npm - @eagleoutice/flowr - Versions diffs - 2.9.14 → 2.10.2 - Mend

@eagleoutice/flowr 2.9.14 → 2.10.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (214) hide show

package/dataflow/internal/process/functions/call/common.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import { type DataflowInformation } from '../../../../info';
 import { type DataflowProcessorInformation } from '../../../../processor';
 import type { RNode } from '../../../../../r-bridge/lang-4.x/ast/model/model';
 import type { ParentInformation } from '../../../../../r-bridge/lang-4.x/ast/model/processing/decorate';
-import { EmptyArgument, type RFunctionArgument } from '../../../../../r-bridge/lang-4.x/ast/model/nodes/r-function-call';
+import { EmptyArgument, type PotentiallyEmptyRArgument } from '../../../../../r-bridge/lang-4.x/ast/model/nodes/r-function-call';
 import type { DataflowGraph, FunctionArgument } from '../../../../graph/graph';
 import type { NodeId } from '../../../../../r-bridge/lang-4.x/ast/model/processing/node-id';
 import type { REnvironmentInformation } from '../../../../environments/environment';
@@ -15,7 +15,7 @@ export interface ForceArguments {
 }
 export interface ProcessAllArgumentInput<OtherInfo> extends ForceArguments {
     readonly functionName: DataflowInformation;
-    readonly args: readonly (RNode<OtherInfo & ParentInformation> | RFunctionArgument<OtherInfo & ParentInformation>)[];
+    readonly args: readonly (RNode<OtherInfo & ParentInformation> | PotentiallyEmptyRArgument<OtherInfo & ParentInformation>)[];
     readonly data: DataflowProcessorInformation<OtherInfo & ParentInformation>;
     readonly finalGraph: DataflowGraph;
     readonly functionRootId: NodeId;

package/dataflow/internal/process/functions/call/common.js CHANGED Viewed

@@ -69,6 +69,7 @@ function convertFnArgument(arg) {
     else {
         return {
             nodeId: arg.info.id,
+            valueId: arg.value?.info.id,
             name: arg.name.content,
             cds: undefined,
             type: identifier_1.ReferenceType.Argument
@@ -88,15 +89,16 @@ function processAllArguments({ functionName, args, data, finalGraph, functionRoo
     let i = -1;
     for (const arg of args) {
         i++;
+        data = { ...data, environment: argEnv };
         data = patchData?.(data, i) ?? data;
         if (arg === r_function_call_1.EmptyArgument) {
             callArgs.push(r_function_call_1.EmptyArgument);
             processedArguments.push(undefined);
             continue;
         }
-        const processed = (0, processor_1.processDataflowFor)(arg, { ...data, environment: argEnv });
+        const processed = (0, processor_1.processDataflowFor)(arg, data);
         if (r_argument_1.RArgument.isWithValue(arg) && (forceArgs === 'all' || forceArgs[i]) && !model_1.RConstant.is(arg.value)) {
-            forceVertexArgumentValueReferences(functionRootId, processed, processed.graph, argEnv);
+            forceVertexArgumentValueReferences(functionRootId, processed, processed.graph, data.environment);
         }
         processedArguments.push(processed);
         finalEnv = (0, overwrite_1.overwriteEnvironment)(finalEnv, processed.environment);
@@ -107,7 +109,7 @@ function processAllArguments({ functionName, args, data, finalGraph, functionRoo
                 // check if it is called directly
                 const inId = ingoing.nodeId;
                 const refType = finalGraph.getVertex(inId)?.tag === vertex_1.VertexType.FunctionCall ? identifier_1.ReferenceType.Function : identifier_1.ReferenceType.Unknown;
-                const tryToResolve = ingoing.name ? (0, resolve_by_name_1.resolveByName)(ingoing.name, argEnv, refType) : undefined;
+                const tryToResolve = ingoing.name ? (0, resolve_by_name_1.resolveByName)(ingoing.name, data.environment, refType) : undefined;
                 if (tryToResolve === undefined) {
                     remainingReadInArgs.push(ingoing);
                 }
@@ -134,7 +136,7 @@ function processAllArguments({ functionName, args, data, finalGraph, functionRoo
             callArgs.push({ nodeId: processed.entryPoint, cds: undefined, type: identifier_1.ReferenceType.Argument });
         }
         else {
-            callArgs.push({ nodeId: processed.entryPoint, name: arg.name.content, cds: undefined, type: identifier_1.ReferenceType.Argument });
+            callArgs.push({ nodeId: processed.entryPoint, valueId: arg.value?.info.id, name: arg.name.content, cds: undefined, type: identifier_1.ReferenceType.Argument });
         }
         finalGraph.addEdge(functionRootId, processed.entryPoint, edge_1.EdgeType.Argument);
     }

package/dataflow/internal/process/functions/call/known-call-handling.d.ts CHANGED Viewed

@@ -3,7 +3,7 @@ import type { DataflowInformation } from '../../../../info';
 import { type ForceArguments } from './common';
 import type { RSymbol } from '../../../../../r-bridge/lang-4.x/ast/model/nodes/r-symbol';
 import type { ParentInformation } from '../../../../../r-bridge/lang-4.x/ast/model/processing/decorate';
-import type { RFunctionArgument } from '../../../../../r-bridge/lang-4.x/ast/model/nodes/r-function-call';
+import type { PotentiallyEmptyRArgument } from '../../../../../r-bridge/lang-4.x/ast/model/nodes/r-function-call';
 import type { NodeId } from '../../../../../r-bridge/lang-4.x/ast/model/processing/node-id';
 import type { RNode } from '../../../../../r-bridge/lang-4.x/ast/model/model';
 import { type IdentifierReference } from '../../../../environments/identifier';
@@ -14,7 +14,7 @@ export interface ProcessKnownFunctionCallInput<OtherInfo> extends ForceArguments
     /** The name of the function being called. */
     readonly name: RSymbol<OtherInfo & ParentInformation>;
     /** The arguments to the function call. */
-    readonly args: readonly (RNode<OtherInfo & ParentInformation> | RFunctionArgument<OtherInfo & ParentInformation>)[];
+    readonly args: readonly (RNode<OtherInfo & ParentInformation> | PotentiallyEmptyRArgument<OtherInfo & ParentInformation>)[];
     /** The node ID to use for the function call vertex. */
     readonly rootId: NodeId;
     /** The dataflow processor information at the point of the function call. */

package/dataflow/internal/process/functions/call/named-call-handling.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import type { DataflowProcessorInformation } from '../../../../processor';
 import { DataflowInformation } from '../../../../info';
 import type { ParentInformation } from '../../../../../r-bridge/lang-4.x/ast/model/processing/decorate';
-import type { RFunctionArgument } from '../../../../../r-bridge/lang-4.x/ast/model/nodes/r-function-call';
+import type { PotentiallyEmptyRArgument } from '../../../../../r-bridge/lang-4.x/ast/model/nodes/r-function-call';
 import type { RSymbol } from '../../../../../r-bridge/lang-4.x/ast/model/nodes/r-symbol';
 import type { NodeId } from '../../../../../r-bridge/lang-4.x/ast/model/processing/node-id';
 import type { DataflowGraph } from '../../../../graph/graph';
@@ -13,4 +13,4 @@ export declare function markAsOnlyBuiltIn(graph: DataflowGraph, rootId: NodeId):
  * Processes a named function call within the dataflow analysis.
  * For example, `myFunction(arg1, arg2)`, resolves against the environment.
  */
-export declare function processNamedCall<OtherInfo>(name: RSymbol<OtherInfo & ParentInformation>, args: readonly RFunctionArgument<OtherInfo & ParentInformation>[], rootId: NodeId, data: DataflowProcessorInformation<OtherInfo & ParentInformation>): DataflowInformation;
+export declare function processNamedCall<OtherInfo>(name: RSymbol<OtherInfo & ParentInformation>, args: readonly PotentiallyEmptyRArgument<OtherInfo & ParentInformation>[], rootId: NodeId, data: DataflowProcessorInformation<OtherInfo & ParentInformation>): DataflowInformation;

package/dataflow/internal/process/functions/process-parameter.js CHANGED Viewed

@@ -23,7 +23,7 @@ function processFunctionParameter(parameter, data) {
     for (const writtenNode of writtenNodes) {
         const wid = writtenNode.nodeId;
         (0, log_1.expensiveTrace)(log_1.log, () => `parameter ${writtenNode.name} (${wid}) is defined at id ${writtenNode.definedAt} with ${defaultValue === undefined ? 'no default value' : ' a default value'}`);
-        graph.setDefinitionOfVertex(writtenNode);
+        graph.setDefinitionOfVertex(writtenNode, defaultValue?.entryPoint ? [defaultValue?.entryPoint] : []);
         environment = (0, define_1.define)(writtenNode, false, environment);
         if (defaultValue !== undefined) {
             if (r_function_definition_1.RFunctionDefinition.is(parameter.defaultValue)) {

package/documentation/doc-readme.js CHANGED Viewed

@@ -282,7 +282,8 @@ We welcome every contribution! Please check out the ${ctx.linkPage('wiki/Onboard
 *flowr* is actively developed by [Florian Sihler](https://eagleoutice.github.io/portfolio/) and (since October 1st 2025) [Oliver Gerstl](https://www.linkedin.com/in/oliver-gerstl) under the
 [GPLv3 License](LICENSE).\\
-It is partially supported by the German Research Foundation (DFG) under the grant [504226141](https://gepris.dfg.de/gepris/projekt/504226141) ("CodeInspector").
+It is partially supported by the German Research Foundation (DFG) under the grant [504226141](https://gepris.dfg.de/gepris/projekt/504226141) ("CodeInspector")
+and received an unrestricted gift from [Posit](https://posit.co/), the open-source data science company.
 ----

package/documentation/wiki-absint.js CHANGED Viewed

@@ -4,15 +4,16 @@ exports.WikiAbsint = void 0;
 const absint_visitor_1 = require("../abstract-interpretation/absint-visitor");
 const abstract_domain_1 = require("../abstract-interpretation/domains/abstract-domain");
 const interval_domain_1 = require("../abstract-interpretation/domains/interval-domain");
+const lattice_1 = require("../abstract-interpretation/domains/lattice");
 const state_abstract_domain_1 = require("../abstract-interpretation/domains/state-abstract-domain");
 const semantic_cfg_guided_visitor_1 = require("../control-flow/semantic-cfg-guided-visitor");
+const identifier_1 = require("../dataflow/environments/identifier");
 const cfg_kind_1 = require("../project/cfg-kind");
 const flowr_analyzer_builder_1 = require("../project/flowr-analyzer-builder");
 const r_function_call_1 = require("../r-bridge/lang-4.x/ast/model/nodes/r-function-call");
 const doc_code_1 = require("./doc-util/doc-code");
 const doc_structure_1 = require("./doc-util/doc-structure");
 const doc_maker_1 = require("./wiki-mk/doc-maker");
-const identifier_1 = require("../dataflow/environments/identifier");
 class IntervalInferenceVisitor extends absint_visitor_1.AbstractInterpretationVisitor {
     onNumberConstant({ vertex, node }) {
         super.onNumberConstant({ vertex, node });
@@ -51,12 +52,12 @@ async function inferIntervals() {
     const dfg = (await analyzer.dataflow()).graph;
     const cfg = await analyzer.controlflow(undefined, cfg_kind_1.CfgKind.NoFunctionDefs);
     const ctx = analyzer.inspectContext();
-    const inference = new IntervalInferenceVisitor({ controlFlow: cfg, dfg: dfg, normalizedAst: ast, ctx: ctx });
+    const inference = new IntervalInferenceVisitor({ controlFlow: cfg, dfg: dfg, normalizedAst: ast, ctx: ctx }, interval_domain_1.IntervalDomain.top());
     inference.start();
     const result = inference.getEndState();
-    return result.value.entries().toArray()
+    return result.isValue() ? result.value.entries().toArray()
         .map(([id, value]) => `${nodeIdToSlicingCriterion(id, ast.idMap)} -> ${value.toString()}`)
-        .join('\n');
+        .join('\n') : lattice_1.BottomSymbol;
 }
 function nodeIdToSlicingCriterion(id, idMap) {
     const node = idMap.get(id);
@@ -135,7 +136,7 @@ If we now want to run the interval inference, we can write the following code:
 ${ctx.code(inferIntervals, { dropLinesStart: 1, dropLinesEnd: 5 })}
-We first need a ${ctx.linkPage('wiki/Analyzer', 'flowR analyzer')} (in this case, using the ${ctx.linkPage('wiki/Engines', 'tree-sitter engine')}). In this example, we want to analyze a small example code that assigns \`42\` to the variable \`x\`, randomly assigns \`6\` or \`12\` to the variable \`y\`, and assignes the sum of \`x\` and \`y\` to the variable \`z\`. For the abstract interpretation visitor, we need to retrieve the ${ctx.linkPage('wiki/Normalized AST', 'normalized AST')}, ${ctx.linkPage('wiki/Dataflow Graph', 'dataflow graph')}, ${ctx.linkPage('wiki/Control Flow Graph', 'control flow graph')}, and context of the flowR anaylzer. For performance reasons, we construct the control flow graph without simplification passes, data flow information, and function definitions. We then create a new ${ctx.link(IntervalInferenceVisitor)} using the control flow graph, dataflow graph, normalized AST, and analyzer context, and start the visitor using ${ctx.linkM(absint_visitor_1.AbstractInterpretationVisitor, 'start', { hideClass: true })}. After the visitor is finished, we retrieve the inferred abstract state at the end of the program using ${ctx.linkM(absint_visitor_1.AbstractInterpretationVisitor, 'getEndState', { hideClass: true })}.
+We first need a ${ctx.linkPage('wiki/Analyzer', 'flowR analyzer')} (in this case, using the ${ctx.linkPage('wiki/Engines', 'tree-sitter engine')}). In this example, we want to analyze a small example code that assigns \`42\` to the variable \`x\`, randomly assigns \`6\` or \`12\` to the variable \`y\`, and assignes the sum of \`x\` and \`y\` to the variable \`z\`. For the abstract interpretation visitor, we need to retrieve the ${ctx.linkPage('wiki/Normalized AST', 'normalized AST')}, ${ctx.linkPage('wiki/Dataflow Graph', 'dataflow graph')}, ${ctx.linkPage('wiki/Control Flow Graph', 'control flow graph')}, context of the flowR anaylzer, and provide a value domain for the state domain. For performance reasons, we construct the control flow graph without simplification passes, data flow information, and function definitions. We then create a new ${ctx.link(IntervalInferenceVisitor)} using the control flow graph, dataflow graph, normalized AST, and analyzer context, and start the visitor using ${ctx.linkM(absint_visitor_1.AbstractInterpretationVisitor, 'start', { hideClass: true })}. After the visitor is finished, we retrieve the inferred abstract state at the end of the program using ${ctx.linkM(absint_visitor_1.AbstractInterpretationVisitor, 'getEndState', { hideClass: true })}.
 If we now print the inferred abstract state at the end of the program, we get the following output:

package/documentation/wiki-analyzer.js CHANGED Viewed

@@ -355,8 +355,6 @@ ${ctx.link(flowr_analyzer_context_1.contextFromSources)} to create a context fro
 If for whatever reason you need to reset the context during an analysis, you can use
 ${ctx.linkM(flowr_analyzer_context_1.FlowrAnalyzerContext, 'reset')}.
-To pre-compute all possible information in the context before starting the main analysis, you can use
-${ctx.linkM(flowr_analyzer_context_1.FlowrAnalyzerContext, 'resolvePreAnalysis')}.
 ${(0, doc_structure_1.section)('Files Context', 3)}

package/documentation/wiki-linter.js CHANGED Viewed

@@ -123,6 +123,12 @@ df[6, "value"]
     rule(knownParser, 'dead-code', 'DeadCodeConfig', 'DEAD_CODE', 'lint-dead-code', 'if(TRUE) 1 else 2', tagTypes);
     rule(knownParser, 'useless-loop', 'UselessLoopConfig', 'USELESS_LOOP', 'lint-useless-loop', 'for(i in c(1)) { print(i) }', tagTypes);
     rule(knownParser, 'stop-call', 'StopWithCallConfig', 'STOP_WITH_CALL_ARG', 'lint-stop-call', 'stop(42)', tagTypes);
+    rule(knownParser, 'roxygen-arguments', 'RoxygenArgsConfig', 'ROXYGEN_ARGS', 'lint-roxygen-arguments', '#\' A function with two parameters, but only only one documented\n#\' @param a A variable\nf = function(a, b){return a;}', tagTypes);
+    rule(knownParser, 'problematic-eval', 'ProblematicEvalConfig', 'PROBLEMATIC_EVAL', 'lint-problematic-eval', `
+function(x) {
+	eval(x)
+}
+`, tagTypes);
     function rule(parser, name, configType, ruleType, testfile, example, types) {
         const rule = linter_rules_1.LintingRules[name];
         const tags = rule.info.tags.toSorted((a, b) => {

package/documentation/wiki-normalized-ast.js CHANGED Viewed

@@ -6,7 +6,6 @@ const doc_normalized_ast_1 = require("./doc-util/doc-normalized-ast");
 const doc_files_1 = require("./doc-util/doc-files");
 const doc_cli_option_1 = require("./doc-util/doc-cli-option");
 const doc_structure_1 = require("./doc-util/doc-structure");
-const retriever_1 = require("../r-bridge/retriever");
 const normalized_ast_fold_1 = require("../abstract-interpretation/normalized-ast-fold");
 const flowr_analyzer_1 = require("../project/flowr-analyzer");
 const flowr_analyzer_builder_1 = require("../project/flowr-analyzer-builder");
@@ -17,6 +16,12 @@ const r_binary_op_1 = require("../r-bridge/lang-4.x/ast/model/nodes/r-binary-op"
 const model_1 = require("../r-bridge/lang-4.x/ast/model/model");
 const r_project_1 = require("../r-bridge/lang-4.x/ast/model/nodes/r-project");
 const r_expression_list_1 = require("../r-bridge/lang-4.x/ast/model/nodes/r-expression-list");
+async function simpleNormalizedAst(code) {
+    const analyzer = await new flowr_analyzer_builder_1.FlowrAnalyzerBuilder().build();
+    analyzer.addRequest(code);
+    const result = await analyzer.normalize();
+    return result.ast;
+}
 async function quickNormalizedAstMultipleFiles() {
     const analyzer = await new flowr_analyzer_builder_1.FlowrAnalyzerBuilder()
         .setEngine('tree-sitter')
@@ -141,12 +146,7 @@ The following segments intend to give you an overview of how to work with the no
 As explained alongside the [Interface](${doc_files_1.FlowrWikiBaseRef}/Interface#creating-flowr-analyses) wiki page, you can use an instance of
 ${ctx.link(flowr_analyzer_1.FlowrAnalyzer)} to get the ${ctx.link('NormalizedAst')}:
-${(0, doc_code_1.codeBlock)('ts', `
-async function getAst(code: string): Promise<RNode> {
-    const analyzer = await new FlowrAnalyzerBuilder(${retriever_1.requestFromInput.name}(code.trim())).build();
-    const result = analyzer.normalizedAst();
-    return result.ast;
-}`)}
+${ctx.code(simpleNormalizedAst, { dropLinesStart: 1, dropLinesEnd: 2, hideDefinedAt: true })}
 From the REPL, you can use the ${(0, doc_cli_option_1.getReplCommand)('normalize')} command.

