Sign upLogin

radare/radare2-webui

View on GitHub
Star
www/enyo/js/main.js

Summary

Maintainability
A
2 hrs
Test Coverage

eval can be harmful.
Open

                    eval(cmd + ';');
Severity: Minor
Found in www/enyo/js/main.js by eslint

Disallow eval() (no-eval)

JavaScript's eval() function is potentially dangerous and is often misused. Using eval() on untrusted code can open a program up to several different injection attacks. The use of eval() in most contexts can be substituted for a better, alternative approach to a problem.

var obj = { x: "foo" },
    key = "x",
    value = eval("obj." + key);

Rule Details

This rule is aimed at preventing potentially dangerous, unnecessary, and slow code by disallowing the use of the eval() function. As such, it will warn whenever the eval() function is used.

Examples of incorrect code for this rule:

/*eslint no-eval: "error"*/

var obj = { x: "foo" },
    key = "x",
    value = eval("obj." + key);

(0, eval)("var a = 0");

var foo = eval;
foo("var a = 0");

// This `this` is the global object.
this.eval("var a = 0");

Example of additional incorrect code for this rule when browser environment is set to true:

/*eslint no-eval: "error"*/
/*eslint-env browser*/

window.eval("var a = 0");

Example of additional incorrect code for this rule when node environment is set to true:

/*eslint no-eval: "error"*/
/*eslint-env node*/

global.eval("var a = 0");

Examples of correct code for this rule:

/*eslint no-eval: "error"*/
/*eslint-env es6*/

var obj = { x: "foo" },
    key = "x",
    value = obj[key];

class A {
    foo() {
        // This is a user-defined method.
        this.eval("var a = 0");
    }

    eval() {
    }
}

Options

This rule has an option to allow indirect calls to eval. Indirect calls to eval are less dangerous than direct calls to eval because they cannot dynamically change the scope. Because of this, they also will not negatively impact performance to the degree of direct eval.

{
    "no-eval": ["error", {"allowIndirect": true}] // default is false
}

Example of incorrect code for this rule with the {"allowIndirect": true} option:

/*eslint no-eval: "error"*/

var obj = { x: "foo" },
    key = "x",
    value = eval("obj." + key);

Examples of correct code for this rule with the {"allowIndirect": true} option:

/*eslint no-eval: "error"*/

(0, eval)("var a = 0");

var foo = eval;
foo("var a = 0");

this.eval("var a = 0");
/*eslint no-eval: "error"*/
/*eslint-env browser*/

window.eval("var a = 0");
/*eslint no-eval: "error"*/
/*eslint-env node*/

global.eval("var a = 0");

Known Limitations

  • This rule is warning every eval() even if the eval is not global's. This behavior is in order to detect calls of direct eval. Such as:
module.exports = function(eval) {
      // If the value of this `eval` is built-in `eval` function, this is a
      // call of direct `eval`.
      eval("var a = 0");
  };
  • This rule cannot catch renaming the global object. Such as:
var foo = window;
  foo.eval("var a = 0");

Further Reading

Related Rules

eval can be harmful.
Open

                        eval(cmd + ';');
Severity: Minor
Found in www/enyo/js/main.js by eslint

Disallow eval() (no-eval)

JavaScript's eval() function is potentially dangerous and is often misused. Using eval() on untrusted code can open a program up to several different injection attacks. The use of eval() in most contexts can be substituted for a better, alternative approach to a problem.

var obj = { x: "foo" },
    key = "x",
    value = eval("obj." + key);

Rule Details

This rule is aimed at preventing potentially dangerous, unnecessary, and slow code by disallowing the use of the eval() function. As such, it will warn whenever the eval() function is used.

