@sun-asterisk/sunlint 1.3.43 → 1.3.44

package/dart_analyzer/lib/rules/security/S060_password_minimum_length.dart

@@ -0,0 +1,170 @@
+import 'package:analyzer/dart/ast/ast.dart';
+import 'package:analyzer/dart/ast/visitor.dart';
+import 'package:analyzer/source/line_info.dart';
+
+import '../../models/rule.dart';
+import '../../models/violation.dart';
+import '../base_analyzer.dart';
+
+/// S060: Enforce minimum password length of 8 characters, recommend 15+
+/// Detect weak password length requirements
+class S060PasswordMinimumLengthAnalyzer extends BaseAnalyzer {
+  @override
+  String get ruleId => 'S060';
+
+  @override
+  List<Violation> analyze({
+    required CompilationUnit unit,
+    required String filePath,
+    required Rule rule,
+    required LineInfo lineInfo,
+  }) {
+    final violations = <Violation>[];
+    final visitor = _S060Visitor(
+      filePath: filePath,
+      lineInfo: lineInfo,
+      violations: violations,
+      analyzer: this,
+    );
+    unit.accept(visitor);
+    return violations;
+  }
+}
+
+class _S060Visitor extends RecursiveAstVisitor<void> {
+  final String filePath;
+  final LineInfo lineInfo;
+  final List<Violation> violations;
+  final S060PasswordMinimumLengthAnalyzer analyzer;
+
+  _S060Visitor({
+    required this.filePath,
+    required this.lineInfo,
+    required this.violations,
+    required this.analyzer,
+  });
+
+  @override
+  void visitBinaryExpression(BinaryExpression node) {
+    final source = node.toSource().toLowerCase();
+
+    // Check for password length validation with weak minimum
+    if (source.contains('password') && source.contains('length')) {
+      // Check for comparisons with values less than 8
+      final right = node.rightOperand;
+      if (right is IntegerLiteral) {
+        final value = right.value ?? 0;
+        final operator = node.operator.lexeme;
+
+        // password.length < 8 or password.length <= 7 or password.length >= 4
+        if ((operator == '<' && value <= 8) ||
+            (operator == '<=' && value < 8) ||
+            (operator == '>=' && value < 8) ||
+            (operator == '>' && value < 7) ||
+            (operator == '==' && value < 8)) {
+          violations.add(analyzer.createViolation(
+            filePath: filePath,
+            line: analyzer.getLine(lineInfo, node.offset),
+            column: analyzer.getColumn(lineInfo, node.offset),
+            message:
+                'Password minimum length below 8 characters - NIST recommends 8+ minimum',
+          ));
+        }
+      }
+    }
+
+    super.visitBinaryExpression(node);
+  }
+
+  @override
+  void visitNamedExpression(NamedExpression node) {
+    final name = node.name.label.name.toLowerCase();
+    final expression = node.expression;
+
+    // Check for minLength in password context
+    if (name == 'minlength' || name == 'min' || name == 'minimumlength') {
+      if (expression is IntegerLiteral) {
+        final value = expression.value ?? 0;
+        if (value < 8) {
+          // Check if this is in password context
+          AstNode? current = node.parent;
+          int depth = 0;
+          while (current != null && depth < 10) {
+            final parentSource = current.toSource().toLowerCase();
+            if (parentSource.contains('password') ||
+                parentSource.contains('passwd') ||
+                parentSource.contains('pwd')) {
+              violations.add(analyzer.createViolation(
+                filePath: filePath,
+                line: analyzer.getLine(lineInfo, node.offset),
+                column: analyzer.getColumn(lineInfo, node.offset),
+                message:
+                    'Password minLength is $value - increase to at least 8',
+              ));
+              break;
+            }
+            current = current.parent;
+            depth++;
+          }
+        }
+      }
+    }
+
+    super.visitNamedExpression(node);
+  }
+
+  @override
+  void visitVariableDeclaration(VariableDeclaration node) {
+    final name = node.name.lexeme.toLowerCase();
+    final initializer = node.initializer;
+
+    // Check for password min length constants
+    if ((name.contains('password') && name.contains('min')) ||
+        name == 'minpasswordlength' ||
+        name == 'min_password_length') {
+      if (initializer is IntegerLiteral) {
+        final value = initializer.value ?? 0;
+        if (value < 8) {
+          violations.add(analyzer.createViolation(
+            filePath: filePath,
+            line: analyzer.getLine(lineInfo, node.offset),
+            column: analyzer.getColumn(lineInfo, node.offset),
+            message:
+                'Password minimum length constant is $value - increase to at least 8',
+          ));
+        }
+      }
+    }
+
+    super.visitVariableDeclaration(node);
+  }
+
+  @override
+  void visitMethodInvocation(MethodInvocation node) {
+    final methodName = node.methodName.name.toLowerCase();
+    final source = node.toSource().toLowerCase();
+
+    // Check for password validation methods with weak length check
+    if ((methodName.contains('validate') || methodName.contains('check')) &&
+        source.contains('password')) {
+      // Look for length checks in arguments
+      for (final arg in node.argumentList.arguments) {
+        if (arg is IntegerLiteral) {
+          final value = arg.value ?? 0;
+          // If small number in password validation, likely weak min length
+          if (value > 0 && value < 8) {
+            violations.add(analyzer.createViolation(
+              filePath: filePath,
+              line: analyzer.getLine(lineInfo, node.offset),
+              column: analyzer.getColumn(lineInfo, node.offset),
+              message:
+                  'Password validation with length $value - minimum should be 8',
+            ));
+          }
+        }
+      }
+    }
+
+    super.visitMethodInvocation(node);
+  }
+}

package/dart_analyzer/lib/symbol_table_extractor.dart

@@ -0,0 +1,510 @@
+import 'package:analyzer/dart/ast/ast.dart';
+import 'package:analyzer/dart/ast/visitor.dart';
+import 'package:analyzer/source/line_info.dart';
+
+import 'models/symbol_table.dart';
+
+/// Extracts symbol table information from a Dart AST
+/// Provides a normalized structure compatible with SunLint's TypeScript symbol tables
+class SymbolTableExtractor extends RecursiveAstVisitor<void> {
+  final String filePath;
+  final String fileName;
+  final LineInfo lineInfo;
+  final DateTime startTime;
+
+  final List<ImportInfo> _imports = [];
+  final List<ExportInfo> _exports = [];
+  final List<FunctionInfo> _functions = [];
+  final List<ClassInfo> _classes = [];
+  final List<MixinInfo> _mixins = [];
+  final List<ExtensionInfo> _extensions = [];
+  final List<EnumInfo> _enums = [];
+  final List<VariableInfo> _variables = [];
+  final List<ConstantInfo> _constants = [];
+  final List<FunctionCallInfo> _functionCalls = [];
+  final List<MethodCallInfo> _methodCalls = [];
+
+  SymbolTableExtractor({
+    required this.filePath,
+    required this.fileName,
+    required this.lineInfo,
+  }) : startTime = DateTime.now();
+
+  /// Extract symbol table from a compilation unit
+  SymbolTable extract(CompilationUnit unit) {
+    unit.accept(this);
+
+    final analysisTime =
+        DateTime.now().difference(startTime).inMilliseconds;
+
+    return SymbolTable(
+      filePath: filePath,
+      fileName: fileName,
+      imports: _imports,
+      exports: _exports,
+      functions: _functions,
+      classes: _classes,
+      mixins: _mixins,
+      extensions: _extensions,
+      enums: _enums,
+      variables: _variables,
+      constants: _constants,
+      functionCalls: _functionCalls,
+      methodCalls: _methodCalls,
+      lastModified: DateTime.now().millisecondsSinceEpoch,
+      analysisTime: analysisTime,
+    );
+  }
+
+  /// Get line number from offset
+  int _getLine(int offset) {
+    return lineInfo.getLocation(offset).lineNumber;
+  }
+
+  /// Get column from offset
+  int _getColumn(int offset) {
+    return lineInfo.getLocation(offset).columnNumber;
+  }
+
+  /// Extract documentation comment if present
+  String? _getDocumentation(AnnotatedNode node) {
+    final comment = node.documentationComment;
+    if (comment == null) return null;
+
+    return comment.tokens.map((t) => t.lexeme).join('\n');
+  }
+
+  // ============================================================
+  // Import/Export Visitors
+  // ============================================================
+
+  @override
+  void visitImportDirective(ImportDirective node) {
+    final uri = node.uri.stringValue ?? '';
+    final prefix = node.prefix?.name;
+
+    final showNames = <String>[];
+    final hideNames = <String>[];
+
+    for (final combinator in node.combinators) {
+      if (combinator is ShowCombinator) {
+        showNames.addAll(combinator.shownNames.map((e) => e.name));
+      } else if (combinator is HideCombinator) {
+        hideNames.addAll(combinator.hiddenNames.map((e) => e.name));
+      }
+    }
+
+    _imports.add(ImportInfo(
+      uri: uri,
+      prefix: prefix,
+      showNames: showNames,
