From 074e6f34c570532e6b5ed21d261d810373ae29e5 Mon Sep 17 00:00:00 2001 From: "Nicholas C. Zakas" Date: Tue, 9 Apr 2024 11:05:12 -0700 Subject: [PATCH] Update getScope for max compatibility --- package-lock.json | 31 +++++++------------------ rules/detect-child-process.js | 8 ++++--- rules/detect-non-literal-fs-filename.js | 10 ++++---- rules/detect-non-literal-regexp.js | 8 +++++-- rules/detect-non-literal-require.js | 8 +++++-- test/utils/import-utils.js | 5 +++- test/utils/is-static-expression.js | 6 ++++- 7 files changed, 40 insertions(+), 36 deletions(-) diff --git a/package-lock.json b/package-lock.json index 7bcf595..82903f9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "safe-regex": "^2.1.1" }, "devDependencies": { - "@eslint/js": "^8.51.0", + "@eslint/js": "^9.0.0", "changelog": "1.3.0", "eslint": "^9.0.0", "eslint-config-nodesecurity": "^1.3.1", @@ -104,12 +104,12 @@ } }, "node_modules/@eslint/js": { - "version": "8.51.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.51.0.tgz", - "integrity": "sha512-HxjQ8Qn+4SI3/AFv6sOrDB+g6PpUTDwSJiQqOrnneEk8L71161srI9gjzzZvYVbzHiVg/BvcH95+cK/zfIt4pg==", + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.0.0.tgz", + "integrity": "sha512-RThY/MnKrhubF6+s1JflwUjPEsnCEmYCWwqa/aRISKWNXGZ9epUwft4bUMM35SdKF9xvBrLydAM1RDHd1Z//ZQ==", "dev": true, "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" } }, "node_modules/@humanwhocodes/config-array": { @@ -2175,15 +2175,6 @@ "url": "https://opencollective.com/eslint" } }, - "node_modules/eslint/node_modules/@eslint/js": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.0.0.tgz", - "integrity": "sha512-RThY/MnKrhubF6+s1JflwUjPEsnCEmYCWwqa/aRISKWNXGZ9epUwft4bUMM35SdKF9xvBrLydAM1RDHd1Z//ZQ==", - "dev": true, - "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" - } - }, "node_modules/eslint/node_modules/ansi-regex": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", @@ -10324,9 +10315,9 @@ } }, "@eslint/js": { - "version": "8.51.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.51.0.tgz", - "integrity": "sha512-HxjQ8Qn+4SI3/AFv6sOrDB+g6PpUTDwSJiQqOrnneEk8L71161srI9gjzzZvYVbzHiVg/BvcH95+cK/zfIt4pg==", + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.0.0.tgz", + "integrity": "sha512-RThY/MnKrhubF6+s1JflwUjPEsnCEmYCWwqa/aRISKWNXGZ9epUwft4bUMM35SdKF9xvBrLydAM1RDHd1Z//ZQ==", "dev": true }, "@humanwhocodes/config-array": { @@ -11707,12 +11698,6 @@ "text-table": "^0.2.0" }, "dependencies": { - "@eslint/js": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.0.0.tgz", - "integrity": "sha512-RThY/MnKrhubF6+s1JflwUjPEsnCEmYCWwqa/aRISKWNXGZ9epUwft4bUMM35SdKF9xvBrLydAM1RDHd1Z//ZQ==", - "dev": true - }, "ansi-regex": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", diff --git a/rules/detect-child-process.js b/rules/detect-child-process.js index 4390f0a..e6c1f78 100644 --- a/rules/detect-child-process.js +++ b/rules/detect-child-process.js @@ -24,7 +24,7 @@ module.exports = { }, }, create(context) { - const sourceCode = context.sourceCode; + const sourceCode = context.sourceCode || context.getSourceCode(); return { CallExpression: function (node) { if (node.callee.name === 'require') { @@ -42,19 +42,21 @@ module.exports = { return; } + const scope = sourceCode.getScope ? sourceCode.getScope(node) : context.getScope(); + // Reports non-literal `exec()` calls. if ( !node.arguments.length || isStaticExpression({ node: node.arguments[0], - scope: sourceCode.getScope(node.arguments[0]), + scope, }) ) { return; } const pathInfo = getImportAccessPath({ node: node.callee, - scope: sourceCode.getScope(node.callee), + scope, packageNames: childProcessPackageNames, }); const fnName = pathInfo && pathInfo.path.length === 1 && pathInfo.path[0]; diff --git a/rules/detect-non-literal-fs-filename.js b/rules/detect-non-literal-fs-filename.js index 1635ea5..e9eafe9 100644 --- a/rules/detect-non-literal-fs-filename.js +++ b/rules/detect-non-literal-fs-filename.js @@ -27,17 +27,18 @@ module.exports = { }, }, create(context) { - const sourceCode = context.sourceCode; + const sourceCode = context.sourceCode || context.getSourceCode(); return { - CallExpression: function (node) { + CallExpression(node) { // don't check require. If all arguments are Literals, it's surely safe! if ((node.callee.type === 'Identifier' && node.callee.name === 'require') || node.arguments.every((argument) => argument.type === 'Literal')) { return; } + const scope = sourceCode.getScope ? sourceCode.getScope(node) : context.getScope(); const pathInfo = getImportAccessPath({ node: node.callee, - scope: sourceCode.getScope(node.callee), + scope, packageNames: fsPackageNames, }); if (!pathInfo) { @@ -80,7 +81,8 @@ module.exports = { continue; } const argument = node.arguments[index]; - if (isStaticExpression({ node: argument, scope: sourceCode.getScope(argument) })) { + + if (isStaticExpression({ node: argument, scope })) { continue; } indices.push(index); diff --git a/rules/detect-non-literal-regexp.js b/rules/detect-non-literal-regexp.js index 8c579c5..c2a9224 100644 --- a/rules/detect-non-literal-regexp.js +++ b/rules/detect-non-literal-regexp.js @@ -22,16 +22,20 @@ module.exports = { }, }, create(context) { + const sourceCode = context.sourceCode || context.getSourceCode(); + return { - NewExpression: function (node) { + NewExpression(node) { if (node.callee.name === 'RegExp') { const args = node.arguments; + const scope = sourceCode.getScope ? sourceCode.getScope(node) : context.getScope(); + if ( args && args.length > 0 && !isStaticExpression({ node: args[0], - scope: context.sourceCode.getScope(args[0]), + scope, }) ) { return context.report({ node: node, message: 'Found non-literal argument to RegExp Constructor' }); diff --git a/rules/detect-non-literal-require.js b/rules/detect-non-literal-require.js index 07b330f..560864d 100644 --- a/rules/detect-non-literal-require.js +++ b/rules/detect-non-literal-require.js @@ -22,16 +22,20 @@ module.exports = { }, }, create(context) { + const sourceCode = context.sourceCode || context.getSourceCode(); + return { - CallExpression: function (node) { + CallExpression(node) { if (node.callee.name === 'require') { const args = node.arguments; + const scope = sourceCode.getScope ? sourceCode.getScope(node) : context.getScope(); + if ( args && args.length > 0 && !isStaticExpression({ node: args[0], - scope: context.sourceCode.getScope(args[0]), + scope, }) ) { return context.report({ node: node, message: 'Found non-literal argument in require' }); diff --git a/test/utils/import-utils.js b/test/utils/import-utils.js index acf95a4..8ebde33 100644 --- a/test/utils/import-utils.js +++ b/test/utils/import-utils.js @@ -10,15 +10,18 @@ function getGetImportAccessPathResult(code) { const result = []; const testRule = { create(context) { + const sourceCode = context.sourceCode || context.getSourceCode(); return { 'Identifier[name = target]'(node) { let expr = node; if (node.parent.type === 'MemberExpression' && node.parent.property === node) { expr = node.parent; } + const scope = sourceCode.getScope ? sourceCode.getScope(node) : context.getScope(); + const info = getImportAccessPath({ node: expr, - scope: context.sourceCode.getScope(expr), + scope, packageNames: ['target', 'target-foo', 'target-bar'], }); if (!info) return; diff --git a/test/utils/is-static-expression.js b/test/utils/is-static-expression.js index 9b92ffe..298fcca 100644 --- a/test/utils/is-static-expression.js +++ b/test/utils/is-static-expression.js @@ -14,13 +14,17 @@ function getIsStaticExpressionResult(code) { const result = []; const testRule = { create(context) { + const sourceCode = context.sourceCode || context.getSourceCode(); + return { 'CallExpression[callee.name = target]'(node) { + const scope = sourceCode.getScope ? sourceCode.getScope(node) : context.getScope(); + result.push( ...node.arguments.map((expr) => isStaticExpression({ node: expr, - scope: context.sourceCode.getScope(expr), + scope, }) ) );