From 4f2b46825f3a1641b748e910eb3c5663f0698475 Mon Sep 17 00:00:00 2001 From: Cody Jackson Date: Wed, 20 Nov 2024 14:21:48 -0700 Subject: [PATCH] Adding a custom lint rule to ensure we use v-clean-tooltip instead of v-tooltip directives. --- .eslintrc.default.js | 5 +++- eslint-local-rules/v-clean-tooltip.js | 33 +++++++++++++++++++++++++++ package.json | 2 +- pkg/rancher-components/package.json | 4 ++-- 4 files changed, 40 insertions(+), 4 deletions(-) create mode 100644 eslint-local-rules/v-clean-tooltip.js diff --git a/.eslintrc.default.js b/.eslintrc.default.js index ca2760c687..3abd08eb2b 100644 --- a/.eslintrc.default.js +++ b/.eslintrc.default.js @@ -190,7 +190,10 @@ module.exports = { 'vue/one-component-per-file': 'off', 'vue/no-deprecated-slot-attribute': 'off', 'vue/require-explicit-emits': 'error', - 'vue/v-on-event-hyphenation': 'off' + 'vue/v-on-event-hyphenation': 'off', + + // Locally defined rules, you can find these defined in the `eslint-local-rules` directory. + 'v-clean-tooltip': 'error', }, overrides: [ { diff --git a/eslint-local-rules/v-clean-tooltip.js b/eslint-local-rules/v-clean-tooltip.js new file mode 100644 index 0000000000..5f43105a5f --- /dev/null +++ b/eslint-local-rules/v-clean-tooltip.js @@ -0,0 +1,33 @@ +// Currently loading these rules with the --rulesdir argument. In the future we could make use of `eslint-plugin-local-rules`. +const vueUtils = require('eslint-plugin-vue/lib/utils'); + +module.exports = { + meta: { + type: 'problem', + docs: { description: 'We want to use `v-clean-tooltip` instead of `v-tooltip` in most all areas to avoid XSS exploits.' }, + schema: [], + }, + create(context) { + return vueUtils.defineTemplateBodyVisitor(context, { + VAttribute(node) { + // v-tooltip is a VDirectiveKey + if (node?.key?.type !== 'VDirectiveKey') { + return; + } + + // v-tooltip is also a VIdentifier + if (node.key.name.type !== 'VIdentifier') { + return; + } + + if (node.key.name.name === 'tooltip') { + context.report({ + node: node.key, + loc: node.loc, + message: 'We want to use `v-clean-tooltip` instead of `v-tooltip` in most all areas to avoid XSS exploits.' + }); + } + } + }); + } +}; diff --git a/package.json b/package.json index 1e8ab5ede6..7c8cf35231 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,7 @@ "serve-pkgs": "./shell/scripts/serve-pkgs", "publish-shell-reset-reg": "cd shell && npm publish", "clean": "./shell/scripts/clean", - "lint": "./node_modules/.bin/eslint --max-warnings 0 --ext .js,.ts,.vue .", + "lint": "./node_modules/.bin/eslint --rulesdir ./eslint-local-rules --max-warnings 0 --ext .js,.ts,.vue .", "lint:lib": "cd pkg/rancher-components && yarn lint", "lint-l10n": "./node_modules/.bin/yamllint ./shell/assets/translations", "test": "NODE_OPTIONS=--max_old_space_size=8192 jest --watch", diff --git a/pkg/rancher-components/package.json b/pkg/rancher-components/package.json index fa0be8f1c1..da00d5c022 100644 --- a/pkg/rancher-components/package.json +++ b/pkg/rancher-components/package.json @@ -14,8 +14,8 @@ ], "types": "./types/index.d.ts", "scripts": { - "build:lib": "vue-cli-service build --target lib --name @rancher/components src/main.ts", - "lint": "vue-cli-service lint" + "build:lib": "vue-cli-service build --skip-plugins eslint --target lib --name @rancher/components src/main.ts", + "lint": "vue-cli-service lint --rulesdir ../../eslint-local-rules" }, "engines": { "node": ">=20.0.0"