@sun-asterisk/sunlint 1.2.2 → 1.3.1

package/rules/common/C033_separate_service_repository/symbol-based-analyzer.js

@@ -0,0 +1,368 @@
+/**
+ * Symbol-based analyzer for C033 - Advanced semantic analysis
+ * Purpose: Use AST + Data Flow to detect true database access violations
+ */
+
+class C033SymbolBasedAnalyzer {
+  constructor(semanticEngine = null) {
+    this.ruleId = 'C033';
+    this.ruleName = 'Separate Service and Repository Logic (Symbol-Based)';
+    this.semanticEngine = semanticEngine;
+    this.verbose = false;
+    
+    // Known database/ORM symbols and interfaces
+    this.databaseSymbols = [
+      'Repository', 'EntityManager', 'QueryBuilder', 'Connection',
+      'PrismaClient', 'Model', 'Collection', 'Table'
+    ];
+    
+    // ORM framework patterns
+    this.ormPatterns = {
+      typeorm: ['Repository', 'EntityManager', 'QueryRunner', 'QueryBuilder'],
+      prisma: ['PrismaClient', 'PrismaService'],
+      mongoose: ['Model', 'Document', 'Schema'],
+      sequelize: ['Model', 'Sequelize', 'QueryInterface'],
+      knex: ['Knex', 'QueryBuilder']
+    };
+  }
+
+  async initialize(semanticEngine = null) {
+    if (semanticEngine) {
+      this.semanticEngine = semanticEngine;
+    }
+    this.verbose = semanticEngine?.verbose || false;
+    
+    if (this.verbose) {
+      console.log(`[DEBUG] 🔧 C033 Symbol-Based: Analyzer initialized`);
+    }
+  }
+
+  async analyze(files, language, options = {}) {
+    const violations = [];
+    
+    if (!this.semanticEngine?.project) {
+      if (this.verbose) {
+        console.warn('[C033 Symbol-Based] No semantic engine available, skipping analysis');
+      }
+      return violations;
+    }
+    
+    for (const filePath of files) {
+      try {
+        const fileViolations = await this.analyzeFileWithSymbols(filePath, options);
+        violations.push(...fileViolations);
+      } catch (error) {
+        if (this.verbose) {
+          console.warn(`[C033 Symbol-Based] Analysis failed for ${filePath}:`, error.message);
+        }
+      }
+    }
+    
+    return violations;
+  }
+
+  async analyzeFileWithSymbols(filePath, options = {}) {
+    const violations = [];
+    const sourceFile = this.semanticEngine.project.getSourceFileByFilePath(filePath);
+    
+    if (!sourceFile) {
+      return violations;
+    }
+
+    // 1. Classify file type using semantic analysis
+    const fileType = this.classifyFileSemanticType(sourceFile, filePath);
+    
+    if (fileType !== 'service') {
+      return violations; // Only analyze Service files
+    }
+
+    // 2. Analyze call expressions in Service classes
+    const classes = sourceFile.getClasses();
+    
+    for (const cls of classes) {
+      const className = cls.getName() || 'UnknownClass';
+      
+      // Skip if not a Service class
+      if (!this.isServiceClass(cls)) {
+        continue;
+      }
+      
+      const methods = cls.getMethods();
+      
+      for (const method of methods) {
+        const methodViolations = this.analyzeMethodForDatabaseCalls(
+          method, sourceFile, className, filePath
+        );
+        violations.push(...methodViolations);
+      }
+    }
+    
+    return violations;
+  }
+
+  /**
+   * Analyze method for direct database calls using symbol resolution
+   */
+  analyzeMethodForDatabaseCalls(method, sourceFile, className, filePath) {
+    const violations = [];
+    const methodName = method.getName();
+    
+    // Get all call expressions in the method
+    const callExpressions = method.getDescendantsOfKind(this.getKind('CallExpression'));
+    
+    for (const callExpr of callExpressions) {
+      const violation = this.analyzeCallExpression(callExpr, sourceFile, className, methodName, filePath);
+      if (violation) {
+        violations.push(violation);
+      }
+    }
+    
+    return violations;
+  }
+
+  /**
+   * Analyze individual call expression using symbol resolution
+   */
+  analyzeCallExpression(callExpr, sourceFile, className, methodName, filePath) {
+    const expression = callExpr.getExpression();
+    
+    // Handle property access (obj.method())
+    if (expression.getKind() === this.getKind('PropertyAccessExpression')) {
+      const propertyAccess = expression;
+      const object = propertyAccess.getExpression();
+      const property = propertyAccess.getName();
+      
+      // Get the symbol/type of the object being called
+      const objectSymbol = this.getObjectSymbol(object);
+      
+      if (this.isDatabaseOperation(objectSymbol, property)) {
+        // Check if it's going through repository (acceptable)
+        if (this.isRepositoryAccess(objectSymbol)) {
+          return null; // OK: Service -> Repository -> Database
+        }
+        
+        // Direct database access in Service (violation)
+        const lineNumber = callExpr.getStartLineNumber();
+        const columnNumber = callExpr.getStart() - sourceFile.getLineStartPos(lineNumber - 1) + 1;
+        
+        return {
+          ruleId: this.ruleId,
+          severity: 'warning',
+          message: `Service should not contain direct database calls`,
+          source: this.ruleId,
+          file: filePath,
+          line: lineNumber,
+          column: columnNumber,
+          description: `[SYMBOL-BASED] Direct database call '${property}()' on '${objectSymbol?.name || 'unknown'}' found in Service`,
+          suggestion: 'Use Repository pattern for data access',
+          category: 'architecture'
+        };
+      }
+    }
+    
+    return null;
+  }
+
+  /**
+   * Get symbol information for an object expression
+   */
+  getObjectSymbol(objectExpr) {
+    try {
+      // Try to get the symbol of the expression
+      const symbol = objectExpr.getSymbol();
+      if (symbol) {
+        return {
+          name: symbol.getName(),
+          type: this.getSymbolType(symbol),
+          isDatabase: this.isSymbolDatabase(symbol)
+        };
+      }
+      
+      // Fallback: analyze by text patterns
+      const text = objectExpr.getText();
+      return {
+        name: text,
+        type: this.inferTypeFromText(text),
+        isDatabase: this.isTextDatabase(text)
+      };
+    } catch (error) {
+      return null;
+    }
+  }
+
+  /**
+   * Check if operation is a database operation
+   */
+  isDatabaseOperation(objectSymbol, methodName) {
+    if (!objectSymbol) return false;
+    
+    // Exclude queue/job operations (Bull.js, agenda, etc.)
+    if (this.isQueueOperation(objectSymbol, methodName)) {
+      return false;
+    }
+    
+    // Known database method patterns
+    const dbMethods = [
+      'findOneBy', 'findBy', 'findAndCount', 'findMany', 'findFirst',
+      'save', 'insert', 'create', 'upsert',
+      'update', 'patch', 'merge', 'set',
+      'delete', 'remove', 'destroy',
+      'query', 'execute', 'run',
+      'createQueryBuilder', 'getRepository'
+    ];
+    
+    return objectSymbol.isDatabase && dbMethods.includes(methodName);
+  }
+
+  /**
+   * Check if this is a queue/job operation (should be excluded)
+   */
+  isQueueOperation(objectSymbol, methodName) {
+    if (!objectSymbol) return false;
+    
+    const queueMethods = [
+      'remove', 'isFailed', 'isCompleted', 'isActive', 'isWaiting', 'isDelayed',
+      'getJob', 'getJobs', 'add', 'process', 'on', 'off',
+      'retry', 'moveToCompleted', 'moveToFailed'
+    ];
+    
+    const queueTypes = ['queue', 'job', 'bull'];
+    const objectName = objectSymbol.name.toLowerCase();
+    
+    // Enhanced detection for Bull.js Job objects
+    const isQueueMethod = queueMethods.includes(methodName);
+    const isQueueObject = queueTypes.some(type => objectName.includes(type)) ||
+                          /job/i.test(objectName) || 
+                          /queue/i.test(objectName);
+    
+    if (this.verbose && (isQueueMethod || isQueueObject)) {
+      console.log(`[DEBUG] Queue Check: object="${objectName}", method="${methodName}", isQueue=${isQueueMethod && isQueueObject}`);
+    }
+    
+    return isQueueMethod && isQueueObject;
+  }
+
+  /**
+   * Check if access is through repository (acceptable)
+   */
+  isRepositoryAccess(objectSymbol) {
+    if (!objectSymbol) return false;
+    
+    const name = objectSymbol.name.toLowerCase();
+    return name.includes('repository') || name.includes('repo');
+  }
+
+  /**
+   * Check if symbol represents database object
+   */
+  isSymbolDatabase(symbol) {
+    try {
+      const type = symbol.getType();
+      const typeName = type.getSymbol()?.getName() || '';
+      
+      return this.databaseSymbols.some(dbSymbol => 
+        typeName.includes(dbSymbol)
+      );
+    } catch (error) {
+      return false;
+    }
+  }
+
+  /**
+   * Infer type from text patterns (fallback)
+   */
+  inferTypeFromText(text) {
+    const lowerText = text.toLowerCase();
+    
+    // Check for known database object patterns
+    if (/manager|connection|client|prisma/i.test(lowerText)) {
+      return 'database';
+    }
+    
+    if (/repository|repo/i.test(lowerText)) {
+      return 'repository';
+    }
+    
+    return 'unknown';
+  }
+
+  /**
+   * Check if text represents database access
+   */
+  isTextDatabase(text) {
+    const lowerText = text.toLowerCase();
+    return /manager|connection|client|prisma|entitymanager/i.test(lowerText) &&
+           !/repository|repo/i.test(lowerText);
+  }
+
+  /**
+   * Classify file type using semantic analysis
+   */
+  classifyFileSemanticType(sourceFile, filePath) {
+    const fileName = sourceFile.getBaseName().toLowerCase();
+    
+    // Check filename patterns
+    if (/service\.ts$|service\.js$/i.test(fileName)) return 'service';
+    if (/repository\.ts$|repository\.js$/i.test(fileName)) return 'repository';
+    
+    // Check class patterns
+    const classes = sourceFile.getClasses();
+    for (const cls of classes) {
+      if (this.isServiceClass(cls)) return 'service';
+      if (this.isRepositoryClass(cls)) return 'repository';
+    }
+    
+    return 'unknown';
+  }
+
+  /**
+   * Check if class is a Service class
+   */
+  isServiceClass(cls) {
+    const className = cls.getName()?.toLowerCase() || '';
+    
+    // Check class name
+    if (/service$/.test(className)) return true;
+    
+    // Check decorators
+    const decorators = cls.getDecorators();
+    return decorators.some(decorator => {
+      const decoratorName = decorator.getName().toLowerCase();
+      return decoratorName.includes('service') || decoratorName === 'injectable';
+    });
+  }
+
+  /**
+   * Check if class is a Repository class
+   */
+  isRepositoryClass(cls) {
+    const className = cls.getName()?.toLowerCase() || '';
+    return /repository$|repo$/.test(className);
+  }
+
+  /**
+   * Get TypeScript SyntaxKind
+   */
+  getKind(kindName) {
+    try {
+      const ts = require('typescript');
+      return ts.SyntaxKind[kindName];
+    } catch (error) {
+      // Fallback for ts-morph
+      return this.semanticEngine?.project?.getTypeChecker()?.compilerObject?.SyntaxKind?.[kindName] || 0;
+    }
+  }
+
+  /**
+   * Get symbol type information
+   */
+  getSymbolType(symbol) {
+    try {
+      return symbol.getType().getText();
+    } catch (error) {
+      return 'unknown';
+    }
+  }
+}
+
+module.exports = C033SymbolBasedAnalyzer;

package/rules/common/C035_error_logging_context/STRATEGY.md

@@ -0,0 +1,99 @@
+# C035 Analysis Strategy
+
+## Rule Focus: Log Content Quality in Catch Blocks
+
+### Detection Pipeline:
+
+1. **Find Catch Blocks** (Symbol-based)
+   - Use AST to detect try-catch structures
+   - Extract catch parameter name (e, error, err, etc.)
