tslint-config-security
Version:
TSLint security rules
47 lines (46 loc) • 2.22 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
var tslib_1 = require("tslib");
var Lint = require("tslint");
var ts = require("typescript");
var Rule = (function (_super) {
tslib_1.__extends(Rule, _super);
function Rule() {
return _super !== null && _super.apply(this, arguments) || this;
}
Rule.prototype.apply = function (sourceFile) {
return this.applyWithFunction(sourceFile, walk);
};
Rule.metadata = {
ruleName: 'tsr-detect-no-csrf-before-method-override',
description: 'Warns when csrf middleware for Express.js is setup before method-override middleware',
descriptionDetails: Lint.Utils.dedent(templateObject_1 || (templateObject_1 = tslib_1.__makeTemplateObject(["Any usage of express.csrf() middleware before\n express.methodOverride() will trigger a warning.\n See https://github.com/webschik/tslint-config-security#tsr-detect-no-csrf-before-method-override"], ["Any usage of express.csrf() middleware before\n express.methodOverride() will trigger a warning.\n See https://github.com/webschik/tslint-config-security#tsr-detect-no-csrf-before-method-override"]))),
optionsDescription: '',
options: null,
type: 'functionality',
requiresTypeInfo: false,
typescriptOnly: false
};
return Rule;
}(Lint.Rules.AbstractRule));
exports.Rule = Rule;
function walk(ctx) {
var isCsrfFound;
function visitNode(node) {
if (node.kind === ts.SyntaxKind.PropertyAccessExpression) {
var _a = node, name = _a.name, expression = _a.expression;
var nameText = name && name.text;
if (expression && expression.text === 'express') {
if (isCsrfFound && nameText === 'methodOverride') {
ctx.addFailureAtNode(node, 'express.csrf() middleware found before express.methodOverride()');
}
else if (nameText === 'csrf') {
isCsrfFound = true;
}
}
}
return ts.forEachChild(node, visitNode);
}
return ts.forEachChild(ctx.sourceFile, visitNode);
}
var templateObject_1;