@snovon/solast 0.2.0

package/dist/detectors/initialization-access-control.js

@@ -0,0 +1,659 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InitializationAccessControlDetector = void 0;
+const RULE_ID = 'initialization-access-control';
+const PRIVILEGED_STORAGE_NAMES = /^(owner|owners|admin|admins|governance|governor|guardian|authority|operator|manager|implementation|impl|proxy|beacon|roles|role|defaultAdminRole)$/i;
+const ACCESS_CONTROL_MODIFIERS = new Set([
+    'onlyowner',
+    'onlyrole',
+    'onlyadmin',
+    'onlyauthorized',
+    'onlyoperator',
+    'onlygovernance',
+    'onlygovernor',
+    'onlyguardian',
+    'onlymanager',
+    'onlyproxy',
+    'initializer',
+    'reinitializer',
+    'onlyinitializing',
+]);
+const CRITICAL_CALL_NAMES = new Set([
+    '_setuprole',
+    'setuprole',
+    '_grantrole',
+    'grantrole',
+    '_setroleadmin',
+    'setroleadmin',
+    '_transferownership',
+    'transferownership',
+    '_setowner',
+    'setowner',
+    '_setadmin',
+    'setadmin',
+    '_changeadmin',
+    'changeadmin',
+    '_setimplementation',
+    'setimplementation',
+    'upgradeTo',
+    'upgradeToAndCall',
+].map(name => name.toLowerCase()));
+class InitializationAccessControlDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    scanAst(ast, file, sourceText, ctxArg) {
+        if (!ast || typeof ast !== 'object')
+            return [];
+        const findings = [];
+        const lineOffsets = buildLineOffsets(sourceText);
+        const contracts = collectContracts(ast);
+        const contractsByName = collectContractsByName(contracts);
+        const privilegedStateNamesByContract = collectPrivilegedStateNamesByContract(contracts, contractsByName);
+        // SemanticModel adoption (roadmap 3.3 — Slice 2b). Used after the
+        // local-walk loop below to flag inherited initializer-like functions
+        // whose AST lives in a base contract in another file. When undefined
+        // (callers without semantic context), the detector falls back to the
+        // pre-Slice-2b in-file behaviour.
+        const semantic = ctxArg?.semantic;
+        for (const contract of contracts) {
+            if (isInterfaceOrLibrary(contract))
+                continue;
+            const stateNames = privilegedStateNamesByContract.get(getName(contract)) || collectDirectPrivilegedStateNames(contract);
+            const functions = collectFunctions(contract, stateNames);
+            const localFnNamesLower = new Set();
+            for (const fn of functions.values()) {
+                if (fn.name)
+                    localFnNamesLower.add(fn.name.toLowerCase());
+            }
+            for (const fn of functions.values()) {
+                if (!isInitializerCandidate(fn.node, fn.name))
+                    continue;
+                if (!isExternallyCallable(fn.node))
+                    continue;
+                const body = getFunctionBody(fn.node);
+                if (!body)
+                    continue;
+                const localNames = collectFunctionLocalNames(fn.node, body);
+                if (hasAccessControlGuard(fn.node, body, stateNames, localNames))
+                    continue;
+                if (!mutationPath(fn, functions, new Set()))
+                    continue;
+                const loc = getLoc(fn.node, lineOffsets) || { line: 0, column: 0 };
+                findings.push({
+                    file,
+                    contract: getName(contract),
+                    'function': fn.name,
+                    line: loc.line,
+                    endLine: loc.line,
+                    column: loc.column,
+                    pattern: RULE_ID,
+                    confidence: 'high',
+                    ruleId: RULE_ID,
+                    severity: 'critical',
+                    message: `Initializer-like function '${fn.name}' mutates privileged state without a recognized access-control or initializer guard.`,
+                    rationale: 'Public or external initialization functions that assign owner, admin, role, governance, or implementation-critical state can be claimed by arbitrary callers when no guard is visible.',
+                    suggestedFix: 'Restrict the initializer with an owner/role/admin modifier, an OpenZeppelin initializer or reinitializer modifier, or an explicit caller check such as require(msg.sender == admin).',
+                    contractName: getName(contract),
+                    functionName: fn.name,
+                    sourceLocation: { line: loc.line, column: loc.column },
+                    findingId: '',
+                    contractHash: '',
+                });
+            }
+            // === SemanticModel adoption (roadmap 3.3 / Slice 2b) ===
+            //
+            // After the local-walk above, also scan the contract's MRO for
+            // inherited initializer-like functions whose AST lives in a base
+            // contract — potentially in another file the per-file walker
+            // can't reach. Findings anchor at the CURRENT contract's
+            // definition line (the surface a caller actually reaches).
