@indicated/vibeguard 1.0.1 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/PROGRESS.md +42 -13
- package/dist/api/license.d.ts +14 -2
- package/dist/api/license.d.ts.map +1 -1
- package/dist/api/license.js +49 -16
- package/dist/api/license.js.map +1 -1
- package/dist/cli/commands/scan.d.ts.map +1 -1
- package/dist/cli/commands/scan.js +7 -2
- package/dist/cli/commands/scan.js.map +1 -1
- package/dist/cli/commands/upgrade.d.ts +3 -0
- package/dist/cli/commands/upgrade.d.ts.map +1 -0
- package/dist/cli/commands/upgrade.js +70 -0
- package/dist/cli/commands/upgrade.js.map +1 -0
- package/dist/cli/index.js +2 -0
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/output.d.ts +3 -2
- package/dist/cli/output.d.ts.map +1 -1
- package/dist/cli/output.js +27 -4
- package/dist/cli/output.js.map +1 -1
- package/dist/scanner/index.d.ts +4 -1
- package/dist/scanner/index.d.ts.map +1 -1
- package/dist/scanner/index.js +15 -2
- package/dist/scanner/index.js.map +1 -1
- package/dist/scanner/parsers/javascript.d.ts.map +1 -1
- package/dist/scanner/parsers/javascript.js +6 -0
- package/dist/scanner/parsers/javascript.js.map +1 -1
- package/dist/scanner/parsers/python.d.ts.map +1 -1
- package/dist/scanner/parsers/python.js +2 -0
- package/dist/scanner/parsers/python.js.map +1 -1
- package/dist/scanner/rules/definitions.d.ts.map +1 -1
- package/dist/scanner/rules/definitions.js +52 -4
- package/dist/scanner/rules/definitions.js.map +1 -1
- package/dist/scanner/rules/loader.js +1 -1
- package/dist/scanner/rules/loader.js.map +1 -1
- package/dist/scanner/rules/matcher.d.ts.map +1 -1
- package/dist/scanner/rules/matcher.js +1 -0
- package/dist/scanner/rules/matcher.js.map +1 -1
- package/dist/types.d.ts +3 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/api/license.ts +53 -18
- package/src/cli/commands/scan.ts +8 -2
- package/src/cli/commands/upgrade.ts +76 -0
- package/src/cli/index.ts +2 -0
- package/src/cli/output.ts +28 -5
- package/src/scanner/index.ts +19 -3
- package/src/scanner/parsers/javascript.ts +6 -0
- package/src/scanner/parsers/python.ts +2 -0
- package/src/scanner/rules/definitions.ts +53 -4
- package/src/scanner/rules/loader.ts +1 -1
- package/src/scanner/rules/matcher.ts +1 -0
- package/src/types.ts +3 -0
package/dist/scanner/index.js
CHANGED
|
@@ -40,6 +40,7 @@ const glob_1 = require("glob");
|
|
|
40
40
|
const loader_1 = require("./rules/loader");
|
|
41
41
|
const javascript_1 = require("./parsers/javascript");
|
|
42
42
|
const python_1 = require("./parsers/python");
|
|
43
|
+
const license_1 = require("../api/license");
|
|
43
44
|
const SUPPORTED_EXTENSIONS = {
|
|
44
45
|
'.js': 'javascript',
|
|
45
46
|
'.jsx': 'javascript',
|
|
@@ -65,15 +66,21 @@ const DEFAULT_EXCLUDE = [
|
|
|
65
66
|
class Scanner {
|
|
66
67
|
constructor(config = {}) {
|
|
67
68
|
this.rules = [];
|
|
69
|
+
this.userTier = 'free';
|
|
68
70
|
this.config = config;
|
|
69
71
|
}
|
|
70
72
|
async initialize(licenseKey) {
|
|
73
|
+
// Get user tier from license
|
|
74
|
+
this.userTier = await (0, license_1.getUserTier)(licenseKey);
|
|
71
75
|
const allRules = await (0, loader_1.loadRules)(licenseKey);
|
|
72
76
|
this.rules = (0, loader_1.filterRules)(allRules, {
|
|
73
77
|
enabled: this.config.rules?.enabled,
|
|
74
78
|
disabled: this.config.rules?.disabled,
|
|
75
79
|
});
|
|
76
80
|
}
|
|
81
|
+
getUserTier() {
|
|
82
|
+
return this.userTier;
|
|
83
|
+
}
|
|
77
84
|
async scan(targets) {
|
|
78
85
|
const startTime = Date.now();
|
|
79
86
|
const findings = [];
|
|
@@ -100,7 +107,7 @@ class Scanner {
|
|
|
100
107
|
}
|
|
101
108
|
return {
|
|
102
109
|
files: files.length,
|
|
103
|
-
findings: this.sortFindings(findings),
|
|
110
|
+
findings: this.markRestrictedFindings(this.sortFindings(findings)),
|
|
104
111
|
duration: Date.now() - startTime,
|
|
105
112
|
};
|
|
106
113
|
}
|
|
@@ -135,7 +142,7 @@ class Scanner {
|
|
|
135
142
|
}
|
|
136
143
|
return {
|
|
137
144
|
files: stagedFiles.length,
|
|
138
|
-
findings: this.sortFindings(findings),
|
|
145
|
+
findings: this.markRestrictedFindings(this.sortFindings(findings)),
|
|
139
146
|
duration: Date.now() - startTime,
|
|
140
147
|
};
|
|
141
148
|
}
|
|
@@ -199,6 +206,12 @@ class Scanner {
|
|
|
199
206
|
return true;
|
|
200
207
|
});
|
|
201
208
|
}
|
|
209
|
+
markRestrictedFindings(findings) {
|
|
210
|
+
return findings.map(finding => ({
|
|
211
|
+
...finding,
|
|
212
|
+
isRestricted: this.userTier === 'free' && finding.rule.tier === 'pro',
|
|
213
|
+
}));
|
|
214
|
+
}
|
|
202
215
|
getRules() {
|
|
203
216
|
return this.rules;
|
|
204
217
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/scanner/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAC7B,+BAA4B;AAE5B,2CAAwD;AACxD,qDAAsF;AACtF,6CAA0D;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/scanner/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAC7B,+BAA4B;AAE5B,2CAAwD;AACxD,qDAAsF;AACtF,6CAA0D;AAC1D,4CAA6C;AAE7C,MAAM,oBAAoB,GAA2B;IACnD,KAAK,EAAE,YAAY;IACnB,MAAM,EAAE,YAAY;IACpB,KAAK,EAAE,YAAY;IACnB,MAAM,EAAE,YAAY;IACpB,MAAM,EAAE,YAAY;IACpB,MAAM,EAAE,YAAY;IACpB,KAAK,EAAE,QAAQ;CAChB,CAAC;AAEF,MAAM,eAAe,GAAG;IACtB,oBAAoB;IACpB,YAAY;IACZ,aAAa;IACb,YAAY;IACZ,gBAAgB;IAChB,mBAAmB;IACnB,YAAY;IACZ,aAAa;IACb,WAAW;IACX,aAAa;IACb,gBAAgB;CACjB,CAAC;AAEF,MAAa,OAAO;IAKlB,YAAY,SAAiB,EAAE;QAJvB,UAAK,GAAmB,EAAE,CAAC;QAE3B,aAAQ,GAAS,MAAM,CAAC;QAG9B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,UAAmB;QAClC,6BAA6B;QAC7B,IAAI,CAAC,QAAQ,GAAG,MAAM,IAAA,qBAAW,EAAC,UAAU,CAAC,CAAC;QAE9C,MAAM,QAAQ,GAAG,MAAM,IAAA,kBAAS,EAAC,UAAU,CAAC,CAAC;QAC7C,IAAI,CAAC,KAAK,GAAG,IAAA,oBAAW,EAAC,QAAQ,EAAE;YACjC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO;YACnC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,QAAQ;SACtC,CAAC,CAAC;IACL,CAAC;IAED,WAAW;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAiB;QAC1B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