@feiyoug/skill-lab 0.0.0 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +73 -0
- package/esm/analyzer/astgrep/client.d.ts +20 -8
- package/esm/analyzer/astgrep/client.d.ts.map +1 -1
- package/esm/analyzer/astgrep/client.js +58 -31
- package/esm/analyzer/config/default.d.ts +8 -0
- package/esm/analyzer/config/default.d.ts.map +1 -0
- package/esm/analyzer/config/default.js +91 -0
- package/esm/analyzer/config/helpers.d.ts +8 -0
- package/esm/analyzer/config/helpers.d.ts.map +1 -0
- package/esm/analyzer/config/helpers.js +72 -0
- package/esm/analyzer/config/mod.d.ts +4 -0
- package/esm/analyzer/config/mod.d.ts.map +1 -0
- package/esm/analyzer/config/mod.js +3 -0
- package/esm/analyzer/config/types.d.ts +58 -0
- package/esm/analyzer/config/types.d.ts.map +1 -0
- package/esm/analyzer/{config.js → config/types.js} +0 -28
- package/esm/analyzer/logging.d.ts +3 -0
- package/esm/analyzer/logging.d.ts.map +1 -0
- package/esm/analyzer/logging.js +6 -0
- package/esm/analyzer/mod.d.ts +12 -5
- package/esm/analyzer/mod.d.ts.map +1 -1
- package/esm/analyzer/mod.js +25 -12
- package/esm/analyzer/result.d.ts +35 -0
- package/esm/analyzer/result.d.ts.map +1 -0
- package/esm/analyzer/result.js +311 -0
- package/esm/analyzer/rules/bash/commands/mod.d.ts +1 -0
- package/esm/analyzer/rules/bash/commands/mod.d.ts.map +1 -1
- package/esm/analyzer/rules/bash/commands/mod.js +3 -0
- package/esm/analyzer/rules/bash/commands/pip.d.ts +3 -0
- package/esm/analyzer/rules/bash/commands/pip.d.ts.map +1 -0
- package/esm/analyzer/rules/bash/commands/pip.js +14 -0
- package/esm/analyzer/rules/bash/extractFileRefs.d.ts +1 -1
- package/esm/analyzer/rules/bash/extractFileRefs.d.ts.map +1 -1
- package/esm/analyzer/rules/bash/extractFileRefs.js +2 -2
- package/esm/analyzer/rules/bash/inline-command-classifier.d.ts +1 -1
- package/esm/analyzer/rules/bash/inline-command-classifier.d.ts.map +1 -1
- package/esm/analyzer/rules/bash/inline-command-classifier.js +4 -4
- package/esm/analyzer/rules/javascript/extractFileRefs.d.ts +3 -4
- package/esm/analyzer/rules/javascript/extractFileRefs.d.ts.map +1 -1
- package/esm/analyzer/rules/javascript/extractFileRefs.js +3 -4
- package/esm/analyzer/rules/markdown/extractCodeBlocks.d.ts.map +1 -1
- package/esm/analyzer/rules/markdown/extractCodeBlocks.js +6 -3
- package/esm/analyzer/rules/markdown/extractFileRefs.d.ts.map +1 -1
- package/esm/analyzer/rules/markdown/extractFileRefs.js +2 -0
- package/esm/analyzer/rules/python/extractFileRefs.d.ts +1 -1
- package/esm/analyzer/rules/python/extractFileRefs.d.ts.map +1 -1
- package/esm/analyzer/rules/python/extractFileRefs.js +2 -2
- package/esm/analyzer/steps/001-discovery/discover-files.d.ts +4 -0
- package/esm/analyzer/steps/001-discovery/discover-files.d.ts.map +1 -1
- package/esm/analyzer/steps/001-discovery/discover-files.js +18 -2
- package/esm/analyzer/steps/001-discovery/mod.d.ts.map +1 -1
- package/esm/analyzer/steps/001-discovery/mod.js +39 -9
- package/esm/analyzer/steps/002-permissions/mod.d.ts.map +1 -1
- package/esm/analyzer/steps/002-permissions/mod.js +156 -73
- package/esm/analyzer/steps/002-permissions/scan-file.d.ts +1 -1
- package/esm/analyzer/steps/002-permissions/scan-file.d.ts.map +1 -1
- package/esm/analyzer/steps/002-permissions/scan-file.js +40 -5
- package/esm/analyzer/steps/002-permissions/seed-frontmatter.js +2 -2
- package/esm/analyzer/steps/003-risks/dep-risks.d.ts +3 -0
- package/esm/analyzer/steps/003-risks/dep-risks.d.ts.map +1 -0
- package/esm/analyzer/steps/003-risks/dep-risks.js +74 -0
- package/esm/analyzer/steps/003-risks/helpers.d.ts +1 -0
- package/esm/analyzer/steps/003-risks/helpers.d.ts.map +1 -1
- package/esm/analyzer/steps/003-risks/helpers.js +1 -0
- package/esm/analyzer/steps/003-risks/mod.d.ts +3 -2
- package/esm/analyzer/steps/003-risks/mod.d.ts.map +1 -1
- package/esm/analyzer/steps/003-risks/mod.js +41 -4
- package/esm/analyzer/steps/003-risks/policy.d.ts +7 -0
- package/esm/analyzer/steps/003-risks/policy.d.ts.map +1 -0
- package/esm/analyzer/steps/003-risks/policy.js +23 -0
- package/esm/analyzer/steps/003-risks/rule-mapped.d.ts +2 -2
- package/esm/analyzer/steps/003-risks/rule-mapped.d.ts.map +1 -1
- package/esm/analyzer/steps/003-risks/rule-mapped.js +83 -2
- package/esm/analyzer/steps/003-risks/scoring.d.ts +9 -1
- package/esm/analyzer/steps/003-risks/scoring.d.ts.map +1 -1
- package/esm/analyzer/steps/003-risks/scoring.js +55 -42
- package/esm/analyzer/treesitter/client.d.ts +31 -0
- package/esm/analyzer/treesitter/client.d.ts.map +1 -0
- package/esm/analyzer/{treesiter → treesitter}/client.js +43 -39
- package/esm/analyzer/treesitter/registry.d.ts +73 -0
- package/esm/analyzer/treesitter/registry.d.ts.map +1 -0
- package/esm/analyzer/treesitter/registry.js +165 -0
- package/esm/analyzer/types.d.ts +14 -28
- package/esm/analyzer/types.d.ts.map +1 -1
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/deps.d.ts +3 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/deps.d.ts.map +1 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/deps.js +3 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/mod.d.ts +93 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/mod.d.ts.map +1 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/mod.js +297 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/multi.d.ts +84 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/multi.d.ts.map +1 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/multi.js +268 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/time.d.ts +18 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/time.d.ts.map +1 -0
- package/esm/deps/jsr.io/@deno-library/progress/1.5.1/time.js +45 -0
- package/esm/deps/jsr.io/@std/fmt/1.0.3/colors.d.ts +700 -0
- package/esm/deps/jsr.io/@std/fmt/1.0.3/colors.d.ts.map +1 -0
- package/esm/deps/jsr.io/@std/fmt/1.0.3/colors.js +903 -0
- package/esm/deps/jsr.io/@std/io/0.225.0/types.d.ts +146 -0
- package/esm/deps/jsr.io/@std/io/0.225.0/types.d.ts.map +1 -0
- package/esm/deps/jsr.io/@std/io/0.225.0/types.js +15 -0
- package/esm/deps/jsr.io/@std/io/0.225.0/write_all.d.ts +51 -0
- package/esm/deps/jsr.io/@std/io/0.225.0/write_all.d.ts.map +1 -0
- package/esm/deps/jsr.io/@std/io/0.225.0/write_all.js +61 -0
- package/esm/shared/deep_merge.d.ts +12 -0
- package/esm/shared/deep_merge.d.ts.map +1 -0
- package/esm/shared/deep_merge.js +49 -0
- package/esm/shared/mod.d.ts +1 -0
- package/esm/shared/mod.d.ts.map +1 -1
- package/esm/shared/mod.js +1 -0
- package/esm/shared/types/filetypes.d.ts +2 -2
- package/esm/shared/types/filetypes.d.ts.map +1 -1
- package/esm/shared/types/permissions.d.ts +1 -1
- package/esm/shared/types/permissions.d.ts.map +1 -1
- package/esm/shared/types/risks.d.ts +4 -1
- package/esm/shared/types/risks.d.ts.map +1 -1
- package/esm/skillreader/types.d.ts +2 -2
- package/esm/skillreader/types.d.ts.map +1 -1
- package/esm/skillreader/types.js +2 -2
- package/package.json +1 -1
- package/script/analyzer/astgrep/client.d.ts +20 -8
- package/script/analyzer/astgrep/client.d.ts.map +1 -1
- package/script/analyzer/astgrep/client.js +58 -64
- package/script/analyzer/config/default.d.ts +8 -0
- package/script/analyzer/config/default.d.ts.map +1 -0
- package/script/analyzer/config/default.js +94 -0
- package/script/analyzer/config/helpers.d.ts +8 -0
- package/script/analyzer/config/helpers.d.ts.map +1 -0
- package/script/analyzer/config/helpers.js +76 -0
- package/script/analyzer/config/mod.d.ts +4 -0
- package/script/analyzer/config/mod.d.ts.map +1 -0
- package/script/analyzer/config/mod.js +21 -0
- package/script/analyzer/config/types.d.ts +58 -0
- package/script/analyzer/config/types.d.ts.map +1 -0
- package/script/analyzer/{config.js → config/types.js} +1 -29
- package/script/analyzer/logging.d.ts +3 -0
- package/script/analyzer/logging.d.ts.map +1 -0
- package/script/analyzer/logging.js +9 -0
- package/script/analyzer/mod.d.ts +12 -5
