UNPKG

tslint-microsoft-contrib/reactIframeMissingSandboxRule.js

Version:

5.03 kBJavaScriptView Raw

1"use strict";
2var __extends = (this && this.__extends) || (function () {
  var extendStatics = Object.setPrototypeOf ||
      ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
      function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };
  return function (d, b) {
      extendStatics(d, b);
      function __() { this.constructor = d; }
      d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
  };
11})();
12Object.defineProperty(exports, "__esModule", { value: true });
13var ts = require("typescript");
14var Lint = require("tslint");
15var ErrorTolerantWalker_1 = require("./utils/ErrorTolerantWalker");
16var FAILURE_NOT_FOUND = 'An iframe element requires a sandbox attribute';
17var FAILURE_INVALID_ENTRY = 'An iframe element defines an invalid sandbox attribute: ';
18var FAILURE_INVALID_COMBINATION = 'An iframe element defines a sandbox with both allow-scripts and allow-same-origin';
19var ALLOWED_VALUES = [
  '',
  'allow-forms',
  'allow-modals',
  'allow-orientation-lock',
  'allow-pointer-lock',
  'allow-popups',
  'allow-popups-to-escape-sandbox',
  'allow-same-origin',
  'allow-scripts',
  'allow-top-navigation'
30];
31var Rule = (function (_super) {
  __extends(Rule, _super);
  function Rule() {
      return _super !== null && _super.apply(this, arguments) || this;
  }
  Rule.prototype.apply = function (sourceFile) {
      if (sourceFile.languageVariant === ts.LanguageVariant.JSX) {
          return this.applyWithWalker(new ReactIframeMissingSandboxRuleWalker(sourceFile, this.getOptions()));
      }
      else {
          return [];
      }
  };
  Rule.metadata = {
      ruleName: 'react-iframe-missing-sandbox',
      type: 'functionality',
      description: 'React iframes must specify a sandbox attribute',
      options: null,
      optionsDescription: '',
      typescriptOnly: true,
      issueClass: 'SDL',
      issueType: 'Error',
      severity: 'Critical',
      level: 'Opportunity for Excellence',
      group: 'Security',
      commonWeaknessEnumeration: '915'
  };
  return Rule;
59}(Lint.Rules.AbstractRule));
60exports.Rule = Rule;
61var ReactIframeMissingSandboxRuleWalker = (function (_super) {
  __extends(ReactIframeMissingSandboxRuleWalker, _super);
  function ReactIframeMissingSandboxRuleWalker() {
      return _super !== null && _super.apply(this, arguments) || this;
  }
  ReactIframeMissingSandboxRuleWalker.prototype.visitJsxElement = function (node) {
      this.handleJsxOpeningElement(node.openingElement);
      _super.prototype.visitJsxElement.call(this, node);
  };
  ReactIframeMissingSandboxRuleWalker.prototype.visitJsxSelfClosingElement = function (node) {
      this.handleJsxOpeningElement(node);
      _super.prototype.visitJsxSelfClosingElement.call(this, node);
  };
  ReactIframeMissingSandboxRuleWalker.prototype.handleJsxOpeningElement = function (node) {
      var _this = this;
      if (node.tagName.getText() !== 'iframe') {
          return;
      }
      var sandboxAttributeFound = false;
      node.attributes.properties.forEach(function (attribute) {
          if (attribute.kind === ts.SyntaxKind.JsxAttribute) {
              var jsxAttribute = attribute;
              var attributeName = jsxAttribute.name.text;
              if (attributeName === 'sandbox') {
                  sandboxAttributeFound = true;
                  if (jsxAttribute.initializer != null && jsxAttribute.initializer.kind === ts.SyntaxKind.StringLiteral) {
                      _this.validateSandboxValue(jsxAttribute.initializer);
                  }
              }
          }
      });
      if (!sandboxAttributeFound) {
          this.addFailureAt(node.getStart(), node.getWidth(), FAILURE_NOT_FOUND);
      }
  };
  ReactIframeMissingSandboxRuleWalker.prototype.validateSandboxValue = function (node) {
      var _this = this;
      var values = node.text.split(' ');
      var allowScripts = false;
      var allowSameOrigin = false;
      values.forEach(function (attributeValue) {
          if (ALLOWED_VALUES.indexOf(attributeValue) === -1) {
              _this.addFailureAt(node.getStart(), node.getWidth(), FAILURE_INVALID_ENTRY + attributeValue);
          }
          if (attributeValue === 'allow-scripts') {
              allowScripts = true;
          }
          if (attributeValue === 'allow-same-origin') {
              allowSameOrigin = true;
          }
      });
      if (allowScripts && allowSameOrigin) {
          this.addFailureAt(node.getStart(), node.getWidth(), FAILURE_INVALID_COMBINATION);
      }
  };
  return ReactIframeMissingSandboxRuleWalker;
117}(ErrorTolerantWalker_1.ErrorTolerantWalker));
118//# sourceMappingURL=reactIframeMissingSandboxRule.js.map
\No newline at end of file

1	`"use strict";`
2	`var __extends = (this && this.__extends) \|\| (function () {`
3	`var extendStatics = Object.setPrototypeOf \|\|`
4	`({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) \|\|`
5	`function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };`
6	`return function (d, b) {`
7	`extendStatics(d, b);`
8	`function __() { this.constructor = d; }`
9	`d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());`
10	`};`
11	`})();`
12	`Object.defineProperty(exports, "__esModule", { value: true });`
13	`var ts = require("typescript");`
14	`var Lint = require("tslint");`
15	`var ErrorTolerantWalker_1 = require("./utils/ErrorTolerantWalker");`
16	`var FAILURE_NOT_FOUND = 'An iframe element requires a sandbox attribute';`
17	`var FAILURE_INVALID_ENTRY = 'An iframe element defines an invalid sandbox attribute: ';`
18	`var FAILURE_INVALID_COMBINATION = 'An iframe element defines a sandbox with both allow-scripts and allow-same-origin';`
19	`var ALLOWED_VALUES = [`
20	`'',`
21	`'allow-forms',`
22	`'allow-modals',`
23	`'allow-orientation-lock',`
24	`'allow-pointer-lock',`
25	`'allow-popups',`
26	`'allow-popups-to-escape-sandbox',`
27	`'allow-same-origin',`
28	`'allow-scripts',`
29	`'allow-top-navigation'`
30	`];`
31	`var Rule = (function (_super) {`
32	`__extends(Rule, _super);`
33	`function Rule() {`
34	`return _super !== null && _super.apply(this, arguments) \|\| this;`
35	`}`
36	`Rule.prototype.apply = function (sourceFile) {`
37	`if (sourceFile.languageVariant === ts.LanguageVariant.JSX) {`
38	`return this.applyWithWalker(new ReactIframeMissingSandboxRuleWalker(sourceFile, this.getOptions()));`
39	`}`
40	`else {`
41	`return [];`
42	`}`
43	`};`
44	`Rule.metadata = {`
45	`ruleName: 'react-iframe-missing-sandbox',`
46	`type: 'functionality',`
47	`description: 'React iframes must specify a sandbox attribute',`
48	`options: null,`
49	`optionsDescription: '',`
50	`typescriptOnly: true,`
51	`issueClass: 'SDL',`
52	`issueType: 'Error',`
53	`severity: 'Critical',`
54	`level: 'Opportunity for Excellence',`
55	`group: 'Security',`
56	`commonWeaknessEnumeration: '915'`
57	`};`
58	`return Rule;`
59	`}(Lint.Rules.AbstractRule));`
60	`exports.Rule = Rule;`
61	`var ReactIframeMissingSandboxRuleWalker = (function (_super) {`
62	`__extends(ReactIframeMissingSandboxRuleWalker, _super);`
63	`function ReactIframeMissingSandboxRuleWalker() {`
64	`return _super !== null && _super.apply(this, arguments) \|\| this;`
65	`}`
66	`ReactIframeMissingSandboxRuleWalker.prototype.visitJsxElement = function (node) {`
67	`this.handleJsxOpeningElement(node.openingElement);`
68	`_super.prototype.visitJsxElement.call(this, node);`
69	`};`
70	`ReactIframeMissingSandboxRuleWalker.prototype.visitJsxSelfClosingElement = function (node) {`
71	`this.handleJsxOpeningElement(node);`
72	`_super.prototype.visitJsxSelfClosingElement.call(this, node);`
73	`};`
74	`ReactIframeMissingSandboxRuleWalker.prototype.handleJsxOpeningElement = function (node) {`
75	`var _this = this;`
76	`if (node.tagName.getText() !== 'iframe') {`
77	`return;`
78	`}`
79	`var sandboxAttributeFound = false;`
80	`node.attributes.properties.forEach(function (attribute) {`
81	`if (attribute.kind === ts.SyntaxKind.JsxAttribute) {`
82	`var jsxAttribute = attribute;`
83	`var attributeName = jsxAttribute.name.text;`
84	`if (attributeName === 'sandbox') {`
85	`sandboxAttributeFound = true;`
86	`if (jsxAttribute.initializer != null && jsxAttribute.initializer.kind === ts.SyntaxKind.StringLiteral) {`
87	`_this.validateSandboxValue(jsxAttribute.initializer);`
88	`}`
89	`}`
90	`}`
91	`});`
92	`if (!sandboxAttributeFound) {`
93	`this.addFailureAt(node.getStart(), node.getWidth(), FAILURE_NOT_FOUND);`
94	`}`
95	`};`
96	`ReactIframeMissingSandboxRuleWalker.prototype.validateSandboxValue = function (node) {`
97	`var _this = this;`
98	`var values = node.text.split(' ');`
99	`var allowScripts = false;`
100	`var allowSameOrigin = false;`
101	`values.forEach(function (attributeValue) {`
102	`if (ALLOWED_VALUES.indexOf(attributeValue) === -1) {`
103	`_this.addFailureAt(node.getStart(), node.getWidth(), FAILURE_INVALID_ENTRY + attributeValue);`
104	`}`
105	`if (attributeValue === 'allow-scripts') {`
106	`allowScripts = true;`
107	`}`
108	`if (attributeValue === 'allow-same-origin') {`
109	`allowSameOrigin = true;`
110	`}`
111	`});`
112	`if (allowScripts && allowSameOrigin) {`
113	`this.addFailureAt(node.getStart(), node.getWidth(), FAILURE_INVALID_COMBINATION);`
114	`}`
115	`};`
116	`return ReactIframeMissingSandboxRuleWalker;`
117	`}(ErrorTolerantWalker_1.ErrorTolerantWalker));`
118	`//# sourceMappingURL=reactIframeMissingSandboxRule.js.map`
\	No newline at end of file