@sap/eslint-plugin-cds 2.6.1 → 2.6.4

package/CHANGELOG.md

@@ -6,6 +6,30 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/).
 
+
+## [2.6.4] - 2023-11-02
+
+### Added
+
+- New `auth-restrict-grant-service` rule that validates events on restricted services.
+
+### Fixed
+
+- In _no-join-on-draft_, do not run check if there is no valid query.
+- In _auth-valid-restrict-where_, do not consider when missing expression references.
+
+## [2.6.3] - 2023-02-13
+
+### Changed
+
+- Filter rule reports using *inferred* models on $location.
+
+## [2.6.2] - 2023-02-13
+
+### Changed
+
+- Fixed rule reports using *inferred* models to always receive valid _file_ $locations.
+
 ## [2.6.1] - 2023-01-26
 
 ### Changed

package/README.md

@@ -1,6 +1,5 @@
 # @sap/eslint-plugin-cds
-[![JavaScript Style Guide](https://img.shields.io/badge/code_style-standard-brightgreen.svg)](https://standardjs.com)
-[![Sync Files Workflow](https://github.tools.sap/cap/eslint-plugin-cds/actions/workflows/sync.yml/badge.svg)](https://github.tools.sap/cap/eslint-plugin-cds/actions/workflows/sync.yml)
+
 
 The [ESLint](https://eslint.org) plugin includes a set of recommended [SAP Cloud Application Programming Model (CAP)](https://cap.cloud.sap) model and environment rules.	The aim of CDS linting is to catch issues with CDS models and with the environment early. To use this module we recommend to install [@sap/cds-dk](https://www.npmjs.com/package/@sap/cds-dk) globally.
 

package/lib/conf/all.js

@@ -4,6 +4,7 @@ module.exports = {
   '@sap/cds/assoc2many-ambiguous-key': 2,
   '@sap/cds/auth-no-empty-restrictions': 2,
   '@sap/cds/auth-use-requires': 2,
+  '@sap/cds/auth-restrict-grant-service': 2,
   '@sap/cds/auth-valid-restrict-grant': 2,
   '@sap/cds/auth-valid-restrict-keys': 2,
   '@sap/cds/auth-valid-restrict-to': 2,

package/lib/conf/recommended.js

@@ -4,6 +4,7 @@ module.exports = {
   '@sap/cds/assoc2many-ambiguous-key': 2,
   '@sap/cds/auth-no-empty-restrictions': 2,
   '@sap/cds/auth-use-requires': 1,
+  '@sap/cds/auth-restrict-grant-service': 2,
   '@sap/cds/auth-valid-restrict-grant': 1,
   '@sap/cds/auth-valid-restrict-keys': 1,
   '@sap/cds/auth-valid-restrict-to': 1,

package/lib/parser.js

@@ -124,7 +124,7 @@ module.exports = {
           let loc
           if (obj) {
             let name = obj.name
-            if (['entity', 'service'].includes(obj.kind)) {
+            if (['action', 'entity', 'function', 'service'].includes(obj.kind)) {
               name = splitDefName(obj).name
             }
             loc = this.getLocation(name, obj)

package/lib/rules/auth-restrict-grant-service.js

@@ -0,0 +1,52 @@
+module.exports = {
+  meta: {
+    schema: [{/* to avoid deprecation warning for ESLint 9 */ }],
+    docs: {
+      description: '`@restrict.grant` on service level and for bound/unbound actions and functions is limited to grant: \'*\'',
+      category: 'Model Validation',
+      recommended: true
+    },
+    type: 'problem',
+    model: 'inferred'
+  },
+  create (context) {
+    return {
+      action: checkRestrictGrant,
+      function: checkRestrictGrant,
+      service: checkRestrictGrant
+    }
+
+    function checkRestrictGrant (d) {
+      const node = context.getNode(d)
+      const file = d.$location.file
+      if (d['@restrict']) {
+        for (const entry of d['@restrict']) {
+          if (Object.keys(entry).includes('grant')) {
+            const grantValue = entry.grant
+            const message = `The grant value provided in @restrict is limited to '*' for ${d.kind} '${d.name}'`
+            switch (typeof grantValue) {
+              case 'string':
+                if (grantValue !== '*') {
+                  context.report({
+                    message,
+                    node,
+                    file
+                  })
+                }
+                break
+              case 'object':
+                if (grantValue.length > 1 || grantValue[0] !== '*') {
+                  context.report({
+                    message,
+                    node,
+                    file
+                  })
+                }
+                break
+            }
+          }
+        }
+      }
+    }
+  }
+}

package/lib/rules/auth-valid-restrict-where.js

@@ -1,7 +1,5 @@
 const cds = require('@sap/cds')
 
