loredarchives/ESLegant
Archived
1
0
Fork 0
Code Issues Pull Requests Activity

feat: security related rules

Browse Source
This commit is contained in:
Guz013
2023-09-04 20:56:00 -03:00
parent dcce924286
commit 2e1914c733
9 changed files with 130 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.changeset/thirty-parrots-fry.md Normal file
View File

@@ -0,0 +1,6 @@
---
"@eslegant/js": minor
---
New rules related to possible security vulnerabilities in JavaScript.
Provided by `eslint-plugin-security` and `eslint-plugin-no-secrets`

1
configs/js/package.json
View File

@@ -47,6 +47,7 @@
"eslint-plugin-i": "2.28.0-2", "eslint-plugin-i": "2.28.0-2",
"eslint-plugin-jsdoc": "^46.5.0", "eslint-plugin-jsdoc": "^46.5.0",
"eslint-plugin-n": "^16.0.2", "eslint-plugin-n": "^16.0.2",
"eslint-plugin-no-secrets": "^0.8.9",
"eslint-plugin-perfectionist": "^1.5.1", "eslint-plugin-perfectionist": "^1.5.1",
"eslint-plugin-security": "^1.7.1", "eslint-plugin-security": "^1.7.1",
"eslint-plugin-unicorn": "^48.0.1", "eslint-plugin-unicorn": "^48.0.1",

24
configs/js/src/@types/eslint-plugin-no-secrets.d.ts vendored Normal file
View File

@@ -0,0 +1,24 @@
/**
* @file
* Type declaration for the `eslint-plugin-no-secrets` package in a attempt to make it
* compatible with the new flat config.
* @license MIT
* @author Guz013 <contact.guz013@gmail.com> (https://guz.one)
*/
import type { ESLint } from 'eslint';
/**
* @summary An eslint plugin to find strings that might be secrets/credentials.
*
* ---
* **Note:** Types in this project where overridden to be compatible with
* ESLint new flat config types. ESlint already has backwards compatibility
* for plugins not created in the new flat config.
* @see {@link https://www.npmjs.com/package/eslint-plugin-no-secrets npm package}
*/
declare module 'eslint-plugin-no-secrets' {
declare const plugin: ESLint.Plugin;
export default plugin;
}

22
configs/js/src/configs/index.d.ts vendored
View File

@@ -225,6 +225,28 @@ const configs: Readonly<{
*/ */
strict: ConfigVariations, strict: ConfigVariations,
}, },
/**
* @summary
* Prevents possible vulnerabilities.
* @description
* This configuration tries to prevent possible vulnerabilities
* in you code, such as hard-coded secrets, personal information in comments,
* XSS attacks, etc.
*/
security: {
/**
* @description
* Rules which warns you about possible security vulnerabilities.
*/
recommended: ConfigVariations,
/**
* @borrows Builds on top of the recommended configuration
* @description
* Similar to recommended config, but with rules in error-level
* to make possible vulnerabilities harder to ignore.
*/
strict: ConfigVariations,
},
/** /**
* @summary * @summary
* Enforces different ways of coding in JavaScript and TypeScript. * Enforces different ways of coding in JavaScript and TypeScript.

2
configs/js/src/configs/index.js
View File

@@ -11,6 +11,7 @@ import documentation from './documentation.js';
import suggestions from './suggestions.js'; import suggestions from './suggestions.js';
import formatting from './formatting.js'; import formatting from './formatting.js';
import overrides from './overrides.js'; import overrides from './overrides.js';
import security from './security.js';
import problems from './problems.js'; import problems from './problems.js';
import naming from './naming.js'; import naming from './naming.js';
import core from './core.js'; import core from './core.js';
@@ -23,6 +24,7 @@ const configs = {
naming, naming,
overrides, overrides,
problems, problems,
security,
suggestions, suggestions,
'suggestions-typescript': typescript, 'suggestions-typescript': typescript,
}; };

61
configs/js/src/configs/security.js Normal file
View File

@@ -0,0 +1,61 @@
/* eslint-disable import/no-relative-parent-imports */
/* eslint-disable unicorn/no-useless-spread */
/**
* @file
* Configuration objects for preventing possible security vulnerabilities.
* See more info on the configs type declaration file.
* @license MIT
* @author Guz013 <contact.guz013@gmail.com> (https://guz.one)
*/
import noSecretsPluginRegexes from 'eslint-plugin-no-secrets/regexes.js';
import noSecretsPlugin from 'eslint-plugin-no-secrets';
import { createVariations } from '../lib/rule-variations.js';
import { jsFiles, tsFiles } from '../constants.js';
const recommended = createVariations({
files: [...tsFiles, ...jsFiles],
plugins: {
'no-secrets': noSecretsPlugin,
},
rules: {
...{}, // Plugin: eslint-plugin-security
'security/detect-bidi-characters': 'warn',
'security/detect-disable-mustache-escape': 'warn',
'security/detect-eval-with-expression': 'warn',
'security/detect-non-literal-regexp': 'warn',
'security/detect-object-injection': 'warn',
'security/detect-possible-timing-attacks': 'warn',
'security/detect-pseudoRandomBytes': 'warn',
'security/detect-unsafe-regex': 'warn',
...{}, // Plugin: eslint-plugin-no-secrets
'no-secrets/no-secrets': 'warn',
},
});
const strict = createVariations({
...recommended.error,
rules: {
...recommended.error.rules,
...{}, // Plugin: eslint-plugin-security
'security/detect-bidi-characters': 'error',
'security/detect-disable-mustache-escape': 'error',
'security/detect-eval-with-expression': 'error',
'security/detect-non-literal-regexp': 'error',
'security/detect-object-injection': 'warn',
'security/detect-possible-timing-attacks': 'warn',
'security/detect-pseudoRandomBytes': 'error',
'security/detect-unsafe-regex': 'error',
...{}, // Plugin: eslint-plugin-no-secrets
'no-secrets/no-secrets': ['error', {
additionalRegexes: noSecretsPluginRegexes,
}],
},
});
const security = { recommended, strict };
export default security;

1
configs/js/src/presets/recommended.js
View File

@@ -18,5 +18,6 @@ const recommended = [
configs.formatting.recommended.default, configs.formatting.recommended.default,
configs.naming.recommended.default, configs.naming.recommended.default,
configs.documentation.recommended.default, configs.documentation.recommended.default,
configs.security.recommended.default,
]; ];
export default recommended; export default recommended;

1
configs/js/src/presets/strict.js
View File

@@ -18,5 +18,6 @@ const strict = [
configs.formatting.strict.default, configs.formatting.strict.default,
configs.naming.strict.default, configs.naming.strict.default,
configs.documentation.recommended.default, configs.documentation.recommended.default,
configs.security.strict.default,
]; ];
export default strict; export default strict;

12
pnpm-lock.yaml generated
View File

@@ -63,6 +63,9 @@ importers:
eslint-plugin-n: eslint-plugin-n:
specifier: ^16.0.2 specifier: ^16.0.2
version: 16.0.2(eslint@8.47.0) version: 16.0.2(eslint@8.47.0)
eslint-plugin-no-secrets:
specifier: ^0.8.9
version: 0.8.9(eslint@8.47.0)
eslint-plugin-perfectionist: eslint-plugin-perfectionist:
specifier: ^1.5.1 specifier: ^1.5.1
version: 1.5.1(eslint@8.47.0)(typescript@5.1.6) version: 1.5.1(eslint@8.47.0)(typescript@5.1.6)
@@ -2134,6 +2137,15 @@ packages:
semver: 7.5.4 semver: 7.5.4
dev: false dev: false
/eslint-plugin-no-secrets@0.8.9(eslint@8.47.0):
resolution: {integrity: sha512-CqaBxXrImABCtxMWspAnm8d5UKkpNylC7zqVveb+fJHEvsSiNGJlSWzdSIvBUnW1XhJXkzifNIZQC08rEII5Ng==}
engines: {node: '>=10.0.0', npm: '>=6.9.0'}
peerDependencies:
eslint: '>=3.0.0'
dependencies:
eslint: 8.47.0
dev: false
/eslint-plugin-perfectionist@1.5.1(eslint@8.47.0)(typescript@5.1.6): /eslint-plugin-perfectionist@1.5.1(eslint@8.47.0)(typescript@5.1.6):
resolution: {integrity: sha512-PiUrAfGDc/l6MKKUP8qt5RXueC7FZC6F/0j8ijXYU8o3x8o2qUi6zEEYBkId/IiKloIXM5KTD4jrH9833kDNzA==} resolution: {integrity: sha512-PiUrAfGDc/l6MKKUP8qt5RXueC7FZC6F/0j8ijXYU8o3x8o2qUi6zEEYBkId/IiKloIXM5KTD4jrH9833kDNzA==}
peerDependencies: peerDependencies: