search

eslint-community / eslint-plugin-security

ESLint rules for Node Security
Apache License 2.0
2.22k stars 109 forks source link

Bug: `security/detect-non-literal-regexp` should ignore `escapeStringRegexp()` #123

Closed loynoir closed 1 year ago

loynoir commented 1 year ago

What version of eslint-plugin-security are you using?

1.7.1

ESLint Environment

Node version: npm version: Local ESLint version: 8.40.0 Global ESLint version: Operating System:

What parser are you using?

@typescript-eslint/parser

What did you do?

Configuration ``` ``` 
const foobar = 'foobar'
const reproduce = new RegExp(`some_other_pattern_${escapeStringRegexp(foobar)}_some_other_pattern`)
void reproduce

What did you expect to happen?

By default, ignore escapeStringRegexp() https://www.npmjs.com/package/escape-string-regexp

Or add options, 

      "security/detect-non-literal-regexp": [
        "warn",
        {
          "escaper": [
            "escapeStringRegexp"
          ]
        }
      ],

What actually happened?

Linter warning

Participation

Additional comments

No response

nzakas commented 1 year ago

I'm sorry, this is too specific of an exception to add as a general option for this rule. You're better off using a disable comment for this.