@sun-asterisk/impact-analyzer 1.0.5 → 1.0.7

package/core/detectors/database-detector.js

@@ -7,6 +7,7 @@
  */
 
 import path from 'path';
+import fs from 'fs';
 import { createLogger } from '../utils/logger.js';
 
 export class DatabaseDetector {
@@ -282,16 +283,630 @@ export class DatabaseDetector {
       }
 
       const callers = this.methodCallGraph.getCallers(method);
+
       queue.push(...callers);
     }
 
     return repoMethods;
   }
 
+  /**
+   * BUG-002: Detect @InjectRepository decorators and extract entity information
+   * Enables detection of repository usage in services without call graph
+   */
+  detectInjectedRepositories(content, filePath) {
+    const injectedRepos = [];
+    const lines = content.split('\n');
+
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+
+      // Pattern: @InjectRepository(UserEntity)
+      const injectMatch = line.match(/@InjectRepository\s*\(\s*(\w+Entity)\s*\)/);
+      if (injectMatch) {
+        const entityName = injectMatch[1];
+
+        // Look for field name in next few lines
+        // private readonly userRepository: Repository<UserEntity>
+        for (let j = i; j < Math.min(i + 3, lines.length); j++) {
+          const fieldMatch = lines[j].match(/(?:private|public|protected)\s+(?:readonly\s+)?(\w+)\s*:/);
+          if (fieldMatch) {
+            injectedRepos.push({
+              entityName: entityName,
+              fieldName: fieldMatch[1],
+              tableName: this.entityToTableName(entityName),
+              file: filePath
+            });
+            this.logger.verbose('DatabaseDetector',
+              `Found injected repository: ${fieldMatch[1]} -> ${entityName} -> ${this.entityToTableName(entityName)}`);
+            break;
+          }
+        }
+      }
+    }
+
+    return injectedRepos;
+  }
+
+  /**
+   * BUG-002: Detect database operations from repository field usage
+   * Detects: this.userRepository.find(...), this.repo.update(...), etc.
+   */
+  detectOperationFromRepositoryUsage(line, repo, databaseChanges) {
+    const operations = {
+      'createQueryBuilder': 'SELECT',
+      'find': 'SELECT',
+      'findOne': 'SELECT',
+      'findBy': 'SELECT',
+      'findOneBy': 'SELECT',
+      'findAndCount': 'SELECT',
+      'update': 'UPDATE',
+      'insert': 'INSERT',
+      'delete': 'DELETE',
+      'remove': 'DELETE',
+      'save': 'INSERT/UPDATE',
+      'merge': 'UPDATE',
+    };
+
+    // Detect operation
+    let detectedOp = null;
+    for (const [method, opType] of Object.entries(operations)) {
+      if (line.includes(`.${method}(`)) {
+        detectedOp = opType;
+        break;
+      }
+    }
+
+    if (!detectedOp) return;
+
+    // Extract entity/table info
+    const tableName = repo.tableName;
+
+    if (!databaseChanges.tables.has(tableName)) {
+      databaseChanges.tables.set(tableName, {
+        entity: repo.entityName,
+        file: repo.file,
+        operations: new Set(),
+        fields: new Set(),
+        isEntityFile: false,
+        hasRelationChange: false,
+        changeSource: { path: repo.file }
+      });
+    }
+
+    const tableData = databaseChanges.tables.get(tableName);
+    tableData.operations.add(detectedOp);
+
+    // Extract fields from query builder
+    this.extractFieldsFromQueryBuilder(line, tableData);
+
+    this.logger.verbose('DatabaseDetector',
+      `Detected ${detectedOp} on ${tableName} via ${repo.fieldName}`);
+  }
+
+  /**
+   * BUG-002: Extract field names from query builder select() and where()
+   */
+  extractFieldsFromQueryBuilder(line, tableData) {
+    // Pattern: .select(['user.id', 'user.name', 'user.email'])
+    const selectMatch = line.match(/\.select\s*\(\s*\[([^\]]+)\]/);
+    if (selectMatch) {
+      const fieldsStr = selectMatch[1];
+      const fieldMatches = fieldsStr.matchAll(/['"](?:\w+\.)?(\w+)['"]/g);
+
+      for (const match of fieldMatches) {
+        const fieldName = match[1];
+        if (fieldName && fieldName !== 'delFlg') {
+          tableData.fields.add(fieldName);
+        }
+      }
+    }
+
+    // Pattern: .where('user.name = :name', ...)
+    const whereMatch = line.match(/\.where\s*\(\s*['"](?:\w+\.)?(\w+)\s*[=<>]/);
+    if (whereMatch) {
+      const fieldName = whereMatch[1];
+      if (fieldName && fieldName !== 'delFlg') {
+        tableData.fields.add(fieldName);
+      }
+    }
+
+    // Pattern: { id: 1, name: 'value' } in object literals
+    const objectFieldMatches = line.matchAll(/\{\s*(\w+)\s*:/g);
+    for (const match of objectFieldMatches) {
+      const fieldName = match[1];
+      if (fieldName && fieldName !== 'delFlg' && fieldName !== 'where') {
+        tableData.fields.add(fieldName);
+      }
+    }
+  }
+
+  /**
+   * BUG-002: Collect multi-line repository usage blocks from diff
+   * Handles statements that span multiple lines like:
+   * this.repo
+   *   .createQueryBuilder()
+   *   .select([...])
+   */
+  collectRepositoryUsageBlocks(lines, injectedRepos) {
+    const blocks = [];
+    
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      
+      if (!line.startsWith('+')) continue;
+      
+      const addedLine = line.substring(1).trim();
+      
+      // Check if this line starts repository usage
+      for (const repo of injectedRepos) {
+        if (addedLine.includes(`this.${repo.fieldName}`)) {
+          // Collect all subsequent lines that are method chains
+          const codeBlock = [addedLine];
+          let j = i + 1;
+          
+          // Look ahead for chained methods (lines starting with .)
+          while (j < lines.length) {
+            const nextLine = lines[j];
+            if (!nextLine.startsWith('+')) break;
+            
+            const nextAddedLine = nextLine.substring(1).trim();
+            
+            // Check if it's a method chain continuation
+            if (nextAddedLine.startsWith('.') || 
+                nextAddedLine.startsWith(')') ||
+                codeBlock[codeBlock.length - 1].endsWith(',') ||
+                codeBlock[codeBlock.length - 1].endsWith('(')) {
+              codeBlock.push(nextAddedLine);
+              j++;
+            } else {
+              break;
+            }
+          }
+          
+          blocks.push({
+            repo: repo,
+            code: codeBlock.join(' ')
+          });
+          
+          // Skip the lines we've already processed
+          i = j - 1;
+          break;
+        }
+      }
+    }
+    
+    return blocks;
+  }
+
+  /**
+   * BUG-004: Detect raw SQL query patterns in changed files
+   * CORRECTED APPROACH: Use full file content, not just diff
+   *
+   * Strategy:
+   * 1. Read full file content from filesystem
+   * 2. Find changed line numbers from diff
+   * 3. Find parent statements containing those lines
+   * 4. Extract SQL from those statements
+   */
+  detectRawSQLQueries(filePath, diff) {
+    const sqlQueries = [];
+
+    try {
+      // Step 1: Read full file content
+      if (!fs.existsSync(filePath)) {
+        this.logger.verbose('DatabaseDetector', `File not found: ${filePath}`);
+        return sqlQueries;
