[no-implied-eval] False positive with callback: Function #2358

tosmolka · 2020-08-05T14:06:27Z

Repro

module.exports = {
    "env": {
        "browser": true,
        "es2020": true
    },
    "parser": "@typescript-eslint/parser",
    "parserOptions": {
        "ecmaVersion": 11,
        "sourceType": "module",
        "project": "tsconfig.json"
    },
    "plugins": [
        "@typescript-eslint"
    ],
    "rules": {
        "@typescript-eslint/no-implied-eval": "error"
    }
};

const foo = (callback: Function) => {
    setTimeout(callback, 0);
};

Expected Result
ESLint detects 0 problems

Actual Result
2:16 error Implied eval. Consider passing a function @typescript-eslint/no-implied-eval

✖ 1 problem (1 error, 0 warnings)

Additional Info

Handler argument is parsed as Identifier but isFunctionType() returns for it false.

Versions

package	version
`@typescript-eslint/eslint-plugin`	`3.8.0`
`@typescript-eslint/parser`	`3.8.0`
`TypeScript`	`3.9.7`
`ESLint`	`7.6.0`
`node`	`14.6.0`
`npm`	`6.14.5`

The text was updated successfully, but these errors were encountered:

bradzacher · 2020-08-06T00:40:36Z

Why are you using the Function type here? It's generally recommended that you don't use this type ever, as it has a distinct lack of clarity as to what it means.

The bug here is that the Function symbol is not "function-like", and the Function type has no call-signatures.

If you use something like (...args: any[]) => void instead, then it will work fine.

tosmolka · 2020-08-06T07:42:43Z

Thanks @bradzacher , I don't own the code that is causing those false positives so can't comment on that. My assumption was that the rule should identify calls to setTimeout with string argument and this seemed like a bug.

bradzacher · 2020-08-06T16:53:22Z

This is a bug! The Function type is unique in that in terms of the underlying type data it both is and isn't a function at the same time.

We have to add a special case for it.

Note that this rule doesn't ban string arguments, it instead bans non-functional arguments.

The reason it works that way is because under the hood, functions like setTimeout actually coerce any non-function input to string.

For example

setTimeout([5, 6, 7, 8, "console.log('hihihi')"], 5)

Will coerce the array to a string (5,6,7,8,console.log('hihihi')), and then execute it as JS.
This is actually valid JS (it's a sequence expression) so this will log the string to the console.

Yeah JS is wack sometimes.

tosmolka added package: eslint-plugin Issues related to @typescript-eslint/eslint-plugin triage Waiting for team members to take a look labels Aug 5, 2020

bradzacher added bug Something isn't working and removed triage Waiting for team members to take a look labels Aug 6, 2020

soobing mentioned this issue Aug 29, 2020

fix(eslint-plugin): [no-implied-eval] handle the Function type #2435

Merged

bradzacher closed this as completed in #2435 Sep 14, 2020

github-actions bot locked as resolved and limited conversation to collaborators Oct 15, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[no-implied-eval] False positive with callback: Function #2358

[no-implied-eval] False positive with callback: Function #2358

tosmolka commented Aug 5, 2020

bradzacher commented Aug 6, 2020

tosmolka commented Aug 6, 2020

bradzacher commented Aug 6, 2020 •

edited

Loading

[no-implied-eval] False positive with callback: Function #2358

[no-implied-eval] False positive with callback: Function #2358

Comments

tosmolka commented Aug 5, 2020

bradzacher commented Aug 6, 2020

tosmolka commented Aug 6, 2020

bradzacher commented Aug 6, 2020 • edited Loading

bradzacher commented Aug 6, 2020 •

edited

Loading