@snovon/solast 0.2.0

package/dist/detectors/missing-access-control.js

@@ -0,0 +1,781 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MissingAccessControlDetector = void 0;
+const ast_1 = require("./_common/ast");
+const RULE_ID = 'missing-access-control';
+const CRITICAL_FUNCTION_NAMES = new Set([
+    'mint',
+    'withdraw',
+    'setowner',
+    'setadmin',
+    'upgrade',
+    'pause',
+]);
+// Recognised guard modifiers come from the canonical
+// `_common/ast.ts:ACCESS_CONTROL_MODIFIERS` set (currently 11 entries:
+// onlyOwner, onlyOwners, onlyRole, onlyAdmin, onlyAuthorized, onlyOperator,
+// onlyOperators, onlyGovernance, onlyGovernor, onlyGuardian, onlyManager).
+// Previously this detector only recognised `onlyOwner` / `onlyRole`,
+// which produced false positives on contracts using equally-canonical
+// modifier names like `onlyAdmin` whose body lives in a base contract
+// not visible to the per-file scan (a true positive there requires
+// roadmap 3.3 cross-file inheritance — see the H.3 regression test).
+// Custom guards (`whenNotPaused`, `requiresAuth`, …) still fall through
+// to the structural body check below.
+const CRITICAL_INTERNAL_MUTATOR_NAMES = new Set([
+    '_mint',
+    '_burn',
+    '_pause',
+    '_unpause',
+    '_upgradeto',
+    '_upgradetoandcall',
+    '_setimplementation',
+    '_transferownership',
+    '_setowner',
+    '_setadmin',
+    '_changeadmin',
+]);
+const PRIVILEGED_STATE_PATTERN = /owner|admin|role|paused|pause|guardian|timelock|governor|fee|treasury|operator/i;
+class MissingAccessControlDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser', 'solc'];
+    currentFile = '';
+    sourceText;
+    semantic = undefined;
+    findings = [];
+    setFile(file) {
+        this.currentFile = file;
+        this.findings = [];
+    }
+    setSourceText(sourceText) {
+        this.sourceText = sourceText;
+    }
+    setSemanticModel(model) {
+        this.semantic = model;
+    }
+    getFindings() {
+        return this.findings;
+    }
+    SourceUnit(ast) {
+        if (ast?.nodeType === 'SourceUnit') {
+            this.findings.push(...this.runAst(ast, this.currentFile, this.sourceText, this.semantic));
+        }
+    }
+    ContractDefinition(node) {
+        if (node?.type !== 'ContractDefinition')
+            return;
+        this.findings.push(...this.runAst(node, this.currentFile, this.sourceText, this.semantic));
+    }
+    scanAst(ast, file, sourceText, ctxArg) {
+        return this.runAst(ast, file, sourceText, ctxArg?.semantic);
+    }
+    runAst(ast, file, sourceText, semantic) {
+        if (!ast || typeof ast !== 'object')
+            return [];
+        const findings = [];
+        const lineOffsets = buildLineOffsets(sourceText);
+        // SemanticModel (roadmap 3.3) lets this detector see inherited
+        // critical functions across contracts — solves H.3
+        // When undefined, the detector behaves exactly as before (per-file
+        // local walk only); the cross-MRO block below is purely additive.
+        walkContracts(ast, contractNode => {
+            const contractName = getName(contractNode) || '<anonymous>';
+            const ctx = {
+                stateVariables: collectStateVariables(contractNode),
+                modifierBodies: collectModifierBodies(contractNode),
+            };
+            // Track function names already iterated locally so the inherited
+            // walk below doesn't double-fire when Derived overrides Base.fn().
+            const localFnNamesLower = new Set();
+            for (const fn of getContractMembers(contractNode, 'FunctionDefinition')) {
+                const functionName = getName(fn);
+                if (!functionName)
+                    continue;
+                localFnNamesLower.add(functionName.toLowerCase());
+                const lname = functionName.toLowerCase();
+                if (!CRITICAL_FUNCTION_NAMES.has(lname))
+                    continue;
+                if (!isExternallyCallable(fn))
+                    continue;
+                const body = getFunctionBody(fn);
+                if (!body)
+                    continue;
+                const params = collectParameterNames(fn);
+                if (!containsStateMutationOrFundTransfer(body, ctx))
+                    continue;
+                if (hasRecognizedModifierGuard(fn, ctx))
+                    continue;
+                if (hasInlineGuardBeforeMutation(body, ctx, params))
+                    continue;
+                if (lname === 'withdraw' && isUserPullPayment(body, ctx))
+                    continue;
+                const loc = getLoc(fn, lineOffsets) || { line: 0, column: 0 };
+                findings.push({
+                    file,
+                    contract: contractName,
+                    'function': functionName,
+                    line: loc.line,
+                    endLine: loc.line,
+                    column: loc.column,
+                    pattern: RULE_ID,
+                    confidence: 'high',
+                    ruleId: RULE_ID,
+                    severity: 'high',
+                    message: `Externally callable critical function '${functionName}' has no recognized access-control guard; ` +
+                        `add onlyOwner, onlyRole(DEFAULT_ADMIN_ROLE), or an explicit msg.sender owner/admin require check.`,
+                    rationale: `Critical mutator '${functionName}' is reachable by any account and lacks a recognized modifier or ` +
+                        `inline owner/admin/role guard, matching the missing-access-control exploit class (issue #500).`,
+                    suggestedFix: `Restrict '${functionName}' to authorized callers using onlyOwner, onlyRole(DEFAULT_ADMIN_ROLE), ` +
+                        `or an inline require(msg.sender == owner/admin) guard before any state mutation.`,
+                    contractName,
+                    functionName,
+                    sourceLocation: { line: loc.line, column: loc.column },
+                    findingId: '',
+                    contractHash: '',
+                });
+            }
+            // === SemanticModel adoption (roadmap 3.3 / H.3 fix) ===
+            //
+            // After the local walk, also check inherited critical functions.
+            // `inheritedFunctions(myId)` returns the MRO-deduplicated list of
+            // functions visible on `contractNode`, with most-derived-wins
+            // semantics. We skip functions already iterated locally (so
+            // overrides don't double-fire) and run the SAME guard checks
+            // against the inherited function — but using the DECLARING
+            // contract's modifier / state-var context, so a modifier defined
+            // in Base can still be resolved for Base.setAdmin.
+            //
+            // Finding loc points at the CURRENT contract's definition line
+            // in the current file (the surface the user can call), not at
+            // Base.sol (which fires separately via its own local walk when
+            // Base.sol is also in the scan). The finding's `function` field
+            // carries the inherited name so the operator can locate it.
+            if (semantic) {
+                const myId = `${file}::${contractName}`;
+                const myInfo = semantic.contracts.get(myId);
+                if (myInfo && myInfo.bases.length > 0) {
+                    for (const inheritedFn of semantic.inheritedFunctions(myId)) {
+                        // Functions declared locally are handled above; skip.
+                        if (inheritedFn.contractId === myId)
+                            continue;
+                        const inheritedName = inheritedFn.name;
+                        if (!inheritedName)
+                            continue;
+                        const inheritedLower = inheritedName.toLowerCase();
+                        if (!CRITICAL_FUNCTION_NAMES.has(inheritedLower))
+                            continue;
+                        // Local override (already iterated) -- skip even if local
+                        // walk didn't emit (it had its own reason).
+                        if (localFnNamesLower.has(inheritedLower))
+                            continue;
+                        const inheritedNode = inheritedFn.node;
+                        if (!isExternallyCallable(inheritedNode))
+                            continue;
+                        const declarer = semantic.contracts.get(inheritedFn.contractId);
+                        if (!declarer || !declarer.node)
+                            continue;
+                        // Use the declaring contract's state-vars + modifier-bodies
+                        // so guard checks resolve against the function's actual scope.
+                        const declarerCtx = {
+                            stateVariables: collectStateVariables(declarer.node),
+                            modifierBodies: collectModifierBodies(declarer.node),
+                        };
+                        const body = getFunctionBody(inheritedNode);
+                        if (!body)
+                            continue;
+                        const params = collectParameterNames(inheritedNode);
+                        if (!containsStateMutationOrFundTransfer(body, declarerCtx))
+                            continue;
+                        if (hasRecognizedModifierGuard(inheritedNode, declarerCtx))
+                            continue;
+                        if (hasInlineGuardBeforeMutation(body, declarerCtx, params))
+                            continue;
+                        if (inheritedLower === 'withdraw' && isUserPullPayment(body, declarerCtx))
+                            continue;
+                        // Loc: current contract's definition line in the current file.
+                        // Falls back to line 1 col 0 if the contract AST lacks a loc
+                        // (defensive — line 0 is banned per docs/findings-taxonomy).
+                        const contractLoc = getLoc(contractNode, lineOffsets) || { line: 1, column: 0 };
+                        findings.push({
+                            file,
+                            contract: contractName,
+                            'function': inheritedName,
+                            line: contractLoc.line,
+                            endLine: contractLoc.line,
+                            column: contractLoc.column,
+                            pattern: RULE_ID,
+                            confidence: 'high',
+                            ruleId: RULE_ID,
+                            severity: 'high',
+                            message: `Externally callable critical function '${inheritedName}' inherited from ${declarer.name} ` +
+                                `has no recognized access-control guard; add onlyOwner, onlyRole(DEFAULT_ADMIN_ROLE), or ` +
+                                `an explicit msg.sender owner/admin require check on the inherited function or override it in ${contractName}.`,
+                            rationale: `Critical mutator '${inheritedName}' is reachable through ${contractName}'s inheritance ` +
+                                `from ${declarer.name} and lacks a recognized modifier or inline guard.`,
+                            suggestedFix: `Override '${inheritedName}' in ${contractName} with a recognized access-control modifier, ` +
+                                `or restrict access in ${declarer.name}.`,
+                            contractName,
+                            functionName: inheritedName,
+                            sourceLocation: { line: contractLoc.line, column: contractLoc.column },
+                            // Discriminator for computeFindingId: all inherited findings on
+                            // a single derived contract share (file, line, ruleId) because
+                            // they're anchored at the contract definition line. Without
+                            // this, a derived contract inheriting two unguarded critical
+                            // functions (e.g. `setOwner` + `pause`) would emit two findings
+                            // with identical findingId and the downstream dedup engine
+                            // would silently drop one. See the round-2 panel review
+                            // (`dup-find-id` / `findingid-col` / `findingid-coll`) on PR
+                            // #1999 — pinned by the inherited-multi-critical regression
+                            // test added in the same PR.
+                            instance_key: `${contractName}::${inheritedName}`,
+                            findingId: '',
+                            contractHash: '',
+                        });
+                    }
+                }
+            }
+        });
+        return findings;
+    }
+}
+exports.MissingAccessControlDetector = MissingAccessControlDetector;
+function hasRecognizedModifierGuard(fn, ctx) {
+    for (const mod of fn.modifiers || []) {
+        const modName = getModifierInvocationName(mod);
+        if (!modName)
+            continue;
+        if ((0, ast_1.isAccessControlModifierName)(modName))
+            return true;
+        const body = ctx.modifierBodies.get(modName);
+        if (!body)
+            continue;
+        if (containsRecognizedAuthCheck(body, ctx, new Set()))
+            return true;
+    }
+    return false;
+}
+function hasInlineGuardBeforeMutation(body, ctx, params) {
+    const statements = getStatementList(body);
+    for (const stmt of statements) {
+        if (isRecognizedGuardStatement(stmt, ctx, params))
+            return true;
+        if (isMeaningfulAction(stmt))
+            return false;
+    }
+    return false;
+}
+function isRecognizedGuardStatement(stmt, ctx, params) {
+    if (!stmt)
+        return false;
+    const expression = isNode(stmt, 'ExpressionStatement') ? stmt.expression : null;
+    if (!expression)
+        return false;
+    return isRecognizedAuthCheck(expression, ctx, params);
+}
+function isMeaningfulAction(stmt) {
+    if (!stmt)
+        return false;
+    if (isNode(stmt, 'ExpressionStatement')) {
+        const expression = stmt.expression;
+        if (!expression)
+            return false;
+        if (isAssignmentExpression(expression))
+            return true;
+        if (isUnaryMutation(expression))
+            return true;
+        if (isNode(expression, 'FunctionCall')) {
+            const callee = (getCallExpressionName(expression) || '').toLowerCase();
+            if (callee === 'require' || callee === 'assert')
+                return false;
+            return true;
+        }
+        return false;
+    }
+    if (isNode(stmt, 'IfStatement') ||
+        isNode(stmt, 'ForStatement') ||
+        isNode(stmt, 'WhileStatement') ||
+        isNode(stmt, 'DoWhileStatement') ||
+        isNode(stmt, 'Return') ||
+        isNode(stmt, 'ReturnStatement') ||
+        isNode(stmt, 'EmitStatement')) {
+        return true;
+    }
+    if (isNode(stmt, 'VariableDeclarationStatement')) {
+        return false;
+    }
+    return false;
+}
+function containsRecognizedAuthCheck(node, ctx, params) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isRecognizedAuthCheck(node, ctx, params))
+        return true;
+    for (const child of childrenOf(node)) {
+        if (containsRecognizedAuthCheck(child, ctx, params))
+            return true;
+    }
+    return false;
+}
+function isRecognizedAuthCheck(expr, ctx, params) {
+    if (!expr || !isNode(expr, 'FunctionCall'))
+        return false;
+    const callee = (getCallExpressionName(expr) || '').toLowerCase();
+    const args = getCallArguments(expr);
+    if (callee === 'require' || callee === 'assert') {
+        return args.some(arg => isPrivilegedSenderEquality(arg, ctx, params) || isHasRoleSenderCall(arg));
+    }
+    if (callee === '_checkrole' || callee === 'checkrole' || callee.endsWith('._checkrole')) {
+        return true;
+    }
+    return false;
+}
+function isPrivilegedSenderEquality(expr, ctx, params) {
+    if (!expr || !isNode(expr, 'BinaryOperation'))
+        return false;
+    if (getOperator(expr) !== '==' && getOperator(expr) !== '===')
+        return false;
+    const left = expr.left ?? expr.leftExpression;
+    const right = expr.right ?? expr.rightExpression;
+    if (isMsgSender(left) && !isMsgSender(right)) {
+        return isPrivilegedAuthorityReference(right, ctx, params);
+    }
+    if (isMsgSender(right) && !isMsgSender(left)) {
+        return isPrivilegedAuthorityReference(left, ctx, params);
+    }
+    return false;
+}
+function isPrivilegedAuthorityReference(expr, ctx, params) {
+    const root = getReferenceRoot(expr);
+    if (!root)
+        return false;
+    if (params.has(root))
+        return false;
+    if (!ctx.stateVariables.has(root))
+        return false;
+    return PRIVILEGED_STATE_PATTERN.test(root);
+}
+function isHasRoleSenderCall(expr) {
+    if (!expr || !isNode(expr, 'FunctionCall'))
+        return false;
+    const callee = (getCallExpressionName(expr) || '').toLowerCase();
+    if (callee !== 'hasrole' && !callee.endsWith('.hasrole'))
+        return false;
+    return getCallArguments(expr).some(isMsgSender);
+}
+function containsStateMutationOrFundTransfer(body, ctx) {
+    let found = false;
+    walk(body, node => {
+        if (found)
+            return;
+        if (isStateMutation(node, ctx)) {
+            found = true;
+            return;
+        }
+        if (isNode(node, 'FunctionCall')) {
+            if (getPayoutRecipient(node) !== null) {
+                found = true;
+                return;
+            }
+            if (isCriticalInternalMutatorCall(node)) {
+                found = true;
+            }
+        }
+    });
+    return found;
+}
+function isCriticalInternalMutatorCall(call) {
+    const callee = call?.expression;
+    if (!callee || !isNode(callee, 'Identifier'))
+        return false;
+    const name = getName(callee);
+    if (!name)
+        return false;
+    return CRITICAL_INTERNAL_MUTATOR_NAMES.has(name.toLowerCase());
+}
+function isStateMutation(node, ctx) {
+    if (isAssignmentExpression(node)) {
+        const left = node.left ?? node.leftHandSide;
+        const root = getReferenceRoot(left);
+        return !!root && ctx.stateVariables.has(root);
+    }
+    if (isUnaryMutation(node)) {
+        const target = node.subExpression ?? node.vSubExpression;
+        const root = getReferenceRoot(target);
+        return !!root && ctx.stateVariables.has(root);
+    }
+    return false;
+}
+function isUserPullPayment(body, ctx) {
+    let sawCallerIndexedStateWrite = false;
+    let sawCallerDirectedPayout = false;
+    let foundNonCallerIndexedStateMutation = false;
+    let foundForeignTransfer = false;
+    walk(body, node => {
+        if (isStateMutation(node, ctx)) {
+            const left = node.left ?? node.leftHandSide;
+            const target = left ?? node.subExpression ?? node.vSubExpression;
+            const root = getReferenceRoot(target);
+            if (root && ctx.stateVariables.has(root) && isCallerIndexedStateReference(target)) {
+                sawCallerIndexedStateWrite = true;
+            }
+            else {
+                foundNonCallerIndexedStateMutation = true;
+            }
+        }
+        if (isNode(node, 'FunctionCall')) {
+            const recipient = getPayoutRecipient(node);
+            if (recipient !== null) {
+                if (recipient === 'caller')
+                    sawCallerDirectedPayout = true;
+                else
+                    foundForeignTransfer = true;
+            }
+        }
+    });
+    return (sawCallerIndexedStateWrite &&
+        sawCallerDirectedPayout &&
+        !foundNonCallerIndexedStateMutation &&
+        !foundForeignTransfer);
+}
+function getValueTransferRecipient(call) {
+    const recipient = getNativeValueTransferRecipient(call);
+    if (recipient === 'caller')
+        return 'msg.sender';
+    if (recipient === 'other')
+        return 'other';
+    return null;
+}
+function getPayoutRecipient(call) {
+    const valueRecipient = getNativeValueTransferRecipient(call);
+    if (valueRecipient !== null)
+        return valueRecipient;
+    const callee = call.expression;
+    if (!callee || !isNode(callee, 'MemberAccess'))
+        return null;
+    if (String(callee.memberName || '').toLowerCase() !== 'transfer')
+        return null;
+    const args = getCallArguments(call);
+    if (args.length < 2)
+        return null;
+    return isCallerExpression(args[0]) ? 'caller' : 'other';
+}
+function getNativeValueTransferRecipient(call) {
+    const callee = call.expression;
+    if (!callee)
+        return null;
+    if (isNode(callee, 'MemberAccess')) {
+        const member = String(callee.memberName || '').toLowerCase();
+        if ((member === 'transfer' || member === 'send') && getCallArguments(call).length === 1) {
+            return resolveRecipient(callee.expression);
+        }
+    }
+    if (isNode(callee, 'NameValueExpression')) {
+        const inner = callee.expression;
+        if (isNode(inner, 'MemberAccess') &&
+            String(inner.memberName || '').toLowerCase() === 'call' &&
+            nameValueExpressionHasValue(callee)) {
+            return resolveRecipient(inner.expression);
+        }
+    }
+    if (isNode(callee, 'FunctionCallOptions')) {
+        const inner = callee.expression;
+        if (isNode(inner, 'MemberAccess') &&
+            String(inner.memberName || '').toLowerCase() === 'call' &&
+            nameValueExpressionHasValue(callee)) {
+            return resolveRecipient(inner.expression);
+        }
+    }
+    return null;
+}
+function resolveRecipient(expr) {
+    if (isCallerExpression(expr))
+        return 'caller';
+    if (isNode(expr, 'FunctionCall')) {
+        const callee = expr.expression;
+        if (isNode(callee, 'ElementaryTypeName') ||
+            isNode(callee, 'ElementaryTypeNameExpression') ||
+            (isNode(callee, 'Identifier') && (getName(callee) === 'address' || getName(callee) === 'payable'))) {
+            const args = getCallArguments(expr);
+            if (args.length === 1 && resolveRecipient(args[0]) === 'caller')
+                return 'caller';
+        }
+    }
+    return 'other';
+}
+function isCallerIndexedStateReference(expr) {
+    if (!expr)
+        return false;
+    if (isNode(expr, 'IndexAccess')) {
+        const index = expr.index ?? expr.indexExpression;
+        if (isCallerExpression(index))
+            return true;
+        return isCallerIndexedStateReference(expr.base ?? expr.baseExpression);
+    }
+    if (isNode(expr, 'MemberAccess')) {
+        return isCallerIndexedStateReference(expr.expression);
+    }
+    return false;
+}
+function nameValueExpressionHasValue(expr) {
+    const names = Array.isArray(expr.names)
+        ? expr.names
+        : Array.isArray(expr.options?.names)
+            ? expr.options.names
+            : Array.isArray(expr.arguments?.names)
+                ? expr.arguments.names
+                : [];
+    if (names.some(name => String(name).toLowerCase() === 'value'))
+        return true;
+    const optionEntries = Array.isArray(expr.options)
+        ? expr.options
+        : Array.isArray(expr.arguments)
+            ? expr.arguments
+            : [];
+    if (optionEntries.some((option) => String(option?.name || option?.keyName || '').toLowerCase() === 'value')) {
+        return true;
+    }
+    return false;
+}
+function isAssignmentExpression(expr) {
+    if (!expr)
+        return false;
+    if (isNode(expr, 'Assignment'))
+        return true;
+    if (isNode(expr, 'BinaryOperation')) {
+        const op = getOperator(expr);
+        return ['=', '+=', '-=', '*=', '/=', '%=', '&=', '|=', '^=', '<<=', '>>=', '>>>='].includes(op);
+    }
+    return false;
+}
+function isUnaryMutation(expr) {
+    if (!expr || !isNode(expr, 'UnaryOperation'))
+        return false;
+    const op = getOperator(expr);
+    return op === '++' || op === '--' || op === 'delete';
+}
+function isMsgSender(expr) {
+    if (!expr || !isNode(expr, 'MemberAccess'))
+        return false;
+    if ((expr.memberName || '') !== 'sender')
+        return false;
+    const inner = expr.expression;
+    return inner && isNode(inner, 'Identifier') && getName(inner) === 'msg';
+}
+function isCallerExpression(expr) {
+    if (isMsgSender(expr))
+        return true;
+    if (!expr || !isNode(expr, 'FunctionCall'))
+        return false;
+    const callee = expr.expression;
+    if (!callee || !isNode(callee, 'Identifier'))
+        return false;
+    return getName(callee) === '_msgSender' && getCallArguments(expr).length === 0;
+}
+function getReferenceRoot(expr) {
+    if (!expr)
+        return '';
+    if (isNode(expr, 'Identifier'))
+        return getName(expr);
+    if (isNode(expr, 'IndexAccess')) {
+        return getReferenceRoot(expr.base ?? expr.baseExpression);
+    }
+    if (isNode(expr, 'MemberAccess')) {
+        return getReferenceRoot(expr.expression);
+    }
+    return '';
+}
+function getCallExpressionName(call) {
+    if (!call)
+        return '';
+    const callee = call.expression;
+    if (!callee)
+        return '';
+    if (isNode(callee, 'Identifier'))
+        return getName(callee);
+    if (isNode(callee, 'MemberAccess')) {
+        const inner = callee.expression;
+        const innerName = inner ? getCallExpressionNameFromExpression(inner) : '';
+        const memberName = callee.memberName || '';
+        return innerName ? `${innerName}.${memberName}` : memberName;
+    }
+    if (isNode(callee, 'NameValueExpression')) {
+        return getCallExpressionName({ expression: callee.expression });
+    }
+    return '';
+}
+function getCallExpressionNameFromExpression(expr) {
+    if (!expr)
+        return '';
+    if (isNode(expr, 'Identifier'))
+        return getName(expr);
+    if (isNode(expr, 'MemberAccess')) {
+        const inner = expr.expression;
+        const innerName = inner ? getCallExpressionNameFromExpression(inner) : '';
+        const memberName = expr.memberName || '';
+        return innerName ? `${innerName}.${memberName}` : memberName;
+    }
+    return '';
+}
+function collectStateVariables(contractNode) {
+    const stateVars = new Set();
+    for (const member of getContractMembers(contractNode, 'StateVariableDeclaration')) {
+        for (const variable of member.variables || []) {
+            if (variable?.name)
+                stateVars.add(variable.name);
+        }
+    }
+    for (const member of getContractMembers(contractNode, 'VariableDeclaration')) {
+        if (member?.stateVariable && member.name)
+            stateVars.add(member.name);
+    }
+    return stateVars;
+}
+function collectModifierBodies(contractNode) {
+    const map = new Map();
+    for (const member of getContractMembers(contractNode, 'ModifierDefinition')) {
+        const modName = getName(member);
+        if (modName && member.body)
+            map.set(modName, member.body);
+    }
+    return map;
+}
+function collectParameterNames(fn) {
+    const params = new Set();
+    const list = fn.parameters?.parameters || fn.parameters || [];
+    for (const param of list) {
+        if (param?.name)
+            params.add(param.name);
+    }
+    return params;
+}
+function getContractMembers(contractNode, kind) {
+    const members = [];
+    const lists = [contractNode.subNodes, contractNode.nodes];
+    for (const list of lists) {
+        if (!Array.isArray(list))
+            continue;
+        for (const child of list) {
+            if (child && (child.type === kind || child.nodeType === kind)) {
+                members.push(child);
+            }
+        }
+    }
+    return members;
+}
+function getFunctionBody(fn) {
+    return fn?.body || null;
+}
+function getStatementList(body) {
+    if (!body)
+        return [];
+    if (Array.isArray(body.statements))
+        return body.statements;
+    return [];
+}
+function isExternallyCallable(fn) {
+    const kind = String(fn.kind || (fn.isConstructor ? 'constructor' : '') || 'function').toLowerCase();
+    if (kind === 'constructor')
+        return false;
+    const visibility = String(fn.visibility || '').toLowerCase();
+    return visibility === 'public' || visibility === 'external';
+}
+function getModifierInvocationName(mod) {
+    if (!mod)
+        return '';
+    if (mod.modifierName) {
+        if (typeof mod.modifierName === 'string')
+            return mod.modifierName;
+        if (mod.modifierName.name)
+            return String(mod.modifierName.name);
+    }
+    if (mod.name) {
+        if (typeof mod.name === 'string')
+            return mod.name;
+        if (mod.name.name)
+            return String(mod.name.name);
+        if (mod.name.namePath)
+            return String(mod.name.namePath);
+    }
+    return '';
+}
+function walkContracts(node, visit) {
+    if (!node || typeof node !== 'object')
+        return;
+    if (isNode(node, 'ContractDefinition'))
+        visit(node);
+    for (const child of childrenOf(node))
+        walkContracts(child, visit);
+}
+function walk(node, visitor) {
+    if (!node || typeof node !== 'object')
+        return;
+    visitor(node);
+    for (const child of childrenOf(node))
+        walk(child, visitor);
+}
+function childrenOf(node) {
+    if (!node || typeof node !== 'object')
+        return [];
+    const children = [];
+    for (const [key, value] of Object.entries(node)) {
+        if (key === 'loc' || key === 'src' || key === 'range' || key === 'typeDescriptions')
+            continue;
+        if (Array.isArray(value)) {
+            for (const item of value) {
+                if (item && typeof item === 'object')
+                    children.push(item);
+            }
+        }
+        else if (value && typeof value === 'object') {
+            children.push(value);
+        }
+    }
+    return children;
+}
+function isNode(node, kind) {
+    return node?.type === kind || node?.nodeType === kind;
+}
+function getName(node) {
+    if (!node)
+        return '';
+    if (typeof node.name === 'string')
+        return node.name;
+    return '';
+}
+function getOperator(node) {
+    return String(node?.operator || '');
+}
+function getCallArguments(call) {
+    return Array.isArray(call?.arguments) ? call.arguments : [];
+}
+function buildLineOffsets(sourceText) {
+    if (sourceText === undefined)
+        return undefined;
+    const lineOffsets = [0];
+    let byteOffset = 0;
+    for (const char of sourceText) {
+        byteOffset += Buffer.byteLength(char, 'utf8');
+        if (char === '\n')
+            lineOffsets.push(byteOffset);
+    }
+    return lineOffsets;
+}
+function getLoc(node, lineOffsets) {
+    if (node?.loc?.start)
+        return { line: node.loc.start.line, column: node.loc.start.column };
+    if (!node?.src || !lineOffsets)
+        return undefined;
+    const offset = Number(String(node.src).split(':')[0]);
+    if (!Number.isFinite(offset) || offset < 0)
+        return undefined;
+    let lineIndex = 0;
+    for (let i = 0; i < lineOffsets.length; i++) {
+        if (lineOffsets[i] <= offset)
+            lineIndex = i;
+        else
+            break;
+    }
+    return { line: lineIndex + 1, column: offset - lineOffsets[lineIndex] };
+}
+//# sourceMappingURL=missing-access-control.js.map