getdoorman 1.0.0

package/src/rules/bugs/js-memory.js

@@ -0,0 +1,214 @@
+// Bug detection: Memory leak patterns
+const JS_EXT = ['.js', '.jsx', '.ts', '.tsx', '.mjs', '.cjs'];
+function isJS(f) { return JS_EXT.some(e => f.endsWith(e)); }
+
+const rules = [
+  {
+    id: 'BUG-MEM-001',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'setInterval without clearInterval',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/setInterval\s*\(/.test(lines[i])) {
+            // Check if interval is stored and cleared
+            const hasStore = /(?:const|let|var)\s+\w+\s*=\s*setInterval|intervalId|intervalRef|timer/.test(lines[i]);
+            const hasClear = /clearInterval/.test(content);
+            if (!hasClear) {
+              findings.push({
+                ruleId: 'BUG-MEM-001', category: 'bugs', severity: 'high',
+                title: 'setInterval without clearInterval — keeps running forever',
+                description: 'Intervals run indefinitely. In components, they leak on unmount. In servers, they prevent garbage collection. Always store the ID and clear it.',
+                file: fp, line: i + 1, fix: null,
+              });
+            } else if (!hasStore) {
+              findings.push({
+                ruleId: 'BUG-MEM-001', category: 'bugs', severity: 'high',
+                title: 'setInterval return value not stored — can never be cleared',
+                description: 'Store the interval ID to clear it later: const id = setInterval(...); clearInterval(id);',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-MEM-002',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'addEventListener without removeEventListener',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        // Count add vs remove
+        const adds = (content.match(/addEventListener\s*\(/g) || []).length;
+        const removes = (content.match(/removeEventListener\s*\(/g) || []).length;
+        if (adds > 0 && removes === 0) {
+          // Check if it's in a component (has React imports or hooks)
+          const isComponent = /use(State|Effect|Ref|Callback)|React|Component/.test(content);
+          if (isComponent) {
+            const lines = content.split('\n');
+            for (let i = 0; i < lines.length; i++) {
+              if (/addEventListener\s*\(/.test(lines[i])) {
+                findings.push({
+                  ruleId: 'BUG-MEM-002', category: 'bugs', severity: 'high',
+                  title: 'addEventListener in component without removeEventListener — memory leak',
+                  description: 'Event listeners must be cleaned up on unmount. Add removeEventListener in the useEffect cleanup function.',
+                  file: fp, line: i + 1, fix: null,
+                });
+              }
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-MEM-003',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'Growing array/map in module scope — unbounded memory growth',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        // Find module-level arrays/maps/sets
+        for (let i = 0; i < lines.length; i++) {
+          const match = lines[i].match(/^(?:const|let)\s+(\w+)\s*=\s*(?:new\s+(?:Map|Set|WeakMap)\s*\(\)|\[\s*\]|\{\s*\})/);
+          if (!match) continue;
+          const name = match[1];
+          // Check if items are added but never removed/cleared
+          const addRe = new RegExp(`${name}\\s*\\.\\s*(push|add|set|unshift)\\s*\\(`);
+          const removeRe = new RegExp(`${name}\\s*\\.\\s*(delete|remove|splice|pop|shift|clear|slice)\\s*\\(`);
+          const resetRe = new RegExp(`^\\s*${name}\\s*=\\s*(?:new|\\[\\s*\\]|\\{\\s*\\})`, 'm');
+          // Check rest of file (after declaration) for add/remove
+          const rest = lines.slice(i + 1).join('\n');
+          if (addRe.test(rest) && !removeRe.test(rest) && !resetRe.test(rest)) {
+            findings.push({
+              ruleId: 'BUG-MEM-003', category: 'bugs', severity: 'medium',
+              title: `Module-level "${name}" grows without bounds — items added but never removed`,
+              description: 'Collections in module scope persist for the process lifetime. Without cleanup, they grow indefinitely and leak memory.',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-MEM-004',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Closure captures large object unnecessarily',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // Large data read, then closure created that captures it
+          if (/(?:const|let)\s+(\w+)\s*=\s*(?:await\s+)?(?:readFile|fs\.read|JSON\.parse|Buffer\.from|response\.json|\.text\(\)|fetch)/.test(lines[i])) {
+            const varName = lines[i].match(/(?:const|let)\s+(\w+)/)[1];
+            // Check if a long-lived closure references this (setTimeout, setInterval, event handler)
+            for (let j = i + 1; j < Math.min(i + 20, lines.length); j++) {
+              if (/(?:setTimeout|setInterval|addEventListener|\.on\(|new\s+Promise|=>\s*\{)/.test(lines[j])) {
+                const closureBlock = lines.slice(j, Math.min(j + 15, lines.length)).join('\n');
+                if (new RegExp(`\\b${varName}\\b`).test(closureBlock)) {
+                  findings.push({
