eslint-plugin-sdl-2 1.0.4

package/dist/rules/no-message-event-without-origin-check.js

@@ -0,0 +1,183 @@
+import { keyIn, objectEntries } from "ts-extras";
+import { createRule } from "../_internal/create-rule.js";
+import { getMemberPropertyName, getPropertyName, getStaticStringValue, } from "../_internal/estree-utils.js";
+const isFunctionExpression = (expression) => expression.type === "ArrowFunctionExpression" ||
+    expression.type === "FunctionExpression";
+const hasMessageEventGuardKeywords = (callbackText) => /\b(?:allowlist|origin|trusted|validate|verify|whitelist)\b/iu.test(callbackText);
+const toNode = (value) => {
+    if (typeof value !== "object" || value === null) {
+        return undefined;
+    }
+    const recordValue = value;
+    if (!keyIn(recordValue, "type") ||
+        typeof recordValue["type"] !== "string") {
+        return undefined;
+    }
+    return recordValue;
+};
+const someDescendantNode = (node, predicate) => {
+    if (predicate(node)) {
+        return true;
+    }
+    for (const [propertyName, propertyValue] of objectEntries(node)) {
+        if (propertyName === "parent") {
+            continue;
+        }
+        if (Array.isArray(propertyValue)) {
+            for (const element of propertyValue) {
+                const childNode = toNode(element);
+                if (childNode !== undefined &&
+                    someDescendantNode(childNode, predicate)) {
+                    return true;
+                }
+            }
+            continue;
+        }
+        const childNode = toNode(propertyValue);
+        if (childNode !== undefined &&
+            someDescendantNode(childNode, predicate)) {
+            return true;
+        }
+    }
+    return false;
+};
+const isIdentifierNamed = (node, identifierName) => node.type === "Identifier" && node.name === identifierName;
+const isStaticPropertyMatch = (memberExpression, objectName, propertyName) => isIdentifierNamed(memberExpression.object, objectName) &&
+    getMemberPropertyName(memberExpression) === propertyName;
+const patternContainsProperty = (pattern, propertyName) => pattern.properties.some((propertyNode) => {
+    if (propertyNode.type !== "Property") {
+        return false;
+    }
+    return getPropertyName(propertyNode) === propertyName;
+});
+const containsObjectDestructureFromIdentifier = (rootNode, sourceName, propertyName) => someDescendantNode(rootNode, (node) => {
+    if (node.type === "VariableDeclarator") {
+        return (node.id.type === "ObjectPattern" &&
+            node.init !== null &&
+            isIdentifierNamed(node.init, sourceName) &&
+            patternContainsProperty(node.id, propertyName));
+    }
+    if (node.type !== "AssignmentExpression") {
+        return false;
+    }
+    return (node.left.type === "ObjectPattern" &&
+        isIdentifierNamed(node.right, sourceName) &&
+        patternContainsProperty(node.left, propertyName));
+});
+const containsMemberPropertyAccess = (rootNode, objectName, propertyName) => someDescendantNode(rootNode, (node) => node.type === "MemberExpression"
+    ? isStaticPropertyMatch(node, objectName, propertyName)
+    : false);
+const hasObjectPatternProperty = (objectPattern, propertyName) => objectPattern.properties.some((propertyNode) => {
+    if (propertyNode.type !== "Property") {
+        return false;
+    }
+    return getPropertyName(propertyNode) === propertyName;
+});
+const callbackUsesMessageData = (callbackNode, eventParameterName) => containsMemberPropertyAccess(callbackNode.body, eventParameterName, "data") ||
+    containsObjectDestructureFromIdentifier(callbackNode.body, eventParameterName, "data");
+const callbackHasOriginValidation = (callbackNode, context, eventParameterName) => {
+    const callbackSourceText = context.sourceCode.getText(callbackNode);
+    return (containsMemberPropertyAccess(callbackNode.body, eventParameterName, "origin") ||
+        containsObjectDestructureFromIdentifier(callbackNode.body, eventParameterName, "origin") ||
+        hasMessageEventGuardKeywords(callbackSourceText));
+};
+const reportsIdentifierCallback = (callbackNode, context, eventParameter) => callbackUsesMessageData(callbackNode, eventParameter.name) &&
+    !callbackHasOriginValidation(callbackNode, context, eventParameter.name);
+const reportsObjectPatternCallback = (callbackNode, context, eventParameter) => {
+    if (!hasObjectPatternProperty(eventParameter, "data")) {
+        return false;
+    }
+    if (hasObjectPatternProperty(eventParameter, "origin")) {
+        return false;
+    }
+    return !hasMessageEventGuardKeywords(context.sourceCode.getText(callbackNode));
+};
+const shouldReportMessageEventCallback = (callbackNode, context) => {
+    const [firstParameter] = callbackNode.params;
+    if (firstParameter === undefined || firstParameter.type === "RestElement") {
+        return false;
+    }
+    if (firstParameter.type === "Identifier") {
+        return reportsIdentifierCallback(callbackNode, context, firstParameter);
+    }
+    if (firstParameter.type === "ObjectPattern") {
+        return reportsObjectPatternCallback(callbackNode, context, firstParameter);
+    }
+    return false;
+};
+const isMessageEventListenerCall = (node) => {
+    if (node.callee.type !== "MemberExpression") {
+        return false;
+    }
+    if (getMemberPropertyName(node.callee) !== "addEventListener") {
+        return false;
+    }
+    const [firstArgument] = node.arguments;
+    return (firstArgument !== undefined &&
+        firstArgument.type !== "SpreadElement" &&
+        getStaticStringValue(firstArgument) === "message");
+};
+const isOnMessageAssignment = (node) => node.operator === "=" &&
+    node.left.type === "MemberExpression" &&
+    getMemberPropertyName(node.left) === "onmessage";
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        return {
+            AssignmentExpression(node) {
+                if (!isOnMessageAssignment(node)) {
+                    return;
+                }
+                if (!isFunctionExpression(node.right)) {
+                    return;
+                }
+                if (!shouldReportMessageEventCallback(node.right, context)) {
+                    return;
+                }
+                context.report({
+                    messageId: "default",
+                    node: node.right,
+                });
+            },
+            CallExpression(node) {
+                if (!isMessageEventListenerCall(node)) {
+                    return;
+                }
+                const [, secondArgument] = node.arguments;
+                if (secondArgument === undefined ||
+                    secondArgument.type === "SpreadElement") {
+                    return;
+                }
+                if (!isFunctionExpression(secondArgument)) {
+                    return;
+                }
+                if (!shouldReportMessageEventCallback(secondArgument, context)) {
+                    return;
+                }
+                context.report({
+                    messageId: "default",
+                    node: secondArgument,
+                });
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow MessageEvent handlers that consume event data without validating event.origin.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-message-event-without-origin-check",
+        },
+        messages: {
+            default: "Validate MessageEvent.origin before consuming data from received message events.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-message-event-without-origin-check",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-message-event-without-origin-check.js.map

package/dist/rules/no-message-event-without-origin-check.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-message-event-without-origin-check.js","sourceRoot":"","sources":["../../src/rules/no-message-event-without-origin-check.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAEjD,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EACH,qBAAqB,EACrB,eAAe,EACf,oBAAoB,GACvB,MAAM,8BAA8B,CAAC;AAStC,MAAM,oBAAoB,GAAG,CACzB,UAAmC,EACL,EAAE,CAChC,UAAU,CAAC,IAAI,KAAK,yBAAyB;IAC7C,UAAU,CAAC,IAAI,KAAK,oBAAoB,CAAC;AAE7C,MAAM,4BAA4B,GAAG,CAAC,YAAoB,EAAW,EAAE,CACnE,8DAA8D,CAAC,IAAI,CAC/D,YAAY,CACf,CAAC;AAEN,MAAM,MAAM,GAAG,CAAC,KAAc,EAAuC,EAAE;IACnE,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QAC9C,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,MAAM,WAAW,GAAG,KAAsB,CAAC;IAE3C,IACI,CAAC,KAAK,CAAC,WAAW,EAAE,MAAM,CAAC;QAC3B,OAAO,WAAW,CAAC,MAAM,CAAC,KAAK,QAAQ,EACzC,CAAC;QACC,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,OAAO,WAAiD,CAAC;AAC7D,CAAC,CAAC;AAEF,MAAM,kBAAkB,GAAG,CACvB,IAA6B,EAC7B,SAAqD,EAC9C,EAAE;IACT,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,KAAK,MAAM,CAAC,YAAY,EAAE,aAAa,CAAC,IAAI,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9D,IAAI,YAAY,KAAK,QAAQ,EAAE,CAAC;YAC5B,SAAS;QACb,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;YAC/B,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;gBAClC,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;gBAElC,IACI,SAAS,KAAK,SAAS;oBACvB,kBAAkB,CAAC,SAAS,EAAE,SAAS,CAAC,EAC1C,CAAC;oBACC,OAAO,IAAI,CAAC;gBAChB,CAAC;YACL,CAAC;YAED,SAAS;QACb,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC;QAExC,IACI,SAAS,KAAK,SAAS;YACvB,kBAAkB,CAAC,SAAS,EAAE,SAAS,CAAC,EAC1C,CAAC;YACC,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAED,OAAO,KAAK,CAAC;AACjB,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACtB,IAA6B,EAC7B,cAAsB,EACK,EAAE,CAC7B,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC;AAE/D,MAAM,qBAAqB,GAAG,CAC1B,gBAAqD,EACrD,UAAkB,EAClB,YAAoB,EACb,EAAE,CACT,iBAAiB,CAAC,gBAAgB,CAAC,MAAM,EAAE,UAAU,CAAC;IACtD,qBAAqB,CAAC,gBAAgB,CAAC,KAAK,YAAY,CAAC;AAE7D,MAAM,uBAAuB,GAAG,CAC5B,OAAyC,EACzC,YAAoB,EACb,EAAE,CACT,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE;IACrC,IAAI,YAAY,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACnC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,eAAe,CAAC,YAAY,CAAC,KAAK,YAAY,CAAC;AAC1D,CAAC,CAAC,CAAC;AAEP,MAAM,uCAAuC,GAAG,CAC5C,QAAiC,EACjC,UAAkB,EAClB,YAAoB,EACb,EAAE,CACT,kBAAkB,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,EAAE;IAClC,IAAI,IAAI,CAAC,IAAI,KAAK,oBAAoB,EAAE,CAAC;QACrC,OAAO,CACH,IAAI,CAAC,EAAE,CAAC,IAAI,KAAK,eAAe;YAChC,IAAI,CAAC,IAAI,KAAK,IAAI;YAClB,iBAAiB,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC;YACxC,uBAAuB,CAAC,IAAI,CAAC,EAAE,EAAE,YAAY,CAAC,CACjD,CAAC;IACN,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;QACvC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,CACH,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,eAAe;QAClC,iBAAiB,CAAC,IAAI,CAAC,KAAK,EAAE,UAAU,CAAC;QACzC,uBAAuB,CAAC,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC,CACnD,CAAC;AACN,CAAC,CAAC,CAAC;AAEP,MAAM,4BAA4B,GAAG,CACjC,QAAiC,EACjC,UAAkB,EAClB,YAAoB,EACb,EAAE,CACT,kBAAkB,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,EAAE,CAClC,IAAI,CAAC,IAAI,KAAK,kBAAkB;IAC5B,CAAC,CAAC,qBAAqB,CAAC,IAAI,EAAE,UAAU,EAAE,YAAY,CAAC;IACvD,CAAC,CAAC,KAAK,CACd,CAAC;AAEN,MAAM,wBAAwB,GAAG,CAC7B,aAAqC,EACrC,YAAoB,EACb,EAAE,CACT,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE;IAC3C,IAAI,YAAY,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACnC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,eAAe,CAAC,YAAY,CAAC,KAAK,YAAY,CAAC;AAC1D,CAAC,CAAC,CAAC;AAEP,MAAM,uBAAuB,GAAG,CAC5B,YAA8B,EAC9B,kBAA0B,EACnB,EAAE,CACT,4BAA4B,CACxB,YAAY,CAAC,IAAI,EACjB,kBAAkB,EAClB,MAAM,CACT;IACD,uCAAuC,CACnC,YAAY,CAAC,IAAI,EACjB,kBAAkB,EAClB,MAAM,CACT,CAAC;AAEN,MAAM,2BAA2B,GAAG,CAChC,YAA8B,EAC9B,OAAoB,EACpB,kBAA0B,EACnB,EAAE;IACT,MAAM,kBAAkB,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAEpE,OAAO,CACH,4BAA4B,CACxB,YAAY,CAAC,IAAI,EACjB,kBAAkB,EAClB,QAAQ,CACX;QACD,uCAAuC,CACnC,YAAY,CAAC,IAAI,EACjB,kBAAkB,EAClB,QAAQ,CACX;QACD,4BAA4B,CAAC,kBAAkB,CAAC,CACnD,CAAC;AACN,CAAC,CAAC;AAEF,MAAM,yBAAyB,GAAG,CAC9B,YAA8B,EAC9B,OAAoB,EACpB,cAAmC,EAC5B,EAAE,CACT,uBAAuB,CAAC,YAAY,EAAE,cAAc,CAAC,IAAI,CAAC;IAC1D,CAAC,2BAA2B,CAAC,YAAY,EAAE,OAAO,EAAE,cAAc,CAAC,IAAI,CAAC,CAAC;AAE7E,MAAM,4BAA4B,GAAG,CACjC,YAA8B,EAC9B,OAAoB,EACpB,cAAsC,EAC/B,EAAE;IACT,IAAI,CAAC,wBAAwB,CAAC,cAAc,EAAE,MAAM,CAAC,EAAE,CAAC;QACpD,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,wBAAwB,CAAC,cAAc,EAAE,QAAQ,CAAC,EAAE,CAAC;QACrD,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,CAAC,4BAA4B,CAChC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,YAAY,CAAC,CAC3C,CAAC;AACN,CAAC,CAAC;AAEF,MAAM,gCAAgC,GAAG,CACrC,YAA8B,EAC9B,OAAoB,EACb,EAAE;IACT,MAAM,CAAC,cAAc,CAAC,GAAG,YAAY,CAAC,MAAM,CAAC;IAE7C,IAAI,cAAc,KAAK,SAAS,IAAI,cAAc,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QACxE,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,cAAc,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QACvC,OAAO,yBAAyB,CAAC,YAAY,EAAE,OAAO,EAAE,cAAc,CAAC,CAAC;IAC5E,CAAC;IAED,IAAI,cAAc,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QAC1C,OAAO,4BAA4B,CAC/B,YAAY,EACZ,OAAO,EACP,cAAc,CACjB,CAAC;IACN,CAAC;IAED,OAAO,KAAK,CAAC;AACjB,CAAC,CAAC;AAEF,MAAM,0BAA0B,GAAG,CAAC,IAA6B,EAAW,EAAE;IAC1E,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QAC1C,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,kBAAkB,EAAE,CAAC;QAC5D,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,MAAM,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;IAEvC,OAAO,CACH,aAAa,KAAK,SAAS;QAC3B,aAAa,CAAC,IAAI,KAAK,eAAe;QACtC,oBAAoB,CAAC,aAAa,CAAC,KAAK,SAAS,CACpD,CAAC;AACN,CAAC,CAAC;AAEF,MAAM,qBAAqB,GAAG,CAAC,IAAmC,EAAW,EAAE,CAC3E,IAAI,CAAC,QAAQ,KAAK,GAAG;IACrB,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB;IACrC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,WAAW,CAAC;AAErD,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAwB;IAC1E,MAAM,CAAC,OAAO;QACV,OAAO;YACH,oBAAoB,CAAC,IAAmC;gBACpD,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC/B,OAAO;gBACX,CAAC;gBAED,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;oBACpC,OAAO;gBACX,CAAC;gBAED,IAAI,CAAC,gCAAgC,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE,CAAC;oBACzD,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,IAAI,CAAC,KAAK;iBACnB,CAAC,CAAC;YACP,CAAC;YACD,cAAc,CAAC,IAA6B;gBACxC,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,EAAE,CAAC;oBACpC,OAAO;gBACX,CAAC;gBAED,MAAM,CAAC,EAAE,cAAc,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;gBAE1C,IACI,cAAc,KAAK,SAAS;oBAC5B,cAAc,CAAC,IAAI,KAAK,eAAe,EACzC,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,IAAI,CAAC,oBAAoB,CAAC,cAAc,CAAC,EAAE,CAAC;oBACxC,OAAO;gBACX,CAAC;gBAED,IACI,CAAC,gCAAgC,CAAC,cAAc,EAAE,OAAO,CAAC,EAC5D,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,cAAc;iBACvB,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,yFAAyF;YAC7F,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,mGAAmG;SAC3G;QACD,QAAQ,EAAE;YACN,OAAO,EACH,kFAAkF;SACzF;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,uCAAuC;CAChD,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-msapp-exec-unsafe.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-msapp-exec-unsafe.d.ts.map

package/dist/rules/no-msapp-exec-unsafe.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-msapp-exec-unsafe.d.ts","sourceRoot":"","sources":["../../src/rules/no-msapp-exec-unsafe.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CA8BtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-msapp-exec-unsafe.js

@@ -0,0 +1,32 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        return {
+            "CallExpression[arguments.length=1][callee.object.name='MSApp'][callee.property.name='execUnsafeLocalFunction']"(node) {
+                context.report({
+                    messageId: "default",
+                    node,
+                });
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow MSApp.execUnsafeLocalFunction which bypasses script-injection safeguards.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-msapp-exec-unsafe",
+        },
+        messages: {
+            default: "Do not bypass script injection validation.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-msapp-exec-unsafe",
+});
+export default rule;
+//# sourceMappingURL=no-msapp-exec-unsafe.js.map

package/dist/rules/no-msapp-exec-unsafe.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-msapp-exec-unsafe.js","sourceRoot":"","sources":["../../src/rules/no-msapp-exec-unsafe.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAC;IACnD,MAAM,CAAC,OAAO;QACV,OAAO;YACH,gHAAgH,CAC5G,IAAI;gBAEJ,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI;iBACP,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,oFAAoF;YACxF,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,kFAAkF;SAC1F;QACD,QAAQ,EAAE;YACN,OAAO,EAAE,4CAA4C;SACxD;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,sBAAsB;CAC/B,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-node-tls-check-server-identity-bypass.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-node-tls-check-server-identity-bypass.d.ts.map

package/dist/rules/no-node-tls-check-server-identity-bypass.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-node-tls-check-server-identity-bypass.d.ts","sourceRoot":"","sources":["../../src/rules/no-node-tls-check-server-identity-bypass.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAsEzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAmEtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-node-tls-check-server-identity-bypass.js

@@ -0,0 +1,95 @@
+import { arrayFirst } from "ts-extras";
+import { createRule } from "../_internal/create-rule.js";
+import { getPropertyName } from "../_internal/estree-utils.js";
+import { isNodeTlsStaticMember, isRelevantNodeTlsOptionsObject, } from "../_internal/node-tls-config.js";
+const CHECK_SERVER_IDENTITY_PROPERTY_NAMES = new Set(["checkServerIdentity"]);
+const isFunctionExpression = (expression) => expression.type === "ArrowFunctionExpression" ||
+    expression.type === "FunctionExpression";
+const isExpressionNode = (node) => node.type !== "ArrayPattern" &&
+    node.type !== "AssignmentPattern" &&
+    node.type !== "ObjectPattern";
+const isAlwaysSuccessfulReturnExpression = (expression) => {
+    if (expression.type === "Identifier") {
+        return expression.name === "undefined";
+    }
+    if (expression.type === "Literal") {
+        return expression.value === null;
+    }
+    return (expression.type === "UnaryExpression" && expression.operator === "void");
+};
+const isAlwaysSuccessfulCheckServerIdentity = (callbackNode) => {
+    if (callbackNode.body.type !== "BlockStatement") {
+        return isAlwaysSuccessfulReturnExpression(callbackNode.body);
+    }
+    if (callbackNode.body.body.length === 0) {
+        return true;
+    }
+    if (callbackNode.body.body.length !== 1) {
+        return false;
+    }
+    const onlyStatement = arrayFirst(callbackNode.body.body);
+    if (onlyStatement?.type !== "ReturnStatement") {
+        return false;
+    }
+    return (onlyStatement.argument === null ||
+        (onlyStatement.argument !== null &&
+            isAlwaysSuccessfulReturnExpression(onlyStatement.argument)));
+};
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        return {
+            AssignmentExpression(node) {
+                if (node.operator !== "=" ||
+                    !isNodeTlsStaticMember(node.left, CHECK_SERVER_IDENTITY_PROPERTY_NAMES) ||
+                    !isFunctionExpression(node.right) ||
+                    !isAlwaysSuccessfulCheckServerIdentity(node.right)) {
+                    return;
+                }
+                context.report({
+                    messageId: "default",
+                    node: node.right,
+                });
+            },
+            ObjectExpression(node) {
+                if (!isRelevantNodeTlsOptionsObject(node)) {
+                    return;
+                }
+                for (const propertyNode of node.properties) {
+                    if (propertyNode.type !== "Property" ||
+                        propertyNode.kind !== "init" ||
+                        getPropertyName(propertyNode) !==
+                            "checkServerIdentity" ||
+                        !isExpressionNode(propertyNode.value) ||
+                        !isFunctionExpression(propertyNode.value) ||
+                        !isAlwaysSuccessfulCheckServerIdentity(propertyNode.value)) {
+                        continue;
+                    }
+                    context.report({
+                        messageId: "default",
+                        node: propertyNode.value,
+                    });
+                }
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow Node.js checkServerIdentity overrides that always accept the peer hostname.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-node-tls-check-server-identity-bypass",
+        },
+        messages: {
+            default: "Do not bypass Node.js hostname verification with a checkServerIdentity implementation that always succeeds.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-node-tls-check-server-identity-bypass",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-node-tls-check-server-identity-bypass.js.map

package/dist/rules/no-node-tls-check-server-identity-bypass.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-node-tls-check-server-identity-bypass.js","sourceRoot":"","sources":["../../src/rules/no-node-tls-check-server-identity-bypass.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EACH,qBAAqB,EACrB,8BAA8B,GACjC,MAAM,iCAAiC,CAAC;AAQzC,MAAM,oCAAoC,GAAG,IAAI,GAAG,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC;AAE9E,MAAM,oBAAoB,GAAG,CACzB,UAA+B,EACU,EAAE,CAC3C,UAAU,CAAC,IAAI,KAAK,yBAAyB;IAC7C,UAAU,CAAC,IAAI,KAAK,oBAAoB,CAAC;AAE7C,MAAM,gBAAgB,GAAG,CAAC,IAAmB,EAA+B,EAAE,CAC1E,IAAI,CAAC,IAAI,KAAK,cAAc;IAC5B,IAAI,CAAC,IAAI,KAAK,mBAAmB;IACjC,IAAI,CAAC,IAAI,KAAK,eAAe,CAAC;AAElC,MAAM,kCAAkC,GAAG,CACvC,UAA+B,EACxB,EAAE;IACT,IAAI,UAAU,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QACnC,OAAO,UAAU,CAAC,IAAI,KAAK,WAAW,CAAC;IAC3C,CAAC;IAED,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAChC,OAAO,UAAU,CAAC,KAAK,KAAK,IAAI,CAAC;IACrC,CAAC;IAED,OAAO,CACH,UAAU,CAAC,IAAI,KAAK,iBAAiB,IAAI,UAAU,CAAC,QAAQ,KAAK,MAAM,CAC1E,CAAC;AACN,CAAC,CAAC;AAEF,MAAM,qCAAqC,GAAG,CAC1C,YAAyC,EAClC,EAAE;IACT,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;QAC9C,OAAO,kCAAkC,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IACjE,CAAC;IAED,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,MAAM,aAAa,GAAG,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEzD,IAAI,aAAa,EAAE,IAAI,KAAK,iBAAiB,EAAE,CAAC;QAC5C,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,CACH,aAAa,CAAC,QAAQ,KAAK,IAAI;QAC/B,CAAC,aAAa,CAAC,QAAQ,KAAK,IAAI;YAC5B,kCAAkC,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAClE,CAAC;AACN,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAwB;IAC1E,MAAM,CAAC,OAAO;QACV,OAAO;YACH,oBAAoB,CAAC,IAAmC;gBACpD,IACI,IAAI,CAAC,QAAQ,KAAK,GAAG;oBACrB,CAAC,qBAAqB,CAClB,IAAI,CAAC,IAAI,EACT,oCAAoC,CACvC;oBACD,CAAC,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC;oBACjC,CAAC,qCAAqC,CAAC,IAAI,CAAC,KAAK,CAAC,EACpD,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,IAAI,CAAC,KAAK;iBACnB,CAAC,CAAC;YACP,CAAC;YACD,gBAAgB,CAAC,IAA+B;gBAC5C,IAAI,CAAC,8BAA8B,CAAC,IAAI,CAAC,EAAE,CAAC;oBACxC,OAAO;gBACX,CAAC;gBAED,KAAK,MAAM,YAAY,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;oBACzC,IACI,YAAY,CAAC,IAAI,KAAK,UAAU;wBAChC,YAAY,CAAC,IAAI,KAAK,MAAM;wBAC5B,eAAe,CAAC,YAAY,CAAC;4BACzB,qBAAqB;wBACzB,CAAC,gBAAgB,CAAC,YAAY,CAAC,KAAK,CAAC;wBACrC,CAAC,oBAAoB,CAAC,YAAY,CAAC,KAAK,CAAC;wBACzC,CAAC,qCAAqC,CAClC,YAAY,CAAC,KAAK,CACrB,EACH,CAAC;wBACC,SAAS;oBACb,CAAC;oBAED,OAAO,CAAC,MAAM,CAAC;wBACX,SAAS,EAAE,SAAS;wBACpB,IAAI,EAAE,YAAY,CAAC,KAAK;qBAC3B,CAAC,CAAC;gBACP,CAAC;YACL,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,sFAAsF;YAC1F,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,sGAAsG;SAC9G;QACD,QAAQ,EAAE;YACN,OAAO,EACH,6GAA6G;SACpH;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,0CAA0C;CACnD,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-node-tls-legacy-protocol.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-node-tls-legacy-protocol.d.ts.map

package/dist/rules/no-node-tls-legacy-protocol.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-node-tls-legacy-protocol.d.ts","sourceRoot":"","sources":["../../src/rules/no-node-tls-legacy-protocol.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AA+DzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CA+FtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-node-tls-legacy-protocol.js

@@ -0,0 +1,106 @@
+import { isDefined, setHas } from "ts-extras";
+import { createRule } from "../_internal/create-rule.js";
+import { getMemberPropertyName, getPropertyName, getStaticStringValue, } from "../_internal/estree-utils.js";
+import { isNodeTlsStaticMember, isRelevantNodeTlsOptionsObject, } from "../_internal/node-tls-config.js";
+const LEGACY_TLS_VERSION_VALUES = new Set([
+    "TLSv1",
+    "TLSv1.0",
+    "TLSv1.1",
+]);
+const isLegacySecureProtocolValue = (value) => /^(?:SSLv2|SSLv3|TLSv1(?:_1)?)(?:_(?:client|server))?_method$/u.test(value);
+const isExpressionNode = (node) => node.type !== "ArrayPattern" &&
+    node.type !== "AssignmentPattern" &&
+    node.type !== "ObjectPattern";
+const isLegacyTlsPropertyValue = (propertyName, configuredValue) => {
+    if (propertyName === "secureProtocol") {
+        return isLegacySecureProtocolValue(configuredValue);
+    }
+    return setHas(LEGACY_TLS_VERSION_VALUES, configuredValue);
+};
+const getLegacyTlsPropertyName = (propertyNode) => {
+    const propertyName = getPropertyName(propertyNode);
+    if (propertyName === "maxVersion" ||
+        propertyName === "minVersion" ||
+        propertyName === "secureProtocol") {
+        return propertyName;
+    }
+    return undefined;
+};
+const isTlsDefaultVersionMember = (node) => isNodeTlsStaticMember(node, new Set(["DEFAULT_MAX_VERSION", "DEFAULT_MIN_VERSION"]));
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        return {
+            AssignmentExpression(node) {
+                if (node.operator !== "=" ||
+                    !isTlsDefaultVersionMember(node.left)) {
+                    return;
+                }
+                const configuredValue = getStaticStringValue(node.right);
+                if (typeof configuredValue !== "string" ||
+                    !setHas(LEGACY_TLS_VERSION_VALUES, configuredValue)) {
+                    return;
+                }
+                context.report({
+                    data: {
+                        configuredValue,
+                        propertyName: getMemberPropertyName(node.left) ??
+                            "DEFAULT_MIN_VERSION",
+                    },
+                    messageId: "default",
+                    node: node.right,
+                });
+            },
+            ObjectExpression(node) {
+                if (!isRelevantNodeTlsOptionsObject(node)) {
+                    return;
+                }
+                for (const propertyNode of node.properties) {
+                    if (propertyNode.type !== "Property" ||
+                        propertyNode.kind !== "init") {
+                        continue;
+                    }
+                    if (!isExpressionNode(propertyNode.value)) {
+                        continue;
+                    }
+                    const propertyName = getLegacyTlsPropertyName(propertyNode);
+                    if (!isDefined(propertyName)) {
+                        continue;
+                    }
+                    const configuredValue = getStaticStringValue(propertyNode.value);
+                    if (typeof configuredValue !== "string" ||
+                        !isLegacyTlsPropertyValue(propertyName, configuredValue)) {
+                        continue;
+                    }
+                    context.report({
+                        data: {
+                            configuredValue,
+                            propertyName,
+                        },
+                        messageId: "default",
+                        node: propertyNode.value,
+                    });
+                }
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow legacy TLS protocol selection such as TLSv1/TLSv1.1 in Node.js TLS and HTTPS configuration.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-node-tls-legacy-protocol",
+        },
+        messages: {
+            default: "Do not configure {{propertyName}} with legacy TLS protocol {{configuredValue}}; require TLSv1.2 or newer instead.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-node-tls-legacy-protocol",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-node-tls-legacy-protocol.js.map

package/dist/rules/no-node-tls-legacy-protocol.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-node-tls-legacy-protocol.js","sourceRoot":"","sources":["../../src/rules/no-node-tls-legacy-protocol.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AAE9C,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EACH,qBAAqB,EACrB,eAAe,EACf,oBAAoB,GACvB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACH,qBAAqB,EACrB,8BAA8B,GACjC,MAAM,iCAAiC,CAAC;AAKzC,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC;IACtC,OAAO;IACP,SAAS;IACT,SAAS;CACZ,CAAC,CAAC;AAEH,MAAM,2BAA2B,GAAG,CAAC,KAAa,EAAW,EAAE,CAC3D,+DAA+D,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAEhF,MAAM,gBAAgB,GAAG,CAAC,IAAmB,EAA+B,EAAE,CAC1E,IAAI,CAAC,IAAI,KAAK,cAAc;IAC5B,IAAI,CAAC,IAAI,KAAK,mBAAmB;IACjC,IAAI,CAAC,IAAI,KAAK,eAAe,CAAC;AAElC,MAAM,wBAAwB,GAAG,CAC7B,YAAmC,EACnC,eAAuB,EAChB,EAAE;IACT,IAAI,YAAY,KAAK,gBAAgB,EAAE,CAAC;QACpC,OAAO,2BAA2B,CAAC,eAAe,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,MAAM,CAAC,yBAAyB,EAAE,eAAe,CAAC,CAAC;AAC9D,CAAC,CAAC;AAEF,MAAM,wBAAwB,GAAG,CAC7B,YAA+B,EACE,EAAE;IACnC,MAAM,YAAY,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IAEnD,IACI,YAAY,KAAK,YAAY;QAC7B,YAAY,KAAK,YAAY;QAC7B,YAAY,KAAK,gBAAgB,EACnC,CAAC;QACC,OAAO,YAAY,CAAC;IACxB,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,yBAAyB,GAAG,CAC9B,IAA2C,EACV,EAAE,CACnC,qBAAqB,CACjB,IAAI,EACJ,IAAI,GAAG,CAAC,CAAC,qBAAqB,EAAE,qBAAqB,CAAC,CAAC,CAC1D,CAAC;AAEN,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAwB;IAC1E,MAAM,CAAC,OAAO;QACV,OAAO;YACH,oBAAoB,CAAC,IAAmC;gBACpD,IACI,IAAI,CAAC,QAAQ,KAAK,GAAG;oBACrB,CAAC,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,EACvC,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,MAAM,eAAe,GAAG,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAEzD,IACI,OAAO,eAAe,KAAK,QAAQ;oBACnC,CAAC,MAAM,CAAC,yBAAyB,EAAE,eAAe,CAAC,EACrD,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,IAAI,EAAE;wBACF,eAAe;wBACf,YAAY,EACR,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC;4BAChC,qBAAqB;qBAC5B;oBACD,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,IAAI,CAAC,KAAK;iBACnB,CAAC,CAAC;YACP,CAAC;YACD,gBAAgB,CAAC,IAA+B;gBAC5C,IAAI,CAAC,8BAA8B,CAAC,IAAI,CAAC,EAAE,CAAC;oBACxC,OAAO;gBACX,CAAC;gBAED,KAAK,MAAM,YAAY,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;oBACzC,IACI,YAAY,CAAC,IAAI,KAAK,UAAU;wBAChC,YAAY,CAAC,IAAI,KAAK,MAAM,EAC9B,CAAC;wBACC,SAAS;oBACb,CAAC;oBAED,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;wBACxC,SAAS;oBACb,CAAC;oBAED,MAAM,YAAY,GAAG,wBAAwB,CAAC,YAAY,CAAC,CAAC;oBAE5D,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC;wBAC3B,SAAS;oBACb,CAAC;oBAED,MAAM,eAAe,GAAG,oBAAoB,CACxC,YAAY,CAAC,KAAK,CACrB,CAAC;oBAEF,IACI,OAAO,eAAe,KAAK,QAAQ;wBACnC,CAAC,wBAAwB,CAAC,YAAY,EAAE,eAAe,CAAC,EAC1D,CAAC;wBACC,SAAS;oBACb,CAAC;oBAED,OAAO,CAAC,MAAM,CAAC;wBACX,IAAI,EAAE;4BACF,eAAe;4BACf,YAAY;yBACf;wBACD,SAAS,EAAE,SAAS;wBACpB,IAAI,EAAE,YAAY,CAAC,KAAK;qBAC3B,CAAC,CAAC;gBACP,CAAC;YACL,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,sGAAsG;YAC1G,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,yFAAyF;SACjG;QACD,QAAQ,EAAE;YACN,OAAO,EACH,mHAAmH;SAC1H;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,6BAA6B;CACtC,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-node-tls-reject-unauthorized-zero.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-node-tls-reject-unauthorized-zero.d.ts.map

package/dist/rules/no-node-tls-reject-unauthorized-zero.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-node-tls-reject-unauthorized-zero.d.ts","sourceRoot":"","sources":["../../src/rules/no-node-tls-reject-unauthorized-zero.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AA8DzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CA4DtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-node-tls-reject-unauthorized-zero.js

