DEVHIDE
Login Or Sign up

Questions regarding writing custom rules with SonarJS

48 Views Asked by At

I have written a custom check in SonarJS to detect persistent Cross-site scripting vulnerabilities in javascript. However, I got a lot false positives and try to improve the code.

I have below two questions:

  1. Does SonarJS support data flow analysis? For example, tracking some value comes from the Ajax response and finally print to the HTML (like innerHtml).

  2. Do we have any parser in SonarJS plugin to parse the "+" operator? For example, get the part this.name from '<input value="' + this.name + '">' expression.

Regards! Jack Yao

sonarjs
Original Q&A
1

There are 1 best solutions below

1
On
  1. There is data-flow analysis in SonarJS, but it's not supposed to be used in custom rules and it's not oriented to the kind of things you need
  2. There is just one parser in SonarJS and as far as I can know it parses "+" operator

Related Questions in SONARJS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.