ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5736/javascript/rule.adoc

40 lines
935 B
Plaintext
Raw Normal View History

Add rules 5000-5999
2020-06-30 12:50:28 +02:00
include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
change the inline-code delimitters
2020-12-23 14:59:06 +01:00
In Express.js application the code is sensitive if the https://www.npmjs.com/package/helmet[helmet] ``referrerPolicy`` middleware is disabled or used with ``no-referrer-when-downgrade`` or ``unsafe-url``:
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space
2020-06-30 14:49:38 +02:00
Add rules 5000-5999
2020-06-30 12:50:28 +02:00
----
const express = require('express');
const helmet = require('helmet');
Add all rules, update all rules fixing the inline code syntax
2020-12-21 15:38:52 +01:00
app.use(
helmet.referrerPolicy({
policy: 'no-referrer-when-downgrade' // Sensitive: no-referrer-when-downgrade is used
})
);
Add rules 5000-5999
2020-06-30 12:50:28 +02:00
----
== Compliant Solution
change the inline-code delimitters
2020-12-23 14:59:06 +01:00
In Express.js application a secure solution is to user the https://www.npmjs.com/package/helmet[helmet] referrer policy middleware set to ``no-referrer``:
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space
2020-06-30 14:49:38 +02:00
Add rules 5000-5999
2020-06-30 12:50:28 +02:00
----
const express = require('express');
const helmet = require('helmet');
let app = express();
Add all rules, update all rules fixing the inline code syntax
2020-12-21 15:38:52 +01:00
app.use(
helmet.referrerPolicy({
policy: 'no-referrer' // Compliant
})
);
Add rules 5000-5999
2020-06-30 12:50:28 +02:00
----
include::../see.adoc[]
Reference in New Issue Copy Permalink