@sun-asterisk/sunlint 1.2.1 → 1.3.0

package/rules/common/C047_no_duplicate_retry_logic/symbol-config.json

@@ -0,0 +1,71 @@
+{
+  "knownRetryFunctions": [
+    "axios.get",
+    "axios.post", 
+    "axios.put",
+    "axios.delete",
+    "axios.patch",
+    "axios.request",
+    "axios.head",
+    "axios.options",
+    
+    "useQuery",
+    "useMutation", 
+    "useInfiniteQuery",
+    "queryClient.fetchQuery",
+    "queryClient.prefetchQuery",
+    
+    "apolloClient.query",
+    "apolloClient.mutate", 
+    "apolloClient.watchQuery",
+    "useLazyQuery",
+    
+    "apiService.get",
+    "apiService.post",
+    "apiService.put", 
+    "apiService.delete",
+    "apiService.patch",
+    "httpClient.get",
+    "httpClient.post",
+    "httpClient.request",
+    
+    "retryAsync",
+    "withRetry", 
+    "retry",
+    "p-retry",
+    "exponentialBackoff",
+    "retryPromise",
+    
+    "fetch",
+    "fetch-retry",
+    "node-fetch",
+    "got",
+    "superagent", 
+    "request-promise"
+  ],
+  
+  "layerPatterns": {
+    "ui": ["component", "view", "page", "modal", "form", "screen", "widget", "/ui/", "/components/"],
+    "usecase": ["usecase", "use-case", "usecases", "service", "business", "/usecases/", "/services/"],
+    "repository": ["repository", "repo", "dao", "store", "persistence", "/repositories/", "/data/"],
+    "api": ["api", "client", "adapter", "gateway", "connector", "/api/", "/clients/", "/gateways/"]
+  },
+  
+  "retryDetectionPatterns": {
+    "exceptionRetry": {
+      "description": "Detect retry logic in try-catch blocks",
+      "enabled": true
+    },
+    "emptyDataRetry": {
+      "description": "Detect retry logic when data is empty/null",
+      "enabled": true
+    },
+    "knownRetryConflict": {
+      "description": "Detect manual retry conflicting with built-in retry",
+      "enabled": true
+    }
+  },
+  
+  "_description": "Configuration for Symbol-Based Analysis of retry functions using ts-morph",
+  "_usage": "Add functions that have built-in retry mechanisms to avoid false positives"
+}

package/rules/common/C075_explicit_return_types/analyzer.js

@@ -0,0 +1,103 @@
+/**
+ * C075 Rule: Functions must have explicit return type declarations
+ * Ensures type safety by requiring explicit return type annotations
+ * Severity: warning
+ * Category: Quality
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+class C075ExplicitReturnTypesAnalyzer {
+  constructor() {
+    this.ruleId = 'C075';
+    this.ruleName = 'Explicit Function Return Types';
+    this.description = 'Functions must have explicit return type declarations';
+    this.severity = 'warning';
+  }
+
+  async analyze(files, language, config) {
+    const violations = [];
+
+    for (const filePath of files) {
+      try {
+        const fileContent = fs.readFileSync(filePath, 'utf8');
+        const fileViolations = await this.analyzeFile(filePath, fileContent, language, config);
+        violations.push(...fileViolations);
+      } catch (error) {
+        console.warn(`C075 analysis error for ${filePath}:`, error.message);
+      }
+    }
+
+    return violations;
+  }
+
+  async analyzeFile(filePath, fileContent, language, config) {
+    const violations = [];
+    
+    try {
+      // Skip non-TypeScript files
+      if (!this.isTypeScriptFile(filePath)) {
+        return violations;
+      }
+
+      // Simple regex-based analysis for now
+      const lines = fileContent.split('\n');
+      
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        const lineNumber = i + 1;
+        
+        // Look for function declarations without return types
+        const functionPatterns = [
+          /^(\s*)(function\s+\w+\s*\([^)]*\))\s*\{/,  // function name() {
+          /^(\s*)(export\s+function\s+\w+\s*\([^)]*\))\s*\{/, // export function name() {
+          /^(\s*)(\w+\s*=\s*function\s*\([^)]*\))\s*\{/, // name = function() {
+          /^(\s*)(\w+\s*=\s*\([^)]*\)\s*=>\s*)\{/, // name = () => {
+          /^(\s*)(\w+\([^)]*\))\s*\{/, // method() {
+        ];
+
+        for (const pattern of functionPatterns) {
+          const match = line.match(pattern);
+          if (match) {
+            const fullMatch = match[2];
+            
+            // Skip if already has return type annotation
+            if (fullMatch.includes('):') || line.includes('):')) {
+              continue;
+            }
+
+            // Skip constructors
+            if (fullMatch.includes('constructor')) {
+              continue;
+            }
+
+            violations.push({
+              ruleId: this.ruleId,
+              severity: this.severity,
+              message: `Function is missing explicit return type annotation`,
+              filePath: filePath,
+              line: lineNumber,
+              column: match[1].length + 1,
+              source: line.trim(),
+              suggestion: 'Add explicit return type annotation (: ReturnType)'
+            });
+          }
+        }
+      }
+
+    } catch (error) {
+      console.warn(`C075 analysis error for ${filePath}:`, error.message);
+    }
+
+    return violations;
+  }
+
+  isTypeScriptFile(filePath) {
+    return /\.(ts|tsx)$/.test(filePath);
+  }
+}
+
+module.exports = C075ExplicitReturnTypesAnalyzer;
+
+module.exports = C075ExplicitReturnTypesAnalyzer;

package/rules/common/C076_single_test_behavior/analyzer.js

@@ -0,0 +1,121 @@
+/**
+ * C076 Rule: Each test should assert only one behavior
+ * Ensures test focus and maintainability by limiting assertions per test
+ * Severity: warning  
+ * Category: Quality
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+class C076SingleTestBehaviorAnalyzer {
+  constructor() {
+    this.ruleId = 'C076';
+    this.ruleName = 'Single Test Behavior';
+    this.description = 'Each test should assert only one behavior';
+    this.severity = 'warning';
+    this.maxAssertions = 1;
+  }
+
+  async analyze(files, language, config) {
+    const violations = [];
+
+    for (const filePath of files) {
+      try {
+        const fileContent = fs.readFileSync(filePath, 'utf8');
+        const fileViolations = await this.analyzeFile(filePath, fileContent, language, config);
+        violations.push(...fileViolations);
+      } catch (error) {
+        console.warn(`C076 analysis error for ${filePath}:`, error.message);
+      }
+    }
+
+    return violations;
+  }
+
+  async analyzeFile(filePath, fileContent, language, config) {
+    const violations = [];
+    
+    try {
+      // Skip non-test files
+      if (!this.isTestFile(filePath)) {
+        return violations;
+      }
+
+      const lines = fileContent.split('\n');
+      let inTestBlock = false;
+      let testStartLine = 0;
+      let testName = '';
+      let braceLevel = 0;
+      let expectCount = 0;
+
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        const lineNumber = i + 1;
+
+        // Check for test function start
+        const testMatch = line.match(/^\s*(?:it|test)\s*\(\s*['"`]([^'"`]+)['"`]\s*,\s*(?:async\s+)?\(.*\)\s*=>\s*\{|^\s*(?:it|test)\s*\(\s*['"`]([^'"`]+)['"`]\s*,\s*(?:async\s+)?function/);
+        if (testMatch) {
+          inTestBlock = true;
+          testStartLine = lineNumber;
+          testName = testMatch[1] || testMatch[2] || 'unnamed test';
+          braceLevel = 1;
+          expectCount = 0;
+          continue;
+        }
+
+        if (inTestBlock) {
+          // Count braces to track test scope
+          const openBraces = (line.match(/\{/g) || []).length;
+          const closeBraces = (line.match(/\}/g) || []).length;
+          braceLevel = braceLevel + openBraces - closeBraces;
+
+          // Count expect/assert statements
+          const expectMatches = line.match(/\b(?:expect|assert|should)\s*\(/g);
+          if (expectMatches) {
+            expectCount += expectMatches.length;
+          }
+
+          // Check if test block ended
+          if (braceLevel <= 0) {
+            inTestBlock = false;
+            
+            // Report violation if too many expectations
+            if (expectCount > this.maxAssertions) {
+              violations.push({
+                ruleId: this.ruleId,
+                severity: this.severity,
+                message: `Test '${testName}' has ${expectCount} assertions. Each test should focus on one behavior (max ${this.maxAssertions} assertions)`,
+                filePath: filePath,
+                line: testStartLine,
+                column: 1,
+                source: lines[testStartLine - 1]?.trim() || '',
+                suggestion: 'Consider splitting into separate test cases'
+              });
+            }
+          }
+        }
+      }
+
+    } catch (error) {
+      console.warn(`C076 analysis error for ${filePath}:`, error.message);
+    }
+
+    return violations;
+  }
+
+  isTestFile(filePath) {
+    const testPatterns = [
+      /\.test\.(js|ts|jsx|tsx)$/,
+      /\.spec\.(js|ts|jsx|tsx)$/,
+      /\/__tests__\//,
+      /\/tests?\//,
+      /\.e2e\./,
+      /\.integration\./
+    ];
+    
+    return testPatterns.some(pattern => pattern.test(filePath));
+  }
+}
+
+module.exports = C076SingleTestBehaviorAnalyzer;

