eslint-plugin-secure-coding 2.0.3 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +2 -2
- package/src/rules/security/detect-child-process.js +89 -19
- package/src/rules/security/detect-child-process.js.map +1 -1
- package/src/rules/security/no-buffer-overread.js +40 -1
- package/src/rules/security/no-buffer-overread.js.map +1 -1
- package/src/rules/security/no-directive-injection.js +6 -2
- package/src/rules/security/no-directive-injection.js.map +1 -1
- package/src/rules/security/no-improper-sanitization.js +6 -6
- package/src/rules/security/no-improper-sanitization.js.map +1 -1
- package/src/rules/security/no-improper-type-validation.js +54 -3
- package/src/rules/security/no-improper-type-validation.js.map +1 -1
- package/src/rules/security/no-insecure-comparison.js +67 -0
- package/src/rules/security/no-insecure-comparison.js.map +1 -1
- package/src/rules/security/no-insecure-jwt.js +27 -5
- package/src/rules/security/no-insecure-jwt.js.map +1 -1
- package/src/rules/security/no-privilege-escalation.js +35 -0
- package/src/rules/security/no-privilege-escalation.js.map +1 -1
- package/src/rules/security/no-toctou-vulnerability.js +106 -62
- package/src/rules/security/no-toctou-vulnerability.js.map +1 -1
- package/src/rules/security/no-unescaped-url-parameter.js +91 -1
- package/src/rules/security/no-unescaped-url-parameter.js.map +1 -1
- package/src/rules/security/no-unsanitized-html.js +6 -14
- package/src/rules/security/no-unsanitized-html.js.map +1 -1
|
@@ -57,7 +57,11 @@ function matchesIgnorePattern(text, ignorePatterns) {
|
|
|
57
57
|
* Check if a node is a URL construction pattern
|
|
58
58
|
*/
|
|
59
59
|
function isUrlConstruction(node, sourceCode) {
|
|
60
|
-
|
|
60
|
+
let text = sourceCode.getText(node);
|
|
61
|
+
// For template literals, combine raw strings to improve pattern detection
|
|
62
|
+
if (node.type === 'TemplateLiteral') {
|
|
63
|
+
text = node.quasis.map(q => q.value.raw).join('');
|
|
64
|
+
}
|
|
61
65
|
// Check for URL construction patterns
|
|
62
66
|
const urlPatterns = [
|
|
63
67
|
/\bhttps?:\/\//, // HTTP/HTTPS URLs
|
|
@@ -257,9 +261,95 @@ exports.noUnescapedUrlParameter = (0, eslint_devkit_2.createRule)({
|
|
|
257
261
|
}
|
|
258
262
|
}
|
|
259
263
|
}
|
|
264
|
+
function isUserControlled(node, visited = new Set()) {
|
|
265
|
+
const text = sourceCode.getText(node);
|
|
266
|
+
const patterns = [
|
|
267
|
+
/\breq\.(query|params|body|headers|cookies)/,
|
|
268
|
+
/\brequest\.(query|params|body)/,
|
|
269
|
+
/\buserInput\b/i,
|
|
270
|
+
/\binput\b/i,
|
|
271
|
+
/\bsearchParams\b/,
|
|
272
|
+
/\bparam\b/i,
|
|
273
|
+
/\breturnUrl\b/i,
|
|
274
|
+
/\burl\b/i,
|
|
275
|
+
/\bredirect\b/i,
|
|
276
|
+
/\bnext\b/i,
|
|
277
|
+
];
|
|
278
|
+
if (patterns.some(p => p.test(text)))
|
|
279
|
+
return true;
|
|
280
|
+
// Trace identifiers
|
|
281
|
+
if (node.type === 'Identifier') {
|
|
282
|
+
if (visited.has(node.name))
|
|
283
|
+
return false;
|
|
284
|
+
visited.add(node.name);
|
|
285
|
+
const scope = sourceCode.getScope(node);
|
|
286
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
287
|
+
const variable = scope.variables.find((v) => v.name === node.name);
|
|
288
|
+
if (variable && variable.defs.length > 0) {
|
|
289
|
+
const def = variable.defs[0];
|
|
290
|
+
if (def.type === 'Variable' && def.node.init) {
|
|
291
|
+
const init = def.node.init;
|
|
292
|
+
// Check if init is constructed from other user inputs
|
|
293
|
+
if (isUserControlled(init, visited))
|
|
294
|
+
return true;
|
|
295
|
+
// Check if init is a TemplateLiteral containing user inputs in expressions
|
|
296
|
+
if (init.type === 'TemplateLiteral') {
|
|
297
|
+
return init.expressions.some(expr => isUserControlled(expr, visited));
|
|
298
|
+
}
|
|
299
|
+
// Check if init is BinaryExpression (concatenation)
|
|
300
|
+
if (init.type === 'BinaryExpression') {
|
|
301
|
+
return isUserControlled(init.left, visited) || isUserControlled(init.right, visited);
|
|
302
|
+
}
|
|
303
|
+
}
|
|
304
|
+
}
|
|
305
|
+
}
|
|
306
|
+
return false;
|
|
307
|
+
}
|
|
260
308
|
return {
|
|
261
309
|
TemplateLiteral: checkTemplateLiteral,
|
|
262
310
|
BinaryExpression: checkBinaryExpression,
|
|
311
|
+
AssignmentExpression(node) {
|
|
312
|
+
if (isTestFile)
|
|
313
|
+
return;
|
|
314
|
+
// Check for window.location = ... or window.location.href = ...
|
|
315
|
+
const left = node.left;
|
|
316
|
+
let isLocationAssignment = false;
|
|
317
|
+
if (left.type === 'MemberExpression') {
|
|
318
|
+
const objectName = left.object.type === 'Identifier' ? left.object.name :
|
|
319
|
+
(left.object.type === 'MemberExpression' ? sourceCode.getText(left.object) : '');
|
|
320
|
+
const propName = left.property.type === 'Identifier' ? left.property.name : '';
|
|
321
|
+
if ((objectName === 'window' && propName === 'location') ||
|
|
322
|
+
(propName === 'href' && objectName.includes('location'))) {
|
|
323
|
+
isLocationAssignment = true;
|
|
324
|
+
}
|
|
325
|
+
}
|
|
326
|
+
else if (left.type === 'Identifier' && left.name === 'location') {
|
|
327
|
+
// In browser location = ... is valid
|
|
328
|
+
isLocationAssignment = true;
|
|
329
|
+
}
|
|
330
|
+
if (isLocationAssignment) {
|
|
331
|
+
const right = node.right;
|
|
332
|
+
const rightText = sourceCode.getText(right);
|
|
333
|
+
// Skip TemplateLiteral and BinaryExpression as they are covered by their own visitors
|
|
334
|
+
if (right.type === 'TemplateLiteral' || right.type === 'BinaryExpression') {
|
|
335
|
+
return;
|
|
336
|
+
}
|
|
337
|
+
if (matchesIgnorePattern(rightText, ignorePatterns))
|
|
338
|
+
return;
|
|
339
|
+
if (isInsideEncodingCall(right, sourceCode, trustedLibraries))
|
|
340
|
+
return;
|
|
341
|
+
if (isUserControlled(right)) {
|
|
342
|
+
context.report({
|
|
343
|
+
node: right,
|
|
344
|
+
messageId: 'unescapedUrlParameter',
|
|
345
|
+
data: {
|
|
346
|
+
parameter: rightText,
|
|
347
|
+
safeAlternative: 'Validate and encode URL before redirecting',
|
|
348
|
+
}
|
|
349
|
+
});
|
|
350
|
+
}
|
|
351
|
+
}
|
|
352
|
+
}
|
|
263
353
|
};
|
|
264
354
|
},
|
|
265
355
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-unescaped-url-parameter.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-unescaped-url-parameter.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAiBtD;;GAEG;AACH,SAAS,oBAAoB,CAC3B,IAAmB,EACnB,UAA+B,EAC/B,gBAA0B;IAE1B,IAAI,OAAO,GAAyB,IAAI,CAAC;IAEzC,OAAO,OAAO,EAAE,CAAC;QACf,IAAI,OAAO,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YAE9B,0CAA0C;YAC1C,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC;gBAC/B,IAAI,CAAC,oBAAoB,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBACvE,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,uCAAuC;YACvC,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBACvC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;gBAC7B,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBAC7C,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wBACzE,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,IAAI,QAAQ,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YAC1C,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,MAAM;QACR,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,cAAwB;IAClE,OAAO,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QACnC,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACvC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,IAAmB,EAAE,UAA+B;IAC7E,
|
|
1
|
+
{"version":3,"file":"no-unescaped-url-parameter.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-unescaped-url-parameter.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAiBtD;;GAEG;AACH,SAAS,oBAAoB,CAC3B,IAAmB,EACnB,UAA+B,EAC/B,gBAA0B;IAE1B,IAAI,OAAO,GAAyB,IAAI,CAAC;IAEzC,OAAO,OAAO,EAAE,CAAC;QACf,IAAI,OAAO,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YAE9B,0CAA0C;YAC1C,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC;gBAC/B,IAAI,CAAC,oBAAoB,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBACvE,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,uCAAuC;YACvC,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBACvC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;gBAC7B,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBAC7C,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wBACzE,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,IAAI,QAAQ,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YAC1C,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,MAAM;QACR,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,cAAwB;IAClE,OAAO,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QACnC,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACvC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,IAAmB,EAAE,UAA+B;IAC7E,IAAI,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEpC,0EAA0E;IAC1E,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QACpC,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,sCAAsC;IACtC,MAAM,WAAW,GAAG;QAClB,eAAe,EAAG,kBAAkB;QACpC,kBAAkB;QAClB,iBAAiB,EAAG,gBAAgB;QACpC,YAAY,EAAG,QAAQ;QACvB,oBAAoB;QACpB,kBAAkB;QAClB,qBAAqB;QACrB,UAAU,EAAG,mBAAmB;KACjC,CAAC;IAEF,OAAO,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AACzD,CAAC;AAEY,QAAA,uBAAuB,GAAG,IAAA,0BAAU,EAA0B;IACzE,IAAI,EAAE,4BAA4B;IAClC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,kCAAkC;SAChD;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,yBAAyB;gBACpC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,iDAAiD;gBAC9D,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,sDAAsD;gBAC3D,iBAAiB,EAAE,qGAAqG;aACzH,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,qBAAqB;gBAChC,WAAW,EAAE,+CAA+C;gBAC5D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,8CAA8C;gBACnD,iBAAiB,EAAE,kEAAkE;aACtF,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE;wBACZ,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,8CAA8C;qBAC5D;oBACD,gBAAgB,EAAE;wBAChB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,KAAK,EAAE,aAAa,CAAC;wBAC/B,WAAW,EAAE,oCAAoC;qBAClD;oBACD,cAAc,EAAE;wBACd,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,oCAAoC;qBAClD;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,YAAY,EAAE,KAAK;YACnB,gBAAgB,EAAE,CAAC,KAAK,EAAE,aAAa,CAAC;YACxC,cAAc,EAAE,EAAE;SACnB;KACF;IACD,MAAM,CACJ,OAAsD,EACtD,CAAC,OAAO,GAAG,EAAE,CAAC;QAEd,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,gBAAgB,GAAG,CAAC,KAAK,EAAE,aAAa,CAAC,EACzC,cAAc,GAAG,EAAE,GACpB,GAAG,OAAkB,CAAC;QAEvB,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,YAAY,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAE5D,SAAS,oBAAoB,CAAC,IAA8B;YAC1D,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,sCAAsC;YACtC,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE,CAAC;gBACzC,OAAO;YACT,CAAC;YAED,wCAAwC;YACxC,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC1C,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBAE5C,yCAAyC;gBACzC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;oBAC/C,SAAS;gBACX,CAAC;gBAED,gCAAgC;gBAChC,IAAI,oBAAoB,CAAC,UAAU,EAAE,UAAU,EAAE,gBAAgB,CAAC,EAAE,CAAC;oBACnE,SAAS;gBACX,CAAC;gBAED,qCAAqC;gBACrC,MAAM,iBAAiB,GAAG;oBACxB,4CAA4C;oBAC5C,gCAAgC;oBAChC,gBAAgB;oBAChB,YAAY;oBACZ,kBAAkB;oBAClB,YAAY,EAAE,yBAAyB;iBACxC,CAAC;gBAEF,+DAA+D;gBAC/D,iDAAiD;gBACjD,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBAC1C,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBAChD,MAAM,WAAW,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACtD,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACzD,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACzD,6DAA6D;oBAC7D,CAAC,UAAU,CAAC,IAAI,KAAK,kBAAkB;wBACtC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;4BAC/B,wDAAwD;4BACxD,OAAO,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;wBAChC,CAAC,CAAC,CAAC,CAAC;gBAExB,IAAI,WAAW,EAAE,CAAC;oBAChB,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI,EAAE,UAAU;wBAChB,SAAS,EAAE,uBAAuB;wBAClC,IAAI,EAAE;4BACJ,SAAS,EAAE,IAAI;4BACf,eAAe,EAAE,0GAA0G,IAAI,OAAO;yBACvI;wBACD,OAAO,EAAE;4BACP;gCACE,SAAS,EAAE,uBAAuB;gCAClC,6DAA6D;gCAC7D,GAAG,EAAE,CAAC,MAA0B,EAAE,EAAE,CAAC,IAAI;6BAC1C;4BACD;gCACE,SAAS,EAAE,oBAAoB;gCAC/B,6DAA6D;gCAC7D,GAAG,EAAE,CAAC,MAA0B,EAAE,EAAE,CAAC,IAAI;6BAC1C;yBACF;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,SAAS,qBAAqB,CAAC,IAA+B;YAC5D,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,qDAAqD;YACrD,IAAI,IAAI,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;gBAC1B,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE,CAAC;oBACzC,OAAO;gBACT,CAAC;gBAED,2CAA2C;gBAC3C,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;oBAClC,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;oBAEjD,yCAAyC;oBACzC,IAAI,oBAAoB,CAAC,SAAS,EAAE,cAAc,CAAC,EAAE,CAAC;wBACpD,OAAO;oBACT,CAAC;oBAED,gCAAgC;oBAChC,IAAI,oBAAoB,CAAC,IAAI,CAAC,KAAK,EAAE,UAAU,EAAE,gBAAgB,CAAC,EAAE,CAAC;wBACnE,OAAO;oBACT,CAAC;oBAED,qCAAqC;oBACrC,MAAM,iBAAiB,GAAG;wBACxB,4BAA4B;wBAC5B,gCAAgC;wBAChC,eAAe;wBACf,WAAW;qBACZ,CAAC;oBAEF,MAAM,WAAW,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;oBAE/E,IAAI,WAAW,EAAE,CAAC;wBAChB,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI,EAAE,IAAI,CAAC,KAAK;4BAChB,SAAS,EAAE,uBAAuB;4BAClC,IAAI,EAAE;gCACJ,SAAS,EAAE,SAAS;gCACpB,eAAe,EAAE,6BAA6B,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,SAAS,GAAG;6BACjH;4BACD,OAAO,EAAE;gCACP;oCACE,SAAS,EAAE,uBAAuB;oCAClC,6DAA6D;oCAC7D,GAAG,EAAE,CAAC,MAA0B,EAAE,EAAE,CAAC,IAAI;iCAC1C;6BACF;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,SAAS,gBAAgB,CAAC,IAAmB,EAAE,UAAU,IAAI,GAAG,EAAU;YACxE,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAEtC,MAAM,QAAQ,GAAG;gBACf,4CAA4C;gBAC5C,gCAAgC;gBAChC,gBAAgB;gBAChB,YAAY;gBACZ,kBAAkB;gBAClB,YAAY;gBACZ,gBAAgB;gBAChB,UAAU;gBACV,eAAe;gBACf,WAAW;aACZ,CAAC;YAEF,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAAE,OAAO,IAAI,CAAC;YAElD,oBAAoB;YACpB,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC/B,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;oBAAE,OAAO,KAAK,CAAC;gBACzC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEvB,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;gBACxC,8DAA8D;gBAC9D,MAAM,QAAQ,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC;gBAExE,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACzC,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBAC7B,IAAI,GAAG,CAAC,IAAI,KAAK,UAAU,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;wBAC5C,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;wBAC3B,sDAAsD;wBACtD,IAAI,gBAAgB,CAAC,IAAI,EAAE,OAAO,CAAC;4BAAE,OAAO,IAAI,CAAC;wBAEjD,2EAA2E;wBAC3E,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;4BAClC,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;wBAC1E,CAAC;wBAED,oDAAoD;wBACpD,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;4BACnC,OAAO,gBAAgB,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,gBAAgB,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;wBACzF,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO;YACL,eAAe,EAAE,oBAAoB;YACrC,gBAAgB,EAAE,qBAAqB;YACvC,oBAAoB,CAAC,IAAmC;gBACtD,IAAI,UAAU;oBAAE,OAAO;gBAEvB,gEAAgE;gBAChE,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;gBACvB,IAAI,oBAAoB,GAAG,KAAK,CAAC;gBAEjC,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;oBAClC,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;wBACxD,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBAClG,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBAE/E,IAAI,CAAC,UAAU,KAAK,QAAQ,IAAI,QAAQ,KAAK,UAAU,CAAC;wBACpD,CAAC,QAAQ,KAAK,MAAM,IAAI,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;wBAC3D,oBAAoB,GAAG,IAAI,CAAC;oBAChC,CAAC;gBACN,CAAC;qBAAM,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC/D,qCAAqC;oBACrC,oBAAoB,GAAG,IAAI,CAAC;gBACjC,CAAC;gBAED,IAAI,oBAAoB,EAAE,CAAC;oBACvB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;oBACzB,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;oBAE5C,sFAAsF;oBACtF,IAAI,KAAK,CAAC,IAAI,KAAK,iBAAiB,IAAI,KAAK,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;wBACxE,OAAO;oBACX,CAAC;oBAED,IAAI,oBAAoB,CAAC,SAAS,EAAE,cAAc,CAAC;wBAAE,OAAO;oBAC5D,IAAI,oBAAoB,CAAC,KAAK,EAAE,UAAU,EAAE,gBAAgB,CAAC;wBAAE,OAAO;oBAErE,IAAI,gBAAgB,CAAC,KAAK,CAAC,EAAE,CAAC;wBAC1B,OAAO,CAAC,MAAM,CAAC;4BACZ,IAAI,EAAE,KAAK;4BACX,SAAS,EAAE,uBAAuB;4BAClC,IAAI,EAAE;gCACJ,SAAS,EAAE,SAAS;gCACpB,eAAe,EAAE,4CAA4C;6BAC9D;yBACH,CAAC,CAAC;oBACP,CAAC;gBACN,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
|
|
@@ -194,7 +194,7 @@ exports.noUnsanitizedHtml = (0, eslint_devkit_2.createRule)({
|
|
|
194
194
|
const identifierName = node.right.name.toLowerCase();
|
|
195
195
|
// Direct match for common user input variable names
|
|
196
196
|
const userInputNames = ['userinput', 'userdata', 'html', 'content', 'text'];
|
|
197
|
-
isUserInput = userInputNames.includes(identifierName);
|
|
197
|
+
isUserInput = userInputNames.includes(identifierName) || identifierName.startsWith('user');
|
|
198
198
|
// Also check patterns
|
|
199
199
|
const userInputPatterns = [
|
|
200
200
|
/\breq\.(body|query|params|headers|cookies)/,
|
|
@@ -216,18 +216,11 @@ exports.noUnsanitizedHtml = (0, eslint_devkit_2.createRule)({
|
|
|
216
216
|
if (matchesIgnorePattern(rightText, ignorePatterns)) {
|
|
217
217
|
return;
|
|
218
218
|
}
|
|
219
|
-
// If
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
const identifierName = node.right.name.toLowerCase();
|
|
223
|
-
const suspiciousPatterns = ['data', 'input', 'value', 'param', 'arg'];
|
|
224
|
-
if (!suspiciousPatterns.some(pattern => identifierName.includes(pattern))) {
|
|
225
|
-
return; // Doesn't look like user input
|
|
226
|
-
}
|
|
227
|
-
}
|
|
228
|
-
else {
|
|
229
|
-
return; // Not an identifier and doesn't match patterns, might be safe
|
|
219
|
+
// If right side is a literal string/number, allow it
|
|
220
|
+
if (node.right.type === 'Literal') {
|
|
221
|
+
return;
|
|
230
222
|
}
|
|
223
|
+
// If it's not user input and not in ignore patterns, still flag because innerHTML assignments are risky without sanitization
|
|
231
224
|
}
|
|
232
225
|
// Build suggestions array - conditionally include based on context
|
|
233
226
|
// For allowInTests option, don't provide suggestions (test expects none)
|
|
@@ -242,8 +235,7 @@ exports.noUnsanitizedHtml = (0, eslint_devkit_2.createRule)({
|
|
|
242
235
|
},
|
|
243
236
|
{
|
|
244
237
|
messageId: 'useSanitizeLibrary',
|
|
245
|
-
|
|
246
|
-
fix: (_fixer) => null,
|
|
238
|
+
fix: () => [],
|
|
247
239
|
},
|
|
248
240
|
];
|
|
249
241
|
context.report({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-unsanitized-html.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-unsanitized-html.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAiBtD;;GAEG;AACH,SAAS,wBAAwB,CAC/B,IAAmB,EACnB,UAA+B,EAC/B,gBAA0B;IAE1B,IAAI,OAAO,GAAyB,IAAI,CAAC;IAEzC,OAAO,OAAO,EAAE,CAAC;QACf,IAAI,OAAO,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YAE9B,4CAA4C;YAC5C,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBACvC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;gBAC7B,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBAC7C,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wBACzE,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;YAED,oDAAoD;YACpD,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC7C,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;oBACzE,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,+CAA+C;gBAC/C,IAAI,CAAC,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC1E,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,IAAI,QAAQ,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YAC1C,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,MAAM;QACR,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,cAAwB;IAClE,OAAO,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QACnC,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACvC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,gDAAgD;YAChD,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAEY,QAAA,iBAAiB,GAAG,IAAA,0BAAU,EAA0B;IACnE,IAAI,EAAE,qBAAqB;IAC3B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,yEAAyE;SACvF;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,4BAA4B;gBACvC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,cAAc,EAAE,IAAA,gCAAgB,EAAC;gBAC/B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,iBAAiB;gBAC5B,WAAW,EAAE,sCAAsC;gBACnD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kCAAkC;gBACvC,iBAAiB,EAAE,mEAAmE;aACvF,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,kBAAkB;gBAC7B,WAAW,EAAE,0BAA0B;gBACvC,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,2CAA2C;gBAChD,