eslint-plugin-sdl-2 1.2.4 → 1.2.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +81 -873
- package/dist/_internal/config-references.d.ts +2 -1
- package/dist/_internal/config-references.d.ts.map +1 -1
- package/dist/_internal/config-references.js.map +1 -1
- package/dist/_internal/electron-web-preferences.d.ts.map +1 -1
- package/dist/_internal/electron-web-preferences.js +1 -3
- package/dist/_internal/electron-web-preferences.js.map +1 -1
- package/dist/plugin.cjs +613 -652
- package/dist/plugin.cjs.map +3 -3
- package/dist/plugin.js +13 -13
- package/dist/plugin.js.map +1 -1
- package/dist/rules/no-angular-bypass-sanitizer.d.ts.map +1 -1
- package/dist/rules/no-angular-bypass-sanitizer.js +8 -10
- package/dist/rules/no-angular-bypass-sanitizer.js.map +1 -1
- package/dist/rules/no-angular-bypass-security-trust-html.d.ts.map +1 -1
- package/dist/rules/no-angular-bypass-security-trust-html.js +14 -17
- package/dist/rules/no-angular-bypass-security-trust-html.js.map +1 -1
- package/dist/rules/no-angular-innerhtml-binding.d.ts.map +1 -1
- package/dist/rules/no-angular-innerhtml-binding.js +30 -32
- package/dist/rules/no-angular-innerhtml-binding.js.map +1 -1
- package/dist/rules/no-angular-sanitization-trusted-urls.d.ts.map +1 -1
- package/dist/rules/no-angular-sanitization-trusted-urls.js +8 -10
- package/dist/rules/no-angular-sanitization-trusted-urls.js.map +1 -1
- package/dist/rules/no-angularjs-ng-bind-html-without-sanitize.d.ts.map +1 -1
- package/dist/rules/no-angularjs-ng-bind-html-without-sanitize.js +36 -38
- package/dist/rules/no-angularjs-ng-bind-html-without-sanitize.js.map +1 -1
- package/dist/rules/no-angularjs-sanitization-whitelist.d.ts.map +1 -1
- package/dist/rules/no-angularjs-sanitization-whitelist.js +8 -10
- package/dist/rules/no-angularjs-sanitization-whitelist.js.map +1 -1
- package/dist/rules/no-document-parse-html-unsafe.d.ts.map +1 -1
- package/dist/rules/no-document-parse-html-unsafe.js +6 -3
- package/dist/rules/no-document-parse-html-unsafe.js.map +1 -1
- package/dist/rules/no-dynamic-import-unsafe-url.d.ts.map +1 -1
- package/dist/rules/no-dynamic-import-unsafe-url.js +11 -13
- package/dist/rules/no-dynamic-import-unsafe-url.js.map +1 -1
- package/dist/rules/no-electron-allow-running-insecure-content.d.ts.map +1 -1
- package/dist/rules/no-electron-allow-running-insecure-content.js +4 -6
- package/dist/rules/no-electron-allow-running-insecure-content.js.map +1 -1
- package/dist/rules/no-electron-disable-context-isolation.d.ts.map +1 -1
- package/dist/rules/no-electron-disable-context-isolation.js +4 -6
- package/dist/rules/no-electron-disable-context-isolation.js.map +1 -1
- package/dist/rules/no-electron-disable-sandbox.d.ts.map +1 -1
- package/dist/rules/no-electron-disable-sandbox.js +4 -6
- package/dist/rules/no-electron-disable-sandbox.js.map +1 -1
- package/dist/rules/no-electron-disable-web-security.d.ts.map +1 -1
- package/dist/rules/no-electron-disable-web-security.js +4 -6
- package/dist/rules/no-electron-disable-web-security.js.map +1 -1
- package/dist/rules/no-electron-enable-remote-module.d.ts.map +1 -1
- package/dist/rules/no-electron-enable-remote-module.js +4 -6
- package/dist/rules/no-electron-enable-remote-module.js.map +1 -1
- package/dist/rules/no-electron-enable-webview-tag.d.ts.map +1 -1
- package/dist/rules/no-electron-enable-webview-tag.js +4 -6
- package/dist/rules/no-electron-enable-webview-tag.js.map +1 -1
- package/dist/rules/no-electron-experimental-features.d.ts.map +1 -1
- package/dist/rules/no-electron-experimental-features.js +4 -6
- package/dist/rules/no-electron-experimental-features.js.map +1 -1
- package/dist/rules/no-electron-node-integration.d.ts.map +1 -1
- package/dist/rules/no-electron-node-integration.js +27 -29
- package/dist/rules/no-electron-node-integration.js.map +1 -1
- package/dist/rules/no-electron-webview-allowpopups.d.ts.map +1 -1
- package/dist/rules/no-electron-webview-allowpopups.js +21 -25
- package/dist/rules/no-electron-webview-allowpopups.js.map +1 -1
- package/dist/rules/no-electron-webview-insecure-webpreferences.d.ts.map +1 -1
- package/dist/rules/no-electron-webview-insecure-webpreferences.js +28 -30
- package/dist/rules/no-electron-webview-insecure-webpreferences.js.map +1 -1
- package/dist/rules/no-electron-webview-node-integration.d.ts.map +1 -1
- package/dist/rules/no-electron-webview-node-integration.js +27 -31
- package/dist/rules/no-electron-webview-node-integration.js.map +1 -1
- package/dist/rules/no-inner-html.js +3 -3
- package/dist/rules/no-inner-html.js.map +1 -1
- package/dist/rules/no-insecure-random.js +1 -1
- package/dist/rules/no-insecure-random.js.map +1 -1
- package/dist/rules/no-insecure-tls-agent-options.d.ts.map +1 -1
- package/dist/rules/no-insecure-tls-agent-options.js +20 -22
- package/dist/rules/no-insecure-tls-agent-options.js.map +1 -1
