npm - @grafema/core - Versions diffs - 0.1.0-alpha.1 - Mend

@grafema/core 0.1.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (402) hide show

package/LICENSE +190 -0
package/README.md +76 -0
package/dist/Orchestrator.d.ts +142 -0
package/dist/Orchestrator.d.ts.map +1 -0
package/dist/Orchestrator.js +481 -0
package/dist/api/GraphAPI.d.ts +87 -0
package/dist/api/GraphAPI.d.ts.map +1 -0
package/dist/api/GraphAPI.js +210 -0
package/dist/api/GuaranteeAPI.d.ts +147 -0
package/dist/api/GuaranteeAPI.d.ts.map +1 -0
package/dist/api/GuaranteeAPI.js +288 -0
package/dist/core/ASTWorker.d.ts +133 -0
package/dist/core/ASTWorker.d.ts.map +1 -0
package/dist/core/ASTWorker.js +352 -0
package/dist/core/ASTWorkerPool.d.ts +85 -0
package/dist/core/ASTWorkerPool.d.ts.map +1 -0
package/dist/core/ASTWorkerPool.js +207 -0
package/dist/core/AnalysisQueue.d.ts +104 -0
package/dist/core/AnalysisQueue.d.ts.map +1 -0
package/dist/core/AnalysisQueue.js +299 -0
package/dist/core/AnalysisWorker.d.ts +14 -0
package/dist/core/AnalysisWorker.d.ts.map +1 -0
package/dist/core/AnalysisWorker.js +307 -0
package/dist/core/GraphBackend.d.ts +156 -0
package/dist/core/GraphBackend.d.ts.map +1 -0
package/dist/core/GraphBackend.js +85 -0
package/dist/core/GuaranteeManager.d.ts +230 -0
package/dist/core/GuaranteeManager.d.ts.map +1 -0
package/dist/core/GuaranteeManager.js +352 -0
package/dist/core/ManifestStore.d.ts +71 -0
package/dist/core/ManifestStore.d.ts.map +1 -0
package/dist/core/ManifestStore.js +146 -0
package/dist/core/NodeFactory.d.ts +160 -0
package/dist/core/NodeFactory.d.ts.map +1 -0
package/dist/core/NodeFactory.js +137 -0
package/dist/core/NodeId.d.ts +88 -0
package/dist/core/NodeId.d.ts.map +1 -0
package/dist/core/NodeId.js +170 -0
package/dist/core/ParallelAnalyzer.d.ts +120 -0
package/dist/core/ParallelAnalyzer.d.ts.map +1 -0
package/dist/core/ParallelAnalyzer.js +331 -0
package/dist/core/PriorityQueue.d.ts +106 -0
package/dist/core/PriorityQueue.d.ts.map +1 -0
package/dist/core/PriorityQueue.js +168 -0
package/dist/core/Profiler.d.ts +75 -0
package/dist/core/Profiler.d.ts.map +1 -0
package/dist/core/Profiler.js +149 -0
package/dist/core/QueueWorker.d.ts +12 -0
package/dist/core/QueueWorker.d.ts.map +1 -0
package/dist/core/QueueWorker.js +567 -0
package/dist/core/RFDBClient.d.ts +179 -0
package/dist/core/RFDBClient.d.ts.map +1 -0
package/dist/core/RFDBClient.js +429 -0
package/dist/core/Task.d.ts +56 -0
package/dist/core/Task.d.ts.map +1 -0
package/dist/core/Task.js +85 -0
package/dist/core/TaskTypes.d.ts +20 -0
package/dist/core/TaskTypes.d.ts.map +1 -0
package/dist/core/TaskTypes.js +10 -0
package/dist/core/VersionManager.d.ts +166 -0
package/dist/core/VersionManager.d.ts.map +1 -0
package/dist/core/VersionManager.js +237 -0
package/dist/core/WorkerPool.d.ts +82 -0
package/dist/core/WorkerPool.d.ts.map +1 -0
package/dist/core/WorkerPool.js +109 -0
package/dist/core/nodes/CallSiteNode.d.ts +26 -0
package/dist/core/nodes/CallSiteNode.d.ts.map +1 -0
package/dist/core/nodes/CallSiteNode.js +44 -0
package/dist/core/nodes/ClassNode.d.ts +25 -0
package/dist/core/nodes/ClassNode.d.ts.map +1 -0
package/dist/core/nodes/ClassNode.js +40 -0
package/dist/core/nodes/ConstantNode.d.ts +24 -0
package/dist/core/nodes/ConstantNode.d.ts.map +1 -0
package/dist/core/nodes/ConstantNode.js +39 -0
package/dist/core/nodes/DatabaseQueryNode.d.ts +22 -0
package/dist/core/nodes/DatabaseQueryNode.d.ts.map +1 -0
package/dist/core/nodes/DatabaseQueryNode.js +37 -0
package/dist/core/nodes/EntrypointNode.d.ts +102 -0
package/dist/core/nodes/EntrypointNode.d.ts.map +1 -0
package/dist/core/nodes/EntrypointNode.js +119 -0
package/dist/core/nodes/EventListenerNode.d.ts +25 -0
package/dist/core/nodes/EventListenerNode.d.ts.map +1 -0
package/dist/core/nodes/EventListenerNode.js +39 -0
package/dist/core/nodes/ExportNode.d.ts +26 -0
package/dist/core/nodes/ExportNode.d.ts.map +1 -0
package/dist/core/nodes/ExportNode.js +40 -0
package/dist/core/nodes/ExternalStdioNode.d.ts +17 -0
package/dist/core/nodes/ExternalStdioNode.d.ts.map +1 -0
package/dist/core/nodes/ExternalStdioNode.js +26 -0
package/dist/core/nodes/FunctionNode.d.ts +27 -0
package/dist/core/nodes/FunctionNode.d.ts.map +1 -0
package/dist/core/nodes/FunctionNode.js +53 -0
package/dist/core/nodes/GuaranteeNode.d.ts +76 -0
package/dist/core/nodes/GuaranteeNode.d.ts.map +1 -0
package/dist/core/nodes/GuaranteeNode.js +117 -0
