UNPKG

tslint-microsoft-contrib/noInnerHtmlRule.js

Version:

4.03 kBJavaScriptView Raw

1"use strict";
2var __extends = (this && this.__extends) || (function () {
  var extendStatics = function (d, b) {
      extendStatics = Object.setPrototypeOf ||
          ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
          function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };
      return extendStatics(d, b);
  }
  return function (d, b) {
      extendStatics(d, b);
      function __() { this.constructor = d; }
      d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
  };
14})();
15Object.defineProperty(exports, "__esModule", { value: true });
16var ts = require("typescript");
17var Lint = require("tslint");
18var tsutils = require("tsutils");
19var AstUtils_1 = require("./utils/AstUtils");
20var FAILURE_INNER = 'Writing a string to the innerHTML property is insecure: ';
21var FAILURE_OUTER = 'Writing a string to the outerHTML property is insecure: ';
22var FAILURE_HTML_LIB = 'Using the html() function to write a string to innerHTML is insecure: ';
23var Rule = (function (_super) {
  __extends(Rule, _super);
  function Rule() {
      return _super !== null && _super.apply(this, arguments) || this;
  }
  Rule.prototype.apply = function (sourceFile) {
      return this.applyWithFunction(sourceFile, walk, parseOptions(this.getOptions()));
  };
  Rule.metadata = {
      ruleName: 'no-inner-html',
      type: 'maintainability',
      description: 'Do not write values to innerHTML, outerHTML, or set HTML using the JQuery html() function.',
      options: null,
      optionsDescription: '',
      typescriptOnly: true,
      issueClass: 'SDL',
      issueType: 'Error',
      severity: 'Critical',
      level: 'Mandatory',
      group: 'Security',
      commonWeaknessEnumeration: '79, 85, 710'
  };
  return Rule;
46}(Lint.Rules.AbstractRule));
47exports.Rule = Rule;
48function parseOptions(options) {
  var value = /^(jquery|[$])/i;
  var args = options.ruleArguments;
  if (args && typeof args[1] === 'object' && args[1]['html-lib-matcher']) {
      value = new RegExp(args[1]['html-lib-matcher']);
  }
  else if (options instanceof Array && typeof options[1] === 'object' && options[1]['html-lib-matcher']) {
      value = new RegExp(options[1]['html-lib-matcher']);
  }
  return {
      htmlLibExpressionRegex: value
  };
60}
61function walk(ctx) {
  var htmlLibExpressionRegex = ctx.options.htmlLibExpressionRegex;
  function cb(node) {
      if (tsutils.isBinaryExpression(node)) {
          if (node.operatorToken.kind === ts.SyntaxKind.EqualsToken) {
              if (tsutils.isPropertyAccessExpression(node.left)) {
                  var propAccess = node.left;
                  var propName = propAccess.name.text;
                  if (propName === 'innerHTML') {
                      ctx.addFailureAt(node.getStart(), node.getWidth(), FAILURE_INNER + node.getText());
                  }
                  else if (propName === 'outerHTML') {
                      ctx.addFailureAt(node.getStart(), node.getWidth(), FAILURE_OUTER + node.getText());
                  }
              }
          }
      }
      if (tsutils.isCallExpression(node)) {
          var functionName = AstUtils_1.AstUtils.getFunctionName(node);
          if (functionName === 'html') {
              if (node.arguments.length > 0) {
                  var functionTarget = AstUtils_1.AstUtils.getFunctionTarget(node);
                  if (functionTarget !== undefined && htmlLibExpressionRegex.test(functionTarget)) {
                      ctx.addFailureAt(node.getStart(), node.getWidth(), FAILURE_HTML_LIB + node.getText());
                  }
              }
          }
      }
      return ts.forEachChild(node, cb);
  }
  return ts.forEachChild(ctx.sourceFile, cb);
92}
93//# sourceMappingURL=noInnerHtmlRule.js.map
\No newline at end of file

1	`"use strict";`
2	`var __extends = (this && this.__extends) \|\| (function () {`
3	`var extendStatics = function (d, b) {`
4	`extendStatics = Object.setPrototypeOf \|\|`
5	`({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) \|\|`
6	`function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };`
7	`return extendStatics(d, b);`
8	`}`
9	`return function (d, b) {`
10	`extendStatics(d, b);`
11	`function __() { this.constructor = d; }`
12	`d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());`
13	`};`
14	`})();`
15	`Object.defineProperty(exports, "__esModule", { value: true });`
16	`var ts = require("typescript");`
17	`var Lint = require("tslint");`
18	`var tsutils = require("tsutils");`
19	`var AstUtils_1 = require("./utils/AstUtils");`
20	`var FAILURE_INNER = 'Writing a string to the innerHTML property is insecure: ';`
21	`var FAILURE_OUTER = 'Writing a string to the outerHTML property is insecure: ';`
22	`var FAILURE_HTML_LIB = 'Using the html() function to write a string to innerHTML is insecure: ';`
23	`var Rule = (function (_super) {`
24	`__extends(Rule, _super);`
25	`function Rule() {`
26	`return _super !== null && _super.apply(this, arguments) \|\| this;`
27	`}`
28	`Rule.prototype.apply = function (sourceFile) {`
29	`return this.applyWithFunction(sourceFile, walk, parseOptions(this.getOptions()));`
30	`};`
31	`Rule.metadata = {`
32	`ruleName: 'no-inner-html',`
33	`type: 'maintainability',`
34	`description: 'Do not write values to innerHTML, outerHTML, or set HTML using the JQuery html() function.',`
35	`options: null,`
36	`optionsDescription: '',`
37	`typescriptOnly: true,`
38	`issueClass: 'SDL',`
39	`issueType: 'Error',`
40	`severity: 'Critical',`
41	`level: 'Mandatory',`
42	`group: 'Security',`
43	`commonWeaknessEnumeration: '79, 85, 710'`
44	`};`
45	`return Rule;`
46	`}(Lint.Rules.AbstractRule));`
47	`exports.Rule = Rule;`
48	`function parseOptions(options) {`
49	`var value = /^(jquery\|[$])/i;`
50	`var args = options.ruleArguments;`
51	`if (args && typeof args[1] === 'object' && args[1]['html-lib-matcher']) {`
52	`value = new RegExp(args[1]['html-lib-matcher']);`
53	`}`
54	`else if (options instanceof Array && typeof options[1] === 'object' && options[1]['html-lib-matcher']) {`
55	`value = new RegExp(options[1]['html-lib-matcher']);`
56	`}`
57	`return {`
58	`htmlLibExpressionRegex: value`
59	`};`
60	`}`
61	`function walk(ctx) {`
62	`var htmlLibExpressionRegex = ctx.options.htmlLibExpressionRegex;`
63	`function cb(node) {`
64	`if (tsutils.isBinaryExpression(node)) {`
65	`if (node.operatorToken.kind === ts.SyntaxKind.EqualsToken) {`
66	`if (tsutils.isPropertyAccessExpression(node.left)) {`
67	`var propAccess = node.left;`
68	`var propName = propAccess.name.text;`
69	`if (propName === 'innerHTML') {`
70	`ctx.addFailureAt(node.getStart(), node.getWidth(), FAILURE_INNER + node.getText());`
71	`}`
72	`else if (propName === 'outerHTML') {`
73	`ctx.addFailureAt(node.getStart(), node.getWidth(), FAILURE_OUTER + node.getText());`
74	`}`
75	`}`
76	`}`
77	`}`
78	`if (tsutils.isCallExpression(node)) {`
79	`var functionName = AstUtils_1.AstUtils.getFunctionName(node);`
80	`if (functionName === 'html') {`
81	`if (node.arguments.length > 0) {`
82	`var functionTarget = AstUtils_1.AstUtils.getFunctionTarget(node);`
83	`if (functionTarget !== undefined && htmlLibExpressionRegex.test(functionTarget)) {`
84	`ctx.addFailureAt(node.getStart(), node.getWidth(), FAILURE_HTML_LIB + node.getText());`
85	`}`
86	`}`
87	`}`
88	`}`
89	`return ts.forEachChild(node, cb);`
90	`}`
91	`return ts.forEachChild(ctx.sourceFile, cb);`
92	`}`
93	`//# sourceMappingURL=noInnerHtmlRule.js.map`
\	No newline at end of file