@@ -0,0 +1,93 @@
+import { arrayFirst } from "ts-extras";
+import { createRule } from "../_internal/create-rule.js";
+const getMemberPropertyName = (memberExpression) => {
+    if (!memberExpression.computed &&
+        memberExpression.property.type === "Identifier") {
+        return memberExpression.property.name;
+    }
+    if (memberExpression.property.type === "Literal" &&
+        typeof memberExpression.property.value === "string") {
+        return memberExpression.property.value;
+    }
+    return undefined;
+};
+const isProcessEnvAccess = (node) => {
+    if (node.type !== "MemberExpression") {
+        return false;
+    }
+    if (getMemberPropertyName(node) !== "env") {
+        return false;
+    }
+    return node.object.type === "Identifier" && node.object.name === "process";
+};
+const isTlsRejectUnauthorizedMember = (node) => {
+    if (node.type !== "MemberExpression") {
+        return false;
+    }
+    if (getMemberPropertyName(node) !== "NODE_TLS_REJECT_UNAUTHORIZED") {
+        return false;
+    }
+    return isProcessEnvAccess(node.object);
+};
+const isUnsafeOverrideValue = (node) => {
+    if (node.type === "Literal") {
+        return node.value === 0 || node.value === "0";
+    }
+    return (node.type === "TemplateLiteral" &&
+        node.expressions.length === 0 &&
+        arrayFirst(node.quasis)?.value.cooked === "0");
+};
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        return {
+            AssignmentExpression(node) {
+                if (node.operator !== "=") {
+                    return;
+                }
+                if (!isTlsRejectUnauthorizedMember(node.left)) {
+                    return;
+                }
+                if (!isUnsafeOverrideValue(node.right)) {
+                    return;
+                }
+                context.report({
+                    messageId: "default",
+                    node,
+                    suggest: [
+                        {
+                            fix(fixer) {
+                                const replacementValue = node.right.type === "TemplateLiteral"
+                                    ? "`1`"
+                                    : "'1'";
+                                return fixer.replaceText(node.right, replacementValue);
+                            },
+                            messageId: "replaceWithTlsRejectUnauthorizedOne",
+                        },
+                    ],
+                });
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0' overrides in Node.js runtime code.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-node-tls-reject-unauthorized-zero",
+        },
+        hasSuggestions: true,
+        messages: {
+            default: "Do not disable TLS certificate validation with NODE_TLS_REJECT_UNAUTHORIZED=0.",
+            replaceWithTlsRejectUnauthorizedOne: "Set NODE_TLS_REJECT_UNAUTHORIZED to '1' to keep TLS certificate validation enabled.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-node-tls-reject-unauthorized-zero",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-node-tls-reject-unauthorized-zero.js.map

package/dist/rules/no-node-tls-reject-unauthorized-zero.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-node-tls-reject-unauthorized-zero.js","sourceRoot":"","sources":["../../src/rules/no-node-tls-reject-unauthorized-zero.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,qBAAqB,GAAG,CAC1B,gBAA2C,EACzB,EAAE;IACpB,IACI,CAAC,gBAAgB,CAAC,QAAQ;QAC1B,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EACjD,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC1C,CAAC;IAED,IACI,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,SAAS;QAC5C,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,KAAK,QAAQ,EACrD,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC;IAC3C,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,kBAAkB,GAAG,CAAC,IAAyB,EAAW,EAAE;IAC9D,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QACnC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,KAAK,EAAE,CAAC;QACxC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,CAAC;AAC/E,CAAC,CAAC;AAEF,MAAM,6BAA6B,GAAG,CAClC,IAA2C,EACpC,EAAE;IACT,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QACnC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,8BAA8B,EAAE,CAAC;QACjE,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC3C,CAAC,CAAC;AAEF,MAAM,qBAAqB,GAAG,CAAC,IAAyB,EAAW,EAAE;IACjE,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC,KAAK,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,KAAK,GAAG,CAAC;IAClD,CAAC;IAED,OAAO,CACH,IAAI,CAAC,IAAI,KAAK,iBAAiB;QAC/B,IAAI,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;QAC7B,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,MAAM,KAAK,GAAG,CAChD,CAAC;AACN,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAwB;IAC1E,MAAM,CAAC,OAAO;QACV,OAAO;YACH,oBAAoB,CAAC,IAAmC;gBACpD,IAAI,IAAI,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;oBACxB,OAAO;gBACX,CAAC;gBAED,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC5C,OAAO;gBACX,CAAC;gBAED,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;oBACrC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI;oBACJ,OAAO,EAAE;wBACL;4BACI,GAAG,CAAC,KAAK;gCACL,MAAM,gBAAgB,GAClB,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,iBAAiB;oCACjC,CAAC,CAAC,KAAK;oCACP,CAAC,CAAC,KAAK,CAAC;gCAEhB,OAAO,KAAK,CAAC,WAAW,CACpB,IAAI,CAAC,KAAK,EACV,gBAAgB,CACnB,CAAC;4BACN,CAAC;4BACD,SAAS,EAAE,qCAAqC;yBACnD;qBACJ;iBACJ,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,4FAA4F;YAChG,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,kGAAkG;SAC1G;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACN,OAAO,EACH,gFAAgF;YACpF,mCAAmC,EAC/B,qFAAqF;SAC5F;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,sCAAsC;CAC/C,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-node-tls-security-level-zero.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-node-tls-security-level-zero.d.ts.map

package/dist/rules/no-node-tls-security-level-zero.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-node-tls-security-level-zero.d.ts","sourceRoot":"","sources":["../../src/rules/no-node-tls-security-level-zero.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAuBzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAwFtC,CAAC;AAEH,eAAe,IAAI,CAAC"}