microsoft
/
eslint-plugin-sdl
зеркало из https://github.com/microsoft/eslint-plugin-sdl.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Do not allow trailing commas in code style

This commit is contained in:
Martin Kačmar 2024-10-01 15:30:42 +02:00
Родитель b575f2856b
Коммит 5974046e6f
48 изменённых файлов: 405 добавлений и 404 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
.prettierrc
Просмотреть файл

@ -1,3 +1,4 @@
{ {
"printWidth": 100 "printWidth": 100,
"trailingComma": "none"
} }

6
README.md
Просмотреть файл

@ -39,9 +39,9 @@ module.exports = [
{ {
rules: { rules: {
"no-eval": "error", "no-eval": "error",
"@microsoft/sdl/no-inner-html": "error", "@microsoft/sdl/no-inner-html": "error"
}, }
}, }
]; ];
``` ```

8
config/angular.js поставляемый
Просмотреть файл

@ -8,11 +8,11 @@ module.exports = (pluginSdl) => {
return [ return [
{ {
plugins: { plugins: {
"@microsoft/sdl": pluginSdl, "@microsoft/sdl": pluginSdl
}, },
rules: { rules: {
"@microsoft/sdl/no-angular-bypass-sanitizer": "error", "@microsoft/sdl/no-angular-bypass-sanitizer": "error"
}, }
}, }
]; ];
}; };

8
config/angularjs.js поставляемый
Просмотреть файл

@ -8,13 +8,13 @@ module.exports = (pluginSdl) => {
return [ return [
{ {
plugins: { plugins: {
"@microsoft/sdl": pluginSdl, "@microsoft/sdl": pluginSdl
}, },
rules: { rules: {
"@microsoft/sdl/no-angularjs-enable-svg": "error", "@microsoft/sdl/no-angularjs-enable-svg": "error",
"@microsoft/sdl/no-angularjs-sanitization-whitelist": "error", "@microsoft/sdl/no-angularjs-sanitization-whitelist": "error",
"@microsoft/sdl/no-angularjs-bypass-sce": "error", "@microsoft/sdl/no-angularjs-bypass-sce": "error"
}, }
}, }
]; ];
}; };

8
config/common.js
Просмотреть файл

@ -7,7 +7,7 @@ module.exports = (pluginSdl) => {
return [ return [
{ {
plugins: { plugins: {
"@microsoft/sdl": pluginSdl, "@microsoft/sdl": pluginSdl
}, },
rules: { rules: {
"no-caller": "error", "no-caller": "error",
@ -23,8 +23,8 @@ module.exports = (pluginSdl) => {
"@microsoft/sdl/no-insecure-url": "error", "@microsoft/sdl/no-insecure-url": "error",
"@microsoft/sdl/no-msapp-exec-unsafe": "error", "@microsoft/sdl/no-msapp-exec-unsafe": "error",
"@microsoft/sdl/no-postmessage-star-origin": "error", "@microsoft/sdl/no-postmessage-star-origin": "error",
"@microsoft/sdl/no-winjs-html-unsafe": "error", "@microsoft/sdl/no-winjs-html-unsafe": "error"
}, }
}, }
]; ];
}; };

8
config/electron.js
Просмотреть файл

@ -7,11 +7,11 @@ module.exports = (pluginSdl) => {
return [ return [
{ {
plugins: { plugins: {
"@microsoft/sdl": pluginSdl, "@microsoft/sdl": pluginSdl
}, },
rules: { rules: {
"@microsoft/sdl/no-electron-node-integration": "error", "@microsoft/sdl/no-electron-node-integration": "error"
}, }
}, }
]; ];
}; };

14
config/node.js
Просмотреть файл

@ -9,19 +9,19 @@ module.exports = (pluginSdl) => {
return [ return [
{ {
plugins: { plugins: {
n: pluginN, n: pluginN
}, },
rules: { rules: {
"n/no-deprecated-api": "error", "n/no-deprecated-api": "error"
}, }
}, },
{ {
plugins: { plugins: {
"@microsoft/sdl": pluginSdl, "@microsoft/sdl": pluginSdl
}, },
rules: { rules: {
"@microsoft/sdl/no-unsafe-alloc": "error", "@microsoft/sdl/no-unsafe-alloc": "error"
}, }
}, }
]; ];
}; };

26
config/react.js поставляемый
Просмотреть файл

@ -11,14 +11,14 @@ module.exports = (pluginSdl) => {
languageOptions: { languageOptions: {
parserOptions: { parserOptions: {
ecmaFeatures: { ecmaFeatures: {
jsx: true, jsx: true
}, }
}, }
}, }
}, },
{ {
plugins: { plugins: {
react: pluginReact, react: pluginReact
}, },
rules: { rules: {
"react/no-danger": "error", "react/no-danger": "error",
@ -27,18 +27,18 @@ module.exports = (pluginSdl) => {
{ {
allowReferrer: false, allowReferrer: false,
enforceDynamicLinks: "always", enforceDynamicLinks: "always",
warnOnSpreadAttributes: true, warnOnSpreadAttributes: true
}, }
], ]
}, }
}, },
{ {
plugins: { plugins: {
"@microsoft/sdl": pluginSdl, "@microsoft/sdl": pluginSdl
}, },
rules: { rules: {
"@microsoft/sdl/react-iframe-missing-sandbox": "error", "@microsoft/sdl/react-iframe-missing-sandbox": "error"
}, }
}, }
]; ];
}; };

20
config/typescript.js
Просмотреть файл

@ -13,28 +13,28 @@ module.exports = () => {
ecmaVersion: 6, ecmaVersion: 6,
sourceType: "module", sourceType: "module",
ecmaFeatures: { ecmaFeatures: {
jsx: true, jsx: true
}, }
}, }
}, }
}, },
{ {
files: ["**/*.{ts,tsx}"], files: ["**/*.{ts,tsx}"],
languageOptions: { languageOptions: {
parserOptions: { parserOptions: {
parser: "@typescript-eslint/parser", parser: "@typescript-eslint/parser"
}, }
}, },
plugins: { plugins: {
"@typescript-eslint": pluginTypescript, "@typescript-eslint": pluginTypescript
}, },
rules: { rules: {
"@typescript-eslint/no-implied-eval": "error", "@typescript-eslint/no-implied-eval": "error",
// @typescript-eslint/no-implied-eval offers more accurate results for typescript. // @typescript-eslint/no-implied-eval offers more accurate results for typescript.
// thus we turn the more generic rule off for ts and tsx files. // thus we turn the more generic rule off for ts and tsx files.
// This also avoids duplicate hits. // This also avoids duplicate hits.
"no-implied-eval": "off", "no-implied-eval": "off"
}, }
}, }
]; ];
}; };

2
lib/ast-utils.js
Просмотреть файл

@ -65,5 +65,5 @@ module.exports = {
); );
} }
return false; return false;
}, }
}; };

14
lib/index.js
Просмотреть файл

@ -11,7 +11,7 @@ const pkg = require(path.join("..", "package.json"));
const plugin = { const plugin = {
meta: { meta: {
name: pkg.name, name: pkg.name,
version: pkg.version, version: pkg.version
}, },
rules: { rules: {
"no-angular-bypass-sanitizer": require("./rules/no-angular-bypass-sanitizer"), "no-angular-bypass-sanitizer": require("./rules/no-angular-bypass-sanitizer"),
@ -31,10 +31,10 @@ const plugin = {
"no-postmessage-star-origin": require("./rules/no-postmessage-star-origin"), "no-postmessage-star-origin": require("./rules/no-postmessage-star-origin"),
"no-unsafe-alloc": require("./rules/no-unsafe-alloc"), "no-unsafe-alloc": require("./rules/no-unsafe-alloc"),
"no-winjs-html-unsafe": require("./rules/no-winjs-html-unsafe"), "no-winjs-html-unsafe": require("./rules/no-winjs-html-unsafe"),
"react-iframe-missing-sandbox": require("./rules/react-iframe-missing-sandbox"), "react-iframe-missing-sandbox": require("./rules/react-iframe-missing-sandbox")
}, },
// Filled in later in order to reference plugin itself. // Filled in later in order to reference plugin itself.
