Skip to content

Commit

Permalink
fix: Ensure everything works with ESLint v9 (#145)
Browse files Browse the repository at this point in the history
Co-authored-by: 唯然 <[email protected]>
  • Loading branch information
nzakas and aladdin-add authored Apr 10, 2024
1 parent df1b606 commit ac50ab4
Show file tree
Hide file tree
Showing 20 changed files with 486 additions and 439 deletions.
757 changes: 386 additions & 371 deletions package-lock.json

Large diffs are not rendered by default.

6 changes: 3 additions & 3 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -46,13 +46,13 @@
"safe-regex": "^2.1.1"
},
"devDependencies": {
"@eslint/js": "^8.51.0",
"@eslint/js": "^9.0.0",
"changelog": "1.3.0",
"eslint": "^8.51.0",
"eslint": "^9.0.0",
"eslint-config-nodesecurity": "^1.3.1",
"eslint-config-prettier": "^8.5.0",
"eslint-doc-generator": "^1.7.0",
"eslint-plugin-eslint-plugin": "^5.1.1",
"eslint-plugin-eslint-plugin": "^5.5.1",
"lint-staged": "^12.3.7",
"markdownlint-cli": "^0.32.2",
"mocha": "^9.2.2",
Expand Down
2 changes: 1 addition & 1 deletion rules/detect-bidi-characters.js
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ module.exports = {
url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-bidi-characters.md',
},
},
create: function (context) {
create(context) {
return {
Program: function (node) {
report({
Expand Down
2 changes: 1 addition & 1 deletion rules/detect-buffer-noassert.js
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ module.exports = {
write,
},
},
create: function (context) {
create(context) {
return {
MemberExpression: function (node) {
let index;
Expand Down
9 changes: 6 additions & 3 deletions rules/detect-child-process.js
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@ module.exports = {
url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-child-process.md',
},
},
create: function (context) {
create(context) {
const sourceCode = context.sourceCode || context.getSourceCode();
return {
CallExpression: function (node) {
if (node.callee.name === 'require') {
Expand All @@ -41,19 +42,21 @@ module.exports = {
return;
}

const scope = sourceCode.getScope ? sourceCode.getScope(node) : context.getScope();

// Reports non-literal `exec()` calls.
if (
!node.arguments.length ||
isStaticExpression({
node: node.arguments[0],
scope: context.getScope(),
scope,
})
) {
return;
}
const pathInfo = getImportAccessPath({
node: node.callee,
scope: context.getScope(),
scope,
packageNames: childProcessPackageNames,
});
const fnName = pathInfo && pathInfo.path.length === 1 && pathInfo.path[0];
Expand Down
2 changes: 1 addition & 1 deletion rules/detect-disable-mustache-escape.js
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ module.exports = {
url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-disable-mustache-escape.md',
},
},
create: function (context) {
create(context) {
return {
AssignmentExpression: function (node) {
if (node.operator === '=') {
Expand Down
2 changes: 1 addition & 1 deletion rules/detect-new-buffer.js
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ module.exports = {
url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-new-buffer.md',
},
},
create: function (context) {
create(context) {
return {
NewExpression: function (node) {
if (node.callee.name === 'Buffer' && node.arguments[0] && node.arguments[0].type !== 'Literal') {
Expand Down
2 changes: 1 addition & 1 deletion rules/detect-no-csrf-before-method-override.js
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ module.exports = {
url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-no-csrf-before-method-override.md',
},
},
create: function (context) {
create(context) {
let csrf = false;

return {
Expand Down
11 changes: 7 additions & 4 deletions rules/detect-non-literal-fs-filename.js
Original file line number Diff line number Diff line change
Expand Up @@ -26,17 +26,19 @@ module.exports = {
url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-non-literal-fs-filename.md',
},
},
create: function (context) {
create(context) {
const sourceCode = context.sourceCode || context.getSourceCode();
return {
CallExpression: function (node) {
CallExpression(node) {
// don't check require. If all arguments are Literals, it's surely safe!
if ((node.callee.type === 'Identifier' && node.callee.name === 'require') || node.arguments.every((argument) => argument.type === 'Literal')) {
return;
}

