antontranelis/utopia-ui
1
0
Fork 0
mirror of https://github.com/utopia-os/utopia-ui.git synced 2026-01-20 20:01:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #35 from utopia-os/lint-security

Browse Source 
feat(other): lint security
This commit is contained in:
antontranelis 2024-11-18 09:30:41 +01:00 committed by GitHub
commit fd39c0cb9c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
11 changed files with 55 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.eslintrc.js
View File

@ -12,7 +12,7 @@ module.exports = {
'plugin:import/recommended', 'plugin:import/recommended',
'plugin:import/typescript', 'plugin:import/typescript',
// 'plugin:promise/recommended', // 'plugin:promise/recommended',
// 'plugin:security/recommended-legacy', 'plugin:security/recommended-legacy',
'plugin:react/recommended', 'plugin:react/recommended',
], ],
parserOptions: { parserOptions: {
@ -24,7 +24,7 @@ module.exports = {
'@typescript-eslint', '@typescript-eslint',
'import', 'import',
'promise', 'promise',
// 'security', 'security',
'no-catch-all', 'no-catch-all',
'react', 'react',
'react-hooks', 'react-hooks',

37
package-lock.json generated
View File

@ -50,6 +50,7 @@
"eslint-plugin-promise": "^6.1.1", "eslint-plugin-promise": "^6.1.1",
"eslint-plugin-react": "^7.31.8", "eslint-plugin-react": "^7.31.8",
"eslint-plugin-react-hooks": "^4.6.0", "eslint-plugin-react-hooks": "^4.6.0",
"eslint-plugin-security": "^3.0.1",
"eslint-plugin-yml": "^1.14.0", "eslint-plugin-yml": "^1.14.0",
"postcss": "^8.4.21", "postcss": "^8.4.21",
"prettier": "^3.3.3", "prettier": "^3.3.3",
@ -2499,6 +2500,22 @@
"url": "https://github.com/sponsors/ljharb" "url": "https://github.com/sponsors/ljharb"
} }
}, },
"node_modules/eslint-plugin-security": {
"version": "3.0.1",
"resolved": "https://registry.npmjs.org/eslint-plugin-security/-/eslint-plugin-security-3.0.1.tgz",
"integrity": "sha512-XjVGBhtDZJfyuhIxnQ/WMm385RbX3DBu7H1J7HNNhmB2tnGxMeqVSnYv79oAj992ayvIBZghsymwkYFS6cGH4Q==",
"dev": true,
"license": "Apache-2.0",
"dependencies": {
"safe-regex": "^2.1.1"
},
"engines": {
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
},
"funding": {
"url": "https://opencollective.com/eslint"
}
},
"node_modules/eslint-plugin-yml": { "node_modules/eslint-plugin-yml": {
"version": "1.14.0", "version": "1.14.0",
"resolved": "https://registry.npmjs.org/eslint-plugin-yml/-/eslint-plugin-yml-1.14.0.tgz", "resolved": "https://registry.npmjs.org/eslint-plugin-yml/-/eslint-plugin-yml-1.14.0.tgz",
@ -6103,6 +6120,16 @@
"node": ">=8.10.0" "node": ">=8.10.0"
} }
}, },
"node_modules/regexp-tree": {
"version": "0.1.27",
"resolved": "https://registry.npmjs.org/regexp-tree/-/regexp-tree-0.1.27.tgz",
"integrity": "sha512-iETxpjK6YoRWJG5o6hXLwvjYAoW+FEZn9os0PD/b6AP6xQwsa/Y7lCVgIixBbUPMfhu+i2LtdeAqVTgGlQarfA==",
"dev": true,
"license": "MIT",
"bin": {
"regexp-tree": "bin/regexp-tree"
}
},
"node_modules/regexp.prototype.flags": { "node_modules/regexp.prototype.flags": {
"version": "1.5.3", "version": "1.5.3",
"resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.5.3.tgz", "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.5.3.tgz",
@ -6416,6 +6443,16 @@
"integrity": "sha512-6pNbSMW6OhAi9j+N8V+U715yBQsaWJ7eyEUaOrawX+isg5ZxhUlV1NipNtgaKHmFGiABwt+ZF04Ii+3Xjkg+8w==", "integrity": "sha512-6pNbSMW6OhAi9j+N8V+U715yBQsaWJ7eyEUaOrawX+isg5ZxhUlV1NipNtgaKHmFGiABwt+ZF04Ii+3Xjkg+8w==",
"dev": true "dev": true
}, },
"node_modules/safe-regex": {
"version": "2.1.1",
"resolved": "https://registry.npmjs.org/safe-regex/-/safe-regex-2.1.1.tgz",
"integrity": "sha512-rx+x8AMzKb5Q5lQ95Zoi6ZbJqwCLkqi3XuJXp5P3rT8OEc6sZCJG5AE5dU3lsgRr/F4Bs31jSlVN+j5KrsGu9A==",
"dev": true,
"license": "MIT",
"dependencies": {
"regexp-tree": "~0.1.1"
}
},
"node_modules/safe-regex-test": { "node_modules/safe-regex-test": {
"version": "1.0.3", "version": "1.0.3",
"resolved": "https://registry.npmjs.org/safe-regex-test/-/safe-regex-test-1.0.3.tgz", "resolved": "https://registry.npmjs.org/safe-regex-test/-/safe-regex-test-1.0.3.tgz",

1
package.json
View File

@ -38,6 +38,7 @@
"eslint-plugin-promise": "^6.1.1", "eslint-plugin-promise": "^6.1.1",
"eslint-plugin-react": "^7.31.8", "eslint-plugin-react": "^7.31.8",
"eslint-plugin-react-hooks": "^4.6.0", "eslint-plugin-react-hooks": "^4.6.0",
"eslint-plugin-security": "^3.0.1",
"eslint-plugin-yml": "^1.14.0", "eslint-plugin-yml": "^1.14.0",
"postcss": "^8.4.21", "postcss": "^8.4.21",
"prettier": "^3.3.3", "prettier": "^3.3.3",

1
src/Components/Input/Autocomplete.tsx
View File

@ -70,6 +70,7 @@ export const Autocomplete = ({
break break
case 'Enter': case 'Enter':
if (filteredSuggestions.length > 0) { if (filteredSuggestions.length > 0) {
// eslint-disable-next-line security/detect-object-injection
onSelected(filteredSuggestions[heighlightedSuggestion]) onSelected(filteredSuggestions[heighlightedSuggestion])
setHeighlightedSuggestion(0) setHeighlightedSuggestion(0)
} }

8
src/Components/Map/Layer.tsx
View File

@ -196,6 +196,7 @@ export const Layer = ({
} else { } else {
if (window.location.pathname.split('/')[1]) { if (window.location.pathname.split('/')[1]) {
const id = window.location.pathname.split('/')[1] const id = window.location.pathname.split('/')[1]
// eslint-disable-next-line security/detect-object-injection
const ref = leafletRefs[id] const ref = leafletRefs[id]
if (ref?.marker && ref.item.layer?.name === name) { if (ref?.marker && ref.item.layer?.name === name) {
ref.marker && ref.marker &&
@ -261,20 +262,27 @@ export const Layer = ({
) )
.map((item: Item) => { .map((item: Item) => {
if (getValue(item, itemLongitudeField) && getValue(item, itemLatitudeField)) { if (getValue(item, itemLongitudeField) && getValue(item, itemLatitudeField)) {
// eslint-disable-next-line security/detect-object-injection
if (getValue(item, itemTextField)) item[itemTextField] = getValue(item, itemTextField) if (getValue(item, itemTextField)) item[itemTextField] = getValue(item, itemTextField)
// eslint-disable-next-line security/detect-object-injection
else item[itemTextField] = '' else item[itemTextField] = ''
if (item.tags) { if (item.tags) {
// eslint-disable-next-line security/detect-object-injection
item[itemTextField] = item[itemTextField] + '\n\n' item[itemTextField] = item[itemTextField] + '\n\n'
item.tags.map((tag) => { item.tags.map((tag) => {
// eslint-disable-next-line security/detect-object-injection
if (!item[itemTextField].includes(`#${encodeTag(tag)}`)) { if (!item[itemTextField].includes(`#${encodeTag(tag)}`)) {
// eslint-disable-next-line security/detect-object-injection
return (item[itemTextField] = item[itemTextField] + `#${encodeTag(tag)} `) return (item[itemTextField] = item[itemTextField] + `#${encodeTag(tag)} `)
} }
// eslint-disable-next-line security/detect-object-injection
return item[itemTextField] return item[itemTextField]
}) })
} }
if (allTagsLoaded && allItemsLoaded) { if (allTagsLoaded && allItemsLoaded) {
// eslint-disable-next-line security/detect-object-injection
item[itemTextField].match(hashTagRegex)?.map((tag) => { item[itemTextField].match(hashTagRegex)?.map((tag) => {
if ( if (
!tags.find( !tags.find(

