npm - @sun-asterisk/sunlint - Versions diffs - 1.0.6 → 1.1.3 - Mend

@sun-asterisk/sunlint 1.0.6 → 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (314) hide show

package/integrations/eslint/plugin/index.js ADDED Viewed

@@ -0,0 +1,164 @@
+/**
+ * SunLint ESLint Plugin - Organized Rules Index
+ * 🔹 22 Common Rules | 🔒 49 Security Rules | 📘 13 TypeScript Rules
+ */
+// 🔹 Common Rules (C-series) - General coding standards
+const c002 = require("./rules/common/c002-no-duplicate-code.js");
+const c003 = require("./rules/common/c003-no-vague-abbreviations.js");
+const c006 = require("./rules/common/c006-function-name-verb-noun.js");
+const c010 = require("./rules/common/c010-limit-block-nesting.js");
+const c013 = require("./rules/common/c013-no-dead-code.js");
+const c014 = require("./rules/common/c014-abstract-dependency-preferred.js");
+const c017 = require("./rules/common/c017-limit-constructor-logic.js");
+const c018 = require("./rules/common/c018-no-generic-throw.js");
+const c023 = require("./rules/common/c023-no-duplicate-variable-name-in-scope.js");
+const c041 = require("./rules/common/c041-no-config-inline.js");
+const c029 = require("./rules/common/c029-catch-block-logging.js");
+const c030 = require("./rules/common/c030-use-custom-error-classes.js");
+const c035 = require("./rules/common/c035-no-empty-catch.js");
+const c042 = require("./rules/common/c042-boolean-name-prefix.js");
+const c043 = require("./rules/common/c043-no-console-or-print.js");
+const c047 = require("./rules/common/c047-no-duplicate-retry-logic.js");
+const c072 = require("./rules/common/c072-one-assert-per-test.js");
+const c075 = require("./rules/common/c075-explicit-function-return-types.js");
+const c076 = require("./rules/common/c076-single-behavior-per-test.js");
+// 📘 TypeScript Rules (T-series)
+const t002 = require("./rules/typescript/t002-interface-prefix-i.js");
+const t003 = require("./rules/typescript/t003-ts-ignore-reason.js");
+const t004 = require("./rules/typescript/t004-no-empty-type.js");
+const t007 = require("./rules/typescript/t007-no-fn-in-constructor.js");
+const t010 = require("./rules/typescript/t010-no-nested-union-tuple.js");
+const t019 = require("./rules/typescript/t019-no-this-assign.js");
+const t020 = require("./rules/typescript/t020-no-default-multi-export.js");
+const t021 = require("./rules/typescript/t021-limit-nested-generics.js");
+// 🔒 Security Rules (S-series)
+const s001 = require("./rules/security/s001-fail-securely.js");
+const s002 = require("./rules/security/s002-idor-check.js");
+const s003 = require("./rules/security/s003-no-unvalidated-redirect.js");
+const s005 = require("./rules/security/s005-no-origin-auth.js");
+const s006 = require("./rules/security/s006-activation-recovery-secret-not-plaintext.js");
+const s007 = require("./rules/security/s007-no-plaintext-otp.js");
+const s008 = require("./rules/security/s008-crypto-agility.js");
+const s009 = require("./rules/security/s009-no-insecure-crypto.js");
+const s010 = require("./rules/security/s010-no-insecure-random-in-sensitive-context.js");
+const s011 = require("./rules/security/s011-no-insecure-uuid.js");
+const s012 = require("./rules/security/s012-hardcode-secret.js");
+const s013 = require("./rules/security/s013-verify-tls-connection.js");
+const s014 = require("./rules/security/s014-insecure-tls-version.js");
+const s015 = require("./rules/security/s015-insecure-tls-certificate.js");
+const s016 = require("./rules/security/s016-sensitive-query-parameter.js");
+const s017 = require("./rules/security/s017-no-sql-injection.js");
+const s018 = require("./rules/security/s018-positive-input-validation.js");
+const s019 = require("./rules/security/s019-no-raw-user-input-in-email.js");
+const s020 = require("./rules/security/s020-no-eval-dynamic-execution.js");
+const s022 = require("./rules/security/s022-output-encoding.js");
+const s023 = require("./rules/security/s023-no-json-injection.js");
