From 1a8ca807b9880aae02eddfb85a3b50531bcc41b9 Mon Sep 17 00:00:00 2001 From: seanmizen Date: Thu, 15 Jun 2023 11:35:26 +0100 Subject: [PATCH 1/6] no-sanitizer-with-danger: Add fixer function --- lib/rules/no-sanitizer-with-danger.js | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/rules/no-sanitizer-with-danger.js b/lib/rules/no-sanitizer-with-danger.js index f85eef2..7ba8fc8 100644 --- a/lib/rules/no-sanitizer-with-danger.js +++ b/lib/rules/no-sanitizer-with-danger.js @@ -70,7 +70,8 @@ module.exports = { }, additionalProperties: false } - ] + ], + fixable: 'code', }, create: function(context) { @@ -98,13 +99,20 @@ module.exports = { } if (messageIndex >= 0) { + const htmlProp = node.value.expression.properties.find(prop => prop.key.name === '__html'); context.report({ node: node, message: DANGEROUS_MESSAGES[messageIndex], data: { name: node.name.name, wrapperName: JSON.stringify(config.wrapperName) - } + }, + fix(fixer) { + return fixer.replaceText( + htmlProp.value, + `${config.wrapperName[0]}(${context.getSourceCode().getText(htmlProp.value)})` + ); + }, }); } } From c12755800e695bf35d860fc79101bdd7be0f4f2b Mon Sep 17 00:00:00 2001 From: seanmizen Date: Fri, 16 Jun 2023 09:20:38 +0100 Subject: [PATCH 2/6] no-sanitizer-with-danger: Fix tests --- tests/lib/rules/no-sanitizer-with-danger.js | 22 +++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/tests/lib/rules/no-sanitizer-with-danger.js b/tests/lib/rules/no-sanitizer-with-danger.js index eb24fbf..5185f4e 100644 --- a/tests/lib/rules/no-sanitizer-with-danger.js +++ b/tests/lib/rules/no-sanitizer-with-danger.js @@ -7,7 +7,9 @@ // ------------------------------------------------------------------------------ // Constants // ------------------------------------------------------------------------------ -const MESSAGE = 'Use xss sanitizer with dangerouslySetInnerHTML'; +const NO_SANITIZER_PATTERN = /Dangerous property '\s+' without sanitizer found./; +const BAD_WRAPPER_PATTERN = /Wrapper name is not one of '\[.*\]'\./; +const XSS_LIBRARY_MESSAGE = 'Direct use of xss library found.'; // ------------------------------------------------------------------------------ // Requirements @@ -49,32 +51,32 @@ ruleTester.run('no-sanitizer-with-danger', rule, { invalid: [ { code: "with sanitizer

' }} />;", - errors: [{ message: MESSAGE }] + errors: [NO_SANITIZER_PATTERN] }, { code: "
;", - errors: [{ message: MESSAGE }] + errors: [NO_SANITIZER_PATTERN] }, { code: "
with sanitizer

' }} />;", - errors: [{ message: MESSAGE }] + errors: [NO_SANITIZER_PATTERN] }, { code: '
;', - errors: [{ message: MESSAGE }] + errors: [NO_SANITIZER_PATTERN] }, { - code: "
with sanitizer

') }} />;", - errors: [{ message: 'Use sanitizer as name of wrapper' }] + code: "
with sanitizer

') }} />;", + errors: [BAD_WRAPPER_PATTERN] }, { code: "
with sanitizer

') }} />;", - errors: [{ message: 'Use sanitizer in util folder. Create sanitizer util if no exist.' }] + errors: [{ message: XSS_LIBRARY_MESSAGE }] }, { - code: "
with sanitizer

