UNPKG

eslint-plugin-sonarjs

Version:

SonarJS rules for ESLint

github.com/SonarSource/SonarJS/blob/master/packages/jsts/src/rules/README.md

SonarSource/SonarJS

50 lines (49 loc) 2.3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
"use strict"; /* * SonarQube JavaScript Plugin * Copyright (C) 2011-2025 SonarSource SA * mailto:info AT sonarsource DOT com * * This program is free software; you can redistribute it and/or * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the Sonar Source-Available License for more details. * * You should have received a copy of the Sonar Source-Available License * along with this program; if not, see https://sonarsource.com/license/ssal/ */ // https://sonarsource.github.io/rspec/#/rspec/S6245/javascript Object.defineProperty(exports, "__esModule", { value: true }); exports.rule = void 0; const index_js_1 = require("../helpers/index.js"); const meta_js_1 = require("./meta.js"); const ENCRYPTED_KEY = 'encryption'; const messages = { unencrypted: 'Objects in the bucket are not encrypted. Make sure it is safe here.', omitted: 'Omitting "encryption" disables server-side encryption. Make sure it is safe here.', }; exports.rule = (0, index_js_1.S3BucketTemplate)((bucket, context) => { const encryptedProperty = (0, index_js_1.getBucketProperty)(context, bucket, ENCRYPTED_KEY); if (encryptedProperty == null) { (0, index_js_1.report)(context, { message: messages['omitted'], node: bucket.callee, }); return; } const encryptedValue = (0, index_js_1.getValueOfExpression)(context, encryptedProperty.value, 'MemberExpression'); if (encryptedValue && isUnencrypted(encryptedValue)) { const propagated = (0, index_js_1.findPropagatedSetting)(encryptedProperty, encryptedValue); (0, index_js_1.report)(context, { message: messages['unencrypted'], node: encryptedProperty, }, propagated ? [propagated] : []); } function isUnencrypted(encrypted) { return ((0, index_js_1.normalizeFQN)((0, index_js_1.getFullyQualifiedName)(context, encrypted)) === 'aws_cdk_lib.aws_s3.BucketEncryption.UNENCRYPTED'); } }, (0, index_js_1.generateMeta)(meta_js_1.meta, undefined, true));