@sap/eslint-plugin-cds 3.2.0 → 4.1.0

package/lib/rules/js/case-sensitive-well-known-events.js

@@ -0,0 +1,53 @@
+'use strict'
+
+const { RULE_CATEGORIES } = require('../../constants')
+const { CdsHandlerRule } = require('./CdsHandlerRule')
+
+const WELL_KNOWN_EVENTS = [
+  'CREATE', 'READ', 'UPDATE', 'UPSERT','DELETE',
+  'INSERT','SELECT',
+  'POST','GET','PUT','PATCH',
+  'NEW', 'CANCEL', 'EDIT', 'SAVE'  // draft related
+]
+
+class CaseSensitiveWellKnownEvents extends CdsHandlerRule {
+  CAPHandlerRegistration(node) {
+    const first = node.parent?.arguments?.[0]
+    if (!first) return
+    const currentEventName = first.value ?? ''
+    const currentEventNameUpper = currentEventName.toUpperCase()
+    if (WELL_KNOWN_EVENTS.includes(currentEventNameUpper) && currentEventName !== currentEventNameUpper) {
+      const quoteType = ['"', '\'', '`'].includes(first.raw?.[0]) ? first.raw?.[0] : '"'
+      this.context.report({
+        node: first,
+        messageId: 'incorrectEventNameCase',
+        data: {
+          currentEventName: currentEventName,
+          properEventName: currentEventNameUpper
+        },
+        suggest: [{
+          desc: 'Change event casing to upper case',
+          fix: fixer => fixer.replaceText(first, `${quoteType}${currentEventNameUpper}${quoteType}`)
+        }]
+      })
+    }
+  }
+}
+
+module.exports = {
+  meta: {
+    type: 'problem',
+    docs: {
+      recommended: true,
+      category: RULE_CATEGORIES.javascript,
+      description: 'Make sure well-known events are used with proper casing.'
+    },
+    fixable: 'code',
+    schema: [],
+    messages: {
+      incorrectEventNameCase: 'Found an event registration for event "{{currentEventName}}", which is likely supposed to be "{{properEventName}}".'
+    },
+    hasSuggestions: true
+  },
+  create: context => new CaseSensitiveWellKnownEvents(context).asESLintVisitor()
+}

package/lib/rules/js/no-cross-service-import.js

@@ -0,0 +1,69 @@
+'use strict'
+
+const { RULE_CATEGORIES } = require('../../constants')
+
+// used as a pre-check to ensure the checks using RegExps
+// with greedy matchers are not susceptible to ReDoS attacks
+const MAX_INPUT_STRING_LENGTH = 1_000
+
+/**
+ * @param {string} importPath
+ * @param {RuleContext} context
+ * @param {Node} node
+ */
+function compareImportAndFilename (importPath, context, node) {
+  const currentFile = context.getFilename()
+  // ignore stdin
+  if (currentFile === '<input>') return
+  // ignore excessively long strings
+  if (importPath.length > MAX_INPUT_STRING_LENGTH || currentFile.length > MAX_INPUT_STRING_LENGTH) return
+  const [, typerModuleFq, typerModule] = /^#cds-models\/.*?((\w+)Service)$/.exec(importPath) ?? []
+  const [, fileNameFq, fileName] = /((\w+)-?[sS]ervice\.m?[jt]s)$/.exec(currentFile) ?? []
+  // typerModule === undefined -> not a service import (probably db-level-entity import)
+  if (typerModule && fileName && typerModule !== fileName) {
+    context.report({
+      node,
+      messageId: 'noCrossServiceImport',
+      data: {
+        from: typerModuleFq,
+        target: fileNameFq
+      }
+    })
+  }
+}
+
+module.exports = {
+  meta: {
+    type: 'problem',
+    docs: {
+      recommended: true,
+      category: RULE_CATEGORIES.javascript,
+      description: 'Warn about imports from another service.'
+    },
+    schema: [],
+    messages: {
+      noCrossServiceImport: 'You are importing service-level entities from another service "{{from}}" inside the definition of service "{{target}}". This is likely an accidental cross-service import.',
+    },
+    hasSuggestions: false
+  },
+  create: context => ({
+    CallExpression(node) {
+      // look for: require('#cds-models/...')
+      if (node.callee.type !== 'Identifier') return
+      if (node.callee.name !== 'require') return
+      if (node.arguments.length !== 1) return
+      if (node.arguments[0].type !== 'Literal') return
+      compareImportAndFilename(node.arguments[0].value, context, node)
+    },
+
+    ImportDeclaration(node) {
+      // import ... from '#cds-models/...'
+      compareImportAndFilename(node.source.value, context, node)
+    },
+
+    ImportExpression(node) {
+      // await import('#cds-models/...')
+      compareImportAndFilename(node.source.value, context, node)
+    }
+  })
+}

