repotoire 0.9.0

//! Eval / dynamic-code-execution detector.
//!
//! Detects use of dangerous code-execution APIs that can lead to Remote
//! Code Execution (CWE-94 Code Injection, CWE-95 Eval Injection).
//!
//! # Architecture
//!
//! Two scan paths, picked by file language (mirrors `cleartext_credentials.rs`
//! and `secrets.rs`):
//!
//! 1. **AST path** (Python, JS, TS, JSX, TSX): walks the tree-sitter parse
//!    tree looking for **call expressions** whose callee matches a
//!    dynamic-code-exec API. All other languages either take the line path
//!    (Ruby, PHP) or are out of scope (no eval-shaped builtin).
//!
//!      - **Python**: `eval(...)`, `exec(...)`, `compile(src, file, mode)`
//!        where `mode in {"exec", "eval", "single"}`. Method calls
//!        (`obj.eval(ctx)`) and method definitions (`def eval(self): ...`)
//!        are AST-distinguished from the builtin and never fire. `eval(`
//!        substrings inside a `string` literal or `comment` node never
//!        fire either, because the AST naturally separates them from
//!        actual `call` nodes.
//!
//!      - **JavaScript / TypeScript**: `eval(...)`, `new Function(arg)`,
//!        `setTimeout(stringArg, ...)`, `setInterval(stringArg, ...)`,
//!        `vm.runInThisContext(...)`, `vm.runInNewContext(...)`. For
//!        `setTimeout` / `setInterval`, `arg[0]` MUST be string-shaped
//!        (string literal, template literal, string concatenation) for
//!        the call to fire — `setTimeout(() => doStuff(), 100)` is NOT
//!        eval-equivalent and is skipped on this path.
//!
//!    Severity is decided by classifying `arg[0]` (the code being
//!    executed) into one of `EvalArgKind::{StaticLiteral, Interpolated,
//!    Variable, FunctionLike, Unknown}`:
//!
//!      | kind            | eval/exec/Function | setTimeout/Interval | vm.run* |
//!      | --------------- | ------------------ | ------------------- | ------- |
//!      | StaticLiteral   | Low                | High                | High    |
//!      | Interpolated    | Critical           | Critical            | Critical|
//!      | Variable        | Critical           | (skip — fn ref)     | Critical|
//!      | FunctionLike    | Critical           | (skip — legit)      | Critical|
//!      | Unknown         | High               | (skip — fn ref)     | High    |
//!
//!    Low findings are filtered out from the final result by default
//!    (matches the legacy detector's behavior). The taint pass at the
//!    end of `detect()` may upgrade an existing finding to Critical
//!    when an unsanitized user-input dataflow is confirmed.
//!
//! 2. **Line path** (Ruby, PHP): for languages without a tree-sitter
//!    grammar in our dispatch list, a small line-based regex scanner
//!    matches the canonical Ruby/PHP eval forms. This is the same
//!    concession `cleartext_credentials.rs::scan_file_line` makes —
//!    AST is the right answer, line-based regex is what's available.
//!
//! This is the structural counterpart of the cleartext-credentials AST
//! migration (commits 4c656b2f / 7a2e2d61 / 2ab955dd) and of the
//! secrets AST migration (commits 4381002a / fe2626c6). The previous
//! detector ran a line-based regex over raw text and then needed
//! bespoke filters (`def eval(`, `.eval(`, `# eval(`, ast.literal_eval,
//! `torch.compile`, ...) to suppress 8 different "eval substring is
//! not a call" false-positive shapes. With the AST, "is this token a
//! call expression with `eval` as its callee" is a free piece of
//! information and that filter chain disappears.

use crate::detectors::ast_fingerprint::parse_root_ext;
use crate::detectors::ast_walk::AstWalkCtx;
use crate::detectors::base::{Detector, DetectorConfig};
use crate::detectors::fast_search::*;
use crate::detectors::security::ast_helpers::{
    collect_named_args, node_text, receiver_chain_label, unwrap_callee,
};
use crate::detectors::security::dangerous_sinks::{classify_sink, Lang, SinkKind};
use crate::detectors::security::scan_inputs::{ScanAstInputs, ScanInputs};
use crate::detectors::taint::{TaintAnalyzer, TaintCategory};
use crate::graph::GraphQueryExt;
use crate::models::{Evidence, Finding, Severity, SourceSpan, Tier};
use crate::parsers::lightweight::Language;
use anyhow::Result;
use regex::Regex;
use std::collections::HashMap;
use std::path::{Path, PathBuf};
use std::sync::LazyLock;
use tracing::{debug, info};

// ---------------------------------------------------------------------------
// Single source of truth for supported file extensions.
// ---------------------------------------------------------------------------

/// Extensions this detector processes. Mirrors the `cleartext_credentials.rs`
/// `SUPPORTED_EXTS` table so the AST/line dispatch lists stay aligned.
///
/// AST-eligible extensions flow through `scan_file_ast`; the rest fall
/// through to the legacy line scanner.
const SUPPORTED_EXTS: &[&str] = &[
    // AST path
    "py", "js", "ts", "jsx", "tsx", // Line path
    "rb", "php",
];

/// Default file patterns to exclude (test paths, vendored deps, ...).
const DEFAULT_EXCLUDE_PATTERNS: &[&str] = &[
    "tests/",
    "test_",
    "_test.py",
    "migrations/",
    "__pycache__/",
    ".git/",
    "node_modules/",
    "venv/",
    ".venv/",
    "management/commands/",
];

// ---------------------------------------------------------------------------
// Argument-shape classification
// ---------------------------------------------------------------------------

/// What kind of value is being passed as `arg[0]` of an eval-shaped call.
///
/// This is the AST-native equivalent of the legacy line-based filter
/// chain (`fstring_arg_pattern` / `concat_arg_pattern` /
/// `format_arg_pattern` / `percent_arg_pattern` / `variable_arg_pattern`
/// / `literal_string_pattern`). Computing it from the AST is both more
/// precise (no string-tracking needed to know "is this a literal or an
/// expression") and more general (handles arrow functions, template
/// literals, etc. without bespoke regex).
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
enum EvalArgKind {
    /// String literal with no interpolation — `eval("1 + 1")`.
    StaticLiteral,
    /// Literal that splices in expressions — Python f-string with
    /// interpolation, JS template literal with substitution, or string
    /// concatenation that includes a non-literal operand.
    Interpolated,
    /// Identifier / attribute access / subscript / call result —
    /// `eval(user_input)`, `eval(req.body.code)`, `eval(get())`.
    Variable,
    /// Arrow function / function expression / function declaration /
    /// lambda — `setTimeout(() => f(), 100)`. NOT an eval-shaped value
    /// for setTimeout/setInterval; IS still suspicious for actual eval.
    FunctionLike,
    /// Anything we don't classify. Defaults to `High` severity.
    Unknown,
}

impl EvalArgKind {
    /// Should this arg fire a `setTimeout` / `setInterval` finding?
    ///
    /// Only string-shaped args are the eval-like legacy pattern.  A bare
    /// identifier (`setTimeout(r, ms)`, `setInterval(tick, 1_000)`) almost
    /// always refers to a function reference — the same safe pattern as an
    /// arrow function — and must not fire.  `Variable` therefore does NOT
    /// fire for timers (but still fires for actual `eval`/`exec`/`new
    /// Function`, where `eval(userInput)` is genuinely dangerous).
    fn fires_for_timer(self) -> bool {
        matches!(self, EvalArgKind::StaticLiteral | EvalArgKind::Interpolated)
    }
}

// ---------------------------------------------------------------------------
// Detector
// ---------------------------------------------------------------------------

/// Detects dangerous code execution patterns (eval, exec, new Function,
/// setTimeout(string), vm.runInThisContext, ...).
pub struct EvalDetector {
    config: DetectorConfig,
    repository_path: PathBuf,
    max_findings: usize,
    exclude_patterns: Vec<String>,
    compiled_globs: Vec<Regex>,
    taint_analyzer: TaintAnalyzer,
    // Pre-computed taint results
    precomputed_cross: std::sync::OnceLock<Vec<crate::detectors::taint::TaintPath>>,
    precomputed_intra: std::sync::OnceLock<Vec<crate::detectors::taint::TaintPath>>,
}

impl EvalDetector {
    /// Create a new detector with default settings.
    pub fn new() -> Self {
        Self::with_config(DetectorConfig::new(), PathBuf::from("."))
    }

    /// Create with a custom repository path.
    pub fn with_repository_path(repository_path: PathBuf) -> Self {
        Self::with_config(DetectorConfig::new(), repository_path)
    }

    /// Create with a custom config and repository path.
    pub fn with_config(config: DetectorConfig, repository_path: PathBuf) -> Self {
        let max_findings = config.get_option_or("max_findings", 100);
        let exclude_patterns = config
            .get_option::<Vec<String>>("exclude_patterns")
            .unwrap_or_else(|| {
                DEFAULT_EXCLUDE_PATTERNS
                    .iter()
                    .map(|s| s.to_string())
                    .collect()
            });

        let compiled_globs: Vec<Regex> = exclude_patterns
            .iter()
            .filter(|p| p.contains('*'))
            .filter_map(|p| {
                let re_str = format!("^{}$", p.replace('*', ".*"));
                Regex::new(&re_str).ok()
            })
            .collect();

        Self {
            config,
            repository_path,
            max_findings,
            exclude_patterns,
            compiled_globs,
            taint_analyzer: TaintAnalyzer::new(),
            precomputed_cross: std::sync::OnceLock::new(),
            precomputed_intra: std::sync::OnceLock::new(),
        }
    }

    /// Check if a path should be excluded (test paths, vendored deps, ...).
    fn should_exclude(&self, path: &str) -> bool {
        for pattern in &self.exclude_patterns {
            if pattern.ends_with('/') {
                let dir = pattern.trim_end_matches('/');
                if dir.contains('/') {
                    if path.contains(pattern.as_str()) || path.contains(dir) {
                        return true;
                    }
                } else if path.split('/').any(|p| p == dir) {
                    return true;
                }
            } else if pattern.contains('*') {
                continue;
            } else if path.contains(pattern) {
                return true;
            }
        }
        let filename = Path::new(path)
            .file_name()
            .and_then(|s| s.to_str())
            .unwrap_or("");
        for re in &self.compiled_globs {
            if re.is_match(path) || re.is_match(filename) {
                return true;
            }
        }
        false
    }

    /// AST-first scanner. Walks the tree once. For every call expression
    /// whose callee is a known dangerous code-exec API, classifies the
    /// argument shape and emits a finding at the appropriate severity.
    fn scan_file_ast(&self, inputs: &ScanAstInputs<'_>) -> Vec<Finding> {
        let path = inputs.path();
        let content = inputs.content();
        let ext = inputs.ext();
        let lang = inputs.lang;
        let cached_tree = inputs.cached_tree;
        let mut findings = vec![];

        if content.contains('\0') {
            return findings;
        }

        let owned;
        let root = match cached_tree {
            Some(tree) => tree.root_node(),
            None => match parse_root_ext(content, lang, ext) {
                Some(t) => {
                    owned = t;
                    owned.root_node()
                }
                None => return findings,
            },
        };

        let bytes = content.as_bytes();
        let lines: Vec<&str> = content.lines().collect();
        // Per-file Python from-import alias map: lets us recognize
        // `from builtins import eval as my_eval; my_eval(code)` as a
        // direct eval call. Mirrors `insecure_crypto`'s pattern.
        let alias_map = if matches!(lang, Language::Python) {
            super::python_imports::collect_python_from_imports(root, bytes)
        } else {
            HashMap::new()
        };
        // Per-file Python module-alias map: lets us recognize
        // `import builtins as bi; bi.eval(code)` as a Python eval
        // call. Without this the Python branch of `match_eval_site`
        // rejects every attribute callee (it only accepts bare
        // identifiers).
        let module_aliases = if matches!(lang, Language::Python) {
            super::python_imports::collect_python_module_aliases(root, bytes)
        } else {
            HashMap::new()
        };
        let mut sites: Vec<EvalSite> = Vec::new();
        let ctx = AstWalkCtx {
            lang,
            source: bytes,
        };
        let aliases = super::python_imports::PythonAliases::new(&alias_map, &module_aliases);
        collect_eval_sites(&ctx, root, &aliases, &mut sites);

        for site in sites {
            if findings.len() >= self.max_findings {
                break;
            }
            let line_idx = site.call_node.start_position().row;
            if let Some(line) = lines.get(line_idx) {
                let prev = if line_idx > 0 {
                    Some(lines[line_idx - 1])
                } else {
                    None
                };
                if crate::detectors::is_line_suppressed(line, prev) {
                    continue;
                }
            }
            let snippet = lines.get(line_idx).map(|s| s.trim()).unwrap_or("");
            let line_num = (line_idx + 1) as u32;

            let severity = match site.api {
                EvalApi::Eval | EvalApi::Exec | EvalApi::NewFunction | EvalApi::Compile => {
                    match site.arg_kind {
                        EvalArgKind::StaticLiteral => Severity::Low,
                        EvalArgKind::Interpolated | EvalArgKind::Variable => Severity::Critical,
                        // B14: a function literal passed to eval/exec/Function/compile
                        // coerces to a string like `[object Function]` at runtime,
                        // not RCE. Downgrade to Low.
                        EvalArgKind::FunctionLike => Severity::Low,
                        EvalArgKind::Unknown => Severity::High,
                    }
                }
                EvalApi::SetTimeout | EvalApi::SetInterval => {
                    if !site.arg_kind.fires_for_timer() {
                        // Function arg — legit pattern, skip.
                        continue;
                    }
                    match site.arg_kind {
                        EvalArgKind::StaticLiteral => Severity::High,
                        EvalArgKind::Interpolated | EvalArgKind::Variable => Severity::Critical,
                        _ => Severity::High,
                    }
                }
                EvalApi::VmRun => match site.arg_kind {
                    EvalArgKind::StaticLiteral => Severity::High,
                    EvalArgKind::Interpolated | EvalArgKind::Variable => Severity::Critical,
                    _ => Severity::High,
                },
                EvalApi::InstanceEval | EvalApi::Assert => match site.arg_kind {
                    EvalArgKind::StaticLiteral => Severity::Low,
                    EvalArgKind::Interpolated | EvalArgKind::Variable => Severity::Critical,
                    _ => Severity::High,
                },
            };

            findings.push(self.build_finding(
                path,
                line_num,
                site.api,
                site.arg_kind,
                severity,
                snippet,
                ext,
            ));
        }

        findings
    }

    /// Legacy line scanner for non-AST languages (Ruby, PHP).
    ///
    /// For these formats reverse-engineering line shape is the only
    /// option. We accept a higher false-positive rate here as a known
    /// concession; the canonical eval forms in Ruby/PHP are simple
    /// enough that line-based regex is sufficient in practice.
    ///
    /// **Path used by**: `.rb`, `.php`. Any extension that DOES have a
    /// tree-sitter grammar in our dispatch list flows through
    /// `scan_file_ast` instead.
    fn scan_file_line(&self, inputs: &ScanInputs<'_>) -> Vec<Finding> {
        let path = inputs.path;
        let content = inputs.content;
        let ext = inputs.ext;
        let mut findings = vec![];
        if content.len() > 500_000 {
            return findings;
        }
        let lines: Vec<&str> = content.lines().collect();
        for (i, line) in lines.iter().enumerate() {
            if findings.len() >= self.max_findings {
                break;
            }
            let prev = if i > 0 { Some(lines[i - 1]) } else { None };
            if crate::detectors::is_line_suppressed(line, prev) {
                continue;
            }
            let trimmed = line.trim_start();
            // Strip comments (Ruby `#`, PHP `//` / `#`).
            if trimmed.starts_with('#') || trimmed.starts_with("//") {
                continue;
            }
            if let Some((api, arg_kind)) = match_line_eval(line, ext) {
                let line_num = (i + 1) as u32;
                let severity = match arg_kind {
                    EvalArgKind::StaticLiteral => Severity::Low,
                    EvalArgKind::Interpolated | EvalArgKind::Variable => Severity::Critical,
                    _ => Severity::High,
                };
                findings.push(self.build_finding(
                    path,
                    line_num,
                    api,
                    arg_kind,
                    severity,
                    line.trim(),
                    ext,
                ));
            }
        }
        findings
    }

    /// Construct a `Finding` for a detected eval site.
    fn build_finding(
        &self,
        path: &Path,
        line_num: u32,
        api: EvalApi,
        arg_kind: EvalArgKind,
        severity: Severity,
        snippet: &str,
        ext: &str,
    ) -> Finding {
        let api_name = api.callee_label();
        let title = format!("Code Injection via {}", api_name);
        let arg_desc = match arg_kind {
            EvalArgKind::StaticLiteral => "static string literal (low risk)",
            EvalArgKind::Interpolated => "string with variable interpolation (RCE risk)",
            EvalArgKind::Variable => "non-literal expression (RCE risk)",
            EvalArgKind::FunctionLike => "function value (still risky for eval)",
            EvalArgKind::Unknown => "non-static argument",
        };
        let lang_label = match ext {
            "py" => "python",
            "js" | "jsx" => "javascript",
            "ts" | "tsx" => "typescript",
            "rb" => "ruby",
            "php" => "php",
            _ => "",
        };

        let description = format!(
            "**Potential Code Injection (CWE-94)**\n\n\
             **API**: `{}`\n\n\
             **Argument shape**: {}\n\n\
             **Location**: {}:{}\n\n\
             **Code snippet**:\n```{}\n{}\n```\n\n\
             Dynamic code execution APIs run their argument as program text. \
             When that argument is anything other than a constant the caller controls \
             at write time, attackers who can influence the value get arbitrary \
             code execution.",
            api_name,
            arg_desc,
            path.display(),
            line_num,
            lang_label,
            snippet,
        );

        let suggested_fix = self.recommend(api, ext);

        Finding {
            id: String::new(),
            detector: "EvalDetector".to_string(),
            severity,
            title,
            description,
            affected_files: vec![path.to_path_buf()],
            line_start: Some(line_num),
            line_end: Some(line_num),
            suggested_fix: Some(suggested_fix),
            estimated_effort: Some("Medium (1-4 hours)".to_string()),
            category: Some("security".to_string()),
            cwe_id: Some("CWE-94".to_string()),
            why_it_matters: Some(
                "Code execution vulnerabilities allow attackers to run arbitrary code on the server, \
                 potentially leading to complete system compromise."
                    .to_string(),
            ),
            ..Default::default()
        }
    }

