UNPKG

eslint-plugin-sonarjs

Version:

SonarJS rules for ESLint

github.com/SonarSource/SonarJS

SonarSource/SonarJS

91 lines (90 loc) 3.17 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.findPropagatedSetting = exports.getBucketProperty = exports.isS3BucketDeploymentConstructor = exports.isS3BucketConstructor = exports.S3BucketTemplate = void 0; const __1 = require(".."); const cdk_1 = require("./cdk"); /** * A rule template for AWS S3 Buckets * * The rule template allows to detect sensitive configuration passed on * the invocation of S3 Bucket's constructor from AWS CDK: * * ```new s3.Bucket(...)``` * * @param callback the callback invoked on visiting S3 Bucket's instantiation * @param meta the instantiated rule metadata * @returns the instantiated rule definition */ function S3BucketTemplate(callback, meta = {}) { return { meta, create(context) { return { NewExpression: (node) => { if (isS3BucketConstructor(context, node)) { callback(node, context); } }, }; }, }; } exports.S3BucketTemplate = S3BucketTemplate; /** * Detects S3 Bucket's constructor invocation from 'aws-cdk-lib/aws-s3': * * const s3 = require('aws-cdk-lib/aws-s3'); * new s3.Bucket(); */ function isS3BucketConstructor(context, node) { return (0, cdk_1.normalizeFQN)((0, __1.getFullyQualifiedName)(context, node)) === 'aws_cdk_lib.aws_s3.Bucket'; } exports.isS3BucketConstructor = isS3BucketConstructor; /** * Detects S3 BucketDeployment's constructor invocation from 'aws-cdk-lib/aws-s3-deployment': * * const s3 = require('aws-cdk-lib/aws-s3-deployment'); * new s3.BucketDeployment(); */ function isS3BucketDeploymentConstructor(context, node) { return ((0, cdk_1.normalizeFQN)((0, __1.getFullyQualifiedName)(context, node)) === 'aws_cdk_lib.aws_s3_deployment.BucketDeployment'); } exports.isS3BucketDeploymentConstructor = isS3BucketDeploymentConstructor; /** * Extracts a property from the configuration argument of S3 Bucket's constructor * * ``` * new s3.Bucket(_, _, { // config * key1: value1, * ... * keyN: valueN * }); * ``` * * @param context the rule context * @param bucket the invocation of S3 Bucket's constructor * @param key the key of the property to extract * @returns the extracted property */ function getBucketProperty(context, bucket, key) { const args = bucket.arguments; const optionsArg = args[2]; const options = (0, __1.getValueOfExpression)(context, optionsArg, 'ObjectExpression'); if (options == null) { return null; } return options.properties.find(property => (0, __1.isProperty)(property) && (0, __1.isIdentifier)(property.key, key)); } exports.getBucketProperty = getBucketProperty; /** * Finds the propagated setting of a sensitive property */ function findPropagatedSetting(sensitiveProperty, propagatedValue) { const isPropagatedProperty = sensitiveProperty.value !== propagatedValue; if (isPropagatedProperty) { return (0, __1.toSecondaryLocation)((0, __1.getNodeParent)(propagatedValue), 'Propagated setting.'); } return undefined; } exports.findPropagatedSetting = findPropagatedSetting;