@sun-asterisk/sunlint 1.2.1 → 1.2.2

package/rules/utils/pattern-matchers.js

@@ -0,0 +1,239 @@
+/**
+ * Pattern Matchers for Heuristic Rules
+ * Common pattern matching utilities for code analysis
+ */
+
+class PatternMatcher {
+    constructor() {
+        this.commonPatterns = this.loadCommonPatterns();
+    }
+
+    /**
+     * Load common patterns used across rules
+     * @returns {Object} Common patterns object
+     */
+    loadCommonPatterns() {
+        return {
+            // Function naming patterns
+            functionName: {
+                camelCase: /^[a-z][a-zA-Z0-9]*$/,
+                verbNoun: /^(get|set|is|has|can|should|will|create|update|delete|find|search|validate|process|handle|execute)[A-Z]/,
+                constructor: /^[A-Z][a-zA-Z0-9]*$/
+            },
+
+            // Variable naming patterns
+            variableName: {
+                camelCase: /^[a-z][a-zA-Z0-9]*$/,
+                constant: /^[A-Z][A-Z0-9_]*$/,
+                boolean: /^(is|has|can|should|will|did)[A-Z]/
+            },
+
+            // Log level patterns
+            logLevel: {
+                console: /console\.(log|info|warn|error|debug)/g,
+                logger: /(logger|log)\.(trace|debug|info|warn|error|fatal)/g,
+                customLogger: /\b(log|logger)\b.*\.(trace|debug|info|warn|error|fatal)/g
+            },
+
+            // Security patterns
+            security: {
+                hardcodedSecret: /(['"`])((?:password|secret|key|token|api_key|apikey)[:=]\s*[^'"`\s]+)\1/gi,
+                sqlInjection: /(query|execute)\s*\(\s*['"`][^'"`]*\+.*['"`]/g,
+                xss: /innerHTML\s*=\s*[^;]+/g
+            },
+
+            // TypeScript patterns
+            typescript: {
+                interface: /interface\s+([I]?[A-Z][a-zA-Z0-9]*)/g,
+                tsIgnore: /@ts-ignore(?!\s+.*:)/g,
+                emptyInterface: /interface\s+\w+\s*{\s*}/g
+            }
+        };
+    }
+
+    /**
+     * Find matches for a pattern in content
+     * @param {string} content - Code content
+     * @param {RegExp} pattern - Pattern to match
+     * @returns {Array} Array of matches with line/column info
+     */
+    findMatches(content, pattern) {
+        const matches = [];
+        let match;
+
+        // Ensure pattern is global
+        const globalPattern = new RegExp(pattern.source, pattern.flags.includes('g') ? pattern.flags : pattern.flags + 'g');
+
+        while ((match = globalPattern.exec(content)) !== null) {
+            const line = this.getLineNumber(content, match.index);
+            const column = match.index - this.getLineStart(content, match.index);
+
+            matches.push({
+                match: match[0],
+                groups: match.slice(1),
+                line: line,
+                column: column,
+                index: match.index,
+                lineContent: this.getLineContent(content, line)
+            });
+        }
+
+        return matches;
+    }
+
+    /**
+     * Find function naming violations
+     * @param {string} content - Code content
+     * @returns {Array} Array of violations
+     */
+    findFunctionNamingViolations(content) {
+        const violations = [];
+        const functionRegex = /(?:function\s+(\w+)|(\w+)\s*[:=]\s*(?:function|async\s+function|\([^)]*\)\s*=>))/g;
+        let match;
+
+        while ((match = functionRegex.exec(content)) !== null) {
+            const functionName = match[1] || match[2];
+            const line = this.getLineNumber(content, match.index);
+
+            // Skip if it's a constructor (starts with capital letter)
+            if (/^[A-Z]/.test(functionName)) {
+                continue;
+            }
+
+            // Check if it follows verb-noun pattern
+            if (!this.commonPatterns.functionName.verbNoun.test(functionName)) {
+                violations.push({
+                    type: 'function-naming',
+                    message: `Function name '${functionName}' should follow verb-noun pattern (e.g., getUserData, validateInput)`,
+                    line: line,
+                    column: match.index - this.getLineStart(content, match.index),
+                    functionName: functionName
+                });
+            }
+        }
+
+        return violations;
+    }
+
+    /**
+     * Find log level usage violations
+     * @param {string} content - Code content
+     * @returns {Array} Array of violations
+     */
+    findLogLevelViolations(content) {
+        const violations = [];
+        
+        // Check for console.log usage (should use appropriate log levels)
+        const consoleLogMatches = this.findMatches(content, /console\.log\s*\(/g);
+        consoleLogMatches.forEach(match => {
+            violations.push({
+                type: 'log-level',
+                message: 'Use appropriate log level instead of console.log (info, warn, error)',