    /// Per-API remediation guidance.
    fn recommend(&self, api: EvalApi, ext: &str) -> String {
        match (api, ext) {
            (EvalApi::Eval | EvalApi::Exec | EvalApi::Compile, "py") => {
                "Avoid `eval`/`exec`/`compile` on user-controlled input.\n\n\
                 - For parsing literal data structures: use `ast.literal_eval`.\n\
                 - For JSON: use `json.loads`.\n\
                 - For dispatch tables: use a dict mapping name → handler.\n\
                 - If `compile` is required, ensure the source argument is a \
                 program-author-controlled constant, not user input."
                    .to_string()
            }
            (
                EvalApi::Eval
                | EvalApi::NewFunction
                | EvalApi::SetTimeout
                | EvalApi::SetInterval
                | EvalApi::VmRun,
                "js" | "ts" | "jsx" | "tsx",
            ) => "Avoid dynamic code-execution APIs on user-controlled input.\n\n\
                 - Replace `eval` / `new Function(str)` with explicit dispatch.\n\
                 - Replace `setTimeout(stringArg, ms)` with `setTimeout(() => fn(), ms)`.\n\
                 - For sandboxed evaluation, prefer a worker / iframe / WASM \
                 isolate with no host-API access — `vm.runInNewContext` is NOT \
                 a real sandbox."
                .to_string(),
            (_, "rb") => "Avoid `eval` / `instance_eval` / `class_eval` on user input. \
                 Use `public_send` with an allowlist of method names instead."
                .to_string(),
            (EvalApi::Assert, "php") | (_, "php") => {
                "Avoid `eval` and `assert` with string arguments. PHP's \
                 `assert` evaluates string args as code; pass a boolean expression \
                 instead, or remove the assertion."
                    .to_string()
            }
            _ => "Avoid dynamic code execution on user-controlled input.".to_string(),
        }
    }
}

impl Default for EvalDetector {
    fn default() -> Self {
        Self::new()
    }
}

impl Detector for EvalDetector {
    fn name(&self) -> &'static str {
        "EvalDetector"
    }

    fn description(&self) -> &'static str {
        "Detects dangerous code execution patterns (eval, exec, new Function, setTimeout-string, ...)"
    }

    fn bypass_postprocessor(&self) -> bool {
        true
    }

    fn category(&self) -> &'static str {
        "security"
    }

    fn config(&self) -> Option<&DetectorConfig> {
        Some(&self.config)
    }

    crate::detectors::impl_taint_precompute!();

    fn taint_category(&self) -> Option<crate::detectors::taint::TaintCategory> {
        Some(TaintCategory::CodeInjection)
    }

    fn file_extensions(&self) -> &'static [&'static str] {
        SUPPORTED_EXTS
    }

    fn content_requirements(&self) -> crate::detectors::detector_context::ContentFlags {
        crate::detectors::detector_context::ContentFlags::HAS_EVAL
    }

    fn detect(
        &self,
        ctx: &crate::detectors::analysis_context::AnalysisContext,
    ) -> Result<Vec<Finding>> {
        let graph = ctx.graph;
        debug!("Starting eval/exec detection (AST-first)");

        let files = ctx.as_file_provider();
        let mut findings: Vec<Finding> = Vec::new();

        for path in files.files_with_extensions(SUPPORTED_EXTS) {
            if findings.len() >= self.max_findings {
                break;
            }
            let path_str = path.to_string_lossy().to_string();
            if self.should_exclude(&path_str) {
                continue;
            }

            let content = match files.content(path) {
                Some(c) => c,
                None => continue,
            };
            // Cheap pre-filter: skip files with no eval/exec/Function/timer keywords.
            if !contains_any_eval_keyword(&content) {
                continue;
            }
            // Use raw content — `masked_content` blanks string-literal
            // text, which destroys the ability to classify
            // `eval(\`foo ${bar}\`)` correctly (the template_substitution
            // child gets erased). The AST distinguishes literal
            // string-content from call expressions on its own; we don't
            // need the masked variant here.
            if content.len() > 500_000 {
                continue;
            }
            let scan_source = content;

            let ext = path.extension().and_then(|e| e.to_str()).unwrap_or("");
            let lang = Language::from_path(path);
            let has_ast_grammar = matches!(
                lang,
                Language::Python | Language::JavaScript | Language::TypeScript
            );

            let new_findings = if has_ast_grammar {
                let cached = files.tree(path);
                let scan = ScanInputs::new(path, &scan_source, ext);
                let ast_inputs = ScanAstInputs::new(scan, lang, cached.as_deref());
                self.scan_file_ast(&ast_inputs)
            } else {
                let scan = ScanInputs::new(path, &scan_source, ext);
                self.scan_file_line(&scan)
            };
            findings.extend(new_findings);
        }

        // Severity refinement via taint analysis (precomputed when available).
        let mut taint_results = if let Some(cross) = self.precomputed_cross.get() {
            cross.clone()
        } else {
            self.taint_analyzer
                .trace_taint(graph, TaintCategory::CodeInjection)
        };
        let intra_paths = if let Some(intra) = self.precomputed_intra.get() {
            intra.clone()
        } else {
            crate::detectors::taint::run_intra_function_taint(
                &self.taint_analyzer,
                graph,
                TaintCategory::CodeInjection,
                &self.repository_path,
            )
        };
        taint_results.extend(intra_paths);

        for finding in &mut findings {
            let file_path = finding
                .affected_files
                .first()
                .map(|p| p.to_string_lossy().to_string())
                .unwrap_or_default();
            let line = finding.line_start.unwrap_or(0);
            for taint in &taint_results {
                if taint.sink_file == file_path && taint.sink_line == line {
                    if taint.is_sanitized {
                        finding.severity = Severity::Low;
                    } else {
                        finding.severity = Severity::Critical;
                        finding.description = format!(
                            "{}\n\n**Taint Analysis:** Unsanitized data flow from {} (line {}) to sink.",
                            finding.description, taint.source_function, taint.source_line
                        );
                    }
                    break;
                }
            }
        }

        // Blocking-tier upgrade: promote a finding to Tier::Blocking when an SSA taint
        // path reaches an eval-class sink with no sanitizer. Line/regex heuristic
        // findings (no matching taint path) stay Advisory.
        //
        // is_sanitized is the authoritative gate — sanitizers_on_path is empty for
        // intra-function paths even when sanitized (the heuristic engine doesn't report
        // names), so gating on sanitizers_on_path.is_empty() would be wrong.
        for finding in &mut findings {
            let file_path = finding
                .affected_files
                .first()
                .map(|p| p.to_string_lossy().to_string())
                .unwrap_or_default();
            let line = finding.line_start.unwrap_or(0);
            // Derive extension from the already-computed file_path string.
            let ext = std::path::Path::new(&file_path)
                .extension()
                .and_then(|e| e.to_str())
                .unwrap_or("");
            let lang = match ext {
                "py" => Some(Lang::Python),
                "js" | "jsx" => Some(Lang::Js),
                "ts" | "tsx" => Some(Lang::Ts),
                _ => None,
            };
            for taint in &taint_results {
                if taint.sink_file != file_path || taint.sink_line != line {
                    continue;
                }
                if taint.is_sanitized {
                    break;
                }
                let (receiver, name) = parse_sink_callee_text(&taint.sink_callee_text);
                if let Some(lang) = lang {
                    if let Some(SinkKind::Eval) = classify_sink(lang, receiver, name) {
                        finding.tier = Tier::Blocking;
                        finding.deterministic = true;
                        finding.confidence = Some(0.95);
                        finding.evidence = Some(Evidence::TaintPath {
                            source: SourceSpan {
                                file: std::path::PathBuf::from(&taint.source_file),
                                line_start: taint.source_line,
                                line_end: taint.source_line,
                                snippet: None,
                            },
                            sink: SourceSpan {
                                file: std::path::PathBuf::from(&taint.sink_file),
                                line_start: taint.sink_line,
                                line_end: taint.sink_line,
                                snippet: None,
                            },
                            sink_kind: "eval".to_string(),
                            flow: vec![],
                            sanitizers_seen: taint.sanitizers_on_path.clone(),
                        });
                    }
                }
                break;
            }
        }

        // Severity boost when call appears in a request-handler / route function.
        //
        // Only applies to findings already worth surfacing. Boosting a
        // `Low` finding (`eval("1 + 1")`) to `Critical` solely because
        // it sits in a function named `handler` would defeat the
        // argument-aware classification — the static literal is the
        // signal we care about, not the surrounding function.
        //
        // B8: language-agnostic substring match plus a verb-prefix
        // camelCase pattern (`getUser`, `postOrder`, ...). The previous
        // scheme used Python-snake-case prefixes (`get_`, `post_`, ...)
        // which missed JS/TS Express-style handlers.
        static HANDLER_VERB_RE: LazyLock<Regex> = LazyLock::new(|| {
            Regex::new(r"^(get|post|put|delete|patch|head|options)[A-Z]").expect("valid regex")
        });
        for finding in &mut findings {
            if !matches!(finding.severity, Severity::High | Severity::Medium) {
                continue;
            }
            if let (Some(file_path), Some(line)) =
                (finding.affected_files.first(), finding.line_start)
            {
                let path_str = file_path.to_string_lossy().to_string();
                let i = graph.interner();
                if let Some(func) = graph.find_function_at(&path_str, line) {
                    let raw_name = func.node_name(i);
                    let name_lower = raw_name.to_lowercase();
                    let is_route = name_lower.contains("handler")
                        || name_lower.contains("route")
                        || name_lower.contains("endpoint")
                        || name_lower.contains("view")
                        || name_lower.contains("controller")
                        || name_lower.contains("middleware")
                        || name_lower.contains("request")
                        || name_lower.contains("response")
                        || HANDLER_VERB_RE.is_match(raw_name);
                    if is_route {
                        finding.severity = Severity::Critical;
                    }
                }
            }
        }

        // Drop Low findings (e.g. eval("1 + 1")). Caller-controlled
        // constants are not actionable without context the detector
        // doesn't have.
        findings.retain(|f| f.severity != Severity::Low);

        info!(
            "EvalDetector found {} potential code-injection sites",
            findings.len()
        );
        Ok(findings)
    }
}

impl crate::detectors::RegisteredDetector for EvalDetector {
    fn create(init: &crate::detectors::DetectorInit) -> std::sync::Arc<dyn Detector> {
        std::sync::Arc::new(Self::with_repository_path(init.repo_path.to_path_buf()))
    }

    fn max_tier() -> crate::models::Tier {
        crate::models::Tier::Blocking
    }
}

// ---------------------------------------------------------------------------
// AST walking
// ---------------------------------------------------------------------------

/// Which dangerous code-exec API was matched at this site.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
enum EvalApi {
    Eval,
    Exec,
    Compile,
    NewFunction,
    SetTimeout,
    SetInterval,
    VmRun,
    /// Ruby's `instance_eval` / `class_eval` / `module_eval` family.
    InstanceEval,
    /// PHP `assert("...")` (eval-equivalent only when arg is a string).
    Assert,
}

impl EvalApi {
    fn callee_label(self) -> &'static str {
        match self {
            EvalApi::Eval => "eval",
            EvalApi::Exec => "exec",
            EvalApi::Compile => "compile",
            EvalApi::NewFunction => "new Function",
            EvalApi::SetTimeout => "setTimeout",
            EvalApi::SetInterval => "setInterval",
            EvalApi::VmRun => "vm.runInThisContext",
            EvalApi::InstanceEval => "instance_eval",
            EvalApi::Assert => "assert",
        }
    }
}

