@snovon/solast 0.2.0

package/dist/detectors/constructor-address-validation.js

@@ -0,0 +1,335 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ConstructorAddressValidationDetector = void 0;
+const ast_1 = require("./_common/ast");
+const RULE_ID = 'constructor-address-validation';
+class ConstructorAddressValidationDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    descriptor = {
+        id: RULE_ID,
+        shortDescription: 'Constructor address parameters should be validated before being stored as interface dependencies.',
+        helpUri: 'https://snovon.com/',
+        defaultSeverity: 'high',
+        help: 'Validate constructor-supplied interface or address dependencies with a zero-address or code-presence guard before storing them in contract/interface-typed state.',
+    };
+    currentFile = '';
+    findings = [];
+    contract = null;
+    userDefinedTypes = emptyUserDefinedTypeIndex();
+    setFile(file) {
+        this.currentFile = file;
+        this.findings = [];
+        this.contract = null;
+        this.userDefinedTypes = emptyUserDefinedTypeIndex();
+    }
+    getFindings() {
+        return this.findings;
+    }
+    SourceUnit(node) {
+        this.userDefinedTypes = collectUserDefinedTypeIndex(node);
+    }
+    ContractDefinition(node) {
+        if (!(0, ast_1.isNode)(node, 'ContractDefinition') || node?.kind === 'interface' || node?.kind === 'library') {
+            this.contract = null;
+            return;
+        }
+        this.contract = {
+            name: String(node?.name || '<anonymous>'),
+            node,
+            storageInterfaceVars: collectStorageInterfaceVars(node, this.userDefinedTypes),
+        };
+    }
+    ContractDefinition_post(_node) {
+        this.contract = null;
+    }
+    ['ContractDefinition:exit'](node) {
+        this.ContractDefinition_post(node);
+    }
+    FunctionDefinition(node) {
+        if (!this.contract || !node?.isConstructor || !node?.body)
+            return;
+        const trackedParams = collectConstructorParams(node);
+        if (trackedParams.size === 0 || this.contract.storageInterfaceVars.size === 0)
+            return;
+        const validated = new Set();
+        for (const statement of node.body.statements || []) {
+            for (const paramName of trackedParams) {
+                if (statementValidatesParam(statement, paramName))
+                    validated.add(paramName);
+            }
+            const assignment = storageAssignmentFromParam(statement, this.contract.storageInterfaceVars, trackedParams);
+            if (!assignment || validated.has(assignment.paramName))
+                continue;
+            this.findings.push(makeFinding(this.currentFile, this.contract.name, '<constructor>', assignment.node, node, assignment.paramName, assignment.storageName));
+        }
+    }
+}
+exports.ConstructorAddressValidationDetector = ConstructorAddressValidationDetector;
+function makeFinding(file, contractName, functionName, node, fallbackNode, paramName, storageName) {
+    const loc = (0, ast_1.assertLoc)(node, fallbackNode);
+    return {
+        file,
+        contract: contractName,
+        'function': functionName,
+        line: loc.line,
+        endLine: loc.endLine,
+        column: loc.column,
+        ruleId: RULE_ID,
+        pattern: RULE_ID,
+        severity: 'high',
+        confidence: 'medium',
+        category: 'input-validation',
+        message: `Constructor parameter '${paramName}' is stored in interface-typed state '${storageName}' ` +
+            `without a preceding zero-address or code-presence validation.`,
+        findingId: '',
+        contractHash: '',
+        contractName,
+        functionName,
+        sourceLocation: { line: loc.line, column: loc.column },
+    };
+}
+function emptyUserDefinedTypeIndex() {
+    return {
+        contractLike: new Set(),
+        excluded: new Set(),
+    };
+}
+function collectUserDefinedTypeIndex(sourceUnit) {
+    const index = emptyUserDefinedTypeIndex();
+    for (const child of sourceUnit?.children || []) {
+        if ((0, ast_1.isNode)(child, 'ContractDefinition') && child?.name && child?.kind !== 'library') {
+            index.contractLike.add(String(child.name));
+            collectContractExcludedTypes(child, index.excluded);
+        }
+        else if ((0, ast_1.isNode)(child, 'ContractDefinition') && child?.name && child?.kind === 'library') {
+            index.excluded.add(String(child.name));