+const s025 = require("./rules/security/s025-server-side-input-validation.js");
+const s026 = require("./rules/security/s026-json-schema-validation.js");
+const s027 = require("./rules/security/s027-no-hardcoded-secrets.js");
+const s029 = require("./rules/security/s029-require-csrf-protection.js");
+const s030 = require("./rules/security/s030-no-directory-browsing.js");
+const s033 = require("./rules/security/s033-require-samesite-cookie.js");
+const s034 = require("./rules/security/s034-require-host-cookie-prefix.js");
+const s035 = require("./rules/security/s035-cookie-specific-path.js");
+const s036 = require("./rules/security/s036-no-unsafe-file-include.js");
+const s037 = require("./rules/security/s037-require-anti-cache-headers.js");
+const s038 = require("./rules/security/s038-no-version-disclosure.js");
+const s039 = require("./rules/security/s039-no-session-token-in-url.js");
+const s041 = require("./rules/security/s041-require-session-invalidate-on-logout.js");
+const s042 = require("./rules/security/s042-require-periodic-reauthentication.js");
+const s043 = require("./rules/security/s043-terminate-sessions-on-password-change.js");
+const s044 = require("./rules/security/s044-require-full-session-for-sensitive-operations.js");
+const s045 = require("./rules/security/s045-anti-automation-controls.js");
+const s046 = require("./rules/security/s046-secure-notification-on-auth-change.js");
+const s047 = require("./rules/security/s047-secure-random-passwords.js");
+const s048 = require("./rules/security/s048-password-credential-recovery.js");
+const s050 = require("./rules/security/s050-session-token-weak-hash.js");
+const s052 = require("./rules/security/s052-secure-random-authentication-code.js");
+const s054 = require("./rules/security/s054-verification-default-account.js");
+const s055 = require("./rules/security/s055-verification-rest-check-the-incoming-content-type.js");
+const s057 = require("./rules/security/s057-utc-logging.js");
+const s058 = require("./rules/security/s058-no-ssrf.js");
+module.exports = {
+  rules: {
+    "c002": c002,
+    "c003": c003,
+    "c006": c006,
+    "c010": c010,
+    "c013": c013,
+    "c014": c014,
+    "c017": c017,
+    "c018": c018,
+    "c030": c030,
+    "c035": c035,
+    "c023": c023,
+    "c029": c029,
+    "c041": c041,
+    "c042": c042,
+    "c043": c043,
+    "c047": c047,
+    "c072": c072,
+    "c075": c075,
+    "c076": c076,
+    "t002": t002,
+    "t003": t003,
+    "t004": t004,
+    "t007": t007,
+    "t010": t010,
+    "t019": t019,
+    "t020": t020,
+    "t021": t021,
+    // Security rules
+    "typescript_s001": s001,
+    "typescript_s002": s002,
+    "typescript_s003": s003,
+    "typescript_s005": s005,
+    "typescript_s006": s006,
+    "typescript_s007": s007,
+    "typescript_s008": s008,
+    "typescript_s009": s009,
+    "typescript_s010": s010,
+    "typescript_s011": s011,
+    "typescript_s012": s012,
+    "typescript_s013": s013,
+    "typescript_s014": s014,
+    "typescript_s015": s015,
+    "typescript_s016": s016,
+    "typescript_s017": s017,
+    "typescript_s018": s018,
+    "typescript_s019": s019,
+    "typescript_s020": s020,
+    "typescript_s022": s022,
+    "typescript_s023": s023,
+    "typescript_s025": s025,
+    "typescript_s026": s026,
+    "typescript_s027": s027,
+    "typescript_s029": s029,
+    "typescript_s030": s030,
+    "typescript_s033": s033,
+    "typescript_s034": s034,
+    "typescript_s035": s035,
+    "typescript_s036": s036,
+    "typescript_s037": s037,
+    "typescript_s038": s038,
+    "typescript_s039": s039,
+    "typescript_s041": s041,
+    "typescript_s042": s042,
+    "typescript_s043": s043,
+    "typescript_s044": s044,
+    "typescript_s045": s045,
+    "typescript_s046": s046,
+    "typescript_s047": s047,
+    "typescript_s048": s048,
+    "typescript_s050": s050,
+    "typescript_s052": s052,
+    "typescript_s054": s054,
+    "typescript_s055": s055,
+    "typescript_s057": s057,
+    "typescript_s058": s058
+  }
+};

