shiplint 1.3.0 → 1.4.0

package/dist/rules/code/dynamic-code-execution.js

@@ -0,0 +1,212 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DynamicCodeExecutionRule = void 0;
+const index_js_1 = require("../../types/index.js");
+const base_js_1 = require("../base.js");
+const required_reason_api_js_1 = require("../privacy/required-reason-api.js");
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+/**
+ * Well-known Apple framework classes that are safe with NSClassFromString
+ */
+const SAFE_NSCLASSFROMSTRING = new Set([
+    // UIKit
+    'UIViewController', 'UINavigationController', 'UITabBarController',
+    'UITableViewController', 'UICollectionViewController', 'UIAlertController',
+    'UIActivityViewController', 'UISplitViewController', 'UISearchController',
+    'UIPageViewController', 'UIDocumentPickerViewController',
+    'SFSafariViewController', 'SKStoreProductViewController',
+    'MFMailComposeViewController', 'MFMessageComposeViewController',
+    'UIImagePickerController', 'PHPickerViewController',
+    'UIColorPickerViewController', 'UIFontPickerViewController',
+    'CNContactPickerViewController', 'EKEventEditViewController',
+    'QLPreviewController', 'ASWebAuthenticationSession',
+    'ASAuthorizationController', 'WKWebView',
+    // SwiftUI
+    'UIHostingController',
+    // Common patterns in well-known frameworks (Firebase, etc.)
+    'FIRApp', 'FIRAnalytics', 'FIRCrashlytics',
+    // Accessibility
+    'UIAccessibility',
+    // Test detection (common pattern)
+    'XCTestCase', 'XCTest',
+]);
+/**
+ * Patterns for JSContext evaluateScript
+ */
+const JS_EVAL_PATTERNS = [
+    /\bJSContext\s*\(\s*\)\.evaluateScript\b/,
+    /\bevaluateScript\s*\(/,
+    /\bJSContext\b[^}]*\.evaluateScript\b/s,
+];
+/**
+ * Patterns for dlopen/dlsym
+ */
+const DLOPEN_PATTERNS = [
+    /\bdlopen\s*\(/,
+    /\bdlsym\s*\(/,
+];
+/**
+ * Patterns for NSBundle load (dynamic framework loading)
+ * Must be specific to Bundle/NSBundle to avoid false positives on .load() on other types
+ */
+const BUNDLE_LOAD_PATTERNS = [
+    /\bNSBundle\b[^;\n]*\.load\s*\(/,
+    /\bBundle\s*\([^)]*\)\s*[.!?]*\s*\.load\s*\(/,
+    /\bbundle\s*\.load\s*\(/,
+    /\bloadAndReturnError\b/,
+];
+exports.DynamicCodeExecutionRule = {
+    id: 'code-003-dynamic-code-execution',
+    name: 'Dynamic Code Execution',
+    description: 'Detects dynamic code loading/execution that violates App Store guidelines',
+    category: index_js_1.RuleCategory.Config,
+    severity: index_js_1.Severity.Critical,
+    confidence: index_js_1.Confidence.High,
+    guidelineReference: '2.5.2',
+    async evaluate(context) {
+        const sourceFiles = (0, required_reason_api_js_1.findSourceFiles)(context.projectPath);
+        const detections = [];
+        for (const file of sourceFiles) {
+            let content;
+            try {
+                content = fs.readFileSync(file, 'utf-8');
+            }
+            catch {
+                continue;
+            }
+            const lines = content.split('\n');
+            for (let i = 0; i < lines.length; i++) {
+                const line = lines[i];
+                const lineNum = i + 1;
+                const trimmed = line.trim();
+                // Skip comments
+                if (trimmed.startsWith('//') || trimmed.startsWith('*') || trimmed.startsWith('/*'))
+                    continue;
+                // JSContext evaluateScript
+                for (const pattern of JS_EVAL_PATTERNS) {
+                    if (pattern.test(line)) {
+                        detections.push({ file, line: lineNum, kind: 'js-eval', match: 'JSContext.evaluateScript' });
+                        break;
+                    }
+                }
+                // dlopen/dlsym
+                for (const pattern of DLOPEN_PATTERNS) {
+                    if (pattern.test(line)) {
+                        // Avoid false positive for test files or comments
+                        const fn = line.match(/\b(dlopen|dlsym)\b/)?.[1] ?? 'dlopen/dlsym';
+                        detections.push({ file, line: lineNum, kind: 'dlopen', match: fn });
+                        break;
+                    }
+                }
+                // NSClassFromString with suspicious classes
+                const nscMatch = line.match(/NSClassFromString\(\s*"(\w+)"\s*\)/);
+                if (nscMatch) {
+                    const className = nscMatch[1];
+                    // Safe prefixes: Apple framework conventions
+                    const safePrefixes = ['UI', 'NS', 'CL', 'MK', 'AV', 'SK', 'WK', 'SF', 'AS', 'CN', 'EK', 'QL', 'MF', 'PH', 'XC', 'CA', 'CK', 'HK', 'MT', 'SC', 'GK', 'FIR', 'GID', 'FB'];
+                    const isSafe = SAFE_NSCLASSFROMSTRING.has(className) || safePrefixes.some(p => className.startsWith(p));
+                    if (!isSafe) {
+                        detections.push({ file, line: lineNum, kind: 'nsclass-suspicious', match: className });
+                    }
+                }
+                // NSBundle load patterns — only flag explicit Bundle/NSBundle.load() calls
+                for (const pattern of BUNDLE_LOAD_PATTERNS) {
+                    if (pattern.test(line)) {
+                        // Must actually reference Bundle/NSBundle
+                        if (/\b(Bundle|NSBundle|bundle)\b/.test(line)) {
+                            // Avoid false positives on resource bundles
+                            if (!/\b(UIImage|NSImage|UIFont|NSFont|UIStoryboard|UIViewController)\b/.test(line) &&
+                                !/\bnib\b/i.test(line) && !/\bstoryboard\b/i.test(line) &&
+                                !/\bresource\b/i.test(line)) {
+                                detections.push({ file, line: lineNum, kind: 'bundle-load', match: 'NSBundle.load' });
+                            }
+                        }
+                        break;
+                    }
+                }
+            }
+        }
+        if (detections.length === 0)
+            return [];
+        const findings = [];
+        // Emit per-detection findings with line numbers for suppression support
+        for (const det of detections) {
+            const relFile = path.relative(context.projectPath, det.file);
+            switch (det.kind) {
+                case 'js-eval':
+                    findings.push((0, base_js_1.makeFinding)(this, {
+                        title: 'JavaScript Evaluation at Runtime',
+                        description: `JSContext.evaluateScript detected in ${relFile}:${det.line}. Executing dynamically downloaded JavaScript code can cause rejection.`,
+                        location: relFile,
+                        line: det.line,
+                        fixGuidance: 'If using JavaScriptCore for app logic, ensure scripts are bundled with the app binary, not downloaded at runtime. Consider using native Swift/ObjC instead.',
+                    }));
+                    break;
+                case 'dlopen':
+                case 'dlsym':
+                    findings.push((0, base_js_1.makeFinding)(this, {
+                        title: 'Dynamic Library Loading (dlopen/dlsym)',
+                        description: `dlopen/dlsym call detected in ${relFile}:${det.line}. Loading executable code at runtime violates App Store guidelines.`,
+                        location: relFile,
+                        line: det.line,
+                        fixGuidance: 'Remove dlopen/dlsym calls. Link frameworks at build time instead of loading them dynamically at runtime.',
+                    }));
+                    break;
+                case 'nsclass-suspicious':
+                    findings.push((0, base_js_1.makeCustomFinding)(this, index_js_1.Severity.Medium, index_js_1.Confidence.Medium, {
+                        title: 'Suspicious NSClassFromString Usage',
+                        description: `NSClassFromString used with non-standard class (${det.match}) in ${relFile}:${det.line}. This may indicate runtime class resolution for code loading.`,
+                        location: relFile,
+                        line: det.line,
+                        fixGuidance: 'Use direct class references instead of NSClassFromString where possible. If used for optional framework detection, ensure the class is from a public Apple framework.',
+                    }));
+                    break;
+                case 'bundle-load':
+                    findings.push((0, base_js_1.makeCustomFinding)(this, index_js_1.Severity.High, index_js_1.Confidence.Medium, {
+                        title: 'Dynamic Bundle Loading',
+                        description: `NSBundle.load() or equivalent detected in ${relFile}:${det.line}. Loading executable bundles at runtime may violate App Store guidelines.`,
+                        location: relFile,
+                        line: det.line,
+                        fixGuidance: 'Link frameworks at build time. If loading resource bundles (not code), this is fine — verify the bundle contains only resources.',
+                    }));
+                    break;
+            }
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=dynamic-code-execution.js.map

