release: 0.1.0-dev.4 (#15)

* fix(secrets): include keys detection

* fix(rules): secure random detection

* test(rules): add test for random secure

* refactor: fix naming of visitor

* feat: improve analysis report handling

* refactor: improve report handling

* refactor: improve config parsing

* refactor: proper class declaration

* chore: check todos

* chore: raise version

* refactor: add rule registering

* feat: implict current folder for analysis

* chore: update CHANGELOG

* style: formatting

* style: formatting

* style: formatting

* chore: add .pubignore

Author: yardexx

.pubignore

@@ -0,0 +1,3 @@
+docs/
+resources/
+.github/

CHANGELOG.md

@@ -5,6 +5,28 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.1.0-dev.4] - 2025-10-08
+
+### Added
+- Implicit current folder analysis - users can now run analysis without specifying a target directory ([issue #6](https://github.com/yardexx/dart_shield/issues/6))
+- Rule registry system for better rule management and organization
+- Improved analysis report handling with better error reporting and progress tracking ([issue #9](https://github.com/yardexx/dart_shield/issues/9))
+
+### Changed
+- Enhanced configuration parsing for better flexibility
+- Improved report handling and project report structure
+- Refactored class declarations for better code organization
+- Updated visitor naming for consistency
+
+### Fixed
+- Secure random detection in crypto rules
+- Hardcoded secrets detection now includes key detection
+- Various rule detection improvements
+
+### Tests
+- Added comprehensive tests for secure random rule
+- Enhanced test coverage for configuration parsing
+
 ## [0.1.0-dev.3] - 2024-08-31
 
 ### Added

README.md

@@ -73,16 +73,17 @@ dart_shield init -f
 dart_shield init --force
 ```
 
-To analyze your Dart code for potential security flaws, run the following command,
-specifying the directory:
+To analyze your Dart code for potential security flaws, run the following command:
 