package/linter/linter-rules.d.ts CHANGED Viewed

@@ -202,7 +202,7 @@ export declare const LintingRules: {
         };
     };
     readonly 'dataframe-access-validation': {
-        readonly createSearch: () => import("../search/flowr-search-builder").FlowrSearchBuilder<"all", ["with"], import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, Promise<import("../search/flowr-search").FlowrSearchElements<import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, import("../search/flowr-search").FlowrSearchElement<import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation>[]>>>;
+        readonly createSearch: () => import("../search/flowr-search-builder").FlowrSearchBuilder<"all", [], import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, import("../search/flowr-search").FlowrSearchElements<import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, import("../search/flowr-search").FlowrSearchElement<import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation>[]>>;
         readonly processSearchResult: (elements: import("../search/flowr-search").FlowrSearchElements<import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, import("../search/flowr-search").FlowrSearchElement<import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation>[]>, config: import("./rules/dataframe-access-validation").DataFrameAccessValidationConfig, data: {
             normalize: import("../r-bridge/lang-4.x/ast/model/processing/decorate").NormalizedAst;
             dataflow: import("../dataflow/info").DataflowInformation;
@@ -281,6 +281,31 @@ export declare const LintingRules: {
             };
         };
     };
+    readonly 'problematic-eval': {
+        readonly createSearch: (config: import("./rules/problematic-eval").ProblematicEvalConfig) => import("../search/flowr-search-builder").FlowrSearchBuilder<"from-query", [], import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, import("../search/flowr-search").FlowrSearchElements<import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, import("../search/flowr-search").FlowrSearchElement<import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation>[]>>;
+        readonly processSearchResult: (elements: import("../search/flowr-search").FlowrSearchElements<import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, import("../search/flowr-search").FlowrSearchElement<import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation>[]>, _config: import("./rules/problematic-eval").ProblematicEvalConfig, data: {
+            normalize: import("../r-bridge/lang-4.x/ast/model/processing/decorate").NormalizedAst;
+            dataflow: import("../dataflow/info").DataflowInformation;
+            cfg: import("../control-flow/control-flow-graph").ControlFlowInformation;
+            analyzer: import("../project/flowr-analyzer").ReadonlyFlowrAnalysisProvider;
+        }) => Promise<{
+            results: import("./rules/problematic-eval").ProblematicEvalResult[];
+            ".meta": import("./rules/problematic-eval").ProblematicEvalMetadata;
+        }>;
+        readonly prettyPrint: {
+            readonly query: (result: import("./rules/problematic-eval").ProblematicEvalResult) => string;
+            readonly full: (result: import("./rules/problematic-eval").ProblematicEvalResult) => string;
+        };
+        readonly info: {
+            readonly name: "Problematic eval";
+            readonly description: "Detects uses of eval-like functions whose inputs are not statically constant. Prints the computed input-sources for the eval and flags usages that depend on non-constant/trusted inputs.";
+            readonly tags: readonly [import("./linter-tags").LintingRuleTag.Security, import("./linter-tags").LintingRuleTag.Smell, import("./linter-tags").LintingRuleTag.Readability, import("./linter-tags").LintingRuleTag.Performance];
+            readonly certainty: import("./linter-format").LintingRuleCertainty.BestEffort;
+            readonly defaultConfig: {
+                readonly considerAsEval: "^eval$";
+            };
+        };
+    };
     readonly 'stop-call': {
         readonly createSearch: () => import("../search/flowr-search-builder").FlowrSearchBuilder<"get", ["filter"], import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, Promise<import("../search/flowr-search").FlowrSearchElements<import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, [] | import("../search/flowr-search").FlowrSearchElement<import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation>[]>>>;
         readonly processSearchResult: (elements: import("../search/flowr-search").FlowrSearchElements<import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, import("../search/flowr-search").FlowrSearchElement<import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation>[]>, _config: import("../util/objects").MergeableRecord, { dataflow, analyzer }: {
@@ -304,6 +329,29 @@ export declare const LintingRules: {
             readonly defaultConfig: {};
         };
     };
+    readonly 'roxygen-arguments': {
+        readonly createSearch: () => import("../search/flowr-search-builder").FlowrSearchBuilder<"all", ["filter"], import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, Promise<import("../search/flowr-search").FlowrSearchElements<import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, [] | import("../search/flowr-search").FlowrSearchElement<import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation>[]>>>;
+        readonly processSearchResult: (elements: import("../search/flowr-search").FlowrSearchElements<import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, import("../search/flowr-search").FlowrSearchElement<import("../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation>[]>, _config: import("../util/objects").MergeableRecord, { normalize }: {
+            normalize: import("../r-bridge/lang-4.x/ast/model/processing/decorate").NormalizedAst;
+            dataflow: import("../dataflow/info").DataflowInformation;
+            cfg: import("../control-flow/control-flow-graph").ControlFlowInformation;
+            analyzer: import("../project/flowr-analyzer").ReadonlyFlowrAnalysisProvider;
+        }) => {
+            results: import("ts-essentials").Writable<import("./rules/roxygen-arguments").RoxygenArgsResult>[];
+            '.meta': {};
+        };
+        readonly prettyPrint: {
+            readonly query: (result: import("./rules/roxygen-arguments").RoxygenArgsResult) => string;
+            readonly full: (result: import("./rules/roxygen-arguments").RoxygenArgsResult) => string;
+        };
+        readonly info: {
+            readonly name: "Roxygen Arguments";
+            readonly tags: readonly [import("./linter-tags").LintingRuleTag.Smell, import("./linter-tags").LintingRuleTag.Documentation, import("./linter-tags").LintingRuleTag.Style];
+            readonly certainty: import("./linter-format").LintingRuleCertainty.BestEffort;
+            readonly description: "Checks whether a function has undocumented or overdocumented parameters";
+            readonly defaultConfig: {};
+        };
+    };
 };
 export type LintingRuleNames = keyof typeof LintingRules;
 export type LintingRuleMetadata<Name extends LintingRuleNames> = typeof LintingRules[Name] extends LintingRule<infer _Result, infer Metadata, infer _Config, infer _Info, infer _Elements> ? Metadata : never;

