no-implied-eval.js
4.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
/**
* @fileoverview Rule to flag use of implied eval via setTimeout and setInterval
* @author James Allardice
*/
"use strict";
//------------------------------------------------------------------------------
// Requirements
//------------------------------------------------------------------------------
const astUtils = require("./utils/ast-utils");
const { getStaticValue } = require("eslint-utils");
//------------------------------------------------------------------------------
// Rule Definition
//------------------------------------------------------------------------------
module.exports = {
meta: {
type: "suggestion",
docs: {
description: "disallow the use of `eval()`-like methods",
category: "Best Practices",
recommended: false,
url: "https://eslint.org/docs/rules/no-implied-eval"
},
schema: [],
messages: {
impliedEval: "Implied eval. Consider passing a function instead of a string."
}
},
create(context) {
const GLOBAL_CANDIDATES = Object.freeze(["global", "window", "globalThis"]);
const EVAL_LIKE_FUNC_PATTERN = /^(?:set(?:Interval|Timeout)|execScript)$/u;
/**
* Checks whether a node is evaluated as a string or not.
* @param {ASTNode} node A node to check.
* @returns {boolean} True if the node is evaluated as a string.
*/
function isEvaluatedString(node) {
if (
(node.type === "Literal" && typeof node.value === "string") ||
node.type === "TemplateLiteral"
) {
return true;
}
if (node.type === "BinaryExpression" && node.operator === "+") {
return isEvaluatedString(node.left) || isEvaluatedString(node.right);
}
return false;
}
/**
* Reports if the `CallExpression` node has evaluated argument.
* @param {ASTNode} node A CallExpression to check.
* @returns {void}
*/
function reportImpliedEvalCallExpression(node) {
const [firstArgument] = node.arguments;
if (firstArgument) {
const staticValue = getStaticValue(firstArgument, context.getScope());
const isStaticString = staticValue && typeof staticValue.value === "string";
const isString = isStaticString || isEvaluatedString(firstArgument);
if (isString) {
context.report({
node,
messageId: "impliedEval"
});
}
}
}
/**
* Reports calls of `implied eval` via the global references.
* @param {Variable} globalVar A global variable to check.
* @returns {void}
*/
function reportImpliedEvalViaGlobal(globalVar) {
const { references, name } = globalVar;
references.forEach(ref => {
const identifier = ref.identifier;
let node = identifier.parent;
while (astUtils.isSpecificMemberAccess(node, null, name)) {
node = node.parent;
}
if (astUtils.isSpecificMemberAccess(node, null, EVAL_LIKE_FUNC_PATTERN)) {
const calleeNode = node.parent.type === "ChainExpression" ? node.parent : node;
const parent = calleeNode.parent;
if (parent.type === "CallExpression" && parent.callee === calleeNode) {
reportImpliedEvalCallExpression(parent);
}
}
});
}
//--------------------------------------------------------------------------
// Public
//--------------------------------------------------------------------------
return {
CallExpression(node) {
if (astUtils.isSpecificId(node.callee, EVAL_LIKE_FUNC_PATTERN)) {
reportImpliedEvalCallExpression(node);
}
},
"Program:exit"() {
const globalScope = context.getScope();
GLOBAL_CANDIDATES
.map(candidate => astUtils.getVariableByName(globalScope, candidate))
.filter(globalVar => !!globalVar && globalVar.defs.length === 0)
.forEach(reportImpliedEvalViaGlobal);
}
};
}
};