@nahisaho/musubix-core 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/musubix.js +18 -0
- package/dist/__tests__/index.test.d.ts +2 -0
- package/dist/__tests__/index.test.d.ts.map +1 -0
- package/dist/__tests__/index.test.js +27 -0
- package/dist/__tests__/index.test.js.map +1 -0
- package/dist/auth/auth-manager.d.ts +320 -0
- package/dist/auth/auth-manager.d.ts.map +1 -0
- package/dist/auth/auth-manager.js +580 -0
- package/dist/auth/auth-manager.js.map +1 -0
- package/dist/cli/base.d.ts +58 -0
- package/dist/cli/base.d.ts.map +1 -0
- package/dist/cli/base.js +93 -0
- package/dist/cli/base.js.map +1 -0
- package/dist/cli/commands/help.d.ts +17 -0
- package/dist/cli/commands/help.d.ts.map +1 -0
- package/dist/cli/commands/help.js +228 -0
- package/dist/cli/commands/help.js.map +1 -0
- package/dist/cli/commands/index.d.ts +14 -0
- package/dist/cli/commands/index.d.ts.map +1 -0
- package/dist/cli/commands/index.js +25 -0
- package/dist/cli/commands/index.js.map +1 -0
- package/dist/cli/commands/init.d.ts +38 -0
- package/dist/cli/commands/init.d.ts.map +1 -0
- package/dist/cli/commands/init.js +258 -0
- package/dist/cli/commands/init.js.map +1 -0
- package/dist/cli/index.d.ts +9 -0
- package/dist/cli/index.d.ts.map +1 -0
- package/dist/cli/index.js +9 -0
- package/dist/cli/index.js.map +1 -0
- package/dist/codegen/coding-standards.d.ts +250 -0
- package/dist/codegen/coding-standards.d.ts.map +1 -0
- package/dist/codegen/coding-standards.js +976 -0
- package/dist/codegen/coding-standards.js.map +1 -0
- package/dist/codegen/coverage-reporter.d.ts +264 -0
- package/dist/codegen/coverage-reporter.d.ts.map +1 -0
- package/dist/codegen/coverage-reporter.js +697 -0
- package/dist/codegen/coverage-reporter.js.map +1 -0
- package/dist/codegen/dependency-analyzer.d.ts +271 -0
- package/dist/codegen/dependency-analyzer.d.ts.map +1 -0
- package/dist/codegen/dependency-analyzer.js +661 -0
- package/dist/codegen/dependency-analyzer.js.map +1 -0
- package/dist/codegen/generator.d.ts +275 -0
- package/dist/codegen/generator.d.ts.map +1 -0
- package/dist/codegen/generator.js +781 -0
- package/dist/codegen/generator.js.map +1 -0
- package/dist/codegen/index.d.ts +18 -0
- package/dist/codegen/index.d.ts.map +1 -0
- package/dist/codegen/index.js +27 -0
- package/dist/codegen/index.js.map +1 -0
- package/dist/codegen/integration-test-generator.d.ts +312 -0
- package/dist/codegen/integration-test-generator.d.ts.map +1 -0
- package/dist/codegen/integration-test-generator.js +765 -0
- package/dist/codegen/integration-test-generator.js.map +1 -0
- package/dist/codegen/pattern-conformance.d.ts +309 -0
- package/dist/codegen/pattern-conformance.d.ts.map +1 -0
- package/dist/codegen/pattern-conformance.js +590 -0
- package/dist/codegen/pattern-conformance.js.map +1 -0
- package/dist/codegen/quality-metrics.d.ts +235 -0
- package/dist/codegen/quality-metrics.d.ts.map +1 -0
- package/dist/codegen/quality-metrics.js +439 -0
- package/dist/codegen/quality-metrics.js.map +1 -0
- package/dist/codegen/security-scanner.d.ts +179 -0
- package/dist/codegen/security-scanner.d.ts.map +1 -0
- package/dist/codegen/security-scanner.js +495 -0
- package/dist/codegen/security-scanner.js.map +1 -0
- package/dist/codegen/static-analyzer.d.ts +188 -0
- package/dist/codegen/static-analyzer.d.ts.map +1 -0
- package/dist/codegen/static-analyzer.js +490 -0
- package/dist/codegen/static-analyzer.js.map +1 -0
- package/dist/codegen/unit-test-generator.d.ts +289 -0
- package/dist/codegen/unit-test-generator.d.ts.map +1 -0
- package/dist/codegen/unit-test-generator.js +634 -0
- package/dist/codegen/unit-test-generator.js.map +1 -0
- package/dist/design/adr-generator.d.ts +227 -0
- package/dist/design/adr-generator.d.ts.map +1 -0
- package/dist/design/adr-generator.js +423 -0
- package/dist/design/adr-generator.js.map +1 -0
- package/dist/design/c4-generator.d.ts +267 -0
- package/dist/design/c4-generator.d.ts.map +1 -0
- package/dist/design/c4-generator.js +453 -0
- package/dist/design/c4-generator.js.map +1 -0
- package/dist/design/framework-optimizer.d.ts +190 -0
- package/dist/design/framework-optimizer.d.ts.map +1 -0
- package/dist/design/framework-optimizer.js +589 -0
- package/dist/design/framework-optimizer.js.map +1 -0
- package/dist/design/index.d.ts +12 -0
- package/dist/design/index.d.ts.map +1 -0
- package/dist/design/index.js +13 -0
- package/dist/design/index.js.map +1 -0
- package/dist/design/pattern-detector.d.ts +270 -0
- package/dist/design/pattern-detector.d.ts.map +1 -0
- package/dist/design/pattern-detector.js +621 -0
- package/dist/design/pattern-detector.js.map +1 -0
- package/dist/design/solid-validator.d.ts +188 -0
- package/dist/design/solid-validator.d.ts.map +1 -0
- package/dist/design/solid-validator.js +579 -0
- package/dist/design/solid-validator.js.map +1 -0
- package/dist/error/data-persistence.d.ts +311 -0
- package/dist/error/data-persistence.d.ts.map +1 -0
- package/dist/error/data-persistence.js +586 -0
- package/dist/error/data-persistence.js.map +1 -0
- package/dist/error/graceful-degradation.d.ts +309 -0
- package/dist/error/graceful-degradation.d.ts.map +1 -0
- package/dist/error/graceful-degradation.js +510 -0
- package/dist/error/graceful-degradation.js.map +1 -0
- package/dist/error/index.d.ts +11 -0
- package/dist/error/index.d.ts.map +1 -0
- package/dist/error/index.js +19 -0