+                    ruleId: 'BUG-MEM-004', category: 'bugs', severity: 'high',
+                    title: `Large data "${varName}" captured by long-lived closure — may leak memory`,
+                    description: 'Closures in timers and event handlers keep captured variables alive. If the variable holds large data (file contents, API responses), it can\'t be garbage collected.',
+                    file: fp, line: j + 1, fix: null,
+                  });
+                  break;
+                }
+              }
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-MEM-005',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'String concatenation in loop — creates many intermediate strings',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        let inLoop = false;
+        for (let i = 0; i < lines.length; i++) {
+          if (/^\s*(?:for|while)\s*\(/.test(lines[i])) inLoop = true;
+          if (inLoop && /\w+\s*\+=\s*['"`]/.test(lines[i])) {
+            findings.push({
+              ruleId: 'BUG-MEM-005', category: 'bugs', severity: 'medium',
+              title: 'String concatenation in loop — O(n²) memory and time',
+              description: 'Each += creates a new string. For large loops, use an array and .join("") at the end.',
+              file: fp, line: i + 1, fix: null,
+            });
+            inLoop = false;
+          }
+          if (/^\s*\}/.test(lines[i])) inLoop = false;
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-MEM-006',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'setTimeout in recursive function without base case check',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          const funcMatch = lines[i].match(/(?:function\s+(\w+)|(?:const|let)\s+(\w+)\s*=)/);
+          if (!funcMatch) continue;
+          const funcName = funcMatch[1] || funcMatch[2];
+          // Check if function calls setTimeout with itself
+          let block = '';
+          for (let j = i; j < Math.min(i + 25, lines.length); j++) {
+            block += lines[j] + '\n';
+          }
+          if (new RegExp(`setTimeout\\s*\\(\\s*${funcName}\\b`).test(block) || new RegExp(`setTimeout\\s*\\(\\s*\\(\\)\\s*=>\\s*${funcName}\\s*\\(`).test(block)) {
+            if (!/if\s*\(|return\s|clearTimeout|cancel|stop/.test(block)) {
+              findings.push({
+                ruleId: 'BUG-MEM-006', category: 'bugs', severity: 'medium',
+                title: `Recursive setTimeout for "${funcName}" without clear stop condition`,
+                description: 'setTimeout calling the same function without a stop condition runs forever. Add a base case or cancellation mechanism.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+];
+
+export default rules;

package/src/rules/bugs/js-node.js

@@ -0,0 +1,361 @@
+// Bug detection: Node.js backend patterns Claude commonly generates wrong
+const JS_EXT = ['.js', '.jsx', '.ts', '.tsx', '.mjs', '.cjs'];
+function isJS(f) { return JS_EXT.some(e => f.endsWith(e)); }
+
+const rules = [
+  {
+    id: 'BUG-NODE-001',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'definite',
+    title: 'Express route handler without error handling middleware',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // async route handler without try/catch
+          if (/\.(get|post|put|patch|delete)\s*\(\s*['"`\/]/.test(lines[i])) {
+            let block = '';
+            for (let j = i; j < Math.min(i + 20, lines.length); j++) {
+              block += lines[j] + '\n';
+            }
+            if (/async\s*\(/.test(block) && !/try\s*\{/.test(block) && !/asyncHandler|catchAsync|wrapper|middleware/.test(block)) {
+              findings.push({
+                ruleId: 'BUG-NODE-001', category: 'bugs', severity: 'high',
+                title: 'Async Express route without try/catch — unhandled rejections crash the server',
+                description: 'Express does not catch async errors automatically. Wrap in try/catch or use an async error wrapper.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-NODE-002',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'definite',
+    title: 'Response sent after headers already sent',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // res.send/json/end followed by more res.send/json/end without return
+          if (/res\.(send|json|end|redirect|render|status\(\d+\)\.(send|json))\s*\(/.test(lines[i])) {
+            if (!/return\s+res\./.test(lines[i]) && !/^\s*return\b/.test(lines[i])) {
+              // Check next few lines for another response
+              for (let j = i + 1; j < Math.min(i + 8, lines.length); j++) {
+                if (/res\.(send|json|end|redirect|render|status)\s*\(/.test(lines[j])) {
+                  findings.push({
+                    ruleId: 'BUG-NODE-002', category: 'bugs', severity: 'high',
+                    title: 'Multiple responses sent — "headers already sent" crash',
+                    description: 'Sending a response without returning allows subsequent code to send another response. Use `return res.json(...)` to prevent this.',
+                    file: fp, line: i + 1, fix: null,
+                  });
+                  break;
+                }
+                if (/return\b|\}/.test(lines[j])) break;
+              }
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-NODE-003',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Callback called multiple times',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // callback/cb/next called without return before it
+          if (/\b(callback|cb|next|done)\s*\(/.test(lines[i]) && !/return\s+(callback|cb|next|done)/.test(lines[i]) && !/^\s*return\b/.test(lines[i])) {
+            // Check if same callback is called again within next 10 lines
+            const cbName = lines[i].match(/\b(callback|cb|next|done)\s*\(/)?.[1];
+            if (!cbName) continue;
+            for (let j = i + 1; j < Math.min(i + 10, lines.length); j++) {
+              if (new RegExp(`\\b${cbName}\\s*\\(`).test(lines[j])) {
+                findings.push({
+                  ruleId: 'BUG-NODE-003', category: 'bugs', severity: 'high',
+                  title: `Callback "${cbName}" may be called multiple times`,
+                  description: 'Calling a callback without returning first allows it to be called again. Use `return callback(...)` to prevent double-calls.',
+                  file: fp, line: i + 1, fix: null,
+                });
+                break;
+              }
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-NODE-004',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'definite',
+    title: 'Synchronous file I/O in request handler',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        const isServerFile = /express|fastify|koa|http\.createServer|app\.(get|post|use)|router\.(get|post)/.test(content);
+        if (!isServerFile) continue;
+        for (let i = 0; i < lines.length; i++) {
+          if (/\bfs\.(readFileSync|writeFileSync|appendFileSync|mkdirSync|readdirSync|statSync|existsSync|unlinkSync)\s*\(/.test(lines[i])) {
+            findings.push({
+              ruleId: 'BUG-NODE-004', category: 'bugs', severity: 'high',
+              title: 'Synchronous fs call in server code blocks the event loop',
+              description: 'Sync I/O in server code blocks all concurrent requests. Use async alternatives (fs.promises.readFile, etc.).',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-NODE-005',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Unhandled stream error event',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // createReadStream/createWriteStream without .on('error')
+          if (/\b(createReadStream|createWriteStream)\s*\(/.test(lines[i])) {
+            let block = '';
+            for (let j = i; j < Math.min(i + 10, lines.length); j++) {
+              block += lines[j] + '\n';
+            }
+            if (!block.includes(".on('error'") && !block.includes('.on("error"') && !block.includes('pipeline') && !block.includes('stream.finished')) {
+              findings.push({
+                ruleId: 'BUG-NODE-005', category: 'bugs', severity: 'high',
+                title: 'Stream created without error handler — crashes on file not found',
+                description: 'Node.js streams emit "error" events that crash the process if unhandled. Always add .on("error", handler) or use stream.pipeline().',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-NODE-006',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'process.env used without validation',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        const envVars = new Set();
+        for (let i = 0; i < lines.length; i++) {
+          const matches = lines[i].matchAll(/process\.env\.(\w+)/g);
+          for (const m of matches) {
+            envVars.add(m[1]);
+          }
+        }
+        // Check if any env vars are used directly without checking if defined
+        const hasEnvValidation = /process\.env\.\w+\s*\|\||process\.env\.\w+\s*\?\?|if\s*\(\s*!?\s*process\.env|dotenv|envalid|joi.*process\.env|z\.\w+.*process\.env/.test(content);
+        if (envVars.size > 3 && !hasEnvValidation) {
+          findings.push({
+            ruleId: 'BUG-NODE-006', category: 'bugs', severity: 'medium',
+            title: `${envVars.size} env vars used without validation — undefined at runtime`,
+            description: 'Environment variables are undefined by default. Validate required env vars at startup to fail fast instead of silently using "undefined".',
+            file: fp, line: 1, fix: null,
+          });
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-NODE-007',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Event emitter listener leak',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // .on() inside a function that could be called many times without .off() or removeListener
+          if (/\.(on|addListener)\s*\(\s*['"`]/.test(lines[i])) {
+            // Check if we're inside a route handler or recurring function
+            const context = lines.slice(Math.max(0, i - 10), i).join('\n');
+            if (/\.(get|post|put|delete)\s*\(|function\s+\w+|=>\s*\{/.test(context)) {
+              const afterContext = lines.slice(i, Math.min(i + 20, lines.length)).join('\n');
+              if (!/\.(off|removeListener|removeAllListeners)\s*\(/.test(afterContext) && !/once\s*\(/.test(lines[i])) {
+                findings.push({
+                  ruleId: 'BUG-NODE-007', category: 'bugs', severity: 'high',
+                  title: 'Event listener added in potentially recurring context without removal',
+                  description: 'Adding listeners inside functions called multiple times causes memory leaks. Use .once() or remove listeners when done.',
+                  file: fp, line: i + 1, fix: null,
+                });
+              }
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-NODE-008',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'JSON.stringify on circular structure',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // JSON.stringify(req) or JSON.stringify(res) or JSON.stringify(socket) — common circular refs
+          if (/JSON\.stringify\s*\(\s*(req|res|socket|server|app|connection|ctx)\b/.test(lines[i])) {
+            findings.push({
+              ruleId: 'BUG-NODE-008', category: 'bugs', severity: 'medium',
+              title: 'JSON.stringify on likely circular object (req/res/socket) — throws TypeError',
+              description: 'Express req/res objects contain circular references. JSON.stringify will throw. Serialize specific properties instead.',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-NODE-009',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Missing await on database operation',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          const line = lines[i];
+          // DB operations that return promises: .find(), .save(), .create(), .findOne(), .updateOne(), .deleteOne()
+          if (/\b(Model|model|db|collection|prisma|mongoose|knex|sequelize)\b/.test(content)) {
+            if (/\.\s*(find|findOne|findById|findMany|create|save|update|updateOne|updateMany|delete|deleteOne|deleteMany|insertOne|insertMany|aggregate|count|countDocuments)\s*\(/.test(line)) {
+              if (!/await\s/.test(line) && !/return\s/.test(line) && !/\.then\s*\(/.test(line) && !/^\s*const\s+\w+\s*=/.test(line)) {
+                findings.push({
+                  ruleId: 'BUG-NODE-009', category: 'bugs', severity: 'high',
+                  title: 'Database operation without await — data not actually saved/fetched',
+                  description: 'Database calls return Promises. Without await, the operation fires but the result is discarded.',
+                  file: fp, line: i + 1, fix: null,
+                });
+              }
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-NODE-010',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'Middleware next() called but execution continues',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // next() without return, followed by more code
+          if (/^\s*next\s*\(\s*\)\s*;?\s*$/.test(lines[i])) {
+            // Check if there's meaningful code after next() before the function ends
+            for (let j = i + 1; j < Math.min(i + 5, lines.length); j++) {
+              const nextLine = lines[j].trim();
+              if (nextLine === '}' || nextLine === '});' || nextLine === '') continue;
+              if (/^\s*(res\.|console\.|\/\/)/.test(lines[j])) {
+                findings.push({
+                  ruleId: 'BUG-NODE-010', category: 'bugs', severity: 'medium',
+                  title: 'Code after next() — middleware continues executing after passing control',
+                  description: 'Calling next() does not stop the current middleware. Use `return next()` to prevent continued execution.',
+                  file: fp, line: i + 1, fix: null,
+                });
+                break;
+              }
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+
+  // BUG-NODE-011: Buffer.from(string) without encoding
+  {
+    id: 'BUG-NODE-011',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'suggestion',
+    title: 'Buffer.from(variable) without encoding — may produce wrong result',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          const line = lines[i];
+          if (line.trim().startsWith('//')) continue;
+          // Buffer.from(variable) with only one argument that's a variable (not a string literal or array)
+          const match = line.match(/Buffer\.from\s*\(\s*(\w+)\s*\)/);
+          if (!match) continue;
+          const arg = match[1];
+          // Skip if it's a known safe pattern (array, buffer)
+          if (/^['"0-9\[]/.test(arg)) continue;
+          // Check if there's a hex/base64/binary context nearby suggesting encoding needed
+          const context = lines.slice(Math.max(0, i - 3), Math.min(lines.length, i + 3)).join(' ');
+          if (/hex|base64|binary|latin1|ascii|utf16le/i.test(context)) {
+            findings.push({
+              ruleId: 'BUG-NODE-011', category: 'bugs', severity: 'medium',
+              title: `Buffer.from(${arg}) without encoding — context suggests encoding needed`,
+              description: `Buffer.from(string) defaults to UTF-8 encoding. If "${arg}" contains hex or base64 data, pass the encoding explicitly: Buffer.from(${arg}, 'hex') or Buffer.from(${arg}, 'base64').`,
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+];
+
+export default rules;