- package/dist/rules/no-insecure-url.js +8 -8
- package/dist/rules/no-insecure-url.js.map +1 -1
- package/dist/rules/no-message-event-without-origin-check.js +19 -19
- package/dist/rules/no-message-event-without-origin-check.js.map +1 -1
- package/dist/rules/no-msapp-exec-unsafe.d.ts.map +1 -1
- package/dist/rules/no-msapp-exec-unsafe.js +8 -10
- package/dist/rules/no-msapp-exec-unsafe.js.map +1 -1
- package/dist/rules/no-node-tls-check-server-identity-bypass.d.ts.map +1 -1
- package/dist/rules/no-node-tls-check-server-identity-bypass.js +29 -32
- package/dist/rules/no-node-tls-check-server-identity-bypass.js.map +1 -1
- package/dist/rules/no-node-tls-legacy-protocol.d.ts.map +1 -1
- package/dist/rules/no-node-tls-legacy-protocol.js +51 -50
- package/dist/rules/no-node-tls-legacy-protocol.js.map +1 -1
- package/dist/rules/no-node-tls-reject-unauthorized-zero.d.ts.map +1 -1
- package/dist/rules/no-node-tls-reject-unauthorized-zero.js +28 -30
- package/dist/rules/no-node-tls-reject-unauthorized-zero.js.map +1 -1
- package/dist/rules/no-node-tls-security-level-zero.d.ts.map +1 -1
- package/dist/rules/no-node-tls-security-level-zero.js +37 -39
- package/dist/rules/no-node-tls-security-level-zero.js.map +1 -1
- package/dist/rules/no-nonnull-assertion-on-security-input.d.ts.map +1 -1
- package/dist/rules/no-nonnull-assertion-on-security-input.js +11 -13
- package/dist/rules/no-nonnull-assertion-on-security-input.js.map +1 -1
- package/dist/rules/no-postmessage-star-origin.d.ts.map +1 -1
- package/dist/rules/no-postmessage-star-origin.js +1 -3
- package/dist/rules/no-postmessage-star-origin.js.map +1 -1
- package/dist/rules/no-script-text.d.ts.map +1 -1
- package/dist/rules/no-script-text.js +6 -3
- package/dist/rules/no-script-text.js.map +1 -1
- package/dist/rules/no-unsafe-cast-to-trusted-types.d.ts.map +1 -1
- package/dist/rules/no-unsafe-cast-to-trusted-types.js +26 -28
- package/dist/rules/no-unsafe-cast-to-trusted-types.js.map +1 -1
- package/dist/rules/no-winjs-html-unsafe.d.ts.map +1 -1
- package/dist/rules/no-winjs-html-unsafe.js +8 -10
- package/dist/rules/no-winjs-html-unsafe.js.map +1 -1
- package/docs/rules/no-child-process-exec.md +1 -1
- package/docs/rules/no-child-process-shell-true.md +1 -1
- package/docs/rules/no-msapp-exec-unsafe.md +1 -1
- package/docs/rules/no-winjs-html-unsafe.md +1 -1
- package/package.json +49 -41
|
@@ -41,37 +41,35 @@ const isUnsafeOverrideValue = (node) => {
|
|
|
41
41
|
};
|
|
42
42
|
/** Rule implementation. */
|
|
43
43
|
const rule = createRule({
|
|
44
|
-
create(context) {
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
{
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
return fixer.replaceText(node.right, replacementValue);
|
|
67
|
-
},
|
|
68
|
-
messageId: "replaceWithTlsRejectUnauthorizedOne",
|
|
44
|
+
create: (context) => ({
|
|
45
|
+
AssignmentExpression(node) {
|
|
46
|
+
if (node.operator !== "=") {
|
|
47
|
+
return;
|
|
48
|
+
}
|
|
49
|
+
if (!isTlsRejectUnauthorizedMember(node.left)) {
|
|
50
|
+
return;
|
|
51
|
+
}
|
|
52
|
+
if (!isUnsafeOverrideValue(node.right)) {
|
|
53
|
+
return;
|
|
54
|
+
}
|
|
55
|
+
context.report({
|
|
56
|
+
messageId: "default",
|
|
57
|
+
node,
|
|
58
|
+
suggest: [
|
|
59
|
+
{
|
|
60
|
+
fix(fixer) {
|
|
61
|
+
const replacementValue = node.right.type ===
|
|
62
|
+
AST_NODE_TYPES.TemplateLiteral
|
|
63
|
+
? "`1`"
|
|
64
|
+
: "'1'";
|
|
65
|
+
return fixer.replaceText(node.right, replacementValue);
|
|
69
66
|
},
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
67
|
+
messageId: "replaceWithTlsRejectUnauthorizedOne",
|
|
68
|
+
},
|
|
69
|
+
],
|
|
70
|
+
});
|
|
71
|
+
},
|
|
72
|
+
}),
|
|
75
73
|
meta: {
|
|
76
74
|
deprecated: false,
|
|
77
75
|
docs: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-node-tls-reject-unauthorized-zero.js","sourceRoot":"","sources":["../../src/rules/no-node-tls-reject-unauthorized-zero.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,qBAAqB,GAAG,CAC1B,gBAA2C,EACzB,EAAE;IACpB,IACI,CAAC,gBAAgB,CAAC,QAAQ;QAC1B,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EAC9D,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC1C,CAAC;IAED,IACI,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,cAAc,CAAC,OAAO;QACzD,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,KAAK,QAAQ,EACrD,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC;IAC3C,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,kBAAkB,GAAG,CAAC,IAAyB,EAAW,EAAE;IAC9D,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,gBAAgB,EAAE,CAAC;QAChD,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,KAAK,EAAE,CAAC;QACxC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,CACH,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU;QAC9C,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,CACjC,CAAC;AACN,CAAC,CAAC;AAEF,MAAM,6BAA6B,GAAG,CAClC,IAA2C,EACpC,EAAE;IACT,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,gBAAgB,EAAE,CAAC;QAChD,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,8BAA8B,EAAE,CAAC;QACjE,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC3C,CAAC,CAAC;AAEF,MAAM,qBAAqB,GAAG,CAAC,IAAyB,EAAW,EAAE;IACjE,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,OAAO,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC,KAAK,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,KAAK,GAAG,CAAC;IAClD,CAAC;IAED,OAAO,CACH,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,eAAe;QAC5C,IAAI,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;QAC7B,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,MAAM,KAAK,GAAG,CAChD,CAAC;AACN,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,CAAC,OAAO
|
|
1
|
+
{"version":3,"file":"no-node-tls-reject-unauthorized-zero.js","sourceRoot":"","sources":["../../src/rules/no-node-tls-reject-unauthorized-zero.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,qBAAqB,GAAG,CAC1B,gBAA2C,EACzB,EAAE;IACpB,IACI,CAAC,gBAAgB,CAAC,QAAQ;QAC1B,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EAC9D,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC1C,CAAC;IAED,IACI,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,cAAc,CAAC,OAAO;QACzD,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,KAAK,QAAQ,EACrD,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC;IAC3C,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,kBAAkB,GAAG,CAAC,IAAyB,EAAW,EAAE;IAC9D,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,gBAAgB,EAAE,CAAC;QAChD,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,KAAK,EAAE,CAAC;QACxC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,CACH,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU;QAC9C,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,CACjC,CAAC;AACN,CAAC,CAAC;AAEF,MAAM,6BAA6B,GAAG,CAClC,IAA2C,EACpC,EAAE;IACT,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,gBAAgB,EAAE,CAAC;QAChD,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,8BAA8B,EAAE,CAAC;QACjE,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC3C,CAAC,CAAC;AAEF,MAAM,qBAAqB,GAAG,CAAC,IAAyB,EAAW,EAAE;IACjE,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,OAAO,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC,KAAK,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,KAAK,GAAG,CAAC;IAClD,CAAC;IAED,OAAO,CACH,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,eAAe;QAC5C,IAAI,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;QAC7B,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,MAAM,KAAK,GAAG,CAChD,CAAC;AACN,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAClB,oBAAoB,CAAC,IAAmC;YACpD,IAAI,IAAI,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;gBACxB,OAAO;YACX,CAAC;YAED,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC5C,OAAO;YACX,CAAC;YAED,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACrC,OAAO;YACX,CAAC;YAED,OAAO,CAAC,MAAM,CAAC;gBACX,SAAS,EAAE,SAAS;gBACpB,IAAI;gBACJ,OAAO,EAAE;oBACL;wBACI,GAAG,CAAC,KAAK;4BACL,MAAM,gBAAgB,GAClB,IAAI,CAAC,KAAK,CAAC,IAAI;gCACf,cAAc,CAAC,eAAe;gCAC1B,CAAC,CAAC,KAAK;gCACP,CAAC,CAAC,KAAK,CAAC;4BAEhB,OAAO,KAAK,CAAC,WAAW,CACpB,IAAI,CAAC,KAAK,EACV,gBAAgB,CACnB,CAAC;wBACN,CAAC;wBACD,SAAS,EAAE,qCAAqC;qBACnD;iBACJ;aACJ,CAAC,CAAC;QACP,CAAC;KACJ,CAAC;IACF,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,4FAA4F;YAChG,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,kGAAkG;SAC1G;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACN,OAAO,EACH,gFAAgF;YACpF,mCAAmC,EAC/B,qFAAqF;SAC5F;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,sCAAsC;CAC/C,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-node-tls-security-level-zero.d.ts","sourceRoot":"","sources":["../../src/rules/no-node-tls-security-level-zero.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAuBzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,
|
|
1
|
+
{"version":3,"file":"no-node-tls-security-level-zero.d.ts","sourceRoot":"","sources":["../../src/rules/no-node-tls-security-level-zero.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAuBzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAqFtC,CAAC;AAEH,eAAe,IAAI,CAAC"}
|
|
@@ -10,55 +10,53 @@ const isExpressionNode = (node) => node.type !== AST_NODE_TYPES.ArrayPattern &&
|
|
|
10
10
|
const isSecurityLevelZeroCipherString = (value) => TLS_SECURITY_LEVEL_ZERO_PATTERN.test(value);
|
|
11
11
|
/** Rule implementation. */
|
|
12
12
|
const rule = createRule({
|
|
13
|
-
create(context) {
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
13
|
+
create: (context) => ({
|
|
14
|
+
AssignmentExpression(node) {
|
|
15
|
+
if (node.operator !== "=" ||
|
|
16
|
+
!isNodeTlsStaticMember(node.left, TLS_DEFAULT_CIPHERS_PROPERTY_NAMES)) {
|
|
17
|
+
return;
|
|
18
|
+
}
|
|
19
|
+
const configuredValue = getStaticStringValue(node.right);
|
|
20
|
+
if (typeof configuredValue !== "string" ||
|
|
21
|
+
!isSecurityLevelZeroCipherString(configuredValue)) {
|
|
22
|
+
return;
|
|
23
|
+
}
|
|
24
|
+
context.report({
|
|
25
|
+
data: {
|
|
26
|
+
configuredValue,
|
|
27
|
+
propertyName: "DEFAULT_CIPHERS",
|
|
28
|
+
},
|
|
29
|
+
messageId: "default",
|
|
30
|
+
node: node.right,
|
|
31
|
+
});
|
|
32
|
+
},
|
|
33
|
+
ObjectExpression(node) {
|
|
34
|
+
if (!isRelevantNodeTlsOptionsObject(node)) {
|
|
35
|
+
return;
|
|
36
|
+
}
|
|
37
|
+
for (const propertyNode of node.properties) {
|
|
38
|
+
if (propertyNode.type !== AST_NODE_TYPES.Property ||
|
|
39
|
+
propertyNode.kind !== "init" ||
|
|
40
|
+
getPropertyName(propertyNode) !== "ciphers" ||
|
|
41
|
+
!isExpressionNode(propertyNode.value)) {
|
|
42
|
+
continue;
|
|
19
43
|
}
|
|
20
|
-
const configuredValue = getStaticStringValue(
|
|
44
|
+
const configuredValue = getStaticStringValue(propertyNode.value);
|
|
21
45
|
if (typeof configuredValue !== "string" ||
|
|
22
46
|
!isSecurityLevelZeroCipherString(configuredValue)) {
|
|
23
|
-
|
|
47
|
+
continue;
|
|
24
48
|
}
|
|
25
49
|
context.report({
|
|
26
50
|
data: {
|
|
27
51
|
configuredValue,
|
|
28
|
-
propertyName: "
|
|
52
|
+
propertyName: "ciphers",
|
|
29
53
|
},
|
|
30
54
|
messageId: "default",
|
|
31
|
-
node:
|
|
55
|
+
node: propertyNode.value,
|
|
32
56
|
});
|
|
33
|
-
}
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
return;
|
|
37
|
-
}
|
|
38
|
-
for (const propertyNode of node.properties) {
|
|
39
|
-
if (propertyNode.type !== AST_NODE_TYPES.Property ||
|
|
40
|
-
propertyNode.kind !== "init" ||
|
|
41
|
-
getPropertyName(propertyNode) !== "ciphers" ||
|
|
42
|
-
!isExpressionNode(propertyNode.value)) {
|
|
43
|
-
continue;
|
|
44
|
-
}
|
|
45
|
-
const configuredValue = getStaticStringValue(propertyNode.value);
|
|
46
|
-
if (typeof configuredValue !== "string" ||
|
|
47
|
-
!isSecurityLevelZeroCipherString(configuredValue)) {
|
|
48
|
-
continue;
|
|
49
|
-
}
|
|
50
|
-
context.report({
|
|
51
|
-
data: {
|
|
52
|
-
configuredValue,
|
|
53
|
-
propertyName: "ciphers",
|
|
54
|
-
},
|
|
55
|
-
messageId: "default",
|
|
56
|
-
node: propertyNode.value,
|
|
57
|
-
});
|
|
58
|
-
}
|
|
59
|
-
},
|
|
60
|
-
};
|
|
61
|
-
},
|
|
57
|
+
}
|
|
58
|
+
},
|
|
59
|
+
}),
|
|
62
60
|
meta: {
|
|
63
61
|
deprecated: false,
|
|
64
62
|
docs: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-node-tls-security-level-zero.js","sourceRoot":"","sources":["../../src/rules/no-node-tls-security-level-zero.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE1D,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EACH,eAAe,EACf,oBAAoB,GACvB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACH,qBAAqB,EACrB,8BAA8B,GACjC,MAAM,iCAAiC,CAAC;AAIzC,MAAM,kCAAkC,GAAG,IAAI,GAAG,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC;AACxE,MAAM,+BAA+B,GAAG,uBAAuB,CAAC;AAEhE,MAAM,gBAAgB,GAAG,CAAC,IAAmB,EAA+B,EAAE,CAC1E,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,YAAY;IACzC,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,iBAAiB;IAC9C,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,aAAa,CAAC;AAE/C,MAAM,+BAA+B,GAAG,CAAC,KAAa,EAAW,EAAE,CAC/D,+BAA+B,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAEhD,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,CAAC,OAAO
|
|
1
|
+
{"version":3,"file":"no-node-tls-security-level-zero.js","sourceRoot":"","sources":["../../src/rules/no-node-tls-security-level-zero.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE1D,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EACH,eAAe,EACf,oBAAoB,GACvB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACH,qBAAqB,EACrB,8BAA8B,GACjC,MAAM,iCAAiC,CAAC;AAIzC,MAAM,kCAAkC,GAAG,IAAI,GAAG,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC;AACxE,MAAM,+BAA+B,GAAG,uBAAuB,CAAC;AAEhE,MAAM,gBAAgB,GAAG,CAAC,IAAmB,EAA+B,EAAE,CAC1E,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,YAAY;IACzC,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,iBAAiB;IAC9C,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,aAAa,CAAC;AAE/C,MAAM,+BAA+B,GAAG,CAAC,KAAa,EAAW,EAAE,CAC/D,+BAA+B,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAEhD,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAClB,oBAAoB,CAAC,IAAmC;YACpD,IACI,IAAI,CAAC,QAAQ,KAAK,GAAG;gBACrB,CAAC,qBAAqB,CAClB,IAAI,CAAC,IAAI,EACT,kCAAkC,CACrC,EACH,CAAC;gBACC,OAAO;YACX,CAAC;YAED,MAAM,eAAe,GAAG,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAEzD,IACI,OAAO,eAAe,KAAK,QAAQ;gBACnC,CAAC,+BAA+B,CAAC,eAAe,CAAC,EACnD,CAAC;gBACC,OAAO;YACX,CAAC;YAED,OAAO,CAAC,MAAM,CAAC;gBACX,IAAI,EAAE;oBACF,eAAe;oBACf,YAAY,EAAE,iBAAiB;iBAClC;gBACD,SAAS,EAAE,SAAS;gBACpB,IAAI,EAAE,IAAI,CAAC,KAAK;aACnB,CAAC,CAAC;QACP,CAAC;QACD,gBAAgB,CAAC,IAA+B;YAC5C,IAAI,CAAC,8BAA8B,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxC,OAAO;YACX,CAAC;YAED,KAAK,MAAM,YAAY,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACzC,IACI,YAAY,CAAC,IAAI,KAAK,cAAc,CAAC,QAAQ;oBAC7C,YAAY,CAAC,IAAI,KAAK,MAAM;oBAC5B,eAAe,CAAC,YAAY,CAAC,KAAK,SAAS;oBAC3C,CAAC,gBAAgB,CAAC,YAAY,CAAC,KAAK,CAAC,EACvC,CAAC;oBACC,SAAS;gBACb,CAAC;gBAED,MAAM,eAAe,GAAG,oBAAoB,CACxC,YAAY,CAAC,KAAK,CACrB,CAAC;gBAEF,IACI,OAAO,eAAe,KAAK,QAAQ;oBACnC,CAAC,+BAA+B,CAAC,eAAe,CAAC,EACnD,CAAC;oBACC,SAAS;gBACb,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,IAAI,EAAE;wBACF,eAAe;wBACf,YAAY,EAAE,SAAS;qBAC1B;oBACD,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,YAAY,CAAC,KAAK;iBAC3B,CAAC,CAAC;YACP,CAAC;QACL,CAAC;KACJ,CAAC;IACF,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,4EAA4E;YAChF,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,6FAA6F;SACrG;QACD,QAAQ,EAAE;YACN,OAAO,EACH,kKAAkK;SACzK;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,iCAAiC;CAC1C,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-nonnull-assertion-on-security-input.d.ts","sourceRoot":"","sources":["../../src/rules/no-nonnull-assertion-on-security-input.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAwBzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,
|
|
1
|
+
{"version":3,"file":"no-nonnull-assertion-on-security-input.d.ts","sourceRoot":"","sources":["../../src/rules/no-nonnull-assertion-on-security-input.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAwBzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CA8BtC,CAAC;AAEH,eAAe,IAAI,CAAC"}
|
|
@@ -14,19 +14,17 @@ const isSecuritySensitiveExpression = (expression) => {
|
|
|
14
14
|
};
|
|
15
15
|
/** Rule implementation. */
|
|
16
16
|
const rule = createRule({
|
|
17
|
-
create(context) {
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
};
|
|
29
|
-
},
|
|
17
|
+
create: (context) => ({
|
|
18
|
+
TSNonNullExpression(node) {
|
|
19
|
+
if (!isSecuritySensitiveExpression(node.expression)) {
|
|
20
|
+
return;
|
|
21
|
+
}
|
|
22
|
+
context.report({
|
|
23
|
+
messageId: "default",
|
|
24
|
+
node,
|
|
25
|
+
});
|
|
26
|
+
},
|
|
27
|
+
}),
|
|
30
28
|
meta: {
|
|
31
29
|
deprecated: false,
|
|
32
30
|
docs: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-nonnull-assertion-on-security-input.js","sourceRoot":"","sources":["../../src/rules/no-nonnull-assertion-on-security-input.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE1D,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,sBAAsB,GAAG,+CAA+C,CAAC;AAE/E,MAAM,6BAA6B,GAAG,CAClC,UAA+B,EACxB,EAAE;IACT,IAAI,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EAAE,CAAC;QAChD,OAAO,sBAAsB,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC;IAED,IACI,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,gBAAgB;QACnD,CAAC,UAAU,CAAC,QAAQ;QACpB,UAAU,CAAC,QAAQ,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EACxD,CAAC;QACC,OAAO,sBAAsB,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACjE,CAAC;IAED,OAAO,KAAK,CAAC;AACjB,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,CAAC,OAAO
|
|
1
|
+
{"version":3,"file":"no-nonnull-assertion-on-security-input.js","sourceRoot":"","sources":["../../src/rules/no-nonnull-assertion-on-security-input.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE1D,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,sBAAsB,GAAG,+CAA+C,CAAC;AAE/E,MAAM,6BAA6B,GAAG,CAClC,UAA+B,EACxB,EAAE;IACT,IAAI,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EAAE,CAAC;QAChD,OAAO,sBAAsB,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC;IAED,IACI,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,gBAAgB;QACnD,CAAC,UAAU,CAAC,QAAQ;QACpB,UAAU,CAAC,QAAQ,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EACxD,CAAC;QACC,OAAO,sBAAsB,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACjE,CAAC;IAED,OAAO,KAAK,CAAC;AACjB,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAClB,mBAAmB,CAAC,IAAkC;YAClD,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBAClD,OAAO;YACX,CAAC;YAED,OAAO,CAAC,MAAM,CAAC;gBACX,SAAS,EAAE,SAAS;gBACpB,IAAI;aACP,CAAC,CAAC;QACP,CAAC;KACJ,CAAC;IACF,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,yEAAyE;YAC7E,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,oGAAoG;SAC5G;QACD,QAAQ,EAAE;YACN,OAAO,EACH,8EAA8E;SACrF;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,wCAAwC;CACjD,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-postmessage-star-origin.d.ts","sourceRoot":"","sources":["../../src/rules/no-postmessage-star-origin.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,
|
|
1
|
+
{"version":3,"file":"no-postmessage-star-origin.d.ts","sourceRoot":"","sources":["../../src/rules/no-postmessage-star-origin.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAsEtC,CAAC;AAEH,eAAe,IAAI,CAAC"}
|
|
@@ -26,9 +26,7 @@ const rule = createRule({
|
|
|
26
26
|
node: targetOrigin,
|
