diff --git a/.prettierrc b/.prettierrc
index de753c5..a710a70 100644
--- a/.prettierrc
+++ b/.prettierrc
@@ -1,3 +1,4 @@
{
- "printWidth": 100
+ "printWidth": 100,
+ "trailingComma": "none"
}
diff --git a/README.md b/README.md
index c39b2fb..622c712 100644
--- a/README.md
+++ b/README.md
@@ -39,9 +39,9 @@ module.exports = [
{
rules: {
"no-eval": "error",
- "@microsoft/sdl/no-inner-html": "error",
- },
- },
+ "@microsoft/sdl/no-inner-html": "error"
+ }
+ }
];
```
diff --git a/config/angular.js b/config/angular.js
index 9b6220c..50cc9de 100644
--- a/config/angular.js
+++ b/config/angular.js
@@ -8,11 +8,11 @@ module.exports = (pluginSdl) => {
return [
{
plugins: {
- "@microsoft/sdl": pluginSdl,
+ "@microsoft/sdl": pluginSdl
},
rules: {
- "@microsoft/sdl/no-angular-bypass-sanitizer": "error",
- },
- },
+ "@microsoft/sdl/no-angular-bypass-sanitizer": "error"
+ }
+ }
];
};
diff --git a/config/angularjs.js b/config/angularjs.js
index 974a0b2..c85b518 100644
--- a/config/angularjs.js
+++ b/config/angularjs.js
@@ -8,13 +8,13 @@ module.exports = (pluginSdl) => {
return [
{
plugins: {
- "@microsoft/sdl": pluginSdl,
+ "@microsoft/sdl": pluginSdl
},
rules: {
"@microsoft/sdl/no-angularjs-enable-svg": "error",
"@microsoft/sdl/no-angularjs-sanitization-whitelist": "error",
- "@microsoft/sdl/no-angularjs-bypass-sce": "error",
- },
- },
+ "@microsoft/sdl/no-angularjs-bypass-sce": "error"
+ }
+ }
];
};
diff --git a/config/common.js b/config/common.js
index 1d3ccde..70a8191 100644
--- a/config/common.js
+++ b/config/common.js
@@ -7,7 +7,7 @@ module.exports = (pluginSdl) => {
return [
{
plugins: {
- "@microsoft/sdl": pluginSdl,
+ "@microsoft/sdl": pluginSdl
},
rules: {
"no-caller": "error",
@@ -23,8 +23,8 @@ module.exports = (pluginSdl) => {
"@microsoft/sdl/no-insecure-url": "error",
"@microsoft/sdl/no-msapp-exec-unsafe": "error",
"@microsoft/sdl/no-postmessage-star-origin": "error",
- "@microsoft/sdl/no-winjs-html-unsafe": "error",
- },
- },
+ "@microsoft/sdl/no-winjs-html-unsafe": "error"
+ }
+ }
];
};
diff --git a/config/electron.js b/config/electron.js
index d9d788d..a6d23ae 100644
--- a/config/electron.js
+++ b/config/electron.js
@@ -7,11 +7,11 @@ module.exports = (pluginSdl) => {
return [
{
plugins: {
- "@microsoft/sdl": pluginSdl,
+ "@microsoft/sdl": pluginSdl
},
rules: {
- "@microsoft/sdl/no-electron-node-integration": "error",
- },
- },
+ "@microsoft/sdl/no-electron-node-integration": "error"
+ }
+ }
];
};
diff --git a/config/node.js b/config/node.js
index 0feb108..f6d88f8 100644
--- a/config/node.js
+++ b/config/node.js
@@ -9,19 +9,19 @@ module.exports = (pluginSdl) => {
return [
{
plugins: {
- n: pluginN,
+ n: pluginN
},
rules: {
- "n/no-deprecated-api": "error",
- },
+ "n/no-deprecated-api": "error"
+ }
},
{
plugins: {
- "@microsoft/sdl": pluginSdl,
+ "@microsoft/sdl": pluginSdl
},
rules: {
- "@microsoft/sdl/no-unsafe-alloc": "error",
- },
- },
+ "@microsoft/sdl/no-unsafe-alloc": "error"
+ }
+ }
];
};
diff --git a/config/react.js b/config/react.js
index 80e7fa7..6260cb1 100644
--- a/config/react.js
+++ b/config/react.js
@@ -11,14 +11,14 @@ module.exports = (pluginSdl) => {
languageOptions: {
parserOptions: {
ecmaFeatures: {
- jsx: true,
- },
- },
- },
+ jsx: true
+ }
+ }
+ }
},
{
plugins: {
- react: pluginReact,
+ react: pluginReact
},
rules: {
"react/no-danger": "error",
@@ -27,18 +27,18 @@ module.exports = (pluginSdl) => {
{
allowReferrer: false,
enforceDynamicLinks: "always",
- warnOnSpreadAttributes: true,
- },
- ],
- },
+ warnOnSpreadAttributes: true
+ }
+ ]
+ }
},
{
plugins: {
- "@microsoft/sdl": pluginSdl,
+ "@microsoft/sdl": pluginSdl
},
rules: {
- "@microsoft/sdl/react-iframe-missing-sandbox": "error",
- },
- },
+ "@microsoft/sdl/react-iframe-missing-sandbox": "error"
+ }
+ }
];
};
diff --git a/config/typescript.js b/config/typescript.js
index a8dc50b..4085447 100644
--- a/config/typescript.js
+++ b/config/typescript.js
@@ -13,28 +13,28 @@ module.exports = () => {
ecmaVersion: 6,
sourceType: "module",
ecmaFeatures: {
- jsx: true,
- },
- },
- },
+ jsx: true
+ }
+ }
+ }
},
{
files: ["**/*.{ts,tsx}"],
languageOptions: {
parserOptions: {
- parser: "@typescript-eslint/parser",
- },
+ parser: "@typescript-eslint/parser"
+ }
},
plugins: {
- "@typescript-eslint": pluginTypescript,
+ "@typescript-eslint": pluginTypescript
},
rules: {
"@typescript-eslint/no-implied-eval": "error",
// @typescript-eslint/no-implied-eval offers more accurate results for typescript.
// thus we turn the more generic rule off for ts and tsx files.
// This also avoids duplicate hits.
- "no-implied-eval": "off",
- },
- },
+ "no-implied-eval": "off"
+ }
+ }
];
};
diff --git a/lib/ast-utils.js b/lib/ast-utils.js
index 590d669..0a97334 100644
--- a/lib/ast-utils.js
+++ b/lib/ast-utils.js
@@ -65,5 +65,5 @@ module.exports = {
);
}
return false;
- },
+ }
};
diff --git a/lib/index.js b/lib/index.js
index 12f1f58..60b3433 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -11,7 +11,7 @@ const pkg = require(path.join("..", "package.json"));
const plugin = {
meta: {
name: pkg.name,
- version: pkg.version,
+ version: pkg.version
},
rules: {
"no-angular-bypass-sanitizer": require("./rules/no-angular-bypass-sanitizer"),
@@ -31,10 +31,10 @@ const plugin = {
"no-postmessage-star-origin": require("./rules/no-postmessage-star-origin"),
"no-unsafe-alloc": require("./rules/no-unsafe-alloc"),
"no-winjs-html-unsafe": require("./rules/no-winjs-html-unsafe"),
- "react-iframe-missing-sandbox": require("./rules/react-iframe-missing-sandbox"),
+ "react-iframe-missing-sandbox": require("./rules/react-iframe-missing-sandbox")
},
// Filled in later in order to reference plugin itself.