YACxC,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAErC,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;gBACvB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;gBAClD,MAAM,OAAO,GAAG,CAAC,GAAG,eAAe,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;gBAErE,MAAM,YAAY,GAAG,MAAM,IAAA,WAAI,EAAC,WAAW,EAAE;oBAC3C,MAAM,EAAE,OAAO;oBACf,KAAK,EAAE,IAAI;iBACZ,CAAC,CAAC;gBAEH,KAAK,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACnE,CAAC;iBAAM,IAAI,IAAI,CAAC,MAAM,EAAE,IAAI,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC7D,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;QACjC,CAAC;QAED,OAAO;YACL,KAAK,EAAE,KAAK,CAAC,MAAM;YACnB,QAAQ,EAAE,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;YAClE,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU;QACd,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,4BAA4B;QAC5B,MAAM,EAAE,QAAQ,EAAE,GAAG,wDAAa,eAAe,GAAC,CAAC;QACnD,IAAI,WAAW,GAAa,EAAE,CAAC;QAE/B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,QAAQ,CAAC,iDAAiD,EAAE;gBACzE,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;YACH,WAAW,GAAG,MAAM;iBACjB,KAAK,CAAC,IAAI,CAAC;iBACX,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;iBAChD,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;YACzC,OAAO;gBACL,KAAK,EAAE,CAAC;gBACR,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACjC,CAAC;QACJ,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxB,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;gBAC/C,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,WAAW,CAAC,MAAM;YACzB,QAAQ,EAAE,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;YAClE,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,QAAQ,CAAC,QAAgB;QACrC,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACnC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;QAE3C,IAAI,CAAC,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE/B,IAAI,IAAY,CAAC;QACjB,IAAI,CAAC;YACH,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,2BAA2B;QAC3B,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAC7C,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAkD,CAAC,CAC5E,CAAC;QAEF,IAAI,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,YAAY,EAAE,CAAC;YAC3D,yBAAyB;YACzB,MAAM,GAAG,GAAG,IAAA,4BAAe,EAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;YAC5C,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,WAAW,GAAG,IAAA,wBAAW,EAAC,GAAG,EAAE,aAAa,EAAE;oBAClD,IAAI;oBACJ,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;oBACvB,QAAQ;iBACT,CAAC,CAAC;gBACH,QAAQ,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;YAChC,CAAC;YAED,kCAAkC;YAClC,MAAM,eAAe,GAAG,IAAA,6BAAgB,EAAC,IAAI,EAAE,aAAa,EAAE,QAAQ,CAAC,CAAC;YACxE,QAAQ,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC;QACpC,CAAC;aAAM,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,eAAe,GAAG,IAAA,+BAAsB,EAAC,IAAI,EAAE,aAAa,EAAE,QAAQ,CAAC,CAAC;YAC9E,QAAQ,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC;QACpC,CAAC;QAED,uBAAuB;QACvB,OAAO,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IAC5C,CAAC;IAEO,eAAe,CAAC,QAAgB;QACtC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACnC,OAAO,GAAG,IAAI,oBAAoB,CAAC;IACrC,CAAC;IAEO,YAAY,CAAC,QAAmB;QACtC,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAClE,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YAC5B,MAAM,YAAY,GAChB,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAClE,IAAI,YAAY,KAAK,CAAC;gBAAE,OAAO,YAAY,CAAC;YAC5C,OAAO,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,mBAAmB,CAAC,QAAmB;QAC7C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAC/B,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;YACzB,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;YAC/C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;YAChC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,sBAAsB,CAAC,QAAmB;QAChD,OAAO,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAC9B,GAAG,OAAO;YACV,YAAY,EAAE,IAAI,CAAC,QAAQ,KAAK,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK;SACtE,CAAC,CAAC,CAAC;IACN,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;CACF;AAjLD,0BAiLC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"javascript.d.ts","sourceRoot":"","sources":["../../../src/scanner/parsers/javascript.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,CAAC,MAAM,cAAc,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAEpD,UAAU,UAAU;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,CAAC,CAAC,IAAI,GAAG,IAAI,CAiB7E;AAED,wBAAgB,WAAW,CACzB,GAAG,EAAE,CAAC,CAAC,IAAI,EACX,KAAK,EAAE,YAAY,EAAE,EACrB,OAAO,EAAE,UAAU,GAClB,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"javascript.d.ts","sourceRoot":"","sources":["../../../src/scanner/parsers/javascript.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,CAAC,MAAM,cAAc,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAEpD,UAAU,UAAU;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,CAAC,CAAC,IAAI,GAAG,IAAI,CAiB7E;AAED,wBAAgB,WAAW,CACzB,GAAG,EAAE,CAAC,CAAC,IAAI,EACX,KAAK,EAAE,YAAY,EAAE,EACrB,OAAO,EAAE,UAAU,GAClB,OAAO,EAAE,CAgNX;AAED,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,YAAY,EAAE,EACrB,QAAQ,EAAE,MAAM,GACf,OAAO,EAAE,CA0CX"}
|
|
@@ -78,6 +78,7 @@ function scanWithAST(ast, rules, context) {
|
|
|
78
78
|
column: loc?.start.column || 0,
|
|
79
79
|
code: context.lines[(loc?.start.line || 1) - 1] || '',
|
|
80
80
|
message: rule.description,
|
|
81
|
+
isRestricted: false,
|
|
81
82
|
};
|
|
82
83
|
}
|
|
83
84
|
}
|
|
@@ -110,6 +111,7 @@ function scanWithAST(ast, rules, context) {
|
|
|
110
111
|
column: loc?.start.column || 0,
|
|
111
112
|
code: context.lines[(loc?.start.line || 1) - 1] || '',
|
|
112
113
|
message: rule.description,
|
|
114
|
+
isRestricted: false,
|
|
113
115
|
};
|
|
114
116
|
}
|
|
115
117
|
}
|
|
@@ -135,6 +137,7 @@ function scanWithAST(ast, rules, context) {
|
|
|
135
137
|
column: loc?.start.column || 0,
|
|
136
138
|
code: context.lines[(loc?.start.line || 1) - 1] || '',
|
|
137
139
|
message: rule.description,
|
|
140
|
+
isRestricted: false,
|
|
138
141
|
};
|
|
139
142
|
}
|
|
140
143
|
}
|
|
@@ -153,6 +156,7 @@ function scanWithAST(ast, rules, context) {
|
|
|
153
156
|
column: loc?.start.column || 0,
|
|
154
157
|
code: context.lines[(loc?.start.line || 1) - 1] || '',
|
|
155
158
|
message: rule.description,
|
|
159
|
+
isRestricted: false,
|
|
156
160
|
};
|
|
157
161
|
}
|
|
158
162
|
}
|
|
@@ -200,6 +204,7 @@ function scanWithAST(ast, rules, context) {
|
|
|
200
204
|
column: loc?.start.column || 0,
|
|
201
205
|
code: context.lines[(loc?.start.line || 1) - 1] || '',
|
|
202
206
|
message: `API route ${routePath.value} may be missing authentication`,
|
|
207
|
+
isRestricted: false,
|
|
203
208
|
};
|
|
204
209
|
}
|
|
205
210
|
}
|
|
@@ -256,6 +261,7 @@ function scanWithPatterns(code, rules, filePath) {
|
|
|
256
261
|
column,
|
|
257
262
|
code: lines[lineNumber - 1] || '',
|
|
258
263
|
message: rule.description,
|
|
264
|
+
isRestricted: false,
|
|
259
265
|
});
|
|
260
266
|
}
|
|
261
267
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"javascript.js","sourceRoot":"","sources":["../../../src/scanner/parsers/javascript.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAWA,0CAiBC;AAED,
|
|
1
|
+
{"version":3,"file":"javascript.js","sourceRoot":"","sources":["../../../src/scanner/parsers/javascript.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAWA,0CAiBC;AAED,kCAoNC;AAED,4CA8CC;AAlSD,sDAAwC;AACxC,+DAAqD;AACrD,gDAAkC;AASlC,SAAgB,eAAe,CAAC,IAAY,EAAE,QAAgB;IAC5D,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE;YACxB,UAAU,EAAE,QAAQ;YACpB,OAAO,EAAE;gBACP,KAAK;gBACL,YAAY;gBACZ,mBAAmB;gBACnB,iBAAiB;gBACjB,kBAAkB;gBAClB,2BAA2B;aAC5B;SACF,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,gEAAgE;QAChE,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,WAAW,CACzB,GAAW,EACX,KAAqB,EACrB,OAAmB;IAEnB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,MAAM,WAAW,GAAuD;QACtE,YAAY,EAAE,CAAC,IAAc,EAAE,EAAE;YAC/B,IACE,IAAI,CAAC,gBAAgB,EAAE;gBACvB,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC;gBAChC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,MAAM,EAChC,CAAC;gBACD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,YAAY,CAAC,CAAC;gBACpD,IAAI,IAAI,EAAE,CAAC;oBACT,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;oBAC1B,OAAO;wBACL,IAAI;wBACJ,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;wBAC1B,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;wBAC9B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE;wBACrD,OAAO,EAAE,IAAI,CAAC,WAAW;wBACzB,YAAY,EAAE,KAAK;qBACpB,CAAC;gBACJ,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,eAAe,EAAE,CAAC,IAAc,EAAE,EAAE;YAClC,IAAI,IAAI,CAAC,iBAAiB,EAAE,IAAI,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;gBAC1D,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC;gBAC/B,IACE,MAAM,EAAE,gBAAgB,EAAE;oBAC1B,CAAC,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EACxC,CAAC;oBACD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;oBAClC,MAAM,UAAU,GAAG,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBAE/E,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;wBAC7D,6EAA6E;wBAC7E,IACE,IAAI,CAAC,iBAAiB,EAAE;4BACxB,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAChC,CAAC;4BACD,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CACxC,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,EACpB,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CACnB,CAAC,WAAW,EAAE,CAAC;4BAEhB,IACE,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;gCAC9B,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;gCAC9B,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;gCAC9B,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;gCAC9B,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,EAC7B,CAAC;gCACD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC;gCACvD,IAAI,IAAI,EAAE,CAAC;oCACT,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;oCAC1B,OAAO;wCACL,IAAI;wCACJ,IAAI,EAAE,OAAO,CAAC,QAAQ;wCACtB,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;wCAC1B,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;wCAC9B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE;wCACrD,OAAO,EAAE,IAAI,CAAC,WAAW;wCACzB,YAAY,EAAE,KAAK;qCACpB,CAAC;gCACJ,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,eAAe,EAAE,CAAC,IAAc,EAAE,EAAE;YAClC,IAAI,IAAI,CAAC,sBAAsB,EAAE,EAAE,CAAC;gBAClC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;gBAC5B,IACE,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC;oBAC1B,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC;oBAC7B,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,WAAW,EAClC,CAAC;oBACD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC;oBACvD,IAAI,IAAI,EAAE,CAAC;wBACT,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;wBAC1B,OAAO;4BACL,IAAI;4BACJ,IAAI,EAAE,OAAO,CAAC,QAAQ;4BACtB,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;4BAC1B,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;4BAC9B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE;4BACrD,OAAO,EAAE,IAAI,CAAC,WAAW;4BACzB,YAAY,EAAE,KAAK;yBACpB,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YAED,2CAA2C;YAC3C,IAAI,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;gBAC1B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;gBAC5B,IAAI,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,KAAK,yBAAyB,EAAE,CAAC;oBACvE,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC;oBACvD,IAAI,IAAI,EAAE,CAAC;wBACT,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;wBAC1B,OAAO;4BACL,IAAI;4BACJ,IAAI,EAAE,OAAO,CAAC,QAAQ;4BACtB,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;4BAC1B,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;4BAC9B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE;4BACrD,OAAO,EAAE,IAAI,CAAC,WAAW;4BACzB,YAAY,EAAE,KAAK;yBACpB,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