UNPKG

tslint-microsoft-contrib/insecureRandomRule.js

Version:

2.69 kBJavaScriptView Raw

1"use strict";
2var __extends = (this && this.__extends) || (function () {
  var extendStatics = Object.setPrototypeOf ||
      ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
      function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };
  return function (d, b) {
      extendStatics(d, b);
      function __() { this.constructor = d; }
      d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
  };
11})();
12Object.defineProperty(exports, "__esModule", { value: true });
13var Lint = require("tslint");
14var ErrorTolerantWalker_1 = require("./utils/ErrorTolerantWalker");
15var MATH_FAIL_STRING = 'Math.random produces insecure random numbers. ' +
  'Use crypto.randomBytes() or window.crypto.getRandomValues() instead';
17var NODE_FAIL_STRING = 'crypto.pseudoRandomBytes produces insecure random numbers. ' +
  'Use crypto.randomBytes() instead';
19var Rule = (function (_super) {
  __extends(Rule, _super);
  function Rule() {
      return _super !== null && _super.apply(this, arguments) || this;
  }
  Rule.prototype.apply = function (sourceFile) {
      return this.applyWithWalker(new InsecureRandomRuleWalker(sourceFile, this.getOptions()));
  };
  Rule.metadata = {
      ruleName: 'insecure-random',
      type: 'functionality',
      description: 'Do not use insecure sources for random bytes',
      options: null,
      optionsDescription: '',
      typescriptOnly: true,
      issueClass: 'SDL',
      issueType: 'Error',
      severity: 'Important',
      level: 'Opportunity for Excellence',
      group: 'Security',
      commonWeaknessEnumeration: '330'
  };
  return Rule;
42}(Lint.Rules.AbstractRule));
43exports.Rule = Rule;
44var InsecureRandomRuleWalker = (function (_super) {
  __extends(InsecureRandomRuleWalker, _super);
  function InsecureRandomRuleWalker() {
      return _super !== null && _super.apply(this, arguments) || this;
  }
  InsecureRandomRuleWalker.prototype.visitPropertyAccessExpression = function (node) {
      if (node.expression.getText() === 'Math' && node.name.text === 'random') {
          this.addFailureAt(node.getStart(), node.getWidth(), MATH_FAIL_STRING);
      }
      else if (node.name.text === 'pseudoRandomBytes') {
          this.addFailureAt(node.getStart(), node.getWidth(), NODE_FAIL_STRING);
      }
      _super.prototype.visitPropertyAccessExpression.call(this, node);
  };
  return InsecureRandomRuleWalker;
59}(ErrorTolerantWalker_1.ErrorTolerantWalker));
60//# sourceMappingURL=insecureRandomRule.js.map
\No newline at end of file

1	`"use strict";`
2	`var __extends = (this && this.__extends) \|\| (function () {`
3	`var extendStatics = Object.setPrototypeOf \|\|`
4	`({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) \|\|`
5	`function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };`
6	`return function (d, b) {`
7	`extendStatics(d, b);`
8	`function __() { this.constructor = d; }`
9	`d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());`
10	`};`
11	`})();`
12	`Object.defineProperty(exports, "__esModule", { value: true });`
13	`var Lint = require("tslint");`
14	`var ErrorTolerantWalker_1 = require("./utils/ErrorTolerantWalker");`
15	`var MATH_FAIL_STRING = 'Math.random produces insecure random numbers. ' +`
16	`'Use crypto.randomBytes() or window.crypto.getRandomValues() instead';`
17	`var NODE_FAIL_STRING = 'crypto.pseudoRandomBytes produces insecure random numbers. ' +`
18	`'Use crypto.randomBytes() instead';`
19	`var Rule = (function (_super) {`
20	`__extends(Rule, _super);`
21	`function Rule() {`
22	`return _super !== null && _super.apply(this, arguments) \|\| this;`
23	`}`
24	`Rule.prototype.apply = function (sourceFile) {`
25	`return this.applyWithWalker(new InsecureRandomRuleWalker(sourceFile, this.getOptions()));`
26	`};`
27	`Rule.metadata = {`
28	`ruleName: 'insecure-random',`
29	`type: 'functionality',`
30	`description: 'Do not use insecure sources for random bytes',`
31	`options: null,`
32	`optionsDescription: '',`
33	`typescriptOnly: true,`
34	`issueClass: 'SDL',`
35	`issueType: 'Error',`
36	`severity: 'Important',`
37	`level: 'Opportunity for Excellence',`
38	`group: 'Security',`
39	`commonWeaknessEnumeration: '330'`
40	`};`
41	`return Rule;`
42	`}(Lint.Rules.AbstractRule));`
43	`exports.Rule = Rule;`
44	`var InsecureRandomRuleWalker = (function (_super) {`
45	`__extends(InsecureRandomRuleWalker, _super);`
46	`function InsecureRandomRuleWalker() {`
47	`return _super !== null && _super.apply(this, arguments) \|\| this;`
48	`}`
49	`InsecureRandomRuleWalker.prototype.visitPropertyAccessExpression = function (node) {`
50	`if (node.expression.getText() === 'Math' && node.name.text === 'random') {`
51	`this.addFailureAt(node.getStart(), node.getWidth(), MATH_FAIL_STRING);`
52	`}`
53	`else if (node.name.text === 'pseudoRandomBytes') {`
54	`this.addFailureAt(node.getStart(), node.getWidth(), NODE_FAIL_STRING);`
55	`}`
56	`_super.prototype.visitPropertyAccessExpression.call(this, node);`
57	`};`
58	`return InsecureRandomRuleWalker;`
59	`}(ErrorTolerantWalker_1.ErrorTolerantWalker));`
60	`//# sourceMappingURL=insecureRandomRule.js.map`
\	No newline at end of file