@empline/preflight 1.0.22 → 1.0.24
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin/approve.js +0 -0
- package/dist/bin/audit.js +0 -0
- package/dist/bin/install-hooks.js +0 -0
- package/dist/bin/preflight.js +0 -0
- package/dist/bin/review-drift.js +0 -0
- package/dist/bin/review.js +0 -0
- package/dist/bin/submit-drift.js +0 -0
- package/dist/bin/submit.js +0 -0
- package/dist/bin/watch.js +0 -0
- package/dist/checks/api/response-consistency.d.ts.map +1 -1
- package/dist/checks/api/response-consistency.js +13 -5
- package/dist/checks/api/response-consistency.js.map +1 -1
- package/dist/checks/api/response-schema-validation.d.ts.map +1 -1
- package/dist/checks/api/response-schema-validation.js +13 -7
- package/dist/checks/api/response-schema-validation.js.map +1 -1
- package/dist/checks/async-cleanup-validation.d.ts.map +1 -1
- package/dist/checks/async-cleanup-validation.js +9 -3
- package/dist/checks/async-cleanup-validation.js.map +1 -1
- package/dist/checks/auth/role-validation.d.ts.map +1 -1
- package/dist/checks/auth/role-validation.js +12 -14
- package/dist/checks/auth/role-validation.js.map +1 -1
- package/dist/checks/auth/store-access-delegation.d.ts.map +1 -1
- package/dist/checks/auth/store-access-delegation.js +12 -19
- package/dist/checks/auth/store-access-delegation.js.map +1 -1
- package/dist/checks/business/currency-precision.d.ts.map +1 -1
- package/dist/checks/business/currency-precision.js +13 -125
- package/dist/checks/business/currency-precision.js.map +1 -1
- package/dist/checks/business/inventory-atomicity-validation.d.ts.map +1 -1
- package/dist/checks/business/inventory-atomicity-validation.js +15 -11
- package/dist/checks/business/inventory-atomicity-validation.js.map +1 -1
- package/dist/checks/business/order-state-machine-validation.d.ts.map +1 -1
- package/dist/checks/business/order-state-machine-validation.js +13 -10
- package/dist/checks/business/order-state-machine-validation.js.map +1 -1
- package/dist/checks/business/price-calculation-validation.d.ts.map +1 -1
- package/dist/checks/business/price-calculation-validation.js +11 -9
- package/dist/checks/business/price-calculation-validation.js.map +1 -1
- package/dist/checks/business/timezone-handling.d.ts.map +1 -1
- package/dist/checks/business/timezone-handling.js +12 -3
- package/dist/checks/business/timezone-handling.js.map +1 -1
- package/dist/checks/code-hygiene/any-type-detection.d.ts.map +1 -1
- package/dist/checks/code-hygiene/any-type-detection.js +12 -8
- package/dist/checks/code-hygiene/any-type-detection.js.map +1 -1
- package/dist/checks/code-hygiene/broken-template-literals.d.ts.map +1 -1
- package/dist/checks/code-hygiene/broken-template-literals.js +14 -6
- package/dist/checks/code-hygiene/broken-template-literals.js.map +1 -1
- package/dist/checks/code-hygiene/comment-hygiene.d.ts.map +1 -1
- package/dist/checks/code-hygiene/comment-hygiene.js +6 -5
- package/dist/checks/code-hygiene/comment-hygiene.js.map +1 -1
- package/dist/checks/code-hygiene/console-log-detection.d.ts.map +1 -1
- package/dist/checks/code-hygiene/console-log-detection.js +11 -14
- package/dist/checks/code-hygiene/console-log-detection.js.map +1 -1
- package/dist/checks/code-hygiene/decorative-separators.d.ts.map +1 -1
- package/dist/checks/code-hygiene/decorative-separators.js +14 -9
- package/dist/checks/code-hygiene/decorative-separators.js.map +1 -1
- package/dist/checks/code-hygiene/empty-catch-detection.d.ts.map +1 -1
- package/dist/checks/code-hygiene/empty-catch-detection.js +11 -5
- package/dist/checks/code-hygiene/empty-catch-detection.js.map +1 -1
- package/dist/checks/code-hygiene/log-level-misuse.d.ts.map +1 -1
- package/dist/checks/code-hygiene/log-level-misuse.js +11 -10
- package/dist/checks/code-hygiene/log-level-misuse.js.map +1 -1
- package/dist/checks/code-hygiene/missing-logger-import.d.ts.map +1 -1
- package/dist/checks/code-hygiene/missing-logger-import.js +11 -10
- package/dist/checks/code-hygiene/missing-logger-import.js.map +1 -1
- package/dist/checks/code-hygiene/todo-tracking.d.ts.map +1 -1
- package/dist/checks/code-hygiene/todo-tracking.js +12 -4
- package/dist/checks/code-hygiene/todo-tracking.js.map +1 -1
- package/dist/checks/code-hygiene/unicode-console-compatibility.d.ts.map +1 -1
- package/dist/checks/code-hygiene/unicode-console-compatibility.js +11 -3
- package/dist/checks/code-hygiene/unicode-console-compatibility.js.map +1 -1
- package/dist/checks/code-quality/feature-flag-hygiene.d.ts.map +1 -1
- package/dist/checks/code-quality/feature-flag-hygiene.js +10 -6
- package/dist/checks/code-quality/feature-flag-hygiene.js.map +1 -1
- package/dist/checks/code-quality/legacy-data-pattern-detection.d.ts.map +1 -1
- package/dist/checks/code-quality/legacy-data-pattern-detection.js +14 -6
- package/dist/checks/code-quality/legacy-data-pattern-detection.js.map +1 -1
- package/dist/checks/code-quality/magic-number-detection.d.ts.map +1 -1
- package/dist/checks/code-quality/magic-number-detection.js +10 -13
- package/dist/checks/code-quality/magic-number-detection.js.map +1 -1
- package/dist/checks/code-quality/no-console-production.d.ts.map +1 -1
- package/dist/checks/code-quality/no-console-production.js +12 -19
- package/dist/checks/code-quality/no-console-production.js.map +1 -1
- package/dist/checks/code-quality/shared-utility-gaps.d.ts.map +1 -1
- package/dist/checks/code-quality/shared-utility-gaps.js +11 -16
- package/dist/checks/code-quality/shared-utility-gaps.js.map +1 -1
- package/dist/checks/component-imports.d.ts.map +1 -1
- package/dist/checks/component-imports.js +12 -7
- package/dist/checks/component-imports.js.map +1 -1
- package/dist/checks/event-listener-cleanup.d.ts.map +1 -1
- package/dist/checks/event-listener-cleanup.js +9 -3
- package/dist/checks/event-listener-cleanup.js.map +1 -1
- package/dist/checks/react/memory-leak-detection.d.ts.map +1 -1
- package/dist/checks/react/memory-leak-detection.js +10 -5
- package/dist/checks/react/memory-leak-detection.js.map +1 -1
- package/dist/checks/react/memory-leak-patterns.d.ts.map +1 -1
- package/dist/checks/react/memory-leak-patterns.js +10 -8
- package/dist/checks/react/memory-leak-patterns.js.map +1 -1
- package/dist/checks/runtime/client-process-env-usage.d.ts.map +1 -1
- package/dist/checks/runtime/client-process-env-usage.js +12 -9
- package/dist/checks/runtime/client-process-env-usage.js.map +1 -1
- package/dist/checks/runtime/missing-public-env-import.d.ts.map +1 -1
- package/dist/checks/runtime/missing-public-env-import.js +12 -9
- package/dist/checks/runtime/missing-public-env-import.js.map +1 -1
- package/dist/checks/runtime/process-stdio-usage.d.ts.map +1 -1
- package/dist/checks/runtime/process-stdio-usage.js +12 -10
- package/dist/checks/runtime/process-stdio-usage.js.map +1 -1
- package/dist/checks/security/path-traversal-prevention.d.ts.map +1 -1
- package/dist/checks/security/path-traversal-prevention.js +8 -2
- package/dist/checks/security/path-traversal-prevention.js.map +1 -1
- package/dist/checks/security/permission-security-validation.d.ts.map +1 -1
- package/dist/checks/security/permission-security-validation.js +15 -9
- package/dist/checks/security/permission-security-validation.js.map +1 -1
- package/dist/checks/security/prod-command-detection.d.ts.map +1 -1
- package/dist/checks/security/prod-command-detection.js +15 -5
- package/dist/checks/security/prod-command-detection.js.map +1 -1
- package/dist/checks/security/rate-limiting-validation.d.ts.map +1 -1
- package/dist/checks/security/rate-limiting-validation.js +10 -5
- package/dist/checks/security/rate-limiting-validation.js.map +1 -1
- package/dist/checks/security/sensitive-data-exposure.d.ts.map +1 -1
- package/dist/checks/security/sensitive-data-exposure.js +13 -34
- package/dist/checks/security/sensitive-data-exposure.js.map +1 -1
- package/dist/checks/security/sql-injection-prevention.d.ts.map +1 -1
- package/dist/checks/security/sql-injection-prevention.js +14 -11
- package/dist/checks/security/sql-injection-prevention.js.map +1 -1
- package/dist/checks/security/turnstile-scope-validation.d.ts.map +1 -1
- package/dist/checks/security/turnstile-scope-validation.js +8 -4
- package/dist/checks/security/turnstile-scope-validation.js.map +1 -1
- package/dist/checks/security/webhook-security-validation.d.ts.map +1 -1
- package/dist/checks/security/webhook-security-validation.js +13 -6
- package/dist/checks/security/webhook-security-validation.js.map +1 -1
- package/dist/checks/storage-keys-validation.d.ts.map +1 -1
