MapComplete/test/CodeQuality.spec.ts

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

159 lines
5.1 KiB
TypeScript
Raw Normal View History

2022-03-15 01:42:38 +01:00
import { exec } from "child_process"
import { describe, expect, it, test } from "vitest"
import { webcrypto } from "node:crypto"
import { parse as parse_html } from "node-html-parser"
import { readFileSync } from "fs"
import ScriptUtils from "../scripts/ScriptUtils"
2024-01-07 17:59:10 +01:00
function detectInCode(forbidden: string, reason: string) {
return wrap(detectInCodeUnwrapped(forbidden, reason))
}
2024-01-07 17:59:10 +01:00
2022-03-15 01:42:38 +01:00
/**
*
2024-01-07 17:59:10 +01:00
* @param forbidden a GREP-regex. This means that '.' is a wildcard and should be escaped to match a literal dot
2022-03-15 01:42:38 +01:00
* @param reason
* @private
*/
function detectInCodeUnwrapped(forbidden: string, reason: string): Promise<void> {
return new Promise<void>((done) => {
const excludedDirs = [
".git",
"node_modules",
"dist",
".cache",
".parcel-cache",
"assets",
"vendor",
".idea/",
]
2022-03-15 01:42:38 +01:00
const command =
'grep -n "' +
forbidden +
'" -r . ' +
excludedDirs.map((d) => "--exclude-dir=" + d).join(" ")
console.log(command)
exec(command, (error, stdout, stderr) => {
if (error?.message?.startsWith("Command failed: grep")) {
console.warn("Command failed!", error)
throw error
}
if (error !== null) {
throw error
}
if (stderr !== "") {
throw stderr
}
2022-03-15 01:42:38 +01:00
const found = stdout
.split("\n")
.filter((s) => s !== "")
.filter((s) => !s.startsWith("./test/"))
if (found.length > 0) {
const msg = `Found a '${forbidden}' at \n ${found.join("\n ")}.\n ${reason}`
console.error(msg)
console.error(found.length, "issues found")
throw msg
2022-09-08 21:40:48 +02:00
}
})
})
}
2023-06-01 14:32:45 +02:00
function wrap(promise: Promise<void>): (done: () => void) => void {
return (done) => {
promise.then(done)
2023-06-01 14:32:45 +02:00
}
}
2024-01-07 17:59:10 +01:00
function _arrayBufferToBase64(buffer) {
var binary = ""
var bytes = new Uint8Array(buffer)
var len = bytes.byteLength
for (var i = 0; i < len; i++) {
binary += String.fromCharCode(bytes[i])
}
return btoa(binary)
}
2024-01-07 17:59:10 +01:00
async function validateScriptIntegrityOf(path: string): Promise<void> {
const htmlContents = readFileSync(path, "utf8")
const doc = parse_html(htmlContents)
// @ts-ignore
const scripts = Array.from(doc.getElementsByTagName("script"))
for (const script of scripts) {
let src = script.getAttribute("src")
if (src === undefined) {
continue
}
if (src.startsWith("./")) {
// Local script - no check needed
continue
}
const integrity = script.getAttribute("integrity")
const ctx = "Script with source " + src + " in file " + path
if (integrity === undefined) {
throw new Error(ctx + " has no integrity value")
}
const crossorigin = script.getAttribute("crossorigin")
if (crossorigin !== "anonymous") {
throw new Error(ctx + " has crossorigin missing or not set to 'anonymous'")
}
if (src.startsWith("//")) {
src = "https:" + src
}
2024-01-07 17:59:10 +01:00
// Using 'scriptUtils' actually fetches data from the internet, it is not prohibited by the testHooks
const data: string = (await ScriptUtils.Download(src))["content"]
const hashed = await webcrypto.subtle.digest("SHA-384", new TextEncoder().encode(data))
const hashedStr = _arrayBufferToBase64(hashed)
console.log(src, hashedStr, integrity)
expect(integrity).to.equal(
"sha384-" + hashedStr,
"Loading a script from '" + src + "' in the file " + path + " has a mismatched checksum"
)
}
}
2022-03-15 01:42:38 +01:00
describe("Code quality", () => {
it(
"should not contain reverse",
2022-03-15 01:42:38 +01:00
detectInCode(
"reverse()",
"Reverse is stateful and changes the source list. This often causes subtle bugs"
)
)
2022-03-15 01:42:38 +01:00
it(
"should not contain 'constructor.name'",
2022-03-15 01:42:38 +01:00
detectInCode("constructor\\.name", "This is not allowed, as minification does erase names.")
)
it(
"should not contain 'innerText'",
detectInCode(
"innerText",
"innerText is not allowed as it is not testable with fakeDom. Use 'textContent' instead."
)
)
test("scripts with external sources should have an integrity hash", async () => {
const htmlFiles = ScriptUtils.readDirRecSync(".", 1).filter((f) => f.endsWith(".html"))
for (const htmlFile of htmlFiles) {
await validateScriptIntegrityOf(htmlFile)
}
})
/*
itAsync(
"should not contain 'import * as name from \"xyz.json\"'",
detectInCode(
'import \\* as [a-zA-Z0-9_]\\+ from \\"[.-_/a-zA-Z0-9]\\+\\.json\\"',
"With vite, json files have a default export. Use import name from file.json instead"
)
)
2023-05-24 02:21:14 +02:00
/*
itAsync(
"should not contain '[\"default\"]'",
detectInCode('\\[\\"default\\"\\]', "Possible leftover of faulty default import")
)*/
2022-03-15 01:42:38 +01:00
})