github.com/minio/console@v1.4.1/semgrep.yaml

github.com/minio/console@v1.4.1/semgrep.yaml (about)

     1  rules:
     2    - id: js-func-encode-uri-Component
     3      patterns:
     4        - pattern: encodeURIComponent($X)
     5        - pattern-not-inside: |
     6            export const encodeURLString = (...) => {
     7              ...
     8            };
     9      message: Use encodeURLString() instead of encodeURIComponent()
    10      languages:
    11        - typescript
    12        - javascript
    13      severity: WARNING
    14      fix: encodeURLString($X)
    15    - id: js-func-encode-uri
    16      patterns:
    17        - pattern: encodeURI($X)
    18      message: Use encodeURLString() instead of encodeURI()
    19      languages:
    20        - typescript
    21        - javascript
    22      severity: WARNING
    23      fix: encodeURLString($X)
    24    - id: js-dangerous-func-document-write
    25      patterns:
    26        - pattern: document.write(...)
    27      message: Don't render html directly into the page, use React components instead
    28      languages:
    29        - typescript
    30        - javascript
    31      severity: WARNING
    32    - id: js-dangerous-func-assign-document-write
    33      patterns:
    34        - pattern: |
    35            $X1 = document
    36            ...
    37            $X1.write(...)
    38      message: Don't render html directly into the page, use React components instead
    39      languages:
    40        - typescript
    41        - javascript
    42      severity: WARNING
    43    - id: js-dangerous-func-document-writeln
    44      patterns:
    45        - pattern: document.writeln(...)
    46      message: Don't render html directly into the page, use React components instead
    47      languages:
    48        - typescript
    49        - javascript
    50      severity: WARNING
    51    - id: js-dangerous-func-assign-document-writeln
    52      patterns:
    53        - pattern: |
    54            $X1 = document
    55            ...
    56            $X1.writeln(...)
    57      message: Don't render html directly into the page, use React components instead
    58      languages:
    59        - typescript
    60        - javascript
    61      severity: WARNING
    62    - id: react-dangerouslysetinnerhtml
    63      languages:
    64        - typescript
    65        - javascript
    66      message: "Setting HTML from code is risky because it’s easy to inadvertently expose your  users to a cross-site scripting (XSS) attack."
    67      pattern-either:
    68        - pattern: |
    69            <$X dangerouslySetInnerHTML=... />
    70        - pattern: |
    71            {dangerouslySetInnerHTML: ...}
    72        - pattern: |
    73            $X1.innerHTML=...
    74        - pattern: |
    75            $X1.outerHTML=...
    76        - pattern: |
    77            $X1.insertAdjacentHTML=...
    78      severity: WARNING