eslint-plugin-no-secrets
Advanced tools
Comparing version 0.2.3 to 0.3.3
30
index.js
@@ -1,2 +0,9 @@ | ||
const { shannonEntropy, checkOptions, HIGH_ENTROPY, PATTERN_MATCH, isModulePathString } = require("./utils"); | ||
const { | ||
getIdentifierName, | ||
shannonEntropy, | ||
checkOptions, | ||
HIGH_ENTROPY, | ||
PATTERN_MATCH, | ||
isModulePathString | ||
} = require("./utils"); | ||
const STANDARD_PATTERNS = require("./regexes"); | ||
@@ -29,2 +36,9 @@ | ||
function shouldIgnore(value,toIgnore) { | ||
for (let i = 0; i < toIgnore.length; i++) { | ||
if (value.match(toIgnore[i])) return true; | ||
} | ||
return false; | ||
} | ||
module.exports = { | ||
@@ -44,3 +58,3 @@ rules: { | ||
create(context) { | ||
const { tolerance, additionalRegexes, ignoreContent, ignoreModules } = checkOptions(context.options[0] || {}); | ||
const { tolerance, additionalRegexes, ignoreContent, ignoreModules,ignoreIdentifiers } = checkOptions(context.options[0] || {}); | ||
const sourceCode = context.getSourceCode(); | ||
@@ -66,11 +80,5 @@ const comments = sourceCode.getAllComments(); | ||
} | ||
function shouldIgnore(value) { | ||
for (let i = 0; i < ignoreContent.length; i++) { | ||
if (value.match(ignoreContent[i])) return true; | ||
} | ||
return false; | ||
} | ||
function checkString(value, node) { | ||
const idName = getIdentifierName(node); | ||
if (idName && shouldIgnore(idName,ignoreIdentifiers)) return; | ||
if (!isNonEmptyString(value)) return; | ||
@@ -80,3 +88,3 @@ if (ignoreModules && isModulePathString(node)) { | ||
} | ||
if (shouldIgnore(value)) return; | ||
if (shouldIgnore(value,ignoreContent)) return; | ||
checkEntropy(value, tolerance).forEach(payload => { | ||
@@ -83,0 +91,0 @@ entropyReport(payload, node); |
{ | ||
"name": "eslint-plugin-no-secrets", | ||
"version": "0.2.3", | ||
"version": "0.3.3", | ||
"description": "An eslint rule that searches for potential secrets/keys in code", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -56,3 +56,4 @@ # eslint-plugin-no-secrets | ||
Either disable it with a comment | ||
### 1. Either disable it with a comment | ||
```javascript | ||
@@ -63,3 +64,5 @@ // Set of potential base64 characters | ||
``` | ||
or use the `ignoreContent` | ||
### 2. use the `ignoreContent` to ignore certain content | ||
```json | ||
@@ -74,2 +77,13 @@ { | ||
### 3. Or use `ignoreIdentifiers` to ignore certain variable/property names | ||
```json | ||
{ | ||
"plugins":["no-secrets"], | ||
"rules":{ | ||
"no-secrets/no-secrets":["error",{"ignoreIdentifiers":["BASE64_CHARS"]}] | ||
} | ||
} | ||
``` | ||
This will tell future maintainers of the codebase that this suspicious string isn't an oversight | ||
@@ -82,5 +96,6 @@ | ||
|tolerance|Maximum "randomness"/entropy allowed|`4`|`number`| | ||
|additionalRegexes|Object of additional patterns to check. Key is check name and value is corresponding pattern |`{}`|`{[regexCheckName:string]:string | RegExp}`| | ||
|ignoreContent|Will ignore the *entire* string if matched. Expects either a pattern or an array of patterns. This option takes precedent over `additionalRegexes` and the default regular expressions|`[]`|`string | RegExp | (string|RegExp)[]`| | ||
|additionalRegexes|Object of additional patterns to check. Key is check name and value is corresponding pattern |`{}`|{\[regexCheckName:string]:string \| RegExp}| | ||
|ignoreContent|Will ignore the *entire* string if matched. Expects either a pattern or an array of patterns. This option takes precedent over `additionalRegexes` and the default regular expressions|`[]`|string \| RegExp \| (string\|RegExp)[]| | ||
