diff --git a/README.md b/README.md index bf5c9fc..d2b77ec 100644 --- a/README.md +++ b/README.md @@ -64,21 +64,21 @@ npm test ⚠️ Configurations set to warn in.\ ✅ Set in the `recommended` configuration. -| Name                                  | Description | ⚠️ | -| :------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-- | -| [detect-bidi-characters](docs/rules/detect-bidi-characters.md) | Detects trojan source attacks that employ unicode bidi attacks to inject malicious code. | ✅ | -| [detect-buffer-noassert](docs/rules/detect-buffer-noassert.md) | Detects calls to "buffer" with "noAssert" flag set. | ✅ | -| [detect-child-process](docs/rules/detect-child-process.md) | Detects instances of "child_process" & non-literal "exec()" calls. | ✅ | -| [detect-disable-mustache-escape](docs/rules/detect-disable-mustache-escape.md) | Detects "object.escapeMarkup = false", which can be used with some template engines to disable escaping of HTML entities. | ✅ | -| [detect-eval-with-expression](docs/rules/detect-eval-with-expression.md) | Detects "eval(variable)" which can allow an attacker to run arbitrary code inside your process. | ✅ | -| [detect-new-buffer](docs/rules/detect-new-buffer.md) | Detects instances of new Buffer(argument) where argument is any non-literal value. ([new Buffer(number) is unsafe](https://github.com/nodejs/node/issues/4660)) | ✅ | -| [detect-no-csrf-before-method-override](docs/rules/detect-no-csrf-before-method-override.md) | Detects Express "csrf" middleware setup before "method-override" middleware. | ✅ | -| [detect-non-literal-fs-filename](docs/rules/detect-non-literal-fs-filename.md) | Detects variable in filename argument of "fs" calls, which might allow an attacker to access anything on your system. | ✅ | -| [detect-non-literal-regexp](docs/rules/detect-non-literal-regexp.md) | Detects "RegExp(variable)", which might allow an attacker to DOS your server with a long-running regular expression. | ✅ | -| [detect-non-literal-require](docs/rules/detect-non-literal-require.md) | Detects "require(variable)", which might allow an attacker to load and run arbitrary code, or access arbitrary files on disk. | ✅ | -| [detect-object-injection](docs/rules/detect-object-injection.md) | Detects "variable[key]" as a left- or right-hand assignment operand. | ✅ | -| [detect-possible-timing-attacks](docs/rules/detect-possible-timing-attacks.md) | Detects insecure comparisons (`==`, `!=`, `!==` and `===`), which check input sequentially. | ✅ | -| [detect-pseudoRandomBytes](docs/rules/detect-pseudoRandomBytes.md) | Detects if "pseudoRandomBytes()" is in use, which might not give you the randomness you need and expect. | ✅ | -| [detect-unsafe-regex](docs/rules/detect-unsafe-regex.md) | Detects potentially unsafe regular expressions, which may take a very long time to run, blocking the event loop. | ✅ | +| Name                                  | Description | ⚠️ | +| :------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------------- | :-- | +| [detect-bidi-characters](docs/rules/detect-bidi-characters.md) | Detects trojan source attacks that employ unicode bidi attacks to inject malicious code. | ✅ | +| [detect-buffer-noassert](docs/rules/detect-buffer-noassert.md) | Detects calls to "buffer" with "noAssert" flag set. | ✅ | +| [detect-child-process](docs/rules/detect-child-process.md) | Detects instances of "child_process" & non-literal "exec()" calls. | ✅ | +| [detect-disable-mustache-escape](docs/rules/detect-disable-mustache-escape.md) | Detects "object.escapeMarkup = false", which can be used with some template engines to disable escaping of HTML entities. | ✅ | +| [detect-eval-with-expression](docs/rules/detect-eval-with-expression.md) | Detects "eval(variable)" which can allow an attacker to run arbitrary code inside your process. | ✅ | +| [detect-new-buffer](docs/rules/detect-new-buffer.md) | Detects instances of new Buffer(argument) where argument is any non-literal value. | ✅ | +| [detect-no-csrf-before-method-override](docs/rules/detect-no-csrf-before-method-override.md) | Detects Express "csrf" middleware setup before "method-override" middleware. | ✅ | +| [detect-non-literal-fs-filename](docs/rules/detect-non-literal-fs-filename.md) | Detects variable in filename argument of "fs" calls, which might allow an attacker to access anything on your system. | ✅ | +| [detect-non-literal-regexp](docs/rules/detect-non-literal-regexp.md) | Detects "RegExp(variable)", which might allow an attacker to DOS your server with a long-running regular expression. | ✅ | +| [detect-non-literal-require](docs/rules/detect-non-literal-require.md) | Detects "require(variable)", which might allow an attacker to load and run arbitrary code, or access arbitrary files on disk. | ✅ | +| [detect-object-injection](docs/rules/detect-object-injection.md) | Detects "variable[key]" as a left- or right-hand assignment operand. | ✅ | +| [detect-possible-timing-attacks](docs/rules/detect-possible-timing-attacks.md) | Detects insecure comparisons (`==`, `!=`, `!==` and `===`), which check input sequentially. | ✅ | +| [detect-pseudoRandomBytes](docs/rules/detect-pseudoRandomBytes.md) | Detects if "pseudoRandomBytes()" is in use, which might not give you the randomness you need and expect. | ✅ | +| [detect-unsafe-regex](docs/rules/detect-unsafe-regex.md) | Detects potentially unsafe regular expressions, which may take a very long time to run, blocking the event loop. | ✅ | diff --git a/package-lock.json b/package-lock.json index 7123ad8..326952f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,7 +17,7 @@ "eslint": "^8.51.0", "eslint-config-nodesecurity": "^1.3.1", "eslint-config-prettier": "^8.5.0", - "eslint-doc-generator": "^1.0.2", + "eslint-doc-generator": "^1.7.0", "eslint-plugin-eslint-plugin": "^5.1.1", "lint-staged": "^12.3.7", "markdownlint-cli": "^0.32.2", @@ -1993,19 +1993,20 @@ } }, "node_modules/eslint-doc-generator": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/eslint-doc-generator/-/eslint-doc-generator-1.0.2.tgz", - "integrity": "sha512-sxmN888UWuQQ+X9t7C04iUboGAre/RJZhSpZeUwmBRCXabBk2gnYSaDCER2uHwtKzE+2Wut8wWBaUr6RL+XZaQ==", + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/eslint-doc-generator/-/eslint-doc-generator-1.7.0.tgz", + "integrity": "sha512-C1hE1acb/jruOO+cJe/rIsf+Kgq32JhimTgTtffwsjckKEJ800gx26kUtZhP+8Xm8M/n3BVBZ0XiNbojnNDqHQ==", "dev": true, "dependencies": { "@typescript-eslint/utils": "^5.38.1", "ajv": "^8.11.2", "boolean": "^3.2.0", - "commander": "^9.4.0", + "commander": "^10.0.0", "cosmiconfig": "^8.0.0", "deepmerge": "^4.2.2", "dot-prop": "^7.2.0", "jest-diff": "^29.2.1", + "json-schema-traverse": "^1.0.0", "markdown-table": "^3.0.3", "no-case": "^3.0.4", "type-fest": "^3.0.0" @@ -2037,12 +2038,12 @@ } }, "node_modules/eslint-doc-generator/node_modules/commander": { - "version": "9.4.1", - "resolved": "https://registry.npmjs.org/commander/-/commander-9.4.1.tgz", - "integrity": "sha512-5EEkTNyHNGFPD2H+c/dXXfQZYa/scCKasxWcXJaWnNJ99pnQN9Vnmqow+p+PlFPE63Q6mThaZws1T+HxfpgtPw==", + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==", "dev": true, "engines": { - "node": "^12.20.0 || >=14" + "node": ">=14" } }, "node_modules/eslint-doc-generator/node_modules/cosmiconfig": { @@ -11835,19 +11836,20 @@ "requires": {} }, "eslint-doc-generator": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/eslint-doc-generator/-/eslint-doc-generator-1.0.2.tgz", - "integrity": "sha512-sxmN888UWuQQ+X9t7C04iUboGAre/RJZhSpZeUwmBRCXabBk2gnYSaDCER2uHwtKzE+2Wut8wWBaUr6RL+XZaQ==", + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/eslint-doc-generator/-/eslint-doc-generator-1.7.0.tgz", + "integrity": "sha512-C1hE1acb/jruOO+cJe/rIsf+Kgq32JhimTgTtffwsjckKEJ800gx26kUtZhP+8Xm8M/n3BVBZ0XiNbojnNDqHQ==", "dev": true, "requires": { "@typescript-eslint/utils": "^5.38.1", "ajv": "^8.11.2", "boolean": "^3.2.0", - "commander": "^9.4.0", + "commander": "^10.0.0", "cosmiconfig": "^8.0.0", "deepmerge": "^4.2.2", "dot-prop": "^7.2.0", "jest-diff": "^29.2.1", + "json-schema-traverse": "^1.0.0", "markdown-table": "^3.0.3", "no-case": "^3.0.4", "type-fest": "^3.0.0" @@ -11866,9 +11868,9 @@ } }, "commander": { - "version": "9.4.1", - "resolved": "https://registry.npmjs.org/commander/-/commander-9.4.1.tgz", - "integrity": "sha512-5EEkTNyHNGFPD2H+c/dXXfQZYa/scCKasxWcXJaWnNJ99pnQN9Vnmqow+p+PlFPE63Q6mThaZws1T+HxfpgtPw==", + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==", "dev": true }, "cosmiconfig": { diff --git a/package.json b/package.json index 56e6bc9..9f06a96 100644 --- a/package.json +++ b/package.json @@ -51,7 +51,7 @@ "eslint": "^8.51.0", "eslint-config-nodesecurity": "^1.3.1", "eslint-config-prettier": "^8.5.0", - "eslint-doc-generator": "^1.0.2", + "eslint-doc-generator": "^1.7.0", "eslint-plugin-eslint-plugin": "^5.1.1", "lint-staged": "^12.3.7", "markdownlint-cli": "^0.32.2",