fix: Ensure everything works with ESLint v9 (#145)

Co-authored-by: 唯然 <[email protected]>

Author: nzakas

package-lock.json

@@ -46,13 +46,13 @@
     "safe-regex": "^2.1.1"
   },
   "devDependencies": {
-    "@eslint/js": "^8.51.0",
+    "@eslint/js": "^9.0.0",
     "changelog": "1.3.0",
-    "eslint": "^8.51.0",
+    "eslint": "^9.0.0",
     "eslint-config-nodesecurity": "^1.3.1",
     "eslint-config-prettier": "^8.5.0",
     "eslint-doc-generator": "^1.7.0",
-    "eslint-plugin-eslint-plugin": "^5.1.1",
+    "eslint-plugin-eslint-plugin": "^5.5.1",
     "lint-staged": "^12.3.7",
     "markdownlint-cli": "^0.32.2",
     "mocha": "^9.2.2",

package.json

@@ -78,7 +78,7 @@ module.exports = {
       url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-bidi-characters.md',
     },
   },
-  create: function (context) {
+  create(context) {
     return {
       Program: function (node) {
         report({

rules/detect-bidi-characters.js

@@ -61,7 +61,7 @@ module.exports = {
       write,
     },
   },
-  create: function (context) {
+  create(context) {
     return {
       MemberExpression: function (node) {
         let index;

rules/detect-buffer-noassert.js

@@ -23,7 +23,8 @@ module.exports = {
       url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-child-process.md',
     },
   },
-  create: function (context) {
+  create(context) {
+    const sourceCode = context.sourceCode || context.getSourceCode();
     return {
       CallExpression: function (node) {
         if (node.callee.name === 'require') {
@@ -41,19 +42,21 @@ module.exports = {
           return;
         }
 
+        const scope = sourceCode.getScope ? sourceCode.getScope(node) : context.getScope();
+
         // Reports non-literal `exec()` calls.
         if (
           !node.arguments.length ||
           isStaticExpression({
             node: node.arguments[0],
-            scope: context.getScope(),
+            scope,
           })
         ) {
           return;
         }
         const pathInfo = getImportAccessPath({
           node: node.callee,
-          scope: context.getScope(),
+          scope,
           packageNames: childProcessPackageNames,
         });
         const fnName = pathInfo && pathInfo.path.length === 1 && pathInfo.path[0];

rules/detect-child-process.js

@@ -10,7 +10,7 @@ module.exports = {
       url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-disable-mustache-escape.md',
     },
   },
-  create: function (context) {
+  create(context) {
     return {
       AssignmentExpression: function (node) {
         if (node.operator === '=') {

rules/detect-disable-mustache-escape.js

@@ -10,7 +10,7 @@ module.exports = {
       url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-new-buffer.md',
     },
   },
-  create: function (context) {
+  create(context) {
     return {
       NewExpression: function (node) {
         if (node.callee.name === 'Buffer' && node.arguments[0] && node.arguments[0].type !== 'Literal') {

rules/detect-new-buffer.js

@@ -19,7 +19,7 @@ module.exports = {
       url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-no-csrf-before-method-override.md',
     },
   },
-  create: function (context) {
+  create(context) {
     let csrf = false;
 
     return {

rules/detect-no-csrf-before-method-override.js

@@ -26,17 +26,19 @@ module.exports = {
       url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-non-literal-fs-filename.md',
     },
   },
-  create: function (context) {
+  create(context) {
+    const sourceCode = context.sourceCode || context.getSourceCode();
     return {
-      CallExpression: function (node) {
+      CallExpression(node) {
         // don't check require. If all arguments are Literals, it's surely safe!
         if ((node.callee.type === 'Identifier' && node.callee.name === 'require') || node.arguments.every((argument) => argument.type === 'Literal')) {
           return;
         }
 
+        const scope = sourceCode.getScope ? sourceCode.getScope(node) : context.getScope();
         const pathInfo = getImportAccessPath({
           node: node.callee,
-          scope: context.getScope(),
+          scope,
           packageNames: fsPackageNames,
         });
         if (!pathInfo) {
@@ -79,7 +81,8 @@ module.exports = {
             continue;
           }
           const argument = node.arguments[index];
-          if (isStaticExpression({ node: argument, scope: context.getScope() })) {
+
+          if (isStaticExpression({ node: argument, scope })) {
             continue;
           }
           indices.push(index);

rules/detect-non-literal-fs-filename.js

@@ -21,17 +21,21 @@ module.exports = {
       url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-non-literal-regexp.md',
     },
   },
-  create: function (context) {
+  create(context) {
+    const sourceCode = context.sourceCode || context.getSourceCode();
+
     return {
-      NewExpression: function (node) {
+      NewExpression(node) {
         if (node.callee.name === 'RegExp') {
           const args = node.arguments;
+          const scope = sourceCode.getScope ? sourceCode.getScope(node) : context.getScope();
+
           if (
             args &&
             args.length > 0 &&
             !isStaticExpression({
               node: args[0],
-              scope: context.getScope(),
+              scope,
             })
           ) {
             return context.report({ node: node, message: 'Found non-literal argument to RegExp Constructor' });