@sun-asterisk/sunlint 1.3.33 → 1.3.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/config/released-rules.json +62 -0
- package/config/rules/enhanced-rules-registry.json +2315 -1354
- package/core/adapters/dart-analyzer.js +658 -0
- package/core/adapters/index.js +102 -0
- package/core/adapters/sunlint-rule-adapter.js +0 -2
- package/core/adapters/typescript-analyzer.js +277 -0
- package/core/analysis-orchestrator.js +168 -40
- package/core/architecture-integration.js +16 -7
- package/core/auto-performance-manager.js +1 -1
- package/core/cli-action-handler.js +98 -21
- package/core/cli-program.js +96 -138
- package/core/config-merger.js +24 -14
- package/core/constants/defaults.js +1 -2
- package/core/file-targeting-service.js +62 -4
- package/core/git-utils.js +19 -12
- package/core/github-annotate-service.js +456 -89
- package/core/github-step-summary-generator.js +8 -8
- package/core/html-report-generator.js +326 -731
- package/core/impact-integration.js +433 -0
- package/core/interfaces/language-analyzer.interface.js +393 -0
- package/core/output-service.js +308 -35
- package/core/rule-selection-service.js +77 -27
- package/core/scoring-service.js +3 -2
- package/core/semantic-engine-manager.js +375 -0
- package/core/semantic-engine.js +4 -57
- package/core/unified-rule-registry.js +52 -11
- package/docs/DART_RULE_EXECUTION_FLOW.md +745 -0
- package/docs/DART_SUPPORT_IMPLEMENTATION.md +245 -0
- package/docs/SUNLINT_ARCHITECTURE.md +692 -0
- package/docs/skills/CREATE_DART_RULE.md +909 -0
- package/engines/arch-detect/core/analyzer.js +413 -0
- package/engines/arch-detect/core/index.js +22 -0
- package/engines/arch-detect/engine/hybrid-detector.js +176 -0
- package/engines/arch-detect/engine/index.js +24 -0
- package/engines/arch-detect/engine/rule-executor.js +228 -0
- package/engines/arch-detect/engine/score-calculator.js +214 -0
- package/engines/arch-detect/engine/violation-detector.js +616 -0
- package/engines/arch-detect/index.js +50 -0
- package/engines/arch-detect/rules/base-rule.js +187 -0
- package/engines/arch-detect/rules/index.js +35 -0
- package/engines/arch-detect/rules/layered/index.js +28 -0
- package/engines/arch-detect/rules/layered/l001-presentation-layer.js +237 -0
- package/engines/arch-detect/rules/layered/l002-business-layer.js +215 -0
- package/engines/arch-detect/rules/layered/l003-data-layer.js +229 -0
- package/engines/arch-detect/rules/layered/l004-model-layer.js +204 -0
- package/engines/arch-detect/rules/layered/l005-layer-separation.js +215 -0
- package/engines/arch-detect/rules/layered/l006-dependency-direction.js +221 -0
- package/engines/arch-detect/rules/layered/layered-rules-collection.js +445 -0
- package/engines/arch-detect/rules/modular/index.js +27 -0
- package/engines/arch-detect/rules/modular/m001-feature-modules.js +238 -0
- package/engines/arch-detect/rules/modular/m002-core-module.js +169 -0
- package/engines/arch-detect/rules/modular/m003-module-declaration.js +186 -0
- package/engines/arch-detect/rules/modular/m004-public-api.js +171 -0
- package/engines/arch-detect/rules/modular/m005-no-deep-imports.js +220 -0
- package/engines/arch-detect/rules/modular/modular-rules-collection.js +357 -0
- package/engines/arch-detect/rules/presentation/index.js +27 -0
- package/engines/arch-detect/rules/presentation/pr001-view-layer.js +221 -0
- package/engines/arch-detect/rules/presentation/pr002-presentation-logic.js +192 -0
- package/engines/arch-detect/rules/presentation/pr004-data-binding.js +187 -0
- package/engines/arch-detect/rules/presentation/pr006-router-layer.js +185 -0
- package/engines/arch-detect/rules/presentation/pr007-interactor-layer.js +181 -0
- package/engines/arch-detect/rules/presentation/presentation-rules-collection.js +507 -0
- package/engines/arch-detect/rules/project-scanner/index.js +31 -0
- package/engines/arch-detect/rules/project-scanner/ps001-project-root.js +213 -0
- package/engines/arch-detect/rules/project-scanner/ps002-language-detection.js +192 -0
- package/engines/arch-detect/rules/project-scanner/ps003-framework-detection.js +339 -0
- package/engines/arch-detect/rules/project-scanner/ps004-build-system.js +171 -0
- package/engines/arch-detect/rules/project-scanner/ps005-source-directory.js +163 -0
- package/engines/arch-detect/rules/project-scanner/ps006-test-directory.js +184 -0
- package/engines/arch-detect/rules/project-scanner/ps007-documentation.js +149 -0
- package/engines/arch-detect/rules/project-scanner/ps008-cicd-detection.js +163 -0
- package/engines/arch-detect/rules/project-scanner/ps009-code-quality.js +152 -0
- package/engines/arch-detect/rules/project-scanner/ps010-statistics.js +180 -0
- package/engines/arch-detect/rules/rule-registry.js +111 -0
- package/engines/arch-detect/types/context.types.js +60 -0
- package/engines/arch-detect/types/enums.js +161 -0
- package/engines/arch-detect/types/index.js +25 -0
- package/engines/arch-detect/types/result.types.js +7 -0
- package/engines/arch-detect/types/rule.types.js +7 -0
- package/engines/arch-detect/utils/file-scanner.js +411 -0
- package/engines/arch-detect/utils/index.js +23 -0
- package/engines/arch-detect/utils/pattern-matcher.js +328 -0
- package/engines/eslint-engine.js +2 -8
- package/engines/heuristic-engine.js +234 -38
- package/engines/impact/cli.js +106 -0
- package/engines/impact/config/default-config.js +54 -0
- package/engines/impact/core/change-detector.js +258 -0
- package/engines/impact/core/detectors/database-detector.js +1317 -0
- package/engines/impact/core/detectors/endpoint-detector.js +55 -0
- package/engines/impact/core/impact-analyzer.js +124 -0
- package/engines/impact/core/report-generator.js +462 -0
- package/engines/impact/core/utils/ast-parser.js +241 -0
- package/engines/impact/core/utils/dependency-graph.js +159 -0
- package/engines/impact/core/utils/file-utils.js +116 -0
- package/engines/impact/core/utils/git-utils.js +203 -0
- package/engines/impact/core/utils/logger.js +13 -0
- package/engines/impact/core/utils/method-call-graph.js +1192 -0
- package/engines/impact/index.js +135 -0
- package/engines/impact/package.json +29 -0
- package/package.json +18 -43
- package/rules/common/C002_no_duplicate_code/config.json +12 -20
- package/rules/common/C002_no_duplicate_code/dart/analyzer.js +53 -0
- package/rules/common/C002_no_duplicate_code/index.js +93 -0
- package/rules/common/C003_no_vague_abbreviations/config.json +1 -1
- package/rules/common/C003_no_vague_abbreviations/dart/analyzer.js +54 -0
- package/rules/common/C003_no_vague_abbreviations/index.js +93 -0
- package/rules/common/C006_function_naming/dart/analyzer.js +40 -0
- package/rules/common/C006_function_naming/index.js +86 -0
- package/rules/common/C008_variable_declaration_locality/dart/analyzer.js +32 -0
- package/rules/common/C008_variable_declaration_locality/index.js +86 -0
- package/rules/common/C010_limit_block_nesting/dart/analyzer.js +32 -0
- package/rules/common/C010_limit_block_nesting/index.js +86 -0
- package/rules/common/C012_command_query_separation/config.json +61 -0
- package/rules/common/C012_command_query_separation/dart/analyzer.js +32 -0
- package/rules/common/C012_command_query_separation/index.js +86 -0
- package/rules/common/C013_no_dead_code/dart/analyzer.js +32 -0
- package/rules/common/C013_no_dead_code/index.js +86 -0
- package/rules/common/C014_dependency_injection/dart/analyzer.js +32 -0
- package/rules/common/C014_dependency_injection/index.js +86 -0
- package/rules/common/C017_constructor_logic/dart/analyzer.js +32 -0
- package/rules/common/C017_constructor_logic/index.js +86 -0
- package/rules/common/C018_no_throw_generic_error/dart/analyzer.js +32 -0
- package/rules/common/C018_no_throw_generic_error/index.js +86 -0
- package/rules/common/C019_log_level_usage/dart/analyzer.js +32 -0
- package/rules/common/C019_log_level_usage/index.js +86 -0
- package/rules/common/C019_log_level_usage/{ts-morph-analyzer.js → typescript/ts-morph-analyzer.js} +0 -1
- package/rules/common/C020_unused_imports/dart/analyzer.js +32 -0
- package/rules/common/C020_unused_imports/index.js +86 -0
- package/rules/common/C020_unused_imports/{ts-morph-analyzer.js → typescript/ts-morph-analyzer.js} +0 -1
- package/rules/common/C021_import_organization/config.json +29 -9
- package/rules/common/C021_import_organization/dart/analyzer.js +40 -0
- package/rules/common/C021_import_organization/index.js +83 -0
- package/rules/common/C021_import_organization/{ts-morph-analyzer.js → typescript/ts-morph-analyzer.js} +0 -1
- package/rules/common/C023_no_duplicate_variable/config.json +7 -2
- package/rules/common/C023_no_duplicate_variable/dart/analyzer.js +40 -0
- package/rules/common/C023_no_duplicate_variable/index.js +83 -0
- package/rules/common/C024_no_scatter_hardcoded_constants/config.json +7 -2
- package/rules/common/C024_no_scatter_hardcoded_constants/dart/analyzer.js +40 -0
- package/rules/common/C024_no_scatter_hardcoded_constants/index.js +83 -0
- package/rules/common/C024_no_scatter_hardcoded_constants/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -1
- package/rules/common/C029_catch_block_logging/config.json +15 -5
- package/rules/common/C029_catch_block_logging/dart/analyzer.js +40 -0
- package/rules/common/C029_catch_block_logging/index.js +83 -0
- package/rules/common/C030_use_custom_error_classes/config.json +28 -0
- package/rules/common/C030_use_custom_error_classes/dart/analyzer.js +40 -0
- package/rules/common/C030_use_custom_error_classes/index.js +83 -0
- package/rules/common/C031_validation_separation/config.json +28 -0
- package/rules/common/C031_validation_separation/dart/analyzer.js +40 -0
- package/rules/common/C031_validation_separation/index.js +83 -0
- package/rules/common/C033_separate_service_repository/config.json +8 -3
- package/rules/common/C033_separate_service_repository/dart/analyzer.js +40 -0
- package/rules/common/C033_separate_service_repository/index.js +83 -0
- package/rules/common/C035_error_logging_context/config.json +34 -12
- package/rules/common/C035_error_logging_context/dart/analyzer.js +40 -0
- package/rules/common/C035_error_logging_context/index.js +83 -0
- package/rules/common/C040_centralized_validation/config.json +37 -8
- package/rules/common/C040_centralized_validation/dart/analyzer.js +40 -0
- package/rules/common/C040_centralized_validation/index.js +83 -0
- package/rules/common/C041_no_sensitive_hardcode/config.json +7 -2
- package/rules/common/C041_no_sensitive_hardcode/dart/analyzer.js +40 -0
- package/rules/common/C041_no_sensitive_hardcode/index.js +83 -0
- package/rules/common/C042_boolean_name_prefix/config.json +28 -0
- package/rules/common/C042_boolean_name_prefix/dart/analyzer.js +40 -0
- package/rules/common/C042_boolean_name_prefix/index.js +83 -0
- package/rules/common/C043_no_console_or_print/config.json +28 -0
- package/rules/common/C043_no_console_or_print/dart/analyzer.js +40 -0
- package/rules/common/C043_no_console_or_print/index.js +83 -0
- package/rules/common/C047_no_duplicate_retry_logic/config.json +28 -0
- package/rules/common/C047_no_duplicate_retry_logic/dart/analyzer.js +40 -0
- package/rules/common/C047_no_duplicate_retry_logic/index.js +83 -0
- package/rules/common/C048_no_bypass_architectural_layers/config.json +7 -2
- package/rules/common/C048_no_bypass_architectural_layers/dart/analyzer.js +40 -0
- package/rules/common/C048_no_bypass_architectural_layers/index.js +83 -0
- package/rules/common/C052_parsing_or_data_transformation/config.json +7 -2
- package/rules/common/C052_parsing_or_data_transformation/dart/analyzer.js +40 -0
- package/rules/common/C052_parsing_or_data_transformation/index.js +83 -0
- package/rules/common/C060_no_override_superclass/config.json +7 -2
- package/rules/common/C060_no_override_superclass/dart/analyzer.js +40 -0
- package/rules/common/C060_no_override_superclass/index.js +83 -0
- package/rules/common/C065_one_behavior_per_test/config.json +187 -28
- package/rules/common/C065_one_behavior_per_test/dart/analyzer.js +40 -0
- package/rules/common/C065_one_behavior_per_test/index.js +83 -0
- package/rules/common/C067_no_hardcoded_config/config.json +18 -4
- package/rules/common/C067_no_hardcoded_config/dart/analyzer.js +40 -0
- package/rules/common/C067_no_hardcoded_config/index.js +83 -0
- package/rules/common/C070_no_real_time_tests/config.json +41 -12
- package/rules/common/C070_no_real_time_tests/dart/analyzer.js +40 -0
- package/rules/common/C070_no_real_time_tests/index.js +83 -0
- package/rules/common/C072_single_test_behavior/config.json +28 -0
- package/rules/common/C072_single_test_behavior/dart/analyzer.js +40 -0
- package/rules/common/C072_single_test_behavior/index.js +83 -0
- package/rules/common/C073_validate_required_config_on_startup/config.json +93 -18
- package/rules/common/C073_validate_required_config_on_startup/dart/analyzer.js +40 -0
- package/rules/common/C073_validate_required_config_on_startup/index.js +83 -0
- package/rules/common/C073_validate_required_config_on_startup/{analyzer.js → typescript/analyzer.js} +0 -1
- package/rules/common/C075_explicit_return_types/config.json +28 -0
- package/rules/common/C075_explicit_return_types/dart/analyzer.js +40 -0
- package/rules/common/C075_explicit_return_types/index.js +83 -0
- package/rules/common/C076_explicit_function_types/config.json +18 -4
- package/rules/common/C076_explicit_function_types/dart/analyzer.js +40 -0
- package/rules/common/C076_explicit_function_types/index.js +83 -0
- package/rules/index.js +26 -6
- package/rules/security/S003_open_redirect_protection/config.json +11 -53
- package/rules/security/S003_open_redirect_protection/dart/analyzer.js +43 -0
- package/rules/security/S003_open_redirect_protection/index.js +94 -0
- package/rules/security/S003_open_redirect_protection/typescript/analyzer.js +105 -0
- package/rules/security/S003_open_redirect_protection/{symbol-based-analyzer.js → typescript/semantic-analyzer.js} +1 -1
- package/rules/security/S004_sensitive_data_logging/config.json +1 -1
- package/rules/security/S004_sensitive_data_logging/dart/analyzer.js +58 -0
- package/rules/security/S004_sensitive_data_logging/index.js +93 -0
- package/rules/security/S005_no_origin_auth/dart/analyzer.js +30 -0
- package/rules/security/S005_no_origin_auth/index.js +83 -0
- package/rules/security/S005_no_origin_auth/{analyzer.js → typescript/analyzer.js} +1 -0
- package/rules/security/S006_no_plaintext_recovery_codes/dart/analyzer.js +30 -0
- package/rules/security/S006_no_plaintext_recovery_codes/index.js +83 -0
- package/rules/security/S007_no_plaintext_otp/dart/analyzer.js +30 -0
- package/rules/security/S007_no_plaintext_otp/index.js +83 -0
- package/rules/security/S009_no_insecure_encryption/dart/analyzer.js +30 -0
- package/rules/security/S009_no_insecure_encryption/index.js +83 -0
- package/rules/security/S010_no_insecure_encryption/dart/analyzer.js +30 -0
- package/rules/security/S010_no_insecure_encryption/index.js +83 -0
- package/rules/security/S011_secure_guid_generation/dart/analyzer.js +30 -0
- package/rules/security/S011_secure_guid_generation/index.js +83 -0
- package/rules/security/S012_hardcoded_secrets/dart/analyzer.js +30 -0
- package/rules/security/S012_hardcoded_secrets/index.js +83 -0
- package/rules/security/S012_hardcoded_secrets/typescript/config.json +75 -0
- package/rules/security/S013_tls_enforcement/dart/analyzer.js +30 -0
- package/rules/security/S013_tls_enforcement/index.js +83 -0
- package/rules/security/S014_tls_version_enforcement/dart/analyzer.js +30 -0
- package/rules/security/S014_tls_version_enforcement/index.js +83 -0
- package/rules/security/S015_insecure_tls_certificate/config.json +41 -0
- package/rules/security/S015_insecure_tls_certificate/dart/analyzer.js +19 -0
- package/rules/security/S015_insecure_tls_certificate/index.js +83 -0
- package/rules/security/S016_no_sensitive_querystring/dart/analyzer.js +30 -0
- package/rules/security/S016_no_sensitive_querystring/index.js +83 -0
- package/rules/security/S017_use_parameterized_queries/dart/analyzer.js +30 -0
- package/rules/security/S017_use_parameterized_queries/index.js +83 -0
- package/rules/security/S019_smtp_injection_protection/dart/analyzer.js +30 -0
- package/rules/security/S019_smtp_injection_protection/index.js +83 -0
- package/rules/security/S020_no_eval_dynamic_code/dart/analyzer.js +30 -0
- package/rules/security/S020_no_eval_dynamic_code/index.js +83 -0
- package/rules/security/S022_escape_output_context/dart/analyzer.js +30 -0
- package/rules/security/S022_escape_output_context/index.js +83 -0
- package/rules/security/S023_no_json_injection/dart/analyzer.js +30 -0
- package/rules/security/S023_no_json_injection/index.js +83 -0
- package/rules/security/S024_xpath_xxe_protection/dart/analyzer.js +30 -0
- package/rules/security/S024_xpath_xxe_protection/index.js +83 -0
- package/rules/security/S025_server_side_validation/dart/analyzer.js +30 -0
- package/rules/security/S025_server_side_validation/index.js +83 -0
- package/rules/security/S026_json_schema_validation/dart/analyzer.js +30 -0
- package/rules/security/S026_json_schema_validation/index.js +83 -0
- package/rules/security/S027_no_hardcoded_secrets/dart/analyzer.js +30 -0
- package/rules/security/S027_no_hardcoded_secrets/index.js +83 -0
- package/rules/security/S028_file_upload_size_limits/dart/analyzer.js +30 -0
- package/rules/security/S028_file_upload_size_limits/index.js +83 -0
- package/rules/security/S029_csrf_protection/dart/analyzer.js +30 -0
- package/rules/security/S029_csrf_protection/index.js +83 -0
- package/rules/security/S030_directory_browsing_protection/dart/analyzer.js +30 -0
- package/rules/security/S030_directory_browsing_protection/index.js +83 -0
- package/rules/security/S031_secure_session_cookies/dart/analyzer.js +30 -0
- package/rules/security/S031_secure_session_cookies/index.js +83 -0
- package/rules/security/S032_httponly_session_cookies/dart/analyzer.js +30 -0
- package/rules/security/S032_httponly_session_cookies/index.js +83 -0
- package/rules/security/S033_samesite_session_cookies/dart/analyzer.js +30 -0
- package/rules/security/S033_samesite_session_cookies/index.js +83 -0
- package/rules/security/S034_host_prefix_session_cookies/dart/analyzer.js +30 -0
- package/rules/security/S034_host_prefix_session_cookies/index.js +83 -0
- package/rules/security/S035_path_session_cookies/dart/analyzer.js +30 -0
- package/rules/security/S035_path_session_cookies/index.js +83 -0
- package/rules/security/S036_lfi_rfi_protection/dart/analyzer.js +30 -0
- package/rules/security/S036_lfi_rfi_protection/index.js +83 -0
- package/rules/security/S037_cache_headers/dart/analyzer.js +30 -0
- package/rules/security/S037_cache_headers/index.js +83 -0
- package/rules/security/S038_no_version_headers/dart/analyzer.js +30 -0
- package/rules/security/S038_no_version_headers/index.js +83 -0
- package/rules/security/S039_no_session_tokens_in_url/dart/analyzer.js +30 -0
- package/rules/security/S039_no_session_tokens_in_url/index.js +83 -0
- package/rules/security/S040_session_fixation_protection/dart/analyzer.js +30 -0
- package/rules/security/S040_session_fixation_protection/index.js +83 -0
- package/rules/security/S041_session_token_invalidation/dart/analyzer.js +30 -0
- package/rules/security/S041_session_token_invalidation/index.js +83 -0
- package/rules/security/S042_require_re_authentication_for_long_lived/dart/analyzer.js +30 -0
- package/rules/security/S042_require_re_authentication_for_long_lived/index.js +83 -0
- package/rules/security/S043_password_changes_invalidate_all_sessions/dart/analyzer.js +30 -0
- package/rules/security/S043_password_changes_invalidate_all_sessions/index.js +83 -0
- package/rules/security/S044_re_authentication_required/dart/analyzer.js +30 -0
- package/rules/security/S044_re_authentication_required/index.js +83 -0
- package/rules/security/S045_brute_force_protection/dart/analyzer.js +30 -0
- package/rules/security/S045_brute_force_protection/index.js +83 -0
- package/rules/security/S048_no_current_password_in_reset/dart/analyzer.js +30 -0
- package/rules/security/S048_no_current_password_in_reset/index.js +83 -0
- package/rules/security/S049_short_validity_tokens/dart/analyzer.js +30 -0
- package/rules/security/S049_short_validity_tokens/index.js +83 -0
- package/rules/security/S049_short_validity_tokens/typescript/config.json +124 -0
- package/rules/security/S051_password_length_policy/dart/analyzer.js +30 -0
- package/rules/security/S051_password_length_policy/index.js +83 -0
- package/rules/security/S051_password_length_policy/typescript/config.json +83 -0
- package/rules/security/S052_weak_otp_entropy/dart/analyzer.js +30 -0
- package/rules/security/S052_weak_otp_entropy/index.js +83 -0
- package/rules/security/S052_weak_otp_entropy/typescript/config.json +57 -0
- package/rules/security/S054_no_default_accounts/dart/analyzer.js +30 -0
- package/rules/security/S054_no_default_accounts/index.js +83 -0
- package/rules/security/S054_no_default_accounts/typescript/config.json +101 -0
- package/rules/security/S055_content_type_validation/dart/analyzer.js +30 -0
- package/rules/security/S055_content_type_validation/index.js +83 -0
- package/rules/security/S056_log_injection_protection/dart/analyzer.js +30 -0
- package/rules/security/S056_log_injection_protection/index.js +83 -0
- package/rules/security/S057_utc_logging/dart/analyzer.js +30 -0
- package/rules/security/S057_utc_logging/index.js +83 -0
- package/rules/security/S057_utc_logging/typescript/config.json +105 -0
- package/rules/security/S058_no_ssrf/dart/analyzer.js +30 -0
- package/rules/security/S058_no_ssrf/index.js +83 -0
- package/rules/security/S058_no_ssrf/{analyzer.js → typescript/analyzer.js} +0 -1
- package/rules/security/S058_no_ssrf/typescript/config.json +125 -0
- package/scripts/build-release.sh +12 -0
- package/scripts/copy-impact-analyzer.js +135 -0
- package/scripts/install.sh +0 -0
- package/scripts/manual-release.sh +0 -0
- package/scripts/pre-release-test.sh +0 -0
- package/scripts/prepare-release.sh +0 -0
- package/scripts/quick-performance-test.js +0 -0
- package/scripts/setup-github-registry.sh +0 -0
- package/scripts/trigger-release.sh +0 -0
- package/scripts/verify-install.sh +0 -0
- package/templates/combined-report.html +1418 -0
- package/rules/common/C002_no_duplicate_code/test-cases/api-handlers.ts +0 -64
- package/rules/common/C002_no_duplicate_code/test-cases/data-processor.ts +0 -46
- package/rules/common/C002_no_duplicate_code/test-cases/good-example.tsx +0 -40
- package/rules/common/C002_no_duplicate_code/test-cases/product-service.ts +0 -57
- package/rules/common/C002_no_duplicate_code/test-cases/user-service.ts +0 -49
- package/rules/common/C067_no_hardcoded_config/symbol-based-analyzer.js.backup +0 -3853
- package/rules/security/S003_open_redirect_protection/analyzer.js +0 -135
- /package/rules/common/C002_no_duplicate_code/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C003_no_vague_abbreviations/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C006_function_naming/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/{C008 → C008_variable_declaration_locality}/config.json +0 -0
- /package/rules/common/{C008 → C008_variable_declaration_locality/typescript}/analyzer.js +0 -0
- /package/rules/common/{C008 → C008_variable_declaration_locality/typescript}/ts-morph-analyzer.js +0 -0
- /package/rules/common/C010_limit_block_nesting/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C010_limit_block_nesting/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/common/C010_limit_block_nesting/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/common/C012_command_query_separation/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C012_command_query_separation/{ast-analyzer.js → typescript/ast-analyzer.js} +0 -0
- /package/rules/common/C013_no_dead_code/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C013_no_dead_code/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/common/C013_no_dead_code/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/common/C014_dependency_injection/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C014_dependency_injection/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/common/C017_constructor_logic/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C017_constructor_logic/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/common/C018_no_throw_generic_error/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C018_no_throw_generic_error/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/common/C018_no_throw_generic_error/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/common/C019_log_level_usage/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C019_log_level_usage/{pattern-analyzer.js → typescript/pattern-analyzer.js} +0 -0
- /package/rules/common/C019_log_level_usage/{system-log-analyzer.js → typescript/system-log-analyzer.js} +0 -0
- /package/rules/common/C020_unused_imports/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C021_import_organization/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C023_no_duplicate_variable/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C023_no_duplicate_variable/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/common/C024_no_scatter_hardcoded_constants/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C029_catch_block_logging/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C030_use_custom_error_classes/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C031_validation_separation/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C033_separate_service_repository/{README.md → typescript/README.md} +0 -0
- /package/rules/common/C033_separate_service_repository/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C033_separate_service_repository/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/common/C033_separate_service_repository/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/common/C035_error_logging_context/{STRATEGY.md → typescript/STRATEGY.md} +0 -0
