JS-323 Create rule S6627 (no-internal-api-use): Users should not us…

…e internal APIs (#4802) Co-authored-by: Yassin Kammoun <[email protected]> Co-authored-by: yassin-kammoun-sonarsource <[email protected]>
SonarSource · Sep 9, 2024 · 48317a6 · 48317a6
1 parent 52f8fc7
commit 48317a6
Show file tree

Hide file tree

Showing 14 changed files with 245 additions and 1 deletion.
diff --git a/its/ruling/src/test/expected/jsts/templating/javascript-S6627.json b/its/ruling/src/test/expected/jsts/templating/javascript-S6627.json
@@ -0,0 +1,5 @@
+{
+"templating:protractor-shared.conf.js": [
+1
+]
+}
diff --git a/packages/jsts/src/rules/S6627/cb.fixture.ts b/packages/jsts/src/rules/S6627/cb.fixture.ts
@@ -0,0 +1,9 @@
+
+import foo from 'bar';
+
+  import foo from '../node_modules/bar'; // Noncompliant {{Do not use internal APIs of your dependencies}}
+//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+import { foo } from '../node_modules/bar'; // Noncompliant
+
+  require('../node_modules/bar'); // Noncompliant
+//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/packages/jsts/src/rules/S6627/cb.test.ts b/packages/jsts/src/rules/S6627/cb.test.ts
@@ -0,0 +1,28 @@
+/*
+ * SonarQube JavaScript Plugin
+ * Copyright (C) 2011-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+import { check } from '../../../tests/tools';
+import { rule } from './';
+import path from 'path';
+
+const sonarId = path.basename(__dirname);
+
+describe('Rule S6627', () => {
+  check(sonarId, rule, __dirname);
+});
diff --git a/packages/jsts/src/rules/S6627/index.ts b/packages/jsts/src/rules/S6627/index.ts
@@ -0,0 +1,20 @@
+/*
+ * SonarQube JavaScript Plugin
+ * Copyright (C) 2011-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+export { rule } from './rule';
diff --git a/packages/jsts/src/rules/S6627/meta.ts b/packages/jsts/src/rules/S6627/meta.ts
@@ -0,0 +1,33 @@
+/*
+ * SonarQube JavaScript Plugin
+ * Copyright (C) 2011-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+// DO NOT EDIT! This file is autogenerated by "npm run generate-meta"
+
+export const meta = {
+  type: 'suggestion',
+  docs: {
+    description: 'Users should not use internal APIs',
+    recommended: true,
+    url: 'https://sonarsource.github.io/rspec/#/rspec/S6627/javascript',
+    requiresTypeChecking: false,
+  },
+};
+
+export const sonarKey = 'S6627';
diff --git a/packages/jsts/src/rules/S6627/rule.ts b/packages/jsts/src/rules/S6627/rule.ts
@@ -0,0 +1,57 @@
+/*
+ * SonarQube JavaScript Plugin
+ * Copyright (C) 2011-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+// https://sonarsource.github.io/rspec/#/rspec/S6627/javascript
+
+import { Rule } from 'eslint';
+import estree from 'estree';
+import { generateMeta, isRequire, isStringLiteral } from '../helpers';
+import { meta } from './meta';
+
+const messages = {
+  default: 'Do not use internal APIs of your dependencies',
+};
+
+export const rule: Rule.RuleModule = {
+  meta: generateMeta(meta as Rule.RuleMetaData, { messages }),
+  create(context: Rule.RuleContext) {
+    return {
+      CallExpression(node: estree.CallExpression) {
+        if (isRequire(node)) {
+          const [arg] = node.arguments;
+          if (isStringLiteral(arg) && arg.value.includes('node_modules')) {
+            context.report({
+              node,
+              messageId: 'default',
+            });
+          }
+        }
+      },
+      ImportDeclaration(node: estree.ImportDeclaration) {
+        const moduleName = node.source.value as string;
+        if (moduleName.includes('node_modules')) {
+          context.report({
+            node,
+            messageId: 'default',
+          });
+        }
+      },
+    };
+  },
+};
diff --git a/packages/jsts/src/rules/helpers/module.ts b/packages/jsts/src/rules/helpers/module.ts
@@ -52,7 +52,7 @@ export function getRequireCalls(context: Rule.RuleContext) {
   return required;
 }
 
-function isRequire(node: Node) {
+export function isRequire(node: Node): node is estree.CallExpression {
   return (
     node.type === 'CallExpression' &&
     node.callee.type === 'Identifier' &&

diff --git a/packages/jsts/src/rules/index.ts b/packages/jsts/src/rules/index.ts
@@ -184,6 +184,7 @@ import { rule as S2970 } from './S2970'; // no-incomplete-assertions
 import { rule as S3801 } from './S3801'; // no-inconsistent-returns
 import { rule as S3402 } from './S3402'; // no-incorrect-string-concat
 import { rule as S2189 } from './S2189'; // no-infinite-loop
+import { rule as S6627 } from './S6627'; // no-internal-api-use
 import { rule as S5604 } from './S5604'; // no-intrusive-permissions
 import { rule as S4123 } from './S4123'; // no-invalid-await
 import { rule as S3516 } from './S3516'; // no-invariant-returns
@@ -715,6 +716,7 @@ const bridgeRules: { [key: string]: Rule.RuleModule } = {
   S6594,
   S6598,
   S6606,
+  S6627,
   S6635: eslintRules['no-constructor-return'],
   S6637: eslintRules['no-extra-bind'],
   S6638: eslintRules['no-constant-binary-expression'],

