@indicated/vibeguard 1.3.1 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/commands/scan.d.ts.map +1 -1
- package/dist/cli/commands/scan.js +5 -0
- package/dist/cli/commands/scan.js.map +1 -1
- package/dist/mcp/server.d.ts.map +1 -1
- package/dist/mcp/server.js +3 -2
- package/dist/mcp/server.js.map +1 -1
- package/dist/scanner/parsers/javascript.d.ts.map +1 -1
- package/dist/scanner/parsers/javascript.js +49 -1
- package/dist/scanner/parsers/javascript.js.map +1 -1
- package/dist/scanner/parsers/python.d.ts.map +1 -1
- package/dist/scanner/parsers/python.js +7 -10
- package/dist/scanner/parsers/python.js.map +1 -1
- package/dist/scanner/rules/definitions.d.ts.map +1 -1
- package/dist/scanner/rules/definitions.js +51 -13
- package/dist/scanner/rules/definitions.js.map +1 -1
- package/dist/types.d.ts +1 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/cli/commands/scan.ts +6 -0
- package/src/mcp/server.ts +3 -2
- package/src/scanner/parsers/javascript.ts +58 -1
- package/src/scanner/parsers/python.ts +7 -10
- package/src/scanner/rules/definitions.ts +51 -13
- package/src/types.ts +1 -0
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/scan.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAoBpC,wBAAgB,iBAAiB,IAAI,OAAO,
|
|
1
|
+
{"version":3,"file":"scan.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/scan.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAoBpC,wBAAgB,iBAAiB,IAAI,OAAO,CA8G3C"}
|
|
@@ -49,11 +49,16 @@ function createScanCommand() {
|
|
|
49
49
|
.option('--force', 'Continue even if critical/high issues found')
|
|
50
50
|
.option('--json', 'Output results as JSON')
|
|
51
51
|
.option('--quiet', 'Minimal output (exit code only)')
|
|
52
|
+
.option('-e, --exclude <patterns...>', 'Glob patterns to exclude (e.g., "**/vendor/**" "*.min.js")')
|
|
52
53
|
.action(async (targets, options) => {
|
|
53
54
|
try {
|
|
54
55
|
const config = (0, config_1.loadConfig)();
|
|
55
56
|
const licenseKey = (0, license_1.getLicenseKey)();
|
|
56
57
|
const cwd = process.cwd();
|
|
58
|
+
// Merge CLI exclude patterns with config
|
|
59
|
+
if (options.exclude) {
|
|
60
|
+
config.exclude = [...(config.exclude || []), ...options.exclude];
|
|
61
|
+
}
|
|
57
62
|
const scanner = new scanner_1.Scanner(config);
|
|
58
63
|
await scanner.initialize(licenseKey || undefined);
|
|
59
64
|
if (!options.quiet && !options.json) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan.js","sourceRoot":"","sources":["../../../src/cli/commands/scan.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoBA,
|
|
1
|
+
{"version":3,"file":"scan.js","sourceRoot":"","sources":["../../../src/cli/commands/scan.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoBA,8CA8GC;AAlID,yCAAoC;AACpC,2CAA6B;AAC7B,2CAAwC;AACxC,+CAAkD;AAClD,sCAAuC;AACvC,sCAUmB;AAGnB,MAAM,WAAW,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;AAErD,SAAgB,iBAAiB;IAC/B,MAAM,IAAI,GAAG,IAAI,mBAAO,CAAC,MAAM,CAAC;SAC7B,WAAW,CAAC,wDAAwD,CAAC;SACrE,QAAQ,CAAC,cAAc,EAAE,8BAA8B,EAAE,CAAC,GAAG,CAAC,CAAC;SAC/D,MAAM,CAAC,UAAU,EAAE,4BAA4B,CAAC;SAChD,MAAM,CAAC,SAAS,EAAE,6CAA6C,CAAC;SAChE,MAAM,CAAC,QAAQ,EAAE,wBAAwB,CAAC;SAC1C,MAAM,CAAC,SAAS,EAAE,iCAAiC,CAAC;SACpD,MAAM,CAAC,6BAA6B,EAAE,4DAA4D,CAAC;SACnG,MAAM,CAAC,KAAK,EAAE,OAAiB,EAAE,OAAO,EAAE,EAAE;QAC3C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAA,mBAAU,GAAE,CAAC;YAC5B,MAAM,UAAU,GAAG,IAAA,uBAAa,GAAE,CAAC;YACnC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;YAE1B,yCAAyC;YACzC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;gBACpB,MAAM,CAAC,OAAO,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;YACnE,CAAC;YAED,MAAM,OAAO,GAAG,IAAI,iBAAO,CAAC,MAAM,CAAC,CAAC;YACpC,MAAM,OAAO,CAAC,UAAU,CAAC,UAAU,IAAI,SAAS,CAAC,CAAC;YAElD,IAAI,CAAC,OAAO,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBACpC,OAAO,CAAC,GAAG,CAAC,IAAA,qBAAY,EAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC;YACjD,CAAC;YAED,eAAe;YACf,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM;gBAC3B,CAAC,CAAC,MAAM,OAAO,CAAC,UAAU,EAAE;gBAC5B,CAAC,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAE7D,IAAI,CAAC,OAAO,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBACpC,OAAO,CAAC,GAAG,CAAC,IAAA,uBAAc,EAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YAC5C,CAAC;YAED,iBAAiB;YACjB,MAAM,QAAQ,GAAS,OAAO,CAAC,WAAW,EAAE,CAAC;YAE7C,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjB,sEAAsE;gBACtE,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;oBACxB,MAAM,MAAM,GAAG;wBACb,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;wBAC5E,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;wBACpE,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;wBACxE,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;qBACnE,CAAC;oBACF,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;wBACzB,OAAO,EAAE,WAAW,CAAC,OAAO;wBAC5B,IAAI,EAAE,QAAQ;wBACd,KAAK,EAAE,MAAM,CAAC,KAAK;wBACnB,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM;wBACnC,MAAM;wBACN,QAAQ,EAAE,EAAE,EAAE,sBAAsB;wBACpC,QAAQ,EAAE,MAAM,CAAC,QAAQ;wBACzB,cAAc,EAAE,mFAAmF;qBACpG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;gBACf,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;wBACzB,OAAO,EAAE,WAAW,CAAC,OAAO;wBAC5B,IAAI,EAAE,QAAQ;wBACd,KAAK,EAAE,MAAM,CAAC,KAAK;wBACnB,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;4BAClC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE;4BACf,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ;4BACzB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI;4BACjB,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC;4BAChC,IAAI,EAAE,CAAC,CAAC,IAAI;4BACZ,MAAM,EAAE,CAAC,CAAC,MAAM;4BAChB,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI;4BACpB,GAAG,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG;4BACvC,YAAY,EAAE,CAAC,CAAC,YAAY;yBAC7B,CAAC,CAAC;wBACH,QAAQ,EAAE,MAAM,CAAC,QAAQ;qBAC1B,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;gBACf,CAAC;YACH,CAAC;iBAAM,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBAC1B,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACjC,OAAO,CAAC,GAAG,CAAC,IAAA,0BAAiB,GAAE,CAAC,CAAC;gBACnC,CAAC;qBAAM,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;oBAC/B,sDAAsD;oBACtD,OAAO,CAAC,GAAG,CAAC,IAAA,8BAAqB,EAAC,MAAM,CAAC,CAAC,CAAC;gBAC7C,CAAC;qBAAM,CAAC;oBACN,8BAA8B;oBAC9B,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;wBACtC,OAAO,CAAC,GAAG,CAAC,IAAA,sBAAa,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC3C,CAAC;oBACD,OAAO,CAAC,GAAG,CAAC,IAAA,sBAAa,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;gBAC/C,CAAC;YACH,CAAC;YAED,sBAAsB;YACtB,MAAM,iBAAiB,GAAG,IAAA,0BAAiB,EAAC,MAAM,CAAC,CAAC;YAEpD,IAAI,iBAAiB,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACxC,IAAI,CAAC,OAAO,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;oBACpC,OAAO,CAAC,GAAG,CAAC,IAAA,4BAAmB,GAAE,CAAC,CAAC;gBACrC,CAAC;gBACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YAED,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,IAAA,oBAAW,EAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC;YACnF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,OAAO,IAAI,CAAC;AACd,CAAC"}
|
package/dist/mcp/server.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AAoBA,wBAAsB,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AAoBA,wBAAsB,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CAqPpD"}
|
package/dist/mcp/server.js
CHANGED
|
@@ -67,10 +67,11 @@ async function startMcpServer() {
|
|
|
67
67
|
server.tool('scan_code', 'Scan files or directories for security vulnerabilities. Returns findings with severity, location, and fix suggestions. Use this after writing code or before commits.', {
|
|
68
68
|
paths: zod_1.z.array(zod_1.z.string()).describe('File or directory paths to scan (relative to current working directory)'),
|
|
69
69
|
staged_only: zod_1.z.boolean().optional().describe('If true, only scan git staged files'),
|
|
70
|
-
|
|
70
|
+
exclude: zod_1.z.array(zod_1.z.string()).optional().describe('Glob patterns to exclude (e.g., "**/vendor/**", "*.min.js")'),
|
|
71
|
+
}, async ({ paths, staged_only, exclude }) => {
|
|
71
72
|
try {
|
|
72
73
|
const licenseKey = (0, license_1.getLicenseKey)();
|
|
73
|
-
const scanner = new scanner_1.Scanner();
|
|
74
|
+
const scanner = new scanner_1.Scanner(exclude ? { exclude } : {});
|
|
74
75
|
await scanner.initialize(licenseKey || undefined);
|
|
75
76
|
const cwd = process.cwd();
|
|
76
77
|
const targets = paths.map(p => path.resolve(cwd, p));
|
package/dist/mcp/server.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoBA,
|
|
1
|
+
{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoBA,wCAqPC;AAzQD,oEAAoE;AACpE,wEAAiF;AACjF,6BAAwB;AACxB,2CAA6B;AAC7B,wCAAqC;AACrC,8DAA6D;AAC7D,4CAA+C;AAG/C,SAAS,cAAc,CAAC,MAAgC;IACtD,IAAI,MAAM,CAAC,QAAQ,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IACpC,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAChC,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAChC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAClC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAClC,IAAI,MAAM,CAAC,GAAG,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAC/B,IAAI,MAAM,CAAC,GAAG,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAC/B,OAAO,IAAI,CAAC;AACd,CAAC;AAEM,KAAK,UAAU,cAAc;IAClC,MAAM,MAAM,GAAG,IAAI,kBAAS,CAAC;QAC3B,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,OAAO;KACjB,CAAC,CAAC;IAEH,kBAAkB;IAClB,MAAM,CAAC,IAAI,CACT,WAAW,EACX,uKAAuK,EACvK;QACE,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,yEAAyE,CAAC;QAC9G,WAAW,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qCAAqC,CAAC;QACnF,OAAO,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,6DAA6D,CAAC;KAChH,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,EAAE,EAAE;QACxC,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAA,uBAAa,GAAE,CAAC;YACnC,MAAM,OAAO,GAAG,IAAI,iBAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACxD,MAAM,OAAO,CAAC,UAAU,CAAC,UAAU,IAAI,SAAS,CAAC,CAAC;YAElD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;YAC1B,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;YAErD,MAAM,MAAM,GAAG,WAAW;gBACxB,CAAC,CAAC,MAAM,OAAO,CAAC,UAAU,EAAE;gBAC5B,CAAC,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAEhC,MAAM,QAAQ,GAAS,OAAO,CAAC,WAAW,EAAE,CAAC;YAC7C,MAAM,SAAS,GAAG,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAE5D,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACjC,OAAO;oBACL,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,iCAAiC,MAAM,CAAC,KAAK,kCAAkC,SAAS,EAAE;yBACjG;qBACF;iBACF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAA6B;gBACvC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