@opensip-cli/checks-typescript 0.1.10 → 0.1.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -2
- package/dist/__tests__/all-checks-execute.test.d.ts.map +1 -1
- package/dist/__tests__/all-checks-execute.test.js +0 -1
- package/dist/__tests__/all-checks-execute.test.js.map +1 -1
- package/dist/__tests__/behavior-fixtures-2.test.d.ts.map +1 -1
- package/dist/__tests__/behavior-fixtures-2.test.js +0 -1
- package/dist/__tests__/behavior-fixtures-2.test.js.map +1 -1
- package/dist/__tests__/behavior-fixtures-3.test.d.ts.map +1 -1
- package/dist/__tests__/behavior-fixtures-3.test.js +0 -1
- package/dist/__tests__/behavior-fixtures-3.test.js.map +1 -1
- package/dist/__tests__/behavior-fixtures-4.test.d.ts.map +1 -1
- package/dist/__tests__/behavior-fixtures-4.test.js +0 -1
- package/dist/__tests__/behavior-fixtures-4.test.js.map +1 -1
- package/dist/__tests__/behavior-fixtures-5.test.d.ts.map +1 -1
- package/dist/__tests__/behavior-fixtures-5.test.js +0 -1
- package/dist/__tests__/behavior-fixtures-5.test.js.map +1 -1
- package/dist/__tests__/behavior-fixtures-6.test.js +10 -0
- package/dist/__tests__/behavior-fixtures-6.test.js.map +1 -1
- package/dist/__tests__/behavior-fixtures.test.d.ts.map +1 -1
- package/dist/__tests__/behavior-fixtures.test.js +2 -4
- package/dist/__tests__/behavior-fixtures.test.js.map +1 -1
- package/dist/__tests__/branch-fixtures-2.test.d.ts.map +1 -1
- package/dist/__tests__/branch-fixtures-2.test.js +0 -1
- package/dist/__tests__/branch-fixtures-2.test.js.map +1 -1
- package/dist/__tests__/branch-fixtures-3.test.d.ts.map +1 -1
- package/dist/__tests__/branch-fixtures-3.test.js +0 -1
- package/dist/__tests__/branch-fixtures-3.test.js.map +1 -1
- package/dist/__tests__/branch-fixtures.test.d.ts.map +1 -1
- package/dist/__tests__/branch-fixtures.test.js +0 -1
- package/dist/__tests__/branch-fixtures.test.js.map +1 -1
- package/dist/checks/architecture/__tests__/live-view-through-cli-live.test.d.ts +2 -0
- package/dist/checks/architecture/__tests__/live-view-through-cli-live.test.d.ts.map +1 -0
- package/dist/checks/architecture/__tests__/live-view-through-cli-live.test.js +13 -0
- package/dist/checks/architecture/__tests__/live-view-through-cli-live.test.js.map +1 -0
- package/dist/checks/architecture/contracts-schema-consistency.d.ts.map +1 -1
- package/dist/checks/architecture/contracts-schema-consistency.js +0 -3
- package/dist/checks/architecture/contracts-schema-consistency.js.map +1 -1
- package/dist/checks/architecture/drizzle-orm-migration-guardrails.d.ts.map +1 -1
- package/dist/checks/architecture/drizzle-orm-migration-guardrails.js +1 -0
- package/dist/checks/architecture/drizzle-orm-migration-guardrails.js.map +1 -1
- package/dist/checks/architecture/index.d.ts +1 -0
- package/dist/checks/architecture/index.d.ts.map +1 -1
- package/dist/checks/architecture/index.js +1 -0
- package/dist/checks/architecture/index.js.map +1 -1
- package/dist/checks/architecture/live-view-through-cli-live.d.ts +8 -0
- package/dist/checks/architecture/live-view-through-cli-live.d.ts.map +1 -0
- package/dist/checks/architecture/live-view-through-cli-live.js +43 -0
- package/dist/checks/architecture/live-view-through-cli-live.js.map +1 -0
- package/dist/checks/architecture/missing-type-exports.d.ts.map +1 -1
- package/dist/checks/architecture/missing-type-exports.js +1 -1
- package/dist/checks/architecture/missing-type-exports.js.map +1 -1
- package/dist/checks/architecture/module-coupling-fan-out.d.ts.map +1 -1
- package/dist/checks/architecture/module-coupling-fan-out.js +6 -2
- package/dist/checks/architecture/module-coupling-fan-out.js.map +1 -1
- package/dist/checks/architecture/no-bootstrap-tool-import.d.ts.map +1 -1
- package/dist/checks/architecture/no-bootstrap-tool-import.js +1 -0
- package/dist/checks/architecture/no-bootstrap-tool-import.js.map +1 -1
- package/dist/checks/architecture/no-run-done-result.d.ts.map +1 -1
- package/dist/checks/architecture/no-run-done-result.js +1 -0
- package/dist/checks/architecture/no-run-done-result.js.map +1 -1
- package/dist/checks/architecture/package-json-exports-field.d.ts.map +1 -1
- package/dist/checks/architecture/package-json-exports-field.js +1 -1
- package/dist/checks/architecture/package-json-exports-field.js.map +1 -1
- package/dist/checks/architecture/phantom-dependency-detection.d.ts.map +1 -1
- package/dist/checks/architecture/phantom-dependency-detection.js +0 -3
- package/dist/checks/architecture/phantom-dependency-detection.js.map +1 -1
- package/dist/checks/architecture/tsconfig-extends-validation.d.ts.map +1 -1
- package/dist/checks/architecture/tsconfig-extends-validation.js +0 -2
- package/dist/checks/architecture/tsconfig-extends-validation.js.map +1 -1
- package/dist/checks/quality/code-structure/__tests__/duplicate-utility-lang-substrate.test.d.ts +5 -0
- package/dist/checks/quality/code-structure/__tests__/duplicate-utility-lang-substrate.test.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/__tests__/duplicate-utility-lang-substrate.test.js +17 -0
- package/dist/checks/quality/code-structure/__tests__/duplicate-utility-lang-substrate.test.js.map +1 -0
- package/dist/checks/quality/code-structure/duplicate-utility-functions-config.d.ts +18 -0
- package/dist/checks/quality/code-structure/duplicate-utility-functions-config.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/duplicate-utility-functions-config.js +36 -0
- package/dist/checks/quality/code-structure/duplicate-utility-functions-config.js.map +1 -0
- package/dist/checks/quality/code-structure/duplicate-utility-functions-helpers.d.ts +15 -0
- package/dist/checks/quality/code-structure/duplicate-utility-functions-helpers.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/duplicate-utility-functions-helpers.js +288 -0
- package/dist/checks/quality/code-structure/duplicate-utility-functions-helpers.js.map +1 -0
- package/dist/checks/quality/code-structure/duplicate-utility-functions.d.ts +1 -26
- package/dist/checks/quality/code-structure/duplicate-utility-functions.d.ts.map +1 -1
- package/dist/checks/quality/code-structure/duplicate-utility-functions.js +3 -407
- package/dist/checks/quality/code-structure/duplicate-utility-functions.js.map +1 -1
- package/dist/checks/quality/data-integrity/__tests__/null-safety-fp.test.js +39 -2
- package/dist/checks/quality/data-integrity/__tests__/null-safety-fp.test.js.map +1 -1
- package/dist/checks/quality/data-integrity/array-validation-detectors.d.ts +17 -0
- package/dist/checks/quality/data-integrity/array-validation-detectors.d.ts.map +1 -0
- package/dist/checks/quality/data-integrity/array-validation-detectors.js +184 -0
- package/dist/checks/quality/data-integrity/array-validation-detectors.js.map +1 -0
- package/dist/checks/quality/data-integrity/array-validation.d.ts +0 -2
- package/dist/checks/quality/data-integrity/array-validation.d.ts.map +1 -1
- package/dist/checks/quality/data-integrity/array-validation.js +2 -360
- package/dist/checks/quality/data-integrity/array-validation.js.map +1 -1
- package/dist/checks/quality/data-integrity/database-schema-validation.d.ts.map +1 -1
- package/dist/checks/quality/data-integrity/database-schema-validation.js +0 -1
- package/dist/checks/quality/data-integrity/database-schema-validation.js.map +1 -1
- package/dist/checks/quality/data-integrity/null-safety-analyze.d.ts +33 -0
- package/dist/checks/quality/data-integrity/null-safety-analyze.d.ts.map +1 -0
- package/dist/checks/quality/data-integrity/null-safety-analyze.js +164 -0
- package/dist/checks/quality/data-integrity/null-safety-analyze.js.map +1 -0
- package/dist/checks/quality/data-integrity/null-safety-config.d.ts +50 -0
- package/dist/checks/quality/data-integrity/null-safety-config.d.ts.map +1 -0
- package/dist/checks/quality/data-integrity/null-safety-config.js +69 -0
- package/dist/checks/quality/data-integrity/null-safety-config.js.map +1 -0
