@sun-asterisk/sunlint 1.3.1 → 1.3.2

package/rules/common/C018_no_throw_generic_error/analyzer.js

@@ -0,0 +1,232 @@
+/**
+ * C018 Main Analyzer - Do not throw generic errors
+ * Primary: Always provide detailed messages and context.
+ * Fallback: Regex-based for all other cases
+ */
+
+const C018SymbolBasedAnalyzer = require('./symbol-based-analyzer');
+const C018RegexBasedAnalyzer = require('./regex-based-analyzer');
+
+class C018Analyzer {
+  constructor(options = {}) {
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C018] Constructor called with options:`, !!options);
+      console.log(`🔧 [C018] Options type:`, typeof options, Object.keys(options || {}));
+    }
+
+    this.ruleId = 'C018';
+    this.ruleName = 'Do not throw generic errors';
+    this.description = 'Do not throw generic errors; always provide detailed messages and context.';
+    this.semanticEngine = options.semanticEngine || null;
+    this.verbose = options.verbose || false;
+
+    // Configuration
+    this.config = {
+      useSymbolBased: true,      // Primary approach
+      fallbackToRegex: true,     // Only when symbol fails completely
+      symbolBasedOnly: false     // Can be set to true for pure mode
+    };
+
+    // Initialize both analyzers
+    try {
+      this.symbolAnalyzer = new C018SymbolBasedAnalyzer(this.semanticEngine);
+      if (process.env.SUNLINT_DEBUG) {
+        console.log(`🔧 [C018] Symbol analyzer created successfully`);
+      }
+    } catch (error) {
+      console.error(`🔧 [C018] Error creating symbol analyzer:`, error);
+    }
+
+    try {
+      this.regexAnalyzer = new C018RegexBasedAnalyzer(this.semanticEngine);
+      if (process.env.SUNLINT_DEBUG) {
+        console.log(`🔧 [C018] Regex analyzer created successfully`);
+      }
+    } catch (error) {
+      console.error(`🔧 [C018] Error creating regex analyzer:`, error);
+    }
+
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C018] Constructor completed`);
+    }
+  }
+
+  /**
+   * Initialize with semantic engine
+   */
+  async initialize(semanticEngine = null) {
+    if (semanticEngine) {
+      this.semanticEngine = semanticEngine;
+    }
+    this.verbose = semanticEngine?.verbose || false;
+
+    // Initialize both analyzers
+    await this.symbolAnalyzer.initialize(semanticEngine);
+    await this.regexAnalyzer.initialize(semanticEngine);
+
+    // Ensure verbose flag is propagated
+    this.regexAnalyzer.verbose = this.verbose;
+    this.symbolAnalyzer.verbose = this.verbose;
+
+    if (this.verbose) {
+      console.log(`🔧 [C018 Hybrid] Analyzer initialized - verbose: ${this.verbose}`);
+    }
+  }
+
+  async analyze(files, language, options = {}) {
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C018] analyze() method called with ${files.length} files, language: ${language}`);
+    }
+
+    const violations = [];
+
+    for (const filePath of files) {
+      try {
+        if (process.env.SUNLINT_DEBUG) {
+          console.log(`🔧 [C018] Processing file: ${filePath}`);
+        }
+
+        const fileViolations = await this.analyzeFile(filePath, options);
+        violations.push(...fileViolations);
+
+        if (process.env.SUNLINT_DEBUG) {
+          console.log(`🔧 [C018] File ${filePath}: Found ${fileViolations.length} violations`);
+        }
+      } catch (error) {
+        console.warn(`❌ [C018] Analysis failed for ${filePath}:`, error.message);
+      }
+    }
+
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C018] Total violations found: ${violations.length}`);
+    }
+
+    return violations;
+  }
+
+  async analyzeFile(filePath, options = {}) {
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C018] analyzeFile() called for: ${filePath}`);
+    }
+
+    // 1. Try Symbol-based analysis first (primary)
+    if (this.config.useSymbolBased &&
+        this.semanticEngine?.project &&
+        this.semanticEngine?.initialized) {
+      try {
+        if (process.env.SUNLINT_DEBUG) {
+          console.log(`🔧 [C018] Trying symbol-based analysis...`);
+        }
+        const sourceFile = this.semanticEngine.project.getSourceFile(filePath);
+        if (sourceFile) {
+          if (process.env.SUNLINT_DEBUG) {
+            console.log(`🔧 [C018] Source file found, analyzing with symbol-based...`);
+          }
+          const violations = await this.symbolAnalyzer.analyzeFileWithSymbols(filePath, { ...options, verbose: options.verbose });
