fix: Ensure everything works with ESLint v9

fixes #144

Author: nzakas

package-lock.json

@@ -48,11 +48,11 @@
   "devDependencies": {
     "@eslint/js": "^8.51.0",
     "changelog": "1.3.0",
-    "eslint": "^8.51.0",
+    "eslint": "^9.0.0",
     "eslint-config-nodesecurity": "^1.3.1",
     "eslint-config-prettier": "^8.5.0",
     "eslint-doc-generator": "^1.0.2",
-    "eslint-plugin-eslint-plugin": "^5.1.1",
+    "eslint-plugin-eslint-plugin": "^5.5.1",
     "lint-staged": "^12.3.7",
     "markdownlint-cli": "^0.32.2",
     "mocha": "^9.2.2",

package.json

@@ -78,7 +78,7 @@ module.exports = {
       url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-bidi-characters.md',
     },
   },
-  create: function (context) {
+  create(context) {
     return {
       Program: function (node) {
         report({

rules/detect-bidi-characters.js

@@ -61,7 +61,7 @@ module.exports = {
       write,
     },
   },
-  create: function (context) {
+  create(context) {
     return {
       MemberExpression: function (node) {
         let index;

rules/detect-buffer-noassert.js

@@ -23,7 +23,8 @@ module.exports = {
       url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-child-process.md',
     },
   },
-  create: function (context) {
+  create(context) {
+    const sourceCode = context.sourceCode;
     return {
       CallExpression: function (node) {
         if (node.callee.name === 'require') {
@@ -46,14 +47,14 @@ module.exports = {
           !node.arguments.length ||
           isStaticExpression({
             node: node.arguments[0],
-            scope: context.getScope(),
+            scope: sourceCode.getScope(node.arguments[0]),
           })
         ) {
           return;
         }
         const pathInfo = getImportAccessPath({
           node: node.callee,
-          scope: context.getScope(),
+          scope: sourceCode.getScope(node.callee),
           packageNames: childProcessPackageNames,
         });
         const fnName = pathInfo && pathInfo.path.length === 1 && pathInfo.path[0];

rules/detect-child-process.js

@@ -10,7 +10,7 @@ module.exports = {
       url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-disable-mustache-escape.md',
     },
   },
-  create: function (context) {
+  create(context) {
     return {
       AssignmentExpression: function (node) {
         if (node.operator === '=') {

rules/detect-disable-mustache-escape.js

@@ -10,7 +10,7 @@ module.exports = {
       url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-new-buffer.md',
     },
   },
-  create: function (context) {
+  create(context) {
     return {
       NewExpression: function (node) {
         if (node.callee.name === 'Buffer' && node.arguments[0] && node.arguments[0].type !== 'Literal') {

rules/detect-new-buffer.js

@@ -19,7 +19,7 @@ module.exports = {
       url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-no-csrf-before-method-override.md',
     },
   },
-  create: function (context) {
+  create(context) {
     let csrf = false;
 
     return {

rules/detect-no-csrf-before-method-override.js

@@ -26,7 +26,8 @@ module.exports = {
       url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-non-literal-fs-filename.md',
     },
   },
-  create: function (context) {
+  create(context) {
+    const sourceCode = context.sourceCode;
     return {
       CallExpression: function (node) {
         // don't check require. If all arguments are Literals, it's surely safe!
@@ -36,7 +37,7 @@ module.exports = {
 
         const pathInfo = getImportAccessPath({
           node: node.callee,
-          scope: context.getScope(),
+          scope: sourceCode.getScope(node.callee),
           packageNames: fsPackageNames,
         });
         if (!pathInfo) {
@@ -79,7 +80,7 @@ module.exports = {
             continue;
           }
           const argument = node.arguments[index];
-          if (isStaticExpression({ node: argument, scope: context.getScope() })) {
+          if (isStaticExpression({ node: argument, scope: sourceCode.getScope(argument) })) {
             continue;
           }
           indices.push(index);

rules/detect-non-literal-fs-filename.js

@@ -21,7 +21,7 @@ module.exports = {
       url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-non-literal-regexp.md',
     },
   },
-  create: function (context) {
+  create(context) {
     return {
       NewExpression: function (node) {
         if (node.callee.name === 'RegExp') {
@@ -31,7 +31,7 @@ module.exports = {
             args.length > 0 &&
             !isStaticExpression({
               node: args[0],
-              scope: context.getScope(),
+              scope: context.sourceCode.getScope(args[0]),
             })
           ) {
             return context.report({ node: node, message: 'Found non-literal argument to RegExp Constructor' });

rules/detect-non-literal-regexp.js

@@ -21,7 +21,7 @@ module.exports = {
       url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-non-literal-require.md',
     },
   },
-  create: function (context) {
+  create(context) {
     return {
       CallExpression: function (node) {
         if (node.callee.name === 'require') {
@@ -31,7 +31,7 @@ module.exports = {
             args.length > 0 &&
             !isStaticExpression({
               node: args[0],
-              scope: context.getScope(),
+              scope: context.sourceCode.getScope(args[0]),
             })
           ) {
             return context.report({ node: node, message: 'Found non-literal argument in require' });

rules/detect-non-literal-require.js

@@ -61,7 +61,7 @@ module.exports = {
       url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-object-injection.md',
     },
   },
-  create: function (context) {
+  create(context) {
     return {
       MemberExpression: function (node) {
         if (node.computed === true) {

rules/detect-object-injection.js

@@ -32,7 +32,7 @@ module.exports = {
       url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-possible-timing-attacks.md',
     },
   },
-  create: function (context) {
+  create(context) {
     return {
       IfStatement: function (node) {
         if (node.test && node.test.type === 'BinaryExpression') {

rules/detect-possible-timing-attacks.js

@@ -19,7 +19,7 @@ module.exports = {
       url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-pseudoRandomBytes.md',
     },
   },
-  create: function (context) {
+  create(context) {
     return {
       MemberExpression: function (node) {
         if (node.property.name === 'pseudoRandomBytes') {

rules/detect-pseudoRandomBytes.js

@@ -25,7 +25,7 @@ module.exports = {
       url: 'https://github.com/eslint-community/eslint-plugin-security/blob/main/docs/rules/detect-unsafe-regex.md',
     },
   },
-  create: function (context) {
+  create(context) {
     return {
       Literal: function (node) {
         const token = context.getSourceCode().getTokens(node)[0];

rules/detect-unsafe-regex.js

@@ -1,12 +1,7 @@
 'use strict';
 
 const RuleTester = require('eslint').RuleTester;
-const tester = new RuleTester({
-  parserOptions: {
-    ecmaVersion: 6,
-    sourceType: 'module',
-  },
-});
+const tester = new RuleTester();
 
 const ruleName = 'detect-child-process';
 const rule = require(`../../rules/${ruleName}`);

test/rules/detect-child-process.js

@@ -1,12 +1,7 @@
 'use strict';
 
 const RuleTester = require('eslint').RuleTester;
-const tester = new RuleTester({
-  parserOptions: {
-    ecmaVersion: 13,
-    sourceType: 'module',
-  },
-});
+const tester = new RuleTester();
 
 const ruleName = 'detect-non-literal-fs-filename';
 
@@ -33,8 +28,10 @@ tester.run(ruleName, require(`../../rules/${ruleName}`), {
             const index = await fsp.readFile(path.resolve(__dirname, './index.html'), 'utf-8');
             const key = fs.readFileSync(path.join(__dirname, './ssl.key'));
             await fsp.writeFile(path.resolve(__dirname, './sitemap.xml'), sitemap);`,
-      globals: {
-        __dirname: 'readonly',
+      languageOptions: {
+        globals: {
+          __dirname: 'readonly',
+        },
       },
     },
     {
@@ -43,16 +40,20 @@ tester.run(ruleName, require(`../../rules/${ruleName}`), {
             import path from 'path';
             const dirname = path.dirname(__filename)
             const key = fs.readFileSync(path.resolve(dirname, './index.html'));`,
-      globals: {
-        __filename: 'readonly',
+      languageOptions: {
+        globals: {
+          __filename: 'readonly',
+        },
       },
     },
     {
       code: `
             import fs from 'fs';
             const key = fs.readFileSync(\`\${process.cwd()}/path/to/foo.json\`);`,
-      globals: {
-        process: 'readonly',
+      languageOptions: {
+        globals: {
+          process: 'readonly',
+        },
       },
     },
     `
@@ -65,8 +66,10 @@ tester.run(ruleName, require(`../../rules/${ruleName}`), {
       code: `
       import fs from 'fs';
       const pkg = fs.readFileSync(require.resolve('eslint/package.json'), 'utf-8');`,
-      globals: {
-        require: 'readonly',
+      languageOptions: {
+        globals: {
+          require: 'readonly',
+        },
       },
     },
   ],
@@ -191,8 +194,10 @@ tester.run(ruleName, require(`../../rules/${ruleName}`), {
             import fs from 'fs';
             import path from 'path';
             const key = fs.readFileSync(path.resolve(__dirname, foo));`,
-      globals: {
-        __filename: 'readonly',
+      languageOptions: {
+        globals: {
+          __filename: 'readonly',
+        },
       },
       errors: [{ message: 'Found readFileSync from package "fs" with non literal argument at index 0' }],
     },

