npm - @grafema/core - Versions diffs - 0.1.0-alpha.1 - Mend

@grafema/core 0.1.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (402) hide show

package/LICENSE +190 -0
package/README.md +76 -0
package/dist/Orchestrator.d.ts +142 -0
package/dist/Orchestrator.d.ts.map +1 -0
package/dist/Orchestrator.js +481 -0
package/dist/api/GraphAPI.d.ts +87 -0
package/dist/api/GraphAPI.d.ts.map +1 -0
package/dist/api/GraphAPI.js +210 -0
package/dist/api/GuaranteeAPI.d.ts +147 -0
package/dist/api/GuaranteeAPI.d.ts.map +1 -0
package/dist/api/GuaranteeAPI.js +288 -0
package/dist/core/ASTWorker.d.ts +133 -0
package/dist/core/ASTWorker.d.ts.map +1 -0
package/dist/core/ASTWorker.js +352 -0
package/dist/core/ASTWorkerPool.d.ts +85 -0
package/dist/core/ASTWorkerPool.d.ts.map +1 -0
package/dist/core/ASTWorkerPool.js +207 -0
package/dist/core/AnalysisQueue.d.ts +104 -0
package/dist/core/AnalysisQueue.d.ts.map +1 -0
package/dist/core/AnalysisQueue.js +299 -0
package/dist/core/AnalysisWorker.d.ts +14 -0
package/dist/core/AnalysisWorker.d.ts.map +1 -0
package/dist/core/AnalysisWorker.js +307 -0
package/dist/core/GraphBackend.d.ts +156 -0
package/dist/core/GraphBackend.d.ts.map +1 -0
package/dist/core/GraphBackend.js +85 -0
package/dist/core/GuaranteeManager.d.ts +230 -0
package/dist/core/GuaranteeManager.d.ts.map +1 -0
package/dist/core/GuaranteeManager.js +352 -0
package/dist/core/ManifestStore.d.ts +71 -0
package/dist/core/ManifestStore.d.ts.map +1 -0
package/dist/core/ManifestStore.js +146 -0
package/dist/core/NodeFactory.d.ts +160 -0
package/dist/core/NodeFactory.d.ts.map +1 -0
package/dist/core/NodeFactory.js +137 -0
package/dist/core/NodeId.d.ts +88 -0
package/dist/core/NodeId.d.ts.map +1 -0
package/dist/core/NodeId.js +170 -0
package/dist/core/ParallelAnalyzer.d.ts +120 -0
package/dist/core/ParallelAnalyzer.d.ts.map +1 -0
package/dist/core/ParallelAnalyzer.js +331 -0
package/dist/core/PriorityQueue.d.ts +106 -0
package/dist/core/PriorityQueue.d.ts.map +1 -0
package/dist/core/PriorityQueue.js +168 -0
package/dist/core/Profiler.d.ts +75 -0
package/dist/core/Profiler.d.ts.map +1 -0
package/dist/core/Profiler.js +149 -0
package/dist/core/QueueWorker.d.ts +12 -0
package/dist/core/QueueWorker.d.ts.map +1 -0
package/dist/core/QueueWorker.js +567 -0
package/dist/core/RFDBClient.d.ts +179 -0
package/dist/core/RFDBClient.d.ts.map +1 -0
package/dist/core/RFDBClient.js +429 -0
package/dist/core/Task.d.ts +56 -0
package/dist/core/Task.d.ts.map +1 -0
package/dist/core/Task.js +85 -0
package/dist/core/TaskTypes.d.ts +20 -0
package/dist/core/TaskTypes.d.ts.map +1 -0
package/dist/core/TaskTypes.js +10 -0
package/dist/core/VersionManager.d.ts +166 -0
package/dist/core/VersionManager.d.ts.map +1 -0
package/dist/core/VersionManager.js +237 -0
package/dist/core/WorkerPool.d.ts +82 -0
package/dist/core/WorkerPool.d.ts.map +1 -0
package/dist/core/WorkerPool.js +109 -0
package/dist/core/nodes/CallSiteNode.d.ts +26 -0
package/dist/core/nodes/CallSiteNode.d.ts.map +1 -0
package/dist/core/nodes/CallSiteNode.js +44 -0
package/dist/core/nodes/ClassNode.d.ts +25 -0
package/dist/core/nodes/ClassNode.d.ts.map +1 -0
package/dist/core/nodes/ClassNode.js +40 -0
package/dist/core/nodes/ConstantNode.d.ts +24 -0
package/dist/core/nodes/ConstantNode.d.ts.map +1 -0
package/dist/core/nodes/ConstantNode.js +39 -0
package/dist/core/nodes/DatabaseQueryNode.d.ts +22 -0
package/dist/core/nodes/DatabaseQueryNode.d.ts.map +1 -0
package/dist/core/nodes/DatabaseQueryNode.js +37 -0
package/dist/core/nodes/EntrypointNode.d.ts +102 -0
package/dist/core/nodes/EntrypointNode.d.ts.map +1 -0
package/dist/core/nodes/EntrypointNode.js +119 -0
package/dist/core/nodes/EventListenerNode.d.ts +25 -0
package/dist/core/nodes/EventListenerNode.d.ts.map +1 -0
package/dist/core/nodes/EventListenerNode.js +39 -0
package/dist/core/nodes/ExportNode.d.ts +26 -0
package/dist/core/nodes/ExportNode.d.ts.map +1 -0
package/dist/core/nodes/ExportNode.js +40 -0
package/dist/core/nodes/ExternalStdioNode.d.ts +17 -0
package/dist/core/nodes/ExternalStdioNode.d.ts.map +1 -0
package/dist/core/nodes/ExternalStdioNode.js +26 -0
package/dist/core/nodes/FunctionNode.d.ts +27 -0
package/dist/core/nodes/FunctionNode.d.ts.map +1 -0
package/dist/core/nodes/FunctionNode.js +53 -0
package/dist/core/nodes/GuaranteeNode.d.ts +76 -0
package/dist/core/nodes/GuaranteeNode.d.ts.map +1 -0
package/dist/core/nodes/GuaranteeNode.js +117 -0
package/dist/core/nodes/HttpRequestNode.d.ts +24 -0
package/dist/core/nodes/HttpRequestNode.d.ts.map +1 -0
package/dist/core/nodes/HttpRequestNode.js +38 -0
package/dist/core/nodes/ImportNode.d.ts +27 -0
package/dist/core/nodes/ImportNode.d.ts.map +1 -0
package/dist/core/nodes/ImportNode.js +43 -0
package/dist/core/nodes/LiteralNode.d.ts +26 -0
package/dist/core/nodes/LiteralNode.d.ts.map +1 -0
package/dist/core/nodes/LiteralNode.js +40 -0
package/dist/core/nodes/MethodCallNode.d.ts +29 -0
package/dist/core/nodes/MethodCallNode.d.ts.map +1 -0
package/dist/core/nodes/MethodCallNode.js +47 -0
package/dist/core/nodes/MethodNode.d.ts +29 -0
package/dist/core/nodes/MethodNode.d.ts.map +1 -0
package/dist/core/nodes/MethodNode.js +44 -0
package/dist/core/nodes/ModuleNode.d.ts +29 -0
package/dist/core/nodes/ModuleNode.d.ts.map +1 -0
package/dist/core/nodes/ModuleNode.js +49 -0
package/dist/core/nodes/NodeKind.d.ts +91 -0
package/dist/core/nodes/NodeKind.d.ts.map +1 -0
package/dist/core/nodes/NodeKind.js +146 -0
package/dist/core/nodes/ParameterNode.d.ts +26 -0
package/dist/core/nodes/ParameterNode.d.ts.map +1 -0
package/dist/core/nodes/ParameterNode.js +43 -0
package/dist/core/nodes/ScopeNode.d.ts +32 -0
package/dist/core/nodes/ScopeNode.d.ts.map +1 -0
package/dist/core/nodes/ScopeNode.js +47 -0
package/dist/core/nodes/ServiceNode.d.ts +44 -0
package/dist/core/nodes/ServiceNode.d.ts.map +1 -0
package/dist/core/nodes/ServiceNode.js +49 -0
package/dist/core/nodes/VariableDeclarationNode.d.ts +22 -0
package/dist/core/nodes/VariableDeclarationNode.d.ts.map +1 -0
package/dist/core/nodes/VariableDeclarationNode.js +38 -0
package/dist/core/nodes/index.d.ts +25 -0
package/dist/core/nodes/index.d.ts.map +1 -0
package/dist/core/nodes/index.js +30 -0
package/dist/index.d.ts +57 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +63 -0
package/dist/plugins/Plugin.d.ts +44 -0
package/dist/plugins/Plugin.d.ts.map +1 -0
package/dist/plugins/Plugin.js +46 -0
package/dist/plugins/analysis/DatabaseAnalyzer.d.ts +23 -0
package/dist/plugins/analysis/DatabaseAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/DatabaseAnalyzer.js +260 -0
package/dist/plugins/analysis/ExpressAnalyzer.d.ts +19 -0
package/dist/plugins/analysis/ExpressAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/ExpressAnalyzer.js +306 -0
package/dist/plugins/analysis/ExpressRouteAnalyzer.d.ts +17 -0
package/dist/plugins/analysis/ExpressRouteAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/ExpressRouteAnalyzer.js +308 -0
package/dist/plugins/analysis/FetchAnalyzer.d.ts +38 -0
package/dist/plugins/analysis/FetchAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/FetchAnalyzer.js +344 -0
package/dist/plugins/analysis/IncrementalAnalysisPlugin.d.ts +65 -0
package/dist/plugins/analysis/IncrementalAnalysisPlugin.d.ts.map +1 -0
package/dist/plugins/analysis/IncrementalAnalysisPlugin.js +472 -0
