@opencodereview/core 1.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/ai/anthropic-provider.d.ts +41 -0
- package/dist/ai/anthropic-provider.d.ts.map +1 -0
- package/dist/ai/anthropic-provider.js +139 -0
- package/dist/ai/anthropic-provider.js.map +1 -0
- package/dist/ai/index.d.ts +39 -0
- package/dist/ai/index.d.ts.map +1 -0
- package/dist/ai/index.js +41 -0
- package/dist/ai/index.js.map +1 -0
- package/dist/ai/ollama-provider.d.ts +46 -0
- package/dist/ai/ollama-provider.d.ts.map +1 -0
- package/dist/ai/ollama-provider.js +149 -0
- package/dist/ai/ollama-provider.js.map +1 -0
- package/dist/ai/openai-provider.d.ts +44 -0
- package/dist/ai/openai-provider.d.ts.map +1 -0
- package/dist/ai/openai-provider.js +137 -0
- package/dist/ai/openai-provider.js.map +1 -0
- package/dist/ai/orchestrator.d.ts +60 -0
- package/dist/ai/orchestrator.d.ts.map +1 -0
- package/dist/ai/orchestrator.js +188 -0
- package/dist/ai/orchestrator.js.map +1 -0
- package/dist/ai/prompts.d.ts +27 -0
- package/dist/ai/prompts.d.ts.map +1 -0
- package/dist/ai/prompts.js +112 -0
- package/dist/ai/prompts.js.map +1 -0
- package/dist/ai/types.d.ts +75 -0
- package/dist/ai/types.d.ts.map +1 -0
- package/dist/ai/types.js +10 -0
- package/dist/ai/types.js.map +1 -0
- package/dist/ai/v4/embedding/index.d.ts +10 -0
- package/dist/ai/v4/embedding/index.d.ts.map +1 -0
- package/dist/ai/v4/embedding/index.js +10 -0
- package/dist/ai/v4/embedding/index.js.map +1 -0
- package/dist/ai/v4/embedding/local.d.ts +68 -0
- package/dist/ai/v4/embedding/local.d.ts.map +1 -0
- package/dist/ai/v4/embedding/local.js +167 -0
- package/dist/ai/v4/embedding/local.js.map +1 -0
- package/dist/ai/v4/embedding/ollama.d.ts +58 -0
- package/dist/ai/v4/embedding/ollama.d.ts.map +1 -0
- package/dist/ai/v4/embedding/ollama.js +101 -0
- package/dist/ai/v4/embedding/ollama.js.map +1 -0
- package/dist/ai/v4/embedding/openai.d.ts +36 -0
- package/dist/ai/v4/embedding/openai.d.ts.map +1 -0
- package/dist/ai/v4/embedding/openai.js +76 -0
- package/dist/ai/v4/embedding/openai.js.map +1 -0
- package/dist/ai/v4/embedding/similarity.d.ts +36 -0
- package/dist/ai/v4/embedding/similarity.d.ts.map +1 -0
- package/dist/ai/v4/embedding/similarity.js +60 -0
- package/dist/ai/v4/embedding/similarity.js.map +1 -0
- package/dist/ai/v4/index.d.ts +51 -0
- package/dist/ai/v4/index.d.ts.map +1 -0
- package/dist/ai/v4/index.js +54 -0
- package/dist/ai/v4/index.js.map +1 -0
- package/dist/ai/v4/llm/anthropic.d.ts +38 -0
- package/dist/ai/v4/llm/anthropic.d.ts.map +1 -0
- package/dist/ai/v4/llm/anthropic.js +86 -0
- package/dist/ai/v4/llm/anthropic.js.map +1 -0
- package/dist/ai/v4/llm/index.d.ts +9 -0
- package/dist/ai/v4/llm/index.d.ts.map +1 -0
- package/dist/ai/v4/llm/index.js +9 -0
- package/dist/ai/v4/llm/index.js.map +1 -0
- package/dist/ai/v4/llm/ollama.d.ts +39 -0
- package/dist/ai/v4/llm/ollama.d.ts.map +1 -0
- package/dist/ai/v4/llm/ollama.js +95 -0
- package/dist/ai/v4/llm/ollama.js.map +1 -0
- package/dist/ai/v4/llm/openai.d.ts +38 -0
- package/dist/ai/v4/llm/openai.d.ts.map +1 -0
- package/dist/ai/v4/llm/openai.js +88 -0
- package/dist/ai/v4/llm/openai.js.map +1 -0
- package/dist/ai/v4/patterns/defect-patterns.d.ts +57 -0
- package/dist/ai/v4/patterns/defect-patterns.d.ts.map +1 -0
- package/dist/ai/v4/patterns/defect-patterns.js +331 -0
- package/dist/ai/v4/patterns/defect-patterns.js.map +1 -0
- package/dist/ai/v4/patterns/index.d.ts +8 -0
- package/dist/ai/v4/patterns/index.d.ts.map +1 -0
- package/dist/ai/v4/patterns/index.js +7 -0
- package/dist/ai/v4/patterns/index.js.map +1 -0
- package/dist/ai/v4/pipeline.d.ts +74 -0
- package/dist/ai/v4/pipeline.d.ts.map +1 -0
- package/dist/ai/v4/pipeline.js +381 -0
- package/dist/ai/v4/pipeline.js.map +1 -0
- package/dist/ai/v4/sla.d.ts +62 -0
- package/dist/ai/v4/sla.d.ts.map +1 -0
- package/dist/ai/v4/sla.js +136 -0
- package/dist/ai/v4/sla.js.map +1 -0
- package/dist/ai/v4/types.d.ts +117 -0
- package/dist/ai/v4/types.d.ts.map +1 -0
- package/dist/ai/v4/types.js +16 -0
- package/dist/ai/v4/types.js.map +1 -0
- package/dist/ai-healer/prompt-builder.d.ts +33 -0
- package/dist/ai-healer/prompt-builder.d.ts.map +1 -0
- package/dist/ai-healer/prompt-builder.js +89 -0
- package/dist/ai-healer/prompt-builder.js.map +1 -0
- package/dist/config/defaults.d.ts +14 -0
- package/dist/config/defaults.d.ts.map +1 -0
- package/dist/config/defaults.js +57 -0
- package/dist/config/defaults.js.map +1 -0
- package/dist/config/index.d.ts +8 -0
- package/dist/config/index.d.ts.map +1 -0
- package/dist/config/index.js +6 -0
- package/dist/config/index.js.map +1 -0
- package/dist/config/loader.d.ts +33 -0
- package/dist/config/loader.d.ts.map +1 -0
- package/dist/config/loader.js +245 -0
- package/dist/config/loader.js.map +1 -0
- package/dist/config/types.d.ts +58 -0
- package/dist/config/types.d.ts.map +1 -0
- package/dist/config/types.js +7 -0
- package/dist/config/types.js.map +1 -0
- package/dist/config/v4-config.d.ts +77 -0
- package/dist/config/v4-config.d.ts.map +1 -0
- package/dist/config/v4-config.js +336 -0
- package/dist/config/v4-config.js.map +1 -0
- package/dist/detectors/ai-detector.d.ts +38 -0
- package/dist/detectors/ai-detector.d.ts.map +1 -0
- package/dist/detectors/ai-detector.js +62 -0
- package/dist/detectors/ai-detector.js.map +1 -0
- package/dist/detectors/context-break.d.ts +57 -0
- package/dist/detectors/context-break.d.ts.map +1 -0
- package/dist/detectors/context-break.js +199 -0
- package/dist/detectors/context-break.js.map +1 -0
- package/dist/detectors/deep-hallucination.d.ts +42 -0
- package/dist/detectors/deep-hallucination.d.ts.map +1 -0
- package/dist/detectors/deep-hallucination.js +297 -0
- package/dist/detectors/deep-hallucination.js.map +1 -0
- package/dist/detectors/duplication.d.ts +61 -0
- package/dist/detectors/duplication.d.ts.map +1 -0
- package/dist/detectors/duplication.js +204 -0
- package/dist/detectors/duplication.js.map +1 -0
- package/dist/detectors/hallucination.d.ts +80 -0
- package/dist/detectors/hallucination.d.ts.map +1 -0
- package/dist/detectors/hallucination.js +350 -0
- package/dist/detectors/hallucination.js.map +1 -0
- package/dist/detectors/index.d.ts +35 -0
- package/dist/detectors/index.d.ts.map +1 -0
- package/dist/detectors/index.js +33 -0
- package/dist/detectors/index.js.map +1 -0
- package/dist/detectors/logic-gap.d.ts +58 -0
- package/dist/detectors/logic-gap.d.ts.map +1 -0
- package/dist/detectors/logic-gap.js +284 -0
- package/dist/detectors/logic-gap.js.map +1 -0
- package/dist/detectors/over-engineering.d.ts +44 -0
- package/dist/detectors/over-engineering.d.ts.map +1 -0
- package/dist/detectors/over-engineering.js +257 -0
- package/dist/detectors/over-engineering.js.map +1 -0
- package/dist/detectors/security-pattern.d.ts +43 -0
- package/dist/detectors/security-pattern.d.ts.map +1 -0
- package/dist/detectors/security-pattern.js +235 -0
- package/dist/detectors/security-pattern.js.map +1 -0
- package/dist/detectors/stale-api.d.ts +44 -0
- package/dist/detectors/stale-api.d.ts.map +1 -0
- package/dist/detectors/stale-api.js +160 -0
- package/dist/detectors/stale-api.js.map +1 -0
- package/dist/detectors/type-safety.d.ts +41 -0
- package/dist/detectors/type-safety.d.ts.map +1 -0
- package/dist/detectors/type-safety.js +306 -0
- package/dist/detectors/type-safety.js.map +1 -0
- package/dist/detectors/v4/context-coherence.d.ts +67 -0
- package/dist/detectors/v4/context-coherence.d.ts.map +1 -0
- package/dist/detectors/v4/context-coherence.js +319 -0
- package/dist/detectors/v4/context-coherence.js.map +1 -0
- package/dist/detectors/v4/hallucinated-import.d.ts +52 -0
- package/dist/detectors/v4/hallucinated-import.d.ts.map +1 -0
- package/dist/detectors/v4/hallucinated-import.js +206 -0
- package/dist/detectors/v4/hallucinated-import.js.map +1 -0
- package/dist/detectors/v4/index.d.ts +28 -0
- package/dist/detectors/v4/index.d.ts.map +1 -0
- package/dist/detectors/v4/index.js +40 -0
- package/dist/detectors/v4/index.js.map +1 -0
- package/dist/detectors/v4/over-engineering.d.ts +69 -0
- package/dist/detectors/v4/over-engineering.d.ts.map +1 -0
- package/dist/detectors/v4/over-engineering.js +234 -0
- package/dist/detectors/v4/over-engineering.js.map +1 -0
- package/dist/detectors/v4/security-pattern.d.ts +46 -0
- package/dist/detectors/v4/security-pattern.d.ts.map +1 -0
- package/dist/detectors/v4/security-pattern.js +233 -0
- package/dist/detectors/v4/security-pattern.js.map +1 -0
- package/dist/detectors/v4/stale-api.d.ts +59 -0
- package/dist/detectors/v4/stale-api.d.ts.map +1 -0
- package/dist/detectors/v4/stale-api.js +470 -0
- package/dist/detectors/v4/stale-api.js.map +1 -0
- package/dist/detectors/v4/types.d.ts +74 -0
- package/dist/detectors/v4/types.d.ts.map +1 -0
- package/dist/detectors/v4/types.js +10 -0
- package/dist/detectors/v4/types.js.map +1 -0
- package/dist/diff/filter.d.ts +35 -0
- package/dist/diff/filter.d.ts.map +1 -0
- package/dist/diff/filter.js +65 -0
- package/dist/diff/filter.js.map +1 -0
- package/dist/diff/index.d.ts +9 -0
- package/dist/diff/index.d.ts.map +1 -0
- package/dist/diff/index.js +8 -0
- package/dist/diff/index.js.map +1 -0
- package/dist/diff/parser.d.ts +61 -0
- package/dist/diff/parser.d.ts.map +1 -0
- package/dist/diff/parser.js +203 -0
- package/dist/diff/parser.js.map +1 -0
- package/dist/i18n/en.d.ts +18 -0
- package/dist/i18n/en.d.ts.map +1 -0
- package/dist/i18n/en.js +83 -0
- package/dist/i18n/en.js.map +1 -0
- package/dist/i18n/index.d.ts +13 -0
- package/dist/i18n/index.d.ts.map +1 -0
- package/dist/i18n/index.js +14 -0
- package/dist/i18n/index.js.map +1 -0
- package/dist/i18n/provider.d.ts +54 -0
- package/dist/i18n/provider.d.ts.map +1 -0
- package/dist/i18n/provider.js +88 -0
- package/dist/i18n/provider.js.map +1 -0
- package/dist/i18n/types.d.ts +37 -0
- package/dist/i18n/types.d.ts.map +1 -0
- package/dist/i18n/types.js +10 -0
- package/dist/i18n/types.js.map +1 -0
- package/dist/i18n/zh.d.ts +14 -0
- package/dist/i18n/zh.d.ts.map +1 -0
- package/dist/i18n/zh.js +83 -0
- package/dist/i18n/zh.js.map +1 -0
- package/dist/index.d.ts +113 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +106 -0
- package/dist/index.js.map +1 -0
- package/dist/ir/index.d.ts +10 -0
- package/dist/ir/index.d.ts.map +1 -0
- package/dist/ir/index.js +9 -0
- package/dist/ir/index.js.map +1 -0
- package/dist/ir/types.d.ts +126 -0
- package/dist/ir/types.d.ts.map +1 -0
- package/dist/ir/types.js +33 -0
- package/dist/ir/types.js.map +1 -0
- package/dist/languages/go/index.d.ts +7 -0
- package/dist/languages/go/index.d.ts.map +1 -0
- package/dist/languages/go/index.js +7 -0
- package/dist/languages/go/index.js.map +1 -0
- package/dist/languages/go/parser.d.ts +89 -0
- package/dist/languages/go/parser.d.ts.map +1 -0
- package/dist/languages/go/parser.js +509 -0
- package/dist/languages/go/parser.js.map +1 -0
- package/dist/languages/index.d.ts +13 -0
- package/dist/languages/index.d.ts.map +1 -0
- package/dist/languages/index.js +14 -0
- package/dist/languages/index.js.map +1 -0
- package/dist/languages/java/index.d.ts +7 -0
- package/dist/languages/java/index.d.ts.map +1 -0
- package/dist/languages/java/index.js +7 -0
- package/dist/languages/java/index.js.map +1 -0
- package/dist/languages/java/parser.d.ts +82 -0
- package/dist/languages/java/parser.d.ts.map +1 -0
- package/dist/languages/java/parser.js +492 -0
- package/dist/languages/java/parser.js.map +1 -0
- package/dist/languages/kotlin/index.d.ts +7 -0
- package/dist/languages/kotlin/index.d.ts.map +1 -0
- package/dist/languages/kotlin/index.js +7 -0
- package/dist/languages/kotlin/index.js.map +1 -0
- package/dist/languages/kotlin/parser.d.ts +84 -0
- package/dist/languages/kotlin/parser.d.ts.map +1 -0
- package/dist/languages/kotlin/parser.js +507 -0
- package/dist/languages/kotlin/parser.js.map +1 -0
- package/dist/languages/python/index.d.ts +7 -0
- package/dist/languages/python/index.d.ts.map +1 -0
- package/dist/languages/python/index.js +7 -0
- package/dist/languages/python/index.js.map +1 -0
- package/dist/languages/python/parser.d.ts +91 -0
- package/dist/languages/python/parser.d.ts.map +1 -0
- package/dist/languages/python/parser.js +375 -0
- package/dist/languages/python/parser.js.map +1 -0
- package/dist/languages/registry.d.ts +81 -0
- package/dist/languages/registry.d.ts.map +1 -0
- package/dist/languages/registry.js +150 -0
- package/dist/languages/registry.js.map +1 -0
- package/dist/languages/types.d.ts +137 -0
- package/dist/languages/types.d.ts.map +1 -0
- package/dist/languages/types.js +10 -0
- package/dist/languages/types.js.map +1 -0
- package/dist/languages/typescript/index.d.ts +7 -0
- package/dist/languages/typescript/index.d.ts.map +1 -0
- package/dist/languages/typescript/index.js +7 -0
- package/dist/languages/typescript/index.js.map +1 -0
- package/dist/languages/typescript/parser.d.ts +51 -0
- package/dist/languages/typescript/parser.d.ts.map +1 -0
- package/dist/languages/typescript/parser.js +286 -0
- package/dist/languages/typescript/parser.js.map +1 -0
- package/dist/license/generator.d.ts +43 -0
- package/dist/license/generator.d.ts.map +1 -0
- package/dist/license/generator.js +72 -0
- package/dist/license/generator.js.map +1 -0
- package/dist/license/index.d.ts +11 -0
- package/dist/license/index.d.ts.map +1 -0
- package/dist/license/index.js +12 -0
- package/dist/license/index.js.map +1 -0
- package/dist/license/types.d.ts +85 -0
- package/dist/license/types.d.ts.map +1 -0
- package/dist/license/types.js +10 -0
- package/dist/license/types.js.map +1 -0
- package/dist/license/validator.d.ts +77 -0
- package/dist/license/validator.d.ts.map +1 -0
- package/dist/license/validator.js +275 -0
- package/dist/license/validator.js.map +1 -0
- package/dist/parser/extractor.d.ts +31 -0
- package/dist/parser/extractor.d.ts.map +1 -0
- package/dist/parser/extractor.js +10 -0
- package/dist/parser/extractor.js.map +1 -0
- package/dist/parser/extractors/go.d.ts +21 -0
- package/dist/parser/extractors/go.d.ts.map +1 -0
- package/dist/parser/extractors/go.js +569 -0
- package/dist/parser/extractors/go.js.map +1 -0
- package/dist/parser/extractors/index.d.ts +13 -0
- package/dist/parser/extractors/index.d.ts.map +1 -0
- package/dist/parser/extractors/index.js +13 -0
- package/dist/parser/extractors/index.js.map +1 -0
- package/dist/parser/extractors/java.d.ts +24 -0
- package/dist/parser/extractors/java.d.ts.map +1 -0
- package/dist/parser/extractors/java.js +611 -0
- package/dist/parser/extractors/java.js.map +1 -0
- package/dist/parser/extractors/kotlin.d.ts +25 -0
- package/dist/parser/extractors/kotlin.d.ts.map +1 -0
- package/dist/parser/extractors/kotlin.js +665 -0
- package/dist/parser/extractors/kotlin.js.map +1 -0
- package/dist/parser/extractors/python.d.ts +21 -0
- package/dist/parser/extractors/python.d.ts.map +1 -0
- package/dist/parser/extractors/python.js +514 -0
- package/dist/parser/extractors/python.js.map +1 -0
- package/dist/parser/extractors/typescript.d.ts +23 -0
- package/dist/parser/extractors/typescript.d.ts.map +1 -0
- package/dist/parser/extractors/typescript.js +664 -0
- package/dist/parser/extractors/typescript.js.map +1 -0
- package/dist/parser/index.d.ts +15 -0
- package/dist/parser/index.d.ts.map +1 -0
- package/dist/parser/index.js +14 -0
- package/dist/parser/index.js.map +1 -0
- package/dist/parser/manager.d.ts +50 -0
- package/dist/parser/manager.d.ts.map +1 -0
- package/dist/parser/manager.js +159 -0
- package/dist/parser/manager.js.map +1 -0
- package/dist/registry/builtins/go-builtins.d.ts +13 -0
- package/dist/registry/builtins/go-builtins.d.ts.map +1 -0
- package/dist/registry/builtins/go-builtins.js +63 -0
- package/dist/registry/builtins/go-builtins.js.map +1 -0
- package/dist/registry/builtins/java-builtins.d.ts +10 -0
- package/dist/registry/builtins/java-builtins.d.ts.map +1 -0
- package/dist/registry/builtins/java-builtins.js +59 -0
- package/dist/registry/builtins/java-builtins.js.map +1 -0
- package/dist/registry/builtins/kotlin-builtins.d.ts +10 -0
- package/dist/registry/builtins/kotlin-builtins.d.ts.map +1 -0
- package/dist/registry/builtins/kotlin-builtins.js +38 -0
