@fourteensystems/prodcheck 0.3.0

package/dist/rules/input-validation-missing.test.js

@@ -0,0 +1,449 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { mkdirSync, writeFileSync, rmSync } from "node:fs";
+import path from "node:path";
+import { run, RULE_ID } from "./input-validation-missing.js";
+/* ------------------------------------------------------------------ */
+/*  Helpers                                                            */
+/* ------------------------------------------------------------------ */
+const DB_WRITE_SIGNALS = {
+    hasMutationEvidence: true,
+    hasDbWriteEvidence: true,
+    hasStripeWriteEvidence: false,
+    mutationDetails: ["prisma.create", "reads request body"],
+};
+const STRIPE_WRITE_SIGNALS = {
+    hasMutationEvidence: true,
+    hasDbWriteEvidence: false,
+    hasStripeWriteEvidence: true,
+    mutationDetails: ["stripe write operation", "reads request body"],
+};
+const BODY_ONLY_SIGNALS = {
+    hasMutationEvidence: true,
+    hasDbWriteEvidence: false,
+    hasStripeWriteEvidence: false,
+    mutationDetails: ["reads request body"],
+};
+function protectionSummary() {
+    return {
+        auth: { satisfied: false, enforced: false, sources: [], details: [], unverifiedWrappers: [] },
+        rateLimit: { satisfied: false, enforced: false, sources: [], details: [], unverifiedWrappers: [] },
+    };
+}
+let tmpDir;
+beforeEach(() => {
+    tmpDir = path.join("/tmp", `prodcheck-input-test-${Date.now()}-${Math.random().toString(36).slice(2)}`);
+    mkdirSync(tmpDir, { recursive: true });
+});
+afterEach(() => {
+    rmSync(tmpDir, { recursive: true, force: true });
+});
+function createRoute(relPath, source, signals = DB_WRITE_SIGNALS) {
+    const fullPath = path.join(tmpDir, relPath);
+    mkdirSync(path.dirname(fullPath), { recursive: true });
+    writeFileSync(fullPath, source);
+    const pathname = "/" + relPath
+        .replace(/\/route\.(ts|tsx|js|jsx)$/, "")
+        .replace(/^app\//, "");
+    return {
+        kind: "route-handler",
+        file: relPath,
+        isApi: pathname.startsWith("/api/"),
+        isPublic: true,
+        pathname,
+        signals,
+        protection: protectionSummary(),
+    };
+}
+function createAction(relPath, source, signals = DB_WRITE_SIGNALS) {
+    const fullPath = path.join(tmpDir, relPath);
+    mkdirSync(path.dirname(fullPath), { recursive: true });
+    writeFileSync(fullPath, source);
+    return {
+        kind: "server-action",
+        file: relPath,
+        signals,
+    };
+}
+function makeIndex(routes = [], actions = []) {
+    return {
+        version: 1,
+        framework: "next-app-router",
+        rootDir: tmpDir,
+        deps: {
+            hasNextAuth: false, hasClerk: false, hasSupabase: false,
+            hasKinde: false, hasWorkOS: false, hasBetterAuth: false,
+            hasLucia: false, hasAuth0: false, hasIronSession: false,
+            hasFirebaseAuth: false, hasUpstashRatelimit: false, hasArcjet: false,
+            hasUnkey: false, hasPrisma: true, hasDrizzle: false, hasTrpc: false,
+        },
+        hints: {
+            auth: { functions: [], middlewareFiles: [], allowlistPaths: [] },
+            rateLimit: { wrappers: [], allowlistPaths: [] },
+            tenancy: { orgFieldNames: [] },
+        },
+        middleware: { authLikely: false, rateLimitLikely: false, matcherPatterns: [] },
+        wrappers: { wrappers: new Map() },
+        routes: { all: routes, mutationRoutes: routes },
+        serverActions: { all: actions, mutationActions: actions },
+        trpc: { detected: false, procedures: [], mutationProcedures: [] },
+    };
+}
+function makeConfig() {
+    return {
+        framework: "next-app-router",
+        include: ["app/**"],
+        exclude: [],
+        ci: { failOn: "critical", minConfidence: "high", minScore: 70, maxNewCritical: 0 },
+        scoring: { start: 100, penalties: { critical: 25, high: 10, med: 3, low: 1 } },
