ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5757/javascript/rule.adoc
Fred Tingaud 51369b610e
Make sure that includes are always surrounded by empty lines (#2270) 
When an include is not surrounded by empty lines, its content is inlined
on the same line as the adjacent content. That can lead to broken tags
and other display issues.
This PR fixes all such includes and introduces a validation step that
forbids introducing the same problem again.
2023-06-22 10:38:01 +02:00

61 lines
1.7 KiB
Plaintext
Raw Blame History

include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
With https://www.npmjs.com/package/signale[Signale log management framework] the code is sensitive when an empty list of secrets is defined:
----
const { Signale } = require('signale');
const CREDIT_CARD_NUMBERS = fetchFromWebForm()
// here we suppose the credit card numbers are retrieved somewhere and CREDIT_CARD_NUMBERS looks like ["1234-5678-0000-9999", "1234-5678-0000-8888"]; for instance
const options = {
secrets: [] // empty list of secrets
};
const logger = new Signale(options); // Sensitive
CREDIT_CARD_NUMBERS.forEach(function(CREDIT_CARD_NUMBER) {
logger.log('The customer ordered products with the credit card number = %s', CREDIT_CARD_NUMBER);
});
----
== Compliant Solution
With https://www.npmjs.com/package/signale[Signale log management framework] it is possible to define a list of secrets that will be hidden in logs:
[source,javascript]
----
const { Signale } = require('signale');
const CREDIT_CARD_NUMBERS = fetchFromWebForm()
// here we suppose the credit card numbers are retrieved somewhere and CREDIT_CARD_NUMBERS looks like ["1234-5678-0000-9999", "1234-5678-0000-8888"]; for instance
const options = {
secrets: ["([0-9]{4}-?)+"]
};
const logger = new Signale(options); // Compliant
CREDIT_CARD_NUMBERS.forEach(function(CREDIT_CARD_NUMBER) {
logger.log('The customer ordered products with the credit card number = %s', CREDIT_CARD_NUMBER);
});
----
include::../see.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink