UNPKG

@sun-asterisk/sunlint

Version:

☀️ SunLint - Multi-language static analysis tool for code quality and security | Sun* Engineering Standards

github.com/sun-asterisk/engineer-excellence/tree/main/coding-quality/extensions/sunlint

sun-asterisk/engineer-excellence

151 lines (146 loc) 4.97 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
/** * Rule Analysis Strategy Configuration * Defines optimal analysis methods for each rule type */ module.exports = { // Rules that benefit significantly from AST analysis astPreferred: { 'C003': { reason: 'Variable naming requires context awareness (types, scopes, conventions)', methods: ['ast', 'regex'], accuracy: { ast: 95, regex: 75 } }, 'C010': { reason: 'Block nesting requires precise scope tracking', methods: ['ast', 'regex'], accuracy: { ast: 95, regex: 75 } }, 'C012': { reason: 'Command Query Separation requires function behavior analysis', methods: ['ast', 'regex'], accuracy: { ast: 95, regex: 80 } }, 'C015': { reason: 'Function parameter counting benefits from AST', methods: ['ast', 'regex'], accuracy: { ast: 95, regex: 85 } }, 'C017': { reason: 'Constructor logic analysis needs semantic context - Phase 2 with symbol-based analysis', methods: ['semantic', 'ast', 'regex'], accuracy: { semantic: 95, ast: 85, regex: 70 }, strategy: 'semantic-primary' }, 'S015': { reason: 'TLS certificate validation requires AST context analysis', methods: ['ast', 'regex'], accuracy: { ast: 95, regex: 80 } }, 'S023': { reason: 'JSON injection detection requires AST context analysis', methods: ['ast', 'regex'], accuracy: { ast: 95, regex: 60 } }, 'S054': { reason: 'Default account detection in code, SQL, and config files', methods: ['regex', 'ast'], accuracy: { regex: 85, ast: 90 } }, 'S052': { reason: 'OTP entropy analysis requires hybrid approach for RNG detection and context awareness', methods: ['regex', 'ast'], accuracy: { regex: 80, ast: 90 } }, 'S051': { reason: 'Password length policy requires multi-signal context detection and cross-file validation', methods: ['regex', 'ast'], accuracy: { regex: 85, ast: 92 } }, 'C065': { reason: 'Test behavior analysis requires hybrid heuristic + AST context for multiple assertions and control flow detection', methods: ['regex', 'ast'], accuracy: { regex: 85, ast: 92 } } }, // Rules where regex is sufficient and efficient regexOptimal: { 'C001': { reason: 'Naming patterns are string-based', methods: ['regex'], accuracy: { regex: 95 } }, 'C002': { reason: 'Duplicate code detection with AST-based semantic analysis', methods: ['heuristic'], accuracy: { heuristic: 100 } }, 'C043': { reason: 'Console/print detection via simple patterns', methods: ['regex'], accuracy: { regex: 90 } }, 'C070': { reason: 'Real-time dependencies detection via timer/sleep patterns', methods: ['regex'], accuracy: { regex: 95 } }, 'S001': { reason: 'Security patterns are often string-based', methods: ['regex', 'ast'], accuracy: { regex: 85, ast: 90 } } }, // Rules that require hybrid approach hybridOptimal: { 'C018': { reason: 'Do not throw generic errors', methods: ['semantic', 'regex'], strategy: 'semantic-primary-regex-fallback', accuracy: { semantic: 90, regex: 70, combined: 95 } }, 'C029': { reason: 'Catch block analysis needs context + patterns', methods: ['ast', 'regex', 'semantic'], strategy: 'ast-primary-regex-fallback', accuracy: { ast: 90, regex: 75, combined: 95 } }, 'C035': { reason: 'Error logging context requires symbol-based + regex analysis', methods: ['semantic', 'regex'], strategy: 'semantic-primary-regex-fallback', accuracy: { semantic: 90, regex: 70, combined: 95 } }, 'C040': { reason: 'Validation centralization requires project-wide symbol analysis + data flow tracking', methods: ['semantic', 'regex'], strategy: 'semantic-primary-regex-fallback', accuracy: { semantic: 95, regex: 75, combined: 97 } }, 'C076': { reason: 'Public API type enforcement requires symbol-based analysis for export boundaries', methods: ['semantic'], strategy: 'semantic-primary', accuracy: { semantic: 95 } }, 'C041': { reason: 'Hardcoded secrets need AST literal analysis like ESLint', methods: ['ast', 'regex'], strategy: 'ast-primary-regex-fallback', accuracy: { ast: 95, regex: 70, combined: 95 } }, 'C047': { reason: 'Retry logic detection needs pattern + structure', methods: ['regex', 'ast'], strategy: 'regex-primary-ast-enhancement', accuracy: { regex: 80, ast: 85, combined: 92 } } }, // Rules that may need future enhancement experimental: { 'C072': { reason: 'Test assertion counting - exploring AI enhancement', methods: ['regex', 'ast', 'ai'], strategy: 'progressive-enhancement' } } };