@sun-asterisk/sunlint 1.2.1 → 1.2.2

package/rules/common/C012_command_query_separation/ast-analyzer.js

@@ -0,0 +1,495 @@
+/**
+ * C012 AST Analyzer - Command Query Separation
+ * 
+ * Uses AST parsing to detect violations of the Command Query Separation principle:
+ * - Commands (modify state) should not return values
+ * - Queries (return data) should not have side effects
+ * - Functions that both modify state and return meaningful values violate CQS
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+class C012ASTAnalyzer {
+  constructor() {
+    this.ruleId = 'C012';
+    this.ruleName = 'Command Query Separation';
+    this.description = 'Separate commands (modify state) from queries (return data)';
+    this.severity = 'warning';
+  }
+
+  async analyze(files, language, config = {}) {
+    const violations = [];
+    
+    for (const filePath of files) {
+      try {
+        const content = fs.readFileSync(filePath, 'utf8');
+        const fileViolations = await this.analyzeFile(filePath, content, language, config);
+        violations.push(...fileViolations);
+      } catch (error) {
+        console.warn(`C012 AST analysis failed for ${filePath}:`, error.message);
+      }
+    }
+    
+    return violations;
+  }
+
+  async analyzeFile(filePath, content, language, config) {
+    const violations = [];
+    
+    try {
+      let ast;
+      
+      if (language === 'typescript' || filePath.endsWith('.ts') || filePath.endsWith('.tsx')) {
+        ast = await this.parseTypeScript(content);
+      } else if (language === 'javascript' || filePath.endsWith('.js') || filePath.endsWith('.jsx')) {
+        ast = await this.parseJavaScript(content);
+      } else {
+        // Fallback to regex analysis
+        return [];
+      }
+      
+      if (ast) {
+        this.traverseAST(ast, (node) => {
+          const violation = this.checkCQSViolation(node, content, filePath);
+          if (violation) {
+            violations.push(violation);
+          }
+        });
+      }
+    } catch (error) {
+      console.warn(`C012 AST parsing failed for ${filePath}:`, error.message);
+    }
+    
+    return violations;
+  }
+
+  async parseTypeScript(content) {
+    try {
+      const babel = require('@babel/parser');
+      return babel.parse(content, {
+        sourceType: 'module',
+        allowImportExportEverywhere: true,
+        allowReturnOutsideFunction: true,
+        plugins: [
+          'typescript',
+          'jsx',
+          'decorators-legacy',
+          'classProperties',
+          'asyncGenerators',
+          'functionBind',
+          'exportDefaultFrom',
+          'exportNamespaceFrom',
+          'dynamicImport',
+          'nullishCoalescingOperator',
+          'optionalChaining'
+        ]
+      });
+    } catch (error) {
+      return null;
+    }
+  }
+
+  async parseJavaScript(content) {
+    try {
+      const babel = require('@babel/parser');
+      return babel.parse(content, {
+        sourceType: 'module',
+        allowImportExportEverywhere: true,
+        allowReturnOutsideFunction: true,
+        plugins: [
+          'jsx',
+          'decorators-legacy',
+          'classProperties',
+          'asyncGenerators',
+          'functionBind',
+          'exportDefaultFrom',
+          'exportNamespaceFrom',
+          'dynamicImport',
+          'nullishCoalescingOperator',
+          'optionalChaining'
+        ]
+      });
+    } catch (error) {
+      return null;
+    }
+  }
+
+  traverseAST(node, callback) {
+    if (!node || typeof node !== 'object') return;
+    
+    callback(node);
+    
+    for (const key in node) {
+      if (key === 'parent' || key === 'loc' || key === 'range') continue;
+      
+      const child = node[key];
+      if (Array.isArray(child)) {
+        child.forEach(item => this.traverseAST(item, callback));
+      } else if (child && typeof child === 'object') {
+        this.traverseAST(child, callback);
+      }
+    }
+  }
+
+  checkCQSViolation(node, content, filePath) {
+    // Check function declarations, methods, and arrow functions
+    if (!this.isFunctionNode(node)) {
+      return null;
+    }
+
+    const functionName = this.getFunctionName(node);
+    if (!functionName || this.isAllowedFunction(functionName)) {
+      return null;
+    }
+
+    const hasStateModification = this.hasStateModification(node);