|
27
27
|
suggest: [
|
|
28
28
|
{
|
|
29
|
-
fix(fixer)
|
|
30
|
-
return fixer.replaceText(targetOrigin, "location.origin");
|
|
31
|
-
},
|
|
29
|
+
fix: (fixer) => fixer.replaceText(targetOrigin, "location.origin"),
|
|
32
30
|
messageId: "replaceWithExplicitOrigin",
|
|
33
31
|
},
|
|
34
32
|
],
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-postmessage-star-origin.js","sourceRoot":"","sources":["../../src/rules/no-postmessage-star-origin.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAErD,OAAO,EACH,kBAAkB,EAClB,mBAAmB,GACtB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,CAAC,OAAO;QACV,MAAM,eAAe,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAEpD,OAAO;YACH,8FAA8F,CAC1F,IAA6B;gBAE7B,MAAM,CAAC,EAAE,YAAY,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;gBAExC,IACI,CAAC,SAAS,CAAC,YAAY,CAAC;oBACxB,YAAY,CAAC,IAAI,KAAK,cAAc,CAAC,OAAO;oBAC5C,YAAY,CAAC,KAAK,KAAK,GAAG,EAC5B,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,IACI,SAAS,CAAC,eAAe,CAAC;oBAC1B,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,cAAc,CAAC,gBAAgB,EACtD,CAAC;oBACC,MAAM,gBAAgB,GAAG,mBAAmB,CACxC,eAAe,EACf,IAAI,CAAC,MAAM,CAAC,MAAM,EAClB,OAAO,CACV,CAAC;oBAEF,IAAI,CAAC,aAAa,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,gBAAgB,CAAC,EAAE,CAAC;wBACtD,OAAO;oBACX,CAAC;gBACL,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,YAAY;oBAClB,OAAO,EAAE;wBACL;4BACI,GAAG,CAAC,KAAK
|
|
1
|
+
{"version":3,"file":"no-postmessage-star-origin.js","sourceRoot":"","sources":["../../src/rules/no-postmessage-star-origin.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAErD,OAAO,EACH,kBAAkB,EAClB,mBAAmB,GACtB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,CAAC,OAAO;QACV,MAAM,eAAe,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAEpD,OAAO;YACH,8FAA8F,CAC1F,IAA6B;gBAE7B,MAAM,CAAC,EAAE,YAAY,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;gBAExC,IACI,CAAC,SAAS,CAAC,YAAY,CAAC;oBACxB,YAAY,CAAC,IAAI,KAAK,cAAc,CAAC,OAAO;oBAC5C,YAAY,CAAC,KAAK,KAAK,GAAG,EAC5B,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,IACI,SAAS,CAAC,eAAe,CAAC;oBAC1B,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,cAAc,CAAC,gBAAgB,EACtD,CAAC;oBACC,MAAM,gBAAgB,GAAG,mBAAmB,CACxC,eAAe,EACf,IAAI,CAAC,MAAM,CAAC,MAAM,EAClB,OAAO,CACV,CAAC;oBAEF,IAAI,CAAC,aAAa,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,gBAAgB,CAAC,EAAE,CAAC;wBACtD,OAAO;oBACX,CAAC;gBACL,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,YAAY;oBAClB,OAAO,EAAE;wBACL;4BACI,GAAG,EAAE,CAAC,KAAK,EAAE,EAAE,CACX,KAAK,CAAC,WAAW,CACb,YAAY,EACZ,iBAAiB,CACpB;4BACL,SAAS,EAAE,2BAA2B;yBACzC;qBACJ;iBACJ,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,sFAAsF;YAC1F,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,wFAAwF;SAChG;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACN,OAAO,EACH,oEAAoE;YACxE,yBAAyB,EACrB,sEAAsE;SAC7E;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,4BAA4B;CACrC,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-script-text.d.ts","sourceRoot":"","sources":["../../src/rules/no-script-text.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"no-script-text.d.ts","sourceRoot":"","sources":["../../src/rules/no-script-text.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAmBzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAsDtC,CAAC;AAEH,eAAe,IAAI,CAAC"}
|
|
@@ -1,11 +1,14 @@
|
|
|
1
1
|
import { AST_NODE_TYPES } from "@typescript-eslint/utils";
|
|
2
|
+
import { arrayIncludes } from "ts-extras";
|
|
2
3
|
import { getFullTypeChecker } from "../_internal/ast-utils.js";
|
|
3
4
|
import { createRule } from "../_internal/create-rule.js";
|
|
4
5
|
import { getMemberPropertyName, getStaticStringValue, } from "../_internal/estree-utils.js";
|
|
5
6
|
import { isLikelyScriptElement } from "../_internal/script-element.js";
|
|
6
|
-
const isScriptTextPropertyName = (propertyName) =>
|
|
7
|
-
|
|
8
|
-
|
|
7
|
+
const isScriptTextPropertyName = (propertyName) => arrayIncludes([
|
|
8
|
+
"innerText",
|
|
9
|
+
"text",
|
|
10
|
+
"textContent",
|
|
11
|
+
], propertyName ?? "");
|
|
9
12
|
/** Rule implementation. */
|
|
10
13
|
const rule = createRule({
|
|
11
14
|
create(context) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-script-text.js","sourceRoot":"","sources":["../../src/rules/no-script-text.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;
|
|
1
|
+
