ESLint configured for CLI

cli/.eslintrc

@@ -3,7 +3,39 @@
         "browser": false,
         "node": true
     },
+    "extends": [
+        "eslint:recommended",
+        "plugin:security/recommended"
+    ],
     "parserOptions": {
-        "ecmaVersion":  2017
+        "ecmaVersion":  2018
+    },
+    "plugins": [
+        "security"
+    ],
+    "rules": {
+        "linebreak-style": [
+            "off",
+            "windows"
+        ],
+        "quotes": [
+            "error",
+            "single"
+        ],
+        "semi": [
+            "error",
+            "always"
+        ],
+        "no-console": [
+            "off"
+        ]
+    },
+    "globals": {
+        "it": true,
+        "after": true,
+        "afterEach": true,
+        "before": true,
+        "beforeEach": true,
+        "describe": true
     }
 }

cli/actions/encrypt.js

@@ -5,11 +5,9 @@ const fs = require('fs');
 const request = require('request');
 const { promisify } = require('util');
 const { AuthenticationContext } = require('adal-node');
-const activeDirectoryEndpoint = "https://login.microsoftonline.com/";
-
-const  pjson = require('../package.json');
-
+const activeDirectoryEndpoint = 'https://login.microsoftonline.com/';
 const isDocker = require('../is-docker');
+const pjson = require('../package.json');
 
 const DEFAULT_ENCODING = 'utf8';
 
@@ -40,9 +38,10 @@ module.exports = async (args, options, logger) => {
         logger.error('Error while trying to encrypt with kamus:', err.message);
         process.exit(1);
     }
-}
+};
 
 const encrypt = async ({ secret, file, serviceAccount, namespace, kamusUrl, certFingerprint, fileEncoding }, token = null) => {
+    // eslint-disable-next-line security/detect-non-literal-fs-filename
     const data = file ? fs.readFileSync(file, { encoding: fileEncoding || DEFAULT_ENCODING }) : secret;
     const response = await performEncryptRequestAsync(data, serviceAccount, namespace, kamusUrl, certFingerprint, token);
     if (response && response.statusCode >= 300) {
@@ -84,34 +83,36 @@ const acquireTokenWithDeviceCode = async (context, authApplication, authResource
 
 const outputUserCodeInstructions = async (userCodeResult, logger) => {
     if (isDocker()) {
-        logger.info(`Login to https://microsoft.com/devicelogin Enter this code to authenticate: ${userCodeResult.userCode}`)
+        logger.info(`Login to https://microsoft.com/devicelogin Enter this code to authenticate: ${userCodeResult.userCode}`);
     } else {
         opn(userCodeResult.verificationUrl);
         logger.info(`Enter this code to authenticate: ${userCodeResult.userCode}`);
     }
-}
+};
 
-const useAuth = ({ authTenant, authApplication, authResource }, logger) => {
+const useAuth = ({ authTenant, authApplication, authResource }) => {
     if (authTenant && authApplication && authResource) {
         return true;
     }
     return false;
-}
+};
 
 //Source: http://hassansin.github.io/certificate-pinning-in-nodejs
 const performEncryptRequest = (data, serviceAccount, namespace, kamusUrl, certificateFingerprint, token, cb) => {
-    const headers = {
+    const headersBase = {
         'User-Agent': `kamus-cli-${pjson.version}`,
-        'Content-Type': 'application/json'
+        'Content-Type': 'application/json',
     };
 
-    if (token != null) {
-        headers['Authorization'] = `Bearer ${token}`
-    }
+    const authHeaders = token ? {
+        Authorization: `Bearer ${token}`,
+    } : {};
+
+    const headers = { ...headersBase, ...authHeaders };
 
     const options = {
         url: `${kamusUrl}/api/v1/encrypt`,
-        headers: headers,
+        headers,
         // Certificate validation
         strictSSL: true,
         method: 'POST',
@@ -136,10 +137,13 @@ const performEncryptRequest = (data, serviceAccount, namespace, kamusUrl, certif
         ['service-account']: serviceAccount,
         namespace,
     }));
-}
+};
+
+const performEncryptRequestAsync = promisify(performEncryptRequest);
 