 ```bash
+# Analyze current directory (default)
+dart_shield analyze
+
+# Or explicitly specify a directory
 dart_shield analyze .
+dart_shield analyze lib
 ```
 
-> **Note:** The . at the end of the command specifies the directory to be analyzed and must always
-> be included. The command does not automatically add it.
-
 This command analyzes your Dart code based on the configuration in the shield_options.yaml file.
 If the configuration file is not found, the command will fail.
 

assets/shield_secrets.yaml

@@ -1,4 +1,7 @@
-# TODO: Bundle this using native assets feature stable: https://github.com/dart-lang/sdk/issues/53562
+# Workaround: This file is duplicated in lib/assets/shield_secrets_dart.dart
+# because Dart doesn't support native assets yet.
+# See: https://github.com/dart-lang/sdk/issues/53562
+# TODO: Use native assets when Dart SDK supports it
 shield_patterns:
   version: 0.1.0-dev.1
   secrets:

lib/assets/shield_secrets_dart.dart

@@ -1,5 +1,7 @@
-// Copy of [shield_secrets.dart] because Dart doesn't support assets.
-// TODO: Remove this file once Dart supports assets: https://github.com/dart-lang/sdk/issues/53562
+// Copy of [shield_secrets.yaml] because Dart doesn't support native assets yet.
+// This is a workaround until Dart SDK adds native asset support.
+// See: https://github.com/dart-lang/sdk/issues/53562
+// TODO: Remove this file and use native assets when Dart SDK supports it
 
 const String shieldSecretsSource = r'''
 shield_patterns:

lib/src/cli/commands/analyze.dart

@@ -47,7 +47,7 @@ class AnalyzeCommand extends ShieldCommand {
     final progress = logger.progress('Creating workspace');
 
     final workspace = Workspace(
-      analyzedPaths: argResults.rest,
+      analyzedPaths: argResults.rest.isEmpty ? ['.'] : argResults.rest,
       rootFolder: Directory.current.path,
     );
 
@@ -68,6 +68,15 @@ class AnalyzeCommand extends ShieldCommand {
   ) async {
     final progress = logger.progress('Analyzing project');
     final report = await _analyzer.analyzeFromCli(workspace, config);
+
+    // Log skipped files if any
+    if (report.skippedFiles.isNotEmpty) {
+      logger.warn('Could not analyze ${report.skippedFiles.length} file(s):');
+      for (final file in report.skippedFiles) {
+        logger.warn('  - $file');
+      }
+    }
+
     progress.complete('Project analyzed.');
     return report;
   }

lib/src/cli/commands/shield_command.dart

@@ -24,6 +24,7 @@ abstract class ShieldCommand extends Command<int> {
   }
 
   bool get targetsExist {
+    if (argResults.rest.isEmpty) return true; // Default to current directory
     return argResults.rest.length == 1 &&
         Directory(argResults.rest.first).existsSync();
   }

lib/src/security_analyzer/configuration/lint_rule_converter.dart

@@ -1,6 +1,6 @@
 import 'package:dart_shield/src/security_analyzer/rules/enums/enums.dart';
 import 'package:dart_shield/src/security_analyzer/rules/rule/rule.dart';
-import 'package:dart_shield/src/security_analyzer/rules/rule_creator.dart';
+import 'package:dart_shield/src/security_analyzer/rules/rule_registry.dart';
 import 'package:json_annotation/json_annotation.dart';
 
 class LintRuleConverter implements JsonConverter<LintRule, String> {
@@ -9,7 +9,7 @@ class LintRuleConverter implements JsonConverter<LintRule, String> {
   // Todo: Implement file exclusion
   @override
   LintRule fromJson(String name) {
-    final rule = RuleCreator.createRule(
+    final rule = RuleRegistry.createRule(
       id: RuleId.fromYamlName(name),
       excludes: [],
     );

lib/src/security_analyzer/configuration/shield_config.dart

@@ -32,35 +32,62 @@ class ShieldConfig {
   }
 
   factory ShieldConfig.fromFile(String path) {
-    final content = File(path).readAsStringSync();
-    final dartMap = yamlToDartMap(loadYaml(content)) as Map<String, dynamic>;
-    return ShieldConfig.fromYaml(dartMap);
+    try {
+      final content = File(path).readAsStringSync();
+      final dartMap = yamlToDartMap(loadYaml(content)) as Map<String, dynamic>;
+      return ShieldConfig.fromYaml(dartMap);
+    } on FileSystemException catch (e) {
+      throw InvalidConfigurationException(
+        'Could not read config file at $path: ${e.message}',
+      );
+    } on YamlException catch (e) {
+      throw InvalidConfigurationException(
+        'Invalid YAML in config file at $path: ${e.message}',
+      );
+    } catch (e) {
+      throw InvalidConfigurationException(
+        'Invalid configuration structure in $path: $e',
+      );
+    }
   }
 
   // Verifies the validity of the configuration
   void _verifyValidity() {
     // Ensure no experimental rules are in the main rules list
-    if (rules.any((rule) => rule.status == RuleStatus.experimental)) {
-      throw const InvalidConfigurationException(
-        'Rules with status experimental are not allowed in the rules list',
+    final experimentalInMainRules =
+        rules.where((rule) => rule.status == RuleStatus.experimental).toList();
+    if (experimentalInMainRules.isNotEmpty) {
+      final ruleNames =
+          experimentalInMainRules.map((rule) => rule.id.name).join(', ');
+      throw InvalidConfigurationException(
+        'Found experimental rule(s) in the "rules" list: $ruleNames. '
+        'Move these to "experimental-rules" list.',
       );
     }
 
     // Ensure experimental rules are only allowed if the experimental flag is
     // enabled
     if (!enableExperimental && experimentalRules.isNotEmpty) {
-      throw const InvalidConfigurationException(
-        'Experimental rules are not allowed when the experimental flag is '
-        'disabled',
+      final ruleNames =
+          experimentalRules.map((rule) => rule.id.name).join(', ');
+      throw InvalidConfigurationException(
+        'Found experimental rule(s) in "experimental-rules" list: $ruleNames, '
+        'but "enable-experimental" is set to false. '
+        'Set "enable-experimental" to true to use these rules.',
       );
     }
 
     // Ensure only experimental rules are in the experimental rules list
-    if (experimentalRules
-        .any((rule) => rule.status != RuleStatus.experimental)) {
-      throw const InvalidConfigurationException(
-        'Only rules with status experimental are allowed in the experimental '
-        'rules list',
+    final nonExperimentalInExperimentalRules = experimentalRules
+        .where((rule) => rule.status != RuleStatus.experimental)
+        .toList();
+    if (nonExperimentalInExperimentalRules.isNotEmpty) {
+      final ruleNames = nonExperimentalInExperimentalRules
+          .map((rule) => rule.id.name)
+          .join(', ');
+      throw InvalidConfigurationException(
+        'Found non-experimental rule(s) in "experimental-rules" list: '
+        '$ruleNames. Move these to the "rules" list.',
       );
     }
   }

lib/src/security_analyzer/report/analysis_report/project_report.dart

@@ -5,6 +5,7 @@ class ProjectReport {
   ProjectReport({
     required this.path,
     required this.fileReports,
+    this.skippedFiles = const [],
   });
 
   factory ProjectReport.empty(String path) {
@@ -16,6 +17,7 @@ class ProjectReport {
 
   final String path;
   final List<FileReport> fileReports;
+  List<String> skippedFiles;
 
   int get criticalCount =>
       fileReports.map((report) => report.criticalCount).sum;