Skip to content

Add SAST check for JS/Vue

Michael Prilop requested to merge 683-code-security-audit into master

Added static security analysis step for javascript / vuejs.

  • by running eslint with max-warning 0
  • quiet eslint run which is only meant to highlight code syntax problems

For #683 (closed)

Wir nutzen das schon vorhandene eslint mit vue-js plugin. Durch das aktualisieren der vue-lint regeln gibt es jetzt etliche Probleme die behoben oder als no-fix markiert werden müssen (https://eslint.org/docs/2.13.1/user-guide/configuring#disabling-rules-with-inline-comments).

Folgende Errors werden derzeit noch ausgegeben:

$ /home/prilop/code/workOS/node_modules/.bin/eslint 'app/**/*.{js,vue}'

/home/prilop/code/workOS/app/javascript/components/data-list/filter-multi-select.vue
  22:9  error  Unexpected mutation of "value" prop  vue/no-mutating-props

/home/prilop/code/workOS/app/javascript/components/data-list/filter-user-multi-select.vue
  27:9  error  Unexpected mutation of "value" prop  vue/no-mutating-props

/home/prilop/code/workOS/app/javascript/components/data-list/filter.vue
  40:16  error  Unexpected mutation of "value" prop  vue/no-mutating-props
  63:22  error  Unexpected mutation of "value" prop  vue/no-mutating-props
  71:22  error  Unexpected mutation of "value" prop  vue/no-mutating-props
  81:22  error  Unexpected mutation of "value" prop  vue/no-mutating-props
  89:22  error  Unexpected mutation of "value" prop  vue/no-mutating-props

/home/prilop/code/workOS/app/javascript/components/error-dialog.vue
  86:14  warning  'v-html' directive can lead to XSS attack  vue/no-v-html

/home/prilop/code/workOS/app/javascript/controls/objects-control/index.vue
  144:71  error  '_itemLink' is defined but never used  vue/no-unused-vars
  144:82  error  '_skeleton' is defined but never used  vue/no-unused-vars

/home/prilop/code/workOS/app/javascript/data-views/object-list-view.vue
  32:7  warning  `<template>` require directive  vue/no-lone-template

/home/prilop/code/workOS/app/javascript/mixins/requestable.js
  74:20  error  Expected error to be handled  node/handle-callback-err

/home/prilop/code/workOS/app/javascript/pages/notifications/list-content.vue
  74:7   warning  `<template>` require directive        vue/no-lone-template
  93:18  error    Unexpected mutation of "filter" prop  vue/no-mutating-props

/home/prilop/code/workOS/app/javascript/pages/search/list-content.vue
  123:15  warning  'v-html' directive can lead to XSS attack  vue/no-v-html
  132:16  error    Unexpected mutation of "filter" prop       vue/no-mutating-props

/home/prilop/code/workOS/app/javascript/pages/users/settings-header.vue
  41:28  error  'actionRequest' is defined but never used  vue/no-unused-vars

✖ 17 problems (13 errors, 4 warnings)
Edited by Michael Prilop

Merge request reports