eslint-plugin-sdl-2 1.2.5 → 1.2.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +81 -873
- package/dist/_internal/config-references.d.ts +2 -1
- package/dist/_internal/config-references.d.ts.map +1 -1
- package/dist/_internal/config-references.js.map +1 -1
- package/dist/_internal/electron-web-preferences.d.ts.map +1 -1
- package/dist/_internal/electron-web-preferences.js +1 -3
- package/dist/_internal/electron-web-preferences.js.map +1 -1
- package/dist/plugin.cjs +600 -639
- package/dist/plugin.cjs.map +3 -3
- package/dist/rules/no-angular-bypass-sanitizer.d.ts.map +1 -1
- package/dist/rules/no-angular-bypass-sanitizer.js +8 -10
- package/dist/rules/no-angular-bypass-sanitizer.js.map +1 -1
- package/dist/rules/no-angular-bypass-security-trust-html.d.ts.map +1 -1
- package/dist/rules/no-angular-bypass-security-trust-html.js +14 -17
- package/dist/rules/no-angular-bypass-security-trust-html.js.map +1 -1
- package/dist/rules/no-angular-innerhtml-binding.d.ts.map +1 -1
- package/dist/rules/no-angular-innerhtml-binding.js +30 -32
- package/dist/rules/no-angular-innerhtml-binding.js.map +1 -1
- package/dist/rules/no-angular-sanitization-trusted-urls.d.ts.map +1 -1
- package/dist/rules/no-angular-sanitization-trusted-urls.js +8 -10
- package/dist/rules/no-angular-sanitization-trusted-urls.js.map +1 -1
- package/dist/rules/no-angularjs-ng-bind-html-without-sanitize.d.ts.map +1 -1
- package/dist/rules/no-angularjs-ng-bind-html-without-sanitize.js +36 -38
- package/dist/rules/no-angularjs-ng-bind-html-without-sanitize.js.map +1 -1
- package/dist/rules/no-angularjs-sanitization-whitelist.d.ts.map +1 -1
- package/dist/rules/no-angularjs-sanitization-whitelist.js +8 -10
- package/dist/rules/no-angularjs-sanitization-whitelist.js.map +1 -1
- package/dist/rules/no-document-parse-html-unsafe.d.ts.map +1 -1
- package/dist/rules/no-document-parse-html-unsafe.js +6 -3
- package/dist/rules/no-document-parse-html-unsafe.js.map +1 -1
- package/dist/rules/no-dynamic-import-unsafe-url.d.ts.map +1 -1
- package/dist/rules/no-dynamic-import-unsafe-url.js +11 -13
- package/dist/rules/no-dynamic-import-unsafe-url.js.map +1 -1
- package/dist/rules/no-electron-allow-running-insecure-content.d.ts.map +1 -1
- package/dist/rules/no-electron-allow-running-insecure-content.js +4 -6
- package/dist/rules/no-electron-allow-running-insecure-content.js.map +1 -1
- package/dist/rules/no-electron-disable-context-isolation.d.ts.map +1 -1
- package/dist/rules/no-electron-disable-context-isolation.js +4 -6
- package/dist/rules/no-electron-disable-context-isolation.js.map +1 -1
- package/dist/rules/no-electron-disable-sandbox.d.ts.map +1 -1
- package/dist/rules/no-electron-disable-sandbox.js +4 -6
- package/dist/rules/no-electron-disable-sandbox.js.map +1 -1
- package/dist/rules/no-electron-disable-web-security.d.ts.map +1 -1
- package/dist/rules/no-electron-disable-web-security.js +4 -6
- package/dist/rules/no-electron-disable-web-security.js.map +1 -1
- package/dist/rules/no-electron-enable-remote-module.d.ts.map +1 -1
- package/dist/rules/no-electron-enable-remote-module.js +4 -6
- package/dist/rules/no-electron-enable-remote-module.js.map +1 -1
- package/dist/rules/no-electron-enable-webview-tag.d.ts.map +1 -1
- package/dist/rules/no-electron-enable-webview-tag.js +4 -6
- package/dist/rules/no-electron-enable-webview-tag.js.map +1 -1
- package/dist/rules/no-electron-experimental-features.d.ts.map +1 -1
- package/dist/rules/no-electron-experimental-features.js +4 -6
- package/dist/rules/no-electron-experimental-features.js.map +1 -1
- package/dist/rules/no-electron-node-integration.d.ts.map +1 -1
- package/dist/rules/no-electron-node-integration.js +27 -29
- package/dist/rules/no-electron-node-integration.js.map +1 -1
- package/dist/rules/no-electron-webview-allowpopups.d.ts.map +1 -1
- package/dist/rules/no-electron-webview-allowpopups.js +21 -25
- package/dist/rules/no-electron-webview-allowpopups.js.map +1 -1
- package/dist/rules/no-electron-webview-insecure-webpreferences.d.ts.map +1 -1
- package/dist/rules/no-electron-webview-insecure-webpreferences.js +28 -30
- package/dist/rules/no-electron-webview-insecure-webpreferences.js.map +1 -1
- package/dist/rules/no-electron-webview-node-integration.d.ts.map +1 -1
- package/dist/rules/no-electron-webview-node-integration.js +27 -31
- package/dist/rules/no-electron-webview-node-integration.js.map +1 -1
- package/dist/rules/no-inner-html.js +3 -3
- package/dist/rules/no-inner-html.js.map +1 -1
- package/dist/rules/no-insecure-random.js +1 -1
- package/dist/rules/no-insecure-random.js.map +1 -1
- package/dist/rules/no-insecure-tls-agent-options.d.ts.map +1 -1
- package/dist/rules/no-insecure-tls-agent-options.js +20 -22
- package/dist/rules/no-insecure-tls-agent-options.js.map +1 -1
- package/dist/rules/no-insecure-url.js +8 -8
- package/dist/rules/no-insecure-url.js.map +1 -1
- package/dist/rules/no-message-event-without-origin-check.js +19 -19
- package/dist/rules/no-message-event-without-origin-check.js.map +1 -1
- package/dist/rules/no-msapp-exec-unsafe.d.ts.map +1 -1
- package/dist/rules/no-msapp-exec-unsafe.js +8 -10
- package/dist/rules/no-msapp-exec-unsafe.js.map +1 -1
- package/dist/rules/no-node-tls-check-server-identity-bypass.d.ts.map +1 -1
- package/dist/rules/no-node-tls-check-server-identity-bypass.js +29 -32
- package/dist/rules/no-node-tls-check-server-identity-bypass.js.map +1 -1
- package/dist/rules/no-node-tls-legacy-protocol.d.ts.map +1 -1
- package/dist/rules/no-node-tls-legacy-protocol.js +51 -50
- package/dist/rules/no-node-tls-legacy-protocol.js.map +1 -1
- package/dist/rules/no-node-tls-reject-unauthorized-zero.d.ts.map +1 -1
- package/dist/rules/no-node-tls-reject-unauthorized-zero.js +28 -30
- package/dist/rules/no-node-tls-reject-unauthorized-zero.js.map +1 -1
- package/dist/rules/no-node-tls-security-level-zero.d.ts.map +1 -1
- package/dist/rules/no-node-tls-security-level-zero.js +37 -39
- package/dist/rules/no-node-tls-security-level-zero.js.map +1 -1
- package/dist/rules/no-nonnull-assertion-on-security-input.d.ts.map +1 -1
- package/dist/rules/no-nonnull-assertion-on-security-input.js +11 -13
- package/dist/rules/no-nonnull-assertion-on-security-input.js.map +1 -1
- package/dist/rules/no-postmessage-star-origin.d.ts.map +1 -1
- package/dist/rules/no-postmessage-star-origin.js +1 -3
- package/dist/rules/no-postmessage-star-origin.js.map +1 -1
- package/dist/rules/no-script-text.d.ts.map +1 -1
- package/dist/rules/no-script-text.js +6 -3
- package/dist/rules/no-script-text.js.map +1 -1
- package/dist/rules/no-unsafe-cast-to-trusted-types.d.ts.map +1 -1
- package/dist/rules/no-unsafe-cast-to-trusted-types.js +26 -28
- package/dist/rules/no-unsafe-cast-to-trusted-types.js.map +1 -1
- package/dist/rules/no-winjs-html-unsafe.d.ts.map +1 -1
- package/dist/rules/no-winjs-html-unsafe.js +8 -10
- package/dist/rules/no-winjs-html-unsafe.js.map +1 -1
- package/docs/rules/no-child-process-exec.md +1 -1
- package/docs/rules/no-child-process-shell-true.md +1 -1
- package/docs/rules/no-msapp-exec-unsafe.md +1 -1
- package/docs/rules/no-winjs-html-unsafe.md +1 -1
- package/package.json +49 -41
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-node-tls-security-level-zero.js","sourceRoot":"","sources":["../../src/rules/no-node-tls-security-level-zero.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE1D,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EACH,eAAe,EACf,oBAAoB,GACvB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACH,qBAAqB,EACrB,8BAA8B,GACjC,MAAM,iCAAiC,CAAC;AAIzC,MAAM,kCAAkC,GAAG,IAAI,GAAG,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC;AACxE,MAAM,+BAA+B,GAAG,uBAAuB,CAAC;AAEhE,MAAM,gBAAgB,GAAG,CAAC,IAAmB,EAA+B,EAAE,CAC1E,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,YAAY;IACzC,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,iBAAiB;IAC9C,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,aAAa,CAAC;AAE/C,MAAM,+BAA+B,GAAG,CAAC,KAAa,EAAW,EAAE,CAC/D,+BAA+B,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAEhD,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,CAAC,OAAO
|
|
1
|
+
{"version":3,"file":"no-node-tls-security-level-zero.js","sourceRoot":"","sources":["../../src/rules/no-node-tls-security-level-zero.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE1D,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EACH,eAAe,EACf,oBAAoB,GACvB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACH,qBAAqB,EACrB,8BAA8B,GACjC,MAAM,iCAAiC,CAAC;AAIzC,MAAM,kCAAkC,GAAG,IAAI,GAAG,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC;AACxE,MAAM,+BAA+B,GAAG,uBAAuB,CAAC;AAEhE,MAAM,gBAAgB,GAAG,CAAC,IAAmB,EAA+B,EAAE,CAC1E,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,YAAY;IACzC,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,iBAAiB;IAC9C,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,aAAa,CAAC;AAE/C,MAAM,+BAA+B,GAAG,CAAC,KAAa,EAAW,EAAE,CAC/D,+BAA+B,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAEhD,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAClB,oBAAoB,CAAC,IAAmC;YACpD,IACI,IAAI,CAAC,QAAQ,KAAK,GAAG;gBACrB,CAAC,qBAAqB,CAClB,IAAI,CAAC,IAAI,EACT,kCAAkC,CACrC,EACH,CAAC;gBACC,OAAO;YACX,CAAC;YAED,MAAM,eAAe,GAAG,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAEzD,IACI,OAAO,eAAe,KAAK,QAAQ;gBACnC,CAAC,+BAA+B,CAAC,eAAe,CAAC,EACnD,CAAC;gBACC,OAAO;YACX,CAAC;YAED,OAAO,CAAC,MAAM,CAAC;gBACX,IAAI,EAAE;oBACF,eAAe;oBACf,YAAY,EAAE,iBAAiB;iBAClC;gBACD,SAAS,EAAE,SAAS;gBACpB,IAAI,EAAE,IAAI,CAAC,KAAK;aACnB,CAAC,CAAC;QACP,CAAC;QACD,gBAAgB,CAAC,IAA+B;YAC5C,IAAI,CAAC,8BAA8B,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxC,OAAO;YACX,CAAC;YAED,KAAK,MAAM,YAAY,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACzC,IACI,YAAY,CAAC,IAAI,KAAK,cAAc,CAAC,QAAQ;oBAC7C,YAAY,CAAC,IAAI,KAAK,MAAM;oBAC5B,eAAe,CAAC,YAAY,CAAC,KAAK,SAAS;oBAC3C,CAAC,gBAAgB,CAAC,YAAY,CAAC,KAAK,CAAC,EACvC,CAAC;oBACC,SAAS;gBACb,CAAC;gBAED,MAAM,eAAe,GAAG,oBAAoB,CACxC,YAAY,CAAC,KAAK,CACrB,CAAC;gBAEF,IACI,OAAO,eAAe,KAAK,QAAQ;oBACnC,CAAC,+BAA+B,CAAC,eAAe,CAAC,EACnD,CAAC;oBACC,SAAS;gBACb,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,IAAI,EAAE;wBACF,eAAe;wBACf,YAAY,EAAE,SAAS;qBAC1B;oBACD,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,YAAY,CAAC,KAAK;iBAC3B,CAAC,CAAC;YACP,CAAC;QACL,CAAC;KACJ,CAAC;IACF,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,4EAA4E;YAChF,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,6FAA6F;SACrG;QACD,QAAQ,EAAE;YACN,OAAO,EACH,kKAAkK;SACzK;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,iCAAiC;CAC1C,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-nonnull-assertion-on-security-input.d.ts","sourceRoot":"","sources":["../../src/rules/no-nonnull-assertion-on-security-input.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAwBzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,
|
|
1
|
+
{"version":3,"file":"no-nonnull-assertion-on-security-input.d.ts","sourceRoot":"","sources":["../../src/rules/no-nonnull-assertion-on-security-input.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAwBzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CA8BtC,CAAC;AAEH,eAAe,IAAI,CAAC"}
|
|
@@ -14,19 +14,17 @@ const isSecuritySensitiveExpression = (expression) => {
|
|
|
14
14
|
};
|
|
15
15
|
/** Rule implementation. */
|
|
16
16
|
const rule = createRule({
|
|
17
|
-
create(context) {
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
};
|
|
29
|
-
},
|
|
17
|
+
create: (context) => ({
|
|
18
|
+
TSNonNullExpression(node) {
|
|
19
|
+
if (!isSecuritySensitiveExpression(node.expression)) {
|
|
20
|
+
return;
|
|
21
|
+
}
|
|
22
|
+
context.report({
|
|
23
|
+
messageId: "default",
|
|
24
|
+
node,
|
|
25
|
+
});
|
|
26
|
+
},
|
|
27
|
+
}),
|
|
30
28
|
meta: {
|
|
31
29
|
deprecated: false,
|
|
32
30
|
docs: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-nonnull-assertion-on-security-input.js","sourceRoot":"","sources":["../../src/rules/no-nonnull-assertion-on-security-input.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE1D,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,sBAAsB,GAAG,+CAA+C,CAAC;AAE/E,MAAM,6BAA6B,GAAG,CAClC,UAA+B,EACxB,EAAE;IACT,IAAI,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EAAE,CAAC;QAChD,OAAO,sBAAsB,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC;IAED,IACI,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,gBAAgB;QACnD,CAAC,UAAU,CAAC,QAAQ;QACpB,UAAU,CAAC,QAAQ,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EACxD,CAAC;QACC,OAAO,sBAAsB,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACjE,CAAC;IAED,OAAO,KAAK,CAAC;AACjB,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,CAAC,OAAO
|
|
1
|
+
{"version":3,"file":"no-nonnull-assertion-on-security-input.js","sourceRoot":"","sources":["../../src/rules/no-nonnull-assertion-on-security-input.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE1D,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,sBAAsB,GAAG,+CAA+C,CAAC;AAE/E,MAAM,6BAA6B,GAAG,CAClC,UAA+B,EACxB,EAAE;IACT,IAAI,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EAAE,CAAC;QAChD,OAAO,sBAAsB,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC;IAED,IACI,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,gBAAgB;QACnD,CAAC,UAAU,CAAC,QAAQ;QACpB,UAAU,CAAC,QAAQ,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EACxD,CAAC;QACC,OAAO,sBAAsB,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACjE,CAAC;IAED,OAAO,KAAK,CAAC;AACjB,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAClB,mBAAmB,CAAC,IAAkC;YAClD,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBAClD,OAAO;YACX,CAAC;YAED,OAAO,CAAC,MAAM,CAAC;gBACX,SAAS,EAAE,SAAS;gBACpB,IAAI;aACP,CAAC,CAAC;QACP,CAAC;KACJ,CAAC;IACF,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,yEAAyE;YAC7E,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,oGAAoG;SAC5G;QACD,QAAQ,EAAE;YACN,OAAO,EACH,8EAA8E;SACrF;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,wCAAwC;CACjD,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-postmessage-star-origin.d.ts","sourceRoot":"","sources":["../../src/rules/no-postmessage-star-origin.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,
|
|
1
|
+
{"version":3,"file":"no-postmessage-star-origin.d.ts","sourceRoot":"","sources":["../../src/rules/no-postmessage-star-origin.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAsEtC,CAAC;AAEH,eAAe,IAAI,CAAC"}
|
|
@@ -26,9 +26,7 @@ const rule = createRule({
|
|
|
26
26
|
node: targetOrigin,
|
|
27
27
|
suggest: [
|
|
28
28
|
{
|
|
29
|
-
fix(fixer)
|
|
30
|
-
return fixer.replaceText(targetOrigin, "location.origin");
|
|
31
|
-
},
|
|
29
|
+
fix: (fixer) => fixer.replaceText(targetOrigin, "location.origin"),
|
|
32
30
|
messageId: "replaceWithExplicitOrigin",
|
|
33
31
|
},
|
|
34
32
|
],
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-postmessage-star-origin.js","sourceRoot":"","sources":["../../src/rules/no-postmessage-star-origin.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAErD,OAAO,EACH,kBAAkB,EAClB,mBAAmB,GACtB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,CAAC,OAAO;QACV,MAAM,eAAe,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAEpD,OAAO;YACH,8FAA8F,CAC1F,IAA6B;gBAE7B,MAAM,CAAC,EAAE,YAAY,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;gBAExC,IACI,CAAC,SAAS,CAAC,YAAY,CAAC;oBACxB,YAAY,CAAC,IAAI,KAAK,cAAc,CAAC,OAAO;oBAC5C,YAAY,CAAC,KAAK,KAAK,GAAG,EAC5B,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,IACI,SAAS,CAAC,eAAe,CAAC;oBAC1B,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,cAAc,CAAC,gBAAgB,EACtD,CAAC;oBACC,MAAM,gBAAgB,GAAG,mBAAmB,CACxC,eAAe,EACf,IAAI,CAAC,MAAM,CAAC,MAAM,EAClB,OAAO,CACV,CAAC;oBAEF,IAAI,CAAC,aAAa,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,gBAAgB,CAAC,EAAE,CAAC;wBACtD,OAAO;oBACX,CAAC;gBACL,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,YAAY;oBAClB,OAAO,EAAE;wBACL;4BACI,GAAG,CAAC,KAAK
|
|
1
|
+
{"version":3,"file":"no-postmessage-star-origin.js","sourceRoot":"","sources":["../../src/rules/no-postmessage-star-origin.