{"version":3,"file":"no-script-text.js","sourceRoot":"","sources":["../../src/rules/no-script-text.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAE1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EACH,qBAAqB,EACrB,oBAAoB,GACvB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAIvE,MAAM,wBAAwB,GAAG,CAAC,YAAgC,EAAW,EAAE,CAC3E,aAAa,CACT;IACI,WAAW;IACX,MAAM;IACN,aAAa;CAChB,EACD,YAAY,IAAI,EAAE,CACrB,CAAC;AAEN,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,CAAC,OAAO;QACV,MAAM,eAAe,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAEpD,OAAO;YACH,oBAAoB,CAAC,IAAmC;gBACpD,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,gBAAgB,EAAE,CAAC;oBACrD,OAAO;gBACX,CAAC;gBAED,IACI,CAAC,wBAAwB,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAC7D,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,IAAI,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;oBAC1C,OAAO;gBACX,CAAC;gBAED,IACI,CAAC,qBAAqB,CAClB,IAAI,CAAC,IAAI,CAAC,MAAM,EAChB,OAAO,EACP,eAAe,CAClB,EACH,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,IAAI,CAAC,KAAK;iBACnB,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,qGAAqG;YACzG,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,4EAA4E;SACpF;QACD,QAAQ,EAAE;YACN,OAAO,EACH,6GAA6G;SACpH;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,gBAAgB;CACzB,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-unsafe-cast-to-trusted-types.d.ts","sourceRoot":"","sources":["../../src/rules/no-unsafe-cast-to-trusted-types.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AA+DzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,
|
|
1
|
+
{"version":3,"file":"no-unsafe-cast-to-trusted-types.d.ts","sourceRoot":"","sources":["../../src/rules/no-unsafe-cast-to-trusted-types.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AA+DzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CA+CtC,CAAC;AAEH,eAAe,IAAI,CAAC"}
|
|
@@ -40,34 +40,32 @@ const isKnownTrustedFactoryCall = (expression) => {
|
|
|
40
40
|
};
|
|
41
41
|
/** Rule implementation. */
|
|
42
42
|
const rule = createRule({
|
|
43
|
-
create(context) {
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
};
|
|
70
|
-
},
|
|
43
|
+
create: (context) => ({
|
|
44
|
+
TSAsExpression(node) {
|
|
45
|
+
if (!isTrustedTypeNode(node.typeAnnotation)) {
|
|
46
|
+
return;
|
|
47
|
+
}
|
|
48
|
+
if (isKnownTrustedFactoryCall(node.expression)) {
|
|
49
|
+
return;
|
|
50
|
+
}
|
|
51
|
+
context.report({
|
|
52
|
+
messageId: "default",
|
|
53
|
+
node,
|
|
54
|
+
});
|
|
55
|
+
},
|
|
56
|
+
TSTypeAssertion(node) {
|
|
57
|
+
if (!isTrustedTypeNode(node.typeAnnotation)) {
|
|
58
|
+
return;
|
|
59
|
+
}
|
|
60
|
+
if (isKnownTrustedFactoryCall(node.expression)) {
|
|
61
|
+
return;
|
|
62
|
+
}
|
|
63
|
+
context.report({
|
|
64
|
+
messageId: "default",
|
|
65
|
+
node,
|
|
66
|
+
});
|
|
67
|
+
},
|
|
68
|
+
}),
|
|
71
69
|
meta: {
|
|
72
70
|
deprecated: false,
|
|
73
71
|
docs: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-unsafe-cast-to-trusted-types.js","sourceRoot":"","sources":["../../src/rules/no-unsafe-cast-to-trusted-types.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AAE9C,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IAC/B,aAAa;IACb,eAAe;IACf,kBAAkB;CACrB,CAAC,CAAC;AAEH,MAAM,WAAW,GAAG,CAAC,IAAuB,EAAsB,EAAE;IAChE,IACI,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,eAAe;QAC5C,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EAClD,CAAC;QACC,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC9B,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,IAAuB,EAAW,EAAE;IAC3D,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAEnC,OAAO,SAAS,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAC;AACvE,CAAC,CAAC;AAEF,MAAM,uBAAuB,GAAG,CAC5B,UAA+B,EACb,EAAE;IACpB,IAAI,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,cAAc,EAAE,CAAC;QACpD,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EAAE,CAAC;QACvD,OAAO,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC;IAClC,CAAC;IAED,IACI,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,cAAc,CAAC,gBAAgB;QAC1D,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ;QAC3B,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EAC/D,CAAC;QACC,OAAO,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC3C,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,yBAAyB,GAAG,CAC9B,UAA+B,EACxB,EAAE;IACT,MAAM,UAAU,GAAG,uBAAuB,CAAC,UAAU,CAAC,CAAC;IAEvD,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,2DAA2D,CAAC,IAAI,CACnE,UAAU,CAAC,WAAW,EAAE,CAC3B,CAAC;AACN,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,CAAC,OAAO
|
|
1
|
+
{"version":3,"file":"no-unsafe-cast-to-trusted-types.js","sourceRoot":"","sources":["../../src/rules/no-unsafe-cast-to-trusted-types.