package/{eslint-integration/eslint-plugin-custom → integrations/eslint/plugin/rules/common}/c006-function-name-verb-noun.js RENAMED Viewed

@@ -56,9 +56,18 @@ const c006Rule = {
       'show', 'hide', 'display', 'render', 'draw', 'paint',
       'connect', 'disconnect', 'link', 'unlink', 'attach', 'detach',
       'enable', 'disable', 'activate', 'deactivate', 'toggle',
-      'is', 'has', 'can', 'should', 'will', 'must', 'may',
+      'is', 'has', 'can', 'should', 'will', 'must', 'may', 'does',
       'handle', 'manage', 'control', 'execute', 'run', 'invoke',
-      'reset', 'clear', 'clean', 'refresh', 'reload', 'restore'
+      'reset', 'clear', 'clean', 'refresh', 'reload', 'restore',
+      // Based on user feedback - missing important verbs
+      'count', 'reopen', 'request', 'use', 'go', 'retry', 'redirect',
+      // Event handler prefixes
+      'on',
+      // Common patterns that should be allowed as verbs
+      'process', // can be both noun and verb - when standalone should be allowed
     ]);
     const allowedPrefixes = new Set([

package/integrations/eslint/plugin/rules/common/c013-no-dead-code.js ADDED Viewed

@@ -0,0 +1,78 @@
+/**
+ * Custom ESLint rule for: C013 – Do not leave dead code commented out
+ * Rule ID: custom/c013
+ * Purpose: Prevent commented-out code from being left in the codebase to maintain cleanliness
+ */
+module.exports = {
+  meta: {
+    type: "suggestion",
+    docs: {
+      description: "Do not leave dead code commented out",
+      recommended: false
+    },
+    schema: [],
+    messages: {
+      deadCode: "Unreachable code detected after return statement. Remove dead code or restructure logic.",
+      commentedCode: "Do not leave dead code commented out. Remove it or use version control to track changes."
+    }
+  },
+  create(context) {
+    function isTerminatingStatement(stmt) {
+      return stmt.type === "ReturnStatement" ||
+             stmt.type === "ThrowStatement" ||
+             stmt.type === "ContinueStatement" ||
+             stmt.type === "BreakStatement";
+    }
+    function isExecutableStatement(stmt) {
+      // Exclude declarations and empty statements
+      return stmt.type !== "EmptyStatement" &&
+             stmt.type !== "FunctionDeclaration" &&
+             stmt.type !== "VariableDeclaration" &&
+             !stmt.type.includes("Declaration");
+    }
+    function checkBlockForUnreachableCode(node) {
+      let unreachable = false;
+      for (let i = 0; i < node.body.length; i++) {
+        const stmt = node.body[i];
+        if (unreachable && isExecutableStatement(stmt)) {
+          context.report({
+            node: stmt,
+            messageId: "deadCode"
+          });
+        }
+        if (isTerminatingStatement(stmt)) {
+          unreachable = true;
+        }
+      }
+    }
+    return {
+      // Handle unreachable code in all block statements
+      BlockStatement: checkBlockForUnreachableCode,
+      // Handle switch cases
+      SwitchCase(node) {
+        let unreachable = false;
+        for (let i = 0; i < node.consequent.length; i++) {
+          const stmt = node.consequent[i];
+          if (unreachable && isExecutableStatement(stmt)) {
+            context.report({
+              node: stmt,
+              messageId: "deadCode"
+            });
+          }
+          if (isTerminatingStatement(stmt)) {
+            unreachable = true;
+          }
+        }
+      }
+    };
+  }
+};

