yiyun-fe
/
yiyunjianzhuBeta
4
0
Форкнуть 0
Код Задачи 0 Pull Request'ы 0 Релизы 0 Вики Активность
项目原始demo,不改动
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
Это архивный репозиторий. Вы можете его клонировать или просматривать файлы, но не вносить изменения или открывать задачи/запросы на слияние.
195 коммитов
1 ветка
41 MiB
 
 
 
 
ветка: master
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из 'master'
${ noResults }
yiyunjianzhuBeta/node_modules/eslint/lib/rules/no-implied-eval.js

163 строки
6.0 KiB
Исходник Постоянная ссылка Вина История 

  1. /**

  2.  * @fileoverview Rule to flag use of implied eval via setTimeout and setInterval

  3.  * @author James Allardice

  4.  */

  5. 

  6. "use strict";

  7. 

  8. //------------------------------------------------------------------------------

  9. // Rule Definition

  10. //------------------------------------------------------------------------------

  11. 

  12. module.exports = {

  13.     meta: {

  14.         docs: {

  15.             description: "disallow the use of `eval()`-like methods",

  16.             category: "Best Practices",

  17.             recommended: false,

  18.             url: "https://eslint.org/docs/rules/no-implied-eval"

  19.         },

  20. 

  21.         schema: []

  22.     },

  23. 

  24.     create(context) {

  25.         const CALLEE_RE = /^(setTimeout|setInterval|execScript)$/;

  26. 

  27.         /*

  28.          * Figures out if we should inspect a given binary expression. Is a stack

  29.          * of stacks, where the first element in each substack is a CallExpression.

  30.          */

  31.         const impliedEvalAncestorsStack = [];

  32. 

  33.         //--------------------------------------------------------------------------

  34.         // Helpers

  35.         //--------------------------------------------------------------------------

  36. 

  37.         /**

  38.          * Get the last element of an array, without modifying arr, like pop(), but non-destructive.

  39.          * @param {array} arr What to inspect

  40.          * @returns {*} The last element of arr

  41.          * @private

  42.          */

  43.         function last(arr) {

  44.             return arr ? arr[arr.length - 1] : null;

  45.         }

  46. 

  47.         /**

  48.          * Checks if the given MemberExpression node is a potentially implied eval identifier on window.

  49.          * @param {ASTNode} node The MemberExpression node to check.

  50.          * @returns {boolean} Whether or not the given node is potentially an implied eval.

  51.          * @private

  52.          */

  53.         function isImpliedEvalMemberExpression(node) {

  54.             const object = node.object,

  55.                 property = node.property,

  56.                 hasImpliedEvalName = CALLEE_RE.test(property.name) || CALLEE_RE.test(property.value);

  57. 

  58.             return object.name === "window" && hasImpliedEvalName;

  59.         }

  60. 

  61.         /**

  62.          * Determines if a node represents a call to a potentially implied eval.

  63.          *

  64.          * This checks the callee name and that there's an argument, but not the type of the argument.

  65.          *

  66.          * @param {ASTNode} node The CallExpression to check.

  67.          * @returns {boolean} True if the node matches, false if not.

  68.          * @private

  69.          */

  70.         function isImpliedEvalCallExpression(node) {

  71.             const isMemberExpression = (node.callee.type === "MemberExpression"),

  72.                 isIdentifier = (node.callee.type === "Identifier"),

  73.                 isImpliedEvalCallee =

  74.                     (isIdentifier && CALLEE_RE.test(node.callee.name)) ||

  75.                     (isMemberExpression && isImpliedEvalMemberExpression(node.callee));

  76. 

  77.             return isImpliedEvalCallee && node.arguments.length;

  78.         }

  79. 

  80.         /**

  81.          * Checks that the parent is a direct descendent of an potential implied eval CallExpression, and if the parent is a CallExpression, that we're the first argument.

  82.          * @param {ASTNode} node The node to inspect the parent of.

  83.          * @returns {boolean} Was the parent a direct descendent, and is the child therefore potentially part of a dangerous argument?

  84.          * @private

  85.          */

  86.         function hasImpliedEvalParent(node) {

  87. 

  88.             // make sure our parent is marked

  89.             return node.parent === last(last(impliedEvalAncestorsStack)) &&

  90. 

  91.                 // if our parent is a CallExpression, make sure we're the first argument

  92.                 (node.parent.type !== "CallExpression" || node === node.parent.arguments[0]);

  93.         }

  94. 

  95.         /**

  96.          * Checks if our parent is marked as part of an implied eval argument. If

  97.          * so, collapses the top of impliedEvalAncestorsStack and reports on the

  98.          * original CallExpression.

  99.          * @param {ASTNode} node The CallExpression to check.

  100.          * @returns {boolean} True if the node matches, false if not.

  101.          * @private

  102.          */

  103.         function checkString(node) {

  104.             if (hasImpliedEvalParent(node)) {

  105. 

  106.                 // remove the entire substack, to avoid duplicate reports

  107.                 const substack = impliedEvalAncestorsStack.pop();

  108. 

  109.                 context.report({ node: substack[0], message: "Implied eval. Consider passing a function instead of a string." });

  110.             }

  111.         }

  112. 

  113.         //--------------------------------------------------------------------------

  114.         // Public

  115.         //--------------------------------------------------------------------------

  116. 

  117.         return {

  118.             CallExpression(node) {

  119.                 if (isImpliedEvalCallExpression(node)) {

  120. 

  121.                     // call expressions create a new substack

  122.                     impliedEvalAncestorsStack.push([node]);

  123.                 }

  124.             },

  125. 

  126.             "CallExpression:exit"(node) {

  127.                 if (node === last(last(impliedEvalAncestorsStack))) {

  128. 

  129.                     /*

  130.                      * Destroys the entire sub-stack, rather than just using

  131.                      * last(impliedEvalAncestorsStack).pop(), as a CallExpression is

  132.                      * always the bottom of a impliedEvalAncestorsStack substack.

  133.                      */

  134.                     impliedEvalAncestorsStack.pop();

  135.                 }

  136.             },

  137. 

  138.             BinaryExpression(node) {

  139.                 if (node.operator === "+" && hasImpliedEvalParent(node)) {

  140.                     last(impliedEvalAncestorsStack).push(node);

  141.                 }

  142.             },

  143. 

  144.             "BinaryExpression:exit"(node) {

  145.                 if (node === last(last(impliedEvalAncestorsStack))) {

  146.                     last(impliedEvalAncestorsStack).pop();

  147.                 }

  148.             },

  149. 

  150.             Literal(node) {

  151.                 if (typeof node.value === "string") {

  152.                     checkString(node);

  153.                 }

  154.             },

  155. 

  156.             TemplateLiteral(node) {

  157.                 checkString(node);

  158.             }

  159.         };

  160. 

  161.     }

  162. };