├── .eslintrc.json ├── .github └── workflows │ └── release.yml ├── .gitignore ├── .release-it.json ├── CHANGELOG.md ├── README.md ├── docs └── rules │ ├── detect-absence-of-name-option-in-exrpress-session.md │ ├── detect-buffer-unsafe-allocation.md │ ├── detect-child-process.md │ ├── detect-crlf.md │ ├── detect-dangerous-redirects.md │ ├── detect-eval-with-expr.md │ ├── detect-html-injection.md │ ├── detect-improper-exception-handling.md │ ├── detect-insecure-randomness.md │ ├── detect-non-literal-require-calls.md │ ├── detect-nosql-injection.md │ ├── detect-option-multiplestatements-in-mysql.md │ ├── detect-option-rejectunauthorized-in-nodejs-httpsrequest.md │ ├── detect-option-unsafe-in-serialize-javascript-npm-package.md │ ├── detect-possible-timing-attacks.md │ ├── detect-runinthiscontext-method-in-nodes-vm.md │ ├── detect-security-missconfiguration-cookie.md │ ├── detect-sql-injection.md │ ├── detect-unhandled-async-errors.md │ ├── detect-unhandled-event-errors.md │ ├── disable-ssl-across-node-server.md │ └── non-literal-reg-expr.md ├── index.js ├── lib ├── rules │ ├── detect-absence-of-name-option-in-exrpress-session.js │ ├── detect-buffer-unsafe-allocation.js │ ├── detect-child-process.js │ ├── detect-crlf.js │ ├── detect-dangerous-redirects.js │ ├── detect-eval-with-expr.js │ ├── detect-html-injection.js │ ├── detect-improper-exception-handling.js │ ├── detect-insecure-randomness.js │ ├── detect-non-literal-require-calls.js │ ├── detect-nosql-injection.js │ ├── detect-option-multiplestatements-in-mysql.js │ ├── detect-option-rejectunauthorized-in-nodejs-httpsrequest.js │ ├── detect-option-unsafe-in-serialize-javascript-npm-package.js │ ├── detect-possible-timing-attacks.js │ ├── detect-runinthiscontext-method-in-nodes-vm.js │ ├── detect-security-missconfiguration-cookie.js │ ├── detect-sql-injection.js │ ├── detect-unhandled-async-errors.js │ ├── detect-unhandled-event-errors.js │ ├── disable-ssl-across-node-server.js │ └── non-literal-reg-expr.js └── utils.js ├── package.json └── tests └── lib └── rules ├── detect-absence-of-name-option-in-exrpress-session.js ├── detect-buffer-unsafe-allocation.js ├── detect-child-process.js ├── detect-crlf.js ├── detect-dangerous-redirects.js ├── detect-eval-with-expr.js ├── detect-html-injection.js ├── detect-improper-exception-handling.js ├── detect-insecure-randomness.js ├── detect-non-literal-require-calls.js ├── detect-nosql-injection.js ├── detect-option-multiplestatements-in-mysql.js ├── detect-option-rejectunauthorized-in-nodejs-httpsrequest.js ├── detect-option-unsafe-in-serialize-javascript-npm-package.js ├── detect-possible-timing-attacks.js ├── detect-runinthiscontext-method-in-nodes-vm.js ├── detect-security-missconfiguration-cookie.js ├── detect-sql-injection.js ├── detect-unhandled-async-errors.js ├── detect-unhandled-event-errors.js ├── disable-ssl-across-node-server.js └── non-literal-reg-expr.js /.eslintrc.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/.eslintrc.json -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/.github/workflows/release.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | .idea/ 3 | .npmrc -------------------------------------------------------------------------------- /.release-it.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/.release-it.json -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/CHANGELOG.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/README.md -------------------------------------------------------------------------------- /docs/rules/detect-absence-of-name-option-in-exrpress-session.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-absence-of-name-option-in-exrpress-session.md -------------------------------------------------------------------------------- /docs/rules/detect-buffer-unsafe-allocation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-buffer-unsafe-allocation.md -------------------------------------------------------------------------------- /docs/rules/detect-child-process.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-child-process.md -------------------------------------------------------------------------------- /docs/rules/detect-crlf.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-crlf.md -------------------------------------------------------------------------------- /docs/rules/detect-dangerous-redirects.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-dangerous-redirects.md -------------------------------------------------------------------------------- /docs/rules/detect-eval-with-expr.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-eval-with-expr.md -------------------------------------------------------------------------------- /docs/rules/detect-html-injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-html-injection.md -------------------------------------------------------------------------------- /docs/rules/detect-improper-exception-handling.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-improper-exception-handling.md -------------------------------------------------------------------------------- /docs/rules/detect-insecure-randomness.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-insecure-randomness.md -------------------------------------------------------------------------------- /docs/rules/detect-non-literal-require-calls.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-non-literal-require-calls.md -------------------------------------------------------------------------------- /docs/rules/detect-nosql-injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-nosql-injection.md -------------------------------------------------------------------------------- /docs/rules/detect-option-multiplestatements-in-mysql.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-option-multiplestatements-in-mysql.md -------------------------------------------------------------------------------- /docs/rules/detect-option-rejectunauthorized-in-nodejs-httpsrequest.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-option-rejectunauthorized-in-nodejs-httpsrequest.md -------------------------------------------------------------------------------- /docs/rules/detect-option-unsafe-in-serialize-javascript-npm-package.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-option-unsafe-in-serialize-javascript-npm-package.md -------------------------------------------------------------------------------- /docs/rules/detect-possible-timing-attacks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-possible-timing-attacks.md -------------------------------------------------------------------------------- /docs/rules/detect-runinthiscontext-method-in-nodes-vm.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-runinthiscontext-method-in-nodes-vm.md -------------------------------------------------------------------------------- /docs/rules/detect-security-missconfiguration-cookie.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-security-missconfiguration-cookie.md -------------------------------------------------------------------------------- /docs/rules/detect-sql-injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-sql-injection.md -------------------------------------------------------------------------------- /docs/rules/detect-unhandled-async-errors.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-unhandled-async-errors.md -------------------------------------------------------------------------------- /docs/rules/detect-unhandled-event-errors.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/detect-unhandled-event-errors.md -------------------------------------------------------------------------------- /docs/rules/disable-ssl-across-node-server.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/disable-ssl-across-node-server.md -------------------------------------------------------------------------------- /docs/rules/non-literal-reg-expr.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/docs/rules/non-literal-reg-expr.md -------------------------------------------------------------------------------- /index.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/index.js -------------------------------------------------------------------------------- /lib/rules/detect-absence-of-name-option-in-exrpress-session.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-absence-of-name-option-in-exrpress-session.js -------------------------------------------------------------------------------- /lib/rules/detect-buffer-unsafe-allocation.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-buffer-unsafe-allocation.js -------------------------------------------------------------------------------- /lib/rules/detect-child-process.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-child-process.js -------------------------------------------------------------------------------- /lib/rules/detect-crlf.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-crlf.js -------------------------------------------------------------------------------- /lib/rules/detect-dangerous-redirects.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-dangerous-redirects.js -------------------------------------------------------------------------------- /lib/rules/detect-eval-with-expr.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-eval-with-expr.js -------------------------------------------------------------------------------- /lib/rules/detect-html-injection.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-html-injection.js -------------------------------------------------------------------------------- /lib/rules/detect-improper-exception-handling.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-improper-exception-handling.js -------------------------------------------------------------------------------- /lib/rules/detect-insecure-randomness.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-insecure-randomness.js -------------------------------------------------------------------------------- /lib/rules/detect-non-literal-require-calls.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-non-literal-require-calls.js -------------------------------------------------------------------------------- /lib/rules/detect-nosql-injection.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-nosql-injection.js -------------------------------------------------------------------------------- /lib/rules/detect-option-multiplestatements-in-mysql.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-option-multiplestatements-in-mysql.js -------------------------------------------------------------------------------- /lib/rules/detect-option-rejectunauthorized-in-nodejs-httpsrequest.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-option-rejectunauthorized-in-nodejs-httpsrequest.js -------------------------------------------------------------------------------- /lib/rules/detect-option-unsafe-in-serialize-javascript-npm-package.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-option-unsafe-in-serialize-javascript-npm-package.js -------------------------------------------------------------------------------- /lib/rules/detect-possible-timing-attacks.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-possible-timing-attacks.js -------------------------------------------------------------------------------- /lib/rules/detect-runinthiscontext-method-in-nodes-vm.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-runinthiscontext-method-in-nodes-vm.js -------------------------------------------------------------------------------- /lib/rules/detect-security-missconfiguration-cookie.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-security-missconfiguration-cookie.js -------------------------------------------------------------------------------- /lib/rules/detect-sql-injection.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-sql-injection.js -------------------------------------------------------------------------------- /lib/rules/detect-unhandled-async-errors.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-unhandled-async-errors.js -------------------------------------------------------------------------------- /lib/rules/detect-unhandled-event-errors.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/detect-unhandled-event-errors.js -------------------------------------------------------------------------------- /lib/rules/disable-ssl-across-node-server.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/disable-ssl-across-node-server.js -------------------------------------------------------------------------------- /lib/rules/non-literal-reg-expr.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/rules/non-literal-reg-expr.js -------------------------------------------------------------------------------- /lib/utils.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/lib/utils.js -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/package.json -------------------------------------------------------------------------------- /tests/lib/rules/detect-absence-of-name-option-in-exrpress-session.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-absence-of-name-option-in-exrpress-session.js -------------------------------------------------------------------------------- /tests/lib/rules/detect-buffer-unsafe-allocation.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-buffer-unsafe-allocation.js -------------------------------------------------------------------------------- /tests/lib/rules/detect-child-process.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-child-process.js -------------------------------------------------------------------------------- /tests/lib/rules/detect-crlf.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-crlf.js -------------------------------------------------------------------------------- /tests/lib/rules/detect-dangerous-redirects.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-dangerous-redirects.js -------------------------------------------------------------------------------- /tests/lib/rules/detect-eval-with-expr.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-eval-with-expr.js -------------------------------------------------------------------------------- /tests/lib/rules/detect-html-injection.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-html-injection.js -------------------------------------------------------------------------------- /tests/lib/rules/detect-improper-exception-handling.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-improper-exception-handling.js -------------------------------------------------------------------------------- /tests/lib/rules/detect-insecure-randomness.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-insecure-randomness.js -------------------------------------------------------------------------------- /tests/lib/rules/detect-non-literal-require-calls.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-non-literal-require-calls.js -------------------------------------------------------------------------------- /tests/lib/rules/detect-nosql-injection.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-nosql-injection.js -------------------------------------------------------------------------------- /tests/lib/rules/detect-option-multiplestatements-in-mysql.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-option-multiplestatements-in-mysql.js -------------------------------------------------------------------------------- /tests/lib/rules/detect-option-rejectunauthorized-in-nodejs-httpsrequest.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-option-rejectunauthorized-in-nodejs-httpsrequest.js -------------------------------------------------------------------------------- /tests/lib/rules/detect-option-unsafe-in-serialize-javascript-npm-package.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-option-unsafe-in-serialize-javascript-npm-package.js -------------------------------------------------------------------------------- /tests/lib/rules/detect-possible-timing-attacks.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-possible-timing-attacks.js -------------------------------------------------------------------------------- /tests/lib/rules/detect-runinthiscontext-method-in-nodes-vm.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-runinthiscontext-method-in-nodes-vm.js -------------------------------------------------------------------------------- /tests/lib/rules/detect-security-missconfiguration-cookie.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-security-missconfiguration-cookie.js -------------------------------------------------------------------------------- /tests/lib/rules/detect-sql-injection.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-sql-injection.js -------------------------------------------------------------------------------- /tests/lib/rules/detect-unhandled-async-errors.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-unhandled-async-errors.js -------------------------------------------------------------------------------- /tests/lib/rules/detect-unhandled-event-errors.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/detect-unhandled-event-errors.js -------------------------------------------------------------------------------- /tests/lib/rules/disable-ssl-across-node-server.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/disable-ssl-across-node-server.js -------------------------------------------------------------------------------- /tests/lib/rules/non-literal-reg-expr.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gkouziik/eslint-plugin-security-node/HEAD/tests/lib/rules/non-literal-reg-expr.js --------------------------------------------------------------------------------