- package/dist/checks/storage-keys-validation.js +10 -4
- package/dist/checks/storage-keys-validation.js.map +1 -1
- package/dist/checks/system/preflight-drift-detector.js +0 -0
- package/dist/checks/ui/console-log-check.js +5 -37
- package/dist/checks/ui/console-log-check.js.map +1 -1
- package/dist/checks/ui/product-image-animations.d.ts.map +1 -1
- package/dist/checks/ui/product-image-animations.js +9 -15
- package/dist/checks/ui/product-image-animations.js.map +1 -1
- package/dist/checks/ui/styling-standards.d.ts.map +1 -1
- package/dist/checks/ui/styling-standards.js.map +1 -1
- package/package.json +12 -13
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"memory-leak-patterns.d.ts","sourceRoot":"","sources":["../../../src/checks/react/memory-leak-patterns.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;;GAkBG;
|
|
1
|
+
{"version":3,"file":"memory-leak-patterns.d.ts","sourceRoot":"","sources":["../../../src/checks/react/memory-leak-patterns.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;;GAkBG;AASH,eAAO,MAAM,EAAE,+BAA+B,CAAC;AAC/C,eAAO,MAAM,IAAI,yBAAyB,CAAC;AAC3C,eAAO,MAAM,QAAQ,UAAU,CAAC;AAChC,eAAO,MAAM,QAAQ,OAAO,CAAC;AAC7B,eAAO,MAAM,WAAW,wDAAwD,CAAC;AACjF,eAAO,MAAM,IAAI,UAAY,CAAC"}
|
|
@@ -57,6 +57,7 @@ exports.tags = exports.description = exports.blocking = exports.category = expor
|
|
|
57
57
|
const fs = __importStar(require("fs"));
|
|
58
58
|
const console_chars_1 = require("../../utils/console-chars");
|
|
59
59
|
const file_cache_1 = require("../../shared/file-cache");
|
|
60
|
+
const exclusions_1 = require("../../shared/exclusions");
|
|
60
61
|
// Check metadata
|
|
61
62
|
exports.id = "react/memory-leak-patterns";
|
|
62
63
|
exports.name = "Memory Leak Patterns";
|
|
@@ -160,21 +161,21 @@ const LEAK_PATTERNS = [
|
|
|
160
161
|
severity: "warning",
|
|
161
162
|
},
|
|
162
163
|
];
|
|
163
|
-
//
|
|
164
|
+
// Essential default exclusions (the rest come from app config)
|
|
164
165
|
const EXCLUDE_PATTERNS = [
|
|
165
166
|
"node_modules",
|
|
167
|
+
"__mocks__",
|
|
166
168
|
".next",
|
|
167
169
|
"dist",
|
|
168
|
-
"
|
|
169
|
-
"*.test.ts",
|
|
170
|
-
"*.test.tsx",
|
|
171
|
-
"*.spec.ts",
|
|
172
|
-
"*.spec.tsx",
|
|
173
|
-
"__mocks__",
|
|
174
|
-
"scripts/",
|
|
170
|
+
"coverage",
|
|
175
171
|
];
|
|
172
|
+
let appExclusions = [];
|
|
176
173
|
function shouldSkip(filePath) {
|
|
177
174
|
const normalized = filePath.replace(/\\/g, "/");
|
|
175
|
+
// Check app-configured exclusions first
|
|
176
|
+
if ((0, exclusions_1.shouldExcludeFile)(normalized, appExclusions)) {
|
|
177
|
+
return true;
|
|
178
|
+
}
|
|
178
179
|
return EXCLUDE_PATTERNS.some((pattern) => {
|
|
179
180
|
if (pattern.startsWith("*")) {
|
|
180
181
|
return normalized.endsWith(pattern.slice(1));
|
|
@@ -255,6 +256,7 @@ async function main() {
|
|
|
255
256
|
console.log(`\n${console_chars_1.emoji.warning} Memory Leak Patterns Detection`);
|
|
256
257
|
console.log((0, console_chars_1.createDivider)(60, "heavy"));
|
|
257
258
|
console.log(`Checking for ${LEAK_PATTERNS.length} memory leak patterns\n`);
|
|
259
|
+
appExclusions = await (0, exclusions_1.getExclusions)(exports.id);
|
|
258
260
|
const allIssues = [];
|
|
259
261
|
// Get all component files
|
|
260
262
|
const files = await file_cache_1.fileCache.getComponentFiles();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"memory-leak-patterns.js","sourceRoot":"","sources":["../../../src/checks/react/memory-leak-patterns.ts"],"names":[],"mappings":";;AACA;;;;;;;;;;;;;;;;;;GAkBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,6DAAwE;AACxE,wDAAoD;
|
|
1
|
+
{"version":3,"file":"memory-leak-patterns.js","sourceRoot":"","sources":["../../../src/checks/react/memory-leak-patterns.ts"],"names":[],"mappings":";;AACA;;;;;;;;;;;;;;;;;;GAkBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,6DAAwE;AACxE,wDAAoD;AACpD,wDAA2E;AAG3E,iBAAiB;AACJ,QAAA,EAAE,GAAG,4BAA4B,CAAC;AAClC,QAAA,IAAI,GAAG,sBAAsB,CAAC;AAC9B,QAAA,QAAQ,GAAG,OAAO,CAAC;AACnB,QAAA,QAAQ,GAAG,IAAI,CAAC;AAChB,QAAA,WAAW,GAAG,qDAAqD,CAAC;AACpE,QAAA,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;AAW9B,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACrD,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;AAEvD,iCAAiC;AACjC,MAAM,aAAa,GAAG;IACpB,2BAA2B;IAC3B;QACE,OAAO,EAAE,mBAAmB;QAC5B,cAAc,EAAE,eAAe;QAC/B,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,uDAAuD;QAChE,UAAU,EACR,oFAAoF;QACtF,QAAQ,EAAE,OAAgB;KAC3B;IACD,6BAA6B;IAC7B;QACE,OAAO,EAAE,kCAAkC;QAC3C,cAAc,EAAE,cAAc;QAC9B,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EACL,yFAAyF;QAC3F,UAAU,EAAE,kEAAkE;QAC9E,QAAQ,EAAE,SAAkB;KAC7B;IACD,0BAA0B;IAC1B;QACE,OAAO,EAAE,uBAAuB;QAChC,cAAc,EAAE,wDAAwD;QACxE,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,sDAAsD;QAC/D,UAAU,EAAE,6CAA6C;QACzD,QAAQ,EAAE,OAAgB;KAC3B;IACD,4BAA4B;IAC5B;QACE,OAAO,EAAE,yBAAyB;QAClC,cAAc,EAAE,cAAc;QAC9B,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,gDAAgD;QACzD,UAAU,EAAE,+CAA+C;QAC3D,QAAQ,EAAE,OAAgB;KAC3B;IACD,8BAA8B;IAC9B;QACE,OAAO,EAAE,sDAAsD;QAC/D,cAAc,EAAE,mBAAmB;QACnC,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,kDAAkD;QAC3D,UAAU,EAAE,iDAAiD;QAC7D,QAAQ,EAAE,OAAgB;KAC3B;IACD,8DAA8D;IAC9D;QACE,OAAO,EAAE,mBAAmB;QAC5B,cAAc,EAAE,8CAA8C;QAC9D,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,sDAAsD;QAC/D,UAAU,EAAE,gFAAgF;QAC5F,QAAQ,EAAE,SAAkB;KAC7B;IACD,6CAA6C;IAC7C;QACE,OAAO,EAAE,kEAAkE;QAC3E,cAAc,EAAE,oDAAoD;QACpE,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EAAE,kFAAkF;QAC3F,UAAU,EAAE,gEAAgE;QAC5E,QAAQ,EAAE,SAAkB;KAC7B;IACD,2CAA2C;IAC3C,wDAAwD;IACxD;QACE,OAAO,EAAE,mDAAmD;QAC5D,cAAc,EAAE,8DAA8D;QAC9E,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,iFAAiF;QAC1F,UAAU,EAAE,mFAAmF;QAC/F,QAAQ,EAAE,SAAkB;KAC7B;IACD,uDAAuD;IACvD;QACE,OAAO,EAAE,6CAA6C;QACtD,cAAc,EAAE,0CAA0C;QAC1D,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,8DAA8D;QACvE,UAAU,EAAE,0EAA0E;QACtF,QAAQ,EAAE,OAAgB;KAC3B;IACD,mCAAmC;IACnC;QACE,OAAO,EAAE,uCAAuC;QAChD,cAAc,EAAE,oBAAoB;QACpC,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,qEAAqE;QAC9E,UAAU,EAAE,+DAA+D;QAC3E,QAAQ,EAAE,SAAkB;KAC7B;CACF,CAAC;AAEF,+DAA+D;AAC/D,MAAM,gBAAgB,GAAG;IACvB,cAAc;IACd,WAAW;IACX,OAAO;IACP,MAAM;IACN,UAAU;CACX,CAAC;AAEF,IAAI,aAAa,GAAa,EAAE,CAAC;AAEjC,SAAS,UAAU,CAAC,QAAgB;IAClC,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAEhD,wCAAwC;IACxC,IAAI,IAAA,8BAAiB,EAAC,UAAU,EAAE,aAAa,CAAC,EAAE,CAAC;QACjD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QACvC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,CAAC;QACD,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAgB;IACxC,MAAM,MAAM,GAAsB,EAAE,CAAC;IAErC,IAAI,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,MAAM,CAAC;IAExC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACnD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElC,wDAAwD;QACxD,MAAM,gBAAgB,GACpB,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;YAC7B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;YAC5B,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;YACnC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;QAExC,IAAI,CAAC,gBAAgB;YAAE,OAAO,MAAM,CAAC;QAErC,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,MAAM,YAAY,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YACzE,IAAI,KAAK,CAAC;YAEV,OAAO,CAAC,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBACrD,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAClD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;gBAClD,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;gBAEzC,uBAAuB;gBACvB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBAChE,SAAS;gBACX,CAAC;gBAED,qBAAqB;gBACrB,IACE,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC;oBAC/B,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC;oBACjC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EACrC,CAAC;oBACD,SAAS;gBACX,CAAC;gBAED,4CAA4C;gBAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAErD,yEAAyE;gBACzE,IAAI,gBAAgB,GAAG,KAAK,CAAC;gBAE7B,gDAAgD;gBAChD,MAAM,cAAc,GAClB,yEAAyE,CAAC;gBAC5E,IAAI,WAAW,CAAC;gBAChB,OAAO,CAAC,WAAW,GAAG,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBAC7D,MAAM,UAAU,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;oBAClC,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,CAAC;oBACtC,MAAM,SAAS,GAAG,WAAW,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;oBAEtD,gDAAgD;oBAChD,IAAI,KAAK,CAAC,KAAK,IAAI,WAAW,IAAI,KAAK,CAAC,KAAK,IAAI,SAAS,EAAE,CAAC;wBAC3D,yDAAyD;wBACzD,MAAM,gBAAgB,GAAG,4CAA4C,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;wBACvF,IAAI,gBAAgB,IAAI,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;4BAC7D,gBAAgB,GAAG,IAAI,CAAC;wBAC1B,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,IAAI,CAAC,UAAU,IAAI,CAAC,gBAAgB,EAAE,CAAC;oBACrC,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,IAAI,EAAE,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;wBAClC,IAAI,EAAE,UAAU;wBAChB,OAAO,EAAE,IAAI,CAAC,OAAO;wBACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,UAAU,EAAE,IAAI,CAAC,UAAU;qBAC5B,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,wBAAwB;IAC1B,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,iCAAiC,CAAC,CAAC;IACjE,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,gBAAgB,aAAa,CAAC,MAAM,yBAAyB,CAAC,CAAC;IAE3E,aAAa,GAAG,MAAM,IAAA,0BAAa,EAAC,UAAE,CAAC,CAAC;IAExC,MAAM,SAAS,GAAsB,EAAE,CAAC;IAExC,0BAA0B;IAC1B,MAAM,KAAK,GAAG,MAAM,sBAAS,CAAC,iBAAiB,EAAE,CAAC;IAElD,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,MAAM,aAAa,KAAK,CAAC,MAAM,uBAAuB,CAAC,CAAC;IAE7E,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;QACtC,SAAS,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC;IAC5B,CAAC;IAED,qCAAqC;IACrC,MAAM,MAAM,GAAG,IAAI,GAAG,EAA6B,CAAC;IACpD,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC9C,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACnC,CAAC;IAED,iBAAiB;IACjB,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IAExC,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;IAEnE,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,OAAO,mCAAmC,CAAC,CAAC;IACnE,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;YACpC,MAAM,IAAI,GAAG,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,qBAAK,CAAC,KAAK,CAAC,CAAC,CAAC,qBAAK,CAAC,OAAO,CAAC;YAEhE,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,IAAI,IAAI,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC;YAEnE,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACnE,OAAO,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC9C,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,UAAU,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;gBACvD,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,UAAU,IAAI,CAAC,CAAC;YAClD,CAAC;YAED,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpC,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,MAAM,GAAG,CAAC,SAAS,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,KAAK,gCAAgC,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,qBAAqB,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,KAAK,YAAY,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,OAAO,cAAc,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAEhE,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QACjC,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IAExC,IAAI,UAAU,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,+BAA+B,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;QAC7D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,+CAA+C,CAAC,CAAC;QAC/E,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;QAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,+BAA+B,CAAC,CAAC;IAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,GAAG,qBAAK,CAAC,KAAK,eAAe,EAAE,GAAG,CAAC,CAAC;IAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client-process-env-usage.d.ts","sourceRoot":"","sources":["../../../src/checks/runtime/client-process-env-usage.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;GAcG;
|
|
1
|
+
{"version":3,"file":"client-process-env-usage.d.ts","sourceRoot":"","sources":["../../../src/checks/runtime/client-process-env-usage.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;GAcG;AAWH,eAAO,MAAM,EAAE,qCAAqC,CAAC;AACrD,eAAO,MAAM,IAAI,6BAA6B,CAAC;AAC/C,eAAO,MAAM,QAAQ,YAAY,CAAC;AAClC,eAAO,MAAM,QAAQ,QAAQ,CAAC;AAC9B,eAAO,MAAM,WAAW,yDAAyD,CAAC;AAClF,eAAO,MAAM,IAAI,UAAc,CAAC;AAsHhC,iBAAS,GAAG,IAAI;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAqCnD;AAUD,OAAO,EAAE,GAAG,EAAE,CAAC"}
|
|
@@ -55,6 +55,7 @@ const fs = __importStar(require("fs"));
|
|
|
55
55
|
const path = __importStar(require("path"));
|
|
56
56
|
const console_chars_1 = require("../../utils/console-chars");
|
|
57
57
|
const findings_writer_1 = require("../../utils/findings-writer");
|
|
58
|
+
const exclusions_1 = require("../../shared/exclusions");
|
|
58
59
|
// Check metadata
|
|
59
60
|
exports.id = "runtime/client-process-env-usage";
|
|
60
61
|
exports.name = "Client Process Env Usage";
|
|
@@ -66,18 +67,14 @@ const WORKSPACE_ROOT = process.cwd();
|
|
|
66
67
|
const ROOTS = ["app", "components", "contexts", "hooks"];
|
|
67
68
|
const ALLOWED_EXTS = new Set([".ts", ".tsx", ".js", ".jsx"]);
|
|
68
69
|
const ALLOW_COMMENT = "preflight:allow-process-env";
|
|
70
|
+
// App-level exclusions loaded from config
|
|
71
|
+
let appExclusions = [];
|
|
72
|
+
// Essential defaults (node_modules, __mocks__, .next, dist, coverage)
|
|
69
73
|
function shouldSkipDirName(dirName) {
|
|
70
74
|
return (dirName === "node_modules" ||
|
|
71
75
|
dirName === ".next" ||
|
|
72
|
-
dirName === ".git" ||
|
|
73
76
|
dirName === "dist" ||
|
|
74
|
-
dirName === "build" ||
|
|
75
77
|
dirName === "coverage" ||
|
|
76
|
-
dirName === "test-results" ||
|
|
77
|
-
dirName === "reports" ||
|
|
78
|
-
dirName === "backups" ||
|
|
79
|
-
dirName === "scripts" ||
|
|
80
|
-
dirName === "prisma" ||
|
|
81
78
|
dirName === "__mocks__");
|
|
82
79
|
}
|
|
83
80
|
function collectFiles(dir, out) {
|
|
@@ -111,6 +108,9 @@ function hasUseClientDirective(fileContent) {
|
|
|
111
108
|
l === "'use client'");
|
|
112
109
|
}
|
|
113
110
|
function findProcessEnv(filePath) {
|
|
111
|
+
// Check app-level exclusions
|
|
112
|
+
if ((0, exclusions_1.shouldExcludeFile)(filePath, appExclusions))
|
|
113
|
+
return [];
|
|
114
114
|
const content = fs.readFileSync(filePath, "utf8");
|
|
115
115
|
if (content.includes(ALLOW_COMMENT))
|
|
116
116
|
return [];
|
|
@@ -184,7 +184,10 @@ function run() {
|
|
|
184
184
|
return { errors: findings.length, warnings: 0 };
|
|
185
185
|
}
|
|
186
186
|
if (require.main === module) {
|
|
187
|
-
|
|
188
|
-
|
|
187
|
+
(async () => {
|
|
188
|
+
appExclusions = await (0, exclusions_1.getExclusions)(exports.id);
|
|
189
|
+
const result = run();
|
|
190
|
+
process.exit(result.errors > 0 ? 1 : 0);
|
|
191
|
+
})();
|
|
189
192
|
}
|
|
190
193
|
//# sourceMappingURL=client-process-env-usage.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client-process-env-usage.js","sourceRoot":"","sources":["../../../src/checks/runtime/client-process-env-usage.ts"],"names":[],"mappings":";;AACA;;;;;;;;;;;;;;GAcG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"client-process-env-usage.js","sourceRoot":"","sources":["../../../src/checks/runtime/client-process-env-usage.ts"],"names":[],"mappings":";;AACA;;;;;;;;;;;;;;GAcG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqLM,kBAAG;AAnLZ,uCAAyB;AACzB,2CAA6B;AAE7B,6DAAkD;AAClD,iEAA4D;AAC5D,wDAA2E;AAG3E,iBAAiB;AACJ,QAAA,EAAE,GAAG,kCAAkC,CAAC;AACxC,QAAA,IAAI,GAAG,0BAA0B,CAAC;AAClC,QAAA,QAAQ,GAAG,SAAS,CAAC;AACrB,QAAA,QAAQ,GAAG,KAAK,CAAC;AACjB,QAAA,WAAW,GAAG,sDAAsD,CAAC;AACrE,QAAA,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;AAUhC,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;AAErC,MAAM,KAAK,GAAG,CAAC,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;AACzD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;AAE7D,MAAM,aAAa,GAAG,6BAA6B,CAAC;AAEpD,0CAA0C;AAC1C,IAAI,aAAa,GAAa,EAAE,CAAC;AAEjC,sEAAsE;AACtE,SAAS,iBAAiB,CAAC,OAAe;IACxC,OAAO,CACL,OAAO,KAAK,cAAc;QAC1B,OAAO,KAAK,OAAO;QACnB,OAAO,KAAK,MAAM;QAClB,OAAO,KAAK,UAAU;QACtB,OAAO,KAAK,WAAW,CACxB,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,GAAW,EAAE,GAAa;IAC9C,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAE5C,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,IAAI,iBAAiB,CAAC,KAAK,CAAC,IAAI,CAAC;gBAAE,SAAS;YAE5C,qDAAqD;YACrD,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;gBAAE,SAAS;YAE3E,YAAY,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YAC5B,SAAS;QACX,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACrC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QACrC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrB,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,WAAmB;IAChD,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACzC,MAAM,UAAU,GAAG,KAAK;SACrB,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;SACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,OAAO,CAAC,CAAC;IACnB,OAAO,UAAU,CAAC,IAAI,CACpB,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,KAAK,eAAe;QACrB,CAAC,KAAK,eAAe;QACrB,CAAC,KAAK,cAAc;QACpB,CAAC,KAAK,cAAc,CACvB,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,QAAgB;IACtC,6BAA6B;IAC7B,IAAI,IAAA,8BAAiB,EAAC,QAAQ,EAAE,aAAa,CAAC;QAAE,OAAO,EAAE,CAAC;IAE1D,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAClD,IAAI,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC;QAAE,OAAO,EAAE,CAAC;IAE/C,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IACpD,MAAM,WAAW,GAAG,GAAG,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IACvD,MAAM,YAAY,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAEpD,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY;QAAE,OAAO,EAAE,CAAC;IAE7C,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAErC,6BAA6B;IAC7B,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,IAAI,CAAC,cAAc,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAChD,cAAc,GAAG,IAAI,CAAC;QACxB,CAAC;QACD,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAAE,cAAc,GAAG,KAAK,CAAC;YACnD,SAAS;QACX,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,SAAS;QAEvC,MAAM,EAAE,GAAG,mBAAmB,CAAC;QAC/B,IAAI,CAAyB,CAAC;QAC9B,0CAA0C;QAC1C,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5D,MAAM,MAAM,GAAG,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,MAAM,SAAS,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC;gBACnC,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,MAAM;gBACN,SAAS;gBACT,IAAI,EAAE,OAAO;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,GAAG;IACV,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;QAC5C,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,YAAY,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACnD,CAAC;IAED,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAE/C,IAAA,+BAAa,EACX,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACnB,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,uCAAuC;QAChD,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,SAAS,EAAE;KAC7F,CAAC,CAAC,CACJ,CAAC;IAEF,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,OAAO,iDAAiD,CAAC,CAAC;QAC/E,OAAO,EAAE,MAAM,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACpC,CAAC;IAED,OAAO,CAAC,GAAG,CACT,GAAG,qBAAK,CAAC,KAAK,qBAAqB,QAAQ,CAAC,MAAM,sCAAsC,CACzF,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,mFAAmF,CAAC,CAAC;IACjG,OAAO,CAAC,GAAG,CAAC,uCAAuC,aAAa,gBAAgB,CAAC,CAAC;IAClF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7B,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;AAClD,CAAC;AAED,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;IAC5B,CAAC,KAAK,IAAI,EAAE;QACV,aAAa,GAAG,MAAM,IAAA,0BAAa,EAAC,UAAE,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,GAAG,EAAE,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,EAAE,CAAC;AACP,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"missing-public-env-import.d.ts","sourceRoot":"","sources":["../../../src/checks/runtime/missing-public-env-import.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;GAYG;
|
|
1
|
+
{"version":3,"file":"missing-public-env-import.d.ts","sourceRoot":"","sources":["../../../src/checks/runtime/missing-public-env-import.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;GAYG;AAWH,eAAO,MAAM,EAAE,sCAAsC,CAAC;AACtD,eAAO,MAAM,IAAI,8BAA8B,CAAC;AAChD,eAAO,MAAM,QAAQ,YAAY,CAAC;AAClC,eAAO,MAAM,QAAQ,QAAQ,CAAC;AAC9B,eAAO,MAAM,WAAW,oDAAoD,CAAC;AAC7E,eAAO,MAAM,IAAI,UAAc,CAAC;AAoGhC,iBAAS,GAAG,IAAI;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAsCnD;AAUD,OAAO,EAAE,GAAG,EAAE,CAAC"}
|
|
@@ -53,6 +53,7 @@ const fs = __importStar(require("fs"));
|
|
|
53
53
|
const path = __importStar(require("path"));
|
|
54
54
|
const console_chars_1 = require("../../utils/console-chars");
|
|
55
55
|
const findings_writer_1 = require("../../utils/findings-writer");
|
|
56
|
+
const exclusions_1 = require("../../shared/exclusions");
|
|
56
57
|
// Check metadata
|
|
57
58
|
exports.id = "runtime/missing-public-env-import";
|
|
58
59
|
exports.name = "Missing Public Env Import";
|
|
@@ -64,18 +65,14 @@ const WORKSPACE_ROOT = process.cwd();
|
|
|
64
65
|
const ROOTS = ["app", "components", "contexts", "hooks"];
|
|
65
66
|
const ALLOWED_EXTS = new Set([".ts", ".tsx", ".js", ".jsx"]);
|
|
66
67
|
const ALLOW_COMMENT = "preflight:allow-missing-publicenv-import";
|
|
68
|
+
// App-level exclusions loaded from config
|
|
69
|
+
let appExclusions = [];
|
|
70
|
+
// Essential defaults (node_modules, __mocks__, .next, dist, coverage)
|
|
67
71
|
function shouldSkipDirName(dirName) {
|
|
68
72
|
return (dirName === "node_modules" ||
|
|
69
73
|
dirName === ".next" ||
|
|
70
|
-
dirName === ".git" ||
|
|
71
74
|
dirName === "dist" ||
|
|
72
|
-
dirName === "build" ||
|
|
73
75
|
dirName === "coverage" ||
|
|
74
|
-
dirName === "test-results" ||
|
|
75
|
-
dirName === "reports" ||
|
|
76
|
-
dirName === "backups" ||
|
|
77
|
-
dirName === "scripts" ||
|
|
78
|
-
dirName === "prisma" ||
|
|
79
76
|
dirName === "__mocks__");
|
|
80
77
|
}
|
|
81
78
|
function collectFiles(dir, out) {
|
|
@@ -115,6 +112,9 @@ function hasPublicEnvImport(fileContent) {
|
|
|
115
112
|
return /from\s+["']@\/lib\/public-env["']/.test(fileContent);
|
|
116
113
|
}
|
|
117
114
|
function analyzeFile(filePath) {
|
|
115
|
+
// Check app-level exclusions
|
|
116
|
+
if ((0, exclusions_1.shouldExcludeFile)(filePath, appExclusions))
|
|
117
|
+
return [];
|
|
118
118
|
const content = fs.readFileSync(filePath, "utf8");
|
|
119
119
|
if (content.includes(ALLOW_COMMENT))
|
|
120
120
|
return [];
|
|
@@ -169,7 +169,10 @@ function run() {
|
|
|
169
169
|
return { errors: findings.length, warnings: 0 };
|
|
170
170
|
}
|
|
171
171
|
if (require.main === module) {
|
|
172
|
-
|
|
173
|
-
|
|
172
|
+
(async () => {
|
|
173
|
+
appExclusions = await (0, exclusions_1.getExclusions)(exports.id);
|
|
174
|
+
const result = run();
|
|
175
|
+
process.exit(result.errors > 0 ? 1 : 0);
|
|
176
|
+
})();
|
|
174
177
|
}
|
|
175
178
|
//# sourceMappingURL=missing-public-env-import.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"missing-public-env-import.js","sourceRoot":"","sources":["../../../src/checks/runtime/missing-public-env-import.ts"],"names":[],"mappings":";;AACA;;;;;;;;;;;;GAYG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"missing-public-env-import.js","sourceRoot":"","sources":["../../../src/checks/runtime/missing-public-env-import.ts"],"names":[],"mappings":";;AACA;;;;;;;;;;;;GAYG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoKM,kBAAG;AAlKZ,uCAAyB;AACzB,2CAA6B;AAE7B,6DAAkD;AAClD,iEAA4E;AAC5E,wDAA2E;AAG3E,iBAAiB;AACJ,QAAA,EAAE,GAAG,mCAAmC,CAAC;AACzC,QAAA,IAAI,GAAG,2BAA2B,CAAC;AACnC,QAAA,QAAQ,GAAG,SAAS,CAAC;AACrB,QAAA,QAAQ,GAAG,KAAK,CAAC;AACjB,QAAA,WAAW,GAAG,iDAAiD,CAAC;AAChE,QAAA,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;AAShC,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;AAErC,MAAM,KAAK,GAAG,CAAC,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;AACzD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;AAE7D,MAAM,aAAa,GAAG,0CAA0C,CAAC;AAEjE,0CAA0C;AAC1C,IAAI,aAAa,GAAa,EAAE,CAAC;AAEjC,sEAAsE;AACtE,SAAS,iBAAiB,CAAC,OAAe;IACxC,OAAO,CACL,OAAO,KAAK,cAAc;QAC1B,OAAO,KAAK,OAAO;QACnB,OAAO,KAAK,MAAM;QAClB,OAAO,KAAK,UAAU;QACtB,OAAO,KAAK,WAAW,CACxB,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,GAAW,EAAE,GAAa;IAC9C,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAE5C,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,IAAI,iBAAiB,CAAC,KAAK,CAAC,IAAI,CAAC;gBAAE,SAAS;YAC5C,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;gBAAE,SAAS;YAC3E,YAAY,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YAC5B,SAAS;QACX,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACrC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QACrC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrB,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,WAAmB;IAChD,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACzC,MAAM,UAAU,GAAG,KAAK;SACrB,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;SACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,OAAO,CAAC,CAAC;IACnB,OAAO,UAAU,CAAC,IAAI,CACpB,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,KAAK,eAAe;QACrB,CAAC,KAAK,eAAe;QACrB,CAAC,KAAK,cAAc;QACpB,CAAC,KAAK,cAAc,CACvB,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,WAAmB;IAC7C,2DAA2D;IAC3D,YAAY;IACZ,kDAAkD;IAClD,kDAAkD;IAClD,OAAO,mCAAmC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;AAC/D,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB;IACnC,6BAA6B;IAC7B,IAAI,IAAA,8BAAiB,EAAC,QAAQ,EAAE,aAAa,CAAC;QAAE,OAAO,EAAE,CAAC;IAE1D,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAClD,IAAI,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC;QAAE,OAAO,EAAE,CAAC;IAE/C,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IACpD,MAAM,WAAW,GAAG,GAAG,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IACvD,MAAM,YAAY,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAEpD,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY;QAAE,OAAO,EAAE,CAAC;IAE7C,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,EAAE,CAAC;IACjD,IAAI,kBAAkB,CAAC,OAAO,CAAC;QAAE,OAAO,EAAE,CAAC;IAE3C,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;IACpD,MAAM,GAAG,GAAG,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC,IAAA,gCAAc,EAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAE1E,OAAO;QACL;YACE,IAAI,EAAE,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC;YACnC,IAAI,EAAE,GAAG,EAAE,IAAI;YACf,MAAM,EAAE,GAAG,EAAE,GAAG;YAChB,OAAO,EAAE,gEAAgE;SAC1E;KACF,CAAC;AACJ,CAAC;AAED,SAAS,GAAG;IACV,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;QAC5C,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,YAAY,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACnD,CAAC;IAED,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAE5C,IAAA,+BAAa,EACX,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACnB,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,KAAK,EAAE;YACL,SAAS,EAAE,CAAC,CAAC,IAAI;YACjB,WAAW,EAAE,CAAC,CAAC,MAAM;SACtB;KACF,CAAC,CAAC,CACJ,CAAC;IAEF,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,OAAO,yCAAyC,CAAC,CAAC;QACvE,OAAO,EAAE,MAAM,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACpC,CAAC;IAED,OAAO,CAAC,GAAG,CACT,GAAG,qBAAK,CAAC,KAAK,qBAAqB,QAAQ,CAAC,MAAM,yCAAyC,CAC5F,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;IAC5E,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IAChC,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;AAClD,CAAC;AAED,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;IAC5B,CAAC,KAAK,IAAI,EAAE;QACV,aAAa,GAAG,MAAM,IAAA,0BAAa,EAAC,UAAE,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,GAAG,EAAE,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,EAAE,CAAC;AACP,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"process-stdio-usage.d.ts","sourceRoot":"","sources":["../../../src/checks/runtime/process-stdio-usage.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;GAYG;
|
|
1
|
+
{"version":3,"file":"process-stdio-usage.d.ts","sourceRoot":"","sources":["../../../src/checks/runtime/process-stdio-usage.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;GAYG;AAWH,eAAO,MAAM,EAAE,gCAAgC,CAAC;AAChD,eAAO,MAAM,IAAI,wBAAwB,CAAC;AAC1C,eAAO,MAAM,QAAQ,YAAY,CAAC;AAClC,eAAO,MAAM,QAAQ,QAAQ,CAAC;AAC9B,eAAO,MAAM,WAAW,6DAA6D,CAAC;AACtF,eAAO,MAAM,IAAI,UAAc,CAAC;AA6GhC,iBAAS,GAAG,IAAI;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAsCnD;AAUD,OAAO,EAAE,GAAG,EAAE,CAAC"}
|
|
@@ -53,6 +53,7 @@ const fs = __importStar(require("fs"));
|
|
|
53
53
|
const path = __importStar(require("path"));
|
|
54
54
|
const console_chars_1 = require("../../utils/console-chars");
|
|
55
55
|
const findings_writer_1 = require("../../utils/findings-writer");
|
|
56
|
+
const exclusions_1 = require("../../shared/exclusions");
|
|
56
57
|
// Check metadata
|
|
57
58
|
exports.id = "runtime/process-stdio-usage";
|
|
58
59
|
exports.name = "Process Stdio Usage";
|
|
@@ -64,19 +65,14 @@ const WORKSPACE_ROOT = process.cwd();
|
|
|
64
65
|
const SCAN_DIRS = ["app", "components", "contexts", "hooks", "lib"];
|
|
65
66
|
const ALLOWED_EXTS = new Set([".ts", ".tsx", ".js", ".jsx"]);
|
|
66
67
|
const ALLOW_COMMENT = "preflight:allow-process-stdio";
|
|
68
|
+
// App-level exclusions loaded from config
|
|
69
|
+
let appExclusions = [];
|
|
70
|
+
// Essential defaults (node_modules, __mocks__, .next, dist, coverage)
|
|
67
71
|
function shouldSkipDirName(dirName) {
|
|
68
72
|
return (dirName === "node_modules" ||
|
|
69
73
|
dirName === ".next" ||
|
|
70
|
-
dirName === ".git" ||
|
|
71
74
|
dirName === "dist" ||
|
|
72
|
-
dirName === "build" ||
|
|
73
75
|
dirName === "coverage" ||
|
|
74
|
-
dirName === "test-results" ||
|
|
75
|
-
dirName === "reports" ||
|
|
76
|
-
dirName === "backups" ||
|
|
77
|
-
dirName === "scripts" ||
|
|
78
|
-
dirName === "prisma" ||
|
|
79
|
-
dirName === "tests" ||
|
|
80
76
|
dirName === "__mocks__");
|
|
81
77
|
}
|
|
82
78
|
function collectFiles(dir, out) {
|
|
@@ -96,6 +92,9 @@ function collectFiles(dir, out) {
|
|
|
96
92
|
}
|
|
97
93
|
}
|
|
98
94
|
function findUnsafeStdioCalls(filePath) {
|
|
95
|
+
// Check app-level exclusions
|
|
96
|
+
if ((0, exclusions_1.shouldExcludeFile)(filePath, appExclusions))
|
|
97
|
+
return [];
|
|
99
98
|
const content = fs.readFileSync(filePath, "utf8");
|
|
100
99
|
if (content.includes(ALLOW_COMMENT))
|
|
101
100
|
return [];
|
|
@@ -173,7 +172,10 @@ function run() {
|
|
|
173
172
|
return { errors: findings.length, warnings: 0 };
|
|
174
173
|
}
|
|
175
174
|
if (require.main === module) {
|
|
176
|
-
|
|
177
|
-
|
|
175
|
+
(async () => {
|
|
176
|
+
appExclusions = await (0, exclusions_1.getExclusions)(exports.id);
|
|
177
|
+
const result = run();
|
|
178
|
+
process.exit(result.errors > 0 ? 1 : 0);
|
|
179
|
+
})();
|
|
178
180
|
}
|
|
179
181
|
//# sourceMappingURL=process-stdio-usage.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"process-stdio-usage.js","sourceRoot":"","sources":["../../../src/checks/runtime/process-stdio-usage.ts"],"names":[],"mappings":";;AACA;;;;;;;;;;;;GAYG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"process-stdio-usage.js","sourceRoot":"","sources":["../../../src/checks/runtime/process-stdio-usage.ts"],"names":[],"mappings":";;AACA;;;;;;;;;;;;GAYG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6KM,kBAAG;AA3KZ,uCAAyB;AACzB,2CAA6B;AAE7B,6DAAkD;AAClD,iEAA4D;AAC5D,wDAA2E;AAG3E,iBAAiB;AACJ,QAAA,EAAE,GAAG,6BAA6B,CAAC;AACnC,QAAA,IAAI,GAAG,qBAAqB,CAAC;AAC7B,QAAA,QAAQ,GAAG,SAAS,CAAC;AACrB,QAAA,QAAQ,GAAG,KAAK,CAAC;AACjB,QAAA,WAAW,GAAG,0DAA0D,CAAC;AACzE,QAAA,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;AAWhC,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;AAErC,MAAM,SAAS,GAAG,CAAC,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;AACpE,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;AAE7D,MAAM,aAAa,GAAG,+BAA+B,CAAC;AAEtD,0CAA0C;AAC1C,IAAI,aAAa,GAAa,EAAE,CAAC;AAEjC,sEAAsE;AACtE,SAAS,iBAAiB,CAAC,OAAe;IACxC,OAAO,CACL,OAAO,KAAK,cAAc;QAC1B,OAAO,KAAK,OAAO;QACnB,OAAO,KAAK,MAAM;QAClB,OAAO,KAAK,UAAU;QACtB,OAAO,KAAK,WAAW,CACxB,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,GAAW,EAAE,GAAa;IAC9C,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAE5C,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,IAAI,iBAAiB,CAAC,KAAK,CAAC,IAAI,CAAC;gBAAE,SAAS;YAC5C,YAAY,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YAC5B,SAAS;QACX,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACrC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QACrC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrB,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,QAAgB;IAC5C,6BAA6B;IAC7B,IAAI,IAAA,8BAAiB,EAAC,QAAQ,EAAE,aAAa,CAAC;QAAE,OAAO,EAAE,CAAC;IAE1D,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAClD,IAAI,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC;QAAE,OAAO,EAAE,CAAC;IAE/C,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,uEAAuE;IACvE,kDAAkD;IAClD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,cAAc,GAAG,KAAK,CAAC;IAE3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,IAAI,CAAC,cAAc,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAChD,cAAc,GAAG,IAAI,CAAC;QACxB,CAAC;QACD,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3B,cAAc,GAAG,KAAK,CAAC;YACzB,CAAC;YACD,SAAS;QACX,CAAC;QAED,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,SAAS;QAEvC,MAAM,QAAQ,GAAG;YACf,EAAE,EAAE,EAAE,gCAAgC,EAAE,KAAK,EAAE,uBAAuB,EAAE;YACxE,EAAE,EAAE,EAAE,gCAAgC,EAAE,KAAK,EAAE,uBAAuB,EAAE;SACzE,CAAC;QAEF,KAAK,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,QAAQ,EAAE,CAAC;YACrC,IAAI,CAAyB,CAAC;YAC9B,EAAE,CAAC,SAAS,GAAG,CAAC,CAAC;YACjB,0CAA0C;YAC1C,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;gBAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC5D,MAAM,MAAM,GAAG,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;gBACxD,MAAM,SAAS,GACb,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;gBAE9E,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,QAAQ,CAAC;oBAC7C,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,MAAM;oBACN,SAAS;oBACT,KAAK;oBACL,IAAI,EAAE,IAAI;iBACX,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,GAAG;IACV,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,OAAO,IAAI,SAAS,EAAE,CAAC;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAC/C,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,YAAY,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAErD,IAAA,+BAAa,EACX,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACnB,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,UAAU,CAAC,CAAC,KAAK,iBAAiB;QAC3C,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC;QACtC,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,SAAS,EAAE;KAC7F,CAAC,CAAC,CACJ,CAAC;IAEF,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,OAAO,kDAAkD,CAAC,CAAC;QAChF,OAAO,EAAE,MAAM,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACpC,CAAC;IAED,OAAO,CAAC,GAAG,CACT,GAAG,qBAAK,CAAC,KAAK,qBAAqB,QAAQ,CAAC,MAAM,+CAA+C,CAClG,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,uEAAuE,CAAC,CAAC;IACrF,OAAO,CAAC,GAAG,CAAC,uCAAuC,aAAa,gBAAgB,CAAC,CAAC;IAClF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACpC,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;AAClD,CAAC;AAED,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;IAC5B,CAAC,KAAK,IAAI,EAAE;QACV,aAAa,GAAG,MAAM,IAAA,0BAAa,EAAC,UAAE,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,GAAG,EAAE,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,EAAE,CAAC;AACP,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"path-traversal-prevention.d.ts","sourceRoot":"","sources":["../../../src/checks/security/path-traversal-prevention.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;GAgBG;
|
|
1
|
+
{"version":3,"file":"path-traversal-prevention.d.ts","sourceRoot":"","sources":["../../../src/checks/security/path-traversal-prevention.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;GAgBG;AAWH,eAAO,MAAM,EAAE,uCAAuC,CAAC;AACvD,eAAO,MAAM,IAAI,8BAA8B,CAAC;AAChD,eAAO,MAAM,QAAQ,aAAa,CAAC;AACnC,eAAO,MAAM,QAAQ,OAAO,CAAC;AAC7B,eAAO,MAAM,WAAW,mDAAmD,CAAC;AAC5E,eAAO,MAAM,IAAI,UAAe,CAAC"}
|
|
@@ -57,6 +57,7 @@ const glob_1 = require("glob");
|
|
|
57
57
|
const path = __importStar(require("path"));
|
|
58
58
|
const console_chars_1 = require("../../utils/console-chars");
|
|
59
59
|
const universal_progress_reporter_1 = require("../system/universal-progress-reporter");
|
|
60
|
+
const exclusions_1 = require("../../shared/exclusions");
|
|
60
61
|
// Check metadata
|
|
61
62
|
exports.id = "security/path-traversal-prevention";
|
|
62
63
|
exports.name = "Path Traversal Prevention";
|
|
@@ -125,16 +126,19 @@ const SAFE_PATTERNS = [
|
|
|
125
126
|
/allowedPaths\.includes/,
|
|
126
127
|
/whitelist/i,
|
|
127
128
|
];
|
|
129
|
+
// App-specific exclusions loaded from config
|
|
130
|
+
let appExclusions = [];
|
|
128
131
|
async function findFiles() {
|
|
129
132
|
const patterns = ["app/api/**/*.ts", "lib/**/*.ts", "scripts/**/*.ts", "app/**/route.ts"];
|
|
130
133
|
const files = [];
|
|
131
134
|
for (const pattern of patterns) {
|
|
132
135
|
const matches = await (0, glob_1.glob)(pattern, {
|
|
133
|
-
ignore: ["**/node_modules/**", "
|
|
136
|
+
ignore: ["**/node_modules/**", "**/dist/**"],
|
|
134
137
|
});
|
|
135
138
|
files.push(...matches);
|
|
136
139
|
}
|
|
137
|
-
|
|
140
|
+
// Filter by app-specific exclusions
|
|
141
|
+
return [...new Set(files)].filter((file) => !(0, exclusions_1.shouldExcludeFile)(file, appExclusions));
|
|
138
142
|
}
|
|
139
143
|
function checkFile(filePath, content) {
|
|
140
144
|
const issues = [];
|
|
@@ -185,6 +189,8 @@ async function main() {
|
|
|
185
189
|
const verbose = process.argv.includes("--verbose") || process.argv.includes("-v");
|
|
186
190
|
console.log(`${console_chars_1.emoji.lock} Path Traversal Prevention Preflight`);
|
|
187
191
|
console.log((0, console_chars_1.createDivider)(60, "heavy"));
|
|
192
|
+
// Load app-specific exclusions from config
|
|
193
|
+
appExclusions = await (0, exclusions_1.getExclusions)(exports.id);
|
|
188
194
|
const files = await findFiles();
|
|
189
195
|
console.log(`Scanning ${files.length} files for path traversal vulnerabilities...\n`);
|
|
190
196
|
const allIssues = [];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"path-traversal-prevention.js","sourceRoot":"","sources":["../../../src/checks/security/path-traversal-prevention.ts"],"names":[],"mappings":";;AACA;;;;;;;;;;;;;;;;GAgBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,+BAA4B;AAC5B,2CAA6B;AAC7B,6DAAwE;AACxE,uFAAwF;
|
|
1
|
+
{"version":3,"file":"path-traversal-prevention.js","sourceRoot":"","sources":["../../../src/checks/security/path-traversal-prevention.ts"],"names":[],"mappings":";;AACA;;;;;;;;;;;;;;;;GAgBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,+BAA4B;AAC5B,2CAA6B;AAC7B,6DAAwE;AACxE,uFAAwF;AACxF,wDAA2E;AAG3E,iBAAiB;AACJ,QAAA,EAAE,GAAG,oCAAoC,CAAC;AAC1C,QAAA,IAAI,GAAG,2BAA2B,CAAC;AACnC,QAAA,QAAQ,GAAG,UAAU,CAAC;AACtB,QAAA,QAAQ,GAAG,IAAI,CAAC;AAChB,QAAA,WAAW,GAAG,gDAAgD,CAAC;AAC/D,QAAA,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;AAWjC,MAAM,kBAAkB,GAAG;IACzB,4CAA4C;IAC5C;QACE,OAAO,EAAE,yEAAyE;QAClF,OAAO,EAAE,+EAA+E;QACxF,QAAQ,EAAE,OAAgB;KAC3B;IACD,yCAAyC;IACzC;QACE,OAAO,EACL,gJAAgJ;QAClJ,OAAO,EAAE,yDAAyD;QAClE,QAAQ,EAAE,OAAgB;KAC3B;IACD,iCAAiC;IACjC;QACE,OAAO,EACL,+GAA+G;QACjH,OAAO,EAAE,wDAAwD;QACjE,QAAQ,EAAE,OAAgB;KAC3B;IACD,gDAAgD;IAChD;QACE,OAAO,EACL,oIAAoI;QACtI,OAAO,EAAE,mDAAmD;QAC5D,QAAQ,EAAE,OAAgB;KAC3B;IACD,sCAAsC;IACtC;QACE,OAAO,EAAE,+EAA+E;QACxF,OAAO,EAAE,8DAA8D;QACvE,QAAQ,EAAE,OAAgB;KAC3B;IACD,qDAAqD;IACrD;QACE,OAAO,EACL,0IAA0I;QAC5I,OAAO,EAAE,oEAAoE;QAC7E,QAAQ,EAAE,SAAkB;KAC7B;IACD,8CAA8C;IAC9C;QACE,OAAO,EAAE,mDAAmD;QAC5D,OAAO,EAAE,sEAAsE;QAC/E,QAAQ,EAAE,OAAgB;KAC3B;IACD,+CAA+C;IAC/C;QACE,OAAO,EAAE,qEAAqE;QAC9E,OAAO,EAAE,yEAAyE;QAClF,QAAQ,EAAE,SAAkB;KAC7B;CACF,CAAC;AAEF,6CAA6C;AAC7C,MAAM,aAAa,GAAG;IACpB,qBAAqB;IACrB,sBAAsB;IACtB,2BAA2B;IAC3B,+BAA+B;IAC/B,kCAAkC;IAClC,eAAe;IACf,wBAAwB;IACxB,YAAY;CACb,CAAC;AAEF,6CAA6C;AAC7C,IAAI,aAAa,GAAa,EAAE,CAAC;AAEjC,KAAK,UAAU,SAAS;IACtB,MAAM,QAAQ,GAAG,CAAC,iBAAiB,EAAE,aAAa,EAAE,iBAAiB,EAAE,iBAAiB,CAAC,CAAC;IAE1F,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,MAAM,IAAA,WAAI,EAAC,OAAO,EAAE;YAClC,MAAM,EAAE,CAAC,oBAAoB,EAAE,YAAY,CAAC;SAC7C,CAAC,CAAC;QACH,KAAK,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;IACzB,CAAC;IAED,oCAAoC;IACpC,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAA,8BAAiB,EAAC,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC;AACvF,CAAC;AAED,SAAS,SAAS,CAAC,QAAgB,EAAE,OAAe;IAClD,MAAM,MAAM,GAAY,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,4BAA4B;IAC5B,IACE,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC3B,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC3B,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,EAC9B,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,KAAK,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,kBAAkB,EAAE,CAAC;QAChE,oBAAoB;QACpB,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAEtB,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAChD,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC;YAE/B,mBAAmB;YACnB,IAAI,UAAU,GAAG,CAAC,CAAC;YACnB,IAAI,SAAS,GAAG,CAAC,CAAC;YAClB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,SAAS,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,iBAAiB;gBACnD,IAAI,SAAS,GAAG,UAAU,EAAE,CAAC;oBAC3B,UAAU,GAAG,CAAC,GAAG,CAAC,CAAC;oBACnB,MAAM;gBACR,CAAC;YACH,CAAC;YAED,0EAA0E;YAC1E,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,GAAG,CAAC,CAAC;YACnD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC;YAChF,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;YAExD,MAAM,MAAM,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;YAE9E,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,UAAU;oBAChB,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;oBAC5C,QAAQ;oBACR,OAAO;oBACP,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;iBAC7B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,QAAQ,GAAG,IAAA,6DAA+B,EAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC;IACnF,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAElF,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,IAAI,sCAAsC,CAAC,CAAC;IACjE,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IAExC,2CAA2C;IAC3C,aAAa,GAAG,MAAM,IAAA,0BAAa,EAAC,UAAE,CAAC,CAAC;IAExC,MAAM,KAAK,GAAG,MAAM,SAAS,EAAE,CAAC;IAChC,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,CAAC,MAAM,gDAAgD,CAAC,CAAC;IAEtF,MAAM,SAAS,GAAY,EAAE,CAAC;IAE9B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC/C,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YACxC,SAAS,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC;QAC5B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,gCAAgC;QAClC,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;IAEnE,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,KAAK,qBAAqB,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;QACxC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YACpC,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YACzC,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,OAAO,aAAa,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;QACxC,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YACpC,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YACzC,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,aAAa,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAE5C,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,6CAA6C,CAAC,CAAC;IAC/E,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,IAAI,wBAAwB,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,MAAM,yDAAyD,CAAC,CAAC;IACzF,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,MAAM,kDAAkD,CAAC,CAAC;IAClF,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,MAAM,oCAAoC,CAAC,CAAC;IACpE,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,MAAM,6CAA6C,CAAC,CAAC;IAE7E,2CAA2C;IAC3C,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permission-security-validation.d.ts","sourceRoot":"","sources":["../../../src/checks/security/permission-security-validation.ts"],"names":[],"mappings":";AACA;;;;;;;;;;GAUG;
|
|
1
|
+
{"version":3,"file":"permission-security-validation.d.ts","sourceRoot":"","sources":["../../../src/checks/security/permission-security-validation.ts"],"names":[],"mappings":";AACA;;;;;;;;;;GAUG;AASH,eAAO,MAAM,EAAE,4CAA4C,CAAC;AAC5D,eAAO,MAAM,IAAI,mCAAmC,CAAC;AACrD,eAAO,MAAM,QAAQ,aAAa,CAAC;AACnC,eAAO,MAAM,QAAQ,OAAO,CAAC;AAC7B,eAAO,MAAM,WAAW,6CAA6C,CAAC;AACtE,eAAO,MAAM,IAAI,UAA4B,CAAC"}
|
|
@@ -49,6 +49,7 @@ exports.tags = exports.description = exports.blocking = exports.category = expor
|
|
|
49
49
|
const fs = __importStar(require("fs"));
|
|
50
50
|
const glob_1 = require("glob");
|
|
51
51
|
const console_chars_1 = require("../../utils/console-chars");
|
|
52
|
+
const exclusions_1 = require("../../shared/exclusions");
|
|
52
53
|
// Check metadata
|
|
53
54
|
exports.id = "security/permission-security-validation";
|
|
54
55
|
exports.name = "Permission Security Validation";
|
|
@@ -123,8 +124,8 @@ const SCAN_PATTERNS = [
|
|
|
123
124
|
"app/api/listings/**/route.ts",
|
|
124
125
|
"lib/**/permission*.ts",
|
|
125
126
|
];
|
|
126
|
-
//
|
|
127
|
-
|
|
127
|
+
// App-specific exclusions loaded from config
|
|
128
|
+
let appExclusions = [];
|
|
128
129
|
async function scanApiRoute(filePath) {
|
|
129
130
|
const content = fs.readFileSync(filePath, "utf-8");
|
|
130
131
|
const lines = content.split("\n");
|
|
@@ -217,7 +218,8 @@ async function scanApiRoute(filePath) {
|
|
|
217
218
|
}
|
|
218
219
|
// Check for permission utility functions
|
|
219
220
|
async function checkPermissionInfrastructure() {
|
|
220
|
-
const libFiles = await (0, glob_1.glob)("lib/**/*.ts", { ignore:
|
|
221
|
+
const libFiles = (await (0, glob_1.glob)("lib/**/*.ts", { ignore: ["**/node_modules/**"] }))
|
|
222
|
+
.filter((file) => !(0, exclusions_1.shouldExcludeFile)(file, appExclusions));
|
|
221
223
|
let hasPermissionLib = false;
|
|
222
224
|
for (const file of libFiles) {
|
|
223
225
|
const content = fs.readFileSync(file, "utf-8");
|
|
@@ -241,9 +243,9 @@ async function checkPermissionInfrastructure() {
|
|
|
241
243
|
}
|
|
242
244
|
// Check for default permission groups in store creation
|
|
243
245
|
async function checkDefaultPermissionGroups() {
|
|
244
|
-
const storeCreationFiles = await (0, glob_1.glob)("app/api/store/register/route.ts", {
|
|
245
|
-
ignore:
|
|
246
|
-
});
|
|
246
|
+
const storeCreationFiles = (await (0, glob_1.glob)("app/api/store/register/route.ts", {
|
|
247
|
+
ignore: ["**/node_modules/**"],
|
|
248
|
+
})).filter((file) => !(0, exclusions_1.shouldExcludeFile)(file, appExclusions));
|
|
247
249
|
for (const file of storeCreationFiles) {
|
|
248
250
|
const content = fs.readFileSync(file, "utf-8");
|
|
249
251
|
const hasDefaultPermissions = content.includes("createDefaultPermissionGroups") ||
|
|
@@ -263,15 +265,19 @@ async function checkDefaultPermissionGroups() {
|
|
|
263
265
|
async function main() {
|
|
264
266
|
console.log(`${console_chars_1.emoji.shield} Permission Security Validation Preflight`);
|
|
265
267
|
console.log((0, console_chars_1.createDivider)(70, "heavy"));
|
|
268
|
+
// Load app-specific exclusions from config
|
|
269
|
+
appExclusions = await (0, exclusions_1.getExclusions)(exports.id);
|
|
266
270
|
// Get all relevant files
|
|
267
271
|
const allFiles = [];
|
|
268
272
|
for (const pattern of SCAN_PATTERNS) {
|
|
269
|
-
const files = await (0, glob_1.glob)(pattern, { ignore:
|
|
273
|
+
const files = await (0, glob_1.glob)(pattern, { ignore: ["**/node_modules/**"], nodir: true });
|
|
270
274
|
allFiles.push(...files);
|
|
271
275
|
}
|
|
272
|
-
|
|
276
|
+
// Filter by exclusions
|
|
277
|
+
const filteredFiles = allFiles.filter((file) => !(0, exclusions_1.shouldExcludeFile)(file, appExclusions));
|
|
278
|
+
console.log(`Scanning ${filteredFiles.length} files for permission security...`);
|
|
273
279
|
// Scan each file
|
|
274
|
-
for (const file of
|
|
280
|
+
for (const file of filteredFiles) {
|
|
275
281
|
await scanApiRoute(file);
|
|
276
282
|
}
|
|
277
283
|
// Check infrastructure
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permission-security-validation.js","sourceRoot":"","sources":["../../../src/checks/security/permission-security-validation.ts"],"names":[],"mappings":";;AACA;;;;;;;;;;GAUG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,+BAA4B;AAC5B,6DAAiE;
|
|
1
|
+
{"version":3,"file":"permission-security-validation.js","sourceRoot":"","sources":["../../../src/checks/security/permission-security-validation.ts"],"names":[],"mappings":";;AACA;;;;;;;;;;GAUG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,+BAA4B;AAC5B,6DAAiE;AACjE,wDAA2E;AAG3E,iBAAiB;AACJ,QAAA,EAAE,GAAG,yCAAyC,CAAC;AAC/C,QAAA,IAAI,GAAG,gCAAgC,CAAC;AACxC,QAAA,QAAQ,GAAG,UAAU,CAAC;AACtB,QAAA,QAAQ,GAAG,IAAI,CAAC;AAChB,QAAA,WAAW,GAAG,0CAA0C,CAAC;AACzD,QAAA,IAAI,GAAG,CAAC,UAAU,EAAC,YAAY,CAAC,CAAC;AAU9C,MAAM,MAAM,GAAY,EAAE,CAAC;AAE3B,2CAA2C;AAC3C,MAAM,4BAA4B,GAAG;IACnC;QACE,OAAO,EAAE,yDAAyD;QAClE,IAAI,EAAE,gBAAgB;QACtB,UAAU,EAAE,iBAAiB;QAC7B,YAAY,EAAE,CAAC,eAAe,CAAC;KAChC;IACD;QACE,OAAO,EAAE,qDAAqD;QAC9D,IAAI,EAAE,cAAc;QACpB,UAAU,EAAE,eAAe;QAC3B,YAAY,EAAE,CAAC,eAAe,CAAC;KAChC;IACD;QACE,OAAO,EAAE,8BAA8B;QACvC,IAAI,EAAE,eAAe;QACrB,UAAU,EAAE,iBAAiB;QAC7B,YAAY,EAAE,EAAE;KACjB;IACD;QACE,OAAO,EAAE,2CAA2C;QACpD,IAAI,EAAE,cAAc;QACpB,UAAU,EAAE,eAAe;QAC3B,YAAY,EAAE,EAAE;KACjB;IACD;QACE,OAAO,EAAE,wCAAwC;QACjD,IAAI,EAAE,aAAa;QACnB,UAAU,EAAE,aAAa;QACzB,YAAY,EAAE,EAAE;KACjB;IACD;QACE,OAAO,EAAE,gDAAgD;QACzD,IAAI,EAAE,iBAAiB;QACvB,UAAU,EAAE,iBAAiB;QAC7B,YAAY,EAAE,EAAE;KACjB;CACF,CAAC;AAEF,4DAA4D;AAC5D,MAAM,yBAAyB,GAAG;IAChC,kBAAkB;IAClB,gBAAgB;IAChB,oBAAoB;IACpB,wBAAwB;IACxB,mBAAmB;IACnB,8BAA8B;IAC9B,8BAA8B;IAC9B,UAAU;IACV,gCAAgC;IAChC,sCAAsC;CACvC,CAAC;AAEF,sDAAsD;AACtD,MAAM,wBAAwB,GAAG;IAC/B,iCAAiC;IACjC,8BAA8B;IAC9B,oCAAoC;IACpC,6BAA6B;IAC7B,cAAc;CACf,CAAC;AAEF,4BAA4B;AAC5B,MAAM,aAAa,GAAG;IACpB,2BAA2B;IAC3B,8BAA8B;IAC9B,uBAAuB;CACxB,CAAC;AAEF,6CAA6C;AAC7C,IAAI,aAAa,GAAa,EAAE,CAAC;AAEjC,KAAK,UAAU,YAAY,CAAC,QAAgB;IAC1C,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,uCAAuC;IACvC,MAAM,UAAU,GAAG,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;IACpD,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;IAEzD,iDAAiD;IACjD,IAAI,UAAU,IAAI,YAAY,EAAE,CAAC;QAC/B,MAAM,iBAAiB,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QAE5F,IACE,CAAC,iBAAiB;YAClB,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACvB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC;gBACvB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAC1B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,EAC5B,CAAC;YACD,6DAA6D;YAC7D,MAAM,WAAW,GACf,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC;gBAC7C,CAAC,OAAO,CAAC,QAAQ,CAAC,4BAA4B,CAAC;gBAC/C,CAAC,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC;gBAC9C,CAAC,OAAO,CAAC,QAAQ,CAAC,8BAA8B,CAAC,CAAC;YAEpD,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC;oBACP,IAAI,EAAE,SAAS;oBACf,OAAO,EAAE,2DAA2D;oBACpE,IAAI,EAAE,qDAAqD;iBAC5D,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,4BAA4B,EAAE,CAAC;QACvF,gDAAgD;QAChD,IAAI,YAAY,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,cAAc,EAAE,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YACzF,SAAS;QACX,CAAC;QAED,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpD,MAAM,kBAAkB,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;YAElF,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,qDAAqD;gBACrD,IAAI,OAAO,GAAG,CAAC,CAAC;gBAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACtC,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;wBAC3B,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;wBAChB,MAAM;oBACR,CAAC;gBACH,CAAC;gBAED,kEAAkE;gBAClE,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,SAAS;oBACf,OAAO,EAAE,GAAG,IAAI,8CAA8C,UAAU,GAAG;oBAC3E,IAAI,EAAE,sCAAsC,IAAI,CAAC,WAAW,EAAE,EAAE;iBACjE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,+DAA+D;IAC/D,IACE,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC;QAC1C,CAAC,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC,EAC9C,CAAC;QACD,MAAM,uBAAuB,GAC3B,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAAC;YAC5C,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;YACtC,OAAO,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAC;QAEjD,IAAI,CAAC,uBAAuB,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,oDAAoD;gBAC7D,IAAI,EAAE,uDAAuD;aAC9D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,oEAAoE;IACpE,IACE,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAC;QACxC,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,EAC1D,CAAC;QACD,MAAM,kBAAkB,GACtB,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;QAE/F,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACxB,kDAAkD;YAClD,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,yDAAyD;gBAClE,IAAI,EAAE,qDAAqD;aAC5D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAED,yCAAyC;AACzC,KAAK,UAAU,6BAA6B;IAC1C,MAAM,QAAQ,GAAG,CAAC,MAAM,IAAA,WAAI,EAAC,aAAa,EAAE,EAAE,MAAM,EAAE,CAAC,oBAAoB,CAAC,EAAE,CAAC,CAAC;SAC7E,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAA,8BAAiB,EAAC,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC;IAE7D,IAAI,gBAAgB,GAAG,KAAK,CAAC;IAC7B,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC/C,IACE,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;YACnC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC;YACjC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC;YAClC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,EAC3B,CAAC;YACD,gBAAgB,GAAG,IAAI,CAAC;YACxB,MAAM;QACR,CAAC;IACH,CAAC;IAED,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,CAAC;YACP,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,kDAAkD;YAC3D,IAAI,EAAE,qEAAqE;SAC5E,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,wDAAwD;AACxD,KAAK,UAAU,4BAA4B;IACzC,MAAM,kBAAkB,GAAG,CAAC,MAAM,IAAA,WAAI,EAAC,iCAAiC,EAAE;QACxE,MAAM,EAAE,CAAC,oBAAoB,CAAC;KAC/B,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAA,8BAAiB,EAAC,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC;IAE9D,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,CAAC;QACtC,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAE/C,MAAM,qBAAqB,GACzB,OAAO,CAAC,QAAQ,CAAC,+BAA+B,CAAC;YACjD,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAC;YACxC,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC,CAAC;QAEhD,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI;gBACJ,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,8DAA8D;gBACvE,IAAI,EAAE,2DAA2D;aAClE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,MAAM,2CAA2C,CAAC,CAAC;IACxE,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IAExC,2CAA2C;IAC3C,aAAa,GAAG,MAAM,IAAA,0BAAa,EAAC,UAAE,CAAC,CAAC;IAExC,yBAAyB;IACzB,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;QACpC,MAAM,KAAK,GAAG,MAAM,IAAA,WAAI,EAAC,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,oBAAoB,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACnF,QAAQ,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;IAC1B,CAAC;IAED,uBAAuB;IACvB,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAA,8BAAiB,EAAC,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC;IAEzF,OAAO,CAAC,GAAG,CAAC,YAAY,aAAa,CAAC,MAAM,mCAAmC,CAAC,CAAC;IAEjF,iBAAiB;IACjB,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;IAC3B,CAAC;IAED,uBAAuB;IACvB,MAAM,6BAA6B,EAAE,CAAC;IACtC,MAAM,4BAA4B,EAAE,CAAC;IAErC,iBAAiB;IACjB,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC;IACxD,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;IAE5D,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,oDAAoD,CAAC,CAAC;QACpF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,MAAM,YAAY,QAAQ,CAAC,MAAM,aAAa,CAAC,CAAC;IAE/E,gBAAgB;IAChB,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,KAAK,wCAAwC,CAAC,CAAC;QACpE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC9C,OAAO,CAAC,GAAG,CAAC,SAAS,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,wCAAwC,CAAC,CAAC;QACxE,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC9C,OAAO,CAAC,GAAG,CAAC,SAAS,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,IAAI,6BAA6B,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;IACpE,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;IACtE,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;IACtE,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;IACtE,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;IACpE,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IAExC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,sDAAsD,CAAC,CAAC;QACpF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,2DAA2D,CAAC,CAAC;IAC3F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prod-command-detection.d.ts","sourceRoot":"","sources":["../../../src/checks/security/prod-command-detection.ts"],"names":[],"mappings":";AACA;;;;;;;;GAQG;
|
|
1
|
+
{"version":3,"file":"prod-command-detection.d.ts","sourceRoot":"","sources":["../../../src/checks/security/prod-command-detection.ts"],"names":[],"mappings":";AACA;;;;;;;;GAQG;AASH,eAAO,MAAM,EAAE,oCAAoC,CAAC;AACpD,eAAO,MAAM,IAAI,2BAA2B,CAAC;AAC7C,eAAO,MAAM,QAAQ,aAAa,CAAC;AACnC,eAAO,MAAM,QAAQ,OAAO,CAAC;AAC7B,eAAO,MAAM,WAAW,oDAAoD,CAAC;AAC7E,eAAO,MAAM,IAAI,UAAe,CAAC"}
|
|
@@ -47,6 +47,7 @@ exports.tags = exports.description = exports.blocking = exports.category = expor
|
|
|
47
47
|
const fs = __importStar(require("fs"));
|
|
48
48
|
const path = __importStar(require("path"));
|
|
49
49
|
const console_chars_1 = require("../../utils/console-chars");
|
|
50
|
+
const exclusions_1 = require("../../shared/exclusions");
|
|
50
51
|
// Check metadata
|
|
51
52
|
exports.id = "security/prod-command-detection";
|
|
52
53
|
exports.name = "Prod Command Detection";
|
|
@@ -98,8 +99,8 @@ const DANGEROUS_PATTERNS = [
|
|
|
98
99
|
];
|
|
99
100
|
// Files/directories to scan
|
|
100
101
|
const SCAN_PATHS = ["scripts", ".github", "docs"];
|
|
101
|
-
//
|
|
102
|
-
const
|
|
102
|
+
// Default files to exclude (always excluded regardless of config)
|
|
103
|
+
const DEFAULT_EXCLUDE_FILES = [
|
|
103
104
|
"prisma-guardrail.ts",
|
|
104
105
|
"mandatory-backup.ts",
|
|
105
106
|
"db-push-prod.ts",
|
|
@@ -110,8 +111,15 @@ const EXCLUDE_PATTERNS = [
|
|
|
110
111
|
"node_modules",
|
|
111
112
|
".next",
|
|
112
113
|
];
|
|
114
|
+
// App-specific exclusions loaded from config
|
|
115
|
+
let appExclusions = [];
|
|
113
116
|
function shouldExclude(filePath) {
|
|
114
|
-
|
|
117
|
+
// Check default exclusions
|
|
118
|
+
if (DEFAULT_EXCLUDE_FILES.some((pattern) => filePath.includes(pattern))) {
|
|
119
|
+
return true;
|
|
120
|
+
}
|
|
121
|
+
// Check app-specific exclusions
|
|
122
|
+
return (0, exclusions_1.shouldExcludeFile)(filePath, appExclusions);
|
|
115
123
|
}
|
|
116
124
|
function isDocumentationFile(filePath) {
|
|
117
125
|
return filePath.includes("/docs/") || filePath.includes("\\docs\\") || filePath.endsWith(".md");
|
|
@@ -177,9 +185,11 @@ function scanDirectory(dirPath) {
|
|
|
177
185
|
}
|
|
178
186
|
}
|
|
179
187
|
}
|
|
180
|
-
function main() {
|
|
188
|
+
async function main() {
|
|
181
189
|
console.log(`\n${console_chars_1.emoji.search} Production Database Command Detection\n`);
|
|
182
190
|
console.log(`${console_chars_1.emoji.shield} Scanning for dangerous direct prisma commands...\n`);
|
|
191
|
+
// Load app-specific exclusions from config
|
|
192
|
+
appExclusions = await (0, exclusions_1.getExclusions)(exports.id);
|
|
183
193
|
const repoRoot = process.cwd();
|
|
184
194
|
for (const scanPath of SCAN_PATHS) {
|
|
185
195
|
const fullPath = path.join(repoRoot, scanPath);
|
|
@@ -218,5 +228,5 @@ function main() {
|
|
|
218
228
|
// Warnings don't fail the build but are logged
|
|
219
229
|
process.exit(0);
|
|
220
230
|
}
|
|
221
|
-
main();
|
|
231
|
+
main().catch(console.error);
|
|
222
232
|
//# sourceMappingURL=prod-command-detection.js.map
|