UNPKG

eslint-plugin-security-node

Version:

Create a security plugin for node.js

github.com/gkouziik/eslint-plugin-security-node

gkouziik/eslint-plugin-security-node

80 lines (72 loc) 2.01 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
/** * @fileoverview detect possible timing attacks * @author gkouziik */ 'use strict' const { getDocsUrl } = require('../utils') module.exports = { meta: { type: 'suggestion', messages: { msgLeft: 'Potential timing attack, left side: {{identifier}}', msgRight: 'Potential timing attack, right side: {{identifier}}' }, docs: { description: 'detect possible timing attacks', category: 'Possible Errors', recommended: true, url: getDocsUrl('detect-possible-timing-attacks') }, fixable: null }, create: function (context) { var keywords = '((' + [ 'password', 'secret', 'api', 'apiKey', 'token', 'auth', 'pass', 'hash' ].join(')|(') + '))' var re = new RegExp('^' + keywords + '$', 'im') function containsKeyword (node) { if (node.type === 'Identifier') { if (re.test(node.name)) { return true } } } return { 'IfStatement': function (node) { if (node.test && node.test.type === 'BinaryExpression') { if (node.test.operator === '==' || node.test.operator === '===' || node.test.operator === '!=' || node.test.operator === '!==') { if (node.test.left) { var left = containsKeyword(node.test.left) if (left) { return context.report({ node: node, messageId: 'msgLeft', data: { identifier: node.test.left.name } }) } } if (node.test.right) { var right = containsKeyword(node.test.right) if (right) { return context.report({ node: node, messageId: 'msgRight', data: { identifier: node.test.right.name } }) } } } } } } } }