Page MenuHomePhabricator
Files F29000507

2019-05-10-termbox-tslint-security.txt
Public
Actions

Authored By
WMDE-leszek
May 10 2019, 7:36 AM
Size
13 KB
Referenced Files
None
Subscribers
None

2019-05-10-termbox-tslint-security.txt
View Options

/home/lema/projects/wikibase/termbox/src/server/app.ts
Potential timing attack on the right side of expression (tsr-detect-possible-timing-attacks)
65 | response.status( HttpStatus.BAD_REQUEST )
66 | .send( 'Bad request\nErrors: ' + JSON.stringify( err.info ) );
> 67 | } else if ( err.constructor.name === BundleBoundaryPassingException.name ) {
| ^
68 | if ( err.reason === ErrorReason.EntityNotFound ) {
69 | response.status( HttpStatus.NOT_FOUND ).send( 'Entity not found' );
70 | } else if ( err.reason === ErrorReason.LanguageNotFound ) {
/home/lema/projects/wikibase/termbox/tests/edge-to-edge/server/app.spec.ts
Found Element.innerHTML with non-literal value (tsr-detect-html-injection)
61 | function getDomFromMarkup( markup: string ): HTMLElement {
62 | const newNode = document.createElement( 'div' );
> 63 | newNode.innerHTML = markup;
| ^
64 | return newNode;
65 | }
66 |
/home/lema/projects/wikibase/termbox/tests/unit/store/actions.spec.ts
Found unsafe properties access (tsr-detect-unsafe-properties-access)
15 | } );
16 |
> 17 | actions[ EDITMODE_ACTIVATE ]( context );
| ^
18 | expect( context.commit ).toBeCalledWith(
19 | EDITMODE_SET,
20 | true,
Found unsafe properties access (tsr-detect-unsafe-properties-access)
30 | } );
31 |
> 32 | actions[ EDITMODE_DEACTIVATE ]( context );
| ^
33 | expect( context.commit ).toBeCalledWith(
34 | EDITMODE_SET,
35 | false,
/home/lema/projects/wikibase/termbox/tests/unit/store/entity/actions.spec.ts
Found unsafe properties access (tsr-detect-unsafe-properties-access)
55 | } );
56 |
> 57 | actions[ ENTITY_INIT ]( context, { entity: entityId, revision } ).then( () => {
| ^
58 | expect( context.commit ).toBeCalledWith(
59 | ENTITY_UPDATE,
60 | entity,
Found unsafe properties access (tsr-detect-unsafe-properties-access)
74 | } );
75 |
> 76 | return actions[ ENTITY_INIT ]( context, { entity: 'Q123', revision: 4711 } ).then( () => {
| ^
77 | expect( context.commit ).toHaveBeenCalledWith( EDITABILITY_UPDATE, isEditable );
78 | } );
79 | } );
Found unsafe properties access (tsr-detect-unsafe-properties-access)
85 | } );
86 |
> 87 | return actions[ ENTITY_INIT ]( context, { entity: 'Q123', revision } ).then( () => {
| ^
88 | expect( context.commit ).toHaveBeenCalledWith( ENTITY_REVISION_UPDATE, revision );
89 | } );
90 | } );
Found unsafe properties access (tsr-detect-unsafe-properties-access)
162 |
163 | const newTerm = { language: 'en', value: 'goat' };
> 164 | actions[ ENTITY_LABEL_EDIT ]( context, newTerm );
| ^
165 | expect( commitMock ).toHaveBeenLastCalledWith(
166 | ENTITY_SET_LABEL_MUTATION,
167 | newTerm,
Found unsafe properties access (tsr-detect-unsafe-properties-access)
178 |
179 | const newTerm = { language: 'en', value: 'domesticated mammal raised primarily for its milk' };
> 180 | actions[ ENTITY_DESCRIPTION_EDIT ]( context, newTerm );
| ^
181 | expect( commitMock ).toHaveBeenLastCalledWith(
182 | ENTITY_SET_DESCRIPTION_MUTATION,
183 | newTerm,
