From e05797c62cf09c7b00042b4fd205cc89592b3eb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Urba=C5=84czyk?= Date: Mon, 6 Jul 2020 15:52:34 +0200 Subject: [PATCH 1/6] chore: introduce security related linter and fix warnings --- .eslintrc | 6 +- lib/models/asyncapi.js | 11 +- lib/models/base.js | 2 +- lib/models/channel.js | 4 +- lib/models/message-traitable.js | 4 +- lib/models/operation-traitable.js | 4 +- lib/models/operation.js | 4 +- lib/models/schema.js | 2 + lib/models/server.js | 4 +- lib/parser.js | 2 + lib/utils.js | 20 +- package-lock.json | 456 +++++++++++++----------------- package.json | 3 +- test/models/asyncapi_test.js | 1 + test/parse_test.js | 1 - 15 files changed, 238 insertions(+), 286 deletions(-) diff --git a/.eslintrc b/.eslintrc index d2e5d70fb..5c9c4efb0 100644 --- a/.eslintrc +++ b/.eslintrc @@ -6,10 +6,12 @@ env: plugins: - sonarjs - mocha + - security extends: - plugin:sonarjs/recommended - plugin:mocha/recommended + - plugin:security/recommended parserOptions: ecmaVersion: 2018 @@ -102,4 +104,6 @@ overrides: - files: "test/**" rules: prefer-arrow-callback: 0 - sonarjs/no-duplicate-string: 0 \ No newline at end of file + sonarjs/no-duplicate-string: 0 + security/detect-object-injection: 0 + security/detect-non-literal-fs-filename: 0 \ No newline at end of file diff --git a/lib/models/asyncapi.js b/lib/models/asyncapi.js index 9823f8e1f..74ef4881d 100644 --- a/lib/models/asyncapi.js +++ b/lib/models/asyncapi.js @@ -5,6 +5,7 @@ const Server = require('./server'); const Channel = require('./channel'); const Components = require('./components'); const Tag = require('./tag'); + const xParserMessageName = 'x-parser-message-name'; const xParserSchemaId = 'x-parser-schema-id'; @@ -199,7 +200,7 @@ function assignNameToComponentMessages(doc) { if (doc.hasComponents()) { for (const [key, m] of Object.entries(doc.components().messages())) { if (m.name() === undefined) { - m.json()[xParserMessageName] = key; + m.json()[String(xParserMessageName)] = key; } } } @@ -214,7 +215,7 @@ function assignUidToParameterSchemas(doc) { doc.channelNames().forEach(channelName => { const channel = doc.channel(channelName); for (const [parameterKey, parameterSchema] of Object.entries(channel.parameters())) { - parameterSchema.json()[xParserSchemaId] = parameterKey; + parameterSchema.json()[String(xParserSchemaId)] = parameterKey; } }); } @@ -227,7 +228,7 @@ function assignUidToParameterSchemas(doc) { function assignUidToComponentSchemas(doc) { if (doc.hasComponents()) { for (const [key, s] of Object.entries(doc.components().schemas())) { - s.json()[xParserSchemaId] = key; + s.json()[String(xParserSchemaId)] = key; } } } @@ -257,7 +258,7 @@ function assignNameToAnonymousMessages(doc) { function addNameToKey(messages, number) { messages.forEach(m => { if (m.name() === undefined) { - m.json()[xParserMessageName] = ``; + m.json()[String(xParserMessageName)] = ``; } }); } @@ -362,7 +363,7 @@ function assignIdToAnonymousSchemas(doc) { let anonymousSchemaCounter = 0; const callback = (schema) => { if (!schema.uid()) { - schema.json()[xParserSchemaId] = ``; + schema.json()[String(xParserSchemaId)] = ``; } }; schemaDocument(doc, callback); diff --git a/lib/models/base.js b/lib/models/base.js index 7c2e3cae2..cd0e0511f 100644 --- a/lib/models/base.js +++ b/lib/models/base.js @@ -17,7 +17,7 @@ class Base { json(key) { if (key === undefined) return this._json; if (!this._json) return; - return this._json[key]; + return this._json[String(key)]; } } diff --git a/lib/models/channel.js b/lib/models/channel.js index 1b8732154..3bd8afb84 100644 --- a/lib/models/channel.js +++ b/lib/models/channel.js @@ -1,4 +1,4 @@ -const { createMapOfType, getMapKeyOfType, addExtensions } = require('../utils'); +const { createMapOfType, getMapKeyOfType, getMapKey, addExtensions } = require('../utils'); const Base = require('./base'); const ChannelParameter = require('./channel-parameter'); const PublishOperation = require('./publish-operation'); @@ -82,7 +82,7 @@ class Channel extends Base { * @returns {Object} */ binding(name) { - return this._json.bindings ? this._json.bindings[name] : null; + return getMapKey(this._json.bindings, name); } } diff --git a/lib/models/message-traitable.js b/lib/models/message-traitable.js index e6272e727..d50bea875 100644 --- a/lib/models/message-traitable.js +++ b/lib/models/message-traitable.js @@ -1,4 +1,4 @@ -const { getMapKeyOfType, addExtensions } = require('../utils'); +const { getMapKeyOfType, getMapKey, addExtensions } = require('../utils'); const Base = require('./base'); const Tag = require('./tag'); const ExternalDocs = require('./external-docs'); @@ -114,7 +114,7 @@ class MessageTraitable extends Base { * @returns {Object} */ binding(name) { - return this._json.bindings ? this._json.bindings[name] : null; + return getMapKey(this._json.bindings, name); } /** diff --git a/lib/models/operation-traitable.js b/lib/models/operation-traitable.js index 4dd93423c..20b0a4473 100644 --- a/lib/models/operation-traitable.js +++ b/lib/models/operation-traitable.js @@ -1,4 +1,4 @@ -const { addExtensions } = require('../utils'); +const { getMapKey, addExtensions } = require('../utils'); const Base = require('./base'); const Tag = require('./tag'); const ExternalDocs = require('./external-docs'); @@ -66,7 +66,7 @@ class OperationTraitable extends Base { * @returns {Object} */ binding(name) { - return this._json.bindings ? this._json.bindings[name] : null; + return getMapKey(this._json.bindings, name); } } diff --git a/lib/models/operation.js b/lib/models/operation.js index 6008d36ac..84bce3aa1 100644 --- a/lib/models/operation.js +++ b/lib/models/operation.js @@ -30,10 +30,10 @@ class Operation extends OperationTraitable { * @returns {Message} */ message(index) { - if (!this._json.message) return null; + if (typeof index !== 'number' || !this._json.message) return null; if (!this._json.message.oneOf) return new Message(this._json.message); if (index > this._json.message.oneOf.length - 1) return null; - return new Message(this._json.message.oneOf[index]); + return new Message(this._json.message.oneOf[+index]); } } diff --git a/lib/models/schema.js b/lib/models/schema.js index d5ef8885c..9b7631f8d 100644 --- a/lib/models/schema.js +++ b/lib/models/schema.js @@ -230,6 +230,7 @@ class Schema extends Base { * @returns {Object} */ dependencies() { + /* eslint-disable security/detect-object-injection */ if (!this._json.dependencies) return null; const result = {}; Object.keys(this._json.dependencies).forEach(k => { @@ -240,6 +241,7 @@ class Schema extends Base { } }); return result; + /* eslint-enabled security/detect-object-injection */ } /** diff --git a/lib/models/server.js b/lib/models/server.js index c922c8f7f..f45487419 100644 --- a/lib/models/server.js +++ b/lib/models/server.js @@ -1,4 +1,4 @@ -const { createMapOfType, getMapKeyOfType, addExtensions } = require('../utils'); +const { getMapKey, createMapOfType, getMapKeyOfType, addExtensions } = require('../utils'); const Base = require('./base'); const ServerVariable = require('./server-variable'); const ServerSecurityRequirement = require('./server-security-requirement'); @@ -80,7 +80,7 @@ class Server extends Base { * @returns {Object} */ binding(name) { - return this._json.bindings ? this._json.bindings[name] : null; + return getMapKey(this._json.bindings, name); } } diff --git a/lib/parser.js b/lib/parser.js index 21fdbfbac..6974bd414 100644 --- a/lib/parser.js +++ b/lib/parser.js @@ -155,6 +155,7 @@ async function customDocumentOperations(js, asyncapiYAMLorJSON, initialFormat, o validateChannelParams(js, asyncapiYAMLorJSON, initialFormat); validateOperationId(js, asyncapiYAMLorJSON, initialFormat, OPERATIONS); + /* eslint-disable security/detect-object-injection */ for (const channelName in js.channels) { const channel = js.channels[channelName]; const convert = OPERATIONS.map(async (opName) => { @@ -173,6 +174,7 @@ async function customDocumentOperations(js, asyncapiYAMLorJSON, initialFormat, o }); await Promise.all(convert); } + /* eslint-enabled security/detect-object-injection */ } async function validateAndConvertMessage(msg, originalAsyncAPIDocument, fileFormat, parsedAsyncAPIDocument, pathToPayload) { diff --git a/lib/utils.js b/lib/utils.js index f88f3b451..5fb4d08cd 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -49,6 +49,8 @@ const findLocationOf = (keys, ast, initialFormat) => { let info; if (initialFormat === 'yaml') { + // disable eslint because loc is a Symbol + // eslint-disable-line security/detect-object-injection info = node[loc]; } else if (initialFormat === 'json') { info = node.loc; @@ -67,6 +69,7 @@ const findLocationOf = (keys, ast, initialFormat) => { }; }; +/* eslint-disable security/detect-object-injection */ const traverse = function (o, fn, scope = []) { for (const i in o) { fn.apply(this, [i, o[i], scope]); @@ -75,6 +78,7 @@ const traverse = function (o, fn, scope = []) { } } }; +/* eslint-enable security/detect-object-injection */ utils.tilde = (str) => { return str.replace(/[~\/]{1}/g, (m) => { @@ -163,16 +167,21 @@ utils.createMapOfType = (obj, Type) => { if (!obj) return result; Object.keys(obj).forEach(key => { - result[key] = new Type(obj[key]); + result[String(key)] = new Type(obj[String(key)]); }); return result; }; utils.getMapKeyOfType = (obj, key, Type) => { - if (!obj) return null; - if (!obj[key]) return null; - return new Type(obj[key]); + if (typeof key !== 'string' || !obj) return null; + const v = obj[String(key)]; + if (v === undefined) return null; + return Type ? new Type(v) : v; +}; + +utils.getMapKey = (obj, key) => { + return utils.getMapKeyOfType(obj, key); }; utils.addExtensions = (obj) => { @@ -180,6 +189,7 @@ utils.addExtensions = (obj) => { const result = {}; Object.keys(this._json).forEach(key => { if ((/^x-[\w\d\.\-\_]+$/).test(key)) { + // eslint-disable-next-line security/detect-object-injection result[key] = this._json[key]; } }); @@ -187,7 +197,7 @@ utils.addExtensions = (obj) => { }; obj.prototype.ext = function (name) { - return this._json[name]; + return this._json[String(name)]; }; obj.prototype.extension = obj.prototype.ext; diff --git a/package-lock.json b/package-lock.json index fadef7cd7..dbb7d5501 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1720,12 +1720,6 @@ "supports-color": "^5.3.0" } }, - "chardet": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/chardet/-/chardet-0.7.0.tgz", - "integrity": "sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==", - "dev": true - }, "check-error": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.2.tgz", @@ -1753,15 +1747,6 @@ "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==", "dev": true }, - "cli-cursor": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-3.1.0.tgz", - "integrity": "sha512-I/zHAwsKf9FqGoXM4WWRACob9+SNukZTd94DWF57E4toouRulbCxcUh6RKUEOQlYTHJnzkPMySvPNaaSLNfLZw==", - "dev": true, - "requires": { - "restore-cursor": "^3.1.0" - } - }, "cli-table": { "version": "0.3.1", "resolved": "https://registry.npmjs.org/cli-table/-/cli-table-0.3.1.tgz", @@ -1771,12 +1756,6 @@ "colors": "1.0.3" } }, - "cli-width": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/cli-width/-/cli-width-2.2.1.tgz", - "integrity": "sha512-GRMWDxpOB6Dgk2E5Uo+3eEBvtOOlimMmpbFiKuLFnQzYDavtLFY3K5ona41jgN/WdRZtG7utuVSVTL4HbZHGkw==", - "dev": true - }, "cliui": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/cliui/-/cliui-5.0.0.tgz", @@ -2561,6 +2540,23 @@ "once": "^1.4.0" } }, + "enquirer": { + "version": "2.3.6", + "resolved": "https://registry.npmjs.org/enquirer/-/enquirer-2.3.6.tgz", + "integrity": "sha512-yjNnPr315/FjS4zIsUxYguYUPP2e1NK4d7E7ZOLiyYCcbFBiTMyID+2wvm2w6+pZ/odMA7cRkjhsPbltwBOrLg==", + "dev": true, + "requires": { + "ansi-colors": "^4.1.1" + }, + "dependencies": { + "ansi-colors": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", + "integrity": "sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA==", + "dev": true + } + } + }, "entities": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/entities/-/entities-2.0.0.tgz", @@ -2756,22 +2752,23 @@ } }, "eslint": { - "version": "6.8.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-6.8.0.tgz", - "integrity": "sha512-K+Iayyo2LtyYhDSYwz5D5QdWw0hCacNzyq1Y821Xna2xSJj7cijoLLYmLxTQgcgZ9mC61nryMy9S7GRbYpI5Ig==", + "version": "7.4.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.4.0.tgz", + "integrity": "sha512-gU+lxhlPHu45H3JkEGgYhWhkR9wLHHEXC9FbWFnTlEkbKyZKWgWRLgf61E8zWmBuI6g5xKBph9ltg3NtZMVF8g==", "dev": true, "requires": { "@babel/code-frame": "^7.0.0", "ajv": "^6.10.0", - "chalk": "^2.1.0", - "cross-spawn": "^6.0.5", + "chalk": "^4.0.0", + "cross-spawn": "^7.0.2", "debug": "^4.0.1", "doctrine": "^3.0.0", - "eslint-scope": "^5.0.0", - "eslint-utils": "^1.4.3", - "eslint-visitor-keys": "^1.1.0", - "espree": "^6.1.2", - "esquery": "^1.0.1", + "enquirer": "^2.3.5", + "eslint-scope": "^5.1.0", + "eslint-utils": "^2.0.0", + "eslint-visitor-keys": "^1.2.0", + "espree": "^7.1.0", + "esquery": "^1.2.0", "esutils": "^2.0.2", "file-entry-cache": "^5.0.1", "functional-red-black-tree": "^1.0.1", @@ -2780,66 +2777,128 @@ "ignore": "^4.0.6", "import-fresh": "^3.0.0", "imurmurhash": "^0.1.4", - "inquirer": "^7.0.0", "is-glob": "^4.0.0", "js-yaml": "^3.13.1", "json-stable-stringify-without-jsonify": "^1.0.1", - "levn": "^0.3.0", + "levn": "^0.4.1", "lodash": "^4.17.14", "minimatch": "^3.0.4", - "mkdirp": "^0.5.1", "natural-compare": "^1.4.0", - "optionator": "^0.8.3", + "optionator": "^0.9.1", "progress": "^2.0.0", - "regexpp": "^2.0.1", - "semver": "^6.1.2", - "strip-ansi": "^5.2.0", - "strip-json-comments": "^3.0.1", + "regexpp": "^3.1.0", + "semver": "^7.2.1", + "strip-ansi": "^6.0.0", + "strip-json-comments": "^3.1.0", "table": "^5.2.3", "text-table": "^0.2.0", "v8-compile-cache": "^2.0.3" }, "dependencies": { "ansi-regex": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz", + "integrity": "sha512-bY6fj56OUQ0hU1KjFNDQuJFezqKdrAyFdIevADiqrWHwSlbmBNMHp5ak2f40Pm8JTFyM2mqxkG6ngkHO11f/lg==", + "dev": true + }, + "ansi-styles": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.2.1.tgz", + "integrity": "sha512-9VGjrMsG1vePxcSweQsN20KY/c4zN0h9fLjqAbwbPfahM3t+NL+M9HC8xeXG2I8pX5NoamTGNuomEUFI7fcUjA==", + "dev": true, + "requires": { + "@types/color-name": "^1.1.1", + "color-convert": "^2.0.1" + } + }, + "chalk": { "version": "4.1.0", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz", - "integrity": "sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg==", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.0.tgz", + "integrity": "sha512-qwx12AxXe2Q5xQ43Ac//I6v5aXTipYrSESdOgzrN+9XjgEpyjpKuvSGaN4qE93f7TQTlerQQ8S+EQ0EyDoVL1A==", + "dev": true, + "requires": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + } + }, + "color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dev": true, + "requires": { + "color-name": "~1.1.4" + } + }, + "color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", "dev": true }, + "cross-spawn": { + "version": "7.0.3", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "dev": true, + "requires": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + } + }, "esutils": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==", "dev": true }, + "has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "dev": true + }, "ignore": { "version": "4.0.6", "resolved": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", "integrity": "sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg==", "dev": true }, - "mkdirp": { - "version": "0.5.5", - "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz", - "integrity": "sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==", + "path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "dev": true + }, + "semver": { + "version": "7.3.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.2.tgz", + "integrity": "sha512-OrOb32TeeambH6UrhtShmF7CRDqhL6/5XpPNp2DuRH6+9QLw/orhp72j87v8Qa1ScDkvrrBNpZcDejAirJmfXQ==", + "dev": true + }, + "shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", "dev": true, "requires": { - "minimist": "^1.2.5" + "shebang-regex": "^3.0.0" } }, - "semver": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", - "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", "dev": true }, "strip-ansi": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", - "integrity": "sha512-DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA==", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.0.tgz", + "integrity": "sha512-AuvKTrTfQNYNIctbR1K/YGTR1756GycPsg7b9bdV9Duqur4gv6aKqHXah67Z8ImS7WEz5QVcOtlfW2rZEugt6w==", "dev": true, "requires": { - "ansi-regex": "^4.1.0" + "ansi-regex": "^5.0.0" } }, "strip-json-comments": { @@ -2847,6 +2906,24 @@ "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.0.tgz", "integrity": "sha512-e6/d0eBu7gHtdCqFt0xJr642LdToM5/cN4Qb9DbHjVx1CP5RyeM+zH7pbecEmDv/lBqb0QH+6Uqq75rxFPkM0w==", "dev": true + }, + "supports-color": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.1.0.tgz", + "integrity": "sha512-oRSIpR8pxT1Wr2FquTNnGet79b3BWljqOuoW/h4oBhxJ/HUbX5nX6JSruTkvXDCFMwDPvsaTTbvMLKZWSy0R5g==", + "dev": true, + "requires": { + "has-flag": "^4.0.0" + } + }, + "which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "dev": true, + "requires": { + "isexe": "^2.0.0" + } } } }, @@ -2871,6 +2948,15 @@ } } }, + "eslint-plugin-security": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/eslint-plugin-security/-/eslint-plugin-security-1.4.0.tgz", + "integrity": "sha512-xlS7P2PLMXeqfhyf3NpqbvbnW04kN8M9NtmhpR3XGyOvt/vNKS7XPXT5EDbwKW9vCjWH4PpfQvgD/+JgN0VJKA==", + "dev": true, + "requires": { + "safe-regex": "^1.1.0" + } + }, "eslint-plugin-sonarjs": { "version": "0.5.0", "resolved": "https://registry.npmjs.org/eslint-plugin-sonarjs/-/eslint-plugin-sonarjs-0.5.0.tgz", @@ -2896,9 +2982,9 @@ } }, "eslint-utils": { - "version": "1.4.3", - "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-1.4.3.tgz", - "integrity": "sha512-fbBN5W2xdY45KulGXmLHZ3c3FHfVYmKg0IrAKGOkT/464PQsx2UeIzfz1RmEci+KLm1bBaAzZAh8+/E+XAeZ8Q==", + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "integrity": "sha512-w94dQYoauyvlDc43XnGB8lU3Zt713vNChgt4EWwhXAP2XkBvndfxF0AgIqKOOasjPIPzj9JqgwkwbCYD0/V3Zg==", "dev": true, "requires": { "eslint-visitor-keys": "^1.1.0" @@ -2911,14 +2997,22 @@ "dev": true }, "espree": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/espree/-/espree-6.2.1.tgz", - "integrity": "sha512-ysCxRQY3WaXJz9tdbWOwuWr5Y/XrPTGX9Kiz3yoUXwW0VZ4w30HTkQLaGx/+ttFjF8i+ACbArnB4ce68a9m5hw==", + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/espree/-/espree-7.1.0.tgz", + "integrity": "sha512-dcorZSyfmm4WTuTnE5Y7MEN1DyoPYy1ZR783QW1FJoenn7RailyWFsq/UL6ZAAA7uXurN9FIpYyUs3OfiIW+Qw==", "dev": true, "requires": { - "acorn": "^7.1.1", + "acorn": "^7.2.0", "acorn-jsx": "^5.2.0", - "eslint-visitor-keys": "^1.1.0" + "eslint-visitor-keys": "^1.2.0" + }, + "dependencies": { + "acorn": { + "version": "7.3.1", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.3.1.tgz", + "integrity": "sha512-tLc0wSnatxAQHVHUapaHdz72pi9KUyHjq5KyHjGg9Y8Ifdc79pTh2XvI6I1/chZbnM7QtNKzh66ooDogPZSleA==", + "dev": true + } } }, "esprima": { @@ -3072,17 +3166,6 @@ "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz", "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==" }, - "external-editor": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/external-editor/-/external-editor-3.1.0.tgz", - "integrity": "sha512-hMQ4CX1p1izmuLYyZqLMO/qGNw10wSv9QDCPfzXfyFrOaCSSoRfqE1Kf1s5an66J5JZC62NewG+mK49jOCtQew==", - "dev": true, - "requires": { - "chardet": "^0.7.0", - "iconv-lite": "^0.4.24", - "tmp": "^0.0.33" - } - }, "extsprintf": { "version": "1.3.0", "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz", @@ -3795,15 +3878,6 @@ "integrity": "sha512-SEQu7vl8KjNL2eoGBLF3+wAjpsNfA9XMlXAYj/3EdaNfAlxKthD1xjEQfGOUhllCGGJVNY34bRr6lPINhNjyZw==", "dev": true }, - "iconv-lite": { - "version": "0.4.24", - "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", - "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", - "dev": true, - "requires": { - "safer-buffer": ">= 2.1.2 < 3" - } - }, "ieee754": { "version": "1.1.13", "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.13.tgz", @@ -3892,117 +3966,6 @@ } } }, - "inquirer": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-7.2.0.tgz", - "integrity": "sha512-E0c4rPwr9ByePfNlTIB8z51kK1s2n6jrHuJeEHENl/sbq2G/S1auvibgEwNR4uSyiU+PiYHqSwsgGiXjG8p5ZQ==", - "dev": true, - "requires": { - "ansi-escapes": "^4.2.1", - "chalk": "^3.0.0", - "cli-cursor": "^3.1.0", - "cli-width": "^2.0.0", - "external-editor": "^3.0.3", - "figures": "^3.0.0", - "lodash": "^4.17.15", - "mute-stream": "0.0.8", - "run-async": "^2.4.0", - "rxjs": "^6.5.3", - "string-width": "^4.1.0", - "strip-ansi": "^6.0.0", - "through": "^2.3.6" - }, - "dependencies": { - "ansi-regex": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz", - "integrity": "sha512-bY6fj56OUQ0hU1KjFNDQuJFezqKdrAyFdIevADiqrWHwSlbmBNMHp5ak2f40Pm8JTFyM2mqxkG6ngkHO11f/lg==", - "dev": true - }, - "ansi-styles": { - "version": "4.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.2.1.tgz", - "integrity": "sha512-9VGjrMsG1vePxcSweQsN20KY/c4zN0h9fLjqAbwbPfahM3t+NL+M9HC8xeXG2I8pX5NoamTGNuomEUFI7fcUjA==", - "dev": true, - "requires": { - "@types/color-name": "^1.1.1", - "color-convert": "^2.0.1" - } - }, - "chalk": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-3.0.0.tgz", - "integrity": "sha512-4D3B6Wf41KOYRFdszmDqMCGq5VV/uMAB273JILmO+3jAlh8X4qDtdtgCR3fxtbLEMzSx22QdhnDcJvu2u1fVwg==", - "dev": true, - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "color-convert": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", - "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", - "dev": true, - "requires": { - "color-name": "~1.1.4" - } - }, - "color-name": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", - "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", - "dev": true - }, - "emoji-regex": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", - "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", - "dev": true - }, - "has-flag": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", - "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", - "dev": true - }, - "is-fullwidth-code-point": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", - "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", - "dev": true - }, - "string-width": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.0.tgz", - "integrity": "sha512-zUz5JD+tgqtuDjMhwIg5uFVV3dtqZ9yQJlZVfq4I01/K5Paj5UHj7VyrQOJvzawSVlKpObApbfD0Ed6yJc+1eg==", - "dev": true, - "requires": { - "emoji-regex": "^8.0.0", - "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.0" - } - }, - "strip-ansi": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.0.tgz", - "integrity": "sha512-AuvKTrTfQNYNIctbR1K/YGTR1756GycPsg7b9bdV9Duqur4gv6aKqHXah67Z8ImS7WEz5QVcOtlfW2rZEugt6w==", - "dev": true, - "requires": { - "ansi-regex": "^5.0.0" - } - }, - "supports-color": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.1.0.tgz", - "integrity": "sha512-oRSIpR8pxT1Wr2FquTNnGet79b3BWljqOuoW/h4oBhxJ/HUbX5nX6JSruTkvXDCFMwDPvsaTTbvMLKZWSy0R5g==", - "dev": true, - "requires": { - "has-flag": "^4.0.0" - } - } - } - }, "insert-module-globals": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/insert-module-globals/-/insert-module-globals-7.2.0.tgz", @@ -4623,13 +4586,13 @@ } }, "levn": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/levn/-/levn-0.3.0.tgz", - "integrity": "sha1-OwmSTt+fCDwEkP3UwLxEIeBHZO4=", + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", + "integrity": "sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==", "dev": true, "requires": { - "prelude-ls": "~1.1.2", - "type-check": "~0.3.2" + "prelude-ls": "^1.2.1", + "type-check": "~0.4.0" } }, "lines-and-columns": { @@ -5271,12 +5234,6 @@ "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", "dev": true }, - "mute-stream": { - "version": "0.0.8", - "resolved": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.8.tgz", - "integrity": "sha512-nnbWWOkoWyUsTjKrhgD0dcz22mdkSnpYqbEjIm2nhwhuxlSkpywJmBo8h0ZqJdkp73mb90SssHkN4rsRaBAfAA==", - "dev": true - }, "nan": { "version": "2.14.1", "resolved": "https://registry.npmjs.org/nan/-/nan-2.14.1.tgz", @@ -9279,17 +9236,17 @@ } }, "optionator": { - "version": "0.8.3", - "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.8.3.tgz", - "integrity": "sha512-+IW9pACdk3XWmmTXG8m3upGUJst5XRGzxMRjXzAuJ1XnIFNvfhjjIuYkDvysnPQ7qzqVzLt78BCruntqRhWQbA==", + "version": "0.9.1", + "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.1.tgz", + "integrity": "sha512-74RlY5FCnhq4jRxVUPKDaRwrVNXMqsGsiW6AJw4XK8hmtm10wC0ypZBLw5IIp85NZMr91+qd1RvvENwg7jjRFw==", "dev": true, "requires": { - "deep-is": "~0.1.3", - "fast-levenshtein": "~2.0.6", - "levn": "~0.3.0", - "prelude-ls": "~1.1.2", - "type-check": "~0.3.2", - "word-wrap": "~1.2.3" + "deep-is": "^0.1.3", + "fast-levenshtein": "^2.0.6", + "levn": "^0.4.1", + "prelude-ls": "^1.2.1", + "type-check": "^0.4.0", + "word-wrap": "^1.2.3" } }, "os-browserify": { @@ -9617,9 +9574,9 @@ } }, "prelude-ls": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz", - "integrity": "sha1-IZMqVJ9eUv/ZqCf1cOBL5iqX2lQ=", + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", + "integrity": "sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==", "dev": true }, "process": { @@ -9899,9 +9856,9 @@ "dev": true }, "regexpp": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-2.0.1.tgz", - "integrity": "sha512-lv0M6+TkDVniA3aD1Eg0DVpfU/booSu7Eev3TDO/mZKHBfVjgCGTV4t4buppESEYDtkArYFOxTJWv6S5C+iaNw==", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-3.1.0.tgz", + "integrity": "sha512-ZOIzd8yVsQQA7j8GCSlPGXwg5PfmA1mrq0JP4nGhh54LaKN3xdai/vHUDu74pKwV8OxseMS65u2NImosQcSD0Q==", "dev": true }, "registry-auth-token": { @@ -10042,15 +9999,11 @@ "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==", "dev": true }, - "restore-cursor": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz", - "integrity": "sha512-l+sSefzHpj5qimhFSE5a8nufZYAM3sBSVMAPtYkmC+4EH2anSGaEMXSD0izRQbu9nfyQ9y5JrVmp7E8oZrUjvA==", - "dev": true, - "requires": { - "onetime": "^5.1.0", - "signal-exit": "^3.0.2" - } + "ret": { + "version": "0.1.15", + "resolved": "https://registry.npmjs.org/ret/-/ret-0.1.15.tgz", + "integrity": "sha512-TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg==", + "dev": true }, "retry": { "version": "0.12.0", @@ -10082,32 +10035,26 @@ "inherits": "^2.0.1" } }, - "run-async": { - "version": "2.4.1", - "resolved": "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz", - "integrity": "sha512-tvVnVv01b8c1RrA6Ep7JkStj85Guv/YrMcwqYQnwjsAS2cTmmPGBBjAjpCW7RrSodNSoE2/qg9O4bceNvUuDgQ==", - "dev": true - }, "run-parallel": { "version": "1.1.9", "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.1.9.tgz", "integrity": "sha512-DEqnSRTDw/Tc3FXf49zedI638Z9onwUotBMiUFKmrO2sdFKIbXamXGQ3Axd4qgphxKB4kw/qP1w5kTxnfU1B9Q==", "dev": true }, - "rxjs": { - "version": "6.5.5", - "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.5.5.tgz", - "integrity": "sha512-WfQI+1gohdf0Dai/Bbmk5L5ItH5tYqm3ki2c5GdWhKjalzjg93N3avFjVStyZZz+A2Em+ZxKH5bNghw9UeylGQ==", - "dev": true, - "requires": { - "tslib": "^1.9.0" - } - }, "safe-buffer": { "version": "5.1.2", "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" }, + "safe-regex": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/safe-regex/-/safe-regex-1.1.0.tgz", + "integrity": "sha1-QKNmnzsHfR6UPURinhV91IAjvy4=", + "dev": true, + "requires": { + "ret": "~0.1.10" + } + }, "safer-buffer": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", @@ -11196,15 +11143,6 @@ "resolved": "https://registry.npmjs.org/tiny-merge-patch/-/tiny-merge-patch-0.1.2.tgz", "integrity": "sha1-Lo3tGcVuoV29OtTtXbHI5a1UTDw=" }, - "tmp": { - "version": "0.0.33", - "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz", - "integrity": "sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw==", - "dev": true, - "requires": { - "os-tmpdir": "~1.0.2" - } - }, "to-fast-properties": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", @@ -11282,12 +11220,6 @@ "integrity": "sha1-n5up2e+odkw4dpi8v+sshI8RrbM=", "dev": true }, - "tslib": { - "version": "1.13.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.13.0.tgz", - "integrity": "sha512-i/6DQjL8Xf3be4K/E6Wgpekn5Qasl1usyw++dAA35Ue5orEn65VIxOA+YvNNl9HV3qv70T7CNwjODHZrLwvd1Q==", - "dev": true - }, "tty-browserify": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/tty-browserify/-/tty-browserify-0.0.1.tgz", @@ -11308,12 +11240,12 @@ "integrity": "sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q=" }, "type-check": { - "version": "0.3.2", - "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz", - "integrity": "sha1-WITKtRLPHTVeP7eE8wgEsrUg23I=", + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", + "integrity": "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==", "dev": true, "requires": { - "prelude-ls": "~1.1.2" + "prelude-ls": "^1.2.1" } }, "type-detect": { diff --git a/package.json b/package.json index 0e0b3669d..1d5d55ff6 100644 --- a/package.json +++ b/package.json @@ -38,8 +38,9 @@ "chai": "^4.2.0", "chai-as-promised": "^7.1.1", "conventional-changelog-conventionalcommits": "^4.2.3", - "eslint": "^6.8.0", + "eslint": "^7.0.0", "eslint-plugin-mocha": "^7.0.1", + "eslint-plugin-security": "^1.4.0", "eslint-plugin-sonarjs": "^0.5.0", "jsdoc-to-markdown": "^5.0.0", "mocha": "^6.1.4", diff --git a/test/models/asyncapi_test.js b/test/models/asyncapi_test.js index b4ef34537..831bfb48b 100644 --- a/test/models/asyncapi_test.js +++ b/test/models/asyncapi_test.js @@ -2,6 +2,7 @@ const { expect } = require('chai'); const AsyncAPIDocument = require('../../lib/models/asyncapi'); const fs = require('fs'); const path = require('path'); + describe('AsyncAPIDocument', function() { describe('assignUidToParameterSchemas()', function() { it('should assign uids to parameters', function() { diff --git a/test/parse_test.js b/test/parse_test.js index e7c49f328..37abad2dd 100644 --- a/test/parse_test.js +++ b/test/parse_test.js @@ -1,4 +1,3 @@ -/* eslint-disable sonarjs/no-duplicate-string */ const { EOL } = require('os'); const chai = require('chai'); const chaiAsPromised = require('chai-as-promised'); From 5333142ef996a0bc23b8960ab7c0126dcc0a9dc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Urba=C5=84czyk?= Date: Mon, 6 Jul 2020 15:54:32 +0200 Subject: [PATCH 2/6] Disable one of warnings by comment --- lib/utils.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/utils.js b/lib/utils.js index 5fb4d08cd..4931d89db 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -167,7 +167,8 @@ utils.createMapOfType = (obj, Type) => { if (!obj) return result; Object.keys(obj).forEach(key => { - result[String(key)] = new Type(obj[String(key)]); + // eslint-disable-next-line security/detect-object-injection + result[key] = new Type(obj[key]); }); return result; From e9f6233c60d9560da179a4482c276efed3a1a892 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Urba=C5=84czyk?= Date: Wed, 8 Jul 2020 12:45:54 +0200 Subject: [PATCH 3/6] After review v1 --- lib/models/asyncapi.js | 6 ++--- lib/models/channel.js | 6 ++--- lib/models/components.js | 16 ++++++------- lib/models/message-traitable.js | 6 ++--- lib/models/operation-traitable.js | 4 ++-- lib/models/schema.js | 10 ++------ lib/models/server.js | 6 ++--- lib/parser.js | 2 -- lib/utils.js | 40 +++++++++++++++---------------- 9 files changed, 44 insertions(+), 52 deletions(-) diff --git a/lib/models/asyncapi.js b/lib/models/asyncapi.js index 74ef4881d..f3f3d73af 100644 --- a/lib/models/asyncapi.js +++ b/lib/models/asyncapi.js @@ -1,4 +1,4 @@ -const { createMapOfType, getMapKeyOfType, addExtensions } = require('../utils'); +const { createMapOfType, getMapValueOfType, addExtensions } = require('../utils'); const Base = require('./base'); const Info = require('./info'); const Server = require('./server'); @@ -67,7 +67,7 @@ class AsyncAPIDocument extends Base { * @returns {Server} */ server(name) { - return getMapKeyOfType(this._json.servers, name, Server); + return getMapValueOfType(this._json.servers, name, Server); } /** @@ -97,7 +97,7 @@ class AsyncAPIDocument extends Base { * @returns {Channel} */ channel(name) { - return getMapKeyOfType(this._json.channels, name, Channel, this); + return getMapValueOfType(this._json.channels, name, Channel, this); } /** diff --git a/lib/models/channel.js b/lib/models/channel.js index 3bd8afb84..d0290e10b 100644 --- a/lib/models/channel.js +++ b/lib/models/channel.js @@ -1,4 +1,4 @@ -const { createMapOfType, getMapKeyOfType, getMapKey, addExtensions } = require('../utils'); +const { createMapOfType, getMapValueOfType, getMapValueByKey, addExtensions } = require('../utils'); const Base = require('./base'); const ChannelParameter = require('./channel-parameter'); const PublishOperation = require('./publish-operation'); @@ -30,7 +30,7 @@ class Channel extends Base { * @returns {ChannelParameter} */ parameter(name) { - return getMapKeyOfType(this._json.parameters, name, ChannelParameter); + return getMapValueOfType(this._json.parameters, name, ChannelParameter); } /** @@ -82,7 +82,7 @@ class Channel extends Base { * @returns {Object} */ binding(name) { - return getMapKey(this._json.bindings, name); + return getMapValueByKey(this._json.bindings, name); } } diff --git a/lib/models/components.js b/lib/models/components.js index 3c5ad6151..3839ea80e 100644 --- a/lib/models/components.js +++ b/lib/models/components.js @@ -1,4 +1,4 @@ -const { getMapKeyOfType, createMapOfType, addExtensions } = require('../utils'); +const { createMapOfType, getMapValueOfType, addExtensions } = require('../utils'); const Base = require('./base'); const Message = require('./message'); const Schema = require('./schema'); @@ -26,7 +26,7 @@ class Components extends Base { * @returns {Message} */ message(name) { - return getMapKeyOfType(this._json.messages, name, Message); + return getMapValueOfType(this._json.messages, name, Message); } /** @@ -40,7 +40,7 @@ class Components extends Base { * @returns {Schema} */ schema(name) { - return getMapKeyOfType(this._json.schemas, name, Schema); + return getMapValueOfType(this._json.schemas, name, Schema); } /** @@ -54,7 +54,7 @@ class Components extends Base { * @returns {SecurityScheme} */ securityScheme(name) { - return getMapKeyOfType(this._json.securitySchemes, name, SecurityScheme); + return getMapValueOfType(this._json.securitySchemes, name, SecurityScheme); } /** @@ -68,7 +68,7 @@ class Components extends Base { * @returns {ChannelParameter} */ parameter(name) { - return getMapKeyOfType(this._json.parameters, name, ChannelParameter); + return getMapValueOfType(this._json.parameters, name, ChannelParameter); } /** @@ -82,7 +82,7 @@ class Components extends Base { * @returns {CorrelationId} */ correlationId(name) { - return getMapKeyOfType(this._json.correlationIds, name, CorrelationId); + return getMapValueOfType(this._json.correlationIds, name, CorrelationId); } /** @@ -96,7 +96,7 @@ class Components extends Base { * @returns {OperationTrait} */ operationTrait(name) { - return getMapKeyOfType(this._json.operationTraits, name, OperationTrait); + return getMapValueOfType(this._json.operationTraits, name, OperationTrait); } /** @@ -110,7 +110,7 @@ class Components extends Base { * @returns {MessageTrait} */ messageTrait(name) { - return getMapKeyOfType(this._json.messageTraits, name, MessageTrait); + return getMapValueOfType(this._json.messageTraits, name, MessageTrait); } } diff --git a/lib/models/message-traitable.js b/lib/models/message-traitable.js index d50bea875..692eb236c 100644 --- a/lib/models/message-traitable.js +++ b/lib/models/message-traitable.js @@ -1,4 +1,4 @@ -const { getMapKeyOfType, getMapKey, addExtensions } = require('../utils'); +const { getMapValueOfType, getMapValueByKey, addExtensions } = require('../utils'); const Base = require('./base'); const Tag = require('./tag'); const ExternalDocs = require('./external-docs'); @@ -26,7 +26,7 @@ class MessageTraitable extends Base { */ header(name) { if (!this._json.headers) return null; - return getMapKeyOfType(this._json.headers.properties, name, Schema); + return getMapValueOfType(this._json.headers.properties, name, Schema); } /** @@ -114,7 +114,7 @@ class MessageTraitable extends Base { * @returns {Object} */ binding(name) { - return getMapKey(this._json.bindings, name); + return getMapValueByKey(this._json.bindings, name); } /** diff --git a/lib/models/operation-traitable.js b/lib/models/operation-traitable.js index 20b0a4473..1c8d4e08b 100644 --- a/lib/models/operation-traitable.js +++ b/lib/models/operation-traitable.js @@ -1,4 +1,4 @@ -const { getMapKey, addExtensions } = require('../utils'); +const { getMapValueByKey, addExtensions } = require('../utils'); const Base = require('./base'); const Tag = require('./tag'); const ExternalDocs = require('./external-docs'); @@ -66,7 +66,7 @@ class OperationTraitable extends Base { * @returns {Object} */ binding(name) { - return getMapKey(this._json.bindings, name); + return getMapValueByKey(this._json.bindings, name); } } diff --git a/lib/models/schema.js b/lib/models/schema.js index 9b7631f8d..f69a97fae 100644 --- a/lib/models/schema.js +++ b/lib/models/schema.js @@ -230,18 +230,12 @@ class Schema extends Base { * @returns {Object} */ dependencies() { - /* eslint-disable security/detect-object-injection */ if (!this._json.dependencies) return null; const result = {}; - Object.keys(this._json.dependencies).forEach(k => { - if (!Array.isArray(this._json.dependencies[k])) { - result[k] = new Schema(this._json.dependencies[k]); - } else { - result[k] = this._json.dependencies[k]; - } + Object.entries(this._json.dependencies).forEach(([key, value]) => { + result[String(key)] = !Array.isArray(value) ? new Schema(value) : value; }); return result; - /* eslint-enabled security/detect-object-injection */ } /** diff --git a/lib/models/server.js b/lib/models/server.js index f45487419..47fe4b3d0 100644 --- a/lib/models/server.js +++ b/lib/models/server.js @@ -1,4 +1,4 @@ -const { getMapKey, createMapOfType, getMapKeyOfType, addExtensions } = require('../utils'); +const { createMapOfType, getMapValueOfType, getMapValueByKey, addExtensions } = require('../utils'); const Base = require('./base'); const ServerVariable = require('./server-variable'); const ServerSecurityRequirement = require('./server-security-requirement'); @@ -50,7 +50,7 @@ class Server extends Base { * @returns {ServerVariable} */ variable(name) { - return getMapKeyOfType(this._json.variables, name, ServerVariable); + return getMapValueOfType(this._json.variables, name, ServerVariable); } /** @@ -80,7 +80,7 @@ class Server extends Base { * @returns {Object} */ binding(name) { - return getMapKey(this._json.bindings, name); + return getMapValueByKey(this._json.bindings, name); } } diff --git a/lib/parser.js b/lib/parser.js index 6974bd414..21fdbfbac 100644 --- a/lib/parser.js +++ b/lib/parser.js @@ -155,7 +155,6 @@ async function customDocumentOperations(js, asyncapiYAMLorJSON, initialFormat, o validateChannelParams(js, asyncapiYAMLorJSON, initialFormat); validateOperationId(js, asyncapiYAMLorJSON, initialFormat, OPERATIONS); - /* eslint-disable security/detect-object-injection */ for (const channelName in js.channels) { const channel = js.channels[channelName]; const convert = OPERATIONS.map(async (opName) => { @@ -174,7 +173,6 @@ async function customDocumentOperations(js, asyncapiYAMLorJSON, initialFormat, o }); await Promise.all(convert); } - /* eslint-enabled security/detect-object-injection */ } async function validateAndConvertMessage(msg, originalAsyncAPIDocument, fileFormat, parsedAsyncAPIDocument, pathToPayload) { diff --git a/lib/utils.js b/lib/utils.js index 4931d89db..c0d5ace5a 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -69,16 +69,21 @@ const findLocationOf = (keys, ast, initialFormat) => { }; }; -/* eslint-disable security/detect-object-injection */ const traverse = function (o, fn, scope = []) { - for (const i in o) { - fn.apply(this, [i, o[i], scope]); - if (o[i] !== null && typeof o[i] === 'object') { - traverse(o[i], fn, scope.concat(i)); + Object.entries(o).forEach(([key,value]) => { + fn.apply(this, [key, value, scope]); + if (value !== null && typeof value === 'object') { + traverse(value, fn, scope.concat(key)); } - } + }); +}; + +const getMapValue = (obj, key, Type) => { + if (typeof key !== 'string' || !obj) return null; + const v = obj[String(key)]; + if (v === undefined) return null; + return Type ? new Type(v) : v; }; -/* eslint-enable security/detect-object-injection */ utils.tilde = (str) => { return str.replace(/[~\/]{1}/g, (m) => { @@ -166,32 +171,27 @@ utils.createMapOfType = (obj, Type) => { const result = {}; if (!obj) return result; - Object.keys(obj).forEach(key => { - // eslint-disable-next-line security/detect-object-injection - result[key] = new Type(obj[key]); + Object.entries(obj).forEach(([key, value]) => { + result[String(key)] = new Type(value); }); return result; }; -utils.getMapKeyOfType = (obj, key, Type) => { - if (typeof key !== 'string' || !obj) return null; - const v = obj[String(key)]; - if (v === undefined) return null; - return Type ? new Type(v) : v; +utils.getMapValueOfType = (obj, key, Type) => { + return getMapValue(obj, key, Type); }; -utils.getMapKey = (obj, key) => { - return utils.getMapKeyOfType(obj, key); +utils.getMapValueByKey = (obj, key) => { + return getMapValue(obj, key); }; utils.addExtensions = (obj) => { obj.prototype.extensions = function () { const result = {}; - Object.keys(this._json).forEach(key => { + Object.entries(this._json).forEach(([key, value]) => { if ((/^x-[\w\d\.\-\_]+$/).test(key)) { - // eslint-disable-next-line security/detect-object-injection - result[key] = this._json[key]; + result[String(key)] = value; } }); return result; From ca033fff99df4f440eb4a345ad85434313969ae4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Urba=C5=84czyk?= Date: Wed, 8 Jul 2020 13:38:41 +0200 Subject: [PATCH 4/6] After review v2 --- lib/parser.js | 20 ++++++++++---------- lib/utils.js | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/lib/parser.js b/lib/parser.js index 21fdbfbac..86ac64bf1 100644 --- a/lib/parser.js +++ b/lib/parser.js @@ -155,10 +155,10 @@ async function customDocumentOperations(js, asyncapiYAMLorJSON, initialFormat, o validateChannelParams(js, asyncapiYAMLorJSON, initialFormat); validateOperationId(js, asyncapiYAMLorJSON, initialFormat, OPERATIONS); - for (const channelName in js.channels) { - const channel = js.channels[channelName]; - const convert = OPERATIONS.map(async (opName) => { - const op = channel[opName]; + const promisesArray = []; + Object.entries(js.channels).forEach(([_, channel]) => { + promisesArray.push(...OPERATIONS.map(async (opName) => { + const op = channel[String(opName)]; if (op) { const messages = op.message ? (op.message.oneOf || [op.message]) : []; const pathToPayload = `/channels/${ channelName }/${ opName }/message/payload`; @@ -170,15 +170,15 @@ async function customDocumentOperations(js, asyncapiYAMLorJSON, initialFormat, o await validateAndConvertMessage(m, asyncapiYAMLorJSON, initialFormat, js, pathToPayload); } } - }); - await Promise.all(convert); - } + })); + }); + await Promise.all(promisesArray); } async function validateAndConvertMessage(msg, originalAsyncAPIDocument, fileFormat, parsedAsyncAPIDocument, pathToPayload) { const schemaFormat = msg.schemaFormat || DEFAULT_SCHEMA_FORMAT; - await PARSERS[schemaFormat]({ + await PARSERS[String(schemaFormat)]({ schemaFormat, message: msg, defaultSchemaFormat: DEFAULT_SCHEMA_FORMAT, @@ -208,7 +208,7 @@ function registerSchemaParser(parserModule) { }); parserModule.getMimeTypes().forEach((schemaFormat) => { - PARSERS[schemaFormat] = parserModule.parse; + PARSERS[String(schemaFormat)] = parserModule.parse; }); } @@ -216,7 +216,7 @@ function applyTraits(js) { if (Array.isArray(js.traits)) { for (const trait of js.traits) { for (const key in trait) { - js[key] = mergePatch(js[key], trait[key]); + js[String(key)] = mergePatch(js[String(key)], trait[String(key)]); } } diff --git a/lib/utils.js b/lib/utils.js index c0d5ace5a..04c4a66f9 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -50,7 +50,7 @@ const findLocationOf = (keys, ast, initialFormat) => { let info; if (initialFormat === 'yaml') { // disable eslint because loc is a Symbol - // eslint-disable-line security/detect-object-injection + // eslint-disable-next-line security/detect-object-injection info = node[loc]; } else if (initialFormat === 'json') { info = node.loc; From dc45451e9af05615dff56c2a484ae9d71dfa1702 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Urba=C5=84czyk?= Date: Wed, 8 Jul 2020 14:22:35 +0200 Subject: [PATCH 5/6] After review v3 --- lib/parser.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/parser.js b/lib/parser.js index 86ac64bf1..23be05f7d 100644 --- a/lib/parser.js +++ b/lib/parser.js @@ -156,7 +156,7 @@ async function customDocumentOperations(js, asyncapiYAMLorJSON, initialFormat, o validateOperationId(js, asyncapiYAMLorJSON, initialFormat, OPERATIONS); const promisesArray = []; - Object.entries(js.channels).forEach(([_, channel]) => { + Object.values(js.channels).forEach(channel => { promisesArray.push(...OPERATIONS.map(async (opName) => { const op = channel[String(opName)]; if (op) { From 3032815cc88ed6123adeaacc4e3ce8cb98402832 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Urba=C5=84czyk?= Date: Thu, 9 Jul 2020 16:37:25 +0200 Subject: [PATCH 6/6] After rebase --- lib/customValidators.js | 2 +- lib/parser.js | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/customValidators.js b/lib/customValidators.js index 8333c714b..925930428 100644 --- a/lib/customValidators.js +++ b/lib/customValidators.js @@ -116,7 +116,7 @@ function validateOperationId(parsedJSON, asyncapiYAMLorJSON, initialFormat, oper chnlsMap.forEach((chnlObj,chnlName) => { operations.forEach(opName => { - const op = chnlObj[opName]; + const op = chnlObj[String(opName)]; if (op) addDuplicateToMap(op, chnlName, opName); }); }); diff --git a/lib/parser.js b/lib/parser.js index 23be05f7d..9ef43fab4 100644 --- a/lib/parser.js +++ b/lib/parser.js @@ -156,16 +156,16 @@ async function customDocumentOperations(js, asyncapiYAMLorJSON, initialFormat, o validateOperationId(js, asyncapiYAMLorJSON, initialFormat, OPERATIONS); const promisesArray = []; - Object.values(js.channels).forEach(channel => { + Object.entries(js.channels).forEach(([channelName, channel]) => { promisesArray.push(...OPERATIONS.map(async (opName) => { const op = channel[String(opName)]; if (op) { const messages = op.message ? (op.message.oneOf || [op.message]) : []; - const pathToPayload = `/channels/${ channelName }/${ opName }/message/payload`; if (options.applyTraits) { applyTraits(op); messages.forEach(m => applyTraits(m)); } + const pathToPayload = `/channels/${channelName}/${opName}/message/payload`; for (const m of messages) { await validateAndConvertMessage(m, asyncapiYAMLorJSON, initialFormat, js, pathToPayload); }