Skip to content

Commit

Permalink
Enforce eslint no-prototype-builtins (#321)
Browse files Browse the repository at this point in the history
  • Loading branch information
cjbarth authored Jun 25, 2023
1 parent bba9f7c commit 4040b6a
Show file tree
Hide file tree
Showing 5 changed files with 33 additions and 109 deletions.
2 changes: 1 addition & 1 deletion .eslintrc.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
"rules": {
"no-console": "error",
"no-unused-vars": "warn",
"no-prototype-builtins": "warn",
"no-prototype-builtins": "error",
"one-var": ["error", "never"],
"no-duplicate-imports": "error",
"no-use-before-define": "error",
Expand Down
39 changes: 10 additions & 29 deletions lib/c14n-canonicalization.js
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,8 @@ class C14nCanonicalization {
}

renderAttrs(node, defaultNS) {
let a;
let i;
let attr;
const res = [];
const attrListToRender = [];

if (node.nodeType === 8) {
Expand All @@ -61,14 +59,9 @@ class C14nCanonicalization {

attrListToRender.sort(this.attrCompare);

for (a in attrListToRender) {
if (!attrListToRender.hasOwnProperty(a)) {
continue;
}

attr = attrListToRender[a];
res.push(" ", attr.name, '="', utils.encodeSpecialCharactersInAttribute(attr.value), '"');
}
const res = attrListToRender.map((attr) => {
return ` ${attr.name}="${utils.encodeSpecialCharactersInAttribute(attr.value)}"`;
});

return res.join("");
}
Expand All @@ -86,16 +79,14 @@ class C14nCanonicalization {
* @api private
*/
renderNs(node, prefixesInScope, defaultNs, defaultNsForPrefix, ancestorNamespaces) {
let a;
let i;
let p;
let attr;
const res = [];
let newDefaultNs = defaultNs;
const nsListToRender = [];
const currNs = node.namespaceURI || "";

//handle the namespaceof the node itself
//handle the namespace of the node itself
if (node.prefix) {
if (prefixesInScope.indexOf(node.prefix) === -1) {
nsListToRender.push({
Expand Down Expand Up @@ -138,37 +129,27 @@ class C14nCanonicalization {

if (Array.isArray(ancestorNamespaces) && ancestorNamespaces.length > 0) {
// Remove namespaces which are already present in nsListToRender
for (const p1 in ancestorNamespaces) {
if (!ancestorNamespaces.hasOwnProperty(p1)) {
continue;
}
for (const ancestorNamespace of ancestorNamespaces) {
let alreadyListed = false;
for (const p2 in nsListToRender) {
for (const nsToRender of nsListToRender) {
if (
nsListToRender[p2].prefix === ancestorNamespaces[p1].prefix &&
nsListToRender[p2].namespaceURI === ancestorNamespaces[p1].namespaceURI
nsToRender.prefix === ancestorNamespace.prefix &&
nsToRender.namespaceURI === ancestorNamespace.namespaceURI
) {
alreadyListed = true;
}
}

if (!alreadyListed) {
nsListToRender.push(ancestorNamespaces[p1]);
nsListToRender.push(ancestorNamespace);
}
}
}

nsListToRender.sort(this.nsCompare);

//render namespaces
for (a in nsListToRender) {
if (!nsListToRender.hasOwnProperty(a)) {
continue;
}

p = nsListToRender[a];
res.push(" xmlns:", p.prefix, '="', p.namespaceURI, '"');
}
res.push(...nsListToRender.map((attr) => ` xmlns:${attr.prefix}="${attr.namespaceURI}"`));

return { rendered: res.join(""), newDefaultNs: newDefaultNs };
}
Expand Down
6 changes: 1 addition & 5 deletions lib/enveloped-signature.js
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,7 @@ class EnvelopedSignature {
".//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
node
);
for (const h in signatures) {
if (!signatures.hasOwnProperty(h)) {
continue;
}
const nodeSignature = signatures[h];
for (const nodeSignature of signatures) {
const signatureValue = utils.findFirst(
nodeSignature,
".//*[local-name(.)='SignatureValue']/text()"
Expand Down
17 changes: 2 additions & 15 deletions lib/exclusive-canonicalization.js
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,6 @@ class ExclusiveCanonicalization {
}

renderAttrs(node, defaultNS) {
let a;
let i;
let attr;
const res = [];
Expand All @@ -72,12 +71,7 @@ class ExclusiveCanonicalization {

attrListToRender.sort(this.attrCompare);

for (a in attrListToRender) {
if (!attrListToRender.hasOwnProperty(a)) {
continue;
}

attr = attrListToRender[a];
for (attr of attrListToRender) {
res.push(" ", attr.name, '="', utils.encodeSpecialCharactersInAttribute(attr.value), '"');
}

Expand All @@ -95,9 +89,7 @@ class ExclusiveCanonicalization {
* @api private
*/
renderNs(node, prefixesInScope, defaultNs, defaultNsForPrefix, inclusiveNamespacesPrefixList) {
let a;
let i;
let p;
let attr;
const res = [];
let newDefaultNs = defaultNs;
Expand Down Expand Up @@ -161,12 +153,7 @@ class ExclusiveCanonicalization {
nsListToRender.sort(this.nsCompare);

//render namespaces
for (a in nsListToRender) {
if (!nsListToRender.hasOwnProperty(a)) {
continue;
}

p = nsListToRender[a];
for (const p of nsListToRender) {
res.push(" xmlns:", p.prefix, '="', p.namespaceURI, '"');
}

