feat(security): Initial security plugin

Signed-off-by: Valentin Popov <info@valentineus.link>
2020-02-14 12:17:13 +04:00 · 2020-02-14 12:17:13 +04:00 · 570290241d
commit 570290241d
parent f9ebfb719a
5 changed files with 51 additions and 7 deletions
--- a/ROADMAP.md
+++ b/ROADMAP.md
@ -324,6 +324,22 @@
 - [ ] "prefer-default-export"
 - [ ] "unambiguous"

+## Security
+
+- [ ] "detect-buffer-noassert"
+- [ ] "detect-child-process"
+- [ ] "detect-disable-mustache-escape"
+- [ ] "detect-eval-with-expression"
+- [ ] "detect-new-buffer"
+- [ ] "detect-no-csrf-before-method-override"
+- [ ] "detect-non-literal-fs-filename"
+- [ ] "detect-non-literal-regexp"
+- [ ] "detect-non-literal-require"
+- [ ] "detect-object-injection"
+- [ ] "detect-possible-timing-attacks"
+- [ ] "detect-pseudoRandomBytes"
+- [ ] "detect-unsafe-regex"
+
 ## TypeScript

 - [ ] "adjacent-overload-signatures"
--- a/package.json
+++ b/package.json
@ -17,7 +17,8 @@
    "@typescript-eslint/parser": "^2.19.2",
    "eslint": "^6.8.0",
    "eslint-plugin-import": "^2.20.1",
-    "rollup": "^1.31.0",
+    "eslint-plugin-security": "^1.4.0",
+    "rollup": "^1.31.1",
    "rollup-plugin-terser": "^5.2.0",
    "tslib": "^1.10.0",
    "typescript": "^3.7.5"
@ -26,7 +27,8 @@
    "@typescript-eslint/eslint-plugin": "^2.19.0",
    "@typescript-eslint/parser": "^2.19.0",
    "eslint": "^6.8.0",
-    "eslint-plugin-import": "^2.20.1"
+    "eslint-plugin-import": "^2.20.1",
+    "eslint-plugin-security": "^1.4.0"
  },
  "dependencies": {}
 }
--- a/src/javascript.ts
+++ b/src/javascript.ts
@ -1,5 +1,6 @@
 import rDefault from "./rules/default.json";
 import rImport from "./rules/import.json";
+import rSecurity from "./rules/security.json";

 module.exports = {
 	"extends": [
@ -7,10 +8,15 @@ module.exports = {
 		"plugin:import/errors",
 		"plugin:import/recommended",
 		"plugin:import/warnings",
+		"plugin:security/recommended",
+	],
+	"plugins": [
+		"import",
+		"security",
 	],
-	"plugins": ["import"],
 	"rules": {
 		...rDefault,
 		...rImport,
+		...rSecurity,
 	},
 };
--- a/src/rules/security.json
+++ b/src/rules/security.json
@ -0,0 +1 @@
+{}
--- a/yarn.lock
+++ b/yarn.lock
@ -386,6 +386,13 @@ eslint-plugin-import@^2.20.1:
    read-pkg-up "^2.0.0"
    resolve "^1.12.0"

+eslint-plugin-security@^1.4.0:
+  version "1.4.0"
+  resolved "https://registry.yarnpkg.com/eslint-plugin-security/-/eslint-plugin-security-1.4.0.tgz#d4f314484a80b1b613b8c8886e84f52efe1526c2"
+  integrity sha512-xlS7P2PLMXeqfhyf3NpqbvbnW04kN8M9NtmhpR3XGyOvt/vNKS7XPXT5EDbwKW9vCjWH4PpfQvgD/+JgN0VJKA==
+  dependencies:
+    safe-regex "^1.1.0"
+
 eslint-scope@^5.0.0:
  version "5.0.0"
  resolved "https://registry.yarnpkg.com/eslint-scope/-/eslint-scope-5.0.0.tgz#e87c8887c73e8d1ec84f1ca591645c358bfc8fb9"
@ -1073,6 +1080,11 @@ restore-cursor@^3.1.0:
    onetime "^5.1.0"
    signal-exit "^3.0.2"

+ret@~0.1.10:
+  version "0.1.15"
+  resolved "https://registry.yarnpkg.com/ret/-/ret-0.1.15.tgz#b8a4825d5bdb1fc3f6f53c2bc33f81388681c7bc"
+  integrity sha512-TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg==
+
 rimraf@2.6.3:
  version "2.6.3"
  resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-2.6.3.tgz#b2d104fe0d8fb27cf9e0a1cda8262dd3833c6cab"
@ -1098,10 +1110,10 @@ rollup-pluginutils@^2.8.2:
  dependencies:
    estree-walker "^0.6.1"

-rollup@^1.31.0:
-  version "1.31.0"
-  resolved "https://registry.yarnpkg.com/rollup/-/rollup-1.31.0.tgz#e2a87212e96aa7850f3eb53fdd02cf89f2d2fe9a"
-  integrity sha512-9C6ovSyNeEwvuRuUUmsTpJcXac1AwSL1a3x+O5lpmQKZqi5mmrjauLeqIjvREC+yNRR8fPdzByojDng+af3nVw==
+rollup@^1.31.1:
+  version "1.31.1"
+  resolved "https://registry.yarnpkg.com/rollup/-/rollup-1.31.1.tgz#4170d6f87148d46e5fbe29b493f8f3ea3453c96f"
+  integrity sha512-2JREN1YdrS/kpPzEd33ZjtuNbOuBC3ePfuZBdKEybvqcEcszW1ckyVqzcEiEe0nE8sqHK+pbJg+PsAgRJ8+1dg==
  dependencies:
    "@types/estree" "*"
    "@types/node" "*"
@ -1121,6 +1133,13 @@ rxjs@^6.5.3:
  dependencies:
    tslib "^1.9.0"

+safe-regex@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/safe-regex/-/safe-regex-1.1.0.tgz#40a3669f3b077d1e943d44629e157dd48023bf2e"
+  integrity sha1-QKNmnzsHfR6UPURinhV91IAjvy4=
+  dependencies:
+    ret "~0.1.10"
+
 "safer-buffer@>= 2.1.2 < 3":
  version "2.1.2"
  resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"