ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5739/javascript/rule.adoc
Fred Tingaud b4161466e6
RULEAPI-661: Add syntax coloring
2022-02-04 16:28:24 +00:00

50 lines
1.1 KiB
Plaintext
Raw Blame History

include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
In Express.js application the code is sensitive if the https://www.npmjs.com/package/helmet[helmet] or https://www.npmjs.com/package/hsts[hsts] middleware are disabled or used without recommended values:
----
const express = require('express');
const helmet = require('helmet');
let app = express();
app.use(helmet.hsts({
maxAge: 3153600, // Sensitive, recommended >= 15552000
includeSubDomains: false // Sensitive, recommended 'true'
}));
----
== Compliant Solution
In Express.js application a standard way to implement HSTS is with the https://www.npmjs.com/package/helmet[helmet] or https://www.npmjs.com/package/hsts[hsts] middleware:
[source,javascript]
----
const express = require('express');
const helmet = require('helmet');
let app = express();
app.use(helmet.hsts({
maxAge: 31536000,
includeSubDomains: true
})); // Compliant
----
include::../see.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink