search

codeclimate / codeclimate-eslint

Code Climate Engine for ESLint
MIT License
95 stars 93 forks source link

Support a new plugin eslint-plugin-xss #403

Closed bilbof closed 3 years ago

bilbof commented 6 years ago

Would it be possible for https://github.com/Rantanen/eslint-plugin-xss to be added to the supported plugins?

While there is a supported security plugin, there is currently no plugin that checks for general xss vulnerabilities in supported plugins.

Though this plugin is in the package.json for this repo, it doesn't seem to be supported.

Actual Behavior

eslintrc

  xss/no-mixed-html:
    - error
  xss/no-location-href-assign:
    - error

codeclimate yaml

  eslint:
    enabled: true
    channel: eslint-4
    checks:
      xss/no-mixed-html:
        enabled: true
      xss/no-location-href-assign:
        enabled: true
$ codeclimate analyze
1: Definition for rule 'xss/no-mixed-html' was not found [eslint]
1: Definition for rule 'xss/no-location-href-assign' was not found [eslint]

Expected Behavior

I would expect the same results as running yarn eslint would provide. For example:

  33:5   error unencoded HTML passed in to function '.html'  xss/no-mixed-html

Relevant links

https://github.com/Rantanen/eslint-plugin-xss https://github.com/codeclimate/codeclimate-eslint/blob/master/package.json#L94

efueger commented 3 years ago

@bilbof - apologies for the radio silence on our part!