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAErD,OAAO,EACH,kBAAkB,EAClB,mBAAmB,GACtB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,CAAC,OAAO;QACV,MAAM,eAAe,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAEpD,OAAO;YACH,8FAA8F,CAC1F,IAA6B;gBAE7B,MAAM,CAAC,EAAE,YAAY,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;gBAExC,IACI,CAAC,SAAS,CAAC,YAAY,CAAC;oBACxB,YAAY,CAAC,IAAI,KAAK,cAAc,CAAC,OAAO;oBAC5C,YAAY,CAAC,KAAK,KAAK,GAAG,EAC5B,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,IACI,SAAS,CAAC,eAAe,CAAC;oBAC1B,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,cAAc,CAAC,gBAAgB,EACtD,CAAC;oBACC,MAAM,gBAAgB,GAAG,mBAAmB,CACxC,eAAe,EACf,IAAI,CAAC,MAAM,CAAC,MAAM,EAClB,OAAO,CACV,CAAC;oBAEF,IAAI,CAAC,aAAa,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,gBAAgB,CAAC,EAAE,CAAC;wBACtD,OAAO;oBACX,CAAC;gBACL,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,YAAY;oBAClB,OAAO,EAAE;wBACL;4BACI,GAAG,EAAE,CAAC,KAAK,EAAE,EAAE,CACX,KAAK,CAAC,WAAW,CACb,YAAY,EACZ,iBAAiB,CACpB;4BACL,SAAS,EAAE,2BAA2B;yBACzC;qBACJ;iBACJ,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,sFAAsF;YAC1F,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,wFAAwF;SAChG;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACN,OAAO,EACH,oEAAoE;YACxE,yBAAyB,EACrB,sEAAsE;SAC7E;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,4BAA4B;CACrC,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-script-text.d.ts","sourceRoot":"","sources":["../../src/rules/no-script-text.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"no-script-text.d.ts","sourceRoot":"","sources":["../../src/rules/no-script-text.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAmBzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAsDtC,CAAC;AAEH,eAAe,IAAI,CAAC"}
|
|
@@ -1,11 +1,14 @@
|
|
|
1
1
|
import { AST_NODE_TYPES } from "@typescript-eslint/utils";
|
|
2
|
+
import { arrayIncludes } from "ts-extras";
|
|
2
3
|
import { getFullTypeChecker } from "../_internal/ast-utils.js";
|
|
3
4
|
import { createRule } from "../_internal/create-rule.js";
|
|
4
5
|
import { getMemberPropertyName, getStaticStringValue, } from "../_internal/estree-utils.js";
|
|
5
6
|
import { isLikelyScriptElement } from "../_internal/script-element.js";
|
|
6
|
-
const isScriptTextPropertyName = (propertyName) =>
|
|
7
|
-
|
|
8
|
-
|
|
7
|
+
const isScriptTextPropertyName = (propertyName) => arrayIncludes([
|
|
8
|
+
"innerText",
|
|
9
|
+
"text",
|
|
10
|
+
"textContent",
|
|
11
|
+
], propertyName ?? "");
|
|
9
12
|
/** Rule implementation. */
|
|
10
13
|
const rule = createRule({
|
|
11
14
|
create(context) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-script-text.js","sourceRoot":"","sources":["../../src/rules/no-script-text.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;
|
|
1
|
+
{"version":3,"file":"no-script-text.js","sourceRoot":"","sources":["../../src/rules/no-script-text.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAE1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EACH,qBAAqB,EACrB,oBAAoB,GACvB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAIvE,MAAM,wBAAwB,GAAG,CAAC,YAAgC,EAAW,EAAE,CAC3E,aAAa,CACT;IACI,WAAW;IACX,MAAM;IACN,aAAa;CAChB,EACD,YAAY,IAAI,EAAE,CACrB,CAAC;AAEN,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,CAAC,OAAO;QACV,MAAM,eAAe,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAEpD,OAAO;YACH,oBAAoB,CAAC,IAAmC;gBACpD,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,gBAAgB,EAAE,CAAC;oBACrD,OAAO;gBACX,CAAC;gBAED,IACI,CAAC,wBAAwB,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAC7D,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,IAAI,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;oBAC1C,OAAO;gBACX,CAAC;gBAED,IACI,CAAC,qBAAqB,CAClB,IAAI,CAAC,IAAI,CAAC,MAAM,EAChB,OAAO,EACP,eAAe,CAClB,EACH,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,IAAI,CAAC,KAAK;iBACnB,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,qGAAqG;YACzG,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,4EAA4E;SACpF;QACD,QAAQ,EAAE;YACN,OAAO,EACH,6GAA6G;SACpH;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,gBAAgB;CACzB,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-unsafe-cast-to-trusted-types.d.ts","sourceRoot":"","sources":["../../src/rules/no-unsafe-cast-to-trusted-types.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AA+DzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,
|
|
1
|
+
{"version":3,"file":"no-unsafe-cast-to-trusted-types.d.ts","sourceRoot":"","sources":["../../src/rules/no-unsafe-cast-to-trusted-types.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AA+DzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CA+CtC,CAAC;AAEH,eAAe,IAAI,CAAC"}
|
|
@@ -40,34 +40,32 @@ const isKnownTrustedFactoryCall = (expression) => {
|
|
|
40
40
|
};
|
|
41
41
|
/** Rule implementation. */
|
|
42
42
|
const rule = createRule({
|
|
43
|
-
create(context) {
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
};
|
|
70
|
-
},
|
|
43
|
+
create: (context) => ({
|
|
44
|
+
TSAsExpression(node) {
|
|
45
|
+
if (!isTrustedTypeNode(node.typeAnnotation)) {
|
|
46
|
+
return;
|
|
47
|
+
}
|
|
48
|
+
if (isKnownTrustedFactoryCall(node.expression)) {
|
|
49
|
+
return;
|
|
50
|
+
}
|
|
51
|
+
context.report({
|
|
52
|
+
messageId: "default",
|
|
53
|
+
node,
|
|
54
|
+
});
|
|
55
|
+
},
|
|
56
|
+
TSTypeAssertion(node) {
|
|
57
|
+
if (!isTrustedTypeNode(node.typeAnnotation)) {
|
|
58
|
+
return;
|
|
59
|
+
}
|
|
60
|
+
if (isKnownTrustedFactoryCall(node.expression)) {
|
|
61
|
+
return;
|
|
62
|
+
}
|
|
63
|
+
context.report({
|
|
64
|
+
messageId: "default",
|
|
65
|
+
node,
|
|
66
|
+
});
|
|
67
|
+
},
|
|
68
|
+
}),
|
|
71
69
|
meta: {
|
|
72
70
|
deprecated: false,
|
|
73
71
|
