@kevinrabun/judges 3.25.1 → 3.27.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/CHANGELOG.md +45 -0
  2. package/dist/ast/index.d.ts.map +1 -1
  3. package/dist/ast/index.js +31 -4
  4. package/dist/ast/index.js.map +1 -1
  5. package/dist/ast/structural-parser.js +16 -3
  6. package/dist/ast/structural-parser.js.map +1 -1
  7. package/dist/ast/tree-sitter-ast.d.ts.map +1 -1
  8. package/dist/ast/tree-sitter-ast.js +159 -0
  9. package/dist/ast/tree-sitter-ast.js.map +1 -1
  10. package/dist/cli.d.ts.map +1 -1
  11. package/dist/cli.js +3 -0
  12. package/dist/cli.js.map +1 -1
  13. package/dist/commands/baseline.d.ts.map +1 -1
  14. package/dist/commands/baseline.js +3 -0
  15. package/dist/commands/baseline.js.map +1 -1
  16. package/dist/commands/review.d.ts.map +1 -1
  17. package/dist/commands/review.js +3 -2
  18. package/dist/commands/review.js.map +1 -1
  19. package/dist/evaluators/accessibility.d.ts.map +1 -1
  20. package/dist/evaluators/accessibility.js +141 -1
  21. package/dist/evaluators/accessibility.js.map +1 -1
  22. package/dist/evaluators/cost-effectiveness.d.ts.map +1 -1
  23. package/dist/evaluators/cost-effectiveness.js +99 -2
  24. package/dist/evaluators/cost-effectiveness.js.map +1 -1
  25. package/dist/evaluators/false-positive-review.d.ts.map +1 -1
  26. package/dist/evaluators/false-positive-review.js +55 -13
  27. package/dist/evaluators/false-positive-review.js.map +1 -1
  28. package/dist/evaluators/iac-security.d.ts.map +1 -1
  29. package/dist/evaluators/iac-security.js +195 -1
  30. package/dist/evaluators/iac-security.js.map +1 -1
  31. package/dist/evaluators/security.js +2 -2
  32. package/dist/evaluators/security.js.map +1 -1
  33. package/dist/evaluators/ux.d.ts.map +1 -1
  34. package/dist/evaluators/ux.js +80 -1
  35. package/dist/evaluators/ux.js.map +1 -1
  36. package/dist/github-app.d.ts.map +1 -1
  37. package/dist/github-app.js +2 -0
  38. package/dist/github-app.js.map +1 -1
  39. package/dist/language-patterns.d.ts +62 -0
  40. package/dist/language-patterns.d.ts.map +1 -1
  41. package/dist/language-patterns.js +78 -0
  42. package/dist/language-patterns.js.map +1 -1
  43. package/dist/scoring.d.ts.map +1 -1
  44. package/dist/scoring.js +95 -74
  45. package/dist/scoring.js.map +1 -1
  46. package/dist/types.d.ts +1 -1
  47. package/dist/types.d.ts.map +1 -1
  48. package/grammars/tree-sitter-kotlin.wasm +0 -0
  49. package/grammars/tree-sitter-php.wasm +0 -0
  50. package/grammars/tree-sitter-ruby.wasm +0 -0
  51. package/grammars/tree-sitter-swift.wasm +0 -0
  52. package/package.json +1 -9
  53. package/server.json +2 -2
@@ -37,6 +37,8 @@ export declare const ENV_ACCESS: {
37
37
  ruby: string;
38
38
  kotlin: string;
39
39
  swift: string;
40
+ dart: string;
41
+ bash: string;
40
42
  };
41
43
  export declare const HARDCODED_ENV: {
42
44
  jsts: string;
@@ -46,6 +48,8 @@ export declare const HARDCODED_ENV: {
46
48
  java: string;
47
49
  go: string;
48
50
  powershell: string;
51
+ dart: string;
52
+ bash: string;
49
53
  };
50
54
  export declare const FUNCTION_DEF: {
51
55
  jsts: string;
@@ -59,6 +63,9 @@ export declare const FUNCTION_DEF: {
59
63
  ruby: string;
60
64
  kotlin: string;
61
65
  swift: string;
66
+ dart: string;
67
+ bash: string;
68
+ sql: string;
62
69
  };
63
70
  export declare const TRY_CATCH: {
64
71
  jsts: string;
@@ -72,6 +79,8 @@ export declare const TRY_CATCH: {
72
79
  ruby: string;
73
80
  kotlin: string;
74
81
  swift: string;
82
+ dart: string;
83
+ bash: string;
75
84
  };
76
85
  export declare const EMPTY_CATCH: {
77
86
  jsts: string;
@@ -85,6 +94,8 @@ export declare const EMPTY_CATCH: {
85
94
  ruby: string;
86
95
  kotlin: string;
87
96
  swift: string;
97
+ dart: string;
98
+ bash: string;
88
99
  };
89
100
  export declare const GENERIC_CATCH: {
90
101
  jsts: string;
@@ -96,6 +107,8 @@ export declare const GENERIC_CATCH: {
96
107
  ruby: string;
97
108
  kotlin: string;
98
109
  swift: string;
110
+ dart: string;
111
+ bash: string;
99
112
  };
100
113
  export declare const PANIC_UNWRAP: {
101
114
  rust: string;
@@ -109,6 +122,8 @@ export declare const PANIC_UNWRAP: {
109
122
  ruby: string;
110
123
  kotlin: string;
111
124
  swift: string;
125
+ dart: string;
126
+ bash: string;
112
127
  };
113
128
  export declare const WEAK_TYPE: {
114
129
  jsts: string;
@@ -121,6 +136,7 @@ export declare const WEAK_TYPE: {
121
136
  php: string;
122
137
  kotlin: string;
123
138
  swift: string;
139
+ dart: string;
124
140
  };
125
141
  export declare const ASYNC_FUNCTION: {
126
142
  jsts: string;
@@ -134,6 +150,8 @@ export declare const ASYNC_FUNCTION: {
134
150
  ruby: string;
135
151
  kotlin: string;
136
152
  swift: string;
153
+ dart: string;
154
+ bash: string;
137
155
  };
138
156
  export declare const MISSING_AWAIT: {
139
157
  jsts: string;
@@ -141,6 +159,7 @@ export declare const MISSING_AWAIT: {
141
159
  rust: string;
142
160
  csharp: string;
143
161
  java: string;
162
+ dart: string;
144
163
  };
145
164
  export declare const SHARED_MUTABLE: {
146
165
  jsts: string;
@@ -153,6 +172,7 @@ export declare const SHARED_MUTABLE: {
153
172
  ruby: string;
154
173
  kotlin: string;
155
174
  swift: string;
175
+ dart: string;
156
176
  };
157
177
  export declare const WILDCARD_IMPORT: {
158
178
  jsts: string;
@@ -161,6 +181,7 @@ export declare const WILDCARD_IMPORT: {
161
181
  csharp: string;
162
182
  php: string;
163
183
  kotlin: string;
184
+ dart: string;
164
185
  };
165
186
  export declare const DEPRECATED_IMPORT: {
166
187
  jsts: string;
@@ -179,6 +200,8 @@ export declare const SQL_INJECTION: {
179
200
  ruby: string;
180
201
  kotlin: string;
181
202
  swift: string;
203
+ dart: string;
204
+ sql: string;
182
205
  };
183
206
  export declare const COMMAND_INJECTION: {
184
207
  jsts: string;
@@ -192,6 +215,8 @@ export declare const COMMAND_INJECTION: {
192
215
  ruby: string;
193
216
  kotlin: string;
194
217
  swift: string;
218
+ dart: string;
219
+ bash: string;
195
220
  };
196
221
  export declare const HARDCODED_PASSWORD: {
197
222
  all: string;
@@ -214,6 +239,7 @@ export declare const WEAK_HASH: {
214
239
  ruby: string;
215
240
  kotlin: string;
216
241
  swift: string;
242
+ dart: string;
217
243
  };
218
244
  export declare const EVAL_USAGE: {
219
245
  jsts: string;
@@ -227,6 +253,8 @@ export declare const EVAL_USAGE: {
227
253
  ruby: string;
228
254
  kotlin: string;
229
255
  swift: string;
256
+ dart: string;
257
+ bash: string;
230
258
  };
231
259
  export declare const TLS_DISABLED: {
232
260
  jsts: string;
@@ -240,6 +268,7 @@ export declare const TLS_DISABLED: {
240
268
  ruby: string;
241
269
  kotlin: string;
242
270
  swift: string;
271
+ dart: string;
243
272
  };
244
273
  export declare const CORS_WILDCARD: {
245
274
  jsts: string;
@@ -251,6 +280,7 @@ export declare const CORS_WILDCARD: {
251
280
  ruby: string;
252
281
  kotlin: string;
253
282
  swift: string;
283
+ dart: string;
254
284
  };
255
285
  export declare const HTTP_ROUTE: {
256
286
  jsts: string;
@@ -263,6 +293,7 @@ export declare const HTTP_ROUTE: {
263
293
  ruby: string;
264
294
  kotlin: string;
265
295
  swift: string;
296
+ dart: string;
266
297
  };
267
298
  export declare const CONSOLE_LOG: {
268
299
  jsts: string;
@@ -276,6 +307,8 @@ export declare const CONSOLE_LOG: {
276
307
  ruby: string;
277
308
  kotlin: string;
278
309
  swift: string;
310
+ dart: string;
311
+ bash: string;
279
312
  };
280
313
  export declare const STRUCTURED_LOG: {
281
314
  jsts: string;
@@ -288,6 +321,7 @@ export declare const STRUCTURED_LOG: {
288
321
  ruby: string;
289
322
  kotlin: string;
290
323
  swift: string;
324
+ dart: string;
291
325
  };
292
326
  export declare const TEST_FUNCTION: {
293
327
  jsts: string;
@@ -301,6 +335,8 @@ export declare const TEST_FUNCTION: {
301
335
  ruby: string;
302
336
  kotlin: string;
303
337
  swift: string;
338
+ dart: string;
339
+ bash: string;
304
340
  };
305
341
  export declare const ASSERTION: {
306
342
  jsts: string;
@@ -314,6 +350,8 @@ export declare const ASSERTION: {
314
350
  ruby: string;
315
351
  kotlin: string;
316
352
  swift: string;
353
+ dart: string;
354
+ bash: string;
317
355
  };
318
356
  export declare const DOC_COMMENT: {
319
357
  jsts: string;
@@ -327,6 +365,8 @@ export declare const DOC_COMMENT: {
327
365
  ruby: string;
328
366
  kotlin: string;
329
367
  swift: string;
368
+ dart: string;
369
+ sql: string;
330
370
  };
331
371
  export declare const FOR_LOOP: {
332
372
  jsts: string;
@@ -340,6 +380,9 @@ export declare const FOR_LOOP: {
340
380
  ruby: string;
341
381
  kotlin: string;
342
382
  swift: string;
383
+ dart: string;
384
+ bash: string;
385
+ sql: string;
343
386
  };
344
387
  export declare const CLASS_DEF: {
345
388
  jsts: string;
@@ -353,6 +396,7 @@ export declare const CLASS_DEF: {
353
396
  ruby: string;
354
397
  kotlin: string;
355
398
  swift: string;
399
+ dart: string;
356
400
  };
357
401
  export declare const MANIFEST_FILES: Record<LangFamily, string[]>;
358
402
  export declare const INPUT_VALIDATION: {
@@ -367,6 +411,7 @@ export declare const INPUT_VALIDATION: {
367
411
  ruby: string;
368
412
  kotlin: string;
369
413
  swift: string;
414
+ dart: string;
370
415
  };
371
416
  export declare const MUTEX: {
372
417
  jsts: string;
@@ -379,6 +424,7 @@ export declare const MUTEX: {
379
424
  ruby: string;
380
425
  kotlin: string;
381
426
  swift: string;
427
+ dart: string;
382
428
  };
383
429
  export declare const DB_QUERY: {
384
430
  jsts: string;
@@ -392,6 +438,8 @@ export declare const DB_QUERY: {
392
438
  ruby: string;
393
439
  kotlin: string;
394
440
  swift: string;
441
+ dart: string;
442
+ sql: string;
395
443
  };
396
444
  export declare const HTTP_CLIENT: {
397
445
  jsts: string;
@@ -405,6 +453,8 @@ export declare const HTTP_CLIENT: {
405
453
  ruby: string;
406
454
  kotlin: string;
407
455
  swift: string;
456
+ dart: string;
457
+ bash: string;
408
458
  };
409
459
  export declare const MAGIC_NUMBER: {
410
460
  jsts: string;
@@ -414,6 +464,8 @@ export declare const MAGIC_NUMBER: {
414
464
  java: string;
415
465
  go: string;
416
466
  powershell: string;
467
+ dart: string;
468
+ bash: string;
417
469
  };
418
470
  export declare const TODO_FIXME: {
419
471
  all: string;
@@ -430,6 +482,9 @@ export declare const LINTER_DISABLE: {
430
482
  ruby: string;
431
483
  kotlin: string;
432
484
  swift: string;
485
+ dart: string;
486
+ bash: string;
487
+ sql: string;
433
488
  };
434
489
  export declare const UNSAFE_DESERIALIZATION: {
435
490
  jsts: string;
@@ -443,6 +498,8 @@ export declare const UNSAFE_DESERIALIZATION: {
443
498
  ruby: string;
444
499
  kotlin: string;
445
500
  swift: string;
501
+ dart: string;
502
+ bash: string;
446
503
  };
447
504
  export declare const RESOURCE_LEAK: {
448
505
  jsts: string;
@@ -456,6 +513,8 @@ export declare const RESOURCE_LEAK: {
456
513
  ruby: string;
457
514
  kotlin: string;
458
515
  swift: string;
516
+ dart: string;
517
+ bash: string;
459
518
  };
460
519
  export declare const DEPRECATED_API: {
461
520
  jsts: string;
@@ -468,6 +527,7 @@ export declare const DEPRECATED_API: {
468
527
  ruby: string;
469
528
  kotlin: string;
470
529
  swift: string;
530
+ dart: string;
471
531
  };
472
532
  /** Flask/Django debug mode or insecure settings */
473
533
  export declare const FRAMEWORK_DEBUG_MODE: {
@@ -479,6 +539,7 @@ export declare const FRAMEWORK_DEBUG_MODE: {
479
539
  ruby: string;
480
540
  kotlin: string;
481
541
  swift: string;
542
+ dart: string;
482
543
  };
483
544
  /** Missing HTTPS / security middleware in frameworks */
484
545
  export declare const FRAMEWORK_MISSING_SECURITY: {
@@ -490,6 +551,7 @@ export declare const FRAMEWORK_MISSING_SECURITY: {
490
551
  php: string;
491
552
  ruby: string;
492
553
  swift: string;
554
+ dart: string;
493
555
  };
494
556
  /** Framework-specific secret key / session misconfigurations */
495
557
  export declare const FRAMEWORK_SECRET_KEY: {
@@ -1 +1 @@
1
- {"version":3,"file":"language-patterns.d.ts","sourceRoot":"","sources":["../src/language-patterns.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAyD7C;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,UAAU,CAG9D;AAED;;GAEG;AACH,wBAAgB,MAAM,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAEhD;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAUrD;AAED;;GAEG;AACH,wBAAgB,KAAK,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAE/C;AAID;;;GAGG;AACH,wBAAgB,WAAW,CACzB,IAAI,EAAE,UAAU,EAChB,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,GAAG,MAAM,GAAG,KAAK,EAAE,MAAM,CAAC,CAAC,GAC7D,MAAM,GAAG,IAAI,CA+Bf;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,GAAG,MAAM,EAAE,MAAM,CAAC,CAAC,GAAG,MAAM,CAW7F;AAQD,eAAO,MAAM,UAAU;;;;;;;;;;;;CAYtB,CAAC;AAEF,eAAO,MAAM,aAAa;;;;;;;;CAQzB,CAAC;AAIF,eAAO,MAAM,YAAY;;;;;;;;;;;;CAYxB,CAAC;AAIF,eAAO,MAAM,SAAS;;;;;;;;;;;;CAYrB,CAAC;AAEF,eAAO,MAAM,WAAW;;;;;;;;;;;;CAYvB,CAAC;AAEF,eAAO,MAAM,aAAa;;;;;;;;;;CAWzB,CAAC;AAEF,eAAO,MAAM,YAAY;;;;;;;;;;;;CAYxB,CAAC;AAIF,eAAO,MAAM,SAAS;;;;;;;;;;;CAcrB,CAAC;AAIF,eAAO,MAAM,cAAc;;;;;;;;;;;;CAY1B,CAAC;AAEF,eAAO,MAAM,aAAa;;;;;;CAMzB,CAAC;AAEF,eAAO,MAAM,cAAc;;;;;;;;;;;CAc1B,CAAC;AAIF,eAAO,MAAM,eAAe;;;;;;;CAO3B,CAAC;AAEF,eAAO,MAAM,iBAAiB;;;;CAI7B,CAAC;AAIF,eAAO,MAAM,aAAa;;;;;;;;;;;;CAYzB,CAAC;AAIF,eAAO,MAAM,iBAAiB;;;;;;;;;;;;CAY7B,CAAC;AAIF,eAAO,MAAM,kBAAkB;;CAE9B,CAAC;AAEF,eAAO,MAAM,iBAAiB;;CAE7B,CAAC;AAEF,eAAO,MAAM,gBAAgB;;CAE5B,CAAC;AAIF,eAAO,MAAM,SAAS;;;;;;;;;;;;CAYrB,CAAC;AAIF,eAAO,MAAM,UAAU;;;;;;;;;;;;CAYtB,CAAC;AAIF,eAAO,MAAM,YAAY;;;;;;;;;;;;CAYxB,CAAC;AAIF,eAAO,MAAM,aAAa;;;;;;;;;;CAUzB,CAAC;AAIF,eAAO,MAAM,UAAU;;;;;;;;;;;CAWtB,CAAC;AAIF,eAAO,MAAM,WAAW;;;;;;;;;;;;CAYvB,CAAC;AAEF,eAAO,MAAM,cAAc;;;;;;;;;;;CAW1B,CAAC;AAIF,eAAO,MAAM,aAAa;;;;;;;;;;;;CAYzB,CAAC;AAEF,eAAO,MAAM,SAAS;;;;;;;;;;;;CAYrB,CAAC;AAIF,eAAO,MAAM,WAAW;;;;;;;;;;;;CAYvB,CAAC;AAIF,eAAO,MAAM,QAAQ;;;;;;;;;;;;CAYpB,CAAC;AAIF,eAAO,MAAM,SAAS;;;;;;;;;;;;CAYrB,CAAC;AAIF,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,EAAE,CAmBvD,CAAC;AAIF,eAAO,MAAM,gBAAgB;;;;;;;;;;;;CAY5B,CAAC;AAIF,eAAO,MAAM,KAAK;;;;;;;;;;;CAWjB,CAAC;AAIF,eAAO,MAAM,QAAQ;;;;;;;;;;;;CAYpB,CAAC;AAIF,eAAO,MAAM,WAAW;;;;;;;;;;;;CAYvB,CAAC;AAIF,eAAO,MAAM,YAAY;;;;;;;;CAQxB,CAAC;AAIF,eAAO,MAAM,UAAU;;CAEtB,CAAC;AAIF,eAAO,MAAM,cAAc;;;;;;;;;;;;CAY1B,CAAC;AAIF,eAAO,MAAM,sBAAsB;;;;;;;;;;;;CAYlC,CAAC;AAIF,eAAO,MAAM,aAAa;;;;;;;;;;;;CAYzB,CAAC;AAIF,eAAO,MAAM,cAAc;;;;;;;;;;;CAW1B,CAAC;AAKF,mDAAmD;AACnD,eAAO,MAAM,oBAAoB;;;;;;;;;CAShC,CAAC;AAEF,wDAAwD;AACxD,eAAO,MAAM,0BAA0B;;;;;;;;;CAStC,CAAC;AAEF,gEAAgE;AAChE,eAAO,MAAM,oBAAoB;;;;;;;CAOhC,CAAC;AAEF,wEAAwE;AACxE,eAAO,MAAM,yBAAyB;;;;;;;CAOrC,CAAC;AAEF,oDAAoD;AACpD,eAAO,MAAM,gBAAgB;;CAE5B,CAAC;AAEF,wDAAwD;AACxD,eAAO,MAAM,kBAAkB;;CAE9B,CAAC;AAIF,+BAA+B;AAC/B,eAAO,MAAM,gBAAgB;;;;CAI5B,CAAC;AAEF,+CAA+C;AAC/C,eAAO,MAAM,oBAAoB;;;;CAIhC,CAAC;AAEF,qCAAqC;AACrC,eAAO,MAAM,sBAAsB;;;;CAIlC,CAAC;AAEF,gCAAgC;AAChC,eAAO,MAAM,iBAAiB;;;;CAI7B,CAAC;AAEF,0EAA0E;AAC1E,eAAO,MAAM,gBAAgB;;;;CAI5B,CAAC;AAEF,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;;CAIlC,CAAC;AAEF,0CAA0C;AAC1C,eAAO,MAAM,iBAAiB;;;;CAI7B,CAAC;AAEF,uCAAuC;AACvC,eAAO,MAAM,mBAAmB;;;;CAI/B,CAAC;AAEF,mDAAmD;AACnD,eAAO,MAAM,sBAAsB;;;;CAIlC,CAAC;AAEF,6CAA6C;AAC7C,eAAO,MAAM,sBAAsB;;;;CAIlC,CAAC;AAEF,+DAA+D;AAC/D,eAAO,MAAM,oBAAoB;;;;CAIhC,CAAC;AAEF,oDAAoD;AACpD,eAAO,MAAM,kBAAkB;;;;CAI9B,CAAC"}
1
+ {"version":3,"file":"language-patterns.d.ts","sourceRoot":"","sources":["../src/language-patterns.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAoE7C;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,UAAU,CAG9D;AAED;;GAEG;AACH,wBAAgB,MAAM,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAEhD;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAYrD;AAED;;GAEG;AACH,wBAAgB,KAAK,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAE/C;AAID;;;GAGG;AACH,wBAAgB,WAAW,CACzB,IAAI,EAAE,UAAU,EAChB,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,GAAG,MAAM,GAAG,KAAK,EAAE,MAAM,CAAC,CAAC,GAC7D,MAAM,GAAG,IAAI,CA+Bf;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,GAAG,MAAM,EAAE,MAAM,CAAC,CAAC,GAAG,MAAM,CAW7F;AAQD,eAAO,MAAM,UAAU;;;;;;;;;;;;;;CActB,CAAC;AAEF,eAAO,MAAM,aAAa;;;;;;;;;;CAUzB,CAAC;AAIF,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;CAexB,CAAC;AAIF,eAAO,MAAM,SAAS;;;;;;;;;;;;;;CAcrB,CAAC;AAEF,eAAO,MAAM,WAAW;;;;;;;;;;;;;;CAcvB,CAAC;AAEF,eAAO,MAAM,aAAa;;;;;;;;;;;;CAazB,CAAC;AAEF,eAAO,MAAM,YAAY;;;;;;;;;;;;;;CAcxB,CAAC;AAIF,eAAO,MAAM,SAAS;;;;;;;;;;;;CAerB,CAAC;AAIF,eAAO,MAAM,cAAc;;;;;;;;;;;;;;CAc1B,CAAC;AAEF,eAAO,MAAM,aAAa;;;;;;;CAOzB,CAAC;AAEF,eAAO,MAAM,cAAc;;;;;;;;;;;;CAe1B,CAAC;AAIF,eAAO,MAAM,eAAe;;;;;;;;CAQ3B,CAAC;AAEF,eAAO,MAAM,iBAAiB;;;;CAI7B,CAAC;AAIF,eAAO,MAAM,aAAa;;;;;;;;;;;;;;CAczB,CAAC;AAIF,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;CAc7B,CAAC;AAIF,eAAO,MAAM,kBAAkB;;CAE9B,CAAC;AAEF,eAAO,MAAM,iBAAiB;;CAE7B,CAAC;AAEF,eAAO,MAAM,gBAAgB;;CAE5B,CAAC;AAIF,eAAO,MAAM,SAAS;;;;;;;;;;;;;CAarB,CAAC;AAIF,eAAO,MAAM,UAAU;;;;;;;;;;;;;;CActB,CAAC;AAIF,eAAO,MAAM,YAAY;;;;;;;;;;;;;CAaxB,CAAC;AAIF,eAAO,MAAM,aAAa;;;;;;;;;;;CAWzB,CAAC;AAIF,eAAO,MAAM,UAAU;;;;;;;;;;;;CAYtB,CAAC;AAIF,eAAO,MAAM,WAAW;;;;;;;;;;;;;;CAcvB,CAAC;AAEF,eAAO,MAAM,cAAc;;;;;;;;;;;;CAY1B,CAAC;AAIF,eAAO,MAAM,aAAa;;;;;;;;;;;;;;CAczB,CAAC;AAEF,eAAO,MAAM,SAAS;;;;;;;;;;;;;;CAcrB,CAAC;AAIF,eAAO,MAAM,WAAW;;;;;;;;;;;;;;CAcvB,CAAC;AAIF,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;;CAepB,CAAC;AAIF,eAAO,MAAM,SAAS;;;;;;;;;;;;;CAarB,CAAC;AAIF,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,EAAE,CAsBvD,CAAC;AAIF,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;CAa5B,CAAC;AAIF,eAAO,MAAM,KAAK;;;;;;;;;;;;CAYjB,CAAC;AAIF,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;CAcpB,CAAC;AAIF,eAAO,MAAM,WAAW;;;;;;;;;;;;;;CAcvB,CAAC;AAIF,eAAO,MAAM,YAAY;;;;;;;;;;CAUxB,CAAC;AAIF,eAAO,MAAM,UAAU;;CAEtB,CAAC;AAIF,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;CAe1B,CAAC;AAIF,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;CAclC,CAAC;AAIF,eAAO,MAAM,aAAa;;;;;;;;;;;;;;CAczB,CAAC;AAIF,eAAO,MAAM,cAAc;;;;;;;;;;;;CAY1B,CAAC;AAKF,mDAAmD;AACnD,eAAO,MAAM,oBAAoB;;;;;;;;;;CAUhC,CAAC;AAEF,wDAAwD;AACxD,eAAO,MAAM,0BAA0B;;;;;;;;;;CAUtC,CAAC;AAEF,gEAAgE;AAChE,eAAO,MAAM,oBAAoB;;;;;;;CAOhC,CAAC;AAEF,wEAAwE;AACxE,eAAO,MAAM,yBAAyB;;;;;;;CAOrC,CAAC;AAEF,oDAAoD;AACpD,eAAO,MAAM,gBAAgB;;CAE5B,CAAC;AAEF,wDAAwD;AACxD,eAAO,MAAM,kBAAkB;;CAE9B,CAAC;AAIF,+BAA+B;AAC/B,eAAO,MAAM,gBAAgB;;;;CAI5B,CAAC;AAEF,+CAA+C;AAC/C,eAAO,MAAM,oBAAoB;;;;CAIhC,CAAC;AAEF,qCAAqC;AACrC,eAAO,MAAM,sBAAsB;;;;CAIlC,CAAC;AAEF,gCAAgC;AAChC,eAAO,MAAM,iBAAiB;;;;CAI7B,CAAC;AAEF,0EAA0E;AAC1E,eAAO,MAAM,gBAAgB;;;;CAI5B,CAAC;AAEF,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;;CAIlC,CAAC;AAEF,0CAA0C;AAC1C,eAAO,MAAM,iBAAiB;;;;CAI7B,CAAC;AAEF,uCAAuC;AACvC,eAAO,MAAM,mBAAmB;;;;CAI/B,CAAC;AAEF,mDAAmD;AACnD,eAAO,MAAM,sBAAsB;;;;CAIlC,CAAC;AAEF,6CAA6C;AAC7C,eAAO,MAAM,sBAAsB;;;;CAIlC,CAAC;AAEF,+DAA+D;AAC/D,eAAO,MAAM,oBAAoB;;;;CAIhC,CAAC;AAEF,oDAAoD;AACpD,eAAO,MAAM,kBAAkB;;;;CAI9B,CAAC"}
@@ -52,6 +52,17 @@ const LANG_ALIAS_MAP = {
52
52
  kt: "kotlin",
53
53
  kts: "kotlin",
54
54
  swift: "swift",
55
+ dart: "dart",
56
+ flutter: "dart",
57
+ bash: "bash",
58
+ sh: "bash",
59
+ shell: "bash",
60
+ zsh: "bash",
61
+ sql: "sql",
62
+ plsql: "sql",
63
+ tsql: "sql",
64
+ mysql: "sql",
65
+ postgresql: "sql",
55
66
  dockerfile: "dockerfile",
56
67
  docker: "dockerfile",
57
68
  containerfile: "dockerfile",
@@ -75,6 +86,8 @@ export function isJsTs(lang) {
75
86
  export function isBraceLang(lang) {
76
87
  return (lang !== "python" &&
77
88
  lang !== "ruby" &&
89
+ lang !== "bash" &&
90
+ lang !== "sql" &&
78
91
  lang !== "unknown" &&
79
92
  lang !== "terraform" &&
80
93
  lang !== "bicep" &&
@@ -161,6 +174,8 @@ export const ENV_ACCESS = {
161
174
  ruby: String.raw `ENV\[|ENV\.fetch\s*\(`,
162
175
  kotlin: String.raw `System\.getenv\s*\(`,
163
176
  swift: String.raw `ProcessInfo\.processInfo\.environment\[`,
177
+ dart: String.raw `Platform\.environment\[|String\.fromEnvironment\s*\(`,
178
+ bash: String.raw `\$\{?\w+\}?|\$\(printenv\s`,
164
179
  };
165
180
  export const HARDCODED_ENV = {
166
181
  jsts: String.raw `process\.env\.\w+\s*\|\|\s*["'][^"']+["']`,
@@ -170,6 +185,8 @@ export const HARDCODED_ENV = {
170
185
  java: String.raw `getenv\s*\(.*\)\s*(?:!=\s*null\s*\?|==\s*null)`,
171
186
  go: String.raw `os\.Getenv\s*\(.*\)\s*==\s*["']`,
172
187
  powershell: String.raw `\$env:\w+\s*=\s*["'][^"']+["']`,
188
+ dart: String.raw `String\.fromEnvironment\s*\(\s*["'][^"']+["']\s*,\s*defaultValue:\s*["'][^"']+["']\)`,
189
+ bash: String.raw `\w+=\s*["'][^"']+["']\s*$`,
173
190
  };
174
191
  // ── Function Definitions ─────────────────────────────────────────────────────
175
192
  export const FUNCTION_DEF = {
@@ -184,6 +201,9 @@ export const FUNCTION_DEF = {
184
201
  ruby: String.raw `def\s+\w+`,
185
202
  kotlin: String.raw `(?:fun|suspend\s+fun)\s+\w+\s*\(`,
186
203
  swift: String.raw `(?:func|class\s+func|static\s+func)\s+\w+\s*\(`,
204
+ dart: String.raw `(?:void|Future|Stream|int|double|String|bool|dynamic|\w+)\s+\w+\s*\(|\w+\s+\w+\s*\(`,
205
+ bash: String.raw `(?:function\s+\w+|\w+\s*\(\s*\))\s*\{`,
206
+ sql: String.raw `CREATE\s+(?:OR\s+REPLACE\s+)?(?:FUNCTION|PROCEDURE)\s+\w+`,
187
207
  };
188
208
  // ── Error Handling ───────────────────────────────────────────────────────────
189
209
  export const TRY_CATCH = {
@@ -198,6 +218,8 @@ export const TRY_CATCH = {
198
218
  ruby: String.raw `begin\s*$|rescue\b`,
199
219
  kotlin: String.raw `try\s*\{`,
200
220
  swift: String.raw `do\s*\{.*catch`,
221
+ dart: String.raw `try\s*\{`,
222
+ bash: String.raw `trap\s|\|\|\s`,
201
223
  };
202
224
  export const EMPTY_CATCH = {
203
225
  jsts: String.raw `catch\s*(?:\([^)]*\))?\s*\{\s*(?:\/\/[^\n]*)?\s*\}`,
@@ -211,6 +233,8 @@ export const EMPTY_CATCH = {
211
233
  ruby: String.raw `rescue\s*(?:=>\s*\w+)?\s*$`,
212
234
  kotlin: String.raw `catch\s*\([^)]*\)\s*\{\s*(?:\/\/[^\n]*)?\s*\}`,
213
235
  swift: String.raw `catch\s*\{\s*(?:\/\/[^\n]*)?\s*\}`,
236
+ dart: String.raw `catch\s*\([^)]*\)\s*\{\s*(?:\/\/[^\n]*)?\s*\}`,
237
+ bash: String.raw `\|\|\s*true|\|\|\s*:`,
214
238
  };
215
239
  export const GENERIC_CATCH = {
216
240
  jsts: String.raw `catch\s*\(\s*\w+\s*\)`,
@@ -223,6 +247,8 @@ export const GENERIC_CATCH = {
223
247
  ruby: String.raw `rescue\s*$|rescue\s+(?:Exception|StandardError)\b`,
224
248
  kotlin: String.raw `catch\s*\(\s*\w+\s*:\s*(?:Exception|Throwable)\s*\)`,
225
249
  swift: String.raw `catch\s*\{|catch\s+let\s+\w+\s*\{`,
250
+ dart: String.raw `catch\s*\(\s*e\s*\)`,
251
+ bash: String.raw `trap\s+['"]-?['"']`,
226
252
  };
227
253
  export const PANIC_UNWRAP = {
228
254
  rust: String.raw `\.unwrap\(\)|\.expect\(|panic!\(|unreachable!\(`,
@@ -236,6 +262,8 @@ export const PANIC_UNWRAP = {
236
262
  ruby: String.raw `exit\s*\(!?|abort\s*\(|Kernel\.exit`,
237
263
  kotlin: String.raw `exitProcess\s*\(|(?<![.\w])error\s*\(`,
238
264
  swift: String.raw `fatalError\s*\(|preconditionFailure\s*\(|exit\s*\(`,
265
+ dart: String.raw `exit\s*\(|throw\s+StateError`,
266
+ bash: String.raw `exit\s+\d|kill\s`,
239
267
  };
240
268
  // ── Weak / Dynamic Types ────────────────────────────────────────────────────
241
269
  export const WEAK_TYPE = {
@@ -252,6 +280,7 @@ export const WEAK_TYPE = {
252
280
  php: String.raw `mixed\b|\$\w+\s*\/\*\*.*@var\s+mixed`,
253
281
  kotlin: String.raw `:\s*Any\??\b|as\??\s+Any\b`,
254
282
  swift: String.raw `:\s*Any\b|as!\s|unsafeBitCast\s*\(`,
283
+ dart: String.raw `\bdynamic\b`,
255
284
  };
256
285
  // ── Async / Concurrency ─────────────────────────────────────────────────────
257
286
  export const ASYNC_FUNCTION = {
@@ -266,6 +295,8 @@ export const ASYNC_FUNCTION = {
266
295
  ruby: String.raw `Async\b|Thread\.new|Concurrent::`,
267
296
  kotlin: String.raw `suspend\s+fun|launch\s*\{|async\s*\{|withContext\s*\(`,
268
297
  swift: String.raw `async\s+func|Task\s*\{|TaskGroup`,
298
+ dart: String.raw `async\s+\{|Future<|Stream<|async\*`,
299
+ bash: String.raw `&\s*$|\bwait\b|\bnohup\b`,
269
300
  };
270
301
  export const MISSING_AWAIT = {
271
302
  jsts: String.raw `(?:^|\s)(?!await\s)(?:fetch|axios|got|request)\s*\(`,
@@ -273,6 +304,7 @@ export const MISSING_AWAIT = {
273
304
  rust: String.raw `(?:^|\s)(?!\.await)tokio::`,
274
305
  csharp: String.raw `(?:^|\s)(?!await\s)(?:HttpClient|Task\.Run)`,
275
306
  java: String.raw `(?:^|\s)(?!\.get\(\))CompletableFuture`,
307
+ dart: String.raw `(?:^|\s)(?!await\s)(?:http\.get|http\.post|dio\.get)`,
276
308
  };
277
309
  export const SHARED_MUTABLE = {
278
310
  jsts: String.raw `(?:let|var|const)\s+\w+\s*(?::[^=]+)?\s*=\s*(?:\{|\[|\d+|new\s)`,
@@ -288,6 +320,7 @@ export const SHARED_MUTABLE = {
288
320
  ruby: String.raw `(?:@@\w+\s*=|\$\w+\s*=)`,
289
321
  kotlin: String.raw `(?:companion\s+object.*var\b|@Volatile)`,
290
322
  swift: String.raw `(?:static\s+var\b|class\s+var\b)`,
323
+ dart: String.raw `(?:static\s+(?!final|const)\w+\s+\w+\s*=)`,
291
324
  };
292
325
  // ── Imports / Dependencies ───────────────────────────────────────────────────
293
326
  export const WILDCARD_IMPORT = {
@@ -297,6 +330,7 @@ export const WILDCARD_IMPORT = {
297
330
  csharp: String.raw `using\s+static\s+[\w.]+\.\*`,
298
331
  php: String.raw `use\s+[\w\\]+\\\{[^}]*\}`,
299
332
  kotlin: String.raw `import\s+[\w.]+\.\*\s*$`,
333
+ dart: String.raw `import\s+['"][^'"]+['"]\s+show\s`,
300
334
  };
301
335
  export const DEPRECATED_IMPORT = {
302
336
  jsts: String.raw `require\s*\(\s*["'](?:crypto|http|url|querystring|path)["']\s*\)`,
@@ -316,6 +350,8 @@ export const SQL_INJECTION = {
316
350
  ruby: String.raw `(?:ActiveRecord|\w+\.(?:where|find_by_sql|execute))\s*\(\s*(?:["'].*#\{|["'].*\+)`,
317
351
  kotlin: String.raw `(?:executeQuery|createQuery|nativeQuery|createStatement)\s*\(\s*(?:["'].*\+|\$?["'].*\$\w+)`,
318
352
  swift: String.raw `(?:execute|prepare)\s*\(\s*(?:["'].*\\\(|["'].*\+)`,
353
+ dart: String.raw `(?:rawQuery|execute|rawInsert)\s*\(\s*(?:["'].*\$|["'].*\+)`,
354
+ sql: String.raw `EXECUTE\s*\(\s*@|EXEC\s*\(\s*@|\+\s*@\w+`,
319
355
  };
320
356
  // ── Security: Command Injection ──────────────────────────────────────────────
321
357
  export const COMMAND_INJECTION = {
@@ -330,6 +366,8 @@ export const COMMAND_INJECTION = {
330
366
  ruby: String.raw `(?:system|exec|\x60|%x).*#\{|Kernel\.system\s*\(.*\+`,
331
367
  kotlin: String.raw `Runtime\.getRuntime\(\)\.exec\s*\(.*\+|ProcessBuilder\s*\(.*\+`,
332
368
  swift: String.raw `Process\(\).*arguments.*\+|NSTask\b`,
369
+ dart: String.raw `Process\.(?:run|start)\s*\(.*(?:\+|\$)`,
370
+ bash: String.raw `eval\s+\$|\$\(.*\$\{`,
333
371
  };
334
372
  // ── Security: Hardcoded Secrets ──────────────────────────────────────────────
335
373
  export const HARDCODED_PASSWORD = {
@@ -354,6 +392,7 @@ export const WEAK_HASH = {
354
392
  ruby: String.raw `Digest::(?:MD5|SHA1)`,
355
393
  kotlin: String.raw `MessageDigest\.getInstance\s*\(\s*["'](?:MD5|SHA-?1)["']\)`,
356
394
  swift: String.raw `CC_MD5|CC_SHA1|Insecure\.(?:MD5|SHA1)`,
395
+ dart: String.raw `md5\.convert|sha1\.convert|Digest\.(?:md5|sha1)`,
357
396
  };
358
397
  // ── Security: Eval / Dynamic Execution ───────────────────────────────────────
359
398
  export const EVAL_USAGE = {
@@ -368,6 +407,8 @@ export const EVAL_USAGE = {
368
407
  ruby: String.raw `\beval\s*\(|\bsend\s*\(|\binstance_eval\s*\(|\bclass_eval\s*\(`,
369
408
  kotlin: String.raw `ScriptEngine\.eval\s*\(`,
370
409
  swift: String.raw `NSExpression\b|JSContext\b.*evaluateScript`,
410
+ dart: String.raw `(?!)`,
411
+ bash: String.raw `\beval\s|source\s`,
371
412
  };
372
413
  // ── Security: TLS / Certificate ──────────────────────────────────────────────
373
414
  export const TLS_DISABLED = {
@@ -382,6 +423,7 @@ export const TLS_DISABLED = {
382
423
  ruby: String.raw `verify_mode\s*=\s*OpenSSL::SSL::VERIFY_NONE|ssl_verify_mode.*VERIFY_NONE`,
383
424
  kotlin: String.raw `TrustAllCerts|X509TrustManager|trustAllCerts`,
384
425
  swift: String.raw `ServerTrustPolicy\.disableEvaluation|allowsSelfSignedCertificates\s*=\s*true`,
426
+ dart: String.raw `badCertificateCallback.*true|allowBadCertificates\s*=\s*true`,
385
427
  };
386
428
  // ── Security: CORS ───────────────────────────────────────────────────────────
387
429
  export const CORS_WILDCARD = {
@@ -394,6 +436,7 @@ export const CORS_WILDCARD = {
394
436
  ruby: String.raw `allow_origin\s+["']\*["']|origins\s+["']\*["']`,
395
437
  kotlin: String.raw `@CrossOrigin\s*$|allowedOrigins\s*=.*\*`,
396
438
  swift: String.raw `Access-Control-Allow-Origin.*\*`,
439
+ dart: String.raw `Access-Control-Allow-Origin.*\*|allowedOrigins.*\*`,
397
440
  };
398
441
  // ── Web Framework Routes ─────────────────────────────────────────────────────
399
442
  export const HTTP_ROUTE = {
@@ -407,6 +450,7 @@ export const HTTP_ROUTE = {
407
450
  ruby: String.raw `(?:get|post|put|delete|patch)\s+["']/|resources?\s+:\w+`,
408
451
  kotlin: String.raw `@(?:Get|Post|Put|Delete|Patch)Mapping|routing\s*\{`,
409
452
  swift: String.raw `\.(?:get|post|put|delete|patch)\s*\(|@(?:GET|POST|PUT|DELETE)`,
453
+ dart: String.raw `@(?:Route|Get|Post|Put|Delete)\s*\(|app\.(?:get|post|put|delete)\s*\(`,
410
454
  };
411
455
  // ── Logging ──────────────────────────────────────────────────────────────────
412
456
  export const CONSOLE_LOG = {
@@ -421,6 +465,8 @@ export const CONSOLE_LOG = {
421
465
  ruby: String.raw `(?:puts|p|pp|print|warn)\s`,
422
466
  kotlin: String.raw `println\s*\(|print\s*\(`,
423
467
  swift: String.raw `print\s*\(|debugPrint\s*\(|dump\s*\(`,
468
+ dart: String.raw `print\s*\(|debugPrint\s*\(`,
469
+ bash: String.raw `echo\s|printf\s`,
424
470
  };
425
471
  export const STRUCTURED_LOG = {
426
472
  jsts: String.raw `(?:winston|bunyan|pino|log4js|logger)\.\w+\s*\(`,
@@ -433,6 +479,7 @@ export const STRUCTURED_LOG = {
433
479
  ruby: String.raw `(?:Rails\.logger|Logger\.new|logger)\.\w+\s*\(`,
434
480
  kotlin: String.raw `(?:Logger|log|logger)\.\w+\s*\(|LoggerFactory\.getLogger`,
435
481
  swift: String.raw `(?:Logger|os_log|OSLog)\.\w+\s*\(|Logger\(`,
482
+ dart: String.raw `(?:Logger|log|logger)\.\w+\s*\(|logging\.Logger`,
436
483
  };
437
484
  // ── Testing ──────────────────────────────────────────────────────────────────
438
485
  export const TEST_FUNCTION = {
@@ -447,6 +494,8 @@ export const TEST_FUNCTION = {
447
494
  ruby: String.raw `(?:describe|it|context|before|after)\s+["']|def\s+test_`,
448
495
  kotlin: String.raw `@Test\b|@BeforeEach|@AfterEach`,
449
496
  swift: String.raw `func\s+test\w+\s*\(|XCTAssert`,
497
+ dart: String.raw `(?:test|testWidgets|group)\s*\(|void\s+main\s*\(\)\s*\{`,
498
+ bash: String.raw `@test\b|assert\s|bats\b`,
450
499
  };
451
500
  export const ASSERTION = {
452
501
  jsts: String.raw `(?:expect|assert|should)\s*[\.(]`,
@@ -460,6 +509,8 @@ export const ASSERTION = {
460
509
  ruby: String.raw `(?:expect\(|assert_|should\b|must_)`,
461
510
  kotlin: String.raw `assert(?:Equals|True|False|NotNull|Throws)\s*\(|assertEquals\s*\(`,
462
511
  swift: String.raw `XCTAssert\w*\s*\(|#expect\s*\(`,
512
+ dart: String.raw `expect\s*\(|assert\s*\(`,
513
+ bash: String.raw `\[\s+-(?:eq|ne|lt|gt|le|ge)\s|assert\b`,
463
514
  };
464
515
  // ── Documentation ────────────────────────────────────────────────────────────
465
516
  export const DOC_COMMENT = {
@@ -474,6 +525,8 @@ export const DOC_COMMENT = {
474
525
  ruby: String.raw `#\s+@(?:param|return|note|example)|=begin[\s\S]*?=end`,
475
526
  kotlin: String.raw `/\*\*[\s\S]*?\*/|///\s`,
476
527
  swift: String.raw `///\s|/\*\*[\s\S]*?\*/`,
528
+ dart: String.raw `///\s|/\*\*[\s\S]*?\*/`,
529
+ sql: String.raw `--\s|/\*\*[\s\S]*?\*/`,
477
530
  };
478
531
  // ── Loop Constructs ──────────────────────────────────────────────────────────
479
532
  export const FOR_LOOP = {
@@ -488,6 +541,9 @@ export const FOR_LOOP = {
488
541
  ruby: String.raw `\.each\b|\.map\b|\.select\b|\.inject\b|for\s+\w+\s+in\b`,
489
542
  kotlin: String.raw `for\s*\(|\.forEach\s*\{|\.map\s*\{`,
490
543
  swift: String.raw `for\s+\w+\s+in\s|\.forEach\s*\{|\.map\s*\{`,
544
+ dart: String.raw `for\s*\(|\.forEach\s*\(|\.map\s*\(`,
545
+ bash: String.raw `for\s+\w+\s+in\s|while\s+`,
546
+ sql: String.raw `CURSOR\s+\w+|WHILE\s+|LOOP\b`,
491
547
  };
492
548
  // ── Type / Class Definitions ─────────────────────────────────────────────────
493
549
  export const CLASS_DEF = {
@@ -502,6 +558,7 @@ export const CLASS_DEF = {
502
558
  ruby: String.raw `(?:class|module)\s+\w+`,
503
559
  kotlin: String.raw `(?:class|data\s+class|object|interface|sealed\s+class|enum\s+class)\s+\w+`,
504
560
  swift: String.raw `(?:class|struct|enum|protocol|actor)\s+\w+`,
561
+ dart: String.raw `(?:class|abstract\s+class|mixin|extension)\s+\w+`,
505
562
  };
506
563
  // ── Package Manifests ────────────────────────────────────────────────────────
507
564
  export const MANIFEST_FILES = {
@@ -521,6 +578,9 @@ export const MANIFEST_FILES = {
521
578
  ruby: ["Gemfile", "Gemfile.lock", "*.gemspec"],
522
579
  kotlin: ["build.gradle.kts", "build.gradle", "pom.xml"],
523
580
  swift: ["Package.swift", "*.xcodeproj", "Podfile"],
581
+ dart: ["pubspec.yaml", "pubspec.lock"],
582
+ bash: [],
583
+ sql: [],
524
584
  dockerfile: ["Dockerfile", "Containerfile", ".dockerignore"],
525
585
  unknown: [],
526
586
  };
@@ -537,6 +597,7 @@ export const INPUT_VALIDATION = {
537
597
  ruby: String.raw `params\[|params\.(?:require|permit)\s*\(`,
538
598
  kotlin: String.raw `@RequestParam|@PathVariable|@RequestBody|call\.receive\b`,
539
599
  swift: String.raw `request\.(?:content|query|parameters)\b|req\.(?:content|query)\b`,
600
+ dart: String.raw `request\.(?:body|params|query|uri)\b`,
540
601
  };
541
602
  // ── Mutex / Lock ─────────────────────────────────────────────────────────────
542
603
  export const MUTEX = {
@@ -550,6 +611,7 @@ export const MUTEX = {
550
611
  ruby: String.raw `Mutex\.new|Monitor\.new|\bsynchronize\b`,
551
612
  kotlin: String.raw `(?:synchronized\b|Mutex|ReentrantLock|Semaphore)`,
552
613
  swift: String.raw `NSLock|NSRecursiveLock|DispatchSemaphore|os_unfair_lock`,
614
+ dart: String.raw `Lock\b|Completer\b|synchronized\b`,
553
615
  };
554
616
  // ── Database Access ──────────────────────────────────────────────────────────
555
617
  export const DB_QUERY = {
@@ -564,6 +626,8 @@ export const DB_QUERY = {
564
626
  ruby: String.raw `ActiveRecord|\w+\.(?:where|find|find_by|select|pluck)\s*\(`,
565
627
  kotlin: String.raw `\.(?:executeQuery|createQuery|persist|find)\s*\(|transaction\s*\{`,
566
628
  swift: String.raw `\.(?:execute|prepare|query)\s*\(|NSFetchRequest`,
629
+ dart: String.raw `\.(?:rawQuery|rawInsert|rawUpdate|rawDelete|query|execute)\s*\(`,
630
+ sql: String.raw `SELECT\s+|INSERT\s+|UPDATE\s+|DELETE\s+|EXEC(?:UTE)?\s+`,
567
631
  };
568
632
  // ── HTTP Client ──────────────────────────────────────────────────────────────
569
633
  export const HTTP_CLIENT = {
@@ -578,6 +642,8 @@ export const HTTP_CLIENT = {
578
642
  ruby: String.raw `Net::HTTP|HTTParty|Faraday|RestClient`,
579
643
  kotlin: String.raw `HttpClient\.\w+\s*\(|OkHttpClient|Fuel\.\w+\s*\(|ktor.*client`,
580
644
  swift: String.raw `URLSession\.\w+\s*\(|URLRequest\s*\(|Alamofire`,
645
+ dart: String.raw `http\.(?:get|post|put|delete)\s*\(|Dio\(|HttpClient\(`,
646
+ bash: String.raw `curl\s|wget\s`,
581
647
  };
582
648
  // ── Config / Constants ───────────────────────────────────────────────────────
583
649
  export const MAGIC_NUMBER = {
@@ -588,6 +654,8 @@ export const MAGIC_NUMBER = {
588
654
  java: String.raw `(?:==|!=|<=?|>=?|&&|\|\|)\s*\d{2,}|(?:TIMEOUT|DELAY|LIMIT|MAX|MIN|SIZE|COUNT|PORT)\s*=\s*\d{3,}`,
589
655
  go: String.raw `(?:==|!=|<=?|>=?|&&|\|\|)\s*\d{2,}|(?:timeout|delay|limit|max|min|size|count|port)\s*[:=]\s*\d{3,}`,
590
656
  powershell: String.raw `(?:-eq|-ne|-lt|-le|-gt|-ge)\s*\d{2,}|(?:Timeout|Delay|Limit|Max|Min|Size|Count|Port)\s*=\s*\d{3,}`,
657
+ dart: String.raw `(?:==|!=|<=?|>=?|&&|\|\|)\s*\d{2,}|(?:timeout|delay|limit|max|min|size|count|port)\s*[:=]\s*\d{3,}`,
658
+ bash: String.raw `(?:-eq|-ne|-lt|-le|-gt|-ge)\s*\d{2,}|(?:TIMEOUT|DELAY|LIMIT|MAX|MIN|SIZE|COUNT|PORT)=\s*\d{3,}`,
591
659
  };
592
660
  // ── TODO / FIXME ─────────────────────────────────────────────────────────────
593
661
  export const TODO_FIXME = {
@@ -606,6 +674,9 @@ export const LINTER_DISABLE = {
606
674
  ruby: String.raw `rubocop:disable|# :nocov:|# :reek:`,
607
675
  kotlin: String.raw `@Suppress\(|@SuppressWarnings|detekt:`,
608
676
  swift: String.raw `swiftlint:disable|nolint`,
677
+ dart: String.raw `// ignore:|// ignore_for_file:`,
678
+ bash: String.raw `# shellcheck\s+disable`,
679
+ sql: String.raw `-- noqa|-- noinspection`,
609
680
  };
610
681
  // ── Serialization ────────────────────────────────────────────────────────────
611
682
  export const UNSAFE_DESERIALIZATION = {
@@ -620,6 +691,8 @@ export const UNSAFE_DESERIALIZATION = {
620
691
  ruby: String.raw `Marshal\.load|YAML\.load(?!_safe)|Oj\.load`,
621
692
  kotlin: String.raw `ObjectInputStream\.readObject|readObject\s*\(`,
622
693
  swift: String.raw `NSKeyedUnarchiver\.unarchiveObject|JSONDecoder\(\)\.decode.*(?:request|input)`,
694
+ dart: String.raw `jsonDecode\s*\(.*(?:request|body|input)`,
695
+ bash: String.raw `eval\s+\$\(cat\s`,
623
696
  };
624
697
  // ── Memory / Resource ────────────────────────────────────────────────────────
625
698
  export const RESOURCE_LEAK = {
@@ -634,6 +707,8 @@ export const RESOURCE_LEAK = {
634
707
  ruby: String.raw `File\.open\s*\((?!.*\bdo\b)|IO\.(?:popen|sysopen)\s*\(`,
635
708
  kotlin: String.raw `FileInputStream\s*\(|FileOutputStream\s*\(|Socket\s*\(`,
636
709
  swift: String.raw `FileHandle\(|InputStream\(|OutputStream\(`,
710
+ dart: String.raw `File\(|HttpClient\(|Socket\.connect`,
711
+ bash: String.raw `exec\s+\d+>|mkfifo\s`,
637
712
  };
638
713
  // ── Deprecated APIs ──────────────────────────────────────────────────────────
639
714
  export const DEPRECATED_API = {
@@ -647,6 +722,7 @@ export const DEPRECATED_API = {
647
722
  ruby: String.raw `File\.exists\?|URI\.escape|Fixnum\b|Bignum\b`,
648
723
  kotlin: String.raw `\.newInstance\s*\(\s*\)|Date\s*\(\s*\)`,
649
724
  swift: String.raw `URLRequest.*HTTPBody|NSURLConnection\b`,
725
+ dart: String.raw `\.then\s*\(.*\.catchError|new\s+HttpClient\(`,
650
726
  };
651
727
  // ── Framework-Specific Security Patterns ─────────────────────────────────────
652
728
  // Detect common security misconfigurations in popular web frameworks.
@@ -660,6 +736,7 @@ export const FRAMEWORK_DEBUG_MODE = {
660
736
  ruby: String.raw `config\.consider_all_requests_local\s*=\s*true`,
661
737
  kotlin: String.raw `server\.error\.include-stacktrace\s*=\s*always`,
662
738
  swift: String.raw `\.environment\s*=\s*\.development`,
739
+ dart: String.raw `kDebugMode|kReleaseMode\s*==\s*false`,
663
740
  };
664
741
  /** Missing HTTPS / security middleware in frameworks */
665
742
  export const FRAMEWORK_MISSING_SECURITY = {
@@ -671,6 +748,7 @@ export const FRAMEWORK_MISSING_SECURITY = {
671
748
  php: String.raw `Route::(?:get|post)\s*\((?!.*middleware|.*auth)`,
672
749
  ruby: String.raw `skip_before_action\s*:\s*(?:authenticate|verify)`,
673
750
  swift: String.raw `app\.http\.server\.configuration\.hostname\s*=\s*["']0\.0\.0\.0`,
751
+ dart: String.raw `app\.listen\s*\(\s*(?:80|3000)\b`,
674
752
  };
675
753
  /** Framework-specific secret key / session misconfigurations */
676
754
  export const FRAMEWORK_SECRET_KEY = {