- package/script/analyzer/mod.d.ts.map +1 -1
- package/script/analyzer/mod.js +35 -20
- package/script/analyzer/result.d.ts +35 -0
- package/script/analyzer/result.d.ts.map +1 -0
- package/script/analyzer/result.js +315 -0
- package/script/analyzer/rules/bash/commands/mod.d.ts +1 -0
- package/script/analyzer/rules/bash/commands/mod.d.ts.map +1 -1
- package/script/analyzer/rules/bash/commands/mod.js +3 -0
- package/script/analyzer/rules/bash/commands/pip.d.ts +3 -0
- package/script/analyzer/rules/bash/commands/pip.d.ts.map +1 -0
- package/script/analyzer/rules/bash/commands/pip.js +17 -0
- package/script/analyzer/rules/bash/extractFileRefs.d.ts +1 -1
- package/script/analyzer/rules/bash/extractFileRefs.d.ts.map +1 -1
- package/script/analyzer/rules/bash/extractFileRefs.js +2 -2
- package/script/analyzer/rules/bash/inline-command-classifier.d.ts +1 -1
- package/script/analyzer/rules/bash/inline-command-classifier.d.ts.map +1 -1
- package/script/analyzer/rules/bash/inline-command-classifier.js +4 -4
- package/script/analyzer/rules/javascript/extractFileRefs.d.ts +3 -4
- package/script/analyzer/rules/javascript/extractFileRefs.d.ts.map +1 -1
- package/script/analyzer/rules/javascript/extractFileRefs.js +3 -4
- package/script/analyzer/rules/markdown/extractCodeBlocks.d.ts.map +1 -1
- package/script/analyzer/rules/markdown/extractCodeBlocks.js +6 -3
- package/script/analyzer/rules/markdown/extractFileRefs.d.ts.map +1 -1
- package/script/analyzer/rules/markdown/extractFileRefs.js +2 -0
- package/script/analyzer/rules/python/extractFileRefs.d.ts +1 -1
- package/script/analyzer/rules/python/extractFileRefs.d.ts.map +1 -1
- package/script/analyzer/rules/python/extractFileRefs.js +2 -2
- package/script/analyzer/steps/001-discovery/discover-files.d.ts +4 -0
- package/script/analyzer/steps/001-discovery/discover-files.d.ts.map +1 -1
- package/script/analyzer/steps/001-discovery/discover-files.js +18 -2
- package/script/analyzer/steps/001-discovery/mod.d.ts.map +1 -1
- package/script/analyzer/steps/001-discovery/mod.js +77 -11
- package/script/analyzer/steps/002-permissions/mod.d.ts.map +1 -1
- package/script/analyzer/steps/002-permissions/mod.js +194 -75
- package/script/analyzer/steps/002-permissions/scan-file.d.ts +1 -1
- package/script/analyzer/steps/002-permissions/scan-file.d.ts.map +1 -1
- package/script/analyzer/steps/002-permissions/scan-file.js +40 -5
- package/script/analyzer/steps/002-permissions/seed-frontmatter.js +3 -3
- package/script/analyzer/steps/003-risks/dep-risks.d.ts +3 -0
- package/script/analyzer/steps/003-risks/dep-risks.d.ts.map +1 -0
- package/script/analyzer/steps/003-risks/dep-risks.js +77 -0
- package/script/analyzer/steps/003-risks/helpers.d.ts +1 -0
- package/script/analyzer/steps/003-risks/helpers.d.ts.map +1 -1
- package/script/analyzer/steps/003-risks/helpers.js +1 -0
- package/script/analyzer/steps/003-risks/mod.d.ts +3 -2
- package/script/analyzer/steps/003-risks/mod.d.ts.map +1 -1
- package/script/analyzer/steps/003-risks/mod.js +77 -4
- package/script/analyzer/steps/003-risks/policy.d.ts +7 -0
- package/script/analyzer/steps/003-risks/policy.d.ts.map +1 -0
- package/script/analyzer/steps/003-risks/policy.js +29 -0
- package/script/analyzer/steps/003-risks/rule-mapped.d.ts +2 -2
- package/script/analyzer/steps/003-risks/rule-mapped.d.ts.map +1 -1
- package/script/analyzer/steps/003-risks/rule-mapped.js +83 -2
- package/script/analyzer/steps/003-risks/scoring.d.ts +9 -1
- package/script/analyzer/steps/003-risks/scoring.d.ts.map +1 -1
- package/script/analyzer/steps/003-risks/scoring.js +55 -42
- package/script/analyzer/treesitter/client.d.ts +31 -0
- package/script/analyzer/treesitter/client.d.ts.map +1 -0
- package/script/analyzer/treesitter/client.js +136 -0
- package/script/analyzer/treesitter/registry.d.ts +73 -0
- package/script/analyzer/treesitter/registry.d.ts.map +1 -0
- package/script/analyzer/treesitter/registry.js +206 -0
- package/script/analyzer/types.d.ts +14 -28
- package/script/analyzer/types.d.ts.map +1 -1
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/deps.d.ts +3 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/deps.d.ts.map +1 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/deps.js +10 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/mod.d.ts +93 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/mod.d.ts.map +1 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/mod.js +334 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/multi.d.ts +84 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/multi.d.ts.map +1 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/multi.js +305 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/time.d.ts +18 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/time.d.ts.map +1 -0
- package/script/deps/jsr.io/@deno-library/progress/1.5.1/time.js +48 -0
- package/script/deps/jsr.io/@std/fmt/1.0.3/colors.d.ts +700 -0
- package/script/deps/jsr.io/@std/fmt/1.0.3/colors.d.ts.map +1 -0
- package/script/deps/jsr.io/@std/fmt/1.0.3/colors.js +986 -0
- package/script/deps/jsr.io/@std/io/0.225.0/types.d.ts +146 -0
- package/script/deps/jsr.io/@std/io/0.225.0/types.d.ts.map +1 -0
- package/script/deps/jsr.io/@std/io/0.225.0/types.js +18 -0
- package/script/deps/jsr.io/@std/io/0.225.0/write_all.d.ts +51 -0
- package/script/deps/jsr.io/@std/io/0.225.0/write_all.d.ts.map +1 -0
- package/script/deps/jsr.io/@std/io/0.225.0/write_all.js +65 -0
- package/script/shared/deep_merge.d.ts +12 -0
- package/script/shared/deep_merge.d.ts.map +1 -0
- package/script/shared/deep_merge.js +53 -0
- package/script/shared/mod.d.ts +1 -0
- package/script/shared/mod.d.ts.map +1 -1
- package/script/shared/mod.js +1 -0
- package/script/shared/types/filetypes.d.ts +2 -2
- package/script/shared/types/filetypes.d.ts.map +1 -1
- package/script/shared/types/permissions.d.ts +1 -1
- package/script/shared/types/permissions.d.ts.map +1 -1
- package/script/shared/types/risks.d.ts +4 -1
- package/script/shared/types/risks.d.ts.map +1 -1
- package/script/skillreader/types.d.ts +2 -2
- package/script/skillreader/types.d.ts.map +1 -1
- package/script/skillreader/types.js +2 -2
- package/src/_dnt.polyfills.ts +27 -0
- package/src/_dnt.shims.ts +64 -0
- package/src/analyzer/astgrep/client.ts +184 -0
- package/src/analyzer/astgrep/mod.ts +2 -0
- package/src/analyzer/config/default.ts +98 -0
- package/src/analyzer/config/helpers.ts +107 -0
- package/src/analyzer/config/mod.ts +3 -0
- package/src/analyzer/config/types.ts +103 -0
- package/src/analyzer/logging.ts +8 -0
- package/src/analyzer/mod.ts +118 -0
- package/src/analyzer/result.ts +393 -0
- package/src/analyzer/rules/bash/astTypes.ts +5 -0
- package/src/analyzer/rules/bash/commands/bd.ts +23 -0
- package/src/analyzer/rules/bash/commands/cron.ts +21 -0
- package/src/analyzer/rules/bash/commands/docker.ts +37 -0
- package/src/analyzer/rules/bash/commands/eval.ts +52 -0
- package/src/analyzer/rules/bash/commands/generic.ts +16 -0
- package/src/analyzer/rules/bash/commands/gh.ts +21 -0
- package/src/analyzer/rules/bash/commands/git.ts +28 -0
- package/src/analyzer/rules/bash/commands/mod.ts +38 -0
- package/src/analyzer/rules/bash/commands/node.ts +64 -0
- package/src/analyzer/rules/bash/commands/openspec.ts +16 -0
- package/src/analyzer/rules/bash/commands/pip.ts +16 -0
- package/src/analyzer/rules/bash/commands/sudo.ts +21 -0
- package/src/analyzer/rules/bash/destructive.ts +28 -0
- package/src/analyzer/rules/bash/extractFileRefs.ts +101 -0
- package/src/analyzer/rules/bash/filesystem.ts +50 -0
- package/src/analyzer/rules/bash/injection.ts +21 -0
- package/src/analyzer/rules/bash/inline-command-classifier.ts +94 -0
- package/src/analyzer/rules/bash/mod.ts +23 -0
- package/src/analyzer/rules/bash/network.ts +64 -0
- package/src/analyzer/rules/bash/secret-detection.ts +43 -0
- package/src/analyzer/rules/javascript/astTypes.ts +8 -0