docs: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-unsafe-cast-to-trusted-types.js","sourceRoot":"","sources":["../../src/rules/no-unsafe-cast-to-trusted-types.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AAE9C,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IAC/B,aAAa;IACb,eAAe;IACf,kBAAkB;CACrB,CAAC,CAAC;AAEH,MAAM,WAAW,GAAG,CAAC,IAAuB,EAAsB,EAAE;IAChE,IACI,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,eAAe;QAC5C,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EAClD,CAAC;QACC,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC9B,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,IAAuB,EAAW,EAAE;IAC3D,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAEnC,OAAO,SAAS,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAC;AACvE,CAAC,CAAC;AAEF,MAAM,uBAAuB,GAAG,CAC5B,UAA+B,EACb,EAAE;IACpB,IAAI,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,cAAc,EAAE,CAAC;QACpD,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EAAE,CAAC;QACvD,OAAO,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC;IAClC,CAAC;IAED,IACI,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,cAAc,CAAC,gBAAgB;QAC1D,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ;QAC3B,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EAC/D,CAAC;QACC,OAAO,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC3C,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,yBAAyB,GAAG,CAC9B,UAA+B,EACxB,EAAE;IACT,MAAM,UAAU,GAAG,uBAAuB,CAAC,UAAU,CAAC,CAAC;IAEvD,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,2DAA2D,CAAC,IAAI,CACnE,UAAU,CAAC,WAAW,EAAE,CAC3B,CAAC;AACN,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,CAAC,OAAO
|
|
1
|
+
{"version":3,"file":"no-unsafe-cast-to-trusted-types.js","sourceRoot":"","sources":["../../src/rules/no-unsafe-cast-to-trusted-types.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AAE9C,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IAC/B,aAAa;IACb,eAAe;IACf,kBAAkB;CACrB,CAAC,CAAC;AAEH,MAAM,WAAW,GAAG,CAAC,IAAuB,EAAsB,EAAE;IAChE,IACI,IAAI,CAAC,IAAI,KAAK,cAAc,CAAC,eAAe;QAC5C,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EAClD,CAAC;QACC,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC9B,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,IAAuB,EAAW,EAAE;IAC3D,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAEnC,OAAO,SAAS,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAC;AACvE,CAAC,CAAC;AAEF,MAAM,uBAAuB,GAAG,CAC5B,UAA+B,EACb,EAAE;IACpB,IAAI,UAAU,CAAC,IAAI,KAAK,cAAc,CAAC,cAAc,EAAE,CAAC;QACpD,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EAAE,CAAC;QACvD,OAAO,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC;IAClC,CAAC;IAED,IACI,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,cAAc,CAAC,gBAAgB;QAC1D,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ;QAC3B,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,cAAc,CAAC,UAAU,EAC/D,CAAC;QACC,OAAO,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC3C,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,yBAAyB,GAAG,CAC9B,UAA+B,EACxB,EAAE;IACT,MAAM,UAAU,GAAG,uBAAuB,CAAC,UAAU,CAAC,CAAC;IAEvD,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,2DAA2D,CAAC,IAAI,CACnE,UAAU,CAAC,WAAW,EAAE,CAC3B,CAAC;AACN,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAiB;IACnE,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAClB,cAAc,CAAC,IAA6B;YACxC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC1C,OAAO;YACX,CAAC;YAED,IAAI,yBAAyB,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC7C,OAAO;YACX,CAAC;YAED,OAAO,CAAC,MAAM,CAAC;gBACX,SAAS,EAAE,SAAS;gBACpB,IAAI;aACP,CAAC,CAAC;QACP,CAAC;QACD,eAAe,CAAC,IAA8B;YAC1C,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC1C,OAAO;YACX,CAAC;YAED,IAAI,yBAAyB,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC7C,OAAO;YACX,CAAC;YAED,OAAO,CAAC,MAAM,CAAC;gBACX,SAAS,EAAE,SAAS;gBACpB,IAAI;aACP,CAAC,CAAC;QACP,CAAC;KACJ,CAAC;IACF,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,iFAAiF;YACrF,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,6FAA6F;SACrG;QACD,QAAQ,EAAE;YACN,OAAO,EAAE,kDAAkD;SAC9D;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,iCAAiC;CAC1C,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-winjs-html-unsafe.d.ts","sourceRoot":"","sources":["../../src/rules/no-winjs-html-unsafe.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,
|
|
1
|
+
{"version":3,"file":"no-winjs-html-unsafe.d.ts","sourceRoot":"","sources":["../../src/rules/no-winjs-html-unsafe.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CA4BtC,CAAC;AAEH,eAAe,IAAI,CAAC"}
|
|
@@ -1,16 +1,14 @@
|
|
|
1
1
|
import { createRule } from "../_internal/create-rule.js";
|
|
2
2
|
/** Rule implementation. */
|
|
3
3
|
const rule = createRule({
|
|
4
|
-
create(context) {
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
};
|
|
13
|
-
},
|
|
4
|
+
create: (context) => ({
|
|
5
|
+
"CallExpression[callee.object.object.name='WinJS'][callee.object.property.name='Utilities'][callee.property.name=/^(?:insertAdjacent|setInner|setOuter)HTMLUnsafe$/]"(node) {
|
|
6
|
+
context.report({
|
|
7
|
+
messageId: "default",
|
|
8
|
+
node,
|
|
9
|
+
});
|
|
10
|
+
},
|
|
11
|
+
}),
|
|
14
12
|
meta: {
|
|
15
13
|
deprecated: false,
|
|
16
14
|
docs: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-winjs-html-unsafe.js","sourceRoot":"","sources":["../../src/rules/no-winjs-html-unsafe.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAgB;IAClE,MAAM,CAAC,OAAO
|
|
1
|
+
{"version":3,"file":"no-winjs-html-unsafe.js","sourceRoot":"","sources":["../../src/rules/no-winjs-html-unsafe.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAgB;IAClE,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAClB,qKAAqK,CACjK,IAAI;YAEJ,OAAO,CAAC,MAAM,CAAC;gBACX,SAAS,EAAE,SAAS;gBACpB,IAAI;aACP,CAAC,CAAC;QACP,CAAC;KACJ,CAAC;IACF,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,qHAAqH;YACzH,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,kFAAkF;SAC1F;QACD,QAAQ,EAAE;YACN,OAAO,EACH,4DAA4D;SACnE;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,sBAAsB;CAC/B,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC"}
|
|
@@ -97,5 +97,5 @@ strict.
|
|
|
97
97
|
|
|
98
98
|
> **Rule catalog ID:** R062
|
|
99
99
|
|
|
100
|
-
- [Node.js
|
|
100
|
+
- [Node.js child_process documentation](https://nodejs.org/api/child_process.html)
|
|
101
101
|
- [OWASP Command Injection](https://owasp.org/www-community/attacks/Command_Injection)
|
|
@@ -56,4 +56,4 @@ Disable only for legacy Windows Store app code that is isolated and audited.
|
|
|
56
56
|
|
|
57
57
|
> **Rule catalog ID:** R022
|
|
58
58
|
|
|
59
|
-
- [Microsoft documentation: `MSApp.execUnsafeLocalFunction`](https://learn.microsoft.com/en-us/previous-versions/windows/apps/hh780593
|
|
59
|
+
- [Microsoft documentation: `MSApp.execUnsafeLocalFunction`](<https://learn.microsoft.com/en-us/previous-versions/windows/apps/hh780593(v=win.10)>)
|
|
@@ -57,4 +57,4 @@ Disable only for fully controlled HTML templates with an audited trust chain.
|
|
|
57
57
|
|
|
58
58
|
> **Rule catalog ID:** R027
|
|
59
59
|
|
|
60
|
-
- [WinJS utilities API overview](https://learn.microsoft.com/en-us/previous-versions/windows/apps/br229839
|
|
60
|
+
- [WinJS utilities API overview](<https://learn.microsoft.com/en-us/previous-versions/windows/apps/br229839(v=win.10)>)
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://www.schemastore.org/package.json",
|
|
3
3
|
"name": "eslint-plugin-sdl-2",
|
|
4
|
-
"version": "1.2.
|
|
4
|
+
"version": "1.2.6",
|
|
5
5
|
"private": false,
|
|
6
6
|
"description": "ESLint plugin providing SDL-focused security and platform hardening rules.",
|
|
7
7
|
"keywords": [
|
|
@@ -26,7 +26,7 @@
|
|
|
26
26
|
"url": "git+https://github.com/Nick2bad4u/eslint-plugin-SDL-2.git"
|
|
27
27
|
},
|
|
28
28
|
"license": "MIT",
|
|
29
|
-
"author": "Nick2bad4u <20943337+Nick2bad4u@users.noreply.github.com> (https://
|
|
29
|
+
"author": "Nick2bad4u <20943337+Nick2bad4u@users.noreply.github.com> (https://github.com/Nick2bad4u)",
|
|
30
30
|
"contributors": [
|
|
31
31
|
{
|
|
32
32
|
"name": "Nick2bad4u",
|
|
@@ -85,7 +85,7 @@
|
|
|
85
85
|
"build:types:cjs": "node -e \"require('node:fs').copyFileSync('dist/plugin.d.ts','dist/plugin.d.cts')\"",
|
|
86
86
|
"changelog:generate": "git-cliff --config cliff.toml --output CHANGELOG.md",
|
|
87
87
|
"changelog:preview": "git-cliff --config cliff.toml --unreleased",
|
|
88
|
-
"changelog:release-notes": "git-cliff --config cliff.toml --
|
|
88
|
+
"changelog:release-notes": "git-cliff --config cliff.toml --current --strip all",
|
|
89
89
|
"clean:cache": "node scripts/remove-paths.mjs dist coverage cache .cache .vite .turbo",
|
|
90
90
|
"clean:cache:coverage": "node scripts/remove-paths.mjs coverage .coverage",
|
|
91
91
|
"clean:cache:dist": "node scripts/remove-paths.mjs dist release",
|
|
@@ -122,9 +122,9 @@
|
|
|
122
122
|
"lint": "cross-env NODE_OPTIONS=--max_old_space_size=16384 eslint --cache --cache-strategy content --cache-location .cache/.eslintcache",
|
|
123
123
|
"lint:action": "npm run lint:actions",
|
|
124
124
|
"lint:actions": "node scripts/lint-actionlint.mjs",
|
|
125
|
-
"lint:all": "npm run lint && npm run lint:css && npm run lint:prettier && npm run lint:remark && npm run lint:package && npm run lint:secretlint && npm run lint:yaml && npm run lint:actions && npm run lint:circular",
|
|
126
|
-
"lint:all:fix": "npm run lint:fix && npm run lint:css:fix && npm run lint:prettier:fix && npm run lint:remark && npm run lint:package && npm run lint:secretlint && npm run lint:yaml:fix && npm run lint:actions && npm run lint:circular",
|
|
127
|
-
"lint:all:fix:quiet": "npm run lint:fix:quiet && npm run lint:css:fix && npm run lint:prettier:fix && npm run lint:remark && npm run lint:package && npm run lint:secretlint && npm run lint:yaml:fix && npm run lint:actions && npm run lint:circular",
|
|
125
|
+
"lint:all": "npm run lint && npm run lint:css && npm run lint:prettier && npm run lint:remark && npm run lint:package && npm run lint:gitleaks && npm run lint:secretlint && npm run lint:yaml && npm run lint:yamllint && npm run lint:actions && npm run lint:circular",
|
|
126
|
+
"lint:all:fix": "npm run lint:fix && npm run lint:css:fix && npm run lint:prettier:fix && npm run lint:remark && npm run lint:package && npm run lint:gitleaks && npm run lint:secretlint && npm run lint:yaml:fix && npm run lint:yamllint && npm run lint:actions && npm run lint:circular",
|
|
127
|
+
"lint:all:fix:quiet": "npm run lint:fix:quiet && npm run lint:css:fix && npm run lint:prettier:fix && npm run lint:remark && npm run lint:package && npm run lint:gitleaks && npm run lint:secretlint && npm run lint:yaml:fix && npm run lint:yamllint && npm run lint:actions && npm run lint:circular",
|
|
128
128
|
"lint:circular": "npm run madge:circular",
|
|
129
129
|
"lint:compat:eslint9": "node scripts/eslint9-compat-smoke.mjs",
|
|
130
130
|
"lint:config:build": "npm run build:eslint-inspector",
|
|
@@ -141,6 +141,7 @@
|
|
|
141
141
|
"lint:exports": "ts-unused-exports tsconfig.json src/plugin.ts --excludePathsFromReport=plugin.ts",
|
|
142
142
|