;gBAC5E,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;gBACpE,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;gBACxE,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;aACnE,CAAC;YAEF,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;YACrC,MAAM,OAAO,GAAG,SAAS,MAAM,CAAC,QAAQ,CAAC,MAAM,cAAc,MAAM,CAAC,QAAQ,cAAc,MAAM,CAAC,IAAI,UAAU,MAAM,CAAC,MAAM,YAAY,MAAM,CAAC,GAAG,MAAM,CAAC;YAEzJ,sDAAsD;YACtD,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;gBACxB,OAAO;oBACL,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,GAAG,OAAO,cAAc,KAAK,YAAY,SAAS,8IAA8I;yBACvM;qBACF;iBACF,CAAC;YACJ,CAAC;YAED,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACzC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ;gBACzB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE;gBACf,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI;gBACjB,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC;gBAChC,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,WAAW;gBAC3B,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG;gBACf,YAAY,EAAE,CAAC,CAAC,YAAY;aAC7B,CAAC,CAAC,CAAC;YAEJ,MAAM,iBAAiB,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;gBACzC,MAAM,MAAM,GAAG,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC9C,MAAM,OAAO,GAAG,CAAC,CAAC,YAAY;oBAC5B,CAAC,CAAC,0CAA0C;oBAC5C,CAAC,CAAC,UAAU,CAAC,CAAC,GAAG,EAAE,CAAC;gBACtB,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,IAAI,MAAM,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC/F,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAEhB,MAAM,MAAM,GAAG,YAAY,KAAK,YAAY,SAAS,EAAE,CAAC;YAExD,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,GAAG,OAAO,OAAO,iBAAiB,GAAG,MAAM,EAAE;qBACpD;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,mBAAmB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;qBACpF;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;IAEF,4BAA4B;IAC5B,MAAM,CAAC,IAAI,CACT,qBAAqB,EACrB,wHAAwH,EACxH;QACE,QAAQ,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;KACxG,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;QACrB,IAAI,KAAK,GAAG,2BAAa,CAAC;QAE1B,IAAI,QAAQ,EAAE,CAAC;YACb,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAC9B,IAAI,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,WAAW,kBAAkB,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACjH,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAEf,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,GAAG,KAAK,CAAC,MAAM,yBAAyB,SAAS,EAAE;iBAC1D;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,2BAA2B;IAC3B,MAAM,CAAC,IAAI,CACT,oBAAoB,EACpB,6HAA6H,EAC7H;QACE,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;QACtD,QAAQ,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,0BAA0B,CAAC;KAC9F,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE;QAC3B,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,wDAAa,IAAI,GAAC,CAAC;YAC9B,MAAM,EAAE,GAAG,wDAAa,IAAI,GAAC,CAAC;YAE9B,mBAAmB;YACnB,MAAM,GAAG,GAAG,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,KAAK,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;YACtF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,mBAAmB,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC,CAAC;YAE/E,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YAEjC,MAAM,UAAU,GAAG,IAAA,uBAAa,GAAE,CAAC;YACnC,MAAM,OAAO,GAAG,IAAI,iBAAO,EAAE,CAAC;YAC9B,MAAM,OAAO,CAAC,UAAU,CAAC,UAAU,IAAI,SAAS,CAAC,CAAC;YAElD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC9C,MAAM,QAAQ,GAAS,OAAO,CAAC,WAAW,EAAE,CAAC;YAC7C,MAAM,SAAS,GAAG,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAE5D,WAAW;YACX,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YAExB,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACjC,OAAO;oBACL,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,yEAAyE,SAAS,EAAE;yBAC3F;qBACF;iBACF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAA6B;gBACvC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;gBAC5E,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;gBACpE,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;gBACxE,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;aACnE,CAAC;YAEF,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;YACrC,MAAM,OAAO,GAAG,SAAS,MAAM,CAAC,QAAQ,CAAC,MAAM,cAAc,MAAM,CAAC,QAAQ,cAAc,MAAM,CAAC,IAAI,UAAU,MAAM,CAAC,MAAM,YAAY,MAAM,CAAC,GAAG,MAAM,CAAC;YAEzJ,sDAAsD;YACtD,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;gBACxB,OAAO;oBACL,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,GAAG,OAAO,cAAc,KAAK,YAAY,SAAS,sFAAsF;yBAC/I;qBACF;iBACF,CAAC;YACJ,CAAC;YAED,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACzC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ;gBACzB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE;gBACf,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI;gBACjB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG;gBACf,YAAY,EAAE,CAAC,CAAC,YAAY;aAC7B,CAAC,CAAC,CAAC;YAEJ,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;gBACjC,MAAM,MAAM,GAAG,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC9C,MAAM,OAAO,GAAG,CAAC,CAAC,YAAY;oBAC5B,CAAC,CAAC,0CAA0C;oBAC5C,CAAC,CAAC,UAAU,CAAC,CAAC,GAAG,EAAE,CAAC;gBACtB,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,IAAI,MAAM,SAAS,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YACxF,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAEhB,MAAM,MAAM,GAAG,YAAY,KAAK,YAAY,SAAS,EAAE,CAAC;YAExD,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,SAAS,QAAQ,CAAC,MAAM,iBAAiB,SAAS,GAAG,MAAM,EAAE;qBACpE;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,wBAAwB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;qBACzF;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;IAEF,oBAAoB;IACpB,MAAM,SAAS,GAAG,IAAI,+BAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAClC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"javascript.d.ts","sourceRoot":"","sources":["../../../src/scanner/parsers/javascript.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,CAAC,MAAM,cAAc,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAEpD,UAAU,UAAU;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,CAAC,CAAC,IAAI,GAAG,IAAI,CAiB7E;AAED,wBAAgB,WAAW,CACzB,GAAG,EAAE,CAAC,CAAC,IAAI,EACX,KAAK,EAAE,YAAY,EAAE,EACrB,OAAO,EAAE,UAAU,GAClB,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"javascript.d.ts","sourceRoot":"","sources":["../../../src/scanner/parsers/javascript.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,CAAC,MAAM,cAAc,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAEpD,UAAU,UAAU;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,CAAC,CAAC,IAAI,GAAG,IAAI,CAiB7E;AAED,wBAAgB,WAAW,CACzB,GAAG,EAAE,CAAC,CAAC,IAAI,EACX,KAAK,EAAE,YAAY,EAAE,EACrB,OAAO,EAAE,UAAU,GAClB,OAAO,EAAE,CAmQX;AAED,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,YAAY,EAAE,EACrB,QAAQ,EAAE,MAAM,GACf,OAAO,EAAE,CAgDX"}
|
|
@@ -122,11 +122,41 @@ function scanWithAST(ast, rules, context) {
|
|
|
122
122
|
return null;
|
|
123
123
|
},
|
|
124
124
|
'xss-innerhtml': (path) => {
|
|
125
|
+
// Check if file imports a sanitizer - if so, assume proper usage
|
|
126
|
+
const codeLC = context.code.toLowerCase();
|
|
127
|
+
const hasSanitizer = codeLC.includes('dompurify') ||
|
|
128
|
+
codeLC.includes('sanitize-html') ||
|
|
129
|
+
codeLC.includes('xss') ||
|
|
130
|
+
codeLC.includes('escapehtml') ||
|
|
131
|
+
codeLC.includes('escape-html') ||
|
|
132
|
+
codeLC.includes('htmlsanitizer') ||
|
|
133
|
+
/function\s+escapehtml/i.test(context.code) ||
|
|
134
|
+
/const\s+escapehtml/i.test(context.code) ||
|
|
135
|
+
/escapehtml\s*[:=]/i.test(context.code);
|
|
136
|
+
if (hasSanitizer) {
|
|
137
|
+
return null; // File has sanitization, skip innerHTML checks
|
|
138
|
+
}
|
|
125
139
|
if (path.isAssignmentExpression()) {
|
|
126
140
|
const left = path.node.left;
|
|
141
|
+
const right = path.node.right;
|
|
127
142
|
if (t.isMemberExpression(left) &&
|
|
128
143
|
t.isIdentifier(left.property) &&
|
|
129
144
|
left.property.name === 'innerHTML') {
|
|
145
|
+
// Skip if RHS is a string literal (static HTML is safe)
|
|
146
|
+
if (t.isStringLiteral(right)) {
|
|
147
|
+
return null;
|
|
148
|
+
}
|
|
149
|
+
// Skip if RHS is a template literal with no expressions (static)
|
|
150
|
+
if (t.isTemplateLiteral(right) && right.expressions.length === 0) {
|
|
151
|
+
return null;
|
|
152
|
+
}
|
|
153
|
+
// Skip if wrapped in sanitizer call
|
|
154
|
+
if (t.isCallExpression(right)) {
|
|
155
|
+
const callCode = context.code.substring(right.start || 0, right.end || 0).toLowerCase();
|
|
156
|
+
if (callCode.includes('sanitize') || callCode.includes('escape') || callCode.includes('purify')) {
|
|
157
|
+
return null;
|
|
158
|
+
}
|
|
159
|
+
}
|
|
130
160
|
const rule = rules.find(r => r.id === 'xss-innerhtml');
|
|
131
161
|
if (rule) {
|
|
132
162
|
const loc = path.node.loc;
|
|
@@ -142,10 +172,22 @@ function scanWithAST(ast, rules, context) {
|
|
|
142
172
|
}
|
|
143
173
|
}
|
|
144
174
|
}
|
|
145
|
-
// Check for dangerouslySetInnerHTML in JSX
|
|
175
|
+
// Check for dangerouslySetInnerHTML in JSX - only flag if value is not static
|
|
146
176
|
if (path.isJSXAttribute()) {
|
|
147
177
|
const name = path.node.name;
|
|
148
178
|
if (t.isJSXIdentifier(name) && name.name === 'dangerouslySetInnerHTML') {
|
|
179
|
+
const value = path.node.value;
|
|
180
|
+
// Check if the value is a static string (safe)
|
|
181
|
+
if (t.isJSXExpressionContainer(value) && value.expression) {
|
|
182
|
+
const expr = value.expression;
|
|
183
|
+
// Check if it's an object with __html property that's a string literal
|
|
184
|
+
if (t.isObjectExpression(expr)) {
|
|
185
|
+
const htmlProp = expr.properties.find(p => t.isObjectProperty(p) && t.isIdentifier(p.key) && p.key.name === '__html');
|
|
186
|
+
if (htmlProp && t.isObjectProperty(htmlProp) && t.isStringLiteral(htmlProp.value)) {
|
|
187
|
+
return null; // Static HTML string is safe
|
|
188
|
+
}
|
|
189
|
+
}
|
|
190
|
+
}
|
|
149
191
|
const rule = rules.find(r => r.id === 'xss-innerhtml');
|
|
150
192
|
if (rule) {
|
|
151
193
|
const loc = path.node.loc;
|
|
@@ -240,6 +282,12 @@ function scanWithPatterns(code, rules, filePath) {
|
|
|
240
282
|
for (const rule of rules) {
|
|
241
283
|
if (!rule.patterns)
|
|
242
284
|
continue;
|
|
285
|
+
// Check if file path matches any exclusion patterns for this rule
|
|
286
|
+
if (rule.pathExclusions) {
|
|
287
|
+
const shouldSkip = rule.pathExclusions.some(exclusion => exclusion.test(filePath));
|
|
288
|
+
if (shouldSkip)
|
|
289
|
+
continue;
|
|
290
|
+
}
|
|
243
291
|
for (const pattern of rule.patterns) {
|
|
244
292
|
let match;
|
|
245
293
|
const regex = new RegExp(pattern.source, pattern.flags + (pattern.flags.includes('g') ? '' : 'g'));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"javascript.js","sourceRoot":"","sources":["../../../src/scanner/parsers/javascript.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAWA,0CAiBC;AAED,kCAoNC;AAED,4CA8CC;AAlSD,sDAAwC;AACxC,+DAAqD;AACrD,gDAAkC;AASlC,SAAgB,eAAe,CAAC,IAAY,EAAE,QAAgB;IAC5D,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE;YACxB,UAAU,EAAE,QAAQ;YACpB,OAAO,EAAE;gBACP,KAAK;gBACL,YAAY;gBACZ,mBAAmB;gBACnB,iBAAiB;gBACjB,kBAAkB;gBAClB,2BAA2B;aAC5B;SACF,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,gEAAgE;QAChE,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,WAAW,CACzB,GAAW,EACX,KAAqB,EACrB,OAAmB;IAEnB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,MAAM,WAAW,GAAuD;QACtE,YAAY,EAAE,CAAC,IAAc,EAAE,EAAE;YAC/B,IACE,IAAI,CAAC,gBAAgB,EAAE;gBACvB,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC;gBAChC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,MAAM,EAChC,CAAC;gBACD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,YAAY,CAAC,CAAC;gBACpD,IAAI,IAAI,EAAE,CAAC;oBACT,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;oBAC1B,OAAO;wBACL,IAAI;wBACJ,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;wBAC1B,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;wBAC9B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE;wBACrD,OAAO,EAAE,IAAI,CAAC,WAAW;wBACzB,YAAY,EAAE,KAAK;qBACpB,CAAC;gBACJ,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,eAAe,EAAE,CAAC,IAAc,EAAE,EAAE;YAClC,IAAI,IAAI,CAAC,iBAAiB,EAAE,IAAI,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;gBAC1D,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC;gBAC/B,IACE,MAAM,EAAE,gBAAgB,EAAE;oBAC1B,CAAC,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EACxC,CAAC;oBACD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;oBAClC,MAAM,UAAU,GAAG,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBAE/E,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;wBAC7D,6EAA6E;wBAC7E,IACE,IAAI,CAAC,iBAAiB,EAAE;4BACxB,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAChC,CAAC;4BACD,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CACxC,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,EACpB,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CACnB,CAAC,WAAW,EAAE,CAAC;4BAEhB,IACE,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;gCAC9B,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;gCAC9B,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;gCAC9B,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;gCAC9B,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,EAC7B,CAAC;gCACD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC;gCACvD,IAAI,IAAI,EAAE,CAAC;oCACT,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;oCAC1B,OAAO;wCACL,IAAI;wCACJ,IAAI,EAAE,OAAO,CAAC,QAAQ;wCACtB,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;wCAC1B,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;wCAC9B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE;wCACrD,OAAO,EAAE,IAAI,CAAC,WAAW;wCACzB,YAAY,EAAE,KAAK;qCACpB,CAAC;gCACJ,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,eAAe,EAAE,CAAC,IAAc,EAAE,EAAE;YAClC,IAAI,IAAI,CAAC,sBAAsB,EAAE,EAAE,CAAC;gBAClC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;gBAC5B,IACE,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC;oBAC1B,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC;oBAC7B,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,WAAW,EAClC,CAAC;oBACD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC;oBACvD,IAAI,IAAI,EAAE,CAAC;wBACT,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;wBAC1B,OAAO;4BACL,IAAI;4BACJ,IAAI,EAAE,OAAO,CAAC,QAAQ;4BACtB,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;4BAC1B,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;4BAC9B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE;4BACrD,OAAO,EAAE,IAAI,CAAC,WAAW;4BACzB,YAAY,EAAE,KAAK;yBACpB,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YAED,2CAA2C;YAC3C,IAAI,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;gBAC1B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;gBAC5B,IAAI,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,KAAK,yBAAyB,EAAE,CAAC;oBACvE,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC;oBACvD,IAAI,IAAI,EAAE,CAAC;wBACT,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;wBAC1B,OAAO;4BACL,IAAI;4BACJ,IAAI,EAAE,OAAO,CAAC,QAAQ;4BACtB,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;4BAC1B,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;4BAC9B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE;4BACrD,OAAO,EAAE,IAAI,CAAC,WAAW;4BACzB,YAAY,EAAE,KAAK;yBACpB,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;QAED,cAAc,EAAE,CAAC,IAAc,EAAE,EAAE;YACjC,wDAAwD;YACxD,IAAI,IAAI,CAAC,gBAAgB,EAAE,EAAE,CAAC;gBAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC;gBAChC,IACE,CAAC,CAAC,kBAAkB,CAAC,MAAM,CAAC;oBAC5B,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC;oBAC/B,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EACxE,CAAC;oBACD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;oBACjC,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;wBACrB,4DAA4D;wBAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CACrC,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,EACpB,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CACnB,CAAC,WAAW,EAAE,CAAC;wBAEhB,iEAAiE;wBACjE,MAAM,iBAAiB,GACrB,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;4BACzB,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;4BAC5B,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC;4BAC1B,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;4BACxB,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC;4BAC/B,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC;4BACpC,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC;4BAChC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;4BAC5B,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;wBAE9B,IAAI,CAAC,iBAAiB,EAAE,CAAC;4BACvB,2CAA2C;4BAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;4BAC1B,IAAI,CAAC,CAAC,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;gCACjC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;gCAChD,IACE,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC;oCAC3B,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC;oCAC3B,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;oCAC5B,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC;oCAC9B,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,EAC9B,CAAC;oCACD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC;oCAC5D,IAAI,IAAI,EAAE,CAAC;wCACT,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;wCAC1B,OAAO;4CACL,IAAI;4CACJ,IAAI,EAAE,OAAO,CAAC,QAAQ;4CACtB,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;4CAC1B,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;4CAC9B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE;4CACrD,OAAO,EAAE,aAAa,SAAS,CAAC,KAAK,gCAAgC;4CACrE,YAAY,EAAE,KAAK;yCACpB,CAAC;oCACJ,CAAC;gCACH,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;IAEF,IAAA,kBAAQ,EAAC,GAAG,EAAE;QACZ,KAAK,CAAC,IAAI;YACR,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBAClD,MAAM,OAAO,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC;gBAC9C,IAAI,OAAO,EAAE,CAAC;oBACZ,mBAAmB;oBACnB,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAC/B,CAAC,CAAC,EAAE,CACF,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,EAAE;wBAC7B,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI;wBACvB,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAC1B,CAAC;oBACF,IAAI,CAAC,WAAW,EAAE,CAAC;wBACjB,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBACzB,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;KACF,CAAC,CAAC;IAEH,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAgB,gBAAgB,CAC9B,IAAY,EACZ,KAAqB,EACrB,QAAgB;IAEhB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,SAAS;QAE7B,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,IAAI,KAAK,CAAC;YACV,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAEnG,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,yCAAyC;gBACzC,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBACnD,MAAM,UAAU,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;gBAC/D,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACpD,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,GAAG,SAAS,CAAC;gBAEvC,mBAAmB;gBACnB,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAC/B,CAAC,CAAC,EAAE,CACF,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE;oBACrB,CAAC,CAAC,IAAI,KAAK,UAAU;oBACrB,CAAC,CAAC,IAAI,KAAK,QAAQ,CACtB,CAAC;gBAEF,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI;wBACJ,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,UAAU;wBAChB,MAAM;wBACN,IAAI,EAAE,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE;wBACjC,OAAO,EAAE,IAAI,CAAC,WAAW;wBACzB,YAAY,EAAE,KAAK;qBACpB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
1
|
+
{"version":3,"file":"javascript.js","sourceRoot":"","sources":["../../../src/scanner/parsers/javascript.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAWA,0CAiBC;AAED,kCAuQC;AAED,4CAoDC;AA3VD,sDAAwC;AACxC,+DAAqD;AACrD,gDAAkC;AASlC,SAAgB,eAAe,CAAC,IAAY,EAAE,QAAgB;IAC5D,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE;YACxB,UAAU,EAAE,QAAQ;YACpB,OAAO,EAAE;gBACP,KAAK;gBACL,YAAY;gBACZ,mBAAmB;gBACnB,iBAAiB;gBACjB,kBAAkB;gBAClB,2BAA2B;aAC5B;SACF,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,gEAAgE;QAChE,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,WAAW,CACzB,GAAW,EACX,KAAqB,EACrB,OAAmB;IAEnB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,MAAM,WAAW,GAAuD;QACtE,YAAY,EAAE,CAAC,IAAc,EAAE,EAAE;YAC/B,IACE,IAAI,CAAC,gBAAgB,EAAE;gBACvB,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC;gBAChC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,MAAM,EAChC,CAAC;gBACD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,YAAY,CAAC,CAAC;gBACpD,IAAI,IAAI,EAAE,CAAC;oBACT,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;oBAC1B,OAAO;wBACL,IAAI;wBACJ,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;wBAC1B,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;wBAC9B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE;wBACrD,OAAO,EAAE,IAAI,CAAC,WAAW;wBACzB,YAAY,EAAE,KAAK;qBACpB,CAAC;gBACJ,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,eAAe,EAAE,CAAC,IAAc,EAAE,EAAE;YAClC,IAAI,IAAI,CAAC,iBAAiB,EAAE,IAAI,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;gBAC1D,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC;gBAC/B,IACE,MAAM,EAAE,gBAAgB,EAAE;oBAC1B,CAAC,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EACxC,CAAC;oBACD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;oBAClC,MAAM,UAAU,GAAG,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBAE/E,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;wBAC7D,6EAA6E;wBAC7E,IACE,IAAI,CAAC,iBAAiB,EAAE;4BACxB,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAChC,CAAC;4BACD,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CACxC,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,EACpB,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CACnB,CAAC,WAAW,EAAE,CAAC;4BAEhB,IACE,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;gCAC9B,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;gCAC9B,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;gCAC9B,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;gCAC9B,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,EAC7B,CAAC;gCACD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC;gCACvD,IAAI,IAAI,EAAE,CAAC;oCACT,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;oCAC1B,OAAO;wCACL,IAAI;wCACJ,IAAI,EAAE,OAAO,CAAC,QAAQ;wCACtB,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;wCAC1B,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;wCAC9B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE;wCACrD,OAAO,EAAE,IAAI,CAAC,WAAW;wCACzB,YAAY,EAAE,KAAK;qCACpB,CAAC;gCACJ,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,eAAe,EAAE,CAAC,IAAc,EAAE,EAAE;YAClC,iEAAiE;YACjE,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YAC1C,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAC/C,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAC;gBAChC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;gBACtB,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC;gBAC7B,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC;gBAC9B,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAC;gBAChC,wBAAwB,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;gBAC3C,qBAAqB,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;gBACxC,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAE1C,IAAI,YAAY,EAAE,CAAC;gBACjB,OAAO,IAAI,CAAC,CAAC,+CAA+C;YAC9D,CAAC;YAED,IAAI,IAAI,CAAC,sBAAsB,EAAE,EAAE,CAAC;gBAClC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;gBAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC;gBAC9B,IACE,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC;oBAC1B,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC;oBAC7B,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,WAAW,EAClC,CAAC;oBACD,wDAAwD;oBACxD,IAAI,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;wBAC7B,OAAO,IAAI,CAAC;oBACd,CAAC;oBACD,iEAAiE;oBACjE,IAAI,CAAC,CAAC,iBAAiB,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBACjE,OAAO,IAAI,CAAC;oBACd,CAAC;oBACD,oCAAoC;oBACpC,IAAI,CAAC,CAAC,gBAAgB,CAAC,KAAK,CAAC,EAAE,CAAC;wBAC9B,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CACrC,KAAK,CAAC,KAAK,IAAI,CAAC,EAChB,KAAK,CAAC,GAAG,IAAI,CAAC,CACf,CAAC,WAAW,EAAE,CAAC;wBAChB,IAAI,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;4BAChG,OAAO,IAAI,CAAC;wBACd,CAAC;oBACH,CAAC;oBAED,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC;oBACvD,IAAI,IAAI,EAAE,CAAC;wBACT,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;wBAC1B,OAAO;4BACL,IAAI;4BACJ,IAAI,EAAE,OAAO,CAAC,QAAQ;4BACtB,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;4BAC1B,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;4BAC9B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE;4BACrD,OAAO,EAAE,IAAI,CAAC,WAAW;4BACzB,YAAY,EAAE,KAAK;yBACpB,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YAED,8EAA8E;YAC9E,IAAI,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;gBAC1B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;gBAC5B,IAAI,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,KAAK,yBAAyB,EAAE,CAAC;oBACvE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC;oBAC9B,+CAA+C;oBAC/C,IAAI,CAAC,CAAC,wBAAwB,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;wBAC1D,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,CAAC;wBAC9B,uEAAuE;wBACvE,IAAI,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;4BAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CACnC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,IAAI,KAAK,QAAQ,CAC/E,CAAC;4BACF,IAAI,QAAQ,IAAI,CAAC,CAAC,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gCAClF,OAAO,IAAI,CAAC,CAAC,6BAA6B;4BAC5C,CAAC;wBACH,CAAC;oBACH,CAAC;oBAED,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC;oBACvD,IAAI,IAAI,EAAE,CAAC;wBACT,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;wBAC1B,OAAO;4BACL,IAAI;4BACJ,IAAI,EAAE,OAAO,CAAC,QAAQ;4BACtB,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;4BAC1B,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;4BAC9B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE;4BACrD,OAAO,EAAE,IAAI,CAAC,WAAW;4BACzB,YAAY,EAAE,KAAK;yBACpB,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;QAED,cAAc,EAAE,CAAC,IAAc,EAAE,EAAE;YACjC,wDAAwD;YACxD,IAAI,IAAI,CAAC,gBAAgB,EAAE,EAAE,CAAC;gBAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC;gBAChC,IACE,CAAC,CAAC,kBAAkB,CAAC,MAAM,CAAC;oBAC5B,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC;oBAC/B,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EACxE,CAAC;oBACD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;oBACjC,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;wBACrB,4DAA4D;wBAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CACrC,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,EACpB,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CACnB,CAAC,WAAW,EAAE,CAAC;wBAEhB,iEAAiE;wBACjE,MAAM,iBAAiB,GACrB,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;4BACzB,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;4BAC5B,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC;4BAC1B,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;4BACxB,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC;4BAC/B,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC;4BACpC,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC;4BAChC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;4BAC5B,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;wBAE9B,IAAI,CAAC,iBAAiB,EAAE,CAAC;4BACvB,2CAA2C;4BAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;4BAC1B,IAAI,CAAC,CAAC,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;gCACjC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;gCAChD,IACE,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC;oCAC3B,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC;oCAC3B,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;oCAC5B,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC;oCAC9B,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,EAC9B,CAAC;oCACD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC;oCAC5D,IAAI,IAAI,EAAE,CAAC;wCACT,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;wCAC1B,OAAO;4CACL,IAAI;4CACJ,IAAI,EAAE,OAAO,CAAC,QAAQ;4CACtB,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;4CAC1B,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;4CAC9B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE;4CACrD,OAAO,EAAE,aAAa,SAAS,CAAC,KAAK,gCAAgC;4CACrE,YAAY,EAAE,KAAK;yCACpB,CAAC;oCACJ,CAAC;gCACH,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;IAEF,IAAA,kBAAQ,EAAC,GAAG,EAAE;QACZ,KAAK,CAAC,IAAI;YACR,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBAClD,MAAM,OAAO,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC;gBAC9C,IAAI,OAAO,EAAE,CAAC;oBACZ,mBAAmB;oBACnB,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAC/B,CAAC,CAAC,EAAE,CACF,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,EAAE;wBAC7B,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI;wBACvB,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAC1B,CAAC;oBACF,IAAI,CAAC,WAAW,EAAE,CAAC;wBACjB,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBACzB,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;KACF,CAAC,CAAC;IAEH,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAgB,gBAAgB,CAC9B,IAAY,EACZ,KAAqB,EACrB,QAAgB;IAEhB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,SAAS;QAE7B,kEAAkE;QAClE,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,MAAM,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YACnF,IAAI,UAAU;gBAAE,SAAS;QAC3B,CAAC;QAED,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,IAAI,KAAK,CAAC;YACV,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAEnG,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,yCAAyC;gBACzC,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBACnD,MAAM,UAAU,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;gBAC/D,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACpD,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,GAAG,SAAS,CAAC;gBAEvC,mBAAmB;gBACnB,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAC/B,CAAC,CAAC,EAAE,CACF,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE;oBACrB,CAAC,CAAC,IAAI,KAAK,UAAU;oBACrB,CAAC,CAAC,IAAI,KAAK,QAAQ,CACtB,CAAC;gBAEF,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI;wBACJ,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,UAAU;wBAChB,MAAM;wBACN,IAAI,EAAE,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE;wBACjC,OAAO,EAAE,IAAI,CAAC,WAAW;wBACzB,YAAY,EAAE,KAAK;qBACpB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"python.d.ts","sourceRoot":"","sources":["../../../src/scanner/parsers/python.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"python.d.ts","sourceRoot":"","sources":["../../../src/scanner/parsers/python.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAsCpD,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,YAAY,EAAE,EACrB,QAAQ,EAAE,MAAM,GACf,OAAO,EAAE,CAkFX"}
|
|
@@ -25,25 +25,16 @@ const pythonPatterns = [
|
|
|
25
25
|
ruleId: 'eval-usage',
|
|
26
26
|
pattern: /\bexec\s*\([^)]*(?:input|request|data|params|args)/i,
|
|
27
27
|
},
|
|
28
|
-
// Hardcoded secrets
|
|
29
|
-
{
|
|
30
|
-
ruleId: 'hardcoded-secret',
|
|
31
|
-
pattern: /(?:api[_-]?key|secret[_-]?key|password|token)\s*=\s*['"][^'"]{8,}['"]/i,
|
|
32
|
-
},
|
|
33
28
|
// Flask/Django without CSRF
|
|
34
29
|
{
|
|
35
30
|
ruleId: 'permissive-cors',
|
|
36
31
|
pattern: /CORS\s*\(\s*app\s*(?:,\s*resources\s*=\s*\{[^}]*\*[^}]*\})?/,
|
|
37
32
|
},
|
|
38
|
-
// Debug mode in production
|
|
33
|
+
// Debug mode in production - Flask/FastAPI specific
|
|
39
34
|
{
|
|
40
35
|
ruleId: 'verbose-errors',
|
|
41
36
|
pattern: /app\.run\s*\([^)]*debug\s*=\s*True/i,
|
|
42
37
|
},
|
|
43
|
-
{
|
|
44
|
-
ruleId: 'verbose-errors',
|
|
45
|
-
pattern: /DEBUG\s*=\s*True/,
|
|
46
|
-
},
|
|
47
38
|
];
|
|
48
39
|
function scanPythonWithPatterns(code, rules, filePath) {
|
|
49
40
|
const findings = [];
|
|
@@ -52,6 +43,12 @@ function scanPythonWithPatterns(code, rules, filePath) {
|
|
|
52
43
|
for (const rule of rules) {
|
|
53
44
|
if (!rule.patterns || !rule.languages.includes('python'))
|
|
54
45
|
continue;
|
|
46
|
+
// Check if file path matches any exclusion patterns for this rule
|
|
47
|
+
if (rule.pathExclusions) {
|
|
48
|
+
const shouldSkip = rule.pathExclusions.some(exclusion => exclusion.test(filePath));
|
|
49
|
+
if (shouldSkip)
|
|
50
|
+
continue;
|
|
51
|
+
}
|
|
55
52
|
for (const pattern of rule.patterns) {
|
|
56
53
|
let match;
|
|
57
54
|
const regex = new RegExp(pattern.source, pattern.flags + (pattern.flags.includes('g') ? '' : 'g'));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"python.js","sourceRoot":"","sources":["../../../src/scanner/parsers/python.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"python.js","sourceRoot":"","sources":["../../../src/scanner/parsers/python.ts"],"names":[],"mappings":";;AAsCA,wDAsFC;AA1HD,0DAA0D;AAC1D,MAAM,cAAc,GAA0C;IAC5D,yBAAyB;IACzB;QACE,MAAM,EAAE,eAAe;QACvB,OAAO,EAAE,gFAAgF;KAC1F;IACD;QACE,MAAM,EAAE,eAAe;QACvB,OAAO,EAAE,0EAA0E;KACpF;IACD;QACE,MAAM,EAAE,eAAe;QACvB,OAAO,EAAE,yEAAyE;KACnF;IACD,aAAa;IACb;QACE,MAAM,EAAE,YAAY;QACpB,OAAO,EAAE,qDAAqD;KAC/D;IACD;QACE,MAAM,EAAE,YAAY;QACpB,OAAO,EAAE,qDAAqD;KAC/D;IACD,4BAA4B;IAC5B;QACE,MAAM,EAAE,iBAAiB;QACzB,OAAO,EAAE,6DAA6D;KACvE;IACD,oDAAoD;IACpD;QACE,MAAM,EAAE,gBAAgB;QACxB,OAAO,EAAE,qCAAqC;KAC/C;CACF,CAAC;AAEF,SAAgB,sBAAsB,CACpC,IAAY,EACZ,KAAqB,EACrB,QAAgB;IAEhB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAE/B,yCAAyC;IACzC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEnE,kEAAkE;QAClE,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,MAAM,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YACnF,IAAI,UAAU;gBAAE,SAAS;QAC3B,CAAC;QAED,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpC,IAAI,KAAK,CAAC;YACV,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAEnG,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBACnD,MAAM,UAAU,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;gBAC/D,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACpD,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,GAAG,SAAS,CAAC;gBAEvC,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAC/B,CAAC,CAAC,EAAE,CACF,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE;oBACrB,CAAC,CAAC,IAAI,KAAK,UAAU;oBACrB,CAAC,CAAC,IAAI,KAAK,QAAQ,CACtB,CAAC;gBAEF,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI;wBACJ,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,UAAU;wBAChB,MAAM;wBACN,IAAI,EAAE,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE;wBACjC,OAAO,EAAE,IAAI,CAAC,WAAW;wBACzB,YAAY,EAAE,KAAK;qBACpB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,KAAK,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,cAAc,EAAE,CAAC;QACjD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,IAAI;YAAE,SAAS;QAEpB,IAAI,KAAK,CAAC;QACV,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAEnG,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACnD,MAAM,UAAU,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;YAC/D,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACpD,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,GAAG,SAAS,CAAC;YAEvC,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAC/B,CAAC,CAAC,EAAE,CACF,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,MAAM;gBACpB,CAAC,CAAC,IAAI,KAAK,UAAU;gBACrB,CAAC,CAAC,IAAI,KAAK,QAAQ,CACtB,CAAC;YAEF,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI;oBACJ,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,UAAU;oBAChB,MAAM;oBACN,IAAI,EAAE,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE;oBACjC,OAAO,EAAE,IAAI,CAAC,WAAW;oBACzB,YAAY,EAAE,KAAK;iBACpB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"definitions.d.ts","sourceRoot":"","sources":["../../../src/scanner/rules/definitions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,eAAO,MAAM,aAAa,EAAE,YAAY,
|
|
1
|
+
{"version":3,"file":"definitions.d.ts","sourceRoot":"","sources":["../../../src/scanner/rules/definitions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,eAAO,MAAM,aAAa,EAAE,YAAY,EAmrBvC,CAAC;AAEF,wBAAgB,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS,CAEhE;AAED,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,YAAY,EAAE,CAEnE"}
|
|
@@ -127,8 +127,9 @@ exports.securityRules = [
|
|
|
127
127
|
tier: 'free',
|
|
128
128
|
languages: ['javascript', 'typescript'],
|
|
129
129
|
patterns: [
|
|
130
|
-
|
|
131
|
-
/
|
|
130
|
+
// Only match actual sensitive key names, not prefixes like "sessionStartTime"
|
|
131
|
+
/localStorage\.setItem\s*\(\s*['"`](?:access[_-]?token|refresh[_-]?token|auth[_-]?token|jwt[_-]?token|api[_-]?key|secret[_-]?key|password|private[_-]?key)['"`]/i,
|
|
132
|
+
/sessionStorage\.setItem\s*\(\s*['"`](?:access[_-]?token|refresh[_-]?token|auth[_-]?token|jwt[_-]?token|api[_-]?key|secret[_-]?key|password|private[_-]?key)['"`]/i,
|
|
132
133
|
],
|
|
133
134
|
fix: 'Use httpOnly cookies for sensitive tokens, or encrypt before storage',
|
|
134
135
|
},
|
|
@@ -140,7 +141,20 @@ exports.securityRules = [
|
|
|
140
141
|
tier: 'pro',
|
|
141
142
|
languages: ['javascript', 'typescript'],
|
|
142
143
|
patterns: [
|
|
143
|
-
|
|
144
|
+
// Only flag client-side code - server-side using service role is correct pattern
|
|
145
|
+
/createClient\s*\([^)]*\)[\s\S]*\.from\s*\(\s*['"`][^'"`]+['"`]\s*\)\.(?:select|insert|update|delete)/,
|
|
146
|
+
],
|
|
147
|
+
// Exclude server-side API files where service role key usage is correct
|
|
148
|
+
pathExclusions: [
|
|
149
|
+
/\/api\//,
|
|
150
|
+
/\/server\//,
|
|
151
|
+
/\/backend\//,
|
|
152
|
+
/\/routes\//,
|
|
153
|
+
/\/controllers\//,
|
|
154
|
+
/\/services\//,
|
|
155
|
+
/\.server\./,
|
|
156
|
+
/pages\/api\//,
|
|
157
|
+
/app\/api\//,
|
|
144
158
|
],
|
|
145
159
|
astMatcher: 'supabase-no-rls',
|
|
146
160
|
fix: 'Enable Row Level Security on Supabase tables and add policies',
|
|
@@ -392,9 +406,10 @@ exports.securityRules = [
|
|
|
392
406
|
tier: 'free',
|
|
393
407
|
languages: ['javascript', 'typescript', 'python'],
|
|
394
408
|
patterns: [
|
|
395
|
-
/
|
|
396
|
-
|
|
397
|
-
/
|
|
409
|
+
// Python settings - must be at start of line (not in HTML/docs)
|
|
410
|
+
/^\s*DEBUG\s*=\s*True/m,
|
|
411
|
+
// JS/TS config objects - must look like actual config
|
|
412
|
+
/(?:config|options|settings)\s*[=:]\s*\{[^}]*debug\s*:\s*true/i,
|
|
398
413
|
/\.enableDebug\s*\(\s*true\s*\)/,
|
|
399
414
|
],
|
|
400
415
|
fix: 'Disable debug mode in production environments',
|
|
@@ -402,17 +417,20 @@ exports.securityRules = [
|
|
|
402
417
|
{
|
|
403
418
|
id: 'prototype-pollution',
|
|
404
419
|
name: 'Potential Prototype Pollution',
|
|
405
|
-
description: '
|
|
420
|
+
description: 'Deep merging user input can allow prototype pollution attacks',
|
|
406
421
|
severity: 'low',
|
|
407
422
|
tier: 'free',
|
|
408
423
|
languages: ['javascript', 'typescript'],
|
|
409
424
|
patterns: [
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
/lodash\.merge\s*\([^)]*(?:req\.|body\.)/,
|
|
413
|
-
/
|
|
425
|
+
// Only flag actual deep merge operations that can cause prototype pollution
|
|
426
|
+
// Spread operator {...obj} and Object.assign({}, obj) are SAFE - they don't pollute
|
|
427
|
+
/(?:lodash|_)\.merge\s*\([^)]*(?:req\.|body\.|params\.|query\.)/,
|
|
428
|
+
/(?:lodash|_)\.mergeWith\s*\([^)]*(?:req\.|body\.|params\.|query\.)/,
|
|
429
|
+
/(?:lodash|_)\.defaultsDeep\s*\([^)]*(?:req\.|body\.|params\.|query\.)/,
|
|
430
|
+
/deepmerge\s*\([^)]*(?:req\.|body\.|params\.|query\.)/,
|
|
431
|
+
/merge\s*\(\s*\w+\s*,\s*(?:req\.|body\.|params\.|query\.)/,
|
|
414
432
|
],
|
|
415
|
-
fix: 'Validate and sanitize user input before merging. Use Object.create(null) for dictionaries',
|
|
433
|
+
fix: 'Validate and sanitize user input before deep merging. Use Object.create(null) for dictionaries',
|
|
416
434
|
},
|
|
417
435
|
// ============================================
|
|
418
436
|
// PRO TIER RULES - Framework-specific
|
|
@@ -438,7 +456,27 @@ exports.securityRules = [
|
|
|
438
456
|
tier: 'pro',
|
|
439
457
|
languages: ['javascript', 'typescript'],
|
|
440
458
|
patterns: [
|
|
441
|
-
|
|
459
|
+
// Match API routes without auth, but pattern is checked against file content
|
|
460
|
+
// File path exclusions are handled separately via pathExclusions
|
|
461
|
+
/export\s+(?:default\s+)?(?:async\s+)?function\s+(?:GET|POST|PUT|DELETE|PATCH)\s*\([^)]*\)\s*\{(?![^}]{0,500}(?:getServerSession|auth|getToken|verifyToken|currentUser|validateLicense|verifyLicense|body\.key|body\.license))/,
|
|
462
|
+
],
|
|
463
|
+
// Exclude auth endpoints and public API routes that use alternative auth
|
|
464
|
+
pathExclusions: [
|
|
465
|
+
/\/login\//,
|
|
466
|
+
/\/logout\//,
|
|
467
|
+
/\/signin\//,
|
|
468
|
+
/\/signout\//,
|
|
469
|
+
/\/register\//,
|
|
470
|
+
/\/signup\//,
|
|
471
|
+
/\/forgot-password\//,
|
|
472
|
+
/\/reset-password\//,
|
|
473
|
+
/\/verify\//,
|
|
474
|
+
/\/validate\//,
|
|
475
|
+
/\/activate\//,
|
|
476
|
+
/\/webhook/,
|
|
477
|
+
/\/health/,
|
|
478
|
+
/\/status/,
|
|
479
|
+
/\/public\//,
|
|
442
480
|
],
|
|
443
481
|
fix: 'Add authentication check using getServerSession() from next-auth or similar',
|
|
444
482
|
},
