@opensip-cli/checks-typescript 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +202 -0
- package/NOTICE +8 -0
- package/README.md +31 -0
- package/dist/__tests__/all-checks-execute.test.d.ts +12 -0
- package/dist/__tests__/all-checks-execute.test.d.ts.map +1 -0
- package/dist/__tests__/all-checks-execute.test.js +846 -0
- package/dist/__tests__/all-checks-execute.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-2.test.d.ts +9 -0
- package/dist/__tests__/behavior-fixtures-2.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-2.test.js +625 -0
- package/dist/__tests__/behavior-fixtures-2.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-3.test.d.ts +7 -0
- package/dist/__tests__/behavior-fixtures-3.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-3.test.js +658 -0
- package/dist/__tests__/behavior-fixtures-3.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-4.test.d.ts +8 -0
- package/dist/__tests__/behavior-fixtures-4.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-4.test.js +590 -0
- package/dist/__tests__/behavior-fixtures-4.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-5.test.d.ts +7 -0
- package/dist/__tests__/behavior-fixtures-5.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-5.test.js +548 -0
- package/dist/__tests__/behavior-fixtures-5.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-6.test.d.ts +18 -0
- package/dist/__tests__/behavior-fixtures-6.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-6.test.js +1700 -0
- package/dist/__tests__/behavior-fixtures-6.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures.test.d.ts +10 -0
- package/dist/__tests__/behavior-fixtures.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures.test.js +812 -0
- package/dist/__tests__/behavior-fixtures.test.js.map +1 -0
- package/dist/__tests__/branch-fixtures-2.test.d.ts +6 -0
- package/dist/__tests__/branch-fixtures-2.test.d.ts.map +1 -0
- package/dist/__tests__/branch-fixtures-2.test.js +1369 -0
- package/dist/__tests__/branch-fixtures-2.test.js.map +1 -0
- package/dist/__tests__/branch-fixtures-3.test.d.ts +7 -0
- package/dist/__tests__/branch-fixtures-3.test.d.ts.map +1 -0
- package/dist/__tests__/branch-fixtures-3.test.js +877 -0
- package/dist/__tests__/branch-fixtures-3.test.js.map +1 -0
- package/dist/__tests__/branch-fixtures.test.d.ts +6 -0
- package/dist/__tests__/branch-fixtures.test.d.ts.map +1 -0
- package/dist/__tests__/branch-fixtures.test.js +1072 -0
- package/dist/__tests__/branch-fixtures.test.js.map +1 -0
- package/dist/__tests__/checks.test.d.ts +2 -0
- package/dist/__tests__/checks.test.d.ts.map +1 -0
- package/dist/__tests__/checks.test.js +39 -0
- package/dist/__tests__/checks.test.js.map +1 -0
- package/dist/__tests__/fixture-coverage.allowlist.d.ts +19 -0
- package/dist/__tests__/fixture-coverage.allowlist.d.ts.map +1 -0
- package/dist/__tests__/fixture-coverage.allowlist.js +27 -0
- package/dist/__tests__/fixture-coverage.allowlist.js.map +1 -0
- package/dist/__tests__/fixture-coverage.test.d.ts +13 -0
- package/dist/__tests__/fixture-coverage.test.d.ts.map +1 -0
- package/dist/__tests__/fixture-coverage.test.js +57 -0
- package/dist/__tests__/fixture-coverage.test.js.map +1 -0
- package/dist/__tests__/no-bootstrap-tool-import.test.d.ts +2 -0
- package/dist/__tests__/no-bootstrap-tool-import.test.d.ts.map +1 -0
- package/dist/__tests__/no-bootstrap-tool-import.test.js +75 -0
- package/dist/__tests__/no-bootstrap-tool-import.test.js.map +1 -0
- package/dist/__tests__/phantom-dependency-detection.test.d.ts +12 -0
- package/dist/__tests__/phantom-dependency-detection.test.d.ts.map +1 -0
- package/dist/__tests__/phantom-dependency-detection.test.js +112 -0
- package/dist/__tests__/phantom-dependency-detection.test.js.map +1 -0
- package/dist/__tests__/typescript-frontend.test.d.ts +8 -0
- package/dist/__tests__/typescript-frontend.test.d.ts.map +1 -0
- package/dist/__tests__/typescript-frontend.test.js +57 -0
- package/dist/__tests__/typescript-frontend.test.js.map +1 -0
- package/dist/checks/architecture/circular-import-detection.d.ts +14 -0
- package/dist/checks/architecture/circular-import-detection.d.ts.map +1 -0
- package/dist/checks/architecture/circular-import-detection.js +55 -0
- package/dist/checks/architecture/circular-import-detection.js.map +1 -0
- package/dist/checks/architecture/contracts-schema-consistency.d.ts +11 -0
- package/dist/checks/architecture/contracts-schema-consistency.d.ts.map +1 -0
- package/dist/checks/architecture/contracts-schema-consistency.js +75 -0
- package/dist/checks/architecture/contracts-schema-consistency.js.map +1 -0
- package/dist/checks/architecture/drizzle-orm-migration-guardrails.d.ts +12 -0
- package/dist/checks/architecture/drizzle-orm-migration-guardrails.d.ts.map +1 -0
- package/dist/checks/architecture/drizzle-orm-migration-guardrails.js +92 -0
- package/dist/checks/architecture/drizzle-orm-migration-guardrails.js.map +1 -0
- package/dist/checks/architecture/index.d.ts +10 -0
- package/dist/checks/architecture/index.d.ts.map +1 -0
- package/dist/checks/architecture/index.js +10 -0
- package/dist/checks/architecture/index.js.map +1 -0
- package/dist/checks/architecture/missing-type-exports.d.ts +13 -0
- package/dist/checks/architecture/missing-type-exports.d.ts.map +1 -0
- package/dist/checks/architecture/missing-type-exports.js +245 -0
- package/dist/checks/architecture/missing-type-exports.js.map +1 -0
- package/dist/checks/architecture/module-coupling-fan-out.d.ts +20 -0
- package/dist/checks/architecture/module-coupling-fan-out.d.ts.map +1 -0
- package/dist/checks/architecture/module-coupling-fan-out.js +120 -0
- package/dist/checks/architecture/module-coupling-fan-out.js.map +1 -0
- package/dist/checks/architecture/no-bootstrap-tool-import.d.ts +38 -0
- package/dist/checks/architecture/no-bootstrap-tool-import.d.ts.map +1 -0
- package/dist/checks/architecture/no-bootstrap-tool-import.js +95 -0
- package/dist/checks/architecture/no-bootstrap-tool-import.js.map +1 -0
- package/dist/checks/architecture/package-json-exports-field.d.ts +10 -0
- package/dist/checks/architecture/package-json-exports-field.d.ts.map +1 -0
- package/dist/checks/architecture/package-json-exports-field.js +56 -0
- package/dist/checks/architecture/package-json-exports-field.js.map +1 -0
- package/dist/checks/architecture/phantom-dependency-detection.d.ts +22 -0
- package/dist/checks/architecture/phantom-dependency-detection.d.ts.map +1 -0
- package/dist/checks/architecture/phantom-dependency-detection.js +330 -0
- package/dist/checks/architecture/phantom-dependency-detection.js.map +1 -0
- package/dist/checks/architecture/tsconfig-extends-validation.d.ts +10 -0
- package/dist/checks/architecture/tsconfig-extends-validation.d.ts.map +1 -0
- package/dist/checks/architecture/tsconfig-extends-validation.js +78 -0
- package/dist/checks/architecture/tsconfig-extends-validation.js.map +1 -0
- package/dist/checks/index.d.ts +6 -0