+
+          // Mark violations with analysis strategy
+          violations.forEach(v => v.analysisStrategy = 'symbol-based');
+
+          if (process.env.SUNLINT_DEBUG) {
+            console.log(`✅ [C018] Symbol-based analysis: ${violations.length} violations`);
+          }
+          return violations; // Return even if 0 violations - symbol analysis completed successfully
+        } else {
+          if (process.env.SUNLINT_DEBUG) {
+            console.log(`⚠️ [C018] Source file not found in project`);
+          }
+        }
+      } catch (error) {
+        console.warn(`⚠️ [C018] Symbol analysis failed: ${error.message}`);
+        // Continue to fallback
+      }
+    } else {
+      if (process.env.SUNLINT_DEBUG) {
+        console.log(`🔄 [C018] Symbol analysis conditions check:`);
+        console.log(`  - useSymbolBased: ${this.config.useSymbolBased}`);
+        console.log(`  - semanticEngine: ${!!this.semanticEngine}`);
+        console.log(`  - semanticEngine.project: ${!!this.semanticEngine?.project}`);
+        console.log(`  - semanticEngine.initialized: ${this.semanticEngine?.initialized}`);
+        console.log(`🔄 [C018] Symbol analysis unavailable, using regex fallback`);
+      }
+    }
+
+    // 2. Fallback to regex-based analysis
+    if (this.config.fallbackToRegex) {
+      try {
+        if (process.env.SUNLINT_DEBUG) {
+          console.log(`🔧 [C018] Trying regex-based analysis...`);
+        }
+        const violations = await this.regexAnalyzer.analyzeFileBasic(filePath, options);
+
+        // Mark violations with analysis strategy
+        violations.forEach(v => v.analysisStrategy = 'regex-fallback');
+
+        if (process.env.SUNLINT_DEBUG) {
+          console.log(`🔄 [C018] Regex-based analysis: ${violations.length} violations`);
+        }
+        return violations;
+      } catch (error) {
+        console.error(`❌ [C018] Regex analysis failed: ${error.message}`);
+      }
+    }
+
+    if (options?.verbose) {
+      console.log(`🔧 [C018] No analysis methods succeeded, returning empty`);
+    }
+    return [];
+  }
+
+  async analyzeFileBasic(filePath, options = {}) {
+    console.log(`🔧 [C018] analyzeFileBasic() called for: ${filePath}`);
+    console.log(`🔧 [C018] semanticEngine exists: ${!!this.semanticEngine}`);
+    console.log(`🔧 [C018] symbolAnalyzer exists: ${!!this.symbolAnalyzer}`);
+    console.log(`🔧 [C018] regexAnalyzer exists: ${!!this.regexAnalyzer}`);
+
+    try {
+      // Try symbol-based analysis first
+      if (this.semanticEngine?.isSymbolEngineReady?.() &&
+          this.semanticEngine.project) {
+
+        if (this.verbose) {
+          console.log(`🔍 [C018] Using symbol-based analysis for ${filePath}`);
+        }
+
+        const violations = await this.symbolAnalyzer.analyzeFileBasic(filePath, options);
+        return violations;
+      }
+    } catch (error) {
+      if (this.verbose) {
+        console.warn(`⚠️ [C018] Symbol analysis failed: ${error.message}`);
+      }
+    }
+
+    // Fallback to regex-based analysis
+    if (this.verbose) {
+      console.log(`🔄 [C018] Using regex-based analysis (fallback) for ${filePath}`);
+    }
+
+    console.log(`🔧 [C018] About to call regexAnalyzer.analyzeFileBasic()`);
+    try {
+      const result = await this.regexAnalyzer.analyzeFileBasic(filePath, options);
+      console.log(`🔧 [C018] Regex analyzer returned: ${result.length} violations`);
+      return result;
+    } catch (error) {
+      console.error(`🔧 [C018] Error in regex analyzer:`, error);
+      return [];
+    }
+  }
+
+  /**
+   * Methods for compatibility with different engine invocation patterns
+   */
+  async analyzeFileWithSymbols(filePath, options = {}) {
+    return this.analyzeFile(filePath, options);
+  }
+
+  async analyzeWithSemantics(filePath, options = {}) {
+    return this.analyzeFile(filePath, options);
+  }
+}
+
+module.exports = C018Analyzer;

package/rules/common/C018_no_throw_generic_error/config.json

@@ -0,0 +1,50 @@
+{
+  "id": "C018",
+  "name": "C018_do_not_throw_generic_errors",
+  "category": "architecture",
+  "description": "C018 - Always provide detailed messages and context.",
+  "severity": "warning",
+  "enabled": true,
+  "semantic": {
+    "enabled": true,
+    "priority": "high",
+    "fallback": "heuristic"
+  },
+  "patterns": {
+    "include": [
+      "**/*.js",
+      "**/*.ts",
+      "**/*.jsx",
+      "**/*.tsx"
+    ],
+    "exclude": [
+      "**/*.test.*",
+      "**/*.spec.*",
+      "**/*.mock.*",
+      "**/test/**",
+      "**/tests/**",
+      "**/spec/**"
+    ]
+  },
+  "options": {
+    "strictMode": false,
+    "allowedDbMethods": [],
+    "repositoryPatterns": [
+      "*Repository*",
+      "*Repo*",
+      "*DAO*",
+      "*Store*"
+    ],
+    "servicePatterns": [
+      "*Service*",
+      "*UseCase*",
+      "*Handler*",
+      "*Manager*"
+    ],
+    "complexityThreshold": {
+      "methodLength": 200,
+      "cyclomaticComplexity": 5,
+      "nestedDepth": 3
+    }
+  }
+}

package/rules/common/C018_no_throw_generic_error/regex-based-analyzer.js

@@ -0,0 +1,387 @@
+/**
+ * C018 Regex-based Analyzer - Do not throw generic errors
+ * Purpose: Fallback pattern matching when symbol analysis fails
+ */
+
+class C018RegexBasedAnalyzer {
+  constructor(semanticEngine = null) {
+    this.ruleId = 'C018';
+    this.ruleName = 'Do not throw generic errors (Regex-Based)';
+    this.semanticEngine = semanticEngine;
+    this.verbose = false;
+    
+    // Patterns for identifying catch blocks (supports TypeScript type annotations)
+    this.catchPattern = /catch\s*\(\s*(\w+)(?:\s*:\s*\w+(?:\s*\|\s*\w+)*)?\s*\)\s*\{([^{}]*(?:\{[^{}]*\}[^{}]*)*)\}/gs;
+
+    // throw error patterns
+    this.exceptionPatterns = [
+      /throw\s+\w+/g,
+    ];
+
+    // Sensitive data patterns
+    this.sensitivePatterns = [
+      /password|passwd|pwd/gi,
+      /token|jwt|auth|secret|key/gi,
+      /ssn|social|credit|card|cvv/gi
+    ];
+
+    // String concatenation patterns (non-structured)
+    this.stringConcatPatterns = [
+      /\+\s*["'`]/g,  // string concatenation
+      /["'`]\s*\+/g,  // string concatenation
+      /\$\{.*\}/g     // template literals (basic)
+    ];
+
+    this.structuredPatterns = [
+      /\{\s*[a-zA-Z_$][a-zA-Z0-9_$]*\s*:\s*[^}]+\}/g, // structured object format
+    ]
+
+    // Ensure error messages should explain what happened, why, and in what context
+    this.explanationPatterns = [
+      /\b(because|due to|failed to|cannot|invalid|missing|not found)\b/i,
+    ];
+    this.guidancePatterns = [
+      /\b(please|ensure|make sure|check|try|use)\b/i,
+    ];
+  }
+
+  async initialize(semanticEngine = null) {
+    if (semanticEngine) {
+      this.semanticEngine = semanticEngine;
+    }
+    this.verbose = semanticEngine?.verbose || false;
+    
+    if (this.verbose) {
+      console.log(`🔧 [C018 Regex-Based] Analyzer initialized`);
+    }
+  }
+
+  async analyzeFileBasic(filePath, options = {}) {
+    const fs = require('fs');
+    const path = require('path');
+    const violations = [];
+
+    if (this.verbose) {
+      console.log(`🔧 [C018 Regex] Starting analysis for: ${filePath}`);
+    }
+
+    try {
+      const content = fs.readFileSync(filePath, 'utf8');
+      
+      if (this.verbose) {
+        console.log(`🔧 [C018 Regex] File content length: ${content.length}`);
+      }
+      
+      const lines = content.split('\n');
+      const catchBlocks = this.findCatchBlocks(content);
+      
+      if (this.verbose) {
+        console.log(`🔧 [C018 Regex] Found ${catchBlocks.length} catch blocks`);
+      }
+
+      for (const block of catchBlocks) {
+        const blockViolations = this.analyzeCatchBlockContent(block, lines, filePath);
+        if (this.verbose && blockViolations.length > 0) {
+          console.log(`🔧 [C018 Regex] Block violations: ${blockViolations.length}`);
+        }
+        violations.push(...blockViolations);
+      }
+
+      if (this.verbose) {
+        console.log(`🔧 [C018 Regex] Total violations found: ${violations.length}`);
+      }
+      
+      return violations;
+    } catch (error) {
+      if (this.verbose) {
+        console.error(`🔧 [C018 Regex] Error analyzing ${filePath}:`, error);
+      }
+      return [];
+    }
+  }  /**
+   * Find catch blocks in content using regex
+   */
+  findCatchBlocks(content) {
+    const catchBlocks = [];
+    let match;
+    
+    // Reset regex
+    this.catchPattern.lastIndex = 0;
+    
+    while ((match = this.catchPattern.exec(content)) !== null) {
+      const fullMatch = match[0];
+      const errorVar = match[1];
+      const blockContent = match[2];
+      
+      // Calculate line number
+      const beforeMatch = content.substring(0, match.index);
