kcode-pi 0.1.0 → 0.1.2

package/src/rules/checker.ts

@@ -0,0 +1,612 @@
+export const CHECK_TYPES = [
+	"magic_value",
+	"naming",
+	"loop_db",
+	"exception",
+	"import",
+	"lifecycle",
+	"transaction",
+	"resource",
+	"security",
+	"performance",
+	"threading",
+] as const;
+export type CheckType = (typeof CHECK_TYPES)[number];
+
+export const CHECK_SEVERITIES = ["error", "warning", "info"] as const;
+export type CheckSeverity = (typeof CHECK_SEVERITIES)[number];
+
+export interface CheckResult {
+	line: number;
+	column: number;
+	type: CheckType;
+	severity: CheckSeverity;
+	message: string;
+	rule: string;
+}
+
+export type CheckLanguage = "java" | "csharp";
+
+const ALLOWED_NUMBERS = new Set(["0", "1", "-1", "2", "10", "100"]);
+
+const DB_KEYWORDS = [
+	"BusinessDataServiceHelper",
+	"QueryServiceHelper",
+	"SaveServiceHelper",
+	"OperationServiceHelper",
+	"DispatchServiceHelper",
+	"ORM.create",
+	"DB.",
+	"loadSingle",
+	"loadInBatch",
+	"executeQuery",
+	"executeSql",
+	"queryDataSet",
+];
+
+export function checkCode(code: string, language: CheckLanguage = "java"): CheckResult[] {
+	const lines = code.split("\n");
+	const results = [
+		...checkMagicValues(lines),
+		...checkNaming(lines, language),
+		...checkLoopDb(lines),
+		...checkExceptionHandling(lines),
+		...checkCosmicReviewerRules(lines),
+	];
+
+	return results.sort((a, b) => a.line - b.line || a.column - b.column);
+}
+
+function checkCosmicReviewerRules(lines: string[]): CheckResult[] {
+	return [
+		...checkLifecycleMisuse(lines),
+		...checkTransactionMisuse(lines),
+		...checkResourceHandling(lines),
+		...checkSecurityPatterns(lines),
+		...checkThreadingPatterns(lines),
+		...checkUiPerformance(lines),
+		...checkLoggingAndDiagnostics(lines),
+	];
+}
+
+function checkLifecycleMisuse(lines: string[]): CheckResult[] {
+	const results: CheckResult[] = [];
+	const initializeRanges = findMethodRanges(lines, "initialize");
+	const beforeBindRanges = findMethodRanges(lines, "beforeBindData");
+	const afterBindRanges = findMethodRanges(lines, "afterBindData");
+	const afterOperationRanges = findMethodRanges(lines, "afterExecuteOperationTransaction");
+
+	for (const range of initializeRanges) {
+		forEachLineInRange(lines, range, (line, index) => {
+			if (/addItemClickListener\s*\(/.test(line)) {
+				results.push(makeResult(index, line, "addItemClickListener", "lifecycle", "error", "P0：initialize 中注册监听器，可能导致监听生命周期错误；请移到 registerListener", "p0-initialize-listener"));
+			}
+			if (/getView\s*\(\)\s*\.\s*(setVisible|setEnable|updateView|showConfirm|showTipNotification)\s*\(/.test(line)) {
+				results.push(makeResult(index, line, "getView", "lifecycle", "error", "P0：initialize 中操作 UI 控件，控件状态可能不生效；请移到 afterBindData 等合适阶段", "p0-initialize-ui"));
+			}
+		});
+	}
+
+	for (const range of [...beforeBindRanges, ...afterBindRanges]) {
+		forEachLineInRange(lines, range, (line, index) => {
+			if (/(getModel\s*\(\)\s*\.\s*)?setValue\s*\(/.test(line)) {
+				results.push(makeResult(index, line, "setValue", "lifecycle", "error", "P0：数据绑定阶段修改模型数据，可能破坏绑定流程；默认值应放到 afterCreateNewData 等阶段", "p0-binddata-setvalue"));
+			}
+		});
+	}
+
+	for (const range of afterOperationRanges) {
+		forEachLineInRange(lines, range, (line, index) => {
+			if (/getOperationResult\s*\(/.test(line)) {
+				results.push(makeResult(index, line, "getOperationResult", "lifecycle", "error", "P0：afterExecuteOperationTransaction 的参数不应调用 getOperationResult，请确认事件参数类型", "p0-after-operation-result"));
+			}
+		});
+	}
+