- package/dist/registry/builtins/kotlin-builtins.js.map +1 -0
- package/dist/registry/builtins/node-builtins.d.ts +10 -0
- package/dist/registry/builtins/node-builtins.d.ts.map +1 -0
- package/dist/registry/builtins/node-builtins.js +36 -0
- package/dist/registry/builtins/node-builtins.js.map +1 -0
- package/dist/registry/builtins/python-builtins.d.ts +10 -0
- package/dist/registry/builtins/python-builtins.d.ts.map +1 -0
- package/dist/registry/builtins/python-builtins.js +43 -0
- package/dist/registry/builtins/python-builtins.js.map +1 -0
- package/dist/registry/cache.d.ts +53 -0
- package/dist/registry/cache.d.ts.map +1 -0
- package/dist/registry/cache.js +147 -0
- package/dist/registry/cache.js.map +1 -0
- package/dist/registry/go-registry.d.ts +52 -0
- package/dist/registry/go-registry.d.ts.map +1 -0
- package/dist/registry/go-registry.js +148 -0
- package/dist/registry/go-registry.js.map +1 -0
- package/dist/registry/index.d.ts +18 -0
- package/dist/registry/index.d.ts.map +1 -0
- package/dist/registry/index.js +21 -0
- package/dist/registry/index.js.map +1 -0
- package/dist/registry/maven-registry.d.ts +57 -0
- package/dist/registry/maven-registry.d.ts.map +1 -0
- package/dist/registry/maven-registry.js +155 -0
- package/dist/registry/maven-registry.js.map +1 -0
- package/dist/registry/npm-registry.d.ts +40 -0
- package/dist/registry/npm-registry.d.ts.map +1 -0
- package/dist/registry/npm-registry.js +155 -0
- package/dist/registry/npm-registry.js.map +1 -0
- package/dist/registry/pypi-registry.d.ts +49 -0
- package/dist/registry/pypi-registry.d.ts.map +1 -0
- package/dist/registry/pypi-registry.js +175 -0
- package/dist/registry/pypi-registry.js.map +1 -0
- package/dist/registry/registry-manager.d.ts +45 -0
- package/dist/registry/registry-manager.d.ts.map +1 -0
- package/dist/registry/registry-manager.js +107 -0
- package/dist/registry/registry-manager.js.map +1 -0
- package/dist/registry/types.d.ts +83 -0
- package/dist/registry/types.d.ts.map +1 -0
- package/dist/registry/types.js +12 -0
- package/dist/registry/types.js.map +1 -0
- package/dist/reporter/html-reporter.d.ts +20 -0
- package/dist/reporter/html-reporter.d.ts.map +1 -0
- package/dist/reporter/html-reporter.js +612 -0
- package/dist/reporter/html-reporter.js.map +1 -0
- package/dist/reporter/index.d.ts +28 -0
- package/dist/reporter/index.d.ts.map +1 -0
- package/dist/reporter/index.js +48 -0
- package/dist/reporter/index.js.map +1 -0
- package/dist/reporter/markdown-reporter.d.ts +16 -0
- package/dist/reporter/markdown-reporter.d.ts.map +1 -0
- package/dist/reporter/markdown-reporter.js +182 -0
- package/dist/reporter/markdown-reporter.js.map +1 -0
- package/dist/reporter/sarif-reporter.d.ts +67 -0
- package/dist/reporter/sarif-reporter.d.ts.map +1 -0
- package/dist/reporter/sarif-reporter.js +73 -0
- package/dist/reporter/sarif-reporter.js.map +1 -0
- package/dist/reporter/terminal-reporter.d.ts +14 -0
- package/dist/reporter/terminal-reporter.d.ts.map +1 -0
- package/dist/reporter/terminal-reporter.js +126 -0
- package/dist/reporter/terminal-reporter.js.map +1 -0
- package/dist/reporter/types.d.ts +43 -0
- package/dist/reporter/types.d.ts.map +1 -0
- package/dist/reporter/types.js +10 -0
- package/dist/reporter/types.js.map +1 -0
- package/dist/reporter/v4-html.d.ts +24 -0
- package/dist/reporter/v4-html.d.ts.map +1 -0
- package/dist/reporter/v4-html.js +359 -0
- package/dist/reporter/v4-html.js.map +1 -0
- package/dist/reporter/v4-terminal.d.ts +55 -0
- package/dist/reporter/v4-terminal.d.ts.map +1 -0
- package/dist/reporter/v4-terminal.js +199 -0
- package/dist/reporter/v4-terminal.js.map +1 -0
- package/dist/scanner/index.d.ts +9 -0
- package/dist/scanner/index.d.ts.map +1 -0
- package/dist/scanner/index.js +9 -0
- package/dist/scanner/index.js.map +1 -0
- package/dist/scanner/v4-scanner.d.ts +162 -0
- package/dist/scanner/v4-scanner.d.ts.map +1 -0
- package/dist/scanner/v4-scanner.js +327 -0
- package/dist/scanner/v4-scanner.js.map +1 -0
- package/dist/scorer/report.d.ts +52 -0
- package/dist/scorer/report.d.ts.map +1 -0
- package/dist/scorer/report.js +347 -0
- package/dist/scorer/report.js.map +1 -0
- package/dist/scorer/scoring-engine.d.ts +170 -0
- package/dist/scorer/scoring-engine.d.ts.map +1 -0
- package/dist/scorer/scoring-engine.js +308 -0
- package/dist/scorer/scoring-engine.js.map +1 -0
- package/dist/scorer/v4-adapter.d.ts +87 -0
- package/dist/scorer/v4-adapter.d.ts.map +1 -0
- package/dist/scorer/v4-adapter.js +145 -0
- package/dist/scorer/v4-adapter.js.map +1 -0
- package/dist/sla/index.d.ts +7 -0
- package/dist/sla/index.d.ts.map +1 -0
- package/dist/sla/index.js +6 -0
- package/dist/sla/index.js.map +1 -0
- package/dist/sla/tracker.d.ts +70 -0
- package/dist/sla/tracker.d.ts.map +1 -0
- package/dist/sla/tracker.js +151 -0
- package/dist/sla/tracker.js.map +1 -0
- package/dist/sla/types.d.ts +67 -0
- package/dist/sla/types.d.ts.map +1 -0
- package/dist/sla/types.js +42 -0
- package/dist/sla/types.js.map +1 -0
- package/dist/types.d.ts +172 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +69 -0
- package/dist/types.js.map +1 -0
- package/package.json +97 -0
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* V4 Detector Module — AI-unique detectors operating on CodeUnit IR.
|
|
3
|
+
*
|
|
4
|
+
* V4 keeps only detectors that target AI-specific code quality issues:
|
|
5
|
+
* - HallucinatedImportDetector: Detects imports of non-existent packages
|
|
6
|
+
* - StaleAPIDetector: Detects deprecated/outdated API usage
|
|
7
|
+
* - ContextCoherenceDetector: Detects AI context window inconsistencies
|
|
8
|
+
* - OverEngineeringDetector: Detects over-engineered code patterns
|
|
9
|
+
* - SecurityPatternDetector: Detects security anti-patterns common in AI code
|
|
10
|
+
*
|
|
11
|
+
* Traditional lint concerns (duplication, type safety) are excluded.
|
|
12
|
+
*
|
|
13
|
+
* @since 0.4.0
|
|
14
|
+
*/
|
|
15
|
+
// Detectors
|
|
16
|
+
export { HallucinatedImportDetector } from './hallucinated-import.js';
|
|
17
|
+
export { StaleAPIDetector } from './stale-api.js';
|
|
18
|
+
export { ContextCoherenceDetector } from './context-coherence.js';
|
|
19
|
+
export { OverEngineeringDetector } from './over-engineering.js';
|
|
20
|
+
export { SecurityPatternDetector } from './security-pattern.js';
|
|
21
|
+
import { HallucinatedImportDetector } from './hallucinated-import.js';
|
|
22
|
+
import { StaleAPIDetector } from './stale-api.js';
|
|
23
|
+
import { ContextCoherenceDetector } from './context-coherence.js';
|
|
24
|
+
import { OverEngineeringDetector } from './over-engineering.js';
|
|
25
|
+
import { SecurityPatternDetector } from './security-pattern.js';
|
|
26
|
+
/**
|
|
27
|
+
* Create all V4 detectors with default configuration.
|
|
28
|
+
*
|
|
29
|
+
* @returns Array of all V4 detector instances
|
|
30
|
+
*/
|
|
31
|
+
export function createV4Detectors() {
|
|
32
|
+
return [
|
|
33
|
+
new HallucinatedImportDetector(),
|
|
34
|
+
new StaleAPIDetector(),
|
|
35
|
+
new ContextCoherenceDetector(),
|
|
36
|
+
new OverEngineeringDetector(),
|
|
37
|
+
new SecurityPatternDetector(),
|
|
38
|
+
];
|
|
39
|
+
}
|
|
40
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/detectors/v4/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAUH,YAAY;AACZ,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AAClE,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAKhE,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AAClE,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAEhE;;;;GAIG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO;QACL,IAAI,0BAA0B,EAAE;QAChC,IAAI,gBAAgB,EAAE;QACtB,IAAI,wBAAwB,EAAE;QAC9B,IAAI,uBAAuB,EAAE;QAC7B,IAAI,uBAAuB,EAAE;KAC9B,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* OverEngineeringDetector — V4 detector for over-engineered AI-generated code.
|
|
3
|
+
*
|
|
4
|
+
* AI models love generating unnecessarily complex code: excessive abstraction,
|
|
5
|
+
* design pattern abuse, deep nesting, and bloated function signatures.
|
|
6
|
+
* This detector catches these patterns using CodeUnit complexity metrics.
|
|
7
|
+
*
|
|
8
|
+
* V4 improvements over V3:
|
|
9
|
+
* - Uses pre-computed ComplexityMetrics from CodeUnit IR
|
|
10
|
+
* - Configurable thresholds via DetectorContext
|
|
11
|
+
* - Structural analysis using definitions instead of regex
|
|
12
|
+
*
|
|
13
|
+
* @since 0.4.0
|
|
14
|
+
*/
|
|
15
|
+
import type { CodeUnit, SupportedLanguage } from '../../ir/types.js';
|
|
16
|
+
import type { V4Detector, DetectorResult, DetectorCategory, DetectorContext } from './types.js';
|
|
17
|
+
/** Configurable thresholds for over-engineering detection. */
|
|
18
|
+
export interface OverEngineeringThresholds {
|
|
19
|
+
maxParams: number;
|
|
20
|
+
maxNesting: number;
|
|
21
|
+
maxFunctionLOC: number;
|
|
22
|
+
maxCyclomaticComplexity: number;
|
|
23
|
+
}
|
|
24
|
+
export declare class OverEngineeringDetector implements V4Detector {
|
|
25
|
+
readonly id = "over-engineering";
|
|
26
|
+
readonly name = "Over-engineering Detector";
|
|
27
|
+
readonly category: DetectorCategory;
|
|
28
|
+
readonly supportedLanguages: SupportedLanguage[];
|
|
29
|
+
private readonly thresholds;
|
|
30
|
+
constructor(thresholds?: Partial<OverEngineeringThresholds>);
|
|
31
|
+
detect(units: CodeUnit[], context: DetectorContext): Promise<DetectorResult[]>;
|
|
32
|
+
/**
|
|
33
|
+
* Detect functions with too many parameters.
|
|
34
|
+
* AI models often generate functions with excessive parameters
|
|
35
|
+
* instead of using option objects or builders.
|
|
36
|
+
*/
|
|
37
|
+
private detectExcessiveParams;
|
|
38
|
+
/**
|
|
39
|
+
* Detect deeply nested code structures.
|
|
40
|
+
* AI-generated code often has excessive nesting from
|
|
41
|
+
* nested conditionals and callbacks.
|
|
42
|
+
*/
|
|
43
|
+
private detectDeepNesting;
|
|
44
|
+
/**
|
|
45
|
+
* Detect functions that are excessively long.
|
|
46
|
+
* AI models often generate monolithic functions instead of
|
|
47
|
+
* properly decomposed code.
|
|
48
|
+
*/
|
|
49
|
+
private detectLongFunctions;
|
|
50
|
+
/**
|
|
51
|
+
* Detect high cyclomatic complexity.
|
|
52
|
+
* AI models produce code with many branching paths that
|
|
53
|
+
* is difficult to understand and test.
|
|
54
|
+
*/
|
|
55
|
+
private detectHighComplexity;
|
|
56
|
+
/**
|
|
57
|
+
* Detect excessive abstraction patterns.
|
|
58
|
+
*
|
|
59
|
+
* AI models tend to over-architect solutions by creating:
|
|
60
|
+
* - Multiple single-method interfaces (unnecessary abstraction)
|
|
61
|
+
* - Abstract classes with single concrete implementations
|
|
62
|
+
*/
|
|
63
|
+
private detectExcessiveAbstraction;
|
|
64
|
+
/**
|
|
65
|
+
* Get effective thresholds, considering config overrides.
|
|
66
|
+
*/
|
|
67
|
+
private getEffectiveThresholds;
|
|
68
|
+
}
|
|
69
|
+
//# sourceMappingURL=over-engineering.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"over-engineering.d.ts","sourceRoot":"","sources":["../../../src/detectors/v4/over-engineering.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,KAAK,EAAE,UAAU,EAAE,cAAc,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAIhG,8DAA8D;AAC9D,MAAM,WAAW,yBAAyB;IACxC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,uBAAuB,EAAE,MAAM,CAAC;CACjC;AAWD,qBAAa,uBAAwB,YAAW,UAAU;IACxD,QAAQ,CAAC,EAAE,sBAAsB;IACjC,QAAQ,CAAC,IAAI,+BAA+B;IAC5C,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAoB;IACvD,QAAQ,CAAC,kBAAkB,EAAE,iBAAiB,EAAE,CAAM;IAEtD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAA4B;gBAE3C,UAAU,CAAC,EAAE,OAAO,CAAC,yBAAyB,CAAC;IAIrD,MAAM,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAwBpF;;;;OAIG;IACH,OAAO,CAAC,qBAAqB;IA+B7B;;;;OAIG;IACH,OAAO,CAAC,iBAAiB;IA8BzB;;;;OAIG;IACH,OAAO,CAAC,mBAAmB;IA8B3B;;;;OAIG;IACH,OAAO,CAAC,oBAAoB;IA8B5B;;;;;;OAMG;IACH,OAAO,CAAC,0BAA0B;IAoDlC;;OAEG;IACH,OAAO,CAAC,sBAAsB;CAW/B"}
|
|
@@ -0,0 +1,234 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* OverEngineeringDetector — V4 detector for over-engineered AI-generated code.
|
|
3
|
+
*
|
|
4
|
+
* AI models love generating unnecessarily complex code: excessive abstraction,
|
|
5
|
+
* design pattern abuse, deep nesting, and bloated function signatures.
|
|
6
|
+
* This detector catches these patterns using CodeUnit complexity metrics.
|
|
7
|
+
*
|
|
8
|
+
* V4 improvements over V3:
|
|
9
|
+
* - Uses pre-computed ComplexityMetrics from CodeUnit IR
|
|
10
|
+
* - Configurable thresholds via DetectorContext
|
|
11
|
+
* - Structural analysis using definitions instead of regex
|
|
12
|
+
*
|
|
13
|
+
* @since 0.4.0
|
|
14
|
+
*/
|
|
15
|
+
const DEFAULT_THRESHOLDS = {
|
|
16
|
+
maxParams: 5,
|
|
17
|
+
maxNesting: 4,
|
|
18
|
+
maxFunctionLOC: 100,
|
|
19
|
+
maxCyclomaticComplexity: 15,
|
|
20
|
+
};
|
|
21
|
+
// ─── Detector ──────────────────────────────────────────────────────
|
|
22
|
+
export class OverEngineeringDetector {
|
|
23
|
+
id = 'over-engineering';
|
|
24
|
+
name = 'Over-engineering Detector';
|
|
25
|
+
category = 'implementation';
|
|
26
|
+
supportedLanguages = [];
|
|
27
|
+
thresholds;
|
|
28
|
+
constructor(thresholds) {
|
|
29
|
+
this.thresholds = { ...DEFAULT_THRESHOLDS, ...thresholds };
|
|
30
|
+
}
|
|
31
|
+
async detect(units, context) {
|
|
32
|
+
const results = [];
|
|
33
|
+
// Apply config overrides if present
|
|
34
|
+
const thresholds = this.getEffectiveThresholds(context);
|
|
35
|
+
// Analysis 1: Excessive function parameters
|
|
36
|
+
this.detectExcessiveParams(units, thresholds, results);
|
|
37
|
+
// Analysis 2: Deep nesting
|
|
38
|
+
this.detectDeepNesting(units, thresholds, results);
|
|
39
|
+
// Analysis 3: Long functions
|
|
40
|
+
this.detectLongFunctions(units, thresholds, results);
|
|
41
|
+
// Analysis 4: High cyclomatic complexity
|
|
42
|
+
this.detectHighComplexity(units, thresholds, results);
|
|
43
|
+
// Analysis 5: Excessive abstraction (many single-method interfaces/classes)
|
|
44
|
+
this.detectExcessiveAbstraction(units, results);
|
|
45
|
+
return results;
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* Detect functions with too many parameters.
|
|
49
|
+
* AI models often generate functions with excessive parameters
|
|
50
|
+
* instead of using option objects or builders.
|
|
51
|
+
*/
|
|
52
|
+
detectExcessiveParams(units, thresholds, results) {
|
|
53
|
+
for (const unit of units) {
|
|
54
|
+
if (unit.kind !== 'function' && unit.kind !== 'method')
|
|
55
|
+
continue;
|
|
56
|
+
const paramCount = unit.complexity.parameterCount;
|
|
57
|
+
if (paramCount !== undefined && paramCount > thresholds.maxParams) {
|
|
58
|
+
results.push({
|
|
59
|
+
detectorId: this.id,
|
|
60
|
+
severity: 'warning',
|
|
61
|
+
category: this.category,
|
|
62
|
+
messageKey: 'over-engineering.excessive-params',
|
|
63
|
+
message: `Function has ${paramCount} parameters (max: ${thresholds.maxParams}). Consider using an options object or builder pattern.`,
|
|
64
|
+
file: unit.file,
|
|
65
|
+
line: unit.location.startLine + 1,
|
|
66
|
+
endLine: unit.location.endLine + 1,
|
|
67
|
+
confidence: 0.8,
|
|
68
|
+
metadata: {
|
|
69
|
+
paramCount,
|
|
70
|
+
threshold: thresholds.maxParams,
|
|
71
|
+
functionId: unit.id,
|
|
72
|
+
analysisType: 'excessive-params',
|
|
73
|
+
},
|
|
74
|
+
});
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
/**
|
|
79
|
+
* Detect deeply nested code structures.
|
|
80
|
+
* AI-generated code often has excessive nesting from
|
|
81
|
+
* nested conditionals and callbacks.
|
|
82
|
+
*/
|
|
83
|
+
detectDeepNesting(units, thresholds, results) {
|
|
84
|
+
for (const unit of units) {
|
|
85
|
+
if (unit.kind !== 'function' && unit.kind !== 'method')
|
|
86
|
+
continue;
|
|
87
|
+
if (unit.complexity.maxNestingDepth > thresholds.maxNesting) {
|
|
88
|
+
results.push({
|
|
89
|
+
detectorId: this.id,
|
|
90
|
+
severity: 'warning',
|
|
91
|
+
category: this.category,
|
|
92
|
+
messageKey: 'over-engineering.deep-nesting',
|
|
93
|
+
message: `Function has nesting depth of ${unit.complexity.maxNestingDepth} (max: ${thresholds.maxNesting}). Consider early returns or extracting helper functions.`,
|
|
94
|
+
file: unit.file,
|
|
95
|
+
line: unit.location.startLine + 1,
|
|
96
|
+
endLine: unit.location.endLine + 1,
|
|
97
|
+
confidence: 0.75,
|
|
98
|
+
metadata: {
|
|
99
|
+
nestingDepth: unit.complexity.maxNestingDepth,
|
|
100
|
+
threshold: thresholds.maxNesting,
|
|
101
|
+
functionId: unit.id,
|
|
102
|
+
analysisType: 'deep-nesting',
|
|
103
|
+
},
|
|
104
|
+
});
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
/**
|
|
109
|
+
* Detect functions that are excessively long.
|
|
110
|
+
* AI models often generate monolithic functions instead of
|
|
111
|
+
* properly decomposed code.
|
|
112
|
+
*/
|
|
113
|
+
detectLongFunctions(units, thresholds, results) {
|
|
114
|
+
for (const unit of units) {
|
|
115
|
+
if (unit.kind !== 'function' && unit.kind !== 'method')
|
|
116
|
+
continue;
|
|
117
|
+
if (unit.complexity.linesOfCode > thresholds.maxFunctionLOC) {
|
|
118
|
+
results.push({
|
|
119
|
+
detectorId: this.id,
|
|
120
|
+
severity: 'warning',
|
|
121
|
+
category: this.category,
|
|
122
|
+
messageKey: 'over-engineering.long-function',
|
|
123
|
+
message: `Function has ${unit.complexity.linesOfCode} lines of code (max: ${thresholds.maxFunctionLOC}). Consider breaking it into smaller functions.`,
|
|
124
|
+
file: unit.file,
|
|
125
|
+
line: unit.location.startLine + 1,
|
|
126
|
+
endLine: unit.location.endLine + 1,
|
|
127
|
+
confidence: 0.7,
|
|
128
|
+
metadata: {
|
|
129
|
+
linesOfCode: unit.complexity.linesOfCode,
|
|
130
|
+
threshold: thresholds.maxFunctionLOC,
|
|
131
|
+
functionId: unit.id,
|
|
132
|
+
analysisType: 'long-function',
|
|
133
|
+
},
|
|
134
|
+
});
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
}
|
|
138
|
+
/**
|
|
139
|
+
* Detect high cyclomatic complexity.
|
|
140
|
+
* AI models produce code with many branching paths that
|
|
141
|
+
* is difficult to understand and test.
|
|
142
|
+
*/
|
|
143
|
+
detectHighComplexity(units, thresholds, results) {
|
|
144
|
+
for (const unit of units) {
|
|
145
|
+
if (unit.kind !== 'function' && unit.kind !== 'method')
|
|
146
|
+
continue;
|
|
147
|
+
if (unit.complexity.cyclomaticComplexity > thresholds.maxCyclomaticComplexity) {
|
|
148
|
+
results.push({
|
|
149
|
+
detectorId: this.id,
|
|
150
|
+
severity: 'warning',
|
|
151
|
+
category: this.category,
|
|
152
|
+
messageKey: 'over-engineering.high-complexity',
|
|
153
|
+
message: `Function has cyclomatic complexity of ${unit.complexity.cyclomaticComplexity} (max: ${thresholds.maxCyclomaticComplexity}). Consider simplifying the logic.`,
|
|
154
|
+
file: unit.file,
|
|
155
|
+
line: unit.location.startLine + 1,
|
|
156
|
+
endLine: unit.location.endLine + 1,
|
|
157
|
+
confidence: 0.85,
|
|
158
|
+
metadata: {
|
|
159
|
+
cyclomaticComplexity: unit.complexity.cyclomaticComplexity,
|
|
160
|
+
threshold: thresholds.maxCyclomaticComplexity,
|
|
161
|
+
functionId: unit.id,
|
|
162
|
+
analysisType: 'high-complexity',
|
|
163
|
+
},
|
|
164
|
+
});
|
|
165
|
+
}
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
/**
|
|
169
|
+
* Detect excessive abstraction patterns.
|
|
170
|
+
*
|
|
171
|
+
* AI models tend to over-architect solutions by creating:
|
|
172
|
+
* - Multiple single-method interfaces (unnecessary abstraction)
|
|
173
|
+
* - Abstract classes with single concrete implementations
|
|
174
|
+
*/
|
|
175
|
+
detectExcessiveAbstraction(units, results) {
|
|
176
|
+
// Group by file to detect per-file patterns
|
|
177
|
+
const fileUnits = new Map();
|
|
178
|
+
for (const unit of units) {
|
|
179
|
+
if (!fileUnits.has(unit.file)) {
|
|
180
|
+
fileUnits.set(unit.file, []);
|
|
181
|
+
}
|
|
182
|
+
fileUnits.get(unit.file).push(unit);
|
|
183
|
+
}
|
|
184
|
+
for (const [file, fileUnitList] of fileUnits) {
|
|
185
|
+
// Count interfaces with single method definitions
|
|
186
|
+
let singleMethodInterfaces = 0;
|
|
187
|
+
const interfaceUnits = [];
|
|
188
|
+
for (const unit of fileUnitList) {
|
|
189
|
+
if (unit.kind !== 'class')
|
|
190
|
+
continue;
|
|
191
|
+
// Detect interfaces/types with only a single method
|
|
192
|
+
const methodDefs = unit.definitions.filter(d => d.kind === 'method');
|
|
193
|
+
const interfaceDefs = unit.definitions.filter(d => d.kind === 'interface');
|
|
194
|
+
// If this is an interface-like unit (has interface definitions) with very few methods
|
|
195
|
+
if (interfaceDefs.length > 0 && methodDefs.length === 1) {
|
|
196
|
+
singleMethodInterfaces++;
|
|
197
|
+
interfaceUnits.push(unit);
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
// Flag if there are many single-method interfaces in one file
|
|
201
|
+
if (singleMethodInterfaces >= 3) {
|
|
202
|
+
results.push({
|
|
203
|
+
detectorId: this.id,
|
|
204
|
+
severity: 'info',
|
|
205
|
+
category: this.category,
|
|
206
|
+
messageKey: 'over-engineering.excessive-abstraction',
|
|
207
|
+
message: `File contains ${singleMethodInterfaces} single-method interfaces. This may be over-engineered — consider consolidating or using function types.`,
|
|
208
|
+
file,
|
|
209
|
+
line: interfaceUnits[0]?.location.startLine + 1 || 1,
|
|
210
|
+
confidence: 0.6,
|
|
211
|
+
metadata: {
|
|
212
|
+
singleMethodInterfaces,
|
|
213
|
+
analysisType: 'excessive-abstraction',
|
|
214
|
+
},
|
|
215
|
+
});
|
|
216
|
+
}
|
|
217
|
+
}
|
|
218
|
+
}
|
|
219
|
+
/**
|
|
220
|
+
* Get effective thresholds, considering config overrides.
|
|
221
|
+
*/
|
|
222
|
+
getEffectiveThresholds(context) {
|
|
223
|
+
const config = context.config?.['over-engineering'];
|
|
224
|
+
if (!config)
|
|
225
|
+
return this.thresholds;
|
|
226
|
+
return {
|
|
227
|
+
maxParams: config.maxParams ?? this.thresholds.maxParams,
|
|
228
|
+
maxNesting: config.maxNesting ?? this.thresholds.maxNesting,
|
|
229
|
+
maxFunctionLOC: config.maxFunctionLOC ?? this.thresholds.maxFunctionLOC,
|
|
230
|
+
maxCyclomaticComplexity: config.maxCyclomaticComplexity ?? this.thresholds.maxCyclomaticComplexity,
|
|
231
|
+
};
|
|
232
|
+
}
|
|
233
|
+
}
|
|
234
|
+
//# sourceMappingURL=over-engineering.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"over-engineering.js","sourceRoot":"","sources":["../../../src/detectors/v4/over-engineering.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAeH,MAAM,kBAAkB,GAA8B;IACpD,SAAS,EAAE,CAAC;IACZ,UAAU,EAAE,CAAC;IACb,cAAc,EAAE,GAAG;IACnB,uBAAuB,EAAE,EAAE;CAC5B,CAAC;AAEF,sEAAsE;AAEtE,MAAM,OAAO,uBAAuB;IACzB,EAAE,GAAG,kBAAkB,CAAC;IACxB,IAAI,GAAG,2BAA2B,CAAC;IACnC,QAAQ,GAAqB,gBAAgB,CAAC;IAC9C,kBAAkB,GAAwB,EAAE,CAAC;IAErC,UAAU,CAA4B;IAEvD,YAAY,UAA+C;QACzD,IAAI,CAAC,UAAU,GAAG,EAAE,GAAG,kBAAkB,EAAE,GAAG,UAAU,EAAE,CAAC;IAC7D,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAiB,EAAE,OAAwB;QACtD,MAAM,OAAO,GAAqB,EAAE,CAAC;QAErC,oCAAoC;QACpC,MAAM,UAAU,GAAG,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAExD,4CAA4C;QAC5C,IAAI,CAAC,qBAAqB,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;QAEvD,2BAA2B;QAC3B,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;QAEnD,6BAA6B;QAC7B,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;QAErD,yCAAyC;QACzC,IAAI,CAAC,oBAAoB,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;QAEtD,4EAA4E;QAC5E,IAAI,CAAC,0BAA0B,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAEhD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACK,qBAAqB,CAC3B,KAAiB,EACjB,UAAqC,EACrC,OAAyB;QAEzB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ;gBAAE,SAAS;YAEjE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC;YAClD,IAAI,UAAU,KAAK,SAAS,IAAI,UAAU,GAAG,UAAU,CAAC,SAAS,EAAE,CAAC;gBAClE,OAAO,CAAC,IAAI,CAAC;oBACX,UAAU,EAAE,IAAI,CAAC,EAAE;oBACnB,QAAQ,EAAE,SAAS;oBACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,UAAU,EAAE,mCAAmC;oBAC/C,OAAO,EAAE,gBAAgB,UAAU,qBAAqB,UAAU,CAAC,SAAS,yDAAyD;oBACrI,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,SAAS,GAAG,CAAC;oBACjC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,OAAO,GAAG,CAAC;oBAClC,UAAU,EAAE,GAAG;oBACf,QAAQ,EAAE;wBACR,UAAU;wBACV,SAAS,EAAE,UAAU,CAAC,SAAS;wBAC/B,UAAU,EAAE,IAAI,CAAC,EAAE;wBACnB,YAAY,EAAE,kBAAkB;qBACjC;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,iBAAiB,CACvB,KAAiB,EACjB,UAAqC,EACrC,OAAyB;QAEzB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ;gBAAE,SAAS;YAEjE,IAAI,IAAI,CAAC,UAAU,CAAC,eAAe,GAAG,UAAU,CAAC,UAAU,EAAE,CAAC;gBAC5D,OAAO,CAAC,IAAI,CAAC;oBACX,UAAU,EAAE,IAAI,CAAC,EAAE;oBACnB,QAAQ,EAAE,SAAS;oBACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,UAAU,EAAE,+BAA+B;oBAC3C,OAAO,EAAE,iCAAiC,IAAI,CAAC,UAAU,CAAC,eAAe,UAAU,UAAU,CAAC,UAAU,2DAA2D;oBACnK,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,SAAS,GAAG,CAAC;oBACjC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,OAAO,GAAG,CAAC;oBAClC,UAAU,EAAE,IAAI;oBAChB,QAAQ,EAAE;wBACR,YAAY,EAAE,IAAI,CAAC,UAAU,CAAC,eAAe;wBAC7C,SAAS,EAAE,UAAU,CAAC,UAAU;wBAChC,UAAU,EAAE,IAAI,CAAC,EAAE;wBACnB,YAAY,EAAE,cAAc;qBAC7B;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,mBAAmB,CACzB,KAAiB,EACjB,UAAqC,EACrC,OAAyB;QAEzB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ;gBAAE,SAAS;YAEjE,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,GAAG,UAAU,CAAC,cAAc,EAAE,CAAC;gBAC5D,OAAO,CAAC,IAAI,CAAC;oBACX,UAAU,EAAE,IAAI,CAAC,EAAE;oBACnB,QAAQ,EAAE,SAAS;oBACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,UAAU,EAAE,gCAAgC;oBAC5C,OAAO,EAAE,gBAAgB,IAAI,CAAC,UAAU,CAAC,WAAW,wBAAwB,UAAU,CAAC,cAAc,iDAAiD;oBACtJ,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,SAAS,GAAG,CAAC;oBACjC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,OAAO,GAAG,CAAC;oBAClC,UAAU,EAAE,GAAG;oBACf,QAAQ,EAAE;wBACR,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,WAAW;wBACxC,SAAS,EAAE,UAAU,CAAC,cAAc;wBACpC,UAAU,EAAE,IAAI,CAAC,EAAE;wBACnB,YAAY,EAAE,eAAe;qBAC9B;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,oBAAoB,CAC1B,KAAiB,EACjB,UAAqC,EACrC,OAAyB;QAEzB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ;gBAAE,SAAS;YAEjE,IAAI,IAAI,CAAC,UAAU,CAAC,oBAAoB,GAAG,UAAU,CAAC,uBAAuB,EAAE,CAAC;gBAC9E,OAAO,CAAC,IAAI,CAAC;oBACX,UAAU,EAAE,IAAI,CAAC,EAAE;oBACnB,QAAQ,EAAE,SAAS;oBACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,UAAU,EAAE,kCAAkC;oBAC9C,OAAO,EAAE,yCAAyC,IAAI,CAAC,UAAU,CAAC,oBAAoB,UAAU,UAAU,CAAC,uBAAuB,oCAAoC;oBACtK,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,SAAS,GAAG,CAAC;oBACjC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,OAAO,GAAG,CAAC;oBAClC,UAAU,EAAE,IAAI;oBAChB,QAAQ,EAAE;wBACR,oBAAoB,EAAE,IAAI,CAAC,UAAU,CAAC,oBAAoB;wBAC1D,SAAS,EAAE,UAAU,CAAC,uBAAuB;wBAC7C,UAAU,EAAE,IAAI,CAAC,EAAE;wBACnB,YAAY,EAAE,iBAAiB;qBAChC;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACK,0BAA0B,CAChC,KAAiB,EACjB,OAAyB;QAEzB,4CAA4C;QAC5C,MAAM,SAAS,GAAG,IAAI,GAAG,EAAsB,CAAC;QAChD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9B,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC/B,CAAC;YACD,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvC,CAAC;QAED,KAAK,MAAM,CAAC,IAAI,EAAE,YAAY,CAAC,IAAI,SAAS,EAAE,CAAC;YAC7C,kDAAkD;YAClD,IAAI,sBAAsB,GAAG,CAAC,CAAC;YAC/B,MAAM,cAAc,GAAe,EAAE,CAAC;YAEtC,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;gBAChC,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO;oBAAE,SAAS;gBAEpC,oDAAoD;gBACpD,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;gBACrE,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC;gBAE3E,sFAAsF;gBACtF,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACxD,sBAAsB,EAAE,CAAC;oBACzB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC5B,CAAC;YACH,CAAC;YAED,8DAA8D;YAC9D,IAAI,sBAAsB,IAAI,CAAC,EAAE,CAAC;gBAChC,OAAO,CAAC,IAAI,CAAC;oBACX,UAAU,EAAE,IAAI,CAAC,EAAE;oBACnB,QAAQ,EAAE,MAAM;oBAChB,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,UAAU,EAAE,wCAAwC;oBACpD,OAAO,EAAE,iBAAiB,sBAAsB,0GAA0G;oBAC1J,IAAI;oBACJ,IAAI,EAAE,cAAc,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,SAAS,GAAG,CAAC,IAAI,CAAC;oBACpD,UAAU,EAAE,GAAG;oBACf,QAAQ,EAAE;wBACR,sBAAsB;wBACtB,YAAY,EAAE,uBAAuB;qBACtC;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,sBAAsB,CAAC,OAAwB;QACrD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,kBAAkB,CAAmD,CAAC;QACtG,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC,UAAU,CAAC;QAEpC,OAAO;YACL,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS;YACxD,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU;YAC3D,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,IAAI,CAAC,UAAU,CAAC,cAAc;YACvE,uBAAuB,EAAE,MAAM,CAAC,uBAAuB,IAAI,IAAI,CAAC,UAAU,CAAC,uBAAuB;SACnG,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* SecurityPatternDetector — V4 detector for security anti-patterns in AI-generated code.
|
|
3
|
+
*
|
|
4
|
+
* NOT a replacement for dedicated security scanners (Snyk, Semgrep).
|
|
5
|
+
* Focuses specifically on patterns AI commonly produces from training data:
|
|
6
|
+
* - Hardcoded secrets/tokens (example values from docs left in code)
|
|
7
|
+
* - Insecure defaults (HTTP instead of HTTPS, no TLS verification)
|
|
8
|
+
* - SQL injection from string concatenation
|
|
9
|
+
* - eval()/exec() usage
|
|
10
|
+
* - Weak cryptography (MD5, SHA1 for security purposes)
|
|
11
|
+
* - Hardcoded credentials
|
|
12
|
+
*
|
|
13
|
+
* V4 improvements over V3:
|
|
14
|
+
* - Operates on CodeUnit IR with language-aware patterns
|
|
15
|
+
* - Better context analysis (knows which calls are security-relevant)
|
|
16
|
+
* - Reduced false positives through source context analysis
|
|
17
|
+
*
|
|
18
|
+
* @since 0.4.0
|
|
19
|
+
*/
|
|
20
|
+
import type { CodeUnit, SupportedLanguage } from '../../ir/types.js';
|
|
21
|
+
import type { V4Detector, DetectorResult, DetectorCategory, DetectorContext } from './types.js';
|
|
22
|
+
/** Security pattern definition for detecting vulnerabilities in code. */
|
|
23
|
+
export interface SecurityPattern {
|
|
24
|
+
/** Unique ID for the pattern */
|
|
25
|
+
id: string;
|
|
26
|
+
/** Regex to match in source code */
|
|
27
|
+
pattern: RegExp;
|
|
28
|
+
/** Severity of the finding */
|
|
29
|
+
severity: 'error' | 'warning' | 'info';
|
|
30
|
+
/** Confidence level */
|
|
31
|
+
confidence: number;
|
|
32
|
+
/** Human-readable message */
|
|
33
|
+
message: string;
|
|
34
|
+
/** Languages this pattern applies to (empty = all) */
|
|
35
|
+
languages: SupportedLanguage[];
|
|
36
|
+
/** Additional context patterns that should NOT be present to trigger this finding */
|
|
37
|
+
excludeContextPatterns?: RegExp[];
|
|
38
|
+
}
|
|
39
|
+
export declare class SecurityPatternDetector implements V4Detector {
|
|
40
|
+
readonly id = "security-pattern";
|
|
41
|
+
readonly name = "Security Pattern Detector";
|
|
42
|
+
readonly category: DetectorCategory;
|
|
43
|
+
readonly supportedLanguages: SupportedLanguage[];
|
|
44
|
+
detect(units: CodeUnit[], context: DetectorContext): Promise<DetectorResult[]>;
|
|
45
|
+
}
|
|
46
|
+
//# sourceMappingURL=security-pattern.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-pattern.d.ts","sourceRoot":"","sources":["../../../src/detectors/v4/security-pattern.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,KAAK,EAAE,UAAU,EAAE,cAAc,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAIhG,yEAAyE;AACzE,MAAM,WAAW,eAAe;IAC9B,gCAAgC;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,oCAAoC;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,QAAQ,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;IACvC,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,sDAAsD;IACtD,SAAS,EAAE,iBAAiB,EAAE,CAAC;IAC/B,qFAAqF;IACrF,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;CACnC;AA0KD,qBAAa,uBAAwB,YAAW,UAAU;IACxD,QAAQ,CAAC,EAAE,sBAAsB;IACjC,QAAQ,CAAC,IAAI,+BAA+B;IAC5C,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAoB;IACvD,QAAQ,CAAC,kBAAkB,EAAE,iBAAiB,EAAE,CAAM;IAEhD,MAAM,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;CA4DrF"}
|
|
@@ -0,0 +1,233 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* SecurityPatternDetector — V4 detector for security anti-patterns in AI-generated code.
|
|
3
|
+
*
|
|
4
|
+
* NOT a replacement for dedicated security scanners (Snyk, Semgrep).
|
|
5
|
+
* Focuses specifically on patterns AI commonly produces from training data:
|
|
6
|
+
* - Hardcoded secrets/tokens (example values from docs left in code)
|
|
7
|
+
* - Insecure defaults (HTTP instead of HTTPS, no TLS verification)
|
|
8
|
+
* - SQL injection from string concatenation
|
|
9
|
+
* - eval()/exec() usage
|
|
10
|
+
* - Weak cryptography (MD5, SHA1 for security purposes)
|
|
11
|
+
* - Hardcoded credentials
|
|
12
|
+
*
|
|
13
|
+
* V4 improvements over V3:
|
|
14
|
+
* - Operates on CodeUnit IR with language-aware patterns
|
|
15
|
+
* - Better context analysis (knows which calls are security-relevant)
|
|
16
|
+
* - Reduced false positives through source context analysis
|
|
17
|
+
*
|
|
18
|
+
* @since 0.4.0
|
|
19
|
+
*/
|
|
20
|
+
// ─── Security Patterns ─────────────────────────────────────────────
|
|
21
|
+
const SECURITY_PATTERNS = [
|
|
22
|
+
// ── Hardcoded Secrets ──────────────────────────────────────────
|
|
23
|
+
{
|
|
24
|
+
id: 'hardcoded-api-key',
|
|
25
|
+
pattern: /(?:api[_-]?key|apikey|api[_-]?secret|api[_-]?token)\s*[:=]\s*['"][A-Za-z0-9_\-]{16,}['"]/i,
|
|
26
|
+
severity: 'error',
|
|
27
|
+
confidence: 0.85,
|
|
28
|
+
message: 'Possible hardcoded API key detected. Use environment variables or a secrets manager instead.',
|
|
29
|
+
languages: [],
|
|
30
|
+
},
|
|
31
|
+
{
|
|
32
|
+
id: 'hardcoded-password',
|
|
33
|
+
pattern: /(?:password|passwd|pwd|secret)\s*[:=]\s*['"][^'"]{4,}['"]/i,
|
|
34
|
+
severity: 'error',
|
|
35
|
+
confidence: 0.8,
|
|
36
|
+
message: 'Possible hardcoded password detected. Use environment variables or a secrets manager instead.',
|
|
37
|
+
languages: [],
|
|
38
|
+
excludeContextPatterns: [
|
|
39
|
+
/(?:example|sample|test|mock|dummy|placeholder|todo|fixme|xxx)/i,
|
|
40
|
+
],
|
|
41
|
+
},
|
|
42
|
+
{
|
|
43
|
+
id: 'hardcoded-token',
|
|
44
|
+
pattern: /(?:auth[_-]?token|access[_-]?token|bearer[_-]?token|jwt[_-]?secret)\s*[:=]\s*['"][A-Za-z0-9_.\-]{16,}['"]/i,
|
|
45
|
+
severity: 'error',
|
|
46
|
+
confidence: 0.85,
|
|
47
|
+
message: 'Possible hardcoded authentication token detected. Use environment variables instead.',
|
|
48
|
+
languages: [],
|
|
49
|
+
},
|
|
50
|
+
{
|
|
51
|
+
id: 'aws-access-key',
|
|
52
|
+
pattern: /(?:AKIA|ABIA|ACCA|ASIA)[A-Z0-9]{16}/,
|
|
53
|
+
severity: 'error',
|
|
54
|
+
confidence: 0.95,
|
|
55
|
+
message: 'Possible AWS access key ID detected. Rotate immediately and use IAM roles or environment variables.',
|
|
56
|
+
languages: [],
|
|
57
|
+
},
|
|
58
|
+
{
|
|
59
|
+
id: 'private-key',
|
|
60
|
+
pattern: /-----BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY-----/,
|
|
61
|
+
severity: 'error',
|
|
62
|
+
confidence: 0.95,
|
|
63
|
+
message: 'Private key embedded in source code. Store in a secure vault or secrets manager.',
|
|
64
|
+
languages: [],
|
|
65
|
+
},
|
|
66
|
+
// ── Dangerous Functions ────────────────────────────────────────
|
|
67
|
+
{
|
|
68
|
+
id: 'eval-usage-js',
|
|
69
|
+
pattern: /\beval\s*\(/,
|
|
70
|
+
severity: 'error',
|
|
71
|
+
confidence: 0.9,
|
|
72
|
+
message: 'eval() usage detected. This enables code injection attacks. Use safer alternatives like JSON.parse() or a sandboxed evaluator.',
|
|
73
|
+
languages: ['typescript', 'javascript'],
|
|
74
|
+
},
|
|
75
|
+
{
|
|
76
|
+
id: 'eval-usage-python',
|
|
77
|
+
pattern: /\beval\s*\(/,
|
|
78
|
+
severity: 'error',
|
|
79
|
+
confidence: 0.9,
|
|
80
|
+
message: 'eval() usage detected. This enables code injection attacks. Use ast.literal_eval() or safer alternatives.',
|
|
81
|
+
languages: ['python'],
|
|
82
|
+
},
|
|
83
|
+
{
|
|
84
|
+
id: 'exec-usage-python',
|
|
85
|
+
pattern: /\bexec\s*\(/,
|
|
86
|
+
severity: 'error',
|
|
87
|
+
confidence: 0.85,
|
|
88
|
+
message: 'exec() usage detected. This enables arbitrary code execution. Consider safer alternatives.',
|
|
89
|
+
languages: ['python'],
|
|
90
|
+
},
|
|
91
|
+
{
|
|
92
|
+
id: 'new-function-js',
|
|
93
|
+
pattern: /\bnew\s+Function\s*\(/,
|
|
94
|
+
severity: 'warning',
|
|
95
|
+
confidence: 0.85,
|
|
96
|
+
message: 'new Function() is similar to eval() and can enable code injection. Use safer alternatives.',
|
|
97
|
+
languages: ['typescript', 'javascript'],
|
|
98
|
+
},
|
|
99
|
+
// ── SQL Injection ──────────────────────────────────────────────
|
|
100
|
+
{
|
|
101
|
+
id: 'sql-string-concat',
|
|
102
|
+
pattern: /(?:SELECT|INSERT|UPDATE|DELETE|DROP)\s+.*?\+\s*(?:req\.|request\.|params\.|query\.|body\.|input|user)/i,
|
|
103
|
+
severity: 'error',
|
|
104
|
+
confidence: 0.8,
|
|
105
|
+
message: 'SQL query with string concatenation from user input detected. Use parameterized queries to prevent SQL injection.',
|
|
106
|
+
languages: ['typescript', 'javascript', 'java', 'kotlin', 'python'],
|
|
107
|
+
},
|
|
108
|
+
{
|
|
109
|
+
id: 'sql-template-literal',
|
|
110
|
+
pattern: /(?:SELECT|INSERT|UPDATE|DELETE|DROP)\s+.*?\$\{.*?(?:req|request|params|query|body|input|user)/i,
|
|
111
|
+
severity: 'error',
|
|
112
|
+
confidence: 0.85,
|
|
113
|
+
message: 'SQL query using template literals with user input detected. Use parameterized queries to prevent SQL injection.',
|
|
114
|
+
languages: ['typescript', 'javascript'],
|
|
115
|
+
},
|
|
116
|
+
{
|
|
117
|
+
id: 'sql-f-string-python',
|
|
118
|
+
pattern: /f['"](?:SELECT|INSERT|UPDATE|DELETE|DROP)\s+.*?\{.*?(?:request|params|query|body|input|user)/i,
|
|
119
|
+
severity: 'error',
|
|
120
|
+
confidence: 0.85,
|
|
121
|
+
message: 'SQL query using f-string with user input detected. Use parameterized queries to prevent SQL injection.',
|
|
122
|
+
languages: ['python'],
|
|
123
|
+
},
|
|
124
|
+
// ── Weak Cryptography ──────────────────────────────────────────
|
|
125
|
+
{
|
|
126
|
+
id: 'weak-hash-md5',
|
|
127
|
+
pattern: /\b(?:md5|MD5|createHash\s*\(\s*['"]md5['"]|hashlib\.md5|MessageDigest\.getInstance\s*\(\s*['"]MD5['"])\b/,
|
|
128
|
+
severity: 'warning',
|
|
129
|
+
confidence: 0.75,
|
|
130
|
+
message: 'MD5 is cryptographically broken. Use SHA-256 or better for security purposes. (OK for checksums/non-security uses.)',
|
|
131
|
+
languages: [],
|
|
132
|
+
},
|
|
133
|
+
{
|
|
134
|
+
id: 'weak-hash-sha1',
|
|
135
|
+
pattern: /\b(?:sha1|SHA1|createHash\s*\(\s*['"]sha1['"]|hashlib\.sha1|MessageDigest\.getInstance\s*\(\s*['"]SHA-?1['"])\b/,
|
|
136
|
+
severity: 'warning',
|
|
137
|
+
confidence: 0.7,
|
|
138
|
+
message: 'SHA-1 is cryptographically weak. Use SHA-256 or better for security purposes. (OK for checksums/non-security uses.)',
|
|
139
|
+
languages: [],
|
|
140
|
+
},
|
|
141
|
+
{
|
|
142
|
+
id: 'weak-random',
|
|
143
|
+
pattern: /\bMath\.random\s*\(\)/,
|
|
144
|
+
severity: 'warning',
|
|
145
|
+
confidence: 0.7,
|
|
146
|
+
message: 'Math.random() is not cryptographically secure. Use crypto.randomUUID() or crypto.getRandomValues() for security-sensitive operations.',
|
|
147
|
+
languages: ['typescript', 'javascript'],
|
|
148
|
+
},
|
|
149
|
+
// ── Insecure Defaults ──────────────────────────────────────────
|
|
150
|
+
{
|
|
151
|
+
id: 'tls-verify-disabled',
|
|
152
|
+
pattern: /(?:rejectUnauthorized\s*:\s*false|NODE_TLS_REJECT_UNAUTHORIZED\s*=\s*['"]?0|verify\s*=\s*False|InsecureSkipVerify\s*:\s*true)/i,
|
|
153
|
+
severity: 'error',
|
|
154
|
+
confidence: 0.9,
|
|
155
|
+
message: 'TLS certificate verification is disabled. This enables man-in-the-middle attacks.',
|
|
156
|
+
languages: [],
|
|
157
|
+
},
|
|
158
|
+
{
|
|
159
|
+
id: 'cors-wildcard',
|
|
160
|
+
pattern: /(?:Access-Control-Allow-Origin['"]\s*[:=]\s*['"]\*|cors\(\s*\)|allowedOrigins\s*\(\s*['"]\*['"])/i,
|
|
161
|
+
severity: 'warning',
|
|
162
|
+
confidence: 0.7,
|
|
163
|
+
message: 'CORS is configured with wildcard origin. Restrict to specific trusted domains.',
|
|
164
|
+
languages: [],
|
|
165
|
+
},
|
|
166
|
+
{
|
|
167
|
+
id: 'http-no-tls',
|
|
168
|
+
pattern: /['"]http:\/\/(?!localhost|127\.0\.0\.1|0\.0\.0\.0)/,
|
|
169
|
+
severity: 'info',
|
|
170
|
+
confidence: 0.5,
|
|
171
|
+
message: 'HTTP URL detected (not HTTPS). Consider using HTTPS for production endpoints.',
|
|
172
|
+
languages: [],
|
|
173
|
+
},
|
|
174
|
+
];
|
|
175
|
+
// ─── Detector ──────────────────────────────────────────────────────
|
|
176
|
+
export class SecurityPatternDetector {
|
|
177
|
+
id = 'security-pattern';
|
|
178
|
+
name = 'Security Pattern Detector';
|
|
179
|
+
category = 'implementation';
|
|
180
|
+
supportedLanguages = [];
|
|
181
|
+
async detect(units, context) {
|
|
182
|
+
const results = [];
|
|
183
|
+
for (const unit of units) {
|
|
184
|
+
// Skip non-source units (module-level containers without source)
|
|
185
|
+
if (!unit.source || unit.source.trim().length === 0)
|
|
186
|
+
continue;
|
|
187
|
+
// Get applicable patterns for this language
|
|
188
|
+
const applicablePatterns = SECURITY_PATTERNS.filter(p => p.languages.length === 0 || p.languages.includes(unit.language));
|
|
189
|
+
const lines = unit.source.split('\n');
|
|
190
|
+
for (let i = 0; i < lines.length; i++) {
|
|
191
|
+
const line = lines[i];
|
|
192
|
+
// Skip comments (simple heuristic)
|
|
193
|
+
const trimmed = line.trim();
|
|
194
|
+
if (trimmed.startsWith('//') || trimmed.startsWith('#') || trimmed.startsWith('*')) {
|
|
195
|
+
continue;
|
|
196
|
+
}
|
|
197
|
+
for (const pattern of applicablePatterns) {
|
|
198
|
+
// Reset regex lastIndex (patterns might be reused)
|
|
199
|
+
pattern.pattern.lastIndex = 0;
|
|
200
|
+
if (pattern.pattern.test(line)) {
|
|
201
|
+
// Check exclude context patterns
|
|
202
|
+
if (pattern.excludeContextPatterns) {
|
|
203
|
+
const excluded = pattern.excludeContextPatterns.some(ep => {
|
|
204
|
+
ep.lastIndex = 0;
|
|
205
|
+
return ep.test(line);
|
|
206
|
+
});
|
|
207
|
+
if (excluded)
|
|
208
|
+
continue;
|
|
209
|
+
}
|
|
210
|
+
const absoluteLine = unit.location.startLine + i;
|
|
211
|
+
results.push({
|
|
212
|
+
detectorId: this.id,
|
|
213
|
+
severity: pattern.severity,
|
|
214
|
+
category: this.category,
|
|
215
|
+
messageKey: `security-pattern.${pattern.id}`,
|
|
216
|
+
message: pattern.message,
|
|
217
|
+
file: unit.file,
|
|
218
|
+
line: absoluteLine + 1, // 0-based to 1-based
|
|
219
|
+
confidence: pattern.confidence,
|
|
220
|
+
metadata: {
|
|
221
|
+
patternId: pattern.id,
|
|
222
|
+
language: unit.language,
|
|
223
|
+
matchedLine: line.trim().substring(0, 100), // Truncate for safety
|
|
224
|
+
},
|
|
225
|
+
});
|
|
226
|
+
}
|
|
227
|
+
}
|
|
228
|
+
}
|
|
229
|
+
}
|
|
230
|
+
return results;
|
|
231
|
+
}
|
|
232
|
+
}
|
|
233
|
+
//# sourceMappingURL=security-pattern.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-pattern.js","sourceRoot":"","sources":["../../../src/detectors/v4/security-pattern.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAyBH,sEAAsE;AAEtE,MAAM,iBAAiB,GAAsB;IAC3C,kEAAkE;IAElE;QACE,EAAE,EAAE,mBAAmB;QACvB,OAAO,EAAE,2FAA2F;QACpG,QAAQ,EAAE,OAAO;QACjB,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,8FAA8F;QACvG,SAAS,EAAE,EAAE;KACd;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,OAAO,EAAE,4DAA4D;QACrE,QAAQ,EAAE,OAAO;QACjB,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,+FAA+F;QACxG,SAAS,EAAE,EAAE;QACb,sBAAsB,EAAE;YACtB,gEAAgE;SACjE;KACF;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,OAAO,EAAE,4GAA4G;QACrH,QAAQ,EAAE,OAAO;QACjB,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,sFAAsF;QAC/F,SAAS,EAAE,EAAE;KACd;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,OAAO,EAAE,qCAAqC;QAC9C,QAAQ,EAAE,OAAO;QACjB,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,qGAAqG;QAC9G,SAAS,EAAE,EAAE;KACd;IACD;QACE,EAAE,EAAE,aAAa;QACjB,OAAO,EAAE,4CAA4C;QACrD,QAAQ,EAAE,OAAO;QACjB,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,kFAAkF;QAC3F,SAAS,EAAE,EAAE;KACd;IAED,kEAAkE;IAElE;QACE,EAAE,EAAE,eAAe;QACnB,OAAO,EAAE,aAAa;QACtB,QAAQ,EAAE,OAAO;QACjB,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,gIAAgI;QACzI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;KACxC;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,OAAO,EAAE,aAAa;QACtB,QAAQ,EAAE,OAAO;QACjB,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,2GAA2G;QACpH,SAAS,EAAE,CAAC,QAAQ,CAAC;KACtB;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,OAAO,EAAE,aAAa;QACtB,QAAQ,EAAE,OAAO;QACjB,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,4FAA4F;QACrG,SAAS,EAAE,CAAC,QAAQ,CAAC;KACtB;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,OAAO,EAAE,uBAAuB;QAChC,QAAQ,EAAE,SAAS;QACnB,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,4FAA4F;QACrG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;KACxC;IAED,kEAAkE;IAElE;QACE,EAAE,EAAE,mBAAmB;QACvB,OAAO,EAAE,wGAAwG;QACjH,QAAQ,EAAE,OAAO;QACjB,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,mHAAmH;QAC5H,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC;KACpE;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,OAAO,EAAE,gGAAgG;QACzG,QAAQ,EAAE,OAAO;QACjB,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,iHAAiH;QAC1H,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;KACxC;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,OAAO,EAAE,+FAA+F;QACxG,QAAQ,EAAE,OAAO;QACjB,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,wGAAwG;QACjH,SAAS,EAAE,CAAC,QAAQ,CAAC;KACtB;IAED,kEAAkE;IAElE;QACE,EAAE,EAAE,eAAe;QACnB,OAAO,EAAE,0GAA0G;QACnH,QAAQ,EAAE,SAAS;QACnB,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,qHAAqH;QAC9H,SAAS,EAAE,EAAE;KACd;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,OAAO,EAAE,iHAAiH;QAC1H,QAAQ,EAAE,SAAS;QACnB,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,qHAAqH;QAC9H,SAAS,EAAE,EAAE;KACd;IACD;QACE,EAAE,EAAE,aAAa;QACjB,OAAO,EAAE,uBAAuB;QAChC,QAAQ,EAAE,SAAS;QACnB,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,uIAAuI;QAChJ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;KACxC;IAED,kEAAkE;IAElE;QACE,EAAE,EAAE,qBAAqB;QACzB,OAAO,EAAE,gIAAgI;QACzI,QAAQ,EAAE,OAAO;QACjB,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,mFAAmF;QAC5F,SAAS,EAAE,EAAE;KACd;IACD;QACE,EAAE,EAAE,eAAe;QACnB,OAAO,EAAE,mGAAmG;QAC5G,QAAQ,EAAE,SAAS;QACnB,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,gFAAgF;QACzF,SAAS,EAAE,EAAE;KACd;IACD;QACE,EAAE,EAAE,aAAa;QACjB,OAAO,EAAE,oDAAoD;QAC7D,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,+EAA+E;QACxF,SAAS,EAAE,EAAE;KACd;CACF,CAAC;AAEF,sEAAsE;AAEtE,MAAM,OAAO,uBAAuB;IACzB,EAAE,GAAG,kBAAkB,CAAC;IACxB,IAAI,GAAG,2BAA2B,CAAC;IACnC,QAAQ,GAAqB,gBAAgB,CAAC;IAC9C,kBAAkB,GAAwB,EAAE,CAAC;IAEtD,KAAK,CAAC,MAAM,CAAC,KAAiB,EAAE,OAAwB;QACtD,MAAM,OAAO,GAAqB,EAAE,CAAC;QAErC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,iEAAiE;YACjE,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAE9D,4CAA4C;YAC5C,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,MAAM,CACjD,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CACrE,CAAC;YAEF,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAEtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,mCAAmC;gBACnC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBACnF,SAAS;gBACX,CAAC;gBAED,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;oBACzC,mDAAmD;oBACnD,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;oBAE9B,IAAI,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC/B,iCAAiC;wBACjC,IAAI,OAAO,CAAC,sBAAsB,EAAE,CAAC;4BACnC,MAAM,QAAQ,GAAG,OAAO,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE;gCACxD,EAAE,CAAC,SAAS,GAAG,CAAC,CAAC;gCACjB,OAAO,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;4BACvB,CAAC,CAAC,CAAC;4BACH,IAAI,QAAQ;gCAAE,SAAS;wBACzB,CAAC;wBAED,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,GAAG,CAAC,CAAC;wBAEjD,OAAO,CAAC,IAAI,CAAC;4BACX,UAAU,EAAE,IAAI,CAAC,EAAE;4BACnB,QAAQ,EAAE,OAAO,CAAC,QAAQ;4BAC1B,QAAQ,EAAE,IAAI,CAAC,QAAQ;4BACvB,UAAU,EAAE,oBAAoB,OAAO,CAAC,EAAE,EAAE;4BAC5C,OAAO,EAAE,OAAO,CAAC,OAAO;4BACxB,IAAI,EAAE,IAAI,CAAC,IAAI;4BACf,IAAI,EAAE,YAAY,GAAG,CAAC,EAAE,qBAAqB;4BAC7C,UAAU,EAAE,OAAO,CAAC,UAAU;4BAC9B,QAAQ,EAAE;gCACR,SAAS,EAAE,OAAO,CAAC,EAAE;gCACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gCACvB,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,sBAAsB;6BACnE;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF"}
|