getdoorman 1.0.0

package/src/rules/bugs/python-advanced.js

@@ -0,0 +1,245 @@
+// Bug detection: Advanced Python patterns AI generators get wrong
+function isPy(f) { return f.endsWith('.py'); }
+
+const rules = [
+  {
+    id: 'BUG-PY-ADV-001',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Flask/Django route without input validation',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // @app.route or @router with POST/PUT/PATCH
+          if (/@(?:app|router|api)\.(route|post|put|patch)\s*\(/.test(lines[i]) || /methods\s*=\s*\[.*(?:POST|PUT|PATCH)/.test(lines[i])) {
+            let block = '';
+            for (let j = i; j < Math.min(i + 25, lines.length); j++) {
+              block += lines[j] + '\n';
+            }
+            if (/request\.(json|form|data|get_json|values)/.test(block) && !/validate|schema|serializer|pydantic|marshmallow|wtforms|cerberus|voluptuous/.test(block)) {
+              if (!/if\s+not\s+request|if\s+.*not\s+in\s+request|isinstance/.test(block)) {
+                findings.push({
+                  ruleId: 'BUG-PY-ADV-001', category: 'bugs', severity: 'high',
+                  title: 'Route accepts user input without validation',
+                  description: 'AI-generated Flask/Django routes often use request.json directly without validation. Use pydantic, marshmallow, or manual checks.',
+                  file: fp, line: i + 1, fix: null,
+                });
+              }
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-PY-ADV-002',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'definite',
+    title: 'SQL query built with string formatting',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // cursor.execute(f"SELECT ... {var}") or .execute("SELECT" + var) or .execute("SELECT %s" % var)
+          if (/\.(execute|executemany)\s*\(\s*f['"`]/.test(lines[i]) ||
+              /\.(execute|executemany)\s*\(\s*['"`].*\+/.test(lines[i]) ||
+              /\.(execute|executemany)\s*\(\s*['"`].*%s['"`]\s*%/.test(lines[i])) {
+            findings.push({
+              ruleId: 'BUG-PY-ADV-002', category: 'bugs', severity: 'high',
+              title: 'SQL injection — query built with string formatting instead of parameterized query',
+              description: 'Use cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,)) with parameter tuple instead of f-strings or % formatting.',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-PY-ADV-003',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'except Exception catches too broadly',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/^\s*except\s+Exception\s*(?:as\s+\w+)?\s*:/.test(lines[i])) {
+            // Check if it just logs and continues (swallowing)
+            let catchBody = '';
+            for (let j = i + 1; j < Math.min(i + 5, lines.length); j++) {
+              if (/^\S/.test(lines[j]) && lines[j].trim()) break;
+              catchBody += lines[j] + '\n';
+            }
+            if (/pass|print\(|logging\.\w+\(/.test(catchBody) && !/raise|return|sys\.exit/.test(catchBody)) {
+              findings.push({
+                ruleId: 'BUG-PY-ADV-003', category: 'bugs', severity: 'high',
+                title: 'except Exception swallows all errors — catch specific exceptions',
+                description: 'Catching Exception hides bugs like TypeError, KeyError, AttributeError. Catch specific exceptions you can handle.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-PY-ADV-004',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'definite',
+    title: 'os.system() used instead of subprocess',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/\bos\.system\s*\(/.test(lines[i])) {
+            findings.push({
+              ruleId: 'BUG-PY-ADV-004', category: 'bugs', severity: 'medium',
+              title: 'os.system() is insecure and has no error handling — use subprocess.run()',
+              description: 'os.system() runs through shell (injection risk), doesn\'t capture output, and returns exit code only. Use subprocess.run() with shell=False.',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-PY-ADV-005',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'async def without await inside',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/^\s*async\s+def\s+(\w+)/.test(lines[i])) {
+            const funcName = lines[i].match(/async\s+def\s+(\w+)/)[1];
+            let body = '';
+            let indent = null;
+            for (let j = i + 1; j < Math.min(i + 30, lines.length); j++) {
+              if (indent === null && lines[j].trim()) {
+                indent = lines[j].match(/^(\s*)/)[1].length;
+              }
+              if (indent !== null && lines[j].trim() && lines[j].match(/^(\s*)/)[1].length < indent) break;
+              body += lines[j] + '\n';
+            }
+            if (!body.includes('await') && !body.includes('async for') && !body.includes('async with') && !body.includes('yield')) {
+              findings.push({
+                ruleId: 'BUG-PY-ADV-005', category: 'bugs', severity: 'high',
+                title: `async function "${funcName}" never uses await — should be a regular function`,
+                description: 'Declaring a function async without using await adds overhead and confuses callers. Remove async or add proper await calls.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-PY-ADV-006',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'Global variable mutation in function',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/^\s+global\s+\w+/.test(lines[i])) {
+            const varName = lines[i].match(/global\s+(\w+)/)[1];
+            findings.push({
+              ruleId: 'BUG-PY-ADV-006', category: 'bugs', severity: 'medium',
+              title: `"global ${varName}" — global mutable state makes code unpredictable`,
+              description: 'Using global variables for state makes functions impure and hard to test. Pass state as parameters or use a class.',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-PY-ADV-007',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'File opened without context manager',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // f = open(...) without 'with'
+          if (/^\s*\w+\s*=\s*open\s*\(/.test(lines[i]) && !/^\s*with\b/.test(lines[i])) {
+            findings.push({
+              ruleId: 'BUG-PY-ADV-007', category: 'bugs', severity: 'high',
+              title: 'File opened without "with" context manager — may not be closed on error',
+              description: 'Always use `with open(...) as f:` to ensure the file is closed even if an exception occurs.',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-PY-ADV-008',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'Hardcoded secret in Python source',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        if (/test_|_test\.py|conftest|fixture/i.test(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // SECRET_KEY = "..." or API_KEY = '...' or password = "..."
+          if (/^\s*(?:SECRET_KEY|API_KEY|DATABASE_URL|PASSWORD|PRIVATE_KEY|JWT_SECRET|ENCRYPTION_KEY)\s*=\s*['"`][^'"`]{8,}['"`]/.test(lines[i])) {
+            if (!/os\.environ|os\.getenv|environ\.get|config\[|settings\./.test(lines[i])) {
+              findings.push({
+                ruleId: 'BUG-PY-ADV-008', category: 'bugs', severity: 'medium',
+                title: 'Hardcoded secret in Python source — use environment variables',
+                description: 'Secrets should come from environment variables (os.environ) or a secrets manager, not hardcoded in source code.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+];
+
+export default rules;

package/src/rules/bugs/python-fixable.js

@@ -0,0 +1,98 @@
+// Auto-fixable Python bug rules
+function isPy(f) { return f.endsWith('.py'); }
+
+const rules = [
+  {
+    id: 'BUG-PYFIX-001',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'bare except → except Exception — auto-fixable',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/^(\s*)except\s*:\s*$/.test(lines[i])) {
+            const indent = lines[i].match(/^(\s*)/)[1];
+            findings.push({
+              ruleId: 'BUG-PYFIX-001', category: 'bugs', severity: 'high',
+              title: 'bare except: → except Exception: — auto-fixable',
+              file: fp, line: i + 1,
+              fix: { type: 'replace', old: lines[i], new: `${indent}except Exception:` },
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-PYFIX-002',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: '== None → is None — auto-fixable',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/==\s*None/.test(lines[i])) {
+            findings.push({
+              ruleId: 'BUG-PYFIX-002', category: 'bugs', severity: 'high',
+              title: '== None → is None — auto-fixable',
+              file: fp, line: i + 1,
+              fix: { type: 'replace', old: '== None', new: 'is None' },
+            });
+          }
+          if (/!=\s*None/.test(lines[i])) {
+            findings.push({
+              ruleId: 'BUG-PYFIX-002', category: 'bugs', severity: 'high',
+              title: '!= None → is not None — auto-fixable',
+              file: fp, line: i + 1,
+              fix: { type: 'replace', old: '!= None', new: 'is not None' },
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-PYFIX-003',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'except pass → except with logging — auto-fixable',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/^\s*except\s+\w+/.test(lines[i]) && i + 1 < lines.length && /^\s+pass\s*$/.test(lines[i + 1])) {
+            const excLine = lines[i];
+            const passLine = lines[i + 1];
+            const indent = passLine.match(/^(\s*)/)[1];
+            // Add 'as e' if not present and replace pass with logging
+            if (!excLine.includes(' as ')) {
+              const newExc = excLine.replace(/:\s*$/, ' as e:');
+              findings.push({
+                ruleId: 'BUG-PYFIX-003', category: 'bugs', severity: 'high',
+                title: 'except/pass → except with logging — auto-fixable',
+                file: fp, line: i + 1,
+                fix: { type: 'replace', old: excLine + '\n' + passLine, new: newExc + '\n' + indent + 'logging.exception(e)' },
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+];
+
+export default rules;

package/src/rules/bugs/python.js

@@ -0,0 +1,284 @@
+// Bug detection: Python-specific bugs
+function isPy(f) { return f.endsWith('.py'); }
+
+const rules = [
+  {
+    id: 'BUG-PY-001',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Mutable default argument — list/dict shared across all calls',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/def\s+\w+\s*\(.*=\s*\[\s*\]/.test(lines[i]) || /def\s+\w+\s*\(.*=\s*\{\s*\}/.test(lines[i])) {
+            findings.push({
+              ruleId: 'BUG-PY-001', category: 'bugs', severity: 'high',
+              title: 'Mutable default argument — shared across all calls',
+              description: 'def f(items=[]): — the list is created once and shared between all calls. Use None as default and create inside: if items is None: items = []',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-PY-002',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Bare except: catches SystemExit and KeyboardInterrupt',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/^\s*except\s*:/.test(lines[i])) {
+            findings.push({
+              ruleId: 'BUG-PY-002', category: 'bugs', severity: 'high',
+              title: 'Bare except: catches SystemExit and KeyboardInterrupt',
+              description: 'except: catches everything including sys.exit() and Ctrl+C. Use except Exception: to only catch actual errors.',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-PY-003',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Using "is" to compare values instead of ==',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          const line = lines[i];
+          // "is" with string/number literals (not None, True, False)
+          if (/\bis\s+['"\d]/.test(line) || /\bis\s+[-+]\d/.test(line)) {
+            if (!line.includes('is None') && !line.includes('is True') && !line.includes('is False') && !line.includes('is not None')) {
+              findings.push({
+                ruleId: 'BUG-PY-003', category: 'bugs', severity: 'high',
+                title: '"is" compares identity, not value — use == for values',
+                description: '"x is 5" checks if they are the same object in memory, not if they have the same value. CPython caches small ints (-5 to 256) but this is an implementation detail.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-PY-004',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Modifying list during iteration',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          const forMatch = lines[i].match(/for\s+\w+\s+in\s+(\w+)/);
+          if (forMatch) {
+            const listName = forMatch[1];
+            const body = lines.slice(i + 1, Math.min(lines.length, i + 15)).join('\n');
+            const modPattern = new RegExp(listName + '\\s*\\.\\s*(?:append|remove|pop|insert|extend|clear)\\s*\\(');
+            if (modPattern.test(body)) {
+              findings.push({
+                ruleId: 'BUG-PY-004', category: 'bugs', severity: 'high',
+                title: `Modifying "${listName}" while iterating over it`,
+                description: 'Modifying a list during iteration causes skipped elements or RuntimeError. Iterate over a copy: for item in list(items):',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-PY-005',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Late-binding closure in loop — variable captured by reference',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/for\s+\w+\s+in\s+/.test(lines[i])) {
+            const body = lines.slice(i + 1, Math.min(lines.length, i + 10)).join('\n');
