@snovon/solast 0.2.0

package/dist/detectors/oracle-manipulation-amm-spot-price.js

@@ -0,0 +1,321 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OracleManipulationAmmSpotPriceDetector = void 0;
+const ast_1 = require("./_common/ast");
+const oracle_1 = require("./_common/oracle");
+const RULE_ID = 'oracle-manipulation-amm-spot-price';
+const PATTERN = `${RULE_ID}/spot-price-sensitive-sink`;
+const EMPTY_PROVENANCE = {
+    spot: false,
+    twap: false,
+    checked: false,
+};
+class OracleManipulationAmmSpotPriceDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    descriptor = {
+        id: RULE_ID,
+        shortDescription: 'AMM spot price flows into sensitive financial logic without TWAP protection.',
+        helpUri: 'https://snovon.com/',
+        defaultSeverity: 'high',
+        help: 'Flags getReserves(), slot0(), and router spot quotes that flow into liquidation, borrowing, minting, swapping, redemption, or seizure sinks without a TWAP/reference derivation or direct deviation bound.',
+    };
+    currentFile = '';
+    findings = [];
+    contractStack = [];
+    currentFunction = null;
+    setFile(file) {
+        this.currentFile = file;
+        this.findings = [];
+        this.contractStack = [];
+        this.currentFunction = null;
+    }
+    getFindings() {
+        return this.findings;
+    }
+    ContractDefinition(node) {
+        this.contractStack.push(typeof node?.name === 'string' && node.name ? node.name : '<anonymous>');
+    }
+    ['ContractDefinition:exit']() {
+        this.contractStack.pop();
+    }
+    FunctionDefinition(node) {
+        this.currentFunction = null;
+        if (!(0, ast_1.isNode)(node, 'FunctionDefinition') || !node.body)
+            return;
+        this.currentFunction = {
+            node,
+            name: typeof node.name === 'string' && node.name ? node.name : '<anonymous>',
+            vulnerableSink: null,
+            vars: new Map(),
+            nodes: new Map(),
+        };
+    }
+    ['FunctionDefinition:exit'](node) {
+        const fn = this.currentFunction;
+        if (!fn || fn.node !== node)
+            return;
+        if (fn.vulnerableSink)
+            this.addFinding(fn, fn.vulnerableSink);
+        this.currentFunction = null;
+    }
+    Identifier(node) {
+        const fn = this.currentFunction;
+        if (!fn || typeof node?.name !== 'string')
+            return;
+        this.setNodeProvenance(node, this.variableProvenance(node.name));
+    }
+    FunctionCall(node) {
+        const fn = this.currentFunction;
+        if (!fn)
+            return;
+        const name = getCalleeName(node.expression);
+        if (oracle_1.AMM_SPOT_SOURCES.has(name)) {
+            this.setNodeProvenance(node, { spot: true, twap: false, checked: false });
+        }
+        else if (oracle_1.TWAP_CALLS.has(name)) {
+            this.setNodeProvenance(node, { spot: false, twap: true, checked: false });
+        }
+    }
+    ['FunctionCall:exit'](node) {
+        const fn = this.currentFunction;
+        if (!fn)
+            return;
+        const name = getCalleeName(node.expression);
+        let provenance = this.nodeProvenance(node);
+        if (oracle_1.AMM_SPOT_SOURCES.has(name)) {
+            provenance = union(provenance, { spot: true, twap: false, checked: false });
+        }
+        else if (oracle_1.TWAP_CALLS.has(name)) {
+            provenance = union(provenance, { spot: false, twap: true, checked: false });
+        }
+        for (const arg of node.arguments || []) {
+            provenance = union(provenance, this.nodeProvenance(arg));
+        }
+        this.setNodeProvenance(node, provenance);
+        if ((name === 'require' || name === 'assert') && node.arguments?.[0]) {
+            this.markDeviationChecked(node.arguments[0]);
+            return;
+        }
+        const lowerName = name.toLowerCase();
+        if ((oracle_1.SINK_CALL_NAMES.has(name) || oracle_1.SINK_CALL_NAMES.has(lowerName)) && !fn.vulnerableSink) {
+            for (const arg of node.arguments || []) {
+                if (isUnsafeSpot(this.nodeProvenance(arg))) {
+                    fn.vulnerableSink = node;
+                    break;
+                }
+            }
+        }
+    }
+    ['VariableDeclarationStatement:exit'](node) {
+        const fn = this.currentFunction;
+        if (!fn)
+            return;
+        const provenance = this.nodeProvenance(node.initialValue);
+        if (!hasProvenance(provenance))
+            return;
+        for (const variable of declaredVariables(node)) {
+            if (typeof variable?.name === 'string' && variable.name) {
+                fn.vars.set(variable.name, mergeVariable(fn.vars.get(variable.name), provenance));
+            }
+        }
+        this.setNodeProvenance(node, provenance);
+    }
+    ['Assignment:exit'](node) {
+        this.recordAssignment(node.leftHandSide ?? node.left, node.rightHandSide ?? node.right, node);
+    }
+    ['BinaryOperation:exit'](node) {
+        const left = node.left ?? node.leftExpression ?? node.leftHandSide;
+        const right = node.right ?? node.rightExpression ?? node.rightHandSide;
+        if (isAssignmentOperator(node.operator))
+            this.recordAssignment(left, right, node);
+        this.setNodeProvenance(node, union(this.nodeProvenance(node), this.nodeProvenance(left), this.nodeProvenance(right)));
+    }
+    ['UnaryOperation:exit'](node) {
+        this.setNodeProvenance(node, union(this.nodeProvenance(node.subExpression)));
+    }
+    ['TypeConversion:exit'](node) {
+        this.setNodeProvenance(node, union(...(node.arguments || []).map((arg) => this.nodeProvenance(arg))));
+    }
+    ['MemberAccess:exit'](node) {
+        this.setNodeProvenance(node, this.nodeProvenance(node.expression));
+    }
+    ['IndexAccess:exit'](node) {
+        this.setNodeProvenance(node, union(this.nodeProvenance(node.base), this.nodeProvenance(node.index)));
+    }
+    ['TupleExpression:exit'](node) {
+        this.setNodeProvenance(node, union(...(node.components || []).map((component) => this.nodeProvenance(component))));
+    }
+    ['Conditional:exit'](node) {
+        this.setNodeProvenance(node, union(this.nodeProvenance(node.trueExpression), this.nodeProvenance(node.falseExpression)));
+    }
+    recordAssignment(left, right, node) {
+        const fn = this.currentFunction;
+        if (!fn || !left || !right)
+            return;
+        const provenance = this.nodeProvenance(right);
+        if (!hasProvenance(provenance))
+            return;
+        for (const name of assignmentTargets(left)) {
+            fn.vars.set(name, mergeVariable(fn.vars.get(name), provenance));
+        }
+        this.setNodeProvenance(node, provenance);
+    }
+    markDeviationChecked(condition) {
+        if (!condition || typeof condition !== 'object')
+            return;
+        if ((0, ast_1.isNode)(condition, 'BinaryOperation') && isRelationalOperator(condition.operator)) {
+            const left = condition.left ?? condition.leftExpression ?? condition.leftHandSide;
+            const right = condition.right ?? condition.rightExpression ?? condition.rightHandSide;
+            const leftProv = this.nodeProvenance(left);
+            const rightProv = this.nodeProvenance(right);
+            if (leftProv.spot && rightProv.twap)
+                this.markSpotIdentifiersChecked(left);
+            if (rightProv.spot && leftProv.twap)
+                this.markSpotIdentifiersChecked(right);
+        }
+        for (const child of expressionChildren(condition)) {
+            this.markDeviationChecked(child);
+        }
+    }
+    markSpotIdentifiersChecked(node) {
+        const fn = this.currentFunction;
+        if (!fn)
+            return;
+        for (const identifier of identifiersIn(node)) {
+            const current = fn.vars.get(identifier);
+            if (current?.spot)
+                fn.vars.set(identifier, { ...current, checked: true });
+        }
+    }
+    nodeProvenance(node) {
+        const fn = this.currentFunction;
+        if (!fn || !node || typeof node !== 'object')
+            return EMPTY_PROVENANCE;
+        return fn.nodes.get(node) || EMPTY_PROVENANCE;
+    }
+    variableProvenance(name) {
+        const fn = this.currentFunction;
+        if (!fn)
+            return EMPTY_PROVENANCE;
+        return fn.vars.get(name) || EMPTY_PROVENANCE;
+    }
+    setNodeProvenance(node, provenance) {
+        const fn = this.currentFunction;
+        if (!fn || !node || typeof node !== 'object' || !hasProvenance(provenance))
+            return;
+        fn.nodes.set(node, provenance);
+    }
+    addFinding(fn, sinkNode) {
+        const loc = (0, ast_1.assertLoc)(sinkNode, fn.node);
+        const contract = this.contractStack[this.contractStack.length - 1] || '<anonymous>';
+        this.findings.push({
+            file: this.currentFile,
+            contract,
+            'function': fn.name,
+            line: loc.line,
+            endLine: loc.endLine,
+            column: loc.column,
+            endColumn: loc.endColumn,
+            ruleId: RULE_ID,
+            pattern: PATTERN,
+            severity: 'high',
+            confidence: 'high',
+            category: 'oracle-manipulation',
+            message: `Oracle manipulation risk in function '${fn.name}': AMM spot price data flows into sensitive financial logic without TWAP protection.`,
+            rationale: 'Same-block AMM spot reads such as getReserves(), slot0(), and router quotes can be manipulated before liquidation, borrow, mint, swap, redeem, or seize logic consumes them.',
+            suggestedFix: 'Use a TWAP or manipulation-resistant oracle such as Chainlink, or bound the spot value against an independent TWAP/reference price before using it in settlement logic.',
+            findingId: '',
+            contractHash: '',
+            contractName: contract,
+            functionName: fn.name,
+            sourceLocation: { line: loc.line, column: loc.column },
+        });
+    }
+}
+exports.OracleManipulationAmmSpotPriceDetector = OracleManipulationAmmSpotPriceDetector;
+function getCalleeName(expr) {
+    if (!expr || typeof expr !== 'object')
+        return '';
+    if ((0, ast_1.isNode)(expr, 'Identifier'))
+        return expr.name || '';
+    if ((0, ast_1.isNode)(expr, 'MemberAccess'))
+        return expr.memberName || '';
+    if ((0, ast_1.isNode)(expr, 'FunctionCallOptions') || (0, ast_1.isNode)(expr, 'NameValueExpression'))
+        return getCalleeName(expr.expression);
+    return '';
+}
+function declaredVariables(node) {
+    if (Array.isArray(node?.variables))
+        return node.variables.filter(Boolean);
+    if (Array.isArray(node?.declarations))
+        return node.declarations.filter(Boolean);
+    return [];
+}
+function assignmentTargets(node) {
+    if (!node || typeof node !== 'object')
+        return [];
+    if (((0, ast_1.isNode)(node, 'Identifier') || (0, ast_1.isNode)(node, 'VariableDeclaration')) && typeof node.name === 'string') {
+        return [node.name];
+    }
+    if ((0, ast_1.isNode)(node, 'TupleExpression')) {
+        return (node.components || []).flatMap((component) => assignmentTargets(component));
+    }
+    return [];
+}
+function union(...items) {
+    return {
+        spot: items.some(item => item.spot),
+        twap: items.some(item => item.twap),
+        checked: items.some(item => item.checked),
+    };
+}
+function mergeVariable(current, next) {
+    return union(current || EMPTY_PROVENANCE, next);
+}
+function hasProvenance(provenance) {
+    return provenance.spot || provenance.twap || provenance.checked;
+}
+function isUnsafeSpot(provenance) {
+    return provenance.spot && !provenance.twap && !provenance.checked;
+}
+function isAssignmentOperator(operator) {
+    return operator === '=' || operator === '+=' || operator === '-=' || operator === '*=' || operator === '/=' || operator === '%=';
+}
+function isRelationalOperator(operator) {
+    return operator === '<' || operator === '>' || operator === '<=' || operator === '>=' || operator === '==' || operator === '!=';
+}
+function expressionChildren(node) {
+    if (!node || typeof node !== 'object')
+        return [];
+    const children = [];
+    for (const [key, value] of Object.entries(node)) {
+        if (key === 'loc' || key === 'range' || key === 'type' || key === 'nodeType')
+            continue;
+        if (Array.isArray(value)) {
+            for (const item of value) {
+                if (item && typeof item === 'object')
+                    children.push(item);
+            }
+        }
+        else if (value && typeof value === 'object') {
+            children.push(value);
+        }
+    }
+    return children;
+}
+function identifiersIn(node) {
+    const names = [];
+    const visit = (current) => {
+        if (!current || typeof current !== 'object')
+            return;
+        if ((0, ast_1.isNode)(current, 'Identifier') && typeof current.name === 'string')
+            names.push(current.name);
+        for (const child of expressionChildren(current))
+            visit(child);
+    };
+    visit(node);
+    return names;
+}
+//# sourceMappingURL=oracle-manipulation-amm-spot-price.js.map

package/dist/detectors/oracle-manipulation-liquidity-withdrawal.d.ts

@@ -0,0 +1,27 @@
+import type { ScanResult } from '../index';
+export declare class OracleManipulationLiquidityWithdrawalDetector {
+    readonly id = "oracle-manipulation-liquidity-withdrawal";
+    readonly patternKey = "oracle-manipulation-liquidity-withdrawal";
+    readonly supportedAstKinds: ("parser" | "solc")[];
+    readonly descriptor: {
+        id: string;
+        shortDescription: string;
+        helpUri: string;
+        defaultSeverity: "high";
+        help: string;
+    };
+    private findings;
+    private currentFile;
+    private currentContract;
+    private functions;
+    private reportedFunctions;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    ContractDefinition_post(_node: any): void;
+    FunctionDefinition(node: any): void;
+    private analyzeFunctionInline;
+    private getCalleeName;
+    private walk;
+    private childNodes;
+}

package/dist/detectors/oracle-manipulation-liquidity-withdrawal.js

@@ -0,0 +1,192 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OracleManipulationLiquidityWithdrawalDetector = void 0;
+const ast_1 = require("./_common/ast");
+const price_rate_1 = require("./_common/price-rate");
+const oracle_1 = require("./_common/oracle");
+const RULE_ID = 'oracle-manipulation-liquidity-withdrawal';
+// Extend AMM_SPOT_SOURCES with get_dy for Curve-style pools as required by fixtures
+const EXTENDED_AMM_SPOT_SOURCES = new Set([...oracle_1.AMM_SPOT_SOURCES, 'get_dy']);
+class OracleManipulationLiquidityWithdrawalDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser', 'solc'];
+    descriptor = {
+        id: RULE_ID,
+        shortDescription: 'AMM spot price is consumed after a liquidity withdrawal without a TWAP or sanity-bound guard.',
+        helpUri: 'https://snovon.com/',
+        defaultSeverity: 'high',
+        help: 'Flags Vortex-style flows that withdraw liquidity, read a mutable AMM spot quote, and use it in a value-bearing sink without a TWAP, deviation check, or sanity-bound guard.',
+    };
+    findings = [];
+    currentFile = '';
+    currentContract = '';
+    functions = new Map();
+    reportedFunctions = new Set();
+    setFile(file) {
+        this.currentFile = file;
+        this.findings = [];
+        this.currentContract = '';
+        this.functions.clear();
+        this.reportedFunctions.clear();
+    }
+    getFindings() {
+        return this.findings;
+    }
+    ContractDefinition(node) {
+        this.currentContract = node.name || '<anonymous>';
+        this.functions.clear();
+        // Collect all functions for internal inlining
+        this.walk(node, child => {
+            if (child && typeof child === 'object' && child.type === 'FunctionDefinition' && child.name) {
+                this.functions.set(child.name, child);
+            }
+        });
+    }
+    ContractDefinition_post(_node) {
+        this.currentContract = '';
+        this.functions.clear();
+    }
+    FunctionDefinition(node) {
+        if (!node?.body || !node.name)
+            return;
+        // We only want to analyze functions as entry points.
+        // If it's an internal function, it might be analyzed alone, but that's fine.
+        if (this.reportedFunctions.has(node.name))
+            return;
+        const state = {
+            phase: 'START',
+            hasGuard: false,
+            visited: new Set(),
+            vulnerableNode: null
+        };
+        this.analyzeFunctionInline(node, state);
+        if (state.phase === 'VULNERABLE' && !state.hasGuard) {
+            this.reportedFunctions.add(node.name);
+            const primaryLoc = (0, ast_1.tryLoc)(node);
+            const loc = primaryLoc ?? { line: 0, endLine: 0, column: 0 };
+            this.findings.push({
+                file: this.currentFile,
+                contract: this.currentContract,
+                'function': node.name,
+                line: loc.line,
+                endLine: loc.endLine,
+                column: loc.column,
+                pattern: RULE_ID,
+                confidence: 'high',
+                ruleId: RULE_ID,
+                severity: 'high',
+                message: `Oracle manipulation risk: AMM spot price read after liquidity withdrawal in function '${node.name}' without TWAP or deviation guard.`,
+                contractName: this.currentContract,
+                functionName: node.name,
+                sourceLocation: { line: loc.line, column: loc.column },
+                findingId: '',
+                contractHash: ''
+            });
+        }
+    }
+    analyzeFunctionInline(node, state) {
+        if (!node || typeof node !== 'object')
+            return;
+        if (state.visited.has(node.name) && node.type === 'FunctionDefinition')
+            return;
+        if (node.type === 'FunctionDefinition' && node.name) {
+            state.visited.add(node.name);
+        }
+        const search = (n) => {
+            if (!n || typeof n !== 'object')
+                return;
+            if (n.type === 'FunctionCall') {
+                const calleeName = this.getCalleeName(n.expression);
+                const lowerName = calleeName.toLowerCase();
+                if (oracle_1.TWAP_CALLS.has(calleeName) || oracle_1.TWAP_CALLS.has(lowerName)) {
+                    state.hasGuard = true;
+                }
+                if ((0, oracle_1.isLiquidityWithdrawalCall)(n, this.getCalleeName.bind(this))) {
+                    if (state.phase === 'START') {
+                        state.phase = 'WITHDRAWN';
+                    }
+                }
+                else if (EXTENDED_AMM_SPOT_SOURCES.has(calleeName) || EXTENDED_AMM_SPOT_SOURCES.has(lowerName)) {
+                    if (state.phase === 'WITHDRAWN') {
+                        state.phase = 'AMM_READ';
+                    }
+                }
+                else if (oracle_1.SINK_CALL_NAMES.has(calleeName) || oracle_1.SINK_CALL_NAMES.has(lowerName)) {
+                    if (state.phase === 'AMM_READ') {
+                        state.phase = 'VULNERABLE';
+                        state.vulnerableNode = n;
+                    }
+                }
+                else if (calleeName === 'require' || calleeName === 'assert') {
+                    const arg = (n.arguments || [])[0];
+                    if ((0, price_rate_1.isSanityBoundGuard)(arg, ['spot', 'spotPrice', 'price', 'quote', 'answer', 'rate'])) {
+                        state.hasGuard = true;
+                    }
+                }
+                // Inline internal function calls
+                if (this.functions.has(calleeName) && !oracle_1.SINK_CALL_NAMES.has(calleeName) && !oracle_1.SINK_CALL_NAMES.has(lowerName)) {
+                    const internalFn = this.functions.get(calleeName);
+                    if (!state.visited.has(calleeName)) {
+                        this.analyzeFunctionInline(internalFn, state);
+                    }
+                }
+            }
+            if (n.type === 'IfStatement') {
+                if ((0, price_rate_1.isSanityBoundGuard)(n.condition, ['spot', 'spotPrice', 'price', 'quote', 'answer', 'rate'])) {
+                    state.hasGuard = true;
+                }
+            }
+            for (const child of this.childNodes(n)) {
+                search(child);
+            }
+        };
+        if (node.body) {
+            search(node.body);
+        }
+        else {
+            search(node);
+        }
+        if (node.type === 'FunctionDefinition' && node.name) {
+            state.visited.delete(node.name);
+        }
+    }
+    getCalleeName(expr) {
+        if (!expr || typeof expr !== 'object')
+            return '';
+        if (expr.type === 'Identifier')
+            return expr.name || '';
+        if (expr.type === 'MemberAccess')
+            return expr.memberName || '';
+        if (expr.type === 'NameValueExpression' || expr.type === 'FunctionCallOptions')
+            return this.getCalleeName(expr.expression);
+        return '';
+    }
+    walk(node, visit) {
+        if (!node || typeof node !== 'object')
+            return;
+        visit(node);
+        for (const child of this.childNodes(node)) {
+            this.walk(child, visit);
+        }
+    }
+    childNodes(node) {
+        const children = [];
+        for (const [key, value] of Object.entries(node)) {
+            if (key === 'loc' || key === 'range' || key === 'typeName')
+                continue;
+            if (Array.isArray(value)) {
+                for (const item of value) {
+                    if (item && typeof item === 'object')
+                        children.push(item);
+                }
+            }
+            else if (value && typeof value === 'object') {
+                children.push(value);
+            }
+        }
+        return children;
+    }
+}
+exports.OracleManipulationLiquidityWithdrawalDetector = OracleManipulationLiquidityWithdrawalDetector;
+//# sourceMappingURL=oracle-manipulation-liquidity-withdrawal.js.map

package/dist/detectors/oracle-manipulation.d.ts

@@ -0,0 +1,90 @@
+import type { ScanResult } from '../index';
+import type { DetectorContext } from './types';
+export declare class OracleManipulationDetector {
+    private readonly maxAgeSeconds;
+    readonly id = "oracle-manipulation";
+    readonly patternKey = "oracle-manipulation";
+    readonly supportedAstKinds: ("parser" | "solc")[];
+    private findings;
+    private currentFile;
+    private currentContract;
+    private seen;
+    private ctx;
+    constructor(maxAgeSeconds?: number);
+    setFile(file: string): void;
+    setContext(ctx: DetectorContext): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    ContractDefinition_post(_node: any): void;
+    FunctionDefinition(node: any): void;
+    private isPriceUsedInSensitiveContext;
+    private sinkUsesPrice;
+    private requireUsesPrice;
+    private expressionUsesVariables;
+    private hasTwapProtection;
+    private hasChainlinkFreshnessGuard;
+    private hasMultiSourceAggregation;
+    private addAmFinding;
+    private analyzeFunction;
+    private collectAmminformation;
+    private findUnprotectedAmmSink;
+    private findUnprotectedAmmUse;
+    private isUnprotectedSpotProvenance;
+    private hasAmmPriceProvenance;
+    private conditionUsesAmmspotPrice;
+    private trackPriceVariablesFromAmmsource;
+    private isAssignmentLikeNode;
+    private getAssignmentLeft;
+    private getAssignmentRight;
+    private collectAssignmentTargets;
+    private trackDerivedPriceVariables;
+    private trackTwapDeviationChecks;
+    private markTwapComparedSpotVariables;
+    private markIdentifiersTwapChecked;
+    private isTwapOrReference;
+    private hasAmmSpot;
+    private hasPriceProvenance;
+    private emptyProvenance;
+    private cloneProvenance;
+    private unionProvenance;
+    private getExpressionProvenance;
+    private mergeVariableProvenance;
+    private mergeAssignmentTargetProvenance;
+    private getAmmSourceIdentity;
+    private expressionKey;
+    private collectStorageMutations;
+    private functionBodyUsesPriceVariables;
+    private mutationUsesPriceVariables;
+    private getIdentifierName;
+    private getDeclaredVariables;
+    private analyzePythChainlink;
+    private addFinding;
+    private isRequireOrAssert;
+    private isAmmSpotSourceCall;
+    private isPoolBalanceRead;
+    private expressionContainsPoolReference;
+    private getCalleeName;
+    private isFreshnessGuard;
+    private isGenericFreshnessGuard;
+    private hasBoundedAgeComparison;
+    private isMaxAgeComparison;
+    private isAgeDifference;
+    private isOffsetTimestamp;
+    private isBlockTimestampNode;
+    private isFreshnessFieldRef;
+    private isPositiveBoundOperand;
+    private isDeviationBound;
+    private isFieldValidation;
+    private isRiskyRawPriceArithmetic;
+    private hasRiskyRawPriceArithmetic;
+    private containsTimestamp;
+    private containsMember;
+    private containsBoundedNumber;
+    private containsAnyNumber;
+    private literalNumber;
+    private timeUnitMultiplier;
+    private flattenNames;
+    private walk;
+    private anyChild;
+    private childNodes;
+}