@herb-tools/linter 0.9.0 → 0.9.2

package/src/rules/erb-no-duplicate-branch-elements.ts

@@ -4,6 +4,7 @@ import { IdentityPrinter } from "@herb-tools/printer"
 
 import {
   isHTMLElementNode,
+  isHTMLOpenTagNode,
   isERBIfNode,
   isERBElseNode,
   isERBUnlessNode,
@@ -27,12 +28,21 @@ type ConditionalNode = ERBIfNode | ERBUnlessNode | ERBCaseNode
 
 interface DuplicateBranchAutofixContext extends BaseAutofixContext {
   node: Mutable<ConditionalNode>
+  allIdentical?: boolean
 }
 
 function getSignificantNodes(statements: Node[]): Node[] {
   return statements.filter(node => !isPureWhitespaceNode(node))
 }
 
+function trimWhitespaceNodes(nodes: Node[]): Node[] {
+  let start = 0
+  let end = nodes.length
+  while (start < end && isPureWhitespaceNode(nodes[start])) start++
+  while (end > start && isPureWhitespaceNode(nodes[end - 1])) end--
+  return nodes.slice(start, end)
+}
+
 function allEquivalentElements(nodes: Node[]): nodes is HTMLElementNode[] {
   if (nodes.length < 2) return false
   if (!nodes.every(node => isHTMLElementNode(node))) return false
@@ -172,10 +182,31 @@ class ERBNoDuplicateBranchElementsVisitor extends BaseRuleVisitor<DuplicateBranc
       this.markSubsequentIfNodesAsProcessed(node)
     }
 
+    if (this.allBranchesIdentical(branches)) {
+      this.addOffense(
+        "All branches of this conditional have identical content. The conditional can be removed.",
+        node.location,
+        { node: node as Mutable<ConditionalNode>, allIdentical: true },
+        "warning",
+      )
+
+      return
+    }
+
     const state = { isFirstOffense: true }
     this.checkBranches(branches, node, state)
   }
 
+  private allBranchesIdentical(branches: Node[][]): boolean {
+    if (branches.length < 2) return false
+
+    const first = branches[0].map(node => IdentityPrinter.print(node)).join("")
+
+    return branches.slice(1).every(branch =>
+      branch.map(node => IdentityPrinter.print(node)).join("") === first
+    )
+  }
+
   private markSubsequentIfNodesAsProcessed(node: ERBIfNode): void {
     let current: ERBIfNode | ERBElseNode | null = node.subsequent
 
@@ -214,17 +245,37 @@ class ERBNoDuplicateBranchElementsVisitor extends BaseRuleVisitor<DuplicateBranc
 
     for (const element of elements) {
       const printed = IdentityPrinter.print(element.open_tag)
-      const autofixContext = state.isFirstOffense
-        ? { node: conditionalNode as Mutable<ConditionalNode> }
-        : undefined
 
-      this.addOffense(
-        `The \`${printed}\` element is duplicated across all branches of this conditional and can be moved outside.`,
-        bodiesMatch ? element.location : (element?.open_tag?.location || element.location),
-        autofixContext,
-      )
+      if (bodiesMatch) {
+        const autofixContext = state.isFirstOffense
+          ? { node: conditionalNode as Mutable<ConditionalNode> }
+          : undefined
+
+        this.addOffense(
+          `The \`${printed}\` element is duplicated across all branches of this conditional and can be moved outside.`,
+          element.location,
+          autofixContext,
+        )
 
-      state.isFirstOffense = false
+        state.isFirstOffense = false
+      } else {
+        const autofixContext = state.isFirstOffense
+          ? { node: conditionalNode as Mutable<ConditionalNode> }
+          : undefined
+
+        const tagNameLocation = isHTMLOpenTagNode(element.open_tag) && element.open_tag.tag_name?.location
+          ? element.open_tag.tag_name.location
+          : element?.open_tag?.location || element.location
+
+        this.addOffense(
+          `The \`${printed}\` tag is repeated across all branches with different content. Consider extracting the shared tag outside the conditional.`,
+          tagNameLocation,
+          autofixContext,
+          "hint",
+        )
+
+        state.isFirstOffense = false
+      }
     }
 
     if (!bodiesMatch && bodies.every(body => body.length > 0)) {
@@ -260,6 +311,18 @@ export class ERBNoDuplicateBranchElementsRule extends ParserRule<DuplicateBranch
     const branches = collectBranches(conditionalNode as ConditionalNode)
     if (!branches) return null
 
