Skip to content

Commit

Permalink
#21 Rule Ready tested
Browse files Browse the repository at this point in the history
  • Loading branch information
gkouziik committed Sep 10, 2019
1 parent 4d711cc commit 0ca48df
Show file tree
Hide file tree
Showing 4 changed files with 179 additions and 137 deletions.
88 changes: 52 additions & 36 deletions lib/rules/detect-absence-of-name-option-in-exrpress-session.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,43 +2,59 @@
* @fileoverview Detect the absence of name option in express session
* @author Gkouziik
*/
"use strict";

//------------------------------------------------------------------------------
// Rule Definition
//------------------------------------------------------------------------------

module.exports = {
meta: {
docs: {
description: "Detect the absence of name option in express session",
category: "Fill me in",
recommended: false
},
fixable: null, // or "code" or "whitespace"
schema: [
// fill in your schema
]
meta: {
type: 'suggestion',
messages: {
msg: 'detect absence of option:name in express-session'
},
docs: {
description: 'Detect the absence of name option in express session',
category: 'Possible Errors',
recommended: true
},
fixable: null
},

create: function (context) {
var expressSessionVar
return {
'VariableDeclaration': function (node) {
if (node.declarations[0].init.callee.name === 'require' &&
node.declarations[0].init.arguments[0].type === 'Literal' &&
node.declarations[0].init.arguments[0].value === 'express-session') {
expressSessionVar = node.declarations[0].id.name
}
},
'CallExpression': function (node) {
var flag = false
// eslint-disable-next-line eqeqeq
if (node.callee.hasOwnProperty('object') && node.callee.type === 'MemberExpression' && expressSessionVar != undefined) {
if (node.callee.object.name === 'app' && node.callee.property.name === 'use') {
if (node.arguments[0].callee.name === expressSessionVar || node.arguments[0].callee.name === 'express-session') {
if (node.arguments[0].arguments[0].type === 'ObjectExpression') {
for (var i in node.arguments[0].arguments[0].properties) {
if (node.arguments[0].arguments[0].properties[i].key.name === 'name') {
flag = true
break
}
}
if (flag === false) {
context.report({
node: node,
messageId: 'msg',
loc: {
start: node.arguments[0].arguments[0].loc.start,
end: node.arguments[0].arguments[0].loc.end
}
})
}
}
}
}
}
}

create: function(context) {

// variables should be defined here

//----------------------------------------------------------------------
// Helpers
//----------------------------------------------------------------------

// any helper functions should go here or else delete this section

//----------------------------------------------------------------------
// Public
//----------------------------------------------------------------------

return {

// give me methods

};
}
};
}
}
102 changes: 67 additions & 35 deletions lib/rules/detect-security-missconfiguration-cookie.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,43 +2,75 @@
* @fileoverview detect security missconfiguration in express cookie
* @author Gkouziik
*/
"use strict";

//------------------------------------------------------------------------------
// Rule Definition
//------------------------------------------------------------------------------
'use strict'

module.exports = {
meta: {
docs: {
description: "detect security missconfiguration in express cookie",
category: "Fill me in",
recommended: false
},
fixable: null, // or "code" or "whitespace"
schema: [
// fill in your schema
]
meta: {
type: 'suggestion',
messages: {
msg: 'detect absence of option cookie:secure in cookie express-session'
},
docs: {
description: 'detect security missconfiguration in express cookie',
category: 'Possible Errors',
recommended: true
},
fixable: null
},

create: function(context) {

// variables should be defined here

//----------------------------------------------------------------------
// Helpers
//----------------------------------------------------------------------

// any helper functions should go here or else delete this section

//----------------------------------------------------------------------
// Public
//----------------------------------------------------------------------

return {

// give me methods

};
create: function (context) {
var expressSessionVar
return {
'VariableDeclaration': function (node) {
if (
node.declarations[0].init.callee.name === 'require' &&
node.declarations[0].init.arguments[0].type === 'Literal' &&
node.declarations[0].init.arguments[0].value === 'express-session'
) {
expressSessionVar = node.declarations[0].id.name
}
},
'CallExpression': function (node) {
if (
node.callee.hasOwnProperty('object') &&
node.callee.type === 'MemberExpression' &&
expressSessionVar != undefined
) {
if (node.callee.object.name === 'app' && node.callee.property.name === 'use') {
if (
node.arguments[0].callee.name === expressSessionVar ||
node.arguments[0].callee.name === 'express-session'
) {
if (node.arguments[0].arguments[0].type === 'ObjectExpression') {
for (var i in node.arguments[0].arguments[0].properties) {
if (node.arguments[0].arguments[0].properties[i].key.name === 'cookie') {
var flag = false
for (var j in node.arguments[0].arguments[0].properties[i].value.properties) {
if (node.arguments[0].arguments[0].properties[i].value.properties[j].key.name === 'secure') {
if (node.arguments[0].arguments[0].properties[i].value.properties[j].value.raw === 'true') {
flag = true
break
}
}
}
// eslint-disable-next-line eqeqeq
if (flag == false) {
context.report({
node: node,
messageId: 'msg',
loc: {
start: node.arguments[0].arguments[0].loc.start,
end: node.arguments[0].arguments[0].loc.end
}
})
}
}
}
}
}
}
}
}
}
};
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -2,36 +2,30 @@
* @fileoverview Detect the absence of name option in express session
* @author Gkouziik
*/
"use strict";

