make xsslint handle import statements

do our own babylon parse and pass the ast into xsslint test plan: * use `import` in your jsx * :cat_dance: Change-Id: I6ea240e82143f44ea360240ada492e6cbbdaa853 Reviewed-on: https://gerrit.instructure.com/104107 Tested-by: Jenkins Reviewed-by: Landon Wilkins <[email protected]> Product-Review: Landon Wilkins <[email protected]> QA-Review: Landon Wilkins <[email protected]>
seandong · Mar 6, 2017 · 0634e4d · 0634e4d
1 parent 6deef12
commit 0634e4d
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/script/xsslint.js b/script/xsslint.js
@@ -4,6 +4,7 @@ const globby       = require("gglobby");
 const fs           = require("fs");
 const CoffeeScript = require("coffee-script");
 const glob         = require("glob");
+const babylon      = require("babylon");
 
 XSSLint.configure({
   "xssable.receiver.whitelist": ["formData"],
@@ -97,10 +98,11 @@ allPaths.forEach(function({paths, glob, defaultIgnores = [], transform}) {
     console.log(`Checking ${path} (${files.length} files) for potential XSS vulnerabilities...`);
 
     files.forEach(function(file) {
-      let pathOrOptions = file;
-      if (transform) pathOrOptions = {source: transform(fs.readFileSync(file).toString())};
+      let source = fs.readFileSync(file).toString();
+      if (transform) source = transform(source);
+      source = babylon.parse(source, { plugins: ["jsx", "classProperties", "objectRestSpread"], sourceType: "module" });
 
-      const warnings = XSSLint.run(pathOrOptions);
+      const warnings = XSSLint.run({source});
       warningCount += warnings.length;
       warnings.forEach(({line, method}) => {
         console.error(`${path}/${file}:${line}: possibly XSS-able ${methodDescription(method)}`);