UNPKG

isml-linter

Version:

ISML Linter is a tool for examining if your project's templates follow a specified set of rules defined by your dev team. The available rules can be roughly grouped into:

github.com/FabiowQuixada/isml-linter

FabiowQuixada/isml-linter

86 lines (62 loc) 2.41 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
const TreeRulePrototype = require('../prototypes/TreeRulePrototype'); const ConfigUtils = require('../../util/ConfigUtils'); const ruleId = require('path').basename(__filename).slice(0, -3); const description = 'This code introduces a security risk'; const Rule = Object.create(TreeRulePrototype); // Rule options; const REVERSE_TABNABBING = 'prevent-reverse-tabnabbing'; Rule.init(ruleId, description); Rule.getDefaultAttrs = () => { const result = {}; result[REVERSE_TABNABBING] = true; return result; }; Rule.isBroken = function(node) { const config = this.getConfigs(); const errorList = []; if (config[REVERSE_TABNABBING]) { const tabNabbingResult = checkReverseTabNabbing(node); if (tabNabbingResult) { errorList.push(tabNabbingResult); } } return errorList; }; Rule.check = function(node, data) { const config = ConfigUtils.load(); const occurrenceList = this.checkChildren(node, data); const errorMessageList = this.isBroken(node); for (let i = 0; i < errorMessageList.length; i++) { const error = this.getError( node.head.trim(), node.lineNumber, node.columnNumber, node.globalPos, node.head.trim().length, errorMessageList[i] ); occurrenceList.push(error); } return this.return(node, occurrenceList, config); }; const checkReverseTabNabbing = node => { if (node.isOfType('a')) { const attributeList = node.getAttributeList(); let hasTargetBlankAttribute = false; let hasRelNoOpenerAttribute = false; for (let i = 0; i < attributeList.length; i++) { const attribute = attributeList[i]; if (attribute.name === 'target' && attribute.value === '_blank') { hasTargetBlankAttribute = true; } if (attribute.name === 'rel' && attribute.value.indexOf('noopener') >= 0) { hasRelNoOpenerAttribute = true; } } if (hasTargetBlankAttribute && !hasRelNoOpenerAttribute) { return 'Potential reverse tabnabbing security hole detected. Consider adding \'rel="noopener"\''; } } return null; }; module.exports = Rule;