eslint-plugin-security-node
ESLint plugin containing Node.js security rules
This plugin will help to identify potential threats and prevent attacks.
Installation
npm install --save-dev eslint-plugin-security-node
Usage
Add the following configuration to your .eslintrc
file:
"plugins": [
"security-node"
],
"extends": [
"plugin:security-node/recommended"
]
Developer guide
Tests
Type the following to test all the rules:
$ npm test
Type the following to test a particular rule:
$ ./node_modules/.bin/mocha tests/lib/rules/rule_name
Rules
detect non literal regular expr
For details check the documentation file non-literal-reg-expr
detect absence of property:name in express-session
For details check the documentation file detect-absence-of-name-option-in-exrpress-session
detect Buffer unsafe allocation
For details check the documentation file detect-buffer-unsafe-allocation
detect exec of child_process with non-Literal argument
For details check the documentation file detect-child-process
detect crlf attack
For details check the documentation file detect-crlf
detect dangerous redirects
For more information check the documentation file detect-dangerous-redirects
detect-eval-with-expr
For more information check the documentation file detect-eval-with-expr
detect-html-injection
For more information check the documentation file detect-html-injection
detect-insecure-randomness
For more information check the documentation file detect-insecure-randomness
detect-non-literal-require-calls
For more information check the documentation file detect-non-literal-require-calls
detect-nosql-injection
For more information check the documentation file detect-nosql-injection
detect-option-multiplestatements-in-mysql
For more information check the documentation file detect-option-multiplestatements-in-mysql
detect-option-rejectunauthorized-in-nodejs-httpsrequest
For more information check the documentation file detect-option-rejectunauthorized-in-nodejs-httpsrequest
detect-option-unsafe-in-serialize-javascript-npm-package
For more information check the documentation file detect-option-unsafe-in-serialize-javascript-npm-package
detect-possible-timing-attacks
For more information check the documentation file detect-possible-timing-attacks
detect-runinthiscontext-method-in-nodes-vm
For more information check the documentation file detect-runinthiscontext-method-in-nodes-vm.
detect-security-missconfiguration-cookie
For more information check the documentation file detect-security-missconfiguration-cookie
detect-sql-injection
For more information check the documentation file detect-sql-injection
disable-ssl-across-node-server
For more information check the documentation file disable-ssl-across-node-server
detect-improper-exception-handling
For more information check the documentation file detect-improper-exception-handling
detect-unhandled-async-errors
For more information check the documentation file detect-unhandled-async-errors
detect-unhandled-event-errors
For more information check the documentation file detect-unhandled-event-errors
Changelog
All notable changes to this project will be documented in this file. Dates are displayed in UTC.
Generated by auto-changelog
.
- fix: potential error in isTryCatchStatement
#63
- updated Readme with changelog
0520676
- test: update test
922ded3
1.1.2
- Bump diff and mocha
#74
- Bump debug and mocha
#73
- Bump growl and mocha
#72
- Bump minimatch from 3.0.4 to 3.1.2
#71
- Bump ansi-regex from 3.0.0 to 3.0.1
#70
- Bump minimist, mkdirp and mocha
#69
- Bump ajv from 6.10.0 to 6.12.6
#62
- Added release-it script
#78
- Request to add new rules
#60
- Fix headings
#61
- Revisions for new rules
#2
- chore: remove node_modules
#59
- add new rules
#1
- Bump lodash from 4.17.19 to 4.17.21
#58
- Add docs urls to rules
#57
- remove remaining references to helmet without nocache
#54
- Remove noCache since it has been depricated
#53
- Fixed typos and improved grammar
#50
- Bump lodash from 4.17.15 to 4.17.19
#49
- Bump acorn from 6.1.1 to 6.4.1
#48
- fix: remove console logs in create functions
#46
- Bump lodash from 4.17.11 to 4.17.15
#44
- Bump eslint-utils from 1.3.1 to 1.4.3
#43
- Update Readme.md file
#1
- Changed package lock
b0f2d6a
- #21 Rule Ready tested
0ca48df
- Deleted some files
ce7d04d