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"definitions.js","sourceRoot":"","sources":["../../../src/scanner/rules/definitions.ts"],"names":[],"mappings":";;;AAipBA,kCAEC;AAED,gDAEC;AArpBY,QAAA,aAAa,GAAmB;IAC3C,+CAA+C;IAC/C,0CAA0C;IAC1C,+CAA+C;IAE/C,WAAW;IACX;QACE,EAAE,EAAE,kBAAkB;QACtB,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,0EAA0E;QACvF,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,2CAA2C;YAC3C,8BAA8B;YAC9B,mCAAmC;YACnC,+CAA+C;YAC/C,qCAAqC;YACrC,eAAe;YACf,uCAAuC;YACvC,kBAAkB;YAClB,2BAA2B;YAC3B,mCAAmC;YACnC,qDAAqD;YACrD,kBAAkB;YAClB,gCAAgC;YAChC,cAAc;YACd,mDAAmD;YACnD,WAAW;YACX,mDAAmD;YACnD,SAAS;YACT,yBAAyB;YACzB,8DAA8D;YAC9D,2EAA2E;YAC3E,eAAe;YACf,wDAAwD;SACzD;QACD,GAAG,EAAE,2DAA2D;KACjE;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,gGAAgG;QAC7G,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,UAAU,EAAE,eAAe;QAC3B,GAAG,EAAE,kDAAkD;KACxD;IACD;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,sDAAsD;QACnE,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,UAAU,EAAE,YAAY;QACxB,GAAG,EAAE,mEAAmE;KACzE;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,2EAA2E;QACxF,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,mCAAmC;YACnC,iCAAiC;YACjC,8BAA8B;YAC9B,kCAAkC;YAClC,+BAA+B;YAC/B,qEAAqE;YACrE,2BAA2B;YAC3B,0BAA0B;SAC3B;QACD,GAAG,EAAE,0FAA0F;KAChG;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,gEAAgE;QAC7E,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,qBAAqB;YACrB,gDAAgD;YAChD,yBAAyB;YACzB,sBAAsB;YACtB,gBAAgB;YAChB,kBAAkB;SACnB;QACD,GAAG,EAAE,qGAAqG;KAC3G;IAED,kCAAkC;IAClC;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,qCAAqC;QAC3C,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,UAAU,EAAE,cAAc;QAC1B,GAAG,EAAE,qEAAqE;KAC3E;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,2CAA2C;QACjD,WAAW,EAAE,gEAAgE;QAC7E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,UAAU,EAAE,eAAe;QAC3B,GAAG,EAAE,kEAAkE;KACxE;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,wCAAwC;QAC9C,WAAW,EAAE,qEAAqE;QAClF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,sGAAsG;YACtG,wGAAwG;SACzG;QACD,GAAG,EAAE,sEAAsE;KAC5E;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,gFAAgF;QAC7F,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,uEAAuE;SACxE;QACD,UAAU,EAAE,iBAAiB;QAC7B,GAAG,EAAE,+DAA+D;KACrE;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,mEAAmE;QAChF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,yDAAyD;YACzD,kCAAkC;SACnC;QACD,GAAG,EAAE,sDAAsD;KAC5D;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,4EAA4E;QACzF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,UAAU,EAAE,MAAM;QAClB,GAAG,EAAE,sEAAsE;KAC5E;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,uDAAuD;YACvD,+IAA+I;YAC/I,iFAAiF;YACjF,4DAA4D;YAC5D,qEAAqE;YACrE,wEAAwE;SACzE;QACD,GAAG,EAAE,6FAA6F;KACnG;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,oCAAoC;QAC1C,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,sEAAsE;YACtE,yEAAyE;YACzE,0HAA0H;YAC1H,qFAAqF;YACrF,mCAAmC;YACnC,4FAA4F;YAC5F,yEAAyE;YACzE,4BAA4B;YAC5B,gEAAgE;SACjE;QACD,GAAG,EAAE,0GAA0G;KAChH;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,0DAA0D;YAC1D,wDAAwD;YACxD,sDAAsD;YACtD,oDAAoD;YACpD,4CAA4C;YAC5C,yCAAyC;SAC1C;QACD,GAAG,EAAE,+DAA+D;KACrE;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,iEAAiE;QAC9E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,oFAAoF;YACpF,kEAAkE;YAClE,sGAAsG;SACvG;QACD,GAAG,EAAE,2GAA2G;KACjH;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,iEAAiE;YACjE,sFAAsF;SACvF;QACD,GAAG,EAAE,6EAA6E;KACnF;IAED,qBAAqB;IACrB;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,kDAAkD;YAClD,yCAAyC;YACzC,aAAa;SACd;QACD,GAAG,EAAE,2CAA2C;KACjD;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,iDAAiD;QAC9D,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,iEAAiE;SAClE;QACD,GAAG,EAAE,wCAAwC;KAC9C;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,gDAAgD;QAC7D,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,4CAA4C;YAC5C,2CAA2C;YAC3C,6BAA6B;SAC9B;QACD,GAAG,EAAE,2DAA2D;KACjE;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,6FAA6F;QAC1G,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,6CAA6C;YAC7C,2DAA2D;YAC3D,0CAA0C;YAC1C,0GAA0G;SAC3G;QACD,GAAG,EAAE,mEAAmE;KACzE;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,qCAAqC;QAC3C,WAAW,EAAE,2EAA2E;QACxF,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,QAAQ;YACR,qBAAqB;YACrB,UAAU;YACV,mBAAmB;YACnB,yBAAyB;YACzB,gBAAgB;YAChB,aAAa;YACb,WAAW;SACZ;QACD,GAAG,EAAE,gEAAgE;KACtE;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,kCAAkC;QACxC,WAAW,EAAE,wDAAwD;QACrE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,0CAA0C;YAC1C,iCAAiC;YACjC,oBAAoB;YACpB,6BAA6B;SAC9B;QACD,GAAG,EAAE,uEAAuE;KAC7E;IAED,kBAAkB;IAClB;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,kCAAkC;QACxC,WAAW,EAAE,sEAAsE;QACnF,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,+DAA+D;YAC/D,6FAA6F;SAC9F;QACD,GAAG,EAAE,mEAAmE;KACzE;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,4EAA4E;QACzF,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,4FAA4F;YAC5F,uFAAuF;YACvF,uGAAuG;SACxG;QACD,UAAU,EAAE,oBAAoB;QAChC,GAAG,EAAE,yDAAyD;KAC/D;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,0DAA0D;QACvE,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,kGAAkG;YAClG,+EAA+E;YAC/E,mEAAmE;YACnE,qEAAqE;YACrE,gFAAgF;SACjF;QACD,GAAG,EAAE,8CAA8C;KACpD;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,kCAAkC;QACxC,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,kBAAkB;YAClB,kBAAkB;YAClB,uBAAuB;YACvB,gCAAgC;SACjC;QACD,GAAG,EAAE,+CAA+C;KACrD;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,uEAAuE;QACpF,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,sEAAsE;YACtE,sCAAsC;YACtC,yCAAyC;YACzC,qCAAqC;SACtC;QACD,GAAG,EAAE,2FAA2F;KACjG;IAED,+CAA+C;IAC/C,sCAAsC;IACtC,+CAA+C;IAE/C,kBAAkB;IAClB;QACE,EAAE,EAAE,8BAA8B;QAClC,IAAI,EAAE,oCAAoC;QAC1C,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,8IAA8I;SAC/I;QACD,GAAG,EAAE,6FAA6F;KACnG;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,sCAAsC;QAC5C,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,yKAAyK;SAC1K;QACD,GAAG,EAAE,6EAA6E;KACnF;IACD;QACE,EAAE,EAAE,gCAAgC;QACpC,IAAI,EAAE,gDAAgD;QACtD,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,gEAAgE;SACjE;QACD,GAAG,EAAE,+EAA+E;KACrF;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,uCAAuC;QAC7C,WAAW,EAAE,gFAAgF;QAC7F,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,kEAAkE;SACnE;QACD,GAAG,EAAE,2FAA2F;KACjG;IAED,iBAAiB;IACjB;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,oFAAoF;QACjG,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,kBAAkB;SACnB;QACD,GAAG,EAAE,6DAA6D;KACnE;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,kEAAkE;QAC/E,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,wCAAwC;SACzC;QACD,GAAG,EAAE,yEAAyE;KAC/E;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,wEAAwE;QACrF,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,qBAAqB;YACrB,6BAA6B;YAC7B,+BAA+B;YAC/B,+BAA+B;SAChC;QACD,GAAG,EAAE,iEAAiE;KACvE;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,sEAAsE;QACnF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,cAAc;SACf;QACD,GAAG,EAAE,mGAAmG;KACzG;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,mDAAmD;QAChE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,4CAA4C;SAC7C;QACD,GAAG,EAAE,oFAAoF;KAC1F;IAED,kBAAkB;IAClB;QACE,EAAE,EAAE,4BAA4B;QAChC,IAAI,EAAE,0CAA0C;QAChD,WAAW,EAAE,6DAA6D;QAC1E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,sJAAsJ;SACvJ;QACD,GAAG,EAAE,2FAA2F;KACjG;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,gCAAgC;QACtC,WAAW,EAAE,kEAAkE;QAC/E,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,qFAAqF;SACtF;QACD,GAAG,EAAE,8DAA8D;KACpE;IAED,iBAAiB;IACjB;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,sCAAsC;QAC5C,WAAW,EAAE,sEAAsE;QACnF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,CAAC;QACzB,QAAQ,EAAE;YACR,6HAA6H;SAC9H;QACD,GAAG,EAAE,0EAA0E;KAChF;IACD;QACE,EAAE,EAAE,mCAAmC;QACvC,IAAI,EAAE,mCAAmC;QACzC,WAAW,EAAE,yDAAyD;QACtE,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,CAAC;QACzB,QAAQ,EAAE;YACR,oFAAoF;SACrF;QACD,GAAG,EAAE,gEAAgE;KACtE;IAED,0BAA0B;IAC1B;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,sCAAsC;QAC5C,WAAW,EAAE,qDAAqD;QAClE,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,oCAAoC;YACpC,6BAA6B;SAC9B;QACD,GAAG,EAAE,0DAA0D;KAChE;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,IAAI,EAAE,2CAA2C;QACjD,WAAW,EAAE,yDAAyD;QACtE,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,yDAAyD;YACzD,+CAA+C;SAChD;QACD,GAAG,EAAE,4DAA4D;KAClE;IAED,qBAAqB;IACrB;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,2CAA2C;QACjD,WAAW,EAAE,qDAAqD;QAClE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,kCAAkC;SACnC;QACD,GAAG,EAAE,0CAA0C;KAChD;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,IAAI,EAAE,wCAAwC;QAC9C,WAAW,EAAE,2DAA2D;QACxE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,yBAAyB;YACzB,4BAA4B;SAC7B;QACD,GAAG,EAAE,wDAAwD;KAC9D;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,wCAAwC;QAC9C,WAAW,EAAE,+CAA+C;QAC5D,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,0EAA0E;SAC3E;QACD,GAAG,EAAE,yGAAyG;KAC/G;CACF,CAAC;AAEF,SAAgB,WAAW,CAAC,EAAU;IACpC,OAAO,qBAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AACpD,CAAC;AAED,SAAgB,kBAAkB,CAAC,QAAgB;IACjD,OAAO,qBAAa,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AAClE,CAAC"}
|
|
1
|
+
{"version":3,"file":"definitions.js","sourceRoot":"","sources":["../../../src/scanner/rules/definitions.ts"],"names":[],"mappings":";;;AAurBA,kCAEC;AAED,gDAEC;AA3rBY,QAAA,aAAa,GAAmB;IAC3C,+CAA+C;IAC/C,0CAA0C;IAC1C,+CAA+C;IAE/C,WAAW;IACX;QACE,EAAE,EAAE,kBAAkB;QACtB,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,0EAA0E;QACvF,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,2CAA2C;YAC3C,8BAA8B;YAC9B,mCAAmC;YACnC,+CAA+C;YAC/C,qCAAqC;YACrC,eAAe;YACf,uCAAuC;YACvC,kBAAkB;YAClB,2BAA2B;YAC3B,mCAAmC;YACnC,qDAAqD;YACrD,kBAAkB;YAClB,gCAAgC;YAChC,cAAc;YACd,mDAAmD;YACnD,WAAW;YACX,mDAAmD;YACnD,SAAS;YACT,yBAAyB;YACzB,8DAA8D;YAC9D,2EAA2E;YAC3E,eAAe;YACf,wDAAwD;SACzD;QACD,GAAG,EAAE,2DAA2D;KACjE;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,gGAAgG;QAC7G,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,UAAU,EAAE,eAAe;QAC3B,GAAG,EAAE,kDAAkD;KACxD;IACD;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,sDAAsD;QACnE,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,UAAU,EAAE,YAAY;QACxB,GAAG,EAAE,mEAAmE;KACzE;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,2EAA2E;QACxF,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,mCAAmC;YACnC,iCAAiC;YACjC,8BAA8B;YAC9B,kCAAkC;YAClC,+BAA+B;YAC/B,qEAAqE;YACrE,2BAA2B;YAC3B,0BAA0B;SAC3B;QACD,GAAG,EAAE,0FAA0F;KAChG;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,gEAAgE;QAC7E,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,qBAAqB;YACrB,gDAAgD;YAChD,yBAAyB;YACzB,sBAAsB;YACtB,gBAAgB;YAChB,kBAAkB;SACnB;QACD,GAAG,EAAE,qGAAqG;KAC3G;IAED,kCAAkC;IAClC;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,qCAAqC;QAC3C,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,UAAU,EAAE,cAAc;QAC1B,GAAG,EAAE,qEAAqE;KAC3E;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,2CAA2C;QACjD,WAAW,EAAE,gEAAgE;QAC7E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,UAAU,EAAE,eAAe;QAC3B,GAAG,EAAE,kEAAkE;KACxE;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,wCAAwC;QAC9C,WAAW,EAAE,qEAAqE;QAClF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,8EAA8E;YAC9E,iKAAiK;YACjK,mKAAmK;SACpK;QACD,GAAG,EAAE,sEAAsE;KAC5E;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,gFAAgF;QAC7F,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,iFAAiF;YACjF,sGAAsG;SACvG;QACD,wEAAwE;QACxE,cAAc,EAAE;YACd,SAAS;YACT,YAAY;YACZ,aAAa;YACb