- package/dist/checks/index.d.ts.map +1 -0
- package/dist/checks/index.js +6 -0
- package/dist/checks/index.js.map +1 -0
- package/dist/checks/quality/api/api-contract-validation.d.ts +15 -0
- package/dist/checks/quality/api/api-contract-validation.d.ts.map +1 -0
- package/dist/checks/quality/api/api-contract-validation.js +316 -0
- package/dist/checks/quality/api/api-contract-validation.js.map +1 -0
- package/dist/checks/quality/api/api-response-validation.d.ts +14 -0
- package/dist/checks/quality/api/api-response-validation.d.ts.map +1 -0
- package/dist/checks/quality/api/api-response-validation.js +209 -0
- package/dist/checks/quality/api/api-response-validation.js.map +1 -0
- package/dist/checks/quality/api/fastify-route-validation.d.ts +14 -0
- package/dist/checks/quality/api/fastify-route-validation.d.ts.map +1 -0
- package/dist/checks/quality/api/fastify-route-validation.js +298 -0
- package/dist/checks/quality/api/fastify-route-validation.js.map +1 -0
- package/dist/checks/quality/api/fastify-schema-coverage.d.ts +11 -0
- package/dist/checks/quality/api/fastify-schema-coverage.d.ts.map +1 -0
- package/dist/checks/quality/api/fastify-schema-coverage.js +261 -0
- package/dist/checks/quality/api/fastify-schema-coverage.js.map +1 -0
- package/dist/checks/quality/api/index.d.ts +5 -0
- package/dist/checks/quality/api/index.d.ts.map +1 -0
- package/dist/checks/quality/api/index.js +5 -0
- package/dist/checks/quality/api/index.js.map +1 -0
- package/dist/checks/quality/code-structure/duplicate-utility-functions.d.ts +32 -0
- package/dist/checks/quality/code-structure/duplicate-utility-functions.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/duplicate-utility-functions.js +451 -0
- package/dist/checks/quality/code-structure/duplicate-utility-functions.js.map +1 -0
- package/dist/checks/quality/code-structure/index.d.ts +3 -0
- package/dist/checks/quality/code-structure/index.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/index.js +3 -0
- package/dist/checks/quality/code-structure/index.js.map +1 -0
- package/dist/checks/quality/code-structure/no-any-types.d.ts +13 -0
- package/dist/checks/quality/code-structure/no-any-types.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/no-any-types.js +116 -0
- package/dist/checks/quality/code-structure/no-any-types.js.map +1 -0
- package/dist/checks/quality/data-integrity/__tests__/null-safety-fp.test.d.ts +15 -0
- package/dist/checks/quality/data-integrity/__tests__/null-safety-fp.test.d.ts.map +1 -0
- package/dist/checks/quality/data-integrity/__tests__/null-safety-fp.test.js +51 -0
- package/dist/checks/quality/data-integrity/__tests__/null-safety-fp.test.js.map +1 -0
- package/dist/checks/quality/data-integrity/array-validation.d.ts +16 -0
- package/dist/checks/quality/data-integrity/array-validation.d.ts.map +1 -0
- package/dist/checks/quality/data-integrity/array-validation.js +508 -0
- package/dist/checks/quality/data-integrity/array-validation.js.map +1 -0
- package/dist/checks/quality/data-integrity/database-index-coverage.d.ts +14 -0
- package/dist/checks/quality/data-integrity/database-index-coverage.d.ts.map +1 -0
- package/dist/checks/quality/data-integrity/database-index-coverage.js +235 -0
- package/dist/checks/quality/data-integrity/database-index-coverage.js.map +1 -0
- package/dist/checks/quality/data-integrity/database-schema-validation.d.ts +16 -0
- package/dist/checks/quality/data-integrity/database-schema-validation.d.ts.map +1 -0
- package/dist/checks/quality/data-integrity/database-schema-validation.js +328 -0
- package/dist/checks/quality/data-integrity/database-schema-validation.js.map +1 -0
- package/dist/checks/quality/data-integrity/in-memory-repository-detection.d.ts +14 -0
- package/dist/checks/quality/data-integrity/in-memory-repository-detection.d.ts.map +1 -0
- package/dist/checks/quality/data-integrity/in-memory-repository-detection.js +157 -0
- package/dist/checks/quality/data-integrity/in-memory-repository-detection.js.map +1 -0
- package/dist/checks/quality/data-integrity/index.d.ts +8 -0
- package/dist/checks/quality/data-integrity/index.d.ts.map +1 -0
- package/dist/checks/quality/data-integrity/index.js +8 -0
- package/dist/checks/quality/data-integrity/index.js.map +1 -0
- package/dist/checks/quality/data-integrity/missing-input-validation.d.ts +12 -0
- package/dist/checks/quality/data-integrity/missing-input-validation.d.ts.map +1 -0
- package/dist/checks/quality/data-integrity/missing-input-validation.js +180 -0
- package/dist/checks/quality/data-integrity/missing-input-validation.js.map +1 -0
- package/dist/checks/quality/data-integrity/null-safety.d.ts +33 -0
- package/dist/checks/quality/data-integrity/null-safety.d.ts.map +1 -0
- package/dist/checks/quality/data-integrity/null-safety.js +766 -0
- package/dist/checks/quality/data-integrity/null-safety.js.map +1 -0
- package/dist/checks/quality/data-integrity/numeric-validation.d.ts +12 -0
- package/dist/checks/quality/data-integrity/numeric-validation.d.ts.map +1 -0
- package/dist/checks/quality/data-integrity/numeric-validation.js +409 -0
- package/dist/checks/quality/data-integrity/numeric-validation.js.map +1 -0
- package/dist/checks/quality/frontend/a11y-form-labels.d.ts +14 -0
- package/dist/checks/quality/frontend/a11y-form-labels.d.ts.map +1 -0
- package/dist/checks/quality/frontend/a11y-form-labels.js +93 -0
- package/dist/checks/quality/frontend/a11y-form-labels.js.map +1 -0
- package/dist/checks/quality/frontend/a11y-semantic-html.d.ts +14 -0
- package/dist/checks/quality/frontend/a11y-semantic-html.d.ts.map +1 -0
- package/dist/checks/quality/frontend/a11y-semantic-html.js +88 -0
- package/dist/checks/quality/frontend/a11y-semantic-html.js.map +1 -0
- package/dist/checks/quality/frontend/index.d.ts +4 -0
- package/dist/checks/quality/frontend/index.d.ts.map +1 -0
- package/dist/checks/quality/frontend/index.js +4 -0
- package/dist/checks/quality/frontend/index.js.map +1 -0
- package/dist/checks/quality/frontend/test-only-frontend-modules.d.ts +13 -0
- package/dist/checks/quality/frontend/test-only-frontend-modules.d.ts.map +1 -0
- package/dist/checks/quality/frontend/test-only-frontend-modules.js +159 -0
- package/dist/checks/quality/frontend/test-only-frontend-modules.js.map +1 -0
- package/dist/checks/quality/incomplete-regex-escaping.d.ts +13 -0
- package/dist/checks/quality/incomplete-regex-escaping.d.ts.map +1 -0
- package/dist/checks/quality/incomplete-regex-escaping.js +207 -0
- package/dist/checks/quality/incomplete-regex-escaping.js.map +1 -0
- package/dist/checks/quality/index.d.ts +11 -0
- package/dist/checks/quality/index.d.ts.map +1 -0
- package/dist/checks/quality/index.js +11 -0
- package/dist/checks/quality/index.js.map +1 -0
- package/dist/checks/quality/linting/index.d.ts +2 -0
- package/dist/checks/quality/linting/index.d.ts.map +1 -0
- package/dist/checks/quality/linting/index.js +2 -0
- package/dist/checks/quality/linting/index.js.map +1 -0
- package/dist/checks/quality/linting/typescript-frontend.d.ts +25 -0
- package/dist/checks/quality/linting/typescript-frontend.d.ts.map +1 -0
- package/dist/checks/quality/linting/typescript-frontend.js +159 -0
- package/dist/checks/quality/linting/typescript-frontend.js.map +1 -0
- package/dist/checks/quality/observability/index.d.ts +5 -0
- package/dist/checks/quality/observability/index.d.ts.map +1 -0
- package/dist/checks/quality/observability/index.js +5 -0
- package/dist/checks/quality/observability/index.js.map +1 -0
- package/dist/checks/quality/observability/logger-event-name-format.d.ts +12 -0
- package/dist/checks/quality/observability/logger-event-name-format.d.ts.map +1 -0
- package/dist/checks/quality/observability/logger-event-name-format.js +124 -0
- package/dist/checks/quality/observability/logger-event-name-format.js.map +1 -0
- package/dist/checks/quality/observability/no-hardcoded-correlation-id.d.ts +5 -0
- package/dist/checks/quality/observability/no-hardcoded-correlation-id.d.ts.map +1 -0
- package/dist/checks/quality/observability/no-hardcoded-correlation-id.js +77 -0
- package/dist/checks/quality/observability/no-hardcoded-correlation-id.js.map +1 -0
- package/dist/checks/quality/observability/observability-coverage/__tests__/analyzer.test.d.ts +11 -0
- package/dist/checks/quality/observability/observability-coverage/__tests__/analyzer.test.d.ts.map +1 -0
- package/dist/checks/quality/observability/observability-coverage/__tests__/analyzer.test.js +107 -0
- package/dist/checks/quality/observability/observability-coverage/__tests__/analyzer.test.js.map +1 -0
- package/dist/checks/quality/observability/observability-coverage/__tests__/logger-detector.test.d.ts +12 -0
- package/dist/checks/quality/observability/observability-coverage/__tests__/logger-detector.test.d.ts.map +1 -0
- package/dist/checks/quality/observability/observability-coverage/__tests__/logger-detector.test.js +94 -0
- package/dist/checks/quality/observability/observability-coverage/__tests__/logger-detector.test.js.map +1 -0
- package/dist/checks/quality/observability/observability-coverage/analyzer.d.ts +13 -0
- package/dist/checks/quality/observability/observability-coverage/analyzer.d.ts.map +1 -0
- package/dist/checks/quality/observability/observability-coverage/analyzer.js +117 -0
- package/dist/checks/quality/observability/observability-coverage/analyzer.js.map +1 -0
- package/dist/checks/quality/observability/observability-coverage/index.d.ts +4 -0
- package/dist/checks/quality/observability/observability-coverage/index.d.ts.map +1 -0
- package/dist/checks/quality/observability/observability-coverage/index.js +4 -0
- package/dist/checks/quality/observability/observability-coverage/index.js.map +1 -0
- package/dist/checks/quality/observability/observability-coverage/logger-detector.d.ts +29 -0
- package/dist/checks/quality/observability/observability-coverage/logger-detector.d.ts.map +1 -0
- package/dist/checks/quality/observability/observability-coverage/logger-detector.js +111 -0
- package/dist/checks/quality/observability/observability-coverage/logger-detector.js.map +1 -0
- package/dist/checks/quality/observability/observability-coverage/types.d.ts +64 -0
- package/dist/checks/quality/observability/observability-coverage/types.d.ts.map +1 -0
- package/dist/checks/quality/observability/observability-coverage/types.js +6 -0
- package/dist/checks/quality/observability/observability-coverage/types.js.map +1 -0
- package/dist/checks/quality/observability/pii-exposure-in-logs.d.ts +22 -0
- package/dist/checks/quality/observability/pii-exposure-in-logs.d.ts.map +1 -0
- package/dist/checks/quality/observability/pii-exposure-in-logs.js +212 -0
- package/dist/checks/quality/observability/pii-exposure-in-logs.js.map +1 -0
- package/dist/checks/quality/observability/pii-exposure-in-logs.test.d.ts +11 -0
- package/dist/checks/quality/observability/pii-exposure-in-logs.test.d.ts.map +1 -0
- package/dist/checks/quality/observability/pii-exposure-in-logs.test.js +46 -0
- package/dist/checks/quality/observability/pii-exposure-in-logs.test.js.map +1 -0
- package/dist/checks/quality/patterns/__tests__/toctou-fp.test.d.ts +14 -0
- package/dist/checks/quality/patterns/__tests__/toctou-fp.test.d.ts.map +1 -0
- package/dist/checks/quality/patterns/__tests__/toctou-fp.test.js +61 -0
- package/dist/checks/quality/patterns/__tests__/toctou-fp.test.js.map +1 -0
- package/dist/checks/quality/patterns/async-waterfall-detection.d.ts +26 -0
- package/dist/checks/quality/patterns/async-waterfall-detection.d.ts.map +1 -0
- package/dist/checks/quality/patterns/async-waterfall-detection.js +410 -0
- package/dist/checks/quality/patterns/async-waterfall-detection.js.map +1 -0
- package/dist/checks/quality/patterns/dispose-pattern-completeness.d.ts +13 -0
- package/dist/checks/quality/patterns/dispose-pattern-completeness.d.ts.map +1 -0
- package/dist/checks/quality/patterns/dispose-pattern-completeness.js +220 -0
- package/dist/checks/quality/patterns/dispose-pattern-completeness.js.map +1 -0
- package/dist/checks/quality/patterns/error-handling-quality.d.ts +17 -0
- package/dist/checks/quality/patterns/error-handling-quality.d.ts.map +1 -0
- package/dist/checks/quality/patterns/error-handling-quality.js +335 -0
- package/dist/checks/quality/patterns/error-handling-quality.js.map +1 -0
- package/dist/checks/quality/patterns/index.d.ts +10 -0
- package/dist/checks/quality/patterns/index.d.ts.map +1 -0
- package/dist/checks/quality/patterns/index.js +10 -0
- package/dist/checks/quality/patterns/index.js.map +1 -0
- package/dist/checks/quality/patterns/lifecycle-cleanup-enforcement.d.ts +16 -0
- package/dist/checks/quality/patterns/lifecycle-cleanup-enforcement.d.ts.map +1 -0
- package/dist/checks/quality/patterns/lifecycle-cleanup-enforcement.js +205 -0
- package/dist/checks/quality/patterns/lifecycle-cleanup-enforcement.js.map +1 -0
- package/dist/checks/quality/patterns/result-pattern-consistency.d.ts +16 -0
- package/dist/checks/quality/patterns/result-pattern-consistency.d.ts.map +1 -0
- package/dist/checks/quality/patterns/result-pattern-consistency.js +328 -0
- package/dist/checks/quality/patterns/result-pattern-consistency.js.map +1 -0
- package/dist/checks/quality/patterns/silent-early-returns.d.ts +23 -0
- package/dist/checks/quality/patterns/silent-early-returns.d.ts.map +1 -0
- package/dist/checks/quality/patterns/silent-early-returns.js +266 -0
- package/dist/checks/quality/patterns/silent-early-returns.js.map +1 -0
- package/dist/checks/quality/patterns/stream-buffer-size-limits.d.ts +13 -0
- package/dist/checks/quality/patterns/stream-buffer-size-limits.d.ts.map +1 -0
- package/dist/checks/quality/patterns/stream-buffer-size-limits.js +163 -0
- package/dist/checks/quality/patterns/stream-buffer-size-limits.js.map +1 -0
- package/dist/checks/quality/patterns/throws-documentation.d.ts +23 -0
