Add adjusted test and new auto fixer for 'no-insecure-url'

[moztomer]

Goal of this patch

• introducing a --fix option for no-insecure-url (only for http:// but could be extended to fix also ftp and ws)
• introducing an exception list for vairable names

Changes

• removed one duplicate in DEFAUL_EXCEPTIONS
• lines for --fix option:
  There are two fixers. The first for the Literals is escaping the string, replaces http by https and write it back in the related line.

   fix(fixer) {
      // Only fix if it contains an http url
      if (node.value.toLowerCase().includes("http")) {
        let fixedString = node.value.replace(/http:/i, "https:");
        //insert an "s" before ":/" to change http:/ to https:/
        return fixer.replaceText(node, JSON.stringify(fixedString));
      }
    },

The second one is for TemplateElements. It escapes the string, then removes the "" that JSON.stringify created, replace http by https in the correct manner (in backticks) and write it back into the related line.

 fix(fixer) {
  // Only fix if it contains an http url
  if (node.value.raw.toLowerCase().includes("http")) {
      let escapedString =  JSON.stringify(context.getSourceCode().getText(node));
      // delete "" that JSON.stringify created and convert to `` string
      escapedString = ``+ escapedString.substring(1, escapedString.length-1);
      let fixedString = escapedString.replace(/http:/i, "https:");
      //insert an "s" before ":/" to change http:/ to https:/
      return fixer.replaceText(node, fixedString);
    }
  }

• introduce shoudlFix() function

        function shouldFix( varExceptions,context, node) {
          let sourceCode = context.getSourceCode();
          // check variable for unfixable pattern e.g. `var insecureURL = "http://..."`
          let text = node.parent
            ? sourceCode.getText(node.parent)
            : sourceCode.getText(node);
          // if no match, fix the line
          return !matches(varExceptions,text);
        }

which checks if a line should get exempted from linter because it includes a variable name that shouldn't get upgraded.

• added test for auto-fixer (string escaping, backtick strings and both combined)
• added output: to each test that gets affected by auto-fixer
• added test for the new introduced variable exception list for variables
• adjusted README file of no-insecure-url to include new exception list

[moztomer]

@A-Katopodis @Vflouirac Hi folks,
Do you think you could benefit from a --fix option for your no-insecure-url rule? :)

[moztomer]

@A-Katopodis @Vflouirac
Is there interest from your side in such a patch? :)

[mozfreddyb]

@Vflouirac This pull request was approved many months ago. Any chance this can land? @moztomer and I are in scope of the existing CLA between Mozilla and Microsoft (and the check passed!).

[Vflouirac]

Hello Frederik, Sorry for the delay. It just went through. Best regards, Vivien

…

________________________________ From: Frederik Braun ***@***.***> Sent: Monday, June 12, 2023 9:18 AM To: microsoft/eslint-plugin-sdl ***@***.***> Cc: Vivien Flouirac ***@***.***>; Mention ***@***.***> Subject: Re: [microsoft/eslint-plugin-sdl] Add adjusted test and new auto fixer for 'no-insecure-url' (PR #39) @Vflouirac<https://github.com/Vflouirac> This pull request was approved many months ago. Any chance this can land? @moztomer<https://github.com/moztomer> and I are in scope of the existing CLA between Mozilla and Microsoft (and the check passed!). — Reply to this email directly, view it on GitHub<#39 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AT4JUUF5EFUVVX5L3KUSFE3XK27GBANCNFSM54LLIC3A>. You are receiving this because you were mentioned.Message ID: ***@***.***>