Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enforce eslint no-prototype-builtins #321

Merged
merged 1 commit into from
Jun 25, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .eslintrc.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
"rules": {
"no-console": "error",
"no-unused-vars": "warn",
"no-prototype-builtins": "warn",
"no-prototype-builtins": "error",
"one-var": ["error", "never"],
"no-duplicate-imports": "error",
"no-use-before-define": "error",
Expand Down
39 changes: 10 additions & 29 deletions lib/c14n-canonicalization.js
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,8 @@ class C14nCanonicalization {
}

renderAttrs(node, defaultNS) {
let a;
let i;
let attr;
const res = [];
const attrListToRender = [];

if (node.nodeType === 8) {
Expand All @@ -61,14 +59,9 @@ class C14nCanonicalization {

attrListToRender.sort(this.attrCompare);

for (a in attrListToRender) {
if (!attrListToRender.hasOwnProperty(a)) {
continue;
}

attr = attrListToRender[a];
res.push(" ", attr.name, '="', utils.encodeSpecialCharactersInAttribute(attr.value), '"');
}
const res = attrListToRender.map((attr) => {
return ` ${attr.name}="${utils.encodeSpecialCharactersInAttribute(attr.value)}"`;
});

return res.join("");
}
Expand All @@ -86,16 +79,14 @@ class C14nCanonicalization {
* @api private
*/
renderNs(node, prefixesInScope, defaultNs, defaultNsForPrefix, ancestorNamespaces) {
let a;
let i;
let p;
let attr;
const res = [];
let newDefaultNs = defaultNs;
const nsListToRender = [];
const currNs = node.namespaceURI || "";

//handle the namespaceof the node itself
//handle the namespace of the node itself
if (node.prefix) {
if (prefixesInScope.indexOf(node.prefix) === -1) {
nsListToRender.push({
Expand Down Expand Up @@ -138,37 +129,27 @@ class C14nCanonicalization {

if (Array.isArray(ancestorNamespaces) && ancestorNamespaces.length > 0) {
// Remove namespaces which are already present in nsListToRender
for (const p1 in ancestorNamespaces) {
if (!ancestorNamespaces.hasOwnProperty(p1)) {
continue;
}
for (const ancestorNamespace of ancestorNamespaces) {
let alreadyListed = false;
for (const p2 in nsListToRender) {
for (const nsToRender of nsListToRender) {
if (
nsListToRender[p2].prefix === ancestorNamespaces[p1].prefix &&
nsListToRender[p2].namespaceURI === ancestorNamespaces[p1].namespaceURI
nsToRender.prefix === ancestorNamespace.prefix &&
nsToRender.namespaceURI === ancestorNamespace.namespaceURI
) {
alreadyListed = true;
}
}

if (!alreadyListed) {
nsListToRender.push(ancestorNamespaces[p1]);
nsListToRender.push(ancestorNamespace);
}
}
}

nsListToRender.sort(this.nsCompare);

//render namespaces
for (a in nsListToRender) {
if (!nsListToRender.hasOwnProperty(a)) {
continue;
}

p = nsListToRender[a];
res.push(" xmlns:", p.prefix, '="', p.namespaceURI, '"');
}
res.push(...nsListToRender.map((attr) => ` xmlns:${attr.prefix}="${attr.namespaceURI}"`));

return { rendered: res.join(""), newDefaultNs: newDefaultNs };
}
Expand Down
6 changes: 1 addition & 5 deletions lib/enveloped-signature.js
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,7 @@ class EnvelopedSignature {
".//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
node
);
for (const h in signatures) {
if (!signatures.hasOwnProperty(h)) {
continue;
}
const nodeSignature = signatures[h];
for (const nodeSignature of signatures) {
const signatureValue = utils.findFirst(
nodeSignature,
".//*[local-name(.)='SignatureValue']/text()"
Expand Down
17 changes: 2 additions & 15 deletions lib/exclusive-canonicalization.js
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,6 @@ class ExclusiveCanonicalization {
}

renderAttrs(node, defaultNS) {
let a;
let i;
let attr;
const res = [];
Expand All @@ -72,12 +71,7 @@ class ExclusiveCanonicalization {

attrListToRender.sort(this.attrCompare);

for (a in attrListToRender) {
if (!attrListToRender.hasOwnProperty(a)) {
continue;
}

attr = attrListToRender[a];
for (attr of attrListToRender) {
res.push(" ", attr.name, '="', utils.encodeSpecialCharactersInAttribute(attr.value), '"');
}

Expand All @@ -95,9 +89,7 @@ class ExclusiveCanonicalization {
* @api private
*/
renderNs(node, prefixesInScope, defaultNs, defaultNsForPrefix, inclusiveNamespacesPrefixList) {
let a;
let i;
let p;
let attr;
const res = [];
let newDefaultNs = defaultNs;
Expand Down Expand Up @@ -161,12 +153,7 @@ class ExclusiveCanonicalization {
nsListToRender.sort(this.nsCompare);

//render namespaces
for (a in nsListToRender) {
if (!nsListToRender.hasOwnProperty(a)) {
continue;
}

p = nsListToRender[a];
for (const p of nsListToRender) {
res.push(" xmlns:", p.prefix, '="', p.namespaceURI, '"');
}