+                line: match.line,
+                column: match.column,
+                suggestion: 'Replace with console.info, console.warn, or console.error'
+            });
+        });
+
+        return violations;
+    }
+
+    /**
+     * Find hardcoded secrets
+     * @param {string} content - Code content
+     * @returns {Array} Array of violations
+     */
+    findHardcodedSecrets(content) {
+        const violations = [];
+        const secretPatterns = [
+            /['"`](password|secret|key|token|api_key|apikey)['"`]\s*[:=]\s*['"`][a-zA-Z0-9+/=]{8,}['"`]/gi,
+            /(password|secret|key|token)\s*=\s*['"`][a-zA-Z0-9+/=]{8,}['"`]/gi
+        ];
+
+        secretPatterns.forEach(pattern => {
+            const matches = this.findMatches(content, pattern);
+            matches.forEach(match => {
+                violations.push({
+                    type: 'hardcoded-secret',
+                    message: 'Hardcoded secret detected. Use environment variables or secure configuration',
+                    line: match.line,
+                    column: match.column,
+                    severity: 'error'
+                });
+            });
+        });
+
+        return violations;
+    }
+
+    /**
+     * Find TypeScript interface violations
+     * @param {string} content - Code content
+     * @returns {Array} Array of violations
+     */
+    findTypeScriptInterfaceViolations(content) {
+        const violations = [];
+        
+        // Interface should start with 'I' prefix
+        const interfaceMatches = this.findMatches(content, /interface\s+([A-Z][a-zA-Z0-9]*)/g);
+        interfaceMatches.forEach(match => {
+            const interfaceName = match.groups[0];
+            if (!interfaceName.startsWith('I')) {
+                violations.push({
+                    type: 'interface-naming',
+                    message: `Interface '${interfaceName}' should start with 'I' prefix`,
+                    line: match.line,
+                    column: match.column,
+                    suggestion: `I${interfaceName}`
+                });
+            }
+        });
+
+        return violations;
+    }
+
+    /**
+     * Get line number for character index
+     */
+    getLineNumber(content, index) {
+        return content.substring(0, index).split('\n').length;
+    }
+
+    /**
+     * Get line start position
+     */
+    getLineStart(content, index) {
+        const beforeIndex = content.substring(0, index);
+        const lastNewline = beforeIndex.lastIndexOf('\n');
+        return lastNewline === -1 ? 0 : lastNewline + 1;
+    }
+
+    /**
+     * Get line content
+     */
+    getLineContent(content, lineNumber) {
+        const lines = content.split('\n');
+        return lines[lineNumber - 1] || '';
+    }
+
+    /**
+     * Create a custom pattern matcher
+     * @param {string} name - Pattern name
+     * @param {RegExp} pattern - Regular expression
+     * @param {Function} validator - Optional validator function
+     * @returns {Function} Pattern matcher function
+     */
+    createMatcher(name, pattern, validator = null) {
+        return (content) => {
+            const matches = this.findMatches(content, pattern);
+            
+            if (validator) {
+                return matches.filter(match => validator(match));
+            }
+            
+            return matches;
+        };
+    }
+}
+
+module.exports = { PatternMatcher };

package/rules/utils/rule-helpers.js

@@ -0,0 +1,264 @@
+/**
+ * Rule Helpers for Heuristic Rules
+ * Utilities for rule configuration, violation reporting, and common operations
+ */
+
+class RuleHelper {
+    constructor() {
+        this.severityLevels = ['off', 'info', 'warn', 'error'];
+        this.violationTypes = ['syntax', 'style', 'security', 'performance', 'maintainability'];
+    }
+
+    /**
+     * Create a standard violation object
+     * @param {Object} options - Violation options
+     * @returns {Object} Standardized violation object
+     */
+    createViolation(options) {
+        const {
+            ruleId,
+            message,
+            line = 1,
+            column = 0,
+            severity = 'error',
+            type = 'style',
+            suggestion = null,
+            fix = null
+        } = options;
+
+        return {
+            ruleId: ruleId,
+            message: message,
+            line: line,
+            column: column,
+            severity: this.validateSeverity(severity),
+            type: type,
+            suggestion: suggestion,
+            fix: fix,
+            timestamp: new Date().toISOString()
+        };
+    }
+
+    /**
+     * Validate severity level
+     * @param {string} severity - Severity level
+     * @returns {string} Valid severity level
+     */
+    validateSeverity(severity) {