package/dist/plugins/analysis/JSASTAnalyzer.d.ts +84 -0
package/dist/plugins/analysis/JSASTAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/JSASTAnalyzer.js +1378 -0
package/dist/plugins/analysis/ReactAnalyzer.d.ts +90 -0
package/dist/plugins/analysis/ReactAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/ReactAnalyzer.js +1153 -0
package/dist/plugins/analysis/RustAnalyzer.d.ts +13 -0
package/dist/plugins/analysis/RustAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/RustAnalyzer.js +259 -0
package/dist/plugins/analysis/SQLiteAnalyzer.d.ts +21 -0
package/dist/plugins/analysis/SQLiteAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/SQLiteAnalyzer.js +317 -0
package/dist/plugins/analysis/ServiceLayerAnalyzer.d.ts +35 -0
package/dist/plugins/analysis/ServiceLayerAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/ServiceLayerAnalyzer.js +303 -0
package/dist/plugins/analysis/SocketIOAnalyzer.d.ts +33 -0
package/dist/plugins/analysis/SocketIOAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/SocketIOAnalyzer.js +283 -0
package/dist/plugins/analysis/SystemDbAnalyzer.d.ts +27 -0
package/dist/plugins/analysis/SystemDbAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/SystemDbAnalyzer.js +211 -0
package/dist/plugins/analysis/ast/ConditionParser.d.ts +85 -0
package/dist/plugins/analysis/ast/ConditionParser.d.ts.map +1 -0
package/dist/plugins/analysis/ast/ConditionParser.js +277 -0
package/dist/plugins/analysis/ast/ExpressionEvaluator.d.ts +15 -0
package/dist/plugins/analysis/ast/ExpressionEvaluator.d.ts.map +1 -0
package/dist/plugins/analysis/ast/ExpressionEvaluator.js +91 -0
package/dist/plugins/analysis/ast/GraphBuilder.d.ts +77 -0
package/dist/plugins/analysis/ast/GraphBuilder.d.ts.map +1 -0
package/dist/plugins/analysis/ast/GraphBuilder.js +1077 -0
package/dist/plugins/analysis/ast/OxcAdapter.d.ts +41 -0
package/dist/plugins/analysis/ast/OxcAdapter.d.ts.map +1 -0
package/dist/plugins/analysis/ast/OxcAdapter.js +40 -0
package/dist/plugins/analysis/ast/types.d.ts +346 -0
package/dist/plugins/analysis/ast/types.d.ts.map +1 -0
package/dist/plugins/analysis/ast/types.js +4 -0
package/dist/plugins/analysis/ast/visitors/ASTVisitor.d.ts +93 -0
package/dist/plugins/analysis/ast/visitors/ASTVisitor.d.ts.map +1 -0
package/dist/plugins/analysis/ast/visitors/ASTVisitor.js +24 -0
package/dist/plugins/analysis/ast/visitors/CallExpressionVisitor.d.ts +77 -0
package/dist/plugins/analysis/ast/visitors/CallExpressionVisitor.d.ts.map +1 -0
package/dist/plugins/analysis/ast/visitors/CallExpressionVisitor.js +377 -0
package/dist/plugins/analysis/ast/visitors/ClassVisitor.d.ts +27 -0
package/dist/plugins/analysis/ast/visitors/ClassVisitor.d.ts.map +1 -0
package/dist/plugins/analysis/ast/visitors/ClassVisitor.js +232 -0
package/dist/plugins/analysis/ast/visitors/FunctionVisitor.d.ts +25 -0
package/dist/plugins/analysis/ast/visitors/FunctionVisitor.d.ts.map +1 -0
package/dist/plugins/analysis/ast/visitors/FunctionVisitor.js +172 -0
package/dist/plugins/analysis/ast/visitors/ImportExportVisitor.d.ts +29 -0
package/dist/plugins/analysis/ast/visitors/ImportExportVisitor.d.ts.map +1 -0
package/dist/plugins/analysis/ast/visitors/ImportExportVisitor.js +180 -0
package/dist/plugins/analysis/ast/visitors/TypeScriptVisitor.d.ts +14 -0
package/dist/plugins/analysis/ast/visitors/TypeScriptVisitor.d.ts.map +1 -0
package/dist/plugins/analysis/ast/visitors/TypeScriptVisitor.js +200 -0
package/dist/plugins/analysis/ast/visitors/VariableVisitor.d.ts +45 -0
package/dist/plugins/analysis/ast/visitors/VariableVisitor.d.ts.map +1 -0
package/dist/plugins/analysis/ast/visitors/VariableVisitor.js +150 -0
package/dist/plugins/analysis/ast/visitors/index.d.ts +17 -0
package/dist/plugins/analysis/ast/visitors/index.d.ts.map +1 -0
package/dist/plugins/analysis/ast/visitors/index.js +13 -0
package/dist/plugins/discovery/DiscoveryPlugin.d.ts +34 -0
package/dist/plugins/discovery/DiscoveryPlugin.d.ts.map +1 -0
package/dist/plugins/discovery/DiscoveryPlugin.js +26 -0
package/dist/plugins/discovery/MonorepoServiceDiscovery.d.ts +26 -0
package/dist/plugins/discovery/MonorepoServiceDiscovery.d.ts.map +1 -0
package/dist/plugins/discovery/MonorepoServiceDiscovery.js +79 -0
package/dist/plugins/discovery/SimpleProjectDiscovery.d.ts +14 -0
package/dist/plugins/discovery/SimpleProjectDiscovery.d.ts.map +1 -0
package/dist/plugins/discovery/SimpleProjectDiscovery.js +65 -0
package/dist/plugins/discovery/ZonServiceDiscovery.d.ts +19 -0
package/dist/plugins/discovery/ZonServiceDiscovery.d.ts.map +1 -0
package/dist/plugins/discovery/ZonServiceDiscovery.js +204 -0
package/dist/plugins/enrichment/AliasTracker.d.ts +40 -0
package/dist/plugins/enrichment/AliasTracker.d.ts.map +1 -0
package/dist/plugins/enrichment/AliasTracker.js +290 -0
package/dist/plugins/enrichment/HTTPConnectionEnricher.d.ts +30 -0
package/dist/plugins/enrichment/HTTPConnectionEnricher.d.ts.map +1 -0
package/dist/plugins/enrichment/HTTPConnectionEnricher.js +135 -0
package/dist/plugins/enrichment/ImportExportLinker.d.ts +30 -0
package/dist/plugins/enrichment/ImportExportLinker.d.ts.map +1 -0
package/dist/plugins/enrichment/ImportExportLinker.js +176 -0
package/dist/plugins/enrichment/InstanceOfResolver.d.ts +21 -0
package/dist/plugins/enrichment/InstanceOfResolver.d.ts.map +1 -0
package/dist/plugins/enrichment/InstanceOfResolver.js +117 -0
package/dist/plugins/enrichment/MethodCallResolver.d.ts +41 -0
package/dist/plugins/enrichment/MethodCallResolver.d.ts.map +1 -0
package/dist/plugins/enrichment/MethodCallResolver.js +252 -0
package/dist/plugins/enrichment/MountPointResolver.d.ts +26 -0
package/dist/plugins/enrichment/MountPointResolver.d.ts.map +1 -0
package/dist/plugins/enrichment/MountPointResolver.js +189 -0
package/dist/plugins/enrichment/PrefixEvaluator.d.ts +89 -0
package/dist/plugins/enrichment/PrefixEvaluator.d.ts.map +1 -0
package/dist/plugins/enrichment/PrefixEvaluator.js +415 -0
package/dist/plugins/enrichment/RustFFIEnricher.d.ts +25 -0
package/dist/plugins/enrichment/RustFFIEnricher.d.ts.map +1 -0
package/dist/plugins/enrichment/RustFFIEnricher.js +170 -0
package/dist/plugins/enrichment/ValueDomainAnalyzer.d.ts +114 -0
package/dist/plugins/enrichment/ValueDomainAnalyzer.d.ts.map +1 -0
package/dist/plugins/enrichment/ValueDomainAnalyzer.js +464 -0
package/dist/plugins/indexing/IncrementalModuleIndexer.d.ts +27 -0
package/dist/plugins/indexing/IncrementalModuleIndexer.d.ts.map +1 -0
package/dist/plugins/indexing/IncrementalModuleIndexer.js +238 -0
package/dist/plugins/indexing/JSModuleIndexer.d.ts +33 -0
package/dist/plugins/indexing/JSModuleIndexer.d.ts.map +1 -0
package/dist/plugins/indexing/JSModuleIndexer.js +299 -0
package/dist/plugins/indexing/RustModuleIndexer.d.ts +28 -0
package/dist/plugins/indexing/RustModuleIndexer.d.ts.map +1 -0
package/dist/plugins/indexing/RustModuleIndexer.js +140 -0
package/dist/plugins/indexing/ServiceDetector.d.ts +46 -0
package/dist/plugins/indexing/ServiceDetector.d.ts.map +1 -0
package/dist/plugins/indexing/ServiceDetector.js +164 -0
package/dist/plugins/validation/CallResolverValidator.d.ts +23 -0
package/dist/plugins/validation/CallResolverValidator.d.ts.map +1 -0
package/dist/plugins/validation/CallResolverValidator.js +108 -0