+    const hasReturnValue = this.hasReturnValue(node);
+
+    // CQS violation: function both modifies state AND returns meaningful value
+    if (hasStateModification && hasReturnValue) {
+      // NEW: Check if this is an acceptable pattern
+      if (this.isAcceptablePattern(node, functionName)) {
+        return null; // Allow acceptable patterns
+      }
+
+      const line = node.loc ? node.loc.start.line : 1;
+      const column = node.loc ? node.loc.start.column + 1 : 1;
+
+      return {
+        ruleId: this.ruleId,
+        file: filePath,
+        line,
+        column,
+        message: `Function '${functionName}' violates Command Query Separation: both modifies state and returns value`,
+        severity: this.severity,
+        code: this.getNodeCode(node, content),
+        type: 'cqs_violation',
+        confidence: this.calculateConfidence(hasStateModification, hasReturnValue),
+        suggestion: this.getSuggestion(functionName, hasStateModification, hasReturnValue)
+      };
+    }
+
+    return null;
+  }
+
+  isFunctionNode(node) {
+    return [
+      'FunctionDeclaration',
+      'FunctionExpression', 
+      'ArrowFunctionExpression',
+      'MethodDefinition',
+      'ObjectMethod',
+      'ClassMethod'
+    ].includes(node.type);
+  }
+
+  getFunctionName(node) {
+    if (node.key && node.key.name) {
+      return node.key.name; // Method
+    }
+    if (node.id && node.id.name) {
+      return node.id.name; // Function declaration
+    }
+    if (node.type === 'ArrowFunctionExpression' && node.parent) {
+      // Arrow function assigned to variable
+      if (node.parent.type === 'VariableDeclarator' && node.parent.id) {
+        return node.parent.id.name;
+      }
+    }
+    return 'anonymous';
+  }
+
+  isAllowedFunction(functionName) {
+    // Allowed patterns that don't violate CQS
+    const allowedPatterns = [
+      // Constructor and lifecycle
+      /^constructor$/,
+      /^componentDidMount$/,
+      /^componentWillUnmount$/,
+      /^useEffect$/,
+      
+      // Test functions
+      /^test_/,
+      /^it$/,
+      /^describe$/,
+      /^beforeEach$/,
+      /^afterEach$/,
+      
+      // Getters/setters (have special semantics)
+      /^get\w+$/,
+      /^set\w+$/,
+      
+      // Factory/builder patterns (expected to create and return)
+      /^create\w+$/,
+      /^build\w+$/,
+      /^make\w+$/,
+      /^new\w+$/,
+      
+      // Initialization (setup state and return success)
+      /^init\w+$/,
+      /^setup\w+$/,
+      /^configure\w+$/,
+      
+      // Toggle operations (modify state and return new state)
+      /^toggle\w+$/,
+      /^switch\w+$/,
+      
+      // Array operations that modify and return
+      /^push$/,
+      /^pop$/,
+      /^shift$/,
+      /^unshift$/,
+      /^splice$/,
+      
+      // Built-in operations
+      /^toString$/,
+      /^valueOf$/,
+      /^render$/
+    ];
+
+    return allowedPatterns.some(pattern => pattern.test(functionName));
+  }
+
+  hasStateModification(node) {
+    let hasModification = false;
+    
+    this.traverseAST(node.body, (innerNode) => {
+      if (hasModification) return;
+      
+      // Assignment operations
+      if (innerNode.type === 'AssignmentExpression') {
+        // Check if assigning to object property or variable
+        if (innerNode.left.type === 'MemberExpression' || 
+            innerNode.left.type === 'Identifier') {
+          hasModification = true;
+        }
+      }
+      
+      // Update expressions (++, --)
+      if (innerNode.type === 'UpdateExpression') {
+        hasModification = true;
+      }
+      
+      // Method calls that likely modify state
+      if (innerNode.type === 'CallExpression' && innerNode.callee) {
+        const callName = this.getCallName(innerNode.callee);
+        if (this.isStateModifyingCall(callName)) {
+          hasModification = true;
+        }
+      }
+      
+      // Property mutations
+      if (innerNode.type === 'MemberExpression' && 
+          innerNode.parent && 
+          innerNode.parent.type === 'AssignmentExpression' &&
+          innerNode.parent.left === innerNode) {
+        hasModification = true;
+      }
+    });
+    
+    return hasModification;
+  }
+
+  hasReturnValue(node) {
+    let hasReturn = false;
+    
+    this.traverseAST(node.body, (innerNode) => {
+      if (hasReturn) return;
+      
