eslint-plugin-sonarjs/cjs/S4784/rule.js

SonarJS rules for ESLint

"use strict";
/*
 * SonarQube JavaScript Plugin
 * Copyright (C) 2011-2025 SonarSource SA
 * mailto:info AT sonarsource DOT com
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the Sonar Source-Available License for more details.
 *
 * You should have received a copy of the Sonar Source-Available License
 * along with this program; if not, see https://sonarsource.com/license/ssal/
 */
// https://sonarsource.github.io/rspec/#/rspec/S4784/javascript
Object.defineProperty(exports, "__esModule", { value: true });
exports.rule = void 0;
const index_js_1 = require("../helpers/index.js");
const meta_js_1 = require("./meta.js");
const stringMethods = ['match', 'search', 'split'];
const minPatternLength = 3;
const specialChars = ['+', '*', '{'];
exports.rule = {
    meta: (0, index_js_1.generateMeta)(meta_js_1.meta, {
        messages: {
            safeRegex: 'Make sure that using a regular expression is safe here.',
        },
    }),
    create(context) {
        return {
            Literal(node) {
                const { regex } = node;
                if (regex) {
                    const { pattern } = regex;
                    if (isUnsafeRegexLiteral(pattern)) {
                        context.report({
                            messageId: 'safeRegex',
                            node,
                        });
                    }
                }
            },
            CallExpression(node) {
                const { callee, arguments: args } = node;
                if ((0, index_js_1.isMemberWithProperty)(callee, ...stringMethods)) {
                    checkFirstArgument(args, context);
                }
            },
            NewExpression(node) {
                const { callee, arguments: args } = node;
                if ((0, index_js_1.isIdentifier)(callee, 'RegExp')) {
                    checkFirstArgument(args, context);
                }
            },
        };
    },
};
function checkFirstArgument(args, context) {
    const firstArg = args[0];
    if (firstArg &&
        firstArg.type === 'Literal' &&
        typeof firstArg.value === 'string' &&
        isUnsafeRegexLiteral(firstArg.value)) {
        context.report({
            messageId: 'safeRegex',
            node: firstArg,
        });
    }
}
function isUnsafeRegexLiteral(value) {
    return value.length >= minPatternLength && hasEnoughNumberOfSpecialChars(value);
}
function hasEnoughNumberOfSpecialChars(value) {
    let numberOfSpecialChars = 0;
    for (const c of value) {
        if (specialChars.includes(c)) {
            numberOfSpecialChars++;
        }
        if (numberOfSpecialChars === 2) {
            return true;
        }
    }
    return false;
}