codeslick-cli 1.0.0

package/dist/src/lib/analyzers/java-analyzer.js

@@ -0,0 +1,1720 @@
+"use strict";
+/**
+ * ⚠️ SHARED MODULE: Java Security Analyzer
+ *
+ * CRITICAL: This module is used by BOTH WebTool and GitHub App
+ *
+ * WebTool uses this for:
+ * - /api/analyze endpoint - Interactive single-file analysis (<3s target)
+ * - Real-time vulnerability detection for individual developers
+ *
+ * GitHub App uses this for:
+ * - /api/github/webhook - Batch PR analysis (10-30s OK)
+ * - Automated security checks for professional teams
+ *
+ * ⚠️ BEFORE MODIFYING THIS FILE:
+ * 1. Run all 96 analyzer tests: npm test analyzers
+ * 2. Test WebTool: Paste Java code at /analyze → Verify results
+ * 3. Test GitHub: Open PR with Java → Verify webhook comment
+ * 4. Verify performance: Analysis must complete in <2s per file
+ * 5. Check detection rate: All 18 Java checks must still detect
+ *
+ * CRITICAL OUTPUT FORMAT (DO NOT CHANGE):
+ * - result.security.vulnerabilities - Used by both systems
+ * - Each vulnerability has: line, message, severity, cvssScore, owasp, cwe
+ * - Changing this structure breaks BOTH WebTool and GitHub UI parsing
+ *
+ * See: docs/technical/WEBTOOL_GITHUB_SEPARATION.md
+ *
+ * Last modified: 2025-11-18
+ * Last verified (both systems): 2025-11-18
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JavaAnalyzer = void 0;
+const references_1 = require("../standards/references");
+const code_cleaner_1 = require("../utils/code-cleaner");
+// Modular security checks
+const injection_attacks_1 = require("./java/security-checks/injection-attacks");
+const deserialization_xxe_1 = require("./java/security-checks/deserialization-xxe");
+const hardcoded_credentials_1 = require("./java/security-checks/hardcoded-credentials");
+const crypto_validation_1 = require("./java/security-checks/crypto-validation");
+const file_operations_1 = require("./java/security-checks/file-operations");
+const unsafe_patterns_1 = require("./java/security-checks/unsafe-patterns");
+const code_quality_1 = require("./java/security-checks/code-quality");
+const framework_security_1 = require("./java/security-checks/framework-security");
+const security_misconfiguration_1 = require("./java/security-checks/security-misconfiguration");
+const exception_handling_1 = require("./java/security-checks/exception-handling");
+const enhanced_supply_chain_1 = require("./java/security-checks/enhanced-supply-chain");
+const access_control_1 = require("./java/security-checks/access-control");
+const insecure_design_1 = require("./java/security-checks/insecure-design");
+const logging_failures_1 = require("./java/security-checks/logging-failures");
+const secrets_analyzer_1 = require("./secrets/secrets-analyzer");
+const ai_generated_code_1 = require("./java/security-checks/ai-generated-code");
+class JavaAnalyzer {
+    constructor() {
+        this.language = 'java';
+    }
+    async analyze(input) {
+        const result = {
+            syntax: { valid: true, errors: [], lineErrors: [] },
+            quality: { score: 100, issues: [] },
+            performance: { score: 100, suggestions: [] },
+            security: { vulnerabilities: [] },
+            metrics: { complexity: 1, maintainability: 100, lines: 0, functions: 0 }
+        };
+        try {
+            this.analyzeSyntax(input.code, result);
+            this.analyzeQuality(input.code, result);
+            this.analyzePerformance(input.code, result);
+            this.analyzeSecurity(input.code, result);
+            this.calculateMetrics(input.code, result);
+            // AI-Generated Code Detection (Phase 1.5, Week 5-7)
+            const lines = input.code.split('\n');
+            result.security.vulnerabilities.push(...(0, ai_generated_code_1.checkAIGeneratedCode)(lines, input.filename));
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            result.syntax.valid = false;
+            result.syntax.errors.push(`Java analysis error: ${errorMessage}`);
+        }
+        return result;
+    }
+    async validateSyntax(code) {
+        // Basic Java syntax checks
+        if (code.length > 50 && !code.includes('public class') && !code.includes('class ')) {
+            return false;
+        }
+        // Check for balanced parentheses/braces
+        let braceCount = 0;
+        let parenCount = 0;
+        for (const char of code) {
+            if (char === '{')
+                braceCount++;
+            if (char === '}')
+                braceCount--;
+            if (char === '(')
+                parenCount++;
+            if (char === ')')
+                parenCount--;
+        }
+        return braceCount === 0 && parenCount === 0;
+    }
+    getLanguageInfo() {
+        return {
+            name: 'Java',
+            extensions: ['.java', '.class', '.jar'],
+            description: 'Enterprise and mobile language (Android)'
+        };
+    }
+    analyzeSyntax(code, result) {
+        const errors = [];
+        const lineErrors = [];
+        // Check for public class
+        if (code.length > 50 && !code.includes('public class') && !code.includes('class ')) {
+            errors.push('Java code must have at least one class');
+        }
+        // Basic syntax checks
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            const trimmed = line.trim();
+            // CRITICAL FIX: Use CodeCleaner to remove comments (handles strings correctly)
+            const codeWithoutComment = code_cleaner_1.CodeCleaner.removeLineComments(line, 'java');
+            if (codeWithoutComment &&
+                !trimmed.startsWith('//') &&
+                !trimmed.startsWith('/*') &&
+                !codeWithoutComment.endsWith(';') &&
+                !codeWithoutComment.endsWith('{') &&
+                !codeWithoutComment.endsWith('}') &&
+                !trimmed.startsWith('if') &&
+                !trimmed.startsWith('for') &&
+                !trimmed.startsWith('while') &&
+                !trimmed.startsWith('public') &&
+                !trimmed.startsWith('private') &&
+                !trimmed.startsWith('protected') &&
+                !trimmed.startsWith('class') &&
+                !trimmed.startsWith('@') &&
+                !trimmed.startsWith('import') &&
+                !trimmed.startsWith('package') &&
+                (codeWithoutComment.includes('=') ||
+                    codeWithoutComment.includes('System.out') ||
+                    trimmed.startsWith('return') ||
+                    trimmed.startsWith('throw') ||
+                    trimmed.startsWith('break') ||
+                    trimmed.startsWith('continue'))) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Missing semicolon',
+                    suggestion: `Add ; at the end: ${codeWithoutComment};`,
+                    severity: 'error'
+                });
+            }
+        });
+        // Advanced detection methods
+        this.detectMethodSignatureErrors(code, lineErrors);
+        this.detectUnbalancedBraces(code, lineErrors);
+        this.detectNullPointerRisks(code, lineErrors);
+        this.detectCompilationErrors(code, lineErrors);
+        this.detectRuntimeExceptions(code, lineErrors);
+        this.detectConcurrencyIssues(code, lineErrors);
+        this.detectMemoryLeaks(code, lineErrors);
+        this.detectIOExceptions(code, lineErrors);
+        this.detectSQLInjection(code, lineErrors);
+        this.detectSerializationIssues(code, lineErrors);
+        this.detectPerformanceIssues(code, lineErrors);
+        this.detectNamingConventions(code, lineErrors);
+        this.detectAccessModifierIssues(code, lineErrors);
+        this.detectResourceLeaks(code, lineErrors);
+        this.detectBoxingUnboxing(code, lineErrors);
+        this.detectDeprecatedAPIs(code, lineErrors);
+        this.detectExceptionHandling(code, lineErrors);
+        this.detectDuplicateVariables(code, lineErrors);
+        this.detectMethodNamingIssues(code, lineErrors);
+        this.detectMagicNumbers(code, lineErrors);
+        this.detectGodClasses(code, lineErrors);
+        this.detectTooManyParameters(code, lineErrors);
+        this.detectStringComparisonWithEquals(code, lineErrors);
+        this.detectEmptyCatchBlocks(code, lineErrors);
+        this.detectUninitializedVariables(code, lineErrors);
+        this.detectMissingReturnStatements(code, lineErrors);
+        this.detectInvalidModifierOrder(code, lineErrors);
+        // DON'T add general balance errors - specific methods above already detect these issues
+        // with proper line numbers, enabling Auto-Fix functionality
+        result.syntax.errors = errors;
+        result.syntax.lineErrors = lineErrors;
+        result.syntax.valid = errors.length === 0 && lineErrors.filter(e => e.severity === 'error').length === 0;
+        if (!result.syntax.valid) {
+            result.quality.score -= errors.length * 15;
+        }
+    }
+    /**
+     * Detect method signature errors - Missing parentheses, malformed signatures
+     *
+     * Fixed logic:
+     * - Checks ALL lines ending with { (not just method signatures)
+     * - Detects missing ) in method signatures, catch blocks, if/while/for statements
+     * - Avoids false positives on multi-line declarations (lines without {)
+     */
+    detectMethodSignatureErrors(code, lineErrors) {
+        /**
+         * IMPROVED LOGIC (2025-10-16):
+         * - Properly handles strings with parentheses: "text (with parens)"
+         * - Uses CodeCleaner to remove comments before counting
+         * - Only checks lines ending with { (avoids multi-line false positives)
+         * - Handles multi-line parameter lists correctly
+         */
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            const trimmed = line.trim();
+            // Skip comments and empty lines
+            if (trimmed.startsWith('//') || trimmed.startsWith('/*') || !trimmed)
+                return;
+            // CRITICAL: Use CodeCleaner to remove comments (handles both // and /* */ correctly)
+            const codeWithoutComment = code_cleaner_1.CodeCleaner.removeLineComments(line, 'java');
+            if (!codeWithoutComment.trim())
+                return;
+            // Only check lines that end with { (potential syntax error location)
+            // This avoids false positives on multi-line method declarations like:
+            //   public void createUser(String name, String email,
+            //                         String address, String phone,  <- no { on this line
+            if (!codeWithoutComment.endsWith('{'))
+                return;
+            // IMPROVED: Remove string literals to avoid counting parentheses inside strings
+            // Example: String msg = "Hello (world)"; -> String msg = ;
+            let codeWithoutStrings = codeWithoutComment;
+            // Remove double-quoted strings
+            codeWithoutStrings = codeWithoutStrings.replace(/"(?:[^"\\]|\\.)*"/g, '""');
+            // Remove single-quoted chars
+            codeWithoutStrings = codeWithoutStrings.replace(/'(?:[^'\\]|\\.)'/g, "''");
+            // Count parentheses in the cleaned line (no comments, no strings)
+            let parenCount = 0;
+            for (const char of codeWithoutStrings) {
+                if (char === '(')
+                    parenCount++;
+                if (char === ')')
+                    parenCount--;
+            }
+            // If there are unclosed parentheses, it's a syntax error
+            // Examples:
+            // - public void processUser(User user {     -> parenCount = 1
+            // - } catch (Exception e {                  -> parenCount = 1
+            // - if (condition {                         -> parenCount = 1
+            if (parenCount > 0) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Syntax Error: Missing closing parenthesis before opening brace',
+                    suggestion: 'Add closing parenthesis ) before {',
+                    severity: 'error',
+                    references: references_1.javaStandards['compilation-errors'] || []
+                });
+            }
+            // If there are too many closing parentheses, also report
+            // BUT: Skip if this is a multi-line parameter list ending
+            // FIX (Dec 12, 2025): Check if line contains ONLY closing paren + { (no opening paren)
+            // Example valid multi-line signatures that should NOT be flagged:
+            //   Line 56: public void createUser(String name, String email,
+            //   Line 57:                        String phone, String city) {  <- has ) but no (
+            const hasOpenParen = codeWithoutStrings.includes('(');
+            const hasCloseParen = codeWithoutStrings.includes(')');
+            const isMultiLineContinuation = hasCloseParen && !hasOpenParen;
+            if (parenCount < 0 && !isMultiLineContinuation) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Syntax Error: Extra closing parenthesis',
+                    suggestion: 'Remove extra ) or add opening parenthesis (',
+                    severity: 'error',
+                    references: references_1.javaStandards['compilation-errors'] || []
+                });
+            }
+        });
+    }
+    /**
+     * Detect unbalanced braces - Missing opening or closing braces
+     *
+     * Tracks brace balance across the entire file to detect:
+     * - Methods/blocks with missing closing }
+     * - Extra closing } without matching opening {
+     */
+    detectUnbalancedBraces(code, lineErrors) {
+        const lines = code.split('\n');
+        const openBraces = []; // Stack of line numbers where { was opened
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            const trimmed = line.trim();
+            // Skip full-line comments
+            if (trimmed.startsWith('//') || trimmed.startsWith('/*'))
+                return;
+            // CRITICAL FIX: Use CodeCleaner to properly remove comments
+            const codeWithoutComment = code_cleaner_1.CodeCleaner.removeLineComments(line, 'java');
+            // PHASE 6 FIX (2025-11-21): Remove string literals before counting braces
+            // Previous bug: Braces inside strings like "${jndi:ldap://...}" were counted
+            // This caused false positives on classes with JNDI exploit strings
+            let codeWithoutStrings = codeWithoutComment;
+            // Remove double-quoted strings (most common in Java)
+            codeWithoutStrings = codeWithoutStrings.replace(/"(?:[^"\\]|\\.)*"/g, '""');
+            // Remove single-quoted chars
+            codeWithoutStrings = codeWithoutStrings.replace(/'(?:[^'\\]|\\.)'/g, "''");
+            // Count braces in this line
+            for (const char of codeWithoutStrings) {
+                if (char === '{') {
+                    openBraces.push(lineNumber);
+                }
+                else if (char === '}') {
+                    if (openBraces.length > 0) {
+                        openBraces.pop(); // Match closing brace with opening brace
+                    }
+                    else {
+                        // Extra closing brace without matching opening brace
+                        lineErrors.push({
+                            line: lineNumber,
+                            error: 'Syntax Error: Extra closing brace (no matching opening brace)',
+                            suggestion: 'Remove extra } or add opening brace',
+                            severity: 'error',
+                            references: references_1.javaStandards['compilation-errors'] || []
+                        });
+                    }
+                }
+            }
+        });
+        // After processing all lines, check if there are unclosed braces
+        if (openBraces.length > 0) {
+            // Report the LAST unclosed brace (most likely the problematic one)
+            const lastOpenBraceLine = openBraces[openBraces.length - 1];
+            lineErrors.push({
+                line: lastOpenBraceLine,
+                error: 'Syntax Error: Missing closing brace',
+                suggestion: 'Add closing brace } to close this block',
+                severity: 'error',
+                references: references_1.javaStandards['compilation-errors'] || []
+            });
+        }
+    }
+    /**
+     * Detect NullPointerException risks - null checks and Optional usage
+     */
+    detectNullPointerRisks(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            const trimmed = line.trim();
+            // Skip all types of comments
+            if (trimmed.startsWith('//') || trimmed.startsWith('/*') || trimmed.startsWith('*') || trimmed.startsWith('*/'))
+                return;
+            // Detect direct null assignment without checks
+            if (line.match(/=\s*null\s*;/) && !line.includes('//')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'NullPointerException risk: Null assignment',
+                    suggestion: 'Consider using Optional<T> or adding null checks',
+                    severity: 'warning',
+                    references: references_1.javaStandards['null-pointer'] || []
+                });
+            }
+            // DISABLED: Too aggressive - generates false positives on every method call
+            // Detect method calls on potentially null objects (disabled)
+            /*
+            if (line.match(/\w+\.\w+\(/) && !line.includes('if') && !line.includes('!=') && !line.includes('null')) {
+              const prevLines = lines.slice(Math.max(0, index - 3), index);
+              const hasNullCheck = prevLines.some(l => l.includes('!= null') || l.includes('== null'));
+      
+              if (!hasNullCheck && line.includes('get') && !line.includes('Optional')) {
+                lineErrors.push({
+                  line: lineNumber,
+                  error: 'NullPointerException risk: Method call without null check',
+                  suggestion: 'Add check: if (object != null) { ... } or use Optional',
+                  severity: 'info',
+                  references: javaStandards['null-pointer'] || []
+                });
+              }
+            }
+            */
+        });
+    }
+    /**
+     * Detect compilation errors - Cannot find symbol, type mismatches
+     */
+    detectCompilationErrors(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect common typos in type names (use word boundaries to avoid false positives)
+            const commonTypos = {
+                'Strng': 'String',
+                'Strin': 'String',
+                'Integr': 'Integer',
+                'Intger': 'Integer',
+                'Booln': 'Boolean',
+                'Boolen': 'Boolean',
+                'ArrayLst': 'ArrayList',
+                'HashMp': 'HashMap'
+            };
+            Object.entries(commonTypos).forEach(([typo, correct]) => {
+                // Use word boundary regex to avoid matching typo inside correct word
+                // e.g., don't match "Strin" inside "String"
+                const regex = new RegExp(`\\b${typo}\\b`);
+                if (regex.test(line)) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: `Compilation error: Type "${typo}" does not exist`,
+                        suggestion: `Use "${correct}" instead of "${typo}"`,
+                        severity: 'error',
+                        references: references_1.javaStandards['compilation-errors'] || []
+                    });
+                }
+            });
+            // DISABLED: Generates too many duplicate warnings
+            // Detect missing import statements (disabled - too noisy)
+            /*
+            const needsImport = [
+              { pattern: /\bArrayList\b/, import: 'import java.util.ArrayList;' },
+              { pattern: /\bHashMap\b/, import: 'import java.util.HashMap;' },
+              { pattern: /\bList\b/, import: 'import java.util.List;' },
+              { pattern: /\bMap\b/, import: 'import java.util.Map;' },
+              { pattern: /\bScanner\b/, import: 'import java.util.Scanner;' },
+              { pattern: /\bFile\b/, import: 'import java.io.File;' }