const scope = sourceCode.getScope ? sourceCode.getScope(node) : context.getScope();
const pathInfo = getImportAccessPath({
node: node.callee,
scope: context.getScope(),
scope,
packageNames: fsPackageNames,
});
if (!pathInfo) {
Expand Down Expand Up @@ -79,7 +81,8 @@ module.exports = {
continue;
}
const argument = node.arguments[index];
if (isStaticExpression({ node: argument, scope: context.getScope() })) {

if (isStaticExpression({ node: argument, scope })) {
continue;
}
indices.push(index);
Expand Down
10 changes: 7 additions & 3 deletions rules/detect-non-literal-regexp.js
Original file line number Diff line number Diff line change
Expand Up @@ -21,17 +21,21 @@ module.exports = {
url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-non-literal-regexp.md',
},
},
create: function (context) {
create(context) {
const sourceCode = context.sourceCode || context.getSourceCode();

return {
NewExpression: function (node) {
NewExpression(node) {
if (node.callee.name === 'RegExp') {
const args = node.arguments;
const scope = sourceCode.getScope ? sourceCode.getScope(node) : context.getScope();

if (
args &&
args.length > 0 &&
!isStaticExpression({
node: args[0],
scope: context.getScope(),
scope,
})
) {
return context.report({ node: node, message: 'Found non-literal argument to RegExp Constructor' });
Expand Down
10 changes: 7 additions & 3 deletions rules/detect-non-literal-require.js
Original file line number Diff line number Diff line change
Expand Up @@ -21,17 +21,21 @@ module.exports = {
url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-non-literal-require.md',
},
},
create: function (context) {
create(context) {
const sourceCode = context.sourceCode || context.getSourceCode();

return {
CallExpression: function (node) {
CallExpression(node) {
if (node.callee.name === 'require') {
const args = node.arguments;
const scope = sourceCode.getScope ? sourceCode.getScope(node) : context.getScope();

if (
args &&
args.length > 0 &&
!isStaticExpression({
node: args[0],
scope: context.getScope(),
scope,
})
) {
return context.report({ node: node, message: 'Found non-literal argument in require' });
Expand Down
2 changes: 1 addition & 1 deletion rules/detect-object-injection.js
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ module.exports = {
url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-object-injection.md',
},
},
create: function (context) {
create(context) {
return {
MemberExpression: function (node) {
if (node.computed === true) {
Expand Down
2 changes: 1 addition & 1 deletion rules/detect-possible-timing-attacks.js
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ module.exports = {
url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-possible-timing-attacks.md',
},
},
create: function (context) {
create(context) {
return {
IfStatement: function (node) {
if (node.test && node.test.type === 'BinaryExpression') {
Expand Down
2 changes: 1 addition & 1 deletion rules/detect-pseudoRandomBytes.js
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ module.exports = {
url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-pseudoRandomBytes.md',
},
},
create: function (context) {
create(context) {
return {
MemberExpression: function (node) {
if (node.property.name === 'pseudoRandomBytes') {
Expand Down
2 changes: 1 addition & 1 deletion rules/detect-unsafe-regex.js
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ module.exports = {
url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-unsafe-regex.md',
},
},
create: function (context) {
create(context) {
return {
Literal: function (node) {
const token = context.getSourceCode().getTokens(node)[0];
Expand Down
7 changes: 1 addition & 6 deletions test/rules/detect-child-process.js
Original file line number Diff line number Diff line change
@@ -1,12 +1,7 @@
'use strict';

const RuleTester = require('eslint').RuleTester;
const tester = new RuleTester({
parserOptions: {
ecmaVersion: 6,
sourceType: 'module',
},
});
const tester = new RuleTester();

const ruleName = 'detect-child-process';
const rule = require(`../../rules/${ruleName}`);
Expand Down
37 changes: 21 additions & 16 deletions test/rules/detect-non-literal-fs-filename.js
Original file line number Diff line number Diff line change
@@ -1,12 +1,7 @@
'use strict';

const RuleTester = require('eslint').RuleTester;
const tester = new RuleTester({
parserOptions: {
ecmaVersion: 13,
sourceType: 'module',
},
});
const tester = new RuleTester();

const ruleName = 'detect-non-literal-fs-filename';

Expand All @@ -33,8 +28,10 @@ tester.run(ruleName, require(`../../rules/${ruleName}`), {
const index = await fsp.readFile(path.resolve(__dirname, './index.html'), 'utf-8');
const key = fs.readFileSync(path.join(__dirname, './ssl.key'));
await fsp.writeFile(path.resolve(__dirname, './sitemap.xml'), sitemap);`,
globals: {
__dirname: 'readonly',
languageOptions: {
globals: {
__dirname: 'readonly',
},
},
},
{
Expand All @@ -43,16 +40,20 @@ tester.run(ruleName, require(`../../rules/${ruleName}`), {
import path from 'path';
const dirname = path.dirname(__filename)
const key = fs.readFileSync(path.resolve(dirname, './index.html'));`,
globals: {
__filename: 'readonly',
languageOptions: {
globals: {
__filename: 'readonly',
},
},
},
{
code: `
import fs from 'fs';
const key = fs.readFileSync(\`\${process.cwd()}/path/to/foo.json\`);`,
globals: {
process: 'readonly',
languageOptions: {
globals: {
process: 'readonly',
},
},
},
`
Expand All @@ -65,8 +66,10 @@ tester.run(ruleName, require(`../../rules/${ruleName}`), {
code: `
import fs from 'fs';
const pkg = fs.readFileSync(require.resolve('eslint/package.json'), 'utf-8');`,
globals: {
require: 'readonly',
languageOptions: {
globals: {
require: 'readonly',
},
},
},
],
Expand Down Expand Up @@ -191,8 +194,10 @@ tester.run(ruleName, require(`../../rules/${ruleName}`), {
import fs from 'fs';
import path from 'path';
const key = fs.readFileSync(path.resolve(__dirname, foo));`,
globals: {
__filename: 'readonly',
languageOptions: {
globals: {
__filename: 'readonly',
},
},
errors: [{ message: 'Found readFileSync from package "fs" with non literal argument at index 0' }],
},
Expand Down
8 changes: 5 additions & 3 deletions test/rules/detect-non-literal-require.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

const RuleTester = require('eslint').RuleTester;

const tester = new RuleTester({ parserOptions: { ecmaVersion: 6 } });
const tester = new RuleTester({ languageOptions: { sourceType: 'commonjs' } });

const ruleName = 'detect-non-literal-require';

Expand All @@ -17,8 +17,10 @@ tester.run(ruleName, require(`../../rules/${ruleName}`), {
},
{
code: "const utils = require(__dirname + '/utils');",
globals: {
__dirname: 'readonly',
languageOptions: {
globals: {
__dirname: 'readonly',
},
},
},
],
Expand Down
20 changes: 13 additions & 7 deletions test/utils/import-utils.js
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,20 @@ const Linter = require('eslint').Linter;
function getGetImportAccessPathResult(code) {
const linter = new Linter();
const result = [];
linter.defineRule('test-rule', {
const testRule = {
create(context) {
const sourceCode = context.sourceCode || context.getSourceCode();
return {
'Identifier[name = target]'(node) {
let expr = node;
if (node.parent.type === 'MemberExpression' && node.parent.property === node) {
expr = node.parent;
}
const scope = sourceCode.getScope ? sourceCode.getScope(node) : context.getScope();

const info = getImportAccessPath({
node: expr,
scope: context.getScope(),
scope,
packageNames: ['target', 'target-foo', 'target-bar'],
});
if (!info) return;
Expand All @@ -30,15 +33,18 @@ function getGetImportAccessPathResult(code) {
},
};
},
});
};

const linterResult = linter.verify(code, {
parserOptions: {
ecmaVersion: 6,
sourceType: 'module',
plugins: {
test: {
rules: {
'test-rule': testRule,
},
},
},
rules: {
'test-rule': 'error',
'test/test-rule': 'error',
},
});
deepStrictEqual(linterResult, []);
Expand Down
Loading

0 comments on commit ac50ab4

Please sign in to comment.