Merge branch 'main' into dev/vflouirac/updateconfig

This commit is contained in:
Vflouirac 2022-03-29 15:22:50 +02:00 коммит произвёл GitHub
Родитель a4fc817624 f303381f23
Коммит fba07c47fb
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
10 изменённых файлов: 50 добавлений и 41 удалений

10
.github/workflows/E2E integration.yml поставляемый
Просмотреть файл

@ -10,9 +10,9 @@ on:
branches: [main, release/vNext]
env:
PROJECT: discordjs # The name of the project you want to clone. It must be on github
REPOSITORY: discord.js # The repository name
FOLDER_TO_SCAN: src # The folder under which the source code you have is contained. Relative to the repository
PROJECT: nodejs # The name of the project you want to clone. It must be on github
REPOSITORY: node # The repository name
FOLDER_TO_SCAN: lib # The folder under which the source code you have is contained. Relative to the repository
TS_CONFIG_PATH: tsconfig.json # The tsconfig.json path relative to the repository
jobs:
@ -22,7 +22,7 @@ jobs:
strategy:
matrix:
os: [ubuntu-18.04, windows-2019]
os: [ubuntu-latest, windows-latest]
steps:
- name: Setup Node.js environment
@ -70,7 +70,7 @@ jobs:
- name: Run eslint
run: npx eslint
-c node_modules/@microsoft/eslint-plugin-sdl/config/recommended.js
-c node_modules/@microsoft/eslint-plugin-sdl/config/required.js
../${{env.PROJECT}}/${{env.FOLDER_TO_SCAN}}/
--ext .js
--parser-options=project:../${{env.PROJECT}}/${{env.TS_CONFIG_PATH}}

Просмотреть файл

@ -16,8 +16,8 @@ jobs:
strategy:
matrix:
os: [ubuntu-20.04, ubuntu-18.04, windows-2019, macos-10.15]
node-version: [12.x, 14.x]
os: [ubuntu-latest, windows-latest]
node-version: [12.x, 14.x, 16.x]
steps:
- uses: actions/checkout@v2

11
config/react.js поставляемый
Просмотреть файл

@ -14,6 +14,15 @@ module.exports = {
],
rules: {
"react/no-danger": "error",
"@microsoft/sdl/react-iframe-missing-sandbox": "error"
"@microsoft/sdl/react-iframe-missing-sandbox": "error",
"react/jsx-no-target-blank": ["error",
{
allowReferrer: false,
enforceDynamicLinks: 'always',
warnOnSpreadAttributes: true,
links: true,
forms: true
}
]
}
}

Просмотреть файл

@ -28,23 +28,18 @@ module.exports = {
getFullTypeChecker(context) {
return this.hasFullTypeInformation(context) ? context.parserServices.program.getTypeChecker() : null;
},
getNodeType(node, context) {
const typeChecker = context.parserServices.program.getTypeChecker();
const tsNode = context.parserServices.esTreeNodeToTSNodeMap.get(node);
const tsType = typeChecker.getTypeAtLocation(tsNode);
return typeChecker.typeToString(tsType);
},
getCallerType(fullTypeChecker, object, context){
const tsNode = context.parserServices.esTreeNodeToTSNodeMap.get(object);
const tsType = fullTypeChecker.getTypeAtLocation(tsNode);
const type = fullTypeChecker.typeToString(tsType);
return type;
getNodeTypeAsString(fullTypeChecker, node, context) {
if (fullTypeChecker && node) {
const tsNode = context.parserServices.esTreeNodeToTSNodeMap.get(node);
const tsType = fullTypeChecker.getTypeAtLocation(tsNode);
const type = fullTypeChecker.typeToString(tsType);
return type;
}
return "any";
},
isDocumentObject(node, context, fullTypeChecker) {
if (fullTypeChecker) {
const tsNode = context.parserServices.esTreeNodeToTSNodeMap.get(node);
const tsType = fullTypeChecker.getTypeAtLocation(tsNode);
const type = fullTypeChecker.typeToString(tsType);
const type = this.getNodeTypeAsString(fullTypeChecker, node, context);
return (type === "Document");
}
@ -58,7 +53,8 @@ module.exports = {
node.property != undefined &&
node.property.name == "document" && (
(node.object != undefined &&
node.object.name == "window") ||
typeof node.object.name === "string" &&
node.object.name.toLowerCase().endsWith('window')) ||
(
node.object != undefined &&
node.object.property != undefined &&

Просмотреть файл

@ -30,19 +30,9 @@ module.exports = {
create: function (context) {
const fullTypeChecker = astUtils.getFullTypeChecker(context);
function getNodeTypeAsString(node) {
if (fullTypeChecker && node) {
const tsNode = context.parserServices.esTreeNodeToTSNodeMap.get(node);
const tsType = fullTypeChecker.getTypeAtLocation(tsNode);
const type = fullTypeChecker.typeToString(tsType);
return type;
}
return "any";
}
function mightBeHTMLElement(node) {
const type = getNodeTypeAsString(node);
return type === "HTMLElement" || type === "any";
const type = astUtils.getNodeTypeAsString(fullTypeChecker, node, context);
return type.match(/HTML.*Element/) || type === "any";
}
return {

Просмотреть файл

@ -47,7 +47,7 @@ module.exports = {
var notFalsePositive = false;
if (fullTypeChecker) {
const type = astUtils.getCallerType(fullTypeChecker, node.object, context);
const type = astUtils.getNodeTypeAsString(fullTypeChecker, node.object, context);
notFalsePositive = type === "any" || type === "Crypto";
}else{
notFalsePositive = node.object.name === 'crypto';
@ -63,7 +63,7 @@ module.exports = {
"CallExpression > MemberExpression[property.name='random']"(node) {
var notFalsePositive = false;
if (fullTypeChecker) {
const type = astUtils.getCallerType(fullTypeChecker, node.object, context);
const type = astUtils.getNodeTypeAsString(fullTypeChecker, node.object, context);
notFalsePositive = type === "any" || type === "Math";
}else{
notFalsePositive = node.object.name === 'Math';

Просмотреть файл

@ -1,6 +1,6 @@
{
"name": "@microsoft/eslint-plugin-sdl",
"version": "0.1.8",
"version": "0.1.9",
"description": "ESLint plugin focused on common security issues and misconfigurations discoverable during static testing as part of Microsoft Security Development Lifecycle (SDL)",
"keywords": [
"eslint",
@ -19,6 +19,11 @@
"scripts": {
"test": "mocha tests --recursive"
},
"dependencies": {
"eslint-plugin-node": "11.1.0",
"eslint-plugin-security": "1.4.0",
"eslint-plugin-react": "7.24.0"
},
"devDependencies": {
"@typescript-eslint/eslint-plugin": "^3.7.0",
"@typescript-eslint/parser": "^3.7.0",

Просмотреть файл

@ -47,6 +47,7 @@ function main() {
var somevalue = 'somevalue';
document.domain = somevalue;
window.document.domain = somevalue;
newWindow.document.domain = somevalue;
`,
errors: [
{
@ -56,6 +57,10 @@ window.document.domain = somevalue;
{
line: 4,
messageId: "default"
},
{
line: 5,
messageId: "default"
}
]
}

Просмотреть файл

@ -74,12 +74,16 @@ ruleTester.run(ruleId, rule, {
document.writeln('...');
window.document.write('...');
window.document.writeln('...');
newWindow.document.write('...');
newWindow.document.writeln('...');
`,
errors: [
{ messageId: "default", line: 2 },
{ messageId: "default", line: 3 },
{ messageId: "default", line: 4 },
{ messageId: "default", line: 5 }
{ messageId: "default", line: 5 },
{ messageId: "default", line: 6 },
{ messageId: "default", line: 7 }
]
}
]