package/linter/linter-rules.js CHANGED Viewed

@@ -12,6 +12,8 @@ const dataframe_access_validation_1 = require("./rules/dataframe-access-validati
 const useless_loop_1 = require("./rules/useless-loop");
 const network_functions_1 = require("./rules/network-functions");
 const stop_with_call_arg_1 = require("./rules/stop-with-call-arg");
+const roxygen_arguments_1 = require("./rules/roxygen-arguments");
+const problematic_eval_1 = require("./rules/problematic-eval");
 /**
  * The registry of currently supported linting rules.
  * A linting rule can be executed on a dataflow pipeline result using {@link executeLintingRule}.
@@ -27,6 +29,8 @@ exports.LintingRules = {
     'dataframe-access-validation': dataframe_access_validation_1.DATA_FRAME_ACCESS_VALIDATION,
     'dead-code': dead_code_1.DEAD_CODE,
     'useless-loop': useless_loop_1.USELESS_LOOP,
-    'stop-call': stop_with_call_arg_1.STOP_WITH_CALL_ARG
+    'problematic-eval': problematic_eval_1.PROBLEMATIC_EVAL,
+    'stop-call': stop_with_call_arg_1.STOP_WITH_CALL_ARG,
+    'roxygen-arguments': roxygen_arguments_1.ROXYGEN_ARGS
 };
 //# sourceMappingURL=linter-rules.js.map

package/linter/rules/dataframe-access-validation.d.ts CHANGED Viewed

@@ -29,7 +29,7 @@ export interface DataFrameAccessValidationMetadata extends MergeableRecord {
     totalAccessed: number;
 }
 export declare const DATA_FRAME_ACCESS_VALIDATION: {
-    readonly createSearch: () => import("../../search/flowr-search-builder").FlowrSearchBuilder<"all", ["with"], ParentInformation, Promise<FlowrSearchElements<ParentInformation, import("../../search/flowr-search").FlowrSearchElement<ParentInformation>[]>>>;
+    readonly createSearch: () => import("../../search/flowr-search-builder").FlowrSearchBuilder<"all", [], ParentInformation, FlowrSearchElements<ParentInformation, import("../../search/flowr-search").FlowrSearchElement<ParentInformation>[]>>;
     readonly processSearchResult: (elements: FlowrSearchElements<ParentInformation, import("../../search/flowr-search").FlowrSearchElement<ParentInformation>[]>, config: DataFrameAccessValidationConfig, data: {
         normalize: import("../../r-bridge/lang-4.x/ast/model/processing/decorate").NormalizedAst;
         dataflow: import("../../dataflow/info").DataflowInformation;

package/linter/rules/dataframe-access-validation.js CHANGED Viewed

@@ -3,18 +3,17 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.DATA_FRAME_ACCESS_VALIDATION = void 0;
 const shape_inference_1 = require("../../abstract-interpretation/data-frame/shape-inference");
 const satisfiable_domain_1 = require("../../abstract-interpretation/domains/satisfiable-domain");
+const config_1 = require("../../config");
+const identifier_1 = require("../../dataflow/environments/identifier");
 const cfg_kind_1 = require("../../project/cfg-kind");
 const type_1 = require("../../r-bridge/lang-4.x/ast/model/type");
 const flowr_search_builder_1 = require("../../search/flowr-search-builder");
-const search_enrichers_1 = require("../../search/search-executor/search-enrichers");
 const logic_1 = require("../../util/logic");
 const range_1 = require("../../util/range");
 const linter_format_1 = require("../linter-format");
 const linter_tags_1 = require("../linter-tags");
-const identifier_1 = require("../../dataflow/environments/identifier");
-const config_1 = require("../../config");
 exports.DATA_FRAME_ACCESS_VALIDATION = {
-    createSearch: () => flowr_search_builder_1.Q.all().with(search_enrichers_1.Enrichment.CallTargets, { onlyBuiltin: true }),
+    createSearch: () => flowr_search_builder_1.Q.all(),
     processSearchResult: async (elements, config, data) => {
         let ctx = data.analyzer.inspectContext();
         ctx = {

