@empline/preflight 1.1.58 → 1.1.60

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (62) hide show
  1. package/dist/checks/accessibility/accessibility-validation.d.ts.map +1 -1
  2. package/dist/checks/accessibility/accessibility-validation.js +131 -14
  3. package/dist/checks/accessibility/accessibility-validation.js.map +1 -1
  4. package/dist/checks/accessibility/wcag-advanced-validation.d.ts +10 -0
  5. package/dist/checks/accessibility/wcag-advanced-validation.d.ts.map +1 -0
  6. package/dist/checks/accessibility/wcag-advanced-validation.js +622 -0
  7. package/dist/checks/accessibility/wcag-advanced-validation.js.map +1 -0
  8. package/dist/checks/business/auto-approval-system-validation.d.ts +25 -0
  9. package/dist/checks/business/auto-approval-system-validation.d.ts.map +1 -0
  10. package/dist/checks/business/auto-approval-system-validation.js +458 -0
  11. package/dist/checks/business/auto-approval-system-validation.js.map +1 -0
  12. package/dist/checks/business/listing-submission-flow-validation.d.ts +21 -0
  13. package/dist/checks/business/listing-submission-flow-validation.d.ts.map +1 -0
  14. package/dist/checks/business/listing-submission-flow-validation.js +394 -0
  15. package/dist/checks/business/listing-submission-flow-validation.js.map +1 -0
  16. package/dist/checks/business/multi-user-sync-validation.d.ts +21 -0
  17. package/dist/checks/business/multi-user-sync-validation.d.ts.map +1 -0
  18. package/dist/checks/business/multi-user-sync-validation.js +383 -0
  19. package/dist/checks/business/multi-user-sync-validation.js.map +1 -0
  20. package/dist/checks/consolidated/ui-spacing-standards.js +59 -0
  21. package/dist/checks/consolidated/ui-spacing-standards.js.map +1 -1
  22. package/dist/checks/data-integrity/catalog-image-protection-validation.d.ts +38 -0
  23. package/dist/checks/data-integrity/catalog-image-protection-validation.d.ts.map +1 -0
  24. package/dist/checks/data-integrity/catalog-image-protection-validation.js +368 -0
  25. package/dist/checks/data-integrity/catalog-image-protection-validation.js.map +1 -0
  26. package/dist/checks/data-integrity/image-url-validation.d.ts +22 -0
  27. package/dist/checks/data-integrity/image-url-validation.d.ts.map +1 -0
  28. package/dist/checks/data-integrity/image-url-validation.js +310 -0
  29. package/dist/checks/data-integrity/image-url-validation.js.map +1 -0
  30. package/dist/checks/database/query-performance-validation.d.ts +10 -0
  31. package/dist/checks/database/query-performance-validation.d.ts.map +1 -0
  32. package/dist/checks/database/query-performance-validation.js +544 -0
  33. package/dist/checks/database/query-performance-validation.js.map +1 -0
  34. package/dist/checks/performance/async-batch-concurrency.d.ts +10 -0
  35. package/dist/checks/performance/async-batch-concurrency.d.ts.map +1 -0
  36. package/dist/checks/performance/async-batch-concurrency.js +352 -0
  37. package/dist/checks/performance/async-batch-concurrency.js.map +1 -0
  38. package/dist/checks/react/react-patterns-validation.d.ts +10 -0
  39. package/dist/checks/react/react-patterns-validation.d.ts.map +1 -0
  40. package/dist/checks/react/react-patterns-validation.js +559 -0
  41. package/dist/checks/react/react-patterns-validation.js.map +1 -0
  42. package/dist/checks/security/deprecated-node-apis-validation.d.ts +31 -0
  43. package/dist/checks/security/deprecated-node-apis-validation.d.ts.map +1 -0
  44. package/dist/checks/security/deprecated-node-apis-validation.js +324 -0
  45. package/dist/checks/security/deprecated-node-apis-validation.js.map +1 -0
  46. package/dist/checks/security/security-headers-validation.d.ts +10 -0
  47. package/dist/checks/security/security-headers-validation.d.ts.map +1 -0
  48. package/dist/checks/security/security-headers-validation.js +594 -0
  49. package/dist/checks/security/security-headers-validation.js.map +1 -0
  50. package/dist/reporters/github-reporter.d.ts +35 -0
  51. package/dist/reporters/github-reporter.d.ts.map +1 -0
  52. package/dist/reporters/github-reporter.js +397 -0
  53. package/dist/reporters/github-reporter.js.map +1 -0
  54. package/dist/reporters/html-report.d.ts +12 -0
  55. package/dist/reporters/html-report.d.ts.map +1 -0
  56. package/dist/reporters/html-report.js +469 -0
  57. package/dist/reporters/html-report.js.map +1 -0
  58. package/dist/reporters/index.d.ts +8 -0
  59. package/dist/reporters/index.d.ts.map +1 -0
  60. package/dist/reporters/index.js +18 -0
  61. package/dist/reporters/index.js.map +1 -0
  62. package/package.json +1 -1
@@ -0,0 +1,324 @@
1
+ #!/usr/bin/env tsx
2
+ "use strict";
3
+ /**
4
+ * Deprecated Node.js APIs Validation Preflight
5
+ *
6
+ * Detects usage of deprecated Node.js APIs that have security implications:
7
+ *
8
+ * 1. url.parse() - DEP0169: Not standardized, prone to security errors
9
+ * CVEs are not issued for url.parse() vulnerabilities.
10
+ * Use: new URL() (WHATWG URL API) instead
11
+ *
12
+ * 2. Buffer() constructor - DEP0005: Can cause security issues
13
+ * Use: Buffer.from(), Buffer.alloc(), Buffer.allocUnsafe() instead
14
+ *
15
+ * 3. domain module - DEP0152: Deprecated, use async_hooks instead
16
+ *
17
+ * 4. punycode module - DEP0040: Use userland alternative instead
18
+ *
19
+ * 5. querystring module - DEP0019: Use URLSearchParams instead
20
+ *
21
+ * This preflight helps maintain security best practices and prevents
22
+ * usage of APIs that may have unpatched vulnerabilities.
23
+ */
24
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
25
+ if (k2 === undefined) k2 = k;
26
+ var desc = Object.getOwnPropertyDescriptor(m, k);
27
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
28
+ desc = { enumerable: true, get: function() { return m[k]; } };
29
+ }
30
+ Object.defineProperty(o, k2, desc);
31
+ }) : (function(o, m, k, k2) {
32
+ if (k2 === undefined) k2 = k;
33
+ o[k2] = m[k];
34
+ }));
35
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
36
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
37
+ }) : function(o, v) {
38
+ o["default"] = v;
39
+ });
40
+ var __importStar = (this && this.__importStar) || (function () {
41
+ var ownKeys = function(o) {
42
+ ownKeys = Object.getOwnPropertyNames || function (o) {
43
+ var ar = [];
44
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
45
+ return ar;
46
+ };
47
+ return ownKeys(o);
48
+ };
49
+ return function (mod) {
50
+ if (mod && mod.__esModule) return mod;
51
+ var result = {};
52
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
53
+ __setModuleDefault(result, mod);
54
+ return result;
55
+ };
56
+ })();
57
+ Object.defineProperty(exports, "__esModule", { value: true });
58
+ exports.tags = exports.blocking = exports.category = exports.description = exports.name = exports.id = void 0;
59
+ exports.run = main;
60
+ const fs = __importStar(require("node:fs"));
61
+ const path = __importStar(require("node:path"));
62
+ const console_chars_1 = require("../../utils/console-chars");
63
+ const universal_progress_reporter_1 = require("../system/universal-progress-reporter");
64
+ // PREFLIGHT METADATA
65
+ exports.id = "security/deprecated-node-apis-validation";
66
+ exports.name = "Deprecated Node.js APIs Validation";
67
+ exports.description = "Detects deprecated Node.js APIs with security implications (url.parse, Buffer constructor, etc.)";
68
+ exports.category = "security";
69
+ exports.blocking = true;
70
+ exports.tags = ["security", "deprecated", "node", "api", "url.parse", "buffer"];
71
+ const TRADING_CARD_SYSTEM_PATH = path.resolve(__dirname, "../../../../trading-card-system");
72
+ // Directories to skip (node_modules, build outputs, etc.)
