add tests for existing insecure-random rule, update internals and lint

2024-07-05 00:58:57 +00:00 · 2021-07-04 13:36:55 -03:00 · 2021-07-04 13:36:55 -03:00 · 329323ef44
commit 329323ef44
parent 7c9a645b63
2 changed files with 61 additions and 13 deletions
--- a/eslint-rules/insecure-random.js
+++ b/eslint-rules/insecure-random.js
@ -1,37 +1,46 @@
-// strings from https://github.com/Microsoft/tslint-microsoft-contrib/blob/b720cd9/src/insecureRandomRule.ts
-const MATH_FAIL_STRING =
-  'Math.random produces insecure random numbers. ' +
-  'Use crypto.randomBytes() or window.crypto.getRandomValues() instead'
+// @ts-check

-const NODE_FAIL_STRING =
-  'crypto.pseudoRandomBytes produces insecure random numbers. ' +
-  'Use crypto.randomBytes() instead'
+/**
+ * @typedef {import('eslint').Rule.RuleModule} RuleModule
+ */

+/** @type {RuleModule} */
 module.exports = {
  meta: {
    docs: {
      description: 'Do not use insecure sources for random bytes',
      category: 'Best Practices',
    },
+    // strings from https://github.com/Microsoft/tslint-microsoft-contrib/blob/b720cd9/src/insecureRandomRule.ts
+    messages: {
+      mathRandomInsecure:
+        'Math.random produces insecure random numbers. Use crypto.randomBytes() or window.crypto.getRandomValues() instead',
+      pseudoRandomBytesInsecure:
+        'crypto.pseudoRandomBytes produces insecure random numbers. Use crypto.randomBytes() instead',
+    },
  },
  create(context) {
    return {
      CallExpression(node) {
        const { callee } = node
-        const isMemberExpression = callee.type === 'MemberExpression'
+
        if (
-          isMemberExpression &&
+          callee.type === 'MemberExpression' &&
+          callee.object.type === 'Identifier' &&
          callee.object.name === 'Math' &&
+          callee.property.type === 'Identifier' &&
          callee.property.name === 'random'
        ) {
-          context.report(node, MATH_FAIL_STRING)
+          context.report({ node, messageId: 'mathRandomInsecure' })
        }
+
        if (
-          (isMemberExpression &&
+          (callee.type === 'MemberExpression' &&
+            callee.property.type === 'Identifier' &&
            callee.property.name === 'pseudoRandomBytes') ||
-          callee.name === 'pseudoRandomBytes'
+          (callee.type === 'Identifier' && callee.name === 'pseudoRandomBytes')
        ) {
-          context.report(node, NODE_FAIL_STRING)
+          context.report({ node, messageId: 'pseudoRandomBytesInsecure' })
        }
      },
    }
--- a/eslint-rules/tests/insecure-random.test.js
+++ b/eslint-rules/tests/insecure-random.test.js
@ -0,0 +1,39 @@
+// @ts-check
+
+const RuleTester = require('eslint').RuleTester
+const rule = require('../insecure-random')
+
+const parserOptions = {
+  ecmaVersion: 2015,
+  sourceType: 'module',
+}
+
+const ruleTester = new RuleTester({ parserOptions })
+ruleTester.run('react-no-unbound-dispatcher-props', rule, {
+  valid: [
+    'const b = crypto.randomBytes();',
+    'const b = window.crypto.getRandomValues();',
+  ],
+  invalid: [
+    {
+      code: 'const b = Math.random();',
+      errors: [{ messageId: 'mathRandomInsecure' }],
+    },
+    {
+      code: `
+      const crypto = require('crypto');
+
+      const b = crypto.pseudoRandomBytes();`,
+      errors: [{ messageId: 'pseudoRandomBytesInsecure' }],
+    },
+    {
+      code: `
+      const { pseudoRandomBytes } = require('crypto');
+      
+      const b = pseudoRandomBytes();
+      
+      `,
+      errors: [{ messageId: 'pseudoRandomBytesInsecure' }],
+    },
+  ],
+})