feat: add parameter-prefix rule

merceyz · merceyz · commit add31fc3a7bd · 2024-12-15T17:12:32.000+01:00
diff --git a/README.md b/README.md
@@ -133,6 +133,21 @@ const user = db
 	.all();
 ```
 
+### parameter-prefix
+
+Enforce that all queries use the same prefix for named parameters.
+Can be configured to one of `:` (default), `@`, or `$`.
+
+```ts
+// Bad
+/* eslint "sqlite/parameter-prefix": ["error", ":"] */
+db.prepare("SELECT * FROM users WHERE id = @id");
+
+// Good
+/* eslint "sqlite/parameter-prefix": ["error", ":"] */
+db.prepare("SELECT * FROM users WHERE id = :id");
+```
+
 ## License
 
 eslint-plugin-sqlite is licensed under the [MIT License](LICENSE) and
diff --git a/parser/src/lib.rs b/parser/src/lib.rs
@@ -1,3 +1,4 @@
 pub mod nullable;
 pub mod parameters;
+pub mod prefix;
 pub mod query;
diff --git a/parser/src/prefix.rs b/parser/src/prefix.rs
@@ -0,0 +1,18 @@
+use fallible_iterator::FallibleIterator;
+use sqlite3_parser::{
+	ast::{fmt::ToTokens, ParameterInfo},
+	lexer::sql::Parser,
+};
+use wasm_bindgen::prelude::*;
+
+#[wasm_bindgen]
+pub fn does_all_named_parameters_start_with_prefix(query: &str, prefix: char) -> Option<bool> {
+	let mut parser = Parser::new(query.as_bytes());
+	let cmd = parser.next().ok()??;
+
+	let mut parameters = ParameterInfo::default();
+
+	cmd.to_tokens(&mut parameters).ok()?;
+
+	Some(parameters.names.iter().all(|n| n.starts_with(prefix)))
+}
diff --git a/src/index.ts b/src/index.ts
@@ -4,6 +4,7 @@ import type { TSESLint } from "@typescript-eslint/utils";
 import SQLite from "better-sqlite3";
 
 import { GetDatabaseOptions, RuleOptions } from "./ruleOptions.js";
+import { parameterPrefixRule } from "./rules/parameter-prefix.js";
 import { typedInputRule } from "./rules/typed-input.js";
 import { createTypedResultRule } from "./rules/typed-result.js";
 import { createValidQueryRule } from "./rules/valid-query.js";
@@ -67,6 +68,7 @@ export function createSqlitePlugin(options: CreatePluginOptions) {
 			"valid-query": createValidQueryRule(ruleOptions),
 			"typed-result": createTypedResultRule(ruleOptions),
 			"typed-input": typedInputRule,
+			"parameter-prefix": parameterPrefixRule,
 		},
 	} satisfies TSESLint.FlatConfig.Plugin;
 
diff --git a/src/rules/parameter-prefix.ts b/src/rules/parameter-prefix.ts
@@ -0,0 +1,56 @@
+import { ESLintUtils, TSESTree } from "@typescript-eslint/utils";
+
+import { does_all_named_parameters_start_with_prefix } from "../parser/parser.js";
+import { getQueryValue } from "../utils.js";
+
+export const parameterPrefixRule = ESLintUtils.RuleCreator.withoutDocs({
+	create(context, options) {
+		const expectedPrefix = options[0];
+
+		return {
+			'CallExpression[callee.type=MemberExpression][callee.property.name="prepare"][arguments.length=1]'(
+				node: Omit<TSESTree.CallExpression, "arguments" | "callee"> & {
+					arguments: [TSESTree.CallExpression["arguments"][0]];
+					callee: TSESTree.MemberExpression;
+				},
+			) {
+				const arg = node.arguments[0];
+
+				const val = getQueryValue(arg, context.sourceCode.getScope(arg));
+
+				if (typeof val?.value !== "string") {
+					return;
+				}
+
+				const result = does_all_named_parameters_start_with_prefix(
+					val.value,
+					expectedPrefix,
+				);
+
+				if (result === false) {
+					context.report({
+						node: arg,
+						messageId: "incorrectPrefixUsed",
+						data: {
+							prefix: expectedPrefix,
+						},
+					});
+				}
+			},
+		};
+	},
+	meta: {
+		messages: {
+			incorrectPrefixUsed:
+				"Query uses a named parameter prefix that isn't permitted, use '{{prefix}}' instead.",
+		},
+		schema: [
+			{
+				type: "string",
+				enum: [":", "@", "$"],
+			},
+		],
+		type: "problem",
+	},
+	defaultOptions: [":"],
+});
diff --git a/tests/rules/parameter-prefix.test.ts b/tests/rules/parameter-prefix.test.ts
@@ -0,0 +1,60 @@
+import { parameterPrefixRule } from "../../src/rules/parameter-prefix.js";
+import { ruleTester } from "./rule-tester.js";
+
+ruleTester.run("parameter-prefix", parameterPrefixRule, {
+	valid: [
+		{
+			code: "db.prepare('SELECT * FROM foo WHERE id = :id')",
+		},
+		{
+			code: "db.prepare('SELECT * FROM foo WHERE id = :id')",
+			options: [":"],
+		},
+		{
+			code: "db.prepare('SELECT * FROM foo WHERE id = @id')",
+			options: ["@"],
+		},
+		{
+			code: "db.prepare('SELECT * FROM foo WHERE id = $id')",
+			options: ["$"],
+		},
+	],
+	invalid: [
+		{
+			code: 'db.prepare("SELECT * FROM foo WHERE id = :id")',
+			options: ["@"],
+			errors: [
+				{
+					messageId: "incorrectPrefixUsed",
+					data: {
+						prefix: "@",
+					},
+				},
+			],
+		},
+		{
+			code: 'db.prepare("SELECT * FROM foo WHERE id = @id")',
+			options: ["$"],
+			errors: [
+				{
+					messageId: "incorrectPrefixUsed",
+					data: {
+						prefix: "$",
+					},
+				},
+			],
+		},
+		{
+			code: 'db.prepare("SELECT * FROM foo WHERE id = $id")',
+			options: [":"],
+			errors: [
+				{
+					messageId: "incorrectPrefixUsed",
+					data: {
+						prefix: ":",
+					},
+				},
+			],
+		},
+	],
+});
