feat(bug-detectors): share stack suppressions

Match suppressions against the stack text users see so detectors can
share the same low-surprise ignore rules.

Author: oetr

.npmignore

@@ -13,6 +13,8 @@ coverage
 node_modules
 tests
 shared
+!**/dist/shared/
+!**/dist/shared/**
 
 # Exclude docs, those can be accessed online
 docs

packages/bug-detectors/shared/finding-suppression.test.ts

@@ -0,0 +1,96 @@
+/*
+ * Copyright 2026 Code Intelligence GmbH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import {
+	buildGenericSuppressionSnippet,
+	getUserFacingStack,
+	IgnoreList,
+	matchesIgnoreRules,
+} from "./finding-suppression";
+
+describe("finding suppression", () => {
+	const stack = [
+		"Error",
+		"    at renderTemplate (C:\\repo\\tests\\bug-detectors\\sample.test.js:10:42)",
+		"    at handleRequest (/repo/src/server.js:20:7)",
+		"    at internal (/repo/jazzer.js/packages/core/core.js:30:1)",
+	].join("\n");
+
+	test("keeps the shown stack text unchanged for matching", () => {
+		expect(getUserFacingStack(stack)).toBe(
+			[
+				"    at renderTemplate (C:\\repo\\tests\\bug-detectors\\sample.test.js:10:42)",
+				"    at handleRequest (/repo/src/server.js:20:7)",
+			].join("\n"),
+		);
+	});
+
+	test("matches string stack patterns against the shown stack", () => {
+		expect(
+			matchesIgnoreRules(
+				[
+					{
+						stackPattern:
+							"C:\\repo\\tests\\bug-detectors\\sample.test.js:10:42",
+					},
+				],
+				stack,
+			),
+		).toBe(true);
+		expect(
+			matchesIgnoreRules(
+				[
+					{
+						stackPattern: "C:/repo/tests/bug-detectors/sample.test.js:10:42",
+					},
+				],
+				stack,
+			),
+		).toBe(false);
+	});
+
+	test("matches regex stack patterns against the shown stack", () => {
+		expect(
+			matchesIgnoreRules(
+				[{ stackPattern: /handleRequest \(\/repo\/src\/server\.js:20:7\)/ }],
+				stack,
+			),
+		).toBe(true);
+	});
+
+	test("IgnoreList stores and matches suppression rules", () => {
+		const ignoreList = new IgnoreList();
+
+		ignoreList.add({ stackPattern: "sample.test.js:10:42" });
+
+		expect(ignoreList.matches(stack)).toBe(true);
+	});
+
+	test("prints generic example snippets with optional chaining", () => {
+		expect(
+			buildGenericSuppressionSnippet("code-injection", "ignoreInvocation"),
+		).toContain('getBugDetectorConfiguration("code-injection")');
+		expect(
+			buildGenericSuppressionSnippet("code-injection", "ignoreInvocation"),
+		).toContain("?.ignoreInvocation({");
+		expect(
+			buildGenericSuppressionSnippet("code-injection", "ignoreInvocation"),
+		).toContain('stackPattern: "test.js:10"');
+		expect(
+			buildGenericSuppressionSnippet("code-injection", "ignoreInvocation"),
+		).toContain("shown stack above");
+	});
+});

packages/bug-detectors/shared/finding-suppression.ts

@@ -0,0 +1,113 @@
+/*
+ * Copyright 2026 Code Intelligence GmbH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const JAZZER_INTERNAL_STACK_MARKERS = [
+	"/@jazzer.js/",
+	"/jazzer.js/packages/",
+	"/jazzer.js/core/",
+	"/jazzer.js-commercial/packages/",
+	"/jazzer.js-commercial/core/",
+	"../../packages/",
+];
+
+/**
+ * Defines a suppression rule for bug-detector findings.
+ */
+export interface IgnoreRule {
+	/**
+	 * A string or regular expression matching the stack excerpt shown in the
+	 * finding after removing the leading Error line and Jazzer.js frames.
+	 * @example "src/templates.js:41"
+	 * @example /renderTemplate.*handleRequest/s
+	 */
+	stackPattern?: string | RegExp;
+}
+
+export class IgnoreList {
+	private readonly _rules: IgnoreRule[] = [];
+
+	add(rule: IgnoreRule): void {
+		this._rules.push(rule);
+	}
+
+	matches(stack: string): boolean {
+		return matchesIgnoreRules(this._rules, stack);
+	}
+}
+
+export function matchesIgnoreRules(
+	rules: IgnoreRule[],
+	stack: string,
+): boolean {
+	return rules.some((rule) => matchesIgnoreRule(rule, stack));
+}
+
+export function buildGenericSuppressionSnippet(
+	detectorName: string,
+	suppressionMethod: string,
+): string {
+	return [
+		'const { getBugDetectorConfiguration } = require("@jazzer.js/bug-detectors");',
+		"",
+		"// Example only: adapt `stackPattern` to the shown stack above.",
+		`getBugDetectorConfiguration("${detectorName}")`,
+		`  ?.${suppressionMethod}({`,
+		'    stackPattern: "test.js:10",',
+		"  });",
+	].join("\n");
+}
+
+export function captureStack(): string {
+	return new Error().stack ?? "";
+}
+
+export function getUserFacingStack(stack: string): string {
+	return getUserFacingStackLines(stack).join("\n");
+}
+
+export function getUserFacingStackLines(stack: string): string[] {
+	return stack
+		.split("\n")
+		.slice(1)
+		.filter((line) => line !== "")
+		.filter((line) => !isJazzerInternalStackLine(line));
+}
+
+function matchesIgnoreRule(rule: IgnoreRule, stack: string): boolean {
+	return Boolean(
+		rule.stackPattern &&
+		matchesStackPattern(rule.stackPattern, getUserFacingStack(stack)),
+	);
+}
+
+function isJazzerInternalStackLine(line: string): boolean {
+	const normalizedLine = line.replace(/\\/g, "/");
+	return JAZZER_INTERNAL_STACK_MARKERS.some((marker) =>
+		normalizedLine.includes(marker),
+	);
+}
+
+function matchesPattern(pattern: RegExp, value: string): boolean {
+	pattern.lastIndex = 0;
+	return pattern.test(value);
+}
+
+function matchesStackPattern(pattern: string | RegExp, value: string): boolean {
+	if (typeof pattern === "string") {
+		return value.includes(pattern);
+	}
+	return matchesPattern(pattern, value);
+}