ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4825/javascript/rule.adoc
Fred Tingaud 16f6c0aecf
Inline adoc when include has no additional value (#1940) 
Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
2023-05-25 14:18:12 +02:00

110 lines
2.5 KiB
Plaintext
Raw Blame History

include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
----
// === Built-in NodeJS modules ===
const http = require('http');
http.request(url, (res) => {}); // Sensitive
http.get(url, (res) => {}); // Sensitive
const https = require('https');
https.request(url, (res) => {}); // Sensitive
https.get(url, (res) => {}); // Sensitive
----
----
// === Request NodeJS module ===
const request = require('request');
// All Request methods making HTTP requests are security-sensitive and should be reviewed.
// Examples:
request(url, function (error, res, body) {}); // Sensitive
request.get(url); // Sensitive
----
----
// === Axios module ===
const axios = require('axios');
// All Axios methods making HTTP requests are security-sensitive and should be reviewed.
// Example:
axios.get(url) // Sensitive
.then(function (res) {});
----
----
// === In browser, XMLHttpRequest ===
var xmlhttp = null;
if (window.XMLHttpRequest) {
xmlhttp = new XMLHttpRequest(); // modern browsers
} else {
xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); // very old IE browsers
}
xmlhttp.onreadystatechange = function() {};
xmlhttp.open("GET", url, false); // Sensitive
xmlhttp.send();
----
----
// === In modern browsers, Fetch API ===
window.fetch(url) // Sensitive
.then(function(res) {});
----
----
// === In old IE browsers, XDomainRequest ===
var xdr = new XDomainRequest();
xdr.open("GET", url);
xdr.send();
----
----
// === In browser, jQuery ===
// All jQuery methods making HTTP requests are security-sensitive and should be reviewed.
// Examples:
$.ajax({ url: url }) // Sensitive
.done(function(data) {});
$.get(url, function(data) {}); // Sensitive
----
include::../see.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
=== Message
Make sure that this HTTP request is sent safely.
'''
== Comments And Links
(visible only on this page)
=== on 9 Dec 2018, 16:04:48 Lars Svensson wrote:
https://nodejs.org/api/http.html
https://nodejs.org/api/https.html
https://www.npmjs.com/package/request - most popular HTTP request module, with 14.7M downloads/week.
https://www.npmjs.com/package/axios - another popular library for both client and server side.
https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest
https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API
https://api.jquery.com/category/ajax/
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink