Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is Theia interested in expanding their ESLint config to include XSS sink scanning #8398

Closed
LukeWood opened this issue Aug 17, 2020 · 4 comments
Closed

Is Theia interested in expanding their ESLint config to include XSS sink scanning #8398

LukeWood opened this issue Aug 17, 2020 · 4 comments
Labels
linting issues related to linting proposal feature proposals (potential future features) security issues related to security

Comments

@LukeWood
Copy link
Contributor

Feature Description:

I work on Cloud Shell (ide.cloud.google.com). We use Theia to build our editor. We have created an eslint config that has generated a list of XSS sinks in Theia (which I am currently sending fixes out for).

Are you all potentially interested in having this upstreamed?
@benoitf
Copy link
Contributor

benoitf commented Aug 17, 2020

If it doesn't slow down too much linting I think it's always nice to have something more secure directly in upstream

@vince-fugnitto vince-fugnitto added linting issues related to linting proposal feature proposals (potential future features) security issues related to security labels Aug 17, 2020
@akosyakov
Copy link
Member

Yes, it sounds great. I thought @caseyflynn-google was looking into it: #7954 (comment)

@LukeWood
Copy link
Contributor Author

Ah cool - yeah I didn't realize Casey had already commented here. I will get a commit ready.

LukeWood added a commit to LukeWood/theia that referenced this issue Sep 8, 2020
@LukeWood
Introduces XSS sink detecting eslint rules
fd09851 
These eslint rules attempt to surface XSS sinks from eslint.
This commit is a first pass on
eclipse-theia#8398

Change-Id: I142bbba9785c4567dfbea1380f5a980560cf7413
@LukeWood LukeWood mentioned this issue Sep 8, 2020
Merged
1 task
LukeWood added a commit to LukeWood/theia that referenced this issue Sep 8, 2020
@LukeWood
Introduces XSS sink detecting eslint rules
2ddedcb 
These eslint rules attempt to surface XSS sinks from eslint.
This commit is a first pass on
eclipse-theia#8398

Change-Id: I142bbba9785c4567dfbea1380f5a980560cf7413
LukeWood added a commit to LukeWood/theia that referenced this issue Sep 8, 2020
@LukeWood
Introduces XSS sink detecting eslint rules
7cdc0f0 
These eslint rules attempt to surface XSS sinks from eslint.
This commit is a first pass on
eclipse-theia#8398

Change-Id: I142bbba9785c4567dfbea1380f5a980560cf7413
Signed-off-by: LukeWood <lukewoodcs@gmail.com>
LukeWood added a commit to LukeWood/theia that referenced this issue Sep 8, 2020
@LukeWood
Introduces XSS sink detecting eslint rules
49020da 
These eslint rules attempt to surface XSS sinks from eslint.
This commit is a first pass on
eclipse-theia#8398

Change-Id: I142bbba9785c4567dfbea1380f5a980560cf7413
Signed-off-by: LukeWood <lukewoodcs@gmail.com>
LukeWood added a commit to LukeWood/theia that referenced this issue Sep 14, 2020
@LukeWood
Introduces XSS sink detecting eslint rules
54f43d9 
These eslint rules attempt to surface XSS sinks from eslint.
This commit is a first pass on
eclipse-theia#8398

Change-Id: I142bbba9785c4567dfbea1380f5a980560cf7413
Signed-off-by: LukeWood <lukewoodcs@gmail.com>
marcdumais-work pushed a commit that referenced this issue Sep 15, 2020
@LukeWood @marcdumais-work
Introduces XSS sink detecting eslint rules
3ea4a49 
These eslint rules attempt to surface XSS sinks from eslint.
This commit is a first pass on
#8398

Change-Id: I142bbba9785c4567dfbea1380f5a980560cf7413
Signed-off-by: LukeWood <lukewoodcs@gmail.com>
@marcdumais-work
Copy link
Contributor

There was a fix for this issue: #8481, so closing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
linting issues related to linting proposal feature proposals (potential future features) security issues related to security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@benoitf @akosyakov @LukeWood @marcdumais-work @vince-fugnitto