@defai.digital/ax-cli 3.4.6 → 3.5.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +2 -6
- package/README.md +109 -2
- package/dist/analyzers/ast/index.d.ts +9 -0
- package/dist/analyzers/ast/index.js +10 -0
- package/dist/analyzers/ast/index.js.map +1 -0
- package/dist/analyzers/ast/node-helpers.d.ts +81 -0
- package/dist/analyzers/ast/node-helpers.js +128 -0
- package/dist/analyzers/ast/node-helpers.js.map +1 -0
- package/dist/analyzers/ast/parser.d.ts +59 -0
- package/dist/analyzers/ast/parser.js +293 -0
- package/dist/analyzers/ast/parser.js.map +1 -0
- package/dist/analyzers/ast/traverser.d.ts +67 -0
- package/dist/analyzers/ast/traverser.js +156 -0
- package/dist/analyzers/ast/traverser.js.map +1 -0
- package/dist/analyzers/ast/types.d.ts +107 -0
- package/dist/analyzers/ast/types.js +7 -0
- package/dist/analyzers/ast/types.js.map +1 -0
- package/dist/analyzers/best-practices/index.d.ts +10 -0
- package/dist/analyzers/best-practices/index.js +11 -0
- package/dist/analyzers/best-practices/index.js.map +1 -0
- package/dist/analyzers/code-smells/base-smell-detector.d.ts +30 -0
- package/dist/analyzers/code-smells/base-smell-detector.js +44 -0
- package/dist/analyzers/code-smells/base-smell-detector.js.map +1 -0
- package/dist/analyzers/code-smells/code-smell-analyzer.d.ts +30 -0
- package/dist/analyzers/code-smells/code-smell-analyzer.js +167 -0
- package/dist/analyzers/code-smells/code-smell-analyzer.js.map +1 -0
- package/dist/analyzers/code-smells/detectors/data-clumps-detector.d.ts +11 -0
- package/dist/analyzers/code-smells/detectors/data-clumps-detector.js +66 -0
- package/dist/analyzers/code-smells/detectors/data-clumps-detector.js.map +1 -0
- package/dist/analyzers/code-smells/detectors/dead-code-detector.d.ts +11 -0
- package/dist/analyzers/code-smells/detectors/dead-code-detector.js +53 -0
- package/dist/analyzers/code-smells/detectors/dead-code-detector.js.map +1 -0
- package/dist/analyzers/code-smells/detectors/duplicate-code-detector.d.ts +11 -0
- package/dist/analyzers/code-smells/detectors/duplicate-code-detector.js +51 -0
- package/dist/analyzers/code-smells/detectors/duplicate-code-detector.js.map +1 -0
- package/dist/analyzers/code-smells/detectors/feature-envy-detector.d.ts +11 -0
- package/dist/analyzers/code-smells/detectors/feature-envy-detector.js +64 -0
- package/dist/analyzers/code-smells/detectors/feature-envy-detector.js.map +1 -0
- package/dist/analyzers/code-smells/detectors/inappropriate-intimacy-detector.d.ts +11 -0
- package/dist/analyzers/code-smells/detectors/inappropriate-intimacy-detector.js +56 -0
- package/dist/analyzers/code-smells/detectors/inappropriate-intimacy-detector.js.map +1 -0
- package/dist/analyzers/code-smells/detectors/large-class-detector.d.ts +13 -0
- package/dist/analyzers/code-smells/detectors/large-class-detector.js +58 -0
- package/dist/analyzers/code-smells/detectors/large-class-detector.js.map +1 -0
- package/dist/analyzers/code-smells/detectors/long-method-detector.d.ts +12 -0
- package/dist/analyzers/code-smells/detectors/long-method-detector.js +52 -0
- package/dist/analyzers/code-smells/detectors/long-method-detector.js.map +1 -0
- package/dist/analyzers/code-smells/detectors/long-parameter-list-detector.d.ts +12 -0
- package/dist/analyzers/code-smells/detectors/long-parameter-list-detector.js +50 -0
- package/dist/analyzers/code-smells/detectors/long-parameter-list-detector.js.map +1 -0
- package/dist/analyzers/code-smells/detectors/magic-numbers-detector.d.ts +12 -0
- package/dist/analyzers/code-smells/detectors/magic-numbers-detector.js +54 -0
- package/dist/analyzers/code-smells/detectors/magic-numbers-detector.js.map +1 -0
- package/dist/analyzers/code-smells/detectors/nested-conditionals-detector.d.ts +13 -0
- package/dist/analyzers/code-smells/detectors/nested-conditionals-detector.js +71 -0
- package/dist/analyzers/code-smells/detectors/nested-conditionals-detector.js.map +1 -0
- package/dist/analyzers/code-smells/index.d.ts +16 -0
- package/dist/analyzers/code-smells/index.js +19 -0
- package/dist/analyzers/code-smells/index.js.map +1 -0
- package/dist/analyzers/code-smells/types.d.ts +82 -0
- package/dist/analyzers/code-smells/types.js +30 -0
- package/dist/analyzers/code-smells/types.js.map +1 -0
- package/dist/analyzers/dependency/circular-detector.d.ts +17 -0
- package/dist/analyzers/dependency/circular-detector.js +71 -0
- package/dist/analyzers/dependency/circular-detector.js.map +1 -0
- package/dist/analyzers/dependency/coupling-calculator.d.ts +24 -0
- package/dist/analyzers/dependency/coupling-calculator.js +86 -0
- package/dist/analyzers/dependency/coupling-calculator.js.map +1 -0
- package/dist/analyzers/dependency/dependency-analyzer.d.ts +40 -0
- package/dist/analyzers/dependency/dependency-analyzer.js +214 -0
- package/dist/analyzers/dependency/dependency-analyzer.js.map +1 -0
- package/dist/analyzers/dependency/dependency-graph.d.ts +57 -0
- package/dist/analyzers/dependency/dependency-graph.js +186 -0
- package/dist/analyzers/dependency/dependency-graph.js.map +1 -0
- package/dist/analyzers/dependency/index.d.ts +8 -0
- package/dist/analyzers/dependency/index.js +8 -0
- package/dist/analyzers/dependency/index.js.map +1 -0
- package/dist/analyzers/dependency/types.d.ts +105 -0
- package/dist/analyzers/dependency/types.js +5 -0
- package/dist/analyzers/dependency/types.js.map +1 -0
- package/dist/analyzers/git/churn-calculator.d.ts +34 -0
- package/dist/analyzers/git/churn-calculator.js +214 -0
- package/dist/analyzers/git/churn-calculator.js.map +1 -0
- package/dist/analyzers/git/git-analyzer.d.ts +19 -0
- package/dist/analyzers/git/git-analyzer.js +71 -0
- package/dist/analyzers/git/git-analyzer.js.map +1 -0
- package/dist/analyzers/git/hotspot-detector.d.ts +34 -0
- package/dist/analyzers/git/hotspot-detector.js +170 -0
- package/dist/analyzers/git/hotspot-detector.js.map +1 -0
- package/dist/analyzers/git/index.d.ts +7 -0
- package/dist/analyzers/git/index.js +7 -0
- package/dist/analyzers/git/index.js.map +1 -0
- package/dist/analyzers/git/types.d.ts +88 -0
- package/dist/analyzers/git/types.js +5 -0
- package/dist/analyzers/git/types.js.map +1 -0
- package/dist/analyzers/metrics/halstead-calculator.d.ts +30 -0
- package/dist/analyzers/metrics/halstead-calculator.js +150 -0
- package/dist/analyzers/metrics/halstead-calculator.js.map +1 -0
- package/dist/analyzers/metrics/index.d.ts +9 -0
- package/dist/analyzers/metrics/index.js +9 -0
- package/dist/analyzers/metrics/index.js.map +1 -0
- package/dist/analyzers/metrics/maintainability-calculator.d.ts +17 -0
- package/dist/analyzers/metrics/maintainability-calculator.js +46 -0
- package/dist/analyzers/metrics/maintainability-calculator.js.map +1 -0
- package/dist/analyzers/metrics/metrics-analyzer.d.ts +32 -0
