtils.tsLanguageOptions,
@ -106,14 +106,14 @@ ruleTester.run(ruleId, rule, {
notMath().random();
`,
errors: [{ messageId: "default", line: 6 }],
errors: [{ messageId: "default", line: 6 }]
},
{
languageOptions: testUtils.tsLanguageOptions,
code: `
crypto.pseudoRandomBytes();
`,
errors: [{ messageId: "default", line: 2 }],
errors: [{ messageId: "default", line: 2 }]
},
{
languageOptions: testUtils.tsLanguageOptions,
@ -124,7 +124,7 @@ ruleTester.run(ruleId, rule, {
notCrypto().pseudoRandomBytes();
`,
errors: [{ messageId: "default", line: 6 }],
errors: [{ messageId: "default", line: 6 }]
},
{
languageOptions: testUtils.es6LanguageOptions,
@ -142,8 +142,8 @@ ruleTester.run(ruleId, rule, {
{ messageId: "default", line: 4 },
{ messageId: "default", line: 5 },
{ messageId: "default", line: 6 },
{ messageId: "default", line: 7 },
],
{ messageId: "default", line: 7 }
]
},
{
languageOptions: testUtils.es6LanguageOptions,
@ -159,8 +159,8 @@ ruleTester.run(ruleId, rule, {
{ messageId: "default", line: 3 },
{ messageId: "default", line: 4 },
{ messageId: "default", line: 5 },
{ messageId: "default", line: 6 },
],
{ messageId: "default", line: 6 }
]
},
{
code: `
@ -177,8 +177,8 @@ ruleTester.run(ruleId, rule, {
{ messageId: "default", line: 4 },
{ messageId: "default", line: 5 },
{ messageId: "default", line: 6 },
{ messageId: "default", line: 7 },
],
},
],
{ messageId: "default", line: 7 }
]
}
]
});

70
tests/lib/rules/no-insecure-url.js
Просмотреть файл

@ -21,7 +21,7 @@ ruleTester.run(ruleId, rule, {
code: `
var x = 'https://www.example.com'
var y = 'ftps://www.example.com'
`,
`
},
{
// should allow https,ftps template strings in variables
@ -29,7 +29,7 @@ ruleTester.run(ruleId, rule, {
var x = \`https://www.template-examples.com\`
var y = \`ftps://www.template-file-examples.com\`
`,
languageOptions: testUtils.es6LanguageOptions,
languageOptions: testUtils.es6LanguageOptions
},
{
// should allow https,ftps multipart template strings in variables
@ -37,11 +37,11 @@ ruleTester.run(ruleId, rule, {
var x = \`https://www.\${multipartExample}.com\`
var y = \`ftps://www.\${multipartExample}.com\`
`,
languageOptions: testUtils.es6LanguageOptions,
languageOptions: testUtils.es6LanguageOptions
},
{
// should allow http,ftp in middle of string
code: "var x = 'The protocol may be http://, https://, ftp:// or ftps://'",
code: "var x = 'The protocol may be http://, https://, ftp:// or ftps://'"
},
{
// should allow https,ftps strings in default values
@ -49,7 +49,7 @@ ruleTester.run(ruleId, rule, {
function f(x : string = 'https://www.example.com') {}
function f(y : string = 'ftps://www.example.com') {}
`,
languageOptions: testUtils.tsLanguageOptions,
languageOptions: testUtils.tsLanguageOptions
},
{
// should allow user-provided exceptions matches, regardless of upper/lower-case
@ -64,10 +64,10 @@ ruleTester.run(ruleId, rule, {
exceptions: [
"HTTP://www.allow-example.com/?.*",
"FtP://www.allow-file-example.com",
"LdaP://www.allow-ldap-example.com",
],
},
],
"LdaP://www.allow-ldap-example.com"
]
}
]
},
{
// should allow user-provided exceptions for variable name matches, regardless of upper/lower-case
@ -77,9 +77,9 @@ ruleTester.run(ruleId, rule, {
`,
options: [
{
varExceptions: ["insecure?.*"],
},
],
varExceptions: ["insecure?.*"]
}
]
},
{
// should allow xml namespaces, as they are not accessed by the browser
@ -91,22 +91,22 @@ ruleTester.run(ruleId, rule, {
);
};
`,
languageOptions: testUtils.tsReactLanguageOptions,
languageOptions: testUtils.tsReactLanguageOptions
},
{
// should allow localhost
code: `
var x = "http://localhost/test";
var y = "http://localhost";
`,
`
},
{
// should allow xml namespaces for XHTML and SVG even if outside of jsx xmlns attribute
code: `
var x = "http://www.w3.org/1999/xhtml";
var y = "http://www.w3.org/2000/svg";
`,
},
`
}
],
invalid: [
{
@ -127,8 +127,8 @@ ruleTester.run(ruleId, rule, {
{ messageId: "doNotUseInsecureUrl", line: 2 },
{ messageId: "doNotUseInsecureUrl", line: 3 },
{ messageId: "doNotUseInsecureUrl", line: 4 },
{ messageId: "doNotUseInsecureUrl", line: 5 },
],
{ messageId: "doNotUseInsecureUrl", line: 5 }
]
},
{
// should ban http,ftp template strings in variables
@ -148,9 +148,9 @@ ruleTester.run(ruleId, rule, {
{ messageId: "doNotUseInsecureUrl", line: 2 },
{ messageId: "doNotUseInsecureUrl", line: 3 },
{ messageId: "doNotUseInsecureUrl", line: 4 },
{ messageId: "doNotUseInsecureUrl", line: 5 },
{ messageId: "doNotUseInsecureUrl", line: 5 }
],
languageOptions: testUtils.es6LanguageOptions,
languageOptions: testUtils.es6LanguageOptions
},
{
// should ban http,ftp multipart template strings in variables
@ -164,9 +164,9 @@ ruleTester.run(ruleId, rule, {
`,
errors: [
{ messageId: "doNotUseInsecureUrl", line: 2 },
{ messageId: "doNotUseInsecureUrl", line: 3 },
{ messageId: "doNotUseInsecureUrl", line: 3 }
],
languageOptions: testUtils.es6LanguageOptions,
languageOptions: testUtils.es6LanguageOptions
},
{
// should ban http,ftp strings in default values
@ -180,9 +180,9 @@ ruleTester.run(ruleId, rule, {
`,
errors: [
{ messageId: "doNotUseInsecureUrl", line: 2 },
{ messageId: "doNotUseInsecureUrl", line: 3 },
{ messageId: "doNotUseInsecureUrl", line: 3 }
],
languageOptions: testUtils.tsLanguageOptions,
languageOptions: testUtils.tsLanguageOptions
},
{
// should ban user-provided blacklist matches, regardless of upper/lower-case
@ -202,17 +202,17 @@ ruleTester.run(ruleId, rule, {
{ messageId: "doNotUseInsecureUrl", line: 2 },
{ messageId: "doNotUseInsecureUrl", line: 3 },
{ messageId: "doNotUseInsecureUrl", line: 4 },
{ messageId: "doNotUseInsecureUrl", line: 5 },
{ messageId: "doNotUseInsecureUrl", line: 5 }
],
options: [
{
blocklist: [
"htTp://www.ban-example.com/?.*",
"fTp://www.ban-file-example.com/?.*",
"lDAp://www.ban-ldap-example.com/?.*",
],
},
],
"lDAp://www.ban-ldap-example.com/?.*"
]
}
]
},
{
// should ban any other xml attribute with urls in them
@ -233,13 +233,13 @@ ruleTester.run(ruleId, rule, {
};
`,
errors: [{ messageId: "doNotUseInsecureUrl", line: 4 }],
languageOptions: testUtils.tsReactLanguageOptions,
languageOptions: testUtils.tsReactLanguageOptions
},
{
// should escape the url string correctly
code: `var a1 = "http://moz\ti\tlla.org";`,
output: `var a1 = "https://moz\\ti\\tlla.org";`,
errors: [{ messageId: "doNotUseInsecureUrl", line: 1 }],
errors: [{ messageId: "doNotUseInsecureUrl", line: 1 }]
},
{
// should fix url in `` correctly
@ -247,7 +247,7 @@ ruleTester.run(ruleId, rule, {
output: "var x1 = `https://foo${multipartExample} http://${multipartExample}.com`;",
errors: [{ messageId: "doNotUseInsecureUrl", line: 1 }],
languageOptions: testUtils.es6LanguageOptions,
languageOptions: testUtils.es6LanguageOptions
},
{
// should escape the string and fix it properly in ``
@ -255,7 +255,7 @@ ruleTester.run(ruleId, rule, {
output: `var a1 = \`https://moz\\ti\\tlla.org\`;`,
errors: [{ messageId: "doNotUseInsecureUrl", line: 1 }],
languageOptions: testUtils.es6LanguageOptions,
},
],
languageOptions: testUtils.es6LanguageOptions
}
]
});

6
tests/lib/rules/no-msapp-exec-unsafe.js
Просмотреть файл

@ -13,7 +13,7 @@ ruleTester.run(ruleId, rule, {
invalid: [
{
code: "MSApp.execUnsafeLocalFunction(testfunc)",
errors: [{ messageId: "default", line: 1, type: "CallExpression" }],
},
],
errors: [{ messageId: "default", line: 1, type: "CallExpression" }]
}
]
});

16
tests/lib/rules/no-postmessage-star-origin.js
Просмотреть файл

@ -27,8 +27,8 @@ function main() {
var w: WindowLike = new WindowLike();
w.postMessage('test', '*');
}
`,
},
`
}
],
invalid: [
{
@ -38,8 +38,8 @@ function main() {
`,
errors: [
{ messageId: "default", line: 2 },
{ messageId: "default", line: 3 },
],
{ messageId: "default", line: 3 }
]
},
{
languageOptions: testUtils.tsLanguageOptions,
@ -50,8 +50,8 @@ function main() {
`,
errors: [
{ messageId: "default", line: 2 },
{ messageId: "default", line: 4 },
],
},
],
{ messageId: "default", line: 4 }
]
}
]
});

8
tests/lib/rules/no-unsafe-alloc.js
Просмотреть файл

@ -18,8 +18,8 @@ ruleTester.run(ruleId, rule, {
`,
errors: [
{ messageId: "default", line: 2 },
{ messageId: "default", line: 3 },
],
},
],
{ messageId: "default", line: 3 }
]
}
]
});

8
tests/lib/rules/no-winjs-html-unsafe.js
Просмотреть файл

@ -20,8 +20,8 @@ ruleTester.run(ruleId, rule, {
errors: [
{ messageId: "default", line: 2, type: "CallExpression" },
{ messageId: "default", line: 3, type: "CallExpression" },
{ messageId: "default", line: 4, type: "CallExpression" },
],
},
],
{ messageId: "default", line: 4, type: "CallExpression" }
]
}
]
});

36
tests/lib/rules/react-iframe-missing-sandbox.js поставляемый
Просмотреть файл

@ -14,10 +14,10 @@ var ruleTester = new RuleTester({
ecmaVersion: 2018,
sourceType: "module",
ecmaFeatures: {
jsx: true,
},
},
},
jsx: true
}
}
}
});
ruleTester.run(ruleId, rule, {
@ -38,48 +38,48 @@ ruleTester.run(ruleId, rule, {
{ code: '<iframe sandbox="allow-scripts"></iframe>' },
{ code: '<iframe sandbox="allow-top-navigation"></iframe>' },
{
code: '<iframe sandbox="allow-top-navigation-by-user-activation"></iframe>',
code: '<iframe sandbox="allow-top-navigation-by-user-activation"></iframe>'
},
{ code: '<iframe sandbox="allow-forms allow-modals"></iframe>' },
{
code: '<iframe sandbox="allow-popups allow-popups-to-escape-sandbox allow-pointer-lock allow-same-origin allow-top-navigation"></iframe>',
},
code: '<iframe sandbox="allow-popups allow-popups-to-escape-sandbox allow-pointer-lock allow-same-origin allow-top-navigation"></iframe>'
}
],
invalid: [
{
code: "<iframe></iframe>;",
errors: [{ messageId: "attributeMissing" }],
errors: [{ messageId: "attributeMissing" }]
},
{
code: "<iframe/>;",
errors: [{ messageId: "attributeMissing" }],
errors: [{ messageId: "attributeMissing" }]
},
{
code: '<iframe sandbox="__unknown__"></iframe>',
errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }],
errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }]
},
{
code: '<iframe sandbox="allow-popups __unknown__"/>',
errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }],
errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }]
},
{
code: '<iframe sandbox="__unknown__ allow-popups"/>',
errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }],
errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }]
},
{
code: '<iframe sandbox=" allow-forms __unknown__ allow-popups __unknown__ "/>',
errors: [
{ messageId: "invalidValue", data: { value: "__unknown__" } },
{ messageId: "invalidValue", data: { value: "__unknown__" } },
],
{ messageId: "invalidValue", data: { value: "__unknown__" } }
]
},
{
code: '<iframe sandbox="allow-scripts allow-same-origin"></iframe>;',
errors: [{ messageId: "invalidCombination" }],
errors: [{ messageId: "invalidCombination" }]
},
{
code: '<iframe sandbox="allow-same-origin allow-scripts"/>;',
errors: [{ messageId: "invalidCombination" }],
},
],
errors: [{ messageId: "invalidCombination" }]
}
]
});

16
tests/lib/test-utils.js
Просмотреть файл

@ -14,15 +14,15 @@ module.exports = {
es6LanguageOptions: {
parserOptions: {
ecmaVersion: 6,
sourceType: "module",
},
sourceType: "module"
}
},
tsLanguageOptions: {
parser: tsParser,
parserOptions: {
tsconfigRootDir: path.join(__dirname, "..", "fixtures", "ts"),
projectService: true,
},
projectService: true
}
},
tsReactLanguageOptions: {
parser: tsParser,
@ -30,8 +30,8 @@ module.exports = {
tsconfigRootDir: path.join(__dirname, "..", "fixtures", "tsx"),
projectService: true,
ecmaFeatures: {
jsx: true,
},
},
},
jsx: true
}
}
}
};