mirror of
https://github.com/joelwmale/webhook-action.git
synced 2024-12-04 21:24:29 +01:00
26 lines
568 B
JavaScript
26 lines
568 B
JavaScript
|
module.exports = {
|
||
|
meta: {
|
||
|
docs: {},
|
||
|
schema: []
|
||
|
},
|
||
|
|
||
|
create(context) {
|
||
|
function checkAuthenticityTokenUsage(node, str) {
|
||
|
if (str.includes('authenticity_token')) {
|
||
|
context.report(
|
||
|
node,
|
||
|
'Form CSRF tokens (authenticity tokens) should not be created in JavaScript and their values should not be used directly for XHR requests.'
|
||
|
)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return {
|
||
|
Literal(node) {
|
||
|
if (typeof node.value === 'string') {
|
||
|
checkAuthenticityTokenUsage(node, node.value)
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|