refactor(dynamic): enhance SQS framework binding logic and auto-detect broker dependencies in Python/JavaScript

2026-06-12 19:55:14 +02:00 · 2026-05-23 14:02:18 -05:00 · 2026-05-23 14:02:18 -05:00 · aaa1fd7ede
commit aaa1fd7ede
parent fe09986a25
3 changed files with 340 additions and 19 deletions
--- a/src/dynamic/framework/adapters/sqs_node.rs
+++ b/src/dynamic/framework/adapters/sqs_node.rs
@ -4,6 +4,7 @@
 use crate::dynamic::framework::{FrameworkAdapter, FrameworkBinding};
 use crate::evidence::EntryKind;
 use crate::summary::FuncSummary;
+use crate::summary::ssa_summary::SsaFuncSummary;
 use crate::symbol::Lang;

 pub struct SqsNodeAdapter;
@ -58,32 +59,82 @@ impl FrameworkAdapter for SqsNodeAdapter {
    fn detect(
        &self,
        summary: &FuncSummary,
-        _ast: tree_sitter::Node<'_>,
+        ast: tree_sitter::Node<'_>,
        file_bytes: &[u8],
    ) -> Option<FrameworkBinding> {
-        let matches_call = super::any_callee_matches(summary, callee_is_sqs);
-        let matches_source = source_imports_sqs(file_bytes);
-        if matches_call || matches_source {
-            Some(FrameworkBinding {
-                adapter: ADAPTER_NAME.to_owned(),
-                kind: EntryKind::MessageHandler {
-                    queue: extract_queue(file_bytes),
-                    message_schema: None,
-                },
-                route: None,
-                request_params: Vec::new(),
-                response_writer: None,
-                middleware: Vec::new(),
-            })
-        } else {
-            None
+        detect_sqs_node(summary, None, ast, file_bytes)
+    }
+
+    fn detect_with_context(
+        &self,
+        summary: &FuncSummary,
+        ssa_summary: Option<&SsaFuncSummary>,
+        ast: tree_sitter::Node<'_>,
+        file_bytes: &[u8],
+    ) -> Option<FrameworkBinding> {
+        detect_sqs_node(summary, ssa_summary, ast, file_bytes)
+    }
+}
+
+fn detect_sqs_node(
+    summary: &FuncSummary,
+    ssa_summary: Option<&SsaFuncSummary>,
+    _ast: tree_sitter::Node<'_>,
+    file_bytes: &[u8],
+) -> Option<FrameworkBinding> {
+    let matches_call = super::any_callee_matches(summary, callee_is_sqs);
+    let matches_source = source_imports_sqs(file_bytes);
+    if !(matches_call || matches_source) {
+        return None;
+    }
+    if !sqs_receiver_facts_allow(summary, ssa_summary) {
+        return None;
+    }
+    Some(FrameworkBinding {
+        adapter: ADAPTER_NAME.to_owned(),
+        kind: EntryKind::MessageHandler {
+            queue: extract_queue(file_bytes),
+            message_schema: None,
+        },
+        route: None,
+        request_params: Vec::new(),
+        response_writer: None,
+        middleware: Vec::new(),
+    })
+}
+
+fn sqs_receiver_facts_allow(summary: &FuncSummary, ssa_summary: Option<&SsaFuncSummary>) -> bool {
+    let Some(ssa_summary) = ssa_summary else {
+        return true;
+    };
+    for site in &summary.callees {
+        if !callee_is_sqs(&site.name) || site.receiver.is_none() {
+            continue;
+        }
+        let Some(container) = ssa_summary
+            .typed_call_receivers
+            .iter()
+            .find(|(ord, _)| *ord == site.ordinal)
+            .map(|(_, container)| container.as_str())
+        else {
+            continue;
+        };
+        if !typed_container_allows_sqs(container) {
+            return false;
        }
    }
+    true
+}
+
+fn typed_container_allows_sqs(container: &str) -> bool {
+    let lc = container.to_ascii_lowercase();
+    lc.contains("sqs") || lc.contains("queue") || lc == "consumer"
 }

 #[cfg(test)]
 mod tests {
    use super::*;
+    use crate::summary::CalleeSite;

    fn parse_js(src: &[u8]) -> tree_sitter::Tree {
        let mut parser = tree_sitter::Parser::new();
@ -109,4 +160,54 @@ mod tests {
            assert_eq!(queue, "http://localhost/q");
        }
    }
+
+    #[test]
+    fn ssa_receiver_type_rejects_non_sqs_send_collision() {
+        let src: &[u8] = b"const { SQSClient } = require('@aws-sdk/client-sqs');\n\
+            function handler(env) {}\n\
+            Promise.resolve().send(handler);\n";
+        let tree = parse_js(src);
+        let mut summary = FuncSummary {
+            name: "handler".into(),
+            ..Default::default()
+        };
+        summary.callees.push(CalleeSite {
+            name: "promise.send".to_owned(),
+            receiver: Some("promise".to_owned()),
+            ordinal: 0,
+            ..Default::default()
+        });
+        let mut ssa = SsaFuncSummary::default();
+        ssa.typed_call_receivers.push((0, "Promise".to_owned()));
+        assert!(
+            SqsNodeAdapter
+                .detect_with_context(&summary, Some(&ssa), tree.root_node(), src)
+                .is_none()
+        );
+    }
+
+    #[test]
+    fn ssa_receiver_type_keeps_sqs_client_send() {
+        let src: &[u8] = b"const { SQSClient } = require('@aws-sdk/client-sqs');\n\
+            function handler(env) {}\n\
+            client.send(handler);\n";
+        let tree = parse_js(src);
+        let mut summary = FuncSummary {
+            name: "handler".into(),
+            ..Default::default()
+        };
+        summary.callees.push(CalleeSite {
+            name: "client.send".to_owned(),
+            receiver: Some("client".to_owned()),
+            ordinal: 0,
+            ..Default::default()
+        });
+        let mut ssa = SsaFuncSummary::default();
+        ssa.typed_call_receivers.push((0, "SQSClient".to_owned()));
+        assert!(
+            SqsNodeAdapter
+                .detect_with_context(&summary, Some(&ssa), tree.root_node(), src)
+                .is_some()
+        );
+    }
 }