@snovon/solast 0.2.0

package/dist/detectors/bridge-collateral-drain.js

@@ -0,0 +1,630 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BridgeCollateralDrainDetector = void 0;
+const ast_1 = require("./_common/ast");
+const RULE_ID = 'bridge-collateral-drain';
+// Bridge-context tokens detected in the contract name. Names are
+// split into camelCase / snake_case / dash tokens (so that
+// `InternalReleaseBridge` yields ['internal','release','bridge'] and
+// matches on `bridge`). The prior `\b...\b` regex didn't fire inside
+// camelCase identifiers, which broke recognition of names like
+// `InternalReleaseBridge`. `relayer` is intentionally EXCLUDED here:
+// relayer-named contracts are typically off-chain relayer blind
+// spots (e.g. `OffchainRelayerDocumentedBlindSpot`) which the issue
+// body documents as out of scope. Bridge-specific roles (RELAYER_ROLE,
+// VALIDATOR_ROLE, etc.) are still recognized via AUTH_GUARD_NAMES /
+// BRIDGE_ROLE_NAME_RE for the auth-guard check.
+const BRIDGE_NAME_TOKENS = new Set([
+    'bridge', 'gateway', 'crosschain', 'xchain', 'custodian',
+    'locker', 'escrow', 'hub', 'spoke', 'messenger', 'portal',
+    'teleporter', 'wormhole',
+]);
+const CROSSCHAIN_MSG_SIGNAL_RE = /(messageId|srcChainId|sourceChainId|destChainId|targetChainId|nonce|proof|root|leaf|receipt|crosschain|cross-chain|xchain|message|verifyMessage|verifyProof|MerkleProof\.verify|checkProof|validateProof|checkMessage|validateMessage)/i;
+const WITHDRAWAL_FN_RE = /(withdraw|release|unlock|redeem|exit|claim|finalize|drain)/i;
+const TRANSFER_SINK_RE = /^(transfer|safeTransfer|safeTransferFrom|send)$/i;
+const INBOUND_TRANSFER_FROM_SOURCE_RE = /^(msg\.sender|caller|_sender|sender|from|_from|account|user|owner)$/i;
+const POOLED_TRANSFER_FROM_SOURCE_RE = /(custodian|collateral|reserve|pooled|pool|vault|escrow|locker|treasury|bridge)/i;
+const AUTH_GUARD_NAMES = new Set([
+    'relayer', 'relayers', 'trustedrelayer', 'authorized', 'auth', 'bridge', 'operator',
+    'signer', 'validator', 'proposer', 'attester', 'verifier', 'messenger',
+]);
+const AUTH_GUARD_RE = /^(onlyrelayer|onlybridge|onlyoperator|onlyauthoriz|onlysigner|onlyvalidator|onlyproposer|onlyattester|onlyverifier|authenticated)$/i;
+const BRIDGE_ROLE_NAME_RE = /(RELAYER|VALIDATOR|OPERATOR|MESSENGER|BRIDGE|CUSTODIAN|SIGNER|PROPOSER|ATTESTER|VERIFIER)/i;
+const PROOF_VERIFY_NAMES = new Set([
+    'verify', 'verifymessage', 'verifyproof', 'validateproof', 'validatemessage',
+    'validateproof', 'checkproof', 'checkmessage', 'validatespv', 'verifyspv',
+    '_verify', '_validate', 'isvalidproof', 'checksignature',
+]);
+const RESERVE_LEDGER_NAMES = new Set([
+    'locked', 'lockedCollateral', 'totalLocked', 'reserves', 'reserve',
+    'collateralHeld', 'pooled', 'pooledCollateral', 'deposited', 'deposits',
+    'lockedTokens', '托管', 'held',
+]);
+const RESERVE_CHECK_RE = /(locked|reserve|reserves|pooled|deposited|collateralHeld|totalLocked|balance|sufficient)/i;
+class BridgeCollateralDrainDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    scanAst(ast, file) {
+        if (!ast || ast.type !== 'SourceUnit')
+            return [];
+        const findings = [];
+        const allContracts = collectAllContracts(ast);
+        for (const contract of allContracts) {
+            if (isInterfaceLike(contract))
+                continue;
+            const contractName = contract.name || '<anonymous>';
+            for (const fn of getContractFunctions(contract)) {
+                if (!isExternallyReachable(fn))
+                    continue;
+                if (!isBridgeWithdrawalContext(contractName, fn))
+                    continue;
+                const body = getFunctionBody(fn);
+                if (!body)
+                    continue;
+                const sinkResult = findTransferSink(body);
+                if (!sinkResult)
+                    continue;