+            // Single-contract analysis only: the inherited fn's guard checks
+            // use the DECLARING contract's state-vars + same-contract calls
+            // (so a modifier or `setOwner` defined in Base resolves
+            // correctly).
+            if (semantic) {
+                const myId = `${file}::${getName(contract)}`;
+                const myInfo = semantic.contracts.get(myId);
+                if (myInfo && myInfo.bases.length > 0) {
+                    for (const inheritedFn of semantic.inheritedFunctions(myId)) {
+                        if (inheritedFn.contractId === myId)
+                            continue;
+                        if (!inheritedFn.name)
+                            continue;
+                        if (localFnNamesLower.has(inheritedFn.name.toLowerCase()))
+                            continue;
+                        const fnNode = inheritedFn.node;
+                        if (!fnNode)
+                            continue;
+                        if (!isInitializerCandidate(fnNode, inheritedFn.name))
+                            continue;
+                        if (!isExternallyCallable(fnNode))
+                            continue;
+                        const body = getFunctionBody(fnNode);
+                        if (!body)
+                            continue;
+                        const declarer = semantic.contracts.get(inheritedFn.contractId);
+                        if (!declarer || !declarer.node)
+                            continue;
+                        // Use the declaring contract's state-var vocabulary so
+                        // guard checks resolve against the fn's actual scope.
+                        const declarerStateNames = privilegedStateNamesByContract.get(declarer.name)
+                            || collectDirectPrivilegedStateNames(declarer.node);
+                        const localNames = collectFunctionLocalNames(fnNode, body);
+                        if (hasAccessControlGuard(fnNode, body, declarerStateNames, localNames))
+                            continue;
+                        const declarerFunctions = collectFunctions(declarer.node, declarerStateNames);
+                        const declarerFn = declarerFunctions.get(inheritedFn.name);
+                        if (!declarerFn || !mutationPath(declarerFn, declarerFunctions, new Set()))
+                            continue;
+                        const contractLoc = getLoc(contract, lineOffsets) || { line: 1, column: 0 };
+                        findings.push({
+                            file,
+                            contract: getName(contract),
+                            'function': inheritedFn.name,
+                            line: contractLoc.line,
+                            endLine: contractLoc.line,
+                            column: contractLoc.column,
+                            pattern: RULE_ID,
+                            confidence: 'high',
+                            ruleId: RULE_ID,
+                            severity: 'critical',
+                            message: `Initializer-like function '${inheritedFn.name}' inherited from ${declarer.name} mutates ` +
+                                `privileged state without a recognized access-control or initializer guard.`,
+                            rationale: `Inherited initializer '${inheritedFn.name}' is externally reachable through ${getName(contract)}'s ` +
+                                `inheritance from ${declarer.name} and lacks a recognized owner/role/admin modifier, OpenZeppelin ` +
+                                `initializer, or msg.sender caller check.`,
+                            suggestedFix: `Override '${inheritedFn.name}' in ${getName(contract)} with a recognized initializer or access-control ` +
+                                `modifier, or restrict access in ${declarer.name}.`,
+                            contractName: getName(contract),
+                            functionName: inheritedFn.name,
+                            sourceLocation: { line: contractLoc.line, column: contractLoc.column },
+                            instance_key: `${getName(contract)}::${inheritedFn.name}`,
+                            findingId: '',
+                            contractHash: '',
+                        });
+                    }
+                }
+            }
+        }
+        return findings;
+    }
+}
+exports.InitializationAccessControlDetector = InitializationAccessControlDetector;
+function collectFunctions(contract, stateNames) {
+    const functions = new Map();
+    for (const fn of getContractMembers(contract).filter(member => isNode(member, 'FunctionDefinition'))) {
+        const name = functionDisplayName(fn);
+        const body = getFunctionBody(fn);
+        functions.set(name, {
+            node: fn,
+            name,
+            directMutation: !!body && bodyMutatesCriticalState(body, stateNames),
+            calls: body ? collectSameContractCalls(body) : new Set(),
+        });
+    }
+    return functions;
+}
+function isInitializerCandidate(fn, name) {
+    if (isConstructor(fn))
+        return false;
+    const normalized = name.toLowerCase();
+    if (normalized === 'initialize' || normalized === 'init' || normalized === 'reinitialize')
+        return true;
+    if (/^initializev?\d+$/i.test(name))
+        return true;
+    if (/^_?init[A-Z0-9_]/.test(name))
+        return true;
+    return (fn.modifiers || []).some((modifier) => {
+        const modifierName = getModifierName(modifier).toLowerCase();
+        return modifierName === 'initializer' || modifierName === 'reinitializer' || modifierName === 'onlyinitializing';
+    });
+}
+function isExternallyCallable(fn) {
+    if (!fn || isConstructor(fn))
+        return false;
+    const kind = String(fn.kind || '').toLowerCase();
+    if (kind === 'fallback' || kind === 'receive' || fn.isFallback === true || fn.isReceiveEther === true)
+        return false;
+    const visibility = String(fn.visibility || '').toLowerCase();
+    return visibility === '' || visibility === 'default' || visibility === 'public' || visibility === 'external';
+}
+function mutationPath(info, functions, seen) {
+    if (info.directMutation)
+        return [info.name];
+    if (seen.has(info.name))
+        return undefined;
+    seen.add(info.name);
+    for (const calledName of info.calls) {
+        const called = functions.get(calledName);
+        if (!called)
+            continue;
+        const tail = mutationPath(called, functions, seen);
+        if (tail)
+            return [info.name, ...tail];
+    }
+    return undefined;
+}
+function collectPrivilegedStateNamesByContract(contracts, contractsByName) {
+    const directStateNamesByContract = new Map();
+    for (const contract of contracts) {
+        const name = getName(contract);
+        if (name)
+            directStateNamesByContract.set(name, collectDirectPrivilegedStateNames(contract));
+    }
+    const resolvedStateNamesByContract = new Map();
+    for (const contract of contracts) {
+        resolvePrivilegedStateNames(contract, contractsByName, directStateNamesByContract, resolvedStateNamesByContract, new Set());
+    }
+    return resolvedStateNamesByContract;
+}
+function resolvePrivilegedStateNames(contract, contractsByName, directStateNamesByContract, resolvedStateNamesByContract, visiting) {
+    const contractName = getName(contract);
+    if (!contractName)
+        return collectDirectPrivilegedStateNames(contract);
+    const resolved = resolvedStateNamesByContract.get(contractName);
+    if (resolved)
+        return new Set(resolved);
+    const result = new Set(directStateNamesByContract.get(contractName) || []);
+    if (visiting.has(contractName))
+        return result;
+    visiting.add(contractName);
+    for (const baseName of getBaseContractNames(contract)) {
+        const baseContract = contractsByName.get(baseName);
+        if (!baseContract)
+            continue;
+        for (const stateName of resolvePrivilegedStateNames(baseContract, contractsByName, directStateNamesByContract, resolvedStateNamesByContract, visiting)) {
+            result.add(stateName);
+        }
+    }
+    visiting.delete(contractName);
+    resolvedStateNamesByContract.set(contractName, result);
+    return new Set(result);
+}
+function collectDirectPrivilegedStateNames(contract) {
+    const result = new Set();
+    for (const member of getContractMembers(contract)) {
+        if (isNode(member, 'StateVariableDeclaration')) {
+            for (const variable of member.variables || []) {
+                if (variable?.name && isPrivilegedName(String(variable.name)))
+                    result.add(String(variable.name));
+            }
+        }
+        else if (isNode(member, 'VariableDeclaration') && member.stateVariable) {
+            if (member.name && isPrivilegedName(String(member.name)))
+                result.add(String(member.name));
+        }
+    }
+    return result;
+}
+function getBaseContractNames(contract) {
+    const names = [];
+    for (const base of contract?.baseContracts || []) {
+        const rawName = base?.baseName?.namePath || base?.baseName?.name || base?.namePath || base?.name || '';
+        const name = String(rawName).split('.').pop() || '';
+        if (name && !/^\d+$/.test(name))
+            names.push(name);
+    }
+    return names;
+}
+function bodyMutatesCriticalState(body, stateNames) {
+    return walkAny(body, node => isCriticalAssignment(node, stateNames) || isCriticalArrayPush(node, stateNames) || isCriticalRoleOrOwnerCall(node));
+}
+function isCriticalAssignment(node, stateNames) {
+    let left = null;
+    if (isNode(node, 'BinaryOperation')) {
+        const operator = String(node.operator || '');
+        if (!operator.includes('=') || ['==', '===', '!=', '!==', '<=', '>='].includes(operator))
+            return false;
+        left = node.left || node.leftExpression;
+    }
+    else if (isNode(node, 'Assignment')) {
+        if (!String(node.operator || '').includes('='))
+            return false;
+        left = node.leftHandSide;
+    }
+    else {
+        return false;
+    }
+    return expressionTargetsState(left, stateNames);
+}
+function isCriticalArrayPush(node, stateNames) {
+    if (!isNode(node, 'FunctionCall'))
+        return false;
+    const callee = node.expression;
+    if (!isNode(callee, 'MemberAccess') || String(callee.memberName || '') !== 'push')
+        return false;
+    return expressionTargetsState(callee.expression, stateNames);
+}
+function isCriticalRoleOrOwnerCall(node) {
+    if (!isNode(node, 'FunctionCall'))
+        return false;
+    const name = getCallName(node.expression).toLowerCase();
+    const leaf = name.split('.').pop() || name;
+    return CRITICAL_CALL_NAMES.has(leaf) || CRITICAL_CALL_NAMES.has(name);
+}
+function expressionTargetsState(expr, stateNames) {
+    if (!expr || typeof expr !== 'object')
+        return false;
+    if (isNode(expr, 'Identifier'))
+        return stateNames.has(String(expr.name || ''));
+    if (isNode(expr, 'IndexAccess'))
+        return expressionTargetsState(expr.base || expr.baseExpression, stateNames);
+    if (isNode(expr, 'MemberAccess')) {
+        if (stateNames.has(String(expr.memberName || '')))
+            return true;
+        return expressionTargetsState(expr.expression, stateNames);
+    }
+    if (isNode(expr, 'TupleExpression'))
+        return (expr.components || []).some((component) => expressionTargetsState(component, stateNames));
+    return false;
+}
+function collectFunctionLocalNames(fn, body) {
+    const localNames = new Set();
+    for (const parameter of getFunctionParameters(fn)) {
+        if (parameter?.name)
+            localNames.add(String(parameter.name));
+    }
+    walkAny(body, node => {
+        if (!isNode(node, 'VariableDeclarationStatement'))
+            return false;
+        for (const variable of getVariableDeclarations(node)) {
+            if (variable?.name)
+                localNames.add(String(variable.name));
+        }
+        return false;
+    });
+    return localNames;
+}
+function getFunctionParameters(fn) {
+    if (Array.isArray(fn?.parameters))
+        return fn.parameters;
+    if (Array.isArray(fn?.parameters?.parameters))
+        return fn.parameters.parameters;
+    return [];
+}
+function getVariableDeclarations(node) {
+    if (Array.isArray(node?.variables))
+        return node.variables;
+    if (Array.isArray(node?.declarations))
+        return node.declarations;
+    if (node?.variableDeclaration)
+        return [node.variableDeclaration];
+    return [];
+}
+function hasAccessControlGuard(fn, body, stateNames, localNames = new Set()) {
+    for (const modifier of fn.modifiers || []) {
+        const name = getModifierName(modifier).toLowerCase();
+        if (ACCESS_CONTROL_MODIFIERS.has(name))
+            return true;
+    }
+    return containsCallerAuthorizationGuard(body, stateNames, localNames);
+}
+function containsCallerAuthorizationGuard(body, stateNames, localNames = new Set()) {
+    for (const stmt of getBlockStatements(body)) {
+        if (isRequireOrAssertWith(stmt, condition => conditionGuardsCaller(condition, stateNames, localNames)))
+            return true;
+        if (isNode(stmt, 'IfStatement') && conditionDeniesCaller(stmt.condition, stateNames, localNames) && bodyUnconditionallyExits(stmt.trueBody))
+            return true;
+    }
+    return false;
+}
+function isRequireOrAssertWith(stmt, predicate) {
+    if (!isNode(stmt, 'ExpressionStatement'))
+        return false;
+    const expr = stmt.expression;
+    if (!isRequireOrAssertCall(expr))
+        return false;
+    return predicate(expr.arguments?.[0]);
+}
+function isRequireOrAssertCall(expr) {
+    if (!isNode(expr, 'FunctionCall'))
+        return false;
+    const name = getCallName(expr.expression).toLowerCase();
+    return name === 'require' || name === 'assert';
+}
+function conditionGuardsCaller(node, stateNames, localNames = new Set()) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isCallerEqualityCheck(node, stateNames, localNames))
+        return true;
+    if (isRoleMembershipCheck(node))
+        return true;
+    for (const child of childrenOf(node)) {
+        if (conditionGuardsCaller(child, stateNames, localNames))
+            return true;
+    }
+    return false;
+}
+function isCallerEqualityCheck(node, stateNames, localNames = new Set()) {
+    if (!isNode(node, 'BinaryOperation'))
+        return false;
+    const op = String(node.operator || '');
+    if (op !== '==' && op !== '===')
+        return false;
+    const left = node.left || node.leftExpression;
+    const right = node.right || node.rightExpression;
+    return (isMsgSender(left) && isAuthSubject(right, stateNames, localNames)) || (isMsgSender(right) && isAuthSubject(left, stateNames, localNames));
+}
+function isRoleMembershipCheck(node) {
+    if (!isNode(node, 'IndexAccess'))
+        return false;
+    const index = node.index || node.indexExpression;
+    if (isMsgSender(index))
+        return true;
+    return isRoleMembershipCheck(node.base || node.baseExpression);
+}
+function conditionDeniesCaller(node, stateNames, localNames = new Set()) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isNode(node, 'UnaryOperation') && String(node.operator || '') === '!')
+        return conditionGuardsCaller(node.subExpression, stateNames, localNames);
+    if (!isNode(node, 'BinaryOperation'))
+        return false;
+    const op = String(node.operator || '');
+    const left = node.left || node.leftExpression;
+    const right = node.right || node.rightExpression;
+    return (op === '!=' || op === '!==') && ((isMsgSender(left) && isAuthSubject(right, stateNames, localNames)) || (isMsgSender(right) && isAuthSubject(left, stateNames, localNames)));
+}
+function isAuthSubject(node, stateNames, localNames = new Set()) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isNode(node, 'Identifier')) {
+        const name = String(node.name || '');
+        return !localNames.has(name) && stateNames.has(name);
+    }
+    if (isNode(node, 'MemberAccess')) {
+        if (!isPrivilegedName(String(node.memberName || '')))
+            return false;
+        return expressionTargetsState(node.expression, stateNames);
+    }
+    return false;
+}
+function isMsgSender(node) {
+    return isNode(node, 'MemberAccess') &&
+        String(node.memberName || '') === 'sender' &&
+        isNode(node.expression, 'Identifier') &&
+        String(node.expression.name || '') === 'msg';
+}
+function bodyUnconditionallyExits(body) {
+    if (!body || typeof body !== 'object')
+        return false;
+    if (isNode(body, 'Block'))
+        return getBlockStatements(body).some(statementGuaranteesExit);
+    return statementGuaranteesExit(body);
+}
+function statementGuaranteesExit(stmt) {
+    if (!stmt || typeof stmt !== 'object')
+        return false;
+    if (isNode(stmt, 'ThrowStatement') || isNode(stmt, 'RevertStatement'))
+        return true;
+    if (isNode(stmt, 'ExpressionStatement') && isNode(stmt.expression, 'FunctionCall')) {
+        return getCallName(stmt.expression.expression).toLowerCase() === 'revert';
+    }
+    return isNode(stmt, 'Block') && bodyUnconditionallyExits(stmt);
+}
+function collectSameContractCalls(body) {
+    const calls = new Set();
+    walkAny(body, node => {
+        if (!isNode(node, 'FunctionCall'))
+            return false;
+        const name = getCallName(node.expression);
+        if (name)
+            calls.add(name.split('.').pop() || name);
+        return false;
+    });
+    return calls;
+}
+function getCallName(expr) {
+    if (!expr || typeof expr !== 'object')
+        return '';
+    if (isNode(expr, 'Identifier'))
+        return String(expr.name || '');
+    if (isNode(expr, 'MemberAccess')) {
+        const prefix = getCallName(expr.expression);
+        return prefix ? `${prefix}.${String(expr.memberName || '')}` : String(expr.memberName || '');
+    }
+    return '';
+}
+function isPrivilegedName(name) {
+    const normalized = name.length > 1 && name.startsWith('_') ? name.slice(1) : name;
+    return PRIVILEGED_STORAGE_NAMES.test(normalized) || /role/i.test(normalized);
+}
+function isInterfaceOrLibrary(contract) {
+    const kind = String(contract?.kind || contract?.contractKind || '').toLowerCase();
+    return kind === 'interface' || kind === 'library';
+}
+function isConstructor(fn) {
+    return fn?.isConstructor === true || String(fn?.kind || '').toLowerCase() === 'constructor';
+}
+function getModifierName(modifier) {
+    if (!modifier)
+        return '';
+    if (typeof modifier === 'string')
+        return modifier;
+    if (typeof modifier.name === 'string')
+        return modifier.name;
+    if (modifier.name && typeof modifier.name === 'object') {
+        if (typeof modifier.name.name === 'string')
+            return modifier.name.name;
+        if (typeof modifier.name.namePath === 'string')
+            return modifier.name.namePath;
+    }
+    if (modifier.modifierName) {
+        const inner = modifier.modifierName;
+        if (typeof inner === 'string')
+            return inner;
+        if (inner && typeof inner.name === 'string')
+            return inner.name;
+    }
+    return '';
+}
+function functionDisplayName(fn) {
+    if (typeof fn?.name === 'string' && fn.name.length > 0)
+        return fn.name;
+    return '<anonymous>';
+}
+function getName(node) {
+    return typeof node?.name === 'string' ? node.name : '';
+}
+function getFunctionBody(node) {
+    return node?.body || null;
+}
+function getContractMembers(contract) {
+    if (Array.isArray(contract?.subNodes))
+        return contract.subNodes;
+    if (Array.isArray(contract?.nodes))
+        return contract.nodes;
+    return [];
+}
+function getBlockStatements(body) {
+    return Array.isArray(body?.statements) ? body.statements : [];
+}
+function collectContracts(ast) {
+    const out = [];
+    walkContracts(ast, node => out.push(node));
+    return out;
+}
+function collectContractsByName(contracts) {
+    const map = new Map();
+    for (const contract of contracts) {
+        const name = getName(contract);
+        if (name)
+            map.set(name, contract);
+    }
+    return map;
+}
+function walkContracts(node, visit) {
+    if (!node || typeof node !== 'object')
+        return;
+    if (isNode(node, 'ContractDefinition')) {
+        visit(node);
+        return;
+    }
+    for (const child of childrenOf(node))
+        walkContracts(child, visit);
+}
+function isNode(node, kind) {
+    return node?.type === kind || node?.nodeType === kind;
+}
+function walkAny(node, predicate) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (predicate(node))
+        return true;
+    for (const child of childrenOf(node)) {
+        if (walkAny(child, predicate))
+            return true;
+    }
+    return false;
+}
+function childrenOf(node) {
+    if (!node || typeof node !== 'object')
+        return [];
+    const children = [];
+    for (const [key, value] of Object.entries(node)) {
+        if (key === 'loc' || key === 'src' || key === 'range' || key === 'typeDescriptions' || key === 'id')
+            continue;
+        if (Array.isArray(value)) {
+            for (const item of value) {
+                if (item && typeof item === 'object')
+                    children.push(item);
+            }
+        }
+        else if (value && typeof value === 'object') {
+            children.push(value);
+        }
+    }
+    return children;
+}
+function buildLineOffsets(sourceText) {
+    if (sourceText === undefined)
+        return undefined;
+    const lineOffsets = [0];
+    let byteOffset = 0;
+    for (const char of sourceText) {
+        byteOffset += Buffer.byteLength(char, 'utf8');
+        if (char === '\n')
+            lineOffsets.push(byteOffset);
+    }
+    return lineOffsets;
+}
+function getLoc(node, lineOffsets) {
+    if (node?.loc?.start)
+        return node.loc.start;
+    if (!node?.src || !lineOffsets)
+        return undefined;
+    const offset = Number(String(node.src).split(':')[0]);
+    if (!Number.isFinite(offset) || offset < 0)
+        return undefined;
+    let lineIndex = 0;
+    for (let i = 0; i < lineOffsets.length; i++) {
+        if (lineOffsets[i] <= offset)
+            lineIndex = i;
+        else
+            break;
+    }
+    return { line: lineIndex + 1, column: offset - lineOffsets[lineIndex] };
+}
+//# sourceMappingURL=initialization-access-control.js.map