- package/dist/analyzers/metrics/metrics-analyzer.js +140 -0
- package/dist/analyzers/metrics/metrics-analyzer.js.map +1 -0
- package/dist/analyzers/metrics/types.d.ts +67 -0
- package/dist/analyzers/metrics/types.js +5 -0
- package/dist/analyzers/metrics/types.js.map +1 -0
- package/dist/analyzers/security/base-detector.d.ts +58 -0
- package/dist/analyzers/security/base-detector.js +104 -0
- package/dist/analyzers/security/base-detector.js.map +1 -0
- package/dist/analyzers/security/detectors/command-injection-detector.d.ts +12 -0
- package/dist/analyzers/security/detectors/command-injection-detector.js +84 -0
- package/dist/analyzers/security/detectors/command-injection-detector.js.map +1 -0
- package/dist/analyzers/security/detectors/hardcoded-secrets-detector.d.ts +16 -0
- package/dist/analyzers/security/detectors/hardcoded-secrets-detector.js +140 -0
- package/dist/analyzers/security/detectors/hardcoded-secrets-detector.js.map +1 -0
- package/dist/analyzers/security/detectors/insecure-deserialization-detector.d.ts +12 -0
- package/dist/analyzers/security/detectors/insecure-deserialization-detector.js +109 -0
- package/dist/analyzers/security/detectors/insecure-deserialization-detector.js.map +1 -0
- package/dist/analyzers/security/detectors/insecure-random-detector.d.ts +12 -0
- package/dist/analyzers/security/detectors/insecure-random-detector.js +61 -0
- package/dist/analyzers/security/detectors/insecure-random-detector.js.map +1 -0
- package/dist/analyzers/security/detectors/path-traversal-detector.d.ts +12 -0
- package/dist/analyzers/security/detectors/path-traversal-detector.js +82 -0
- package/dist/analyzers/security/detectors/path-traversal-detector.js.map +1 -0
- package/dist/analyzers/security/detectors/sql-injection-detector.d.ts +12 -0
- package/dist/analyzers/security/detectors/sql-injection-detector.js +88 -0
- package/dist/analyzers/security/detectors/sql-injection-detector.js.map +1 -0
- package/dist/analyzers/security/detectors/weak-crypto-detector.d.ts +12 -0
- package/dist/analyzers/security/detectors/weak-crypto-detector.js +104 -0
- package/dist/analyzers/security/detectors/weak-crypto-detector.js.map +1 -0
- package/dist/analyzers/security/detectors/xss-detector.d.ts +12 -0
- package/dist/analyzers/security/detectors/xss-detector.js +90 -0
- package/dist/analyzers/security/detectors/xss-detector.js.map +1 -0
- package/dist/analyzers/security/index.d.ts +16 -0
- package/dist/analyzers/security/index.js +18 -0
- package/dist/analyzers/security/index.js.map +1 -0
- package/dist/analyzers/security/security-analyzer.d.ts +38 -0
- package/dist/analyzers/security/security-analyzer.js +215 -0
- package/dist/analyzers/security/security-analyzer.js.map +1 -0
- package/dist/analyzers/security/types.d.ts +95 -0
- package/dist/analyzers/security/types.js +7 -0
- package/dist/analyzers/security/types.js.map +1 -0
- package/dist/hooks/use-enhanced-input.d.ts +0 -1
- package/dist/hooks/use-enhanced-input.js.map +1 -1
- package/dist/index.js +0 -0
- package/dist/mcp/validation.js +12 -6
- package/dist/mcp/validation.js.map +1 -1
- package/dist/tools/analysis-tools.d.ts +73 -0
- package/dist/tools/analysis-tools.js +422 -0
- package/dist/tools/analysis-tools.js.map +1 -0
- package/dist/tools/bash.js +2 -1
- package/dist/tools/bash.js.map +1 -1
- package/dist/ui/components/toast-notification.js +0 -1
- package/dist/ui/components/toast-notification.js.map +1 -1
- package/dist/ui/components/welcome-panel.js +1 -1
- package/dist/ui/components/welcome-panel.js.map +1 -1
- package/dist/ui/hooks/use-input-history.d.ts +9 -0
- package/dist/ui/hooks/use-input-history.js +117 -0
- package/dist/ui/hooks/use-input-history.js.map +1 -0
- package/dist/utils/parallel-analyzer.js +30 -17
- package/dist/utils/parallel-analyzer.js.map +1 -1
- package/eslint.config.js +3 -0
- package/package.json +5 -5
- package/vitest.config.ts +1 -0
- package/.ax-cli/checkpoints/2025-11-20/checkpoint-11e9e0ba-c39d-4fd2-aa77-bc818811c921.json +0 -69
- package/.ax-cli/checkpoints/2025-11-20/checkpoint-2b260b98-b418-4c7c-9694-e2b94967e662.json +0 -24
- package/.ax-cli/checkpoints/2025-11-20/checkpoint-7e03601e-e8ab-4cd7-9841-a74b66adf78f.json +0 -69
- package/.ax-cli/checkpoints/2025-11-20/checkpoint-7f9c6562-771f-4fd0-adcf-9e7e9ac34ae8.json +0 -44
- package/.ax-cli/checkpoints/2025-11-20/checkpoint-e1ebe666-4c3a-4367-ba5c-27fe512a9c70.json +0 -24
- package/.ax-cli/checkpoints/2025-11-21/checkpoint-15743e7d-430c-4d76-b6fc-955d7a5c250c.json +0 -44
- package/.ax-cli/checkpoints/2025-11-21/checkpoint-25cf7679-0b3f-4988-83d7-704548fbba91.json +0 -69
- package/.ax-cli/checkpoints/2025-11-21/checkpoint-54aedbac-6db0-464e-8ebb-dbb3979e6dca.json +0 -24
- package/.ax-cli/checkpoints/2025-11-21/checkpoint-7658aed8-fe5d-4222-903f-1a7c63717ea7.json +0 -24
- package/.ax-cli/checkpoints/2025-11-21/checkpoint-c9c13497-40dc-4294-a327-6a5fc854eaa1.json +0 -69
- package/automatosx.config.json +0 -333
- package/config/messages.yaml +0 -75
- package/config/models.yaml +0 -66
- package/config/prompts.yaml +0 -156
- package/config/settings.yaml +0 -86
- package/dist/commands/weather.d.ts +0 -8
- package/dist/commands/weather.js +0 -160
- package/dist/commands/weather.js.map +0 -1
- package/dist/grok/client.d.ts +0 -144
- package/dist/grok/client.js +0 -237
- package/dist/grok/client.js.map +0 -1
- package/dist/grok/tools.d.ts +0 -8
- package/dist/grok/tools.js +0 -318
- package/dist/grok/tools.js.map +0 -1
- package/dist/grok/types.d.ts +0 -291
- package/dist/grok/types.js +0 -127
- package/dist/grok/types.js.map +0 -1
- package/dist/tools/morph-editor.d.ts +0 -36
- package/dist/tools/morph-editor.js +0 -308
- package/dist/tools/morph-editor.js.map +0 -1
- package/dist/ui/components/session-recovery.d.ts +0 -12
- package/dist/ui/components/session-recovery.js +0 -93
- package/dist/ui/components/session-recovery.js.map +0 -1
- package/dist/utils/model-config.d.ts +0 -28
- package/dist/utils/model-config.js +0 -43
- package/dist/utils/model-config.js.map +0 -1
- package/dist/utils/tool-helpers.d.ts +0 -25
- package/dist/utils/tool-helpers.js +0 -79
- package/dist/utils/tool-helpers.js.map +0 -1
- package/packages/schemas/dist/index.d.ts +0 -14
- package/packages/schemas/dist/index.d.ts.map +0 -1
- package/packages/schemas/dist/index.js +0 -19
- package/packages/schemas/dist/index.js.map +0 -1
- package/packages/schemas/dist/public/core/brand-types.d.ts +0 -308
- package/packages/schemas/dist/public/core/brand-types.d.ts.map +0 -1
- package/packages/schemas/dist/public/core/brand-types.js +0 -243
- package/packages/schemas/dist/public/core/brand-types.js.map +0 -1
- package/packages/schemas/dist/public/core/enums.d.ts +0 -227
- package/packages/schemas/dist/public/core/enums.d.ts.map +0 -1
- package/packages/schemas/dist/public/core/enums.js +0 -222
- package/packages/schemas/dist/public/core/enums.js.map +0 -1
- package/packages/schemas/dist/public/core/id-types.d.ts +0 -286
- package/packages/schemas/dist/public/core/id-types.d.ts.map +0 -1
- package/packages/schemas/dist/public/core/id-types.js +0 -136
- package/packages/schemas/dist/public/core/id-types.js.map +0 -1
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Weak Cryptography Detector
|
|
3
|
+
*
|
|
4
|
+
* Detects use of weak or deprecated cryptographic algorithms
|
|
5
|
+
* OWASP A02:2021 - Cryptographic Failures
|
|
6
|
+
*/
|
|
7
|
+
import { BaseSecurityDetector } from '../base-detector.js';
|
|
8
|
+
export class WeakCryptoDetector extends BaseSecurityDetector {
|
|
9
|
+
constructor() {
|
|
10
|
+
super({
|
|
11
|
+
id: 'weak-cryptography',
|
|
12
|
+
name: 'Weak Cryptography',
|
|
13
|
+
description: 'Detects use of weak or deprecated cryptographic algorithms',
|
|
14
|
+
severity: 'high',
|
|
15
|
+
owaspCategory: 'A02:2021 - Cryptographic Failures',
|
|
16
|
+
cweId: 'CWE-327',
|
|
17
|
+
});
|
|
18
|
+
}
|
|
19
|
+
async scan(content, filePath) {
|
|
20
|
+
if (!this.appliesTo(filePath)) {
|
|
21
|
+
return [];
|
|
22
|
+
}
|
|
23
|
+
const vulnerabilities = [];
|
|
24
|
+
// Pattern 1: Weak hashing algorithms
|
|
25
|
+
const weakHashAlgorithms = ['md5', 'sha1', 'md4', 'md2'];
|
|
26
|
+
for (const algorithm of weakHashAlgorithms) {
|
|
27
|
+
const pattern = new RegExp(`createHash\\(['"\`]${algorithm}['"\`]\\)`, 'gi');
|
|
28
|
+
let match;
|
|
29
|
+
while ((match = pattern.exec(content)) !== null) {
|
|
30
|
+
if (this.shouldIgnore(content, match.index)) {
|
|
31
|
+
continue;
|
|
32
|
+
}
|
|
33
|
+
const line = this.findLineNumber(content, match.index);
|
|
34
|
+
const code = this.extractCodeSnippet(content, match.index, 1);
|
|
35
|
+
vulnerabilities.push(this.createVulnerability(filePath, line, code, `Weak hashing algorithm ${algorithm.toUpperCase()} detected`, `Use SHA-256, SHA-384, or SHA-512 instead of ${algorithm.toUpperCase()}`, [
|
|
36
|
+
'https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/',
|
|
37
|
+
'https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html',
|
|
38
|
+
]));
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
// Pattern 2: Weak cipher algorithms
|
|
42
|
+
const weakCipherAlgorithms = ['des', 'des-ede', 'des-ede-cbc', 'des3', 'rc4', 'rc2', 'blowfish'];
|
|
43
|
+
for (const algorithm of weakCipherAlgorithms) {
|
|
44
|
+
const pattern = new RegExp(`createCipher(?:iv)?\\(['"\`]${algorithm}['"\`]`, 'gi');
|
|
45
|
+
let match;
|
|
46
|
+
while ((match = pattern.exec(content)) !== null) {
|
|
47
|
+
if (this.shouldIgnore(content, match.index)) {
|
|
48
|
+
continue;
|
|
49
|
+
}
|
|
50
|
+
const line = this.findLineNumber(content, match.index);
|
|
51
|
+
const code = this.extractCodeSnippet(content, match.index, 1);
|
|
52
|
+
vulnerabilities.push(this.createVulnerability(filePath, line, code, `Weak cipher algorithm ${algorithm.toUpperCase()} detected`, 'Use AES-256-GCM or ChaCha20-Poly1305 for encryption', [
|
|
53
|
+
'https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/',
|
|
54
|
+
]));
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
// Pattern 3: ECB mode (insecure block cipher mode)
|
|
58
|
+
const ecbPattern = /createCipher(?:iv)?\(['"`][^'"`]*-ecb['"`]/gi;
|
|
59
|
+
let match;
|
|
60
|
+
while ((match = ecbPattern.exec(content)) !== null) {
|
|
61
|
+
if (this.shouldIgnore(content, match.index)) {
|
|
62
|
+
continue;
|
|
63
|
+
}
|
|
64
|
+
const line = this.findLineNumber(content, match.index);
|
|
65
|
+
const code = this.extractCodeSnippet(content, match.index, 1);
|
|
66
|
+
vulnerabilities.push(this.createVulnerability(filePath, line, code, 'ECB mode is insecure and should not be used', 'Use GCM or CBC mode with proper IV instead of ECB', [
|
|
67
|
+
'https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/',
|
|
68
|
+
]));
|
|
69
|
+
}
|
|
70
|
+
// Pattern 4: Deprecated createCipher (should use createCipheriv)
|
|
71
|
+
const createCipherPattern = /createCipher\(/g;
|
|
72
|
+
while ((match = createCipherPattern.exec(content)) !== null) {
|
|
73
|
+
if (this.shouldIgnore(content, match.index)) {
|
|
74
|
+
continue;
|
|
75
|
+
}
|
|
76
|
+
// Check if it's not createCipheriv
|
|
77
|
+
const afterMatch = content.substring(match.index, match.index + 20);
|
|
78
|
+
if (!afterMatch.includes('createCipheriv')) {
|
|
79
|
+
const line = this.findLineNumber(content, match.index);
|
|
80
|
+
const code = this.extractCodeSnippet(content, match.index, 1);
|
|
81
|
+
vulnerabilities.push(this.createVulnerability(filePath, line, code, 'createCipher is deprecated and insecure', 'Use createCipheriv with a random IV instead', [
|
|
82
|
+
'https://nodejs.org/api/crypto.html#cryptocreatecipherivalgorithm-key-iv-options',
|
|
83
|
+
]));
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
// Pattern 5: Small RSA key sizes
|
|
87
|
+
const rsaKeyPattern = /(?:modulusLength|keySize)['"\s:]*(\d+)/gi;
|
|
88
|
+
while ((match = rsaKeyPattern.exec(content)) !== null) {
|
|
89
|
+
if (this.shouldIgnore(content, match.index)) {
|
|
90
|
+
continue;
|
|
91
|
+
}
|
|
92
|
+
const keySize = parseInt(match[1], 10);
|
|
93
|
+
if (keySize < 2048) {
|
|
94
|
+
const line = this.findLineNumber(content, match.index);
|
|
95
|
+
const code = this.extractCodeSnippet(content, match.index, 1);
|
|
96
|
+
vulnerabilities.push(this.createVulnerability(filePath, line, code, `RSA key size of ${keySize} bits is too small`, 'Use at least 2048 bits for RSA keys, preferably 4096 bits', [
|
|
97
|
+
'https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html',
|
|
98
|
+
]));
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
return vulnerabilities;
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
