From 570290241dc983abfb14bb20b0e8eb8b3a74a22d Mon Sep 17 00:00:00 2001 From: Valentin Popov Date: Fri, 14 Feb 2020 12:17:13 +0400 Subject: feat(security): Initial security plugin Signed-off-by: Valentin Popov --- ROADMAP.md | 16 ++++++++++++++++ package.json | 6 ++++-- src/javascript.ts | 8 +++++++- src/rules/security.json | 1 + yarn.lock | 27 +++++++++++++++++++++++---- 5 files changed, 51 insertions(+), 7 deletions(-) create mode 100644 src/rules/security.json diff --git a/ROADMAP.md b/ROADMAP.md index 46c3102..8cc9d68 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -324,6 +324,22 @@ - [ ] "prefer-default-export" - [ ] "unambiguous" +## Security + +- [ ] "detect-buffer-noassert" +- [ ] "detect-child-process" +- [ ] "detect-disable-mustache-escape" +- [ ] "detect-eval-with-expression" +- [ ] "detect-new-buffer" +- [ ] "detect-no-csrf-before-method-override" +- [ ] "detect-non-literal-fs-filename" +- [ ] "detect-non-literal-regexp" +- [ ] "detect-non-literal-require" +- [ ] "detect-object-injection" +- [ ] "detect-possible-timing-attacks" +- [ ] "detect-pseudoRandomBytes" +- [ ] "detect-unsafe-regex" + ## TypeScript - [ ] "adjacent-overload-signatures" diff --git a/package.json b/package.json index b61e905..b20c629 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,8 @@ "@typescript-eslint/parser": "^2.19.2", "eslint": "^6.8.0", "eslint-plugin-import": "^2.20.1", - "rollup": "^1.31.0", + "eslint-plugin-security": "^1.4.0", + "rollup": "^1.31.1", "rollup-plugin-terser": "^5.2.0", "tslib": "^1.10.0", "typescript": "^3.7.5" @@ -26,7 +27,8 @@ "@typescript-eslint/eslint-plugin": "^2.19.0", "@typescript-eslint/parser": "^2.19.0", "eslint": "^6.8.0", - "eslint-plugin-import": "^2.20.1" + "eslint-plugin-import": "^2.20.1", + "eslint-plugin-security": "^1.4.0" }, "dependencies": {} } diff --git a/src/javascript.ts b/src/javascript.ts index 6dd6ac8..9026379 100644 --- a/src/javascript.ts +++ b/src/javascript.ts @@ -1,5 +1,6 @@ import rDefault from "./rules/default.json"; import rImport from "./rules/import.json"; +import rSecurity from "./rules/security.json"; module.exports = { "extends": [ @@ -7,10 +8,15 @@ module.exports = { "plugin:import/errors", "plugin:import/recommended", "plugin:import/warnings", + "plugin:security/recommended", + ], + "plugins": [ + "import", + "security", ], - "plugins": ["import"], "rules": { ...rDefault, ...rImport, + ...rSecurity, }, }; diff --git a/src/rules/security.json b/src/rules/security.json new file mode 100644 index 0000000..0967ef4 --- /dev/null +++ b/src/rules/security.json @@ -0,0 +1 @@ +{} diff --git a/yarn.lock b/yarn.lock index d8e5f08..f73ba79 100644 --- a/yarn.lock +++ b/yarn.lock @@ -386,6 +386,13 @@ eslint-plugin-import@^2.20.1: read-pkg-up "^2.0.0" resolve "^1.12.0" +eslint-plugin-security@^1.4.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/eslint-plugin-security/-/eslint-plugin-security-1.4.0.tgz#d4f314484a80b1b613b8c8886e84f52efe1526c2" + integrity sha512-xlS7P2PLMXeqfhyf3NpqbvbnW04kN8M9NtmhpR3XGyOvt/vNKS7XPXT5EDbwKW9vCjWH4PpfQvgD/+JgN0VJKA== + dependencies: + safe-regex "^1.1.0" + eslint-scope@^5.0.0: version "5.0.0" resolved "https://registry.yarnpkg.com/eslint-scope/-/eslint-scope-5.0.0.tgz#e87c8887c73e8d1ec84f1ca591645c358bfc8fb9" @@ -1073,6 +1080,11 @@ restore-cursor@^3.1.0: onetime "^5.1.0" signal-exit "^3.0.2" +ret@~0.1.10: + version "0.1.15" + resolved "https://registry.yarnpkg.com/ret/-/ret-0.1.15.tgz#b8a4825d5bdb1fc3f6f53c2bc33f81388681c7bc" + integrity sha512-TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg== + rimraf@2.6.3: version "2.6.3" resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-2.6.3.tgz#b2d104fe0d8fb27cf9e0a1cda8262dd3833c6cab" @@ -1098,10 +1110,10 @@ rollup-pluginutils@^2.8.2: dependencies: estree-walker "^0.6.1" -rollup@^1.31.0: - version "1.31.0" - resolved "https://registry.yarnpkg.com/rollup/-/rollup-1.31.0.tgz#e2a87212e96aa7850f3eb53fdd02cf89f2d2fe9a" - integrity sha512-9C6ovSyNeEwvuRuUUmsTpJcXac1AwSL1a3x+O5lpmQKZqi5mmrjauLeqIjvREC+yNRR8fPdzByojDng+af3nVw== +rollup@^1.31.1: + version "1.31.1" + resolved "https://registry.yarnpkg.com/rollup/-/rollup-1.31.1.tgz#4170d6f87148d46e5fbe29b493f8f3ea3453c96f" + integrity sha512-2JREN1YdrS/kpPzEd33ZjtuNbOuBC3ePfuZBdKEybvqcEcszW1ckyVqzcEiEe0nE8sqHK+pbJg+PsAgRJ8+1dg== dependencies: "@types/estree" "*" "@types/node" "*" @@ -1121,6 +1133,13 @@ rxjs@^6.5.3: dependencies: tslib "^1.9.0" +safe-regex@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/safe-regex/-/safe-regex-1.1.0.tgz#40a3669f3b077d1e943d44629e157dd48023bf2e" + integrity sha1-QKNmnzsHfR6UPURinhV91IAjvy4= + dependencies: + ret "~0.1.10" + "safer-buffer@>= 2.1.2 < 3": version "2.1.2" resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a" -- cgit v1.2.3