detect-jquery-globalEval.js

guoyutian1111222333 commented 3 months ago

Rule details

Detect the jQuery's globalEval method due to potential code injection risks.

Related CVE

CVE-2017-16012

Example code

function test(){
        var name = "局部变量";
        alert(name); // 局部变量
        eval( "alert(name);" ); // 局部变量
        $.globalEval( "alert(name);" );  // 全局变量
    }
}

Participation

[X] I am willing to submit a pull request to implement this rule.

Additional comments

module.exports = { meta: { type: "problem", // 这个规则标识为问题类型 docs: { description: "Disallow the use of jQuery's globalEval method due to potential code injection risks.", category: "Security", recommended: true }, schema: [] // 没有可配置选项 }, create(context) { return { CallExpression(node) { const callee = node.callee;

            // 检查是否是对象方法调用
            if (callee.type === "MemberExpression") {
                const objectName = callee.object.name;
                const propertyName = callee.property.name;

                // 确认调用的是 globalEval 方法，并且是通过 jQuery 或 $ 对象调用
                if ((objectName === "jQuery" || objectName === "$") && propertyName === "globalEval") {
                    context.report({
                        node,
                        message: "Avoid using jQuery's globalEval due to potential code injection risks."
                    });
                }
            }
        }
    };
}

};

guoyutian1111222333 commented 3 months ago

I'm wondering if i could write some rules to detect the javascript security hotspots, if if works for someone else?

nzakas commented 3 months ago

We aren't accepting rules that are specific to libraries because we can't be sure what $ refers to.

Correct CVE is actually CVE-2015-9251, for the record.

guoyutian1111222333 commented 3 months ago

got it ,thank you for the answer, i learned a lot

eslint-community / eslint-plugin-security