-
Notifications
You must be signed in to change notification settings - Fork 9.5k
/
insecure-random.js
48 lines (44 loc) · 1.46 KB
/
insecure-random.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
// @ts-check
/**
* @typedef {import('eslint').Rule.RuleModule} RuleModule
*/
/** @type {RuleModule} */
module.exports = {
meta: {
docs: {
description: 'Do not use insecure sources for random bytes',
category: 'Best Practices',
},
// strings from https://github.com/Microsoft/tslint-microsoft-contrib/blob/b720cd9/src/insecureRandomRule.ts
messages: {
mathRandomInsecure:
'Math.random produces insecure random numbers. Use crypto.randomBytes() or window.crypto.getRandomValues() instead',
pseudoRandomBytesInsecure:
'crypto.pseudoRandomBytes produces insecure random numbers. Use crypto.randomBytes() instead',
},
},
create(context) {
return {
CallExpression(node) {
const { callee } = node
if (
callee.type === 'MemberExpression' &&
callee.object.type === 'Identifier' &&
callee.object.name === 'Math' &&
callee.property.type === 'Identifier' &&
callee.property.name === 'random'
) {
context.report({ node, messageId: 'mathRandomInsecure' })
}
if (
(callee.type === 'MemberExpression' &&
callee.property.type === 'Identifier' &&
callee.property.name === 'pseudoRandomBytes') ||
(callee.type === 'Identifier' && callee.name === 'pseudoRandomBytes')
) {
context.report({ node, messageId: 'pseudoRandomBytesInsecure' })
}
},
}
},
}