- configs: {},
+ configs: {}
};
plugin.configs["angular"] = require("../config/angular")(plugin);
@@ -51,7 +51,7 @@ plugin.configs["required"] = [
...plugin.configs["common"],
...plugin.configs["electron"],
...plugin.configs["node"],
- ...plugin.configs["react"],
+ ...plugin.configs["react"]
];
plugin.configs["recommended"] = [
@@ -59,9 +59,9 @@ plugin.configs["recommended"] = [
...plugin.configs["typescript"],
{
plugins: {
- security: pluginSecurity,
- },
- },
+ security: pluginSecurity
+ }
+ }
];
module.exports = plugin;
diff --git a/lib/rules/no-angular-bypass-sanitizer.js b/lib/rules/no-angular-bypass-sanitizer.js
index 36d1e3f..8650fa2 100644
--- a/lib/rules/no-angular-bypass-sanitizer.js
+++ b/lib/rules/no-angular-bypass-sanitizer.js
@@ -17,22 +17,22 @@ module.exports = {
category: "Security",
description:
"Calls to bypassSecurityTrustHtml, bypassSecurityTrustScript and similar methods bypass DomSanitizer in Angular and need to be reviewed.",
- url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angular-bypass-sanitizer.md",
+ url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angular-bypass-sanitizer.md"
},
messages: {
- noBypass: "Do not bypass Angular's built-in sanitizer",
- },
+ noBypass: "Do not bypass Angular's built-in sanitizer"
+ }
},
create: function (context) {
return {
"CallExpression[arguments!=''][callee.property.name=/bypassSecurityTrust(Html|ResourceUrl|Script|Style|Url)/]"(
- node,
+ node
) {
context.report({
node: node,
- messageId: "noBypass",
+ messageId: "noBypass"
});
- },
+ }
};
- },
+ }
};
diff --git a/lib/rules/no-angular-sanitization-trusted-urls.js b/lib/rules/no-angular-sanitization-trusted-urls.js
index 05493d4..66b576e 100644
--- a/lib/rules/no-angular-sanitization-trusted-urls.js
+++ b/lib/rules/no-angular-sanitization-trusted-urls.js
@@ -17,22 +17,22 @@ module.exports = {
category: "Security",
description:
"Calls to [`$compileProvider.aHrefSanitizationTrustedUrlList`](https://docs.angularjs.org/api/ng/provider/$compileProvider#aHrefSanitizationTrustedUrlList) configure allowed Url list in AngularJS sanitizer and need to be reviewed.",
- url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angular-sanitization-trusted-urls.md",
+ url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angular-sanitization-trusted-urls.md"
},
messages: {
- noSanitizationTrustedUrls: "Do not modify the trusted Urls list in AngularJS",
- },
+ noSanitizationTrustedUrls: "Do not modify the trusted Urls list in AngularJS"
+ }
},
create: function (context) {
return {
"CallExpression[arguments!=''][callee.object.name='$compileProvider'][callee.property.name=/(aHref|imgSrc)SanitizationTrustedUrlList/]"(
- node,
+ node
) {
context.report({
node: node,
- messageId: "noSanitizationTrustedUrls",
+ messageId: "noSanitizationTrustedUrls"
});
- },
+ }
};
- },
+ }
};
diff --git a/lib/rules/no-angularjs-bypass-sce.js b/lib/rules/no-angularjs-bypass-sce.js
index 25271bc..74bad0a 100644
--- a/lib/rules/no-angularjs-bypass-sce.js
+++ b/lib/rules/no-angularjs-bypass-sce.js
@@ -17,23 +17,23 @@ module.exports = {
category: "Security",
description:
"Calls to $sceProvider.enabled(false), $sceDelegate.trustAs(), $sce.trustAs() and relevant shorthand methods (e.g. trustAsHtml or trustAsJs) bypass Strict Contextual Escaping (SCE) in AngularJS and need to be reviewed.",
- url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-bypass-sce.md",
+ url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-bypass-sce.md"
},
messages: {
- doNotBypass: "Do not bypass Strict Contextual Escaping (SCE) in AngularJS",
- },
+ doNotBypass: "Do not bypass Strict Contextual Escaping (SCE) in AngularJS"
+ }
},
create: function (context) {
function reportIt(node) {
context.report({
node: node,
- messageId: "doNotBypass",
+ messageId: "doNotBypass"
});
}
return {
"CallExpression[arguments!=''][callee.object.name='$sceProvider'][callee.property.name='enabled']"(
- node,
+ node
) {
// Known false positives
if (
@@ -48,7 +48,7 @@ module.exports = {
"CallExpression[arguments!=''][callee.object.name='$sceDelegate'][callee.property.name='trustAs']":
reportIt,
"CallExpression[arguments!=''][callee.object.name='$sce'][callee.property.name=/trustAs(Css|Html|Js|ResourceUrl|Url)?/]"(
- node,
+ node
) {
// Known false positives
if (
@@ -61,9 +61,9 @@ module.exports = {
}
return reportIt(node);
- },
+ }
};
- },
+ }
};
// TODO: Review https://docs.angularjs.org/api/ng/provider/$sceDelegateProvider#resourceUrlWhitelist and https://docs.angularjs.org/api/ng/provider/$sceDelegateProvider#resourceUrlBlacklist
diff --git a/lib/rules/no-angularjs-enable-svg.js b/lib/rules/no-angularjs-enable-svg.js
index adaee84..7405601 100644
--- a/lib/rules/no-angularjs-enable-svg.js
+++ b/lib/rules/no-angularjs-enable-svg.js
@@ -17,16 +17,16 @@ module.exports = {
category: "Security",
description:
"Calls to $sanitizeProvider.enableSvg(true) increase attack surface of the application by enabling SVG support in AngularJS sanitizer and need to be reviewed.",
- url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-enable-svg.md",
+ url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-enable-svg.md"
},
messages: {
- doNotEnableSVG: "Do not enable SVG support in AngularJS",
- },
+ doNotEnableSVG: "Do not enable SVG support in AngularJS"
+ }
},
create: function (context) {
return {
"CallExpression[callee.object.name='$sanitizeProvider'][callee.property.name='enableSvg']"(
- node,
+ node
) {
// Known false positives
if (
@@ -38,11 +38,11 @@ module.exports = {
}
context.report({
node: node,
- messageId: "doNotEnableSVG",
+ messageId: "doNotEnableSVG"
});
- },
+ }
};
- },
+ }
};
// TODO: Add rules for $sanitizeProvider.addValidElements() and $sanitizeProvider.addValidAttrs()
diff --git a/lib/rules/no-angularjs-sanitization-whitelist.js b/lib/rules/no-angularjs-sanitization-whitelist.js
index fa7e40b..c92e1f4 100644
--- a/lib/rules/no-angularjs-sanitization-whitelist.js
+++ b/lib/rules/no-angularjs-sanitization-whitelist.js
@@ -17,22 +17,22 @@ module.exports = {
category: "Security",
description:
"Calls to [`$compileProvider.aHrefSanitizationWhitelist`](https://docs.angularjs.org/api/ng/provider/$compileProvider#aHrefSanitizationWhitelist) or [`$compileProvider.imgSrcSanitizationWhitelist`](https://docs.angularjs.org/api/ng/provider/$compileProvider#imgSrcSanitizationWhitelist) configure whitelists in AngularJS sanitizer and need to be reviewed.",
- url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-sanitization-whitelist.md",
+ url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-sanitization-whitelist.md"
},
messages: {
- noSanitizationWhitelist: "Do not modify sanitization whitelist in AngularJS",
- },
+ noSanitizationWhitelist: "Do not modify sanitization whitelist in AngularJS"
+ }
},
create: function (context) {
return {
"CallExpression[arguments!=''][callee.object.name='$compileProvider'][callee.property.name=/(aHref|imgSrc)SanitizationWhitelist/]"(
- node,
+ node
) {
context.report({
node: node,
- messageId: "noSanitizationWhitelist",
+ messageId: "noSanitizationWhitelist"
});
- },
+ }
};
- },
+ }
};
diff --git a/lib/rules/no-cookies.js b/lib/rules/no-cookies.js
index 04428e1..5e3347a 100644
--- a/lib/rules/no-cookies.js
+++ b/lib/rules/no-cookies.js
@@ -19,11 +19,11 @@ module.exports = {
category: "Security",
description:
"HTTP cookies are an old client-side storage mechanism with inherent risks and limitations. Use Web Storage, IndexedDB or other more modern methods instead.",
- url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-cookies.md",
+ url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-cookies.md"
},
messages: {
