RubyGems - erb_lint - Versions diffs - 0.0.4 → 0.0.5 - Mend

erb_lint 0.0.4 → 0.0.5

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/erb_lint/linters/deprecated_classes.rb +40 -117
data/lib/erb_lint/linters/erb_safety.rb +35 -0
metadata +31 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8866aae317226178c623de53d4c5e0791643c894
-  data.tar.gz: fac55efcf4a15f251f537af97039b8669960c00b
+  metadata.gz: 3a211bea7ec247bcf1d79ede8f37db1b6b7d1b8c
+  data.tar.gz: 362ca7b4ffb1f184818889166cb572198c1def7e
 SHA512:
-  metadata.gz: b92425a8c4fbe2c65fde42a8dab091c841e2bc0f70b29833e49c06fc99acc85b42639dc9129f200b99195930e9f7fbb96d58fdcaaefb947cd40ad76008ffe765
-  data.tar.gz: aefbb18d6756d5e08045c4d5c8c0afb6ef8fb897f0b73c72fe905158b40d1cbc1114bfada2ec59029165b1a9d72930a172c17b6cfe059a11283bf8ec80e41bc9
+  metadata.gz: 45c2ff7d03c2ec43e37562887ad9cdc9f396b0084bf290036a848aa820fed661a0f99a49d120be62100aa15c640fa4374f5937c9accb0066a06028632ac56e8f
+  data.tar.gz: 16279ef10a1f004fe97309dde027de0bf244ac0a9e047b9a0ff04be73d5d9d71494e1e2ab08d584b9123ee96f35a05525ff7b8ff09d005d3f75f000c009eacbf