package/dist/plugins/validation/DataFlowValidator.d.ts +24 -0
package/dist/plugins/validation/DataFlowValidator.d.ts.map +1 -0
package/dist/plugins/validation/DataFlowValidator.js +148 -0
package/dist/plugins/validation/EvalBanValidator.d.ts +25 -0
package/dist/plugins/validation/EvalBanValidator.d.ts.map +1 -0
package/dist/plugins/validation/EvalBanValidator.js +123 -0
package/dist/plugins/validation/GraphConnectivityValidator.d.ts +11 -0
package/dist/plugins/validation/GraphConnectivityValidator.d.ts.map +1 -0
package/dist/plugins/validation/GraphConnectivityValidator.js +135 -0
package/dist/plugins/validation/SQLInjectionValidator.d.ts +43 -0
package/dist/plugins/validation/SQLInjectionValidator.d.ts.map +1 -0
package/dist/plugins/validation/SQLInjectionValidator.js +251 -0
package/dist/plugins/validation/ShadowingDetector.d.ts +26 -0
package/dist/plugins/validation/ShadowingDetector.d.ts.map +1 -0
package/dist/plugins/validation/ShadowingDetector.js +119 -0
package/dist/plugins/validation/TypeScriptDeadCodeValidator.d.ts +21 -0
package/dist/plugins/validation/TypeScriptDeadCodeValidator.d.ts.map +1 -0
package/dist/plugins/validation/TypeScriptDeadCodeValidator.js +151 -0
package/dist/plugins/vcs/GitPlugin.d.ts +84 -0
package/dist/plugins/vcs/GitPlugin.d.ts.map +1 -0
package/dist/plugins/vcs/GitPlugin.js +295 -0
package/dist/plugins/vcs/VCSPlugin.d.ts +133 -0
package/dist/plugins/vcs/VCSPlugin.d.ts.map +1 -0
package/dist/plugins/vcs/VCSPlugin.js +82 -0
package/dist/plugins/vcs/index.d.ts +10 -0
package/dist/plugins/vcs/index.d.ts.map +1 -0
package/dist/plugins/vcs/index.js +18 -0
package/dist/storage/backends/RFDBServerBackend.d.ts +258 -0
package/dist/storage/backends/RFDBServerBackend.d.ts.map +1 -0
package/dist/storage/backends/RFDBServerBackend.js +565 -0
package/dist/storage/backends/typeValidation.d.ts +47 -0
package/dist/storage/backends/typeValidation.d.ts.map +1 -0
package/dist/storage/backends/typeValidation.js +137 -0
package/dist/validation/PathValidator.d.ts +81 -0
package/dist/validation/PathValidator.d.ts.map +1 -0
package/dist/validation/PathValidator.js +251 -0
package/package.json +57 -0
package/src/.rfguard/current-session.txt +1 -0
package/src/Orchestrator.ts +673 -0
package/src/api/GraphAPI.ts +305 -0
package/src/api/GuaranteeAPI.ts +401 -0
package/src/core/ASTWorker.ts +567 -0
package/src/core/ASTWorkerPool.ts +299 -0
package/src/core/AnalysisQueue.ts +447 -0
package/src/core/AnalysisWorker.ts +410 -0
package/src/core/GraphBackend.ts +265 -0
package/src/core/GuaranteeManager.ts +581 -0
package/src/core/ManifestStore.ts +196 -0
package/src/core/NodeFactory.ts +274 -0
package/src/core/NodeId.ts +257 -0
package/src/core/ParallelAnalyzer.ts +476 -0
package/src/core/PriorityQueue.ts +227 -0
package/src/core/Profiler.ts +188 -0
package/src/core/QueueWorker.ts +780 -0
package/src/core/Task.ts +107 -0
package/src/core/TaskTypes.ts +40 -0
package/src/core/VersionManager.ts +404 -0
package/src/core/WorkerPool.ts +180 -0
package/src/core/nodes/CallSiteNode.ts +72 -0
package/src/core/nodes/ClassNode.ts +69 -0
package/src/core/nodes/ConstantNode.ts +63 -0
package/src/core/nodes/DatabaseQueryNode.ts +60 -0
package/src/core/nodes/EntrypointNode.ts +164 -0
package/src/core/nodes/EventListenerNode.ts +64 -0
package/src/core/nodes/ExportNode.ts +71 -0
package/src/core/nodes/ExternalStdioNode.ts +36 -0
package/src/core/nodes/FunctionNode.ts +78 -0
package/src/core/nodes/GuaranteeNode.ts +162 -0
package/src/core/nodes/HttpRequestNode.ts +63 -0
package/src/core/nodes/ImportNode.ts +75 -0
package/src/core/nodes/LiteralNode.ts +67 -0
package/src/core/nodes/MethodCallNode.ts +79 -0
package/src/core/nodes/MethodNode.ts +78 -0
package/src/core/nodes/ModuleNode.ts +74 -0
package/src/core/nodes/NodeKind.ts +171 -0
package/src/core/nodes/ParameterNode.ts +73 -0
package/src/core/nodes/ScopeNode.ts +80 -0
package/src/core/nodes/ServiceNode.ts +86 -0
package/src/core/nodes/VariableDeclarationNode.ts +60 -0
package/src/core/nodes/index.ts +49 -0
package/src/index.ts +93 -0
package/src/plugins/Plugin.ts +74 -0
package/src/plugins/analysis/DatabaseAnalyzer.ts +322 -0
package/src/plugins/analysis/ExpressAnalyzer.ts +401 -0
package/src/plugins/analysis/ExpressRouteAnalyzer.ts +414 -0
package/src/plugins/analysis/FetchAnalyzer.ts +441 -0
package/src/plugins/analysis/IncrementalAnalysisPlugin.ts +686 -0
package/src/plugins/analysis/JSASTAnalyzer.ts +1680 -0
package/src/plugins/analysis/ReactAnalyzer.ts +1368 -0
package/src/plugins/analysis/RustAnalyzer.ts +438 -0
package/src/plugins/analysis/SQLiteAnalyzer.ts +388 -0
package/src/plugins/analysis/ServiceLayerAnalyzer.ts +429 -0
package/src/plugins/analysis/SocketIOAnalyzer.ts +395 -0
package/src/plugins/analysis/SystemDbAnalyzer.ts +284 -0
package/src/plugins/analysis/ast/ConditionParser.ts +333 -0
package/src/plugins/analysis/ast/ExpressionEvaluator.ts +117 -0
package/src/plugins/analysis/ast/GraphBuilder.ts +1371 -0
package/src/plugins/analysis/ast/OxcAdapter.ts +63 -0
package/src/plugins/analysis/ast/types.ts +400 -0
package/src/plugins/analysis/ast/visitors/ASTVisitor.ts +137 -0
package/src/plugins/analysis/ast/visitors/CallExpressionVisitor.ts +528 -0
package/src/plugins/analysis/ast/visitors/ClassVisitor.ts +339 -0
package/src/plugins/analysis/ast/visitors/FunctionVisitor.ts +273 -0
package/src/plugins/analysis/ast/visitors/ImportExportVisitor.ts +259 -0
package/src/plugins/analysis/ast/visitors/TypeScriptVisitor.ts +235 -0
package/src/plugins/analysis/ast/visitors/VariableVisitor.ts +268 -0
package/src/plugins/analysis/ast/visitors/index.ts +36 -0
package/src/plugins/discovery/DiscoveryPlugin.ts +50 -0
package/src/plugins/discovery/MonorepoServiceDiscovery.ts +117 -0
package/src/plugins/discovery/SimpleProjectDiscovery.ts +102 -0
package/src/plugins/enrichment/AliasTracker.ts +399 -0
package/src/plugins/enrichment/HTTPConnectionEnricher.ts +192 -0
package/src/plugins/enrichment/ImportExportLinker.ts +221 -0
package/src/plugins/enrichment/InstanceOfResolver.ts +165 -0
package/src/plugins/enrichment/MethodCallResolver.ts +333 -0
package/src/plugins/enrichment/MountPointResolver.ts +264 -0
package/src/plugins/enrichment/PrefixEvaluator.ts +527 -0
package/src/plugins/enrichment/RustFFIEnricher.ts +218 -0
package/src/plugins/enrichment/ValueDomainAnalyzer.ts +682 -0
package/src/plugins/indexing/IncrementalModuleIndexer.ts +287 -0
package/src/plugins/indexing/JSModuleIndexer.ts +374 -0
package/src/plugins/indexing/RustModuleIndexer.ts +160 -0
package/src/plugins/indexing/ServiceDetector.ts +230 -0
package/src/plugins/validation/CallResolverValidator.ts +170 -0
package/src/plugins/validation/DataFlowValidator.ts +233 -0
package/src/plugins/validation/EvalBanValidator.ts +175 -0
package/src/plugins/validation/GraphConnectivityValidator.ts +201 -0
package/src/plugins/validation/SQLInjectionValidator.ts +363 -0
package/src/plugins/validation/ShadowingDetector.ts +173 -0
package/src/plugins/validation/TypeScriptDeadCodeValidator.ts +203 -0
package/src/plugins/vcs/GitPlugin.ts +344 -0
package/src/plugins/vcs/VCSPlugin.ts +190 -0
package/src/plugins/vcs/index.ts +32 -0
package/src/storage/backends/RFDBServerBackend.ts +687 -0
package/src/storage/backends/typeValidation.ts +151 -0
package/src/validation/PathValidator.ts +342 -0

