97 lines
2.3 KiB
JavaScript
Executable File
97 lines
2.3 KiB
JavaScript
Executable File
/**
|
|
* @fileoverview Rule to flag when using new Function
|
|
* @author Ilya Volodin
|
|
*/
|
|
|
|
"use strict";
|
|
|
|
//------------------------------------------------------------------------------
|
|
// Requirements
|
|
//------------------------------------------------------------------------------
|
|
|
|
const astUtils = require("./utils/ast-utils");
|
|
|
|
//------------------------------------------------------------------------------
|
|
// Helpers
|
|
//------------------------------------------------------------------------------
|
|
|
|
const callMethods = new Set(["apply", "bind", "call"]);
|
|
|
|
//------------------------------------------------------------------------------
|
|
// Rule Definition
|
|
//------------------------------------------------------------------------------
|
|
|
|
/** @type {import('../types').Rule.RuleModule} */
|
|
module.exports = {
|
|
meta: {
|
|
type: "suggestion",
|
|
|
|
docs: {
|
|
description: "Disallow `new` operators with the `Function` object",
|
|
recommended: false,
|
|
url: "https://eslint.org/docs/latest/rules/no-new-func",
|
|
},
|
|
|
|
schema: [],
|
|
|
|
messages: {
|
|
noFunctionConstructor: "The Function constructor is eval.",
|
|
},
|
|
},
|
|
|
|
create(context) {
|
|
const sourceCode = context.sourceCode;
|
|
|
|
return {
|
|
"Program:exit"(node) {
|
|
const globalScope = sourceCode.getScope(node);
|
|
const variable = globalScope.set.get("Function");
|
|
|
|
if (variable && variable.defs.length === 0) {
|
|
variable.references.forEach(ref => {
|
|
const idNode = ref.identifier;
|
|
const { parent } = idNode;
|
|
let evalNode;
|
|
|
|
if (parent) {
|
|
if (
|
|
idNode === parent.callee &&
|
|
(parent.type === "NewExpression" ||
|
|
parent.type === "CallExpression")
|
|
) {
|
|
evalNode = parent;
|
|
} else if (
|
|
parent.type === "MemberExpression" &&
|
|
idNode === parent.object &&
|
|
callMethods.has(
|
|
astUtils.getStaticPropertyName(parent),
|
|
)
|
|
) {
|
|
const maybeCallee =
|
|
parent.parent.type === "ChainExpression"
|
|
? parent.parent
|
|
: parent;
|
|
|
|
if (
|
|
maybeCallee.parent.type ===
|
|
"CallExpression" &&
|
|
maybeCallee.parent.callee === maybeCallee
|
|
) {
|
|
evalNode = maybeCallee.parent;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (evalNode) {
|
|
context.report({
|
|
node: evalNode,
|
|
messageId: "noFunctionConstructor",
|
|
});
|
|
}
|
|
});
|
|
}
|
|
},
|
|
};
|
|
},
|
|
};
|