+      const lineNumber = beforeMatch.split('\n').length;
+      
+      catchBlocks.push({
+        fullMatch,
+        errorVar,
+        blockContent,
+        lineNumber,
+        startIndex: match.index
+      });
+    }
+    
+    return catchBlocks;
+  }
+
+  /**
+   * Analyze catch block content for logging violations
+   */
+  analyzeCatchBlockContent(catchBlock, lines, filePath) {
+    const violations = [];
+    const { blockContent, lineNumber, errorVar } = catchBlock;
+    
+    // Find log calls in catch block
+    const ErrorCalls = this.findExceptionCallsInContent(blockContent);
+    
+    if (ErrorCalls.length === 0) {
+      // No logging - C018's concern, not ours
+      return violations;
+    }
+    
+    // Analyze each log call
+    for (const errCall of ErrorCalls) {
+      const logLineNumber = lineNumber + errCall.relativeLineNumber;
+      // Check for generic error throws without context
+      if (errCall.content.includes('new Error(')) {
+        violations.push({
+          ruleId: this.ruleId,
+          severity: 'error',
+          message: 'Throwing generic Error without context',
+          source: this.ruleId,
+          file: filePath,
+          line: logLineNumber,
+          column: errCall.column,
+          description: `[REGEX-FALLBACK] Generic error thrown without context. Use structured error objects.`,
+          suggestion: 'Use specific error types or structured error objects with context',
+          category: 'error-handling'
+        });
+      }
+      // Check for generic error direct ex: throw error
+      if (errCall.content.includes(`throw ${errorVar}`)) {
+        violations.push({
+          ruleId: this.ruleId,
+          severity: 'error',
+          message: 'Throwing caught error directly without context',
+          source: this.ruleId,
+          file: filePath,
+          line: logLineNumber,
+          column: errCall.column,
+          description: `[REGEX-FALLBACK] Caught error thrown directly without additional context. Use structured error objects.`,
+          suggestion: 'Use structured error objects with context instead of throwing caught errors directly',
+          category: 'error-handling'
+        });
+      }
+
+
+      // Check for non-structured logging (string concatenation)
+      if (this.hasStringConcatenation(errCall.content)) {
+        violations.push({
+          ruleId: this.ruleId,
+          severity: 'warning',
+          message: 'Error logging should use structured format instead of string concatenation',
+          source: this.ruleId,
+          file: filePath,
+          line: logLineNumber,
+          column: errCall.column,
+          description: `[REGEX-FALLBACK] String concatenation detected in error logging. Use structured object format.`,
+          suggestion: 'Use logger.error("message", { error: e.message, context: {...} }) instead of string concatenation',
+          category: 'error-handling'
+        });
+      }
+
+      // Check for sensitive data
+      const sensitiveData = this.findSensitiveData(errCall.content);
+      if (sensitiveData.length > 0) {
+        violations.push({
+          ruleId: this.ruleId,
+          severity: 'error',
+          message: 'Error logging contains potentially sensitive data',
+          source: this.ruleId,
+          file: filePath,
+          line: logLineNumber,
+          column: errCall.column,
+          description: `[REGEX-FALLBACK] Sensitive patterns detected: ${sensitiveData.join(', ')}. Mask or exclude sensitive data.`,
+          suggestion: 'Mask sensitive data or exclude entirely from logs',
+          category: 'security'
+        });
+      }
+
+      // Check messages should explain what happened
+      const explaintionData = this.findExplanationData(errCall.content);
+      if (!explaintionData.length) {
+        violations.push({
+          ruleId: this.ruleId,
+          severity: 'warning',
+          message: 'Error logging should explain what happened',
+          source: this.ruleId,
+          file: filePath,
+          line: logLineNumber,
+          column: errCall.column,
+          description: `[SYMBOL-BASED] Error message should explain what happened, why, and in what context.`,
+          suggestion: 'Use structured error objects with context: { message: "Error occurred", context: "Request failed because todo something." } }',
