cha-core 0.6.4

Core analysis engine for Cha — pluggable code smell detection
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118

use crate::{AnalysisContext, Finding, Location, Plugin, Severity, SmellCategory};

/// Detect error handling smells:
/// - Empty catch/except blocks (silently swallowed errors)
/// - Excessive unwrap()/expect() calls in Rust
///
/// ## References
///
/// [1] G. Padua and W. Shang, "Revisiting Exception Handling Practices
///     with Exception Flow Analysis," Empirical Software Engineering,
///     vol. 23, no. 6, pp. 3337–3383, 2018.
///     doi: 10.1007/s10664-018-9601-8.
///
/// [2] A. Rahman, C. Parnin, and L. Williams, "The Seven Sins: Security
///     Smells in Infrastructure as Code Scripts," in Proc. 41st Int. Conf.
///     Software Engineering (ICSE), 2019, pp. 164–175.
///     doi: 10.1109/ICSE.2019.00033.
pub struct ErrorHandlingAnalyzer {
    pub max_unwraps_per_function: usize,
}

impl Default for ErrorHandlingAnalyzer {
    fn default() -> Self {
        Self {
            max_unwraps_per_function: 3,
        }
    }
}

impl Plugin for ErrorHandlingAnalyzer {
    fn name(&self) -> &str {
        "error_handling"
    }

    fn analyze(&self, ctx: &AnalysisContext) -> Vec<Finding> {
        let mut findings = Vec::new();
        let lines: Vec<&str> = ctx.file.content.lines().collect();

        for f in &ctx.model.functions {
            let unwrap_count = count_unwraps(&lines, f.start_line, f.end_line);
            if unwrap_count > self.max_unwraps_per_function {
                findings.push(Finding {
                    smell_name: "unwrap_abuse".into(),
                    category: SmellCategory::Security,
                    severity: Severity::Warning,
                    location: Location {
                        path: ctx.file.path.clone(),
                        start_line: f.start_line,
                        end_line: f.end_line,
                        name: Some(f.name.clone()),
                    },
                    message: format!(
                        "Function `{}` has {} unwrap/expect calls (threshold: {})",
                        f.name, unwrap_count, self.max_unwraps_per_function
                    ),
                    suggested_refactorings: vec![
                        "Use ? operator".into(),
                        "Handle errors explicitly".into(),
                    ],
                });
            }
        }

        detect_empty_catch(&lines, ctx, &mut findings);
        findings
    }
}

fn count_unwraps(lines: &[&str], start: usize, end: usize) -> usize {
    let mut count = 0;
    for line in lines
        .iter()
        .take(end.min(lines.len()))
        .skip(start.saturating_sub(1))
    {
        let trimmed = line.trim();
        if trimmed.starts_with("//") || trimmed.starts_with('#') {
            continue;
        }
        count += line.matches(".unwrap()").count();
        count += line.matches(".expect(").count();
    }
    count
}

fn detect_empty_catch(lines: &[&str], ctx: &AnalysisContext, findings: &mut Vec<Finding>) {
    for (i, line) in lines.iter().enumerate() {
        let trimmed = line.trim();
        let is_catch = trimmed.starts_with("catch")
            || trimmed.starts_with("except")
            || trimmed.starts_with("} catch")
            || trimmed.starts_with("rescue");
        if !is_catch {
            continue;
        }
        if let Some(next) = lines.iter().skip(i + 1).find(|l| !l.trim().is_empty()) {
            let next_trimmed = next.trim();
            if next_trimmed == "}" || next_trimmed == "pass" || next_trimmed.is_empty() {
                findings.push(Finding {
                    smell_name: "empty_catch".into(),
                    category: SmellCategory::Security,
                    severity: Severity::Warning,
                    location: Location {
                        path: ctx.file.path.clone(),
                        start_line: i + 1,
                        end_line: i + 2,
                        name: None,
                    },
                    message: "Empty catch/except block — errors are silently swallowed".into(),
                    suggested_refactorings: vec![
                        "Log the error".into(),
                        "Re-throw or handle explicitly".into(),
                    ],
                });
            }
        }
    }
}