@@ -4,37 +4,41 @@ export function noBidi(context) {
44 return {
55 onCodePathStart : function ( codePath , node ) {
66 // at the start of analyzing a code path
7- node . tokens . forEach ( ( tokenObject ) => {
8- if (
9- tokenObject . value &&
10- hasTrojanSource ( { sourceText : tokenObject . value } )
11- ) {
12- context . report ( {
13- node : node ,
14- data : {
15- text : tokenObject . value . toString ( "utf-8" ) ,
16- } ,
17- message :
18- "Detected potential trojan source attack with unicode bidi introduced in this code: '{{text}}'." ,
19- } ) ;
20- }
21- } ) ;
7+ if ( node . tokens && Array . isArray ( node . tokens ) ) {
8+ node . tokens . forEach ( ( tokenObject ) => {
9+ if (
10+ tokenObject . value &&
11+ hasTrojanSource ( { sourceText : tokenObject . value } )
12+ ) {
13+ context . report ( {
14+ node : node ,
15+ data : {
16+ text : tokenObject . value . toString ( "utf-8" ) ,
17+ } ,
18+ message :
19+ "Detected potential trojan source attack with unicode bidi introduced in this code: '{{text}}'." ,
20+ } ) ;
21+ }
22+ } ) ;
23+ }
2224
23- node . comments . forEach ( ( tokenObject ) => {
24- if (
25- tokenObject . value &&
26- hasTrojanSource ( { sourceText : tokenObject . value } )
27- ) {
28- context . report ( {
29- node : node ,
30- data : {
31- text : tokenObject . value . toString ( "utf-8" ) ,
32- } ,
33- message :
34- "Detected potential trojan source attack with unicode bidi introduced in this comment: '{{text}}'." ,
35- } ) ;
36- }
37- } ) ;
25+ if ( node . comments && Array . isArray ( node . comments ) ) {
26+ node . comments . forEach ( ( tokenObject ) => {
27+ if (
28+ tokenObject . value &&
29+ hasTrojanSource ( { sourceText : tokenObject . value } )
30+ ) {
31+ context . report ( {
32+ node : node ,
33+ data : {
34+ text : tokenObject . value . toString ( "utf-8" ) ,
35+ } ,
36+ message :
37+ "Detected potential trojan source attack with unicode bidi introduced in this comment: '{{text}}'." ,
38+ } ) ;
39+ }
40+ } ) ;
41+ }
3842 } ,
3943 } ;
4044}
0 commit comments