Siming Yao
Reputation: 1
Questions regarding writing custom rules with SonarJS
I have written a custom check in SonarJS to detect persistent Cross-site scripting vulnerabilities in javascript. However, I got a lot false positives and try to improve the code.
I have below two questions:
Does SonarJS support data flow analysis? For example, tracking some value comes from the Ajax response and finally print to the HTML (like
innerHtml).Do we have any parser in SonarJS plugin to parse the "+" operator? For example, get the part
this.namefrom'<input value="' + this.name + '">'expression.
Regards! Jack Yao
Upvotes: 0
Views: 46
Answers (1)
Elena Vilchik
Reputation: 1090
- There is data-flow analysis in SonarJS, but it's not supposed to be used in custom rules and it's not oriented to the kind of things you need
- There is just one parser in SonarJS and as far as I can know it parses "+" operator
Upvotes: 0
Related Questions
- How to add Rules to SonarQube?
- SonarQube API Docs for custom rules
- Beginners guide in Writing own Custom Rules for Java in SonarQube
- SonarQube. Create custom rule for Java
- Coding Sonar Rules In Java
- How to create a new rule in sonar
- How to create custom rules in sonarqube for dotnet?
- Working with SonarQube rules
- SonarQube custom java rules
- sonar delphi plugin custom rule