From 5974046e6f30014abc8c5026c105de3521cb124e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Ka=C4=8Dmar?= Date: Tue, 1 Oct 2024 15:30:42 +0200 Subject: [PATCH] Do not allow trailing commas in code style --- .prettierrc | 3 +- README.md | 6 +- config/angular.js | 8 +-- config/angularjs.js | 8 +-- config/common.js | 8 +-- config/electron.js | 8 +-- config/node.js | 14 ++-- config/react.js | 26 +++---- config/typescript.js | 20 +++--- lib/ast-utils.js | 2 +- lib/index.js | 14 ++-- lib/rules/no-angular-bypass-sanitizer.js | 14 ++-- .../no-angular-sanitization-trusted-urls.js | 14 ++-- lib/rules/no-angularjs-bypass-sce.js | 16 ++--- lib/rules/no-angularjs-enable-svg.js | 14 ++-- .../no-angularjs-sanitization-whitelist.js | 14 ++-- lib/rules/no-cookies.js | 12 ++-- lib/rules/no-document-domain.js | 12 ++-- lib/rules/no-document-write.js | 12 ++-- lib/rules/no-electron-node-integration.js | 14 ++-- lib/rules/no-html-method.js | 12 ++-- lib/rules/no-inner-html.js | 18 ++--- lib/rules/no-insecure-random.js | 20 +++--- lib/rules/no-insecure-url.js | 36 +++++----- lib/rules/no-msapp-exec-unsafe.js | 14 ++-- lib/rules/no-postmessage-star-origin.js | 16 ++--- lib/rules/no-unsafe-alloc.js | 12 ++-- lib/rules/no-winjs-html-unsafe.js | 14 ++-- lib/rules/react-iframe-missing-sandbox.js | 20 +++--- .../lib/rules/no-angular-bypass-sanitizer.js | 20 +++--- .../no-angular-sanitization-trusted-urls.js | 18 ++--- tests/lib/rules/no-angularjs-bypass-sce.js | 26 +++---- tests/lib/rules/no-angularjs-enable-svg.js | 10 +-- .../no-angularjs-sanitization-whitelist.js | 18 ++--- tests/lib/rules/no-cookies.js | 20 +++--- tests/lib/rules/no-document-domain.js | 24 +++---- tests/lib/rules/no-document-write.js | 18 ++--- .../lib/rules/no-electron-node-integration.js | 16 ++--- tests/lib/rules/no-html-method.js | 12 ++-- tests/lib/rules/no-inner-html.js | 22 +++--- tests/lib/rules/no-insecure-random.js | 44 ++++++------ tests/lib/rules/no-insecure-url.js | 70 +++++++++---------- tests/lib/rules/no-msapp-exec-unsafe.js | 6 +- tests/lib/rules/no-postmessage-star-origin.js | 16 ++--- tests/lib/rules/no-unsafe-alloc.js | 8 +-- tests/lib/rules/no-winjs-html-unsafe.js | 8 +-- .../lib/rules/react-iframe-missing-sandbox.js | 36 +++++----- tests/lib/test-utils.js | 16 ++--- 48 files changed, 405 insertions(+), 404 deletions(-) diff --git a/.prettierrc b/.prettierrc index de753c5..a710a70 100644 --- a/.prettierrc +++ b/.prettierrc @@ -1,3 +1,4 @@ { - "printWidth": 100 + "printWidth": 100, + "trailingComma": "none" } diff --git a/README.md b/README.md index c39b2fb..622c712 100644 --- a/README.md +++ b/README.md @@ -39,9 +39,9 @@ module.exports = [ { rules: { "no-eval": "error", - "@microsoft/sdl/no-inner-html": "error", - }, - }, + "@microsoft/sdl/no-inner-html": "error" + } + } ]; ``` diff --git a/config/angular.js b/config/angular.js index 9b6220c..50cc9de 100644 --- a/config/angular.js +++ b/config/angular.js @@ -8,11 +8,11 @@ module.exports = (pluginSdl) => { return [ { plugins: { - "@microsoft/sdl": pluginSdl, + "@microsoft/sdl": pluginSdl }, rules: { - "@microsoft/sdl/no-angular-bypass-sanitizer": "error", - }, - }, + "@microsoft/sdl/no-angular-bypass-sanitizer": "error" + } + } ]; }; diff --git a/config/angularjs.js b/config/angularjs.js index 974a0b2..c85b518 100644 --- a/config/angularjs.js +++ b/config/angularjs.js @@ -8,13 +8,13 @@ module.exports = (pluginSdl) => { return [ { plugins: { - "@microsoft/sdl": pluginSdl, + "@microsoft/sdl": pluginSdl }, rules: { "@microsoft/sdl/no-angularjs-enable-svg": "error", "@microsoft/sdl/no-angularjs-sanitization-whitelist": "error", - "@microsoft/sdl/no-angularjs-bypass-sce": "error", - }, - }, + "@microsoft/sdl/no-angularjs-bypass-sce": "error" + } + } ]; }; diff --git a/config/common.js b/config/common.js index 1d3ccde..70a8191 100644 --- a/config/common.js +++ b/config/common.js @@ -7,7 +7,7 @@ module.exports = (pluginSdl) => { return [ { plugins: { - "@microsoft/sdl": pluginSdl, + "@microsoft/sdl": pluginSdl }, rules: { "no-caller": "error", @@ -23,8 +23,8 @@ module.exports = (pluginSdl) => { "@microsoft/sdl/no-insecure-url": "error", "@microsoft/sdl/no-msapp-exec-unsafe": "error", "@microsoft/sdl/no-postmessage-star-origin": "error", - "@microsoft/sdl/no-winjs-html-unsafe": "error", - }, - }, + "@microsoft/sdl/no-winjs-html-unsafe": "error" + } + } ]; }; diff --git a/config/electron.js b/config/electron.js index d9d788d..a6d23ae 100644 --- a/config/electron.js +++ b/config/electron.js @@ -7,11 +7,11 @@ module.exports = (pluginSdl) => { return [ { plugins: { - "@microsoft/sdl": pluginSdl, + "@microsoft/sdl": pluginSdl }, rules: { - "@microsoft/sdl/no-electron-node-integration": "error", - }, - }, + "@microsoft/sdl/no-electron-node-integration": "error" + } + } ]; }; diff --git a/config/node.js b/config/node.js index 0feb108..f6d88f8 100644 --- a/config/node.js +++ b/config/node.js @@ -9,19 +9,19 @@ module.exports = (pluginSdl) => { return [ { plugins: { - n: pluginN, + n: pluginN }, rules: { - "n/no-deprecated-api": "error", - }, + "n/no-deprecated-api": "error" + } }, { plugins: { - "@microsoft/sdl": pluginSdl, + "@microsoft/sdl": pluginSdl }, rules: { - "@microsoft/sdl/no-unsafe-alloc": "error", - }, - }, + "@microsoft/sdl/no-unsafe-alloc": "error" + } + } ]; }; diff --git a/config/react.js b/config/react.js index 80e7fa7..6260cb1 100644 --- a/config/react.js +++ b/config/react.js @@ -11,14 +11,14 @@ module.exports = (pluginSdl) => { languageOptions: { parserOptions: { ecmaFeatures: { - jsx: true, - }, - }, - }, + jsx: true + } + } + } }, { plugins: { - react: pluginReact, + react: pluginReact }, rules: { "react/no-danger": "error", @@ -27,18 +27,18 @@ module.exports = (pluginSdl) => { { allowReferrer: false, enforceDynamicLinks: "always", - warnOnSpreadAttributes: true, - }, - ], - }, + warnOnSpreadAttributes: true + } + ] + } }, { plugins: { - "@microsoft/sdl": pluginSdl, + "@microsoft/sdl": pluginSdl }, rules: { - "@microsoft/sdl/react-iframe-missing-sandbox": "error", - }, - }, + "@microsoft/sdl/react-iframe-missing-sandbox": "error" + } + } ]; }; diff --git a/config/typescript.js b/config/typescript.js index a8dc50b..4085447 100644 --- a/config/typescript.js +++ b/config/typescript.js @@ -13,28 +13,28 @@ module.exports = () => { ecmaVersion: 6, sourceType: "module", ecmaFeatures: { - jsx: true, - }, - }, - }, + jsx: true + } + } + } }, { files: ["**/*.{ts,tsx}"], languageOptions: { parserOptions: { - parser: "@typescript-eslint/parser", - }, + parser: "@typescript-eslint/parser" + } }, plugins: { - "@typescript-eslint": pluginTypescript, + "@typescript-eslint": pluginTypescript }, rules: { "@typescript-eslint/no-implied-eval": "error", // @typescript-eslint/no-implied-eval offers more accurate results for typescript. // thus we turn the more generic rule off for ts and tsx files. // This also avoids duplicate hits. - "no-implied-eval": "off", - }, - }, + "no-implied-eval": "off" + } + } ]; }; diff --git a/lib/ast-utils.js b/lib/ast-utils.js index 590d669..0a97334 100644 --- a/lib/ast-utils.js +++ b/lib/ast-utils.js @@ -65,5 +65,5 @@ module.exports = { ); } return false; - }, + } }; diff --git a/lib/index.js b/lib/index.js index 12f1f58..60b3433 100644 --- a/lib/index.js +++ b/lib/index.js @@ -11,7 +11,7 @@ const pkg = require(path.join("..", "package.json")); const plugin = { meta: { name: pkg.name, - version: pkg.version, + version: pkg.version }, rules: { "no-angular-bypass-sanitizer": require("./rules/no-angular-bypass-sanitizer"), @@ -31,10 +31,10 @@ const plugin = { "no-postmessage-star-origin": require("./rules/no-postmessage-star-origin"), "no-unsafe-alloc": require("./rules/no-unsafe-alloc"), "no-winjs-html-unsafe": require("./rules/no-winjs-html-unsafe"), - "react-iframe-missing-sandbox": require("./rules/react-iframe-missing-sandbox"), + "react-iframe-missing-sandbox": require("./rules/react-iframe-missing-sandbox") }, // Filled in later in order to reference plugin itself. - configs: {}, + configs: {} }; plugin.configs["angular"] = require("../config/angular")(plugin); @@ -51,7 +51,7 @@ plugin.configs["required"] = [ ...plugin.configs["common"], ...plugin.configs["electron"], ...plugin.configs["node"], - ...plugin.configs["react"], + ...plugin.configs["react"] ]; plugin.configs["recommended"] = [ @@ -59,9 +59,9 @@ plugin.configs["recommended"] = [ ...plugin.configs["typescript"], { plugins: { - security: pluginSecurity, - }, - }, + security: pluginSecurity + } + } ]; module.exports = plugin; diff --git a/lib/rules/no-angular-bypass-sanitizer.js b/lib/rules/no-angular-bypass-sanitizer.js index 36d1e3f..8650fa2 100644 --- a/lib/rules/no-angular-bypass-sanitizer.js +++ b/lib/rules/no-angular-bypass-sanitizer.js @@ -17,22 +17,22 @@ module.exports = { category: "Security", description: "Calls to bypassSecurityTrustHtml, bypassSecurityTrustScript and similar methods bypass DomSanitizer in Angular and need to be reviewed.", - url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angular-bypass-sanitizer.md", + url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angular-bypass-sanitizer.md" }, messages: { - noBypass: "Do not bypass Angular's built-in sanitizer", - }, + noBypass: "Do not bypass Angular's built-in sanitizer" + } }, create: function (context) { return { "CallExpression[arguments!=''][callee.property.name=/bypassSecurityTrust(Html|ResourceUrl|Script|Style|Url)/]"( - node, + node ) { context.report({ node: node, - messageId: "noBypass", + messageId: "noBypass" }); - }, + } }; - }, + } }; diff --git a/lib/rules/no-angular-sanitization-trusted-urls.js b/lib/rules/no-angular-sanitization-trusted-urls.js index 05493d4..66b576e 100644 --- a/lib/rules/no-angular-sanitization-trusted-urls.js +++ b/lib/rules/no-angular-sanitization-trusted-urls.js @@ -17,22 +17,22 @@ module.exports = { category: "Security", description: "Calls to [`$compileProvider.aHrefSanitizationTrustedUrlList`](https://docs.angularjs.org/api/ng/provider/$compileProvider#aHrefSanitizationTrustedUrlList) configure allowed Url list in AngularJS sanitizer and need to be reviewed.", - url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angular-sanitization-trusted-urls.md", + url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angular-sanitization-trusted-urls.md" }, messages: { - noSanitizationTrustedUrls: "Do not modify the trusted Urls list in AngularJS", - }, + noSanitizationTrustedUrls: "Do not modify the trusted Urls list in AngularJS" + } }, create: function (context) { return { "CallExpression[arguments!=''][callee.object.name='$compileProvider'][callee.property.name=/(aHref|imgSrc)SanitizationTrustedUrlList/]"( - node, + node ) { context.report({ node: node, - messageId: "noSanitizationTrustedUrls", + messageId: "noSanitizationTrustedUrls" }); - }, + } }; - }, + } }; diff --git a/lib/rules/no-angularjs-bypass-sce.js b/lib/rules/no-angularjs-bypass-sce.js index 25271bc..74bad0a 100644 --- a/lib/rules/no-angularjs-bypass-sce.js +++ b/lib/rules/no-angularjs-bypass-sce.js @@ -17,23 +17,23 @@ module.exports = { category: "Security", description: "Calls to $sceProvider.enabled(false), $sceDelegate.trustAs(), $sce.trustAs() and relevant shorthand methods (e.g. trustAsHtml or trustAsJs) bypass Strict Contextual Escaping (SCE) in AngularJS and need to be reviewed.", - url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-bypass-sce.md", + url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-bypass-sce.md" }, messages: { - doNotBypass: "Do not bypass Strict Contextual Escaping (SCE) in AngularJS", - }, + doNotBypass: "Do not bypass Strict Contextual Escaping (SCE) in AngularJS" + } }, create: function (context) { function reportIt(node) { context.report({ node: node, - messageId: "doNotBypass", + messageId: "doNotBypass" }); } return { "CallExpression[arguments!=''][callee.object.name='$sceProvider'][callee.property.name='enabled']"( - node, + node ) { // Known false positives if ( @@ -48,7 +48,7 @@ module.exports = { "CallExpression[arguments!=''][callee.object.name='$sceDelegate'][callee.property.name='trustAs']": reportIt, "CallExpression[arguments!=''][callee.object.name='$sce'][callee.property.name=/trustAs(Css|Html|Js|ResourceUrl|Url)?/]"( - node, + node ) { // Known false positives if ( @@ -61,9 +61,9 @@ module.exports = { } return reportIt(node); - }, + } }; - }, + } }; // TODO: Review https://docs.angularjs.org/api/ng/provider/$sceDelegateProvider#resourceUrlWhitelist and https://docs.angularjs.org/api/ng/provider/$sceDelegateProvider#resourceUrlBlacklist diff --git a/lib/rules/no-angularjs-enable-svg.js b/lib/rules/no-angularjs-enable-svg.js index adaee84..7405601 100644 --- a/lib/rules/no-angularjs-enable-svg.js +++ b/lib/rules/no-angularjs-enable-svg.js @@ -17,16 +17,16 @@ module.exports = { category: "Security", description: "Calls to $sanitizeProvider.enableSvg(true) increase attack surface of the application by enabling SVG support in AngularJS sanitizer and need to be reviewed.", - url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-enable-svg.md", + url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-enable-svg.md" }, messages: { - doNotEnableSVG: "Do not enable SVG support in AngularJS", - }, + doNotEnableSVG: "Do not enable SVG support in AngularJS" + } }, create: function (context) { return { "CallExpression[callee.object.name='$sanitizeProvider'][callee.property.name='enableSvg']"( - node, + node ) { // Known false positives if ( @@ -38,11 +38,11 @@ module.exports = { } context.report({ node: node, - messageId: "doNotEnableSVG", + messageId: "doNotEnableSVG" }); - }, + } }; - }, + } }; // TODO: Add rules for $sanitizeProvider.addValidElements() and $sanitizeProvider.addValidAttrs() diff --git a/lib/rules/no-angularjs-sanitization-whitelist.js b/lib/rules/no-angularjs-sanitization-whitelist.js index fa7e40b..c92e1f4 100644 --- a/lib/rules/no-angularjs-sanitization-whitelist.js +++ b/lib/rules/no-angularjs-sanitization-whitelist.js @@ -17,22 +17,22 @@ module.exports = { category: "Security", description: "Calls to [`$compileProvider.aHrefSanitizationWhitelist`](https://docs.angularjs.org/api/ng/provider/$compileProvider#aHrefSanitizationWhitelist) or [`$compileProvider.imgSrcSanitizationWhitelist`](https://docs.angularjs.org/api/ng/provider/$compileProvider#imgSrcSanitizationWhitelist) configure whitelists in AngularJS sanitizer and need to be reviewed.", - url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-sanitization-whitelist.md", + url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-sanitization-whitelist.md" }, messages: { - noSanitizationWhitelist: "Do not modify sanitization whitelist in AngularJS", - }, + noSanitizationWhitelist: "Do not modify sanitization whitelist in AngularJS" + } }, create: function (context) { return { "CallExpression[arguments!