@grafema/core 0.1.0-alpha.1

package/src/plugins/enrichment/ValueDomainAnalyzer.ts

@@ -0,0 +1,682 @@
+/**
+ * ValueDomainAnalyzer - Value Set Analysis for computed member access
+ *
+ * Purpose: Determine the set of possible values for a variable and resolve
+ * computed member access obj[method]() when method is deterministic.
+ *
+ * USES:
+ * - VARIABLE -> ASSIGNED_FROM -> LITERAL (from JSASTAnalyzer)
+ * - VARIABLE -> ASSIGNED_FROM -> VARIABLE (transitive chains)
+ * - ConditionalExpression → multiple ASSIGNED_FROM edges
+ *
+ * CREATES:
+ * - CALL -> CALLS -> METHOD (with isConditional: true for conditional calls)
+ */
+
+import { Plugin, createSuccessResult } from '../Plugin.js';
+import type { PluginMetadata, PluginContext, PluginResult } from '../Plugin.js';
+import type { NodeRecord } from '@grafema/types';
+import type { EdgeRecord } from '@grafema/types';
+
+interface ComputedCallNode {
+  id: string;
+  type: string;
+  name: string;
+  file: string;
+  line: number;
+  computed: boolean;
+  object?: string;
+  property?: string;
+}
+
+interface VariableNode {
+  id: string;
+  type: string;
+  name: string;
+  file: string;
+  line: number;
+  attrs?: {
+    name?: string;
+    file?: string;
+  };
+  [key: string]: unknown;
+}
+
+interface ExpressionNode {
+  id: string;
+  type: string;
+  name?: string;
+  file?: string;
+  line?: number;
+  expressionType?: string;
+  object?: string;
+  property?: string;
+  attrs?: {
+    expressionType?: string;
+    object?: string;
+    property?: string;
+  };
+}
+
+interface ScopeNode {
+  id: string;
+  type: string;
+  name?: string;
+  file?: string;
+  line?: number;
+  originalId?: string;
+  stableId?: string;
+  parentScopeId?: string;
+  constraints?: Constraint[];
+}
+
+interface Constraint {
+  variable?: string;
+  operator?: string;
+  value?: unknown;
+  values?: unknown[];
+  type?: 'or' | 'and';
+  constraints?: Constraint[];
+}
+
+interface ValueSetResult {
+  values: unknown[];
+  hasUnknown: boolean;
+}
+
+interface ValueSetAtNodeResult extends ValueSetResult {
+  constraints: Constraint[];
+  globalValues: unknown[];
+  globalHasUnknown: boolean;
+}
+
+interface NondeterministicPattern {
+  object: string;
+  property: string;
+}
+
+interface Graph {
+  queryNodes(filter: { nodeType: string }): AsyncIterable<NodeRecord>;
+  getNode(id: string): Promise<NodeRecord | null>;
+  getOutgoingEdges(nodeId: string): Promise<EdgeRecord[]>;
+  getIncomingEdges(nodeId: string): Promise<EdgeRecord[]>;
+  addEdge(edge: { src: string; dst: string; type: string; metadata?: Record<string, unknown> }): Promise<void> | void;
+}
+
+interface ProgressCallback {
+  (info: {
+    phase: string;
+    currentPlugin: string;
+    message: string;
+    totalFiles: number;
+    processedFiles: number;
+  }): void;
+}
+
+export class ValueDomainAnalyzer extends Plugin {
+  static MAX_DEPTH = 10; // Maximum depth for tracing
+
+  // Nondeterministic MemberExpression patterns
+  // object.property patterns that are external/user input
+  static NONDETERMINISTIC_PATTERNS: NondeterministicPattern[] = [
+    // Environment variables
+    { object: 'process', property: 'env' },
+    // HTTP request data (Express.js patterns)
+    { object: 'req', property: 'body' },
+    { object: 'req', property: 'query' },
+    { object: 'req', property: 'params' },
+    { object: 'req', property: 'headers' },
+    { object: 'req', property: 'cookies' },
+    { object: 'request', property: 'body' },
+    { object: 'request', property: 'query' },
+    { object: 'request', property: 'params' },
+    // Context patterns (Koa, etc.)
+    { object: 'ctx', property: 'request' },
+    { object: 'ctx', property: 'body' },
+    { object: 'ctx', property: 'query' },
+    { object: 'ctx', property: 'params' },
+  ];
+
+  // Nondeterministic object prefixes (any property access is nondeterministic)
+  static NONDETERMINISTIC_OBJECTS: string[] = [
+    'process.env',  // process.env.ANY_VAR
+    'req.body',     // req.body.userId
+    'req.query',    // req.query.filter
+    'req.params',   // req.params.id
+    'request.body',
+    'ctx.request',
+  ];
+
+  get metadata(): PluginMetadata {
+    return {
+      name: 'ValueDomainAnalyzer',
+      phase: 'ENRICHMENT',
+      priority: 65, // After AliasTracker (60)
+      creates: {
+        nodes: [],
+        edges: ['CALLS']
+      }
+    };
+  }
+
+  async execute(context: PluginContext): Promise<PluginResult> {
+    const { graph } = context;
+    const onProgress = (context as unknown as { onProgress?: ProgressCallback }).onProgress;
+    const graphTyped = graph as unknown as Graph;
+
+    console.log('[ValueDomainAnalyzer] Starting value domain analysis...');
+
+    let callsProcessed = 0;
+    let callsResolved = 0;
+    let edgesCreated = 0;
+    let conditionalCalls = 0;
+    let partialCalls = 0;
+
+    // 1. Find all CALL nodes with computed member access
+    const computedCalls: ComputedCallNode[] = [];
+    for await (const node of graphTyped.queryNodes({ nodeType: 'CALL' })) {
+      // Cast through unknown since node types vary
+      const callNode = node as unknown as ComputedCallNode;
+      if (callNode.computed === true) {
+        computedCalls.push(callNode);
+      }
+    }
+
+    console.log(`[ValueDomainAnalyzer] Found ${computedCalls.length} computed member calls`);
+
+    // 2. For each computed call get value set
+    for (const call of computedCalls) {
+      callsProcessed++;
+
+      // Report progress every 20 calls
+      if (onProgress && callsProcessed % 20 === 0) {
+        (onProgress as ProgressCallback)({
+          phase: 'enrichment',
+          currentPlugin: 'ValueDomainAnalyzer',
+          message: `Analyzing value domains ${callsProcessed}/${computedCalls.length}`,
+          totalFiles: computedCalls.length,
+          processedFiles: callsProcessed
+        });
+      }
+
+      const objectName = call.object;
+      const propertyExpr = call.property; // variable name with method name
+
+      if (!objectName || !propertyExpr) continue;
+
+      // 3. Get value set for property expression
+      const valueSet = await this.getValueSet(propertyExpr, call.file, graphTyped);
+
+      if (valueSet.hasUnknown && valueSet.values.length === 0) {
+        // Completely nondeterministic - skip
+        continue;
+      }
+
+      if (valueSet.values.length === 0) {
+        // No known values - skip
+        continue;
+      }
+
+      // 4. Create CALLS edges for each known value
+      callsResolved++;
+      const isConditional = valueSet.values.length > 1 || valueSet.hasUnknown;
+      const partial = valueSet.hasUnknown;
+
+      for (const methodName of valueSet.values) {
+        // Find method by name in the same file
+        const targetMethod = await this.findMethod(objectName, methodName as string, call.file, graphTyped);
+
+        if (targetMethod) {
+          await graphTyped.addEdge({
+            src: call.id,
+            dst: targetMethod.id,
+            type: 'CALLS',
+            metadata: {
+              isConditional,
+              partial: partial || undefined, // undefined to not store false
+              source: 'computed_member_access'
+            }
+          });
+          edgesCreated++;
+
+          if (isConditional) {
+            conditionalCalls++;
+          }
+          if (partial) {
+            partialCalls++;
+          }
+        }
+      }
+    }
+
+    const summary = {
+      callsProcessed,
+      callsResolved,
+      edgesCreated,
+      conditionalCalls,
+      partialCalls
+    };
+
+    console.log('[ValueDomainAnalyzer] Summary:', summary);
+
+    return createSuccessResult(
+      { nodes: 0, edges: edgesCreated },
+      summary
+    );
+  }
+
+  /**
+   * Get set of possible values for a variable
+   */
+  async getValueSet(variableName: string, file: string, graph: Graph): Promise<ValueSetResult> {
+    const result: ValueSetResult = {
+      values: [],
+      hasUnknown: false
+    };
+
+    // Find variable
+    const variables: VariableNode[] = [];
+    for await (const node of graph.queryNodes({ nodeType: 'VARIABLE' })) {
+      const varNode = node as VariableNode;
+      const nodeName = varNode.name || varNode.attrs?.name;
+      const nodeFile = varNode.file || varNode.attrs?.file;
+      if (nodeName === variableName && nodeFile === file) {
+        variables.push(varNode);
+      }
+    }
+    for await (const node of graph.queryNodes({ nodeType: 'CONSTANT' })) {
+      const varNode = node as VariableNode;
+      const nodeName = varNode.name || varNode.attrs?.name;
+      const nodeFile = varNode.file || varNode.attrs?.file;
+      if (nodeName === variableName && nodeFile === file) {
+        variables.push(varNode);
+      }
+    }
+
+    if (variables.length === 0) {
+      console.log(`[ValueDomainAnalyzer] No variable found for ${variableName} in ${file}`);
+      result.hasUnknown = true;
+      return result;
+    }
+
+    console.log(`[ValueDomainAnalyzer] Found ${variables.length} variable(s) for ${variableName}`);
+
+    // Trace ASSIGNED_FROM to LITERAL or nondeterministic sources
+    const visited = new Set<string>();
+    const valueSet = new Set<unknown>();
+
+    for (const variable of variables) {
+      const { values, hasUnknown } = await this.traceValueSet(
+        variable,
+        graph,
+        visited,
+        0
+      );
+
+      values.forEach(v => valueSet.add(v));
+      if (hasUnknown) {
+        result.hasUnknown = true;
+      }
+    }
+
+    result.values = Array.from(valueSet);
+    return result;
+  }
+
+  /**
+   * Get value set for a variable at a specific node, considering path constraints
+   * This is path-sensitive: it collects constraints from enclosing scopes and applies them
+   */
+  async getValueSetAtNode(
+    variableName: string,
+    node: NodeRecord & { parentScopeId?: string },
+    graph: Graph
+  ): Promise<ValueSetAtNodeResult> {
+    // 1. Get global value set
+    const file = (node as { file?: string; attrs?: { file?: string } }).file ||
+                 (node as { attrs?: { file?: string } }).attrs?.file || '';
+    const globalResult = await this.getValueSet(variableName, file, graph);
+
+    // 2. Collect constraints from enclosing scopes
+    const constraints = await this.collectPathConstraints(node, graph);
+
+    // 3. Filter constraints relevant to this variable
+    const relevantConstraints = constraints.filter(c =>
+      c.variable === variableName ||
+      (c.type === 'or' && c.constraints?.some(sub => sub.variable === variableName)) ||
+      (c.type === 'and' && c.constraints?.some(sub => sub.variable === variableName))
+    );
+
+    // 4. Apply constraints to narrow the value set
+    const refinedResult = this.applyConstraints(globalResult, relevantConstraints, variableName);
+
+    return {
+      ...refinedResult,
+      constraints: relevantConstraints,
+      globalValues: globalResult.values,
+      globalHasUnknown: globalResult.hasUnknown
+    };
+  }
+
+  /**
+   * Collect all constraints from the scope chain leading to this node
+   */
+  async collectPathConstraints(
+    node: NodeRecord & { parentScopeId?: string },
+    graph: Graph
+  ): Promise<Constraint[]> {
+    const constraints: Constraint[] = [];
+    let currentScopeId = node.parentScopeId;
+    const visited = new Set<string>();
+
+    while (currentScopeId && !visited.has(currentScopeId)) {
+      visited.add(currentScopeId);
+
+      // Find the scope node
+      let scope: ScopeNode | null = null;
+      for await (const s of graph.queryNodes({ nodeType: 'SCOPE' })) {
+        const scopeNode = s as ScopeNode;
+        if (scopeNode.id === currentScopeId ||
+            scopeNode.originalId === currentScopeId ||
+            scopeNode.stableId === currentScopeId) {
+          scope = scopeNode;
+          break;
+        }
+      }
+
+      if (!scope) break;
+
+      // Add constraints from this scope
+      if (scope.constraints && Array.isArray(scope.constraints)) {
+        constraints.push(...scope.constraints);
+      }
+
+      // Move up to parent scope
+      currentScopeId = scope.parentScopeId;
+    }
+
+    return constraints;
+  }
+
+  /**
+   * Apply constraints to narrow a value set
+   */
+  applyConstraints(
+    valueSet: ValueSetResult,
+    constraints: Constraint[],
+    variableName: string
+  ): ValueSetResult {
+    if (constraints.length === 0) {
+      return valueSet;
+    }
+
+    let result: ValueSetResult = {
+      values: [...valueSet.values],
+      hasUnknown: valueSet.hasUnknown
+    };
+
+    for (const constraint of constraints) {
+      result = this.applySingleConstraint(result, constraint, variableName);
+    }
+
+    return result;
+  }
+
+  /**
+   * Apply a single constraint to a value set
+   */
+  applySingleConstraint(
+    valueSet: ValueSetResult,
+    constraint: Constraint,
+    variableName: string
+  ): ValueSetResult {
+    if (constraint.variable !== variableName) {
+      // Constraint is for a different variable - no change
+      return valueSet;
+    }
+
+    switch (constraint.operator) {
+      case '===':
+      case '==':
+        // Exact match - narrow to single value
+        return {
+          values: [constraint.value],
+          hasUnknown: false
+        };
+
+      case '!==':
+      case '!=':
+        // Exclusion - remove specific value from set
+        return {
+          values: valueSet.values.filter(v => v !== constraint.value),
+          hasUnknown: valueSet.hasUnknown
+        };
+
+      case 'in':
+        // Value must be one of the specified values
+        if (constraint.values) {
+          if (valueSet.hasUnknown) {
+            // Unknown narrowed to specific set
+            return {
+              values: constraint.values,
+              hasUnknown: false
+            };
+          } else {
+            // Intersect with known values
+            return {
+              values: valueSet.values.filter(v => constraint.values!.includes(v)),
+              hasUnknown: false
+            };
+          }
+        }
+        return valueSet;
+
+      case 'not_in':
+        // Value must NOT be one of the specified values
+        if (constraint.values) {
+          return {
+            values: valueSet.values.filter(v => !constraint.values!.includes(v)),
+            hasUnknown: valueSet.hasUnknown
+          };
+        }
+        return valueSet;
+
+      case 'truthy':
+        // Variable is truthy - can't narrow much, but excludes falsy values
+        return {
+          values: valueSet.values.filter(v =>
+            v !== null && v !== undefined && v !== false && v !== 0 && v !== ''
+          ),
+          hasUnknown: valueSet.hasUnknown
+        };
+
+      case 'falsy':
+        // Variable is falsy
+        return {
+          values: valueSet.values.filter(v =>
+            v === null || v === undefined || v === false || v === 0 || v === ''
+          ),
+          hasUnknown: false // We know it's falsy
+        };
+
+      default:
+        return valueSet;
+    }
+  }
+
+  /**
+   * Check if an EXPRESSION node represents a nondeterministic source
+   */
+  isNondeterministicExpression(node: ExpressionNode): boolean {
+    const expressionType = node.expressionType || node.attrs?.expressionType;
+    if (expressionType !== 'MemberExpression') {
+      return false;
+    }
+
+    const object = node.object || node.attrs?.object;
+    const property = node.property || node.attrs?.property;
+
+    if (!object || !property) {
+      return false;
+    }
+
+    // Check exact patterns (object.property)
+    for (const pattern of ValueDomainAnalyzer.NONDETERMINISTIC_PATTERNS) {
+      if (object === pattern.object && property === pattern.property) {
+        return true;
+      }
+    }
+
+    // Check if object is a known nondeterministic prefix
+    // e.g., process.env.VAR where object is 'process.env'
+    for (const prefix of ValueDomainAnalyzer.NONDETERMINISTIC_OBJECTS) {
+      if (object === prefix || object.startsWith(prefix + '.')) {
+        return true;
+      }
+    }
+
+    return false;
+  }
+
+  /**
+   * Recursive value set tracing through ASSIGNED_FROM edges
+   */
+  async traceValueSet(
+    node: NodeRecord,
+    graph: Graph,
+    visited: Set<string>,
+    depth: number
+  ): Promise<ValueSetResult> {
+    const result: ValueSetResult = { values: [], hasUnknown: false };
+
+    // Cycle protection
+    if (visited.has(node.id)) {
+      return result;
+    }
+    visited.add(node.id);
+
+    // Depth protection
+    if (depth > ValueDomainAnalyzer.MAX_DEPTH) {
+      result.hasUnknown = true;
+      return result;
+    }
+
+    // Support both fields: nodeType (from getNode) and type (alias)
+    const nodeType = (node as { nodeType?: string; type?: string }).nodeType ||
+                     (node as { type?: string }).type;
+
+    // If it's a LITERAL - add value
+    if (nodeType === 'LITERAL') {
+      const value = (node as { value?: unknown }).value;
+      if (value !== undefined && value !== null) {
+        result.values.push(value);
+      }
+      return result;
+    }
+
+    // If it's a PARAMETER or nondeterministic source
+    if (nodeType === 'PARAMETER') {
+      result.hasUnknown = true;
+      return result;
+    }
+
+    // If it's a CALL - consider nondeterministic (for now)
+    if (nodeType === 'CALL') {
+      result.hasUnknown = true;
+      return result;
+    }
+
+    // If it's an EXPRESSION - check nondeterministic patterns
+    if (nodeType === 'EXPRESSION') {
+      if (this.isNondeterministicExpression(node as ExpressionNode)) {
+        result.hasUnknown = true;
+        return result;
+      }
+    }
+
+    // Follow ASSIGNED_FROM and DERIVES_FROM edges
+    // DERIVES_FROM is used for template literals and other composite expressions
+    const outgoing = await graph.getOutgoingEdges(node.id);
+    // edgeType (from getOutgoingEdges) or edge_type (from other APIs)
+    const dataFlowEdges = outgoing.filter(e => {
+      const edgeType = (e as { edgeType?: string; edge_type?: string }).edgeType ||
+                       (e as { edge_type?: string }).edge_type;
+      return edgeType === 'ASSIGNED_FROM' || edgeType === 'DERIVES_FROM';
+    });
+
+    if (dataFlowEdges.length === 0) {
+      // No sources - unknown
+      result.hasUnknown = true;
+      return result;
+    }
+
+    // Recursively trace each source
+    for (const edge of dataFlowEdges) {
+      // dst (from getOutgoingEdges) or target_id (from other APIs)
+      const targetId = (edge as { dst?: string; target_id?: string }).dst ||
+                       (edge as { target_id?: string }).target_id;
+      if (!targetId) continue;
+
+      const sourceNode = await graph.getNode(targetId);
+      if (!sourceNode) continue;
+
+      const sourceResult = await this.traceValueSet(
+        sourceNode,
+        graph,
+        visited,
+        depth + 1
+      );
+
+      sourceResult.values.forEach(v => result.values.push(v));
+      if (sourceResult.hasUnknown) {
+        result.hasUnknown = true;
+      }
+    }
+
+    return result;
+  }
+
+  /**
+   * Find method by object name and method name
+   */
+  async findMethod(
+    objectName: string,
+    methodName: string,
+    file: string,
+    graph: Graph
+  ): Promise<NodeRecord | null> {
+    // Find methods in the same file
+    for await (const node of graph.queryNodes({ nodeType: 'FUNCTION' })) {
+      const funcNode = node as { file?: string; name?: string };
+      if (funcNode.file === file && funcNode.name === methodName) {
+        // Check if this is a method of the right object
+        // Simplified: check via incoming CONTAINS edges from CLASS
+        const incoming = await graph.getIncomingEdges(node.id);
+        const containsEdges = incoming.filter(e => {
+          const edgeType = (e as { edgeType?: string; edge_type?: string }).edgeType ||
+                           (e as { edge_type?: string }).edge_type;
+          return edgeType === 'CONTAINS';
+        });
+
+        for (const edge of containsEdges) {
+          const sourceId = (edge as { src?: string; source_id?: string }).src ||
+                           (edge as { source_id?: string }).source_id;
+          if (!sourceId) continue;
+
+          const container = await graph.getNode(sourceId);
+          // node_type (from DB) or type (from addNodes)
+          const containerType = (container as { node_type?: string; type?: string })?.node_type ||
+                                (container as { type?: string })?.type;
+          const containerName = (container as { name?: string })?.name;
+          if (container && containerType === 'CLASS' && containerName === objectName) {
+            return node;
+          }
+        }
+      }
+    }
+
+    return null;
+  }
+}
+
+export default ValueDomainAnalyzer;