UNPKG

@sun-asterisk/sunlint

Version:

☀️ SunLint - Multi-language static analysis tool for code quality and security | Sun* Engineering Standards

github.com/sun-asterisk/engineer-excellence/tree/main/coding-quality/extensions/sunlint

sun-asterisk/engineer-excellence

47 lines (43 loc) 1.27 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
"use strict"; /** * S045 – Anti Automation Controls * OWASP ASVS 2.2.1 * Ensure that anti-automation controls are in place to mitigate brute force and automated attacks. */ module.exports = { meta: { type: "problem", docs: { description: "Ensure anti-automation controls are in place (rate limiting, CAPTCHA, account lockout, etc.).", recommended: true, }, schema: [], messages: { noAntiAutomation: "Missing or ineffective anti-automation controls. Consider rate limiting, CAPTCHA, or account lockout.", }, }, create(context) { return { CallExpression(node) { // Check for missing rate limiter middleware in Express apps (demo only) if ( node.callee.type === "Identifier" && node.callee.name === "app" && node.parent && node.parent.type === "ExpressionStatement" && node.arguments.length && node.arguments[0].type === "Literal" && node.arguments[0].value === "/login" ) { // This is a simplified check; real implementation should be more robust context.report({ node, messageId: "noAntiAutomation", }); } }, }; }, };