Note: Purchase Milk

    eslint-plugin-anti-trojan-source

    1.1.0 • Public • Published

    eslint-plugin-anti-trojan-source

    ESLint plugin to detect and prevent Trojan Source attacks from entering your codebase

    npm version license downloads build Known Vulnerabilities Responsible Disclosure Policy

    About

    ESLint plugin to detect and stop Trojan Source attacks from entering your codebase.

    If you're unaware of what Trojan Source attacks are, or how unicode characters injected into a codebase could be used in malicious ways, refer to the README of the anti-trojan-source source code repository.

    This ESLint plugin is based on the library and command-line tool anti-trojan-source.

    Install

    npm install --save-dev eslint-plugin-anti-trojan-source

    Usage

    Once you've installed this plugin, add it to your eslint configuration as follows.

    Recommended

    This plugin exports a recommended configuration. To enable this configuration, extend it in the configuration for your project.

    {
      "extends": ["eslint:recommended", "plugin:anti-trojan-source/recommended"]
    }

    Manual

    First, you need to define it as a plugin:

    Note: ESLint plugins can have their eslint-plugin prefix omitted when they are specified.

    {
      "plugins": ["anti-trojan-source"]
    }

    Then, add an ESLint rule that halts if it finds a Trojan Source attack:

    "rules": {
        "anti-trojan-source/no-bidi": "error"
    }

    Following is a complete example of configuration if you are defining ESLint configuration in your package.json file:

    "eslintConfig": {
        "plugins": [
            "anti-trojan-source"
        ],
        "rules": {
            "anti-trojan-source/no-bidi": "error"
        }
    }

    Example output

    The following is an example output when the plugin finds a Trojan Source attack in your codebase:

    /Users/lirantal/projects/repos/@gigsboat/cli/index.js
      1:1  error  Detected potential trojan source attack with unicode bidi introduced in this comment: '‮ } ⁦if (isAdmin)⁩ ⁦ begin admins only '  anti-trojan-source/no-bidi
      1:1  error  Detected potential trojan source attack with unicode bidi introduced in this comment: ' end admin only ‮ { ⁦'                    anti-trojan-source/no-bidi
    
    /Users/lirantal/projects/repos/@gigsboat/cli/lib/helper.js
      2:1  error  Detected potential trojan source attack with unicode bidi introduced in this code: '"user‮ ⁦// Check if admin⁩ ⁦"'  anti-trojan-source/no-bidi

    Author

    eslint-plugin-anti-trojan-source © Liran Tal, Released under the Apache-2.0 License.

    Install

    npm i eslint-plugin-anti-trojan-source

    DownloadsWeekly Downloads

    18,815

    Version

    1.1.0

    License

    Apache-2.0

    Unpacked Size

    20.7 kB

    Total Files

    7

    Last publish

    Collaborators

    • lirantal_bot