Feat: add no-prototype-builtins and use NAME_REF for Expr

docs/rules/errors/README.md

@@ -23,6 +23,7 @@ unexpected behavior.
 | [no-extra-semi](./no-extra-semi.md) | Disallow unneeded semicolons. |
 | [no-inner-declarations](./no-inner-declarations.md) | Disallow variable and function declarations in nested blocks. |
 | [no-irregular-whitespace](./no-irregular-whitespace.md) | Disallow weird/irregular whitespace. |
+| [no-prototype-builtins](./no-prototype-builtins.md) | Disallow direct use of `Object.prototype` builtins directly. |
 | [no-unsafe-finally](./no-unsafe-finally.md) | Forbid the use of unsafe control flow statements in try and catch blocks. |
 | [no-unsafe-negation](./no-unsafe-negation.md) | Deny the use of `!` on the left hand side of an `instanceof` or `in` expression where it is ambiguous. |
 

docs/rules/errors/no-irregular-whitespace.md

@@ -55,206 +55,206 @@ This rule disallows the following whitespace:
  <summary> More incorrect examples </summary>
 
 ```js
-var any \u{000B} = 'thing';
+var any  = 'thing';
 ```
 
 ```js
-var any \u{000C} = 'thing';
+var any  = 'thing';
 ```
 
 ```js
-var any \u{00A0} = 'thing';
+var any   = 'thing';
 ```
 
 ```js
-var any \u{feff} = 'thing';
+var any  = 'thing';
 ```
 
 ```js
-var any \u{2000} = 'thing';
+var any   = 'thing';
 ```
 
 ```js
-var any \u{2001} = 'thing';
+var any   = 'thing';
 ```
 
 ```js
-var any \u{2002} = 'thing';
+var any   = 'thing';
 ```
 
 ```js
-var any \u{2003} = 'thing';
+var any   = 'thing';
 ```
 
 ```js
-var any \u{2004} = 'thing';
+var any   = 'thing';
 ```
 
 ```js
-var any \u{2005} = 'thing';
+var any   = 'thing';
 ```
 
 ```js
-var any \u{2006} = 'thing';
+var any   = 'thing';
 ```
 
 ```js
-var any \u{2007} = 'thing';
+var any   = 'thing';
 ```
 
 ```js
-var any \u{2008} = 'thing';
+var any   = 'thing';
 ```
 
 ```js
-var any \u{2009} = 'thing';
+var any   = 'thing';
 ```
 
 ```js
-var any \u{200A} = 'thing';
+var any   = 'thing';
 ```
 
 ```js
-var any \u{2028} = 'thing';
+var any 
 = 'thing';
 ```
 
 ```js
-var any \u{2029} = 'thing';
+var any 
 = 'thing';
 ```
 
 ```js
-var any \u{202F} = 'thing';
+var any   = 'thing';
 ```
 
 ```js
-var any \u{205f} = 'thing';
+var any   = 'thing';
 ```
 
 ```js
-var any \u{3000} = 'thing';
+var any 　 = 'thing';
 ```
 </details><br>
 <details>
  <summary> More correct examples </summary>
 
 ```js
-'\\u{000B}';
+'\u{000B}';
 ```
 
 ```js
-'\\u{000C}';
+'\u{000C}';
 ```
 
 ```js
-'\\u{0085}';
+'\u{0085}';
 ```
 
 ```js
-'\\u{00A0}';
+'\u{00A0}';
 ```
 
 ```js
-'\\u{180E}';
+'\u{180E}';
 ```
 
 ```js
-'\\u{feff}';
+'\u{feff}';
 ```
 
 ```js
-'\\u{2000}';
+'\u{2000}';
 ```
 
 ```js
-'\\u{2001}';
+'\u{2001}';
 ```
 
 ```js
-'\\u{2002}';
+'\u{2002}';
 ```
 
 ```js
-'\\u{2003}';
+'\u{2003}';
 ```
 
 ```js
-'\\u{2004}';
+'\u{2004}';
 ```
 
 ```js
-'\\u{2005}';
+'\u{2005}';
 ```
 
 ```js
-'\\u{2006}';
+'\u{2006}';
 ```
 
 ```js
-'\\u{2007}';
+'\u{2007}';
 ```
 
 ```js
-'\\u{2008}';
+'\u{2008}';
 ```
 
 ```js
-'\\u{2009}';
+'\u{2009}';
 ```
 
 ```js
-'\\u{200A}';
+'\u{200A}';
 ```
 
 ```js
-'\\u{200B}';
+'\u{200B}';
 ```
 
 ```js
-'\\u{2028}';
+'\u{2028}';
 ```
 
 ```js
-'\\u{2029}';
+'\u{2029}';
 ```
 
 ```js
-'\\u{202F}';
+'\u{202F}';
 ```
 
 ```js
-'\\u{205f}';
+'\u{205f}';
 ```
 
 ```js
-'\\u{3000}';
+'\u{3000}';
 ```
 
 ```js
-'\u{000B}';
+'';
 ```
 
 ```js
-'\u{000C}';
+'';
 ```
 
 ```js
-'\u{0085}';
+'…';
 ```
 
 ```js
-'\u{00A0}';
+' ';
 ```
 
 ```js
-'\u{180E}';
+'᠎';
 ```
 
 ```js
-'\u{feff}';
+'';
 ```
 
 ```js
-'\u{2000}';
+' ';
 ```
 </details>
 

docs/rules/errors/no-prototype-builtins.md

@@ -0,0 +1,119 @@
+<!--
+ generated docs file, do not edit by hand, see xtask/docgen 
+-->
+# no-prototype-builtins
+
+Disallow direct use of `Object.prototype` builtins directly.
+
+ES 5.1 added `Object.create` which allows creation of object with a custom prototype. This
+pattern is frequently used for objects used as Maps. However this pattern can lead to errors
+if something else relies on prototype properties/methods. 
+
+Moreover, the methods could be shadowed, this can lead to random bugs and denial of service
+vulnerabilities. For example, calling `hasOwnProperty` directly on parsed json could lead to vulnerabilities.
+Instead, you should use get the method directly from the object using `Object.prototype.prop.call(item, args)`.
+
+## Invalid Code Examples 
+
+```js
+var bar = foo.hasOwnProperty("bar");
+
+var bar = foo.isPrototypeOf(bar);
+
+var bar = foo.propertyIsEnumerable("bar");
+```
+
+## Correct Code Examples 
+
+```js
+var bar = Object.prototype.hasOwnProperty.call(foo, "bar");
+
+var bar = Object.prototype.isPrototypeOf.call(foo, bar);
+
+var bar = Object.propertyIsEnumerable.call(foo, "bar");
+```
+
+<details>
+ <summary> More incorrect examples </summary>
+
+```js
+foo.hasOwnProperty("bar");
+```
+
+```js
+foo.isPrototypeOf("bar");
+```
+
+```js
+foo.propertyIsEnumberable("bar");
+```
+
+```js
+foo.bar.baz.hasOwnProperty("bar");
+```
+</details><br>
+<details>
+ <summary> More correct examples </summary>
+
+```js
+Object.prototype.hasOwnProperty.call(foo, 'bar');
+```
+
+```js
+Object.prototype.isPrototypeOf.call(foo, 'bar');
+```
+
+```js
+Object.prototype.propertyIsEnumberable.call(foo, 'bar');
+```
+
+```js
+Object.prototype.hasOwnProperty.apply(foo, ['bar']);
+```
+
+```js
+Object.prototype.isPrototypeOf.apply(foo, ['bar']);
+```
+
+```js
+Object.prototype.propertyIsEnumberable.apply(foo, ['bar']);
+```
+
+```js
+hasOwnProperty(foo, 'bar');
+```
+
+```js
+isPrototypeOf(foo, 'bar');
+```
+
+```js
+propertyIsEnumberable(foo, 'bar');
+```
+
+```js
+({}.hasOwnProperty.call(foo, 'bar'));
+```
+
+```js
+({}.isPrototypeOf.call(foo, 'bar'));
+```
+
+```js
+({}.propertyIsEnumberable.call(foo, 'bar'));
+```
+
+```js
+({}.hasOwnProperty.apply(foo, ['bar']));
+```
+
+```js
+({}.isPrototypeOf.apply(foo, ['bar']));
+```
+
+```js
+({}.propertyIsEnumberable.apply(foo, ['bar']));
+```
+</details>
+
+[Source](../../../rslint_core/src/groups/errors/no_prototype_builtins.rs)