Fix eslint rule for restricting certain lodash imports (elastic#151023)

Fixes elastic#110422 TL;DR: The `lodash.set` function is unsafe and shouldn't be called. Cause of error: If you specify multiple `no-restricted-imports` paths for the same module, only the last path is used. Instead you need to combine them into a single path as I've done in this PR. This regression was introduced in elastic#100277 (cherry picked from commit fbdeffb) # Conflicts: # .eslintrc.js # packages/elastic-apm-synthtrace/src/lib/metricset.ts # packages/kbn-apm-synthtrace-client/tsconfig.json # packages/kbn-es-query/tsconfig.json # packages/kbn-interpreter/src/common/lib/ast.to_expression.test.js # packages/kbn-interpreter/tsconfig.json # src/plugins/controls/server/control_group/control_group_telemetry.ts # src/plugins/controls/tsconfig.json # src/plugins/data_views/common/data_views/data_views.test.ts # src/plugins/data_views/tsconfig.json # src/plugins/files/server/blob_storage_service/adapters/es/content_stream/content_stream.test.ts # src/plugins/files/tsconfig.json # x-pack/plugins/actions/server/lib/create_action_event_log_record_object.ts # x-pack/plugins/actions/tsconfig.json # x-pack/plugins/alerting/server/lib/rule_run_metrics_store.ts # x-pack/plugins/alerting/server/rules_client/common/apply_bulk_edit_operation.ts # x-pack/plugins/apm/server/routes/fleet/get_package_policy_decorators.ts # x-pack/plugins/apm/tsconfig.json # x-pack/plugins/canvas/canvas_plugin_src/uis/arguments/partition_labels/extended_template.tsx # x-pack/plugins/canvas/canvas_plugin_src/uis/arguments/partition_labels/simple_template.tsx # x-pack/plugins/cases/public/api/utils.ts # x-pack/plugins/cases/public/common/mock/connectors.ts # x-pack/plugins/cases/public/containers/api.test.tsx # x-pack/plugins/cases/server/saved_object_types/migrations/user_actions/alerts.test.ts # x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawl_details_flyout/crawl_details_preview.test.tsx # x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/crawler/crawl_details_flyout/crawl_details_preview.test.tsx # x-pack/plugins/enterprise_search/tsconfig.json # x-pack/plugins/lens/public/utils.ts # x-pack/plugins/lens/tsconfig.json # x-pack/plugins/osquery/server/lib/update_global_packs.ts # x-pack/plugins/osquery/server/routes/pack/create_pack_route.ts # x-pack/plugins/osquery/server/routes/pack/update_pack_route.ts # x-pack/plugins/osquery/server/routes/status/create_status_route.ts # x-pack/plugins/osquery/tsconfig.json # x-pack/plugins/reporting/server/lib/content_stream.test.ts # x-pack/plugins/reporting/server/routes/lib/jobs_query.test.ts # x-pack/plugins/reporting/tsconfig.json # x-pack/plugins/screenshotting/server/config/create_config.ts # x-pack/plugins/screenshotting/tsconfig.json # x-pack/plugins/security/tsconfig.json # x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx # x-pack/plugins/security_solution/public/explore/users/store/reducer.ts # x-pack/plugins/security_solution/public/network/store/reducer.ts # x-pack/plugins/security_solution/scripts/endpoint/agent_emulator/services/action_responder.ts # x-pack/plugins/security_solution/server/lib/detection_engine/signals/enrichments/enrichment_by_type/host_risk.ts # x-pack/plugins/security_solution/server/lib/detection_engine/signals/enrichments/enrichment_by_type/user_risk.ts # x-pack/plugins/security_solution/server/lib/detection_engine/signals/enrichments/utils/transforms.test.ts # x-pack/plugins/security_solution/server/lib/telemetry/helpers.test.ts # x-pack/plugins/stack_connectors/server/connector_types/opsgenie/render_template_variables.ts # x-pack/plugins/stack_connectors/server/connector_types/tines/render.test.ts # x-pack/plugins/stack_connectors/server/connector_types/tines/render.ts # x-pack/plugins/stack_connectors/tsconfig.json # x-pack/plugins/synthetics/tsconfig.json # x-pack/plugins/triggers_actions_ui/public/application/lib/value_validators.ts # x-pack/plugins/triggers_actions_ui/tsconfig.json # x-pack/plugins/uptime/server/lib/requests/get_monitor_charts.test.ts # x-pack/plugins/uptime/server/lib/requests/get_pings.test.ts # x-pack/plugins/uptime/server/lib/requests/search/find_potential_matches.ts
watson · Feb 17, 2023 · 688468f · 688468f
1 parent 8126db8
commit 688468f
Show file tree