package/lib/rules/js/no-deep-sap-cds-import.js

@@ -0,0 +1,56 @@
+'use strict'
+const allowList = new Set([
+  // exception: not part of the facade and should be available to users this way
+  '@sap/cds/eslint.config.mjs'
+])
+
+/**
+ * @param {string} importPath
+ * @param {RuleContext} context
+ * @param {Node} node
+ */
+function checkImport (importPath, context, node) {
+  if (!importPath.startsWith('@sap/cds/')) return
+  if (allowList.has(importPath)) return
+  context.report({
+    node,
+    messageId: 'noDeepSapCdsImports',
+    data: { import: importPath }
+  })
+}
+
+module.exports = {
+  meta: {
+    type: 'problem',
+    docs: {
+      recommended: true,
+      category: 'JavaScript Validation',
+      description: 'Warn about deep imports from @sap/cds.'
+    },
+    schema: [],
+    messages: {
+      noDeepSapCdsImports: `"{{import}}" is a deep import. The API of @sap/cds is available only from its facade via 'require("@sap/cds")' or 'import ... from "@sap/cds"'.`,
+    },
+    hasSuggestions: false
+  },
+  create: context => ({
+    CallExpression(node) {
+      // look for: require('@sap/cds/...')
+      if (node.callee.type !== 'Identifier') return
+      if (node.callee.name !== 'require') return
+      if (node.arguments.length !== 1) return
+      if (node.arguments[0].type !== 'Literal') return
+      checkImport(node.arguments[0].value, context, node)
+    },
+
+    ImportDeclaration(node) {
+      // import ... from '@sap/cds/...'
+      checkImport(node.source.value, context, node)
+    },
+
+    ImportExpression(node) {
+      // await import('@sap/cds/...')
+      checkImport(node.source.value, context, node)
+    }
+  })
+}

package/lib/rules/js/no-shared-handler-variable.js

@@ -0,0 +1,211 @@
+/*
+Use cases not yet covered:
+
+//---------
+INLINE EXTENSION
+class FooService extends require('@sap/cds').ApplicationService { ... }
+
+//---------
+METHOD
+class ... {
+    bad () {}
+
+    this.on('', this.bad)
+}
+
+//---------
+IMPORTED FUNCTION
+const { bad } = require('./bad')
+
+class ... {
+    this.on('', bad)
+}
+
+//---------
+NON-CLASS-BASED CDS SERVICE
+cds.services['myService'].on('READ', 'Books', () => {})
+*/
+
+'use strict'
+
+const { RULE_CATEGORIES } = require('../../constants')
+const { CdsHandlerRule } = require('./CdsHandlerRule')
+
+/**
+ * @param {string | undefined} t
+ */
+function isHandlerType(t) {
+  // match "import('@sap/cds').CRUDEventHandler.Before" etc.
+  return ['Before', 'On', 'After'].some(handlerType => t?.match(new RegExp(`import\\s?\\(.@sap\\/cds.\\)\\.CRUDEventHandler.${handlerType}`)))
+}
+
+class NoSharedVariable extends CdsHandlerRule {
+  /**
+   * Functions that modify variables that are not locally declared.
+   * They are stored by name.
+   * Note: this is not fully fail proof, as the functions are stored in a flat fashion,
+   * rather than maintaining the scope they are declared in.
+   * This could lead to false positives if a function with the same name is declared in multiple scopes.
+   * @type {Record<string, Scope>}
+   */
+  #suspiciousFunctions = {}
+  /**
+   * nodes of handler registrations like:
+   * ```js
+   * this.on('READ', 'Books', handler)
+   * //                       ^^^^^^^
+   * ```
+   * as they reference the handler by name, its definition may come later in the code
+   * due to hoisting.
+   * We check them later in `Program:exit()`.
+   */
+  #pendingInspections = []
+
+  /**
+   * Typedef JSDoc to look up local aliases.
+   * ```js
+   * ＠typedef {Bar} Foo
+   * ```
+   * becomes
+   * ```js
+   * {Foo: 'Bar'}
+   * ```
+   * @type {Record<string, import('estree').Comment & { type: string }>}
+   */
+  #typeDefinitions = {}
+
+  /**
+   * Type JSDoc that matches the estree definition of a Comment,
+   * plus an additional `type` property that contains the type of the variable.
+   * Local type aliases are resolved to the actual type using #typeDefinitions.
+   *
+   * @type {Array<import('estree').Comment & { type: string }>}
+   */
+  #typeDeclarations = []
+
+  #handlerDefinitionDepth = 0
+
+  /**
+   * When we are inside a function that has explicitly been annotated as
+   * a handler function via a @type JSDoc annotation.
+   */
+  get isInsideExplicitCapHandlerDefinition() {
+    return this.#handlerDefinitionDepth > 0
+  }
+
+  addCapHandlerRegistration(registration) {
+    super.addCapHandlerRegistration(registration)
+
+    if (registration.handler.type === 'Identifier') {
+      this.#pendingInspections.push(registration)
+    }
+  }
+
+  Program() {
+    const comments = this.context.sourceCode.getAllComments()
+    this.#typeDefinitions = Object.fromEntries(comments
+      .map(comment => {
+        const [, type, name] = comment.value.match(/^\*\s?@typedef\s?\{(.*)\}\s?(\w*)/) ?? []
+        return type && name ? [ name, {...comment, type} ] : null
+      })
+      .filter(Boolean))
+    this.#typeDeclarations = comments
+      .map(comment => {
+        const match = comment.value.match(/^\*\s?@type\s?\{(.*)\}/)?.[1]
+        if (!match) return null
+        const type = this.#typeDefinitions[match]?.type ?? match
+        return type ? { ...comment, type } : null
+      })
+      .filter(Boolean)
+  }
+
+  'Program:exit'() {
+    for (const node of this.#pendingInspections) {
+      const { scope } = this.#suspiciousFunctions[node.handler.name] ?? {}
+      if (scope) {
+        this.context.report({
+          node: node.handler,
