Skip to content

Commit

Permalink
feat: add config recommended-legacy
Browse files Browse the repository at this point in the history
it also moves rule tests to `./test/rules`, and adds a test for the configs.

fixes #131

Signed-off-by: 唯然 <weiran.zsd@outlook.com>
  • Loading branch information
aladdin-add committed Dec 14, 2023
1 parent 27cd160 commit 5dbc55c
Show file tree
Hide file tree
Showing 18 changed files with 58 additions and 19 deletions.
1 change: 1 addition & 0 deletions .eslint-doc-generatorrc.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ const prettierRC = require('./.prettierrc.json');

/** @type {import('eslint-doc-generator').GenerateOptions} */
const config = {
ignoreConfig: ['recommended-legacy'],
postprocess: (doc) => format(doc, { ...prettierRC, parser: 'markdown' }),
};

Expand Down
18 changes: 16 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ yarn add --dev eslint-plugin-security

## Usage

### Flat config (requires eslint >= v8.23.0)

Add the following to your `eslint.config.js` file:

```js
Expand All @@ -28,6 +30,17 @@ const pluginSecurity = require('eslint-plugin-security');
module.exports = [pluginSecurity.configs.recommended];
```

### eslintrc config (deprecated)

Add the following to your `.eslintrc` file:

````js
module.exports = {
"extends": [
"plugin:security/recommended-legacy"
]
}

## Developer guide

- Use [GitHub pull requests](https://help.github.com/articles/using-pull-requests).
Expand All @@ -52,8 +65,8 @@ npm test
⚠️ Configurations set to warn in.\
Set in the `recommended` configuration.

| Name                                  | Description | ⚠️ |
| :------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------------- | :-- |
| Name                                  | Description | ⚠️ |
| :------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------------- | :- |
| [detect-bidi-characters](docs/rules/detect-bidi-characters.md) | Detects trojan source attacks that employ unicode bidi attacks to inject malicious code. ||
| [detect-buffer-noassert](docs/rules/detect-buffer-noassert.md) | Detects calls to "buffer" with "noAssert" flag set. ||
| [detect-child-process](docs/rules/detect-child-process.md) | Detects instances of "child_process" & non-literal "exec()" calls. ||
Expand All @@ -70,3 +83,4 @@ npm test
| [detect-unsafe-regex](docs/rules/detect-unsafe-regex.md) | Detects potentially unsafe regular expressions, which may take a very long time to run, blocking the event loop. ||

<!-- end auto-generated rules list -->
````
10 changes: 9 additions & 1 deletion index.js
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,14 @@ const recommended = {
},
};

Object.assign(plugin.configs, { recommended });
const recommendedLegacy = {
plugins: ['security'],
rules: recommended.rules,
};

Object.assign(plugin.configs, {
recommended,
'recommended-legacy': recommendedLegacy
});

module.exports = plugin;
16 changes: 16 additions & 0 deletions test/configs/index.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
'use strict';
const plugin = require('../../index.js');
const assert = require('assert').strict;

describe('export plugin object', () => {
it('should export rules', () => {
assert(plugin.rules);
assert(typeof plugin.rules['detect-unsafe-regex'] === 'object');
});

it('should export configs', () => {
assert(plugin.configs);
assert(plugin.configs['recommended']);
assert(plugin.configs['recommended-legacy']);
});
});
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ const RuleTester = require('eslint').RuleTester;
const tester = new RuleTester();

const ruleName = 'detect-bidi-characters';
const Rule = require(`../rules/${ruleName}`);
const Rule = require(`../../rules/${ruleName}`);

tester.run(ruleName, Rule, {
valid: [
Expand Down Expand Up @@ -54,7 +54,7 @@ tester.run(`${ruleName} in comment-line`, Rule, {
console.log("You are an admin.");
/* end admins only ‮
⁦*/
/* end admins only ‮
/* end admins only ‮
{ ⁦*/
`,
errors: [
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ const RuleTester = require('eslint').RuleTester;
const tester = new RuleTester();

const ruleName = 'detect-buffer-noassert';
const rule = require(`../rules/${ruleName}`);
const rule = require(`../../rules/${ruleName}`);

const allMethodNames = [...rule.meta.__methodsToCheck.read, ...rule.meta.__methodsToCheck.write];

