@sun-asterisk/sunlint 1.3.9 → 1.3.10

package/config/rules/enhanced-rules-registry.json

@@ -375,6 +375,24 @@
         }
       }
     },
+    "C060": {
+      "name": "Do not override superclass methods and ignore critical logic",
+      "description": "Preserve important behavior or lifecycle logic defined in the superclass to ensure correctness and prevent silent errors.",
+      "category": "logging",
+      "severity": "warning",
+      "languages": ["typescript", "javascript", "dart"],
+      "analyzer": "./rules/common/C060_no_override_superclass/analyzer.js",
+      "version": "1.0.0",
+      "status": "stable",
+      "tags": ["logging", "production", "debugging", "console"],
+      "strategy": {
+        "preferred": "regex",
+        "fallbacks": ["regex"],
+        "accuracy": {
+          "regex": 90
+        }
+      }
+    },
     "S001": {
       "name": "Fail Securely",
       "description": "Verify that if there is an error in access control, the system fails securely",

package/core/cli-program.js

@@ -71,7 +71,7 @@ function createCliProgram() {
     .option('--debug', 'Enable debug mode')
     .option('--ai', 'Enable AI-powered analysis')
     .option('--no-ai', 'Force disable AI analysis')
-    .option('--max-semantic-files <number>', 'Symbol table file limit for TypeScript analysis (default: auto)', '0')
+    .option('--max-semantic-files <number>', 'Symbol table file limit for TypeScript analysis (default: 1000, -1 for unlimited)')
     .option('--list-engines', 'List available analysis engines');
 
   // ESLint Integration options

package/core/semantic-engine.js

@@ -102,7 +102,7 @@ class SemanticEngine {
       );
       
       if (targetFiles) {
-        console.log(`🎯 Targeted files received: ${targetFiles.length} total, ${semanticFiles.length} TS/JS files`);
+        console.log(`🎯 Targeted files received: ${targetFiles.length} total, ${semanticFiles.length} TypeScript/JavaScript files (TS/TSX/JS/JSX)`);
         if (semanticFiles.length < 10) {
           console.log(`   Files: ${semanticFiles.map(f => path.basename(f)).join(', ')}`);
         }
@@ -119,7 +119,9 @@ class SemanticEngine {
       } else if (userMaxFiles === 0) {
         // Disable semantic analysis
         maxFiles = 0;
-        console.log(`🔧 Semantic Engine config: DISABLED semantic analysis (heuristic only)`);
+        console.log(`🔧 Semantic Engine config: DISABLED semantic analysis (heuristic only mode)`);
+        console.log(`   💡 Semantic analysis explicitly disabled with --max-semantic-files=0`);
+        console.log(`   💡 To enable: omit the option (default: 1000) or use --max-semantic-files=1000 (or higher)`);
       } else if (userMaxFiles > 0) {
         // User-specified limit
         maxFiles = Math.min(userMaxFiles, semanticFiles.length);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sun-asterisk/sunlint",
-  "version": "1.3.9",
+  "version": "1.3.10",
   "description": "☀️ SunLint - Multi-language static analysis tool for code quality and security | Sun* Engineering Standards",
   "main": "cli.js",
   "bin": {

package/rules/common/C024_no_scatter_hardcoded_constants/symbol-based-analyzer.js

