fix(eslint): add eslint-disable comments for security rules in sync-node-tests, enhance, and test-utils

mceachen · mceachen · commit b33289bcd882 · 2026-03-07T17:16:56.000-08:00
diff --git a/scripts/sync-node-tests.ts b/scripts/sync-node-tests.ts
@@ -207,6 +207,7 @@ function adaptTest(content: string, fileName: string): string {
     // Match test('name', ...) or suite('name', ...) with any quote style
     // and transform to test.skip('name', /* reason */ ...) or suite.skip(...)
     adapted = adapted.replace(
+      // eslint-disable-next-line security/detect-non-literal-regexp -- `escaped` is sanitized above
       new RegExp(`(test|suite)\\((['"\`])${escaped}\\2`, "g"),
       `$1.skip($2${name}$2 /* ${reason} */`,
     );
diff --git a/src/enhance.ts b/src/enhance.ts
@@ -195,9 +195,10 @@ function expandRowFromArray(
 ): Record<string, Record<string, unknown>> {
   const result: Record<string, Record<string, unknown>> = {};
   for (let i = 0; i < columnMap.length && i < row.length; i++) {
-    const { table, column } = columnMap[i]!;
+    const { table, column } = columnMap[i]!; // eslint-disable-line security/detect-object-injection
+    // eslint-disable-next-line security/detect-object-injection -- table/column from our own columnMap
     result[table] ??= {};
-    result[table]![column] = row[i];
+    result[table]![column] = row[i]; // eslint-disable-line security/detect-object-injection
   }
   return result;
 }
@@ -214,9 +215,10 @@ function expandRowFromObject(
   const result: Record<string, Record<string, unknown>> = {};
   const keys = Object.keys(row);
   for (let i = 0; i < keys.length && i < columnMap.length; i++) {
-    const { table, column } = columnMap[i]!;
+    const { table, column } = columnMap[i]!; // eslint-disable-line security/detect-object-injection
+    // eslint-disable-next-line security/detect-object-injection -- table/column from our own columnMap
     result[table] ??= {};
-    result[table]![column] = row[keys[i]!];
+    result[table]![column] = row[keys[i]!]; // eslint-disable-line security/detect-object-injection
   }
   return result;
 }
@@ -498,6 +500,7 @@ export function enhance<T extends EnhanceableDatabaseSync>(
   }
 
   // Wrap prepare() to add pluck() to returned statements
+  // eslint-disable-next-line security/detect-object-injection -- ENHANCED_PREPARE is a Symbol
   if (!(db as any)[ENHANCED_PREPARE]) {
     const originalPrepare: any = db.prepare.bind(db);
 
diff --git a/test/common/test-utils.mjs b/test/common/test-utils.mjs
@@ -21,7 +21,7 @@ export const tmpdir = {
     } catch {
       // Ignore errors if directory doesn't exist
     }
-    fs.mkdirSync(testDir, { recursive: true });
+    fs.mkdirSync(testDir, { recursive: true }); // eslint-disable-line security/detect-non-literal-fs-filename
   },
 };
 

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ export const tmpdir = {`
`21`	`21`	`} catch {`
`22`	`22`	`// Ignore errors if directory doesn't exist`
`23`	`23`	`}`
`24`		`- fs.mkdirSync(testDir, { recursive: true });`
	`24`	`+ fs.mkdirSync(testDir, { recursive: true }); // eslint-disable-line security/detect-non-literal-fs-filename`
`25`	`25`	`},`
`26`	`26`	`};`
`27`	`27`