Skip to content

Commit 74db3ba

Browse files
author
Sakshis
committed
modification in detect-angular-sce-disabled-typescript
1 parent a029238 commit 74db3ba

File tree

2 files changed

+99
-4
lines changed

2 files changed

+99
-4
lines changed

rules/typescript/security/detect-angular-sce-disabled-typescript.yml

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,4 +11,27 @@ note: >-
1111
- https://docs.angularjs.org/api/ng/service/$sce
1212
- https://owasp.org/www-chapter-london/assets/slides/OWASPLondon20170727_AngularJS.pdf
1313
rule:
14-
pattern: $sceProvider.enabled(false)
14+
kind: expression_statement
15+
regex: ^\$sceProvider
16+
has:
17+
kind: call_expression
18+
stopBy: end
19+
all:
20+
- has:
21+
kind: member_expression
22+
nthChild: 1
23+
all:
24+
- has:
25+
kind: identifier
26+
regex: ^\$sceProvider$
27+
- has:
28+
kind: property_identifier
29+
regex: ^enabled$
30+
precedes:
31+
kind: arguments
32+
has:
33+
kind: 'false'
34+
nthChild: 1
35+
not:
36+
has:
37+
nthChild: 2

tests/__snapshots__/detect-angular-sce-disabled-typescript-snapshot.yml

Lines changed: 75 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,21 +2,93 @@ id: detect-angular-sce-disabled-typescript
22
snapshots:
33
$sceProvider.enabled(false)(false);:
44
labels:
5-
- source: $sceProvider.enabled(false)
5+
- source: $sceProvider.enabled(false)(false);
66
style: primary
77
start: 0
8+
end: 35
9+
- source: $sceProvider
10+
style: secondary
11+
start: 0
12+
end: 12
13+
- source: enabled
14+
style: secondary
15+
start: 13
16+
end: 20
17+
- source: 'false'
18+
style: secondary
19+
start: 21
20+
end: 26
21+
- source: (false)
22+
style: secondary
23+
start: 20
24+
end: 27
25+
- source: $sceProvider.enabled
26+
style: secondary
27+
start: 0
28+
end: 20
29+
- source: $sceProvider.enabled(false)
30+
style: secondary
31+
start: 0
832
end: 27
933
? |
1034
$sceProvider.enabled(false).someFunction(true).anything("anything");
1135
: labels:
12-
- source: $sceProvider.enabled(false)
36+
- source: $sceProvider.enabled(false).someFunction(true).anything("anything");
1337
style: primary
1438
start: 0
39+
end: 68
40+
- source: $sceProvider
41+
style: secondary
42+
start: 0
43+
end: 12
44+
- source: enabled
45+
style: secondary
46+
start: 13
47+
end: 20
48+
- source: 'false'
49+
style: secondary
50+
start: 21
51+
end: 26
52+
- source: (false)
53+
style: secondary
54+
start: 20
55+
end: 27
56+
- source: $sceProvider.enabled
57+
style: secondary
58+
start: 0
59+
end: 20
60+
- source: $sceProvider.enabled(false)
61+
style: secondary
62+
start: 0
1563
end: 27
1664
? |
1765
$sceProvider.enabled(false);
1866
: labels:
19-
- source: $sceProvider.enabled(false)
67+
- source: $sceProvider.enabled(false);
2068
style: primary
2169
start: 0
70+
end: 28
71+
- source: $sceProvider
72+
style: secondary
73+
start: 0
74+
end: 12
75+
- source: enabled
76+
style: secondary
77+
start: 13
78+
end: 20
79+
- source: 'false'
80+
style: secondary
81+
start: 21
82+
end: 26
83+
- source: (false)
84+
style: secondary
85+
start: 20
86+
end: 27
87+
- source: $sceProvider.enabled
88+
style: secondary
89+
start: 0
90+
end: 20
91+
- source: $sceProvider.enabled(false)
92+
style: secondary
93+
start: 0
2294
end: 27

0 commit comments

Comments
 (0)