Skip to content

Commit

Permalink
feat(linter): linter HTTP URLs in config (closes #814)
Browse files Browse the repository at this point in the history 
 * add findHTTPProps() method to linter
 * add logic to run() method re: findHTTPProps
 * style(linter-spec): fix typo
  • Loading branch information
@marcoscaceres
marcoscaceres committed Jul 13, 2016
1 parent faaf1d3 commit a501b31
Show file tree
Hide file tree
Showing 2 changed files with 120 additions and 4 deletions.
35 changes: 32 additions & 3 deletions js/w3c/linter.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,21 +21,50 @@ define(["core/pubsubhub"], function(pubsubhub) {
});
}

function findHTTPProps(conf, base) {
return Object.getOwnPropertyNames(conf)
.filter(function(key) {
return key.endsWith("URI") || key === "prevED";
})
.filter(function(key) {
return new URL(conf[key], base).href.startsWith("http://");
});
}

return {
run: function(conf, doc, cb) {
if (!conf.lint) {
if (!conf.lint || conf.status === "unofficial") {
return cb();
}
var warnings = [];
var warn = "";

// Warn if no privacy and/or security considerations section
if (!hasPriSecConsiderations(doc)) {
var warn = "This specification doesn't appear to have any 'Privacy' " +
warn = "This specification doesn't appear to have any 'Privacy' " +
" or 'Security' considerations sections. Please consider adding one" +
", see https://w3ctag.github.io/security-questionnaire/";
pubsubhub.pub("warning", warn);
warnings.push(warn);
}

// Warn about HTTP URLs used in respecConfig
var httpURLs = findHTTPProps(conf, doc.location.href);
if (httpURLs.length) {
warn = "There are insecure URLs in your respecConfig! Please change " +
"the following properties to use 'https://': " + httpURLs.join(", ") + ".";
warnings.push(warn);
}

// Publish warnings
warnings.map(function(warn) {
pubsubhub.pub("warning", warn);
});

cb();
},
// Convenience methods, for quickly testing rules.
rules: {
"findHTTPProps": findHTTPProps,
"hasPriSecConsiderations": hasPriSecConsiderations,
},
};
Expand Down
89 changes: 88 additions & 1 deletion tests/spec/w3c/linter-spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ describe("W3C - Linter", function() {
doc.body.appendChild(elem);
expect(linter.rules.hasPriSecConsiderations(doc)).toEqual(true);
});
it("finds privacy and security considerations sections, irrispective of order", function() {
it("finds privacy and security considerations sections, irrespective of order", function() {
var doc = document.implementation.createHTMLDocument("test doc");
expect(linter.rules.hasPriSecConsiderations(doc)).toEqual(false);
var elem = doc.createElement("h2");
Expand Down Expand Up @@ -78,4 +78,91 @@ describe("W3C - Linter", function() {
elem.innerHTML = "privacy considerations security";
});
});
describe("findHTTPProps", function() {
it("checks any prop ending with 'URI' (case sensitive)", function() {
var conf = {
"FAIL_uri": "http://fail",
"failURIfail": "http://fail",
"URI": "http://pass",
"charterDisclosureURI": "http://pass",
"URI_FAIL": "http://fail",
"uri_FAIL": "http://fail",
};
var props = linter.rules.findHTTPProps(conf, document.location.href);
expect(props).toEqual(jasmine.arrayContaining(["URI", "charterDisclosureURI"]));
conf.charterDisclosureURI = "https://valid";
conf.URI = "https://valid";
props = linter.rules.findHTTPProps(conf, document.location.href);
expect(props.length).toEqual(0);
});
it("checks for prevED, as special case", function() {
var conf = {
"FAIL_uri": "http://fail",
"failURIfail": "http://fail",
"prevED": "http://pass",
"charterDisclosureURI": "http://pass",
"URI_FAIL": "http://fail",
};
var props = linter.rules.findHTTPProps(conf, document.location.href);
expect(props).toEqual(jasmine.arrayContaining(["prevED", "charterDisclosureURI"]));
conf.prevED = "https://valid-now";
props = linter.rules.findHTTPProps(conf, document.location.href);
expect(props).toEqual(jasmine.arrayContaining(["charterDisclosureURI"]));
});
it("flags well-known props as invalid, when invalid URLs are present", function() {
var conf = {
charterDisclosureURI: "http://invalid",
edDraftURI: "http://invalid",
implementationReportURI: "http://invalid",
previousDiffURI: "http://invalid",
previousMaturityURI: "http://invalid",
previousURI: "http://invalid",
prevRecURI: "http://invalid",
testSuiteURI: "http://invalid",
wgPatentURI: "http://invalid",
wgURI: "http://invalid",
};
var props = linter.rules.findHTTPProps(conf, document.location.href);
expect(props).toEqual(jasmine.arrayContaining([
"charterDisclosureURI",
"edDraftURI",
"implementationReportURI",
"previousDiffURI",
"previousMaturityURI",
"previousURI",
"prevRecURI",
"testSuiteURI",
"wgPatentURI",
"wgURI",
]));
});
it("ignores well-known URIs when they are valid", function() {
var conf = {
charterDisclosureURI: "https://valid.com",
edDraftURI: "https://valid.net",
implementationReportURI: "https://valid.org",
previousDiffURI: "https://valid.net",
previousMaturityURI: "https://valid.org",
previousURI: "https://valid.com",
prevRecURI: "https://valid.example",
testSuiteURI: "https://valid.baz",
wgPatentURI: "https://valid.bar",
wgURI: "https://valid.com",
};
var props = linter.rules.findHTTPProps(conf, document.location.href);
expect(props.length).toEqual(0);
});
it("lints URLs by resolving them as real URLs", function() {
var conf = {
"someRelativeURI": "./foo/bar",
"somePathURI": "/foo/bar",
"someControlURI": "https://valid",
};
var props = linter.rules.findHTTPProps(conf, "http://invalid");
expect(props).toEqual(jasmine.arrayContaining(["someRelativeURI", "somePathURI"]));
conf.someControlURI = "http://invalid";
props = linter.rules.findHTTPProps(conf, "http://valid");
expect(props).toEqual(jasmine.arrayContaining(["someControlURI"]));
});
});
});

0 comments on commit a501b31

Please sign in to comment.