no-buffer-constructor
禁止使用 Buffer() 构造函数
该规则在 ESLint v7.0.0 中已弃用。请使用 eslint-plugin-n 中的相应规则。
¥This rule was deprecated in ESLint v7.0.0. Please use the corresponding rule in eslint-plugin-n.
在 Node.js 中,Buffer 构造函数的行为根据其参数的类型而有所不同。将用户输入的参数传递给 Buffer() 而不验证其类型可能会导致安全漏洞,例如远程内存泄露和拒绝服务。因此,Buffer 构造函数已被弃用,不应使用。请改用生产者方法 Buffer.from、Buffer.alloc 和 Buffer.allocUnsafe。
¥In Node.js, the behavior of the Buffer constructor is different depending on the type of its argument. Passing an argument from user input to Buffer() without validating its type can lead to security vulnerabilities such as remote memory disclosure and denial of service. As a result, the Buffer constructor has been deprecated and should not be used. Use the producer methods Buffer.from, Buffer.alloc, and Buffer.allocUnsafe instead.
规则详情
¥Rule Details
此规则不允许调用和构造 Buffer() 构造函数。
¥This rule disallows calling and constructing the Buffer() constructor.
此规则的错误代码示例:
¥Examples of incorrect code for this rule:
/* eslint no-buffer-constructor: error */
new Buffer(5);
new Buffer([1, 2, 3]);
Buffer(5);
Buffer([1, 2, 3]);
new Buffer(res.body.amount);
new Buffer(res.body.values);
此规则的正确代码示例:
¥Examples of correct code for this rule:
/* eslint no-buffer-constructor: error */
Buffer.alloc(5);
Buffer.allocUnsafe(5);
Buffer.from([1, 2, 3]);
Buffer.alloc(res.body.amount);
Buffer.from(res.body.values);
何时不使用
¥When Not To Use It
如果你不使用 Node.js,或者你仍然需要支持缺少 Buffer.from 等方法的 Node.js 版本,则不应启用此规则。
¥If you don’t use Node.js, or you still need to support versions of Node.js that lack methods like Buffer.from, then you should not enable this rule.
版本
此规则是在 ESLint v4.0.0-alpha.0 中引入。