-const VALID_PSEUDO_ROLES = ['authenticated-user', 'system-user', 'any']
-
 module.exports = {
   meta: {
     schema: [{/* to avoid deprecation warning for ESLint 9 */}],
@@ -50,7 +48,6 @@ module.exports = {
           })
         }
       })
-      const ROLES = USER_ROLES.concat(VALID_PSEUDO_ROLES)
 
       if (e['@restrict']) {
         const node = context.getNode(e)
@@ -58,9 +55,8 @@ module.exports = {
         for (const entry of e['@restrict']) {
           const whereValues = entry.where
           if (whereValues && typeof whereValues === 'string') {
-            let cxn
             try {
-              cxn = cds.parse.expr(entry.where)
+              cds.parse.expr(entry.where)
             } catch (err) {
               context.report({
                 message: 'Invalid `where` expression, CDS compilation failed.',
@@ -68,20 +64,6 @@ module.exports = {
                 file
               })
             }
-            if (cxn && cxn.xpr) {
-              const operator = cxn.xpr[1]
-              const role = cxn.xpr[2].ref
-              if (operator === '=') {
-                const isValidRole = role === '$user' || ROLES.includes(role)
-                if (!isValidRole) {
-                  context.report({
-                    message: `Invalid \`where\` expression, role ${role} not found.`,
-                    node,
-                    file
-                  })
-                }
-              }
-            }
           }
         }
       }

package/lib/rules/index.js

@@ -5,6 +5,7 @@ const rules = {
   'assoc2many-ambiguous-key': () => createRule(require('./assoc2many-ambiguous-key')),
   'auth-no-empty-restrictions': () => createRule(require('./auth-no-empty-restrictions')),
   'auth-use-requires': () => createRule(require('./auth-use-requires')),
+  'auth-restrict-grant-service': () => createRule(require('./auth-restrict-grant-service')),
   'auth-valid-restrict-grant': () => createRule(require('./auth-valid-restrict-grant')),
   'auth-valid-restrict-keys': () => createRule(require('./auth-valid-restrict-keys')),
   'auth-valid-restrict-to': () => createRule(require('./auth-valid-restrict-to')),

package/lib/rules/no-db-keywords.js

@@ -1,3 +1,5 @@
+const { dirname } = require('path')
+
 const cds = require('@sap/cds')
 
 module.exports = {
@@ -11,7 +13,10 @@ module.exports = {
     model: 'inferred'
   },
   create (context) {
-    const { db = { kind: 'sql' } } = cds.env.requires
+    let dir = context.getFilename()
+    dir = dirname(dir)
+    const { requires } = cds.env.for('cds', dir)
+    if (requires.db?.kind !== 'sqlite') return
 
     return {
       // > return standard eslint visitor callbacks registered to CSN kinds, types, ...
@@ -26,7 +31,7 @@ module.exports = {
         if (srv && srv['@cds.external']) return
         if (d.kind === 'entity' && d['@cds.persistence.skip'] === true) return
         context.report({
-          message: `'${d.name}' is a reserved keyword in ${db.kind.toUpperCase()}`,
+          message: `'${d.name}' is a reserved keyword in SQLite`,
           node: context.getNode(d),
           file: d.$location.file
         })

package/lib/rules/no-join-on-draft.js

@@ -14,7 +14,7 @@ module.exports = {
 
     function checkNojoinDraftenabled (e) {
       if (e['@odata.draft.enabled']) {
-        if (e.query.SELECT.from.join) {
+        if (e?.query?.SELECT?.from?.join) {
           context.report({
             message: 'Do not use draft-enabled entities in views that make use of `JOIN`.',
             node: context.getNode(e),

package/lib/utils/createRule.js

@@ -144,8 +144,11 @@ function createReport (node, cdscontext, meta, create) {
 
         if (model) {
           model.forall((d) => {
+            d = (meta.model === 'inferred') ? sanitizeFileLocation(d) : d
+            const isValidLocation = (meta.model === 'parsed' && d.$location) ||
+              (meta.model === 'inferred' && d.$location?.file)
             Object.entries(handlers)
-              .filter(([type, lazy]) => d.is(type))
+              .filter(([type, lazy]) => d.is(type) && isValidLocation)
               .forEach(([lazy, handler]) => {
                 try {
                   handler(d)
@@ -161,6 +164,13 @@ function createReport (node, cdscontext, meta, create) {
   }
 }
 
+function sanitizeFileLocation (d) {
+  let parent = d
+  while (!parent.$location && parent.parent && !parent.parent.definitions) parent = d.parent
+  if (parent.$location) d.$location = parent.$location
+  return d
+}
+
 function extendContext (node, context, meta) {
   if (!Cache.has('test')) {
     const filePath = context.getFilename()
@@ -201,14 +211,15 @@ function extendContext (node, context, meta) {
   }
 
   const cdscontext = Object.create(Object.getPrototypeOf(context), descriptors)
+  const { parserServices } = context.sourceCode || context
   cdscontext.getModel =
-    meta.model === 'inferred' ? context.parserServices.getInferredCsn : context.parserServices.getParsedCsn
+    meta.model === 'inferred' ? parserServices.getInferredCsn : parserServices.getParsedCsn
   cdscontext.getEnvironment = () => {
     const options = context.options
     return options && options[0] && options[0].environment ? options[0].environment : undefined
   }
-  cdscontext.getLocation = context.parserServices.getLocation
-  cdscontext.getNode = Object.keys(context.parserServices).length > 0 ? context.parserServices.getNode : () => node
+  cdscontext.getLocation = parserServices.getLocation
+  cdscontext.getNode = Object.keys(parserServices).length > 0 ? parserServices.getNode : () => node
   return cdscontext
 }
 

package/lib/utils/genDocs.js

@@ -13,6 +13,7 @@ const IS_WIN = os.platform() === 'win32'
 const { exit } = require('process')
 
 const constants = require('../constants')
+const LOG = process.env.SILENT ? undefined : constants.log
 
 /**
  * Generates custom rules documentation (markdown files)
@@ -45,7 +46,7 @@ module.exports = async (projectPath, customRulesDir, registry, prepareRelease =
       ? JSON.parse(fs.readFileSync(path.join(__dirname, '../../package.json')).toString()).version
       : getPackageVersion(registry)
     if (versionInternal) {
-      console.log(`Updating internal rules from v>=${versionInternal}:\n${registry}\n`)
+      LOG?.(`Updating internal rules from v>=${versionInternal}:\n${registry}\n`)
       const rulesInternal = getRules(docsPath, rulePath, testPath, versionInternal)
       genDocFiles(rulesInternal, docsPath)
     }
@@ -55,7 +56,7 @@ module.exports = async (projectPath, customRulesDir, registry, prepareRelease =
       ? JSON.parse(fs.readFileSync(path.join(__dirname, '../../package.json')).toString()).version
       : getPackageVersion(npmRegistry)
     if (versionExternal) {
-      console.log(`Updating external rules from v>=${versionExternal}:\n${npmRegistry}\n`)
+      LOG?.(`Updating external rules from v>=${versionExternal}:\n${npmRegistry}\n`)
       const rulesExternal = getRules(docsPath, rulePath, testPath, versionExternal, release)
       genDocFiles(rulesExternal, docsPath, release)
     }
@@ -64,7 +65,7 @@ module.exports = async (projectPath, customRulesDir, registry, prepareRelease =
     const rules = getRules(docsPath, rulePath, testPath)
     genDocFiles(rules, docsPath)
   }
-  console.log('Done!')
+  LOG?.('Done!')
 }
 
 /**
@@ -166,12 +167,12 @@ function getPackageVersion (registry) {
       })
       .toString()
   } catch (err) {
-    console.log(`Failed to connect to ${registry} - check your connection and try again.`)
+    LOG?.(`Failed to connect to ${registry} - check your connection and try again.`)
     exit(0)
   }
   const version = JSON.parse(result).version
   if (!version) {
-    console.log(`Failed to get latest plugin version from ${registry} - check your connection and try again.`)
+    LOG?.(`Failed to get latest plugin version from ${registry} - check your connection and try again.`)
     exit(0)
   }
   return version
@@ -198,7 +199,7 @@ function getRules (docsPath, rulePath, testPath, versionRequired = '0.0.0', rele
         fs.writeFileSync(ruleVersionsPath, JSON.stringify(ruleVersions, null, 4), 'utf8')
       }
       if ((release && semver.satisfies(version, `<=${versionRequired}`)) || !release) {
-        console.log(`${fileNumber}> preparing docs for ${ruleTestPath}`)
+        LOG?.(`${fileNumber}> preparing docs for ${ruleTestPath}`)
 
         const details = ruleMeta.docs.description
         const flavor = ruleMeta.model ? ruleMeta.model : constants.DEFAULT_RULE_FLAVOR
@@ -211,7 +212,7 @@ function getRules (docsPath, rulePath, testPath, versionRequired = '0.0.0', rele
         let underConstruction = ''
         if (!release && (version === 'TBD' || semver.satisfies(version, `>${versionRequired}`))) {
           underConstruction = '🚧'
-          console.log(`  > 🚧 Rule '${rule}' still under construction.\n`)
+          LOG?.(`  > 🚧 Rule '${rule}' still under construction.\n`)
         }
 
         const isFixable = ['code', 'whitespace'].includes(fixable) ? '🔧' : ''

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sap/eslint-plugin-cds",
-  "version": "2.6.1",
+  "version": "2.6.4",
   "description": "ESLint plugin including recommended SAP Cloud Application Programming model and environment rules",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [
@@ -33,6 +33,6 @@
     "eslint": ">=7"
   },
   "engines": {
-    "node": ">=14"
+    "node": ">=18"
   }
-}
+}