configs: {}, configs: {}
}; };
plugin.configs["angular"] = require("../config/angular")(plugin); plugin.configs["angular"] = require("../config/angular")(plugin);
@ -51,7 +51,7 @@ plugin.configs["required"] = [
...plugin.configs["common"], ...plugin.configs["common"],
...plugin.configs["electron"], ...plugin.configs["electron"],
...plugin.configs["node"], ...plugin.configs["node"],
...plugin.configs["react"], ...plugin.configs["react"]
]; ];
plugin.configs["recommended"] = [ plugin.configs["recommended"] = [
@ -59,9 +59,9 @@ plugin.configs["recommended"] = [
...plugin.configs["typescript"], ...plugin.configs["typescript"],
{ {
plugins: { plugins: {
security: pluginSecurity, security: pluginSecurity
}, }
}, }
]; ];
module.exports = plugin; module.exports = plugin;

14
lib/rules/no-angular-bypass-sanitizer.js
Просмотреть файл

@ -17,22 +17,22 @@ module.exports = {
category: "Security", category: "Security",
description: description:
"Calls to bypassSecurityTrustHtml, bypassSecurityTrustScript and similar methods bypass DomSanitizer in Angular and need to be reviewed.", "Calls to bypassSecurityTrustHtml, bypassSecurityTrustScript and similar methods bypass DomSanitizer in Angular and need to be reviewed.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angular-bypass-sanitizer.md", url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angular-bypass-sanitizer.md"
}, },
messages: { messages: {
noBypass: "Do not bypass Angular's built-in sanitizer", noBypass: "Do not bypass Angular's built-in sanitizer"
}, }
}, },
create: function (context) { create: function (context) {
return { return {
"CallExpression[arguments!=''][callee.property.name=/bypassSecurityTrust(Html|ResourceUrl|Script|Style|Url)/]"( "CallExpression[arguments!=''][callee.property.name=/bypassSecurityTrust(Html|ResourceUrl|Script|Style|Url)/]"(
node, node
) { ) {
context.report({ context.report({
node: node, node: node,
messageId: "noBypass", messageId: "noBypass"
}); });
}, }
}; };
}, }
}; };

14
lib/rules/no-angular-sanitization-trusted-urls.js
Просмотреть файл

@ -17,22 +17,22 @@ module.exports = {
category: "Security", category: "Security",
description: description:
"Calls to [`$compileProvider.aHrefSanitizationTrustedUrlList`](https://docs.angularjs.org/api/ng/provider/$compileProvider#aHrefSanitizationTrustedUrlList) configure allowed Url list in AngularJS sanitizer and need to be reviewed.", "Calls to [`$compileProvider.aHrefSanitizationTrustedUrlList`](https://docs.angularjs.org/api/ng/provider/$compileProvider#aHrefSanitizationTrustedUrlList) configure allowed Url list in AngularJS sanitizer and need to be reviewed.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angular-sanitization-trusted-urls.md", url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angular-sanitization-trusted-urls.md"
}, },
messages: { messages: {
noSanitizationTrustedUrls: "Do not modify the trusted Urls list in AngularJS", noSanitizationTrustedUrls: "Do not modify the trusted Urls list in AngularJS"
}, }
}, },
create: function (context) { create: function (context) {
return { return {
"CallExpression[arguments!=''][callee.object.name='$compileProvider'][callee.property.name=/(aHref|imgSrc)SanitizationTrustedUrlList/]"( "CallExpression[arguments!=''][callee.object.name='$compileProvider'][callee.property.name=/(aHref|imgSrc)SanitizationTrustedUrlList/]"(
node, node
) { ) {
context.report({ context.report({
node: node, node: node,
messageId: "noSanitizationTrustedUrls", messageId: "noSanitizationTrustedUrls"
}); });
}, }
}; };
}, }
}; };

16
lib/rules/no-angularjs-bypass-sce.js
Просмотреть файл

@ -17,23 +17,23 @@ module.exports = {
category: "Security", category: "Security",
description: description:
"Calls to $sceProvider.enabled(false), $sceDelegate.trustAs(), $sce.trustAs() and relevant shorthand methods (e.g. trustAsHtml or trustAsJs) bypass Strict Contextual Escaping (SCE) in AngularJS and need to be reviewed.", "Calls to $sceProvider.enabled(false), $sceDelegate.trustAs(), $sce.trustAs() and relevant shorthand methods (e.g. trustAsHtml or trustAsJs) bypass Strict Contextual Escaping (SCE) in AngularJS and need to be reviewed.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-bypass-sce.md", url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-bypass-sce.md"
}, },
messages: { messages: {
doNotBypass: "Do not bypass Strict Contextual Escaping (SCE) in AngularJS", doNotBypass: "Do not bypass Strict Contextual Escaping (SCE) in AngularJS"
}, }
}, },
create: function (context) { create: function (context) {
function reportIt(node) { function reportIt(node) {
context.report({ context.report({
node: node, node: node,
messageId: "doNotBypass", messageId: "doNotBypass"
}); });
} }
return { return {
"CallExpression[arguments!=''][callee.object.name='$sceProvider'][callee.property.name='enabled']"( "CallExpression[arguments!=''][callee.object.name='$sceProvider'][callee.property.name='enabled']"(
node, node
) { ) {
// Known false positives // Known false positives
if ( if (
@ -48,7 +48,7 @@ module.exports = {
"CallExpression[arguments!=''][callee.object.name='$sceDelegate'][callee.property.name='trustAs']": "CallExpression[arguments!=''][callee.object.name='$sceDelegate'][callee.property.name='trustAs']":
reportIt, reportIt,
"CallExpression[arguments!=''][callee.object.name='$sce'][callee.property.name=/trustAs(Css|Html|Js|ResourceUrl|Url)?/]"( "CallExpression[arguments!=''][callee.object.name='$sce'][callee.property.name=/trustAs(Css|Html|Js|ResourceUrl|Url)?/]"(
node, node
) { ) {
// Known false positives // Known false positives
if ( if (
@ -61,9 +61,9 @@ module.exports = {
} }
return reportIt(node); return reportIt(node);
}, }
}; };
}, }
}; };
// TODO: Review https://docs.angularjs.org/api/ng/provider/$sceDelegateProvider#resourceUrlWhitelist and https://docs.angularjs.org/api/ng/provider/$sceDelegateProvider#resourceUrlBlacklist // TODO: Review https://docs.angularjs.org/api/ng/provider/$sceDelegateProvider#resourceUrlWhitelist and https://docs.angularjs.org/api/ng/provider/$sceDelegateProvider#resourceUrlBlacklist

14
lib/rules/no-angularjs-enable-svg.js
Просмотреть файл

@ -17,16 +17,16 @@ module.exports = {
category: "Security", category: "Security",
description: description:
"Calls to $sanitizeProvider.enableSvg(true) increase attack surface of the application by enabling SVG support in AngularJS sanitizer and need to be reviewed.", "Calls to $sanitizeProvider.enableSvg(true) increase attack surface of the application by enabling SVG support in AngularJS sanitizer and need to be reviewed.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-enable-svg.md", url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-enable-svg.md"
}, },
messages: { messages: {
doNotEnableSVG: "Do not enable SVG support in AngularJS", doNotEnableSVG: "Do not enable SVG support in AngularJS"
}, }
}, },
create: function (context) { create: function (context) {
return { return {
"CallExpression[callee.object.name='$sanitizeProvider'][callee.property.name='enableSvg']"( "CallExpression[callee.object.name='$sanitizeProvider'][callee.property.name='enableSvg']"(
node, node
) { ) {
// Known false positives // Known false positives
if ( if (
@ -38,11 +38,11 @@ module.exports = {
} }
context.report({ context.report({
node: node, node: node,
messageId: "doNotEnableSVG", messageId: "doNotEnableSVG"
}); });
}, }
}; };
}, }
}; };
// TODO: Add rules for $sanitizeProvider.addValidElements() and $sanitizeProvider.addValidAttrs() // TODO: Add rules for $sanitizeProvider.addValidElements() and $sanitizeProvider.addValidAttrs()

14
lib/rules/no-angularjs-sanitization-whitelist.js
Просмотреть файл

@ -17,22 +17,22 @@ module.exports = {
category: "Security", category: "Security",
description: description:
"Calls to [`$compileProvider.aHrefSanitizationWhitelist`](https://docs.angularjs.org/api/ng/provider/$compileProvider#aHrefSanitizationWhitelist) or [`$compileProvider.imgSrcSanitizationWhitelist`](https://docs.angularjs.org/api/ng/provider/$compileProvider#imgSrcSanitizationWhitelist) configure whitelists in AngularJS sanitizer and need to be reviewed.", "Calls to [`$compileProvider.aHrefSanitizationWhitelist`](https://docs.angularjs.org/api/ng/provider/$compileProvider#aHrefSanitizationWhitelist) or [`$compileProvider.imgSrcSanitizationWhitelist`](https://docs.angularjs.org/api/ng/provider/$compileProvider#imgSrcSanitizationWhitelist) configure whitelists in AngularJS sanitizer and need to be reviewed.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-sanitization-whitelist.md", url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-angularjs-sanitization-whitelist.md"
}, },
messages: { messages: {
noSanitizationWhitelist: "Do not modify sanitization whitelist in AngularJS", noSanitizationWhitelist: "Do not modify sanitization whitelist in AngularJS"
}, }
}, },
create: function (context) { create: function (context) {
return { return {
"CallExpression[arguments!=''][callee.object.name='$compileProvider'][callee.property.name=/(aHref|imgSrc)SanitizationWhitelist/]"( "CallExpression[arguments!=''][callee.object.name='$compileProvider'][callee.property.name=/(aHref|imgSrc)SanitizationWhitelist/]"(
node, node
) { ) {
context.report({ context.report({
node: node, node: node,
messageId: "noSanitizationWhitelist", messageId: "noSanitizationWhitelist"
}); });
}, }
}; };
}, }
}; };

12
lib/rules/no-cookies.js
Просмотреть файл

@ -19,11 +19,11 @@ module.exports = {
category: "Security", category: "Security",
description: description:
"HTTP cookies are an old client-side storage mechanism with inherent risks and limitations. Use Web Storage, IndexedDB or other more modern methods instead.", "HTTP cookies are an old client-side storage mechanism with inherent risks and limitations. Use Web Storage, IndexedDB or other more modern methods instead.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-cookies.md", url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-cookies.md"
}, },
messages: { messages: {
doNotUseCookies: "Do not use HTTP cookies in modern applications", doNotUseCookies: "Do not use HTTP cookies in modern applications"
}, }
}, },
create: function (context) { create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context); const fullTypeChecker = astUtils.getFullTypeChecker(context);
@ -32,10 +32,10 @@ module.exports = {
if (astUtils.isDocumentObject(node.object, context, fullTypeChecker)) { if (astUtils.isDocumentObject(node.object, context, fullTypeChecker)) {
context.report({ context.report({
node: node, node: node,
messageId: "doNotUseCookies", messageId: "doNotUseCookies"
}); });
} }
}, }
}; };
}, }
}; };

12
lib/rules/no-document-domain.js
Просмотреть файл

@ -19,11 +19,11 @@ module.exports = {
category: "Security", category: "Security",
description: description:
"Writes to [`document.domain`](https://developer.mozilla.org/en-US/docs/Web/API/Document/domain) property must be reviewed to avoid bypass of [same-origin checks](https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy#Changing_origin). Usage of top level domains such as `azurewebsites.net` is strictly prohibited.", "Writes to [`document.domain`](https://developer.mozilla.org/en-US/docs/Web/API/Document/domain) property must be reviewed to avoid bypass of [same-origin checks](https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy#Changing_origin). Usage of top level domains such as `azurewebsites.net` is strictly prohibited.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-document-domain.md", url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-document-domain.md"
}, },
messages: { messages: {
default: "Do not write to document.domain property", default: "Do not write to document.domain property"
}, }
}, },
create: function (context) { create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context); const fullTypeChecker = astUtils.getFullTypeChecker(context);
@ -32,10 +32,10 @@ module.exports = {
if (astUtils.isDocumentObject(node.left.object, context, fullTypeChecker)) { if (astUtils.isDocumentObject(node.left.object, context, fullTypeChecker)) {
context.report({ context.report({
node: node, node: node,
messageId: "default", messageId: "default"
}); });
} }
}, }
}; };
}, }
}; };

12
lib/rules/no-document-write.js
Просмотреть файл

@ -19,11 +19,11 @@ module.exports = {
category: "Security", category: "Security",
description: description:
"Calls to document.write or document.writeln manipulate DOM directly without any sanitization and should be avoided. Use document.createElement() or similar methods instead.", "Calls to document.write or document.writeln manipulate DOM directly without any sanitization and should be avoided. Use document.createElement() or similar methods instead.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-document-write.md", url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-document-write.md"
}, },
messages: { messages: {
default: "Do not write to DOM directly using document.write or document.writeln methods", default: "Do not write to DOM directly using document.write or document.writeln methods"
}, }
}, },
create: function (context) { create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context); const fullTypeChecker = astUtils.getFullTypeChecker(context);
@ -32,10 +32,10 @@ module.exports = {
if (astUtils.isDocumentObject(node.callee.object, context, fullTypeChecker)) { if (astUtils.isDocumentObject(node.callee.object, context, fullTypeChecker)) {
context.report({ context.report({
node: node, node: node,
messageId: "default", messageId: "default"
}); });
} }
}, }
}; };
}, }
}; };

14
lib/rules/no-electron-node-integration.js
Просмотреть файл

@ -16,22 +16,22 @@ module.exports = {
category: "Security", category: "Security",
description: description:
"[Node.js Integration](https://www.electronjs.org/docs/tutorial/security#2-do-not-enable-nodejs-integration-for-remote-content) must not be enabled in any renderer that loads remote content to avoid remote code execution attacks.", "[Node.js Integration](https://www.electronjs.org/docs/tutorial/security#2-do-not-enable-nodejs-integration-for-remote-content) must not be enabled in any renderer that loads remote content to avoid remote code execution attacks.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-electron-node-integration.md", url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-electron-node-integration.md"
}, },
messages: { messages: {
default: "Do not enable Node.js Integration for Remote Content", default: "Do not enable Node.js Integration for Remote Content"
}, }
}, },
create: function (context) { create: function (context) {
return { return {
"NewExpression[callee.name=/BrowserWindow|BrowserView/] > ObjectExpression.arguments > Property.properties[key.name=webPreferences] > ObjectExpression.value > Property.properties[key.name=/nodeIntegration|nodeIntegrationInWorker|nodeIntegrationInSubFrames/][value.value='true']"( "NewExpression[callee.name=/BrowserWindow|BrowserView/] > ObjectExpression.arguments > Property.properties[key.name=webPreferences] > ObjectExpression.value > Property.properties[key.name=/nodeIntegration|nodeIntegrationInWorker|nodeIntegrationInSubFrames/][value.value='true']"(
node, node
) { ) {
context.report({ context.report({
node: node, node: node,
messageId: "default", messageId: "default"
}); });
}, }
}; };
}, }
}; };

12
lib/rules/no-html-method.js
Просмотреть файл

@ -18,11 +18,11 @@ module.exports = {
docs: { docs: {
description: description:
"Direct calls to method `html()` often (e.g. in jQuery framework) manipulate DOM without any sanitization and should be avoided. Use document.createElement() or similar methods instead.", "Direct calls to method `html()` often (e.g. in jQuery framework) manipulate DOM without any sanitization and should be avoided. Use document.createElement() or similar methods instead.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-html-method.md", url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-html-method.md"
}, },
messages: { messages: {
default: "Do not write to DOM directly using jQuery html() method", default: "Do not write to DOM directly using jQuery html() method"
}, }
}, },
create: function (context) { create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context); const fullTypeChecker = astUtils.getFullTypeChecker(context);
@ -42,9 +42,9 @@ module.exports = {
} }
context.report({ context.report({
node: node, node: node,
messageId: "default", messageId: "default"
}); });
}, }
}; };
}, }
}; };

18
lib/rules/no-inner-html.js
Просмотреть файл

@ -18,12 +18,12 @@ module.exports = {
docs: { docs: {
description: description:
"Assignments to [innerHTML](https://developer.mozilla.org/en-US/docs/Web/API/Element/innerHTML)/[outerHTML](https://developer.mozilla.org/en-US/docs/Web/API/Element/outerHTML) properties or calls to [insertAdjacentHTML](https://developer.mozilla.org/en-US/docs/Web/API/Element/insertAdjacentHTML) method manipulate DOM directly without any sanitization and should be avoided. Use document.createElement() or similar methods instead.", "Assignments to [innerHTML](https://developer.mozilla.org/en-US/docs/Web/API/Element/innerHTML)/[outerHTML](https://developer.mozilla.org/en-US/docs/Web/API/Element/outerHTML) properties or calls to [insertAdjacentHTML](https://developer.mozilla.org/en-US/docs/Web/API/Element/insertAdjacentHTML) method manipulate DOM directly without any sanitization and should be avoided. Use document.createElement() or similar methods instead.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-inner-html.md", url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-inner-html.md"
}, },
messages: { messages: {
noInnerHtml: "Do not write to DOM directly using innerHTML/outerHTML property", noInnerHtml: "Do not write to DOM directly using innerHTML/outerHTML property",
noInsertAdjacentHTML: "Do not write to DOM using insertAdjacentHTML method", noInsertAdjacentHTML: "Do not write to DOM using insertAdjacentHTML method"
}, }
}, },
create: function (context) { create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context); const fullTypeChecker = astUtils.getFullTypeChecker(context);
@ -35,7 +35,7 @@ module.exports = {
return { return {
"CallExpression[arguments.length=2] > MemberExpression.callee[property.name='insertAdjacentHTML']"( "CallExpression[arguments.length=2] > MemberExpression.callee[property.name='insertAdjacentHTML']"(
node, node
) { ) {
// Ignore known false positives // Ignore known false positives
if ( if (
@ -53,12 +53,12 @@ module.exports = {
if (mightBeHTMLElement(node.object)) { if (mightBeHTMLElement(node.object)) {
context.report({ context.report({
node: node, node: node,
messageId: "noInsertAdjacentHTML", messageId: "noInsertAdjacentHTML"
}); });
} }
}, },
"AssignmentExpression[left.type='MemberExpression'][left.property.name=/innerHTML|outerHTML/]"( "AssignmentExpression[left.type='MemberExpression'][left.property.name=/innerHTML|outerHTML/]"(
node, node
) { ) {
// Ignore known false positives // Ignore known false positives
if ( if (
@ -73,10 +73,10 @@ module.exports = {
if (mightBeHTMLElement(node.left.object)) { if (mightBeHTMLElement(node.left.object)) {
context.report({ context.report({
node: node, node: node,
messageId: "noInnerHtml", messageId: "noInnerHtml"
}); });
} }
}, }
}; };
}, }
}; };

20
lib/rules/no-insecure-random.js
Просмотреть файл

@ -17,7 +17,7 @@ const bannedRandomLibraries = [
"random-int", "random-int",
"random-float", "random-float",
"random-seed", "random-seed",
"unique-random", "unique-random"
]; ];
module.exports = { module.exports = {
@ -31,12 +31,12 @@ module.exports = {
Use crypto.randomBytes() or window.crypto.getRandomValues() instead. Use crypto.randomBytes() or window.crypto.getRandomValues() instead.
`, `,
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-insecure-random.md", url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-insecure-random.md"
}, },
messages: { messages: {
default: default:
"Do not use pseudo-random number generators for generating secret values such as tokens, passwords or keys.", "Do not use pseudo-random number generators for generating secret values such as tokens, passwords or keys."
}, }
}, },
create: function (context) { create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context); const fullTypeChecker = astUtils.getFullTypeChecker(context);
@ -54,7 +54,7 @@ module.exports = {
if (notFalsePositive) { if (notFalsePositive) {
context.report({ context.report({
node: node, node: node,
messageId: "default", messageId: "default"
}); });
} }
}, },
@ -70,7 +70,7 @@ module.exports = {
if (notFalsePositive) { if (notFalsePositive) {
context.report({ context.report({
node: node, node: node,
messageId: "default", messageId: "default"
}); });
} }
}, },
@ -78,7 +78,7 @@ module.exports = {
if (bannedRandomLibraries.includes(path.basename(node.source.value))) { if (bannedRandomLibraries.includes(path.basename(node.source.value))) {
context.report({ context.report({
node: node, node: node,
messageId: "default", messageId: "default"
}); });
} }
}, },
@ -87,10 +87,10 @@ module.exports = {
if (bannedRandomLibraries.includes(requireName)) { if (bannedRandomLibraries.includes(requireName)) {
context.report({ context.report({
node: node, node: node,
messageId: "default", messageId: "default"
}); });
} }
}, }
}; };
}, }
}; };

36
lib/rules/no-insecure-url.js
Просмотреть файл

@ -15,7 +15,7 @@ const DEFAULT_EXCEPTIONS = [
/^http:(\/\/|\\u002f\\u002f)schemas\.openxmlformats\.org(\/\/|\\u002f\\u002f)?.*/i, /^http:(\/\/|\\u002f\\u002f)schemas\.openxmlformats\.org(\/\/|\\u002f\\u002f)?.*/i,
/^http:(\/|\\u002f){2}localhost(:|\/|\\u002f)*/i, /^http:(\/|\\u002f){2}localhost(:|\/|\\u002f)*/i,
/^http:(\/\/)www\.w3\.org\/1999\/xhtml/i, /^http:(\/\/)www\.w3\.org\/1999\/xhtml/i,
/^http:(\/\/)www\.w3\.org\/2000\/svg/i, /^http:(\/\/)www\.w3\.org\/2000\/svg/i
]; ];
const DEFAULT_VARIABLES_EXECEPTIONS = []; const DEFAULT_VARIABLES_EXECEPTIONS = [];
@ -34,34 +34,34 @@ module.exports = {
blocklist: { blocklist: {
type: "array", type: "array",
items: { items: {
type: "string", type: "string"
}, }
}, },
exceptions: { exceptions: {
type: "array", type: "array",
items: { items: {
type: "string", type: "string"
}, }
}, },
varExceptions: { varExceptions: {
type: "array", type: "array",
items: { items: {
type: "string", type: "string"
}, }
}, }
}, },
additionalProperties: false, additionalProperties: false
}, }
], ],
docs: { docs: {
category: "Security", category: "Security",
description: description:
"Insecure protocols such as [HTTP](https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol) or [FTP](https://en.wikipedia.org/wiki/File_Transfer_Protocol) should be replaced by their encrypted counterparts ([HTTPS](https://en.wikipedia.org/wiki/HTTPS), [FTPS](https://en.wikipedia.org/wiki/FTPS)) to avoid sending (potentially sensitive) data over untrusted network in plaintext.", "Insecure protocols such as [HTTP](https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol) or [FTP](https://en.wikipedia.org/wiki/File_Transfer_Protocol) should be replaced by their encrypted counterparts ([HTTPS](https://en.wikipedia.org/wiki/HTTPS), [FTPS](https://en.wikipedia.org/wiki/FTPS)) to avoid sending (potentially sensitive) data over untrusted network in plaintext.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-insecure-url.md", url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-insecure-url.md"
}, },
messages: { messages: {
doNotUseInsecureUrl: "Do not use insecure URLs", doNotUseInsecureUrl: "Do not use insecure URLs"
}, }
}, },
create: function (context) { create: function (context) {
const options = context.options[0] || {}; const options = context.options[0] || {};
@ -74,7 +74,7 @@ module.exports = {
const varExceptions = (options.varExceptions || DEFAULT_VARIABLES_EXECEPTIONS).map( const varExceptions = (options.varExceptions || DEFAULT_VARIABLES_EXECEPTIONS).map(
(pattern) => { (pattern) => {
return new RegExp(pattern, "i"); return new RegExp(pattern, "i");
}, }
); );
function matches(patterns, value) { function matches(patterns, value) {
@ -120,7 +120,7 @@ module.exports = {
//insert an "s" before ":/" to change http:/ to https:/ //insert an "s" before ":/" to change http:/ to https:/
return fixer.replaceText(node, JSON.stringify(fixedString)); return fixer.replaceText(node, JSON.stringify(fixedString));
} }
}, }
}); });
} }
} }
@ -149,11 +149,11 @@ module.exports = {
//insert an "s" before ":/" to change http:/ to https:/ //insert an "s" before ":/" to change http:/ to https:/
return fixer.replaceText(node, fixedString); return fixer.replaceText(node, fixedString);
} }
}, }
}); });
} }
} }
}, }
}; };
}, }
}; };

14
lib/rules/no-msapp-exec-unsafe.js
Просмотреть файл

@ -16,22 +16,22 @@ module.exports = {
docs: { docs: {
description: description:
"Calls to [`MSApp.execUnsafeLocalFunction()`](https://docs.microsoft.com/en-us/previous-versions/hh772324(v=vs.85)) bypass script injection validation and should be avoided.", "Calls to [`MSApp.execUnsafeLocalFunction()`](https://docs.microsoft.com/en-us/previous-versions/hh772324(v=vs.85)) bypass script injection validation and should be avoided.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-msapp-exec-unsafe.md", url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-msapp-exec-unsafe.md"
}, },
messages: { messages: {
default: "Do not bypass script injection validation", default: "Do not bypass script injection validation"
}, }
}, },
create: function (context) { create: function (context) {
return { return {
"CallExpression[arguments.length=1][callee.object.name='MSApp'][callee.property.name='execUnsafeLocalFunction']"( "CallExpression[arguments.length=1][callee.object.name='MSApp'][callee.property.name='execUnsafeLocalFunction']"(
node, node
) { ) {
context.report({ context.report({
node: node, node: node,
messageId: "default", messageId: "default"
}); });
}, }
}; };
}, }
}; };

16
lib/rules/no-postmessage-star-origin.js
Просмотреть файл

@ -17,17 +17,17 @@ module.exports = {
docs: { docs: {
description: description:
"Always provide specific target origin, not * when sending data to other windows using [`postMessage`](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage#Security_concerns) to avoid data leakage outside of trust boundary.", "Always provide specific target origin, not * when sending data to other windows using [`postMessage`](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage#Security_concerns) to avoid data leakage outside of trust boundary.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-postmessage-star-origin.md", url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-postmessage-star-origin.md"
}, },
messages: { messages: {
default: "Do not use * as target origin when sending data to other windows", default: "Do not use * as target origin when sending data to other windows"
}, }
}, },
create: function (context) { create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context); const fullTypeChecker = astUtils.getFullTypeChecker(context);
return { return {
"CallExpression[arguments.length>=2][arguments.length<=3][callee.property.name=postMessage]"( "CallExpression[arguments.length>=2][arguments.length<=3][callee.property.name=postMessage]"(
node, node
) { ) {
// Check that second argument (target origin) is Literal "*" // Check that second argument (target origin) is Literal "*"
if (!(node.arguments[1].type === "Literal" && node.arguments[1].value == "*")) { if (!(node.arguments[1].type === "Literal" && node.arguments[1].value == "*")) {
@ -37,7 +37,7 @@ module.exports = {
// Check that object type is Window when full type information is available // Check that object type is Window when full type information is available
if (fullTypeChecker) { if (fullTypeChecker) {
const tsNode = context.sourceCode.parserServices.esTreeNodeToTSNodeMap.get( const tsNode = context.sourceCode.parserServices.esTreeNodeToTSNodeMap.get(
node.callee.object, node.callee.object
); );
const tsType = fullTypeChecker.getTypeAtLocation(tsNode); const tsType = fullTypeChecker.getTypeAtLocation(tsNode);
const type = fullTypeChecker.typeToString(tsType); const type = fullTypeChecker.typeToString(tsType);
@ -48,9 +48,9 @@ module.exports = {
context.report({ context.report({
node: node, node: node,
messageId: "default", messageId: "default"
}); });
}, }
}; };
}, }
}; };

12
lib/rules/no-unsafe-alloc.js
Просмотреть файл

@ -11,11 +11,11 @@ module.exports = {
docs: { docs: {
description: description:
"When calling [`Buffer.allocUnsafe`](https://nodejs.org/api/buffer.html#buffer_static_method_buffer_allocunsafe_size) and [`Buffer.allocUnsafeSlow`](https://nodejs.org/api/buffer.html#buffer_static_method_buffer_allocunsafeslow_size), the allocated memory is not wiped-out and can contain old, potentially sensitive data.", "When calling [`Buffer.allocUnsafe`](https://nodejs.org/api/buffer.html#buffer_static_method_buffer_allocunsafe_size) and [`Buffer.allocUnsafeSlow`](https://nodejs.org/api/buffer.html#buffer_static_method_buffer_allocunsafeslow_size), the allocated memory is not wiped-out and can contain old, potentially sensitive data.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-unsafe-alloc.md", url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-unsafe-alloc.md"
}, },
messages: { messages: {