- doNotUseCookies: "Do not use HTTP cookies in modern applications",
- },
+ doNotUseCookies: "Do not use HTTP cookies in modern applications"
+ }
},
create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context);
@@ -32,10 +32,10 @@ module.exports = {
if (astUtils.isDocumentObject(node.object, context, fullTypeChecker)) {
context.report({
node: node,
- messageId: "doNotUseCookies",
+ messageId: "doNotUseCookies"
});
}
- },
+ }
};
- },
+ }
};
diff --git a/lib/rules/no-document-domain.js b/lib/rules/no-document-domain.js
index f49a75b..d99683d 100644
--- a/lib/rules/no-document-domain.js
+++ b/lib/rules/no-document-domain.js
@@ -19,11 +19,11 @@ module.exports = {
category: "Security",
description:
"Writes to [`document.domain`](https://developer.mozilla.org/en-US/docs/Web/API/Document/domain) property must be reviewed to avoid bypass of [same-origin checks](https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy#Changing_origin). Usage of top level domains such as `azurewebsites.net` is strictly prohibited.",
- url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-document-domain.md",
+ url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-document-domain.md"
},
messages: {
- default: "Do not write to document.domain property",
- },
+ default: "Do not write to document.domain property"
+ }
},
create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context);
@@ -32,10 +32,10 @@ module.exports = {
if (astUtils.isDocumentObject(node.left.object, context, fullTypeChecker)) {
context.report({
node: node,
- messageId: "default",
+ messageId: "default"
});
}
- },
+ }
};
- },
+ }
};
diff --git a/lib/rules/no-document-write.js b/lib/rules/no-document-write.js
index b1b2f8d..6c2c60f 100644
--- a/lib/rules/no-document-write.js
+++ b/lib/rules/no-document-write.js
@@ -19,11 +19,11 @@ module.exports = {
category: "Security",
description:
"Calls to document.write or document.writeln manipulate DOM directly without any sanitization and should be avoided. Use document.createElement() or similar methods instead.",
- url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-document-write.md",
+ url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-document-write.md"
},
messages: {
- default: "Do not write to DOM directly using document.write or document.writeln methods",
- },
+ default: "Do not write to DOM directly using document.write or document.writeln methods"
+ }
},
create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context);
@@ -32,10 +32,10 @@ module.exports = {
if (astUtils.isDocumentObject(node.callee.object, context, fullTypeChecker)) {
context.report({
node: node,
- messageId: "default",
+ messageId: "default"
});
}
- },
+ }
};
- },
+ }
};
diff --git a/lib/rules/no-electron-node-integration.js b/lib/rules/no-electron-node-integration.js
index 8eda6bb..589b818 100644
--- a/lib/rules/no-electron-node-integration.js
+++ b/lib/rules/no-electron-node-integration.js
@@ -16,22 +16,22 @@ module.exports = {
category: "Security",
description:
"[Node.js Integration](https://www.electronjs.org/docs/tutorial/security#2-do-not-enable-nodejs-integration-for-remote-content) must not be enabled in any renderer that loads remote content to avoid remote code execution attacks.",
- url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-electron-node-integration.md",
+ url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-electron-node-integration.md"
},
messages: {
- default: "Do not enable Node.js Integration for Remote Content",
- },
+ default: "Do not enable Node.js Integration for Remote Content"
+ }
},
create: function (context) {
return {
"NewExpression[callee.name=/BrowserWindow|BrowserView/] > ObjectExpression.arguments > Property.properties[key.name=webPreferences] > ObjectExpression.value > Property.properties[key.name=/nodeIntegration|nodeIntegrationInWorker|nodeIntegrationInSubFrames/][value.value='true']"(
- node,
+ node
) {
context.report({
node: node,
- messageId: "default",
+ messageId: "default"
});
- },
+ }
};
- },
+ }
};
diff --git a/lib/rules/no-html-method.js b/lib/rules/no-html-method.js
index 55aeed6..fadc62e 100644
--- a/lib/rules/no-html-method.js
+++ b/lib/rules/no-html-method.js
@@ -18,11 +18,11 @@ module.exports = {
docs: {
description:
"Direct calls to method `html()` often (e.g. in jQuery framework) manipulate DOM without any sanitization and should be avoided. Use document.createElement() or similar methods instead.",
- url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-html-method.md",
+ url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-html-method.md"
},
messages: {
- default: "Do not write to DOM directly using jQuery html() method",
- },
+ default: "Do not write to DOM directly using jQuery html() method"
+ }
},
create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context);
@@ -42,9 +42,9 @@ module.exports = {
}
context.report({
node: node,
- messageId: "default",
+ messageId: "default"
});
- },
+ }
};
- },
+ }
};
diff --git a/lib/rules/no-inner-html.js b/lib/rules/no-inner-html.js
index 99aa169..24b30f1 100644
--- a/lib/rules/no-inner-html.js
+++ b/lib/rules/no-inner-html.js
@@ -18,12 +18,12 @@ module.exports = {
docs: {
description:
"Assignments to [innerHTML](https://developer.mozilla.org/en-US/docs/Web/API/Element/innerHTML)/[outerHTML](https://developer.mozilla.org/en-US/docs/Web/API/Element/outerHTML) properties or calls to [insertAdjacentHTML](https://developer.mozilla.org/en-US/docs/Web/API/Element/insertAdjacentHTML) method manipulate DOM directly without any sanitization and should be avoided. Use document.createElement() or similar methods instead.",
- url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-inner-html.md",
+ url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-inner-html.md"
},
messages: {
noInnerHtml: "Do not write to DOM directly using innerHTML/outerHTML property",
- noInsertAdjacentHTML: "Do not write to DOM using insertAdjacentHTML method",
- },
+ noInsertAdjacentHTML: "Do not write to DOM using insertAdjacentHTML method"
+ }
},
create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context);
@@ -35,7 +35,7 @@ module.exports = {
return {
"CallExpression[arguments.length=2] > MemberExpression.callee[property.name='insertAdjacentHTML']"(
- node,
+ node
) {
// Ignore known false positives
if (
@@ -53,12 +53,12 @@ module.exports = {
if (mightBeHTMLElement(node.object)) {
context.report({
node: node,
- messageId: "noInsertAdjacentHTML",
+ messageId: "noInsertAdjacentHTML"
});
}
},
"AssignmentExpression[left.type='MemberExpression'][left.property.name=/innerHTML|outerHTML/]"(
- node,
+ node
) {
// Ignore known false positives
if (
@@ -73,10 +73,10 @@ module.exports = {
if (mightBeHTMLElement(node.left.object)) {
context.report({
node: node,
- messageId: "noInnerHtml",
+ messageId: "noInnerHtml"
});
}
- },
+ }
};
- },
+ }
};
diff --git a/lib/rules/no-insecure-random.js b/lib/rules/no-insecure-random.js
index 2c77d31..1ec305b 100644
--- a/lib/rules/no-insecure-random.js
+++ b/lib/rules/no-insecure-random.js
@@ -17,7 +17,7 @@ const bannedRandomLibraries = [
"random-int",
"random-float",
"random-seed",
- "unique-random",
+ "unique-random"
];
module.exports = {
@@ -31,12 +31,12 @@ module.exports = {
Use crypto.randomBytes() or window.crypto.getRandomValues() instead.
`,
- url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-insecure-random.md",
+ url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-insecure-random.md"
},
messages: {
default:
- "Do not use pseudo-random number generators for generating secret values such as tokens, passwords or keys.",
- },
+ "Do not use pseudo-random number generators for generating secret values such as tokens, passwords or keys."
