From 8d8abe00b10dafe7958a1328966d811d573f94ba Mon Sep 17 00:00:00 2001
From: "Thomas.G" <gentilhomme.thomas@gmail.com>
Date: Sun, 14 Jan 2024 14:37:03 +0100
Subject: [PATCH] fix(isRequire): do not resolve CallExpr (#200)

---
 src/probes/isRequire.js                    |  4 ++-
 test/issues/177-wrongUnsafeRequire.spec.js | 38 ++++++++++++++++++++++
 test/issues/179-UnsafeEvalRequire.spec.js  |  2 +-
 3 files changed, 42 insertions(+), 2 deletions(-)
 create mode 100644 test/issues/177-wrongUnsafeRequire.spec.js

diff --git a/src/probes/isRequire.js b/src/probes/isRequire.js
index a91e93e..8fe0c29 100644
--- a/src/probes/isRequire.js
+++ b/src/probes/isRequire.js
@@ -13,7 +13,9 @@ import {
 import { ProbeSignals } from "../ProbeRunner.js";
 
 function validateNodeRequire(node, { tracer }) {
-  const id = getCallExpressionIdentifier(node);
+  const id = getCallExpressionIdentifier(node, {
+    resolveCallExpression: false
+  });
   if (id === null) {
     return [false];
   }
diff --git a/test/issues/177-wrongUnsafeRequire.spec.js b/test/issues/177-wrongUnsafeRequire.spec.js
new file mode 100644
index 0000000..0e70160
--- /dev/null
+++ b/test/issues/177-wrongUnsafeRequire.spec.js
@@ -0,0 +1,38 @@
+// Import Node.js Dependencies
+import { test } from "node:test";
+import assert from "node:assert";
+
+// Import Internal Dependencies
+import { runASTAnalysis } from "../../index.js";
+
+/**
+ * @see https://github.com/NodeSecure/js-x-ray/issues/177
+ */
+test("should detect unsafe-import and unsafe-statement", () => {
+  const { warnings, dependencies } = runASTAnalysis(`const help = require('help-me')({
+    dir: path.join(__dirname, 'help'),
+    ext: '.txt'
+  })`);
+
+  assert.strictEqual(warnings.length, 0);
+  assert.ok(dependencies.has("help-me"));
+  const dependency = dependencies.get("help-me");
+
+  assert.deepEqual(
+    dependency,
+    {
+      unsafe: false,
+      inTry: false,
+      location: {
+        end: {
+          column: 31,
+          line: 1
+        },
+        start: {
+          column: 13,
+          line: 1
+        }
+      }
+    }
+  );
+});
diff --git a/test/issues/179-UnsafeEvalRequire.spec.js b/test/issues/179-UnsafeEvalRequire.spec.js
index 8e089c5..3c36e54 100644
--- a/test/issues/179-UnsafeEvalRequire.spec.js
+++ b/test/issues/179-UnsafeEvalRequire.spec.js
@@ -9,7 +9,7 @@ import { runASTAnalysis } from "../../index.js";
  * @see https://github.com/NodeSecure/js-x-ray/issues/179
  */
 // CONSTANTS
-const kIncriminedCodeSample = `const stream = eval('require')('stream');`;
+const kIncriminedCodeSample = "const stream = eval('require')('stream');";
 const kWarningUnsafeImport = "unsafe-import";
 const kWarningUnsafeStatement = "unsafe-stmt";