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ const tester = new RuleTester({
});

const ruleName = 'detect-child-process';
const rule = require(`../rules/${ruleName}`);
const rule = require(`../../rules/${ruleName}`);

tester.run(ruleName, rule, {
valid: [
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ const tester = new RuleTester();

const ruleName = 'detect-disable-mustache-escape';

tester.run(ruleName, require(`../rules/${ruleName}`), {
tester.run(ruleName, require(`../../rules/${ruleName}`), {
valid: [{ code: 'escapeMarkup = false' }],
invalid: [
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ const tester = new RuleTester();

const ruleName = 'detect-eval-with-expression';

tester.run(ruleName, require(`../rules/${ruleName}`), {
tester.run(ruleName, require(`../../rules/${ruleName}`), {
valid: [{ code: "eval('alert()')" }],
invalid: [
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ const tester = new RuleTester();
const ruleName = 'detect-new-buffer';
const invalid = 'var a = new Buffer(c)';

tester.run(ruleName, require(`../rules/${ruleName}`), {
tester.run(ruleName, require(`../../rules/${ruleName}`), {
valid: [{ code: "var a = new Buffer('test')" }],
invalid: [
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ const tester = new RuleTester();

const ruleName = 'detect-no-csrf-before-method-override';

tester.run(ruleName, require(`../rules/${ruleName}`), {
tester.run(ruleName, require(`../../rules/${ruleName}`), {
valid: [{ code: 'express.methodOverride();express.csrf()' }],
invalid: [
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ const tester = new RuleTester({

const ruleName = 'detect-non-literal-fs-filename';

tester.run(ruleName, require(`../rules/${ruleName}`), {
tester.run(ruleName, require(`../../rules/${ruleName}`), {
valid: [
{
code: `var fs = require('fs');
Expand All @@ -29,7 +29,7 @@ tester.run(ruleName, require(`../rules/${ruleName}`), {
import { promises as fsp } from 'fs';
import fs from 'fs';
import path from 'path';
const index = await fsp.readFile(path.resolve(__dirname, './index.html'), 'utf-8');
const key = fs.readFileSync(path.join(__dirname, './ssl.key'));
await fsp.writeFile(path.resolve(__dirname, './sitemap.xml'), sitemap);`,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ const tester = new RuleTester();
const ruleName = 'detect-non-literal-regexp';
const invalid = "var a = new RegExp(c, 'i')";

tester.run(ruleName, require(`../rules/${ruleName}`), {
tester.run(ruleName, require(`../../rules/${ruleName}`), {
valid: [
{ code: "var a = new RegExp('ab+c', 'i')" },
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ const tester = new RuleTester({ parserOptions: { ecmaVersion: 6 } });

const ruleName = 'detect-non-literal-require';

tester.run(ruleName, require(`../rules/${ruleName}`), {
tester.run(ruleName, require(`../../rules/${ruleName}`), {
valid: [
{ code: "var a = require('b')" },
{ code: 'var a = require(`b`)' },
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ const tester = new RuleTester();

const ruleName = 'detect-object-injection';

const Rule = require(`../rules/${ruleName}`);
const Rule = require(`../../rules/${ruleName}`);

const valid = 'var a = {};';
// const invalidVariable = "TODO";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ const RuleTester = require('eslint').RuleTester;
const tester = new RuleTester();

const ruleName = 'detect-possible-timing-attacks';
const Rule = require(`../rules/${ruleName}`);
const Rule = require(`../../rules/${ruleName}`);

const valid = 'if (age === 5) {}';
const invalidLeft = "if (password === 'mypass') {}";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ const tester = new RuleTester();
const ruleName = 'detect-pseudoRandomBytes';
const invalid = 'crypto.pseudoRandomBytes';

tester.run(ruleName, require(`../rules/${ruleName}`), {
tester.run(ruleName, require(`../../rules/${ruleName}`), {
valid: [{ code: 'crypto.randomBytes' }],
invalid: [
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ const RuleTester = require('eslint').RuleTester;
const tester = new RuleTester();

const ruleName = 'detect-unsafe-regex';
const Rule = require(`../rules/${ruleName}`);
const Rule = require(`../../rules/${ruleName}`);

tester.run(ruleName, Rule, {
valid: [{ code: '/^d+1337d+$/' }],
Expand Down

0 comments on commit 5dbc55c

Please sign in to comment.