eslint-plugin-sdl-2 1.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +5316 -0
- package/LICENSE +21 -0
- package/README.md +133 -0
- package/dist/_internal/ast-utils.d.ts +17 -0
- package/dist/_internal/ast-utils.d.ts.map +1 -0
- package/dist/_internal/ast-utils.js +93 -0
- package/dist/_internal/ast-utils.js.map +1 -0
- package/dist/_internal/config-references.d.ts +5 -0
- package/dist/_internal/config-references.d.ts.map +1 -0
- package/dist/_internal/config-references.js +13 -0
- package/dist/_internal/config-references.js.map +1 -0
- package/dist/_internal/create-rule.d.ts +9 -0
- package/dist/_internal/create-rule.d.ts.map +1 -0
- package/dist/_internal/create-rule.js +6 -0
- package/dist/_internal/create-rule.js.map +1 -0
- package/dist/_internal/domparser.d.ts +19 -0
- package/dist/_internal/domparser.d.ts.map +1 -0
- package/dist/_internal/domparser.js +45 -0
- package/dist/_internal/domparser.js.map +1 -0
- package/dist/_internal/electron-web-preferences.d.ts +14 -0
- package/dist/_internal/electron-web-preferences.d.ts.map +1 -0
- package/dist/_internal/electron-web-preferences.js +63 -0
- package/dist/_internal/electron-web-preferences.js.map +1 -0
- package/dist/_internal/estree-utils.d.ts +51 -0
- package/dist/_internal/estree-utils.d.ts.map +1 -0
- package/dist/_internal/estree-utils.js +112 -0
- package/dist/_internal/estree-utils.js.map +1 -0
- package/dist/_internal/node-tls-config.d.ts +44 -0
- package/dist/_internal/node-tls-config.d.ts.map +1 -0
- package/dist/_internal/node-tls-config.js +101 -0
- package/dist/_internal/node-tls-config.js.map +1 -0
- package/dist/_internal/rules-registry.d.ts +10 -0
- package/dist/_internal/rules-registry.d.ts.map +1 -0
- package/dist/_internal/rules-registry.js +148 -0
- package/dist/_internal/rules-registry.js.map +1 -0
- package/dist/_internal/script-element.d.ts +7 -0
- package/dist/_internal/script-element.d.ts.map +1 -0
- package/dist/_internal/script-element.js +46 -0
- package/dist/_internal/script-element.js.map +1 -0
- package/dist/_internal/worker-code-loading.d.ts +69 -0
- package/dist/_internal/worker-code-loading.d.ts.map +1 -0
- package/dist/_internal/worker-code-loading.js +134 -0
- package/dist/_internal/worker-code-loading.js.map +1 -0
- package/dist/plugin.cjs +6036 -0
- package/dist/plugin.cjs.map +7 -0
- package/dist/plugin.d.cts +11 -0
- package/dist/plugin.d.ts +11 -0
- package/dist/plugin.d.ts.map +1 -0
- package/dist/plugin.js +235 -0
- package/dist/plugin.js.map +1 -0
- package/dist/rules/no-angular-bypass-sanitizer.d.ts +5 -0
- package/dist/rules/no-angular-bypass-sanitizer.d.ts.map +1 -0
- package/dist/rules/no-angular-bypass-sanitizer.js +32 -0
- package/dist/rules/no-angular-bypass-sanitizer.js.map +1 -0
- package/dist/rules/no-angular-bypass-security-trust-html.d.ts +5 -0
- package/dist/rules/no-angular-bypass-security-trust-html.d.ts.map +1 -0
- package/dist/rules/no-angular-bypass-security-trust-html.js +51 -0
- package/dist/rules/no-angular-bypass-security-trust-html.js.map +1 -0
- package/dist/rules/no-angular-innerhtml-binding.d.ts +5 -0
- package/dist/rules/no-angular-innerhtml-binding.d.ts.map +1 -0
- package/dist/rules/no-angular-innerhtml-binding.js +57 -0
- package/dist/rules/no-angular-innerhtml-binding.js.map +1 -0
- package/dist/rules/no-angular-sanitization-trusted-urls.d.ts +5 -0
- package/dist/rules/no-angular-sanitization-trusted-urls.d.ts.map +1 -0
- package/dist/rules/no-angular-sanitization-trusted-urls.js +32 -0
- package/dist/rules/no-angular-sanitization-trusted-urls.js.map +1 -0
- package/dist/rules/no-angularjs-bypass-sce.d.ts +5 -0
- package/dist/rules/no-angularjs-bypass-sce.d.ts.map +1 -0
- package/dist/rules/no-angularjs-bypass-sce.js +80 -0
- package/dist/rules/no-angularjs-bypass-sce.js.map +1 -0
- package/dist/rules/no-angularjs-enable-svg.d.ts +5 -0
- package/dist/rules/no-angularjs-enable-svg.d.ts.map +1 -0
- package/dist/rules/no-angularjs-enable-svg.js +48 -0
- package/dist/rules/no-angularjs-enable-svg.js.map +1 -0
- package/dist/rules/no-angularjs-ng-bind-html-without-sanitize.d.ts +5 -0
- package/dist/rules/no-angularjs-ng-bind-html-without-sanitize.d.ts.map +1 -0
- package/dist/rules/no-angularjs-ng-bind-html-without-sanitize.js +64 -0
- package/dist/rules/no-angularjs-ng-bind-html-without-sanitize.js.map +1 -0
- package/dist/rules/no-angularjs-sanitization-whitelist.d.ts +5 -0