+        return this.severityLevels.includes(severity) ? severity : 'error';
+    }
+
+    /**
+     * Load rule configuration with defaults
+     * @param {string} ruleId - Rule ID
+     * @param {Object} userConfig - User configuration
+     * @returns {Object} Merged configuration
+     */
+    loadRuleConfig(ruleId, userConfig = {}) {
+        const defaultConfig = {
+            enabled: true,
+            severity: 'error',
+            options: {},
+            patterns: {
+                include: ['**/*.js', '**/*.ts'],
+                exclude: ['**/*.test.*', '**/*.spec.*', 'node_modules/**']
+            }
+        };
+
+        return {
+            ...defaultConfig,
+            ...userConfig,
+            ruleId: ruleId,
+            patterns: {
+                ...defaultConfig.patterns,
+                ...(userConfig.patterns || {})
+            },
+            options: {
+                ...defaultConfig.options,
+                ...(userConfig.options || {})
+            }
+        };
+    }
+
+    /**
+     * Check if file should be analyzed by rule
+     * @param {string} filePath - File path
+     * @param {Object} config - Rule configuration
+     * @returns {boolean} True if file should be analyzed
+     */
+    shouldAnalyzeFile(filePath, config) {
+        const { patterns } = config;
+
+        // Check exclusions first
+        if (patterns.exclude && patterns.exclude.length > 0) {
+            for (const pattern of patterns.exclude) {
+                if (this.matchPattern(filePath, pattern)) {
+                    return false;
+                }
+            }
+        }
+
+        // Check inclusions
+        if (patterns.include && patterns.include.length > 0) {
+            for (const pattern of patterns.include) {
+                if (this.matchPattern(filePath, pattern)) {
+                    return true;
+                }
+            }
+            return false; // No include patterns matched
+        }
+
+        return true; // No specific patterns, analyze by default
+    }
+
+    /**
+     * Simple pattern matching (supports * wildcards)
+     * @param {string} filePath - File path
+     * @param {string} pattern - Pattern to match
+     * @returns {boolean} True if pattern matches
+     */
+    matchPattern(filePath, pattern) {
+        // Convert glob pattern to regex
+        const regexPattern = pattern
+            .replace(/\./g, '\\.')
+            .replace(/\*\*/g, '.*')
+            .replace(/\*/g, '[^/]*')
+            .replace(/\?/g, '.');
+
+        const regex = new RegExp(`^${regexPattern}$`, 'i');
+        return regex.test(filePath);
+    }
+
+    /**
+     * Format violation message with context
+     * @param {Object} violation - Violation object
+     * @param {string} context - Additional context
+     * @returns {string} Formatted message
+     */
+    formatViolationMessage(violation, context = '') {
+        const { ruleId, message, line, column, severity } = violation;
+        const location = `${line}:${column}`;
+        const prefix = `[${severity.toUpperCase()}] ${ruleId}`;
+        
+        let formatted = `${prefix} at ${location}: ${message}`;
+        
+        if (context) {
+            formatted += `\n  Context: ${context}`;
+        }
+
+        if (violation.suggestion) {
+            formatted += `\n  Suggestion: ${violation.suggestion}`;
+        }
+
+        return formatted;
+    }
+
+    /**
+     * Group violations by type/severity
+     * @param {Array} violations - Array of violations
+     * @returns {Object} Grouped violations
+     */
+    groupViolations(violations) {
+        const grouped = {
+            bySeverity: {},
+            byType: {},
+            byRule: {}
+        };
+
+        violations.forEach(violation => {
+            // Group by severity
+            if (!grouped.bySeverity[violation.severity]) {
+                grouped.bySeverity[violation.severity] = [];
+            }
+            grouped.bySeverity[violation.severity].push(violation);
+
+            // Group by type
+            if (!grouped.byType[violation.type]) {
+                grouped.byType[violation.type] = [];
+            }
+            grouped.byType[violation.type].push(violation);
+
+            // Group by rule
+            if (!grouped.byRule[violation.ruleId]) {
+                grouped.byRule[violation.ruleId] = [];
+            }
+            grouped.byRule[violation.ruleId].push(violation);
+        });
+
+        return grouped;
+    }
+
+    /**
+     * Generate violation statistics
+     * @param {Array} violations - Array of violations
+     * @returns {Object} Statistics object
+     */
+    generateStats(violations) {
+        const grouped = this.groupViolations(violations);
+        
+        return {
+            total: violations.length,
+            severity: {
+                error: (grouped.bySeverity.error || []).length,
