@sap/eslint-plugin-cds 4.2.3 → 4.2.4

package/CHANGELOG.md

@@ -6,6 +6,10 @@ This project adheres to [Semantic Versioning](https://semver.org/).
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/).
 
+## [4.2.4] - 2026-06-22
+### Fixed
+- `auth-valid-restrict-grant` no longer crashes on JOINs with three or more tables.
+
 ## [4.2.3] - 2026-05-12
 ### Fixed
 - Don't fail if the `tree-sitter` dependency cannot be installed. This might happen in WebContainer environments where native modules cannot be loaded.

package/lib/conf/all.js

@@ -12,6 +12,7 @@ module.exports = {
   '@sap/cds/latest-cds-version': 'error',
   '@sap/cds/no-db-keywords': 'error',
   '@sap/cds/no-dollar-prefixed-names': 'error',
+  '@sap/cds/no-escaped-anno-brackets': 'warn',
   '@sap/cds/no-join-on-draft': 'error',
   '@sap/cds/sql-cast-suggestion': 'error',
   '@sap/cds/start-elements-lowercase': 'error',

package/lib/conf/recommended.js

@@ -10,6 +10,7 @@ module.exports = {
   '@sap/cds/auth-valid-restrict-to': 'warn',
   '@sap/cds/auth-valid-restrict-where': 'warn',
   '@sap/cds/no-dollar-prefixed-names': 'warn',
+  '@sap/cds/no-escaped-anno-brackets': 'warn',
   '@sap/cds/no-join-on-draft': 'warn',
   '@sap/cds/sql-cast-suggestion': 'warn',
   '@sap/cds/valid-csv-header': 'warn',

package/lib/rules/auth-valid-restrict-grant.js

@@ -21,12 +21,19 @@ function extractActions (e, csn) {
     const entity = queue.pop()
     actions.push(...getActions(entity))
     if (isJoin(entity)) {
-      for (const { ref } of entity.query.SELECT.from.args[0].args) {
-        const ancestor = csn.definitions[ref[0]]
-        if (ancestor) {
-          queue.push(ancestor)
+      const collectRefs = args => {
+        for (const arg of args) {
+          if (arg.args) {
+            collectRefs(arg.args)
+          } else if (arg.ref) {
+            const ancestor = csn.definitions[arg.ref[0]]
+            if (ancestor) {
+              queue.push(ancestor)
+            }
+          }
         }
       }
+      collectRefs(entity.query.SELECT.from.args)
     } else if (isProjection(entity)) {
       const ancestor = csn.definitions[projectionTarget(entity)]
       if (ancestor) {

package/lib/rules/no-escaped-anno-brackets.js

@@ -0,0 +1,85 @@
+'use strict'
+
+const { RULE_CATEGORIES } = require('../constants')
+
+module.exports = {
+  meta: {
+    schema: [{/* to avoid deprecation warning for ESLint 9 */}],
+    docs: {
+      category: RULE_CATEGORIES.model,
+      description: 'Escaped annotation syntax ![@...] is unnecessary in modern CAP CDS.',
+      recommended: true,
+      url: 'https://cap.cloud.sap/docs/tools/cds-lint/rules/no-escaped-anno-brackets',
+    },
+    type: 'problem',
+    fixable: 'code',
+    messages: {
+      noEscapedAnno: "Escaped annotation '![@{{name}}]' is unnecessary. Use '@{{name}}' instead.",
+    },
+    model: 'parsed',
+  },
+
+  create(context) {
+    return function checkNoEscapedAnnotations() {
+      const sourceCode = context.sourceCode
+      const code = sourceCode.getText()
+
+      const regex = /!\[@([^\]]+)\]/g
+      let match
+      while ((match = regex.exec(code)) !== null) {
+        const index = match.index
+        if (_isInCommentOrString(code, index)) continue
+
+        const name = match[1]
+        const loc = sourceCode.getLocFromIndex(index)
+        const endLoc = sourceCode.getLocFromIndex(index + match[0].length)
+
+        context.report({
+          messageId: 'noEscapedAnno',
+          data: { name },
+          loc: { start: loc, end: endLoc },
+          fix: fixer => fixer.replaceTextRange(
+            [index, index + match[0].length],
+            '@' + name
+          ),
+        })
+      }
+    }
+  }
+}
+
+/**
+ * Checks whether the given index in code falls inside a line comment,
+ * block comment, or string literal.
+ * @param {string} code
+ * @param {number} index
+ * @returns {boolean}
+ */
+function _isInCommentOrString(code, index) {
+  let i = 0
+  let inLineComment = false
+  let inBlockComment = false
+  let inString = false
+  let stringChar = ''
+
+  while (i < index) {
+    const ch = code[i]
+    if (inLineComment) {
+      if (ch === '\n') inLineComment = false
+    } else if (inBlockComment) {
+      if (ch === '*' && code[i + 1] === '/') {
+        inBlockComment = false
+        i++
+      }
+    } else if (inString) {
+      if (ch === '\\') { i++ } // skip escaped char
+      else if (ch === stringChar) inString = false
+    } else {
+      if (ch === '/' && code[i + 1] === '/') { inLineComment = true; i++ }
+      else if (ch === '/' && code[i + 1] === '*') { inBlockComment = true; i++ }
+      else if (ch === "'" || ch === '"') { inString = true; stringChar = ch }
+    }
+    i++
+  }
+  return inLineComment || inBlockComment || inString
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sap/eslint-plugin-cds",
-  "version": "4.2.3",
+  "version": "4.2.4",
   "description": "ESLint plugin including recommended SAP Cloud Application Programming model and environment rules",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [
@@ -20,8 +20,8 @@
     "README.md"
   ],
   "dependencies": {
-    "@eslint/plugin-kit": "^0.7.0",
-    "semver": "^7.7.1"
+    "@eslint/plugin-kit": "^0.7.2",
+    "semver": "^7.8.2"
   },
   "optionalDependencies": {
     "tree-sitter": "^0.21.1",
@@ -32,6 +32,6 @@
     "eslint": "^9 || ^10"
   },
   "engines": {
-    "node": ">=20"
+    "node": ">=22"
   }
 }