gscan 6.2.1 → 6.4.0

package/lib/ast-linter/rules/index.js

@@ -14,6 +14,7 @@ module.exports = {
     'GS090-NO-PRICE-DATA-MONTHLY-YEARLY': require('./lint-no-price-data-monthly-yearly'),
     'GS090-NO-LIMIT-ALL-IN-GET-HELPER': require('./lint-no-limit-all-in-get-helper'),
     'GS090-NO-LIMIT-OVER-100-IN-GET-HELPER': require('./lint-no-limit-over-100-in-get-helper'),
+    'GS090-NO-INVALID-CONDITIONAL-ARGUMENTS': require('./lint-no-multi-param-conditionals'),
     'GS110-NO-UNKNOWN-PAGE-BUILDER-USAGE': require('./lint-no-unknown-page-properties'),
     'GS120-NO-UNKNOWN-GLOBALS': require('./lint-no-unknown-globals'),
     'no-multi-param-conditionals': require('./lint-no-multi-param-conditionals'),

package/lib/ast-linter/rules/lint-no-img-url-in-conditionals.js

@@ -9,7 +9,7 @@ const message = 'The {{img_url}} helper should not be used as a parameter to {{#
 module.exports = class NoMultiParamConditionals extends Rule {
     _checkForImgUrlParam(node) {
         const isConditional = node.path.original === 'if' || node.path.original === 'unless';
-        const hasImgUrlParam = isConditional && node.params[0].original === 'img_url';
+        const hasImgUrlParam = isConditional && node.params[0] && node.params[0].original === 'img_url';
         let fix;
 
         if (isConditional && hasImgUrlParam) {

package/lib/ast-linter/rules/lint-no-multi-param-conditionals.js

@@ -1,22 +1,24 @@
 // https://github.com/TryGhost/gscan/issues/85
 
 const Rule = require('./base');
-const message = 'Multiple params are not supported in an {{if}} or {{unless}} statement.';
+const message = 'The {{#if}} and {{#unless}} helpers require exactly one argument.';
 
 // valid:
 // {{#if foo}}
 // {{#unless foo}}
 
 // invalid:
+// {{#if}}
 // {{#if foo bar}}
+// {{#unless}}
 // {{#unless foo bar}}
 
 module.exports = class NoMultiParamConditionals extends Rule {
     _checkForMultipleParams(node) {
         const isConditional = node.path.original === 'if' || node.path.original === 'unless';
-        const hasTooManyParams = node.params.length > 1;
+        const hasInvalidParamCount = node.params.length !== 1;
 
-        if (isConditional && hasTooManyParams) {
+        if (isConditional && hasInvalidParamCount) {
             this.log({
                 message,
                 line: node.loc && node.loc.start.line,

package/lib/checks/130-template-inheritance.js

@@ -0,0 +1,154 @@
+const _ = require('lodash');
+const path = require('path');
+const spec = require('../specs');
+const {versions, normalizePath} = require('../utils');
+
+const ruleCode = 'GS130-NO-RECURSIVE-LAYOUT';
+const layoutPattern = /{{!<\s+([A-Za-z0-9._/-]+)\s*}}/;
+
+function ensureExtension(layoutPath) {
+    if (path.posix.extname(layoutPath)) {
+        return layoutPath;
+    }
+
+    return `${layoutPath}.hbs`;
+}
+
+function resolveLayoutPath(sourceFile, layoutName) {
+    const source = normalizePath(sourceFile);
+    const layout = ensureExtension(normalizePath(layoutName));
+
+    // Ghost resolves layouts with path.resolve(templateDir, layout), so a leading
+    // slash is filesystem-absolute and never resolves to a theme file
+    if (layout.startsWith('/')) {
+        return null;
+    }
+
+    return path.posix.normalize(path.posix.join(path.posix.dirname(source), layout));
+}
+
+function getLocation(source, index) {
+    const lines = source.slice(0, index).split('\n');
+
+    return {
+        line: lines.length,
+        column: lines[lines.length - 1].length
+    };
+}
+
+function getLayoutReference(themeFile) {
+    const source = normalizePath(themeFile.normalizedFile || themeFile.file);
+    const content = themeFile.content || '';
+    const match = content.match(layoutPattern);
+
+    if (!match) {
+        return;
+    }
+
+    const target = resolveLayoutPath(source, match[1]);
+
+    if (!target) {
+        return;
+    }
+
+    return {
+        source,
+        target,
+        location: getLocation(content, match.index)
+    };
+}
+
+function buildInheritanceGraph(theme) {
+    const hbsFiles = theme.files.filter(file => file.ext === '.hbs');
+    const existingFiles = new Set(hbsFiles.map(file => normalizePath(file.normalizedFile || file.file)));
+    const graph = new Map();
+
+    hbsFiles.forEach((themeFile) => {
+        const reference = getLayoutReference(themeFile);
+
+        if (!reference || !existingFiles.has(reference.target)) {
+            return;
+        }
+
+        graph.set(reference.source, reference);
+    });
+
+    return graph;
+}
+
+function getCyclePath(stack, target) {
+    const targetIndex = stack.indexOf(target);
+    return stack.slice(targetIndex).concat(target).join(' -> ');
+}
+
+function getRecursiveLayoutFailures(graph) {
+    const visited = new Set();
+    const visiting = new Set();
+    const stack = [];
+    const reportedCycles = new Set();
+    const failures = [];
+
+    function visit(file) {
+        visiting.add(file);
+        stack.push(file);
+
+        const reference = graph.get(file);
+
+        if (!reference) {
+            stack.pop();
+            visiting.delete(file);
+            visited.add(file);
+            return;
+        }
+
+        if (visiting.has(reference.target)) {
+            const cyclePath = getCyclePath(stack, reference.target);
+
+            if (!reportedCycles.has(cyclePath)) {
+                reportedCycles.add(cyclePath);
+
+                failures.push({
+                    ref: reference.source,
+                    line: reference.location.line,
+                    column: reference.location.column,
+                    message: `Recursive layout inheritance detected: ${cyclePath}`
+                });
+            }
+        } else if (!visited.has(reference.target)) {
+            visit(reference.target);
+        }
+
+        stack.pop();
+        visiting.delete(file);
+        visited.add(file);
+    }
+
+    graph.forEach((_references, file) => {
+        if (!visited.has(file)) {
+            visit(file);
+        }
+    });
+
+    return failures;
+}
+
+const checkTemplateInheritance = function checkTemplateInheritance(theme, options) {
+    const checkVersion = _.get(options, 'checkVersion', versions.default);
+    const ruleSet = spec.get([checkVersion]);
+
+    if (!ruleSet.rules[ruleCode]) {
+        return theme;
+    }
+
+    const failures = getRecursiveLayoutFailures(buildInheritanceGraph(theme));
+
+    if (failures.length > 0) {
+        theme.results.fail[ruleCode] = {failures};
+    } else {
+        theme.results.pass.push(ruleCode);
+    }
+
+    return theme;
+};
+
+module.exports = checkTemplateInheritance;

package/lib/specs/v6.js

@@ -11,6 +11,12 @@ const previousRules = previousSpec.rules;
 let knownHelpers = ['split', 'json', 'color_to_rgba', 'contrast_text_color', 'raw', 'search', 'social_accounts'];
 let templates = [];
 let rules = {
+    'GS090-NO-INVALID-CONDITIONAL-ARGUMENTS': {
+        level: 'error',
+        fatal: true,
+        rule: 'Use exactly one argument in <code>{{#if}}</code> and <code>{{#unless}}</code> helpers',
+        details: oneLineTrim`The <code>{{#if}}</code> and <code>{{#unless}}</code> helpers only support one argument. To compare values, use a supported helper such as <code>{{#match}}</code>, for example <code>{{#match statusCode 404}}</code>.`
+    },
     'GS090-NO-LIMIT-ALL-IN-GET-HELPER': {
         level: 'warning',
         rule: 'Using <code>limit="all"</code> in <code>{{#get}}</code> helper is not supported',
@@ -48,6 +54,12 @@ let rules = {
         details: 'AMP support was removed in Ghost 6.0. Remove AMP templates and use responsive design instead.',
         // Matches <html amp> or <html ⚡>, with or without other attributes mixed in
         regex: /<html\s+(?:amp|⚡)(?:\s|>)|<html\s+[^>]*\s(?:amp|⚡)(?:\s|>)/i
+    },
+    'GS130-NO-RECURSIVE-LAYOUT': {
+        level: 'error',
+        fatal: true,
+        rule: 'Templates must not recursively inherit layouts',
+        details: oneLineTrim`Remove recursive layout inheritance such as <code>{{!&lt; default}}</code> from <code>default.hbs</code>. A template cannot inherit from itself, directly or through another layout, because it can cause rendering to recurse indefinitely.`
     }
 };
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gscan",
-  "version": "6.2.1",
+  "version": "6.4.0",
   "description": "Scans Ghost themes looking for errors, deprecations, features and compatibility",
   "keywords": [
     "ghost",
@@ -43,23 +43,23 @@
     "gscan": "./bin/cli.js"
   },
   "dependencies": {
-    "@sentry/node": "10.53.1",
-    "@tryghost/config": "2.2.1",
-    "@tryghost/debug": "2.2.1",
-    "@tryghost/errors": "3.2.2",
-    "@tryghost/logging": "5.0.1",
-    "@tryghost/nql": "0.12.10",
-    "@tryghost/pretty-cli": "3.2.1",
-    "@tryghost/server": "3.0.1",
-    "@tryghost/zip": "3.3.2",
+    "@sentry/node": "10.58.0",
+    "@tryghost/config": "2.3.0",
+    "@tryghost/debug": "2.3.0",
+    "@tryghost/errors": "3.3.0",
+    "@tryghost/logging": "5.1.0",
+    "@tryghost/nql": "0.13.1",
+    "@tryghost/pretty-cli": "3.3.0",
+    "@tryghost/server": "3.1.0",
+    "@tryghost/zip": "3.4.0",
     "chalk": "5.6.2",
     "express": "5.2.1",
     "express-handlebars": "8.0.1",
     "glob": "13.0.6",
     "handlebars": "4.7.9",
     "lodash": "4.18.1",
-    "multer": "2.1.1",
-    "semver": "7.8.1",
+    "multer": "2.2.0",
+    "semver": "7.8.4",
     "validator": "^13.0.0"
   },
   "devDependencies": {
@@ -67,11 +67,11 @@
     "@eslint/eslintrc": "3.3.5",
     "@eslint/js": "10.0.1",
     "@tryghost/pro-ship": "1.0.10",
-    "@vitest/coverage-v8": "4.1.7",
-    "eslint": "10.4.0",
+    "@vitest/coverage-v8": "4.1.9",
+    "eslint": "10.5.0",
     "eslint-plugin-ghost": "3.5.0",
     "nodemon": "3.1.14",
-    "vitest": "4.1.7"
+    "vitest": "4.1.9"
   },
   "files": [
     "lib",