npm - @sun-asterisk/sunlint - Versions diffs - 1.2.2 → 1.3.1 - Mend

@sun-asterisk/sunlint 1.2.2 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (124) hide show

package/CHANGELOG.md +107 -1
package/CONTRIBUTING.md +1654 -66
package/README.md +19 -6
package/config/ci-cd.json +54 -0
package/config/development.json +56 -0
package/config/engines/engines-enhanced.json +86 -0
package/config/engines/semantic-config.json +114 -0
package/config/eslint-rule-mapping.json +50 -38
package/config/large-project.json +143 -0
package/config/presets/all.json +0 -1
package/config/release.json +70 -0
package/config/rule-analysis-strategies.js +23 -4
package/config/rules/S027-categories.json +122 -0
package/config/rules/enhanced-rules-registry.json +2564 -0
package/config/rules/rules-registry-generated.json +785 -837
package/config/rules/rules-registry.json +13 -1
package/core/adapters/sunlint-rule-adapter.js +25 -30
package/core/analysis-orchestrator.js +42 -2
package/core/categories.js +52 -0
package/core/category-constants.js +39 -0
package/core/cli-action-handler.js +53 -32
package/core/cli-program.js +11 -3
package/core/config-manager.js +111 -0
package/core/config-merger.js +88 -0
package/core/constants/categories.js +168 -0
package/core/constants/defaults.js +165 -0
package/core/constants/engines.js +185 -0
package/core/constants/index.js +30 -0
package/core/constants/rules.js +215 -0
package/core/enhanced-rules-registry.js +3 -3
package/core/file-targeting-service.js +128 -7
package/core/interfaces/rule-plugin.interface.js +207 -0
package/core/plugin-manager.js +448 -0
package/core/rule-selection-service.js +42 -15
package/core/semantic-engine.js +658 -0
package/core/semantic-rule-base.js +433 -0
package/core/unified-rule-registry.js +484 -0
package/docs/COMMAND-EXAMPLES.md +134 -0
package/docs/CONSTANTS-ARCHITECTURE.md +288 -0
package/docs/LARGE-PROJECT-GUIDE.md +324 -0
package/engines/core/base-engine.js +249 -0
package/engines/engine-factory.js +275 -0
package/engines/eslint-engine.js +171 -19
package/engines/heuristic-engine.js +569 -78
package/integrations/eslint/plugin/index.js +26 -28
package/origin-rules/common-en.md +8 -8
package/package.json +10 -6
package/rules/common/C003_no_vague_abbreviations/analyzer.js +1 -1
package/rules/common/C017_constructor_logic/analyzer.js +254 -17
package/rules/common/C017_constructor_logic/semantic-analyzer.js +340 -0
package/rules/common/C029_catch_block_logging/analyzer.js +17 -5
package/rules/common/C033_separate_service_repository/README.md +78 -0
package/rules/common/C033_separate_service_repository/analyzer.js +160 -0
package/rules/common/C033_separate_service_repository/config.json +50 -0
package/rules/common/C033_separate_service_repository/regex-based-analyzer.js +585 -0
package/rules/common/C033_separate_service_repository/symbol-based-analyzer.js +368 -0
package/rules/common/C035_error_logging_context/STRATEGY.md +99 -0
package/rules/common/C035_error_logging_context/analyzer.js +230 -0
package/rules/common/C035_error_logging_context/config.json +54 -0
package/rules/common/C035_error_logging_context/regex-based-analyzer.js +299 -0
package/rules/common/C035_error_logging_context/symbol-based-analyzer.js +454 -0
package/rules/common/C040_centralized_validation/analyzer.js +165 -0
package/rules/common/C040_centralized_validation/config.json +46 -0
package/rules/common/C040_centralized_validation/regex-based-analyzer.js +243 -0
package/rules/common/C040_centralized_validation/symbol-based-analyzer.js +416 -0
package/rules/common/C047_no_duplicate_retry_logic/c047-semantic-rule.js +278 -0
package/rules/common/C047_no_duplicate_retry_logic/symbol-analyzer-enhanced.js +968 -0
package/rules/common/C047_no_duplicate_retry_logic/symbol-config.json +71 -0
package/rules/common/{C076_single_test_behavior → C072_single_test_behavior}/analyzer.js +6 -6
package/rules/common/C076_explicit_function_types/README.md +30 -0
package/rules/common/C076_explicit_function_types/analyzer.js +172 -0
package/rules/common/C076_explicit_function_types/config.json +15 -0
package/rules/common/C076_explicit_function_types/semantic-analyzer.js +341 -0
package/rules/index.js +8 -0
package/rules/parser/rule-parser.js +13 -2
package/rules/security/S005_no_origin_auth/README.md +226 -0
package/rules/security/S005_no_origin_auth/analyzer.js +184 -0
package/rules/security/S005_no_origin_auth/ast-analyzer.js +406 -0
package/rules/security/S005_no_origin_auth/config.json +85 -0
package/rules/security/S006_no_plaintext_recovery_codes/README.md +139 -0
package/rules/security/S006_no_plaintext_recovery_codes/analyzer.js +306 -0
package/rules/security/S006_no_plaintext_recovery_codes/config.json +48 -0
package/rules/security/S007_no_plaintext_otp/README.md +198 -0
package/rules/security/S007_no_plaintext_otp/analyzer.js +406 -0
package/rules/security/S007_no_plaintext_otp/config.json +79 -0
package/rules/security/S007_no_plaintext_otp/semantic-analyzer.js +609 -0
package/rules/security/S007_no_plaintext_otp/semantic-config.json +195 -0
package/rules/security/S007_no_plaintext_otp/semantic-wrapper.js +280 -0
package/rules/security/S027_no_hardcoded_secrets/analyzer.js +180 -366
package/rules/security/S027_no_hardcoded_secrets/categories.json +153 -0
package/rules/security/S027_no_hardcoded_secrets/categorized-analyzer.js +250 -0
package/scripts/category-manager.js +150 -0
package/scripts/generate-rules-registry.js +88 -0
package/scripts/migrate-rule-registry.js +157 -0
package/scripts/prepare-release.sh +1 -1
package/scripts/validate-system.js +48 -0
package/.sunlint.json +0 -35
package/config/README.md +0 -88
package/config/engines/eslint-rule-mapping.json +0 -74
package/config/schemas/sunlint-schema.json +0 -0
package/config/testing/test-s005-working.ts +0 -22
package/core/multi-rule-runner.js +0 -0
package/docs/ESLINT-INTEGRATION-STRATEGY.md +0 -392
package/docs/FUTURE_PACKAGES.md +0 -83
package/docs/HEURISTIC_VS_AI.md +0 -113
package/docs/PRODUCTION_DEPLOYMENT_ANALYSIS.md +0 -112
package/docs/PRODUCTION_SIZE_IMPACT.md +0 -183
package/docs/RELEASE_GUIDE.md +0 -230
package/docs/STANDARDIZED-CATEGORY-FILTERING.md +0 -156
package/engines/tree-sitter-parser.js +0 -0
package/engines/universal-ast-engine.js +0 -0
package/integrations/eslint/plugin/rules/common/c076-single-behavior-per-test.js +0 -254
package/rules/common/C029_catch_block_logging/analyzer-backup.js +0 -426
package/rules/common/C029_catch_block_logging/analyzer-fixed.js +0 -130
package/rules/common/C029_catch_block_logging/analyzer-multi-tech.js +0 -487
package/rules/common/C029_catch_block_logging/analyzer-simple.js +0 -110
package/rules/common/C029_catch_block_logging/ast-analyzer-backup.js +0 -441
package/rules/common/C029_catch_block_logging/ast-analyzer-new.js +0 -127
package/rules/common/C029_catch_block_logging/ast-analyzer.js +0 -133
package/rules/common/C029_catch_block_logging/cfg-analyzer.js +0 -408
package/rules/common/C029_catch_block_logging/dataflow-analyzer.js +0 -454
package/rules/common/C029_catch_block_logging/multi-language-ast-engine.js +0 -700
package/rules/common/C029_catch_block_logging/pattern-learning-analyzer.js +0 -568
package/rules/common/C029_catch_block_logging/semantic-analyzer.js +0 -459

package/config/release.json ADDED Viewed

@@ -0,0 +1,70 @@
+{
+  "name": "Release Validation Configuration",
+  "description": "Comprehensive analysis for release validation",
+  "performance": {
+    "maxSemanticFiles": -1,
+    "maxConcurrentRules": 8,
+    "timeoutMs": 300000
+  },
+  "input": ["."],
+  "include": [
+    "src/**/*.ts",
+    "src/**/*.js",
+    "lib/**/*.ts",
+    "app/**/*.ts",
+    "packages/*/src/**/*.ts"
+  ],
+  "exclude": [
+    "node_modules/**",
+    "dist/**",
+    "build/**",
+    "coverage/**",
+    "**/*.min.*",
+    "**/*.bundle.*"
+  ],
+  "rules": {
+    "enabled": "all"
+  },
+  "output": {
+    "format": "detailed",
+    "console": true,
+    "summary": true,
+    "includeContext": true,
+    "showFixSuggestions": true,
+    "output": "release-validation-report.json"
+  },
+  "engines": {
+    "semantic": {
+      "enabled": true,
+      "fileLimit": -1,
+      "enableCaching": true,
+      "crossFileAnalysis": true
+    },
+    "ai": {
+      "enabled": true,
+      "provider": "openai",
+      "model": "gpt-4o-mini"
+    }
+  },
+  "reporting": {
+    "baseline": {
+      "enabled": true,
+      "file": "release-baseline.json",
+      "compareWithPrevious": true
+    },
+    "trends": {
+      "enabled": true,
+      "historyFile": "release-trends.json"
+    },
+    "failOnNewViolations": true,
+    "exitOnError": true
+  }
+}

package/config/rule-analysis-strategies.js CHANGED Viewed

@@ -22,9 +22,10 @@ module.exports = {
       accuracy: { ast: 95, regex: 85 }
     },
     'C017': {
-      reason: 'Constructor logic analysis needs AST context',
-      methods: ['ast', 'regex'],
-      accuracy: { ast: 90, regex: 70 }
+      reason: 'Constructor logic analysis needs semantic context - Phase 2 with symbol-based analysis',
+      methods: ['semantic', 'ast', 'regex'],
+      accuracy: { semantic: 95, ast: 85, regex: 70 },
+      strategy: 'semantic-primary'
     },
     'S015': {
       reason: 'TLS certificate validation requires AST context analysis',
@@ -65,6 +66,24 @@ module.exports = {
       strategy: 'ast-primary-regex-fallback',
       accuracy: { ast: 90, regex: 75, combined: 95 }
     },
+    'C035': {
+      reason: 'Error logging context requires symbol-based + regex analysis',
+      methods: ['semantic', 'regex'],
+      strategy: 'semantic-primary-regex-fallback',
+      accuracy: { semantic: 90, regex: 70, combined: 95 }
+    },
+    'C040': {
+      reason: 'Validation centralization requires project-wide symbol analysis + data flow tracking',
+      methods: ['semantic', 'regex'],
+      strategy: 'semantic-primary-regex-fallback',
+      accuracy: { semantic: 95, regex: 75, combined: 97 }
+    },
+    'C076': {
+      reason: 'Public API type enforcement requires symbol-based analysis for export boundaries',
+      methods: ['semantic'],
+      strategy: 'semantic-primary',
+      accuracy: { semantic: 95 }
+    },
     'C041': {
       reason: 'Hardcoded secrets need AST literal analysis like ESLint',
       methods: ['ast', 'regex'],
@@ -87,4 +106,4 @@ module.exports = {
       strategy: 'progressive-enhancement'
     }
   }
-};
+};