1
src/Components/Map/Subcomponents/Controls/SearchControl.tsx
View File

@ -332,6 +332,7 @@ export const SearchControl = () => {
function isGeoCoordinate(input) { function isGeoCoordinate(input) {
const geokoordinatenRegex = const geokoordinatenRegex =
// eslint-disable-next-line security/detect-unsafe-regex
/^[-+]?([1-8]?\d(\.\d+)?|90(\.0+)?),\s*[-+]?(180(\.0+)?|((1[0-7]\d)|([1-9]?\d))(\.\d+)?)$/ /^[-+]?([1-8]?\d(\.\d+)?|90(\.0+)?),\s*[-+]?(180(\.0+)?|((1[0-7]\d)|([1-9]?\d))(\.\d+)?)$/
return geokoordinatenRegex.test(input) return geokoordinatenRegex.test(input)
} }

1
src/Components/Profile/Subcomponents/SocialShareButton.tsx
View File

@ -84,6 +84,7 @@ const SocialShareButton = ({
url: string url: string
title: string title: string
}) => { }) => {
// eslint-disable-next-line security/detect-object-injection
const config = platformConfigs[platform] const config = platformConfigs[platform]
if (!config) { if (!config) {

1
src/Components/Templates/CircleLayout.tsx
View File

@ -25,6 +25,7 @@ export const CircleLayout = ({
const angle = startAngle + (i / itemCount) * (2 * Math.PI) const angle = startAngle + (i / itemCount) * (2 * Math.PI)
const x = radius * Math.cos(angle) const x = radius * Math.cos(angle)
const y = radius * Math.sin(angle) const y = radius * Math.sin(angle)
// eslint-disable-next-line security/detect-object-injection
const child = container.children[i] as HTMLElement const child = container.children[i] as HTMLElement
child.style.transform = `translate(${x}px, ${y}px)` child.style.transform = `translate(${x}px, ${y}px)`
} }

1
src/Utils/GetValue.ts
View File

@ -7,6 +7,7 @@ export function getValue(obj, path) {
const pathArray = path.split('.') // Use a different variable for the split path const pathArray = path.split('.') // Use a different variable for the split path
for (let i = 0, len = pathArray.length; i < len; i++) { for (let i = 0, len = pathArray.length; i < len; i++) {
if (!obj) return undefined // Check if obj is falsy at each step if (!obj) return undefined // Check if obj is falsy at each step
// eslint-disable-next-line security/detect-object-injection
obj = obj[pathArray[i]] // Dive one level deeper obj = obj[pathArray[i]] // Dive one level deeper
} }
return obj // Return the final value return obj // Return the final value

1
src/Utils/MarkerIconFactory.ts
View File

@ -25,6 +25,7 @@ const createSvg = (shape: string, markerColor: string, borderColor: string) => {
markerColor + markerColor +
'" /><g opacity=".15" transform="matrix(1.0769 0 0 -1.0769 -272.731 48.23)"><path d="M276.75 42h-14.5L255 28.668 269.5 3 284 28.668zm-.595-1l6.701-12.323L269.5 5.033l-13.356 23.644L262.845 41z" fill="#231f20" /></g></svg>', '" /><g opacity=".15" transform="matrix(1.0769 0 0 -1.0769 -272.731 48.23)"><path d="M276.75 42h-14.5L255 28.668 269.5 3 284 28.668zm-.595-1l6.701-12.323L269.5 5.033l-13.356 23.644L262.845 41z" fill="#231f20" /></g></svg>',
} }
// eslint-disable-next-line security/detect-object-injection
return svgMap[shape] return svgMap[shape]
} }

2
src/Utils/ReplaceURLs.ts
View File

@ -1,5 +1,5 @@
export const urlRegex = export const urlRegex =
// eslint-disable-next-line no-useless-escape // eslint-disable-next-line no-useless-escape, security/detect-unsafe-regex
/(^| )(http:\/\/www\.|https:\/\/www\.|http:\/\/|https:\/\/)?[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,10}(:[0-9]{1,10})?(\/.*)?$/gm /(^| )(http:\/\/www\.|https:\/\/www\.|http:\/\/|https:\/\/)?[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,10}(:[0-9]{1,10})?(\/.*)?$/gm
export const mailRegex = /(?<![[(])([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6})(?![\])])/gi export const mailRegex = /(?<![[(])([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6})(?![\])])/gi