@sun-asterisk/sunlint
Version:
☀️ SunLint - Multi-language static analysis tool for code quality and security | Sun* Engineering Standards
67 lines (61 loc) • 2.22 kB
JavaScript
/**
* ESLint Rule: S052 - Verify that the initial authentication code is generated by a secure random number generator, containing at least 20 bits of entropy (typically a six-digit random number is sufficient).
* Rule ID: custom/s052
* Description: Ensure that the initial authentication code is generated using a secure random number generator with at least 20 bits of entropy.
*/
;
module.exports = {
meta: {
type: "problem",
docs: {
description: "Ensure secure random number generation with sufficient entropy",
category: "Security",
recommended: true,
},
messages: {
insecureRandom: "Insecure random number generator detected.",
insufficientEntropy: "Insufficient entropy detected in crypto.randomInt. Ensure at least 20 bits of entropy.",
},
},
create(context) {
return {
CallExpression(node) {
// Check for insufficient entropy in crypto.randomInt
if (
node.callee.type === "MemberExpression" &&
node.callee.object.type === "Identifier" &&
node.callee.object.name === "crypto" &&
node.callee.property.type === "Identifier" &&
node.callee.property.name === "randomInt"
) {
const args = node.arguments;
if (args.length === 2 && args[0].type === "Literal" && args[1].type === "Literal") {
const min = args[0].value;
const max = args[1].value;
const range = max - min;
// Check if the range provides at least 20 bits of entropy
if (range < Math.pow(2, 20)) {
context.report({
node,
messageId: "insufficientEntropy",
});
}
}
}
// Check for calls to Math.random()
if (
node.callee.type === "MemberExpression" &&
node.callee.object.type === "Identifier" &&
node.callee.object.name === "Math" &&
node.callee.property.type === "Identifier" &&
node.callee.property.name === "random"
) {
context.report({
node,
messageId: "insecureRandom",
});
}
},
};
},
};