+        }
+        else if (((0, ast_1.isNode)(child, 'StructDefinition') || (0, ast_1.isNode)(child, 'EnumDefinition')) && child?.name) {
+            index.excluded.add(String(child.name));
+        }
+        else if ((0, ast_1.isNode)(child, 'ImportDirective')) {
+            collectImportedSymbolNames(child, index.contractLike);
+        }
+    }
+    return index;
+}
+function collectContractExcludedTypes(contract, excluded) {
+    for (const subNode of contract?.subNodes || []) {
+        if (((0, ast_1.isNode)(subNode, 'StructDefinition') || (0, ast_1.isNode)(subNode, 'EnumDefinition')) && subNode?.name) {
+            excluded.add(String(subNode.name));
+        }
+    }
+}
+function collectImportedSymbolNames(importDirective, names) {
+    for (const entry of importDirective?.symbolAliases || []) {
+        const local = importAliasLocalName(entry);
+        if (local)
+            names.add(local);
+    }
+}
+function importAliasLocalName(entry) {
+    if (!entry)
+        return '';
+    if (Array.isArray(entry))
+        return aliasName(entry[1]) || aliasName(entry[0]);
+    return aliasName(entry.local) || aliasName(entry.alias) || aliasName(entry.name);
+}
+function aliasName(value) {
+    if (!value)
+        return '';
+    if (typeof value === 'string')
+        return value;
+    if (typeof value?.name === 'string')
+        return value.name;
+    return '';
+}
+function collectStorageInterfaceVars(contract, userDefinedTypes) {
+    const vars = new Set();
+    for (const subNode of contract?.subNodes || []) {
+        if (!(0, ast_1.isNode)(subNode, 'StateVariableDeclaration'))
+            continue;
+        for (const variable of subNode.variables || []) {
+            const name = String(variable?.name || '');
+            if (!name || variable?.isDeclaredConst || variable?.isImmutable)
+                continue;
+            if (isContractLikeType(variable?.typeName, userDefinedTypes))
+                vars.add(name);
+        }
+    }
+    return vars;
+}
+function collectConstructorParams(fn) {
+    const params = new Set();
+    for (const param of fn?.parameters || []) {
+        const name = String(param?.name || '');
+        if (!name)
+            continue;
+        if (isAddressType(param?.typeName)) {
+            params.add(name);
+        }
+    }
+    return params;
+}
+function isContractLikeType(typeName, userDefinedTypes) {
+    if (!(0, ast_1.isNode)(typeName, 'UserDefinedTypeName'))
+        return false;
+    const name = userDefinedName(typeName);
+    if (!name)
+        return true;
+    if (userDefinedTypes.excluded.has(name))
+        return false;
+    if (userDefinedTypes.contractLike.has(name))
+        return true;
+    return true;
+}
+function isAddressType(typeName) {
+    return (0, ast_1.isNode)(typeName, 'ElementaryTypeName') && String(typeName?.name || '') === 'address';
+}
+function userDefinedName(typeName) {
+    const path = String(typeName?.namePath || typeName?.name || '');
+    const parts = path.split('.');
+    return parts[parts.length - 1] || path;
+}
+function storageAssignmentFromParam(statement, storageVars, trackedParams) {
+    if (!(0, ast_1.isNode)(statement, 'ExpressionStatement'))
+        return null;
+    const expression = statement.expression;
+    if (!(0, ast_1.isNode)(expression, 'BinaryOperation') || expression.operator !== '=')
+        return null;
+    const storageName = identifierName(expression.left);
+    if (!storageName || !storageVars.has(storageName))
+        return null;
+    const paramName = assignedParamName(expression.right);
+    if (!paramName || !trackedParams.has(paramName))
+        return null;
+    return { node: expression, paramName, storageName };
+}
+function assignedParamName(expression) {
+    const direct = identifierName(expression);
+    if (direct)
+        return direct;
+    if ((0, ast_1.isNode)(expression, 'FunctionCall') && (expression.arguments || []).length === 1) {
+        return identifierName(expression.arguments[0]);
+    }
+    return '';
+}
+function statementValidatesParam(statement, paramName) {
+    if ((0, ast_1.isNode)(statement, 'ExpressionStatement')) {
+        const expr = statement.expression;
+        if (isRequireOrAssertCall(expr)) {
+            return expressionValidatesParam(expr.arguments?.[0], paramName, true);
+        }
+    }
+    if ((0, ast_1.isNode)(statement, 'IfStatement') && statementContainsRevert(statement.trueBody)) {
+        return expressionValidatesParam(statement.condition, paramName, false);
+    }
+    return false;
+}
+function expressionValidatesParam(expression, paramName, truthyMeansSafe) {
+    if (!expression)
+        return false;
+    if ((0, ast_1.isNode)(expression, 'BinaryOperation')) {
+        if (isZeroAddressGuard(expression, paramName, truthyMeansSafe))
+            return true;
+        if (isCodeLengthGuard(expression, paramName, truthyMeansSafe))
+            return true;
+    }
+    if ((0, ast_1.isNode)(expression, 'UnaryOperation') && expression.operator === '!') {
+        return expressionValidatesParam(expression.subExpression, paramName, !truthyMeansSafe);
+    }
+    return false;
+}
+function isZeroAddressGuard(expression, paramName, truthyMeansSafe) {
+    const expectedOperator = truthyMeansSafe ? '!=' : '==';
+    if (expression.operator !== expectedOperator)
+        return false;
+    return ((expressionReferencesParam(expression.left, paramName) && isZeroAddress(expression.right)) ||
+        (expressionReferencesParam(expression.right, paramName) && isZeroAddress(expression.left)));
+}
+function isCodeLengthGuard(expression, paramName, truthyMeansSafe) {
+    const left = codeLengthParamName(expression.left);
+    const right = codeLengthParamName(expression.right);
+    if (truthyMeansSafe) {
+        if (left === paramName && isZeroLiteral(expression.right) && (expression.operator === '>' || expression.operator === '!='))
+            return true;
+        if (right === paramName && isZeroLiteral(expression.left) && expression.operator === '<')
+            return true;
+        return false;
+    }
+    if (left === paramName && isZeroLiteral(expression.right) && (expression.operator === '==' || expression.operator === '<='))
+        return true;
+    if (right === paramName && isZeroLiteral(expression.left) && expression.operator === '>=')
+        return true;
+    return false;
+}
+function expressionReferencesParam(expression, paramName) {
+    if (identifierName(expression) === paramName)
+        return true;
+    if ((0, ast_1.isNode)(expression, 'FunctionCall') && (expression.arguments || []).length === 1) {
+        return expressionReferencesParam(expression.arguments[0], paramName);
+    }
+    return false;
+}
+function codeLengthParamName(expression) {
+    if (!(0, ast_1.isNode)(expression, 'MemberAccess') || expression.memberName !== 'length')
+        return '';
+    const codeAccess = expression.expression;
+    if (!(0, ast_1.isNode)(codeAccess, 'MemberAccess') || codeAccess.memberName !== 'code')
+        return '';
+    const base = codeAccess.expression;
+    if (identifierName(base))
+        return identifierName(base);
+    if ((0, ast_1.isNode)(base, 'FunctionCall') && (base.arguments || []).length === 1) {
+        return identifierName(base.arguments[0]);
+    }
+    return '';
+}
+function isRequireOrAssertCall(expression) {
+    if (!(0, ast_1.isNode)(expression, 'FunctionCall'))
+        return false;
+    const name = identifierName(expression.expression);
+    return name === 'require' || name === 'assert';
+}
+function statementContainsRevert(statement) {
+    if (!statement)
+        return false;
+    if ((0, ast_1.isNode)(statement, 'RevertStatement') || (0, ast_1.isNode)(statement, 'ThrowStatement'))
+        return true;
+    if ((0, ast_1.isNode)(statement, 'Block')) {
+        return (statement.statements || []).some(statementContainsRevert);
+    }
+    if ((0, ast_1.isNode)(statement, 'ExpressionStatement') && (0, ast_1.isNode)(statement.expression, 'FunctionCall')) {
+        return identifierName(statement.expression.expression) === 'revert';
+    }
+    return false;
+}
+function isZeroAddress(expression) {
+    if (isZeroLiteral(expression))
+        return true;
+    if (!(0, ast_1.isNode)(expression, 'FunctionCall'))
+        return false;
+    const name = identifierName(expression.expression);
+    if (name === 'address' && (expression.arguments || []).length === 1) {
+        return isZeroLiteral(expression.arguments[0]);
+    }
+    if ((expression.arguments || []).length === 1) {
+        return isZeroAddress(expression.arguments[0]);
+    }
+    return false;
+}
+function isZeroLiteral(expression) {
+    if ((0, ast_1.isNode)(expression, 'NumberLiteral')) {
+        const value = String(expression.number || expression.value || '');
+        return value === '0' || value === '0x0';
+    }
+    if ((0, ast_1.isNode)(expression, 'HexNumber')) {
