@snovon/solast 0.2.0

package/dist/detectors/eip7702-delegation-risk.js

@@ -0,0 +1,745 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EIP7702DelegationRiskDetector = void 0;
+const access_control_1 = require("./_common/access-control");
+const RULE_ID = 'eip7702-delegation-risk';
+const PROVENANCE = 'x-20260504-eip7702-delegation-risk';
+// Detector-local keyword set (post roadmap 1.2.2 migration). The
+// list matches the pre-extraction inline regex exactly;
+// behaviour is preserved.
+const PRIVILEGED_STATE_KEYWORDS = ['owner', 'admin', 'role', 'guardian', 'operator', 'treasury',
+    'governor', 'timelock', 'paus', 'implementation', 'fee'];
+const ASSET_TRANSFER_MEMBERS = new Set(['transfer', 'transferfrom', 'safetransfer', 'safetransferfrom', 'send']);
+class EIP7702DelegationRiskDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    scanAst(ast, file, sourceText) {
+        if (!ast || typeof ast !== 'object' || !isNode(ast, 'SourceUnit'))
+            return [];
+        const findings = [];
+        const lineOffsets = buildLineOffsets(sourceText);
+        for (const contract of collectContracts(ast)) {
+            if (isInterfaceOrLibrary(contract))
+                continue;
+            const contractName = getName(contract) || '<anonymous>';
+            const modifiers = collectModifierDefinitions(contract);
+            const helpers = collectInternalHelpers(contract);
+            const stateVariables = collectStateVariables(contract);
+            for (const fn of getContractFunctions(contract)) {
+                if (!getFunctionBody(fn))
+                    continue;
+                if (!isExternallyCallable(fn))
+                    continue;
+                if (fn?.isConstructor === true || String(fn?.kind || '').toLowerCase() === 'constructor')
+                    continue;
+                const ctx = {
+                    eoaGuards: [],
+                    sensitiveSinks: [],
+                    trustGuards: [],
+                    targetAliases: new Map(),
+                    stateVariables,
+                };
+                scanAppliedModifierGuards(fn, modifiers, ctx);
+                scanStatement(getFunctionBody(fn), ctx, helpers, new Set());
+                const sink = firstRelevantSink(ctx);
+                if (!sink)
+                    continue;
+                const fnName = functionDisplayName(fn);
+                const guard = ctx.eoaGuards[0]?.node;
+                const loc = getLoc(sink.node, lineOffsets)
+                    || getLoc(guard, lineOffsets)
+                    || getLoc(fn, lineOffsets)
+                    || { line: 0, column: 0 };
+                findings.push({
+                    file,
+                    contract: contractName,
+                    'function': fnName,
+                    line: loc.line,
+                    endLine: loc.line,
+                    column: loc.column,
+                    pattern: RULE_ID,
+                    confidence: 'high',
+                    ruleId: RULE_ID,
+                    severity: 'warning',
+                    message: `EIP-7702 delegation risk: '${contractName}.${fnName}' authorizes a privileged path with tx.origin; delegated EOAs can execute code while preserving the transaction origin.`,
+                    rationale: 'EIP-7702 lets an EOA temporarily execute delegated code, so tx.origin is not a reliable authorization boundary for privileged writes, asset transfers, or untrusted delegatecall paths.',
+                    suggestedFix: 'Replace the tx.origin gate with msg.sender-based authorization such as onlyOwner/onlyRole, explicit signer validation, or account/delegation-aware role checks. For delegatecall paths, also require a strict allowlist for implementation targets.',
+                    contractName,
+                    functionName: fnName,
+                    sourceLocation: { line: loc.line, column: loc.column },
+                    findingId: '',
+                    contractHash: '',
+                    provenance: PROVENANCE,
+                    source: PROVENANCE,
+                });
+            }
+        }
+        return findings;
+    }
+}
+exports.EIP7702DelegationRiskDetector = EIP7702DelegationRiskDetector;
+function firstRelevantSink(ctx) {
+    if (ctx.eoaGuards.length === 0)
+        return null;
+    for (const sink of ctx.sensitiveSinks) {
+        if (sink.kind === 'delegatecall') {
+            if (isUntrustedTarget(sink.target, ctx))
+                return sink;
+            continue;
+        }
+        return sink;
+    }
+    return null;
+}
+function scanAppliedModifierGuards(fn, modifiers, ctx) {
+    for (const mod of fn?.modifiers || []) {
+        const modName = getModifierInvocationName(mod);
+        if (!modName)
+            continue;
+        const def = modifiers.get(modName);
+        const body = getFunctionBody(def);
+        if (!body)
+            continue;
+        addModifierArgumentAliases(mod, def, ctx);
+        scanGuardEvidence(body, ctx);
+    }
+}
+function addModifierArgumentAliases(invocation, definition, ctx) {
+    const params = getParameterNames(definition);
+    const args = invocation?.arguments || [];
+    const count = Math.min(params.length, args.length);
+    for (let i = 0; i < count; i++) {
+        const param = params[i];
+        const arg = args[i];
+        if (!param || !isNode(arg, 'Identifier'))
+            continue;
+        addTargetAlias(param, String(arg.name || ''), ctx.targetAliases);
+    }
+}
+function addTargetAlias(alias, target, aliases) {
+    if (!alias || !target || alias === target)
+        return;
+    let targets = aliases.get(alias);
+    if (!targets) {
+        targets = new Set();
+        aliases.set(alias, targets);
+    }
+    targets.add(target);
+}
+function scanGuardEvidence(stmt, ctx) {
+    if (!stmt || typeof stmt !== 'object')
+        return;
+    if (isNode(stmt, 'InlineAssemblyStatement'))
+        return;
+    if (isNode(stmt, 'ExpressionStatement')) {
+        handleGuardExpression(stmt.expression, ctx);
+        return;
+    }
+    if (isNode(stmt, 'IfStatement')) {
+        recordIfRevertGate(stmt, ctx);
+    }
+    for (const child of childrenOf(stmt))
+        scanGuardEvidence(child, ctx);
+}
+function scanStatement(stmt, ctx, helpers, visited) {
+    if (!stmt || typeof stmt !== 'object')
+        return;
+    if (isNode(stmt, 'InlineAssemblyStatement'))
+        return;
+    if (isNode(stmt, 'Block')) {
+        for (const s of stmt.statements || [])
+            scanStatement(s, ctx, helpers, visited);
+        return;
+    }
+    if (isNode(stmt, 'IfStatement')) {
+        recordIfRevertGate(stmt, ctx);
+        if (stmt.trueBody)
+            scanStatement(stmt.trueBody, ctx, helpers, visited);
+        if (stmt.falseBody)
+            scanStatement(stmt.falseBody, ctx, helpers, visited);
+        return;
+    }
+    if (isNode(stmt, 'ExpressionStatement')) {
+        handleExpressionTopLevel(stmt.expression, ctx, helpers, visited);
+        return;
+    }
+    if (isNode(stmt, 'VariableDeclarationStatement')) {
+        if (stmt.initialValue)
+            handleExpressionTopLevel(stmt.initialValue, ctx, helpers, visited);
+        return;
+    }
+    if (isNode(stmt, 'ForStatement') || isNode(stmt, 'WhileStatement') || isNode(stmt, 'DoWhileStatement')) {
+        if (stmt.body)
+            scanStatement(stmt.body, ctx, helpers, visited);
+        return;
+    }
+    if (isNode(stmt, 'TryStatement')) {
+        if (stmt.body)
+            scanStatement(stmt.body, ctx, helpers, visited);
+        for (const cc of stmt.catchClauses || [])
+            if (cc?.body)
+                scanStatement(cc.body, ctx, helpers, visited);
+        return;
+    }
+    if (isNode(stmt, 'UncheckedStatement')) {
+        if (stmt.block)
+            scanStatement(stmt.block, ctx, helpers, visited);
+    }
+}
+function recordIfRevertGate(stmt, ctx) {
+    if (bodyContainsRevert(stmt.trueBody)) {
+        const kind = eoaInvertedConditionKind(stmt.condition);
+        if (kind)
+            ctx.eoaGuards.push({ node: stmt, kind });
+    }
+    if (bodyContainsRevert(stmt.falseBody)) {
+        const kind = eoaPositiveConditionKind(stmt.condition);
+        if (kind)
+            ctx.eoaGuards.push({ node: stmt, kind });
+    }
+}
+function handleExpressionTopLevel(expr, ctx, helpers, visited) {
+    if (!expr || typeof expr !== 'object')
+        return;
+    if (isFunctionCall(expr)) {
+        const calleeName = getCalleeIdentifierName(expr);
+        if (calleeName === 'require' || calleeName === 'assert') {
+            handleGuardExpression(expr, ctx);
+        }
+        else if (calleeName && helpers.has(calleeName) && !visited.has(calleeName)) {
+            visited.add(calleeName);
+            const helperBody = getFunctionBody(helpers.get(calleeName));
+            if (helperBody)
+                scanStatement(helperBody, ctx, helpers, visited);
+            visited.delete(calleeName);
+        }
+    }
+    collectSensitiveSinks(expr, ctx);
+}
+function handleGuardExpression(expr, ctx) {
+    if (!isFunctionCall(expr))
+        return;
+    const calleeName = getCalleeIdentifierName(expr);
+    if (calleeName !== 'require' && calleeName !== 'assert')
+        return;
+    const cond = (expr.arguments || [])[0];
+    if (!cond)
+        return;
+    const conjuncts = [];
+    collectAndConjuncts(cond, conjuncts);
+    let recordedEoa = false;
+    for (const c of conjuncts) {
+        const kind = eoaPositiveConditionKind(c);
+        if (!recordedEoa && kind) {
+            ctx.eoaGuards.push({ node: expr, kind });
+            recordedEoa = true;
+        }
+        else {
+            ctx.trustGuards.push(c);
+        }
+    }
+}
+function collectSensitiveSinks(expr, ctx) {
+    walk(expr, node => {
+        if (isPrivilegedStateWrite(node, ctx.stateVariables)) {
+            ctx.sensitiveSinks.push({ node, kind: 'privileged-write' });
+            return;
+        }
+        if (!isFunctionCall(node))
+            return;
+        const callee = unwrapCallOptions(node.expression);
+        if (!isNode(callee, 'MemberAccess'))
+            return;
+        const memberName = String(callee.memberName || '').toLowerCase();
+        if (memberName === 'delegatecall') {
+            ctx.sensitiveSinks.push({ node, kind: 'delegatecall', target: callee.expression });
+            return;
+        }
+        if (ASSET_TRANSFER_MEMBERS.has(memberName) || isCallWithValue(node, callee)) {
+            ctx.sensitiveSinks.push({ node, kind: 'asset-transfer' });
+        }
+    });
+}
+function isPrivilegedStateWrite(node, stateVariables) {
+    if (!isAssignmentExpression(node) && !isUnaryMutation(node))
+        return false;
+    const left = isAssignmentExpression(node) ? (node.left || node.leftHandSide || node.leftExpression) : (node.subExpression || node.expression);
+    const root = getReferenceRoot(left);
+    return !!root && stateVariables.has(root) && (0, access_control_1.isPrivilegedIdentifier)(root, { keywords: PRIVILEGED_STATE_KEYWORDS });
+}
+function isAssignmentExpression(node) {
+    return isNode(node, 'BinaryOperation') &&
+        /^(=|\+=|-=|\*=|\/=|%=|\|=|&=|\^=|<<=|>>=)$/.test(String(node.operator || ''));
+}
+function isUnaryMutation(node) {
+    return isNode(node, 'UnaryOperation') && (node.operator === '++' || node.operator === '--');
+}
+function getReferenceRoot(expr) {
+    if (!expr || typeof expr !== 'object')
+        return '';
+    if (isNode(expr, 'Identifier'))
+        return String(expr.name || '');
+    if (isNode(expr, 'MemberAccess'))
+        return getReferenceRoot(expr.expression);
+    if (isNode(expr, 'IndexAccess'))
+        return getReferenceRoot(expr.base || expr.baseExpression);
+    return '';
+}
+function isCallWithValue(call, callee) {
+    if (!isNode(callee, 'MemberAccess') || String(callee.memberName || '').toLowerCase() !== 'call')
+        return false;
+    const expr = call.expression;
+    if (!isNode(expr, 'NameValueExpression') && !isNode(expr, 'FunctionCallOptions'))
+        return false;
+    const names = Array.isArray(expr.names)
+        ? expr.names
+        : Array.isArray(expr.options?.names)
+            ? expr.options.names
+            : Array.isArray(expr.arguments?.names)
+                ? expr.arguments.names
+                : [];
+    if (names.some(name => nodeName(name).toLowerCase() === 'value'))
+        return true;
+    const optionEntries = Array.isArray(expr.options)
+        ? expr.options
+        : Array.isArray(expr.arguments)
+            ? expr.arguments
+            : [];
+    if (optionEntries.some(option => nodeName(option?.name || option?.keyName || option).toLowerCase() === 'value'))
+        return true;
+    return !!(expr.options && !Array.isArray(expr.options) && Object.prototype.hasOwnProperty.call(expr.options, 'value'));
+}
+function eoaPositiveConditionKind(cond) {
+    if (!cond || typeof cond !== 'object')
+        return '';
+    if (isNode(cond, 'BinaryOperation') && cond.operator === '&&') {
+        return eoaPositiveConditionKind(cond.left) || eoaPositiveConditionKind(cond.right);
+    }
+    if (!isNode(cond, 'BinaryOperation'))
+        return '';
+    const op = cond.operator;
+    if (op === '==') {
+        if (matchTxOriginAuthorization(cond.left, cond.right))
+            return 'tx-origin';
+        return '';
+    }
+    return '';
+}
+function eoaInvertedConditionKind(cond) {
+    if (!cond || typeof cond !== 'object')
+        return '';
+    if (isNode(cond, 'BinaryOperation') && cond.operator === '||') {
+        return eoaInvertedConditionKind(cond.left) || eoaInvertedConditionKind(cond.right);
+    }
+    if (!isNode(cond, 'BinaryOperation'))
+        return '';
+    const op = cond.operator;
+    if (op === '!=') {
+        if (matchTxOriginAuthorization(cond.left, cond.right))
+            return 'tx-origin';
+        return '';
+    }
+    return '';
+}
+function matchTxOriginAuthorization(a, b) {
+    return (isTxOrigin(a) && isAuthorityReference(b)) || (isTxOrigin(b) && isAuthorityReference(a));
+}
+function isMsgSender(n) {
+    return isNode(n, 'MemberAccess') &&
+        String(n.memberName || '') === 'sender' &&
+        isNode(n.expression, 'Identifier') &&
+        String(n.expression.name || '') === 'msg';
+}
+function isTxOrigin(n) {
+    return isNode(n, 'MemberAccess') &&
+        String(n.memberName || '') === 'origin' &&
+        isNode(n.expression, 'Identifier') &&
+        String(n.expression.name || '') === 'tx';
+}
+// Distinct from PRIVILEGED_STATE_KEYWORDS above — `isAuthorityReference`
+// uses a different vocabulary (no `treasury`/`paus`/`implementation`/`fee`,
+// adds `trusted`/`auth`). The pre-1.2.2 regex was inline; behaviour
+// preserved.
+const AUTHORITY_REFERENCE_KEYWORDS = [
+    'owner', 'admin', 'role', 'guardian', 'operator',
+    'governor', 'timelock', 'trusted', 'auth',
+];
+function isAuthorityReference(n) {
+    const root = getReferenceRoot(n);
+    return !!root && (0, access_control_1.isPrivilegedIdentifier)(root, { keywords: AUTHORITY_REFERENCE_KEYWORDS });
+}
+function isLiteralZero(n) {
+    if (!n)
+        return false;
+    if (isNode(n, 'NumberLiteral'))
+        return String(n.number || n.value || '0') === '0';
+    if (n.type === 'Literal' && (n.kind === 'number' || n.kind === undefined))
+        return String(n.value || '0') === '0';
+    return false;
+}
+function isLiteralOne(n) {
+    if (!n)
+        return false;
+    if (isNode(n, 'NumberLiteral'))
+        return String(n.number || n.value || '0') === '1';
+    if (n.type === 'Literal' && (n.kind === 'number' || n.kind === undefined))
+        return String(n.value || '0') === '1';
+    return false;
+}
+function bodyContainsRevert(body) {
+    if (!body || typeof body !== 'object')
+        return false;
+    let found = false;
+    walk(body, node => {
+        if (found)
+            return;
+        if (isNode(node, 'RevertStatement') || isNode(node, 'ThrowStatement'))
+            found = true;
+        if (isFunctionCall(node)) {
+            const callee = node.expression;
+            if (isNode(callee, 'Identifier') && String(callee.name || '') === 'revert')
+                found = true;
+        }
+    });
+    return found;
+}
+function isUntrustedTarget(target, ctx) {
+    if (!target)
+        return true;
+    if (isSelfTarget(target))
+        return false;
+    const targetIds = new Set();
+    collectIdentifierNames(target, targetIds);
+    if (targetIds.size === 0)
+        return true;
+    const expandedTargetIds = expandTargetIds(targetIds, ctx.targetAliases);
+    for (const guard of ctx.trustGuards) {
+        if (isAllowlistPredicateForTarget(guard, expandedTargetIds))
+            return false;
+    }
+    return true;
+}
+function expandTargetIds(targetIds, aliases) {
+    const expanded = new Set(targetIds);
+    let changed = true;
+    while (changed) {
+        changed = false;
+        for (const [alias, targets] of aliases.entries()) {
+            if (expanded.has(alias))
+                continue;
+            for (const target of targets) {
+                if (expanded.has(target)) {
+                    expanded.add(alias);
+                    changed = true;
+                    break;
+                }
+            }
+        }
+    }
+    return expanded;
+}
+function isAllowlistPredicateForTarget(guard, targetIds) {
+    if (!guard || typeof guard !== 'object')
+        return false;
+    if (isIndexAccessKeyedByTarget(guard, targetIds))
+        return true;
+    if (!isNode(guard, 'BinaryOperation'))
+        return false;
+    const op = guard.operator;
+    if (op === '==' || op === '!=') {
+        const wantsTrue = op === '==';
+        const truthyMappingMatch = (a, b) => isIndexAccessKeyedByTarget(a, targetIds) &&
+            ((wantsTrue && (isLiteralTrue(b) || isLiteralOne(b))) ||
+                (!wantsTrue && (isLiteralFalse(b) || isLiteralZero(b))));
+        if (truthyMappingMatch(guard.left, guard.right))
+            return true;
+        if (truthyMappingMatch(guard.right, guard.left))
+            return true;
+    }
+    if (op === '==') {
+        if (isEqualityWithTrustedConstant(guard.left, guard.right, targetIds))
+            return true;
+        if (isEqualityWithTrustedConstant(guard.right, guard.left, targetIds))
+            return true;
+    }
+    return false;
+}
+function isIndexAccessKeyedByTarget(node, targetIds) {
+    if (!isNode(node, 'IndexAccess'))
+        return false;
+    const idx = node.index || node.indexExpression;
+    return isNode(idx, 'Identifier') && targetIds.has(String(idx.name || ''));
+}
+function isEqualityWithTrustedConstant(targetSide, otherSide, targetIds) {
+    if (!isNode(targetSide, 'Identifier') || !targetIds.has(String(targetSide.name || '')))
+        return false;
+    if (isAddressZeroExpr(otherSide) || isSelfTarget(otherSide) || isMsgSender(otherSide) || isTxOrigin(otherSide))
+        return false;
+    return isNode(otherSide, 'Identifier') || isNode(otherSide, 'MemberAccess');
+}
+function isAddressZeroExpr(n) {
+    if (!isFunctionCall(n))
+        return false;
+    const args = n.arguments || [];
+    if (args.length !== 1 || !isLiteralZero(args[0]))
+        return false;
+    const callee = n.expression;
+    return (isNode(callee, 'Identifier') || isNode(callee, 'ElementaryTypeName')) && String(callee.name || '') === 'address';
+}
+function isLiteralTrue(n) {
+    if (!n)
+        return false;
+    if (isNode(n, 'BooleanLiteral'))
+        return n.value === true || String(n.value || '') === 'true';
+    if (n.type === 'Literal' && n.kind === 'bool')
+        return String(n.value || '') === 'true';
+    return false;
+}
+function isLiteralFalse(n) {
+    if (!n)
+        return false;
+    if (isNode(n, 'BooleanLiteral'))
+        return n.value === false || String(n.value || '') === 'false';
+    if (n.type === 'Literal' && n.kind === 'bool')
+        return String(n.value || '') === 'false';
+    return false;
+}
+function isSelfTarget(target) {
+    if (!target)
+        return false;
+    if (isNode(target, 'Identifier') && String(target.name || '') === 'this')
+        return true;
+    if (!isFunctionCall(target))
+        return false;
+    const callee = target.expression;
+    if (!(isNode(callee, 'Identifier') || isNode(callee, 'ElementaryTypeName')))
+        return false;
+    if (String(callee.name || '') !== 'address')
+        return false;
+    const arg = (target.arguments || [])[0];
+    return isNode(arg, 'Identifier') && String(arg.name || '') === 'this';
+}
+function collectIdentifierNames(node, out) {
+    walk(node, n => {
+        if (isNode(n, 'Identifier')) {
+            const name = String(n.name || '');
+            if (name && name !== 'this' && name !== 'msg' && name !== 'tx' && name !== 'block' && name !== 'address')
+                out.add(name);
+        }
+    });
+}
+function collectAndConjuncts(cond, out) {
+    if (!cond || typeof cond !== 'object')
+        return;
+    if (isNode(cond, 'BinaryOperation') && cond.operator === '&&') {
+        collectAndConjuncts(cond.left, out);
+        collectAndConjuncts(cond.right, out);
+        return;
+    }
+    out.push(cond);
+}
+function collectStateVariables(contract) {
+    const out = new Set();
+    for (const member of getContractMembers(contract)) {
+        if (!isNode(member, 'StateVariableDeclaration'))
+            continue;
+        for (const variable of member.variables || []) {
+            const name = getName(variable);
+            if (name)
+                out.add(name);
+        }
+    }
+    return out;
+}
+function collectInternalHelpers(contract) {
+    const helpers = new Map();
+    for (const fn of getContractFunctions(contract)) {
+        const vis = String(fn?.visibility || '').toLowerCase();
+        const name = getName(fn);
+        if ((vis === 'internal' || vis === 'private') && name)
+            helpers.set(name, fn);
+    }
+    return helpers;
+}
+function collectModifierDefinitions(contract) {
+    const out = new Map();
+    for (const member of getContractMembers(contract)) {
+        if (!isNode(member, 'ModifierDefinition'))
+            continue;
+        const name = getName(member);
+        if (name)
+            out.set(name, member);
+    }
+    return out;
+}
+function getModifierInvocationName(mod) {
+    if (!mod)
+        return '';
+    if (mod.modifierName) {
+        if (typeof mod.modifierName === 'string')
+            return mod.modifierName;
+        if (mod.modifierName.name)
+            return String(mod.modifierName.name);
+        if (mod.modifierName.namePath)
+            return String(mod.modifierName.namePath);
+    }
+    if (mod.name) {
+        if (typeof mod.name === 'string')
+            return mod.name;
+        if (mod.name.name)
+            return String(mod.name.name);
+        if (mod.name.namePath)
+            return String(mod.name.namePath);
+    }
+    return '';
+}
+function getParameterNames(node) {
+    const rawParams = node?.parameters?.parameters || node?.parameters || node?.params || [];
+    if (!Array.isArray(rawParams))
+        return [];
+    return rawParams.map(getName).filter(Boolean);
+}
+function isExternallyCallable(fn) {
+    const vis = String(fn?.visibility || '').toLowerCase();
+    const kind = String(fn?.kind || '').toLowerCase();
+    return vis === 'external' || vis === 'public' || kind === 'receive' || kind === 'fallback' || fn?.isFallback === true || fn?.isReceiveEther === true;
+}
+function getContractFunctions(contract) {
+    return getContractMembers(contract).filter(child => isNode(child, 'FunctionDefinition'));
+}
+function getFunctionBody(fn) {
+    return fn?.body || null;
+}
+function functionDisplayName(fn) {
+    const kind = String(fn?.kind || '').toLowerCase();
+    if (fn?.isFallback === true || kind === 'fallback')
+        return '<fallback>';
+    if (fn?.isReceiveEther === true || kind === 'receive')
+        return '<receive>';
+    if (fn?.isConstructor === true || kind === 'constructor')
+        return '<constructor>';
+    return getName(fn) || '<anonymous>';
+}
+function getContractMembers(contract) {
+    if (!contract || typeof contract !== 'object')
+        return [];
+    if (Array.isArray(contract.subNodes))
+        return contract.subNodes;
+    if (Array.isArray(contract.nodes))
+        return contract.nodes;
+    return [];
+}
+function isInterfaceOrLibrary(contract) {
+    const kind = String(contract?.kind || contract?.contractKind || '').toLowerCase();
+    return kind === 'interface' || kind === 'library';
+}
+function collectContracts(ast) {
+    const out = [];
+    walkContracts(ast, n => out.push(n));
+    return out;
+}
+function walkContracts(node, visit) {
+    if (!node || typeof node !== 'object')
+        return;
+    if (isNode(node, 'ContractDefinition')) {
+        visit(node);
+        return;
+    }
+    for (const child of childrenOf(node))
+        walkContracts(child, visit);
+}
+function isFunctionCall(n) {
+    return isNode(n, 'FunctionCall');
+}
+function unwrapCallOptions(expr) {
+    if (!expr || typeof expr !== 'object')
+        return expr;
+    if (isNode(expr, 'NameValueExpression') || isNode(expr, 'FunctionCallOptions'))
+        return unwrapCallOptions(expr.expression);
+    return expr;
+}
+function getCalleeIdentifierName(call) {
+    const callee = unwrapCallOptions(call?.expression);
+    if (isNode(callee, 'Identifier'))
+        return String(callee.name || '');
+    return '';
+}
+function getName(node) {
+    return typeof node?.name === 'string' ? node.name : '';
+}
+function nodeName(node) {
+    if (node === undefined || node === null)
+        return '';
+    if (typeof node === 'string')
+        return node;
+    return String(node.name || node.keyName || node.memberName || node.value || '');
+}
+function walk(node, visit) {
+    if (!node || typeof node !== 'object')
+        return;
+    visit(node);
+    for (const child of childrenOf(node))
+        walk(child, visit);
+}
+function childrenOf(node) {
+    if (!node || typeof node !== 'object')
+        return [];
+    const out = [];
+    for (const [key, value] of Object.entries(node)) {
+        if (key === 'loc' || key === 'src' || key === 'range' || key === 'typeDescriptions' || key === 'id' || key === 'typeName')
+            continue;
+        if (Array.isArray(value)) {
+            for (const item of value)
+                if (item && typeof item === 'object')
+                    out.push(item);
+        }
+        else if (value && typeof value === 'object') {
+            out.push(value);
+        }
+    }
+    return out;
+}
+function isNode(node, kind) {
+    return node?.type === kind || node?.nodeType === kind;
+}
+function buildLineOffsets(sourceText) {
+    if (sourceText === undefined)
+        return undefined;
+    const offsets = [0];
+    let byteOffset = 0;
+    for (const ch of sourceText) {
+        byteOffset += Buffer.byteLength(ch, 'utf8');
+        if (ch === '\n')
+            offsets.push(byteOffset);
+    }
+    return offsets;
+}
+function getLoc(node, lineOffsets) {
+    if (node?.loc?.start)
+        return { line: node.loc.start.line || 0, column: node.loc.start.column || 0 };
+    if (!node?.src || !lineOffsets)
+        return undefined;
+    const [offsetRaw] = String(node.src).split(':');
+    const offset = Number(offsetRaw);
+    if (!Number.isFinite(offset) || offset < 0)
+        return undefined;
+    return byteOffsetToLineColumn(offset, lineOffsets);
+}
+function byteOffsetToLineColumn(byteOffset, lineOffsets) {
+    let low = 0;
+    let high = lineOffsets.length - 1;
+    let lineIdx = 0;
+    while (low <= high) {
+        const mid = Math.floor((low + high) / 2);
+        if (lineOffsets[mid] <= byteOffset) {
+            lineIdx = mid;
+            low = mid + 1;
+        }
+        else {
+            high = mid - 1;
+        }
+    }
+    return { line: lineIdx + 1, column: byteOffset - lineOffsets[lineIdx] };
+}
+//# sourceMappingURL=eip7702-delegation-risk.js.map