UNPKG

eslint-plugin-sonarjs

Version:

SonarJS rules for ESLint

github.com/SonarSource/SonarJS

SonarSource/SonarJS

76 lines (75 loc) 3.37 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
"use strict"; /* * SonarQube JavaScript Plugin * Copyright (C) 2011-2024 SonarSource SA * mailto:info AT sonarsource DOT com * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 3 of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ // https://sonarsource.github.io/rspec/#/rspec/S5734/javascript Object.defineProperty(exports, "__esModule", { value: true }); exports.rule = void 0; const helpers_1 = require("../helpers"); const meta_1 = require("./meta"); const HSTS = 'hsts'; const HELMET = 'helmet'; const MAX_AGE = 'maxAge'; const INCLUDE_SUB_DOMAINS = 'includeSubDomains'; const RECOMMENDED_MAX_AGE = 15552000; exports.rule = helpers_1.Express.SensitiveMiddlewarePropertyRule(findSensitiveTransportSecurityPolicyProperty, `Disabling Strict-Transport-Security policy is security-sensitive.`, (0, helpers_1.generateMeta)(meta_1.meta, undefined, true)); function findSensitiveTransportSecurityPolicyProperty(context, node) { const sensitiveFinders = [findSensitiveHsts, findSensitiveMaxAge, findSensitiveIncludeSubDomains]; const sensitives = []; const { callee, arguments: args } = node; if (args.length === 1 && args[0].type === 'ObjectExpression') { const [options] = args; for (const finder of sensitiveFinders) { const maybeSensitive = finder(context, callee, options); if (maybeSensitive) { sensitives.push(maybeSensitive); } } } return sensitives; } function findSensitiveHsts(context, middleware, options) { if ((0, helpers_1.getFullyQualifiedName)(context, middleware) === HELMET) { return (0, helpers_1.getPropertyWithValue)(context, options, HSTS, false); } return undefined; } function findSensitiveMaxAge(context, middleware, options) { if (isHstsMiddlewareNode(context, middleware)) { const maybeMaxAgeProperty = (0, helpers_1.getProperty)(options, MAX_AGE, context); if (maybeMaxAgeProperty) { const maybeMaxAgeValue = (0, helpers_1.getValueOfExpression)(context, maybeMaxAgeProperty.value, 'Literal'); if (typeof maybeMaxAgeValue?.value === 'number' && maybeMaxAgeValue.value < RECOMMENDED_MAX_AGE) { return maybeMaxAgeProperty; } } } return undefined; } function findSensitiveIncludeSubDomains(context, middleware, options) { if (isHstsMiddlewareNode(context, middleware)) { return (0, helpers_1.getPropertyWithValue)(context, options, INCLUDE_SUB_DOMAINS, false); } return undefined; } function isHstsMiddlewareNode(context, node) { const fqn = (0, helpers_1.getFullyQualifiedName)(context, node); return fqn === `${HELMET}.${HSTS}` || fqn === HSTS; }