default: "Do not allocate uninitialized buffers in Node.js", default: "Do not allocate uninitialized buffers in Node.js"
}, }
}, },
create: function (context) { create: function (context) {
return { return {
@ -36,9 +36,9 @@ module.exports = {
} }
context.report({ context.report({
node: node, node: node,
messageId: "default", messageId: "default"
}); });
}, }
}; };
}, }
}; };

14
lib/rules/no-winjs-html-unsafe.js
Просмотреть файл

@ -16,22 +16,22 @@ module.exports = {
docs: { docs: {
description: description:
"Calls to [`WinJS.Utilities.setInnerHTMLUnsafe()`](https://docs.microsoft.com/en-us/previous-versions/windows/apps/br211696(v=win.10)) and similar methods do not perform any input validation and should be avoided. Use [`WinJS.Utilities.setInnerHTML()`](https://docs.microsoft.com/en-us/previous-versions/windows/apps/br211697(v=win.10)) instead.", "Calls to [`WinJS.Utilities.setInnerHTMLUnsafe()`](https://docs.microsoft.com/en-us/previous-versions/windows/apps/br211696(v=win.10)) and similar methods do not perform any input validation and should be avoided. Use [`WinJS.Utilities.setInnerHTML()`](https://docs.microsoft.com/en-us/previous-versions/windows/apps/br211697(v=win.10)) instead.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-winjs-html-unsafe.md", url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-winjs-html-unsafe.md"
}, },
messages: { messages: {
default: "Do not set HTML using unsafe methods from WinJS.Utilities", default: "Do not set HTML using unsafe methods from WinJS.Utilities"
}, }
}, },
create: function (context) { create: function (context) {
return { return {
"CallExpression[callee.object.object.name='WinJS'][callee.object.property.name='Utilities'][callee.property.name=/(insertAdjacent|setInner|setOuter)HTMLUnsafe/]"( "CallExpression[callee.object.object.name='WinJS'][callee.object.property.name='Utilities'][callee.property.name=/(insertAdjacent|setInner|setOuter)HTMLUnsafe/]"(
node, node
) { ) {
context.report({ context.report({
node: node, node: node,
messageId: "default", messageId: "default"
}); });
}, }
}; };
}, }
}; };

20
lib/rules/react-iframe-missing-sandbox.js поставляемый
Просмотреть файл

@ -18,15 +18,15 @@ module.exports = {
category: "Security", category: "Security",
description: description:
"The [sandbox](https://www.w3schools.com/tags/att_iframe_sandbox.asp) attribute enables an extra set of restrictions for the content in the iframe and should always be specified.", "The [sandbox](https://www.w3schools.com/tags/att_iframe_sandbox.asp) attribute enables an extra set of restrictions for the content in the iframe and should always be specified.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/react-iframe-missing-sandbox.md", url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/react-iframe-missing-sandbox.md"
}, },
messages: { messages: {
attributeMissing: "An iframe element is missing a sandbox attribute", attributeMissing: "An iframe element is missing a sandbox attribute",
invalidValue: invalidValue:
'An iframe element defines a sandbox attribute with invalid value "{{ value }}"', 'An iframe element defines a sandbox attribute with invalid value "{{ value }}"',
invalidCombination: invalidCombination:
"An iframe element defines a sandbox attribute with both allow-scripts and allow-same-origin which is invalid", "An iframe element defines a sandbox attribute with both allow-scripts and allow-same-origin which is invalid"
}, }
}, },
create(context) { create(context) {
@ -43,7 +43,7 @@ module.exports = {
"allow-same-origin", "allow-same-origin",
"allow-scripts", "allow-scripts",
"allow-top-navigation", "allow-top-navigation",
"allow-top-navigation-by-user-activation", "allow-top-navigation-by-user-activation"
]; ];
function validateSandboxAttribute(node, attribute) { function validateSandboxAttribute(node, attribute) {
@ -57,8 +57,8 @@ module.exports = {
node, node,
messageId: "invalidValue", messageId: "invalidValue",
data: { data: {
value: trimmedAttributeValue, value: trimmedAttributeValue
}, }
}); });
} }
if (trimmedAttributeValue === "allow-scripts") { if (trimmedAttributeValue === "allow-scripts") {
@ -71,7 +71,7 @@ module.exports = {
if (allowScripts && allowSameOrigin) { if (allowScripts && allowSameOrigin) {
context.report({ context.report({
node, node,
messageId: "invalidCombination", messageId: "invalidCombination"
}); });
} }
} }
@ -96,10 +96,10 @@ module.exports = {
if (!sandboxAttributeFound) { if (!sandboxAttributeFound) {
context.report({ context.report({
node, node,
messageId: "attributeMissing", messageId: "attributeMissing"
}); });
} }
}, }
}; };
}, }
}; };

20
tests/lib/rules/no-angular-bypass-sanitizer.js
Просмотреть файл

@ -11,7 +11,7 @@ ruleTester.run(ruleId, rule, {
valid: [ valid: [
"bypassSecurityTrustHtml('XSS')", "bypassSecurityTrustHtml('XSS')",
"x.bypassSecurityTrustHtml()", "x.bypassSecurityTrustHtml()",
"x.BypassSecurityTrustHtml('XSS')", "x.BypassSecurityTrustHtml('XSS')"
], ],
invalid: [ invalid: [
{ {
@ -22,25 +22,25 @@ ruleTester.run(ruleId, rule, {
line: 1, line: 1,
endLine: 1, endLine: 1,
column: 1, column: 1,
endColumn: 38, endColumn: 38
}, }
], ]
}, },
{ {
code: "$('p').bypassSecurityTrustResourceUrl('XSS')", code: "$('p').bypassSecurityTrustResourceUrl('XSS')",
errors: [{ messageId: "noBypass" }], errors: [{ messageId: "noBypass" }]
}, },
{ {
code: "$('p').bypassSecurityTrustScript('XSS')", code: "$('p').bypassSecurityTrustScript('XSS')",
errors: [{ messageId: "noBypass" }], errors: [{ messageId: "noBypass" }]
}, },
{ {
code: "$('p').bypassSecurityTrustStyle('XSS')", code: "$('p').bypassSecurityTrustStyle('XSS')",
errors: [{ messageId: "noBypass" }], errors: [{ messageId: "noBypass" }]
}, },
{ {
code: "$('p').bypassSecurityTrustUrl('XSS')", code: "$('p').bypassSecurityTrustUrl('XSS')",
errors: [{ messageId: "noBypass" }], errors: [{ messageId: "noBypass" }]
}, }
], ]
}); });

18
tests/lib/rules/no-angular-sanitization-trusted-urls.js
Просмотреть файл

@ -12,7 +12,7 @@ ruleTester.run(ruleId, rule, {
"aHrefSanitizationTrustedUrlList ('.*')", "aHrefSanitizationTrustedUrlList ('.*')",
"x.aHrefSanitizationTrustedUrlList ('.*')", "x.aHrefSanitizationTrustedUrlList ('.*')",
"$compileProvider.aHrefSanitizationTrustedUrlList ()", "$compileProvider.aHrefSanitizationTrustedUrlList ()",
"$compileProvider.AHrefSanitizationTrustedUrlList ('.*')", "$compileProvider.AHrefSanitizationTrustedUrlList ('.*')"
], ],
invalid: [ invalid: [
{ {
@ -23,9 +23,9 @@ ruleTester.run(ruleId, rule, {
line: 1, line: 1,
endLine: 1, endLine: 1,
column: 1, column: 1,
endColumn: 56, endColumn: 56
}, }
], ]
}, },
{ {
code: "$compileProvider.imgSrcSanitizationTrustedUrlList('.*');", code: "$compileProvider.imgSrcSanitizationTrustedUrlList('.*');",
@ -35,9 +35,9 @@ ruleTester.run(ruleId, rule, {
line: 1, line: 1,
endLine: 1, endLine: 1,
column: 1, column: 1,
endColumn: 56, endColumn: 56
}, }
], ]
}, }
], ]
}); });

26
tests/lib/rules/no-angularjs-bypass-sce.js
Просмотреть файл

@ -16,48 +16,48 @@ ruleTester.run(ruleId, rule, {
"x.trustAsHtml('XSS')", "x.trustAsHtml('XSS')",
"$sceProvider.enabled()", "$sceProvider.enabled()",
"$sceProvider.enabled(true)", "$sceProvider.enabled(true)",
"$sceProvider.enabled(1)", "$sceProvider.enabled(1)"
], ],
invalid: [ invalid: [
{ {
code: "$sceDelegate.trustAs($sce.HTML, 'XSS')", code: "$sceDelegate.trustAs($sce.HTML, 'XSS')",
errors: [{ messageId: "doNotBypass" }], errors: [{ messageId: "doNotBypass" }]
}, },
{ {
code: "$sce.trustAs($sce.HTML, 'XSS')", code: "$sce.trustAs($sce.HTML, 'XSS')",
errors: [{ messageId: "doNotBypass" }], errors: [{ messageId: "doNotBypass" }]
}, },
{ {
code: "$sce.trustAsCss('XSS')", code: "$sce.trustAsCss('XSS')",
errors: [{ messageId: "doNotBypass" }], errors: [{ messageId: "doNotBypass" }]
}, },
{ {
code: "$sce.trustAsHtml('XSS')", code: "$sce.trustAsHtml('XSS')",
errors: [{ messageId: "doNotBypass" }], errors: [{ messageId: "doNotBypass" }]
}, },
{ {
code: "$sce.trustAsJs('XSS')", code: "$sce.trustAsJs('XSS')",
errors: [{ messageId: "doNotBypass" }], errors: [{ messageId: "doNotBypass" }]
}, },
{ {
code: "$sce.trustAsResourceUrl('XSS')", code: "$sce.trustAsResourceUrl('XSS')",
errors: [{ messageId: "doNotBypass" }], errors: [{ messageId: "doNotBypass" }]
}, },
{ {
code: "$sce.trustAsUrl('XSS')", code: "$sce.trustAsUrl('XSS')",
errors: [{ messageId: "doNotBypass" }], errors: [{ messageId: "doNotBypass" }]
}, },
{ {
code: "$sceProvider.enabled(false)", code: "$sceProvider.enabled(false)",
errors: [{ messageId: "doNotBypass" }], errors: [{ messageId: "doNotBypass" }]
}, },
{ {
code: "$sceProvider.enabled(0)", code: "$sceProvider.enabled(0)",
errors: [{ messageId: "doNotBypass" }], errors: [{ messageId: "doNotBypass" }]
}, },
{ {
code: "$sceProvider.enabled(true != true)", code: "$sceProvider.enabled(true != true)",
errors: [{ messageId: "doNotBypass" }], errors: [{ messageId: "doNotBypass" }]
}, }
], ]
}); });

10
tests/lib/rules/no-angularjs-enable-svg.js
Просмотреть файл

@ -14,16 +14,16 @@ ruleTester.run(ruleId, rule, {
"$sanitizeProvider.enableSvg()", "$sanitizeProvider.enableSvg()",
"$sanitizeProvider.enableSvg(false)", "$sanitizeProvider.enableSvg(false)",