Found unsafe properties access (tsr-detect-unsafe-properties-access)
197 | const expectedTerms = [ { language, value: termString1 }, { language, value: termString2 } ];
198 |
> 199 | actions[ ENTITY_ALIASES_EDIT ](
| ^
200 | context,
201 | { language, aliasValues: [ termString1, termString2 ] },
202 | );
Found unsafe properties access (tsr-detect-unsafe-properties-access)
212 | const payload = { languageCode: 'en', index: 5 };
213 |
> 214 | actions[ ENTITY_ALIAS_REMOVE ]( context, payload );
| ^
215 |
216 | expect( context.commit ).toHaveBeenCalledWith( ENTITY_REMOVE_ALIAS, payload );
217 | } );
Found unsafe properties access (tsr-detect-unsafe-properties-access)
220 | const context = newMockStore( { commit: jest.fn() } );
221 |
> 222 | actions[ ENTITY_ROLLBACK ]( context );
| ^
223 |
224 | expect( context.commit ).toHaveBeenCalledWith( ENTITY_ROLLBACK_MUTATION );
225 | } );
/home/lema/projects/wikibase/termbox/tests/unit/store/entity/mutations.spec.ts
Found unsafe properties access (tsr-detect-unsafe-properties-access)
61 | );
62 |
> 63 | mutations[ ENTITY_UPDATE ]( state, entity );
| ^
64 |
65 | expect( state.id ).toBe( entity.id );
66 | expect( state.labels ).toBe( entity.labels );
Found unsafe properties access (tsr-detect-unsafe-properties-access)
78 | const state = newEntityState( { isEditable: false } );
79 |
> 80 | mutations[ EDITABILITY_UPDATE ]( state, true );
| ^
81 | expect( state.isEditable ).toBe( true );
82 |
83 | mutations[ EDITABILITY_UPDATE ]( state, false );
Found unsafe properties access (tsr-detect-unsafe-properties-access)
81 | expect( state.isEditable ).toBe( true );
82 |
> 83 | mutations[ EDITABILITY_UPDATE ]( state, false );
| ^
84 | expect( state.isEditable ).toBe( false );
85 | } );
86 |
Found unsafe properties access (tsr-detect-unsafe-properties-access)
92 |
93 | const newTerm = { language, value: newLabel };
> 94 | mutations[ ENTITY_SET_LABEL ]( store, newTerm );
| ^
95 | expect( store.labels[ language ] ).toBe( newTerm );
96 | } );
97 |
Found unsafe properties access (tsr-detect-unsafe-properties-access)
108 | } );
109 | const newTerm = { language, value: newLabel };
> 110 | mutations[ ENTITY_SET_LABEL ]( store, newTerm );
| ^
111 | expect( store.labels[ language ] ).toBe( newTerm );
112 | } );
113 |
Found unsafe properties access (tsr-detect-unsafe-properties-access)
121 |
122 | const newTerm = { language, value: newDescription };
> 123 | mutations[ ENTITY_SET_DESCRIPTION ]( state, newTerm );
| ^
124 | expect( state.descriptions[ language ] ).toBe( newTerm );
125 | } );
126 |
Found unsafe properties access (tsr-detect-unsafe-properties-access)
138 |
139 | const newTerm = { language, value: newDescription };
> 140 | mutations[ ENTITY_SET_DESCRIPTION ]( state, newTerm );
| ^
141 | expect( state.descriptions[ language ] ).toBe( newTerm );
142 | } );
143 | } );
Found unsafe properties access (tsr-detect-unsafe-properties-access)
149 | const terms = [ { language, value: 'hat' } ];
150 |
> 151 | mutations[ ENTITY_SET_ALIASES ]( state, { language, terms } );
| ^
152 | expect( state.aliases[ language ] ).toBe( terms );
153 | } );
154 |
Found unsafe properties access (tsr-detect-unsafe-properties-access)
165 | const newTerms = [ { language, value: 'hat' } ];
