@sun-asterisk/sunlint 1.2.1 → 1.3.0

package/rules/common/C029_catch_block_logging/analyzer.js

@@ -0,0 +1,141 @@
+/**
+ * C029 Analyzer - Smart Pipeline Integration
+ * 
+ * This analyzer forwards to the Smart Pipeline for superior accuracy and performance
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+class C029Analyzer {
+  constructor(options = {}) {
+    this.ruleId = 'C029';
+    this.ruleName = 'Enhanced Catch Block Error Logging';
+    this.description = 'Mọi catch block phải log nguyên nhân lỗi đầy đủ và bảo toàn context (Smart Pipeline 3-stage analysis)';
+    this.verbose = options.verbose || false;
+    
+    // Load Smart Pipeline as primary analyzer
+    this.smartPipeline = null;
+    
+    try {
+      this.smartPipeline = require('./analyzer-smart-pipeline.js');
+      if (this.verbose) {
+        console.log('[DEBUG] 🎯 C029: Smart Pipeline loaded (3-stage: Regex → AST → Data Flow)');
+      }
+    } catch (error) {
+      if (this.verbose) {
+        console.warn('[DEBUG] ⚠️ C029: Smart Pipeline failed, using fallback:', error.message);
+      }
+      this.smartPipeline = null;
+    }
+  }
+
+  async analyze(files, language, options = {}) {
+    // Store verbose option for this analysis
+    this.verbose = options.verbose || this.verbose || false;
+    
+    // Use Smart Pipeline as primary choice
+    if (this.smartPipeline) {
+      if (this.verbose) {
+        console.log('[DEBUG] 🎯 C029: Using Smart Pipeline (3-stage analysis)...');
+      }
+      return await this.smartPipeline.analyze(files, language, options);
+    } else {
+      if (this.verbose) {
+        console.log('[DEBUG] 🔍 C029: Using fallback regex analysis...');
+      }
+      return await this.analyzeWithRegex(files, language, options);
+    }
+  }
+
+  async analyzeWithRegex(files, language, options = {}) {
+    const violations = [];
+    
+    for (const filePath of files) {
+      if (options.verbose) {
+        console.log(`🔍 C029 Regex: Processing ${path.basename(filePath)}...`);
+      }
+      
+      try {
+        const content = fs.readFileSync(filePath, 'utf8');
+        const fileViolations = await this.analyzeFile(filePath, content, language);
+        violations.push(...fileViolations);
+      } catch (error) {
+        console.warn(`⚠️ C029: Error processing ${filePath}:`, error.message);
+      }
+    }
+    
+    return violations;
+  }
+
+  async analyzeFile(filePath, content, language) {
+    const violations = [];
+    const lines = content.split('\n');
+    
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      
+      // Simple catch block detection
+      if (line.includes('catch') && line.includes('(')) {
+        const catchBlock = this.extractCatchBlock(lines, i);
+        
+        if (this.isCatchBlockEmpty(catchBlock.content)) {
+          violations.push({
+            file: filePath,
+            line: i + 1,
+            column: line.indexOf('catch') + 1,
+            message: 'Empty catch block detected',
+            severity: 'error',
+            ruleId: this.ruleId,
+            type: 'empty_catch'
+          });
+        }
+      }
+    }
+    
+    return violations;
+  }
+
+  extractCatchBlock(lines, startIndex) {
+    const content = [];
+    let braceCount = 0;
+    let inBlock = false;
+    
+    for (let i = startIndex; i < lines.length; i++) {
+      const line = lines[i];
+      content.push(line);
+      
+      for (const char of line) {
+        if (char === '{') {
+          braceCount++;
+          inBlock = true;
+        } else if (char === '}') {
+          braceCount--;
+          if (braceCount === 0 && inBlock) {
+            return { content, endIndex: i };
+          }
+        }
+      }
+    }
+    
+    return { content, endIndex: startIndex };
+  }
+
+  isCatchBlockEmpty(content) {
