diff --git a/typescript/react/security/react-insecure-request.jsx b/typescript/react/security/react-insecure-request.jsx index b36619c4c5..a8c33d43f2 100644 --- a/typescript/react/security/react-insecure-request.jsx +++ b/typescript/react/security/react-insecure-request.jsx @@ -34,3 +34,6 @@ const options = { url: 'https://www.example.com', }; axios(options); + +// ok: react-insecure-request +axios.get('http://localhost/foo'); diff --git a/typescript/react/security/react-insecure-request.tsx b/typescript/react/security/react-insecure-request.tsx index b36619c4c5..a8c33d43f2 100644 --- a/typescript/react/security/react-insecure-request.tsx +++ b/typescript/react/security/react-insecure-request.tsx @@ -34,3 +34,6 @@ const options = { url: 'https://www.example.com', }; axios(options); + +// ok: react-insecure-request +axios.get('http://localhost/foo'); diff --git a/typescript/react/security/react-insecure-request.yaml b/typescript/react/security/react-insecure-request.yaml index 7933cd1625..dc6356a1d8 100644 --- a/typescript/react/security/react-insecure-request.yaml +++ b/typescript/react/security/react-insecure-request.yaml @@ -23,39 +23,39 @@ rules: - typescript - javascript severity: ERROR - pattern-either: - - patterns: + patterns: - pattern-either: - - pattern-inside: | - import $AXIOS from 'axios'; - ... - $AXIOS.$METHOD(...) - - pattern-inside: | - $AXIOS = require('axios'); - ... - $AXIOS.$METHOD(...) - - pattern-either: - - pattern: $AXIOS.get("=~/[Hh][Tt][Tt][Pp]:\/\/.*/",...) - - pattern: $AXIOS.post("=~/[Hh][Tt][Tt][Pp]:\/\/.*/",...) - - pattern: $AXIOS.delete("=~/[Hh][Tt][Tt][Pp]:\/\/.*/",...) - - pattern: $AXIOS.head("=~/[Hh][Tt][Tt][Pp]:\/\/.*/",...) - - pattern: $AXIOS.patch("=~/[Hh][Tt][Tt][Pp]:\/\/.*/",...) - - pattern: $AXIOS.put("=~/[Hh][Tt][Tt][Pp]:\/\/.*/",...) - - pattern: $AXIOS.options("=~/[Hh][Tt][Tt][Pp]:\/\/.*/",...) - - patterns: - - pattern-either: - - pattern-inside: | - import $AXIOS from 'axios'; - ... - $AXIOS(...) - - pattern-inside: | - $AXIOS = require('axios'); - ... - $AXIOS(...) - - pattern-either: - - pattern: '$AXIOS({url: "=~/[Hh][Tt][Tt][Pp]:\/\/.*/"}, ...)' - - pattern: | - $OPTS = {url: "=~/[Hh][Tt][Tt][Pp]:\/\/.*/"} - ... - $AXIOS($OPTS, ...) - - pattern: fetch("=~/[Hh][Tt][Tt][Pp]:\/\/.*/", ...) + - patterns: + - pattern-either: + - pattern-inside: | + import $AXIOS from 'axios'; + ... + $AXIOS.$METHOD(...) + - pattern-inside: | + $AXIOS = require('axios'); + ... + $AXIOS.$METHOD(...) + - pattern: $AXIOS.$VERB("$URL",...) + - metavariable-regex: + metavariable: $VERB + regex: ^(get|post|delete|head|patch|put|options) + - patterns: + - pattern-either: + - pattern-inside: | + import $AXIOS from 'axios'; + ... + $AXIOS(...) + - pattern-inside: | + $AXIOS = require('axios'); + ... + $AXIOS(...) + - pattern-either: + - pattern: '$AXIOS({url: "$URL"}, ...)' + - pattern: | + $OPTS = {url: "$URL"} + ... + $AXIOS($OPTS, ...) + - pattern: fetch("$URL", ...) + - metavariable-regex: + metavariable: $URL + regex: ^([Hh][Tt][Tt][Pp]:\/\/(?!localhost).*)