+          messageId: 'noSharedHandlerVariable',
+          data: {
+            definitionScope: scope.name
+          }
+        })
+      }
+    }
+  }
+
+  #enterFunctionDefinition(node) {
+    // find a JDoc type comment, that is either on the line before, or in the same line,
+    // but up to three columns to the left. The latter condition covers three cases:
+    // 1. TYPEDEFFUNC -- (no space between the comment and start of function) -> distance = 0
+    // 2. TYPEDEF FUNC-- (one space between the comment and start of function) -> distance = 1
+    // 3. TYPEDEF(FUNC) -- (no space after typedef, followed by an opening parenthesis) -> distance = 1
+    // 3. TYPEDEF (FUNC) -- (one space after typedef and an opening parenthesis) -> distance = 2
+    // Note: this will fail if we have empty lines between the function declaration and the JSDoc.
+    // Also when users have more spaces or other outlandish formatting styles.
+    const type = this.#typeDeclarations.find(({loc}) =>
+      loc.end.line === node.loc.start.line - 1
+      || loc.end.line === node.loc.start.line && [0,1,2].includes(node.loc.start.column - loc.end.column)
+    )
+    // if the function is explicitly declared as handler, we check it.
+    // If the function is not explicitly declared as handler, but a surrounding function is (this.handlerDefinitionDepth > 0),
+    // we check it too.
+    if (isHandlerType(type?.type) || this.isInsideExplicitCapHandlerDefinition) this.#handlerDefinitionDepth++
+  }
+
+  #exitFunctionDefinition() {
+    this.#handlerDefinitionDepth = Math.max(0, this.#handlerDefinitionDepth - 1)
+  }
+
+  // () => ...
+  ArrowFunctionExpression(node) { this.#enterFunctionDefinition(node) }
+  'ArrowFunctionExpression:exit'() { this.#exitFunctionDefinition() }
+  // function() { ... }
+  FunctionExpression(node) { this.#enterFunctionDefinition(node) }
+  'FunctionExpression:exit'() { this.#exitFunctionDefinition() }
+  // function f () { ... }
+  FunctionDeclaration(node) { this.#enterFunctionDefinition(node) }
+  'FunctionDeclaration:exit'() { this.#exitFunctionDefinition()}
+
+  AssignmentExpression(node) {
+    if (this.isInsideCapHandlerRegistration || this.isInsideExplicitCapHandlerDefinition) {
+      // like: this.on('READ', 'Books', () => { variable = 42 })
+      const declaringScope = this.findDefinitionScope(node.left.name)
+      if (declaringScope?.isLocal === false) {
+        this.context.report({
+          node,
+          messageId: 'noSharedHandlerVariable',
+          data: {
+            definitionScope: declaringScope.scope.name
+          }
+        })
+      }
+    } else if (this.functionScopes.length > 0) {
+      // not inside a handler registration, but in a function that may be referenced in a handler registration
+      // like: this.on('READ', 'Books', handler)
+      // as functions are hoisted and can be referenced before their definition, we just collect the names of suspicious functions
+      // and check them in Program:exit when we have inspected all functions.
+      const declaringScope = this.findDefinitionScope(node.left.name)
+      if (declaringScope?.isLocal === false) {
+        this.#suspiciousFunctions[this.functionScopes.at(-1).name] = declaringScope
+      }
+    }
+  }
+}
+
+module.exports = {
+  meta: {
+    type: 'problem',
+    docs: {
+      recommended: true,
+      category: RULE_CATEGORIES.javascript,
+      description: 'Enforce that variables can not be used to share state between handlers.'
+    },
+    schema: [],
+    messages: {
+      noSharedHandlerVariable: 'Assignment to a non-local variable inside a CDS event handler (was declared in scope "{{definitionScope}}").'
+    },
+    hasSuggestions: true
+  },
+  create: context => new NoSharedVariable(context).asESLintVisitor()
+}

package/lib/rules/js/types.d.ts

@@ -0,0 +1,15 @@
+export declare namespace CdsContextTracker {
+    type VariableType = 'let' | 'const' | 'var' | 'import'
+
+    type Variable = {
+        name: string, 
+        original: string
+        type: VariableType,
+        isCdsVariable: boolean
+    }
+
+    type Scope = {
+        name: string,
+        variables: Variable[]
+    }
+}

package/lib/rules/js/use-cql-select-template-strings.js

@@ -0,0 +1,64 @@
+'use strict'
+
+const { RULE_CATEGORIES } = require('../../constants')
+const { CdsHandlerRule } = require('./CdsHandlerRule')
+
+const isCqlClauseStart = node => ['SELECT', 'UPDATE', 'INSERT', 'DELETE', 'UPSERT'].includes(node.name)
+
+/**
+ * ESLint goes through member functions in reverse order:
+ *   x.y.z -> z, y, x
+ * so we can not track when we
+ * enter a CQL clause, but instead have to check the chain of ancestors for each member
+ * recursively. If we find the topmost function call is a CQL clause (SELECT, UPDATE, etc.),
+ * none of the member functions in the chain are allowed to use untagged template strings.
+ */
+const isInCqlClause = node => {
+  if (!node) return false
+  if (node.type === 'CallExpression' && isCqlClauseStart(node.callee)) return true
+  if (node.type === 'TaggedTemplateExpression' && isCqlClauseStart(node.tag)) return true
+  // f(...) and f`...` have slightly different structure, the former has .callee, the latter has .tag
+  // -> use the first that is available to ascend through the call chain
+  return isInCqlClause(node.callee?.object ?? node.tag?.object)
+}
+
+class CqlSelectUseTemplateStrings extends CdsHandlerRule {
+  CallExpression(node) {
+    super.CallExpression(node)
+    const [arg] = node.arguments ?? []
+    if (arg?.type !== 'TemplateLiteral') return
+    if (arg.expressions.length === 0) return  // no expressions in the template string, so no SQL injection risk
+    if (!isInCqlClause(node)) return
+
+    const [functionName, prefix] =  node.callee.type === 'MemberExpression'
+      // for ….where`...` we need to use the full preceding expression in the following replacement
+      ? [node.callee.property?.name, this.context.getSourceCode().getText(node.callee)]
+      // for SELECT`...` we can use the function name directly
+      : [node.callee.name, node.callee.name]
+    this.context.report({
+      node,
+      message: 'Do not use {{functionName}}(`...`) inside CQL statements, which is prone to SQL injections.',
+      data: { functionName },
+      suggest: [{
+        desc: 'Use {{functionName}}`...` instead of {{functionName}}(`...`)',
+        data: { functionName },
+        fix: fixer => fixer.replaceText(node, `${prefix}${this.context.getSourceCode().getText(arg)}`)
+      }]
+    })
+  }
+}
+
+module.exports = {
+  meta: {
+    type: 'problem',
+    docs: {
+      recommended: true,
+      category: RULE_CATEGORIES.javascript,
+      description: 'Discourage use of SELECT(...), which allows SQL injections, in favour of SELECT`...`.'
+    },
+    fixable: 'code',
+    schema: [],
+    hasSuggestions: true
+  },
+  create: context => new CqlSelectUseTemplateStrings(context).asESLintVisitor()
+}

package/lib/rules/latest-cds-version.js

@@ -2,11 +2,13 @@
 
 const cp = require('child_process')
 const semver = require('semver')
+const { RULE_CATEGORIES } = require('../constants')
 
 module.exports = {
   meta: {
     schema: [{/* to avoid deprecation warning for ESLint 9 */}],
     docs: {
+      category: RULE_CATEGORIES.environment,
       description: 'Checks whether the latest `@sap/cds` version is being used.',
     },
     type: 'suggestion',

package/lib/rules/no-db-keywords.js

@@ -1,6 +1,7 @@
 'use strict'
 
 const cds = require('@sap/cds')
+const { RULE_CATEGORIES } = require('../constants')
 
 // REVISIT: Replace by compiler-provided check
 const RESERVED = cds.compile.to.sql.sqlite
@@ -11,6 +12,7 @@ module.exports = {
   meta: {
     schema: [{/* to avoid deprecation warning for ESLint 9 */}],
     docs: {
+      category: RULE_CATEGORIES.model,
       description: 'Avoid using reserved SQL keywords.',
       url: 'https://cap.cloud.sap/docs/tools/cds-lint/rules/no-db-keywords',
     },

package/lib/rules/no-dollar-prefixed-names.js

@@ -1,9 +1,45 @@
 'use strict'
 
+const { RULE_CATEGORIES } = require('../constants')
+
+/**
+ * Util to check if an entity is part of an external service.
+ */
+class ExternalServices {
+  hasExternalServices = false
+  externalServices = Object.create(null)
+
+  static create(model) {
+    return new ExternalServices(model)
+  }
+
+  constructor(model) {
+    for (const defName in model.definitions) {
+      const def = model.definitions[defName]
+      if (def?.kind === 'service' && def['@cds.external']) {
+        this.externalServices[defName] = true
+        this.hasExternalServices = true
+      }
+    }
+  }
+
+  isInExternalService(defName) {
+    if (!this.hasExternalServices)
+      return false // shortcut
+    const segments = defName.split('.')
+    for (let i = segments.length - 1; i >= 0; i--)
+      if (this.externalServices[segments.slice(0, i).join('.')])
+        return true
+    return false
+  }
+
+}
+
 module.exports = {
   meta: {
     schema: [{/* to avoid deprecation warning for ESLint 9 */}],
     docs: {
+      category: RULE_CATEGORIES.model,
       description: 'Names must not start with $ to avoid possible shadowing of reserved variables.',
       recommended: true,
       url: 'https://cap.cloud.sap/docs/tools/cds-lint/rules/no-dollar-prefixed-names',
@@ -13,17 +49,39 @@ module.exports = {
     },
     type: 'problem'
   },
-  create (context) {
-    return { element: _check }
 
-    function _check (d) {
-      const srv = d._service || (d.parent && d.parent._service)
-      if (srv && srv['@cds.external']) return
-      if (d.name.startsWith('$')) {
+  create(context) {
+    const model = context.getModel()
+    if (!model?.definitions)
+      return
+
+    const externals = ExternalServices.create(model)
+
+    return function checkAllElementsForDollarPrefix() {
+      for (const defName in model.definitions) {
+        if (!externals.isInExternalService(defName))
+          checkElements(defName, model.definitions[defName])
+      }
+    }
+
+    function checkElements(defName, def) {
+      if (!Object.hasOwn(def,'elements') || !def.elements || typeof def.elements !== 'object')
+        return
+
+      for (const elementName in def.elements) {
+        const element = def.elements[elementName]
+        check(elementName, element)
+        if (element.elements)
+          checkElements(elementName, element)
+      }
+    }
+
+    function check(name, def) {
+      if (name.startsWith('$')) {
         context.report({
           messageId: 'dollarPrefix',
-          data: { name: d.name },
-          node: context.getNode(d)
+          data: { name },
+          loc: context.getLocation(name, def, model),
         })
       }
     }

package/lib/rules/no-java-keywords.js

@@ -1,5 +1,6 @@
 'use strict'
 
+const { RULE_CATEGORIES } = require('../constants')
 // Check that Java keywords are not used as identifiers unless they have
 // a Java-specific annotation that renames/ignores them.  This avoids issues
 // later on in code-generation of CAP Java classes.
@@ -26,6 +27,7 @@ module.exports = {
   meta: {
     schema: [{/* to avoid deprecation warning for ESLint 9 */}],
     docs: {
+      category: RULE_CATEGORIES.model,
       description: 'Reject reserved Java keywords as CDS identifiers.',
       url: 'https://cap.cloud.sap/docs/tools/cds-lint/rules/no-java-keywords',
     },

package/lib/rules/no-join-on-draft.js

@@ -1,9 +1,12 @@
 'use strict'
 
+const { RULE_CATEGORIES } = require('../constants')
+
 module.exports = {
   meta: {
     schema: [{/* to avoid deprecation warning for ESLint 9 */}],
     docs: {
+      category: RULE_CATEGORIES.model,
       description: 'Draft-enabled entities shall not be used in views that make use of `JOIN`.',
       recommended: true,
       url: 'https://cap.cloud.sap/docs/tools/cds-lint/rules/no-join-on-draft',