- package/dist/checks/quality/patterns/throws-documentation.d.ts.map +1 -0
- package/dist/checks/quality/patterns/throws-documentation.js +519 -0
- package/dist/checks/quality/patterns/throws-documentation.js.map +1 -0
- package/dist/checks/quality/patterns/toctou-race-condition.d.ts +48 -0
- package/dist/checks/quality/patterns/toctou-race-condition.d.ts.map +1 -0
- package/dist/checks/quality/patterns/toctou-race-condition.js +639 -0
- package/dist/checks/quality/patterns/toctou-race-condition.js.map +1 -0
- package/dist/checks/quality/stubbed-implementation-detection.d.ts +24 -0
- package/dist/checks/quality/stubbed-implementation-detection.d.ts.map +1 -0
- package/dist/checks/quality/stubbed-implementation-detection.js +355 -0
- package/dist/checks/quality/stubbed-implementation-detection.js.map +1 -0
- package/dist/checks/quality/unused-config-options.d.ts +12 -0
- package/dist/checks/quality/unused-config-options.d.ts.map +1 -0
- package/dist/checks/quality/unused-config-options.js +245 -0
- package/dist/checks/quality/unused-config-options.js.map +1 -0
- package/dist/checks/resilience/__tests__/callback-invocation-safe.test.d.ts +2 -0
- package/dist/checks/resilience/__tests__/callback-invocation-safe.test.d.ts.map +1 -0
- package/dist/checks/resilience/__tests__/callback-invocation-safe.test.js +79 -0
- package/dist/checks/resilience/__tests__/callback-invocation-safe.test.js.map +1 -0
- package/dist/checks/resilience/__tests__/context-leakage-fp.test.d.ts +12 -0
- package/dist/checks/resilience/__tests__/context-leakage-fp.test.d.ts.map +1 -0
- package/dist/checks/resilience/__tests__/context-leakage-fp.test.js +34 -0
- package/dist/checks/resilience/__tests__/context-leakage-fp.test.js.map +1 -0
- package/dist/checks/resilience/__tests__/context-mutation.test.d.ts +11 -0
- package/dist/checks/resilience/__tests__/context-mutation.test.d.ts.map +1 -0
- package/dist/checks/resilience/__tests__/context-mutation.test.js +54 -0
- package/dist/checks/resilience/__tests__/context-mutation.test.js.map +1 -0
- package/dist/checks/resilience/callback-invocation-safe.d.ts +34 -0
- package/dist/checks/resilience/callback-invocation-safe.d.ts.map +1 -0
- package/dist/checks/resilience/callback-invocation-safe.js +247 -0
- package/dist/checks/resilience/callback-invocation-safe.js.map +1 -0
- package/dist/checks/resilience/context-leakage.d.ts +25 -0
- package/dist/checks/resilience/context-leakage.d.ts.map +1 -0
- package/dist/checks/resilience/context-leakage.js +435 -0
- package/dist/checks/resilience/context-leakage.js.map +1 -0
- package/dist/checks/resilience/context-mutation.d.ts +21 -0
- package/dist/checks/resilience/context-mutation.d.ts.map +1 -0
- package/dist/checks/resilience/context-mutation.js +368 -0
- package/dist/checks/resilience/context-mutation.js.map +1 -0
- package/dist/checks/resilience/detached-promises.d.ts +40 -0
- package/dist/checks/resilience/detached-promises.d.ts.map +1 -0
- package/dist/checks/resilience/detached-promises.js +646 -0
- package/dist/checks/resilience/detached-promises.js.map +1 -0
- package/dist/checks/resilience/index.d.ts +7 -0
- package/dist/checks/resilience/index.d.ts.map +1 -0
- package/dist/checks/resilience/index.js +7 -0
- package/dist/checks/resilience/index.js.map +1 -0
- package/dist/checks/resilience/no-raw-fetch.d.ts +11 -0
- package/dist/checks/resilience/no-raw-fetch.d.ts.map +1 -0
- package/dist/checks/resilience/no-raw-fetch.js +110 -0
- package/dist/checks/resilience/no-raw-fetch.js.map +1 -0
- package/dist/checks/resilience/no-unbounded-concurrency.d.ts +11 -0
- package/dist/checks/resilience/no-unbounded-concurrency.d.ts.map +1 -0
- package/dist/checks/resilience/no-unbounded-concurrency.js +117 -0
- package/dist/checks/resilience/no-unbounded-concurrency.js.map +1 -0
- package/dist/checks/security/__tests__/sql-injection.test.d.ts +17 -0
- package/dist/checks/security/__tests__/sql-injection.test.d.ts.map +1 -0
- package/dist/checks/security/__tests__/sql-injection.test.js +97 -0
- package/dist/checks/security/__tests__/sql-injection.test.js.map +1 -0
- package/dist/checks/security/index.d.ts +4 -0
- package/dist/checks/security/index.d.ts.map +1 -0
- package/dist/checks/security/index.js +4 -0
- package/dist/checks/security/index.js.map +1 -0
- package/dist/checks/security/input-sanitization.d.ts +20 -0
- package/dist/checks/security/input-sanitization.d.ts.map +1 -0
- package/dist/checks/security/input-sanitization.js +255 -0
- package/dist/checks/security/input-sanitization.js.map +1 -0
- package/dist/checks/security/sql-injection.d.ts +24 -0
- package/dist/checks/security/sql-injection.d.ts.map +1 -0
- package/dist/checks/security/sql-injection.js +330 -0
- package/dist/checks/security/sql-injection.js.map +1 -0
- package/dist/checks/security/unsafe-secret-comparison.d.ts +17 -0
- package/dist/checks/security/unsafe-secret-comparison.d.ts.map +1 -0
- package/dist/checks/security/unsafe-secret-comparison.js +227 -0
- package/dist/checks/security/unsafe-secret-comparison.js.map +1 -0
- package/dist/checks/testing/index.d.ts +2 -0
- package/dist/checks/testing/index.d.ts.map +1 -0
- package/dist/checks/testing/index.js +2 -0
- package/dist/checks/testing/index.js.map +1 -0
- package/dist/checks/testing/mock-implementations-in-production.d.ts +12 -0
- package/dist/checks/testing/mock-implementations-in-production.d.ts.map +1 -0
- package/dist/checks/testing/mock-implementations-in-production.js +211 -0
- package/dist/checks/testing/mock-implementations-in-production.js.map +1 -0
- package/dist/display/architecture.d.ts +9 -0
- package/dist/display/architecture.d.ts.map +1 -0
- package/dist/display/architecture.js +18 -0
- package/dist/display/architecture.js.map +1 -0
- package/dist/display/index.d.ts +20 -0
- package/dist/display/index.d.ts.map +1 -0
- package/dist/display/index.js +30 -0
- package/dist/display/index.js.map +1 -0
- package/dist/display/quality.d.ts +7 -0
- package/dist/display/quality.d.ts.map +1 -0
- package/dist/display/quality.js +39 -0
- package/dist/display/quality.js.map +1 -0
- package/dist/display/resilience.d.ts +7 -0
- package/dist/display/resilience.d.ts.map +1 -0
- package/dist/display/resilience.js +13 -0
- package/dist/display/resilience.js.map +1 -0
- package/dist/display/security-testing.d.ts +9 -0
- package/dist/display/security-testing.d.ts.map +1 -0
- package/dist/display/security-testing.js +14 -0
- package/dist/display/security-testing.js.map +1 -0
- package/dist/display/types.d.ts +6 -0
- package/dist/display/types.d.ts.map +1 -0
- package/dist/display/types.js +6 -0
- package/dist/display/types.js.map +1 -0
- package/dist/index.d.ts +19 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +21 -0
- package/dist/index.js.map +1 -0
- package/package.json +55 -0
|
@@ -0,0 +1,212 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview PII Exposure in Logs Check
|
|
3
|
+
*
|
|
4
|
+
* Uses AST analysis to detect PII exposure in log statements.
|
|
5
|
+
* Walks call expressions to find logger.info/warn/error/debug/trace/fatal calls,
|
|
6
|
+
* then inspects arguments for PII field names. AST context eliminates false
|
|
7
|
+
* positives from PII field names in non-log contexts (type definitions,
|
|
8
|
+
* variable names, string constants).
|
|
9
|
+
*
|
|
10
|
+
* @see Logging Standards
|
|
11
|
+
*/
|
|
12
|
+
import { defineCheck } from '@opensip-cli/fitness';
|
|
13
|
+
import { parseSource, walkNodes, getPropertyChain, getLineNumber, } from '@opensip-cli/lang-typescript';
|
|
14
|
+
import * as ts from 'typescript';
|
|
15
|
+
// PII field names that should never be logged directly
|
|
16
|
+
const PII_FIELD_NAMES = new Set([
|
|
17
|
+
'email',
|
|
18
|
+
'emailaddress',
|
|
19
|
+
'email_address',
|
|
20
|
+
'phone',
|
|
21
|
+
'phonenumber',
|
|
22
|
+
'phone_number',
|
|
23
|
+
'ssn',
|
|
24
|
+
'socialsecurity',
|
|
25
|
+
'social_security',
|
|
26
|
+
'socialsecuritynumber',
|
|
27
|
+
'social_security_number',
|
|
28
|
+
'creditcard',
|
|
29
|
+
'credit_card',
|
|
30
|
+
'cardnumber',
|
|
31
|
+
'card_number',
|
|
32
|
+
'cvv',
|
|
33
|
+
'cvc',
|
|
34
|
+
'passport',
|
|
35
|
+
'driverlicense',
|
|
36
|
+
'driver_license',
|
|
37
|
+
'bankaccount',
|
|
38
|
+
'bank_account',
|
|
39
|
+
'routingnumber',
|
|
40
|
+
'routing_number',
|
|
41
|
+
'password',
|
|
42
|
+
'passwd',
|
|
43
|
+
'pwd',
|
|
44
|
+
'secret',
|
|
45
|
+
'apikey',
|
|
46
|
+
'api_key',
|
|
47
|
+
'accesstoken',
|
|
48
|
+
'access_token',
|
|
49
|
+
'refreshtoken',
|
|
50
|
+
'refresh_token',
|
|
51
|
+
'privatekey',
|
|
52
|
+
'private_key',
|
|
53
|
+
'address',
|
|
54
|
+
'streetaddress',
|
|
55
|
+
'street_address',
|
|
56
|
+
'ipaddress',
|
|
57
|
+
'ip_address',
|
|
58
|
+
'dateofbirth',
|
|
59
|
+
'date_of_birth',
|
|
60
|
+
'dob',
|
|
61
|
+
]);
|
|
62
|
+
/** Logger method names that indicate a log call */
|
|
63
|
+
const LOG_METHOD_NAMES = new Set(['trace', 'debug', 'info', 'warn', 'error', 'fatal']);
|
|
64
|
+
/** Logger object names (L is our shorthand, logger is standard) */
|
|
65
|
+
const LOGGER_OBJECT_NAMES = new Set(['L', 'logger', 'log']);
|
|
66
|
+
/** Safe function calls that indicate the PII field value is sanitized */
|
|
67
|
+
const SAFE_WRAPPER_FUNCTIONS = new Set([
|
|
68
|
+
'hashpii',
|
|
69
|
+
'hash',
|
|
70
|
+
'redact',
|
|
71
|
+
'mask',
|
|
72
|
+
'sanitize',
|
|
73
|
+
'encrypt',
|
|
74
|
+
'hashpiifield',
|
|
75
|
+
'redactfield',
|
|
76
|
+
'maskfield',
|
|
77
|
+
]);
|
|
78
|
+
/**
|
|
79
|
+
* Check if a node is a logger call expression.
|
|
80
|
+
* Matches: logger.info(...), L.warn(...), log.error(...), this.logger.debug(...)
|
|
81
|
+
*/
|
|
82
|
+
function isLoggerCall(node) {
|
|
83
|
+
const expr = node.expression;
|
|
84
|
+
if (!ts.isPropertyAccessExpression(expr))
|
|
85
|
+
return false;
|
|
86
|
+
if (!LOG_METHOD_NAMES.has(expr.name.text))
|
|
87
|
+
return false;
|
|
88
|
+
const chain = getPropertyChain(expr.expression);
|
|
89
|
+
// Direct logger call: logger.info, L.warn
|
|
90
|
+
if (LOGGER_OBJECT_NAMES.has(chain))
|
|
91
|
+
return true;
|
|
92
|
+
// Nested: this.logger.info, context.logger.warn
|
|
93
|
+
if (chain.endsWith('.logger') || chain.endsWith('.L') || chain.endsWith('.log'))
|
|
94
|
+
return true;
|
|
95
|
+
return false;
|
|
96
|
+
}
|
|
97
|
+
/**
|
|
98
|
+
* Check if a property value expression is wrapped in a sanitization function.
|
|
99
|
+
* E.g., hashPii(email), mask(phone), redact(ssn)
|
|
100
|
+
*/
|
|
101
|
+
function isWrappedInSafeCall(node) {
|
|
102
|
+
if (ts.isCallExpression(node)) {
|
|
103
|
+
const callee = node.expression;
|
|
104
|
+
if (ts.isIdentifier(callee) && SAFE_WRAPPER_FUNCTIONS.has(callee.text.toLowerCase())) {
|
|
105
|
+
return true;
|
|
106
|
+
}
|
|
107
|
+
if (ts.isPropertyAccessExpression(callee) &&
|
|
108
|
+
SAFE_WRAPPER_FUNCTIONS.has(callee.name.text.toLowerCase())) {
|
|
109
|
+
return true;
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
return false;
|
|
113
|
+
}
|
|
114
|
+
/**
|
|
115
|
+
* Inspect an object literal for PII field names in its properties.
|
|
116
|
+
* Returns the first PII field found, or null if none.
|
|
117
|
+
*/
|
|
118
|
+
function findPiiFieldInObject(obj) {
|
|
119
|
+
for (const prop of obj.properties) {
|
|
120
|
+
if (!ts.isPropertyAssignment(prop))
|
|
121
|
+
continue;
|
|
122
|
+
let propName = '';
|
|
123
|
+
if (ts.isIdentifier(prop.name)) {
|
|
124
|
+
propName = prop.name.text;
|
|
125
|
+
}
|
|
126
|
+
else if (ts.isStringLiteral(prop.name)) {
|
|
127
|
+
propName = prop.name.text;
|
|
128
|
+
}
|
|
129
|
+
else if (ts.isComputedPropertyName(prop.name)) {
|
|
130
|
+
continue; // skip computed properties
|
|
131
|
+
}
|
|
132
|
+
if (PII_FIELD_NAMES.has(propName.toLowerCase())) {
|
|
133
|
+
const safe = isWrappedInSafeCall(prop.initializer);
|
|
134
|
+
return { fieldName: propName, safe };
|
|
135
|
+
}
|
|
136
|
+
// Check nested object literals
|
|
137
|
+
if (ts.isObjectLiteralExpression(prop.initializer)) {
|
|
138
|
+
const nested = findPiiFieldInObject(prop.initializer);
|
|
139
|
+
if (nested)
|
|
140
|
+
return nested;
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
return null;
|
|
144
|
+
}
|
|
145
|
+
/**
|
|
146
|
+
* Check: quality/pii-exposure-in-logs
|
|
147
|
+
*
|
|
148
|
+
* Detects potential PII exposure in log statements using AST analysis.
|
|
149
|
+
* Walks call expressions to find logger calls, then inspects arguments
|
|
150
|
+
* for PII field names in object literals.
|
|
151
|
+
*
|
|
152
|
+
* @see Logging Standards
|
|
153
|
+
*/
|
|
154
|
+
export const piiExposureInLogs = defineCheck({
|
|
155
|
+
id: 'afe54c52-c75d-4078-a81d-94bf80281e13',
|
|
156
|
+
slug: 'pii-exposure-in-logs',
|
|
157
|
+
scope: { languages: ['typescript'], concerns: ['backend', 'server'] },
|
|
158
|
+
confidence: 'high',
|
|
159
|
+
description: 'Detects potential PII exposure in log statements',
|
|
160
|
+
longDescription: `**Purpose:** Detects potential PII (Personally Identifiable Information) exposure in log statements using TypeScript AST analysis, ensuring sensitive data is never logged in plaintext.
|
|
161
|
+
|
|
162
|
+
**Detects:**
|
|
163
|
+
- PII field names (\`email\`, \`phone\`, \`ssn\`, \`creditcard\`, \`cvv\`, \`passport\`, \`driverLicense\`, \`bankAccount\`, \`routingNumber\`, \`password\`, \`apikey\`, \`accesstoken\`, \`address\`, \`dob\`, and variants) used as property keys in object literals passed to logger calls
|
|
164
|
+
- Logger calls on objects named \`logger\`, \`L\`, or \`log\` with methods \`trace\`, \`debug\`, \`info\`, \`warn\`, \`error\`, \`fatal\`
|
|
165
|
+
- Nested object literals containing PII fields within log arguments
|
|
166
|
+
- Exempts fields wrapped in safe sanitization calls: \`hashPii\`, \`hash\`, \`redact\`, \`mask\`, \`sanitize\`, \`encrypt\`
|
|
167
|
+
|
|
168
|
+
**Why it matters:** Logging PII in plaintext violates data protection regulations and creates security/compliance risks if logs are accessed by unauthorized parties.
|
|
169
|
+
|
|
170
|
+
**Scope:** General best practice (logging standards). Analyzes each file individually using TypeScript AST walking.`,
|
|
171
|
+
tags: ['security', 'compliance', 'quality'],
|
|
172
|
+
fileTypes: ['ts'],
|
|
173
|
+
// @fitness-ignore-next-line no-hardcoded-timeouts -- framework default for fitness check execution
|
|
174
|
+
timeout: 180_000, // 3 minutes - scans all log statements
|
|
175
|
+
analyze(content, filePath) {
|
|
176
|
+
// Quick filter: skip files without logger patterns
|
|
177
|
+
if (!content.includes('logger.') && !content.includes('L.') && !content.includes('log.')) {
|
|
178
|
+
return [];
|
|
179
|
+
}
|
|
180
|
+
const sourceFile = parseSource(content, filePath);
|
|
181
|
+
/* v8 ignore next -- defensive guard */
|
|
182
|
+
if (!sourceFile)
|
|
183
|
+
return [];
|
|
184
|
+
const violations = [];
|
|
185
|
+
walkNodes(sourceFile, (node) => {
|
|
186
|
+
if (!ts.isCallExpression(node))
|
|
187
|
+
return;
|
|
188
|
+
if (!isLoggerCall(node))
|
|
189
|
+
return;
|
|
190
|
+
// Inspect each argument for PII fields
|
|
191
|
+
for (const arg of node.arguments) {
|
|
192
|
+
if (ts.isObjectLiteralExpression(arg)) {
|
|
193
|
+
const piiField = findPiiFieldInObject(arg);
|
|
194
|
+
if (piiField && !piiField.safe) {
|
|
195
|
+
violations.push({
|
|
196
|
+
line: getLineNumber(node, sourceFile),
|
|
197
|
+
column: 0,
|
|
198
|
+
message: `Potential PII field '${piiField.fieldName}' in log call (should be hashed/sanitized)`,
|
|
199
|
+
severity: 'error',
|
|
200
|
+
suggestion: `Use a centralized PII masking utility before logging: hash or redact sensitive fields, e.g. log { ${piiField.fieldName}: hashPii(${piiField.fieldName}) } or redact the field entirely`,
|
|
201
|
+
match: node.getText().length > 200 ? node.getText().slice(0, 200) + '...' : node.getText(),
|
|
202
|
+
filePath,
|
|
203
|
+
});
|
|
204
|
+
break; // one violation per log call is sufficient
|
|
205
|
+
}
|
|
206
|
+
}
|
|
207
|
+
}
|
|
208
|
+
});
|
|
209
|
+
return violations;
|
|
210
|
+
},
|
|
211
|
+
});
|
|
212
|
+
//# sourceMappingURL=pii-exposure-in-logs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pii-exposure-in-logs.js","sourceRoot":"","sources":["../../../../src/checks/quality/observability/pii-exposure-in-logs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,WAAW,EAAuB,MAAM,sBAAsB,CAAC;AACxE,OAAO,EACL,WAAW,EACX,SAAS,EACT,gBAAgB,EAChB,aAAa,GACd,MAAM,8BAA8B,CAAC;AACtC,OAAO,KAAK,EAAE,MAAM,YAAY,CAAC;AAEjC,uDAAuD;AACvD,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,OAAO;IACP,cAAc;IACd,eAAe;IACf,OAAO;IACP,aAAa;IACb,cAAc;IACd,KAAK;IACL,gBAAgB;IAChB,iBAAiB;IACjB,sBAAsB;IACtB,wBAAwB;IACxB,YAAY;IACZ,aAAa;IACb,YAAY;IACZ,aAAa;IACb,KAAK;IACL,KAAK;IACL,UAAU;IACV,eAAe;IACf,gBAAgB;IAChB,aAAa;IACb,cAAc;IACd,eAAe;IACf,gBAAgB;IAChB,UAAU;IACV,QAAQ;IACR,KAAK;IACL,QAAQ;IACR,QAAQ;IACR,SAAS;IACT,aAAa;IACb,cAAc;IACd,cAAc;IACd,eAAe;IACf,YAAY;IACZ,aAAa;IACb,SAAS;IACT,eAAe;IACf,gBAAgB;IAChB,WAAW;IACX,YAAY;IACZ,aAAa;IACb,eAAe;IACf,KAAK;CACN,CAAC,CAAC;AAEH,mDAAmD;AACnD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;AAEvF,mEAAmE;AACnE,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;AAE5D,yEAAyE;AACzE,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC;IACrC,SAAS;IACT,MAAM;IACN,QAAQ;IACR,MAAM;IACN,UAAU;IACV,SAAS;IACT,cAAc;IACd,aAAa;IACb,WAAW;CACZ,CAAC,CAAC;AAEH;;;GAGG;AACH,SAAS,YAAY,CAAC,IAAuB;IAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC;IAC7B,IAAI,CAAC,EAAE,CAAC,0BAA0B,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACvD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IAExD,MAAM,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAChD,0CAA0C;IAC1C,IAAI,mBAAmB,CAAC,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAChD,gDAAgD;IAChD,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAE7F,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,IAAmB;IAC9C,IAAI,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC;QAC/B,IAAI,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,sBAAsB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YACrF,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IACE,EAAE,CAAC,0BAA0B,CAAC,MAAM,CAAC;YACrC,sBAAsB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,EAC1D,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAC3B,GAA+B;IAE/B,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;QAClC,IAAI,CAAC,EAAE,CAAC,oBAAoB,CAAC,IAAI,CAAC;YAAE,SAAS;QAE7C,IAAI,QAAQ,GAAG,EAAE,CAAC;QAClB,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QAC5B,CAAC;aAAM,IAAI,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACzC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QAC5B,CAAC;aAAM,IAAI,EAAE,CAAC,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAChD,SAAS,CAAC,2BAA2B;QACvC,CAAC;QAED,IAAI,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,GAAG,mBAAmB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACnD,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QACvC,CAAC;QAED,+BAA+B;QAC/B,IAAI,EAAE,CAAC,yBAAyB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,oBAAoB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACtD,IAAI,MAAM;gBAAE,OAAO,MAAM,CAAC;QAC5B,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,WAAW,CAAC;IAC3C,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,sBAAsB;IAC5B,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE;IAErE,UAAU,EAAE,MAAM;IAClB,WAAW,EAAE,kDAAkD;IAC/D,eAAe,EAAE;;;;;;;;;;oHAUiG;IAClH,IAAI,EAAE,CAAC,UAAU,EAAE,YAAY,EAAE,SAAS,CAAC;IAC3C,SAAS,EAAE,CAAC,IAAI,CAAC;IACjB,mGAAmG;IACnG,OAAO,EAAE,OAAO,EAAE,uCAAuC;IAEzD,OAAO,CAAC,OAAe,EAAE,QAAgB;QACvC,mDAAmD;QACnD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACzF,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,UAAU,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAClD,uCAAuC;QACvC,IAAI,CAAC,UAAU;YAAE,OAAO,EAAE,CAAC;QAE3B,MAAM,UAAU,GAAqB,EAAE,CAAC;QAExC,SAAS,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;YAC7B,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC;gBAAE,OAAO;YACvC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;gBAAE,OAAO;YAEhC,uCAAuC;YACvC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,IAAI,EAAE,CAAC,yBAAyB,CAAC,GAAG,CAAC,EAAE,CAAC;oBACtC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;oBAC3C,IAAI,QAAQ,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;wBAC/B,UAAU,CAAC,IAAI,CAAC;4BACd,IAAI,EAAE,aAAa,CAAC,IAAI,EAAE,UAAU,CAAC;4BACrC,MAAM,EAAE,CAAC;4BACT,OAAO,EAAE,wBAAwB,QAAQ,CAAC,SAAS,4CAA4C;4BAC/F,QAAQ,EAAE,OAAO;4BACjB,UAAU,EAAE,qGAAqG,QAAQ,CAAC,SAAS,aAAa,QAAQ,CAAC,SAAS,kCAAkC;4BACpM,KAAK,EACH,IAAI,CAAC,OAAO,EAAE,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE;4BACrF,QAAQ;yBACT,CAAC,CAAC;wBACH,MAAM,CAAC,2CAA2C;oBACpD,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAC,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Field-coverage regression test for pii-exposure-in-logs.
|
|
3
|
+
*
|
|
4
|
+
* The check's PII_FIELD_NAMES set absorbed the field list from the retired
|
|
5
|
+
* regex-based `pii-logging` check (checks-universal) during dedup. These
|
|
6
|
+
* cases pin the ported categories so a future edit to the set can't silently
|
|
7
|
+
* drop them. Runs the check in-process via the engine's fixture-coverage
|
|
8
|
+
* helper rather than reaching into its private analyze().
|
|
9
|
+
*/
|
|
10
|
+
export {};
|
|
11
|
+
//# sourceMappingURL=pii-exposure-in-logs.test.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pii-exposure-in-logs.test.d.ts","sourceRoot":"","sources":["../../../../src/checks/quality/observability/pii-exposure-in-logs.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG"}
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Field-coverage regression test for pii-exposure-in-logs.
|
|
3
|
+
*
|
|
4
|
+
* The check's PII_FIELD_NAMES set absorbed the field list from the retired
|
|
5
|
+
* regex-based `pii-logging` check (checks-universal) during dedup. These
|
|
6
|
+
* cases pin the ported categories so a future edit to the set can't silently
|
|
7
|
+
* drop them. Runs the check in-process via the engine's fixture-coverage
|
|
8
|
+
* helper rather than reaching into its private analyze().
|
|
9
|
+
*/
|
|
10
|
+
import { runCheckOnFixture } from '@opensip-cli/test-support';
|
|
11
|
+
import { describe, expect, it } from 'vitest';
|
|
12
|
+
import { piiExposureInLogs } from './pii-exposure-in-logs.js';
|
|
13
|
+
function logCall(body) {
|
|
14
|
+
return `import { logger } from './logger.js'\nexport function run(value: string): void {\n logger.info({ ${body} })\n}\n`;
|
|
15
|
+
}
|
|
16
|
+
describe('pii-exposure-in-logs · ported field coverage', () => {
|
|
17
|
+
// Fields inherited from the retired `pii-logging` regex check.
|
|
18
|
+
const portedFields = [
|
|
19
|
+
'cvv',
|
|
20
|
+
'cvc',
|
|
21
|
+
'passport',
|
|
22
|
+
'driverLicense',
|
|
23
|
+
'driver_license',
|
|
24
|
+
'bankAccount',
|
|
25
|
+
'bank_account',
|
|
26
|
+
'routingNumber',
|
|
27
|
+
'routing_number',
|
|
28
|
+
'socialSecurity',
|
|
29
|
+
'social_security',
|
|
30
|
+
];
|
|
31
|
+
for (const field of portedFields) {
|
|
32
|
+
it(`flags '${field}' in a logger call`, async () => {
|
|
33
|
+
const { findings } = await runCheckOnFixture(piiExposureInLogs, {
|
|
34
|
+
files: [{ path: 'handler.ts', content: logCall(`${field}: value`) }],
|
|
35
|
+
});
|
|
36
|
+
expect(findings).toHaveLength(1);
|
|
37
|
+
});
|
|
38
|
+
}
|
|
39
|
+
it('still exempts a ported field wrapped in a safe sanitizer', async () => {
|
|
40
|
+
const { findings } = await runCheckOnFixture(piiExposureInLogs, {
|
|
41
|
+
files: [{ path: 'handler.ts', content: logCall('passport: redact(value)') }],
|
|
42
|
+
});
|
|
43
|
+
expect(findings).toHaveLength(0);
|
|
44
|
+
});
|
|
45
|
+
});
|
|
46
|
+
//# sourceMappingURL=pii-exposure-in-logs.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pii-exposure-in-logs.test.js","sourceRoot":"","sources":["../../../../src/checks/quality/observability/pii-exposure-in-logs.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAE9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAE9D,SAAS,OAAO,CAAC,IAAY;IAC3B,OAAO,qGAAqG,IAAI,UAAU,CAAC;AAC7H,CAAC;AAED,QAAQ,CAAC,8CAA8C,EAAE,GAAG,EAAE;IAC5D,+DAA+D;IAC/D,MAAM,YAAY,GAAG;QACnB,KAAK;QACL,KAAK;QACL,UAAU;QACV,eAAe;QACf,gBAAgB;QAChB,aAAa;QACb,cAAc;QACd,eAAe;QACf,gBAAgB;QAChB,gBAAgB;QAChB,iBAAiB;KAClB,CAAC;IAEF,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;QACjC,EAAE,CAAC,UAAU,KAAK,oBAAoB,EAAE,KAAK,IAAI,EAAE;YACjD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,iBAAiB,CAAC,iBAAiB,EAAE;gBAC9D,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,OAAO,CAAC,GAAG,KAAK,SAAS,CAAC,EAAE,CAAC;aACrE,CAAC,CAAC;YACH,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,iBAAiB,CAAC,iBAAiB,EAAE;YAC9D,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,OAAO,CAAC,yBAAyB,CAAC,EAAE,CAAC;SAC7E,CAAC,CAAC;QACH,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview Regression tests for the `toctou-race-condition` FP fix.
|
|
3
|
+
*
|
|
4
|
+
* The classifier treated a *chained* receiver (`state.lowlink.get(...)` then
|
|
5
|
+
* `state.lowlink.set(...)`) as an unknown — hence shared — receiver, so the
|
|
6
|
+
* "state bag of Maps" pattern common to iterative graph/DP algorithms (e.g.
|
|
7
|
+
* Tarjan SCC's `TarjanState`) was flagged as a TOCTOU even though it is
|
|
8
|
+
* single-threaded in-memory work. The fix recognizes `<obj>.<field>` where
|
|
9
|
+
* `<obj>` is a parameter/local typed as a file-local interface/type whose
|
|
10
|
+
* `<field>` is a `Map`/`Set`. These tests pin the FP and confirm genuine
|
|
11
|
+
* read-then-update on shared persistent state still fires.
|
|
12
|
+
*/
|
|
13
|
+
export {};
|
|
14
|
+
//# sourceMappingURL=toctou-fp.test.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"toctou-fp.test.d.ts","sourceRoot":"","sources":["../../../../../src/checks/quality/patterns/__tests__/toctou-fp.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG"}
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview Regression tests for the `toctou-race-condition` FP fix.
|
|
3
|
+
*
|
|
4
|
+
* The classifier treated a *chained* receiver (`state.lowlink.get(...)` then
|
|
5
|
+
* `state.lowlink.set(...)`) as an unknown — hence shared — receiver, so the
|
|
6
|
+
* "state bag of Maps" pattern common to iterative graph/DP algorithms (e.g.
|
|
7
|
+
* Tarjan SCC's `TarjanState`) was flagged as a TOCTOU even though it is
|
|
8
|
+
* single-threaded in-memory work. The fix recognizes `<obj>.<field>` where
|
|
9
|
+
* `<obj>` is a parameter/local typed as a file-local interface/type whose
|
|
10
|
+
* `<field>` is a `Map`/`Set`. These tests pin the FP and confirm genuine
|
|
11
|
+
* read-then-update on shared persistent state still fires.
|
|
12
|
+
*/
|
|
13
|
+
import { describe, expect, it } from 'vitest';
|
|
14
|
+
import { analyzeFileForToctou } from '../toctou-race-condition.js';
|
|
15
|
+
function analyze(src) {
|
|
16
|
+
// src/svc/* avoids the cache/cli/config/etc. safe-path skips.
|
|
17
|
+
return analyzeFileForToctou('src/svc/sample.ts', src);
|
|
18
|
+
}
|
|
19
|
+
describe('toctou-race-condition — state-bag-of-Maps FP regression', () => {
|
|
20
|
+
it('does NOT flag read-then-update on a state object whose interface fields are Maps', () => {
|
|
21
|
+
const src = `
|
|
22
|
+
interface TarjanState {
|
|
23
|
+
readonly index: Map<string, number>;
|
|
24
|
+
readonly lowlink: Map<string, number>;
|
|
25
|
+
readonly onStack: Set<string>;
|
|
26
|
+
}
|
|
27
|
+
function step(state: TarjanState, v: string): void {
|
|
28
|
+
const iv = state.lowlink.get(v);
|
|
29
|
+
state.index.get(v);
|
|
30
|
+
if (iv !== undefined) state.lowlink.set(v, iv);
|
|
31
|
+
state.onStack.has(v);
|
|
32
|
+
}
|
|
33
|
+
`;
|
|
34
|
+
expect(analyze(src)).toHaveLength(0);
|
|
35
|
+
});
|
|
36
|
+
it('recognizes the same pattern for a locally-declared state variable', () => {
|
|
37
|
+
const src = `
|
|
38
|
+
type Acc = { counts: Map<string, number> };
|
|
39
|
+
function tally(keys: string[]): Acc {
|
|
40
|
+
const acc: Acc = { counts: new Map() };
|
|
41
|
+
for (const k of keys) {
|
|
42
|
+
const cur = acc.counts.get(k) ?? 0;
|
|
43
|
+
acc.counts.set(k, cur + 1);
|
|
44
|
+
}
|
|
45
|
+
return acc;
|
|
46
|
+
}
|
|
47
|
+
`;
|
|
48
|
+
expect(analyze(src)).toHaveLength(0);
|
|
49
|
+
});
|
|
50
|
+
it('STILL flags genuine read-then-update on a shared persistent receiver', () => {
|
|
51
|
+
const src = `
|
|
52
|
+
async function updateUser(userRepo: UserRepository, id: string): Promise<void> {
|
|
53
|
+
const user = await userRepo.findOne(id);
|
|
54
|
+
user.lastSeen = Date.now();
|
|
55
|
+
await userRepo.save(user);
|
|
56
|
+
}
|
|
57
|
+
`;
|
|
58
|
+
expect(analyze(src).length).toBeGreaterThan(0);
|
|
59
|
+
});
|
|
60
|
+
});
|
|
61
|
+
//# sourceMappingURL=toctou-fp.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"toctou-fp.test.js","sourceRoot":"","sources":["../../../../../src/checks/quality/patterns/__tests__/toctou-fp.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAE9C,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AAEnE,SAAS,OAAO,CAAC,GAAW;IAC1B,8DAA8D;IAC9D,OAAO,oBAAoB,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;AACxD,CAAC;AAED,QAAQ,CAAC,yDAAyD,EAAE,GAAG,EAAE;IACvE,EAAE,CAAC,kFAAkF,EAAE,GAAG,EAAE;QAC1F,MAAM,GAAG,GAAG;;;;;;;;;;;;KAYX,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,GAAG,EAAE;QAC3E,MAAM,GAAG,GAAG;;;;;;;;;;KAUX,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sEAAsE,EAAE,GAAG,EAAE;QAC9E,MAAM,GAAG,GAAG;;;;;;KAMX,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview Async Waterfall Detection Check
|
|
3
|
+
*
|
|
4
|
+
* Detects sequential await statements that could potentially be parallelized
|
|
5
|
+
* with Promise.all(). Uses AST-aware heuristics:
|
|
6
|
+
* - Looks for consecutive lines with await expressions
|
|
7
|
+
* - Flags when the second await doesn't reference the variable from the first
|
|
8
|
+
* - Skips awaits in different conditional branches (if/else, ternary, switch)
|
|
9
|
+
* - Recognizes dynamic import destructuring dependencies
|
|
10
|
+
* - Skips mutex/lock acquire-then-execute patterns
|
|
11
|
+
* - Skips sleep/delay in polling loops
|
|
12
|
+
*/
|
|
13
|
+
/**
|
|
14
|
+
* Check: quality/async-waterfall-detection
|
|
15
|
+
*
|
|
16
|
+
* Detects sequential await statements that could potentially be parallelized.
|
|
17
|
+
* Uses AST-aware heuristics including:
|
|
18
|
+
* - Consecutive await detection within a configurable line gap
|
|
19
|
+
* - Variable dependency tracking (simple names and destructured bindings)
|
|
20
|
+
* - Conditional branch awareness (if/else, ternary, switch/case)
|
|
21
|
+
* - Dynamic import recognition
|
|
22
|
+
* - Mutex/lock acquire pattern exclusion
|
|
23
|
+
* - Sleep/delay pattern exclusion
|
|
24
|
+
*/
|
|
25
|
+
export declare const asyncWaterfallDetection: import("@opensip-cli/fitness").Check;
|
|
26
|
+
//# sourceMappingURL=async-waterfall-detection.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"async-waterfall-detection.d.ts","sourceRoot":"","sources":["../../../../src/checks/quality/patterns/async-waterfall-detection.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;GAWG;AAybH;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,uBAAuB,sCAsClC,CAAC"}
|