From 480844ac985b7bd04129e8a5c62df0b01296578f Mon Sep 17 00:00:00 2001 From: gatsby003 Date: Thu, 24 Jul 2025 14:43:32 +0530 Subject: [PATCH] add new ts rules --- .gitignore | 1 + .../security/argon2-weak-type-typescript.yml | 59 +++++++++++++ .../security/avoid-crypto-rc4-typescript.yml | 42 +++++++++ .../security/avoid-crypto-sha1-typescript.yml | 34 ++++++++ .../security/avoid-des-typescript.yml | 42 +++++++++ .../security/chmod-permissions-typescript.yml | 35 ++++++++ .../argon2-weak-type-typescript-snapshot.yml | 50 +++++++++++ .../avoid-crypto-rc4-typescript-snapshot.yml | 30 +++++++ .../avoid-crypto-sha1-typescript-snapshot.yml | 24 ++++++ .../avoid-des-typescript-snapshot.yml | 32 +++++++ .../chmod-permissions-typescript-snapshot.yml | 29 +++++++ .../debug-enabled-python-snapshot.yml | 47 ++++++++++ .../argon2-weak-type-typescript-test.yml | 9 ++ .../avoid-crypto-rc4-typescript-test.yml | 9 ++ .../avoid-crypto-sha1-typescript-test.yml | 8 ++ .../typescript/avoid-des-typescript-test.yml | 11 +++ .../chmod-permissions-typescript-test.yml | 15 ++++ ...detect-angular-sce-disabled-typescript.yml | 11 --- ...ssion-hardcoded-secret-typescript-test.yml | 21 ----- .../jwt-simple-noverify-typecript-test.yml | 86 ------------------- .../node-rsa-weak-key-typescript-test.yml | 24 ------ ...mpty-password-argument-typescript-test.yml | 34 -------- ...dcoded-secret-argument-typescript-test.yml | 26 ------ 23 files changed, 477 insertions(+), 202 deletions(-) create mode 100644 rules/typescript/security/argon2-weak-type-typescript.yml create mode 100644 rules/typescript/security/avoid-crypto-rc4-typescript.yml create mode 100644 rules/typescript/security/avoid-crypto-sha1-typescript.yml create mode 100644 rules/typescript/security/avoid-des-typescript.yml create mode 100644 rules/typescript/security/chmod-permissions-typescript.yml create mode 100644 tests/__snapshots__/argon2-weak-type-typescript-snapshot.yml create mode 100644 tests/__snapshots__/avoid-crypto-rc4-typescript-snapshot.yml create mode 100644 tests/__snapshots__/avoid-crypto-sha1-typescript-snapshot.yml create mode 100644 tests/__snapshots__/avoid-des-typescript-snapshot.yml create mode 100644 tests/__snapshots__/chmod-permissions-typescript-snapshot.yml create mode 100644 tests/python/__snapshots__/debug-enabled-python-snapshot.yml create mode 100644 tests/typescript/argon2-weak-type-typescript-test.yml create mode 100644 tests/typescript/avoid-crypto-rc4-typescript-test.yml create mode 100644 tests/typescript/avoid-crypto-sha1-typescript-test.yml create mode 100644 tests/typescript/avoid-des-typescript-test.yml create mode 100644 tests/typescript/chmod-permissions-typescript-test.yml delete mode 100644 tests/typescript/detect-angular-sce-disabled-typescript.yml delete mode 100644 tests/typescript/express-session-hardcoded-secret-typescript-test.yml delete mode 100644 tests/typescript/jwt-simple-noverify-typecript-test.yml delete mode 100644 tests/typescript/node-rsa-weak-key-typescript-test.yml delete mode 100644 tests/typescript/node-sequelize-empty-password-argument-typescript-test.yml delete mode 100644 tests/typescript/node-sequelize-hardcoded-secret-argument-typescript-test.yml diff --git a/.gitignore b/.gitignore index 8b290246..b794bc66 100644 --- a/.gitignore +++ b/.gitignore @@ -197,3 +197,4 @@ cscope.in.out cscope.po.out # End of https://www.toptal.com/developers/gitignore/api/node,tags,macos +.claude diff --git a/rules/typescript/security/argon2-weak-type-typescript.yml b/rules/typescript/security/argon2-weak-type-typescript.yml new file mode 100644 index 00000000..46e08f37 --- /dev/null +++ b/rules/typescript/security/argon2-weak-type-typescript.yml @@ -0,0 +1,59 @@ +id: argon2-weak-type-typescript +severity: error +language: typescript +message: >- + Use secure encryption types when using `argon2`. Avoid using weak argon2 types + like argon2i or argon2d. Use argon2id instead for better security. +note: >- + [CWE-327] Use of a Broken or Risky Cryptographic Algorithm. + [REFERENCES] + - https://github.com/ranisalt/node-argon2/wiki/Options#type +ast-grep-essentials: true +utils: + MATCH_ARGON2_WEAK_TYPE: + kind: call_expression + all: + - has: + stopBy: neighbor + kind: member_expression + all: + - has: + stopBy: neighbor + kind: identifier + regex: "^argon2$" + - has: + stopBy: neighbor + kind: property_identifier + regex: "^hash$" + - has: + stopBy: neighbor + kind: arguments + has: + stopBy: neighbor + kind: object + has: + stopBy: neighbor + kind: pair + all: + - has: + stopBy: neighbor + kind: property_identifier + regex: "^type$" + - has: + stopBy: neighbor + kind: member_expression + all: + - has: + stopBy: neighbor + kind: identifier + regex: "^argon2$" + - has: + stopBy: neighbor + kind: property_identifier + any: + - regex: "^argon2i$" + - regex: "^argon2d$" +rule: + kind: call_expression + any: + - matches: MATCH_ARGON2_WEAK_TYPE \ No newline at end of file diff --git a/rules/typescript/security/avoid-crypto-rc4-typescript.yml b/rules/typescript/security/avoid-crypto-rc4-typescript.yml new file mode 100644 index 00000000..a0ae4b0d --- /dev/null +++ b/rules/typescript/security/avoid-crypto-rc4-typescript.yml @@ -0,0 +1,42 @@ +id: avoid-crypto-rc4-typescript +severity: warning +language: typescript +message: >- + Avoid RC4 encryption. Use of the RC4 security protocol exposes your + application to vulnerabilities. Consider using stronger encryption algorithms. +note: >- + [CWE-328] Use of Weak Hash. + [REFERENCES] + - https://cryptojs.gitbook.io/docs/#ciphers +ast-grep-essentials: true +utils: + MATCH_RC4_USAGE: + kind: call_expression + has: + stopBy: neighbor + kind: member_expression + all: + - has: + stopBy: neighbor + kind: member_expression + all: + - has: + stopBy: neighbor + kind: identifier + regex: "^CryptoJS$" + - has: + stopBy: neighbor + kind: property_identifier + any: + - regex: "^RC4$" + - regex: "^RC4Drop$" + - has: + stopBy: neighbor + kind: property_identifier + any: + - regex: "^encrypt$" + - regex: "^decrypt$" +rule: + kind: call_expression + any: + - matches: MATCH_RC4_USAGE \ No newline at end of file diff --git a/rules/typescript/security/avoid-crypto-sha1-typescript.yml b/rules/typescript/security/avoid-crypto-sha1-typescript.yml new file mode 100644 index 00000000..07ebbb06 --- /dev/null +++ b/rules/typescript/security/avoid-crypto-sha1-typescript.yml @@ -0,0 +1,34 @@ +id: avoid-crypto-sha1-typescript +severity: warning +language: typescript +message: >- + Avoid SHA1 security protocol. Use of insecure encryption or hashing protocols + expose your application to vulnerabilities. Use stronger hashing algorithms like SHA-256. +note: >- + [CWE-328] Use of Weak Hash. + [REFERENCES] + - https://cryptojs.gitbook.io/docs/#hmac +ast-grep-essentials: true +utils: + MATCH_SHA1_USAGE: + kind: call_expression + all: + - has: + stopBy: neighbor + kind: member_expression + all: + - has: + stopBy: neighbor + kind: identifier + regex: "^CryptoJS$" + - has: + stopBy: neighbor + kind: property_identifier + regex: "^HmacSHA1$" + - has: + stopBy: neighbor + kind: arguments +rule: + kind: call_expression + any: + - matches: MATCH_SHA1_USAGE \ No newline at end of file diff --git a/rules/typescript/security/avoid-des-typescript.yml b/rules/typescript/security/avoid-des-typescript.yml