+      hideNames: hideNames,
+      line: _getLine(node.offset),
+      isDeferred: node.deferredKeyword != null,
+    ));
+
+    super.visitImportDirective(node);
+  }
+
+  @override
+  void visitExportDirective(ExportDirective node) {
+    final uri = node.uri.stringValue ?? '';
+
+    final showNames = <String>[];
+    final hideNames = <String>[];
+
+    for (final combinator in node.combinators) {
+      if (combinator is ShowCombinator) {
+        showNames.addAll(combinator.shownNames.map((e) => e.name));
+      } else if (combinator is HideCombinator) {
+        hideNames.addAll(combinator.hiddenNames.map((e) => e.name));
+      }
+    }
+
+    _exports.add(ExportInfo(
+      uri: uri,
+      showNames: showNames,
+      hideNames: hideNames,
+      line: _getLine(node.offset),
+    ));
+
+    super.visitExportDirective(node);
+  }
+
+  // ============================================================
+  // Function Visitors
+  // ============================================================
+
+  @override
+  void visitFunctionDeclaration(FunctionDeclaration node) {
+    final functionExpression = node.functionExpression;
+    final parameters = _extractParameters(functionExpression.parameters);
+
+    _functions.add(FunctionInfo(
+      name: node.name.lexeme,
+      returnType: node.returnType?.toSource(),
+      parameters: parameters,
+      line: _getLine(node.offset),
+      column: _getColumn(node.offset),
+      isAsync: functionExpression.body.isAsynchronous,
+      isGenerator: functionExpression.body.isGenerator,
+      isExternal: node.externalKeyword != null,
+      documentation: _getDocumentation(node),
+    ));
+
+    super.visitFunctionDeclaration(node);
+  }
+
+  // ============================================================
+  // Class Visitors
+  // ============================================================
+
+  @override
+  void visitClassDeclaration(ClassDeclaration node) {
+    final methods = <MethodInfo>[];
+    final fields = <FieldInfo>[];
+    final constructors = <ConstructorInfo>[];
+
+    // Extract class members
+    for (final member in node.members) {
+      if (member is MethodDeclaration) {
+        methods.add(_extractMethod(member));
+      } else if (member is FieldDeclaration) {
+        fields.addAll(_extractFields(member));
+      } else if (member is ConstructorDeclaration) {
+        constructors.add(_extractConstructor(member));
+      }
+    }
+
+    // Extract superclass
+    final superclass = node.extendsClause?.superclass.name2.lexeme;
+
+    // Extract interfaces
+    final interfaces = node.implementsClause?.interfaces
+            .map((e) => e.name2.lexeme)
+            .toList() ??
+        [];
+
+    // Extract mixins
+    final mixins = node.withClause?.mixinTypes
+            .map((e) => e.name2.lexeme)
+            .toList() ??
+        [];
+
+    // Extract type parameters
+    final typeParameters = node.typeParameters?.typeParameters
+            .map((e) => e.name.lexeme)
+            .toList() ??
+        [];
+
+    _classes.add(ClassInfo(
+      name: node.name.lexeme,
+      superclass: superclass,
+      interfaces: interfaces,
+      mixins: mixins,
+      typeParameters: typeParameters,
+      methods: methods,
+      fields: fields,
+      constructors: constructors,
+      line: _getLine(node.offset),
+      column: _getColumn(node.offset),
+      isAbstract: node.abstractKeyword != null,
+      isSealed: node.sealedKeyword != null,
+      isFinal: node.finalKeyword != null,
+      isBase: node.baseKeyword != null,
+      isInterface: node.interfaceKeyword != null,
+      isMixin: node.mixinKeyword != null,
+      documentation: _getDocumentation(node),
+    ));
+
+    // Don't call super - we've already processed members
+  }
+
+  // ============================================================
+  // Mixin Visitors
+  // ============================================================
+
+  @override
+  void visitMixinDeclaration(MixinDeclaration node) {
+    final methods = <MethodInfo>[];
+    final fields = <FieldInfo>[];
+
+    for (final member in node.members) {
+      if (member is MethodDeclaration) {
+        methods.add(_extractMethod(member));
+      } else if (member is FieldDeclaration) {
+        fields.addAll(_extractFields(member));
+      }
+    }
+
+    final onTypes = node.onClause?.superclassConstraints
+            .map((e) => e.name2.lexeme)
+            .toList() ??
+        [];
+
+    final interfaces = node.implementsClause?.interfaces
+            .map((e) => e.name2.lexeme)
+            .toList() ??
+        [];
+
+    _mixins.add(MixinInfo(
+      name: node.name.lexeme,
+      onTypes: onTypes,
+      interfaces: interfaces,
+      methods: methods,
+      fields: fields,
+      line: _getLine(node.offset),
+      column: _getColumn(node.offset),
+      documentation: _getDocumentation(node),
+    ));
+  }
+
+  // ============================================================
+  // Extension Visitors
+  // ============================================================
+
+  @override
+  void visitExtensionDeclaration(ExtensionDeclaration node) {
+    final methods = <MethodInfo>[];
+    final fields = <FieldInfo>[];
+
+    for (final member in node.members) {
+      if (member is MethodDeclaration) {
+        methods.add(_extractMethod(member));
+      } else if (member is FieldDeclaration) {
+        fields.addAll(_extractFields(member));
+      }
+    }
+
+    _extensions.add(ExtensionInfo(
+      name: node.name?.lexeme,
+      onType: node.extendedType.toSource(),
+      methods: methods,
+      fields: fields,
+      line: _getLine(node.offset),
+      column: _getColumn(node.offset),
+      documentation: _getDocumentation(node),
+    ));
+  }
+
+  // ============================================================
+  // Enum Visitors
+  // ============================================================
+
+  @override
+  void visitEnumDeclaration(EnumDeclaration node) {
+    final values =
+        node.constants.map((e) => e.name.lexeme).toList();
+
+    final methods = <MethodInfo>[];
+    final fields = <FieldInfo>[];
+
+    for (final member in node.members) {
+      if (member is MethodDeclaration) {
+        methods.add(_extractMethod(member));
+      } else if (member is FieldDeclaration) {
+        fields.addAll(_extractFields(member));
+      }
+    }
+
+    _enums.add(EnumInfo(
+      name: node.name.lexeme,
+      values: values,
+      methods: methods,
+      fields: fields,
+      line: _getLine(node.offset),
+      column: _getColumn(node.offset),
+      documentation: _getDocumentation(node),
+    ));
+  }
+
+  // ============================================================
+  // Variable Visitors
+  // ============================================================
+
+  @override
+  void visitTopLevelVariableDeclaration(TopLevelVariableDeclaration node) {
+    for (final variable in node.variables.variables) {
+      final isConst = node.variables.isConst;
+
+      if (isConst) {
+        _constants.add(ConstantInfo(
+          name: variable.name.lexeme,
+          type: node.variables.type?.toSource(),
+          value: variable.initializer?.toSource() ?? '',
+          line: _getLine(variable.offset),
+          column: _getColumn(variable.offset),
+          documentation: _getDocumentation(node),
+        ));
+      } else {
+        _variables.add(VariableInfo(
+          name: variable.name.lexeme,
+          type: node.variables.type?.toSource(),
+          line: _getLine(variable.offset),
+          column: _getColumn(variable.offset),
+          isFinal: node.variables.isFinal,
+          isConst: false,
+          isLate: node.variables.isLate,
+          initialValue: variable.initializer?.toSource(),
+          documentation: _getDocumentation(node),
+        ));
+      }
+    }
+
+    super.visitTopLevelVariableDeclaration(node);
+  }
+
+  // ============================================================
+  // Function Call Visitors
+  // ============================================================
+
+  @override
+  void visitFunctionExpressionInvocation(FunctionExpressionInvocation node) {
+    final functionName = node.function.toSource();
+
+    _functionCalls.add(FunctionCallInfo(
+      functionName: functionName,
+      arguments: _extractArguments(node.argumentList),
+      line: _getLine(node.offset),
+      column: _getColumn(node.offset),
+    ));
+
+    super.visitFunctionExpressionInvocation(node);
+  }
+
+  @override
+  void visitMethodInvocation(MethodInvocation node) {
+    final target = node.target?.toSource() ?? '';
+    final methodName = node.methodName.name;
+
+    if (target.isEmpty) {
+      // This is a function call, not a method call
+      _functionCalls.add(FunctionCallInfo(
+        functionName: methodName,
+        arguments: _extractArguments(node.argumentList),
+        line: _getLine(node.offset),
+        column: _getColumn(node.offset),
+        isConditional: node.isNullAware,
+      ));
+    } else {
+      _methodCalls.add(MethodCallInfo(
+        target: target,
+        methodName: methodName,
+        arguments: _extractArguments(node.argumentList),
+        line: _getLine(node.offset),
+        column: _getColumn(node.offset),
+        isNullAware: node.isNullAware,
+        isCascade: node.isCascaded,
+      ));
+    }
+
+    super.visitMethodInvocation(node);
+  }
+
+  // ============================================================
+  // Helper Methods
+  // ============================================================
+
+  /// Extract method info from a MethodDeclaration
+  MethodInfo _extractMethod(MethodDeclaration node) {
+    final parameters = _extractParameters(node.parameters);
+
+    return MethodInfo(
+      name: node.name.lexeme,
+      returnType: node.returnType?.toSource(),
+      parameters: parameters,
+      line: _getLine(node.offset),
+      column: _getColumn(node.offset),
+      isStatic: node.isStatic,
+      isAsync: node.body.isAsynchronous,
+      isGenerator: node.body.isGenerator,
+      isGetter: node.isGetter,
+      isSetter: node.isSetter,
+      isOperator: node.isOperator,
+      isAbstract: node.isAbstract,
+      isExternal: node.externalKeyword != null,
+      documentation: _getDocumentation(node),
+    );
+  }
+
+  /// Extract fields from a FieldDeclaration
+  List<FieldInfo> _extractFields(FieldDeclaration node) {
+    return node.fields.variables.map((variable) {
+      return FieldInfo(
+        name: variable.name.lexeme,
+        type: node.fields.type?.toSource(),
+        line: _getLine(variable.offset),
+        column: _getColumn(variable.offset),
+        isStatic: node.isStatic,
+        isFinal: node.fields.isFinal,
+        isConst: node.fields.isConst,
+        isLate: node.fields.isLate,
+        initialValue: variable.initializer?.toSource(),
+        documentation: _getDocumentation(node),
+      );
+    }).toList();
+  }
+
+  /// Extract constructor info from a ConstructorDeclaration
+  ConstructorInfo _extractConstructor(ConstructorDeclaration node) {
+    final parameters = _extractParameters(node.parameters);
+
+    return ConstructorInfo(
+      name: node.name?.lexeme,
+      parameters: parameters,
+      line: _getLine(node.offset),
+      column: _getColumn(node.offset),
+      isConst: node.constKeyword != null,
+      isFactory: node.factoryKeyword != null,
+      isExternal: node.externalKeyword != null,
+      redirectedConstructor: node.redirectedConstructor?.toSource(),
+    );
+  }
+
+  /// Extract parameters from a FormalParameterList
+  List<ParameterInfo> _extractParameters(FormalParameterList? parameterList) {
+    if (parameterList == null) return [];
+
+    return parameterList.parameters.map((param) {
+      String name;
+      String? type;
+      String? defaultValue;
+
+      if (param is SimpleFormalParameter) {
+        name = param.name?.lexeme ?? '';
+        type = param.type?.toSource();
+      } else if (param is DefaultFormalParameter) {
+        final innerParam = param.parameter;
+        if (innerParam is SimpleFormalParameter) {
+          name = innerParam.name?.lexeme ?? '';
+          type = innerParam.type?.toSource();
+        } else {
+          name = innerParam.name?.lexeme ?? '';
+        }
+        defaultValue = param.defaultValue?.toSource();
+      } else if (param is FieldFormalParameter) {
+        name = param.name.lexeme;
+        type = param.type?.toSource();
+      } else if (param is SuperFormalParameter) {
+        name = param.name.lexeme;
+        type = param.type?.toSource();
+      } else {
+        name = param.name?.lexeme ?? '';
+      }
+
+      return ParameterInfo(
+        name: name,
+        type: type,
+        isRequired: param.isRequired,
+        isNamed: param.isNamed,
+        isOptional: param.isOptional,
+        defaultValue: defaultValue,
+      );
+    }).toList();
+  }
+
+  /// Extract arguments from an ArgumentList
+  List<String> _extractArguments(ArgumentList arguments) {
+    return arguments.arguments.map((arg) => arg.toSource()).toList();
+  }
+}

package/dart_analyzer/lib/utils/common_utils.dart

@@ -0,0 +1,26 @@
+class CommonUtils {
+  static bool isCodeLine(int lineNumber, List<String> sourceLines) {
+    if (lineNumber < 1 || lineNumber > sourceLines.length) {
+      return false;
+    }
+
+    final line = sourceLines[lineNumber - 1].trim();
+
+    // Skip blank lines
+    if (line.isEmpty) {
+      return false;
+    }
+
+    // Skip comment-only lines
+    if (line.startsWith('//')) {
+      return false;
+    }
+
+    // Skip multi-line comment markers
+    if (line.startsWith('/*') || line.endsWith('*/')) {
+      return false;
+    }
+
+    return true;
+  }
+}