@opensip-tools/fitness 1.0.4

package/src/framework/__tests__/strip-literals.test.ts

@@ -0,0 +1,109 @@
+import { describe, expect, it } from 'vitest';
+
+import {
+  isInsideStringLiteral,
+  stripStringLiterals,
+  stripStringsAndComments,
+  stripStringsAndCommentsPreservingPositions,
+} from '../strip-literals.js';
+
+describe('stripStringLiterals', () => {
+  it('empties single-quoted strings', () => {
+    expect(stripStringLiterals(`const a = 'hi'`)).toBe(`const a = ''`);
+  });
+
+  it('empties double-quoted strings', () => {
+    expect(stripStringLiterals(`const a = "hi"`)).toBe(`const a = ""`);
+  });
+
+  it('empties template literals', () => {
+    expect(stripStringLiterals('const a = `hi`')).toBe('const a = ``');
+  });
+
+  it('preserves escaped quotes', () => {
+    expect(stripStringLiterals(String.raw`const a = 'it\'s'`)).toBe(`const a = ''`);
+  });
+});
+
+describe('stripStringsAndComments', () => {
+  it('strips strings AND single-line comments', () => {
+    const out = stripStringsAndComments(`const a = "hi"; // comment\nconst b = 1;`);
+    expect(out).not.toContain('hi');
+    expect(out).not.toContain('comment');
+  });
+
+  it('keeps code outside strings/comments intact', () => {
+    const out = stripStringsAndComments(`const x = 1;`);
+    expect(out).toBe(`const x = 1;`);
+  });
+});
+
+describe('isInsideStringLiteral', () => {
+  it('returns true for a position inside a single-quoted string', () => {
+    expect(isInsideStringLiteral(`const x = 'hello'`, 12)).toBe(true);
+  });
+
+  it('returns true for a position inside a double-quoted string', () => {
+    expect(isInsideStringLiteral(`const x = "hello"`, 12)).toBe(true);
+  });
+
+  it('returns true for a position inside a template literal', () => {
+    expect(isInsideStringLiteral('const x = `hello`', 12)).toBe(true);
+  });
+
+  it('returns false for a position outside any string', () => {
+    expect(isInsideStringLiteral(`const x = "h"; foo()`, 18)).toBe(false);
+  });
+
+  it('handles escaped quotes correctly', () => {
+    // Position 14 is inside the closed string, so still inside the next
+    // unescaped quote? Actually after the closing quote, so outside.
+    expect(isInsideStringLiteral(String.raw`const x = 'it\'s'`, 14)).toBe(true);
+  });
+});
+
+describe('stripStringsAndCommentsPreservingPositions', () => {
+  it('replaces string content with spaces while preserving newlines', () => {
+    const input = `const a = "hi"\nconst b = 1`;
+    const output = stripStringsAndCommentsPreservingPositions(input);
+    expect(output.length).toBe(input.length);
+    expect(output).toContain('\n');
+    expect(output).not.toContain('hi');
+  });
+
+  it('blanks out single-line comments to end of line', () => {
+    const input = `const x = 1; // comment\nconst y = 2;`;
+    const output = stripStringsAndCommentsPreservingPositions(input);
+    expect(output.length).toBe(input.length);
+    expect(output).not.toContain('comment');
+    expect(output).toContain('const x = 1;');
+  });
+
+  it('blanks out block comments preserving line breaks', () => {
+    const input = `const a = 1;\n/* multi\n   line\n*/\nconst b = 2;`;
+    const output = stripStringsAndCommentsPreservingPositions(input);
+    expect(output.length).toBe(input.length);
+    expect(output).not.toContain('multi');
+    expect(output).not.toContain('line');
+  });
+
+  it('handles escaped characters inside strings', () => {
+    const input = String.raw`const a = "it\"s";`;
+    const output = stripStringsAndCommentsPreservingPositions(input);
+    expect(output.length).toBe(input.length);
+    expect(output).not.toContain('it');
+  });
+
+  it('preserves character positions outside strings/comments', () => {
+    const input = `const x = "y"; foo();`;
+    const output = stripStringsAndCommentsPreservingPositions(input);
+    expect(output.length).toBe(input.length);
+    expect(output).toContain('foo()');
+    // The "x" identifier should be at the same position
+    expect(output[6]).toBe('x');
+  });
+
+  it('handles empty content', () => {
+    expect(stripStringsAndCommentsPreservingPositions('')).toBe('');
+  });
+});

package/src/framework/abortable-exec.ts

@@ -0,0 +1,177 @@
+// @fitness-ignore-file semgrep-scan -- reviewed: pattern justified for this module
+// @fitness-ignore-file error-handling-suite -- catch blocks delegate errors through established patterns
+/**
+ * @fileoverview Abortable command execution for fitness checks
+ *
+ * Provides shell command execution with abort signal and timeout support.
+ * Child processes are properly cleaned up on abort.
+ */
+
+import { spawn, type ChildProcess } from 'node:child_process'
+
+import { SystemError } from '@opensip-tools/core'
+
+/**
+ * Options for abortable command execution
+ */
+export interface AbortableExecOptions {
+  cwd?: string | undefined
+  signal?: AbortSignal | undefined
+  maxBuffer?: number | undefined
+  env?: NodeJS.ProcessEnv | undefined
+  timeout?: number | undefined
+}
+
+/**
+ * Result of command execution
+ */
+export interface ExecResult {
+  stdout: string
+  stderr: string
+  exitCode: number | null
+  aborted: boolean
+}
+
+/**
+ * Error thrown when command execution fails
+ */
+class ExecError extends SystemError {
+  constructor(
+    message: string,
+    public readonly stdout: string,
+    public readonly stderr: string,
+    public readonly exitCode: number | null,
+    public readonly aborted: boolean,
+  ) {
+    super(message, { code: 'SYSTEM.FITNESS.EXEC_FAILED' })
+    this.name = 'ExecError'
+  }
+}
+
+const DEFAULT_MAX_BUFFER_BYTES = 10 * 1024 * 1024 // 10 MB
+
+/**
+ * Execute a command with abort support.
+ *
+ * @param command - Either a shell command string or an array of [bin, ...args] (no shell).
+ * @throws {SystemError} When the command array is empty
+ * @throws {ExecError} When the child process fails to spawn
+ */
+export function execAbortable(
+  command: string | readonly string[],
+  options: AbortableExecOptions = {},
+): Promise<ExecResult> {
+  const {
+    cwd = process.cwd(),
+    signal,
+    maxBuffer = DEFAULT_MAX_BUFFER_BYTES,
+    env = process.env,
+    timeout,
+  } = options
+
+  return new Promise((resolve, reject) => {
+    if (signal?.aborted) {
+      resolve({ stdout: '', stderr: '', exitCode: null, aborted: true })
+      return
+    }
+
+    let child: ChildProcess
+    if (typeof command === 'string') {
+      // Shell mode (string command) — callers pass hardcoded commands (e.g., lint/test runners).
+      // Array overload is preferred for untrusted input (no shell, no injection risk).
+      // nosemgrep: javascript.lang.security.audit.spawn-shell-true.spawn-shell-true -- shell=true required for string commands; input is developer-defined check commands, not user input
+      // eslint-disable-next-line sonarjs/os-command -- developer-supplied check command; not user-controllable
+      child = spawn(command, [], {
+        cwd,
+        env,
+        shell: true,
+        stdio: ['pipe', 'pipe', 'pipe'],
+        detached: true,
+      })
+    } else {
+      // Array mode (no shell, safer)
+      if (command.length === 0) {
+        reject(new SystemError('Command array must not be empty', { code: 'SYSTEM.FITNESS.EXEC_EMPTY_COMMAND' }))
+        return
+      }
+      const [bin, ...args] = command
+      // @fitness-ignore-next-line no-non-null-assertions -- command length validated above
+      child = spawn(bin ?? '', args, {
+        cwd,
+        env,
+        stdio: ['pipe', 'pipe', 'pipe'],
+        detached: true,
+      })
+    }
+
+    let stdout = ''
+    let stderr = ''
+    let aborted = false
+    let timeoutId: NodeJS.Timeout | undefined
+
+    child.stdout?.on('data', (data: Buffer) => {
+      const chunk = data.toString()
+      if (stdout.length + chunk.length <= maxBuffer) {
+        stdout += chunk
+      }
+    })
+
+    child.stderr?.on('data', (data: Buffer) => {
+      const chunk = data.toString()
+      if (stderr.length + chunk.length <= maxBuffer) {
+        stderr += chunk
+      }
+    })
+
+    const abortHandler = (): void => {
+      if (!aborted) {
+        aborted = true
+        killProcess(child)
+      }
+    }
+
+    signal?.addEventListener('abort', abortHandler)
+
+    if (timeout && timeout > 0) {
+      timeoutId = setTimeout(() => {
+        if (!aborted) {
+          aborted = true
+          killProcess(child)
+        }
+      }, timeout)
+    }
+
+    child.on('close', (code: number | null) => {
+      signal?.removeEventListener('abort', abortHandler)
+      if (timeoutId) clearTimeout(timeoutId)
+      resolve({ stdout, stderr, exitCode: code, aborted })
+    })
+
+    child.on('error', (err: Error) => {
+      signal?.removeEventListener('abort', abortHandler)
+      if (timeoutId) clearTimeout(timeoutId)
+      reject(
+        new ExecError(`Failed to spawn process: ${err.message}`, stdout, stderr, null, aborted),
+      )
+    })
+  })
+}
+
+/**
+ * Kill a child process and all its descendants.
+ */
+function killProcess(child: ChildProcess): void {
+  if (child.pid) {
+    try {
+      process.kill(-child.pid, 'SIGKILL')
+    } catch {
+      // @swallow-ok Process group kill failed, try direct kill
+      try {
+        child.kill('SIGKILL')
+      } catch {
+        // @swallow-ok Process already exited
+      }
+    }
+  }
+}
+

package/src/framework/ast-utilities.ts

@@ -0,0 +1,112 @@
+// @fitness-ignore-file batch-operation-limits -- iterates bounded collections (config entries, registry items, or small analysis results)
+/**
+ * @fileoverview Shared AST utilities for fitness checks
+ *
+ * Common TypeScript AST operations for source parsing, tree walking,
+ * and node inspection. Used by AST-based fitness checks.
+ */
+
+import * as ts from 'typescript'
+
+// =============================================================================
+// SOURCE PARSING
+// =============================================================================
+
+/**
+ * Parse TypeScript/JavaScript source into an AST SourceFile.
+ * Returns null on parse failure.
+ */
+export function parseSource(content: string, filePath: string): ts.SourceFile | null {
+  try {
+    return ts.createSourceFile(filePath, content, ts.ScriptTarget.Latest, true)
+  } catch {
+    // @swallow-ok Parse failure returns null for graceful degradation
+    return null
+  }
+}
+
+// =============================================================================
+// TREE WALKING
+// =============================================================================
+
+/**
+ * Depth-first walk of all nodes in a SourceFile or subtree.
+ */
+export function walkNodes(root: ts.Node, visitor: (node: ts.Node) => void): void {
+  function visit(node: ts.Node): void {
+    visitor(node)
+    ts.forEachChild(node, visit)
+  }
+  ts.forEachChild(root, visit)
+}
+
+// =============================================================================
+// NODE INSPECTION
+// =============================================================================
+
+/**
+ * Get the leaf identifier text from an expression node.
+ */
+export function getIdentifierName(node: ts.Node): string {
+  if (ts.isIdentifier(node)) return node.text
+  if (ts.isPropertyAccessExpression(node)) return node.name.text
+  return ''
+}
+
+/**
+ * Get the full dotted path of a property access chain.
+ */
+export function getPropertyChain(node: ts.Node): string {
+  if (ts.isIdentifier(node)) return node.text
+  if (ts.isPropertyAccessExpression(node)) {
+    return `${getPropertyChain(node.expression)}.${node.name.text}`
+  }
+  return ''
+}
+
+/**
+ * Get the 1-indexed line number for a node.
+ */
+export function getLineNumber(node: ts.Node, sourceFile: ts.SourceFile): number {
+  const { line } = sourceFile.getLineAndCharacterOfPosition(node.getStart())
+  return line + 1
+}
+
+/**
+ * Check if a node is a property access matching a specific property name.
+ */
+export function isPropertyAccess(node: ts.Node, propertyName: string): boolean {
+  return ts.isPropertyAccessExpression(node) && node.name.text === propertyName
+}
+
+/**
+ * Check if a node is a literal value.
+ */
+export function isLiteral(node: ts.Node): boolean {
+  if (ts.isStringLiteral(node) || ts.isNumericLiteral(node)) return true
+  if (ts.isNoSubstitutionTemplateLiteral(node)) return true
+  if (node.kind === ts.SyntaxKind.TrueKeyword || node.kind === ts.SyntaxKind.FalseKeyword)
+    return true
+  if (node.kind === ts.SyntaxKind.NullKeyword) return true
+  if (ts.isIdentifier(node) && node.text === 'undefined') return true
+  return false
+}
+
+/**
+ * Check if a node is inside a string literal or template literal.
+ */
+export function isInStringLiteral(node: ts.Node): boolean {
+  let current = node.parent
+  while (!ts.isSourceFile(current)) {
+    if (
+      ts.isStringLiteral(current) ||
+      ts.isNoSubstitutionTemplateLiteral(current) ||
+      ts.isTemplateExpression(current)
+    ) {
+      return true
+    }
+    current = current.parent
+  }
+  return false
+}
+