| 1 | /**
|
|---|
| 2 | * @fileoverview Rule to flag when using new Function
|
|---|
| 3 | * @author Ilya Volodin
|
|---|
| 4 | */
|
|---|
| 5 |
|
|---|
| 6 | "use strict";
|
|---|
| 7 |
|
|---|
| 8 | //------------------------------------------------------------------------------
|
|---|
| 9 | // Requirements
|
|---|
| 10 | //------------------------------------------------------------------------------
|
|---|
| 11 |
|
|---|
| 12 | const astUtils = require("./utils/ast-utils");
|
|---|
| 13 |
|
|---|
| 14 | //------------------------------------------------------------------------------
|
|---|
| 15 | // Helpers
|
|---|
| 16 | //------------------------------------------------------------------------------
|
|---|
| 17 |
|
|---|
| 18 | const callMethods = new Set(["apply", "bind", "call"]);
|
|---|
| 19 |
|
|---|
| 20 | //------------------------------------------------------------------------------
|
|---|
| 21 | // Rule Definition
|
|---|
| 22 | //------------------------------------------------------------------------------
|
|---|
| 23 |
|
|---|
| 24 | /** @type {import('../shared/types').Rule} */
|
|---|
| 25 | module.exports = {
|
|---|
| 26 | meta: {
|
|---|
| 27 | type: "suggestion",
|
|---|
| 28 |
|
|---|
| 29 | docs: {
|
|---|
| 30 | description: "Disallow `new` operators with the `Function` object",
|
|---|
| 31 | recommended: false,
|
|---|
| 32 | url: "https://eslint.org/docs/latest/rules/no-new-func"
|
|---|
| 33 | },
|
|---|
| 34 |
|
|---|
| 35 | schema: [],
|
|---|
| 36 |
|
|---|
| 37 | messages: {
|
|---|
| 38 | noFunctionConstructor: "The Function constructor is eval."
|
|---|
| 39 | }
|
|---|
| 40 | },
|
|---|
| 41 |
|
|---|
| 42 | create(context) {
|
|---|
| 43 | const sourceCode = context.sourceCode;
|
|---|
| 44 |
|
|---|
| 45 | return {
|
|---|
| 46 | "Program:exit"(node) {
|
|---|
| 47 | const globalScope = sourceCode.getScope(node);
|
|---|
| 48 | const variable = globalScope.set.get("Function");
|
|---|
| 49 |
|
|---|
| 50 | if (variable && variable.defs.length === 0) {
|
|---|
| 51 | variable.references.forEach(ref => {
|
|---|
| 52 | const idNode = ref.identifier;
|
|---|
| 53 | const { parent } = idNode;
|
|---|
| 54 | let evalNode;
|
|---|
| 55 |
|
|---|
| 56 | if (parent) {
|
|---|
| 57 | if (idNode === parent.callee && (
|
|---|
| 58 | parent.type === "NewExpression" ||
|
|---|
| 59 | parent.type === "CallExpression"
|
|---|
| 60 | )) {
|
|---|
| 61 | evalNode = parent;
|
|---|
| 62 | } else if (
|
|---|
| 63 | parent.type === "MemberExpression" &&
|
|---|
| 64 | idNode === parent.object &&
|
|---|
| 65 | callMethods.has(astUtils.getStaticPropertyName(parent))
|
|---|
| 66 | ) {
|
|---|
| 67 | const maybeCallee = parent.parent.type === "ChainExpression" ? parent.parent : parent;
|
|---|
| 68 |
|
|---|
| 69 | if (maybeCallee.parent.type === "CallExpression" && maybeCallee.parent.callee === maybeCallee) {
|
|---|
| 70 | evalNode = maybeCallee.parent;
|
|---|
| 71 | }
|
|---|
| 72 | }
|
|---|
| 73 | }
|
|---|
| 74 |
|
|---|
| 75 | if (evalNode) {
|
|---|
| 76 | context.report({
|
|---|
| 77 | node: evalNode,
|
|---|
| 78 | messageId: "noFunctionConstructor"
|
|---|
| 79 | });
|
|---|
| 80 | }
|
|---|
| 81 | });
|
|---|
| 82 | }
|
|---|
| 83 | }
|
|---|
| 84 | };
|
|---|
| 85 |
|
|---|
| 86 | }
|
|---|
| 87 | };
|
|---|
