Enforce eslint no-prototype-builtins

Author: cjbarth

.eslintrc.json

@@ -10,7 +10,7 @@
   "rules": {
     "no-console": "error",
     "no-unused-vars": "warn",
-    "no-prototype-builtins": "warn",
+    "no-prototype-builtins": "error",
     "one-var": ["error", "never"],
     "no-duplicate-imports": "error",
     "no-use-before-define": "error",

lib/c14n-canonicalization.js

@@ -38,10 +38,8 @@ class C14nCanonicalization {
   }
 
   renderAttrs(node, defaultNS) {
-    let a;
     let i;
     let attr;
-    const res = [];
     const attrListToRender = [];
 
     if (node.nodeType === 8) {
@@ -61,14 +59,9 @@ class C14nCanonicalization {
 
     attrListToRender.sort(this.attrCompare);
 
-    for (a in attrListToRender) {
-      if (!attrListToRender.hasOwnProperty(a)) {
-        continue;
-      }
-
-      attr = attrListToRender[a];
-      res.push(" ", attr.name, '="', utils.encodeSpecialCharactersInAttribute(attr.value), '"');
-    }
+    const res = attrListToRender.map((attr) => {
+      return ` ${attr.name}="${utils.encodeSpecialCharactersInAttribute(attr.value)}"`;
+    });
 
     return res.join("");
   }
@@ -86,16 +79,14 @@ class C14nCanonicalization {
    * @api private
    */
   renderNs(node, prefixesInScope, defaultNs, defaultNsForPrefix, ancestorNamespaces) {
-    let a;
     let i;
-    let p;
     let attr;
     const res = [];
     let newDefaultNs = defaultNs;
     const nsListToRender = [];
     const currNs = node.namespaceURI || "";
 
-    //handle the namespaceof the node itself
+    //handle the namespace of the node itself
     if (node.prefix) {
       if (prefixesInScope.indexOf(node.prefix) === -1) {
         nsListToRender.push({
@@ -138,37 +129,27 @@ class C14nCanonicalization {
 
     if (Array.isArray(ancestorNamespaces) && ancestorNamespaces.length > 0) {
       // Remove namespaces which are already present in nsListToRender
-      for (const p1 in ancestorNamespaces) {
-        if (!ancestorNamespaces.hasOwnProperty(p1)) {
-          continue;
-        }
+      for (const ancestorNamespace of ancestorNamespaces) {
         let alreadyListed = false;
-        for (const p2 in nsListToRender) {
+        for (const nsToRender of nsListToRender) {
           if (
-            nsListToRender[p2].prefix === ancestorNamespaces[p1].prefix &&
-            nsListToRender[p2].namespaceURI === ancestorNamespaces[p1].namespaceURI
+            nsToRender.prefix === ancestorNamespace.prefix &&
+            nsToRender.namespaceURI === ancestorNamespace.namespaceURI
           ) {
             alreadyListed = true;
           }
         }
 
         if (!alreadyListed) {
-          nsListToRender.push(ancestorNamespaces[p1]);
+          nsListToRender.push(ancestorNamespace);
         }
       }
     }
 
     nsListToRender.sort(this.nsCompare);
 
     //render namespaces
-    for (a in nsListToRender) {
-      if (!nsListToRender.hasOwnProperty(a)) {
-        continue;
-      }
-
-      p = nsListToRender[a];
-      res.push(" xmlns:", p.prefix, '="', p.namespaceURI, '"');
-    }
+    res.push(...nsListToRender.map((attr) => ` xmlns:${attr.prefix}="${attr.namespaceURI}"`));
 
     return { rendered: res.join(""), newDefaultNs: newDefaultNs };
   }

lib/enveloped-signature.js

@@ -25,11 +25,7 @@ class EnvelopedSignature {
       ".//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']",
       node
     );
-    for (const h in signatures) {
-      if (!signatures.hasOwnProperty(h)) {
-        continue;
-      }
-      const nodeSignature = signatures[h];
+    for (const nodeSignature of signatures) {
       const signatureValue = utils.findFirst(
         nodeSignature,
         ".//*[local-name(.)='SignatureValue']/text()"

lib/exclusive-canonicalization.js

@@ -49,7 +49,6 @@ class ExclusiveCanonicalization {
   }
 
   renderAttrs(node, defaultNS) {
-    let a;
     let i;
     let attr;
     const res = [];
@@ -72,12 +71,7 @@ class ExclusiveCanonicalization {
 
     attrListToRender.sort(this.attrCompare);
 
-    for (a in attrListToRender) {
-      if (!attrListToRender.hasOwnProperty(a)) {
-        continue;
-      }
-
-      attr = attrListToRender[a];
+    for (attr of attrListToRender) {
       res.push(" ", attr.name, '="', utils.encodeSpecialCharactersInAttribute(attr.value), '"');
     }
 
@@ -95,9 +89,7 @@ class ExclusiveCanonicalization {
    * @api private
    */
   renderNs(node, prefixesInScope, defaultNs, defaultNsForPrefix, inclusiveNamespacesPrefixList) {
-    let a;
     let i;
-    let p;
     let attr;
     const res = [];
     let newDefaultNs = defaultNs;
@@ -161,12 +153,7 @@ class ExclusiveCanonicalization {
     nsListToRender.sort(this.nsCompare);
 
     //render namespaces
-    for (a in nsListToRender) {
-      if (!nsListToRender.hasOwnProperty(a)) {
-        continue;
-      }
-
-      p = nsListToRender[a];
+    for (const p of nsListToRender) {
       res.push(" xmlns:", p.prefix, '="', p.namespaceURI, '"');
     }
 

lib/signed-xml.js

@@ -249,12 +249,7 @@ class SignedXml {
   }
 
   validateReferences(doc) {
-    for (const r in this.references) {
-      if (!this.references.hasOwnProperty(r)) {
-        continue;
-      }
-
-      const ref = this.references[r];
+    for (const ref of this.references) {
       let elemXpath;
       const uri = ref.uri[0] === "#" ? ref.uri.substring(1) : ref.uri;
       let elem = [];
@@ -266,12 +261,8 @@ class SignedXml {
         throw new Error("Cannot validate a uri with quotes inside it");
       } else {
         let num_elements_for_id = 0;
-        for (const index in this.idAttributes) {
-          if (!this.idAttributes.hasOwnProperty(index)) {
-            continue;
-          }
-          const tmp_elemXpath =
-            "//*[@*[local-name(.)='" + this.idAttributes[index] + "']='" + uri + "']";
+        for (const attr of this.idAttributes) {
+          const tmp_elemXpath = `//*[@*[local-name(.)='${attr}']='${uri}']`;
           const tmp_elem = xpath.select(tmp_elemXpath, doc);
           num_elements_for_id += tmp_elem.length;
           if (tmp_elem.length > 0) {
@@ -352,12 +343,8 @@ class SignedXml {
       throw new Error("could not find any Reference elements");
     }
 
-    for (const i in references) {
-      if (!references.hasOwnProperty(i)) {
-        continue;
-      }
-
-      this.loadReference(references[i]);
+    for (const reference of references) {
+      this.loadReference(reference);
     }
 
     this.signatureValue = utils
@@ -400,15 +387,12 @@ class SignedXml {
     if (nodes.length !== 0) {
       const transformsNode = nodes[0];
       const transformsAll = utils.findChilds(transformsNode, "Transform");
-      for (const t in transformsAll) {
-        if (!transformsAll.hasOwnProperty(t)) {
-          continue;
-        }
-
-        trans = transformsAll[t];
+      for (const t of transformsAll) {
+        trans = t;
         transforms.push(utils.findAttr(trans, "Algorithm").value);
       }
 
+      // This is a little strange, we are looking for children of the last child of `transformsNode`
       const inclusiveNamespaces = utils.findChilds(trans, "InclusiveNamespaces");
       if (inclusiveNamespaces.length > 0) {
         //Should really only be one prefix list, but maybe there's some circumstances where more than one to lets handle it
@@ -676,12 +660,7 @@ class SignedXml {
     prefix = prefix || "";
     prefix = prefix ? prefix + ":" : prefix;
 
-    for (const n in this.references) {
-      if (!this.references.hasOwnProperty(n)) {
-        continue;
-      }
-
-      const ref = this.references[n];
+    for (const ref of this.references) {
       const nodes = xpath.selectWithResolver(ref.xpath, doc, this.namespaceResolver);
 
       if (nodes.length === 0) {
@@ -690,12 +669,7 @@ class SignedXml {
         );
       }
 
-      for (const h in nodes) {
-        if (!nodes.hasOwnProperty(h)) {
-          continue;
-        }
-
-        const node = nodes[h];
+      for (const node of nodes) {
         if (ref.isEmptyUri) {
           res += "<" + prefix + 'Reference URI="">';
         } else {
@@ -704,12 +678,7 @@ class SignedXml {
           res += "<" + prefix + 'Reference URI="#' + id + '">';
         }
         res += "<" + prefix + "Transforms>";
-        for (const t in ref.transforms) {
-          if (!ref.transforms.hasOwnProperty(t)) {
-            continue;
-          }
-
-          const trans = ref.transforms[t];
+        for (const trans of ref.transforms) {
           const transform = this.findCanonicalizationAlgorithm(trans);
           res += "<" + prefix + 'Transform Algorithm="' + transform.getAlgorithmName() + '"';
           if (ref.inclusiveNamespacesPrefixList) {
@@ -761,12 +730,8 @@ class SignedXml {
 
     let canonXml = node.cloneNode(true); // Deep clone
 
-    for (const t in transforms) {
-      if (!transforms.hasOwnProperty(t)) {
-        continue;
-      }
-
-      const transform = this.findCanonicalizationAlgorithm(transforms[t]);
+    Object.values(transforms).forEach((transformName) => {
+      const transform = this.findCanonicalizationAlgorithm(transformName);
       canonXml = transform.process(canonXml, options);
       //TODO: currently transform.process may return either Node or String value (enveloped transformation returns Node, exclusive-canonicalization returns String).
       //This either needs to be more explicit in the API, or all should return the same.
@@ -775,7 +740,8 @@ class SignedXml {
       //enveloped transformation returns Node since if it would return String consider this case:
       //<x xmlns:p='ns'><p:y/></x>
       //if only y is the node to sign then a string would be <p:y/> without the definition of the p namespace. probably xmldom toString() should have added it.
-    }
+    });
+
     return canonXml.toString();
   }
 
@@ -793,16 +759,10 @@ class SignedXml {
         "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
       );
     } else {
-      for (const index in this.idAttributes) {
-        if (!this.idAttributes.hasOwnProperty(index)) {
-          continue;
-        }
-
-        attr = utils.findAttr(node, this.idAttributes[index], null);
-        if (attr) {
-          break;
-        }
-      }
+      Object.values(this.idAttributes).some((idAttribute) => {
+        attr = utils.findAttr(node, idAttribute, null);
+        return !!attr; // This will break the loop as soon as a truthy attr is found.
+      });
     }
 
     if (attr) {