eslint-plugin-sonarjs/cjs/S5742/rule.js

SonarJS rules for ESLint

"use strict";
/*
 * SonarQube JavaScript Plugin
 * Copyright (C) 2011-2025 SonarSource SA
 * mailto:info AT sonarsource DOT com
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the Sonar Source-Available License for more details.
 *
 * You should have received a copy of the Sonar Source-Available License
 * along with this program; if not, see https://sonarsource.com/license/ssal/
 */
// https://sonarsource.github.io/rspec/#/rspec/S5742/javascript
Object.defineProperty(exports, "__esModule", { value: true });
exports.rule = void 0;
const index_js_1 = require("../helpers/index.js");
const meta_js_1 = require("./meta.js");
const HELMET = 'helmet';
const EXPECT_CERTIFICATE_TRANSPARENCY = 'expectCt';
exports.rule = index_js_1.Express.SensitiveMiddlewarePropertyRule(findFalseCertificateTransparencyPropertyFromHelmet, `Make sure disabling Certificate Transparency monitoring is safe here.`, (0, index_js_1.generateMeta)(meta_js_1.meta, undefined, true));
/**
 * Looks for property `expectCt: false` in node looking
 * somewhat similar to `helmet(<options>?)`, and returns it.
 */
function findFalseCertificateTransparencyPropertyFromHelmet(context, node) {
    let sensitive;
    const { callee, arguments: args } = node;
    if ((0, index_js_1.getFullyQualifiedName)(context, callee) === HELMET &&
        args.length === 1 &&
        args[0].type === 'ObjectExpression') {
        sensitive = (0, index_js_1.getPropertyWithValue)(context, args[0], EXPECT_CERTIFICATE_TRANSPARENCY, false);
    }
    return sensitive ? [sensitive] : [];
}