diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000000..65932d2edc --- /dev/null +++ b/.editorconfig @@ -0,0 +1,16 @@ +# EditorConfig is awesome: http://EditorConfig.org + +# top-most EditorConfig file +root = true + +# Unix-style newlines with a newline ending every file +[*] +end_of_line = lf +insert_final_newline = true + +# Matches multiple files with brace expansion notation +# Set default charset +[*.{js,ts,less}] +charset = utf-8 +indent_style = space +indent_size = 4 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000000..c7d7fd6a34 --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +.vs +.idea +node_modules +npm-debug.log +*.crx +*.pem +package-lock.json diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..3564ea7b08 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,45 @@ +bitwarden believes that working with security researchers across the globe is crucial to keeping our +users safe. If you believe you've found a security issue in our product or service, we encourage you to +notify us. We welcome working with you to resolve the issue promptly. Thanks in advance! + +# Disclosure Policy + +- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every + effort to quickly resolve the issue. +- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a + third-party. We may publicly disclose the issue before resolving it, if appropriate. +- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or + degradation of our service. Only interact with accounts you own or with explicit permission of the + account holder. +- If you would like to encrypt your report, please use the PGP key with long ID + `0xDE6887086F892325FEC04CC0D847525B6931381F` (available in the public keyserver pool). + +# In-scope + +- Security issues in any current release of bitwarden. This includes the web vault, browser extension, + and mobile apps (iOS and Android). Product downloads are available at https://bitwarden.com. Source + code is available at https://github.com/bitwarden. + +# Exclusions + +The following bug classes are out-of scope: + +- Bugs that are already reported on any of bitwarden's issue trackers (https://github.com/bitwarden), + or that we already know of. Note that some of our issue tracking is private. +- Issues in an upstream software dependency (ex: Xamarin, ASP.NET) which are already reported to the + upstream maintainer. +- Attacks requiring physical access to a user's device. +- Self-XSS +- Issues related to software or protocols not under bitwarden's control +- Vulnerabilities in outdated versions of bitwarden +- Missing security best practices that do not directly lead to a vulnerability +- Issues that do not have any impact on the general public + +While researching, we'd like to ask you to refrain from: + +- Denial of service +- Spamming +- Social engineering (including phishing) of bitwarden staff or contractors +- Any physical attempts against bitwarden property or data centers + +Thank you for helping keep bitwarden and our users safe! diff --git a/bitwarden-jslib.sln b/bitwarden-jslib.sln new file mode 100644 index 0000000000..3e98b7dc54 --- /dev/null +++ b/bitwarden-jslib.sln @@ -0,0 +1,38 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 14 +VisualStudioVersion = 14.0.25420.1 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{E24C65DC-7377-472B-9ABA-BC803B73C61A}") = "bitwarden-jslib", ".", "{A4DE5293-DB47-41D1-8890-7C67B83F663C}" + ProjectSection(WebsiteProperties) = preProject + TargetFrameworkMoniker = ".NETFramework,Version%3Dv4.0" + Debug.AspNetCompiler.VirtualPath = "/localhost_4405" + Debug.AspNetCompiler.PhysicalPath = "." + Debug.AspNetCompiler.TargetPath = "PrecompiledWeb\localhost_4405\" + Debug.AspNetCompiler.Updateable = "true" + Debug.AspNetCompiler.ForceOverwrite = "true" + Debug.AspNetCompiler.FixedNames = "false" + Debug.AspNetCompiler.Debug = "True" + Release.AspNetCompiler.VirtualPath = "/localhost_4405" + Release.AspNetCompiler.PhysicalPath = "." + Release.AspNetCompiler.TargetPath = "PrecompiledWeb\localhost_4405\" + Release.AspNetCompiler.Updateable = "true" + Release.AspNetCompiler.ForceOverwrite = "true" + Release.AspNetCompiler.FixedNames = "false" + Release.AspNetCompiler.Debug = "False" + VWDPort = "4405" + SlnRelativePath = "." + EndProjectSection +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Any CPU = Debug|Any CPU + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {A4DE5293-DB47-41D1-8890-7C67B83F663C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {A4DE5293-DB47-41D1-8890-7C67B83F663C}.Debug|Any CPU.Build.0 = Debug|Any CPU + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/package.json b/package.json new file mode 100644 index 0000000000..4fd9fdd4a1 --- /dev/null +++ b/package.json @@ -0,0 +1,30 @@ +{ + "name": "bitwarden-jslib", + "version": "0.0.1", + "scripts": { + + }, + "devDependencies": { + "clean-webpack-plugin": "^0.1.17", + "copy-webpack-plugin": "^4.2.0", + "css-loader": "^0.28.7", + "extract-text-webpack-plugin": "^3.0.1", + "file-loader": "^1.1.5", + "html-loader": "^0.5.1", + "html-webpack-plugin": "^2.30.1", + "style-loader": "^0.19.0", + "ts-loader": "^3.0.5", + "tslint": "^5.8.0", + "tslint-loader": "^3.5.3", + "typescript": "^2.5.3", + "webpack": "^3.8.1", + "webpack-merge": "^4.1.0" + }, + "dependencies": { + "@types/node-forge": "0.6.10", + "@types/tldjs": "1.7.1", + "@types/webcrypto": "0.0.28", + "node-forge": "0.7.1", + "tldjs": "2.0.0" + } +} diff --git a/tsconfig.json b/tsconfig.json new file mode 100644 index 0000000000..4087a2c91b --- /dev/null +++ b/tsconfig.json @@ -0,0 +1,14 @@ +{ + "compilerOptions": { + "noImplicitAny": true, + "module": "es6", + "target": "ES2016", + "allowJs": true, + "sourceMap": true, + "types": [ + ] + }, + "exclude": [ + "node_modules" + ] +} diff --git a/tslint.json b/tslint.json new file mode 100644 index 0000000000..b6d5571669 --- /dev/null +++ b/tslint.json @@ -0,0 +1,53 @@ +{ + "extends": "tslint:recommended", + "rules": { + "align": [ true, "statements", "members" ], + "ban-types": { + "options": [ + [ "Object", "Avoid using the `Object` type. Did you mean `object`?" ], + [ "Boolean", "Avoid using the `Boolean` type. Did you mean `boolean`?" ], + [ "Number", "Avoid using the `Number` type. Did you mean `number`?" ], + [ "String", "Avoid using the `String` type. Did you mean `string`?" ], + [ "Symbol", "Avoid using the `Symbol` type. Did you mean `symbol`?" ] + ] + }, + "member-access": [ true, "no-public" ], + "member-ordering": [ + true, + { + "order": [ + "public-static-field", + "public-static-method", + "protected-static-field", + "protected-static-method", + "private-static-field", + "private-static-method", + "public-instance-field", + "protected-instance-field", + "private-instance-field", + "public-constructor", + "protected-constructor", + "private-constructor", + "public-instance-method", + "protected-instance-method", + "private-instance-method" + ] + } + ], + "no-empty": [ true, "allow-empty-catch" ], + "object-literal-sort-keys": false, + "object-literal-shorthand": [ true, "never" ], + "prefer-for-of": false, + "quotemark": [ true, "single" ], + "whitespace": [ + true, + "check-branch", + "check-decl", + "check-module", + "check-operator", + "check-preblock", + "check-separator", + "check-type" + ] + } +}