- package/dist/error/index.js.map +1 -0
- package/dist/explanation/explanation-generator.d.ts +228 -0
- package/dist/explanation/explanation-generator.d.ts.map +1 -0
- package/dist/explanation/explanation-generator.js +662 -0
- package/dist/explanation/explanation-generator.js.map +1 -0
- package/dist/explanation/index.d.ts +11 -0
- package/dist/explanation/index.d.ts.map +1 -0
- package/dist/explanation/index.js +19 -0
- package/dist/explanation/index.js.map +1 -0
- package/dist/explanation/reasoning-chain.d.ts +314 -0
- package/dist/explanation/reasoning-chain.d.ts.map +1 -0
- package/dist/explanation/reasoning-chain.js +414 -0
- package/dist/explanation/reasoning-chain.js.map +1 -0
- package/dist/explanation/visual-explanation.d.ts +315 -0
- package/dist/explanation/visual-explanation.d.ts.map +1 -0
- package/dist/explanation/visual-explanation.js +667 -0
- package/dist/explanation/visual-explanation.js.map +1 -0
- package/dist/index.d.ts +33 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +47 -0
- package/dist/index.js.map +1 -0
- package/dist/requirements/decomposer.d.ts +235 -0
- package/dist/requirements/decomposer.d.ts.map +1 -0
- package/dist/requirements/decomposer.js +587 -0
- package/dist/requirements/decomposer.js.map +1 -0
- package/dist/requirements/related-finder.d.ts +261 -0
- package/dist/requirements/related-finder.d.ts.map +1 -0
- package/dist/requirements/related-finder.js +629 -0
- package/dist/requirements/related-finder.js.map +1 -0
- package/dist/traceability/impact.d.ts +196 -0
- package/dist/traceability/impact.d.ts.map +1 -0
- package/dist/traceability/impact.js +438 -0
- package/dist/traceability/impact.js.map +1 -0
- package/dist/traceability/index.d.ts +9 -0
- package/dist/traceability/index.d.ts.map +1 -0
- package/dist/traceability/index.js +10 -0
- package/dist/traceability/index.js.map +1 -0
- package/dist/traceability/manager.d.ts +266 -0
- package/dist/traceability/manager.d.ts.map +1 -0
- package/dist/traceability/manager.js +412 -0
- package/dist/traceability/manager.js.map +1 -0
- package/dist/types/common.d.ts +294 -0
- package/dist/types/common.d.ts.map +1 -0
- package/dist/types/common.js +15 -0
- package/dist/types/common.js.map +1 -0
- package/dist/types/ears.d.ts +158 -0
- package/dist/types/ears.d.ts.map +1 -0
- package/dist/types/ears.js +33 -0
- package/dist/types/ears.js.map +1 -0
- package/dist/types/errors.d.ts +176 -0
- package/dist/types/errors.d.ts.map +1 -0
- package/dist/types/errors.js +55 -0
- package/dist/types/errors.js.map +1 -0
- package/dist/types/index.d.ts +10 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +10 -0
- package/dist/types/index.js.map +1 -0
- package/dist/utils/data-protector.d.ts +122 -0
- package/dist/utils/data-protector.d.ts.map +1 -0
- package/dist/utils/data-protector.js +275 -0
- package/dist/utils/data-protector.js.map +1 -0
- package/dist/utils/error-handler.d.ts +101 -0
- package/dist/utils/error-handler.d.ts.map +1 -0
- package/dist/utils/error-handler.js +324 -0
- package/dist/utils/error-handler.js.map +1 -0
- package/dist/utils/i18n-manager.d.ts +259 -0
- package/dist/utils/i18n-manager.d.ts.map +1 -0
- package/dist/utils/i18n-manager.js +554 -0
- package/dist/utils/i18n-manager.js.map +1 -0
- package/dist/utils/index.d.ts +10 -0
- package/dist/utils/index.d.ts.map +1 -0
- package/dist/utils/index.js +10 -0
- package/dist/utils/index.js.map +1 -0
- package/dist/utils/logger.d.ts +120 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/logger.js +237 -0
- package/dist/utils/logger.js.map +1 -0
- package/dist/utils/performance-profiler.d.ts +251 -0
- package/dist/utils/performance-profiler.d.ts.map +1 -0
- package/dist/utils/performance-profiler.js +458 -0
- package/dist/utils/performance-profiler.js.map +1 -0
- package/dist/utils/scalability-optimizer.d.ts +294 -0
- package/dist/utils/scalability-optimizer.d.ts.map +1 -0
- package/dist/utils/scalability-optimizer.js +606 -0
- package/dist/utils/scalability-optimizer.js.map +1 -0
- package/dist/utils/structured-logger.d.ts +294 -0
- package/dist/utils/structured-logger.d.ts.map +1 -0
- package/dist/utils/structured-logger.js +630 -0
- package/dist/utils/structured-logger.js.map +1 -0
- package/dist/utils/version-compatibility.d.ts +217 -0
- package/dist/utils/version-compatibility.d.ts.map +1 -0
- package/dist/utils/version-compatibility.js +443 -0
- package/dist/utils/version-compatibility.js.map +1 -0
- package/dist/validators/ears-validator.d.ts +182 -0
- package/dist/validators/ears-validator.d.ts.map +1 -0
- package/dist/validators/ears-validator.js +357 -0
- package/dist/validators/ears-validator.js.map +1 -0
- package/dist/validators/index.d.ts +8 -0
- package/dist/validators/index.d.ts.map +1 -0
- package/dist/validators/index.js +9 -0
- package/dist/validators/index.js.map +1 -0
- package/dist/version.d.ts +8 -0
- package/dist/version.d.ts.map +1 -0
- package/dist/version.js +8 -0
- package/dist/version.js.map +1 -0
- package/package.json +100 -0
|
@@ -0,0 +1,495 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Security Scanner
|
|
3
|
+
*
|
|
4
|
+
* Scans code for security vulnerabilities
|
|
5
|
+
*
|
|
6
|
+
* @packageDocumentation
|
|
7
|
+
* @module codegen/security-scanner
|
|
8
|
+
*
|
|
9
|
+
* @see REQ-COD-006 - Security Analysis
|
|
10
|
+
* @see Article VII - Security Standards
|
|
11
|
+
*/
|
|
12
|
+
/**
|
|