+
+2. **Locate Log Calls** (Symbol-based)
+   - Find all method calls within catch block
+   - Use symbol resolution to identify log methods:
+     - console.log, console.error, console.warn
+     - logger.log, logger.error, logger.warn, logger.info
+     - log.error, log.warn, log.info
+     - winston, bunyan, pino patterns
+
+3. **Analyze Log Content** (AST + String Analysis)
+   - Check log call arguments
+   - Detect structured vs string logging
+   - Validate required context elements
+   - Check for sensitive data exposure
+
+### Violations to Detect:
+
+#### 1. **Missing Context Information**
+```javascript
+// ❌ Bad - No context
+catch(e) {
+  logger.error(e.message);
+}
+
+// ✅ Good - Has context  
+catch(e) {
+  logger.error('User creation failed', {
+    error: e.message,
+    stack: e.stack,
+    userId: user.id,
+    requestId: req.id
+  });
+}
+```
+
+#### 2. **Non-structured Logging**
+```javascript
+// ❌ Bad - String concatenation
+catch(e) {
+  logger.error("Error: " + e.message + " User: " + userId);
+}
+
+// ✅ Good - Structured object
+catch(e) {
+  logger.error('Operation failed', {
+    error: e.message,
+    userId: userId,
+    context: 'user-service'
+  });
+}
+```
+
+#### 3. **Sensitive Data Exposure**
+```javascript
+// ❌ Bad - Exposes sensitive data
+catch(e) {
+  logger.error('Login failed', {
+    password: user.password,
+    token: authToken
+  });
+}
+
+// ✅ Good - Sensitive data masked
+catch(e) {
+  logger.error('Login failed', {
+    username: user.username,
+    password: user.password.substring(0,2) + '***',
+    requestId: req.id
+  });
+}
+```
+
+### Required Context Elements:
+- Error message/stack trace
+- Request/operation identifier (requestId, transactionId)  
+- User/entity identifier (userId, entityId)
+- Operation context (service name, method name)
+
+### Sensitive Data Patterns to Flag:
+- password, passwd, pwd
+- token, jwt, auth, secret
+- key, apikey, privatekey
+- ssn, credit, card, cvv
+- email (in some contexts)
+
+### Implementation Priority:
+1. **Phase 1**: Basic structure detection (structured vs string)
+2. **Phase 2**: Context validation (required fields)
+3. **Phase 3**: Sensitive data detection
+4. **Phase 4**: Advanced patterns (custom loggers)

package/rules/common/C035_error_logging_context/analyzer.js

@@ -0,0 +1,230 @@
+/**
+ * C035 Main Analyzer - Error Logging Context Detection
+ * Primary: Symbol-based analysis (when available)
+ * Fallback: Regex-based for all other cases
+ */
+
+const C035SymbolBasedAnalyzer = require('./symbol-based-analyzer.js');
+const C035RegexBasedAnalyzer = require('./regex-based-analyzer.js');
+
+class C035Analyzer {
+  constructor(options = {}) {
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C035] Constructor called with options:`, !!options);
+      console.log(`🔧 [C035] Options type:`, typeof options, Object.keys(options || {}));
+    }
+    
+    this.ruleId = 'C035';
+    this.ruleName = 'Error Logging Context Analysis';
+    this.description = 'Khi xử lý lỗi, phải ghi log đầy đủ thông tin liên quan - structured logging with context';
+    this.semanticEngine = options.semanticEngine || null;
+    this.verbose = options.verbose || false;
+    
+    // Configuration
+    this.config = {
+      useSymbolBased: true,      // Primary approach
+      fallbackToRegex: true,     // Only when symbol fails completely
+      symbolBasedOnly: false     // Can be set to true for pure mode
+    };
+    
+    // Initialize both analyzers
+    try {
+      this.symbolAnalyzer = new C035SymbolBasedAnalyzer(this.semanticEngine);
+      if (process.env.SUNLINT_DEBUG) {
+        console.log(`🔧 [C035] Symbol analyzer created successfully`);
+      }
+    } catch (error) {
+      console.error(`🔧 [C035] Error creating symbol analyzer:`, error);
+    }
+    
+    try {
+      this.regexAnalyzer = new C035RegexBasedAnalyzer(this.semanticEngine);
+      if (process.env.SUNLINT_DEBUG) {
+        console.log(`🔧 [C035] Regex analyzer created successfully`);
+      }
+    } catch (error) {
+      console.error(`🔧 [C035] Error creating regex analyzer:`, error);
+    }
+    
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C035] Constructor completed`);
+    }
+  }
+
+  /**
+   * Initialize with semantic engine
+   */
+  async initialize(semanticEngine = null) {
+    if (semanticEngine) {
+      this.semanticEngine = semanticEngine;
+    }
+    this.verbose = semanticEngine?.verbose || false;
+    
+    // Initialize both analyzers
+    await this.symbolAnalyzer.initialize(semanticEngine);
+    await this.regexAnalyzer.initialize(semanticEngine);
+    
+    // Ensure verbose flag is propagated
+    this.regexAnalyzer.verbose = this.verbose;
+    this.symbolAnalyzer.verbose = this.verbose;
+    
+    if (this.verbose) {
+      console.log(`🔧 [C035 Hybrid] Analyzer initialized - verbose: ${this.verbose}`);
+    }
+  }
+
+  async analyze(files, language, options = {}) {
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C035] analyze() method called with ${files.length} files, language: ${language}`);
+    }
+    
+    const violations = [];
+    
+    for (const filePath of files) {
+      try {
+        if (process.env.SUNLINT_DEBUG) {
+          console.log(`🔧 [C035] Processing file: ${filePath}`);
+        }
+        
+        const fileViolations = await this.analyzeFile(filePath, options);
+        violations.push(...fileViolations);
+        
+        if (process.env.SUNLINT_DEBUG) {
+          console.log(`🔧 [C035] File ${filePath}: Found ${fileViolations.length} violations`);
+        }
+      } catch (error) {
+        console.warn(`❌ [C035] Analysis failed for ${filePath}:`, error.message);
+      }
+    }
+    
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C035] Total violations found: ${violations.length}`);
+    }
+    
+    return violations;
+  }
+
+  async analyzeFile(filePath, options = {}) {
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C035] analyzeFile() called for: ${filePath}`);
+    }
+    
+    // 1. Try Symbol-based analysis first (primary)
+    if (this.config.useSymbolBased && 
+        this.semanticEngine?.project && 
+        this.semanticEngine?.initialized) {
+      try {
+        if (process.env.SUNLINT_DEBUG) {
+          console.log(`🔧 [C035] Trying symbol-based analysis...`);
+        }
+        const sourceFile = this.semanticEngine.project.getSourceFile(filePath);
+        if (sourceFile) {
+          if (process.env.SUNLINT_DEBUG) {
+            console.log(`🔧 [C035] Source file found, analyzing with symbol-based...`);
+          }
+          const violations = await this.symbolAnalyzer.analyzeFileWithSymbols(filePath, { ...options, verbose: options.verbose });
+          
+          // Mark violations with analysis strategy
+          violations.forEach(v => v.analysisStrategy = 'symbol-based');
+          
+          if (process.env.SUNLINT_DEBUG) {
+            console.log(`✅ [C035] Symbol-based analysis: ${violations.length} violations`);
+          }
+          return violations; // Return even if 0 violations - symbol analysis completed successfully
+        } else {
+          if (process.env.SUNLINT_DEBUG) {
+            console.log(`⚠️ [C035] Source file not found in project`);
+          }
+        }
+      } catch (error) {
+        console.warn(`⚠️ [C035] Symbol analysis failed: ${error.message}`);
+        // Continue to fallback
+      }
+    } else {
+      if (process.env.SUNLINT_DEBUG) {
+        console.log(`🔄 [C035] Symbol analysis conditions check:`);
+        console.log(`  - useSymbolBased: ${this.config.useSymbolBased}`);
+        console.log(`  - semanticEngine: ${!!this.semanticEngine}`);
+        console.log(`  - semanticEngine.project: ${!!this.semanticEngine?.project}`);
+        console.log(`  - semanticEngine.initialized: ${this.semanticEngine?.initialized}`);
+        console.log(`🔄 [C035] Symbol analysis unavailable, using regex fallback`);
+      }
+    }
+    
+    // 2. Fallback to regex-based analysis
+    if (this.config.fallbackToRegex) {
+      try {
+        if (process.env.SUNLINT_DEBUG) {
+          console.log(`🔧 [C035] Trying regex-based analysis...`);
+        }
+        const violations = await this.regexAnalyzer.analyzeFileBasic(filePath, options);
+        
+        // Mark violations with analysis strategy
+        violations.forEach(v => v.analysisStrategy = 'regex-fallback');
+        
+        if (process.env.SUNLINT_DEBUG) {
+          console.log(`🔄 [C035] Regex-based analysis: ${violations.length} violations`);
+        }
+        return violations;
+      } catch (error) {
+        console.error(`❌ [C035] Regex analysis failed: ${error.message}`);
+      }
+    }
+    
+    console.log(`🔧 [C035] No analysis methods succeeded, returning empty`);
+    return [];
+  }
+
+  async analyzeFileBasic(filePath, options = {}) {
+    console.log(`🔧 [C035] analyzeFileBasic() called for: ${filePath}`);
+    console.log(`🔧 [C035] semanticEngine exists: ${!!this.semanticEngine}`);
+    console.log(`🔧 [C035] symbolAnalyzer exists: ${!!this.symbolAnalyzer}`);
+    console.log(`🔧 [C035] regexAnalyzer exists: ${!!this.regexAnalyzer}`);
+    
+    try {
+      // Try symbol-based analysis first
+      if (this.semanticEngine?.isSymbolEngineReady?.() && 
+          this.semanticEngine.project) {
+        
+        if (this.verbose) {
+          console.log(`🔍 [C035] Using symbol-based analysis for ${filePath}`);
+        }
+        
+        const violations = await this.symbolAnalyzer.analyzeFileBasic(filePath, options);
+        return violations;
+      }
+    } catch (error) {
+      if (this.verbose) {
+        console.warn(`⚠️ [C035] Symbol analysis failed: ${error.message}`);
+      }
+    }
+    
+    // Fallback to regex-based analysis
+    if (this.verbose) {
+      console.log(`🔄 [C035] Using regex-based analysis (fallback) for ${filePath}`);
+    }
+    
+    console.log(`🔧 [C035] About to call regexAnalyzer.analyzeFileBasic()`);
+    try {
+      const result = await this.regexAnalyzer.analyzeFileBasic(filePath, options);
+      console.log(`🔧 [C035] Regex analyzer returned: ${result.length} violations`);
+      return result;
+    } catch (error) {
+      console.error(`🔧 [C035] Error in regex analyzer:`, error);
+      return [];
+    }
+  }
+
+  /**
+   * Methods for compatibility with different engine invocation patterns
+   */
+  async analyzeFileWithSymbols(filePath, options = {}) {
+    return this.analyzeFile(filePath, options);
+  }
+
+  async analyzeWithSemantics(filePath, options = {}) {
+    return this.analyzeFile(filePath, options);
+  }
+}
+
+module.exports = C035Analyzer;