package/dist/plugins/validation/EvalBanValidator.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * EvalBanValidator - запрещает использование eval и Function
+ *
+ * Security инвариант: код не должен использовать динамическое выполнение.
+ *
+ * Детектирует:
+ * - eval("code") - прямой вызов eval
+ * - new Function("code") - конструктор Function
+ * - Function("code") - вызов Function без new
+ * - window.eval("code") - eval через window
+ * - globalThis.eval("code") - eval через globalThis
+ * - Aliased eval: const e = eval; e("code") - через AliasTracker
+ *
+ * ПРАВИЛА (Datalog):
+ * violation(X) :- node(X, "CALL"), attr(X, "name", "eval").
+ * violation(X) :- node(X, "CALL"), attr(X, "name", "Function").
+ * violation(X) :- node(X, "CALL"), attr(X, "method", "eval").
+ */
+import { Plugin } from '../Plugin.js';
+import type { PluginContext, PluginResult, PluginMetadata } from '../Plugin.js';
+export declare class EvalBanValidator extends Plugin {
+    get metadata(): PluginMetadata;
+    execute(context: PluginContext): Promise<PluginResult>;
+}
+//# sourceMappingURL=EvalBanValidator.d.ts.map

package/dist/plugins/validation/EvalBanValidator.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"EvalBanValidator.d.ts","sourceRoot":"","sources":["../../../src/plugins/validation/EvalBanValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,MAAM,EAAuB,MAAM,cAAc,CAAC;AAC3D,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAoChF,qBAAa,gBAAiB,SAAQ,MAAM;IAC1C,IAAI,QAAQ,IAAI,cAAc,CAU7B;IAEK,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;CAyG7D"}

