eslint-plugin-sonarjs/cjs/S2255/rule.js

SonarJS rules for ESLint

"use strict";
/*
 * SonarQube JavaScript Plugin
 * Copyright (C) 2011-2025 SonarSource SA
 * mailto:info AT sonarsource DOT com
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the Sonar Source-Available License for more details.
 *
 * You should have received a copy of the Sonar Source-Available License
 * along with this program; if not, see https://sonarsource.com/license/ssal/
 */
// https://sonarsource.github.io/rspec/#/rspec/S2255/javascript
Object.defineProperty(exports, "__esModule", { value: true });
exports.rule = void 0;
const index_js_1 = require("../helpers/index.js");
const meta_js_1 = require("./meta.js");
exports.rule = {
    meta: (0, index_js_1.generateMeta)(meta_js_1.meta, {
        messages: {
            safeCookie: 'Make sure that cookie is written safely here.',
        },
    }),
    create(context) {
        let usingExpressFramework = false;
        return {
            Program() {
                // init flag for each file
                usingExpressFramework = false;
            },
            Literal(node) {
                if (node.value === 'express') {
                    usingExpressFramework = true;
                }
            },
            AssignmentExpression(node) {
                const { left } = node;
                if (left.type === 'MemberExpression') {
                    const { object, property } = left;
                    if ((0, index_js_1.isIdentifier)(object, 'document') && (0, index_js_1.isIdentifier)(property, 'cookie')) {
                        context.report({
                            messageId: 'safeCookie',
                            node: left,
                        });
                    }
                }
            },
            CallExpression(node) {
                const { callee, arguments: args } = node;
                if (callee.type === 'MemberExpression' &&
                    usingExpressFramework &&
                    (0, index_js_1.isIdentifier)(callee.property, 'cookie', 'cookies')) {
                    context.report({
                        messageId: 'safeCookie',
                        node,
                    });
                }
                if (callee.type === 'MemberExpression' &&
                    (0, index_js_1.isIdentifier)(callee.property, 'setHeader') &&
                    isLiteral(args[0], 'Set-Cookie')) {
                    context.report({
                        messageId: 'safeCookie',
                        node: callee,
                    });
                }
            },
        };
    },
};
function isLiteral(node, value) {
    return node && node.type === 'Literal' && node.value === value;
}