npm - @greenarmor/ges-audit-engine - Versions diffs - 0.5.2 → 0.5.3 - Mend

@greenarmor/ges-audit-engine 0.5.2 → 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/scanners/crypto-scanner.js +2 -1
package/dist/scanners/database-scanner.js +13 -3
package/dist/scanners/secrets-scanner.js +5 -1
package/package.json +2 -2

package/dist/scanners/crypto-scanner.js CHANGED Viewed

@@ -19,7 +19,8 @@ const WEAK_CRYPTO_PATTERNS = [
 ];
 const INSECURE_PASSWORD_PATTERNS = [
     { pattern: /\.compare\s*\(.*,\s*.*\)|bcrypt\.compare|argon2\.verify/gi, check: false, desc: "Secure password comparison" },
-    { pattern: /password\s*===?\s*|password\s*!==?\s*|\.equals\s*\(\s*password/gi, check: true, desc: "Plaintext password comparison (use Argon2id/bcrypt)" },
+    { pattern: /(?:stored|saved|hashed|db|database)\s*\.?\s*(?:password|pw)\s*===?\s*(?:req|input|user|plain|raw)/gi, check: true, desc: "Plaintext password comparison (use Argon2id/bcrypt)" },
+    { pattern: /(?:password|pw)\s*===?\s*['"][^'"]{2,}['"]/gi, check: true, desc: "Hardcoded password comparison (use Argon2id/bcrypt)" },
 ];
 const SCAN_EXTENSIONS = new Set([".ts", ".tsx", ".js", ".jsx", ".py", ".rb", ".go", ".java", ".php", ".cs"]);
 export class CryptoScanner {

package/dist/scanners/database-scanner.js CHANGED Viewed

@@ -16,9 +16,14 @@ const ORM_ENTITY_PATTERNS = {
     ".java": /@Entity\s*(?:public\s+)?class/i,
     ".php": /class\s+\w+\s+extends\s+(?:Model|Eloquent|Doctrine)/i,
 };
+const MIGRATION_DIR_PATTERN = /[\/\\]migrations?[\/\\]/i;
 function isDatabaseSchemaFile(filePath, content) {
     const ext = filePath.substring(filePath.lastIndexOf("."));
     const basename = filePath.substring(filePath.lastIndexOf("/") + 1);
+    if (ext === ".prisma")
+        return true;
+    if (MIGRATION_DIR_PATTERN.test(filePath))
+        return false;
     if (DB_SCHEMA_EXTENSIONS.has(ext))
         return true;
     for (const pattern of DB_SCHEMA_FILENAMES) {
@@ -46,9 +51,14 @@ export class DatabaseScanner {
         for (const [filePath, content] of ctx.fileContents) {
             if (!isDatabaseSchemaFile(filePath, content))
                 continue;
-            const hasTimestamps = /\b(?:timestamps|created_at|createdAt|createdDate|date_created|timecreated|createdTime)\s*[:\(]/i.test(content);
-            const hasSoftDelete = /\b(?:deleted_at|deletedAt|softDelete|paranoid|is_deleted|isDeleted|deleted|active)\s*[:\(]/i.test(content);
-            const hasUserAudit = /\b(?:created_by|createdBy|updated_by|updatedBy|owner_id|author_id)\s*[:\(]/i.test(content);
+            const isPrisma = filePath.endsWith(".prisma");
+            const hasTimestamps = isPrisma
+                ? /\b(?:createdAt|created_at)\b.*(?:DateTime|timestamp)/i.test(content)
+                : /\b(?:timestamps|created_at|createdAt|createdDate|date_created|timecreated|createdTime)\s*[:\(]/i.test(content);
+            const hasSoftDelete = /\b(?:deleted_at|deletedAt|softDelete|paranoid|is_deleted|isDeleted|deleted|active)\s*[:\(]/i.test(content)
+                || (isPrisma && /\b(?:deletedAt|deleted_at)\s+DateTime/i.test(content));
+            const hasUserAudit = /\b(?:created_by|createdBy|updated_by|updatedBy|owner_id|author_id)\s*[:\(]/i.test(content)
+                || (isPrisma && /\b(?:createdBy|updatedBy|ownerId|authorId)\s+String/i.test(content));
             const hasSchemaDef = /\b(?:model|schema|entity|table|struct|class)\b.*\{/i.test(content) ||
                 /\bCREATE\s+TABLE\b/i.test(content) ||
                 /@(?:Entity|Table|Schema)\b/.test(content);

package/dist/scanners/secrets-scanner.js CHANGED Viewed

@@ -20,11 +20,15 @@ const IGNORE_DIRS = new Set([
 const IGNORE_FILES = new Set([
     ".gitignore", "package-lock.json", "pnpm-lock.yaml", "yarn.lock",
 ]);
+const DOTENV_FILES = /^\.env(?:\.\w+)?$/;
 function shouldScanFile(filePath) {
     const parts = filePath.split("/");
     if (parts.some(p => IGNORE_DIRS.has(p)))
         return false;
-    if (IGNORE_FILES.has(parts[parts.length - 1] || ""))
+    const basename = parts[parts.length - 1] || "";
+    if (IGNORE_FILES.has(basename))
+        return false;
+    if (DOTENV_FILES.test(basename))
         return false;
     return true;
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@greenarmor/ges-audit-engine",
-  "version": "0.5.2",
+  "version": "0.5.3",
   "type": "module",
   "description": "GESF Audit Engine - Audit trails and compliance evaluation",
   "main": "./dist/index.js",
@@ -12,7 +12,7 @@
     }
   },
   "dependencies": {
-    "@greenarmor/ges-core": "0.5.2"
+    "@greenarmor/ges-core": "0.5.3"
   },
   "devDependencies": {
     "typescript": "^6.0.0",