From 2f2c895e56e10b302dcfa6190d75ef22445e07b9 Mon Sep 17 00:00:00 2001
From: akshukul <akshukul@amazon.com>
Date: Wed, 8 Nov 2023 18:23:30 +0530
Subject: [PATCH] add syntactical changes to typescript files.

---
 .../hardcoded_credentials.ts                  | 57 +++++--------------
 .../session_fixation/session_fixation.ts      | 49 +++++++---------
 ...file-and-directory-information-exposure.ts | 37 ++++++------
 .../improper-access- control.ts               | 44 +++++++-------
 .../insecure-cors-policy.ts                   | 54 ++++++------------
 5 files changed, 92 insertions(+), 149 deletions(-)

diff --git a/src/typescript/detector/critical/hardcoded_credentials/hardcoded_credentials.ts b/src/typescript/detector/critical/hardcoded_credentials/hardcoded_credentials.ts
index f1bdbf7..47c0b22 100644
--- a/src/typescript/detector/critical/hardcoded_credentials/hardcoded_credentials.ts
+++ b/src/typescript/detector/critical/hardcoded_credentials/hardcoded_credentials.ts
@@ -1,55 +1,26 @@
 // {fact rule=hardcoded-credentials@v1.0 defects=1}
-
-function nonCompliant() {
-  var crypto = require("crypto");
-  function hardcodedCredentialsNoncompliant(
-    salt: any,
-    iterations: any,
-    keyLen: any,
-    digest: any,
-  ) {
+var crypto = require('crypto')
+function hardcodedCredentialsNoncompliant(salt: any, iterations: any, keyLen: any, digest: any) {
     // Noncompliant: password is hardcoded.
-    crypto.pbkdf2(
-      "password",
-      salt,
-      iterations,
-      keyLen,
-      digest,
-      (err: any, key: { toString: (arg0: string) => any }) => {
+    crypto.pbkdf2('password', salt, iterations, keyLen, digest, (err: any, key: { toString: (arg0: string) => any }) => {
         if (err) {
-          throw err;
+            throw err
         }
-        return key.toString("base64");
-      },
-    );
-  }
+        return key.toString('base64')
+    })
 }
 // {/fact}
 
-// {fact rule=hardcoded-credentials@v1.0 defects=0}
 
-function compliant() {
-  var crypto = require("crypto");
-  function hardcodedCredentialsCompliant(
-    salt: any,
-    iterations: any,
-    keyLen: any,
-    digest: any,
-  ) {
+// {fact rule=hardcoded-credentials@v1.0 defects=0}
+var crypto = require('crypto')
+function hardcodedCredentialsCompliant(salt: any, iterations: any, keyLen: any, digest: any) {
     // Compliant: password is obtained from environment.
-    crypto.pbkdf2(
-      process.env.password,
-      salt,
-      iterations,
-      keyLen,
-      digest,
-      (err: any, key: { toString: (arg0: string) => any }) => {
+    crypto.pbkdf2(process.env.password, salt, iterations, keyLen, digest, (err: any, key: { toString: (arg0: string) => any }) => {
         if (err) {
-          throw err;
+            throw err
         }
-        return key.toString("base64");
-      },
-    );
-  }
+        return key.toString('base64')
+    })
 }
-// {/fact}
+// {/fact}
\ No newline at end of file
diff --git a/src/typescript/detector/critical/session_fixation/session_fixation.ts b/src/typescript/detector/critical/session_fixation/session_fixation.ts
index b90628f..80b34c2 100644
--- a/src/typescript/detector/critical/session_fixation/session_fixation.ts
+++ b/src/typescript/detector/critical/session_fixation/session_fixation.ts
@@ -1,35 +1,30 @@
 // {fact rule=session-fixation@v1.0 defects=1}
-var express = require("express");
-var passport = require("passport");
-var app = express();
+import express, { Express, Request, Response } from 'express'
+import passport from 'passport'
+var app :Express = express()
 function sessionFixationNoncompliant() {
-  app.post(
-    "/somepage",
-    passport.authenticate("local", { failureRedirect: "/somepage" }),
-    function (req: any, res: { redirect: (arg0: string) => void }) {
-      // Noncompliant: session.regenerate is absent.
-      res.redirect("/");
-    },
-  );
+  app.post('/somepage',
+      passport.authenticate('local', { failureRedirect: '/somepage' }),
+      function(req: Request, res: Response) {
+        // Noncompliant: session.regenerate is absent.
+        res.redirect('/')
+      })
 }
 // {/fact}
 
+
 // {fact rule=session-fixation@v1.0 defects=0}
-var express = require("express");
-var passport = require("passport");
-var app = express();
+import express, { Express, Request, Response } from 'express'
+import passport from 'passport'
+var app :Express = express()
 function sessionFixationCompliant() {
-  app.post(
-    "/somepage",
-    passport.authenticate("local", { failureRedirect: "/somepage" }),
-    function (
-      req: { session: { regenerate: (arg0: (err: any) => void) => void } },
-      res: { redirect: (arg0: string) => void },
-    ) {
-      // Compliant: session.regenerate is used
-      req.session.regenerate((err: any) => {});
-      res.redirect("/404");
-    },
-  );
+  app.post('/somepage',
+      passport.authenticate('local', { failureRedirect: '/somepage' }),
+      function(req: Request, res: Response) {
+        // Compliant: session.regenerate is used
+        req.session.regenerate((err: any) => {
+        })
+        res.redirect('/404')
+      })
 }
-// {/fact}
+// {/fact}
\ No newline at end of file
diff --git a/src/typescript/detector/medium/file-and-directory-information-exposure/file-and-directory-information-exposure.ts b/src/typescript/detector/medium/file-and-directory-information-exposure/file-and-directory-information-exposure.ts
index b4c4639..24e28cc 100644
--- a/src/typescript/detector/medium/file-and-directory-information-exposure/file-and-directory-information-exposure.ts
+++ b/src/typescript/detector/medium/file-and-directory-information-exposure/file-and-directory-information-exposure.ts
@@ -1,28 +1,25 @@
 // {fact rule=file-and-directory-information-exposure@v1.0 defects=1}
-var express = require("express");
-var serveStatic = require("serve-static");
-var app = express();
-function fileAndDirectoryInformationExposureNoncompliant() {
+import express, { Express } from 'express'
+var serveStatic = require("serve-static")
+var app : Express = express()
+
+function fileAndDirectoryInformationExposureNoncompliant()
+{
   // Noncompliant: dotfiles variable is set to 'allow'.
-  var serveStaticMiddleware = serveStatic("public", {
-    index: false,
-    dotfiles: "allow",
-  });
-  app.use(serveStaticMiddleware);
+  var serveStaticMiddleware = serveStatic('public', { index: false, dotfiles: 'allow' })
+  app.use(serveStaticMiddleware)
 }
-//{/fact}
+// {/fact}
 
 // {fact rule=file-and-directory-information-exposure@v1.0 defects=0}
-var express = require("express");
-var serveStatic = require("serve-static");
-var app = express();
+import express, { Express } from 'express'
+var serveStatic = require("serve-static")
+var app : Express = express()
 
-function fileAndDirectoryInformationExposureCompliant(safeDomain: any) {
+function fileAndDirectoryInformationExposureCompliant(safeDomain)
+{
   // Compliant: dotfiles variable is set to 'ignore'.
-  var serveStaticMiddleware = serveStatic("public", {
-    index: false,
-    dotfiles: "ignore",
-  });
-  app.use(serveStaticMiddleware);
+  var serveStaticMiddleware = serveStatic('public', { 'index': false, 'dotfiles': 'ignore' })
+  app.use(serveStaticMiddleware)
 }
-//{/fact}
+// {/fact}
\ No newline at end of file
diff --git a/src/typescript/detector/medium/improper-access- control/improper-access- control.ts b/src/typescript/detector/medium/improper-access- control/improper-access- control.ts
index 3ecca9d..ac4d59f 100644
--- a/src/typescript/detector/medium/improper-access- control/improper-access- control.ts	
+++ b/src/typescript/detector/medium/improper-access- control/improper-access- control.ts	
@@ -1,28 +1,30 @@
 // {fact rule=improper-access-control@v1.0 defects=1}
-var express = require("express");
-var helmet = require("helmet");
-var app = express();
+var express = require('express')
+var helmet = require('helmet')
+var app = express()
 
-function improperAccessControlNoncompliant() {
-  app.use(
-    helmet.permittedCrossDomainPolicies({
-      // Noncompliant: permittedPolicies is set to 'all'.
-      permittedPolicies: "all",
-    }),
-  );
+function improperAccessControlNoncompliant(){
+    app.use(
+        helmet.permittedCrossDomainPolicies({
+            // Noncompliant: permittedPolicies is set to 'all'.
+            permittedPolicies: "all",
+        })
+    )
 }
 // {/fact}
 
+
 // {fact rule=improper-access-control@v1.0 defects=0}
-var express = require("express");
-var helmet = require("helmet");
-var app = express();
-function improperAccessControlCompliant() {
-  app.use(
-    helmet.permittedCrossDomainPolicies({
-      // Compliant: permittedPolicies is set to 'none'.
-      permittedPolicies: "none",
-    }),
-  );
+var express = require('express')
+var helmet = require('helmet')
+var app = express()
+
+function improperAccessControlCompliant(){
+    app.use(
+        helmet.permittedCrossDomainPolicies({
+            // Compliant: permittedPolicies is set to 'none'.
+            permittedPolicies: "none",
+        })
+    )
 }
-// {/fact}
+// {/fact}
\ No newline at end of file
diff --git a/src/typescript/detector/medium/insecure-cors-policy/insecure-cors-policy.ts b/src/typescript/detector/medium/insecure-cors-policy/insecure-cors-policy.ts
index f663d67..154a31c 100644
--- a/src/typescript/detector/medium/insecure-cors-policy/insecure-cors-policy.ts
+++ b/src/typescript/detector/medium/insecure-cors-policy/insecure-cors-policy.ts
@@ -1,45 +1,23 @@
 // {fact rule=insecure-cors-policy@v1.0 defects=1}
-var express = require("express");
-var app = express();
-
+var express = require("express")
+var app = express()
 function insecureCorsPolicyNoncompliant() {
-  app.post(
-    "/users",
-    function (
-      req: { query: { origin: any } },
-      res: {
-        set: (
-          arg0: number,
-          arg1: { "Access-Control-Allow-Origin": any },
-        ) => void;
-      },
-    ) {
-      const origin = req.query.origin;
-      // Noncompliant: the Access-Control-Allow-Origin header is set to user-controlled any domain.
-      res.set(200, { "Access-Control-Allow-Origin": origin });
-    },
-  );
+    app.post('/users', function (req: { query: { origin: any } }, res: { set: (arg0: number, arg1: { 'Access-Control-Allow-Origin': any }) => void }) {
+        const origin = req.query.origin
+        // Noncompliant: the Access-Control-Allow-Origin header is set to user-controlled any domain.
+        res.set(200, {'Access-Control-Allow-Origin': origin })
+    })
 }
-//{/fact}
+// {/fact}
+
 
 // {fact rule=insecure-cors-policy@v1.0 defects=0}
-var express = require("express");
-var app = express();
+var express = require("express")
+var app = express()
 function insecureCorsPolicyCompliant() {
-  app.post(
-    "/users",
-    function (
-      req: any,
-      res: {
-        set: (
-          arg0: number,
-          arg1: { "Access-Control-Allow-Origin": string },
-        ) => void;
-      },
-    ) {
-      // Compliant: the Access-Control-Allow-Origin header is set to allow only a specific list of trusted domains.
-      res.set(200, { "Access-Control-Allow-Origin": "trustedsite.com" });
-    },
-  );
+    app.post('/users', function (req: any, res: { set: (arg0: number, arg1: { 'Access-Control-Allow-Origin': string }) => void }) {
+        // Compliant: the Access-Control-Allow-Origin header is set to allow only a specific list of trusted domains.
+        res.set(200, {'Access-Control-Allow-Origin': 'trustedsite.com' })
+    })
 }
-//{/fact}
+// {/fact}