;QAED,cAAc,EAAE,CAAC,IAAc,EAAE,EAAE;YACjC,wDAAwD;YACxD,IAAI,IAAI,CAAC,gBAAgB,EAAE,EAAE,CAAC;gBAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC;gBAChC,IACE,CAAC,CAAC,kBAAkB,CAAC,MAAM,CAAC;oBAC5B,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC;oBAC/B,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EACxE,CAAC;oBACD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;oBACjC,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;wBACrB,4DAA4D;wBAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CACrC,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,EACpB,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CACnB,CAAC,WAAW,EAAE,CAAC;wBAEhB,iEAAiE;wBACjE,MAAM,iBAAiB,GACrB,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;4BACzB,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;4BAC5B,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC;4BAC1B,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;4BACxB,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC;4BAC/B,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC;4BACpC,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC;4BAChC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;4BAC5B,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;wBAE9B,IAAI,CAAC,iBAAiB,EAAE,CAAC;4BACvB,2CAA2C;4BAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;4BAC1B,IAAI,CAAC,CAAC,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;gCACjC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;gCAChD,IACE,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC;oCAC3B,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC;oCAC3B,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;oCAC5B,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC;oCAC9B,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,EAC9B,CAAC;oCACD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC;oCAC5D,IAAI,IAAI,EAAE,CAAC;wCACT,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;wCAC1B,OAAO;4CACL,IAAI;4CACJ,IAAI,EAAE,OAAO,CAAC,QAAQ;4CACtB,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;4CAC1B,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;4CAC9B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE;4CACrD,OAAO,EAAE,aAAa,SAAS,CAAC,KAAK,gCAAgC;4CACrE,YAAY,EAAE,KAAK;yCACpB,CAAC;oCACJ,CAAC;gCACH,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;IAEF,IAAA,kBAAQ,EAAC,GAAG,EAAE;QACZ,KAAK,CAAC,IAAI;YACR,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBAClD,MAAM,OAAO,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC;gBAC9C,IAAI,OAAO,EAAE,CAAC;oBACZ,mBAAmB;oBACnB,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAC/B,CAAC,CAAC,EAAE,CACF,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,EAAE;wBAC7B,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI;wBACvB,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAC1B,CAAC;oBACF,IAAI,CAAC,WAAW,EAAE,CAAC;wBACjB,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBACzB,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;KACF,CAAC,CAAC;IAEH,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAgB,gBAAgB,CAC9B,IAAY,EACZ,KAAqB,EACrB,QAAgB;IAEhB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,SAAS;QAE7B,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,IAAI,KAAK,CAAC;YACV,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAEnG,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,yCAAyC;gBACzC,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBACnD,MAAM,UAAU,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;gBAC/D,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACpD,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,GAAG,SAAS,CAAC;gBAEvC,mBAAmB;gBACnB,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAC/B,CAAC,CAAC,EAAE,CACF,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE;oBACrB,CAAC,CAAC,IAAI,KAAK,UAAU;oBACrB,CAAC,CAAC,IAAI,KAAK,QAAQ,CACtB,CAAC;gBAEF,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI;wBACJ,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,UAAU;wBAChB,MAAM;wBACN,IAAI,EAAE,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE;wBACjC,OAAO,EAAE,IAAI,CAAC,WAAW;wBACzB,YAAY,EAAE,KAAK;qBACpB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"python.d.ts","sourceRoot":"","sources":["../../../src/scanner/parsers/python.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AA+CpD,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,YAAY,EAAE,EACrB,QAAQ,EAAE,MAAM,GACf,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"python.d.ts","sourceRoot":"","sources":["../../../src/scanner/parsers/python.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AA+CpD,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,YAAY,EAAE,EACrB,QAAQ,EAAE,MAAM,GACf,OAAO,EAAE,CA4EX"}
|
|
@@ -71,6 +71,7 @@ function scanPythonWithPatterns(code, rules, filePath) {
|
|
|
71
71
|
column,
|
|
72
72
|
code: lines[lineNumber - 1] || '',
|
|
73
73
|
message: rule.description,
|
|
74
|
+
isRestricted: false,
|
|
74
75
|
});
|
|
75
76
|
}
|
|
76
77
|
}
|
|
@@ -99,6 +100,7 @@ function scanPythonWithPatterns(code, rules, filePath) {
|
|
|
99
100
|
column,
|
|
100
101
|
code: lines[lineNumber - 1] || '',
|
|
101
102
|
message: rule.description,
|
|
103
|
+
isRestricted: false,
|
|
102
104
|
});
|
|
103
105
|
}
|
|
104
106
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"python.js","sourceRoot":"","sources":["../../../src/scanner/parsers/python.ts"],"names":[],"mappings":";;AA+CA,
|
|
1
|
+
