@sun-asterisk/sunlint 1.2.2 → 1.3.1

package/rules/common/C040_centralized_validation/regex-based-analyzer.js

@@ -0,0 +1,243 @@
+/**
+ * Regex-based analyzer for: C040 - Centralized Validation Logic
+ * Purpose: Use regex patterns to detect scattered validation logic (fallback approach)
+ */
+
+class C040RegexBasedAnalyzer {
+  constructor(semanticEngine = null) {
+    this.ruleId = 'C040';
+    this.ruleName = 'Centralized Validation Logic';
+    this.description = 'Don\'t scatter validation logic across multiple classes - Move validation to dedicated validators';
+    this.semanticEngine = semanticEngine;
+    this.verbose = false;
+    
+    // Patterns for detecting validation logic
+    this.validationPatterns = [
+      // Function names (more specific - must be standalone words)
+      /\b(?:validate|check|ensure|verify|sanitize|normalize)\w*/gi,
+      /\b(?:is[A-Z][a-zA-Z]*|has[A-Z][a-zA-Z]*)\s*(?:\(|\s*:)/gi,
+      
+      // Validation frameworks
+      /(?:zod|joi|yup|ajv)\.[\w.]+/gi,
+      /(?:class-validator|validateSync|checkSchema)/gi,
+      
+      // Common validation patterns
+      /\.test\s*\(\s*[^)]*(?:email|phone|url|uuid|password)/gi,
+      /(?:email|phone|url|uuid).*\.match\s*\(/gi,
+      /typeof\s+\w+\s*[!=]==?\s*['"](?:string|number|boolean)/gi,
+      /\.length\s*[<>]=?\s*\d+/gi,
+      
+      // Error throwing patterns for validation
+      /throw\s+new\s+(?:ValidationError|BadRequest|InvalidInput|TypeError)/gi,
+      /if\s*\([^)]*(?:invalid|empty|null|undefined)\)\s*(?:throw|return.*error)/gi,
+      
+      // Schema validation patterns  
+      /\.(?:required|optional|string|number|boolean|array|object)\(\)/gi,
+      /\.(?:min|max|email|url|uuid|regex)\(\)/gi
+    ];
+    
+    // Layer detection patterns
+    this.layerPatterns = {
+      controller: /\/controllers?\/|controller\.|Controller\./i,
+      service: /\/services?\/|service\.|Service\./i,
+      repository: /\/repositories?\/|repository\.|Repository\./i,
+      validator: /\/validators?\/|validator\.|Validator\.|\/validation\//i,
+      middleware: /\/middleware\//i
+    };
+  }
+
+  async initialize(semanticEngine = null) {
+    if (semanticEngine) {
+      this.semanticEngine = semanticEngine;
+    }
+    this.verbose = semanticEngine?.verbose || false;
+    
+    if (this.verbose) {
+      console.log(`[DEBUG] 🔄 C040 Regex-Based: Analyzer initialized`);
+    }
+  }
+
+  async analyze(files, language, options = {}) {
+    const violations = [];
+    
+    for (const filePath of files) {
+      try {
+        const fileViolations = await this.analyzeFileBasic(filePath, options);
+        violations.push(...fileViolations);
+      } catch (error) {
+        if (this.verbose) {
+          console.warn(`[C040 Regex] Analysis failed for ${filePath}:`, error.message);
+        }
+      }
+    }
+    
+    return violations;
+  }
+
+  async analyzeFileBasic(filePath, options = {}) {
+    try {
+      const fs = require('fs');
+      const content = fs.readFileSync(filePath, 'utf-8');
+      const violations = [];
+      
+      const layer = this.detectLayer(filePath);
+      const validationMatches = this.findValidationPatterns(content, filePath);
+      
+      if (validationMatches.length > 0) {
+        // Check if validation logic is in wrong layer
+        if (layer === 'controller' || layer === 'service') {
+          const complexValidations = validationMatches.filter(match => 
+            this.isComplexValidation(match.pattern)
+          );
+          
+          if (complexValidations.length > 0) {
+            violations.push({
+              ruleId: this.ruleId,
+              severity: 'warning',
+              message: `Found ${complexValidations.length} validation pattern(s) in ${layer} layer. Consider moving to validators.`,
+              file: filePath,
+              line: complexValidations[0].line,
+              column: complexValidations[0].column,
+              details: {
+                layer,
+                validationCount: complexValidations.length,
+                patterns: complexValidations.map(v => v.pattern),
+                suggestion: 'Move validation logic to dedicated validator classes',
+                ruleName: this.ruleName
+              }
+            });
+          }
+        }
+        
+        // Check for potential duplicates (simple heuristic)
+        const duplicatePatterns = this.findPotentialDuplicates(validationMatches);
+        if (duplicatePatterns.length > 0) {
+          violations.push({
+            ruleId: this.ruleId,
+            severity: 'info',
+            message: `Found potentially duplicate validation patterns: ${duplicatePatterns.join(', ')}`,
+            file: filePath,
+            line: validationMatches[0].line,
+            column: validationMatches[0].column,
+            details: {
+              duplicatePatterns,
+              suggestion: 'Consider consolidating similar validation logic',
+              ruleName: this.ruleName
+            }
+          });
+        }
+      }
+      
+      return violations;
+      
+    } catch (error) {
+      if (this.verbose) {
+        console.warn(`[C040 Regex] Failed to analyze ${filePath}:`, error.message);
+      }
+      return [];
+    }
+  }
+
+  detectLayer(filePath) {
+    const path = filePath.toLowerCase();
+    
+    for (const [layer, pattern] of Object.entries(this.layerPatterns)) {
+      if (pattern.test(path)) {
+        return layer;
+      }
+    }
+    
+    return 'unknown';
+  }
+
+  findValidationPatterns(content, filePath) {
+    const matches = [];
+    const lines = content.split('\n');
+    
+    this.validationPatterns.forEach(pattern => {
+      lines.forEach((line, lineIndex) => {
+        const match = line.match(pattern);
+        if (match) {
+          matches.push({
+            pattern: match[0],
+            line: lineIndex + 1,
+            column: line.indexOf(match[0]) + 1,
+            type: 'regex',
+            fullLine: line.trim()
+          });
+        }
+      });
+    });
+    
+    return matches;
+  }
+
+  isComplexValidation(pattern) {
+    // Filter out false positives and keep only real validation patterns
+    const excludePatterns = [
+      /Promise/i,        // Promise types
+      /Response/i,       // HTTP Response
+      /Request/i,        // HTTP Request  
+      /Service/i,        // Service classes
+      /Controller/i,     // Controller classes
+      /Repository/i,     // Repository classes
+      /Interface/i,      // TypeScript interfaces
+      /Type/i,          // Type definitions
+      /Event/i,         // Event objects
+      /Error/i,         // Error objects (unless ValidationError)
+      /Component/i,     // React/Vue components
+      /Module/i,        // Module definitions
+      /Config/i,        // Configuration objects
+      /Context/i,       // Context objects
+      /Handler/i,       // Event handlers
+      /Listener/i,      // Event listeners
+      /Provider/i,      // Providers
+      /Factory/i,       // Factory patterns
+      /Builder/i,       // Builder patterns
+      /Manager/i,       // Manager classes
+      /Util/i,          // Utility functions
+      /Helper/i         // Helper functions
+    ];
+    
+    // Exclude common false positives
+    if (excludePatterns.some(excludePattern => excludePattern.test(pattern))) {
+      return false;
+    }
+    
+    // Include validation-specific patterns
+    const validationIndicators = [
+      /validate/i,
+      /check.*valid/i,
+      /ensure.*valid/i,
+      /verify/i,
+      /sanitize/i,
+      /normalize/i,
+      /ValidationError/i,
+      /BadRequest/i,
+      /InvalidInput/i,
+      /zod\./i,
+      /joi\./i,
+      /yup\./i,
+      /\.required\(/i,
+      /\.string\(/i,
+      /\.email\(/i,
+      /\.min\(/i,
+      /\.max\(/i
+    ];
+    
+    return validationIndicators.some(indicator => indicator.test(pattern));
+  }
+
+  findPotentialDuplicates(matches) {
+    const patternCounts = {};
+    
+    matches.forEach(match => {
+      const normalized = match.pattern.toLowerCase();
+      patternCounts[normalized] = (patternCounts[normalized] || 0) + 1;
+    });
+    
+    return Object.keys(patternCounts).filter(pattern => patternCounts[pattern] > 1);
+  }
+}
+
+module.exports = C040RegexBasedAnalyzer;

package/rules/common/C040_centralized_validation/symbol-based-analyzer.js

@@ -0,0 +1,416 @@
+/**
+ * Symbol-based analyzer for C040 - Centralized Validation Logic Analysis
+ * Purpose: Use AST + Data Flow to detect scattered validation logic across layers
+ */
+
+const { SyntaxKind } = require('ts-morph');
+
+class C040SymbolBasedAnalyzer {
+  constructor(semanticEngine = null) {
+    this.ruleId = 'C040';
+    this.ruleName = 'Centralized Validation Logic (Symbol-Based)';
+    this.semanticEngine = semanticEngine;
+    this.verbose = false;
+    
+    // Validation patterns to detect