package/integrations/eslint/plugin/rules/common/c017-limit-constructor-logic.js ADDED Viewed

@@ -0,0 +1,146 @@
+/**
+ * Custom ESLint rule for: C017 – Limit constructor logic
+ * Rule ID: custom/c017
+ * Purpose: Enforce minimal logic in constructors to maintain clean initialization
+ */
+module.exports = {
+  meta: {
+    type: "suggestion",
+    docs: {
+      description: "Limit constructor logic",
+      recommended: false
+    },
+    schema: [],
+    messages: {
+      constructorLogic: "Constructor contains complex logic: {{description}}. Move to initialization methods",
+      tooManyStatements: "Constructor has too many statements ({{count}}). Consider simplifying or moving logic to initialization methods"
+    }
+  },
+  create(context) {
+    function isSimpleAssignment(node) {
+      // Simple property assignments like this.prop = value
+      if (node.type === "ExpressionStatement" &&
+          node.expression.type === "AssignmentExpression" &&
+          node.expression.left.type === "MemberExpression" &&
+          node.expression.left.object.type === "ThisExpression") {
+        // Check if right side is a simple value (not complex computation)
+        const right = node.expression.right;
+        return right.type === "Literal" ||
+               right.type === "Identifier" ||
+               (right.type === "MemberExpression" && right.property.name === "length") ||
+               (right.type === "CallExpression" && right.callee.type === "Identifier" &&
+                ['require', 'process'].includes(right.callee.name));
+      }
+      return false;
+    }
+    function isSimpleDeclaration(node) {
+      // Simple variable declarations
+      return node.type === "VariableDeclaration";
+    }
+    function isSuperCall(node) {
+      // super() calls
+      return node.type === "ExpressionStatement" &&
+             node.expression.type === "CallExpression" &&
+             node.expression.callee.type === "Super";
+    }
+    function isComplexLogic(node) {
+      // Complex patterns that shouldn't be in constructor
+      switch (node.type) {
+        case "IfStatement":
+        case "WhileStatement":
+        case "ForStatement":
+        case "SwitchStatement":
+        case "TryStatement":
+          return { type: "control_flow", description: "control flow statements" };
+        case "ExpressionStatement":
+          if (node.expression.type === "CallExpression") {
+            const callee = node.expression.callee;
+            // Method calls that aren't simple setters
+            if (callee.type === "MemberExpression") {
+              const methodName = callee.property.name;
+              // Allow simple MobX observable setup
+              if (methodName === "makeObservable" || methodName === "makeAutoObservable") {
+                return null;
+              }
+              // Flag complex method calls
+              if (!['push', 'set', 'add'].includes(methodName)) {
+                return { type: "method_call", description: "complex method calls" };
+              }
+            }
+            // Direct function calls (not method calls)
+            if (callee.type === "Identifier" &&
+                !['require', 'parseInt', 'parseFloat', 'Boolean', 'Number', 'String'].includes(callee.name)) {
+              return { type: "function_call", description: "function calls" };
+            }
+          }
+          // Complex assignments with computations
+          if (node.expression.type === "AssignmentExpression") {
+            const right = node.expression.right;
+            if (right.type === "BinaryExpression" ||
+                right.type === "ConditionalExpression" ||
+                (right.type === "CallExpression" &&
+                 right.callee.type === "MemberExpression" &&
+                 !['map', 'filter', 'toString', 'slice'].includes(right.callee.property.name))) {
+              return { type: "complex_assignment", description: "complex computations" };
+            }
+          }
+          break;
+      }
+      return null;
+    }
+    return {
+      MethodDefinition(node) {
+        if (node.kind === "constructor" && node.value && node.value.body) {
+          const statements = node.value.body.body;
+          let complexLogicCount = 0;
+          for (const stmt of statements) {
+            // Skip simple assignments, declarations, and super calls
+            if (isSimpleAssignment(stmt) ||
+                isSimpleDeclaration(stmt) ||
+                isSuperCall(stmt)) {
+              continue;
+            }
+            // Check for complex logic
+            const complexity = isComplexLogic(stmt);
+            if (complexity) {
+              context.report({
+                node: stmt,
+                messageId: "constructorLogic",
+                data: {
+                  description: complexity.description
+                }
+              });
+              complexLogicCount++;
+            }
+          }
+          // Also flag constructors with too many statements overall
+          if (statements.length > 10) {
+            context.report({
+              node: node,
+              messageId: "tooManyStatements",
+              data: {
+                count: statements.length
+              }
+            });
+          }
+        }
+      }
+    };
+  }
+};

