Remove get ts info step

[whoisarpit]

PR Checklist

• The commit message follows our guidelines: Code of conduct
• Tests for the changes have been added (for bug fixes / features)
• Docs have been added / updated (for bug fixes / features)
• Does this PR introduce a breaking change?
• Include PR in release notes?

PR Type

• Bugfix
• Feature
• Refactoring
• Build /CI
• Documentation
• Others

What is the current behavior?

Issue Number: N/A

What is the new behavior?

Other information

[patched-admin]

File Changed: patchwork/steps/GetTypescriptTypeInfo/GetTypescriptTypeInfo.py

Rule 1: Do not ignore potential bugs in the code

Details: The code contains potential bugs related to file handling and subprocess execution that should be addressed:

1. No error handling for file operations
2. No validation of input parameters
3. No timeout handling for subprocess execution
4. No checks if the temporary output file exists before attempting to remove it

Affected Code Snippet:

subprocess.run(["tsx", _DEFAULT_TS_FILE, full_file_path, variable_name], check=True, cwd=cwd)

# Read the output file
output_path = os.path.join(cwd, "temp_output_declaration.txt")
with open(output_path, "r") as f:
    type_info = f.read()

# Clean up the temporary file
os.remove(output_path)

Start Line: 26
End Line: 35

---

Rule 2: Do not overlook possible security vulnerabilities

Details: The code contains several security vulnerabilities:

1. Uses unsanitized input for file paths which could lead to path traversal attacks
2. No validation of variable_name input which could lead to command injection
3. Fixed temporary file name could lead to race conditions in multi-user scenarios
4. Executes external commands without proper security controls

Affected Code Snippet:

file_path = self.inputs["file_path"]
variable_name = self.inputs["variable_name"]
cwd = Path.cwd()
full_file_path = os.path.join(cwd, file_path)

subprocess.run(["tsx", _DEFAULT_TS_FILE, full_file_path, variable_name], check=True, cwd=cwd)

Start Line: 21
End Line: 26

File Changed: patchwork/steps/GetTypescriptTypeInfo/README.md

Rule 1: Do not ignore potential bugs in the code
Details: The documentation reveals a potential bug where temporary file handling could fail if the file system is read-only or if there are permission issues. Additionally, there's no error handling mentioned for the case where the tsx command fails or the temporary file operations fail.

Affected Code Snippet:

3. The script writes the type information to a temporary file (`temp_output_declaration.txt`).
4. The step reads this temporary file to get the type information.
5. Finally, it cleans up by removing the temporary file and returns the type information.

Start Line: 17
End Line: 19

---

Rule 2: Do not overlook possible security vulnerabilities
Details: The code introduces potential security vulnerabilities through its use of temporary files and command execution. The documentation doesn't mention any input validation for file_path and variable_name, which could lead to path traversal attacks or command injection vulnerabilities if not properly sanitized.

Affected Code Snippet:

- `file_path` (str): The path to the TypeScript file to analyze.
- `variable_name` (str): The name of the variable to get type information for.

and

2. It then runs the `tsx` command with the `get_type_info.ts` script, passing the file path and variable name as arguments.
3. The script writes the type information to a temporary file (`temp_output_declaration.txt`).

Start Line: 4
End Line: 17

File Changed: patchwork/steps/GetTypescriptTypeInfo/get_type_info.ts

Rule 1: Do not ignore potential bugs in the code

Details: The code contains several potential bugs that should be addressed:

1. No error handling for file reading in Project.addSourceFileAtPath()
2. Unsafe type casting using 'unknown' in multiple places
3. Potential null/undefined access when getting array element type

Affected Code Snippet:

const sourceFile = this.project.addSourceFileAtPath(filePath);
// No error handling if file doesn't exist or can't be read

// Unsafe type casting
.map((method) =>
  this.describeFunction(method as unknown as FunctionDeclaration, depth + 1)
)

// Potential null access
return `${this.describeType(type.getArrayElementType()!, depth)}[]`;

Start Line: 26, 107, 193

End Line: 26, 109, 193

---

Rule 2: Do not overlook possible security vulnerabilities

Details: The code contains security vulnerabilities:

1. Unsanitized file path input that could lead to path traversal
2. Writing output to a fixed location in the file system without proper permissions check
3. Direct use of process.argv without proper validation

Affected Code Snippet:

const outputPath = path.join(process.cwd(), "temp_output_declaration.txt");
fs.writeFileSync(outputPath, typeString, "utf8");

const args = process.argv.slice(2);
let filePath, identifier;

Start Line: 271, 272, 235, 236

End Line: 272, 272, 235, 237

File Changed: patchwork/steps/GetTypescriptTypeInfo/package.json

Rule 1: Do not ignore potential bugs in the code

Details: The package.json file contains version specifications that could lead to potential bugs. The use of caret (^) in version numbers for dependencies allows for automatic updates to minor and patch versions, which could introduce breaking changes:

• ts-morph: ^23.0.0
• @types/node: ^22.5.0
• tsx: ^4.18.0
• typescript: ^5.5.4

Affected Code Snippet:

"dependencies": {
  "ts-morph": "^23.0.0"
},
"devDependencies": {
  "@types/node": "^22.5.0",
  "tsx": "^4.18.0",
  "typescript": "^5.5.4"
}

Start Line: 9
End Line: 16

---

Rule 2: Do not overlook possible security vulnerabilities introduced by code modifications

Details: The package.json file is being completely removed (indicated by the minus signs), which could introduce security vulnerabilities if this is the only configuration file managing dependencies. Removing dependency management could expose the project to using uncontrolled or potentially malicious package versions.

Affected Code Snippet:

{
  "name": "get-typescript-type-info",
  "version": "0.0.1",
  "description": "A simple cli to get typescript type info for a given variable in a file",
  "license": "ISC",
  "scripts": {
    "get-type-info": "tsx get_type_info.ts"
  },
  "dependencies": {
    "ts-morph": "^23.0.0"
  },
  "devDependencies": {
    "@types/node": "^22.5.0",
    "tsx": "^4.18.0",
    "typescript": "^5.5.4"
  },
  "packageManager": "[email protected]+sha256.7a4261e50d9a44d9240baf6c9d6e10089dcf0a79d0007f2a26985a6927324177"
}

Start Line: 1
End Line: 18

File Changed: patchwork/steps/GetTypescriptTypeInfo/pnpm-lock.yaml

Rule 1: Do not ignore potential bugs in the code

Details: The lockfile shows the typescript package is set to version 5.5.4 which is not yet released and may contain bugs. This could lead to unstable behavior.

Affected Code Snippet:

[email protected]:
    resolution: {integrity: sha512-Mtq29sKDAEYP7aljRgtPOpTvOfbwRWlS6dPRzwjdE+C0R4brX/GUyhHSecbHMFLNBLcJIPt9nl9yG5TZ1weH+Q==}
    engines: {node: '>=14.17'}
    hasBin: true

Start Line: 471
End Line: 474

---

Rule 2: Do not overlook possible security vulnerabilities introduced by code modifications

Details: The lockfile uses several optional dependencies for esbuild that are platform-specific. Not properly validating platform-specific code execution could lead to security issues.

Affected Code Snippet:

[email protected]:
    optionalDependencies:
      '@esbuild/aix-ppc64': 0.23.1
      '@esbuild/android-arm': 0.23.1
      '@esbuild/android-arm64': 0.23.1
      [...]

Start Line: 278
End Line: 303

File Changed: patchwork/steps/GetTypescriptTypeInfo/tsconfig.json

Rule 1: Do not ignore potential bugs in the code

Details: The code diff shows a complete removal of the tsconfig.json file. This could potentially introduce bugs as TypeScript configurations are essential for proper type checking and compilation. Removing this file without a replacement or migration plan could lead to type-checking issues and runtime errors.

Affected Code Snippet:

{
  "compilerOptions": {
    "target": "ES2020",
    "module": "commonjs",
    "strict": true,
    "esModuleInterop": true,
    "skipLibCheck": true,
    "forceConsistentCasingInFileNames": true,
    "rootDir": "./",
    "resolveJsonModule": true,
    "declaration": true,
    "sourceMap": true
  },
  "include": [
    "*.ts",
    "**/*.ts"
  ],
  "exclude": [
    "node_modules",
  ]
}

Start Line: 1
End Line: 21

File Changed: patchwork/steps/GetTypescriptTypeInfo/typed.py

Rule 1: Do not ignore potential bugs in the code

Details: The code removal could potentially introduce bugs if these type definitions are being used elsewhere in the codebase without proper replacement or migration strategy. TypedDict classes are being completely removed which might break type checking in dependent code.

Affected Code Snippet:

from typing_extensions import TypedDict


class GetTypescriptTypeInfoInputs(TypedDict):
    file_path: str
    variable_name: str


class GetTypescriptTypeInfoOutputs(TypedDict):
    type_information: str

Start Line: 1
End Line: 10

File Changed: patchwork/steps/__init__.py

Rule 1: Do not ignore potential bugs in the code

Details: The removal of GetTypescriptTypeInfo import and its corresponding export could potentially create bugs if there are other parts of the codebase still referencing this module. This change requires verification that no other modules are depending on this functionality. A safe practice would be to check for all references before removal.

Affected Code Snippet:

from patchwork.steps.GetTypescriptTypeInfo.GetTypescriptTypeInfo import (
    GetTypescriptTypeInfo,
)

and

    "GetTypescriptTypeInfo",

Start Line: 28 (first block), 110 (second block)

End Line: 31 (first block), 110 (second block)