eslint-plugin-no-unsanitized - npm Package Compare versions

Comparing version 2.0.0 to 2.0.1

index.js

@@ -7,6 +7,6 @@ /* global module, require */
     },
-    config: {
+    configs: {
         DOM: {
             rules: {
-                "property": [
+                "no-unsanitized/property": [
                     "error",
@@ -24,3 +24,3 @@ {
                 ],
-                "method": [
+                "no-unsanitized/method": [
                     "error",
@@ -27,0 +27,0 @@ {

lib/ruleHelper.js

@@ -114,3 +114,3 @@ /**
             methodName = node.property.name;
-            objectName = node.object.name;
+            objectName = node.object.name || this.context.getSource(node.object);
             break;
@@ -171,3 +171,3 @@ case "ArrowFunctionExpression":
         // If we do have object filters and the call is a function then it should not be checked
-        if ("objectName" in normalizedMethodCall) {
+        if ("objectName" in normalizedMethodCall && normalizedMethodCall.objectName) {
             for (const objectMatch of objectMatches) {
@@ -174,0 +174,0 @@ const match = new RegExp(objectMatch, "gi");

lib/rules/method.js

@@ -40,2 +40,36 @@ /* global module */
 
+/**
+ * Run ruleHelper.checkMethod for all but irrelevant callees (FunctionExpression, etc.)
+ * @param {Object} ruleHelper a RuleHelper instance
+ * @param {Object} callExpr The CallExpression we triggered on
+ * @param {Object} node The callee node
+ * @returns {undefined} Does not return
+ */
+function checkCallExpression(ruleHelper, callExpr, node) {
+    switch(node.type) {
+    case "Identifier":
+    case "MemberExpression":
+        if (callExpr.arguments.length > 0) {
+            ruleHelper.checkMethod(callExpr, defaultRuleChecks);
+        }
+        break;
+    case "AssignmentExpression":
+        checkCallExpression(ruleHelper, callExpr, node.right);
+        break;
+
+    // those are fine:
+    case "LogicalExpression": // Should we scan these? issue #62.
+    case "ConditionalExpression":
+    case "ArrowFunctionExpression":
+    case "FunctionExpression":
+    case "Super":
+    case "CallExpression":
+        break;
+
+    // If we don't cater for this expression throw an error
+    default:
+        ruleHelper.reportUnsupported(node, "Unexpected Callee", "Unsupported Callee for CallExpression");
+    }
+}
+
 module.exports = {
@@ -55,27 +89,6 @@ meta: {
     create(context) {
-        const ruleHelper = new RuleHelper(context);
-
         return {
             CallExpression(node) {
-                // this is for insertAdjacentHTML(position, markup)
-                switch(node.callee.type) {
-                case "Identifier":
-                case "MemberExpression":
-                    if (node.arguments.length > 0) {
-                        ruleHelper.checkMethod(node, defaultRuleChecks);
-                    }
-                    break;
-
-                // those are fine:
-                case "ArrowFunctionExpression":
-                    break;
-                case "FunctionExpression":
-                    break;
-                case "Super":
-                    break;
-
-                // If we don't cater for this expression throw an error
-                default:
-                    context.reportUnsupported(node, "Unexpected Callee", "Unsupported Callee for CallExpression");
-                }
+                const ruleHelper = new RuleHelper(context);
+                checkCallExpression(ruleHelper, node, node.callee);
             }
@@ -82,0 +95,0 @@ };

package.json

 {
     "name": "eslint-plugin-no-unsanitized",
     "description": "ESLint rule to disallow unsanitized code",
-    "version": "2.0.0",
+    "version": "2.0.1",
     "author": {
@@ -6,0 +6,0 @@ "name": "Frederik Braun et al."

README.md

@@ -53,3 +53,3 @@ [![Build Status](https://travis-ci.org/mozilla/eslint-plugin-no-unsanitized.svg?branch=master)](https://travis-ci.org/mozilla/eslint-plugin-no-unsanitized)
     "plugins": ["no-unsanitized"],
-    "env": {
+    "rules": {
         "no-unsanitized/method": "error",
@@ -66,3 +66,3 @@ "no-unsanitized/property": "error"
     "plugins": ["no-unsanitized"],
-    "env": {
+    "rules": {
         "no-unsanitized/method": [
@@ -85,2 +85,5 @@ "error",
             {
+                escape: {
+                    taggedTemplates: ["safeHTML"]
+                }
             },
@@ -87,0 +90,0 @@ {

tests/rules/method.js

@@ -98,2 +98,17 @@ /* global require */
             ]
+        },
+
+        // rule should not barf on a CallExpression result being called again
+        {
+            code: "  _tests.shift()();",
+        },
+        {
+            code: "(Async.checkAppReady = function() { return true; })();"
+        },
+        {
+            code: "let endTime = (mapEnd || (e => e.delta))(this._data[this._data.length - 1]);",
+            parserOptions: { ecmaVersion: 6 }
+        },
+        {
+            code: "(text.endsWith('\\n') ? document.write : document.writeln)(text)"
         }
@@ -212,4 +227,15 @@ ],
             ]
+        },
+
+        // Test that stem from former parser errors and breakage
+        {
+            code: "getDocument(myID).write(evil)",
+            errors: [
+                {
+                    message: "Unsafe call to getDocument(myID).write for argument 0",
+                    type: "CallExpression"
+                }
+            ]
         }
     ]
 });

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

40552

increased by3.59%

Lines of code

931

increased by4.14%

Number of lines in readme file

98

increased by3.16%

No dependency changes