-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvalidateImplementationFile.js
More file actions
34 lines (29 loc) · 1002 Bytes
/
validateImplementationFile.js
File metadata and controls
34 lines (29 loc) · 1002 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
const assert = require("./assert");
// XML elements immediately below the root other than
// configuration and exception strategies
// - there does not appear to be another way to distinguish these
// ($ is used by xml2js to access attributes)
const permittedTopLevelElements = new Set([
"$",
"flow",
"sub-flow",
"batch:job",
"until-successful"
]);
const validateImplementationFile = (implementationFileName, contents, xml) => {
assert.isTrue(
!contents.includes("<db:dynamic-query>"),
`${implementationFileName}: Dynamic query is not permitted - vulnerable to SQL injection`
);
assert.isTrue(
!contents.includes("<db:parameterized-query>"),
`${implementationFileName}: Inline SQL should be moved to file/template`
);
for (let topLevelElement in xml.mule) {
assert.isTrue(
permittedTopLevelElements.has(topLevelElement),
`${implementationFileName}: ${topLevelElement} is not permitted`
);
}
};
module.exports = validateImplementationFile;