package/dist/rules/code/dynamic-code-execution.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dynamic-code-execution.js","sourceRoot":"","sources":["../../../src/rules/code/dynamic-code-execution.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAWA,mDAA0E;AAC1E,wCAA4D;AAC5D,8EAAoE;AACpE,uCAAyB;AACzB,2CAA6B;AAE7B;;GAEG;AACH,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC;IACrC,QAAQ;IACR,kBAAkB,EAAE,wBAAwB,EAAE,oBAAoB;IAClE,uBAAuB,EAAE,4BAA4B,EAAE,mBAAmB;IAC1E,0BAA0B,EAAE,uBAAuB,EAAE,oBAAoB;IACzE,sBAAsB,EAAE,gCAAgC;IACxD,wBAAwB,EAAE,8BAA8B;IACxD,6BAA6B,EAAE,gCAAgC;IAC/D,yBAAyB,EAAE,wBAAwB;IACnD,6BAA6B,EAAE,4BAA4B;IAC3D,+BAA+B,EAAE,2BAA2B;IAC5D,qBAAqB,EAAE,4BAA4B;IACnD,2BAA2B,EAAE,WAAW;IACxC,UAAU;IACV,qBAAqB;IACrB,4DAA4D;IAC5D,QAAQ,EAAE,cAAc,EAAE,gBAAgB;IAC1C,gBAAgB;IAChB,iBAAiB;IACjB,kCAAkC;IAClC,YAAY,EAAE,QAAQ;CACvB,CAAC,CAAC;AASH;;GAEG;AACH,MAAM,gBAAgB,GAAG;IACvB,yCAAyC;IACzC,uBAAuB;IACvB,uCAAuC;CACxC,CAAC;AAEF;;GAEG;AACH,MAAM,eAAe,GAAG;IACtB,eAAe;IACf,cAAc;CACf,CAAC;AAEF;;;GAGG;AACH,MAAM,oBAAoB,GAAG;IAC3B,gCAAgC;IAChC,6CAA6C;IAC7C,wBAAwB;IACxB,wBAAwB;CACzB,CAAC;AAEW,QAAA,wBAAwB,GAAS;IAC5C,EAAE,EAAE,iCAAiC;IACrC,IAAI,EAAE,wBAAwB;IAC9B,WAAW,EAAE,2EAA2E;IACxF,QAAQ,EAAE,uBAAY,CAAC,MAAM;IAC7B,QAAQ,EAAE,mBAAQ,CAAC,QAAQ;IAC3B,UAAU,EAAE,qBAAU,CAAC,IAAI;IAC3B,kBAAkB,EAAE,OAAO;IAE3B,KAAK,CAAC,QAAQ,CAAC,OAAoB;QACjC,MAAM,WAAW,GAAG,IAAA,wCAAe,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QACzD,MAAM,UAAU,GAAuB,EAAE,CAAC;QAE1C,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC3C,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;gBACtB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAE5B,gBAAgB;gBAChB,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;oBAAE,SAAS;gBAE9F,2BAA2B;gBAC3B,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;oBACvC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;wBAC7F,MAAM;oBACR,CAAC;gBACH,CAAC;gBAED,eAAe;gBACf,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;oBACtC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,kDAAkD;wBAClD,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,cAAc,CAAC;wBACnE,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;wBACpE,MAAM;oBACR,CAAC;gBACH,CAAC;gBAED,4CAA4C;gBAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBAClE,IAAI,QAAQ,EAAE,CAAC;oBACb,MAAM,SAAS,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;oBAC9B,6CAA6C;oBAC7C,MAAM,YAAY,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;oBACxK,MAAM,MAAM,GAAG,sBAAsB,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;oBACxG,IAAI,CAAC,MAAM,EAAE,CAAC;wBACZ,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;oBACzF,CAAC;gBACH,CAAC;gBAED,2EAA2E;gBAC3E,KAAK,MAAM,OAAO,IAAI,oBAAoB,EAAE,CAAC;oBAC3C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,0CAA0C;wBAC1C,IAAI,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;4BAC9C,4CAA4C;4BAC5C,IAAI,CAAC,mEAAmE,CAAC,IAAI,CAAC,IAAI,CAAC;gCAC/E,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC;gCACvD,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gCAChC,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;4BACxF,CAAC;wBACH,CAAC;wBACD,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAEvC,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,wEAAwE;QACxE,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAC7D,QAAQ,GAAG,CAAC,IAAI,EAAE,CAAC;gBACjB,KAAK,SAAS;oBACZ,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;wBAC9B,KAAK,EAAE,kCAAkC;wBACzC,WAAW,EAAE,wCAAwC,OAAO,IAAI,GAAG,CAAC,IAAI,yEAAyE;wBACjJ,QAAQ,EAAE,OAAO;wBACjB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,WAAW,EAAE,6JAA6J;qBAC3K,CAAC,CAAC,CAAC;oBACJ,MAAM;gBACR,KAAK,QAAQ,CAAC;gBACd,KAAK,OAAO;oBACV,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;wBAC9B,KAAK,EAAE,wCAAwC;wBAC/C,WAAW,EAAE,iCAAiC,OAAO,IAAI,GAAG,CAAC,IAAI,qEAAqE;wBACtI,QAAQ,EAAE,OAAO;wBACjB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,WAAW,EAAE,0GAA0G;qBACxH,CAAC,CAAC,CAAC;oBACJ,MAAM;gBACR,KAAK,oBAAoB;oBACvB,QAAQ,CAAC,IAAI,CAAC,IAAA,2BAAiB,EAAC,IAAI,EAAE,mBAAQ,CAAC,MAAM,EAAE,qBAAU,CAAC,MAAM,EAAE;wBACxE,KAAK,EAAE,oCAAoC;wBAC3C,WAAW,EAAE,mDAAmD,GAAG,CAAC,KAAK,QAAQ,OAAO,IAAI,GAAG,CAAC,IAAI,gEAAgE;wBACpK,QAAQ,EAAE,OAAO;wBACjB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,WAAW,EAAE,uKAAuK;qBACrL,CAAC,CAAC,CAAC;oBACJ,MAAM;gBACR,KAAK,aAAa;oBAChB,QAAQ,CAAC,IAAI,CAAC,IAAA,2BAAiB,EAAC,IAAI,EAAE,mBAAQ,CAAC,IAAI,EAAE,qBAAU,CAAC,MAAM,EAAE;wBACtE,KAAK,EAAE,wBAAwB;wBAC/B,WAAW,EAAE,6CAA6C,OAAO,IAAI,GAAG,CAAC,IAAI,2EAA2E;wBACxJ,QAAQ,EAAE,OAAO;wBACjB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,WAAW,EAAE,kIAAkI;qBAChJ,CAAC,CAAC,CAAC;oBACJ,MAAM;YACV,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/rules/code/index.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Code analysis rules - detect rejection-causing code patterns
+ */
+export { PrivateAPIUsageRule } from './private-api-usage.js';
+export { DynamicCodeExecutionRule } from './dynamic-code-execution.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/rules/code/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/rules/code/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC"}