package/{eslint-integration/eslint-plugin-custom → integrations/eslint/plugin/rules/common}/c029-catch-block-logging.js RENAMED Viewed

@@ -42,6 +42,41 @@ module.exports = {
             return true;
           }
+          // Check for test assertions (Jest patterns)
+          if (stmt.type === "ExpressionStatement" &&
+              stmt.expression.type === "CallExpression" &&
+              stmt.expression.callee &&
+              stmt.expression.callee.name === "expect") {
+            return true;
+          }
+          // Check for Redux thunk error handling patterns
+          if (stmt.type === "VariableDeclaration" &&
+              stmt.declarations.some(decl =>
+                decl.init &&
+                decl.init.type === "CallExpression" &&
+                decl.init.callee &&
+                decl.init.callee.name === "handleAxiosError")) {
+            return true;
+          }
+          // Check for return rejectWithValue
+          if (stmt.type === "ReturnStatement" &&
+              stmt.argument &&
+              stmt.argument.type === "CallExpression" &&
+              stmt.argument.callee &&
+              stmt.argument.callee.name === "rejectWithValue") {
+            return true;
+          }
+          // Check for dispatch calls (Redux patterns)
+          if (stmt.type === "ExpressionStatement" &&
+              stmt.expression.type === "CallExpression" &&
+              stmt.expression.callee &&
+              stmt.expression.callee.name === "dispatch") {
+            return true;
+          }
           // Check for console.log, console.error, console.warn
           if (stmt.type === "ExpressionStatement" &&
               stmt.expression.type === "CallExpression" &&

package/integrations/eslint/plugin/rules/common/c035-no-empty-catch.js ADDED Viewed

