@sun-asterisk/sunlint 1.0.5

package/eslint-integration/eslint-plugin-custom/c047-no-duplicate-retry-logic.js

@@ -0,0 +1,239 @@
+/**
+ * Custom ESLint rule for: C047 – Logic retry không được viết lặp lại nhiều nơi
+ * Rule ID: custom/c047
+ * Purpose: Detect duplicate retry logic patterns and enforce centralized retry utilities
+ */
+
+module.exports = {
+  meta: {
+    type: "suggestion",
+    docs: {
+      description: "Logic retry không được viết lặp lại nhiều nơi - use centralized retry utility instead",
+      recommended: false
+    },
+    schema: [
+      {
+        type: "object",
+        properties: {
+          maxRetryPatterns: {
+            type: "number",
+            minimum: 1,
+            default: 2,
+            description: "Maximum number of retry patterns allowed before suggesting centralization"
+          },
+          allowedRetryUtils: {
+            type: "array",
+            items: { type: "string" },
+            default: ["RetryUtil", "retryWithBackoff", "withRetry"],
+            description: "Names of allowed centralized retry utilities"
+          }
+        },
+        additionalProperties: false
+      }
+    ],
+    messages: {
+      duplicateRetryLogic: "Duplicate retry logic detected ({{count}} occurrences). Consider using a centralized retry utility like RetryUtil.withRetry()",
+      inlineRetryLogic: "Inline retry logic found. Consider using a centralized retry utility for consistency and maintainability.",
+      suggestRetryUtil: "Use centralized retry utility instead of custom retry logic."
+    }
+  },
+  create(context) {
+    const options = context.options[0] || {};
+    const maxRetryPatterns = options.maxRetryPatterns || 2;
+    const allowedRetryUtils = options.allowedRetryUtils || ["RetryUtil", "retryWithBackoff", "withRetry"];
+    
+    const retryPatterns = [];
+    const sourceCode = context.getSourceCode();
+
+    /**
+     * Check if a node represents a retry pattern
+     */
+    function isRetryPattern(node) {
+      // Pattern 1: for/while loop with try-catch for retry
+      if ((node.type === "ForStatement" || node.type === "WhileStatement") && 
+          node.body && node.body.type === "BlockStatement") {
+        const hasRetryLogic = node.body.body.some(stmt => 
+          stmt.type === "TryStatement" || 
+          (stmt.type === "IfStatement" && hasRetryCondition(stmt))
+        );
+        return hasRetryLogic;
+      }
+
+      // Pattern 2: do-while with try-catch
+      if (node.type === "DoWhileStatement" && 
+          node.body && node.body.type === "BlockStatement") {
+        return node.body.body.some(stmt => stmt.type === "TryStatement");
+      }
+
+      // Pattern 3: recursive function with retry logic
+      if (node.type === "FunctionDeclaration" || node.type === "FunctionExpression") {
+        return hasRecursiveRetryPattern(node);
+      }
+
+      return false;
+    }
+
+    /**
+     * Check if statement has retry-related conditions
+     */
+    function hasRetryCondition(ifStmt) {
+      if (!ifStmt.test) return false;
+      
+      const testText = sourceCode.getText(ifStmt.test).toLowerCase();
+      return testText.includes('retry') || 
+             testText.includes('attempt') || 
+             testText.includes('tries') ||
+             testText.includes('maxretries') ||
+             testText.includes('maxattempts');
+    }
+
+    /**
+     * Check if function has recursive retry pattern
+     */
+    function hasRecursiveRetryPattern(funcNode) {
+      if (!funcNode.body || !funcNode.body.body) return false;
+      
+      const funcName = funcNode.id ? funcNode.id.name : null;
+      if (!funcName) return false;
+
+      // Look for recursive calls with retry logic
+      const hasRecursiveCall = funcNode.body.body.some(stmt => {
+        if (stmt.type === "TryStatement" && stmt.handler) {
+          // Check if catch block has recursive call
+          return containsRecursiveCall(stmt.handler.body, funcName);
+        }
+        return false;
+      });
+
+      return hasRecursiveCall;
+    }
+
+    /**