- package/dist/checks/quality/data-integrity/null-safety-heuristics.d.ts +76 -0
- package/dist/checks/quality/data-integrity/null-safety-heuristics.d.ts.map +1 -0
- package/dist/checks/quality/data-integrity/null-safety-heuristics.js +276 -0
- package/dist/checks/quality/data-integrity/null-safety-heuristics.js.map +1 -0
- package/dist/checks/quality/data-integrity/null-safety-prefixes.d.ts +13 -0
- package/dist/checks/quality/data-integrity/null-safety-prefixes.d.ts.map +1 -0
- package/dist/checks/quality/data-integrity/null-safety-prefixes.js +333 -0
- package/dist/checks/quality/data-integrity/null-safety-prefixes.js.map +1 -0
- package/dist/checks/quality/data-integrity/null-safety.d.ts +2 -82
- package/dist/checks/quality/data-integrity/null-safety.d.ts.map +1 -1
- package/dist/checks/quality/data-integrity/null-safety.js +3 -796
- package/dist/checks/quality/data-integrity/null-safety.js.map +1 -1
- package/dist/checks/quality/frontend/test-only-frontend-modules.d.ts.map +1 -1
- package/dist/checks/quality/frontend/test-only-frontend-modules.js +0 -2
- package/dist/checks/quality/frontend/test-only-frontend-modules.js.map +1 -1
- package/dist/checks/quality/linting/typescript-frontend.d.ts.map +1 -1
- package/dist/checks/quality/linting/typescript-frontend.js +1 -0
- package/dist/checks/quality/linting/typescript-frontend.js.map +1 -1
- package/dist/checks/quality/observability/logger-event-name-format.d.ts.map +1 -1
- package/dist/checks/quality/observability/logger-event-name-format.js +0 -1
- package/dist/checks/quality/observability/logger-event-name-format.js.map +1 -1
- package/dist/checks/quality/observability/no-hardcoded-correlation-id.d.ts.map +1 -1
- package/dist/checks/quality/observability/no-hardcoded-correlation-id.js +2 -3
- package/dist/checks/quality/observability/no-hardcoded-correlation-id.js.map +1 -1
- package/dist/checks/quality/patterns/__tests__/async-waterfall-sequential.test.d.ts +8 -0
- package/dist/checks/quality/patterns/__tests__/async-waterfall-sequential.test.d.ts.map +1 -0
- package/dist/checks/quality/patterns/__tests__/async-waterfall-sequential.test.js +87 -0
- package/dist/checks/quality/patterns/__tests__/async-waterfall-sequential.test.js.map +1 -0
- package/dist/checks/quality/patterns/__tests__/error-handling-probes.test.d.ts +2 -0
- package/dist/checks/quality/patterns/__tests__/error-handling-probes.test.d.ts.map +1 -0
- package/dist/checks/quality/patterns/__tests__/error-handling-probes.test.js +51 -0
- package/dist/checks/quality/patterns/__tests__/error-handling-probes.test.js.map +1 -0
- package/dist/checks/quality/patterns/__tests__/result-pattern-registration-guards.test.d.ts +2 -0
- package/dist/checks/quality/patterns/__tests__/result-pattern-registration-guards.test.d.ts.map +1 -0
- package/dist/checks/quality/patterns/__tests__/result-pattern-registration-guards.test.js +89 -0
- package/dist/checks/quality/patterns/__tests__/result-pattern-registration-guards.test.js.map +1 -0
- package/dist/checks/quality/patterns/__tests__/throws-documentation-analyze.test.d.ts +5 -0
- package/dist/checks/quality/patterns/__tests__/throws-documentation-analyze.test.d.ts.map +1 -0
- package/dist/checks/quality/patterns/__tests__/throws-documentation-analyze.test.js +78 -0
- package/dist/checks/quality/patterns/__tests__/throws-documentation-analyze.test.js.map +1 -0
- package/dist/checks/quality/patterns/__tests__/toctou-fp.test.js +44 -0
- package/dist/checks/quality/patterns/__tests__/toctou-fp.test.js.map +1 -1
- package/dist/checks/quality/patterns/async-waterfall-analysis.d.ts +17 -0
- package/dist/checks/quality/patterns/async-waterfall-analysis.d.ts.map +1 -0
- package/dist/checks/quality/patterns/async-waterfall-analysis.js +215 -0
- package/dist/checks/quality/patterns/async-waterfall-analysis.js.map +1 -0
- package/dist/checks/quality/patterns/async-waterfall-branch-keys.d.ts +6 -0
- package/dist/checks/quality/patterns/async-waterfall-branch-keys.d.ts.map +1 -0
- package/dist/checks/quality/patterns/async-waterfall-branch-keys.js +54 -0
- package/dist/checks/quality/patterns/async-waterfall-branch-keys.js.map +1 -0
- package/dist/checks/quality/patterns/async-waterfall-detection.d.ts.map +1 -1
- package/dist/checks/quality/patterns/async-waterfall-detection.js +3 -352
- package/dist/checks/quality/patterns/async-waterfall-detection.js.map +1 -1
- package/dist/checks/quality/patterns/containing-function-name.d.ts +3 -0
- package/dist/checks/quality/patterns/containing-function-name.d.ts.map +1 -0
- package/dist/checks/quality/patterns/containing-function-name.js +21 -0
- package/dist/checks/quality/patterns/containing-function-name.js.map +1 -0
- package/dist/checks/quality/patterns/error-handling-quality.d.ts +3 -0
- package/dist/checks/quality/patterns/error-handling-quality.d.ts.map +1 -1
- package/dist/checks/quality/patterns/error-handling-quality.js +150 -30
- package/dist/checks/quality/patterns/error-handling-quality.js.map +1 -1
- package/dist/checks/quality/patterns/result-pattern-consistency.d.ts +3 -0
- package/dist/checks/quality/patterns/result-pattern-consistency.d.ts.map +1 -1
- package/dist/checks/quality/patterns/result-pattern-consistency.js +136 -69
- package/dist/checks/quality/patterns/result-pattern-consistency.js.map +1 -1
- package/dist/checks/quality/patterns/throws-documentation-analyze.d.ts +14 -0
- package/dist/checks/quality/patterns/throws-documentation-analyze.d.ts.map +1 -0
- package/dist/checks/quality/patterns/throws-documentation-analyze.js +352 -0
- package/dist/checks/quality/patterns/throws-documentation-analyze.js.map +1 -0
- package/dist/checks/quality/patterns/throws-documentation-constants.d.ts +15 -0
- package/dist/checks/quality/patterns/throws-documentation-constants.d.ts.map +1 -0
- package/dist/checks/quality/patterns/throws-documentation-constants.js +94 -0
- package/dist/checks/quality/patterns/throws-documentation-constants.js.map +1 -0
- package/dist/checks/quality/patterns/throws-documentation.d.ts +1 -11
- package/dist/checks/quality/patterns/throws-documentation.d.ts.map +1 -1
- package/dist/checks/quality/patterns/throws-documentation.js +4 -472
- package/dist/checks/quality/patterns/throws-documentation.js.map +1 -1
- package/dist/checks/quality/patterns/toctou-race-condition-classify.d.ts +23 -0
- package/dist/checks/quality/patterns/toctou-race-condition-classify.d.ts.map +1 -0
- package/dist/checks/quality/patterns/toctou-race-condition-classify.js +125 -0
- package/dist/checks/quality/patterns/toctou-race-condition-classify.js.map +1 -0
- package/dist/checks/quality/patterns/toctou-race-condition-collection.d.ts +24 -0
- package/dist/checks/quality/patterns/toctou-race-condition-collection.d.ts.map +1 -0
- package/dist/checks/quality/patterns/toctou-race-condition-collection.js +248 -0
- package/dist/checks/quality/patterns/toctou-race-condition-collection.js.map +1 -0
- package/dist/checks/quality/patterns/toctou-race-condition-constants.d.ts +32 -0
- package/dist/checks/quality/patterns/toctou-race-condition-constants.d.ts.map +1 -0
- package/dist/checks/quality/patterns/toctou-race-condition-constants.js +115 -0
- package/dist/checks/quality/patterns/toctou-race-condition-constants.js.map +1 -0
- package/dist/checks/quality/patterns/toctou-race-condition.d.ts +1 -29
- package/dist/checks/quality/patterns/toctou-race-condition.d.ts.map +1 -1
- package/dist/checks/quality/patterns/toctou-race-condition.js +11 -536
- package/dist/checks/quality/patterns/toctou-race-condition.js.map +1 -1
- package/dist/checks/quality/unused-config-options.d.ts.map +1 -1
- package/dist/checks/quality/unused-config-options.js +0 -4
- package/dist/checks/quality/unused-config-options.js.map +1 -1
- package/dist/checks/resilience/__tests__/detached-promises-sync-detection.test.d.ts +2 -0
- package/dist/checks/resilience/__tests__/detached-promises-sync-detection.test.d.ts.map +1 -0
- package/dist/checks/resilience/__tests__/detached-promises-sync-detection.test.js +98 -0
- package/dist/checks/resilience/__tests__/detached-promises-sync-detection.test.js.map +1 -0
- package/dist/checks/resilience/callback-invocation-safe.d.ts.map +1 -1
- package/dist/checks/resilience/callback-invocation-safe.js +0 -1
- package/dist/checks/resilience/callback-invocation-safe.js.map +1 -1
- package/dist/checks/resilience/context-leakage.d.ts.map +1 -1
- package/dist/checks/resilience/context-leakage.js +1 -0
- package/dist/checks/resilience/context-leakage.js.map +1 -1
- package/dist/checks/resilience/detached-promises-detection.d.ts +7 -0
- package/dist/checks/resilience/detached-promises-detection.d.ts.map +1 -0
- package/dist/checks/resilience/detached-promises-detection.js +228 -0
- package/dist/checks/resilience/detached-promises-detection.js.map +1 -0
- package/dist/checks/resilience/detached-promises-sync-constants.d.ts +36 -0
- package/dist/checks/resilience/detached-promises-sync-constants.d.ts.map +1 -0
- package/dist/checks/resilience/detached-promises-sync-constants.js +299 -0
- package/dist/checks/resilience/detached-promises-sync-constants.js.map +1 -0
- package/dist/checks/resilience/detached-promises-sync-detection.d.ts +14 -0
- package/dist/checks/resilience/detached-promises-sync-detection.d.ts.map +1 -0
- package/dist/checks/resilience/detached-promises-sync-detection.js +69 -0
- package/dist/checks/resilience/detached-promises-sync-detection.js.map +1 -0
- package/dist/checks/resilience/detached-promises.d.ts +1 -14
- package/dist/checks/resilience/detached-promises.d.ts.map +1 -1
- package/dist/checks/resilience/detached-promises.js +2 -598
- package/dist/checks/resilience/detached-promises.js.map +1 -1
- package/dist/checks/resilience/no-raw-fetch.d.ts.map +1 -1
- package/dist/checks/resilience/no-raw-fetch.js +1 -0
- package/dist/checks/resilience/no-raw-fetch.js.map +1 -1
- package/dist/checks/resilience/no-unbounded-concurrency.d.ts.map +1 -1
- package/dist/checks/resilience/no-unbounded-concurrency.js +1 -0
- package/dist/checks/resilience/no-unbounded-concurrency.js.map +1 -1
- package/dist/checks/security/sql-injection.d.ts.map +1 -1
- package/dist/checks/security/sql-injection.js +0 -1
- package/dist/checks/security/sql-injection.js.map +1 -1
- package/dist/display/architecture.d.ts.map +1 -1
- package/dist/display/architecture.js +1 -0
- package/dist/display/architecture.js.map +1 -1
- package/dist/display/types.d.ts.map +1 -1
- package/dist/display/types.js +0 -1
- package/dist/display/types.js.map +1 -1
- package/package.json +5 -5
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"toctou-race-condition-classify.js","sourceRoot":"","sources":["../../../../src/checks/quality/patterns/toctou-race-condition-classify.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,MAAM,YAAY,CAAC;AAEjC,OAAO,EACL,oBAAoB,EACpB,kBAAkB,EAClB,2BAA2B,GAE5B,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EACL,0BAA0B,EAC1B,YAAY,EACZ,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,sCAAsC,CAAC;AAW9C,SAAS,kBAAkB,CAAC,IAAuB;IACjD,IAAI,CAAC,EAAE,CAAC,0BAA0B,CAAC,IAAI,CAAC,UAAU,CAAC;QAAE,OAAO,KAAK,CAAC;IAClE,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAC9B,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,IAAI,EAAE,CAAC,0BAA0B,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,KAAK;QAC1F,OAAO,IAAI,CAAC;IACd,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAuB;IACnD,IAAI,CAAC,EAAE,CAAC,0BAA0B,CAAC,IAAI,CAAC,UAAU,CAAC;QAAE,OAAO,KAAK,CAAC;IAClE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;IAC7C,IAAI,CAAC,0BAA0B,CAAC,UAAU,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;IAC5C,IAAI,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC;QACxB,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;IACjE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,eAAe,CAAC,IAAuB;IAC9C,IAAI,CAAC,EAAE,CAAC,0BAA0B,CAAC,IAAI,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IACjE,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;IAC5C,IAAI,QAAQ,CAAC,IAAI,KAAK,EAAE,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;QAChD,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAChE,CAAC;IACD,MAAM,KAAK,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAC7C,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC9B,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAClE,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC;AAC7C,CAAC;AAED,SAAS,eAAe,CACtB,QAAgD,EAChD,GAIC;IAED,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;QACzB,OAAO,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,2BAA2B,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC/F,CAAC;IACD,OAAO,CACL,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC;QACvC,GAAG,CAAC,yBAAyB,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC;QAChD,2BAA2B,CAAC,QAAQ,CAAC,IAAI,CAAC,CAC3C,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CACnB,IAAuB,EACvB,GAIC;IAED,IAAI,kBAAkB,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC;IAClE,IAAI,oBAAoB,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC;IAEpE,IAAI,CAAC,EAAE,CAAC,0BAA0B,CAAC,IAAI,CAAC,UAAU,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;IAClF,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;IAC7C,MAAM,MAAM,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;IACxC,MAAM,QAAQ,GAAG,cAAc,CAAC,UAAU,CAAC,CAAC;IAC5C,IAAI,CAAC,MAAM,IAAI,CAAC,QAAQ;QAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;IAEvD,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,kBAAkB,EAAE,CAAC;IAClE,CAAC;IAED,IAAI,eAAe,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,CAAC;QACnC,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,iBAAiB,EAAE,CAAC;IAChE,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,kBAAkB,EAAE,CAAC;AAClE,CAAC;AAED,kFAAkF;AAClF,MAAM,UAAU,qBAAqB,CACnC,IAAsB,EACtB,gBAA6B,EAC7B,gBAA6B,EAC7B,yBAAsC;IAEtC,MAAM,GAAG,GAAG,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,CAAC;IAC9E,MAAM,WAAW,GAAG,IAAI,GAAG,EAA8C,CAAC;IAC1E,IAAI,wBAAwB,GAAG,KAAK,CAAC;IACrC,IAAI,0BAA0B,GAAG,KAAK,CAAC;IAEvC,MAAM,KAAK,GAAG,CAAC,CAAU,EAAQ,EAAE;QACjC,IAAI,CAAC,KAAK,IAAI,IAAI,kBAAkB,CAAC,CAAC,CAAC;YAAE,OAAO;QAChD,IAAI,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,YAAY,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;YACjC,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa,IAAI,GAAG,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;gBAC/D,MAAM,IAAI,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;gBAChC,IAAI,IAAI,EAAE,CAAC;oBACT,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;oBAC/D,IAAI,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;oBACjC,IAAI,CAAC,KAAK,EAAE,CAAC;wBACX,KAAK,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;wBACvC,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;oBAC9B,CAAC;oBACD,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa;wBAAE,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC;;wBAC7C,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC;gBAC3B,CAAC;qBAAM,CAAC;oBACN,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa;wBAAE,wBAAwB,GAAG,IAAI,CAAC;;wBAC3D,0BAA0B,GAAG,IAAI,CAAC;gBACzC,CAAC;YACH,CAAC;QACH,CAAC;QACD,EAAE,CAAC,YAAY,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAC5B,CAAC,CAAC;IACF,IAAI,IAAI,CAAC,IAAI;QAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEhC,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;QACzC,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YAC/B,OAAO,EAAE,oCAAoC,EAAE,IAAI,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IACD,IAAI,wBAAwB,IAAI,0BAA0B,EAAE,CAAC;QAC3D,OAAO,EAAE,oCAAoC,EAAE,IAAI,EAAE,CAAC;IACxD,CAAC;IACD,OAAO,EAAE,oCAAoC,EAAE,KAAK,EAAE,CAAC;AACzD,CAAC;AACD,gDAAgD"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Local-collection and interface-field collection helpers for TOCTOU detection.
|
|
3
|
+
*/
|
|
4
|
+
import * as ts from 'typescript';
|
|
5
|
+
/** Function-like node types that can have TOCTOU patterns */
|
|
6
|
+
export type FunctionLikeNode = ts.FunctionDeclaration | ts.MethodDeclaration | ts.ArrowFunction | ts.FunctionExpression;
|
|
7
|
+
/** Check if node is a function-like node */
|
|
8
|
+
export declare function isFunctionLikeNode(node: ts.Node): node is FunctionLikeNode;
|
|
9
|
+
/** Heuristic for in-process cache fields (`this.#cache`, `this.headerCache`, etc.). */
|
|
10
|
+
export declare function isInMemoryCacheReceiverText(text: string): boolean;
|
|
11
|
+
/** Full dotted receiver chain for a property-access call target. */
|
|
12
|
+
export declare function getReceiverChainText(expr: ts.Expression): string | null;
|
|
13
|
+
/** `const { byId } = this` aliases for class-owned Map/Set fields. */
|
|
14
|
+
export declare function collectThisCollectionFieldAliases(node: FunctionLikeNode, classCacheFields: ReadonlySet<string>): Set<string>;
|
|
15
|
+
/** Map/Set names declared in enclosing functions (closure-visible locals). */
|
|
16
|
+
export declare function collectEnclosingLocalCollectionNames(node: FunctionLikeNode): Set<string>;
|
|
17
|
+
/** Collect local Map/Set variable names within a function. */
|
|
18
|
+
export declare function collectLocalCollectionNames(node: FunctionLikeNode): Set<string>;
|
|
19
|
+
export declare function collectClassInMemoryFieldNames(node: FunctionLikeNode): Set<string>;
|
|
20
|
+
/** Index file-local interface/type declarations to Map/Set field names. */
|
|
21
|
+
export declare function collectInterfaceCollectionFields(sourceFile: ts.SourceFile): Map<string, Set<string>>;
|
|
22
|
+
/** Collect `<receiver>.<field>` keys for state-bag Map/Set fields. */
|
|
23
|
+
export declare function collectLocalObjectCollectionFieldKeys(node: FunctionLikeNode, interfaceCollectionFields: ReadonlyMap<string, Set<string>>): Set<string>;
|
|
24
|
+
//# sourceMappingURL=toctou-race-condition-collection.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"toctou-race-condition-collection.d.ts","sourceRoot":"","sources":["../../../../src/checks/quality/patterns/toctou-race-condition-collection.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,MAAM,YAAY,CAAC;AAEjC,6DAA6D;AAC7D,MAAM,MAAM,gBAAgB,GACxB,EAAE,CAAC,mBAAmB,GACtB,EAAE,CAAC,iBAAiB,GACpB,EAAE,CAAC,aAAa,GAChB,EAAE,CAAC,kBAAkB,CAAC;AAE1B,4CAA4C;AAC5C,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,GAAG,IAAI,IAAI,gBAAgB,CAO1E;AA+BD,uFAAuF;AACvF,wBAAgB,2BAA2B,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAUjE;AAED,oEAAoE;AACpE,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,EAAE,CAAC,UAAU,GAAG,MAAM,GAAG,IAAI,CAQvE;AA2CD,sEAAsE;AACtE,wBAAgB,iCAAiC,CAC/C,IAAI,EAAE,gBAAgB,EACtB,gBAAgB,EAAE,WAAW,CAAC,MAAM,CAAC,GACpC,GAAG,CAAC,MAAM,CAAC,CAkBb;AAED,8EAA8E;AAC9E,wBAAgB,oCAAoC,CAAC,IAAI,EAAE,gBAAgB,GAAG,GAAG,CAAC,MAAM,CAAC,CAkBxF;AAED,8DAA8D;AAC9D,wBAAgB,2BAA2B,CAAC,IAAI,EAAE,gBAAgB,GAAG,GAAG,CAAC,MAAM,CAAC,CAsB/E;AAGD,wBAAgB,8BAA8B,CAAC,IAAI,EAAE,gBAAgB,GAAG,GAAG,CAAC,MAAM,CAAC,CA2BlF;AAED,2EAA2E;AAC3E,wBAAgB,gCAAgC,CAC9C,UAAU,EAAE,EAAE,CAAC,UAAU,GACxB,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAyB1B;AAED,sEAAsE;AACtE,wBAAgB,qCAAqC,CACnD,IAAI,EAAE,gBAAgB,EACtB,yBAAyB,EAAE,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,GAC1D,GAAG,CAAC,MAAM,CAAC,CAmBb"}
|
|
@@ -0,0 +1,248 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Local-collection and interface-field collection helpers for TOCTOU detection.
|
|
3
|
+
*/
|
|
4
|
+
import * as ts from 'typescript';
|
|
5
|
+
/** Check if node is a function-like node */
|
|
6
|
+
export function isFunctionLikeNode(node) {
|
|
7
|
+
return (ts.isFunctionDeclaration(node) ||
|
|
8
|
+
ts.isMethodDeclaration(node) ||
|
|
9
|
+
ts.isArrowFunction(node) ||
|
|
10
|
+
ts.isFunctionExpression(node));
|
|
11
|
+
}
|
|
12
|
+
const IN_MEMORY_COLLECTION_TYPE_NAMES = new Set([
|
|
13
|
+
'Map',
|
|
14
|
+
'WeakMap',
|
|
15
|
+
'ReadonlyMap',
|
|
16
|
+
'Set',
|
|
17
|
+
'WeakSet',
|
|
18
|
+
'ReadonlySet',
|
|
19
|
+
]);
|
|
20
|
+
function isInMemoryCollectionTypeNode(typeNode) {
|
|
21
|
+
if (!typeNode)
|
|
22
|
+
return false;
|
|
23
|
+
if (ts.isTypeReferenceNode(typeNode)) {
|
|
24
|
+
const name = typeNode.typeName;
|
|
25
|
+
if (ts.isIdentifier(name)) {
|
|
26
|
+
if (IN_MEMORY_COLLECTION_TYPE_NAMES.has(name.text))
|
|
27
|
+
return true;
|
|
28
|
+
if (name.text.endsWith('Cache'))
|
|
29
|
+
return true;
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
return false;
|
|
33
|
+
}
|
|
34
|
+
function isInMemoryCollectionInitializer(init) {
|
|
35
|
+
if (!init)
|
|
36
|
+
return false;
|
|
37
|
+
if (ts.isNewExpression(init) && ts.isIdentifier(init.expression)) {
|
|
38
|
+
return IN_MEMORY_COLLECTION_TYPE_NAMES.has(init.expression.text);
|
|
39
|
+
}
|
|
40
|
+
return false;
|
|
41
|
+
}
|
|
42
|
+
/** Heuristic for in-process cache fields (`this.#cache`, `this.headerCache`, etc.). */
|
|
43
|
+
export function isInMemoryCacheReceiverText(text) {
|
|
44
|
+
const normalized = text.replace(/^[#_]/, '');
|
|
45
|
+
if (normalized === 'cache')
|
|
46
|
+
return true;
|
|
47
|
+
if (normalized.endsWith('Cache'))
|
|
48
|
+
return true;
|
|
49
|
+
if (normalized.endsWith('.filteredContent'))
|
|
50
|
+
return true;
|
|
51
|
+
if (normalized.includes('parseCache'))
|
|
52
|
+
return true;
|
|
53
|
+
if (normalized === 'byId' || normalized === 'byName')
|
|
54
|
+
return true;
|
|
55
|
+
if (normalized.endsWith('.byId') || normalized.endsWith('.byName'))
|
|
56
|
+
return true;
|
|
57
|
+
if (normalized.endsWith('Handlers'))
|
|
58
|
+
return true;
|
|
59
|
+
return false;
|
|
60
|
+
}
|
|
61
|
+
/** Full dotted receiver chain for a property-access call target. */
|
|
62
|
+
export function getReceiverChainText(expr) {
|
|
63
|
+
if (ts.isIdentifier(expr))
|
|
64
|
+
return expr.text;
|
|
65
|
+
if (expr.kind === ts.SyntaxKind.ThisKeyword)
|
|
66
|
+
return 'this';
|
|
67
|
+
if (ts.isPropertyAccessExpression(expr)) {
|
|
68
|
+
const base = getReceiverChainText(expr.expression);
|
|
69
|
+
if (base)
|
|
70
|
+
return `${base}.${expr.name.text}`;
|
|
71
|
+
}
|
|
72
|
+
return null;
|
|
73
|
+
}
|
|
74
|
+
function collectThisDestructuringAliases(decl, classCacheFields, aliases) {
|
|
75
|
+
if (!ts.isObjectBindingPattern(decl.name) ||
|
|
76
|
+
decl.initializer?.kind !== ts.SyntaxKind.ThisKeyword) {
|
|
77
|
+
return;
|
|
78
|
+
}
|
|
79
|
+
for (const element of decl.name.elements) {
|
|
80
|
+
if (!ts.isBindingElement(element) || !ts.isIdentifier(element.name))
|
|
81
|
+
continue;
|
|
82
|
+
const propName = element.propertyName && ts.isIdentifier(element.propertyName)
|
|
83
|
+
? element.propertyName.text
|
|
84
|
+
: element.name.text;
|
|
85
|
+
if (classCacheFields.has(propName)) {
|
|
86
|
+
aliases.add(element.name.text);
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
function collectThisPropertyAccessAlias(decl, classCacheFields, aliases) {
|
|
91
|
+
const init = decl.initializer;
|
|
92
|
+
if (!ts.isIdentifier(decl.name) ||
|
|
93
|
+
!init ||
|
|
94
|
+
!ts.isPropertyAccessExpression(init) ||
|
|
95
|
+
init.expression.kind !== ts.SyntaxKind.ThisKeyword ||
|
|
96
|
+
!classCacheFields.has(init.name.text)) {
|
|
97
|
+
return;
|
|
98
|
+
}
|
|
99
|
+
aliases.add(decl.name.text);
|
|
100
|
+
}
|
|
101
|
+
/** `const { byId } = this` aliases for class-owned Map/Set fields. */
|
|
102
|
+
export function collectThisCollectionFieldAliases(node, classCacheFields) {
|
|
103
|
+
const aliases = new Set();
|
|
104
|
+
if (classCacheFields.size === 0)
|
|
105
|
+
return aliases;
|
|
106
|
+
const visit = (n) => {
|
|
107
|
+
if (n !== node && isFunctionLikeNode(n))
|
|
108
|
+
return;
|
|
109
|
+
if (!ts.isVariableDeclaration(n) || !n.initializer) {
|
|
110
|
+
ts.forEachChild(n, visit);
|
|
111
|
+
return;
|
|
112
|
+
}
|
|
113
|
+
collectThisDestructuringAliases(n, classCacheFields, aliases);
|
|
114
|
+
collectThisPropertyAccessAlias(n, classCacheFields, aliases);
|
|
115
|
+
ts.forEachChild(n, visit);
|
|
116
|
+
};
|
|
117
|
+
if (node.body)
|
|
118
|
+
visit(node.body);
|
|
119
|
+
return aliases;
|
|
120
|
+
}
|
|
121
|
+
/** Map/Set names declared in enclosing functions (closure-visible locals). */
|
|
122
|
+
export function collectEnclosingLocalCollectionNames(node) {
|
|
123
|
+
const names = new Set();
|
|
124
|
+
let current = node.parent;
|
|
125
|
+
while (current) {
|
|
126
|
+
if (isFunctionLikeNode(current)) {
|
|
127
|
+
for (const name of collectLocalCollectionNames(current)) {
|
|
128
|
+
names.add(name);
|
|
129
|
+
}
|
|
130
|
+
const classFields = collectClassInMemoryFieldNames(current);
|
|
131
|
+
for (const alias of collectThisCollectionFieldAliases(current, classFields)) {
|
|
132
|
+
names.add(alias);
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
current = current.parent;
|
|
136
|
+
}
|
|
137
|
+
return names;
|
|
138
|
+
}
|
|
139
|
+
/** Collect local Map/Set variable names within a function. */
|
|
140
|
+
export function collectLocalCollectionNames(node) {
|
|
141
|
+
const names = new Set();
|
|
142
|
+
for (const param of node.parameters) {
|
|
143
|
+
if (ts.isIdentifier(param.name) && isInMemoryCollectionTypeNode(param.type)) {
|
|
144
|
+
names.add(param.name.text);
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
const visit = (n) => {
|
|
148
|
+
if (n !== node && isFunctionLikeNode(n))
|
|
149
|
+
return;
|
|
150
|
+
if (ts.isVariableDeclaration(n) &&
|
|
151
|
+
ts.isIdentifier(n.name) &&
|
|
152
|
+
(isInMemoryCollectionInitializer(n.initializer) || isInMemoryCollectionTypeNode(n.type))) {
|
|
153
|
+
names.add(n.name.text);
|
|
154
|
+
}
|
|
155
|
+
ts.forEachChild(n, visit);
|
|
156
|
+
};
|
|
157
|
+
if (node.body)
|
|
158
|
+
visit(node.body);
|
|
159
|
+
return names;
|
|
160
|
+
}
|
|
161
|
+
// eslint-disable-next-line sonarjs/cognitive-complexity -- AST walk over class members
|
|
162
|
+
export function collectClassInMemoryFieldNames(node) {
|
|
163
|
+
const names = new Set();
|
|
164
|
+
let cls = node.parent;
|
|
165
|
+
while (cls && !ts.isClassDeclaration(cls) && !ts.isClassExpression(cls)) {
|
|
166
|
+
cls = cls.parent;
|
|
167
|
+
}
|
|
168
|
+
if (!cls)
|
|
169
|
+
return names;
|
|
170
|
+
const classNode = cls;
|
|
171
|
+
for (const member of classNode.members) {
|
|
172
|
+
if (ts.isPropertyDeclaration(member)) {
|
|
173
|
+
const memberName = member.name;
|
|
174
|
+
let fieldName;
|
|
175
|
+
if (ts.isIdentifier(memberName)) {
|
|
176
|
+
fieldName = memberName.text;
|
|
177
|
+
}
|
|
178
|
+
else if (ts.isPrivateIdentifier(memberName)) {
|
|
179
|
+
fieldName = memberName.text.replace(/^#/, '');
|
|
180
|
+
}
|
|
181
|
+
if (!fieldName)
|
|
182
|
+
continue;
|
|
183
|
+
if (isInMemoryCollectionInitializer(member.initializer) ||
|
|
184
|
+
isInMemoryCollectionTypeNode(member.type)) {
|
|
185
|
+
names.add(fieldName);
|
|
186
|
+
}
|
|
187
|
+
}
|
|
188
|
+
}
|
|
189
|
+
return names;
|
|
190
|
+
}
|
|
191
|
+
/** Index file-local interface/type declarations to Map/Set field names. */
|
|
192
|
+
export function collectInterfaceCollectionFields(sourceFile) {
|
|
193
|
+
const byType = new Map();
|
|
194
|
+
const fieldsFrom = (members) => {
|
|
195
|
+
const fields = new Set();
|
|
196
|
+
for (const member of members) {
|
|
197
|
+
if (ts.isPropertySignature(member) &&
|
|
198
|
+
ts.isIdentifier(member.name) &&
|
|
199
|
+
isInMemoryCollectionTypeNode(member.type)) {
|
|
200
|
+
fields.add(member.name.text);
|
|
201
|
+
}
|
|
202
|
+
}
|
|
203
|
+
return fields;
|
|
204
|
+
};
|
|
205
|
+
for (const stmt of sourceFile.statements) {
|
|
206
|
+
if (ts.isInterfaceDeclaration(stmt)) {
|
|
207
|
+
const fields = fieldsFrom(stmt.members);
|
|
208
|
+
if (fields.size > 0)
|
|
209
|
+
byType.set(stmt.name.text, fields);
|
|
210
|
+
}
|
|
211
|
+
else if (ts.isTypeAliasDeclaration(stmt) && ts.isTypeLiteralNode(stmt.type)) {
|
|
212
|
+
const fields = fieldsFrom(stmt.type.members);
|
|
213
|
+
if (fields.size > 0)
|
|
214
|
+
byType.set(stmt.name.text, fields);
|
|
215
|
+
}
|
|
216
|
+
}
|
|
217
|
+
return byType;
|
|
218
|
+
}
|
|
219
|
+
/** Collect `<receiver>.<field>` keys for state-bag Map/Set fields. */
|
|
220
|
+
export function collectLocalObjectCollectionFieldKeys(node, interfaceCollectionFields) {
|
|
221
|
+
const keys = new Set();
|
|
222
|
+
const addFor = (name, typeNode) => {
|
|
223
|
+
if (!typeNode || !ts.isTypeReferenceNode(typeNode))
|
|
224
|
+
return;
|
|
225
|
+
if (!ts.isIdentifier(typeNode.typeName))
|
|
226
|
+
return;
|
|
227
|
+
const fields = interfaceCollectionFields.get(typeNode.typeName.text);
|
|
228
|
+
if (!fields)
|
|
229
|
+
return;
|
|
230
|
+
for (const field of fields)
|
|
231
|
+
keys.add(`${name}.${field}`);
|
|
232
|
+
};
|
|
233
|
+
for (const param of node.parameters) {
|
|
234
|
+
if (ts.isIdentifier(param.name))
|
|
235
|
+
addFor(param.name.text, param.type);
|
|
236
|
+
}
|
|
237
|
+
const visit = (n) => {
|
|
238
|
+
if (n !== node && isFunctionLikeNode(n))
|
|
239
|
+
return;
|
|
240
|
+
if (ts.isVariableDeclaration(n) && ts.isIdentifier(n.name))
|
|
241
|
+
addFor(n.name.text, n.type);
|
|
242
|
+
ts.forEachChild(n, visit);
|
|
243
|
+
};
|
|
244
|
+
if (node.body)
|
|
245
|
+
visit(node.body);
|
|
246
|
+
return keys;
|
|
247
|
+
}
|
|
248
|
+
//# sourceMappingURL=toctou-race-condition-collection.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"toctou-race-condition-collection.js","sourceRoot":"","sources":["../../../../src/checks/quality/patterns/toctou-race-condition-collection.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,MAAM,YAAY,CAAC;AASjC,4CAA4C;AAC5C,MAAM,UAAU,kBAAkB,CAAC,IAAa;IAC9C,OAAO,CACL,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC;QAC9B,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC;QAC5B,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC;QACxB,EAAE,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAC9B,CAAC;AACJ,CAAC;AAED,MAAM,+BAA+B,GAAG,IAAI,GAAG,CAAC;IAC9C,KAAK;IACL,SAAS;IACT,aAAa;IACb,KAAK;IACL,SAAS;IACT,aAAa;CACd,CAAC,CAAC;AAEH,SAAS,4BAA4B,CAAC,QAAiC;IACrE,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5B,IAAI,EAAE,CAAC,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC;QAC/B,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1B,IAAI,+BAA+B,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,OAAO,IAAI,CAAC;YAChE,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAAE,OAAO,IAAI,CAAC;QAC/C,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,+BAA+B,CAAC,IAA+B;IACtE,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IACxB,IAAI,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QACjE,OAAO,+BAA+B,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACnE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,uFAAuF;AACvF,MAAM,UAAU,2BAA2B,CAAC,IAAY;IACtD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAC7C,IAAI,UAAU,KAAK,OAAO;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9C,IAAI,UAAU,CAAC,QAAQ,CAAC,kBAAkB,CAAC;QAAE,OAAO,IAAI,CAAC;IACzD,IAAI,UAAU,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAC;IACnD,IAAI,UAAU,KAAK,MAAM,IAAI,UAAU,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAClE,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,IAAI,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IACjD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,oEAAoE;AACpE,MAAM,UAAU,oBAAoB,CAAC,IAAmB;IACtD,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC,IAAI,CAAC;IAC5C,IAAI,IAAI,CAAC,IAAI,KAAK,EAAE,CAAC,UAAU,CAAC,WAAW;QAAE,OAAO,MAAM,CAAC;IAC3D,IAAI,EAAE,CAAC,0BAA0B,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACnD,IAAI,IAAI;YAAE,OAAO,GAAG,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IAC/C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,+BAA+B,CACtC,IAA4B,EAC5B,gBAAqC,EACrC,OAAoB;IAEpB,IACE,CAAC,EAAE,CAAC,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC;QACrC,IAAI,CAAC,WAAW,EAAE,IAAI,KAAK,EAAE,CAAC,UAAU,CAAC,WAAW,EACpD,CAAC;QACD,OAAO;IACT,CAAC;IACD,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACzC,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9E,MAAM,QAAQ,GACZ,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,YAAY,CAAC;YAC3D,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI;YAC3B,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;QACxB,IAAI,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,8BAA8B,CACrC,IAA4B,EAC5B,gBAAqC,EACrC,OAAoB;IAEpB,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC;IAC9B,IACE,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;QAC3B,CAAC,IAAI;QACL,CAAC,EAAE,CAAC,0BAA0B,CAAC,IAAI,CAAC;QACpC,IAAI,CAAC,UAAU,CAAC,IAAI,KAAK,EAAE,CAAC,UAAU,CAAC,WAAW;QAClD,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EACrC,CAAC;QACD,OAAO;IACT,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED,sEAAsE;AACtE,MAAM,UAAU,iCAAiC,CAC/C,IAAsB,EACtB,gBAAqC;IAErC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,IAAI,gBAAgB,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC;IAEhD,MAAM,KAAK,GAAG,CAAC,CAAU,EAAQ,EAAE;QACjC,IAAI,CAAC,KAAK,IAAI,IAAI,kBAAkB,CAAC,CAAC,CAAC;YAAE,OAAO;QAChD,IAAI,CAAC,EAAE,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;YACnD,EAAE,CAAC,YAAY,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;YAC1B,OAAO;QACT,CAAC;QAED,+BAA+B,CAAC,CAAC,EAAE,gBAAgB,EAAE,OAAO,CAAC,CAAC;QAC9D,8BAA8B,CAAC,CAAC,EAAE,gBAAgB,EAAE,OAAO,CAAC,CAAC;QAC7D,EAAE,CAAC,YAAY,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAC5B,CAAC,CAAC;IAEF,IAAI,IAAI,CAAC,IAAI;QAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8EAA8E;AAC9E,MAAM,UAAU,oCAAoC,CAAC,IAAsB;IACzE,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;IAChC,IAAI,OAAO,GAAwB,IAAI,CAAC,MAAM,CAAC;IAE/C,OAAO,OAAO,EAAE,CAAC;QACf,IAAI,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;YAChC,KAAK,MAAM,IAAI,IAAI,2BAA2B,CAAC,OAAO,CAAC,EAAE,CAAC;gBACxD,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAClB,CAAC;YACD,MAAM,WAAW,GAAG,8BAA8B,CAAC,OAAO,CAAC,CAAC;YAC5D,KAAK,MAAM,KAAK,IAAI,iCAAiC,CAAC,OAAO,EAAE,WAAW,CAAC,EAAE,CAAC;gBAC5E,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACnB,CAAC;QACH,CAAC;QACD,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8DAA8D;AAC9D,MAAM,UAAU,2BAA2B,CAAC,IAAsB;IAChE,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;IAEhC,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpC,IAAI,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,4BAA4B,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5E,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAG,CAAC,CAAU,EAAQ,EAAE;QACjC,IAAI,CAAC,KAAK,IAAI,IAAI,kBAAkB,CAAC,CAAC,CAAC;YAAE,OAAO;QAChD,IACE,EAAE,CAAC,qBAAqB,CAAC,CAAC,CAAC;YAC3B,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC;YACvB,CAAC,+BAA+B,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,4BAA4B,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,EACxF,CAAC;YACD,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzB,CAAC;QACD,EAAE,CAAC,YAAY,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAC5B,CAAC,CAAC;IACF,IAAI,IAAI,CAAC,IAAI;QAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,uFAAuF;AACvF,MAAM,UAAU,8BAA8B,CAAC,IAAsB;IACnE,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;IAChC,IAAI,GAAG,GAAwB,IAAI,CAAC,MAAM,CAAC;IAC3C,OAAO,GAAG,IAAI,CAAC,EAAE,CAAC,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC;QACxE,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC;IACnB,CAAC;IACD,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,MAAM,SAAS,GAAG,GAAG,CAAC;IACtB,KAAK,MAAM,MAAM,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;QACvC,IAAI,EAAE,CAAC,qBAAqB,CAAC,MAAM,CAAC,EAAE,CAAC;YACrC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC;YAC/B,IAAI,SAA6B,CAAC;YAClC,IAAI,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,EAAE,CAAC;gBAChC,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC;YAC9B,CAAC;iBAAM,IAAI,EAAE,CAAC,mBAAmB,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9C,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAChD,CAAC;YACD,IAAI,CAAC,SAAS;gBAAE,SAAS;YACzB,IACE,+BAA+B,CAAC,MAAM,CAAC,WAAW,CAAC;gBACnD,4BAA4B,CAAC,MAAM,CAAC,IAAI,CAAC,EACzC,CAAC;gBACD,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,gCAAgC,CAC9C,UAAyB;IAEzB,MAAM,MAAM,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC9C,MAAM,UAAU,GAAG,CAAC,OAAqC,EAAe,EAAE;QACxE,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;QACjC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IACE,EAAE,CAAC,mBAAmB,CAAC,MAAM,CAAC;gBAC9B,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC;gBAC5B,4BAA4B,CAAC,MAAM,CAAC,IAAI,CAAC,EACzC,CAAC;gBACD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IACF,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,UAAU,EAAE,CAAC;QACzC,IAAI,EAAE,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxC,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC;gBAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC1D,CAAC;aAAM,IAAI,EAAE,CAAC,sBAAsB,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9E,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC7C,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC;gBAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,sEAAsE;AACtE,MAAM,UAAU,qCAAqC,CACnD,IAAsB,EACtB,yBAA2D;IAE3D,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,MAAM,GAAG,CAAC,IAAY,EAAE,QAAiC,EAAQ,EAAE;QACvE,IAAI,CAAC,QAAQ,IAAI,CAAC,EAAE,CAAC,mBAAmB,CAAC,QAAQ,CAAC;YAAE,OAAO;QAC3D,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO;QAChD,MAAM,MAAM,GAAG,yBAAyB,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACrE,IAAI,CAAC,MAAM;YAAE,OAAO;QACpB,KAAK,MAAM,KAAK,IAAI,MAAM;YAAE,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC,CAAC;IAC3D,CAAC,CAAC;IACF,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpC,IAAI,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;IACvE,CAAC;IACD,MAAM,KAAK,GAAG,CAAC,CAAU,EAAQ,EAAE;QACjC,IAAI,CAAC,KAAK,IAAI,IAAI,kBAAkB,CAAC,CAAC,CAAC;YAAE,OAAO;QAChD,IAAI,EAAE,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC;YAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QACxF,EAAE,CAAC,YAAY,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAC5B,CAAC,CAAC;IACF,IAAI,IAAI,CAAC,IAAI;QAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChC,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Constants and safe-path configuration for the TOCTOU race-condition check.
|
|
3
|
+
*/
|
|
4
|
+
/**
|
|
5
|
+
* Recipe-config shape for toctou-race-condition. Project-specific safe-paths
|
|
6
|
+
* belong in a recipe's `checks.config['toctou-race-condition']` block.
|
|
7
|
+
*/
|
|
8
|
+
export interface TocTouConfig extends Record<string, unknown> {
|
|
9
|
+
/**
|
|
10
|
+
* Additional path patterns where TOCTOU is not a concern. Each entry is
|
|
11
|
+
* compiled to a case-insensitive RegExp via `new RegExp(entry, 'i')`.
|
|
12
|
+
*/
|
|
13
|
+
additionalSafeTOCTOUPaths?: readonly string[];
|
|
14
|
+
}
|
|
15
|
+
/** Patterns that indicate proper atomic update handling */
|
|
16
|
+
export declare const ATOMIC_PATTERNS: RegExp[];
|
|
17
|
+
/** Paths where TOCTOU is typically not a concern */
|
|
18
|
+
export declare const SAFE_TOCTOU_PATHS: RegExp[];
|
|
19
|
+
export declare function isReadMethod(methodName: string): boolean;
|
|
20
|
+
export declare function isUpdateMethod(methodName: string): boolean;
|
|
21
|
+
export declare function isDrizzleAtomicWriteMethod(methodName: string): boolean;
|
|
22
|
+
export declare const KIND_READ_SHARED: "read-shared";
|
|
23
|
+
export declare const KIND_UPDATE_SHARED: "update-shared";
|
|
24
|
+
export declare const KIND_READ_LOCAL: "read-local";
|
|
25
|
+
export declare const KIND_UPDATE_LOCAL: "update-local";
|
|
26
|
+
/** Compile recipe-provided string entries to case-insensitive RegExp values. */
|
|
27
|
+
export declare function buildEffectiveSafePaths(): readonly RegExp[];
|
|
28
|
+
/** Check if a file path is in a safe TOCTOU context. */
|
|
29
|
+
export declare function isSafeToctouPath(filePath: string, safePaths: readonly RegExp[]): boolean;
|
|
30
|
+
/** Check if content has atomic patterns */
|
|
31
|
+
export declare function hasAtomicPatterns(content: string): boolean;
|
|
32
|
+
//# sourceMappingURL=toctou-race-condition-constants.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"toctou-race-condition-constants.d.ts","sourceRoot":"","sources":["../../../../src/checks/quality/patterns/toctou-race-condition-constants.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH;;;GAGG;AACH,MAAM,WAAW,YAAa,SAAQ,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAC3D;;;OAGG;IACH,yBAAyB,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAC/C;AAED,2DAA2D;AAC3D,eAAO,MAAM,eAAe,UAwB3B,CAAC;AAEF,oDAAoD;AACpD,eAAO,MAAM,iBAAiB,UAuC7B,CAAC;AAqBF,wBAAgB,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAExD;AAED,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAE1D;AAED,wBAAgB,0BAA0B,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAEtE;AAED,eAAO,MAAM,gBAAgB,EAAG,aAAsB,CAAC;AACvD,eAAO,MAAM,kBAAkB,EAAG,eAAwB,CAAC;AAC3D,eAAO,MAAM,eAAe,EAAG,YAAqB,CAAC;AACrD,eAAO,MAAM,iBAAiB,EAAG,cAAuB,CAAC;AAEzD,gFAAgF;AAChF,wBAAgB,uBAAuB,IAAI,SAAS,MAAM,EAAE,CAI3D;AAED,wDAAwD;AACxD,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,MAAM,EAAE,GAAG,OAAO,CAExF;AAED,2CAA2C;AAC3C,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAE1D"}
|
|
@@ -0,0 +1,115 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Constants and safe-path configuration for the TOCTOU race-condition check.
|
|
3
|
+
*/
|
|
4
|
+
import { getCheckConfig } from '@opensip-cli/fitness';
|
|
5
|
+
/** Patterns that indicate proper atomic update handling */
|
|
6
|
+
export const ATOMIC_PATTERNS = [
|
|
7
|
+
/expectedVersion/i,
|
|
8
|
+
/version\s*:/,
|
|
9
|
+
/ConditionExpression/,
|
|
10
|
+
/conditionalUpdate/i,
|
|
11
|
+
/atomicUpdate/i,
|
|
12
|
+
/compareAndSwap/i,
|
|
13
|
+
/optimisticLock/i,
|
|
14
|
+
/CONCURRENCY SAFE/,
|
|
15
|
+
/transaction/i,
|
|
16
|
+
/beginTransaction/i,
|
|
17
|
+
/withTransaction/i,
|
|
18
|
+
/runInTransaction/i,
|
|
19
|
+
/acquireLock/i,
|
|
20
|
+
/withLock/i,
|
|
21
|
+
/mutex/i,
|
|
22
|
+
/idempotent/i,
|
|
23
|
+
/idempotencyKey/i,
|
|
24
|
+
/single-threaded/i,
|
|
25
|
+
/in-memory/i,
|
|
26
|
+
/atomic in.*Node/i,
|
|
27
|
+
/single-threaded coalesce/i,
|
|
28
|
+
/Node single-threaded/i,
|
|
29
|
+
/event-loop semantics/i,
|
|
30
|
+
];
|
|
31
|
+
/** Paths where TOCTOU is typically not a concern */
|
|
32
|
+
export const SAFE_TOCTOU_PATHS = [
|
|
33
|
+
/\/cache\//i,
|
|
34
|
+
/\/caching\//i,
|
|
35
|
+
/memory-backend/i,
|
|
36
|
+
/memory-cache/i,
|
|
37
|
+
/memory-store/i,
|
|
38
|
+
/in-memory/i,
|
|
39
|
+
/-cache\.tsx?$/i,
|
|
40
|
+
/-prefetcher\.tsx?$/i,
|
|
41
|
+
/rate-limit/i,
|
|
42
|
+
/rate_limit/i,
|
|
43
|
+
/local-storage/i,
|
|
44
|
+
/local-state/i,
|
|
45
|
+
/state-manager/i,
|
|
46
|
+
/\/cli\//,
|
|
47
|
+
/\/scripts\//,
|
|
48
|
+
/\/testing\//,
|
|
49
|
+
/test-utils/,
|
|
50
|
+
/\/config\//,
|
|
51
|
+
/\/registry\//,
|
|
52
|
+
/\/di-registration\//,
|
|
53
|
+
/\/factories\//,
|
|
54
|
+
/\/routes\//,
|
|
55
|
+
/\/di\//,
|
|
56
|
+
/\/schema\//,
|
|
57
|
+
/\/detectors\//i,
|
|
58
|
+
/\/dashboard\/src\//i,
|
|
59
|
+
/parse-cache/i,
|
|
60
|
+
/import-graph/i,
|
|
61
|
+
/check-result-processor/i,
|
|
62
|
+
/phantom-dependency/i,
|
|
63
|
+
/unused-config-options/i,
|
|
64
|
+
/duplicate-utility-functions/i,
|
|
65
|
+
/test-only-frontend-modules/i,
|
|
66
|
+
/interface-implementation-consistency/i,
|
|
67
|
+
/\/discover\.ts$/i,
|
|
68
|
+
/\/filter\.ts$/i,
|
|
69
|
+
/\/loader\.ts$/i,
|
|
70
|
+
/registry\.ts$/i,
|
|
71
|
+
];
|
|
72
|
+
/** Read operation method names */
|
|
73
|
+
const READ_METHOD_NAMES = [
|
|
74
|
+
'get',
|
|
75
|
+
'find',
|
|
76
|
+
'findOne',
|
|
77
|
+
'findFirst',
|
|
78
|
+
'findMany',
|
|
79
|
+
'getById',
|
|
80
|
+
'fetch',
|
|
81
|
+
'load',
|
|
82
|
+
'read',
|
|
83
|
+
];
|
|
84
|
+
/** Update operation method names */
|
|
85
|
+
const UPDATE_METHOD_NAMES = ['update', 'save', 'put', 'set', 'patch', 'modify'];
|
|
86
|
+
/** Drizzle-style ORM writes treated as atomic SQL. */
|
|
87
|
+
const DRIZZLE_ATOMIC_WRITE_METHOD_NAMES = ['update', 'insert', 'delete'];
|
|
88
|
+
export function isReadMethod(methodName) {
|
|
89
|
+
return READ_METHOD_NAMES.includes(methodName);
|
|
90
|
+
}
|
|
91
|
+
export function isUpdateMethod(methodName) {
|
|
92
|
+
return UPDATE_METHOD_NAMES.includes(methodName);
|
|
93
|
+
}
|
|
94
|
+
export function isDrizzleAtomicWriteMethod(methodName) {
|
|
95
|
+
return DRIZZLE_ATOMIC_WRITE_METHOD_NAMES.includes(methodName);
|
|
96
|
+
}
|
|
97
|
+
export const KIND_READ_SHARED = 'read-shared';
|
|
98
|
+
export const KIND_UPDATE_SHARED = 'update-shared';
|
|
99
|
+
export const KIND_READ_LOCAL = 'read-local';
|
|
100
|
+
export const KIND_UPDATE_LOCAL = 'update-local';
|
|
101
|
+
/** Compile recipe-provided string entries to case-insensitive RegExp values. */
|
|
102
|
+
export function buildEffectiveSafePaths() {
|
|
103
|
+
const cfg = getCheckConfig('toctou-race-condition');
|
|
104
|
+
const extras = (cfg.additionalSafeTOCTOUPaths ?? []).map((src) => new RegExp(src, 'i'));
|
|
105
|
+
return [...SAFE_TOCTOU_PATHS, ...extras];
|
|
106
|
+
}
|
|
107
|
+
/** Check if a file path is in a safe TOCTOU context. */
|
|
108
|
+
export function isSafeToctouPath(filePath, safePaths) {
|
|
109
|
+
return safePaths.some((pattern) => pattern.test(filePath));
|
|
110
|
+
}
|
|
111
|
+
/** Check if content has atomic patterns */
|
|
112
|
+
export function hasAtomicPatterns(content) {
|
|
113
|
+
return ATOMIC_PATTERNS.some((p) => p.test(content));
|
|
114
|
+
}
|
|
115
|
+
//# sourceMappingURL=toctou-race-condition-constants.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"toctou-race-condition-constants.js","sourceRoot":"","sources":["../../../../src/checks/quality/patterns/toctou-race-condition-constants.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AActD,2DAA2D;AAC3D,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,kBAAkB;IAClB,aAAa;IACb,qBAAqB;IACrB,oBAAoB;IACpB,eAAe;IACf,iBAAiB;IACjB,iBAAiB;IACjB,kBAAkB;IAClB,cAAc;IACd,mBAAmB;IACnB,kBAAkB;IAClB,mBAAmB;IACnB,cAAc;IACd,WAAW;IACX,QAAQ;IACR,aAAa;IACb,iBAAiB;IACjB,kBAAkB;IAClB,YAAY;IACZ,kBAAkB;IAClB,2BAA2B;IAC3B,uBAAuB;IACvB,uBAAuB;CACxB,CAAC;AAEF,oDAAoD;AACpD,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,YAAY;IACZ,cAAc;IACd,iBAAiB;IACjB,eAAe;IACf,eAAe;IACf,YAAY;IACZ,gBAAgB;IAChB,qBAAqB;IACrB,aAAa;IACb,aAAa;IACb,gBAAgB;IAChB,cAAc;IACd,gBAAgB;IAChB,SAAS;IACT,aAAa;IACb,aAAa;IACb,YAAY;IACZ,YAAY;IACZ,cAAc;IACd,qBAAqB;IACrB,eAAe;IACf,YAAY;IACZ,QAAQ;IACR,YAAY;IACZ,gBAAgB;IAChB,qBAAqB;IACrB,cAAc;IACd,eAAe;IACf,yBAAyB;IACzB,qBAAqB;IACrB,wBAAwB;IACxB,8BAA8B;IAC9B,6BAA6B;IAC7B,uCAAuC;IACvC,kBAAkB;IAClB,gBAAgB;IAChB,gBAAgB;IAChB,gBAAgB;CACjB,CAAC;AAEF,kCAAkC;AAClC,MAAM,iBAAiB,GAAG;IACxB,KAAK;IACL,MAAM;IACN,SAAS;IACT,WAAW;IACX,UAAU;IACV,SAAS;IACT,OAAO;IACP,MAAM;IACN,MAAM;CACE,CAAC;AAEX,oCAAoC;AACpC,MAAM,mBAAmB,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAU,CAAC;AAEzF,sDAAsD;AACtD,MAAM,iCAAiC,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAU,CAAC;AAElF,MAAM,UAAU,YAAY,CAAC,UAAkB;IAC7C,OAAQ,iBAAuC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,UAAkB;IAC/C,OAAQ,mBAAyC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;AACzE,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,UAAkB;IAC3D,OAAQ,iCAAuD,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;AACvF,CAAC;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,aAAsB,CAAC;AACvD,MAAM,CAAC,MAAM,kBAAkB,GAAG,eAAwB,CAAC;AAC3D,MAAM,CAAC,MAAM,eAAe,GAAG,YAAqB,CAAC;AACrD,MAAM,CAAC,MAAM,iBAAiB,GAAG,cAAuB,CAAC;AAEzD,gFAAgF;AAChF,MAAM,UAAU,uBAAuB;IACrC,MAAM,GAAG,GAAG,cAAc,CAAe,uBAAuB,CAAC,CAAC;IAClE,MAAM,MAAM,GAAG,CAAC,GAAG,CAAC,yBAAyB,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;IACxF,OAAO,CAAC,GAAG,iBAAiB,EAAE,GAAG,MAAM,CAAC,CAAC;AAC3C,CAAC;AAED,wDAAwD;AACxD,MAAM,UAAU,gBAAgB,CAAC,QAAgB,EAAE,SAA4B;IAC7E,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,2CAA2C;AAC3C,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;AACtD,CAAC"}
|
|
@@ -3,37 +3,8 @@
|
|
|
3
3
|
*
|
|
4
4
|
* Detects Time-of-Check-Time-of-Use race conditions where data is read,
|
|
5
5
|
* then updated without passing version/condition for atomic updates.
|
|
6
|
-
*
|
|
7
|
-
* Refinement notes (Wave E lane E6-redo):
|
|
8
|
-
* The original implementation was a regex-only test for the presence of
|
|
9
|
-
* `.get/.find/...` and `.update/.set/...` strings inside the same function
|
|
10
|
-
* body. That broad pattern produced false positives on:
|
|
11
|
-
* - Local `Map.get` / `Map.set` accumulator idioms (count++ via map).
|
|
12
|
-
* - In-process cache fields (`this.#cache.get` then `this.#cache.set`)
|
|
13
|
-
* used as single-threaded coalescing structures.
|
|
14
|
-
* - Read-only DB functions that build local Maps for grouping
|
|
15
|
-
* (`db.select(...)` → `new Map().set(...)`).
|
|
16
|
-
* - Single-statement atomic SQL writes (`tx.execute(sql`UPDATE...`)`).
|
|
17
|
-
*
|
|
18
|
-
* Refinement strategy: classify each `.get/.set/.update/...` call by its
|
|
19
|
-
* receiver. A function only flags as TOCTOU if there is at least one
|
|
20
|
-
* read+update pair on a *non-local* receiver (i.e. not a local Map/Set,
|
|
21
|
-
* not a "Cache"-named field, and not a tx/db where writes are atomic
|
|
22
|
-
* SQL). All-local-receiver patterns are excluded.
|
|
23
6
|
*/
|
|
24
7
|
import { type CheckViolation } from '@opensip-cli/fitness';
|
|
25
|
-
/**
|
|
26
|
-
* Recipe-config shape for toctou-race-condition. Project-specific safe-paths
|
|
27
|
-
* (e.g. opensip's `/chain-walker/`) belong in a recipe's
|
|
28
|
-
* `checks.config['toctou-race-condition']` block, not in built-in defaults.
|
|
29
|
-
*/
|
|
30
|
-
export interface TocTouConfig extends Record<string, unknown> {
|
|
31
|
-
/**
|
|
32
|
-
* Additional path patterns where TOCTOU is not a concern. Each entry is
|
|
33
|
-
* compiled to a case-insensitive RegExp via `new RegExp(entry, 'i')`.
|
|
34
|
-
*/
|
|
35
|
-
additionalSafeTOCTOUPaths?: readonly string[];
|
|
36
|
-
}
|
|
37
8
|
/**
|
|
38
9
|
* Analyze a file for TOCTOU race conditions. Exported for the FP-regression
|
|
39
10
|
* suite (see `__tests__/toctou-fp.test.ts`).
|
|
@@ -45,4 +16,5 @@ export declare function analyzeFileForToctou(filePath: string, content: string):
|
|
|
45
16
|
* Detects read-then-update patterns without atomic guarantees.
|
|
46
17
|
*/
|
|
47
18
|
export declare const toctouRaceCondition: import("@opensip-cli/fitness").Check;
|
|
19
|
+
export { type TocTouConfig } from './toctou-race-condition-constants.js';
|
|
48
20
|
//# sourceMappingURL=toctou-race-condition.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"toctou-race-condition.d.ts","sourceRoot":"","sources":["../../../../src/checks/quality/patterns/toctou-race-condition.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"toctou-race-condition.d.ts","sourceRoot":"","sources":["../../../../src/checks/quality/patterns/toctou-race-condition.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAA2B,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAmFpF;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,cAAc,EAAE,CA6BxF;AAED;;;;GAIG;AACH,eAAO,MAAM,mBAAmB,sCAwB9B,CAAC;AAEH,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,sCAAsC,CAAC"}
|