lib/src/rules/unsafe_html.dart - linter - Git at Google

 // Copyright (c) 2019, the Dart project authors. Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.

 import 'package:analyzer/dart/ast/ast.dart';
 import 'package:analyzer/dart/ast/visitor.dart';
 import 'package:analyzer/dart/element/type.dart';

 import '../analyzer.dart';
 import '../util/dart_type_utilities.dart';

 const _descPrefix = r'Avoid unsafe HTML APIs';
 const _desc = '$_descPrefix.';

 const _details = r'''

 **AVOID**

 * assigning directly to the `href` field of an AnchorElement
 * assigning directly to the `src` field of an EmbedElement, IFrameElement,
   ImageElement, or ScriptElement
 * assigning directly to the `srcdoc` field of an IFrameElement
 * calling the `createFragment` method of Element
 * calling the `setInnerHtml` method of Element


 **BAD:**
 ```
 var script = ScriptElement()..src = 'foo.js';
 ```
 ''';

 extension on DartType {
   /// Returns whether this type extends [className] from the dart:html library.
   bool extendsDartHtmlClass(String className) =>
       DartTypeUtilities.extendsClass(this, className, 'dart.dom.html');
 }

 class UnsafeHtml extends LintRule implements NodeLintRule {
   UnsafeHtml()
       : super(
             name: 'unsafe_html',
             description: _desc,
             details: _details,
             group: Group.errors);

   @override
   void registerNodeProcessors(
       NodeLintRegistry registry, LinterContext context) {
     final visitor = _Visitor(this);
     registry.addAssignmentExpression(this, visitor);
     registry.addMethodInvocation(this, visitor);
   }
 }

 class _Visitor extends SimpleAstVisitor<void> {
   static const hrefAttributeCode =
       LintCode('unsafe_html', '$_descPrefix (assigning "href" attribute).');
   static const srcAttributeCode =
       LintCode('unsafe_html', '$_descPrefix (assigning "src" attribute).');
   static const srcdocAttributeCode =
       LintCode('unsafe_html', '$_descPrefix (assigning "srcdoc" attribute).');
   static const createFragmentMethodCode = LintCode('unsafe_html',
       '$_descPrefix (calling the "createFragment" method of Element).');
   static const setInnerHtmlMethodCode = LintCode('unsafe_html',
       '$_descPrefix (calling the "setInnerHtml" method of Element).');

   final LintRule rule;

   _Visitor(this.rule);

   @override
   void visitAssignmentExpression(AssignmentExpression node) {
     final leftPart = node.leftHandSide.unParenthesized;
     if (leftPart is PropertyAccess) {
       _checkAssignment(leftPart.realTarget, leftPart.propertyName, node);
     } else if (leftPart is PrefixedIdentifier) {
       _checkAssignment(leftPart.prefix, leftPart.identifier, node);
     }
   }

   void _checkAssignment(Expression target, SimpleIdentifier property,
       AssignmentExpression assignment) {
     if (property == null || target == null) return;

     // It is more efficient to check the setter's name before checking whether
     // the target is an interesting type.
     if (property.name == 'href') {
       final type = target.staticType;
       if (type.isDynamic || type.extendsDartHtmlClass('AnchorElement')) {
         rule.reportLint(assignment, errorCode: hrefAttributeCode);
       }
     } else if (property.name == 'src') {
       final type = target.staticType;
       if (type.isDynamic ||
           type.extendsDartHtmlClass('EmbedElement') ||
           type.extendsDartHtmlClass('IFrameElement') ||
           type.extendsDartHtmlClass('ImageElement') ||
           type.extendsDartHtmlClass('ScriptElement')) {
         rule.reportLint(assignment, errorCode: srcAttributeCode);
       }
     } else if (property.name == 'srcdoc') {
       final type = target.staticType;
       if (type.isDynamic || type.extendsDartHtmlClass('IFrameElement')) {
         rule.reportLint(assignment, errorCode: srcdocAttributeCode);
       }
     }
   }

   @override
   void visitMethodInvocation(MethodInvocation node) {
     var type = node.target?.staticType;
     if (type == null) return;

     var methodName = node.methodName?.name;
     if (methodName == null) return;

     if (methodName == 'createFragment' &&
         (type.isDynamic || type.extendsDartHtmlClass('Element'))) {
       rule.reportLint(node, errorCode: createFragmentMethodCode);
     } else if (methodName == 'setInnerHtml' &&
         (type.isDynamic || type.extendsDartHtmlClass('Element'))) {
       rule.reportLint(node, errorCode: setInnerHtmlMethodCode);
     }
   }
 }
	// Copyright (c) 2019, the Dart project authors. Please see the AUTHORS file
	// for details. All rights reserved. Use of this source code is governed by a
	// BSD-style license that can be found in the LICENSE file.

