eslint-plugin-import icon indicating copy to clipboard operation
eslint-plugin-import copied to clipboard

Published 20 hours ago verified publisher icon import-js

An access problem in eslint-module-utils/resolve.js

Open lerayne opened this issue 2 years ago • 5 comments

Hi!

recently ran into an access issue when working with eslint-plugin-import and found this problem:

the file is in the dependency eslint-module-utils which seem to not have it's own repo but is linked to this project

The file is resolve.js

here to check if a directory exists the code tries to access a list of files in its parent dir and then find parsedPath.base in received list. This makes an issue when script executor doesn't have access to the directory above

const parsedPath = path.parse(filepath);
const dir = parsedPath.dir;

let result = fileExistsCache.get(filepath, cacheSettings);
if (result != null) return result;

// base case
if (dir === '' || parsedPath.root === filepath) {
  result = true;
} else {
  const filenames = fs.readdirSync(dir);
  if (filenames.indexOf(parsedPath.base) === -1) {
    result = false;
  } else {
    result = fileExistsWithCaseSync(dir, cacheSettings, strict);
  }
}

The same functionality can be implemented this way:

if (dir === '' || parsedPath.root === filepath) {
  result = true;
} else {
  if (!fs.existsSync(path.join(dir, parsedPath.base))) {
    result = false;
  } else {
    result = fileExistsWithCaseSync(dir, cacheSettings, strict);
  }
}

lerayne avatar Apr 12 '22 17:04 lerayne

I'd be happy to review a PR with a failing test case, perhaps also with your suggested fix.

However, it's exceedingly rare and bizarre to have a state where you don't have full access to "the entire project". Can you elaborate on that?

ljharb avatar Apr 12 '22 17:04 ljharb

The problem was not with the access to "entire project". In my case it was trying to access {my/projects/root}/{projectName} first and in that case "dir" variable was "my/projects/root" and "base" was "projectName", so it was trying to get list of "my/projects/root"

lerayne avatar Apr 12 '22 17:04 lerayne

Gotcha. That still seems weird to me - that you'd be unable to access every ancestor of a dir you have access to - but I understand it can happen.

I look forward to reviewing a PR.

ljharb avatar Apr 12 '22 18:04 ljharb

Thanks! Though I couldn't find the actual file in eslint-plugin-import so I can't file a real PR

lerayne avatar Apr 12 '22 19:04 lerayne

https://github.com/import-js/eslint-plugin-import/blob/main/utils/resolve.js

ljharb avatar Apr 12 '22 20:04 ljharb