@neurcode-ai/cli 0.9.64 → 0.9.66
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +201 -0
- package/dist/commands/bootstrap-policy.d.ts +29 -0
- package/dist/commands/bootstrap-policy.d.ts.map +1 -0
- package/dist/commands/bootstrap-policy.js +334 -0
- package/dist/commands/bootstrap-policy.js.map +1 -0
- package/dist/commands/brain.d.ts.map +1 -1
- package/dist/commands/brain.js +273 -0
- package/dist/commands/brain.js.map +1 -1
- package/dist/commands/doctor.d.ts.map +1 -1
- package/dist/commands/doctor.js +82 -0
- package/dist/commands/doctor.js.map +1 -1
- package/dist/commands/pilot-report.d.ts +9 -0
- package/dist/commands/pilot-report.d.ts.map +1 -0
- package/dist/commands/pilot-report.js +176 -0
- package/dist/commands/pilot-report.js.map +1 -0
- package/dist/commands/quickstart.d.ts +21 -0
- package/dist/commands/quickstart.d.ts.map +1 -0
- package/dist/commands/quickstart.js +178 -0
- package/dist/commands/quickstart.js.map +1 -0
- package/dist/commands/remediate-export.d.ts +31 -0
- package/dist/commands/remediate-export.d.ts.map +1 -0
- package/dist/commands/remediate-export.js +283 -0
- package/dist/commands/remediate-export.js.map +1 -0
- package/dist/commands/remediate-governance.d.ts +54 -0
- package/dist/commands/remediate-governance.d.ts.map +1 -0
- package/dist/commands/remediate-governance.js +375 -0
- package/dist/commands/remediate-governance.js.map +1 -0
- package/dist/commands/remediate.d.ts.map +1 -1
- package/dist/commands/remediate.js.map +1 -1
- package/dist/commands/replay.d.ts.map +1 -1
- package/dist/commands/replay.js +30 -0
- package/dist/commands/replay.js.map +1 -1
- package/dist/commands/verify.d.ts.map +1 -1
- package/dist/commands/verify.js +409 -30
- package/dist/commands/verify.js.map +1 -1
- package/dist/daemon/server.d.ts.map +1 -1
- package/dist/daemon/server.js +1078 -0
- package/dist/daemon/server.js.map +1 -1
- package/dist/explainability/DeterminismClassifier.d.ts +34 -0
- package/dist/explainability/DeterminismClassifier.d.ts.map +1 -0
- package/dist/explainability/DeterminismClassifier.js +104 -0
- package/dist/explainability/DeterminismClassifier.js.map +1 -0
- package/dist/explainability/ViolationFormatter.d.ts +32 -0
- package/dist/explainability/ViolationFormatter.d.ts.map +1 -0
- package/dist/explainability/ViolationFormatter.js +252 -0
- package/dist/explainability/ViolationFormatter.js.map +1 -0
- package/dist/explainability/index.d.ts +15 -0
- package/dist/explainability/index.d.ts.map +1 -0
- package/dist/explainability/index.js +94 -0
- package/dist/explainability/index.js.map +1 -0
- package/dist/explainability/types.d.ts +37 -0
- package/dist/explainability/types.d.ts.map +1 -0
- package/dist/explainability/types.js +3 -0
- package/dist/explainability/types.js.map +1 -0
- package/dist/governance/canonical-invariants.d.ts +88 -0
- package/dist/governance/canonical-invariants.d.ts.map +1 -0
- package/dist/governance/canonical-invariants.js +197 -0
- package/dist/governance/canonical-invariants.js.map +1 -0
- package/dist/governance/canonical-ordering.d.ts +76 -0
- package/dist/governance/canonical-ordering.d.ts.map +1 -0
- package/dist/governance/canonical-ordering.js +189 -0
- package/dist/governance/canonical-ordering.js.map +1 -0
- package/dist/governance/canonical-pipeline.d.ts +45 -0
- package/dist/governance/canonical-pipeline.d.ts.map +1 -0
- package/dist/governance/canonical-pipeline.js +616 -0
- package/dist/governance/canonical-pipeline.js.map +1 -0
- package/dist/governance/diff-line-provenance.d.ts +59 -0
- package/dist/governance/diff-line-provenance.d.ts.map +1 -0
- package/dist/governance/diff-line-provenance.js +118 -0
- package/dist/governance/diff-line-provenance.js.map +1 -0
- package/dist/governance/pilot-readiness.d.ts +34 -0
- package/dist/governance/pilot-readiness.d.ts.map +1 -0
- package/dist/governance/pilot-readiness.js +226 -0
- package/dist/governance/pilot-readiness.js.map +1 -0
- package/dist/governance/policy-parity-validator.d.ts +62 -0
- package/dist/governance/policy-parity-validator.d.ts.map +1 -0
- package/dist/governance/policy-parity-validator.js +137 -0
- package/dist/governance/policy-parity-validator.js.map +1 -0
- package/dist/governance/remediation-boundary.d.ts +55 -0
- package/dist/governance/remediation-boundary.d.ts.map +1 -0
- package/dist/governance/remediation-boundary.js +120 -0
- package/dist/governance/remediation-boundary.js.map +1 -0
- package/dist/governance/structural-cache.d.ts +103 -0
- package/dist/governance/structural-cache.d.ts.map +1 -0
- package/dist/governance/structural-cache.js +240 -0
- package/dist/governance/structural-cache.js.map +1 -0
- package/dist/governance/structural-on-diff.d.ts +33 -0
- package/dist/governance/structural-on-diff.d.ts.map +1 -0
- package/dist/governance/structural-on-diff.js +67 -0
- package/dist/governance/structural-on-diff.js.map +1 -0
- package/dist/governance/structural-policy-merge.d.ts +22 -0
- package/dist/governance/structural-policy-merge.d.ts.map +1 -0
- package/dist/governance/structural-policy-merge.js +32 -0
- package/dist/governance/structural-policy-merge.js.map +1 -0
- package/dist/governance/verify-runtime-guard.d.ts +99 -0
- package/dist/governance/verify-runtime-guard.d.ts.map +1 -0
- package/dist/governance/verify-runtime-guard.js +129 -0
- package/dist/governance/verify-runtime-guard.js.map +1 -0
- package/dist/index.js +107 -0
- package/dist/index.js.map +1 -1
- package/dist/integrations/review-compression/index.d.ts +50 -0
- package/dist/integrations/review-compression/index.d.ts.map +1 -0
- package/dist/integrations/review-compression/index.js +158 -0
- package/dist/integrations/review-compression/index.js.map +1 -0
- package/dist/intent-engine/domain-taxonomy.d.ts +42 -0
- package/dist/intent-engine/domain-taxonomy.d.ts.map +1 -0
- package/dist/intent-engine/domain-taxonomy.js +534 -0
- package/dist/intent-engine/domain-taxonomy.js.map +1 -0
- package/dist/intent-engine/index.d.ts +1 -0
- package/dist/intent-engine/index.d.ts.map +1 -1
- package/dist/intent-engine/index.js +6 -1
- package/dist/intent-engine/index.js.map +1 -1
- package/dist/intent-engine/parser.d.ts.map +1 -1
- package/dist/intent-engine/parser.js +47 -0
- package/dist/intent-engine/parser.js.map +1 -1
- package/dist/intent-engine/repo-classifier.d.ts +64 -0
- package/dist/intent-engine/repo-classifier.d.ts.map +1 -0
- package/dist/intent-engine/repo-classifier.js +178 -0
- package/dist/intent-engine/repo-classifier.js.map +1 -0
- package/dist/intent-engine/semantic-expander.d.ts +104 -0
- package/dist/intent-engine/semantic-expander.d.ts.map +1 -0
- package/dist/intent-engine/semantic-expander.js +480 -0
- package/dist/intent-engine/semantic-expander.js.map +1 -0
- package/dist/patch-engine/patterns.d.ts.map +1 -1
- package/dist/patch-engine/patterns.js +8 -4
- package/dist/patch-engine/patterns.js.map +1 -1
- package/dist/semantic/index.d.ts +14 -0
- package/dist/semantic/index.d.ts.map +1 -0
- package/dist/semantic/index.js +30 -0
- package/dist/semantic/index.js.map +1 -0
- package/dist/semantic/tfidf-engine.d.ts +81 -0
- package/dist/semantic/tfidf-engine.d.ts.map +1 -0
- package/dist/semantic/tfidf-engine.js +278 -0
- package/dist/semantic/tfidf-engine.js.map +1 -0
- package/dist/semantic/vector-store.d.ts +108 -0
- package/dist/semantic/vector-store.d.ts.map +1 -0
- package/dist/semantic/vector-store.js +321 -0
- package/dist/semantic/vector-store.js.map +1 -0
- package/dist/structural-rules/context-severity.d.ts +46 -0
- package/dist/structural-rules/context-severity.d.ts.map +1 -0
- package/dist/structural-rules/context-severity.js +115 -0
- package/dist/structural-rules/context-severity.js.map +1 -0
- package/dist/structural-rules/distributed/DS001-saga-rollback-absence.d.ts +11 -0
- package/dist/structural-rules/distributed/DS001-saga-rollback-absence.d.ts.map +1 -0
- package/dist/structural-rules/distributed/DS001-saga-rollback-absence.js +212 -0
- package/dist/structural-rules/distributed/DS001-saga-rollback-absence.js.map +1 -0
- package/dist/structural-rules/distributed/DS002-missing-correlation-id.d.ts +11 -0
- package/dist/structural-rules/distributed/DS002-missing-correlation-id.d.ts.map +1 -0
- package/dist/structural-rules/distributed/DS002-missing-correlation-id.js +213 -0
- package/dist/structural-rules/distributed/DS002-missing-correlation-id.js.map +1 -0
- package/dist/structural-rules/distributed/index.d.ts +3 -0
- package/dist/structural-rules/distributed/index.d.ts.map +1 -0
- package/dist/structural-rules/distributed/index.js +8 -0
- package/dist/structural-rules/distributed/index.js.map +1 -0
- package/dist/structural-rules/engine.d.ts +25 -0
- package/dist/structural-rules/engine.d.ts.map +1 -0
- package/dist/structural-rules/engine.js +90 -0
- package/dist/structural-rules/engine.js.map +1 -0
- package/dist/structural-rules/index.d.ts +45 -0
- package/dist/structural-rules/index.d.ts.map +1 -0
- package/dist/structural-rules/index.js +158 -0
- package/dist/structural-rules/index.js.map +1 -0
- package/dist/structural-rules/python/PY001-asyncio-task-without-cancel.d.ts +11 -0
- package/dist/structural-rules/python/PY001-asyncio-task-without-cancel.d.ts.map +1 -0
- package/dist/structural-rules/python/PY001-asyncio-task-without-cancel.js +66 -0
- package/dist/structural-rules/python/PY001-asyncio-task-without-cancel.js.map +1 -0
- package/dist/structural-rules/python/PY002-unbounded-dict-singleton.d.ts +11 -0
- package/dist/structural-rules/python/PY002-unbounded-dict-singleton.d.ts.map +1 -0
- package/dist/structural-rules/python/PY002-unbounded-dict-singleton.js +135 -0
- package/dist/structural-rules/python/PY002-unbounded-dict-singleton.js.map +1 -0
- package/dist/structural-rules/python/PY003-broad-except-clause.d.ts +32 -0
- package/dist/structural-rules/python/PY003-broad-except-clause.d.ts.map +1 -0
- package/dist/structural-rules/python/PY003-broad-except-clause.js +277 -0
- package/dist/structural-rules/python/PY003-broad-except-clause.js.map +1 -0
- package/dist/structural-rules/python/PY004-swallowed-async-exception.d.ts +11 -0
- package/dist/structural-rules/python/PY004-swallowed-async-exception.d.ts.map +1 -0
- package/dist/structural-rules/python/PY004-swallowed-async-exception.js +167 -0
- package/dist/structural-rules/python/PY004-swallowed-async-exception.js.map +1 -0
- package/dist/structural-rules/python/PY005-fastapi-without-pydantic.d.ts +11 -0
- package/dist/structural-rules/python/PY005-fastapi-without-pydantic.d.ts.map +1 -0
- package/dist/structural-rules/python/PY005-fastapi-without-pydantic.js +154 -0
- package/dist/structural-rules/python/PY005-fastapi-without-pydantic.js.map +1 -0
- package/dist/structural-rules/python/PY006-blocking-io-in-async.d.ts +11 -0
- package/dist/structural-rules/python/PY006-blocking-io-in-async.d.ts.map +1 -0
- package/dist/structural-rules/python/PY006-blocking-io-in-async.js +130 -0
- package/dist/structural-rules/python/PY006-blocking-io-in-async.js.map +1 -0
- package/dist/structural-rules/python/PY007-sqlalchemy-session-leak.d.ts +11 -0
- package/dist/structural-rules/python/PY007-sqlalchemy-session-leak.d.ts.map +1 -0
- package/dist/structural-rules/python/PY007-sqlalchemy-session-leak.js +93 -0
- package/dist/structural-rules/python/PY007-sqlalchemy-session-leak.js.map +1 -0
- package/dist/structural-rules/python/PY008-celery-task-without-retry.d.ts +11 -0
- package/dist/structural-rules/python/PY008-celery-task-without-retry.d.ts.map +1 -0
- package/dist/structural-rules/python/PY008-celery-task-without-retry.js +154 -0
- package/dist/structural-rules/python/PY008-celery-task-without-retry.js.map +1 -0
- package/dist/structural-rules/python/PY009-unsafe-pickle-deserialization.d.ts +11 -0
- package/dist/structural-rules/python/PY009-unsafe-pickle-deserialization.d.ts.map +1 -0
- package/dist/structural-rules/python/PY009-unsafe-pickle-deserialization.js +133 -0
- package/dist/structural-rules/python/PY009-unsafe-pickle-deserialization.js.map +1 -0
- package/dist/structural-rules/python/PY010-leaked-aiohttp-session.d.ts +11 -0
- package/dist/structural-rules/python/PY010-leaked-aiohttp-session.d.ts.map +1 -0
- package/dist/structural-rules/python/PY010-leaked-aiohttp-session.js +80 -0
- package/dist/structural-rules/python/PY010-leaked-aiohttp-session.js.map +1 -0
- package/dist/structural-rules/python/PY011-thread-lifecycle.d.ts +11 -0
- package/dist/structural-rules/python/PY011-thread-lifecycle.d.ts.map +1 -0
- package/dist/structural-rules/python/PY011-thread-lifecycle.js +97 -0
- package/dist/structural-rules/python/PY011-thread-lifecycle.js.map +1 -0
- package/dist/structural-rules/python/PY012-asyncio-run-misuse.d.ts +11 -0
- package/dist/structural-rules/python/PY012-asyncio-run-misuse.d.ts.map +1 -0
- package/dist/structural-rules/python/PY012-asyncio-run-misuse.js +83 -0
- package/dist/structural-rules/python/PY012-asyncio-run-misuse.js.map +1 -0
- package/dist/structural-rules/python/PY013-mutable-default-arg.d.ts +11 -0
- package/dist/structural-rules/python/PY013-mutable-default-arg.d.ts.map +1 -0
- package/dist/structural-rules/python/PY013-mutable-default-arg.js +73 -0
- package/dist/structural-rules/python/PY013-mutable-default-arg.js.map +1 -0
- package/dist/structural-rules/python/PY014-fixed-sleep-retry.d.ts +11 -0
- package/dist/structural-rules/python/PY014-fixed-sleep-retry.d.ts.map +1 -0
- package/dist/structural-rules/python/PY014-fixed-sleep-retry.js +115 -0
- package/dist/structural-rules/python/PY014-fixed-sleep-retry.js.map +1 -0
- package/dist/structural-rules/rules/SR001-swallowed-async-rejection.d.ts +11 -0
- package/dist/structural-rules/rules/SR001-swallowed-async-rejection.d.ts.map +1 -0
- package/dist/structural-rules/rules/SR001-swallowed-async-rejection.js +145 -0
- package/dist/structural-rules/rules/SR001-swallowed-async-rejection.js.map +1 -0
- package/dist/structural-rules/rules/SR002-unbounded-collection.d.ts +11 -0
- package/dist/structural-rules/rules/SR002-unbounded-collection.d.ts.map +1 -0
