eslint-plugin-codesink

1.0.12 • Public • Published

eslint-plugin-codesink

Detect common javascript sinks that lead to web application vulnerabilities.

Installation

# minimal installation:
npm i eslint eslint-plugin-codesink
# for html and typescript support:
npm install eslint-plugin-html typescript@4.1.6 @typescript-eslint/parser @typescript-eslint/eslint-plugin@5.0.0-alpha.42

Usage

Add the following configuration to your .eslintrc.js file:

'use strict';

module.exports = {
  root: true,
  env: {
    node: true,
    es6: true,
  },
  parserOptions: {
    ecmaVersion: 2020,
    sourceType: 'module',
    ecmaFeatures: {
      jsx: true,
    },
  },
  parser: '@typescript-eslint/parser',
  plugins: ['codesink', 'html', '@typescript-eslint'],
  rules: {
    //add specific rules to your project here
    'codesink/no-dom-xss': 'warn',
    'codesink/no-open-redirect': 'warn',
    'codesink/no-eval-injection': 'warn',
    'codesink/no-cookie-manipulation': 'warn',
    'codesink/no-domain-manipulation': 'warn',
    'codesink/no-websocket-url-poisoning': 'warn',
    'codesink/no-link-manipulation': 'warn',
    'codesink/no-message-manipulation': 'warn',
    'codesink/no-path-traversal': 'warn',
    'codesink/no-evil-regex': 'warn',
    'codesink/no-regex-injection': 'warn',
    'codesink/no-hardcoded-credentials': 'warn',
  },
};

Add the following command to `package.json' scripts:

"scripts": {
    "lint": "eslint .",
}

To run eslint from your terminal:

npm run lint

Supported Rules

Vulnerability sinks Rule
DOM-based XSS no-dom-xss
DOM-based open redirect no-open-redirect
DOM-based JavaScript injection no-eval-injection
DOM-based Cookie manipulation no-cookie-manipulation
DOM-based document-domain manipulation no-document-manipulation
DOM-based WebSocket-URL poisoning websocket-url-poisoning
DOM-based link manipulation no-link-manipulation
Web message manipulation no-message-manipulation
Path traversal no-path-traversal
Evil regex no-evil-regex
Regex injection no-regex-injection
Hard-coded credentials no-hardcoded-credentials

Package Sidebar

Install

npm i eslint-plugin-codesink

Weekly Downloads

0

Version

1.0.12

License

ISC

Unpacked Size

101 kB

Total Files

52

Last publish

Collaborators

  • timothee_desurmont