+    this.validationPatterns = {
+      functionNames: [
+        'validate', 'check', 'ensure', 'verify', 'isValid', 'hasValid',
+        'validateInput', 'checkInput', 'validateData', 'sanitize'
+      ],
+      frameworks: ['zod', 'joi', 'yup', 'class-validator', 'ajv'],
+      errorTypes: ['ValidationError', 'BadRequest', 'InvalidInput', 'TypeError']
+    };
+    
+    // Layer detection patterns
+    this.layerPatterns = {
+      controller: /controller|route|handler/i,
+      service: /service|business|logic/i,
+      repository: /repository|dao|data/i,
+      validator: /validator|validation|schema/i
+    };
+  }
+
+  async initialize(semanticEngine = null) {
+    if (semanticEngine) {
+      this.semanticEngine = semanticEngine;
+    }
+    this.verbose = semanticEngine?.verbose || false;
+    
+    if (this.verbose) {
+      console.log(`[DEBUG] 🔧 C040 Symbol-Based: Analyzer initialized`);
+    }
+  }
+
+  async analyze(files, language, options = {}) {
+    const violations = [];
+    
+    if (!this.semanticEngine?.project) {
+      if (this.verbose) {
+        console.warn('[C040 Symbol-Based] No semantic engine available, skipping analysis');
+      }
+      return violations;
+    }
+    
+    for (const filePath of files) {
+      try {
+        const fileViolations = await this.analyzeFile(filePath);
+        violations.push(...fileViolations);
+      } catch (error) {
+        if (this.verbose) {
+          console.warn(`[C040] Analysis failed for ${filePath}:`, error.message);
+        }
+      }
+    }
+    
+    return violations;
+  }
+
+  async analyzeFile(filePath) {
+    const violations = [];
+    
+    try {
+      const sourceFile = this.semanticEngine.project.getSourceFile(filePath);
+      if (!sourceFile) {
+        if (this.verbose) {
+          console.log(`[C040] Source file not found in project: ${filePath}`);
+        }
+        return violations;
+      }
+
+      if (this.verbose) {
+        console.log(`[C040] Analyzing file: ${filePath}`);
+      }
+
+      // Detect layer from file path
+      const layer = this.detectLayer(filePath);
+      
+      // Find validation patterns
+      const validationScents = this.findValidationPatterns(sourceFile);
+      
+      if (validationScents.length > 0) {
+        // Check if validation is in wrong layer
+        if (layer === 'controller' || layer === 'service') {
+          const complexValidations = validationScents.filter(v => v.isComplex);
+          const businessValidations = complexValidations.filter(v => 
+            v.context === 'business-validation'
+          );
+          
+          if (businessValidations.length > 0) {
+            violations.push({
+              ruleId: this.ruleId,
+              severity: 'warning',
+              message: `Found ${businessValidations.length} complex business validation pattern(s) in ${layer} layer. Consider moving to validators.`,
+              file: filePath,
+              line: businessValidations[0].line,
+              column: businessValidations[0].column,
+              details: {
+                layer,
+                validationCount: businessValidations.length,
+                patterns: businessValidations.map(v => v.pattern),
+                suggestion: 'Move validation logic to dedicated validator classes',
+                ruleName: this.ruleName
+              }
+            });
+          }
+        }
+      }
+
+    } catch (error) {
+      if (this.verbose) {
+        console.warn(`[C040] Error analyzing ${filePath}:`, error.message);
+      }
+    }
+
+    return violations;
+  }
+
+  detectLayer(filePath) {
+    const path = filePath.toLowerCase();
+    
+    for (const [layer, pattern] of Object.entries(this.layerPatterns)) {
+      if (pattern.test(path)) {
+        return layer;
+      }
+    }
+    
+    return 'unknown';
+  }
+
+  findValidationPatterns(sourceFile) {
+    const patterns = [];
+    
+    // 1. Find business validation functions (semantic analysis)
+    sourceFile.getFunctions().forEach(func => {
+      const validationInfo = this.analyzeValidationFunction(func);
+      if (validationInfo) {
+        patterns.push(validationInfo);
+      }
+    });
+    
+    // 2. Find class methods with validation logic
+    sourceFile.getClasses().forEach(cls => {
+      cls.getMethods().forEach(method => {
+        const validationInfo = this.analyzeValidationMethod(method, cls);
+        if (validationInfo) {