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,0BAA0B,EAAE,IAAA,gCAAgB,EAAC;gBAC3C,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,gBAAgB;gBAC3B,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,gEAAgE;gBACrE,iBAAiB,EAAE,4FAA4F;aAChH,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE;wBACZ,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,sCAAsC;qBACpD;oBACD,gBAAgB,EAAE;wBAChB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,WAAW,EAAE,eAAe,EAAE,KAAK,CAAC;wBAC9C,WAAW,EAAE,gCAAgC;qBAC9C;oBACD,cAAc,EAAE;wBACd,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,oCAAoC;qBAClD;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,YAAY,EAAE,KAAK;YACnB,gBAAgB,EAAE,CAAC,WAAW,EAAE,eAAe,EAAE,KAAK,CAAC;YACvD,cAAc,EAAE,EAAE;SACnB;KACF;IACD,MAAM,CACJ,OAAsD,EACtD,CAAC,OAAO,GAAG,EAAE,CAAC;QAEd,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,gBAAgB,GAAG,CAAC,WAAW,EAAE,eAAe,EAAE,KAAK,CAAC,EACxD,cAAc,GAAG,EAAE,GACpB,GAAG,OAAkB,CAAC;QAEvB,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,YAAY,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAE5D,SAAS,yBAAyB,CAAC,IAAmC;YACpE,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,kCAAkC;YAClC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB;gBACrC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;gBACxC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;gBAE5C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC;gBAC7B,MAAM,QAAQ,GAAG,UAAU,CAAC,QAA+B,CAAC;gBAC5D,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBAE5C,sEAAsE;gBACtE,oFAAoF;gBACpF,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAC5C,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC;oBAC1C,IAAI,oBAAoB,CAAC,UAAU,EAAE,cAAc,CAAC,EAAE,CAAC;wBACrD,OAAO;oBACT,CAAC;gBACH,CAAC;gBAED,iCAAiC;gBACjC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;oBAC/C,OAAO;gBACT,CAAC;gBAED,oEAAoE;gBACpE,0DAA0D;gBAC1D,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;oBACzC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;oBACjC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;wBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;wBAC7C,IAAI,CAAC,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;4BAC1E,OAAO;wBACT,CAAC;wBACD,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;4BACzE,OAAO;wBACT,CAAC;oBACH,CAAC;oBACD,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;wBAC9E,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;wBACpD,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;4BACzE,OAAO;wBACT,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,mEAAmE;gBACnE,IAAI,wBAAwB,CAAC,IAAI,CAAC,KAAK,EAAE,UAAU,EAAE,gBAAgB,CAAC,EAAE,CAAC;oBACvE,OAAO;gBACT,CAAC;gBAED,sDAAsD;gBACtD,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAEjD,+DAA+D;gBAC/D,IAAI,WAAW,GAAG,KAAK,CAAC;gBACxB,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACrC,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrD,oDAAoD;oBACpD,MAAM,cAAc,GAAG,CAAC,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;oBAC5E,WAAW,GAAG,cAAc,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"no-unsanitized-html.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-unsanitized-html.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAiBtD;;GAEG;AACH,SAAS,wBAAwB,CAC/B,IAAmB,EACnB,UAA+B,EAC/B,gBAA0B;IAE1B,IAAI,OAAO,GAAyB,IAAI,CAAC;IAEzC,OAAO,OAAO,EAAE,CAAC;QACf,IAAI,OAAO,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YAE9B,4CAA4C;YAC5C,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBACvC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;gBAC7B,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBAC7C,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wBACzE,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;YAED,oDAAoD;YACpD,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC7C,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;oBACzE,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,+CAA+C;gBAC/C,IAAI,CAAC,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC1E,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