UNPKG

tslint-microsoft-contrib

Version:

TSLint Rules for Microsoft

github.com/Microsoft/tslint-microsoft-contrib

Microsoft/tslint-microsoft-contrib

114 lines 4.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
"use strict"; var __extends = (this && this.__extends) || (function () { var extendStatics = function (d, b) { extendStatics = Object.setPrototypeOf || ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) || function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; }; return extendStatics(d, b); } return function (d, b) { extendStatics(d, b); function __() { this.constructor = d; } d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __()); }; })(); Object.defineProperty(exports, "__esModule", { value: true }); var ts = require("typescript"); var Lint = require("tslint"); var tsutils = require("tsutils"); var FAILURE_NOT_FOUND = 'An iframe element requires a sandbox attribute'; var FAILURE_INVALID_ENTRY = 'An iframe element defines an invalid sandbox attribute: '; var FAILURE_INVALID_COMBINATION = 'An iframe element defines a sandbox with both allow-scripts and allow-same-origin'; var ALLOWED_VALUES = [ '', 'allow-forms', 'allow-modals', 'allow-orientation-lock', 'allow-pointer-lock', 'allow-popups', 'allow-popups-to-escape-sandbox', 'allow-same-origin', 'allow-scripts', 'allow-top-navigation' ]; var Rule = (function (_super) { __extends(Rule, _super); function Rule() { return _super !== null && _super.apply(this, arguments) || this; } Rule.prototype.apply = function (sourceFile) { if (sourceFile.languageVariant === ts.LanguageVariant.JSX) { return this.applyWithFunction(sourceFile, walk); } return []; }; Rule.metadata = { ruleName: 'react-iframe-missing-sandbox', type: 'functionality', description: 'React iframes must specify a sandbox attribute', options: null, optionsDescription: '', typescriptOnly: true, issueClass: 'SDL', issueType: 'Error', severity: 'Critical', level: 'Opportunity for Excellence', group: 'Security', commonWeaknessEnumeration: '915' }; return Rule; }(Lint.Rules.AbstractRule)); exports.Rule = Rule; function walk(ctx) { function handleJsxOpeningElement(node) { if (node.tagName.getText() !== 'iframe') { return; } var sandboxAttributeFound = false; node.attributes.properties.forEach(function (attribute) { if (attribute.kind === ts.SyntaxKind.JsxAttribute) { var jsxAttribute = attribute; var attributeName = jsxAttribute.name.text; if (attributeName === 'sandbox') { sandboxAttributeFound = true; if (jsxAttribute.initializer !== undefined && jsxAttribute.initializer.kind === ts.SyntaxKind.StringLiteral) { validateSandboxValue(jsxAttribute.initializer); } } } }); if (!sandboxAttributeFound) { ctx.addFailureAt(node.getStart(), node.getWidth(), FAILURE_NOT_FOUND); } } function validateSandboxValue(node) { var values = node.text.split(' '); var allowScripts = false; var allowSameOrigin = false; values.forEach(function (attributeValue) { if (ALLOWED_VALUES.indexOf(attributeValue) === -1) { ctx.addFailureAt(node.getStart(), node.getWidth(), FAILURE_INVALID_ENTRY + attributeValue); } if (attributeValue === 'allow-scripts') { allowScripts = true; } if (attributeValue === 'allow-same-origin') { allowSameOrigin = true; } }); if (allowScripts && allowSameOrigin) { ctx.addFailureAt(node.getStart(), node.getWidth(), FAILURE_INVALID_COMBINATION); } } function cb(node) { if (tsutils.isJsxElement(node)) { handleJsxOpeningElement(node.openingElement); } else if (tsutils.isJsxSelfClosingElement(node)) { handleJsxOpeningElement(node); } return ts.forEachChild(node, cb); } return ts.forEachChild(ctx.sourceFile, cb); } //# sourceMappingURL=reactIframeMissingSandboxRule.js.map