- package/src/analyzer/rules/javascript/extractFileRefs.ts +131 -0
- package/src/analyzer/rules/javascript/filesystem.ts +28 -0
- package/src/analyzer/rules/javascript/injection.ts +21 -0
- package/src/analyzer/rules/javascript/mod.ts +26 -0
- package/src/analyzer/rules/javascript/network.ts +27 -0
- package/src/analyzer/rules/javascript/secret-detection.ts +68 -0
- package/src/analyzer/rules/javascript/subprocess.ts +16 -0
- package/src/analyzer/rules/markdown/astTypes.ts +35 -0
- package/src/analyzer/rules/markdown/extractCodeBlocks.ts +101 -0
- package/src/analyzer/rules/markdown/extractFileRefs.ts +179 -0
- package/src/analyzer/rules/markdown/mod.ts +12 -0
- package/src/analyzer/rules/mod.ts +77 -0
- package/src/analyzer/rules/python/astTypes.ts +9 -0
- package/src/analyzer/rules/python/extractFileRefs.ts +92 -0
- package/src/analyzer/rules/python/mod.ts +15 -0
- package/src/analyzer/rules/python/network.ts +26 -0
- package/src/analyzer/rules/python/secret-detection.ts +30 -0
- package/src/analyzer/rules/shared/file-refs.ts +38 -0
- package/src/analyzer/rules/shared/network-evaluators.ts +107 -0
- package/src/analyzer/rules/shared/prompt-injection.ts +48 -0
- package/src/analyzer/rules/shared/secret-evaluators.ts +13 -0
- package/src/analyzer/rules/text/mod.ts +12 -0
- package/src/analyzer/rules/typescript/mod.ts +7 -0
- package/src/analyzer/steps/001-discovery/discover-files.ts +211 -0
- package/src/analyzer/steps/001-discovery/filter-files.ts +72 -0
- package/src/analyzer/steps/001-discovery/mod.ts +103 -0
- package/src/analyzer/steps/002-permissions/mod.ts +329 -0
- package/src/analyzer/steps/002-permissions/scan-file.ts +258 -0
- package/src/analyzer/steps/002-permissions/seed-frontmatter.ts +66 -0
- package/src/analyzer/steps/002-permissions/synthesize.ts +42 -0
- package/src/analyzer/steps/003-risks/dep-risks.ts +89 -0
- package/src/analyzer/steps/003-risks/helpers.ts +41 -0
- package/src/analyzer/steps/003-risks/mod.ts +86 -0
- package/src/analyzer/steps/003-risks/policy.ts +38 -0
- package/src/analyzer/steps/003-risks/rule-mapped.ts +206 -0
- package/src/analyzer/steps/003-risks/scoring.ts +117 -0
- package/src/analyzer/steps/mod.ts +3 -0
- package/src/analyzer/treesitter/client.ts +120 -0
- package/src/analyzer/treesitter/registry.ts +198 -0
- package/src/analyzer/types.ts +78 -0
- package/src/analyzer/utils/code-block-path.ts +33 -0
- package/src/analyzer/utils/id-generator.ts +59 -0
- package/src/analyzer/utils/secret-validator.ts +29 -0
- package/src/analyzer/utils/url-parser.ts +25 -0
- package/src/deps/jsr.io/@deno-library/progress/1.5.1/deps.ts +3 -0
- package/src/deps/jsr.io/@deno-library/progress/1.5.1/mod.ts +265 -0
- package/src/deps/jsr.io/@deno-library/progress/1.5.1/multi.ts +250 -0
- package/src/deps/jsr.io/@deno-library/progress/1.5.1/time.ts +69 -0
- package/src/deps/jsr.io/@std/fmt/1.0.3/colors.ts +1004 -0
- package/src/deps/jsr.io/@std/internal/1.0.12/_os.ts +15 -0
- package/src/deps/jsr.io/@std/internal/1.0.12/os.ts +7 -0
- package/src/deps/jsr.io/@std/io/0.225.0/types.ts +157 -0
- package/src/deps/jsr.io/@std/io/0.225.0/write_all.ts +65 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/assert_path.ts +10 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/basename.ts +53 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/common.ts +26 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/constants.ts +49 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/dirname.ts +9 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/format.ts +25 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/from_file_url.ts +12 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/glob_to_reg_exp.ts +295 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/normalize.ts +9 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/normalize_string.ts +74 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/relative.ts +10 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/strip_trailing_separators.ts +25 -0
- package/src/deps/jsr.io/@std/path/1.1.4/_common/to_file_url.ts +17 -0
- package/src/deps/jsr.io/@std/path/1.1.4/basename.ts +37 -0
- package/src/deps/jsr.io/@std/path/1.1.4/common.ts +35 -0
- package/src/deps/jsr.io/@std/path/1.1.4/constants.ts +18 -0
- package/src/deps/jsr.io/@std/path/1.1.4/dirname.ts +30 -0
- package/src/deps/jsr.io/@std/path/1.1.4/extname.ts +29 -0
- package/src/deps/jsr.io/@std/path/1.1.4/format.ts +30 -0
- package/src/deps/jsr.io/@std/path/1.1.4/from_file_url.ts +30 -0
- package/src/deps/jsr.io/@std/path/1.1.4/glob_to_regexp.ts +94 -0
- package/src/deps/jsr.io/@std/path/1.1.4/is_absolute.ts +30 -0
- package/src/deps/jsr.io/@std/path/1.1.4/is_glob.ts +49 -0
- package/src/deps/jsr.io/@std/path/1.1.4/join.ts +31 -0
- package/src/deps/jsr.io/@std/path/1.1.4/join_globs.ts +42 -0
- package/src/deps/jsr.io/@std/path/1.1.4/mod.ts +217 -0
- package/src/deps/jsr.io/@std/path/1.1.4/normalize.ts +33 -0
- package/src/deps/jsr.io/@std/path/1.1.4/normalize_glob.ts +45 -0
- package/src/deps/jsr.io/@std/path/1.1.4/parse.ts +44 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/_util.ts +10 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/basename.ts +62 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/constants.ts +15 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/dirname.ts +72 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/extname.ts +96 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/format.ts +31 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/from_file_url.ts +25 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/glob_to_regexp.ts +94 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/is_absolute.ts +25 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/join.ts +46 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/join_globs.ts +45 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/normalize.ts +63 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/normalize_glob.ts +43 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/parse.ts +121 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/relative.ts +103 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/resolve.ts +71 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/to_file_url.ts +32 -0
- package/src/deps/jsr.io/@std/path/1.1.4/posix/to_namespaced_path.ts +21 -0
- package/src/deps/jsr.io/@std/path/1.1.4/relative.ts +32 -0
- package/src/deps/jsr.io/@std/path/1.1.4/resolve.ts +32 -0
- package/src/deps/jsr.io/@std/path/1.1.4/to_file_url.ts +30 -0
- package/src/deps/jsr.io/@std/path/1.1.4/to_namespaced_path.ts +31 -0
- package/src/deps/jsr.io/@std/path/1.1.4/types.ts +40 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/_util.ts +28 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/basename.ts +54 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/constants.ts +15 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/dirname.ts +118 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/extname.ts +90 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/format.ts +31 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/from_file_url.ts +34 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/glob_to_regexp.ts +92 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/is_absolute.ts +40 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/join.ts +78 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/join_globs.ts +46 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/normalize.ts +136 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/normalize_glob.ts +43 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/parse.ts +184 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/relative.ts +128 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/resolve.ts +178 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/to_file_url.ts +38 -0
- package/src/deps/jsr.io/@std/path/1.1.4/windows/to_namespaced_path.ts +60 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_chars.ts +55 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_dumper_state.ts +841 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_loader_state.ts +1780 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_schema.ts +183 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/binary.ts +127 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/bool.ts +37 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/float.ts +112 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/int.ts +174 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/map.ts +17 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/merge.ts +13 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/nil.ts +27 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/omap.ts +30 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/pairs.ts +22 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/regexp.ts +33 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/seq.ts +13 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/set.ts +17 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/str.ts +12 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/timestamp.ts +101 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type/undefined.ts +23 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_type.ts +49 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/_utils.ts +16 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/mod.ts +54 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/parse.ts +128 -0
- package/src/deps/jsr.io/@std/yaml/1.0.11/stringify.ts +118 -0
- package/src/shared/deep_merge.ts +73 -0
- package/src/shared/mod.ts +2 -0
- package/src/shared/types/filetypes.ts +101 -0
- package/src/shared/types/findings.ts +7 -0
- package/src/shared/types/mod.ts +6 -0
- package/src/shared/types/permissions.ts +17 -0
- package/src/shared/types/references.ts +62 -0
- package/src/shared/types/risks.ts +72 -0
- package/src/shared/types/syntaxNode.ts +7 -0
- package/src/skillreader/cloudStorage/mod.ts +170 -0
- package/src/skillreader/factory.ts +71 -0
- package/src/skillreader/fs/git.ts +153 -0
- package/src/skillreader/fs/mod.ts +84 -0
- package/src/skillreader/github/base.ts +162 -0
- package/src/skillreader/github/githubApi.ts +40 -0
- package/src/skillreader/github/githubRaw.ts +24 -0
- package/src/skillreader/github/mod.ts +45 -0
- package/src/skillreader/github/utils.ts +40 -0
- package/src/skillreader/manifest.ts +67 -0
- package/src/skillreader/mod.ts +26 -0
- package/src/skillreader/types.ts +150 -0
- package/src/skillreader/utils/frontmatter-parser.ts +72 -0
- package/src/skillreader/utils/http-range.ts +38 -0
- package/src/skillreader/utils/mod.ts +12 -0
- package/esm/analyzer/astgrep/registry.d.ts +0 -18
- package/esm/analyzer/astgrep/registry.d.ts.map +0 -1
- package/esm/analyzer/astgrep/registry.js +0 -71
- package/esm/analyzer/config.d.ts +0 -27
- package/esm/analyzer/config.d.ts.map +0 -1
- package/esm/analyzer/steps/003-risks/output.d.ts +0 -3
- package/esm/analyzer/steps/003-risks/output.d.ts.map +0 -1
- package/esm/analyzer/steps/003-risks/output.js +0 -16
- package/esm/analyzer/treesiter/client.d.ts +0 -26
- package/esm/analyzer/treesiter/client.d.ts.map +0 -1
- package/script/analyzer/astgrep/registry.d.ts +0 -18
- package/script/analyzer/astgrep/registry.d.ts.map +0 -1
- package/script/analyzer/astgrep/registry.js +0 -109
- package/script/analyzer/config.d.ts +0 -27
- package/script/analyzer/config.d.ts.map +0 -1
- package/script/analyzer/steps/003-risks/output.d.ts +0 -3
- package/script/analyzer/steps/003-risks/output.d.ts.map +0 -1
- package/script/analyzer/steps/003-risks/output.js +0 -19
- package/script/analyzer/treesiter/client.d.ts +0 -26
- package/script/analyzer/treesiter/client.d.ts.map +0 -1
- package/script/analyzer/treesiter/client.js +0 -165
package/script/analyzer/mod.js
CHANGED
|
@@ -1,16 +1,20 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.Analyzer = exports.DEFAULT_SKILL_VERSION = exports.
|
|
3
|
+
exports.Analyzer = exports.resolveConfig = exports.DEFAULT_SKILL_VERSION = exports.DEFAULT_ANALYZER_CONFIG = exports.SkillAnalyzerResult = void 0;
|
|
4
4
|
exports.runAnalysis = runAnalysis;
|
|
5
5
|
exports.createInitialState = createInitialState;
|
|
6
|
-
const
|
|
7
|
-
const
|
|
6
|
+
const mod_js_1 = require("./config/mod.js");
|
|
7
|
+
const logging_js_1 = require("./logging.js");
|
|
8
|
+
const mod_js_2 = require("./steps/mod.js");
|
|
8
9
|
const factory_js_1 = require("../skillreader/factory.js");
|
|
9
|
-
const client_js_1 = require("./
|
|
10
|
-
const
|
|
11
|
-
var
|
|
12
|
-
Object.defineProperty(exports, "
|
|
13
|
-
|
|
10
|
+
const client_js_1 = require("./treesitter/client.js");
|
|
11
|
+
const mod_js_3 = require("./astgrep/mod.js");
|
|
12
|
+
var result_js_1 = require("./result.js");
|
|
13
|
+
Object.defineProperty(exports, "SkillAnalyzerResult", { enumerable: true, get: function () { return result_js_1.SkillAnalyzerResult; } });
|
|
14
|
+
var mod_js_4 = require("./config/mod.js");
|
|
15
|
+
Object.defineProperty(exports, "DEFAULT_ANALYZER_CONFIG", { enumerable: true, get: function () { return mod_js_4.DEFAULT_ANALYZER_CONFIG; } });
|
|
16
|
+
Object.defineProperty(exports, "DEFAULT_SKILL_VERSION", { enumerable: true, get: function () { return mod_js_4.DEFAULT_SKILL_VERSION; } });
|
|
17
|
+
Object.defineProperty(exports, "resolveConfig", { enumerable: true, get: function () { return mod_js_4.resolveConfig; } });
|
|
14
18
|
class Analyzer {
|
|
15
19
|
analyze(input) {
|
|
16
20
|
return runAnalysis({
|
|
@@ -23,34 +27,48 @@ class Analyzer {
|
|
|
23
27
|
skillId: input.skillId,
|
|
24
28
|
skillVersionId: input.skillVersionId,
|
|
25
29
|
config: input.config,
|
|
30
|
+
logger: input.logger,
|
|
31
|
+
showProgressBar: input.showProgressBar,
|
|
26
32
|
});
|
|
27
33
|
}
|
|
28
34
|
}
|
|
29
35
|
exports.Analyzer = Analyzer;
|
|
30
36
|
async function runAnalysis(input) {
|
|
37
|
+
const config = (0, mod_js_1.resolveConfig)(input.config);
|
|
31
38
|
let state = createInitialState({
|
|
32
39
|
skillId: input.skillId,
|
|
33
40
|
skillVersionId: input.skillVersionId,
|
|
34
|
-
config
|
|
41
|
+
config,
|
|
35
42
|
});
|
|
36
43
|
const skillReader = await factory_js_1.SkillReaderFactory.create(input.options);
|
|
37
44
|
const validation = await skillReader.validate();
|
|
38
45
|
if (!validation.ok) {
|
|
39
46
|
throw new Error(validation.reason ?? "Invalid skill repository");
|
|
40
47
|
}
|
|
48
|
+
const logger = input.logger ?? logging_js_1.NO_OP_LOGGER;
|
|
49
|
+
const showProgressBar = input.showProgressBar ?? false;
|
|
41
50
|
const context = {
|
|
42
51
|
skillReader,
|
|
43
|
-
treesitterClient: new client_js_1.TreesitterClient(),
|
|
44
|
-
astgrepClient: new
|
|
52
|
+
treesitterClient: new client_js_1.TreesitterClient(logger, showProgressBar),
|
|
53
|
+
astgrepClient: new mod_js_3.AstGrepClient(logger, showProgressBar),
|
|
54
|
+
logger,
|
|
55
|
+
showProgressBar,
|
|
56
|
+
config,
|
|
45
57
|
};
|
|
46
|
-
state = await (0,
|
|
47
|
-
state = await (0,
|
|
48
|
-
return (0,
|
|
58
|
+
state = await (0, mod_js_2.run001Discovery)(state, context);
|
|
59
|
+
state = await (0, mod_js_2.run002Permissions)(state, context);
|
|
60
|
+
return await (0, mod_js_2.run003Risks)(state, context);
|
|
49
61
|
}
|
|
50
62
|
function createInitialState(input) {
|
|
63
|
+
const resolvedConfig = (0, mod_js_1.resolveConfig)(input?.config);
|
|
64
|
+
const scan = resolvedConfig.scan ?? mod_js_1.DEFAULT_ANALYZER_CONFIG.scan ?? {
|
|
65
|
+
maxFileSize: 1_000_000,
|
|
66
|
+
maxFileCount: 100,
|
|
67
|
+
maxScanDepth: 5,
|
|
68
|
+
};
|
|
51
69
|
return {
|
|
52
70
|
skillId: input?.skillId ?? "unknown",
|
|
53
|
-
skillVersionId: input?.skillVersionId ??
