UNPKG

@sun-asterisk/sunlint

Version:

☀️ SunLint - Multi-language static analysis tool for code quality and security | Sun* Engineering Standards

github.com/sun-asterisk/engineer-excellence/tree/main/coding-quality/extensions/sunlint

sun-asterisk/engineer-excellence

71 lines (62 loc) 1.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
/** * Custom ESLint rule: S037 – Require anti-caching headers on responses */ "use strict"; module.exports = { meta: { type: "suggestion", docs: { description: "Ensure anti-cache headers are set to prevent sensitive data caching", recommended: true, }, schema: [], messages: { missingCacheHeader: "Missing anti-cache header for response '{{resName}}'. Consider setting 'Cache-Control: no-store'.", }, }, create(context) { // Track which response variables have Cache-Control: no-store/no-cache const secureResNames = new Set(); return { CallExpression(node) { const callee = node.callee; // Match res.setHeader('Cache-Control', '...') if ( callee.type === "MemberExpression" && callee.property.name === "setHeader" && node.arguments.length >= 2 && node.arguments[0].type === "Literal" && node.arguments[0].value === "Cache-Control" ) { const resVar = callee.object; const valNode = node.arguments[1]; if ( resVar.type === "Identifier" && valNode.type === "Literal" && typeof valNode.value === "string" && /no-store|no-cache/i.test(valNode.value) ) { secureResNames.add(resVar.name); } } // Match res.send / res.json / res.end if ( callee.type === "MemberExpression" && ["send", "json", "end"].includes(callee.property.name) && callee.object.type === "Identifier" ) { const resName = callee.object.name; if (!secureResNames.has(resName)) { context.report({ node, messageId: "missingCacheHeader", data: { resName }, }); } } }, }; }, };