This repository has been archived by the owner on Jul 15, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 198
/
noCookiesRule.ts
57 lines (49 loc) · 2.16 KB
/
noCookiesRule.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
import * as ts from 'typescript';
import * as Lint from 'tslint';
import * as tsutils from 'tsutils';
import { ExtendedMetadata } from './utils/ExtendedMetadata';
export class Rule extends Lint.Rules.TypedRule {
public static metadata: ExtendedMetadata = {
ruleName: 'no-cookies',
type: 'maintainability',
description: 'Do not use cookies',
options: null, // tslint:disable-line:no-null-keyword
optionsDescription: '',
typescriptOnly: true,
issueClass: 'SDL',
issueType: 'Error',
severity: 'Critical',
level: 'Mandatory',
group: 'Security',
commonWeaknessEnumeration: '315, 539, 565, 614'
};
public static FAILURE_STRING: string = 'Forbidden call to document.cookie';
public applyWithProgram(sourceFile: ts.SourceFile, program: ts.Program): Lint.RuleFailure[] {
return this.applyWithFunction(sourceFile, walk, undefined, program);
}
}
function walk(ctx: Lint.WalkContext<void>, program: ts.Program) {
const typeChecker: ts.TypeChecker = program.getTypeChecker();
function cb(node: ts.Node): void {
if (tsutils.isPropertyAccessExpression(node)) {
const propertyName = node.name.text;
if (propertyName === 'cookie') {
const leftSide: ts.Expression = node.expression;
try {
const leftSideType: ts.Type = typeChecker.getTypeAtLocation(leftSide);
const typeAsString: string = typeChecker.typeToString(leftSideType);
if (leftSideType.flags === ts.TypeFlags.Any || typeAsString === 'Document') {
ctx.addFailureAt(leftSide.getStart(), leftSide.getWidth(), Rule.FAILURE_STRING);
}
} catch (e) {
// the error thrown seems like a tslint error
if (leftSide.getFullText().trim() === 'document') {
ctx.addFailureAt(leftSide.getStart(), leftSide.getWidth(), Rule.FAILURE_STRING);
}
}
}
}
return ts.forEachChild(node, cb);
}
return ts.forEachChild(ctx.sourceFile, cb);
}