+	return results;
+}
+
+function checkTransactionMisuse(lines: string[]): CheckResult[] {
+	const results: CheckResult[] = [];
+	const ranges = [...findMethodRanges(lines, "beforeExecuteOperationTransaction"), ...findMethodRanges(lines, "afterExecuteOperationTransaction")];
+
+	for (const range of ranges) {
+		forEachLineInRange(lines, range, (line, index) => {
+			if (/SaveServiceHelper\s*\.\s*(save|update)\s*\(/.test(line)) {
+				results.push(makeResult(index, line, "SaveServiceHelper", "transaction", "error", "P0：操作事务钩子中独立保存会破坏事务一致性；应直接修改平台传入的数据实体", "p0-transaction-save"));
+			}
+		});
+	}
+
+	return results;
+}
+
+function checkResourceHandling(lines: string[]): CheckResult[] {
+	const results: CheckResult[] = [];
+
+	for (let i = 0; i < lines.length; i++) {
+		const line = lines[i];
+		if (isCommentLine(line)) continue;
+		if (!/\bDataSet\b\s+\w+\s*=/.test(line)) continue;
+		if (/try\s*\([^)]*\bDataSet\b/.test(line)) continue;
+		if (nearbyLineHas(lines, i, -2, /\btry\s*\(/)) continue;
+
+		results.push(makeResult(i, line, "DataSet", "resource", "error", "P0：DataSet 创建后未明显使用 try-with-resources 关闭，可能导致连接泄漏", "p0-dataset-not-closed"));
+	}
+
+	return results;
+}
+
+function checkSecurityPatterns(lines: string[]): CheckResult[] {
+	const results: CheckResult[] = [];
+
+	for (let i = 0; i < lines.length; i++) {
+		const line = lines[i];
+		if (isCommentLine(line)) continue;
+
+		if (/\bStatement\b/.test(line) && !/\bPreparedStatement\b/.test(line)) {
+			results.push(makeResult(i, line, "Statement", "security", "error", "P0：使用 Statement 存在 SQL 注入风险；请改用参数化查询或 QFilter", "p0-raw-statement"));
+		}
+
+		if (/"\s*(SELECT|UPDATE|DELETE|INSERT)\b[^"]*"\s*\+|\+\s*"\s*(WHERE|AND|OR|SET)\b/i.test(line)) {
+			results.push(makeResult(i, line, "+", "security", "error", "P0：SQL 字符串拼接存在注入风险；请改用参数化查询或 QFilter", "p0-sql-concat"));
+		}
+
+		if (/<!DOCTYPE|<!ENTITY|\bSYSTEM\b/.test(line)) {
+			results.push(makeResult(i, line, "XML", "security", "error", "P0：XML 外部实体相关内容可能导致 XXE 风险，请禁用外部实体", "p0-xxe"));
+		}
+
+		if (/(password|passwd|secret|token|ak|sk)\s*=\s*"[^"]{4,}"/i.test(line)) {
+			results.push(makeResult(i, line, "=", "security", "error", "P0：疑似敏感信息硬编码，请改为安全配置或密文存储", "p0-secret-hardcode"));
+		}
+	}
+
+	return results;
+}
+
+function checkThreadingPatterns(lines: string[]): CheckResult[] {
+	const results: CheckResult[] = [];
+
+	for (let i = 0; i < lines.length; i++) {
+		const line = lines[i];
+		if (isCommentLine(line)) continue;
+		if (/new\s+Thread\s*\(|Executors\s*\.\s*new\w+/.test(line)) {
+			results.push(makeResult(i, line, "Thread", "threading", "error", "P0：使用 JDK 原生线程会绕过平台线程管理；请使用苍穹 ThreadPools", "p0-native-thread"));
+		}
+	}
+
+	return results;
+}
+
+function checkUiPerformance(lines: string[]): CheckResult[] {
+	const results: CheckResult[] = [];
+	let beginInitCount = 0;
+	let endInitCount = 0;
+
+	for (let i = 0; i < lines.length; i++) {
+		const line = lines[i];
+		if (isCommentLine(line)) continue;
+
+		if (/beginInit\s*\(/.test(line)) beginInitCount++;
+		if (/endInit\s*\(/.test(line)) endInitCount++;
+
+		if (isInsideLoop(lines, i) && /updateView\s*\(/.test(line)) {
+			results.push(makeResult(i, line, "updateView", "performance", "warning", "P1：循环内刷新视图会造成界面卡顿；应在循环外统一刷新", "p1-loop-update-view"));
+		}
+
+		if (isInsideLoop(lines, i) && /getFieldIndex\s*\(/.test(line)) {
+			results.push(makeResult(i, line, "getFieldIndex", "performance", "warning", "P1：循环内重复获取 FieldIndex 会造成性能损耗；应在循环外缓存", "p1-loop-field-index"));
+		}
+	}
+
+	if (beginInitCount > endInitCount) {
+		const index = lines.findIndex((line) => /beginInit\s*\(/.test(line));
+		if (index >= 0) {
+			results.push(makeResult(index, lines[index], "beginInit", "performance", "warning", "P1：beginInit/endInit 数量不成对，异常时可能导致表单行为异常", "p1-unpaired-begin-init"));
+		}
+	}
+
+	return results;
+}
+
+function checkLoggingAndDiagnostics(lines: string[]): CheckResult[] {
+	const results: CheckResult[] = [];
+
+	for (let i = 0; i < lines.length; i++) {
+		const line = lines[i];
+		if (isCommentLine(line)) continue;
+
+		if (/System\s*\.\s*out\s*\.\s*println\s*\(/.test(line)) {
+			results.push(makeResult(i, line, "System.out.println", "exception", "warning", "P1：生产代码不应使用 System.out.println，请使用平台日志", "p1-system-out"));
+		}
+
+		if (/\.printStackTrace\s*\(/.test(line)) {
+			results.push(makeResult(i, line, "printStackTrace", "exception", "warning", "P2：不要直接 printStackTrace，请使用 logger.error 并传入异常对象", "p2-print-stack-trace"));
+		}
+	}
+
+	return results;
+}
+
+function checkMagicValues(lines: string[]): CheckResult[] {
+	const results: CheckResult[] = [];
+
+	for (let i = 0; i < lines.length; i++) {
+		const line = lines[i];
+		const lineNum = i + 1;
+		if (isCommentLine(line)) continue;
+
+		const numberPattern = /new\s+BigDecimal\s*\(\s*(\d+)\s*\)|(?<!\w)(\d{2,})(?!\w)/g;
+		for (const match of line.matchAll(numberPattern)) {
+			const value = match[1] || match[2];
+			if (value && !ALLOWED_NUMBERS.has(value)) {
+				results.push({
+					line: lineNum,
+					column: match.index ?? 0,
+					type: "magic_value",
+					severity: "warning",
+					message: `检测到硬编码数字 ${value}，建议使用常量或配置`,
+					rule: "magic-number",
+				});
+			}
+		}
+
+		const stringPattern = /(?<![\\])"([^"\\]*(?:\\.[^"\\]*)*)"/g;
+		for (const match of line.matchAll(stringPattern)) {
+			const value = match[1];
+			if (
+				value.length > 1 &&
+				!value.startsWith(" ") &&
+				!value.includes("{") &&
+				!value.includes("%") &&
+				!isCommonString(value) &&
+				!isLogMessage(line) &&
+				!isAnnotation(line) &&
+				isBusinessConstant(value)
+			) {
+				results.push({
+					line: lineNum,
+					column: match.index ?? 0,
+					type: "magic_value",
+					severity: "warning",
+					message: `检测到可能的业务常量 "${value}"，建议定义为常量`,
+					rule: "magic-string",
+				});
+			}
+		}
+	}
+
+	return results;
+}
+
+function checkNaming(lines: string[], language: CheckLanguage): CheckResult[] {
+	const results: CheckResult[] = [];
+
+	for (let i = 0; i < lines.length; i++) {
+		const line = lines[i];
+		const lineNum = i + 1;
+		if (isCommentLine(line)) continue;
+
+		if (language === "java") {
+			const classMatch = line.match(/\bclass\s+([A-Za-z_]\w*)/);
+			if (classMatch) {
+				const className = classMatch[1];
+				if (!isPascalCase(className) && !className.startsWith("Abstract") && !className.startsWith("I")) {
+					results.push({
+						line: lineNum,
+						column: line.indexOf(className),
+						type: "naming",
+						severity: "error",
+						message: `类名 "${className}" 应使用 PascalCase 命名`,
+						rule: "class-naming",
+					});
+				}
+			}
+
+			const methodMatch = line.match(/\b(?:public|protected|private)\s+\w+(?:<[^>]+>)?\s+(\w+)\s*\(/);
+			if (methodMatch) {
+				const methodName = methodMatch[1];
+				if (
+					!isPascalCase(methodName) &&
+					!isCamelCase(methodName) &&
+					!methodName.startsWith("get") &&
+					!methodName.startsWith("set") &&
+					!methodName.startsWith("is") &&
+					!methodName.startsWith("has") &&
+					methodName !== "main"
