@sun-asterisk/sunlint 1.1.7 → 1.2.0

package/rules/common/C041_no_sensitive_hardcode/analyzer.js

@@ -1,292 +0,0 @@
-const fs = require('fs');
-const path = require('path');
-
-class C041Analyzer {
-  constructor() {
-    this.ruleId = 'C041';
-    this.ruleName = 'No Hardcoded Sensitive Information';
-    this.description = 'Không hardcode hoặc push thông tin nhạy cảm vào repo';
-  }
-
-  async analyze(files, language, options = {}) {
-    const violations = [];
-    
-    for (const filePath of files) {
-      if (options.verbose) {
-        console.log(`🔍 Running C041 analysis on ${path.basename(filePath)}`);
-      }
-      
-      try {
-        const content = fs.readFileSync(filePath, 'utf8');
-        const fileViolations = await this.analyzeFile(filePath, content, language, options);
-        violations.push(...fileViolations);
-      } catch (error) {
-        console.warn(`⚠️ Failed to analyze ${filePath}: ${error.message}`);
-      }
-    }
-    
-    return violations;
-  }
-
-  async analyzeFile(filePath, content, language, config) {
-    switch (language) {
-      case 'typescript':
-      case 'javascript':
-        return this.analyzeTypeScript(filePath, content, config);
-      default:
-        return [];
-    }
-  }
-
-  async analyzeTypeScript(filePath, content, config) {
-    const violations = [];
-    const lines = content.split('\n');
-
-    lines.forEach((line, index) => {
-      const lineNumber = index + 1;
-      const trimmedLine = line.trim();
-
-      // Skip comments and imports
-      if (this.isCommentOrImport(trimmedLine)) {
-        return;
-      }
-
-      // Find potential hardcoded sensitive values
-      const sensitiveMatches = this.findSensitiveHardcode(trimmedLine, line);
-      
-      sensitiveMatches.forEach(match => {
-        violations.push({
-          ruleId: this.ruleId,
-          file: filePath,
-          line: lineNumber,
-          column: match.column,
-          message: match.message,
-          severity: 'error',
-          code: trimmedLine,
-          type: match.type,
-          confidence: match.confidence,
-          suggestion: match.suggestion
-        });
-      });
-    });
-
-    return violations;
-  }
-
-  isCommentOrImport(line) {
-    const trimmed = line.trim();
-    return trimmed.startsWith('//') || 
-           trimmed.startsWith('/*') || 
-           trimmed.startsWith('*') ||
-           trimmed.startsWith('import ') ||
-           trimmed.startsWith('export ');
-  }
-
-  findSensitiveHardcode(line, originalLine) {
-    const matches = [];
-    
-    // Skip template literals with variables - they are dynamic, not hardcoded
-    if (line.includes('${') || line.includes('`')) {
-      return matches;
-    }
-    
-    // Skip if line is clearly configuration, type definition, or UI-related
-    if (this.isConfigOrUIContext(line)) {
-      return matches;
-    }
-    
-    // Look for suspicious patterns with better context awareness
-    const patterns = [
-      {
-        name: 'suspicious_password_variable',
-        regex: /(const|let|var)\s+\w*[Pp]ass[Ww]ord\w*\s*=\s*['"`]([^'"`]{4,})['"`]/g,
-        severity: 'error',
-        message: 'Potential hardcoded password in variable assignment',
-        suggestion: 'Move sensitive values to environment variables or secure config files'
-      },
-      {
-        name: 'suspicious_secret_variable',
-        regex: /(const|let|var)\s+\w*[Ss]ecret\w*\s*=\s*['"`]([^'"`]{6,})['"`]/g,
-        severity: 'error',
-        message: 'Potential hardcoded secret in variable assignment',
-        suggestion: 'Use environment variables for secrets'
-      },
-      {
-        name: 'suspicious_short_password',
-        regex: /(const|let|var)\s+(?!use)\w*([Pp]ass|[Dd]b[Pp]ass|[Aa]dmin)(?!word[A-Z])\w*\s*=\s*['"`]([^'"`]{4,})['"`]/g,
-        severity: 'error',
-        message: 'Potential hardcoded password or admin credential',
-        suggestion: 'Use environment variables for credentials'
-      },
-      {
-        name: 'api_key',
-        regex: /(const|let|var)\s+\w*[Aa]pi[Kk]ey\w*\s*=\s*['"`]([^'"`]{10,})['"`]/g,
-        severity: 'error',
-        message: 'Potential hardcoded API key detected',
-        suggestion: 'Use environment variables for API keys'
-      },
-      {
-        name: 'auth_token',
-        regex: /(const|let|var)\s+\w*[Tt]oken\w*\s*=\s*['"`]([^'"`]{16,})['"`]/g,
-        severity: 'error', 
-        message: 'Potential hardcoded authentication token detected',
-        suggestion: 'Store tokens in secure storage, not in source code'
-      },
-      {
-        name: 'database_url',
-        regex: /['"`](mongodb|mysql|postgres|redis):\/\/[^'"`]+['"`]/gi,
-        severity: 'error',
-        message: 'Hardcoded database connection string detected',
-        suggestion: 'Use environment variables for database connections'
-      },
-      {
-        name: 'suspicious_url',
-        regex: /['"`]https?:\/\/(?!localhost|127\.0\.0\.1|example\.com|test\.com|www\.w3\.org|www\.google\.com|googleapis\.com)[^'"`]{20,}['"`]/gi,
-        severity: 'warning',
-        message: 'Hardcoded external URL detected (consider configuration)',
-        suggestion: 'Consider moving URLs to configuration files'
-      }
-    ];
-
-    // Additional context-aware checks
-    patterns.forEach(pattern => {
-      let match;
-      while ((match = pattern.regex.exec(line)) !== null) {
-        // Skip false positives
-        if (this.isFalsePositive(line, match[0], pattern.name)) {
-          continue;
-        }
-
-        matches.push({
-          type: pattern.name,
-          column: match.index + 1,
-          message: pattern.message,
-          confidence: this.calculateConfidence(line, match[0], pattern.name),
-          suggestion: pattern.suggestion
-        });
-      }
-    });
-
-    return matches;
-  }
-
-  isConfigOrUIContext(line) {
-    const lowerLine = line.toLowerCase();
-    
-    // UI/Component contexts - likely false positives
-    const uiContexts = [
-      'inputtype', 'type:', 'type =', 'type:', 'inputtype=',
-      'routes =', 'route:', 'path:', 'routes:', 
-      'import {', 'export {', 'from ', 'import ',
-      'interface', 'type ', 'enum ',
-      'props:', 'defaultprops',
-      'schema', 'validator',
-      'hook', 'use', 'const use', 'import.*use',
-      // React/UI specific
-      'textinput', 'input ', 'field ', 'form',
-      'component', 'page', 'screen', 'modal',
-      // Route/navigation specific  
-      'navigation', 'route', 'path', 'url:', 'route:',
-      'setuppassword', 'resetpassword', 'forgotpassword',
-      'changepassword', 'confirmpassword'
-    ];
-    
-    return uiContexts.some(context => lowerLine.includes(context));
-  }
-
-  isFalsePositive(line, matchedText, patternName) {
-    const lowerLine = line.toLowerCase();
-    const lowerMatch = matchedText.toLowerCase();
-
-    // Global false positive indicators
-    const globalFalsePositives = [
-      'test', 'mock', 'example', 'demo', 'sample', 'placeholder', 'dummy', 'fake',
-      'xmlns', 'namespace', 'schema', 'w3.org', 'google.com', 'googleapis.com',
-      'error', 'message', 'missing', 'invalid', 'failed'
-    ];
-
-    // Check if the line contains any global false positive indicators
-    const hasGlobalFalsePositive = globalFalsePositives.some(pattern => 
-      lowerLine.includes(pattern) || lowerMatch.includes(pattern)
-    );
-
-    if (hasGlobalFalsePositive) {
-      return true;
-    }
-
-    // Common false positive patterns
-    const falsePositivePatterns = {
-      'suspicious_password_variable': [
-        'inputtype', 'type:', 'type =', 'activation', 'forgot_password', 'reset_password',
-        'setup_password', 'route', 'path', 'hook', 'use', 'change', 'confirm',
-        'validation', 'component', 'page', 'screen', 'textinput', 'input',
-        'trigger', 'useeffect', 'password.*trigger', 'renewpassword'
-      ],
-      'suspicious_short_password': [
-        'inputtype', 'type:', 'type =', 'activation', 'forgot_password', 'reset_password',
-        'setup_password', 'route', 'path', 'hook', 'use', 'change', 'confirm',