73
+ const SKIP_DIRS = new Set([
74
+ "node_modules",
75
+ ".next",
76
+ "dist",
77
+ "build",
78
+ ".git",
79
+ "coverage",
80
+ ".turbo",
81
+ ".vercel",
82
+ ".preflight-submissions",
83
+ ]);
84
+ // File extensions to check
85
+ const CHECK_EXTENSIONS = new Set([".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs"]);
86
+ // Deprecated APIs to detect
87
+ // Note: We focus on actual deprecated API calls, not imports of modules that have modern alternatives
88
+ const DEPRECATED_APIS = [
89
+ {
90
+ // CRITICAL: url.parse() has security vulnerabilities and CVEs are not issued
91
+ pattern: /\burl\.parse\s*\(/g,
92
+ api: "url.parse()",
93
+ severity: "error",
94
+ recommendation: "Use new URL() constructor instead. url.parse() has security vulnerabilities (DEP0169).",
95
+ },
96
+ {
97
+ // url.resolve() is also deprecated
98
+ pattern: /\burl\.resolve\s*\(/g,
99
+ api: "url.resolve()",
100
+ severity: "error",
101
+ recommendation: "Use new URL(relative, base) instead. url.resolve() is deprecated (DEP0169).",
102
+ },
103
+ {
104
+ // url.format() with legacy urlObject is deprecated
105
+ pattern: /\burl\.format\s*\(\s*\{/g,
106
+ api: "url.format({...})",
107
+ severity: "warning",
108
+ recommendation: "Use URL.toString() or construct URLs with new URL() instead.",
109
+ },
110
+ {
111
+ // new Buffer() is a security risk
112
+ pattern: /\bnew\s+Buffer\s*\(/g,
113
+ api: "new Buffer()",
114
+ severity: "error",
115
+ recommendation: "Use Buffer.from(), Buffer.alloc(), or Buffer.allocUnsafe() instead (DEP0005).",
116
+ },
117
+ {
118
+ // Domain module is deprecated
119
+ pattern: /\brequire\s*\(\s*['"]domain['"]\s*\)/g,
120
+ api: "require('domain')",
121
+ severity: "warning",
122
+ recommendation: "Domain module is deprecated (DEP0152). Use async_hooks for async context tracking.",
123
+ },
124
+ {
125
+ pattern: /\bfrom\s+['"]domain['"]/g,
126
+ api: "import from 'domain'",
127
+ severity: "warning",
128
+ recommendation: "Domain module is deprecated (DEP0152). Use async_hooks for async context tracking.",
129
+ },
130
+ {
131
+ // Punycode module is deprecated
132
+ pattern: /\brequire\s*\(\s*['"]punycode['"]\s*\)/g,
133
+ api: "require('punycode')",
134
+ severity: "warning",
135
+ recommendation: "Punycode module is deprecated (DEP0040). Use a userland package instead.",
136
+ },
137
+ {
138
+ // querystring.parse() is deprecated
139
+ pattern: /\bquerystring\.parse\s*\(/g,
140
+ api: "querystring.parse()",
141
+ severity: "warning",
142
+ recommendation: "Use URLSearchParams instead of querystring module.",
143
+ },
144
+ {
145
+ // querystring.stringify() is deprecated
146
+ pattern: /\bquerystring\.stringify\s*\(/g,
147
+ api: "querystring.stringify()",
148
+ severity: "warning",
149
+ recommendation: "Use URLSearchParams.toString() instead of querystring module.",
150
+ },
151
+ {
152
+ // querystring.escape() is deprecated
153
+ pattern: /\bquerystring\.escape\s*\(/g,
154
+ api: "querystring.escape()",
155
+ severity: "warning",
156
+ recommendation: "Use encodeURIComponent() instead.",
157
+ },
158
+ {
159
+ // querystring.unescape() is deprecated
160
+ pattern: /\bquerystring\.unescape\s*\(/g,
161
+ api: "querystring.unescape()",
162
+ severity: "warning",
163
+ recommendation: "Use decodeURIComponent() instead.",
164
+ },
165
+ ];
166
+ // Note: We intentionally do NOT flag:
167
+ // - import { fileURLToPath } from 'url' - this is a modern API
168
+ // - import { URL } from 'url' - this is the WHATWG URL API
169
+ // - require('url') when only using modern APIs
170
+ // The issue is specifically with url.parse(), url.resolve(), and url.format() with legacy objects
171
+ function getAllFiles(dir, files = []) {
172
+ try {
173
+ const entries = fs.readdirSync(dir, { withFileTypes: true });
174
+ for (const entry of entries) {
175
+ if (SKIP_DIRS.has(entry.name)) {
176
+ continue;
177
+ }
178
+ const fullPath = path.join(dir, entry.name);
179
+ if (entry.isDirectory()) {
180
+ getAllFiles(fullPath, files);
181
+ }
182
+ else if (entry.isFile() && CHECK_EXTENSIONS.has(path.extname(entry.name))) {
183
+ files.push(fullPath);
184
+ }
185
+ }
186
+ }
187
+ catch {
188
+ // Ignore permission errors
189
+ }
190
+ return files;
191
+ }
192
+ function checkFile(filePath) {
193
+ const usages = [];
194
+ try {
195
+ const content = fs.readFileSync(filePath, "utf8");
196
+ const lines = content.split("\n");
197
+ const relativePath = path.relative(TRADING_CARD_SYSTEM_PATH, filePath);
198
+ for (let i = 0; i < lines.length; i++) {
199
+ const line = lines[i] || "";
200
+ const lineNumber = i + 1;
201
+ // Skip comments
202
+ const trimmedLine = line.trim();
203
+ if (trimmedLine.startsWith("//") || trimmedLine.startsWith("*") || trimmedLine.startsWith("/*")) {
204
+ continue;
205
+ }
206
+ for (const api of DEPRECATED_APIS) {
207
+ // Reset regex state
208
+ api.pattern.lastIndex = 0;
209
+ if (api.pattern.test(line)) {
210
+ usages.push({
211
+ file: relativePath,
212
+ line: lineNumber,
213
+ api: api.api,
214
+ code: trimmedLine.substring(0, 100) + (trimmedLine.length > 100 ? "..." : ""),
215
+ severity: api.severity,
216
+ recommendation: api.recommendation,
217
+ });
218
+ }
219
+ }
220
+ }
221
+ }
222
+ catch {
223
+ // Ignore read errors
224
+ }
225
+ return usages;
226
+ }
227
+ async function main() {
228
+ const reporter = (0, universal_progress_reporter_1.createUniversalProgressReporter)(exports.name);
229
+ console.log(`\n${console_chars_1.emoji.rocket} DEPRECATED NODE.JS APIs VALIDATION PREFLIGHT`);
230
+ console.log((0, console_chars_1.createDivider)(60, "heavy"));
231
+ console.log(`${console_chars_1.emoji.info} Scanning for deprecated Node.js APIs with security implications...\n`);
232
+ // Get all files to check
233
+ console.log(`${console_chars_1.emoji.folder} Scanning source files...`);
234
+ const files = getAllFiles(TRADING_CARD_SYSTEM_PATH);
235
+ console.log(` Found ${files.length} source files to check\n`);
236
+ // Check each file
237
+ const allUsages = [];
238
+ let filesChecked = 0;
239
+ for (const file of files) {
240
+ const usages = checkFile(file);
241
+ allUsages.push(...usages);
242
+ filesChecked++;
243
+ }
244
+ // Group usages by severity
245
+ const errors = allUsages.filter((u) => u.severity === "error");