- /package/rules/common/C035_error_logging_context/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C035_error_logging_context/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/common/C035_error_logging_context/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/common/C040_centralized_validation/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C040_centralized_validation/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/common/C040_centralized_validation/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/common/C041_no_sensitive_hardcode/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C041_no_sensitive_hardcode/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/common/C042_boolean_name_prefix/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C043_no_console_or_print/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C047_no_duplicate_retry_logic/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C047_no_duplicate_retry_logic/{c047-semantic-rule.js → typescript/c047-semantic-rule.js} +0 -0
- /package/rules/common/C047_no_duplicate_retry_logic/{symbol-analyzer-enhanced.js → typescript/symbol-analyzer-enhanced.js} +0 -0
- /package/rules/common/C047_no_duplicate_retry_logic/{symbol-config.json → typescript/symbol-config.json} +0 -0
- /package/rules/common/C048_no_bypass_architectural_layers/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C048_no_bypass_architectural_layers/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/common/C052_parsing_or_data_transformation/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C052_parsing_or_data_transformation/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/common/C060_no_override_superclass/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C060_no_override_superclass/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/common/C065_one_behavior_per_test/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C067_no_hardcoded_config/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C067_no_hardcoded_config/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/common/C070_no_real_time_tests/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C070_no_real_time_tests/{regex-analyzer.js → typescript/regex-analyzer.js} +0 -0
- /package/rules/common/C072_single_test_behavior/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C073_validate_required_config_on_startup/{README.md → typescript/README.md} +0 -0
- /package/rules/common/C073_validate_required_config_on_startup/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/common/C075_explicit_return_types/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C076_explicit_function_types/{README.md → typescript/README.md} +0 -0
- /package/rules/common/C076_explicit_function_types/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/common/C076_explicit_function_types/{semantic-analyzer.js → typescript/semantic-analyzer.js} +0 -0
- /package/rules/security/S003_open_redirect_protection/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S004_sensitive_data_logging/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S004_sensitive_data_logging/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S005_no_origin_auth/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S005_no_origin_auth/{ast-analyzer.js → typescript/ast-analyzer.js} +0 -0
- /package/rules/security/S005_no_origin_auth/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S006_no_plaintext_recovery_codes/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S006_no_plaintext_recovery_codes/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S006_no_plaintext_recovery_codes/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S007_no_plaintext_otp/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S007_no_plaintext_otp/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S007_no_plaintext_otp/{semantic-analyzer.js → typescript/semantic-analyzer.js} +0 -0
- /package/rules/security/S007_no_plaintext_otp/{semantic-config.json → typescript/semantic-config.json} +0 -0
- /package/rules/security/S007_no_plaintext_otp/{semantic-wrapper.js → typescript/semantic-wrapper.js} +0 -0
- /package/rules/security/S009_no_insecure_encryption/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S009_no_insecure_encryption/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S010_no_insecure_encryption/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S010_no_insecure_encryption/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S011_secure_guid_generation/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S011_secure_guid_generation/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S011_secure_guid_generation/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S012_hardcoded_secrets/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S012_hardcoded_secrets/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S013_tls_enforcement/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S013_tls_enforcement/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S013_tls_enforcement/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S014_tls_version_enforcement/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S014_tls_version_enforcement/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S014_tls_version_enforcement/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S015_insecure_tls_certificate/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S015_insecure_tls_certificate/{ast-analyzer.js → typescript/ast-analyzer.js} +0 -0
- /package/rules/security/S016_no_sensitive_querystring/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S016_no_sensitive_querystring/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/security/S016_no_sensitive_querystring/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S017_use_parameterized_queries/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S017_use_parameterized_queries/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S017_use_parameterized_queries/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S019_smtp_injection_protection/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S019_smtp_injection_protection/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S020_no_eval_dynamic_code/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S020_no_eval_dynamic_code/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S020_no_eval_dynamic_code/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S022_escape_output_context/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S022_escape_output_context/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S023_no_json_injection/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S023_no_json_injection/{ast-analyzer.js → typescript/ast-analyzer.js} +0 -0
- /package/rules/security/S024_xpath_xxe_protection/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S024_xpath_xxe_protection/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/security/S024_xpath_xxe_protection/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S025_server_side_validation/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S025_server_side_validation/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S025_server_side_validation/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/security/S025_server_side_validation/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S026_json_schema_validation/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S027_no_hardcoded_secrets/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S027_no_hardcoded_secrets/{categories.json → typescript/categories.json} +0 -0
- /package/rules/security/S027_no_hardcoded_secrets/{categorized-analyzer.js → typescript/categorized-analyzer.js} +0 -0
- /package/rules/security/S028_file_upload_size_limits/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S028_file_upload_size_limits/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S028_file_upload_size_limits/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S029_csrf_protection/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S030_directory_browsing_protection/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S030_directory_browsing_protection/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S030_directory_browsing_protection/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/security/S030_directory_browsing_protection/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S031_secure_session_cookies/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S031_secure_session_cookies/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S031_secure_session_cookies/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S032_httponly_session_cookies/{FRAMEWORK_SUPPORT.md → typescript/FRAMEWORK_SUPPORT.md} +0 -0
