UNPKG

eslint-plugin-weblint-security

Version:

ESLint rules for enhanced security - even for React and Node.js!

github.com/MarkKragerup/weblint-eslint-security

101 lines (94 loc) 5.67 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
/** * @fileoverview Enforces consistent naming for boolean props * @author Mark Kragerup & Mathias Høyrup Nielsen */ 'use strict'; const RuleTester = require('eslint').RuleTester; const rule = require('../../lib/rules/standard/no_href_and_src_inline_xss'); const fs = require('fs'); const parser = require('../parser').BABEL_ESLINT; const ruleTester = new RuleTester({parser: parser}); ruleTester.run('no_href_and_src_inline_xss', rule, { valid: [ //valid src { code: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_src_tests/valid_src_safe_concat_binary.js', 'utf8'), }, { code: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_src_tests/fixed_src_safe_concat_w_unsafe_binary.js', 'utf8'), }, { code: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_src_tests/valid_src_safe_latest_reassignment.js', 'utf8'), }, { code: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_src_tests/valid_src_safe_string_in_variable.js', 'utf8'), }, { code: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_src_tests/valid_src_template_string_w_safe_var.js', 'utf8'), }, { code: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_src_tests/valid_src_unsafe_input_gets_escaped.js', 'utf8'), }, //valid href { code: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_href_tests/valid_href_safe_concat_binary.js', 'utf8'), }, { code: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_href_tests/valid_href_safe_latest_reassignment.js', 'utf8'), }, { code: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_href_tests/valid_href_safe_string_in_variable.js', 'utf8'), }, { code: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_href_tests/valid_href_template_string_w_safe_var.js', 'utf8'), }, { code: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_href_tests/valid_href_unsafe_input_gets_escaped.js', 'utf8'), }, ], // The fixer function is automatically tested, by match with the specified output file invalid: [ //invalid src attributes { code: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_src_tests/invalid_src_safe_concat_w_unsafe_binary.js', 'utf8'), errors: [{message: 'src property value might be XSS vulnerable'}], output: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_src_tests/fixed_src_safe_concat_w_unsafe_binary.js', 'utf8'), }, { code: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_src_tests/invalid_src_template_string_w_user_input.js', 'utf8'), errors: [{message: 'src property value might be XSS vulnerable'}], output: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_src_tests/fixed_src_template_string_w_user_input.js', 'utf8'), }, { code: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_src_tests/invalid_src_var_is_user_input.js', 'utf8'), errors: [{message: 'src property value might be XSS vulnerable'}], output: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_src_tests/fixed_src_var_is_user_input.js', 'utf8'), }, { code: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_src_tests/invalid_src_var_unsafe_reassign.js', 'utf8'), errors: [{message: 'src property value might be XSS vulnerable'}], output: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_src_tests/fixed_src_var_unsafe_reassign.js', 'utf8'), }, //invalid href attributes { code: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_href_tests/invalid_href_safe_concat_w_unsafe_binary.js', 'utf8'), errors: [{message: 'href property value might be XSS vulnerable'}], output: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_href_tests/fixed_href_safe_concat_w_unsafe_binary.js', 'utf8'), }, { code: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_href_tests/invalid_href_template_string_w_user_input.js', 'utf8'), errors: [{message: 'href property value might be XSS vulnerable'}], output: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_href_tests/fixed_href_template_string_w_user_input.js', 'utf8'), }, { code: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_href_tests/invalid_href_var_is_user_input.js', 'utf8'), errors: [{message: 'href property value might be XSS vulnerable'}], output: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_href_tests/fixed_href_var_is_user_input.js', 'utf8'), }, { code: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_href_tests/invalid_href_var_unsafe_reassign.js', 'utf8'), errors: [{message: 'href property value might be XSS vulnerable'}], output: fs.readFileSync('tests/test-files/no_href_and_src_inline_xss/no_href_tests/fixed_href_var_unsafe_reassign.js', 'utf8'), }, ], });