@@ -48,6 +48,14 @@ class C024SymbolBasedAnalyzer {
     }
 
     try {
+      // skip ignored files
+      if (this.isIgnoredFile(filePath)) {
+        if (verbose) {
+          console.log(`🔍 [C024 Symbol-Based] Skipping ignored file: ${filePath}`);
+        }
+        return violations;
+      }
+
       const sourceFile = this.semanticEngine.project.getSourceFile(filePath);
       if (!sourceFile) {
         return violations;
@@ -99,9 +107,7 @@ class C024SymbolBasedAnalyzer {
     const kind = node.getKind();
     if (
       kind === SyntaxKind.StringLiteral ||
-      kind === SyntaxKind.NumericLiteral ||
-      kind === SyntaxKind.TrueKeyword ||
-      kind === SyntaxKind.FalseKeyword
+      kind === SyntaxKind.NumericLiteral
     ) {
       const text = node.getText().replace(/['"`]/g, ""); // strip quotes
       if (this.isAllowedLiteral(node, text)) return;
@@ -120,9 +126,27 @@ class C024SymbolBasedAnalyzer {
     const kind = node.getKind();
     if (kind === SyntaxKind.VariableDeclaration) {
       const parentKind = node.getParent()?.getKind();
+      // Skip detection for `for ... of` loop variable
+      const loopAncestor = node.getFirstAncestor((ancestor) => {
+        const kind = ancestor.getKind?.();
+        return (
+          kind === SyntaxKind.ForOfStatement ||
+          kind === SyntaxKind.ForInStatement ||
+          kind === SyntaxKind.ForStatement ||
+          kind === SyntaxKind.WhileStatement ||
+          kind === SyntaxKind.DoStatement ||
+          kind === SyntaxKind.SwitchStatement
+        );
+      });
+
+      if (loopAncestor) {
+        return; // skip for all loop/switch contexts, no matter how nested
+      }
+
       if (
         parentKind === SyntaxKind.VariableDeclarationList &&
-        node.getParent().getDeclarationKind() === "const"
+        node.getParent().getDeclarationKind() === "const" &&
+        !node.getInitializer()
       ) {
         this.pushViolation(
           violations,
@@ -154,27 +178,109 @@ class C024SymbolBasedAnalyzer {
 
   // --- helper: allow safe literals ---
   isAllowedLiteral(node, text) {
-    // skip imports
-    if (node.getParent()?.getKind() === SyntaxKind.ImportDeclaration) {
+    const parent = node.getParent();
+
+    // 1 Skip imports/exports
+    if (parent?.getKind() === SyntaxKind.ImportDeclaration) return true;
+    if (parent?.getKind() === SyntaxKind.ExportDeclaration) return true;
+
+    // 2 Skip literals that are inside call expressions (direct or nested)
+    if (
+      parent?.getKind() === SyntaxKind.CallExpression ||
+      parent?.getFirstAncestorByKind(SyntaxKind.CallExpression)
+    ) {
       return true;
     }
 
-    // allow short strings
+    if (
+      parent?.getKind() === SyntaxKind.ElementAccessExpression &&
+      parent.getArgumentExpression?.() === node
+    ) {
+      return true; // skip array/object key
+    }
+
+    // 3 Allow short strings
     if (typeof text === "string" && text.length <= 1) return true;
 
-    // allow sentinel numbers
+    // 4 Allow sentinel numbers
     if (text === "0" || text === "1" || text === "-1") return true;
 
-    // allow known safe strings (like "UNKNOWN")
+    // 5 Allow known safe strings (like "UNKNOWN")
     if (this.safeStrings.includes(text)) return true;
 
+    // 6 Allow SQL-style placeholders (:variable) inside string/template
+    if (typeof text === "string" && /:\w+/.test(text)) {
+      return true;
+    }
+
     return false;
   }
 
   // helper to check if file is a constants file
   isConstantsFile(filePath) {
     const lower = filePath.toLowerCase();
-    return lower.endsWith("constants.ts") || lower.includes("/constants/");
+
+    // common suffixes/patterns for utility or structural files
+    const ignoredSuffixes = [
+      ".constants.ts",
+      ".const.ts",
+      ".enum.ts",
+      ".interface.ts",
+      ".response.ts",
+      ".request.ts",
+      ".res.ts",
+      ".req.ts",
+    ];
+
+    // 1 direct suffix match
+    if (ignoredSuffixes.some(suffix => lower.endsWith(suffix))) {
+      return true;
+    }
+
+    // 2 matches dto.xxx.ts (multi-dot dto files)
+    if (/\.dto\.[^.]+\.ts$/.test(lower)) {
+      return true;
+    }
+
+    // 3 matches folder-based conventions
+    if (
+      lower.includes("/constants/") ||
+      lower.includes("/enums/") ||
+      lower.includes("/interfaces/")
+    ) {
+      return true;
+    }
+
+    return false;
+  }
+
+
+  isIgnoredFile(filePath) {
+    const ignoredPatterns = [
+      /\.test\./i,
+      /\.tests\./i,
+      /\.spec\./i,
+      /\.mock\./i,
+      /\.css$/i,
+      /\.scss$/i,
+      /\.html$/i,
+      /\.json$/i,
+      /\.md$/i,
+      /\.svg$/i,
+      /\.png$/i,
+      /\.jpg$/i,
+      /\.jpeg$/i,
+      /\.gif$/i,
+      /\.bmp$/i,
+      /\.ico$/i,
+      /\.lock$/i,
+      /\.log$/i,
+      /\/test\//i,
+      /\/tests\//i,
+      /\/spec\//i
+    ];
+
+    return ignoredPatterns.some((regex) => regex.test(filePath));
   }
 }
 

