From 1542da05921ad4a0d347dad3e36420b74f3e50e0 Mon Sep 17 00:00:00 2001 From: Cody Jackson Date: Wed, 20 Nov 2024 14:21:48 -0700 Subject: [PATCH] Adding a custom lint rule to ensure we use v-clean-tooltip instead of v-tooltip directives. --- .eslintrc.default.js | 5 +++- eslint-local-rules/v-clean-tooltip.js | 33 +++++++++++++++++++++++++++ package.json | 2 +- pkg/rancher-components/package.json | 2 +- 4 files changed, 39 insertions(+), 3 deletions(-) create mode 100644 eslint-local-rules/v-clean-tooltip.js diff --git a/.eslintrc.default.js b/.eslintrc.default.js index ca2760c687c..3abd08eb2b2 100644 --- a/.eslintrc.default.js +++ b/.eslintrc.default.js @@ -190,7 +190,10 @@ module.exports = { 'vue/one-component-per-file': 'off', 'vue/no-deprecated-slot-attribute': 'off', 'vue/require-explicit-emits': 'error', - 'vue/v-on-event-hyphenation': 'off' + 'vue/v-on-event-hyphenation': 'off', + + // Locally defined rules, you can find these defined in the `eslint-local-rules` directory. + 'v-clean-tooltip': 'error', }, overrides: [ { diff --git a/eslint-local-rules/v-clean-tooltip.js b/eslint-local-rules/v-clean-tooltip.js new file mode 100644 index 00000000000..5f43105a5f7 --- /dev/null +++ b/eslint-local-rules/v-clean-tooltip.js @@ -0,0 +1,33 @@ +// Currently loading these rules with the --rulesdir argument. In the future we could make use of `eslint-plugin-local-rules`. +const vueUtils = require('eslint-plugin-vue/lib/utils'); + +module.exports = { + meta: { + type: 'problem', + docs: { description: 'We want to use `v-clean-tooltip` instead of `v-tooltip` in most all areas to avoid XSS exploits.' }, + schema: [], + }, + create(context) { + return vueUtils.defineTemplateBodyVisitor(context, { + VAttribute(node) { + // v-tooltip is a VDirectiveKey + if (node?.key?.type !== 'VDirectiveKey') { + return; + } + + // v-tooltip is also a VIdentifier + if (node.key.name.type !== 'VIdentifier') { + return; + } + + if (node.key.name.name === 'tooltip') { + context.report({ + node: node.key, + loc: node.loc, + message: 'We want to use `v-clean-tooltip` instead of `v-tooltip` in most all areas to avoid XSS exploits.' + }); + } + } + }); + } +}; diff --git a/package.json b/package.json index 1e8ab5ede69..7c8cf352314 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,7 @@ "serve-pkgs": "./shell/scripts/serve-pkgs", "publish-shell-reset-reg": "cd shell && npm publish", "clean": "./shell/scripts/clean", - "lint": "./node_modules/.bin/eslint --max-warnings 0 --ext .js,.ts,.vue .", + "lint": "./node_modules/.bin/eslint --rulesdir ./eslint-local-rules --max-warnings 0 --ext .js,.ts,.vue .", "lint:lib": "cd pkg/rancher-components && yarn lint", "lint-l10n": "./node_modules/.bin/yamllint ./shell/assets/translations", "test": "NODE_OPTIONS=--max_old_space_size=8192 jest --watch", diff --git a/pkg/rancher-components/package.json b/pkg/rancher-components/package.json index fa0be8f1c1b..fc06b9a0d94 100644 --- a/pkg/rancher-components/package.json +++ b/pkg/rancher-components/package.json @@ -15,7 +15,7 @@ "types": "./types/index.d.ts", "scripts": { "build:lib": "vue-cli-service build --target lib --name @rancher/components src/main.ts", - "lint": "vue-cli-service lint" + "lint": "vue-cli-service lint --rulesdir ../../eslint-local-rules" }, "engines": { "node": ">=20.0.0"