 const outputEncryptedSecret = (encryptedSecret, { outputFile, overwrite, fileEncoding }, logger) => {
     if (outputFile) {
+        // eslint-disable-next-line security/detect-non-literal-fs-filename
         fs.writeFileSync(outputFile, encryptedSecret, {
             encoding: fileEncoding || DEFAULT_ENCODING,
             flag: overwrite ? 'w' : 'wx',
@@ -149,6 +153,4 @@ const outputEncryptedSecret = (encryptedSecret, { outputFile, overwrite, fileEnc
     else {
         logger.info(`Encrypted data:\n${encryptedSecret}`);
     }
-};
-
-performEncryptRequestAsync = promisify(performEncryptRequest);
+};

cli/package.json

@@ -37,6 +37,7 @@
   "devDependencies": {
     "chai": "^4.2.0",
     "eslint": "^5.12.0",
+    "eslint-plugin-security": "^1.4.0",
     "mocha": "^5.2.0",
     "mock-fs": "^4.7.0",
     "nock": "^10.0.5",

cli/test/encrypt.spec.js

@@ -1,3 +1,5 @@
+/* eslint-disable security/detect-non-literal-fs-filename */
+/* global describe it before beforeEach after afterEach */
 const expect = require('chai').expect;
 const nock = require('nock');
 const sinon = require('sinon');
@@ -27,7 +29,7 @@ describe('Encrypt', () => {
   const outputPath = 'path/to/outputDir';
   const newOutputFile = 'new.txt';
   const existingFile = 'existing.txt';
-  const unexistingFile = 'not-found.txt';
+  const nonexistingFile = 'not-found.txt';
   const existingFileContent = 'some content here';
 
   before(() => {
@@ -109,7 +111,6 @@ describe('Encrypt', () => {
     });
 
     it('should fail if neither secret or secret file options were set', async () => {
-      const file = `${inputPath}/${existingFile}`;
       await encrypt(null, { serviceAccount, namespace, kamusUrl }, logger);
       expect(kamusApiScope.isDone()).to.be.false;
       expect(process.exit.called).to.be.true;
@@ -125,7 +126,7 @@ describe('Encrypt', () => {
     });
 
     it('should fail if the file doesn\'t exists', async () => {
-      const file = `${inputPath}/${unexistingFile}`;
+      const file = `${inputPath}/${nonexistingFile}`;
       await encrypt(null, { file, serviceAccount, namespace, kamusUrl }, logger);
       expect(kamusApiScope.isDone()).to.be.false;
       expect(process.exit.called).to.be.true;

cli/yarn.lock

@@ -517,6 +517,13 @@ [email protected], escape-string-regexp@^1.0.2, escape-string-regexp@^1
   resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4"
   integrity sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=
 
+eslint-plugin-security@^1.4.0:
+  version "1.4.0"
+  resolved "https://registry.yarnpkg.com/eslint-plugin-security/-/eslint-plugin-security-1.4.0.tgz#d4f314484a80b1b613b8c8886e84f52efe1526c2"
+  integrity sha512-xlS7P2PLMXeqfhyf3NpqbvbnW04kN8M9NtmhpR3XGyOvt/vNKS7XPXT5EDbwKW9vCjWH4PpfQvgD/+JgN0VJKA==
+  dependencies:
+    safe-regex "^1.1.0"
+
 eslint-scope@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/eslint-scope/-/eslint-scope-4.0.0.tgz#50bf3071e9338bcdc43331794a0cb533f0136172"
@@ -1476,6 +1483,11 @@ restore-cursor@^2.0.0:
     onetime "^2.0.0"
     signal-exit "^3.0.2"
 
+ret@~0.1.10:
+  version "0.1.15"
+  resolved "https://registry.yarnpkg.com/ret/-/ret-0.1.15.tgz#b8a4825d5bdb1fc3f6f53c2bc33f81388681c7bc"
+  integrity sha512-TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg==
+
 rimraf@~2.6.2:
   version "2.6.3"
   resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-2.6.3.tgz#b2d104fe0d8fb27cf9e0a1cda8262dd3833c6cab"
@@ -1507,6 +1519,13 @@ safe-buffer@^5.0.1, safe-buffer@^5.1.2, safe-buffer@~5.1.0, safe-buffer@~5.1.1:
   resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d"
   integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==
 
+safe-regex@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/safe-regex/-/safe-regex-1.1.0.tgz#40a3669f3b077d1e943d44629e157dd48023bf2e"
+  integrity sha1-QKNmnzsHfR6UPURinhV91IAjvy4=
+  dependencies:
+    ret "~0.1.10"
+
 "safer-buffer@>= 2.1.2 < 3", safer-buffer@^2.0.2, safer-buffer@^2.1.0, safer-buffer@~2.1.0:
   version "2.1.2"
   resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"