fix: program crashes in no-unsafe-values (#194)

lumirlumir · web-flow · commit 8a536d2ae1db · 2025-12-27T19:02:16.000+05:30
diff --git a/.gitignore b/.gitignore
@@ -67,5 +67,10 @@ package-lock.json
 # Build
 src/build
 
+# Local test files
+test.json
+test.jsonc
+test.json5
+
 # Automatically generated files by GitHub Actions workflow
 /.shared-workflows
diff --git a/eslint.config.js b/eslint.config.js
@@ -103,4 +103,18 @@ export default defineConfig([
 		language: "json/json",
 		extends: ["json/recommended"],
 	},
+	{
+		name: "json/jsonc",
+		plugins: { json },
+		files: ["**/*.jsonc"],
+		language: "json/jsonc",
+		extends: ["json/recommended"],
+	},
+	{
+		name: "json/json5",
+		plugins: { json },
+		files: ["**/*.json5"],
+		language: "json/json5",
+		extends: ["json/recommended"],
+	},
 ]);
diff --git a/src/rules/no-unsafe-values.js b/src/rules/no-unsafe-values.js
@@ -21,10 +21,14 @@
  * This rule is based on the JSON grammar from RFC 8259, section 6.
  * https://tools.ietf.org/html/rfc8259#section-6
  *
+ * Also, this rule is based on the JSON5 grammar from json5.org, section 6.
+ * https://spec.json5.org/#numbers
+ *
  * We separately capture the integer and fractional parts of a number, so that
  * we can check for unsafe numbers that will evaluate to Infinity.
  */
-const NUMBER = /^-?(?<int>0|([1-9]\d*))(?:\.(?<frac>\d+))?(?:e[+-]?\d+)?$/iu;
+const NUMBER =
+	/^[+-]?(?<int>0|([1-9]\d*))?(?:\.(?<frac>\d*))?(?:e[+-]?\d+)?$/iu;
 const NON_ZERO = /[1-9]/u;
 
 //-----------------------------------------------------------------------------
@@ -71,7 +75,10 @@ const rule = {
 						// fraction or non-zero part before the e-, this is a very small
 						// number that doesn't fit inside an f64.
 						const match = value.match(NUMBER);
-						// assert(match, "If the regex is right, match is always truthy")
+
+						if (match === null) {
+							return;
+						}
 
 						// If any part of the number other than the exponent has a
 						// non-zero digit in it, this number was not intended to be
@@ -99,7 +106,7 @@ const rule = {
 							});
 						}
 					} else {
-						// Floating point.  Check for subnormal.
+						// Floating point. Check for subnormal.
 						const buffer = new ArrayBuffer(8);
 						const view = new DataView(buffer);
 						view.setFloat64(0, node.value, false);
@@ -128,8 +135,11 @@ const rule = {
 				// match any low surrogate not already matched
 				const surrogatePattern =
 					/[\uD800-\uDBFF][\uDC00-\uDFFF]?|[\uDC00-\uDFFF]/gu;
-				let match = surrogatePattern.exec(node.value);
-				while (match) {
+
+				/** @type {RegExpExecArray | null} */
+				let match;
+
+				while ((match = surrogatePattern.exec(node.value)) !== null) {
 					// only need to report non-paired surrogates
 					if (match[0].length < 2) {
 						context.report({
@@ -143,7 +153,6 @@ const rule = {
 							},
 						});
 					}
-					match = surrogatePattern.exec(node.value);
 				}
 			},
 		};
diff --git a/tests/rules/no-unsafe-values.test.js b/tests/rules/no-unsafe-values.test.js
@@ -38,6 +38,38 @@ ruleTester.run("no-unsafe-values", rule, {
 		"0.00000",
 		"0e0000000",
 		"0.00000e0000",
+		{
+			code: "0x0",
+			language: "json/json5",
+		},
+		{
+			code: "0X0",
+			language: "json/json5",
+		},
+		{
+			code: "+0x0",
+			language: "json/json5",
+		},
+		{
+			code: "+0X0",
+			language: "json/json5",
+		},
+		{
+			code: "-0x0",
+			language: "json/json5",
+		},
+		{
+			code: "-0X0",
+			language: "json/json5",
+		},
+		{
+			code: ".0",
+			language: "json/json5",
+		},
+		{
+			code: "0.",
+			language: "json/json5",
+		},
 	],
 	invalid: [
 		{
@@ -155,6 +187,37 @@ ruleTester.run("no-unsafe-values", rule, {
 				},
 			],
 		},
+		{
+			code: "1E-400",
+			errors: [
+				{
+					messageId: "unsafeZero",
+					data: {
+						value: "1E-400",
+					},
+					line: 1,
+					column: 1,
+					endLine: 1,
+					endColumn: 7,
+				},
+			],
+		},
+		{
+			code: "+1e-400",
+			language: "json/json5",
+			errors: [
+				{
+					messageId: "unsafeZero",
+					data: {
+						value: "+1e-400",
+					},
+					line: 1,
+					column: 1,
+					endLine: 1,
+					endColumn: 8,
+				},
+			],
+		},
 		{
 			code: "-1e-400",
 			errors: [
@@ -185,6 +248,53 @@ ruleTester.run("no-unsafe-values", rule, {
 				},
 			],
 		},
+		{
+			code: "+0.01e-400",
+			language: "json/json5",
+			errors: [
+				{
+					messageId: "unsafeZero",
+					data: {
+						value: "+0.01e-400",
+					},
+					line: 1,
+					column: 1,
+					endLine: 1,
+					endColumn: 11,
+				},
+			],
+		},
+		{
+			code: "-0.01e-400",
+			errors: [
+				{
+					messageId: "unsafeZero",
+					data: {
+						value: "-0.01e-400",
+					},
+					line: 1,
+					column: 1,
+					endLine: 1,
+					endColumn: 11,
+				},
+			],
+		},
+		{
+			code: ".01e-400",
+			language: "json/json5",
+			errors: [
+				{
+					messageId: "unsafeZero",
+					data: {
+						value: ".01e-400",
+					},
+					line: 1,
+					column: 1,
+					endLine: 1,
+					endColumn: 9,
+				},
+			],
+		},
 		{
 			code: "-10.2e-402",
 			errors: [
@@ -200,6 +310,38 @@ ruleTester.run("no-unsafe-values", rule, {
 				},
 			],
 		},
+		{
+			code: "+10.e-402",
+			language: "json/json5",
+			errors: [
+				{
+					messageId: "unsafeZero",
+					data: {
+						value: "+10.e-402",
+					},
+					line: 1,
+					column: 1,
+					endLine: 1,
+					endColumn: 10,
+				},
+			],
+		},
+		{
+			code: "-10.e-402",
+			language: "json/json5",
+			errors: [
+				{
+					messageId: "unsafeZero",
+					data: {
+						value: "-10.e-402",
+					},
+					line: 1,
+					column: 1,
+					endLine: 1,
+					endColumn: 10,
+				},
+			],
+		},
 		{
 			code: `0.${"0".repeat(400)}1`,
 			errors: [