package/config/rules/S027-categories.json ADDED Viewed

@@ -0,0 +1,122 @@
+{
+  "S027": {
+    "categories": [
+      {
+        "name": "AWS Credentials",
+        "severity": "critical",
+        "description": "AWS access keys, secret keys, and session tokens",
+        "patterns": [
+          "AKIA[0-9A-Z]{16}",
+          "(?i)aws[-_]?(secret[-_]?access[-_]?key|access[-_]?key[-_]?id)[\\s:=]+[\"']?[A-Za-z0-9\\/+=]{20,40}[\"']?",
+          "(?i)aws[-_]?session[-_]?token[\\s:=]+[\"']?[A-Za-z0-9\\/+=]{100,}[\"']?"
+        ],
+        "exclude_patterns": [
+          "(?i)(test|mock|fake|example|demo)[-_]?aws",
+          "AWS_REGION|AWS_DEFAULT_REGION"
+        ]
+      },
+      {
+        "name": "JWT & Authentication Tokens",
+        "severity": "critical",
+        "description": "JWT tokens and authentication credentials",
+        "patterns": [
+          "eyJ[A-Za-z0-9\\-_=]+\\.[A-Za-z0-9\\-_=]+\\.?[A-Za-z0-9\\-_.+/=]*",
+          "(?i)(jwt|bearer|auth)[-_]?(token|secret)[\\s:=]+[\"']?[a-zA-Z0-9\\-_=]{20,}[\"']?",
+          "(?i)authorization[\\s:=]+[\"']?(bearer|basic)[\\s]+[a-zA-Z0-9\\-_=]{10,}[\"']?"
+        ]
+      },
+      {
+        "name": "API Keys & Secrets",
+        "severity": "high",
+        "description": "Generic API keys and secret tokens",
+        "patterns": [
+          "(?i)(api[-_]?key|secret[-_]?key|access[-_]?token)[\\s:=]+[\"']?[a-zA-Z0-9\\-_=]{16,}[\"']?",
+          "(?i)(client[-_]?secret|app[-_]?secret)[\\s:=]+[\"']?[a-zA-Z0-9\\-_=]{20,}[\"']?",
+          "(?i)(private[-_]?key|encryption[-_]?key)[\\s:=]+[\"']?[a-zA-Z0-9\\-_=]{20,}[\"']?"
+        ],
+        "exclude_patterns": [
+          "(?i)(display|row|sort|primary|foreign)[-_]?key",
+          "(?i)key(value|path|name|code|id|index)",
+          "^key$"
+        ]
+      },
+      {
+        "name": "Database Credentials",
+        "severity": "high",
+        "description": "Database connection strings and passwords",
+        "patterns": [
+          "(mongodb|mysql|postgres|redis):\\/\\/[^\\/\\s'\"]+:[^\\/\\s'\"]+@[^\\/\\s'\"]+",
+          "(?i)(db|database)[-_]?(password|pass|pwd|secret)[\\s:=]+[\"']?[a-zA-Z0-9\\-_=]{6,}[\"']?",
+          "(?i)connection[-_]?string[\\s:=]+[\"']?[^\"'\\s]{20,}[\"']?"
+        ]
+      },
+      {
+        "name": "Third-party Service Keys",
+        "severity": "high",
+        "description": "GitHub, Slack, Stripe and other service tokens",
+        "patterns": [
+          "gh[pousr]_[A-Za-z0-9_]{36}",
+          "xox[baprs]-[A-Za-z0-9-]+",
+          "sk_live_[A-Za-z0-9]{24,}",
+          "(?i)(github|slack|stripe|paypal)[-_]?(token|key|secret)[\\s:=]+[\"']?[a-zA-Z0-9\\-_=]{16,}[\"']?"
+        ]
+      },
+      {
+        "name": "Suspicious Variable Names",
+        "severity": "medium",
+        "description": "Variables with sensitive naming patterns",
+        "patterns": [
+          "(?i)(client|app|service)[-_]?(id|key|token|secret)[\"']?\\s*[:=]\\s*[\"'][A-Za-z0-9\\-_=]{12,}[\"']?",
+          "(?i)(oauth|openid)[-_]?(client[-_]?id|secret)[\\s:=]+[\"']?[a-zA-Z0-9\\-_=]{10,}[\"']?"
+        ],
+        "exclude_patterns": [
+          "(?i)(send|verify|update|register|reset).*password",
+          "(?i)password.*(reset|verify|update|first|time)"
+        ]
+      },
+      {
+        "name": "Base64 Encoded Secrets",
+        "severity": "medium",
+        "description": "Potentially encoded sensitive data",
+        "patterns": [
+          "[A-Za-z0-9+\\/]{64,}={0,2}"
+        ],
+        "exclude_patterns": [
+          "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+          "(?i)(test|demo|example|sample)"
+        ]
+      },
+      {
+        "name": "Environment Variables",
+        "severity": "low",
+        "description": "Public environment variables that might leak info",
+        "patterns": [
+          "NEXT_PUBLIC_[A-Z0-9_]+[\\s:=]+[\"'][^\"']+[\"']",
+          "(?i)react_app_[A-Z0-9_]+[\\s:=]+[\"'][^\"']+[\"']"
+        ],
+        "exclude_patterns": [
+          "NODE_ENV|ENV|ENVIRONMENT|MODE|DEBUG"
+        ]
+      },
+      {
+        "name": "File Path Leaks",
+        "severity": "low",
+        "description": "Sensitive file patterns",
+        "patterns": [
+          "\\.env(\\..+)?$",
+          "(secrets?|credentials?|private[-_]?keys?)\\.(json|ya?ml|ts|js)$",
+          "id_rsa|id_dsa|\\.pem|\\.p12|\\.pfx$"
+        ]
+      }
+    ],
+    "global_exclude_patterns": [
+      "(?i)(test|mock|fake|dummy|example|demo|sample|placeholder)",
+      "(?i)(localhost|127\\.0\\.0\\.1|development|dev|staging)",
+      "^(true|false|null|undefined|none|empty)$",
+      "\\.(test|spec|mock)\\.",
+      "__tests__|\\/tests?\\/|\\/spec\\/"
+    ],
+    "min_length": 8,
+    "max_length": 1000
+  }
+}