detect-eval-with-expression
Ast Rule: function call
detect-eval-with-expression
function visit(node, filename, code) {
if (node?.functionName?.value === "eval") {
if (node.arguments?.values?.length) {
const codeArg = node.arguments.values[0];
if (
codeArg.value.astType === "string" &&
(
codeArg.value.value.startsWith(`\"`) &&
codeArg.value.value.endsWith(`"`) ||
codeArg.value.value.startsWith(`'`) &&
codeArg.value.value.endsWith(`'`)
)
) {
return;
}
addError(buildError(
codeArg.value.start.line,
codeArg.value.start.col,
codeArg.value.end.line,
codeArg.value.end.col,
`use eval only with string literals`,
"WARNING",
"SECURITY",
));
}
}
}
bad.jsx
Expected test result: has error
good.jsx
Expected test result: no error