{"version":3,"file":"python.js","sourceRoot":"","sources":["../../../src/scanner/parsers/python.ts"],"names":[],"mappings":";;AA+CA,wDAgFC;AA7HD,0DAA0D;AAC1D,MAAM,cAAc,GAA0C;IAC5D,yBAAyB;IACzB;QACE,MAAM,EAAE,eAAe;QACvB,OAAO,EAAE,gFAAgF;KAC1F;IACD;QACE,MAAM,EAAE,eAAe;QACvB,OAAO,EAAE,0EAA0E;KACpF;IACD;QACE,MAAM,EAAE,eAAe;QACvB,OAAO,EAAE,yEAAyE;KACnF;IACD,aAAa;IACb;QACE,MAAM,EAAE,YAAY;QACpB,OAAO,EAAE,qDAAqD;KAC/D;IACD;QACE,MAAM,EAAE,YAAY;QACpB,OAAO,EAAE,qDAAqD;KAC/D;IACD,oBAAoB;IACpB;QACE,MAAM,EAAE,kBAAkB;QAC1B,OAAO,EAAE,wEAAwE;KAClF;IACD,4BAA4B;IAC5B;QACE,MAAM,EAAE,iBAAiB;QACzB,OAAO,EAAE,6DAA6D;KACvE;IACD,2BAA2B;IAC3B;QACE,MAAM,EAAE,gBAAgB;QACxB,OAAO,EAAE,qCAAqC;KAC/C;IACD;QACE,MAAM,EAAE,gBAAgB;QACxB,OAAO,EAAE,kBAAkB;KAC5B;CACF,CAAC;AAEF,SAAgB,sBAAsB,CACpC,IAAY,EACZ,KAAqB,EACrB,QAAgB;IAEhB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAE/B,yCAAyC;IACzC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEnE,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,IAAI,KAAK,CAAC;YACV,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAEnG,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBACnD,MAAM,UAAU,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;gBAC/D,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACpD,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,GAAG,SAAS,CAAC;gBAEvC,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAC/B,CAAC,CAAC,EAAE,CACF,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE;oBACrB,CAAC,CAAC,IAAI,KAAK,UAAU;oBACrB,CAAC,CAAC,IAAI,KAAK,QAAQ,CACtB,CAAC;gBAEF,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI;wBACJ,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,UAAU;wBAChB,MAAM;wBACN,IAAI,EAAE,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE;wBACjC,OAAO,EAAE,IAAI,CAAC,WAAW;wBACzB,YAAY,EAAE,KAAK;qBACpB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,KAAK,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,cAAc,EAAE,CAAC;QACjD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,IAAI;YAAE,SAAS;QAEpB,IAAI,KAAK,CAAC;QACV,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAEnG,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACnD,MAAM,UAAU,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;YAC/D,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACpD,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,GAAG,SAAS,CAAC;YAEvC,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAC/B,CAAC,CAAC,EAAE,CACF,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,MAAM;gBACpB,CAAC,CAAC,IAAI,KAAK,UAAU;gBACrB,CAAC,CAAC,IAAI,KAAK,QAAQ,CACtB,CAAC;YAEF,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI;oBACJ,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,UAAU;oBAChB,MAAM;oBACN,IAAI,EAAE,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE;oBACjC,OAAO,EAAE,IAAI,CAAC,WAAW;oBACzB,YAAY,EAAE,KAAK;iBACpB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"definitions.d.ts","sourceRoot":"","sources":["../../../src/scanner/rules/definitions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,eAAO,MAAM,aAAa,EAAE,YAAY,
|
|
1
|
+
{"version":3,"file":"definitions.d.ts","sourceRoot":"","sources":["../../../src/scanner/rules/definitions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,eAAO,MAAM,aAAa,EAAE,YAAY,EAsnBvC,CAAC;AAEF,wBAAgB,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS,CAEhE;AAED,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,YAAY,EAAE,CAEnE"}
|
|
@@ -4,12 +4,16 @@ exports.securityRules = void 0;
|
|
|
4
4
|
exports.getRuleById = getRuleById;
|
|
5
5
|
exports.getRulesBySeverity = getRulesBySeverity;
|
|
6
6
|
exports.securityRules = [
|
|
7
|
+
// ============================================
|
|
8
|
+
// FREE TIER RULES - Basic vulnerabilities
|
|
9
|
+
// ============================================
|
|
7
10
|
// CRITICAL
|
|
8
11
|
{
|
|
9
12
|
id: 'hardcoded-secret',
|
|
10
13
|
name: 'Hardcoded API Key/Secret',
|
|
11
14
|
description: 'Hardcoded secrets can be extracted from source code and used maliciously',
|
|
12
15
|
severity: 'critical',
|
|
16
|
+
tier: 'free',
|
|
13
17
|
languages: ['javascript', 'typescript', 'python'],
|
|
14
18
|
patterns: [
|
|
15
19
|
/(['"`])(?:sk-[a-zA-Z0-9]{20,})\1/,
|
|
@@ -26,6 +30,7 @@ exports.securityRules = [
|
|
|
26
30
|
name: 'SQL Injection Vulnerability',
|
|
27
31
|
description: 'User input directly concatenated into SQL queries can allow attackers to execute arbitrary SQL',
|
|
28
32
|
severity: 'critical',
|
|
33
|
+
tier: 'free',
|
|
29
34
|
languages: ['javascript', 'typescript', 'python'],
|
|
30
35
|
astMatcher: 'sql-injection',
|
|
31
36
|
fix: 'Use parameterized queries or prepared statements',
|
|
@@ -35,6 +40,7 @@ exports.securityRules = [
|
|
|
35
40
|
name: 'Dangerous eval() Usage',
|
|
36
41
|
description: 'eval() with dynamic input can execute arbitrary code',
|
|
37
42
|
severity: 'critical',
|
|
43
|
+
tier: 'free',
|
|
38
44
|
languages: ['javascript', 'typescript', 'python'],
|
|
39
45
|
astMatcher: 'eval-usage',
|
|
40
46
|
fix: 'Avoid eval() entirely or use safer alternatives like JSON.parse()',
|
|
@@ -44,6 +50,7 @@ exports.securityRules = [
|
|
|
44
50
|
name: 'Command Injection Vulnerability',
|
|
45
51
|
description: 'User input passed to shell commands can allow arbitrary command execution',
|
|
46
52
|
severity: 'critical',
|
|
53
|
+
tier: 'free',
|
|
47
54
|
languages: ['javascript', 'typescript', 'python'],
|
|
48
55
|
patterns: [
|
|
49
56
|
/child_process.*exec\s*\([^)]*\$\{/,
|
|
@@ -62,6 +69,7 @@ exports.securityRules = [
|
|
|
62
69
|
name: 'Insecure Deserialization',
|
|
63
70
|
description: 'Deserializing untrusted data can lead to remote code execution',
|
|
64
71
|
severity: 'critical',
|
|
72
|
+
tier: 'free',
|
|
65
73
|
languages: ['javascript', 'typescript', 'python'],
|
|
66
74
|
patterns: [
|
|
67
75
|
/pickle\.loads?\s*\(/,
|
|
@@ -73,12 +81,13 @@ exports.securityRules = [
|
|
|
73
81
|
],
|
|
74
82
|
fix: 'Use safe deserialization methods. For Python use yaml.safe_load(). Avoid pickle with untrusted data',
|
|
75
83
|
},
|
|
76
|
-
// HIGH
|
|
84
|
+
// HIGH (Pro - framework-specific)
|
|
77
85
|
{
|
|
78
86
|
id: 'missing-auth-route',
|
|
79
87
|
name: 'Missing Authentication on API Route',
|
|
80
88
|
description: 'API routes without authentication checks can be accessed by anyone',
|
|
81
89
|
severity: 'high',
|
|
90
|
+
tier: 'pro',
|
|
82
91
|
languages: ['javascript', 'typescript'],
|
|
83
92
|
astMatcher: 'missing-auth',
|
|
84
93
|
fix: 'Add authentication middleware or check session/token at route start',
|
|
@@ -88,6 +97,7 @@ exports.securityRules = [
|
|
|
88
97
|
name: 'XSS via innerHTML/dangerouslySetInnerHTML',
|
|
89
98
|
description: 'Setting innerHTML with user data can execute malicious scripts',
|
|
90
99
|
severity: 'high',
|
|
100
|
+
tier: 'free',
|
|
91
101
|
languages: ['javascript', 'typescript'],
|
|
92
102
|
astMatcher: 'xss-innerhtml',
|
|
93
103
|
fix: 'Use textContent instead of innerHTML, or sanitize with DOMPurify',
|
|
@@ -97,6 +107,7 @@ exports.securityRules = [
|
|
|
97
107
|
name: 'Secrets in localStorage/sessionStorage',
|
|
98
108
|
description: 'Storing sensitive data in browser storage exposes it to XSS attacks',
|
|
99
109
|
severity: 'high',
|
|
110
|
+
tier: 'free',
|
|
100
111
|
languages: ['javascript', 'typescript'],
|
|
101
112
|
patterns: [
|
|
102
113
|
/localStorage\.setItem\s*\(\s*['"`](?:token|jwt|auth|session|api[_-]?key|secret|password|credential)/i,
|
|
@@ -109,6 +120,7 @@ exports.securityRules = [
|
|
|
109
120
|
name: 'Supabase Without RLS',
|
|
110
121
|
description: 'Direct table access without Row Level Security allows unauthorized data access',
|
|
111
122
|
severity: 'high',
|
|
123
|
+
tier: 'pro',
|
|
112
124
|
languages: ['javascript', 'typescript'],
|
|
113
125
|
patterns: [
|
|
114
126
|
/\.from\s*\(\s*['"`][^'"`]+['"`]\s*\)\.(?:select|insert|update|delete)/,
|
|
@@ -121,6 +133,7 @@ exports.securityRules = [
|
|
|
121
133
|
name: 'Firebase Without Security Rules',
|
|
122
134
|
description: 'Firebase operations without proper security rules can expose data',
|
|
123
135
|
severity: 'high',
|
|
136
|
+
tier: 'pro',
|
|
124
137
|
languages: ['javascript', 'typescript'],
|
|
125
138
|
patterns: [
|
|
126
139
|
/firestore\(\)\.collection\s*\(\s*['"`][^'"`]+['"`]\s*\)/,
|
|
@@ -133,6 +146,7 @@ exports.securityRules = [
|
|
|
133
146
|
name: 'Potential IDOR Vulnerability',
|
|
134
147
|
description: 'Direct object references without ownership check allow unauthorized access',
|
|
135
148
|
severity: 'high',
|
|
149
|
+
tier: 'free',
|
|
136
150
|
languages: ['javascript', 'typescript'],
|
|
137
151
|
astMatcher: 'idor',
|
|
138
152
|
fix: 'Always verify the requesting user owns or has access to the resource',
|
|
@@ -142,6 +156,7 @@ exports.securityRules = [
|
|
|
142
156
|
name: 'Path Traversal Vulnerability',
|
|
143
157
|
description: 'User input in file paths can allow access to arbitrary files',
|
|
144
158
|
severity: 'high',
|
|
159
|
+
tier: 'free',
|
|
145
160
|
languages: ['javascript', 'typescript', 'python'],
|
|
146
161
|
patterns: [
|
|
147
162
|
/(?:readFile|writeFile|readFileSync|writeFileSync|createReadStream|createWriteStream)\s*\([^)]*(?:req\.|params\.|query\.|body\.|\$\{)/,
|
|
@@ -157,6 +172,7 @@ exports.securityRules = [
|
|
|
157
172
|
name: 'Server-Side Request Forgery (SSRF)',
|
|
158
173
|
description: 'User-controlled URLs can be used to access internal services',
|
|
159
174
|
severity: 'high',
|
|
175
|
+
tier: 'free',
|
|
160
176
|
languages: ['javascript', 'typescript', 'python'],
|
|
161
177
|
patterns: [
|
|
162
178
|
/(?:fetch|axios\.get|axios\.post|request|got|node-fetch)\s*\([^)]*(?:req\.|params\.|query\.|body\.|\$\{)/,
|
|
@@ -171,6 +187,7 @@ exports.securityRules = [
|
|
|
171
187
|
name: 'Open Redirect Vulnerability',
|
|
172
188
|
description: 'Redirecting to user-supplied URLs can be used for phishing attacks',
|
|
173
189
|
severity: 'high',
|
|
190
|
+
tier: 'free',
|
|
174
191
|
languages: ['javascript', 'typescript', 'python'],
|
|
175
192
|
patterns: [
|
|
176
193
|
/res\.redirect\s*\([^)]*(?:req\.|params\.|query\.|body\.)/,
|
|
@@ -187,6 +204,7 @@ exports.securityRules = [
|
|
|
187
204
|
name: 'Insecure Cookie Configuration',
|
|
188
205
|
description: 'Cookies without security flags are vulnerable to theft and CSRF',
|
|
189
206
|
severity: 'high',
|
|
207
|
+
tier: 'free',
|
|
190
208
|
languages: ['javascript', 'typescript', 'python'],
|
|
191
209
|
patterns: [
|
|
192
210
|
/^\s*res\.cookie\s*\(\s*['"`](?:token|session|auth|jwt)[^'"]*['"`]\s*,\s*\w+\s*\)/im,
|
|
@@ -200,6 +218,7 @@ exports.securityRules = [
|
|
|
200
218
|
name: 'Missing CSRF Protection',
|
|
201
219
|
description: 'Forms without CSRF tokens can be exploited by malicious sites',
|
|
202
220
|
severity: 'high',
|
|
221
|
+
tier: 'free',
|
|
203
222
|
languages: ['javascript', 'typescript', 'python'],
|
|
204
223
|
patterns: [
|
|
205
224
|
/<form[^>]+method\s*=\s*['"`]post['"`][^>]*>(?![^<]{0,200}csrf)/i,
|
|
@@ -207,12 +226,13 @@ exports.securityRules = [
|
|
|
207
226
|
],
|
|
208
227
|
fix: 'Implement CSRF tokens using csurf (Express) or Django/Flask CSRF middleware',
|
|
209
228
|
},
|
|
210
|
-
// MEDIUM
|
|
229
|
+
// MEDIUM (Free tier)
|
|
211
230
|
{
|
|
212
231
|
id: 'permissive-cors',
|
|
213
232
|
name: 'Permissive CORS Configuration',
|
|
214
233
|
description: 'Allowing all origins can enable CSRF attacks from any website',
|
|
215
234
|
severity: 'medium',
|
|
235
|
+
tier: 'free',
|
|
216
236
|
languages: ['javascript', 'typescript', 'python'],
|
|
217
237
|
patterns: [
|
|
218
238
|
/Access-Control-Allow-Origin['"`:]\s*['"`]\*['"`]/,
|
|
@@ -226,6 +246,7 @@ exports.securityRules = [
|
|
|
226
246
|
name: 'HTTP Instead of HTTPS',
|
|
227
247
|
description: 'Unencrypted HTTP connections can be intercepted',
|
|
228
248
|
severity: 'medium',
|
|
249
|
+
tier: 'free',
|
|
229
250
|
languages: ['javascript', 'typescript', 'python'],
|
|
230
251
|
patterns: [
|
|
231
252
|
/['"`]http:\/\/(?!localhost|127\.0\.0\.1|0\.0\.0\.0)[^'"`]+['"`]/,
|
|
@@ -237,6 +258,7 @@ exports.securityRules = [
|
|
|
237
258
|
name: 'Weak Password Requirements',
|
|
238
259
|
description: 'Password validation that allows weak passwords',
