Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug with shadowed variable not being resolved correctly #315

Open
dummdidumm opened this issue Oct 13, 2022 · 5 comments
Open

Bug with shadowed variable not being resolved correctly #315

dummdidumm opened this issue Oct 13, 2022 · 5 comments
Labels
bug Something isn't working

Comments

@dummdidumm
Copy link
Contributor

Analyzing this code

const path = 123;
let binding;
for (const path of ["asd"]) {
        binding = require(path);
}
exports.default = binding;

fails with the error

Failed to resolve dependency 123:
The "path" argument must be of type string. Received type number (123)

It seems that path is resolved to 123 and not to "asd", and it seems that assigning to binding is what triggeres it, because if that is removed, it works.

The real world case where this happens is when analyzing aws-crt
@dummdidumm dummdidumm added the bug Something isn't working label Oct 13, 2022
@dummdidumm dummdidumm mentioned this issue Oct 13, 2022
Closed
@styfle
Copy link
Member

styfle commented Oct 13, 2022

Thanks for reporting!

Would you like to submit a PR with the fix?

@dummdidumm
Copy link
Contributor Author

dummdidumm commented Oct 14, 2022
edited

I looked into it and I'm not sure how to proceed. The problem is the very outdated dependency rollup-pluginutils which now lives under @rollup/pluginutils. Using version 4 (version 5 requires node 14 at the minimum, which is probably too high for this package) of it correctly recognizes the for loop as a new scope. Using that prevents the analyze-code from crashing and therefore the warning from being emitted, but the dependency that is required in the above code snippet isn't added to the list of files. I'm not sure if this is expected, or a different bug.

dummdidumm added a commit that referenced this issue Oct 14, 2022
@dummdidumm
fix: bump rollup pluginutils version
9c41c50 
Part of #315

Bumping the version made a previous workaround of conflicting estree-walker versions unnecessary, but required to bring back a now-deleted type from the package
@dummdidumm dummdidumm mentioned this issue Oct 14, 2022
Merged
styfle pushed a commit that referenced this issue Oct 15, 2022
@dummdidumm
fix: bump rollup pluginutils version (#316)
3c39adf 
Part of #315

This fixes a bug where `attachScopes` didn't detect the new scope inside
the for loop with shadowed variables before, resulting in later code
paths possibly crashing because they expect the dependency to be of type
string. No test added because as noted in #315 this doesn't thix that
issue (if it even is one).

Bumping the version made a previous workaround of conflicting
estree-walker versions unnecessary, but required to bring back a
now-deleted type from the package
@dummdidumm
Copy link
Contributor Author

With #316 merged, is there anything left to do here? The dependency "add" isn't added, and I'm not sure if this is expected behavior or a missing case in static analysis.

@styfle
Copy link
Member

styfle commented Oct 17, 2022
edited

version 5 requires node 14 at the minimum, which is probably too high for this package

We can a target node 14 now that 12 is EOL #318

@iamabhshk
Copy link

To fix this code, you should avoid using the name path for both the loop variable and the constant variable at the beginning. Here's an updated version of the code:

const pathValue = 123;

let binding;
for (const p of ["asd"]) {
    binding = require(p);
}

exports.default = binding;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@styfle @dummdidumm @iamabhshk