TSR tslint-config-security issue

expressjs / morgan

HTTP request logger middleware for node.js

MIT License

7.95k stars 536 forks source link

TSR tslint-config-security issue #196

Closed dcuenot closed 5 years ago

dcuenot commented 5 years ago

Hello,

When I'm defining a custom formatter with this following code, it's working, however I have an issue regarding "tslint-config-security"

morgan(function (tokens, req, res) {
  return [
    tokens.method(req, res),
    tokens.url(req, res),
    tokens.status(req, res),
    tokens.res(req, res, 'content-length'), '-',
    tokens['response-time'](req, res), 'ms'
  ].join(' ')
})

The error raised by tslint-config-security is this one: ERROR: /backend/server/common/morganAuditLogger.ts:28:4 - Found unsafe properties access

How can I fix the issue?

Thanks for the feedback Damien

dougwilson commented 5 years ago

What does the error mean?

dcuenot commented 5 years ago

You can have a look to the definition here: https://www.npmjs.com/package/tslint-config-security#tsr-detect-unsafe-properties-access

dougwilson commented 5 years ago

I still don't understand. Is it your code above that is doing property access or something?

dcuenot commented 5 years ago

this block tokens['response-time'](req, res), 'ms' is doing the property access

dougwilson commented 5 years ago

Ok. So it sounds like you just need to change that line to something else? I'm not sure if there is something this module can do to change that code.

dougwilson commented 5 years ago

If it helps, you can just use the format string option (https://github.com/expressjs/morgan#using-format-string-of-predefined-tokens), which will produce the exact same output as the code you pasted above.