/// One eval-shaped call site we want to emit.
struct EvalSite<'a> {
    /// The call / new-expression node — used for line lookup.
    call_node: tree_sitter::Node<'a>,
    /// Which API was matched.
    api: EvalApi,
    /// Classified shape of `arg[0]`.
    arg_kind: EvalArgKind,
}

/// Walk the tree and emit an `EvalSite` for every dangerous-API call.
fn collect_eval_sites<'a>(
    ctx: &AstWalkCtx<'a>,
    node: tree_sitter::Node<'a>,
    aliases: &super::python_imports::PythonAliases<'_>,
    out: &mut Vec<EvalSite<'a>>,
) {
    if let Some(site) = match_eval_site(node, ctx.source, ctx.lang, aliases) {
        out.push(site);
    }
    let mut cursor = node.walk();
    for child in node.children(&mut cursor) {
        collect_eval_sites(ctx, child, aliases, out);
    }
}

/// If `node` is a dangerous code-exec call (per language), return an
/// `EvalSite`. Otherwise `None`. AST shapes were verified against
/// `/tmp/ast-probe`.
fn match_eval_site<'a>(
    node: tree_sitter::Node<'a>,
    source: &'a [u8],
    lang: Language,
    aliases: &super::python_imports::PythonAliases<'_>,
) -> Option<EvalSite<'a>> {
    match (node.kind(), lang) {
        // Python: `call { function: identifier, arguments: argument_list }`.
        ("call", Language::Python) => {
            let func = node.child_by_field_name("function")?;
            // Resolve the callee name. Two shapes are accepted:
            //
            //   * Bare identifier (`eval(code)`, `exec(code)`,
            //     `compile(...)`). The from-import path
            //     (`from builtins import eval; eval(code)`) lands here
            //     as well — the imported name IS the bare callee.
            //
            //   * `attribute { object: identifier <alias>,
            //     attribute: identifier <name> }` where the receiver
            //     resolves through the module-alias map to `builtins`.
            //     Closes the `import builtins as bi; bi.eval(code)`
            //     gap.
            //
            // `self.something.eval(ctx)` and other unrelated
            // attribute calls fall through because the resolved
            // module would not be `builtins`.
            let _ = aliases.imports;
            let name: &str = match func.kind() {
                "identifier" => node_text(func, source)?,
                "attribute" => {
                    let obj = func.child_by_field_name("object")?;
                    let attr = func.child_by_field_name("attribute")?;
                    let obj_text = node_text(obj, source).unwrap_or("");
                    let resolved = aliases.modules.get(obj_text).map(|s| s.as_str());
                    if resolved != Some("builtins") {
                        return None;
                    }
                    node_text(attr, source)?
                }
                _ => return None,
            };
            let api = match name {
                "eval" => EvalApi::Eval,
                "exec" => EvalApi::Exec,
                "compile" => EvalApi::Compile,
                _ => return None,
            };
            let args = node.child_by_field_name("arguments")?;
            let arg_nodes = collect_named_args(args);
            // `compile(src, file, mode)` — we only fire when mode is one
            // of the dangerous values. mode may be the 3rd positional
            // arg or a `mode=` keyword arg.
            if api == EvalApi::Compile && !python_compile_mode_is_dangerous(&arg_nodes, source) {
                return None;
            }
            // arg[0] for eval/exec/compile is the source.
            let first = arg_nodes.first().copied()?;
            let arg_kind = classify_eval_arg_python(first, source);
            Some(EvalSite {
                call_node: node,
                api,
                arg_kind,
            })
        }
        // JS/TS: `call_expression { function, arguments }`.
        ("call_expression", Language::JavaScript | Language::TypeScript) => {
            let func = node.child_by_field_name("function")?;
            let args = node.child_by_field_name("arguments")?;
            let arg_nodes = collect_named_args(args);
            // B7: unwrap parenthesized / sequence-expression callees so
            // `(eval)(code)` and `(0, eval)(code)` are recognized as
            // direct eval. Per JS comma-operator semantics, we keep the
            // LAST element of a sequence_expression.
            let func = unwrap_callee(func);
            let api = match func.kind() {
                "identifier" => match node_text(func, source)? {
                    "eval" => EvalApi::Eval,
                    "setTimeout" => EvalApi::SetTimeout,
                    "setInterval" => EvalApi::SetInterval,
                    _ => return None,
                },
                "member_expression" => {
                    let obj = func.child_by_field_name("object")?;
                    let prop = func.child_by_field_name("property")?;
                    let prop_text = node_text(prop, source)?;
                    // B1: walk the receiver chain to its LAST segment so
                    // `this.vm.runInThisContext(...)` matches the same as
                    // `vm.runInThisContext(...)`. Mirrors
                    // `cleartext_credentials::receiver_chain_label`.
                    let recv = receiver_chain_label(obj, source, None);

                    // B11: `eval.call(null, code)` / `eval.apply(null, [code])` /
                    // `eval.bind(null, code)`. The receiver IS `eval`; the
                    // property names a Function.prototype reflection method.
                    if recv == "eval" && matches!(prop_text, "call" | "apply" | "bind") {
                        // For .call / .bind: arg[1] is the code (arg[0] is `this`).
                        // For .apply: arg[1] is an array of args; classify
                        // the array node directly (Variable/Unknown).
                        let code_arg = arg_nodes.get(1).copied()?;
                        let arg_kind = classify_eval_arg_js(code_arg, source);
                        return Some(EvalSite {
                            call_node: node,
                            api: EvalApi::Eval,
                            arg_kind,
                        });
                    }

                    // Bare `eval` on a JS global-alias receiver:
                    // `globalThis.eval(...)`, `window.eval(...)`,
                    // `self.eval(...)`, `globalObject.eval(...)`.
                    if prop_text == "eval"
                        && matches!(
                            recv.as_str(),
                            "globalthis" | "window" | "self" | "globalobject" | "global"
                        )
                    {
                        EvalApi::Eval
                    } else if matches!(
                        prop_text,
                        "runInThisContext" | "runInNewContext" | "runInContext"
                    ) && matches!(
                        recv.as_str(),
                        "vm" | "globalthis" | "window" | "self" | "globalobject"
                    ) {
                        EvalApi::VmRun
                    } else {
                        return None;
                    }
                }
                _ => return None,
            };
            let first = arg_nodes.first().copied()?;
            let arg_kind = classify_eval_arg_js(first, source);
            Some(EvalSite {
                call_node: node,
                api,
                arg_kind,
            })
        }
        // JS/TS: `new_expression { constructor, arguments }`.
        ("new_expression", Language::JavaScript | Language::TypeScript) => {
            let ctor = node.child_by_field_name("constructor")?;
            let args = node.child_by_field_name("arguments")?;
            let arg_nodes = collect_named_args(args);

            // `new Function(...)` — bare identifier.
            if ctor.kind() == "identifier" {
                let name = node_text(ctor, source)?;
                if name != "Function" {
                    return None;
                }
                // `new Function(arg)` and `new Function("a", "b", "return a+b")` —
                // the LAST arg is the body, but for our purposes any non-static
                // arg is enough to fire. We classify the first arg; if there's
                // exactly one arg it IS the body, and if there are multiple
                // the parameter names would typically be string literals
                // anyway.
                let first = arg_nodes.first().copied()?;
                let arg_kind = classify_eval_arg_js(first, source);
                return Some(EvalSite {
                    call_node: node,
                    api: EvalApi::NewFunction,
                    arg_kind,
                });
            }

            // B13: `new vm.Script(code)` (and `new vm.SourceTextModule(code)`).
            // The constructor is a `member_expression` ending in `Script` /
            // `SourceTextModule` / `Module`. Fire on arg[0]; we don't need
            // to chase the trailing `.runInThisContext()` call — the `new`
            // expression itself is the dangerous code-acceptance point.
            if ctor.kind() == "member_expression" {
                let prop = ctor.child_by_field_name("property")?;
                let prop_text = node_text(prop, source)?;
                if matches!(prop_text, "Script" | "SourceTextModule" | "Module") {
                    let first = arg_nodes.first().copied()?;
                    let arg_kind = classify_eval_arg_js(first, source);
                    return Some(EvalSite {
                        call_node: node,
                        api: EvalApi::VmRun,
                        arg_kind,
                    });
                }
            }

            None
        }
        _ => None,
    }
}

// `collect_named_args`, `unwrap_callee`, and `receiver_chain_label` live
// in `ast_helpers`; imported above. `eval_detector` does not use the
// call-expression module-resolver channel (it doesn't match
// `require('vm').runInThisContext`), so we always pass `None` for the
// resolver argument — identical to the previous local copy of
// `receiver_chain_label`.