package/rules/common/C060_no_override_superclass/analyzer.js

@@ -0,0 +1,180 @@
+/**
+ * C060 Main Analyzer - Do not override superclass methods and ignore critical logic
+ * Primary: Preserve important behavior or lifecycle logic defined in the superclass to ensure correctness and prevent silent errors.
+ * Fallback: Regex-based for all other cases
+ */
+
+const C060SymbolBasedAnalyzer = require('./symbol-based-analyzer');
+
+class C060Analyzer {
+  constructor(options = {}) {
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C060] Constructor called with options:`, !!options);
+      console.log(`🔧 [C060] Options type:`, typeof options, Object.keys(options || {}));
+    }
+
+    this.ruleId = 'C060';
+    this.ruleName = 'Do not override superclass methods and ignore critical logic';
+    this.description = 'Preserve important behavior or lifecycle logic defined in the superclass to ensure correctness and prevent silent errors.';
+    this.semanticEngine = options.semanticEngine || null;
+    this.verbose = options.verbose || false;
+
+    // Configuration
+    this.config = {
+      useSymbolBased: true,      // Primary approach
+      fallbackToRegex: false,     // Only when symbol fails completely
+      symbolBasedOnly: false     // Can be set to true for pure mode
+    };
+
+    // Initialize both analyzers
+    try {
+      this.symbolAnalyzer = new C060SymbolBasedAnalyzer(this.semanticEngine);
+      if (process.env.SUNLINT_DEBUG) {
+        console.log(`🔧 [C060] Symbol analyzer created successfully`);
+      }
+    } catch (error) {
+      console.error(`🔧 [C060] Error creating symbol analyzer:`, error);
+    }
+  }
+
+  /**
+   * Initialize with semantic engine
+   */
+  async initialize(semanticEngine = null) {
+    if (semanticEngine) {
+      this.semanticEngine = semanticEngine;
+    }
+    this.verbose = semanticEngine?.verbose || false;
+
+    // Initialize both analyzers
+    await this.symbolAnalyzer.initialize(semanticEngine);
+
+    // Ensure verbose flag is propagated
+    this.symbolAnalyzer.verbose = this.verbose;
+
+    if (this.verbose) {
+      console.log(`🔧 [C060 Hybrid] Analyzer initialized - verbose: ${this.verbose}`);
+    }
+  }
+
+  async analyze(files, language, options = {}) {
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C060] analyze() method called with ${files.length} files, language: ${language}`);
+    }
+
+    const violations = [];
+
+    for (const filePath of files) {
+      try {
+        if (process.env.SUNLINT_DEBUG) {
+          console.log(`🔧 [C060] Processing file: ${filePath}`);
+        }
+
+        const fileViolations = await this.analyzeFile(filePath, options);
+        violations.push(...fileViolations);
+
+        if (process.env.SUNLINT_DEBUG) {
+          console.log(`🔧 [C060] File ${filePath}: Found ${fileViolations.length} violations`);
+        }
+      } catch (error) {
+        console.warn(`❌ [C060] Analysis failed for ${filePath}:`, error.message);
+      }
+    }
+
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C060] Total violations found: ${violations.length}`);
+    }
+
+    return violations;
+  }
+
+  async analyzeFile(filePath, options = {}) {
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C060] analyzeFile() called for: ${filePath}`);
+    }
+
+    // 1. Try Symbol-based analysis first (primary)
+    if (this.config.useSymbolBased &&
+        this.semanticEngine?.project &&
+        this.semanticEngine?.initialized) {
+      try {
+        if (process.env.SUNLINT_DEBUG) {
+          console.log(`🔧 [C060] Trying symbol-based analysis...`);
+        }
+        const sourceFile = this.semanticEngine.project.getSourceFile(filePath);
+        if (sourceFile) {
+          if (process.env.SUNLINT_DEBUG) {
+            console.log(`🔧 [C060] Source file found, analyzing with symbol-based...`);
+          }
+          const violations = await this.symbolAnalyzer.analyzeFileWithSymbols(filePath, { ...options, verbose: options.verbose });
+
+          // Mark violations with analysis strategy
+          violations.forEach(v => v.analysisStrategy = 'symbol-based');
+
+          if (process.env.SUNLINT_DEBUG) {
+            console.log(`✅ [C060] Symbol-based analysis: ${violations.length} violations`);
+          }
+          return violations; // Return even if 0 violations - symbol analysis completed successfully
+        } else {
+          if (process.env.SUNLINT_DEBUG) {
+            console.log(`⚠️ [C060] Source file not found in project`);
+          }
+        }
+      } catch (error) {
+        console.warn(`⚠️ [C060] Symbol analysis failed: ${error.message}`);
+        // Continue to fallback
+      }
+    } else {
+      if (process.env.SUNLINT_DEBUG) {
+        console.log(`🔄 [C060] Symbol analysis conditions check:`);
+        console.log(`  - useSymbolBased: ${this.config.useSymbolBased}`);
+        console.log(`  - semanticEngine: ${!!this.semanticEngine}`);
+        console.log(`  - semanticEngine.project: ${!!this.semanticEngine?.project}`);
+        console.log(`  - semanticEngine.initialized: ${this.semanticEngine?.initialized}`);
+        console.log(`🔄 [C060] Symbol analysis unavailable, using regex fallback`);
+      }
+    }
+
+    if (options?.verbose) {
+      console.log(`🔧 [C060] No analysis methods succeeded, returning empty`);
+    }
+    return [];
+  }
+
+  async analyzeFileBasic(filePath, options = {}) {
+    console.log(`🔧 [C060] analyzeFileBasic() called for: ${filePath}`);
+    console.log(`🔧 [C060] semanticEngine exists: ${!!this.semanticEngine}`);
+    console.log(`🔧 [C060] symbolAnalyzer exists: ${!!this.symbolAnalyzer}`);
+
+    try {
+      // Try symbol-based analysis first
+      if (this.semanticEngine?.isSymbolEngineReady?.() &&
+          this.semanticEngine.project) {
+
+        if (this.verbose) {
+          console.log(`🔍 [C060] Using symbol-based analysis for ${filePath}`);
+        }
+
+        const violations = await this.symbolAnalyzer.analyzeFileBasic(filePath, options);
+        return violations;
+      }
+    } catch (error) {
+      if (this.verbose) {
+        console.warn(`⚠️ [C060] Symbol analysis failed: ${error.message}`);
+      }
+    }
+  }
+
+  /**
+   * Methods for compatibility with different engine invocation patterns
+   */
+  async analyzeFileWithSymbols(filePath, options = {}) {
+    return this.analyzeFile(filePath, options);
+  }
+
+  async analyzeWithSemantics(filePath, options = {}) {
+    return this.analyzeFile(filePath, options);
+  }
+}
+
+module.exports = C060Analyzer;

package/rules/common/C060_no_override_superclass/config.json

@@ -0,0 +1,50 @@
+{
+  "id": "C060",
+  "name": "C060_do_not_override_superclass_methods_and_ignore_critical_logic",
+  "category": "architecture",
+  "description": "C060 - Do not override superclass methods and ignore critical logic",
+  "severity": "warning",
+  "enabled": true,
+  "semantic": {
+    "enabled": true,
+    "priority": "high",
+    "fallback": "heuristic"
+  },
+  "patterns": {
+    "include": [
+      "**/*.js",
+      "**/*.ts",
+      "**/*.jsx",
+      "**/*.tsx"
+    ],
+    "exclude": [
+      "**/*.test.*",
+      "**/*.spec.*",
+      "**/*.mock.*",
+      "**/test/**",
+      "**/tests/**",
+      "**/spec/**"
+    ]
+  },
+  "options": {
+    "strictMode": false,
+    "allowedDbMethods": [],
+    "repositoryPatterns": [
+      "*Repository*",
+      "*Repo*",
+      "*DAO*",
+      "*Store*"
+    ],
+    "servicePatterns": [
+      "*Service*",
+      "*UseCase*",
+      "*Handler*",
+      "*Manager*"
+    ],
+    "complexityThreshold": {
+      "methodLength": 200,
+      "cyclomaticComplexity": 5,
+      "nestedDepth": 3
+    }
+  }
+}

package/rules/common/C060_no_override_superclass/symbol-based-analyzer.js

@@ -0,0 +1,220 @@
+/**
+ * C060 Symbol-based Analyzer - Advanced Do not scatter hardcoded constants throughout the logic
+ * Purpose: The rule prevents scattering hardcoded constants throughout the logic. Instead, constants should be defined in a single place to improve maintainability and readability.
+ */
+
+const { SyntaxKind } = require('ts-morph');
+
+class C060SymbolBasedAnalyzer {
+  constructor(semanticEngine = null) {
+    this.ruleId = 'C060';
+    this.ruleName = 'Do not override superclass methods (Symbol-Based)';
+    this.semanticEngine = semanticEngine;
+    this.verbose = false;
+
+    // === Ignore Configuration ===
+    this.ignoredClasses = [
+      "React.Component",   // React components
+      "React.PureComponent",
+      "BaseMock",          // Custom test mocks
+    ];
+
+    this.ignoredMethods = [
+      "render",            // React render
+      "componentDidMount", // Some lifecycle hooks
+      "componentWillUnmount",
+    ];
+
+    this.ignoredFilePatterns = [
+      /node_modules/,
+      /\.d\.ts$/,
+      /\.test\.ts$/,
+    ];
+  }
+
+  async initialize(semanticEngine = null) {
+    if (semanticEngine) {
+      this.semanticEngine = semanticEngine;
+    }
+    this.verbose = semanticEngine?.verbose || false;
+
+    if (process.env.SUNLINT_DEBUG) {
+      console.log(`🔧 [C060 Symbol-Based] Analyzer initialized, verbose: ${this.verbose}`);
+    }
+  }
+
+  async analyzeFileBasic(filePath, options = {}) {
+    // This is the main entry point called by the hybrid analyzer
+    return await this.analyzeFileWithSymbols(filePath, options);
+  }
+
+  async analyzeFileWithSymbols(filePath, options = {}) {
+    const violations = [];
+
+    // Enable verbose mode if requested
+    const verbose = options.verbose || this.verbose;
+
+    if (!this.semanticEngine?.project) {
+      if (verbose) {
+        console.warn('[C060 Symbol-Based] No semantic engine available, skipping analysis');
+      }
+      return violations;
+    }
+
+    if (this.shouldIgnoreFile(filePath)) {
+      if (verbose) console.log(`[${this.ruleId}] Ignoring ${filePath}`);
+      return violations;
+    }
+
+    if (verbose) {
+      console.log(`🔍 [C060 Symbol-Based] Starting analysis for ${filePath}`);
+    }
+
+    try {
+      const sourceFile = this.semanticEngine.project.getSourceFile(filePath);
+      if (!sourceFile) {
+        return violations;
+      }
+
+      const classDeclarations = sourceFile.getClasses();
+      for (const classDeclaration of classDeclarations) {
+        const classViolations = this.analyzeClass(classDeclaration, filePath, verbose);
+        violations.push(...classViolations);
+      }
+
+      if (verbose) {
+        console.log(`🔍 [C060 Symbol-Based] Total violations found: ${violations.length}`);
+      }
+
+      return violations;
+    } catch (error) {
+      if (verbose) {
+        console.warn(`[C060 Symbol-Based] Analysis failed for ${filePath}:`, error.message);
+      }
+
+      return violations;
+    }
+  }
+
+  /**
+   * Analyze one class for override violations
+   */
+  analyzeClass(classDeclaration, filePath, verbose) {
+    const violations = [];
+    const baseClass = classDeclaration.getBaseClass();
+    if (!baseClass) return violations;
+
+    // Check if this class should be ignored
+    if (this.shouldIgnoreClass(baseClass)) {
+      if (verbose) {
+        console.log(`[${this.ruleId}] Skipping ignored base class: ${baseClass.getName()}`);
+      }
+      return violations;
+    }
+
+    const baseMethods = this.collectBaseMethods(baseClass);
+
