Home Explore Help
Sign In
CocoRoboLabs
/
CocoRoboDesktop
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 64589d4da5
Branches Tags
CocoRoboDesk...
/
pdf1.js
/
node_modules
/
eslint-plugin-security
/
rules
/
detect-object-injection.js

detect-object-injection.js 2.0 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. /**
    2. 

  2.  * Tries to detect instances of var[var]
    3. 

  3.  * @author Jon Lamendola
    4. 

  4.  */
    5. 

  5. 

  6. //------------------------------------------------------------------------------
    7. 

  7. // Rule Definition
    8. 

  8. //------------------------------------------------------------------------------
    9. 

  9. 

  10. var Sinks = [];
    11. 

  11. function getSerialize (fn, decycle) {
    12. 

  12.   var seen = [], keys = [];
    13. 

  13.   decycle = decycle || function(key, value) {
    14. 

  14.     return '[Circular ' + getPath(value, seen, keys) + ']'
    15. 

  15.   };
    16. 

  16.   return function(key, value) {
    17. 

  17.     var ret = value;
    18. 

  18.     if (typeof value === 'object' && value) {
    19. 

  19.       if (seen.indexOf(value) !== -1)
    20. 

  20.         ret = decycle(key, value);
    21. 

  21.       else {
    22. 

  22.         seen.push(value);
    23. 

  23.         keys.push(key);
    24. 

  24.       }
    25. 

  25.     }
    26. 

  26.     if (fn) ret = fn(key, ret);
    27. 

  27.     return ret;
    28. 

  28.   }
    29. 

  29. }
    30. 

  30. 

  31. function getPath (value, seen, keys) {
    32. 

  32.   var index = seen.indexOf(value);
    33. 

  33.   var path = [ keys[index] ];
    34. 

  34.   for (index--; index >= 0; index--) {
    35. 

  35.     if (seen[index][ path[0] ] === value) {
    36. 

  36.       value = seen[index];
    37. 

  37.       path.unshift(keys[index]);
    38. 

  38.     }
    39. 

  39.   }
    40. 

  40.   return '~' + path.join('.');
    41. 

  41. }
    42. 

  42. 

  43. function stringify(obj, fn, spaces, decycle) {
    44. 

  44.   return JSON.stringify(obj, getSerialize(fn, decycle), spaces);
    45. 

  45. }
    46. 

  46. 

  47. stringify.getSerialize = getSerialize;module.exports = function(context) {
    48. 

  48. 

  49.         "use strict";
    50. 

  50. 

  51. var isChanged = false;
    52. 

  52. 

  53. 

  54. 

  55.         return {
    56. 

  56.             "MemberExpression": function(node) {
    57. 

  57. 

  58.                 if (node.computed === true) {
    59. 

  59.                     var token = context.getTokens(node)[0];
    60. 

  60.                     if (node.property.type === 'Identifier') {
    61. 

  61.                         if (node.parent.type === 'VariableDeclarator') {
    62. 

  62.    context.report(node, 'Variable Assigned to Object Injection Sink');
    63. 

  63.     
    64. 

  64.                         } else if (node.parent.type === 'CallExpression') {
    65. 

  65.                         //    console.log(node.parent)
    66. 

  66.   context.report(node, 'Function Call Object Injection Sink');
    67. 

  67.                         } else {
    68. 

  68.                         context.report(node, 'Generic Object Injection Sink');
    69. 

  69.     
    70. 

  70.                         }
    71. 

  71. 

  72.                     }
    73. 

  73.                 }
    74. 

  74. 

  75.             }
    76. 

  76. 

  77.         };
    78. 

  78.     }
    79. 

  79.