+     * Check if block contains recursive call to the function
+     */
+    function containsRecursiveCall(block, funcName) {
+      if (!block || !block.body) return false;
+      
+      return block.body.some(stmt => {
+        if (stmt.type === "ReturnStatement" && stmt.argument) {
+          return containsCallExpression(stmt.argument, funcName);
+        }
+        if (stmt.type === "ExpressionStatement") {
+          return containsCallExpression(stmt.expression, funcName);
+        }
+        return false;
+      });
+    }
+
+    /**
+     * Check if expression contains call to specific function
+     */
+    function containsCallExpression(expr, funcName) {
+      if (expr.type === "CallExpression" && 
+          expr.callee && expr.callee.name === funcName) {
+        return true;
+      }
+      
+      if (expr.type === "AwaitExpression" && expr.argument) {
+        return containsCallExpression(expr.argument, funcName);
+      }
+      
+      return false;
+    }
+
+    /**
+     * Check if node uses allowed retry utilities
+     */
+    function usesAllowedRetryUtil(node) {
+      const nodeText = sourceCode.getText(node);
+      return allowedRetryUtils.some(utilName => nodeText.includes(utilName));
+    }
+
+    /**
+     * Get hash for retry pattern to detect duplicates
+     */
+    function getRetryPatternHash(node) {
+      let text = sourceCode.getText(node);
+      // Normalize text for comparison (remove variable names, whitespace)
+      text = text
+        .replace(/\b[a-zA-Z_$][a-zA-Z0-9_$]*\b/g, 'VAR') // Replace identifiers
+        .replace(/\s+/g, ' ') // Normalize whitespace
+        .replace(/\/\*.*?\*\//g, '') // Remove block comments
+        .replace(/\/\/.*$/gm, ''); // Remove line comments
+      return text;
+    }
+
+    return {
+      // Check for retry patterns in various constructs
+      "ForStatement, WhileStatement, DoWhileStatement"(node) {
+        if (isRetryPattern(node) && !usesAllowedRetryUtil(node)) {
+          const hash = getRetryPatternHash(node);
+          const existing = retryPatterns.find(p => p.hash === hash);
+          
+          if (existing) {
+            existing.count++;
+            existing.nodes.push(node);
+          } else {
+            retryPatterns.push({
+              hash,
+              count: 1,
+              nodes: [node],
+              type: node.type
+            });
+          }
+        }
+      },
+
+      "FunctionDeclaration, FunctionExpression"(node) {
+        if (isRetryPattern(node) && !usesAllowedRetryUtil(node)) {
+          context.report({
+            node,
+            messageId: "inlineRetryLogic"
+          });
+        }
+      },
+
+      // Check for inline setTimeout/setInterval retry patterns
+      "CallExpression"(node) {
+        if (node.callee && 
+            (node.callee.name === "setTimeout" || node.callee.name === "setInterval")) {
+          const parent = node.parent;
+          // Check if this setTimeout is part of retry logic
+          if (parent && parent.type === "ExpressionStatement") {
+            let current = parent.parent;
+            while (current) {
+              if (current.type === "TryStatement" || 
+                  (current.type === "IfStatement" && hasRetryCondition(current))) {
+                if (!usesAllowedRetryUtil(current)) {
+                  context.report({
+                    node: current,
+                    messageId: "inlineRetryLogic"
+                  });
+                }
+                break;
+              }
+              current = current.parent;
+            }
+          }
+        }
+      },
+
+      // Report duplicates at end of program
+      "Program:exit"() {
+        retryPatterns.forEach(pattern => {
+          if (pattern.count >= maxRetryPatterns) {
+            pattern.nodes.forEach(node => {
+              context.report({
+                node,
+                messageId: "duplicateRetryLogic",
+                data: {
+                  count: pattern.count
+                }
+              });
+            });
+          }
+        });
+      }
+    };
+  }
+};

