mirror of
https://github.com/desktop/desktop
synced 2024-07-05 00:58:57 +00:00
add tests for existing insecure-random rule, update internals and lint
This commit is contained in:
parent
7c9a645b63
commit
329323ef44
|
@ -1,37 +1,46 @@
|
|||
// strings from https://github.com/Microsoft/tslint-microsoft-contrib/blob/b720cd9/src/insecureRandomRule.ts
|
||||
const MATH_FAIL_STRING =
|
||||
'Math.random produces insecure random numbers. ' +
|
||||
'Use crypto.randomBytes() or window.crypto.getRandomValues() instead'
|
||||
// @ts-check
|
||||
|
||||
const NODE_FAIL_STRING =
|
||||
'crypto.pseudoRandomBytes produces insecure random numbers. ' +
|
||||
'Use crypto.randomBytes() instead'
|
||||
/**
|
||||
* @typedef {import('eslint').Rule.RuleModule} RuleModule
|
||||
*/
|
||||
|
||||
/** @type {RuleModule} */
|
||||
module.exports = {
|
||||
meta: {
|
||||
docs: {
|
||||
description: 'Do not use insecure sources for random bytes',
|
||||
category: 'Best Practices',
|
||||
},
|
||||
// strings from https://github.com/Microsoft/tslint-microsoft-contrib/blob/b720cd9/src/insecureRandomRule.ts
|
||||
messages: {
|
||||
mathRandomInsecure:
|
||||
'Math.random produces insecure random numbers. Use crypto.randomBytes() or window.crypto.getRandomValues() instead',
|
||||
pseudoRandomBytesInsecure:
|
||||
'crypto.pseudoRandomBytes produces insecure random numbers. Use crypto.randomBytes() instead',
|
||||
},
|
||||
},
|
||||
create(context) {
|
||||
return {
|
||||
CallExpression(node) {
|
||||
const { callee } = node
|
||||
const isMemberExpression = callee.type === 'MemberExpression'
|
||||
|
||||
if (
|
||||
isMemberExpression &&
|
||||
callee.type === 'MemberExpression' &&
|
||||
callee.object.type === 'Identifier' &&
|
||||
callee.object.name === 'Math' &&
|
||||
callee.property.type === 'Identifier' &&
|
||||
callee.property.name === 'random'
|
||||
) {
|
||||
context.report(node, MATH_FAIL_STRING)
|
||||
context.report({ node, messageId: 'mathRandomInsecure' })
|
||||
}
|
||||
|
||||
if (
|
||||
(isMemberExpression &&
|
||||
(callee.type === 'MemberExpression' &&
|
||||
callee.property.type === 'Identifier' &&
|
||||
callee.property.name === 'pseudoRandomBytes') ||
|
||||
callee.name === 'pseudoRandomBytes'
|
||||
(callee.type === 'Identifier' && callee.name === 'pseudoRandomBytes')
|
||||
) {
|
||||
context.report(node, NODE_FAIL_STRING)
|
||||
context.report({ node, messageId: 'pseudoRandomBytesInsecure' })
|
||||
}
|
||||
},
|
||||
}
|
||||
|
|
39
eslint-rules/tests/insecure-random.test.js
Normal file
39
eslint-rules/tests/insecure-random.test.js
Normal file
|
@ -0,0 +1,39 @@
|
|||
// @ts-check
|
||||
|
||||
const RuleTester = require('eslint').RuleTester
|
||||
const rule = require('../insecure-random')
|
||||
|
||||
const parserOptions = {
|
||||
ecmaVersion: 2015,
|
||||
sourceType: 'module',
|
||||
}
|
||||
|
||||
const ruleTester = new RuleTester({ parserOptions })
|
||||
ruleTester.run('react-no-unbound-dispatcher-props', rule, {
|
||||
valid: [
|
||||
'const b = crypto.randomBytes();',
|
||||
'const b = window.crypto.getRandomValues();',
|
||||
],
|
||||
invalid: [
|
||||
{
|
||||
code: 'const b = Math.random();',
|
||||
errors: [{ messageId: 'mathRandomInsecure' }],
|
||||
},
|
||||
{
|
||||
code: `
|
||||
const crypto = require('crypto');
|
||||
|
||||
const b = crypto.pseudoRandomBytes();`,
|
||||
errors: [{ messageId: 'pseudoRandomBytesInsecure' }],
|
||||
},
|
||||
{
|
||||
code: `
|
||||
const { pseudoRandomBytes } = require('crypto');
|
||||
|
||||
const b = pseudoRandomBytes();
|
||||
|
||||
`,
|
||||
errors: [{ messageId: 'pseudoRandomBytesInsecure' }],
|
||||
},
|
||||
],
|
||||
})
|
Loading…
Reference in New Issue
Block a user