webhook/node_modules/eslint-plugin-github/lib/rules/authenticity-token.js
Joel Male 1ada95e04a
v2.0.0 (#12)
- Convert project to Javascript/Typescript
- Allow custom headers to be passed in (optional)
- Allow body to be optional
2020-08-26 10:52:47 +10:00

25 lines
568 B
JavaScript

module.exports = {
meta: {
docs: {},
schema: []
},
create(context) {
function checkAuthenticityTokenUsage(node, str) {
if (str.includes('authenticity_token')) {
context.report(
node,
'Form CSRF tokens (authenticity tokens) should not be created in JavaScript and their values should not be used directly for XHR requests.'
)
}
}
return {
Literal(node) {
if (typeof node.value === 'string') {
checkAuthenticityTokenUsage(node, node.value)
}
}
}
}
}