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AAE9C,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IAC/B,aAAa;IACb,eAAe;IACf,kBAAkB;CACrB,CAAC,CAAC;AAEH,MAAM,WAAW,GAAG,CAAC,IAAuB,EAAsB,EAAE;IAChE,IACI,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,eAAe;QAC5C,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EAClD,CAAC;QACC,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC9B,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,IAAuB,EAAW,EAAE;IAC3D,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAEnC,OAAO,SAAS,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAC;AACvE,CAAC,CAAC;AAEF,MAAM,uBAAuB,GAAG,CAC5B,UAA+B,EACb,EAAE;IACpB,IAAI,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,cAAc,EAAE,CAAC;QACpD,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EAAE,CAAC;QACvD,OAAO,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC;IAClC,CAAC;IAED,IACI,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,cAAc,CAAC,gBAAgB;QAC1D,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ;QAC3B,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EAC/D,CAAC;QACC,OAAO,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC3C,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,yBAAyB,GAAG,CAC9B,UAA+B,EACxB,EAAE;IACT,MAAM,UAAU,GAAG,uBAAuB,CAAC,UAAU,CAAC,CAAC;IAEvD,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,2DAA2D,CAAC,IAAI,CACnE,UAAU,CAAC,WAAW,EAAE,CAC3B,CAAC;AACN,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAClB,cAAc,CAAC,IAA6B;YACxC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC1C,OAAO;YACX,CAAC;YAED,IAAI,yBAAyB,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC7C,OAAO;YACX,CAAC;YAED,OAAO,CAAC,MAAM,CAAC;gBACX,SAAS,EAAE,SAAS;gBACpB,IAAI;aACP,CAAC,CAAC;QACP,CAAC;QACD,eAAe,CAAC,IAA8B;YAC1C,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC1C,OAAO;YACX,CAAC;YAED,IAAI,yBAAyB,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC7C,OAAO;YACX,CAAC;YAED,OAAO,CAAC,MAAM,CAAC;gBACX,SAAS,EAAE,SAAS;gBACpB,IAAI;aACP,CAAC,CAAC;QACP,CAAC;KACJ,CAAC;IACF,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,iFAAiF;YACrF,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,6FAA6F;SACrG;QACD,QAAQ,EAAE;YACN,OAAO,EAAE,kDAAkD;SAC9D;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,iCAAiC;CAC1C,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-winjs-html-unsafe.d.ts","sourceRoot":"","sources":["../../src/rules/no-winjs-html-unsafe.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,
|
|
1
|
+
{"version":3,"file":"no-winjs-html-unsafe.d.ts","sourceRoot":"","sources":["../../src/rules/no-winjs-html-unsafe.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CA4BtC,CAAC;AAEH,eAAe,IAAI,CAAC"}
|
|
@@ -1,16 +1,14 @@
|
|
|
1
1
|
import { createRule } from "../_internal/create-rule.js";
|
|
2
2
|
/** Rule implementation. */
|
|
3
3
|
const rule = createRule({
|
|
4
|
-
create(context) {
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
};
|
|
13
|
-
},
|
|
4
|
+
create: (context) => ({
|
|
5
|
+
"CallExpression[callee.object.object.name='WinJS'][callee.object.property.name='Utilities'][callee.property.name=/^(?:insertAdjacent|setInner|setOuter)HTMLUnsafe$/]"(node) {
|
|
6
|
+
context.report({
|
|
7
|
+
messageId: "default",
|
|
8
|
+
node,
|
|
9
|
+
});
|
|
10
|
+
},
|
|
11
|
+
}),
|
|
14
12
|
meta: {
|
|
15
13
|
deprecated: false,
|
|
16
14
|
docs: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-winjs-html-unsafe.js","sourceRoot":"","sources":["../../src/rules/no-winjs-html-unsafe.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAgB;IAClE,MAAM,CAAC,OAAO
|
|
1
|
+
{"version":3,"file":"no-winjs-html-unsafe.js","sourceRoot":"","sources":["../../src/rules/no-winjs-html-unsafe.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAgB;IAClE,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAClB,qKAAqK,CACjK,IAAI;YAEJ,OAAO,CAAC,MAAM,CAAC;gBACX,SAAS,EAAE,SAAS;gBACpB,IAAI;aACP,CAAC,CAAC;QACP,CAAC;KACJ,CAAC;IACF,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,qHAAqH;YACzH,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,kFAAkF;SAC1F;QACD,QAAQ,EAAE;YACN,OAAO,EACH,4DAA4D;SACnE;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,sBAAsB;CAC/B,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC"}
|
|
@@ -97,5 +97,5 @@ strict.
|
|
|
97
97
|
|
|
98
98
|
> **Rule catalog ID:** R062
|
|
99
99
|
|
|
100
|
-
- [Node.js
|
|
100
|
+
- [Node.js child_process documentation](https://nodejs.org/api/child_process.html)
|
|
101
101
|
- [OWASP Command Injection](https://owasp.org/www-community/attacks/Command_Injection)
|
|
@@ -56,4 +56,4 @@ Disable only for legacy Windows Store app code that is isolated and audited.
|
|
|
56
56
|
|
|
57
57
|
> **Rule catalog ID:** R022
|
|
58
58
|
|
|
59
|
-
- [Microsoft documentation: `MSApp.execUnsafeLocalFunction`](https://learn.microsoft.com/en-us/previous-versions/windows/apps/hh780593
|
|
59
|
+
- [Microsoft documentation: `MSApp.execUnsafeLocalFunction`](<https://learn.microsoft.com/en-us/previous-versions/windows/apps/hh780593(v=win.10)>)
|
|
@@ -57,4 +57,4 @@ Disable only for fully controlled HTML templates with an audited trust chain.
|
|
|
57
57
|
|
|
58
58
|
> **Rule catalog ID:** R027
|
|
59
59
|
|
|
60
|
-
- [WinJS utilities API overview](https://learn.microsoft.com/en-us/previous-versions/windows/apps/br229839
|
|
60
|
+
- [WinJS utilities API overview](<https://learn.microsoft.com/en-us/previous-versions/windows/apps/br229839(v=win.10)>)
|