UNPKG

tslint-microsoft-contrib/noInnerHtmlRule.js

Version:

3.96 kBJavaScriptView Raw

1"use strict";
2var __extends = (this && this.__extends) || (function () {
  var extendStatics = Object.setPrototypeOf ||
      ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
      function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };
  return function (d, b) {
      extendStatics(d, b);
      function __() { this.constructor = d; }
      d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
  };
11})();
12Object.defineProperty(exports, "__esModule", { value: true });
13var ts = require("typescript");
14var Lint = require("tslint");
15var ErrorTolerantWalker_1 = require("./utils/ErrorTolerantWalker");
16var AstUtils_1 = require("./utils/AstUtils");
17var FAILURE_INNER = 'Writing a string to the innerHTML property is insecure: ';
18var FAILURE_OUTER = 'Writing a string to the outerHTML property is insecure: ';
19var FAILURE_HTML_LIB = 'Using the html() function to write a string to innerHTML is insecure: ';
20var Rule = (function (_super) {
  __extends(Rule, _super);
  function Rule() {
      return _super !== null && _super.apply(this, arguments) || this;
  }
  Rule.prototype.apply = function (sourceFile) {
      return this.applyWithWalker(new NoInnerHtmlRuleWalker(sourceFile, this.getOptions()));
  };
  Rule.metadata = {
      ruleName: 'no-inner-html',
      type: 'maintainability',
      description: 'Do not write values to innerHTML, outerHTML, or set HTML using the JQuery html() function.',
      options: null,
      optionsDescription: '',
      typescriptOnly: true,
      issueClass: 'SDL',
      issueType: 'Error',
      severity: 'Critical',
      level: 'Mandatory',
      group: 'Security',
      commonWeaknessEnumeration: '79, 85, 710'
  };
  return Rule;
43}(Lint.Rules.AbstractRule));
44exports.Rule = Rule;
45var NoInnerHtmlRuleWalker = (function (_super) {
  __extends(NoInnerHtmlRuleWalker, _super);
  function NoInnerHtmlRuleWalker(sourceFile, options) {
      var _this = _super.call(this, sourceFile, options) || this;
      _this.htmlLibExpressionRegex = /^(jquery|[$])/i;
      var opt = _this.getOptions();
      if (typeof opt[1] === 'object' && opt[1]['html-lib-matcher']) {
          _this.htmlLibExpressionRegex = new RegExp(opt[1]['html-lib-matcher']);
      }
      return _this;
  }
  NoInnerHtmlRuleWalker.prototype.visitBinaryExpression = function (node) {
      if (node.operatorToken.kind === ts.SyntaxKind.EqualsToken) {
          if (node.left.kind === ts.SyntaxKind.PropertyAccessExpression) {
              var propAccess = node.left;
              var propName = propAccess.name.text;
              if (propName === 'innerHTML') {
                  this.addFailureAt(node.getStart(), node.getWidth(), FAILURE_INNER + node.getText());
              }
              else if (propName === 'outerHTML') {
                  this.addFailureAt(node.getStart(), node.getWidth(), FAILURE_OUTER + node.getText());
              }
          }
      }
      _super.prototype.visitBinaryExpression.call(this, node);
  };
  NoInnerHtmlRuleWalker.prototype.visitCallExpression = function (node) {
      var functionName = AstUtils_1.AstUtils.getFunctionName(node);
      if (functionName === 'html') {
          if (node.arguments.length > 0) {
              var functionTarget = AstUtils_1.AstUtils.getFunctionTarget(node);
              if (this.htmlLibExpressionRegex.test(functionTarget)) {
                  this.addFailureAt(node.getStart(), node.getWidth(), FAILURE_HTML_LIB + node.getText());
              }
          }
      }
      _super.prototype.visitCallExpression.call(this, node);
  };
  return NoInnerHtmlRuleWalker;
84}(ErrorTolerantWalker_1.ErrorTolerantWalker));
85//# sourceMappingURL=noInnerHtmlRule.js.map
\No newline at end of file

