chore: bring back the eslint rule

Author: logaretm

packages/core/.eslintrc.js

@@ -1,4 +1,15 @@
 module.exports = {
   extends: ['../../.eslintrc.js'],
   ignorePatterns: ['rollup.npm.config.mjs'],
+  rules: {
+    '@sentry-internal/sdk/no-unsafe-random-apis': 'error',
+  },
+  overrides: [
+    {
+      files: ['test/**/*.ts', 'test/**/*.tsx'],
+      rules: {
+        '@sentry-internal/sdk/no-unsafe-random-apis': 'off',
+      },
+    },
+  ],
 };

packages/eslint-plugin-sdk/src/index.js

@@ -15,5 +15,6 @@ module.exports = {
     'no-regexp-constructor': require('./rules/no-regexp-constructor'),
     'no-focused-tests': require('./rules/no-focused-tests'),
     'no-skipped-tests': require('./rules/no-skipped-tests'),
+    'no-unsafe-random-apis': require('./rules/no-unsafe-random-apis'),
   },
 };

packages/eslint-plugin-sdk/src/rules/no-unsafe-random-apis.js

@@ -0,0 +1,147 @@
+'use strict';
+
+/**
+ * @fileoverview Rule to enforce wrapping random/time APIs with withRandomSafeContext
+ *
+ * This rule detects uses of APIs that generate random values or time-based values
+ * and ensures they are wrapped with `withRandomSafeContext()` to ensure safe
+ * random number generation in certain contexts (e.g., React Server Components with caching).
+ */
+
+// APIs that should be wrapped with withRandomSafeContext, with their specific messages
+const UNSAFE_MEMBER_CALLS = [
+  {
+    object: 'Date',
+    property: 'now',
+    messageId: 'unsafeDateNow',
+  },
+  {
+    object: 'Math',
+    property: 'random',
+    messageId: 'unsafeMathRandom',
+  },
+  {
+    object: 'performance',
+    property: 'now',
+    messageId: 'unsafePerformanceNow',
+  },
+  {
+    object: 'crypto',
+    property: 'randomUUID',
+    messageId: 'unsafeCryptoRandomUUID',
+  },
+  {
+    object: 'crypto',
+    property: 'getRandomValues',
+    messageId: 'unsafeCryptoGetRandomValues',
+  },
+];
+
+module.exports = {
+  meta: {
+    type: 'problem',
+    docs: {
+      description:
+        'Enforce wrapping random/time APIs (Date.now, Math.random, performance.now, crypto.randomUUID) with withRandomSafeContext',
+      category: 'Best Practices',
+      recommended: true,
+    },
+    fixable: null,
+    schema: [],
+    messages: {
+      unsafeDateNow:
+        '`Date.now()` should be replaced with `safeDateNow()` from `@sentry/core` to ensure safe time value generation. You can disable this rule with an eslint-disable comment if this usage is intentional.',
+      unsafeMathRandom:
+        '`Math.random()` should be replaced with `safeMathRandom()` from `@sentry/core` to ensure safe random value generation. You can disable this rule with an eslint-disable comment if this usage is intentional.',
+      unsafePerformanceNow:
+        '`performance.now()` should be wrapped with `withRandomSafeContext()` to ensure safe time value generation. Use: `withRandomSafeContext(() => performance.now())`. You can disable this rule with an eslint-disable comment if this usage is intentional.',
+      unsafeCryptoRandomUUID:
+        '`crypto.randomUUID()` should be wrapped with `withRandomSafeContext()` to ensure safe random value generation. Use: `withRandomSafeContext(() => crypto.randomUUID())`. You can disable this rule with an eslint-disable comment if this usage is intentional.',