package/eslint-integration/eslint-plugin-custom/c048-no-var-declaration.js

@@ -0,0 +1,31 @@
+/**
+ * Custom ESLint rule for: C048 – Avoid using `var` declarations, use `let` or `const` instead
+ * Rule ID: custom/c048
+ * Purpose: Prevent usage of var due to hoisting issues, use let/const for clear scoping
+ */
+
+module.exports = {
+  meta: {
+    type: "problem",
+    docs: {
+      description: "Avoid using `var` declarations, use `let` or `const` instead",
+      recommended: true
+    },
+    schema: [],
+    messages: {
+      noVar: "Do not use `var`. Use `let` or `const` instead."
+    }
+  },
+  create(context) {
+    return {
+      VariableDeclaration(node) {
+        if (node.kind === "var") {
+          context.report({
+            node,
+            messageId: "noVar"
+          });
+        }
+      }
+    };
+  }
+};

package/eslint-integration/eslint-plugin-custom/c076-one-assert-per-test.js

@@ -0,0 +1,184 @@
+/**
+ * Custom ESLint rule for: C076 – Each test should assert only one behavior (Single Assert Rule)
+ * Rule ID: custom/c076
+ * Purpose: A test case should only have one main behavior to test (one expect statement)
+ */
+
+module.exports = {
+  meta: {
+    type: "suggestion",
+    docs: {
+      description: "Each test should assert only one behavior (Single Assert Rule)",
+      recommended: false
+    },
+    schema: [],
+    messages: {
+      tooMany: "Test contains too many expect statements ({{count}}). Each test should have only one main behavior to verify."
+    }
+  },
+  create(context) {
+    function isTestFunction(node) {
+      // Safety check for node structure
+      if (!node || !node.callee) {
+        return false;
+      }
+
+      // Check for test/it calls
+      if (node.type === "CallExpression") {
+        // Handle direct test/it calls
+        if (node.callee.type === "Identifier") {
+          return ["test", "it"].includes(node.callee.name);
+        }
+        
+        // Handle imported test/it calls
+        if (node.callee.type === "MemberExpression" &&
+            node.callee.object.type === "Identifier" &&
+            ["test", "it"].includes(node.callee.property.name)) {
+          return true;
+        }
+      }
+
+      return false;
+    }
+
+    function isDescribeBlock(node) {
+      if (!node || !node.callee) {
+        return false;
+      }
+
+      if (node.type === "CallExpression") {
+        // Handle direct describe calls
+        if (node.callee.type === "Identifier") {
+          return node.callee.name === "describe";
+        }
+        
+        // Handle imported describe calls
+        if (node.callee.type === "MemberExpression" &&
+            node.callee.object.type === "Identifier" &&
+            node.callee.property.name === "describe") {
+          return true;
+        }
+      }
+
+      return false;
+    }
+
+    function isSetupOrTeardown(node) {
+      if (!node || !node.callee) {
+        return false;
+      }
+
+      if (node.type === "CallExpression") {
+        const name = node.callee.type === "Identifier" 
+          ? node.callee.name 
+          : node.callee.type === "MemberExpression" 
+            ? node.callee.property.name 
+            : null;
+
+        return ["beforeEach", "afterEach", "beforeAll", "afterAll"].includes(name);
+      }
+
+      return false;
+    }
+
+    function countExpectCalls(body) {
+      let count = 0;
+
+      function traverse(node) {
+        // Safety check to ensure node exists and has type property
+        if (!node || typeof node !== 'object' || !node.type) {
+          return;
+        }
+
+        // Check if this node is an expect call
+        if (
+          node.type === "CallExpression" &&
+          node.callee &&
+          node.callee.type === "Identifier" &&
+          node.callee.name === "expect"
+        ) {
+          count++;
+        }
+
+        // Safely traverse child nodes, but don't go into nested test functions
+        for (const key in node) {
+          if (key === 'parent' || key === 'range' || key === 'loc') {
+            continue; // Skip circular references and metadata
+          }
+          
+          const child = node[key];
+          if (Array.isArray(child)) {
+            child.forEach(item => {
+              if (item && typeof item === 'object' && item.type) {
+                // Don't traverse into nested test functions
+                if (!(item.type === "CallExpression" && isTestFunction(item))) {
+                  traverse(item);
+                }
+              }
+            });
+          } else if (child && typeof child === 'object' && child.type) {
+            // Don't traverse into nested test functions
+            if (!(child.type === "CallExpression" && isTestFunction(child))) {
+              traverse(child);
+            }
+          }
+        }
+      }
+
+      traverse(body);
+      return count;
+    }
+
+    return {
+      CallExpression(node) {
+        // Only check test/it function calls
+        if (!isTestFunction(node)) {
+          return;
+        }
+
+        // Ensure we have the required arguments (name and callback)
+        if (!node.arguments || node.arguments.length < 2) {
+          return;
+        }
+
+        const testCallback = node.arguments[1];
+        
+        // Check if the second argument is a function (test body)
+        if (
+          !testCallback ||
+          (testCallback.type !== "FunctionExpression" && 
+           testCallback.type !== "ArrowFunctionExpression")
+        ) {
+          return;
+        }
+
+        // Get the function body
+        const fnBody = testCallback.body;
+        if (!fnBody) {
+          return;
+        }
+
+        // Handle both block statements and expression bodies
+        let bodyToCheck = fnBody;
+        if (testCallback.type === "ArrowFunctionExpression" && fnBody.type !== "BlockStatement") {
+          // For arrow functions with expression bodies, wrap in a virtual block
+          bodyToCheck = { type: "BlockStatement", body: [{ type: "ExpressionStatement", expression: fnBody }] };
+        }
+
+        // Count expect calls in the test body
+        const expectCount = countExpectCalls(bodyToCheck);
+        
+        // Report if more than one expect statement
+        if (expectCount > 1) {
+          context.report({
+            node,
+            messageId: "tooMany",
+            data: {
+              count: expectCount
+            }
+          });
+        }
+      }
+    };
+  }
+};

package/eslint-integration/eslint-plugin-custom/index.js

@@ -0,0 +1,155 @@
+/**
+ * Custom ESLint plugin: custom rules index
+ * Export toàn bộ rule tự định nghĩa dùng cho plugin "custom"
+ */
+
+const c002 = require("./c002-no-duplicate-code.js");
+const c003 = require("./c003-no-vague-abbreviations.js");
+const c006 = require("./c006-function-name-verb-noun.js");
+const c010 = require("./c010-limit-block-nesting.js");
+const c013 = require("./c013-no-dead-code.js");
+const c014 = require("./c014-abstract-dependency-preferred.js");
+const c017 = require("./c017-limit-constructor-logic.js");
+const c018 = require("./c018-no-generic-throw.js");
+const c023 = require("./c023-no-duplicate-variable-name-in-scope.js");
+const c041 = require("./c041-no-config-inline.js");
+const c027 = require("./c027-limit-function-nesting.js");
+const c029 = require("./c029-catch-block-logging.js");
+const c030 = require("./c030-use-custom-error-classes.js");
+const c034 = require("./c034-no-implicit-return.js");
+const c035 = require("./c035-no-empty-catch.js");
+const c042 = require("./c042-boolean-name-prefix.js");
+const c043 = require("./c043-no-console-or-print.js");
+const c047 = require("./c047-no-duplicate-retry-logic.js");
+const c048 = require("./c048-no-var-declaration.js");
+const t011 = require("./t011-no-real-time-dependency.js");
+const c076 = require("./c076-one-assert-per-test.js");
+const t002 = require("./t002-interface-prefix-i.js");
+const t003 = require("./t003-ts-ignore-reason.js");
+const t004 = require("./t004-interface-public-only.js");
+const t019 = require("./t019-no-empty-type.js");
+const t007 = require("./t007-no-fn-in-constructor.js");
+const t025 = require("./t025-no-nested-union-tuple.js");
+const t026 = require("./t026-limit-nested-generics.js");
+
+// Security rules
+const s003 = require("./s003-no-unvalidated-redirect.js");
+const s005 = require("./s005-no-origin-auth.js");
+const s006 = require("./s006-activation-recovery-secret-not-plaintext.js");
+const s008 = require("./s008-crypto-agility.js");
+const s009 = require("./s009-no-insecure-crypto.js");
+const s010 = require("./s010-no-insecure-random-in-sensitive-context.js");
+const s011 = require("./s011-no-insecure-uuid.js");
+const s012 = require("./s012-hardcode-secret.js");
+const s014 = require("./s014-insecure-tls-version.js");
+const s015 = require("./s015-insecure-tls-certificate.js");
+const s016 = require("./s016-sensitive-query-parameter.js");
+const s017 = require("./s017-no-sql-injection.js");
+const s018 = require("./s018-positive-input-validation.js");
+const s019 = require("./s019-no-raw-user-input-in-email.js");
+const s020 = require("./s020-no-eval-dynamic-execution.js");
+const s022 = require("./s022-output-encoding.js");
+const s023 = require("./s023-no-json-injection.js");
+const s025 = require("./s025-server-side-input-validation.js");
+const s026 = require("./s026-json-schema-validation.js");
+const s027 = require("./s027-no-hardcoded-secrets.js");
+const s029 = require("./s029-require-csrf-protection.js");
+const s030 = require("./s030-no-directory-browsing.js");
+const s033 = require("./s033-require-samesite-cookie.js");
+const s034 = require("./s034-require-host-cookie-prefix.js");
+const s035 = require("./s035-cookie-specific-path.js");
+const s036 = require("./s036-no-unsafe-file-include.js");
+const s037 = require("./s037-require-anti-cache-headers.js");
+const s038 = require("./s038-no-version-disclosure.js");
+const s039 = require("./s039-no-session-token-in-url.js");