	import 'package:analyzer/dart/ast/ast.dart';
	import 'package:analyzer/dart/ast/visitor.dart';
	import 'package:analyzer/dart/element/type.dart';

	import '../analyzer.dart';
	import '../util/dart_type_utilities.dart';

	const _descPrefix = r'Avoid unsafe HTML APIs';
	const _desc = '$_descPrefix.';

	const _details = r'''

	AVOID

	* assigning directly to the `href` field of an AnchorElement
	* assigning directly to the `src` field of an EmbedElement, IFrameElement,
	ImageElement, or ScriptElement
	* assigning directly to the `srcdoc` field of an IFrameElement
	* calling the `createFragment` method of Element
	* calling the `setInnerHtml` method of Element


	BAD:
	```
	var script = ScriptElement()..src = 'foo.js';
	```
	''';

	extension on DartType {
	/// Returns whether this type extends [className] from the dart:html library.
	bool extendsDartHtmlClass(String className) =>
	DartTypeUtilities.extendsClass(this, className, 'dart.dom.html');
	}

	class UnsafeHtml extends LintRule implements NodeLintRule {
	UnsafeHtml()
	: super(
	name: 'unsafe_html',
	description: _desc,
	details: _details,
	group: Group.errors);

	@override
	void registerNodeProcessors(
	NodeLintRegistry registry, LinterContext context) {
	final visitor = _Visitor(this);
	registry.addAssignmentExpression(this, visitor);
	registry.addMethodInvocation(this, visitor);
	}
	}

	class _Visitor extends SimpleAstVisitor<void> {
	static const hrefAttributeCode =
	LintCode('unsafe_html', '$_descPrefix (assigning "href" attribute).');
	static const srcAttributeCode =
	LintCode('unsafe_html', '$_descPrefix (assigning "src" attribute).');
	static const srcdocAttributeCode =
	LintCode('unsafe_html', '$_descPrefix (assigning "srcdoc" attribute).');
	static const createFragmentMethodCode = LintCode('unsafe_html',
	'$_descPrefix (calling the "createFragment" method of Element).');
	static const setInnerHtmlMethodCode = LintCode('unsafe_html',
	'$_descPrefix (calling the "setInnerHtml" method of Element).');

	final LintRule rule;

	_Visitor(this.rule);

	@override
	void visitAssignmentExpression(AssignmentExpression node) {
	final leftPart = node.leftHandSide.unParenthesized;
	if (leftPart is PropertyAccess) {
	_checkAssignment(leftPart.realTarget, leftPart.propertyName, node);
	} else if (leftPart is PrefixedIdentifier) {
	_checkAssignment(leftPart.prefix, leftPart.identifier, node);
	}
	}

	void _checkAssignment(Expression target, SimpleIdentifier property,
	AssignmentExpression assignment) {
	if (property == null \|\| target == null) return;

	// It is more efficient to check the setter's name before checking whether
	// the target is an interesting type.
	if (property.name == 'href') {
	final type = target.staticType;
	if (type.isDynamic \|\| type.extendsDartHtmlClass('AnchorElement')) {
	rule.reportLint(assignment, errorCode: hrefAttributeCode);
	}
	} else if (property.name == 'src') {
	final type = target.staticType;
	if (type.isDynamic \|\|
	type.extendsDartHtmlClass('EmbedElement') \|\|
	type.extendsDartHtmlClass('IFrameElement') \|\|
	type.extendsDartHtmlClass('ImageElement') \|\|
	type.extendsDartHtmlClass('ScriptElement')) {
	rule.reportLint(assignment, errorCode: srcAttributeCode);
	}
	} else if (property.name == 'srcdoc') {
	final type = target.staticType;
	if (type.isDynamic \|\| type.extendsDartHtmlClass('IFrameElement')) {
	rule.reportLint(assignment, errorCode: srcdocAttributeCode);
	}
	}
	}

	@override
	void visitMethodInvocation(MethodInvocation node) {
	var type = node.target?.staticType;
	if (type == null) return;

	var methodName = node.methodName?.name;
	if (methodName == null) return;

	if (methodName == 'createFragment' &&
	(type.isDynamic \|\| type.extendsDartHtmlClass('Element'))) {
	rule.reportLint(node, errorCode: createFragmentMethodCode);
	} else if (methodName == 'setInnerHtml' &&
	(type.isDynamic \|\| type.extendsDartHtmlClass('Element'))) {
	rule.reportLint(node, errorCode: setInnerHtmlMethodCode);
	}
	}
	}