13
|
+
* Default configuration
|
|
14
|
+
*/
|
|
15
|
+
export const DEFAULT_SCANNER_CONFIG = {
|
|
16
|
+
severityThreshold: 'medium',
|
|
17
|
+
categories: [
|
|
18
|
+
'injection',
|
|
19
|
+
'xss',
|
|
20
|
+
'auth',
|
|
21
|
+
'crypto',
|
|
22
|
+
'sensitive-data',
|
|
23
|
+
'access-control',
|
|
24
|
+
'secrets',
|
|
25
|
+
],
|
|
26
|
+
failOnFindings: true,
|
|
27
|
+
riskScoreThreshold: 70,
|
|
28
|
+
};
|
|
29
|
+
/**
|
|
30
|
+
* Built-in security rules
|
|
31
|
+
*/
|
|
32
|
+
const SECURITY_RULES = [
|
|
33
|
+
// Injection
|
|
34
|
+
{
|
|
35
|
+
id: 'sql-injection',
|
|
36
|
+
name: 'SQL Injection',
|
|
37
|
+
category: 'injection',
|
|
38
|
+
severity: 'critical',
|
|
39
|
+
description: 'Possible SQL injection vulnerability',
|
|
40
|
+
pattern: /(?:execute|query)\s*\(\s*[`'"].*\$\{|(?:execute|query)\s*\(\s*.*\+\s*(?:req\.|params\.|query\.)/gi,
|
|
41
|
+
cweId: 'CWE-89',
|
|
42
|
+
owasp: 'A03:2021',
|
|
43
|
+
remediation: 'Use parameterized queries or prepared statements',
|
|
44
|
+
enabled: true,
|
|
45
|
+
},
|
|
46
|
+
{
|
|
47
|
+
id: 'command-injection',
|
|
48
|
+
name: 'Command Injection',
|
|
49
|
+
category: 'injection',
|
|
50
|
+
severity: 'critical',
|
|
51
|
+
description: 'Possible command injection vulnerability',
|
|
52
|
+
pattern: /(?:exec|spawn|execSync|execFile)\s*\(\s*[`'"]?.*\$\{|(?:exec|spawn)\s*\(\s*.*\+/gi,
|
|
53
|
+
cweId: 'CWE-78',
|
|
54
|
+
owasp: 'A03:2021',
|
|
55
|
+
remediation: 'Avoid executing shell commands with user input. Use safe alternatives.',
|
|
56
|
+
enabled: true,
|
|
57
|
+
},
|
|
58
|
+
{
|
|
59
|
+
id: 'path-traversal',
|
|
60
|
+
name: 'Path Traversal',
|
|
61
|
+
category: 'injection',
|
|
62
|
+
severity: 'high',
|
|
63
|
+
description: 'Possible path traversal vulnerability',
|
|
64
|
+
pattern: /(?:readFile|writeFile|readdir|access|stat)\s*\(\s*(?:req\.|params\.|query\.|.*\+)/gi,
|
|
65
|
+
cweId: 'CWE-22',
|
|
66
|
+
owasp: 'A01:2021',
|
|
67
|
+
remediation: 'Validate and sanitize file paths. Use path.resolve() and verify within allowed directory.',
|
|
68
|
+
enabled: true,
|
|
69
|
+
},
|
|
70
|
+
// XSS
|
|
71
|
+
{
|
|
72
|
+
id: 'xss-innerhtml',
|
|
73
|
+
name: 'XSS via innerHTML',
|
|
74
|
+
category: 'xss',
|
|
75
|
+
severity: 'high',
|
|
76
|
+
description: 'Possible XSS vulnerability via innerHTML',
|
|
77
|
+
pattern: /\.innerHTML\s*=\s*(?!['"`])/gi,
|
|
78
|
+
cweId: 'CWE-79',
|
|
79
|
+
owasp: 'A03:2021',
|
|
80
|
+
remediation: 'Use textContent or sanitize HTML before setting innerHTML',
|
|
81
|
+
languages: ['javascript', 'typescript'],
|
|
82
|
+
enabled: true,
|
|
83
|
+
},
|
|
84
|
+
{
|
|
85
|
+
id: 'xss-dangerouslysetinnerhtml',
|
|
86
|
+
name: 'XSS via dangerouslySetInnerHTML',
|
|
87
|
+
category: 'xss',
|
|
88
|
+
severity: 'high',
|
|
89
|
+
description: 'Possible XSS via React dangerouslySetInnerHTML',
|
|
90
|
+
pattern: /dangerouslySetInnerHTML\s*=\s*\{\s*\{\s*__html\s*:/gi,
|
|
91
|
+
cweId: 'CWE-79',
|
|
92
|
+
owasp: 'A03:2021',
|
|
93
|
+
remediation: 'Sanitize HTML content before using dangerouslySetInnerHTML',
|
|
94
|
+
languages: ['javascript', 'typescript'],
|
|
95
|
+
enabled: true,
|
|
96
|
+
},
|
|
97
|
+
{
|
|
98
|
+
id: 'xss-document-write',
|
|
99
|
+
name: 'XSS via document.write',
|
|
100
|
+
category: 'xss',
|
|
101
|
+
severity: 'high',
|
|
102
|
+
description: 'Possible XSS via document.write',
|
|
103
|
+
pattern: /document\.write\s*\(/gi,
|
|
104
|
+
cweId: 'CWE-79',
|
|
105
|
+
owasp: 'A03:2021',
|
|
106
|
+
remediation: 'Avoid document.write. Use DOM manipulation methods instead.',
|
|
107
|
+
languages: ['javascript', 'typescript'],
|
|
108
|
+
enabled: true,
|
|
109
|
+
},
|
|
110
|
+
// Crypto
|
|
111
|
+
{
|
|
112
|
+
id: 'weak-hash-md5',
|
|
113
|
+
name: 'Weak Hash Algorithm (MD5)',
|
|
114
|
+
category: 'crypto',
|
|
115
|
+
severity: 'high',
|
|
116
|
+
description: 'Use of weak hash algorithm MD5',
|
|
117
|
+
pattern: /createHash\s*\(\s*['"]md5['"]\s*\)/gi,
|
|
118
|
+
cweId: 'CWE-328',
|
|
119
|
+
owasp: 'A02:2021',
|
|
120
|
+
remediation: 'Use stronger hash algorithms like SHA-256 or SHA-3',
|
|
121
|
+
enabled: true,
|
|
122
|
+
},
|
|
123
|
+
{
|
|
124
|
+
id: 'weak-hash-sha1',
|
|
125
|
+
name: 'Weak Hash Algorithm (SHA1)',
|
|
126
|
+
category: 'crypto',
|
|
127
|
+
severity: 'medium',
|
|
128
|
+
description: 'Use of weak hash algorithm SHA1',
|
|
129
|
+
pattern: /createHash\s*\(\s*['"]sha1['"]\s*\)/gi,
|
|
130
|
+
cweId: 'CWE-328',
|
|
131
|
+
owasp: 'A02:2021',
|
|
132
|
+
remediation: 'Use stronger hash algorithms like SHA-256 or SHA-3',
|
|
133
|
+
enabled: true,
|
|
134
|
+
},
|
|
135
|
+
{
|
|
136
|
+
id: 'weak-random',
|
|
137
|
+
name: 'Weak Random Number Generator',
|
|
138
|
+
category: 'crypto',
|
|
139
|
+
severity: 'medium',
|
|
140
|
+
description: 'Use of Math.random() for security-sensitive operations',
|
|
141
|
+
pattern: /Math\.random\s*\(\s*\)/gi,
|
|
142
|
+
cweId: 'CWE-338',
|
|
143
|
+
owasp: 'A02:2021',
|
|
144
|
+
remediation: 'Use crypto.randomBytes() or crypto.getRandomValues() for security purposes',
|
|
145
|
+
enabled: true,
|
|
146
|
+
},
|
|
147
|
+
{
|
|
148
|
+
id: 'hardcoded-iv',
|
|
149
|
+
name: 'Hardcoded IV',
|
|
150
|
+
category: 'crypto',
|
|
151
|
+
severity: 'high',
|
|
152
|
+
description: 'Hardcoded initialization vector in cryptographic operation',
|
|
153
|
+
pattern: /(?:createCipheriv|createDecipheriv)\s*\([^,]+,\s*[^,]+,\s*(?:Buffer\.from\s*\(\s*)?['"][^'"]+['"]/gi,
|
|
154
|
+
cweId: 'CWE-329',
|
|
155
|
+
owasp: 'A02:2021',
|
|
156
|
+
remediation: 'Generate a random IV for each encryption operation',
|
|
157
|
+
enabled: true,
|
|
158
|
+
},
|
|
159
|
+
// Sensitive Data
|
|
160
|
+
{
|
|
161
|
+
id: 'hardcoded-password',
|
|
162
|
+
name: 'Hardcoded Password',
|
|
163
|
+
category: 'secrets',
|
|
164
|
+
severity: 'critical',
|
|
165
|
+
description: 'Possible hardcoded password in code',
|
|
166
|
+
pattern: /(?:password|passwd|pwd|secret)\s*[=:]\s*['"][^'"]{4,}['"]/gi,
|
|
167
|
+
cweId: 'CWE-798',
|
|
168
|
+
owasp: 'A07:2021',
|
|
169
|
+
remediation: 'Store passwords in environment variables or secure secrets management',
|
|
170
|
+
enabled: true,
|
|
171
|
+
},
|
|
172
|
+
{
|
|
173
|
+
id: 'hardcoded-api-key',
|
|
174
|
+
name: 'Hardcoded API Key',
|
|
175
|
+
category: 'secrets',
|
|
176
|
+
severity: 'critical',
|
|
177
|
+
description: 'Possible hardcoded API key in code',
|
|
178
|
+
pattern: /(?:api[_-]?key|apikey|api[_-]?secret|auth[_-]?token)\s*[=:]\s*['"][^'"]{8,}['"]/gi,
|
|
179
|
+
cweId: 'CWE-798',
|
|
180
|
+
owasp: 'A07:2021',
|
|
181
|
+
remediation: 'Store API keys in environment variables or secure secrets management',
|
|
182
|
+
enabled: true,
|
|
183
|
+
},
|
|
184
|
+
{
|
|
185
|
+
id: 'aws-credentials',
|
|
186
|
+
name: 'AWS Credentials',
|
|
187
|
+
category: 'secrets',
|
|
188
|
+
severity: 'critical',
|
|
189
|
+
description: 'Possible AWS credentials in code',
|
|
190
|
+
pattern: /(?:AKIA[0-9A-Z]{16})|(?:aws[_-]?(?:access[_-]?key|secret)[_-]?(?:id)?)\s*[=:]\s*['"][^'"]+['"]/gi,
|
|
191
|
+
cweId: 'CWE-798',
|
|
192
|
+
owasp: 'A07:2021',
|
|
193
|
+
remediation: 'Use AWS IAM roles or environment variables for credentials',
|
|
194
|
+
enabled: true,
|
|
195
|
+
},
|
|
196
|
+
{
|
|
197
|
+
id: 'private-key',
|
|
198
|
+
name: 'Private Key Exposure',
|
|
199
|
+
category: 'secrets',
|
|
200
|
+
severity: 'critical',
|
|
201
|
+
description: 'Possible private key in code',
|
|
202
|
+
pattern: /-----BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY-----/gi,
|
|
203
|
+
cweId: 'CWE-321',
|
|
204
|
+
owasp: 'A07:2021',
|
|
205
|
+
remediation: 'Store private keys in secure key management systems',
|
|
206
|
+
enabled: true,
|
|
207
|
+
},
|
|
208
|
+
// Authentication
|
|
209
|
+
{
|
|
210
|
+
id: 'jwt-none-algorithm',
|
|
211
|
+
name: 'JWT None Algorithm',
|
|
212
|
+
category: 'auth',
|
|
213
|
+
severity: 'critical',
|
|
214
|
+
description: 'JWT with none algorithm allows token forgery',
|
|
215
|
+
pattern: /algorithm\s*[=:]\s*['"]none['"]/gi,
|
|
216
|
+
cweId: 'CWE-347',
|
|
217
|
+
owasp: 'A07:2021',
|
|
218
|
+
remediation: 'Always specify a secure algorithm like RS256 or HS256',
|
|
219
|
+
enabled: true,
|
|
220
|
+
},
|
|
221
|
+
{
|
|
222
|
+
id: 'jwt-weak-secret',
|
|
223
|
+
name: 'JWT Weak Secret',
|
|
224
|
+
category: 'auth',
|
|
225
|
+
severity: 'high',
|
|
226
|
+
description: 'JWT signed with potentially weak secret',
|
|
227
|
+
pattern: /jwt\.sign\s*\([^,]+,\s*['"][^'"]{1,15}['"]/gi,
|
|
228
|
+
cweId: 'CWE-326',
|
|
229
|
+
owasp: 'A07:2021',
|
|
230
|
+
remediation: 'Use a strong, random secret at least 256 bits long',
|
|
231
|
+
enabled: true,
|
|
232
|
+
},
|
|
233
|
+
{
|
|
234
|
+
id: 'basic-auth-header',
|
|
235
|
+
name: 'Basic Auth in Code',
|
|
236
|
+
category: 'auth',
|
|
237
|
+
severity: 'medium',
|
|
238
|
+
description: 'Hardcoded basic authentication credentials',
|
|
239
|
+
pattern: /Authorization['"]\s*[=:]\s*['"]Basic\s+[A-Za-z0-9+/=]+['"]/gi,
|
|
240
|
+
cweId: 'CWE-798',
|
|
241
|
+
owasp: 'A07:2021',
|
|
242
|
+
remediation: 'Use secure credential storage and avoid hardcoding auth headers',
|
|
243
|
+
enabled: true,
|
|
244
|
+
},
|
|
245
|
+
// Misconfiguration
|
|
246
|
+
{
|
|
247
|
+
id: 'cors-allow-all',
|
|
248
|
+
name: 'CORS Allow All Origins',
|
|
249
|
+
category: 'misconfiguration',
|
|
250
|
+
severity: 'medium',
|
|
251
|
+
description: 'CORS configured to allow all origins',
|
|
252
|
+
pattern: /(?:Access-Control-Allow-Origin|origin)\s*[=:]\s*['"][*]['"]/gi,
|
|
253
|
+
cweId: 'CWE-942',
|
|
254
|
+
owasp: 'A05:2021',
|
|
255
|
+
remediation: 'Restrict CORS to specific trusted origins',
|
|
256
|
+
enabled: true,
|
|
257
|
+
},
|
|
258
|
+
{
|
|
259
|
+
id: 'debug-mode',
|
|
260
|
+
name: 'Debug Mode Enabled',
|
|
261
|
+
category: 'misconfiguration',
|
|
262
|
+
severity: 'low',
|
|
263
|
+
description: 'Debug mode appears to be enabled',
|
|
264
|
+
pattern: /(?:debug|DEBUG)\s*[=:]\s*(?:true|1|['"]true['"])/gi,
|
|
265
|
+
cweId: 'CWE-489',
|
|
266
|
+
owasp: 'A05:2021',
|
|
267
|
+
remediation: 'Disable debug mode in production',
|
|
268
|
+
enabled: true,
|
|
269
|
+
},
|
|
270
|
+
{
|
|
271
|
+
id: 'disable-ssl-verify',
|
|
272
|
+
name: 'SSL Verification Disabled',
|
|
273
|
+
category: 'misconfiguration',
|
|
274
|
+
severity: 'high',
|
|
275
|
+
description: 'SSL certificate verification is disabled',
|
|
276
|
+
pattern: /(?:rejectUnauthorized|verify|strict[_-]?ssl)\s*[=:]\s*false/gi,
|
|
277
|
+
cweId: 'CWE-295',
|
|
278
|
+
owasp: 'A07:2021',
|
|
279
|
+
remediation: 'Enable SSL verification in production',
|
|
280
|
+
enabled: true,
|
|
281
|
+
},
|
|
282
|
+
// Access Control
|
|
283
|
+
{
|
|
284
|
+
id: 'insecure-redirect',
|
|
285
|
+
name: 'Insecure Redirect',
|
|
286
|
+
category: 'access-control',
|
|
287
|
+
severity: 'medium',
|
|
288
|
+
description: 'Possible open redirect vulnerability',
|
|
289
|
+
pattern: /(?:res\.redirect|location\.href|window\.location)\s*[=(]\s*(?:req\.|params\.|query\.)/gi,
|
|
290
|
+
cweId: 'CWE-601',
|
|
291
|
+
owasp: 'A01:2021',
|
|
292
|
+
remediation: 'Validate redirect URLs against a whitelist of allowed destinations',
|
|
293
|
+
enabled: true,
|
|
294
|
+
},
|
|
295
|
+
// Other
|
|
296
|
+
{
|
|
297
|
+
id: 'eval-usage',
|
|
298
|
+
name: 'Eval Usage',
|
|
299
|
+
category: 'injection',
|
|
300
|
+
severity: 'high',
|
|
301
|
+
description: 'Use of eval() is dangerous',
|
|
302
|
+
pattern: /\beval\s*\(/gi,
|
|
303
|
+
cweId: 'CWE-95',
|
|
304
|
+
owasp: 'A03:2021',
|
|
305
|
+
remediation: 'Avoid eval(). Use safer alternatives like JSON.parse()',
|
|
306
|
+
enabled: true,
|
|
307
|
+
},
|
|
308
|
+
{
|
|
309
|
+
id: 'new-function',
|
|
310
|
+
name: 'New Function Constructor',
|
|
311
|
+
category: 'injection',
|
|
312
|
+
severity: 'high',
|
|
313
|
+
description: 'Use of Function constructor is similar to eval()',
|
|
314
|
+
pattern: /new\s+Function\s*\(/gi,
|
|
315
|
+
cweId: 'CWE-95',
|
|
316
|
+
owasp: 'A03:2021',
|
|
317
|
+
remediation: 'Avoid new Function(). Use regular functions instead.',
|
|
318
|
+
enabled: true,
|
|
319
|
+
},
|
|
320
|
+
];
|
|
321
|
+
/**
|
|
322
|
+
* Security Scanner
|
|
323
|
+
*/
|
|
324
|
+
export class SecurityScanner {
|
|
325
|
+
config;
|
|
326
|
+
rules;
|
|
327
|
+
constructor(config) {
|
|
328
|
+
this.config = { ...DEFAULT_SCANNER_CONFIG, ...config };
|
|
329
|
+
this.rules = [...SECURITY_RULES];
|
|
330
|
+
if (this.config.customRules) {
|
|
331
|
+
this.rules.push(...this.config.customRules);
|
|
332
|
+
}
|
|
333
|
+
}
|
|
334
|
+
/**
|
|
335
|
+
* Scan code for vulnerabilities
|
|
336
|
+
*/
|
|
337
|
+
scan(code, file, language = 'typescript') {
|
|
338
|
+
const startTime = Date.now();
|
|
339
|
+
const vulnerabilities = [];
|
|
340
|
+
for (const rule of this.rules) {
|
|
341
|
+
if (!rule.enabled)
|
|
342
|
+
continue;
|
|
343
|
+
if (!this.config.categories.includes(rule.category))
|
|
344
|
+
continue;
|
|
345
|
+
if (rule.languages && !rule.languages.includes(language))
|
|
346
|
+
continue;
|
|
347
|
+
const matches = this.findMatches(code, rule, file);
|
|
348
|
+
vulnerabilities.push(...matches);
|
|
349
|
+
}
|
|
350
|
+
// Filter by severity
|
|
351
|
+
const filtered = this.filterBySeverity(vulnerabilities);
|
|
352
|
+
const scanTime = Date.now() - startTime;
|
|
353
|
+
const summary = this.createSummary(filtered);
|
|
354
|
+
return {
|
|
355
|
+
file,
|
|
356
|
+
vulnerabilities: filtered,
|
|
357
|
+
scanTime,
|
|
358
|
+
summary,
|
|
359
|
+
};
|
|
360
|
+
}
|
|
361
|
+
/**
|
|
362
|
+
* Scan multiple files
|
|
363
|
+
*/
|
|
364
|
+
scanFiles(files) {
|
|
365
|
+
return files.map((f) => this.scan(f.content, f.path, f.language));
|
|
366
|
+
}
|
|
367
|
+
/**
|
|
368
|
+
* Find pattern matches in code
|
|
369
|
+
*/
|
|
370
|
+
findMatches(code, rule, file) {
|
|
371
|
+
const vulnerabilities = [];
|
|
372
|
+
const lines = code.split('\n');
|
|
373
|
+
let match;
|
|
374
|
+
// Reset regex lastIndex
|
|
375
|
+
rule.pattern.lastIndex = 0;
|
|
376
|
+
while ((match = rule.pattern.exec(code)) !== null) {
|
|
377
|
+
const line = code.substring(0, match.index).split('\n').length;
|
|
378
|
+
const lineContent = lines[line - 1] || '';
|
|
379
|
+
vulnerabilities.push({
|
|
380
|
+
id: `${file}:${line}:${rule.id}`,
|
|
381
|
+
ruleId: rule.id,
|
|
382
|
+
severity: rule.severity,
|
|
383
|
+
category: rule.category,
|
|
384
|
+
title: rule.name,
|
|
385
|
+
description: rule.description,
|
|
386
|
+
file,
|
|
387
|
+
line,
|
|
388
|
+
snippet: lineContent.trim().substring(0, 100),
|
|
389
|
+
cweId: rule.cweId,
|
|
390
|
+
owasp: rule.owasp,
|
|
391
|
+
remediation: rule.remediation,
|
|
392
|
+
});
|
|
393
|
+
}
|
|
394
|
+
return vulnerabilities;
|
|
395
|
+
}
|
|
396
|
+
/**
|
|
397
|
+
* Filter vulnerabilities by severity threshold
|
|
398
|
+
*/
|
|
399
|
+
filterBySeverity(vulnerabilities) {
|
|
400
|
+
const severityOrder = [
|
|
401
|
+
'critical',
|
|
402
|
+
'high',
|
|
403
|
+
'medium',
|
|
404
|
+
'low',
|
|
405
|
+
'info',
|
|
406
|
+
];
|
|
407
|
+
const thresholdIndex = severityOrder.indexOf(this.config.severityThreshold);
|
|
408
|
+
return vulnerabilities.filter((v) => {
|
|
409
|
+
const vIndex = severityOrder.indexOf(v.severity);
|
|
410
|
+
return vIndex <= thresholdIndex;
|
|
411
|
+
});
|
|
412
|
+
}
|
|
413
|
+
/**
|
|
414
|
+
* Create security summary
|
|
415
|
+
*/
|
|
416
|
+
createSummary(vulnerabilities) {
|
|
417
|
+
const bySeverity = {
|
|
418
|
+
critical: 0,
|
|
419
|
+
high: 0,
|
|
420
|
+
medium: 0,
|
|
421
|
+
low: 0,
|
|
422
|
+
info: 0,
|
|
423
|
+
};
|
|
424
|
+
const byCategory = {
|
|
425
|
+
injection: 0,
|
|
426
|
+
xss: 0,
|
|
427
|
+
auth: 0,
|
|
428
|
+
crypto: 0,
|
|
429
|
+
'sensitive-data': 0,
|
|
430
|
+
'access-control': 0,
|
|
431
|
+
misconfiguration: 0,
|
|
432
|
+
dependencies: 0,
|
|
433
|
+
secrets: 0,
|
|
434
|
+
};
|
|
435
|
+
for (const v of vulnerabilities) {
|
|
436
|
+
bySeverity[v.severity]++;
|
|
437
|
+
byCategory[v.category]++;
|
|
438
|
+
}
|
|
439
|
+
const riskScore = this.calculateRiskScore(bySeverity);
|
|
440
|
+