//# sourceMappingURL=weak-crypto-detector.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"weak-crypto-detector.js","sourceRoot":"","sources":["../../../../src/analyzers/security/detectors/weak-crypto-detector.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAG3D,MAAM,OAAO,kBAAmB,SAAQ,oBAAoB;IAC1D;QACE,KAAK,CAAC;YACJ,EAAE,EAAE,mBAAmB;YACvB,IAAI,EAAE,mBAAmB;YACzB,WAAW,EAAE,4DAA4D;YACzE,QAAQ,EAAE,MAAM;YAChB,aAAa,EAAE,mCAAmC;YAClD,KAAK,EAAE,SAAS;SACjB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAe,EAAE,QAAgB;QAC1C,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,eAAe,GAA4B,EAAE,CAAC;QAEpD,qCAAqC;QACrC,MAAM,kBAAkB,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QACzD,KAAK,MAAM,SAAS,IAAI,kBAAkB,EAAE,CAAC;YAC3C,MAAM,OAAO,GAAG,IAAI,MAAM,CAAC,sBAAsB,SAAS,WAAW,EAAE,IAAI,CAAC,CAAC;YAC7E,IAAI,KAAK,CAAC;YAEV,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAChD,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC5C,SAAS;gBACX,CAAC;gBAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;gBAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,0BAA0B,SAAS,CAAC,WAAW,EAAE,WAAW,EAC5D,+CAA+C,SAAS,CAAC,WAAW,EAAE,EAAE,EACxE;oBACE,sIAAsI;oBACtI,uFAAuF;iBACxF,CACF,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,oCAAoC;QACpC,MAAM,oBAAoB,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;QACjG,KAAK,MAAM,SAAS,IAAI,oBAAoB,EAAE,CAAC;YAC7C,MAAM,OAAO,GAAG,IAAI,MAAM,CAAC,+BAA+B,SAAS,QAAQ,EAAE,IAAI,CAAC,CAAC;YACnF,IAAI,KAAK,CAAC;YAEV,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAChD,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC5C,SAAS;gBACX,CAAC;gBAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;gBAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,yBAAyB,SAAS,CAAC,WAAW,EAAE,WAAW,EAC3D,qDAAqD,EACrD;oBACE,sIAAsI;iBACvI,CACF,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,mDAAmD;QACnD,MAAM,UAAU,GAAG,8CAA8C,CAAC;QAClE,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACnD,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,6CAA6C,EAC7C,mDAAmD,EACnD;gBACE,sIAAsI;aACvI,CACF,CACF,CAAC;QACJ,CAAC;QAED,iEAAiE;QACjE,MAAM,mBAAmB,GAAG,iBAAiB,CAAC;QAC9C,OAAO,CAAC,KAAK,GAAG,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC5D,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,mCAAmC;YACnC,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC;YACpE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;gBAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,yCAAyC,EACzC,6CAA6C,EAC7C;oBACE,iFAAiF;iBAClF,CACF,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,iCAAiC;QACjC,MAAM,aAAa,GAAG,0CAA0C,CAAC;QACjE,OAAO,CAAC,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACtD,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACvC,IAAI,OAAO,GAAG,IAAI,EAAE,CAAC;gBACnB,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;gBAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,mBAAmB,OAAO,oBAAoB,EAC9C,2DAA2D,EAC3D;oBACE,uFAAuF;iBACxF,CACF,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,eAAe,CAAC;IACzB,CAAC;CACF"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* XSS (Cross-Site Scripting) Detector
|
|
3
|
+
*
|
|
4
|
+
* Detects potential XSS vulnerabilities
|
|
5
|
+
* OWASP A03:2021 - Injection
|
|
6
|
+
*/
|
|
7
|
+
import { BaseSecurityDetector } from '../base-detector.js';
|
|
8
|
+
import type { SecurityVulnerability } from '../types.js';
|
|
9
|
+
export declare class XSSDetector extends BaseSecurityDetector {
|
|
10
|
+
constructor();
|
|
11
|
+
scan(content: string, filePath: string): Promise<SecurityVulnerability[]>;
|
|
12
|
+
}
|
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* XSS (Cross-Site Scripting) Detector
|
|
3
|
+
*
|
|
4
|
+
* Detects potential XSS vulnerabilities
|
|
5
|
+
* OWASP A03:2021 - Injection
|
|
6
|
+
*/
|
|
7
|
+
import { BaseSecurityDetector } from '../base-detector.js';
|
|
8
|
+
export class XSSDetector extends BaseSecurityDetector {
|
|
9
|
+
constructor() {
|
|
10
|
+
super({
|
|
11
|
+
id: 'xss-vulnerability',
|
|
12
|
+
name: 'Cross-Site Scripting (XSS)',
|
|
13
|
+
description: 'Detects potential XSS vulnerabilities',
|
|
14
|
+
severity: 'high',
|
|
15
|
+
owaspCategory: 'A03:2021 - Injection',
|
|
16
|
+
cweId: 'CWE-79',
|
|
17
|
+
});
|
|
18
|
+
}
|
|
19
|
+
async scan(content, filePath) {
|
|
20
|
+
if (!this.appliesTo(filePath)) {
|
|
21
|
+
return [];
|
|
22
|
+
}
|
|
23
|
+
const vulnerabilities = [];
|
|
24
|
+
// Pattern 1: dangerouslySetInnerHTML in React
|
|
25
|
+
const dangerouslySetInnerHTMLPattern = /dangerouslySetInnerHTML\s*=\s*\{\{?\s*__html:\s*(?!['"`])[^}]+\}\}?/gi;
|
|
26
|
+
let match;
|
|
27
|
+
while ((match = dangerouslySetInnerHTMLPattern.exec(content)) !== null) {
|
|
28
|
+
if (this.shouldIgnore(content, match.index)) {
|
|
29
|
+
continue;
|
|
30
|
+
}
|
|
31
|
+
const line = this.findLineNumber(content, match.index);
|
|
32
|
+
const code = this.extractCodeSnippet(content, match.index, 1);
|
|
33
|
+
vulnerabilities.push(this.createVulnerability(filePath, line, code, 'Using dangerouslySetInnerHTML with unsanitized content may lead to XSS', 'Sanitize HTML content using a library like DOMPurify before rendering', [
|
|
34
|
+
'https://owasp.org/www-community/attacks/xss/',
|
|
35
|
+
'https://react.dev/reference/react-dom/components/common#dangerously-setting-the-inner-html',
|
|
36
|
+
]));
|
|
37
|
+
}
|
|
38
|
+
// Pattern 2: innerHTML assignment
|
|
39
|
+
const innerHTMLPattern = /\.innerHTML\s*=\s*(?!['"`])[^;]+/gi;
|
|
40
|
+
while ((match = innerHTMLPattern.exec(content)) !== null) {
|
|
41
|
+
if (this.shouldIgnore(content, match.index)) {
|
|
42
|
+
continue;
|
|
43
|
+
}
|
|
44
|
+
const line = this.findLineNumber(content, match.index);
|
|
45
|
+
const code = this.extractCodeSnippet(content, match.index, 1);
|
|
46
|
+
vulnerabilities.push(this.createVulnerability(filePath, line, code, 'Direct innerHTML assignment with dynamic content may lead to XSS', 'Use textContent for text or sanitize HTML before assignment', [
|
|
47
|
+
'https://owasp.org/www-community/attacks/xss/',
|
|
48
|
+
'https://cheatsheetseries.owasp.org/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.html',
|
|
49
|
+
]));
|
|
50
|
+
}
|
|
51
|
+
// Pattern 3: document.write with user input
|
|
52
|
+
const documentWritePattern = /document\.write\([^)]*(?:req\.|params\.|input|user|query)/gi;
|
|
53
|
+
while ((match = documentWritePattern.exec(content)) !== null) {
|
|
54
|
+
if (this.shouldIgnore(content, match.index)) {
|
|
55
|
+
continue;
|
|
56
|
+
}
|
|
57
|
+
const line = this.findLineNumber(content, match.index);
|
|
58
|
+
const code = this.extractCodeSnippet(content, match.index, 1);
|
|
59
|
+
vulnerabilities.push(this.createVulnerability(filePath, line, code, 'document.write with user input may lead to XSS', 'Avoid document.write. Use DOM manipulation methods and sanitize input', [
|
|
60
|
+
'https://owasp.org/www-community/attacks/xss/',
|
|
61
|
+
]));
|
|
62
|
+
}
|
|
63
|
+
// Pattern 4: eval() with user input
|
|
64
|
+
const evalPattern = /eval\([^)]*(?:req\.|params\.|input|user|query)/gi;
|
|
65
|
+
while ((match = evalPattern.exec(content)) !== null) {
|
|
66
|
+
if (this.shouldIgnore(content, match.index)) {
|
|
67
|
+
continue;
|
|
68
|
+
}
|
|
69
|
+
const line = this.findLineNumber(content, match.index);
|
|
70
|
+
const code = this.extractCodeSnippet(content, match.index, 1);
|
|
71
|
+
vulnerabilities.push(this.createVulnerability(filePath, line, code, 'eval() with user input is extremely dangerous and may lead to code injection', 'Never use eval() with user input. Find alternative solutions', [
|
|
72
|
+
'https://owasp.org/www-community/attacks/Code_Injection',
|
|
73
|
+
]));
|
|
74
|
+
}
|
|
75
|
+
// Pattern 5: Unescaped template rendering (Express, etc.)
|
|
76
|
+
const unescapedRenderPattern = /res\.send\([^)]*\$\{(?:req\.|params\.|input|user|query)/gi;
|
|
77
|
+
while ((match = unescapedRenderPattern.exec(content)) !== null) {
|
|
78
|
+
if (this.shouldIgnore(content, match.index)) {
|
|
79
|
+
continue;
|
|
80
|
+
}
|
|
81
|
+
const line = this.findLineNumber(content, match.index);
|
|
82
|
+
const code = this.extractCodeSnippet(content, match.index, 1);
|
|
83
|
+
vulnerabilities.push(this.createVulnerability(filePath, line, code, 'Sending unescaped user input in response may lead to XSS', 'Escape HTML entities or use a templating engine with auto-escaping', [
|
|
84
|
+
'https://owasp.org/www-community/attacks/xss/',
|
|
85
|
+
]));
|
|
86
|
+
}
|
|
87
|
+
return vulnerabilities;
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
//# sourceMappingURL=xss-detector.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"xss-detector.js","sourceRoot":"","sources":["../../../../src/analyzers/security/detectors/xss-detector.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAG3D,MAAM,OAAO,WAAY,SAAQ,oBAAoB;IACnD;QACE,KAAK,CAAC;YACJ,EAAE,EAAE,mBAAmB;YACvB,IAAI,EAAE,4BAA4B;YAClC,WAAW,EAAE,uCAAuC;YACpD,QAAQ,EAAE,MAAM;YAChB,aAAa,EAAE,sBAAsB;YACrC,KAAK,EAAE,QAAQ;SAChB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAe,EAAE,QAAgB;QAC1C,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,eAAe,GAA4B,EAAE,CAAC;QAEpD,8CAA8C;QAC9C,MAAM,8BAA8B,GAAG,uEAAuE,CAAC;QAC/G,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,8BAA8B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACvE,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,wEAAwE,EACxE,uEAAuE,EACvE;gBACE,8CAA8C;gBAC9C,4FAA4F;aAC7F,CACF,CACF,CAAC;QACJ,CAAC;QAED,kCAAkC;QAClC,MAAM,gBAAgB,GAAG,oCAAoC,CAAC;QAC9D,OAAO,CAAC,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACzD,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,kEAAkE,EAClE,6DAA6D,EAC7D;gBACE,8CAA8C;gBAC9C,0FAA0F;aAC3F,CACF,CACF,CAAC;QACJ,CAAC;QAED,4CAA4C;QAC5C,MAAM,oBAAoB,GAAG,6DAA6D,CAAC;QAC3F,OAAO,CAAC,KAAK,GAAG,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7D,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,gDAAgD,EAChD,uEAAuE,EACvE;gBACE,8CAA8C;aAC/C,CACF,CACF,CAAC;QACJ,CAAC;QAED,oCAAoC;QACpC,MAAM,WAAW,GAAG,kDAAkD,CAAC;QACvE,OAAO,CAAC,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACpD,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,8EAA8E,EAC9E,8DAA8D,EAC9D;gBACE,wDAAwD;aACzD,CACF,CACF,CAAC;QACJ,CAAC;QAED,0DAA0D;QAC1D,MAAM,sBAAsB,GAAG,2DAA2D,CAAC;QAC3F,OAAO,CAAC,KAAK,GAAG,sBAAsB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC/D,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,0DAA0D,EAC1D,oEAAoE,EACpE;gBACE,8CAA8C;aAC/C,CACF,CACF,CAAC;QACJ,CAAC;QAED,OAAO,eAAe,CAAC;IACzB,CAAC;CACF"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Security Analyzer Module
|
|
3
|
+
*
|
|
4
|
+
* Provides security vulnerability detection with OWASP-aligned detectors
|
|
5
|
+
*/
|
|
6
|
+
export { SecurityAnalyzer } from './security-analyzer.js';
|
|
7
|
+
export { BaseSecurityDetector } from './base-detector.js';
|
|
8
|
+
export * from './types.js';
|
|
9
|
+
export { SQLInjectionDetector } from './detectors/sql-injection-detector.js';
|
|
10
|
+
export { XSSDetector } from './detectors/xss-detector.js';
|
|
11
|
+
export { HardcodedSecretsDetector } from './detectors/hardcoded-secrets-detector.js';
|
|
12
|
+
export { InsecureRandomDetector } from './detectors/insecure-random-detector.js';
|
|
13
|
+
export { PathTraversalDetector } from './detectors/path-traversal-detector.js';
|
|
14
|
+
export { CommandInjectionDetector } from './detectors/command-injection-detector.js';
|
|
15
|
+
export { WeakCryptoDetector } from './detectors/weak-crypto-detector.js';
|
|
16
|
+
export { InsecureDeserializationDetector } from './detectors/insecure-deserialization-detector.js';
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Security Analyzer Module
|
|
3
|
+
*
|
|
4
|
+
* Provides security vulnerability detection with OWASP-aligned detectors
|
|
5
|
+
*/
|
|
6
|
+
export { SecurityAnalyzer } from './security-analyzer.js';
|
|
7
|
+
export { BaseSecurityDetector } from './base-detector.js';
|
|
8
|
+
export * from './types.js';
|
|
9
|
+
// Export all detectors
|
|
10
|
+
export { SQLInjectionDetector } from './detectors/sql-injection-detector.js';
|
|
11
|
+
export { XSSDetector } from './detectors/xss-detector.js';
|
|
12
|
+
export { HardcodedSecretsDetector } from './detectors/hardcoded-secrets-detector.js';
|
|
13
|
+
export { InsecureRandomDetector } from './detectors/insecure-random-detector.js';
|
|
14
|
+
export { PathTraversalDetector } from './detectors/path-traversal-detector.js';
|
|
15
|
+
export { CommandInjectionDetector } from './detectors/command-injection-detector.js';
|
|
16
|
+
export { WeakCryptoDetector } from './detectors/weak-crypto-detector.js';
|
|
17
|
+
export { InsecureDeserializationDetector } from './detectors/insecure-deserialization-detector.js';
|
|
18
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analyzers/security/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC1D,cAAc,YAAY,CAAC;AAE3B,uBAAuB;AACvB,OAAO,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAC;AAC7E,OAAO,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAC1D,OAAO,EAAE,wBAAwB,EAAE,MAAM,2CAA2C,CAAC;AACrF,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AACjF,OAAO,EAAE,qBAAqB,EAAE,MAAM,wCAAwC,CAAC;AAC/E,OAAO,EAAE,wBAAwB,EAAE,MAAM,2CAA2C,CAAC;AACrF,OAAO,EAAE,kBAAkB,EAAE,MAAM,qCAAqC,CAAC;AACzE,OAAO,EAAE,+BAA+B,EAAE,MAAM,kDAAkD,CAAC"}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Security Analyzer
|
|
3
|
+
*
|
|
4
|
+
* Main orchestrator for security vulnerability detection
|
|
5
|
+
*/
|
|
6
|
+
import type { SecurityDetector, FileSecurityResult, BatchSecurityResult, SecurityScanOptions } from './types.js';
|
|
7
|
+
export declare class SecurityAnalyzer {
|
|
8
|
+
private detectors;
|
|
9
|
+
constructor();
|
|
10
|
+
/**
|
|
11
|
+
* Register all default security detectors
|
|
12
|
+
*/
|
|
13
|
+
private registerDefaultDetectors;
|
|
14
|
+
/**
|
|
15
|
+
* Scan a single file for security vulnerabilities
|
|
16
|
+
*/
|
|
17
|
+
scanFile(filePath: string, options?: SecurityScanOptions): Promise<FileSecurityResult>;
|
|
18
|
+
/**
|
|
19
|
+
* Scan multiple files in batch
|
|
20
|
+
*/
|
|
21
|
+
scanBatch(files: string[], options?: SecurityScanOptions): Promise<BatchSecurityResult>;
|
|
22
|
+
/**
|
|
23
|
+
* Scan directory with pattern
|
|
24
|
+
*/
|
|
25
|
+
scanDirectory(directory: string, pattern?: string, options?: SecurityScanOptions): Promise<BatchSecurityResult>;
|
|
26
|
+
/**
|
|
27
|
+
* Calculate risk score for a file based on vulnerabilities
|
|
28
|
+
*/
|
|
29
|
+
private calculateRiskScore;
|
|
30
|
+
/**
|
|
31
|
+
* Get list of all registered detectors
|
|
32
|
+
*/
|
|
33
|
+
getDetectors(): SecurityDetector[];
|
|
34
|
+
/**
|
|
35
|
+
* Get detector by ID
|
|
36
|
+
*/
|
|
37
|
+
getDetector(id: string): SecurityDetector | undefined;
|
|
38
|
+
}
|
|
@@ -0,0 +1,215 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Security Analyzer
|
|
3
|
+
*
|
|
4
|
+
* Main orchestrator for security vulnerability detection
|
|
5
|
+
*/
|
|
6
|
+
import { promises as fs } from 'fs';
|
|
7
|
+
import { glob } from 'glob';
|
|
8
|
+
// Import all detectors
|
|
9
|
+
import { SQLInjectionDetector } from './detectors/sql-injection-detector.js';
|
|
10
|
+
import { XSSDetector } from './detectors/xss-detector.js';
|
|
11
|
+
import { HardcodedSecretsDetector } from './detectors/hardcoded-secrets-detector.js';
|
|
12
|
+
import { InsecureRandomDetector } from './detectors/insecure-random-detector.js';
|
|
13
|
+
import { PathTraversalDetector } from './detectors/path-traversal-detector.js';
|
|
14
|
+
import { CommandInjectionDetector } from './detectors/command-injection-detector.js';
|
|
15
|
+
import { WeakCryptoDetector } from './detectors/weak-crypto-detector.js';
|
|
16
|
+
import { InsecureDeserializationDetector } from './detectors/insecure-deserialization-detector.js';
|
|
17
|
+
export class SecurityAnalyzer {
|
|
18
|
+
detectors;
|
|
19
|
+
constructor() {
|
|
20
|
+
this.detectors = new Map();
|
|
21
|
+
this.registerDefaultDetectors();
|
|
22
|
+
}
|
|
23
|
+
/**
|
|
24
|
+
* Register all default security detectors
|
|
25
|
+
*/
|
|
26
|
+
registerDefaultDetectors() {
|
|
27
|
+
const detectors = [
|
|
28
|
+
new SQLInjectionDetector(),
|
|
29
|
+
new XSSDetector(),
|
|
30
|
+
new HardcodedSecretsDetector(),
|
|
31
|
+
new InsecureRandomDetector(),
|
|
32
|
+
new PathTraversalDetector(),
|
|
33
|
+
new CommandInjectionDetector(),
|
|
34
|
+
new WeakCryptoDetector(),
|
|
35
|
+
new InsecureDeserializationDetector(),
|
|
36
|
+
];
|
|
37
|
+
for (const detector of detectors) {
|
|
38
|
+
this.detectors.set(detector.id, detector);
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Scan a single file for security vulnerabilities
|
|
43
|
+
*/
|
|
44
|
+
async scanFile(filePath, options = {}) {
|
|
45
|
+
const startTime = Date.now();
|
|
46
|
+
try {
|
|
47
|
+
// Read file content
|
|
48
|
+
const content = await fs.readFile(filePath, 'utf-8');
|
|
49
|
+
// Check file size limit
|
|
50
|
+
const maxFileSize = options.maxFileSize || 1024 * 1024; // 1MB default
|
|
51
|
+
if (content.length > maxFileSize) {
|
|
52
|
+
return Object.freeze({
|
|
53
|
+
file: filePath,
|
|
54
|
+
vulnerabilities: Object.freeze([]),
|
|
55
|
+
riskScore: 0,
|
|
56
|
+
timestamp: new Date(),
|
|
57
|
+
durationMs: Date.now() - startTime,
|
|
58
|
+
});
|
|
59
|
+
}
|
|
60
|
+
// Run all applicable detectors in parallel
|
|
61
|
+
const detectorPromises = [];
|
|
62
|
+
for (const detector of this.detectors.values()) {
|
|
63
|
+
// Check if detector is enabled
|
|
64
|
+
const detectorConfig = options.detectors?.[detector.id];
|
|
65
|
+
if (detectorConfig && !detectorConfig.enabled) {
|
|
66
|
+
continue;
|
|
67
|
+
}
|
|
68
|
+
// Check if detector applies to this file
|
|
69
|
+
if (!detector.appliesTo(filePath)) {
|
|
70
|
+
continue;
|
|
71
|
+
}
|
|
72
|
+
// Run detector
|
|
73
|
+
detectorPromises.push(detector.scan(content, filePath));
|
|
74
|
+
}
|
|
75
|
+
// Wait for all detectors to complete
|
|
76
|
+
const results = await Promise.all(detectorPromises);
|
|
77
|
+
// Flatten vulnerabilities
|
|
78
|
+
let vulnerabilities = results.flat();
|
|
79
|
+
// Filter out info-level findings if not requested
|
|
80
|
+
if (!options.includeInfo) {
|
|
81
|
+
vulnerabilities = vulnerabilities.filter(v => v.severity !== 'info');
|
|
82
|
+
}
|
|
83
|
+
// Calculate risk score
|
|
84
|
+
const riskScore = this.calculateRiskScore(vulnerabilities);
|
|
85
|
+
return Object.freeze({
|
|
86
|
+
file: filePath,
|
|
87
|
+
vulnerabilities: Object.freeze(vulnerabilities),
|
|
88
|
+
riskScore,
|
|
89
|
+
timestamp: new Date(),
|
|
90
|
+
durationMs: Date.now() - startTime,
|
|
91
|
+
});
|
|
92
|
+
}
|
|
93
|
+
catch (error) {
|
|
94
|
+
// Return empty result on error
|
|
95
|
+
return Object.freeze({
|
|
96
|
+
file: filePath,
|
|
97
|
+
vulnerabilities: Object.freeze([]),
|
|
98
|
+
riskScore: 0,
|
|
99
|
+
timestamp: new Date(),
|
|
100
|
+
durationMs: Date.now() - startTime,
|
|
101
|
+
});
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
/**
|
|
105
|
+
* Scan multiple files in batch
|
|
106
|
+
*/
|
|
107
|
+
async scanBatch(files, options = {}) {
|
|
108
|
+
const timestamp = new Date();
|
|
109
|
+
// Scan files with concurrency control
|
|
110
|
+
const maxConcurrent = 5;
|
|
111
|
+
const fileResults = [];
|
|
112
|
+
for (let i = 0; i < files.length; i += maxConcurrent) {
|
|
113
|
+
const batch = files.slice(i, i + maxConcurrent);
|
|
114
|
+
const batchResults = await Promise.all(batch.map(file => this.scanFile(file, options)));
|
|
115
|
+
fileResults.push(...batchResults);
|
|
116
|
+
}
|
|
117
|
+
// Calculate summary statistics
|
|
118
|
+
const totalVulnerabilities = fileResults.reduce((sum, result) => sum + result.vulnerabilities.length, 0);
|
|
119
|
+
let criticalCount = 0;
|
|
120
|
+
let highCount = 0;
|
|
121
|
+
let mediumCount = 0;
|
|
122
|
+
let lowCount = 0;
|
|
123
|
+
let infoCount = 0;
|
|
124
|
+
for (const result of fileResults) {
|
|
125
|
+
for (const vuln of result.vulnerabilities) {
|
|
126
|
+
switch (vuln.severity) {
|
|
127
|
+
case 'critical':
|
|
128
|
+
criticalCount++;
|
|
129
|
+
break;
|
|
130
|
+
case 'high':
|
|
131
|
+
highCount++;
|
|
132
|
+
break;
|
|
133
|
+
case 'medium':
|
|
134
|
+
mediumCount++;
|
|
135
|
+
break;
|
|
136
|
+
case 'low':
|
|
137
|
+
lowCount++;
|
|
138
|
+
break;
|
|
139
|
+
case 'info':
|
|
140
|
+
infoCount++;
|
|
141
|
+
break;
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
// Calculate average risk score
|
|
146
|
+
const averageRiskScore = fileResults.length > 0
|
|
147
|
+
? fileResults.reduce((sum, r) => sum + r.riskScore, 0) / fileResults.length
|
|
148
|
+
: 0;
|
|
149
|
+
// Find highest risk files
|
|
150
|
+
const highestRiskFiles = fileResults
|
|
151
|
+
.filter(r => r.riskScore > 0)
|
|
152
|
+
.sort((a, b) => b.riskScore - a.riskScore)
|
|
153
|
+
.slice(0, 10)
|
|
154
|
+
.map(r => ({ file: r.file, score: r.riskScore }));
|
|
155
|
+
return Object.freeze({
|
|
156
|
+
files: Object.freeze(fileResults),
|
|
157
|
+
totalVulnerabilities,
|
|
158
|
+
criticalCount,
|
|
159
|
+
highCount,
|
|
160
|
+
mediumCount,
|
|
161
|
+
lowCount,
|
|
162
|
+
infoCount,
|
|
163
|
+
averageRiskScore,
|
|
164
|
+
highestRiskFiles: Object.freeze(highestRiskFiles),
|
|
165
|
+
timestamp,
|
|
166
|
+
});
|
|
167
|
+
}
|
|
168
|
+
/**
|
|
169
|
+
* Scan directory with pattern
|
|
170
|
+
*/
|
|
171
|
+
async scanDirectory(directory, pattern = '**/*.{ts,tsx,js,jsx}', options = {}) {
|
|
172
|
+
// Find all matching files
|
|
173
|
+
const files = await glob(pattern, {
|
|
174
|
+
cwd: directory,
|
|
175
|
+
absolute: true,
|
|
176
|
+
nodir: true,
|
|
177
|
+
ignore: ['**/node_modules/**', '**/dist/**', '**/build/**', '**/.git/**'],
|
|
178
|
+
});
|
|
179
|
+
return this.scanBatch(files, options);
|
|
180
|
+
}
|
|
181
|
+
/**
|
|
182
|
+
* Calculate risk score for a file based on vulnerabilities
|
|
183
|
+
*/
|
|
184
|
+
calculateRiskScore(vulnerabilities) {
|
|
185
|
+
if (vulnerabilities.length === 0)
|
|
186
|
+
return 0;
|
|
187
|
+
const severityWeights = {
|
|
188
|
+
critical: 10,
|
|
189
|
+
high: 7,
|
|
190
|
+
medium: 4,
|
|
191
|
+
low: 2,
|
|
192
|
+
info: 1,
|
|
193
|
+
};
|
|
194
|
+
let totalScore = 0;
|
|
195
|
+
for (const vuln of vulnerabilities) {
|
|
196
|
+
totalScore += severityWeights[vuln.severity];
|
|
197
|
+
}
|
|
198
|
+
// Normalize to 0-100 scale
|
|
199
|
+
const maxScore = vulnerabilities.length * 10; // Assume all critical
|
|
200
|
+
return Math.min(100, Math.round((totalScore / maxScore) * 100));
|
|
201
|
+
}
|
|
202
|
+
/**
|
|
203
|
+
* Get list of all registered detectors
|
|
204
|
+
*/
|
|
205
|
+
getDetectors() {
|
|
206
|
+
return Array.from(this.detectors.values());
|
|
207
|
+
}
|
|
208
|
+
/**
|
|
209
|
+
* Get detector by ID
|
|
210
|
+
*/
|
|
211
|
+
getDetector(id) {
|
|
212
|
+
return this.detectors.get(id);
|
|
213
|
+
}
|
|
214
|
+
}
|
|
215
|
+
//# sourceMappingURL=security-analyzer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-analyzer.js","sourceRoot":"","sources":["../../../src/analyzers/security/security-analyzer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAUH,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,IAAI,CAAC;AACpC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,uBAAuB;AACvB,OAAO,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAC;AAC7E,OAAO,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAC1D,OAAO,EAAE,wBAAwB,EAAE,MAAM,2CAA2C,CAAC;AACrF,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AACjF,OAAO,EAAE,qBAAqB,EAAE,MAAM,wCAAwC,CAAC;AAC/E,OAAO,EAAE,wBAAwB,EAAE,MAAM,2CAA2C,CAAC;AACrF,OAAO,EAAE,kBAAkB,EAAE,MAAM,qCAAqC,CAAC;AACzE,OAAO,EAAE,+BAA+B,EAAE,MAAM,kDAAkD,CAAC;AAEnG,MAAM,OAAO,gBAAgB;IACnB,SAAS,CAAgC;IAEjD;QACE,IAAI,CAAC,SAAS,GAAG,IAAI,GAAG,EAAE,CAAC;QAC3B,IAAI,CAAC,wBAAwB,EAAE,CAAC;IAClC,CAAC;IAED;;OAEG;IACK,wBAAwB;QAC9B,MAAM,SAAS,GAAG;YAChB,IAAI,oBAAoB,EAAE;YAC1B,IAAI,WAAW,EAAE;YACjB,IAAI,wBAAwB,EAAE;YAC9B,IAAI,sBAAsB,EAAE;YAC5B,IAAI,qBAAqB,EAAE;YAC3B,IAAI,wBAAwB,EAAE;YAC9B,IAAI,kBAAkB,EAAE;YACxB,IAAI,+BAA+B,EAAE;SACtC,CAAC;QAEF,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,QAAgB,EAAE,UAA+B,EAAE;QAChE,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,IAAI,CAAC;YACH,oBAAoB;YACpB,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAErD,wBAAwB;YACxB,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,IAAI,GAAG,IAAI,CAAC,CAAC,cAAc;YACtE,IAAI,OAAO,CAAC,MAAM,GAAG,WAAW,EAAE,CAAC;gBACjC,OAAO,MAAM,CAAC,MAAM,CAAC;oBACnB,IAAI,EAAE,QAAQ;oBACd,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;oBAClC,SAAS,EAAE,CAAC;oBACZ,SAAS,EAAE,IAAI,IAAI,EAAE;oBACrB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC,CAAC;YACL,CAAC;YAED,2CAA2C;YAC3C,MAAM,gBAAgB,GAAuC,EAAE,CAAC;YAEhE,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,CAAC;gBAC/C,+BAA+B;gBAC/B,MAAM,cAAc,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;gBACxD,IAAI,cAAc,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;oBAC9C,SAAS;gBACX,CAAC;gBAED,yCAAyC;gBACzC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAClC,SAAS;gBACX,CAAC;gBAED,eAAe;gBACf,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC1D,CAAC;YAED,qCAAqC;YACrC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;YAEpD,0BAA0B;YAC1B,IAAI,eAAe,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;YAErC,kDAAkD;YAClD,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;gBACzB,eAAe,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;YACvE,CAAC;YAED,uBAAuB;YACvB,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,CAAC;YAE3D,OAAO,MAAM,CAAC,MAAM,CAAC;gBACnB,IAAI,EAAE,QAAQ;gBACd,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC;gBAC/C,SAAS;gBACT,SAAS,EAAE,IAAI,IAAI,EAAE;gBACrB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACnC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,+BAA+B;YAC/B,OAAO,MAAM,CAAC,MAAM,CAAC;gBACnB,IAAI,EAAE,QAAQ;gBACd,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;gBAClC,SAAS,EAAE,CAAC;gBACZ,SAAS,EAAE,IAAI,IAAI,EAAE;gBACrB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACnC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CACb,KAAe,EACf,UAA+B,EAAE;QAEjC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;QAE7B,sCAAsC;QACtC,MAAM,aAAa,GAAG,CAAC,CAAC;QACxB,MAAM,WAAW,GAAyB,EAAE,CAAC;QAE7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,aAAa,EAAE,CAAC;YACrD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,CAAC;YAChD,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CACpC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAChD,CAAC;YACF,WAAW,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;QACpC,CAAC;QAED,+BAA+B;QAC/B,MAAM,oBAAoB,GAAG,WAAW,CAAC,MAAM,CAC7C,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC,GAAG,GAAG,MAAM,CAAC,eAAe,CAAC,MAAM,EACpD,CAAC,CACF,CAAC;QAEF,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