diff --git a/lib/rules/detect-option-unsafe-in-serialize-javascript-npm-package.js b/lib/rules/detect-option-unsafe-in-serialize-javascript-npm-package.js index f7d83aa7..5f68e317 100644 --- a/lib/rules/detect-option-unsafe-in-serialize-javascript-npm-package.js +++ b/lib/rules/detect-option-unsafe-in-serialize-javascript-npm-package.js @@ -2,43 +2,70 @@ * @fileoverview detect opion:unsafe in serialize method in serialize-javasript npm package * @author Gkouziik */ -"use strict"; - -//------------------------------------------------------------------------------ -// Rule Definition -//------------------------------------------------------------------------------ +'use strict' module.exports = { - meta: { - docs: { - description: "detect opion:unsafe in serialize method in serialize-javasript npm package", - category: "Fill me in", - recommended: false - }, - fixable: null, // or "code" or "whitespace" - schema: [ - // fill in your schema - ] + meta: { + type: 'suggestion', + messages: { + msg: 'detect option:unsafe in serialize' }, + docs: { + description: 'detect opion:unsafe in serialize method in serialize-javasript npm package', + category: 'Possible errors', + recommended: true + }, + fixable: null + }, - create: function(context) { - - // variables should be defined here - - //---------------------------------------------------------------------- - // Helpers - //---------------------------------------------------------------------- - - // any helper functions should go here or else delete this section - - //---------------------------------------------------------------------- - // Public - //---------------------------------------------------------------------- - - return { + create: function (context) { + var serializeVar - // give me methods + return { + 'VariableDeclaration': function (node) { + if (node.declarations[0].init.hasOwnProperty('callee')) { + if (node.declarations[0].init.callee.hasOwnProperty('name')) { + if ( + node.declarations[0].init.callee.name === 'require' && + node.declarations[0].init.arguments[0].type === 'Literal' && + node.declarations[0].init.arguments[0].value === 'serialize-javascript' + ) { + serializeVar = node.declarations[0].id.name + console.log(serializeVar) + } + } + } + }, + 'CallExpression': function (node) { + if (node.callee.type === 'Identifier') { + if (node.callee.name === serializeVar || node.callee.name === 'serialize') { + if (node.arguments.length > 0 && node.arguments[1] != undefined) { + if (node.arguments[1].type === 'ObjectExpression') { + var flag = false + for (var i in node.arguments[1].properties) { + if (node.arguments[1].properties[i].key.name === 'unsafe') { + if (node.arguments[1].properties[i].value.raw === 'true') { + flag = true + break + } + } + } + if (flag == true) { + context.report({ + node: node, + messageId: 'msg', + loc: { + start: node.arguments[1].loc.start, + end: node.arguments[1].loc.end + } - }; + }) + } + } + } + } + } + } } -}; + } +} diff --git a/tests/lib/rules/detect-option-unsafe-in-serialize-javascript-npm-package.js b/tests/lib/rules/detect-option-unsafe-in-serialize-javascript-npm-package.js index adef286f..032f6eb5 100644 --- a/tests/lib/rules/detect-option-unsafe-in-serialize-javascript-npm-package.js +++ b/tests/lib/rules/detect-option-unsafe-in-serialize-javascript-npm-package.js @@ -2,36 +2,29 @@ * @fileoverview detect opion:unsafe in serialize method in serialize-javasript npm package * @author Gkouziik */ -"use strict"; - -//------------------------------------------------------------------------------ -// Requirements -//------------------------------------------------------------------------------ - -var rule = require("../../../lib/rules/detect-option-unsafe-in-serialize-javascript-npm-package"), - - RuleTester = require("eslint").RuleTester; - - -//------------------------------------------------------------------------------ -// Tests -//------------------------------------------------------------------------------ - -var ruleTester = new RuleTester(); -ruleTester.run("detect-option-unsafe-in-serialize-javascript-npm-package", rule, { - - valid: [ - - // give me some code that won't trigger a warning - ], - - invalid: [ - { - code: "", - errors: [{ - message: "Fill me in.", - type: "Me too" - }] - } - ] -}); +'use strict' + +var rule = require('../../../lib/rules/detect-option-unsafe-in-serialize-javascript-npm-package') +var RuleTester = require('eslint').RuleTester +const ERROR_MSG = 'detect option:unsafe in serialize' +const valid = 'serialize({str: "string", obj : {foo: "foo"},arr : [1, 2, 3],bool : true})' +const invalid = 'serialize(object,{unsafe:true})' + +var ruleTester = new RuleTester() +ruleTester.run('detect-option-unsafe-in-serialize-javascript-npm-package', rule, { + + valid: [{ + + code: valid + } + ], + + invalid: [ + { + code: invalid, + errors: [{ + message: ERROR_MSG + }] + } + ] +})