| [d565449] | 1 | /**
|
|---|
| 2 | * @fileoverview Rule to flag use of implied eval via setTimeout and setInterval
|
|---|
| 3 | * @author James Allardice
|
|---|
| 4 | */
|
|---|
| 5 |
|
|---|
| 6 | "use strict";
|
|---|
| 7 |
|
|---|
| 8 | //------------------------------------------------------------------------------
|
|---|
| 9 | // Requirements
|
|---|
| 10 | //------------------------------------------------------------------------------
|
|---|
| 11 |
|
|---|
| 12 | const astUtils = require("./utils/ast-utils");
|
|---|
| 13 | const { getStaticValue } = require("@eslint-community/eslint-utils");
|
|---|
| 14 |
|
|---|
| 15 | //------------------------------------------------------------------------------
|
|---|
| 16 | // Rule Definition
|
|---|
| 17 | //------------------------------------------------------------------------------
|
|---|
| 18 |
|
|---|
| 19 | /** @type {import('../shared/types').Rule} */
|
|---|
| 20 | module.exports = {
|
|---|
| 21 | meta: {
|
|---|
| 22 | type: "suggestion",
|
|---|
| 23 |
|
|---|
| 24 | docs: {
|
|---|
| 25 | description: "Disallow the use of `eval()`-like methods",
|
|---|
| 26 | recommended: false,
|
|---|
| 27 | url: "https://eslint.org/docs/latest/rules/no-implied-eval"
|
|---|
| 28 | },
|
|---|
| 29 |
|
|---|
| 30 | schema: [],
|
|---|
| 31 |
|
|---|
| 32 | messages: {
|
|---|
| 33 | impliedEval: "Implied eval. Consider passing a function instead of a string."
|
|---|
| 34 | }
|
|---|
| 35 | },
|
|---|
| 36 |
|
|---|
| 37 | create(context) {
|
|---|
| 38 | const GLOBAL_CANDIDATES = Object.freeze(["global", "window", "globalThis"]);
|
|---|
| 39 | const EVAL_LIKE_FUNC_PATTERN = /^(?:set(?:Interval|Timeout)|execScript)$/u;
|
|---|
| 40 | const sourceCode = context.sourceCode;
|
|---|
| 41 |
|
|---|
| 42 | /**
|
|---|
| 43 | * Checks whether a node is evaluated as a string or not.
|
|---|
| 44 | * @param {ASTNode} node A node to check.
|
|---|
| 45 | * @returns {boolean} True if the node is evaluated as a string.
|
|---|
| 46 | */
|
|---|
| 47 | function isEvaluatedString(node) {
|
|---|
| 48 | if (
|
|---|
| 49 | (node.type === "Literal" && typeof node.value === "string") ||
|
|---|
| 50 | node.type === "TemplateLiteral"
|
|---|
| 51 | ) {
|
|---|
| 52 | return true;
|
|---|
| 53 | }
|
|---|
| 54 | if (node.type === "BinaryExpression" && node.operator === "+") {
|
|---|
| 55 | return isEvaluatedString(node.left) || isEvaluatedString(node.right);
|
|---|
| 56 | }
|
|---|
| 57 | return false;
|
|---|
| 58 | }
|
|---|
| 59 |
|
|---|
| 60 | /**
|
|---|
| 61 | * Reports if the `CallExpression` node has evaluated argument.
|
|---|
| 62 | * @param {ASTNode} node A CallExpression to check.
|
|---|
| 63 | * @returns {void}
|
|---|
| 64 | */
|
|---|
| 65 | function reportImpliedEvalCallExpression(node) {
|
|---|
| 66 | const [firstArgument] = node.arguments;
|
|---|
| 67 |
|
|---|
| 68 | if (firstArgument) {
|
|---|
| 69 |
|
|---|
| 70 | const staticValue = getStaticValue(firstArgument, sourceCode.getScope(node));
|
|---|
| 71 | const isStaticString = staticValue && typeof staticValue.value === "string";
|
|---|
| 72 | const isString = isStaticString || isEvaluatedString(firstArgument);
|
|---|
| 73 |
|
|---|
| 74 | if (isString) {
|
|---|
| 75 | context.report({
|
|---|
| 76 | node,
|
|---|
| 77 | messageId: "impliedEval"
|
|---|
| 78 | });
|
|---|
| 79 | }
|
|---|
| 80 | }
|
|---|
| 81 |
|
|---|
| 82 | }
|
|---|
| 83 |
|
|---|
| 84 | /**
|
|---|
| 85 | * Reports calls of `implied eval` via the global references.
|
|---|
| 86 | * @param {Variable} globalVar A global variable to check.
|
|---|
| 87 | * @returns {void}
|
|---|
| 88 | */
|
|---|
| 89 | function reportImpliedEvalViaGlobal(globalVar) {
|
|---|
| 90 | const { references, name } = globalVar;
|
|---|
| 91 |
|
|---|
| 92 | references.forEach(ref => {
|
|---|
| 93 | const identifier = ref.identifier;
|
|---|
| 94 | let node = identifier.parent;
|
|---|
| 95 |
|
|---|
| 96 | while (astUtils.isSpecificMemberAccess(node, null, name)) {
|
|---|
| 97 | node = node.parent;
|
|---|
| 98 | }
|
|---|
| 99 |
|
|---|
| 100 | if (astUtils.isSpecificMemberAccess(node, null, EVAL_LIKE_FUNC_PATTERN)) {
|
|---|
| 101 | const calleeNode = node.parent.type === "ChainExpression" ? node.parent : node;
|
|---|
| 102 | const parent = calleeNode.parent;
|
|---|
| 103 |
|
|---|
| 104 | if (parent.type === "CallExpression" && parent.callee === calleeNode) {
|
|---|
| 105 | reportImpliedEvalCallExpression(parent);
|
|---|
| 106 | }
|
|---|
| 107 | }
|
|---|
| 108 | });
|
|---|
| 109 | }
|
|---|
| 110 |
|
|---|
| 111 | //--------------------------------------------------------------------------
|
|---|
| 112 | // Public
|
|---|
| 113 | //--------------------------------------------------------------------------
|
|---|
| 114 |
|
|---|
| 115 | return {
|
|---|
| 116 | CallExpression(node) {
|
|---|
| 117 | if (astUtils.isSpecificId(node.callee, EVAL_LIKE_FUNC_PATTERN)) {
|
|---|
| 118 | reportImpliedEvalCallExpression(node);
|
|---|
| 119 | }
|
|---|
| 120 | },
|
|---|
| 121 | "Program:exit"(node) {
|
|---|
| 122 | const globalScope = sourceCode.getScope(node);
|
|---|
| 123 |
|
|---|
| 124 | GLOBAL_CANDIDATES
|
|---|
| 125 | .map(candidate => astUtils.getVariableByName(globalScope, candidate))
|
|---|
| 126 | .filter(globalVar => !!globalVar && globalVar.defs.length === 0)
|
|---|
| 127 | .forEach(reportImpliedEvalViaGlobal);
|
|---|
| 128 | }
|
|---|
| 129 | };
|
|---|
| 130 |
|
|---|
| 131 | }
|
|---|
| 132 | };
|
|---|
