-
-
Notifications
You must be signed in to change notification settings - Fork 40
/
no_eval_descriptions.go
81 lines (64 loc) · 2.24 KB
/
no_eval_descriptions.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
// Copyright 2022 Dave Shanley / Quobix
// SPDX-License-Identifier: MIT
package openapi
import (
"fmt"
"github.com/daveshanley/vacuum/model"
vacuumUtils "github.com/daveshanley/vacuum/utils"
"github.com/pb33f/libopenapi/utils"
"gopkg.in/yaml.v3"
)
// NoEvalInDescriptions will check if a description contains potentially malicious javascript
type NoEvalInDescriptions struct {
}
// GetSchema returns a model.RuleFunctionSchema defining the schema of the NoEvalInDescriptions rule.
func (ne NoEvalInDescriptions) GetSchema() model.RuleFunctionSchema {
return model.RuleFunctionSchema{
Name: "noEvalDescription",
Required: []string{"pattern"},
MinProperties: 1,
Properties: []model.RuleFunctionProperty{
{
Name: "pattern",
Description: "Regular expression to match against the description content. ",
},
},
ErrorMessage: "'noEvalDescription' function has invalid options supplied. Set the 'pattern' property to a valid regular expression",
}
}
// GetCategory returns the category of the NoEvalInDescriptions rule.
func (ne NoEvalInDescriptions) GetCategory() string {
return model.FunctionCategoryOpenAPI
}
// RunRule will execute the NoEvalInDescriptions rule, based on supplied context and a supplied []*yaml.Node slice.
func (ne NoEvalInDescriptions) RunRule(nodes []*yaml.Node, context model.RuleFunctionContext) []model.RuleFunctionResult {
if len(nodes) <= 0 {
return nil
}
var results []model.RuleFunctionResult
// check supplied type
props := utils.ConvertInterfaceIntoStringMap(context.Options)
pattern := props["pattern"]
descriptions := context.Index.GetAllDescriptions()
compiledRegex := context.Rule.PrecompiledPattern
if compiledRegex == nil {
compiledRegex = model.CompileRegex(context, pattern, &results)
if compiledRegex == nil {
return results
}
}
for _, desc := range descriptions {
if compiledRegex.MatchString(desc.Content) {
startNode := desc.Node
endNode := desc.Node
results = append(results, model.RuleFunctionResult{
Message: fmt.Sprintf("description contains content with `%s`, forbidden", pattern),
StartNode: startNode,
EndNode: vacuumUtils.BuildEndNode(endNode),
Path: desc.Path,
Rule: context.Rule,
})
}
}
return results
}