kibana/packages/kbn-eslint-plugin-eslint/rules/require_kbn_fs.js at a7366db19d24c6dc0dfba4406fd7d9ed0ab61a5d · elena-shostak/kibana · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
/*
 * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
 * or more contributor license agreements. Licensed under the "Elastic License
 * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
 * Public License v 1"; you may not use this file except in compliance with, at
 * your election, the "Elastic License 2.0", the "GNU Affero General Public
 * License v3.0 only", or the "Server Side Public License, v 1".
 */

const DEFAULT_ERROR_MSG = 'Use `@kbn/fs` instead of direct `fs` imports';
const DEFAULT_RESTRICTED_METHODS = ['writeFile', 'writeFileSync', 'createWriteStream'];

module.exports = {
  meta: {
    type: 'problem',
    docs: {
      description: 'Enforce usage of @kbn/fs instead of direct fs imports',
      category: 'Best Practices',
      recommended: true,
    },
    schema: [
      {
        type: 'object',
        properties: {
          restrictedMethods: {
            type: 'array',
            items: { type: 'string' },
            description: 'List of fs methods to restrict. If empty, all methods are restricted.',
          },
          disallowedMessage: {
            type: 'string',
            description: 'Custom error message',
          },
        },
        additionalProperties: false,
      },
    ],
  },
  create: (context) => {
    const {
      restrictedMethods = DEFAULT_RESTRICTED_METHODS,
      disallowedMessage = DEFAULT_ERROR_MSG,
    } = context.options[0] || {};
    const restrictAll = restrictedMethods.length === 0;

    // Track variables imported from fs modules (default/namespace imports)
    const fsImportedVars = new Set();

    const isRestrictedMethod = (methodName) => {
      return restrictAll || restrictedMethods.includes(methodName);
    };

    const checkImportSpecifiers = (node) => {
      if (!node.specifiers || node.specifiers.length === 0) {
        return false;
      }

      // Check named imports: import { writeFile } from 'fs'
      return node.specifiers.some((spec) => {
        if (spec.type === 'ImportSpecifier') {
          return isRestrictedMethod(spec.imported.name);
        }
        // ImportDefaultSpecifier or ImportNamespaceSpecifier - don't restrict
        // as they might only use read operations
        return false;
      });
    };

    const isFsModule = (modulePath) => {
      return (
        modulePath === 'fs' ||
        modulePath === 'fs/promises' ||
        modulePath === 'node:fs' ||
        modulePath === 'node:fs/promises'
      );
    };

    return {
      ImportDeclaration(node) {
        const modulePath = node.source.value;
        if (isFsModule(modulePath)) {
          // Track default and namespace imports for method call detection
          if (node.specifiers) {
            for (const spec of node.specifiers) {
              if (
                spec.type === 'ImportDefaultSpecifier' ||
                spec.type === 'ImportNamespaceSpecifier'
              ) {
                const varName = spec.local?.name;
                if (varName) {
                  fsImportedVars.add(varName);
                }
              }
            }
          }

          // Check named imports for immediate restriction
          if (checkImportSpecifiers(node)) {
            context.report({
              node,
              message: disallowedMessage,
            });
          }
        }
      },
      CallExpression(node) {
        const { callee } = node;

        if (callee.type === 'MemberExpression') {
          const objectName = callee.object.name;
          const propertyName = callee.property?.name;

          // Check method calls on fs directly: fs.writeFile()
          if (objectName === 'fs' && propertyName && isRestrictedMethod(propertyName)) {
            return context.report({
              node,
              message: disallowedMessage,
            });
          }

          // Check method calls on fs.promises: fs.promises.writeFile()
          if (
            callee.object.type === 'MemberExpression' &&
            callee.object.object?.name === 'fs' &&
            callee.object.property?.name === 'promises' &&
            propertyName &&
            isRestrictedMethod(propertyName)
          ) {
            return context.report({
              node,
              message: disallowedMessage,
            });
          }

          // Check method calls on imported fs variables: promises.writeFile()
          if (
            objectName &&
            fsImportedVars.has(objectName) &&
            propertyName &&
            isRestrictedMethod(propertyName)
          ) {
            return context.report({
              node,
              message: disallowedMessage,
            });
          }
        }
      },
    };
  },
};