|
|
239
260
|
severity: 'medium',
|
|
261
|
+
tier: 'free',
|
|
240
262
|
languages: ['javascript', 'typescript', 'python'],
|
|
241
263
|
patterns: [
|
|
242
264
|
/password\.length\s*(?:>=?|>)\s*[1-5](?!\d)/,
|
|
@@ -250,6 +272,7 @@ exports.securityRules = [
|
|
|
250
272
|
name: 'Hardcoded IP Address',
|
|
251
273
|
description: 'Hardcoded IP addresses make configuration inflexible and may expose internal infrastructure',
|
|
252
274
|
severity: 'medium',
|
|
275
|
+
tier: 'free',
|
|
253
276
|
languages: ['javascript', 'typescript', 'python'],
|
|
254
277
|
patterns: [
|
|
255
278
|
/['"`](?:10\.\d{1,3}\.\d{1,3}\.\d{1,3})['"`]/,
|
|
@@ -264,6 +287,7 @@ exports.securityRules = [
|
|
|
264
287
|
name: 'XML External Entity (XXE) Injection',
|
|
265
288
|
description: 'XML parsers with external entities enabled can leak files or perform SSRF',
|
|
266
289
|
severity: 'medium',
|
|
290
|
+
tier: 'free',
|
|
267
291
|
languages: ['javascript', 'typescript', 'python'],
|
|
268
292
|
patterns: [
|
|
269
293
|
/xml2js/,
|
|
@@ -282,6 +306,7 @@ exports.securityRules = [
|
|
|
282
306
|
name: 'JWT None Algorithm Vulnerability',
|
|
283
307
|
description: 'Accepting "none" algorithm in JWT allows token forgery',
|
|
284
308
|
severity: 'medium',
|
|
309
|
+
tier: 'free',
|
|
285
310
|
languages: ['javascript', 'typescript', 'python'],
|
|
286
311
|
patterns: [
|
|
287
312
|
/algorithms\s*:\s*\[[^\]]*['"`]none['"`]/i,
|
|
@@ -291,12 +316,13 @@ exports.securityRules = [
|
|
|
291
316
|
],
|
|
292
317
|
fix: 'Always specify allowed algorithms explicitly and never include "none"',
|
|
293
318
|
},
|
|
294
|
-
// LOW
|
|
319
|
+
// LOW (Free tier)
|
|
295
320
|
{
|
|
296
321
|
id: 'verbose-errors',
|
|
297
322
|
name: 'Verbose Error Messages to Client',
|
|
298
323
|
description: 'Detailed error messages can leak implementation details to attackers',
|
|
299
324
|
severity: 'low',
|
|
325
|
+
tier: 'free',
|
|
300
326
|
languages: ['javascript', 'typescript'],
|
|
301
327
|
patterns: [
|
|
302
328
|
/res\.(?:json|send)\s*\(\s*(?:err|error)(?:\.message|\.stack)?/,
|
|
@@ -309,6 +335,7 @@ exports.securityRules = [
|
|
|
309
335
|
name: 'Missing Rate Limiting',
|
|
310
336
|
description: 'Auth endpoints without rate limiting are vulnerable to brute force attacks',
|
|
311
337
|
severity: 'low',
|
|
338
|
+
tier: 'free',
|
|
312
339
|
languages: ['javascript', 'typescript'],
|
|
313
340
|
patterns: [
|
|
314
341
|
/app\.post\s*\(\s*['"`]\/(?:login|signin|auth\/login|api\/login)['"`]\s*,\s*(?:async\s*)?\(/,
|
|
@@ -323,6 +350,7 @@ exports.securityRules = [
|
|
|
323
350
|
name: 'Logging Sensitive Data',
|
|
324
351
|
description: 'Logging sensitive information can expose it in log files',
|
|
325
352
|
severity: 'low',
|
|
353
|
+
tier: 'free',
|
|
326
354
|
languages: ['javascript', 'typescript', 'python'],
|
|
327
355
|
patterns: [
|
|
328
356
|
/console\.log\s*\(\s*(?:password|secret|apiKey|token|credential|accessToken|refreshToken)\s*[,)]/i,
|
|
@@ -338,6 +366,7 @@ exports.securityRules = [
|
|
|
338
366
|
name: 'Debug Mode Enabled in Production',
|
|
339
367
|
description: 'Debug mode can expose sensitive information and stack traces',
|
|
340
368
|
severity: 'low',
|
|
369
|
+
tier: 'free',
|
|
341
370
|
languages: ['javascript', 'typescript', 'python'],
|
|
342
371
|
patterns: [
|
|
343
372
|
/DEBUG\s*=\s*True/,
|
|
@@ -352,6 +381,7 @@ exports.securityRules = [
|
|
|
352
381
|
name: 'Potential Prototype Pollution',
|
|
353
382
|
description: 'Merging user input into objects can allow prototype pollution attacks',
|
|
354
383
|
severity: 'low',
|
|
384
|
+
tier: 'free',
|
|
355
385
|
languages: ['javascript', 'typescript'],
|
|
356
386
|
patterns: [
|
|
357
387
|
/Object\.assign\s*\(\s*\{\}\s*,[^)]*(?:req\.|body\.|params\.|query\.)/,
|
|
@@ -362,7 +392,7 @@ exports.securityRules = [
|
|
|
362
392
|
fix: 'Validate and sanitize user input before merging. Use Object.create(null) for dictionaries',
|
|
363
393
|
},
|
|
364
394
|
// ============================================
|
|
365
|
-
//
|
|
395
|
+
// PRO TIER RULES - Framework-specific
|
|
366
396
|
// ============================================
|
|
367
397
|
// --- Next.js ---
|
|
368
398
|
{
|
|
@@ -370,6 +400,7 @@ exports.securityRules = [
|
|
|
370
400
|
name: 'Next.js Server Action Without Auth',
|
|
371
401
|
description: 'Server actions are public endpoints and need authentication checks',
|
|
372
402
|
severity: 'high',
|
|
403
|
+
tier: 'pro',
|
|
373
404
|
languages: ['javascript', 'typescript'],
|
|
374
405
|
patterns: [
|
|
375
406
|
/['"`]use server['"`]\s*;?\s*(?:export\s+)?(?:async\s+)?function\s+\w+\s*\([^)]*\)\s*\{(?![^}]*(?:auth|session|getServerSession|currentUser))/,
|
|
@@ -381,6 +412,7 @@ exports.securityRules = [
|
|
|
381
412
|
name: 'Next.js API Route Without Auth Check',
|
|
382
413
|
description: 'API routes in Next.js are public by default and need explicit auth',
|
|
383
414
|
severity: 'high',
|
|
415
|
+
tier: 'pro',
|
|
384
416
|
languages: ['javascript', 'typescript'],
|
|
385
417
|
patterns: [
|
|
386
418
|
/export\s+(?:default\s+)?(?:async\s+)?function\s+(?:GET|POST|PUT|DELETE|PATCH)\s*\([^)]*\)\s*\{(?![^}]{0,500}(?:getServerSession|auth|getToken|verifyToken|currentUser))/,
|
|
@@ -392,6 +424,7 @@ exports.securityRules = [
|
|
|
392
424
|
name: 'Next.js dangerouslySetInnerHTML with User Data',
|
|
393
425
|
description: 'Using dangerouslySetInnerHTML with dynamic data can cause XSS',
|
|
394
426
|
severity: 'high',
|
|
427
|
+
tier: 'pro',
|
|
395
428
|
languages: ['javascript', 'typescript'],
|
|
396
429
|
patterns: [
|
|
397
430
|
/dangerouslySetInnerHTML\s*=\s*\{\s*\{\s*__html\s*:\s*(?!['"`])/,
|
|
@@ -403,6 +436,7 @@ exports.securityRules = [
|
|
|
403
436
|
name: 'Next.js Private Env Exposed to Client',
|
|
404
437
|
description: 'Environment variables without NEXT_PUBLIC_ prefix should not be in client code',
|
|
405
438
|
severity: 'high',
|
|
439
|
+
tier: 'pro',
|
|
406
440
|
languages: ['javascript', 'typescript'],
|
|
407
441
|
patterns: [
|
|
408
442
|
/['"`]use client['"`][\s\S]*process\.env\.(?!NEXT_PUBLIC_)[A-Z_]+/,
|
|
@@ -415,6 +449,7 @@ exports.securityRules = [
|
|
|
415
449
|
name: 'Django DEBUG=True in Production',
|
|
416
450
|
description: 'Debug mode exposes sensitive information and should never be enabled in production',
|
|
417
451
|
severity: 'critical',
|
|
452
|
+
tier: 'pro',
|
|
418
453
|
languages: ['python'],
|
|
419
454
|
patterns: [
|
|
420
455
|
/DEBUG\s*=\s*True/,
|
|
@@ -426,6 +461,7 @@ exports.securityRules = [
|
|
|
426
461
|
name: 'Django SECRET_KEY Hardcoded',
|
|
427
462
|
description: 'Hardcoded SECRET_KEY can be extracted and used to forge sessions',
|
|
428
463
|
severity: 'critical',
|
|
464
|
+
tier: 'pro',
|
|
429
465
|
languages: ['python'],
|
|
430
466
|
patterns: [
|
|
431
467
|
/SECRET_KEY\s*=\s*['"`][^'"`]{20,}['"`]/,
|
|
@@ -437,6 +473,7 @@ exports.securityRules = [
|
|
|
437
473
|
name: 'Django Raw SQL Query',
|
|
438
474
|
description: 'Raw SQL queries with string formatting are vulnerable to SQL injection',
|
|
439
475
|
severity: 'critical',
|
|
476
|
+
tier: 'pro',
|
|
440
477
|
languages: ['python'],
|
|
441
478
|
patterns: [
|
|
442
479
|
/\.raw\s*\(\s*f['"`]/,
|
|
@@ -451,6 +488,7 @@ exports.securityRules = [
|
|
|
451
488
|
name: 'Django CSRF Exemption',
|
|
452
489
|
description: 'Disabling CSRF protection exposes the endpoint to cross-site attacks',
|
|
453
490
|
severity: 'high',
|
|
491
|
+
tier: 'pro',
|
|
454
492
|
languages: ['python'],
|
|
455
493
|
patterns: [
|
|
456
494
|
/@csrf_exempt/,
|
|
@@ -462,6 +500,7 @@ exports.securityRules = [
|
|
|
462
500
|
name: 'Django ALLOWED_HOSTS Wildcard',
|
|
463
501
|
description: 'Allowing all hosts can enable host header attacks',
|
|
464
502
|
severity: 'medium',
|
|
503
|
+
tier: 'pro',
|
|
465
504
|
languages: ['python'],
|
|
466
505
|
patterns: [
|
|
467
506
|
/ALLOWED_HOSTS\s*=\s*\[\s*['"`]\*['"`]\s*\]/,
|
|
@@ -474,6 +513,7 @@ exports.securityRules = [
|
|
|
474
513
|
name: 'FastAPI Endpoint Without Auth Dependency',
|
|
475
514
|
description: 'Sensitive endpoints should use Depends() for authentication',
|
|
476
515
|
severity: 'high',
|
|
516
|
+
tier: 'pro',
|
|
477
517
|
languages: ['python'],
|
|
478
518
|
patterns: [
|
|
479
519
|
/@app\.(?:post|put|delete|patch)\s*\(\s*['"`]\/(?:admin|user|account|settings)[^'"]*['"`]\s*\)\s*\n(?:async\s+)?def\s+\w+\s*\([^)]*\)(?![^:]*Depends)/,
|
|
@@ -485,6 +525,7 @@ exports.securityRules = [
|
|
|
485
525
|
name: 'FastAPI CORS Allow All Origins',
|
|
486
526
|
description: 'Allowing all origins with credentials enabled is a security risk',
|
|
487
527
|
severity: 'medium',
|
|
528
|
+
tier: 'pro',
|
|
488
529
|
languages: ['python'],
|
|
489
530
|
patterns: [
|
|
490
531
|
/add_middleware\s*\(\s*CORSMiddleware[^)]*allow_origins\s*=\s*\[\s*['"`]\*['"`]\s*\]/,
|
|
@@ -497,6 +538,7 @@ exports.securityRules = [
|
|
|
497
538
|
name: 'NestJS Controller Without Auth Guard',
|
|
498
539
|
description: 'Controllers handling sensitive data should use authentication guards',
|
|
499
540
|
severity: 'high',
|
|
541
|
+
tier: 'pro',
|
|
500
542
|
languages: ['typescript'],
|
|
501
543
|
patterns: [
|
|
502
544
|
/@Controller\s*\(\s*['"`](?:admin|user|account|settings|payment)[^'"]*['"`]\s*\)\s*\nexport\s+class\s+\w+(?![^{]*@UseGuards)/,
|
|
@@ -508,6 +550,7 @@ exports.securityRules = [
|
|
|
508
550
|
name: 'NestJS Internal Exception Exposed',
|
|
509
551
|
description: 'Throwing raw errors exposes internal details to clients',
|
|
510
552
|
severity: 'low',
|
|
553
|
+
tier: 'pro',
|
|
511
554
|
languages: ['typescript'],
|
|
512
555
|
patterns: [
|
|
513
556
|
/throw\s+new\s+(?:Error|InternalServerErrorException)\s*\(\s*(?:err|error)\.message/,
|
|
@@ -520,6 +563,7 @@ exports.securityRules = [
|
|
|
520
563
|
name: 'React href with javascript: Protocol',
|
|
521
564
|
description: 'javascript: URLs in href can execute arbitrary code',
|
|
522
565
|
severity: 'high',
|
|
566
|
+
tier: 'pro',
|
|
523
567
|
languages: ['javascript', 'typescript'],
|
|
524
568
|
patterns: [
|
|
525
569
|
/href\s*=\s*\{[^}]*['"`]javascript:/,
|
|
@@ -532,6 +576,7 @@ exports.securityRules = [
|
|
|
532
576
|
name: 'React URL Parameters in Dangerous Context',
|
|
533
577
|
description: 'URL parameters used in dangerous contexts can cause XSS',
|
|
534
578
|
severity: 'high',
|
|
579
|
+
tier: 'pro',
|
|
535
580
|
languages: ['javascript', 'typescript'],
|
|
536
581
|
patterns: [
|
|
537
582
|
/useSearchParams\s*\(\s*\)[\s\S]*dangerouslySetInnerHTML/,
|
|
@@ -545,6 +590,7 @@ exports.securityRules = [
|
|
|
545
590
|
name: 'Express Missing Security Headers (Helmet)',
|
|
546
591
|
description: 'Express apps should use Helmet for security headers',
|
|
547
592
|
severity: 'medium',
|
|
593
|
+
tier: 'pro',
|
|
548
594
|
languages: ['javascript', 'typescript'],
|
|
549
595
|
patterns: [
|
|
550
596
|
/express\s*\(\s*\)(?![^;]*helmet)/,
|
|
@@ -556,6 +602,7 @@ exports.securityRules = [
|
|
|
556
602
|
name: 'Express Body Parser Without Size Limit',
|
|
557
603
|
description: 'Unlimited body size can lead to denial of service attacks',
|
|
558
604
|
severity: 'medium',
|
|
605
|
+
tier: 'pro',
|
|
559
606
|
languages: ['javascript', 'typescript'],
|
|
560
607
|
patterns: [
|
|
561
608
|
/express\.json\s*\(\s*\)/,
|
|
@@ -568,6 +615,7 @@ exports.securityRules = [
|
|
|
568
615
|
name: 'Express Session Insecure Configuration',
|
|
569
616
|
description: 'Session cookies should be secure and httpOnly',
|
|
570
617
|
severity: 'high',
|
|
618
|
+
tier: 'pro',
|
|
571
619
|
languages: ['javascript', 'typescript'],
|
|
572
620
|
patterns: [
|
|
573
621
|
/session\s*\(\s*\{[^}]*secret\s*:[^}]*\}\s*\)(?![^)]*(?:secure|httpOnly))/,
|