Hide file tree

Showing 20 changed files with 110 additions and 100 deletions.
diff --git a/.eslintrc.js b/.eslintrc.js
@@ -170,50 +170,49 @@ const DEV_PATTERNS = [
 const RESTRICTED_IMPORTS = [
   {
     name: 'lodash',
-    importNames: ['set', 'setWith'],
-    message: 'Please use @elastic/safer-lodash-set instead',
+    importNames: ['set', 'setWith', 'template'],
+    message:
+      'lodash.set/setWith: Please use @elastic/safer-lodash-set instead.\n' +
+      'lodash.template: Function is unsafe, and not compatible with our content security policy.',
   },
   {
     name: 'lodash.set',
-    message: 'Please use @elastic/safer-lodash-set instead',
+    message: 'Please use @elastic/safer-lodash-set/set instead',
   },
   {
     name: 'lodash.setwith',
-    message: 'Please use @elastic/safer-lodash-set instead',
+    message: 'Please use @elastic/safer-lodash-set/setWith instead',
   },
   {
     name: 'lodash/set',
-    message: 'Please use @elastic/safer-lodash-set instead',
+    message: 'Please use @elastic/safer-lodash-set/set instead',
   },
   {
     name: 'lodash/setWith',
-    message: 'Please use @elastic/safer-lodash-set instead',
+    message: 'Please use @elastic/safer-lodash-set/setWith instead',
   },
   {
     name: 'lodash/fp',
-    importNames: ['set', 'setWith', 'assoc', 'assocPath'],
-    message: 'Please use @elastic/safer-lodash-set instead',
+    importNames: ['set', 'setWith', 'assoc', 'assocPath', 'template'],
+    message:
+      'lodash.set/setWith/assoc/assocPath: Please use @elastic/safer-lodash-set/fp instead\n' +
+      'lodash.template: Function is unsafe, and not compatible with our content security policy.',
   },
   {
     name: 'lodash/fp/set',
-    message: 'Please use @elastic/safer-lodash-set instead',
+    message: 'Please use @elastic/safer-lodash-set/fp/set instead',
   },
   {
     name: 'lodash/fp/setWith',
-    message: 'Please use @elastic/safer-lodash-set instead',
+    message: 'Please use @elastic/safer-lodash-set/fp/setWith instead',
   },
   {
     name: 'lodash/fp/assoc',
-    message: 'Please use @elastic/safer-lodash-set instead',
+    message: 'Please use @elastic/safer-lodash-set/fp/assoc instead',
   },
   {
     name: 'lodash/fp/assocPath',
-    message: 'Please use @elastic/safer-lodash-set instead',
-  },
-  {
-    name: 'lodash',
-    importNames: ['template'],
-    message: 'lodash.template is unsafe, and not compatible with our content security policy.',
+    message: 'Please use @elastic/safer-lodash-set/fp/assocPath instead',
   },
   {
     name: 'lodash.template',
@@ -223,11 +222,6 @@ const RESTRICTED_IMPORTS = [
     name: 'lodash/template',
     message: 'lodash.template is unsafe, and not compatible with our content security policy.',
   },
-  {
-    name: 'lodash/fp',
-    importNames: ['template'],
-    message: 'lodash.template is unsafe, and not compatible with our content security policy.',
-  },
   {
     name: 'lodash/fp/template',
     message: 'lodash.template is unsafe, and not compatible with our content security policy.',
@@ -787,47 +781,54 @@ module.exports = {
     {
       files: ['**/*.{js,mjs,ts,tsx}'],
       rules: {
-        'no-restricted-imports': [
-          2,
+        'no-restricted-imports': ['error', ...RESTRICTED_IMPORTS],
+        'no-restricted-modules': [
+          'error',
           {
-            paths: RESTRICTED_IMPORTS,
+            name: 'lodash.set',
+            message: 'Please use @elastic/safer-lodash-set instead',
           },
-        ],
-        'no-restricted-modules': [
-          2,
           {
-            paths: [
-              {
-                name: 'lodash.set',
-                message: 'Please use @elastic/safer-lodash-set instead',
-              },
-              {
-                name: 'lodash.setwith',
-                message: 'Please use @elastic/safer-lodash-set instead',
-              },
-              {
-                name: 'lodash.template',
-                message:
-                  'lodash.template is unsafe, and not compatible with our content security policy.',
-              },
-              {
-                name: 'lodash/set',
-                message: 'Please use @elastic/safer-lodash-set instead',
-              },
-              {
-                name: 'lodash/setWith',
-                message: 'Please use @elastic/safer-lodash-set instead',
-              },
-              {
-                name: 'lodash/template',
-                message:
-                  'lodash.template is unsafe, and not compatible with our content security policy.',
-              },
-            ],
+            name: 'lodash.setwith',
+            message: 'Please use @elastic/safer-lodash-set instead',
+          },
+          {
+            name: 'lodash.template',
+            message:
+              'lodash.template is unsafe, and not compatible with our content security policy.',
+          },
+          {
+            name: 'lodash/set',
+            message: 'Please use @elastic/safer-lodash-set/set instead',
+          },
+          {
+            name: 'lodash/setWith',
+            message: 'Please use @elastic/safer-lodash-set/setWith instead',
+          },
+          {
+            name: 'lodash/fp/set',
+            message: 'Please use @elastic/safer-lodash-set/fp/set instead',
+          },
+          {
+            name: 'lodash/fp/setWith',
+            message: 'Please use @elastic/safer-lodash-set/fp/setWith instead',
+          },
+          {
+            name: 'lodash/fp/assoc',
+            message: 'Please use @elastic/safer-lodash-set/fp/assoc instead',
+          },
+          {
+            name: 'lodash/fp/assocPath',
+            message: 'Please use @elastic/safer-lodash-set/fp/assocPath instead',
+          },
+          {
+            name: 'lodash/template',
+            message:
+              'lodash.template is unsafe, and not compatible with our content security policy.',
           },
         ],
         'no-restricted-properties': [
-          2,
+          'error',
           {
             object: 'lodash',
             property: 'set',
@@ -838,18 +839,6 @@ module.exports = {
             property: 'set',
             message: 'Please use @elastic/safer-lodash-set instead',
           },
-          {
-            object: 'lodash',
-            property: 'template',
-            message:
-              'lodash.template is unsafe, and not compatible with our content security policy.',
-          },
-          {
-            object: '_',
-            property: 'template',
-            message:
-              'lodash.template is unsafe, and not compatible with our content security policy.',
-          },
           {
             object: 'lodash',
             property: 'setWith',
@@ -880,26 +869,34 @@ module.exports = {
             property: 'assocPath',
             message: 'Please use @elastic/safer-lodash-set instead',
           },
+          {
+            object: 'lodash',
+            property: 'template',
+            message:
+              'lodash.template is unsafe, and not compatible with our content security policy.',
+          },
+          {
+            object: '_',
+            property: 'template',
+            message:
+              'lodash.template is unsafe, and not compatible with our content security policy.',
+          },
         ],
       },
     },
     {
       files: ['**/common/**/*.{js,mjs,ts,tsx}', '**/public/**/*.{js,mjs,ts,tsx}'],
       rules: {
         'no-restricted-imports': [
-          2,
+          'error',
+          ...RESTRICTED_IMPORTS,
           {
-            paths: [
-              ...RESTRICTED_IMPORTS,
-              {
-                name: 'semver',
-                message: 'Please use "semver/*/{function}" instead',
-              },
-              {
-                name: '@kbn/rule-data-utils',
-                message: `Import directly from @kbn/rule-data-utils/* submodules in public/common code`,
-              },
-            ],
+            name: 'semver',
+            message: 'Please use "semver/*/{function}" instead',
+          },
+          {
+            name: '@kbn/rule-data-utils',
+            message: `Import directly from @kbn/rule-data-utils/* submodules in public/common code`,
           },
         ],
       },

diff --git a/packages/elastic-apm-synthtrace/BUILD.bazel b/packages/elastic-apm-synthtrace/BUILD.bazel
@@ -26,6 +26,7 @@ NPM_MODULE_EXTRA_FILES = [
 
 RUNTIME_DEPS = [
   "//packages/elastic-datemath",
+  "//packages/elastic-safer-lodash-set",
   "@npm//@elastic/elasticsearch",
   "@npm//lodash",
   "@npm//moment",
@@ -38,6 +39,7 @@ RUNTIME_DEPS = [
 
 TYPES_DEPS = [
   "//packages/elastic-datemath:npm_module_types",
+  "//packages/elastic-safer-lodash-set",
   "@npm//@elastic/elasticsearch",
   "@npm//moment",
   "@npm//p-limit",

diff --git a/packages/elastic-apm-synthtrace/src/lib/output/to_elasticsearch_output.ts b/packages/elastic-apm-synthtrace/src/lib/output/to_elasticsearch_output.ts
@@ -6,7 +6,7 @@
  * Side Public License, v 1.
  */
 
-import { set } from 'lodash';
+import { set } from '@elastic/safer-lodash-set';
 import { getObserverDefaults } from '../..';
 import { Fields } from '../entity';
 

diff --git a/packages/elastic-safer-lodash-set/README.md b/packages/elastic-safer-lodash-set/README.md
@@ -7,7 +7,7 @@ Lodash v4.x.
 ## Example Usage
 
 ```js
-const { set } = require('@elastic/safer-loadsh-set');
+const { set } = require('@elastic/safer-lodash-set');
 
 const object = { a: [{ b: { c: 3 } }] };
 

diff --git a/packages/kbn-es-query/src/filters/build_filters/phrase_filter.test.ts b/packages/kbn-es-query/src/filters/build_filters/phrase_filter.test.ts
@@ -5,7 +5,7 @@
  * in compliance with, at your election, the Elastic License 2.0 or the Server
  * Side Public License, v 1.
  */
-import { set } from 'lodash';
+import { set } from '@elastic/safer-lodash-set';
 import {
   buildInlineScriptForPhraseFilter,
   buildPhraseFilter,

diff --git a/...pplications/app_search/components/curations/curation/suggested_documents_callout.test.tsx b/...pplications/app_search/components/curations/curation/suggested_documents_callout.test.tsx
@@ -11,7 +11,8 @@ import { setMockValues } from '../../../../__mocks__/kea_logic';
 import React from 'react';
 
 import { shallow } from 'enzyme';
-import { set } from 'lodash/fp';
+
+import { set } from '@elastic/safer-lodash-set/fp';
 
 import { SuggestionsCallout } from '../components/suggestions_callout';
 

diff --git a/...prise_search/public/applications/app_search/components/curations/views/curations.test.tsx b/...prise_search/public/applications/app_search/components/curations/views/curations.test.tsx
@@ -14,9 +14,8 @@ import React from 'react';
 
 import { shallow } from 'enzyme';
 
-import { set } from 'lodash/fp';
-
 import { EuiTab } from '@elastic/eui';
+import { set } from '@elastic/safer-lodash-set/fp';
 
 import { getPageHeaderTabs, getPageTitle } from '../../../../test_helpers';
 

diff --git a/...rch/public/applications/app_search/components/curations/views/curations_overview.test.tsx b/...rch/public/applications/app_search/components/curations/views/curations_overview.test.tsx
@@ -12,7 +12,8 @@ import '../../../__mocks__/engine_logic.mock';
 import React from 'react';
 
 import { shallow } from 'enzyme';
-import { set } from 'lodash/fp';
+
+import { set } from '@elastic/safer-lodash-set/fp';
 
 import { CurationsTable, EmptyState } from '../components';
 

diff --git a/...ons/app_search/components/engine_overview/components/suggested_curations_callout.test.tsx b/...ons/app_search/components/engine_overview/components/suggested_curations_callout.test.tsx
@@ -11,7 +11,8 @@ import { setMockValues } from '../../../../__mocks__/kea_logic';
 import React from 'react';
 
 import { shallow } from 'enzyme';
-import { set } from 'lodash/fp';
+
+import { set } from '@elastic/safer-lodash-set/fp';
 
 import { SuggestionsCallout } from '../../curations/components/suggestions_callout';
 

diff --git a/x-pack/plugins/monitoring/server/lib/logstash/get_node_info.test.ts b/x-pack/plugins/monitoring/server/lib/logstash/get_node_info.test.ts
@@ -6,7 +6,8 @@
  */
 
 import moment from 'moment';
-import { set, unset } from 'lodash';
+import { set } from '@elastic/safer-lodash-set';
+import { unset } from 'lodash';
 import { STANDALONE_CLUSTER_CLUSTER_UUID } from '../../../common/constants';
 import { handleResponse, getNodeInfo } from './get_node_info';
 import { LegacyRequest } from '../../types';

diff --git a/...ugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx b/...ugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx
@@ -5,7 +5,8 @@
  * 2.0.
  */
 
-import { pickBy, get, isEmpty, isString, unset, set, intersection } from 'lodash';
+import { set } from '@elastic/safer-lodash-set';
+import { pickBy, get, isEmpty, isString, unset, intersection } from 'lodash';
 import satisfies from 'semver/functions/satisfies';
 import {
   EuiFlexGroup,

diff --git a/x-pack/plugins/osquery/server/routes/pack/create_pack_route.ts b/x-pack/plugins/osquery/server/routes/pack/create_pack_route.ts
@@ -6,7 +6,8 @@
  */
 
 import moment from 'moment-timezone';
-import { has, mapKeys, set, unset, find } from 'lodash';
+import { set } from '@elastic/safer-lodash-set';
+import { has, mapKeys, unset, find } from 'lodash';
 import { schema } from '@kbn/config-schema';
 import { produce } from 'immer';
 import {

diff --git a/x-pack/plugins/osquery/server/routes/pack/update_pack_route.ts b/x-pack/plugins/osquery/server/routes/pack/update_pack_route.ts
@@ -6,7 +6,8 @@
  */
 
 import moment from 'moment-timezone';
-import { set, unset, has, difference, filter, find, map, mapKeys, uniq } from 'lodash';
+import { set } from '@elastic/safer-lodash-set';
+import { unset, has, difference, filter, find, map, mapKeys, uniq } from 'lodash';
 import { schema } from '@kbn/config-schema';
 import { produce } from 'immer';
 import {

diff --git a/x-pack/plugins/osquery/server/routes/status/create_status_route.ts b/x-pack/plugins/osquery/server/routes/status/create_status_route.ts
@@ -7,7 +7,8 @@
 
 import { produce } from 'immer';
 import { satisfies } from 'semver';
-import { filter, reduce, mapKeys, each, set, unset, uniq, map, has } from 'lodash';
+import { set } from '@elastic/safer-lodash-set';
+import { filter, reduce, mapKeys, each, unset, uniq, map, has } from 'lodash';
 import { packSavedObjectType } from '../../../common/types';
 import {
   PACKAGE_POLICY_SAVED_OBJECT_TYPE,

diff --git a/x-pack/plugins/reporting/server/lib/content_stream.test.ts b/x-pack/plugins/reporting/server/lib/content_stream.test.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { set } from 'lodash';
+import { set } from '@elastic/safer-lodash-set';
 import { elasticsearchServiceMock } from 'src/core/server/mocks';
 import { createMockLevelLogger } from '../test_helpers';
 import { ContentStream } from './content_stream';

diff --git a/x-pack/plugins/reporting/server/lib/screenshots/get_number_of_items.test.ts b/x-pack/plugins/reporting/server/lib/screenshots/get_number_of_items.test.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { set } from 'lodash';
+import { set } from '@elastic/safer-lodash-set';
 import { durationToNumber } from '../../../common/schema_utils';
 import { HeadlessChromiumDriver } from '../../browsers';
 import {

diff --git a/x-pack/plugins/reporting/server/routes/lib/jobs_query.test.ts b/x-pack/plugins/reporting/server/routes/lib/jobs_query.test.ts
@@ -6,7 +6,7 @@
  */
 
 import { UnwrapPromise } from '@kbn/utility-types';
-import { set } from 'lodash';
+import { set } from '@elastic/safer-lodash-set';
 import { ElasticsearchClient } from 'src/core/server';
 import { statuses } from '../../lib';
 import { createMockConfigSchema, createMockReportingCore } from '../../test_helpers';