- package/dist/rules/no-angularjs-sanitization-whitelist.d.ts.map +1 -0
- package/dist/rules/no-angularjs-sanitization-whitelist.js +32 -0
- package/dist/rules/no-angularjs-sanitization-whitelist.js.map +1 -0
- package/dist/rules/no-angularjs-sce-resource-url-wildcard.d.ts +5 -0
- package/dist/rules/no-angularjs-sce-resource-url-wildcard.d.ts.map +1 -0
- package/dist/rules/no-angularjs-sce-resource-url-wildcard.js +69 -0
- package/dist/rules/no-angularjs-sce-resource-url-wildcard.js.map +1 -0
- package/dist/rules/no-child-process-exec.d.ts +5 -0
- package/dist/rules/no-child-process-exec.d.ts.map +1 -0
- package/dist/rules/no-child-process-exec.js +141 -0
- package/dist/rules/no-child-process-exec.js.map +1 -0
- package/dist/rules/no-child-process-shell-true.d.ts +5 -0
- package/dist/rules/no-child-process-shell-true.d.ts.map +1 -0
- package/dist/rules/no-child-process-shell-true.js +89 -0
- package/dist/rules/no-child-process-shell-true.js.map +1 -0
- package/dist/rules/no-cookies.d.ts +5 -0
- package/dist/rules/no-cookies.d.ts.map +1 -0
- package/dist/rules/no-cookies.js +38 -0
- package/dist/rules/no-cookies.js.map +1 -0
- package/dist/rules/no-document-domain.d.ts +5 -0
- package/dist/rules/no-document-domain.d.ts.map +1 -0
- package/dist/rules/no-document-domain.js +41 -0
- package/dist/rules/no-document-domain.js.map +1 -0
- package/dist/rules/no-document-execcommand-insert-html.d.ts +5 -0
- package/dist/rules/no-document-execcommand-insert-html.d.ts.map +1 -0
- package/dist/rules/no-document-execcommand-insert-html.js +57 -0
- package/dist/rules/no-document-execcommand-insert-html.js.map +1 -0
- package/dist/rules/no-document-parse-html-unsafe.d.ts +5 -0
- package/dist/rules/no-document-parse-html-unsafe.d.ts.map +1 -0
- package/dist/rules/no-document-parse-html-unsafe.js +67 -0
- package/dist/rules/no-document-parse-html-unsafe.js.map +1 -0
- package/dist/rules/no-document-write.d.ts +5 -0
- package/dist/rules/no-document-write.d.ts.map +1 -0
- package/dist/rules/no-document-write.js +40 -0
- package/dist/rules/no-document-write.js.map +1 -0
- package/dist/rules/no-domparser-html-without-sanitization.d.ts +5 -0
- package/dist/rules/no-domparser-html-without-sanitization.d.ts.map +1 -0
- package/dist/rules/no-domparser-html-without-sanitization.js +56 -0
- package/dist/rules/no-domparser-html-without-sanitization.js.map +1 -0
- package/dist/rules/no-domparser-svg-without-sanitization.d.ts +5 -0
- package/dist/rules/no-domparser-svg-without-sanitization.d.ts.map +1 -0
- package/dist/rules/no-domparser-svg-without-sanitization.js +56 -0
- package/dist/rules/no-domparser-svg-without-sanitization.js.map +1 -0
- package/dist/rules/no-dynamic-import-unsafe-url.d.ts +5 -0
- package/dist/rules/no-dynamic-import-unsafe-url.d.ts.map +1 -0
- package/dist/rules/no-dynamic-import-unsafe-url.js +47 -0
- package/dist/rules/no-dynamic-import-unsafe-url.js.map +1 -0
- package/dist/rules/no-electron-allow-running-insecure-content.d.ts +5 -0
- package/dist/rules/no-electron-allow-running-insecure-content.d.ts.map +1 -0
- package/dist/rules/no-electron-allow-running-insecure-content.js +30 -0
- package/dist/rules/no-electron-allow-running-insecure-content.js.map +1 -0
- package/dist/rules/no-electron-dangerous-blink-features.d.ts +5 -0
- package/dist/rules/no-electron-dangerous-blink-features.d.ts.map +1 -0
- package/dist/rules/no-electron-dangerous-blink-features.js +89 -0
- package/dist/rules/no-electron-dangerous-blink-features.js.map +1 -0
- package/dist/rules/no-electron-disable-context-isolation.d.ts +5 -0
- package/dist/rules/no-electron-disable-context-isolation.d.ts.map +1 -0
- package/dist/rules/no-electron-disable-context-isolation.js +30 -0
- package/dist/rules/no-electron-disable-context-isolation.js.map +1 -0
- package/dist/rules/no-electron-disable-sandbox.d.ts +5 -0
- package/dist/rules/no-electron-disable-sandbox.d.ts.map +1 -0
- package/dist/rules/no-electron-disable-sandbox.js +30 -0
- package/dist/rules/no-electron-disable-sandbox.js.map +1 -0
- package/dist/rules/no-electron-disable-web-security.d.ts +5 -0
- package/dist/rules/no-electron-disable-web-security.d.ts.map +1 -0
- package/dist/rules/no-electron-disable-web-security.js +30 -0
- package/dist/rules/no-electron-disable-web-security.js.map +1 -0
- package/dist/rules/no-electron-enable-remote-module.d.ts +5 -0
- package/dist/rules/no-electron-enable-remote-module.d.ts.map +1 -0
