UNPKG

@sun-asterisk/sunlint

Version:

☀️ SunLint - Multi-language static analysis tool for code quality and security | Sun* Engineering Standards

github.com/sun-asterisk/engineer-excellence/tree/main/coding-quality/extensions/sunlint

sun-asterisk/engineer-excellence

74 lines (65 loc) 1.71 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
/** * Custom ESLint rule: S058 – Detect possible SSRF via unvalidated user-controlled URLs * Rule ID: custom/s058 */ "use strict"; module.exports = { meta: { type: "problem", docs: { description: "Detect SSRF vulnerabilities via unvalidated user-controlled URLs", recommended: true, }, schema: [], messages: { ssrfRisk: "Possible SSRF: URL '{{url}}' comes from untrusted source. Validate or sanitize input.", }, }, create(context) { const riskySources = [ "req.body", "req.query", "req.params", "input", "form", ]; const riskyFunctions = [ "fetch", "axios.get", "axios.post", "axios.request", "http.request", "https.request", ]; function isUserInput(nodeText) { return riskySources.some((src) => nodeText.includes(src)); } function isHttpFunction(callee) { if (callee.type === "Identifier") return riskyFunctions.includes(callee.name); if (callee.type === "MemberExpression") { const fullName = `${callee.object.name}.${callee.property.name}`; return riskyFunctions.includes(fullName); } return false; } return { CallExpression(node) { const callee = node.callee; if (!isHttpFunction(callee)) return; const firstArg = node.arguments[0]; if (!firstArg) return; const argText = context.getSourceCode().getText(firstArg); if (isUserInput(argText)) { context.report({ node: firstArg, messageId: "ssrfRisk", data: { url: argText }, }); } }, }; }, };