"$sanitizeProvider.enableSvg(0)", "$sanitizeProvider.enableSvg(0)",
"$sanitizeProvider.EnableSvg(0)", "$sanitizeProvider.EnableSvg(0)"
], ],
invalid: [ invalid: [
{ {
code: "$sanitizeProvider.enableSvg(true)", code: "$sanitizeProvider.enableSvg(true)",
errors: [{ messageId: "doNotEnableSVG" }], errors: [{ messageId: "doNotEnableSVG" }]
}, },
{ {
code: "$sanitizeProvider.enableSvg(1)", code: "$sanitizeProvider.enableSvg(1)",
errors: [{ messageId: "doNotEnableSVG" }], errors: [{ messageId: "doNotEnableSVG" }]
}, }
], ]
}); });

18
tests/lib/rules/no-angularjs-sanitization-whitelist.js
Просмотреть файл

@ -12,7 +12,7 @@ ruleTester.run(ruleId, rule, {
"aHrefSanitizationWhitelist('.*')", "aHrefSanitizationWhitelist('.*')",
"x.aHrefSanitizationWhitelist('.*')", "x.aHrefSanitizationWhitelist('.*')",
"$compileProvider.aHrefSanitizationWhitelist()", "$compileProvider.aHrefSanitizationWhitelist()",
"$compileProvider.AHrefSanitizationWhitelist('.*')", "$compileProvider.AHrefSanitizationWhitelist('.*')"
], ],
invalid: [ invalid: [
{ {
@ -23,9 +23,9 @@ ruleTester.run(ruleId, rule, {
line: 1, line: 1,
endLine: 1, endLine: 1,
column: 1, column: 1,
endColumn: 50, endColumn: 50
}, }
], ]
}, },
{ {
code: "$compileProvider.imgSrcSanitizationWhitelist('.*');", code: "$compileProvider.imgSrcSanitizationWhitelist('.*');",
@ -35,9 +35,9 @@ ruleTester.run(ruleId, rule, {
line: 1, line: 1,
endLine: 1, endLine: 1,
column: 1, column: 1,
endColumn: 51, endColumn: 51
}, }
], ]
}, }
], ]
}); });

20
tests/lib/rules/no-cookies.js
Просмотреть файл

@ -39,25 +39,25 @@ function X() {
} }
documentLikeAPIFunction().cookie = '...'; documentLikeAPIFunction().cookie = '...';
`, `
}, }
], ],
invalid: [ invalid: [
{ {
code: "document.cookie = '...'", code: "document.cookie = '...'",
errors: [{ messageId: "doNotUseCookies" }], errors: [{ messageId: "doNotUseCookies" }]
}, },
{ {
code: "window.document.cookie = '...'", code: "window.document.cookie = '...'",
errors: [{ messageId: "doNotUseCookies" }], errors: [{ messageId: "doNotUseCookies" }]
}, },
{ {
code: "this.window.document.cookie = '...'", code: "this.window.document.cookie = '...'",
errors: [{ messageId: "doNotUseCookies" }], errors: [{ messageId: "doNotUseCookies" }]
}, },
{ {
code: "globalThis.window.document.cookie = '...'", code: "globalThis.window.document.cookie = '...'",
errors: [{ messageId: "doNotUseCookies" }], errors: [{ messageId: "doNotUseCookies" }]
}, },
{ {
languageOptions: testUtils.tsLanguageOptions, languageOptions: testUtils.tsLanguageOptions,
@ -67,7 +67,7 @@ function documentFunction(): Document {
} }
documentFunction().cookie = '...'; documentFunction().cookie = '...';
`, `,
errors: [{ messageId: "doNotUseCookies" }], errors: [{ messageId: "doNotUseCookies" }]
}, },
{ {
languageOptions: testUtils.tsLanguageOptions, languageOptions: testUtils.tsLanguageOptions,
@ -78,7 +78,7 @@ namespace Sample {
} }
} }
`, `,
errors: [{ messageId: "doNotUseCookies" }], errors: [{ messageId: "doNotUseCookies" }]
}, }
], ]
}); });

24
tests/lib/rules/no-document-domain.js
Просмотреть файл

@ -23,22 +23,22 @@ function main() {
var document: DocumentLikeAPI = documentLikeAPIFunction(); var document: DocumentLikeAPI = documentLikeAPIFunction();
document.domain = 'somevalue'; document.domain = 'somevalue';
} }
`, `
}, }
], ],
invalid: [ invalid: [
{ {
languageOptions: testUtils.tsLanguageOptions, languageOptions: testUtils.tsLanguageOptions,
code: "var doc = window.document; doc.domain = 'somevalue';", code: "var doc = window.document; doc.domain = 'somevalue';",
errors: [{ messageId: "default" }], errors: [{ messageId: "default" }]
}, },
{ {
code: "document.domain = 'somevalue'", code: "document.domain = 'somevalue'",
errors: [{ messageId: "default" }], errors: [{ messageId: "default" }]
}, },
{ {
code: "window.document.domain = 'somevalue'", code: "window.document.domain = 'somevalue'",
errors: [{ messageId: "default" }], errors: [{ messageId: "default" }]
}, },
{ {
code: ` code: `
@ -50,17 +50,17 @@ newWindow.document.domain = somevalue;
errors: [ errors: [
{ {
line: 3, line: 3,
messageId: "default", messageId: "default"
}, },
{ {
line: 4, line: 4,
messageId: "default", messageId: "default"
}, },
{ {
line: 5, line: 5,
messageId: "default", messageId: "default"
}, }
], ]
}, }
], ]
}); });

18
tests/lib/rules/no-document-write.js
Просмотреть файл

@ -23,7 +23,7 @@ ruleTester.run(ruleId, rule, {
writeln: () => {}, writeln: () => {},
}; };
} }
`, `
}, },
{ {
code: ` code: `
@ -43,8 +43,8 @@ ruleTester.run(ruleId, rule, {
document.write('', ''); document.write('', '');
document.writeln(); document.writeln();
document.writeln('', ''); document.writeln('', '');
`, `
}, }
], ],
invalid: [ invalid: [
{ {
@ -63,8 +63,8 @@ ruleTester.run(ruleId, rule, {
{ messageId: "default", line: 3 }, { messageId: "default", line: 3 },
{ messageId: "default", line: 4 }, { messageId: "default", line: 4 },
{ messageId: "default", line: 8 }, { messageId: "default", line: 8 },
{ messageId: "default", line: 9 }, { messageId: "default", line: 9 }
], ]
}, },
{ {
code: ` code: `
@ -81,8 +81,8 @@ ruleTester.run(ruleId, rule, {
{ messageId: "default", line: 4 }, { messageId: "default", line: 4 },
{ messageId: "default", line: 5 }, { messageId: "default", line: 5 },
{ messageId: "default", line: 6 }, { messageId: "default", line: 6 },
{ messageId: "default", line: 7 }, { messageId: "default", line: 7 }
], ]
}, }
], ]
}); });

16
tests/lib/rules/no-electron-node-integration.js
Просмотреть файл

@ -23,8 +23,8 @@ ruleTester.run(ruleId, rule, {
nodeIntegration: false nodeIntegration: false
} }
}); });
`, `
}, }
], ],
invalid: [ invalid: [
{ {
@ -40,8 +40,8 @@ ruleTester.run(ruleId, rule, {
errors: [ errors: [
{ messageId: "default", line: 4 }, { messageId: "default", line: 4 },
{ messageId: "default", line: 5 }, { messageId: "default", line: 5 },
{ messageId: "default", line: 6 }, { messageId: "default", line: 6 }
], ]
}, },
{ {
code: ` code: `
@ -56,8 +56,8 @@ ruleTester.run(ruleId, rule, {
errors: [ errors: [
{ messageId: "default", line: 4 }, { messageId: "default", line: 4 },
{ messageId: "default", line: 5 }, { messageId: "default", line: 5 },
{ messageId: "default", line: 6 }, { messageId: "default", line: 6 }
], ]
}, }
], ]
}); });

12
tests/lib/rules/no-html-method.js
Просмотреть файл

@ -14,16 +14,16 @@ ruleTester.run(ruleId, rule, {
"test.html()", "test.html()",
"test.html('','')", "test.html('','')",
"element.html('');", "element.html('');",
"element.html(null);", "element.html(null);"
], ],
invalid: [ invalid: [
{ {
code: "$('p').html('XSS')", code: "$('p').html('XSS')",
errors: [{ messageId: "default", line: 1 }], errors: [{ messageId: "default", line: 1 }]
}, },
{ {
code: "$(selector).html(sample_function())", code: "$(selector).html(sample_function())",
errors: [{ messageId: "default", line: 1 }], errors: [{ messageId: "default", line: 1 }]
}, },
{ {
languageOptions: testUtils.es6LanguageOptions, languageOptions: testUtils.es6LanguageOptions,
@ -31,7 +31,7 @@ ruleTester.run(ruleId, rule, {
import $ from "jquery"; import $ from "jquery";
test.html('XSS'); test.html('XSS');
`, `,
errors: [{ messageId: "default", line: 3 }], errors: [{ messageId: "default", line: 3 }]
}, }
], ]
}); });

22
tests/lib/rules/no-inner-html.js
Просмотреть файл

@ -29,8 +29,8 @@ ruleTester.run(ruleId, rule, {
let test = new Test("test"); let test = new Test("test");
test.innerHTML = test; test.innerHTML = test;
test.outerHTML = test; test.outerHTML = test;
`, `
}, }
], ],
invalid: [ invalid: [
// TypeScript with full type information // TypeScript with full type information
@ -45,8 +45,8 @@ ruleTester.run(ruleId, rule, {
errors: [ errors: [
{ messageId: "noInnerHtml", line: 3 }, { messageId: "noInnerHtml", line: 3 },
{ messageId: "noInnerHtml", line: 4 }, { messageId: "noInnerHtml", line: 4 },
{ messageId: "noInsertAdjacentHTML", line: 5 }, { messageId: "noInsertAdjacentHTML", line: 5 }
], ]
}, },
{ {
code: ` code: `
@ -55,8 +55,8 @@ ruleTester.run(ruleId, rule, {
`, `,
errors: [ errors: [
{ messageId: "noInnerHtml", line: 2 }, { messageId: "noInnerHtml", line: 2 },
{ messageId: "noInnerHtml", line: 3 }, { messageId: "noInnerHtml", line: 3 }
], ]
}, },
{ {
code: ` code: `
@ -65,12 +65,12 @@ ruleTester.run(ruleId, rule, {
`, `,
errors: [ errors: [
{ messageId: "noInnerHtml", line: 2 }, { messageId: "noInnerHtml", line: 2 },
{ messageId: "noInnerHtml", line: 3 }, { messageId: "noInnerHtml", line: 3 }
], ]
}, },
{ {
code: "element.insertAdjacentHTML('beforebegin', 'foo')", code: "element.insertAdjacentHTML('beforebegin', 'foo')",
errors: [{ messageId: "noInsertAdjacentHTML", line: 1 }], errors: [{ messageId: "noInsertAdjacentHTML", line: 1 }]
}, }
], ]
}); });

44
tests/lib/rules/no-insecure-random.js
Просмотреть файл

@ -20,7 +20,7 @@ ruleTester.run(ruleId, rule, {
Math.random; Math.random;
math.random(); math.random();
random(); random();
`, `
}, },
{ {
code: ` code: `
@ -30,7 +30,7 @@ ruleTester.run(ruleId, rule, {
require('random-package'); require('random-package');
require('random-float2'); require('random-float2');
require('random2-seed'); require('random2-seed');
