UNPKG

eslint-plugin-security-node

Version:

Create a security plugin for node.js

github.com/gkouziik/eslint-plugin-security-node

gkouziik/eslint-plugin-security-node

60 lines (57 loc) 1.65 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
/** * @fileoverview detect log forging attack * @author Gkouziik */ 'use strict' const { getDocsUrl } = require('../utils') module.exports = { meta: { type: 'suggestion', messages: { msg: 'Detect console.log() with non Literal argument' }, docs: { description: 'detect log forging attack ', category: 'Possible Errors', recommended: false, url: getDocsUrl('detect-crlf') }, fixable: null }, create: function (context) { return { 'CallExpression': function (node) { if (node.callee.type === 'MemberExpression' && node.callee.hasOwnProperty('object')) { if (node.callee.object.name === 'console') { if (node.callee.hasOwnProperty('property') && node.callee.property.name === 'log') { if (node.arguments.length > 0) { var flag = false var start var end for (var i in node.arguments) { if (node.arguments[i].type !== 'Literal') { flag = true start = node.arguments[i].loc.start end = node.arguments[i].loc.end break } } // eslint-disable-next-line eqeqeq if (flag == true) { context.report({ node: node, messageId: 'msg', loc: { start: start, end: end } }) } } } } } } } } }