+        hints: {
+            auth: { functions: [], middlewareFiles: [], allowlistPaths: [] },
+            rateLimit: { wrappers: [], allowlistPaths: [] },
+            tenancy: { orgFieldNames: [] },
+        },
+        rules: { "INPUT-VALIDATION-MISSING": { severity: "high" } },
+        waiversFile: "prodcheck.waivers.json",
+    };
+}
+/* ------------------------------------------------------------------ */
+/*  Tests: should flag                                                 */
+/* ------------------------------------------------------------------ */
+describe("INPUT-VALIDATION-MISSING", () => {
+    describe("flags unvalidated input", () => {
+        it("request.json() + prisma.create without validation", () => {
+            const route = createRoute("app/api/users/route.ts", `
+export async function POST(request: Request) {
+  const body = await request.json();
+  await prisma.user.create({ data: body });
+  return Response.json({ ok: true });
+}
+`);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(1);
+            expect(findings[0].ruleId).toBe(RULE_ID);
+            expect(findings[0].confidence).toBe("high");
+        });
+        it("request.formData() + prisma.update without validation", () => {
+            const route = createRoute("app/api/profile/route.ts", `
+export async function POST(request: Request) {
+  const data = await request.formData();
+  const name = data.get("name");
+  await prisma.user.update({ where: { id }, data: { name } });
+  return Response.json({ ok: true });
+}
+`);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(1);
+            expect(findings[0].ruleId).toBe(RULE_ID);
+        });
+        it("req.body + prisma.create without validation", () => {
+            const route = createRoute("app/api/items/route.ts", `
+export async function POST(req: NextRequest) {
+  const data = req.body;
+  await prisma.item.create({ data });
+  return NextResponse.json({ ok: true });
+}
+`);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(1);
+        });
+        it("request.json() + Stripe write without validation", () => {
+            const route = createRoute("app/api/billing/route.ts", `
+export async function POST(request: Request) {
+  const body = await request.json();
+  await stripe.subscriptions.create({ customer: body.customerId, items: [{ price: body.priceId }] });
+  return Response.json({ ok: true });
+}
+`, STRIPE_WRITE_SIGNALS);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(1);
+        });
+        it("server action with unvalidated input + DB write", () => {
+            const action = createAction("app/actions/create-post.ts", `
+"use server";
+export async function createPost(formData: FormData) {
+  const title = formData.get("title");
+  const body = await request.json();
+  await prisma.post.create({ data: { title } });
+}
+`);
+            const findings = run(makeIndex([], [action]), makeConfig());
+            expect(findings).toHaveLength(1);
+            expect(findings[0].message).toContain("Server action");
+        });
+    });
+    /* ------------------------------------------------------------------ */
+    /*  Tests: should NOT flag (validation present)                       */
+    /* ------------------------------------------------------------------ */
+    describe("does NOT flag when validation present", () => {
+        it("zod z.object() + .parse()", () => {
+            const route = createRoute("app/api/users/route.ts", `
+import { z } from "zod";
+const schema = z.object({ name: z.string(), email: z.string().email() });
+export async function POST(request: Request) {
+  const body = await request.json();
+  const data = schema.parse(body);
+  await prisma.user.create({ data });
+  return Response.json({ ok: true });
+}
+`);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(0);
+        });
+        it("zod .safeParse()", () => {
