feat(initial release)#2
Merged
Merged
Conversation
Extend the TypeScript semantic runner with summary-based taint tracking across module boundaries: - Per-function taint summaries (param->sink, param/source->return), memoized and cycle-safe via a two-pass fixed point for recursion cycles between modules. - Sources: req/request query, body, params, headers, cookies, and process.argv. Sinks: SQL query/execute, child_process exec, eval and new Function, HTML injection sinks, fetch URLs. - Import resolution through the TypeChecker alias graph covers named, default, and namespace imports, re-export chains, barrel files, and method calls on imported objects; async returns propagate through await. - Sanitizer awareness: parameterized query signatures, encodeURIComponent for URL sinks, and escape/sanitize helper naming stop propagation. - Findings report the full cross-file chain, e.g. "request query (src/routes.ts:3) -> runQuery arg (src/routes.ts:3) -> pool.query sink (src/db.ts:4)". - Chain depth capped by securityRules.typescript_taint_max_depth (default 8, -1 disables); truncation emits a debug note. node_modules and declaration files are skipped. - New rules security.typescript.taint-flow / security.javascript.taint-flow. - Integration tests: positive cross-file flow, re-export chain, sanitized flows (negative), module cycle, depth cap, and single-file stability. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Adds a new 'contracts' section with four rules, primarily active in diff mode (base ref vs working tree): - contracts.go-exported-breaking (fail): parses base (git show) and head Go files with go/ast and flags removed/renamed exported funcs, methods, types, and consts, plus changed exported function signatures. - contracts.openapi-breaking (fail): compares base vs head OpenAPI/Swagger documents for removed paths, operations, and response codes, and newly required parameters and request body fields. - contracts.proto-breaking (fail): text-parses .proto files and flags removed messages/services/rpcs and removed, renumbered, or retyped fields. - contracts.migration-destructive (warn): flags DROP TABLE/COLUMN, TRUNCATE, drop_table()/drop_column(), and ALTER ... NOT NULL without DEFAULT in migration files (new files only in diff mode, all migration files in full scans). Wiring follows the existing check-family pattern: rule catalog entries, contract_rules config knobs with defaults and validation, and a checks.contracts toggle that defaults to on in diff mode and is enabled unconditionally by the strict and enterprise profiles. Base-comparison rules no-op gracefully in full scans. Also extends the diff scope parser so findings on deleted files survive diff filtering, and exposes ScanMode/ListChangedFiles/ReadBaseFile to check implementations. Integration tests exercise each rule against real git fixtures. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- Generic module graph + Tarjan SCC shared across languages - Import cycle rules for TypeScript/JavaScript, Rust, and Java - design.god-module fan-in/fan-out rule for Go, Python, TS/JS, Rust, Java - Diff-mode change-impact artifact and design.high-impact-change rule - quality.n-plus-one-query for Go (go/ast), TS/JS, and Python - quality.go.alloc-in-loop for string growth and non-preallocated appends - TS sync-IO-in-handler and unbounded-concurrency, Python sync-in-async - Config toggles + thresholds, catalog entries, integration tests Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…mplates - Native Anthropic Messages API client in ai/runtime and ai/triage with provider selection "anthropic" via CODEGUARD_AI_TRIAGE_PROVIDER or ai.provider config; CODEGUARD_AI_TRIAGE_API_KEY with ANTHROPIC_API_KEY fallback; model defaults to claude-sonnet-4-6 - Shared httpretry package: exponential backoff with jitter on 429/5xx/ network errors, Retry-After support, CODEGUARD_AI_MAX_RETRIES (default 3) and CODEGUARD_AI_RETRY_BASE_DELAY; wired into all HTTP providers; scans degrade gracefully on provider failure - Per-verdict caching for natural-language rules keyed on SHA1 of rule fingerprint, runtime fingerprint, file path, content hash, and prompt version, stored as nl_rule_verdicts in the scan cache - FixTemplate rule metadata with concrete before/after templates for 20 rules, surfaced through explain --format=agent and the MCP explain tool - Keep provider-flavored config defaults from leaking across provider types - Tests: httptest-backed provider/retry coverage, runtime-invocation-count cache test, fix-template assertions; docs/ai-quality.md