| 1 | "use strict";
|
| 2 | var __extends = (this && this.__extends) || (function () {
|
| 3 | var extendStatics = Object.setPrototypeOf ||
|
| 4 | ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
|
| 5 | function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };
|
| 6 | return function (d, b) {
|
| 7 | extendStatics(d, b);
|
| 8 | function __() { this.constructor = d; }
|
| 9 | d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
|
| 10 | };
|
| 11 | })();
|
| 12 | Object.defineProperty(exports, "__esModule", { value: true });
|
| 13 | var ts = require("typescript");
|
| 14 | var Lint = require("tslint");
|
| 15 | var ErrorTolerantWalker_1 = require("./utils/ErrorTolerantWalker");
|
| 16 | var Utils_1 = require("./utils/Utils");
|
| 17 | var Rule = (function (_super) {
|
| 18 | __extends(Rule, _super);
|
| 19 | function Rule() {
|
| 20 | return _super !== null && _super.apply(this, arguments) || this;
|
| 21 | }
|
| 22 | Rule.prototype.apply = function (sourceFile) {
|
| 23 | return this.applyWithWalker(new NoHttpStringWalker(sourceFile, this.getOptions()));
|
| 24 | };
|
| 25 | Rule.metadata = {
|
| 26 | ruleName: 'no-http-string',
|
| 27 | type: 'maintainability',
|
| 28 | description: 'Do not use strings that start with \'http:\'. URL strings should start with \'https:\'. ',
|
| 29 | options: null,
|
| 30 | optionsDescription: '',
|
| 31 | typescriptOnly: true,
|
| 32 | issueClass: 'SDL',
|
| 33 | issueType: 'Error',
|
| 34 | severity: 'Critical',
|
| 35 | level: 'Mandatory',
|
| 36 | group: 'Security',
|
| 37 | recommendation: '[true, "http://www.example.com/?.*", "http://localhost:?.*"],',
|
| 38 | commonWeaknessEnumeration: '319'
|
| 39 | };
|
| 40 | Rule.FAILURE_STRING = 'Forbidden http url in string: ';
|
| 41 | return Rule;
|
| 42 | }(Lint.Rules.AbstractRule));
|
| 43 | exports.Rule = Rule;
|
| 44 | var NoHttpStringWalker = (function (_super) {
|
| 45 | __extends(NoHttpStringWalker, _super);
|
| 46 | function NoHttpStringWalker() {
|
| 47 | return _super !== null && _super.apply(this, arguments) || this;
|
| 48 | }
|
| 49 | NoHttpStringWalker.prototype.visitStringLiteral = function (node) {
|
| 50 | this.visitLiteralExpression(node);
|
| 51 | _super.prototype.visitStringLiteral.call(this, node);
|
| 52 | };
|
| 53 | NoHttpStringWalker.prototype.visitNode = function (node) {
|
| 54 | if (node.kind === ts.SyntaxKind.NoSubstitutionTemplateLiteral) {
|
| 55 | this.visitLiteralExpression(node);
|
| 56 | }
|
| 57 | else if (node.kind === ts.SyntaxKind.TemplateHead) {
|
| 58 | this.visitLiteralExpression(node);
|
| 59 | }
|
| 60 | _super.prototype.visitNode.call(this, node);
|
| 61 | };
|
| 62 | NoHttpStringWalker.prototype.visitLiteralExpression = function (node) {
|
| 63 | var stringText = node.text;
|
| 64 | if (stringText.indexOf('http:') === 0) {
|
| 65 | if (!this.isSuppressed(stringText)) {
|
| 66 | var failureString = Rule.FAILURE_STRING + '\'' + stringText + '\'';
|
| 67 | this.addFailureAt(node.getStart(), node.getWidth(), failureString);
|
| 68 | }
|
| 69 | }
|
| 70 | };
|
| 71 | NoHttpStringWalker.prototype.isSuppressed = function (stringText) {
|
| 72 | var allExceptions = NoHttpStringWalker.getExceptions(this.getOptions());
|
| 73 | return Utils_1.Utils.exists(allExceptions, function (exception) {
|
| 74 | return new RegExp(exception).test(stringText);
|
| 75 | });
|
| 76 | };
|
| 77 | NoHttpStringWalker.getExceptions = function (options) {
|
| 78 | if (options.ruleArguments instanceof Array) {
|
| 79 | return options.ruleArguments[0];
|
| 80 | }
|
| 81 | if (options instanceof Array) {
|
| 82 | return options;
|
| 83 | }
|
| 84 | return null;
|
| 85 | };
|
| 86 | return NoHttpStringWalker;
|
| 87 | }(ErrorTolerantWalker_1.ErrorTolerantWalker));
|
| 88 | |
| \ | No newline at end of file |