+    if (offense.autofixContext.allIdentical) {
+      const parentInfo = findParentArray(result.value, conditionalNode as unknown as Node)
+      if (!parentInfo) return null
+
+      const { array: parentArray, index: conditionalIndex } = parentInfo
+      const firstBranchContent = trimWhitespaceNodes(branches[0])
+
+      parentArray.splice(conditionalIndex, 1, ...firstBranchContent)
+
+      return result
+    }
+
     const significantBranches = branches.map(getSignificantNodes)
     if (significantBranches.some(branch => branch.length === 0)) return null
 
@@ -274,24 +337,57 @@ export class ERBNoDuplicateBranchElementsRule extends ParserRule<DuplicateBranch
 
     let { array: parentArray, index: conditionalIndex } = parentInfo
     let hasWrapped = false
+    let didMutate = false
+    let failedToHoistPrefix = false
+    let hoistedBefore = false
 
     const hoistElement = (elements: HTMLElementNode[], position: "before" | "after"): void => {
+      const actualPosition = (position === "before" && failedToHoistPrefix) ? "after" : position
       const bodiesMatch = elements.every(element => IdentityPrinter.print(element) === IdentityPrinter.print(elements[0]))
 
       if (bodiesMatch) {
+        if (actualPosition === "after") {
+          const currentLengths = branches.map(b => getSignificantNodes(b as Node[]).length)
+          if (currentLengths.some(l => l !== currentLengths[0])) return
+        }
+
+        if (actualPosition === "after" && position === "before") {
+          const isAtEnd = branches.every((branch, index) => {
+            const nodes = getSignificantNodes(branch as Node[])
+
+            return nodes.length > 0 && nodes[nodes.length - 1] === elements[index]
+          })
+
+          if (!isAtEnd) return
+        }
+
         for (let i = 0; i < branches.length; i++) {
           removeNodeFromArray(branches[i] as Node[], elements[i])
         }
 
-        if (position === "before") {
-          parentArray.splice(conditionalIndex, 0, elements[0])
-          conditionalIndex++
+        if (actualPosition === "before") {
+          parentArray.splice(conditionalIndex, 0, elements[0], createLiteral("\n"))
+          conditionalIndex += 2
+          hoistedBefore = true
         } else {
-          parentArray.splice(conditionalIndex + 1, 0, elements[0])
+          parentArray.splice(conditionalIndex + 1, 0, createLiteral("\n"), elements[0])
         }
+
+        didMutate = true
       } else {
         if (hasWrapped) return
 
+        const canWrap = branches.every((branch, index) => {
+          const remaining = getSignificantNodes(branch)
+
+          return remaining.length === 1 && remaining[0] === elements[index]
+        })
+
+        if (!canWrap) {
+          if (position === "before") failedToHoistPrefix = true
+          return
+        }
+
         for (let i = 0; i < branches.length; i++) {
           replaceNodeWithBody(branches[i] as Node[], elements[i])
         }
@@ -302,6 +398,7 @@ export class ERBNoDuplicateBranchElementsRule extends ParserRule<DuplicateBranch
         parentArray = wrapper.body as Node[]
         conditionalIndex = 1
         hasWrapped = true
+        didMutate = true
       }
     }
 
@@ -315,6 +412,25 @@ export class ERBNoDuplicateBranchElementsRule extends ParserRule<DuplicateBranch
       hoistElement(elements, "after")
     }
 
-    return result
+    if (!hasWrapped && hoistedBefore) {
+      const remaining = branches.map(branch => getSignificantNodes(branch as Node[]))
+
+      if (remaining.every(branch => branch.length === 1) && allEquivalentElements(remaining.map(b => b[0]))) {
+        const elements = remaining.map(b => b[0] as HTMLElementNode)
+        const bodiesMatch = elements.every(el => IdentityPrinter.print(el) === IdentityPrinter.print(elements[0]))
+
+        if (!bodiesMatch && elements.every(el => el.body.length > 0)) {
+          for (let i = 0; i < branches.length; i++) {
+            replaceNodeWithBody(branches[i] as Node[], elements[i])
+          }
+
+          const wrapper = createWrapper(elements[0], [createLiteral("\n"), conditionalNode as unknown as Node, createLiteral("\n")])
+          parentArray[conditionalIndex] = wrapper
+          didMutate = true
+        }
+      }
+    }
+
+    return didMutate ? result : null
   }
 }

package/src/rules/erb-no-empty-control-flow.ts

@@ -0,0 +1,255 @@
+import { BaseRuleVisitor } from "./rule-utils.js"
+import { ParserRule } from "../types.js"
+import { isHTMLTextNode, isERBIfNode, isERBElseNode, Location } from "@herb-tools/core"
+
+import type { UnboundLintOffense, LintContext, FullRuleConfig } from "../types.js"
+import type {
+  Node,
+  ERBIfNode,
+  ERBElseNode,
+  ERBUnlessNode,
+  ERBForNode,
+  ERBWhileNode,
+  ERBUntilNode,
+  ERBWhenNode,
+  ERBBeginNode,
+  ERBRescueNode,
+  ERBEnsureNode,
+  ERBBlockNode,
+  ERBInNode,
+  ParseResult,
+} from "@herb-tools/core"
+
+class ERBNoEmptyControlFlowVisitor extends BaseRuleVisitor {
+  private processedIfNodes: Set<ERBIfNode> = new Set()
+  private processedElseNodes: Set<ERBElseNode> = new Set()
+
+  visitERBIfNode(node: ERBIfNode): void {
+    if (this.processedIfNodes.has(node)) {
+      return
+    }
+
+    this.markIfChainAsProcessed(node)
+    this.markElseNodesInIfChain(node)
+
+    const entireChainEmpty = this.isEntireIfChainEmpty(node)
+
+    if (entireChainEmpty) {
+      this.addEmptyBlockOffense(node, node.statements, "if")
+    } else {
+      this.checkIfChainParts(node)
+    }
+
+    this.visitChildNodes(node)
+  }
+
+  visitERBElseNode(node: ERBElseNode): void {
+    if (this.processedElseNodes.has(node)) {
+      this.visitChildNodes(node)
+      return
+    }
+
+    this.addEmptyBlockOffense(node, node.statements, "else")
+    this.visitChildNodes(node)
+  }
+
+  visitERBUnlessNode(node: ERBUnlessNode): void {
+    const unlessHasContent = this.statementsHaveContent(node.statements)
+    const elseHasContent = node.else_clause && this.statementsHaveContent(node.else_clause.statements)
+
+    if (node.else_clause) {
+      this.processedElseNodes.add(node.else_clause)
+    }
+
+    const entireBlockEmpty = !unlessHasContent && !elseHasContent
+
+    if (entireBlockEmpty) {
+      this.addEmptyBlockOffense(node, node.statements, "unless")
+    } else {
+      if (!unlessHasContent) {
+        this.addEmptyBlockOffenseWithEnd(node, node.statements, "unless", node.else_clause)
+      }
+
+      if (node.else_clause && !elseHasContent) {
+        this.addEmptyBlockOffense(node.else_clause, node.else_clause.statements, "else")
+      }
+    }
+
+    this.visitChildNodes(node)
+  }
+
+  visitERBForNode(node: ERBForNode): void {
+    this.addEmptyBlockOffense(node, node.statements, "for")
+    this.visitChildNodes(node)
+  }
+
+  visitERBWhileNode(node: ERBWhileNode): void {
+    this.addEmptyBlockOffense(node, node.statements, "while")
+    this.visitChildNodes(node)
+  }
+
+  visitERBUntilNode(node: ERBUntilNode): void {
+    this.addEmptyBlockOffense(node, node.statements, "until")
+    this.visitChildNodes(node)
+  }
+
+  visitERBWhenNode(node: ERBWhenNode): void {
+    if (!node.then_keyword) {
+      this.addEmptyBlockOffense(node, node.statements, "when")
+    }
+
+    this.visitChildNodes(node)
+  }
+
+  visitERBInNode(node: ERBInNode): void {
+    if (!node.then_keyword) {
+      this.addEmptyBlockOffense(node, node.statements, "in")
+    }
+
+    this.visitChildNodes(node)
+  }
+
+  visitERBBeginNode(node: ERBBeginNode): void {
+    this.addEmptyBlockOffense(node, node.statements, "begin")
