Remove eslint security plugin and add express for integration tests

microsoft · Feb 21, 2024 · 36f7be1 · 36f7be1
1 parent dabdc27
commit 36f7be1
Show file tree

Hide file tree

Showing 42 changed files with 288 additions and 108 deletions.
diff --git a/js/.eslintrc b/js/.eslintrc
@@ -14,7 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": ["@typescript-eslint", "jsdoc", "mocha", "only-warn", "prettier"],

diff --git a/js/package.json b/js/package.json
@@ -41,8 +41,8 @@
         "eslint-plugin-mocha": "^10.2.0",
         "eslint-plugin-only-warn": "^1.1.0",
         "eslint-plugin-prettier": "^5.1.3",
-        "eslint-plugin-security": "^1.7.1",
         "exorcist": "^2.0.0",
+        "express": "^4.18.2",
         "mocha": "^10.3.0",
         "mocha-junit-reporter": "^2.0.0",
         "ms-rest-azure": "^3.0.2",

diff --git a/js/packages/teams-ai/src/AI.ts b/js/packages/teams-ai/src/AI.ts
@@ -499,7 +499,6 @@ export class AI<TState extends TurnState = TurnState> {
                 break;
             }
 
-            // eslint-disable-next-line security/detect-object-injection
             let output: string;
             const cmd = plan.commands[i];
             switch (cmd.type) {

diff --git a/js/packages/teams-ai/src/AdaptiveCards.ts b/js/packages/teams-ai/src/AdaptiveCards.ts
@@ -5,8 +5,6 @@
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
  */
-// TODO:
-/* eslint-disable security/detect-object-injection */
 import {
     TurnContext,
     ActivityTypes,

diff --git a/js/packages/teams-ai/src/Application.ts b/js/packages/teams-ai/src/Application.ts
@@ -1,4 +1,3 @@
-/* eslint-disable security/detect-object-injection */
 /**
  * @module teams-ai
  */
@@ -707,8 +706,6 @@ export class Application<TState extends TurnState = TurnState> {
                 // Invoke Activities from Teams need to be responded to in less than 5 seconds.
                 if (context.activity.type === ActivityTypes.Invoke) {
                     for (let i = 0; i < this._invokeRoutes.length; i++) {
-                        // TODO: fix security/detect-object-injection
-                        // eslint-disable-next-line security/detect-object-injection
                         const route = this._invokeRoutes[i];
                         if (await route.selector(context)) {
                             // Execute route handler
@@ -728,8 +725,6 @@ export class Application<TState extends TurnState = TurnState> {
 
                 // All other ActivityTypes and any unhandled Invokes are run through the remaining routes.
                 for (let i = 0; i < this._routes.length; i++) {
-                    // TODO:
-                    // eslint-disable-next-line security/detect-object-injection
                     const route = this._routes[i];
                     if (await route.selector(context)) {
                         // Execute route handler
@@ -835,8 +830,6 @@ export class Application<TState extends TurnState = TurnState> {
                 // Listen for any messages to be sent from the bot
                 if (timerRunning) {
                     for (let i = 0; i < activities.length; i++) {
-                        // TODO:
-                        // eslint-disable-next-line security/detect-object-injection
                         if (activities[i].type == ActivityTypes.Message) {
                             // Stop the timer
                             this.stopTypingTimer();
@@ -957,8 +950,6 @@ export class Application<TState extends TurnState = TurnState> {
         handlers: ApplicationEventHandler<TState>[]
     ): Promise<boolean> {
         for (let i = 0; i < handlers.length; i++) {
-            // TODO:
-            // eslint-disable-next-line security/detect-object-injection
             const continueExecution = await handlers[i](context, state);
             if (!continueExecution) {
                 return false;
@@ -991,7 +982,6 @@ export class Application<TState extends TurnState = TurnState> {
                     try {
                         // Copy original activity to new context
                         for (const key in context.activity) {
-                            // eslint-disable-next-line security/detect-object-injection
                             (ctx.activity as any)[key] = (context.activity as any)[key];
                         }
 