,YAAY;YACZ,iBAAiB;YACjB,cAAc;YACd,YAAY;YACZ,cAAc;YACd,YAAY;SACb;QACD,UAAU,EAAE,iBAAiB;QAC7B,GAAG,EAAE,+DAA+D;KACrE;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,mEAAmE;QAChF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,yDAAyD;YACzD,kCAAkC;SACnC;QACD,GAAG,EAAE,sDAAsD;KAC5D;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,4EAA4E;QACzF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,UAAU,EAAE,MAAM;QAClB,GAAG,EAAE,sEAAsE;KAC5E;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,uDAAuD;YACvD,+IAA+I;YAC/I,iFAAiF;YACjF,4DAA4D;YAC5D,qEAAqE;YACrE,wEAAwE;SACzE;QACD,GAAG,EAAE,6FAA6F;KACnG;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,oCAAoC;QAC1C,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,sEAAsE;YACtE,yEAAyE;YACzE,0HAA0H;YAC1H,qFAAqF;YACrF,mCAAmC;YACnC,4FAA4F;YAC5F,yEAAyE;YACzE,4BAA4B;YAC5B,gEAAgE;SACjE;QACD,GAAG,EAAE,0GAA0G;KAChH;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,0DAA0D;YAC1D,wDAAwD;YACxD,sDAAsD;YACtD,oDAAoD;YACpD,4CAA4C;YAC5C,yCAAyC;SAC1C;QACD,GAAG,EAAE,+DAA+D;KACrE;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,iEAAiE;QAC9E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,oFAAoF;YACpF,kEAAkE;YAClE,sGAAsG;SACvG;QACD,GAAG,EAAE,2GAA2G;KACjH;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,iEAAiE;YACjE,sFAAsF;SACvF;QACD,GAAG,EAAE,6EAA6E;KACnF;IAED,qBAAqB;IACrB;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,kDAAkD;YAClD,yCAAyC;YACzC,aAAa;SACd;QACD,GAAG,EAAE,2CAA2C;KACjD;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,iDAAiD;QAC9D,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,iEAAiE;SAClE;QACD,GAAG,EAAE,wCAAwC;KAC9C;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,gDAAgD;QAC7D,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,4CAA4C;YAC5C,2CAA2C;YAC3C,6BAA6B;SAC9B;QACD,GAAG,EAAE,2DAA2D;KACjE;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,6FAA6F;QAC1G,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,6CAA6C;YAC7C,2DAA2D;YAC3D,0CAA0C;YAC1C,0GAA0G;SAC3G;QACD,GAAG,EAAE,mEAAmE;KACzE;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,qCAAqC;QAC3C,WAAW,EAAE,2EAA2E;QACxF,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,QAAQ;YACR,qBAAqB;YACrB,UAAU;YACV,mBAAmB;YACnB,yBAAyB;YACzB,gBAAgB;YAChB,aAAa;YACb,WAAW;SACZ;QACD,GAAG,EAAE,gEAAgE;KACtE;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,kCAAkC;QACxC,WAAW,EAAE,wDAAwD;QACrE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,0CAA0C;YAC1C,iCAAiC;YACjC,oBAAoB;YACpB,6BAA6B;SAC9B;QACD,GAAG,EAAE,uEAAuE;KAC7E;IAED,kBAAkB;IAClB;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,kCAAkC;QACxC,WAAW,EAAE,sEAAsE;QACnF,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,+DAA+D;YAC/D,6FAA6F;SAC9F;QACD,GAAG,EAAE,mEAAmE;KACzE;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,4EAA4E;QACzF,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,4FAA4F;YAC5F,uFAAuF;YACvF,uGAAuG;SACxG;QACD,UAAU,EAAE,oBAAoB;QAChC,GAAG,EAAE,yDAAyD;KAC/D;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,0DAA0D;QACvE,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,kGAAkG;YAClG,+EAA+E;YAC/E,mEAAmE;YACnE,qEAAqE;YACrE,gFAAgF;SACjF;QACD,GAAG,EAAE,8CAA8C;KACpD;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,kCAAkC;QACxC,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,gEAAgE;YAChE,uBAAuB;YACvB,sDAAsD;YACtD,+DAA+D;YAC/D,gCAAgC;SACjC;QACD,GAAG,EAAE,+CAA+C;KACrD;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,4EAA4E;YAC5E,oFAAoF;YACpF,gEAAgE;YAChE,oEAAoE;YACpE,uEAAuE;YACvE,sDAAsD;YACtD,0DAA0D;SAC3D;QACD,GAAG,EAAE,gGAAgG;KACtG;IAED,+CAA+C;IAC/C,sCAAsC;IACtC,+CAA+C;IAE/C,kBAAkB;IAClB;QACE,EAAE,EAAE,8BAA8B;QAClC,IAAI,EAAE,oCAAoC;QAC1C,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,8IAA8I;SAC/I;QACD,GAAG,EAAE,6FAA6F;KACnG;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,sCAAsC;QAC5C,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,6EAA6E;YAC7E,iEAAiE;YACjE,+NAA+N;SAChO;QACD,yEAAyE;QACzE,cAAc,EAAE;YACd,WAAW;YACX,YAAY;YACZ,YAAY;YACZ,aAAa;YACb,cAAc;YACd,YAAY;YACZ,qBAAqB;YACrB,oBAAoB;YACpB,YAAY;YACZ,cAAc;YACd,cAAc;YACd,WAAW;YACX,UAAU;YACV,UAAU;YACV,YAAY;SACb;QACD,GAAG,EAAE,6EAA6E;KACnF;IACD;QACE,EAAE,EAAE,gCAAgC;QACpC,IAAI,EAAE,gDAAgD;QACtD,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,gEAAgE;SACjE;QACD,GAAG,EAAE,+EAA+E;KACrF;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,uCAAuC;QAC7C,WAAW,EAAE,gFAAgF;QAC7F,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,kEAAkE;SACnE;QACD,GAAG,EAAE,2FAA2F;KACjG;IAED,iBAAiB;IACjB;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,oFAAoF;QACjG,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,kBAAkB;SACnB;QACD,GAAG,EAAE,6DAA6D;KACnE;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,kEAAkE;QAC/E,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,wCAAwC;SACzC;QACD,GAAG,EAAE,yEAAyE;KAC/E;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,wEAAwE;QACrF,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,qBAAqB;YACrB,6BAA6B;YAC7B,+BAA+B;YAC/B,+BAA+B;SAChC;QACD,GAAG,EAAE,iEAAiE;KACvE;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,sEAAsE;QACnF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,cAAc;SACf;QACD,GAAG,EAAE,mGAAmG;KACzG;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,mDAAmD;QAChE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,4CAA4C;SAC7C;QACD,GAAG,EAAE,oFAAoF;KAC1F;IAED,kBAAkB;IAClB;QACE,EAAE,EAAE,4BAA4B;QAChC,IAAI,EAAE,0CAA0C;QAChD,WAAW,EAAE,6DAA6D;QAC1E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,sJAAsJ;SACvJ;QACD,GAAG,EAAE,2FAA2F;KACjG;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,gCAAgC;QACtC,WAAW,EAAE,kEAAkE;QAC/E,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,qFAAqF;SACtF;QACD,GAAG,EAAE,8DAA8D;KACpE;IAED,iBAAiB;IACjB;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,sCAAsC;QAC5C,WAAW,EAAE,sEAAsE;QACnF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,CAAC;QACzB,QAAQ,EAAE;YACR,6HAA6H;SAC9H;QACD,GAAG,EAAE,0EAA0E;KAChF;IACD;QACE,EAAE,EAAE,mCAAmC;QACvC,IAAI,EAAE,mCAAmC;QACzC,WAAW,EAAE,yDAAyD;QACtE,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,CAAC;QACzB,QAAQ,EAAE;YACR,oFAAoF;SACrF;QACD,GAAG,EAAE,gEAAgE;KACtE;IAED,0BAA0B;IAC1B;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,sCAAsC;QAC5C,WAAW,EAAE,qDAAqD;QAClE,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,oCAAoC;YACpC,6BAA6B;SAC9B;QACD,GAAG,EAAE,0DAA0D;KAChE;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,IAAI,EAAE,2CAA2C;QACjD,WAAW,EAAE,yDAAyD;QACtE,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,yDAAyD;YACzD,+CAA+C;SAChD;QACD,GAAG,EAAE,4DAA4D;KAClE;IAED,qBAAqB;IACrB;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,2CAA2C;QACjD,WAAW,EAAE,qDAAqD;QAClE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,kCAAkC;SACnC;QACD,GAAG,EAAE,0CAA0C;KAChD;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,IAAI,EAAE,wCAAwC;QAC9C,WAAW,EAAE,2DAA2D;QACxE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,yBAAyB;YACzB,4BAA4B;SAC7B;QACD,GAAG,EAAE,wDAAwD;KAC9D;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,wCAAwC;QAC9C,WAAW,EAAE,+CAA+C;QAC5D,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,0EAA0E;SAC3E;QACD,GAAG,EAAE,yGAAyG;KAC/G;CACF,CAAC;AAEF,SAAgB,WAAW,CAAC,EAAU;IACpC,OAAO,qBAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AACpD,CAAC;AAED,SAAgB,kBAAkB,CAAC,QAAgB;IACjD,OAAO,qBAAa,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AAClE,CAAC"}
|
package/dist/types.d.ts
CHANGED
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAC9D,MAAM,MAAM,IAAI,GAAG,MAAM,GAAG,KAAK,CAAC;AAElC,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,QAAQ,CAAC;IACnB,IAAI,EAAE,IAAI,CAAC;IACX,SAAS,EAAE,CAAC,YAAY,GAAG,YAAY,GAAG,QAAQ,CAAC,EAAE,CAAC;IACtD,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,YAAY,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,MAAM;IACrB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,KAAK,CAAC,EAAE;QACN,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;KACrB,CAAC;CACH"}
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAC9D,MAAM,MAAM,IAAI,GAAG,MAAM,GAAG,KAAK,CAAC;AAElC,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,QAAQ,CAAC;IACnB,IAAI,EAAE,IAAI,CAAC;IACX,SAAS,EAAE,CAAC,YAAY,GAAG,YAAY,GAAG,QAAQ,CAAC,EAAE,CAAC;IACtD,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,YAAY,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,MAAM;IACrB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,KAAK,CAAC,EAAE;QACN,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;KACrB,CAAC;CACH"}
|
package/package.json
CHANGED
package/src/cli/commands/scan.ts
CHANGED
|
@@ -26,12 +26,18 @@ export function createScanCommand(): Command {
|
|
|
26
26
|
.option('--force', 'Continue even if critical/high issues found')
|
|
27
27
|
.option('--json', 'Output results as JSON')
|
|
28
28
|
.option('--quiet', 'Minimal output (exit code only)')
|
|
29
|
+
.option('-e, --exclude <patterns...>', 'Glob patterns to exclude (e.g., "**/vendor/**" "*.min.js")')
|
|
29
30
|
.action(async (targets: string[], options) => {
|
|
30
31
|
try {
|
|
31
32
|
const config = loadConfig();
|
|
32
33
|
const licenseKey = getLicenseKey();
|
|
33
34
|
const cwd = process.cwd();
|
|
34
35
|
|
|
36
|
+
// Merge CLI exclude patterns with config
|
|
37
|
+
if (options.exclude) {
|
|
38
|
+
config.exclude = [...(config.exclude || []), ...options.exclude];
|
|
39
|
+
}
|
|
40
|
+
|
|
35
41
|
const scanner = new Scanner(config);
|
|
36
42
|
await scanner.initialize(licenseKey || undefined);
|
|
37
43
|
|
package/src/mcp/server.ts
CHANGED
|
@@ -31,11 +31,12 @@ export async function startMcpServer(): Promise<void> {
|
|
|
31
31
|
{
|
|
32
32
|
paths: z.array(z.string()).describe('File or directory paths to scan (relative to current working directory)'),
|
|
33
33
|
staged_only: z.boolean().optional().describe('If true, only scan git staged files'),
|
|
34
|
+
exclude: z.array(z.string()).optional().describe('Glob patterns to exclude (e.g., "**/vendor/**", "*.min.js")'),
|
|
34
35
|
},
|
|
35
|
-
async ({ paths, staged_only }) => {
|
|
36
|
+
async ({ paths, staged_only, exclude }) => {
|
|
36
37
|
try {
|
|
37
38
|
const licenseKey = getLicenseKey();
|
|
38
|
-
const scanner = new Scanner();
|
|
39
|
+
const scanner = new Scanner(exclude ? { exclude } : {});
|
|
39
40
|
await scanner.initialize(licenseKey || undefined);
|
|
40
41
|
|
|
41
42
|
const cwd = process.cwd();
|
|
@@ -109,13 +109,49 @@ export function scanWithAST(
|
|
|
109
109
|
},
|
|
110
110
|
|
|
111
111
|
'xss-innerhtml': (path: NodePath) => {
|
|
112
|
+
// Check if file imports a sanitizer - if so, assume proper usage
