osscodeiq 0.0.0__py3-none-any.whl

osscodeiq/detectors/java/spring_security.py

@@ -0,0 +1,212 @@
+"""Spring Security auth detector for Java source files."""
+
+from __future__ import annotations
+
+import re
+
+from osscodeiq.detectors.base import DetectorContext, DetectorResult
+from osscodeiq.detectors.utils import decode_text
+from osscodeiq.models.graph import GraphNode, NodeKind, SourceLocation
+
+# @Secured("ROLE_ADMIN") or @Secured({"ROLE_ADMIN", "ROLE_USER"})
+_SECURED_RE = re.compile(
+    r'@Secured\(\s*(?:\{([^}]*)\}|"([^"]*)")\s*\)'
+)
+
+# @PreAuthorize("hasRole('ADMIN')") and similar SpEL expressions
+_PRE_AUTHORIZE_RE = re.compile(
+    r'@PreAuthorize\(\s*"([^"]*)"\s*\)'
+)
+
+# @RolesAllowed({"ROLE_ADMIN", "ROLE_USER"}) or @RolesAllowed("ROLE_ADMIN")
+_ROLES_ALLOWED_RE = re.compile(
+    r'@RolesAllowed\(\s*(?:\{([^}]*)\}|"([^"]*)")\s*\)'
+)
+
+# @EnableWebSecurity
+_ENABLE_WEB_SECURITY_RE = re.compile(r'@EnableWebSecurity\b')
+
+# @EnableMethodSecurity
+_ENABLE_METHOD_SECURITY_RE = re.compile(r'@EnableMethodSecurity\b')
+
+# SecurityFilterChain method declaration
+_SECURITY_FILTER_CHAIN_RE = re.compile(
+    r'(?:public\s+)?SecurityFilterChain\s+(\w+)\s*\('
+)
+
+# .authorizeHttpRequests() fluent call
+_AUTHORIZE_HTTP_REQUESTS_RE = re.compile(
+    r'\.authorizeHttpRequests\s*\('
+)
+
+# Helper to extract quoted role strings from annotation values
+_ROLE_STR_RE = re.compile(r'"([^"]*)"')
+
+# Extract roles from hasRole/hasAnyRole SpEL expressions
+_HAS_ROLE_RE = re.compile(r"hasRole\(\s*'([^']*)'\s*\)")
+_HAS_ANY_ROLE_RE = re.compile(r"hasAnyRole\(\s*([^)]+)\)")
+_SINGLE_QUOTED_RE = re.compile(r"'([^']*)'")
+
+
+def _extract_roles_from_annotation(groups: tuple[str | None, str | None]) -> list[str]:
+    """Extract role names from a @Secured or @RolesAllowed annotation match groups."""
+    multi, single = groups
+    if single is not None:
+        return [single]
+    if multi is not None:
+        return [m.group(1) for m in _ROLE_STR_RE.finditer(multi)]
+    return []
+
+
+def _extract_roles_from_spel(expr: str) -> list[str]:
+    """Extract role names from a SpEL expression in @PreAuthorize."""
+    roles: list[str] = []
+    for m in _HAS_ROLE_RE.finditer(expr):
+        roles.append(m.group(1))
+    for m in _HAS_ANY_ROLE_RE.finditer(expr):
+        inner = m.group(1)
+        for q in _SINGLE_QUOTED_RE.finditer(inner):
+            roles.append(q.group(1))
+    return roles
+
+
+def _line_number(text: str, pos: int) -> int:
+    """Return 1-based line number for a character offset."""
+    return text[:pos].count("\n") + 1
+
+
+class SpringSecurityDetector:
+    """Detects Spring Security auth patterns in Java source files."""