package/linter/rules/problematic-eval.d.ts ADDED Viewed

@@ -0,0 +1,44 @@
+import { type LintingResult, LintingRuleCertainty } from '../linter-format';
+import type { MergeableRecord } from '../../util/objects';
+import { SourceLocation } from '../../util/range';
+import { LintingRuleTag } from '../linter-tags';
+import type { InputSources } from '../../queries/catalog/input-sources-query/simple-input-classifier';
+/**
+ * Describes a linting result for a problematic eval usage, including the location of the eval call and the computed input sources that lead to it.
+ */
+export interface ProblematicEvalResult extends LintingResult {
+    loc: SourceLocation;
+    sources: InputSources;
+}
+export interface ProblematicEvalConfig extends MergeableRecord {
+    /**
+     * All calls that should be considered to be valid eval entry points, this will be interpreted as a Regex!
+     */
+    considerAsEval: string;
+}
+export type ProblematicEvalMetadata = MergeableRecord;
+export declare const PROBLEMATIC_EVAL: {
+    readonly createSearch: (config: ProblematicEvalConfig) => import("../../search/flowr-search-builder").FlowrSearchBuilder<"from-query", [], import("../../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, import("../../search/flowr-search").FlowrSearchElements<import("../../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, import("../../search/flowr-search").FlowrSearchElement<import("../../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation>[]>>;
+    readonly processSearchResult: (elements: import("../../search/flowr-search").FlowrSearchElements<import("../../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, import("../../search/flowr-search").FlowrSearchElement<import("../../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation>[]>, _config: ProblematicEvalConfig, data: {
+        normalize: import("../../r-bridge/lang-4.x/ast/model/processing/decorate").NormalizedAst;
+        dataflow: import("../../dataflow/info").DataflowInformation;
+        cfg: import("../../control-flow/control-flow-graph").ControlFlowInformation;
+        analyzer: import("../../project/flowr-analyzer").ReadonlyFlowrAnalysisProvider;
+    }) => Promise<{
+        results: ProblematicEvalResult[];
+        ".meta": ProblematicEvalMetadata;
+    }>;
+    readonly prettyPrint: {
+        readonly query: (result: ProblematicEvalResult) => string;
+        readonly full: (result: ProblematicEvalResult) => string;
+    };
+    readonly info: {
+        readonly name: "Problematic eval";
+        readonly description: "Detects uses of eval-like functions whose inputs are not statically constant. Prints the computed input-sources for the eval and flags usages that depend on non-constant/trusted inputs.";
+        readonly tags: readonly [LintingRuleTag.Security, LintingRuleTag.Smell, LintingRuleTag.Readability, LintingRuleTag.Performance];
+        readonly certainty: LintingRuleCertainty.BestEffort;
+        readonly defaultConfig: {
+            readonly considerAsEval: "^eval$";
+        };
+    };
+};

package/linter/rules/problematic-eval.js ADDED Viewed

@@ -0,0 +1,83 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PROBLEMATIC_EVAL = void 0;
+const linter_format_1 = require("../linter-format");
+const flowr_search_builder_1 = require("../../search/flowr-search-builder");
+const range_1 = require("../../util/range");
+const linter_tags_1 = require("../linter-tags");
+const simple_input_classifier_1 = require("../../queries/catalog/input-sources-query/simple-input-classifier");
+const query_1 = require("../../queries/query");
+const parse_1 = require("../../slicing/criterion/parse");
+/**
+ * Format a list of input sources either as a single-line string (inline) or a block.
+ * - inline: returns a semicolon-separated single-line summary
+ * - block: returns an array of lines (to be joined with newlines by the caller)
+ */
+function formatInputSources(inputs, inline = true) {
+    if (!inputs || inputs.length === 0) {
+        return inline ? '' : [];
+    }
+    if (inline) {
+        return inputs.map(s => `${s.id} (type: ${Array.isArray(s.type) ? '[' + s.type.join(',') + ']' : s.type}, trace: ${s.trace}${s.cds ? ', cds: [' + s.cds.join(',') + ']' : ''})`).join('; ');
+    }
+    return inputs.map(s => `- ${s.id}: type=${Array.isArray(s.type) ? '[' + s.type.join(',') + ']' : s.type}, trace=${s.trace}${s.cds ? ', cds=[' + s.cds.join(',') + ']' : ''}`);
+}
+exports.PROBLEMATIC_EVAL = {
+    /* create a search that finds calls that look like eval-like functions */
+    createSearch: config => flowr_search_builder_1.Q.fromQuery({
+        type: 'call-context',
+        callName: config.considerAsEval,
+        callNameExact: false
+    }),
+    processSearchResult: async (elements, _config, data) => {
+        const results = [];
+        for (const element of elements.getElements()) {
+            const nid = element.node.info.id;
+            // run an input-sources query for this eval-like call
+            const criterion = parse_1.SlicingCriterion.fromId(nid);
+            const q = { type: 'input-sources', criterion };
+            const all = await (0, query_1.executeQueries)({ analyzer: data.analyzer }, [q]);
+            const inputSourcesResult = all['input-sources'];
+            const sources = inputSourcesResult?.results?.[criterion] ?? [];
+            // if any input is not a constant or derived constant, flag it
+            const problematic = sources.some(s => Array.isArray(s.type)
+                ? s.type.some(t => t !== simple_input_classifier_1.InputType.Constant && t !== simple_input_classifier_1.InputType.DerivedConstant)
+                : (s.type !== simple_input_classifier_1.InputType.Constant && s.type !== simple_input_classifier_1.InputType.DerivedConstant));
+            if (problematic) {
+                results.push({
+                    involvedId: nid,
+                    certainty: sources.some(s => Array.isArray(s.type) ? s.type.includes(simple_input_classifier_1.InputType.Unknown) : s.type === simple_input_classifier_1.InputType.Unknown) ? linter_format_1.LintingResultCertainty.Uncertain : linter_format_1.LintingResultCertainty.Certain,
+                    loc: range_1.SourceLocation.fromNode(element.node) ?? range_1.SourceLocation.invalid(),
+                    sources
+                });
+            }
+        }
+        return {
+            results,
+            '.meta': {}
+        };
+    },
+    /* helper to format input sources for pretty printing */
+    prettyPrint: {
+        [linter_format_1.LintingPrettyPrintContext.Query]: result => {
+            const inputs = result.sources ?? [];
+            const srcStr = formatInputSources(inputs, true);
+            return `Use of eval-like function at ${range_1.SourceLocation.format(result.loc)}${srcStr ? `; inputs: ${srcStr}` : ''}`;
+        },
+        [linter_format_1.LintingPrettyPrintContext.Full]: result => {
+            const inputs = result.sources ?? [];
+            const srcLines = formatInputSources(inputs, false);
+            return `Use of eval-like function at ${range_1.SourceLocation.format(result.loc)} is potentially problematic${srcLines.length ? '\nInputs:\n' + srcLines.join('\n') : ''}`;
+        }
+    },
+    info: {
+        name: 'Problematic eval',
+        description: 'Detects uses of eval-like functions whose inputs are not statically constant. Prints the computed input-sources for the eval and flags usages that depend on non-constant/trusted inputs.',
+        tags: [linter_tags_1.LintingRuleTag.Security, linter_tags_1.LintingRuleTag.Smell, linter_tags_1.LintingRuleTag.Readability, linter_tags_1.LintingRuleTag.Performance],
+        certainty: linter_format_1.LintingRuleCertainty.BestEffort,
+        defaultConfig: {
+            considerAsEval: '^eval$'
+        }
+    }
+};
+//# sourceMappingURL=problematic-eval.js.map

package/linter/rules/roxygen-arguments.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import { type LintingResult, LintingRuleCertainty } from '../linter-format';
+import { SourceLocation } from '../../util/range';
+import type { MergeableRecord } from '../../util/objects';
+import { LintingRuleTag } from '../linter-tags';
+import type { Writable } from 'ts-essentials';
+export interface RoxygenArgsResult extends LintingResult {
+    readonly loc: SourceLocation;
+    readonly overDocumented?: string[];
+    readonly underDocumented?: string[];
+}
+export type RoxygenArgsConfig = MergeableRecord;
+export type RoxygenArgsMetadata = MergeableRecord;
+export declare const ROXYGEN_ARGS: {
+    readonly createSearch: () => import("../../search/flowr-search-builder").FlowrSearchBuilder<"all", ["filter"], import("../../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, Promise<import("../../search/flowr-search").FlowrSearchElements<import("../../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, [] | import("../../search/flowr-search").FlowrSearchElement<import("../../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation>[]>>>;
+    readonly processSearchResult: (elements: import("../../search/flowr-search").FlowrSearchElements<import("../../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation, import("../../search/flowr-search").FlowrSearchElement<import("../../r-bridge/lang-4.x/ast/model/processing/decorate").ParentInformation>[]>, _config: MergeableRecord, { normalize }: {
+        normalize: import("../../r-bridge/lang-4.x/ast/model/processing/decorate").NormalizedAst;
+        dataflow: import("../../dataflow/info").DataflowInformation;
+        cfg: import("../../control-flow/control-flow-graph").ControlFlowInformation;
+        analyzer: import("../../project/flowr-analyzer").ReadonlyFlowrAnalysisProvider;
+    }) => {
+        results: Writable<RoxygenArgsResult>[];
+        '.meta': {};
+    };
+    readonly prettyPrint: {
+        readonly query: (result: RoxygenArgsResult) => string;
+        readonly full: (result: RoxygenArgsResult) => string;
+    };
+    readonly info: {
+        readonly name: "Roxygen Arguments";
+        readonly tags: readonly [LintingRuleTag.Smell, LintingRuleTag.Documentation, LintingRuleTag.Style];
+        readonly certainty: LintingRuleCertainty.BestEffort;
+        readonly description: "Checks whether a function has undocumented or overdocumented parameters";
+        readonly defaultConfig: {};
+    };
+};