+ }
},
create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context);
@@ -54,7 +54,7 @@ module.exports = {
if (notFalsePositive) {
context.report({
node: node,
- messageId: "default",
+ messageId: "default"
});
}
},
@@ -70,7 +70,7 @@ module.exports = {
if (notFalsePositive) {
context.report({
node: node,
- messageId: "default",
+ messageId: "default"
});
}
},
@@ -78,7 +78,7 @@ module.exports = {
if (bannedRandomLibraries.includes(path.basename(node.source.value))) {
context.report({
node: node,
- messageId: "default",
+ messageId: "default"
});
}
},
@@ -87,10 +87,10 @@ module.exports = {
if (bannedRandomLibraries.includes(requireName)) {
context.report({
node: node,
- messageId: "default",
+ messageId: "default"
});
}
- },
+ }
};
- },
+ }
};
diff --git a/lib/rules/no-insecure-url.js b/lib/rules/no-insecure-url.js
index 49209d8..3ecca4b 100644
--- a/lib/rules/no-insecure-url.js
+++ b/lib/rules/no-insecure-url.js
@@ -15,7 +15,7 @@ const DEFAULT_EXCEPTIONS = [
/^http:(\/\/|\\u002f\\u002f)schemas\.openxmlformats\.org(\/\/|\\u002f\\u002f)?.*/i,
/^http:(\/|\\u002f){2}localhost(:|\/|\\u002f)*/i,
/^http:(\/\/)www\.w3\.org\/1999\/xhtml/i,
- /^http:(\/\/)www\.w3\.org\/2000\/svg/i,
+ /^http:(\/\/)www\.w3\.org\/2000\/svg/i
];
const DEFAULT_VARIABLES_EXECEPTIONS = [];
@@ -34,34 +34,34 @@ module.exports = {
blocklist: {
type: "array",
items: {
- type: "string",
- },
+ type: "string"
+ }
},
exceptions: {
type: "array",
items: {
- type: "string",
- },
+ type: "string"
+ }
},
varExceptions: {
type: "array",
items: {
- type: "string",
- },
- },
+ type: "string"
+ }
+ }
},
- additionalProperties: false,
- },
+ additionalProperties: false
+ }
],
docs: {
category: "Security",
description:
"Insecure protocols such as [HTTP](https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol) or [FTP](https://en.wikipedia.org/wiki/File_Transfer_Protocol) should be replaced by their encrypted counterparts ([HTTPS](https://en.wikipedia.org/wiki/HTTPS), [FTPS](https://en.wikipedia.org/wiki/FTPS)) to avoid sending (potentially sensitive) data over untrusted network in plaintext.",
- url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-insecure-url.md",
+ url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-insecure-url.md"
},
messages: {
- doNotUseInsecureUrl: "Do not use insecure URLs",
- },
+ doNotUseInsecureUrl: "Do not use insecure URLs"
+ }
},
create: function (context) {
const options = context.options[0] || {};
@@ -74,7 +74,7 @@ module.exports = {
const varExceptions = (options.varExceptions || DEFAULT_VARIABLES_EXECEPTIONS).map(
(pattern) => {
return new RegExp(pattern, "i");
- },
+ }
);
function matches(patterns, value) {
@@ -120,7 +120,7 @@ module.exports = {
//insert an "s" before ":/" to change http:/ to https:/
return fixer.replaceText(node, JSON.stringify(fixedString));
}
- },
+ }
});
}
}
@@ -149,11 +149,11 @@ module.exports = {
//insert an "s" before ":/" to change http:/ to https:/
return fixer.replaceText(node, fixedString);
}
- },
+ }
});
}
}
- },
+ }
};
- },
+ }
};
diff --git a/lib/rules/no-msapp-exec-unsafe.js b/lib/rules/no-msapp-exec-unsafe.js
index bb1203d..3bb1685 100644
--- a/lib/rules/no-msapp-exec-unsafe.js
+++ b/lib/rules/no-msapp-exec-unsafe.js
@@ -16,22 +16,22 @@ module.exports = {
docs: {
description:
"Calls to [`MSApp.execUnsafeLocalFunction()`](https://docs.microsoft.com/en-us/previous-versions/hh772324(v=vs.85)) bypass script injection validation and should be avoided.",
- url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-msapp-exec-unsafe.md",
+ url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-msapp-exec-unsafe.md"
},
messages: {
- default: "Do not bypass script injection validation",
- },
+ default: "Do not bypass script injection validation"
+ }
},
create: function (context) {
return {
"CallExpression[arguments.length=1][callee.object.name='MSApp'][callee.property.name='execUnsafeLocalFunction']"(
- node,
+ node
) {
context.report({
node: node,
- messageId: "default",
+ messageId: "default"
});
- },
+ }
};
- },
+ }
};
diff --git a/lib/rules/no-postmessage-star-origin.js b/lib/rules/no-postmessage-star-origin.js
index 5fdda1a..5a76c0e 100644
--- a/lib/rules/no-postmessage-star-origin.js
+++ b/lib/rules/no-postmessage-star-origin.js
@@ -17,17 +17,17 @@ module.exports = {
docs: {
description:
"Always provide specific target origin, not * when sending data to other windows using [`postMessage`](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage#Security_concerns) to avoid data leakage outside of trust boundary.",
- url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-postmessage-star-origin.md",
+ url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-postmessage-star-origin.md"
},
messages: {
- default: "Do not use * as target origin when sending data to other windows",
- },
+ default: "Do not use * as target origin when sending data to other windows"
+ }
},
create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context);
return {
"CallExpression[arguments.length>=2][arguments.length<=3][callee.property.name=postMessage]"(
- node,
+ node
) {
// Check that second argument (target origin) is Literal "*"
if (!(node.arguments[1].type === "Literal" && node.arguments[1].value == "*")) {
@@ -37,7 +37,7 @@ module.exports = {
// Check that object type is Window when full type information is available
if (fullTypeChecker) {
const tsNode = context.sourceCode.parserServices.esTreeNodeToTSNodeMap.get(
- node.callee.object,
+ node.callee.object
);
const tsType = fullTypeChecker.getTypeAtLocation(tsNode);
const type = fullTypeChecker.typeToString(tsType);
@@ -48,9 +48,9 @@ module.exports = {
context.report({
node: node,
- messageId: "default",
+ messageId: "default"
});
- },
+ }
};
- },
+ }
};
diff --git a/lib/rules/no-unsafe-alloc.js b/lib/rules/no-unsafe-alloc.js
index bd0b7c7..aa0144a 100644
--- a/lib/rules/no-unsafe-alloc.js
+++ b/lib/rules/no-unsafe-alloc.js
@@ -11,11 +11,11 @@ module.exports = {
docs: {
description:
"When calling [`Buffer.allocUnsafe`](https://nodejs.org/api/buffer.html#buffer_static_method_buffer_allocunsafe_size) and [`Buffer.allocUnsafeSlow`](https://nodejs.org/api/buffer.html#buffer_static_method_buffer_allocunsafeslow_size), the allocated memory is not wiped-out and can contain old, potentially sensitive data.",
- url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-unsafe-alloc.md",
+ url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-unsafe-alloc.md"
},
messages: {
- default: "Do not allocate uninitialized buffers in Node.js",
- },
+ default: "Do not allocate uninitialized buffers in Node.js"
+ }
},
create: function (context) {
return {
@@ -36,9 +36,9 @@ module.exports = {
}
context.report({
node: node,
- messageId: "default",
+ messageId: "default"
});
- },
+ }
};
- },
+ }
};
diff --git a/lib/rules/no-winjs-html-unsafe.js b/lib/rules/no-winjs-html-unsafe.js
index fa74734..44ae7aa 100644
--- a/lib/rules/no-winjs-html-unsafe.js
+++ b/lib/rules/no-winjs-html-unsafe.js
@@ -16,22 +16,22 @@ module.exports = {
docs: {
description:
"Calls to [`WinJS.Utilities.setInnerHTMLUnsafe()`](https://docs.microsoft.com/en-us/previous-versions/windows/apps/br211696(v=win.10)) and similar methods do not perform any input validation and should be avoided. Use [`WinJS.Utilities.setInnerHTML()`](https://docs.microsoft.com/en-us/previous-versions/windows/apps/br211697(v=win.10)) instead.",
- url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-winjs-html-unsafe.md",
+ url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-winjs-html-unsafe.md"
},
messages: {
- default: "Do not set HTML using unsafe methods from WinJS.Utilities",
- },
+ default: "Do not set HTML using unsafe methods from WinJS.Utilities"
+ }
},
create: function (context) {
return {
"CallExpression[callee.object.object.name='WinJS'][callee.object.property.name='Utilities'][callee.property.name=/(insertAdjacent|setInner|setOuter)HTMLUnsafe/]"(
- node,
+ node
) {
context.report({
node: node,
- messageId: "default",
+ messageId: "default"
});
- },
+ }
};
- },
+ }
};
diff --git a/lib/rules/react-iframe-missing-sandbox.js b/lib/rules/react-iframe-missing-sandbox.js
index 02ef7fe..fe33095 100644
--- a/lib/rules/react-iframe-missing-sandbox.js
+++ b/lib/rules/react-iframe-missing-sandbox.js
@@ -18,15 +18,15 @@ module.exports = {
category: "Security",
description:
"The [sandbox](https://www.w3schools.com/tags/att_iframe_sandbox.asp) attribute enables an extra set of restrictions for the content in the iframe and should always be specified.",
- url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/react-iframe-missing-sandbox.md",
+ url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/react-iframe-missing-sandbox.md"
},
messages: {
attributeMissing: "An iframe element is missing a sandbox attribute",
invalidValue:
'An iframe element defines a sandbox attribute with invalid value "{{ value }}"',
invalidCombination:
- "An iframe element defines a sandbox attribute with both allow-scripts and allow-same-origin which is invalid",
- },
+ "An iframe element defines a sandbox attribute with both allow-scripts and allow-same-origin which is invalid"
+ }
},
create(context) {
@@ -43,7 +43,7 @@ module.exports = {
"allow-same-origin",
"allow-scripts",
"allow-top-navigation",
- "allow-top-navigation-by-user-activation",
+ "allow-top-navigation-by-user-activation"
];
function validateSandboxAttribute(node, attribute) {
@@ -57,8 +57,8 @@ module.exports = {
node,
messageId: "invalidValue",
data: {
- value: trimmedAttributeValue,
- },
+ value: trimmedAttributeValue
+ }
});
}
if (trimmedAttributeValue === "allow-scripts") {
@@ -71,7 +71,7 @@ module.exports = {
if (allowScripts && allowSameOrigin) {
context.report({
node,
- messageId: "invalidCombination",
+ messageId: "invalidCombination"
});
}
}
@@ -96,10 +96,10 @@ module.exports = {
if (!sandboxAttributeFound) {
context.report({
node,
- messageId: "attributeMissing",
+ messageId: "attributeMissing"
});
}
- },
+ }
};
- },
+ }
};
diff --git a/tests/lib/rules/no-angular-bypass-sanitizer.js b/tests/lib/rules/no-angular-bypass-sanitizer.js
index 90a3387..0e17d8e 100644
--- a/tests/lib/rules/no-angular-bypass-sanitizer.js
+++ b/tests/lib/rules/no-angular-bypass-sanitizer.js
@@ -11,7 +11,7 @@ ruleTester.run(ruleId, rule, {
valid: [
"bypassSecurityTrustHtml('XSS')",
"x.bypassSecurityTrustHtml()",
- "x.BypassSecurityTrustHtml('XSS')",
+ "x.BypassSecurityTrustHtml('XSS')"
],
invalid: [
{
@@ -22,25 +22,25 @@ ruleTester.run(ruleId, rule, {
line: 1,
endLine: 1,
column: 1,
- endColumn: 38,
- },
- ],
+ endColumn: 38
+ }
+ ]
},
{
code: "$('p').bypassSecurityTrustResourceUrl('XSS')",
- errors: [{ messageId: "noBypass" }],
+ errors: [{ messageId: "noBypass" }]
},
{
code: "$('p').bypassSecurityTrustScript('XSS')",
- errors: [{ messageId: "noBypass" }],
+ errors: [{ messageId: "noBypass" }]
},
{
code: "$('p').bypassSecurityTrustStyle('XSS')",
- errors: [{ messageId: "noBypass" }],
+ errors: [{ messageId: "noBypass" }]
},
{
code: "$('p').bypassSecurityTrustUrl('XSS')",
- errors: [{ messageId: "noBypass" }],
- },
- ],
+ errors: [{ messageId: "noBypass" }]
+ }
+ ]
});
diff --git a/tests/lib/rules/no-angular-sanitization-trusted-urls.js b/tests/lib/rules/no-angular-sanitization-trusted-urls.js
index f3b5c97..4a11b31 100644
--- a/tests/lib/rules/no-angular-sanitization-trusted-urls.js
+++ b/tests/lib/rules/no-angular-sanitization-trusted-urls.js
@@ -12,7 +12,7 @@ ruleTester.run(ruleId, rule, {
"aHrefSanitizationTrustedUrlList ('.*')",
"x.aHrefSanitizationTrustedUrlList ('.*')",
"$compileProvider.aHrefSanitizationTrustedUrlList ()",
- "$compileProvider.AHrefSanitizationTrustedUrlList ('.*')",
+ "$compileProvider.AHrefSanitizationTrustedUrlList ('.*')"
],
invalid: [
{
@@ -23,9 +23,9 @@ ruleTester.run(ruleId, rule, {
line: 1,
endLine: 1,
column: 1,
- endColumn: 56,
- },
- ],
+ endColumn: 56
+ }
+ ]
},
{
code: "$compileProvider.imgSrcSanitizationTrustedUrlList('.*');",
@@ -35,9 +35,9 @@ ruleTester.run(ruleId, rule, {
line: 1,
endLine: 1,
column: 1,
- endColumn: 56,
- },
- ],
- },
- ],
+ endColumn: 56
+ }
+ ]
+ }
+ ]
});
diff --git a/tests/lib/rules/no-angularjs-bypass-sce.js b/tests/lib/rules/no-angularjs-bypass-sce.js
index f85e9fb..4fbe281 100644
--- a/tests/lib/rules/no-angularjs-bypass-sce.js
+++ b/tests/lib/rules/no-angularjs-bypass-sce.js
@@ -16,48 +16,48 @@ ruleTester.run(ruleId, rule, {
"x.trustAsHtml('XSS')",
"$sceProvider.enabled()",
"$sceProvider.enabled(true)",
- "$sceProvider.enabled(1)",
+ "$sceProvider.enabled(1)"
],
invalid: [
{
code: "$sceDelegate.trustAs($sce.HTML, 'XSS')",
- errors: [{ messageId: "doNotBypass" }],
+ errors: [{ messageId: "doNotBypass" }]
},
{
code: "$sce.trustAs($sce.HTML, 'XSS')",
- errors: [{ messageId: "doNotBypass" }],
+ errors: [{ messageId: "doNotBypass" }]
},
{
code: "$sce.trustAsCss('XSS')",
- errors: [{ messageId: "doNotBypass" }],
+ errors: [{ messageId: "doNotBypass" }]
},
{
code: "$sce.trustAsHtml('XSS')",
- errors: [{ messageId: "doNotBypass" }],
+ errors: [{ messageId: "doNotBypass" }]
},
{
code: "$sce.trustAsJs('XSS')",
- errors: [{ messageId: "doNotBypass" }],
+ errors: [{ messageId: "doNotBypass" }]
},
{
code: "$sce.trustAsResourceUrl('XSS')",
- errors: [{ messageId: "doNotBypass" }],
+ errors: [{ messageId: "doNotBypass" }]
},
{
code: "$sce.trustAsUrl('XSS')",
- errors: [{ messageId: "doNotBypass" }],
+ errors: [{ messageId: "doNotBypass" }]
},
{
code: "$sceProvider.enabled(false)",
- errors: [{ messageId: "doNotBypass" }],
+ errors: [{ messageId: "doNotBypass" }]
},
{
code: "$sceProvider.enabled(0)",
- errors: [{ messageId: "doNotBypass" }],
+ errors: [{ messageId: "doNotBypass" }]
},
{
code: "$sceProvider.enabled(true != true)",
- errors: [{ messageId: "doNotBypass" }],
- },
- ],
+ errors: [{ messageId: "doNotBypass" }]
+ }
+ ]
});
diff --git a/tests/lib/rules/no-angularjs-enable-svg.js b/tests/lib/rules/no-angularjs-enable-svg.js
index 3bde880..ffc2922 100644
--- a/tests/lib/rules/no-angularjs-enable-svg.js
+++ b/tests/lib/rules/no-angularjs-enable-svg.js
@@ -14,16 +14,16 @@ ruleTester.run(ruleId, rule, {
"$sanitizeProvider.enableSvg()",
"$sanitizeProvider.enableSvg(false)",
"$sanitizeProvider.enableSvg(0)",
- "$sanitizeProvider.EnableSvg(0)",
+ "$sanitizeProvider.EnableSvg(0)"
],
invalid: [
{
code: "$sanitizeProvider.enableSvg(true)",
- errors: [{ messageId: "doNotEnableSVG" }],
+ errors: [{ messageId: "doNotEnableSVG" }]
},
{
code: "$sanitizeProvider.enableSvg(1)",
- errors: [{ messageId: "doNotEnableSVG" }],
- },
- ],
+ errors: [{ messageId: "doNotEnableSVG" }]
+ }
+ ]
});
diff --git a/tests/lib/rules/no-angularjs-sanitization-whitelist.js b/tests/lib/rules/no-angularjs-sanitization-whitelist.js
index 0e4cd6e..728d342 100644
--- a/tests/lib/rules/no-angularjs-sanitization-whitelist.js
+++ b/tests/lib/rules/no-angularjs-sanitization-whitelist.js
@@ -12,7 +12,7 @@ ruleTester.run(ruleId, rule, {
"aHrefSanitizationWhitelist('.*')",
"x.aHrefSanitizationWhitelist('.*')",
"$compileProvider.aHrefSanitizationWhitelist()",
- "$compileProvider.AHrefSanitizationWhitelist('.*')",
+ "$compileProvider.AHrefSanitizationWhitelist('.*')"
],
invalid: [
{
@@ -23,9 +23,9 @@ ruleTester.run(ruleId, rule, {
line: 1,
endLine: 1,
column: 1,
- endColumn: 50,
- },
- ],
+ endColumn: 50
+ }
+ ]
},
{
code: "$compileProvider.imgSrcSanitizationWhitelist('.*');",
@@ -35,9 +35,9 @@ ruleTester.run(ruleId, rule, {
line: 1,
endLine: 1,
column: 1,
- endColumn: 51,
- },
- ],
- },
- ],
+ endColumn: 51
+ }
+ ]
+ }
+ ]
});
diff --git a/tests/lib/rules/no-cookies.js b/tests/lib/rules/no-cookies.js
index 0a7c5c8..581d0dc 100644
--- a/tests/lib/rules/no-cookies.js
+++ b/tests/lib/rules/no-cookies.js
@@ -39,25 +39,25 @@ function X() {
}
documentLikeAPIFunction().cookie = '...';
-`,
- },
+`
+ }
],
invalid: [
{
code: "document.cookie = '...'",
- errors: [{ messageId: "doNotUseCookies" }],
+ errors: [{ messageId: "doNotUseCookies" }]
},
{
code: "window.document.cookie = '...'",
- errors: [{ messageId: "doNotUseCookies" }],
+ errors: [{ messageId: "doNotUseCookies" }]
},
{
code: "this.window.document.cookie = '...'",
- errors: [{ messageId: "doNotUseCookies" }],
+ errors: [{ messageId: "doNotUseCookies" }]
},
{
code: "globalThis.window.document.cookie = '...'",
- errors: [{ messageId: "doNotUseCookies" }],
+ errors: [{ messageId: "doNotUseCookies" }]
},
{
languageOptions: testUtils.tsLanguageOptions,
@@ -67,7 +67,7 @@ function documentFunction(): Document {
}
documentFunction().cookie = '...';
`,
- errors: [{ messageId: "doNotUseCookies" }],
+ errors: [{ messageId: "doNotUseCookies" }]
},
{
languageOptions: testUtils.tsLanguageOptions,
@@ -78,7 +78,7 @@ namespace Sample {
}
}
`,
- errors: [{ messageId: "doNotUseCookies" }],
- },
- ],
+ errors: [{ messageId: "doNotUseCookies" }]
+ }
+ ]
});
diff --git a/tests/lib/rules/no-document-domain.js b/tests/lib/rules/no-document-domain.js
index 8fe8747..b311f10 100644
--- a/tests/lib/rules/no-document-domain.js
+++ b/tests/lib/rules/no-document-domain.js
@@ -23,22 +23,22 @@ function main() {
var document: DocumentLikeAPI = documentLikeAPIFunction();
document.domain = 'somevalue';
}
- `,
- },
+ `
+ }
],
invalid: [
{
languageOptions: testUtils.tsLanguageOptions,
code: "var doc = window.document; doc.domain = 'somevalue';",
- errors: [{ messageId: "default" }],
+ errors: [{ messageId: "default" }]
},
{
code: "document.domain = 'somevalue'",
- errors: [{ messageId: "default" }],
+ errors: [{ messageId: "default" }]
},
{
code: "window.document.domain = 'somevalue'",
- errors: [{ messageId: "default" }],
+ errors: [{ messageId: "default" }]
},
{
code: `
@@ -50,17 +50,17 @@ newWindow.document.domain = somevalue;
errors: [
{
line: 3,
- messageId: "default",
+ messageId: "default"
},
{
line: 4,
- messageId: "default",
+ messageId: "default"
},
{
line: 5,
- messageId: "default",
- },
- ],
- },
- ],
+ messageId: "default"
+ }
+ ]
+ }
+ ]
});
diff --git a/tests/lib/rules/no-document-write.js b/tests/lib/rules/no-document-write.js
index 03ed9a4..ea59774 100644
--- a/tests/lib/rules/no-document-write.js
+++ b/tests/lib/rules/no-document-write.js
@@ -23,7 +23,7 @@ ruleTester.run(ruleId, rule, {
writeln: () => {},
};
}
- `,
+ `
},
{
code: `
@@ -43,8 +43,8 @@ ruleTester.run(ruleId, rule, {
document.write('', '');
document.writeln();
document.writeln('', '');
- `,
- },
+ `
+ }
],
invalid: [
{
@@ -63,8 +63,8 @@ ruleTester.run(ruleId, rule, {
{ messageId: "default", line: 3 },
{ messageId: "default", line: 4 },
{ messageId: "default", line: 8 },
- { messageId: "default", line: 9 },
- ],
+ { messageId: "default", line: 9 }
+ ]
},
{
code: `
@@ -81,8 +81,8 @@ ruleTester.run(ruleId, rule, {
{ messageId: "default", line: 4 },
{ messageId: "default", line: 5 },
{ messageId: "default", line: 6 },
- { messageId: "default", line: 7 },
- ],
- },
- ],
+ { messageId: "default", line: 7 }
+ ]
+ }
+ ]
});
diff --git a/tests/lib/rules/no-electron-node-integration.js b/tests/lib/rules/no-electron-node-integration.js
index 5e006c2..0ec719c 100644
--- a/tests/lib/rules/no-electron-node-integration.js
+++ b/tests/lib/rules/no-electron-node-integration.js
@@ -23,8 +23,8 @@ ruleTester.run(ruleId, rule, {
nodeIntegration: false
}
});
- `,
- },
+ `
+ }
],
invalid: [
{
@@ -40,8 +40,8 @@ ruleTester.run(ruleId, rule, {
errors: [
{ messageId: "default", line: 4 },
{ messageId: "default", line: 5 },
- { messageId: "default", line: 6 },
- ],
+ { messageId: "default", line: 6 }
+ ]
},
{
code: `
@@ -56,8 +56,8 @@ ruleTester.run(ruleId, rule, {
errors: [
{ messageId: "default", line: 4 },
{ messageId: "default", line: 5 },
- { messageId: "default", line: 6 },
- ],
- },
- ],
+ { messageId: "default", line: 6 }
+ ]
+ }
+ ]
});
diff --git a/tests/lib/rules/no-html-method.js b/tests/lib/rules/no-html-method.js
index 4a5523e..b3214fb 100644
--- a/tests/lib/rules/no-html-method.js
+++ b/tests/lib/rules/no-html-method.js
@@ -14,16 +14,16 @@ ruleTester.run(ruleId, rule, {
"test.html()",
"test.html('','')",
"element.html('');",
- "element.html(null);",
+ "element.html(null);"
],
invalid: [
{
code: "$('p').html('XSS')",
- errors: [{ messageId: "default", line: 1 }],
+ errors: [{ messageId: "default", line: 1 }]
},
{
code: "$(selector).html(sample_function())",
- errors: [{ messageId: "default", line: 1 }],
+ errors: [{ messageId: "default", line: 1 }]
},
{
languageOptions: testUtils.es6LanguageOptions,
@@ -31,7 +31,7 @@ ruleTester.run(ruleId, rule, {
import $ from "jquery";
test.html('XSS');
`,
- errors: [{ messageId: "default", line: 3 }],
- },
- ],
+ errors: [{ messageId: "default", line: 3 }]
+ }
+ ]
});
diff --git a/tests/lib/rules/no-inner-html.js b/tests/lib/rules/no-inner-html.js
index 188e3fd..34bde71 100644
--- a/tests/lib/rules/no-inner-html.js
+++ b/tests/lib/rules/no-inner-html.js
@@ -29,8 +29,8 @@ ruleTester.run(ruleId, rule, {
let test = new Test("test");
test.innerHTML = test;
test.outerHTML = test;
- `,
- },
+ `
+ }
],
invalid: [
// TypeScript with full type information
@@ -45,8 +45,8 @@ ruleTester.run(ruleId, rule, {
errors: [
{ messageId: "noInnerHtml", line: 3 },
{ messageId: "noInnerHtml", line: 4 },
- { messageId: "noInsertAdjacentHTML", line: 5 },
- ],
+ { messageId: "noInsertAdjacentHTML", line: 5 }
+ ]
},
{
code: `
@@ -55,8 +55,8 @@ ruleTester.run(ruleId, rule, {
`,
errors: [
{ messageId: "noInnerHtml", line: 2 },
- { messageId: "noInnerHtml", line: 3 },
- ],
+ { messageId: "noInnerHtml", line: 3 }
+ ]
},
{
code: `
@@ -65,12 +65,12 @@ ruleTester.run(ruleId, rule, {
`,
errors: [
{ messageId: "noInnerHtml", line: 2 },
- { messageId: "noInnerHtml", line: 3 },
- ],
+ { messageId: "noInnerHtml", line: 3 }
+ ]
},
{
code: "element.insertAdjacentHTML('beforebegin', 'foo')",
- errors: [{ messageId: "noInsertAdjacentHTML", line: 1 }],
- },
- ],
+ errors: [{ messageId: "noInsertAdjacentHTML", line: 1 }]
+ }
+ ]
});
diff --git a/tests/lib/rules/no-insecure-random.js b/tests/lib/rules/no-insecure-random.js
index 07535e6..bc1dbce 100644
--- a/tests/lib/rules/no-insecure-random.js
+++ b/tests/lib/rules/no-insecure-random.js
@@ -20,7 +20,7 @@ ruleTester.run(ruleId, rule, {
Math.random;
math.random();
random();
- `,
+ `
},
{
code: `
@@ -30,7 +30,7 @@ ruleTester.run(ruleId, rule, {
require('random-package');
require('random-float2');
require('random2-seed');
- `,
+ `
},
{
languageOptions: testUtils.es6LanguageOptions,
@@ -41,7 +41,7 @@ ruleTester.run(ruleId, rule, {
import 'eslint';
import 'eslint-plugin-sdl';
import 'testing';
- `,
+ `
},
{
code: `
@@ -49,7 +49,7 @@ ruleTester.run(ruleId, rule, {
pseudoRandomBytes();
pseudoRandomByte();
cryptos.pseudoRondomBytes();
- `,
+ `
},
{
languageOptions: testUtils.tsLanguageOptions,
@@ -60,7 +60,7 @@ ruleTester.run(ruleId, rule, {
Math.Random;
Math.random;
- `,
+ `
},
{
languageOptions: testUtils.tsLanguageOptions,
@@ -72,8 +72,8 @@ ruleTester.run(ruleId, rule, {
pseudoRandomByte();
cryptos.pseudoRondomBytes();
cryptos.pseudoRondomBytes();
- `,
- },
+ `
+ }
],
invalid: [
{
@@ -83,8 +83,8 @@ ruleTester.run(ruleId, rule, {
`,
errors: [
{ messageId: "default", line: 2 },
- { messageId: "default", line: 3 },
- ],
+ { messageId: "default", line: 3 }
+ ]
},
{
languageOptions: testUtils.tsLanguageOptions,
@@ -94,8 +94,8 @@ ruleTester.run(ruleId, rule, {
`,
errors: [
{ messageId: "default", line: 2 },
- { messageId: "default", line: 3 },
- ],
+ { messageId: "default", line: 3 }
+ ]
},
{
languageOptions: testUtils.tsLanguageOptions,
@@ -106,14 +106,14 @@ ruleTester.run(ruleId, rule, {
notMath().random();
`,
- errors: [{ messageId: "default", line: 6 }],
+ errors: [{ messageId: "default", line: 6 }]
},
{
languageOptions: testUtils.tsLanguageOptions,
code: `
crypto.pseudoRandomBytes();
`,
- errors: [{ messageId: "default", line: 2 }],
+ errors: [{ messageId: "default", line: 2 }]
},
{
languageOptions: testUtils.tsLanguageOptions,
@@ -124,7 +124,7 @@ ruleTester.run(ruleId, rule, {
notCrypto().pseudoRandomBytes();
`,
- errors: [{ messageId: "default", line: 6 }],
+ errors: [{ messageId: "default", line: 6 }]
},
{
languageOptions: testUtils.es6LanguageOptions,
@@ -142,8 +142,8 @@ ruleTester.run(ruleId, rule, {
{ messageId: "default", line: 4 },
{ messageId: "default", line: 5 },
{ messageId: "default", line: 6 },
- { messageId: "default", line: 7 },
- ],
+ { messageId: "default", line: 7 }
+ ]
},
{
languageOptions: testUtils.es6LanguageOptions,
@@ -159,8 +159,8 @@ ruleTester.run(ruleId, rule, {
{ messageId: "default", line: 3 },
{ messageId: "default", line: 4 },
{ messageId: "default", line: 5 },
- { messageId: "default", line: 6 },
- ],
+ { messageId: "default", line: 6 }
+ ]
},
{
code: `
@@ -177,8 +177,8 @@ ruleTester.run(ruleId, rule, {
{ messageId: "default", line: 4 },
{ messageId: "default", line: 5 },
{ messageId: "default", line: 6 },
- { messageId: "default", line: 7 },
- ],
- },
- ],
+ { messageId: "default", line: 7 }
+ ]
+ }
+ ]
});
diff --git a/tests/lib/rules/no-insecure-url.js b/tests/lib/rules/no-insecure-url.js
index f8ac24e..6598479 100644
--- a/tests/lib/rules/no-insecure-url.js
+++ b/tests/lib/rules/no-insecure-url.js
@@ -21,7 +21,7 @@ ruleTester.run(ruleId, rule, {
code: `
var x = 'https://www.example.com'
var y = 'ftps://www.example.com'
- `,
+ `
},
{
// should allow https,ftps template strings in variables
@@ -29,7 +29,7 @@ ruleTester.run(ruleId, rule, {
var x = \`https://www.template-examples.com\`
var y = \`ftps://www.template-file-examples.com\`
`,
- languageOptions: testUtils.es6LanguageOptions,
+ languageOptions: testUtils.es6LanguageOptions
},
{
// should allow https,ftps multipart template strings in variables
@@ -37,11 +37,11 @@ ruleTester.run(ruleId, rule, {
var x = \`https://www.\${multipartExample}.com\`
var y = \`ftps://www.\${multipartExample}.com\`
`,
- languageOptions: testUtils.es6LanguageOptions,
+ languageOptions: testUtils.es6LanguageOptions
},
{
// should allow http,ftp in middle of string
- code: "var x = 'The protocol may be http://, https://, ftp:// or ftps://'",
+ code: "var x = 'The protocol may be http://, https://, ftp:// or ftps://'"
},
{
// should allow https,ftps strings in default values
@@ -49,7 +49,7 @@ ruleTester.run(ruleId, rule, {
function f(x : string = 'https://www.example.com') {}
function f(y : string = 'ftps://www.example.com') {}
`,
- languageOptions: testUtils.tsLanguageOptions,
+ languageOptions: testUtils.tsLanguageOptions
},
{
// should allow user-provided exceptions matches, regardless of upper/lower-case
@@ -64,10 +64,10 @@ ruleTester.run(ruleId, rule, {
exceptions: [
"HTTP://www.allow-example.com/?.*",
"FtP://www.allow-file-example.com",
- "LdaP://www.allow-ldap-example.com",
- ],
- },
- ],
+ "LdaP://www.allow-ldap-example.com"
+ ]
+ }
+ ]
},
{
// should allow user-provided exceptions for variable name matches, regardless of upper/lower-case
@@ -77,9 +77,9 @@ ruleTester.run(ruleId, rule, {
`,
options: [
{
- varExceptions: ["insecure?.*"],
- },
- ],
+ varExceptions: ["insecure?.*"]
+ }
+ ]
},
{
// should allow xml namespaces, as they are not accessed by the browser
@@ -91,22 +91,22 @@ ruleTester.run(ruleId, rule, {
);
};
`,
- languageOptions: testUtils.tsReactLanguageOptions,
+ languageOptions: testUtils.tsReactLanguageOptions
},
{
// should allow localhost
code: `
var x = "http://localhost/test";
var y = "http://localhost";
- `,
+ `
},
{
// should allow xml namespaces for XHTML and SVG even if outside of jsx xmlns attribute
code: `
var x = "http://www.w3.org/1999/xhtml";
var y = "http://www.w3.org/2000/svg";
- `,
- },
+ `
+ }
],
invalid: [
{
@@ -127,8 +127,8 @@ ruleTester.run(ruleId, rule, {
{ messageId: "doNotUseInsecureUrl", line: 2 },
{ messageId: "doNotUseInsecureUrl", line: 3 },
{ messageId: "doNotUseInsecureUrl", line: 4 },
- { messageId: "doNotUseInsecureUrl", line: 5 },
- ],
+ { messageId: "doNotUseInsecureUrl", line: 5 }
+ ]
},
{
// should ban http,ftp template strings in variables
@@ -148,9 +148,9 @@ ruleTester.run(ruleId, rule, {
{ messageId: "doNotUseInsecureUrl", line: 2 },
{ messageId: "doNotUseInsecureUrl", line: 3 },
{ messageId: "doNotUseInsecureUrl", line: 4 },
- { messageId: "doNotUseInsecureUrl", line: 5 },
+ { messageId: "doNotUseInsecureUrl", line: 5 }
],
- languageOptions: testUtils.es6LanguageOptions,
+ languageOptions: testUtils.es6LanguageOptions
},
{
// should ban http,ftp multipart template strings in variables
@@ -164,9 +164,9 @@ ruleTester.run(ruleId, rule, {