data/lib/erb_lint/linters/deprecated_classes.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+require 'better_html'
 module ERBLint
   module Linters
     # Checks for deprecated classes in the start tags of HTML elements.
@@ -22,144 +24,65 @@ module ERBLint
         @addendum = config.fetch('addendum', '')
       end
-      protected
-      def lint_lines(lines)
+      def lint_file(file_content)
         errors = []
-        lines.each_with_index do |line, index|
-          start_tags = StartTagHelper.start_tags(line)
-          start_tags.each do |start_tag|
-            start_tag.attributes.select(&:class?).each do |class_attr|
-              class_attr.value.split(' ').each do |class_name|
-                errors.push(*generate_errors(class_name, index + 1))
-              end
-            end
-          end
+        iterator = build_iterator(file_content)
+        each_class_name_with_line(iterator) do |class_name, line|
+          errors.push(*generate_errors(class_name, line))
+        end
+        each_texthtml_script(iterator) do |text_node|
+          errors.push(*lint_file(text_node.content))
         end
         errors
       end
       private
-      def generate_errors(class_name, line_number)
-        violated_rules(class_name).map do |violated_rule|
-          suggestion = " #{violated_rule[:suggestion]}".rstrip
-          message = "Deprecated class `%s` detected matching the pattern `%s`.%s #{@addendum}".strip
-          {
-            line: line_number,
-            message: format(message, class_name, violated_rule[:class_expr], suggestion)
-          }
-        end
+      def build_iterator(file_content)
+        BetterHtml::NodeIterator.new(file_content, template_language: :html)
       end
-      def violated_rules(class_name)
-        @deprecated_ruleset.select do |deprecated_rule|
-          /\A#{deprecated_rule[:class_expr]}\z/.match(class_name)
+      def each_class_name_with_line(iterator)
+        each_element_with_index(iterator) do |element, _index|
+          klass = element.find_attr('class')
+          next unless klass
+          klass.value_without_quotes.split(' ').each do |class_name|
+            yield class_name, klass.name_parts.first.location.line
+          end
         end
       end
-    end
-    # Provides methods and classes for finding HTML start tags and their attributes.
-    module StartTagHelper
-      # These patterns cover a superset of the W3 HTML5 specification.
-      # Additional cases not included in the spec include those that are still rendered by some browsers.
-      # Attribute Patterns
-      # https://www.w3.org/TR/html5/syntax.html#syntax-attributes
-      # attribute names must be non empty and can't contain a certain set of special characters
-      ATTRIBUTE_NAME_PATTERN = %r{[^\s"'>\/=]+}
-      ATTRIBUTE_VALUE_PATTERN = %r{
-        "([^"]*)" |           # double-quoted value
-        '([^']*)' |           # single-quoted value
-        ([^\s"'=<>`]+)        # unquoted non-empty value without special characters
-      }x
-      # attributes can be empty or have an attribute value
-      ATTRIBUTE_PATTERN = %r{
-        #{ATTRIBUTE_NAME_PATTERN}        # attribute name
-        (
-          \s*=\s*                        # any whitespace around equals sign
-          (#{ATTRIBUTE_VALUE_PATTERN})   # attribute value
-        )?                               # attributes can be empty or have an assignemnt.
-      }x
-      # Start tag Patterns
-      # https://www.w3.org/TR/html5/syntax.html#syntax-start-tag
-      TAG_NAME_PATTERN = /[A-Za-z0-9]+/ # maybe add _ < ? etc later since it gets interpreted by some browsers
-      START_TAG_PATTERN = %r{
-        <(#{TAG_NAME_PATTERN})         # start of tag with tag name
-        (
-          (
-            \s+                        # required whitespace between tag name and first attribute and between attributes
-            #{ATTRIBUTE_PATTERN}       # attributes
-          )*
-        )?                             # having an attribute block is optional
-        \/?>                           # void or foreign elements can have a slash before tag close
-      }x
-      # Represents and provides an interface for a start tag found in the HTML.
-      class StartTag
-        attr_accessor :tag_name, :attributes
-        def initialize(tag_name, attributes)
-          @tag_name = tag_name
-          @attributes = attributes
+      def each_element_with_index(iterator)
+        iterator.nodes.each_with_index do |node, index|
+          yield node, index if node.element?
         end
       end
-      # Represents and provides an interface for an attribute found in a start tag in the HTML.
-      class Attribute
-        ATTR_NAME_CLASS_PATTERN = /\Aclass\z/i # attribute names are case-insensitive
-        attr_accessor :attribute_name, :value
-        def initialize(attribute_name, value)
-          @attribute_name = attribute_name
-          @value = value
-        end
+      def each_texthtml_script(iterator)
+        each_element_with_index(iterator) do |element, index|
+          type = element.find_attr('type')
+          next unless type
+          next unless 'text/html' == type.value_without_quotes
+          next_node = iterator.nodes[index + 1]
-        def class?
-          ATTR_NAME_CLASS_PATTERN.match(@attribute_name)
+          yield next_node if next_node&.text?
         end
       end
-      class << self
-        def start_tags(line)
-          # TODO: Implement String Scanner to track quotes before the start tag begins to ensure that it is
-          #       not enclosed inside of a string. Alternatively this problem would be solved by using
-          #       a 3rd party parser like Nokogiri::XML
-          start_tag_matching_groups = line.scan(/(#{START_TAG_PATTERN})/)
-          start_tag_matching_groups.map do |start_tag_matching_group|
-            tag_name = start_tag_matching_group[1]
-            # attributes_string can be nil if there is no space after the tag name (and therefore no attributes).
-            attributes_string = start_tag_matching_group[2] || ''
-            attribute_list = attributes(attributes_string)
-            StartTag.new(tag_name, attribute_list)
-          end
+      def generate_errors(class_name, line_number)
+        violated_rules(class_name).map do |violated_rule|
+          suggestion = " #{violated_rule[:suggestion]}".rstrip
+          message = "Deprecated class `%s` detected matching the pattern `%s`.%s #{@addendum}".strip
+          {
+            line: line_number,
+            message: format(message, class_name, violated_rule[:class_expr], suggestion)
+          }
         end
+      end
-        private
-        def attributes(attributes_string)
-          attributes_string.scan(/(#{ATTRIBUTE_PATTERN})/).map do |attribute_matching_group|
-            entire_string = attribute_matching_group[0]
-            value_with_equal_sign = attribute_matching_group[1] || '' # This can be nil if attribute is empty
-            name = entire_string.sub(value_with_equal_sign, '')
-            # The 3 captures [3..5] are the possibilities specified in ATTRIBUTE_VALUE_PATTERN
-            possible_value_formats = attribute_matching_group[3..5]
-            value = possible_value_formats.reduce { |a, e| a.nil? ? e : a }
-            Attribute.new(name, value)
-          end
+      def violated_rules(class_name)
+        @deprecated_ruleset.select do |deprecated_rule|
+          /\A#{deprecated_rule[:class_expr]}\z/.match(class_name)
         end
       end
     end

data/lib/erb_lint/linters/erb_safety.rb ADDED Viewed

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+require 'better_html'
+require 'better_html/test_helper/safe_erb_tester'
+module ERBLint
+  module Linters
+    # Detect unsafe ruby interpolations into javascript.
+    class ErbSafety < Linter
+      include LinterRegistry
+      include BetterHtml::TestHelper::SafeErbTester
+      def initialize(config)
+      end
+      def lint_file(file_content)
+        errors = []
+        tester = Tester.new(file_content)
+        tester.errors.each do |error|
+          errors << format_error(error)
+        end
+        errors
+      end
+      private
+      def format_error(error)
+        {
+          line: error.token.location.line,
+          message: error.message
+        }
+      end
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,15 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: erb_lint
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
 platform: ruby
 authors:
 - Justin Chan
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-10-27 00:00:00.000000000 Z
+date: 2017-10-31 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: html_tokenizer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: better_html
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.5
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -49,6 +77,7 @@ files:
 - lib/erb_lint/linter.rb
 - lib/erb_lint/linter_registry.rb
 - lib/erb_lint/linters/deprecated_classes.rb
+- lib/erb_lint/linters/erb_safety.rb
 - lib/erb_lint/linters/final_newline.rb
 - lib/erb_lint/runner.rb
 homepage: https://github.com/justinthec/erb-lint