246
+ const warnings = allUsages.filter((u) => u.severity === "warning");
247
+ // Report findings
248
+ if (allUsages.length > 0) {
249
+ console.log(`${console_chars_1.emoji.folder} Deprecated API usages found:\n`);
250
+ // Report errors first
251
+ if (errors.length > 0) {
252
+ console.log(`${console_chars_1.emoji.error} CRITICAL - Security-sensitive deprecated APIs:`);
253
+ for (const usage of errors) {
254
+ console.log(` ${console_chars_1.emoji.error} ${usage.api} in ${usage.file}:${usage.line}`);
255
+ console.log(` Code: ${usage.code}`);
256
+ console.log(` ${console_chars_1.emoji.hint} ${usage.recommendation}\n`);
257
+ }
258
+ }
259
+ // Then warnings
260
+ if (warnings.length > 0) {
261
+ console.log(`${console_chars_1.emoji.warning} WARNINGS - Deprecated APIs (may cause issues):`);
262
+ for (const usage of warnings) {
263
+ console.log(` ${console_chars_1.emoji.warning} ${usage.api} in ${usage.file}:${usage.line}`);
264
+ console.log(` ${console_chars_1.emoji.hint} ${usage.recommendation}\n`);
265
+ }
266
+ }
267
+ }
268
+ else {
269
+ console.log(`${console_chars_1.emoji.success} No deprecated API usages found in source code.\n`);
270
+ }
271
+ // Note about dependencies
272
+ console.log(`${console_chars_1.emoji.info} Note: Deprecation warnings from dependencies (node_modules) are not scanned.`);
273
+ console.log(` If you see DEP0169 warnings at runtime, check these common culprits:`);
274
+ console.log(` - nodemailer (may use url.parse internally)`);
275
+ console.log(` - sendgrid (may use url.parse internally)`);
276
+ console.log(` - older versions of next-auth`);
277
+ console.log(` - other email/HTTP client libraries`);
278
+ console.log(` Update these packages when newer versions are available.\n`);
279
+ // Summary
280
+ console.log((0, console_chars_1.createDivider)(60, "heavy"));
281
+ console.log(`${console_chars_1.emoji.chart} VALIDATION SUMMARY`);
282
+ console.log((0, console_chars_1.createDivider)(60, "heavy"));
283
+ console.log(`${console_chars_1.emoji.success} Files checked: ${filesChecked}`);
284
+ if (errors.length > 0) {
285
+ console.log(`${console_chars_1.emoji.error} Critical issues: ${errors.length}`);
286
+ }
287
+ if (warnings.length > 0) {
288
+ console.log(`${console_chars_1.emoji.warning} Warnings: ${warnings.length}`);
289
+ }
290
+ reporter.showSummary({
291
+ filesProcessed: filesChecked,
292
+ issuesFound: allUsages.length,
293
+ errors: errors.length,
294
+ warnings: warnings.length,
295
+ });
296
+ console.log((0, console_chars_1.createDivider)(60, "heavy"));
297
+ if (errors.length > 0) {
298
+ console.log(`\n${console_chars_1.emoji.error} DEPRECATED NODE.JS APIs VALIDATION FAILED`);
299
+ console.log(`\n${console_chars_1.emoji.info} Critical deprecated APIs found with security implications.`);
300
+ console.log(`\n${console_chars_1.emoji.hint} To fix:`);
301
+ console.log(` - Replace url.parse() with new URL()`);
302
+ console.log(` - Replace new Buffer() with Buffer.from()/Buffer.alloc()`);
303
+ console.log(` - See recommendations above for each issue`);
304
+ process.exit(1);
305
+ }
306
+ else if (warnings.length > 0) {
307
+ console.log(`\n${console_chars_1.emoji.warning} DEPRECATED NODE.JS APIs VALIDATION PASSED WITH WARNINGS`);
308
+ console.log(`\n${console_chars_1.emoji.info} Consider updating deprecated APIs to prevent future issues.`);
309
+ process.exit(0);
310
+ }
311
+ else {
312
+ console.log(`\n${console_chars_1.emoji.success} DEPRECATED NODE.JS APIs VALIDATION PASSED`);
313
+ console.log(`\n${console_chars_1.emoji.info} No deprecated APIs detected in source code.`);
314
+ process.exit(0);
315
+ }
316
+ }
317
+ // Run if called directly
318
+ if (require.main === module) {
319
+ main().catch((error) => {
320
+ console.error(`${console_chars_1.emoji.error} Fatal error:`, error);
321
+ process.exit(1);
322
+ });
323
+ }
324
+ //# sourceMappingURL=deprecated-node-apis-validation.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"deprecated-node-apis-validation.js","sourceRoot":"","sources":["../../../src/checks/security/deprecated-node-apis-validation.ts"],"names":[],"mappings":";;AACA;;;;;;;;;;;;;;;;;;;;GAoBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmTc,mBAAG;AAjTpB,4CAA8B;AAC9B,gDAAkC;AAClC,6DAAiE;AACjE,uFAAwF;AAExF,qBAAqB;AAER,QAAA,EAAE,GAAG,0CAA0C,CAAC;AAChD,QAAA,IAAI,GAAG,oCAAoC,CAAC;AAC5C,QAAA,WAAW,GACtB,kGAAkG,CAAC;AACxF,QAAA,QAAQ,GAAG,UAAU,CAAC;AACtB,QAAA,QAAQ,GAAG,IAAI,CAAC;AAChB,QAAA,IAAI,GAAG,CAAC,UAAU,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;AAarF,MAAM,wBAAwB,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,iCAAiC,CAAC,CAAC;AAE5F,0DAA0D;AAC1D,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC;IACxB,cAAc;IACd,OAAO;IACP,MAAM;IACN,OAAO;IACP,MAAM;IACN,UAAU;IACV,QAAQ;IACR,SAAS;IACT,wBAAwB;CACzB,CAAC,CAAC;AAEH,2BAA2B;AAC3B,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AAEjF,4BAA4B;AAC5B,sGAAsG;AACtG,MAAM,eAAe,GAAG;IACtB;QACE,6EAA6E;QAC7E,OAAO,EAAE,oBAAoB;QAC7B,GAAG,EAAE,aAAa;QAClB,QAAQ,EAAE,OAAgB;QAC1B,cAAc,EAAE,wFAAwF;KACzG;IACD;QACE,mCAAmC;QACnC,OAAO,EAAE,sBAAsB;QAC/B,GAAG,EAAE,eAAe;QACpB,QAAQ,EAAE,OAAgB;QAC1B,cAAc,EAAE,6EAA6E;KAC9F;IACD;QACE,mDAAmD;QACnD,OAAO,EAAE,0BAA0B;QACnC,GAAG,EAAE,mBAAmB;QACxB,QAAQ,EAAE,SAAkB;QAC5B,cAAc,EAAE,8DAA8D;KAC/E;IACD;QACE,kCAAkC;QAClC,OAAO,EAAE,sBAAsB;QAC/B,GAAG,EAAE,cAAc;QACnB,QAAQ,EAAE,OAAgB;QAC1B,cAAc,EAAE,+EAA+E;KAChG;IACD;QACE,8BAA8B;QAC9B,OAAO,EAAE,uCAAuC;QAChD,GAAG,EAAE,mBAAmB;QACxB,QAAQ,EAAE,SAAkB;QAC5B,cAAc,EAAE,oFAAoF;KACrG;IACD;QACE,OAAO,EAAE,0BAA0B;QACnC,GAAG,EAAE,sBAAsB;QAC3B,QAAQ,EAAE,SAAkB;QAC5B,cAAc,EAAE,oFAAoF;KACrG;IACD;QACE,gCAAgC;QAChC,OAAO,EAAE,yCAAyC;QAClD,GAAG,EAAE,qBAAqB;QAC1B,QAAQ,EAAE,SAAkB;QAC5B,cAAc,EAAE,0EAA0E;KAC3F;IACD;QACE,oCAAoC;QACpC,OAAO,EAAE,4BAA4B;QACrC,GAAG,EAAE,qBAAqB;QAC1B,QAAQ,EAAE,SAAkB;QAC5B,cAAc,EAAE,oDAAoD;KACrE;IACD;QACE,wCAAwC;QACxC,OAAO,EAAE,gCAAgC;QACzC,GAAG,EAAE,yBAAyB;QAC9B,QAAQ,EAAE,SAAkB;QAC5B,cAAc,EAAE,+DAA+D;KAChF;IACD;QACE,qCAAqC;QACrC,OAAO,EAAE,6BAA6B;QACtC,GAAG,EAAE,sBAAsB;QAC3B,QAAQ,EAAE,SAAkB;QAC5B,cAAc,EAAE,mCAAmC;KACpD;IACD;QACE,uCAAuC;QACvC,OAAO,EAAE,+BAA+B;QACxC,GAAG,EAAE,wBAAwB;QAC7B,QAAQ,EAAE,SAAkB;QAC5B,cAAc,EAAE,mCAAmC;KACpD;CACF,CAAC;AAEF,sCAAsC;AACtC,+DAA+D;AAC/D,2DAA2D;AAC3D,+CAA+C;AAC/C,kGAAkG;AAElG,SAAS,WAAW,CAAC,GAAW,EAAE,QAAkB,EAAE;IACpD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAE7D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9B,SAAS;YACX,CAAC;YAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAE5C,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,WAAW,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YAC/B,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;gBAC5E,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;IAC7B,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,SAAS,CAAC,QAAgB;IACjC,MAAM,MAAM,GAAyB,EAAE,CAAC;IAExC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,wBAAwB,EAAE,QAAQ,CAAC,CAAC;QAEvE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5B,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,CAAC;YAEzB,gBAAgB;YAChB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChG,SAAS;YACX,CAAC;YAED,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;gBAClC,oBAAoB;gBACpB,GAAG,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;gBAE1B,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC3B,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,YAAY;wBAClB,IAAI,EAAE,UAAU;wBAChB,GAAG,EAAE,GAAG,CAAC,GAAG;wBACZ,IAAI,EAAE,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;wBAC7E,QAAQ,EAAE,GAAG,CAAC,QAAQ;wBACtB,cAAc,EAAE,GAAG,CAAC,cAAc;qBACnC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,qBAAqB;IACvB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,QAAQ,GAAG,IAAA,6DAA+B,EAAC,YAAI,CAAC,CAAC;IACvD,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,MAAM,+CAA+C,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,IAAI,uEAAuE,CAAC,CAAC;IAElG,yBAAyB;IACzB,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,MAAM,2BAA2B,CAAC,CAAC;IACxD,MAAM,KAAK,GAAG,WAAW,CAAC,wBAAwB,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,MAAM,0BAA0B,CAAC,CAAC;IAE/D,kBAAkB;IAClB,MAAM,SAAS,GAAyB,EAAE,CAAC;IAC3C,IAAI,YAAY,GAAG,CAAC,CAAC;IAErB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;QAC/B,SAAS,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC;QAC1B,YAAY,EAAE,CAAC;IACjB,CAAC;IAED,2BAA2B;IAC3B,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;IAEnE,kBAAkB;IAClB,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,MAAM,iCAAiC,CAAC,CAAC;QAE9D,sBAAsB;QACtB,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,KAAK,iDAAiD,CAAC,CAAC;YAC7E,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,IAAI,KAAK,CAAC,GAAG,OAAO,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC5E,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;gBACxC,OAAO,CAAC,GAAG,CAAC,QAAQ,qBAAK,CAAC,IAAI,IAAI,KAAK,CAAC,cAAc,IAAI,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QAED,gBAAgB;QAChB,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,OAAO,iDAAiD,CAAC,CAAC;YAC/E,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;gBAC7B,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,IAAI,KAAK,CAAC,GAAG,OAAO,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC9E,OAAO,CAAC,GAAG,CAAC,QAAQ,qBAAK,CAAC,IAAI,IAAI,KAAK,CAAC,cAAc,IAAI,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,OAAO,mDAAmD,CAAC,CAAC;IACnF,CAAC;IAED,0BAA0B;IAC1B,