@@ -0,0 +1,162 @@
+/**
+ * Custom ESLint rule for: C035 – No empty catch blocks (without error handling or logging)
+ * Rule ID: custom/c035
+ * Purpose: Prevent silently swallowing errors in catch blocks without logging or handling them
+ * Note: Primarily intended for backend code. Frontend may handle errors through UI.
+ */
+module.exports = {
+  meta: {
+    type: "problem",
+    docs: {
+      description: "No empty catch blocks (without error handling or logging)",
+      recommended: true
+    },
+    schema: [
+      {
+        type: "object",
+        properties: {
+          allowFrontend: {
+            type: "boolean",
+            default: true
+          },
+          allowIgnoredParams: {
+            type: "boolean",
+            default: true
+          }
+        },
+        additionalProperties: false
+      }
+    ],
+    messages: {
+      emptyCatch: "Empty catch blocks are not allowed. Errors should be logged or handled explicitly.",
+      emptyCatchBackend: "Backend code must log errors in catch blocks. Consider using console.error(), logger, or proper error handling."
+    }
+  },
+  create(context) {
+    const options = context.options[0] || {};
+    const allowFrontend = options.allowFrontend !== false;
+    const allowIgnoredParams = options.allowIgnoredParams !== false;
+    function isBackendFile(filename) {
+      // Heuristics to determine if it's a backend file
+      const backendPatterns = [
+        /server/i, /backend/i, /api/i, /service/i,
+        /controller/i, /model/i, /dao/i, /repository/i,
+        /middleware/i, /route/i, /endpoint/i
+      ];
+      return backendPatterns.some(pattern => pattern.test(filename));
+    }
+    function isFrontendFile(filename) {
+      // Heuristics to determine if it's a frontend file
+      const frontendPatterns = [
+        /component/i, /page/i, /screen/i, /view/i,
+        /ui/i, /frontend/i, /client/i, /app/i,
+        /hook/i, /context/i, /store/i, /reducer/i
+      ];
+      return frontendPatterns.some(pattern => pattern.test(filename));
+    }
+    function isIntentionallyIgnored(param) {
+      if (!param || !param.name) return false;
+      const ignoredPatterns = [
+        'ignored', '_', '__', 'unused', 'ignore',
+        '_error', '_err', '_e', 'ignored_error'
+      ];
+      const paramName = param.name.toLowerCase();
+      return ignoredPatterns.some(pattern =>
+        paramName === pattern || paramName.includes('ignored')
+      );
+    }
+    function hasFrontendErrorHandling(body) {
+      // Check for common frontend error handling patterns
+      const bodyText = context.getSourceCode().getText(body);
+      const frontendPatterns = [
+        /show.*error/i, /display.*error/i, /toast/i, /alert/i,
+        /notification/i, /modal/i, /snackbar/i, /message/i,
+        /set.*error/i, /error.*state/i, /ui.*error/i
+      ];
+      return frontendPatterns.some(pattern => pattern.test(bodyText));
+    }
+    return {
+      CatchClause(node) {
+        const filename = context.getFilename();
+        const body = node.body && node.body.body;
+        const param = node.param;
+        // Allow intentionally ignored parameters
+        if (allowIgnoredParams && isIntentionallyIgnored(param)) {
+          return;
+        }
+        // Check if catch block is empty
+        if (!Array.isArray(body) || body.length === 0) {
+          const isBackend = isBackendFile(filename);
+          const isFrontend = isFrontendFile(filename);
+          // For backend files, always report
+          if (isBackend) {
+            context.report({
+              node,
+              messageId: "emptyCatchBackend"
+            });
+            return;
+          }
+          // For frontend files, be more lenient if option is set
+          if (isFrontend && allowFrontend) {
+            return; // Allow empty catch in frontend
+          }
+          // Default behavior for unclassified files
+          context.report({
+            node,
+            messageId: "emptyCatch"
+          });
+          return;
+        }
+        // Check for proper error handling in non-empty blocks
+        const hasLogging = body.some(statement => {
+          const text = context.getSourceCode().getText(statement);
+          return /console\.(error|warn|log)|logger\.|log\(|throw\s/i.test(text);
+        });
+        const isBackend = isBackendFile(filename);
+        const isFrontend = isFrontendFile(filename);
+        // Backend should have logging or re-throwing
+        if (isBackend && !hasLogging) {
+          // Check if there's at least some error handling
+          const hasAnyHandling = body.some(statement => {
+            const text = context.getSourceCode().getText(statement);
+            return /error|err|exception|fail/i.test(text);
+          });
+          if (!hasAnyHandling) {
+            context.report({
+              node,
+              messageId: "emptyCatchBackend"
+            });
+          }
+        }
+        // Frontend can handle through UI
+        if (isFrontend && allowFrontend) {
+          const hasFrontendHandling = hasFrontendErrorHandling(node.body);
+          if (hasLogging || hasFrontendHandling) {
+            return; // OK for frontend
+          }
+        }
+      }
+    };
+  }
+};