@microsoft/eslint-plugin-sdl - npm Package Compare versions

Comparing version 0.1.9 to 0.2.0

config/react.js

@@ -23,4 +23,2 @@ // Copyright (c) Microsoft Corporation.
       warnOnSpreadAttributes: true,
-      links: true,
-      forms: true    
      }
@@ -27,0 +25,0 @@ ]

lib/ast-utils.js

@@ -31,19 +31,14 @@ // Copyright (c) Microsoft Corporation.
     },
-    getNodeType(node, context) {
-        const typeChecker = context.parserServices.program.getTypeChecker();
-        const tsNode = context.parserServices.esTreeNodeToTSNodeMap.get(node);
-        const tsType = typeChecker.getTypeAtLocation(tsNode);
-        return typeChecker.typeToString(tsType);
+    getNodeTypeAsString(fullTypeChecker, node, context) {
+        if (fullTypeChecker && node) {
+          const tsNode = context.parserServices.esTreeNodeToTSNodeMap.get(node);
+          const tsType = fullTypeChecker.getTypeAtLocation(tsNode);
+          const type = fullTypeChecker.typeToString(tsType);
+          return type;
+        }
+        return "any";
     },
-    getCallerType(fullTypeChecker, object, context){
-        const tsNode = context.parserServices.esTreeNodeToTSNodeMap.get(object);
-        const tsType = fullTypeChecker.getTypeAtLocation(tsNode);
-        const type = fullTypeChecker.typeToString(tsType);
-        return type;
-    },
     isDocumentObject(node, context, fullTypeChecker) {
         if (fullTypeChecker) {
-            const tsNode = context.parserServices.esTreeNodeToTSNodeMap.get(node);
-            const tsType = fullTypeChecker.getTypeAtLocation(tsNode);
-            const type = fullTypeChecker.typeToString(tsType);
+            const type = this.getNodeTypeAsString(fullTypeChecker, node, context);
             return (type === "Document");
@@ -62,3 +57,4 @@ }
                         (node.object != undefined &&
-                        node.object.name == "window") ||
+                         typeof node.object.name === "string" &&
+                         node.object.name.toLowerCase().endsWith('window')) ||
                         (
@@ -65,0 +61,0 @@ node.object != undefined &&

lib/rules/no-angularjs-sanitization-whitelist.js

@@ -28,10 +28,10 @@ // Copyright (c) Microsoft Corporation.
     },
-    create: function(context) {
+    create: function (context) {
         return {
             "CallExpression[arguments!=''][callee.object.name='$compileProvider'][callee.property.name=/(aHref|imgSrc)SanitizationWhitelist/]"(node) {
                 context.report(
-                {
-                    node: node,
-                    messageId: "noSanitizationWhitelist"
-                });
+                    {
+                        node: node,
+                        messageId: "noSanitizationWhitelist"
+                    });
             }
@@ -38,0 +38,0 @@ };

lib/rules/no-inner-html.js

@@ -33,14 +33,4 @@ // Copyright (c) Microsoft Corporation.
 
-    function getNodeTypeAsString(node) {
-      if (fullTypeChecker && node) {
-        const tsNode = context.parserServices.esTreeNodeToTSNodeMap.get(node);
-        const tsType = fullTypeChecker.getTypeAtLocation(tsNode);
-        const type = fullTypeChecker.typeToString(tsType);
-        return type;
-      }
-      return "any";
-    }
-
     function mightBeHTMLElement(node) {
-      const type = getNodeTypeAsString(node);
+      const type = astUtils.getNodeTypeAsString(fullTypeChecker, node, context);
       return type.match(/HTML.*Element/) || type === "any";
@@ -47,0 +37,0 @@ }

lib/rules/no-insecure-random.js

@@ -50,3 +50,3 @@ // Copyright (c) Microsoft Corporation.
         if (fullTypeChecker) {
-          const type = astUtils.getCallerType(fullTypeChecker, node.object, context);
+          const type = astUtils.getNodeTypeAsString(fullTypeChecker, node.object, context);
           notFalsePositive = type === "any" || type === "Crypto";
@@ -67,3 +67,3 @@ }else{
         if (fullTypeChecker) {
-          const type = astUtils.getCallerType(fullTypeChecker, node.object, context);
+          const type = astUtils.getNodeTypeAsString(fullTypeChecker, node.object, context);
           notFalsePositive = type === "any" || type === "Math";
@@ -70,0 +70,0 @@ }else{

package.json

 {
   "name": "@microsoft/eslint-plugin-sdl",
-  "version": "0.1.9",
+  "version": "0.2.0",
   "description": "ESLint plugin focused on common security issues and misconfigurations discoverable during static testing as part of Microsoft Security Development Lifecycle (SDL)",
@@ -5,0 +5,0 @@ "keywords": [

No alert changes

Improved metrics

Total package byte prevSize

73101

increased by1.34%

Number of package files

51

increased by2%

Lines of code

1192

increased by1.71%

No dependency changes