Page MenuHomePhabricator
Files F28796299

2019-04-termbox-tslint-security.txt
sbassett (Scott Bassett)
Actions

Authored By
sbassett
Apr 26 2019, 10:19 PM
Size
4 KB
Referenced Files
None
Subscribers
None

2019-04-termbox-tslint-security.txt
View Options

src/server/app.ts
Potential timing attack on the right side of expression (tsr-detect-possible-timing-attacks)
44 | if ( err instanceof InvalidRequest ) {
45 | response.status( HttpStatus.BAD_REQUEST ).send( 'Bad request' );
> 46 | } else if ( err.constructor.name === BundleBoundaryPassingException.name ) {
| ^
47 | if ( err.reason === ErrorReason.EntityNotFound ) {
48 | response.status( HttpStatus.NOT_FOUND ).send( 'Entity not found' );
49 | } else if ( err.reason === ErrorReason.LanguageNotFound ) {
src/server/route-handler/termbox/QueryValidator.ts
Found non-literal argument to RegExp Constructor (tsr-detect-non-literal-regexp)
10 | presence: true,
11 | format: {
> 12 | pattern: new RegExp( `^${languagePattern}$`, 'i' ),
| ^
13 | message: ( value: any ) => {
14 | return validate.format( '^"%{value}" is not a valid language code', {
15 | value,
Found non-literal argument to RegExp Constructor (tsr-detect-non-literal-regexp)
32 | presence: true,
33 | format: {
> 34 | pattern: new RegExp( `^${languagePattern}(\\|${languagePattern})*$`, 'i' ),
| ^
35 | message: ( value: any ) => {
36 | return validate.format( '^"%{value}" is not a valid preferred language chain', {
37 | value,
tests/edge-to-edge/server/app.spec.ts
Found Element.innerHTML with non-literal value (tsr-detect-html-injection)
52 | function getDomFromMarkup( markup: string ): HTMLElement {
53 | const newNode = document.createElement( 'div' );
> 54 | newNode.innerHTML = markup;
| ^
55 | return newNode;
56 | }
57 |
tests/unit/store/entity/mutations.spec.ts
Found unsafe properties access (tsr-detect-unsafe-properties-access)
47 | );
48 |
> 49 | mutations[ENTITY_INIT]( store, entity );
| ^
50 |
51 | expect( store.labels ).toBe( entity.labels );
52 | expect( store.id ).toBe( entity.id );
Found unsafe properties access (tsr-detect-unsafe-properties-access)
61 | const store = newMinimalStore( { isEditable: false } );
62 |
> 63 | mutations[ EDITABILITY_UPDATE ]( store, true );
| ^
64 | expect( store.isEditable ).toBe( true );
65 |
66 | mutations[ EDITABILITY_UPDATE ]( store, false );
Found unsafe properties access (tsr-detect-unsafe-properties-access)
64 | expect( store.isEditable ).toBe( true );
65 |
> 66 | mutations[ EDITABILITY_UPDATE ]( store, false );
| ^
67 | expect( store.isEditable ).toBe( false );
68 | } );
69 |
tests/unit/store/language/mutations.spec.ts
Found unsafe properties access (tsr-detect-unsafe-properties-access)
30 | };
31 |
> 32 | mutations[ LANGUAGE_UPDATE ]( store, languages );
| ^
33 |
34 | expect( store.languages.de ).toBe( languages.de );
35 | expect( store.languages.en ).toBe( languages.en );
Found unsafe properties access (tsr-detect-unsafe-properties-access)
54 | };
55 |
> 56 | mutations[ LANGUAGE_UPDATE ]( store, languages );
| ^
57 |
58 | expect( store.languages.de ).toBe( originalDe );
59 | expect( store.languages.en ).toBe( languages.en );
Found unsafe properties access (tsr-detect-unsafe-properties-access)
93 | };
94 |
> 95 | mutations[ LANGUAGE_TRANSLATION_UPDATE ]( store, translations );
| ^
96 |
97 | expect( store.translations.de ).toBe( translations.de );
98 | expect( store.translations.ar ).toBe( translations.ar );
tests/unit/store/links/mutations.spec.ts
Found unsafe properties access (tsr-detect-unsafe-properties-access)
8 | const state: LinksState = { editLinkUrl: '' };
9 | const url = '/link/to/edit/Q123';
> 10 | mutations[ EDIT_LINK_URL_UPDATE ]( state, url );
| ^
11 |
12 | expect( state.editLinkUrl ).toBe( url );
13 | } );
tests/unit/store/messages/mutations.spec.ts
Found unsafe properties access (tsr-detect-unsafe-properties-access)
18 | };
19 |
> 20 | mutations[ MESSAGES_INIT ]( store, messages );
| ^
21 |
22 | expect( store.messages.de ).toEqual( messages.de );
23 | } );
tests/unit/store/user/mutations.spec.ts
Found unsafe properties access (tsr-detect-unsafe-properties-access)
29 | const userState = newInitialUserState();
30 |
> 31 | mutations[ LANGUAGE_INIT ]( userState, primaryLanguage );
| ^
32 |
33 | expect( userState.primaryLanguage ).toStrictEqual( primaryLanguage );
34 | } );
Found unsafe properties access (tsr-detect-unsafe-properties-access)
48 | const userState = newInitialUserState();
49 | const secondaryLanguages = [ 'de', 'en', 'it', 'zh', 'ug', 'ar', 'kl' ];
> 50 | mutations[ SECONDARY_LANGUAGES_INIT ]( userState, secondaryLanguages );
| ^
51 | expect( userState.secondaryLanguages ).toStrictEqual( secondaryLanguages );
52 | } );
53 | } );

File Metadata

Mime Type
text/plain
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
7358937
Default Alt Text
2019-04-termbox-tslint-security.txt (4 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits