UNPKG

tslint-microsoft-contrib/noDisableAutoSanitizationRule.js

Version:

2.56 kBJavaScriptView Raw

1"use strict";
2var __extends = (this && this.__extends) || (function () {
  var extendStatics = Object.setPrototypeOf ||
      ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
      function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };
  return function (d, b) {
      extendStatics(d, b);
      function __() { this.constructor = d; }
      d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
  };
11})();
12Object.defineProperty(exports, "__esModule", { value: true });
13var Lint = require("tslint");
14var ErrorTolerantWalker_1 = require("./utils/ErrorTolerantWalker");
15var AstUtils_1 = require("./utils/AstUtils");
16var Rule = (function (_super) {
  __extends(Rule, _super);
  function Rule() {
      return _super !== null && _super.apply(this, arguments) || this;
  }
  Rule.prototype.apply = function (sourceFile) {
      return this.applyWithWalker(new NoDisableAutoSanitizationWalker(sourceFile, this.getOptions()));
  };
  Rule.metadata = {
      ruleName: 'no-disable-auto-sanitization',
      type: 'maintainability',
      description: 'Do not disable auto-sanitization of HTML because this opens up your page to an XSS attack. ',
      options: null,
      optionsDescription: '',
      typescriptOnly: true,
      issueClass: 'SDL',
      issueType: 'Error',
      severity: 'Critical',
      level: 'Mandatory',
      group: 'Security',
      commonWeaknessEnumeration: '157, 159, 75, 79, 85, 749, 676'
  };
  Rule.FAILURE_STRING = 'Forbidden call to ';
  return Rule;
40}(Lint.Rules.AbstractRule));
41exports.Rule = Rule;
42var NoDisableAutoSanitizationWalker = (function (_super) {
  __extends(NoDisableAutoSanitizationWalker, _super);
  function NoDisableAutoSanitizationWalker() {
      return _super !== null && _super.apply(this, arguments) || this;
  }
  NoDisableAutoSanitizationWalker.prototype.visitCallExpression = function (node) {
      var functionName = AstUtils_1.AstUtils.getFunctionName(node);
      if (functionName === 'execUnsafeLocalFunction' || functionName === 'setInnerHTMLUnsafe') {
          this.addFailureAt(node.getStart(), node.getWidth(), Rule.FAILURE_STRING + functionName);
      }
      _super.prototype.visitCallExpression.call(this, node);
  };
  return NoDisableAutoSanitizationWalker;
55}(ErrorTolerantWalker_1.ErrorTolerantWalker));
56//# sourceMappingURL=noDisableAutoSanitizationRule.js.map
\No newline at end of file

1	`"use strict";`
2	`var __extends = (this && this.__extends) \|\| (function () {`
3	`var extendStatics = Object.setPrototypeOf \|\|`
4	`({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) \|\|`
5	`function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };`
6	`return function (d, b) {`
7	`extendStatics(d, b);`
8	`function __() { this.constructor = d; }`
9	`d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());`
10	`};`
11	`})();`
12	`Object.defineProperty(exports, "__esModule", { value: true });`
13	`var Lint = require("tslint");`
14	`var ErrorTolerantWalker_1 = require("./utils/ErrorTolerantWalker");`
15	`var AstUtils_1 = require("./utils/AstUtils");`
16	`var Rule = (function (_super) {`
17	`__extends(Rule, _super);`
18	`function Rule() {`
19	`return _super !== null && _super.apply(this, arguments) \|\| this;`
20	`}`
21	`Rule.prototype.apply = function (sourceFile) {`
22	`return this.applyWithWalker(new NoDisableAutoSanitizationWalker(sourceFile, this.getOptions()));`
23	`};`
24	`Rule.metadata = {`
25	`ruleName: 'no-disable-auto-sanitization',`
26	`type: 'maintainability',`
27	`description: 'Do not disable auto-sanitization of HTML because this opens up your page to an XSS attack. ',`
28	`options: null,`
29	`optionsDescription: '',`
30	`typescriptOnly: true,`
31	`issueClass: 'SDL',`
32	`issueType: 'Error',`
33	`severity: 'Critical',`
34	`level: 'Mandatory',`
35	`group: 'Security',`
36	`commonWeaknessEnumeration: '157, 159, 75, 79, 85, 749, 676'`
37	`};`
38	`Rule.FAILURE_STRING = 'Forbidden call to ';`
39	`return Rule;`
40	`}(Lint.Rules.AbstractRule));`
41	`exports.Rule = Rule;`
42	`var NoDisableAutoSanitizationWalker = (function (_super) {`
43	`__extends(NoDisableAutoSanitizationWalker, _super);`
44	`function NoDisableAutoSanitizationWalker() {`
45	`return _super !== null && _super.apply(this, arguments) \|\| this;`
46	`}`
47	`NoDisableAutoSanitizationWalker.prototype.visitCallExpression = function (node) {`
48	`var functionName = AstUtils_1.AstUtils.getFunctionName(node);`
49	`if (functionName === 'execUnsafeLocalFunction' \|\| functionName === 'setInnerHTMLUnsafe') {`
50	`this.addFailureAt(node.getStart(), node.getWidth(), Rule.FAILURE_STRING + functionName);`
51	`}`
52	`_super.prototype.visitCallExpression.call(this, node);`
53	`};`
54	`return NoDisableAutoSanitizationWalker;`
55	`}(ErrorTolerantWalker_1.ErrorTolerantWalker));`
56	`//# sourceMappingURL=noDisableAutoSanitizationRule.js.map`
\	No newline at end of file