+    const blockContent = content.join('\n');
+    
+    // Remove comments and whitespace
+    const cleanContent = blockContent
+      .replace(/\/\*[\s\S]*?\*\//g, '') // Remove multi-line comments
+      .replace(/\/\/.*$/gm, '') // Remove single-line comments
+      .replace(/\s+/g, ' ') // Normalize whitespace
+      .trim();
+    
+    // Check if only contains catch declaration and braces
+    const hasOnlyStructure = /^catch\s*\([^)]*\)\s*\{\s*\}$/.test(cleanContent);
+    
+    return hasOnlyStructure;
+  }
+}
+
+module.exports = C029Analyzer;

package/rules/common/C029_catch_block_logging/config.json

@@ -0,0 +1,59 @@
+{
+  "ruleId": "C029",
+  "name": "Catch Block Error Logging",
+  "description": "Mọi catch block phải log nguyên nhân lỗi đầy đủ",
+  "category": "error-handling",
+  "severity": "error",
+  "languages": ["typescript", "dart", "kotlin", "javascript"],
+  "version": "1.0.0",
+  "status": "activated",
+  "tags": ["error-handling", "logging", "debugging", "monitoring"],
+  "examples": {
+    "typescript": {
+      "violations": [
+        "try { riskyOperation(); } catch (error) { return null; }",
+        "catch (e) { /* empty */ }",
+        "catch (error) { throw new Error('Failed'); }"
+      ],
+      "valid": [
+        "catch (error) { console.error('Operation failed:', error); }",
+        "catch (e) { logger.error('Error in process:', e); }",
+        "catch (error) { console.error(error); throw error; }"
+      ]
+    },
+    "dart": {
+      "violations": [
+        "try { riskyOperation(); } catch (e) { return null; }",
+        "on Exception catch (e) { /* empty */ }"
+      ],
+      "valid": [
+        "catch (e) { print('Error: $e'); }",
+        "on Exception catch (e) { log.severe('Failed:', e); }"
+      ]
+    },
+    "kotlin": {
+      "violations": [
+        "try { riskyOperation() } catch (e: Exception) { return null }",
+        "catch (e: Exception) { /* empty */ }"
+      ],
+      "valid": [
+        "catch (e: Exception) { Log.e(TAG, 'Error:', e) }",
+        "catch (e: Exception) { logger.error('Failed', e) }"
+      ]
+    }
+  },
+  "configuration": {
+    "requiredLoggingMethods": [
+      "console.error",
+      "console.log", 
+      "logger.error",
+      "log.error",
+      "print",
+      "log.severe",
+      "Log.e",
+      "timber.e"
+    ],
+    "allowEmptyWhenRethrow": true,
+    "checkErrorParameter": true
+  }
+}

package/rules/common/C031_validation_separation/analyzer.js

@@ -0,0 +1,186 @@
+const fs = require('fs');
+const path = require('path');
+
+/**
+ * Rule C031 - Validation Logic Separation
+ * Kiểm tra logic validation có bị trộn lẫn với business logic không
+ */
+class ValidationSeparationAnalyzer {
+    constructor() {
+        this.ruleId = 'C031';
+        this.ruleName = 'Validation Logic Separation';
+        this.category = 'architecture';
+        this.severity = 'warning';
+        this.description = 'Logic kiểm tra dữ liệu (validate) phải nằm riêng biệt';
+    }
+
+    analyzeFile(filePath, options = {}) {
+        const violations = [];
+        
+        try {
+            if (!fs.existsSync(filePath)) {
+                return violations;
+            }
+
+            const content = fs.readFileSync(filePath, 'utf8');
+            const lines = content.split('\n');
+            
+            // Detect functions with mixed validation and business logic
+            const functions = this.extractFunctions(content);
+            
+            for (const func of functions) {
+                const validationCount = this.countValidationStatements(func.body);
+                const businessLogicCount = this.countBusinessLogicStatements(func.body);
+                
+                // If both validation and business logic exist in same function