+    this.visitChildNodes(node)
+  }
+
+  visitERBRescueNode(node: ERBRescueNode): void {
+    this.addEmptyBlockOffense(node, node.statements, "rescue")
+    this.visitChildNodes(node)
+  }
+
+  visitERBEnsureNode(node: ERBEnsureNode): void {
+    this.addEmptyBlockOffense(node, node.statements, "ensure")
+    this.visitChildNodes(node)
+  }
+
+  visitERBBlockNode(node: ERBBlockNode): void {
+    this.addEmptyBlockOffense(node, node.body, "do")
+    this.visitChildNodes(node)
+  }
+
+  private addEmptyBlockOffense(node: Node, statements: Node[], blockType: string): void {
+    this.addEmptyBlockOffenseWithEnd(node, statements, blockType, null)
+  }
+
+  private addEmptyBlockOffenseWithEnd(node: Node, statements: Node[], blockType: string, subsequentNode: Node | null): void {
+    if (this.statementsHaveContent(statements)) {
+      return
+    }
+
+    const startLocation = node.location.start
+    const endLocation = subsequentNode
+      ? subsequentNode.location.start
+      : node.location.end
+
+    const location = Location.from(
+      startLocation.line, startLocation.column,
+      endLocation.line, endLocation.column,
+    )
+
+    const offense = this.createOffense(
+      `Empty ${blockType} block: this control flow statement has no content`,
+      location,
+    )
+    offense.tags = ["unnecessary"]
+    this.offenses.push(offense)
+  }
+
+  private statementsHaveContent(statements: Node[]): boolean {
+    return statements.some(statement => {
+      if (isHTMLTextNode(statement)) {
+        return statement.content.trim() !== ""
+      }
+
+      return true
+    })
+  }
+
+  private markIfChainAsProcessed(node: ERBIfNode): void {
+    this.processedIfNodes.add(node)
+    this.traverseSubsequentNodes(node.subsequent, (current) => {
+      if (isERBIfNode(current)) {
+        this.processedIfNodes.add(current)
+      }
+    })
+  }
+
+  private markElseNodesInIfChain(node: ERBIfNode): void {
+    this.traverseSubsequentNodes(node.subsequent, (current) => {
+      if (isERBElseNode(current)) {
+        this.processedElseNodes.add(current)
+      }
+    })
+  }
+
+  private traverseSubsequentNodes(startNode: Node | null, callback: (node: ERBIfNode | ERBElseNode) => void): void {
+    let current: Node | null = startNode
+    while (current) {
+      if (isERBIfNode(current)) {
+        callback(current)
+        current = current.subsequent
+      } else if (isERBElseNode(current)) {
+        callback(current)
+        break
+      } else {
+        break
+      }
+    }
+  }
+
+  private checkIfChainParts(node: ERBIfNode): void {
+    if (!this.statementsHaveContent(node.statements)) {
+      this.addEmptyBlockOffenseWithEnd(node, node.statements, "if", node.subsequent)
+    }
+
+    this.traverseSubsequentNodes(node.subsequent, (current) => {
+      if (this.statementsHaveContent(current.statements)) {
+        return
+      }
+
+      const blockType = isERBIfNode(current) ? "elsif" : "else"
+      const nextSubsequent = isERBIfNode(current) ? current.subsequent : null
+
+      if (nextSubsequent) {
+        this.addEmptyBlockOffenseWithEnd(current, current.statements, blockType, nextSubsequent)
+      } else {
+        this.addEmptyBlockOffense(current, current.statements, blockType)
+      }
+    })
+  }
+
+  private isEntireIfChainEmpty(node: ERBIfNode): boolean {
+    if (this.statementsHaveContent(node.statements)) {
+      return false
+    }
+
+    let hasContent = false
+    this.traverseSubsequentNodes(node.subsequent, (current) => {
+      if (this.statementsHaveContent(current.statements)) {
+        hasContent = true
+      }
+    })
+
+    return !hasContent
+  }
+}
+
+export class ERBNoEmptyControlFlowRule extends ParserRule {
+  static ruleName = "erb-no-empty-control-flow"
+
+  get defaultConfig(): FullRuleConfig {
+    return {
+      enabled: true,
+      severity: "hint"
+    }
+  }
+
+  check(result: ParseResult, context?: Partial<LintContext>): UnboundLintOffense[] {
+    const visitor = new ERBNoEmptyControlFlowVisitor(this.ruleName, context)
+
+    visitor.visit(result.value)
+
+    return visitor.offenses
+  }
+}