package/dist/rules/code/index.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DynamicCodeExecutionRule = exports.PrivateAPIUsageRule = void 0;
+/**
+ * Code analysis rules - detect rejection-causing code patterns
+ */
+var private_api_usage_js_1 = require("./private-api-usage.js");
+Object.defineProperty(exports, "PrivateAPIUsageRule", { enumerable: true, get: function () { return private_api_usage_js_1.PrivateAPIUsageRule; } });
+var dynamic_code_execution_js_1 = require("./dynamic-code-execution.js");
+Object.defineProperty(exports, "DynamicCodeExecutionRule", { enumerable: true, get: function () { return dynamic_code_execution_js_1.DynamicCodeExecutionRule; } });
+//# sourceMappingURL=index.js.map

package/dist/rules/code/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/rules/code/index.ts"],"names":[],"mappings":";;;AAAA;;GAEG;AACH,+DAA6D;AAApD,2HAAA,mBAAmB,OAAA;AAC5B,yEAAuE;AAA9D,qIAAA,wBAAwB,OAAA"}

package/dist/rules/code/private-api-usage.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Rule: Private API Usage (§2.5.1)
+ *
+ * Detects usage of private/undocumented Apple APIs that cause App Store rejection:
+ * - UIWebView (deprecated, rejected since iOS 12)
+ * - valueForKey/setValue:forKey on UIKit private properties (_placeholderLabel, _searchField, etc.)
+ * - Known private framework imports
+ * - objc_msgSend to known private selectors
+ */
+import type { Rule } from '../../types/index.js';
+export declare const PrivateAPIUsageRule: Rule;
+//# sourceMappingURL=private-api-usage.d.ts.map

package/dist/rules/code/private-api-usage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"private-api-usage.d.ts","sourceRoot":"","sources":["../../../src/rules/code/private-api-usage.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,KAAK,EAAE,IAAI,EAAwB,MAAM,sBAAsB,CAAC;AA+FvE,eAAO,MAAM,mBAAmB,EAAE,IA8HjC,CAAC"}

package/dist/rules/code/private-api-usage.js

@@ -0,0 +1,234 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PrivateAPIUsageRule = void 0;
+const index_js_1 = require("../../types/index.js");
+const base_js_1 = require("../base.js");
+const required_reason_api_js_1 = require("../privacy/required-reason-api.js");
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+/**
+ * Known private UIKit properties accessed via KVC
+ */
+const PRIVATE_KVC_PROPERTIES = [
+    '_placeholderLabel',
+    '_searchField',
+    '_placeholderColor',
+    '_backgroundView',
+    '_navigationBarBackIndicatorView',
+    '_barTintColor',
+    '_titleView',
+    '_leftViews',
+    '_rightViews',
+    '_contentView',
+    '_backdropView',
+    '_cancelButton',
+    '_cancelButtonText',
+    '_UINavigationBarBackground',
+    '_barPosition',
+    '_statusBarWindow',
+    '_statusBar',
+];
+/**
+ * Known private framework headers
+ */
+const PRIVATE_FRAMEWORK_IMPORTS = [
+    /^\s*#import\s+<UIKit\/UI\w+_Private\.h>/,
+    /^\s*#import\s+<UIKit\/UIStatusBar\.h>/,
+    /^\s*#import\s+<GraphicsServices\//,
+    /^\s*#import\s+<SpringBoardServices\//,
+    /^\s*#import\s+<BackBoardServices\//,
+    /^\s*#import\s+<MobileInstallation\//,
+    /^\s*#import\s+<AppSupport\//,
+    /^\s*@import\s+UIKitCore\b/,
+];
+/**
+ * Patterns for UIWebView usage
+ */
+const UIWEBVIEW_PATTERNS = [
+    /\bUIWebView\b/,
+];
+/**
+ * Patterns for private KVC access on UIKit objects
+ * We look for valueForKey/setValue:forKey with known private property strings
+ */
+function buildKVCPatterns() {
+    const patterns = [];
+    for (const prop of PRIVATE_KVC_PROPERTIES) {
+        // Swift: value(forKey: "_placeholderLabel")
+        patterns.push(new RegExp(`value\\(forKey:\\s*"${escapeRegex(prop)}"\\)`));
+        // Swift: setValue(xxx, forKey: "_placeholderLabel")
+        patterns.push(new RegExp(`setValue\\([^)]*forKey:\\s*"${escapeRegex(prop)}"\\)`));
+        // ObjC: [xxx valueForKey:@"_placeholderLabel"]
+        patterns.push(new RegExp(`valueForKey:\\s*@"${escapeRegex(prop)}"`));
+        // ObjC: [xxx setValue:xxx forKey:@"_placeholderLabel"]
+        patterns.push(new RegExp(`setValue:[^\\]]*forKey:\\s*@"${escapeRegex(prop)}"`));
+    }
+    return patterns;
+}
+function escapeRegex(s) {
+    return s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+/**
+ * Patterns for objc_msgSend with suspicious selectors
+ */
+const OBJC_MSGSEND_PRIVATE_PATTERNS = [
+    /\bobjc_msgSend\s*\([^,]+,\s*@selector\(\s*_\w+\s*\)/,
+    /\bobjc_msgSend\s*\([^,]+,\s*sel_registerName\(\s*"_\w+/,
+    /\bNSSelectorFromString\(\s*@?"_\w+"\s*\)/,
+    /\bSelectortor\(\s*"_\w+"\s*\)/,
+    /\bSelector\(\s*"_\w+"\s*\)/,
+    /\b#selector\(\s*_\w+\)/,
+];
+const KVC_PATTERNS = buildKVCPatterns();
+exports.PrivateAPIUsageRule = {
+    id: 'code-001-private-api-usage',
+    name: 'Private API Usage',
+    description: 'Detects usage of private/undocumented Apple APIs that cause App Store rejection',
+    category: index_js_1.RuleCategory.Config,
+    severity: index_js_1.Severity.Critical,
+    confidence: index_js_1.Confidence.High,
+    guidelineReference: '2.5.1',
+    async evaluate(context) {
+        const sourceFiles = (0, required_reason_api_js_1.findSourceFiles)(context.projectPath);
+        const detections = [];
+        for (const file of sourceFiles) {
+            let content;
+            try {
+                content = fs.readFileSync(file, 'utf-8');
+            }
+            catch {
+                continue;
+            }
+            const lines = content.split('\n');
+            for (let i = 0; i < lines.length; i++) {
+                const line = lines[i];
+                const lineNum = i + 1;
+                // Skip comments
+                const trimmed = line.trim();
+                if (trimmed.startsWith('//') || trimmed.startsWith('*') || trimmed.startsWith('/*'))
+                    continue;
+                // UIWebView
+                for (const pattern of UIWEBVIEW_PATTERNS) {
+                    if (pattern.test(line)) {
+                        // Avoid false positive: WKWebView contains "WebView" but not "UIWebView"
+                        // Also skip if it's in a comment about migration
+                        if (!trimmed.startsWith('//') && !trimmed.startsWith('*')) {
+                            detections.push({ file, line: lineNum, kind: 'uiwebview', match: 'UIWebView' });
+                        }
+                        break;
+                    }
+                }
+                // Private KVC
+                for (const pattern of KVC_PATTERNS) {
+                    if (pattern.test(line)) {
+                        const m = line.match(/"(_\w+)"/);
+                        detections.push({
+                            file, line: lineNum, kind: 'private-kvc',
+                            match: m ? m[1] : 'private property',
+                        });
+                        break;
+                    }
+                }
+                // Private framework imports
+                for (const pattern of PRIVATE_FRAMEWORK_IMPORTS) {
+                    if (pattern.test(line)) {
+                        detections.push({ file, line: lineNum, kind: 'private-import', match: trimmed });
+                        break;
+                    }
+                }
+                // Private selectors via objc_msgSend/NSSelectorFromString
+                for (const pattern of OBJC_MSGSEND_PRIVATE_PATTERNS) {
+                    if (pattern.test(line)) {
+                        const m = line.match(/"(_\w+)"/);
+                        detections.push({
+                            file, line: lineNum, kind: 'private-selector',
+                            match: m ? m[1] : 'private selector',
+                        });
+                        break;
+                    }
+                }
+            }
+        }
+        if (detections.length === 0)
+            return [];
+        const findings = [];
+        // Emit per-detection findings with line numbers for suppression support
+        for (const det of detections) {
+            const relFile = path.relative(context.projectPath, det.file);
+            switch (det.kind) {
+                case 'uiwebview':
+                    findings.push((0, base_js_1.makeFinding)(this, {
+                        title: 'UIWebView Usage (Deprecated & Rejected)',
+                        description: `UIWebView is deprecated since iOS 12 and Apple rejects apps that reference it. Found in: ${relFile}:${det.line}`,
+                        location: relFile,
+                        line: det.line,
+                        fixGuidance: 'Replace all UIWebView usage with WKWebView. Also check your dependencies — some older pods still reference UIWebView.',
+                        documentationURL: 'https://developer.apple.com/documentation/webkit/wkwebview',
+                    }));
+                    break;
+                case 'private-kvc':
+                    findings.push((0, base_js_1.makeFinding)(this, {
+                        title: 'Private UIKit Property Access via KVC',
+                        description: `Accessing private UIKit property (${det.match}) via valueForKey/setValue:forKey will cause App Store rejection. Found in: ${relFile}:${det.line}`,
+                        location: relFile,
+                        line: det.line,
+                        fixGuidance: 'Use public API alternatives instead of KVC on private properties. For placeholder color, use attributedPlaceholder. For search fields, use searchTextField (iOS 13+).',
+                    }));
+                    break;
+                case 'private-import':
+                    findings.push((0, base_js_1.makeFinding)(this, {
+                        title: 'Private Framework Import',
+                        description: `Importing private/undocumented Apple frameworks will cause App Store rejection. Found in: ${relFile}:${det.line}`,
+                        location: relFile,
+                        line: det.line,
+                        fixGuidance: 'Remove imports of private Apple frameworks and use only public APIs.',
+                    }));
+                    break;
+                case 'private-selector':
+                    findings.push((0, base_js_1.makeFinding)(this, {
+                        title: 'Private Selector Usage',
+                        description: `Using private selector (${det.match}) via objc_msgSend or NSSelectorFromString will cause App Store rejection. Found in: ${relFile}:${det.line}`,
+                        location: relFile,
+                        line: det.line,
+                        fixGuidance: 'Replace private selector calls with equivalent public API methods.',
+                    }));
+                    break;
+            }
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=private-api-usage.js.map