Expand Down
78 changes: 19 additions & 59 deletions lib/signed-xml.js
Original file line number Diff line number Diff line change
Expand Up @@ -249,12 +249,7 @@ class SignedXml {
}

validateReferences(doc) {
for (const r in this.references) {
if (!this.references.hasOwnProperty(r)) {
continue;
}

const ref = this.references[r];
for (const ref of this.references) {
let elemXpath;
const uri = ref.uri[0] === "#" ? ref.uri.substring(1) : ref.uri;
let elem = [];
Expand All @@ -266,12 +261,8 @@ class SignedXml {
throw new Error("Cannot validate a uri with quotes inside it");
} else {
let num_elements_for_id = 0;
for (const index in this.idAttributes) {
if (!this.idAttributes.hasOwnProperty(index)) {
continue;
}
const tmp_elemXpath =
"//*[@*[local-name(.)='" + this.idAttributes[index] + "']='" + uri + "']";
for (const attr of this.idAttributes) {
const tmp_elemXpath = `//*[@*[local-name(.)='${attr}']='${uri}']`;
const tmp_elem = xpath.select(tmp_elemXpath, doc);
num_elements_for_id += tmp_elem.length;
if (tmp_elem.length > 0) {
Expand Down Expand Up @@ -352,12 +343,8 @@ class SignedXml {
throw new Error("could not find any Reference elements");
}

for (const i in references) {
if (!references.hasOwnProperty(i)) {
continue;
}

this.loadReference(references[i]);
for (const reference of references) {
this.loadReference(reference);
}

this.signatureValue = utils
Expand Down Expand Up @@ -400,15 +387,12 @@ class SignedXml {
if (nodes.length !== 0) {
const transformsNode = nodes[0];
const transformsAll = utils.findChilds(transformsNode, "Transform");
for (const t in transformsAll) {
if (!transformsAll.hasOwnProperty(t)) {
continue;
}

trans = transformsAll[t];
for (const t of transformsAll) {
trans = t;
transforms.push(utils.findAttr(trans, "Algorithm").value);
}

// This is a little strange, we are looking for children of the last child of `transformsNode`
const inclusiveNamespaces = utils.findChilds(trans, "InclusiveNamespaces");
if (inclusiveNamespaces.length > 0) {
//Should really only be one prefix list, but maybe there's some circumstances where more than one to lets handle it
Expand Down Expand Up @@ -676,12 +660,7 @@ class SignedXml {
prefix = prefix || "";
prefix = prefix ? prefix + ":" : prefix;

for (const n in this.references) {
if (!this.references.hasOwnProperty(n)) {
continue;
}

const ref = this.references[n];
for (const ref of this.references) {
const nodes = xpath.selectWithResolver(ref.xpath, doc, this.namespaceResolver);

if (nodes.length === 0) {
Expand All @@ -690,12 +669,7 @@ class SignedXml {
);
}

for (const h in nodes) {
if (!nodes.hasOwnProperty(h)) {
continue;
}

const node = nodes[h];
for (const node of nodes) {
if (ref.isEmptyUri) {
res += "<" + prefix + 'Reference URI="">';
} else {
Expand All @@ -704,12 +678,7 @@ class SignedXml {
res += "<" + prefix + 'Reference URI="#' + id + '">';
}
res += "<" + prefix + "Transforms>";
for (const t in ref.transforms) {
if (!ref.transforms.hasOwnProperty(t)) {
continue;
}

const trans = ref.transforms[t];
for (const trans of ref.transforms) {
const transform = this.findCanonicalizationAlgorithm(trans);
res += "<" + prefix + 'Transform Algorithm="' + transform.getAlgorithmName() + '"';
if (ref.inclusiveNamespacesPrefixList) {
Expand Down Expand Up @@ -761,12 +730,8 @@ class SignedXml {

let canonXml = node.cloneNode(true); // Deep clone

for (const t in transforms) {
if (!transforms.hasOwnProperty(t)) {
continue;
}

const transform = this.findCanonicalizationAlgorithm(transforms[t]);
Object.values(transforms).forEach((transformName) => {
const transform = this.findCanonicalizationAlgorithm(transformName);
canonXml = transform.process(canonXml, options);
//TODO: currently transform.process may return either Node or String value (enveloped transformation returns Node, exclusive-canonicalization returns String).
//This either needs to be more explicit in the API, or all should return the same.
Expand All @@ -775,7 +740,8 @@ class SignedXml {
//enveloped transformation returns Node since if it would return String consider this case:
//<x xmlns:p='ns'><p:y/></x>
//if only y is the node to sign then a string would be <p:y/> without the definition of the p namespace. probably xmldom toString() should have added it.
}
});

return canonXml.toString();
}

Expand All @@ -793,16 +759,10 @@ class SignedXml {
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
);
} else {
for (const index in this.idAttributes) {
if (!this.idAttributes.hasOwnProperty(index)) {
continue;
}

attr = utils.findAttr(node, this.idAttributes[index], null);
if (attr) {
break;
}
}
Object.values(this.idAttributes).some((idAttribute) => {
attr = utils.findAttr(node, idAttribute, null);
return !!attr; // This will break the loop as soon as a truthy attr is found.
});
}

if (attr) {
Expand Down