,IAAI,QAAQ,GAAG,CAAC,CAAC;QACjB,IAAI,SAAS,GAAG,CAAC,CAAC;QAElB,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;YACjC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;gBAC1C,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACtB,KAAK,UAAU;wBACb,aAAa,EAAE,CAAC;wBAChB,MAAM;oBACR,KAAK,MAAM;wBACT,SAAS,EAAE,CAAC;wBACZ,MAAM;oBACR,KAAK,QAAQ;wBACX,WAAW,EAAE,CAAC;wBACd,MAAM;oBACR,KAAK,KAAK;wBACR,QAAQ,EAAE,CAAC;wBACX,MAAM;oBACR,KAAK,MAAM;wBACT,SAAS,EAAE,CAAC;wBACZ,MAAM;gBACV,CAAC;YACH,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,MAAM,gBAAgB,GACpB,WAAW,CAAC,MAAM,GAAG,CAAC;YACpB,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,GAAG,WAAW,CAAC,MAAM;YAC3E,CAAC,CAAC,CAAC,CAAC;QAER,0BAA0B;QAC1B,MAAM,gBAAgB,GAAG,WAAW;aACjC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC;aAC5B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC;aACzC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;aACZ,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;QAEpD,OAAO,MAAM,CAAC,MAAM,CAAC;YACnB,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC;YACjC,oBAAoB;YACpB,aAAa;YACb,SAAS;YACT,WAAW;YACX,QAAQ;YACR,SAAS;YACT,gBAAgB;YAChB,gBAAgB,EAAE,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC;YACjD,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CACjB,SAAiB,EACjB,UAAkB,sBAAsB,EACxC,UAA+B,EAAE;QAEjC,0BAA0B;QAC1B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE;YAChC,GAAG,EAAE,SAAS;YACd,QAAQ,EAAE,IAAI;YACd,KAAK,EAAE,IAAI;YACX,MAAM,EAAE,CAAC,oBAAoB,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,CAAC;SAC1E,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,eAAiD;QAC1E,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,CAAC,CAAC;QAE3C,MAAM,eAAe,GAAqC;YACxD,QAAQ,EAAE,EAAE;YACZ,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,GAAG,EAAE,CAAC;YACN,IAAI,EAAE,CAAC;SACR,CAAC;QAEF,IAAI,UAAU,GAAG,CAAC,CAAC;QACnB,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;YACnC,UAAU,IAAI,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC/C,CAAC;QAED,2BAA2B;QAC3B,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,sBAAsB;QACpE,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,UAAU,GAAG,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IAClE,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,EAAU;QACpB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChC,CAAC;CACF"}
|
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Security Analyzer Types
|
|
3
|
+
*
|
|
4
|
+
* Type definitions for security vulnerability detection
|
|
5
|
+
*/
|
|
6
|
+
/**
|
|
7
|
+
* Severity level for security vulnerabilities
|
|
8
|
+
*/
|
|
9
|
+
export type SecuritySeverity = 'critical' | 'high' | 'medium' | 'low' | 'info';
|
|
10
|
+
/**
|
|
11
|
+
* OWASP Top 10 categories
|
|
12
|
+
*/
|
|
13
|
+
export type OWASPCategory = 'A01:2021 - Broken Access Control' | 'A02:2021 - Cryptographic Failures' | 'A03:2021 - Injection' | 'A04:2021 - Insecure Design' | 'A05:2021 - Security Misconfiguration' | 'A06:2021 - Vulnerable and Outdated Components' | 'A07:2021 - Identification and Authentication Failures' | 'A08:2021 - Software and Data Integrity Failures' | 'A09:2021 - Security Logging and Monitoring Failures' | 'A10:2021 - Server-Side Request Forgery';
|
|
14
|
+
/**
|
|
15
|
+
* Security vulnerability finding
|
|
16
|
+
*/
|
|
17
|
+
export interface SecurityVulnerability {
|
|
18
|
+
readonly id: string;
|
|
19
|
+
readonly name: string;
|
|
20
|
+
readonly description: string;
|
|
21
|
+
readonly severity: SecuritySeverity;
|
|
22
|
+
readonly owaspCategory?: OWASPCategory;
|
|
23
|
+
readonly cweId?: string;
|
|
24
|
+
readonly file: string;
|
|
25
|
+
readonly line: number;
|
|
26
|
+
readonly column?: number;
|
|
27
|
+
readonly code: string;
|
|
28
|
+
readonly recommendation: string;
|
|
29
|
+
readonly references: readonly string[];
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* Security scan result for a single file
|
|
33
|
+
*/
|
|
34
|
+
export interface FileSecurityResult {
|
|
35
|
+
readonly file: string;
|
|
36
|
+
readonly vulnerabilities: readonly SecurityVulnerability[];
|
|
37
|
+
readonly riskScore: number;
|
|
38
|
+
readonly timestamp: Date;
|
|
39
|
+
readonly durationMs: number;
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Batch security scan result
|
|
43
|
+
*/
|
|
44
|
+
export interface BatchSecurityResult {
|
|
45
|
+
readonly files: readonly FileSecurityResult[];
|
|
46
|
+
readonly totalVulnerabilities: number;
|
|
47
|
+
readonly criticalCount: number;
|
|
48
|
+
readonly highCount: number;
|
|
49
|
+
readonly mediumCount: number;
|
|
50
|
+
readonly lowCount: number;
|
|
51
|
+
readonly infoCount: number;
|
|
52
|
+
readonly averageRiskScore: number;
|
|
53
|
+
readonly highestRiskFiles: readonly {
|
|
54
|
+
file: string;
|
|
55
|
+
score: number;
|
|
56
|
+
}[];
|
|
57
|
+
readonly timestamp: Date;
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Security detector configuration
|
|
61
|
+
*/
|
|
62
|
+
export interface SecurityDetectorConfig {
|
|
63
|
+
readonly enabled: boolean;
|
|
64
|
+
readonly severity?: SecuritySeverity;
|
|
65
|
+
readonly customPatterns?: readonly string[];
|
|
66
|
+
readonly excludePatterns?: readonly string[];
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* Security scan options
|
|
70
|
+
*/
|
|
71
|
+
export interface SecurityScanOptions {
|
|
72
|
+
readonly detectors?: Record<string, SecurityDetectorConfig>;
|
|
73
|
+
readonly includeInfo?: boolean;
|
|
74
|
+
readonly maxFileSize?: number;
|
|
75
|
+
}
|
|
76
|
+
/**
|
|
77
|
+
* Base security detector interface
|
|
78
|
+
*/
|
|
79
|
+
export interface SecurityDetector {
|
|
80
|
+
readonly id: string;
|
|
81
|
+
readonly name: string;
|
|
82
|
+
readonly description: string;
|
|
83
|
+
readonly severity: SecuritySeverity;
|
|
84
|
+
readonly owaspCategory?: OWASPCategory;
|
|
85
|
+
readonly cweId?: string;
|
|
86
|
+
readonly enabled: boolean;
|
|
87
|
+
/**
|
|
88
|
+
* Scan file content for vulnerabilities
|
|
89
|
+
*/
|
|
90
|
+
scan(content: string, filePath: string): Promise<SecurityVulnerability[]>;
|
|
91
|
+
/**
|
|
92
|
+
* Check if detector applies to this file type
|
|
93
|
+
*/
|
|
94
|
+
appliesTo(filePath: string): boolean;
|
|
95
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/analyzers/security/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}
|