+            const route = createRoute("app/api/users/route.ts", `
+import { z } from "zod";
+const schema = z.object({ name: z.string() });
+export async function POST(request: Request) {
+  const body = await request.json();
+  const result = schema.safeParse(body);
+  if (!result.success) return Response.json({ error: result.error }, { status: 400 });
+  await prisma.user.create({ data: result.data });
+  return Response.json({ ok: true });
+}
+`);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(0);
+        });
+        it("valibot v.parse()", () => {
+            const route = createRoute("app/api/users/route.ts", `
+import * as v from "valibot";
+const schema = v.object({ name: v.string() });
+export async function POST(request: Request) {
+  const body = await request.json();
+  const data = v.parse(schema, body);
+  await prisma.user.create({ data });
+  return Response.json({ ok: true });
+}
+`);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(0);
+        });
+        it("yup .validate()", () => {
+            const route = createRoute("app/api/users/route.ts", `
+import * as yup from "yup";
+const schema = yup.object({ name: yup.string().required() });
+export async function POST(request: Request) {
+  const body = await request.json();
+  const data = await schema.validate(body);
+  await prisma.user.create({ data });
+  return Response.json({ ok: true });
+}
+`);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(0);
+        });
+        it("next-safe-action createSafeActionClient", () => {
+            const route = createRoute("app/api/users/route.ts", `
+import { createSafeActionClient } from "next-safe-action";
+const action = createSafeActionClient();
+export async function POST(request: Request) {
+  const body = await request.json();
+  await prisma.user.create({ data: body });
+}
+`);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(0);
+        });
+        it("tRPC .input(z.object(...))", () => {
+            const route = createRoute("app/api/trpc/route.ts", `
+import { z } from "zod";
+const router = t.router({
+  create: t.procedure
+    .input(z.object({ name: z.string() }))
+    .mutation(async ({ input }) => {
+      const body = await request.json();
+      await prisma.user.create({ data: input });
+    }),
+});
+`);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(0);
+        });
+    });
+    /* ------------------------------------------------------------------ */
+    /*  Tests: JSON.parse is NOT schema validation                         */
+    /* ------------------------------------------------------------------ */
+    describe("JSON.parse does NOT suppress findings", () => {
+        it("JSON.parse is not schema validation", () => {
+            const route = createRoute("app/api/users/route.ts", `
+export async function POST(request: Request) {
+  const text = await request.json();
+  const config = JSON.parse(process.env.CONFIG);
+  await prisma.user.create({ data: text });
+  return Response.json({ ok: true });
+}
+`);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(1);
+        });
+        it("URL.parse is not schema validation", () => {
+            const route = createRoute("app/api/users/route.ts", `
+export async function POST(request: Request) {
+  const body = await request.json();
+  const parsed = URL.parse(body.url);
+  await prisma.user.create({ data: body });
+  return Response.json({ ok: true });
+}
+`);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(1);
+        });
+        it("schema.parse alongside JSON.parse still suppresses", () => {
+            const route = createRoute("app/api/users/route.ts", `
+import { z } from "zod";
+const schema = z.object({ name: z.string() });
+export async function POST(request: Request) {
+  const raw = await request.json();
+  const config = JSON.parse(process.env.CONFIG);
+  const data = schema.parse(raw);
+  await prisma.user.create({ data });
