@kevinrabun/judges 3.25.1 → 3.27.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +45 -0
- package/dist/ast/index.d.ts.map +1 -1
- package/dist/ast/index.js +31 -4
- package/dist/ast/index.js.map +1 -1
- package/dist/ast/structural-parser.js +16 -3
- package/dist/ast/structural-parser.js.map +1 -1
- package/dist/ast/tree-sitter-ast.d.ts.map +1 -1
- package/dist/ast/tree-sitter-ast.js +159 -0
- package/dist/ast/tree-sitter-ast.js.map +1 -1
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +3 -0
- package/dist/cli.js.map +1 -1
- package/dist/commands/baseline.d.ts.map +1 -1
- package/dist/commands/baseline.js +3 -0
- package/dist/commands/baseline.js.map +1 -1
- package/dist/commands/review.d.ts.map +1 -1
- package/dist/commands/review.js +3 -2
- package/dist/commands/review.js.map +1 -1
- package/dist/evaluators/accessibility.d.ts.map +1 -1
- package/dist/evaluators/accessibility.js +141 -1
- package/dist/evaluators/accessibility.js.map +1 -1
- package/dist/evaluators/cost-effectiveness.d.ts.map +1 -1
- package/dist/evaluators/cost-effectiveness.js +99 -2
- package/dist/evaluators/cost-effectiveness.js.map +1 -1
- package/dist/evaluators/false-positive-review.d.ts.map +1 -1
- package/dist/evaluators/false-positive-review.js +55 -13
- package/dist/evaluators/false-positive-review.js.map +1 -1
- package/dist/evaluators/iac-security.d.ts.map +1 -1
- package/dist/evaluators/iac-security.js +195 -1
- package/dist/evaluators/iac-security.js.map +1 -1
- package/dist/evaluators/security.js +2 -2
- package/dist/evaluators/security.js.map +1 -1
- package/dist/evaluators/ux.d.ts.map +1 -1
- package/dist/evaluators/ux.js +80 -1
- package/dist/evaluators/ux.js.map +1 -1
- package/dist/github-app.d.ts.map +1 -1
- package/dist/github-app.js +2 -0
- package/dist/github-app.js.map +1 -1
- package/dist/language-patterns.d.ts +62 -0
- package/dist/language-patterns.d.ts.map +1 -1
- package/dist/language-patterns.js +78 -0
- package/dist/language-patterns.js.map +1 -1
- package/dist/scoring.d.ts.map +1 -1
- package/dist/scoring.js +95 -74
- package/dist/scoring.js.map +1 -1
- package/dist/types.d.ts +1 -1
- package/dist/types.d.ts.map +1 -1
- package/grammars/tree-sitter-kotlin.wasm +0 -0
- package/grammars/tree-sitter-php.wasm +0 -0
- package/grammars/tree-sitter-ruby.wasm +0 -0
- package/grammars/tree-sitter-swift.wasm +0 -0
- package/package.json +1 -9
- package/server.json +2 -2
|
@@ -37,6 +37,8 @@ export declare const ENV_ACCESS: {
|
|
|
37
37
|
ruby: string;
|
|
38
38
|
kotlin: string;
|
|
39
39
|
swift: string;
|
|
40
|
+
dart: string;
|
|
41
|
+
bash: string;
|
|
40
42
|
};
|
|
41
43
|
export declare const HARDCODED_ENV: {
|
|
42
44
|
jsts: string;
|
|
@@ -46,6 +48,8 @@ export declare const HARDCODED_ENV: {
|
|
|
46
48
|
java: string;
|
|
47
49
|
go: string;
|
|
48
50
|
powershell: string;
|
|
51
|
+
dart: string;
|
|
52
|
+
bash: string;
|
|
49
53
|
};
|
|
50
54
|
export declare const FUNCTION_DEF: {
|
|
51
55
|
jsts: string;
|
|
@@ -59,6 +63,9 @@ export declare const FUNCTION_DEF: {
|
|
|
59
63
|
ruby: string;
|
|
60
64
|
kotlin: string;
|
|
61
65
|
swift: string;
|
|
66
|
+
dart: string;
|
|
67
|
+
bash: string;
|
|
68
|
+
sql: string;
|
|
62
69
|
};
|
|
63
70
|
export declare const TRY_CATCH: {
|
|
64
71
|
jsts: string;
|
|
@@ -72,6 +79,8 @@ export declare const TRY_CATCH: {
|
|
|
72
79
|
ruby: string;
|
|
73
80
|
kotlin: string;
|
|
74
81
|
swift: string;
|
|
82
|
+
dart: string;
|
|
83
|
+
bash: string;
|
|
75
84
|
};
|
|
76
85
|
export declare const EMPTY_CATCH: {
|
|
77
86
|
jsts: string;
|
|
@@ -85,6 +94,8 @@ export declare const EMPTY_CATCH: {
|
|
|
85
94
|
ruby: string;
|
|
86
95
|
kotlin: string;
|
|
87
96
|
swift: string;
|
|
97
|
+
dart: string;
|
|
98
|
+
bash: string;
|
|
88
99
|
};
|
|
89
100
|
export declare const GENERIC_CATCH: {
|
|
90
101
|
jsts: string;
|
|
@@ -96,6 +107,8 @@ export declare const GENERIC_CATCH: {
|
|
|
96
107
|
ruby: string;
|
|
97
108
|
kotlin: string;
|
|
98
109
|
swift: string;
|
|
110
|
+
dart: string;
|
|
111
|
+
bash: string;
|
|
99
112
|
};
|
|
100
113
|
export declare const PANIC_UNWRAP: {
|
|
101
114
|
rust: string;
|
|
@@ -109,6 +122,8 @@ export declare const PANIC_UNWRAP: {
|
|
|
109
122
|
ruby: string;
|
|
110
123
|
kotlin: string;
|
|
111
124
|
swift: string;
|
|
125
|
+
dart: string;
|
|
126
|
+
bash: string;
|
|
112
127
|
};
|
|
113
128
|
export declare const WEAK_TYPE: {
|
|
114
129
|
jsts: string;
|
|
@@ -121,6 +136,7 @@ export declare const WEAK_TYPE: {
|
|
|
121
136
|
php: string;
|
|
122
137
|
kotlin: string;
|
|
123
138
|
swift: string;
|
|
139
|
+
dart: string;
|
|
124
140
|
};
|
|
125
141
|
export declare const ASYNC_FUNCTION: {
|
|
126
142
|
jsts: string;
|
|
@@ -134,6 +150,8 @@ export declare const ASYNC_FUNCTION: {
|
|
|
134
150
|
ruby: string;
|
|
135
151
|
kotlin: string;
|
|
136
152
|
swift: string;
|
|
153
|
+
dart: string;
|
|
154
|
+
bash: string;
|
|
137
155
|
};
|
|
138
156
|
export declare const MISSING_AWAIT: {
|
|
139
157
|
jsts: string;
|
|
@@ -141,6 +159,7 @@ export declare const MISSING_AWAIT: {
|
|
|
141
159
|
rust: string;
|
|
142
160
|
csharp: string;
|
|
143
161
|
java: string;
|
|
162
|
+
dart: string;
|
|
144
163
|
};
|
|
145
164
|
export declare const SHARED_MUTABLE: {
|
|
146
165
|
jsts: string;
|
|
@@ -153,6 +172,7 @@ export declare const SHARED_MUTABLE: {
|
|
|
153
172
|
ruby: string;
|
|
154
173
|
kotlin: string;
|
|
155
174
|
swift: string;
|
|
175
|
+
dart: string;
|
|
156
176
|
};
|
|
157
177
|
export declare const WILDCARD_IMPORT: {
|
|
158
178
|
jsts: string;
|
|
@@ -161,6 +181,7 @@ export declare const WILDCARD_IMPORT: {
|
|
|
161
181
|
csharp: string;
|
|
162
182
|
php: string;
|
|
163
183
|
kotlin: string;
|
|
184
|
+
dart: string;
|
|
164
185
|
};
|
|
165
186
|
export declare const DEPRECATED_IMPORT: {
|
|
166
187
|
jsts: string;
|
|
@@ -179,6 +200,8 @@ export declare const SQL_INJECTION: {
|
|
|
179
200
|
ruby: string;
|
|
180
201
|
kotlin: string;
|
|
181
202
|
swift: string;
|
|
203
|
+
dart: string;
|
|
204
|
+
sql: string;
|
|
182
205
|
};
|
|
183
206
|
export declare const COMMAND_INJECTION: {
|
|
184
207
|
jsts: string;
|
|
@@ -192,6 +215,8 @@ export declare const COMMAND_INJECTION: {
|
|
|
192
215
|
ruby: string;
|
|
193
216
|
kotlin: string;
|
|
194
217
|
swift: string;
|
|
218
|
+
dart: string;
|
|
219
|
+
bash: string;
|
|
195
220
|
};
|
|
196
221
|
export declare const HARDCODED_PASSWORD: {
|
|
197
222
|
all: string;
|
|
@@ -214,6 +239,7 @@ export declare const WEAK_HASH: {
|
|
|
214
239
|
ruby: string;
|
|
215
240
|
kotlin: string;
|
|
216
241
|
swift: string;
|
|
242
|
+
dart: string;
|
|
217
243
|
};
|
|
218
244
|
export declare const EVAL_USAGE: {
|
|
219
245
|
jsts: string;
|
|
@@ -227,6 +253,8 @@ export declare const EVAL_USAGE: {
|
|
|
227
253
|
ruby: string;
|
|
228
254
|
kotlin: string;
|
|
229
255
|
swift: string;
|
|
256
|
+
dart: string;
|
|
257
|
+
bash: string;
|
|
230
258
|
};
|
|
231
259
|
export declare const TLS_DISABLED: {
|
|
232
260
|
jsts: string;
|
|
@@ -240,6 +268,7 @@ export declare const TLS_DISABLED: {
|
|
|
240
268
|
ruby: string;
|
|
241
269
|
kotlin: string;
|
|
242
270
|
swift: string;
|
|
271
|
+
dart: string;
|
|
243
272
|
};
|
|
244
273
|
export declare const CORS_WILDCARD: {
|
|
245
274
|
jsts: string;
|
|
@@ -251,6 +280,7 @@ export declare const CORS_WILDCARD: {
|
|
|
251
280
|
ruby: string;
|
|
252
281
|
kotlin: string;
|
|
253
282
|
swift: string;
|
|
283
|
+
dart: string;
|
|
254
284
|
};
|
|
255
285
|
export declare const HTTP_ROUTE: {
|
|
256
286
|
jsts: string;
|
|
@@ -263,6 +293,7 @@ export declare const HTTP_ROUTE: {
|
|
|
263
293
|
ruby: string;
|
|
264
294
|
kotlin: string;
|
|
265
295
|
swift: string;
|
|
296
|
+
dart: string;
|
|
266
297
|
};
|
|
267
298
|
export declare const CONSOLE_LOG: {
|
|
268
299
|
jsts: string;
|
|
@@ -276,6 +307,8 @@ export declare const CONSOLE_LOG: {
|
|
|
276
307
|
ruby: string;
|
|
277
308
|
kotlin: string;
|
|
278
309
|
swift: string;
|
|
310
|
+
dart: string;
|
|
311
|
+
bash: string;
|
|
279
312
|
};
|
|
280
313
|
export declare const STRUCTURED_LOG: {
|
|
281
314
|
jsts: string;
|
|
@@ -288,6 +321,7 @@ export declare const STRUCTURED_LOG: {
|
|
|
288
321
|
ruby: string;
|
|
289
322
|
kotlin: string;
|
|
290
323
|
swift: string;
|
|
324
|
+
dart: string;
|
|
291
325
|
};
|
|
292
326
|
export declare const TEST_FUNCTION: {
|
|
293
327
|
jsts: string;
|
|
@@ -301,6 +335,8 @@ export declare const TEST_FUNCTION: {
|
|
|
301
335
|
ruby: string;
|
|
302
336
|
kotlin: string;
|
|
303
337
|
swift: string;
|
|
338
|
+
dart: string;
|
|
339
|
+
bash: string;
|
|
304
340
|
};
|
|
305
341
|
export declare const ASSERTION: {
|
|
306
342
|
jsts: string;
|
|
@@ -314,6 +350,8 @@ export declare const ASSERTION: {
|
|
|
314
350
|
ruby: string;
|
|
315
351
|
kotlin: string;
|
|
316
352
|
swift: string;
|
|
353
|
+
dart: string;
|
|
354
|
+
bash: string;
|
|
317
355
|
};
|
|
318
356
|
export declare const DOC_COMMENT: {
|
|
319
357
|
jsts: string;
|
|
@@ -327,6 +365,8 @@ export declare const DOC_COMMENT: {
|
|
|
327
365
|
ruby: string;
|
|
328
366
|
kotlin: string;
|
|
329
367
|
swift: string;
|
|
368
|
+
dart: string;
|
|
369
|
+
sql: string;
|
|
330
370
|
};
|
|
331
371
|
export declare const FOR_LOOP: {
|
|
332
372
|
jsts: string;
|
|
@@ -340,6 +380,9 @@ export declare const FOR_LOOP: {
|
|
|
340
380
|
ruby: string;
|
|
341
381
|
kotlin: string;
|
|
342
382
|
swift: string;
|
|
383
|
+
dart: string;
|
|
384
|
+
bash: string;
|
|
385
|
+
sql: string;
|
|
343
386
|
};
|
|
344
387
|
export declare const CLASS_DEF: {
|
|
345
388
|
jsts: string;
|
|
@@ -353,6 +396,7 @@ export declare const CLASS_DEF: {
|
|
|
353
396
|
ruby: string;
|
|
354
397
|
kotlin: string;
|
|
355
398
|
swift: string;
|
|
399
|
+
dart: string;
|
|
356
400
|
};
|
|
357
401
|
export declare const MANIFEST_FILES: Record<LangFamily, string[]>;
|
|
358
402
|
export declare const INPUT_VALIDATION: {
|
|
@@ -367,6 +411,7 @@ export declare const INPUT_VALIDATION: {
|
|
|
367
411
|
ruby: string;
|
|
368
412
|
kotlin: string;
|
|
369
413
|
swift: string;
|
|
414
|
+
dart: string;
|
|
370
415
|
};
|
|
371
416
|
export declare const MUTEX: {
|
|
372
417
|
jsts: string;
|
|
@@ -379,6 +424,7 @@ export declare const MUTEX: {
|
|
|
379
424
|
ruby: string;
|
|
380
425
|
kotlin: string;
|
|
381
426
|
swift: string;
|
|
427
|
+
dart: string;
|
|
382
428
|
};
|
|
383
429
|
export declare const DB_QUERY: {
|
|
384
430
|
jsts: string;
|
|
@@ -392,6 +438,8 @@ export declare const DB_QUERY: {
|
|
|
392
438
|
ruby: string;
|
|
393
439
|
kotlin: string;
|
|
394
440
|
swift: string;
|
|
441
|
+
dart: string;
|
|
442
|
+
sql: string;
|
|
395
443
|
};
|
|
396
444
|
export declare const HTTP_CLIENT: {
|
|
397
445
|
jsts: string;
|
|
@@ -405,6 +453,8 @@ export declare const HTTP_CLIENT: {
|
|
|
405
453
|
ruby: string;
|
|
406
454
|
kotlin: string;
|
|
407
455
|
swift: string;
|
|
456
|
+
dart: string;
|
|
457
|
+
bash: string;
|
|
408
458
|
};
|
|
409
459
|
export declare const MAGIC_NUMBER: {
|
|
410
460
|
jsts: string;
|
|
@@ -414,6 +464,8 @@ export declare const MAGIC_NUMBER: {
|
|
|
414
464
|
java: string;
|
|
415
465
|
go: string;
|
|
416
466
|
powershell: string;
|
|
467
|
+
dart: string;
|
|
468
|
+
bash: string;
|
|
417
469
|
};
|
|
418
470
|
export declare const TODO_FIXME: {
|
|
419
471
|
all: string;
|
|
@@ -430,6 +482,9 @@ export declare const LINTER_DISABLE: {
|
|
|
430
482
|
ruby: string;
|
|
431
483
|
kotlin: string;
|
|
432
484
|
swift: string;
|
|
485
|
+
dart: string;
|
|
486
|
+
bash: string;
|
|
487
|
+
sql: string;
|
|
433
488
|
};
|
|
434
489
|
export declare const UNSAFE_DESERIALIZATION: {
|
|
435
490
|
jsts: string;
|
|
@@ -443,6 +498,8 @@ export declare const UNSAFE_DESERIALIZATION: {
|
|
|
443
498
|
ruby: string;
|
|
444
499
|
kotlin: string;
|
|
445
500
|
swift: string;
|
|
501
|
+
dart: string;
|
|
502
|
+
bash: string;
|
|
446
503
|
};
|
|
447
504
|
export declare const RESOURCE_LEAK: {
|
|
448
505
|
jsts: string;
|
|
@@ -456,6 +513,8 @@ export declare const RESOURCE_LEAK: {
|
|
|
456
513
|
ruby: string;
|
|
457
514
|
kotlin: string;
|
|
458
515
|
swift: string;
|
|
516
|
+
dart: string;
|
|
517
|
+
bash: string;
|
|
459
518
|
};
|
|
460
519
|
export declare const DEPRECATED_API: {
|
|
461
520
|
jsts: string;
|
|
@@ -468,6 +527,7 @@ export declare const DEPRECATED_API: {
|
|
|
468
527
|
ruby: string;
|
|
469
528
|
kotlin: string;
|
|
470
529
|
swift: string;
|
|
530
|
+
dart: string;
|
|
471
531
|
};
|
|
472
532
|
/** Flask/Django debug mode or insecure settings */
|
|
473
533
|
export declare const FRAMEWORK_DEBUG_MODE: {
|
|
@@ -479,6 +539,7 @@ export declare const FRAMEWORK_DEBUG_MODE: {
|
|
|
479
539
|
ruby: string;
|
|
480
540
|
kotlin: string;
|
|
481
541
|
swift: string;
|
|
542
|
+
dart: string;
|
|
482
543
|
};
|
|
483
544
|
/** Missing HTTPS / security middleware in frameworks */
|
|
484
545
|
export declare const FRAMEWORK_MISSING_SECURITY: {
|
|
@@ -490,6 +551,7 @@ export declare const FRAMEWORK_MISSING_SECURITY: {
|
|
|
490
551
|
php: string;
|
|
491
552
|
ruby: string;
|
|
492
553
|
swift: string;
|
|
554
|
+
dart: string;
|
|
493
555
|
};
|
|
494
556
|
/** Framework-specific secret key / session misconfigurations */
|
|
495
557
|
export declare const FRAMEWORK_SECRET_KEY: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"language-patterns.d.ts","sourceRoot":"","sources":["../src/language-patterns.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"language-patterns.d.ts","sourceRoot":"","sources":["../src/language-patterns.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAoE7C;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,UAAU,CAG9D;AAED;;GAEG;AACH,wBAAgB,MAAM,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAEhD;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAYrD;AAED;;GAEG;AACH,wBAAgB,KAAK,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAE/C;AAID;;;GAGG;AACH,wBAAgB,WAAW,CACzB,IAAI,EAAE,UAAU,EAChB,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,GAAG,MAAM,GAAG,KAAK,EAAE,MAAM,CAAC,CAAC,GAC7D,MAAM,GAAG,IAAI,CA+Bf;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,GAAG,MAAM,EAAE,MAAM,CAAC,CAAC,GAAG,MAAM,CAW7F;AAQD,eAAO,MAAM,UAAU;;;;;;;;;;;;;;CActB,CAAC;AAEF,eAAO,MAAM,aAAa;;;;;;;;;;CAUzB,CAAC;AAIF,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;CAexB,CAAC;AAIF,eAAO,MAAM,SAAS;;;;;;;;;;;;;;CAcrB,CAAC;AAEF,eAAO,MAAM,WAAW;;;;;;;;;;;;;;CAcvB,CAAC;AAEF,eAAO,MAAM,aAAa;;;;;;;;;;;;CAazB,CAAC;AAEF,eAAO,MAAM,YAAY;;;;;;;;;;;;;;CAcxB,CAAC;AAIF,eAAO,MAAM,SAAS;;;;;;;;;;;;CAerB,CAAC;AAIF,eAAO,MAAM,cAAc;;;;;;;;;;;;;;CAc1B,CAAC;AAEF,eAAO,MAAM,aAAa;;;;;;;CAOzB,CAAC;AAEF,eAAO,MAAM,cAAc;;;;;;;;;;;;CAe1B,CAAC;AAIF,eAAO,MAAM,eAAe;;;;;;;;CAQ3B,CAAC;AAEF,eAAO,MAAM,iBAAiB;;;;CAI7B,CAAC;AAIF,eAAO,MAAM,aAAa;;;;;;;;;;;;;;CAczB,CAAC;AAIF,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;CAc7B,CAAC;AAIF,eAAO,MAAM,kBAAkB;;CAE9B,CAAC;AAEF,eAAO,MAAM,iBAAiB;;CAE7B,CAAC;AAEF,eAAO,MAAM,gBAAgB;;CAE5B,CAAC;AAIF,eAAO,MAAM,SAAS;;;;;;;;;;;;;CAarB,CAAC;AAIF,eAAO,MAAM,UAAU;;;;;;;;;;;;;;CActB,CAAC;AAIF,eAAO,MAAM,YAAY;;;;;;;;;;;;;CAaxB,CAAC;AAIF,eAAO,MAAM,aAAa;;;;;;;;;;;CAWzB,CAAC;AAIF,eAAO,MAAM,UAAU;;;;;;;;;;;;CAYtB,CAAC;AAIF,eAAO,MAAM,WAAW;;;;;;;;;;;;;;CAcvB,CAAC;AAEF,eAAO,MAAM,cAAc;;;;;;;;;;;;CAY1B,CAAC;AAIF,eAAO,MAAM,aAAa;;;;;;;;;;;;;;CAczB,CAAC;AAEF,eAAO,MAAM,SAAS;;;;;;;;;;;;;;CAcrB,CAAC;AAIF,eAAO,MAAM,WAAW;;;;;;;;;;;;;;CAcvB,CAAC;AAIF,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;;CAepB,CAAC;AAIF,eAAO,MAAM,SAAS;;;;;;;;;;;;;CAarB,CAAC;AAIF,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,EAAE,CAsBvD,CAAC;AAIF,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;CAa5B,CAAC;AAIF,eAAO,MAAM,KAAK;;;;;;;;;;;;CAYjB,CAAC;AAIF,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;CAcpB,CAAC;AAIF,eAAO,MAAM,WAAW;;;;;;;;;;;;;;CAcvB,CAAC;AAIF,eAAO,MAAM,YAAY;;;;;;;;;;CAUxB,CAAC;AAIF,eAAO,MAAM,UAAU;;CAEtB,CAAC;AAIF,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;CAe1B,CAAC;AAIF,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;CAclC,CAAC;AAIF,eAAO,MAAM,aAAa;;;;;;;;;;;;;;CAczB,CAAC;AAIF,eAAO,MAAM,cAAc;;;;;;;;;;;;CAY1B,CAAC;AAKF,mDAAmD;AACnD,eAAO,MAAM,oBAAoB;;;;;;;;;;CAUhC,CAAC;AAEF,wDAAwD;AACxD,eAAO,MAAM,0BAA0B;;;;;;;;;;CAUtC,CAAC;AAEF,gEAAgE;AAChE,eAAO,MAAM,oBAAoB;;;;;;;CAOhC,CAAC;AAEF,wEAAwE;AACxE,eAAO,MAAM,yBAAyB;;;;;;;CAOrC,CAAC;AAEF,oDAAoD;AACpD,eAAO,MAAM,gBAAgB;;CAE5B,CAAC;AAEF,wDAAwD;AACxD,eAAO,MAAM,kBAAkB;;CAE9B,CAAC;AAIF,+BAA+B;AAC/B,eAAO,MAAM,gBAAgB;;;;CAI5B,CAAC;AAEF,+CAA+C;AAC/C,eAAO,MAAM,oBAAoB;;;;CAIhC,CAAC;AAEF,qCAAqC;AACrC,eAAO,MAAM,sBAAsB;;;;CAIlC,CAAC;AAEF,gCAAgC;AAChC,eAAO,MAAM,iBAAiB;;;;CAI7B,CAAC;AAEF,0EAA0E;AAC1E,eAAO,MAAM,gBAAgB;;;;CAI5B,CAAC;AAEF,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;;CAIlC,CAAC;AAEF,0CAA0C;AAC1C,eAAO,MAAM,iBAAiB;;;;CAI7B,CAAC;AAEF,uCAAuC;AACvC,eAAO,MAAM,mBAAmB;;;;CAI/B,CAAC;AAEF,mDAAmD;AACnD,eAAO,MAAM,sBAAsB;;;;CAIlC,CAAC;AAEF,6CAA6C;AAC7C,eAAO,MAAM,sBAAsB;;;;CAIlC,CAAC;AAEF,+DAA+D;AAC/D,eAAO,MAAM,oBAAoB;;;;CAIhC,CAAC;AAEF,oDAAoD;AACpD,eAAO,MAAM,kBAAkB;;;;CAI9B,CAAC"}
|
|
@@ -52,6 +52,17 @@ const LANG_ALIAS_MAP = {
|
|
|
52
52
|
kt: "kotlin",
|
|
53
53
|
kts: "kotlin",
|
|
54
54
|
swift: "swift",
|
|
55
|
+
dart: "dart",
|
|
56
|
+
flutter: "dart",
|
|
57
|
+
bash: "bash",
|
|
58
|
+
sh: "bash",
|
|
59
|
+
shell: "bash",
|
|
60
|
+
zsh: "bash",
|
|
61
|
+
sql: "sql",
|
|
62
|
+
plsql: "sql",
|
|
63
|
+
tsql: "sql",
|
|
64
|
+
mysql: "sql",
|
|
65
|
+
postgresql: "sql",
|
|
55
66
|
dockerfile: "dockerfile",
|
|
56
67
|
docker: "dockerfile",
|
|
57
68
|
containerfile: "dockerfile",
|
|
@@ -75,6 +86,8 @@ export function isJsTs(lang) {
|
|
|
75
86
|
export function isBraceLang(lang) {
|
|
76
87
|
return (lang !== "python" &&
|
|
77
88
|
lang !== "ruby" &&
|
|
89
|
+
lang !== "bash" &&
|
|
90
|
+
lang !== "sql" &&
|
|
78
91
|
lang !== "unknown" &&
|
|
79
92
|
lang !== "terraform" &&
|
|
80
93
|
lang !== "bicep" &&
|
|
@@ -161,6 +174,8 @@ export const ENV_ACCESS = {
|
|
|
161
174
|
ruby: String.raw `ENV\[|ENV\.fetch\s*\(`,
|
|
162
175
|
kotlin: String.raw `System\.getenv\s*\(`,
|
|
163
176
|
swift: String.raw `ProcessInfo\.processInfo\.environment\[`,
|
|
177
|
+
dart: String.raw `Platform\.environment\[|String\.fromEnvironment\s*\(`,
|
|
178
|
+
bash: String.raw `\$\{?\w+\}?|\$\(printenv\s`,
|
|
164
179
|
};
|
|
165
180
|
export const HARDCODED_ENV = {
|
|
166
181
|
jsts: String.raw `process\.env\.\w+\s*\|\|\s*["'][^"']+["']`,
|
|
@@ -170,6 +185,8 @@ export const HARDCODED_ENV = {
|
|
|
170
185
|
java: String.raw `getenv\s*\(.*\)\s*(?:!=\s*null\s*\?|==\s*null)`,
|
|
171
186
|
go: String.raw `os\.Getenv\s*\(.*\)\s*==\s*["']`,
|
|
172
187
|
powershell: String.raw `\$env:\w+\s*=\s*["'][^"']+["']`,
|
|
188
|
+
dart: String.raw `String\.fromEnvironment\s*\(\s*["'][^"']+["']\s*,\s*defaultValue:\s*["'][^"']+["']\)`,
|
|
189
|
+
bash: String.raw `\w+=\s*["'][^"']+["']\s*$`,
|
|
173
190
|
};
|
|
174
191
|
// ── Function Definitions ─────────────────────────────────────────────────────
|
|
175
192
|
export const FUNCTION_DEF = {
|
|
@@ -184,6 +201,9 @@ export const FUNCTION_DEF = {
|
|
|
184
201
|
ruby: String.raw `def\s+\w+`,
|
|
185
202
|
kotlin: String.raw `(?:fun|suspend\s+fun)\s+\w+\s*\(`,
|
|
186
203
|
swift: String.raw `(?:func|class\s+func|static\s+func)\s+\w+\s*\(`,
|
|
204
|
+
dart: String.raw `(?:void|Future|Stream|int|double|String|bool|dynamic|\w+)\s+\w+\s*\(|\w+\s+\w+\s*\(`,
|
|
205
|
+
bash: String.raw `(?:function\s+\w+|\w+\s*\(\s*\))\s*\{`,
|
|
206
|
+
sql: String.raw `CREATE\s+(?:OR\s+REPLACE\s+)?(?:FUNCTION|PROCEDURE)\s+\w+`,
|
|
187
207
|
};
|
|
188
208
|
// ── Error Handling ───────────────────────────────────────────────────────────
|
|
189
209
|
export const TRY_CATCH = {
|
|
@@ -198,6 +218,8 @@ export const TRY_CATCH = {
|
|
|
198
218
|
ruby: String.raw `begin\s*$|rescue\b`,
|
|
199
219
|
kotlin: String.raw `try\s*\{`,
|
|
200
220
|
swift: String.raw `do\s*\{.*catch`,
|
|
221
|
+
dart: String.raw `try\s*\{`,
|
|
222
|
+
bash: String.raw `trap\s|\|\|\s`,
|
|
201
223
|
};
|
|
202
224
|
export const EMPTY_CATCH = {
|
|
203
225
|
jsts: String.raw `catch\s*(?:\([^)]*\))?\s*\{\s*(?:\/\/[^\n]*)?\s*\}`,
|
|
@@ -211,6 +233,8 @@ export const EMPTY_CATCH = {
|
|
|
211
233
|
ruby: String.raw `rescue\s*(?:=>\s*\w+)?\s*$`,
|
|
212
234
|
kotlin: String.raw `catch\s*\([^)]*\)\s*\{\s*(?:\/\/[^\n]*)?\s*\}`,
|
|
213
235
|
swift: String.raw `catch\s*\{\s*(?:\/\/[^\n]*)?\s*\}`,
|
|
236
|
+
dart: String.raw `catch\s*\([^)]*\)\s*\{\s*(?:\/\/[^\n]*)?\s*\}`,
|
|
237
|
+
bash: String.raw `\|\|\s*true|\|\|\s*:`,
|
|
214
238
|
};
|
|
215
239
|
export const GENERIC_CATCH = {
|
|
216
240
|
jsts: String.raw `catch\s*\(\s*\w+\s*\)`,
|
|
@@ -223,6 +247,8 @@ export const GENERIC_CATCH = {
|
|
|
223
247
|
ruby: String.raw `rescue\s*$|rescue\s+(?:Exception|StandardError)\b`,
|
|
224
248
|
kotlin: String.raw `catch\s*\(\s*\w+\s*:\s*(?:Exception|Throwable)\s*\)`,
|
|
225
249
|
swift: String.raw `catch\s*\{|catch\s+let\s+\w+\s*\{`,
|
|
250
|
+
dart: String.raw `catch\s*\(\s*e\s*\)`,
|
|
251
|
+
bash: String.raw `trap\s+['"]-?['"']`,
|
|
226
252
|
};
|
|
227
253
|
export const PANIC_UNWRAP = {
|
|
228
254
|
rust: String.raw `\.unwrap\(\)|\.expect\(|panic!\(|unreachable!\(`,
|
|
@@ -236,6 +262,8 @@ export const PANIC_UNWRAP = {
|
|
|
236
262
|
ruby: String.raw `exit\s*\(!?|abort\s*\(|Kernel\.exit`,
|
|
237
263
|
kotlin: String.raw `exitProcess\s*\(|(?<![.\w])error\s*\(`,
|
|
238
264
|
swift: String.raw `fatalError\s*\(|preconditionFailure\s*\(|exit\s*\(`,
|
|
265
|
+
dart: String.raw `exit\s*\(|throw\s+StateError`,
|
|
266
|
+
bash: String.raw `exit\s+\d|kill\s`,
|
|
239
267
|
};
|
|
240
268
|
// ── Weak / Dynamic Types ────────────────────────────────────────────────────
|
|
241
269
|
export const WEAK_TYPE = {
|
|
@@ -252,6 +280,7 @@ export const WEAK_TYPE = {
|
|
|
252
280
|
php: String.raw `mixed\b|\$\w+\s*\/\*\*.*@var\s+mixed`,
|
|
253
281
|
kotlin: String.raw `:\s*Any\??\b|as\??\s+Any\b`,
|
|
254
282
|
swift: String.raw `:\s*Any\b|as!\s|unsafeBitCast\s*\(`,
|
|
283
|
+
dart: String.raw `\bdynamic\b`,
|
|
255
284
|
};
|
|
256
285
|
// ── Async / Concurrency ─────────────────────────────────────────────────────
|
|
257
286
|
export const ASYNC_FUNCTION = {
|
|
@@ -266,6 +295,8 @@ export const ASYNC_FUNCTION = {
|
|
|
266
295
|
ruby: String.raw `Async\b|Thread\.new|Concurrent::`,
|
|
267
296
|
kotlin: String.raw `suspend\s+fun|launch\s*\{|async\s*\{|withContext\s*\(`,
|
|
268
297
|
swift: String.raw `async\s+func|Task\s*\{|TaskGroup`,
|
|
298
|
+
dart: String.raw `async\s+\{|Future<|Stream<|async\*`,
|
|
299
|
+
bash: String.raw `&\s*$|\bwait\b|\bnohup\b`,
|
|
269
300
|
};
|
|
270
301
|
export const MISSING_AWAIT = {
|
|
271
302
|
jsts: String.raw `(?:^|\s)(?!await\s)(?:fetch|axios|got|request)\s*\(`,
|
|
@@ -273,6 +304,7 @@ export const MISSING_AWAIT = {
|
|
|
273
304
|
rust: String.raw `(?:^|\s)(?!\.await)tokio::`,
|
|
274
305
|
csharp: String.raw `(?:^|\s)(?!await\s)(?:HttpClient|Task\.Run)`,
|
|
275
306
|
java: String.raw `(?:^|\s)(?!\.get\(\))CompletableFuture`,
|
|
307
|
+
dart: String.raw `(?:^|\s)(?!await\s)(?:http\.get|http\.post|dio\.get)`,
|
|
276
308
|
};
|
|
277
309
|
export const SHARED_MUTABLE = {
|
|
278
310
|
jsts: String.raw `(?:let|var|const)\s+\w+\s*(?::[^=]+)?\s*=\s*(?:\{|\[|\d+|new\s)`,
|
|
@@ -288,6 +320,7 @@ export const SHARED_MUTABLE = {
|
|
|
288
320
|
ruby: String.raw `(?:@@\w+\s*=|\$\w+\s*=)`,
|
|
289
321
|
kotlin: String.raw `(?:companion\s+object.*var\b|@Volatile)`,
|
|
290
322
|
swift: String.raw `(?:static\s+var\b|class\s+var\b)`,
|
|
323
|
+
dart: String.raw `(?:static\s+(?!final|const)\w+\s+\w+\s*=)`,
|
|
291
324
|
};
|
|
292
325
|
// ── Imports / Dependencies ───────────────────────────────────────────────────
|
|
293
326
|
export const WILDCARD_IMPORT = {
|
|
@@ -297,6 +330,7 @@ export const WILDCARD_IMPORT = {
|
|
|
297
330
|
csharp: String.raw `using\s+static\s+[\w.]+\.\*`,
|
|
298
331
|
php: String.raw `use\s+[\w\\]+\\\{[^}]*\}`,
|
|
299
332
|
kotlin: String.raw `import\s+[\w.]+\.\*\s*$`,
|
|
333
|
+
dart: String.raw `import\s+['"][^'"]+['"]\s+show\s`,
|
|
300
334
|
};
|
|
301
335
|
export const DEPRECATED_IMPORT = {
|
|
302
336
|
jsts: String.raw `require\s*\(\s*["'](?:crypto|http|url|querystring|path)["']\s*\)`,
|
|
@@ -316,6 +350,8 @@ export const SQL_INJECTION = {
|
|
|
316
350
|
ruby: String.raw `(?:ActiveRecord|\w+\.(?:where|find_by_sql|execute))\s*\(\s*(?:["'].*#\{|["'].*\+)`,
|
|
317
351
|
kotlin: String.raw `(?:executeQuery|createQuery|nativeQuery|createStatement)\s*\(\s*(?:["'].*\+|\$?["'].*\$\w+)`,
|
|
318
352
|
swift: String.raw `(?:execute|prepare)\s*\(\s*(?:["'].*\\\(|["'].*\+)`,
|
|
353
|
+
dart: String.raw `(?:rawQuery|execute|rawInsert)\s*\(\s*(?:["'].*\$|["'].*\+)`,
|
|
354
|
+
sql: String.raw `EXECUTE\s*\(\s*@|EXEC\s*\(\s*@|\+\s*@\w+`,
|
|
319
355
|
};
|
|
320
356
|
// ── Security: Command Injection ──────────────────────────────────────────────
|
|
321
357
|
export const COMMAND_INJECTION = {
|
|
@@ -330,6 +366,8 @@ export const COMMAND_INJECTION = {
|
|
|
330
366
|
ruby: String.raw `(?:system|exec|\x60|%x).*#\{|Kernel\.system\s*\(.*\+`,
|
|
331
367
|
kotlin: String.raw `Runtime\.getRuntime\(\)\.exec\s*\(.*\+|ProcessBuilder\s*\(.*\+`,
|
|
332
368
|
swift: String.raw `Process\(\).*arguments.*\+|NSTask\b`,
|
|
369
|
+
dart: String.raw `Process\.(?:run|start)\s*\(.*(?:\+|\$)`,
|
|
370
|
+
bash: String.raw `eval\s+\$|\$\(.*\$\{`,
|
|
333
371
|
};
|
|
334
372
|
// ── Security: Hardcoded Secrets ──────────────────────────────────────────────
|
|
335
373
|
export const HARDCODED_PASSWORD = {
|
|
@@ -354,6 +392,7 @@ export const WEAK_HASH = {
|
|
|
354
392
|
ruby: String.raw `Digest::(?:MD5|SHA1)`,
|
|
355
393
|
kotlin: String.raw `MessageDigest\.getInstance\s*\(\s*["'](?:MD5|SHA-?1)["']\)`,
|
|
356
394
|
swift: String.raw `CC_MD5|CC_SHA1|Insecure\.(?:MD5|SHA1)`,
|
|
395
|
+
dart: String.raw `md5\.convert|sha1\.convert|Digest\.(?:md5|sha1)`,
|
|
357
396
|
};
|
|
358
397
|
// ── Security: Eval / Dynamic Execution ───────────────────────────────────────
|
|
359
398
|
export const EVAL_USAGE = {
|
|
@@ -368,6 +407,8 @@ export const EVAL_USAGE = {
|
|
|
368
407
|
ruby: String.raw `\beval\s*\(|\bsend\s*\(|\binstance_eval\s*\(|\bclass_eval\s*\(`,
|
|
369
408
|
kotlin: String.raw `ScriptEngine\.eval\s*\(`,
|
|
370
409
|
swift: String.raw `NSExpression\b|JSContext\b.*evaluateScript`,
|
|
410
|
+
dart: String.raw `(?!)`,
|
|
411
|
+
bash: String.raw `\beval\s|source\s`,
|
|
371
412
|
};
|
|
372
413
|
// ── Security: TLS / Certificate ──────────────────────────────────────────────
|
|
373
414
|
export const TLS_DISABLED = {
|
|
@@ -382,6 +423,7 @@ export const TLS_DISABLED = {
|
|
|
382
423
|
ruby: String.raw `verify_mode\s*=\s*OpenSSL::SSL::VERIFY_NONE|ssl_verify_mode.*VERIFY_NONE`,
|
|
383
424
|
kotlin: String.raw `TrustAllCerts|X509TrustManager|trustAllCerts`,
|
|
384
425
|
swift: String.raw `ServerTrustPolicy\.disableEvaluation|allowsSelfSignedCertificates\s*=\s*true`,
|
|
426
|
+
dart: String.raw `badCertificateCallback.*true|allowBadCertificates\s*=\s*true`,
|
|
385
427
|
};
|
|
386
428
|
// ── Security: CORS ───────────────────────────────────────────────────────────
|
|
387
429
|
export const CORS_WILDCARD = {
|
|
@@ -394,6 +436,7 @@ export const CORS_WILDCARD = {
|
|
|
394
436
|
ruby: String.raw `allow_origin\s+["']\*["']|origins\s+["']\*["']`,
|
|
395
437
|
kotlin: String.raw `@CrossOrigin\s*$|allowedOrigins\s*=.*\*`,
|
|
396
438
|
swift: String.raw `Access-Control-Allow-Origin.*\*`,
|
|
439
|
+
dart: String.raw `Access-Control-Allow-Origin.*\*|allowedOrigins.*\*`,
|
|
397
440
|
};
|
|
398
441
|
// ── Web Framework Routes ─────────────────────────────────────────────────────
|
|
399
442
|
export const HTTP_ROUTE = {
|
|
@@ -407,6 +450,7 @@ export const HTTP_ROUTE = {
|
|
|
407
450
|
ruby: String.raw `(?:get|post|put|delete|patch)\s+["']/|resources?\s+:\w+`,
|
|
408
451
|
kotlin: String.raw `@(?:Get|Post|Put|Delete|Patch)Mapping|routing\s*\{`,
|
|
409
452
|
swift: String.raw `\.(?:get|post|put|delete|patch)\s*\(|@(?:GET|POST|PUT|DELETE)`,
|
|
453
|
+
dart: String.raw `@(?:Route|Get|Post|Put|Delete)\s*\(|app\.(?:get|post|put|delete)\s*\(`,
|
|
410
454
|
};
|
|
411
455
|
// ── Logging ──────────────────────────────────────────────────────────────────
|
|
412
456
|
export const CONSOLE_LOG = {
|
|
@@ -421,6 +465,8 @@ export const CONSOLE_LOG = {
|
|
|
421
465
|
ruby: String.raw `(?:puts|p|pp|print|warn)\s`,
|
|
422
466
|
kotlin: String.raw `println\s*\(|print\s*\(`,
|
|
423
467
|
swift: String.raw `print\s*\(|debugPrint\s*\(|dump\s*\(`,
|
|
468
|
+
dart: String.raw `print\s*\(|debugPrint\s*\(`,
|
|
469
|
+
bash: String.raw `echo\s|printf\s`,
|
|
424
470
|
};
|
|
425
471
|
export const STRUCTURED_LOG = {
|
|
426
472
|
jsts: String.raw `(?:winston|bunyan|pino|log4js|logger)\.\w+\s*\(`,
|
|
@@ -433,6 +479,7 @@ export const STRUCTURED_LOG = {
|
|
|
433
479
|
ruby: String.raw `(?:Rails\.logger|Logger\.new|logger)\.\w+\s*\(`,
|
|
434
480
|
kotlin: String.raw `(?:Logger|log|logger)\.\w+\s*\(|LoggerFactory\.getLogger`,
|
|
435
481
|
swift: String.raw `(?:Logger|os_log|OSLog)\.\w+\s*\(|Logger\(`,
|
|
482
|
+
dart: String.raw `(?:Logger|log|logger)\.\w+\s*\(|logging\.Logger`,
|
|
436
483
|
};
|
|
437
484
|
// ── Testing ──────────────────────────────────────────────────────────────────
|
|
438
485
|
export const TEST_FUNCTION = {
|
|
@@ -447,6 +494,8 @@ export const TEST_FUNCTION = {
|
|
|
447
494
|
ruby: String.raw `(?:describe|it|context|before|after)\s+["']|def\s+test_`,
|
|
448
495
|
kotlin: String.raw `@Test\b|@BeforeEach|@AfterEach`,
|
|
449
496
|
swift: String.raw `func\s+test\w+\s*\(|XCTAssert`,
|
|
497
|
+
dart: String.raw `(?:test|testWidgets|group)\s*\(|void\s+main\s*\(\)\s*\{`,
|
|
498
|
+
bash: String.raw `@test\b|assert\s|bats\b`,
|
|
450
499
|
};
|
|
451
500
|
export const ASSERTION = {
|
|
452
501
|
jsts: String.raw `(?:expect|assert|should)\s*[\.(]`,
|
|
@@ -460,6 +509,8 @@ export const ASSERTION = {
|
|
|
460
509
|
ruby: String.raw `(?:expect\(|assert_|should\b|must_)`,
|
|
461
510
|
kotlin: String.raw `assert(?:Equals|True|False|NotNull|Throws)\s*\(|assertEquals\s*\(`,
|
|
462
511
|
swift: String.raw `XCTAssert\w*\s*\(|#expect\s*\(`,
|
|
512
|
+
dart: String.raw `expect\s*\(|assert\s*\(`,
|
|
513
|
+
bash: String.raw `\[\s+-(?:eq|ne|lt|gt|le|ge)\s|assert\b`,
|
|
463
514
|
};
|
|
464
515
|
// ── Documentation ────────────────────────────────────────────────────────────
|
|
465
516
|
export const DOC_COMMENT = {
|
|
@@ -474,6 +525,8 @@ export const DOC_COMMENT = {
|
|
|
474
525
|
ruby: String.raw `#\s+@(?:param|return|note|example)|=begin[\s\S]*?=end`,
|
|
475
526
|
kotlin: String.raw `/\*\*[\s\S]*?\*/|///\s`,
|
|
476
527
|
swift: String.raw `///\s|/\*\*[\s\S]*?\*/`,
|
|
528
|
+
dart: String.raw `///\s|/\*\*[\s\S]*?\*/`,
|
|
529
|
+
sql: String.raw `--\s|/\*\*[\s\S]*?\*/`,
|
|
477
530
|
};
|
|
478
531
|
// ── Loop Constructs ──────────────────────────────────────────────────────────
|
|
479
532
|
export const FOR_LOOP = {
|
|
@@ -488,6 +541,9 @@ export const FOR_LOOP = {
|
|
|
488
541
|
ruby: String.raw `\.each\b|\.map\b|\.select\b|\.inject\b|for\s+\w+\s+in\b`,
|
|
489
542
|
kotlin: String.raw `for\s*\(|\.forEach\s*\{|\.map\s*\{`,
|
|
490
543
|
swift: String.raw `for\s+\w+\s+in\s|\.forEach\s*\{|\.map\s*\{`,
|
|
544
|
+
dart: String.raw `for\s*\(|\.forEach\s*\(|\.map\s*\(`,
|
|
545
|
+
bash: String.raw `for\s+\w+\s+in\s|while\s+`,
|
|
546
|
+
sql: String.raw `CURSOR\s+\w+|WHILE\s+|LOOP\b`,
|
|
491
547
|
};
|
|
492
548
|
// ── Type / Class Definitions ─────────────────────────────────────────────────
|
|
493
549
|
export const CLASS_DEF = {
|
|
@@ -502,6 +558,7 @@ export const CLASS_DEF = {
|
|
|
502
558
|
ruby: String.raw `(?:class|module)\s+\w+`,
|
|
503
559
|
kotlin: String.raw `(?:class|data\s+class|object|interface|sealed\s+class|enum\s+class)\s+\w+`,
|
|
504
560
|
swift: String.raw `(?:class|struct|enum|protocol|actor)\s+\w+`,
|
|
561
|
+
dart: String.raw `(?:class|abstract\s+class|mixin|extension)\s+\w+`,
|
|
505
562
|
};
|
|
506
563
|
// ── Package Manifests ────────────────────────────────────────────────────────
|
|
507
564
|
export const MANIFEST_FILES = {
|
|
@@ -521,6 +578,9 @@ export const MANIFEST_FILES = {
|
|
|
521
578
|
ruby: ["Gemfile", "Gemfile.lock", "*.gemspec"],
|
|
522
579
|
kotlin: ["build.gradle.kts", "build.gradle", "pom.xml"],
|
|
523
580
|
swift: ["Package.swift", "*.xcodeproj", "Podfile"],
|
|
581
|
+
dart: ["pubspec.yaml", "pubspec.lock"],
|
|
582
|
+
bash: [],
|
|
583
|
+
sql: [],
|
|
524
584
|
dockerfile: ["Dockerfile", "Containerfile", ".dockerignore"],
|
|
525
585
|
unknown: [],
|
|
526
586
|
};
|
|
@@ -537,6 +597,7 @@ export const INPUT_VALIDATION = {
|
|
|
537
597
|
ruby: String.raw `params\[|params\.(?:require|permit)\s*\(`,
|
|
538
598
|
kotlin: String.raw `@RequestParam|@PathVariable|@RequestBody|call\.receive\b`,
|
|
539
599
|
swift: String.raw `request\.(?:content|query|parameters)\b|req\.(?:content|query)\b`,
|
|
600
|
+
dart: String.raw `request\.(?:body|params|query|uri)\b`,
|
|
540
601
|
};
|
|
541
602
|
// ── Mutex / Lock ─────────────────────────────────────────────────────────────
|
|
542
603
|
export const MUTEX = {
|
|
@@ -550,6 +611,7 @@ export const MUTEX = {
|
|
|
550
611
|
ruby: String.raw `Mutex\.new|Monitor\.new|\bsynchronize\b`,
|
|
551
612
|
kotlin: String.raw `(?:synchronized\b|Mutex|ReentrantLock|Semaphore)`,
|
|
552
613
|
swift: String.raw `NSLock|NSRecursiveLock|DispatchSemaphore|os_unfair_lock`,
|
|
614
|
+
dart: String.raw `Lock\b|Completer\b|synchronized\b`,
|
|
553
615
|
};
|
|
554
616
|
// ── Database Access ──────────────────────────────────────────────────────────
|
|
555
617
|
export const DB_QUERY = {
|
|
@@ -564,6 +626,8 @@ export const DB_QUERY = {
|
|
|
564
626
|
ruby: String.raw `ActiveRecord|\w+\.(?:where|find|find_by|select|pluck)\s*\(`,
|
|
565
627
|
kotlin: String.raw `\.(?:executeQuery|createQuery|persist|find)\s*\(|transaction\s*\{`,
|
|
566
628
|
swift: String.raw `\.(?:execute|prepare|query)\s*\(|NSFetchRequest`,
|
|
629
|
+
dart: String.raw `\.(?:rawQuery|rawInsert|rawUpdate|rawDelete|query|execute)\s*\(`,
|
|
630
|
+
sql: String.raw `SELECT\s+|INSERT\s+|UPDATE\s+|DELETE\s+|EXEC(?:UTE)?\s+`,
|
|
567
631
|
};
|
|
568
632
|
// ── HTTP Client ──────────────────────────────────────────────────────────────
|
|
569
633
|
export const HTTP_CLIENT = {
|
|
@@ -578,6 +642,8 @@ export const HTTP_CLIENT = {
|
|
|
578
642
|
ruby: String.raw `Net::HTTP|HTTParty|Faraday|RestClient`,
|
|
579
643
|
kotlin: String.raw `HttpClient\.\w+\s*\(|OkHttpClient|Fuel\.\w+\s*\(|ktor.*client`,
|
|
580
644
|
swift: String.raw `URLSession\.\w+\s*\(|URLRequest\s*\(|Alamofire`,
|
|
645
|
+
dart: String.raw `http\.(?:get|post|put|delete)\s*\(|Dio\(|HttpClient\(`,
|
|
646
|
+
bash: String.raw `curl\s|wget\s`,
|
|
581
647
|
};
|
|
582
648
|
// ── Config / Constants ───────────────────────────────────────────────────────
|
|
583
649
|
export const MAGIC_NUMBER = {
|
|
@@ -588,6 +654,8 @@ export const MAGIC_NUMBER = {
|
|
|
588
654
|
java: String.raw `(?:==|!=|<=?|>=?|&&|\|\|)\s*\d{2,}|(?:TIMEOUT|DELAY|LIMIT|MAX|MIN|SIZE|COUNT|PORT)\s*=\s*\d{3,}`,
|
|
589
655
|
go: String.raw `(?:==|!=|<=?|>=?|&&|\|\|)\s*\d{2,}|(?:timeout|delay|limit|max|min|size|count|port)\s*[:=]\s*\d{3,}`,
|
|
590
656
|
powershell: String.raw `(?:-eq|-ne|-lt|-le|-gt|-ge)\s*\d{2,}|(?:Timeout|Delay|Limit|Max|Min|Size|Count|Port)\s*=\s*\d{3,}`,
|
|
657
|
+
dart: String.raw `(?:==|!=|<=?|>=?|&&|\|\|)\s*\d{2,}|(?:timeout|delay|limit|max|min|size|count|port)\s*[:=]\s*\d{3,}`,
|
|
658
|
+
bash: String.raw `(?:-eq|-ne|-lt|-le|-gt|-ge)\s*\d{2,}|(?:TIMEOUT|DELAY|LIMIT|MAX|MIN|SIZE|COUNT|PORT)=\s*\d{3,}`,
|
|
591
659
|
};
|
|
592
660
|
// ── TODO / FIXME ─────────────────────────────────────────────────────────────
|
|
593
661
|
export const TODO_FIXME = {
|
|
@@ -606,6 +674,9 @@ export const LINTER_DISABLE = {
|
|
|
606
674
|
ruby: String.raw `rubocop:disable|# :nocov:|# :reek:`,
|
|
607
675
|
kotlin: String.raw `@Suppress\(|@SuppressWarnings|detekt:`,
|
|
608
676
|
swift: String.raw `swiftlint:disable|nolint`,
|
|
677
|
+
dart: String.raw `// ignore:|// ignore_for_file:`,
|
|
678
|
+
bash: String.raw `# shellcheck\s+disable`,
|
|
679
|
+
sql: String.raw `-- noqa|-- noinspection`,
|
|
609
680
|
};
|
|
610
681
|
// ── Serialization ────────────────────────────────────────────────────────────
|
|
611
682
|
export const UNSAFE_DESERIALIZATION = {
|
|
@@ -620,6 +691,8 @@ export const UNSAFE_DESERIALIZATION = {
|
|
|
620
691
|
ruby: String.raw `Marshal\.load|YAML\.load(?!_safe)|Oj\.load`,
|
|
621
692
|
kotlin: String.raw `ObjectInputStream\.readObject|readObject\s*\(`,
|
|
622
693
|
swift: String.raw `NSKeyedUnarchiver\.unarchiveObject|JSONDecoder\(\)\.decode.*(?:request|input)`,
|
|
694
|
+
dart: String.raw `jsonDecode\s*\(.*(?:request|body|input)`,
|
|
695
|
+
bash: String.raw `eval\s+\$\(cat\s`,
|
|
623
696
|
};
|
|
624
697
|
// ── Memory / Resource ────────────────────────────────────────────────────────
|
|
625
698
|
export const RESOURCE_LEAK = {
|
|
@@ -634,6 +707,8 @@ export const RESOURCE_LEAK = {
|
|
|
634
707
|
ruby: String.raw `File\.open\s*\((?!.*\bdo\b)|IO\.(?:popen|sysopen)\s*\(`,
|
|
635
708
|
kotlin: String.raw `FileInputStream\s*\(|FileOutputStream\s*\(|Socket\s*\(`,
|
|
636
709
|
swift: String.raw `FileHandle\(|InputStream\(|OutputStream\(`,
|
|
710
|
+
dart: String.raw `File\(|HttpClient\(|Socket\.connect`,
|
|
711
|
+
bash: String.raw `exec\s+\d+>|mkfifo\s`,
|
|
637
712
|
};
|
|
638
713
|
// ── Deprecated APIs ──────────────────────────────────────────────────────────
|
|
639
714
|
export const DEPRECATED_API = {
|
|
@@ -647,6 +722,7 @@ export const DEPRECATED_API = {
|
|
|
647
722
|
ruby: String.raw `File\.exists\?|URI\.escape|Fixnum\b|Bignum\b`,
|
|
648
723
|
kotlin: String.raw `\.newInstance\s*\(\s*\)|Date\s*\(\s*\)`,
|
|
649
724
|
swift: String.raw `URLRequest.*HTTPBody|NSURLConnection\b`,
|
|
725
|
+
dart: String.raw `\.then\s*\(.*\.catchError|new\s+HttpClient\(`,
|
|
650
726
|
};
|
|
651
727
|
// ── Framework-Specific Security Patterns ─────────────────────────────────────
|
|
652
728
|
// Detect common security misconfigurations in popular web frameworks.
|
|
@@ -660,6 +736,7 @@ export const FRAMEWORK_DEBUG_MODE = {
|
|
|
660
736
|
ruby: String.raw `config\.consider_all_requests_local\s*=\s*true`,
|
|
661
737
|
kotlin: String.raw `server\.error\.include-stacktrace\s*=\s*always`,
|
|
662
738
|
swift: String.raw `\.environment\s*=\s*\.development`,
|
|
739
|
+
dart: String.raw `kDebugMode|kReleaseMode\s*==\s*false`,
|
|
663
740
|
};
|
|
664
741
|
/** Missing HTTPS / security middleware in frameworks */
|
|
665
742
|
export const FRAMEWORK_MISSING_SECURITY = {
|
|
@@ -671,6 +748,7 @@ export const FRAMEWORK_MISSING_SECURITY = {
|
|
|
671
748
|
php: String.raw `Route::(?:get|post)\s*\((?!.*middleware|.*auth)`,
|
|
672
749
|
ruby: String.raw `skip_before_action\s*:\s*(?:authenticate|verify)`,
|
|
673
750
|
swift: String.raw `app\.http\.server\.configuration\.hostname\s*=\s*["']0\.0\.0\.0`,
|
|
751
|
+
dart: String.raw `app\.listen\s*\(\s*(?:80|3000)\b`,
|
|
674
752
|
};
|
|
675
753
|
/** Framework-specific secret key / session misconfigurations */
|
|
676
754
|
export const FRAMEWORK_SECRET_KEY = {
|