- /package/rules/security/S032_httponly_session_cookies/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S032_httponly_session_cookies/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S032_httponly_session_cookies/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/security/S032_httponly_session_cookies/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S033_samesite_session_cookies/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S033_samesite_session_cookies/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S033_samesite_session_cookies/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/security/S033_samesite_session_cookies/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S034_host_prefix_session_cookies/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S034_host_prefix_session_cookies/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S034_host_prefix_session_cookies/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/security/S034_host_prefix_session_cookies/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S035_path_session_cookies/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S035_path_session_cookies/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S035_path_session_cookies/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/security/S035_path_session_cookies/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S036_lfi_rfi_protection/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S037_cache_headers/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S037_cache_headers/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S037_cache_headers/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/security/S037_cache_headers/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S038_no_version_headers/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S038_no_version_headers/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S038_no_version_headers/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/security/S038_no_version_headers/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S039_no_session_tokens_in_url/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S039_no_session_tokens_in_url/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S039_no_session_tokens_in_url/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/security/S039_no_session_tokens_in_url/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S040_session_fixation_protection/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S041_session_token_invalidation/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S041_session_token_invalidation/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S041_session_token_invalidation/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/security/S041_session_token_invalidation/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S042_require_re_authentication_for_long_lived/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S042_require_re_authentication_for_long_lived/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S042_require_re_authentication_for_long_lived/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S043_password_changes_invalidate_all_sessions/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S043_password_changes_invalidate_all_sessions/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S043_password_changes_invalidate_all_sessions/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S044_re_authentication_required/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S044_re_authentication_required/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S044_re_authentication_required/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/security/S044_re_authentication_required/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S045_brute_force_protection/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S045_brute_force_protection/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S045_brute_force_protection/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S048_no_current_password_in_reset/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S048_no_current_password_in_reset/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S049_short_validity_tokens/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S049_short_validity_tokens/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/security/S049_short_validity_tokens/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S051_password_length_policy/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S052_weak_otp_entropy/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S054_no_default_accounts/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S054_no_default_accounts/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S055_content_type_validation/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S055_content_type_validation/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S055_content_type_validation/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S056_log_injection_protection/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S056_log_injection_protection/{regex-based-analyzer.js → typescript/regex-based-analyzer.js} +0 -0
- /package/rules/security/S056_log_injection_protection/{symbol-based-analyzer.js → typescript/symbol-based-analyzer.js} +0 -0
- /package/rules/security/S057_utc_logging/{README.md → typescript/README.md} +0 -0
- /package/rules/security/S057_utc_logging/{analyzer.js → typescript/analyzer.js} +0 -0
- /package/rules/security/S058_no_ssrf/{README.md → typescript/README.md} +0 -0
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
{
|
|
2
|
+
"ruleId": "S051",
|
|
3
|
+
"name": "Support 12–64 char passwords; reject >128",
|
|
4
|
+
"description": "Enforce modern password length policy (min 12, typical max 64; reject >128) and align FE/BE validators. Warn on bcrypt 72-byte truncation.",
|
|
5
|
+
"category": "security",
|
|
6
|
+
"severity": "error",
|
|
7
|
+
"options": {
|
|
8
|
+
"lengthPolicy": {
|
|
9
|
+
"minAllowedRange": {
|
|
10
|
+
"min": 8,
|
|
11
|
+
"recommended": 12,
|
|
12
|
+
"warnBelow": 12,
|
|
13
|
+
"errorBelow": 8
|
|
14
|
+
},
|
|
15
|
+
"maxRecommended": 64,
|
|
16
|
+
"hardRejectLength": 128
|
|
17
|
+
},
|
|
18
|
+
"mode": "strict",
|
|
19
|
+
"passwordIdentifiers": [
|
|
20
|
+
"password", "newPassword", "oldPassword", "confirmPassword",
|
|
21
|
+
"passwd", "pwd", "passphrase", "secret", "credential"
|
|
22
|
+
],
|
|
23
|
+
"uiHints": [
|
|
24
|
+
"type=[\"']password[\"']",
|
|
25
|
+
"placeholder.*password",
|
|
26
|
+
"label.*password",
|
|
27
|
+
"i18n.*password"
|
|
28
|
+
],
|
|
29
|
+
"contextSignals": {
|
|
30
|
+
"routes": ["auth", "signup", "register", "login", "reset", "change-password"],
|
|
31
|
+
"files": ["auth", "password", "credential", "security"],
|
|
32
|
+
"methods": ["hashPassword", "validatePassword", "checkPassword"]
|
|
33
|
+
},
|
|
34
|
+
"validatorPatterns": {
|
|
35
|
+
"fe": [
|
|
36
|
+
"minLength\\s*:\\s*(\\d+)",
|
|
37
|
+
"maxLength\\s*:\\s*(\\d+)",
|
|
38
|
+
"yup\\.string\\(\\).*\\.min\\((\\d+)\\).*\\.max\\((\\d+)\\)",
|
|
39
|
+
"z\\.string\\(\\).*\\.min\\((\\d+)\\).*\\.max\\((\\d+)\\)",
|
|
40
|
+
"Validators\\.minLength\\((\\d+)\\)",
|
|
41
|
+
"Validators\\.maxLength\\((\\d+)\\)",
|
|
42
|
+
"minlength=[\"']?(\\d+)[\"']?",
|
|
43
|
+
"maxlength=[\"']?(\\d+)[\"']?"
|
|
44
|
+
],
|
|
45
|
+
"be": [
|
|
46
|
+
"Joi\\.string\\(\\).*min\\((\\d+)\\).*max\\((\\d+)\\)",
|
|
47
|
+
"Length\\s*\\(\\s*min\\s*=\\s*(\\d+).*max\\s*=\\s*(\\d+)\\)",
|
|
48
|
+
"@Size\\s*\\(\\s*min\\s*=\\s*(\\d+).*max\\s*=\\s*(\\d+)\\)",
|
|
49
|
+
"if\\s*\\(.*password\\.length\\s*[<>]=?\\s*(\\d+)\\)"
|
|
50
|
+
]
|
|
51
|
+
},
|
|
52
|
+
"bcryptHints": {
|
|
53
|
+
"apis": [
|
|
54
|
+
"bcrypt\\.", "BCrypt\\.", "bcryptjs", "@nestjs/bcrypt",
|
|
55
|
+
"org\\.springframework\\.security\\.crypto\\.bcrypt"
|
|
56
|
+
],
|
|
57
|
+
"warnOnMissingLengthCheck": true,
|
|
58
|
+
"byteLimit": 72,
|
|
59
|
+
"checkMethods": ["hash", "hashSync", "compare", "compareSync"]
|
|
60
|
+
},
|
|
61
|
+
"crossFileAnalysis": {
|
|
62
|
+
"enabled": true,
|
|
63
|
+
"compareFeBeMinMax": true,
|
|
64
|
+
"warnOnMismatch": true,
|
|
65
|
+
"toleranceDiff": 2
|
|
66
|
+
},
|
|
67
|
+
"policy": {
|
|
68
|
+
"requireMinSignals": 2,
|
|
69
|
+
"alignFeBe": true,
|
|
70
|
+
"rejectOverHardLimit": true,
|
|
71
|
+
"priorityOrder": ["weak_validators", "bcrypt_issues", "hard_limit"]
|
|
72
|
+
},
|
|
73
|
+
"allowlist": {
|
|
74
|
+
"paths": ["test/", "tests/", "__tests__/", "fixtures/", "mocks/", "dummy/"],
|
|
75
|
+
"notes": "Test and dummy files may have different password requirements"
|
|
76
|
+
},
|
|
77
|
+
"thresholds": {
|
|
78
|
+
"maxWeakValidators": 0,
|
|
79
|
+
"maxBcryptWithoutLengthCheck": 0,
|
|
80
|
+
"maxMissingHardLimit": 1
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* S052 Dart Analyzer
|
|
3
|
+
* JS wrapper that delegates to DartAnalyzer binary.
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
class DartS052Analyzer {
|
|
7
|
+
constructor() {
|
|
8
|
+
this.ruleId = 'S052';
|
|
9
|
+
this.language = 'dart';
|
|
10
|
+
}
|
|
11
|
+
|
|
12
|
+
getMetadata() {
|
|
13
|
+
return {
|
|
14
|
+
ruleId: 'S052',
|
|
15
|
+
language: 'dart',
|
|
16
|
+
delegateTo: 'dart_analyzer'
|
|
17
|
+
};
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
async analyze(files, language, options) {
|
|
21
|
+
// Delegated to DartAnalyzer binary via heuristic-engine.js
|
|
22
|
+
return [];
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
supportsLanguage(language) {
|
|
26
|
+
return language === 'dart';
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
module.exports = DartS052Analyzer;
|
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* S052 Rule Router
|
|
3
|
+
* Routes analysis to the appropriate language-specific analyzer.
|
|
4
|
+
* Supports: TypeScript, JavaScript, Dart
|
|
5
|
+
*/
|
|
6
|
+
|
|
7
|
+
const path = require('path');
|
|
8
|
+
|
|
9
|
+
class S052Router {
|
|
10
|
+
constructor() {
|
|
11
|
+
this.analyzers = new Map();
|
|
12
|
+
this.ruleId = 'S052';
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
getAnalyzer(language) {
|
|
16
|
+
const normalizedLang = this.normalizeLanguage(language);
|
|
17
|
+
|
|
18
|
+
if (!this.analyzers.has(normalizedLang)) {
|
|
19
|
+
try {
|
|
20
|
+
const analyzerPath = path.join(__dirname, normalizedLang, 'analyzer.js');
|
|
21
|
+
const AnalyzerClass = require(analyzerPath);
|
|
22
|
+
this.analyzers.set(normalizedLang, new AnalyzerClass());
|
|
23
|
+
} catch (error) {
|
|
24
|
+
return null;
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
return this.analyzers.get(normalizedLang);
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
normalizeLanguage(language) {
|
|
32
|
+
if (typeof language !== 'string') {
|
|
33
|
+
return 'typescript';
|
|
34
|
+
}
|
|
35
|
+
const languageMap = {
|
|
36
|
+
'typescript': 'typescript',
|
|
37
|
+
'javascript': 'typescript',
|
|
38
|
+
'ts': 'typescript',
|
|
39
|
+
'js': 'typescript',
|
|
40
|
+
'dart': 'dart'
|
|
41
|
+
};
|
|
42
|
+
return languageMap[language.toLowerCase()] || language.toLowerCase();
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
supportsLanguage(language) {
|
|
46
|
+
if (typeof language !== 'string') return false;
|
|
47
|
+
const supported = ['typescript', 'javascript', 'ts', 'js', 'dart'];
|
|
48
|
+
return supported.includes(language.toLowerCase());
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
getSupportedLanguages() {
|
|
52
|
+
return ['typescript', 'javascript', 'dart'];
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
async analyze(files, language, options = {}) {
|
|
56
|
+
const analyzer = this.getAnalyzer(language);
|
|
57
|
+
if (!analyzer) return [];
|
|
58
|
+
if (typeof analyzer.analyze === 'function') {
|
|
59
|
+
return analyzer.analyze(files, language, options);
|
|
60
|
+
}
|
|
61
|
+
return [];
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
async initialize(semanticEngineOrLanguage = null, semanticEngine = null) {
|
|
65
|
+
let engine = semanticEngine;
|
|
66
|
+
let lang = null;
|
|
67
|
+
|
|
68
|
+
if (typeof semanticEngineOrLanguage === 'string') {
|
|
69
|
+
lang = semanticEngineOrLanguage;
|
|
70
|
+
} else if (semanticEngineOrLanguage && typeof semanticEngineOrLanguage === 'object') {
|
|
71
|
+
engine = semanticEngineOrLanguage;
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
if (lang) {
|
|
75
|
+
const analyzer = this.getAnalyzer(lang);
|
|
76
|
+
if (analyzer && typeof analyzer.initialize === 'function') {
|
|
77
|
+
await analyzer.initialize(engine);
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
module.exports = new S052Router();
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
{
|
|
2
|
+
"ruleId": "S052",
|
|
3
|
+
"name": "OTP must have ≥20-bit entropy (≥6 digits) and use CSPRNG",
|
|
4
|
+
"description": "Prevent guessable OTP by enforcing CSPRNG and minimal entropy. Ban non-crypto RNG and too-short codes.",
|
|
5
|
+
"category": "security",
|
|
6
|
+
"severity": "error",
|
|
7
|
+
"options": {
|
|
8
|
+
"otpIdentifiers": [
|
|
9
|
+
"otp","oneTime","one_time","passcode","verificationCode","verifyCode",
|
|
10
|
+
"confirmCode","pin","totp","hotp","resetCode","activationCode"
|
|
11
|
+
],
|
|
12
|
+
"bannedRngApis": {
|
|
13
|
+
"typescript": ["Math\\.random\\s*\\("],
|
|
14
|
+
"javascript": ["Math\\.random\\s*\\("],
|
|
15
|
+
"node": ["crypto\\.pseudoRandomBytes\\s*\\("],
|
|
16
|
+
"java": ["new\\s+Random\\s*\\(","ThreadLocalRandom\\.current\\s*\\("],
|
|
17
|
+
"kotlin": ["kotlin\\.random\\.Random(\\.Default)?"],
|
|
18
|
+
"dart": ["new\\s+Random\\s*\\(","Random\\s*\\("]
|
|
19
|
+
},
|
|
20
|
+
"allowedRngApis": {
|
|
21
|
+
"node": ["crypto\\.randomInt\\s*\\(","crypto\\.randomBytes\\s*\\("],
|
|
22
|
+
"java": ["new\\s+SecureRandom\\s*\\("],
|
|
23
|
+
"kotlin": ["java\\.security\\.SecureRandom"],
|
|
24
|
+
"dart": ["Random\\.secure\\s*\\("]
|
|
25
|
+
},
|
|
26
|
+
"lengthChecks": {
|
|
27
|
+
"numericMinDigits": 6,
|
|
28
|
+
"alphanumericMinLength": 6,
|
|
29
|
+
"regexBadNumeric4": "\\\\b\\\\d{4}\\\\b"
|
|
30
|
+
},
|
|
31
|
+
"totpHotpHints": {
|
|
32
|
+
"requireStandardLib": true,
|
|
33
|
+
"minSecretBits": 128,
|
|
34
|
+
"maxTimeStepSeconds": 30,
|
|
35
|
+
"maxWindow": 1
|
|
36
|
+
},
|
|
37
|
+
"policy": {
|
|
38
|
+
"requireCsprng": true,
|
|
39
|
+
"forbidNonCryptoRng": true,
|
|
40
|
+
"forbidFourDigitOtp": true,
|
|
41
|
+
"requireNoLoggingOfOtp": true,
|
|
42
|
+
"requireSingleUseAndTtl": true
|
|
43
|
+
},
|
|
44
|
+
"detectionHeuristics": {
|
|
45
|
+
"variableNameMatchBoost": true,
|
|
46
|
+
"builderFunctions": ["generateOtp","issueOtp","createCode","sendOtp","totp","hotp"]
|
|
47
|
+
},
|
|
48
|
+
"allowlist": {
|
|
49
|
+
"paths": ["test/","tests/","__tests__/","fixtures/","mocks/"],
|
|
50
|
+
"notes": "Trong test vẫn cấm 4-digit OTP nếu test chạy e2e với hệ thật."
|
|
51
|
+
},
|
|
52
|
+
"thresholds": {
|
|
53
|
+
"maxBannedRngUsages": 0,
|
|
54
|
+
"maxShortOtpPatterns": 0
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* S054 Dart Analyzer
|
|
3
|
+
* JS wrapper that delegates to DartAnalyzer binary.