+      }
+
+      const fileContent = fs.readFileSync(filePath, 'utf-8');
+      const fileLines = fileContent.split('\n');
+
+      // Step 2: Extract changed line numbers from diff
+      const changedLineNumbers = this.extractChangedLineNumbers(diff);
+
+      if (changedLineNumbers.length === 0) {
+        return sqlQueries;
+      }
+
+      this.logger.verbose('DatabaseDetector',
+        `Analyzing ${changedLineNumbers.length} changed lines in ${filePath}`);
+
+      // Step 3: Find query/execute statements that contain changed lines
+      const processedStatements = new Set();
+
+      for (const lineNum of changedLineNumbers) {
+        const statement = this.findQueryStatementContainingLine(fileLines, lineNum);
+
+        if (!statement) continue;
+
+        const key = `${statement.startLine}-${statement.endLine}`;
+        if (processedStatements.has(key)) continue;
+        processedStatements.add(key);
+
+        // Step 4: Extract SQL from statement
+        const sqlData = this.extractSQLFromStatement(statement.content);
+
+        if (sqlData) {
+          this.logger.verbose('DatabaseDetector',
+            `Found SQL query at lines ${statement.startLine}-${statement.endLine}`);
+          sqlQueries.push({
+            sql: sqlData.sql,
+            method: statement.method,
+            changedLineNum: lineNum
+          });
+        }
+      }
+
+    } catch (error) {
+      this.logger.error('DatabaseDetector', `Error detecting raw SQL: ${error.message}`);
+    }
+
+    return sqlQueries;
+  }
+
+  /**
+   * Extract line numbers that were changed in the diff
+   */
+  extractChangedLineNumbers(diff) {
+    const changedLines = [];
+    const lines = diff.split('\n');
+    let currentLineNum = 0;
+
+    for (const line of lines) {
+      if (line.startsWith('@@')) {
+        // Parse: @@ -oldStart,oldCount +newStart,newCount @@
+        const match = line.match(/@@ -\d+(?:,\d+)? \+(\d+)/);
+        if (match) {
+          currentLineNum = parseInt(match[1], 10);
+        }
+        continue;
+      }
+
+      if (line.startsWith('+') && !line.startsWith('+++')) {
+        changedLines.push(currentLineNum);
+      }
+
+      if (!line.startsWith('-')) {
+        currentLineNum++;
+      }
+    }
+
+    return changedLines;
+  }
+
+  /**
+   * Find the .query() or .execute() statement that contains the given line number
+   */
+  findQueryStatementContainingLine(fileLines, targetLineNum) {
+    // Adjust for 0-based array indexing
+    const targetIndex = targetLineNum - 1;
+
+    if (targetIndex < 0 || targetIndex >= fileLines.length) {
+      return null;
+    }
+
+    // Search backwards to find .query( or .execute(
+    const searchRadius = 50;
+    let startLine = -1;
+    let method = null;
+
+    for (let i = targetIndex; i >= Math.max(0, targetIndex - searchRadius); i--) {
+      const line = fileLines[i];
+      const match = line.match(/\.(query|execute)\s*</);
+
+      if (match) {
+        method = match[1];
+        startLine = i + 1; // Convert to 1-based line number
+        break;
+      }
+    }
+
+    if (!method) return null;
+
+    // Search forward to find the end of the statement (closing semicolon or })
+    let endLine = targetLineNum;
+    let parenDepth = 0;
+    let inTemplate = false;
+
+    for (let i = startLine - 1; i < Math.min(fileLines.length, startLine + searchRadius); i++) {
+      const line = fileLines[i];
+
+      // Track template literal boundaries
+      for (const char of line) {
+        if (char === '`') inTemplate = !inTemplate;
+        if (!inTemplate) {
+          if (char === '(') parenDepth++;
+          if (char === ')') parenDepth--;
+        }
+      }
+
+      endLine = i + 1;
+
+      // Found the end when parentheses are balanced and we hit a semicolon
+      if (parenDepth === 0 && line.includes(';')) {
+        break;
+      }
+    }
+
+    // Extract the statement content
+    const statementLines = fileLines.slice(startLine - 1, endLine);
+
+    return {
+      startLine,
+      endLine,
+      method,
+      content: statementLines.join('\n')
+    };
+  }
+
+  /**
+   * Extract SQL and metadata from a query/execute statement
+   */
+  extractSQLFromStatement(statementContent) {
+    // Extract SQL from template literal (backticks)
+    const templateMatch = statementContent.match(/`([^`]+)`/s);
+
+    if (templateMatch) {
+      const sql = templateMatch[1].trim();
+      return { sql };
+    }
+
+    // Try single/double quotes as fallback
+    const quoteMatch = statementContent.match(/['"]([^'"]+)['"]/s);
+    if (quoteMatch) {
+      const sql = quoteMatch[1].trim();
+      return { sql };
+    }
+
+    return null;
+  }
+
+  /**
+   * BUG-004: Parse SQL query to extract database impact
+   * Extracts: operation type, table names, field names
+   */
+  parseSQLQuery(sql) {
+    const impact = {
+      operation: null,
+      tables: [],
+      fields: [],
+      hasJoin: false,
+      joinType: null
+    };
+
+    // Normalize SQL (remove extra whitespace, newlines)
+    const normalizedSQL = sql.replace(/\s+/g, ' ').trim().toUpperCase();
+
+    // Detect operation type
+    if (normalizedSQL.startsWith('SELECT')) {
+      impact.operation = 'SELECT';
+    } else if (normalizedSQL.startsWith('INSERT')) {
+      impact.operation = 'INSERT';
+    } else if (normalizedSQL.startsWith('UPDATE')) {
+      impact.operation = 'UPDATE';
+    } else if (normalizedSQL.startsWith('DELETE')) {
+      impact.operation = 'DELETE';
+    } else if (normalizedSQL.startsWith('ALTER')) {
+      impact.operation = 'ALTER';
+    } else if (normalizedSQL.startsWith('CREATE')) {
+      impact.operation = 'CREATE';
+    } else if (normalizedSQL.startsWith('DROP')) {
+      impact.operation = 'DROP';
+    }
+
+    // Extract table names
+    impact.tables = this.extractTablesFromSQL(normalizedSQL, impact.operation);
+
+    // Extract field names (use original SQL for case sensitivity)
+    impact.fields = this.extractFieldsFromSQL(sql, impact.operation);
+
+    // Detect JOIN
+    if (normalizedSQL.includes('JOIN')) {
+      impact.hasJoin = true;
+
+      if (normalizedSQL.includes('INNER JOIN')) {
+        impact.joinType = 'INNER';
+      } else if (normalizedSQL.includes('LEFT JOIN')) {
+        impact.joinType = 'LEFT';
+      } else if (normalizedSQL.includes('RIGHT JOIN')) {
+        impact.joinType = 'RIGHT';
+      } else if (normalizedSQL.includes('FULL JOIN')) {
+        impact.joinType = 'FULL';
+      }
+    }
+
+    return impact;
+  }
+
+  /**
+   * BUG-004: Extract table names from SQL query
+   */
+  extractTablesFromSQL(sql, operation) {
+    const tables = new Set();
+
+    // FROM clause: SELECT ... FROM table_name
+    const fromMatches = sql.matchAll(/FROM\s+([a-z_][a-z0-9_]*)/gi);
+    for (const match of fromMatches) {
+      tables.add(match[1].toLowerCase());
+    }
+
+    // JOIN clause: JOIN table_name
+    const joinMatches = sql.matchAll(/JOIN\s+([a-z_][a-z0-9_]*)/gi);
+    for (const match of joinMatches) {
+      tables.add(match[1].toLowerCase());
+    }
+
+    // INSERT INTO: INSERT INTO table_name
+    if (operation === 'INSERT') {
+      const insertMatch = sql.match(/INSERT\s+INTO\s+([a-z_][a-z0-9_]*)/i);
+      if (insertMatch) {
+        tables.add(insertMatch[1].toLowerCase());
+      }
+    }
+
+    // UPDATE: UPDATE table_name
+    if (operation === 'UPDATE') {
+      const updateMatch = sql.match(/UPDATE\s+([a-z_][a-z0-9_]*)/i);
+      if (updateMatch) {
+        tables.add(updateMatch[1].toLowerCase());
+      }
+    }
+
+    // ALTER TABLE: ALTER TABLE table_name
+    if (operation === 'ALTER') {
+      const alterMatch = sql.match(/ALTER\s+TABLE\s+([a-z_][a-z0-9_]*)/i);
+      if (alterMatch) {
+        tables.add(alterMatch[1].toLowerCase());
+      }
+    }
+
+    return Array.from(tables);
+  }
+
+  /**
+   * BUG-004: Extract field names from SQL query
+   */
+  extractFieldsFromSQL(sql, operation) {
+    const fields = new Set();
+
+    // SELECT fields: SELECT field1, field2, table.field3
+    if (operation === 'SELECT') {
+      const selectMatch = sql.match(/SELECT\s+(.*?)\s+FROM/is);
+      if (selectMatch) {
+        const fieldList = selectMatch[1];
+
+        // Extract field names (handle table.field format)
+        const fieldMatches = fieldList.matchAll(/(?:^|,)\s*(?:\w+\.)?(\w+)(?:\s+as\s+\w+)?/gi);
+        for (const match of fieldMatches) {
+          const fieldName = match[1].toLowerCase();
+          // Skip SQL keywords and functions
+          if (!['count', 'sum', 'avg', 'max', 'min', 'distinct', '*'].includes(fieldName)) {
+            fields.add(fieldName);
+          }
+        }
+      }
+    }
+
+    // WHERE clause fields: WHERE user.id = $1 AND user.name = $2
+    const whereMatches = sql.matchAll(/(?:WHERE|AND|OR)\s+(?:\w+\.)?(\w+)\s*[=<>!]/gi);
+    for (const match of whereMatches) {
+      const fieldName = match[1].toLowerCase();
+      fields.add(fieldName);
+    }
+
+    // JOIN ON clause: ON table1.field = table2.field
+    const onMatches = sql.matchAll(/ON\s+(?:\w+\.)?(\w+)\s*=\s*(?:\w+\.)?(\w+)/gi);
+    for (const match of onMatches) {
+      fields.add(match[1].toLowerCase());
+      fields.add(match[2].toLowerCase());
+    }
+
+    // INSERT fields: INSERT INTO table (field1, field2)
+    if (operation === 'INSERT') {
+      const insertMatch = sql.match(/INSERT\s+INTO\s+\w+\s*\((.*?)\)/is);
+      if (insertMatch) {
+        const fieldList = insertMatch[1];
+        const fieldMatches = fieldList.matchAll(/(\w+)/g);
+        for (const match of fieldMatches) {
+          fields.add(match[1].toLowerCase());
+        }
+      }
+    }
+
+    // UPDATE SET: UPDATE table SET field1 = $1, field2 = $2
+    if (operation === 'UPDATE') {
+      const setMatch = sql.match(/SET\s+(.*?)(?:WHERE|$)/is);
+      if (setMatch) {
+        const setList = setMatch[1];
+        const fieldMatches = setList.matchAll(/(\w+)\s*=/gi);
+        for (const match of fieldMatches) {
+          fields.add(match[1].toLowerCase());
+        }
+      }
+    }
+
+    // ALTER TABLE ADD/MODIFY: ALTER TABLE table ADD COLUMN field_name
+    if (operation === 'ALTER') {
+      const alterMatches = sql.matchAll(/(?:ADD|MODIFY|DROP)\s+(?:COLUMN\s+)?(\w+)/gi);
+      for (const match of alterMatches) {
+        fields.add(match[1].toLowerCase());
+      }
+    }
+
+    return Array.from(fields).filter(f => f !== 'delflg');
+  }
+
   analyzeChangedCodeForDatabaseOps(changedFile, databaseChanges) {
     const diff = changedFile.diff || '';
+    const content = changedFile.content || '';
     const lines = diff.split('\n');
     