Examples of incorrect code for this rule:

/*eslint no-eval: "error"*/

var obj = { x: "foo" },
    key = "x",
    value = eval("obj." + key);

(0, eval)("var a = 0");

var foo = eval;
foo("var a = 0");

// This `this` is the global object.
this.eval("var a = 0");

Example of additional incorrect code for this rule when browser environment is set to true:

/*eslint no-eval: "error"*/
/*eslint-env browser*/

window.eval("var a = 0");

Example of additional incorrect code for this rule when node environment is set to true:

/*eslint no-eval: "error"*/
/*eslint-env node*/

global.eval("var a = 0");

Examples of correct code for this rule:

/*eslint no-eval: "error"*/
/*eslint-env es6*/

var obj = { x: "foo" },
    key = "x",
    value = obj[key];

class A {
    foo() {
        // This is a user-defined method.
        this.eval("var a = 0");
    }

    eval() {
    }
}

Options

This rule has an option to allow indirect calls to eval. Indirect calls to eval are less dangerous than direct calls to eval because they cannot dynamically change the scope. Because of this, they also will not negatively impact performance to the degree of direct eval.

{
    "no-eval": ["error", {"allowIndirect": true}] // default is false
}

Example of incorrect code for this rule with the {"allowIndirect": true} option:

/*eslint no-eval: "error"*/

var obj = { x: "foo" },
    key = "x",
    value = eval("obj." + key);

Examples of correct code for this rule with the {"allowIndirect": true} option:

/*eslint no-eval: "error"*/

(0, eval)("var a = 0");

var foo = eval;
foo("var a = 0");

this.eval("var a = 0");
/*eslint no-eval: "error"*/
/*eslint-env browser*/

window.eval("var a = 0");
/*eslint no-eval: "error"*/
/*eslint-env node*/

global.eval("var a = 0");

Known Limitations

  • This rule is warning every eval() even if the eval is not global's. This behavior is in order to detect calls of direct eval. Such as:
module.exports = function(eval) {
      // If the value of this `eval` is built-in `eval` function, this is a
      // call of direct `eval`.
      eval("var a = 0");
  };
  • This rule cannot catch renaming the global object. Such as:
var foo = window;
  foo.eval("var a = 0");

Further Reading

Related Rules

Function handleKeyPress has a Cognitive Complexity of 14 (exceeds 5 allowed). Consider refactoring.
Open

    handleKeyPress: function(inSender, inEvent) {
        for (var key in Config.keys) {
            if (key.substring(0, 2) == 'C-') {
                if (inEvent.ctrlKey) {
                    var k = key.substring(2).charCodeAt(0);
Severity: Minor
Found in www/enyo/js/main.js - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Function create has 27 lines of code (exceeds 25 allowed). Consider refactoring.
Open

    create: function() {
            r2.load_settings();
            this.inherited(arguments);
            var data = [
                { name: 'Disassembler', active: true },
Severity: Minor
Found in www/enyo/js/main.js - About 1 hr to fix

    Expected '===' and instead saw '=='.
    Open

                    if (inEvent.charCode == k) {
    Severity: Minor
    Found in www/enyo/js/main.js by eslint

    Require === and !== (eqeqeq)

    It is considered good practice to use the type-safe equality operators === and !== instead of their regular counterparts == and !=.

    The reason for this is that == and != do type coercion which follows the rather obscure Abstract Equality Comparison Algorithm. For instance, the following statements are all considered true:

    • [] == false
    • [] == ![]
    • 3 == "03"

    If one of those occurs in an innocent-looking statement such as a == b the actual problem is very difficult to spot.

    Rule Details

    This rule is aimed at eliminating the type-unsafe equality operators.

    Examples of incorrect code for this rule:

    /*eslint eqeqeq: "error"*/

if (x == 42) { }

if ("" == text) { }

if (obj.getStuff() != undefined) { }

    The --fix option on the command line automatically fixes some problems reported by this rule. A problem is only fixed if one of the operands is a typeof expression, or if both operands are literals with the same type.

    Options

    always

    The "always" option (default) enforces the use of === and !== in every situation (except when you opt-in to more specific handling of null [see below]).

    Examples of incorrect code for the "always" option:

    /*eslint eqeqeq: ["error", "always"]*/

a == b
foo == true
bananas != 1
value == undefined
typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == null

    Examples of correct code for the "always" option:

    /*eslint eqeqeq: ["error", "always"]*/

a === b
foo === true
bananas !== 1
value === undefined
typeof foo === 'undefined'
'hello' !== 'world'
0 === 0
true === true
foo === null

    This rule optionally takes a second argument, which should be an object with the following supported properties:

    • "null": Customize how this rule treats null literals. Possible values:
      • always (default) - Always use === or !==.
      • never - Never use === or !== with null.
      • ignore - Do not apply this rule to null.

    smart

    The "smart" option enforces the use of === and !== except for these cases:

    • Comparing two literal values
    • Evaluating the value of typeof
    • Comparing against null

    Examples of incorrect code for the "smart" option:

    /*eslint eqeqeq: ["error", "smart"]*/

// comparing two variables requires ===
a == b

// only one side is a literal
foo == true
bananas != 1

// comparing to undefined requires ===
value == undefined

    Examples of correct code for the "smart" option:

    /*eslint eqeqeq: ["error", "smart"]*/

typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == null

    allow-null

    Deprecated: Instead of using this option use "always" and pass a "null" option property with value "ignore". This will tell eslint to always enforce strict equality except when comparing with the null literal.

    ["error", "always", {"null": "ignore"}]

    When Not To Use It

    If you don't want to enforce a style for using equality operators, then it's safe to disable this rule. Source: http://eslint.org/docs/rules/

    'cmd' is already defined.
    Open

                        var cmd = Config.keys[key];
    Severity: Minor
    Found in www/enyo/js/main.js by eslint

    disallow variable redeclaration (no-redeclare)

    In JavaScript, it's possible to redeclare the same variable name using var. This can lead to confusion as to where the variable is actually declared and initialized.

    Rule Details

    This rule is aimed at eliminating variables that have multiple declarations in the same scope.

    Examples of incorrect code for this rule:

    /*eslint no-redeclare: "error"*/

var a = 3;
var a = 10;

    Examples of correct code for this rule:

    /*eslint no-redeclare: "error"*/

var a = 3;
// ...
a = 10;

    Options

    This rule takes one optional argument, an object with a boolean property "builtinGlobals". It defaults to false. If set to true, this rule also checks redeclaration of built-in globals, such as Object, Array, Number...

    builtinGlobals

    Examples of incorrect code for the { "builtinGlobals": true } option:

    /*eslint no-redeclare: ["error", { "builtinGlobals": true }]*/

var Object = 0;

    Examples of incorrect code for the { "builtinGlobals": true } option and the browser environment:

    /*eslint no-redeclare: ["error", { "builtinGlobals": true }]*/
/*eslint-env browser*/

var top = 0;

    The browser environment has many built-in global variables (for example, top). Some of built-in global variables cannot be redeclared. Source: http://eslint.org/docs/rules/

    Expected '===' and instead saw '=='.
    Open

            if (r2ui._dis.display == 'graph' && r2ui._dis.minimap) update_minimap();
    Severity: Minor
    Found in www/enyo/js/main.js by eslint

    Require === and !== (eqeqeq)

    It is considered good practice to use the type-safe equality operators === and !== instead of their regular counterparts == and !=.

    The reason for this is that == and != do type coercion which follows the rather obscure Abstract Equality Comparison Algorithm. For instance, the following statements are all considered true:

    • [] == false
    • [] == ![]
    • 3 == "03"

    If one of those occurs in an innocent-looking statement such as a == b the actual problem is very difficult to spot.

    Rule Details

    This rule is aimed at eliminating the type-unsafe equality operators.

    Examples of incorrect code for this rule:

    /*eslint eqeqeq: "error"*/

if (x == 42) { }

if ("" == text) { }

if (obj.getStuff() != undefined) { }

    The --fix option on the command line automatically fixes some problems reported by this rule. A problem is only fixed if one of the operands is a typeof expression, or if both operands are literals with the same type.

    Options

    always

    The "always" option (default) enforces the use of === and !== in every situation (except when you opt-in to more specific handling of null [see below]).

    Examples of incorrect code for the "always" option:

    /*eslint eqeqeq: ["error", "always"]*/

a == b
foo == true
bananas != 1
value == undefined
typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == null

    Examples of correct code for the "always" option:

    /*eslint eqeqeq: ["error", "always"]*/

a === b
foo === true
bananas !== 1
value === undefined
typeof foo === 'undefined'
'hello' !== 'world'
0 === 0
true === true
foo === null

    This rule optionally takes a second argument, which should be an object with the following supported properties:

    • "null": Customize how this rule treats null literals. Possible values:
      • always (default) - Always use === or !==.
      • never - Never use === or !== with null.
      • ignore - Do not apply this rule to null.

    smart

    The "smart" option enforces the use of === and !== except for these cases:

    • Comparing two literal values
    • Evaluating the value of typeof
    • Comparing against null

    Examples of incorrect code for the "smart" option:

    /*eslint eqeqeq: ["error", "smart"]*/

// comparing two variables requires ===
a == b

// only one side is a literal
foo == true
bananas != 1

// comparing to undefined requires ===
value == undefined

    Examples of correct code for the "smart" option:

    /*eslint eqeqeq: ["error", "smart"]*/

typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == null

    allow-null

    Deprecated: Instead of using this option use "always" and pass a "null" option property with value "ignore". This will tell eslint to always enforce strict equality except when comparing with the null literal.

    ["error", "always", {"null": "ignore"}]

    When Not To Use It

    If you don't want to enforce a style for using equality operators, then it's safe to disable this rule. Source: http://eslint.org/docs/rules/

    'k' is already defined.
    Open

                    var k = key.charCodeAt(0);
    Severity: Minor
    Found in www/enyo/js/main.js by eslint

    disallow variable redeclaration (no-redeclare)

    In JavaScript, it's possible to redeclare the same variable name using var. This can lead to confusion as to where the variable is actually declared and initialized.

    Rule Details

    This rule is aimed at eliminating variables that have multiple declarations in the same scope.

    Examples of incorrect code for this rule:

    /*eslint no-redeclare: "error"*/

var a = 3;
var a = 10;

    Examples of correct code for this rule:

    /*eslint no-redeclare: "error"*/

var a = 3;
// ...
a = 10;

    Options

    This rule takes one optional argument, an object with a boolean property "builtinGlobals". It defaults to false. If set to true, this rule also checks redeclaration of built-in globals, such as Object, Array, Number...

    builtinGlobals

    Examples of incorrect code for the { "builtinGlobals": true } option:

    /*eslint no-redeclare: ["error", { "builtinGlobals": true }]*/

var Object = 0;

    Examples of incorrect code for the { "builtinGlobals": true } option and the browser environment:

    /*eslint no-redeclare: ["error", { "builtinGlobals": true }]*/
/*eslint-env browser*/

var top = 0;

    The browser environment has many built-in global variables (for example, top). Some of built-in global variables cannot be redeclared. Source: http://eslint.org/docs/rules/

    Expected '===' and instead saw '=='.
    Open

                if (key.substring(0, 2) == 'C-') {
    Severity: Minor
    Found in www/enyo/js/main.js by eslint

    Require === and !== (eqeqeq)

    It is considered good practice to use the type-safe equality operators === and !== instead of their regular counterparts == and !=.

    The reason for this is that == and != do type coercion which follows the rather obscure Abstract Equality Comparison Algorithm. For instance, the following statements are all considered true:

    • [] == false
    • [] == ![]
    • 3 == "03"

    If one of those occurs in an innocent-looking statement such as a == b the actual problem is very difficult to spot.

    Rule Details

    This rule is aimed at eliminating the type-unsafe equality operators.

    Examples of incorrect code for this rule:

    /*eslint eqeqeq: "error"*/

if (x == 42) { }

if ("" == text) { }

if (obj.getStuff() != undefined) { }

    The --fix option on the command line automatically fixes some problems reported by this rule. A problem is only fixed if one of the operands is a typeof expression, or if both operands are literals with the same type.

    Options

    always

    The "always" option (default) enforces the use of === and !== in every situation (except when you opt-in to more specific handling of null [see below]).

    Examples of incorrect code for the "always" option:

    /*eslint eqeqeq: ["error", "always"]*/

a == b
foo == true
bananas != 1
value == undefined
typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == null

    Examples of correct code for the "always" option:

    /*eslint eqeqeq: ["error", "always"]*/

a === b
foo === true
bananas !== 1
value === undefined
typeof foo === 'undefined'
'hello' !== 'world'
0 === 0
true === true
foo === null

    This rule optionally takes a second argument, which should be an object with the following supported properties:

    • "null": Customize how this rule treats null literals. Possible values:
      • always (default) - Always use === or !==.
      • never - Never use === or !== with null.
      • ignore - Do not apply this rule to null.

    smart

    The "smart" option enforces the use of === and !== except for these cases:

    • Comparing two literal values
    • Evaluating the value of typeof
    • Comparing against null

    Examples of incorrect code for the "smart" option:

    /*eslint eqeqeq: ["error", "smart"]*/

// comparing two variables requires ===
a == b

// only one side is a literal
foo == true
bananas != 1

// comparing to undefined requires ===
value == undefined

    Examples of correct code for the "smart" option:

    /*eslint eqeqeq: ["error", "smart"]*/

typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == null

    allow-null

    Deprecated: Instead of using this option use "always" and pass a "null" option property with value "ignore". This will tell eslint to always enforce strict equality except when comparing with the null literal.

    ["error", "always", {"null": "ignore"}]

    When Not To Use It

    If you don't want to enforce a style for using equality operators, then it's safe to disable this rule. Source: http://eslint.org/docs/rules/

    Expected '===' and instead saw '=='.
    Open

                        if (inEvent.charCode == k) {
    Severity: Minor
    Found in www/enyo/js/main.js by eslint

    Require === and !== (eqeqeq)

    It is considered good practice to use the type-safe equality operators === and !== instead of their regular counterparts == and !=.

    The reason for this is that == and != do type coercion which follows the rather obscure Abstract Equality Comparison Algorithm. For instance, the following statements are all considered true:

    • [] == false
    • [] == ![]
    • 3 == "03"

    If one of those occurs in an innocent-looking statement such as a == b the actual problem is very difficult to spot.

    Rule Details

    This rule is aimed at eliminating the type-unsafe equality operators.

    Examples of incorrect code for this rule:

    /*eslint eqeqeq: "error"*/

if (x == 42) { }

if ("" == text) { }

if (obj.getStuff() != undefined) { }

    The --fix option on the command line automatically fixes some problems reported by this rule. A problem is only fixed if one of the operands is a typeof expression, or if both operands are literals with the same type.

    Options

    always

    The "always" option (default) enforces the use of === and !== in every situation (except when you opt-in to more specific handling of null [see below]).

    Examples of incorrect code for the "always" option:

    /*eslint eqeqeq: ["error", "always"]*/

a == b
foo == true
bananas != 1
value == undefined
typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == null

    Examples of correct code for the "always" option:

    /*eslint eqeqeq: ["error", "always"]*/

a === b
foo === true
bananas !== 1
value === undefined
typeof foo === 'undefined'
'hello' !== 'world'
0 === 0
true === true
foo === null

    This rule optionally takes a second argument, which should be an object with the following supported properties:

    • "null": Customize how this rule treats null literals. Possible values:
      • always (default) - Always use === or !==.
      • never - Never use === or !== with null.
      • ignore - Do not apply this rule to null.

    smart

    The "smart" option enforces the use of === and !== except for these cases:

    • Comparing two literal values
    • Evaluating the value of typeof
    • Comparing against null

    Examples of incorrect code for the "smart" option:

    /*eslint eqeqeq: ["error", "smart"]*/

// comparing two variables requires ===
a == b

// only one side is a literal
foo == true
bananas != 1

// comparing to undefined requires ===
value == undefined

    Examples of correct code for the "smart" option:

    /*eslint eqeqeq: ["error", "smart"]*/

typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == null

    allow-null

    Deprecated: Instead of using this option use "always" and pass a "null" option property with value "ignore". This will tell eslint to always enforce strict equality except when comparing with the null literal.

    ["error", "always", {"null": "ignore"}]

    When Not To Use It

    If you don't want to enforce a style for using equality operators, then it's safe to disable this rule. Source: http://eslint.org/docs/rules/

    There are no issues that match your filters.

    Category
    Status