package/dist/core/nodes/HttpRequestNode.d.ts +24 -0
package/dist/core/nodes/HttpRequestNode.d.ts.map +1 -0
package/dist/core/nodes/HttpRequestNode.js +38 -0
package/dist/core/nodes/ImportNode.d.ts +27 -0
package/dist/core/nodes/ImportNode.d.ts.map +1 -0
package/dist/core/nodes/ImportNode.js +43 -0
package/dist/core/nodes/LiteralNode.d.ts +26 -0
package/dist/core/nodes/LiteralNode.d.ts.map +1 -0
package/dist/core/nodes/LiteralNode.js +40 -0
package/dist/core/nodes/MethodCallNode.d.ts +29 -0
package/dist/core/nodes/MethodCallNode.d.ts.map +1 -0
package/dist/core/nodes/MethodCallNode.js +47 -0
package/dist/core/nodes/MethodNode.d.ts +29 -0
package/dist/core/nodes/MethodNode.d.ts.map +1 -0
package/dist/core/nodes/MethodNode.js +44 -0
package/dist/core/nodes/ModuleNode.d.ts +29 -0
package/dist/core/nodes/ModuleNode.d.ts.map +1 -0
package/dist/core/nodes/ModuleNode.js +49 -0
package/dist/core/nodes/NodeKind.d.ts +91 -0
package/dist/core/nodes/NodeKind.d.ts.map +1 -0
package/dist/core/nodes/NodeKind.js +146 -0
package/dist/core/nodes/ParameterNode.d.ts +26 -0
package/dist/core/nodes/ParameterNode.d.ts.map +1 -0
package/dist/core/nodes/ParameterNode.js +43 -0
package/dist/core/nodes/ScopeNode.d.ts +32 -0
package/dist/core/nodes/ScopeNode.d.ts.map +1 -0
package/dist/core/nodes/ScopeNode.js +47 -0
package/dist/core/nodes/ServiceNode.d.ts +44 -0
package/dist/core/nodes/ServiceNode.d.ts.map +1 -0
package/dist/core/nodes/ServiceNode.js +49 -0
package/dist/core/nodes/VariableDeclarationNode.d.ts +22 -0
package/dist/core/nodes/VariableDeclarationNode.d.ts.map +1 -0
package/dist/core/nodes/VariableDeclarationNode.js +38 -0
package/dist/core/nodes/index.d.ts +25 -0
package/dist/core/nodes/index.d.ts.map +1 -0
package/dist/core/nodes/index.js +30 -0
package/dist/index.d.ts +57 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +63 -0
package/dist/plugins/Plugin.d.ts +44 -0
package/dist/plugins/Plugin.d.ts.map +1 -0
package/dist/plugins/Plugin.js +46 -0
package/dist/plugins/analysis/DatabaseAnalyzer.d.ts +23 -0
package/dist/plugins/analysis/DatabaseAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/DatabaseAnalyzer.js +260 -0
package/dist/plugins/analysis/ExpressAnalyzer.d.ts +19 -0
package/dist/plugins/analysis/ExpressAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/ExpressAnalyzer.js +306 -0
package/dist/plugins/analysis/ExpressRouteAnalyzer.d.ts +17 -0
package/dist/plugins/analysis/ExpressRouteAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/ExpressRouteAnalyzer.js +308 -0
package/dist/plugins/analysis/FetchAnalyzer.d.ts +38 -0
package/dist/plugins/analysis/FetchAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/FetchAnalyzer.js +344 -0
package/dist/plugins/analysis/IncrementalAnalysisPlugin.d.ts +65 -0
package/dist/plugins/analysis/IncrementalAnalysisPlugin.d.ts.map +1 -0
package/dist/plugins/analysis/IncrementalAnalysisPlugin.js +472 -0
package/dist/plugins/analysis/JSASTAnalyzer.d.ts +84 -0
package/dist/plugins/analysis/JSASTAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/JSASTAnalyzer.js +1378 -0
package/dist/plugins/analysis/ReactAnalyzer.d.ts +90 -0
package/dist/plugins/analysis/ReactAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/ReactAnalyzer.js +1153 -0
package/dist/plugins/analysis/RustAnalyzer.d.ts +13 -0
package/dist/plugins/analysis/RustAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/RustAnalyzer.js +259 -0
package/dist/plugins/analysis/SQLiteAnalyzer.d.ts +21 -0
package/dist/plugins/analysis/SQLiteAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/SQLiteAnalyzer.js +317 -0
package/dist/plugins/analysis/ServiceLayerAnalyzer.d.ts +35 -0
package/dist/plugins/analysis/ServiceLayerAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/ServiceLayerAnalyzer.js +303 -0
package/dist/plugins/analysis/SocketIOAnalyzer.d.ts +33 -0
package/dist/plugins/analysis/SocketIOAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/SocketIOAnalyzer.js +283 -0
package/dist/plugins/analysis/SystemDbAnalyzer.d.ts +27 -0
package/dist/plugins/analysis/SystemDbAnalyzer.d.ts.map +1 -0
package/dist/plugins/analysis/SystemDbAnalyzer.js +211 -0
package/dist/plugins/analysis/ast/ConditionParser.d.ts +85 -0
package/dist/plugins/analysis/ast/ConditionParser.d.ts.map +1 -0
package/dist/plugins/analysis/ast/ConditionParser.js +277 -0
package/dist/plugins/analysis/ast/ExpressionEvaluator.d.ts +15 -0
package/dist/plugins/analysis/ast/ExpressionEvaluator.d.ts.map +1 -0
package/dist/plugins/analysis/ast/ExpressionEvaluator.js +91 -0
package/dist/plugins/analysis/ast/GraphBuilder.d.ts +77 -0
package/dist/plugins/analysis/ast/GraphBuilder.d.ts.map +1 -0
package/dist/plugins/analysis/ast/GraphBuilder.js +1077 -0
package/dist/plugins/analysis/ast/OxcAdapter.d.ts +41 -0
package/dist/plugins/analysis/ast/OxcAdapter.d.ts.map +1 -0
package/dist/plugins/analysis/ast/OxcAdapter.js +40 -0
package/dist/plugins/analysis/ast/types.d.ts +346 -0
package/dist/plugins/analysis/ast/types.d.ts.map +1 -0
package/dist/plugins/analysis/ast/types.js +4 -0
package/dist/plugins/analysis/ast/visitors/ASTVisitor.d.ts +93 -0
package/dist/plugins/analysis/ast/visitors/ASTVisitor.d.ts.map +1 -0
package/dist/plugins/analysis/ast/visitors/ASTVisitor.js +24 -0
package/dist/plugins/analysis/ast/visitors/CallExpressionVisitor.d.ts +77 -0
package/dist/plugins/analysis/ast/visitors/CallExpressionVisitor.d.ts.map +1 -0
package/dist/plugins/analysis/ast/visitors/CallExpressionVisitor.js +377 -0
package/dist/plugins/analysis/ast/visitors/ClassVisitor.d.ts +27 -0
package/dist/plugins/analysis/ast/visitors/ClassVisitor.d.ts.map +1 -0
package/dist/plugins/analysis/ast/visitors/ClassVisitor.js +232 -0
package/dist/plugins/analysis/ast/visitors/FunctionVisitor.d.ts +25 -0
package/dist/plugins/analysis/ast/visitors/FunctionVisitor.d.ts.map +1 -0
package/dist/plugins/analysis/ast/visitors/FunctionVisitor.js +172 -0
package/dist/plugins/analysis/ast/visitors/ImportExportVisitor.d.ts +29 -0
package/dist/plugins/analysis/ast/visitors/ImportExportVisitor.d.ts.map +1 -0
package/dist/plugins/analysis/ast/visitors/ImportExportVisitor.js +180 -0
package/dist/plugins/analysis/ast/visitors/TypeScriptVisitor.d.ts +14 -0
package/dist/plugins/analysis/ast/visitors/TypeScriptVisitor.d.ts.map +1 -0
package/dist/plugins/analysis/ast/visitors/TypeScriptVisitor.js +200 -0
package/dist/plugins/analysis/ast/visitors/VariableVisitor.d.ts +45 -0
package/dist/plugins/analysis/ast/visitors/VariableVisitor.d.ts.map +1 -0
package/dist/plugins/analysis/ast/visitors/VariableVisitor.js +150 -0
package/dist/plugins/analysis/ast/visitors/index.d.ts +17 -0
package/dist/plugins/analysis/ast/visitors/index.d.ts.map +1 -0
package/dist/plugins/analysis/ast/visitors/index.js +13 -0
package/dist/plugins/discovery/DiscoveryPlugin.d.ts +34 -0
package/dist/plugins/discovery/DiscoveryPlugin.d.ts.map +1 -0
package/dist/plugins/discovery/DiscoveryPlugin.js +26 -0
package/dist/plugins/discovery/MonorepoServiceDiscovery.d.ts +26 -0
package/dist/plugins/discovery/MonorepoServiceDiscovery.d.ts.map +1 -0
package/dist/plugins/discovery/MonorepoServiceDiscovery.js +79 -0
package/dist/plugins/discovery/SimpleProjectDiscovery.d.ts +14 -0
package/dist/plugins/discovery/SimpleProjectDiscovery.d.ts.map +1 -0
package/dist/plugins/discovery/SimpleProjectDiscovery.js +65 -0
package/dist/plugins/discovery/ZonServiceDiscovery.d.ts +19 -0
package/dist/plugins/discovery/ZonServiceDiscovery.d.ts.map +1 -0
package/dist/plugins/discovery/ZonServiceDiscovery.js +204 -0
package/dist/plugins/enrichment/AliasTracker.d.ts +40 -0
package/dist/plugins/enrichment/AliasTracker.d.ts.map +1 -0
package/dist/plugins/enrichment/AliasTracker.js +290 -0
package/dist/plugins/enrichment/HTTPConnectionEnricher.d.ts +30 -0
package/dist/plugins/enrichment/HTTPConnectionEnricher.d.ts.map +1 -0
package/dist/plugins/enrichment/HTTPConnectionEnricher.js +135 -0
package/dist/plugins/enrichment/ImportExportLinker.d.ts +30 -0
package/dist/plugins/enrichment/ImportExportLinker.d.ts.map +1 -0
package/dist/plugins/enrichment/ImportExportLinker.js +176 -0
package/dist/plugins/enrichment/InstanceOfResolver.d.ts +21 -0
package/dist/plugins/enrichment/InstanceOfResolver.d.ts.map +1 -0
package/dist/plugins/enrichment/InstanceOfResolver.js +117 -0
package/dist/plugins/enrichment/MethodCallResolver.d.ts +41 -0
package/dist/plugins/enrichment/MethodCallResolver.d.ts.map +1 -0
package/dist/plugins/enrichment/MethodCallResolver.js +252 -0
package/dist/plugins/enrichment/MountPointResolver.d.ts +26 -0
package/dist/plugins/enrichment/MountPointResolver.d.ts.map +1 -0
package/dist/plugins/enrichment/MountPointResolver.js +189 -0
package/dist/plugins/enrichment/PrefixEvaluator.d.ts +89 -0
package/dist/plugins/enrichment/PrefixEvaluator.d.ts.map +1 -0
package/dist/plugins/enrichment/PrefixEvaluator.js +415 -0
package/dist/plugins/enrichment/RustFFIEnricher.d.ts +25 -0
package/dist/plugins/enrichment/RustFFIEnricher.d.ts.map +1 -0
package/dist/plugins/enrichment/RustFFIEnricher.js +170 -0
package/dist/plugins/enrichment/ValueDomainAnalyzer.d.ts +114 -0
package/dist/plugins/enrichment/ValueDomainAnalyzer.d.ts.map +1 -0
package/dist/plugins/enrichment/ValueDomainAnalyzer.js +464 -0
package/dist/plugins/indexing/IncrementalModuleIndexer.d.ts +27 -0
package/dist/plugins/indexing/IncrementalModuleIndexer.d.ts.map +1 -0
package/dist/plugins/indexing/IncrementalModuleIndexer.js +238 -0
package/dist/plugins/indexing/JSModuleIndexer.d.ts +33 -0
package/dist/plugins/indexing/JSModuleIndexer.d.ts.map +1 -0
package/dist/plugins/indexing/JSModuleIndexer.js +299 -0
package/dist/plugins/indexing/RustModuleIndexer.d.ts +28 -0
package/dist/plugins/indexing/RustModuleIndexer.d.ts.map +1 -0
package/dist/plugins/indexing/RustModuleIndexer.js +140 -0
package/dist/plugins/indexing/ServiceDetector.d.ts +46 -0
package/dist/plugins/indexing/ServiceDetector.d.ts.map +1 -0
package/dist/plugins/indexing/ServiceDetector.js +164 -0
package/dist/plugins/validation/CallResolverValidator.d.ts +23 -0
package/dist/plugins/validation/CallResolverValidator.d.ts.map +1 -0
package/dist/plugins/validation/CallResolverValidator.js +108 -0
package/dist/plugins/validation/DataFlowValidator.d.ts +24 -0
package/dist/plugins/validation/DataFlowValidator.d.ts.map +1 -0
package/dist/plugins/validation/DataFlowValidator.js +148 -0
package/dist/plugins/validation/EvalBanValidator.d.ts +25 -0
package/dist/plugins/validation/EvalBanValidator.d.ts.map +1 -0
package/dist/plugins/validation/EvalBanValidator.js +123 -0
package/dist/plugins/validation/GraphConnectivityValidator.d.ts +11 -0
package/dist/plugins/validation/GraphConnectivityValidator.d.ts.map +1 -0
package/dist/plugins/validation/GraphConnectivityValidator.js +135 -0
package/dist/plugins/validation/SQLInjectionValidator.d.ts +43 -0
package/dist/plugins/validation/SQLInjectionValidator.d.ts.map +1 -0
package/dist/plugins/validation/SQLInjectionValidator.js +251 -0
package/dist/plugins/validation/ShadowingDetector.d.ts +26 -0
package/dist/plugins/validation/ShadowingDetector.d.ts.map +1 -0
package/dist/plugins/validation/ShadowingDetector.js +119 -0
package/dist/plugins/validation/TypeScriptDeadCodeValidator.d.ts +21 -0
package/dist/plugins/validation/TypeScriptDeadCodeValidator.d.ts.map +1 -0
package/dist/plugins/validation/TypeScriptDeadCodeValidator.js +151 -0
package/dist/plugins/vcs/GitPlugin.d.ts +84 -0
package/dist/plugins/vcs/GitPlugin.d.ts.map +1 -0
package/dist/plugins/vcs/GitPlugin.js +295 -0
package/dist/plugins/vcs/VCSPlugin.d.ts +133 -0
package/dist/plugins/vcs/VCSPlugin.d.ts.map +1 -0
package/dist/plugins/vcs/VCSPlugin.js +82 -0
package/dist/plugins/vcs/index.d.ts +10 -0
package/dist/plugins/vcs/index.d.ts.map +1 -0
package/dist/plugins/vcs/index.js +18 -0
package/dist/storage/backends/RFDBServerBackend.d.ts +258 -0
package/dist/storage/backends/RFDBServerBackend.d.ts.map +1 -0
package/dist/storage/backends/RFDBServerBackend.js +565 -0
package/dist/storage/backends/typeValidation.d.ts +47 -0
package/dist/storage/backends/typeValidation.d.ts.map +1 -0
package/dist/storage/backends/typeValidation.js +137 -0
package/dist/validation/PathValidator.d.ts +81 -0
package/dist/validation/PathValidator.d.ts.map +1 -0
package/dist/validation/PathValidator.js +251 -0
package/package.json +57 -0
package/src/.rfguard/current-session.txt +1 -0
package/src/Orchestrator.ts +673 -0
package/src/api/GraphAPI.ts +305 -0
package/src/api/GuaranteeAPI.ts +401 -0
package/src/core/ASTWorker.ts +567 -0
package/src/core/ASTWorkerPool.ts +299 -0
package/src/core/AnalysisQueue.ts +447 -0
package/src/core/AnalysisWorker.ts +410 -0
package/src/core/GraphBackend.ts +265 -0
package/src/core/GuaranteeManager.ts +581 -0
package/src/core/ManifestStore.ts +196 -0
package/src/core/NodeFactory.ts +274 -0
package/src/core/NodeId.ts +257 -0
package/src/core/ParallelAnalyzer.ts +476 -0
package/src/core/PriorityQueue.ts +227 -0
package/src/core/Profiler.ts +188 -0
package/src/core/QueueWorker.ts +780 -0
package/src/core/Task.ts +107 -0
package/src/core/TaskTypes.ts +40 -0
package/src/core/VersionManager.ts +404 -0
package/src/core/WorkerPool.ts +180 -0
package/src/core/nodes/CallSiteNode.ts +72 -0
package/src/core/nodes/ClassNode.ts +69 -0
package/src/core/nodes/ConstantNode.ts +63 -0
package/src/core/nodes/DatabaseQueryNode.ts +60 -0
package/src/core/nodes/EntrypointNode.ts +164 -0
package/src/core/nodes/EventListenerNode.ts +64 -0
package/src/core/nodes/ExportNode.ts +71 -0
package/src/core/nodes/ExternalStdioNode.ts +36 -0
package/src/core/nodes/FunctionNode.ts +78 -0
package/src/core/nodes/GuaranteeNode.ts +162 -0
package/src/core/nodes/HttpRequestNode.ts +63 -0
package/src/core/nodes/ImportNode.ts +75 -0
package/src/core/nodes/LiteralNode.ts +67 -0
package/src/core/nodes/MethodCallNode.ts +79 -0
package/src/core/nodes/MethodNode.ts +78 -0
package/src/core/nodes/ModuleNode.ts +74 -0
package/src/core/nodes/NodeKind.ts +171 -0
package/src/core/nodes/ParameterNode.ts +73 -0
package/src/core/nodes/ScopeNode.ts +80 -0
package/src/core/nodes/ServiceNode.ts +86 -0
package/src/core/nodes/VariableDeclarationNode.ts +60 -0
package/src/core/nodes/index.ts +49 -0
package/src/index.ts +93 -0
package/src/plugins/Plugin.ts +74 -0
package/src/plugins/analysis/DatabaseAnalyzer.ts +322 -0
package/src/plugins/analysis/ExpressAnalyzer.ts +401 -0
package/src/plugins/analysis/ExpressRouteAnalyzer.ts +414 -0
package/src/plugins/analysis/FetchAnalyzer.ts +441 -0
package/src/plugins/analysis/IncrementalAnalysisPlugin.ts +686 -0
package/src/plugins/analysis/JSASTAnalyzer.ts +1680 -0
package/src/plugins/analysis/ReactAnalyzer.ts +1368 -0
package/src/plugins/analysis/RustAnalyzer.ts +438 -0
package/src/plugins/analysis/SQLiteAnalyzer.ts +388 -0
package/src/plugins/analysis/ServiceLayerAnalyzer.ts +429 -0
package/src/plugins/analysis/SocketIOAnalyzer.ts +395 -0
package/src/plugins/analysis/SystemDbAnalyzer.ts +284 -0
package/src/plugins/analysis/ast/ConditionParser.ts +333 -0
package/src/plugins/analysis/ast/ExpressionEvaluator.ts +117 -0
package/src/plugins/analysis/ast/GraphBuilder.ts +1371 -0
package/src/plugins/analysis/ast/OxcAdapter.ts +63 -0
package/src/plugins/analysis/ast/types.ts +400 -0
package/src/plugins/analysis/ast/visitors/ASTVisitor.ts +137 -0
package/src/plugins/analysis/ast/visitors/CallExpressionVisitor.ts +528 -0
package/src/plugins/analysis/ast/visitors/ClassVisitor.ts +339 -0
package/src/plugins/analysis/ast/visitors/FunctionVisitor.ts +273 -0
package/src/plugins/analysis/ast/visitors/ImportExportVisitor.ts +259 -0
package/src/plugins/analysis/ast/visitors/TypeScriptVisitor.ts +235 -0
package/src/plugins/analysis/ast/visitors/VariableVisitor.ts +268 -0
package/src/plugins/analysis/ast/visitors/index.ts +36 -0
package/src/plugins/discovery/DiscoveryPlugin.ts +50 -0
package/src/plugins/discovery/MonorepoServiceDiscovery.ts +117 -0
package/src/plugins/discovery/SimpleProjectDiscovery.ts +102 -0
package/src/plugins/enrichment/AliasTracker.ts +399 -0
package/src/plugins/enrichment/HTTPConnectionEnricher.ts +192 -0
package/src/plugins/enrichment/ImportExportLinker.ts +221 -0
package/src/plugins/enrichment/InstanceOfResolver.ts +165 -0
package/src/plugins/enrichment/MethodCallResolver.ts +333 -0
package/src/plugins/enrichment/MountPointResolver.ts +264 -0
package/src/plugins/enrichment/PrefixEvaluator.ts +527 -0
package/src/plugins/enrichment/RustFFIEnricher.ts +218 -0
package/src/plugins/enrichment/ValueDomainAnalyzer.ts +682 -0
package/src/plugins/indexing/IncrementalModuleIndexer.ts +287 -0
package/src/plugins/indexing/JSModuleIndexer.ts +374 -0
package/src/plugins/indexing/RustModuleIndexer.ts +160 -0
package/src/plugins/indexing/ServiceDetector.ts +230 -0
package/src/plugins/validation/CallResolverValidator.ts +170 -0
package/src/plugins/validation/DataFlowValidator.ts +233 -0
package/src/plugins/validation/EvalBanValidator.ts +175 -0
package/src/plugins/validation/GraphConnectivityValidator.ts +201 -0
package/src/plugins/validation/SQLInjectionValidator.ts +363 -0
package/src/plugins/validation/ShadowingDetector.ts +173 -0
package/src/plugins/validation/TypeScriptDeadCodeValidator.ts +203 -0
package/src/plugins/vcs/GitPlugin.ts +344 -0
package/src/plugins/vcs/VCSPlugin.ts +190 -0
package/src/plugins/vcs/index.ts +32 -0
package/src/storage/backends/RFDBServerBackend.ts +687 -0
package/src/storage/backends/typeValidation.ts +151 -0
package/src/validation/PathValidator.ts +342 -0

package/src/plugins/validation/SQLInjectionValidator.ts ADDED Viewed

@@ -0,0 +1,363 @@
+/**
+ * SQLInjectionValidator - детектирует SQL injection уязвимости
+ *
+ * Security инвариант: SQL запросы не должны содержать недетерминированные
+ * значения (user input) без параметризации.
+ *
+ * Детектирует:
+ * - Template literal с переменными от параметров: `SELECT * FROM users WHERE id = ${userId}`
+ * - String concatenation с user input: "SELECT * FROM users WHERE id = " + userId
+ *
+ * Безопасные паттерны (НЕ flagged):
+ * - Параметризованные запросы: db.query('SELECT * FROM users WHERE id = ?', [userId])
+ * - Только литералы: const query = 'SELECT * FROM users'
+ * - Литералы в template: const role = 'admin'; `SELECT * FROM users WHERE role = '${role}'`
+ *
+ * ПРАВИЛА:
+ * 1. Найти CALL с method = query/execute/run/all/get
+ * 2. Проверить первый аргумент - если содержит nondeterministic value → violation
+ * 3. Использовать ValueDomainAnalyzer для трассировки значений
+ */
+import { Plugin, createSuccessResult } from '../Plugin.js';
+import type { PluginContext, PluginResult, PluginMetadata } from '../Plugin.js';
+import type { BaseNodeRecord, NodeRecord } from '@grafema/types';
+import type { EdgeRecord as TypesEdgeRecord } from '@grafema/types';
+import { ValueDomainAnalyzer } from '../enrichment/ValueDomainAnalyzer.js';
+// Type expected by ValueDomainAnalyzer
+interface ValueAnalyzerGraph {
+  queryNodes(filter: { nodeType: string }): AsyncIterable<NodeRecord>;
+  getNode(id: string): Promise<NodeRecord | null>;
+  getOutgoingEdges(nodeId: string): Promise<TypesEdgeRecord[]>;
+  getIncomingEdges(nodeId: string): Promise<TypesEdgeRecord[]>;
+  addEdge(edge: { src: string; dst: string; type: string; metadata?: Record<string, unknown> }): Promise<void> | void;
+}
+// SQL query method names to detect
+const SQL_METHODS = ['query', 'execute', 'exec', 'run', 'all', 'get', 'prepare', 'raw'];
+/**
+ * SQL injection issue
+ */
+interface SQLInjectionIssue {
+  type: string;
+  severity: string;
+  message: string;
+  nodeId: string;
+  file?: string;
+  line?: number;
+  reason: string;
+  nondeterministicSources: string[];
+}
+/**
+ * Analysis result
+ */
+interface AnalysisResult {
+  isVulnerable: boolean;
+  reason: string | null;
+  sources: string[];
+}
+/**
+ * Edge record
+ */
+interface EdgeRecord {
+  edgeType?: string;
+  edge_type?: string;
+  dst?: string;
+  target_id?: string;
+  argIndex?: number;
+  index?: number;
+  [key: string]: unknown;
+}
+/**
+ * Extended node with query properties
+ */
+interface CallNode extends BaseNodeRecord {
+  method?: string;
+  queryArgName?: string;
+  nodeType?: string;
+  attrs?: { name?: string };
+}
+/**
+ * Datalog violation result
+ */
+interface DatalogViolation {
+  bindings: Array<{ name: string; value: string }>;
+}
+export class SQLInjectionValidator extends Plugin {
+  private valueAnalyzer: ValueDomainAnalyzer;
+  constructor() {
+    super();
+    this.valueAnalyzer = new ValueDomainAnalyzer();
+  }
+  get metadata(): PluginMetadata {
+    return {
+      name: 'SQLInjectionValidator',
+      phase: 'VALIDATION',
+      priority: 90, // After ValueDomainAnalyzer (65)
+      creates: {
+        nodes: [],
+        edges: []
+      }
+    };
+  }
+  async execute(context: PluginContext): Promise<PluginResult> {
+    const { graph } = context;
+    console.log('[SQLInjectionValidator] Checking for SQL injection vulnerabilities...');
+    const issues: SQLInjectionIssue[] = [];
+    // 1. Find all CALL nodes that look like SQL queries
+    const sqlCalls: CallNode[] = [];
+    for await (const node of graph.queryNodes({ nodeType: 'CALL' })) {
+      const callNode = node as CallNode;
+      const method = callNode.method || callNode.name;
+      if (method && SQL_METHODS.includes(method as string)) {
+        sqlCalls.push(callNode);
+      }
+    }
+    console.log(`[SQLInjectionValidator] Found ${sqlCalls.length} potential SQL calls`);
+    // 2. For each SQL call, analyze the query argument
+    for (const call of sqlCalls) {
+      const result = await this.analyzeQueryCall(call, graph);
+      if (result.isVulnerable) {
+        issues.push({
+          type: 'SQL_INJECTION',
+          severity: 'ERROR',
+          message: `Potential SQL injection at ${call.file}:${call.line || '?'} - ${result.reason}`,
+          nodeId: call.id,
+          file: call.file,
+          line: call.line as number | undefined,
+          reason: result.reason!,
+          nondeterministicSources: result.sources
+        });
+      }
+    }
+    // 3. Also check via graph pattern - CALL nodes that have ARGUMENT -> PARAMETER paths
+    const patternViolations = await this.checkViaGraphPattern(graph, sqlCalls);
+    for (const violation of patternViolations) {
+      // Avoid duplicates
+      if (!issues.find(i => i.nodeId === violation.nodeId)) {
+        issues.push(violation);
+      }
+    }
+    const summary = {
+      sqlCallsChecked: sqlCalls.length,
+      vulnerabilitiesFound: issues.length
+    };
+    console.log('[SQLInjectionValidator] Summary:', summary);
+    if (issues.length > 0) {
+      console.log('[SQLInjectionValidator] ❌ SQL injection vulnerabilities found:');
+      for (const issue of issues) {
+        console.log(`  🚫 ${issue.message}`);
+      }
+    } else {
+      console.log('[SQLInjectionValidator] ✅ No SQL injection vulnerabilities detected');
+    }
+    return createSuccessResult(
+      { nodes: 0, edges: 0 },
+      { summary, issues }
+    );
+  }
+  /**
+   * Analyze a SQL query call for injection vulnerabilities
+   */
+  private async analyzeQueryCall(call: CallNode, graph: PluginContext['graph']): Promise<AnalysisResult> {
+    const result: AnalysisResult = {
+      isVulnerable: false,
+      reason: null,
+      sources: []
+    };
+    // Get the query argument - usually first argument
+    // We need to check if it has nondeterministic content
+    // Check if this call has PASSES_ARGUMENT edges
+    const outgoing = await graph.getOutgoingEdges(call.id) as unknown as EdgeRecord[];
+    const argEdges = outgoing.filter(e =>
+      (e.edgeType || e.edge_type) === 'PASSES_ARGUMENT'
+    );
+    if (argEdges.length === 0) {
+      // No tracked arguments - check via queryArgName attribute if available
+      if (call.queryArgName) {
+        const valueSet = await this.valueAnalyzer.getValueSet(call.queryArgName, call.file!, graph as unknown as ValueAnalyzerGraph);
+        if (valueSet.hasUnknown) {
+          result.isVulnerable = true;
+          result.reason = `Query argument "${call.queryArgName}" contains user input`;
+          result.sources = ['unknown'];
+        }
+      }
+      return result;
+    }
+    // Check each argument
+    for (const edge of argEdges) {
+      const argId = edge.dst || edge.target_id;
+      const argNode = await graph.getNode(argId!) as CallNode | null;
+      if (!argNode) continue;
+      const argIndex = edge.argIndex || edge.index;
+      if (argIndex !== 0 && argIndex !== undefined) continue; // Only check first argument
+      // Check argument type
+      const argType = argNode.nodeType || argNode.type;
+      if (argType === 'LITERAL') {
+        // Pure literal - safe
+        continue;
+      }
+      if (argType === 'VARIABLE' || argType === 'CONSTANT') {
+        // Trace value domain
+        const varName = argNode.name || argNode.attrs?.name;
+        if (varName) {
+          const valueSet = await this.valueAnalyzer.getValueSet(varName as string, call.file!, graph as unknown as ValueAnalyzerGraph);
+          if (valueSet.hasUnknown) {
+            result.isVulnerable = true;
+            result.reason = `Query variable "${varName}" may contain user input`;
+            result.sources.push(varName as string);
+          }
+        }
+      }
+      if (argType === 'PARAMETER') {
+        // Direct parameter in query - definitely vulnerable
+        result.isVulnerable = true;
+        result.reason = 'Query contains direct function parameter';
+        result.sources.push((argNode.name as string) || 'parameter');
+      }
+      if (argType === 'EXPRESSION') {
+        // Template literal or concatenation - check for nondeterministic values
+        const { hasUnknown, sources } = await this.checkExpressionForNondeterminism(argNode, graph);
+        if (hasUnknown) {
+          result.isVulnerable = true;
+          result.reason = 'Query expression contains nondeterministic values';
+          result.sources.push(...sources);
+        }
+      }
+    }
+    return result;
+  }
+  /**
+   * Check if an expression contains nondeterministic values
+   */
+  private async checkExpressionForNondeterminism(
+    exprNode: CallNode,
+    graph: PluginContext['graph']
+  ): Promise<{ hasUnknown: boolean; sources: string[] }> {
+    const result = { hasUnknown: false, sources: [] as string[] };
+    // Check DERIVES_FROM edges
+    const outgoing = await graph.getOutgoingEdges(exprNode.id) as unknown as EdgeRecord[];
+    const derivesFromEdges = outgoing.filter(e =>
+      (e.edgeType || e.edge_type) === 'DERIVES_FROM' ||
+      (e.edgeType || e.edge_type) === 'ASSIGNED_FROM'
+    );
+    for (const edge of derivesFromEdges) {
+      const sourceId = edge.dst || edge.target_id;
+      const sourceNode = await graph.getNode(sourceId!) as CallNode | null;
+      if (!sourceNode) continue;
+      const sourceType = sourceNode.nodeType || sourceNode.type;
+      if (sourceType === 'PARAMETER') {
+        result.hasUnknown = true;
+        result.sources.push((sourceNode.name as string) || 'parameter');
+      } else if (sourceType === 'VARIABLE' || sourceType === 'CONSTANT') {
+        const varName = sourceNode.name || sourceNode.attrs?.name;
+        if (varName) {
+          const valueSet = await this.valueAnalyzer.getValueSet(varName as string, exprNode.file!, graph);
+          if (valueSet.hasUnknown) {
+            result.hasUnknown = true;
+            result.sources.push(varName as string);
+          }
+        }
+      }
+    }
+    return result;
+  }
+  /**
+   * Check via Datalog graph pattern for SQL injection
+   * Pattern: CALL -[PASSES_ARGUMENT]-> VARIABLE -[ASSIGNED_FROM*]-> PARAMETER
+   */
+  private async checkViaGraphPattern(
+    graph: PluginContext['graph'],
+    excludeCalls: CallNode[] = []
+  ): Promise<SQLInjectionIssue[]> {
+    const issues: SQLInjectionIssue[] = [];
+    const excludeIds = new Set(excludeCalls.map(c => c.id));
+    // Find CALL nodes that have argument tracing to PARAMETER
+    try {
+      // Check if graph supports checkGuarantee
+      if (!graph.checkGuarantee) {
+        console.log('[SQLInjectionValidator] Graph does not support checkGuarantee, skipping pattern-based check');
+        return issues;
+      }
+      // Check guarantee for SQL method calls with parameter-derived arguments
+      const violations = await graph.checkGuarantee(`
+        violation(X) :-
+          node(X, "CALL"),
+          attr(X, "method", M),
+          edge(X, Arg, "PASSES_ARGUMENT"),
+          edge(Arg, P, "ASSIGNED_FROM"),
+          node(P, "PARAMETER").
+      `) as DatalogViolation[];
+      for (const v of violations) {
+        const nodeId = v.bindings.find(b => b.name === 'X')?.value;
+        if (nodeId && !excludeIds.has(nodeId)) {
+          const node = await graph.getNode(nodeId) as CallNode | null;
+          if (node) {
+            const method = node.method || node.name;
+            if (SQL_METHODS.includes(method as string)) {
+              issues.push({
+                type: 'SQL_INJECTION',
+                severity: 'ERROR',
+                message: `SQL injection via parameter flow at ${node.file}:${node.line || '?'}`,
+                nodeId,
+                file: node.file,
+                line: node.line as number | undefined,
+                reason: 'Parameter value flows into SQL query',
+                nondeterministicSources: ['parameter']
+              });
+            }
+          }
+        }
+      }
+    } catch (err) {
+      // Datalog query might fail if backend doesn't support it
+      console.log('[SQLInjectionValidator] Datalog check skipped:', (err as Error).message);
+    }
+    return issues;
+  }
+}
+export default SQLInjectionValidator;

package/src/plugins/validation/ShadowingDetector.ts ADDED Viewed

@@ -0,0 +1,173 @@
+/**
+ * ShadowingDetector - detects variable shadowing issues
+ *
+ * Detects two types of shadowing:
+ *
+ * 1. Cross-file shadowing:
+ *    - CLASS `User` defined in models.js
+ *    - VARIABLE `User` in handlers.js shadows the class
+ *    - Method calls on the variable go to wrong target
+ *
+ * 2. Scope-aware shadowing:
+ *    - import { User } from './models'
+ *    - function handler() { const User = {...}; User.save(); }
+ *    - Local variable shadows the imported class
+ *
+ * Implementation notes:
+ * - Datalog doesn't support inequality (\=), so we use JS filtering
+ * - queryNodes is an async generator, use getAllNodes for arrays
+ */
+import { Plugin, createSuccessResult } from '../Plugin.js';
+import type { PluginContext, PluginResult, PluginMetadata } from '../Plugin.js';
+import type { BaseNodeRecord, NodeRecord } from '@grafema/types';
+/**
+ * Shadowing issue
+ */
+interface ShadowingIssue {
+  type: string;
+  severity: string;
+  message: string;
+  shadowingNodeId: string;
+  shadowedName: string;
+  shadowedNodeId: string;
+  shadowedFile?: string;
+  file?: string;
+  line?: number;
+  scope?: string;
+}
+/**
+ * Extended node with shadowing properties
+ */
+interface ShadowableNode extends BaseNodeRecord {
+  local?: string;
+  parentScopeId?: string;
+}
+/**
+ * Validation summary
+ */
+interface ValidationSummary {
+  crossFileShadows: number;
+  scopeShadows: number;
+  totalIssues: number;
+}
+export class ShadowingDetector extends Plugin {
+  get metadata(): PluginMetadata {
+    return {
+      name: 'ShadowingDetector',
+      phase: 'VALIDATION',
+      priority: 80, // After enrichment, before other validators
+      creates: {
+        nodes: [],
+        edges: []
+      }
+    };
+  }
+  async execute(context: PluginContext): Promise<PluginResult> {
+    const { graph } = context;
+    console.log('[ShadowingDetector] Checking for variable shadowing...');
+    const issues: ShadowingIssue[] = [];
+    // Get all relevant nodes
+    const allClasses = await graph.getAllNodes({ type: 'CLASS' });
+    const allVariables = await graph.getAllNodes({ type: 'VARIABLE' }) as ShadowableNode[];
+    const allConstants = await graph.getAllNodes({ type: 'CONSTANT' }) as ShadowableNode[];
+    const allImports = await graph.getAllNodes({ type: 'IMPORT' }) as ShadowableNode[];
+    // Build maps for efficient lookup
+    const classesByName = new Map<string, NodeRecord[]>();
+    for (const cls of allClasses) {
+      const name = cls.name as string;
+      if (!classesByName.has(name)) {
+        classesByName.set(name, []);
+      }
+      classesByName.get(name)!.push(cls);
+    }
+    const importsByFileAndLocal = new Map<string, ShadowableNode>();
+    for (const imp of allImports) {
+      const key = `${imp.file}:${imp.local}`;
+      importsByFileAndLocal.set(key, imp);
+    }
+    // 1. Cross-file shadowing: VARIABLE shadows CLASS from another file
+    for (const variable of allVariables) {
+      const name = variable.name as string;
+      const classesWithSameName = classesByName.get(name);
+      if (classesWithSameName) {
+        // Find classes in different files
+        const shadowedClasses = classesWithSameName.filter(c => c.file !== variable.file);
+        for (const shadowedClass of shadowedClasses) {
+          issues.push({
+            type: 'CROSS_FILE_SHADOW',
+            severity: 'WARNING',
+            message: `Variable "${name}" at ${variable.file}:${variable.line || '?'} shadows class "${name}" from ${shadowedClass.file}`,
+            shadowingNodeId: variable.id,
+            shadowedName: name,
+            shadowedNodeId: shadowedClass.id,
+            shadowedFile: shadowedClass.file,
+            file: variable.file,
+            line: variable.line as number | undefined
+          });
+        }
+      }
+    }
+    // 2. Scope-aware shadowing: local VARIABLE/CONSTANT shadows IMPORT
+    // Variables/constants with parentScopeId (inside functions) that shadow imports
+    const allLocalVars = [...allVariables, ...allConstants].filter(v => v.parentScopeId);
+    for (const localVar of allLocalVars) {
+      const name = localVar.name as string;
+      const importKey = `${localVar.file}:${name}`;
+      const shadowedImport = importsByFileAndLocal.get(importKey);
+      if (shadowedImport) {
+        const nodeType = localVar.type === 'CONSTANT' ? 'constant' : 'variable';
+        issues.push({
+          type: 'SCOPE_SHADOW',
+          severity: 'WARNING',
+          message: `Local ${nodeType} "${name}" at ${localVar.file}:${localVar.line || '?'} shadows imported "${name}"`,
+          shadowingNodeId: localVar.id,
+          shadowedName: name,
+          shadowedNodeId: shadowedImport.id,
+          file: localVar.file,
+          line: localVar.line as number | undefined,
+          scope: localVar.parentScopeId
+        });
+      }
+    }
+    const crossFileCount = issues.filter(i => i.type === 'CROSS_FILE_SHADOW').length;
+    const scopeCount = issues.filter(i => i.type === 'SCOPE_SHADOW').length;
+    const summary: ValidationSummary = {
+      crossFileShadows: crossFileCount,
+      scopeShadows: scopeCount,
+      totalIssues: issues.length
+    };
+    console.log('[ShadowingDetector] Summary:', summary);
+    if (issues.length > 0) {
+      console.log('[ShadowingDetector] Shadowing issues found:');
+      for (const issue of issues) {
+        console.log(`  ${issue.type === 'CROSS_FILE_SHADOW' ? '📁' : '🔒'} ${issue.message}`);
+      }
+    } else {
+      console.log('[ShadowingDetector] No shadowing issues detected');
+    }
+    return createSuccessResult(
+      { nodes: 0, edges: 0 },
+      { summary, issues }
+    );
+  }
+}