new file mode 100644 index 00000000..50d6abcf --- /dev/null +++ b/rules/typescript/security/avoid-des-typescript.yml @@ -0,0 +1,42 @@ +id: avoid-des-typescript +severity: warning +language: typescript +message: >- + Do not use DES or TripleDES, this is a weak security protocol. Use stronger + encryption algorithms like AES instead. +note: >- + [CWE-328] Use of Weak Hash. + [REFERENCES] + - https://cryptojs.gitbook.io/docs/#ciphers +ast-grep-essentials: true +utils: + MATCH_DES_USAGE: + kind: call_expression + has: + stopBy: neighbor + kind: member_expression + all: + - has: + stopBy: neighbor + kind: member_expression + all: + - has: + stopBy: neighbor + kind: identifier + regex: "^CryptoJS$" + - has: + stopBy: neighbor + kind: property_identifier + any: + - regex: "^DES$" + - regex: "^TripleDES$" + - has: + stopBy: neighbor + kind: property_identifier + any: + - regex: "^encrypt$" + - regex: "^decrypt$" +rule: + kind: call_expression + any: + - matches: MATCH_DES_USAGE \ No newline at end of file diff --git a/rules/typescript/security/chmod-permissions-typescript.yml b/rules/typescript/security/chmod-permissions-typescript.yml new file mode 100644 index 00000000..e5ec2668 --- /dev/null +++ b/rules/typescript/security/chmod-permissions-typescript.yml @@ -0,0 +1,35 @@ +id: chmod-permissions-typescript +severity: warning +language: typescript +message: >- + Do not give 777 permissions to a file. Always make sure you restrict the + permissions of your application files. Applications should not allow write + and execution for other users. +note: >- + [CWE-732] Incorrect Permission Assignment for Critical Resource. +ast-grep-essentials: true +utils: + MATCH_CHMOD_777: + kind: call_expression + all: + - has: + stopBy: neighbor + kind: member_expression + has: + stopBy: neighbor + kind: property_identifier + any: + - regex: "^chmod$" + - regex: "^chmodSync$" + - has: + stopBy: neighbor + kind: arguments + all: + - has: + stopBy: neighbor + kind: number + regex: "^0o777$" +rule: + kind: call_expression + any: + - matches: MATCH_CHMOD_777 \ No newline at end of file diff --git a/tests/__snapshots__/argon2-weak-type-typescript-snapshot.yml b/tests/__snapshots__/argon2-weak-type-typescript-snapshot.yml new file mode 100644 index 00000000..3f3ec4e2 --- /dev/null +++ b/tests/__snapshots__/argon2-weak-type-typescript-snapshot.yml @@ -0,0 +1,50 @@ +id: argon2-weak-type-typescript +snapshots: + ? |- + await argon2.hash('password', {type: argon2.argon2d}) + await argon2.hash('password', {type: argon2.argon2i}) + : labels: + - source: 'argon2.hash(''password'', {type: argon2.argon2d})' + style: primary + start: 6 + end: 53 + - source: argon2 + style: secondary + start: 6 + end: 12 + - source: hash + style: secondary + start: 13 + end: 17 + - source: argon2.hash + style: secondary + start: 6 + end: 17 + - source: type + style: secondary + start: 31 + end: 35 + - source: argon2 + style: secondary + start: 37 + end: 43 + - source: argon2d + style: secondary + start: 44 + end: 51 + - source: argon2.argon2d + style: secondary + start: 37 + end: 51 + - source: 'type: argon2.argon2d' + style: secondary + start: 31 + end: 51 + - source: '{type: argon2.argon2d}' + style: secondary + start: 30 + end: 52 + - source: '(''password'', {type: argon2.argon2d})' + style: secondary + start: 17 + end: 53 diff --git a/tests/__snapshots__/avoid-crypto-rc4-typescript-snapshot.yml b/tests/__snapshots__/avoid-crypto-rc4-typescript-snapshot.yml new file mode 100644 index 00000000..43bd093a --- /dev/null +++ b/tests/__snapshots__/avoid-crypto-rc4-typescript-snapshot.yml @@ -0,0 +1,30 @@ +id: avoid-crypto-rc4-typescript +snapshots: + ? |- + const encrypted = CryptoJS.RC4.encrypt("Message", "Secret Passphrase"); + const decrypted = CryptoJS.RC4.decrypt(encrypted, "Secret Passphrase"); + : labels: + - source: CryptoJS.RC4.encrypt("Message", "Secret Passphrase") + style: primary + start: 18 + end: 70 + - source: CryptoJS + style: secondary + start: 18 + end: 26 + - source: RC4 + style: secondary + start: 27 + end: 30 + - source: CryptoJS.RC4 + style: secondary + start: 18 + end: 30 + - source: encrypt + style: secondary + start: 31 + end: 38 + - source: CryptoJS.RC4.encrypt + style: secondary + start: 18 + end: 38 diff --git a/tests/__snapshots__/avoid-crypto-sha1-typescript-snapshot.yml b/tests/__snapshots__/avoid-crypto-sha1-typescript-snapshot.yml new file mode 100644 index 00000000..0522d7c6 --- /dev/null +++ b/tests/__snapshots__/avoid-crypto-sha1-typescript-snapshot.yml @@ -0,0 +1,24 @@ +id: avoid-crypto-sha1-typescript +snapshots: + const hash = CryptoJS.HmacSHA1("Message", "Secret Passphrase");: + labels: + - source: CryptoJS.HmacSHA1("Message", "Secret Passphrase") + style: primary + start: 13 + end: 62 + - source: CryptoJS + style: secondary + start: 13 + end: 21 + - source: HmacSHA1 + style: secondary + start: 22 + end: 30 + - source: CryptoJS.HmacSHA1 + style: secondary + start: 13 + end: 30 + - source: ("Message", "Secret Passphrase") + style: secondary + start: 30 + end: 62 diff --git a/tests/__snapshots__/avoid-des-typescript-snapshot.yml b/tests/__snapshots__/avoid-des-typescript-snapshot.yml new file mode 100644 index 00000000..8f075791 --- /dev/null +++ b/tests/__snapshots__/avoid-des-typescript-snapshot.yml @@ -0,0 +1,32 @@ +id: avoid-des-typescript +snapshots: + ? |- + const encrypted = CryptoJS.DES.encrypt("Message", "Secret Passphrase"); + const decrypted = CryptoJS.DES.decrypt(encrypted, "Secret Passphrase"); + const encrypted = CryptoJS.TripleDES.encrypt("Message", "Secret Passphrase"); + const decrypted = CryptoJS.TripleDES.decrypt(encrypted, "Secret Passphrase"); + : labels: + - source: CryptoJS.DES.encrypt("Message", "Secret Passphrase") + style: primary + start: 18 + end: 70 + - source: CryptoJS + style: secondary + start: 18 + end: 26 + - source: DES + style: secondary + start: 27 + end: 30 + - source: CryptoJS.DES + style: secondary + start: 18 + end: 30 + - source: encrypt + style: secondary + start: 31 + end: 38 + - source: CryptoJS.DES.encrypt + style: secondary + start: 18 + end: 38 diff --git a/tests/__snapshots__/chmod-permissions-typescript-snapshot.yml b/tests/__snapshots__/chmod-permissions-typescript-snapshot.yml new file mode 100644 index 00000000..feacc06b --- /dev/null +++ b/tests/__snapshots__/chmod-permissions-typescript-snapshot.yml @@ -0,0 +1,29 @@ +id: chmod-permissions-typescript +snapshots: + ? |- + const fs = require('fs'); + const fsPromises = fs.promises; + + fs.chmodSync("/tmp/myfile", 0o777); + fsPromises.chmod("/tmp/fsPromises", 0o777); + : labels: + - source: fs.chmodSync("/tmp/myfile", 0o777) + style: primary + start: 59 + end: 93 + - source: chmodSync + style: secondary + start: 62 + end: 71 + - source: fs.chmodSync + style: secondary + start: 59 + end: 71 + - source: '0o777' + style: secondary + start: 87 + end: 92 + - source: ("/tmp/myfile", 0o777) + style: secondary + start: 71 + end: 93 diff --git a/tests/python/__snapshots__/debug-enabled-python-snapshot.yml b/tests/python/__snapshots__/debug-enabled-python-snapshot.yml new file mode 100644 index 00000000..6e09f677 --- /dev/null +++ b/tests/python/__snapshots__/debug-enabled-python-snapshot.yml @@ -0,0 +1,47 @@ +id: debug-enabled-python +snapshots: + ? |- + from flask import Flask + if __name__ == "__main__": + app.run("0.0.0.0", debug=True) + : labels: + - source: app.run("0.0.0.0", debug=True) + style: primary + start: 51 + end: 81 + - source: app + style: secondary + start: 51 + end: 54 + - source: run + style: secondary + start: 55 + end: 58 + - source: app.run + style: secondary + start: 51 + end: 58 + - source: debug=True + style: secondary + start: 70 + end: 80 + - source: ("0.0.0.0", debug=True) + style: secondary + start: 58 + end: 81 + - source: Flask + style: secondary + start: 18 + end: 23 + - source: Flask + style: secondary + start: 18 + end: 23 + - source: from flask import Flask + style: secondary + start: 0 + end: 23 + - source: app.run("0.0.0.0", debug=True) + style: secondary + start: 51 + end: 81 diff --git a/tests/typescript/argon2-weak-type-typescript-test.yml b/tests/typescript/argon2-weak-type-typescript-test.yml new file mode 100644 index 00000000..c6ebdf5f --- /dev/null +++ b/tests/typescript/argon2-weak-type-typescript-test.yml @@ -0,0 +1,9 @@ +id: argon2-weak-type-typescript +valid: + - | + await argon2.hash('password', {type: argon2.argon2id}) + await argon2.hash('password', {}) +invalid: + - | + await argon2.hash('password', {type: argon2.argon2d}) + await argon2.hash('password', {type: argon2.argon2i}) \ No newline at end of file diff --git a/tests/typescript/avoid-crypto-rc4-typescript-test.yml b/tests/typescript/avoid-crypto-rc4-typescript-test.yml new file mode 100644 index 00000000..f0c2ae13 --- /dev/null +++ b/tests/typescript/avoid-crypto-rc4-typescript-test.yml @@ -0,0 +1,9 @@ +id: avoid-crypto-rc4-typescript +valid: + - | + const encrypted = CryptoJS.AES.encrypt("Message", "Secret Passphrase"); + const decrypted = CryptoJS.AES.decrypt(encrypted, "Secret Passphrase"); +invalid: + - | + const encrypted = CryptoJS.RC4.encrypt("Message", "Secret Passphrase"); + const decrypted = CryptoJS.RC4.decrypt(encrypted, "Secret Passphrase"); \ No newline at end of file diff --git a/tests/typescript/avoid-crypto-sha1-typescript-test.yml b/tests/typescript/avoid-crypto-sha1-typescript-test.yml new file mode 100644 index 00000000..ea1cbf49 --- /dev/null +++ b/tests/typescript/avoid-crypto-sha1-typescript-test.yml @@ -0,0 +1,8 @@ +id: avoid-crypto-sha1-typescript +valid: + - | + const hash = CryptoJS.HmacSHA256("Message", "Secret Passphrase"); + const hash = CryptoJS.SHA256("Message"); +invalid: + - | + const hash = CryptoJS.HmacSHA1("Message", "Secret Passphrase"); \ No newline at end of file diff --git a/tests/typescript/avoid-des-typescript-test.yml b/tests/typescript/avoid-des-typescript-test.yml new file mode 100644 index 00000000..2f592769 --- /dev/null +++ b/tests/typescript/avoid-des-typescript-test.yml @@ -0,0 +1,11 @@ +id: avoid-des-typescript +valid: + - | + const encrypted = CryptoJS.AES.encrypt("Message", "Secret Passphrase"); + const decrypted = CryptoJS.AES.decrypt(encrypted, "Secret Passphrase"); +invalid: + - | + const encrypted = CryptoJS.DES.encrypt("Message", "Secret Passphrase"); + const decrypted = CryptoJS.DES.decrypt(encrypted, "Secret Passphrase"); + const encrypted = CryptoJS.TripleDES.encrypt("Message", "Secret Passphrase"); + const decrypted = CryptoJS.TripleDES.decrypt(encrypted, "Secret Passphrase"); \ No newline at end of file diff --git a/tests/typescript/chmod-permissions-typescript-test.yml b/tests/typescript/chmod-permissions-typescript-test.yml new file mode 100644 index 00000000..17607a87 --- /dev/null +++ b/tests/typescript/chmod-permissions-typescript-test.yml @@ -0,0 +1,15 @@ +id: chmod-permissions-typescript +valid: + - | + const fs = require('fs'); + const