+      // Return statements with value
+      if (innerNode.type === 'ReturnStatement' && innerNode.argument) {
+        // Ignore simple boolean returns (success/failure indicators)
+        if (!this.isSimpleBooleanReturn(innerNode.argument)) {
+          hasReturn = true;
+        }
+      }
+      
+      // Arrow function with expression body
+      if (node.type === 'ArrowFunctionExpression' && node.body.type !== 'BlockStatement') {
+        if (!this.isSimpleBooleanReturn(node.body)) {
+          hasReturn = true;
+        }
+      }
+    });
+    
+    return hasReturn;
+  }
+
+  isSimpleBooleanReturn(argument) {
+    // Simple boolean literals
+    if (argument.type === 'BooleanLiteral' || 
+        (argument.type === 'Literal' && typeof argument.value === 'boolean')) {
+      return true;
+    }
+    
+    // Simple boolean expressions
+    if (argument.type === 'UnaryExpression' && argument.operator === '!') {
+      return true;
+    }
+    
+    // Comparison operations (often return success/failure)
+    if (argument.type === 'BinaryExpression' && 
+        ['==', '===', '!=', '!==', '<', '>', '<=', '>='].includes(argument.operator)) {
+      return true;
+    }
+    
+    return false;
+  }
+
+  getCallName(callee) {
+    if (callee.type === 'Identifier') {
+      return callee.name;
+    }
+    if (callee.type === 'MemberExpression' && callee.property) {
+      return callee.property.name;
+    }
+    return '';
+  }
+
+  isStateModifyingCall(callName) {
+    const modifyingCalls = [
+      'push', 'pop', 'shift', 'unshift', 'splice',
+      'sort', 'reverse', 'fill',
+      'set', 'delete', 'clear',
+      'add', 'remove', 'update',
+      'save', 'store', 'persist',
+      'increment', 'decrement',
+      'modify', 'change', 'alter',
+      'append', 'prepend', 'insert',
+      'setState', 'dispatch'
+    ];
+    
+    return modifyingCalls.includes(callName) ||
+           /^set[A-Z]/.test(callName) ||
+           /^update[A-Z]/.test(callName) ||
+           /^modify[A-Z]/.test(callName);
+  }
+
+  calculateConfidence(hasStateModification, hasReturnValue) {
+    let confidence = 0.7;
+    
+    // Higher confidence if both conditions are clearly present
+    if (hasStateModification && hasReturnValue) {
+      confidence = 0.9;
+    }
+    
+    return confidence;
+  }
+
+  isAcceptablePattern(node, functionName) {
+    // NEW: Practical CQS - Allow acceptable patterns per strategy
+    
+    // 1. CRUD Operations (single operation + return)
+    const crudPatterns = [
+      /^(create|insert|add|save|store)\w*$/i,
+      /^(update|modify|edit|change)\w*$/i,
+      /^(upsert|merge)\w*$/i,
+      /^(delete|remove|destroy)\w*$/i
+    ];
+    
+    if (crudPatterns.some(pattern => pattern.test(functionName))) {
+      // Check if it's a simple CRUD - single operation
+      const queryCount = this.countDatabaseOperations(node);
+      if (queryCount <= 1) {
+        return true; // Single query + return is acceptable
+      }
+    }
+    
+    // 2. Transaction-based Operations
+    if (this.isTransactionBased(node)) {
+      return true; // Multiple operations in transaction are atomic
+    }
+    
+    // 3. ORM Standard Patterns
+    const ormPatterns = [
+      /^findOrCreate\w*$/i,
+      /^findAndUpdate\w*$/i,
+      /^findAndModify\w*$/i,
+      /^saveAndReturn\w*$/i,
+      /^selectForUpdate\w*$/i
+    ];
+    
+    if (ormPatterns.some(pattern => pattern.test(functionName))) {
+      return true; // Standard ORM patterns including selectForUpdate
+    }
+    
+    // 4. Factory patterns (create and return by design)
+    const factoryPatterns = [
+      /^(build|construct|generate|produce)\w*$/i,
+      /^(transform|convert|map)\w*$/i
+    ];
+    
+    if (factoryPatterns.some(pattern => pattern.test(functionName))) {
+      return true; // Factory patterns expected to create and return
+    }
+
+    return false; // Not an acceptable pattern - flag as violation
+  }
+
+  countDatabaseOperations(node) {
+    let count = 0;
+    
+    this.traverseAST(node.body, (innerNode) => {
+      if (innerNode.type === 'CallExpression' && innerNode.callee) {
+        const callName = this.getCallName(innerNode.callee);
+        
+        // Database operation patterns
+        const dbOperations = [
+          'save', 'insert', 'create', 'update', 'delete', 'remove',
+          'find', 'findOne', 'findBy', 'query', 'execute',
+          'upsert', 'merge', 'replace'
+        ];
+        
+        if (dbOperations.some(op => callName.toLowerCase().includes(op))) {
+          count++;
+        }
+      }
+    });
+    
+    return count;
+  }
+
+  isTransactionBased(node) {
+    let isTransaction = false;
+    
+    this.traverseAST(node.body, (innerNode) => {
+      if (innerNode.type === 'CallExpression' && innerNode.callee) {
+        const callName = this.getCallName(innerNode.callee);
+        
+        // Transaction indicators
+        const transactionPatterns = [
+          'transaction', 'withTransaction', 'runInTransaction',
+          'beginTransaction', 'commit', 'rollback',
+          'manager.transaction', 'queryRunner.startTransaction'
+        ];
+        
+        if (transactionPatterns.some(pattern => 
+          callName.toLowerCase().includes(pattern.toLowerCase()))) {
+          isTransaction = true;
+        }
+      }
+    });
+    
+    return isTransaction;
+  }
+
+  getSuggestion(functionName, hasStateModification, hasReturnValue) {
+    if (hasStateModification && hasReturnValue) {
+      return `Split '${functionName}' into separate command (modify state) and query (return data) functions`;
+    }
+    return `Follow Command Query Separation principle for '${functionName}'`;
+  }
+
+  getNodeCode(node, content) {
+    if (node.loc) {
+      const lines = content.split('\n');
+      const startLine = node.loc.start.line - 1;
+      const endLine = Math.min(node.loc.end.line - 1, startLine + 2); // Limit to 3 lines
+      return lines.slice(startLine, endLine + 1).join('\n').trim();
+    }
+    return 'Unknown code';
+  }
+}
+
+module.exports = C012ASTAnalyzer;

package/rules/common/C013_no_dead_code/analyzer.js

@@ -0,0 +1,206 @@
+/**
+ * Heuristic analyzer for: C013 – Do not leave dead code
+ * Purpose: Detect unreachable code after return, throw, break, continue statements
+ */
+
+class C013Analyzer {
+  constructor() {
+    this.ruleId = 'C013';
+    this.ruleName = 'No Dead Code';
+    this.description = 'Avoid unreachable code after return, throw, break, continue statements';
+  }
+
+  async analyze(files, language, options = {}) {
+    const violations = [];
+    
+    for (const filePath of files) {
+      if (options.verbose) {
+        console.log(`🔍 Running C013 analysis on ${require('path').basename(filePath)}`);
+      }
+      
+      try {
+        const content = require('fs').readFileSync(filePath, 'utf8');
+        const fileViolations = this.analyzeFile(content, filePath);
+        violations.push(...fileViolations);
+      } catch (error) {
+        console.warn(`⚠️ Failed to analyze ${filePath}: ${error.message}`);
+      }
+    }
+    
+    return violations;
+  }
+
+  analyzeFile(content, filePath) {
+    const violations = [];
+    const lines = content.split('\n');
+    
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i].trim();
+      
+      // Skip empty lines and comments
+      if (!line || line.startsWith('//') || line.startsWith('/*') || line.startsWith('*')) {
+        continue;
+      }
+      
+      // Only look for return statements (not throw in catch blocks)
+      if (this.isSimpleReturn(line)) {
+        // Check if there are non-comment, non-empty lines after this return
+        // within the same function scope
+        const unreachableLines = this.findUnreachableCodeSimple(lines, i);
+        
+        for (const unreachableLine of unreachableLines) {
+          violations.push({
+            file: filePath,
+            line: unreachableLine + 1,
+            column: 1,
+            message: `Unreachable code detected after return statement. Remove dead code or restructure logic.`,
+            severity: 'warning',
+            ruleId: this.ruleId
+          });
+        }
+      }
+    }
+    
+    return violations;
+  }
+  
+  isSimpleReturn(line) {
+    // Only detect simple return statements that actually complete, not multiline returns
+    const cleanLine = line.replace(/;?\s*$/, '');
+    
+    return (
+      // Complete return statements with semicolon or at end of line
+      /^return\s*;?\s*$/.test(cleanLine) ||
+      /^return\s+[^{}\[\(]+;?\s*$/.test(cleanLine) ||
+      // Single-line returns with simple values  
+      /^return\s+(true|false|null|undefined|\d+|"[^"]*"|'[^']*')\s*;?\s*$/.test(cleanLine) ||
+      // Handle single-line conditional returns
+      /}\s*else\s*return\s+[^{}\[\(]+;?\s*$/.test(line) ||
+      /}\s*return\s+[^{}\[\(]+;?\s*$/.test(line)
+    );
+  }
+  
+  findUnreachableCodeSimple(lines, terminatingLineIndex) {
+    const unreachableLines = [];
+    
+    // Look for code after the return statement until we hit a closing brace or new function
+    for (let i = terminatingLineIndex + 1; i < lines.length; i++) {
+      const line = lines[i].trim();
+      
+      // Skip empty lines and comments
+      if (!line || line.startsWith('//') || line.startsWith('/*') || line.startsWith('*')) {
+        continue;
+      }
+      
+      // Stop if we hit a closing brace (end of function/block)
+      if (line === '}' || line === '};' || line.startsWith('} ')) {
+        break;
+      }
+      
+      // Stop if we hit catch/finally (these are reachable)
+      if (line.includes('catch') || line.includes('finally')) {
+        break;
+      }
+      
+      // Stop if we hit a new function or method definition
+      if (line.includes('function') || line.includes('=>') || line.match(/^\w+\s*\(/)) {
+        break;
+      }
+      
+      // This looks like unreachable code
+      if (this.isExecutableCode(line)) {
+        unreachableLines.push(i);
+      }
+    }
+    
+    return unreachableLines;
+  }
+  
+  findUnreachableCode(lines, terminatingLineIndex, content) {
+    const unreachableLines = [];
+    let braceDepth = this.getCurrentBraceDepth(lines, terminatingLineIndex, content);
+    let currentDepth = braceDepth;
+    let inTryCatchFinally = false;
+    
+    // Check if we're inside a try-catch-finally context
+    const contextBefore = lines.slice(0, terminatingLineIndex).join(' ');
+    if (contextBefore.includes('try') || contextBefore.includes('catch') || contextBefore.includes('finally')) {
+      // Need more sophisticated detection of try-catch-finally blocks
+      inTryCatchFinally = true;
+    }
+    
+    // Look for unreachable code after the terminating statement
+    for (let i = terminatingLineIndex + 1; i < lines.length; i++) {
+      const line = lines[i].trim();
+      
+      // Skip empty lines and comments
+      if (!line || line.startsWith('//') || line.startsWith('/*') || line.startsWith('*')) {
+        continue;
+      }
+      
+      // Special handling for try-catch-finally: finally blocks are always reachable
+      if (line.includes('finally') || (inTryCatchFinally && line === '}')) {
+        // Don't mark finally blocks or their closing braces as unreachable
+        if (line.includes('finally')) {
+          inTryCatchFinally = false; // Reset after seeing finally
+        }
+        continue;
+      }
+      
+      // Update brace depth
+      const openBraces = (line.match(/{/g) || []).length;
+      const closeBraces = (line.match(/}/g) || []).length;
+      currentDepth += openBraces - closeBraces;
+      
+      // If we've exited the current block scope, stop looking
+      if (currentDepth < braceDepth) {
+        break;
+      }
+      
+      // If we're still in the same block scope, this is potentially unreachable
+      if (currentDepth === braceDepth) {
+        // Check if this line contains executable code (not just closing braces)
+        if (this.isExecutableCode(line)) {
+          unreachableLines.push(i);
+        }
+      }
+    }
+    
+    return unreachableLines;
+  }
+  
+  getCurrentBraceDepth(lines, lineIndex, content) {
+    // Calculate the brace depth at the given line
+    let depth = 0;
+    const textUpToLine = lines.slice(0, lineIndex + 1).join('\n');
+    
+    for (let char of textUpToLine) {
+      if (char === '{') depth++;
+      if (char === '}') depth--;
+    }
+    
+    return depth;
+  }
+  
+  isExecutableCode(line) {
+    // Exclude lines that are just structural (closing braces, etc.)
+    if (line === '}' || line === '};' || line === '},' || line.match(/^\s*}\s*$/)) {
+      return false;
+    }
+    
+    // Exclude catch/finally blocks (they are reachable)
+    if (line.includes('catch') || line.includes('finally')) {
+      return false;
+    }
+    
+    // Exclude case/default statements (they might be reachable)
+    if (line.startsWith('case ') || line.startsWith('default:')) {
+      return false;
+    }
+    
+    // This looks like executable code
+    return true;
+  }
+}
+
+module.exports = C013Analyzer;