chore: consolidate eslint comments, add justification for disabling

Fdawgs · Oct 8, 2023 · 47c71db · 47c71db
1 parent 937588a
commit 47c71db
Show file tree

Hide file tree

Showing 10 changed files with 12 additions and 13 deletions.
diff --git a/.eslintrc.js b/.eslintrc.js
@@ -52,13 +52,15 @@ module.exports = {
  rules: {
  "@eslint-community/eslint-comments/disable-enable-pair": "off",
  "@eslint-community/eslint-comments/no-unused-disable": "error",
+ "@eslint-community/eslint-comments/require-description": "error",
  "import/no-extraneous-dependencies": "error",
  "jsdoc/check-syntax": "error",
  "jsdoc/require-hyphen-before-param-description": "error",
  "no-multiple-empty-lines": ["error", { max: 1 }],
  "prefer-destructuring": ["error", { object: true, array: false }],
  "promise/prefer-await-to-callbacks": "warn",
  "promise/prefer-await-to-then": "warn",
+ "security/detect-object-injection": "off",
  strict: ["error", "global"],
  },
 };
diff --git a/scripts/license-checker.js b/scripts/license-checker.js
@@ -1,6 +1,3 @@
-/* eslint-disable security/detect-object-injection */
-/* eslint-disable security-node/detect-crlf */
-
 "use strict";
 
 const { promisify } = require("node:util");

diff --git a/src/app.js b/src/app.js
@@ -10,7 +10,7 @@ const getConfig = require("./config");
  */
 async function main() {
  process.on("unhandledRejection", (err) => {
- // eslint-disable-next-line no-console
+ // eslint-disable-next-line no-console -- Pino logger may not be initialised
  console.error(err);
  process.exit(1);
  });

diff --git a/src/config/config.test.js b/src/config/config.test.js
@@ -1,3 +1,5 @@
+/* eslint-disable security/detect-non-literal-fs-filename -- Test filenames are not user-provided */
+
 "use strict";
 
 const { unlink } = require("node:fs/promises");
@@ -17,7 +19,6 @@ describe("Configuration", () => {
  dot: true,
  });
 
- // eslint-disable-next-line security/detect-non-literal-fs-filename
  await Promise.all(files.map((file) => unlink(file)));
  });
 

diff --git a/src/config/index.js b/src/config/index.js
@@ -370,9 +370,9 @@ async function getConfig() {
  if (env.HTTPS_SSL_CERT_PATH && env.HTTPS_SSL_KEY_PATH) {
  try {
  config.fastifyInit.https = {
- // eslint-disable-next-line security/detect-non-literal-fs-filename
+ // eslint-disable-next-line security/detect-non-literal-fs-filename -- Filename not user-provided
  cert: await readFile(normalizeTrim(env.HTTPS_SSL_CERT_PATH)),
- // eslint-disable-next-line security/detect-non-literal-fs-filename
+ // eslint-disable-next-line security/detect-non-literal-fs-filename -- Filename not user-provided
  key: await readFile(normalizeTrim(env.HTTPS_SSL_KEY_PATH)),
  };
  } catch (err) {
@@ -386,7 +386,7 @@ async function getConfig() {
  try {
  config.fastifyInit.https = {
  passphrase: env.HTTPS_PFX_PASSPHRASE,
- // eslint-disable-next-line security/detect-non-literal-fs-filename
+ // eslint-disable-next-line security/detect-non-literal-fs-filename -- Filename not user-provided
  pfx: await readFile(normalizeTrim(env.HTTPS_PFX_FILE_PATH)),
  };
  } catch (err) {

diff --git a/src/plugins/keycloak-access-token/index.js b/src/plugins/keycloak-access-token/index.js
@@ -1,4 +1,4 @@
-/* eslint-disable jsdoc/require-param-description */
+/* eslint-disable jsdoc/require-param-description -- Params are self-explanatory */
 
 "use strict";
 

diff --git a/src/routes/redirect/index.js b/src/routes/redirect/index.js
@@ -61,7 +61,7 @@ async function route(server, options) {
  */
  const espUrl = options.redirectUrl + qs.stringify(req.query);
  server.log.debug(espUrl);
- // eslint-disable-next-line security-node/detect-dangerous-redirects
+ // eslint-disable-next-line security-node/detect-dangerous-redirects -- Redirecting to trusted URL
  res.redirect(espUrl);
  },
  });

diff --git a/src/routes/redirect/schema.js b/src/routes/redirect/schema.js
@@ -57,7 +57,7 @@ const redirectGetSchema = {
  ])
  /** @see {@link https://html.spec.whatwg.org/multipage/input.html#valid-e-mail-address | Valid email address pattern} */
  .pattern(
- // eslint-disable-next-line security/detect-unsafe-regex
+ // eslint-disable-next-line security/detect-unsafe-regex -- False positive
  /^https:\/\/sider\.nhs\.uk\/auth\|[\w!#$%&'*+\-./=?^`{|}~]+@[\dA-Za-z](?:[\d\-A-Za-z]{0,61}[\dA-Za-z])?(?:\.[\dA-Za-z](?:[\d\-A-Za-z]{0,61}[\dA-Za-z])?)*$/u
  )
  )

diff --git a/src/server.js b/src/server.js
@@ -168,7 +168,7 @@ async function plugin(server, config) {
  )
 
  // Errors thrown by routes and plugins are caught here
- // eslint-disable-next-line promise/prefer-await-to-callbacks
+ // eslint-disable-next-line promise/prefer-await-to-callbacks -- False positive
  .setErrorHandler(async (err, _req, res) => {
  /**
  * Catch 5xx errors, log them, and return a generic 500

diff --git a/src/server.test.js b/src/server.test.js
@@ -768,7 +768,6 @@ describe("Server deployment", () => {
  });
 
  describe("/redirect route", () => {
- // eslint-disable-next-line jest/no-disabled-tests
  it("Returns HTTP status code 401 if api_key query string param missing", async () => {
  const response = await server.inject({
  method: "GET",