@sap/eslint-plugin-cds/lib/rules/js/use-cql-select-template-strings.js

ESLint plugin including recommended SAP Cloud Application Programming model and environment rules

'use strict'

const { RULE_CATEGORIES } = require('../../constants')
const { CdsHandlerRule } = require('./CdsHandlerRule')

class CqlSelectUseTemplateStrings extends CdsHandlerRule {
  CallExpression(node) {
    super.CallExpression(node)
    if (node.callee?.name === 'SELECT' && node.arguments[0].type === 'TemplateLiteral') {
      this.context.report({
        node,
        message: 'Do not use SELECT(`...`), which is prone to SQL injections.',
        suggest: [{
          desc: 'Use SELECT`...` instead',
          fix: fixer => fixer.replaceText(node, `SELECT${this.context.getSourceCode().getText(node.arguments[0])}`)
        }]
      })
    }
  }
}

module.exports = {
  meta: {
    type: 'problem',
    docs: {
      recommended: true,
      category: RULE_CATEGORIES.javascript,
      description: 'Discourage use of SELECT(...), which allows SQL injections, in favour of SELECT`...`.'
    },
    fixable: 'code',
    schema: [],
    hasSuggestions: true
  },
  create: context => new CqlSelectUseTemplateStrings(context).asESLintVisitor()
}