diff --git a/packages/jsts/src/rules/plugin.ts b/packages/jsts/src/rules/plugin.ts
@@ -348,6 +348,7 @@ import { rule as S2817 } from './S2817';
 import { rule as S5689 } from './S5689';
 import { rule as S2755 } from './S2755';
 import { rule as S4817 } from './S4817';
+import { rule as S6627 } from './S6627';
 import { rule as S1607 } from './S1607';
 import type { Rule, Linter } from 'eslint';
 import { rule as S7059 } from './S7059';
@@ -517,6 +518,7 @@ export const rules: Record<string, Rule.RuleModule> = {
   'no-inconsistent-returns': S3801,
   'no-incorrect-string-concat': S3402,
   'no-infinite-loop': S2189,
+  'no-internal-api-use': S6627,
   'no-intrusive-permissions': S5604,
   'no-invalid-await': S4123,
   'no-invariant-returns': S3516,

diff --git a/sonar-plugin/javascript-checks/src/main/java/org/sonar/javascript/checks/CheckList.java b/sonar-plugin/javascript-checks/src/main/java/org/sonar/javascript/checks/CheckList.java
@@ -286,6 +286,7 @@ public static List<Class<? extends JavaScriptCheck>> getAllChecks() {
       NoIncompleteAssertionsCheck.class,
       NoInferrableTypesCheck.class,
       NoInteractiveElementToNoninteractiveRoleCheck.class,
+      NoInternalApiUseCheck.class,
       NoInvalidAwaitCheck.class,
       NoInvertedBooleanCheckCheck.class,
       NoIsMountedCheck.class,

diff --git a/...in/javascript-checks/src/main/java/org/sonar/javascript/checks/NoInternalApiUseCheck.java b/...in/javascript-checks/src/main/java/org/sonar/javascript/checks/NoInternalApiUseCheck.java
@@ -0,0 +1,36 @@
+/*
+ * SonarQube JavaScript Plugin
+ * Copyright (C) 2011-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonar.javascript.checks;
+
+import org.sonar.check.Rule;
+import org.sonar.plugins.javascript.api.EslintBasedCheck;
+import org.sonar.plugins.javascript.api.JavaScriptRule;
+import org.sonar.plugins.javascript.api.TypeScriptRule;
+
+@TypeScriptRule
+@JavaScriptRule
+@Rule(key = "S6627")
+public class NoInternalApiUseCheck implements EslintBasedCheck {
+
+  @Override
+  public String eslintKey() {
+    return "no-internal-api-use";
+  }
+}
diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6627.html b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6627.html
@@ -0,0 +1,23 @@
+<h2>Why is this an issue?</h2>
+<p>The public API of a framework, plugin, or library is the way its provider intended it to be used. API stability and compatibility (within the same
+major version number) of a library are guaranteed only for its public API.</p>
+<p>Internal APIs are mere implementation details and are prone to breaking changes as the implementation of the library changes. No guarantees are
+being made about them. Therefore, users should not use internal APIs, even when visible.</p>
+<h3>What is the potential impact?</h3>
+<h4>Code Stability</h4>
+<p>If not fixed, your code might break when the library is upgraded to a new version, even if only the minor version number or the patch number
+changes.</p>
+<h2>How to fix it</h2>
+<p>Replace internal API usage with the public API designed for your use case. This may imply a refactoring of the affected code if no one-to-one
+replacement is available in the public API. If a specific functionality is required, copying the required parts of the implementation into your code
+may even be better than using the internal API.</p>
+<h3>Code examples</h3>
+<h4>Noncompliant code example</h4>
+<pre data-diff-id="1" data-diff-type="noncompliant">
+import { _parseWith } from './node_modules/foo/helpers'
+</pre>
+<h4>Compliant solution</h4>
+<pre data-diff-id="1" data-diff-type="compliant">
+import { parse } from 'foo'
+</pre>
+
diff --git a/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6627.json b/...avascript-checks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/S6627.json
@@ -0,0 +1,27 @@
+{
+  "title": "Users should not use internal APIs",
+  "type": "CODE_SMELL",
+  "code": {
+    "impacts": {
+      "MAINTAINABILITY": "MEDIUM"
+    },
+    "attribute": "MODULAR"
+  },
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+    "gradle"
+  ],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-6627",
+  "sqKey": "S6627",
+  "scope": "All",
+  "quickfix": "unknown",
+  "compatibleLanguages": [
+    "JAVASCRIPT",
+    "TYPESCRIPT"
+  ]
+}
diff --git a/...ecks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/Sonar_way_profile.json b/...ecks/src/main/resources/org/sonar/l10n/javascript/rules/javascript/Sonar_way_profile.json
@@ -269,6 +269,7 @@
     "S6594",
     "S6598",
     "S6606",
+    "S6627",
     "S6635",
     "S6637",
     "S6638",