diffsense 2.2.12__py3-none-any.whl

sdk/javascript_adapter.py

@@ -0,0 +1,229 @@
+"""
+JavaScript/TypeScript Language Adapter for DiffSense
+
+Provides JavaScript-specific patterns and constructs for rule development.
+"""
+
+import re
+from typing import List, Set, Pattern, Dict
+from .language_adapter import LanguageAdapter
+
+
+class JavaScriptAdapter(LanguageAdapter):
+    """
+    Language adapter for JavaScript/TypeScript.
+
+    Provides JavaScript-specific patterns for concurrency, resource management,
+    error handling, and other language constructs.
+    """
+
+    def __init__(self):
+        super().__init__("javascript")
+        self._compile_patterns()
+
+    def _compile_patterns(self):
+        """Pre-compile commonly used patterns."""
+        # Thread Safety / Concurrency Patterns
+        self._lock_patterns = [
+            re.compile(r'new\s+Mutex\(\)'),
+            re.compile(r'await\s+mutex\.acquire\(\)'),
+            re.compile(r'\.lock\(\)'),
+            re.compile(r'with\s*\(\s*lock\s*\)'),
+            re.compile(r'synchronized\s*\('),
+        ]
+
+        self._unlock_patterns = [
+            re.compile(r'mutex\.release\(\)'),
+            re.compile(r'\.unlock\(\)'),
+        ]
+
+        self._volatile_patterns = [
+            re.compile(r'Atomic\w+\('),
+            re.compile(r'new\s+AtomicReference'),
+        ]
+
+        # Resource Management Patterns
+        self._resource_creation = [
+            re.compile(r'fs\.open\('),
+            re.compile(r'fs\.createReadStream\('),
+            re.compile(r'fs\.createWriteStream\('),
+            re.compile(r'database\.connect\('),
+            re.compile(r'new\s+Client\(.*\)\.connect\(\)'),
+        ]
+
+        # Error Handling Patterns
+        self._error_check = [
+            re.compile(r'catch\s*\([^)]*\)\s*\{'),
+            re.compile(r'if\s*\(\s*err\s*\)'),
+            re.compile(r'if\s*\(\s*error\s*\)'),
+            re.compile(r'if\s*\(\s*!\w+\s*\)\s*\{'),
+            re.compile(r'\.catch\(\s*\w*\s*=>'),
+        ]
+
+        self._error_ignore = [
+            re.compile(r'catch\s*\([^)]*\)\s*\{\s*\}'),
+            re.compile(r'catch\s*\(\s*\w+\s*\)\s*\{\s*\}'),
+            re.compile(r'\.catch\(\s*\(\s*\w*\s*\)\s*\{\s*\}\s*\)'),
+        ]
+
+        # Async/Promise Patterns
+        self._promise_handling = [
+            re.compile(r'\.then\('),
+            re.compile(r'\.catch\('),
+            re.compile(r'\.finally\('),
+            re.compile(r'await\s+'),
+            re.compile(r'async\s+function'),
+        ]
+
+        # Security Patterns
+        self._security = {
+            'command_injection': [
+                re.compile(r'child_process\.exec\('),
+                re.compile(r'child_process\.execSync\('),
+                re.compile(r'eval\s*\('),
+                re.compile(r'new\s+Function\('),
+                re.compile(r'document\.write\('),
+            ],
+            'hardcoded_secret': [
+                re.compile(r'password\s*[:=]\s*["\'][^"\']+["\']'),
+                re.compile(r'api[_-]?key\s*[:=]\s*["\'][^"\']+["\']'),
+                re.compile(r'secret[_-]?key\s*[:=]\s*["\'][^"\']+["\']'),
+                re.compile(r'access[_-]?token\s*[:=]\s*["\'][^"\']+["\']'),
+                re.compile(r'AKIA[0-9A-Z]{16}'),
+            ],
+            'sql_injection': [
+                re.compile(r'query\s*\(\s*["\'].*\%.*["\']'),
+                re.compile(r'query\s*\(\s*[`].*\$\{'),
+            ],
+            'deserialization': [
+                re.compile(r'JSON\.parse\('),
+                re.compile(r'yaml\.load\('),
+                re.compile(r'yaml\.unsafe_load\('),
+            ],
+            'xss': [
+                re.compile(r'innerHTML\s*='),
+                re.compile(r'outerHTML\s*='),
+                re.compile(r'document\.write\('),
+            ],
+        }
+
+        # Console usage (should not be in production)
+        self._console_usage = [
+            re.compile(r'console\.log\('),
+            re.compile(r'console\.debug\('),
+            re.compile(r'console\.info\('),
+            re.compile(r'console\.warn\('),
+            re.compile(r'console\.error\('),
+        ]
+
+    # ==================== Thread Safety ====================
+
+    def get_thread_safe_types(self) -> Set[str]:
+        return {
+            'Mutex', 'Lock', 'RLock', 'Semaphore',
+            'AtomicReference', 'AtomicInteger', 'AtomicBoolean',