`, `
}, },
{ {
languageOptions: testUtils.es6LanguageOptions, languageOptions: testUtils.es6LanguageOptions,
@ -41,7 +41,7 @@ ruleTester.run(ruleId, rule, {
import 'eslint'; import 'eslint';
import 'eslint-plugin-sdl'; import 'eslint-plugin-sdl';
import 'testing'; import 'testing';
`, `
}, },
{ {
code: ` code: `
@ -49,7 +49,7 @@ ruleTester.run(ruleId, rule, {
pseudoRandomBytes(); pseudoRandomBytes();
pseudoRandomByte(); pseudoRandomByte();
cryptos.pseudoRondomBytes(); cryptos.pseudoRondomBytes();
`, `
}, },
{ {
languageOptions: testUtils.tsLanguageOptions, languageOptions: testUtils.tsLanguageOptions,
@ -60,7 +60,7 @@ ruleTester.run(ruleId, rule, {
Math.Random; Math.Random;
Math.random; Math.random;
`, `
}, },
{ {
languageOptions: testUtils.tsLanguageOptions, languageOptions: testUtils.tsLanguageOptions,
@ -72,8 +72,8 @@ ruleTester.run(ruleId, rule, {
pseudoRandomByte(); pseudoRandomByte();
cryptos.pseudoRondomBytes(); cryptos.pseudoRondomBytes();
cryptos.pseudoRondomBytes(); cryptos.pseudoRondomBytes();
`, `
}, }
], ],
invalid: [ invalid: [
{ {
@ -83,8 +83,8 @@ ruleTester.run(ruleId, rule, {
`, `,
errors: [ errors: [
{ messageId: "default", line: 2 }, { messageId: "default", line: 2 },
{ messageId: "default", line: 3 }, { messageId: "default", line: 3 }
], ]
}, },
{ {
languageOptions: testUtils.tsLanguageOptions, languageOptions: testUtils.tsLanguageOptions,
@ -94,8 +94,8 @@ ruleTester.run(ruleId, rule, {
`, `,
errors: [ errors: [
{ messageId: "default", line: 2 }, { messageId: "default", line: 2 },
{ messageId: "default", line: 3 }, { messageId: "default", line: 3 }
], ]
}, },
{ {
languageOptions: testUtils.tsLanguageOptions, languageOptions: testUtils.tsLanguageOptions,
@ -106,14 +106,14 @@ ruleTester.run(ruleId, rule, {
notMath().random(); notMath().random();
`, `,
errors: [{ messageId: "default", line: 6 }], errors: [{ messageId: "default", line: 6 }]
}, },
{ {
languageOptions: testUtils.tsLanguageOptions, languageOptions: testUtils.tsLanguageOptions,
code: ` code: `
crypto.pseudoRandomBytes(); crypto.pseudoRandomBytes();
`, `,
errors: [{ messageId: "default", line: 2 }], errors: [{ messageId: "default", line: 2 }]
}, },
{ {
languageOptions: testUtils.tsLanguageOptions, languageOptions: testUtils.tsLanguageOptions,
@ -124,7 +124,7 @@ ruleTester.run(ruleId, rule, {
notCrypto().pseudoRandomBytes(); notCrypto().pseudoRandomBytes();
`, `,
errors: [{ messageId: "default", line: 6 }], errors: [{ messageId: "default", line: 6 }]
}, },
{ {
languageOptions: testUtils.es6LanguageOptions, languageOptions: testUtils.es6LanguageOptions,
@ -142,8 +142,8 @@ ruleTester.run(ruleId, rule, {
{ messageId: "default", line: 4 }, { messageId: "default", line: 4 },
{ messageId: "default", line: 5 }, { messageId: "default", line: 5 },
{ messageId: "default", line: 6 }, { messageId: "default", line: 6 },
{ messageId: "default", line: 7 }, { messageId: "default", line: 7 }
], ]
}, },
{ {
languageOptions: testUtils.es6LanguageOptions, languageOptions: testUtils.es6LanguageOptions,
@ -159,8 +159,8 @@ ruleTester.run(ruleId, rule, {
{ messageId: "default", line: 3 }, { messageId: "default", line: 3 },
{ messageId: "default", line: 4 }, { messageId: "default", line: 4 },
{ messageId: "default", line: 5 }, { messageId: "default", line: 5 },
{ messageId: "default", line: 6 }, { messageId: "default", line: 6 }
], ]
}, },
{ {
code: ` code: `
@ -177,8 +177,8 @@ ruleTester.run(ruleId, rule, {
{ messageId: "default", line: 4 }, { messageId: "default", line: 4 },
{ messageId: "default", line: 5 }, { messageId: "default", line: 5 },
{ messageId: "default", line: 6 }, { messageId: "default", line: 6 },
{ messageId: "default", line: 7 }, { messageId: "default", line: 7 }
], ]
}, }
], ]
}); });

70
tests/lib/rules/no-insecure-url.js
Просмотреть файл

@ -21,7 +21,7 @@ ruleTester.run(ruleId, rule, {
code: ` code: `
var x = 'https://www.example.com' var x = 'https://www.example.com'
var y = 'ftps://www.example.com' var y = 'ftps://www.example.com'
`, `
}, },
{ {
// should allow https,ftps template strings in variables // should allow https,ftps template strings in variables
@ -29,7 +29,7 @@ ruleTester.run(ruleId, rule, {
var x = \`https://www.template-examples.com\` var x = \`https://www.template-examples.com\`
var y = \`ftps://www.template-file-examples.com\` var y = \`ftps://www.template-file-examples.com\`
`, `,
languageOptions: testUtils.es6LanguageOptions, languageOptions: testUtils.es6LanguageOptions
}, },
{ {
// should allow https,ftps multipart template strings in variables // should allow https,ftps multipart template strings in variables
@ -37,11 +37,11 @@ ruleTester.run(ruleId, rule, {
var x = \`https://www.\${multipartExample}.com\` var x = \`https://www.\${multipartExample}.com\`
var y = \`ftps://www.\${multipartExample}.com\` var y = \`ftps://www.\${multipartExample}.com\`
`, `,
languageOptions: testUtils.es6LanguageOptions, languageOptions: testUtils.es6LanguageOptions
}, },
{ {
// should allow http,ftp in middle of string // should allow http,ftp in middle of string
code: "var x = 'The protocol may be http://, https://, ftp:// or ftps://'", code: "var x = 'The protocol may be http://, https://, ftp:// or ftps://'"
}, },
{ {
// should allow https,ftps strings in default values // should allow https,ftps strings in default values
@ -49,7 +49,7 @@ ruleTester.run(ruleId, rule, {
function f(x : string = 'https://www.example.com') {} function f(x : string = 'https://www.example.com') {}
function f(y : string = 'ftps://www.example.com') {} function f(y : string = 'ftps://www.example.com') {}
`, `,
languageOptions: testUtils.tsLanguageOptions, languageOptions: testUtils.tsLanguageOptions
}, },
{ {
// should allow user-provided exceptions matches, regardless of upper/lower-case // should allow user-provided exceptions matches, regardless of upper/lower-case
@ -64,10 +64,10 @@ ruleTester.run(ruleId, rule, {
exceptions: [ exceptions: [
"HTTP://www.allow-example.com/?.*", "HTTP://www.allow-example.com/?.*",
"FtP://www.allow-file-example.com", "FtP://www.allow-file-example.com",
"LdaP://www.allow-ldap-example.com", "LdaP://www.allow-ldap-example.com"
], ]
}, }
], ]
}, },
{ {
// should allow user-provided exceptions for variable name matches, regardless of upper/lower-case // should allow user-provided exceptions for variable name matches, regardless of upper/lower-case
@ -77,9 +77,9 @@ ruleTester.run(ruleId, rule, {
`, `,
options: [ options: [
{ {
varExceptions: ["insecure?.*"], varExceptions: ["insecure?.*"]
}, }
], ]
}, },
{ {
// should allow xml namespaces, as they are not accessed by the browser // should allow xml namespaces, as they are not accessed by the browser
@ -91,22 +91,22 @@ ruleTester.run(ruleId, rule, {
); );
}; };
`, `,
languageOptions: testUtils.tsReactLanguageOptions, languageOptions: testUtils.tsReactLanguageOptions
}, },
{ {
// should allow localhost // should allow localhost
code: ` code: `
var x = "http://localhost/test"; var x = "http://localhost/test";
var y = "http://localhost"; var y = "http://localhost";
`, `
}, },
{ {
// should allow xml namespaces for XHTML and SVG even if outside of jsx xmlns attribute // should allow xml namespaces for XHTML and SVG even if outside of jsx xmlns attribute
code: ` code: `
var x = "http://www.w3.org/1999/xhtml"; var x = "http://www.w3.org/1999/xhtml";
var y = "http://www.w3.org/2000/svg"; var y = "http://www.w3.org/2000/svg";
`, `
}, }
], ],
invalid: [ invalid: [
{ {
@ -127,8 +127,8 @@ ruleTester.run(ruleId, rule, {
{ messageId: "doNotUseInsecureUrl", line: 2 }, { messageId: "doNotUseInsecureUrl", line: 2 },
{ messageId: "doNotUseInsecureUrl", line: 3 }, { messageId: "doNotUseInsecureUrl", line: 3 },
{ messageId: "doNotUseInsecureUrl", line: 4 }, { messageId: "doNotUseInsecureUrl", line: 4 },
{ messageId: "doNotUseInsecureUrl", line: 5 }, { messageId: "doNotUseInsecureUrl", line: 5 }
], ]
}, },
{ {
// should ban http,ftp template strings in variables // should ban http,ftp template strings in variables
@ -148,9 +148,9 @@ ruleTester.run(ruleId, rule, {
{ messageId: "doNotUseInsecureUrl", line: 2 }, { messageId: "doNotUseInsecureUrl", line: 2 },
{ messageId: "doNotUseInsecureUrl", line: 3 }, { messageId: "doNotUseInsecureUrl", line: 3 },
{ messageId: "doNotUseInsecureUrl", line: 4 }, { messageId: "doNotUseInsecureUrl", line: 4 },
{ messageId: "doNotUseInsecureUrl", line: 5 }, { messageId: "doNotUseInsecureUrl", line: 5 }
], ],
languageOptions: testUtils.es6LanguageOptions, languageOptions: testUtils.es6LanguageOptions
}, },
{ {
// should ban http,ftp multipart template strings in variables // should ban http,ftp multipart template strings in variables
@ -164,9 +164,9 @@ ruleTester.run(ruleId, rule, {
`, `,
errors: [ errors: [
{ messageId: "doNotUseInsecureUrl", line: 2 }, { messageId: "doNotUseInsecureUrl", line: 2 },
{ messageId: "doNotUseInsecureUrl", line: 3 }, { messageId: "doNotUseInsecureUrl", line: 3 }
], ],
languageOptions: testUtils.es6LanguageOptions, languageOptions: testUtils.es6LanguageOptions
}, },
{ {
// should ban http,ftp strings in default values // should ban http,ftp strings in default values