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,IAAI,+EAA+E,CAAC,CAAC;IAC1G,OAAO,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAC;IACtF,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;IAC7D,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;IAC3D,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;IAE5E,UAAU;IACV,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,KAAK,qBAAqB,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IAExC,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,OAAO,mBAAmB,YAAY,EAAE,CAAC,CAAC;IAC/D,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,KAAK,qBAAqB,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAClE,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,OAAO,cAAc,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,QAAQ,CAAC,WAAW,CAAC;QACnB,cAAc,EAAE,YAAY;QAC5B,WAAW,EAAE,SAAS,CAAC,MAAM;QAC7B,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,QAAQ,EAAE,QAAQ,CAAC,MAAM;KAC1B,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IAExC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,4CAA4C,CAAC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,IAAI,6DAA6D,CAAC,CAAC;QAC1F,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,IAAI,UAAU,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;QACtD,OAAO,CAAC,GAAG,CAAC,4DAA4D,CAAC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;QAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;SAAM,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,0DAA0D,CAAC,CAAC;QAC1F,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,IAAI,8DAA8D,CAAC,CAAC;QAC3F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,4CAA4C,CAAC,CAAC;QAC5E,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,IAAI,8CAA8C,CAAC,CAAC;QAC3E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,yBAAyB;AACzB,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;IAC5B,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;QACrB,OAAO,CAAC,KAAK,CAAC,GAAG,qBAAK,CAAC,KAAK,eAAe,EAAE,KAAK,CAAC,CAAC;QACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,10 @@
1
+ #!/usr/bin/env node
2
+ import { PreflightCheckResult } from "../../core/types";
3
+ export declare const id = "security/security-headers-validation";
4
+ export declare const name = "Security Headers Validation";
5
+ export declare const description = "Validates security headers, cookies, SRI, CORS, and OWASP best practices";
6
+ export declare const category = "security";
7
+ export declare const blocking = true;
8
+ export declare const tags: string[];
9
+ export declare function run(): Promise<PreflightCheckResult>;
10
+ //# sourceMappingURL=security-headers-validation.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"security-headers-validation.d.ts","sourceRoot":"","sources":["../../../src/checks/security/security-headers-validation.ts"],"names":[],"mappings":";AAkCA,OAAO,EAAE,oBAAoB,EAAoB,MAAM,kBAAkB,CAAC;AAG1E,eAAO,MAAM,EAAE,yCAAyC,CAAC;AACzD,eAAO,MAAM,IAAI,gCAAgC,CAAC;AAClD,eAAO,MAAM,WAAW,6EAA6E,CAAC;AACtG,eAAO,MAAM,QAAQ,aAAa,CAAC;AACnC,eAAO,MAAM,QAAQ,OAAO,CAAC;AAC7B,eAAO,MAAM,IAAI,UAA6D,CAAC;AAye/E,wBAAsB,GAAG,IAAI,OAAO,CAAC,oBAAoB,CAAC,CAuCzD"}