diff --git a/js/packages/teams-ai/src/TaskModules.ts b/js/packages/teams-ai/src/TaskModules.ts
@@ -337,14 +337,7 @@ function createTaskSelector(
             const isTeams = context.activity.channelId == Channels.Msteams;
             const isInvoke = context?.activity?.type == ActivityTypes.Invoke && context?.activity?.name == invokeName;
             const data = context?.activity?.value?.data;
-            if (
-                isInvoke &&
-                isTeams &&
-                typeof data == 'object' &&
-                // eslint-disable-next-line security/detect-object-injection
-                typeof data[filterField] == 'string'
-            ) {
-                // eslint-disable-next-line security/detect-object-injection
+            if (isInvoke && isTeams && typeof data == 'object' && typeof data[filterField] == 'string') {
                 return Promise.resolve(verb.test(data[filterField]));
             } else {
                 return Promise.resolve(false);
@@ -355,10 +348,7 @@ function createTaskSelector(
         return (context: TurnContext) => {
             const isInvoke = context?.activity?.type == ActivityTypes.Invoke && context?.activity?.name == invokeName;
             const data = context?.activity?.value?.data;
-            return Promise.resolve(
-                // eslint-disable-next-line security/detect-object-injection
-                isInvoke && typeof data == 'object' && data[filterField] == verb
-            );
+            return Promise.resolve(isInvoke && typeof data == 'object' && data[filterField] == verb);
         };
     }
 }
diff --git a/js/packages/teams-ai/src/TeamsAdapter.spec.ts b/js/packages/teams-ai/src/TeamsAdapter.spec.ts
@@ -16,7 +16,7 @@ describe('TeamsAdapter', () => {
         sandbox = sinon.createSandbox();
         adapter = new TeamsAdapter();
 
-        app.post('/api/messages', async (req, res) => {
+        app.post('/api/messages', async (req: any, res: any) => {
             await adapter.process(req, res, async () => {});
         });
 

diff --git a/js/packages/teams-ai/src/TurnStateProperty.ts b/js/packages/teams-ai/src/TurnStateProperty.ts
@@ -1,4 +1,3 @@
-/* eslint-disable security/detect-object-injection */
 /**
  * @module teams-ai
  */

diff --git a/js/packages/teams-ai/src/authentication/Authentication.ts b/js/packages/teams-ai/src/authentication/Authentication.ts
@@ -1,4 +1,3 @@
-/* eslint-disable security/detect-object-injection */
 /**
  * @module teams-ai
  */

diff --git a/js/packages/teams-ai/src/authentication/BotAuthenticationBase.spec.ts b/js/packages/teams-ai/src/authentication/BotAuthenticationBase.spec.ts
@@ -1,4 +1,3 @@
-/* eslint-disable security/detect-object-injection */
 import assert from 'assert';
 import { TurnState } from '../TurnState';
 import {

diff --git a/js/packages/teams-ai/src/authentication/BotAuthenticationBase.ts b/js/packages/teams-ai/src/authentication/BotAuthenticationBase.ts
@@ -1,4 +1,3 @@
-/* eslint-disable security/detect-object-injection */
 import { DialogState, DialogTurnResult, DialogTurnStatus } from 'botbuilder-dialogs';
 import { TurnState } from '../TurnState';
 import { Application } from '../Application';

diff --git a/js/packages/teams-ai/src/authentication/OAuthBotAuthentication.spec.ts b/js/packages/teams-ai/src/authentication/OAuthBotAuthentication.spec.ts
@@ -1,4 +1,3 @@
-/* eslint-disable security/detect-object-injection */
 import { Activity, MemoryStorage, TestAdapter, TurnContext } from 'botbuilder';
 import { Application, RouteSelector } from '../Application';
 import { DialogSet, DialogState, DialogTurnResult, DialogTurnStatus, OAuthPrompt } from 'botbuilder-dialogs';

