github.com/minio/console@v1.4.1/semgrep.yaml (about) 1 rules: 2 - id: js-func-encode-uri-Component 3 patterns: 4 - pattern: encodeURIComponent($X) 5 - pattern-not-inside: | 6 export const encodeURLString = (...) => { 7 ... 8 }; 9 message: Use encodeURLString() instead of encodeURIComponent() 10 languages: 11 - typescript 12 - javascript 13 severity: WARNING 14 fix: encodeURLString($X) 15 - id: js-func-encode-uri 16 patterns: 17 - pattern: encodeURI($X) 18 message: Use encodeURLString() instead of encodeURI() 19 languages: 20 - typescript 21 - javascript 22 severity: WARNING 23 fix: encodeURLString($X) 24 - id: js-dangerous-func-document-write 25 patterns: 26 - pattern: document.write(...) 27 message: Don't render html directly into the page, use React components instead 28 languages: 29 - typescript 30 - javascript 31 severity: WARNING 32 - id: js-dangerous-func-assign-document-write 33 patterns: 34 - pattern: | 35 $X1 = document 36 ... 37 $X1.write(...) 38 message: Don't render html directly into the page, use React components instead 39 languages: 40 - typescript 41 - javascript 42 severity: WARNING 43 - id: js-dangerous-func-document-writeln 44 patterns: 45 - pattern: document.writeln(...) 46 message: Don't render html directly into the page, use React components instead 47 languages: 48 - typescript 49 - javascript 50 severity: WARNING 51 - id: js-dangerous-func-assign-document-writeln 52 patterns: 53 - pattern: | 54 $X1 = document 55 ... 56 $X1.writeln(...) 57 message: Don't render html directly into the page, use React components instead 58 languages: 59 - typescript 60 - javascript 61 severity: WARNING 62 - id: react-dangerouslysetinnerhtml 63 languages: 64 - typescript 65 - javascript 66 message: "Setting HTML from code is risky because it’s easy to inadvertently expose your users to a cross-site scripting (XSS) attack." 67 pattern-either: 68 - pattern: | 69 <$X dangerouslySetInnerHTML=... /> 70 - pattern: | 71 {dangerouslySetInnerHTML: ...} 72 - pattern: | 73 $X1.innerHTML=... 74 - pattern: | 75 $X1.outerHTML=... 76 - pattern: | 77 $X1.insertAdjacentHTML=... 78 severity: WARNING