@sun-asterisk/sunlint 1.3.18 → 1.3.19

package/rules/common/C017_constructor_logic/config.json

@@ -0,0 +1,50 @@
+{
+  "id": "C017",
+  "name": "C017_constructor_logic",
+  "category": "architecture",
+  "description": "C017 - Do not put business logic inside constructors.",
+  "severity": "warning",
+  "enabled": true,
+  "semantic": {
+    "enabled": true,
+    "priority": "high",
+    "fallback": "heuristic"
+  },
+  "patterns": {
+    "include": [
+      "**/*.js",
+      "**/*.ts",
+      "**/*.jsx",
+      "**/*.tsx"
+    ],
+    "exclude": [
+      "**/*.test.*",
+      "**/*.spec.*",
+      "**/*.mock.*",
+      "**/test/**",
+      "**/tests/**",
+      "**/spec/**"
+    ]
+  },
+  "options": {
+    "strictMode": false,
+    "allowedDbMethods": [],
+    "repositoryPatterns": [
+      "*Repository*",
+      "*Repo*",
+      "*DAO*",
+      "*Store*"
+    ],
+    "servicePatterns": [
+      "*Service*",
+      "*UseCase*",
+      "*Handler*",
+      "*Manager*"
+    ],
+    "complexityThreshold": {
+      "methodLength": 200,
+      "cyclomaticComplexity": 5,
+      "nestedDepth": 3
+    }
+  }
+}

package/rules/common/C017_constructor_logic/symbol-based-analyzer.js

@@ -0,0 +1,463 @@
+/**
+ * C017 Symbol-based Analyzer - Do not put business logic inside constructors
+ * Purpose: Ensure constructors only initialize objects, not perform business logic, to improve testability.
+ */
+
+const { SyntaxKind } = require('ts-morph');
+
+class C017SymbolBasedAnalyzer {
+  constructor(semanticEngine = null) {
+    this.ruleId = 'C017';
+    this.ruleName = 'Error put business logic inside constructors. (Symbol-Based)';
+    this.semanticEngine = semanticEngine;
+    this.verbose = false;
+  }
+
+  async initialize(semanticEngine = null) {
+    if (semanticEngine) {
+      this.semanticEngine = semanticEngine;
+    }
+    this.verbose = semanticEngine?.verbose || false;
+
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C017 Symbol-Based] Analyzer initialized, verbose: ${this.verbose}`);
+    }
+  }
+
+  async analyzeFileBasic(filePath, options = {}) {
+    // This is the main entry point called by the hybrid analyzer
+    return await this.analyzeFileWithSymbols(filePath, options);
+  }
+
+  async analyzeFileWithSymbols(filePath, options = {}) {
+    const violations = [];
+
+    // Enable verbose mode if requested
+    const verbose = options.verbose || this.verbose;
+
+    if (!this.semanticEngine?.project) {
+      if (verbose) {
+        console.warn('[C017 Symbol-Based] No semantic engine available, skipping analysis');
+      }
+      return violations;
+    }
+
+    if (verbose) {
+      console.log(`🔍 [C017 Symbol-Based] Starting analysis for ${filePath}`);
+    }
+
+    try {
+      const sourceFile = this.semanticEngine.project.getSourceFile(filePath);
+      if (!sourceFile) {
+        return violations;
+      }
+
+      // Find all constructor declarations
+      const constructors = sourceFile.getDescendantsOfKind(SyntaxKind.Constructor);
+
+      for (const constructor of constructors) {
+        this.analyzeConstructor(constructor, filePath, violations, verbose);
+      }
+
+      if (verbose) {
+        console.log(`🔍 [C017 Symbol-Based] Total violations found: ${violations.length}`);
+      }
+
+      return violations;
+    } catch (error) {
+      if (verbose) {
+        console.warn(`[C017 Symbol-Based] Analysis failed for ${filePath}:`, error.message);
+      }
+      return violations;
+    }
+  }
+
+  /**
+   * Analyze a constructor for business logic violations
+   */
+  analyzeConstructor(constructor, filePath, violations, verbose = false) {
+    const body = constructor.getBody();
+    if (!body) return;
+
+    const statements = body.getStatements();
+
+    for (const statement of statements) {
+      // Check for method calls (instance methods)
+      if (this.containsMethodCall(statement, verbose)) {
+        const { line, column } = this.getStatementPosition(statement);
+
+        violations.push({
+          ruleId: this.ruleId,
+          severity: 'warning',
+          message: 'Constructor calls instance methods - business logic should not be in constructors',
+          source: this.ruleId,
+          file: filePath,
+          line: line,
+          column: column,
+          description: `[SYMBOL-BASED] Instance method calls detected in constructor. Calling methods in constructors makes the class harder to test and can cause unexpected behavior if methods are overridden.`,
+          suggestion: 'Move method calls to a separate initialization method (e.g., init(), setup()) that can be called after object creation and easily mocked in tests.',
+          category: 'TESTABILITY'
+        });
+      }
+
+      // Check for API calls (fetch, axios, http requests)
+      if (this.containsApiCall(statement, verbose)) {
+        const { line, column } = this.getStatementPosition(statement);
+
+        violations.push({
+          ruleId: this.ruleId,
+          severity: 'warning',
+          message: 'Constructor contains API call - business logic should not be in constructors',
+          source: this.ruleId,
+          file: filePath,
+          line: line,
+          column: column,
+          description: `[SYMBOL-BASED] API calls detected in constructor. Constructors should only initialize fields and assign dependencies.`,
+          suggestion: 'Move API calls to a separate initialization method (e.g., init(), load(), or setup()) and call it after object creation.',
+          category: 'CODE_QUALITY'
+        });
+      }
+
+      // Check for complex logic (if/else, loops, switch) - with stricter rules
+      if (this.containsComplexLogic(statement, verbose)) {
+        const { line, column } = this.getStatementPosition(statement);
+
+        violations.push({
+          ruleId: this.ruleId,
+          severity: 'warning',
+          message: 'Constructor contains complex business logic - reduces testability',
+          source: this.ruleId,
+          file: filePath,
+          line: line,
+          column: column,
+          description: `[SYMBOL-BASED] Complex control flow (if/else, loops, switch) detected in constructor. This makes the class harder to test and instantiate.`,
+          suggestion: 'Extract complex logic into separate methods that can be called after object creation and mocked during testing.',
+          category: 'TESTABILITY'
+        });
+      }
+
+      // Check for logging operations
+      if (this.containsLogging(statement, verbose)) {
+        const { line, column } = this.getStatementPosition(statement);
+
+        violations.push({
+          ruleId: this.ruleId,
+          severity: 'info',
+          message: 'Constructor contains logging - side effects should be avoided',
+          source: this.ruleId,
+          file: filePath,
+          line: line,
+          column: column,
+          description: `[SYMBOL-BASED] Logging detected in constructor. Constructors should be side-effect free for predictability.`,
+          suggestion: 'Move logging to initialization methods or business logic methods.',
+          category: 'RELIABILITY'
+        });
+      }
+
+      // Check for file I/O operations
+      if (this.containsFileIO(statement, verbose)) {
+        const { line, column } = this.getStatementPosition(statement);
+
+        violations.push({
+          ruleId: this.ruleId,
+          severity: 'warning',
+          message: 'Constructor contains file I/O operations - business logic violation',
+          source: this.ruleId,
+          file: filePath,
+          line: line,
+          column: column,
+          description: `[SYMBOL-BASED] File I/O operations detected in constructor. This creates side effects and makes testing difficult.`,
+          suggestion: 'Move file operations to separate methods that can be called explicitly and mocked during testing.',
+          category: 'INTEGRATION'
+        });
+      }
+
+      // Check for database operations
+      if (this.containsDatabaseOperation(statement, verbose)) {
+        const { line, column } = this.getStatementPosition(statement);
+
+        violations.push({
+          ruleId: this.ruleId,
+          severity: 'warning',
+          message: 'Constructor contains database operations - violates constructor principles',
+          source: this.ruleId,
+          file: filePath,
+          line: line,
+          column: column,
+          description: `[SYMBOL-BASED] Database operations detected in constructor. This makes object creation slow and unpredictable.`,
+          suggestion: 'Move database operations to repository methods or service layer methods.',
+          category: 'INTEGRATION'
+        });
+      }
+    }
+  }
+
+  /**
+   * Get the position of a statement
+   */
+  getStatementPosition(statement) {
+    try {
+      return {
+        line: statement.getStartLineNumber(),
+        column: statement.getStartLinePos ? statement.getStartLinePos() : 0
+      };
+    } catch {
+      return { line: 0, column: 0 };
+    }
+  }
+
+  /**
+   * Check if statement contains instance method calls
+   */
+  containsMethodCall(statement, verbose = false) {
+    // Get all call expressions in the statement
+    const callExpressions = statement.getDescendantsOfKind(SyntaxKind.CallExpression);
+
+    for (const callExpr of callExpressions) {
+      const expression = callExpr.getExpression();
+      const callText = expression.getText();
+
+      // Check if it's a 'this.' method call
+      if (callText.startsWith('this.')) {
+        // Extract method name
+        const methodName = callText.replace('this.', '').split('(')[0];
+
+        // Ignore common safe operations
+        const safePatterns = [
+          'toString',
+          'valueOf',
+          'hasOwnProperty',
+          'isPrototypeOf',
+          'propertyIsEnumerable'
+        ];
+
+        if (!safePatterns.includes(methodName)) {
+          // Check if it's a config service or environment variable access
+          if (!this.isSafeConfigAccess(callExpr)) {
+            if (verbose) {
+              console.log(`  🔧 Method call detected: ${callText}`);
+            }
+            return true;
+          }
+        }
+      }
+
+      // Also check for super method calls (not super() constructor call)
+      if (callText.startsWith('super.')) {
+        if (verbose) {
+          console.log(`  🔧 Super method call detected: ${callText}`);
+        }
+        return true;
+      }
+    }
+
+    return false;
+  }
+
+  /**
+   * Check if a method call is safe config/environment access
+   * These are allowed in constructors as they are initialization, not business logic
+   */
+  isSafeConfigAccess(callExpr) {
+    const expression = callExpr.getExpression();
+    const callText = expression.getText();
+
+    // Pattern: this.configService.get(...) or similar
+    // Pattern: this.envService.get(...) or similar
+    const configPatterns = [
+      /this\.(config|env|environment|settings?)Service\.get/i,
+      /this\.(config|env|environment|settings?)\.get/i,
+      /this\.(config|env|environment|settings?)Service\.read/i,
+      /this\.(config|env|environment|settings?)\.read/i,
+    ];
+
+    if (configPatterns.some(pattern => pattern.test(callText))) {
+      // Verify it's a simple get/read operation, not complex logic
+      const args = callExpr.getArguments();
+      // Should have 1-2 arguments (key, optional default value)
+      if (args.length <= 2) {
+        return true;
+      }
+    }
+
+    // Pattern: process.env access wrapped in a method
+    // Pattern: this.getString('KEY') where getString is a simple getter
+    const simpleGetterPatterns = [
+      /this\.get(String|Number|Boolean|Int|Float)/,
+    ];
+
+    if (simpleGetterPatterns.some(pattern => pattern.test(callText))) {
+      const args = callExpr.getArguments();
+      if (args.length <= 2) {
+        return true;
+      }
+    }
+
+    return false;
+  }
+
+  /**
+   * Check if statement contains API calls
+   */
+  containsApiCall(statement, verbose = false) {
+    const text = statement.getText();
+
+    // Common API call patterns
+    const apiPatterns = [
+      /\bfetch\s*\(/,
+      /\baxios\./,
+      /\b(get|post|put|delete|patch)\s*\(/,
+      /\.ajax\s*\(/,
+      /\bhttps?\./,
+      /\bHttpClient\./,
+      /\bXMLHttpRequest/,
+      /\bsuperagent\./,
+      /\brequest\s*\(/
+    ];
+
+    const hasApiCall = apiPatterns.some(pattern => pattern.test(text));
+
+    if (hasApiCall && verbose) {
+      console.log(`  📡 API call detected in constructor`);
+    }
+
+    return hasApiCall;
+  }
+
+  /**
+   * Check if statement contains complex logic
+   * Now more strict - flags most conditional logic
+   */
+  containsComplexLogic(statement, verbose = false) {
+    // Check for control flow structures
+    const hasIfStatement = statement.getDescendantsOfKind(SyntaxKind.IfStatement).length > 0;
+    const hasLoop = statement.getDescendantsOfKind(SyntaxKind.ForStatement).length > 0 ||
+                    statement.getDescendantsOfKind(SyntaxKind.WhileStatement).length > 0 ||
+                    statement.getDescendantsOfKind(SyntaxKind.DoStatement).length > 0 ||
+                    statement.getDescendantsOfKind(SyntaxKind.ForOfStatement).length > 0 ||
+                    statement.getDescendantsOfKind(SyntaxKind.ForInStatement).length > 0;
+    const hasSwitch = statement.getDescendantsOfKind(SyntaxKind.SwitchStatement).length > 0;
+    const hasTryCatch = statement.getDescendantsOfKind(SyntaxKind.TryStatement).length > 0;
+    const hasConditional = statement.getDescendantsOfKind(SyntaxKind.ConditionalExpression).length > 0; // ternary operators
+
+    // Be more strict with if statements
+    if (hasIfStatement) {
+      const ifStatements = statement.getDescendantsOfKind(SyntaxKind.IfStatement);
+
+      for (const ifStmt of ifStatements) {
+        const condition = ifStmt.getExpression().getText();
+        const thenStatement = ifStmt.getThenStatement();
+        const elseStatement = ifStmt.getElseStatement();
+
+        // Only allow very simple null/undefined checks for default parameter values
+        // Pattern: if (!param) { this.param = defaultValue; }
+        const isSimpleNullDefault =
+          /^!?\w+$/.test(condition) && // Simple variable check
+          !elseStatement && // No else clause
+          thenStatement &&
+          thenStatement.getText().match(/^{\s*this\.\w+\s*=\s*[^;]+;\s*}$/);
+
+        if (!isSimpleNullDefault) {
+          if (verbose) {
+            console.log(`  🔀 Complex if statement detected: ${condition}`);
+          }
+          return true;
+        }
+      }
+    }
+
+    const hasComplexLogic = hasLoop || hasSwitch || hasTryCatch || hasConditional;
+
+    if (hasComplexLogic && verbose) {
+      console.log(`  🔀 Complex logic detected in constructor`);
+    }
+
+    return hasComplexLogic;
+  }
+
+  /**
+   * Check if statement contains logging
+   */
+  containsLogging(statement, verbose = false) {
+    const text = statement.getText();
+
+    // Common logging patterns
+    const loggingPatterns = [
+      /\bconsole\.(log|warn|error|info|debug)/,
+      /\blogger\./,
+      /\bLog\./,
+      /\blogging\./,
+      /\bwinston\./,
+      /\bbunyan\./,
+      /\bpino\./,
+      /\.log\s*\(/
+    ];
+
+    const hasLogging = loggingPatterns.some(pattern => pattern.test(text));
+
+    if (hasLogging && verbose) {
+      console.log(`  📝 Logging detected in constructor`);
+    }
+
+    return hasLogging;
+  }
+
+  /**
+   * Check if statement contains file I/O operations
+   */
+  containsFileIO(statement, verbose = false) {
+    const text = statement.getText();
+
+    // File I/O patterns
+    const fileIOPatterns = [
+      /\bfs\.(readFile|writeFile|read|write|open|close)/,
+      /\breadFileSync/,
+      /\bwriteFileSync/,
+      /\bFileReader/,
+      /\bFile\./,
+      /\bpath\.read/,
+      /\bpath\.write/
+    ];
+
+    const hasFileIO = fileIOPatterns.some(pattern => pattern.test(text));
+
+    if (hasFileIO && verbose) {
+      console.log(`  📁 File I/O detected in constructor`);
+    }
+
+    return hasFileIO;
+  }
+
+  /**
+   * Check if statement contains database operations
+   */
+  containsDatabaseOperation(statement, verbose = false) {
+    const text = statement.getText();
+
+    // Database operation patterns
+    const dbPatterns = [
+      /\b(find|findOne|findById|save|update|delete|insert|create|query|exec)\s*\(/,
+      /\bmongoose\./,
+      /\bSequelize\./,
+      /\bTypeORM\./,
+      /\bPrisma\./,
+      /\.collection\s*\(/,
+      /\bdb\./,
+      /\bknex\./,
+      /SELECT\s+.*\s+FROM/i,
+      /INSERT\s+INTO/i,
+      /UPDATE\s+.*\s+SET/i,
+      /DELETE\s+FROM/i
+    ];
+
+    const hasDbOperation = dbPatterns.some(pattern => pattern.test(text));
+
+    if (hasDbOperation && verbose) {
+      console.log(`  💾 Database operation detected in constructor`);
+    }
+
+    return hasDbOperation;
+  }
+}
+
+module.exports = C017SymbolBasedAnalyzer;