tslint-config-security
Version:
TSLint security rules
45 lines (44 loc) • 2.07 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
var tslib_1 = require("tslib");
var Lint = require("tslint");
var ts = require("typescript");
var Rule = (function (_super) {
tslib_1.__extends(Rule, _super);
function Rule() {
return _super !== null && _super.apply(this, arguments) || this;
}
Rule.prototype.apply = function (sourceFile) {
return this.applyWithFunction(sourceFile, walk);
};
Rule.metadata = {
ruleName: 'tsr-detect-unsafe-cross-origin-communication',
description: 'Warns when postMessage() API is used with the target "*" (no preference)',
descriptionDetails: Lint.Utils.dedent(templateObject_1 || (templateObject_1 = tslib_1.__makeTemplateObject(["Any usage of postMessage() API with target \"*\" will trigger a warning.\n See https://github.com/webschik/tslint-config-security#tsr-detect-unsafe-cross-origin-communication"], ["Any usage of postMessage() API with target \"*\" will trigger a warning.\n See https://github.com/webschik/tslint-config-security#tsr-detect-unsafe-cross-origin-communication"]))),
optionsDescription: '',
options: null,
type: 'functionality',
requiresTypeInfo: false,
typescriptOnly: false
};
return Rule;
}(Lint.Rules.AbstractRule));
exports.Rule = Rule;
function walk(ctx) {
function visitNode(node) {
if (node.kind === ts.SyntaxKind.CallExpression) {
var _a = node, expression = _a.expression, args = _a.arguments;
var name = expression.name;
var _b = args || [], targetOrigin = _b[1];
if (name &&
targetOrigin &&
name.text === 'postMessage' &&
(targetOrigin.text || '').trim() === '*') {
ctx.addFailureAtNode(node, 'Found a wildcard keyword (*) in the targetOrigin argument');
}
}
return ts.forEachChild(node, visitNode);
}
return ts.forEachChild(ctx.sourceFile, visitNode);
}
var templateObject_1;