+            ];
+      
+            needsImport.forEach(({ pattern, import: importStmt }) => {
+              if (pattern.test(line) && !code.includes(importStmt)) {
+                lineErrors.push({
+                  line: lineNumber,
+                  error: `Possible compilation error: Missing import`,
+                  suggestion: `Add: ${importStmt}`,
+                  severity: 'warning',
+                  references: javaStandards['compilation-errors'] || []
+                });
+              }
+            });
+            */
+        });
+    }
+    /**
+     * Detect runtime exceptions - ClassCast, ArrayBounds, IllegalArgument, IllegalState
+     */
+    detectRuntimeExceptions(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect unsafe casting
+            if (line.match(/\(\w+\)\s*\w+/) && !line.includes('instanceof')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'ClassCastException risk: Cast without check',
+                    suggestion: 'Use instanceof before casting: if (obj instanceof Type) { Type t = (Type) obj; }',
+                    severity: 'warning',
+                    references: references_1.javaStandards['class-cast'] || []
+                });
+            }
+            // Detect array access without bounds checking
+            if (line.match(/\w+\[\d+\]/) || line.match(/\w+\[i\]/)) {
+                const arrayMatch = line.match(/(\w+)\[/);
+                if (arrayMatch) {
+                    const arrayName = arrayMatch[1];
+                    const prevLines = lines.slice(Math.max(0, index - 3), index);
+                    const hasBoundsCheck = prevLines.some(l => l.includes(`${arrayName}.length`) || l.includes('< length'));
+                    if (!hasBoundsCheck) {
+                        lineErrors.push({
+                            line: lineNumber,
+                            error: 'ArrayIndexOutOfBoundsException risk: Access without bounds check',
+                            suggestion: `Check: if (index >= 0 && index < ${arrayName}.length)`,
+                            severity: 'info',
+                            references: references_1.javaStandards['array-bounds'] || []
+                        });
+                    }
+                }
+            }
+            // DISABLED: Too aggressive - generates too many false positives
+            // Detect missing argument validation ONLY for critical methods (disabled for now)
+            /*
+            if (line.match(/public\s+\w+\s+\w+\s*\([^)]*\w+[^)]*\)/) && !line.includes('void main')) {
+              const nextLines = lines.slice(index + 1, Math.min(index + 5, lines.length));
+              const hasValidation = nextLines.some(l =>
+                l.includes('if') && (l.includes('== null') || l.includes('< 0') || l.includes('isEmpty'))
+              );
+      
+              if (!hasValidation) {
+                lineErrors.push({
+                  line: lineNumber,
+                  error: 'IllegalArgumentException risk: Missing parameter validation',
+                  suggestion: 'Add validation: if (param == null) throw new IllegalArgumentException("...");',
+                  severity: 'info',
+                  references: javaStandards['illegal-argument'] || []
+                });
+              }
+            }
+            */
+        });
+    }
+    /**
+     * Detect concurrency issues - ConcurrentModification, synchronized, volatile
+     */
+    detectConcurrencyIssues(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect modification during iteration
+            if (line.match(/for\s*\(\s*\w+\s+\w+\s*:\s*(\w+)\)/)) {
+                const iterMatch = line.match(/for\s*\(\s*\w+\s+\w+\s*:\s*(\w+)\)/);
+                if (iterMatch) {
+                    const collectionName = iterMatch[1];
+                    const nextLines = lines.slice(index + 1, Math.min(index + 10, lines.length));
+                    nextLines.forEach((nextLine, offset) => {
+                        if (nextLine.includes(`${collectionName}.add`) ||
+                            nextLine.includes(`${collectionName}.remove`)) {
+                            lineErrors.push({
+                                line: lineNumber,
+                                error: `ConcurrentModificationException risk: Modification of ${collectionName} during iteration`,
+                                suggestion: `Use Iterator.remove() or iterate over a copy: new ArrayList<>(${collectionName})`,
+                                severity: 'error',
+                                references: references_1.javaStandards['concurrency-issues'] || []
+                            });
+                        }
+                    });
+                }
+            }
+            // Detect missing synchronization on shared data
+            if (line.match(/static\s+\w+\s+\w+\s*=/) && !line.includes('final') && !line.includes('private')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Concurrency risk: Non-final static variable without synchronization',
+                    suggestion: 'Add synchronized, use volatile, or make final if possible',
+                    severity: 'warning',
+                    references: references_1.javaStandards['concurrency-issues'] || []
+                });
+            }
+            // Detect double-checked locking without volatile
+            if (line.includes('synchronized') && line.includes('if')) {
+                const prevLines = lines.slice(Math.max(0, index - 3), index);
+                const hasVolatile = prevLines.some(l => l.includes('volatile'));
+                if (!hasVolatile) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Double-checked locking pattern requires volatile',
+                        suggestion: 'Declare the variable as volatile to ensure visibility between threads',
+                        severity: 'warning',
+                        references: references_1.javaStandards['concurrency-issues'] || []
+                    });
+                }
+            }
+        });
+    }
+    /**
+     * Detect memory leaks - Unclosed resources, static collections, listeners
+     */
+    detectMemoryLeaks(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect static collections that might grow indefinitely
+            if (line.match(/static\s+.*\b(ArrayList|HashMap|HashSet|List|Map|Set)\b/) && !line.includes('final')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Memory leak risk: Static collection can grow indefinitely',
+                    suggestion: 'Use WeakHashMap, limit size, or clear collection periodically',
+                    severity: 'warning',
+                    references: references_1.javaStandards['memory-errors'] || []
+                });
+            }
+            // Detect listeners without removal
+            if (line.includes('addListener') || line.includes('addEventListener')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Memory leak risk: Listener added without removal',
+                    suggestion: 'Make sure to remove listeners when they are no longer needed',
+                    severity: 'info',
+                    references: references_1.javaStandards['memory-errors'] || []
+                });
+            }
+            // Detect potential infinite recursion
+            if (line.match(/public\s+\w+\s+(\w+)\s*\([^)]*\)/)) {
+                const methodMatch = line.match(/public\s+\w+\s+(\w+)\s*\([^)]*\)/);
+                if (methodMatch) {
+                    const methodName = methodMatch[1];
+                    const nextLines = lines.slice(index + 1, Math.min(index + 20, lines.length));
+                    const hasRecursion = nextLines.some(l => l.includes(`${methodName}(`));
+                    const hasBaseCase = nextLines.some(l => l.includes('return') && !l.includes(`${methodName}(`));
+                    if (hasRecursion && !hasBaseCase) {
+                        lineErrors.push({
+                            line: lineNumber,
+                            error: 'StackOverflowError risk: Recursion without apparent base case',
+                            suggestion: 'Add stopping condition to avoid infinite recursion',
+                            severity: 'warning',
+                            references: references_1.javaStandards['memory-errors'] || []
+                        });
+                    }
+                }
+            }
+        });
+    }
+    /**
+     * Detect IO exceptions - File operations without try-with-resources
+     */
+    detectIOExceptions(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect file operations without try-with-resources
+            const ioClasses = ['FileReader', 'FileWriter', 'BufferedReader', 'BufferedWriter',
+                'FileInputStream', 'FileOutputStream', 'Scanner'];
+            ioClasses.forEach(ioClass => {
+                if (line.includes(`new ${ioClass}`) && !line.includes('try')) {
+                    const prevLines = lines.slice(Math.max(0, index - 2), index);
+                    const hasTryWithResources = prevLines.some(l => l.includes('try ('));
+                    if (!hasTryWithResources) {
+                        lineErrors.push({
+                            line: lineNumber,
+                            error: `Resource leak risk: ${ioClass} without try-with-resources`,
+                            suggestion: `Use try-with-resources: try (${ioClass} reader = new ${ioClass}(...)) { ... }`,
+                            severity: 'warning',
+                            references: references_1.javaStandards['io-exceptions'] || []
+                        });
+                    }
+                }
+            });
+        });
+    }
+    /**
+     * Detect SQL injection - String concatenation in SQL
+     *
+     * NOTE: SQL Injection is now detected in analyzeSecurity() with full CVSS scoring,
+     * compliance mapping (OWASP/CWE/PCI-DSS), and remediation details.
+     * This method is kept for backward compatibility but does NOT add duplicates to lineErrors.
+     */
+    detectSQLInjection(code, lineErrors) {
+        // SQL Injection detection moved to analyzeSecurity() for comprehensive security analysis
+        // Keeping this method empty to maintain the call in analyzeSyntax()
+        return;
+    }
+    /**
+     * Detect serialization issues - Unsafe deserialization
+     */
+    detectSerializationIssues(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect unsafe deserialization
+            if (line.includes('ObjectInputStream') && !line.includes('ValidatingObjectInputStream')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Security risk: Deserialization without validation',
+                    suggestion: 'Use ValidatingObjectInputStream or validate allowed classes',
+                    severity: 'warning',
+                    references: references_1.javaStandards['serialization'] || []
+                });
+            }
+            // Detect Serializable without serialVersionUID
+            if (line.includes('implements Serializable')) {
+                const nextLines = lines.slice(index + 1, Math.min(index + 10, lines.length));
+                const hasSerialVersionUID = nextLines.some(l => l.includes('serialVersionUID'));
+                if (!hasSerialVersionUID) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: 'Serializable class without serialVersionUID',
+                        suggestion: 'Add: private static final long serialVersionUID = 1L;',
+                        severity: 'info',
+                        references: references_1.javaStandards['serialization'] || []
+                    });
+                }
+            }
+        });
+    }
+    /**
+     * Detect performance issues - Vector/Hashtable, String concat in loops, inefficient loops
+     */
+    detectPerformanceIssues(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect Vector usage
+            if (line.match(/\bVector\b/) && !line.includes('//')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Performance issue: Vector is synchronized (slow)',
+                    suggestion: 'Use ArrayList for better performance (or CopyOnWriteArrayList if thread-safety is needed)',
+                    severity: 'warning',
+                    references: references_1.javaStandards['collections-performance'] || []
+                });
+            }
+            // Detect Hashtable usage
+            if (line.match(/\bHashtable\b/) && !line.includes('//')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Performance issue: Hashtable is synchronized (slow)',
+                    suggestion: 'Use HashMap for better performance (or ConcurrentHashMap if thread-safety is needed)',
+                    severity: 'warning',
+                    references: references_1.javaStandards['collections-performance'] || []
+                });
+            }
+            // Detect string concatenation in loops
+            if (line.match(/for\s*\(/) || line.match(/while\s*\(/)) {
+                const loopStartIndex = index;
+                const nextLines = lines.slice(index + 1, Math.min(index + 15, lines.length));
+                nextLines.forEach((nextLine, offset) => {
+                    if (nextLine.includes('+=') && (nextLine.includes('"') || nextLine.includes("'"))) {
+                        lineErrors.push({
+                            line: loopStartIndex + 1,
+                            error: 'Performance issue: String concatenation in loop',
+                            suggestion: 'Use StringBuilder: StringBuilder sb = new StringBuilder(); ... sb.append(...);',
+                            severity: 'warning',
+                            references: references_1.javaStandards['string-concatenation'] || []
+                        });
+                    }
+                });
+            }
+            // Detect inefficient collection iteration
+            if (line.match(/for\s*\(\s*int\s+i\s*=\s*0.*\.size\(\)/)) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Performance issue: Inefficient iteration',
+                    suggestion: 'Use enhanced for loop: for (Type item : collection) or forEach',
+                    severity: 'info',
+                    references: references_1.javaStandards['performance'] || []
+                });
+            }
+        });
+    }
+    /**
+     * Detect naming convention violations - camelCase, PascalCase, UPPER_CASE
+     */
+    detectNamingConventions(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect class names not starting with uppercase
+            const classMatch = line.match(/class\s+([a-z][a-zA-Z0-9]*)/);
+            if (classMatch) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: `Class name should start with uppercase: "${classMatch[1]}"`,
+                    suggestion: `Rename to PascalCase: ${classMatch[1].charAt(0).toUpperCase() + classMatch[1].slice(1)}`,
+                    severity: 'warning',
+                    references: references_1.javaStandards['naming-conventions'] || []
+                });
+            }
+            // Detect variable names starting with uppercase (but exclude constants)
+            const varMatch = line.match(/\b(int|String|boolean|double|float|long|char|byte|short)\s+([A-Z]\w*)\s*=/);
+            if (varMatch && !line.includes('static final')) {
+                // Only flag if it's not a constant (constants should be UPPERCASE)
+                lineErrors.push({
+                    line: lineNumber,
+                    error: `Variable name should start with lowercase: "${varMatch[2]}"`,
+                    suggestion: `Use camelCase: ${varMatch[2].charAt(0).toLowerCase() + varMatch[2].slice(1)}`,
+                    severity: 'warning',
+                    references: references_1.javaStandards['naming-conventions'] || []
+                });
+            }
+            // Detect constants not in UPPER_CASE
+            if (line.match(/static\s+final\s+\w+\s+([a-z][a-zA-Z0-9]*)\s*=/)) {
+                const constMatch = line.match(/static\s+final\s+\w+\s+([a-z][a-zA-Z0-9]*)\s*=/);
+                if (constMatch) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: `Constant should be in UPPER_CASE: "${constMatch[1]}"`,
+                        suggestion: `Rename to: ${constMatch[1].toUpperCase().replace(/([A-Z])/g, '_$1')}`,
+                        severity: 'info',
+                        references: references_1.javaStandards['naming-conventions'] || []
+                    });
+                }
+            }
+        });
+    }
+    /**
+     * Detect access modifier issues - Methods without explicit modifiers
+     */
+    detectAccessModifierIssues(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect methods without explicit access modifiers
+            if (line.match(/^\s*\w+\s+\w+\s*\(/) &&
+                !line.includes('public') &&
+                !line.includes('private') &&
+                !line.includes('protected')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Method without explicit access modifier (package-private)',
+                    suggestion: 'Add public, private or protected for clarity',
+                    severity: 'info',
+                    references: references_1.javaStandards['access-modifiers'] || []
+                });
+            }
+            // Detect public fields (should use getters/setters)
+            if (line.match(/public\s+\w+\s+\w+\s*;/) && !line.includes('static') && !line.includes('final')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Public field detected - violates encapsulation',
+                    suggestion: 'Make private and add getters/setters',
+                    severity: 'warning',
+                    references: references_1.javaStandards['access-modifiers'] || []
+                });
+            }
+        });
+    }
+    /**
+     * Detect resource leaks - Missing try-with-resources for AutoCloseable
+     */
+    detectResourceLeaks(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect AutoCloseable resources not in try-with-resources
+            const autoCloseableTypes = [
+                'InputStream', 'OutputStream', 'Reader', 'Writer',
+                'Connection', 'Statement', 'ResultSet',
+                'Socket', 'ServerSocket', 'Channel'
+            ];
+            autoCloseableTypes.forEach(type => {
+                if (line.includes(`new ${type}`) || line.includes(`= ${type}`)) {
+                    const prevLines = lines.slice(Math.max(0, index - 2), index);
+                    const hasTryWithResources = prevLines.some(l => l.includes('try ('));
+                    const isInTryWithResources = line.includes('try (');
+                    if (!hasTryWithResources && !isInTryWithResources) {
+                        lineErrors.push({
+                            line: lineNumber,
+                            error: `Resource leak risk: ${type} should be in try-with-resources`,
+                            suggestion: `Use: try (${type} resource = ...) { ... }`,
+                            severity: 'warning',
+                            references: references_1.javaStandards['resource-leaks'] || []
+                        });
+                    }
+                }
+            });
+        });
+    }
+    /**
+     * Detect boxing/unboxing - Unnecessary autoboxing
+     */
+    detectBoxingUnboxing(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect unnecessary Integer.valueOf or new Integer
+            if (line.match(/Integer\.valueOf\(\d+\)/) || line.match(/new Integer\(/)) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Unnecessary primitive boxing',
+                    suggestion: 'Use primitive int directly, autoboxing when necessary',
+                    severity: 'info',
+                    references: references_1.javaStandards['performance'] || []
+                });
+            }
+            // Detect primitive wrapper in loop
+            if (line.match(/for\s*\(/) || line.match(/while\s*\(/)) {
+                const nextLines = lines.slice(index + 1, Math.min(index + 10, lines.length));
+                nextLines.forEach(nextLine => {
+                    if (nextLine.match(/Integer\s+\w+\s*=/) || nextLine.match(/Double\s+\w+\s*=/)) {
+                        lineErrors.push({
+                            line: lineNumber,
+                            error: 'Performance issue: Wrapper in loop causes boxing/unboxing',
+                            suggestion: 'Use primitive type (int, double) in loops for better performance',
+                            severity: 'info',
+                            references: references_1.javaStandards['performance'] || []
+                        });
+                    }
+                });
+            }
+        });
+    }
+    /**
+     * Detect deprecated APIs - Date, Vector, Hashtable, etc.