-        'validation', 'component', 'page', 'screen', 'textinput'
-      ],
-      'suspicious_secret_variable': [
-        'component', 'props', 'state', 'hook', 'use'
-      ],
-      'suspicious_url': [
-        'localhost', '127.0.0.1', 'example.com', 'test.com', 'placeholder',
-        'mock', 'w3.org', 'google.com', 'recaptcha', 'googleapis.com'
-      ],
-      'api_key': [
-        'test-', 'mock-', 'example-', 'demo-', 'missing', 'error', 'message'
-      ]
-    };
-
-    const patterns = falsePositivePatterns[patternName] || [];
-    
-    // Check if line contains any pattern-specific false positive indicators
-    const hasPatternFalsePositive = patterns.some(pattern => 
-      lowerLine.includes(pattern) || lowerMatch.includes(pattern)
-    );
-
-    // Special handling for password-related patterns
-    if (patternName === 'hardcoded_password') {
-      // Allow if it's clearly UI/component related
-      if (lowerLine.includes('input') || 
-          lowerLine.includes('field') || 
-          lowerLine.includes('form') ||
-          lowerLine.includes('component') ||
-          lowerLine.includes('type') ||
-          lowerLine.includes('route') ||
-          lowerLine.includes('path') ||
-          lowerMatch.includes('activation') ||
-          lowerMatch.includes('forgot_password') ||
-          lowerMatch.includes('reset_password') ||
-          lowerMatch.includes('setup_password')) {
-        return true;
-      }
-    }
-
-    return hasPatternFalsePositive;
-  }
-
-  calculateConfidence(line, match, patternName) {
-    let confidence = 0.8; // Base confidence
-    
-    // Reduce confidence for potential false positives
-    const lowerLine = line.toLowerCase();
-    
-    if (lowerLine.includes('test') || lowerLine.includes('mock') || lowerLine.includes('example')) {
-      confidence -= 0.3;
-    }
-
-    if (lowerLine.includes('const') || lowerLine.includes('let') || lowerLine.includes('var')) {
-      confidence += 0.1; // Variable assignments more likely to be hardcode
-    }
-
-    if (lowerLine.includes('type') || lowerLine.includes('component') || lowerLine.includes('props')) {
-      confidence -= 0.2; // UI-related less likely to be sensitive
-    }
-
-    return Math.max(0.3, Math.min(1.0, confidence));
-  }
-}
-
-module.exports = new C041Analyzer();

package/rules/common/C042_boolean_name_prefix/analyzer.js

@@ -1,300 +0,0 @@
-/**
- * Heuristic analyzer for: C042 – Boolean variable names should start with proper prefixes
- * Purpose: Detect boolean variables that don't follow naming conventions
- */
-
-class C042Analyzer {
-  constructor() {
-    this.ruleId = 'C042';
-    this.ruleName = 'Boolean Variable Naming';
-    this.description = 'Boolean variable names should start with is, has, should, can, will, must, may, or check';
-    
-    // User requested to add "check" prefix
-    this.booleanPrefixes = [
-      'is', 'has', 'should', 'can', 'will', 'must', 'may', 'check',
-      'are', 'were', 'was', 'could', 'might', 'shall', 'need', 'want'
-    ];
-    
-    // Common non-boolean patterns to ignore (user feedback)
-    this.ignoredPatterns = [
-      // Fallback/default patterns: var = value || fallback
-      /\w+\s*=\s*\w+\s*\|\|\s*[^|]/,
-      // Assignment patterns that are clearly not boolean
-      /\w+\s*=\s*['"`][^'"`]*['"`]/, // String assignments
-      /\w+\s*=\s*\d+/, // Number assignments
-      /\w+\s*=\s*\{/, // Object assignments
-      /\w+\s*=\s*\[/, // Array assignments
-    ];
-    
-    // Variables that commonly aren't boolean but might look like it
-    this.commonNonBooleans = [
-      'value', 'result', 'data', 'config', 'name', 'id', 'key',
-      'path', 'url', 'src', 'href', 'text', 'message', 'error',
-      'response', 'request', 'params', 'options', 'settings'
-    ];
-  }
-
-  async analyze(files, language, options = {}) {
-    const violations = [];
-    
-    for (const filePath of files) {
-      if (options.verbose) {
-        console.log(`🔍 Running C042 analysis on ${require('path').basename(filePath)}`);
-      }
-      
-      try {
