Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

eslint-plugin-no-secrets

Package Overview
Dependencies
Maintainers
1
Versions
17
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

eslint-plugin-no-secrets - npm Package Compare versions

Comparing version 0.2.3 to 0.3.3

30

index.js

@@ -1,2 +0,9 @@

const { shannonEntropy, checkOptions, HIGH_ENTROPY, PATTERN_MATCH, isModulePathString } = require("./utils");
const {
getIdentifierName,
shannonEntropy,
checkOptions,
HIGH_ENTROPY,
PATTERN_MATCH,
isModulePathString
} = require("./utils");
const STANDARD_PATTERNS = require("./regexes");

@@ -29,2 +36,9 @@

function shouldIgnore(value,toIgnore) {
for (let i = 0; i < toIgnore.length; i++) {
if (value.match(toIgnore[i])) return true;
}
return false;
}
module.exports = {

@@ -44,3 +58,3 @@ rules: {

create(context) {
const { tolerance, additionalRegexes, ignoreContent, ignoreModules } = checkOptions(context.options[0] || {});
const { tolerance, additionalRegexes, ignoreContent, ignoreModules,ignoreIdentifiers } = checkOptions(context.options[0] || {});
const sourceCode = context.getSourceCode();

@@ -66,11 +80,5 @@ const comments = sourceCode.getAllComments();

}
function shouldIgnore(value) {
for (let i = 0; i < ignoreContent.length; i++) {
if (value.match(ignoreContent[i])) return true;
}
return false;
}
function checkString(value, node) {
const idName = getIdentifierName(node);
if (idName && shouldIgnore(idName,ignoreIdentifiers)) return;
if (!isNonEmptyString(value)) return;

@@ -80,3 +88,3 @@ if (ignoreModules && isModulePathString(node)) {

}
if (shouldIgnore(value)) return;
if (shouldIgnore(value,ignoreContent)) return;
checkEntropy(value, tolerance).forEach(payload => {

@@ -83,0 +91,0 @@ entropyReport(payload, node);

{
"name": "eslint-plugin-no-secrets",
"version": "0.2.3",
"version": "0.3.3",
"description": "An eslint rule that searches for potential secrets/keys in code",

@@ -5,0 +5,0 @@ "main": "index.js",

@@ -56,3 +56,4 @@ # eslint-plugin-no-secrets

Either disable it with a comment
### 1. Either disable it with a comment
```javascript

@@ -63,3 +64,5 @@ // Set of potential base64 characters

```
or use the `ignoreContent`
### 2. use the `ignoreContent` to ignore certain content
```json

@@ -74,2 +77,13 @@ {

### 3. Or use `ignoreIdentifiers` to ignore certain variable/property names
```json
{
"plugins":["no-secrets"],
"rules":{
"no-secrets/no-secrets":["error",{"ignoreIdentifiers":["BASE64_CHARS"]}]
}
}
```
This will tell future maintainers of the codebase that this suspicious string isn't an oversight

@@ -82,5 +96,6 @@

|tolerance|Maximum "randomness"/entropy allowed|`4`|`number`|
|additionalRegexes|Object of additional patterns to check. Key is check name and value is corresponding pattern |`{}`|`{[regexCheckName:string]:string | RegExp}`|
|ignoreContent|Will ignore the *entire* string if matched. Expects either a pattern or an array of patterns. This option takes precedent over `additionalRegexes` and the default regular expressions|`[]`|`string | RegExp | (string|RegExp)[]`|
|additionalRegexes|Object of additional patterns to check. Key is check name and value is corresponding pattern |`{}`|{\[regexCheckName:string]:string \| RegExp}|
|ignoreContent|Will ignore the *entire* string if matched. Expects either a pattern or an array of patterns. This option takes precedent over `additionalRegexes` and the default regular expressions|`[]`|string \| RegExp \| (string\|RegExp)[]|
|ignoreModules|Ignores strings that are an argument in `import()` and `require()` or is the path in an `import` statement.|`true`|`boolean`|
|ignoreIdentifiers|Ignores the values of properties and variables that match a pattern or an array of patterns. |`[]`|string \| RegExp \| (string\|RegExp)[]|

@@ -87,0 +102,0 @@ ## Acknowledgements

@@ -14,3 +14,23 @@ const MATH_LOG_2 = Math.log(2);

function checkOptions({ tolerance, additionalRegexes, ignoreContent, ignoreModules }) {
function compileListOfPatterns(patterns = [], name) {
if (!Array.isArray(patterns)) {
if (typeof patterns === "string" || patterns instanceof RegExp) {
patterns = [patterns];
} else {
throw new Error(`Expected '${name}' to be an a array, a string, or a RegExp`);
}
}
const compiledPatterns = [];
for (let i = 0; i < patterns.length; i++) {
try {
compiledPatterns[i] = patterns[i] instanceof RegExp ? patterns[i] : new RegExp(String(patterns[i]));
} catch (e) {
throw new Error("Failed to compiled the regexp " + patterns[i]);
}
}
return compiledPatterns;
}
function checkOptions({ tolerance, additionalRegexes, ignoreContent, ignoreModules, ignoreIdentifiers }) {
ignoreModules = ignoreModules || true;

@@ -45,22 +65,9 @@ if (typeof ignoreModules !== "boolean") {

ignoreContent = ignoreContent || [];
if (!Array.isArray(ignoreContent)) {
if (typeof ignoreContent === "string" || ignoreContent instanceof RegExp) {
ignoreContent = [ignoreContent];
} else {
throw new Error("Expected 'ignoreContent' to be an a array, a string, or a RegExp");
}
}
const compiledIgnoreContent = [];
for (let i = 0; i < ignoreContent.length; i++) {
try {
compiledIgnoreContent[i] =
ignoreContent[i] instanceof RegExp ? ignoreContent[i] : new RegExp(String(ignoreContent[i]));
} catch (e) {
throw new Error("Failed to compiled the regexp " + ignoreContent[i]);
}
}
return { tolerance, additionalRegexes: compiledRegexes, ignoreContent: compiledIgnoreContent, ignoreModules };
return {
tolerance,
additionalRegexes: compiledRegexes,
ignoreContent: compileListOfPatterns(ignoreContent),
ignoreModules,
ignoreIdentifiers:compileListOfPatterns(ignoreIdentifiers)
};
}

@@ -111,2 +118,32 @@

const VARORPROP = ["AssignmentExpression", "Property", "VariableDeclarator"];
function getPropertyName(node) {
return node.parent.key && node.parent.key.type === "Identifier" && node.parent.key.name;
}
function getIdentifierName(node) {
if (!node || !node.parent) return false;
switch (node.parent.type) {
case "VariableDeclarator":
return getVarName(node);
case "AssignmentExpression":
return getAssignmentName(node);
case "Property":
return getPropertyName(node);
default:
return false;
}
}
function getVarName(node) {
return node.parent.id && node.parent.id.name;
}
function getAssignmentName(node) {
return (
node.parent.left && node.parent.property && node.parent.property.type === "Identifier" && node.parent.property.name
);
}
const HIGH_ENTROPY = "HIGH_ENTROPY";

@@ -116,2 +153,2 @@

module.exports = { shannonEntropy, checkOptions, HIGH_ENTROPY, PATTERN_MATCH, isModulePathString };
module.exports = { getIdentifierName, shannonEntropy, checkOptions, HIGH_ENTROPY, PATTERN_MATCH, isModulePathString };
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc