@microsoft/eslint-plugin-sdl
Advanced tools
Comparing version 0.1.9 to 0.2.0
@@ -23,4 +23,2 @@ // Copyright (c) Microsoft Corporation. | ||
warnOnSpreadAttributes: true, | ||
links: true, | ||
forms: true | ||
} | ||
@@ -27,0 +25,0 @@ ] |
@@ -31,19 +31,14 @@ // Copyright (c) Microsoft Corporation. | ||
}, | ||
getNodeType(node, context) { | ||
const typeChecker = context.parserServices.program.getTypeChecker(); | ||
const tsNode = context.parserServices.esTreeNodeToTSNodeMap.get(node); | ||
const tsType = typeChecker.getTypeAtLocation(tsNode); | ||
return typeChecker.typeToString(tsType); | ||
getNodeTypeAsString(fullTypeChecker, node, context) { | ||
if (fullTypeChecker && node) { | ||
const tsNode = context.parserServices.esTreeNodeToTSNodeMap.get(node); | ||
const tsType = fullTypeChecker.getTypeAtLocation(tsNode); | ||
const type = fullTypeChecker.typeToString(tsType); | ||
return type; | ||
} | ||
return "any"; | ||
}, | ||
getCallerType(fullTypeChecker, object, context){ | ||
const tsNode = context.parserServices.esTreeNodeToTSNodeMap.get(object); | ||
const tsType = fullTypeChecker.getTypeAtLocation(tsNode); | ||
const type = fullTypeChecker.typeToString(tsType); | ||
return type; | ||
}, | ||
isDocumentObject(node, context, fullTypeChecker) { | ||
if (fullTypeChecker) { | ||
const tsNode = context.parserServices.esTreeNodeToTSNodeMap.get(node); | ||
const tsType = fullTypeChecker.getTypeAtLocation(tsNode); | ||
const type = fullTypeChecker.typeToString(tsType); | ||
const type = this.getNodeTypeAsString(fullTypeChecker, node, context); | ||
return (type === "Document"); | ||
@@ -62,3 +57,4 @@ } | ||
(node.object != undefined && | ||
node.object.name == "window") || | ||
typeof node.object.name === "string" && | ||
node.object.name.toLowerCase().endsWith('window')) || | ||
( | ||
@@ -65,0 +61,0 @@ node.object != undefined && |
@@ -28,10 +28,10 @@ // Copyright (c) Microsoft Corporation. | ||
}, | ||
create: function(context) { | ||
create: function (context) { | ||
return { | ||
"CallExpression[arguments!=''][callee.object.name='$compileProvider'][callee.property.name=/(aHref|imgSrc)SanitizationWhitelist/]"(node) { | ||
context.report( | ||
{ | ||
node: node, | ||
messageId: "noSanitizationWhitelist" | ||
}); | ||
{ | ||
node: node, | ||
messageId: "noSanitizationWhitelist" | ||
}); | ||
} | ||
@@ -38,0 +38,0 @@ }; |
@@ -33,14 +33,4 @@ // Copyright (c) Microsoft Corporation. | ||
function getNodeTypeAsString(node) { | ||
if (fullTypeChecker && node) { | ||
const tsNode = context.parserServices.esTreeNodeToTSNodeMap.get(node); | ||
const tsType = fullTypeChecker.getTypeAtLocation(tsNode); | ||
const type = fullTypeChecker.typeToString(tsType); | ||
return type; | ||
} | ||
return "any"; | ||
} | ||
function mightBeHTMLElement(node) { | ||
const type = getNodeTypeAsString(node); | ||
const type = astUtils.getNodeTypeAsString(fullTypeChecker, node, context); | ||
return type.match(/HTML.*Element/) || type === "any"; | ||
@@ -47,0 +37,0 @@ } |
@@ -50,3 +50,3 @@ // Copyright (c) Microsoft Corporation. | ||
if (fullTypeChecker) { | ||
const type = astUtils.getCallerType(fullTypeChecker, node.object, context); | ||
const type = astUtils.getNodeTypeAsString(fullTypeChecker, node.object, context); | ||
notFalsePositive = type === "any" || type === "Crypto"; | ||
@@ -67,3 +67,3 @@ }else{ | ||
if (fullTypeChecker) { | ||
const type = astUtils.getCallerType(fullTypeChecker, node.object, context); | ||
const type = astUtils.getNodeTypeAsString(fullTypeChecker, node.object, context); | ||
notFalsePositive = type === "any" || type === "Math"; | ||
@@ -70,0 +70,0 @@ }else{ |
{ | ||
"name": "@microsoft/eslint-plugin-sdl", | ||
"version": "0.1.9", | ||
"version": "0.2.0", | ||
"description": "ESLint plugin focused on common security issues and misconfigurations discoverable during static testing as part of Microsoft Security Development Lifecycle (SDL)", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
73101
51
1192