-        const content = require('fs').readFileSync(filePath, 'utf8');
-        const fileViolations = this.analyzeFile(content, filePath);
-        violations.push(...fileViolations);
-      } catch (error) {
-        console.warn(`⚠️ Failed to analyze ${filePath}: ${error.message}`);
-      }
-    }
-    
-    return violations;
-  }
-
-  analyzeFile(content, filePath) {
-    const violations = [];
-    const lines = content.split('\n');
-    
-    for (let i = 0; i < lines.length; i++) {
-      const line = lines[i].trim();
-      
-      // Skip empty lines, comments, imports, and type declarations
-      if (!line || line.startsWith('//') || line.startsWith('/*') || 
-          line.startsWith('import') || line.startsWith('export') ||
-          line.startsWith('declare') || line.startsWith('*')) {
-        continue;
-      }
-      
-      const lineViolations = this.analyzeDeclaration(line, i + 1);
-      lineViolations.forEach(violation => {
-        violations.push({
-          ...violation,
-          file: filePath
-        });
-      });
-    }
-    
-    return violations;
-  }
-  
-  analyzeDeclaration(line, lineNumber) {
-    const violations = [];
-    
-    // Match variable declarations with boolean values
-    const booleanAssignments = this.findBooleanAssignments(line);
-    
-    for (const assignment of booleanAssignments) {
-      const { varName, isBooleanValue, hasPrefix, actualValue } = assignment;
-      
-      // Case 1: Variable is assigned a boolean value but doesn't have proper prefix
-      if (isBooleanValue && !hasPrefix) {
-        // Skip if this matches user feedback patterns (false positives)
-        if (this.shouldSkipBooleanVariableCheck(varName, line, actualValue)) {
-          continue;
-        }
-        
-        violations.push({
-          line: lineNumber,
-          column: line.indexOf(varName) + 1,
-          message: `Boolean variable '${varName}' should start with a descriptive prefix like 'is', 'has', 'should', 'can', or 'check'. Consider: ${this.generateSuggestions(varName).join(', ')}.`,
-          severity: 'warning',
-          ruleId: this.ruleId
-        });
-      }
-      
-      // Case 2: Variable has boolean prefix but is assigned a non-boolean value
-      else if (hasPrefix && !isBooleanValue && actualValue && this.isDefinitelyNotBoolean(actualValue)) {
-        // Only skip very basic cases for prefix misuse
-        if (varName.length <= 2) {
-          continue;
-        }
-        
-        const prefix = this.extractPrefix(varName);
-        violations.push({
-          line: lineNumber,
-          column: line.indexOf(varName) + 1,
-          message: `Variable '${varName}' uses boolean prefix '${prefix}' but is assigned a non-boolean value. Consider renaming or changing the value.`,
-          severity: 'warning',
-          ruleId: this.ruleId
-        });
-      }
-    }
-    
-    return violations;
-  }
-  
-  findBooleanAssignments(line) {
-    const assignments = [];
-    
-    // Match declaration patterns only (avoid duplicates)
-    const patterns = [
-      // let/const/var varName = value
-      /(?:let|const|var)\s+(\w+)\s*(?::\s*\w+\s*)?=\s*(.+?)(?:;|$)/g,
-    ];
-    
-    for (const pattern of patterns) {
-      let match;
-      const seenVariables = new Set(); // Avoid duplicates
-      
-      while ((match = pattern.exec(line)) !== null) {
-        const varName = match[1];
-        const value = match[2].trim();
-        
-        // Skip if already processed
-        if (seenVariables.has(varName)) {
-          continue;
-        }
-        seenVariables.add(varName);
-        
-        // Skip destructuring and complex patterns
-        if (varName.includes('[') || varName.includes('{') || value.includes('{') || value.includes('[')) {
-          continue;
-        }
-        
-        const isBooleanValue = this.isBooleanValue(value);
-        const hasPrefix = this.hasBooleanPrefix(varName);
-        
-        assignments.push({
-          varName,
-          isBooleanValue,
-          hasPrefix,
-          actualValue: value
