feat: improve detect-child-process rule (#108)

ota-meshi · web-flow · commit 64ae52944a86 · 2023-01-26T13:35:26.000-08:00
* improve detect-child-process rule

* refactor

* add tests
diff --git a/rules/detect-child-process.js b/rules/detect-child-process.js
@@ -5,6 +5,9 @@
 
 'use strict';
 
+const { getImportAccessPath } = require('../utils/import-utils');
+const childProcessPackageNames = ['child_process', 'node:child_process'];
+
 //------------------------------------------------------------------------------
 // Rule Definition
 //------------------------------------------------------------------------------
@@ -20,54 +23,37 @@ module.exports = {
     },
   },
   create: function (context) {
-    /*
-     * Stores variable identifiers pointing to child_process to check (child_process).exec()
-     */
-    const childProcessIdentifiers = new Set();
-
-    /**
-     * Extract identifiers assigned the expression `require("child_process")`.
-     * @param {Pattern} node
-     */
-    function extractChildProcessIdentifiers(node) {
-      if (node.type !== 'Identifier') {
-        return;
-      }
-      const variable = context.getScope().set.get(node.name);
-      if (!variable) {
-        return;
-      }
-      for (const reference of variable.references) {
-        childProcessIdentifiers.add(reference.identifier);
-      }
-    }
-
     return {
       CallExpression: function (node) {
         if (node.callee.name === 'require') {
           const args = node.arguments[0];
-          if (args && args.type === 'Literal' && args.value === 'child_process') {
-            let pattern;
-            if (node.parent.type === 'VariableDeclarator') {
-              pattern = node.parent.id;
-            } else if (node.parent.type === 'AssignmentExpression' && node.parent.operator === '=') {
-              pattern = node.parent.left;
-            }
-            if (pattern) {
-              extractChildProcessIdentifiers(pattern);
-            }
-            if (!pattern || pattern.type === 'Identifier') {
-              return context.report({ node: node, message: 'Found require("child_process")' });
-            }
+          if (
+            args &&
+            args.type === 'Literal' &&
+            childProcessPackageNames.includes(args.value) &&
+            node.parent.type !== 'VariableDeclarator' &&
+            node.parent.type !== 'AssignmentExpression' &&
+            node.parent.type !== 'MemberExpression'
+          ) {
+            context.report({ node: node, message: 'Found require("' + args.value + '")' });
           }
+          return;
         }
-      },
-      MemberExpression: function (node) {
-        if (node.property.name === 'exec' && childProcessIdentifiers.has(node.object)) {
-          if (node.parent && node.parent.arguments && node.parent.arguments.length && node.parent.arguments[0].type !== 'Literal') {
-            return context.report({ node: node, message: 'Found child_process.exec() with non Literal first argument' });
-          }
+
+        // Reports non-literal `exec()` calls.
+        if (!node.arguments.length || node.arguments[0].type === 'Literal') {
+          return;
+        }
+        const pathInfo = getImportAccessPath({
+          node: node.callee,
+          scope: context.getScope(),
+          packageNames: childProcessPackageNames,
+        });
+        const fnName = pathInfo && pathInfo.path.length === 1 && pathInfo.path[0];
+        if (fnName !== 'exec') {
+          return;
         }
+        context.report({ node: node, message: 'Found child_process.exec() with non Literal first argument' });
       },
     };
   },
diff --git a/test/detect-child-process.js b/test/detect-child-process.js
@@ -1,61 +1,136 @@
 'use strict';
 
 const RuleTester = require('eslint').RuleTester;
-const tester = new RuleTester();
+const tester = new RuleTester({
+  parserOptions: {
+    ecmaVersion: 6,
+    sourceType: 'module',
+  },
+});
 
 const ruleName = 'detect-child-process';
 const rule = require(`../rules/${ruleName}`);
 