+                if (validationCount > 0 && businessLogicCount > 0) {
+                    const maxValidationAllowed = options.maxValidationStatementsInFunction || 3;
+                    
+                    if (validationCount > maxValidationAllowed) {
+                        violations.push({
+                            line: func.startLine,
+                            column: 1,
+                            message: `Function '${func.name}' has ${validationCount} validation statements mixed with business logic. Consider separating validation logic.`,
+                            ruleId: this.ruleId,
+                            severity: this.severity,
+                            source: lines[func.startLine - 1]?.trim() || ''
+                        });
+                    }
+                }
+            }
+            
+        } catch (error) {
+            console.error(`Error analyzing ${filePath}:`, error.message);
+        }
+        
+        return violations;
+    }
+
+    extractFunctions(content) {
+        const functions = [];
+        const lines = content.split('\n');
+        
+        // Simple function detection patterns
+        const functionPatterns = [
+            /function\s+(\w+)\s*\(/g,
+            /const\s+(\w+)\s*=\s*\(/g,
+            /(\w+)\s*\(\s*[^)]*\s*\)\s*=>/g,
+            /(\w+)\s*:\s*function\s*\(/g
+        ];
+        
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            
+            for (const pattern of functionPatterns) {
+                const matches = line.matchAll(pattern);
+                for (const match of matches) {
+                    const functionName = match[1];
+                    const startLine = i + 1;
+                    
+                    // Extract function body (simple approach)
+                    const body = this.extractFunctionBody(lines, i);
+                    
+                    functions.push({
+                        name: functionName,
+                        startLine,
+                        body
+                    });
+                }
+            }
+        }
+        
+        return functions;
+    }
+
+    extractFunctionBody(lines, startIndex) {
+        let body = '';
+        let braceCount = 0;
+        let inFunction = false;
+        
+        for (let i = startIndex; i < lines.length; i++) {
+            const line = lines[i];
+            
+            if (line.includes('{')) {
+                braceCount += (line.match(/\{/g) || []).length;
+                inFunction = true;
+            }
+            
+            if (inFunction) {
+                body += line + '\n';
+            }
+            
+            if (line.includes('}')) {
+                braceCount -= (line.match(/\}/g) || []).length;
+                if (braceCount <= 0 && inFunction) {
+                    break;
+                }
+            }
+        }
+        
+        return body;
+    }
+
+    countValidationStatements(code) {
+        const validationPatterns = [
+            /if\s*\(\s*!.*\)\s*\{?\s*throw/g,
+            /if\s*\(.*\.\s*length\s*[<>=]\s*\d+\)/g,
+            /if\s*\(.*\s*==\s*null\s*\||\s*.*\s*==\s*undefined\)/g,
+            /if\s*\(.*\s*!\s*=\s*null\s*&&\s*.*\s*!\s*=\s*undefined\)/g,
+            /throw\s+new\s+Error\s*\(/g,
+            /assert\s*\(/g,
+            /validate\w*\s*\(/g,
+            /check\w*\s*\(/g
+        ];
+        
+        let count = 0;
+        for (const pattern of validationPatterns) {
+            const matches = code.match(pattern);
+            if (matches) {
+                count += matches.length;
+            }
+        }
+        
+        return count;
+    }
+
+    countBusinessLogicStatements(code) {
+        const businessLogicPatterns = [
+            /calculate\w*\s*\(/g,
+            /process\w*\s*\(/g,
