UNPKG

tslint-microsoft-contrib/noDocumentDomainRule.js

Version:

2.54 kBJavaScriptView Raw

1"use strict";
2var __extends = (this && this.__extends) || (function () {
  var extendStatics = function (d, b) {
      extendStatics = Object.setPrototypeOf ||
          ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
          function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };
      return extendStatics(d, b);
  }
  return function (d, b) {
      extendStatics(d, b);
      function __() { this.constructor = d; }
      d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
  };
14})();
15Object.defineProperty(exports, "__esModule", { value: true });
16var ts = require("typescript");
17var Lint = require("tslint");
18var tsutils = require("tsutils");
19var Rule = (function (_super) {
  __extends(Rule, _super);
  function Rule() {
      return _super !== null && _super.apply(this, arguments) || this;
  }
  Rule.prototype.apply = function (sourceFile) {
      return this.applyWithFunction(sourceFile, walk);
  };
  Rule.metadata = {
      ruleName: 'no-document-domain',
      type: 'maintainability',
      description: 'Do not write to document.domain. Scripts setting document.domain to any value should be ' +
          'validated to ensure that the value is on a list of allowed sites.',
      options: null,
      optionsDescription: '',
      typescriptOnly: true,
      issueClass: 'SDL',
      issueType: 'Error',
      severity: 'Critical',
      level: 'Mandatory',
      group: 'Security'
  };
  Rule.FAILURE_STRING = 'Forbidden write to document.domain: ';
  return Rule;
43}(Lint.Rules.AbstractRule));
44exports.Rule = Rule;
45function walk(ctx) {
  function cb(node) {
      if (tsutils.isBinaryExpression(node) &&
          node.operatorToken.getText() === '=' &&
          tsutils.isPropertyAccessExpression(node.left) &&
          isDocumentDomainProperty(node.left)) {
          var msg = Rule.FAILURE_STRING + node.getFullText().trim();
          ctx.addFailureAt(node.getStart(), node.getWidth(), msg);
      }
      return ts.forEachChild(node, cb);
  }
  return ts.forEachChild(ctx.sourceFile, cb);
  function isDocumentDomainProperty(node) {
      if (node.name.text !== 'domain') {
          return false;
      }
      return node.expression.getText() === 'document' || node.expression.getText() === 'window.document';
  }
63}
64//# sourceMappingURL=noDocumentDomainRule.js.map
\No newline at end of file

1	`"use strict";`
2	`var __extends = (this && this.__extends) \|\| (function () {`
3	`var extendStatics = function (d, b) {`
4	`extendStatics = Object.setPrototypeOf \|\|`
5	`({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) \|\|`
6	`function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };`
7	`return extendStatics(d, b);`
8	`}`
9	`return function (d, b) {`
10	`extendStatics(d, b);`
11	`function __() { this.constructor = d; }`
12	`d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());`
13	`};`
14	`})();`
15	`Object.defineProperty(exports, "__esModule", { value: true });`
16	`var ts = require("typescript");`
17	`var Lint = require("tslint");`
18	`var tsutils = require("tsutils");`
19	`var Rule = (function (_super) {`
20	`__extends(Rule, _super);`
21	`function Rule() {`
22	`return _super !== null && _super.apply(this, arguments) \|\| this;`
23	`}`
24	`Rule.prototype.apply = function (sourceFile) {`
25	`return this.applyWithFunction(sourceFile, walk);`
26	`};`
27	`Rule.metadata = {`
28	`ruleName: 'no-document-domain',`
29	`type: 'maintainability',`
30	`description: 'Do not write to document.domain. Scripts setting document.domain to any value should be ' +`
31	`'validated to ensure that the value is on a list of allowed sites.',`
32	`options: null,`
33	`optionsDescription: '',`
34	`typescriptOnly: true,`
35	`issueClass: 'SDL',`
36	`issueType: 'Error',`
37	`severity: 'Critical',`
38	`level: 'Mandatory',`
39	`group: 'Security'`
40	`};`
41	`Rule.FAILURE_STRING = 'Forbidden write to document.domain: ';`
42	`return Rule;`
43	`}(Lint.Rules.AbstractRule));`
44	`exports.Rule = Rule;`
45	`function walk(ctx) {`
46	`function cb(node) {`
47	`if (tsutils.isBinaryExpression(node) &&`
48	`node.operatorToken.getText() === '=' &&`
49	`tsutils.isPropertyAccessExpression(node.left) &&`
50	`isDocumentDomainProperty(node.left)) {`
51	`var msg = Rule.FAILURE_STRING + node.getFullText().trim();`
52	`ctx.addFailureAt(node.getStart(), node.getWidth(), msg);`
53	`}`
54	`return ts.forEachChild(node, cb);`
55	`}`
56	`return ts.forEachChild(ctx.sourceFile, cb);`
57	`function isDocumentDomainProperty(node) {`
58	`if (node.name.text !== 'domain') {`
59	`return false;`
60	`}`
61	`return node.expression.getText() === 'document' \|\| node.expression.getText() === 'window.document';`
62	`}`
63	`}`
64	`//# sourceMappingURL=noDocumentDomainRule.js.map`
\	No newline at end of file