+    // BUG-002: Step 1 - Detect injected repositories in file
+    const injectedRepos = this.detectInjectedRepositories(content, changedFile.path);
+
+    if (injectedRepos.length > 0) {
+      this.logger.verbose('DatabaseDetector',
+        `Found ${injectedRepos.length} injected repositories in ${changedFile.path}`);
+    }
+    
+    // BUG-002: Step 2 - Collect multi-line repository usage statements
+    const repoUsageBlocks = this.collectRepositoryUsageBlocks(lines, injectedRepos);
+    
+    for (const block of repoUsageBlocks) {
+      this.detectOperationFromRepositoryUsage(
+        block.code,
+        block.repo,
+        databaseChanges
+      );
+    }
+
+    // BUG-004: Step 3 - Detect raw SQL queries
+    const rawSQLQueries = this.detectRawSQLQueries(changedFile.path, changedFile.diff || '');
+
+    if (rawSQLQueries.length > 0) {
+      this.logger.verbose('DatabaseDetector',
+        `Found ${rawSQLQueries.length} raw SQL queries in ${changedFile.path}`);
+    }
+
+    for (const query of rawSQLQueries) {
+      const sqlImpact = this.parseSQLQuery(query.sql);
+
+      // Add each affected table to database changes
+      for (const tableName of sqlImpact.tables) {
+        if (!databaseChanges.tables.has(tableName)) {
+          databaseChanges.tables.set(tableName, {
+            entity: this.tableNameToEntityName(tableName),
+            file: changedFile.path,
+            operations: new Set(),
+            fields: new Set(),
+            isEntityFile: false,
+            hasRelationChange: false,
+            changeSource: { path: changedFile.path, type: 'raw-sql' }
+          });
+        }
+
+        const tableData = databaseChanges.tables.get(tableName);
+
+        if (sqlImpact.operation) {
+          tableData.operations.add(sqlImpact.operation);
+        }
+
+        for (const field of sqlImpact.fields) {
+          tableData.fields.add(field);
+        }
+
+        // Add SQL-specific metadata
+        if (sqlImpact.hasJoin) {
+          tableData.hasJoin = true;
+          tableData.joinType = sqlImpact.joinType;
+        }
+
+        this.logger.verbose('DatabaseDetector',
+          `Raw SQL: ${sqlImpact.operation} on ${tableName} with fields: ${sqlImpact.fields.join(', ')}`);
+      }
+    }
+
     const typeOrmOps = {
       'insert': 'INSERT',
       'save': 'INSERT/UPDATE',
@@ -530,9 +1145,7 @@ export class DatabaseDetector {
     const methodKey = `${repoMethod.className}.${repoMethod.methodName}`;
     const methodCalls = this.methodCallGraph.methodCallsMap?.get(methodKey) || [];
     
-    if (this.config.verbose) {
-      console.log(`   📞 Analyzing ${methodCalls.length} calls in ${repoMethod.className}.${repoMethod.methodName}`);
-    }
+    this.logger.verbose('DatabaseDetector', `   📞 Analyzing ${methodCalls.length} calls in ${repoMethod.className}.${repoMethod.methodName}`);
     
     for (const call of methodCalls) {
       const dbOp = this.detectDatabaseOperationFromCall(call);
@@ -700,3 +1313,5 @@ export class DatabaseDetector {
     return 'low';
   }
 }
+
+export default DatabaseDetector;

package/core/utils/logger.js

@@ -7,6 +7,7 @@ export function createLogger(verbose = false) {
   return {
     info: (msg) => console.log(msg),
     debug: (msg) => verbose && console.log(`[DEBUG] ${msg}`),
-    verbose: (component, msg) => verbose && console.log(`[${component}] ${msg}`)
+    verbose: (component, msg) => verbose && console.log(`[${component}] ${msg}`),
+    error: (msg) => console.error(`[ERROR] ${msg}`),
   };
 }