const passed = riskScore <= this.config.riskScoreThreshold &&
|
|
441
|
+
bySeverity.critical === 0;
|
|
442
|
+
return {
|
|
443
|
+
total: vulnerabilities.length,
|
|
444
|
+
bySeverity,
|
|
445
|
+
byCategory,
|
|
446
|
+
riskScore,
|
|
447
|
+
passed,
|
|
448
|
+
};
|
|
449
|
+
}
|
|
450
|
+
/**
|
|
451
|
+
* Calculate risk score
|
|
452
|
+
*/
|
|
453
|
+
calculateRiskScore(bySeverity) {
|
|
454
|
+
const weights = {
|
|
455
|
+
critical: 40,
|
|
456
|
+
high: 20,
|
|
457
|
+
medium: 10,
|
|
458
|
+
low: 5,
|
|
459
|
+
info: 1,
|
|
460
|
+
};
|
|
461
|
+
let score = 0;
|
|
462
|
+
for (const [severity, count] of Object.entries(bySeverity)) {
|
|
463
|
+
score += weights[severity] * count;
|
|
464
|
+
}
|
|
465
|
+
return Math.min(100, score);
|
|
466
|
+
}
|
|
467
|
+
/**
|
|
468
|
+
* Get available rules
|
|
469
|
+
*/
|
|
470
|
+
getRules() {
|
|
471
|
+
return [...this.rules];
|
|
472
|
+
}
|
|
473
|
+
/**
|
|
474
|
+
* Enable/disable rule
|
|
475
|
+
*/
|
|
476
|
+
setRuleEnabled(ruleId, enabled) {
|
|
477
|
+
const rule = this.rules.find((r) => r.id === ruleId);
|
|
478
|
+
if (rule) {
|
|
479
|
+
rule.enabled = enabled;
|
|
480
|
+
}
|
|
481
|
+
}
|
|
482
|
+
/**
|
|
483
|
+
* Add custom rule
|
|
484
|
+
*/
|
|
485
|
+
addRule(rule) {
|
|
486
|
+
this.rules.push(rule);
|
|
487
|
+
}
|
|
488
|
+
}
|
|
489
|
+
/**
|
|
490
|
+
* Create security scanner instance
|
|
491
|
+
*/
|
|
492
|
+
export function createSecurityScanner(config) {
|
|
493
|
+
return new SecurityScanner(config);
|
|
494
|
+
}
|
|
495
|
+
//# sourceMappingURL=security-scanner.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-scanner.js","sourceRoot":"","sources":["../../src/codegen/security-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAiIH;;GAEG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAA0B;IAC3D,iBAAiB,EAAE,QAAQ;IAC3B,UAAU,EAAE;QACV,WAAW;QACX,KAAK;QACL,MAAM;QACN,QAAQ;QACR,gBAAgB;QAChB,gBAAgB;QAChB,SAAS;KACV;IACD,cAAc,EAAE,IAAI;IACpB,kBAAkB,EAAE,EAAE;CACvB,CAAC;AAEF;;GAEG;AACH,MAAM,cAAc,GAAmB;IACrC,YAAY;IACZ;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,sCAAsC;QACnD,OAAO,EAAE,mGAAmG;QAC5G,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,kDAAkD;QAC/D,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,0CAA0C;QACvD,OAAO,EAAE,mFAAmF;QAC5F,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,wEAAwE;QACrF,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,uCAAuC;QACpD,OAAO,EAAE,qFAAqF;QAC9F,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,2FAA2F;QACxG,OAAO,EAAE,IAAI;KACd;IAED,MAAM;IACN;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,0CAA0C;QACvD,OAAO,EAAE,+BAA+B;QACxC,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,2DAA2D;QACxE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,6BAA6B;QACjC,IAAI,EAAE,iCAAiC;QACvC,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,gDAAgD;QAC7D,OAAO,EAAE,sDAAsD;QAC/D,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,4DAA4D;QACzE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,iCAAiC;QAC9C,OAAO,EAAE,wBAAwB;QACjC,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,6DAA6D;QAC1E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,OAAO,EAAE,IAAI;KACd;IAED,SAAS;IACT;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,2BAA2B;QACjC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,gCAAgC;QAC7C,OAAO,EAAE,sCAAsC;QAC/C,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,oDAAoD;QACjE,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,4BAA4B;QAClC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,iCAAiC;QAC9C,OAAO,EAAE,uCAAuC;QAChD,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,oDAAoD;QACjE,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,wDAAwD;QACrE,OAAO,EAAE,0BAA0B;QACnC,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,4EAA4E;QACzF,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,cAAc;QACpB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,4DAA4D;QACzE,OAAO,EAAE,qGAAqG;QAC9G,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,oDAAoD;QACjE,OAAO,EAAE,IAAI;KACd;IAED,iBAAiB;IACjB;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,qCAAqC;QAClD,OAAO,EAAE,6DAA6D;QACtE,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,uEAAuE;QACpF,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,oCAAoC;QACjD,OAAO,EAAE,mFAAmF;QAC5F,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,sEAAsE;QACnF,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,kCAAkC;QAC/C,OAAO,EAAE,kGAAkG;QAC3G,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,4DAA4D;QACzE,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,8BAA8B;QAC3C,OAAO,EAAE,8CAA8C;QACvD,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,qDAAqD;QAClE,OAAO,EAAE,IAAI;KACd;IAED,iBAAiB;IACjB;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,8CAA8C;QAC3D,OAAO,EAAE,mCAAmC;QAC5C,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,uDAAuD;QACpE,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;QACtD,OAAO,EAAE,8CAA8C;QACvD,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,oDAAoD;QACjE,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,4CAA4C;QACzD,OAAO,EAAE,8DAA8D;QACvE,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,iEAAiE;QAC9E,OAAO,EAAE,IAAI;KACd;IAED,mBAAmB;IACnB;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,sCAAsC;QACnD,OAAO,EAAE,+DAA+D;QACxE,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,2CAA2C;QACxD,