|
|
71
|
+
skillVersionId: input?.skillVersionId ?? mod_js_1.DEFAULT_SKILL_VERSION,
|
|
54
72
|
files: [],
|
|
55
73
|
frontmatter: {},
|
|
56
74
|
scanQueue: [],
|
|
@@ -59,13 +77,10 @@ function createInitialState(input) {
|
|
|
59
77
|
risks: [],
|
|
60
78
|
warnings: [],
|
|
61
79
|
metadata: {
|
|
62
|
-
scannedFiles:
|
|
80
|
+
scannedFiles: new Set(),
|
|
63
81
|
skippedFiles: [],
|
|
64
82
|
rulesUsed: [],
|
|
65
|
-
config:
|
|
66
|
-
...config_js_1.DEFAULT_CONFIG,
|
|
67
|
-
...(input?.config ?? {}),
|
|
68
|
-
},
|
|
83
|
+
config: scan,
|
|
69
84
|
},
|
|
70
85
|
};
|
|
71
86
|
}
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
import type { Permission, Risk } from "../shared/mod.js";
|
|
2
|
+
import type { AnalyzerConfig } from "./config/mod.js";
|
|
3
|
+
import type { AnalyzerState, ScanConfig } from "./types.js";
|
|
4
|
+
export declare class SkillAnalyzerResult {
|
|
5
|
+
private readonly state;
|
|
6
|
+
private readonly config;
|
|
7
|
+
readonly analyzedAt: string;
|
|
8
|
+
private _score;
|
|
9
|
+
private _riskLevel;
|
|
10
|
+
private _summary;
|
|
11
|
+
constructor(state: AnalyzerState, config?: AnalyzerConfig);
|
|
12
|
+
get skillId(): string;
|
|
13
|
+
get skillVersionId(): string;
|
|
14
|
+
get permissions(): Permission[];
|
|
15
|
+
get risks(): Risk[];
|
|
16
|
+
get warnings(): string[];
|
|
17
|
+
get metadata(): {
|
|
18
|
+
scannedFiles: Set<string>;
|
|
19
|
+
skippedFiles: Array<{
|
|
20
|
+
path: string;
|
|
21
|
+
reason: string;
|
|
22
|
+
}>;
|
|
23
|
+
rulesUsed: string[];
|
|
24
|
+
frontmatterRangeEnd?: number;
|
|
25
|
+
config: ScanConfig;
|
|
26
|
+
};
|
|
27
|
+
get score(): number;
|
|
28
|
+
get riskLevel(): "safe" | "caution" | "attention" | "risky" | "avoid";
|
|
29
|
+
get summary(): string;
|
|
30
|
+
private _ensureScored;
|
|
31
|
+
toString(): string;
|
|
32
|
+
toJson(): string;
|
|
33
|
+
toSarif(toolVersion: string): Promise<string>;
|
|
34
|
+
}
|
|
35
|
+
//# sourceMappingURL=result.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"result.d.ts","sourceRoot":"","sources":["../../src/analyzer/result.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAGzD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,KAAK,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AA8D5D,qBAAa,mBAAmB;IAQxB,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,MAAM;IAR3B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAE5B,OAAO,CAAC,MAAM,CAAqB;IACnC,OAAO,CAAC,UAAU,CAAmE;IACrF,OAAO,CAAC,QAAQ,CAAqB;gBAGhB,KAAK,EAAE,aAAa,EACpB,MAAM,GAAE,cAAwC;IAKrE,IAAI,OAAO,IAAI,MAAM,CAEpB;IAED,IAAI,cAAc,IAAI,MAAM,CAE3B;IAED,IAAI,WAAW,IAAI,UAAU,EAAE,CAE9B;IAED,IAAI,KAAK,IAAI,IAAI,EAAE,CAElB;IAED,IAAI,QAAQ,IAAI,MAAM,EAAE,CAEvB;IAED,IAAI,QAAQ,IAAI;QACZ,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;QAC1B,YAAY,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QACtD,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,MAAM,EAAE,UAAU,CAAC;KACtB,CAEA;IAED,IAAI,KAAK,IAAI,MAAM,CAElB;IAED,IAAI,SAAS,IAAI,MAAM,GAAG,SAAS,GAAG,WAAW,GAAG,OAAO,GAAG,OAAO,CAEpE;IAED,IAAI,OAAO,IAAI,MAAM,CAEpB;IAED,OAAO,CAAC,aAAa;IAkBrB,QAAQ,IAAI,MAAM;IAoGlB,MAAM,IAAI,MAAM;IA0BV,OAAO,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAyFtD"}
|
|
@@ -0,0 +1,315 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.SkillAnalyzerResult = void 0;
|
|
4
|
+
const scoring_js_1 = require("./steps/003-risks/scoring.js");
|
|
5
|
+
const mod_js_1 = require("./config/mod.js");
|
|
6
|
+
const INDENT = " ";
|
|
7
|
+
const SUB_INDENT = " ";
|
|
8
|
+
// ---------------------------------------------------------------------------
|
|
9
|
+
// SkillAnalyzerResult class
|
|
10
|
+
// ---------------------------------------------------------------------------
|
|
11
|
+
class SkillAnalyzerResult {
|
|
12
|
+
constructor(state, config = mod_js_1.DEFAULT_ANALYZER_CONFIG) {
|
|
13
|
+
Object.defineProperty(this, "state", {
|
|
14
|
+
enumerable: true,
|
|
15
|
+
configurable: true,
|
|
16
|
+
writable: true,
|
|
17
|
+
value: state
|
|
18
|
+
});
|
|
19
|
+
Object.defineProperty(this, "config", {
|
|
20
|
+
enumerable: true,
|
|
21
|
+
configurable: true,
|
|
22
|
+
writable: true,
|
|
23
|
+
value: config
|
|
24
|
+
});
|
|
25
|
+
Object.defineProperty(this, "analyzedAt", {
|
|
26
|
+
enumerable: true,
|
|
27
|
+
configurable: true,
|
|
28
|
+
writable: true,
|
|
29
|
+
value: void 0
|
|
30
|
+
});
|
|
31
|
+
Object.defineProperty(this, "_score", {
|
|
32
|
+
enumerable: true,
|
|
33
|
+
configurable: true,
|
|
34
|
+
writable: true,
|
|
35
|
+
value: void 0
|
|
36
|
+
});
|
|
37
|
+
Object.defineProperty(this, "_riskLevel", {
|
|
38
|
+
enumerable: true,
|
|
39
|
+
configurable: true,
|
|
40
|
+
writable: true,
|
|
41
|
+
value: void 0
|
|
42
|
+
});
|
|
43
|
+
Object.defineProperty(this, "_summary", {
|
|
44
|
+
enumerable: true,
|
|
45
|
+
configurable: true,
|
|
46
|
+
writable: true,
|
|
47
|
+
value: void 0
|
|
48
|
+
});
|
|
49
|
+
this.analyzedAt = new Date().toISOString();
|
|
50
|
+
}
|
|
51
|
+
get skillId() {
|
|
52
|
+
return this.state.skillId;
|
|
53
|
+
}
|
|
54
|
+
get skillVersionId() {
|
|
55
|
+
return this.state.skillVersionId;
|
|
56
|
+
}
|
|
57
|
+
get permissions() {
|
|
58
|
+
return this.state.permissions;
|
|
59
|
+
}
|
|
60
|
+
get risks() {
|
|
61
|
+
return this.state.risks;
|
|
62
|
+
}
|
|
63
|
+
get warnings() {
|
|
64
|
+
return this.state.warnings;
|
|
65
|
+
}
|
|
66
|
+
get metadata() {
|
|
67
|
+
return this.state.metadata;
|
|
68
|
+
}
|
|
69
|
+
get score() {
|
|
70
|
+
return this._ensureScored().score;
|
|
71
|
+
}
|
|
72
|
+
get riskLevel() {
|
|
73
|
+
return this._ensureScored().riskLevel;
|
|
74
|
+
}
|
|
75
|
+
get summary() {
|
|
76
|
+
return this._ensureScored().summary;
|
|
77
|
+
}
|
|
78
|
+
_ensureScored() {
|
|
79
|
+
if (this._score === undefined) {
|
|
80
|
+
const scored = (0, scoring_js_1.scoreState)(this.state, this.config);
|
|
81
|
+
this._score = scored.score;
|
|
82
|
+
this._riskLevel = scored.riskLevel;
|
|
83
|
+
this._summary = scored.summary;
|
|
84
|
+
}
|
|
85
|
+
return {
|
|
86
|
+
score: this._score,
|
|
87
|
+
riskLevel: this._riskLevel,
|
|
88
|
+
summary: this._summary,
|
|
89
|
+
};
|
|
90
|
+
}
|
|
91
|
+
// -----------------------------------------------------------------------
|
|
92
|
+
// toString() — human-readable terminal output
|
|
93
|
+
// -----------------------------------------------------------------------
|
|
94
|
+
toString() {
|
|
95
|
+
const lines = [];
|
|
96
|
+
const hr = "=".repeat(60);
|
|
97
|
+
lines.push(hr);
|
|
98
|
+
lines.push("Analysis Results");
|
|
99
|
+
lines.push(hr);
|
|
100
|
+
lines.push(`${INDENT}Skill: ${this.skillId}@${this.skillVersionId}`);
|
|
101
|
+
// lines.push("");
|
|
102
|
+
// lines.push(`${INDENT}Permissions (${this.permissions.length})`);
|
|
103
|
+
// if (this.permissions.length === 0) {
|
|
104
|
+
// lines.push(`${SUB_INDENT}- none`);
|
|
105
|
+
// } else {
|
|
106
|
+
// for (const p of this.permissions) {
|
|
107
|
+
// lines.push(`${SUB_INDENT}- ${p.tool}.${p.permission} [${p.scope}]`);
|
|
108
|
+
// if (p.args && p.args.length > 0) {
|
|
109
|
+
// lines.push(`${SUB_INDENT}${INDENT}args: ${p.args.join(", ")}`);
|
|
110
|
+
// }
|
|
111
|
+
// lines.push(`${SUB_INDENT}${INDENT}source: ${p.source}`);
|
|
112
|
+
// if (p.references.length > 0) {
|
|
113
|
+
// lines.push(
|
|
114
|
+
// `${SUB_INDENT}${INDENT}ref: ${_formatRef(p.references[0])}`,
|
|
115
|
+
// );
|
|
116
|
+
// }
|
|
117
|
+
// }
|
|
118
|
+
// }
|
|
119
|
+
lines.push("");
|
|
120
|
+
lines.push(`${INDENT}Risks (${this.risks.length})`);
|
|
121
|
+
if (this.risks.length === 0) {
|
|
122
|
+
lines.push(`${SUB_INDENT}- none`);
|
|
123
|
+
}
|
|
124
|
+
else {
|
|
125
|
+
const SEVERITY_ORDER = { critical: 0, warning: 1, info: 2 };
|
|
126
|
+
const groups = new Map();
|
|
127
|
+
for (const r of this.risks) {
|
|
128
|
+
const key = r.groupKey ?? `${r.type}:${r.reference.file}:${r.reference.line}`;
|
|
129
|
+
const bucket = groups.get(key) ?? [];
|
|
130
|
+
bucket.push(r);
|
|
131
|
+
groups.set(key, bucket);
|
|
132
|
+
}
|
|
133
|
+
const sortedGroups = Array.from(groups.entries())
|
|
134
|
+
.map(([groupKey, risks]) => ({
|
|
135
|
+
groupKey,
|
|
136
|
+
risks,
|
|
137
|
+
sortKey: Math.min(...risks.map((r) => SEVERITY_ORDER[r.severity] ?? 99)),
|
|
138
|
+
}))
|
|
139
|
+
.sort((a, b) => a.sortKey - b.sortKey);
|
|
140
|
+
for (const group of sortedGroups) {
|
|
141
|
+
if (group.risks.length === 1) {
|
|
142
|
+
const r = group.risks[0];
|
|
143
|
+
lines.push(`${SUB_INDENT}- ${r.severity} ${r.type}`);
|
|
144
|
+
lines.push(`${SUB_INDENT}${INDENT}message: ${r.message}`);
|
|
145
|
+
lines.push(`${SUB_INDENT}${INDENT}ref: ${_formatRef(r.reference)}`);
|
|
146
|
+
if (r.permissions.length > 0) {
|
|
147
|
+
lines.push(`${SUB_INDENT}${INDENT}permissions: ${r.permissions.join(", ")}`);
|
|
148
|
+
}
|
|
149
|
+
continue;
|
|
150
|
+
}
|
|
151
|
+
const topRisk = group.risks.reduce((best, r) => (SEVERITY_ORDER[r.severity] ?? 99) < (SEVERITY_ORDER[best.severity] ?? 99)
|
|
152
|
+
? r
|
|
153
|
+
: best);
|
|
154
|
+
lines.push(`${SUB_INDENT}[${group.groupKey}] (${topRisk.severity})`);
|
|
155
|
+
for (const r of group.risks) {
|
|
156
|
+
lines.push(`${SUB_INDENT}${INDENT}- ${r.message}`);
|
|
157
|
+
lines.push(`${SUB_INDENT}${INDENT} ref: ${_formatRef(r.reference)}`);
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
lines.push("");
|
|
162
|
+
lines.push(`${INDENT}Warnings (${this.warnings.length})`);
|
|
163
|
+
if (this.warnings.length === 0) {
|
|
164
|
+
lines.push(`${SUB_INDENT}- none`);
|
|
165
|
+
}
|
|
166
|
+
else {
|
|
167
|
+
for (const w of this.warnings) {
|
|
168
|
+
lines.push(`${SUB_INDENT}- ${w}`);
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
lines.push("");
|
|
172
|
+
lines.push(`${INDENT}Risk Level: ${this.riskLevel}`);
|
|
173
|
+
lines.push(`${INDENT}Score: ${this.score}`);
|
|
174
|
+
lines.push(`${INDENT}Summary: ${this.summary}`);
|
|
175
|
+
return lines.join("\n");
|
|
176
|
+
}
|
|
177
|
+
// -----------------------------------------------------------------------
|
|
178
|
+
// toJson() — plain JSON matching legacy AnalyzerResult shape
|
|
179
|
+
// -----------------------------------------------------------------------
|
|
180
|
+
toJson() {
|
|
181
|
+
return JSON.stringify({
|
|
182
|
+
analyzedAt: this.analyzedAt,
|
|
183
|
+
skillId: this.skillId,
|
|
184
|
+
skillVersionId: this.skillVersionId,
|
|
185
|
+
permissions: this.permissions,
|
|
186
|
+
risks: this.risks,
|
|
187
|
+
score: this.score,
|
|
188
|
+
riskLevel: this.riskLevel,
|
|
189
|
+
summary: this.summary,
|
|
190
|
+
warnings: this.warnings,
|
|
191
|
+
metadata: {
|
|
192
|
+
...this.metadata,
|
|
193
|
+
scannedFiles: [...this.metadata.scannedFiles],
|
|
194
|
+
},
|
|
195
|
+
}, null, 2);
|
|
196
|
+
}
|
|
197
|
+
// -----------------------------------------------------------------------
|
|
198
|
+
// toSarif() — SARIF 2.1.0 for GitHub Code Scanning
|
|
199
|
+
// -----------------------------------------------------------------------
|
|
200
|
+
async toSarif(toolVersion) {
|
|
201
|
+
// --- rules ---
|
|
202
|
+
const rules = [];
|
|
203
|
+
const seenRiskTypes = new Set();
|
|
204
|
+
for (const r of this.risks) {
|
|
205
|
+
if (!seenRiskTypes.has(r.type)) {
|
|
206
|
+
seenRiskTypes.add(r.type);
|
|
207
|
+
rules.push({
|
|
208
|
+
id: r.type,
|
|
209
|
+
shortDescription: { text: r.type },
|
|
210
|
+
help: { text: r.message },
|
|
211
|
+
properties: { tags: ["security"] },
|
|
212
|
+
});
|
|
213
|
+
}
|
|
214
|
+
}
|
|
215
|
+
if (this.warnings.length > 0) {
|
|
216
|
+
rules.push({
|
|
217
|
+
id: "slab/warning",
|
|
218
|
+
shortDescription: { text: "Analysis warning" },
|
|
219
|
+
help: { text: "Warnings produced during skill analysis." },
|
|
220
|
+
properties: { tags: ["maintainability"] },
|
|
221
|
+
});
|
|
222
|
+
}
|
|
223
|
+
for (const p of this.permissions) {
|
|
224
|
+
rules.push({
|
|
225
|
+
id: p.id,
|
|
226
|
+
shortDescription: { text: `${p.tool}.${p.permission} [${p.scope}]` },
|
|
227
|
+
help: {
|
|
228
|
+
text: p.comment ??
