osscodeiq 0.0.0__py3-none-any.whl

osscodeiq/config.py

@@ -0,0 +1,113 @@
+"""Configuration loading and defaults for code-intelligence."""
+
+from __future__ import annotations
+
+from pathlib import Path
+from typing import Any
+
+import yaml
+from pydantic import BaseModel, Field
+
+
+class DiscoveryConfig(BaseModel):
+    """File discovery configuration."""
+
+    include_extensions: list[str] = Field(default_factory=lambda: [
+        ".java", ".py", ".ts", ".tsx", ".js", ".jsx",
+        ".xml", ".yaml", ".yml", ".json", ".properties",
+        ".gradle", ".gradle.kts", ".sql", ".graphql", ".gql",
+        ".proto", ".md", ".markdown",
+        ".cs", ".go", ".tf", ".tfvars", ".hcl",
+        ".cpp", ".cc", ".cxx", ".hpp", ".c", ".h",
+        ".sh", ".bash", ".zsh", ".ps1", ".psm1", ".psd1",
+        ".bat", ".cmd", ".bicep",
+        ".rb", ".rs", ".kt", ".kts", ".scala", ".swift",
+        ".r", ".R", ".pl", ".pm", ".lua", ".dart",
+        ".toml", ".ini", ".cfg", ".conf",
+        ".env", ".csv", ".dockerfile",
+        ".vue", ".svelte",
+        ".html", ".htm", ".css", ".scss", ".less",
+        ".mjs", ".cjs", ".mts", ".cts", ".jsonc",
+        ".groovy", ".pyi", ".razor", ".cshtml", ".adoc",
+    ])
+    exclude_patterns: list[str] = Field(default_factory=lambda: [
+        "**/node_modules/**",
+        "**/build/**",
+        "**/target/**",
+        "**/dist/**",
+        "**/.git/**",
+        "**/generated/**",
+        "**/__pycache__/**",
+        "**/venv/**",
+        "**/.venv/**",
+    ])
+    max_file_size_bytes: int = 1_048_576  # 1MB
+
+
+class CacheConfig(BaseModel):
+    """Cache configuration."""
+
+    enabled: bool = True
+    directory: str = ".code-intelligence"
+    db_name: str = "cache.db"
+
+
+class AnalysisConfig(BaseModel):
+    """Analysis configuration."""
+
+    parallelism: int = 8
+    incremental: bool = True
+
+
+class OutputConfig(BaseModel):
+    """Output configuration."""
+
+    max_nodes: int = 500
+    default_format: str = "json"
+    default_view: str = "developer"
+
+
+class DomainMapping(BaseModel):
+    """Domain grouping for architect view."""
+
+    name: str
+    modules: list[str]
+
+
+class GraphConfig(BaseModel):
+    """Graph storage backend configuration."""
+
+    backend: str = "networkx"  # networkx | kuzu | sqlite
+    path: str | None = None    # For file-based backends (kuzu, sqlite)
+
+
+class Config(BaseModel):
+    """Root configuration for code-intelligence."""
+
+    discovery: DiscoveryConfig = Field(default_factory=DiscoveryConfig)
+    cache: CacheConfig = Field(default_factory=CacheConfig)
+    analysis: AnalysisConfig = Field(default_factory=AnalysisConfig)
+    output: OutputConfig = Field(default_factory=OutputConfig)
+    graph: GraphConfig = Field(default_factory=GraphConfig)
+    domains: list[DomainMapping] = Field(default_factory=list)
+
+    @classmethod
+    def load(cls, config_path: Path | None = None, project_path: Path | None = None) -> Config:
+        """Load configuration from YAML file, falling back to defaults."""
+        if config_path and config_path.exists():
+            with open(config_path) as f:
+                data: dict[str, Any] = yaml.safe_load(f) or {}
+            return cls.model_validate(data)
+        # Check for default config file in project root
+        search_dir = project_path or Path.cwd()
+        for name in (".code-intelligence.yml", ".code-intelligence.yaml"):
+            default = search_dir / name
+            if default.exists():
+                with open(default) as f:
+                    data = yaml.safe_load(f) or {}
+                return cls.model_validate(data)
+        return cls()
+
+    @property
+    def cache_path(self) -> Path:
+        return Path(self.cache.directory) / self.cache.db_name

osscodeiq/detectors/auth/certificate_auth.py

@@ -0,0 +1,139 @@
+"""Certificate-based authentication detector (mTLS, X.509, TLS config, Azure AD)."""
+
+from __future__ import annotations
+
+import re
+from dataclasses import dataclass
+
+from osscodeiq.detectors.base import DetectorContext, DetectorResult
+from osscodeiq.detectors.utils import decode_text
+from osscodeiq.models.graph import GraphNode, NodeKind, SourceLocation
+
+
+@dataclass(frozen=True)
+class _PatternDef:
+    """A pattern definition with its auth_type and optional property extractor."""
+
+    regex: re.Pattern[str]
+    auth_type: str
+    prop_key: str | None = None
+
+
+# -- mTLS patterns --
+_MTLS_PATTERNS: list[_PatternDef] = [
+    _PatternDef(re.compile(r"\bssl_verify_client\b"), "mtls"),
+    _PatternDef(re.compile(r"\brequestCert\s*:\s*true\b"), "mtls"),
+    _PatternDef(re.compile(r'\bclientAuth\s*=\s*"true"'), "mtls"),
+    _PatternDef(re.compile(r"\bX509AuthenticationFilter\b"), "mtls"),
+    _PatternDef(re.compile(r"\bAddCertificateForwarding\b"), "mtls"),
+]
+
+# -- X.509 patterns --
+_X509_PATTERNS: list[_PatternDef] = [
+    _PatternDef(re.compile(r"\bX509AuthenticationFilter\b"), "x509"),
+    _PatternDef(re.compile(r"\bCertificateAuthenticationDefaults\b"), "x509"),
+    _PatternDef(re.compile(r"\.x509\s*\("), "x509"),
+]
+
+# -- TLS config patterns --
+_TLS_CONFIG_PATTERNS: list[_PatternDef] = [
+    _PatternDef(re.compile(r"\bjavax\.net\.ssl\.keyStore\b"), "tls_config"),
+    _PatternDef(re.compile(r"\bssl\.SSLContext\b"), "tls_config"),
+    _PatternDef(re.compile(r"\btls\.createServer\b"), "tls_config"),
+    _PatternDef(
+        re.compile(r"""(?:cert|key|ca)\s*[=:]\s*(?:fs\.readFileSync\s*\(|['"][\w/.\\-]+\.(?:pem|crt|key|cert)['"])"""),
+        "tls_config",
+        "cert_path",
+    ),
+    _PatternDef(re.compile(r"\btrustStore\b"), "tls_config"),
+]
+
+# -- Azure AD patterns --
+_AZURE_AD_PATTERNS: list[_PatternDef] = [
+    _PatternDef(re.compile(r"\bAzureAd\b"), "azure_ad"),
+    _PatternDef(re.compile(r"\bAZURE_TENANT_ID\b"), "azure_ad", "tenant_id"),
+    _PatternDef(re.compile(r"\bAZURE_CLIENT_ID\b"), "azure_ad"),
+    _PatternDef(re.compile(r"""\bmsal\b"""), "azure_ad"),
+    _PatternDef(re.compile(r"""['"]@azure/msal-browser['"]"""), "azure_ad"),
+    _PatternDef(re.compile(r"\bAddMicrosoftIdentityWebApi\b"), "azure_ad"),
+    _PatternDef(re.compile(r"\bClientCertificateCredential\b"), "azure_ad"),
+]
+
+_ALL_PATTERNS: list[_PatternDef] = (
+    _MTLS_PATTERNS + _X509_PATTERNS + _TLS_CONFIG_PATTERNS + _AZURE_AD_PATTERNS
+)
+
+# Dedup: when the same line matches both mTLS and x509 via X509AuthenticationFilter,
+# prefer the more specific auth_type already recorded.
+
+_CERT_PATH_RE = re.compile(
+    r"""['"]([^'"]*\.(?:pem|crt|key|cert|pfx|p12))['"]"""
+)
+_TENANT_ID_RE = re.compile(
+    r"""AZURE_TENANT_ID\s*[=:]\s*['"]?([a-f0-9-]+)['"]?"""
+)
+
+
+class CertificateAuthDetector:
+    """Detects certificate-based authentication patterns across multiple languages."""
+
+    name: str = "certificate_auth"
+    supported_languages: tuple[str, ...] = (
+        "java", "python", "typescript", "csharp", "json", "yaml",
+    )
+
+    def detect(self, ctx: DetectorContext) -> DetectorResult:
+        result = DetectorResult()
+        text = decode_text(ctx)
+        lines = text.split("\n")
+
+        # Track which lines already produced a node (first match wins per line).
+        seen_lines: set[int] = set()
+
+        for line_idx, line in enumerate(lines):
+            for pdef in _ALL_PATTERNS:
+                if line_idx in seen_lines:
+                    break
+                if pdef.regex.search(line):
+                    seen_lines.add(line_idx)
+                    line_num = line_idx + 1
+                    matched_text = line.strip()
+
+                    properties: dict[str, str] = {
+                        "auth_type": pdef.auth_type,
+                        "language": ctx.language,
+                        "pattern": matched_text[:120],
+                    }
+
+                    # Extract cert_path if present
+                    cert_m = _CERT_PATH_RE.search(line)
+                    if cert_m:
+                        properties["cert_path"] = cert_m.group(1)
+
+                    # Extract tenant_id if present
+                    tenant_m = _TENANT_ID_RE.search(line)
+                    if tenant_m:
+                        properties["tenant_id"] = tenant_m.group(1)
+
+                    # Detect auth_flow for Azure AD
+                    if pdef.auth_type == "azure_ad":
+                        if "ClientCertificateCredential" in line:
+                            properties["auth_flow"] = "client_certificate"
+                        elif "msal" in line.lower():
+                            properties["auth_flow"] = "msal"
+
+                    node = GraphNode(
+                        id=f"auth:{ctx.file_path}:cert:{line_num}",
+                        kind=NodeKind.GUARD,
+                        label=f"Certificate auth ({pdef.auth_type}): {matched_text[:60]}",
+                        module=ctx.module_name,
+                        location=SourceLocation(
+                            file_path=ctx.file_path,
+                            line_start=line_num,
+                            line_end=line_num,
+                        ),
+                        properties=properties,
+                    )
+                    result.nodes.append(node)
+
+        return result

osscodeiq/detectors/auth/ldap_auth.py

@@ -0,0 +1,89 @@
+"""LDAP authentication detector for Java, Python, TypeScript, and C# source files."""
+
+from __future__ import annotations
+
+import re
+
+from osscodeiq.detectors.base import DetectorContext, DetectorResult
+from osscodeiq.detectors.utils import decode_text
+from osscodeiq.models.graph import GraphNode, NodeKind, SourceLocation
+
+# -- Java patterns --
+_JAVA_PATTERNS: list[re.Pattern[str]] = [
+    re.compile(r"\bLdapContextSource\b"),
+    re.compile(r"\bLdapTemplate\b"),
+    re.compile(r"\bActiveDirectoryLdapAuthenticationProvider\b"),
+    re.compile(r"@EnableLdapRepositories\b"),
+]
+
+# -- Python patterns --
+_PYTHON_PATTERNS: list[re.Pattern[str]] = [
+    re.compile(r"\bldap3\.Connection\b"),
+    re.compile(r"\bldap3\.Server\b"),
+    re.compile(r"\bAUTH_LDAP_SERVER_URI\b"),
+    re.compile(r"\bAUTH_LDAP_BIND_DN\b"),
+]
+
+# -- TypeScript patterns --
+_TS_PATTERNS: list[re.Pattern[str]] = [
+    re.compile(r"""require\s*\(\s*['"]ldapjs['"]\s*\)"""),
+    re.compile(r"""(?:import\s+.*\s+from\s+['"]ldapjs['"]|import\s+ldapjs\b)"""),
+    re.compile(r"""['"]passport-ldapauth['"]"""),
+]
+
+# -- C# patterns --
+_CSHARP_PATTERNS: list[re.Pattern[str]] = [
+    re.compile(r"\bSystem\.DirectoryServices\b"),
+    re.compile(r"\bLdapConnection\b"),
+    re.compile(r"\bDirectoryEntry\b"),
+]
+
+_LANGUAGE_PATTERNS: dict[str, list[re.Pattern[str]]] = {
+    "java": _JAVA_PATTERNS,
+    "python": _PYTHON_PATTERNS,
+    "typescript": _TS_PATTERNS,
+    "csharp": _CSHARP_PATTERNS,
+}
+
+
+class LdapAuthDetector:
+    """Detects LDAP authentication patterns across multiple languages."""
+
+    name: str = "ldap_auth"
+    supported_languages: tuple[str, ...] = ("java", "python", "typescript", "csharp")
+
+    def detect(self, ctx: DetectorContext) -> DetectorResult:
+        result = DetectorResult()
+        if ctx.language not in _LANGUAGE_PATTERNS:
+            return result
+
+        text = decode_text(ctx)
+        lines = text.split("\n")
+        patterns = _LANGUAGE_PATTERNS[ctx.language]
+        seen_lines: set[int] = set()
+
+        for line_idx, line in enumerate(lines):
+            for pattern in patterns:
+                if pattern.search(line) and line_idx not in seen_lines:
+                    seen_lines.add(line_idx)
+                    line_num = line_idx + 1
+                    matched_text = line.strip()
+                    node = GraphNode(
+                        id=f"auth:{ctx.file_path}:ldap:{line_num}",
+                        kind=NodeKind.GUARD,
+                        label=f"LDAP auth: {matched_text[:80]}",
+                        module=ctx.module_name,
+                        location=SourceLocation(
+                            file_path=ctx.file_path,
+                            line_start=line_num,
+                            line_end=line_num,
+                        ),
+                        properties={
+                            "auth_type": "ldap",
+                            "language": ctx.language,
+                            "pattern": matched_text[:120],
+                        },
+                    )
+                    result.nodes.append(node)
+
+        return result

osscodeiq/detectors/auth/session_header_auth.py

@@ -0,0 +1,120 @@
+"""Session, header, API key, and CSRF authentication detector."""
+
+from __future__ import annotations
+
+import re
+from dataclasses import dataclass
+
+from osscodeiq.detectors.base import DetectorContext, DetectorResult
+from osscodeiq.detectors.utils import decode_text
+from osscodeiq.models.graph import GraphNode, NodeKind, SourceLocation
+
+
+@dataclass(frozen=True)
+class _PatternDef:
+    regex: re.Pattern[str]
+    auth_type: str
+    node_kind: NodeKind
+
+
+# -- Session patterns --
+_SESSION_PATTERNS: list[_PatternDef] = [
+    _PatternDef(re.compile(r"""['"]express-session['"]"""), "session", NodeKind.MIDDLEWARE),
+    _PatternDef(re.compile(r"""['"]cookie-session['"]"""), "session", NodeKind.MIDDLEWARE),
+    _PatternDef(re.compile(r"@SessionAttributes\b"), "session", NodeKind.GUARD),
+    _PatternDef(re.compile(r"\bSessionMiddleware\b"), "session", NodeKind.MIDDLEWARE),
+    _PatternDef(re.compile(r"\bHttpSession\b"), "session", NodeKind.GUARD),
+    _PatternDef(re.compile(r"\bSESSION_ENGINE\b"), "session", NodeKind.GUARD),
+]
+
+# -- Header patterns --
+_HEADER_PATTERNS: list[_PatternDef] = [
+    _PatternDef(re.compile(r"""['"]X-API-Key['"]""", re.IGNORECASE), "header", NodeKind.GUARD),
+    _PatternDef(
+        re.compile(r"""(?:req|request|ctx)\.headers?\s*\[\s*['"]authorization['"]\s*\]""", re.IGNORECASE),
+        "header",
+        NodeKind.GUARD,
+    ),
+    _PatternDef(
+        re.compile(r"""getHeader\s*\(\s*['"]Authorization['"]""", re.IGNORECASE),
+        "header",
+        NodeKind.GUARD,
+    ),
+]
+
+# -- API key patterns --
+_API_KEY_PATTERNS: list[_PatternDef] = [
+    _PatternDef(
+        re.compile(r"""(?:req|request)\.headers?\s*\[\s*['"]x-api-key['"]\s*\]""", re.IGNORECASE),
+        "api_key",
+        NodeKind.GUARD,
+    ),
+    _PatternDef(re.compile(r"\bapi[_-]?key\s*[=:]\s*", re.IGNORECASE), "api_key", NodeKind.GUARD),
+    _PatternDef(re.compile(r"\bvalidate_?api_?key\b", re.IGNORECASE), "api_key", NodeKind.GUARD),
+]
+
+# -- CSRF patterns --
+_CSRF_PATTERNS: list[_PatternDef] = [
+    _PatternDef(re.compile(r"@csrf_protect\b"), "csrf", NodeKind.GUARD),
+    _PatternDef(re.compile(r"\bcsrf_exempt\b"), "csrf", NodeKind.GUARD),
+    _PatternDef(re.compile(r"\bCsrfViewMiddleware\b"), "csrf", NodeKind.MIDDLEWARE),
+    _PatternDef(re.compile(r"""['"]csurf['"]"""), "csrf", NodeKind.MIDDLEWARE),
+]
+
+_ALL_PATTERNS: list[_PatternDef] = (
+    _SESSION_PATTERNS + _HEADER_PATTERNS + _API_KEY_PATTERNS + _CSRF_PATTERNS
+)
+
+# Map auth_type to the ID tag used in node IDs.
+_ID_TAG: dict[str, str] = {
+    "session": "session",
+    "header": "header",
+    "api_key": "apikey",
+    "csrf": "csrf",
+}
+
+
+class SessionHeaderAuthDetector:
+    """Detects session, header, API-key, and CSRF auth patterns."""