+        return /^0x0*$/i.test(String(expression.value || ''));
+    }
+    return false;
+}
+function identifierName(expression) {
+    return (0, ast_1.isNode)(expression, 'Identifier') ? String(expression.name || '') : '';
+}
+//# sourceMappingURL=constructor-address-validation.js.map

package/dist/detectors/constructor-interface-no-address-validation.d.ts

@@ -0,0 +1,32 @@
+import type { ScanResult } from '../index';
+export declare class ConstructorInterfaceNoAddressValidationDetector {
+    readonly id = "constructor-interface-no-address-validation";
+    readonly patternKey = "constructor-interface-no-address-validation";
+    readonly supportedAstKinds: "parser"[];
+    readonly descriptor: {
+        id: string;
+        shortDescription: string;
+        helpUri: string;
+        defaultSeverity: "medium";
+        help: string;
+    };
+    private currentFile;
+    private currentContract;
+    private currentContractNode;
+    private userDefinedContractTypes;
+    private stateContractTypes;
+    private constructorState;
+    private findings;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    'ContractDefinition:exit'(): void;
+    FunctionDefinition(node: any): void;
+    'FunctionDefinition:exit'(node: any): void;
+    FunctionCall(node: any): void;
+    BinaryOperation(node: any): void;
+    VariableDeclarationStatement(node: any): void;
+    private isUserDefinedTypeCast;
+    private recordValidation;
+    private emitIfUnvalidated;
+}

package/dist/detectors/constructor-interface-no-address-validation.js

@@ -0,0 +1,283 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ConstructorInterfaceNoAddressValidationDetector = void 0;
+const ast_1 = require("./_common/ast");
+const RULE_ID = 'constructor-interface-no-address-validation';
+class ConstructorInterfaceNoAddressValidationDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    descriptor = {
+        id: RULE_ID,
+        shortDescription: 'Constructor address parameters stored as contract references should be checked for nonzero contract code first.',
+        helpUri: 'https://snovon.com/',
+        defaultSeverity: 'medium',
+        help: 'Validate constructor address parameters with both a nonzero-address guard and a code-length guard before casting or storing them as interface or contract references.',
+    };
+    currentFile = '';
+    currentContract = '';
+    currentContractNode = null;
+    userDefinedContractTypes = new Set();
+    stateContractTypes = new Map();
+    constructorState = null;
+    findings = [];
+    setFile(file) {
+        this.currentFile = file;
+        this.currentContract = '';
+        this.currentContractNode = null;
+        this.userDefinedContractTypes = new Set();
+        this.stateContractTypes = new Map();
+        this.constructorState = null;
+        this.findings = [];
+    }
+    getFindings() {
+        return this.findings;
+    }
+    ContractDefinition(node) {
+        if (!(0, ast_1.isNode)(node, 'ContractDefinition'))
+            return;
+        if (node.kind === 'contract' || node.kind === 'interface') {
+            this.userDefinedContractTypes.add(node.name || '');
+        }
+        this.currentContract = node.name || '<anonymous>';
+        this.currentContractNode = node;
+        this.stateContractTypes = new Map();
+        for (const subNode of node.subNodes || []) {
+            if (!(0, ast_1.isNode)(subNode, 'StateVariableDeclaration'))
+                continue;
+            for (const variable of subNode.variables || []) {
+                const typeName = userDefinedTypeName(variable?.typeName);
+                if (variable?.name && typeName)
+                    this.stateContractTypes.set(variable.name, typeName);
+            }
+        }
+    }
+    'ContractDefinition:exit'() {
+        this.currentContract = '';
+        this.currentContractNode = null;
+        this.stateContractTypes = new Map();
+    }
+    FunctionDefinition(node) {
+        if (!(0, ast_1.isNode)(node, 'FunctionDefinition') || !node.body || !node.isConstructor) {
+            this.constructorState = null;
+            return;
+        }
+        const params = new Set();
+        for (const parameter of node.parameters || []) {
+            if (parameter?.name && isAddressType(parameter.typeName))
+                params.add(parameter.name);
+        }
+        this.constructorState = {
+            node,
+            params,
+            zeroChecked: new Set(),
+            codeChecked: new Set(),
+            emittedKeys: new Set(),
+        };
+    }
+    'FunctionDefinition:exit'(node) {
+        if (this.constructorState?.node === node)
+            this.constructorState = null;
+    }
+    FunctionCall(node) {
+        const state = this.constructorState;
+        if (!state)
+            return;
+        if (isRequireOrAssertCall(node)) {
+            this.recordValidation(node.arguments?.[0], state);
+            return;
+        }
+        const castType = callIdentifierName(node);
+        if (!castType || !this.isUserDefinedTypeCast(castType))
+            return;
+        const param = directParamIdentifier(node.arguments?.[0], state.params);
+        if (!param)
+            return;
+        this.emitIfUnvalidated(node, param, state, castType);
+    }
+    BinaryOperation(node) {
+        const state = this.constructorState;
+        if (!state || node.operator !== '=')
+            return;
+        const leftName = (0, ast_1.isNode)(node.left, 'Identifier') ? node.left.name : '';
+        const assignedType = leftName ? this.stateContractTypes.get(leftName) : '';
+        if (!assignedType)
+            return;
+        const param = directParamIdentifier(node.right, state.params);
+        if (!param)
+            return;
+        this.emitIfUnvalidated(node, param, state, assignedType);
+    }
+    VariableDeclarationStatement(node) {
+        const state = this.constructorState;
+        if (!state)
+            return;
+        const initialValue = node.initialValue;
+        if (!(0, ast_1.isNode)(initialValue, 'Identifier'))
+            return;
+        const param = directParamIdentifier(initialValue, state.params);
+        if (!param)
+            return;
+        for (const variable of node.variables || []) {
+            const declaredType = userDefinedTypeName(variable?.typeName);
+            if (!declaredType)
+                continue;
+            this.emitIfUnvalidated(node, param, state, declaredType);
+            return;
+        }
+    }
+    isUserDefinedTypeCast(name) {
+        if (this.userDefinedContractTypes.has(name))
+            return true;
+        const first = name.charAt(0);
+        return first >= 'A' && first <= 'Z';
+    }
+    recordValidation(condition, state) {
+        let current = condition;
+        while ((0, ast_1.isNode)(current, 'TupleExpression') &&
+            !current.isArray &&
+            current.components?.length === 1) {
+            current = current.components[0];
+        }
+        if ((0, ast_1.isNode)(current, 'BinaryOperation') && current.operator === '&&') {
+            this.recordValidation(current.left, state);
+            this.recordValidation(current.right, state);
+            return;
+        }
+        const zeroParam = zeroAddressGuardParam(current, state.params);
+        if (zeroParam)
+            state.zeroChecked.add(zeroParam);
+        const codeParam = codeLengthGuardParam(current, state.params);
+        if (codeParam)
+            state.codeChecked.add(codeParam);
+    }
+    emitIfUnvalidated(node, param, state, targetType) {
+        if (state.zeroChecked.has(param) && state.codeChecked.has(param))
+            return;
+        const loc = (0, ast_1.tryLoc)(node, state.node) ?? (0, ast_1.tryLoc)(state.node, this.currentContractNode) ?? {
+            line: 1,
+            endLine: 1,
+            column: 0,
+            endColumn: 0,
+        };
+        const key = `${param}:${loc.line}:${loc.column}`;
+        if (state.emittedKeys.has(key))
+            return;
+        state.emittedKeys.add(key);
+        const missing = [];
+        if (!state.zeroChecked.has(param))
+            missing.push('nonzero address');
+        if (!state.codeChecked.has(param))
+            missing.push('contract code');
+        this.findings.push({
+            file: this.currentFile,
+            contract: this.currentContract,
+            'function': '<constructor>',
+            line: loc.line,
+            endLine: loc.endLine,
+            column: loc.column,
+            pattern: RULE_ID,
+            confidence: 'medium',
+            ruleId: RULE_ID,
+            severity: 'medium',
+            category: 'vulnerability',
+            message: `Constructor parameter '${param}' is stored or cast as '${targetType}' before ${missing.join(' and ')} validation.`,
+            rationale: 'Constructor-supplied addresses used as interface or contract references can permanently brick integrations when they are zero addresses or EOAs.',
+            suggestedFix: `Require '${param} != address(0)' and '${param}.code.length > 0' before assigning it to a contract or interface reference.`,
+            contractName: this.currentContract,
+            functionName: '<constructor>',
+            sourceLocation: { line: loc.line, column: loc.column },
+            findingId: '',
+            contractHash: '',
+        });
+    }
+}
+exports.ConstructorInterfaceNoAddressValidationDetector = ConstructorInterfaceNoAddressValidationDetector;
+function isAddressType(typeName) {
+    return (0, ast_1.isNode)(typeName, 'ElementaryTypeName') && typeName.name === 'address';
+}
+function userDefinedTypeName(typeName) {
+    if (!(0, ast_1.isNode)(typeName, 'UserDefinedTypeName'))
+        return '';
+    return typeof typeName.namePath === 'string' ? typeName.namePath : '';
+}
+function isRequireOrAssertCall(node) {
+    const callee = node?.expression;
+    return (0, ast_1.isNode)(callee, 'Identifier') && (callee.name === 'require' || callee.name === 'assert');
+}
+function callIdentifierName(node) {
+    const callee = node?.expression;
+    return (0, ast_1.isNode)(callee, 'Identifier') && typeof callee.name === 'string' ? callee.name : '';
+}
+function directParamIdentifier(node, params) {
+    let current = node;
+    while ((0, ast_1.isNode)(current, 'FunctionCall') && current.arguments?.length === 1) {
+        const calleeName = callIdentifierName(current);
+        if (calleeName !== 'payable' && calleeName !== 'address')
+            break;
+        current = current.arguments[0];
+    }
+    return (0, ast_1.isNode)(current, 'Identifier') && params.has(current.name) ? current.name : '';
+}
+function zeroAddressGuardParam(node, params) {
+    if (!(0, ast_1.isNode)(node, 'BinaryOperation') || node.operator !== '!=')
+        return '';
+    if (isAddressZero(node.left))
+        return directParamIdentifier(node.right, params);
+    if (isAddressZero(node.right))
+        return directParamIdentifier(node.left, params);
+    return '';
+}
+function codeLengthGuardParam(node, params) {
+    if (!(0, ast_1.isNode)(node, 'BinaryOperation'))
+        return '';
+    if ((node.operator === '>' || node.operator === '!=') && isZeroLiteral(node.right)) {
+        return codeLengthParam(node.left, params);
+    }
+    if (node.operator === '<' && isZeroLiteral(node.left)) {
+        return codeLengthParam(node.right, params);
+    }
+    if (node.operator === '>=' && isOneLiteral(node.right)) {
+        return codeLengthParam(node.left, params);
+    }
+    if (node.operator === '<=' && isOneLiteral(node.left)) {
+        return codeLengthParam(node.right, params);
+    }
+    return '';
+}
+function codeLengthParam(node, params) {
+    if (!(0, ast_1.isNode)(node, 'MemberAccess') || node.memberName !== 'length')
+        return '';
+    const codeAccess = node.expression;
+    if (!(0, ast_1.isNode)(codeAccess, 'MemberAccess') || codeAccess.memberName !== 'code')
+        return '';
+    return directParamIdentifier(codeAccess.expression, params);
+}
+function isAddressZero(node) {
+    if (isZeroLiteral(node))
+        return true;
+    if (!(0, ast_1.isNode)(node, 'FunctionCall'))
+        return false;
+    const callee = node.expression;
+    return (0, ast_1.isNode)(callee, 'Identifier') &&
+        callee.name === 'address' &&
+        node.arguments?.length === 1 &&
+        isZeroLiteral(node.arguments[0]);
+}
+function isZeroLiteral(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if ((0, ast_1.isNode)(node, 'NumberLiteral'))
+        return node.number === '0';
+    if ((0, ast_1.isNode)(node, 'BooleanLiteral'))
+        return false;
+    return node.value === 0 || node.value === '0';
+}
+function isOneLiteral(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if ((0, ast_1.isNode)(node, 'NumberLiteral'))
+        return node.number === '1';
+    return node.value === 1 || node.value === '1';
+}
+//# sourceMappingURL=constructor-interface-no-address-validation.js.map

package/dist/detectors/cross-chain-arbitrary-call.d.ts

@@ -0,0 +1,7 @@
+import type { ScanResult } from '../index';
+export declare class CrossChainArbitraryCallDetector {
+    readonly id = "cross-chain-arbitrary-call";
+    readonly patternKey = "cross-chain-arbitrary-call";
+    readonly supportedAstKinds: "parser"[];
+    scanAst(ast: any, file: string): ScanResult[];
+}