/// For a Python `compile(src, filename, mode)` call, decide whether the
/// `mode` argument names a dangerous mode (`exec`, `eval`, `single`).
///
/// Mode can be either the 3rd positional argument or a `mode=` keyword
/// argument. If the mode argument is non-static (a variable), we
/// conservatively treat it as dangerous because we can't prove it
/// isn't `'exec'`.
fn python_compile_mode_is_dangerous(args: &[tree_sitter::Node<'_>], source: &[u8]) -> bool {
    // Look for `mode=` first.
    for a in args {
        if a.kind() == "keyword_argument" {
            let name = a
                .child_by_field_name("name")
                .and_then(|n| node_text(n, source));
            if name == Some("mode") {
                if let Some(value) = a.child_by_field_name("value") {
                    return string_node_value(value, source)
                        .map(|s| matches!(s.as_str(), "exec" | "eval" | "single"))
                        .unwrap_or(true); // non-literal mode — assume dangerous
                }
            }
        }
    }
    // 3rd positional arg.
    let positional: Vec<_> = args
        .iter()
        .filter(|a| a.kind() != "keyword_argument")
        .collect();
    if let Some(third) = positional.get(2) {
        if let Some(s) = string_node_value(**third, source) {
            return matches!(s.as_str(), "exec" | "eval" | "single");
        }
        // Non-literal positional mode — assume dangerous.
        return true;
    }
    // No explicit mode supplied — Python has no positional default for
    // mode (it's required). If the AST shows fewer than 3 args we treat
    // the call as malformed and skip rather than emit a noisy finding.
    false
}

/// Extract the string-literal value of a Python `string` node. Returns
/// `None` if the node is not a string or contains an interpolation.
fn string_node_value(node: tree_sitter::Node<'_>, source: &[u8]) -> Option<String> {
    if node.kind() != "string" {
        return None;
    }
    // Reject f-strings with interpolations — they aren't a fixed value.
    let mut cursor = node.walk();
    let mut content = String::new();
    for child in node.children(&mut cursor) {
        match child.kind() {
            "string_start" | "string_end" => {}
            "string_content" => {
                if let Some(t) = node_text(child, source) {
                    content.push_str(t);
                }
            }
            "interpolation" => return None,
            _ => {}
        }
    }
    Some(content)
}

/// Classify the shape of a Python eval-call argument expression.
///
/// `source` is currently only used in recursive descent (which itself
/// doesn't read it), but we keep it on the signature so future
/// classifications that need to inspect literal text (e.g. specific
/// safe-string allowlists) can do so without an API change.
#[allow(clippy::only_used_in_recursion)]
fn classify_eval_arg_python(node: tree_sitter::Node<'_>, source: &[u8]) -> EvalArgKind {
    match node.kind() {
        "string" => {
            // f-string with interpolation children → Interpolated.
            // Plain string → StaticLiteral.
            let mut cursor = node.walk();
            for child in node.children(&mut cursor) {
                if child.kind() == "interpolation" {
                    return EvalArgKind::Interpolated;
                }
            }
            EvalArgKind::StaticLiteral
        }
        "concatenated_string" => {
            // String literals juxtaposed: `"a" "b"`. Walk children for
            // any interpolation.
            let mut cursor = node.walk();
            for child in node.children(&mut cursor) {
                if classify_eval_arg_python(child, source) == EvalArgKind::Interpolated {
                    return EvalArgKind::Interpolated;
                }
            }
            EvalArgKind::StaticLiteral
        }
        "binary_operator" => {
            // `"foo " + var` or `"foo " % var` — classify operands;
            // any non-literal makes it Interpolated.
            let mut found_var = false;
            let mut cursor = node.walk();
            for child in node.children(&mut cursor) {
                if !child.is_named() {
                    continue;
                }
                match classify_eval_arg_python(child, source) {
                    EvalArgKind::Variable | EvalArgKind::Interpolated | EvalArgKind::Unknown => {
                        found_var = true;
                    }
                    _ => {}
                }
            }
            if found_var {
                EvalArgKind::Interpolated
            } else {
                EvalArgKind::StaticLiteral
            }
        }
        "identifier" | "attribute" | "subscript" | "call" => EvalArgKind::Variable,
        "lambda" => EvalArgKind::FunctionLike,
        "parenthesized_expression" => {
            // Drill in.
            for i in 0..node.named_child_count() {
                if let Some(c) = node.named_child(i) {
                    return classify_eval_arg_python(c, source);
                }
            }
            EvalArgKind::Unknown
        }
        // B4: descend into `await`. The awaited expression is the actual
        // payload — `exec(await get_code())` is exactly as risky as
        // `exec(get_code())`.
        "await" => {
            for i in 0..node.named_child_count() {
                if let Some(c) = node.named_child(i) {
                    return classify_eval_arg_python(c, source);
                }
            }
            EvalArgKind::Unknown
        }
        // B4: `eval(a if cond else b)` — classify both branches and
        // return the strongest non-literal kind.
        "conditional_expression" => {
            let mut strongest = EvalArgKind::StaticLiteral;
            for i in 0..node.named_child_count() {
                if let Some(c) = node.named_child(i) {
                    let k = classify_eval_arg_python(c, source);
                    strongest = strongest_arg_kind(strongest, k);
                }
            }
            strongest
        }
        _ => EvalArgKind::Unknown,
    }
}

/// Combine two `EvalArgKind`s and keep the strongest signal:
/// `Variable > Interpolated > Unknown > FunctionLike > StaticLiteral`.
/// Used by `classify_eval_arg_*` when descending into multi-branch
/// wrappers (ternary / conditional).
fn strongest_arg_kind(a: EvalArgKind, b: EvalArgKind) -> EvalArgKind {
    fn rank(k: EvalArgKind) -> u8 {
        match k {
            EvalArgKind::Variable => 4,
            EvalArgKind::Interpolated => 3,
            EvalArgKind::Unknown => 2,
            EvalArgKind::FunctionLike => 1,
            EvalArgKind::StaticLiteral => 0,
        }
    }
    if rank(a) >= rank(b) {
        a
    } else {
        b
    }
}

/// Classify the shape of a JS/TS eval-call argument expression.
///
/// See `classify_eval_arg_python` for the rationale on keeping `source`
/// on the signature even though it currently goes unused outside the
/// recursion tail.
#[allow(clippy::only_used_in_recursion)]
fn classify_eval_arg_js(node: tree_sitter::Node<'_>, source: &[u8]) -> EvalArgKind {
    match node.kind() {
        "string" => EvalArgKind::StaticLiteral,
        "template_string" => {
            // Has at least one `template_substitution` child? → Interpolated.
            let mut cursor = node.walk();
            for child in node.children(&mut cursor) {
                if child.kind() == "template_substitution" {
                    return EvalArgKind::Interpolated;
                }
            }
            EvalArgKind::StaticLiteral
        }
        "binary_expression" => {
            // `"a" + var` — any non-literal operand makes it Interpolated.
            let left = node.child_by_field_name("left");
            let right = node.child_by_field_name("right");
            let mut found_var = false;
            for opt in [left, right].iter().flatten() {
                match classify_eval_arg_js(*opt, source) {
                    EvalArgKind::Variable | EvalArgKind::Interpolated | EvalArgKind::Unknown => {
                        found_var = true;
                    }
                    _ => {}
                }
            }
            if found_var {
                EvalArgKind::Interpolated
            } else {
                EvalArgKind::StaticLiteral
            }
        }
        "identifier" | "member_expression" | "subscript_expression" | "call_expression" => {
            EvalArgKind::Variable
        }
        "arrow_function" | "function_expression" | "function" | "function_declaration" => {
            EvalArgKind::FunctionLike
        }
        "parenthesized_expression" => {
            for i in 0..node.named_child_count() {
                if let Some(c) = node.named_child(i) {
                    return classify_eval_arg_js(c, source);
                }
            }
            EvalArgKind::Unknown
        }
        // B4: descend through transparent expression wrappers so the
        // classifier sees the underlying kind:
        //   - `await foo()`              → await_expression
        //   - TS `x as string`           → as_expression
        //   - TS `<string>x`             → type_assertion_expression
        //   - TS `x!`                    → non_null_expression
        //   - TS `x satisfies T`         → satisfies_expression
        "await_expression"
        | "as_expression"
        | "type_assertion_expression"
        | "non_null_expression"
        | "satisfies_expression" => {
            for i in 0..node.named_child_count() {
                if let Some(c) = node.named_child(i) {
                    return classify_eval_arg_js(c, source);
                }
            }
            EvalArgKind::Unknown
        }
        // B4: `cond ? a : b` — classify both branches; strongest wins.
        "ternary_expression" => {
            let consequence = node.child_by_field_name("consequence");
            let alternative = node.child_by_field_name("alternative");
            let mut strongest = EvalArgKind::StaticLiteral;
            for opt in [consequence, alternative].iter().flatten() {
                let k = classify_eval_arg_js(*opt, source);
                strongest = strongest_arg_kind(strongest, k);
            }
            strongest
        }
        _ => EvalArgKind::Unknown,
    }
}

/// Cheap pre-filter: does this file contain any of the eval-shaped
/// keywords at all? Avoids the cost of a full parse on files that
/// can't possibly have an eval site.
fn contains_any_eval_keyword(content: &str) -> bool {
    find_in(&FIND_EVAL_PAREN, content)
        || find_in(&FIND_EXEC_PAREN, content)
        || content.contains("new Function")
        || content.contains("setTimeout(")
        || content.contains("setInterval(")
        || content.contains("vm.runIn")
        || content.contains("compile(")
        || content.contains("instance_eval")
        || content.contains("class_eval")
        || content.contains("module_eval")
        || content.contains("assert(")
        // B7 / B11 / B13: indirect-eval and member-form callees do NOT
        // contain `eval(` (they have `(eval)`, `eval.call(`, `vm.Script(`)
        // so the cheap prefix check above would have skipped the parse.
        // Adding `eval` as a bare-token catches all three shapes.
        || content.contains("(eval)")
        || content.contains("eval.")
        || content.contains("eval,")
        || content.contains(", eval")
        || content.contains(",eval")
        || content.contains("vm.Script")
        || content.contains("vm.SourceTextModule")
        || content.contains(".eval(")
}

// ---------------------------------------------------------------------------
// Line scanner (Ruby, PHP)
// ---------------------------------------------------------------------------

/// Ruby `eval` family + PHP `eval`/`assert`. Returns
/// `(api, classified-arg-shape)` if the line looks like a dangerous
/// call.
///
/// Used by `scan_file_line` for `.rb` and `.php` files only. AST-eligible
/// languages flow through `scan_file_ast`.
fn match_line_eval(line: &str, ext: &str) -> Option<(EvalApi, EvalArgKind)> {
    static RUBY_EVAL_RE: LazyLock<Regex> = LazyLock::new(|| {
        Regex::new(r"\b(eval|instance_eval|class_eval|module_eval)\s*\(").expect("valid regex")
    });
    static PHP_EVAL_RE: LazyLock<Regex> =
        LazyLock::new(|| Regex::new(r"\b(eval|assert)\s*\(").expect("valid regex"));

    let re = match ext {
        "rb" => &*RUBY_EVAL_RE,
        "php" => &*PHP_EVAL_RE,
        _ => return None,
    };
    let m = re.find(line)?;
    // Cheap arg-shape classification on the line text itself. This is
    // strictly weaker than the AST classification but fits within the
    // line-path budget.
    let after = &line[m.end()..];
    let arg_kind = classify_line_arg(after);
    let api_name = re
        .captures(line)?
        .get(1)
        .map(|m| m.as_str())
        .unwrap_or("eval");
    let api = match api_name {
        "eval" => EvalApi::Eval,
        "instance_eval" | "class_eval" | "module_eval" => EvalApi::InstanceEval,
        // B17: PHP `assert` is eval-equivalent ONLY when its argument is a
        // string. For boolean expressions like `assert($x === 1)`, skip
        // entirely (this is the inverse of the eval/exec rule, where any
        // non-literal IS the dangerous case).
        "assert" => {
            if !matches!(
                arg_kind,
                EvalArgKind::StaticLiteral | EvalArgKind::Interpolated
            ) {
                return None;
            }
            EvalApi::Assert
        }
        _ => EvalApi::Eval,
    };
    Some((api, arg_kind))
}