diff --git a/js/packages/teams-ai/src/moderators/AzureContentSafetyModerator.ts b/js/packages/teams-ai/src/moderators/AzureContentSafetyModerator.ts
@@ -1,6 +1,3 @@
-// TODO: Remove these lines once the linting issues are resolved:
-/* eslint-disable jsdoc/require-returns */
-/* eslint-disable security/detect-object-injection */
 /**
  * @module teams-ai
  */

diff --git a/js/packages/teams-ai/src/moderators/OpenAIModerator.ts b/js/packages/teams-ai/src/moderators/OpenAIModerator.ts
@@ -1,4 +1,3 @@
-/* eslint-disable security/detect-object-injection */
 /**
  * @module teams-ai
  */

diff --git a/js/samples/01.messaging.a.echoBot/.eslintrc b/js/samples/01.messaging.a.echoBot/.eslintrc
@@ -14,8 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": [

diff --git a/js/samples/02.messageExtensions.a.searchCommand/.eslintrc b/js/samples/02.messageExtensions.a.searchCommand/.eslintrc
@@ -14,8 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": [

diff --git a/js/samples/03.adaptiveCards.a.typeAheadBot/.eslintrc b/js/samples/03.adaptiveCards.a.typeAheadBot/.eslintrc
@@ -14,8 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": [

diff --git a/js/samples/03.adaptiveCards.a.typeAheadBot/src/index.ts b/js/samples/03.adaptiveCards.a.typeAheadBot/src/index.ts
@@ -75,7 +75,6 @@ app.conversationUpdate('membersAdded', async (context, _state) => {
     const membersAdded = context.activity.membersAdded || [];
     for (let member = 0; member < membersAdded.length; member++) {
         // Ignore the bot joining the conversation
-        // eslint-disable-next-line security/detect-object-injection
         if (membersAdded[member].id !== context.activity.recipient.id) {
             await context.sendActivity(
                 `Hello and welcome! With this sample you can see the functionality of static and dynamic search in adaptive card`

diff --git a/js/samples/04.ai.a.teamsChefBot/.eslintrc b/js/samples/04.ai.a.teamsChefBot/.eslintrc
@@ -14,8 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": [

diff --git a/js/samples/04.ai.a.teamsChefBot/index/teams-ai/61ca821a-da4f-4879-9085-543f00557900.txt b/js/samples/04.ai.a.teamsChefBot/index/teams-ai/61ca821a-da4f-4879-9085-543f00557900.txt
@@ -1,4 +1,3 @@
-/* eslint-disable security/detect-object-injection */
 /**
  * @module teams-ai
  */

diff --git a/js/samples/04.ai.b.messageExtensions.AI-ME/.eslintrc b/js/samples/04.ai.b.messageExtensions.AI-ME/.eslintrc
@@ -14,8 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": [

diff --git a/js/samples/04.ai.c.actionMapping.lightBot/.eslintrc b/js/samples/04.ai.c.actionMapping.lightBot/.eslintrc
@@ -14,8 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": [

diff --git a/js/samples/04.ai.c.actionMapping.lightBot/src/responses.ts b/js/samples/04.ai.c.actionMapping.lightBot/src/responses.ts
@@ -80,6 +80,5 @@ export function offTopic(): string {
  */
 function getRandomResponse(responses: string[]): string {
     const i = Math.floor(Math.random() * (responses.length - 1));
-    // eslint-disable-next-line security/detect-object-injection
     return responses[i];
 }
diff --git a/js/samples/04.ai.d.chainedActions.listBot/.eslintrc b/js/samples/04.ai.d.chainedActions.listBot/.eslintrc
@@ -14,8 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": [

diff --git a/js/samples/04.ai.d.chainedActions.listBot/src/index.ts b/js/samples/04.ai.d.chainedActions.listBot/src/index.ts
@@ -1,4 +1,3 @@
-/* eslint-disable security/detect-object-injection */
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 