Expand Down
78 changes: 19 additions & 59 deletions lib/signed-xml.js
Original file line number Diff line number Diff line change
Expand Up @@ -249,12 +249,7 @@ class SignedXml {
}

validateReferences(doc) {
for (const r in this.references) {
if (!this.references.hasOwnProperty(r)) {
continue;
}

const ref = this.references[r];
for (const ref of this.references) {
let elemXpath;
const uri = ref.uri[0] === "#" ? ref.uri.substring(1) : ref.uri;
let elem = [];
Expand All @@ -266,12 +261,8 @@ class SignedXml {
throw new Error("Cannot validate a uri with quotes inside it");
} else {
let num_elements_for_id = 0;
for (const index in this.idAttributes) {
if (!this.idAttributes.hasOwnProperty(index)) {
continue;
}
const tmp_elemXpath =
"//*[@*[local-name(.)='" + this.idAttributes[index] + "']='" + uri + "']";
for (const attr of this.idAttributes) {
const tmp_elemXpath = `//*[@*[local-name(.)='${attr}']='${uri}']`;
const tmp_elem = xpath.select(tmp_elemXpath, doc);
num_elements_for_id += tmp_elem.length;
if (tmp_elem.length > 0) {
Expand Down Expand Up @@ -352,12 +343,8 @@ class SignedXml {
throw new Error("could not find any Reference elements");
}

for (const i in references) {
if (!references.hasOwnProperty(i)) {
continue;
}

this.loadReference(references[i]);
for (const reference of references) {
this.loadReference(reference);
}

this.signatureValue = utils
Expand Down Expand Up @@ -400,15 +387,12 @@ class SignedXml {
if (nodes.length !== 0) {
const transformsNode = nodes[0];
const transformsAll = utils.findChilds(transformsNode, "Transform");
for (const t in transformsAll) {
if (!transformsAll.hasOwnProperty(t)) {
continue;
}

trans = transformsAll[t];
for (const t of transformsAll) {
trans = t;
transforms.push(utils.findAttr(trans, "Algorithm").value);
}

// This is a little strange, we are looking for children of the last child of `transformsNode`
const inclusiveNamespaces = utils.findChilds(trans, "InclusiveNamespaces");
if (inclusiveNamespaces.length > 0) {
//Should really only be one prefix list, but maybe there's some circumstances where more than one to lets handle it
Expand Down Expand Up @@ -676,12 +660,7 @@ class SignedXml {
prefix = prefix || "";
prefix = prefix ? prefix + ":" : prefix;

for (const n in this.references) {
if (!this.references.hasOwnProperty(n)) {
continue;
}

const ref = this.references[n];
for (const ref of this.references) {
const nodes = xpath.selectWithResolver(ref.xpath, doc, this.namespaceResolver);

if (nodes.length === 0) {
Expand All @@ -690,12 +669,7 @@ class SignedXml {
);
}

for (const h in nodes) {
if (!nodes.hasOwnProperty(h)) {
continue;
}

const node = nodes[h];
for (const node of nodes) {
if (ref.isEmptyUri) {
res += "<" + prefix + 'Reference URI="">';
} else {
Expand All @@ -704,12 +678,7 @@ class SignedXml {
res += "<" + prefix + 'Reference URI="#' + id + '">';
}
res += "<" + prefix + "Transforms>";
for (const t in ref.transforms) {
if (!ref.transforms.hasOwnProperty(t)) {
continue;
}

const trans = ref.transforms[t];
for (const trans of ref.transforms) {
const transform = this.findCanonicalizationAlgorithm(trans);
res += "<" + prefix + 'Transform Algorithm="' + transform.getAlgorithmName() + '"';
if (ref.inclusiveNamespacesPrefixList) {
Expand Down Expand Up @@ -761,12 +730,8 @@ class SignedXml {

let canonXml = node.cloneNode(true); // Deep clone

for (const t in transforms) {
if (!transforms.hasOwnProperty(t)) {
continue;
}

const transform = this.findCanonicalizationAlgorithm(transforms[t]);
Object.values(transforms).forEach((transformName) => {
const transform = this.findCanonicalizationAlgorithm(transformName);
canonXml = transform.process(canonXml, options);
//TODO: currently transform.process may return either Node or String value (enveloped transformation returns Node, exclusive-canonicalization returns String).
//This either needs to be more explicit in the API, or all should return the same.
Expand All @@ -775,7 +740,8 @@ class SignedXml {
//enveloped transformation returns Node since if it would return String consider this case:
//<x xmlns:p='ns'><p:y/></x>
//if only y is the node to sign then a string would be <p:y/> without the definition of the p namespace. probably xmldom toString() should have added it.
}
});

return canonXml.toString();
}

Expand All @@ -793,16 +759,10 @@ class SignedXml {
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
);
} else {
for (const index in this.idAttributes) {
if (!this.idAttributes.hasOwnProperty(index)) {
continue;
}

attr = utils.findAttr(node, this.idAttributes[index], null);
if (attr) {
break;
}
}
Object.values(this.idAttributes).some((idAttribute) => {
attr = utils.findAttr(node, idAttribute, null);
return !!attr; // This will break the loop as soon as a truthy attr is found.
});
}

if (attr) {
Expand Down

0 comments on commit 4040b6a

Please sign in to comment.