1	`"use strict";`
2	`var __extends = (this && this.__extends) \|\| (function () {`
3	`var extendStatics = Object.setPrototypeOf \|\|`
4	`({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) \|\|`
5	`function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };`
6	`return function (d, b) {`
7	`extendStatics(d, b);`
8	`function __() { this.constructor = d; }`
9	`d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());`
10	`};`
11	`})();`
12	`Object.defineProperty(exports, "__esModule", { value: true });`
13	`var ts = require("typescript");`
14	`var Lint = require("tslint");`
15	`var ErrorTolerantWalker_1 = require("./utils/ErrorTolerantWalker");`
16	`var AstUtils_1 = require("./utils/AstUtils");`
17	`var FAILURE_INNER = 'Writing a string to the innerHTML property is insecure: ';`
18	`var FAILURE_OUTER = 'Writing a string to the outerHTML property is insecure: ';`
19	`var FAILURE_HTML_LIB = 'Using the html() function to write a string to innerHTML is insecure: ';`
20	`var Rule = (function (_super) {`
21	`__extends(Rule, _super);`
22	`function Rule() {`
23	`return _super !== null && _super.apply(this, arguments) \|\| this;`
24	`}`
25	`Rule.prototype.apply = function (sourceFile) {`
26	`return this.applyWithWalker(new NoInnerHtmlRuleWalker(sourceFile, this.getOptions()));`
27	`};`
28	`Rule.metadata = {`
29	`ruleName: 'no-inner-html',`
30	`type: 'maintainability',`
31	`description: 'Do not write values to innerHTML, outerHTML, or set HTML using the JQuery html() function.',`
32	`options: null,`
33	`optionsDescription: '',`
34	`typescriptOnly: true,`
35	`issueClass: 'SDL',`
36	`issueType: 'Error',`
37	`severity: 'Critical',`
38	`level: 'Mandatory',`
39	`group: 'Security',`
40	`commonWeaknessEnumeration: '79, 85, 710'`
41	`};`
42	`return Rule;`
43	`}(Lint.Rules.AbstractRule));`
44	`exports.Rule = Rule;`
45	`var NoInnerHtmlRuleWalker = (function (_super) {`
46	`__extends(NoInnerHtmlRuleWalker, _super);`
47	`function NoInnerHtmlRuleWalker(sourceFile, options) {`
48	`var _this = _super.call(this, sourceFile, options) \|\| this;`
49	`_this.htmlLibExpressionRegex = /^(jquery\|[$])/i;`
50	`var opt = _this.getOptions();`
51	`if (typeof opt[1] === 'object' && opt[1]['html-lib-matcher']) {`
52	`_this.htmlLibExpressionRegex = new RegExp(opt[1]['html-lib-matcher']);`
53	`}`
54	`return _this;`
55	`}`
56	`NoInnerHtmlRuleWalker.prototype.visitBinaryExpression = function (node) {`
57	`if (node.operatorToken.kind === ts.SyntaxKind.EqualsToken) {`
58	`if (node.left.kind === ts.SyntaxKind.PropertyAccessExpression) {`
59	`var propAccess = node.left;`
60	`var propName = propAccess.name.text;`
61	`if (propName === 'innerHTML') {`
62	`this.addFailureAt(node.getStart(), node.getWidth(), FAILURE_INNER + node.getText());`
63	`}`
64	`else if (propName === 'outerHTML') {`
65	`this.addFailureAt(node.getStart(), node.getWidth(), FAILURE_OUTER + node.getText());`
66	`}`
67	`}`
68	`}`
69	`_super.prototype.visitBinaryExpression.call(this, node);`
70	`};`
71	`NoInnerHtmlRuleWalker.prototype.visitCallExpression = function (node) {`
72	`var functionName = AstUtils_1.AstUtils.getFunctionName(node);`
73	`if (functionName === 'html') {`
74	`if (node.arguments.length > 0) {`
75	`var functionTarget = AstUtils_1.AstUtils.getFunctionTarget(node);`
76	`if (this.htmlLibExpressionRegex.test(functionTarget)) {`
77	`this.addFailureAt(node.getStart(), node.getWidth(), FAILURE_HTML_LIB + node.getText());`
78	`}`
79	`}`
80	`}`
81	`_super.prototype.visitCallExpression.call(this, node);`
82	`};`
83	`return NoInnerHtmlRuleWalker;`
84	`}(ErrorTolerantWalker_1.ErrorTolerantWalker));`
85	`//# sourceMappingURL=noInnerHtmlRule.js.map`
\	No newline at end of file