+    for (const method of classDeclaration.getMethods()) {
+      // Skip ignored methods
+      if (this.shouldIgnoreMethod(method)) {
+        if (verbose) {
+          console.log(`[${this.ruleId}] Skipping ignored method: ${method.getName()}`);
+        }
+        continue;
+      }
+
+      if (baseMethods.has(method.getName())) {
+        const violation = this.checkMethodOverride(method, classDeclaration, filePath, verbose);
+        if (violation) {
+          violations.push(violation);
+        }
+      }
+    }
+
+    return violations;
+  }
+
+  /**
+   * Collect all method names from base class
+   */
+  collectBaseMethods(baseClass) {
+    return new Set(baseClass.getMethods().map((method) => method.getName()));
+  }
+
+  /**
+   * Check if overridden method properly calls super.method()
+   */
+  checkMethodOverride(method, classDeclaration, filePath, verbose) {
+    const body = method.getBodyText();
+    if (!body) return null;
+
+    const methodName = method.getName();
+    const baseClass = classDeclaration.getBaseClass();
+    if (!baseClass) return null;
+    const baseClassName = baseClass.getName();
+
+    // 1 Get all CallExpressions in the method body
+    const calls = method.getDescendantsOfKind(SyntaxKind.CallExpression);
+
+    // 2 Check for super.method() or BaseClass.prototype.method.call(this)
+    const hasSuperCall = calls.some((call) => {
+      const expression = call.getExpression().getText();
+      return expression === `super.${methodName}`;
+    });
+
+    const hasBaseCall = calls.some((call) => {
+      const expression = call.getExpression().getText();
+      return expression === `${baseClassName}.prototype.${methodName}.call`;
+    });
+
+    if (!hasSuperCall && !hasBaseCall) {
+      const violation = {
+        ruleId: this.ruleId,
+        severity: 'warning',
+        message: `Overridden method '${method.getName()}' in '${classDeclaration.getName()}' does not call 'super.${method.getName()}()', potentially skipping lifecycle/resource logic.`,
+        source: this.ruleId,
+        file: filePath,
+        line: method.getStartLineNumber(),
+        column: method.getStart() - method.getStartLinePos(),
+        description: `[SYMBOL-BASED] Overriding methods should call the superclass implementation to ensure proper behavior.`,
+        suggestion: `Add a call to 'super.${method.getName()}()' within the method body.`,
+        category: 'best-practices',
+      };
+
+      if (verbose) {
+        console.log(
+          `⚠️ [${this.ruleId}] Violation in ${filePath}: Method '${method.getName()}' overrides superclass method but does not call super.`
+        );
+      }
+
+      return violation;
+    }
+
+    return null;
+  }
+
+  /**
+   * Ignore logic for classes
+   */
+  shouldIgnoreClass(baseClass) {
+    const baseName = baseClass.getName();
+    return this.ignoredClasses.includes(baseName);
+  }
+
+  /**
+   * Ignore logic for methods
+   */
+  shouldIgnoreMethod(method) {
+    const methodName = method.getName();
+    return this.ignoredMethods.includes(methodName);
+  }
+
+  /**
+   * Ignore files based on patterns
+   */
+  shouldIgnoreFile(filePath) {
+    return this.ignoredFilePatterns.some((pattern) => pattern.test(filePath));
+  }
+}
+
+module.exports = C060SymbolBasedAnalyzer;

package/rules/index.js

@@ -64,6 +64,7 @@ const commonRules = {
     C048: loadRule('common', 'C048_no_bypass_architectural_layers'),
     C052: loadRule('common', 'C052_parsing_or_data_transformation'),
     C047: loadRule('common', 'C047_no_duplicate_retry_logic'),
+    C060: loadRule('common', 'C060_no_override_superclass'),
 };
 
 // 🔒 Security Rules (S-series) - Ready for migration