package/rules/docs/C002_no_duplicate_code.md

@@ -0,0 +1,57 @@
+# C002_no_duplicate_code - CODING Rule
+
+## 📋 Overview
+
+**Rule ID**: `C002_no_duplicate_code`  
+**Category**: coding  
+**Severity**: Error  
+**Status**: pending
+
+## 🎯 Description
+
+TODO: Add rule description after migration from ESLint.
+
+
+## 🔄 Migration Info
+
+**ESLint Rule**: `c002-no-duplicate-code`  
+**Compatibility**: partial  
+**Priority**: medium
+
+
+## ✅ Valid Code Examples
+
+```javascript
+// TODO: Add valid code examples
+```
+
+## ❌ Invalid Code Examples
+
+```javascript  
+// TODO: Add invalid code examples that should trigger violations
+```
+
+## ⚙️ Configuration
+
+```json
+{
+  "rules": {
+    "C002_no_duplicate_code": "error"
+  }
+}
+```
+
+## 🧪 Testing
+
+```bash
+# Run rule-specific tests
+npm test -- c002_no_duplicate_code
+
+# Test with SunLint CLI
+sunlint --rules=C002_no_duplicate_code --input=examples/
+```
+
+---
+
+**Migration Status**: pending  
+**Last Updated**: 2025-07-21

package/rules/docs/C031_validation_separation.md

@@ -0,0 +1,72 @@
+# Rule C031 - Validation Logic Separation
+
+## Description
+Logic kiểm tra dữ liệu (validate) phải nằm riêng biệt khỏi business logic.
+
+## Rationale
+Tách biệt validation logic giúp:
+- Code dễ đọc và maintain
+- Validation có thể reuse
+- Testing dễ dàng hơn
+- Tuân thủ Single Responsibility Principle
+
+## Examples
+
+### ❌ Bad - Validation mixed with business logic
+```javascript
+function processOrder(order) {
+    // Validation mixed with business logic
+    if (!order.customerId) {
+        throw new Error('Customer ID is required');
+    }
+    if (!order.items || order.items.length === 0) {
+        throw new Error('Order must have items');
+    }
+    if (order.total < 0) {
+        throw new Error('Total cannot be negative');
+    }
+    
+    // Business logic
+    const discount = calculateDiscount(order);
+    const tax = calculateTax(order);
+    return processPayment(order, discount, tax);
+}
+```
+
+### ✅ Good - Separate validation
+```javascript
+function validateOrder(order) {
+    if (!order.customerId) {
+        throw new Error('Customer ID is required');
+    }
+    if (!order.items || order.items.length === 0) {
+        throw new Error('Order must have items');
+    }
+    if (order.total < 0) {
+        throw new Error('Total cannot be negative');
+    }
+}
+
+function processOrder(order) {
+    validateOrder(order);
+    
+    // Pure business logic
+    const discount = calculateDiscount(order);
+    const tax = calculateTax(order);
+    return processPayment(order, discount, tax);
+}
+```
+
+## Configuration
+```json
+{
+    "C031": {
+        "enabled": true,
+        "severity": "warning",
+        "options": {
+            "maxValidationStatementsInFunction": 3,
+            "requireSeparateValidationFunction": true
+        }
+    }
+}
+```

package/rules/index.js

@@ -0,0 +1,162 @@
+/**
+ * SunLint Heuristic Rules Registry
+ * Central reconst securityRules = {
+  S015: require('./security/S015_insecure_tls_certificate/analyzer'),
+  S023: require('./security/S023_no_json_injection/analyzer'),stry for all heuristic rules organized by category
+ */
+
+const path = require('path');
+
+/**
+ * Load rule analyzer from category folder
+ * @param {string} category - Rule category (common, security, typescript)
+ * @param {string} ruleId - Rule ID (e.g., C006_function_naming)
+ * @returns {Object} Rule analyzer module
+ */
+function loadRule(category, ruleId) {
+    try {
+        // Special case for C047: Use semantic analyzer by default
+        if (ruleId === 'C047_no_duplicate_retry_logic') {
+            const semanticPath = path.join(__dirname, category, ruleId, 'c047-semantic-rule.js');
+            console.log(`🔬 Loading C047 semantic analyzer: ${semanticPath}`);
+            return require(semanticPath);
+        }
+        
+        const rulePath = path.join(__dirname, category, ruleId, 'analyzer.js');
+        return require(rulePath);
+    } catch (error) {
+        console.warn(`Failed to load rule ${category}/${ruleId}:`, error.message);
+        return null;
+    }
+}
+
+/**
+ * Load rule configuration
+ * @param {string} category - Rule category
+ * @param {string} ruleId - Rule ID
+ * @returns {Object} Rule configuration
+ */
+function loadRuleConfig(category, ruleId) {
+    try {
+        const configPath = path.join(__dirname, category, ruleId, 'config.json');
+        return require(configPath);
+    } catch (error) {
+        console.warn(`Failed to load config for ${category}/${ruleId}:`, error.message);
+        return {};
+    }
+}
+
+// 🔹 Common Rules (C-series) - General coding standards
+const commonRules = {
+    C006: loadRule('common', 'C006_function_naming'),
+    C012: loadRule('common', 'C012_command_query_separation'),
+    C013: loadRule('common', 'C013_no_dead_code'),
+    C014: loadRule('common', 'C014_dependency_injection'),
+    C019: loadRule('common', 'C019_log_level_usage'), 
+    C029: loadRule('common', 'C029_catch_block_logging'),
+    C031: loadRule('common', 'C031_validation_separation'),
+    C041: loadRule('common', 'C041_no_sensitive_hardcode'),
+    C042: loadRule('common', 'C042_boolean_name_prefix'),
+    C047: loadRule('common', 'C047_no_duplicate_retry_logic'),
+};
+
+// 🔒 Security Rules (S-series) - Ready for migration
+const securityRules = {
+    S015: loadRule('security', 'S015_insecure_tls_certificate'),
+    S023: loadRule('security', 'S023_no_json_injection'),
+    S026: loadRule('security', 'S026_json_schema_validation'),
+    S027: loadRule('security', 'S027_no_hardcoded_secrets'),
+    S029: loadRule('security', 'S029_csrf_protection'),
+    // S001: loadRule('security', 'S001_fail_securely'),
+    // S003: loadRule('security', 'S003_no_unvalidated_redirect'),
+    // S012: loadRule('security', 'S012_hardcode_secret'),
+    // ... 46 more security rules ready for migration
+};
+
+// 📘 TypeScript Rules (T-series) - Ready for migration  
+const typescriptRules = {
+    // T002: loadRule('typescript', 'T002_interface_prefix_i'),
+    // T003: loadRule('typescript', 'T003_ts_ignore_reason'),
+    // T004: loadRule('typescript', 'T004_interface_public_only'),
+    // ... 7 more TypeScript rules ready for migration
+};
+
+/**
+ * Get all available rules by category
+ * @returns {Object} Organized rules object
+ */
+function getAllRules() {
+    return {
+        common: commonRules,
+        security: securityRules,
+        typescript: typescriptRules
+    };
+}
+
+/**
+ * Get rule by ID (searches all categories)
+ * @param {string} ruleId - Rule ID (e.g., 'C006', 'S001', 'T002')
+ * @returns {Object|null} Rule analyzer or null if not found
+ */
+function getRuleById(ruleId) {
+    // Check all categories for the rule
+    if (commonRules[ruleId]) return commonRules[ruleId];
+    if (securityRules[ruleId]) return securityRules[ruleId];
+    if (typescriptRules[ruleId]) return typescriptRules[ruleId];
+    
+    return null;
+}
+
+/**
+ * Get active rule count by category
+ * @returns {Object} Rule counts
+ */
+function getRuleCounts() {
+    const counts = {
+        common: Object.keys(commonRules).filter(id => commonRules[id]).length,
+        security: Object.keys(securityRules).filter(id => securityRules[id]).length,
+        typescript: Object.keys(typescriptRules).filter(id => typescriptRules[id]).length,
+    };
+    
+    counts.total = counts.common + counts.security + counts.typescript;
+    return counts;
+}
+
+/**
+ * List all available rules with metadata
+ * @returns {Array} Array of rule information
+ */
+function listRules() {
+    const rules = [];
+    const allRules = getAllRules();
+    
+    for (const category in allRules) {
+        for (const ruleId in allRules[category]) {
+            if (allRules[category][ruleId]) {
+                const config = loadRuleConfig(category, ruleId);
+                rules.push({
+                    id: ruleId,
+                    category,
+                    name: config.name || ruleId,
+                    description: config.description || 'No description',
+                    status: 'active'
+                });
+            }
+        }
+    }
+    
+    return rules;
+}
+
+module.exports = {
+    // Main exports
+    getAllRules,
+    getRuleById,
+    getRuleCounts,
+    listRules,
+    
+    // Category exports
+    common: commonRules,
+    security: securityRules,
+    typescript: typescriptRules
+};