+          category: 'error-handling'
+        });
+      }
+
+      // Check messages should provide guidance
+      const guidanceData = this.findGuidanceData(errCall.content);
+      if (!guidanceData.length) {
+        violations.push({
+          ruleId: this.ruleId,
+          severity: 'warning',
+          message: 'Error logging should provide guidance on next steps',
+          source: this.ruleId,
+          file: filePath,
+          line: logLineNumber,
+          column: errCall.column,
+          description: `[SYMBOL-BASED] Error message should provide guidance on next steps.`,
+          suggestion: 'Use structured error objects with guidance: { message: "Error occurred", guidance: "Please check the input and try again." } }',
+          category: 'error-handling'
+        });
+      }
+    }
+    
+    return violations;
+  }
+
+  /**
+   * Find log calls within catch block content
+   */
+  findExceptionCallsInContent(content) {
+    const ErrorCalls = [];
+    const lines = content.split('\n');
+    
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      
+      for (const pattern of this.exceptionPatterns) {
+        pattern.lastIndex = 0; // Reset regex
+        const match = pattern.exec(line);
+        
+        if (match) {
+          ErrorCalls.push({
+            content: line.trim(),
+            relativeLineNumber: i,
+            column: match.index + 1,
+            method: match[1] || 'unknown'
+          });
+        }
+      }
+    }
+    
+    return ErrorCalls;
+  }
+
+  /**
+   * Check if log call uses string concatenation
+   */
+  hasStringConcatenation(content) {
+    return this.stringConcatPatterns.some(pattern => {
+      pattern.lastIndex = 0;
+      return pattern.test(content);
+    });
+  }
+
+  /**
+   * Find sensitive data patterns in content
+   */
+  findSensitiveData(content) {
+    const found = [];
+    
+    for (const pattern of this.sensitivePatterns) {
+      pattern.lastIndex = 0;
+      const matches = content.match(pattern);
+      if (matches) {
+        found.push(...matches.map(m => m.toLowerCase()));
+      }
+    }
+    
+    return [...new Set(found)]; // Remove duplicates
+  }
+
+  // Validate structure patterns
+  validateStructuredPatterns(content) {
+    for (const pattern of this.structuredPatterns) {
+      pattern.lastIndex = 0;
+      if (pattern.test(content)) {
+        return true; // Structured format found
+      }
+    }
+    return false; // No structured format found
+  }
+
+  /**
+   * Find explanation data patterns in content
+   */
+  findExplanationData(content) {
+    const found = [];
+
+    for (const pattern of this.explanationPatterns) {
+      pattern.lastIndex = 0;
+      const matches = content.match(pattern);
+      if (matches) {
+        found.push(...matches.map(m => m.toLowerCase()));
+      }
+    }
+
+    return [...new Set(found)]; // Remove duplicates
+  }
+
+  /**
+   * Find guidance data patterns in content
+   */
+  findGuidanceData(content) {
+    const found = [];
+
+    for (const pattern of this.guidancePatterns) {
+      pattern.lastIndex = 0;
+      const matches = content.match(pattern);
+      if (matches) {
+        found.push(...matches.map(m => m.toLowerCase()));
+      }
+    }
+
+    return [...new Set(found)]; // Remove duplicates
+  }
+
+  async analyze(files, language, options = {}) {
+    if (this.verbose) {
+      console.log(`🔧 [C018 Regex] analyze() called with ${files.length} files, language: ${language}`);
+    }
+    
+    const violations = [];
+    
+    for (const filePath of files) {
+      try {
+        if (this.verbose) {
+          console.log(`🔧 [C018 Regex] Processing file: ${filePath}`);
+        }
+        
+        const fileViolations = await this.analyzeFileBasic(filePath, options);
+        violations.push(...fileViolations);
+        
+        if (this.verbose) {
+          console.log(`🔧 [C018 Regex] File ${filePath}: Found ${fileViolations.length} violations`);
+        }
+      } catch (error) {
+        if (this.verbose) {
+          console.warn(`❌ [C018 Regex] Analysis failed for ${filePath}:`, error.message);
+        }
+      }
+    }
+    
+    if (this.verbose) {
+      console.log(`🔧 [C018 Regex] Total violations found: ${violations.length}`);
+    }
+    
+    return violations;
+  }
+}
+
+module.exports = C018RegexBasedAnalyzer;