UNPKG

eslint-plugin-security-node

Version:

Create a security plugin for node.js

github.com/gkouziik/eslint-plugin-security-node

gkouziik/eslint-plugin-security-node

38 lines (33 loc) 2.11 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
/** * @fileoverview detect security missconfiguration in express cookie * @author Gkouziik */ 'use strict' var rule = require('../../../lib/rules/detect-security-missconfiguration-cookie') var RuleTester = require('eslint').RuleTester const ERROR_MSG = 'detect absence of option cookie:secure in cookie express-session' const validWithCookie = 'var session = require("express-session"); app.use(session({store: new RedisStore({host: "localhost",port: 6379,db: 2,pass: "funky password here",ttl: (20 * 60)}),key: "id",secret: "this is a nice secret",resave: false,saveUninitialized: true,cookie: {domain: "secure.example.com", secure: true, path: "/",httpOnly: true, maxAge: null}}));' const invalidWithSecureFalse = 'var session = require("express-session"); app.use(session({store: new RedisStore({host: "localhost",port: 6379,db: 2,pass: "funky password here",ttl: (20 * 60)}),key: "id",secret: "this is a nice secret",resave: false,saveUninitialized: true,cookie: {domain: "secure.example.com", secure: false, path: "/",httpOnly: true, maxAge: null}}));' const validWithoutCookie = 'var session = require("express-session"); app.use(session({store: new RedisStore({host: "localhost",port: 6379,db: 2,pass: "funky password here",ttl: (20 * 60)}),key: "id",secret: "this is a nice secret",resave: false,saveUninitialized: true,}));' const invalidWithoutSecureOption = 'var session = require("express-session"); app.use(session({store: new RedisStore({host: "localhost",port: 6379,db: 2,pass: "funky password here",ttl: (20 * 60)}),key: "id",secret: "this is a nice secret",resave: false,saveUninitialized: true,cookie: {domain: "secure.example.com",path: "/",httpOnly: true,maxAge: null}}));' var ruleTester = new RuleTester() ruleTester.run('detect-security-missconfiguration-cookie', rule, { valid: [ { code: validWithCookie }, { code: validWithoutCookie } ], invalid: [ { code: invalidWithSecureFalse, errors: [{ message: ERROR_MSG }] }, { code: invalidWithoutSecureOption, errors: [{ message: ERROR_MSG }] } ] })