166 |
> 167 | mutations[ ENTITY_SET_ALIASES ]( state, { language, terms: newTerms } );
| ^
168 | expect( state.aliases[ language ] ).toBe( newTerms );
169 |
170 | } );
Found unsafe properties access (tsr-detect-unsafe-properties-access)
175 | const state = newEntityState( { revision: 0 } );
176 | const revision = 4711;
> 177 | mutations[ ENTITY_REVISION_UPDATE ]( state, revision );
| ^
178 | expect( state.baseRevision ).toBe( revision );
179 | } );
180 |
Found unsafe properties access (tsr-detect-unsafe-properties-access)
190 | } );
191 |
> 192 | mutations[ ENTITY_REMOVE_ALIAS ]( state, { languageCode: 'en', index: 1 } );
| ^
193 |
194 | expect( state.aliases.en ).toEqual( [
195 | { language: 'en', value: 'foo' },
Found unsafe properties access (tsr-detect-unsafe-properties-access)
203 | const state = newEntityState( { baseRevisionFingerprint: null } );
204 | try {
> 205 | mutations[ ENTITY_ROLLBACK ]( state, null );
| ^
206 | expect( true ).toBeFalsy();
207 | } catch ( e ) {
208 | expect( e ).toBeInstanceOf( InvalidEntityException );
Found unsafe properties access (tsr-detect-unsafe-properties-access)
261 | } );
262 |
> 263 | mutations[ ENTITY_ROLLBACK ]( state, null );
| ^
264 |
265 | // these are not touched by the rollback, i.e. look like the state was set up
266 | expect( state.id ).toBe( id );
Found unsafe properties access (tsr-detect-unsafe-properties-access)
295 | } );
296 |
> 297 | mutations[ ENTITY_ROLLBACK ]( state, null );
| ^
298 | mutations[ ENTITY_SET_LABEL ]( state, { language: 'en', value: 'thingyyy' } );
299 |
300 | expect( state.baseRevisionFingerprint!.labels.en.value ).toEqual( baseRevisionLabel );
Found unsafe properties access (tsr-detect-unsafe-properties-access)
296 |
297 | mutations[ ENTITY_ROLLBACK ]( state, null );
> 298 | mutations[ ENTITY_SET_LABEL ]( state, { language: 'en', value: 'thingyyy' } );
| ^
299 |
300 | expect( state.baseRevisionFingerprint!.labels.en.value ).toEqual( baseRevisionLabel );
301 | } );
/home/lema/projects/wikibase/termbox/tests/unit/store/language/actions.spec.ts
Found unsafe properties access (tsr-detect-unsafe-properties-access)
37 | } );
38 |
> 39 | actions[ LANGUAGE_INIT ]( context ).then( () => {
| ^
40 | expect( commitMock ).toBeCalledWith(
41 | LANGUAGE_UPDATE,
42 | languages,
Found unsafe properties access (tsr-detect-unsafe-properties-access)
67 | } );
68 |
> 69 | actions[ ENSURE_AVAILABLE_IN_LANGUAGE ]( context, inLanguage ).then( () => {
| ^
70 | expect( commitMock ).toBeCalledWith(
71 | LANGUAGE_TRANSLATION_UPDATE,
72 | translations,
/home/lema/projects/wikibase/termbox/tests/unit/store/language/mutations.spec.ts
Found unsafe properties access (tsr-detect-unsafe-properties-access)
38 | };
39 |
> 40 | mutations[ LANGUAGE_UPDATE ]( state, languages );
| ^
41 |
42 | expect( state.languages.de ).toBe( languages.de );
43 | expect( state.languages.en ).toBe( languages.en );
Found unsafe properties access (tsr-detect-unsafe-properties-access)
68 | };
69 |
> 70 | mutations[ LANGUAGE_UPDATE ]( state, languages );
| ^
71 |
72 | expect( state.languages.de ).toBe( originalDe.de );
73 | expect( state.languages.en ).toBe( languages.en );