=''][callee.object.name='$compileProvider'][callee.property.name=/(aHref|imgSrc)SanitizationWhitelist/]"( - node, + node ) { context.report({ node: node, - messageId: "noSanitizationWhitelist", + messageId: "noSanitizationWhitelist" }); - }, + } }; - }, + } }; diff --git a/lib/rules/no-cookies.js b/lib/rules/no-cookies.js index 04428e1..5e3347a 100644 --- a/lib/rules/no-cookies.js +++ b/lib/rules/no-cookies.js @@ -19,11 +19,11 @@ module.exports = { category: "Security", description: "HTTP cookies are an old client-side storage mechanism with inherent risks and limitations. Use Web Storage, IndexedDB or other more modern methods instead.", - url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-cookies.md", + url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-cookies.md" }, messages: { - doNotUseCookies: "Do not use HTTP cookies in modern applications", - }, + doNotUseCookies: "Do not use HTTP cookies in modern applications" + } }, create: function (context) { const fullTypeChecker = astUtils.getFullTypeChecker(context); @@ -32,10 +32,10 @@ module.exports = { if (astUtils.isDocumentObject(node.object, context, fullTypeChecker)) { context.report({ node: node, - messageId: "doNotUseCookies", + messageId: "doNotUseCookies" }); } - }, + } }; - }, + } }; diff --git a/lib/rules/no-document-domain.js b/lib/rules/no-document-domain.js index f49a75b..d99683d 100644 --- a/lib/rules/no-document-domain.js +++ b/lib/rules/no-document-domain.js @@ -19,11 +19,11 @@ module.exports = { category: "Security", description: "Writes to [`document.domain`](https://developer.mozilla.org/en-US/docs/Web/API/Document/domain) property must be reviewed to avoid bypass of [same-origin checks](https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy#Changing_origin). Usage of top level domains such as `azurewebsites.net` is strictly prohibited.", - url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-document-domain.md", + url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-document-domain.md" }, messages: { - default: "Do not write to document.domain property", - }, + default: "Do not write to document.domain property" + } }, create: function (context) { const fullTypeChecker = astUtils.getFullTypeChecker(context); @@ -32,10 +32,10 @@ module.exports = { if (astUtils.isDocumentObject(node.left.object, context, fullTypeChecker)) { context.report({ node: node, - messageId: "default", + messageId: "default" }); } - }, + } }; - }, + } }; diff --git a/lib/rules/no-document-write.js b/lib/rules/no-document-write.js index b1b2f8d..6c2c60f 100644 --- a/lib/rules/no-document-write.js +++ b/lib/rules/no-document-write.js @@ -19,11 +19,11 @@ module.exports = { category: "Security", description: "Calls to document.write or document.writeln manipulate DOM directly without any sanitization and should be avoided. Use document.createElement() or similar methods instead.", - url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-document-write.md", + url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-document-write.md" }, messages: { - default: "Do not write to DOM directly using document.write or document.writeln methods", - }, + default: "Do not write to DOM directly using document.write or document.writeln methods" + } }, create: function (context) { const fullTypeChecker = astUtils.getFullTypeChecker(context); @@ -32,10 +32,10 @@ module.exports = { if (astUtils.isDocumentObject(node.callee.object, context, fullTypeChecker)) { context.report({ node: node, - messageId: "default", + messageId: "default" }); } - }, + } }; - }, + } }; diff --git a/lib/rules/no-electron-node-integration.js b/lib/rules/no-electron-node-integration.js index 8eda6bb..589b818 100644 --- a/lib/rules/no-electron-node-integration.js +++ b/lib/rules/no-electron-node-integration.js @@ -16,22 +16,22 @@ module.exports = { category: "Security", description: "[Node.js Integration](https://www.electronjs.org/docs/tutorial/security#2-do-not-enable-nodejs-integration-for-remote-content) must not be enabled in any renderer that loads remote content to avoid remote code execution attacks.", - url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-electron-node-integration.md", + url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-electron-node-integration.md" }, messages: { - default: "Do not enable Node.js Integration for Remote Content", - }, + default: "Do not enable Node.js Integration for Remote Content" + } }, create: function (context) { return { "NewExpression[callee.name=/BrowserWindow|BrowserView/] > ObjectExpression.arguments > Property.properties[key.name=webPreferences] > ObjectExpression.value > Property.properties[key.name=/nodeIntegration|nodeIntegrationInWorker|nodeIntegrationInSubFrames/][value.value='true']"( - node, + node ) { context.report({ node: node, - messageId: "default", + messageId: "default" }); - }, + } }; - }, + } }; diff --git a/lib/rules/no-html-method.js b/lib/rules/no-html-method.js index 55aeed6..fadc62e 100644 --- a/lib/rules/no-html-method.js +++ b/lib/rules/no-html-method.js @@ -18,11 +18,11 @@ module.exports = { docs: { description: "Direct calls to method `html()` often (e.g. in jQuery framework) manipulate DOM without any sanitization and should be avoided. Use document.createElement() or similar methods instead.", - url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-html-method.md", + url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-html-method.md" }, messages: { - default: "Do not write to DOM directly using jQuery html() method", - }, + default: "Do not write to DOM directly using jQuery html() method" + } }, create: function (context) { const fullTypeChecker = astUtils.getFullTypeChecker(context); @@ -42,9 +42,9 @@ module.exports = { } context.report({ node: node, - messageId: "default", + messageId: "default" }); - }, + } }; - }, + } }; diff --git a/lib/rules/no-inner-html.js b/lib/rules/no-inner-html.js index 99aa169..24b30f1 100644 --- a/lib/rules/no-inner-html.js +++ b/lib/rules/no-inner-html.js @@ -18,12 +18,12 @@ module.exports = { docs: { description: "Assignments to [innerHTML](https://developer.mozilla.org/en-US/docs/Web/API/Element/innerHTML)/[outerHTML](https://developer.mozilla.org/en-US/docs/Web/API/Element/outerHTML) properties or calls to [insertAdjacentHTML](https://developer.mozilla.org/en-US/docs/Web/API/Element/insertAdjacentHTML) method manipulate DOM directly without any sanitization and should be avoided. Use document.createElement() or similar methods instead.", - url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-inner-html.md", + url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-inner-html.md" }, messages: { noInnerHtml: "Do