@regele/devtools
Version:
A collection of developer utilities for code processing and text analysis
64 lines (63 loc) • 2.14 kB
TypeScript
import * as parser from '@babel/parser';
import * as t from '@babel/types';
import { Rule } from '../rule';
import { CategoryType, CodeFinding, SeverityLevel } from '../../types';
/**
* Rule to detect dangerous use of innerHTML
*/
export declare class DangerousInnerHTMLRule extends Rule {
readonly id = "security-dangerous-innerhtml";
readonly name = "Dangerous innerHTML";
readonly description = "Detects potentially dangerous use of innerHTML and similar DOM APIs";
readonly category = CategoryType.Security;
readonly defaultSeverity = SeverityLevel.Error;
readonly requiresAST = true;
private readonly dangerousProperties;
private readonly reactDangerousProps;
private readonly sanitizationFunctions;
/**
* Apply the rule to the given code
*
* @param code - Source code
* @param ast - Parsed AST
* @param filePath - Path to the file
* @returns Array of findings
*/
apply(code: string, ast: parser.ParseResult<t.File>, filePath: string): CodeFinding[];
/**
* Check if a string contains dynamic content (variables, etc.)
*
* @param str - String to check
* @returns True if the string contains dynamic content
*/
private containsDynamicContent;
/**
* Check if a node is sanitized
*
* @param node - AST node
* @returns True if the node is sanitized
*/
private isSanitized;
/**
* Generate a suggestion for safer alternatives
*
* @param _ - Original code (unused)
* @param propertyName - Name of the dangerous property
* @returns Suggested code
*/
protected generateSuggestion(_: string, propertyName?: string): string;
/**
* Generate a suggestion for React's dangerouslySetInnerHTML
*
* @param _ - Original code (unused)
* @returns Suggested code
*/
protected generateReactSuggestion(_: string): string;
/**
* Get the name of the function containing this code
*
* @param path - AST path
* @returns Function name or undefined
*/
protected getFunctionName(path: any): string | undefined;
}