UNPKG

eslint-plugin-sonarjs

Version:

SonarJS rules for ESLint

github.com/SonarSource/SonarJS/blob/master/packages/jsts/src/rules/README.md

SonarSource/SonarJS

67 lines (66 loc) 3.07 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
"use strict"; /* * SonarQube JavaScript Plugin * Copyright (C) 2011-2025 SonarSource SA * mailto:info AT sonarsource DOT com * * This program is free software; you can redistribute it and/or * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the Sonar Source-Available License for more details. * * You should have received a copy of the Sonar Source-Available License * along with this program; if not, see https://sonarsource.com/license/ssal/ */ // https://sonarsource.github.io/rspec/#/rspec/S4830/javascript Object.defineProperty(exports, "__esModule", { value: true }); exports.rule = void 0; const index_js_1 = require("../helpers/index.js"); const meta_js_1 = require("./meta.js"); exports.rule = { meta: (0, index_js_1.generateMeta)(meta_js_1.meta, undefined, true), create(context) { const MESSAGE = 'Enable server certificate validation on this SSL/TLS connection.'; const SECONDARY_MESSAGE = 'Set "rejectUnauthorized" to "true".'; function checkSensitiveArgument(callExpression, sensitiveArgumentIndex) { if (callExpression.arguments.length < sensitiveArgumentIndex + 1) { return; } const sensitiveArgument = callExpression.arguments[sensitiveArgumentIndex]; const secondaryLocations = []; const argumentValue = (0, index_js_1.getValueOfExpression)(context, sensitiveArgument, 'ObjectExpression'); if (!argumentValue) { return; } if (sensitiveArgument !== argumentValue) { secondaryLocations.push((0, index_js_1.toSecondaryLocation)(argumentValue)); } const unsafeRejectUnauthorizedConfiguration = (0, index_js_1.getPropertyWithValue)(context, argumentValue, 'rejectUnauthorized', false); if (unsafeRejectUnauthorizedConfiguration) { secondaryLocations.push((0, index_js_1.toSecondaryLocation)(unsafeRejectUnauthorizedConfiguration, SECONDARY_MESSAGE)); (0, index_js_1.report)(context, { node: callExpression.callee, message: MESSAGE, }, secondaryLocations); } } return { CallExpression: (node) => { const callExpression = node; const fqn = (0, index_js_1.getFullyQualifiedName)(context, callExpression); if (fqn === 'https.request') { checkSensitiveArgument(callExpression, 0); } if (fqn === 'request.get') { checkSensitiveArgument(callExpression, 0); } if (fqn === 'tls.connect') { checkSensitiveArgument(callExpression, 2); } }, }; }, };