eslint-plugin-security-rules
Advanced tools
eslint-plugin-security-rules - npm Package Compare versions
Comparing version 0.6.9 to 0.7.0
@@ -24,3 +24,3 @@ "use strict"; | ||
| exports.uniNoHardcodedCredentials = createRule({ | ||
| name: "no-hardcoded-credentials/uni", | ||
| name: "no-hardcoded-credentials/universal", | ||
| defaultOptions: [], | ||
@@ -27,0 +27,0 @@ meta: { |
@@ -21,2 +21,3 @@ "use strict"; | ||
| invalidTests["DES"] = "error-des"; | ||
| invalidTests["RENAMED_FUNCTION"] = "error-renamed-function"; | ||
| })(invalidTests || (invalidTests = {})); | ||
@@ -42,4 +43,5 @@ const ruleTester = new utils_1.ESLintUtils.RuleTester({ | ||
| Object.assign(Object.assign({}, (0, get_code_1.getCode)(__dirname, invalidTests.DES)), { errors: [{ messageId: messages_1.MessageIds.INSECURE_CIPHER }] }), | ||
| Object.assign(Object.assign({}, (0, get_code_1.getCode)(__dirname, invalidTests.RENAMED_FUNCTION)), { errors: [{ messageId: messages_1.MessageIds.INSECURE_CIPHER }] }), | ||
| ], | ||
| }); | ||
| //# sourceMappingURL=_test.js.map |
@@ -11,2 +11,3 @@ "use strict"; | ||
| const messages_1 = require("../_utils/messages"); | ||
| const count_placeholders_1 = require("./utils/count-placeholders"); | ||
| const is_query_safe_1 = require("./utils/is-query-safe"); | ||
@@ -74,2 +75,3 @@ const createRule = (0, eslint_utils_1.RuleCreator)(resolve_docs_route_1.resolveDocsRoute); | ||
| const queryValues = node.arguments[1]; | ||
| const totalPlaceholders = (0, count_placeholders_1.countPlaceholders)(checkRes.queryUpToNode); | ||
| if (!valuesArray) { | ||
@@ -88,2 +90,10 @@ if (!(0, guards_1.isArrowFunctionExpression)(queryValues) && queryValues) { | ||
| { | ||
| messageId: messages_1.MessageIds.PARAMTERIZED_FIX_VALUES, | ||
| fix: (fixer) => paramterizeQueryFix({ ruleContext: context }, fixer, "?", totalPlaceholders, query, objNode, valuesArray, checkRes.troubleNode), | ||
| }, | ||
| { | ||
| messageId: messages_1.MessageIds.PARAMTERIZED_FIX_IDENTIFIERS, | ||
| fix: (fixer) => paramterizeQueryFix({ ruleContext: context }, fixer, "??", totalPlaceholders, query, objNode, valuesArray, checkRes.troubleNode), | ||
| }, | ||
| { | ||
| messageId: messages_1.MessageIds.ESCAPE_FIX_VALUES, | ||
@@ -95,31 +105,3 @@ fix: (fixer) => escapeQueryValuesFix(fixer, escapeIdentifier, checkRes.troubleNode), | ||
| fix: (fixer) => escapeQueryIdentifiersFix(fixer, escapeIdentifier, checkRes.troubleNode), | ||
| } /* | ||
| // @TODO: Count numbers of occourences of an identifier | ||
| // in the query to place it correctly in the array. | ||
| { | ||
| messageId: MessageIds.PARAMTERIZED_FIX_VALUES, | ||
| fix: (fixer: TSESLint.RuleFixer) => | ||
| paramterizeQueryFix( | ||
| { ruleContext: context }, | ||
| fixer, | ||
| totalPlaceholders, | ||
| query, | ||
| false, | ||
| valuesArray, | ||
| maybeNode | ||
| ), | ||
| }, | ||
| { | ||
| messageId: MessageIds.PARAMTERIZED_FIX_IDENTIFIERS, | ||
| fix: (fixer: TSESLint.RuleFixer) => | ||
| paramterizeQueryFix( | ||
| { ruleContext: context }, | ||
| fixer, | ||
| totalPlaceholders, | ||
| query, | ||
| true, | ||
| valuesArray, | ||
| maybeNode | ||
| ), | ||
| }, */, | ||
| ], | ||
@@ -145,35 +127,43 @@ }); | ||
| } | ||
| function* paramterizeQueryFix(ctx, fixer, totalPlaceholders, queryLocation, identifierFix, arrayNode, replaceNode) { | ||
| if (!replaceNode || !queryLocation) { | ||
| function* paramterizeQueryFix(ctx, fixer, escapeIdentifier, totalPlaceholders, queryNode, objNode, placeholderValuesNode, unsafeNode) { | ||
| if (!unsafeNode || escapeIdentifier.length === 0) { | ||
| return; | ||
| } | ||
| if (totalPlaceholders > 0 && !arrayNode) { | ||
| if (totalPlaceholders > 0 && !placeholderValuesNode) { | ||
| return; | ||
| } | ||
| // Since index starts counting from 0 and not 1, we can just set it to | ||
| // placeholders. | ||
| const index = totalPlaceholders; | ||
| const nodeText = ctx.ruleContext.getSourceCode().getText(replaceNode); | ||
| // Parameterization | ||
| if (identifierFix) { | ||
| yield fixer.replaceText(replaceNode, '"??"'); | ||
| const [startR, endR] = unsafeNode.range; | ||
| // If node is of the form ${adr}, we need to strip the ${} | ||
| if ((0, guards_1.isTemplateLiteral)(unsafeNode.parent)) { | ||
| yield fixer.replaceTextRange([startR - 2, endR + 1], escapeIdentifier); | ||
| } | ||
| else { | ||
| yield fixer.replaceText(replaceNode, '"?"'); | ||
| yield fixer.replaceTextRange([startR, endR], `"${escapeIdentifier}"`); | ||
| } | ||
| // No array | ||
| if (!arrayNode) { | ||
| yield fixer.insertTextAfter(queryLocation, ", [" + nodeText + "]"); | ||
| const nodeText = ctx.ruleContext.getSourceCode().getText(unsafeNode); | ||
| // No array and not in an object | ||
| // Create a new array for placeholder values | ||
| if (!placeholderValuesNode && !objNode) { | ||
| yield fixer.insertTextAfter(queryNode, ", [" + nodeText + "]"); | ||
| } | ||
| // If we need to replace an array element | ||
| else if (arrayNode.elements.length >= index) { | ||
| const elm = arrayNode.elements[index]; | ||
| if (!elm) { | ||
| return; | ||
| // No array and in an object | ||
| // Create a new array for placeholder values in the object | ||
| else if (!placeholderValuesNode && objNode) { | ||
| const rangeStart = objNode.range[1] - 1; | ||
| yield fixer.insertTextBeforeRange([rangeStart, 0], ", values: [" + nodeText + "] "); | ||
| } | ||
| // Existing placeholder array and existing element | ||
| // Overwrite the existing value on the placeholder spot | ||
| else if (placeholderValuesNode && | ||
| placeholderValuesNode.elements.length > totalPlaceholders) { | ||
| const overwriteNode = placeholderValuesNode.elements[totalPlaceholders]; | ||
| if (overwriteNode) { | ||
| yield fixer.replaceText(overwriteNode, nodeText); | ||
| } | ||
| yield fixer.insertTextBefore(elm, nodeText + ", "); | ||
| } | ||
| // Existing placeholder array | ||
| else if (arrayNode) { | ||
| const rangeEnd = arrayNode.range[1] - 1; | ||
| // Append to the end of the array | ||
| else if (placeholderValuesNode) { | ||
| const rangeEnd = placeholderValuesNode.range[1] - 1; | ||
| yield fixer.insertTextAfterRange([0, rangeEnd], ", " + nodeText); | ||
@@ -180,0 +170,0 @@ } |
@@ -75,11 +75,2 @@ "use strict"; | ||
| })); | ||
| if ((0, guards_1.isObjectExpression)(maybeNode)) { | ||
| for (const property of maybeNode.properties) { | ||
| if ((0, guards_1.isProperty)(property) && | ||
| (0, ast_utils_1.isIdentifier)(property.key) && | ||
| property.key.name === "sql") { | ||
| return isQuerySafe(context, property.value); | ||
| } | ||
| } | ||
| } | ||
| // Typescript is stupid and doesn't recognize the type of maybeNode :(! | ||
@@ -86,0 +77,0 @@ if ((0, guards_1.isNode)(maybeNode)) { |
@@ -148,3 +148,3 @@ "use strict"; | ||
| data: { | ||
| minVersion: advisoryFixedAt === null || advisoryFixedAt === void 0 ? void 0 : advisoryFixedAt.version, | ||
| minVersion: highestVulnerableVersion, | ||
| currentVersion: semverVersion, | ||
@@ -151,0 +151,0 @@ dependency, |
| { | ||
| "name": "eslint-plugin-security-rules", | ||
| "version": "0.6.9", | ||
| "version": "0.7.0", | ||
| "description": "ESLint security rules to help harden your project as early as possible.", | ||
@@ -5,0 +5,0 @@ "main": "./lib/index.js", |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.21%
702731
- Number of package files
- increased by0.29%
687
Worsened metrics
- Lines of code
- decreased by-0.12%
8956