,IAAI,QAAQ,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YAC1C,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,MAAM;QACR,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,cAAwB;IAClE,OAAO,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QACnC,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACvC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,gDAAgD;YAChD,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAEY,QAAA,iBAAiB,GAAG,IAAA,0BAAU,EAA0B;IACnE,IAAI,EAAE,qBAAqB;IAC3B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,yEAAyE;SACvF;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,4BAA4B;gBACvC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,cAAc,EAAE,IAAA,gCAAgB,EAAC;gBAC/B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,iBAAiB;gBAC5B,WAAW,EAAE,sCAAsC;gBACnD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kCAAkC;gBACvC,iBAAiB,EAAE,mEAAmE;aACvF,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,kBAAkB;gBAC7B,WAAW,EAAE,0BAA0B;gBACvC,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,2CAA2C;gBAChD,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,0BAA0B,EAAE,IAAA,gCAAgB,EAAC;gBAC3C,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,gBAAgB;gBAC3B,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,gEAAgE;gBACrE,iBAAiB,EAAE,4FAA4F;aAChH,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE;wBACZ,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,sCAAsC;qBACpD;oBACD,gBAAgB,EAAE;wBAChB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,WAAW,EAAE,eAAe,EAAE,KAAK,CAAC;wBAC9C,WAAW,EAAE,gCAAgC;qBAC9C;oBACD,cAAc,EAAE;wBACd,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,oCAAoC;qBAClD;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,YAAY,EAAE,KAAK;YACnB,gBAAgB,EAAE,CAAC,WAAW,EAAE,eAAe,EAAE,KAAK,CAAC;YACvD,cAAc,EAAE,EAAE;SACnB;KACF;IACD,MAAM,CACJ,OAAsD,EACtD,CAAC,OAAO,GAAG,EAAE,CAAC;QAEd,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,gBAAgB,GAAG,CAAC,WAAW,EAAE,eAAe,EAAE,KAAK,CAAC,EACxD,cAAc,GAAG,EAAE,GACpB,GAAG,OAAkB,CAAC;QAEvB,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,YAAY,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAE5D,SAAS,yBAAyB,CAAC,IAAmC;YACpE,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,kCAAkC;YAClC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB;gBACrC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;gBACxC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;gBAE5C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC;gBAC7B,MAAM,QAAQ,GAAG,UAAU,CAAC,QAA+B,CAAC;gBAC5D,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBAE5C,sEAAsE;gBACtE,oFAAoF;gBACpF,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAC5C,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC;oBAC1C,IAAI,oBAAoB,CAAC,UAAU,EAAE,cAAc,CAAC,EAAE,CAAC;wBACrD,OAAO;oBACT,CAAC;gBACH,CAAC;gBAED,iCAAiC;gBACjC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;oBAC/C,OAAO;gBACT,CAAC;gBAED,oEAAoE;gBACpE,0DAA0D;gBAC1D,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;oBACzC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;oBACjC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;wBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;wBAC7C,IAAI,CAAC,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;4BAC1E,OAAO;wBACT,CAAC;wBACD,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;4BACzE,OAAO;wBACT,CAAC;oBACH,CAAC;oBACD,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;wBAC9E,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;wBACpD,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;4BACzE,OAAO;wBACT,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,mEAAmE;gBACnE,IAAI,wBAAwB,CAAC,IAAI,CAAC,KAAK,EAAE,UAAU,EAAE,gBAAgB,CAAC,EAAE,CAAC;oBACvE,OAAO;gBACT,CAAC;gBAED,sDAAsD;gBACtD,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAEjD,+DAA+D;gBAC/D,IAAI,WAAW,GAAG,KAAK,CAAC;gBACxB,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACrC,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrD,oDAAoD;oBACpD,MAAM,cAAc,GAAG,CAAC,