+            /save\w*\s*\(/g,
+            /update\w*\s*\(/g,
+            /delete\w*\s*\(/g,
+            /send\w*\s*\(/g,
+            /return\s+\w+\s*\(/g,
+            /await\s+\w+\s*\(/g
+        ];
+        
+        let count = 0;
+        for (const pattern of businessLogicPatterns) {
+            const matches = code.match(pattern);
+            if (matches) {
+                count += matches.length;
+            }
+        }
+        
+        return count;
+    }
+
+    // Main analyze method expected by CLI
+    async analyze(files, language, config) {
+        const violations = [];
+        
+        for (const filePath of files) {
+            try {
+                const fileViolations = this.analyzeFile(filePath, config);
+                violations.push(...fileViolations);
+            } catch (error) {
+                console.error(`Error analyzing file ${filePath}:`, error.message);
+            }
+        }
+        
+        return violations;
+    }
+}
+
+module.exports = new ValidationSeparationAnalyzer();

package/rules/common/C041_no_sensitive_hardcode/analyzer.js

@@ -0,0 +1,292 @@
+const fs = require('fs');
+const path = require('path');
+
+class C041Analyzer {
+  constructor() {
+    this.ruleId = 'C041';
+    this.ruleName = 'No Hardcoded Sensitive Information';
+    this.description = 'Không hardcode hoặc push thông tin nhạy cảm vào repo';
+  }
+
+  async analyze(files, language, options = {}) {
+    const violations = [];
+    
+    for (const filePath of files) {
+      if (options.verbose) {
+        console.log(`🔍 Running C041 analysis on ${path.basename(filePath)}`);
+      }
+      
+      try {
+        const content = fs.readFileSync(filePath, 'utf8');
+        const fileViolations = await this.analyzeFile(filePath, content, language, options);
+        violations.push(...fileViolations);
+      } catch (error) {
+        console.warn(`⚠️ Failed to analyze ${filePath}: ${error.message}`);
+      }
+    }
+    
+    return violations;
+  }
+
+  async analyzeFile(filePath, content, language, config) {
+    switch (language) {
+      case 'typescript':
+      case 'javascript':
+        return this.analyzeTypeScript(filePath, content, config);
+      default:
+        return [];
+    }
+  }
+
+  async analyzeTypeScript(filePath, content, config) {
+    const violations = [];
+    const lines = content.split('\n');
+
+    lines.forEach((line, index) => {
+      const lineNumber = index + 1;
+      const trimmedLine = line.trim();
+
+      // Skip comments and imports
+      if (this.isCommentOrImport(trimmedLine)) {
+        return;
+      }
+
+      // Find potential hardcoded sensitive values
+      const sensitiveMatches = this.findSensitiveHardcode(trimmedLine, line);
+      
+      sensitiveMatches.forEach(match => {
+        violations.push({
+          ruleId: this.ruleId,
+          file: filePath,
+          line: lineNumber,
+          column: match.column,
+          message: match.message,
+          severity: 'error',
+          code: trimmedLine,
+          type: match.type,
+          confidence: match.confidence,
+          suggestion: match.suggestion
+        });
+      });
+    });
+
+    return violations;
+  }
+
+  isCommentOrImport(line) {
+    const trimmed = line.trim();
+    return trimmed.startsWith('//') || 
+           trimmed.startsWith('/*') || 
+           trimmed.startsWith('*') ||
+           trimmed.startsWith('import ') ||
+           trimmed.startsWith('export ');
+  }
+
+  findSensitiveHardcode(line, originalLine) {
+    const matches = [];
+    
+    // Skip template literals with variables - they are dynamic, not hardcoded
+    if (line.includes('${') || line.includes('`')) {
+      return matches;
+    }
+    
+    // Skip if line is clearly configuration, type definition, or UI-related