+const s041 = require("./s041-require-session-invalidate-on-logout.js");
+const s042 = require("./s042-require-periodic-reauthentication.js");
+const s043 = require("./s043-terminate-sessions-on-password-change.js");
+const s044 = require("./s044-require-full-session-for-sensitive-operations.js");
+const s045 = require("./s045-anti-automation-controls.js");
+const s046 = require("./s046-secure-notification-on-auth-change.js");
+const s047 = require("./s047-secure-random-passwords.js");
+const s048 = require("./s048-password-credential-recovery.js");
+const s050 = require("./s050-session-token-weak-hash.js");
+const s052 = require("./s052-secure-random-authentication-code.js");
+const s054 = require("./s054-verification-default-account.js");
+const s055 = require("./s055-verification-rest-check-the-incoming-content-type.js");
+const s057 = require("./s057-utc-logging.js");
+const s058 = require("./s058-no-ssrf.js");
+
+module.exports = {
+  rules: {
+    "c002": c002,
+    "c003": c003,
+    "c006": c006,
+    "c010": c010,
+    "c013": c013,
+    "c014": c014,
+    "c017": c017,
+    "c018": c018,
+    "c030": c030,
+    "c035": c035,
+    "c023": c023,
+    "c027": c027,
+    "c029": c029,
+    "c034": c034,
+    "c041": c041,
+    "c042": c042,
+    "c043": c043,
+    "c047": c047,
+    "c048": c048,
+    "c076": c076,
+    "t002": t002,
+    "t003": t003,
+    "t019": t019,
+    "t004": t004,
+    "t007": t007,
+    "t025": t025,
+    "t011": t011,
+    "t026": t026,
+    // Security rules
+    "typescript_s003": s003,
+    "typescript_s005": s005,
+    "typescript_s006": s006,
+    "typescript_s008": s008,
+    "typescript_s009": s009,
+    "typescript_s010": s010,
+    "typescript_s011": s011,
+    "typescript_s012": s012,
+    "typescript_s014": s014,
+    "typescript_s015": s015,
+    "typescript_s016": s016,
+    "typescript_s017": s017,
+    "typescript_s018": s018,
+    "typescript_s019": s019,
+    "typescript_s020": s020,
+    "typescript_s022": s022,
+    "typescript_s023": s023,
+    "typescript_s025": s025,
+    "typescript_s026": s026,
+    "typescript_s027": s027,
+    "typescript_s029": s029,
+    "typescript_s030": s030,
+    "typescript_s033": s033,
+    "typescript_s034": s034,
+    "typescript_s035": s035,
+    "typescript_s036": s036,
+    "typescript_s037": s037,
+    "typescript_s038": s038,
+    "typescript_s039": s039,
+    "typescript_s041": s041,
+    "typescript_s042": s042,
+    "typescript_s043": s043,
+    "typescript_s044": s044,
+    "typescript_s045": s045,
+    "typescript_s046": s046,
+    "typescript_s047": s047,
+    "typescript_s048": s048,
+    "typescript_s050": s050,
+    "typescript_s052": s052,
+    "typescript_s054": s054,
+    "typescript_s055": s055,
+    "typescript_s057": s057,
+    "typescript_s058": s058
+  }
+};

package/eslint-integration/eslint-plugin-custom/package.json

@@ -0,0 +1,13 @@
+{
+  "name": "eslint-plugin-custom",
+  "version": "1.0.0",
+  "description": "Custom ESLint rules for Sun Lint security and quality checks",
+  "main": "index.js",
+  "type": "commonjs",
+  "engines": {
+    "node": ">=14.0.0"
+  },
+  "keywords": ["eslint", "security", "coding-standards"],
+  "author": "Sun* Engineering",
+  "license": "MIT"
+}

package/eslint-integration/eslint-plugin-custom/package.json.bak

@@ -0,0 +1,9 @@
+{
+  "name": "eslint-plugin-custom-security",
+  "version": "1.0.0",
+  "description": "Custom ESLint security rules for SunLint",
+  "main": "index.js",
+  "keywords": ["eslint", "security", "sunlint"],
+  "author": "Sun* Engineering Team",
+  "license": "MIT"
+}