getdoorman 1.0.0

package/src/rules/bugs/accessibility.js

@@ -0,0 +1,235 @@
+// Bug detection: Accessibility (a11y) patterns — things AI generators almost always miss
+const JSX_EXT = ['.jsx', '.tsx'];
+function isJSX(f) { return JSX_EXT.some(e => f.endsWith(e)); }
+function isHTML(f) { return f.endsWith('.html') || f.endsWith('.htm') || f.endsWith('.erb') || f.endsWith('.ejs') || f.endsWith('.hbs') || f.endsWith('.svelte') || f.endsWith('.vue'); }
+function isTemplate(f) { return isJSX(f) || isHTML(f); }
+
+const rules = [
+  {
+    id: 'BUG-A11Y-001',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'definite',
+    title: 'Image without alt attribute',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isTemplate(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/<img\b/.test(lines[i])) {
+            // Check this line and next couple for alt
+            const block = lines.slice(i, Math.min(i + 3, lines.length)).join(' ');
+            if (!/alt\s*=/.test(block) && !/\/\>/.test(lines[i]) || (/<img\b/.test(lines[i]) && /\/>/.test(block) && !/alt\s*=/.test(block))) {
+              findings.push({
+                ruleId: 'BUG-A11Y-001', category: 'bugs', severity: 'medium',
+                title: '<img> without alt attribute — screen readers can\'t describe the image',
+                description: 'All images must have alt text. Use alt="" for decorative images, or a descriptive alt for meaningful ones.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-A11Y-002',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'definite',
+    title: 'Click handler on non-interactive element',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJSX(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // <div onClick=  or <span onClick= without role
+          if (/<(?:div|span|p|li|section|article|header|footer|main)\b[^>]*onClick/.test(lines[i])) {
+            const block = lines.slice(i, Math.min(i + 3, lines.length)).join(' ');
+            if (!/role\s*=/.test(block) && !/tabIndex/.test(block)) {
+              findings.push({
+                ruleId: 'BUG-A11Y-002', category: 'bugs', severity: 'high',
+                title: 'onClick on non-interactive element (div/span) without role and tabIndex',
+                description: 'Divs and spans are not focusable or interactive by default. Keyboard users can\'t trigger onClick. Use <button> instead, or add role="button" tabIndex={0} onKeyDown.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-A11Y-003',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'Form input without associated label',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isTemplate(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/<input\b/.test(lines[i]) && !/type\s*=\s*['"](?:hidden|submit|button|reset|image)['"]/.test(lines[i])) {
+            const block = lines.slice(Math.max(0, i - 3), Math.min(i + 3, lines.length)).join(' ');
+            if (!/aria-label\s*=|aria-labelledby\s*=|<label|id\s*=/.test(block) && !/placeholder/.test(lines[i])) {
+              findings.push({
+                ruleId: 'BUG-A11Y-003', category: 'bugs', severity: 'medium',
+                title: '<input> without label, aria-label, or aria-labelledby',
+                description: 'Screen readers need labels to identify form fields. Use <label htmlFor="id">, aria-label, or aria-labelledby.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-A11Y-004',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'definite',
+    title: 'Missing lang attribute on html element',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isHTML(fp) && !/layout\.(tsx|jsx)$/.test(fp)) continue;
+        if (/<html\b/.test(content) && !/<html[^>]*\blang\s*=/.test(content)) {
+          findings.push({
+            ruleId: 'BUG-A11Y-004', category: 'bugs', severity: 'medium',
+            title: '<html> without lang attribute — screen readers don\'t know the language',
+            description: 'Add lang="en" (or appropriate language) to the <html> tag. Screen readers use this to select the correct pronunciation.',
+            file: fp, line: 1, fix: null,
+          });
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-A11Y-005',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'Heading level skipped',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isTemplate(fp)) continue;
+        const lines = content.split('\n');
+        const headings = [];
+        for (let i = 0; i < lines.length; i++) {
+          const match = lines[i].match(/<h([1-6])\b/);
+          if (match) {
+            headings.push({ level: parseInt(match[1], 10), line: i + 1 });
+          }
+        }
+        for (let h = 1; h < headings.length; h++) {
+          if (headings[h].level > headings[h - 1].level + 1) {
+            findings.push({
+              ruleId: 'BUG-A11Y-005', category: 'bugs', severity: 'medium',
+              title: `Heading level skipped: h${headings[h - 1].level} → h${headings[h].level}`,
+              description: 'Heading levels should not skip (e.g., h2 → h4). Screen reader users navigate by headings and expect a logical hierarchy.',
+              file: fp, line: headings[h].line, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-A11Y-006',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'definite',
+    title: 'Anchor tag used as button',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isTemplate(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // <a href="#" onClick= or <a href="javascript:" onClick=
+          if (/<a\b[^>]*href\s*=\s*['"](?:#|javascript:)['"][^>]*onClick/.test(lines[i])) {
+            findings.push({
+              ruleId: 'BUG-A11Y-006', category: 'bugs', severity: 'high',
+              title: '<a href="#"> used as button — use <button> instead',
+              description: 'Links with href="#" or "javascript:" are fake buttons. They confuse screen readers (announced as "link"), don\'t work with keyboard (Enter vs Space), and scroll to top. Use <button>.',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-A11Y-007',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'Color used as only indicator',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isTemplate(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // Conditional styling based on status without text indicator
+          if (/className\s*=.*(?:text-red|text-green|bg-red|bg-green|color:\s*red|color:\s*green)/.test(lines[i]) ||
+              /style\s*=.*(?:color:\s*['"]?(?:red|green|#[0-9a-f]{3,6}))/.test(lines[i])) {
+            // Check if there's also a text/icon indicator nearby
+            const block = lines.slice(i, Math.min(i + 3, lines.length)).join(' ');
+            if (/error|success|warning|status|valid|invalid/.test(block) && !/aria-label|sr-only|screen-reader|icon|✓|✗|⚠|❌|✅/.test(block)) {
+              findings.push({
+                ruleId: 'BUG-A11Y-007', category: 'bugs', severity: 'medium',
+                title: 'Status indicated by color only — inaccessible to colorblind users',
+                description: 'Don\'t rely on color alone to convey information. Add text, icons, or aria-labels alongside color indicators.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-A11Y-008',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'definite',
+    title: 'Auto-playing media without user control',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isTemplate(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/<(?:video|audio)\b[^>]*autoPlay|<(?:video|audio)\b[^>]*autoplay/.test(lines[i])) {
+            const block = lines.slice(i, Math.min(i + 3, lines.length)).join(' ');
+            if (!/muted/.test(block)) {
+              findings.push({
+                ruleId: 'BUG-A11Y-008', category: 'bugs', severity: 'medium',
+                title: 'Auto-playing media with sound — disorienting for screen reader users',
+                description: 'Auto-playing audio interferes with screen readers. Add muted attribute or provide a way to pause.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+];
+
+export default rules;

package/src/rules/bugs/ai-codegen-fixable.js

@@ -0,0 +1,172 @@
+// Auto-fixable patterns commonly left by AI code generators
+const JS_EXT = ['.js', '.jsx', '.ts', '.tsx', '.mjs', '.cjs'];
+function isJS(f) { return JS_EXT.some(e => f.endsWith(e)); }
+function isPy(f) { return f.endsWith('.py'); }
+
+const rules = [
+  {
+    id: 'BUG-AIFIX-001',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'definite',
+    title: '"your-api-key" placeholder → process.env reference',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          const match = lines[i].match(/['"`](your[-_]?api[-_]?key|your[-_]?secret[-_]?key|sk-[.x]+)['"`]/i);
+          if (match) {
+            findings.push({
+              ruleId: 'BUG-AIFIX-001', category: 'bugs', severity: 'medium',
+              title: 'AI placeholder API key → use environment variable',
+              file: fp, line: i + 1,
+              fix: {
+                type: 'replace',
+                old: match[0],
+                new: "process.env.API_KEY",
+              },
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-AIFIX-002',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'definite',
+    title: 'localhost URL → env variable',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        if (/config|\.env|constant|setting|test|spec/i.test(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          const match = lines[i].match(/(['"`])(https?:\/\/localhost:\d+)\1/);
+          if (match) {
+            findings.push({
+              ruleId: 'BUG-AIFIX-002', category: 'bugs', severity: 'high',
+              title: 'Hardcoded localhost URL → use environment variable',
+              file: fp, line: i + 1,
+              fix: {
+                type: 'replace',
+                old: match[0],
+                new: "process.env.API_URL || " + match[0],
+              },
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-AIFIX-003',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'definite',
+    title: '=== undefined → optional chaining or nullish coalescing',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // if (x.y === undefined) or if (x.y !== undefined)
+          const match = lines[i].match(/if\s*\(\s*(\w+\.\w+)\s*===\s*undefined\s*\)/);
+          if (match) {
+            findings.push({
+              ruleId: 'BUG-AIFIX-003', category: 'bugs', severity: 'medium',
+              title: '=== undefined check → use optional chaining',
+              file: fp, line: i + 1,
+              fix: {
+                type: 'replace',
+                old: `${match[1]} === undefined`,
+                new: `${match[1]} == null`,
+              },
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-AIFIX-004',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'definite',
+    title: 'Python print() debug statement → logging',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        if (/test_|_test\.py|conftest/.test(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // print(f"Debug: ... or print("DEBUG or print(f"Error
+          if (/^\s*print\s*\(\s*f?['"`](?:DEBUG|Error|Warning|Info|debug|error|WARN)/i.test(lines[i])) {
+            const match = lines[i].match(/^(\s*)print\s*\(\s*(f?['"`])/);
+            if (match) {
+              const isError = /error/i.test(lines[i]);
+              const level = isError ? 'error' : 'debug';
+              findings.push({
+                ruleId: 'BUG-AIFIX-004', category: 'bugs', severity: 'medium',
+                title: `print() debug statement → logging.${level}()`,
+                file: fp, line: i + 1,
+                fix: {
+                  type: 'replace',
+                  old: `${match[1]}print(`,
+                  new: `${match[1]}logging.${level}(`,
+                },
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-AIFIX-005',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'definite',
+    title: 'var declaration → const/let',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // var outside of for loop (for loops handled by BUG-FIX-003)
+          if (/^\s*var\s+(\w+)\s*=/.test(lines[i]) && !/^\s*for\s*\(/.test(lines[i])) {
+            const varName = lines[i].match(/var\s+(\w+)/)[1];
+            // Check if reassigned
+            const rest = lines.slice(i + 1).join('\n');
+            const reassignRe = new RegExp(`^\\s*${varName}\\s*=(?!=)`, 'm');
+            const isConst = !reassignRe.test(rest);
+            findings.push({
+              ruleId: 'BUG-AIFIX-005', category: 'bugs', severity: 'medium',
+              title: `var ${varName} → ${isConst ? 'const' : 'let'} ${varName}`,
+              file: fp, line: i + 1,
+              fix: {
+                type: 'replace',
+                old: `var ${varName}`,
+                new: `${isConst ? 'const' : 'let'} ${varName}`,
+              },
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+];
+
+export default rules;