|
|
113
|
+
const codeLC = context.code.toLowerCase();
|
|
114
|
+
const hasSanitizer = codeLC.includes('dompurify') ||
|
|
115
|
+
codeLC.includes('sanitize-html') ||
|
|
116
|
+
codeLC.includes('xss') ||
|
|
117
|
+
codeLC.includes('escapehtml') ||
|
|
118
|
+
codeLC.includes('escape-html') ||
|
|
119
|
+
codeLC.includes('htmlsanitizer') ||
|
|
120
|
+
/function\s+escapehtml/i.test(context.code) ||
|
|
121
|
+
/const\s+escapehtml/i.test(context.code) ||
|
|
122
|
+
/escapehtml\s*[:=]/i.test(context.code);
|
|
123
|
+
|
|
124
|
+
if (hasSanitizer) {
|
|
125
|
+
return null; // File has sanitization, skip innerHTML checks
|
|
126
|
+
}
|
|
127
|
+
|
|
112
128
|
if (path.isAssignmentExpression()) {
|
|
113
129
|
const left = path.node.left;
|
|
130
|
+
const right = path.node.right;
|
|
114
131
|
if (
|
|
115
132
|
t.isMemberExpression(left) &&
|
|
116
133
|
t.isIdentifier(left.property) &&
|
|
117
134
|
left.property.name === 'innerHTML'
|
|
118
135
|
) {
|
|
136
|
+
// Skip if RHS is a string literal (static HTML is safe)
|
|
137
|
+
if (t.isStringLiteral(right)) {
|
|
138
|
+
return null;
|
|
139
|
+
}
|
|
140
|
+
// Skip if RHS is a template literal with no expressions (static)
|
|
141
|
+
if (t.isTemplateLiteral(right) && right.expressions.length === 0) {
|
|
142
|
+
return null;
|
|
143
|
+
}
|
|
144
|
+
// Skip if wrapped in sanitizer call
|
|
145
|
+
if (t.isCallExpression(right)) {
|
|
146
|
+
const callCode = context.code.substring(
|
|
147
|
+
right.start || 0,
|
|
148
|
+
right.end || 0
|
|
149
|
+
).toLowerCase();
|
|
150
|
+
if (callCode.includes('sanitize') || callCode.includes('escape') || callCode.includes('purify')) {
|
|
151
|
+
return null;
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
|
|
119
155
|
const rule = rules.find(r => r.id === 'xss-innerhtml');
|
|
120
156
|
if (rule) {
|
|
121
157
|
const loc = path.node.loc;
|
|
@@ -132,10 +168,25 @@ export function scanWithAST(
|
|
|
132
168
|
}
|
|
133
169
|
}
|
|
134
170
|
|
|
135
|
-
// Check for dangerouslySetInnerHTML in JSX
|
|
171
|
+
// Check for dangerouslySetInnerHTML in JSX - only flag if value is not static
|
|
136
172
|
if (path.isJSXAttribute()) {
|
|
137
173
|
const name = path.node.name;
|
|
138
174
|
if (t.isJSXIdentifier(name) && name.name === 'dangerouslySetInnerHTML') {
|
|
175
|
+
const value = path.node.value;
|
|
176
|
+
// Check if the value is a static string (safe)
|
|
177
|
+
if (t.isJSXExpressionContainer(value) && value.expression) {
|
|
178
|
+
const expr = value.expression;
|
|
179
|
+
// Check if it's an object with __html property that's a string literal
|
|
180
|
+
if (t.isObjectExpression(expr)) {
|
|
181
|
+
const htmlProp = expr.properties.find(
|
|
182
|
+
p => t.isObjectProperty(p) && t.isIdentifier(p.key) && p.key.name === '__html'
|
|
183
|
+
);
|
|
184
|
+
if (htmlProp && t.isObjectProperty(htmlProp) && t.isStringLiteral(htmlProp.value)) {
|
|
185
|
+
return null; // Static HTML string is safe
|
|
186
|
+
}
|
|
187
|
+
}
|
|
188
|
+
}
|
|
189
|
+
|
|
139
190
|
const rule = rules.find(r => r.id === 'xss-innerhtml');
|
|
140
191
|
if (rule) {
|
|
141
192
|
const loc = path.node.loc;
|
|
@@ -253,6 +304,12 @@ export function scanWithPatterns(
|
|
|
253
304
|
for (const rule of rules) {
|
|
254
305
|
if (!rule.patterns) continue;
|
|
255
306
|
|
|
307
|
+
// Check if file path matches any exclusion patterns for this rule
|
|
308
|
+
if (rule.pathExclusions) {
|
|
309
|
+
const shouldSkip = rule.pathExclusions.some(exclusion => exclusion.test(filePath));
|
|
310
|
+
if (shouldSkip) continue;
|
|
311
|
+
}
|
|
312
|
+
|
|
256
313
|
for (const pattern of rule.patterns) {
|
|
257
314
|
let match;
|
|
258
315
|
const regex = new RegExp(pattern.source, pattern.flags + (pattern.flags.includes('g') ? '' : 'g'));
|
|
@@ -24,25 +24,16 @@ const pythonPatterns: { ruleId: string; pattern: RegExp }[] = [
|
|
|
24
24
|
ruleId: 'eval-usage',
|
|
25
25
|
pattern: /\bexec\s*\([^)]*(?:input|request|data|params|args)/i,
|
|
26
26
|
},
|
|
27
|
-
// Hardcoded secrets
|
|
28
|
-
{
|
|
29
|
-
ruleId: 'hardcoded-secret',
|
|
30
|
-
pattern: /(?:api[_-]?key|secret[_-]?key|password|token)\s*=\s*['"][^'"]{8,}['"]/i,
|
|
31
|
-
},
|
|
32
27
|
// Flask/Django without CSRF
|
|
33
28
|
{
|
|
34
29
|
ruleId: 'permissive-cors',
|
|
35
30
|
pattern: /CORS\s*\(\s*app\s*(?:,\s*resources\s*=\s*\{[^}]*\*[^}]*\})?/,
|
|
36
31
|
},
|
|
37
|
-
// Debug mode in production
|
|
32
|
+
// Debug mode in production - Flask/FastAPI specific
|
|
38
33
|
{
|
|
39
34
|
ruleId: 'verbose-errors',
|
|
40
35
|
pattern: /app\.run\s*\([^)]*debug\s*=\s*True/i,
|
|
41
36
|
},
|
|
42
|
-
{
|
|
43
|
-
ruleId: 'verbose-errors',
|
|
44
|
-
pattern: /DEBUG\s*=\s*True/,
|
|
45
|
-
},
|
|
46
37
|
];
|
|
47
38
|
|
|
48
39
|
export function scanPythonWithPatterns(
|
|
@@ -57,6 +48,12 @@ export function scanPythonWithPatterns(
|
|
|
57
48
|
for (const rule of rules) {
|
|
58
49
|
if (!rule.patterns || !rule.languages.includes('python')) continue;
|
|
59
50
|
|
|
51
|
+
// Check if file path matches any exclusion patterns for this rule
|
|
52
|
+
if (rule.pathExclusions) {
|
|
53
|
+
const shouldSkip = rule.pathExclusions.some(exclusion => exclusion.test(filePath));
|
|
54
|
+
if (shouldSkip) continue;
|
|
55
|
+
}
|
|
56
|
+
|
|
60
57
|
for (const pattern of rule.patterns) {
|
|
61
58
|
let match;
|
|
62
59
|
const regex = new RegExp(pattern.source, pattern.flags + (pattern.flags.includes('g') ? '' : 'g'));
|
|
@@ -126,8 +126,9 @@ export const securityRules: SecurityRule[] = [
|
|
|
126
126
|
tier: 'free',
|
|
127
127
|
languages: ['javascript', 'typescript'],
|
|
128
128
|
patterns: [
|
|
129
|
-
|
|
130
|
-
/
|
|
129
|
+
// Only match actual sensitive key names, not prefixes like "sessionStartTime"
|
|
130
|
+
/localStorage\.setItem\s*\(\s*['"`](?:access[_-]?token|refresh[_-]?token|auth[_-]?token|jwt[_-]?token|api[_-]?key|secret[_-]?key|password|private[_-]?key)['"`]/i,
|
|
131
|
+
/sessionStorage\.setItem\s*\(\s*['"`](?:access[_-]?token|refresh[_-]?token|auth[_-]?token|jwt[_-]?token|api[_-]?key|secret[_-]?key|password|private[_-]?key)['"`]/i,
|
|
131
132
|
],
|
|
132
133
|
fix: 'Use httpOnly cookies for sensitive tokens, or encrypt before storage',
|
|
133
134
|
},
|
|
@@ -139,7 +140,20 @@ export const securityRules: SecurityRule[] = [
|
|
|
139
140
|
tier: 'pro',
|
|
140
141
|
languages: ['javascript', 'typescript'],
|
|
141
142
|
patterns: [
|
|
142
|
-
|
|
143
|
+
// Only flag client-side code - server-side using service role is correct pattern
|
|
144
|
+
/createClient\s*\([^)]*\)[\s\S]*\.from\s*\(\s*['"`][^'"`]+['"`]\s*\)\.(?:select|insert|update|delete)/,
|
|
145
|
+
],
|
|
146
|
+
// Exclude server-side API files where service role key usage is correct
|
|
147
|
+
pathExclusions: [
|
|
148
|
+
/\/api\//,
|
|
149
|
+
/\/server\//,
|
|
150
|
+
/\/backend\//,
|
|
151
|
+
/\/routes\//,
|
|
152
|
+
/\/controllers\//,
|
|
153
|
+
/\/services\//,
|
|
154
|
+
/\.server\./,
|
|
155
|
+
/pages\/api\//,
|
|
156
|
+
/app\/api\//,
|
|
143
157
|
],
|
|
144
158
|
astMatcher: 'supabase-no-rls',
|
|
145
159
|
fix: 'Enable Row Level Security on Supabase tables and add policies',
|
|
@@ -393,9 +407,10 @@ export const securityRules: SecurityRule[] = [
|
|
|
393
407
|
tier: 'free',
|
|
394
408
|
languages: ['javascript', 'typescript', 'python'],
|
|
395
409
|
patterns: [
|
|
396
|
-
/
|
|
397
|
-
|
|
398
|
-
/
|
|
410
|
+
// Python settings - must be at start of line (not in HTML/docs)
|
|
411
|
+
/^\s*DEBUG\s*=\s*True/m,
|
|
412
|
+
// JS/TS config objects - must look like actual config
|
|
413
|
+
/(?:config|options|settings)\s*[=:]\s*\{[^}]*debug\s*:\s*true/i,
|
|
399
414
|
/\.enableDebug\s*\(\s*true\s*\)/,
|
|
400
415
|
],
|
|
401
416
|
fix: 'Disable debug mode in production environments',
|
|
@@ -403,17 +418,20 @@ export const securityRules: SecurityRule[] = [
|
|
|
403
418
|
{
|
|
404
419
|
id: 'prototype-pollution',
|
|
405
420
|
name: 'Potential Prototype Pollution',
|
|
406
|
-
description: '
|
|
421
|
+
description: 'Deep merging user input can allow prototype pollution attacks',
|
|
407
422
|
severity: 'low',
|
|
408
423
|
tier: 'free',
|
|
409
424
|
languages: ['javascript', 'typescript'],
|
|
410
425
|
patterns: [
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
/lodash\.merge\s*\([^)]*(?:req\.|body\.)/,
|
|
414
|
-
/
|
|
426
|
+
// Only flag actual deep merge operations that can cause prototype pollution
|
|
427
|
+
// Spread operator {...obj} and Object.assign({}, obj) are SAFE - they don't pollute
|
|
428
|
+
/(?:lodash|_)\.merge\s*\([^)]*(?:req\.|body\.|params\.|query\.)/,
|
|
429
|
+
/(?:lodash|_)\.mergeWith\s*\([^)]*(?:req\.|body\.|params\.|query\.)/,
|
|
430
|
+
/(?:lodash|_)\.defaultsDeep\s*\([^)]*(?:req\.|body\.|params\.|query\.)/,
|
|
431
|
+
/deepmerge\s*\([^)]*(?:req\.|body\.|params\.|query\.)/,
|
|
432
|
+
/merge\s*\(\s*\w+\s*,\s*(?:req\.|body\.|params\.|query\.)/,
|
|
415
433
|
],
|
|
416
|
-
fix: 'Validate and sanitize user input before merging. Use Object.create(null) for dictionaries',
|
|
434
|
+
fix: 'Validate and sanitize user input before deep merging. Use Object.create(null) for dictionaries',
|
|
417
435
|
},
|
|
418
436
|
|
|
419
437
|
// ============================================
|
|
@@ -441,7 +459,27 @@ export const securityRules: SecurityRule[] = [
|
|
|
441
459
|
tier: 'pro',
|
|
442
460
|
languages: ['javascript', 'typescript'],
|
|
443
461
|
patterns: [
|
|
444
|
-
|
|
462
|
+
// Match API routes without auth, but pattern is checked against file content
|
|
463
|
+
// File path exclusions are handled separately via pathExclusions
|
|
464
|
+
/export\s+(?:default\s+)?(?:async\s+)?function\s+(?:GET|POST|PUT|DELETE|PATCH)\s*\([^)]*\)\s*\{(?![^}]{0,500}(?:getServerSession|auth|getToken|verifyToken|currentUser|validateLicense|verifyLicense|body\.key|body\.license))/,
|
|
465
|
+
],
|
|
466
|
+
// Exclude auth endpoints and public API routes that use alternative auth
|
|
467
|
+
pathExclusions: [
|
|
468
|
+
/\/login\//,
|
|
469
|
+
/\/logout\//,
|
|
470
|
+
/\/signin\//,
|
|
471
|
+
/\/signout\//,
|
|
472
|
+
/\/register\//,
|
|
473
|
+
/\/signup\//,
|
|
474
|
+
/\/forgot-password\//,
|
|
475
|
+
/\/reset-password\//,
|
|
476
|
+
/\/verify\//,
|
|
477
|
+
/\/validate\//,
|
|
478
|
+
/\/activate\//,
|
|
479
|
+
/\/webhook/,
|
|
480
|
+
/\/health/,
|
|
481
|
+
/\/status/,
|
|
482
|
+
/\/public\//,
|
|
445
483
|
],
|
|
446
484
|
fix: 'Add authentication check using getServerSession() from next-auth or similar',
|
|
447
485
|
},
|
package/src/types.ts
CHANGED