mirror of
https://github.com/yu-i-i/overleaf-cep.git
synced 2026-05-23 17:19:37 +02:00
49 lines
1.1 KiB
Bash
Executable File
49 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
POTENTIAL_SEND_USAGE=$(\
|
|
grep \
|
|
--files-with-matches \
|
|
--recursive \
|
|
app.mjs \
|
|
app/ \
|
|
modules/*/app \
|
|
test/acceptance/ \
|
|
modules/*/test/acceptance/ \
|
|
--regex "\.send\b" \
|
|
--regex "\bsend(" \
|
|
)
|
|
HELPER_MODULE="app/src/infrastructure/Response.mjs"
|
|
MOCK_MODULE="test/acceptance/src/mocks/MockResponse.mjs"
|
|
if [[ "$POTENTIAL_SEND_USAGE" == "$HELPER_MODULE" ]] || [[ "$file" == "$MOCK_MODULE" ]]; then
|
|
exit 0
|
|
fi
|
|
|
|
for file in ${POTENTIAL_SEND_USAGE}; do
|
|
if [[ "$file" == "$HELPER_MODULE" ]] || [[ "$file" == "$MOCK_MODULE" ]]; then
|
|
continue
|
|
fi
|
|
|
|
cat <<MSG >&2
|
|
|
|
ERROR: $file contains a potential use of 'res.send'.
|
|
|
|
---
|
|
$(grep -n -C 3 "$file" --regex "\.send\b" --regex "\bsend(")
|
|
---
|
|
|
|
Using 'res.send' is prone to introducing XSS vulnerabilities.
|
|
|
|
Consider using 'res.json' or one of the helpers in $HELPER_MODULE.
|
|
|
|
If this is a false-positive, consider using a more specific name than 'send'
|
|
for your newly introduced function.
|
|
|
|
Links:
|
|
- https://github.com/overleaf/internal/issues/6268
|
|
|
|
MSG
|
|
exit 1
|
|
done
|