@ -180,9 +180,9 @@ ruleTester.run(ruleId, rule, {
`, `,
errors: [ errors: [
{ messageId: "doNotUseInsecureUrl", line: 2 }, { messageId: "doNotUseInsecureUrl", line: 2 },
{ messageId: "doNotUseInsecureUrl", line: 3 }, { messageId: "doNotUseInsecureUrl", line: 3 }
], ],
languageOptions: testUtils.tsLanguageOptions, languageOptions: testUtils.tsLanguageOptions
}, },
{ {
// should ban user-provided blacklist matches, regardless of upper/lower-case // should ban user-provided blacklist matches, regardless of upper/lower-case
@ -202,17 +202,17 @@ ruleTester.run(ruleId, rule, {
{ messageId: "doNotUseInsecureUrl", line: 2 }, { messageId: "doNotUseInsecureUrl", line: 2 },
{ messageId: "doNotUseInsecureUrl", line: 3 }, { messageId: "doNotUseInsecureUrl", line: 3 },
{ messageId: "doNotUseInsecureUrl", line: 4 }, { messageId: "doNotUseInsecureUrl", line: 4 },
{ messageId: "doNotUseInsecureUrl", line: 5 }, { messageId: "doNotUseInsecureUrl", line: 5 }
], ],
options: [ options: [
{ {
blocklist: [ blocklist: [
"htTp://www.ban-example.com/?.*", "htTp://www.ban-example.com/?.*",
"fTp://www.ban-file-example.com/?.*", "fTp://www.ban-file-example.com/?.*",
"lDAp://www.ban-ldap-example.com/?.*", "lDAp://www.ban-ldap-example.com/?.*"
], ]
}, }
], ]
}, },
{ {
// should ban any other xml attribute with urls in them // should ban any other xml attribute with urls in them
@ -233,13 +233,13 @@ ruleTester.run(ruleId, rule, {
}; };
`, `,
errors: [{ messageId: "doNotUseInsecureUrl", line: 4 }], errors: [{ messageId: "doNotUseInsecureUrl", line: 4 }],
languageOptions: testUtils.tsReactLanguageOptions, languageOptions: testUtils.tsReactLanguageOptions
}, },
{ {
// should escape the url string correctly // should escape the url string correctly
code: `var a1 = "http://moz\ti\tlla.org";`, code: `var a1 = "http://moz\ti\tlla.org";`,
output: `var a1 = "https://moz\\ti\\tlla.org";`, output: `var a1 = "https://moz\\ti\\tlla.org";`,
errors: [{ messageId: "doNotUseInsecureUrl", line: 1 }], errors: [{ messageId: "doNotUseInsecureUrl", line: 1 }]
}, },
{ {
// should fix url in `` correctly // should fix url in `` correctly
@ -247,7 +247,7 @@ ruleTester.run(ruleId, rule, {
output: "var x1 = `https://foo${multipartExample} http://${multipartExample}.com`;", output: "var x1 = `https://foo${multipartExample} http://${multipartExample}.com`;",
errors: [{ messageId: "doNotUseInsecureUrl", line: 1 }], errors: [{ messageId: "doNotUseInsecureUrl", line: 1 }],
languageOptions: testUtils.es6LanguageOptions, languageOptions: testUtils.es6LanguageOptions
}, },
{ {
// should escape the string and fix it properly in `` // should escape the string and fix it properly in ``
@ -255,7 +255,7 @@ ruleTester.run(ruleId, rule, {
output: `var a1 = \`https://moz\\ti\\tlla.org\`;`, output: `var a1 = \`https://moz\\ti\\tlla.org\`;`,
errors: [{ messageId: "doNotUseInsecureUrl", line: 1 }], errors: [{ messageId: "doNotUseInsecureUrl", line: 1 }],
languageOptions: testUtils.es6LanguageOptions, languageOptions: testUtils.es6LanguageOptions
}, }
], ]
}); });

6
tests/lib/rules/no-msapp-exec-unsafe.js
Просмотреть файл

@ -13,7 +13,7 @@ ruleTester.run(ruleId, rule, {
invalid: [ invalid: [
{ {
code: "MSApp.execUnsafeLocalFunction(testfunc)", code: "MSApp.execUnsafeLocalFunction(testfunc)",
errors: [{ messageId: "default", line: 1, type: "CallExpression" }], errors: [{ messageId: "default", line: 1, type: "CallExpression" }]
}, }
], ]
}); });

16
tests/lib/rules/no-postmessage-star-origin.js
Просмотреть файл

@ -27,8 +27,8 @@ function main() {
var w: WindowLike = new WindowLike(); var w: WindowLike = new WindowLike();
w.postMessage('test', '*'); w.postMessage('test', '*');
} }
`, `
}, }
], ],
invalid: [ invalid: [
{ {
@ -38,8 +38,8 @@ function main() {
`, `,
errors: [ errors: [
{ messageId: "default", line: 2 }, { messageId: "default", line: 2 },
{ messageId: "default", line: 3 }, { messageId: "default", line: 3 }
], ]
}, },
{ {
languageOptions: testUtils.tsLanguageOptions, languageOptions: testUtils.tsLanguageOptions,
@ -50,8 +50,8 @@ function main() {
`, `,
errors: [ errors: [
{ messageId: "default", line: 2 }, { messageId: "default", line: 2 },
{ messageId: "default", line: 4 }, { messageId: "default", line: 4 }
], ]
}, }
], ]
}); });

8
tests/lib/rules/no-unsafe-alloc.js
Просмотреть файл

@ -18,8 +18,8 @@ ruleTester.run(ruleId, rule, {
`, `,
errors: [ errors: [
{ messageId: "default", line: 2 }, { messageId: "default", line: 2 },
{ messageId: "default", line: 3 }, { messageId: "default", line: 3 }
], ]
}, }
], ]
}); });

8
tests/lib/rules/no-winjs-html-unsafe.js
Просмотреть файл

@ -20,8 +20,8 @@ ruleTester.run(ruleId, rule, {
errors: [ errors: [
{ messageId: "default", line: 2, type: "CallExpression" }, { messageId: "default", line: 2, type: "CallExpression" },
{ messageId: "default", line: 3, type: "CallExpression" }, { messageId: "default", line: 3, type: "CallExpression" },
{ messageId: "default", line: 4, type: "CallExpression" }, { messageId: "default", line: 4, type: "CallExpression" }
], ]
}, }
], ]
}); });

36
tests/lib/rules/react-iframe-missing-sandbox.js поставляемый
Просмотреть файл

@ -14,10 +14,10 @@ var ruleTester = new RuleTester({
ecmaVersion: 2018, ecmaVersion: 2018,
sourceType: "module", sourceType: "module",
ecmaFeatures: { ecmaFeatures: {
jsx: true, jsx: true
}, }
}, }
}, }
}); });
ruleTester.run(ruleId, rule, { ruleTester.run(ruleId, rule, {
@ -38,48 +38,48 @@ ruleTester.run(ruleId, rule, {
{ code: '<iframe sandbox="allow-scripts"></iframe>' }, { code: '<iframe sandbox="allow-scripts"></iframe>' },
{ code: '<iframe sandbox="allow-top-navigation"></iframe>' }, { code: '<iframe sandbox="allow-top-navigation"></iframe>' },
{ {
code: '<iframe sandbox="allow-top-navigation-by-user-activation"></iframe>', code: '<iframe sandbox="allow-top-navigation-by-user-activation"></iframe>'
}, },
{ code: '<iframe sandbox="allow-forms allow-modals"></iframe>' }, { code: '<iframe sandbox="allow-forms allow-modals"></iframe>' },
{ {
code: '<iframe sandbox="allow-popups allow-popups-to-escape-sandbox allow-pointer-lock allow-same-origin allow-top-navigation"></iframe>', code: '<iframe sandbox="allow-popups allow-popups-to-escape-sandbox allow-pointer-lock allow-same-origin allow-top-navigation"></iframe>'
}, }
], ],
invalid: [ invalid: [
{ {
code: "<iframe></iframe>;", code: "<iframe></iframe>;",
errors: [{ messageId: "attributeMissing" }], errors: [{ messageId: "attributeMissing" }]
}, },
{ {
code: "<iframe/>;", code: "<iframe/>;",
errors: [{ messageId: "attributeMissing" }], errors: [{ messageId: "attributeMissing" }]
}, },
{ {
code: '<iframe sandbox="__unknown__"></iframe>', code: '<iframe sandbox="__unknown__"></iframe>',
errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }], errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }]
}, },
{ {
code: '<iframe sandbox="allow-popups __unknown__"/>', code: '<iframe sandbox="allow-popups __unknown__"/>',
errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }], errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }]
}, },
{ {
code: '<iframe sandbox="__unknown__ allow-popups"/>', code: '<iframe sandbox="__unknown__ allow-popups"/>',
errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }], errors: [{ messageId: "invalidValue", data: { value: "__unknown__" } }]
}, },
{ {
code: '<iframe sandbox=" allow-forms __unknown__ allow-popups __unknown__ "/>', code: '<iframe sandbox=" allow-forms __unknown__ allow-popups __unknown__ "/>',
errors: [ errors: [
{ messageId: "invalidValue", data: { value: "__unknown__" } }, { messageId: "invalidValue", data: { value: "__unknown__" } },
{ messageId: "invalidValue", data: { value: "__unknown__" } }, { messageId: "invalidValue", data: { value: "__unknown__" } }
], ]
}, },
{ {
code: '<iframe sandbox="allow-scripts allow-same-origin"></iframe>;', code: '<iframe sandbox="allow-scripts allow-same-origin"></iframe>;',
errors: [{ messageId: "invalidCombination" }], errors: [{ messageId: "invalidCombination" }]
}, },
{ {
code: '<iframe sandbox="allow-same-origin allow-scripts"/>;', code: '<iframe sandbox="allow-same-origin allow-scripts"/>;',
errors: [{ messageId: "invalidCombination" }], errors: [{ messageId: "invalidCombination" }]
}, }
], ]
}); });

16
tests/lib/test-utils.js
Просмотреть файл

@ -14,15 +14,15 @@ module.exports = {
es6LanguageOptions: { es6LanguageOptions: {
parserOptions: { parserOptions: {
ecmaVersion: 6, ecmaVersion: 6,
sourceType: "module", sourceType: "module"
}, }
}, },
tsLanguageOptions: { tsLanguageOptions: {
parser: tsParser, parser: tsParser,
parserOptions: { parserOptions: {
tsconfigRootDir: path.join(__dirname, "..", "fixtures", "ts"), tsconfigRootDir: path.join(__dirname, "..", "fixtures", "ts"),
projectService: true, projectService: true
}, }
}, },
tsReactLanguageOptions: { tsReactLanguageOptions: {
parser: tsParser, parser: tsParser,
@ -30,8 +30,8 @@ module.exports = {
tsconfigRootDir: path.join(__dirname, "..", "fixtures", "tsx"), tsconfigRootDir: path.join(__dirname, "..", "fixtures", "tsx"),
projectService: true, projectService: true,
ecmaFeatures: { ecmaFeatures: {
jsx: true, jsx: true
}, }
}, }
}, }
}; };