2022-09-08 21:40:48 +02:00
|
|
|
import { exec } from "child_process"
|
2023-02-03 04:48:32 +01:00
|
|
|
import { describe, it } from "vitest"
|
2022-03-15 01:42:38 +01:00
|
|
|
|
2023-08-23 12:50:20 +02:00
|
|
|
import { parse as parse_html } from "node-html-parser"
|
|
|
|
import { readFileSync } from "fs"
|
|
|
|
import ScriptUtils from "../scripts/ScriptUtils"
|
|
|
|
|
2022-03-15 01:42:38 +01:00
|
|
|
/**
|
|
|
|
*
|
|
|
|
* @param forbidden: a GREP-regex. This means that '.' is a wildcard and should be escaped to match a literal dot
|
|
|
|
* @param reason
|
|
|
|
* @private
|
|
|
|
*/
|
2023-05-16 01:34:57 +02:00
|
|
|
function detectInCode(forbidden: string, reason: string): Promise<void> {
|
|
|
|
return new Promise<void>((done) => {
|
2023-02-08 01:14:21 +01:00
|
|
|
const excludedDirs = [
|
|
|
|
".git",
|
|
|
|
"node_modules",
|
|
|
|
"dist",
|
|
|
|
".cache",
|
|
|
|
".parcel-cache",
|
|
|
|
"assets",
|
|
|
|
"vendor",
|
|
|
|
".idea/",
|
|
|
|
]
|
2022-03-15 01:42:38 +01:00
|
|
|
|
2023-02-08 01:14:21 +01:00
|
|
|
exec(
|
|
|
|
'grep -n "' +
|
|
|
|
forbidden +
|
|
|
|
'" -r . ' +
|
|
|
|
excludedDirs.map((d) => "--exclude-dir=" + d).join(" "),
|
|
|
|
(error, stdout, stderr) => {
|
|
|
|
if (error?.message?.startsWith("Command failed: grep")) {
|
|
|
|
console.warn("Command failed!", error)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if (error !== null) {
|
|
|
|
throw error
|
|
|
|
}
|
|
|
|
if (stderr !== "") {
|
|
|
|
throw stderr
|
|
|
|
}
|
2022-03-15 01:42:38 +01:00
|
|
|
|
2023-02-08 01:14:21 +01:00
|
|
|
const found = stdout
|
|
|
|
.split("\n")
|
|
|
|
.filter((s) => s !== "")
|
|
|
|
.filter((s) => !s.startsWith("./test/"))
|
|
|
|
if (found.length > 0) {
|
|
|
|
const msg = `Found a '${forbidden}' at \n ${found.join(
|
|
|
|
"\n "
|
|
|
|
)}.\n ${reason}`
|
|
|
|
console.error(msg)
|
|
|
|
console.error(found.length, "issues found")
|
|
|
|
throw msg
|
|
|
|
}
|
2022-09-08 21:40:48 +02:00
|
|
|
}
|
2023-02-08 01:14:21 +01:00
|
|
|
)
|
2023-05-16 01:34:57 +02:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2023-06-01 14:32:45 +02:00
|
|
|
function wrap(promise: Promise<void>): (done: () => void) => void {
|
|
|
|
return (done) => {
|
2023-05-16 01:34:57 +02:00
|
|
|
promise.then(done)
|
2023-06-01 14:32:45 +02:00
|
|
|
}
|
2023-05-16 01:34:57 +02:00
|
|
|
}
|
|
|
|
|
2023-06-01 14:32:45 +02:00
|
|
|
function itAsync(name: string, promise: Promise<void>) {
|
2023-05-16 01:34:57 +02:00
|
|
|
it(name, wrap(promise))
|
2022-03-15 01:42:38 +01:00
|
|
|
}
|
|
|
|
|
2023-08-23 12:50:20 +02:00
|
|
|
function validateScriptIntegrityOf(path: string) {
|
|
|
|
const htmlContents = readFileSync(path, "utf8")
|
|
|
|
const doc = parse_html(htmlContents)
|
|
|
|
// @ts-ignore
|
|
|
|
const scripts = Array.from(doc.getElementsByTagName("script"))
|
|
|
|
for (const script of scripts) {
|
|
|
|
const src = script.getAttribute("src")
|
|
|
|
if (src === undefined) {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
if (src.startsWith("./")) {
|
|
|
|
// Local script - no check needed
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
const integrity = script.getAttribute("integrity")
|
|
|
|
const ctx = "Script with source " + src + " in file " + path
|
|
|
|
if (integrity === undefined) {
|
|
|
|
throw new Error(ctx + " has no integrity value")
|
|
|
|
}
|
|
|
|
const crossorigin = script.getAttribute("crossorigin")
|
|
|
|
if (crossorigin !== "anonymous") {
|
|
|
|
throw new Error(ctx + " has crossorigin missing or not set to 'anonymous'")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-03-15 01:42:38 +01:00
|
|
|
describe("Code quality", () => {
|
2023-05-16 01:34:57 +02:00
|
|
|
itAsync(
|
2023-02-08 01:14:21 +01:00
|
|
|
"should not contain reverse",
|
2022-09-08 21:40:48 +02:00
|
|
|
detectInCode(
|
|
|
|
"reverse()",
|
|
|
|
"Reverse is stateful and changes the source list. This often causes subtle bugs"
|
|
|
|
)
|
2023-02-08 01:14:21 +01:00
|
|
|
)
|
2022-03-15 01:42:38 +01:00
|
|
|
|
2023-05-16 01:34:57 +02:00
|
|
|
itAsync(
|
2023-02-08 01:14:21 +01:00
|
|
|
"should not contain 'constructor.name'",
|
2022-03-15 01:42:38 +01:00
|
|
|
detectInCode("constructor\\.name", "This is not allowed, as minification does erase names.")
|
2023-02-08 01:14:21 +01:00
|
|
|
)
|
2022-06-28 03:21:18 +02:00
|
|
|
|
2023-05-16 01:34:57 +02:00
|
|
|
itAsync(
|
2023-02-08 01:14:21 +01:00
|
|
|
"should not contain 'innerText'",
|
2022-09-08 21:40:48 +02:00
|
|
|
detectInCode(
|
|
|
|
"innerText",
|
|
|
|
"innerText is not allowed as it is not testable with fakeDom. Use 'textContent' instead."
|
|
|
|
)
|
2023-02-08 01:14:21 +01:00
|
|
|
)
|
2023-08-23 12:50:20 +02:00
|
|
|
|
|
|
|
it("scripts with external sources should have an integrity hash", () => {
|
|
|
|
const htmlFiles = ScriptUtils.readDirRecSync(".", 1).filter((f) => f.endsWith(".html"))
|
|
|
|
for (const htmlFile of htmlFiles) {
|
|
|
|
validateScriptIntegrityOf(htmlFile)
|
|
|
|
}
|
|
|
|
})
|
2023-06-14 20:39:36 +02:00
|
|
|
/*
|
2023-08-23 12:50:20 +02:00
|
|
|
itAsync(
|
|
|
|
"should not contain 'import * as name from \"xyz.json\"'",
|
|
|
|
detectInCode(
|
|
|
|
'import \\* as [a-zA-Z0-9_]\\+ from \\"[.-_/a-zA-Z0-9]\\+\\.json\\"',
|
|
|
|
"With vite, json files have a default export. Use import name from file.json instead"
|
|
|
|
)
|
|
|
|
)
|
2023-05-24 02:21:14 +02:00
|
|
|
/*
|
2023-08-23 12:50:20 +02:00
|
|
|
itAsync(
|
|
|
|
"should not contain '[\"default\"]'",
|
|
|
|
detectInCode('\\[\\"default\\"\\]', "Possible leftover of faulty default import")
|
|
|
|
)*/
|
2022-03-15 01:42:38 +01:00
|
|
|
})
|