|ignoreModules|Ignores strings that are an argument in `import()` and `require()` or is the path in an `import` statement.|`true`|`boolean`| | ||
|ignoreIdentifiers|Ignores the values of properties and variables that match a pattern or an array of patterns. |`[]`|string \| RegExp \| (string\|RegExp)[]| | ||
@@ -87,0 +102,0 @@ ## Acknowledgements |
81
utils.js
@@ -14,3 +14,23 @@ const MATH_LOG_2 = Math.log(2); | ||
function checkOptions({ tolerance, additionalRegexes, ignoreContent, ignoreModules }) { | ||
function compileListOfPatterns(patterns = [], name) { | ||
if (!Array.isArray(patterns)) { | ||
if (typeof patterns === "string" || patterns instanceof RegExp) { | ||
patterns = [patterns]; | ||
} else { | ||
throw new Error(`Expected '${name}' to be an a array, a string, or a RegExp`); | ||
} | ||
} | ||
const compiledPatterns = []; | ||
for (let i = 0; i < patterns.length; i++) { | ||
try { | ||
compiledPatterns[i] = patterns[i] instanceof RegExp ? patterns[i] : new RegExp(String(patterns[i])); | ||
} catch (e) { | ||
throw new Error("Failed to compiled the regexp " + patterns[i]); | ||
} | ||
} | ||
return compiledPatterns; | ||
} | ||
function checkOptions({ tolerance, additionalRegexes, ignoreContent, ignoreModules, ignoreIdentifiers }) { | ||
ignoreModules = ignoreModules || true; | ||
@@ -45,22 +65,9 @@ if (typeof ignoreModules !== "boolean") { | ||
ignoreContent = ignoreContent || []; | ||
if (!Array.isArray(ignoreContent)) { | ||
if (typeof ignoreContent === "string" || ignoreContent instanceof RegExp) { | ||
ignoreContent = [ignoreContent]; | ||
} else { | ||
throw new Error("Expected 'ignoreContent' to be an a array, a string, or a RegExp"); | ||
} | ||
} | ||
const compiledIgnoreContent = []; | ||
for (let i = 0; i < ignoreContent.length; i++) { | ||
try { | ||
compiledIgnoreContent[i] = | ||
ignoreContent[i] instanceof RegExp ? ignoreContent[i] : new RegExp(String(ignoreContent[i])); | ||
} catch (e) { | ||
throw new Error("Failed to compiled the regexp " + ignoreContent[i]); | ||
} | ||
} | ||
return { tolerance, additionalRegexes: compiledRegexes, ignoreContent: compiledIgnoreContent, ignoreModules }; | ||
return { | ||
tolerance, | ||
additionalRegexes: compiledRegexes, | ||
ignoreContent: compileListOfPatterns(ignoreContent), | ||
ignoreModules, | ||
ignoreIdentifiers:compileListOfPatterns(ignoreIdentifiers) | ||
}; | ||
} | ||
@@ -111,2 +118,32 @@ | ||
const VARORPROP = ["AssignmentExpression", "Property", "VariableDeclarator"]; | ||
function getPropertyName(node) { | ||
return node.parent.key && node.parent.key.type === "Identifier" && node.parent.key.name; | ||
} | ||
function getIdentifierName(node) { | ||
if (!node || !node.parent) return false; | ||
switch (node.parent.type) { | ||
case "VariableDeclarator": | ||
return getVarName(node); | ||
case "AssignmentExpression": | ||
return getAssignmentName(node); | ||
case "Property": | ||
return getPropertyName(node); | ||
default: | ||
return false; | ||
} | ||
} | ||
function getVarName(node) { | ||
return node.parent.id && node.parent.id.name; | ||
} | ||
function getAssignmentName(node) { | ||
return ( | ||
node.parent.left && node.parent.property && node.parent.property.type === "Identifier" && node.parent.property.name | ||
); | ||
} | ||
const HIGH_ENTROPY = "HIGH_ENTROPY"; | ||
@@ -116,2 +153,2 @@ | ||
module.exports = { shannonEntropy, checkOptions, HIGH_ENTROPY, PATTERN_MATCH, isModulePathString }; | ||
module.exports = { getIdentifierName, shannonEntropy, checkOptions, HIGH_ENTROPY, PATTERN_MATCH, isModulePathString }; |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
14334
255
103