package/dist/rules/code/private-api-usage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"private-api-usage.js","sourceRoot":"","sources":["../../../src/rules/code/private-api-usage.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAUA,mDAA0E;AAC1E,wCAA4D;AAC5D,8EAAoE;AACpE,uCAAyB;AACzB,2CAA6B;AAE7B;;GAEG;AACH,MAAM,sBAAsB,GAAG;IAC7B,mBAAmB;IACnB,cAAc;IACd,mBAAmB;IACnB,iBAAiB;IACjB,iCAAiC;IACjC,eAAe;IACf,YAAY;IACZ,YAAY;IACZ,aAAa;IACb,cAAc;IACd,eAAe;IACf,eAAe;IACf,mBAAmB;IACnB,4BAA4B;IAC5B,cAAc;IACd,kBAAkB;IAClB,YAAY;CACb,CAAC;AAEF;;GAEG;AACH,MAAM,yBAAyB,GAAG;IAChC,yCAAyC;IACzC,uCAAuC;IACvC,mCAAmC;IACnC,sCAAsC;IACtC,oCAAoC;IACpC,qCAAqC;IACrC,6BAA6B;IAC7B,2BAA2B;CAC5B,CAAC;AAEF;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,eAAe;CAChB,CAAC;AAEF;;;GAGG;AACH,SAAS,gBAAgB;IACvB,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,KAAK,MAAM,IAAI,IAAI,sBAAsB,EAAE,CAAC;QAC1C,4CAA4C;QAC5C,QAAQ,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,uBAAuB,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QAC1E,oDAAoD;QACpD,QAAQ,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,+BAA+B,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QAClF,+CAA+C;QAC/C,QAAQ,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,qBAAqB,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACrE,uDAAuD;QACvD,QAAQ,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,gCAAgC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAClF,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,OAAO,CAAC,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,MAAM,6BAA6B,GAAG;IACpC,qDAAqD;IACrD,wDAAwD;IACxD,0CAA0C;IAC1C,+BAA+B;IAC/B,4BAA4B;IAC5B,wBAAwB;CACzB,CAAC;AASF,MAAM,YAAY,GAAG,gBAAgB,EAAE,CAAC;AAE3B,QAAA,mBAAmB,GAAS;IACvC,EAAE,EAAE,4BAA4B;IAChC,IAAI,EAAE,mBAAmB;IACzB,WAAW,EAAE,iFAAiF;IAC9F,QAAQ,EAAE,uBAAY,CAAC,MAAM;IAC7B,QAAQ,EAAE,mBAAQ,CAAC,QAAQ;IAC3B,UAAU,EAAE,qBAAU,CAAC,IAAI;IAC3B,kBAAkB,EAAE,OAAO;IAE3B,KAAK,CAAC,QAAQ,CAAC,OAAoB;QACjC,MAAM,WAAW,GAAG,IAAA,wCAAe,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QACzD,MAAM,UAAU,GAAgB,EAAE,CAAC;QAEnC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC3C,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;gBAEtB,gBAAgB;gBAChB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;oBAAE,SAAS;gBAE9F,YAAY;gBACZ,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;oBACzC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,yEAAyE;wBACzE,iDAAiD;wBACjD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;4BAC1D,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;wBAClF,CAAC;wBACD,MAAM;oBACR,CAAC;gBACH,CAAC;gBAED,cAAc;gBACd,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;oBACnC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;wBACjC,UAAU,CAAC,IAAI,CAAC;4BACd,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa;4BACxC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB;yBACrC,CAAC,CAAC;wBACH,MAAM;oBACR,CAAC;gBACH,CAAC;gBAED,4BAA4B;gBAC5B,KAAK,MAAM,OAAO,IAAI,yBAAyB,EAAE,CAAC;oBAChD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;wBACjF,MAAM;oBACR,CAAC;gBACH,CAAC;gBAED,0DAA0D;gBAC1D,KAAK,MAAM,OAAO,IAAI,6BAA6B,EAAE,CAAC;oBACpD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;wBACjC,UAAU,CAAC,IAAI,CAAC;4BACd,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,kBAAkB;4BAC7C,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB;yBACrC,CAAC,CAAC;wBACH,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAEvC,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,wEAAwE;QACxE,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAC7D,QAAQ,GAAG,CAAC,IAAI,EAAE,CAAC;gBACjB,KAAK,WAAW;oBACd,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;wBAC9B,KAAK,EAAE,yCAAyC;wBAChD,WAAW,EAAE,4FAA4F,OAAO,IAAI,GAAG,CAAC,IAAI,EAAE;wBAC9H,QAAQ,EAAE,OAAO;wBACjB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,WAAW,EAAE,uHAAuH;wBACpI,gBAAgB,EAAE,4DAA4D;qBAC/E,CAAC,CAAC,CAAC;oBACJ,MAAM;gBACR,KAAK,aAAa;oBAChB,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;wBAC9B,KAAK,EAAE,uCAAuC;wBAC9C,WAAW,EAAE,qCAAqC,GAAG,CAAC,KAAK,+EAA+E,OAAO,IAAI,GAAG,CAAC,IAAI,EAAE;wBAC/J,QAAQ,EAAE,OAAO;wBACjB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,WAAW,EAAE,uKAAuK;qBACrL,CAAC,CAAC,CAAC;oBACJ,MAAM;gBACR,KAAK,gBAAgB;oBACnB,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;wBAC9B,KAAK,EAAE,0BAA0B;wBACjC,WAAW,EAAE,6FAA6F,OAAO,IAAI,GAAG,CAAC,IAAI,EAAE;wBAC/H,QAAQ,EAAE,OAAO;wBACjB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,WAAW,EAAE,sEAAsE;qBACpF,CAAC,CAAC,CAAC;oBACJ,MAAM;gBACR,KAAK,kBAAkB;oBACrB,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;wBAC9B,KAAK,EAAE,wBAAwB;wBAC/B,WAAW,EAAE,2BAA2B,GAAG,CAAC,KAAK,wFAAwF,OAAO,IAAI,GAAG,CAAC,IAAI,EAAE;wBAC9J,QAAQ,EAAE,OAAO;wBACjB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,WAAW,EAAE,oEAAoE;qBAClF,CAAC,CAAC,CAAC;oBACJ,MAAM;YACV,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/rules/index.d.ts

@@ -6,6 +6,7 @@ export * from './privacy/index.js';
 export * from './auth/index.js';
 export * from './metadata/index.js';
 export * from './config/index.js';
+export * from './code/index.js';
 export * from './base.js';
 /**
  * All available rules

package/dist/rules/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAG9C,cAAc,oBAAoB,CAAC;AAGnC,cAAc,iBAAiB,CAAC;AAGhC,cAAc,qBAAqB,CAAC;AAGpC,cAAc,mBAAmB,CAAC;AAGlC,cAAc,WAAW,CAAC;AAoB1B;;GAEG;AACH,eAAO,MAAM,QAAQ,EAAE,IAAI,EAiB1B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,CAE1C,CAAC;AAEF;;GAEG;AACH,wBAAgB,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAEpD;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,GAAG,gBAAgB,CAkBvE;AAED;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,CAE/C;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,CAG9D"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAG9C,cAAc,oBAAoB,CAAC;AAGnC,cAAc,iBAAiB,CAAC;AAGhC,cAAc,qBAAqB,CAAC;AAGpC,cAAc,mBAAmB,CAAC;AAGlC,cAAc,iBAAiB,CAAC;AAGhC,cAAc,WAAW,CAAC;AAsB1B;;GAEG;AACH,eAAO,MAAM,QAAQ,EAAE,IAAI,EAmB1B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,CAE1C,CAAC;AAEF;;GAEG;AACH,wBAAgB,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAEpD;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,GAAG,gBAAgB,CAkBvE;AAED;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,CAE/C;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,CAG9D"}

package/dist/rules/index.js

@@ -27,6 +27,8 @@ __exportStar(require("./auth/index.js"), exports);
 __exportStar(require("./metadata/index.js"), exports);
 // Config rules
 __exportStar(require("./config/index.js"), exports);
+// Code analysis rules
+__exportStar(require("./code/index.js"), exports);
 // Base utilities
 __exportStar(require("./base.js"), exports);
 // Import all rules for registry
@@ -46,6 +48,8 @@ const missing_bluetooth_purpose_js_1 = require("./privacy/missing-bluetooth-purp
 const missing_face_id_purpose_js_1 = require("./privacy/missing-face-id-purpose.js");
 const missing_supported_orientations_js_1 = require("./metadata/missing-supported-orientations.js");
 const required_reason_api_js_1 = require("./privacy/required-reason-api.js");
+const private_api_usage_js_1 = require("./code/private-api-usage.js");
+const dynamic_code_execution_js_1 = require("./code/dynamic-code-execution.js");
 /**
  * All available rules
  */
@@ -66,6 +70,8 @@ exports.allRules = [
     missing_encryption_flag_js_1.MissingEncryptionFlagRule,
     missing_launch_storyboard_js_1.MissingLaunchStoryboardRule,
     required_reason_api_js_1.RequiredReasonAPIRule,
+    private_api_usage_js_1.PrivateAPIUsageRule,
+    dynamic_code_execution_js_1.DynamicCodeExecutionRule,
 ];
 /**
  * Rule registry - maps rule IDs to rule instances

package/dist/rules/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAsEA,0BAEC;AAcD,wDAkBC;AAMD,4BAEC;AAKD,8CAGC;AAnHD,gBAAgB;AAChB,qDAAmC;AAEnC,aAAa;AACb,kDAAgC;AAEhC,iBAAiB;AACjB,sDAAoC;AAEpC,eAAe;AACf,oDAAkC;AAElC,iBAAiB;AACjB,4CAA0B;AAE1B,gCAAgC;AAChC,mFAA+E;AAC/E,uFAAmF;AACnF,6FAAyF;AACzF,iFAA6E;AAC7E,iGAA4F;AAC5F,2FAAuF;AACvF,uFAAmF;AACnF,sFAAgF;AAChF,wFAAoF;AACpF,4GAAuG;AACvG,oFAAgF;AAChF,wFAAoF;AACpF,yFAAqF;AACrF,qFAAgF;AAChF,oGAAgG;AAChG,6EAAyE;AAEzE;;GAEG;AACU,QAAA,QAAQ,GAAW;IAC9B,oDAAwB;IACxB,wDAA0B;IAC1B,8DAA6B;IAC7B,kDAAuB;IACvB,iEAA8B;IAC9B,4DAA4B;IAC5B,wDAA0B;IAC1B,0DAA2B;IAC3B,qDAAwB;IACxB,wDAAyB;IACzB,wDAA0B;IAC1B,oEAAgC;IAChC,6EAAoC;IACpC,sDAAyB;IACzB,0DAA2B;IAC3B,8CAAqB;CACtB,CAAC;AAEF;;GAEG;AACU,QAAA,YAAY,GAAsB,IAAI,GAAG,CACpD,gBAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,CACtC,CAAC;AAEF;;GAEG;AACH,SAAgB,OAAO,CAAC,EAAU;IAChC,OAAO,oBAAY,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAC9B,CAAC;AAUD;;;GAGG;AACH,SAAgB,sBAAsB,CAAC,GAAc;IACnD,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,KAAK,EAAE,gBAAQ,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC7C,CAAC;IAED,MAAM,KAAK,GAAW,EAAE,CAAC;IACzB,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;QACrB,MAAM,IAAI,GAAG,oBAAY,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClC,IAAI,IAAI,EAAE,CAAC;YACT,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnB,CAAC;aAAM,CAAC;YACN,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;AAC/B,CAAC;AAED;;;GAGG;AACH,SAAgB,QAAQ,CAAC,GAAc;IACrC,OAAO,sBAAsB,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,UAAoB;IACpD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IACvC,OAAO,gBAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AA6EA,0BAEC;AAcD,wDAkBC;AAMD,4BAEC;AAKD,8CAGC;AA1HD,gBAAgB;AAChB,qDAAmC;AAEnC,aAAa;AACb,kDAAgC;AAEhC,iBAAiB;AACjB,sDAAoC;AAEpC,eAAe;AACf,oDAAkC;AAElC,sBAAsB;AACtB,kDAAgC;AAEhC,iBAAiB;AACjB,4CAA0B;AAE1B,gCAAgC;AAChC,mFAA+E;AAC/E,uFAAmF;AACnF,6FAAyF;AACzF,iFAA6E;AAC7E,iGAA4F;AAC5F,2FAAuF;AACvF,uFAAmF;AACnF,sFAAgF;AAChF,wFAAoF;AACpF,4GAAuG;AACvG,oFAAgF;AAChF,wFAAoF;AACpF,yFAAqF;AACrF,qFAAgF;AAChF,oGAAgG;AAChG,6EAAyE;AACzE,sEAAkE;AAClE,gFAA4E;AAE5E;;GAEG;AACU,QAAA,QAAQ,GAAW;IAC9B,oDAAwB;IACxB,wDAA0B;IAC1B,8DAA6B;IAC7B,kDAAuB;IACvB,iEAA8B;IAC9B,4DAA4B;IAC5B,wDAA0B;IAC1B,0DAA2B;IAC3B,qDAAwB;IACxB,wDAAyB;IACzB,wDAA0B;IAC1B,oEAAgC;IAChC,6EAAoC;IACpC,sDAAyB;IACzB,0DAA2B;IAC3B,8CAAqB;IACrB,0CAAmB;IACnB,oDAAwB;CACzB,CAAC;AAEF;;GAEG;AACU,QAAA,YAAY,GAAsB,IAAI,GAAG,CACpD,gBAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,CACtC,CAAC;AAEF;;GAEG;AACH,SAAgB,OAAO,CAAC,EAAU;IAChC,OAAO,oBAAY,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAC9B,CAAC;AAUD;;;GAGG;AACH,SAAgB,sBAAsB,CAAC,GAAc;IACnD,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,KAAK,EAAE,gBAAQ,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC7C,CAAC;IAED,MAAM,KAAK,GAAW,EAAE,CAAC;IACzB,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;QACrB,MAAM,IAAI,GAAG,oBAAY,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClC,IAAI,IAAI,EAAE,CAAC;YACT,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnB,CAAC;aAAM,CAAC;YACN,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;AAC/B,CAAC;AAED;;;GAGG;AACH,SAAgB,QAAQ,CAAC,GAAc;IACrC,OAAO,sBAAsB,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,UAAoB;IACpD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IACvC,OAAO,gBAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC"}

package/dist/rules/privacy/att-tracking-mismatch.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"att-tracking-mismatch.d.ts","sourceRoot":"","sources":["../../../src/rules/privacy/att-tracking-mismatch.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,KAAK,EAAE,IAAI,EAAwB,MAAM,sBAAsB,CAAC;AASvE,eAAO,MAAM,uBAAuB,EAAE,IA6GrC,CAAC"}
+{"version":3,"file":"att-tracking-mismatch.d.ts","sourceRoot":"","sources":["../../../src/rules/privacy/att-tracking-mismatch.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,KAAK,EAAE,IAAI,EAAwB,MAAM,sBAAsB,CAAC;AASvE,eAAO,MAAM,uBAAuB,EAAE,IA+HrC,CAAC"}

package/dist/rules/privacy/att-tracking-mismatch.js

@@ -18,6 +18,22 @@ exports.ATTTrackingMismatchRule = {
     async evaluate(context) {
         // Detect tracking SDKs from dependencies
         const detectedSDKs = (0, framework_detector_js_1.detectTrackingSDKs)(context.dependencies);
+        // Also detect from linked frameworks / Swift imports
+        const trackingFrameworkMap = {
+            'AdSupport': 'AdSupport (IDFA)',
+            'FBSDKCoreKit': 'Facebook SDK',
+            'FacebookCore': 'Facebook SDK',
+            'FBAudienceNetwork': 'Facebook Audience Network',
+            'GoogleMobileAds': 'Google Mobile Ads',
+            'FirebaseAnalytics': 'Firebase Analytics',
+            'Adjust': 'Adjust',
+            'AppsFlyerLib': 'AppsFlyer',
+        };
+        for (const [framework, name] of Object.entries(trackingFrameworkMap)) {
+            if (context.hasFramework(framework) && !detectedSDKs.includes(name)) {
+                detectedSDKs.push(name);
+            }
+        }
         if (detectedSDKs.length === 0) {
             return [];
         }

package/dist/rules/privacy/att-tracking-mismatch.js.map

@@ -1 +1 @@
-{"version":3,"file":"att-tracking-mismatch.js","sourceRoot":"","sources":["../../../src/rules/privacy/att-tracking-mismatch.ts"],"names":[],"mappings":";;;AAUA,mDAA0E;AAC1E,mEAA8D;AAC9D,+EAAyE;AACzE,wCAA4D;AAE5D,MAAM,kBAAkB,GAAG,gCAAgC,CAAC;AAC5D,MAAM,aAAa,GAAG,yBAAyB,CAAC;AAEnC,QAAA,uBAAuB,GAAS;IAC3C,EAAE,EAAE,mCAAmC;IACvC,IAAI,EAAE,gDAAgD;IACtD,WAAW,EAAE,4DAA4D;IACzE,QAAQ,EAAE,uBAAY,CAAC,OAAO;IAC9B,QAAQ,EAAE,mBAAQ,CAAC,QAAQ;IAC3B,UAAU,EAAE,qBAAU,CAAC,IAAI;IAC3B,kBAAkB,EAAE,OAAO;IAE3B,KAAK,CAAC,QAAQ,CAAC,OAAoB;QACjC,yCAAyC;QACzC,MAAM,YAAY,GAAG,IAAA,0CAAkB,EAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAE9D,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,MAAM,mBAAmB,GAAG,OAAO,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACpE,MAAM,sBAAsB,GAAG,mBAAmB,KAAK,SAAS,CAAC;QACjE,MAAM,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QAE5D,0DAA0D;QAC1D,IAAI,CAAC,sBAAsB,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;gBAC9B,WAAW,EAAE,gDAAgD,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;oBACtF,4FAA4F;oBAC5F,8EAA8E;gBAChF,QAAQ,EAAE,OAAO,CAAC,aAAa,IAAI,YAAY;gBAC/C,WAAW,EAAE;;;;;;;;;;;;;;;;;;2EAkBsD;gBACnE,gBAAgB,EAAE,mEAAmE;aACtF,CAAC,CAAC,CAAC;QACN,CAAC;QACD,+BAA+B;aAC1B,IAAI,mBAAmB,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC3C,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;gBAC9B,KAAK,EAAE,kCAAkC;gBACzC,WAAW,EAAE,kFAAkF;oBAC7F,mDAAmD;gBACrD,QAAQ,EAAE,OAAO,CAAC,aAAa,IAAI,YAAY;gBAC/C,WAAW,EAAE;;;;;4DAKuC;gBACpD,gBAAgB,EAAE,mEAAmE;aACtF,CAAC,CAAC,CAAC;QACN,CAAC;QACD,qCAAqC;aAChC,IAAI,IAAA,+BAAa,EAAC,mBAAmB,CAAC,EAAE,CAAC;YAC5C,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;gBAC9B,KAAK,EAAE,wCAAwC;gBAC/C,WAAW,EAAE,wEAAwE,mBAAmB,KAAK;oBAC3G,sDAAsD;gBACxD,QAAQ,EAAE,OAAO,CAAC,aAAa,IAAI,YAAY;gBAC/C,WAAW,EAAE;;kBAEH,mBAAmB;;+DAE0B;gBACvD,gBAAgB,EAAE,mEAAmE;aACtF,CAAC,CAAC,CAAC;QACN,CAAC;QAED,+CAA+C;QAC/C,IAAI,sBAAsB,IAAI,CAAC,eAAe,EAAE,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC,IAAA,2BAAiB,EAAC,IAAI,EAAE,mBAAQ,CAAC,MAAM,EAAE,qBAAU,CAAC,MAAM,EAAE;gBACxE,KAAK,EAAE,8CAA8C;gBACrD,WAAW,EAAE,oFAAoF;oBAC/F,mFAAmF;gBACrF,QAAQ,EAAE,OAAO,CAAC,WAAW,IAAI,iBAAiB;gBAClD,WAAW,EAAE,oFAAoF;oBAC/F;;;;;;;;;yFAS+E;oBAC/E,8BAA8B;gBAChC,gBAAgB,EAAE,mEAAmE;aACtF,CAAC,CAAC,CAAC;QACN,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}
+{"version":3,"file":"att-tracking-mismatch.js","sourceRoot":"","sources":["../../../src/rules/privacy/att-tracking-mismatch.ts"],"names":[],"mappings":";;;AAUA,mDAA0E;AAC1E,mEAA8D;AAC9D,+EAAyE;AACzE,wCAA4D;AAE5D,MAAM,kBAAkB,GAAG,gCAAgC,CAAC;AAC5D,MAAM,aAAa,GAAG,yBAAyB,CAAC;AAEnC,QAAA,uBAAuB,GAAS;IAC3C,EAAE,EAAE,mCAAmC;IACvC,IAAI,EAAE,gDAAgD;IACtD,WAAW,EAAE,4DAA4D;IACzE,QAAQ,EAAE,uBAAY,CAAC,OAAO;IAC9B,QAAQ,EAAE,mBAAQ,CAAC,QAAQ;IAC3B,UAAU,EAAE,qBAAU,CAAC,IAAI;IAC3B,kBAAkB,EAAE,OAAO;IAE3B,KAAK,CAAC,QAAQ,CAAC,OAAoB;QACjC,yCAAyC;QACzC,MAAM,YAAY,GAAG,IAAA,0CAAkB,EAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAE9D,qDAAqD;QACrD,MAAM,oBAAoB,GAA2B;YACnD,WAAW,EAAE,kBAAkB;YAC/B,cAAc,EAAE,cAAc;YAC9B,cAAc,EAAE,cAAc;YAC9B,mBAAmB,EAAE,2BAA2B;YAChD,iBAAiB,EAAE,mBAAmB;YACtC,mBAAmB,EAAE,oBAAoB;YACzC,QAAQ,EAAE,QAAQ;YAClB,cAAc,EAAE,WAAW;SAC5B,CAAC;QAEF,KAAK,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,CAAC;YACrE,IAAI,OAAO,CAAC,YAAY,CAAC,SAAS,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACpE,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;QAED,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,MAAM,mBAAmB,GAAG,OAAO,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;QACpE,MAAM,sBAAsB,GAAG,mBAAmB,KAAK,SAAS,CAAC;QACjE,MAAM,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QAE5D,0DAA0D;QAC1D,IAAI,CAAC,sBAAsB,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;gBAC9B,WAAW,EAAE,gDAAgD,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;oBACtF,4FAA4F;oBAC5F,8EAA8E;gBAChF,QAAQ,EAAE,OAAO,CAAC,aAAa,IAAI,YAAY;gBAC/C,WAAW,EAAE;;;;;;;;;;;;;;;;;;2EAkBsD;gBACnE,gBAAgB,EAAE,mEAAmE;aACtF,CAAC,CAAC,CAAC;QACN,CAAC;QACD,+BAA+B;aAC1B,IAAI,mBAAmB,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC3C,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;gBAC9B,KAAK,EAAE,kCAAkC;gBACzC,WAAW,EAAE,kFAAkF;oBAC7F,mDAAmD;gBACrD,QAAQ,EAAE,OAAO,CAAC,aAAa,IAAI,YAAY;gBAC/C,WAAW,EAAE;;;;;4DAKuC;gBACpD,gBAAgB,EAAE,mEAAmE;aACtF,CAAC,CAAC,CAAC;QACN,CAAC;QACD,qCAAqC;aAChC,IAAI,IAAA,+BAAa,EAAC,mBAAmB,CAAC,EAAE,CAAC;YAC5C,QAAQ,CAAC,IAAI,CAAC,IAAA,qBAAW,EAAC,IAAI,EAAE;gBAC9B,KAAK,EAAE,wCAAwC;gBAC/C,WAAW,EAAE,wEAAwE,mBAAmB,KAAK;oBAC3G,sDAAsD;gBACxD,QAAQ,EAAE,OAAO,CAAC,aAAa,IAAI,YAAY;gBAC/C,WAAW,EAAE;;kBAEH,mBAAmB;;+DAE0B;gBACvD,gBAAgB,EAAE,mEAAmE;aACtF,CAAC,CAAC,CAAC;QACN,CAAC;QAED,+CAA+C;QAC/C,IAAI,sBAAsB,IAAI,CAAC,eAAe,EAAE,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC,IAAA,2BAAiB,EAAC,IAAI,EAAE,mBAAQ,CAAC,MAAM,EAAE,qBAAU,CAAC,MAAM,EAAE;gBACxE,KAAK,EAAE,8CAA8C;gBACrD,WAAW,EAAE,oFAAoF;oBAC/F,mFAAmF;gBACrF,QAAQ,EAAE,OAAO,CAAC,WAAW,IAAI,iBAAiB;gBAClD,WAAW,EAAE,oFAAoF;oBAC/F;;;;;;;;;yFAS+E;oBAC/E,8BAA8B;gBAChC,gBAAgB,EAAE,mEAAmE;aACtF,CAAC,CAAC,CAAC;QACN,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/types/index.d.ts

@@ -58,9 +58,15 @@ export interface Finding {
     title: string;
     description: string;
     location?: string;
+    /** Line number in the source file (1-indexed) */
+    line?: number;
     guideline: string;
     fixGuidance: string;
     documentationURL?: string;
+    /** Whether this finding was suppressed */
+    suppressed?: boolean;
+    /** Reason for suppression */
+    suppressionReason?: string;
 }
 /**
  * Result of a scan
@@ -69,6 +75,7 @@ export interface ScanResult {
     projectPath: string;
     timestamp: Date;
     findings: Finding[];
+    suppressedFindings: Finding[];
     rulesRun: string[];
     duration: number;
     /** Project type detected: xcodeproj, swiftpm, both, or unknown */
@@ -159,5 +166,6 @@ export interface ScanOptions {
     verbose?: boolean;
     rules?: string[];
     exclude?: string[];
+    showSuppressed?: boolean;
 }
 //# sourceMappingURL=index.d.ts.map