@oculum/scanner 1.0.14 → 1.0.15

package/src/__tests__/context-engine/function-classifier.test.ts

@@ -1,146 +0,0 @@
-/**
- * Tests for Function Classifier — classifyExportedFunctions, buildFunctionProfiles
- */
-
-import { classifyExportedFunctions, buildFunctionProfiles } from '../../model/function-classifier'
-import { buildModuleGraph } from '../../model/module-graph'
-import { extractExports } from '../../model/import-resolver'
-import type { ScanFile } from '../../shared/types'
-
-function makeFile(path: string, content: string): ScanFile {
-  return { path, content, language: 'typescript' }
-}
-
-describe('classifyExportedFunctions', () => {
-  it('detects SQL query sinks in exported function', () => {
-    const content = `export function getUser(id: string) {
-  return db.query('SELECT * FROM users WHERE id = ' + id)
-}`
-    const exports = extractExports(content, 'src/db.ts')
-    const profiles = classifyExportedFunctions(content, 'src/db.ts', exports)
-
-    expect(profiles).toHaveLength(1)
-    expect(profiles[0].name).toBe('getUser')
-    expect(profiles[0].reachesSinks).toContain('sql_query')
-    expect(profiles[0].paramNames).toContain('id')
-    expect(profiles[0].dangerousParams).toContain('id')
-  })
-
-  it('detects eval sinks', () => {
-    const content = `export function runCode(code: string) {
-  return eval(code)
-}`
-    const exports = extractExports(content, 'src/runner.ts')
-    const profiles = classifyExportedFunctions(content, 'src/runner.ts', exports)
-
-    expect(profiles).toHaveLength(1)
-    expect(profiles[0].reachesSinks).toContain('eval')
-    expect(profiles[0].dangerousParams).toContain('code')
-  })
-
-  it('detects exec/command sinks', () => {
-    const content = `export function runCommand(cmd: string) {
-  exec(cmd)
-}`
-    const exports = extractExports(content, 'src/exec.ts')
-    const profiles = classifyExportedFunctions(content, 'src/exec.ts', exports)
-
-    expect(profiles).toHaveLength(1)
-    expect(profiles[0].reachesSinks).toContain('exec')
-  })
-
-  it('detects functions that return user data', () => {
-    const content = `export function getUserInput(req) {
-  return req.body
-}`
-    const exports = extractExports(content, 'src/input.ts')
-    const profiles = classifyExportedFunctions(content, 'src/input.ts', exports)
-
-    expect(profiles).toHaveLength(1)
-    expect(profiles[0].returnsUserData).toBe(true)
-  })
-
-  it('detects sanitisation in function body', () => {
-    const content = `export function getUser(id: string) {
-  const safeId = parseInt(id)
-  return db.query('SELECT * FROM users WHERE id = ' + safeId)
-}`
-    const exports = extractExports(content, 'src/db.ts')
-    const profiles = classifyExportedFunctions(content, 'src/db.ts', exports)
-
-    expect(profiles).toHaveLength(1)
-    expect(profiles[0].hasSanitisation).toBe(true)
-  })
-
-  it('skips functions without sinks or user data returns', () => {
-    const content = `export function add(a: number, b: number) {
-  return a + b
-}`
-    const exports = extractExports(content, 'src/math.ts')
-    const profiles = classifyExportedFunctions(content, 'src/math.ts', exports)
-
-    expect(profiles).toHaveLength(0)
-  })
-
-  it('skips re-exports', () => {
-    const content = `export { getUser } from './db'`
-    const exports = extractExports(content, 'src/index.ts')
-    const profiles = classifyExportedFunctions(content, 'src/index.ts', exports)
-
-    expect(profiles).toHaveLength(0)
-  })
-
-  it('handles multiple dangerous params', () => {
-    const content = `export function search(table: string, query: string) {
-  return db.query('SELECT * FROM ' + table + ' WHERE name = ' + query)
-}`
-    const exports = extractExports(content, 'src/db.ts')
-    const profiles = classifyExportedFunctions(content, 'src/db.ts', exports)
-
-    expect(profiles).toHaveLength(1)
-    expect(profiles[0].dangerousParams).toContain('table')
-    expect(profiles[0].dangerousParams).toContain('query')
-  })
-
-  it('detects multiple sink types in one function', () => {
-    const content = `export function dangerous(input: string) {
-  db.query(input)
-  exec(input)
-}`
-    const exports = extractExports(content, 'src/danger.ts')
-    const profiles = classifyExportedFunctions(content, 'src/danger.ts', exports)
-
-    expect(profiles).toHaveLength(1)
-    expect(profiles[0].reachesSinks).toContain('sql_query')
-    expect(profiles[0].reachesSinks).toContain('exec')
-  })
-})
-
-describe('buildFunctionProfiles', () => {
-  it('only profiles files that are imported by others', () => {
-    const files = [
-      makeFile('src/routes.ts', `import { getUser } from './db'\nexport async function GET() { getUser('1') }`),
-      makeFile('src/db.ts', `export function getUser(id) { return db.query('SELECT * FROM users WHERE id = ' + id) }`),
-      makeFile('src/standalone.ts', `export function helper() { return db.query('SELECT 1') }`),
-    ]
-
-    const graph = buildModuleGraph(files)
-    const profiles = buildFunctionProfiles(files, graph)
-
-    // db.ts is imported by routes.ts, so it should be profiled
-    expect(profiles.has('src/db.ts')).toBe(true)
-    // standalone.ts is not imported by anyone, so it should NOT be profiled
-    expect(profiles.has('src/standalone.ts')).toBe(false)
-  })
-
-  it('returns empty map when no files are imported', () => {
-    const files = [
-      makeFile('src/a.ts', `export const a = 1`),
-      makeFile('src/b.ts', `export const b = 2`),
-    ]
-
-    const graph = buildModuleGraph(files)
-    const profiles = buildFunctionProfiles(files, graph)
-    expect(profiles.size).toBe(0)
-  })
-})

package/src/__tests__/context-engine/integration.test.ts

@@ -1,320 +0,0 @@
-/**
- * Integration tests for the full taint analysis pipeline.
- * Tests end-to-end from source discovery through sink matching,
- * and cross-file analysis through buildProjectModel.
- */
-
-import { discoverSources } from '../../model/source-discovery'
-import { detectSanitisers } from '../../model/sanitiser-detection'
-import { propagateTaint } from '../../model/taint-tracker'
-import { matchSinks } from '../../model/sink-matcher'
-import type { FileTaintAnalysis } from '../../model/taint-types'
-import { buildProjectModel } from '../../model/index'
-import { buildAdjustmentContext } from '../../score/index'
-import type { ScanFile, Vulnerability } from '../../shared/types'
-
-function analyzeFileTaint(content: string, filePath: string): FileTaintAnalysis {
-  const sources = discoverSources(content, filePath)
-  if (sources.length === 0) {
-    return { filePath, sources: [], taintedVariables: [], taintPaths: [], sanitisers: [] }
-  }
-  const sanitisers = detectSanitisers(content, filePath)
-  const taintedVariables = propagateTaint(content, filePath, sources, sanitisers)
-  const taintPaths = matchSinks(content, filePath, taintedVariables, sanitisers)
-  return { filePath, sources, taintedVariables, taintPaths, sanitisers }
-}
-
-describe('Taint Analysis Integration', () => {
-  describe('SQL injection (Juice Shop style)', () => {
-    it('detects unsanitised req.query flowing into sequelize.query', () => {
-      const code = `
-app.get('/api/products', (req, res) => {
-  const searchTerm = req.query.q
-  const query = "SELECT * FROM Products WHERE name LIKE '%" + searchTerm + "%'"
-  sequelize.query(query)
-})
-`
-      const result = analyzeFileTaint(code, 'src/routes/products.ts')
-      expect(result.sources.length).toBeGreaterThan(0)
-      expect(result.taintPaths.length).toBeGreaterThan(0)
-      expect(result.taintPaths.some(p =>
-        p.sink.sinkType === 'sql_query' && !p.sanitised
-      )).toBe(true)
-    })
-  })
-
-  describe('XSS via innerHTML', () => {
-    it('detects unsanitised req.body flowing into innerHTML', () => {
-      const code = `
-app.post('/render', (req, res) => {
-  const content = req.body.html
-  const output = "<div>" + content + "</div>"
-  el.innerHTML = output
-})
-`
-      const result = analyzeFileTaint(code, 'src/routes/render.ts')
-      expect(result.taintPaths.some(p =>
-        p.sink.sinkType === 'inner_html' && !p.sanitised
-      )).toBe(true)
-    })
-  })
-
-  describe('Sanitised SQL (parameterised query)', () => {
-    it('marks taint path as sanitised for parameterised queries', () => {
-      const code = `
-app.get('/api/users', (req, res) => {
-  const userId = req.query.id
-  db.query('SELECT * FROM users WHERE id = ?', [userId])
-})
-`
-      const result = analyzeFileTaint(code, 'src/routes/users.ts')
-      if (result.taintPaths.length > 0) {
-        expect(result.taintPaths.every(p =>
-          p.sink.sinkType === 'sql_query' ? p.sanitised : true
-        )).toBe(true)
-      }
-    })
-  })
-
-  describe('Sanitised XSS (DOMPurify)', () => {
-    it('marks taint path as sanitised when DOMPurify is used', () => {
-      const code = `
-import DOMPurify from 'dompurify'
-
-app.post('/render', (req, res) => {
-  const content = req.body.html
-  const safe = DOMPurify.sanitize(content)
-  el.innerHTML = safe
-})
-`
-      const result = analyzeFileTaint(code, 'src/routes/render.ts')
-      // DOMPurify.sanitize marks the variable as sanitised
-      // The sink matcher should not pick it up since safe is sanitised
-      const unsanitisedPaths = result.taintPaths.filter(p =>
-        p.sink.sinkType === 'inner_html' && !p.sanitised
-      )
-      expect(unsanitisedPaths).toHaveLength(0)
-    })
-  })
-
-  describe('Command injection', () => {
-    it('detects unsanitised user input flowing into exec()', () => {
-      const code = `
-app.post('/exec', (req, res) => {
-  const cmd = req.body.command
-  exec(cmd)
-})
-`
-      const result = analyzeFileTaint(code, 'src/routes/exec.ts')
-      expect(result.taintPaths.some(p =>
-        p.sink.sinkType === 'exec' && !p.sanitised
-      )).toBe(true)
-    })
-  })
-
-  describe('SSRF', () => {
-    it('detects unsanitised user input flowing into fetch()', () => {
-      const code = `
-app.post('/proxy', (req, res) => {
-  const url = req.body.url
-  fetch(url)
-})
-`
-      const result = analyzeFileTaint(code, 'src/routes/proxy.ts')
-      expect(result.taintPaths.some(p =>
-        p.sink.sinkType === 'http_request' && !p.sanitised
-      )).toBe(true)
-    })
-  })
-
-  describe('Type coercion sanitisation', () => {
-    it('marks Number() coercion as sanitised', () => {
-      const code = `
-app.get('/api/users', (req, res) => {
-  const userId = Number(req.query.id)
-  db.query("SELECT * FROM users WHERE id = " + userId)
-})
-`
-      const result = analyzeFileTaint(code, 'src/routes/users.ts')
-      // userId should be sanitised by Number()
-      // so it shouldn't produce an unsanitised taint path
-      const unsanitisedSql = result.taintPaths.filter(p =>
-        p.sink.sinkType === 'sql_query' && !p.sanitised
-      )
-      expect(unsanitisedSql).toHaveLength(0)
-    })
-  })
-
-  describe('Short-circuit for non-input files', () => {
-    it('returns empty analysis for config files', () => {
-      const code = `
-export default {
-  port: 3000,
-  host: 'localhost',
-  database: {
-    url: process.env.DATABASE_URL,
-  },
-}
-`
-      const result = analyzeFileTaint(code, 'src/config.ts')
-      expect(result.sources).toHaveLength(0)
-      expect(result.taintPaths).toHaveLength(0)
-    })
-  })
-
-  describe('Multi-step propagation', () => {
-    it('tracks taint through multiple assignment steps', () => {
-      const code = `
-app.post('/api', (req, res) => {
-  const body = req.body
-  const data = body
-  const query = "SELECT * FROM users WHERE name = '" + data + "'"
-  db.query(query)
-})
-`
-      const result = analyzeFileTaint(code, 'src/routes/api.ts')
-      expect(result.taintPaths.some(p =>
-        p.sink.sinkType === 'sql_query' && !p.sanitised
-      )).toBe(true)
-    })
-  })
-
-  describe('Django pattern', () => {
-    it('detects unsanitised request.GET in Python', () => {
-      const code = `
-def search(request):
-    query = request.GET
-    cursor.execute("SELECT * FROM items WHERE name = '" + query + "'")
-`
-      const result = analyzeFileTaint(code, 'app/views.py')
-      expect(result.sources.length).toBeGreaterThan(0)
-      // Python cursor.execute should match sql_query sink
-      expect(result.taintPaths.some(p => p.sink.sinkType === 'sql_query')).toBe(true)
-    })
-  })
-
-  describe('Framework-aware analysis integration', () => {
-    function makeFile(path: string, content: string): ScanFile {
-      return { path, content, language: 'typescript' }
-    }
-
-    it('populates frameworkAnalyses for React + Sequelize project', () => {
-      const files = [
-        makeFile('src/app/page.tsx', [
-          'import { getUsers } from "../lib/db"',
-          '',
-          'export default function Page() {',
-          '  return <div>{users.map(u => u.name)}</div>',
-          '}',
-        ].join('\n')),
-        makeFile('src/lib/db.ts', [
-          'import { Sequelize } from "sequelize"',
-          'import { User } from "../models"',
-          '',
-          'export function getUsers() {',
-          '  return User.findAll({ where: { active: true } })',
-          '}',
-        ].join('\n')),
-        // Include a package.json to trigger framework detection
-        makeFile('package.json', JSON.stringify({
-          dependencies: { react: '18.0.0', next: '14.0.0', sequelize: '6.0.0' },
-        })),
-      ]
-
-      const model = buildProjectModel(files)
-
-      // Verify frameworkAnalyses is populated
-      expect(model.contextEngine.frameworkAnalyses).toBeDefined()
-      expect(model.contextEngine.frameworkAnalyses!.size).toBeGreaterThan(0)
-
-      // Verify JSX auto-escape detected in page.tsx
-      const pageAnalysis = model.contextEngine.frameworkAnalyses!.get('src/app/page.tsx')
-      expect(pageAnalysis).toBeDefined()
-      expect(pageAnalysis!.safeLines.size).toBeGreaterThan(0)
-
-      // Verify Sequelize ORM detected in db.ts
-      const dbAnalysis = model.contextEngine.frameworkAnalyses!.get('src/lib/db.ts')
-      expect(dbAnalysis).toBeDefined()
-      expect(dbAnalysis!.safeLines.size).toBeGreaterThan(0)
-
-      // Verify scoring picks up framework context for a mock finding
-      const mockFinding: Vulnerability = {
-        id: 'test-fw-1',
-        filePath: 'src/lib/db.ts',
-        lineNumber: 5,
-        lineContent: '  return User.findAll({ where: { active: true } })',
-        category: 'sql_injection',
-        severity: 'medium',
-        message: 'Possible SQL injection',
-        layer: 2,
-        source: 'dangerous_functions',
-      }
-
-      const adjContext = buildAdjustmentContext(mockFinding, model.contextEngine)
-      expect(dbAnalysis!.safeLines.has(5)).toBe(true)
-      expect(adjContext.framework).toBeDefined()
-      expect(adjContext.framework!.safePatternMatch).not.toBeNull()
-      expect(adjContext.framework!.safePatternMatch!.id).toContain('orm_')
-    })
-  })
-
-  describe('Cross-file pipeline integration', () => {
-    function makeFile(path: string, content: string): ScanFile {
-      return { path, content, language: 'typescript' }
-    }
-
-    it('detects cross-file taint through buildProjectModel and scoring', () => {
-      const files = [
-        makeFile('src/routes/users.ts', [
-          `import { getUser } from '../lib/db'`,
-          ``,
-          `export async function GET(req) {`,
-          `  const id = req.params.id`,
-          `  const user = await getUser(id)`,
-          `  return Response.json(user)`,
-          `}`,
-        ].join('\n')),
-        makeFile('src/lib/db.ts', [
-          `export function getUser(id: string) {`,
-          `  return db.query('SELECT * FROM users WHERE id = ' + id)`,
-          `}`,
-        ].join('\n')),
-      ]
-
-      const model = buildProjectModel(files)
-
-      // Verify cross-file taint paths are populated
-      expect(model.contextEngine.crossFileTaintPaths).toBeDefined()
-      expect(model.contextEngine.crossFileTaintPaths!.length).toBeGreaterThan(0)
-
-      const cfPath = model.contextEngine.crossFileTaintPaths![0]
-      expect(cfPath.sink.sinkType).toBe('sql_query')
-      expect(cfPath.sourceFile).toBe('src/routes/users.ts')
-      expect(cfPath.sinkFile).toBe('src/lib/db.ts')
-
-      // Verify scoring annotation picks up cross-file taint at the call site.
-      // A Layer 2 detector might flag the call line in users.ts. The scoring system
-      // should match the cross-file path via sourceFile + callLine.
-      const mockFinding: Vulnerability = {
-        id: 'test-1',
-        filePath: cfPath.sourceFile,
-        lineNumber: cfPath.importLink.callLine,
-        lineContent: 'const user = await getUser(id)',
-        category: 'sql_injection',
-        severity: 'high',
-        message: 'SQL injection via cross-file taint',
-        layer: 2,
-        source: 'dangerous_functions',
-      }
-
-      const adjContext = buildAdjustmentContext(mockFinding, model.contextEngine)
-      expect(adjContext.taint).toBeDefined()
-      expect(adjContext.taint!.confirmed).toBe(true)
-      expect(adjContext.taint!.sinkType).toBe('sql_query')
-
-      // Verify function profiles are populated
-      expect(model.contextEngine.functionProfiles).toBeDefined()
-      expect(model.contextEngine.functionProfiles!.size).toBeGreaterThan(0)
-    })
-  })
-})

package/src/__tests__/context-engine/sanitiser-detection.test.ts

@@ -1,187 +0,0 @@
-/**
- * Tests for sanitiser detection — identifying sanitisation functions in code.
- */
-
-import { detectSanitisers, isSanitiserCall } from '../../model/sanitiser-detection'
-
-describe('detectSanitisers', () => {
-  describe('DOMPurify', () => {
-    it('detects DOMPurify.sanitize when imported', () => {
-      const code = `
-import DOMPurify from 'dompurify'
-const clean = DOMPurify.sanitize(dirty)
-`
-      const sanitisers = detectSanitisers(code, 'src/utils.ts')
-      expect(sanitisers.some(s => s.name === 'DOMPurify.sanitize')).toBe(true)
-      expect(sanitisers.find(s => s.name === 'DOMPurify.sanitize')?.sanitises).toBe('html')
-      expect(sanitisers.find(s => s.name === 'DOMPurify.sanitize')?.detection).toBe('known_library')
-    })
-
-    it('does not detect DOMPurify.sanitize without import', () => {
-      const code = `const clean = DOMPurify.sanitize(dirty)`
-      const sanitisers = detectSanitisers(code, 'src/utils.ts')
-      expect(sanitisers.some(s => s.name === 'DOMPurify.sanitize' && s.detection === 'known_library')).toBe(false)
-    })
-  })
-
-  describe('validator.js', () => {
-    it('detects validator.escape when imported', () => {
-      const code = `
-import validator from 'validator'
-const safe = validator.escape(input)
-`
-      const sanitisers = detectSanitisers(code, 'src/utils.ts')
-      expect(sanitisers.some(s => s.name === 'validator.escape')).toBe(true)
-    })
-  })
-
-  describe('Zod/Joi/Yup', () => {
-    it('detects zod .parse() when imported', () => {
-      const code = `
-import { z } from 'zod'
-const schema = z.object({ name: z.string() })
-const data = schema.parse(input)
-`
-      const sanitisers = detectSanitisers(code, 'src/validation.ts')
-      expect(sanitisers.some(s => s.name === 'zod.parse' && s.sanitises === 'all')).toBe(true)
-    })
-
-    it('detects joi .validate() when imported', () => {
-      const code = `
-import joi from 'joi'
-const result = schema.validate(input)
-`
-      const sanitisers = detectSanitisers(code, 'src/validation.ts')
-      expect(sanitisers.some(s => s.name === 'joi.validate')).toBe(true)
-    })
-
-    it('detects yup .validate() when imported', () => {
-      const code = `
-import * as yup from 'yup'
-const result = await schema.validate(input)
-`
-      const sanitisers = detectSanitisers(code, 'src/validation.ts')
-      expect(sanitisers.some(s => s.name === 'yup.validate')).toBe(true)
-    })
-  })
-
-  describe('Type coercion (universal)', () => {
-    it('detects Number()', () => {
-      const code = `const id = Number(input)`
-      const sanitisers = detectSanitisers(code, 'src/api.ts')
-      expect(sanitisers.some(s => s.name === 'Number' && s.sanitises === 'all')).toBe(true)
-    })
-
-    it('detects parseInt()', () => {
-      const code = `const id = parseInt(input, 10)`
-      const sanitisers = detectSanitisers(code, 'src/api.ts')
-      expect(sanitisers.some(s => s.name === 'parseInt')).toBe(true)
-    })
-
-    it('detects parseFloat()', () => {
-      const code = `const price = parseFloat(input)`
-      const sanitisers = detectSanitisers(code, 'src/api.ts')
-      expect(sanitisers.some(s => s.name === 'parseFloat')).toBe(true)
-    })
-
-    it('detects Boolean()', () => {
-      const code = `const flag = Boolean(input)`
-      const sanitisers = detectSanitisers(code, 'src/api.ts')
-      expect(sanitisers.some(s => s.name === 'Boolean')).toBe(true)
-    })
-  })
-
-  describe('Parameterised queries', () => {
-    it('detects ? placeholder parameterised queries', () => {
-      const code = `db.query('SELECT * FROM users WHERE id = ?', [userId])`
-      const sanitisers = detectSanitisers(code, 'src/db.ts')
-      expect(sanitisers.some(s => s.name === 'parameterised_query' && s.sanitises === 'sql')).toBe(true)
-    })
-
-    it('detects $1 placeholder parameterised queries', () => {
-      const code = `db.query('SELECT * FROM users WHERE id = $1', [userId])`
-      const sanitisers = detectSanitisers(code, 'src/db.ts')
-      expect(sanitisers.some(s => s.name === 'parameterised_query')).toBe(true)
-    })
-
-    it('detects Sequelize replacements', () => {
-      const code = `sequelize.query('SELECT * FROM users', { replacements: { id } })`
-      const sanitisers = detectSanitisers(code, 'src/db.ts')
-      expect(sanitisers.some(s => s.name === 'parameterised_query')).toBe(true)
-    })
-  })
-
-  describe('Path sanitisers', () => {
-    it('detects path.normalize()', () => {
-      const code = `const safe = path.normalize(input)`
-      const sanitisers = detectSanitisers(code, 'src/fs.ts')
-      expect(sanitisers.some(s => s.name === 'path.normalize' && s.sanitises === 'path')).toBe(true)
-    })
-  })
-
-  describe('Python sanitisers', () => {
-    it('detects shlex.quote()', () => {
-      const code = `safe = shlex.quote(user_input)`
-      const sanitisers = detectSanitisers(code, 'app/utils.py')
-      expect(sanitisers.some(s => s.name === 'shlex.quote' && s.sanitises === 'command')).toBe(true)
-    })
-
-    it('detects html.escape()', () => {
-      const code = `safe = html.escape(user_input)`
-      const sanitisers = detectSanitisers(code, 'app/utils.py')
-      expect(sanitisers.some(s => s.name === 'html.escape' && s.sanitises === 'html')).toBe(true)
-    })
-  })
-
-  describe('Name heuristic', () => {
-    it('detects functions with "sanitize" in name', () => {
-      const code = `const safe = sanitizeInput(dirty)`
-      const sanitisers = detectSanitisers(code, 'src/utils.ts')
-      expect(sanitisers.some(s => s.detection === 'name_heuristic')).toBe(true)
-    })
-  })
-
-  describe('Edge cases', () => {
-    it('skips comments', () => {
-      const code = `// DOMPurify.sanitize(dirty)`
-      const sanitisers = detectSanitisers(code, 'src/utils.ts')
-      expect(sanitisers).toHaveLength(0)
-    })
-
-    it('deduplicates sanitisers on same line', () => {
-      const code = `const id = Number(parseInt(input))`
-      const sanitisers = detectSanitisers(code, 'src/api.ts')
-      const lineOnes = sanitisers.filter(s => s.line === 1)
-      const uniqueNames = new Set(lineOnes.map(s => s.name))
-      expect(uniqueNames.size).toBe(lineOnes.length)
-    })
-  })
-})
-
-describe('isSanitiserCall', () => {
-  it('detects Number() as sanitiser', () => {
-    const result = isSanitiserCall('const id = Number(input)', [])
-    expect(result.sanitised).toBe(true)
-    expect(result.method).toBe('Number')
-    expect(result.target).toBe('all')
-  })
-
-  it('detects parseInt() as sanitiser', () => {
-    const result = isSanitiserCall('const id = parseInt(input, 10)', [])
-    expect(result.sanitised).toBe(true)
-  })
-
-  it('returns false for non-sanitiser calls', () => {
-    const result = isSanitiserCall('const data = someFunction(input)', [])
-    expect(result.sanitised).toBe(false)
-  })
-
-  it('detects file-level sanitisers', () => {
-    const fileSanitisers = [
-      { name: 'DOMPurify.sanitize', line: 5, sanitises: 'html' as const, detection: 'known_library' as const, library: 'dompurify' }
-    ]
-    const result = isSanitiserCall('const safe = DOMPurify.sanitize(dirty)', fileSanitisers)
-    expect(result.sanitised).toBe(true)
-    expect(result.target).toBe('html')
-  })
-})