+      unsafeCryptoGetRandomValues:
+        '`crypto.getRandomValues()` should be wrapped with `withRandomSafeContext()` to ensure safe random value generation. Use: `withRandomSafeContext(() => crypto.getRandomValues(...))`. You can disable this rule with an eslint-disable comment if this usage is intentional.',
+    },
+  },
+  create: function (context) {
+    /**
+     * Check if a node is inside a withRandomSafeContext call
+     */
+    function isInsidewithRandomSafeContext(node) {
+      let current = node.parent;
+
+      while (current) {
+        // Check if we're inside a callback passed to withRandomSafeContext
+        if (
+          current.type === 'CallExpression' &&
+          current.callee.type === 'Identifier' &&
+          current.callee.name === 'withRandomSafeContext'
+        ) {
+          return true;
+        }
+
+        // Also check for arrow functions or regular functions passed to withRandomSafeContext
+        if (
+          (current.type === 'ArrowFunctionExpression' || current.type === 'FunctionExpression') &&
+          current.parent?.type === 'CallExpression' &&
+          current.parent.callee.type === 'Identifier' &&
+          current.parent.callee.name === 'withRandomSafeContext'
+        ) {
+          return true;
+        }
+
+        current = current.parent;
+      }
+
+      return false;
+    }
+
+    /**
+     * Check if a node is inside the safeRandomGeneratorRunner.ts file (the definition file)
+     */
+    function isInSafeRandomGeneratorRunner(_node) {
+      const filename = context.getFilename();
+      return filename.includes('safeRandomGeneratorRunner');
+    }
+
+    return {
+      CallExpression(node) {
+        // Skip if we're in the safeRandomGeneratorRunner.ts file itself
+        if (isInSafeRandomGeneratorRunner(node)) {
+          return;
+        }
+
+        // Check for member expression calls like Date.now(), Math.random(), etc.
+        if (node.callee.type === 'MemberExpression') {
+          const callee = node.callee;
+
+          // Get the object name (e.g., 'Date', 'Math', 'performance', 'crypto')
+          let objectName = null;
+          if (callee.object.type === 'Identifier') {
+            objectName = callee.object.name;
+          }
+
+          // Get the property name (e.g., 'now', 'random', 'randomUUID')
+          let propertyName = null;
+          if (callee.property.type === 'Identifier') {
+            propertyName = callee.property.name;
+          } else if (callee.computed && callee.property.type === 'Literal') {
+            propertyName = callee.property.value;
+          }
+
+          if (!objectName || !propertyName) {
+            return;
+          }
+
+          // Check if this is one of the unsafe APIs
+          const unsafeApi = UNSAFE_MEMBER_CALLS.find(api => api.object === objectName && api.property === propertyName);
+
+          if (unsafeApi && !isInsidewithRandomSafeContext(node)) {
+            context.report({
+              node,
+              messageId: unsafeApi.messageId,
+            });
+          }
+        }
+      },
+    };
+  },
+};

packages/eslint-plugin-sdk/test/lib/rules/no-unsafe-random-apis.test.ts

@@ -0,0 +1,146 @@
+import { RuleTester } from 'eslint';
+import { describe, test } from 'vitest';
+// @ts-expect-error untyped module
+import rule from '../../../src/rules/no-unsafe-random-apis';
+
+describe('no-unsafe-random-apis', () => {
+  test('ruleTester', () => {
+    const ruleTester = new RuleTester({
+      parserOptions: {
+        ecmaVersion: 2020,
+      },
+    });
+
+    ruleTester.run('no-unsafe-random-apis', rule, {
+      valid: [
+        // Wrapped with withRandomSafeContext - arrow function
+        {
+          code: 'withRandomSafeContext(() => Date.now())',
+        },
+        {
+          code: 'withRandomSafeContext(() => Math.random())',
+        },
+        {
+          code: 'withRandomSafeContext(() => performance.now())',
+        },
+        {
+          code: 'withRandomSafeContext(() => crypto.randomUUID())',
+        },
+        {
+          code: 'withRandomSafeContext(() => crypto.getRandomValues(new Uint8Array(16)))',
+        },
+        // Wrapped with withRandomSafeContext - regular function
+        {
+          code: 'withRandomSafeContext(function() { return Date.now(); })',
+        },
+        // Nested inside withRandomSafeContext
+        {
+          code: 'withRandomSafeContext(() => { const x = Date.now(); return x + Math.random(); })',
+        },
+        // Expression inside withRandomSafeContext
+        {
+          code: 'withRandomSafeContext(() => Date.now() / 1000)',
+        },
+        // Other unrelated calls should be fine
+        {
+          code: 'const x = someObject.now()',
+        },
+        {
+          code: 'const x = Date.parse("2021-01-01")',
+        },
+        {
+          code: 'const x = Math.floor(5.5)',
+        },
+        {
+          code: 'const x = performance.mark("test")',
+        },
+      ],
+      invalid: [
+        // Direct Date.now() calls
+        {
+          code: 'const time = Date.now()',
+          errors: [
+            {
+              messageId: 'unsafeDateNow',
+            },
+          ],
+        },
+        // Direct Math.random() calls
+        {
+          code: 'const random = Math.random()',
+          errors: [
+            {
+              messageId: 'unsafeMathRandom',
+            },
+          ],
+        },
+        // Direct performance.now() calls
+        {
+          code: 'const perf = performance.now()',
+          errors: [
+            {
+              messageId: 'unsafePerformanceNow',
+            },
+          ],
+        },
+        // Direct crypto.randomUUID() calls
+        {
+          code: 'const uuid = crypto.randomUUID()',
+          errors: [
+            {
+              messageId: 'unsafeCryptoRandomUUID',
+            },
+          ],
+        },
+        // Direct crypto.getRandomValues() calls
+        {
+          code: 'const bytes = crypto.getRandomValues(new Uint8Array(16))',
+          errors: [
+            {
+              messageId: 'unsafeCryptoGetRandomValues',
+            },
+          ],
+        },
+        // Inside a function but not wrapped
+        {
+          code: 'function getTime() { return Date.now(); }',
+          errors: [
+            {
+              messageId: 'unsafeDateNow',
+            },
+          ],
+        },
+        // Inside an arrow function but not wrapped with withRandomSafeContext
+        {
+          code: 'const getTime = () => Date.now()',
+          errors: [
+            {
+              messageId: 'unsafeDateNow',
+            },
+          ],
+        },
+        // Inside someOtherWrapper
+        {
+          code: 'someOtherWrapper(() => Date.now())',
+          errors: [
+            {
+              messageId: 'unsafeDateNow',
+            },
+          ],
+        },
+        // Multiple violations
+        {
+          code: 'const a = Date.now(); const b = Math.random();',
+          errors: [
+            {
+              messageId: 'unsafeDateNow',
+            },
+            {
+              messageId: 'unsafeMathRandom',
+            },
+          ],
+        },
+      ],
+    });
+  });
+});

packages/nextjs/.eslintrc.js

@@ -7,6 +7,9 @@ module.exports = {
     jsx: true,
   },
   extends: ['../../.eslintrc.js'],
+  rules: {
+    '@sentry-internal/sdk/no-unsafe-random-apis': 'error',
+  },
   overrides: [
     {
       files: ['scripts/**/*.ts'],
@@ -27,5 +30,11 @@ module.exports = {
         globalThis: 'readonly',
       },
     },
+    {
+      files: ['test/**/*.ts', 'test/**/*.tsx'],
+      rules: {
+        '@sentry-internal/sdk/no-unsafe-random-apis': 'off',
+      },
+    },
   ],
 };

packages/node-core/.eslintrc.js

@@ -5,5 +5,14 @@ module.exports = {
   extends: ['../../.eslintrc.js'],
   rules: {
     '@sentry-internal/sdk/no-class-field-initializers': 'off',
+    '@sentry-internal/sdk/no-unsafe-random-apis': 'error',
   },
+  overrides: [
+    {
+      files: ['test/**/*.ts', 'test/**/*.tsx'],
+      rules: {
+        '@sentry-internal/sdk/no-unsafe-random-apis': 'off',
+      },
+    },
+  ],
 };

packages/node/.eslintrc.js

@@ -5,5 +5,14 @@ module.exports = {
   extends: ['../../.eslintrc.js'],
   rules: {
     '@sentry-internal/sdk/no-class-field-initializers': 'off',
+    '@sentry-internal/sdk/no-unsafe-random-apis': 'error',
   },
+  overrides: [
+    {
+      files: ['test/**/*.ts', 'test/**/*.tsx'],
+      rules: {
+        '@sentry-internal/sdk/no-unsafe-random-apis': 'off',
+      },
+    },
+  ],
 };

packages/opentelemetry/.eslintrc.js

@@ -3,4 +3,15 @@ module.exports = {
     node: true,
   },
   extends: ['../../.eslintrc.js'],
+  rules: {
+    '@sentry-internal/sdk/no-unsafe-random-apis': 'error',
+  },
+  overrides: [
+    {
+      files: ['test/**/*.ts', 'test/**/*.tsx'],
+      rules: {
+        '@sentry-internal/sdk/no-unsafe-random-apis': 'off',
+      },
+    },
+  ],
 };