ailabs/puaros
1
0
Fork 0
mirror of https://github.com/samiyev/puaros.git synced 2025-12-27 23:06:54 +05:00
Code Issues Packages Projects Releases Wiki Activity

feat: reduce false positives in hardcode detector by 35%

Browse Source 
Add TypeScript-aware filtering to HardcodeDetector to ignore legitimate
language constructs that are not actually hardcoded values.

Changes:
- Add detection and filtering of TypeScript type contexts:
  * Union types (type Status = 'active' | 'inactive')
  * Interface property types (interface { mode: 'development' })
  * Type assertions (as 'read' | 'write')
  * typeof checks (typeof x === 'string')
- Add Symbol() call detection for DI container tokens
- Add import() dynamic import detection
- Extend constants file patterns to include tokens.ts/tokens.js
- Add 13 new tests covering TypeScript type context filtering

Impact:
- Tested on real project (puaro/core): 985 → 633 issues (35.7% reduction)
- All 345 tests pass
- Zero new linting errors
This commit is contained in:
imfozilbek
2025-11-25 12:12:36 +05:00
parent 33d763c41b
commit 7b4cb60f13
2 changed files with 168 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
packages/guardian/src/infrastructure/analyzers/HardcodeDetector.ts
View File

@@ -26,6 +26,19 @@ export class HardcodeDetector implements IHardcodeDetector {
private readonly ALLOWED_STRING_PATTERNS = [/^[a-z]$/i, /^\/$/, /^\\$/, /^\s+$/, /^,$/, /^\.$/] private readonly ALLOWED_STRING_PATTERNS = [/^[a-z]$/i, /^\/$/, /^\\$/, /^\s+$/, /^,$/, /^\.$/]
/**
* Patterns to detect TypeScript type contexts where strings should be ignored
*/
private readonly TYPE_CONTEXT_PATTERNS = [
/^\s*type\s+\w+\s*=/i, // type Foo = ...
/^\s*interface\s+\w+/i, // interface Foo { ... }
/^\s*\w+\s*:\s*['"`]/, // property: 'value' (in type or interface)
/\s+as\s+['"`]/, // ... as 'type'
/Record<.*,\s*import\(/, // Record with import type
/typeof\s+\w+\s*===\s*['"`]/, // typeof x === 'string'
/['"`]\s*===\s*typeof\s+\w+/, // 'string' === typeof x
]
/** /**
* Detects all hardcoded values (both numbers and strings) in the given code * Detects all hardcoded values (both numbers and strings) in the given code
* *
@@ -43,14 +56,15 @@ export class HardcodeDetector implements IHardcodeDetector {
} }
/** /**
* Check if a file is a constants definition file * Check if a file is a constants definition file or DI tokens file
*/ */
private isConstantsFile(filePath: string): boolean { private isConstantsFile(filePath: string): boolean {
const _fileName = filePath.split("/").pop() ?? "" const _fileName = filePath.split("/").pop() ?? ""
const constantsPatterns = [ const constantsPatterns = [
/^constants?\.(ts|js)$/i, /^constants?\.(ts|js)$/i,
/constants?\/.*\.(ts|js)$/i, /constants?\/.*\.(ts|js)$/i,
/\/(constants|config|settings|defaults)\.ts$/i, /\/(constants|config|settings|defaults|tokens)\.ts$/i,
/\/di\/tokens\.(ts|js)$/i,
] ]
return constantsPatterns.some((pattern) => pattern.test(filePath)) return constantsPatterns.some((pattern) => pattern.test(filePath))
} }
@@ -341,6 +355,18 @@ export class HardcodeDetector implements IHardcodeDetector {
return false return false
} }
if (this.isInTypeContext(line)) {
return false
}
if (this.isInSymbolCall(line, value)) {
return false
}
if (this.isInImportCall(line, value)) {
return false
}
if (value.includes(DETECTION_KEYWORDS.HTTP) || value.includes(DETECTION_KEYWORDS.API)) { if (value.includes(DETECTION_KEYWORDS.HTTP) || value.includes(DETECTION_KEYWORDS.API)) {
return true return true
} }
@@ -388,4 +414,46 @@ export class HardcodeDetector implements IHardcodeDetector {
const end = Math.min(line.length, index + 30) const end = Math.min(line.length, index + 30)
return line.substring(start, end) return line.substring(start, end)
} }
/**
* Check if a line is in a TypeScript type definition context
* Examples:
* - type Foo = 'a' | 'b'
* - interface Bar { prop: 'value' }
* - Record<X, import('path')>
* - ... as 'type'
*/
private isInTypeContext(line: string): boolean {
const trimmedLine = line.trim()
if (this.TYPE_CONTEXT_PATTERNS.some((pattern) => pattern.test(trimmedLine))) {
return true
}
if (trimmedLine.includes("|") && /['"`][^'"`]+['"`]\s*\|/.test(trimmedLine)) {
return true
}
return false
}
/**
* Check if a string is inside a Symbol() call
* Example: Symbol('TOKEN_NAME')
*/
private isInSymbolCall(line: string, stringValue: string): boolean {
const symbolPattern = new RegExp(
`Symbol\\s*\\(\\s*['"\`]${stringValue.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}['"\`]\\s*\\)`,
)
return symbolPattern.test(line)
}
/**
* Check if a string is inside an import() call
* Example: import('../../path/to/module.js')
*/
private isInImportCall(line: string, stringValue: string): boolean {
const importPattern = /import\s*\(\s*['"`][^'"`]+['"`]\s*\)/
return importPattern.test(line) && line.includes(stringValue)
}
} }

98
packages/guardian/tests/unit/infrastructure/HardcodeDetector.test.ts
View File

@@ -468,4 +468,102 @@ const b = 2`
expect(result[0].context).toContain("5000") expect(result[0].context).toContain("5000")
}) })
}) })
describe("TypeScript type contexts (false positive reduction)", () => {
it("should NOT detect strings in union types", () => {
const code = `type Status = 'active' | 'inactive' | 'pending'`
const result = detector.detectMagicStrings(code, "test.ts")
expect(result).toHaveLength(0)
})
it("should NOT detect strings in interface property types", () => {
const code = `interface Config { mode: 'development' | 'production' }`
const result = detector.detectMagicStrings(code, "test.ts")
expect(result).toHaveLength(0)
})
it("should NOT detect strings in type aliases", () => {
const code = `type Theme = 'light' | 'dark'`
const result = detector.detectMagicStrings(code, "test.ts")
expect(result).toHaveLength(0)
})
it("should NOT detect strings in type assertions", () => {
const code = `const mode = getMode() as 'read' | 'write'`
const result = detector.detectMagicStrings(code, "test.ts")
expect(result).toHaveLength(0)
})
it("should NOT detect strings in Symbol() calls", () => {
const code = `const TOKEN = Symbol('MY_TOKEN')`
const result = detector.detectMagicStrings(code, "test.ts")
expect(result).toHaveLength(0)
})
it("should NOT detect strings in multiple Symbol() calls", () => {
const code = `
export const LOGGER = Symbol('LOGGER')
export const DATABASE = Symbol('DATABASE')
export const CACHE = Symbol('CACHE')
`
const result = detector.detectMagicStrings(code, "test.ts")
expect(result).toHaveLength(0)
})
it("should NOT detect strings in import() calls", () => {
const code = `const module = import('../../path/to/module.js')`
const result = detector.detectMagicStrings(code, "test.ts")
expect(result).toHaveLength(0)
})
it("should NOT detect strings in typeof checks", () => {
const code = `if (typeof x === 'string') { }`
const result = detector.detectMagicStrings(code, "test.ts")
expect(result).toHaveLength(0)
})
it("should NOT detect strings in reverse typeof checks", () => {
const code = `if ('number' === typeof count) { }`
const result = detector.detectMagicStrings(code, "test.ts")
expect(result).toHaveLength(0)
})
it("should skip tokens.ts files completely", () => {
const code = `
export const LOGGER = Symbol('LOGGER')
export const DATABASE = Symbol('DATABASE')
const url = "http://localhost:8080"
`
const result = detector.detectAll(code, "src/di/tokens.ts")
expect(result).toHaveLength(0)
})
it("should skip tokens.js files completely", () => {
const code = `const TOKEN = Symbol('TOKEN')`
const result = detector.detectAll(code, "src/di/tokens.js")
expect(result).toHaveLength(0)
})
it("should detect real magic strings even with type contexts nearby", () => {
const code = `
type Mode = 'read' | 'write'
const apiKey = "secret-key-12345"
`
const result = detector.detectMagicStrings(code, "test.ts")
expect(result.length).toBeGreaterThan(0)
expect(result.some((r) => r.value === "secret-key-12345")).toBe(true)
})
})
}) })