+            'ConcurrentMap', 'ConcurrentHashMap',
+            'Promise', 'AsyncIterable',
+        }
+
+    def get_unsafe_types(self) -> Set[str]:
+        return {
+            'Object', 'Array', 'Map', 'Set',
+            'string', 'number', 'boolean',
+        }
+
+    def get_lock_patterns(self) -> List[Pattern]:
+        return self._lock_patterns
+
+    def get_unlock_patterns(self) -> List[Pattern]:
+        return self._unlock_patterns
+
+    def get_volatile_patterns(self) -> List[Pattern]:
+        return self._volatile_patterns
+
+    # ==================== Resource Management ====================
+
+    def get_cleanup_keywords(self) -> Set[str]:
+        return {
+            'close()', '.close()', 'finally', 'dispose()',
+            '.end()', '.destroy()', 'cleanup()', 'teardown()'
+        }
+
+    def get_resource_creation_patterns(self) -> List[Pattern]:
+        return self._resource_creation
+
+    # ==================== Error Handling ====================
+
+    def get_error_types(self) -> Set[str]:
+        return {
+            'Error', 'TypeError', 'ReferenceError', 'SyntaxError',
+            'RangeError', 'URIError', 'EvalError',
+            'PromiseRejection', 'UnhandledPromiseRejection'
+        }
+
+    def get_error_check_patterns(self) -> List[Pattern]:
+        return self._error_check
+
+    def get_error_ignore_patterns(self) -> List[Pattern]:
+        return self._error_ignore
+
+    # ==================== Null Safety ====================
+
+    def get_null_checks(self) -> Set[str]:
+        return {
+            '=== null', '!== null', '== null', '!= null',
+            'if (x)', 'if (!x)', 'if (x !== null)',
+            'x &&', 'x?.', 'x ??', 'Optional.ofNullable'
+        }
+
+    def get_null_pointer_types(self) -> Set[str]:
+        return {
+            'null', 'undefined', 'any', 'object'
+        }
+
+    # ==================== Concurrency Primitives ====================
+
+    def get_concurrency_primitives(self) -> Set[str]:
+        return {
+            'Promise', 'async', 'await', 'setTimeout', 'setInterval',
+            'Worker', 'WorkerThread', 'child_process',
+            'Mutex', 'Semaphore', 'Atomics',
+            'EventEmitter', 'EventTarget'
+        }
+
+    def get_thread_creation_patterns(self) -> List[Pattern]:
+        return self._promise_handling + [
+            re.compile(r'new\s+Worker\('),
+            re.compile(r'child_process\.spawn\('),
+        ]
+
+    # ==================== Security ====================
+
+    def get_dangerous_patterns(self) -> Dict[str, List[Pattern]]:
+        return self._security
+
+    # ==================== Additional JavaScript-specific ====================
+
+    def get_console_patterns(self) -> List[Pattern]:
+        """Get patterns for console usage (production issue)."""
+        return self._console_usage
+
+    def get_var_declaration_patterns(self) -> List[Pattern]:
+        """Get patterns for deprecated var declaration."""
+        return [
+            re.compile(r'\bvar\s+\w+'),
+        ]
+
+    def get_strict_comparison_patterns(self) -> List[Pattern]:
+        """Get patterns for loose equality (should use ===)."""
+        return [
+            re.compile(r'==\s*null'),
+            re.compile(r'!=\s*null'),
+            re.compile(r'==\s*undefined'),
+            re.compile(r'!=\s*undefined'),
+        ]
+
+
+def get_adapter():
+    """Get JavaScript adapter instance."""
+    return JavaScriptAdapter()

sdk/language_adapter.py

@@ -0,0 +1,313 @@
+"""
+Language Adapter System for DiffSense
+
+This module provides language-agnostic abstractions for rule development.
+The LanguageAdapter isolates language-specific patterns, allowing rules
+to be written in a language-independent way.
+
+Architecture:
+    - LanguageAdapter: Abstract base class defining the interface
+    - AdapterFactory: Factory to get the appropriate adapter for a language
+    
+Usage:
+    class MyConcurrencyRule(BaseRule):
+        def __init__(self, adapter: LanguageAdapter = None):
+            self._adapter = adapter or AdapterFactory.get_adapter("java")
+        
+        def evaluate(self, diff_data, signals):
+            thread_safe_types = self._adapter.get_thread_safe_types()
+            # ... use language-specific patterns
+"""
+
+from abc import ABC, abstractmethod
+from typing import Dict, List, Optional, Set, Pattern, Any
+import re
+
+
+class LanguageAdapter(ABC):
+    """
+    Abstract base class for language-specific adapters.
+    
+    This class defines the interface that all language adapters must implement.
+    It provides language-agnostic methods for accessing language-specific patterns
+    and constructs, allowing rules to be written in a language-independent way.
+    """
+    
+    def __init__(self, language: str):
+        self._language = language
+        self._compiled_patterns: Dict[str, Pattern] = {}
+    
+    @property
+    def language(self) -> str:
+        """Return the language identifier (e.g., 'java', 'go', 'python')"""
+        return self._language
+    
+    # ==================== Thread Safety ====================
+    
+    @abstractmethod
+    def get_thread_safe_types(self) -> Set[str]:
+        """
+        Return set of thread-safe collection/atomic types for this language.
+        
+        Examples:
+            Java: {'ConcurrentHashMap', 'AtomicInteger', 'CopyOnWriteArrayList'}
+            Go: {'sync.Mutex', 'sync.RWMutex', 'chan', 'sync.Map'}
+        """
+        pass
+    
+    @abstractmethod
+    def get_unsafe_types(self) -> Set[str]:
+        """
+        Return set of non-thread-safe types that could cause race conditions.
+        
+        Examples:
+            Java: {'HashMap', 'ArrayList', 'HashSet'}
+            Go: {'map', 'slice'} (without synchronization)
+        """
+        pass
+    
+    @abstractmethod
+    def get_lock_patterns(self) -> List[Pattern]:
+        """
+        Return regex patterns for lock/synchronization constructs.
+        
+        Examples:
+            Java: ['synchronized', r'\\.lock\\(\\)', r'\\.wait\\(\\)']
+            Go: [r'\\.Lock\\(\\)', r'\\.RLock\\(\\)', r'sync\\.Mutex']
+        """
+        pass
+    
+    @abstractmethod
+    def get_unlock_patterns(self) -> List[Pattern]:
+        """
+        Return regex patterns for unlock/release constructs.
+        
+        Examples:
+            Java: [r'\\.unlock\\(\\)', r'\\.notify\\(\\)']
+            Go: [r'\\.Unlock\\(\\)', r'\\.RUnlock\\(\\)']
+        """
+        pass
+    
+    @abstractmethod
+    def get_volatile_patterns(self) -> List[Pattern]:
+        r"""
+        Return regex patterns for volatile/atomic modifiers.
+        
+        Examples:
+            Java: [r'volatile', r'AtomicInteger', r'AtomicLong']
+            Go: [r'atomic\.(Load|Store|Add|Swap|CompareAndSwap)']
+        """
+        pass
+    
+    # ==================== Resource Management ====================
+    
+    @abstractmethod
+    def get_cleanup_keywords(self) -> Set[str]:
+        """
+        Return keywords/patterns for resource cleanup.
+        
+        Examples:
+            Java: {'close()', 'finally', 'try-with-resources'}
+            Go: {'defer', 'close()'}
+        """
+        pass
+    
+    @abstractmethod
+    def get_resource_creation_patterns(self) -> List[Pattern]:
+        r"""
+        Return patterns for resource creation (to detect potential leaks).
+        
+        Examples:
+            Java: [r'new\s+FileInputStream', r'new\s+Connection']
+            Go: [r'make\(', r'os\.Open']
+        """
+        pass
+    
+    # ==================== Error Handling ====================
+    
+    @abstractmethod
+    def get_error_types(self) -> Set[str]:
+        """
+        Return set of error/exception types for this language.
+        
+        Examples:
+            Java: {'Exception', 'RuntimeException', 'Throwable'}
+            Go: {'error'}
+        """
+        pass
+    
+    @abstractmethod
+    def get_error_check_patterns(self) -> List[Pattern]:
+        r"""
+        Return patterns for error checking.
+        
+        Examples:
+            Java: [r'catch\s*\(\w+', r'if\s+\w+\s*==\s*null']
+            Go: [r'if\s+err\s*!=\s*nil', r'if\s+err\s*==\s*nil']
+        """
+        pass
+    
+    @abstractmethod
+    def get_error_ignore_patterns(self) -> List[Pattern]:
+        r"""
+        Return patterns for ignoring/suppressing errors.
+        
+        Examples:
+            Java: [r'catch\s*\(\s*Exception\s*\)', r'catch\s*\(\s*\)']
+            Go: [r'_\s*=\s*\w+\s*\(']
+        """
+        pass
+    
+    # ==================== Null Safety ====================
+    
+    @abstractmethod
+    def get_null_checks(self) -> Set[str]:
+        """
+        Return set of null check patterns for this language.
+        
+        Examples:
+            Java: {'== null', '!= null', 'Objects.isNull', 'Optional.ofNullable'}
+            Go: {'== nil', '!= nil'}
+        """
+        pass
+    
+    @abstractmethod
+    def get_null_pointer_types(self) -> Set[str]:
+        """
+        Return set of types that can cause null pointer errors.
+        
+        Examples:
+            Java: {'Object', 'String', 'List', 'Map'}
+            Go: {'pointer', 'interface', 'slice', 'map', 'chan'}
+        """
+        pass
+    
+    # ==================== Concurrency Primitives ====================
+    
+    @abstractmethod
+    def get_concurrency_primitives(self) -> Set[str]:
+        """
+        Return set of language-specific concurrency primitives.
+        
+        Examples:
+            Java: {'synchronized', 'volatile', 'Thread', 'ExecutorService'}
+            Go: {'go', 'chan', 'select', 'defer', 'sync.WaitGroup'}
+        """
+        pass
+    
+    @abstractmethod
+    def get_thread_creation_patterns(self) -> List[Pattern]:
+        r"""
+        Return patterns for creating threads/goroutines.
+        
+        Examples:
+            Java: [r'new\s+Thread', r'executor\.submit', r'CompletableFuture\.runAsync']
+            Go: [r'\bgo\s+\w+', r'go\s+func']
+        """
+        pass
+    
+    # ==================== Security ====================
+    
+    @abstractmethod
+    def get_dangerous_patterns(self) -> Dict[str, List[Pattern]]:
+        r"""
+        Return dictionary of security-related patterns.
+        
+        Keys: category names (e.g., 'command_injection', 'sql_injection', 'hardcoded_secret')
+        
+        Examples:
+            Java: {'sql_injection': [r'Statement.*\+', r'executeQuery.*\+']}
+            Go: {'command_injection': [r'exec\.Command', r'syscall\.Exec']}
+        """
+        pass
+    
+    # ==================== Utility Methods ====================
+    
+    def compile_pattern(self, pattern: str) -> Pattern:
+        """
+        Compile and cache a regex pattern.
+        
+        Args:
+            pattern: Regular expression string
+            
+        Returns:
+            Compiled regex pattern
+        """
+        if pattern not in self._compiled_patterns:
+            self._compiled_patterns[pattern] = re.compile(pattern)
+        return self._compiled_patterns[pattern]
+    
+    def find_added_lines(self, raw_diff: str) -> List[str]:
+        """Extract added lines from diff."""
+        return [line for line in raw_diff.split('\n') 
+                if line.startswith('+') and not line.startswith('+++')]
+    
+    def find_removed_lines(self, raw_diff: str) -> List[str]:
+        """Extract removed lines from diff."""
+        return [line for line in raw_diff.split('\n') 
+                if line.startswith('-') and not line.startswith('---')]
+    
+    def has_pattern(self, text: str, patterns: List[Pattern]) -> bool:
+        """Check if text matches any of the given patterns."""
+        return any(p.search(text) for p in patterns)
+    
+    def count_pattern(self, text: str, patterns: List[Pattern]) -> int:
+        """Count occurrences of patterns in text."""
+        return sum(len(p.findall(text)) for p in patterns)
+
+
+class AdapterFactory:
+    """
+    Factory class for creating language adapters.
+    
+    Usage:
+        java_adapter = AdapterFactory.get_adapter("java")
+        go_adapter = AdapterFactory.get_adapter("go")
+    """
+    
+    _adapters: Dict[str, LanguageAdapter] = {}
+    
+    @classmethod
+    def register_adapter(cls, language: str, adapter: LanguageAdapter):
+        """Register an adapter for a specific language."""
+        cls._adapters[language] = adapter
+    
+    @classmethod
+    def get_adapter(cls, language: str) -> Optional[LanguageAdapter]:
+        """
+        Get an adapter for the specified language.
+        
+        Args:
+            language: Language identifier ('java', 'go', 'python')
+            
+        Returns:
+            LanguageAdapter instance, or None if not supported
+        """
+        language = language.lower()
+        
+        if language in cls._adapters:
+            return cls._adapters[language]
+        
+        # Try to load built-in adapters
+        if language == "java":
+            from .java_adapter import JavaAdapter
+            cls._adapters[language] = JavaAdapter()
+        elif language == "go":
+            from .go_adapter import GoAdapter
+            cls._adapters[language] = GoAdapter()
+        elif language == "python":
+            from .python_adapter import PythonAdapter
+            cls._adapters[language] = PythonAdapter()
+        elif language == "javascript":
+            from .javascript_adapter import JavaScriptAdapter
+            cls._adapters[language] = JavaScriptAdapter()
+        elif language == "cpp" or language == "c":
+            from .cpp_adapter import CppAdapter
+            cls._adapters[language] = CppAdapter()
+
+        return cls._adapters.get(language)
+    
+    @classmethod
+    def get_supported_languages(cls) -> List[str]:
+        """Get list of supported languages."""
+        return list(cls._adapters.keys())