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,kCAAkC;QAC/C,OAAO,EAAE,oDAAoD;QAC7D,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,kCAAkC;QAC/C,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,2BAA2B;QACjC,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,0CAA0C;QACvD,OAAO,EAAE,+DAA+D;QACxE,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,uCAAuC;QACpD,OAAO,EAAE,IAAI;KACd;IAED,iBAAiB;IACjB;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,gBAAgB;QAC1B,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,sCAAsC;QACnD,OAAO,EAAE,yFAAyF;QAClG,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,oEAAoE;QACjF,OAAO,EAAE,IAAI;KACd;IAED,QAAQ;IACR;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,4BAA4B;QACzC,OAAO,EAAE,eAAe;QACxB,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,wDAAwD;QACrE,OAAO,EAAE,IAAI;KACd;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,kDAAkD;QAC/D,OAAO,EAAE,uBAAuB;QAChC,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,sDAAsD;QACnE,OAAO,EAAE,IAAI;KACd;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,eAAe;IAClB,MAAM,CAAwB;IAC9B,KAAK,CAAiB;IAE9B,YAAY,MAAuC;QACjD,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,sBAAsB,EAAE,GAAG,MAAM,EAAE,CAAC;QACvD,IAAI,CAAC,KAAK,GAAG,CAAC,GAAG,cAAc,CAAC,CAAC;QAEjC,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,IAAY,EAAE,IAAY,EAAE,QAAQ,GAAG,YAAY;QACtD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,eAAe,GAA4B,EAAE,CAAC;QAEpD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,IAAI,CAAC,IAAI,CAAC,OAAO;gBAAE,SAAS;YAC5B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAC9D,IAAI,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAEnE,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YACnD,eAAe,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;QACnC,CAAC;QAED,qBAAqB;QACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAAC;QAExD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QACxC,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAE7C,OAAO;YACL,IAAI;YACJ,eAAe,EAAE,QAAQ;YACzB,QAAQ;YACR,OAAO;SACR,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,SAAS,CACP,KAAkE;QAElE,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IACpE,CAAC;IAED;;OAEG;IACK,WAAW,CACjB,IAAY,EACZ,IAAkB,EAClB,IAAY;QAEZ,MAAM,eAAe,GAA4B,EAAE,CAAC;QACpD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC;QAEV,wBAAwB;QACxB,IAAI,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAE3B,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAClD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAC/D,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YAE1C,eAAe,CAAC,IAAI,CAAC;gBACnB,EAAE,EAAE,GAAG,IAAI,IAAI,IAAI,IAAI,IAAI,CAAC,EAAE,EAAE;gBAChC,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,KAAK,EAAE,IAAI,CAAC,IAAI;gBAChB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,IAAI;gBACJ,IAAI;gBACJ,OAAO,EAAE,WAAW,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;gBAC7C,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,WAAW,EAAE,IAAI,CAAC,WAAW;aAC9B,CAAC,CAAC;QACL,CAAC;QAED,OAAO,eAAe,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,gBAAgB,CACtB,eAAwC;QAExC,MAAM,aAAa,GAA4B;YAC7C,UAAU;YACV,MAAM;YACN,QAAQ;YACR,KAAK;YACL,MAAM;SACP,CAAC;QACF,MAAM,cAAc,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;QAE5E,OAAO,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YAClC,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;YACjD,OAAO,MAAM,IAAI,cAAc,CAAC;QAClC,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,eAAwC;QAC5D,MAAM,UAAU,GAA0C;YACxD,QAAQ,EAAE,CAAC;YACX,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,GAAG,EAAE,CAAC;YACN,IAAI,EAAE,CAAC;SACR,CAAC;QAEF,MAAM,UAAU,GAA0C;YACxD,SAAS,EAAE,CAAC;YACZ,GAAG,EAAE,CAAC;YACN,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,gBAAgB,EAAE,CAAC;YACnB,gBAAgB,EAAE,CAAC;YACnB,gBAAgB,EAAE,CAAC;YACnB,YAAY,EAAE,CAAC;YACf,OAAO,EAAE,CAAC;SACX,CAAC;QAEF,KAAK,MAAM,CAAC,IAAI,eAAe,EAAE,CAAC;YAChC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3B,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;QACtD,MAAM,MAAM,GAAG,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB;YAC3C,UAAU,CAAC,QAAQ,KAAK,CAAC,CAAC;QAEzC,OAAO;YACL,KAAK,EAAE,eAAe,CAAC,MAAM;YAC7B,UAAU;YACV,UAAU;YACV,SAAS;YACT,MAAM;SACP,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,kBAAkB,CACxB,UAAiD;QAEjD,MAAM,OAAO,GAAG;YACd,QAAQ,EAAE,EAAE;YACZ,IAAI,EAAE,EAAE;YACR,MAAM,EAAE,EAAE;YACV,GAAG,EAAE,CAAC;YACN,IAAI,EAAE,CAAC;SACR,CAAC;QAEF,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3D,KAAK,IAAI,OAAO,CAAC,QAAiC,CAAC,GAAG,KAAK,CAAC;QAC9D,CAAC;QAED,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,MAAc,EAAE,OAAgB;QAC7C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;QACrD,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACzB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,IAAkB;QACxB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxB,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,MAAuC;IAEvC,OAAO,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC;AACrC,CAAC"}
|
|
@@ -0,0 +1,188 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Static Analyzer
|
|
3
|
+
*
|
|
4
|
+
* Performs static code analysis
|
|
5
|
+
*
|
|
6
|
+
* @packageDocumentation
|
|
7
|
+
* @module codegen/static-analyzer
|
|
8
|
+
*
|
|
9
|
+
* @see REQ-COD-002 - Static Analysis
|
|
10
|
+
* @see Article V - Code Quality Standards
|
|
11
|
+
*/
|
|
12
|
+
/**
|
|
13
|
+
* Issue severity
|
|
14
|
+
*/
|
|
15
|
+
export type IssueSeverity = 'error' | 'warning' | 'info' | 'hint';
|
|
16
|
+
/**
|
|
17
|
+
* Issue category
|
|
18
|
+
*/
|
|
19
|
+
export type IssueCategory = 'syntax' | 'type' | 'style' | 'complexity' | 'maintainability' | 'performance' | 'security' | 'best-practice' | 'deprecated';
|
|
20
|
+
/**
|
|
21
|
+
* Code issue
|
|
22
|
+
*/
|
|
23
|
+
export interface CodeIssue {
|
|
24
|
+
/** Issue ID */
|
|
25
|
+
id: string;
|
|
26
|
+
/** Rule ID */
|
|
27
|
+
ruleId: string;
|
|
28
|
+
/** Severity */
|
|
29
|
+
severity: IssueSeverity;
|
|
30
|
+
/** Category */
|
|
31
|
+
category: IssueCategory;
|
|
32
|
+
/** Message */
|
|
33
|
+
message: string;
|
|
34
|
+
/** File path */
|
|
35
|
+
file?: string;
|
|
36
|
+
/** Line number */
|
|
37
|
+
line?: number;
|
|
38
|
+
/** Column */
|
|
39
|
+
column?: number;
|
|
40
|
+
/** End line */
|
|
41
|
+
endLine?: number;
|
|
42
|
+
/** End column */
|
|
43
|
+
endColumn?: number;
|
|
44
|
+
/** Code snippet */
|
|
45
|
+
snippet?: string;
|
|
46
|
+
/** Fix suggestion */
|
|
47
|
+
fix?: CodeFix;
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Code fix
|
|
51
|
+
*/
|
|
52
|
+
export interface CodeFix {
|
|
53
|
+
/** Fix description */
|
|
54
|
+
description: string;
|
|
55
|
+
/** Replacement text */
|
|
56
|
+
replacement: string;
|
|
57
|
+
/** Range to replace */
|
|
58
|
+
range: {
|
|
59
|
+
start: {
|
|
60
|
+
line: number;
|
|
61
|
+
column: number;
|
|
62
|
+
};
|
|
63
|
+
end: {
|
|
64
|
+
line: number;
|
|
65
|
+
column: number;
|
|
66
|
+
};
|
|
67
|
+
};
|
|
68
|
+
}
|
|
69
|
+
/**
|
|
70
|
+
* Analysis result
|
|
71
|
+
*/
|
|
72
|
+
export interface AnalysisResult {
|
|
73
|
+
/** File analyzed */
|
|
74
|
+
file: string;
|
|
75
|
+
/** Issues found */
|
|
76
|
+
issues: CodeIssue[];
|
|
77
|
+
/** Analysis time */
|
|
78
|
+
analysisTime: number;
|
|
79
|
+
/** Summary */
|
|
80
|
+
summary: AnalysisSummary;
|
|
81
|
+
}
|
|
82
|
+
/**
|
|
83
|
+
* Analysis summary
|
|
84
|
+
*/
|
|
85
|
+
export interface AnalysisSummary {
|
|
86
|
+
/** Total issues */
|
|
87
|
+
totalIssues: number;
|
|
88
|
+
/** By severity */
|
|
89
|
+
bySeverity: Record<IssueSeverity, number>;
|
|
90
|
+
/** By category */
|
|
91
|
+
byCategory: Record<IssueCategory, number>;
|
|
92
|
+
/** Pass/fail */
|
|
93
|
+
passed: boolean;
|
|
94
|
+
}
|
|
95
|
+
/**
|
|
96
|
+
* Analysis rule
|
|
97
|
+
*/
|
|
98
|
+
export interface AnalysisRule {
|
|
99
|
+
/** Rule ID */
|
|
100
|
+
id: string;
|
|
101
|
+
/** Rule name */
|
|
102
|
+
name: string;
|
|
103
|
+
/** Category */
|
|
104
|
+
category: IssueCategory;
|
|
105
|
+
/** Default severity */
|
|
106
|
+
severity: IssueSeverity;
|
|
107
|
+
/** Description */
|
|
108
|
+
description: string;
|
|
109
|
+
/** Detection function */
|
|
110
|
+
detect: (code: string, context: AnalysisContext) => CodeIssue[];
|
|
111
|
+
/** Is enabled */
|
|
112
|
+
enabled: boolean;
|
|
113
|
+
}
|
|
114
|
+
/**
|
|
115
|
+
* Analysis context
|
|
116
|
+
*/
|
|
117
|
+
export interface AnalysisContext {
|
|
118
|
+
/** File path */
|
|
119
|
+
file: string;
|
|
120
|
+
/** Language */
|
|
121
|
+
language: string;
|
|
122
|
+
/** Options */
|
|
123
|
+
options: StaticAnalyzerConfig;
|
|
124
|
+
}
|
|
125
|
+
/**
|
|
126
|
+
* Static analyzer configuration
|
|
127
|
+
*/
|
|
128
|
+
export interface StaticAnalyzerConfig {
|
|
129
|
+
/** Max errors to report */
|
|
130
|
+
maxErrors: number;
|
|
131
|
+
/** Severity threshold */
|
|
132
|
+
severityThreshold: IssueSeverity;
|
|
133
|
+
/** Categories to check */
|
|
134
|
+
categories: IssueCategory[];
|
|
135
|
+
/** Custom rules */
|
|
136
|
+
customRules?: AnalysisRule[];
|
|
137
|
+
/** Ignore patterns */
|
|
138
|
+
ignorePatterns?: string[];
|
|
139
|
+
}
|
|
140
|
+
/**
|
|
141
|
+
* Default configuration
|
|
142
|
+
*/
|
|
143
|
+
export declare const DEFAULT_ANALYZER_CONFIG: StaticAnalyzerConfig;
|
|
144
|
+
/**
|
|
145
|
+
* Static Analyzer
|
|
146
|
+
*/
|
|
147
|
+
export declare class StaticAnalyzer {
|
|
148
|
+
private config;
|
|
149
|
+
private rules;
|
|
150
|
+
constructor(config?: Partial<StaticAnalyzerConfig>);
|
|
151
|
+
/**
|
|
152
|
+
* Analyze code
|
|
153
|
+
*/
|
|
154
|
+
analyze(code: string, file: string, language?: string): AnalysisResult;
|
|
155
|
+
/**
|
|
156
|
+
* Analyze multiple files
|
|
157
|
+
*/
|
|
158
|
+
analyzeFiles(files: Array<{
|
|
159
|
+
path: string;
|
|
160
|
+
content: string;
|
|
161
|
+
language?: string;
|
|
162
|
+
}>): AnalysisResult[];
|
|
163
|
+
/**
|
|
164
|
+
* Filter issues by severity threshold
|
|
165
|
+
*/
|
|
166
|
+
private filterBySeverity;
|
|
167
|
+
/**
|
|
168
|
+
* Create analysis summary
|
|
169
|
+
*/
|
|
170
|
+
private createSummary;
|
|
171
|
+
/**
|
|
172
|
+
* Get available rules
|
|
173
|
+
*/
|
|
174
|
+
getRules(): AnalysisRule[];
|
|
175
|
+
/**
|
|
176
|
+
* Enable/disable rule
|
|
177
|
+
*/
|
|
178
|
+
setRuleEnabled(ruleId: string, enabled: boolean): void;
|
|
179
|
+
/**
|
|
180
|
+
* Add custom rule
|
|
181
|
+
*/
|
|
182
|
+
addRule(rule: AnalysisRule): void;
|
|
183
|
+
}
|
|
184
|
+
/**
|
|
185
|
+
* Create static analyzer instance
|
|
186
|
+
*/
|
|
187
|
+
export declare function createStaticAnalyzer(config?: Partial<StaticAnalyzerConfig>): StaticAnalyzer;
|
|
188
|
+
//# sourceMappingURL=static-analyzer.d.ts.map
|