`,
errors: [
{ messageId: "doNotUseInsecureUrl", line: 2 },
- { messageId: "doNotUseInsecureUrl", line: 3 },
+ { messageId: "doNotUseInsecureUrl", line: 3 }
],
- languageOptions: testUtils.es6LanguageOptions,
+ languageOptions: testUtils.es6LanguageOptions
},
{
// should ban http,ftp strings in default values
@@ -180,9 +180,9 @@ ruleTester.run(ruleId, rule, {
`,
errors: [
{ messageId: "doNotUseInsecureUrl", line: 2 },
- { messageId: "doNotUseInsecureUrl", line: 3 },
+ { messageId: "doNotUseInsecureUrl", line: 3 }
],
- languageOptions: testUtils.tsLanguageOptions,
+ languageOptions: testUtils.tsLanguageOptions
},
{
// should ban user-provided blacklist matches, regardless of upper/lower-case
@@ -202,17 +202,17 @@ ruleTester.run(ruleId, rule, {
{ messageId: "doNotUseInsecureUrl", line: 2 },
{ messageId: "doNotUseInsecureUrl", line: 3 },
{ messageId: "doNotUseInsecureUrl", line: 4 },
- { messageId: "doNotUseInsecureUrl", line: 5 },
+ { messageId: "doNotUseInsecureUrl", line: 5 }
],
options: [
{
blocklist: [
"htTp://www.ban-example.com/?.*",
"fTp://www.ban-file-example.com/?.*",
- "lDAp://www.ban-ldap-example.com/?.*",
- ],
- },
- ],
+ "lDAp://www.ban-ldap-example.com/?.*"
+ ]
+ }
+ ]
},
{
// should ban any other xml attribute with urls in them
@@ -233,13 +233,13 @@ ruleTester.run(ruleId, rule, {
};
`,
errors: [{ messageId: "doNotUseInsecureUrl", line: 4 }],
- languageOptions: testUtils.tsReactLanguageOptions,
+ languageOptions: testUtils.tsReactLanguageOptions
},
{
// should escape the url string correctly
code: `var a1 = "http://moz\ti\tlla.org";`,
output: `var a1 = "https://moz\\ti\\tlla.org";`,
- errors: [{ messageId: "doNotUseInsecureUrl", line: 1 }],
+ errors: [{ messageId: "doNotUseInsecureUrl", line: 1 }]
},
{
// should fix url in `` correctly
@@ -247,7 +247,7 @@ ruleTester.run(ruleId, rule, {
output: "var x1 = `https://foo${multipartExample} http://${multipartExample}.com`;",
errors: [{ messageId: "doNotUseInsecureUrl", line: 1 }],
- languageOptions: testUtils.es6LanguageOptions,
+ languageOptions: testUtils.es6LanguageOptions
},
{
// should escape the string and fix it properly in ``
@@ -255,7 +255,7 @@ ruleTester.run(ruleId, rule, {
output: `var a1 = \`https://moz\\ti\\tlla.org\`;`,
errors: [{ messageId: "doNotUseInsecureUrl", line: 1 }],
- languageOptions: testUtils.es6LanguageOptions,
- },
- ],
+ languageOptions: testUtils.es6LanguageOptions
+ }
+ ]
});
diff --git a/tests/lib/rules/no-msapp-exec-unsafe.js b/tests/lib/rules/no-msapp-exec-unsafe.js
index 5389c9a..169ae27 100644
--- a/tests/lib/rules/no-msapp-exec-unsafe.js
+++ b/tests/lib/rules/no-msapp-exec-unsafe.js
@@ -13,7 +13,7 @@ ruleTester.run(ruleId, rule, {
invalid: [
{
code: "MSApp.execUnsafeLocalFunction(testfunc)",
- errors: [{ messageId: "default", line: 1, type: "CallExpression" }],
- },
- ],
+ errors: [{ messageId: "default", line: 1, type: "CallExpression" }]
+ }
+ ]
});
diff --git a/tests/lib/rules/no-postmessage-star-origin.js b/tests/lib/rules/no-postmessage-star-origin.js
index 0794681..91df84f 100644
--- a/tests/lib/rules/no-postmessage-star-origin.js
+++ b/tests/lib/rules/no-postmessage-star-origin.js
@@ -27,8 +27,8 @@ function main() {
var w: WindowLike = new WindowLike();
w.postMessage('test', '*');
}
- `,
- },
+ `
+ }
],
invalid: [
{
@@ -38,8 +38,8 @@ function main() {
`,
errors: [
{ messageId: "default", line: 2 },
- { messageId: "default", line: 3 },
- ],
+ { messageId: "default", line: 3 }
+ ]
},
{
languageOptions: testUtils.tsLanguageOptions,
@@ -50,8 +50,8 @@ function main() {
`,
errors: [
{ messageId: "default", line: 2 },
- { messageId: "default", line: 4 },
- ],
- },
- ],
+ { messageId: "default", line: 4 }
+ ]
+ }
+ ]
});
diff --git a/tests/lib/rules/no-unsafe-alloc.js b/tests/lib/rules/no-unsafe-alloc.js
index 4384c5e..fd17c3e 100644
--- a/tests/lib/rules/no-unsafe-alloc.js
+++ b/tests/lib/rules/no-unsafe-alloc.js
@@ -18,8 +18,8 @@ ruleTester.run(ruleId, rule, {
`,
errors: [
{ messageId: "default", line: 2 },
- { messageId: "default", line: 3 },
- ],
- },
- ],
+ { messageId: "default", line: 3 }
+ ]
+ }
+ ]
});
diff --git a/tests/lib/rules/no-winjs-html-unsafe.js b/tests/lib/rules/no-winjs-html-unsafe.js
index 62e1608..6a33bcb 100644
--- a/tests/lib/rules/no-winjs-html-unsafe.js
+++ b/tests/lib/rules/no-winjs-html-unsafe.js
@@ -20,8 +20,8 @@ ruleTester.run(ruleId, rule, {
errors: [
{ messageId: "default", line: 2, type: "CallExpression" },
{ messageId: "default", line: 3, type: "CallExpression" },
- { messageId: "default", line: 4, type: "CallExpression" },
- ],
- },
- ],
+ { messageId: "default", line: 4, type: "CallExpression" }
+ ]
+ }
+ ]
});
diff --git a/tests/lib/rules/react-iframe-missing-sandbox.js b/tests/lib/rules/react-iframe-missing-sandbox.js
index 2c07cde..1844682 100644
--- a/tests/lib/rules/react-iframe-missing-sandbox.js
+++ b/tests/lib/rules/react-iframe-missing-sandbox.js
@@ -14,10 +14,10 @@ var ruleTester = new RuleTester({
ecmaVersion: 2018,
sourceType: "module",
ecmaFeatures: {
- jsx: true,
- },
- },
- },
+ jsx: true
+ }
+ }
+ }
});
ruleTester.run(ruleId, rule, {
@@ -38,48 +38,48 @@ ruleTester.run(ruleId, rule, {
{ code: '' },
{ code: '' },
{
- code: '',
+ code: ''
},
{ code: '' },
{
- code: '',
- },
+ code: ''
+ }
],
invalid: [
{
code: ";",
- errors: [{ messageId: "attributeMissing" }],
+ errors: [{ messageId: "attributeMissing" }]
},
{
code: ";",
- errors: [{ messageId: "attributeMissing" }],
+ errors: [{ messageId: "attributeMissing" }]
},
{
code: '',
- errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }],
+ errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }]
},
{
code: '',
- errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }],
+ errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }]
},
{
code: '',
- errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }],
+ errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }]
},
{
code: '',
errors: [
{ messageId: "invalidValue", data: { value: "__unknown__" } },
- { messageId: "invalidValue", data: { value: "__unknown__" } },
- ],
+ { messageId: "invalidValue", data: { value: "__unknown__" } }
+ ]
},
{
code: ';',
- errors: [{ messageId: "invalidCombination" }],
+ errors: [{ messageId: "invalidCombination" }]
},
{
code: ';',
- errors: [{ messageId: "invalidCombination" }],
- },
- ],
+ errors: [{ messageId: "invalidCombination" }]
+ }
+ ]
});
diff --git a/tests/lib/test-utils.js b/tests/lib/test-utils.js
index 591eb3a..be8d2ca 100644
--- a/tests/lib/test-utils.js
+++ b/tests/lib/test-utils.js
@@ -14,15 +14,15 @@ module.exports = {
es6LanguageOptions: {
parserOptions: {
ecmaVersion: 6,
- sourceType: "module",
- },
+ sourceType: "module"
+ }
},
tsLanguageOptions: {
parser: tsParser,
parserOptions: {
tsconfigRootDir: path.join(__dirname, "..", "fixtures", "ts"),
- projectService: true,
- },
+ projectService: true
+ }
},
tsReactLanguageOptions: {
parser: tsParser,
@@ -30,8 +30,8 @@ module.exports = {
tsconfigRootDir: path.join(__dirname, "..", "fixtures", "tsx"),
projectService: true,
ecmaFeatures: {
- jsx: true,
- },
- },
- },
+ jsx: true
+ }
+ }
+ }
};