|
|
229
|
+
`Permission detected: ${p.tool} ${p.permission} (${p.scope})`,
|
|
230
|
+
},
|
|
231
|
+
properties: { tags: ["permissions"] },
|
|
232
|
+
});
|
|
233
|
+
}
|
|
234
|
+
// --- results ---
|
|
235
|
+
const results = [];
|
|
236
|
+
for (const r of this.risks) {
|
|
237
|
+
const fp = await _fingerprint(`${r.type}:${r.reference.file}:${r.reference.line}`);
|
|
238
|
+
results.push({
|
|
239
|
+
ruleId: r.type,
|
|
240
|
+
level: _sarifLevel(r.severity),
|
|
241
|
+
message: { text: r.message },
|
|
242
|
+
locations: [
|
|
243
|
+
_sarifLocation(r.reference.file, r.reference.line, r.reference.lineEnd),
|
|
244
|
+
],
|
|
245
|
+
fingerprints: { "slab/v1": fp },
|
|
246
|
+
});
|
|
247
|
+
}
|
|
248
|
+
for (const w of this.warnings) {
|
|
249
|
+
results.push({
|
|
250
|
+
ruleId: "slab/warning",
|
|
251
|
+
level: "note",
|
|
252
|
+
message: { text: w },
|
|
253
|
+
locations: [_sarifLocation("SKILL.md", 1)],
|
|
254
|
+
});
|
|
255
|
+
}
|
|
256
|
+
// --- artifacts ---
|
|
257
|
+
const artifacts = [...this.metadata.scannedFiles].map((f) => ({
|
|
258
|
+
location: { uri: f, uriBaseId: "%SRCROOT%" },
|
|
259
|
+
}));
|
|
260
|
+
const log = {
|
|
261
|
+
$schema: "https://json.schemastore.org/sarif-2.1.0.json",
|
|
262
|
+
version: "2.1.0",
|
|
263
|
+
runs: [
|
|
264
|
+
{
|
|
265
|
+
tool: {
|
|
266
|
+
driver: {
|
|
267
|
+
name: "slab",
|
|
268
|
+
version: toolVersion,
|
|
269
|
+
informationUri: "https://github.com/FeiyouG/skill-lab",
|
|
270
|
+
rules,
|
|
271
|
+
},
|
|
272
|
+
},
|
|
273
|
+
results,
|
|
274
|
+
artifacts,
|
|
275
|
+
},
|
|
276
|
+
],
|
|
277
|
+
};
|
|
278
|
+
return JSON.stringify(log, null, 2);
|
|
279
|
+
}
|
|
280
|
+
}
|
|
281
|
+
exports.SkillAnalyzerResult = SkillAnalyzerResult;
|
|
282
|
+
// ---------------------------------------------------------------------------
|
|
283
|
+
// Helpers
|
|
284
|
+
// ---------------------------------------------------------------------------
|
|
285
|
+
function _formatRef(ref) {
|
|
286
|
+
if (ref.lineEnd !== undefined && ref.lineEnd !== ref.line) {
|
|
287
|
+
return `${ref.file}:${ref.line}-${ref.lineEnd} (${ref.type})`;
|
|
288
|
+
}
|
|
289
|
+
return `${ref.file}:${ref.line} (${ref.type})`;
|
|
290
|
+
}
|
|
291
|
+
function _sarifLevel(severity) {
|
|
292
|
+
if (severity === "critical")
|
|
293
|
+
return "error";
|
|
294
|
+
if (severity === "warning")
|
|
295
|
+
return "warning";
|
|
296
|
+
return "note";
|
|
297
|
+
}
|
|
298
|
+
function _sarifLocation(file, startLine, endLine) {
|
|
299
|
+
const region = { startLine };
|
|
300
|
+
if (endLine !== undefined && endLine !== startLine) {
|
|
301
|
+
region.endLine = endLine;
|
|
302
|
+
}
|
|
303
|
+
return {
|
|
304
|
+
physicalLocation: {
|
|
305
|
+
artifactLocation: { uri: file, uriBaseId: "%SRCROOT%" },
|
|
306
|
+
region,
|
|
307
|
+
},
|
|
308
|
+
};
|
|
309
|
+
}
|
|
310
|
+
async function _fingerprint(input) {
|
|
311
|
+
const encoded = new TextEncoder().encode(input);
|
|
312
|
+
const hashBuffer = await crypto.subtle.digest("SHA-256", encoded);
|
|
313
|
+
const hashArray = Array.from(new Uint8Array(hashBuffer));
|
|
314
|
+
return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
|
|
315
|
+
}
|
|
@@ -8,6 +8,7 @@ export * from "./gh.js";
|
|
|
8
8
|
export * from "./git.js";
|
|
9
9
|
export * from "./node.js";
|
|
10
10
|
export * from "./openspec.js";
|
|
11
|
+
export * from "./pip.js";
|
|
11
12
|
export * from "./sudo.js";
|
|
12
13
|
export declare const BASH_COMMAND_RULES: AstGrepRule[];
|
|
13
14
|
//# sourceMappingURL=mod.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../../../../../src/analyzer/rules/bash/commands/mod.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;
|
|
1
|
+
{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../../../../../src/analyzer/rules/bash/commands/mod.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAa9D,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,aAAa,CAAC;AAC5B,cAAc,WAAW,CAAC;AAC1B,cAAc,cAAc,CAAC;AAC7B,cAAc,SAAS,CAAC;AACxB,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAC1B,cAAc,eAAe,CAAC;AAC9B,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAE1B,eAAO,MAAM,kBAAkB,EAAE,WAAW,EAY3C,CAAC"}
|
|
@@ -24,6 +24,7 @@ const gh_js_1 = require("./gh.js");
|
|
|
24
24
|
const git_js_1 = require("./git.js");
|
|
25
25
|
const node_js_1 = require("./node.js");
|
|
26
26
|
const openspec_js_1 = require("./openspec.js");
|
|
27
|
+
const pip_js_1 = require("./pip.js");
|
|
27
28
|
const sudo_js_1 = require("./sudo.js");
|
|
28
29
|
__exportStar(require("./bd.js"), exports);
|
|
29
30
|
__exportStar(require("./cron.js"), exports);
|
|
@@ -34,11 +35,13 @@ __exportStar(require("./gh.js"), exports);
|
|
|
34
35
|
__exportStar(require("./git.js"), exports);
|
|
35
36
|
__exportStar(require("./node.js"), exports);
|
|
36
37
|
__exportStar(require("./openspec.js"), exports);
|
|
38
|
+
__exportStar(require("./pip.js"), exports);
|
|
37
39
|
__exportStar(require("./sudo.js"), exports);
|
|
38
40
|
exports.BASH_COMMAND_RULES = [
|
|
39
41
|
...git_js_1.GIT_RULES,
|
|
40
42
|
...gh_js_1.GH_RULES,
|
|
41
43
|
...node_js_1.NODE_ECOSYSTEM_RULES,
|
|
44
|
+
...pip_js_1.PIP_RULES,
|
|
42
45
|
...docker_js_1.DOCKER_RULES,
|
|
43
46
|
...bd_js_1.BD_RULES,
|
|
44
47
|
...sudo_js_1.SUDO_RULES,
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pip.d.ts","sourceRoot":"","sources":["../../../../../src/analyzer/rules/bash/commands/pip.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAE9D,eAAO,MAAM,SAAS,EAAE,WAAW,EAalC,CAAC"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.PIP_RULES = void 0;
|
|
4
|
+
exports.PIP_RULES = [
|
|
5
|
+
{
|
|
6
|
+
id: "shell-pip",
|
|
7
|
+
description: "Detects pip commands",
|
|
8
|
+
grammar: "bash",
|
|
9
|
+
patterns: ["pip $SUB $$$ARGS", "pip3 $SUB $$$ARGS"],
|
|
10
|
+
permission: {
|
|
11
|
+
tool: "pip",
|
|
12
|
+
scope: "sys",
|
|
13
|
+
permission: "shell",
|
|
14
|
+
metadata: { subcommand: "SUB" },
|
|
15
|
+
},
|
|
16
|
+
},
|
|
17
|
+
];
|
|
@@ -9,5 +9,5 @@
|
|
|
9
9
|
* Uses ast-grep AST traversal on `command` nodes.
|
|
10
10
|
*/
|
|
11
11
|
import type { AnalyzerContext, FileRefDiscovery } from "../../types.js";
|
|
12
|
-
export declare function extractBashFileRefs(context: AnalyzerContext, content: string): FileRefDiscovery[]
|
|
12
|
+
export declare function extractBashFileRefs(context: AnalyzerContext, content: string): Promise<FileRefDiscovery[]>;
|
|
13
13
|
//# sourceMappingURL=extractFileRefs.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"extractFileRefs.d.ts","sourceRoot":"","sources":["../../../../src/analyzer/rules/bash/extractFileRefs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAGxE,
|
|
1
|
+
{"version":3,"file":"extractFileRefs.d.ts","sourceRoot":"","sources":["../../../../src/analyzer/rules/bash/extractFileRefs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAGxE,wBAAsB,mBAAmB,CACrC,OAAO,EAAE,eAAe,EACxB,OAAO,EAAE,MAAM,GAChB,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAkF7B"}
|
|
@@ -13,9 +13,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
13
13
|
exports.extractBashFileRefs = extractBashFileRefs;
|
|
14
14
|
const file_refs_js_1 = require("../shared/file-refs.js");
|
|
15
15
|
const astTypes_js_1 = require("./astTypes.js");
|
|
16
|
-
function extractBashFileRefs(context, content) {
|
|
16
|
+
async function extractBashFileRefs(context, content) {
|
|
17
17
|
const refs = [];
|
|
18
|
-
const ast = context.astgrepClient.parse("bash", content);
|
|
18
|
+
const ast = await context.astgrepClient.parse("bash", content);
|
|
19
19
|
const root = ast.root();
|
|
20
20
|
const commandNodes = root.findAll({ rule: { kind: astTypes_js_1.BASH_NODE.COMMAND } });
|
|
21
21
|
for (const node of commandNodes) {
|
|
@@ -2,5 +2,5 @@ import type { AnalyzerContext } from "../../types.js";
|
|
|
2
2
|
export declare function isLikelyInlineBashCommand(context: AnalyzerContext, input: {
|
|
3
3
|
snippet: string;
|
|
4
4
|
lineContext?: string;
|
|
5
|
-
}): boolean
|
|
5
|
+
}): Promise<boolean>;
|
|
6
6
|
//# sourceMappingURL=inline-command-classifier.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"inline-command-classifier.d.ts","sourceRoot":"","sources":["../../../../src/analyzer/rules/bash/inline-command-classifier.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AA4CtD,
|
|
1
|
+
{"version":3,"file":"inline-command-classifier.d.ts","sourceRoot":"","sources":["../../../../src/analyzer/rules/bash/inline-command-classifier.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AA4CtD,wBAAsB,yBAAyB,CAC3C,OAAO,EAAE,eAAe,EACxB,KAAK,EAAE;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAAE,GACjD,OAAO,CAAC,OAAO,CAAC,CAuBlB"}
|
|
@@ -33,7 +33,7 @@ const SPECIFIC_COMMAND_RULES = mod_js_1.BASH_COMMAND_RULES.filter((rule) => rule
|
|
|
33
33
|
const KNOWN_COMMAND_TOOLS = new Set(SPECIFIC_COMMAND_RULES
|
|
34
34
|
.map((rule) => String(rule.permission.tool ?? "").toLowerCase())
|
|
35
35
|
.filter((tool) => tool && tool !== "detected"));
|
|
36
|
-
function isLikelyInlineBashCommand(context, input) {
|
|
36
|
+
async function isLikelyInlineBashCommand(context, input) {
|
|
37
37
|
const snippet = normalizeInlineSnippet(input.snippet);
|
|
38
38
|
if (!snippet)
|
|
39
39
|
return false;
|
|
@@ -42,7 +42,7 @@ function isLikelyInlineBashCommand(context, input) {
|
|
|
42
42
|
const tokens = snippet.split(/\s+/).filter(Boolean);
|
|
43
43
|
if (tokens.length === 1 && (0, file_refs_js_1.looksLikePath)(snippet))
|
|
44
44
|
return false;
|
|
45
|
-
if (matchesSpecificBashCommandRule(context, snippet))
|
|
45
|
+
if (await matchesSpecificBashCommandRule(context, snippet))
|
|
46
46
|
return true;
|
|
47
47
|
const firstToken = tokens[0]?.toLowerCase() ?? "";
|
|
48
48
|
const hasContextVerb = CONTEXT_VERB_PATTERN.test(input.lineContext ?? "");
|
|
@@ -56,8 +56,8 @@ function isLikelyInlineBashCommand(context, input) {
|
|
|
56
56
|
}
|
|
57
57
|
return false;
|
|
58
58
|
}
|
|
59
|
-
function matchesSpecificBashCommandRule(context, snippet) {
|
|
60
|
-
const matches = context.astgrepClient.scanWithRules(snippet, "bash", SPECIFIC_COMMAND_RULES);
|
|
59
|
+
async function matchesSpecificBashCommandRule(context, snippet) {
|
|
60
|
+
const matches = await context.astgrepClient.scanWithRules(snippet, "bash", SPECIFIC_COMMAND_RULES);
|
|
61
61
|
return matches.length > 0;
|
|
62
62
|
}
|
|
63
63
|
function normalizeInlineSnippet(raw) {
|
|
@@ -7,10 +7,9 @@
|
|
|
7
7
|
* - URL string literals used in fetch/axios/XMLHttpRequest → via: "url"
|
|
8
8
|
* - Host filesystem paths in fs.readFile / fs.writeFile / open calls → via: "bare-path"
|
|
9
9
|
*
|
|
10
|
-
* Uses ast-grep AST traversal
|
|
11
|
-
* (AST client is synchronous for JS/TS and does not require async setup).
|
|
10
|
+
* Uses ast-grep AST traversal.
|
|
12
11
|
*/
|
|
13
12
|
import type { AnalyzerContext, FileRefDiscovery } from "../../types.js";
|
|
14
|
-
export declare function extractJsFileRefs(context: AnalyzerContext, content: string): FileRefDiscovery[]
|
|
15
|
-
export declare function extractTsFileRefs(context: AnalyzerContext, content: string): FileRefDiscovery[]
|
|
13
|
+
export declare function extractJsFileRefs(context: AnalyzerContext, content: string): Promise<FileRefDiscovery[]>;
|
|
14
|
+
export declare function extractTsFileRefs(context: AnalyzerContext, content: string): Promise<FileRefDiscovery[]>;
|
|
16
15
|
//# sourceMappingURL=extractFileRefs.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"extractFileRefs.d.ts","sourceRoot":"","sources":["../../../../src/analyzer/rules/javascript/extractFileRefs.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"extractFileRefs.d.ts","sourceRoot":"","sources":["../../../../src/analyzer/rules/javascript/extractFileRefs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAyGxE,wBAAgB,iBAAiB,CAC7B,OAAO,EAAE,eAAe,EACxB,OAAO,EAAE,MAAM,GAChB,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAE7B;AAED,wBAAgB,iBAAiB,CAC7B,OAAO,EAAE,eAAe,EACxB,OAAO,EAAE,MAAM,GAChB,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAE7B"}
|
|
@@ -8,17 +8,16 @@
|
|
|
8
8
|
* - URL string literals used in fetch/axios/XMLHttpRequest → via: "url"
|
|
9
9
|
* - Host filesystem paths in fs.readFile / fs.writeFile / open calls → via: "bare-path"
|
|
10
10
|
*
|
|
11
|
-
* Uses ast-grep AST traversal
|
|
12
|
-
* (AST client is synchronous for JS/TS and does not require async setup).
|
|
11
|
+
* Uses ast-grep AST traversal.
|
|
13
12
|
*/
|
|
14
13
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
14
|
exports.extractJsFileRefs = extractJsFileRefs;
|
|
16
15
|
exports.extractTsFileRefs = extractTsFileRefs;
|
|
17
16
|
const file_refs_js_1 = require("../shared/file-refs.js");
|
|
18
17
|
const astTypes_js_1 = require("./astTypes.js");
|
|
19
|
-
function extractJsLikeFileRefs(lang, context, content) {
|
|
18
|
+
async function extractJsLikeFileRefs(lang, context, content) {
|
|
20
19
|
const refs = [];
|
|
21
|
-
const ast = context.astgrepClient.parse(lang, content);
|
|
20
|
+
const ast = await context.astgrepClient.parse(lang, content);
|
|
22
21
|
const root = ast.root();
|
|
23
22
|
// ── import_statement ────────────────────────────────────────────────────
|
|
24
23
|
const importNodes = root.findAll({ rule: { kind: astTypes_js_1.JS_NODE.IMPORT_STATEMENT } });
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"extractCodeBlocks.d.ts","sourceRoot":"","sources":["../../../../src/analyzer/rules/markdown/extractCodeBlocks.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"extractCodeBlocks.d.ts","sourceRoot":"","sources":["../../../../src/analyzer/rules/markdown/extractCodeBlocks.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAIjE;;;GAGG;AACH,wBAAsB,iBAAiB,CACnC,OAAO,EAAE,eAAe,EACxB,OAAO,EAAE,MAAM,GAChB,OAAO,CAAC,SAAS,EAAE,CAAC,CAwFtB"}
|