/// Cheap line-text classification of an eval argument for the Ruby/PHP
/// line path. Looks for static string literal vs interpolation/variable.
fn classify_line_arg(after_paren: &str) -> EvalArgKind {
    let trimmed = after_paren.trim_start();
    if trimmed.starts_with('"') || trimmed.starts_with('\'') {
        // Find the matching close quote, ignoring escaped quotes.
        let quote = trimmed.as_bytes()[0];
        let mut i = 1;
        let bytes = trimmed.as_bytes();
        let mut had_interp = false;
        while i < bytes.len() {
            let c = bytes[i];
            if c == b'\\' {
                i += 2;
                continue;
            }
            if c == quote {
                break;
            }
            // Ruby `"#{...}"` interpolation marker.
            if quote == b'"' && c == b'#' && bytes.get(i + 1) == Some(&b'{') {
                had_interp = true;
            }
            // PHP `"$var"` interpolation marker.
            if quote == b'"' && c == b'$' {
                had_interp = true;
            }
            i += 1;
        }
        if had_interp {
            EvalArgKind::Interpolated
        } else {
            EvalArgKind::StaticLiteral
        }
    } else if trimmed.starts_with(')') {
        EvalArgKind::Unknown
    } else {
        // Identifier, member access, etc.
        EvalArgKind::Variable
    }
}

// ---------------------------------------------------------------------------
// Helpers
// ---------------------------------------------------------------------------

// `node_text` lives in `ast_helpers`; imported above.

/// Parse a `sink_callee_text` string (as produced by the taint engine) into
/// a `(receiver, name)` pair suitable for `dangerous_sinks::classify_sink`.
///
/// The taint engine encodes sinks in two forms:
///   * Bare call patterns with a trailing `(`: `"eval("`, `"exec("`,
///     `"Function("`, `"setTimeout("`, `"setInterval("`.
///   * Dotted patterns: `"child_process.exec"`, `"subprocess.run"`.
///
/// For the bare forms the receiver is `""` and the name is the identifier
/// before the `(`. For the dotted forms the last `.`-delimited segment is
/// the name and everything before it is the receiver.
fn parse_sink_callee_text(text: &str) -> (&str, &str) {
    // Strip a trailing `(` that the intra-function heuristic appends.
    let text = text.trim_end_matches('(');
    if let Some(dot) = text.rfind('.') {
        (&text[..dot], &text[dot + 1..])
    } else {
        ("", text)
    }
}

// ---------------------------------------------------------------------------
// Tests
// ---------------------------------------------------------------------------

#[cfg(test)]
mod tests {
    use super::*;
    use crate::graph::builder::GraphBuilder;

    #[test]
    fn test_detects_eval_with_variable() {
        let content =
            "def process(user_input):\n    result = eval(user_input)\n    return result\n";

        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("handler.py", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "Should detect eval() with variable argument"
        );
        assert!(findings.iter().any(|f| f.detector == "EvalDetector"));
    }

    #[test]
    fn test_no_finding_for_management_command() {
        let content = "def handle(self, **options):\n    code = compile(source, '<shell>', 'exec')\n    exec(code)\n";

        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("management/commands/shell.py", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            findings.is_empty(),
            "Should not flag exec() in management/commands/. Found: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    #[test]
    fn test_no_finding_for_method_eval() {
        let content = "class Operator:\n    def eval(self, context):\n        return self.value\n\nresult = op.eval(context)\n";

        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("smartif.py", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        let eval_findings: Vec<_> = findings
            .iter()
            .filter(|f| f.title.contains("eval"))
            .collect();
        assert!(
            eval_findings.is_empty(),
            "Should not flag .eval() method call. Found: {:?}",
            eval_findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    #[test]
    fn test_no_finding_for_safe_subprocess() {
        // The migrated EvalDetector no longer scans subprocess calls
        // (those belong to CommandInjectionDetector). Confirm we don't
        // accidentally flag a safe `subprocess.run` either.
        let content = "import subprocess\n\ndef run_command(args):\n    result = subprocess.run(args, capture_output=True)\n    return result.stdout\n";

        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("runner.py", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        let subprocess_findings: Vec<_> = findings
            .iter()
            .filter(|f| {
                f.title.contains("subprocess")
                    || f.title.contains("command")
                    || f.title.contains("Shell")
                    || f.title.contains("shell")
            })
            .collect();
        assert!(
            subprocess_findings.is_empty(),
            "Should not flag subprocess.run without shell=True. Found: {:?}",
            subprocess_findings
                .iter()
                .map(|f| &f.title)
                .collect::<Vec<_>>()
        );
    }

    #[test]
    fn test_no_finding_for_literal_eval() {
        let content = "import ast\ndata = ast.literal_eval(\"[1, 2, 3]\")\n";

        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("safe.py", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            findings.is_empty(),
            "Should not flag ast.literal_eval (safe), but got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    // -----------------------------------------------------------------
    // Audit / regression tests for the AST-first migration.
    //
    // Cohort 1 (currently-passing-shape): preserved across the migration.
    // Cohort 2 (audit-shape): cases the line-based scanner could not
    //   reliably handle that the AST migration now resolves.
    // Cohort 3 (audit-pending): new-capability tests that the AST
    //   migration explicitly addresses; un-ignored as the capability
    //   lands.
    // -----------------------------------------------------------------

    /// Audit-shape: Python `eval(user_input)` on a single line — the
    /// canonical positive case both line and AST scanners must catch.
    #[test]
    fn test_detects_eval_with_user_input_python() {
        let content = "def handle(user_input):\n    return eval(user_input)\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("handler.py", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "Should detect eval(user_input). Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    /// Audit-shape: Python `exec(code_var)` — variable-arg form of exec
    /// must remain a positive across the migration.
    #[test]
    fn test_detects_exec_with_variable_python() {
        let content = "def run(code_var):\n    exec(code_var)\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("runner.py", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "Should detect exec(code_var). Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    /// Audit-shape: JS `eval(somevar)` — single-line JavaScript
    /// variable-arg eval. Listed in `file_extensions()` already; the
    /// AST migration must keep this firing.
    #[test]
    fn test_detects_eval_in_javascript() {
        let content = "function handle(somevar) {\n    return eval(somevar);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("handler.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "Should detect JS eval(somevar). Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    /// Audit-shape: JS `new Function(arg)` — dynamic-code constructor
    /// is equivalent to eval and the AST migration must flag it.
    #[test]
    fn test_detects_new_function_javascript() {
        let content =
            "function build(arg) {\n    const f = new Function(arg);\n    return f();\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("build.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "Should detect `new Function(arg)`. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    /// Audit-shape: `# eval(thing)` in a comment line — the AST never
    /// sees a `call` for content inside a `comment` node, so nothing
    /// should fire.
    #[test]
    fn test_skips_eval_in_comment() {
        let content = "def handler(x):\n    # eval(x) was removed for safety\n    return x\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("safe.py", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            findings.is_empty(),
            "eval inside a comment must not fire. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    /// Audit-shape: `msg = "use eval() for math"` — `eval(` appears
    /// inside a *string literal*, not as a call expression. The AST
    /// must skip it because the match resides inside a `string` node,
    /// not a `call`.
    #[test]
    fn test_skips_eval_in_string_literal() {
        let content = "def doc():\n    msg = \"use eval() for math\"\n    return msg\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("doc.py", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            findings.is_empty(),
            "`eval(` inside a string literal must not fire. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    /// Audit-shape: `setTimeout("alert('xss')", 100)` — passing a
    /// string as the first arg makes setTimeout an eval-equivalent.
    /// The migration inspects `arg[0]` type and fires when it is a
    /// string literal.
    #[test]
    #[allow(non_snake_case)]
    fn test_detects_setTimeout_with_string_arg() {
        let content = "function go() {\n    setTimeout(\"alert('xss')\", 100);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "setTimeout(stringArg, ...) should fire. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    /// Audit-shape: `setTimeout(() => doStuff(), 100)` — first arg is
    /// an arrow function, not a string. AST inspects arg type and
    /// skips.
    #[test]
    #[allow(non_snake_case)]
    fn test_skips_setTimeout_with_function_arg() {
        let content = "function go() {\n    setTimeout(() => doStuff(), 100);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            findings.is_empty(),
            "setTimeout(arrowFn, ms) must not fire. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    /// Regression: bare identifier (function reference) as first arg to
    /// `setTimeout` / `setInterval` must NOT fire.
    ///
    /// Real-world examples that were spuriously flagged as Critical:
    ///   `setTimeout(r, 200)`, `setInterval(sweepStaleDedupEntries, 60_000)`,
    ///   `setTimeout(resolveFn, ms)`.
    ///
    /// `EvalArgKind::Variable` describes bare identifiers — they are almost
    /// always function references when passed as the first arg to a timer API.
    /// The fix narrows `fires_for_timer()` to only string-shaped args
    /// (`StaticLiteral` | `Interpolated`).
    #[test]
    #[allow(non_snake_case)]
    fn test_skips_setTimeout_with_identifier_arg() {
        let content = "function go() {\n    setTimeout(myCallback, 100);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            findings.is_empty(),
            "setTimeout(identifier, ms) must not fire — bare identifier is a fn ref. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    #[test]
    #[allow(non_snake_case)]
    fn test_skips_setInterval_with_identifier_arg() {
        let content = "function go() {\n    setInterval(tick, 1000);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            findings.is_empty(),
            "setInterval(identifier, ms) must not fire — bare identifier is a fn ref. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    #[test]
    #[allow(non_snake_case)]
    fn test_skips_setTimeout_with_short_identifier_arg() {
        // Real-world case: `setTimeout(r, 200)` — single-letter identifier
        let content = "function go() {\n    setTimeout(r, 200);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            findings.is_empty(),
            "setTimeout(r, ms) must not fire — single-char identifier is a fn ref. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    /// String-form timer calls MUST still fire (the dangerous legacy eval pattern).
    #[test]
    #[allow(non_snake_case)]
    fn test_detects_setTimeout_with_string_arg_still_fires() {
        let content = "function bad() {\n    setTimeout(\"alert('xss')\", 100);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("bad.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "setTimeout(string, ms) must still fire. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    #[test]
    #[allow(non_snake_case)]
    fn test_detects_setInterval_with_string_arg_still_fires() {
        let content = "function bad() {\n    setInterval(\"doStuff()\", 1000);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("bad.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "setInterval(string, ms) must still fire. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    /// Audit-shape: `class X: def eval(self): ...` plus `op.eval(ctx)` —
    /// neither is a call to the builtin. The AST equivalent is "callee
    /// is an `attribute` node, not a bare `identifier "eval"`" — yields
    /// no findings.
    #[test]
    fn test_skips_eval_as_method_name() {
        let content = "class Operator:\n    def eval(self, ctx):\n        return ctx\n\nresult = op.eval(ctx)\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("operator.py", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        let eval_findings: Vec<_> = findings
            .iter()
            .filter(|f| f.title.to_lowercase().contains("eval"))
            .collect();
        assert!(
            eval_findings.is_empty(),
            "Method-name `eval` must not be confused with builtin. Got: {:?}",
            eval_findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    /// Audit-pending → resolved: ``eval(`foo ${bar}`)`` — JS template
    /// literal with interpolation. AST walks into `template_string`,
    /// locates `template_substitution`, classifies as Interpolated.
    #[test]
    fn test_detects_eval_in_template_literal_concat_js() {
        let content = "function run(bar) {\n    return eval(`foo ${bar}`);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("run.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "eval(`foo ${{bar}}`) should fire. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    /// Audit-pending → resolved: variable-arg eval should be Critical/
    /// High; literal-arg eval should not produce a finding (Low filter).
    /// Per-call argument-aware severity differentiation.
    #[test]
    fn test_severity_critical_for_user_input_low_for_literal() {
        let content = "def both(user_input):\n    a = eval(user_input)\n    b = eval(\"1 + 1\")\n    return (a, b)\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("both.py", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        let var_finding = findings.iter().find(|f| f.line_start == Some(2));
        let lit_finding = findings.iter().find(|f| f.line_start == Some(3));
        assert!(
            var_finding.is_some(),
            "Variable-arg eval on line 2 must produce a finding"
        );
        let var_sev = var_finding.expect("checked Some above").severity;
        assert!(
            matches!(var_sev, Severity::Critical | Severity::High),
            "Variable-arg eval should be Critical/High; got {:?}",
            var_sev
        );
        if let Some(lit) = lit_finding {
            assert!(
                matches!(lit.severity, Severity::Low),
                "Literal-arg eval, if reported, must be Low; got {:?}",
                lit.severity
            );
        }
    }