Found unsafe properties access (tsr-detect-unsafe-properties-access)
107 | };
108 |
> 109 | mutations[ LANGUAGE_TRANSLATION_UPDATE ]( state, translations );
| ^
110 |
111 | expect( state.translations.de ).toBe( translations.de );
112 | expect( state.translations.ar ).toBe( translations.ar );
/home/lema/projects/wikibase/termbox/tests/unit/store/links/actions.spec.ts
Found unsafe properties access (tsr-detect-unsafe-properties-access)
12 | } );
13 |
> 14 | actions[ EDIT_LINK_URL_INIT ]( store, url );
| ^
15 | expect( store.commit ).toHaveBeenCalledWith( EDIT_LINK_URL_UPDATE, url );
16 | } );
17 | } );
/home/lema/projects/wikibase/termbox/tests/unit/store/links/mutations.spec.ts
Found unsafe properties access (tsr-detect-unsafe-properties-access)
8 | const state: LinksState = { editLinkUrl: '' };
9 | const url = '/link/to/edit/Q123';
> 10 | mutations[ EDIT_LINK_URL_UPDATE ]( state, url );
| ^
11 |
12 | expect( state.editLinkUrl ).toBe( url );
13 | } );
/home/lema/projects/wikibase/termbox/tests/unit/store/messages/actions.spec.ts
Found unsafe properties access (tsr-detect-unsafe-properties-access)
24 | } );
25 |
> 26 | actions[ MESSAGES_INIT ]( context, 'de' ).then( () => {
| ^
27 | expect( context.commit ).toBeCalledWith(
28 | MESSAGES_INIT_MUTATION,
29 | mockMessages,
/home/lema/projects/wikibase/termbox/tests/unit/store/messages/mutations.spec.ts
Found unsafe properties access (tsr-detect-unsafe-properties-access)
21 | };
22 |
> 23 | mutations[ MESSAGES_INIT ]( state, messages );
| ^
24 |
25 | expect( state.messages.de ).toEqual( messages.de );
26 | } );
/home/lema/projects/wikibase/termbox/tests/unit/store/mutations.spec.ts
Found unsafe properties access (tsr-detect-unsafe-properties-access)
11 | const store: Root = { editMode: false };
12 |
> 13 | mutations[ EDITMODE_SET ]( store, true );
| ^
14 |
15 | expect( store.editMode ).toBeTruthy();
16 | } );
/home/lema/projects/wikibase/termbox/tests/unit/store/user/actions.spec.ts
Found unsafe properties access (tsr-detect-unsafe-properties-access)
28 | const preferredLanguages = [ 'de', 'en', 'fr', 'zh', 'pl', 'hu' ];
29 |
> 30 | actions[ LANGUAGE_PREFERENCE ]( context, { primaryLanguage, preferredLanguages } ).then( () => {
| ^
31 | expect( commitMock ).toBeCalledWith(
32 | LANGUAGE_INIT,
33 | primaryLanguage,
/home/lema/projects/wikibase/termbox/tests/unit/store/user/mutations.spec.ts
Found unsafe properties access (tsr-detect-unsafe-properties-access)
34 | const userState = newUserState();
35 |
> 36 | mutations[ LANGUAGE_INIT ]( userState, primaryLanguage );
| ^
37 |
38 | expect( userState.primaryLanguage ).toStrictEqual( primaryLanguage );
39 | } );
Found unsafe properties access (tsr-detect-unsafe-properties-access)
53 | const userState = newUserState();
54 | const secondaryLanguages = [ 'de', 'en', 'it', 'zh', 'ug', 'ar', 'kl' ];
> 55 | mutations[ SECONDARY_LANGUAGES_INIT ]( userState, secondaryLanguages );
| ^
56 | expect( userState.secondaryLanguages ).toStrictEqual( secondaryLanguages );
57 | } );
58 | } );

File Metadata

Mime Type
text/plain
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
7433873
Default Alt Text
2019-05-10-termbox-tslint-security.txt (13 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL