runWithReporter method
Override this method to implement your lint rule.
Use context to register callbacks for AST node types:
context.addMethodInvocation((node) {
if (condition) {
reporter.atNode(node);
}
});
Implementation
@override
void runWithReporter(
SaropaDiagnosticReporter reporter,
SaropaContext context,
) {
// Check OAuth constructor calls for PKCE parameters
context.addInstanceCreationExpression((InstanceCreationExpression node) {
final String typeName = node.constructorName.type.name.lexeme;
if (!_oauthConstructors.contains(typeName)) return;
// Check for PKCE-related parameters
for (final Expression arg in node.argumentList.arguments) {
if (arg is NamedExpression) {
final String paramName = arg.name.label.name;
if (paramName == 'codeVerifier' ||
paramName == 'codeChallenge' ||
paramName == 'pkce') {
return; // Has PKCE, OK
}
}
}
reporter.atNode(node.constructorName, code);
});
// Check OAuth method calls
context.addMethodInvocation((MethodInvocation node) {
if (!_oauthMethods.contains(node.methodName.name)) return;
// Check if target looks like an OAuth/AppAuth instance
final String? targetSource = node.target?.toSource();
if (targetSource == null) return;
final bool isOAuth = _oauthTargetPatterns.any(
(p) => p.hasMatch(targetSource),
);
if (!isOAuth) return;
// Check if arguments contain PKCE parameters
final String argsSource = node.argumentList.toSource();
if (argsSource.contains('codeVerifier') ||
argsSource.contains('codeChallenge') ||
argsSource.contains('pkce')) {
return; // Has PKCE, OK
}
reporter.atNode(node);
});
}