tslint-microsoft-contrib
Version:
TSLint Rules for Microsoft
58 lines • 2.33 kB
JavaScript
;
var __extends = (this && this.__extends) || (function () {
var extendStatics = function (d, b) {
extendStatics = Object.setPrototypeOf ||
({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };
return extendStatics(d, b);
}
return function (d, b) {
extendStatics(d, b);
function __() { this.constructor = d; }
d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
};
})();
Object.defineProperty(exports, "__esModule", { value: true });
var ts = require("typescript");
var Lint = require("tslint");
var tsutils = require("tsutils");
var AstUtils_1 = require("./utils/AstUtils");
var Rule = (function (_super) {
__extends(Rule, _super);
function Rule() {
return _super !== null && _super.apply(this, arguments) || this;
}
Rule.prototype.apply = function (sourceFile) {
return this.applyWithFunction(sourceFile, walk);
};
Rule.metadata = {
ruleName: 'no-disable-auto-sanitization',
type: 'maintainability',
description: 'Do not disable auto-sanitization of HTML because this opens up your page to an XSS attack. ',
options: null,
optionsDescription: '',
typescriptOnly: true,
issueClass: 'SDL',
issueType: 'Error',
severity: 'Critical',
level: 'Mandatory',
group: 'Security',
commonWeaknessEnumeration: '157, 159, 75, 79, 85, 749, 676'
};
Rule.FAILURE_STRING = 'Forbidden call to ';
return Rule;
}(Lint.Rules.AbstractRule));
exports.Rule = Rule;
function walk(ctx) {
function cb(node) {
if (tsutils.isCallExpression(node)) {
var functionName = AstUtils_1.AstUtils.getFunctionName(node);
if (functionName === 'execUnsafeLocalFunction' || functionName === 'setInnerHTMLUnsafe') {
ctx.addFailureAt(node.getStart(), node.getWidth(), Rule.FAILURE_STRING + functionName);
}
}
return ts.forEachChild(node, cb);
}
return ts.forEachChild(ctx.sourceFile, cb);
}
//# sourceMappingURL=noDisableAutoSanitizationRule.js.map