Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix logical-assignment error handling #212

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Fix logical-assignment error handling #212

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5376d14
Fix #207: Chase right-hand side of AssignmentExpression in normalizeM…
mozfreddyb Oct 11, 2022
5f0b4a4
Add more test case variations
mozfreddyb Oct 14, 2022
e176433
wip: issue #210 and normalizeMethodcall
mozfreddyb Nov 1, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
29 changes: 29 additions & 0 deletions lib/ruleHelper.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -243,6 +243,19 @@ RuleHelper.prototype = {
normalizeMethodCall(node) {
let methodName;
let objectName;

// operators that allow us to only inspect the right side of the assignment:
const RIGHT_OPERATORS = ["="];

// operators where we can skip analysis:
// e.g., there's no point in doing a check if
// this ends up doing a mathematical operation. The result is not going to be a callable
const MATH_OPERATORS = ["+=", "-=", "*=", "/=", "%=", "**=", "<<=", ">>=",
">>>=", "&=", "|=", "^="];

// operators where we don"t know the result of a logical expression, which may result in the code executing the left or the right part of the assignmentcan check the left bit:
const LOGICAL_OPERATOS = ["||=", "&&=", "??="];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo: OPERATOS => OPERATORS


switch (node.type) {
case "Identifier":
methodName = node.name;
Expand All @@ -256,6 +269,22 @@ RuleHelper.prototype = {
case "ArrowFunctionExpression":
methodName = "";
break;
case "AssignmentExpression":
if (RIGHT_OPERATORS.includes(node.operator)) {
methodName = this.normalizeMethodCall(node.right);
} else if (MATH_OPERATORS.includes(node.operator)) {
methodName = "";
break;
} else if (LOGICAL_OPERATOS.includes(node.operator)) {
// Issue #210: oh, no! we have two methods names we need to check, but this function
// may only return one. it's not immediately clear how to reconcile that with existing callers of normalizeMethodCall.
methodName = "";
Comment on lines +279 to +281
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

// Issue #210: oh, no! we have two methods names we need to check, but this function
may only return one. it's not immediately clear how to reconcile that with existing callers of normalizeMethodCall.

how about changing this method to return an array of method names and on the caller side to expect an array to be always returned and iterate on that array to check all method names returned?

}
else {
// this is the forcing function for us to complain about and implement support if new JS operators come up.
this.reportUnsupported(node, "Unexpected callable", `unexpected assignment with operator '${node.operator}' in normalizeMethodCall`);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thought: I think that we may be able to cover this branch with a test case using that parser: require.resolve("../parsers/fantasy-operator") approach we used in some other test cases in the past for similar reasons.

}
break;
case "Import":
methodName = "import";
break;
Expand Down
65 changes: 65 additions & 0 deletions tests/rules/method.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -360,7 +360,20 @@ eslintTester.run("method", rule, {
},
{
code: "x.setHTML(evil, { sanitizer: new Sanitizer()})"
},
{
code: "(info.current = type)(child_ctx)",
},
{
code: "(info.current = n.insertAdjacentHTML)('beforebegin', 'innocent')",
},
{
code: "(false ||= n.insertAdjacentHTML)('beforebegin', 'innocent')",
},
{
code: "(n.insertAdjacentHTML &&= false)('beforebegin', 'innocent')",
}

],

// Examples of code that should trigger the rule
Expand Down Expand Up @@ -946,6 +959,58 @@ eslintTester.run("method", rule, {
],
parserOptions: { ecmaVersion: 6 }
},
{
code: "(info.current = n.insertAdjacentHTML)('beforebegin', c)",
errors: [
{
message: /Unsafe call to n.insertAdjacentHTML for argument 1/,
type: "CallExpression"
}
],
},
{

// The issue with this testcase is, that it might not actually lead to a call to insertAdjacentHTML.
code: "(false ||= n.insertAdjacentHTML)('beforebegin', evil)",
errors: [
{
message: /Unsafe call to n.insertAdjacentHTML for argument 1/,
type: "CallExpression"
}
],
},
{

// The issue with this testcase is, that it might not actually lead to a call to insertAdjacentHTML.
code: "(n.insertAdjacentHTML ||= false)('beforebegin', evil)",
errors: [
{
message: /Unsafe call to n.insertAdjacentHTML for argument 1/,
type: "CallExpression"
}
],
},
{

// The issue with this testcase is, that it might not actually lead to a call to insertAdjacentHTML.
code: "(false &&= n.insertAdjacentHTML)('beforebegin', evil)",
errors: [
{
message: /Unsafe call to n.insertAdjacentHTML for argument 1/,
type: "CallExpression"
}
],
},
{

// The issue with this testcase is, that it might not actually lead to a call to insertAdjacentHTML.
code: "(n.insertAdjacentHTML &&= false)('beforebegin', evil)",
errors: [
{
message: /Unsafe call to n.insertAdjacentHTML for argument 1/,
type: "CallExpression"
}
],
}
]
});