 tester.run(ruleName, rule, {
   valid: [
     "child_process.exec('ls')",
-    {
-      code: `
-      var {} = require('child_process');
-      var result = /hello/.exec(str);`,
-      parserOptions: { ecmaVersion: 6 },
-    },
-    {
-      code: "var { spawn } = require('child_process'); spawn(str);",
-      parserOptions: { ecmaVersion: 6 },
-    },
+    `
+    var {} = require('child_process');
+    var result = /hello/.exec(str);`,
+    `
+    var {} = require('node:child_process');
+    var result = /hello/.exec(str);`,
+    `
+    import {} from 'child_process';
+    var result = /hello/.exec(str);`,
+    `
+    import {} from 'node:child_process';
+    var result = /hello/.exec(str);`,
+    "var { spawn } = require('child_process'); spawn(str);",
+    "var { spawn } = require('node:child_process'); spawn(str);",
+    "import { spawn } from 'child_process'; spawn(str);",
+    "import { spawn } from 'node:child_process'; spawn(str);",
+    `
+    var foo = require('child_process');
+    function fn () {
+      var foo = /hello/;
+      var result = foo.exec(str);
+    }`,
+    "var child = require('child_process'); child.spawn(str)",
+    "var child = require('node:child_process'); child.spawn(str)",
+    "import child from 'child_process'; child.spawn(str)",
+    "import child from 'node:child_process'; child.spawn(str)",
+    `
+    var foo = require('child_process');
+    function fn () {
+      var result = foo.spawn(str);
+    }`,
+    "require('child_process').spawn(str)",
+    `
+    function fn () {
+      require('child_process').spawn(str)
+    }`,
   ],
   invalid: [
     {
       code: "require('child_process')",
       errors: [{ message: 'Found require("child_process")' }],
     },
+    {
+      code: "require('node:child_process')",
+      errors: [{ message: 'Found require("node:child_process")' }],
+    },
     {
       code: "var child = require('child_process'); child.exec(com)",
-      errors: [{ message: 'Found require("child_process")' }, { message: 'Found child_process.exec() with non Literal first argument' }],
+      errors: [{ message: 'Found child_process.exec() with non Literal first argument' }],
     },
     {
-      code: "var child = require('child_process'); child.exec()",
-      errors: [{ message: 'Found require("child_process")' }],
+      code: "var child = require('node:child_process'); child.exec(com)",
+      errors: [{ message: 'Found child_process.exec() with non Literal first argument' }],
+    },
+    {
+      code: "import child from 'child_process'; child.exec(com)",
+      errors: [{ message: 'Found child_process.exec() with non Literal first argument' }],
+    },
+    {
+      code: "import child from 'node:child_process'; child.exec(com)",
+      errors: [{ message: 'Found child_process.exec() with non Literal first argument' }],
     },
     {
       code: "var child = sinon.stub(require('child_process')); child.exec.returns({});",
       errors: [{ message: 'Found require("child_process")' }],
     },
+    {
+      code: "var child = sinon.stub(require('node:child_process')); child.exec.returns({});",
+      errors: [{ message: 'Found require("node:child_process")' }],
+    },
     {
       code: `
       var foo = require('child_process');
       function fn () {
         var result = foo.exec(str);
       }`,
-      errors: [
-        { message: 'Found require("child_process")', line: 2 },
-        { message: 'Found child_process.exec() with non Literal first argument', line: 4 },
-      ],
+      errors: [{ message: 'Found child_process.exec() with non Literal first argument', line: 4 }],
     },
     {
       code: `
-      var foo = require('child_process');
+      import foo from 'child_process';
+      function fn () {
+        var result = foo.exec(str);
+      }`,
+      errors: [{ message: 'Found child_process.exec() with non Literal first argument', line: 4 }],
+    },
+    {
+      code: `
+      import foo from 'node:child_process';
       function fn () {
-        var foo = /hello/;
         var result = foo.exec(str);
       }`,
-      errors: [{ message: 'Found require("child_process")', line: 2 }],
+      errors: [{ message: 'Found child_process.exec() with non Literal first argument', line: 4 }],
+    },
+    {
+      code: `
+      require('child_process').exec(str)`,
+      errors: [{ message: 'Found child_process.exec() with non Literal first argument', line: 2 }],
+    },
+    {
+      code: `
+      function fn () {
+        require('child_process').exec(str)
+      }`,
+      errors: [{ message: 'Found child_process.exec() with non Literal first argument', line: 3 }],
+    },
+    {
+      code: `
+      const {exec} = require('child_process');
+      exec(str)`,
+      errors: [{ message: 'Found child_process.exec() with non Literal first argument', line: 3 }],
+    },
+    {
+      code: `
+      const {exec} = require('node:child_process');
+      exec(str)`,
+      errors: [{ message: 'Found child_process.exec() with non Literal first argument', line: 3 }],
     },
   ],
 });
