UNPKG

eslint-plugin-sonarjs

Version:

SonarJS rules for ESLint

github.com/SonarSource/SonarJS/blob/master/packages/jsts/src/rules/README.md

SonarSource/SonarJS

76 lines (75 loc) 2.83 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
"use strict"; /* * SonarQube JavaScript Plugin * Copyright (C) 2011-2025 SonarSource SA * mailto:info AT sonarsource DOT com * * This program is free software; you can redistribute it and/or * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the Sonar Source-Available License for more details. * * You should have received a copy of the Sonar Source-Available License * along with this program; if not, see https://sonarsource.com/license/ssal/ */ // https://sonarsource.github.io/rspec/#/rspec/S4790/javascript Object.defineProperty(exports, "__esModule", { value: true }); exports.rule = void 0; const index_js_1 = require("../helpers/index.js"); const meta_js_1 = require("./meta.js"); const message = 'Make sure this weak hash algorithm is not used in a sensitive context here.'; const CRYPTO_UNSECURE_HASH_ALGORITHMS = new Set([ 'md2', 'md4', 'md5', 'md6', 'haval128', 'hmacmd5', 'dsa', 'ripemd', 'ripemd128', 'ripemd160', 'hmacripemd160', 'sha1', ]); const SUBTLE_UNSECURE_HASH_ALGORITHMS = new Set(['sha-1']); exports.rule = { meta: (0, index_js_1.generateMeta)(meta_js_1.meta), create(context) { function checkNodejsCrypto(fqn, node) { // crypto#createHash const { callee, arguments: args } = node; if (fqn === 'crypto.createHash') { checkUnsecureAlgorithm(callee, args[0], CRYPTO_UNSECURE_HASH_ALGORITHMS); } } function checkSubtleCrypto(fqn, node) { // crypto.subtle#digest const { callee, arguments: args } = node; if (fqn === 'crypto.subtle.digest') { checkUnsecureAlgorithm(callee, args[0], SUBTLE_UNSECURE_HASH_ALGORITHMS); } } function checkUnsecureAlgorithm(method, hash, unsecureAlgorithms) { const hashAlgorithm = (0, index_js_1.getUniqueWriteUsageOrNode)(context, hash); if ((0, index_js_1.isStringLiteral)(hashAlgorithm) && unsecureAlgorithms.has(hashAlgorithm.value.toLocaleLowerCase())) { context.report({ message, node: method, }); } } return { 'CallExpression[arguments.length > 0]': (node) => { const callExpr = node; const fqn = (0, index_js_1.getFullyQualifiedName)(context, callExpr); checkNodejsCrypto(fqn, callExpr); checkSubtleCrypto(fqn, callExpr); }, }; }, };