UNPKG

@pkgdeps/secretlint-rule-checksum

Version:

secretlint rule that check if checking checksum.

github.com/pkgdeps/unverified-checksum-checker/tree/master/packages/secretlint-rule-checksum/

pkgdeps/unverified-checksum-checker

84 lines (82 loc) 3.22 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
import { SecretLintRuleCreator, SecretLintSourceCode } from "@secretlint/types"; import { collectExecutableCommands } from "@pkgdeps/checksum-collector"; const isShellScript = (content: string): boolean => { return /^#!\/.*\/(sh|bash|zsh|tsh|)/.test(content); }; export const messages = { FOUND_UNVERIFIED_BINARY: { en: (props: { binary: string }) => `found unverified binary: ${props.binary}`, ja: (props: { binary: string }) => `チェックサムのチェックがされていないバイナリ(${props.binary})がみつかりました` } }; const hasVerifiedComment = (text: string, binaryName: string) => { // # {binaryName} is verified const match = text.match(/#(.*?)verified/); if (match) { return match[1].includes(binaryName); } return match; }; export type Options = { /** * Define allow binary name **/ allowBinaryNames?: string[]; }; export const creator: SecretLintRuleCreator<Options> = { messages, meta: { id: "@pkgdeps/secretlint-rule-checksum", recommended: true, type: "scanner", supportedContentTypes: ["text"], docs: { url: "https://github.com/pkgdeps/unverified-checksum-checker/blob/master/packages/secretlint-rule-checksum/README.md" } }, create(context, options) { const t = context.createTranslator(messages); return { file(source: SecretLintSourceCode) { if (!isShellScript(source.content)) { return; } try { const commands = collectExecutableCommands(source.content); commands.forEach((command) => { if (command.checked) { return; } if (options.allowBinaryNames?.includes(command.binary)) { return; } const currentLine = source.rangeToLocation(command.range); const ignoreCommentRange = source.locationToRange({ start: { line: currentLine.start.line - 1, column: 0 }, end: { line: currentLine.end.line + 1, column: 0 } }); const commentText = source.content.slice(ignoreCommentRange[0], ignoreCommentRange[1] + 1); if (hasVerifiedComment(commentText, command.binary)) { return; } context.report({ message: t("FOUND_UNVERIFIED_BINARY", { binary: command.binary }), range: command.range }); }); } catch (error) { console.error("parse error", error, source); } } }; } };