+  return Response.json({ ok: true });
+}
+`);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(0);
+        });
+    });
+    /* ------------------------------------------------------------------ */
+    /*  Edge cases                                                         */
+    /* ------------------------------------------------------------------ */
+    describe("edge cases", () => {
+        it("chained .parse() like getSchema().parse(body) suppresses finding", () => {
+            const route = createRoute("app/api/users/route.ts", `
+export async function POST(request: Request) {
+  const body = await request.json();
+  const data = getSchema("user").parse(body);
+  await prisma.user.create({ data });
+  return Response.json({ ok: true });
+}
+`);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(0);
+        });
+        it("commented-out schema.parse does NOT suppress finding", () => {
+            const route = createRoute("app/api/users/route.ts", `
+export async function POST(request: Request) {
+  const body = await request.json();
+  // TODO: add validation
+  // const data = schema.parse(body);
+  await prisma.user.create({ data: body });
+  return Response.json({ ok: true });
+}
+`);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(1);
+        });
+        it("block-commented schema.parse does NOT suppress finding", () => {
+            const route = createRoute("app/api/users/route.ts", `
+export async function POST(request: Request) {
+  const body = await request.json();
+  /*
+  const data = schema.parse(body);
+  */
+  await prisma.user.create({ data: body });
+  return Response.json({ ok: true });
+}
+`);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(1);
+        });
+    });
+    /* ------------------------------------------------------------------ */
+    /*  Tests: should NOT flag (no write or no body read)                  */
+    /* ------------------------------------------------------------------ */
+    describe("does NOT flag when conditions incomplete", () => {
+        it("reads body but no DB/Stripe write", () => {
+            const route = createRoute("app/api/echo/route.ts", `
+export async function POST(request: Request) {
+  const body = await request.json();
+  return Response.json(body);
+}
+`, BODY_ONLY_SIGNALS);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(0);
+        });
+        it("DB write but no body read", () => {
+            const route = createRoute("app/api/cron/route.ts", `
+export async function POST() {
+  await prisma.job.create({ data: { ran: new Date() } });
+  return Response.json({ ok: true });
+}
+`);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(0);
+        });
+    });
+    /* ------------------------------------------------------------------ */
+    /*  public-intent severity bump                                        */
+    /* ------------------------------------------------------------------ */
+    describe("public-intent severity bump", () => {
+        it("bumps severity when public-intent present (med → high)", () => {
+            const route = createRoute("app/api/ingest/route.ts", `
+export async function POST(request: Request) {
+  const body = await request.json();
+  await stripe.subscriptions.create({ items: body.items });
+}
+`, STRIPE_WRITE_SIGNALS);
+            route.publicIntent = { reason: "Public ingest endpoint", line: 1 };
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(1);
+            // Stripe-only would be med confidence → med severity, but public-intent bumps to high
+            expect(findings[0].severity).toBe("high");
+            expect(findings[0].tags).toContain("public-intent");
+            expect(findings[0].evidence).toContain('public-intent: "Public ingest endpoint"');
+        });
+        it("bumps confidence to high when public-intent present", () => {
+            const route = createRoute("app/api/ingest/route.ts", `
