@chain305/x-security 0.4.0 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +10 -10
- package/bin/x-security.mjs +20 -20
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -10,16 +10,16 @@ npx @chain305/x-security --help
|
|
|
10
10
|
|
|
11
11
|
| Command | What it does |
|
|
12
12
|
| --- | --- |
|
|
13
|
-
| `
|
|
14
|
-
| `
|
|
15
|
-
| `
|
|
16
|
-
| `
|
|
17
|
-
| `
|
|
18
|
-
| `
|
|
19
|
-
| `
|
|
20
|
-
| `
|
|
21
|
-
|
|
22
|
-
Run `
|
|
13
|
+
| `x-security generate <spec> --target <t>` | Compile an annotated OpenAPI spec into gateway config (`kong`, `coraza`, `bunkerweb`, `openappsec`, `firewall`, `envoy`) |
|
|
14
|
+
| `x-security validate <spec> --target kong --gateway <url\|file>` | Detect drift between the spec and a running/exported gateway config |
|
|
15
|
+
| `x-security test <spec> --target <t>` | Closed-loop test: generate config, spin up Docker, send traffic, assert |
|
|
16
|
+
| `x-security verify <spec> --target <t> --gateway <addr>` | Read-only post-deploy check that the gateway loaded the emitted artifacts |
|
|
17
|
+
| `x-security report <spec>` | OWASP API Top 10 coverage and annotation reports |
|
|
18
|
+
| `x-security diff <old> <new> --target <t>` | Diff the generated config for two spec versions |
|
|
19
|
+
| `x-security init <spec>` | Add empty `x-security` blocks to operations missing them |
|
|
20
|
+
| `x-security migrate <spec> --from 0.4 --to 0.5` | Rewrite a spec between schema versions |
|
|
21
|
+
|
|
22
|
+
Run `x-security <command> --help` for full flags.
|
|
23
23
|
|
|
24
24
|
## Requirements
|
|
25
25
|
|
package/bin/x-security.mjs
CHANGED
|
@@ -30810,26 +30810,26 @@ var init_dist3 = __esm({
|
|
|
30810
30810
|
});
|
|
30811
30811
|
|
|
30812
30812
|
// ../core/dist/errors.js
|
|
30813
|
-
var
|
|
30813
|
+
var XSecurityError, SchemaValidationError, UnresolvedVariableError, UnsupportedDialectError, STRICT_EXIT_CODES, StrictnessViolation;
|
|
30814
30814
|
var init_errors2 = __esm({
|
|
30815
30815
|
"../core/dist/errors.js"() {
|
|
30816
30816
|
"use strict";
|
|
30817
|
-
|
|
30817
|
+
XSecurityError = class extends Error {
|
|
30818
30818
|
code;
|
|
30819
30819
|
details;
|
|
30820
30820
|
constructor(message, code, details) {
|
|
30821
30821
|
super(message);
|
|
30822
30822
|
this.code = code;
|
|
30823
30823
|
this.details = details;
|
|
30824
|
-
this.name = "
|
|
30824
|
+
this.name = "XSecurityError";
|
|
30825
30825
|
}
|
|
30826
30826
|
};
|
|
30827
|
-
SchemaValidationError = class extends
|
|
30827
|
+
SchemaValidationError = class extends XSecurityError {
|
|
30828
30828
|
constructor(message, details) {
|
|
30829
30829
|
super(message, "SCHEMA_VALIDATION", details);
|
|
30830
30830
|
}
|
|
30831
30831
|
};
|
|
30832
|
-
UnresolvedVariableError = class _UnresolvedVariableError extends
|
|
30832
|
+
UnresolvedVariableError = class _UnresolvedVariableError extends XSecurityError {
|
|
30833
30833
|
variables;
|
|
30834
30834
|
paths;
|
|
30835
30835
|
constructor(variables, paths = {}) {
|
|
@@ -30858,7 +30858,7 @@ var init_errors2 = __esm({
|
|
|
30858
30858
|
return lines.join("\n");
|
|
30859
30859
|
}
|
|
30860
30860
|
};
|
|
30861
|
-
UnsupportedDialectError = class extends
|
|
30861
|
+
UnsupportedDialectError = class extends XSecurityError {
|
|
30862
30862
|
constructor(version) {
|
|
30863
30863
|
super(`Unsupported OpenAPI version: ${version}`, "UNSUPPORTED_DIALECT");
|
|
30864
30864
|
}
|
|
@@ -30869,7 +30869,7 @@ var init_errors2 = __esm({
|
|
|
30869
30869
|
S3: 4,
|
|
30870
30870
|
S4: 5
|
|
30871
30871
|
};
|
|
30872
|
-
StrictnessViolation = class extends
|
|
30872
|
+
StrictnessViolation = class extends XSecurityError {
|
|
30873
30873
|
gate;
|
|
30874
30874
|
constructor(gate, message, details) {
|
|
30875
30875
|
super(message, `STRICT_${gate}`, details);
|
|
@@ -62062,7 +62062,7 @@ ${plan.yaml}`,
|
|
|
62062
62062
|
endpoint: "(gateway)",
|
|
62063
62063
|
rule: "load-coverage",
|
|
62064
62064
|
verdict: "FAIL",
|
|
62065
|
-
message: "x-security-emitted artifacts are not loaded by the gateway (
|
|
62065
|
+
message: "x-security-emitted artifacts are not loaded by the gateway (x-security verify reported <90%). Aborting traffic phase \u2014 the results would be unattributable.",
|
|
62066
62066
|
durationMs: 0
|
|
62067
62067
|
});
|
|
62068
62068
|
} else {
|
|
@@ -72137,7 +72137,7 @@ import { execFile } from "node:child_process";
|
|
|
72137
72137
|
import { promisify } from "node:util";
|
|
72138
72138
|
import yaml15 from "js-yaml";
|
|
72139
72139
|
function resolveApiUrl(env2) {
|
|
72140
|
-
const override =
|
|
72140
|
+
const override = env2.X_SECURITY_API_URL?.trim();
|
|
72141
72141
|
if (!override) return DEFAULT_API_URL2;
|
|
72142
72142
|
let parsed;
|
|
72143
72143
|
try {
|
|
@@ -72162,7 +72162,7 @@ function resolveApiUrl(env2) {
|
|
|
72162
72162
|
return override.replace(/\/+$/, "");
|
|
72163
72163
|
}
|
|
72164
72164
|
function resolveToken(env2) {
|
|
72165
|
-
const token =
|
|
72165
|
+
const token = env2.X_SECURITY_API_TOKEN?.trim();
|
|
72166
72166
|
if (!token) {
|
|
72167
72167
|
throw new PushError(
|
|
72168
72168
|
"X_SECURITY_API_TOKEN is not set. Export your x-security API key (X_SECURITY_API_TOKEN=...) \u2014 push reads it from the environment only, never from a flag."
|
|
@@ -73908,8 +73908,8 @@ function registerUpdateCheck(program2) {
|
|
|
73908
73908
|
}
|
|
73909
73909
|
});
|
|
73910
73910
|
program2.hook("postAction", async () => {
|
|
73911
|
-
if (!truthyEnv(process.env.
|
|
73912
|
-
if (truthyEnv(process.env.NO_UPDATE_NOTIFIER) || truthyEnv(process.env.
|
|
73911
|
+
if (!truthyEnv(process.env.X_SECURITY_UPDATE_CHECK)) return;
|
|
73912
|
+
if (truthyEnv(process.env.NO_UPDATE_NOTIFIER) || truthyEnv(process.env.X_SECURITY_NO_UPDATE_CHECK)) return;
|
|
73913
73913
|
try {
|
|
73914
73914
|
const { name, version } = resolvePackageMeta();
|
|
73915
73915
|
const latest = await fetchLatestVersion(name);
|
|
@@ -73959,20 +73959,20 @@ function firstExisting(candidates) {
|
|
|
73959
73959
|
}
|
|
73960
73960
|
function loadConfig2(cwd = process.cwd(), home = os3.homedir()) {
|
|
73961
73961
|
const homeFile = firstExisting([
|
|
73962
|
-
path28.join(home, ".config", "
|
|
73963
|
-
path28.join(home, ".config", "
|
|
73964
|
-
path28.join(home, ".config", "
|
|
73962
|
+
path28.join(home, ".config", "x-security", "config.yaml"),
|
|
73963
|
+
path28.join(home, ".config", "x-security", "config.yml"),
|
|
73964
|
+
path28.join(home, ".config", "x-security", "config.json")
|
|
73965
73965
|
]);
|
|
73966
73966
|
const projectFile = firstExisting([
|
|
73967
|
-
path28.join(cwd, ".
|
|
73968
|
-
path28.join(cwd, ".
|
|
73969
|
-
path28.join(cwd, ".
|
|
73970
|
-
path28.join(cwd, ".
|
|
73967
|
+
path28.join(cwd, ".x-securityrc.yaml"),
|
|
73968
|
+
path28.join(cwd, ".x-securityrc.yml"),
|
|
73969
|
+
path28.join(cwd, ".x-securityrc.json"),
|
|
73970
|
+
path28.join(cwd, ".x-securityrc")
|
|
73971
73971
|
]);
|
|
73972
73972
|
let merged = {};
|
|
73973
73973
|
if (homeFile) merged = { ...merged, ...readConfigFile(homeFile) };
|
|
73974
73974
|
if (projectFile) merged = { ...merged, ...readConfigFile(projectFile) };
|
|
73975
|
-
const envPath = process.env.
|
|
73975
|
+
const envPath = process.env.X_SECURITY_CONFIG;
|
|
73976
73976
|
if (envPath) merged = { ...merged, ...readConfigFile(envPath) };
|
|
73977
73977
|
return merged;
|
|
73978
73978
|
}
|
package/package.json
CHANGED