ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S2631/javascript/rule.adoc
Fred Tingaud b4161466e6
RULEAPI-661: Add syntax coloring
2022-02-04 16:28:24 +00:00

59 lines
1.3 KiB
Plaintext
Raw Blame History

include::../description.adoc[]
== Noncompliant Code Example
Example with RegExp:
[source,javascript]
----
function (req, res) {
const pattern = RegExp(req.query.pattern); // Noncompliant
pattern.test(req.query.input);
};
----
Don't use https://www.npmjs.com/package/safe-regex[safe-regex] kind of libraries to validate regexes, as it is prone to FPs/FNs:
[source,javascript]
----
const safe = require('safe-regex');
function (req, res) {
// Not a good validator, eg of FN: http://test/noncompliant?pattern=^(a|aa)%2B$&input=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!
if(safe(req.query.pattern)) {
const regex = RegExp(req.query.pattern); // Noncompliant
regex.test(req.query.input);
}
};
----
== Compliant Solution
Escape regex special characters:
[source,javascript]
----
const escapeStringRegexp = require('escape-string-regexp');
function (req, res) {
const pattern = RegExp(escapeStringRegexp(req.query.pattern)); // Compliant
pattern.test(req.query.input);
};
----
include::../see.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
'''
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink