@microsoft/eslint-plugin-sdl
Version:
ESLint plugin focused on common security issues and misconfigurations discoverable during static testing as part of Microsoft Security Development Lifecycle (SDL)
38 lines (34 loc) • 1.01 kB
JavaScript
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
/**
* @fileoverview Rule to disallow MSApp.execUnsafeLocalFunction method call
* @author Antonios Katopodis
*/
;
module.exports = {
meta: {
type: "suggestion",
fixable: "code",
schema: [],
docs: {
description:
"Calls to [`MSApp.execUnsafeLocalFunction()`](https://docs.microsoft.com/en-us/previous-versions/hh772324(v=vs.85)) bypass script injection validation and should be avoided.",
url: "https://github.com/microsoft/eslint-plugin-sdl/blob/master/docs/rules/no-msapp-exec-unsafe.md"
},
messages: {
default: "Do not bypass script injection validation"
}
},
create: function (context) {
return {
"CallExpression[arguments.length=1][callee.object.name='MSApp'][callee.property.name='execUnsafeLocalFunction']"(
node
) {
context.report({
node: node,
messageId: "default"
});
}
};
}
};