') }} />;", + code: "
with sanitizer

') }} />;", options: [{ wrapperName: ['xss', 'purify'] }], - errors: [{ message: 'Use sanitizer in util folder. Create sanitizer util if no exist.' }] + errors: [BAD_WRAPPER_PATTERN] } ] }); From c42a566fff1a1d60dfbabd673033e49071ddff5f Mon Sep 17 00:00:00 2001 From: seanmizen Date: Fri, 16 Jun 2023 09:57:13 +0100 Subject: [PATCH 3/6] no-sanitizer-with-danger: stop fixing direct library use --- lib/rules/no-sanitizer-with-danger.js | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/lib/rules/no-sanitizer-with-danger.js b/lib/rules/no-sanitizer-with-danger.js index 7ba8fc8..321f2d1 100644 --- a/lib/rules/no-sanitizer-with-danger.js +++ b/lib/rules/no-sanitizer-with-danger.js @@ -100,20 +100,25 @@ module.exports = { if (messageIndex >= 0) { const htmlProp = node.value.expression.properties.find(prop => prop.key.name === '__html'); - context.report({ + const reportOptions = { node: node, message: DANGEROUS_MESSAGES[messageIndex], data: { name: node.name.name, wrapperName: JSON.stringify(config.wrapperName) - }, - fix(fixer) { + } + }; + + if (messageIndex !== 2) { + reportOptions.fix = function(fixer) { return fixer.replaceText( htmlProp.value, `${config.wrapperName[0]}(${context.getSourceCode().getText(htmlProp.value)})` ); - }, - }); + }; + } + + context.report(reportOptions); } } }; From ea48fe616d54459016d7acaedad8e287c5a0dc10 Mon Sep 17 00:00:00 2001 From: seanmizen Date: Fri, 16 Jun 2023 09:57:40 +0100 Subject: [PATCH 4/6] no-sanitizer-with-danger: text fixer output --- tests/lib/rules/no-sanitizer-with-danger.js | 22 ++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/tests/lib/rules/no-sanitizer-with-danger.js b/tests/lib/rules/no-sanitizer-with-danger.js index 5185f4e..d36ebda 100644 --- a/tests/lib/rules/no-sanitizer-with-danger.js +++ b/tests/lib/rules/no-sanitizer-with-danger.js @@ -51,32 +51,40 @@ ruleTester.run('no-sanitizer-with-danger', rule, { invalid: [ { code: "with sanitizer

' }} />;", - errors: [NO_SANITIZER_PATTERN] + errors: [NO_SANITIZER_PATTERN], + output: "with sanitizer

') }} />;" }, { code: "
;", - errors: [NO_SANITIZER_PATTERN] + errors: [NO_SANITIZER_PATTERN], + output: "
;" }, { code: "
with sanitizer

' }} />;", - errors: [NO_SANITIZER_PATTERN] + errors: [NO_SANITIZER_PATTERN], + output: "
with sanitizer

') }} />;" }, { code: '
;', - errors: [NO_SANITIZER_PATTERN] + errors: [NO_SANITIZER_PATTERN], + output: '
;' }, { code: "
with sanitizer

') }} />;", - errors: [BAD_WRAPPER_PATTERN] + errors: [BAD_WRAPPER_PATTERN], + output: "
with sanitizer

')) }} />;" }, { code: "
with sanitizer

') }} />;", - errors: [{ message: XSS_LIBRARY_MESSAGE }] + errors: [{ message: XSS_LIBRARY_MESSAGE }], + // do not handle direct use of library + output: "
with sanitizer

') }} />;" }, { code: "
with sanitizer

') }} />;", options: [{ wrapperName: ['xss', 'purify'] }], - errors: [BAD_WRAPPER_PATTERN] + errors: [BAD_WRAPPER_PATTERN], + output: "
with sanitizer

')) }} />;" } ] }); From 7504a4f3ee391266b4d77e8f3530dd9cc70f54aa Mon Sep 17 00:00:00 2001 From: seanmizen Date: Fri, 16 Jun 2023 09:57:49 +0100 Subject: [PATCH 5/6] no-sanitizer-with-danger: remove comma --- lib/rules/no-sanitizer-with-danger.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/rules/no-sanitizer-with-danger.js b/lib/rules/no-sanitizer-with-danger.js index 321f2d1..e92cf2b 100644 --- a/lib/rules/no-sanitizer-with-danger.js +++ b/lib/rules/no-sanitizer-with-danger.js @@ -71,7 +71,7 @@ module.exports = { additionalProperties: false } ], - fixable: 'code', + fixable: 'code' }, create: function(context) { From 9588d6fff8d4e987bb9e3b24dabb176e104d0d51 Mon Sep 17 00:00:00 2001 From: seanmizen Date: Fri, 16 Jun 2023 10:02:25 +0100 Subject: [PATCH 6/6] add self to contribs --- package.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/package.json b/package.json index 1ffc5c8..fced599 100644 --- a/package.json +++ b/package.json @@ -32,6 +32,10 @@ { "name": "Iran Reyes", "url": "https://github.com/iranreyes" + }, + { + "name": "Sean Mizen", + "url": "https://github.com/seanmizen" } ], "main": "lib/index.js",