- package/dist/structural-rules/rules/SR002-unbounded-collection.js +196 -0
- package/dist/structural-rules/rules/SR002-unbounded-collection.js.map +1 -0
- package/dist/structural-rules/rules/SR003-timer-without-cleanup.d.ts +11 -0
- package/dist/structural-rules/rules/SR003-timer-without-cleanup.d.ts.map +1 -0
- package/dist/structural-rules/rules/SR003-timer-without-cleanup.js +148 -0
- package/dist/structural-rules/rules/SR003-timer-without-cleanup.js.map +1 -0
- package/dist/structural-rules/rules/SR004-request-boundary-no-validation.d.ts +11 -0
- package/dist/structural-rules/rules/SR004-request-boundary-no-validation.d.ts.map +1 -0
- package/dist/structural-rules/rules/SR004-request-boundary-no-validation.js +162 -0
- package/dist/structural-rules/rules/SR004-request-boundary-no-validation.js.map +1 -0
- package/dist/structural-rules/rules/SR005-halfopen-probe-gate.d.ts +11 -0
- package/dist/structural-rules/rules/SR005-halfopen-probe-gate.d.ts.map +1 -0
- package/dist/structural-rules/rules/SR005-halfopen-probe-gate.js +150 -0
- package/dist/structural-rules/rules/SR005-halfopen-probe-gate.js.map +1 -0
- package/dist/structural-rules/rules/SR006-fanout-error-sanitization.d.ts +11 -0
- package/dist/structural-rules/rules/SR006-fanout-error-sanitization.d.ts.map +1 -0
- package/dist/structural-rules/rules/SR006-fanout-error-sanitization.js +161 -0
- package/dist/structural-rules/rules/SR006-fanout-error-sanitization.js.map +1 -0
- package/dist/structural-rules/rules/SR007-cross-request-error.d.ts +11 -0
- package/dist/structural-rules/rules/SR007-cross-request-error.d.ts.map +1 -0
- package/dist/structural-rules/rules/SR007-cross-request-error.js +175 -0
- package/dist/structural-rules/rules/SR007-cross-request-error.js.map +1 -0
- package/dist/structural-rules/rules/SR008-background-task-orphan.d.ts +11 -0
- package/dist/structural-rules/rules/SR008-background-task-orphan.d.ts.map +1 -0
- package/dist/structural-rules/rules/SR008-background-task-orphan.js +176 -0
- package/dist/structural-rules/rules/SR008-background-task-orphan.js.map +1 -0
- package/dist/structural-rules/rules/SR009-missing-retry-backoff.d.ts +11 -0
- package/dist/structural-rules/rules/SR009-missing-retry-backoff.d.ts.map +1 -0
- package/dist/structural-rules/rules/SR009-missing-retry-backoff.js +168 -0
- package/dist/structural-rules/rules/SR009-missing-retry-backoff.js.map +1 -0
- package/dist/structural-rules/rules/SR010-retry-storm.d.ts +11 -0
- package/dist/structural-rules/rules/SR010-retry-storm.d.ts.map +1 -0
- package/dist/structural-rules/rules/SR010-retry-storm.js +181 -0
- package/dist/structural-rules/rules/SR010-retry-storm.js.map +1 -0
- package/dist/structural-rules/rules/SR011-event-listener-leak.d.ts +11 -0
- package/dist/structural-rules/rules/SR011-event-listener-leak.d.ts.map +1 -0
- package/dist/structural-rules/rules/SR011-event-listener-leak.js +208 -0
- package/dist/structural-rules/rules/SR011-event-listener-leak.js.map +1 -0
- package/dist/structural-rules/rules/SR012-promise-race-leak.d.ts +11 -0
- package/dist/structural-rules/rules/SR012-promise-race-leak.d.ts.map +1 -0
- package/dist/structural-rules/rules/SR012-promise-race-leak.js +191 -0
- package/dist/structural-rules/rules/SR012-promise-race-leak.js.map +1 -0
- package/dist/structural-rules/rules/SR013-missing-idempotency-key.d.ts +11 -0
- package/dist/structural-rules/rules/SR013-missing-idempotency-key.d.ts.map +1 -0
- package/dist/structural-rules/rules/SR013-missing-idempotency-key.js +219 -0
- package/dist/structural-rules/rules/SR013-missing-idempotency-key.js.map +1 -0
- package/dist/structural-rules/rules/SR014-mutable-closure-async.d.ts +11 -0
- package/dist/structural-rules/rules/SR014-mutable-closure-async.d.ts.map +1 -0
- package/dist/structural-rules/rules/SR014-mutable-closure-async.js +208 -0
- package/dist/structural-rules/rules/SR014-mutable-closure-async.js.map +1 -0
- package/dist/structural-rules/rules/SR015-dangling-abort-controller.d.ts +11 -0
- package/dist/structural-rules/rules/SR015-dangling-abort-controller.d.ts.map +1 -0
- package/dist/structural-rules/rules/SR015-dangling-abort-controller.js +190 -0
- package/dist/structural-rules/rules/SR015-dangling-abort-controller.js.map +1 -0
- package/dist/structural-rules/rules/SR016-unsafe-json-parse.d.ts +11 -0
- package/dist/structural-rules/rules/SR016-unsafe-json-parse.d.ts.map +1 -0
- package/dist/structural-rules/rules/SR016-unsafe-json-parse.js +187 -0
- package/dist/structural-rules/rules/SR016-unsafe-json-parse.js.map +1 -0
- package/dist/structural-rules/suppressions.d.ts +43 -0
- package/dist/structural-rules/suppressions.d.ts.map +1 -0
- package/dist/structural-rules/suppressions.js +115 -0
- package/dist/structural-rules/suppressions.js.map +1 -0
- package/dist/structural-rules/types.d.ts +55 -0
- package/dist/structural-rules/types.d.ts.map +1 -0
- package/dist/structural-rules/types.js +3 -0
- package/dist/structural-rules/types.js.map +1 -0
- package/dist/utils/brain-cache.d.ts +100 -0
- package/dist/utils/brain-cache.d.ts.map +1 -0
- package/dist/utils/brain-cache.js +346 -0
- package/dist/utils/brain-cache.js.map +1 -0
- package/dist/utils/governance-provenance.d.ts +95 -0
- package/dist/utils/governance-provenance.d.ts.map +1 -0
- package/dist/utils/governance-provenance.js +187 -0
- package/dist/utils/governance-provenance.js.map +1 -0
- package/dist/utils/pilot-metrics.d.ts +46 -0
- package/dist/utils/pilot-metrics.d.ts.map +1 -0
- package/dist/utils/pilot-metrics.js +240 -0
- package/dist/utils/pilot-metrics.js.map +1 -0
- package/dist/utils/replay-runtime.d.ts +34 -0
- package/dist/utils/replay-runtime.d.ts.map +1 -1
- package/dist/utils/replay-runtime.js +207 -0
- package/dist/utils/replay-runtime.js.map +1 -1
- package/dist/utils/verify-runtime-stability.d.ts +142 -0
- package/dist/utils/verify-runtime-stability.d.ts.map +1 -0
- package/dist/utils/verify-runtime-stability.js +230 -0
- package/dist/utils/verify-runtime-stability.js.map +1 -0
- package/dist/workspace/cross-repo-graph.d.ts +111 -0
- package/dist/workspace/cross-repo-graph.d.ts.map +1 -0
- package/dist/workspace/cross-repo-graph.js +450 -0
- package/dist/workspace/cross-repo-graph.js.map +1 -0
- package/dist/workspace/federated-context.d.ts +144 -0
- package/dist/workspace/federated-context.d.ts.map +1 -0
- package/dist/workspace/federated-context.js +347 -0
- package/dist/workspace/federated-context.js.map +1 -0
- package/dist/workspace/index.d.ts +38 -0
- package/dist/workspace/index.d.ts.map +1 -0
- package/dist/workspace/index.js +48 -0
- package/dist/workspace/index.js.map +1 -0
- package/package.json +9 -9
|
@@ -0,0 +1,175 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.SR007CrossRequestError = void 0;
|
|
37
|
+
const ts = __importStar(require("typescript"));
|
|
38
|
+
function getLineAndCol(sf, pos) {
|
|
39
|
+
const lc = sf.getLineAndCharacterOfPosition(pos);
|
|
40
|
+
return { line: lc.line + 1, column: lc.character + 1 };
|
|
41
|
+
}
|
|
42
|
+
function getEvidenceLines(sourceText, line) {
|
|
43
|
+
const lines = sourceText.split('\n');
|
|
44
|
+
return (lines[line - 1] || '').slice(0, 120);
|
|
45
|
+
}
|
|
46
|
+
/** Check if the source text of a function scope contains a map.set( call */
|
|
47
|
+
function containsMapSetInScope(text) {
|
|
48
|
+
return /\.\s*set\s*\(/.test(text);
|
|
49
|
+
}
|
|
50
|
+
/** Detect: throw err / throw error / reject(err) inside a .catch() handler */
|
|
51
|
+
function findRawRethrowInCatch(catchCall, sf) {
|
|
52
|
+
const results = [];
|
|
53
|
+
if (catchCall.arguments.length === 0)
|
|
54
|
+
return results;
|
|
55
|
+
const callback = catchCall.arguments[0];
|
|
56
|
+
if (!ts.isArrowFunction(callback) && !ts.isFunctionExpression(callback))
|
|
57
|
+
return results;
|
|
58
|
+
const params = callback.parameters;
|
|
59
|
+
const errParamNames = new Set(params
|
|
60
|
+
.map(p => (ts.isIdentifier(p.name) ? p.name.text : ''))
|
|
61
|
+
.filter(n => n.length > 0));
|
|
62
|
+
const body = callback.body;
|
|
63
|
+
const visit = (node) => {
|
|
64
|
+
// throw err / throw error (raw re-throw of the caught variable)
|
|
65
|
+
if (ts.isThrowStatement(node) && node.expression) {
|
|
66
|
+
const expr = node.expression;
|
|
67
|
+
if (ts.isIdentifier(expr) && errParamNames.has(expr.text)) {
|
|
68
|
+
results.push(node);
|
|
69
|
+
return;
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
// reject(err) where err is the caught param
|
|
73
|
+
if (ts.isCallExpression(node) &&
|
|
74
|
+
ts.isIdentifier(node.expression) &&
|
|
75
|
+
node.expression.text === 'reject' &&
|
|
76
|
+
node.arguments.length === 1 &&
|
|
77
|
+
ts.isIdentifier(node.arguments[0]) &&
|
|
78
|
+
errParamNames.has(node.arguments[0].text)) {
|
|
79
|
+
results.push(node);
|
|
80
|
+
return;
|
|
81
|
+
}
|
|
82
|
+
ts.forEachChild(node, visit);
|
|
83
|
+
};
|
|
84
|
+
ts.forEachChild(body, visit);
|
|
85
|
+
return results;
|
|
86
|
+
}
|
|
87
|
+
class SR007CrossRequestError {
|
|
88
|
+
id = 'SR007';
|
|
89
|
+
name = 'Cross-request raw error propagation';
|
|
90
|
+
policyRef = 'P011';
|
|
91
|
+
severity = 'ADVISORY';
|
|
92
|
+
languages = ['typescript', 'javascript'];
|
|
93
|
+
description = 'Raw error re-thrown from a .catch inside a Map-coalesced promise propagates request-scoped data to unrelated waiters.';
|
|
94
|
+
check(filePath, sourceText) {
|
|
95
|
+
try {
|
|
96
|
+
// Fast check: file must have both .set( and .catch(
|
|
97
|
+
if (!containsMapSetInScope(sourceText))
|
|
98
|
+
return [];
|
|
99
|
+
if (!/.catch\s*\(/.test(sourceText))
|
|
100
|
+
return [];
|
|
101
|
+
const violations = [];
|
|
102
|
+
const ext = filePath.endsWith('.tsx')
|
|
103
|
+
? ts.ScriptKind.TSX
|
|
104
|
+
: filePath.endsWith('.jsx')
|
|
105
|
+
? ts.ScriptKind.JSX
|
|
106
|
+
: filePath.endsWith('.js')
|
|
107
|
+
? ts.ScriptKind.JS
|
|
108
|
+
: ts.ScriptKind.TS;
|
|
109
|
+
const sf = ts.createSourceFile(filePath, sourceText, ts.ScriptTarget.Latest, true, ext);
|
|
110
|
+
// Find function bodies that contain map.set(
|
|
111
|
+
// then find .catch( inside those + raw rethrows
|
|
112
|
+
const checkFunction = (funcNode) => {
|
|
113
|
+
const body = funcNode.body;
|
|
114
|
+
if (!body)
|
|
115
|
+
return;
|
|
116
|
+
const funcText = body.getText(sf);
|
|
117
|
+
if (!containsMapSetInScope(funcText))
|
|
118
|
+
return;
|
|
119
|
+
// Find all .catch calls in this function body
|
|
120
|
+
const catchCalls = [];
|
|
121
|
+
const findCatches = (node) => {
|
|
122
|
+
if (ts.isCallExpression(node) &&
|
|
123
|
+
ts.isPropertyAccessExpression(node.expression) &&
|
|
124
|
+
node.expression.name.text === 'catch') {
|
|
125
|
+
catchCalls.push(node);
|
|
126
|
+
}
|
|
127
|
+
ts.forEachChild(node, findCatches);
|
|
128
|
+
};
|
|
129
|
+
ts.forEachChild(body, findCatches);
|
|
130
|
+
for (const catchCall of catchCalls) {
|
|
131
|
+
const rethrows = findRawRethrowInCatch(catchCall, sf);
|
|
132
|
+
for (const rethrow of rethrows) {
|
|
133
|
+
const { line, column } = getLineAndCol(sf, rethrow.getStart(sf));
|
|
134
|
+
const evidence = getEvidenceLines(sourceText, line);
|
|
135
|
+
violations.push({
|
|
136
|
+
ruleId: this.id,
|
|
137
|
+
ruleName: this.name,
|
|
138
|
+
policyRef: this.policyRef,
|
|
139
|
+
severity: this.severity,
|
|
140
|
+
filePath,
|
|
141
|
+
line,
|
|
142
|
+
column,
|
|
143
|
+
evidence,
|
|
144
|
+
operationalRisk: 'The raw error object (potentially containing request-scoped data: auth tokens, user IDs, ' +
|
|
145
|
+
'PII) is passed to all callers waiting on the same Map entry. One request\'s error ' +
|
|
146
|
+
'becomes another request\'s rejection reason, leaking data across request boundaries.',
|
|
147
|
+
remediation: 'Wrap the error before re-throwing: `throw new Error(err.message)` or ' +
|
|
148
|
+
'`throw new SanitizedError(err)`. Strip request-scoped properties before the throw ' +
|
|
149
|
+
'propagates to other waiters.',
|
|
150
|
+
determinism: 'heuristic-advisory',
|
|
151
|
+
confidence: 0.70,
|
|
152
|
+
language: filePath.match(/\.(js|jsx)$/) ? 'javascript' : 'typescript',
|
|
153
|
+
});
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
};
|
|
157
|
+
const visit = (node) => {
|
|
158
|
+
if (ts.isFunctionDeclaration(node) ||
|
|
159
|
+
ts.isFunctionExpression(node) ||
|
|
160
|
+
ts.isArrowFunction(node) ||
|
|
161
|
+
ts.isMethodDeclaration(node)) {
|
|
162
|
+
checkFunction(node);
|
|
163
|
+
}
|
|
164
|
+
ts.forEachChild(node, visit);
|
|
165
|
+
};
|
|
166
|
+
ts.forEachChild(sf, visit);
|
|
167
|
+
return violations;
|
|
168
|
+
}
|
|
169
|
+
catch {
|
|
170
|
+
return [];
|
|
171
|
+
}
|
|
172
|
+
}
|
|
173
|
+
}
|
|
174
|
+
exports.SR007CrossRequestError = SR007CrossRequestError;
|
|
175
|
+
//# sourceMappingURL=SR007-cross-request-error.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"SR007-cross-request-error.js","sourceRoot":"","sources":["../../../src/structural-rules/rules/SR007-cross-request-error.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,+CAAiC;AAGjC,SAAS,aAAa,CAAC,EAAiB,EAAE,GAAW;IACnD,MAAM,EAAE,GAAG,EAAE,CAAC,6BAA6B,CAAC,GAAG,CAAC,CAAC;IACjD,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;AACzD,CAAC;AAED,SAAS,gBAAgB,CAAC,UAAkB,EAAE,IAAY;IACxD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACrC,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AAC/C,CAAC;AAED,4EAA4E;AAC5E,SAAS,qBAAqB,CAAC,IAAY;IACzC,OAAO,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACpC,CAAC;AAED,8EAA8E;AAC9E,SAAS,qBAAqB,CAAC,SAA4B,EAAE,EAAiB;IAC5E,MAAM,OAAO,GAAc,EAAE,CAAC;IAC9B,IAAI,SAAS,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC;IAErD,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACxC,IAAI,CAAC,EAAE,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,oBAAoB,CAAC,QAAQ,CAAC;QAAE,OAAO,OAAO,CAAC;IAExF,MAAM,MAAM,GAAG,QAAQ,CAAC,UAAU,CAAC;IACnC,MAAM,aAAa,GAAG,IAAI,GAAG,CAC3B,MAAM;SACH,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;SACtD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAC7B,CAAC;IAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;IAE3B,MAAM,KAAK,GAAG,CAAC,IAAa,EAAQ,EAAE;QACpC,gEAAgE;QAChE,IAAI,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACjD,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC;YAC7B,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1D,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACnB,OAAO;YACT,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,IACE,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC;YACzB,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC;YAChC,IAAI,CAAC,UAAU,CAAC,IAAI,KAAK,QAAQ;YACjC,IAAI,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC;YAC3B,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;YAClC,aAAa,CAAC,GAAG,CAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAmB,CAAC,IAAI,CAAC,EAC5D,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,OAAO;QACT,CAAC;QAED,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC/B,CAAC,CAAC;IAEF,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC7B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAa,sBAAsB;IACjC,EAAE,GAAG,OAAO,CAAC;IACb,IAAI,GAAG,qCAAqC,CAAC;IAC7C,SAAS,GAAG,MAAM,CAAC;IACnB,QAAQ,GAAG,UAAmB,CAAC;IAC/B,SAAS,GAAmB,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IACzD,WAAW,GACT,uHAAuH,CAAC;IAE1H,KAAK,CAAC,QAAgB,EAAE,UAAkB;QACxC,IAAI,CAAC;YACH,oDAAoD;YACpD,IAAI,CAAC,qBAAqB,CAAC,UAAU,CAAC;gBAAE,OAAO,EAAE,CAAC;YAClD,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC;gBAAE,OAAO,EAAE,CAAC;YAE/C,MAAM,UAAU,GAA0B,EAAE,CAAC;YAC7C,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACnC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG;gBACnB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;oBAC3B,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG;oBACnB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;wBAC1B,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE;wBAClB,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;YAErB,MAAM,EAAE,GAAG,EAAE,CAAC,gBAAgB,CAAC,QAAQ,EAAE,UAAU,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAExF,6CAA6C;YAC7C,gDAAgD;YAChD,MAAM,aAAa,GAAG,CACpB,QAIwB,EAClB,EAAE;gBACR,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;gBAC3B,IAAI,CAAC,IAAI;oBAAE,OAAO;gBAElB,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;gBAClC,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC;oBAAE,OAAO;gBAE7C,8CAA8C;gBAC9C,MAAM,UAAU,GAAwB,EAAE,CAAC;gBAC3C,MAAM,WAAW,GAAG,CAAC,IAAa,EAAQ,EAAE;oBAC1C,IACE,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC;wBACzB,EAAE,CAAC,0BAA0B,CAAC,IAAI,CAAC,UAAU,CAAC;wBAC9C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,EACrC,CAAC;wBACD,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACxB,CAAC;oBACD,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;gBACrC,CAAC,CAAC;gBACF,EAAE,CAAC,YAAY,CAAC,IAAe,EAAE,WAAW,CAAC,CAAC;gBAE9C,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;oBACnC,MAAM,QAAQ,GAAG,qBAAqB,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;oBACtD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;wBAC/B,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,aAAa,CAAC,EAAE,EAAE,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;wBACjE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;wBACpD,UAAU,CAAC,IAAI,CAAC;4BACd,MAAM,EAAE,IAAI,CAAC,EAAE;4BACf,QAAQ,EAAE,IAAI,CAAC,IAAI;4BACnB,SAAS,EAAE,IAAI,CAAC,SAAS;4BACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;4BACvB,QAAQ;4BACR,IAAI;4BACJ,MAAM;4BACN,QAAQ;4BACR,eAAe,EACb,2FAA2F;gCAC3F,oFAAoF;gCACpF,sFAAsF;4BACxF,WAAW,EACT,uEAAuE;gCACvE,oFAAoF;gCACpF,8BAA8B;4BAChC,WAAW,EAAE,oBAAoB;4BACjC,UAAU,EAAE,IAAI;4BAChB,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY;yBACtE,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC,CAAC;YAEF,MAAM,KAAK,GAAG,CAAC,IAAa,EAAQ,EAAE;gBACpC,IACE,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC;oBAC9B,EAAE,CAAC,oBAAoB,CAAC,IAAI,CAAC;oBAC7B,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC;oBACxB,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAC5B,CAAC;oBACD,aAAa,CAAC,IAAI,CAAC,CAAC;gBACtB,CAAC;gBACD,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAC/B,CAAC,CAAC;YAEF,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;YAC3B,OAAO,UAAU,CAAC;QACpB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AAvGD,wDAuGC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { StructuralRule, StructuralViolation, RuleLanguage } from '../types';
|
|
2
|
+
export declare class SR008BackgroundTaskOrphan implements StructuralRule {
|
|
3
|
+
id: string;
|
|
4
|
+
name: string;
|
|
5
|
+
policyRef: string;
|
|
6
|
+
severity: "ADVISORY";
|
|
7
|
+
languages: RuleLanguage[];
|
|
8
|
+
description: string;
|
|
9
|
+
check(filePath: string, sourceText: string): StructuralViolation[];
|
|
10
|
+
}
|
|
11
|
+
//# sourceMappingURL=SR008-background-task-orphan.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"SR008-background-task-orphan.d.ts","sourceRoot":"","sources":["../../../src/structural-rules/rules/SR008-background-task-orphan.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAsF7E,qBAAa,yBAA0B,YAAW,cAAc;IAC9D,EAAE,SAAW;IACb,IAAI,SAAyD;IAC7D,SAAS,SAAU;IACnB,QAAQ,EAAG,UAAU,CAAU;IAC/B,SAAS,EAAE,YAAY,EAAE,CAAgC;IACzD,WAAW,SACyG;IAEpH,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,mBAAmB,EAAE;CAgEnE"}
|
|
@@ -0,0 +1,176 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.SR008BackgroundTaskOrphan = void 0;
|
|
37
|
+
const ts = __importStar(require("typescript"));
|
|
38
|
+
function getLineAndCol(sf, pos) {
|
|
39
|
+
const lc = sf.getLineAndCharacterOfPosition(pos);
|
|
40
|
+
return { line: lc.line + 1, column: lc.character + 1 };
|
|
41
|
+
}
|
|
42
|
+
function getEvidenceLines(sourceText, line) {
|
|
43
|
+
const lines = sourceText.split('\n');
|
|
44
|
+
return (lines[line - 1] || '').slice(0, 120);
|
|
45
|
+
}
|
|
46
|
+
const ASYNC_PREFIXES = [
|
|
47
|
+
'fetch',
|
|
48
|
+
'send',
|
|
49
|
+
'process',
|
|
50
|
+
'handle',
|
|
51
|
+
'dispatch',
|
|
52
|
+
'emit',
|
|
53
|
+
'publish',
|
|
54
|
+
'save',
|
|
55
|
+
'write',
|
|
56
|
+
'update',
|
|
57
|
+
'delete',
|
|
58
|
+
'remove',
|
|
59
|
+
'create',
|
|
60
|
+
'insert',
|
|
61
|
+
'upload',
|
|
62
|
+
'download',
|
|
63
|
+
'notify',
|
|
64
|
+
'broadcast',
|
|
65
|
+
'flush',
|
|
66
|
+
'sync',
|
|
67
|
+
];
|
|
68
|
+
function looksAsync(callExpr) {
|
|
69
|
+
const expr = callExpr.expression;
|
|
70
|
+
let calleeName = '';
|
|
71
|
+
if (ts.isIdentifier(expr)) {
|
|
72
|
+
calleeName = expr.text;
|
|
73
|
+
}
|
|
74
|
+
else if (ts.isPropertyAccessExpression(expr)) {
|
|
75
|
+
calleeName = expr.name.text;
|
|
76
|
+
}
|
|
77
|
+
if (!calleeName)
|
|
78
|
+
return false;
|
|
79
|
+
const lower = calleeName.toLowerCase();
|
|
80
|
+
return ASYNC_PREFIXES.some(prefix => lower.startsWith(prefix));
|
|
81
|
+
}
|
|
82
|
+
/** Check if a call expression has a .catch() chained on it (as parent call chain) */
|
|
83
|
+
function hasCatchChained(node) {
|
|
84
|
+
let current = node;
|
|
85
|
+
// Walk up the parent chain to see if this call is followed by .catch(
|
|
86
|
+
while (current.parent) {
|
|
87
|
+
const p = current.parent;
|
|
88
|
+
// If parent is a property access for .catch
|
|
89
|
+
if (ts.isPropertyAccessExpression(p) &&
|
|
90
|
+
p.name.text === 'catch' &&
|
|
91
|
+
p.expression === current) {
|
|
92
|
+
return true;
|
|
93
|
+
}
|
|
94
|
+
// If parent is a property access for something else, keep walking
|
|
95
|
+
if (ts.isPropertyAccessExpression(p) && p.expression === current) {
|
|
96
|
+
current = p;
|
|
97
|
+
continue;
|
|
98
|
+
}
|
|
99
|
+
break;
|
|
100
|
+
}
|
|
101
|
+
return false;
|
|
102
|
+
}
|
|
103
|
+
/** Check if the call is wrapped in `void ` */
|
|
104
|
+
function isVoidWrapped(node) {
|
|
105
|
+
const parent = node.parent;
|
|
106
|
+
return (ts.isVoidExpression(parent) ||
|
|
107
|
+
// Also check: void somePromise
|
|
108
|
+
(ts.isExpressionStatement(parent) &&
|
|
109
|
+
ts.isVoidExpression(parent.expression)));
|
|
110
|
+
}
|
|
111
|
+
class SR008BackgroundTaskOrphan {
|
|
112
|
+
id = 'SR008';
|
|
113
|
+
name = 'Background task orphan (unhandled floating promise)';
|
|
114
|
+
policyRef = 'P012';
|
|
115
|
+
severity = 'ADVISORY';
|
|
116
|
+
languages = ['typescript', 'javascript'];
|
|
117
|
+
description = 'Async function calls whose result is not awaited, stored, or catch-handled create unhandled promise rejections.';
|
|
118
|
+
check(filePath, sourceText) {
|
|
119
|
+
try {
|
|
120
|
+
const violations = [];
|
|
121
|
+
const ext = filePath.endsWith('.tsx')
|
|
122
|
+
? ts.ScriptKind.TSX
|
|
123
|
+
: filePath.endsWith('.jsx')
|
|
124
|
+
? ts.ScriptKind.JSX
|
|
125
|
+
: filePath.endsWith('.js')
|
|
126
|
+
? ts.ScriptKind.JS
|
|
127
|
+
: ts.ScriptKind.TS;
|
|
128
|
+
const sf = ts.createSourceFile(filePath, sourceText, ts.ScriptTarget.Latest, true, ext);
|
|
129
|
+
const visit = (node) => {
|
|
130
|
+
// Must be an ExpressionStatement (bare call, result unused)
|
|
131
|
+
if (ts.isExpressionStatement(node)) {
|
|
132
|
+
const expr = node.expression;
|
|
133
|
+
// Skip: void someCall()
|
|
134
|
+
if (ts.isVoidExpression(expr)) {
|
|
135
|
+
ts.forEachChild(node, visit);
|
|
136
|
+
return;
|
|
137
|
+
}
|
|
138
|
+
// Direct call: someAsync()
|
|
139
|
+
if (ts.isCallExpression(expr)) {
|
|
140
|
+
if (looksAsync(expr) && !hasCatchChained(expr)) {
|
|
141
|
+
const { line, column } = getLineAndCol(sf, expr.getStart(sf));
|
|
142
|
+
const evidence = getEvidenceLines(sourceText, line);
|
|
143
|
+
violations.push({
|
|
144
|
+
ruleId: this.id,
|
|
145
|
+
ruleName: this.name,
|
|
146
|
+
policyRef: this.policyRef,
|
|
147
|
+
severity: this.severity,
|
|
148
|
+
filePath,
|
|
149
|
+
line,
|
|
150
|
+
column,
|
|
151
|
+
evidence,
|
|
152
|
+
operationalRisk: 'Unhandled promise rejection crashes the Node.js process in Node 15+ ' +
|
|
153
|
+
'or causes silent failure in older versions. Background task errors go unmonitored.',
|
|
154
|
+
remediation: 'Either await the call (inside an async function), attach `.catch(err => logger.error(err))`, ' +
|
|
155
|
+
'or use `void someAsync()` if the orphan is intentional and errors are handled inside the function.',
|
|
156
|
+
determinism: 'heuristic-advisory',
|
|
157
|
+
confidence: 0.65,
|
|
158
|
+
language: filePath.match(/\.(js|jsx)$/) ? 'javascript' : 'typescript',
|
|
159
|
+
});
|
|
160
|
+
}
|
|
161
|
+
}
|
|
162
|
+
// Method call chain ending in no .catch: obj.someAsync()
|
|
163
|
+
// (already handled by looksAsync checking the method name)
|
|
164
|
+
}
|
|
165
|
+
ts.forEachChild(node, visit);
|
|
166
|
+
};
|
|
167
|
+
ts.forEachChild(sf, visit);
|
|
168
|
+
return violations;
|
|
169
|
+
}
|
|
170
|
+
catch {
|
|
171
|
+
return [];
|
|
172
|
+
}
|
|
173
|
+
}
|
|
174
|
+
}
|
|
175
|
+
exports.SR008BackgroundTaskOrphan = SR008BackgroundTaskOrphan;
|
|
176
|
+
//# sourceMappingURL=SR008-background-task-orphan.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"SR008-background-task-orphan.js","sourceRoot":"","sources":["../../../src/structural-rules/rules/SR008-background-task-orphan.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,+CAAiC;AAGjC,SAAS,aAAa,CAAC,EAAiB,EAAE,GAAW;IACnD,MAAM,EAAE,GAAG,EAAE,CAAC,6BAA6B,CAAC,GAAG,CAAC,CAAC;IACjD,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;AACzD,CAAC;AAED,SAAS,gBAAgB,CAAC,UAAkB,EAAE,IAAY;IACxD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACrC,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,cAAc,GAAG;IACrB,OAAO;IACP,MAAM;IACN,SAAS;IACT,QAAQ;IACR,UAAU;IACV,MAAM;IACN,SAAS;IACT,MAAM;IACN,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,UAAU;IACV,QAAQ;IACR,WAAW;IACX,OAAO;IACP,MAAM;CACP,CAAC;AAEF,SAAS,UAAU,CAAC,QAA2B;IAC7C,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAU,CAAC;IACjC,IAAI,UAAU,GAAG,EAAE,CAAC;IAEpB,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1B,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC;IACzB,CAAC;SAAM,IAAI,EAAE,CAAC,0BAA0B,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/C,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;IAC9B,CAAC;IAED,IAAI,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAE9B,MAAM,KAAK,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;IACvC,OAAO,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AACjE,CAAC;AAED,qFAAqF;AACrF,SAAS,eAAe,CAAC,IAAuB;IAC9C,IAAI,OAAO,GAAY,IAAI,CAAC;IAC5B,sEAAsE;IACtE,OAAO,OAAO,CAAC,MAAM,EAAE,CAAC;QACtB,MAAM,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;QACzB,4CAA4C;QAC5C,IACE,EAAE,CAAC,0BAA0B,CAAC,CAAC,CAAC;YAChC,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO;YACvB,CAAC,CAAC,UAAU,KAAK,OAAO,EACxB,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,kEAAkE;QAClE,IAAI,EAAE,CAAC,0BAA0B,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,KAAK,OAAO,EAAE,CAAC;YACjE,OAAO,GAAG,CAAC,CAAC;YACZ,SAAS;QACX,CAAC;QACD,MAAM;IACR,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8CAA8C;AAC9C,SAAS,aAAa,CAAC,IAAuB;IAC5C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IAC3B,OAAO,CACL,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC;QAC3B,+BAA+B;QAC/B,CAAC,EAAE,CAAC,qBAAqB,CAAC,MAAM,CAAC;YAC/B,EAAE,CAAC,gBAAgB,CAAE,MAAiC,CAAC,UAAU,CAAC,CAAC,CACtE,CAAC;AACJ,CAAC;AAED,MAAa,yBAAyB;IACpC,EAAE,GAAG,OAAO,CAAC;IACb,IAAI,GAAG,qDAAqD,CAAC;IAC7D,SAAS,GAAG,MAAM,CAAC;IACnB,QAAQ,GAAG,UAAmB,CAAC;IAC/B,SAAS,GAAmB,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IACzD,WAAW,GACT,iHAAiH,CAAC;IAEpH,KAAK,CAAC,QAAgB,EAAE,UAAkB;QACxC,IAAI,CAAC;YACH,MAAM,UAAU,GAA0B,EAAE,CAAC;YAC7C,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACnC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG;gBACnB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;oBAC3B,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG;oBACnB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;wBAC1B,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE;wBAClB,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;YAErB,MAAM,EAAE,GAAG,EAAE,CAAC,gBAAgB,CAAC,QAAQ,EAAE,UAAU,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAExF,MAAM,KAAK,GAAG,CAAC,IAAa,EAAQ,EAAE;gBACpC,4DAA4D;gBAC5D,IAAI,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;oBACnC,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC;oBAE7B,wBAAwB;oBACxB,IAAI,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC9B,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;wBAC7B,OAAO;oBACT,CAAC;oBAED,2BAA2B;oBAC3B,IAAI,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC9B,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;4BAC/C,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,aAAa,CAAC,EAAE,EAAE,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;4BAC9D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;4BACpD,UAAU,CAAC,IAAI,CAAC;gCACd,MAAM,EAAE,IAAI,CAAC,EAAE;gCACf,QAAQ,EAAE,IAAI,CAAC,IAAI;gCACnB,SAAS,EAAE,IAAI,CAAC,SAAS;gCACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gCACvB,QAAQ;gCACR,IAAI;gCACJ,MAAM;gCACN,QAAQ;gCACR,eAAe,EACb,sEAAsE;oCACtE,oFAAoF;gCACtF,WAAW,EACT,+FAA+F;oCAC/F,oGAAoG;gCACtG,WAAW,EAAE,oBAAoB;gCACjC,UAAU,EAAE,IAAI;gCAChB,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY;6BACtE,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;oBAED,yDAAyD;oBACzD,2DAA2D;gBAC7D,CAAC;gBAED,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAC/B,CAAC,CAAC;YAEF,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;YAC3B,OAAO,UAAU,CAAC;QACpB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AAzED,8DAyEC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { StructuralRule, StructuralViolation, RuleLanguage } from '../types';
|
|
2
|
+
export declare class SR009MissingRetryBackoff implements StructuralRule {
|
|
3
|
+
id: string;
|
|
4
|
+
name: string;
|
|
5
|
+
policyRef: string;
|
|
6
|
+
severity: "ADVISORY";
|
|
7
|
+
languages: RuleLanguage[];
|
|
8
|
+
description: string;
|
|
9
|
+
check(filePath: string, sourceText: string): StructuralViolation[];
|
|
10
|
+
}
|
|
11
|
+
//# sourceMappingURL=SR009-missing-retry-backoff.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"SR009-missing-retry-backoff.d.ts","sourceRoot":"","sources":["../../../src/structural-rules/rules/SR009-missing-retry-backoff.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAyD7E,qBAAa,wBAAyB,YAAW,cAAc;IAC7D,EAAE,SAAW;IACb,IAAI,SAA4C;IAChD,SAAS,SAAU;IACnB,QAAQ,EAAG,UAAU,CAAU;IAC/B,SAAS,EAAE,YAAY,EAAE,CAAgC;IACzD,WAAW,SACiG;IAE5G,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,mBAAmB,EAAE;CAsFnE"}
|
|
@@ -0,0 +1,168 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.SR009MissingRetryBackoff = void 0;
|
|
37
|
+
const ts = __importStar(require("typescript"));
|
|
38
|
+
function getLineAndCol(sf, pos) {
|
|
39
|
+
const lc = sf.getLineAndCharacterOfPosition(pos);
|
|
40
|
+
return { line: lc.line + 1, column: lc.character + 1 };
|
|
41
|
+
}
|
|
42
|
+
function getEvidenceLines(sourceText, line) {
|
|
43
|
+
const lines = sourceText.split('\n');
|
|
44
|
+
return (lines[line - 1] || '').slice(0, 120);
|
|
45
|
+
}
|
|
46
|
+
function bodyTextOf(node, sf) {
|
|
47
|
+
return node.getText(sf);
|
|
48
|
+
}
|
|
49
|
+
function hasBackoffIndicator(text) {
|
|
50
|
+
return (/Math\s*\.\s*pow\s*\(/.test(text) ||
|
|
51
|
+
/Math\s*\.\s*min\s*\(/.test(text) ||
|
|
52
|
+
/\bbackoff\b/i.test(text) ||
|
|
53
|
+
/\bdelay\b/i.test(text) ||
|
|
54
|
+
/\bsleep\b/i.test(text) ||
|
|
55
|
+
/\bjitter\b/i.test(text) ||
|
|
56
|
+
/exponential/i.test(text) ||
|
|
57
|
+
/2\s*\*\*\s*\w+/.test(text) // 2 ** retries pattern
|
|
58
|
+
);
|
|
59
|
+
}
|
|
60
|
+
function hasAwaitInBody(node) {
|
|
61
|
+
let found = false;
|
|
62
|
+
const visit = (n) => {
|
|
63
|
+
if (found)
|
|
64
|
+
return;
|
|
65
|
+
if (ts.isAwaitExpression(n)) {
|
|
66
|
+
found = true;
|
|
67
|
+
return;
|
|
68
|
+
}
|
|
69
|
+
ts.forEachChild(n, visit);
|
|
70
|
+
};
|
|
71
|
+
ts.forEachChild(node, visit);
|
|
72
|
+
return found;
|
|
73
|
+
}
|
|
74
|
+
function hasRetryIndicator(text) {
|
|
75
|
+
return (/\bretry\b/i.test(text) ||
|
|
76
|
+
/\battempt\b/i.test(text) ||
|
|
77
|
+
/\bretries\b/i.test(text) ||
|
|
78
|
+
/\bmaxRetry/i.test(text) ||
|
|
79
|
+
/\bMAX_RETRY/i.test(text) ||
|
|
80
|
+
/i\s*<\s*\w*[Rr]etry/.test(text) ||
|
|
81
|
+
/i\s*<\s*\w*[Aa]ttempt/.test(text));
|
|
82
|
+
}
|
|
83
|
+
function hasRethrowOrContinue(node, sf) {
|
|
84
|
+
const text = bodyTextOf(node, sf);
|
|
85
|
+
return /\bthrow\b/.test(text) || /\bcontinue\b/.test(text) || /i\+\+/.test(text) || /i\s*-=\s*1/.test(text);
|
|
86
|
+
}
|
|
87
|
+
class SR009MissingRetryBackoff {
|
|
88
|
+
id = 'SR009';
|
|
89
|
+
name = 'Retry loop without exponential backoff';
|
|
90
|
+
policyRef = 'P013';
|
|
91
|
+
severity = 'ADVISORY';
|
|
92
|
+
languages = ['typescript', 'javascript'];
|
|
93
|
+
description = 'Retry loops with await but no backoff calculation hammer downstream services with linear or zero delay.';
|
|
94
|
+
check(filePath, sourceText) {
|
|
95
|
+
try {
|
|
96
|
+
const violations = [];
|
|
97
|
+
const ext = filePath.endsWith('.tsx')
|
|
98
|
+
? ts.ScriptKind.TSX
|
|
99
|
+
: filePath.endsWith('.jsx')
|
|
100
|
+
? ts.ScriptKind.JSX
|
|
101
|
+
: filePath.endsWith('.js')
|
|
102
|
+
? ts.ScriptKind.JS
|
|
103
|
+
: ts.ScriptKind.TS;
|
|
104
|
+
const sf = ts.createSourceFile(filePath, sourceText, ts.ScriptTarget.Latest, true, ext);
|
|
105
|
+
const visit = (node) => {
|
|
106
|
+
const isWhileOrFor = ts.isWhileStatement(node) ||
|
|
107
|
+
ts.isForStatement(node) ||
|
|
108
|
+
ts.isDoStatement(node);
|
|
109
|
+
if (isWhileOrFor) {
|
|
110
|
+
const body = ts.isWhileStatement(node)
|
|
111
|
+
? node.statement
|
|
112
|
+
: ts.isDoStatement(node)
|
|
113
|
+
? node.statement
|
|
114
|
+
: node.statement;
|
|
115
|
+
const bodyText = bodyTextOf(body, sf);
|
|
116
|
+
// Must have an await in the loop body
|
|
117
|
+
if (!hasAwaitInBody(body)) {
|
|
118
|
+
ts.forEachChild(node, visit);
|
|
119
|
+
return;
|
|
120
|
+
}
|
|
121
|
+
// Must look like a retry loop
|
|
122
|
+
if (!hasRetryIndicator(bodyText) && !hasRetryIndicator(node.getText(sf))) {
|
|
123
|
+
ts.forEachChild(node, visit);
|
|
124
|
+
return;
|
|
125
|
+
}
|
|
126
|
+
// If there's backoff, no violation
|
|
127
|
+
if (hasBackoffIndicator(bodyText)) {
|
|
128
|
+
ts.forEachChild(node, visit);
|
|
129
|
+
return;
|
|
130
|
+
}
|
|
131
|
+
// Must have a re-throw or loop continuation to confirm it's truly a retry
|
|
132
|
+
if (!hasRethrowOrContinue(body, sf)) {
|
|
133
|
+
ts.forEachChild(node, visit);
|
|
134
|
+
return;
|
|
135
|
+
}
|
|
136
|
+
const { line, column } = getLineAndCol(sf, node.getStart(sf));
|
|
137
|
+
const evidence = getEvidenceLines(sourceText, line);
|
|
138
|
+
violations.push({
|
|
139
|
+
ruleId: this.id,
|
|
140
|
+
ruleName: this.name,
|
|
141
|
+
policyRef: this.policyRef,
|
|
142
|
+
severity: this.severity,
|
|
143
|
+
filePath,
|
|
144
|
+
line,
|
|
145
|
+
column,
|
|
146
|
+
evidence,
|
|
147
|
+
operationalRisk: 'Linear retry without backoff causes a thundering herd: all retry loops fire simultaneously ' +
|
|
148
|
+
'after a failure, amplifying load on an already-struggling downstream service ' +
|
|
149
|
+
'and preventing recovery.',
|
|
150
|
+
remediation: 'Add exponential backoff: `await sleep(Math.min(baseDelay * 2 ** attempt, maxDelay))` ' +
|
|
151
|
+
'with optional jitter: `+ Math.random() * jitter`. Consider using a library like `p-retry`.',
|
|
152
|
+
determinism: 'heuristic-advisory',
|
|
153
|
+
confidence: 0.70,
|
|
154
|
+
language: filePath.match(/\.(js|jsx)$/) ? 'javascript' : 'typescript',
|
|
155
|
+
});
|
|
156
|
+
}
|
|
157
|
+
ts.forEachChild(node, visit);
|
|
158
|
+
};
|
|
159
|
+
ts.forEachChild(sf, visit);
|
|
160
|
+
return violations;
|
|
161
|
+
}
|
|
162
|
+
catch {
|
|
163
|
+
return [];
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
}
|
|
167
|
+
exports.SR009MissingRetryBackoff = SR009MissingRetryBackoff;
|
|
168
|
+
//# sourceMappingURL=SR009-missing-retry-backoff.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"SR009-missing-retry-backoff.js","sourceRoot":"","sources":["../../../src/structural-rules/rules/SR009-missing-retry-backoff.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,+CAAiC;AAGjC,SAAS,aAAa,CAAC,EAAiB,EAAE,GAAW;IACnD,MAAM,EAAE,GAAG,EAAE,CAAC,6BAA6B,CAAC,GAAG,CAAC,CAAC;IACjD,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;AACzD,CAAC;AAED,SAAS,gBAAgB,CAAC,UAAkB,EAAE,IAAY;IACxD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACrC,OAAO,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,UAAU,CAAC,IAAa,EAAE,EAAiB;IAClD,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAY;IACvC,OAAO,CACL,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC;QACjC,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC;QACjC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;QACzB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;QACvB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;QACvB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;QACxB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;QACzB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAE,uBAAuB;KACrD,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,IAAa;IACnC,IAAI,KAAK,GAAG,KAAK,CAAC;IAClB,MAAM,KAAK,GAAG,CAAC,CAAU,EAAQ,EAAE;QACjC,IAAI,KAAK;YAAE,OAAO;QAClB,IAAI,EAAE,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,CAAC;YAAC,KAAK,GAAG,IAAI,CAAC;YAAC,OAAO;QAAC,CAAC;QACtD,EAAE,CAAC,YAAY,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAC5B,CAAC,CAAC;IACF,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC7B,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAY;IACrC,OAAO,CACL,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;QACvB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;QACzB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;QACzB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;QACxB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;QACzB,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC;QAChC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,CACnC,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAa,EAAE,EAAiB;IAC5D,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAClC,OAAO,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC9G,CAAC;AAED,MAAa,wBAAwB;IACnC,EAAE,GAAG,OAAO,CAAC;IACb,IAAI,GAAG,wCAAwC,CAAC;IAChD,SAAS,GAAG,MAAM,CAAC;IACnB,QAAQ,GAAG,UAAmB,CAAC;IAC/B,SAAS,GAAmB,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IACzD,WAAW,GACT,yGAAyG,CAAC;IAE5G,KAAK,CAAC,QAAgB,EAAE,UAAkB;QACxC,IAAI,CAAC;YACH,MAAM,UAAU,GAA0B,EAAE,CAAC;YAC7C,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACnC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG;gBACnB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;oBAC3B,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG;oBACnB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;wBAC1B,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE;wBAClB,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;YAErB,MAAM,EAAE,GAAG,EAAE,CAAC,gBAAgB,CAAC,QAAQ,EAAE,UAAU,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAExF,MAAM,KAAK,GAAG,CAAC,IAAa,EAAQ,EAAE;gBACpC,MAAM,YAAY,GAChB,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC;oBACzB,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC;oBACvB,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;gBAEzB,IAAI,YAAY,EAAE,CAAC;oBACjB,MAAM,IAAI,GAAG,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC;wBACpC,CAAC,CAAC,IAAI,CAAC,SAAS;wBAChB,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC;4BACxB,CAAC,CAAC,IAAI,CAAC,SAAS;4BAChB,CAAC,CAAE,IAAwB,CAAC,SAAS,CAAC;oBAExC,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;oBAEtC,sCAAsC;oBACtC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC1B,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;wBAC7B,OAAO;oBACT,CAAC;oBAED,8BAA8B;oBAC9B,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;wBACzE,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;wBAC7B,OAAO;oBACT,CAAC;oBAED,mCAAmC;oBACnC,IAAI,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAClC,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;wBAC7B,OAAO;oBACT,CAAC;oBAED,0EAA0E;oBAC1E,IAAI,CAAC,oBAAoB,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,CAAC;wBACpC,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;wBAC7B,OAAO;oBACT,CAAC;oBAED,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,aAAa,CAAC,EAAE,EAAE,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;oBAC9D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;oBAEpD,UAAU,CAAC,IAAI,CAAC;wBACd,MAAM,EAAE,IAAI,CAAC,EAAE;wBACf,QAAQ,EAAE,IAAI,CAAC,IAAI;wBACnB,SAAS,EAAE,IAAI,CAAC,SAAS;wBACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,QAAQ;wBACR,IAAI;wBACJ,MAAM;wBACN,QAAQ;wBACR,eAAe,EACb,6FAA6F;4BAC7F,+EAA+E;4BAC/E,0BAA0B;wBAC5B,WAAW,EACT,uFAAuF;4BACvF,4FAA4F;wBAC9F,WAAW,EAAE,oBAAoB;wBACjC,UAAU,EAAE,IAAI;wBAChB,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY;qBACtE,CAAC,CAAC;gBACL,CAAC;gBAED,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAC/B,CAAC,CAAC;YAEF,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;YAC3B,OAAO,UAAU,CAAC;QACpB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AA/FD,4DA+FC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { StructuralRule, StructuralViolation, RuleLanguage } from '../types';
|
|
2
|
+
export declare class SR010RetryStorm implements StructuralRule {
|
|
3
|
+
id: string;
|
|
4
|
+
name: string;
|
|
5
|
+
policyRef: string;
|
|
6
|
+
severity: "ADVISORY";
|
|
7
|
+
languages: RuleLanguage[];
|
|
8
|
+
description: string;
|
|
9
|
+
check(filePath: string, sourceText: string): StructuralViolation[];
|
|
10
|
+
}
|
|
11
|
+
//# sourceMappingURL=SR010-retry-storm.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"SR010-retry-storm.d.ts","sourceRoot":"","sources":["../../../src/structural-rules/rules/SR010-retry-storm.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAiC7E,qBAAa,eAAgB,YAAW,cAAc;IACpD,EAAE,SAAW;IACb,IAAI,SAAyD;IAC7D,SAAS,SAAU;IACnB,QAAQ,EAAG,UAAU,CAAU;IAC/B,SAAS,EAAE,YAAY,EAAE,CAAgC;IACzD,WAAW,SAC+G;IAE1H,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,mBAAmB,EAAE;CAyInE"}
|