driftdetect-core 0.4.1 → 0.4.2

package/dist/call-graph/analysis/coverage-analyzer.d.ts

@@ -0,0 +1,201 @@
+/**
+ * Sensitive Data Coverage Analyzer
+ *
+ * Answers: "Which access paths to sensitive data are covered by tests?"
+ *
+ * Cross-references the call graph with test files to determine:
+ * - Which functions that access sensitive data are tested
+ * - Which access paths from entry points to sensitive data are covered
+ * - Coverage gaps for sensitive fields
+ */
+import type { CallGraph, CallPathNode } from '../types.js';
+import type { SensitivityType } from '../../boundaries/types.js';
+/**
+ * Coverage status for a sensitive field
+ */
+export type CoverageStatus = 'covered' | 'partial' | 'uncovered';
+/**
+ * An access path to sensitive data
+ */
+export interface SensitiveAccessPath {
+    /** Unique path ID */
+    id: string;
+    /** The sensitive field being accessed */
+    field: string;
+    /** Table containing the field */
+    table: string;
+    /** Sensitivity classification */
+    sensitivity: SensitivityType;
+    /** Entry point that can reach this data */
+    entryPoint: {
+        id: string;
+        name: string;
+        file: string;
+        line: number;
+    };
+    /** Function that directly accesses the data */
+    accessor: {
+        id: string;
+        name: string;
+        file: string;
+        line: number;
+    };
+    /** Call path from entry point to accessor */
+    path: CallPathNode[];
+    /** Depth of the path */
+    depth: number;
+    /** Is this path covered by tests? */
+    isTested: boolean;
+    /** Test files that cover this path */
+    testFiles: string[];
+}
+/**
+ * Coverage information for a sensitive field
+ */
+export interface FieldCoverage {
+    /** Field name (e.g., "password_hash") */
+    field: string;
+    /** Table name (e.g., "users") */
+    table: string;
+    /** Full field identifier (e.g., "users.password_hash") */
+    fullName: string;
+    /** Sensitivity classification */
+    sensitivity: SensitivityType;
+    /** Total access paths to this field */
+    totalPaths: number;
+    /** Number of tested paths */
+    testedPaths: number;
+    /** Coverage percentage */
+    coveragePercent: number;
+    /** Coverage status */
+    status: CoverageStatus;
+    /** All access paths */
+    paths: SensitiveAccessPath[];
+}
+/**
+ * Complete coverage analysis result
+ */
+export interface CoverageAnalysisResult {
+    /** Summary statistics */
+    summary: {
+        totalSensitiveFields: number;
+        totalAccessPaths: number;
+        testedAccessPaths: number;
+        coveragePercent: number;
+        bySensitivity: Record<SensitivityType, {
+            fields: number;
+            paths: number;
+            testedPaths: number;
+            coveragePercent: number;
+        }>;
+    };
+    /** Coverage by field */
+    fields: FieldCoverage[];
+    /** Uncovered paths (highest priority) */
+    uncoveredPaths: SensitiveAccessPath[];
+    /** Test files analyzed */
+    testFiles: string[];
+    /** Functions in test files */
+    testFunctions: number;
+}
+/**
+ * Custom sensitivity pattern configuration
+ */
+export interface SensitivityPatternConfig {
+    /** Pattern name for display */
+    name: string;
+    /** Regex patterns to match table/field names */
+    patterns: string[];
+    /** Sensitivity type to assign */
+    sensitivity: SensitivityType;
+    /** Priority (lower = higher priority, checked first) */
+    priority?: number;
+}
+/**
+ * Options for coverage analysis
+ */
+export interface CoverageAnalysisOptions {
+    /** Test file patterns (default: common test patterns) */
+    testPatterns?: RegExp[];
+    /** Custom sensitivity patterns (merged with defaults) */
+    sensitivityPatterns?: SensitivityPatternConfig[];
+    /** Replace default sensitivity patterns entirely */
+    replaceSensitivityPatterns?: boolean;
+    /** Minimum sensitivity to include (default: all) */
+    minSensitivity?: SensitivityType;
+    /** Maximum path depth (default: 10) */
+    maxDepth?: number;
+    /** Include partial coverage details */
+    includePartial?: boolean;
+}
+/**
+ * Analyzes test coverage for sensitive data access paths
+ */
+export declare class CoverageAnalyzer {
+    private graph;
+    private entryPointSet;
+    private testFunctions;
+    private testFiles;
+    private testedFunctions;
+    private sensitivityPatterns;
+    constructor(graph: CallGraph);
+    /**
+     * Analyze coverage for sensitive data access
+     */
+    analyze(options?: CoverageAnalysisOptions): CoverageAnalysisResult;
+    /**
+     * Get default test file patterns
+     * Covers common conventions across languages and frameworks
+     */
+    private getDefaultTestPatterns;
+    /**
+     * Get default sensitivity patterns
+     * Covers common sensitive data across ORMs and databases
+     */
+    private getDefaultSensitivityPatterns;
+    /**
+     * Identify test files and test functions
+     */
+    private identifyTestCode;
+    /**
+     * Find all functions that are called by tests (directly or transitively)
+     */
+    private findTestedFunctions;
+    /**
+     * Find all sensitive data access points
+     */
+    private findSensitiveAccess;
+    /**
+     * Build access paths from entry points to sensitive data
+     */
+    private buildAccessPaths;
+    /**
+     * Find all paths from entry points to a target function
+     */
+    private findPathsFromEntryPoints;
+    /**
+     * Mark which paths are tested
+     */
+    private markTestedPaths;
+    /**
+     * Calculate coverage by field
+     */
+    private calculateFieldCoverage;
+    /**
+     * Build summary statistics
+     */
+    private buildSummary;
+    /**
+     * Classify sensitivity of a data access point using configurable patterns
+     */
+    private classifySensitivity;
+    /**
+     * Extract sensitive field names from an access point using configurable patterns
+     */
+    private extractSensitiveFields;
+}
+/**
+ * Create a coverage analyzer
+ */
+export declare function createCoverageAnalyzer(graph: CallGraph): CoverageAnalyzer;
+//# sourceMappingURL=coverage-analyzer.d.ts.map

package/dist/call-graph/analysis/coverage-analyzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"coverage-analyzer.d.ts","sourceRoot":"","sources":["../../../src/call-graph/analysis/coverage-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EACV,SAAS,EACT,YAAY,EACb,MAAM,aAAa,CAAC;AACrB,OAAO,KAAK,EAAmB,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAMlF;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,SAAS,GAAG,WAAW,CAAC;AAEjE;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,qBAAqB;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,yCAAyC;IACzC,KAAK,EAAE,MAAM,CAAC;IACd,iCAAiC;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,iCAAiC;IACjC,WAAW,EAAE,eAAe,CAAC;IAC7B,2CAA2C;IAC3C,UAAU,EAAE;QACV,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,+CAA+C;IAC/C,QAAQ,EAAE;QACR,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,6CAA6C;IAC7C,IAAI,EAAE,YAAY,EAAE,CAAC;IACrB,wBAAwB;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,qCAAqC;IACrC,QAAQ,EAAE,OAAO,CAAC;IAClB,sCAAsC;IACtC,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,yCAAyC;IACzC,KAAK,EAAE,MAAM,CAAC;IACd,iCAAiC;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,0DAA0D;IAC1D,QAAQ,EAAE,MAAM,CAAC;IACjB,iCAAiC;IACjC,WAAW,EAAE,eAAe,CAAC;IAC7B,uCAAuC;IACvC,UAAU,EAAE,MAAM,CAAC;IACnB,6BAA6B;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,0BAA0B;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,sBAAsB;IACtB,MAAM,EAAE,cAAc,CAAC;IACvB,uBAAuB;IACvB,KAAK,EAAE,mBAAmB,EAAE,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,yBAAyB;IACzB,OAAO,EAAE;QACP,oBAAoB,EAAE,MAAM,CAAC;QAC7B,gBAAgB,EAAE,MAAM,CAAC;QACzB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,eAAe,EAAE,MAAM,CAAC;QACxB,aAAa,EAAE,MAAM,CAAC,eAAe,EAAE;YACrC,MAAM,EAAE,MAAM,CAAC;YACf,KAAK,EAAE,MAAM,CAAC;YACd,WAAW,EAAE,MAAM,CAAC;YACpB,eAAe,EAAE,MAAM,CAAC;SACzB,CAAC,CAAC;KACJ,CAAC;IACF,wBAAwB;IACxB,MAAM,EAAE,aAAa,EAAE,CAAC;IACxB,yCAAyC;IACzC,cAAc,EAAE,mBAAmB,EAAE,CAAC;IACtC,0BAA0B;IAC1B,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,8BAA8B;IAC9B,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,+BAA+B;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,gDAAgD;IAChD,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,iCAAiC;IACjC,WAAW,EAAE,eAAe,CAAC;IAC7B,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,yDAAyD;IACzD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,yDAAyD;IACzD,mBAAmB,CAAC,EAAE,wBAAwB,EAAE,CAAC;IACjD,oDAAoD;IACpD,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,oDAAoD;IACpD,cAAc,CAAC,EAAE,eAAe,CAAC;IACjC,uCAAuC;IACvC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,uCAAuC;IACvC,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAMD;;GAEG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,KAAK,CAAY;IACzB,OAAO,CAAC,aAAa,CAAc;IACnC,OAAO,CAAC,aAAa,CAAc;IACnC,OAAO,CAAC,SAAS,CAAc;IAC/B,OAAO,CAAC,eAAe,CAAc;IACrC,OAAO,CAAC,mBAAmB,CAA6B;gBAE5C,KAAK,EAAE,SAAS;IAS5B;;OAEG;IACH,OAAO,CAAC,OAAO,GAAE,uBAA4B,GAAG,sBAAsB;IAwEtE;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAsC9B;;;OAGG;IACH,OAAO,CAAC,6BAA6B;IAsGrC;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAWxB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAyB3B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA2B3B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAuDxB;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAgEhC;;OAEG;IACH,OAAO,CAAC,eAAe;IA+BvB;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAiE9B;;OAEG;IACH,OAAO,CAAC,YAAY;IAwCpB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAe3B;;OAEG;IACH,OAAO,CAAC,sBAAsB;CAkB/B;AAMD;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,SAAS,GAAG,gBAAgB,CAEzE"}