fsPromises = fs.promises; + + fs.chmodSync(myPath, 0o770); + fsPromises.chmod("/tmp/fsPromises", 0o770); +invalid: + - | + const fs = require('fs'); + const fsPromises = fs.promises; + + fs.chmodSync("/tmp/myfile", 0o777); + fsPromises.chmod("/tmp/fsPromises", 0o777); \ No newline at end of file diff --git a/tests/typescript/detect-angular-sce-disabled-typescript.yml b/tests/typescript/detect-angular-sce-disabled-typescript.yml deleted file mode 100644 index fdf91998..00000000 --- a/tests/typescript/detect-angular-sce-disabled-typescript.yml +++ /dev/null @@ -1,11 +0,0 @@ -id: detect-angular-sce-disabled-typescript -valid: - - | - $sceProvider.enabled(true); -invalid: - - | - $sceProvider.enabled(false); - - | - $sceProvider.enabled(false).someFunction(true).anything("anything"); - - | - $sceProvider.enabled(false)(false); \ No newline at end of file diff --git a/tests/typescript/express-session-hardcoded-secret-typescript-test.yml b/tests/typescript/express-session-hardcoded-secret-typescript-test.yml deleted file mode 100644 index b6eb4d8f..00000000 --- a/tests/typescript/express-session-hardcoded-secret-typescript-test.yml +++ /dev/null @@ -1,21 +0,0 @@ -id: express-session-hardcoded-secret-typescript -valid: - - | - import express from 'express' - import session from 'express-session' - let secret2 = { - resave: false, - secret: config.secret, - saveUninitialized: false, - } - app.use(session(secret2)); -invalid: - - | - import express from 'express' - import session from 'express-session' - let secret2 = { - resave: false, - secret: 'foo', - saveUninitialized: false, - } - app.use(session(secret2)); diff --git a/tests/typescript/jwt-simple-noverify-typecript-test.yml b/tests/typescript/jwt-simple-noverify-typecript-test.yml deleted file mode 100644 index cd28a149..00000000 --- a/tests/typescript/jwt-simple-noverify-typecript-test.yml +++ /dev/null @@ -1,86 +0,0 @@ -id: jwt-simple-noverify-typescript -valid: - - | - const jwt = require('jwt-simple'); - app.get('/protectedRoute4', (req, res) => { - const token = req.headers.authorization; - - if (!token) { - return res.status(401).json({ error: 'Unauthorized. Token missing.' }); - } - - try { - const decoded = jwt.decode(token, secretKey); - res.json({ message: `Hello ${decoded.username}` }); - } catch (error) { - res.status(401).json({ error: 'Unauthorized. Invalid token.' }); - } - }); - - | - const jwt = require('jwt-simple'); - app.get('/protectedRoute5', (req, res) => { - const token = req.headers.authorization; - - if (!token) { - return res.status(401).json({ error: 'Unauthorized. Token missing.' }); - } - - try { - const decoded = jwt.decode(token, secretKey, false); - res.json({ message: `Hello ${decoded.username}` }); - } catch (error) { - res.status(401).json({ error: 'Unauthorized. Invalid token.' }); - } - }); -invalid: - - | - const jwt = require('jwt-simple'); - - app.get('/protectedRoute1', (req, res) => { - const token = req.headers.authorization; - - if (!token) { - return res.status(401).json({ error: 'Unauthorized. Token missing.' }); - } - - try { - const decoded = jwt.decode(token, secretKey, 'HS256', 12); - res.json({ message: `Hello ${decoded.username}` }); - } catch (error) { - res.status(401).json({ error: 'Unauthorized. Invalid token.' }); - } - }); - - | - const jwt = require('jwt-simple'); - - app.get('/protectedRoute2', (req, res) => { - const token = req.headers.authorization; - - if (!token) { - return res.status(401).json({ error: 'Unauthorized. Token missing.' }); - } - - try { - const decoded = jwt.decode(token, secretKey, true); - res.json({ message: `Hello ${decoded.username}` }); - } catch (error) { - res.status(401).json({ error: 'Unauthorized. Invalid token.' }); - } - }); - - | - const jwt = require('jwt-simple'); - - app.get('/protectedRoute3', (req, res) => { - const token = req.headers.authorization; - - if (!token) { - return res.status(401).json({ error: 'Unauthorized. Token missing.' }); - } - - try { - const decoded = jwt.decode(token, secretKey, 'false'); - res.json({ message: `Hello ${decoded.username}` }); - } catch (error) { - res.status(401).json({ error: 'Unauthorized. Invalid token.' }); - } - }); diff --git a/tests/typescript/node-rsa-weak-key-typescript-test.yml b/tests/typescript/node-rsa-weak-key-typescript-test.yml deleted file mode 100644 index 45850840..00000000 --- a/tests/typescript/node-rsa-weak-key-typescript-test.yml +++ /dev/null @@ -1,24 +0,0 @@ -id: node-rsa-weak-key-typescript -valid: - - | - const { publicKey, privateKey } = crypto.generateKeyPairSync("rsa", { - modulusLength: 2048, - }); -invalid: - - | - const crypto = require("crypto"); - const { publicKey, privateKey } = crypto.generateKeyPairSync("rsa", { - a: 123, - modulusLength: 512, - }); - - | - const NodeRSA = require('node-rsa'); - const key = new NodeRSA({b: 204}); - - | - const NodeRSA = require('node-rsa'); - const key = new NodeRSA({b: 512}); - - | - const crypto = require("crypto"); - const keypair2 = await util.promisify(crypto.generateKeyPair)("rsa", { - modulusLength: 512, - }); diff --git a/tests/typescript/node-sequelize-empty-password-argument-typescript-test.yml b/tests/typescript/node-sequelize-empty-password-argument-typescript-test.yml deleted file mode 100644 index 60d266fc..00000000 --- a/tests/typescript/node-sequelize-empty-password-argument-typescript-test.yml +++ /dev/null @@ -1,34 +0,0 @@ -id: node-sequelize-empty-password-argument-typescript -valid: - - | - const Sequelize = require('sequelize'); - const sequelize = new Sequelize({ - database: 'pinche', - username: 'root', - password: '123456789', - dialect: 'mysql' - }); -invalid: - - | - const Sequelize = require('sequelize'); - const sequelize1 = new Sequelize('database', 'username', '', { - host: 'localhost', - port: '5433', - dialect: 'postgres' - }) - - | - const Sequelize = require('sequelize'); - const passwordFromEnv = ''; - const sequelize2 = new Sequelize('database', 'username', passwordFromEnv, { - host: 'localhost', - port: 5432, - dialect: 'postgres' - }); - - | - const Sequelize = require('sequelize'); - const passwordDynamic = ''; - const sequelize2 = new Sequelize('database', 'username', passwordDynamic, { - host: 'localhost', - port: 5432, - dialect: 'postgres' - }); diff --git a/tests/typescript/node-sequelize-hardcoded-secret-argument-typescript-test.yml b/tests/typescript/node-sequelize-hardcoded-secret-argument-typescript-test.yml deleted file mode 100644 index 2871d52d..00000000 --- a/tests/typescript/node-sequelize-hardcoded-secret-argument-typescript-test.yml +++ /dev/null @@ -1,26 +0,0 @@ -id: node-sequelize-hardcoded-secret-argument-typescript -valid: - - | - const Sequelize = require('sequelize'); - const sequelize = new Sequelize({ - database: 'pinche', - username: 'root', - password: '123456789', - dialect: 'mysql' - }) -invalid: - - | - const Sequelize = require('sequelize'); - const sequelize = new Sequelize('database', 'username', 'password', { - host: 'localhost', - port: '5433', - dialect: 'postgres' - }) - - | - const Sequelize = require('sequelize'); - const passwordFromEnv = 'test'; - const sequelize2 = new Sequelize('database', 'username', passwordFromEnv, { - host: 'localhost', - port: 5432, - dialect: 'postgres' - }); \ No newline at end of file