+          patterns.push(validationInfo);
+        }
+      });
+    });
+    
+    // 3. Find validation decorators and frameworks usage
+    sourceFile.getClasses().forEach(cls => {
+      cls.getMethods().forEach(method => {
+        const decoratorInfo = this.analyzeValidationDecorators(method);
+        if (decoratorInfo) {
+          patterns.push(decoratorInfo);
+        }
+      });
+    });
+    
+    return patterns;
+  }
+
+  /**
+   * Analyze if a function contains actual business validation logic
+   */
+  analyzeValidationFunction(func) {
+    const name = func.getName();
+    const body = func.getBodyText();
+    
+    // Skip if it's infrastructure/utility function
+    if (this.isInfrastructureFunction(func, name, body)) {
+      return null;
+    }
+    
+    // Check for actual validation patterns in body
+    const validationSignals = this.countValidationSignals(body);
+    
+    if (validationSignals.score > 2) { // Threshold for real validation
+      return {
+        type: 'function',
+        pattern: name,
+        line: func.getStartLineNumber(),
+        column: func.getStart(),
+        isComplex: validationSignals.score > 5,
+        signals: validationSignals.patterns,
+        context: 'business-validation'
+      };
+    }
+    
+    return null;
+  }
+
+  /**
+   * Analyze if a method contains business validation logic
+   */
+  analyzeValidationMethod(method, parentClass) {
+    const methodName = method.getName();
+    const className = parentClass.getName();
+    const body = method.getBodyText();
+    
+    // Skip infrastructure methods
+    if (this.isInfrastructureMethod(method, methodName, body, className)) {
+      return null;
+    }
+    
+    // Check for validation patterns
+    const validationSignals = this.countValidationSignals(body);
+    
+    // Balanced threshold to catch meaningful validation
+    if (validationSignals.score > 3) {
+      return {
+        type: 'method',
+        pattern: `${className}.${methodName}`,
+        line: method.getStartLineNumber(),
+        column: method.getStart(),
+        isComplex: validationSignals.score > 6,
+        signals: validationSignals.patterns,
+        context: 'business-validation'
+      };
+    }
+    
+    return null;
+  }
+
+  /**
+   * Check for validation framework decorators
+   */
+  analyzeValidationDecorators(method) {
+    const decorators = method.getDecorators();
+    const validationDecorators = decorators.filter(dec => {
+      const name = dec.getName();
+      return ['IsEmail', 'IsString', 'IsNumber', 'Min', 'Max', 'Length', 'Matches'].includes(name);
+    });
+    
+    if (validationDecorators.length > 0) {
+      return {
+        type: 'decorator',
+        pattern: validationDecorators.map(d => d.getName()).join(', '),
+        line: method.getStartLineNumber(),
+        column: method.getStart(),
+        isComplex: true,
+        context: 'framework-validation'
+      };
+    }
+    
+    return null;
+  }
+
+  /**
+   * Check if function/method is infrastructure/utility rather than business validation
+   */
+  isInfrastructureFunction(func, name, body) {
+    // Health check patterns
+    if (name === 'check' && body.includes('health')) return true;
+    if (name.includes('health') || name.includes('Health')) return true;
+    
+    // Crypto/hash utilities
+    if (name === 'check' && (body.includes('bcrypt') || body.includes('hash') || body.includes('crypto'))) return true;
+    if (name.includes('hash') && body.includes('bcrypt')) return true;
+    
+    // Authentication utilities (not business validation)
+    if (name.includes('verify') && body.includes('jwt')) return true;
+    if (name.includes('verify') && body.includes('token')) return true;
+    
+    // Simple getters/setters
+    if (name.startsWith('get') || name.startsWith('set')) return true;
+    
+    return false;
+  }
+
+  /**
+   * Check if method is infrastructure/utility
+   */
+  isInfrastructureMethod(method, methodName, body, className) {
+    // Infrastructure keywords in method/class names  
+    const infraKeywords = [
+      'health', 'hash', 'auth', 'login', 'register', 'encrypt', 'decrypt',
+      'token', 'session', 'cookie', 'cache', 'log', 'monitor', 'metric',
+      's3', 'aws', 'storage', 'upload', 'download', 'file', 'config',
+      'connection', 'database', 'db', 'migration', 'seed', 'error', 'exception'
+    ];
+    
+    const lowerMethodName = methodName.toLowerCase();
+    const lowerClassName = className.toLowerCase();
+    
+    // Check method/class names
+    if (infraKeywords.some(keyword => 
+      lowerMethodName.includes(keyword) || lowerClassName.includes(keyword)
+    )) {
+      return true;
+    }
+    
+    // Controller methods that just delegate (not business validation)
+    if (className.toLowerCase().includes('controller')) {
+      // Simple delegation patterns
+      const delegationPatterns = [
+        /return\s+await\s+this\.\w+\.\w+\(/,
+        /return\s+this\.\w+\.\w+\(/,
+        /^\s*return\s+await/m
+      ];
+      
+      if (delegationPatterns.some(pattern => pattern.test(body))) {
+        return true;
+      }
+    }
+    
+    // Check method body for infrastructure patterns
+    const infraPatterns = [
+      /bcrypt|crypto|jwt/i,
+      /\.hash\(|\.compare\(/i,
+      /redis|cache/i,
+      /aws|s3|bucket/i,
+      /winston|logger/i,
+      /fileExist|checkExist/i,
+      /uploadFile|downloadFile/i,
+      /HttpStatus\./i  // Pure HTTP status handling
+    ];
+    
+    if (infraPatterns.some(pattern => pattern.test(body))) {
+      return true;
+    }
+    
+    // Call parent function check
+    return this.isInfrastructureFunction(method, methodName, body);
+  }
+
+  /**
+   * Count actual validation signals in code body using semantic analysis
+   */
+  countValidationSignals(body) {
+    let score = 0;
+    const patterns = [];
+    
+    // Business validation patterns (weighted scoring)
+    const validationIndicators = [
+      // High weight - clear business validation
+      { pattern: /throw new.*ValidationError/gi, weight: 5, name: 'ValidationError' },
+      { pattern: /throw new.*BadRequest/gi, weight: 4, name: 'BadRequestError' },
+      { pattern: /throw new.*InvalidInput/gi, weight: 4, name: 'InvalidInput' },
+      
+      // Medium weight - input validation
+      { pattern: /if\s*\(\s*!.*\)\s*{[^}]*throw/gi, weight: 3, name: 'conditional-validation' },
+      { pattern: /\.length\s*[<>]=?\s*\d+.*throw/gi, weight: 3, name: 'length-validation' },
+      { pattern: /typeof.*!==.*throw/gi, weight: 3, name: 'type-validation' },
+      
+      // Framework validation
+      { pattern: /zod\.|joi\.|yup\./gi, weight: 4, name: 'validation-framework' },
+      { pattern: /class-validator/gi, weight: 4, name: 'class-validator' },
+      
+      // Business rule validation  
+      { pattern: /validate[A-Z][a-zA-Z]*\(/gi, weight: 3, name: 'validate-method' },
+      { pattern: /check[A-Z][a-zA-Z]*\(/gi, weight: 2, name: 'check-method' },
+      { pattern: /ensure[A-Z][a-zA-Z]*\(/gi, weight: 3, name: 'ensure-method' },
+      
+      // Low weight - might be utility
+      { pattern: /\.test\(/gi, weight: 1, name: 'regex-test' },
+      { pattern: /\.match\(/gi, weight: 1, name: 'string-match' }
+    ];
+    
+    validationIndicators.forEach(indicator => {
+      const matches = body.match(indicator.pattern);
+      if (matches) {
+        score += matches.length * indicator.weight;
+        patterns.push(`${indicator.name} (${matches.length})`);
+      }
+    });
+    
+    // Penalty for infrastructure patterns (increased penalties)
+    const infrastructurePatterns = [
+      { pattern: /bcrypt|crypto|jwt/gi, penalty: -4 },
+      { pattern: /health|Health/gi, penalty: -6 },
+      { pattern: /\.hash\(|\.compare\(/gi, penalty: -3 },
+      { pattern: /HttpStatus\.|\.status\(/gi, penalty: -2 },
+      { pattern: /aws|s3|bucket/gi, penalty: -4 },
+      { pattern: /fileExist|checkExist/gi, penalty: -3 },
+      { pattern: /return\s+await\s+this\./gi, penalty: -2 }, // Delegation pattern
+      { pattern: /BadRequest.*S3/gi, penalty: -5 }, // S3 error handling
+      { pattern: /error.*message/gi, penalty: -1 } // Generic error handling
+    ];
+    
+    infrastructurePatterns.forEach(infra => {
+      const matches = body.match(infra.pattern);
+      if (matches) {
+        score += matches.length * infra.penalty;
+        patterns.push(`infrastructure-penalty (${matches.length})`);
+      }
+    });
+    
+    return { score: Math.max(0, score), patterns };
+  }
+
+  isValidationFunction(name) {
+    return this.validationPatterns.functionNames.some(pattern =>
+      name.toLowerCase().includes(pattern.toLowerCase())
+    );
+  }
+
+  isValidationError(text) {
+    return this.validationPatterns.errorTypes.some(errorType =>
+      text.includes(errorType)
+    );
+  }
+}
+
+module.exports = C040SymbolBasedAnalyzer;