- package/dist/rules/no-electron-enable-remote-module.js +30 -0
- package/dist/rules/no-electron-enable-remote-module.js.map +1 -0
- package/dist/rules/no-electron-enable-webview-tag.d.ts +5 -0
- package/dist/rules/no-electron-enable-webview-tag.d.ts.map +1 -0
- package/dist/rules/no-electron-enable-webview-tag.js +30 -0
- package/dist/rules/no-electron-enable-webview-tag.js.map +1 -0
- package/dist/rules/no-electron-experimental-features.d.ts +5 -0
- package/dist/rules/no-electron-experimental-features.d.ts.map +1 -0
- package/dist/rules/no-electron-experimental-features.js +30 -0
- package/dist/rules/no-electron-experimental-features.js.map +1 -0
- package/dist/rules/no-electron-expose-raw-ipc-renderer.d.ts +5 -0
- package/dist/rules/no-electron-expose-raw-ipc-renderer.d.ts.map +1 -0
- package/dist/rules/no-electron-expose-raw-ipc-renderer.js +108 -0
- package/dist/rules/no-electron-expose-raw-ipc-renderer.js.map +1 -0
- package/dist/rules/no-electron-insecure-certificate-error-handler.d.ts +5 -0
- package/dist/rules/no-electron-insecure-certificate-error-handler.d.ts.map +1 -0
- package/dist/rules/no-electron-insecure-certificate-error-handler.js +91 -0
- package/dist/rules/no-electron-insecure-certificate-error-handler.js.map +1 -0
- package/dist/rules/no-electron-insecure-certificate-verify-proc.d.ts +5 -0
- package/dist/rules/no-electron-insecure-certificate-verify-proc.d.ts.map +1 -0
- package/dist/rules/no-electron-insecure-certificate-verify-proc.js +75 -0
- package/dist/rules/no-electron-insecure-certificate-verify-proc.js.map +1 -0
- package/dist/rules/no-electron-insecure-permission-request-handler.d.ts +5 -0
- package/dist/rules/no-electron-insecure-permission-request-handler.d.ts.map +1 -0
- package/dist/rules/no-electron-insecure-permission-request-handler.js +75 -0
- package/dist/rules/no-electron-insecure-permission-request-handler.js.map +1 -0
- package/dist/rules/no-electron-node-integration.d.ts +5 -0
- package/dist/rules/no-electron-node-integration.d.ts.map +1 -0
- package/dist/rules/no-electron-node-integration.js +52 -0
- package/dist/rules/no-electron-node-integration.js.map +1 -0
- package/dist/rules/no-electron-permission-check-handler-allow-all.d.ts +5 -0
- package/dist/rules/no-electron-permission-check-handler-allow-all.d.ts.map +1 -0
- package/dist/rules/no-electron-permission-check-handler-allow-all.js +63 -0
- package/dist/rules/no-electron-permission-check-handler-allow-all.js.map +1 -0
- package/dist/rules/no-electron-unchecked-ipc-sender.d.ts +5 -0
- package/dist/rules/no-electron-unchecked-ipc-sender.d.ts.map +1 -0
- package/dist/rules/no-electron-unchecked-ipc-sender.js +90 -0
- package/dist/rules/no-electron-unchecked-ipc-sender.js.map +1 -0
- package/dist/rules/no-electron-unrestricted-navigation.d.ts +5 -0
- package/dist/rules/no-electron-unrestricted-navigation.d.ts.map +1 -0
- package/dist/rules/no-electron-unrestricted-navigation.js +100 -0
- package/dist/rules/no-electron-unrestricted-navigation.js.map +1 -0
- package/dist/rules/no-electron-untrusted-open-external.d.ts +5 -0
- package/dist/rules/no-electron-untrusted-open-external.d.ts.map +1 -0
- package/dist/rules/no-electron-untrusted-open-external.js +92 -0
- package/dist/rules/no-electron-untrusted-open-external.js.map +1 -0
- package/dist/rules/no-electron-webview-allowpopups.d.ts +5 -0
- package/dist/rules/no-electron-webview-allowpopups.d.ts.map +1 -0
- package/dist/rules/no-electron-webview-allowpopups.js +85 -0
- package/dist/rules/no-electron-webview-allowpopups.js.map +1 -0
- package/dist/rules/no-electron-webview-insecure-webpreferences.d.ts +5 -0
- package/dist/rules/no-electron-webview-insecure-webpreferences.d.ts.map +1 -0
- package/dist/rules/no-electron-webview-insecure-webpreferences.js +88 -0
- package/dist/rules/no-electron-webview-insecure-webpreferences.js.map +1 -0
- package/dist/rules/no-electron-webview-node-integration.d.ts +5 -0
- package/dist/rules/no-electron-webview-node-integration.d.ts.map +1 -0
- package/dist/rules/no-electron-webview-node-integration.js +107 -0
- package/dist/rules/no-electron-webview-node-integration.js.map +1 -0
- package/dist/rules/no-html-method.d.ts +5 -0
- package/dist/rules/no-html-method.d.ts.map +1 -0
- package/dist/rules/no-html-method.js +42 -0
- package/dist/rules/no-html-method.js.map +1 -0
- package/dist/rules/no-http-request-to-insecure-protocol.d.ts +5 -0
- package/dist/rules/no-http-request-to-insecure-protocol.d.ts.map +1 -0