+export async function POST(request: Request) {
+  const body = await request.json();
+  await stripe.subscriptions.create({ items: body.items });
+}
+`, STRIPE_WRITE_SIGNALS);
+            route.publicIntent = { reason: "Public endpoint", line: 1 };
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(1);
+            // Stripe-only would be med confidence, but public-intent bumps to high
+            expect(findings[0].confidence).toBe("high");
+        });
+        it("does NOT bump when publicIntent is absent", () => {
+            const route = createRoute("app/api/ingest/route.ts", `
+export async function POST(request: Request) {
+  const body = await request.json();
+  await stripe.subscriptions.create({ items: body.items });
+}
+`, STRIPE_WRITE_SIGNALS);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings).toHaveLength(1);
+            expect(findings[0].severity).toBe("med");
+            expect(findings[0].tags).not.toContain("public-intent");
+        });
+    });
+    /* ------------------------------------------------------------------ */
+    /*  Confidence levels                                                  */
+    /* ------------------------------------------------------------------ */
+    describe("confidence levels", () => {
+        it("high confidence with DB write evidence", () => {
+            const route = createRoute("app/api/users/route.ts", `
+export async function POST(request: Request) {
+  const body = await request.json();
+  await prisma.user.create({ data: body });
+}
+`);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings[0].confidence).toBe("high");
+            expect(findings[0].severity).toBe("high");
+        });
+        it("med confidence with Stripe write only (no DB)", () => {
+            const route = createRoute("app/api/billing/route.ts", `
+export async function POST(request: Request) {
+  const body = await request.json();
+  await stripe.subscriptions.create({ items: body.items });
+}
+`, STRIPE_WRITE_SIGNALS);
+            const findings = run(makeIndex([route]), makeConfig());
+            expect(findings[0].confidence).toBe("med");
+            expect(findings[0].severity).toBe("med");
+        });
+    });
+});
+//# sourceMappingURL=input-validation-missing.test.js.map

package/dist/rules/input-validation-missing.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"input-validation-missing.test.js","sourceRoot":"","sources":["../../src/rules/input-validation-missing.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAC3D,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,+BAA+B,CAAC;AAI7D,wEAAwE;AACxE,yEAAyE;AACzE,wEAAwE;AAExE,MAAM,gBAAgB,GAAoB;IACxC,mBAAmB,EAAE,IAAI;IACzB,kBAAkB,EAAE,IAAI;IACxB,sBAAsB,EAAE,KAAK;IAC7B,eAAe,EAAE,CAAC,eAAe,EAAE,oBAAoB,CAAC;CACzD,CAAC;AAEF,MAAM,oBAAoB,GAAoB;IAC5C,mBAAmB,EAAE,IAAI;IACzB,kBAAkB,EAAE,KAAK;IACzB,sBAAsB,EAAE,IAAI;IAC5B,eAAe,EAAE,CAAC,wBAAwB,EAAE,oBAAoB,CAAC;CAClE,CAAC;AAEF,MAAM,iBAAiB,GAAoB;IACzC,mBAAmB,EAAE,IAAI;IACzB,kBAAkB,EAAE,KAAK;IACzB,sBAAsB,EAAE,KAAK;IAC7B,eAAe,EAAE,CAAC,oBAAoB,CAAC;CACxC,CAAC;AAEF,SAAS,iBAAiB;IACxB,OAAO;QACL,IAAI,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,kBAAkB,EAAE,EAAE,EAAE;QAC7F,SAAS,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,kBAAkB,EAAE,EAAE,EAAE;KACnG,CAAC;AACJ,CAAC;AAED,IAAI,MAAc,CAAC;AAEnB,UAAU,CAAC,GAAG,EAAE;IACd,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,wBAAwB,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACxG,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;AACzC,CAAC,CAAC,CAAC;AAEH,SAAS,CAAC,GAAG,EAAE;IACb,MAAM,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AACnD,CAAC,CAAC,CAAC;AAEH,SAAS,WAAW,CAClB,OAAe,EACf,MAAc,EACd,UAA2B,gBAAgB;IAE3C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACvD,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAEhC,MAAM,QAAQ,GAAG,GAAG,GAAG,OAAO;SAC3B,OAAO,CAAC,2BAA2B,EAAE,EAAE,CAAC;SACxC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAEzB,OAAO;QACL,IAAI,EAAE,eAAe;QACrB,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;QACnC,QAAQ,EAAE,IAAI;QACd,QAAQ;QACR,OAAO;QACP,UAAU,EAAE,iBAAiB,EAAE;KAChC,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CACnB,OAAe,EACf,MAAc,EACd,UAA2B,gBAAgB;IAE3C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACvD,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAEhC,OAAO;QACL,IAAI,EAAE,eAAe;QACrB,IAAI,EAAE,OAAO;QACb,OAAO;KACR,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAChB,SAAsB,EAAE,EACxB,UAA8B,EAAE;IAEhC,OAAO;QACL,OAAO,EAAE,CAAC;QACV,SAAS,EAAE,iBAAiB;QAC5B,OAAO,EAAE,MAAM;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK;YACvD,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK;YACvD,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK;YACvD,eAAe,EAAE,KAAK,EAAE,mBAAmB,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK;YACpE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK;SACpE;QACD,KAAK,EAAE;YACL,IAAI,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE;YAChE,SAAS,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE;YAC/C,OAAO,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE;SAC/B;QACD,UAAU,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,eAAe,EAAE,EAAE,EAAE;QAC9E,QAAQ,EAAE,EAAE,QAAQ,EAAE,IAAI,GAAG,EAAE,EAAE;QACjC,MAAM,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE;QAC/C,aAAa,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE;QACzD,IAAI,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,EAAE,kBAAkB,EAAE,EAAE,EAAE;KAClE,CAAC;AACJ,CAAC;AAED,SAAS,UAAU;IACjB,OAAO;QACL,SAAS,EAAE,iBAAiB;QAC5B,OAAO,EAAE,CAAC,QAAQ,CAAC;QACnB,OAAO,EAAE,EAAE;QACX,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,EAAE,cAAc,EAAE,CAAC,EAAE;QAClF,OAAO,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE;QAC9E,KAAK,EAAE;YACL,IAAI,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE;YAChE,SAAS,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE;YAC/C,OAAO,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE;SAC/B;QACD,KAAK,EAAE,EAAE,0BAA0B,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QAC3D,WAAW,EAAE,wBAAwB;KACtC,CAAC;AACJ,CAAC;AAED,wEAAwE;AACxE,yEAAyE;AACzE,wEAAwE;AAExE,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;IACxC,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACvC,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;YAC3D,MAAM,KAAK,GAAG,WAAW,CAAC,wBAAwB,EAAE;;;;;;CAMzD,CAAC,CAAC;YACG,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACjC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;YAC/D,MAAM,KAAK,GAAG,WAAW,CAAC,0BAA0B,EAAE;;;;;;;CAO3D,CAAC,CAAC;YACG,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACjC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,KAAK,GAAG,WAAW,CAAC,wBAAwB,EAAE;;;;;;CAMzD,CAAC,CAAC;YACG,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;YAC1D,MAAM,KAAK,GAAG,WAAW,CAAC,0BAA0B,EAAE;;;;;;CAM3D,EAAE,oBAAoB,CAAC,CAAC;YACnB,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;YACzD,MAAM,MAAM,GAAG,YAAY,CAAC,4BAA4B,EAAE;;;;;;;CAO/D,CAAC,CAAC;YACG,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YAC5D,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACjC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,wEAAwE;IACxE,wEAAwE;IACxE,wEAAwE;IAExE,QAAQ,CAAC,uCAAuC,EAAE,GAAG,EAAE;QACrD,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;YACnC,MAAM,KAAK,GAAG,WAAW,CAAC,wBAAwB,EAAE;;;;;;;;;CASzD,CAAC,CAAC;YACG,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kBAAkB,EAAE,GAAG,EAAE;YAC1B,MAAM,KAAK,GAAG,WAAW,CAAC,wBAAwB,EAAE;;;;;;;;;;CAUzD,CAAC,CAAC;YACG,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mBAAmB,EAAE,GAAG,EAAE;YAC3B,MAAM,KAAK,GAAG,WAAW,CAAC,wBAAwB,EAAE;;;;;;;;;CASzD,CAAC,CAAC;YACG,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iBAAiB,EAAE,GAAG,EAAE;YACzB,MAAM,KAAK,GAAG,WAAW,CAAC,wBAAwB,EAAE;;;;;;;;;CASzD,CAAC,CAAC;YACG,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,KAAK,GAAG,WAAW,CAAC,wBAAwB,EAAE;;;;;;;CAOzD,CAAC,CAAC;YACG,