@sun-asterisk/sunlint 1.3.53 → 1.3.54

package/core/cli-action-handler.js

@@ -72,7 +72,7 @@ class CliActionHandler {
 
       // Determine if we should proceed based on requested analyses
       const hasSourceFiles = targetingResult.files.length > 0;
-      const willRunCodeQuality = rulesToRun.length > 0 && !this.isArchitectureOnly() && !this.isImpactOnly();
+      const willRunCodeQuality = rulesToRun.length > 0 && !this.isArchitectureOnly(rulesToRun) && !this.isImpactOnly(rulesToRun);
       const willRunArchitecture = !!config.architecture?.enabled;
       const willRunImpact = !!(this.options.impact || config.impact?.enabled);
 
@@ -93,7 +93,7 @@ class CliActionHandler {
       let results = null;
 
       // Run code quality analysis (unless --architecture or --impact is used alone)
-      if (rulesToRun.length > 0 && !this.isArchitectureOnly() && !this.isImpactOnly()) {
+      if (rulesToRun.length > 0 && !this.isArchitectureOnly(rulesToRun) && !this.isImpactOnly(rulesToRun)) {
         results = await this.runModernAnalysis(rulesToRun, targetingResult.files, config);
       } else {
         results = { results: [], summary: { total: 0, errors: 0, warnings: 0 } };
@@ -530,12 +530,16 @@ class CliActionHandler {
    * Check if only architecture analysis was requested (no code quality rules)
    * Following Rule C006: Verb-noun naming
    */
-  isArchitectureOnly() {
+  isArchitectureOnly(rulesToRun = []) {
     const isArchEnabled = this.options.architecture || this.loadedConfig?.architecture?.enabled;
     const isImpactEnabled = this.options.impact || this.loadedConfig?.impact?.enabled;
 
+    // If rules were selected via config (extends/rules), this is not architecture-only
+    const hasConfigBasedRules = rulesToRun.length > 0 && this.hasConfigBasedRuleSelection();
+
     return isArchEnabled &&
       !isImpactEnabled &&
+      !hasConfigBasedRules &&
       !this.options.all &&
       !this.options.specific &&
       !this.options.rule &&
@@ -545,16 +549,29 @@ class CliActionHandler {
       !this.options.category;
   }
 
+  /**
+   * Check if rules were explicitly configured via config file (extends or rules field)
+   * Following Rule C006: Verb-noun naming
+   */
+  hasConfigBasedRuleSelection() {
+    const config = this.loadedConfig || {};
+    return !!(config.extends || (config.rules && Object.keys(config.rules).length > 0));
+  }
+
   /**
    * Check if only impact analysis was requested (no code quality rules)
    * Following Rule C006: Verb-noun naming
    */
-  isImpactOnly() {
+  isImpactOnly(rulesToRun = []) {
     const isArchEnabled = this.options.architecture || this.loadedConfig?.architecture?.enabled;
     const isImpactEnabled = this.options.impact || this.loadedConfig?.impact?.enabled;
 
+    // If rules were selected via config (extends/rules), this is not impact-only
+    const hasConfigBasedRules = rulesToRun.length > 0 && this.hasConfigBasedRuleSelection();
+
     return isImpactEnabled &&
       !isArchEnabled &&
+      !hasConfigBasedRules &&
       !this.options.all &&
       !this.options.specific &&
       !this.options.rule &&

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sun-asterisk/sunlint",
-  "version": "1.3.53",
+  "version": "1.3.54",
   "description": "☀️ SunLint - Multi-language static analysis tool for code quality and security | Sun* Engineering Standards",
   "main": "cli.js",
   "bin": {

package/rules/common/C024_no_scatter_hardcoded_constants/typescript/symbol-based-analyzer.js

@@ -480,6 +480,11 @@ class C024SymbolBasedAnalyzer {
         return;
       }
 
+      // Skip strings inside throw/new Error() - error messages don't need to be constants
+      if (this.isInThrowOrErrorContext(literal)) {
+        return;
+      }
+
       this.trackConstant(constantUsage, `string:${value}`, literal);
 
       if (this.isInLogicContext(literal) || this.isInComparison(literal)) {
@@ -1122,6 +1127,37 @@ class C024SymbolBasedAnalyzer {
     return false;
   }
 
+  isInThrowOrErrorContext(node) {
+    let parent = node.getParent();
+    let depth = 0;
+    const maxDepth = 5;
+
+    while (parent && depth < maxDepth) {
+      const kind = parent.getKind();
+
+      // Direct: throw new Error("message")
+      if (kind === SyntaxKind.ThrowStatement) {
+        return true;
+      }
+
+      // new Error("message") or new CustomError("message")
+      if (kind === SyntaxKind.NewExpression) {
+        const expression = parent.getExpression();
+        if (expression) {
+          const text = expression.getText();
+          if (/Error$/.test(text) || /Exception$/.test(text)) {
+            return true;
+          }
+        }
+      }
+
+      parent = parent.getParent();
+      depth++;
+    }
+
+    return false;
+  }
+
   trackConstant(constantUsage, key, node) {
     if (!constantUsage.has(key)) {
       constantUsage.set(key, []);

package/rules/common/C041_no_sensitive_hardcode/typescript/symbol-based-analyzer.js

@@ -153,6 +153,13 @@ class C041SymbolBasedAnalyzer {
       /^[A-Z_]+CODE[A-Z_]*$/,         // ERROR_CODE, STATUS_CODE
       /^[A-Z_]+STATUS[A-Z_]*$/,       // USER_STATUS
       /^[A-Z_]+TYPE[A-Z_]*$/,         // MESSAGE_TYPE
+      /^[A-Z_]+NAME[A-Z_]*$/,         // REFRESH_TOKEN_COOKIE_NAME, SESSION_TOKEN_HEADER_NAME
+      /^[A-Z_]+KEY[A-Z_]*_NAME$/,     // API_KEY_PARAM_NAME
+      /^[A-Z_]+HEADER[A-Z_]*$/,       // AUTH_TOKEN_HEADER, CSRF_TOKEN_HEADER
+      /^[A-Z_]+COOKIE[A-Z_]*$/,       // SESSION_TOKEN_COOKIE, REFRESH_TOKEN_COOKIE
+      /^[A-Z_]+LABEL[A-Z_]*$/,        // TOKEN_LABEL, PASSWORD_LABEL
+      /^[A-Z_]+FIELD[A-Z_]*$/,        // PASSWORD_FIELD, TOKEN_FIELD
+      /^[A-Z_]+PARAM[A-Z_]*$/,        // API_KEY_PARAM, TOKEN_PARAM
     ];
 
     // Parent object names that contain service/activity mappings (not secrets)
@@ -300,6 +307,11 @@ class C041SymbolBasedAnalyzer {
       const isSensitiveName = this.sensitiveVariableNames.some(pattern => pattern.test(name));
 
       if (isSensitiveName) {
+        // Skip if the variable name is a naming/labeling constant (e.g., REFRESH_TOKEN_COOKIE_NAME)
+        if (this.isErrorMessageConstant(name)) {
+          return;
+        }
+
         const initText = initializer.getText();
 
         // Skip if using env variables or config

package/rules/common/C042_boolean_name_prefix/typescript/analyzer.js

@@ -171,12 +171,18 @@ class C042Analyzer {
   
   isBooleanValue(value) {
     const trimmedValue = value.trim();
-    
+
     // Direct boolean literals
     if (trimmedValue === 'true' || trimmedValue === 'false') {
       return true;
     }
-    
+
+    // Ternary expressions: the result type depends on the branches, not the condition
+    // e.g., `typeof value === "string" ? value : JSON.stringify(value)` is NOT boolean
+    if (this.isTernaryExpression(trimmedValue)) {
+      return false;
+    }
+
     // Boolean expressions that clearly result in boolean
     const booleanExpressions = [
       /\w+\s*[<>!=]=/, // Comparisons
@@ -283,6 +289,25 @@ class C042Analyzer {
     return false;
   }
   
+  isTernaryExpression(value) {
+    // Detect ternary operator: condition ? trueValue : falseValue
+    // Must account for nested ternaries and template literals with colons
+    const questionIndex = value.indexOf('?');
+    if (questionIndex === -1) return false;
+
+    // Check there's a colon after the question mark (outside of template literals)
+    const afterQuestion = value.slice(questionIndex + 1);
+    // Simple heuristic: contains `:` that's not inside a template literal or object
+    let depth = 0;
+    for (let i = 0; i < afterQuestion.length; i++) {
+      const ch = afterQuestion[i];
+      if (ch === '(' || ch === '[' || ch === '{') depth++;
+      else if (ch === ')' || ch === ']' || ch === '}') depth--;
+      else if (ch === ':' && depth === 0) return true;
+    }
+    return false;
+  }
+
   generateSuggestions(varName) {
     const suggestions = [];
     const baseName = varName.replace(/^(is|has|should|can|will|must|may|check)/i, '');