@snovon/solast 0.2.0

package/dist/semantic/model.js

@@ -0,0 +1,232 @@
+"use strict";
+/**
+ * SemanticModel — cross-file inheritance + import resolution.
+ *
+ * What this module is:
+ *   - A read-only index over parsed Solidity source units.
+ *   - Lets a detector ask "what contracts are in scope here?",
+ *     "what's the inheritance MRO of this contract?", "what modifiers
+ *     can `Derived` see (including inherited from `Base` in another
+ *     file)?", "what's the body of `onlyAdmin` for this contract?".
+ *
+ * What this module is NOT:
+ *   - A type checker.
+ *   - A `solc` shim.
+ *   - A bytecode model.
+ *   - A general dataflow / call-graph layer (the EOG in
+ *     `src/semantic/eog.ts` is separate; SemanticModel does not replace
+ *     or extend it).
+ *   - A detector. Detectors consume `SemanticModel` via `ctx.semantic`
+ *     starting in Slice 2; Slice 1 ships only the infra, no detector
+ *     adoption.
+ *
+ * Lifecycle:
+ *   - Construct once per `scanFiles` invocation from the set of parsed
+ *     source units the scanner is about to walk.
+ *   - Detectors get a reference via the optional `ctx.semantic` field.
+ *   - The model is read-only after construction; subsequent detector
+ *     calls only consult cached lookups.
+ *
+ * Cost:
+ *   - Construction is O(N) over parsed source units (build the contract
+ *     and import indexes) plus O(M) over contracts to populate base
+ *     resolution. Linearization is lazy + memoized — first lookup of a
+ *     contract's MRO pays the C3 merge cost; subsequent lookups are
+ *     O(1). The performance budget from the spec (< 500ms for ~100-file
+ *     project) is comfortable.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildSemanticModel = buildSemanticModel;
+const contracts_1 = require("./contracts");
+const inheritance_1 = require("./inheritance");
+const imports_1 = require("./imports");
+function buildSemanticModel(input) {
+    const parsedFiles = input.parsedFiles || [];
+    const diagnostics = [];
+    const sourceUnits = new Map();
+    const contracts = new Map();
+    /** Per-source-unit: symbol exported by that file → ContractInfo. */
+    const contractsByExporter = new Map();
+    const importCtx = {
+        projectRoot: input.projectRoot || '',
+        remappings: input.remappings || [],
+        fileExists: input.fileExists || (() => false),
+    };
+    // Pass 1 — for each source unit:
+    //   - Extract contracts (raw, no base resolution yet)
+    //   - Parse import directives
+    for (const { path: sourcePath, ast } of parsedFiles) {
+        if (!ast || typeof ast !== 'object')
+            continue;
+        const declaredContractIds = [];
+        const exportsForFile = new Map();
+        const imports = [];
+        // SourceUnit has children at `children` (modern parser) or as flattened nodes.
+        // Solidity-parser exposes them via `.children` (top-level) and each child
+        // has a `type`.
+        const children = Array.isArray(ast.children) ? ast.children
+            : Array.isArray(ast.subNodes) ? ast.subNodes
+                : [];
+        for (const child of children) {
+            if (!child || typeof child !== 'object')
+                continue;
+            const type = child.type;
+            if (type === 'ImportDirective' || type === 'ImportStatement') {
+                const imp = (0, imports_1.readImportDirective)(child);
+                if (!imp)
+                    continue;
+                const resolved = (0, imports_1.resolveImportPath)(imp.rawPath, sourcePath, importCtx);
+                if (resolved)
+                    imp.resolvedPath = resolved;
+                imports.push(imp);
+                continue;
+            }
+            if (type === 'ContractDefinition') {
+                const info = (0, contracts_1.buildContractInfo)(sourcePath, child);
+                if (!info.name)
+                    continue;
+                contracts.set(info.id, info);
+                declaredContractIds.push(info.id);
+                exportsForFile.set(info.name, info);
+                continue;
+            }
+        }
+        sourceUnits.set(sourcePath, {
+            path: sourcePath,
+            ast,
+            imports,
+            visibleSymbols: new Map(), // populated in Pass 3.
+            declaredContracts: declaredContractIds,
+        });
+        contractsByExporter.set(sourcePath, exportsForFile);
+    }
+    // Pass 2 — resolve base contracts.
+    // For each contract, walk its `bases` and bind each `BaseSpecifier.resolved`
+    // to the corresponding ContractId by consulting the source unit's import
+    // map. This needs Pass 1 complete so cross-file imports already point at
+    // parsed source units.
+    // We do this BEFORE Pass 3 (visibleSymbols) so the visible-symbols map can
+    // be built without needing base resolution; the two are independent passes
+    // over the same data.
+    // Actually — base resolution is a *use* of visibleSymbols. Reorder: Pass 3
+    // builds visibleSymbols first, Pass 2-as-renumbered binds bases.
+    // Pass 3 (renumbered to come before base binding): build visibleSymbols.
+    for (const [, su] of sourceUnits) {
+        const visible = (0, imports_1.buildVisibleSymbols)(su, sourceUnits, contractsByExporter, diagnostics);
+        su.visibleSymbols = visible;
+    }
+    // Pass 4: bind base contracts using visibleSymbols.
+    for (const contract of contracts.values()) {
+        const su = sourceUnits.get(contract.sourcePath);
+        if (!su)
+            continue;
+        for (const base of contract.bases) {
+            // The base name might be a simple `Base` or a member-access
+            // `Lib.Base`. We resolve only the prefix.
+            const dotIndex = base.name.indexOf('.');
+            const head = dotIndex >= 0 ? base.name.slice(0, dotIndex) : base.name;
+            const member = dotIndex >= 0 ? base.name.slice(dotIndex + 1) : '';
+            if (member) {
+                // Namespace alias path: head is the alias, member is the contract.
+                // Find the matching import; resolve the member against that import's
+                // exporter map.
+                const aliasImport = su.imports.find(i => i.kind === 'namespace' && i.namespace === head);
+                if (aliasImport && aliasImport.resolvedPath) {
+                    const exporterMap = contractsByExporter.get(aliasImport.resolvedPath);
+                    if (exporterMap) {
+                        const target = exporterMap.get(member);
+                        if (target) {
+                            base.resolved = target.id;
+                            continue;
+                        }
+                    }
+                }
+                // Fall through — couldn't resolve.
+                continue;
+            }
+            // Simple name: consult visibleSymbols.
+            const sym = su.visibleSymbols.get(head);
+            if (sym)
+                base.resolved = sym.contractId;
+        }
+    }
+    // Pass 5: build the lazy linearizer.
+    const linearize = (0, inheritance_1.buildLinearizer)(contracts, diagnostics);
+    // ---- public API ----
+    function resolveContract(fromPath, visibleName) {
+        const su = sourceUnits.get(fromPath);
+        if (!su)
+            return undefined;
+        // Namespace member access (`Lib.Base`) — same logic as base binding.
+        const dotIndex = visibleName.indexOf('.');
+        if (dotIndex >= 0) {
+            const head = visibleName.slice(0, dotIndex);
+            const member = visibleName.slice(dotIndex + 1);
+            const aliasImport = su.imports.find(i => i.kind === 'namespace' && i.namespace === head);
+            if (!aliasImport || !aliasImport.resolvedPath)
+                return undefined;
+            const exporterMap = contractsByExporter.get(aliasImport.resolvedPath);
+            if (!exporterMap)
+                return undefined;
+            return exporterMap.get(member);
+        }
+        const sym = su.visibleSymbols.get(visibleName);
+        if (!sym)
+            return undefined;
+        return contracts.get(sym.contractId);
+    }
+    function inheritedFunctions(contractId) {
+        const lin = linearize(contractId);
+        if (!lin) {
+            // Fall back to the contract's own functions even when linearization
+            // failed — better than nothing for a detector that just wants the
+            // local surface.
+            const info = contracts.get(contractId);
+            return info ? info.functions.slice() : [];
+        }
+        const seen = new Set();
+        const out = [];
+        for (const id of lin.mro) {
+            const info = contracts.get(id);
+            if (!info)
+                continue;
+            for (const fn of info.functions) {
+                // Anonymous functions (constructors, fallback, receive) are
+                // not de-duped by name — they're a single per-contract slot.
+                if (!fn.name) {
+                    out.push(fn);
+                    continue;
+                }
+                if (seen.has(fn.name))
+                    continue;
+                seen.add(fn.name);
+                out.push(fn);
+            }
+        }
+        return out;
+    }
+    function resolveModifier(contractId, modifierName) {
+        const lin = linearize(contractId);
+        const ids = lin ? lin.mro : [contractId];
+        for (const id of ids) {
+            const info = contracts.get(id);
+            if (!info)
+                continue;
+            for (const mod of info.modifiers) {
+                if (mod.name === modifierName)
+                    return mod;
+            }
+        }
+        return undefined;
+    }
+    return {
+        contracts,
+        sourceUnits,
+        diagnostics,
+        resolveContract,
+        linearize,
+        inheritedFunctions,
+        resolveModifier,
+    };
+}
+//# sourceMappingURL=model.js.map

package/dist/semantic/taint-tracker.d.ts

@@ -0,0 +1,49 @@
+import type { SemanticModel } from './model';
+import type { ContractInfo, FunctionInfo } from './types';
+export type TaintSourcePredicate = (node: any, ctx: {
+    functionInfo: FunctionInfo;
+    contract: ContractInfo;
+}) => boolean;
+export interface TaintQueryOptions {
+    source: string;
+}
+export declare class TaintTracker {
+    private readonly semantic?;
+    private readonly records;
+    private readonly nodeToFunction;
+    private readonly sources;
+    private readonly analysis;
+    constructor(semantic?: SemanticModel | undefined);
+    registerSource(name: string, predicate: TaintSourcePredicate): void;
+    registerSink(_name: string, _predicate: TaintSourcePredicate): void;
+    isTainted(expression: any, atNode: any, options: TaintQueryOptions): boolean;
+    explain(expression: any, atNode: any, options: TaintQueryOptions): string[];
+    private index;
+    private markNodeFunction;
+    private recordForNode;
+    private getAnalysis;
+    private compute;
+    private analyzeFunction;
+    private localsBefore;
+    private evalExpression;
+    private sourceHit;
+    private callTaint;
+    private resolveCall;
+    private memberAccessForCall;
+    private callArguments;
+    private isCastCall;
+    private mergeSummary;
+    private summaryKey;
+    private setLocal;
+    private clean;
+    private clone;
+    private union;
+    private isAssignment;
+    private assignmentLeft;
+    private assignmentRight;
+    private assignmentTargetNames;
+    private userDefinedTypeName;
+    private unwrap;
+    private walk;
+    private childNodes;
+}

package/dist/semantic/taint-tracker.js

@@ -0,0 +1,410 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TaintTracker = void 0;
+const MAX_EXTERNAL_CALL_HOPS = 2;
+class TaintTracker {
+    semantic;
+    records = new Map();
+    nodeToFunction = new WeakMap();
+    sources = new Map();
+    analysis = new Map();
+    constructor(semantic) {
+        this.semantic = semantic;
+        this.index();
+    }
+    registerSource(name, predicate) {
+        this.sources.set(name, predicate);
+        this.analysis.delete(name);
+    }
+    registerSink(_name, _predicate) {
+        // Reserved for detector-facing symmetry. Sinks remain detector-owned in
+        // this slice; the shared primitive answers taint queries at sink nodes.
+    }
+    isTainted(expression, atNode, options) {
+        if (!expression || typeof expression !== 'object')
+            return false;
+        const record = this.recordForNode(atNode) || this.recordForNode(expression);
+        if (!record)
+            return false;
+        const state = this.getAnalysis(options.source);
+        return this.evalExpression(expression, record, state, this.localsBefore(record, atNode, state)).tainted;
+    }
+    explain(expression, atNode, options) {
+        const record = this.recordForNode(atNode) || this.recordForNode(expression);
+        if (!record)
+            return [];
+        const state = this.getAnalysis(options.source);
+        return this.evalExpression(expression, record, state, this.localsBefore(record, atNode, state)).path;
+    }
+    index() {
+        if (!this.semantic)
+            return;
+        for (const contract of this.semantic.contracts.values()) {
+            const stateTypes = new Map();
+            for (const variable of contract.stateVariables) {
+                const typeName = this.userDefinedTypeName(variable.node?.typeName);
+                if (typeName)
+                    stateTypes.set(variable.name, typeName);
+            }
+            for (const fn of contract.functions) {
+                const localTypes = new Map();
+                const parameterNames = [];
+                const parameterIndexes = new Map();
+                let index = 0;
+                for (const parameter of fn.node?.parameters || []) {
+                    if (parameter?.name) {
+                        parameterNames.push(parameter.name);
+                        parameterIndexes.set(parameter.name, index);
+                    }
+                    const typeName = this.userDefinedTypeName(parameter?.typeName);
+                    if (parameter?.name && typeName)
+                        localTypes.set(parameter.name, typeName);
+                    index++;
+                }
+                for (const parameter of fn.node?.returnParameters || []) {
+                    const typeName = this.userDefinedTypeName(parameter?.typeName);
+                    if (parameter?.name && typeName)
+                        localTypes.set(parameter.name, typeName);
+                }
+                const record = { info: fn, contract, stateTypes, localTypes, parameterNames, parameterIndexes };
+                this.records.set(fn.id, record);
+                this.markNodeFunction(fn.node, record);
+            }
+        }
+    }
+    markNodeFunction(node, record) {
+        this.walk(node, child => {
+            if (child && typeof child === 'object')
+                this.nodeToFunction.set(child, record);
+        });
+    }
+    recordForNode(node) {
+        if (!node || typeof node !== 'object')
+            return undefined;
+        return this.nodeToFunction.get(node);
+    }
+    getAnalysis(source) {
+        let state = this.analysis.get(source);
+        if (!state) {
+            state = { source, summaries: new Map(), computed: false };
+            this.analysis.set(source, state);
+        }
+        if (!state.computed)
+            this.compute(source, state);
+        return state;
+    }
+    compute(source, state) {
+        for (const record of this.records.values()) {
+            state.summaries.set(record.info.id, {
+                taintedReturn: false,
+                taintedReturnParams: new Set(),
+                sourceReturn: false,
+                path: [`${record.contract.name}.${record.info.name || '<anonymous>'}`],
+            });
+        }
+        let changed = true;
+        let iterations = 0;
+        const maxIterations = Math.max(1, this.records.size + 1);
+        while (changed && iterations < maxIterations) {
+            changed = false;
+            iterations++;
+            for (const record of this.records.values()) {
+                const summary = state.summaries.get(record.info.id);
+                if (!summary)
+                    continue;
+                const before = this.summaryKey(summary);
+                this.analyzeFunction(record, source, state, summary);
+                if (this.summaryKey(summary) !== before)
+                    changed = true;
+            }
+        }
+        state.computed = true;
+    }
+    analyzeFunction(record, source, state, summary) {
+        if (!this.sources.has(source) || !record.info.node?.body)
+            return;
+        const locals = new Map();
+        for (let i = 0; i < record.parameterNames.length; i++) {
+            locals.set(record.parameterNames[i], { tainted: true, sourceTainted: false, params: new Set([i]), path: summary.path.slice() });
+        }
+        this.walk(record.info.node.body, node => {
+            if (!node || typeof node !== 'object')
+                return;
+            if (node.type === 'VariableDeclarationStatement') {
+                for (const variable of node.variables || []) {
+                    const typeName = this.userDefinedTypeName(variable?.typeName);
+                    if (variable?.name && typeName)
+                        record.localTypes.set(variable.name, typeName);
+                }
+                const value = this.evalExpression(node.initialValue || node.expression, record, state, locals);
+                for (const variable of node.variables || []) {
+                    if (variable?.name)
+                        this.setLocal(locals, variable.name, value);
+                }
+                return;
+            }
+            if (this.isAssignment(node)) {
+                const value = this.evalExpression(this.assignmentRight(node), record, state, locals);
+                for (const name of this.assignmentTargetNames(this.assignmentLeft(node))) {
+                    this.setLocal(locals, name, value);
+                }
+                return;
+            }
+            if (node.type === 'ReturnStatement') {
+                const value = this.evalExpression(node.expression, record, state, locals);
+                this.mergeSummary(summary, value);
+            }
+        });
+    }
+    localsBefore(record, atNode, state) {
+        const locals = new Map();
+        for (let i = 0; i < record.parameterNames.length; i++) {
+            locals.set(record.parameterNames[i], { tainted: true, sourceTainted: false, params: new Set([i]), path: [`${record.contract.name}.${record.info.name || '<anonymous>'}`] });
+        }
+        const target = atNode && typeof atNode === 'object' ? atNode : null;
+        if (!target || !record.info.node?.body)
+            return locals;
+        let done = false;
+        const visit = (node) => {
+            if (done || !node || typeof node !== 'object')
+                return;
+            if (node === target) {
+                done = true;
+                return;
+            }
+            if (node.type === 'VariableDeclarationStatement') {
+                const value = this.evalExpression(node.initialValue || node.expression, record, state, locals);
+                for (const variable of node.variables || []) {
+                    if (variable?.name)
+                        this.setLocal(locals, variable.name, value);
+                }
+            }
+            else if (this.isAssignment(node)) {
+                const value = this.evalExpression(this.assignmentRight(node), record, state, locals);
+                for (const name of this.assignmentTargetNames(this.assignmentLeft(node))) {
+                    this.setLocal(locals, name, value);
+                }
+            }
+            for (const child of this.childNodes(node))
+                visit(child);
+        };
+        visit(record.info.node.body);
+        return locals;
+    }
+    evalExpression(expr, record, state, locals) {
+        expr = this.unwrap(expr);
+        if (!expr || typeof expr !== 'object')
+            return this.clean();
+        if (expr.type === 'Identifier') {
+            return locals.get(expr.name) || this.clean();
+        }
+        if (expr.type === 'FunctionCall') {
+            const sourceHit = this.sourceHit(expr, record, state);
+            const callHit = this.callTaint(expr, record, state, locals);
+            const args = this.isCastCall(expr) ? this.union(...this.callArguments(expr).map(arg => this.evalExpression(arg, record, state, locals))) : this.clean();
+            return this.union(sourceHit, callHit, args);
+        }
+        if (expr.type === 'NameValueExpression') {
+            return this.evalExpression(expr.expression, record, state, locals);
+        }
+        if (expr.type === 'NameValueList') {
+            return this.union(...(expr.arguments || []).map((arg) => this.evalExpression(arg, record, state, locals)));
+        }
+        return this.union(...this.childNodes(expr).map(child => this.evalExpression(child, record, state, locals)));
+    }
+    sourceHit(expr, record, state) {
+        const predicate = this.sources.get(state.source);
+        if (!predicate || !predicate(expr, { functionInfo: record.info, contract: record.contract }))
+            return this.clean();
+        const summary = state.summaries.get(record.info.id);
+        return {
+            tainted: true,
+            sourceTainted: true,
+            params: new Set(),
+            path: summary?.path.slice() || [`${record.contract.name}.${record.info.name || '<anonymous>'}`],
+        };
+    }
+    callTaint(expr, record, state, locals) {
+        const targets = this.resolveCall(expr, record);
+        if (targets.length !== 1)
+            return this.clean();
+        const target = targets[0];
+        const summary = state.summaries.get(target.info.id);
+        if (!summary)
+            return this.clean();
+        const callPath = [`${record.contract.name}.${record.info.name || '<anonymous>'}`, ...summary.path];
+        if (callPath.length - 1 > MAX_EXTERNAL_CALL_HOPS)
+            return this.clean();
+        if (summary.sourceReturn) {
+            return { tainted: true, sourceTainted: true, params: new Set(), path: callPath };
+        }
+        const args = this.callArguments(expr);
+        for (const paramIndex of summary.taintedReturnParams) {
+            const arg = args[paramIndex];
+            if (!arg)
+                continue;
+            const argTaint = this.evalExpression(arg, record, state, locals);
+            if (argTaint.tainted)
+                return { tainted: true, sourceTainted: argTaint.sourceTainted, params: new Set(argTaint.params), path: callPath };
+        }
+        return this.clean();
+    }
+    resolveCall(expr, record) {
+        const member = this.memberAccessForCall(expr);
+        if (!member)
+            return [];
+        const receiver = this.unwrap(member.expression);
+        if (!receiver || receiver.type !== 'Identifier')
+            return [];
+        const receiverType = record.localTypes.get(receiver.name) || record.stateTypes.get(receiver.name);
+        if (!receiverType || !this.semantic)
+            return [];
+        const contract = this.semantic.resolveContract(record.contract.sourcePath, receiverType);
+        if (!contract)
+            return [];
+        const functionName = member.memberName || '';
+        if (contract.kind !== 'interface') {
+            const fn = contract.functions.find(candidate => candidate.name === functionName);
+            const target = fn ? this.records.get(fn.id) : undefined;
+            return target ? [target] : [];
+        }
+        const matches = [];
+        for (const candidate of this.semantic.contracts.values()) {
+            if (candidate.kind === 'interface')
+                continue;
+            if (!candidate.bases.some(base => base.resolved === contract.id || base.name === contract.name))
+                continue;
+            const fn = candidate.functions.find(item => item.name === functionName);
+            const target = fn ? this.records.get(fn.id) : undefined;
+            if (target)
+                matches.push(target);
+        }
+        return matches.length === 1 ? matches : [];
+    }
+    memberAccessForCall(node) {
+        let expression = node?.expression;
+        if (expression?.type === 'NameValueExpression')
+            expression = expression.expression;
+        if (expression?.type !== 'MemberAccess')
+            return null;
+        return expression;
+    }
+    callArguments(node) {
+        const args = node?.arguments || [];
+        if (args.length === 1 && args[0]?.type === 'NameValueList')
+            return args[0].arguments || [];
+        return args;
+    }
+    isCastCall(node) {
+        const expr = node?.expression;
+        if (expr?.type === 'ElementaryTypeName')
+            return true;
+        if (expr?.type === 'ElementaryTypeNameExpression')
+            return true;
+        if (expr?.type !== 'Identifier')
+            return false;
+        return /^(?:u?int(?:[0-9]+)?|bytes(?:[0-9]+)?|address|bool|string)$/.test(String(expr.name || ''));
+    }
+    mergeSummary(summary, value) {
+        if (!value.tainted)
+            return;
+        summary.taintedReturn = true;
+        for (const param of value.params)
+            summary.taintedReturnParams.add(param);
+        if (value.sourceTainted || value.params.size === 0)
+            summary.sourceReturn = true;
+        if (value.path.length > 0)
+            summary.path = value.path.slice(0, MAX_EXTERNAL_CALL_HOPS + 1);
+    }
+    summaryKey(summary) {
+        return `${summary.taintedReturn}:${summary.sourceReturn}:${[...summary.taintedReturnParams].sort((a, b) => a - b).join(',')}:${summary.path.join('>')}`;
+    }
+    setLocal(locals, name, value) {
+        if (value.tainted)
+            locals.set(name, this.clone(value));
+        else
+            locals.delete(name);
+    }
+    clean() {
+        return { tainted: false, sourceTainted: false, params: new Set(), path: [] };
+    }
+    clone(value) {
+        return { tainted: value.tainted, sourceTainted: value.sourceTainted, params: new Set(value.params), path: value.path.slice() };
+    }
+    union(...values) {
+        const out = this.clean();
+        for (const value of values) {
+            if (!value.tainted)
+                continue;
+            out.tainted = true;
+            out.sourceTainted = out.sourceTainted || value.sourceTainted;
+            for (const param of value.params)
+                out.params.add(param);
+            if (out.path.length === 0 && value.path.length > 0)
+                out.path = value.path.slice();
+        }
+        return out;
+    }
+    isAssignment(node) {
+        return node?.type === 'Assignment' || (node?.type === 'BinaryOperation' && node.operator === '=');
+    }
+    assignmentLeft(node) {
+        return node?.leftHandSide ?? node?.left ?? null;
+    }
+    assignmentRight(node) {
+        return node?.rightHandSide ?? node?.right ?? null;
+    }
+    assignmentTargetNames(node) {
+        node = this.unwrap(node);
+        if (!node || typeof node !== 'object')
+            return [];
+        if (node.type === 'Identifier' && typeof node.name === 'string')
+            return [node.name];
+        if (node.type === 'VariableDeclaration' && typeof node.name === 'string')
+            return [node.name];
+        if (node.type === 'TupleExpression')
+            return (node.components || []).flatMap((item) => this.assignmentTargetNames(item));
+        return [];
+    }
+    userDefinedTypeName(typeName) {
+        if (!typeName || typeof typeName !== 'object')
+            return '';
+        if (typeName.type === 'UserDefinedTypeName')
+            return typeName.namePath || typeName.name || '';
+        return '';
+    }
+    unwrap(expr) {
+        while (expr && typeof expr === 'object' && expr.type === 'TupleExpression' && Array.isArray(expr.components) && expr.components.length === 1) {
+            expr = expr.components[0];
+        }
+        return expr;
+    }
+    walk(node, visitor) {
+        if (!node || typeof node !== 'object')
+            return;
+        visitor(node);
+        for (const child of this.childNodes(node))
+            this.walk(child, visitor);
+    }
+    childNodes(node) {
+        if (!node || typeof node !== 'object')
+            return [];
+        const out = [];
+        for (const [key, value] of Object.entries(node)) {
+            if (key === 'loc' || key === 'range')
+                continue;
+            if (Array.isArray(value)) {
+                for (const item of value) {
+                    if (item && typeof item === 'object')
+                        out.push(item);
+                }
+            }
+            else if (value && typeof value === 'object') {
+                out.push(value);
+            }
+        }
+        return out;
+    }
+}
+exports.TaintTracker = TaintTracker;
+//# sourceMappingURL=taint-tracker.js.map