@snovon/solast 0.2.0

package/dist/detectors/unreachable-code-0.8.28.js

@@ -0,0 +1,206 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UnreachableCode0828Detector = void 0;
+const ast_1 = require("./_common/ast");
+const RULE_ID = 'unreachable-code-0.8.28';
+class UnreachableCode0828Detector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    scanAst(ast, file) {
+        if (!ast || ast.type !== 'SourceUnit')
+            return [];
+        return this.walkNode(ast, file, false);
+    }
+    walkNode(node, file, unreachable) {
+        if (!node || typeof node !== 'object')
+            return [];
+        if (node.type === 'InlineAssemblyStatement' || node.type === 'AssemblyBlock') {
+            return [];
+        }
+        if (node.type === 'Block') {
+            return this.walkBlock(node.statements || [], file, unreachable);
+        }
+        if (node.type === 'ContractDefinition') {
+            const findings = [];
+            for (const sub of node.subNodes || []) {
+                findings.push(...this.walkNode(sub, file, false));
+            }
+            return findings;
+        }
+        if (node.type === 'FunctionDefinition' || node.type === 'ModifierDefinition') {
+            if (node.body) {
+                return this.walkNode(node.body, file, false);
+            }
+            return [];
+        }
+        if (node.type === 'IfStatement') {
+            return this.walkIf(node, file, unreachable);
+        }
+        if (node.type === 'ForStatement' || node.type === 'WhileStatement' || node.type === 'DoWhileStatement') {
+            return this.walkLoop(node, file, unreachable);
+        }
+        if (node.type === 'TryStatement') {
+            const findings = [];
+            if (node.body)
+                findings.push(...this.walkNode(node.body, file, unreachable));
+            for (const clause of node.catchClauses || []) {
+                if (clause.body)
+                    findings.push(...this.walkNode(clause.body, file, unreachable));
+            }
+            return findings;
+        }
+        if (node.type === 'UncheckedStatement') {
+            if (node.body)
+                return this.walkNode(node.body, file, unreachable);
+            return [];
+        }
+        return this.walkChildren(node, file, unreachable);
+    }
+    walkIf(node, file, unreachable) {
+        const condValue = this.evaluateConstantCondition(node.condition);
+        const findings = [];
+        const trueBodyDead = unreachable || (condValue === false);
+        const falseBodyDead = unreachable || (condValue === true);
+        if (node.trueBody) {
+            findings.push(...this.walkNode(node.trueBody, file, trueBodyDead));
+        }
+        if (node.falseBody) {
+            findings.push(...this.walkNode(node.falseBody, file, falseBodyDead));
+        }
+        return findings;
+    }
+    walkLoop(node, file, unreachable) {
+        const condValue = this.evaluateConstantCondition(node.condition);
+        const bodyDead = unreachable || (condValue === false);
+        if (node.body) {
+            return this.walkNode(node.body, file, bodyDead);
+        }
+        return [];
+    }
+    walkBlock(statements, file, unreachable) {
+        const findings = [];
+        for (const stmt of statements) {
+            if (unreachable) {
+                findings.push(...this.reportUnreachable(stmt, file));
+            }
+            const nextUnreachable = unreachable || this.isTerminator(stmt);
+            findings.push(...this.walkNode(stmt, file, nextUnreachable));
+            unreachable = nextUnreachable;
+        }
+        return findings;
+    }
+    walkChildren(node, file, unreachable) {
+        const findings = [];
+        for (const child of this.childrenOf(node)) {
+            findings.push(...this.walkNode(child, file, unreachable));
+        }
+        return findings;
+    }
+    childrenOf(node) {
+        const out = [];
+        for (const [key, value] of Object.entries(node)) {
+            if (key === 'loc' || key === 'range' || key === 'typeName')
+                continue;
+            if (Array.isArray(value)) {
+                for (const item of value) {
+                    if (item && typeof item === 'object')
+                        out.push(item);
+                }
+            }
+            else if (value && typeof value === 'object') {
+                out.push(value);
+            }
+        }
+        return out;
+    }
+    isTerminator(node) {
+        if (!node || typeof node !== 'object')
+            return false;
+        switch (node.type) {
+            case 'ReturnStatement':
+            case 'RevertStatement':
+            case 'ThrowStatement':
+            case 'BreakStatement':
+            case 'ContinueStatement':
+                return true;
+            case 'ExpressionStatement':
+                return this.isUnconditionalCall(node.expression);
+            default:
+                return false;
+        }
+    }
+    isUnconditionalCall(expr) {
+        if (!expr || expr.type !== 'FunctionCall')
+            return false;
+        const name = this.getCallName(expr.expression);
+        return name === 'revert' || name === 'selfdestruct' || name === 'suicide';
+    }
+    getCallName(expr) {
+        if (!expr || typeof expr !== 'object')
+            return '';
+        if (expr.type === 'Identifier')
+            return String(expr.name || '');
+        if (expr.type === 'MemberAccess') {
+            const prefix = this.getCallName(expr.expression);
+            return prefix ? `${prefix}.${expr.memberName || ''}` : (expr.memberName || '');
+        }
+        if (expr.type === 'NameValueExpression')
+            return this.getCallName(expr.expression);
+        return '';
+    }
+    reportUnreachable(node, file) {
+        if (!node || typeof node !== 'object')
+            return [];
+        // Deliberate `line === 0` skip: this detector emits unreachable-code
+        // findings only when the source position is locatable. Synthetic
+        // nodes get filtered out by returning [] rather than emitting a
+        // line:0 finding (which the 0.3 conformance gate would fail).
+        const info = (0, ast_1.tryLoc)(node);
+        if (!info)
+            return [];
+        const { line, column } = info;
+        return [{
+                file,
+                line,
+                column,
+                pattern: RULE_ID,
+                confidence: 'high',
+                ruleId: RULE_ID,
+                severity: 'low',
+                message: `Unreachable code: statement follows an unconditional terminator.`,
+                findingId: '',
+                contractHash: '',
+            }];
+    }
+    evaluateConstantCondition(node) {
+        if (!node || typeof node !== 'object')
+            return null;
+        if (node.type === 'BooleanLiteral') {
+            return node.value === true;
+        }
+        if (node.type === 'NumberLiteral') {
+            return false;
+        }
+        if (node.type === 'BinaryOperation' && node.operator === '==') {
+            const left = this.constantNumberValue(node.left);
+            const right = this.constantNumberValue(node.right);
+            if (left !== null && right !== null) {
+                return left === right;
+            }
+        }
+        return null;
+    }
+    constantNumberValue(node) {
+        if (!node || typeof node !== 'object')
+            return null;
+        if (node.type === 'NumberLiteral') {
+            const raw = node.number ?? node.value ?? '';
+            const parsed = parseInt(String(raw), 10);
+            return isNaN(parsed) ? null : parsed;
+        }
+        return null;
+    }
+}
+exports.UnreachableCode0828Detector = UnreachableCode0828Detector;
+//# sourceMappingURL=unreachable-code-0.8.28.js.map

package/dist/detectors/unsafe-proxy-storage.d.ts

@@ -0,0 +1,7 @@
+import type { ScanResult } from '../index';
+export declare class UnsafeProxyStorageDetector {
+    readonly id = "unsafe-proxy-storage";
+    readonly patternKey = "unsafe-proxy-storage";
+    readonly supportedAstKinds: "parser"[];
+    scanAst(ast: any, file: string, sourceText?: string): ScanResult[];
+}

package/dist/detectors/unsafe-proxy-storage.js

@@ -0,0 +1,436 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UnsafeProxyStorageDetector = void 0;
+const access_control_1 = require("./_common/access-control");
+const ast_1 = require("./_common/ast");
+const RULE_ID = 'unsafe-proxy-storage';
+// Detector-local keyword set (post roadmap 1.2.2 migration). The
+// list matches the pre-extraction inline regex exactly; behaviour
+// is preserved.
+const AUTHORITY_REFERENCE_KEYWORDS = [
+    'owner', 'admin', 'role', 'governance', 'governor',
+    'authority', 'guardian', 'timelock',
+];
+const CONTROL_STORAGE = /^(implementation|impl|admin|proxyAdmin|upgradeAdmin)$/i;
+const IMPLEMENTATION_STORAGE = /^(implementation|impl)$/i;
+const SLOT_NAME = /(IMPLEMENTATION|ADMIN).*SLOT|SLOT.*(IMPLEMENTATION|ADMIN)/i;
+const UPGRADE_FUNCTION = /^(upgradeTo|upgradeToAndCall|setImplementation|setImpl|changeImplementation|updateImplementation)$/i;
+const GUARDED_MODIFIER = /^(onlyOwner|onlyAdmin|onlyRole|requiresAuth|auth|authorized|onlyGovernance|onlyGovernor)$/i;
+const ASSIGN_OPS = new Set(['=', '+=', '-=', '*=', '/=', '%=', '&=', '|=', '^=', '<<=', '>>=', '>>>=']);
+class UnsafeProxyStorageDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    scanAst(ast, file, sourceText = '') {
+        if (!ast || ast.type !== 'SourceUnit')
+            return [];
+        const findings = [];
+        for (const child of ast.children || []) {
+            if (child?.type !== 'ContractDefinition')
+                continue;
+            if (child.kind === 'interface' || child.kind === 'library')
+                continue;
+            const info = buildContractInfo(child, sourceText);
+            if (!isProxyLike(info))
+                continue;
+            const unguardedUpgrades = info.upgradeFunctions.filter(fn => !hasAccessControlGuard(fn, info));
+            if (shouldReportSlotRisk(info)) {
+                const slot = info.controlSlots.find(item => !item.eip1967);
+                if (slot)
+                    findings.push(makeSlotFinding(file, info, slot));
+            }
+            for (const fn of unguardedUpgrades) {
+                findings.push(makeUpgradeFinding(file, info, fn));
+            }
+        }
+        return findings;
+    }
+}
+exports.UnsafeProxyStorageDetector = UnsafeProxyStorageDetector;
+function buildContractInfo(contractNode, sourceText) {
+    const modifiers = collectModifiers(contractNode);
+    const controlSlots = collectControlSlots(contractNode, sourceText);
+    const upgradeFunctions = getFunctions(contractNode).filter(isUpgradeFunction);
+    return {
+        node: contractNode,
+        name: String(contractNode.name || '<anonymous>'),
+        modifiers,
+        controlSlots,
+        upgradeFunctions,
+        hasExecutableDelegatecall: hasExecutableDelegatecall(contractNode),
+    };
+}
+function isProxyLike(info) {
+    return info.hasExecutableDelegatecall && (info.controlSlots.length > 0 || info.upgradeFunctions.length > 0);
+}
+function shouldReportSlotRisk(info) {
+    if (!info.controlSlots.some(slot => !slot.eip1967))
+        return false;
+    return true;
+}
+function collectControlSlots(contractNode, sourceText) {
+    const slots = [];
+    for (const sub of contractNode.subNodes || []) {
+        if (sub?.type !== 'StateVariableDeclaration')
+            continue;
+        for (const variable of sub.variables || []) {
+            const name = String(variable?.name || '');
+            if (!name)
+                continue;
+            const isConst = variable.isDeclaredConst === true || variable.isImmutable === true || sub.isDeclaredConst === true;
+            const typeName = typeNameToString(variable.typeName);
+            const snippet = sourceSnippet(sourceText, sub) || sourceSnippet(sourceText, variable);
+            if (isConst && SLOT_NAME.test(name)) {
+                slots.push({
+                    name,
+                    kind: 'constant',
+                    eip1967: isEip1967Slot(snippet),
+                    loc: locOf(variable) || locOf(sub),
+                });
+                continue;
+            }
+            if (!isConst && CONTROL_STORAGE.test(name) && /^address\b/i.test(typeName)) {
+                slots.push({
+                    name,
+                    kind: 'plain',
+                    eip1967: false,
+                    loc: locOf(variable) || locOf(sub),
+                });
+            }
+        }
+    }
+    return slots;
+}
+function isEip1967Slot(snippet) {
+    const compact = snippet.replace(/\s+/g, '');
+    const hasEip1967ImplementationFormula = /keccak256\(["']eip1967\.proxy\.implementation["']\).*-\s*1/.test(compact);
+    const hasEip1967AdminFormula = /keccak256\(["']eip1967\.proxy\.admin["']\).*-\s*1/.test(compact);
+    return (hasEip1967ImplementationFormula ||
+        compact.includes('0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc') ||
+        hasEip1967AdminFormula ||
+        compact.includes('0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103'));
+}
+function isUpgradeFunction(fn) {
+    if (!fn?.body || isConstructor(fn))
+        return false;
+    if (!isExternallyCallable(fn))
+        return false;
+    const name = functionName(fn);
+    if (!UPGRADE_FUNCTION.test(name))
+        return false;
+    return writesImplementationTarget(fn.body) || /implementation|impl|upgrade/i.test(name);
+}
+function hasAccessControlGuard(fn, info) {
+    for (const modifier of fn.modifiers || []) {
+        const name = modifierNameOf(modifier);
+        if (GUARDED_MODIFIER.test(name))
+            return true;
+        const modifierNode = info.modifiers.get(name);
+        if (modifierNode?.body && containsAuthCheck(modifierNode.body))
+            return true;
+    }
+    return containsAuthCheck(fn.body);
+}
+function containsAuthCheck(node) {
+    let found = false;
+    walk(node, child => {
+        if (found || child?.type !== 'FunctionCall')
+            return;
+        const callee = callName(child).toLowerCase();
+        const args = Array.isArray(child.arguments) ? child.arguments : [];
+        if ((callee === 'require' || callee === 'assert') && args.some(isAuthExpression))
+            found = true;
+        if (callee === 'hasrole' || callee.endsWith('.hasrole') || callee === '_checkrole' || callee.endsWith('._checkrole')) {
+            found = true;
+        }
+    });
+    return found;
+}
+function isAuthExpression(expr) {
+    if (!expr)
+        return false;
+    if (expr.type === 'BinaryOperation') {
+        const op = String(expr.operator || '');
+        if (op === '==' || op === '===') {
+            const left = expr.left ?? expr.leftExpression;
+            const right = expr.right ?? expr.rightExpression;
+            return (isMsgSender(left) && isAuthorityReference(right)) || (isMsgSender(right) && isAuthorityReference(left));
+        }
+    }
+    if (expr.type === 'FunctionCall') {
+        const callee = callName(expr).toLowerCase();
+        return callee === 'hasrole' || callee.endsWith('.hasrole') || callee === '_checkrole' || callee.endsWith('._checkrole');
+    }
+    if (expr.type === 'BinaryOperation' && (expr.operator === '&&' || expr.operator === '||')) {
+        return isAuthExpression(expr.left ?? expr.leftExpression) || isAuthExpression(expr.right ?? expr.rightExpression);
+    }
+    return childrenOf(expr).some(isAuthExpression);
+}
+function isAuthorityReference(expr) {
+    const root = rootIdentifier(expr);
+    return (0, access_control_1.isPrivilegedIdentifier)(root, { keywords: AUTHORITY_REFERENCE_KEYWORDS });
+}
+function writesImplementationTarget(node) {
+    let found = false;
+    walk(node, child => {
+        if (found)
+            return;
+        if (isAssignment(child)) {
+            const left = child.left ?? child.leftHandSide;
+            if (IMPLEMENTATION_STORAGE.test(rootIdentifier(left)))
+                found = true;
+        }
+        if (child?.type === 'FunctionCall') {
+            const name = callName(child).toLowerCase();
+            if (name === 'sstore' || name.endsWith('.sstore'))
+                found = true;
+        }
+    });
+    return found;
+}
+function hasExecutableDelegatecall(contractNode) {
+    const internalFunctions = collectInternalFunctions(contractNode);
+    for (const fn of getFunctions(contractNode)) {
+        if (!fn.body || !isExternallyCallable(fn))
+            continue;
+        if (bodyHasReachableDelegatecall(fn.body, internalFunctions, new Set(), 0))
+            return true;
+    }
+    return false;
+}
+function collectInternalFunctions(contractNode) {
+    const functions = new Map();
+    for (const fn of getFunctions(contractNode)) {
+        const name = functionName(fn);
+        if (!name || !fn.body)
+            continue;
+        const visibility = String(fn.visibility || '').toLowerCase();
+        if (visibility === 'internal' || visibility === 'private')
+            functions.set(name, fn);
+    }
+    return functions;
+}
+function bodyHasReachableDelegatecall(body, internalFunctions, visited, depth) {
+    if (!body || depth > 10)
+        return false;
+    let found = false;
+    walk(body, node => {
+        if (found)
+            return;
+        if (isDelegatecallNode(node)) {
+            found = true;
+            return;
+        }
+        if (node?.type !== 'FunctionCall')
+            return;
+        const helperName = localHelperCallName(node);
+        if (!helperName || visited.has(helperName))
+            return;
+        const helper = internalFunctions.get(helperName);
+        if (!helper?.body)
+            return;
+        const nextVisited = new Set(visited);
+        nextVisited.add(helperName);
+        if (bodyHasReachableDelegatecall(helper.body, internalFunctions, nextVisited, depth + 1))
+            found = true;
+    });
+    return found;
+}
+function localHelperCallName(call) {
+    const expr = call?.expression;
+    if (expr?.type === 'Identifier')
+        return String(expr.name || '');
+    if (expr?.type === 'MemberAccess' && expr.expression?.type === 'Identifier' && expr.expression.name === 'this') {
+        return String(expr.memberName || '');
+    }
+    return '';
+}
+function isDelegatecallNode(node) {
+    if (node?.type === 'FunctionCall') {
+        const expr = node.expression;
+        if (expr?.type === 'MemberAccess' && String(expr.memberName || '').toLowerCase() === 'delegatecall') {
+            return true;
+        }
+        return callName(node).toLowerCase().endsWith('.delegatecall');
+    }
+    return node?.type === 'AssemblyCall' && String(node.functionName || '').toLowerCase() === 'delegatecall';
+}
+function makeSlotFinding(file, info, slot) {
+    const loc = slot.loc || locOf(info.node);
+    const detail = slot.kind === 'plain'
+        ? `Proxy control state '${slot.name}' is stored as an ordinary state variable`
+        : `Proxy slot constant '${slot.name}' does not match the EIP-1967 implementation/admin slot convention`;
+    return {
+        file,
+        contract: info.name,
+        line: loc.line,
+        endLine: loc.line,
+        column: loc.column,
+        pattern: RULE_ID,
+        confidence: 'medium',
+        ruleId: RULE_ID,
+        severity: 'medium',
+        message: `${detail}, creating non-EIP-1967 storage-slot collision risk for delegatecall proxy execution.`,
+        rationale: 'Delegatecall executes implementation logic in the proxy storage context. Plain or non-standard proxy control slots can collide with implementation storage, matching the Yearn vault proxy audit class.',
+        suggestedFix: 'Store proxy implementation and admin control data in the EIP-1967 slots or another reviewed unstructured storage namespace.',
+        contractName: info.name,
+        sourceLocation: loc,
+        findingId: '',
+        contractHash: '',
+    };
+}
+function makeUpgradeFinding(file, info, fn) {
+    const loc = locOf(fn);
+    const name = functionName(fn);
+    return {
+        file,
+        contract: info.name,
+        'function': name,
+        line: loc.line,
+        endLine: loc.endLine,
+        column: loc.column,
+        pattern: RULE_ID,
+        confidence: 'high',
+        ruleId: RULE_ID,
+        severity: 'high',
+        message: `Proxy upgrade function '${info.name}.${name}' is externally callable without a recognized access-control guard.`,
+        rationale: 'An unguarded implementation setter lets any caller redirect delegatecall execution, even when the implementation slot itself follows EIP-1967.',
+        suggestedFix: 'Gate upgrade functions with onlyOwner, onlyAdmin, onlyRole, or an explicit require(msg.sender == owner/admin) / role check before writing the implementation slot.',
+        contractName: info.name,
+        functionName: name,
+        sourceLocation: loc,
+        findingId: '',
+        contractHash: '',
+    };
+}
+function getFunctions(contractNode) {
+    return (contractNode.subNodes || []).filter((node) => node?.type === 'FunctionDefinition');
+}
+function collectModifiers(contractNode) {
+    const modifiers = new Map();
+    for (const sub of contractNode.subNodes || []) {
+        if (sub?.type === 'ModifierDefinition' && sub.name)
+            modifiers.set(String(sub.name), sub);
+    }
+    return modifiers;
+}
+function isConstructor(fn) {
+    return fn.isConstructor === true || fn.kind === 'constructor';
+}
+function isExternallyCallable(fn) {
+    if (isConstructor(fn))
+        return false;
+    const visibility = String(fn.visibility || '').toLowerCase();
+    return visibility === 'public' || visibility === 'external' || visibility === '';
+}
+function functionName(fn) {
+    return String(fn?.name || (fn?.isFallback ? '<fallback>' : '<anonymous>'));
+}
+function modifierNameOf(modifier) {
+    const name = modifier?.name;
+    if (typeof name === 'string')
+        return name;
+    if (name?.namePath)
+        return String(name.namePath);
+    if (name?.name)
+        return String(name.name);
+    if (modifier?.modifierName?.namePath)
+        return String(modifier.modifierName.namePath);
+    if (modifier?.modifierName?.name)
+        return String(modifier.modifierName.name);
+    return '';
+}
+function isAssignment(node) {
+    if (!node)
+        return false;
+    if (node.type === 'Assignment')
+        return true;
+    return node.type === 'BinaryOperation' && ASSIGN_OPS.has(String(node.operator || ''));
+}
+function isMsgSender(expr) {
+    return expr?.type === 'MemberAccess' &&
+        expr.memberName === 'sender' &&
+        expr.expression?.type === 'Identifier' &&
+        expr.expression.name === 'msg';
+}
+function rootIdentifier(expr) {
+    let current = expr;
+    while (current) {
+        if (current.type === 'Identifier')
+            return String(current.name || '');
+        if (current.type === 'MemberAccess') {
+            current = current.expression;
+            continue;
+        }
+        if (current.type === 'IndexAccess') {
+            current = current.base ?? current.baseExpression;
+            continue;
+        }
+        return '';
+    }
+    return '';
+}
+function callName(call) {
+    const callee = call?.expression;
+    return expressionName(callee);
+}
+function expressionName(expr) {
+    if (!expr)
+        return '';
+    if (expr.type === 'Identifier')
+        return String(expr.name || '');
+    if (expr.type === 'MemberAccess') {
+        const base = expressionName(expr.expression);
+        return base ? `${base}.${expr.memberName || ''}` : String(expr.memberName || '');
+    }
+    if (expr.type === 'NameValueExpression' || expr.type === 'FunctionCallOptions')
+        return expressionName(expr.expression);
+    return '';
+}
+function typeNameToString(typeName) {
+    if (!typeName)
+        return '';
+    if (typeof typeName.name === 'string')
+        return typeName.name;
+    if (typeof typeName.namePath === 'string')
+        return typeName.namePath;
+    if (typeName.type === 'ElementaryTypeName')
+        return String(typeName.name || '');
+    if (typeName.type === 'UserDefinedTypeName')
+        return String(typeName.namePath || typeName.name || '');
+    return String(typeName.type || '');
+}
+function sourceSnippet(sourceText, node) {
+    if (!sourceText || !Array.isArray(node?.range))
+        return '';
+    return sourceText.slice(node.range[0], node.range[1]);
+}
+function locOf(node) {
+    const { line, column, endLine } = (0, ast_1.assertLoc)(node);
+    return { line, column, endLine };
+}
+function walk(node, visit) {
+    if (!node || typeof node !== 'object')
+        return;
+    visit(node);
+    for (const child of childrenOf(node))
+        walk(child, visit);
+}
+function childrenOf(node) {
+    if (!node || typeof node !== 'object')
+        return [];
+    const out = [];
+    for (const value of Object.values(node)) {
+        if (Array.isArray(value)) {
+            for (const item of value) {
+                if (item && typeof item === 'object')
+                    out.push(item);
+            }
+        }
+        else if (value && typeof value === 'object') {
+            out.push(value);
+        }
+    }
+    return out;
+}
+//# sourceMappingURL=unsafe-proxy-storage.js.map

package/dist/detectors/unsafe-transient-storage.d.ts

@@ -0,0 +1,7 @@
+import type { ScanResult } from '../index';
+export declare class UnsafeTransientStorageDetector {
+    readonly id = "unsafe-transient-storage";
+    readonly patternKey = "unsafe-transient-storage";
+    readonly supportedAstKinds: "parser"[];
+    scanAst(ast: any, file: string): ScanResult[];
+}