+
+    name: str = "session_header_auth"
+    supported_languages: tuple[str, ...] = ("java", "python", "typescript")
+
+    def detect(self, ctx: DetectorContext) -> DetectorResult:
+        result = DetectorResult()
+        if ctx.language not in self.supported_languages:
+            return result
+
+        text = decode_text(ctx)
+        lines = text.split("\n")
+        seen_lines: set[int] = set()
+
+        for line_idx, line in enumerate(lines):
+            for pdef in _ALL_PATTERNS:
+                if line_idx in seen_lines:
+                    break
+                if pdef.regex.search(line):
+                    seen_lines.add(line_idx)
+                    line_num = line_idx + 1
+                    matched_text = line.strip()
+                    tag = _ID_TAG[pdef.auth_type]
+
+                    node = GraphNode(
+                        id=f"auth:{ctx.file_path}:{tag}:{line_num}",
+                        kind=pdef.node_kind,
+                        label=f"{pdef.auth_type} auth: {matched_text[:70]}",
+                        module=ctx.module_name,
+                        location=SourceLocation(
+                            file_path=ctx.file_path,
+                            line_start=line_num,
+                            line_end=line_num,
+                        ),
+                        properties={
+                            "auth_type": pdef.auth_type,
+                            "language": ctx.language,
+                            "pattern": matched_text[:120],
+                        },
+                    )
+                    result.nodes.append(node)
+
+        return result

osscodeiq/detectors/base.py

@@ -0,0 +1,41 @@
+"""Detector protocol and context for OSSCodeIQ analysis."""
+
+from __future__ import annotations
+
+from dataclasses import dataclass, field
+from pathlib import Path
+from typing import Any, Protocol, runtime_checkable
+
+import tree_sitter
+
+from osscodeiq.models.graph import GraphNode, GraphEdge, NodeKind, EdgeKind, SourceLocation
+
+
+@dataclass
+class DetectorResult:
+    """Result of running a detector on a file."""
+
+    nodes: list[GraphNode] = field(default_factory=list)
+    edges: list[GraphEdge] = field(default_factory=list)
+
+
+@dataclass
+class DetectorContext:
+    """Context passed to each detector for analysis."""
+
+    file_path: str  # Relative to repo root
+    language: str
+    content: bytes
+    tree: tree_sitter.Tree | None = None
+    parsed_data: Any = None  # For structured files (dict, ElementTree)
+    module_name: str | None = None  # Owning module name
+
+
+@runtime_checkable
+class Detector(Protocol):
+    """Protocol that all detectors must implement."""
+
+    name: str
+    supported_languages: tuple[str, ...]
+
+    def detect(self, ctx: DetectorContext) -> DetectorResult: ...

osscodeiq/detectors/config/batch_structure.py

@@ -0,0 +1,128 @@
+"""Batch script (.bat/.cmd) structure detector for labels, calls, and variables."""
+
+from __future__ import annotations
+
+import re
+
+from osscodeiq.detectors.base import DetectorContext, DetectorResult
+from osscodeiq.detectors.utils import decode_text
+from osscodeiq.models.graph import (
+    EdgeKind,
+    GraphEdge,
+    GraphNode,
+    NodeKind,
+    SourceLocation,
+)
+
+_LABEL_RE = re.compile(r'^:(\w+)', re.MULTILINE)
+_CALL_RE = re.compile(r'CALL\s+:?(\S+)', re.IGNORECASE)
+_SET_RE = re.compile(r'SET\s+(\w+)=', re.IGNORECASE)
+
+
+class BatchStructureDetector:
+    """Detects Batch script structures: labels, CALL commands, and SET variables."""
+
+    name: str = "batch_structure"
+    supported_languages: tuple[str, ...] = ("batch",)
+
+    def detect(self, ctx: DetectorContext) -> DetectorResult:
+        result = DetectorResult()
+
+        try:
+            text = decode_text(ctx)
+        except Exception:
+            return result
+
+        filepath = ctx.file_path
+        lines = text.split("\n")
+        module_id = f"bat:{filepath}"
+
+        # MODULE node for the script
+        result.nodes.append(GraphNode(
+            id=module_id,
+            kind=NodeKind.MODULE,
+            label=filepath,
+            fqn=filepath,
+            module=ctx.module_name,
+            location=SourceLocation(
+                file_path=filepath,
+                line_start=1,
+            ),
+        ))
+
+        for i, line in enumerate(lines):
+            line_num = i + 1
+            stripped = line.strip()
+
+            # Skip comments and echo off
+            if not stripped:
+                continue
+            upper = stripped.upper()
+            if upper.startswith("@ECHO OFF"):
+                continue
+            if upper.startswith("REM ") or upper == "REM":
+                continue
+            if stripped.startswith("::"):
+                continue
+
+            # Labels
+            m = _LABEL_RE.match(stripped)
+            if m:
+                label_name = m.group(1)
+                result.nodes.append(GraphNode(
+                    id=f"bat:{filepath}:label:{label_name}",
+                    kind=NodeKind.METHOD,
+                    label=f":{label_name}",
+                    fqn=f"{filepath}:{label_name}",
+                    module=ctx.module_name,
+                    location=SourceLocation(
+                        file_path=filepath,
+                        line_start=line_num,
+                    ),
+                ))
+                result.edges.append(GraphEdge(
+                    source=module_id,
+                    target=f"bat:{filepath}:label:{label_name}",
+                    kind=EdgeKind.CONTAINS,
+                    label=f"{filepath} contains :{label_name}",
+                ))
+                continue
+
+            # CALL commands
+            m = _CALL_RE.search(stripped)
+            if m:
+                call_target = m.group(1)
+                # Determine if calling an internal label or external script
+                if call_target.startswith(":"):
+                    target_id = f"bat:{filepath}:label:{call_target[1:]}"
+                elif "." in call_target:
+                    # External script call
+                    target_id = call_target
+                else:
+                    target_id = f"bat:{filepath}:label:{call_target}"
+
+                result.edges.append(GraphEdge(
+                    source=module_id,
+                    target=target_id,
+                    kind=EdgeKind.CALLS,
+                    label=f"{filepath} calls {call_target}",
+                ))
+
+            # SET variables
+            m = _SET_RE.search(stripped)
+            if m:
+                var_name = m.group(1)
+                result.nodes.append(GraphNode(
+                    id=f"bat:{filepath}:set:{var_name}",
+                    kind=NodeKind.CONFIG_DEFINITION,
+                    label=f"SET {var_name}",
+                    fqn=f"{filepath}:{var_name}",
+                    module=ctx.module_name,
+                    location=SourceLocation(
+                        file_path=filepath,
+                        line_start=line_num,
+                    ),
+                    properties={"variable": var_name},
+                ))
+
+        return result