@reliabilityworks/ruleset-astro 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +4 -0
- package/rules.json +26 -0
package/package.json
ADDED
package/rules.json
ADDED
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
[
|
|
2
|
+
{
|
|
3
|
+
"id": "astro/set-html",
|
|
4
|
+
"severity": "medium",
|
|
5
|
+
"title": "Raw HTML rendering via set:html",
|
|
6
|
+
"description": "Astro's set:html renders raw HTML into the page. If the value is derived from user input, it can enable XSS unless sanitized.",
|
|
7
|
+
"matcher": {
|
|
8
|
+
"type": "regex",
|
|
9
|
+
"fileGlobs": ["**/*.astro"],
|
|
10
|
+
"pattern": "\\bset:html\\s*=",
|
|
11
|
+
"message": "set:html renders raw HTML; ensure the content is sanitized"
|
|
12
|
+
}
|
|
13
|
+
},
|
|
14
|
+
{
|
|
15
|
+
"id": "astro/inline-script",
|
|
16
|
+
"severity": "low",
|
|
17
|
+
"title": "Inline script usage",
|
|
18
|
+
"description": "Inline scripts can increase XSS risk and complicate CSP. Prefer external scripts and a strict Content Security Policy.",
|
|
19
|
+
"matcher": {
|
|
20
|
+
"type": "regex",
|
|
21
|
+
"fileGlobs": ["**/*.astro"],
|
|
22
|
+
"pattern": "\\bis:inline\\b",
|
|
23
|
+
"message": "Inline script detected; prefer external scripts and CSP"
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
]
|