diff --git a/js/samples/04.ai.d.chainedActions.listBot/src/responses.ts b/js/samples/04.ai.d.chainedActions.listBot/src/responses.ts
@@ -53,6 +53,5 @@ export function reset(): string {
  */
 function getRandomResponse(responses: string[]): string {
     const i = Math.floor(Math.random() * (responses.length - 1));
-    // eslint-disable-next-line security/detect-object-injection
     return responses[i];
 }
diff --git a/js/samples/04.ai.e.chainedActions.devOpsBot/.eslintrc b/js/samples/04.ai.e.chainedActions.devOpsBot/.eslintrc
@@ -14,8 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": [

diff --git a/js/samples/04.ai.e.chainedActions.devOpsBot/src/responses.ts b/js/samples/04.ai.e.chainedActions.devOpsBot/src/responses.ts
@@ -143,6 +143,5 @@ export function offTopic(): string {
  */
 function getRandomResponse(responses: string[]): string {
     const i = Math.floor(Math.random() * (responses.length - 1));
-    // eslint-disable-next-line security/detect-object-injection
     return responses[i];
 }
diff --git a/js/samples/04.ai.f.vision.cardGazer/.eslintrc b/js/samples/04.ai.f.vision.cardGazer/.eslintrc
@@ -14,8 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": [

diff --git a/js/samples/04.e.twentyQuestions/.eslintrc b/js/samples/04.e.twentyQuestions/.eslintrc
@@ -14,8 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": [

diff --git a/js/samples/04.e.twentyQuestions/src/responses.ts b/js/samples/04.e.twentyQuestions/src/responses.ts
@@ -366,6 +366,5 @@ export function youLose(secretWord: string): string {
  */
 function getRandomResponse(responses: string[]): string {
     const i = Math.floor(Math.random() * (responses.length - 1));
-    // eslint-disable-next-line security/detect-object-injection
     return responses[i];
 }
diff --git a/js/samples/05.chatModeration/.eslintrc b/js/samples/05.chatModeration/.eslintrc
@@ -14,8 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": [

diff --git a/js/samples/05.chatModeration/src/bot.ts b/js/samples/05.chatModeration/src/bot.ts
@@ -102,7 +102,6 @@ app.conversationUpdate('membersAdded', async (context, state) => {
     const membersAdded = context.activity.membersAdded || [];
     for (let member = 0; member < membersAdded.length; member++) {
         // Ignore the bot joining the conversation
-        // eslint-disable-next-line security/detect-object-injection
         if (membersAdded[member].id !== context.activity.recipient.id) {
             await context.sendActivity(
                 `Hello and welcome! With this sample you can see the functionality of the Content Safety Moderator of Azure Open AI services.`

diff --git a/js/samples/06.assistants.a.mathBot/.eslintrc b/js/samples/06.assistants.a.mathBot/.eslintrc
@@ -14,8 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": [

diff --git a/js/samples/06.assistants.b.orderBot/.eslintrc b/js/samples/06.assistants.b.orderBot/.eslintrc
@@ -14,8 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": [

diff --git a/js/samples/06.auth.oauth.adaptiveCard/.eslintrc b/js/samples/06.auth.oauth.adaptiveCard/.eslintrc
@@ -14,8 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": [

diff --git a/js/samples/06.auth.oauth.bot/.eslintrc b/js/samples/06.auth.oauth.bot/.eslintrc
@@ -14,8 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": [

diff --git a/js/samples/06.auth.oauth.messageExtension/.eslintrc b/js/samples/06.auth.oauth.messageExtension/.eslintrc
@@ -14,8 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": [

diff --git a/js/samples/06.auth.teamsSSO.bot/.eslintrc b/js/samples/06.auth.teamsSSO.bot/.eslintrc
@@ -14,8 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": [

diff --git a/js/samples/06.auth.teamsSSO.messageExtension/.eslintrc b/js/samples/06.auth.teamsSSO.messageExtension/.eslintrc
@@ -14,8 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": [

diff --git a/js/samples/07.whoBot/.eslintrc b/js/samples/07.whoBot/.eslintrc
@@ -14,8 +14,6 @@
         "plugin:import/typescript",
         "plugin:import/recommended",
         "plugin:jsdoc/recommended",
-
-        "plugin:security/recommended",
         "plugin:prettier/recommended" // Recommended to be last
     ],
     "plugins": [