not write to DOM directly using innerHTML/outerHTML property", - noInsertAdjacentHTML: "Do not write to DOM using insertAdjacentHTML method", - }, + noInsertAdjacentHTML: "Do not write to DOM using insertAdjacentHTML method" + } }, create: function (context) { const fullTypeChecker = astUtils.getFullTypeChecker(context); @@ -35,7 +35,7 @@ module.exports = { return { "CallExpression[arguments.length=2] > MemberExpression.callee[property.name='insertAdjacentHTML']"( - node, + node ) { // Ignore known false positives if ( @@ -53,12 +53,12 @@ module.exports = { if (mightBeHTMLElement(node.object)) { context.report({ node: node, - messageId: "noInsertAdjacentHTML", + messageId: "noInsertAdjacentHTML" }); } }, "AssignmentExpression[left.type='MemberExpression'][left.property.name=/innerHTML|outerHTML/]"( - node, + node ) { // Ignore known false positives if ( @@ -73,10 +73,10 @@ module.exports = { if (mightBeHTMLElement(node.left.object)) { context.report({ node: node, - messageId: "noInnerHtml", + messageId: "noInnerHtml" }); } - }, + } }; - }, + } }; diff --git a/lib/rules/no-insecure-random.js b/lib/rules/no-insecure-random.js index 2c77d31..1ec305b 100644 --- a/lib/rules/no-insecure-random.js +++ b/lib/rules/no-insecure-random.js @@ -17,7 +17,7 @@ const bannedRandomLibraries = [ "random-int", "random-float", "random-seed", - "unique-random", + "unique-random" ]; module.exports = { @@ -31,12 +31,12 @@ module.exports = { Use crypto.randomBytes() or window.crypto.getRandomValues() instead. `, - url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-insecure-random.md", + url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-insecure-random.md" }, messages: { default: - "Do not use pseudo-random number generators for generating secret values such as tokens, passwords or keys.", - }, + "Do not use pseudo-random number generators for generating secret values such as tokens, passwords or keys." + } }, create: function (context) { const fullTypeChecker = astUtils.getFullTypeChecker(context); @@ -54,7 +54,7 @@ module.exports = { if (notFalsePositive) { context.report({ node: node, - messageId: "default", + messageId: "default" }); } }, @@ -70,7 +70,7 @@ module.exports = { if (notFalsePositive) { context.report({ node: node, - messageId: "default", + messageId: "default" }); } }, @@ -78,7 +78,7 @@ module.exports = { if (bannedRandomLibraries.includes(path.basename(node.source.value))) { context.report({ node: node, - messageId: "default", + messageId: "default" }); } }, @@ -87,10 +87,10 @@ module.exports = { if (bannedRandomLibraries.includes(requireName)) { context.report({ node: node, - messageId: "default", + messageId: "default" }); } - }, + } }; - }, + } }; diff --git a/lib/rules/no-insecure-url.js b/lib/rules/no-insecure-url.js index 49209d8..3ecca4b 100644 --- a/lib/rules/no-insecure-url.js +++ b/lib/rules/no-insecure-url.js @@ -15,7 +15,7 @@ const DEFAULT_EXCEPTIONS = [ /^http:(\/\/|\\u002f\\u002f)schemas\.openxmlformats\.org(\/\/|\\u002f\\u002f)?.*/i, /^http:(\/|\\u002f){2}localhost(:|\/|\\u002f)*/i, /^http:(\/\/)www\.w3\.org\/1999\/xhtml/i, - /^http:(\/\/)www\.w3\.org\/2000\/svg/i, + /^http:(\/\/)www\.w3\.org\/2000\/svg/i ]; const DEFAULT_VARIABLES_EXECEPTIONS = []; @@ -34,34 +34,34 @@ module.exports = { blocklist: { type: "array", items: { - type: "string", - }, + type: "string" + } }, exceptions: { type: "array", items: { - type: "string", - }, + type: "string" + } }, varExceptions: { type: "array", items: { - type: "string", - }, - }, + type: "string" + } + } }, - additionalProperties: false, - }, + additionalProperties: false + } ], docs: { category: "Security", description: "Insecure protocols such as [HTTP](https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol) or [FTP](https://en.wikipedia.org/wiki/File_Transfer_Protocol) should be replaced by their encrypted counterparts ([HTTPS](https://en.wikipedia.org/wiki/HTTPS), [FTPS](https://en.wikipedia.org/wiki/FTPS)) to avoid sending (potentially sensitive) data over untrusted network in plaintext.", - url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-insecure-url.md", + url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-insecure-url.md" }, messages: { - doNotUseInsecureUrl: "Do not use insecure URLs", - }, + doNotUseInsecureUrl: "Do not use insecure URLs" + } }, create: function (context) { const options = context.options[0] || {}; @@ -74,7 +74,7 @@ module.exports = { const varExceptions = (options.varExceptions || DEFAULT_VARIABLES_EXECEPTIONS).map( (pattern) => { return new RegExp(pattern, "i"); - }, + } ); function matches(patterns, value) { @@ -120,7 +120,7 @@ module.exports = { //insert an "s" before ":/" to change http:/ to https:/ return fixer.replaceText(node, JSON.stringify(fixedString)); } - }, + } }); } } @@ -149,11 +149,11 @@ module.exports = { //insert an "s" before ":/" to change http:/ to https:/ return fixer.replaceText(node, fixedString); } - }, + } }); } } - }, + } }; - }, + } }; diff --git a/lib/rules/no-msapp-exec-unsafe.js b/lib/rules/no-msapp-exec-unsafe.js index bb1203d..3bb1685 100644 --- a/lib/rules/no-msapp-exec-unsafe.js +++ b/lib/rules/no-msapp-exec-unsafe.js @@ -16,22 +16,22 @@ module.exports = { docs: { description: "Calls to [`MSApp.execUnsafeLocalFunction()`](https://docs.microsoft.com/en-us/previous-versions/hh772324(v=vs.85)) bypass script injection validation and should be avoided.", - url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-msapp-exec-unsafe.md", + url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-msapp-exec-unsafe.md" }, messages: { - default: "Do not bypass script injection validation", - }, + default: "Do not bypass script injection validation" + } }, create: function (context) { return { "CallExpression[arguments.length=1][callee.object.name='MSApp'][callee.property.name='execUnsafeLocalFunction']"( - node, + node ) { context.report({ node: node, - messageId: "default", + messageId: "default" }); - }, + } }; - }, + } }; diff --git a/lib/rules/no-postmessage-star-origin.js b/lib/rules/no-postmessage-star-origin.js index 5fdda1a..5a76c0e 100644 --- a/lib/rules/no-postmessage-star-origin.js +++ b/lib/rules/no-postmessage-star-origin.js @@ -17,17 +17,17 @@ module.exports = { docs: { description: "Always provide specific target origin, not * when sending data to other windows using [`postMessage`](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage#Security_concerns) to avoid data leakage outside of trust boundary.", - url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-postmessage-star-origin.md", + url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-postmessage-star-origin.md" }, messages: { - default: "Do not use * as target origin when sending data to other windows", - }, + default: "Do not use * as target origin when sending data to other windows" + } }, create: function (context) { const fullTypeChecker = astUtils.getFullTypeChecker(context); return { "CallExpression[arguments.length>=2][arguments.length<=3][callee.property.name=postMessage]"( - node, + node ) { // Check that second argument (target origin) is Literal "*" if (!(node.arguments[1].type === "Literal" && node.arguments[1].value == "*")) { @@ -37,7 +37,7 @@ module.exports = { // Check that object type is Window when full type information is available if (fullTypeChecker) { const tsNode = context.sourceCode.parserServices.esTreeNodeToTSNodeMap.get( - node.callee.object, + node.callee.object ); const tsType = fullTypeChecker.getTypeAtLocation(tsNode); const type = fullTypeChecker.typeToString(tsType); @@ -48,9 +48,9 @@ module.exports = { context.report({ node: node, - messageId: "default", + messageId: "default" }); - }, + } }; - }, + } }; diff --git a/lib/rules/no-unsafe-alloc.js b/lib/rules/no-unsafe-alloc.js index bd0b7c7..aa0144a 100644 --- a/lib/rules/no-unsafe-alloc.js +++ b/lib/rules/no-unsafe-alloc.js @@ -11,11 +11,11 @@ module.exports = { docs: { description: "When calling [`Buffer.allocUnsafe`](https://nodejs.org/api/buffer.html#buffer_static_method_buffer_allocunsafe_size) and [`Buffer.allocUnsafeSlow`](https://nodejs.org/api/buffer.html#buffer_static_method_buffer_allocunsafeslow_size), the allocated memory is not wiped-out and can contain old, potentially sensitive data.", - url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-unsafe-alloc.md", + url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-unsafe-alloc.md" }, messages: { - default: "Do not allocate uninitialized buffers in Node.js", - }, + default: "Do not allocate uninitialized buffers in Node.js" + } }, create: function (context) { return { @@ -36,9 +36,9 @@ module.exports = { } context.report({ node: node, - messageId: "default", + messageId: "default" }); - }, + } }; - }, + } }; diff --git a/lib/rules/no-winjs-html-unsafe.js b/lib/rules/no-winjs-html-unsafe.js index fa74734..44ae7aa 100644 --- a/lib/rules/no-winjs-html-unsafe.js +++ b/lib/rules/no-winjs-html-unsafe.js @@ -16,22 +16,22 @@ module.exports = { docs: { description: "Calls to [`WinJS.Utilities.setInnerHTMLUnsafe()`](https://docs.microsoft.com/en-us/previous-versions/windows/apps/br211696(v=win.10)) and similar methods do not perform any input validation and should be avoided. Use [`WinJS.Utilities.setInnerHTML()`](https://docs.microsoft.com/en-us/previous-versions/windows/apps/br211697(v=win.10)) instead.", - url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-winjs-html-unsafe.md", + url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-winjs-html-unsafe.md" }, messages: { - default: "Do not set HTML using unsafe methods from WinJS.Utilities", - }, + default: "Do not set HTML using unsafe methods from WinJS.Utilities" + } }, create: function (context) { return { "CallExpression[callee.object.object.name='WinJS'][callee.object.property.name='Utilities'][callee.property.name=/(insertAdjacent|setInner|setOuter)HTMLUnsafe/]"( - node, + node ) { context.report({ node: node, - messageId: "default", + messageId: "default" }); - }, + } }; - }, + } }; diff --git a/lib/rules/react-iframe-missing-sandbox.js b/lib/rules/react-iframe-missing-sandbox.js index 02ef7fe..fe33095 100644 --- a/lib/rules/react-iframe-missing-sandbox.js +++ b/lib/rules/react-iframe-missing-sandbox.js @@ -18,15 +18,15 @@ module.exports = { category: "Security", description: "The [sandbox](https://www.w3schools.com/tags/att_iframe_sandbox.asp) attribute enables an extra set of restrictions for the content in the iframe and should always be specified.", - url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/react-iframe-missing-sandbox.md", + url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/react-iframe-missing-sandbox.md" }, messages: { attributeMissing: "An iframe element is missing a sandbox attribute", invalidValue: 'An iframe element defines a sandbox attribute with invalid value "{{ value }}"', invalidCombination: - "An iframe element defines a sandbox attribute with both allow-scripts and allow-same-origin which is invalid", - }, + "An iframe element defines a sandbox attribute with both allow-scripts and allow-same-origin which is invalid" + } }, create(context) { @@ -43,7 +43,7 @@ module.exports = { "allow-same-origin", "allow-scripts", "allow-top-navigation", - "allow-top-navigation-by-user-activation", + "allow-top-navigation-by-user-activation" ]; function validateSandboxAttribute(node, attribute) { @@ -57,8 +57,8 @@ module.exports = { node, messageId: "invalidValue", data: { - value: trimmedAttributeValue, - }, + value: trimmedAttributeValue + } }); } if (trimmedAttributeValue === "allow-scripts") { @@ -71,7 +71,7 @@ module.exports = { if (allowScripts && allowSameOrigin) { context.report({ node, - messageId: "invalidCombination", + messageId: "invalidCombination" }); } } @@ -96,10 +96,10 @@ module.exports = { if (!sandboxAttributeFound) { context.report({ node, - messageId: "attributeMissing", + messageId: "attributeMissing" }); } - }, + } }; - }, + } }; diff --git a/tests/lib/rules/no-angular-bypass-sanitizer.js b/tests/lib/rules/no-angular-bypass-sanitizer.js index 90a3387..0e17d8e 100644 --- a/tests/lib/rules/no-angular-bypass-sanitizer.js +++ b/tests/lib/rules/no-angular-bypass-sanitizer.js @@ -11,7 +11,7 @@ ruleTester.run(ruleId, rule, { valid: [ "bypassSecurityTrustHtml('XSS')", "x.bypassSecurityTrustHtml()", - "x.BypassSecurityTrustHtml('XSS')", + "x.BypassSecurityTrustHtml('XSS')" ], invalid: [ { @@ -22,25 +22,25 @@ ruleTester.run(ruleId, rule, { line: 1, endLine: 1, column: 1, - endColumn: 38, - }, - ], + endColumn: 38 + } + ] }, { code: "$('p').bypassSecurityTrustResourceUrl('XSS')", - errors: [{ messageId: "noBypass" }], + errors: [{ messageId: "noBypass" }] }, { code: "$('p').bypassSecurityTrustScript('XSS')", - errors: [{ messageId: "noBypass" }], + errors: [{ messageId: "noBypass" }] }, { code: "$('p').bypassSecurityTrustStyle('XSS')", - errors: [{ messageId: "noBypass" }], + errors: [{ messageId: "noBypass" }] }, { code: "$('p').bypassSecurityTrustUrl('XSS')", - errors: [{ messageId: "noBypass" }], - }, - ], + errors: [{ messageId: "noBypass" }] + } + ] }); diff --git a/tests/lib/rules/no-angular-sanitization-trusted-urls.js b/tests/lib/rules/no-angular-sanitization-trusted-urls.js index f3b5c97..4a11b31 100644 --- a/tests/lib/rules/no-angular-sanitization-trusted-urls.js +++ b/tests/lib/rules/no-angular-sanitization-trusted-urls.js @@ -12,7 +12,7 @@ ruleTester.run(ruleId, rule, { "aHrefSanitizationTrustedUrlList ('.*')", "x.aHrefSanitizationTrustedUrlList ('.*')", "$compileProvider.aHrefSanitizationTrustedUrlList ()", - "$compileProvider.AHrefSanitizationTrustedUrlList ('.*')", + "$compileProvider.AHrefSanitizationTrustedUrlList ('.*')" ], invalid: [ { @@ -23,9 +23,9 @@ ruleTester.run(ruleId, rule, { line: 1, endLine: 1, column: 1, - endColumn: 56, - }, - ], + endColumn: 56 + } + ] }, { code: "$compileProvider.imgSrcSanitizationTrustedUrlList('.*');", @@ -35,9 +35,9 @@ ruleTester.run(ruleId, rule, { line: 1, endLine: 1, column: 1, - endColumn: 56, - }, - ], - }, - ], + endColumn: 56 + } + ] + } + ] }); diff --git a/tests/lib/rules/no-angularjs-bypass-sce.js b/tests/lib/rules/no-angularjs-bypass-sce.js index f85e9fb..4fbe281 100644 --- a/tests/lib/rules/no-angularjs-bypass-sce.js +++ b/tests/lib/rules/no-angularjs-bypass-sce.js @@ -16,48 +16,48 @@ ruleTester.run(ruleId, rule, { "x.trustAsHtml('XSS')", "$sceProvider.enabled()", "$sceProvider.enabled(true)", - "$sceProvider.enabled(1)", + "$sceProvider.enabled(1)" ], invalid: [ { code: "$sceDelegate.trustAs($sce.HTML, 'XSS')", - errors: [{ messageId: "doNotBypass" }], + errors: [{ messageId: "doNotBypass" }] }, { code: "$sce.trustAs($sce.HTML, 'XSS')", - errors: [{ messageId: "doNotBypass" }], + errors: [{ messageId: "doNotBypass" }] }, { code: "$sce.trustAsCss('XSS')", - errors: [{ messageId: "doNotBypass" }], + errors: [{ messageId: "doNotBypass" }] }, { code: "$sce.trustAsHtml('XSS')", - errors: [{ messageId: "doNotBypass" }], + errors: [{ messageId: "doNotBypass" }] }, { code: "$sce.trustAsJs('XSS')", - errors: [{ messageId: "doNotBypass" }], + errors: [{ messageId: "doNotBypass" }] }, { code: "$sce.trustAsResourceUrl('XSS')", - errors: [{ messageId: "doNotBypass" }], + errors: [{ messageId: "doNotBypass" }] }, { code: "$sce.trustAsUrl('XSS')", - errors: [{ messageId: "doNotBypass" }], + errors: [{ messageId: "doNotBypass" }] }, { code: "$sceProvider.enabled(false)", - errors: [{ messageId: "doNotBypass" }], + errors: [{ messageId: "doNotBypass" }] }, { code: "$sceProvider.enabled(0)", - errors: [{ messageId: "doNotBypass" }], + errors: [{ messageId: "doNotBypass" }] }, { code: "$sceProvider.enabled(true != true)", - errors: [{ messageId: "doNotBypass" }], - }, - ], + errors: [{ messageId: "doNotBypass" }] + } + ] }); diff --git a/tests/lib/rules/no-angularjs-enable-svg.js b/tests/lib/rules/no-angularjs-enable-svg.js index 3bde880..ffc2922 100644 --- a/tests/lib/rules/no-angularjs-enable-svg.js +++ b/tests/lib/rules/no-angularjs-enable-svg.js @@ -14,16 +14,16 @@ ruleTester.run(ruleId, rule, { "$sanitizeProvider.enableSvg()", "$sanitizeProvider.enableSvg(false)", "$sanitizeProvider.enableSvg(0)", - "$sanitizeProvider.EnableSvg(0)", + "$sanitizeProvider.EnableSvg(0)" ], invalid: [ { code: "$sanitizeProvider.enableSvg(true)", - errors: [{ messageId: "doNotEnableSVG" }], + errors: [{ messageId: "doNotEnableSVG" }] }, { code: "$sanitizeProvider.enableSvg(1)", - errors: [{ messageId: "doNotEnableSVG" }], - }, - ], + errors: [{ messageId: "doNotEnableSVG" }] + } + ] }); diff --git a/tests/lib/rules/no-angularjs-sanitization-whitelist.js b/tests/lib/rules/no-angularjs-sanitization-whitelist.js index 0e4cd6e..728d342 100644 --- a/tests/lib/rules/no-angularjs-sanitization-whitelist.js +++ b/tests/lib/rules/no-angularjs-sanitization-whitelist.js @@ -12,7 +12,7 @@ ruleTester.run(ruleId, rule, { "aHrefSanitizationWhitelist('.*')", "x.aHrefSanitizationWhitelist('.*')", "$compileProvider.aHrefSanitizationWhitelist()", - "$compileProvider.AHrefSanitizationWhitelist('.*')", + "$compileProvider.AHrefSanitizationWhitelist('.*')" ], invalid: [ { @@ -23,9 +23,9 @@ ruleTester.run(ruleId, rule, { line: 1, endLine: 1, column: 1, - endColumn: 50, - }, - ], + endColumn: 50 + } + ] }, { code: "$compileProvider.imgSrcSanitizationWhitelist('.*');", @@ -35,9 +35,9 @@ ruleTester.run(ruleId, rule, { line: 1, endLine: 1, column: 1, - endColumn: 51, - }, - ], - }, - ], + endColumn: 51 + } + ] + } + ] }); diff --git a/tests/lib/rules/no-cookies.js b/tests/lib/rules/no-cookies.js index 0a7c5c8..581d0dc 100644 --- a/tests/lib/rules/no-cookies.js +++ b/tests/lib/rules/no-cookies.js @@ -39,25 +39,25 @@ function X() { } documentLikeAPIFunction().cookie = '...'; -`, - }, +` + } ], invalid: [ { code: "document.cookie = '...'", - errors: [{ messageId: "doNotUseCookies" }], + errors: [{ messageId: "doNotUseCookies" }] }, { code: "window.document.cookie = '...'", - errors: [{ messageId: "doNotUseCookies" }], + errors: [{ messageId: "doNotUseCookies" }] }, { code: "this.window.document.cookie = '...'", - errors: [{ messageId: "doNotUseCookies" }], + errors: [{ messageId: "doNotUseCookies" }] }, { code: "globalThis.window.document.cookie = '...'", - errors: [{ messageId: "doNotUseCookies" }], + errors: [{ messageId: "doNotUseCookies" }] }, { languageOptions: testUtils.tsLanguageOptions, @@ -67,7 +67,7 @@ function documentFunction(): Document { } documentFunction().cookie = '...'; `, - errors: [{ messageId: "doNotUseCookies" }], + errors: [{ messageId: "doNotUseCookies" }] }, { languageOptions: testUtils.tsLanguageOptions, @@ -78,7 +78,7 @@ namespace Sample { } } `, - errors: [{ messageId: "doNotUseCookies" }], - }, - ], + errors: [{ messageId: "doNotUseCookies" }] + } + ] }); diff --git a/tests/lib/rules/no-document-domain.js b/tests/lib/rules/no-document-domain.js index 8fe8747..b311f10 100644 --- a/tests/lib/rules/no-document-domain.js +++ b/tests/lib/rules/no-document-domain.js @@ -23,22 +23,22 @@ function main() { var document: DocumentLikeAPI = documentLikeAPIFunction(); document.domain = 'somevalue'; } - `, - }, + ` + } ], invalid: [ { languageOptions: testUtils.tsLanguageOptions, code: "var doc = window.document; doc.domain = 'somevalue';", - errors: [{ messageId: "default" }], + errors: [{ messageId: "default" }] }, { code: "document.domain = 'somevalue'", - errors: [{ messageId: "default" }], + errors: [{ messageId: "default" }] }, { code: "window.document.domain = 'somevalue'", - errors: [{ messageId: "default" }], + errors: [{ messageId: "default" }] }, { code: ` @@ -50,17 +50,17 @@ newWindow.document.domain = somevalue; errors: [ { line: 3, - messageId: "default", + messageId: "default" }, { line: 4, - messageId: "default", + messageId: "default" }, { line: 5, - messageId: "default", - }, - ], - }, - ], + messageId: "default" + } + ] + } + ] }); diff --git a/tests/lib/rules/no-document-write.js b/tests/lib/rules/no-document-write.js index 03ed9a4..ea59774 100644 --- a/tests/lib/rules/no-document-write.js +++ b/tests/lib/rules/no-document-write.js @@ -23,7 +23,7 @@ ruleTester.run(ruleId, rule, { writeln: () => {}, }; } - `, + ` }, { code: ` @@ -43,8 +43,8 @@ ruleTester.run(ruleId, rule, { document.write('', ''); document.writeln(); document.writeln('', ''); - `, - }, + ` + } ], invalid: [ { @@ -63,8 +63,8 @@ ruleTester.run(ruleId, rule, { { messageId: "default", line: 3 }, { messageId: "default", line: 4 }, { messageId: "default", line: 8 }, - { messageId: "default", line: 9 }, - ], + { messageId: "default", line: 9 } + ] }, { code: ` @@ -81,8 +81,8 @@ ruleTester.run(ruleId, rule, { { messageId: "default", line: 4 }, { messageId: "default", line: 5 }, { messageId: "default", line: 6 }, - { messageId: "default", line: 7 }, - ], - }, - ], + { messageId: "default", line: 7 } + ] + } + ] }); diff --git a/tests/lib/rules/no-electron-node-integration.js b/tests/lib/rules/no-electron-node-integration.js index 5e006c2..0ec719c 100644 --- a/tests/lib/rules/no-electron-node-integration.js +++ b/tests/lib/rules/no-electron-node-integration.js @@ -23,8 +23,8 @@ ruleTester.run(ruleId, rule, { nodeIntegration: false } }); - `, - }, + ` + } ], invalid: [ { @@ -40,8 +40,8 @@ ruleTester.run(ruleId, rule, { errors: [ { messageId: "default", line: 4 }, { messageId: "default", line: 5 }, - { messageId: "default", line: 6 }, - ], + { messageId: "default", line: 6 } + ] }, { code: ` @@ -56,8 +56,8 @@ ruleTester.run(ruleId, rule, { errors: [ { messageId: "default", line: 4 }, { messageId: "default", line: 5 }, - { messageId: "default", line: 6 }, - ], - }, - ], + { messageId: "default", line: 6 } + ] + } + ] }); diff --git a/tests/lib/rules/no-html-method.js b/tests/lib/rules/no-html-method.js index 4a5523e..b3214fb 100644 --- a/tests/lib/rules/no-html-method.js +++ b/tests/lib/rules/no-html-method.js @@ -14,16 +14,16 @@ ruleTester.run(ruleId, rule, { "test.html()", "test.html('','')", "element.html('');", - "element.html(null);", + "element.html(null);" ], invalid: [ { code: "$('p').html('XSS')", - errors: [{ messageId: "default", line: 1 }], + errors: [{ messageId: "default", line: 1 }] }, { code: "$(selector).html(sample_function())", - errors: [{ messageId: "default", line: 1 }], + errors: [{ messageId: "default", line: 1 }] }, { languageOptions: testUtils.es6LanguageOptions, @@ -31,7 +31,7 @@ ruleTester.run(ruleId, rule, { import $ from "jquery"; test.html('XSS'); `, - errors: [{ messageId: "default", line: 3 }], - }, - ], + errors: [{ messageId: "default", line: 3 }] + } + ] }); diff --git a/tests/lib/rules/no-inner-html.js b/tests/lib/rules/no-inner-html.js index 188e3fd..34bde71 100644 --- a/tests/lib/rules/no-inner-html.js +++ b/tests/lib/rules/no-inner-html.js @@ -29,8 +29,8 @@ ruleTester.run(ruleId, rule, { let test = new Test("test"); test.innerHTML = test; test.outerHTML = test; - `, - }, + ` + } ], invalid: [ // TypeScript with full type information @@ -45,8 +45,8 @@ ruleTester.run(ruleId, rule, { errors: [ { messageId: "noInnerHtml", line: 3 }, { messageId: "noInnerHtml", line: 4 }, - { messageId: "noInsertAdjacentHTML", line: 5 }, - ], + { messageId: "noInsertAdjacentHTML", line: 5 } + ] }, { code: ` @@ -55,8 +55,8 @@ ruleTester.run(ruleId, rule, { `, errors: [ { messageId: "noInnerHtml", line: 2 }, - { messageId: "noInnerHtml", line: 3 }, - ], + { messageId: "noInnerHtml", line: 3 } + ] }, { code: ` @@ -65,12 +65,12 @@ ruleTester.run(ruleId, rule, { `, errors: [ { messageId: "noInnerHtml", line: 2 }, - { messageId: "noInnerHtml", line: 3 }, - ], + { messageId: "noInnerHtml", line: 3 } + ] }, { code: "element.insertAdjacentHTML('beforebegin', 'foo')", - errors: [{ messageId: "noInsertAdjacentHTML", line: 1 }], - }, - ], + errors: [{ messageId: "noInsertAdjacentHTML", line: 1 }] + } + ] }); diff --git a/tests/lib/rules/no-insecure-random.js b/tests/lib/rules/no-insecure-random.js index 07535e6..bc1dbce 100644 --- a/tests/lib/rules/no-insecure-random.js +++ b/tests/lib/rules/no-insecure-random.js @@ -20,7 +20,7 @@ ruleTester.run(ruleId, rule, { Math.random; math.random(); random(); - `, + ` }, { code: ` @@ -30,7 +30,7 @@ ruleTester.run(ruleId, rule, { require('random-package'); require('random-float2'); require('random2-seed'); - `, + ` }, { languageOptions: testUtils.es6LanguageOptions, @@ -41,7 +41,7 @@ ruleTester.run(ruleId, rule, { import 'eslint'; import 'eslint-plugin-sdl'; import 'testing'; - `, + ` }, { code: ` @@ -49,7 +49,7 @@ ruleTester.run(ruleId, rule, { pseudoRandomBytes(); pseudoRandomByte(); cryptos.pseudoRondomBytes(); - `, + ` }, { languageOptions: testUtils.tsLanguageOptions, @@ -60,7 +60,7 @@ ruleTester.run(ruleId, rule, { Math.Random; Math.random; - `, + ` }, { languageOptions: testUtils.tsLanguageOptions, @@ -72,8 +72,8 @@ ruleTester.run(ruleId, rule, { pseudoRandomByte(); cryptos.pseudoRondomBytes(); cryptos.pseudoRondomBytes(); - `, - }, + ` + } ], invalid: [ { @@ -83,8 +83,8 @@ ruleTester.run(ruleId, rule, { `, errors: [ { messageId: "default", line: 2 }, - { messageId: "default", line: 3 }, - ], + { messageId: "default", line: 3 } + ] }, { languageOptions: testUtils.tsLanguageOptions, @@ -94,8 +94,8 @@ ruleTester.run(ruleId, rule, { `, errors: [ { messageId: "default", line: 2 }, - { messageId: "default", line: 3 }, - ], + { messageId: "default", line: 3 } + ] }, { languageOptions: testUtils.tsLanguageOptions, @@ -106,14 +106,14 @@ ruleTester.run(ruleId, rule, { notMath().random(); `, - errors: [{ messageId: "default", line: 6 }], + errors: [{ messageId: "default", line: 6 }] }, { languageOptions: testUtils.tsLanguageOptions, code: ` crypto.pseudoRandomBytes(); `, - errors: [{ messageId: "default", line: 2 }], + errors: [{ messageId: "default", line: 2 }] }, { languageOptions: testUtils.tsLanguageOptions, @@ -124,7 +124,7 @@ ruleTester.run(ruleId, rule, { notCrypto().pseudoRandomBytes(); `, - errors: [{ messageId: "default", line: 6 }], + errors: [{ messageId: "default", line: 6 }] }, { languageOptions: testUtils.es6LanguageOptions, @@ -142,8 +142,8 @@ ruleTester.run(ruleId, rule, { { messageId: "default", line: 4 }, { messageId: "default", line: 5 }, { messageId: "default", line: 6 }, - { messageId: "default", line: 7 }, - ], + { messageId: "default", line: 7 } + ] }, { languageOptions: testUtils.es6LanguageOptions, @@ -159,8 +159,8 @@ ruleTester.run(ruleId, rule, { { messageId: "default", line: 3 }, { messageId: "default", line: 4 }, { messageId: "default", line: 5 }, - { messageId: "default", line: 6 }, - ], + { messageId: "default", line: 6 } + ] }, { code: ` @@ -177,8 +177,8 @@ ruleTester.run(ruleId, rule, { { messageId: "default", line: 4 }, { messageId: "default", line: 5 }, { messageId: "default", line: 6 }, - { messageId: "default", line: 7 }, - ], - }, - ], + { messageId: "default", line: 7 } + ] + } + ] }); diff --git a/tests/lib/rules/no-insecure-url.js b/tests/lib/rules/no-insecure-url.js index f8ac24e..6598479 100644 --- a/tests/lib/rules/no-insecure-url.js +++ b/tests/lib/rules/no-insecure-url.js @@ -21,7 +21,7 @@ ruleTester.run(ruleId, rule, { code: ` var x = 'https://www.example.com' var y = 'ftps://www.example.com' - `, + ` }, { // should allow https,ftps template strings in variables @@ -29,7 +29,7 @@ ruleTester.run(ruleId, rule, { var x = \`https://www.template-examples.com\` var y = \`ftps://www.template-file-examples.com\` `, - languageOptions: testUtils.es6LanguageOptions, + languageOptions: testUtils.es6LanguageOptions }, { // should allow https,ftps multipart template strings in variables @@ -37,11 +37,11 @@ ruleTester.run(ruleId, rule, { var x = \`https://www.\${multipartExample}.com\` var y = \`ftps://www.\${multipartExample}.com\` `, - languageOptions: testUtils.es6LanguageOptions, + languageOptions: testUtils.es6LanguageOptions }, { // should allow http,ftp in middle of string - code: "var x = 'The protocol may be http://, https://, ftp:// or ftps://'", + code: "var x = 'The protocol may be http://, https://, ftp:// or ftps://'" }, { // should allow https,ftps strings in default values @@ -49,7 +49,7 @@ ruleTester.run(ruleId, rule, { function f(x : string = 'https://www.example.com') {} function f(y : string = 'ftps://www.example.com') {} `, - languageOptions: testUtils.tsLanguageOptions, + languageOptions: testUtils.tsLanguageOptions }, { // should allow user-provided exceptions matches, regardless of upper/lower-case @@ -64,10 +64,10 @@ ruleTester.run(ruleId, rule, { exceptions: [ "HTTP://www.allow-example.com/?.*", "FtP://www.allow-file-example.com", - "LdaP://www.allow-ldap-example.com", - ], - }, - ], + "LdaP://www.allow-ldap-example.com" + ] + } + ] }, { // should allow user-provided exceptions for variable name matches, regardless of upper/lower-case @@ -77,9 +77,9 @@ ruleTester.run(ruleId, rule, { `, options: [ { - varExceptions: ["insecure?.*"], - }, - ], + varExceptions: ["insecure?.*"] + } + ] }, { // should allow xml namespaces, as they are not accessed by the browser @@ -91,22 +91,22 @@ ruleTester.run(ruleId, rule, { ); }; `, - languageOptions: testUtils.tsReactLanguageOptions, + languageOptions: testUtils.tsReactLanguageOptions }, { // should allow localhost code: ` var x = "http://localhost/test"; var y = "http://localhost"; - `, + ` }, { // should allow xml namespaces for XHTML and SVG even if outside of jsx xmlns attribute code: ` var x = "http://www.w3.org/1999/xhtml"; var y = "http://www.w3.org/2000/svg"; - `, - }, + ` + } ], invalid: [ { @@ -127,8 +127,8 @@ ruleTester.run(ruleId, rule, { { messageId: "doNotUseInsecureUrl", line: 2 }, { messageId: "doNotUseInsecureUrl", line: 3 }, { messageId: "doNotUseInsecureUrl", line: 4 }, - { messageId: "doNotUseInsecureUrl", line: 5 }, - ], + { messageId: "doNotUseInsecureUrl", line: 5 } + ] }, { // should ban http,ftp template strings in variables @@ -148,9 +148,9 @@ ruleTester.run(ruleId, rule, { { messageId: "doNotUseInsecureUrl", line: 2 }, { messageId: "doNotUseInsecureUrl", line: 3 }, { messageId: "doNotUseInsecureUrl", line: 4 }, - { messageId: "doNotUseInsecureUrl", line: 5 }, + { messageId: "doNotUseInsecureUrl", line: 5 } ], - languageOptions: testUtils.es6LanguageOptions, + languageOptions: testUtils.es6LanguageOptions }, { // should ban http,ftp multipart template strings in variables @@ -164,9 +164,9 @@ ruleTester.run(ruleId, rule, { `, errors: [ { messageId: "doNotUseInsecureUrl", line: 2 }, - { messageId: "doNotUseInsecureUrl", line: 3 }, + { messageId: "doNotUseInsecureUrl", line: 3 } ], - languageOptions: testUtils.es6LanguageOptions, + languageOptions: testUtils.es6LanguageOptions }, { // should ban http,ftp strings in default values @@ -180,9 +180,9 @@ ruleTester.run(ruleId, rule, { `, errors: [ { messageId: "doNotUseInsecureUrl", line: 2 }, - { messageId: "doNotUseInsecureUrl", line: 3 }, + { messageId: "doNotUseInsecureUrl", line: 3 } ], - languageOptions: testUtils.tsLanguageOptions, + languageOptions: testUtils.tsLanguageOptions }, { // should ban user-provided blacklist matches, regardless of upper/lower-case @@ -202,17 +202,17 @@ ruleTester.run(ruleId, rule, { { messageId: "doNotUseInsecureUrl", line: 2 }, { messageId: "doNotUseInsecureUrl", line: 3 }, { messageId: "doNotUseInsecureUrl", line: 4 }, - { messageId: "doNotUseInsecureUrl", line: 5 }, + { messageId: "doNotUseInsecureUrl", line: 5 } ], options: [ { blocklist: [ "htTp://www.ban-example.com/?.*", "fTp://www.ban-file-example.com/?.*", - "lDAp://www.ban-ldap-example.com/?.*", - ], - }, - ], + "lDAp://www.ban-ldap-example.com/?.*" + ] + } + ] }, { // should ban any other xml attribute with urls in them @@ -233,13 +233,13 @@ ruleTester.run(ruleId, rule, { }; `, errors: [{ messageId: "doNotUseInsecureUrl", line: 4 }], - languageOptions: testUtils.tsReactLanguageOptions, + languageOptions: testUtils.tsReactLanguageOptions }, { // should escape the url string correctly code: `var a1 = "http://moz\ti\tlla.org";`, output: `var a1 = "https://moz\\ti\\tlla.org";`, - errors: [{ messageId: "doNotUseInsecureUrl", line: 1 }], + errors: [{ messageId: "doNotUseInsecureUrl", line: 1 }] }, { // should fix url in `` correctly @@ -247,7 +247,7 @@ ruleTester.run(ruleId, rule, { output: "var x1 = `https://foo${multipartExample} http://${multipartExample}.com`;", errors: [{ messageId: "doNotUseInsecureUrl", line: 1 }], - languageOptions: testUtils.es6LanguageOptions, + languageOptions: testUtils.es6LanguageOptions }, { // should escape the string and fix it properly in `` @@ -255,7 +255,7 @@ ruleTester.run(ruleId, rule, { output: `var a1 = \`https://moz\\ti\\tlla.org\`;`, errors: [{ messageId: "doNotUseInsecureUrl", line: 1 }], - languageOptions: testUtils.es6LanguageOptions, - }, - ], + languageOptions: testUtils.es6LanguageOptions + } + ] }); diff --git a/tests/lib/rules/no-msapp-exec-unsafe.js b/tests/lib/rules/no-msapp-exec-unsafe.js index 5389c9a..169ae27 100644 --- a/tests/lib/rules/no-msapp-exec-unsafe.js +++ b/tests/lib/rules/no-msapp-exec-unsafe.js @@ -13,7 +13,7 @@ ruleTester.run(ruleId, rule, { invalid: [ { code: "MSApp.execUnsafeLocalFunction(testfunc)", - errors: [{ messageId: "default", line: 1, type: "CallExpression" }], - }, - ], + errors: [{ messageId: "default", line: 1, type: "CallExpression" }] + } + ] }); diff --git a/tests/lib/rules/no-postmessage-star-origin.js b/tests/lib/rules/no-postmessage-star-origin.js index 0794681..91df84f 100644 --- a/tests/lib/rules/no-postmessage-star-origin.js +++ b/tests/lib/rules/no-postmessage-star-origin.js @@ -27,8 +27,8 @@ function main() { var w: WindowLike = new WindowLike(); w.postMessage('test', '*'); } - `, - }, + ` + } ], invalid: [ { @@ -38,8 +38,8 @@ function main() { `, errors: [ { messageId: "default", line: 2 }, - { messageId: "default", line: 3 }, - ], + { messageId: "default", line: 3 } + ] }, { languageOptions: testUtils.tsLanguageOptions, @@ -50,8 +50,8 @@ function main() { `, errors: [ { messageId: "default", line: 2 }, - { messageId: "default", line: 4 }, - ], - }, - ], + { messageId: "default", line: 4 } + ] + } + ] }); diff --git a/tests/lib/rules/no-unsafe-alloc.js b/tests/lib/rules/no-unsafe-alloc.js index 4384c5e..fd17c3e 100644 --- a/tests/lib/rules/no-unsafe-alloc.js +++ b/tests/lib/rules/no-unsafe-alloc.js @@ -18,8 +18,8 @@ ruleTester.run(ruleId, rule, { `, errors: [ { messageId: "default", line: 2 }, - { messageId: "default", line: 3 }, - ], - }, - ], + { messageId: "default", line: 3 } + ] + } + ] }); diff --git a/tests/lib/rules/no-winjs-html-unsafe.js b/tests/lib/rules/no-winjs-html-unsafe.js index 62e1608..6a33bcb 100644 --- a/tests/lib/rules/no-winjs-html-unsafe.js +++ b/tests/lib/rules/no-winjs-html-unsafe.js @@ -20,8 +20,8 @@ ruleTester.run(ruleId, rule, { errors: [ { messageId: "default", line: 2, type: "CallExpression" }, { messageId: "default", line: 3, type: "CallExpression" }, - { messageId: "default", line: 4, type: "CallExpression" }, - ], - }, - ], + { messageId: "default", line: 4, type: "CallExpression" } + ] + } + ] }); diff --git a/tests/lib/rules/react-iframe-missing-sandbox.js b/tests/lib/rules/react-iframe-missing-sandbox.js index 2c07cde..1844682 100644 --- a/tests/lib/rules/react-iframe-missing-sandbox.js +++ b/tests/lib/rules/react-iframe-missing-sandbox.js @@ -14,10 +14,10 @@ var ruleTester = new RuleTester({ ecmaVersion: 2018, sourceType: "module", ecmaFeatures: { - jsx: true, - }, - }, - }, + jsx: true + } + } + } }); ruleTester.run(ruleId, rule, { @@ -38,48 +38,48 @@ ruleTester.run(ruleId, rule, { { code: '' }, { code: '' }, { - code: '', + code: '' }, { code: '' }, { - code: '', - }, + code: '' + } ], invalid: [ { code: ";", - errors: [{ messageId: "attributeMissing" }], + errors: [{ messageId: "attributeMissing" }] }, { code: "', - errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }], + errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }] }, { code: ';', - errors: [{ messageId: "invalidCombination" }], + errors: [{ messageId: "invalidCombination" }] }, { code: '