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
class DartS054Analyzer {
|
|
7
|
+
constructor() {
|
|
8
|
+
this.ruleId = 'S054';
|
|
9
|
+
this.language = 'dart';
|
|
10
|
+
}
|
|
11
|
+
|
|
12
|
+
getMetadata() {
|
|
13
|
+
return {
|
|
14
|
+
ruleId: 'S054',
|
|
15
|
+
language: 'dart',
|
|
16
|
+
delegateTo: 'dart_analyzer'
|
|
17
|
+
};
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
async analyze(files, language, options) {
|
|
21
|
+
// Delegated to DartAnalyzer binary via heuristic-engine.js
|
|
22
|
+
return [];
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
supportsLanguage(language) {
|
|
26
|
+
return language === 'dart';
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
module.exports = DartS054Analyzer;
|
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* S054 Rule Router
|
|
3
|
+
* Routes analysis to the appropriate language-specific analyzer.
|
|
4
|
+
* Supports: TypeScript, JavaScript, Dart
|
|
5
|
+
*/
|
|
6
|
+
|
|
7
|
+
const path = require('path');
|
|
8
|
+
|
|
9
|
+
class S054Router {
|
|
10
|
+
constructor() {
|
|
11
|
+
this.analyzers = new Map();
|
|
12
|
+
this.ruleId = 'S054';
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
getAnalyzer(language) {
|
|
16
|
+
const normalizedLang = this.normalizeLanguage(language);
|
|
17
|
+
|
|
18
|
+
if (!this.analyzers.has(normalizedLang)) {
|
|
19
|
+
try {
|
|
20
|
+
const analyzerPath = path.join(__dirname, normalizedLang, 'analyzer.js');
|
|
21
|
+
const AnalyzerClass = require(analyzerPath);
|
|
22
|
+
this.analyzers.set(normalizedLang, new AnalyzerClass());
|
|
23
|
+
} catch (error) {
|
|
24
|
+
return null;
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
return this.analyzers.get(normalizedLang);
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
normalizeLanguage(language) {
|
|
32
|
+
if (typeof language !== 'string') {
|
|
33
|
+
return 'typescript';
|
|
34
|
+
}
|
|
35
|
+
const languageMap = {
|
|
36
|
+
'typescript': 'typescript',
|
|
37
|
+
'javascript': 'typescript',
|
|
38
|
+
'ts': 'typescript',
|
|
39
|
+
'js': 'typescript',
|
|
40
|
+
'dart': 'dart'
|
|
41
|
+
};
|
|
42
|
+
return languageMap[language.toLowerCase()] || language.toLowerCase();
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
supportsLanguage(language) {
|
|
46
|
+
if (typeof language !== 'string') return false;
|
|
47
|
+
const supported = ['typescript', 'javascript', 'ts', 'js', 'dart'];
|
|
48
|
+
return supported.includes(language.toLowerCase());
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
getSupportedLanguages() {
|
|
52
|
+
return ['typescript', 'javascript', 'dart'];
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
async analyze(files, language, options = {}) {
|
|
56
|
+
const analyzer = this.getAnalyzer(language);
|
|
57
|
+
if (!analyzer) return [];
|
|
58
|
+
if (typeof analyzer.analyze === 'function') {
|
|
59
|
+
return analyzer.analyze(files, language, options);
|
|
60
|
+
}
|
|
61
|
+
return [];
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
async initialize(semanticEngineOrLanguage = null, semanticEngine = null) {
|
|
65
|
+
let engine = semanticEngine;
|
|
66
|
+
let lang = null;
|
|
67
|
+
|
|
68
|
+
if (typeof semanticEngineOrLanguage === 'string') {
|
|
69
|
+
lang = semanticEngineOrLanguage;
|
|
70
|
+
} else if (semanticEngineOrLanguage && typeof semanticEngineOrLanguage === 'object') {
|
|
71
|
+
engine = semanticEngineOrLanguage;
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
if (lang) {
|
|
75
|
+
const analyzer = this.getAnalyzer(lang);
|
|
76
|
+
if (analyzer && typeof analyzer.initialize === 'function') {
|
|
77
|
+
await analyzer.initialize(engine);
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
module.exports = new S054Router();
|
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
{
|
|
2
|
+
"ruleId": "S054",
|
|
3
|
+
"name": "Disallow Default/Built-in Accounts (admin/root/sa/...)",
|
|
4
|
+
"description": "Prevent use of default or shared accounts. Enforce per-user identities, initial password change, and disabling well-known built-ins.",
|
|
5
|
+
"category": "security",
|
|
6
|
+
"severity": "error",
|
|
7
|
+
"options": {
|
|
8
|
+
"blockedUsernames": [
|
|
9
|
+
"admin","root","sa","test","guest","operator","super","superuser","sys",
|
|
10
|
+
"postgres","mysql","mssql","oracle","elastic","kibana","grafana",
|
|
11
|
+
"administrator", "demo", "example", "default", "public", "anonymous",
|
|
12
|
+
"user", "password", "service", "support", "backup", "monitor"
|
|
13
|
+
],
|
|
14
|
+
"codeCreationPatterns": [
|
|
15
|
+
"create(User|Account)\\s*\\(",
|
|
16
|
+
"new\\s+User\\s*\\(",
|
|
17
|
+
"user(Name|name|_name)\\s*:",
|
|
18
|
+
"username\\s*=\\s*",
|
|
19
|
+
"setUser(Name|name)\\s*\\(",
|
|
20
|
+
"addUser\\s*\\(",
|
|
21
|
+
"registerUser\\s*\\(",
|
|
22
|
+
"createAccount\\s*\\("
|
|
23
|
+
],
|
|
24
|
+
"sqlInsertUserPatterns": [
|
|
25
|
+
"INSERT\\s+INTO\\s+\\w*user\\w*\\s*\\(",
|
|
26
|
+
"UPSERT\\s+INTO\\s+\\w*user\\w*\\s*\\(",
|
|
27
|
+
"CREATE\\s+USER\\s+",
|
|
28
|
+
"GRANT\\s+.+\\s+TO\\s+",
|
|
29
|
+
"REVOKE\\s+.+\\s+FROM\\s+"
|
|
30
|
+
],
|
|
31
|
+
"infraPatterns": {
|
|
32
|
+
"terraform": [
|
|
33
|
+
"username\\s*=\\s*\"(admin|root|sa|test|guest)\"",
|
|
34
|
+
"user\\s*=\\s*\"(admin|root|sa|test|guest)\"",
|
|
35
|
+
"admin_username\\s*=\\s*\"(admin|root|sa|test|guest)\""
|
|
36
|
+
],
|
|
37
|
+
"helmValues": [
|
|
38
|
+
"admin(User|Password)\\s*:",
|
|
39
|
+
"default(User|Pass)\\s*:",
|
|
40
|
+
"root(User|Password)\\s*:",
|
|
41
|
+
"service(User|Account)\\s*:"
|
|
42
|
+
],
|
|
43
|
+
"docker": [
|
|
44
|
+
"ENV\\s+.*(USER|USERNAME|_ROOT_USERNAME)\\s*=\\s*(admin|root|sa)",
|
|
45
|
+
"POSTGRES_USER\\s*=\\s*(postgres|admin|root)",
|
|
46
|
+
"MONGO_INITDB_ROOT_USERNAME\\s*=\\s*(root|admin)",
|
|
47
|
+
"MYSQL_USER\\s*=\\s*(root|admin|mysql)",
|
|
48
|
+
"REDIS_USER\\s*=\\s*(redis|admin|root)"
|
|
49
|
+
],
|
|
50
|
+
"kubernetes": [
|
|
51
|
+
"serviceAccount:\\s*default",
|
|
52
|
+
"user:\\s*(admin|root|sa|test|guest)",
|
|
53
|
+
"username:\\s*(admin|root|sa|test|guest)"
|
|
54
|
+
]
|
|
55
|
+
},
|
|
56
|
+
"docPatterns": [
|
|
57
|
+
"login\\s*[:=]\\s*(admin|root|sa|test|guest)",
|
|
58
|
+
"user\\s*[:=]\\s*(admin|root|sa|test|guest)",
|
|
59
|
+
"username\\s*[:=]\\s*(admin|root|sa|test|guest)",
|
|
60
|
+
"password\\s*[:=]\\s*(admin|root|sa|test|guest|password|123456)"
|
|
61
|
+
],
|
|
62
|
+
"passwordSmells": [
|
|
63
|
+
"password", "123456", "admin", "Admin@123", "Password1", "changeme",
|
|
64
|
+
"default", "qwerty", "letmein", "welcome", "secret", "pass123",
|
|
65
|
+
"root", "toor", "administrator", "guest"
|
|
66
|
+
],
|
|
67
|
+
"configFilePatterns": [
|
|
68
|
+
"database\\.(username|user)\\s*=\\s*(admin|root|sa)",
|
|
69
|
+
"db\\.(username|user)\\s*=\\s*(admin|root|sa)",
|
|
70
|
+
"auth\\.(username|user)\\s*=\\s*(admin|root|sa)",
|
|
71
|
+
"admin\\.(username|user)\\s*=\\s*",
|
|
72
|
+
"spring\\.datasource\\.username\\s*=\\s*(admin|root|sa)"
|
|
73
|
+
],
|
|
74
|
+
"policy": {
|
|
75
|
+
"requirePerUserAccount": true,
|
|
76
|
+
"requireInitialPasswordChange": true,
|
|
77
|
+
"forbidWellKnownServiceAccountsInAppDB": true,
|
|
78
|
+
"allowOnlyInEphemeralTests": true,
|
|
79
|
+
"mustDisableBuiltInsOnInfra": true
|
|
80
|
+
},
|
|
81
|
+
"allowlist": {
|
|
82
|
+
"paths": [
|
|
83
|
+
"test/", "tests/", "__tests__/", "e2e/", "playground/",
|
|
84
|
+
"local-dev/", "demo/", "example/", "mock/", "fixture/",
|
|
85
|
+
"spec/", ".spec.", ".test."
|
|
86
|
+
],
|
|
87
|
+
"notes": "Vẫn cảnh báo nếu xuất hiện mật khẩu mặc định; cho phép username cấm chỉ khi data giả lập không public và không nối vào môi trường thật."
|
|
88
|
+
},
|
|
89
|
+
"thresholds": {
|
|
90
|
+
"maxFindings": 0,
|
|
91
|
+
"maxInAllowedPaths": 2,
|
|
92
|
+
"maxPasswordSmells": 0
|
|
93
|
+
},
|
|
94
|
+
"exemptions": {
|
|
95
|
+
"testDirectories": ["test", "tests", "__tests__", "e2e", "spec"],
|
|
96
|
+
"configFiles": ["jest.config", "test.config", "local.config"],
|
|
97
|
+
"allowTestData": true,
|
|
98
|
+
"allowDocumentationExamples": false
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* S055 Dart Analyzer
|
|
3
|
+
* JS wrapper that delegates to DartAnalyzer binary.
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
class DartS055Analyzer {
|
|
7
|
+
constructor() {
|
|
8
|
+
this.ruleId = 'S055';
|
|
9
|
+
this.language = 'dart';
|
|
10
|
+
}
|
|
11
|
+
|
|
12
|
+
getMetadata() {
|
|
13
|
+
return {
|
|
14
|
+
ruleId: 'S055',
|
|
15
|
+
language: 'dart',
|
|
16
|
+
delegateTo: 'dart_analyzer'
|
|
17
|
+
};
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
async analyze(files, language, options) {
|
|
21
|
+
// Delegated to DartAnalyzer binary via heuristic-engine.js
|
|
22
|
+
return [];
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
supportsLanguage(language) {
|
|
26
|
+
return language === 'dart';
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
module.exports = DartS055Analyzer;
|
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* S055 Rule Router
|
|
3
|
+
* Routes analysis to the appropriate language-specific analyzer.
|
|
4
|
+
* Supports: TypeScript, JavaScript, Dart
|
|
5
|
+
*/
|
|
6
|
+
|
|
7
|
+
const path = require('path');
|
|
8
|
+
|
|
9
|
+
class S055Router {
|
|
10
|
+
constructor() {
|
|
11
|
+
this.analyzers = new Map();
|
|
12
|
+
this.ruleId = 'S055';
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
getAnalyzer(language) {
|
|
16
|
+
const normalizedLang = this.normalizeLanguage(language);
|
|
17
|
+
|
|
18
|
+
if (!this.analyzers.has(normalizedLang)) {
|
|
19
|
+
try {
|
|
20
|
+
const analyzerPath = path.join(__dirname, normalizedLang, 'analyzer.js');
|
|
21
|
+
const AnalyzerClass = require(analyzerPath);
|
|
22
|
+
this.analyzers.set(normalizedLang, new AnalyzerClass());
|
|
23
|
+
} catch (error) {
|
|
24
|
+
return null;
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
return this.analyzers.get(normalizedLang);
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
normalizeLanguage(language) {
|
|
32
|
+
if (typeof language !== 'string') {
|
|
33
|
+
return 'typescript';
|
|
34
|
+
}
|
|
35
|
+
const languageMap = {
|
|
36
|
+
'typescript': 'typescript',
|
|
37
|
+
'javascript': 'typescript',
|
|
38
|
+
'ts': 'typescript',
|
|
39
|
+
'js': 'typescript',
|
|
40
|
+
'dart': 'dart'
|
|
41
|
+
};
|
|
42
|
+
return languageMap[language.toLowerCase()] || language.toLowerCase();
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
supportsLanguage(language) {
|
|
46
|
+
if (typeof language !== 'string') return false;
|
|
47
|
+
const supported = ['typescript', 'javascript', 'ts', 'js', 'dart'];
|
|
48
|
+
return supported.includes(language.toLowerCase());
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
getSupportedLanguages() {
|
|
52
|
+
return ['typescript', 'javascript', 'dart'];
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
async analyze(files, language, options = {}) {
|
|
56
|
+
const analyzer = this.getAnalyzer(language);
|
|
57
|
+
if (!analyzer) return [];
|
|
58
|
+
if (typeof analyzer.analyze === 'function') {
|
|
59
|
+
return analyzer.analyze(files, language, options);
|
|
60
|
+
}
|
|
61
|
+
return [];
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
async initialize(semanticEngineOrLanguage = null, semanticEngine = null) {
|
|
65
|
+
let engine = semanticEngine;
|
|
66
|
+
let lang = null;
|
|
67
|
+
|
|
68
|
+
if (typeof semanticEngineOrLanguage === 'string') {
|
|
69
|
+
lang = semanticEngineOrLanguage;
|
|
70
|
+
} else if (semanticEngineOrLanguage && typeof semanticEngineOrLanguage === 'object') {
|
|
71
|
+
engine = semanticEngineOrLanguage;
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
if (lang) {
|
|
75
|
+
const analyzer = this.getAnalyzer(lang);
|
|
76
|
+
if (analyzer && typeof analyzer.initialize === 'function') {
|
|
77
|
+
await analyzer.initialize(engine);
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
module.exports = new S055Router();
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* S056 Dart Analyzer
|
|
3
|
+
* JS wrapper that delegates to DartAnalyzer binary.
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
class DartS056Analyzer {
|
|
7
|
+
constructor() {
|
|
8
|
+
this.ruleId = 'S056';
|
|
9
|
+
this.language = 'dart';
|
|
10
|
+
}
|
|
11
|
+
|
|
12
|
+
getMetadata() {
|
|
13
|
+
return {
|
|
14
|
+
ruleId: 'S056',
|
|
15
|
+
language: 'dart',
|
|
16
|
+
delegateTo: 'dart_analyzer'
|
|
17
|
+
};
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
async analyze(files, language, options) {
|
|
21
|
+
// Delegated to DartAnalyzer binary via heuristic-engine.js
|
|
22
|
+
return [];
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
supportsLanguage(language) {
|
|
26
|
+
return language === 'dart';
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
module.exports = DartS056Analyzer;
|