- package/dist/rules/no-http-request-to-insecure-protocol.js +94 -0
- package/dist/rules/no-http-request-to-insecure-protocol.js.map +1 -0
- package/dist/rules/no-iframe-srcdoc.d.ts +5 -0
- package/dist/rules/no-iframe-srcdoc.d.ts.map +1 -0
- package/dist/rules/no-iframe-srcdoc.js +144 -0
- package/dist/rules/no-iframe-srcdoc.js.map +1 -0
- package/dist/rules/no-inner-html.d.ts +5 -0
- package/dist/rules/no-inner-html.d.ts.map +1 -0
- package/dist/rules/no-inner-html.js +67 -0
- package/dist/rules/no-inner-html.js.map +1 -0
- package/dist/rules/no-insecure-random.d.ts +5 -0
- package/dist/rules/no-insecure-random.d.ts.map +1 -0
- package/dist/rules/no-insecure-random.js +95 -0
- package/dist/rules/no-insecure-random.js.map +1 -0
- package/dist/rules/no-insecure-tls-agent-options.d.ts +5 -0
- package/dist/rules/no-insecure-tls-agent-options.d.ts.map +1 -0
- package/dist/rules/no-insecure-tls-agent-options.js +73 -0
- package/dist/rules/no-insecure-tls-agent-options.js.map +1 -0
- package/dist/rules/no-insecure-url.d.ts +12 -0
- package/dist/rules/no-insecure-url.d.ts.map +1 -0
- package/dist/rules/no-insecure-url.js +142 -0
- package/dist/rules/no-insecure-url.js.map +1 -0
- package/dist/rules/no-location-javascript-url.d.ts +5 -0
- package/dist/rules/no-location-javascript-url.d.ts.map +1 -0
- package/dist/rules/no-location-javascript-url.js +98 -0
- package/dist/rules/no-location-javascript-url.js.map +1 -0
- package/dist/rules/no-message-event-without-origin-check.d.ts +5 -0
- package/dist/rules/no-message-event-without-origin-check.d.ts.map +1 -0
- package/dist/rules/no-message-event-without-origin-check.js +183 -0
- package/dist/rules/no-message-event-without-origin-check.js.map +1 -0
- package/dist/rules/no-msapp-exec-unsafe.d.ts +5 -0
- package/dist/rules/no-msapp-exec-unsafe.d.ts.map +1 -0
- package/dist/rules/no-msapp-exec-unsafe.js +32 -0
- package/dist/rules/no-msapp-exec-unsafe.js.map +1 -0
- package/dist/rules/no-node-tls-check-server-identity-bypass.d.ts +5 -0
- package/dist/rules/no-node-tls-check-server-identity-bypass.d.ts.map +1 -0
- package/dist/rules/no-node-tls-check-server-identity-bypass.js +95 -0
- package/dist/rules/no-node-tls-check-server-identity-bypass.js.map +1 -0
- package/dist/rules/no-node-tls-legacy-protocol.d.ts +5 -0
- package/dist/rules/no-node-tls-legacy-protocol.d.ts.map +1 -0
- package/dist/rules/no-node-tls-legacy-protocol.js +106 -0
- package/dist/rules/no-node-tls-legacy-protocol.js.map +1 -0
- package/dist/rules/no-node-tls-reject-unauthorized-zero.d.ts +5 -0
- package/dist/rules/no-node-tls-reject-unauthorized-zero.d.ts.map +1 -0
- package/dist/rules/no-node-tls-reject-unauthorized-zero.js +93 -0
- package/dist/rules/no-node-tls-reject-unauthorized-zero.js.map +1 -0
- package/dist/rules/no-node-tls-security-level-zero.d.ts +5 -0
- package/dist/rules/no-node-tls-security-level-zero.d.ts.map +1 -0
- package/dist/rules/no-node-tls-security-level-zero.js +80 -0
- package/dist/rules/no-node-tls-security-level-zero.js.map +1 -0
- package/dist/rules/no-node-vm-run-in-context.d.ts +5 -0
- package/dist/rules/no-node-vm-run-in-context.d.ts.map +1 -0
- package/dist/rules/no-node-vm-run-in-context.js +186 -0
- package/dist/rules/no-node-vm-run-in-context.js.map +1 -0
- package/dist/rules/no-node-vm-source-text-module.d.ts +5 -0
- package/dist/rules/no-node-vm-source-text-module.d.ts.map +1 -0
- package/dist/rules/no-node-vm-source-text-module.js +126 -0
- package/dist/rules/no-node-vm-source-text-module.js.map +1 -0
- package/dist/rules/no-node-worker-threads-eval.d.ts +5 -0
- package/dist/rules/no-node-worker-threads-eval.d.ts.map +1 -0
- package/dist/rules/no-node-worker-threads-eval.js +151 -0
- package/dist/rules/no-node-worker-threads-eval.js.map +1 -0
- package/dist/rules/no-nonnull-assertion-on-security-input.d.ts +5 -0
- package/dist/rules/no-nonnull-assertion-on-security-input.d.ts.map +1 -0
- package/dist/rules/no-nonnull-assertion-on-security-input.js +48 -0
- package/dist/rules/no-nonnull-assertion-on-security-input.js.map +1 -0
- package/dist/rules/no-postmessage-star-origin.d.ts +5 -0
- package/dist/rules/no-postmessage-star-origin.d.ts.map +1 -0
- package/dist/rules/no-postmessage-star-origin.js +58 -0
- package/dist/rules/no-postmessage-star-origin.js.map +1 -0
- package/dist/rules/no-postmessage-without-origin-allowlist.d.ts +5 -0
- package/dist/rules/no-postmessage-without-origin-allowlist.d.ts.map +1 -0
- package/dist/rules/no-postmessage-without-origin-allowlist.js +80 -0
- package/dist/rules/no-postmessage-without-origin-allowlist.js.map +1 -0
- package/dist/rules/no-range-create-contextual-fragment.d.ts +5 -0
- package/dist/rules/no-range-create-contextual-fragment.d.ts.map +1 -0
- package/dist/rules/no-range-create-contextual-fragment.js +64 -0
- package/dist/rules/no-range-create-contextual-fragment.js.map +1 -0
- package/dist/rules/no-script-src-data-url.d.ts +5 -0
- package/dist/rules/no-script-src-data-url.d.ts.map +1 -0
- package/dist/rules/no-script-src-data-url.js +108 -0
- package/dist/rules/no-script-src-data-url.js.map +1 -0
- package/dist/rules/no-script-text.d.ts +5 -0
- package/dist/rules/no-script-text.d.ts.map +1 -0
- package/dist/rules/no-script-text.js +52 -0
- package/dist/rules/no-script-text.js.map +1 -0
- package/dist/rules/no-service-worker-unsafe-script-url.d.ts +5 -0
- package/dist/rules/no-service-worker-unsafe-script-url.d.ts.map +1 -0
- package/dist/rules/no-service-worker-unsafe-script-url.js +52 -0
- package/dist/rules/no-service-worker-unsafe-script-url.js.map +1 -0
- package/dist/rules/no-set-html-unsafe.d.ts +5 -0
- package/dist/rules/no-set-html-unsafe.d.ts.map +1 -0
- package/dist/rules/no-set-html-unsafe.js +48 -0
- package/dist/rules/no-set-html-unsafe.js.map +1 -0
- package/dist/rules/no-trusted-types-policy-pass-through.d.ts +5 -0
- package/dist/rules/no-trusted-types-policy-pass-through.d.ts.map +1 -0
- package/dist/rules/no-trusted-types-policy-pass-through.js +115 -0
- package/dist/rules/no-trusted-types-policy-pass-through.js.map +1 -0
- package/dist/rules/no-unsafe-alloc.d.ts +5 -0
- package/dist/rules/no-unsafe-alloc.d.ts.map +1 -0
- package/dist/rules/no-unsafe-alloc.js +51 -0
- package/dist/rules/no-unsafe-alloc.js.map +1 -0
- package/dist/rules/no-unsafe-cast-to-trusted-types.d.ts +5 -0
- package/dist/rules/no-unsafe-cast-to-trusted-types.d.ts.map +1 -0
- package/dist/rules/no-unsafe-cast-to-trusted-types.js +89 -0
- package/dist/rules/no-unsafe-cast-to-trusted-types.js.map +1 -0
- package/dist/rules/no-window-open-without-noopener.d.ts +5 -0
- package/dist/rules/no-window-open-without-noopener.d.ts.map +1 -0
- package/dist/rules/no-window-open-without-noopener.js +84 -0
- package/dist/rules/no-window-open-without-noopener.js.map +1 -0
- package/dist/rules/no-winjs-html-unsafe.d.ts +5 -0
- package/dist/rules/no-winjs-html-unsafe.d.ts.map +1 -0
- package/dist/rules/no-winjs-html-unsafe.js +32 -0
- package/dist/rules/no-winjs-html-unsafe.js.map +1 -0
- package/dist/rules/no-worker-blob-url.d.ts +5 -0
- package/dist/rules/no-worker-blob-url.d.ts.map +1 -0
- package/dist/rules/no-worker-blob-url.js +64 -0
- package/dist/rules/no-worker-blob-url.js.map +1 -0
- package/dist/rules/no-worker-data-url.d.ts +5 -0
- package/dist/rules/no-worker-data-url.d.ts.map +1 -0
- package/dist/rules/no-worker-data-url.js +67 -0
- package/dist/rules/no-worker-data-url.js.map +1 -0
- package/docs/rules/getting-started.md +70 -0
- package/docs/rules/no-angular-bypass-sanitizer.md +69 -0
- package/docs/rules/no-angular-bypass-security-trust-html.md +59 -0
- package/docs/rules/no-angular-innerhtml-binding.md +59 -0
- package/docs/rules/no-angular-sanitization-trusted-urls.md +64 -0
- package/docs/rules/no-angularjs-bypass-sce.md +64 -0
- package/docs/rules/no-angularjs-enable-svg.md +59 -0
- package/docs/rules/no-angularjs-ng-bind-html-without-sanitize.md +59 -0
- package/docs/rules/no-angularjs-sanitization-whitelist.md +63 -0
- package/docs/rules/no-angularjs-sce-resource-url-wildcard.md +62 -0
- package/docs/rules/no-child-process-exec.md +101 -0
- package/docs/rules/no-child-process-shell-true.md +59 -0
- package/docs/rules/no-cookies.md +61 -0
- package/docs/rules/no-document-domain.md +59 -0
- package/docs/rules/no-document-execcommand-insert-html.md +69 -0
- package/docs/rules/no-document-parse-html-unsafe.md +72 -0
- package/docs/rules/no-document-write.md +64 -0
- package/docs/rules/no-domparser-html-without-sanitization.md +59 -0
- package/docs/rules/no-domparser-svg-without-sanitization.md +71 -0
- package/docs/rules/no-dynamic-import-unsafe-url.md +81 -0
- package/docs/rules/no-electron-allow-running-insecure-content.md +69 -0
- package/docs/rules/no-electron-dangerous-blink-features.md +77 -0
- package/docs/rules/no-electron-disable-context-isolation.md +69 -0
- package/docs/rules/no-electron-disable-sandbox.md +69 -0
- package/docs/rules/no-electron-disable-web-security.md +69 -0
- package/docs/rules/no-electron-enable-remote-module.md +69 -0
- package/docs/rules/no-electron-enable-webview-tag.md +77 -0
- package/docs/rules/no-electron-experimental-features.md +77 -0
- package/docs/rules/no-electron-expose-raw-ipc-renderer.md +79 -0
- package/docs/rules/no-electron-insecure-certificate-error-handler.md +72 -0
- package/docs/rules/no-electron-insecure-certificate-verify-proc.md +63 -0
- package/docs/rules/no-electron-insecure-permission-request-handler.md +67 -0
- package/docs/rules/no-electron-node-integration.md +70 -0
- package/docs/rules/no-electron-permission-check-handler-allow-all.md +66 -0
- package/docs/rules/no-electron-unchecked-ipc-sender.md +62 -0
- package/docs/rules/no-electron-unrestricted-navigation.md +64 -0
- package/docs/rules/no-electron-untrusted-open-external.md +65 -0
- package/docs/rules/no-electron-webview-allowpopups.md +59 -0
- package/docs/rules/no-electron-webview-insecure-webpreferences.md +84 -0
- package/docs/rules/no-electron-webview-node-integration.md +59 -0
- package/docs/rules/no-html-method.md +58 -0
- package/docs/rules/no-http-request-to-insecure-protocol.md +59 -0
- package/docs/rules/no-iframe-srcdoc.md +76 -0
- package/docs/rules/no-inner-html.md +65 -0
- package/docs/rules/no-insecure-random.md +66 -0
- package/docs/rules/no-insecure-tls-agent-options.md +59 -0
- package/docs/rules/no-insecure-url.md +72 -0
- package/docs/rules/no-location-javascript-url.md +59 -0
- package/docs/rules/no-message-event-without-origin-check.md +82 -0
- package/docs/rules/no-msapp-exec-unsafe.md +59 -0
- package/docs/rules/no-node-tls-check-server-identity-bypass.md +88 -0
- package/docs/rules/no-node-tls-legacy-protocol.md +80 -0
- package/docs/rules/no-node-tls-reject-unauthorized-zero.md +61 -0
- package/docs/rules/no-node-tls-security-level-zero.md +77 -0
- package/docs/rules/no-node-vm-run-in-context.md +89 -0
- package/docs/rules/no-node-vm-source-text-module.md +79 -0
- package/docs/rules/no-node-worker-threads-eval.md +82 -0
- package/docs/rules/no-nonnull-assertion-on-security-input.md +59 -0
- package/docs/rules/no-postmessage-star-origin.md +59 -0
- package/docs/rules/no-postmessage-without-origin-allowlist.md +59 -0
- package/docs/rules/no-range-create-contextual-fragment.md +64 -0
- package/docs/rules/no-script-src-data-url.md +83 -0
- package/docs/rules/no-script-text.md +80 -0
- package/docs/rules/no-service-worker-unsafe-script-url.md +85 -0
- package/docs/rules/no-set-html-unsafe.md +64 -0
- package/docs/rules/no-trusted-types-policy-pass-through.md +68 -0
- package/docs/rules/no-unsafe-alloc.md +62 -0
- package/docs/rules/no-unsafe-cast-to-trusted-types.md +59 -0
- package/docs/rules/no-window-open-without-noopener.md +63 -0
- package/docs/rules/no-winjs-html-unsafe.md +60 -0
- package/docs/rules/no-worker-blob-url.md +86 -0
- package/docs/rules/no-worker-data-url.md +85 -0
- package/docs/rules/overview.md +111 -0
- package/docs/rules/presets/angular.md +35 -0
- package/docs/rules/presets/angularjs.md +36 -0
- package/docs/rules/presets/common.md +59 -0
- package/docs/rules/presets/electron.md +51 -0
- package/docs/rules/presets/index.md +26 -0
- package/docs/rules/presets/node.md +43 -0
- package/docs/rules/presets/react.md +33 -0
- package/docs/rules/presets/recommended.md +104 -0
- package/docs/rules/presets/required.md +99 -0
- package/docs/rules/presets/typescript.md +34 -0
- package/package.json +583 -0
|
@@ -0,0 +1,134 @@
|
|
|
1
|
+
import { isDefined, setHas } from "ts-extras";
|
|
2
|
+
import { getMemberPropertyName } from "./estree-utils.js";
|
|
3
|
+
const WORKER_CONSTRUCTOR_NAMES = new Set(["SharedWorker", "Worker"]);
|
|
4
|
+
const GLOBAL_OBJECT_NAMES = new Set([
|
|
5
|
+
"globalThis",
|
|
6
|
+
"self",
|
|
7
|
+
"window",
|
|
8
|
+
]);
|
|
9
|
+
const isNavigatorObject = (value) => {
|
|
10
|
+
if (value.type === "Identifier") {
|
|
11
|
+
return value.name === "navigator";
|
|
12
|
+
}
|
|
13
|
+
if (value.type !== "MemberExpression") {
|
|
14
|
+
return false;
|
|
15
|
+
}
|
|
16
|
+
return (getMemberPropertyName(value) === "navigator" &&
|
|
17
|
+
value.object.type === "Identifier" &&
|
|
18
|
+
setHas(GLOBAL_OBJECT_NAMES, value.object.name));
|
|
19
|
+
};
|
|
20
|
+
/**
|
|
21
|
+
* Check whether a value is a static `blob:` URL.
|
|
22
|
+
*
|
|
23
|
+
* @param value - URL string to inspect.
|
|
24
|
+
*
|
|
25
|
+
* @returns Whether the string starts with `blob:`.
|
|
26
|
+
*/
|
|
27
|
+
export const isBlobUrl = (value) => /^\s*blob:/iu.test(value);
|
|
28
|
+
/**
|
|
29
|
+
* Check whether a value is a static `data:` URL.
|
|
30
|
+
*
|
|
31
|
+
* @param value - URL string to inspect.
|
|
32
|
+
*
|
|
33
|
+
* @returns Whether the string starts with `data:`.
|
|
34
|
+
*/
|
|
35
|
+
export const isDataUrl = (value) => /^\s*data:/iu.test(value);
|
|
36
|
+
const isWorkerConstructorName = (value) => isDefined(value) && setHas(WORKER_CONSTRUCTOR_NAMES, value);
|
|
37
|
+
const isGlobalObjectName = (value) => setHas(GLOBAL_OBJECT_NAMES, value);
|
|
38
|
+
/**
|
|
39
|
+
* Check whether an expression is one of the common global objects used for
|
|
40
|
+
* worker-related APIs.
|
|
41
|
+
*
|
|
42
|
+
* @param value - Expression to inspect.
|
|
43
|
+
*
|
|
44
|
+
* @returns Whether the expression is `window`, `self`, or `globalThis`.
|
|
45
|
+
*/
|
|
46
|
+
export const isWorkerGlobalObject = (value) => value.type === "Identifier" && isGlobalObjectName(value.name);
|
|
47
|
+
/**
|
|
48
|
+
* Check whether a constructor callee targets `Worker` or `SharedWorker`.
|
|
49
|
+
*
|
|
50
|
+
* @param callee - Constructor callee to inspect.
|
|
51
|
+
*
|
|
52
|
+
* @returns Whether the callee is a worker constructor.
|
|
53
|
+
*/
|
|
54
|
+
export const isWorkerConstructor = (callee) => {
|
|
55
|
+
if (callee.type === "Identifier") {
|
|
56
|
+
return isWorkerConstructorName(callee.name);
|
|
57
|
+
}
|
|
58
|
+
if (callee.type !== "MemberExpression") {
|
|
59
|
+
return false;
|
|
60
|
+
}
|
|
61
|
+
return (isWorkerConstructorName(getMemberPropertyName(callee)) &&
|
|
62
|
+
isWorkerGlobalObject(callee.object));
|
|
63
|
+
};
|
|
64
|
+
/**
|
|
65
|
+
* Check whether a call targets `importScripts(...)`.
|
|
66
|
+
*
|
|
67
|
+
* @param callee - Call callee to inspect.
|
|
68
|
+
*
|
|
69
|
+
* @returns Whether the callee is an importScripts sink.
|
|
70
|
+
*/
|
|
71
|
+
export const isImportScriptsCall = (callee) => {
|
|
72
|
+
if (callee.type === "Identifier") {
|
|
73
|
+
return callee.name === "importScripts";
|
|
74
|
+
}
|
|
75
|
+
if (callee.type !== "MemberExpression") {
|
|
76
|
+
return false;
|
|
77
|
+
}
|
|
78
|
+
return (getMemberPropertyName(callee) === "importScripts" &&
|
|
79
|
+
isWorkerGlobalObject(callee.object));
|
|
80
|
+
};
|
|
81
|
+
/**
|
|
82
|
+
* Check whether an expression resolves the service worker container from
|
|
83
|
+
* `navigator.serviceWorker`.
|
|
84
|
+
*
|
|
85
|
+
* @param value - Expression to inspect.
|
|
86
|
+
*
|
|
87
|
+
* @returns Whether the expression is a service worker container access.
|
|
88
|
+
*/
|
|
89
|
+
export const isServiceWorkerContainerAccess = (value) => {
|
|
90
|
+
if (value.type !== "MemberExpression") {
|
|
91
|
+
return false;
|
|
92
|
+
}
|
|
93
|
+
return (getMemberPropertyName(value) === "serviceWorker" &&
|
|
94
|
+
isNavigatorObject(value.object));
|
|
95
|
+
};
|
|
96
|
+
/**
|
|
97
|
+
* Check whether a call targets `navigator.serviceWorker.register(...)`.
|
|
98
|
+
*
|
|
99
|
+
* @param callee - Call callee to inspect.
|
|
100
|
+
*
|
|
101
|
+
* @returns Whether the callee is a service worker registration sink.
|
|
102
|
+
*/
|
|
103
|
+
export const isServiceWorkerRegisterCall = (callee) => callee.type === "MemberExpression" &&
|
|
104
|
+
getMemberPropertyName(callee) === "register" &&
|
|
105
|
+
isServiceWorkerContainerAccess(callee.object);
|
|
106
|
+
const isGlobalUrlObject = (node) => {
|
|
107
|
+
if (getMemberPropertyName(node) !== "URL") {
|
|
108
|
+
return false;
|
|
109
|
+
}
|
|
110
|
+
return (node.object.type === "Identifier" &&
|
|
111
|
+
isGlobalObjectName(node.object.name));
|
|
112
|
+
};
|
|
113
|
+
/**
|
|
114
|
+
* Check whether an expression is a direct `URL.createObjectURL(...)` call.
|
|
115
|
+
*
|
|
116
|
+
* @param node - Expression to inspect.
|
|
117
|
+
*
|
|
118
|
+
* @returns Whether the expression creates an object URL from the global URL
|
|
119
|
+
* API.
|
|
120
|
+
*/
|
|
121
|
+
export const isUrlCreateObjectUrlCall = (node) => {
|
|
122
|
+
if (node.type !== "CallExpression" ||
|
|
123
|
+
node.callee.type !== "MemberExpression") {
|
|
124
|
+
return false;
|
|
125
|
+
}
|
|
126
|
+
if (getMemberPropertyName(node.callee) !== "createObjectURL") {
|
|
127
|
+
return false;
|
|
128
|
+
}
|
|
129
|
+
return ((node.callee.object.type === "Identifier" &&
|
|
130
|
+
node.callee.object.name === "URL") ||
|
|
131
|
+
(node.callee.object.type === "MemberExpression" &&
|
|
132
|
+
isGlobalUrlObject(node.callee.object)));
|
|
133
|
+
};
|
|
134
|
+
//# sourceMappingURL=worker-code-loading.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"worker-code-loading.js","sourceRoot":"","sources":["../../src/_internal/worker-code-loading.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AAE9C,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAI1D,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,CAAC;AACrE,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAChC,YAAY;IACZ,MAAM;IACN,QAAQ;CACX,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,CAAC,KAAoC,EAAW,EAAE;IACxE,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC,IAAI,KAAK,WAAW,CAAC;IACtC,CAAC;IAED,IAAI,KAAK,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QACpC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,CACH,qBAAqB,CAAC,KAAK,CAAC,KAAK,WAAW;QAC5C,KAAK,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;QAClC,MAAM,CAAC,mBAAmB,EAAE,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CACjD,CAAC;AACN,CAAC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,KAAa,EAAW,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAE/E;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,KAAa,EAAW,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAE/E,MAAM,uBAAuB,GAAG,CAC5B,KAAyB,EACK,EAAE,CAChC,SAAS,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;AAEhE,MAAM,kBAAkB,GAAG,CAAC,KAAa,EAAW,EAAE,CAClD,MAAM,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;AAEvC;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAChC,KAAoC,EAC7B,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,YAAY,IAAI,kBAAkB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;AAE5E;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAC/B,MAAkD,EAC3C,EAAE;IACT,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,OAAO,uBAAuB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,CACH,uBAAuB,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACtD,oBAAoB,CAAC,MAAM,CAAC,MAAM,CAAC,CACtC,CAAC;AACN,CAAC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAC/B,MAAmD,EAC5C,EAAE;IACT,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,OAAO,MAAM,CAAC,IAAI,KAAK,eAAe,CAAC;IAC3C,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,CACH,qBAAqB,CAAC,MAAM,CAAC,KAAK,eAAe;QACjD,oBAAoB,CAAC,MAAM,CAAC,MAAM,CAAC,CACtC,CAAC;AACN,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,CAC1C,KAAoC,EACF,EAAE;IACpC,IAAI,KAAK,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QACpC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,CACH,qBAAqB,CAAC,KAAK,CAAC,KAAK,eAAe;QAChD,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC,CAClC,CAAC;AACN,CAAC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG,CACvC,MAAmD,EAC5C,EAAE,CACT,MAAM,CAAC,IAAI,KAAK,kBAAkB;IAClC,qBAAqB,CAAC,MAAM,CAAC,KAAK,UAAU;IAC5C,8BAA8B,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;AAElD,MAAM,iBAAiB,GAAG,CACtB,IAAyC,EAClC,EAAE;IACT,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,KAAK,EAAE,CAAC;QACxC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,CACH,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;QACjC,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CACvC,CAAC;AACN,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,CACpC,IAAmC,EACJ,EAAE;IACjC,IACI,IAAI,CAAC,IAAI,KAAK,gBAAgB;QAC9B,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,EACzC,CAAC;QACC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,iBAAiB,EAAE,CAAC;QAC3D,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,CACH,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;QACrC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK,CAAC;QACtC,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;YAC3C,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAC7C,CAAC;AACN,CAAC,CAAC"}
|