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,MAAM,KAAK,GAAG,WAAW,CAAC,uBAAuB,EAAE;;;;;;;;;;CAUxD,CAAC,CAAC;YACG,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,wEAAwE;IACxE,yEAAyE;IACzE,wEAAwE;IAExE,QAAQ,CAAC,uCAAuC,EAAE,GAAG,EAAE;QACrD,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,KAAK,GAAG,WAAW,CAAC,wBAAwB,EAAE;;;;;;;CAOzD,CAAC,CAAC;YACG,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC5C,MAAM,KAAK,GAAG,WAAW,CAAC,wBAAwB,EAAE;;;;;;;CAOzD,CAAC,CAAC;YACG,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;YAC5D,MAAM,KAAK,GAAG,WAAW,CAAC,wBAAwB,EAAE;;;;;;;;;;CAUzD,CAAC,CAAC;YACG,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,wEAAwE;IACxE,yEAAyE;IACzE,wEAAwE;IAExE,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;QAC1B,EAAE,CAAC,kEAAkE,EAAE,GAAG,EAAE;YAC1E,MAAM,KAAK,GAAG,WAAW,CAAC,wBAAwB,EAAE;;;;;;;CAOzD,CAAC,CAAC;YACG,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;YAC9D,MAAM,KAAK,GAAG,WAAW,CAAC,wBAAwB,EAAE;;;;;;;;CAQzD,CAAC,CAAC;YACG,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;YAChE,MAAM,KAAK,GAAG,WAAW,CAAC,wBAAwB,EAAE;;;;;;;;;CASzD,CAAC,CAAC;YACG,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,wEAAwE;IACxE,yEAAyE;IACzE,wEAAwE;IAExE,QAAQ,CAAC,0CAA0C,EAAE,GAAG,EAAE;QACxD,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,MAAM,KAAK,GAAG,WAAW,CAAC,uBAAuB,EAAE;;;;;CAKxD,EAAE,iBAAiB,CAAC,CAAC;YAChB,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;YACnC,MAAM,KAAK,GAAG,WAAW,CAAC,uBAAuB,EAAE;;;;;CAKxD,CAAC,CAAC;YACG,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,wEAAwE;IACxE,yEAAyE;IACzE,wEAAwE;IAExE,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;QAC3C,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;YAChE,MAAM,KAAK,GAAG,WAAW,CAAC,yBAAyB,EAAE;;;;;CAK1D,EAAE,oBAAoB,CAAC,CAAC;YAClB,KAAa,CAAC,YAAY,GAAG,EAAE,MAAM,EAAE,wBAAwB,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;YAC5E,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACjC,sFAAsF;YACtF,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;YACpD,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,yCAAyC,CAAC,CAAC;QACpF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;YAC7D,MAAM,KAAK,GAAG,WAAW,CAAC,yBAAyB,EAAE;;;;;CAK1D,EAAE,oBAAoB,CAAC,CAAC;YAClB,KAAa,CAAC,YAAY,GAAG,EAAE,MAAM,EAAE,iBAAiB,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;YACrE,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACjC,uEAAuE;YACvE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,KAAK,GAAG,WAAW,CAAC,yBAAyB,EAAE;;;;;CAK1D,EAAE,oBAAoB,CAAC,CAAC;YACnB,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACjC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACzC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,wEAAwE;IACxE,yEAAyE;IACzE,wEAAwE;IAExE,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,KAAK,GAAG,WAAW,CAAC,wBAAwB,EAAE;;;;;CAKzD,CAAC,CAAC;YACG,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC5C,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;YACvD,MAAM,KAAK,GAAG,WAAW,CAAC,0BAA0B,EAAE;;;;;CAK3D,EAAE,oBAAoB,CAAC,CAAC;YACnB,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3C,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/rules/rate-limit-missing.d.ts

@@ -0,0 +1,5 @@
+import type { NextIndex } from "../next/types.js";
+import type { Finding, ProdcheckConfig } from "../engine/types.js";
+export declare const RULE_ID = "RATE-LIMIT-MISSING";
+export declare function run(index: NextIndex, config: ProdcheckConfig): Finding[];
+//# sourceMappingURL=rate-limit-missing.d.ts.map

package/dist/rules/rate-limit-missing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limit-missing.d.ts","sourceRoot":"","sources":["../../src/rules/rate-limit-missing.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAAa,MAAM,kBAAkB,CAAC;AAC7D,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAKnE,eAAO,MAAM,OAAO,uBAAuB,CAAC;AAkD5C,wBAAgB,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,eAAe,GAAG,OAAO,EAAE,CA8HxE"}