test/rules/detect-non-literal-fs-filename.js

@@ -2,7 +2,7 @@
 
 const RuleTester = require('eslint').RuleTester;
 
-const tester = new RuleTester({ parserOptions: { ecmaVersion: 6 } });
+const tester = new RuleTester({ languageOptions: { sourceType: 'commonjs' } });
 
 const ruleName = 'detect-non-literal-require';
 
@@ -17,8 +17,10 @@ tester.run(ruleName, require(`../../rules/${ruleName}`), {
     },
     {
       code: "const utils = require(__dirname + '/utils');",
-      globals: {
-        __dirname: 'readonly',
+      languageOptions: {
+        globals: {
+          __dirname: 'readonly',
+        },
       },
     },
   ],

test/rules/detect-non-literal-require.js

@@ -8,7 +8,7 @@ const Linter = require('eslint').Linter;
 function getGetImportAccessPathResult(code) {
   const linter = new Linter();
   const result = [];
-  linter.defineRule('test-rule', {
+  const testRule = {
     create(context) {
       return {
         'Identifier[name = target]'(node) {
@@ -18,7 +18,7 @@ function getGetImportAccessPathResult(code) {
           }
           const info = getImportAccessPath({
             node: expr,
-            scope: context.getScope(),
+            scope: context.sourceCode.getScope(expr),
             packageNames: ['target', 'target-foo', 'target-bar'],
           });
           if (!info) return;
@@ -30,15 +30,18 @@ function getGetImportAccessPathResult(code) {
         },
       };
     },
-  });
+  };
 
   const linterResult = linter.verify(code, {
-    parserOptions: {
-      ecmaVersion: 6,
-      sourceType: 'module',
+    plugins: {
+      test: {
+        rules: {
+          'test-rule': testRule,
+        },
+      },
     },
     rules: {
-      'test-rule': 'error',
+      'test/test-rule': 'error',
     },
   });
   deepStrictEqual(linterResult, []);

test/utils/import-utils.js

@@ -12,35 +12,41 @@ const Linter = require('eslint').Linter;
 function getIsStaticExpressionResult(code) {
   const linter = new Linter();
   const result = [];
-  linter.defineRule('test-rule', {
+  const testRule = {
     create(context) {
       return {
         'CallExpression[callee.name = target]'(node) {
           result.push(
             ...node.arguments.map((expr) =>
               isStaticExpression({
                 node: expr,
-                scope: context.getScope(),
+                scope: context.sourceCode.getScope(expr),
               })
             )
           );
         },
       };
     },
-  });
+  };
 
   const linterResult = linter.verify(code, {
-    parserOptions: {
-      ecmaVersion: 11,
-      sourceType: 'module',
+    plugins: {
+      test: {
+        rules: {
+          'test-rule': testRule,
+        },
+      },
     },
-    globals: {
-      __dirname: 'readonly',
-      __filename: 'readonly',
-      require: 'readonly',
+    languageOptions: {
+      sourceType: 'module',
+      globals: {
+        __dirname: 'readonly',
+        __filename: 'readonly',
+        require: 'readonly',
+      },
     },
     rules: {
-      'test-rule': 'error',
+      'test/test-rule': 'error',
     },
   });
   deepStrictEqual(linterResult, []);