    /// Audit-pending → resolved: `compile(user_code, '<string>',
    /// 'exec')` — the AST inspects the 3rd positional arg as a string
    /// literal, recognizes `'exec'` mode, and fires.
    #[test]
    fn test_detects_python_compile_with_exec_mode() {
        let content = "def build(user_code):\n    code = compile(user_code, '<string>', 'exec')\n    exec(code)\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("compile_use.py", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "compile(user_code, '<string>', 'exec') must fire. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    // -----------------------------------------------------------------
    // Audit-pass regression tests (post-`ac8400c6` self-audit).
    // Each test name embeds the audit finding ID so the link from the
    // audit report → fix → test is unambiguous.
    // -----------------------------------------------------------------

    // ----- B1: member-of-member receiver chains -----

    #[test]
    fn test_b1_member_of_member_vm_runinthiscontext_detected() {
        let content = "function go(userCode) {\n    this.vm.runInThisContext(userCode);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "B1: this.vm.runInThisContext(...) must fire. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    #[test]
    fn test_b1_globalthis_eval_detected() {
        let content = "function go(userCode) {\n    globalThis.eval(userCode);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "B1: globalThis.eval(...) must fire. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    #[test]
    fn test_b1_window_eval_detected() {
        let content = "function go(userCode) {\n    window.eval(userCode);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "B1: window.eval(...) must fire. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    #[test]
    fn test_b1_self_vm_runinthiscontext_detected() {
        let content = "function go(userCode) {\n    self.vm.runInThisContext(userCode);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "B1: self.vm.runInThisContext(...) must fire. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    // ----- B4: classifier wrapper-descent -----

    #[test]
    fn test_b4_python_ternary_arg_classified_as_variable() {
        let content = "def go(cond, a, b):\n    eval(a if cond else b)\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.py", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        let f = findings
            .iter()
            .find(|f| f.line_start == Some(2))
            .expect("B4: eval(ternary) must fire");
        assert!(
            matches!(f.severity, Severity::Critical),
            "B4: eval(a if cond else b) should be Critical (Variable), got {:?}",
            f.severity
        );
    }

    #[test]
    fn test_b4_python_await_arg_classified_as_variable() {
        let content = "async def go():\n    exec(await get_code())\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.py", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        let f = findings
            .iter()
            .find(|f| f.line_start == Some(2))
            .expect("B4: exec(await ...) must fire");
        assert!(
            matches!(f.severity, Severity::Critical),
            "B4: exec(await get_code()) should be Critical (Variable), got {:?}",
            f.severity
        );
    }

    #[test]
    fn test_b4_js_ternary_arg_classified_as_variable() {
        let content = "function go(cond, a, b) {\n    eval(cond ? a : b);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        let f = findings
            .iter()
            .find(|f| f.line_start == Some(2))
            .expect("B4: eval(ternary) must fire");
        assert!(
            matches!(f.severity, Severity::Critical),
            "B4: eval(cond ? a : b) should be Critical (Variable), got {:?}",
            f.severity
        );
    }

    #[test]
    fn test_b4_ts_as_expression_arg_classified_as_variable() {
        let content = "function go(x: any) {\n    eval(x as string);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.ts", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        let f = findings
            .iter()
            .find(|f| f.line_start == Some(2))
            .expect("B4: eval(x as string) must fire");
        assert!(
            matches!(f.severity, Severity::Critical),
            "B4: eval(x as string) should be Critical (Variable), got {:?}",
            f.severity
        );
    }

    // ----- B7: indirect eval -----

    #[test]
    fn test_b7_indirect_eval_comma_zero_detected() {
        let content = "function go(userCode) {\n    (0, eval)(userCode);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "B7: (0, eval)(code) must fire. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    #[test]
    fn test_b7_parenthesized_eval_detected() {
        let content = "function go(userCode) {\n    (eval)(userCode);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "B7: (eval)(code) must fire. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    // ----- B11: eval.call / eval.apply -----

    #[test]
    fn test_b11_eval_call_detected() {
        let content = "function go(userCode) {\n    eval.call(null, userCode);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "B11: eval.call(null, code) must fire. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    #[test]
    fn test_b11_eval_apply_detected() {
        let content = "function go(userCode) {\n    eval.apply(null, [userCode]);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "B11: eval.apply(null, [code]) must fire. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    // ----- B13: new vm.Script(code).runInThisContext() -----

    #[test]
    fn test_b13_new_vm_script_detected() {
        let content =
            "function go(userCode) {\n    new vm.Script(userCode).runInThisContext();\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "B13: new vm.Script(code).runInThisContext() must fire. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    // ----- B8: language-agnostic route-handler boost -----

    #[test]
    fn test_b8_camelcase_handler_name_boosts_severity() {
        // `getUser` is a JS-style handler with a *string-literal* code arg —
        // `setTimeout("doStuff()", 100)` — which is the eval-like pattern and
        // must fire Critical.
        //
        // Previously this test used `setTimeout(req.body.code, 100)`, which
        // classifies as `Variable` (member expression). Under the narrowed
        // `fires_for_timer()` contract (only `StaticLiteral | Interpolated`
        // fires), a member-expression arg is indistinguishable at static
        // analysis time from a function reference and is no longer flagged —
        // consistent with the fix for the `setTimeout(r, ms)` false-positive
        // (10 spurious Criticals reported in real JS repos).
        let content = "function getUser(req) {\n    setTimeout(\"req.body.code\", 100);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("h.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "B8: getUser handler with setTimeout(stringLiteral) must still fire."
        );
    }

    // ----- B17: PHP assert(boolean) must NOT fire -----

    #[test]
    fn test_b17_php_assert_boolean_does_not_fire() {
        let content = "<?php\nfunction check($x) {\n    assert($x === 1);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("c.php", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            findings.is_empty(),
            "B17: PHP assert(boolean) must not fire. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    #[test]
    fn test_b17_php_assert_string_still_fires() {
        let content = "<?php\nfunction bad($x) {\n    assert(\"$x === 1\");\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("b.php", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            !findings.is_empty(),
            "B17: PHP assert(\"...\") with string must still fire. Got: {:?}",
            findings.iter().map(|f| &f.title).collect::<Vec<_>>()
        );
    }

    // ----- B14 (NIT): eval(arrowFn) downgraded -----

    #[test]
    fn test_b14_eval_arrow_function_not_critical() {
        // eval(() => ...) coerces to "[object Function]" string at runtime,
        // not actual code execution. Should be Low (filtered).
        let content = "function go() {\n    eval(() => doStuff());\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("g.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        // After downgrade to Low, the post-filter should drop it.
        assert!(
            findings
                .iter()
                .all(|f| !matches!(f.severity, Severity::Critical)),
            "B14: eval(arrowFn) must NOT be Critical. Got: {:?}",
            findings
                .iter()
                .map(|f| (&f.title, f.severity))
                .collect::<Vec<_>>()
        );
    }

    // ----- B3 (NIT): concatenated_string mode arg recognized -----

    #[test]
    fn test_b3_python_compile_concatenated_string_mode() {
        // `'ex' 'ec'` parses as concatenated_string. After fix, the
        // joined value `'exec'` should be recognized as dangerous.
        let content = "def b(src):\n    code = compile(src, '<x>', 'ex' 'ec')\n    exec(code)\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("c.py", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        // The compile call must still fire (dangerous-mode confirmed).
        assert!(
            findings.iter().any(|f| f.line_start == Some(2)),
            "B3: compile(..., 'ex' 'ec') must fire on line 2. Got: {:?}",
            findings
                .iter()
                .map(|f| (f.line_start, &f.title))
                .collect::<Vec<_>>()
        );
    }

    // ----- Python from-import alias resolution -----

    /// `from builtins import eval; eval(user_code)` — the bare-call
    /// must fire Critical. This locks in the from-import scenario;
    /// the `match_eval_site` Python branch already accepts bare
    /// `eval` as the callee, so the alias map is not strictly required
    /// for this case, but the test guards against future regressions
    /// where a stricter callee filter (e.g. namespace check) might be
    /// added.
    #[test]
    fn test_python_bare_eval_after_from_import() {
        let content =
            "from builtins import eval\n\ndef handle(user_code):\n    return eval(user_code)\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("h.py", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            findings
                .iter()
                .any(|f| f.line_start == Some(4) && f.severity == Severity::Critical),
            "Should fire Critical on `eval(user_code)` after `from builtins import eval`. Got: {:?}",
            findings
                .iter()
                .map(|f| (f.line_start, f.severity, &f.title))
                .collect::<Vec<_>>()
        );
    }

    /// Audit shape: `import builtins as bi; bi.eval(code)`.
    ///
    /// `bi.eval(...)` is an attribute call. Previously the Python branch
    /// of `match_eval_site` rejected anything but bare-identifier
    /// callees, so this idiom was missed. With the module-alias
    /// resolver the receiver `bi` resolves to `builtins`, and the call
    /// is treated as `builtins.eval(...)`.
    #[test]
    fn test_python_aliased_module_eval_detected() {
        let content =
            "import builtins as bi\n\ndef handle(user_code):\n    return bi.eval(user_code)\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("h.py", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");
        assert!(
            findings
                .iter()
                .any(|f| f.line_start == Some(4) && f.severity == Severity::Critical),
            "Should fire Critical on `bi.eval(user_code)` after `import builtins as bi`. Got: {:?}",
            findings
                .iter()
                .map(|f| (f.line_start, f.severity, &f.title))
                .collect::<Vec<_>>()
        );
    }

    // ----- Task 8f: Blocking-tier tests -----

    /// A finding that arrives via a synthetic SSA taint path hitting an eval
    /// sink must be promoted to `Tier::Blocking` with `Evidence::TaintPath`.
    ///
    /// We inject a pre-built `TaintPath` directly into the detector's
    /// `precomputed_intra` cache so the test does not depend on the real
    /// intra-function taint engine recognising the fixture code.
    #[test]
    fn taint_to_eval_sink_is_blocking() {
        use crate::detectors::taint::TaintPath;
        use crate::models::{Evidence, Tier};

        // A Python file with eval(user_input) — line 2, so line_start = 2.
        let content = "def handler(user_input):\n    eval(user_input)\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));

        // Inject a synthetic TaintPath that the blocking-tier upgrade loop will pick up.
        // sink_file must match the filename used in test_with_mock_files.
        let taint_path = TaintPath {
            source_function: "handler".to_string(),
            source_file: "handler.py".to_string(),
            source_line: 1,
            sink_function: "eval".to_string(),
            sink_file: "handler.py".to_string(),
            sink_line: 2,
            category: crate::detectors::taint::TaintCategory::CodeInjection,
            call_chain: vec![],
            is_sanitized: false,
            sanitizer: None,
            confidence: 0.95,
            sink_callee_text: "eval(".to_string(),
            sanitizers_on_path: vec![],
        };
        detector
            .precomputed_intra
            .set(vec![taint_path])
            .expect("OnceLock must be unset");

        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("handler.py", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");

        let f = findings
            .iter()
            .find(|f| f.line_start == Some(2))
            .expect("eval(user_input) on line 2 must produce a finding");

        assert_eq!(
            f.tier,
            Tier::Blocking,
            "SSA taint-to-eval sink must be Tier::Blocking; got {:?}",
            f.tier
        );
        assert!(
            f.deterministic,
            "Blocking taint finding must have deterministic = true"
        );
        assert!(
            f.confidence.unwrap_or(0.0) >= 0.90,
            "Blocking taint finding must have confidence >= 0.90; got {:?}",
            f.confidence
        );
        assert!(
            matches!(
                f.evidence,
                Some(Evidence::TaintPath { ref sink_kind, .. }) if sink_kind == "eval"
            ),
            "Blocking finding must carry Evidence::TaintPath with sink_kind = \"eval\"; got {:?}",
            f.evidence
        );
    }

    /// A finding from a string-literal eval call (no taint path) must stay Advisory.
    /// This guards the FP-fixed line path.
    #[test]
    fn eval_of_string_literal_is_advisory() {
        use crate::models::Tier;

        // eval("1 + 1") — StaticLiteral → Low severity → filtered out entirely.
        // Use a variable arg instead so we get a finding, but still no taint path
        // (the precomputed caches are empty, so the blocking-upgrade loop runs
        // with zero paths and leaves the finding at Advisory).
        let content = "def run(x):\n    eval(x)\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        // No taint path injected — precomputed_intra stays empty.
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("run.py", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");

        // There should be a finding for eval(x) but it must NOT be Blocking.
        let f = findings
            .iter()
            .find(|f| f.line_start == Some(2))
            .expect("eval(x) on line 2 must produce a finding");

        assert_eq!(
            f.tier,
            Tier::Advisory,
            "eval(x) without a taint path must stay Advisory; got {:?}",
            f.tier
        );
        assert!(
            f.evidence.is_none(),
            "Advisory finding must have no evidence; got {:?}",
            f.evidence
        );
    }

    /// A taint path that hits a callee not in DANGEROUS_SINKS (e.g. `console.log`)
    /// must produce no Blocking finding for the EvalDetector.
    #[test]
    fn taint_to_benign_callee_is_advisory() {
        use crate::detectors::taint::TaintPath;
        use crate::models::Tier;

        // eval(x) is on line 2 and will be detected. We inject a taint path that
        // points to `console.log` (a benign callee) — NOT to the eval on line 2.
        // The blocking loop must NOT promote the eval finding.
        let content = "function go(x) {\n    eval(x);\n}\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));

        let benign_path = TaintPath {
            source_function: "go".to_string(),
            source_file: "go.js".to_string(),
            source_line: 1,
            sink_function: "console.log".to_string(),
            sink_file: "go.js".to_string(),
            sink_line: 2,
            category: crate::detectors::taint::TaintCategory::CodeInjection,
            call_chain: vec![],
            is_sanitized: false,
            sanitizer: None,
            confidence: 0.90,
            // "console.log(" → receiver = "console", name = "log" → not in JS DANGEROUS_SINKS
            sink_callee_text: "console.log(".to_string(),
            sanitizers_on_path: vec![],
        };
        detector
            .precomputed_intra
            .set(vec![benign_path])
            .expect("OnceLock must be unset");

        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.js", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");

        // eval(x) on line 2 should fire but stay Advisory — the injected path hits
        // the same line but classifies to a non-Eval sink kind.
        let f = findings.iter().find(|f| f.line_start == Some(2));
        if let Some(f) = f {
            assert_eq!(
                f.tier,
                Tier::Advisory,
                "Taint to benign callee must leave eval finding at Advisory; got {:?}",
                f.tier
            );
        }
    }

    /// A finding produced purely by the line/regex heuristic (Ruby `eval(code)`)
    /// must always be Advisory — no taint path is injected.
    #[test]
    fn line_heuristic_match_is_advisory() {
        use crate::models::Tier;

        let content = "def go(code)\n  eval(code)\nend\n";
        let store = GraphBuilder::new().freeze();
        let detector = EvalDetector::with_repository_path(PathBuf::from("/mock/repo"));
        let ctx = crate::detectors::analysis_context::AnalysisContext::test_with_mock_files(
            &store,
            vec![("go.rb", content)],
        );
        let findings = detector.detect(&ctx).expect("detection should succeed");

        // Ruby eval(code) fires via the line path.
        let f = findings
            .iter()
            .find(|f| f.detector == "EvalDetector")
            .expect("Ruby eval(code) must produce a finding");

        assert_eq!(
            f.tier,
            Tier::Advisory,
            "Line-heuristic finding must be Advisory; got {:?}",
            f.tier
        );
        assert!(
            f.evidence.is_none(),
            "Line-heuristic finding must have no evidence; got {:?}",
            f.evidence
        );
    }

    // ----- parse_sink_callee_text unit tests -----

    #[test]
    fn test_parse_sink_callee_text_bare_call() {
        assert_eq!(super::parse_sink_callee_text("eval("), ("", "eval"));
        assert_eq!(super::parse_sink_callee_text("exec("), ("", "exec"));
        assert_eq!(super::parse_sink_callee_text("Function("), ("", "Function"));
        assert_eq!(
            super::parse_sink_callee_text("setTimeout("),
            ("", "setTimeout")
        );
    }

    #[test]
    fn test_parse_sink_callee_text_dotted() {
        assert_eq!(
            super::parse_sink_callee_text("child_process.exec"),
            ("child_process", "exec")
        );
        assert_eq!(
            super::parse_sink_callee_text("subprocess.run"),
            ("subprocess", "run")
        );
    }
}