updated Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- quality.coverage-delta: opt-in diff-mode check gating changed-line test coverage. Go targets run go test -coverprofile for packages containing changed files; other languages run a configured coverage command and parse its lcov report. Configurable warn threshold (default 60) and optional fail_under escalation. - ci.test-without-assertion / ci.always-true-test-assertion / ci.conditional-assertion: regex-based test quality rules for Go, Python, TypeScript, and JavaScript test files, with configurable custom assertion helper names. - Plumb diff scope (changed line ranges) and scan mode into the check context so checks can intersect findings with changed lines. - Config: quality_rules.coverage_delta and ci_rules.test_quality with defaults, validation, SDK aliases, and docs in docs/checks.md. - Tests: end-to-end diff-mode coverage scans against real temp git repos (Go path runs go test on a fixture module), lcov parser unit tests, and positive/negative fixtures for the assertion rules. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…op history - quality.ai.hallucinated-import now covers Python: imports resolve against an embedded py3.11+ stdlib list, declared deps (requirements*.txt, pyproject.toml project/poetry tables, setup.py/setup.cfg) with PEP 503 name normalization and a known import-name aliases map (PIL/pillow, yaml/pyyaml, cv2/opencv-python, ...), and local modules on disk. - quality.ai.dead-code goes beyond constant-false: statements after unconditional return/raise/throw/break/continue (Go via go/ast, TS/JS and Python via conservative lexical analysis) and unused private functions (Go package-wide via go/ast, file-local for Python/TS/JS). - New consistency rules mirroring the idiom-drift pattern: quality.ai.error-style-drift (Go wrapping style, Python bare except, TS raw Error vs custom error classes) and quality.ai.naming-drift (snake_case vs camelCase vs repo-dominant convention). - Slop-score trend history persisted per scan under the cache directory (cache.slop-history.json, capped per target), previous score and delta surfaced on SlopScoreArtifact, and a new `codeguard report -slop-history` command that prints the trend. - Catalog entries, slop weights, quality_rules.ai_checks config toggles, validation, SDK facade helpers, and integration tests. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…t analysis Deepen the Python and C-like (TS/JS, Java, Rust) parsers from function-boundary tokenizers into lightweight ASTs: byte-preserving lexers that mask comment and string contents while keeping offsets/newlines intact, logical-statement structure, per-function symbol tables (params + local assignments), import extraction, and call resolution. Migrate quality function-metrics (Python, TS, Java, Rust) and security line rules onto the structured parsers/masked lines to cut false positives from code-like text inside strings and comments. Add real intra-file, cross-function taint analysis: - security.taint.go: go/ast + scope tracking. Sources: *http.Request fields, os.Getenv, os.Args, bufio stdin. Sinks: exec.Command(Context), db Query/Exec/QueryRow, os file APIs, template Parse. Propagates through assignment/aliasing/Sprintf/concat; strconv parsing untaints. - security.taint.python: parser-based dataflow. Sources: input(), os.environ, sys.argv, web request attrs. Sinks: os.system/popen, subprocess (shell=True or string cmd), eval/exec, cursor.execute. shlex.quote / int / float and parameterized query args untaint. Findings embed the source->sink chain. New config toggles TaintGo/TaintPython (default on), catalog entries, and tests under tests/ including negative sanitized cases. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…e expansion, style/naming drift, slop history
… cache, fix templates
…esn't add a second verdict
…roto, migrations)
…nge-impact artifact, perf smells
…), Go/Python taint analysis
…maintainability fixes - alloc-in-loop: append-prealloc nag now behind detect_prealloc_in_loop (default off); string-concat detection stays on - test-without-assertion: credit assert/require/expect/verify/must/check helper calls; exempt helper-process tests - error-style-drift: direction-aware, never flags adoption of %w wrapping - dedupe 17 real clone pairs (shared cachefile pkg, triage/runtime HTTP helpers, RunTargetSection, unified metric extraction, shared source masker) - split oversized files, simplify complex funcs, remove dead code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.