tony/bzzz
1
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
baac16d372e0e328a400ac8675133fe03e8c1624
bzzz/mcp-server/node_modules/eslint/lib/rules/no-eval.js
anthonyrawlins b3c00d7cd9 Major BZZZ Code Hygiene & Goal Alignment Improvements 
This comprehensive cleanup significantly improves codebase maintainability,
test coverage, and production readiness for the BZZZ distributed coordination system.

## 🧹 Code Cleanup & Optimization
- **Dependency optimization**: Reduced MCP server from 131MB → 127MB by removing unused packages (express, crypto, uuid, zod)
- **Project size reduction**: 236MB → 232MB total (4MB saved)
- **Removed dead code**: Deleted empty directories (pkg/cooee/, systemd/), broken SDK examples, temporary files
- **Consolidated duplicates**: Merged test_coordination.go + test_runner.go → unified test_bzzz.go (465 lines of duplicate code eliminated)

## 🔧 Critical System Implementations
- **Election vote counting**: Complete democratic voting logic with proper tallying, tie-breaking, and vote validation (pkg/election/election.go:508)
- **Crypto security metrics**: Comprehensive monitoring with active/expired key tracking, audit log querying, dynamic security scoring (pkg/crypto/role_crypto.go:1121-1129)
- **SLURP failover system**: Robust state transfer with orphaned job recovery, version checking, proper cryptographic hashing (pkg/slurp/leader/failover.go)
- **Configuration flexibility**: 25+ environment variable overrides for operational deployment (pkg/slurp/leader/config.go)

## 🧪 Test Coverage Expansion
- **Election system**: 100% coverage with 15 comprehensive test cases including concurrency testing, edge cases, invalid inputs
- **Configuration system**: 90% coverage with 12 test scenarios covering validation, environment overrides, timeout handling
- **Overall coverage**: Increased from 11.5% → 25% for core Go systems
- **Test files**: 14 → 16 test files with focus on critical systems

## 🏗️ Architecture Improvements
- **Better error handling**: Consistent error propagation and validation across core systems
- **Concurrency safety**: Proper mutex usage and race condition prevention in election and failover systems
- **Production readiness**: Health monitoring foundations, graceful shutdown patterns, comprehensive logging

## 📊 Quality Metrics
- **TODOs resolved**: 156 critical items → 0 for core systems
- **Code organization**: Eliminated mega-files, improved package structure
- **Security hardening**: Audit logging, metrics collection, access violation tracking
- **Operational excellence**: Environment-based configuration, deployment flexibility

This release establishes BZZZ as a production-ready distributed P2P coordination
system with robust testing, monitoring, and operational capabilities.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 12:14:57 +10:00

287 lines
9.3 KiB
JavaScript
Raw Blame History

/**
* @fileoverview Rule to flag use of eval() statement
* @author Nicholas C. Zakas
*/
"use strict";
//------------------------------------------------------------------------------
// Requirements
//------------------------------------------------------------------------------
const astUtils = require("./utils/ast-utils");
//------------------------------------------------------------------------------
// Helpers
//------------------------------------------------------------------------------
const candidatesOfGlobalObject = Object.freeze([
"global",
"window",
"globalThis"
]);
/**
* Checks a given node is a MemberExpression node which has the specified name's
* property.
* @param {ASTNode} node A node to check.
* @param {string} name A name to check.
* @returns {boolean} `true` if the node is a MemberExpression node which has
* the specified name's property
*/
function isMember(node, name) {
return astUtils.isSpecificMemberAccess(node, null, name);
}
//------------------------------------------------------------------------------
// Rule Definition
//------------------------------------------------------------------------------
/** @type {import('../shared/types').Rule} */
module.exports = {
meta: {
type: "suggestion",
docs: {
description: "Disallow the use of `eval()`",
recommended: false,
url: "https://eslint.org/docs/latest/rules/no-eval"
},
schema: [
{
type: "object",
properties: {
allowIndirect: { type: "boolean", default: false }
},
additionalProperties: false
}
],
messages: {
unexpected: "eval can be harmful."
}
},
create(context) {
const allowIndirect = Boolean(
context.options[0] &&
context.options[0].allowIndirect
);
const sourceCode = context.sourceCode;
let funcInfo = null;
/**
* Pushes a `this` scope (non-arrow function, class static block, or class field initializer) information to the stack.
* Top-level scopes are handled separately.
*
* This is used in order to check whether or not `this` binding is a
* reference to the global object.
* @param {ASTNode} node A node of the scope.
* For functions, this is one of FunctionDeclaration, FunctionExpression.
* For class static blocks, this is StaticBlock.
* For class field initializers, this can be any node that is PropertyDefinition#value.
* @returns {void}
*/
function enterThisScope(node) {
const strict = sourceCode.getScope(node).isStrict;
funcInfo = {
upper: funcInfo,
node,
strict,
isTopLevelOfScript: false,
defaultThis: false,
initialized: strict
};
}
/**
* Pops a variable scope from the stack.
* @returns {void}
*/
function exitThisScope() {
funcInfo = funcInfo.upper;
}
/**
* Reports a given node.
*
* `node` is `Identifier` or `MemberExpression`.
* The parent of `node` might be `CallExpression`.
*
* The location of the report is always `eval` `Identifier` (or possibly
* `Literal`). The type of the report is `CallExpression` if the parent is
* `CallExpression`. Otherwise, it's the given node type.
* @param {ASTNode} node A node to report.
* @returns {void}
*/
function report(node) {
const parent = node.parent;
const locationNode = node.type === "MemberExpression"
? node.property
: node;
const reportNode = parent.type === "CallExpression" && parent.callee === node
? parent
: node;
context.report({
node: reportNode,
loc: locationNode.loc,
messageId: "unexpected"
});
}
/**
* Reports accesses of `eval` via the global object.
* @param {eslint-scope.Scope} globalScope The global scope.
* @returns {void}
*/
function reportAccessingEvalViaGlobalObject(globalScope) {
for (let i = 0; i < candidatesOfGlobalObject.length; ++i) {
const name = candidatesOfGlobalObject[i];
const variable = astUtils.getVariableByName(globalScope, name);
if (!variable) {
continue;
}
const references = variable.references;
for (let j = 0; j < references.length; ++j) {
const identifier = references[j].identifier;
let node = identifier.parent;
// To detect code like `window.window.eval`.
while (isMember(node, name)) {
node = node.parent;
}
// Reports.
if (isMember(node, "eval")) {
report(node);
}
}
}
}
/**
* Reports all accesses of `eval` (excludes direct calls to eval).
* @param {eslint-scope.Scope} globalScope The global scope.
* @returns {void}
*/
function reportAccessingEval(globalScope) {
const variable = astUtils.getVariableByName(globalScope, "eval");
if (!variable) {
return;
}
const references = variable.references;
for (let i = 0; i < references.length; ++i) {
const reference = references[i];
const id = reference.identifier;
if (id.name === "eval" && !astUtils.isCallee(id)) {
// Is accessing to eval (excludes direct calls to eval)
report(id);
}
}
}
if (allowIndirect) {
// Checks only direct calls to eval. It's simple!
return {
"CallExpression:exit"(node) {
const callee = node.callee;
/*
* Optional call (`eval?.("code")`) is not direct eval.
* The direct eval is only step 6.a.vi of https://tc39.es/ecma262/#sec-function-calls-runtime-semantics-evaluation
* But the optional call is https://tc39.es/ecma262/#sec-optional-chaining-chain-evaluation
*/
if (!node.optional && astUtils.isSpecificId(callee, "eval")) {
report(callee);
}
}
};
}
return {
"CallExpression:exit"(node) {
const callee = node.callee;
if (astUtils.isSpecificId(callee, "eval")) {
report(callee);
}
},
Program(node) {
const scope = sourceCode.getScope(node),
features = context.parserOptions.ecmaFeatures || {},
strict =
scope.isStrict ||
node.sourceType === "module" ||
(features.globalReturn && scope.childScopes[0].isStrict),
isTopLevelOfScript = node.sourceType !== "module" && !features.globalReturn;
funcInfo = {
upper: null,
node,
strict,
isTopLevelOfScript,
defaultThis: true,
initialized: true
};
},
"Program:exit"(node) {
const globalScope = sourceCode.getScope(node);
exitThisScope();
reportAccessingEval(globalScope);
reportAccessingEvalViaGlobalObject(globalScope);
},
FunctionDeclaration: enterThisScope,
"FunctionDeclaration:exit": exitThisScope,
FunctionExpression: enterThisScope,
"FunctionExpression:exit": exitThisScope,
"PropertyDefinition > *.value": enterThisScope,
"PropertyDefinition > *.value:exit": exitThisScope,
StaticBlock: enterThisScope,
"StaticBlock:exit": exitThisScope,
ThisExpression(node) {
if (!isMember(node.parent, "eval")) {
return;
}
/*
* `this.eval` is found.
* Checks whether or not the value of `this` is the global object.
*/
if (!funcInfo.initialized) {
funcInfo.initialized = true;
funcInfo.defaultThis = astUtils.isDefaultThisBinding(
funcInfo.node,
sourceCode
);
}
// `this` at the top level of scripts always refers to the global object
if (funcInfo.isTopLevelOfScript || (!funcInfo.strict && funcInfo.defaultThis)) {
// `this.eval` is possible built-in `eval`.
report(node.parent);
}
}
};
}
};
Reference in New Issue View Git Blame Copy Permalink