mirror of
https://github.com/github/codeql-action.git
synced 2025-12-30 19:20:08 +08:00
e7e35baaf0
* Bump the npm group with 2 updates Bumps the npm group with 2 updates: [eslint](https://github.com/eslint/eslint) and [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import). Updates `eslint` from 8.45.0 to 8.46.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/compare/v8.45.0...v8.46.0) Updates `eslint-plugin-import` from 2.27.5 to 2.28.0 - [Release notes](https://github.com/import-js/eslint-plugin-import/releases) - [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md) - [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.27.5...v2.28.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: eslint-plugin-import dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm ... Signed-off-by: dependabot[bot] <support@github.com> * Update checked-in dependencies --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
139 lines
4.6 KiB
JavaScript
139 lines
4.6 KiB
JavaScript
/**
|
|
* @fileoverview Rule to forbid control characters from regular expressions.
|
|
* @author Nicholas C. Zakas
|
|
*/
|
|
|
|
"use strict";
|
|
|
|
const RegExpValidator = require("@eslint-community/regexpp").RegExpValidator;
|
|
const collector = new (class {
|
|
constructor() {
|
|
this._source = "";
|
|
this._controlChars = [];
|
|
this._validator = new RegExpValidator(this);
|
|
}
|
|
|
|
onPatternEnter() {
|
|
|
|
/*
|
|
* `RegExpValidator` may parse the pattern twice in one `validatePattern`.
|
|
* So `this._controlChars` should be cleared here as well.
|
|
*
|
|
* For example, the `/(?<a>\x1f)/` regex will parse the pattern twice.
|
|
* This is based on the content described in Annex B.
|
|
* If the regex contains a `GroupName` and the `u` flag is not used, `ParseText` will be called twice.
|
|
* See https://tc39.es/ecma262/2023/multipage/additional-ecmascript-features-for-web-browsers.html#sec-parsepattern-annexb
|
|
*/
|
|
this._controlChars = [];
|
|
}
|
|
|
|
onCharacter(start, end, cp) {
|
|
if (cp >= 0x00 &&
|
|
cp <= 0x1F &&
|
|
(
|
|
this._source.codePointAt(start) === cp ||
|
|
this._source.slice(start, end).startsWith("\\x") ||
|
|
this._source.slice(start, end).startsWith("\\u")
|
|
)
|
|
) {
|
|
this._controlChars.push(`\\x${`0${cp.toString(16)}`.slice(-2)}`);
|
|
}
|
|
}
|
|
|
|
collectControlChars(regexpStr, flags) {
|
|
const uFlag = typeof flags === "string" && flags.includes("u");
|
|
const vFlag = typeof flags === "string" && flags.includes("v");
|
|
|
|
this._controlChars = [];
|
|
this._source = regexpStr;
|
|
|
|
try {
|
|
this._validator.validatePattern(regexpStr, void 0, void 0, { unicode: uFlag, unicodeSets: vFlag }); // Call onCharacter hook
|
|
} catch {
|
|
|
|
// Ignore syntax errors in RegExp.
|
|
}
|
|
return this._controlChars;
|
|
}
|
|
})();
|
|
|
|
//------------------------------------------------------------------------------
|
|
// Rule Definition
|
|
//------------------------------------------------------------------------------
|
|
|
|
/** @type {import('../shared/types').Rule} */
|
|
module.exports = {
|
|
meta: {
|
|
type: "problem",
|
|
|
|
docs: {
|
|
description: "Disallow control characters in regular expressions",
|
|
recommended: true,
|
|
url: "https://eslint.org/docs/latest/rules/no-control-regex"
|
|
},
|
|
|
|
schema: [],
|
|
|
|
messages: {
|
|
unexpected: "Unexpected control character(s) in regular expression: {{controlChars}}."
|
|
}
|
|
},
|
|
|
|
create(context) {
|
|
|
|
/**
|
|
* Get the regex expression
|
|
* @param {ASTNode} node `Literal` node to evaluate
|
|
* @returns {{ pattern: string, flags: string | null } | null} Regex if found (the given node is either a regex literal
|
|
* or a string literal that is the pattern argument of a RegExp constructor call). Otherwise `null`. If flags cannot be determined,
|
|
* the `flags` property will be `null`.
|
|
* @private
|
|
*/
|
|
function getRegExp(node) {
|
|
if (node.regex) {
|
|
return node.regex;
|
|
}
|
|
if (typeof node.value === "string" &&
|
|
(node.parent.type === "NewExpression" || node.parent.type === "CallExpression") &&
|
|
node.parent.callee.type === "Identifier" &&
|
|
node.parent.callee.name === "RegExp" &&
|
|
node.parent.arguments[0] === node
|
|
) {
|
|
const pattern = node.value;
|
|
const flags =
|
|
node.parent.arguments.length > 1 &&
|
|
node.parent.arguments[1].type === "Literal" &&
|
|
typeof node.parent.arguments[1].value === "string"
|
|
? node.parent.arguments[1].value
|
|
: null;
|
|
|
|
return { pattern, flags };
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
return {
|
|
Literal(node) {
|
|
const regExp = getRegExp(node);
|
|
|
|
if (regExp) {
|
|
const { pattern, flags } = regExp;
|
|
const controlCharacters = collector.collectControlChars(pattern, flags);
|
|
|
|
if (controlCharacters.length > 0) {
|
|
context.report({
|
|
node,
|
|
messageId: "unexpected",
|
|
data: {
|
|
controlChars: controlCharacters.join(", ")
|
|
}
|
|
});
|
|
}
|
|
}
|
|
}
|
|
};
|
|
|
|
}
|
|
};
|