+            if (/lambda\b/.test(body) && !body.includes('=i') && !body.includes('=x')) {
+              findings.push({
+                ruleId: 'BUG-PY-005', category: 'bugs', severity: 'high',
+                title: 'Lambda in loop captures variable by reference — all share final value',
+                description: 'Closures in Python capture variables by reference. All lambdas will use the loop variable\'s final value. Fix: lambda x=x: ...',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-PY-006',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'except Exception as e: pass — error silently swallowed',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/^\s*except\b/.test(lines[i]) && i + 1 < lines.length && /^\s+pass\s*$/.test(lines[i + 1])) {
+            findings.push({
+              ruleId: 'BUG-PY-006', category: 'bugs', severity: 'high',
+              title: 'except/pass — errors silently swallowed',
+              description: 'Catching exceptions and doing nothing (pass) hides bugs. At minimum, log the error.',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-PY-007',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'f-string without f prefix — curly braces treated as literal',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          const line = lines[i];
+          // Detect string with {variable} that's not an f-string
+          if (/[^f]["']\s*.*\{[a-zA-Z_]\w*\}/.test(line) && !line.includes('.format') && !line.includes('{{')) {
+            // Exclude dict literals and class definitions
+            if (!/(?:dict|class|import|def\s|return\s*\{|\w+\s*=\s*\{)/.test(line)) {
+              findings.push({
+                ruleId: 'BUG-PY-007', category: 'bugs', severity: 'high',
+                title: 'String with {variable} but no f-prefix — variables not interpolated',
+                description: 'This looks like it should be an f-string. Without the f prefix, {variable} is treated as a literal string.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-PY-008',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Missing self parameter in method',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        let inClass = false;
+        for (let i = 0; i < lines.length; i++) {
+          if (/^class\s+\w+/.test(lines[i])) inClass = true;
+          if (inClass && /^\s{4}def\s+\w+\s*\(\s*\)/.test(lines[i])) {
+            const funcName = lines[i].match(/def\s+(\w+)/)[1];
+            if (funcName !== '__init__' && !lines[i - 1]?.includes('@staticmethod') && !lines[i - 1]?.includes('@classmethod')) {
+              findings.push({
+                ruleId: 'BUG-PY-008', category: 'bugs', severity: 'high',
+                title: `Method "${funcName}" missing self parameter`,
+                description: 'Instance methods must take self as first parameter. Without it, calling the method raises TypeError.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+          if (/^[^\s]/.test(lines[i]) && !/^class/.test(lines[i]) && inClass) inClass = false;
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-PY-009',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Using == to compare with None — use "is None"',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/==\s*None\b/.test(lines[i]) || /!=\s*None\b/.test(lines[i])) {
+            findings.push({
+              ruleId: 'BUG-PY-009', category: 'bugs', severity: 'high',
+              title: 'Use "is None" instead of "== None"',
+              description: '== can be overridden by __eq__. PEP 8 recommends "is None" for singleton comparison.',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-PY-010',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'String concatenation in loop — use join() or list',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isPy(fp)) continue;
+        const lines = content.split('\n');
+        let inLoop = false;
+        for (let i = 0; i < lines.length; i++) {
+          if (/^\s*(for|while)\s+/.test(lines[i])) inLoop = true;
+          if (inLoop && /\w+\s*\+=\s*['"]/.test(lines[i])) {
+            findings.push({
+              ruleId: 'BUG-PY-010', category: 'bugs', severity: 'medium',
+              title: 'String concatenation in loop — O(n^2), use list + join()',
+              description: 'Strings are immutable in Python. += creates a new string each iteration. Append to a list and use "".join() at the end.',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+          if (/^[^\s]/.test(lines[i]) && inLoop && !/^\s*(for|while|if|else|elif|try|except|with)/.test(lines[i])) inLoop = false;
+        }
+      }
+      return findings;
+    },
+  },
+];
+
+export default rules;