+                let helperBody = null;
+                if (sinkResult.internalHelperName) {
+                    const helperFn = resolveInternalFunction(contract, sinkResult.internalHelperName);
+                    if (helperFn)
+                        helperBody = getFunctionBody(helperFn);
+                }
+                const hasAuthGuard = findAuthGuard(fn, body, contract) ||
+                    (helperBody !== null && bodyContainsAuthPatterns(helperBody));
+                const hasReserveCheck = findReserveCheck(body) ||
+                    (helperBody !== null && findReserveCheck(helperBody));
+                if (!hasAuthGuard || !hasReserveCheck) {
+                    findings.push({
+                        file,
+                        contract: contractName,
+                        'function': fn.name || '<anonymous>',
+                        line: sinkResult.loc.line,
+                        endLine: sinkResult.loc.line,
+                        column: sinkResult.loc.column,
+                        pattern: RULE_ID,
+                        confidence: 'high',
+                        ruleId: RULE_ID,
+                        severity: 'critical',
+                        message: `Bridge collateral drain in '${contractName}.${fn.name}': withdrawal function releases pooled collateral without cross-chain message authentication and without a post-transfer balance or reserves invariant.`,
+                        contractName,
+                        functionName: fn.name || '<anonymous>',
+                        sourceLocation: { line: sinkResult.loc.line, column: sinkResult.loc.column },
+                        findingId: '',
+                        contractHash: '',
+                    });
+                }
+            }
+        }
+        return findings;
+    }
+}
+exports.BridgeCollateralDrainDetector = BridgeCollateralDrainDetector;
+function collectAllContracts(ast) {
+    const out = [];
+    collectContractsRecursive(ast, out);
+    return out;
+}
+function collectContractsRecursive(node, out) {
+    if (!node || typeof node !== 'object')
+        return;
+    if (node.type === 'ContractDefinition') {
+        out.push(node);
+        return;
+    }
+    for (const child of childrenOf(node)) {
+        collectContractsRecursive(child, out);
+    }
+}
+function getContractFunctions(contract) {
+    return (contract.subNodes || []).filter((n) => n?.type === 'FunctionDefinition');
+}
+function isExternallyReachable(fn) {
+    if (!fn)
+        return false;
+    if (fn.isConstructor)
+        return false;
+    const kind = String(fn.kind || '').toLowerCase();
+    if (kind === 'constructor')
+        return false;
+    const vis = String(fn.visibility || '').toLowerCase();
+    if (vis === 'public' || vis === 'external')
+        return true;
+    if (kind === 'fallback' || kind === 'receive')
+        return true;
+    return false;
+}
+function isInterfaceLike(contract) {
+    const kind = String(contract?.kind || '').toLowerCase();
+    return kind === 'interface' || kind === 'library';
+}
+function isBridgeWithdrawalContext(contractName, fn) {
+    const fnName = String(fn.name || '');
+    if (!WITHDRAWAL_FN_RE.test(fnName))
+        return false;
+    if (hasBridgeNameToken(contractName))
+        return true;
+    const params = (fn.parameters || []).map((p) => String(p?.name || ''));
+    const hasMessageSignal = params.some((n) => CROSSCHAIN_MSG_SIGNAL_RE.test(n));
+    const bodyText = getFunctionBodyText(fn);
+    const hasBodyMessageSignal = bodyText && CROSSCHAIN_MSG_SIGNAL_RE.test(bodyText);
+    return hasMessageSignal || hasBodyMessageSignal;
+}
+function hasBridgeNameToken(name) {
+    // Split on camelCase boundaries (lowercase→uppercase, or run of caps
+    // followed by single cap+lowercase) plus snake_case / dash. Then
+    // lowercase each token and check membership in BRIDGE_NAME_TOKENS.
+    const tokens = name
+        .split(/(?<=[a-z0-9])(?=[A-Z])|(?<=[A-Z])(?=[A-Z][a-z])|[_\-\s]+/)
+        .filter(Boolean)
+        .map(s => s.toLowerCase());
+    for (const token of tokens) {
+        if (BRIDGE_NAME_TOKENS.has(token))
+            return true;
+    }
+    return false;
+}
+function getFunctionBodyText(fn) {
+    const body = fn?.body;
+    if (!body)
+        return '';
+    return JSON.stringify(body);
+}
+function getFunctionBody(fn) {
+    return fn?.body || null;
+}
+function findTransferSink(node) {
+    let result = null;
+    walk(node, n => {
+        if (result)
+            return;
+        if (n?.type !== 'FunctionCall')
+            return;
+        if (isTransferSink(n)) {
+            const { line, column } = (0, ast_1.assertLoc)(n);
+            result = { loc: { line, column } };
+            return;
+        }
+        if (isInternalTransferSink(n)) {
+            const expr = unwrapCallOptions(n.expression);
+            const { line, column } = (0, ast_1.assertLoc)(n);
+            result = { loc: { line, column }, internalHelperName: String(expr?.name || '') };
+        }
+    });
+    return result;
+}
+function isTransferSink(call) {
+    if (!call?.expression)
+        return false;
+    const expr = unwrapCallOptions(call.expression);
+    if (!expr)
+        return false;
+    if (expr.type === 'MemberAccess') {
+        const member = String(expr.memberName || '');
+        if (!TRANSFER_SINK_RE.test(member))
+            return false;
+        if (member.toLowerCase() === 'safetransferfrom') {
+            return isOutboundSafeTransferFrom(call);
+        }
+        return true;
+    }
+    return false;
+}
+function isOutboundSafeTransferFrom(call) {
+    const args = getCallArguments(call);
+    if (args.length < 1)
+        return false;
+    const from = args[0];
+    if (isInboundSafeTransferFromSource(from))
+        return false;
+    return isKnownPooledTransferFromSource(from);
+}
+function isInboundSafeTransferFromSource(node) {
+    const sig = expressionSignature(node);
+    if (INBOUND_TRANSFER_FROM_SOURCE_RE.test(sig))
+        return true;
+    if (node?.type === 'MemberAccess' && isMsgSenderExpr(node))
+        return true;
+    return false;
+}
+function isKnownPooledTransferFromSource(node) {
+    if (isContractSelfExpr(node))
+        return true;
+    const name = rootIdentifierName(node);
+    if (!name)
+        return false;
+    const lower = name.toLowerCase();
+    if (RESERVE_LEDGER_NAMES.has(lower))
+        return true;
+    return POOLED_TRANSFER_FROM_SOURCE_RE.test(name);
+}
+function isContractSelfExpr(node) {
+    if (!node)
+        return false;
+    if (node.type === 'Identifier' && String(node.name || '') === 'this')
+        return true;
+    if (node.type === 'ThisExpression')
+        return true;
+    if (node.type === 'FunctionCall') {
+        const callee = unwrapCallOptions(node.expression);
+        const args = getCallArguments(node);
+        return callee?.type === 'Identifier' &&
+            String(callee.name || '') === 'address' &&
+            args.length === 1 &&
+            isContractSelfExpr(args[0]);
+    }
+    return false;
+}
+function isInternalTransferSink(call) {
+    if (!call?.expression)
+        return false;
+    const expr = unwrapCallOptions(call.expression);
+    if (!expr || expr.type !== 'Identifier')
+        return false;
+    const name = String(expr.name || '').toLowerCase();
+    if (name === '_release' || name === '_unlock' || name === '_withdraw' || name === '_redeem')
+        return true;
+    return false;
+}
+function resolveInternalFunction(contract, functionName) {
+    const candidates = (contract.subNodes || []).filter((n) => n?.type === 'FunctionDefinition' &&
+        String(n.name || '') === functionName &&
+        !n.isConstructor &&
+        (String(n.visibility || '').toLowerCase() === 'internal' ||
+            String(n.visibility || '').toLowerCase() === 'private'));
+    return candidates.length === 1 ? candidates[0] : null;
+}
+function bodyContainsAuthPatterns(body) {
+    if (bodyContainsProofVerification(body))
+        return true;
+    if (bodyContainsTrustedRelayerCheck(body))
+        return true;
+    if (bodyContainsRoleAuthGuard(body))
+        return true;
+    return false;
+}
+function findAuthGuard(fn, body, contract) {
+    if (hasAuthModifier(fn))
+        return true;
+    if (bodyContainsProofVerification(body))
+        return true;
+    if (bodyContainsTrustedRelayerCheck(body))
+        return true;
+    if (bodyContainsRoleAuthGuard(body))
+        return true;
+    if (modifierBodyContainsAuthCheck(fn, contract))
+        return true;
+    return false;
+}
+function hasAuthModifier(fn) {
+    for (const mod of fn?.modifiers || []) {
+        const name = getModifierName(mod).toLowerCase();
+        if (AUTH_GUARD_RE.test(name))
+            return true;
+        if (AUTH_GUARD_NAMES.has(name))
+            return true;
+        if (name === 'onlyrole') {
+            const args = Array.isArray(mod?.arguments) ? mod.arguments : [];
+            if (args.length >= 1 && isBridgeRoleArg(args[0]))
+                return true;
+        }
+    }
+    return false;
+}
+function isBridgeRoleArg(node) {
+    if (node?.type !== 'Identifier')
+        return false;
+    const name = String(node.name || '');
+    return BRIDGE_ROLE_NAME_RE.test(name);
+}
+function bodyContainsRoleAuthGuard(node) {
+    return walkAny(node, n => {
+        if (isRequireLike(n)) {
+            const cond = getCallArguments(n)[0];
+            return !!cond && containsHasRoleAuth(cond);
+        }
+        if (n?.type === 'IfStatement') {
+            return containsHasRoleAuth(n.condition);
+        }
+        return false;
+    });
+}
+function containsHasRoleAuth(node) {
+    return walkAny(node, n => {
+        if (n?.type !== 'FunctionCall')
+            return false;
+        const callee = unwrapCallOptions(n.expression);
+        if (!callee)
+            return false;
+        const name = callee?.type === 'Identifier' ? String(callee.name || '') :
+            callee?.type === 'MemberAccess' ? String(callee.memberName || '') : '';
+        if (name !== 'hasRole')
+            return false;
+        const args = getCallArguments(n);
+        if (args.length < 2)
+            return false;
+        if (!isMsgSenderExpr(args[1]))
+            return false;
+        return isBridgeRoleArg(args[0]);
+    });
+}
+function isMsgSenderExpr(node) {
+    if (node?.type !== 'MemberAccess')
+        return false;
+    if (String(node.memberName || '') !== 'sender')
+        return false;
+    const inner = node.expression;
+    return inner?.type === 'Identifier' && String(inner.name || '') === 'msg';
+}
+function modifierBodyContainsAuthCheck(fn, contract) {
+    for (const mod of fn?.modifiers || []) {
+        const modName = getModifierName(mod);
+        const allMods = (contract.subNodes || []).filter((n) => n?.type === 'ModifierDefinition' && n.name === modName);
+        for (const m of allMods) {
+            if (m?.body && bodyContainsAuthCheck(m.body))
+                return true;
+        }
+    }
+    return false;
+}
+function bodyContainsAuthCheck(node) {
+    return walkAny(node, n => {
+        if (!isRequireLike(n))
+            return false;
+        const cond = getCallArguments(n)[0];
+        if (!cond)
+            return false;
+        return containsAuthMsgSenderCheck(cond) || containsRelayerMappingCheck(cond);
+    });
+}
+function bodyContainsProofVerification(node) {
+    return walkAny(node, n => {
+        if (!isRequireLike(n))
+            return false;
+        const cond = getCallArguments(n)[0];
+        if (!cond)
+            return false;
+        return containsProofVerification(cond);
+    });
+}
+function bodyContainsTrustedRelayerCheck(node) {
+    return walkAny(node, n => {
+        if (!isRequireLike(n))
+            return false;
+        const cond = getCallArguments(n)[0];
+        if (!cond)
+            return false;
+        return containsRelayerMappingCheck(cond) || containsAuthMsgSenderCheck(cond);
+    });
+}
+function containsProofVerification(node) {
+    return walkAny(node, n => {
+        if (n?.type !== 'FunctionCall')
+            return false;
+        const callee = unwrapCallOptions(n.expression);
+        if (!callee)
+            return false;
+        const name = callee?.type === 'Identifier' ? String(callee.name || '') : String(callee.memberName || '');
+        if (PROOF_VERIFY_NAMES.has(name.toLowerCase()))
+            return true;
+        return false;
+    });
+}
+function containsRelayerMappingCheck(node) {
+    return walkAny(node, (n) => {
+        if (!isIndexAccess(n))
+            return false;
+        const baseName = rootIdentifierName(n.base || n);
+        if (baseName && (AUTH_GUARD_NAMES.has(baseName.toLowerCase()) || /relayer|bridge|operator|signer/i.test(baseName))) {
+            const idxStr = indexAccessKey(n);
+            if (idxStr && /msg\.sender/i.test(idxStr))
+                return true;
+        }
+        return false;
+    });
+}
+function containsMsgSenderCheck(node) {
+    return walkAny(node, n => {
+        if (n?.type !== 'MemberAccess')
+            return false;
+        if (String(n.memberName || '') !== 'sender')
+            return false;
+        const inner = n.expression;
+        return inner?.type === 'Identifier' && String(inner.name || '') === 'msg';
+    });
+}
+function containsAuthMsgSenderCheck(node) {
+    return walkAny(node, n => {
+        if (n?.type !== 'BinaryOperation')
+            return false;
+        const op = String(n.operator || '');
+        if (op !== '==' && op !== '!=')
+            return false;
+        const leftHasSender = containsMsgSenderCheck(n.left);
+        const rightHasSender = containsMsgSenderCheck(n.right);
+        if (!leftHasSender && !rightHasSender)
+            return false;
+        const target = leftHasSender ? n.right : n.left;
+        return isTrustedRoleTarget(target);
+    });
+}
+function isTrustedRoleTarget(node) {
+    if (node?.type === 'Identifier') {
+        const name = String(node.name || '').toLowerCase();
+        // AUTH_GUARD_NAMES contains bridge-specific roles (relayer/operator/signer/validator/etc.).
+        // Generic owner/admin/governance roles are NOT bridge-message auth — they are custodian roles.
+        if (AUTH_GUARD_NAMES.has(name))
+            return true;
+        return false;
+    }
+    return false;
+}
+function findReserveCheck(node) {
+    const captured = collectCapturedSelfBalances(node);
+    return walkAny(node, n => {
+        if (!isRequireLike(n))
+            return false;
+        const cond = getCallArguments(n)[0];
+        if (!cond)
+            return false;
+        return isReserveCheck(cond, captured);
+    });
+}
+function collectCapturedSelfBalances(node) {
+    const out = new Set();
+    walk(node, n => {
+        if (n?.type !== 'VariableDeclarationStatement')
+            return;
+        if (!isSelfBalanceOfCall(n.initialValue))
+            return;
+        const vars = Array.isArray(n.variables) ? n.variables : [];
+        for (const v of vars) {
+            if (v?.name)
+                out.add(String(v.name));
+        }
+    });
+    return out;
+}
+function isSelfBalanceOfCall(node) {
+    if (!node || node.type !== 'FunctionCall')
+        return false;
+    const callee = unwrapCallOptions(node.expression);
+    if (!callee || callee.type !== 'MemberAccess')
+        return false;
+    if (String(callee.memberName || '') !== 'balanceOf')
+        return false;
+    const args = getCallArguments(node);
+    if (args.length !== 1)
+        return false;
+    return isContractSelfExpr(args[0]);
+}
+function isReserveCheck(node, captured) {
+    if (!node)
+        return false;
+    if (node.type !== 'BinaryOperation')
+        return false;
+    const op = String(node.operator || '');
+    if (op === '&&' || op === '||') {
+        return isReserveCheck(node.left, captured) || isReserveCheck(node.right, captured);
+    }
+    if (!['>=', '>', '<=', '<', '==', '!='].includes(op))
+        return false;
+    return containsReserveTerm(node.left, captured) || containsReserveTerm(node.right, captured);
+}
+function containsReserveTerm(node, captured) {
+    return walkAny(node, n => {
+        if (n?.type === 'Identifier') {
+            const name = String(n.name || '');
+            if (RESERVE_LEDGER_NAMES.has(name.toLowerCase()))
+                return true;
+            if (RESERVE_CHECK_RE.test(name))
+                return true;
+            if (captured.has(name))
+                return true;
+        }
+        if (isSelfBalanceOfCall(n))
+            return true;
+        return false;
+    });
+}
+function isRequireLike(call) {
+    const expr = unwrapCallOptions(call?.expression);
+    return expr?.type === 'Identifier' && /^(require|assert)$/.test(String(expr.name || ''));
+}
+function isIndexAccess(node) {
+    return node?.type === 'IndexAccess';
+}
+function indexAccessKey(node) {
+    if (!node || node.type !== 'IndexAccess')
+        return '';
+    const base = node.base || node.baseExpression;
+    const idx = node.index || node.indexExpression;
+    const baseStr = base?.type === 'Identifier' ? String(base.name || '') : '';
+    const idxStr = idx ? expressionSignature(idx) : '';
+    return `${baseStr}[${idxStr}]`;
+}
+function expressionSignature(expr) {
+    if (!expr || typeof expr !== 'object')
+        return '';
+    switch (expr.type) {
+        case 'Identifier': return String(expr.name || '');
+        case 'NumberLiteral': return String(expr.number ?? expr.value ?? '');
+        case 'MemberAccess': return `${expressionSignature(expr.expression)}.${String(expr.memberName || '')}`;
+        case 'IndexAccess': return `${expressionSignature(expr.base || expr.baseExpression)}[${expressionSignature(expr.index || expr.indexExpression)}]`;
+        case 'FunctionCall': return `${expressionSignature(expr.expression)}(${(expr.arguments || []).map(expressionSignature).join(',')})`;
+        default: return '';
+    }
+}
+function getCallArguments(call) {
+    return Array.isArray(call?.arguments) ? call.arguments : [];
+}
+function getModifierName(modifier) {
+    if (!modifier)
+        return '';
+    if (typeof modifier === 'string')
+        return modifier;
+    if (modifier.name)
+        return getModifierName(modifier.name);
+    if (modifier.type === 'Identifier')
+        return String(modifier.name || '');
+    if (modifier.modifierName) {
+        const inner = modifier.modifierName;
+        if (typeof inner === 'string')
+            return inner;
+        if (inner && typeof inner.name === 'string')
+            return inner.name;
+    }
+    return '';
+}
+function unwrapCallOptions(expr) {
+    let cur = expr;
+    while (cur && (cur.type === 'NameValueExpression' || cur.type === 'FunctionCallOptions')) {
+        cur = cur.expression;
+    }
+    return cur;
+}
+function rootIdentifierName(node) {
+    let cur = node;
+    while (cur && (cur.type === 'MemberAccess' || cur.type === 'IndexAccess')) {
+        cur = cur.type === 'MemberAccess' ? cur.expression : (cur.base || cur.baseExpression);
+    }
+    return cur?.type === 'Identifier' ? String(cur.name || '') : '';
+}
+function childrenOf(node) {
+    if (!node || typeof node !== 'object')
+        return [];
+    const out = [];
+    for (const [key, value] of Object.entries(node)) {
+        if (key === 'loc' || key === 'range' || key === 'src' || key === 'id')
+            continue;
+        if (Array.isArray(value)) {
+            for (const item of value)
+                if (item && typeof item === 'object')
+                    out.push(item);
+        }
+        else if (value && typeof value === 'object') {
+            out.push(value);
+        }
+    }
+    return out;
+}
+function walk(node, visit) {
+    if (!node || typeof node !== 'object')
+        return;
+    visit(node);
+    for (const child of childrenOf(node))
+        walk(child, visit);
+}
+function walkAny(node, predicate) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (predicate(node))
+        return true;
+    for (const child of childrenOf(node)) {
+        if (walkAny(child, predicate))
+            return true;
+    }
+    return false;
+}
+//# sourceMappingURL=bridge-collateral-drain.js.map

package/dist/detectors/bridge-forged-proof.d.ts

@@ -0,0 +1,7 @@
+import type { ScanResult } from '../index';
+export declare class BridgeForgedProofDetector {
+    readonly id = "bridge-forged-proof";
+    readonly patternKey = "bridge-forged-proof";
+    readonly supportedAstKinds: ("parser" | "solc")[];
+    scanAst(ast: any, file: string, sourceText?: string): ScanResult[];
+}