+
+    name: str = "spring_security"
+    supported_languages: tuple[str, ...] = ("java",)
+
+    def detect(self, ctx: DetectorContext) -> DetectorResult:
+        result = DetectorResult()
+        text = decode_text(ctx)
+
+        # @Secured annotations
+        for m in _SECURED_RE.finditer(text):
+            line = _line_number(text, m.start())
+            roles = _extract_roles_from_annotation((m.group(1), m.group(2)))
+            result.nodes.append(GraphNode(
+                id=f"auth:{ctx.file_path}:Secured:{line}",
+                kind=NodeKind.GUARD,
+                label="@Secured",
+                module=ctx.module_name,
+                location=SourceLocation(file_path=ctx.file_path, line_start=line),
+                annotations=["@Secured"],
+                properties={
+                    "auth_type": "spring_security",
+                    "roles": roles,
+                    "auth_required": True,
+                },
+            ))
+
+        # @PreAuthorize annotations
+        for m in _PRE_AUTHORIZE_RE.finditer(text):
+            line = _line_number(text, m.start())
+            expr = m.group(1)
+            roles = _extract_roles_from_spel(expr)
+            result.nodes.append(GraphNode(
+                id=f"auth:{ctx.file_path}:PreAuthorize:{line}",
+                kind=NodeKind.GUARD,
+                label="@PreAuthorize",
+                module=ctx.module_name,
+                location=SourceLocation(file_path=ctx.file_path, line_start=line),
+                annotations=["@PreAuthorize"],
+                properties={
+                    "auth_type": "spring_security",
+                    "roles": roles,
+                    "expression": expr,
+                    "auth_required": True,
+                },
+            ))
+
+        # @RolesAllowed annotations
+        for m in _ROLES_ALLOWED_RE.finditer(text):
+            line = _line_number(text, m.start())
+            roles = _extract_roles_from_annotation((m.group(1), m.group(2)))
+            result.nodes.append(GraphNode(
+                id=f"auth:{ctx.file_path}:RolesAllowed:{line}",
+                kind=NodeKind.GUARD,
+                label="@RolesAllowed",
+                module=ctx.module_name,
+                location=SourceLocation(file_path=ctx.file_path, line_start=line),
+                annotations=["@RolesAllowed"],
+                properties={
+                    "auth_type": "spring_security",
+                    "roles": roles,
+                    "auth_required": True,
+                },
+            ))
+
+        # @EnableWebSecurity
+        for m in _ENABLE_WEB_SECURITY_RE.finditer(text):
+            line = _line_number(text, m.start())
+            result.nodes.append(GraphNode(
+                id=f"auth:{ctx.file_path}:EnableWebSecurity:{line}",
+                kind=NodeKind.GUARD,
+                label="@EnableWebSecurity",
+                module=ctx.module_name,
+                location=SourceLocation(file_path=ctx.file_path, line_start=line),
+                annotations=["@EnableWebSecurity"],
+                properties={
+                    "auth_type": "spring_security",
+                    "roles": [],
+                    "auth_required": True,
+                },
+            ))
+
+        # @EnableMethodSecurity
+        for m in _ENABLE_METHOD_SECURITY_RE.finditer(text):
+            line = _line_number(text, m.start())
+            result.nodes.append(GraphNode(
+                id=f"auth:{ctx.file_path}:EnableMethodSecurity:{line}",
+                kind=NodeKind.GUARD,
+                label="@EnableMethodSecurity",
+                module=ctx.module_name,
+                location=SourceLocation(file_path=ctx.file_path, line_start=line),
+                annotations=["@EnableMethodSecurity"],
+                properties={
+                    "auth_type": "spring_security",
+                    "roles": [],
+                    "auth_required": True,
+                },
+            ))
+
+        # SecurityFilterChain method declarations
+        for m in _SECURITY_FILTER_CHAIN_RE.finditer(text):
+            line = _line_number(text, m.start())
+            method_name = m.group(1)
+            result.nodes.append(GraphNode(
+                id=f"auth:{ctx.file_path}:SecurityFilterChain:{line}",
+                kind=NodeKind.GUARD,
+                label=f"SecurityFilterChain:{method_name}",
+                module=ctx.module_name,
+                location=SourceLocation(file_path=ctx.file_path, line_start=line),
+                properties={
+                    "auth_type": "spring_security",
+                    "roles": [],
+                    "method_name": method_name,
+                    "auth_required": True,
+                },
+            ))
+
+        # .authorizeHttpRequests() calls
+        for m in _AUTHORIZE_HTTP_REQUESTS_RE.finditer(text):
+            line = _line_number(text, m.start())
+            result.nodes.append(GraphNode(
+                id=f"auth:{ctx.file_path}:authorizeHttpRequests:{line}",
+                kind=NodeKind.GUARD,
+                label=".authorizeHttpRequests()",
+                module=ctx.module_name,
+                location=SourceLocation(file_path=ctx.file_path, line_start=line),
+                properties={
+                    "auth_type": "spring_security",
+                    "roles": [],
+                    "auth_required": True,
+                },
+            ))
+
+        return result

osscodeiq/detectors/java/tibco_ems.py

@@ -0,0 +1,193 @@
+"""TIBCO EMS detector for Java source files."""
+
+from __future__ import annotations
+
+import re
+
+from osscodeiq.detectors.base import DetectorContext, DetectorResult
+from osscodeiq.detectors.utils import decode_text
+from osscodeiq.models.graph import (
+    EdgeKind,
+    GraphEdge,
+    GraphNode,
+    NodeKind,
+    SourceLocation,
+)
+
+_CLASS_RE = re.compile(r"(?:public\s+)?class\s+(\w+)")
+
+# TIBCO EMS connection factories
+_TIBJMS_FACTORY_RE = re.compile(
+    r'\b(TibjmsConnectionFactory|TibjmsQueueConnectionFactory|TibjmsTopicConnectionFactory)\b'
+)
+
+# Server URL patterns (e.g. "tcp://ems-server:7222")
+_SERVER_URL_RE = re.compile(r'"(tcp://[^"]+)"')
+
+# createQueue / createTopic
+_CREATE_QUEUE_RE = re.compile(r'createQueue\s*\(\s*"([^"]+)"')
+_CREATE_TOPIC_RE = re.compile(r'createTopic\s*\(\s*"([^"]+)"')
+
+# send / publish patterns
+_SEND_RE = re.compile(r'\bsend\s*\(')
+_PUBLISH_RE = re.compile(r'\bpublish\s*\(')
+
+# receive / onMessage patterns
+_RECEIVE_RE = re.compile(r'\breceive\s*\(')
+_ON_MESSAGE_RE = re.compile(r'\bonMessage\s*\(')
+
+# MessageProducer / MessageConsumer declarations
+_PRODUCER_RE = re.compile(r'\bMessageProducer\b')
+_CONSUMER_RE = re.compile(r'\bMessageConsumer\b')
+
+# Tibjms-specific queue/topic classes
+_TIBJMS_QUEUE_RE = re.compile(r'new\s+TibjmsQueue\s*\(\s*"([^"]+)"')
+_TIBJMS_TOPIC_RE = re.compile(r'new\s+TibjmsTopic\s*\(\s*"([^"]+)"')
+
+
+class TibcoEmsDetector:
+    """Detects TIBCO EMS queue and topic usage in Java source files."""
+
+    name: str = "tibco_ems"
+    supported_languages: tuple[str, ...] = ("java",)
+
+    def detect(self, ctx: DetectorContext) -> DetectorResult:
+        result = DetectorResult()
+        text = decode_text(ctx)
+        lines = text.split("\n")
+
+        if "tibjms" not in text and "TibjmsConnectionFactory" not in text and "com.tibco" not in text and "TIBJMS" not in text:
+            return result
+
+        # Find class name
+        class_name: str | None = None
+        for line in lines:
+            cm = _CLASS_RE.search(line)
+            if cm:
+                class_name = cm.group(1)
+                break
+
+        if not class_name:
+            return result
+
+        class_node_id = f"{ctx.file_path}:{class_name}"
+        seen_queues: set[str] = set()
+        seen_topics: set[str] = set()
+
+        def _ensure_queue_node(queue_name: str) -> str:
+            queue_id = f"ems:queue:{queue_name}"
+            if queue_name not in seen_queues:
+                seen_queues.add(queue_name)
+                result.nodes.append(GraphNode(
+                    id=queue_id,
+                    kind=NodeKind.QUEUE,
+                    label=f"ems:queue:{queue_name}",
+                    properties={"broker": "tibco_ems", "queue": queue_name},
+                ))
+            return queue_id
+
+        def _ensure_topic_node(topic_name: str) -> str:
+            topic_id = f"ems:topic:{topic_name}"
+            if topic_name not in seen_topics:
+                seen_topics.add(topic_name)
+                result.nodes.append(GraphNode(
+                    id=topic_id,
+                    kind=NodeKind.TOPIC,
+                    label=f"ems:topic:{topic_name}",
+                    properties={"broker": "tibco_ems", "topic": topic_name},
+                ))
+            return topic_id
+
+        # Detect whether this class is a producer or consumer
+        is_producer = bool(_SEND_RE.search(text) or _PUBLISH_RE.search(text) or _PRODUCER_RE.search(text))
+        is_consumer = bool(_RECEIVE_RE.search(text) or _ON_MESSAGE_RE.search(text) or _CONSUMER_RE.search(text))
+
+        # Detect connection factory — create a node for the EMS server
+        server_urls: list[str] = []
+        for i, line in enumerate(lines):
+            m = _TIBJMS_FACTORY_RE.search(line)
+            if m:
+                factory_type = m.group(1)
+                # Look for server URL on same line or next few lines
+                for j in range(max(0, i - 1), min(len(lines), i + 4)):
+                    url_m = _SERVER_URL_RE.search(lines[j])
+                    if url_m:
+                        server_urls.append(url_m.group(1))
+
+                # Create an EMS connection node
+                node_id = f"ems:server:{factory_type}"
+                result.nodes.append(GraphNode(
+                    id=node_id,
+                    kind=NodeKind.MESSAGE_QUEUE,
+                    label=f"ems:{factory_type}",
+                    properties={
+                        "broker": "tibco_ems",
+                        "factory_type": factory_type,
+                        **({"server_url": server_urls[0]} if server_urls else {}),
+                    },
+                ))
+                result.edges.append(GraphEdge(
+                    source=class_node_id,
+                    target=node_id,
+                    kind=EdgeKind.CONNECTS_TO,
+                    label=f"{class_name} connects to EMS via {factory_type}",
+                    properties={"factory_type": factory_type},
+                ))
+
+        # Detect createQueue / createTopic
+        for i, line in enumerate(lines):
+            m = _CREATE_QUEUE_RE.search(line)
+            if m:
+                queue_name = m.group(1)
+                queue_id = _ensure_queue_node(queue_name)
+                if is_producer:
+                    result.edges.append(GraphEdge(
+                        source=class_node_id,
+                        target=queue_id,
+                        kind=EdgeKind.SENDS_TO,
+                        label=f"{class_name} sends to {queue_name}",
+                        properties={"queue": queue_name},
+                    ))
+                if is_consumer:
+                    result.edges.append(GraphEdge(
+                        source=class_node_id,
+                        target=queue_id,
+                        kind=EdgeKind.RECEIVES_FROM,
+                        label=f"{class_name} receives from {queue_name}",
+                        properties={"queue": queue_name},
+                    ))
+
+            m = _CREATE_TOPIC_RE.search(line)
+            if m:
+                topic_name = m.group(1)
+                topic_id = _ensure_topic_node(topic_name)
+                if is_producer:
+                    result.edges.append(GraphEdge(
+                        source=class_node_id,
+                        target=topic_id,
+                        kind=EdgeKind.SENDS_TO,
+                        label=f"{class_name} sends to {topic_name}",
+                        properties={"topic": topic_name},
+                    ))
+                if is_consumer:
+                    result.edges.append(GraphEdge(
+                        source=class_node_id,
+                        target=topic_id,
+                        kind=EdgeKind.RECEIVES_FROM,
+                        label=f"{class_name} receives from {topic_name}",
+                        properties={"topic": topic_name},
+                    ))
+
+        # Detect TibjmsQueue / TibjmsTopic direct instantiation
+        for i, line in enumerate(lines):
+            m = _TIBJMS_QUEUE_RE.search(line)
+            if m:
+                queue_name = m.group(1)
+                _ensure_queue_node(queue_name)
+
+            m = _TIBJMS_TOPIC_RE.search(line)
+            if m:
+                topic_name = m.group(1)
+                _ensure_topic_node(topic_name)
+
+        return result

osscodeiq/detectors/java/websocket.py

@@ -0,0 +1,188 @@
+"""WebSocket detector for Java source files."""
+
+from __future__ import annotations
+
+import re
+
+from osscodeiq.detectors.base import DetectorContext, DetectorResult
+from osscodeiq.detectors.utils import decode_text
+from osscodeiq.models.graph import (
+    EdgeKind,
+    GraphEdge,
+    GraphNode,
+    NodeKind,
+    SourceLocation,
+)
+
+_CLASS_RE = re.compile(r"(?:public\s+)?class\s+(\w+)")
+
+# JSR 356 @ServerEndpoint
+_SERVER_ENDPOINT_RE = re.compile(r'@ServerEndpoint\s*\(\s*(?:value\s*=\s*)?"([^"]+)"')
+
+# Spring WebSocket
+_MESSAGE_MAPPING_RE = re.compile(r'@MessageMapping\s*\(\s*"([^"]+)"')
+_SEND_TO_RE = re.compile(r'@SendTo\s*\(\s*"([^"]+)"')
+_SEND_TO_USER_RE = re.compile(r'@SendToUser\s*\(\s*"([^"]+)"')
+
+# WebSocket handler registration (in config classes)
+_REGISTER_HANDLER_RE = re.compile(
+    r'\.addHandler\s*\(\s*\w+\s*,\s*"([^"]+)"'
+)
+_STOMP_ENDPOINT_RE = re.compile(
+    r'registerStompEndpoints.*?\.addEndpoint\s*\(\s*"([^"]+)"',
+    re.DOTALL,
+)
+_APP_DEST_PREFIX_RE = re.compile(
+    r'setApplicationDestinationPrefixes\s*\(\s*"([^"]+)"'
+)
+
+# SimpMessagingTemplate for sending
+_MESSAGING_TEMPLATE_RE = re.compile(
+    r'(?:simpMessagingTemplate|messagingTemplate)\s*\.(?:convertAndSend|convertAndSendToUser)\s*\(\s*"([^"]+)"'
+)
+
+_METHOD_RE = re.compile(r"(?:public|protected|private)?\s*(?:[\w<>\[\],?\s]+)\s+(\w+)\s*\(")
+
+
+class WebSocketDetector:
+    """Detects WebSocket endpoints and message handlers."""
+
+    name: str = "websocket"
+    supported_languages: tuple[str, ...] = ("java",)
+
+    def detect(self, ctx: DetectorContext) -> DetectorResult:
+        result = DetectorResult()
+        text = decode_text(ctx)
+        lines = text.split("\n")
+
+        if not any(kw in text for kw in (
+            "@ServerEndpoint", "@MessageMapping", "WebSocketHandler",
+            "registerStompEndpoints", "SimpMessagingTemplate",
+            "simpMessagingTemplate", "messagingTemplate",
+            "@SendTo", "@SendToUser",
+        )):
+            return result
+
+        # Find class name
+        class_name: str | None = None
+        class_line: int = 0
+        for i, line in enumerate(lines):
+            cm = _CLASS_RE.search(line)
+            if cm:
+                class_name = cm.group(1)
+                class_line = i + 1
+                break
+
+        if not class_name:
+            return result
+
+        class_node_id = f"{ctx.file_path}:{class_name}"
+
+        # Detect @ServerEndpoint (JSR 356)
+        for m in _SERVER_ENDPOINT_RE.finditer(text):
+            path = m.group(1)
+            line_num = text[:m.start()].count("\n") + 1
+            ws_id = f"ws:endpoint:{path}"
+
+            result.nodes.append(GraphNode(
+                id=ws_id,
+                kind=NodeKind.WEBSOCKET_ENDPOINT,
+                label=f"WS {path}",
+                fqn=f"{class_name}:{path}",
+                module=ctx.module_name,
+                location=SourceLocation(file_path=ctx.file_path, line_start=line_num),
+                annotations=["@ServerEndpoint"],
+                properties={"path": path, "protocol": "websocket", "type": "jsr356"},
+            ))
+
+            result.edges.append(GraphEdge(
+                source=class_node_id,
+                target=ws_id,
+                kind=EdgeKind.EXPOSES,
+                label=f"{class_name} exposes WS {path}",
+            ))
+
+        # Detect @MessageMapping (Spring STOMP)
+        for i, line in enumerate(lines):
+            m = _MESSAGE_MAPPING_RE.search(line)
+            if not m:
+                continue
+
+            destination = m.group(1)
+            method_name = None
+            for k in range(i + 1, min(i + 5, len(lines))):
+                mm = _METHOD_RE.search(lines[k])
+                if mm:
+                    method_name = mm.group(1)
+                    break
+
+            ws_id = f"ws:message:{destination}"
+            result.nodes.append(GraphNode(
+                id=ws_id,
+                kind=NodeKind.WEBSOCKET_ENDPOINT,
+                label=f"WS MSG {destination}",
+                fqn=f"{class_name}.{method_name or 'unknown'}",
+                module=ctx.module_name,
+                location=SourceLocation(file_path=ctx.file_path, line_start=i + 1),
+                annotations=["@MessageMapping"],
+                properties={
+                    "destination": destination,
+                    "protocol": "websocket",
+                    "type": "stomp",
+                },
+            ))
+
+            result.edges.append(GraphEdge(
+                source=class_node_id,
+                target=ws_id,
+                kind=EdgeKind.EXPOSES,
+                label=f"{class_name} handles WS {destination}",
+            ))
+
+            # Check for @SendTo on next lines
+            for k in range(i + 1, min(i + 5, len(lines))):
+                st = _SEND_TO_RE.search(lines[k]) or _SEND_TO_USER_RE.search(lines[k])
+                if st:
+                    send_dest = st.group(1)
+                    send_id = f"ws:topic:{send_dest}"
+                    result.nodes.append(GraphNode(
+                        id=send_id,
+                        kind=NodeKind.WEBSOCKET_ENDPOINT,
+                        label=f"WS TOPIC {send_dest}",
+                        properties={"destination": send_dest, "protocol": "websocket"},
+                    ))
+                    result.edges.append(GraphEdge(
+                        source=ws_id,
+                        target=send_id,
+                        kind=EdgeKind.PRODUCES,
+                        label=f"{destination} sends to {send_dest}",
+                    ))
+
+        # Detect STOMP endpoint registration
+        for m in _STOMP_ENDPOINT_RE.finditer(text):
+            path = m.group(1)
+            ws_id = f"ws:stomp:{path}"
+            line_num = text[:m.start()].count("\n") + 1
+            result.nodes.append(GraphNode(
+                id=ws_id,
+                kind=NodeKind.WEBSOCKET_ENDPOINT,
+                label=f"STOMP {path}",
+                module=ctx.module_name,
+                location=SourceLocation(file_path=ctx.file_path, line_start=line_num),
+                properties={"path": path, "protocol": "stomp", "type": "stomp_endpoint"},
+            ))
+
+        # Detect SimpMessagingTemplate sends
+        for m in _MESSAGING_TEMPLATE_RE.finditer(text):
+            destination = m.group(1)
+            line_num = text[:m.start()].count("\n") + 1
+
+            result.edges.append(GraphEdge(
+                source=class_node_id,
+                target=f"ws:topic:{destination}",
+                kind=EdgeKind.PRODUCES,
+                label=f"{class_name} sends to {destination}",
+                properties={"destination": destination},
+            ))
+
+        return result