"lint:fix": "cross-env NODE_OPTIONS=--max_old_space_size=16384 eslint --cache --cache-strategy content --cache-location .cache/.eslintcache --fix",
|
|
143
143
|
"lint:fix:quiet": "cross-env ESLINT_PROGRESS=off NODE_OPTIONS=--max_old_space_size=16384 eslint --cache --cache-strategy content --cache-location .cache/.eslintcache --fix && echo \"Eslint fix done!\"",
|
|
144
|
+
"lint:gitleaks": "gitleaks dir --config .gitleaks.toml .",
|
|
144
145
|
"lint:grype": "grype . -c .grype.yaml --name eslint-plugin-sdl-2",
|
|
145
146
|
"lint:knip": "npm run knip",
|
|
146
147
|
"lint:knip:exports": "npm run knip -- --include exports,nsExports,classMembers,types,nsTypes,enumMembers,duplicates",
|
|
@@ -168,13 +169,14 @@
|
|
|
168
169
|
"lint:unused-deps": "npm run knip -- --include dependencies",
|
|
169
170
|
"lint:yaml": "cross-env NODE_OPTIONS=--max_old_space_size=16384 eslint --cache --cache-strategy content --cache-location .cache/.eslintcache \"**/*.{yml,yaml}\" && echo \"YAML lint done!\"",
|
|
170
171
|
"lint:yaml:fix": "cross-env NODE_OPTIONS=--max_old_space_size=16384 eslint --cache --cache-strategy content --cache-location .cache/.eslintcache --fix \"**/*.{yml,yaml}\" && echo \"YAML lint (fix) done!\"",
|
|
172
|
+
"lint:yamllint": "yamllint .",
|
|
171
173
|
"madge:circular": "madge --circular --no-spinner --ts-config tsconfig.json --extensions ts,tsx,js,jsx,mjs,cjs,cts,mts ./src --exclude \"(^|[\\/])(test|dist|node_modules|cache|.cache|coverage|build|eslint-inspector|temp|.docusaurus)($|[\\/])|\\.css$\"",
|
|
172
174
|
"madge:leaves": "madge --leaves --no-spinner --ts-config tsconfig.json --extensions ts,tsx,js,jsx,mjs,cjs,cts,mts ./src --exclude \"(^|[\\/])(test|dist|node_modules|cache|.cache|coverage|build|eslint-inspector|temp|.docusaurus)($|[\\/])|\\.css$\"",
|
|
173
175
|
"madge:orphans": "madge --orphans --no-spinner --ts-config tsconfig.json --extensions ts,tsx,js,jsx,mjs,cjs,cts,mts ./src --exclude \"(^|[\\/])(test|dist|node_modules|cache|.cache|coverage|build|eslint-inspector|temp|.docusaurus)($|[\\/])|\\.css$\"",
|
|
174
176
|
"open:coverage": "open-cli coverage/index.html",
|
|
175
177
|
"prepublishOnly": "npm run release:check",
|
|
176
178
|
"release:check": "npm run release:verify",
|
|
177
|
-
"release:verify": "npm run build && npm run lint && npm run typecheck && npm run test && npm run sync:readme-rules-table && npm run sync:presets-rules-matrix && npm run docs:check-links && npm pack --dry-run",
|
|
179
|
+
"release:verify": "npm run build && npm run docs:api && npm run lint && npm run typecheck && npm run test && npm run sync:readme-rules-table && npm run sync:presets-rules-matrix && npm run docs:check-links && npm pack --dry-run",
|
|
178
180
|
"remark:fix": "remark --rc-path .remarkrc.mjs --silently-ignore --ignore-path .remarkignore --frail --quiet --output -- \"*.{md,mdx}\" \"docs/**/*.{md,mdx}\"",
|
|
179
181
|
"remark:test-config": "remark --rc-path .remarkrc.mjs --silently-ignore --ignore-path .remarkignore --frail \"README.md\"",
|
|
180
182
|
"sync:node-version-files": "node scripts/sync-node-version-files.mjs",
|
|
@@ -210,6 +212,7 @@
|
|
|
210
212
|
"typecheck": "tsc -p tsconfig.json --noEmit && tsc -p tsconfig.build.json --noEmit && tsc -p tsconfig.eslint.json --noEmit && tsc -p tsconfig.js.json --noEmit && npm run --workspace docs/docusaurus typecheck",
|
|
211
213
|
"typecheck:all": "npm run typecheck",
|
|
212
214
|
"types:update": "typesync",
|
|
215
|
+
"update-actions": "npx actions-up --yes --style sha",
|
|
213
216
|
"update-deps": "npx ncu -i --install never && npm update --workspaces --force && npm install --force && npm run sync:peer-eslint-range && npm run sync:node-version-files && npm run sync:rules:write",
|
|
214
217
|
"verify:readme-rules-table": "npm run build && npm run sync:readme-rules-table"
|
|
215
218
|
},
|
|
@@ -218,21 +221,21 @@
|
|
|
218
221
|
},
|
|
219
222
|
"dependencies": {
|
|
220
223
|
"@types/eslint-plugin-security": "^3.0.1",
|
|
221
|
-
"@typescript-eslint/eslint-plugin": "^8.
|
|
222
|
-
"@typescript-eslint/parser": "^8.
|
|
223
|
-
"@typescript-eslint/type-utils": "^8.
|
|
224
|
-
"@typescript-eslint/utils": "^8.
|
|
225
|
-
"eslint-plugin-n": "^18.0
|
|
226
|
-
"eslint-plugin-security": "^
|
|
224
|
+
"@typescript-eslint/eslint-plugin": "^8.61.1",
|
|
225
|
+
"@typescript-eslint/parser": "^8.61.1",
|
|
226
|
+
"@typescript-eslint/type-utils": "^8.61.1",
|
|
227
|
+
"@typescript-eslint/utils": "^8.61.1",
|
|
228
|
+
"eslint-plugin-n": "^18.1.0",
|
|
229
|
+
"eslint-plugin-security": "^4.0.1",
|
|
227
230
|
"ts-extras": "^1.0.0",
|
|
228
|
-
"type-fest": "^5.
|
|
231
|
+
"type-fest": "^5.7.0"
|
|
229
232
|
},
|
|
230
233
|
"devDependencies": {
|
|
231
|
-
"@arethetypeswrong/cli": "^0.18.
|
|
234
|
+
"@arethetypeswrong/cli": "^0.18.3",
|
|
232
235
|
"@csstools/stylelint-formatter-github": "^2.0.0",
|
|
233
236
|
"@double-great/remark-lint-alt-text": "^1.1.1",
|
|
234
237
|
"@eslint/compat": "^2.1.0",
|
|
235
|
-
"@eslint/config-inspector": "^3.0.
|
|
238
|
+
"@eslint/config-inspector": "^3.0.4",
|
|
236
239
|
"@microsoft/tsdoc-config": "^0.18.1",
|
|
237
240
|
"@stryker-ignorer/console-all": "^0.3.2",
|
|
238
241
|
"@stryker-mutator/core": "^9.6.1",
|
|
@@ -240,63 +243,68 @@
|
|
|
240
243
|
"@stryker-mutator/vitest-runner": "^9.6.1",
|
|
241
244
|
"@types/htmlhint": "^1.1.5",
|
|
242
245
|
"@types/madge": "^5.0.3",
|
|
243
|
-
"@types/node": "^25.
|
|
246
|
+
"@types/node": "^25.9.3",
|
|
244
247
|
"@types/sloc": "^0.2.3",
|
|
245
|
-
"@typescript-eslint/rule-tester": "^8.
|
|
246
|
-
"@vitest/coverage-v8": "^4.1.
|
|
247
|
-
"@vitest/ui": "^4.1.
|
|
248
|
+
"@typescript-eslint/rule-tester": "^8.61.1",
|
|
249
|
+
"@vitest/coverage-v8": "^4.1.9",
|
|
250
|
+
"@vitest/ui": "^4.1.9",
|
|
248
251
|
"actionlint": "^2.0.6",
|
|
249
252
|
"all-contributors-cli": "^6.26.1",
|
|
250
|
-
"cognitive-complexity-ts": "^0.8.
|
|
251
|
-
"commitlint": "^21.0.
|
|
253
|
+
"cognitive-complexity-ts": "^0.8.2",
|
|
254
|
+
"commitlint": "^21.0.2",
|
|
252
255
|
"commitlint-config-gitmoji": "^2.3.1",
|
|
253
256
|
"cross-env": "^10.1.0",
|
|
254
257
|
"detect-secrets": "^1.0.6",
|
|
255
|
-
"eslint": "^10.
|
|
256
|
-
"eslint-config-nick2bad4u": "^
|
|
258
|
+
"eslint": "^10.5.0",
|
|
259
|
+
"eslint-config-nick2bad4u": "^2.0.2",
|
|
257
260
|
"eslint-formatter-unix": "^9.0.1",
|
|
258
261
|
"eslint-rule-benchmark": "^0.8.0",
|
|
259
262
|
"fast-check": "^4.8.0",
|
|
260
263
|
"git-cliff": "^2.13.1",
|
|
264
|
+
"gitleaks-config-nick2bad4u": "^1.0.2",
|
|
261
265
|
"gitleaks-secret-scanner": "^2.1.1",
|
|
262
266
|
"htmlhint": "^1.9.2",
|
|
263
|
-
"jscpd": "^
|
|
264
|
-
"knip": "^6.
|
|
267
|
+
"jscpd": "^5.0.10",
|
|
268
|
+
"knip": "^6.17.1",
|
|
265
269
|
"leasot": "^14.4.0",
|
|
266
270
|
"madge": "^8.0.0",
|
|
267
271
|
"markdown-link-check": "^3.14.2",
|
|
268
|
-
"npm-check-updates": "^22.2.
|
|
269
|
-
"npm-package-json-lint": "^10.4.
|
|
272
|
+
"npm-check-updates": "^22.2.3",
|
|
273
|
+
"npm-package-json-lint": "^10.4.1",
|
|
274
|
+
"npm-package-json-lint-config-nick2bad4u": "^1.0.3",
|
|
270
275
|
"picocolors": "^1.1.1",
|
|
271
|
-
"prettier": "^3.8.
|
|
272
|
-
"prettier-config-nick2bad4u": "^1.0.
|
|
276
|
+
"prettier": "^3.8.4",
|
|
277
|
+
"prettier-config-nick2bad4u": "^1.0.17",
|
|
273
278
|
"publint": "^0.3.21",
|
|
274
279
|
"rehype-katex": "^7.0.1",
|
|
275
280
|
"remark": "^15.0.1",
|
|
276
281
|
"remark-cli": "^12.0.1",
|
|
277
|
-
"remark-config-nick2bad4u": "^1.0.
|
|
278
|
-
"secretlint": "^13.0.
|
|
279
|
-
"secretlint-config-nick2bad4u": "^1.0
|
|
282
|
+
"remark-config-nick2bad4u": "^1.0.8",
|
|
283
|
+
"secretlint": "^13.0.2",
|
|
284
|
+
"secretlint-config-nick2bad4u": "^1.1.0",
|
|
280
285
|
"sloc": "^0.3.2",
|
|
281
|
-
"sort-package-json": "^
|
|
282
|
-
"stylelint": "^17.
|
|
283
|
-
"stylelint-config-nick2bad4u": "^1.0.
|
|
286
|
+
"sort-package-json": "^4.0.0",
|
|
287
|
+
"stylelint": "^17.13.0",
|
|
288
|
+
"stylelint-config-nick2bad4u": "^1.0.19",
|
|
284
289
|
"ts-unused-exports": "^11.0.1",
|
|
290
|
+
"tsdoc-config-nick2bad4u": "^1.0.5",
|
|
285
291
|
"typedoc": "^0.28.19",
|
|
292
|
+
"typedoc-config-nick2bad4u": "^2.0.0",
|
|
286
293
|
"typescript": "^6.0.3",
|
|
287
|
-
"typescript-eslint": "^8.
|
|
294
|
+
"typescript-eslint": "^8.61.1",
|
|
288
295
|
"typesync": "^0.14.3",
|
|
289
296
|
"vfile": "^6.0.3",
|
|
290
|
-
"vite": "^8.0.
|
|
297
|
+
"vite": "^8.0.16",
|
|
291
298
|
"vite-tsconfig-paths": "^6.1.1",
|
|
292
|
-
"vitest": "^4.1.
|
|
299
|
+
"vitest": "^4.1.9",
|
|
300
|
+
"yamllint-config-nick2bad4u": "^1.0.2",
|
|
293
301
|
"yamllint-js": "^0.2.4"
|
|
294
302
|
},
|
|
295
303
|
"peerDependencies": {
|
|
296
|
-
"eslint": "^9.0.0 || ^10.
|
|
304
|
+
"eslint": "^9.0.0 || ^10.5.0",
|
|
297
305
|
"typescript": ">=5.0.0"
|
|
298
306
|
},
|
|
299
|
-
"packageManager": "npm@11.
|
|
307
|
+
"packageManager": "npm@11.17.0",
|
|
300
308
|
"engines": {
|
|
301
309
|
"node": ">=20.19.0"
|
|
302
310
|
},
|