I'm trying to configure sublime linter to allow 2 spaces instead of 4 for tabs..This is my settings in SublimeLinter - Open User Settings...
"linters": {
"jshint": {
"#disable": false,
"args": [],
"excludes": []
}
}
I want to add indent: 2 (i think). So i tried
"linters": {
"jshint": {
"#disable": false,
"args": [ {indent: 4],
"excludes": []
}
}
But i am not sure how to insert these options because i get the error trying to parse settings: Expected value in Packages/User/SublimeLinter.sublime-settings:20:28
I assume that line 20 is the "args" line, as it's malformed. Try
"linters": {
"jshint": {
"#disable": false,
"args": [ {"indent": 4 } ],
"excludes": []
}
}
instead. I don't know that it'll make jshint do what you want it to do (I'd read the docs for that), but at least it's valid JSON.
Related
I know that AWS WAF is pretty dumb and non-configurable, but last time it becomes stricter.
We can't send even request to backend like:
POST https://our.url/page_id
{
"data": "<a></a>"
}
In this case awswaf:managed:aws:core-rule-set:CrossSiteScripting_Body_RC_COUNT rule will be triggered.
I tried to find any ways how core-rule-set may be customized, but looks like it is impossible. But I want to trust that is my lack of search and it may be customized in some way. If not, current WAF is simply unusable. I can't imagine case when it may be used with these strict non-editable standard rules.
So the question is:
Is it possible to set some safe domains (like https://our.url) that will be passed without blocking? Or maybe some ways to allow <a> tag for example?
You can customize the action on the AWS managed rule in this way:
Edit the AWS managed core set and change the rule action to: "Override to Count". Take note of the aws label for this rule (something like "awswaf:managed:aws:core-rule-set:CrossSiteScripting_Body")
Create a new rule that you add the end of all existing rules. This new rule should trigger on conditions (1) Statement "has a label", where you specify the above label (2) url matches the url you want to let through. Specify the action as "Allow"
Create a new rule that you add after the previous rule. This rule should trigger on same condition (1). Specify the action as "Block"
Based on #Chris answer:
Add AWSManagedRulesCommonRuleSet and override Action to Count for desired Rule (CrossSiteScripting_BODY in my case) (if you have to allow safe URLs inside query parameters, CrossSiteScripting_QUERYARGUMENTS should be changed same way, etc.)
Add custom rule allow-safe-URLs with Block action that will block all requests with CrossSiteScripting_BODY label and with JSON body that don't match <[ ]*a[\-_a-zA-Z0-9 ='"()]*href[ ]*=[ "']https:\/\/([a-zA-Z0-9\-]+\.)?example\.com[ "']*>*.<[ ]*\/[ ]*a[ ]*> RegEx. (only <a href=https://example.com>xxx</a> or <a href=https://anysubdomain.example.com>xxx</a> will be detected as safe)
Last default action should be Allow.
Final JSON of the WEB ACL will be looks like:
{
"Name": "test-waf",
"Id": "some-uuid-of-web-acl",
"ARN": "arn:aws:wafv2:us-east-1:1234567890:regional/webacl/test-waf/some-uuid-of-web-acl",
"DefaultAction": {
"Allow": {}
},
"Description": "Web ACL for URL whitelisting tests",
"Rules": [
{
"Name": "AWS-AWSManagedRulesCommonRuleSet",
"Priority": 0,
"Statement": {
"ManagedRuleGroupStatement": {
"VendorName": "AWS",
"Name": "AWSManagedRulesCommonRuleSet",
"Version": "Version_1.5",
"RuleActionOverrides": [
{
"Name": "CrossSiteScripting_BODY",
"ActionToUse": {
"Count": {}
}
}
]
}
},
"OverrideAction": {
"None": {}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "AWS-AWSManagedRulesCommonRuleSet"
}
},
{
"Name": "allow-safe-URLs",
"Priority": 1,
"Statement": {
"AndStatement": {
"Statements": [
{
"NotStatement": {
"Statement": {
"RegexMatchStatement": {
"RegexString": "<[ ]*a[\\-_a-zA-Z0-9 ='\"()]*href[ ]*=[ \"']https:\\/\\/([a-zA-Z0-9\\-]+\\.)?example\\.com[ \"']*>*.<[ ]*\\/[ ]*a[ ]*>",
"FieldToMatch": {
"JsonBody": {
"MatchPattern": {
"All": {}
},
"MatchScope": "VALUE",
"InvalidFallbackBehavior": "EVALUATE_AS_STRING",
"OversizeHandling": "MATCH"
}
},
"TextTransformations": [
{
"Priority": 0,
"Type": "NONE"
}
]
}
}
}
},
{
"LabelMatchStatement": {
"Scope": "LABEL",
"Key": "awswaf:managed:aws:core-rule-set:CrossSiteScripting_Body"
}
}
]
}
},
"Action": {
"Block": {}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "allow-safe-URLs"
}
}
],
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "test-waf"
},
"Capacity": 707,
"ManagedByFirewallManager": false,
"LabelNamespace": "awswaf:1234567890:webacl:test-waf:"
}
WARNING: this JSON is just a simple reproducible example (Proof of concept). And this configuration vulnerable for attacks with body like: <a href=https://example.com></a><a href=https://www.evil-url.com></a>. RegEx also may be vulnerable. You have to check if ONLY safe URLs included in body. Actual checking (URL-matching) logic should be more complicated. Don't use it as is (by copy/paste).
so I am using VSCode for react development and I was wondering if I could jump to the render function with a shortcut. Naturally there is no preconfigured way. So I looked into it and found a GitHub issue.
{
"key": "shift+alt+p",
"command": "workbench.action.quickOpen",
"args": "#:render"
},
Problem is, that the shortcut opens up the vscode window. Which is prefilled and I have to press the enter button to do the actual "navigate to". Does anyone know how to do this without pushing enter?
I think the only way is to use a macro to run both the quickOpen command and selecting with one keystroke.
Using a macro extension like multi-command, put this into your settings:
"multiCommand.commands": [
{
"command": "multiCommand.goToRender",
"sequence": [
{
"command": "workbench.action.quickOpen",
"args": "#:render"
},
"workbench.action.acceptSelectedQuickOpenItem"
]
}
]
and some keybinding to trigger that macro (in your keybindings.json):
{
"key": "shift+alt+p",
"command": "extension.multiCommand.execute",
"args": { "command": "multiCommand.goToRender" },
"when": "editorTextFocus"
}
Of course, if you have multiple render objects the first will be selected and navigated to.
An alternative is to use the selectBy extension which you could configure to jump to the next or previous occurrence of the word render. The extension can move to occurrences of words (and not select anything). In your settings:
"selectby.regexes": {
"goToRender": {
"moveby": "render",
}
}
And some keybindings (whatever bindings you want):
{
"key": "shift+alt+p", // go up to the previous `render`
"when": "editorTextFocus",
"command": "moveby.regex",
"args": ["goToRender", "moveby", "prev", "start"]
},
{
"key": "alt+p", // go to the next `render`
"when": "editorTextFocus",
"command": "moveby.regex",
"args": ["goToRender", "moveby", "next", "start"]
},
I'm trying to write a specific rule for curly spacing in jsx parts of React, but I can't figure out a correct combination.
What I'm aiming for is the following case:
<Component attr1={this.props.val1} attr2={{ object: { key: value } }}>
{ this.props.text }
</Component>
For now this is the rule I'm using:
"react/jsx-curly-spacing": ["warn", {
"when": "always",
"spacing": { "objectLiterals": "never" }
}]
But it forces spaces in the brackets of attributes, allowing though the content of the Component to have spaces.
Anyone has any ideas on how to write the correct rule?
I've tried the following rules:
"key-spacing": ["error", { "beforeColon": false, "afterColon": true}],
"react/jsx-curly-spacing": ["warn", {
"when": "never",
"children": {
"when": "always"
}
}]
Check if this is ok for you.
I'm getting a warning on the following line on my react component
handleToggle: Function;
I'm using eslint-plugin-react and Flow and I'm getting a warning "handleToggle should be placed after constructor". This is related to rule react/sort-comp. I tried with the following on my .eslintrc.json
"react/sort-comp": [1, {
"order": [
"static-methods",
"lifecycle",
"everything-else",
"render"
],
"groups": {
"lifecycle": [
"displayName",
"propTypes",
"contextTypes",
"childContextTypes",
"/^.*: Function$/",
"mixins",
"statics",
"defaultProps",
"state",
"constructor",
"getDefaultProps",
"getInitialState",
"getChildContext",
"componentWillMount",
"componentDidMount",
"componentWillReceiveProps",
"shouldComponentUpdate",
"componentWillUpdate",
"componentDidUpdate",
"componentWillUnmount"
]
}
}]
But I'm unable to fix the warning. I want the Function Types before constructor the same as the other Type Definition. How can I achieve this?
you can now add a "new" item (type-annotations)* to the order section in the config:
"react/sort-comp": [
2,
{
"order": [
"type-annotations", // <-- this is "new"
"static-methods",
"lifecycle",
"everything-else",
"render"
],
"groups": {
"lifecycle": [
"displayName",
"propTypes",
"contextTypes",
"childContextTypes",
"mixins",
"statics",
"defaultProps",
"constructor",
"getDefaultProps",
"state",
"getInitialState",
"getChildContext",
"getDerivedStateFromProps",
"componentWillMount",
"UNSAFE_componentWillMount",
"componentDidMount",
"componentWillReceiveProps",
"UNSAFE_componentWillReceiveProps",
"shouldComponentUpdate",
"componentWillUpdate",
"UNSAFE_componentWillUpdate",
"getSnapshotBeforeUpdate",
"componentDidUpdate",
"componentDidCatch",
"componentWillUnmount"
]
}
}
]
after this, eslint will stop complaining.
* found here: https://github.com/yannickcr/eslint-plugin-react/blob/master/docs/rules/sort-comp.md#rule-options
The problem is that eslint-plugin-react is not aware of Flow, so there is no group for "type definitions". You can make eslint let you place your type definitions at the beginning of your component by moving "everything-else" to the top of your component (before "static-methods", but that will also allow you to define any functions or instance variables (in case you're using them) before the constructor.
ie, change your .eslintrc.json to:
"react/sort-comp": [1, {
"order": [
"everything-else",
"static-methods",
"lifecycle",
"render"
],
"groups": { /* ... */ }
}]
I used to move cursor up and down with "UP" and "DOWN" keys.
but it can only move 1 line at the time.
sometimes I would love to move 2 or 3 lines at the time.
i'm wondering if thers's such feature in sublime text editor ?
You can record a macro (CTRL+Q or Tools -> Record/Stop Macro) and save it (just use cursor up/down as often as you like.
Then assign a key or key-combination to the macro file. The key assignement has to look like this. I called the macros "multiple_lines_down" and "multiple_lines_up".
Then assign the macros to your keymap:
{ "keys": ["alt+down"], "command": "run_macro_file", "args": {"file": "Packages/User/multiple_lines_down.sublime-macro"}},
{ "keys": ["alt+up"], "command": "run_macro_file", "args": {"file": "Packages/User/multiple_lines_up.sublime-macro"}},
Macro-File (5 times up) looks like this. Replace false with true to move downwards or just record another macro.
[
{
"args":
{
"by": "lines",
"forward": false
},
"command": "move"
},
{
"args":
{
"by": "lines",
"forward": false
},
"command": "move"
},
{
"args":
{
"by": "lines",
"forward": false
},
"command": "move"
},
{
"args":
{
"by": "lines",
"forward": false
},
"command": "move"
},
{
"args":
{
"by": "lines",
"forward": false
},
"command": "move"
}
]