//------------------------------------------------------------------------------
// Requirements
//------------------------------------------------------------------------------

var rule = require("../../../lib/rules/detect-absence-of-name-option-in-exrpress-session"),

RuleTester = require("eslint").RuleTester;


//------------------------------------------------------------------------------
// Tests
//------------------------------------------------------------------------------

var ruleTester = new RuleTester();
ruleTester.run("detect-absence-of-name-option-in-exrpress-session", rule, {

valid: [

// give me some code that won't trigger a warning
],

invalid: [
{
code: "",
errors: [{
message: "Fill me in.",
type: "Me too"
}]
}
]
});
'use strict'

// eslint-disable-next-line one-var
var rule = require('../../../lib/rules/detect-absence-of-name-option-in-exrpress-session')
var RuleTester = require('eslint').RuleTester

const ERROR_MSG = 'detect absence of option:name in express-session'
const validProperty = 'var session = require("express-session"); app.use(session({secret: "keyboard cat",name: "something",resave: false,saveUninitialized: true,cookie: { secure: true }}));'
const invalidProperty = 'var session = require("express-session"); app.use(session({secret: "keyboard cat",resave: false,saveUninitialized: true,cookie: { secure: true }}));'
var ruleTester = new RuleTester()
ruleTester.run('detect-absence-of-name-option-in-exrpress-session', rule, {

valid: [
{
code: validProperty
}
],

invalid: [
{
code: invalidProperty,
errors: [{
message: ERROR_MSG
}]
}
]
})
66 changes: 33 additions & 33 deletions tests/lib/rules/detect-security-missconfiguration-cookie.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,36 +2,36 @@
* @fileoverview detect security missconfiguration in express cookie
* @author Gkouziik
*/
"use strict";

//------------------------------------------------------------------------------
// Requirements
//------------------------------------------------------------------------------

var rule = require("../../../lib/rules/detect-security-missconfiguration-cookie"),

RuleTester = require("eslint").RuleTester;


//------------------------------------------------------------------------------
// Tests
//------------------------------------------------------------------------------

var ruleTester = new RuleTester();
ruleTester.run("detect-security-missconfiguration-cookie", rule, {

valid: [

// give me some code that won't trigger a warning
],

invalid: [
{
code: "",
errors: [{
message: "Fill me in.",
type: "Me too"
}]
}
]
});
'use strict'

var rule = require('../../../lib/rules/detect-security-missconfiguration-cookie')
var RuleTester = require('eslint').RuleTester

const ERROR_MSG = 'detect absence of option cookie:secure in cookie express-session'
const validWithCookie = 'var session = require("express-session"); app.use(session({store: new RedisStore({host: "localhost",port: 6379,db: 2,pass: "funky password here",ttl: (20 * 60)}),key: "id",secret: "this is a nice secret",resave: false,saveUninitialized: true,cookie: {domain: "secure.example.com", secure: true, path: "/",httpOnly: true, maxAge: null}}));'
const invalidWithSecureFalse = 'var session = require("express-session"); app.use(session({store: new RedisStore({host: "localhost",port: 6379,db: 2,pass: "funky password here",ttl: (20 * 60)}),key: "id",secret: "this is a nice secret",resave: false,saveUninitialized: true,cookie: {domain: "secure.example.com", secure: false, path: "/",httpOnly: true, maxAge: null}}));'
const validWithoutCookie = 'var session = require("express-session"); app.use(session({store: new RedisStore({host: "localhost",port: 6379,db: 2,pass: "funky password here",ttl: (20 * 60)}),key: "id",secret: "this is a nice secret",resave: false,saveUninitialized: true,}));'
const invalidWithoutSecureOption = 'var session = require("express-session"); app.use(session({store: new RedisStore({host: "localhost",port: 6379,db: 2,pass: "funky password here",ttl: (20 * 60)}),key: "id",secret: "this is a nice secret",resave: false,saveUninitialized: true,cookie: {domain: "secure.example.com",path: "/",httpOnly: true,maxAge: null}}));'
var ruleTester = new RuleTester()
ruleTester.run('detect-security-missconfiguration-cookie', rule, {

valid: [
{ code: validWithCookie },
{ code: validWithoutCookie }
],

invalid: [
{
code: invalidWithSecureFalse,
errors: [{
message: ERROR_MSG
}]
},
{
code: invalidWithoutSecureOption,
errors: [{
message: ERROR_MSG
}]
}
]
})

0 comments on commit 0ca48df

Please sign in to comment.