+    if (this.isConfigOrUIContext(line)) {
+      return matches;
+    }
+    
+    // Look for suspicious patterns with better context awareness
+    const patterns = [
+      {
+        name: 'suspicious_password_variable',
+        regex: /(const|let|var)\s+\w*[Pp]ass[Ww]ord\w*\s*=\s*['"`]([^'"`]{4,})['"`]/g,
+        severity: 'error',
+        message: 'Potential hardcoded password in variable assignment',
+        suggestion: 'Move sensitive values to environment variables or secure config files'
+      },
+      {
+        name: 'suspicious_secret_variable',
+        regex: /(const|let|var)\s+\w*[Ss]ecret\w*\s*=\s*['"`]([^'"`]{6,})['"`]/g,
+        severity: 'error',
+        message: 'Potential hardcoded secret in variable assignment',
+        suggestion: 'Use environment variables for secrets'
+      },
+      {
+        name: 'suspicious_short_password',
+        regex: /(const|let|var)\s+(?!use)\w*([Pp]ass|[Dd]b[Pp]ass|[Aa]dmin)(?!word[A-Z])\w*\s*=\s*['"`]([^'"`]{4,})['"`]/g,
+        severity: 'error',
+        message: 'Potential hardcoded password or admin credential',
+        suggestion: 'Use environment variables for credentials'
+      },
+      {
+        name: 'api_key',
+        regex: /(const|let|var)\s+\w*[Aa]pi[Kk]ey\w*\s*=\s*['"`]([^'"`]{10,})['"`]/g,
+        severity: 'error',
+        message: 'Potential hardcoded API key detected',
+        suggestion: 'Use environment variables for API keys'
+      },
+      {
+        name: 'auth_token',
+        regex: /(const|let|var)\s+\w*[Tt]oken\w*\s*=\s*['"`]([^'"`]{16,})['"`]/g,
+        severity: 'error', 
+        message: 'Potential hardcoded authentication token detected',
+        suggestion: 'Store tokens in secure storage, not in source code'
+      },
+      {
+        name: 'database_url',
+        regex: /['"`](mongodb|mysql|postgres|redis):\/\/[^'"`]+['"`]/gi,
+        severity: 'error',
+        message: 'Hardcoded database connection string detected',
+        suggestion: 'Use environment variables for database connections'
+      },
+      {
+        name: 'suspicious_url',
+        regex: /['"`]https?:\/\/(?!localhost|127\.0\.0\.1|example\.com|test\.com|www\.w3\.org|www\.google\.com|googleapis\.com)[^'"`]{20,}['"`]/gi,
+        severity: 'warning',
+        message: 'Hardcoded external URL detected (consider configuration)',
+        suggestion: 'Consider moving URLs to configuration files'
+      }
+    ];
+
+    // Additional context-aware checks
+    patterns.forEach(pattern => {
+      let match;
+      while ((match = pattern.regex.exec(line)) !== null) {
+        // Skip false positives
+        if (this.isFalsePositive(line, match[0], pattern.name)) {
+          continue;
+        }
+
+        matches.push({
+          type: pattern.name,
+          column: match.index + 1,
+          message: pattern.message,
+          confidence: this.calculateConfidence(line, match[0], pattern.name),
+          suggestion: pattern.suggestion
+        });
+      }
+    });
+
+    return matches;
+  }
+
+  isConfigOrUIContext(line) {
+    const lowerLine = line.toLowerCase();
+    
+    // UI/Component contexts - likely false positives
+    const uiContexts = [
+      'inputtype', 'type:', 'type =', 'type:', 'inputtype=',
+      'routes =', 'route:', 'path:', 'routes:', 
+      'import {', 'export {', 'from ', 'import ',
+      'interface', 'type ', 'enum ',
+      'props:', 'defaultprops',
+      'schema', 'validator',
+      'hook', 'use', 'const use', 'import.*use',
+      // React/UI specific
+      'textinput', 'input ', 'field ', 'form',
+      'component', 'page', 'screen', 'modal',
+      // Route/navigation specific  
+      'navigation', 'route', 'path', 'url:', 'route:',
+      'setuppassword', 'resetpassword', 'forgotpassword',
+      'changepassword', 'confirmpassword'
+    ];
+    
+    return uiContexts.some(context => lowerLine.includes(context));
+  }
+
+  isFalsePositive(line, matchedText, patternName) {
+    const lowerLine = line.toLowerCase();
+    const lowerMatch = matchedText.toLowerCase();
+
+    // Global false positive indicators
+    const globalFalsePositives = [
+      'test', 'mock', 'example', 'demo', 'sample', 'placeholder', 'dummy', 'fake',
+      'xmlns', 'namespace', 'schema', 'w3.org', 'google.com', 'googleapis.com',
+      'error', 'message', 'missing', 'invalid', 'failed'
+    ];
+
+    // Check if the line contains any global false positive indicators
+    const hasGlobalFalsePositive = globalFalsePositives.some(pattern => 
+      lowerLine.includes(pattern) || lowerMatch.includes(pattern)
+    );
+
+    if (hasGlobalFalsePositive) {
+      return true;
+    }
+
+    // Common false positive patterns
+    const falsePositivePatterns = {
+      'suspicious_password_variable': [
+        'inputtype', 'type:', 'type =', 'activation', 'forgot_password', 'reset_password',
+        'setup_password', 'route', 'path', 'hook', 'use', 'change', 'confirm',
+        'validation', 'component', 'page', 'screen', 'textinput', 'input',
+        'trigger', 'useeffect', 'password.*trigger', 'renewpassword'
+      ],
+      'suspicious_short_password': [
+        'inputtype', 'type:', 'type =', 'activation', 'forgot_password', 'reset_password',
+        'setup_password', 'route', 'path', 'hook', 'use', 'change', 'confirm',
+        'validation', 'component', 'page', 'screen', 'textinput'
+      ],
+      'suspicious_secret_variable': [
+        'component', 'props', 'state', 'hook', 'use'
+      ],
+      'suspicious_url': [
+        'localhost', '127.0.0.1', 'example.com', 'test.com', 'placeholder',
+        'mock', 'w3.org', 'google.com', 'recaptcha', 'googleapis.com'
+      ],
+      'api_key': [
+        'test-', 'mock-', 'example-', 'demo-', 'missing', 'error', 'message'
+      ]
+    };
+
+    const patterns = falsePositivePatterns[patternName] || [];
+    
+    // Check if line contains any pattern-specific false positive indicators
+    const hasPatternFalsePositive = patterns.some(pattern => 
+      lowerLine.includes(pattern) || lowerMatch.includes(pattern)
+    );
+
+    // Special handling for password-related patterns
+    if (patternName === 'hardcoded_password') {
+      // Allow if it's clearly UI/component related
+      if (lowerLine.includes('input') || 
+          lowerLine.includes('field') || 
+          lowerLine.includes('form') ||
+          lowerLine.includes('component') ||
+          lowerLine.includes('type') ||
+          lowerLine.includes('route') ||
+          lowerLine.includes('path') ||
+          lowerMatch.includes('activation') ||
+          lowerMatch.includes('forgot_password') ||
+          lowerMatch.includes('reset_password') ||
+          lowerMatch.includes('setup_password')) {
+        return true;
+      }
+    }
+
+    return hasPatternFalsePositive;
+  }
+
+  calculateConfidence(line, match, patternName) {
+    let confidence = 0.8; // Base confidence
+    
+    // Reduce confidence for potential false positives
+    const lowerLine = line.toLowerCase();
+    
+    if (lowerLine.includes('test') || lowerLine.includes('mock') || lowerLine.includes('example')) {
+      confidence -= 0.3;
+    }
+
+    if (lowerLine.includes('const') || lowerLine.includes('let') || lowerLine.includes('var')) {
+      confidence += 0.1; // Variable assignments more likely to be hardcode
+    }
+
+    if (lowerLine.includes('type') || lowerLine.includes('component') || lowerLine.includes('props')) {
+      confidence -= 0.2; // UI-related less likely to be sensitive
+    }
+
+    return Math.max(0.3, Math.min(1.0, confidence));
+  }
+}
+
+module.exports = new C041Analyzer();