UNPKG

tslint-config-security

Version:

TSLint security rules

github.com/webschik/tslint-config-security

webschik/tslint-config-security

55 lines (54 loc) • 2.48 kB

JavaScript

"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); var tslib_1 = require("tslib"); var Lint = require("tslint"); var ts = require("typescript"); var is_sql_query_1 = require("../is-sql-query"); var node_kind_1 = require("../node-kind"); var generalErrorMessage = 'Found possible SQL injection'; var Rule = (function (_super) { tslib_1.__extends(Rule, _super); function Rule() { return _super !== null && _super.apply(this, arguments) || this; } Rule.prototype.apply = function (sourceFile) { return this.applyWithFunction(sourceFile, walk); }; Rule.metadata = { ruleName: 'tsr-detect-sql-literal-injection', description: 'Warns when possible SQL injection is found', descriptionDetails: Lint.Utils.dedent(templateObject_1 || (templateObject_1 = tslib_1.__makeTemplateObject(["Any usage of the unsafe string concatenation in SQL queries\n will trigger a warning.\n See https://github.com/webschik/tslint-config-security#tsr-detect-sql-literal-injection"], ["Any usage of the unsafe string concatenation in SQL queries\n will trigger a warning.\n See https://github.com/webschik/tslint-config-security#tsr-detect-sql-literal-injection"]))), optionsDescription: '', options: null, type: 'functionality', requiresTypeInfo: false, typescriptOnly: false }; return Rule; }(Lint.Rules.AbstractRule)); exports.Rule = Rule; function walk(ctx) { function visitNode(node) { switch (node.kind) { case ts.SyntaxKind.TemplateExpression: { var parent = node.parent; if ((!parent || parent.kind !== ts.SyntaxKind.TaggedTemplateExpression) && is_sql_query_1.isSqlQuery(node.getText().slice(1, -1))) { ctx.addFailureAtNode(node, generalErrorMessage); } break; } case ts.SyntaxKind.BinaryExpression: { var left = node.left; if (left && node_kind_1.stringLiteralKinds.includes(left.kind) && is_sql_query_1.isSqlQuery(left.getText().slice(1, -1))) { ctx.addFailureAtNode(left, generalErrorMessage); } break; } default: } return ts.forEachChild(node, visitNode); } return ts.forEachChild(ctx.sourceFile, visitNode); } var templateObject_1;