package/src/rules/erb-no-silent-statement.ts

@@ -0,0 +1,58 @@
+import { BaseRuleVisitor } from "./rule-utils.js"
+import { ParserRule } from "../types.js"
+
+import { isERBOutputNode, PrismNode } from "@herb-tools/core"
+
+import type { UnboundLintOffense, LintContext, FullRuleConfig } from "../types.js"
+import type { ParseResult, ERBContentNode, ParserOptions } from "@herb-tools/core"
+
+function isAssignmentNode(prismNode: PrismNode): boolean {
+  const type: string = prismNode?.constructor?.name
+  if (!type) return false
+
+  return type.endsWith("WriteNode")
+}
+
+class ERBNoSilentStatementVisitor extends BaseRuleVisitor {
+  visitERBContentNode(node: ERBContentNode): void {
+    if (isERBOutputNode(node)) return
+
+    const prismNode = node.prismNode
+    if (!prismNode) return
+
+    if (isAssignmentNode(prismNode)) return
+
+    const content = node.content?.value?.trim()
+    if (!content) return
+
+    this.addOffense(
+      `Avoid using silent ERB tags for statements. Move \`${content}\` to a controller, helper, or presenter.`,
+      node.location,
+    )
+  }
+}
+
+export class ERBNoSilentStatementRule extends ParserRule {
+  static ruleName = "erb-no-silent-statement"
+
+  get defaultConfig(): FullRuleConfig {
+    return {
+      enabled: false,
+      severity: "warning"
+    }
+  }
+
+  get parserOptions(): Partial<ParserOptions> {
+    return {
+      prism_nodes: true,
+    }
+  }
+
+  check(result: ParseResult, context?: Partial<LintContext>): UnboundLintOffense[] {
+    const visitor = new ERBNoSilentStatementVisitor(this.ruleName, context)
+
+    visitor.visit(result.value)
+
+    return visitor.offenses
+  }
+}

package/src/rules/erb-no-unsafe-script-interpolation.ts

@@ -1,5 +1,7 @@
 import { ParserRule } from "../types.js"
 import { BaseRuleVisitor } from "./rule-utils.js"
+import { PrismVisitor } from "@herb-tools/core"
+
 import {
   getTagLocalName,
   getAttribute,
@@ -10,9 +12,34 @@ import {
 } from "@herb-tools/core"
 
 import type { UnboundLintOffense, LintContext, FullRuleConfig } from "../types.js"
-import type { ParseResult, HTMLElementNode, Node } from "@herb-tools/core"
+import type { ParseResult, HTMLElementNode, Node, ERBContentNode, ParserOptions, PrismNode } from "@herb-tools/core"
+
+const SAFE_METHOD_NAMES = new Set([
+  "to_json",
+  "json_escape",
+])
+
+const ESCAPE_JAVASCRIPT_METHOD_NAMES = new Set([
+  "j",
+  "escape_javascript",
+])
+
+class SafeCallDetector extends PrismVisitor {
+  public hasSafeCall = false
+  public hasEscapeJavascriptCall = false
+
+  visitCallNode(node: PrismNode): void {
+    if (SAFE_METHOD_NAMES.has(node.name)) {
+      this.hasSafeCall = true
+    }
+
+    if (ESCAPE_JAVASCRIPT_METHOD_NAMES.has(node.name)) {
+      this.hasEscapeJavascriptCall = true
+    }
 
-const SAFE_PATTERN = /\.to_json\b/
+    this.visitChildNodes(node)
+  }
+}
 
 class ERBNoUnsafeScriptInterpolationVisitor extends BaseRuleVisitor {
   visitHTMLElementNode(node: HTMLElementNode): void {
@@ -35,7 +62,6 @@ class ERBNoUnsafeScriptInterpolationVisitor extends BaseRuleVisitor {
     const typeValue = typeAttribute ? getStaticAttributeValue(typeAttribute) : null
 
     if (typeValue === "text/html") return
-
     if (!node.body || node.body.length === 0) return
 
     this.checkNodesForUnsafeOutput(node.body)
@@ -46,9 +72,21 @@ class ERBNoUnsafeScriptInterpolationVisitor extends BaseRuleVisitor {
       if (!isERBNode(child)) continue
       if (!isERBOutputNode(child)) continue
 
-      const content = child.content?.value?.trim() || ""
+      const erbContent = child as ERBContentNode
+      const prismNode = erbContent.prismNode
+      const detector = new SafeCallDetector()
+
+      if (prismNode) detector.visit(prismNode)
+      if (detector.hasSafeCall) continue
+
+      if (detector.hasEscapeJavascriptCall) {
+        this.addOffense(
+          "Avoid `j()` / `escape_javascript()` in `<script>` tags. It is only safe inside quoted string literals. Use `.to_json` instead, which is safe in any position.",
+          child.location,
+        )
 
-      if (SAFE_PATTERN.test(content)) continue
+        continue
+      }
 
       this.addOffense(
         "Unsafe ERB output in `<script>` tag. Use `.to_json` to safely serialize values into JavaScript.",
@@ -68,9 +106,17 @@ export class ERBNoUnsafeScriptInterpolationRule extends ParserRule {
     }
   }
 
+  get parserOptions(): Partial<ParserOptions> {
+    return {
+      prism_nodes: true,
+    }
+  }
+
   check(result: ParseResult, context?: Partial<LintContext>): UnboundLintOffense[] {
     const visitor = new ERBNoUnsafeScriptInterpolationVisitor(this.ruleName, context)
+
     visitor.visit(result.value)
+
     return visitor.offenses
   }
 }

package/src/rules/html-allowed-script-type.ts

@@ -5,10 +5,10 @@ import { getTagLocalName, getAttribute, getStaticAttributeValue, hasAttributeVal
 import type { UnboundLintOffense, LintContext, FullRuleConfig } from "../types.js"
 import type { HTMLAttributeNode, HTMLOpenTagNode, ParseResult } from "@herb-tools/core"
 
-const ALLOWED_TYPES = ["text/javascript"]
 // NOTE: Rules are not configurable for now, keep some sane defaults
 //   See https://github.com/marcoroth/herb/issues/1204
 const ALLOW_BLANK = true
+const ALLOWED_TYPES = ["text/javascript", "module", "importmap", "speculationrules"]
 
 class AllowedScriptTypeVisitor extends BaseRuleVisitor {
   visitHTMLOpenTagNode(node: HTMLOpenTagNode): void {