npm - @lipemat/eslint-config - Versions diffs - 4.0.4 → 5.0.0-beta.2 - Mend

@lipemat/eslint-config 4.0.4 → 5.0.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/helpers/config.js +11 -11
package/index.js +111 -115
package/package.json +22 -7
package/plugins/security/index.js +51 -0
package/plugins/security/rules/dangerously-set-inner-html.js +62 -0
package/plugins/security/rules/html-executing-assignment.js +67 -0
package/plugins/security/rules/html-executing-function.js +129 -0
package/plugins/security/rules/html-sinks.js +128 -0
package/plugins/security/rules/html-string-concat.js +58 -0
package/plugins/security/rules/jquery-executing.js +105 -0
package/plugins/security/rules/vulnerable-tag-stripping.js +76 -0
package/plugins/security/rules/window-escaping.js +213 -0
package/plugins/security/utils/shared.js +47 -0
package/types/helpers/config.d.ts +22 -0
package/types/index.d.ts +3 -0
package/types/plugins/security/index.d.ts +8 -0
package/types/plugins/security/rules/dangerously-set-inner-html.d.ts +3 -0
package/types/plugins/security/rules/html-executing-assignment.d.ts +4 -0
package/types/plugins/security/rules/html-executing-function.d.ts +6 -0
package/types/plugins/security/rules/html-sinks.d.ts +4 -0
package/types/plugins/security/rules/html-string-concat.d.ts +3 -0
package/types/plugins/security/rules/jquery-executing.d.ts +17 -0
package/types/plugins/security/rules/vulnerable-tag-stripping.d.ts +4 -0
package/types/plugins/security/rules/window-escaping.d.ts +5 -0
package/types/plugins/security/utils/shared.d.ts +21 -0

package/types/plugins/security/rules/html-executing-function.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { type TSESLint } from '@typescript-eslint/utils';
+type HtmlExecutingFunctions = 'document.write' | 'document.writeln';
+type UnsafeCalls = 'after' | 'append' | 'before' | 'insertAdjacentHTML' | 'prepend' | 'replaceWith' | 'setAttribute';
+type Messages = HtmlExecutingFunctions | UnsafeCalls | 'sanitize' | 'domPurify';
+declare const plugin: TSESLint.RuleModule<Messages>;
+export default plugin;

package/types/plugins/security/rules/html-sinks.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { type TSESLint } from '@typescript-eslint/utils';
+type Messages = 'setTimeoutString' | 'setIntervalString' | 'windowOpenUnsanitized' | 'cssTextUnsanitized' | 'sanitize' | 'domPurify';
+declare const plugin: TSESLint.RuleModule<Messages>;
+export default plugin;

package/types/plugins/security/rules/html-string-concat.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { type TSESLint } from '@typescript-eslint/utils';
+declare const plugin: TSESLint.RuleModule<'htmlStringConcat'>;
+export default plugin;

package/types/plugins/security/rules/jquery-executing.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { type TSESLint, type TSESTree } from '@typescript-eslint/utils';
+type UnsafeCalls = 'after' | 'append' | 'appendTo' | 'before' | 'html' | 'insertAfter' | 'insertBefore' | 'prepend' | 'prependTo' | 'replaceAll' | 'replaceWith';
+type Messages = 'needsEscaping' | 'sanitize' | 'domPurify';
+type Context = TSESLint.RuleContext<Messages, []>;
+/**
+ * Is the type of variable being passed a jQuery element?
+ *
+ * - jQuery elements are of type `JQuery`.
+ * - jQuery elements do not require sanitization.
+ *
+ * @link https://typescript-eslint.io/developers/custom-rules/#typed-rules
+ */
+export declare function isJQueryElementType(arg: TSESTree.CallExpressionArgument, context: Context): boolean;
+export declare function isJQueryCall(node: TSESTree.CallExpression): boolean;
+export declare function getJQueryCall(node: TSESTree.CallExpression): UnsafeCalls | null;
+declare const plugin: TSESLint.RuleModule<Messages>;
+export default plugin;

package/types/plugins/security/rules/vulnerable-tag-stripping.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { type TSESLint } from '@typescript-eslint/utils';
+type Messages = 'vulnerableTagStripping' | 'useTextOnly';
+declare const plugin: TSESLint.RuleModule<Messages>;
+export default plugin;

package/types/plugins/security/rules/window-escaping.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { type TSESLint } from '@typescript-eslint/utils';
+type Messages = 'unsafeWindow' | 'unsafeRead' | 'unsafeWindowLocation' | 'domPurify' | 'sanitize';
+export declare function isSafeUrlString(value: string): boolean;
+declare const plugin: TSESLint.RuleModule<Messages>;
+export default plugin;

package/types/plugins/security/utils/shared.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import { type TSESLint, type TSESTree } from '@typescript-eslint/utils';
+import { type Type } from 'typescript';
+export declare function isStringLike(node: TSESTree.CallExpressionArgument, context: Readonly<TSESLint.RuleContext<string, readonly []>>): boolean;
+/**
+ * Get the TypeScript type of node.
+ */
+export declare function getType<Context extends Readonly<TSESLint.RuleContext<string, readonly []>>>(arg: TSESTree.CallExpressionArgument, context: Context): Type;
+/**
+ * Is the type of variable being passed a DOM element?
+ *
+ * - DOM elements are of the type `HTML{*}Element`.
+ * - DOM elements do not require sanitization.
+ *
+ * @link https://typescript-eslint.io/developers/custom-rules/#typed-rules
+ */
+export declare function isDomElementType<Context extends Readonly<TSESLint.RuleContext<string, readonly []>>>(arg: TSESTree.CallExpressionArgument, context: Context): boolean;
+/**
+ * Check if a node is a call to a known sanitization function.
+ * - Currently recognizes `sanitize(...)` and `DOMPurify.sanitize(...)`.
+ */
+export declare function isSanitized(node: TSESTree.Property['value'] | TSESTree.CallExpressionArgument): boolean;