+     */
+    detectDeprecatedAPIs(code, lineErrors) {
+        const lines = code.split('\n');
+        const deprecatedAPIs = [
+            { old: 'java.util.Date', new: 'java.time.LocalDate or java.time.Instant', pattern: /\bDate\b/ },
+            { old: 'SimpleDateFormat', new: 'DateTimeFormatter', pattern: /SimpleDateFormat/ },
+            { old: 'StringTokenizer', new: 'String.split()', pattern: /StringTokenizer/ },
+            { old: 'Thread.stop()', new: 'Thread interruption', pattern: /\.stop\(\)/ },
+            { old: 'Thread.suspend()', new: 'Thread interruption', pattern: /\.suspend\(\)/ },
+            { old: 'finalize()', new: 'try-with-resources or Cleaner API', pattern: /\bfinalize\s*\(\s*\)/ }
+        ];
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            deprecatedAPIs.forEach(({ old, new: newApi, pattern }) => {
+                if (pattern.test(line)) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: `Deprecated API: ${old} is deprecated`,
+                        suggestion: `Use ${newApi} instead`,
+                        severity: 'warning',
+                        references: references_1.javaStandards['deprecated-apis'] || []
+                    });
+                }
+            });
+        });
+    }
+    /**
+     * Detect exception handling issues - Empty catch, catching Exception/Throwable
+     */
+    detectExceptionHandling(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            if (line.trim().startsWith('//'))
+                return;
+            // Detect catching generic Exception
+            if (line.match(/catch\s*\(\s*Exception\s+\w+\)/)) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Bad practice: Generic Exception catch',
+                    suggestion: 'Catch specific exceptions (IOException, SQLException, etc.)',
+                    severity: 'warning',
+                    references: references_1.javaStandards['exception-handling'] || []
+                });
+            }
+            // Detect catching Throwable
+            if (line.match(/catch\s*\(\s*Throwable\s+\w+\)/)) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'CRITICAL: Catching Throwable captures system errors',
+                    suggestion: 'Never catch Throwable, use specific exceptions',
+                    severity: 'error',
+                    references: references_1.javaStandards['exception-handling'] || []
+                });
+            }
+            // Detect empty catch blocks
+            if (line.match(/catch\s*\([^)]+\)\s*\{\s*\}/)) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'CRITICAL: Empty catch block - exception ignored',
+                    suggestion: 'Handle the exception or at least log: logger.error("...", e);',
+                    severity: 'error',
+                    references: references_1.javaStandards['exception-handling'] || []
+                });
+            }
+            // Detect printStackTrace() usage
+            if (line.includes('.printStackTrace()')) {
+                lineErrors.push({
+                    line: lineNumber,
+                    error: 'Bad practice: printStackTrace() in production',
+                    suggestion: 'Use a logger: logger.error("Error occurred", e);',
+                    severity: 'info',
+                    references: references_1.javaStandards['exception-handling'] || []
+                });
+            }
+        });
+    }
+    /**
+     * Detect duplicate variable declarations - SYNTAX ERROR (Error 26)
+     *
+     * Tracks variable declarations within method scope and detects when
+     * the same variable name is declared twice, which is a compilation error.
+     */
+    detectDuplicateVariables(code, lineErrors) {
+        const lines = code.split('\n');
+        const variablesByMethod = new Map();
+        let currentMethod = null;
+        let braceDepth = 0;
+        let methodBraceDepth = 0;
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            const trimmed = line.trim();
+            // Skip comments
+            if (trimmed.startsWith('//') || trimmed.startsWith('/*'))
+                return;
+            // CRITICAL FIX: Use CodeCleaner to remove comments (handles strings correctly)
+            // Old approach: trimmed.split('//')[0] - doesn't handle strings
+            // Example: String url = "https://example.com";  <- split('//')[0] would break this!
+            const codeWithoutComment = code_cleaner_1.CodeCleaner.removeLineComments(line, 'java');
+            if (!codeWithoutComment.trim())
+                return;
+            // Track method entry
+            if (codeWithoutComment.match(/(?:public|private|protected|static|\s)+\s+\w+\s+(\w+)\s*\([^)]*\)\s*\{/)) {
+                const methodMatch = codeWithoutComment.match(/\s(\w+)\s*\(/);
+                if (methodMatch) {
+                    currentMethod = methodMatch[1] + '_' + lineNumber; // Unique ID per method
+                    variablesByMethod.set(currentMethod, new Map());
+                    methodBraceDepth = braceDepth;
+                }
+            }
+            // Track brace depth
+            for (const char of codeWithoutComment) {
+                if (char === '{')
+                    braceDepth++;
+                if (char === '}') {
+                    braceDepth--;
+                    // Exit method when we close its brace
+                    if (currentMethod && braceDepth === methodBraceDepth) {
+                        currentMethod = null;
+                    }
+                }
+            }
+            // Detect variable declarations inside methods
+            // Pattern: type variableName = ... OR type variableName;
+            // Common types: int, String, boolean, double, float, long, char, byte, short, Object, List, Map, etc.
+            if (currentMethod && codeWithoutComment.match(/\b(int|String|boolean|double|float|long|char|byte|short|Integer|Double|Boolean|Object|List|Map|Set|Array|File)\s+(\w+)\s*(=|;)/)) {
+                const varMatch = codeWithoutComment.match(/\b(int|String|boolean|double|float|long|char|byte|short|Integer|Double|Boolean|Object|List|Map|Set|Array|File)\s+(\w+)\s*(=|;)/);
+                if (varMatch) {
+                    const varType = varMatch[1];
+                    const varName = varMatch[2];
+                    const variables = variablesByMethod.get(currentMethod);
+                    // Check if this variable was already declared in this method
+                    if (variables.has(varName)) {
+                        const firstDeclarationLine = variables.get(varName);
+                        lineErrors.push({
+                            line: lineNumber,
+                            error: `Syntax Error: Variable "${varName}" is already defined on line ${firstDeclarationLine}`,
+                            suggestion: `Remove duplicate declaration or rename variable (e.g., ${varName}2)`,
+                            severity: 'error',
+                            references: references_1.javaStandards['compilation-errors'] || []
+                        });
+                    }
+                    else {
+                        // Track this variable declaration
+                        variables.set(varName, lineNumber);
+                    }
+                }
+            }
+        });
+    }
+    /**
+     * Detect method naming issues - Methods not in camelCase (e.g., Process_User_Data)
+     */
+    detectMethodNamingIssues(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            const trimmed = line.trim();
+            // Skip comments
+            if (trimmed.startsWith('//') || trimmed.startsWith('/*'))
+                return;
+            // Detect method declarations with snake_case or PascalCase names
+            // Pattern: public/private/protected returnType methodName(...)
+            const methodMatch = line.match(/(?:public|private|protected|static|\s)+\s+(\w+)\s+([A-Z_][a-zA-Z0-9_]*)\s*\(/);
+            if (methodMatch && !line.includes('class ')) {
+                const methodName = methodMatch[2];
+                // Check for snake_case (contains underscore)
+                if (methodName.includes('_')) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: `Method name should be camelCase, not snake_case: "${methodName}"`,
+                        suggestion: `Rename to camelCase: ${methodName.toLowerCase().replace(/_(.)/g, (_, c) => c.toUpperCase())}`,
+                        severity: 'warning',
+                        references: references_1.javaStandards['naming-conventions'] || []
+                    });
+                }
+                // Check for PascalCase (starts with uppercase, no underscore)
+                else if (methodName[0] === methodName[0].toUpperCase() && !methodName.includes('_')) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: `Method name should be camelCase, not PascalCase: "${methodName}"`,
+                        suggestion: `Rename to camelCase: ${methodName[0].toLowerCase() + methodName.slice(1)}`,
+                        severity: 'warning',
+                        references: references_1.javaStandards['naming-conventions'] || []
+                    });
+                }
+            }
+        });
+    }
+    /**
+     * Detect magic numbers - Numeric literals that should be named constants
+     */
+    detectMagicNumbers(code, lineErrors) {
+        const lines = code.split('\n');
+        let inMultiLineComment = false;
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            const trimmed = line.trim();
+            // Track multi-line comment blocks (/* ... */)
+            if (trimmed.includes('/*')) {
+                inMultiLineComment = true;
+            }
+            if (trimmed.includes('*/')) {
+                inMultiLineComment = false;
+                return; // Skip the line with */
+            }
+            // Skip comments, constants declarations, and array indices
+            if (trimmed.startsWith('//') || inMultiLineComment ||
+                line.includes('static final') || line.includes('final static'))
+                return;
+            // Remove string literals to avoid detecting numbers inside strings
+            // Example: "Java OWASP 2025" should NOT flag 2025 as magic number
+            const lineWithoutStrings = trimmed.replace(/"[^"]*"/g, '').replace(/'[^']*'/g, '');
+            // Detect magic numbers: integers >= 10 (excluding 0, 1, -1 which are universal)
+            // Pattern: numbers not in declarations or array indices
+            const magicNumberPattern = /\b(1[0-9]|[2-9][0-9]|[1-9][0-9]{2,})\b/g;
+            const matches = [...lineWithoutStrings.matchAll(magicNumberPattern)];
+            if (matches.length > 0) {
+                // Check if it's in a context where magic numbers are acceptable
+                const isArrayIndex = lineWithoutStrings.match(/\[\s*\d+\s*\]/);
+                const isConstantDecl = lineWithoutStrings.match(/=\s*\d+\s*;/) && line.includes('final');
+                // Skip cryptographic operations (SecureRandom, BigInteger, MessageDigest, etc.)
+                const isCryptoOperation = trimmed.match(/SecureRandom|BigInteger|MessageDigest|Cipher|KeyGenerator|SecretKey/i);
+                if (!isArrayIndex && !isConstantDecl && !isCryptoOperation) {
+                    matches.forEach(match => {
+                        const number = match[0];
+                        lineErrors.push({
+                            line: lineNumber,
+                            error: `Magic number detected: ${number}`,
+                            suggestion: `Replace with a named constant: private static final int MEANINGFUL_NAME = ${number};`,
+                            severity: 'info',
+                            references: references_1.javaStandards['naming-conventions'] || []
+                        });
+                    });
+                }
+            }
+        });
+    }
+    /**
+     * Detect God Classes - Classes with too many methods (violates SRP)
+     */
+    detectGodClasses(code, lineErrors) {
+        const lines = code.split('\n');
+        // Count methods per class
+        let currentClass = null;
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            const trimmed = line.trim();
+            // Skip comments
+            if (trimmed.startsWith('//') || trimmed.startsWith('/*'))
+                return;
+            // Detect class declaration
+            const classMatch = line.match(/(?:public|private|protected)?\s*class\s+(\w+)/);
+            if (classMatch) {
+                // Report previous class if it was a God class
+                if (currentClass && currentClass.methods > 10) {
+                    lineErrors.push({
+                        line: currentClass.line,
+                        error: `God Class detected: ${currentClass.name} has ${currentClass.methods} methods (>10)`,
+                        suggestion: 'Refactor into smaller, focused classes following Single Responsibility Principle',
+                        severity: 'warning',
+                        references: references_1.javaStandards['naming-conventions'] || []
+                    });
+                }
+                // Start tracking new class
+                currentClass = { name: classMatch[1], line: lineNumber, methods: 0 };
+            }
+            // Count methods in current class
+            if (currentClass && line.match(/(?:public|private|protected)\s+\w+\s+\w+\s*\(/)) {
+                currentClass.methods++;
+            }
+        });
+        // Check last class
+        if (currentClass) {
+            const classInfo = currentClass;
+            if (classInfo.methods > 10) {
+                lineErrors.push({
+                    line: classInfo.line,
+                    error: `God Class detected: ${classInfo.name} has ${classInfo.methods} methods (>10)`,
+                    suggestion: 'Refactor into smaller, focused classes following Single Responsibility Principle',
+                    severity: 'warning',
+                    references: references_1.javaStandards['naming-conventions'] || []
+                });
+            }
+        }
+    }
+    /**
+     * Detect methods with too many parameters (>7 is a code smell)
+     * Methods with many parameters are hard to test, maintain, and understand.
+     * Consider using parameter objects or builder pattern.
+     */
+    detectTooManyParameters(code, lineErrors) {
+        const lines = code.split('\n');
+        const MAX_PARAMETERS = 7; // Industry standard threshold
+        // FIX (Dec 12, 2025): Handle multi-line method signatures
+        // Previous: Only checked single-line method declarations
+        // Now: Collect method signature across multiple lines until closing )
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            const trimmed = line.trim();
+            // Skip comments
+            if (trimmed.startsWith('//') || trimmed.startsWith('/*'))
+                return;
+            // Detect method declaration start: [access modifier] returnType methodName(
+            // Pattern: public void methodName( or private String getValue(
+            const methodStartMatch = line.match(/(?:public|private|protected)\s+\w+\s+(\w+)\s*\(/);
+            if (methodStartMatch) {
+                const methodName = methodStartMatch[1];
+                // Collect full method signature across multiple lines until we find closing )
+                let fullSignature = line;
+                let currentIndex = index;
+                // If line doesn't have closing ), continue collecting from next lines
+                let openParens = (fullSignature.match(/\(/g) || []).length;
+                let closeParens = (fullSignature.match(/\)/g) || []).length;
+                while (openParens > closeParens && currentIndex < lines.length - 1) {
+                    currentIndex++;
+                    const nextLine = lines[currentIndex];
+                    fullSignature += ' ' + nextLine;
+                    openParens += (nextLine.match(/\(/g) || []).length;
+                    closeParens += (nextLine.match(/\)/g) || []).length;
+                }
+                // Now extract parameters from full signature
+                const fullMethodMatch = fullSignature.match(/\(([^)]*)\)/);
+                if (fullMethodMatch) {
+                    const paramsString = fullMethodMatch[1].trim();
+                    // Skip empty parameter lists
+                    if (!paramsString)
+                        return;
+                    // Count parameters by splitting on commas
+                    // Need to be careful about generics like List<String, Integer>
+                    // Simple heuristic: count commas not inside <> brackets
+                    let paramCount = 1; // Start at 1 if we have any parameters
+                    let depth = 0;
+                    for (const char of paramsString) {
+                        if (char === '<')
+                            depth++;
+                        else if (char === '>')
+                            depth--;
+                        else if (char === ',' && depth === 0)
+                            paramCount++;
+                    }
+                    if (paramCount > MAX_PARAMETERS) {
+                        lineErrors.push({
+                            line: lineNumber,
+                            error: `Method has too many parameters: ${methodName} has ${paramCount} parameters (max recommended: ${MAX_PARAMETERS})`,
+                            suggestion: 'Refactor using parameter objects, builder pattern, or method decomposition',
+                            severity: 'warning',
+                            references: references_1.javaStandards['naming-conventions'] || []
+                        });
+                    }
+                }
+            }
+        });
+    }
+    /**
+     * Detect string comparison using == instead of .equals()
+     * IMPORTANT: This is a QUALITY/LOGIC issue, NOT a syntax error
+     * Using == compares object references, not string content
+     */
+    detectStringComparisonWithEquals(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            const trimmed = line.trim();
+            // Skip comments
+            if (trimmed.startsWith('//') || trimmed.startsWith('/*'))
+                return;
+            // Remove comments from line for analysis
+            const codeWithoutComment = code_cleaner_1.CodeCleaner.removeLineComments(line, 'java');
+            if (!codeWithoutComment.trim())
+                return;
+            // Detect == or != with string literals or String variables
+            // Pattern 1: variable == "string literal"
+            // Pattern 2: "string literal" == variable
+            // Pattern 3: stringVar == anotherStringVar (if variables look like strings)
+            // Check for == or != with string literals
+            const stringLiteralPattern = /(\w+)\s*(==|!=)\s*"([^"]*)"|"([^"]*)"\s*(==|!=)\s*(\w+)/;
+            const match = codeWithoutComment.match(stringLiteralPattern);
+            if (match) {
+                const operator = match[2] || match[5];
+                const suggestion = operator === '==' ? '.equals()' : '!.equals()';
+                lineErrors.push({
+                    line: lineNumber,
+                    error: `String comparison using ${operator} instead of .equals() - compares object references, not content`,
+                    suggestion: `Use ${suggestion} method for string comparison: variable.equals("string")`,
+                    severity: 'warning', // QUALITY issue, not syntax error
+                    references: references_1.javaStandards['naming-conventions'] || []
+                });
+            }
+        });
+    }
+    /**
+     * Detect empty catch blocks - Multi-line empty catch blocks
+     */
+    detectEmptyCatchBlocks(code, lineErrors) {
+        const lines = code.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const trimmed = line.trim();
+            // Skip comments
+            if (trimmed.startsWith('//') || trimmed.startsWith('/*'))
+                continue;
+            // Detect catch block opening
+            if (trimmed.match(/catch\s*\([^)]+\)\s*\{/)) {
+                // Check if it's a single-line empty catch (already detected elsewhere)
+                if (trimmed.match(/catch\s*\([^)]+\)\s*\{\s*\}/)) {
+                    continue; // Already handled by detectExceptionHandling
+                }
+                // Check next few lines for empty catch block
+                let braceDepth = 1;
+                let isEmpty = true;
+                let j = i + 1;
+                while (j < lines.length && braceDepth > 0) {
+                    const nextLine = lines[j].trim();
+                    // Skip comments
+                    if (!nextLine.startsWith('//') && !nextLine.startsWith('/*') && nextLine.length > 0) {
+                        // Count braces
+                        for (const char of nextLine) {
+                            if (char === '{')
+                                braceDepth++;
+                            if (char === '}')
+                                braceDepth--;
+                        }
+                        // If there's any code (not just closing brace), it's not empty
+                        if (nextLine !== '}' && !nextLine.startsWith('}')) {
+                            isEmpty = false;
+                            break;
+                        }
+                    }
+                    j++;
+                }
+                if (isEmpty && braceDepth === 0) {
+                    lineErrors.push({
+                        line: i + 1,
+                        error: 'Empty catch block detected - exceptions should not be silently ignored',
+                        suggestion: 'Handle the exception: log it, rethrow it, or at least add a comment explaining why it\'s safe to ignore',
+                        severity: 'error',
+                        references: references_1.javaStandards['exception-handling'] || []
+                    });
+                }
+            }
+        }
+    }
+    /**
+     * Detect uninitialized variables - Variables declared but not initialized
+     */
+    detectUninitializedVariables(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            const trimmed = line.trim();
+            // Skip comments
+            if (trimmed.startsWith('//') || trimmed.startsWith('/*'))
+                return;
+            // Detect variable declaration without initialization
+            // Pattern: type variableName; (without = assignment)
+            const uninitMatch = line.match(/\b(int|String|boolean|double|float|long|char|byte|short|Integer|Double|Boolean|Object|List|Map|Set|Array)\s+(\w+)\s*;/);
+            if (uninitMatch && !line.includes('=')) {
+                const varType = uninitMatch[1];
+                const varName = uninitMatch[2];
+                // SPRING FRAMEWORK FIX (2025-11-22): Skip dependency injection annotated fields
+                // Spring annotations like @Value, @Autowired, @Inject initialize fields at runtime
+                // Checking previous line for these annotations to avoid false positives
+                const prevLine = index > 0 ? lines[index - 1].trim() : '';
+                const springAnnotations = ['@Value(', '@Autowired', '@Inject', '@Resource'];
+                if (springAnnotations.some(annotation => prevLine.includes(annotation))) {
+                    // This field is initialized by Spring/Jakarta - skip uninitialized check
+                    return;
+                }
+                // Check if variable is used before initialization in next lines
+                const nextLines = lines.slice(index + 1, Math.min(index + 10, lines.length));
+                let isUsedBeforeInit = false;
+                let isInitialized = false;
+                for (const nextLine of nextLines) {
+                    // Skip comments
+                    if (nextLine.trim().startsWith('//'))
+                        continue;
+                    // Check if variable is assigned
+                    if (nextLine.match(new RegExp(`${varName}\\s*=`))) {
+                        isInitialized = true;
+                        break;
+                    }
+                    // Check if variable is used (in expression, method call, etc.)
+                    if (nextLine.includes(varName) && !nextLine.match(new RegExp(`\\b${varType}\\s+${varName}\\b`))) {
+                        isUsedBeforeInit = true;
+                        break;
+                    }
+                }
+                if (isUsedBeforeInit && !isInitialized) {
+                    lineErrors.push({
+                        line: lineNumber,
+                        error: `Variable "${varName}" may not be initialized before use`,
+                        suggestion: `Initialize variable: ${varType} ${varName} = null; // or appropriate default value`,
+                        severity: 'error',
+                        references: references_1.javaStandards['compilation-errors'] || []
+                    });
+                }
+            }
+        });
+    }
+    /**
+     * Detect missing return statements - Non-void methods without return in all paths
+     */
+    detectMissingReturnStatements(code, lineErrors) {
+        const lines = code.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const trimmed = line.trim();
+            // Skip comments
+            if (trimmed.startsWith('//') || trimmed.startsWith('/*'))
+                continue;
+            // Detect non-void method declaration
+            const methodMatch = line.match(/(?:public|private|protected)\s+(\w+)\s+(\w+)\s*\([^)]*\)\s*\{/);
+            if (methodMatch && methodMatch[1] !== 'void') {
+                const returnType = methodMatch[1];
+                const methodName = methodMatch[2];
+                // Look for if-else blocks without return in all branches
+                let hasIfElse = false;
+                let hasReturnInIf = false;
+                let hasReturnInElse = false;
+                let braceDepth = 1;
+                let j = i + 1;
+                while (j < lines.length && braceDepth > 0) {
+                    const nextLine = lines[j].trim();
+                    // Count braces
+                    for (const char of nextLine) {
+                        if (char === '{')
+                            braceDepth++;
+                        if (char === '}')
+                            braceDepth--;
+                    }
+                    // Check for if-else
+                    if (nextLine.startsWith('if ') || nextLine.startsWith('if(')) {
+                        hasIfElse = true;
+                    }
+                    // Check for return in if block
+                    if (hasIfElse && nextLine.includes('return') && braceDepth === 2) {
+                        hasReturnInIf = true;
+                    }
+                    // Check for else
+                    if (nextLine.startsWith('else') || nextLine.includes('} else')) {
+                        // Check for return in else block
+                        const elseStart = j;
+                        let elseDepth = braceDepth;
+                        for (let k = elseStart; k < Math.min(elseStart + 10, lines.length); k++) {
+                            if (lines[k].includes('return')) {
+                                hasReturnInElse = true;
+                                break;
+                            }
+                        }
+                    }
+                    j++;
+                }
+                // If there's an if-else but missing return in else branch
+                if (hasIfElse && hasReturnInIf && !hasReturnInElse) {
+                    lineErrors.push({
+                        line: i + 1,
+                        error: `Method "${methodName}" may not return a value in all code paths`,
+                        suggestion: `Add return statement in else branch: return ${returnType === 'boolean' ? 'false' : returnType === 'int' ? '0' : 'null'};`,
+                        severity: 'error',
+                        references: references_1.javaStandards['compilation-errors'] || []
+                    });
+                }
+            }
+        }
+    }
+    /**
+     * Detect invalid modifier order - Incorrect order (e.g., "static public" instead of "public static")
+     */
+    detectInvalidModifierOrder(code, lineErrors) {
+        const lines = code.split('\n');
+        lines.forEach((line, index) => {
+            const lineNumber = index + 1;
+            const trimmed = line.trim();
+            // Skip comments
+            if (trimmed.startsWith('//') || trimmed.startsWith('/*'))
+                return;
+            // Detect invalid modifier order
+            // Correct order: [access modifier] [static] [final] [other modifiers]
+            // Invalid patterns:
+            // - static/final/abstract before access modifiers
+            const invalidOrderPatterns = [
+                { pattern: /\b(static|final|abstract|synchronized|native|strictfp)\s+(public|private|protected)\b/, correct: 'public static' },
+                { pattern: /\bfinal\s+static\b/, correct: 'static final' }
+            ];
+            invalidOrderPatterns.forEach(({ pattern, correct }) => {
+                if (pattern.test(line)) {
+                    const match = line.match(pattern);
+                    if (match) {
+                        lineErrors.push({
+                            line: lineNumber,
+                            error: `Invalid modifier order: "${match[0]}"`,
+                            suggestion: `Use correct order: ${correct}`,
+                            severity: 'warning',
+                            references: references_1.javaStandards['naming-conventions'] || []
+                        });
+                    }
+                }
+            });
+        });
+    }
+    analyzeQuality(code, result) {
+        const issues = [];
+        // Check for class names starting with lowercase
+        const classes = code.match(/class\s+([a-z][a-zA-Z]*)/g);
+        if (classes) {
+            issues.push({
+                type: 'warning',
+                message: 'Class names should start with uppercase (PascalCase)',
+                severity: 'medium'
+            });
+            result.quality.score -= 5;
+        }
+        // Check for very long methods
+        const methods = code.match(/public\s+\w+\s+\w+\s*\([^)]*\)\s*\{[^}]+\}/g);
+        if (methods) {
+            methods.forEach(method => {
+                const lines = method.split('\n').length;
+                if (lines > 20) {
+                    issues.push({
+                        type: 'warning',
+                        message: 'Method too long - consider refactoring',
+                        severity: 'medium'
+                    });
+                    result.quality.score -= 5;
+                }
+            });
+        }
+        // Check for magic numbers usage
+        const magicNumbers = code.match(/[^a-zA-Z_]\d{2,}/g);
+        if (magicNumbers && magicNumbers.length > 2) {
+            issues.push({
+                type: 'info',
+                message: 'Consider using named constants instead of magic numbers',
+                severity: 'low'
+            });
+            result.quality.score -= 3;
+        }
+        // Check for missing JavaDoc in public methods
+        const publicMethods = code.match(/public\s+\w+\s+\w+/g);
+        const javadocCount = (code.match(/\/\*\*[\s\S]*?\*\//g) || []).length;
+        if (publicMethods && publicMethods.length > javadocCount) {
+            issues.push({
+                type: 'info',
+                message: 'Add JavaDoc documentation to public methods',
+                severity: 'low'
+            });
+            result.quality.score -= 2;
+        }
+        result.quality.issues = issues;
+        result.quality.score = Math.max(0, result.quality.score);
+    }
+    analyzePerformance(code, result) {
+        const suggestions = [];
+        // Check for string concatenation in loops
+        if (code.match(/for.*\{[\s\S]*?\+\s*=.*"/)) {
+            suggestions.push('Use StringBuilder for concatenation in loops');
+            result.performance.score -= 15;
+        }
+        // Check Vector vs ArrayList usage
+        if (code.includes('Vector')) {
+            suggestions.push('Use ArrayList instead of Vector for better performance');
+            result.performance.score -= 8;
+        }
+        // Check Hashtable vs HashMap usage
+        if (code.includes('Hashtable')) {
+            suggestions.push('Use HashMap instead of Hashtable (unless synchronization is needed)');
+            result.performance.score -= 8;
+        }
+        // Check for unnecessary loops
+        if (code.match(/for\s*\([^)]+\)\s*\{\s*if\s*\([^)]+\)\s*\{[\s\S]*?\}\s*\}/)) {
+            suggestions.push('Consider using streams with filter() for better readability');
+            result.performance.score -= 5;
+        }
+        // Check System.out.println usage in loops
+        if (code.match(/for.*\{[\s\S]*?System\.out\.println/)) {
+            suggestions.push('Avoid I/O in loops for better performance');
+            result.performance.score -= 10;
+        }
+        result.performance.suggestions = suggestions;
+        result.performance.score = Math.max(0, result.performance.score);
+    }
+    /**
+     * Analyzes Java code for security vulnerabilities using modular security checks
+     *
+     * This method coordinates all security analysis by delegating to specialized modules:
+     * - Injection attacks (SQL, Command, LDAP, XPath)
+     * - Deserialization and XXE vulnerabilities
+     * - Hardcoded credentials detection
+     * - Cryptographic validation (weak algorithms, insecure random)
+     * - File operation security (path traversal, upload validation)
+     * - Unsafe patterns (reflection, NPE, exception handling)
+     * - Code quality issues (God classes, debug output)
+     *
+     * All checks are performed in parallel for optimal performance.
+     */
+    analyzeSecurity(code, result) {
+        const lines = code.split('\n');
+        // Run all modular security checks
+        const vulnerabilities = [
+            ...(0, injection_attacks_1.checkInjectionAttacks)(lines),
+            ...(0, deserialization_xxe_1.checkDeserializationAndXXE)(lines),
+            ...(0, hardcoded_credentials_1.checkHardcodedCredentials)(lines),
+            ...(0, crypto_validation_1.checkCryptoValidation)(lines),
+            ...(0, file_operations_1.checkFileOperations)(lines),
+            ...(0, unsafe_patterns_1.checkUnsafePatterns)(lines),
+            ...(0, code_quality_1.checkCodeQuality)(lines, code),
+            ...(0, framework_security_1.checkFrameworkSecurity)(lines, code),
+            // OWASP A02:2025 - Security Misconfiguration (NEW - Phase 7B)
+            ...(0, security_misconfiguration_1.checkSecurityMisconfiguration)(lines),
+            // OWASP A10:2025 - Mishandling of Exceptional Conditions (NEW - Phase 7B)
+            ...(0, exception_handling_1.checkExceptionHandling)(lines),
+            // OWASP A03:2025 - Software Supply Chain Failures (Enhanced - Phase 7B)
+            ...(0, enhanced_supply_chain_1.checkEnhancedSupplyChain)(lines),
+            // OWASP A01:2025 - Broken Access Control (Phase 7B Day 8)
+            ...(0, access_control_1.checkAccessControl)(lines),
+            // OWASP A06:2025 - Insecure Design (Phase 7B Day 9)
+            ...(0, insecure_design_1.checkInsecureDesign)(lines),
+            // OWASP A09:2025 - Security Logging and Monitoring Failures (Phase 7B Day 9)
+            ...(0, logging_failures_1.checkLoggingFailures)(lines)
+        ];
+        // Secrets Detection (Phase 1.5, Week 1)
+        const secretsAnalyzer = (0, secrets_analyzer_1.createSecretsAnalyzer)();
+        vulnerabilities.push(...secretsAnalyzer.analyzeCode(code, 'unknown.java', 'java'));
+        // =============================================================================
+        // DEDUPLICATION: Remove duplicate vulnerabilities on same line
+        // =============================================================================
+        // Fix for Beta Testing Issue: Deserialization and XXE reported twice
+        // Multiple checks can flag the same line (e.g., different detection patterns)
+        // Solution: Keep only the vulnerability with highest CVSS score per line
+        result.security.vulnerabilities = this.deduplicateVulnerabilities(vulnerabilities);
+    }
+    /**
+     * Deduplicate vulnerabilities that appear on the same line
+     *
+     * Beta Testing Fix (Dec 9, 2025):
+     * - Deserialization reported twice (line 56, CVSS 9.8 and 5.0)
+     * - XXE reported twice (lines 50 and 52)
+     *
+     * Strategy: For each line with multiple vulnerabilities of similar type,
+     * keep only the one with the highest CVSS score.
+     *
+     * @param vulnerabilities - Array of all detected vulnerabilities
+     * @returns Deduplicated array with highest CVSS per line
+     */
+    /**
+     * P1-5: Generic deduplication for ALL vulnerability types (Dec 30, 2025)
+     * Previous: Only handled deserialization and XXE
+     * Now: Handles all duplicates using category-based deduplication
+     */
+    deduplicateVulnerabilities(vulnerabilities) {
+        // P1-5: Use category-based deduplication (line + category as unique key)
+        const getCategory = (message) => {
+            const lower = message.toLowerCase();
+            if (lower.includes('hardcoded credential'))
+                return 'hardcoded-credential';
+            if (lower.includes('sql injection'))
+                return 'sql-injection';
+            if (lower.includes('command injection'))
+                return 'command-injection';
+            if (lower.includes('deserialization'))
+                return 'deserialization';
+            if (lower.includes('xxe') || lower.includes('xml external entity'))
+                return 'xxe';
+            if (lower.includes('path traversal'))
+                return 'path-traversal';
+            if (lower.includes('ldap injection'))
+                return 'ldap-injection';
+            if (lower.includes('xss') || lower.includes('cross-site scripting'))
+                return 'xss';
+            if (lower.includes('ssrf'))
+                return 'ssrf';
+            if (lower.includes('weak hash') || lower.includes('md5') || lower.includes('sha1'))
+                return 'weak-hash';
+            if (lower.includes('insecure random'))
+                return 'insecure-random';
+            if (lower.includes('missing csrf'))
+                return 'missing-csrf';
+            if (lower.includes('open redirect'))
+                return 'open-redirect';
+            if (lower.includes('missing authentication'))
+                return 'missing-authentication';
+            if (lower.includes('logging'))
+                return 'logging';
+            // Fallback: use first 30 chars as category
+            return message.substring(0, 30);
+        };
+        const uniqueMap = new Map();
+        vulnerabilities.forEach(vuln => {
+            const line = vuln.line || 0;
+            const category = getCategory(vuln.message || '');
+            const key = `${line}:${category}`;
+            const existing = uniqueMap.get(key);
+            if (!existing) {
+                uniqueMap.set(key, vuln);
+            }
+            else {
+                // Keep higher CVSS score
+                const existingScore = existing.cvssScore || 0;
+                const currentScore = vuln.cvssScore || 0;
+                if (currentScore > existingScore) {
+                    uniqueMap.set(key, vuln);
+                }
+            }
+        });
+        return Array.from(uniqueMap.values());
+    }
+    calculateMetrics(code, result) {
+        const lines = code.split('\n');
+        result.metrics.lines = lines.length;
+        const methods = (code.match(/public\s+\w+\s+\w+\s*\(/g) || []).length;
+        result.metrics.functions = methods;
+        // Calculate cyclomatic complexity - Java
+        let complexity = 1;
+        const javaKeywords = ['if', 'else', 'for', 'while', 'switch', 'case', 'catch', 'finally'];
+        javaKeywords.forEach(keyword => {
+            const matches = code.match(new RegExp(`\\b${keyword}\\b`, 'g'));
+            if (matches)
+                complexity += matches.length;
+        });
+        // Java logical operators
+        const andOperators = code.match(/&&/g);
+        const orOperators = code.match(/\|\|/g);
+        const ternaryOperators = code.match(/\?[^:]*:/g);
+        if (andOperators)
+            complexity += andOperators.length;
+        if (orOperators)
+            complexity += orOperators.length;
+        if (ternaryOperators)
+            complexity += ternaryOperators.length;
+        result.metrics.complexity = complexity;
+        result.metrics.maintainability = Math.max(0, 100 - complexity * 3);
+    }
+}
+exports.JavaAnalyzer = JavaAnalyzer;
+//# sourceMappingURL=java-analyzer.js.map