noEvalRule.js 2.6KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657
  1. "use strict";
  2. /**
  3. * @license
  4. * Copyright 2013 Palantir Technologies, Inc.
  5. *
  6. * Licensed under the Apache License, Version 2.0 (the "License");
  7. * you may not use this file except in compliance with the License.
  8. * You may obtain a copy of the License at
  9. *
  10. * http://www.apache.org/licenses/LICENSE-2.0
  11. *
  12. * Unless required by applicable law or agreed to in writing, software
  13. * distributed under the License is distributed on an "AS IS" BASIS,
  14. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  15. * See the License for the specific language governing permissions and
  16. * limitations under the License.
  17. */
  18. Object.defineProperty(exports, "__esModule", { value: true });
  19. var tslib_1 = require("tslib");
  20. var tsutils_1 = require("tsutils");
  21. var ts = require("typescript");
  22. var Lint = require("../index");
  23. var Rule = /** @class */ (function (_super) {
  24. tslib_1.__extends(Rule, _super);
  25. function Rule() {
  26. return _super !== null && _super.apply(this, arguments) || this;
  27. }
  28. Rule.prototype.apply = function (sourceFile) {
  29. return this.applyWithFunction(sourceFile, walk);
  30. };
  31. /* tslint:disable:object-literal-sort-keys */
  32. Rule.metadata = {
  33. ruleName: "no-eval",
  34. description: "Disallows `eval` function invocations.",
  35. rationale: Lint.Utils.dedent(templateObject_1 || (templateObject_1 = tslib_1.__makeTemplateObject(["\n `eval()` is dangerous as it allows arbitrary code execution with full privileges. There are\n [alternatives](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval)\n for most of the use cases for `eval()`."], ["\n \\`eval()\\` is dangerous as it allows arbitrary code execution with full privileges. There are\n [alternatives](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval)\n for most of the use cases for \\`eval()\\`."]))),
  36. optionsDescription: "Not configurable.",
  37. options: null,
  38. optionExamples: [true],
  39. type: "functionality",
  40. typescriptOnly: false,
  41. };
  42. /* tslint:enable:object-literal-sort-keys */
  43. Rule.FAILURE_STRING = "forbidden eval";
  44. return Rule;
  45. }(Lint.Rules.AbstractRule));
  46. exports.Rule = Rule;
  47. function walk(ctx) {
  48. return ts.forEachChild(ctx.sourceFile, function cb(node) {
  49. if (tsutils_1.isCallExpression(node) &&
  50. node.expression.kind === ts.SyntaxKind.Identifier && node.expression.text === "eval") {
  51. ctx.addFailureAtNode(node.expression, Rule.FAILURE_STRING);
  52. }
  53. return ts.forEachChild(node, cb);
  54. });
  55. }
  56. var templateObject_1;