+                warn: (grouped.bySeverity.warn || []).length,
+                info: (grouped.bySeverity.info || []).length
+            },
+            types: Object.keys(grouped.byType).map(type => ({
+                type,
+                count: grouped.byType[type].length
+            })),
+            rules: Object.keys(grouped.byRule).map(ruleId => ({
+                ruleId,
+                count: grouped.byRule[ruleId].length
+            })).sort((a, b) => b.count - a.count)
+        };
+    }
+
+    /**
+     * Check if rule should be skipped for file
+     * @param {string} content - File content
+     * @param {string} ruleId - Rule ID
+     * @returns {boolean} True if rule should be skipped
+     */
+    shouldSkipRule(content, ruleId) {
+        // Check for disable comments
+        const disablePatterns = [
+            `// sunlint-disable-next-line ${ruleId}`,
+            `/* sunlint-disable-next-line ${ruleId} */`,
+            `// sunlint-disable ${ruleId}`,
+            `/* sunlint-disable ${ruleId} */`
+        ];
+
+        return disablePatterns.some(pattern => content.includes(pattern));
+    }
+
+    /**
+     * Extract context around a violation
+     * @param {string} content - File content
+     * @param {number} line - Line number
+     * @param {number} contextLines - Number of context lines
+     * @returns {Object} Context information
+     */
+    extractContext(content, line, contextLines = 2) {
+        const lines = content.split('\n');
+        const startLine = Math.max(0, line - 1 - contextLines);
+        const endLine = Math.min(lines.length, line + contextLines);
+        
+        const contextText = lines.slice(startLine, endLine)
+            .map((text, index) => {
+                const lineNum = startLine + index + 1;
+                const marker = lineNum === line ? '>' : ' ';
+                return `${marker} ${lineNum.toString().padStart(3)}: ${text}`;
+            })
+            .join('\n');
+
+        return {
+            startLine: startLine + 1,
+            endLine: endLine,
+            text: contextText,
+            violationLine: lines[line - 1] || ''
+        };
+    }
+}
+
+module.exports = { RuleHelper };

package/rules/utils/severity-constants.js

@@ -0,0 +1,93 @@
+/**
+ * Centralized Severity Constants for SunLint Rules
+ * Ensures consistency across all rule implementations
+ */
+
+const SEVERITY = {
+  OFF: 'off',
+  INFO: 'info', 
+  WARNING: 'warning',
+  ERROR: 'error'
+};
+
+// Default severities by rule category
+const DEFAULT_SEVERITIES = {
+  // Quality rules - generally warnings (can be fixed incrementally)
+  QUALITY: SEVERITY.WARNING,
+  
+  // Security rules - generally errors (must be fixed)
+  SECURITY: SEVERITY.ERROR,
+  
+  // Performance rules - generally warnings
+  PERFORMANCE: SEVERITY.WARNING,
+  
+  // Maintainability rules - generally warnings
+  MAINTAINABILITY: SEVERITY.WARNING,
+  
+  // Best practices - generally warnings
+  BEST_PRACTICE: SEVERITY.WARNING,
+  
+  // Critical security - always errors
+  CRITICAL_SECURITY: SEVERITY.ERROR
+};
+
+// Specific rule overrides (if needed)
+const RULE_SEVERITY_OVERRIDES = {
+  // Security rules that should be errors
+  'S001': SEVERITY.ERROR,
+  'S002': SEVERITY.ERROR,
+  'S005': SEVERITY.ERROR,
+  'S012': SEVERITY.ERROR, // No hardcoded secrets
+  'S013': SEVERITY.ERROR, // Always use TLS
+  
+  // Quality rules that might be info for gradual adoption
+  // 'C007': SEVERITY.INFO, // Comment quality - can be relaxed initially
+  
+  // Rules that should be strict errors
+  'C043': SEVERITY.ERROR // No console.log in production
+};
+
+/**
+ * Get the appropriate severity for a rule
+ * @param {string} ruleId - The rule ID (e.g., 'C010', 'S005')
+ * @param {string} category - The rule category (quality, security, etc.)
+ * @param {string} [configOverride] - Override from configuration
+ * @returns {string} The severity level
+ */
+function getSeverity(ruleId, category, configOverride = null) {
+  // 1. Configuration override has highest priority
+  if (configOverride && Object.values(SEVERITY).includes(configOverride)) {
+    return configOverride;
+  }
+  
+  // 2. Rule-specific override
+  if (RULE_SEVERITY_OVERRIDES[ruleId]) {
+    return RULE_SEVERITY_OVERRIDES[ruleId];
+  }
+  
+  // 3. Category default
+  const categoryKey = category?.toUpperCase();
+  if (DEFAULT_SEVERITIES[categoryKey]) {
+    return DEFAULT_SEVERITIES[categoryKey];
+  }
+  
+  // 4. Fall back to warning
+  return SEVERITY.WARNING;
+}
+
+/**
+ * Validate severity value
+ * @param {string} severity - Severity to validate
+ * @returns {boolean} True if valid
+ */
+function isValidSeverity(severity) {
+  return Object.values(SEVERITY).includes(severity);
+}
+
+module.exports = {
+  SEVERITY,
+  DEFAULT_SEVERITIES,
+  RULE_SEVERITY_OVERRIDES,
+  getSeverity,
+  isValidSeverity
+};