Fix false positive for global navigation check in typescript

doyensec / electronegativity

Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.

Apache License 2.0

958 stars 65 forks source link

Fix false positive for global navigation check in typescript #77

Closed bchurchill closed 3 years ago

bchurchill commented 3 years ago

Typescript code would always have the LIMIT_NAVIGATION_GLOBAL_CHECK fail. This was happening because the atomic LIMIT_NAVIGATION_JS_CHECK was looking for an AST node of type Literal, instead of using AstHelper.StringLiteral. As a result, the check worked properly for javascript code but not typescript.

This PR:

fixes this particular issue
adds a test case
makes the coding style consistent across the CustomArgumentsJSCheck as well

phosphore commented 3 years ago

Ooops! My bad :innocent: LGTM