package/dist/plugins/validation/EvalBanValidator.js ADDED Viewed

@@ -0,0 +1,123 @@
+/**
+ * EvalBanValidator - запрещает использование eval и Function
+ *
+ * Security инвариант: код не должен использовать динамическое выполнение.
+ *
+ * Детектирует:
+ * - eval("code") - прямой вызов eval
+ * - new Function("code") - конструктор Function
+ * - Function("code") - вызов Function без new
+ * - window.eval("code") - eval через window
+ * - globalThis.eval("code") - eval через globalThis
+ * - Aliased eval: const e = eval; e("code") - через AliasTracker
+ *
+ * ПРАВИЛА (Datalog):
+ * violation(X) :- node(X, "CALL"), attr(X, "name", "eval").
+ * violation(X) :- node(X, "CALL"), attr(X, "name", "Function").
+ * violation(X) :- node(X, "CALL"), attr(X, "method", "eval").
+ */
+import { Plugin, createSuccessResult } from '../Plugin.js';
+export class EvalBanValidator extends Plugin {
+    get metadata() {
+        return {
+            name: 'EvalBanValidator',
+            phase: 'VALIDATION',
+            priority: 95, // Высокий приоритет - security check
+            creates: {
+                nodes: [],
+                edges: []
+            }
+        };
+    }
+    async execute(context) {
+        const { graph } = context;
+        console.log('[EvalBanValidator] Checking for eval/Function usage...');
+        const startTime = Date.now();
+        const issues = [];
+        // ОПТИМИЗАЦИЯ: вместо Datalog (медленный full scan), используем прямые graph queries
+        // Datalog зависает на больших графах из-за отсутствия индексов
+        // 1. Прямой вызов eval("code") - ищем все CALL ноды с name="eval"
+        console.log('[EvalBanValidator] Searching for eval() calls...');
+        const evalStart = Date.now();
+        let evalCount = 0;
+        for await (const node of graph.queryNodes({ nodeType: 'CALL' })) {
+            if (node.name === 'eval') {
+                evalCount++;
+                issues.push({
+                    type: 'EVAL_USAGE',
+                    severity: 'ERROR',
+                    message: `Direct eval() call at ${node.file}:${node.line || '?'} - dynamic code execution is forbidden`,
+                    nodeId: node.id,
+                    file: node.file,
+                    line: node.line
+                });
+            }
+        }
+        console.log(`[EvalBanValidator] eval() search took ${Date.now() - evalStart}ms, found ${evalCount} violations`);
+        // 2. Вызов Function("code") или new Function("code")
+        console.log('[EvalBanValidator] Searching for Function() calls...');
+        const funcStart = Date.now();
+        let funcCount = 0;
+        for await (const node of graph.queryNodes({ nodeType: 'CALL' })) {
+            if (node.name === 'Function') {
+                funcCount++;
+                issues.push({
+                    type: 'FUNCTION_CONSTRUCTOR',
+                    severity: 'ERROR',
+                    message: `Function() constructor at ${node.file}:${node.line || '?'} - dynamic code execution is forbidden`,
+                    nodeId: node.id,
+                    file: node.file,
+                    line: node.line
+                });
+            }
+        }
+        console.log(`[EvalBanValidator] Function() search took ${Date.now() - funcStart}ms, found ${funcCount} violations`);
+        // 3. Method call: window.eval, globalThis.eval, this.eval
+        // Note: METHOD_CALL was merged into CALL - method calls have 'method' attribute
+        console.log('[EvalBanValidator] Searching for method eval() calls...');
+        const methodStart = Date.now();
+        let methodCount = 0;
+        for await (const node of graph.queryNodes({ nodeType: 'CALL' })) {
+            const callNode = node;
+            // Method calls have 'method' attribute (e.g., window.eval())
+            if (callNode.method === 'eval' && callNode.object) {
+                methodCount++;
+                const objectName = callNode.object;
+                issues.push({
+                    type: 'EVAL_METHOD',
+                    severity: 'ERROR',
+                    message: `${objectName}.eval() call at ${node.file}:${node.line || '?'} - dynamic code execution is forbidden`,
+                    nodeId: node.id,
+                    file: node.file,
+                    line: node.line,
+                    object: objectName
+                });
+            }
+        }
+        console.log(`[EvalBanValidator] method eval() search took ${Date.now() - methodStart}ms, found ${methodCount} violations`);
+        // 4. Aliased eval - SKIP for now (complex Datalog query causes OOM)
+        console.log('[EvalBanValidator] Skipping aliased eval detection (requires optimized implementation)');
+        const totalTime = ((Date.now() - startTime) / 1000).toFixed(1);
+        const summary = {
+            evalCalls: evalCount,
+            functionCalls: funcCount,
+            methodEvalCalls: methodCount,
+            aliasedEvalCalls: 0, // Skipped for now
+            totalViolations: issues.length,
+            timeSeconds: totalTime
+        };
+        console.log('[EvalBanValidator] Summary:', summary);
+        if (issues.length > 0) {
+            console.log('[EvalBanValidator] ❌ Security violations found:');
+            for (const issue of issues) {
+                console.log(`  🚫 ${issue.message}`);
+            }
+        }
+        else {
+            console.log('[EvalBanValidator] ✅ No eval/Function usage detected');
+        }
+        return createSuccessResult({ nodes: 0, edges: 0 }, // created - validator doesn't create nodes/edges
+        { summary, issues } // metadata
+        );
+    }
+}

package/dist/plugins/validation/GraphConnectivityValidator.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+/**
+ * GraphConnectivityValidator - проверяет что все узлы связаны с корневыми узлами
+ * Находит "островки" - узлы которые не имеют путей до SERVICE/MODULE
+ */
+import { Plugin } from '../Plugin.js';
+import type { PluginContext, PluginMetadata, PluginResult } from '../Plugin.js';
+export declare class GraphConnectivityValidator extends Plugin {
+    get metadata(): PluginMetadata;
+    execute(context: PluginContext): Promise<PluginResult>;
+}
+//# sourceMappingURL=GraphConnectivityValidator.d.ts.map

package/dist/plugins/validation/GraphConnectivityValidator.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"GraphConnectivityValidator.d.ts","sourceRoot":"","sources":["../../../src/plugins/validation/GraphConnectivityValidator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,MAAM,EAAuB,MAAM,cAAc,CAAC;AAC3D,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAyChF,qBAAa,0BAA2B,SAAQ,MAAM;IACpD,IAAI,QAAQ,IAAI,cAAc,CAU7B;IAEK,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;CA4I7D"}

package/dist/plugins/validation/GraphConnectivityValidator.js ADDED Viewed

@@ -0,0 +1,135 @@
+/**
+ * GraphConnectivityValidator - проверяет что все узлы связаны с корневыми узлами
+ * Находит "островки" - узлы которые не имеют путей до SERVICE/MODULE
+ */
+import { Plugin, createSuccessResult } from '../Plugin.js';
+export class GraphConnectivityValidator extends Plugin {
+    get metadata() {
+        return {
+            name: 'GraphConnectivityValidator',
+            phase: 'VALIDATION',
+            priority: 100,
+            creates: {
+                nodes: [],
+                edges: []
+            }
+        };
+    }
+    async execute(context) {
+        const { graph, manifest } = context;
+        const manifestWithValidation = manifest;
+        console.log('[GraphConnectivityValidator] Starting connectivity validation...');
+        // Получаем все узлы
+        const allNodes = await graph.getAllNodes();
+        console.log(`[GraphConnectivityValidator] Total nodes: ${allNodes.length}`);
+        // Находим корневые узлы (SERVICE, MODULE)
+        const rootTypes = ['SERVICE', 'MODULE', 'PROJECT'];
+        const rootNodes = allNodes.filter(n => rootTypes.includes(n.type));
+        console.log(`[GraphConnectivityValidator] Root nodes: ${rootNodes.length}`);
+        if (rootNodes.length === 0) {
+            console.warn('[GraphConnectivityValidator] No root nodes found!');
+            return createSuccessResult({ nodes: 0, edges: 0 }, { skipped: true, reason: 'No root nodes' });
+        }
+        // Check if graph supports getAllEdges
+        if (!graph.getAllEdges) {
+            console.log('[GraphConnectivityValidator] Graph does not support getAllEdges, skipping validation');
+            return createSuccessResult({ nodes: 0, edges: 0 }, { skipped: true, reason: 'No getAllEdges support' });
+        }
+        // Собираем все ребра
+        const allEdges = await graph.getAllEdges();
+        console.log(`[GraphConnectivityValidator] Total edges: ${allEdges.length}`);
+        // Строим карты смежности (обе направления)
+        const adjacencyOut = new Map(); // nodeId -> [targetIds]
+        const adjacencyIn = new Map(); // nodeId -> [sourceIds]
+        for (const edge of allEdges) {
+            // Outgoing edges
+            if (!adjacencyOut.has(edge.src)) {
+                adjacencyOut.set(edge.src, []);
+            }
+            adjacencyOut.get(edge.src).push(edge.dst);
+            // Incoming edges
+            if (!adjacencyIn.has(edge.dst)) {
+                adjacencyIn.set(edge.dst, []);
+            }
+            adjacencyIn.get(edge.dst).push(edge.src);
+        }
+        // BFS от корневых узлов для поиска достижимых узлов
+        const reachable = new Set();
+        const queue = [...rootNodes.map(n => n.id)];
+        while (queue.length > 0) {
+            const nodeId = queue.shift();
+            if (reachable.has(nodeId))
+                continue;
+            reachable.add(nodeId);
+            // Добавляем все связанные узлы (в обоих направлениях)
+            const outgoing = adjacencyOut.get(nodeId) || [];
+            const incoming = adjacencyIn.get(nodeId) || [];
+            for (const targetId of [...outgoing, ...incoming]) {
+                if (!reachable.has(targetId)) {
+                    queue.push(targetId);
+                }
+            }
+        }
+        // Находим недостижимые узлы
+        const unreachable = allNodes.filter(n => !reachable.has(n.id));
+        if (unreachable.length > 0) {
+            // ЯРКОЕ ПРЕДУПРЕЖДЕНИЕ В КОНСОЛИ
+            console.error('\n' + '='.repeat(80));
+            console.error('⚠️  GRAPH VALIDATION ERROR: DISCONNECTED NODES FOUND');
+            console.error('='.repeat(80));
+            console.error(`Found ${unreachable.length} unreachable nodes (${((unreachable.length / allNodes.length) * 100).toFixed(1)}% of total)`);
+            console.error(`These nodes are not connected to the main graph (SERVICE/MODULE/PROJECT level)`);
+            console.error('');
+            // Группируем по типам для читаемости
+            const byType = {};
+            for (const node of unreachable) {
+                if (!byType[node.type])
+                    byType[node.type] = [];
+                byType[node.type].push(node);
+            }
+            for (const [type, nodes] of Object.entries(byType)) {
+                console.error(`  ${type}: ${nodes.length} nodes`);
+                // Показываем первые 5 для каждого типа
+                for (const node of nodes.slice(0, 5)) {
+                    console.error(`    - ${node.name || node.id}`);
+                    // Показываем связи этого узла
+                    const out = adjacencyOut.get(node.id) || [];
+                    const incoming = adjacencyIn.get(node.id) || [];
+                    if (out.length > 0 || incoming.length > 0) {
+                        console.error(`      Edges: ${incoming.length} incoming, ${out.length} outgoing`);
+                    }
+                }
+                if (nodes.length > 5) {
+                    console.error(`    ... and ${nodes.length - 5} more`);
+                }
+            }
+            console.error('');
+            console.error('💡 ACTION REQUIRED: Fix analysis plugins to ensure all nodes are connected');
+            console.error('   Anonymous functions, callbacks, and method calls should be linked to parent nodes');
+            console.error('='.repeat(80) + '\n');
+            // Сохраняем информацию в manifest для дальнейшего использования
+            if (!manifestWithValidation.validation)
+                manifestWithValidation.validation = {};
+            manifestWithValidation.validation.unreachableNodes = unreachable.map(n => ({
+                id: n.id,
+                type: n.type,
+                name: n.name
+            }));
+            manifestWithValidation.validation.hasErrors = true;
+            manifestWithValidation.validation.totalNodes = allNodes.length;
+            manifestWithValidation.validation.reachableNodes = reachable.size;
+            manifestWithValidation.validation.unreachableCount = unreachable.length;
+            manifestWithValidation.validation.unreachableByType = Object.fromEntries(Object.entries(byType).map(([type, nodes]) => [type, nodes.length]));
+        }
+        else {
+            console.log('[GraphConnectivityValidator] ✅ All nodes are reachable from root nodes');
+            if (!manifestWithValidation.validation)
+                manifestWithValidation.validation = {};
+            manifestWithValidation.validation.hasErrors = false;
+            manifestWithValidation.validation.totalNodes = allNodes.length;
+            manifestWithValidation.validation.reachableNodes = reachable.size;
+        }
+        console.log(`[GraphConnectivityValidator] Validation complete: ${reachable.size}/${allNodes.length} nodes reachable`);
+        return createSuccessResult({ nodes: 0, edges: 0 }, { totalNodes: allNodes.length, reachableNodes: reachable.size });
+    }
+}

package/dist/plugins/validation/SQLInjectionValidator.d.ts ADDED Viewed

@@ -0,0 +1,43 @@
+/**
+ * SQLInjectionValidator - детектирует SQL injection уязвимости
+ *
+ * Security инвариант: SQL запросы не должны содержать недетерминированные
+ * значения (user input) без параметризации.
+ *
+ * Детектирует:
+ * - Template literal с переменными от параметров: `SELECT * FROM users WHERE id = ${userId}`
+ * - String concatenation с user input: "SELECT * FROM users WHERE id = " + userId
+ *
+ * Безопасные паттерны (НЕ flagged):
+ * - Параметризованные запросы: db.query('SELECT * FROM users WHERE id = ?', [userId])
+ * - Только литералы: const query = 'SELECT * FROM users'
+ * - Литералы в template: const role = 'admin'; `SELECT * FROM users WHERE role = '${role}'`
+ *
+ * ПРАВИЛА:
+ * 1. Найти CALL с method = query/execute/run/all/get
+ * 2. Проверить первый аргумент - если содержит nondeterministic value → violation
+ * 3. Использовать ValueDomainAnalyzer для трассировки значений
+ */
+import { Plugin } from '../Plugin.js';
+import type { PluginContext, PluginResult, PluginMetadata } from '../Plugin.js';
+export declare class SQLInjectionValidator extends Plugin {
+    private valueAnalyzer;
+    constructor();
+    get metadata(): PluginMetadata;
+    execute(context: PluginContext): Promise<PluginResult>;
+    /**
+     * Analyze a SQL query call for injection vulnerabilities
+     */
+    private analyzeQueryCall;
+    /**
+     * Check if an expression contains nondeterministic values
+     */
+    private checkExpressionForNondeterminism;
+    /**
+     * Check via Datalog graph pattern for SQL injection
+     * Pattern: CALL -[PASSES_ARGUMENT]-> VARIABLE -[ASSIGNED_FROM*]-> PARAMETER
+     */
+    private checkViaGraphPattern;
+}
+export default SQLInjectionValidator;
+//# sourceMappingURL=SQLInjectionValidator.d.ts.map

package/dist/plugins/validation/SQLInjectionValidator.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"SQLInjectionValidator.d.ts","sourceRoot":"","sources":["../../../src/plugins/validation/SQLInjectionValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAE,MAAM,EAAuB,MAAM,cAAc,CAAC;AAC3D,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAsEhF,qBAAa,qBAAsB,SAAQ,MAAM;IAC/C,OAAO,CAAC,aAAa,CAAsB;;IAO3C,IAAI,QAAQ,IAAI,cAAc,CAU7B;IAEK,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;IAmE5D;;OAEG;YACW,gBAAgB;IAgF9B;;OAEG;YACW,gCAAgC;IAsC9C;;;OAGG;YACW,oBAAoB;CAqDnC;AAED,eAAe,qBAAqB,CAAC"}

package/dist/plugins/validation/SQLInjectionValidator.js ADDED Viewed

@@ -0,0 +1,251 @@
+/**
+ * SQLInjectionValidator - детектирует SQL injection уязвимости
+ *
+ * Security инвариант: SQL запросы не должны содержать недетерминированные
+ * значения (user input) без параметризации.
+ *
+ * Детектирует:
+ * - Template literal с переменными от параметров: `SELECT * FROM users WHERE id = ${userId}`
+ * - String concatenation с user input: "SELECT * FROM users WHERE id = " + userId
+ *
+ * Безопасные паттерны (НЕ flagged):
+ * - Параметризованные запросы: db.query('SELECT * FROM users WHERE id = ?', [userId])
+ * - Только литералы: const query = 'SELECT * FROM users'
+ * - Литералы в template: const role = 'admin'; `SELECT * FROM users WHERE role = '${role}'`
+ *
+ * ПРАВИЛА:
+ * 1. Найти CALL с method = query/execute/run/all/get
+ * 2. Проверить первый аргумент - если содержит nondeterministic value → violation
+ * 3. Использовать ValueDomainAnalyzer для трассировки значений
+ */
+import { Plugin, createSuccessResult } from '../Plugin.js';
+import { ValueDomainAnalyzer } from '../enrichment/ValueDomainAnalyzer.js';
+// SQL query method names to detect
+const SQL_METHODS = ['query', 'execute', 'exec', 'run', 'all', 'get', 'prepare', 'raw'];
+export class SQLInjectionValidator extends Plugin {
+    valueAnalyzer;
+    constructor() {
+        super();
+        this.valueAnalyzer = new ValueDomainAnalyzer();
+    }
+    get metadata() {
+        return {
+            name: 'SQLInjectionValidator',
+            phase: 'VALIDATION',
+            priority: 90, // After ValueDomainAnalyzer (65)
+            creates: {
+                nodes: [],
+                edges: []
+            }
+        };
+    }
+    async execute(context) {
+        const { graph } = context;
+        console.log('[SQLInjectionValidator] Checking for SQL injection vulnerabilities...');
+        const issues = [];
+        // 1. Find all CALL nodes that look like SQL queries
+        const sqlCalls = [];
+        for await (const node of graph.queryNodes({ nodeType: 'CALL' })) {
+            const callNode = node;
+            const method = callNode.method || callNode.name;
+            if (method && SQL_METHODS.includes(method)) {
+                sqlCalls.push(callNode);
+            }
+        }
+        console.log(`[SQLInjectionValidator] Found ${sqlCalls.length} potential SQL calls`);
+        // 2. For each SQL call, analyze the query argument
+        for (const call of sqlCalls) {
+            const result = await this.analyzeQueryCall(call, graph);
+            if (result.isVulnerable) {
+                issues.push({
+                    type: 'SQL_INJECTION',
+                    severity: 'ERROR',
+                    message: `Potential SQL injection at ${call.file}:${call.line || '?'} - ${result.reason}`,
+                    nodeId: call.id,
+                    file: call.file,
+                    line: call.line,
+                    reason: result.reason,
+                    nondeterministicSources: result.sources
+                });
+            }
+        }
+        // 3. Also check via graph pattern - CALL nodes that have ARGUMENT -> PARAMETER paths
+        const patternViolations = await this.checkViaGraphPattern(graph, sqlCalls);
+        for (const violation of patternViolations) {
+            // Avoid duplicates
+            if (!issues.find(i => i.nodeId === violation.nodeId)) {
+                issues.push(violation);
+            }
+        }
+        const summary = {
+            sqlCallsChecked: sqlCalls.length,
+            vulnerabilitiesFound: issues.length
+        };
+        console.log('[SQLInjectionValidator] Summary:', summary);
+        if (issues.length > 0) {
+            console.log('[SQLInjectionValidator] ❌ SQL injection vulnerabilities found:');
+            for (const issue of issues) {
+                console.log(`  🚫 ${issue.message}`);
+            }
+        }
+        else {
+            console.log('[SQLInjectionValidator] ✅ No SQL injection vulnerabilities detected');
+        }
+        return createSuccessResult({ nodes: 0, edges: 0 }, { summary, issues });
+    }
+    /**
+     * Analyze a SQL query call for injection vulnerabilities
+     */
+    async analyzeQueryCall(call, graph) {
+        const result = {
+            isVulnerable: false,
+            reason: null,
+            sources: []
+        };
+        // Get the query argument - usually first argument
+        // We need to check if it has nondeterministic content
+        // Check if this call has PASSES_ARGUMENT edges
+        const outgoing = await graph.getOutgoingEdges(call.id);
+        const argEdges = outgoing.filter(e => (e.edgeType || e.edge_type) === 'PASSES_ARGUMENT');
+        if (argEdges.length === 0) {
+            // No tracked arguments - check via queryArgName attribute if available
+            if (call.queryArgName) {
+                const valueSet = await this.valueAnalyzer.getValueSet(call.queryArgName, call.file, graph);
+                if (valueSet.hasUnknown) {
+                    result.isVulnerable = true;
+                    result.reason = `Query argument "${call.queryArgName}" contains user input`;
+                    result.sources = ['unknown'];
+                }
+            }
+            return result;
+        }
+        // Check each argument
+        for (const edge of argEdges) {
+            const argId = edge.dst || edge.target_id;
+            const argNode = await graph.getNode(argId);
+            if (!argNode)
+                continue;
+            const argIndex = edge.argIndex || edge.index;
+            if (argIndex !== 0 && argIndex !== undefined)
+                continue; // Only check first argument
+            // Check argument type
+            const argType = argNode.nodeType || argNode.type;
+            if (argType === 'LITERAL') {
+                // Pure literal - safe
+                continue;
+            }
+            if (argType === 'VARIABLE' || argType === 'CONSTANT') {
+                // Trace value domain
+                const varName = argNode.name || argNode.attrs?.name;
+                if (varName) {
+                    const valueSet = await this.valueAnalyzer.getValueSet(varName, call.file, graph);
+                    if (valueSet.hasUnknown) {
+                        result.isVulnerable = true;
+                        result.reason = `Query variable "${varName}" may contain user input`;
+                        result.sources.push(varName);
+                    }
+                }
+            }
+            if (argType === 'PARAMETER') {
+                // Direct parameter in query - definitely vulnerable
+                result.isVulnerable = true;
+                result.reason = 'Query contains direct function parameter';
+                result.sources.push(argNode.name || 'parameter');
+            }
+            if (argType === 'EXPRESSION') {
+                // Template literal or concatenation - check for nondeterministic values
+                const { hasUnknown, sources } = await this.checkExpressionForNondeterminism(argNode, graph);
+                if (hasUnknown) {
+                    result.isVulnerable = true;
+                    result.reason = 'Query expression contains nondeterministic values';
+                    result.sources.push(...sources);
+                }
+            }
+        }
+        return result;
+    }
+    /**
+     * Check if an expression contains nondeterministic values
+     */
+    async checkExpressionForNondeterminism(exprNode, graph) {
+        const result = { hasUnknown: false, sources: [] };
+        // Check DERIVES_FROM edges
+        const outgoing = await graph.getOutgoingEdges(exprNode.id);
+        const derivesFromEdges = outgoing.filter(e => (e.edgeType || e.edge_type) === 'DERIVES_FROM' ||
+            (e.edgeType || e.edge_type) === 'ASSIGNED_FROM');
+        for (const edge of derivesFromEdges) {
+            const sourceId = edge.dst || edge.target_id;
+            const sourceNode = await graph.getNode(sourceId);
+            if (!sourceNode)
+                continue;
+            const sourceType = sourceNode.nodeType || sourceNode.type;
+            if (sourceType === 'PARAMETER') {
+                result.hasUnknown = true;
+                result.sources.push(sourceNode.name || 'parameter');
+            }
+            else if (sourceType === 'VARIABLE' || sourceType === 'CONSTANT') {
+                const varName = sourceNode.name || sourceNode.attrs?.name;
+                if (varName) {
+                    const valueSet = await this.valueAnalyzer.getValueSet(varName, exprNode.file, graph);
+                    if (valueSet.hasUnknown) {
+                        result.hasUnknown = true;
+                        result.sources.push(varName);
+                    }
+                }
+            }
+        }
+        return result;
+    }
+    /**
+     * Check via Datalog graph pattern for SQL injection
+     * Pattern: CALL -[PASSES_ARGUMENT]-> VARIABLE -[ASSIGNED_FROM*]-> PARAMETER
+     */
+    async checkViaGraphPattern(graph, excludeCalls = []) {
+        const issues = [];
+        const excludeIds = new Set(excludeCalls.map(c => c.id));
+        // Find CALL nodes that have argument tracing to PARAMETER
+        try {
+            // Check if graph supports checkGuarantee
+            if (!graph.checkGuarantee) {
+                console.log('[SQLInjectionValidator] Graph does not support checkGuarantee, skipping pattern-based check');
+                return issues;
+            }
+            // Check guarantee for SQL method calls with parameter-derived arguments
+            const violations = await graph.checkGuarantee(`
+        violation(X) :-
+          node(X, "CALL"),
+          attr(X, "method", M),
+          edge(X, Arg, "PASSES_ARGUMENT"),
+          edge(Arg, P, "ASSIGNED_FROM"),
+          node(P, "PARAMETER").
+      `);
+            for (const v of violations) {
+                const nodeId = v.bindings.find(b => b.name === 'X')?.value;
+                if (nodeId && !excludeIds.has(nodeId)) {
+                    const node = await graph.getNode(nodeId);
+                    if (node) {
+                        const method = node.method || node.name;
+                        if (SQL_METHODS.includes(method)) {
+                            issues.push({
+                                type: 'SQL_INJECTION',
+                                severity: 'ERROR',
+                                message: `SQL injection via parameter flow at ${node.file}:${node.line || '?'}`,
+                                nodeId,
+                                file: node.file,
+                                line: node.line,
+                                reason: 'Parameter value flows into SQL query',
+                                nondeterministicSources: ['parameter']
+                            });
+                        }
+                    }
+                }
+            }
+        }
+        catch (err) {
+            // Datalog query might fail if backend doesn't support it
+            console.log('[SQLInjectionValidator] Datalog check skipped:', err.message);
+        }
+        return issues;
+    }
+}
+export default SQLInjectionValidator;

package/dist/plugins/validation/ShadowingDetector.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+/**
+ * ShadowingDetector - detects variable shadowing issues
+ *
+ * Detects two types of shadowing:
+ *
+ * 1. Cross-file shadowing:
+ *    - CLASS `User` defined in models.js
+ *    - VARIABLE `User` in handlers.js shadows the class
+ *    - Method calls on the variable go to wrong target
+ *
+ * 2. Scope-aware shadowing:
+ *    - import { User } from './models'
+ *    - function handler() { const User = {...}; User.save(); }
+ *    - Local variable shadows the imported class
+ *
+ * Implementation notes:
+ * - Datalog doesn't support inequality (\=), so we use JS filtering
+ * - queryNodes is an async generator, use getAllNodes for arrays
+ */
+import { Plugin } from '../Plugin.js';
+import type { PluginContext, PluginResult, PluginMetadata } from '../Plugin.js';
+export declare class ShadowingDetector extends Plugin {
+    get metadata(): PluginMetadata;
+    execute(context: PluginContext): Promise<PluginResult>;
+}
+//# sourceMappingURL=ShadowingDetector.d.ts.map

package/dist/plugins/validation/ShadowingDetector.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ShadowingDetector.d.ts","sourceRoot":"","sources":["../../../src/plugins/validation/ShadowingDetector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,MAAM,EAAuB,MAAM,cAAc,CAAC;AAC3D,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAoChF,qBAAa,iBAAkB,SAAQ,MAAM;IAC3C,IAAI,QAAQ,IAAI,cAAc,CAU7B;IAEK,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;CAsG7D"}