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;oBAC5E,WAAW,GAAG,cAAc,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;oBAE3F,sBAAsB;oBACtB,MAAM,iBAAiB,GAAG;wBACxB,4CAA4C;wBAC5C,gCAAgC;qBACjC,CAAC;oBACF,WAAW,GAAG,WAAW,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;wBAC/E,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;gBAC1E,CAAC;qBAAM,CAAC;oBACN,MAAM,iBAAiB,GAAG;wBACxB,6CAA6C;wBAC7C,4CAA4C;wBAC5C,gCAAgC;qBACjC,CAAC;oBACF,WAAW,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;gBAC3E,CAAC;gBAED,+EAA+E;gBAC/E,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,IAAI,oBAAoB,CAAC,SAAS,EAAE,cAAc,CAAC,EAAE,CAAC;wBACpD,OAAO;oBACT,CAAC;oBACD,qDAAqD;oBACrD,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;wBAClC,OAAO;oBACT,CAAC;oBAED,6HAA6H;gBAC/H,CAAC;gBAED,mEAAmE;gBACnE,yEAAyE;gBACzE,MAAM,WAAW,GACf,YAAY,IAAI,CAAC,UAAU;oBACzB,CAAC,CAAC,SAAS,CAAC,oEAAoE;oBAChF,CAAC,CAAC;wBACE;4BACE,SAAS,EAAE,gBAAgB;4BAC3B,GAAG,EAAE,CAAC,KAAyB,EAAE,EAAE;gCACjC,OAAO,KAAK,CAAC,WAAW,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;4BACpD,CAAC;yBACF;wBACD;4BACE,SAAS,EAAE,oBAAoB;4BAC/B,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE;yBACd;qBACF,CAAC;gBAER,OAAO,CAAC,MAAM,CAAC;oBACb,IAAI,EAAE,UAAU;oBAChB,SAAS,EAAE,iBAAiB;oBAC5B,IAAI,EAAE;wBACJ,UAAU,EAAE,WAAW;wBACvB,eAAe,EAAE,+HAA+H;qBACjJ;oBACD,OAAO,EAAE,WAAW;iBACrB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,SAAS,iBAAiB,CAAC,IAA2B;YACpD,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;gBACvC,OAAO;YACT,CAAC;YAED,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;YAErC,oCAAoC;YACpC,IAAI,aAAa,KAAK,yBAAyB,EAAE,CAAC;gBAChD,kCAAkC;gBAClC,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,wBAAwB,EAAE,CAAC;oBAC/D,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;oBAEzC,+CAA+C;oBAC/C,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;wBAC3C,MAAM,YAAY,GAAG,UAAU,CAAC,UAAU,CAAC,IAAI,CAC7C,CAAC,IAAqD,EAA6B,EAAE,CACnF,IAAI,CAAC,IAAI,KAAK,UAAU;4BACxB,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY;4BAC9B,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,QAAQ,CAC7B,CAAC;wBAEF,IAAI,YAAY,IAAI,YAAY,CAAC,KAAK,EAAE,CAAC;4BACvC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC;4BAErC,kCAAkC;4BAClC,IAAI,SAAS,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;gCACxC,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;gCAChC,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oCAC9E,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oCACpD,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wCACzE,OAAO,CAAC,iBAAiB;oCAC3B,CAAC;gCACH,CAAC;gCACD,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oCACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oCAC7C,IAAI,CAAC,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;wCAC1E,OAAO,CAAC,iBAAiB;oCAC3B,CAAC;gCACH,CAAC;4BACH,CAAC;4BAED,iDAAiD;4BACjD,MAAM,aAAa,GAAG,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;4BACpD,IAAI,gBAAgB,GAAG,KAAK,CAAC;4BAE7B,IAAI,SAAS,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gCACpC,MAAM,cAAc,GAAG,SAAS,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gCACpD,MAAM,cAAc,GAAG,CAAC,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;gCAC5E,gBAAgB,GAAG,cAAc,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;4BAC7D,CAAC;4BAED,MAAM,iBAAiB,GAAG;gCACxB,6CAA6C;gCAC7C,4CAA4C;gCAC5C,gCAAgC;6BACjC,CAAC;4BAEF,gBAAgB,GAAG,gBAAgB,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;4BAEtG,IAAI,gBAAgB,EAAE,CAAC;gCACrB,6BAA6B;4BAC/B,CAAC;iCAAM,CAAC;gCACN,sCAAsC;gCACtC,IAAI,oBAAoB,CAAC,aAAa,EAAE,cAAc,CAAC,EAAE,CAAC;oCACxD,OAAO;gCACT,CAAC;gCACD,sEAAsE;gCACtE,OAAO;4BACT,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACb,IAAI;oBACJ,SAAS,EAAE,iBAAiB;oBAC5B,IAAI,EAAE;wBACJ,UAAU,EAAE,yBAAyB;wBACrC,eAAe,EAAE,4HAA4H;qBAC9I;oBACD,OAAO,EAAE;wBACP;4BACE,SAAS,EAAE,4BAA4B;4BACvC,6DAA6D;4BAC7D,GAAG,EAAE,CAAC,MAA0B,EAAE,EAAE,CAAC,IAAI;yBAC1C;qBACF;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,oBAAoB,EAAE,yBAAyB;YAC/C,YAAY,EAAE,iBAAiB;SAChC,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
|