-        });
-      }
-    }
-    
-    return assignments;
-  }
-  
-  isBooleanValue(value) {
-    const trimmedValue = value.trim();
-    
-    // Direct boolean literals
-    if (trimmedValue === 'true' || trimmedValue === 'false') {
-      return true;
-    }
-    
-    // Boolean expressions that clearly result in boolean
-    const booleanExpressions = [
-      /\w+\s*[<>!=]=/, // Comparisons
-      /\w+\s*(&&|\|\|)/, // Logical operations (but not fallback patterns)
-      /^\!\w+/, // Negation
-      /instanceof\s+/, // instanceof
-      /\.test\(/, // regex.test()
-      /\.includes\(/, // array.includes()
-      /\.hasOwnProperty\(/, // hasOwnProperty
-      /\.some\(/, // array.some()
-      /\.every\(/, // array.every()
-      /typeof\s+.*\s*===/, // typeof checks
-      /Math\.random\(\)\s*[<>]/, // Math.random() comparisons
-      /\.length\s*[<>!=]=/, // Length comparisons
-    ];
-    
-    // Exclude fallback patterns (user feedback - these are NOT boolean)
-    if (trimmedValue.includes('||')) {
-      // Check if it's a boolean expression or just a fallback
-      // If the || is followed by a non-boolean value, it's likely a fallback
-      const parts = trimmedValue.split('||');
-      if (parts.length === 2) {
-        const fallback = parts[1].trim();
-        // If fallback is clearly not boolean, this is not a boolean assignment
-        if (this.isDefinitelyNotBoolean(fallback) || /^\d+$/.test(fallback) || /^['"`]/.test(fallback)) {
-          return false;
-        }
-      }
-    }
-    
-    return booleanExpressions.some(pattern => pattern.test(trimmedValue));
-  }
-  
-  hasBooleanPrefix(varName) {
-    const lowerName = varName.toLowerCase();
-    return this.booleanPrefixes.some(prefix => 
-      lowerName.startsWith(prefix.toLowerCase()) && 
-      lowerName.length > prefix.length
-    );
-  }
-  
-  extractPrefix(varName) {
-    const lowerName = varName.toLowerCase();
-    for (const prefix of this.booleanPrefixes) {
-      if (lowerName.startsWith(prefix.toLowerCase())) {
-        return prefix;
-      }
-    }
-    return '';
-  }
-  
-  shouldSkipBooleanVariableCheck(varName, line, value) {
-    // Skip very short names  
-    if (varName.length <= 2) {
-      return true;
-    }
-    
-    // Skip common non-boolean variable names
-    if (this.commonNonBooleans.includes(varName.toLowerCase())) {
-      return true;
-    }
-    
-    // Skip user feedback patterns (fallback/default patterns)
-    if (this.ignoredPatterns.some(pattern => pattern.test(line))) {
-      return true;
-    }
-    
-    // Skip function parameters and loop variables
-    if (line.includes('function') || line.includes('for') || line.includes('=>')) {
-      return true;
-    }
-    
-    return false;
-  }
-  
-  isDefinitelyNotBoolean(value) {
-    const trimmedValue = value.trim();
-    
-    // String literals (including single quotes)
-    if (trimmedValue.match(/^['"`][^'"`]*['"`]$/)) {
-      return true;
-    }
-    
-    // Number literals
-    if (trimmedValue.match(/^\d+(\.\d+)?$/)) {
-      return true;
-    }
-    
-    // Object/array literals
-    if (trimmedValue.startsWith('{') || trimmedValue.startsWith('[')) {
-      return true;
-    }
-    
-    // null, undefined
-    if (trimmedValue === 'null' || trimmedValue === 'undefined') {
-      return true;
-    }
-    
-    // Common non-boolean patterns
-    if (trimmedValue.includes('new ') || trimmedValue.includes('function')) {
-      return true;
-    }
-    
-    return false;
-  }
-  
-  generateSuggestions(varName) {
-    const suggestions = [];
-    const baseName = varName.replace(/^(is|has|should|can|will|must|may|check)/i, '');
-    const capitalizedBase = baseName.charAt(0).toUpperCase() + baseName.slice(1);
-    
-    // Generate a few reasonable suggestions
-    suggestions.push(`is${capitalizedBase}`);
-    suggestions.push(`has${capitalizedBase}`);
-    suggestions.push(`should${capitalizedBase}`);
-    
-    return suggestions.slice(0, 3); // Limit to 3 suggestions
-  }
-}
-
-module.exports = C042Analyzer;