+				) {
+					results.push({
+						line: lineNum,
+						column: line.indexOf(methodName),
+						type: "naming",
+						severity: "warning",
+						message: `方法名 "${methodName}" 应使用 camelCase 命名`,
+						rule: "method-naming",
+					});
+				}
+			}
+
+			const constantMatch = line.match(/\b(?:static\s+final|final\s+static)\s+\w+\s+(\w+)\s*=/);
+			if (constantMatch) {
+				const constantName = constantMatch[1];
+				if (!isUpperSnakeCase(constantName)) {
+					results.push({
+						line: lineNum,
+						column: line.indexOf(constantName),
+						type: "naming",
+						severity: "warning",
+						message: `常量 "${constantName}" 应使用 UPPER_SNAKE_CASE 命名`,
+						rule: "constant-naming",
+					});
+				}
+			}
+		}
+	}
+
+	return results;
+}
+
+function checkLoopDb(lines: string[]): CheckResult[] {
+	const results: CheckResult[] = [];
+	let inLoop = false;
+	let loopBraceCount = 0;
+
+	for (let i = 0; i < lines.length; i++) {
+		const line = lines[i];
+		const trimmed = line.trim();
+
+		if (/\b(for|while)\s*\(/.test(trimmed)) {
+			inLoop = true;
+			loopBraceCount = 0;
+		}
+
+		if (!inLoop) continue;
+
+		for (const char of line) {
+			if (char === "{") loopBraceCount++;
+			if (char === "}") loopBraceCount--;
+		}
+
+		for (const keyword of DB_KEYWORDS) {
+			if (line.includes(keyword)) {
+				results.push({
+					line: i + 1,
+					column: line.indexOf(keyword),
+					type: "loop_db",
+					severity: "error",
+					message: `在循环中调用 DB 操作 "${keyword}"，可能导致性能问题`,
+					rule: "loop-db-query",
+				});
+				break;
+			}
+		}
+
+		if (loopBraceCount <= 0 && trimmed.includes("}")) {
+			inLoop = false;
+		}
+	}
+
+	return results;
+}
+
+function checkExceptionHandling(lines: string[]): CheckResult[] {
+	const results: CheckResult[] = [];
+
+	for (let i = 0; i < lines.length; i++) {
+		const line = lines[i];
+		const trimmed = line.trim();
+		if (!/\bcatch\s*\(/.test(trimmed)) continue;
+
+		let j = i + 1;
+		let hasContent = false;
+		let braceCount = 0;
+		let catchStarted = false;
+
+		if (trimmed.includes("{")) {
+			catchStarted = true;
+			braceCount += (trimmed.match(/{/g) || []).length;
+		}
+
+		while (j < lines.length) {
+			const catchLine = lines[j].trim();
+			if (!catchStarted && catchLine.includes("{")) catchStarted = true;
+			if (catchStarted) {
+				braceCount += (catchLine.match(/{/g) || []).length;
+				braceCount -= (catchLine.match(/}/g) || []).length;
+			}
+
+			if (
+				catchStarted &&
+				catchLine !== "{" &&
+				catchLine !== "}" &&
+				catchLine !== "" &&
+				!catchLine.startsWith("//") &&
+				!catchLine.startsWith("*") &&
+				!catchLine.startsWith("/*")
+			) {
+				hasContent = true;
+				break;
+			}
+
+			if (braceCount <= 0 && catchStarted) break;
+			j++;
+		}
+
+		if (!hasContent) {
+			results.push({
+				line: i + 1,
+				column: line.indexOf("catch"),
+				type: "exception",
+				severity: "error",
+				message: "空的 catch 块，应记录日志或处理异常",
+				rule: "empty-catch",
+			});
+		}
+	}
+
+	return results;
+}
+
+export function formatCheckResults(results: CheckResult[]): string {
+	if (results.length === 0) return "金蝶代码检查通过，未发现问题。";
+
+	const errors = results.filter((result) => result.severity === "error");
+	const warnings = results.filter((result) => result.severity === "warning");
+	const infos = results.filter((result) => result.severity === "info");
+
+	const lines = [
+		`金蝶代码检查发现 ${results.length} 个问题：`,
+		`错误：${errors.length}`,
+		`警告：${warnings.length}`,
+		`提示：${infos.length}`,
+		"",
+	];
+
+	for (const result of results) {
+		lines.push(`- 第 ${result.line} 行，第 ${result.column + 1} 列：[${result.severity}] ${result.type} ${result.message} (${result.rule})`);
+	}
+
+	return lines.join("\n");
+}
+
+interface LineRange {
+	start: number;
+	end: number;
+}
+
+function makeResult(
+	index: number,
+	line: string,
+	token: string,
+	type: CheckType,
+	severity: CheckSeverity,
+	message: string,
+	rule: string,
+): CheckResult {
+	return {
+		line: index + 1,
+		column: Math.max(0, line.indexOf(token)),
+		type,
+		severity,
+		message,
+		rule,
+	};
+}
+
+function findMethodRanges(lines: string[], methodName: string): LineRange[] {
+	const ranges: LineRange[] = [];
+	const pattern = new RegExp(`\\b${methodName}\\s*\\(`);
+
+	for (let i = 0; i < lines.length; i++) {
+		if (!pattern.test(lines[i])) continue;
+		const end = findBlockEnd(lines, i);
+		ranges.push({ start: i, end });
+	}
+
+	return ranges;
+}
+
+function findBlockEnd(lines: string[], start: number): number {
+	let braceCount = 0;
+	let seenOpen = false;
+
+	for (let i = start; i < lines.length; i++) {
+		for (const char of lines[i]) {
+			if (char === "{") {
+				seenOpen = true;
+				braceCount++;
+			}
+			if (char === "}") braceCount--;
+		}
+		if (seenOpen && braceCount <= 0) return i;
+	}
+
+	return start;
+}
+
+function forEachLineInRange(lines: string[], range: LineRange, fn: (line: string, index: number) => void): void {
+	for (let i = range.start; i <= range.end; i++) {
+		if (!isCommentLine(lines[i])) fn(lines[i], i);
+	}
+}
+
+function nearbyLineHas(lines: string[], index: number, offsetStart: number, pattern: RegExp): boolean {
+	const start = Math.max(0, index + offsetStart);
+	for (let i = start; i <= index; i++) {
+		if (pattern.test(lines[i])) return true;
+	}
+	return false;
+}
+
+function isInsideLoop(lines: string[], index: number): boolean {
+	for (let i = index; i >= Math.max(0, index - 20); i--) {
+		if (/\b(for|while)\s*\(/.test(lines[i])) {
+			const end = findBlockEnd(lines, i);
+			return index <= end;
+		}
+	}
+	return false;
+}
+
+function isCommentLine(line: string): boolean {
+	const trimmed = line.trim();
+	return trimmed.startsWith("//") || trimmed.startsWith("*") || trimmed.startsWith("/*");
+}
+
+function isPascalCase(name: string): boolean {
+	return /^[A-Z][a-zA-Z0-9]*$/.test(name);
+}
+
+function isCamelCase(name: string): boolean {
+	return /^[a-z][a-zA-Z0-9]*$/.test(name);
+}
+
+function isUpperSnakeCase(name: string): boolean {
+	return /^[A-Z][A-Z0-9]*(_[A-Z0-9]+)*$/.test(name);
+}
+
+function isCommonString(value: string): boolean {
+	return [
+		"UTF-8",
+		"GBK",
+		"ISO-8859-1",
+		"ASCII",
+		"true",
+		"false",
+		"null",
+		"undefined",
+		"GET",
+		"POST",
+		"PUT",
+		"DELETE",
+		"JSON",
+		"XML",
+		"HTML",
+		"TEXT",
+		"application/json",
+		"text/html",
+		"yyyy-MM-dd",
+		"yyyy-MM-dd HH:mm:ss",
+	].includes(value);
+}
+
+function isLogMessage(line: string): boolean {
+	return (
+		/\b(log|logger|LOG)\s*\.\s*(debug|info|warn|error|trace)\s*\(/.test(line) ||
+		/\b(System\s*\.\s*out\s*\.\s*println)\s*\(/.test(line) ||
+		/\b(console\s*\.\s*log)\s*\(/.test(line)
+	);
+}
+
+function isAnnotation(line: string): boolean {
+	return line.trim().startsWith("@") || /@\w+\s*\(/.test(line);
+}
+
+function isBusinessConstant(value: string): boolean {
+	return (
+		/^[A-Z][A-Z_]+$/.test(value) ||
+		/^[A-Z]+_[A-Z]+$/.test(value) ||
+		/^(DRAFT|SUBMIT|APPROVE|CLOSE|VOID|AUDIT)/.test(value) ||
+		/^(SUCCESS|FAIL|ERROR|PENDING)/.test(value)
+	);
+}