@oculum/scanner 1.0.14 → 1.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/detect/ai-code/index.d.ts +6 -11
- package/dist/detect/ai-code/index.d.ts.map +1 -1
- package/dist/detect/ai-code/index.js +6 -24
- package/dist/detect/ai-code/index.js.map +1 -1
- package/dist/detect/ast-rules/agent-tools-ast.d.ts +14 -0
- package/dist/detect/ast-rules/agent-tools-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/agent-tools-ast.js +809 -0
- package/dist/detect/ast-rules/agent-tools-ast.js.map +1 -0
- package/dist/detect/ast-rules/ai-fingerprinting-ast.d.ts +14 -0
- package/dist/detect/ast-rules/ai-fingerprinting-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/ai-fingerprinting-ast.js +344 -0
- package/dist/detect/ast-rules/ai-fingerprinting-ast.js.map +1 -0
- package/dist/detect/ast-rules/auth-patterns-ast.d.ts +14 -0
- package/dist/detect/ast-rules/auth-patterns-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/auth-patterns-ast.js +280 -0
- package/dist/detect/ast-rules/auth-patterns-ast.js.map +1 -0
- package/dist/detect/ast-rules/byok-ast.d.ts +13 -0
- package/dist/detect/ast-rules/byok-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/byok-ast.js +180 -0
- package/dist/detect/ast-rules/byok-ast.js.map +1 -0
- package/dist/detect/ast-rules/child-process-ast.d.ts +13 -0
- package/dist/detect/ast-rules/child-process-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/child-process-ast.js +252 -0
- package/dist/detect/ast-rules/child-process-ast.js.map +1 -0
- package/dist/detect/ast-rules/dangerous-eval-ast.d.ts +13 -0
- package/dist/detect/ast-rules/dangerous-eval-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/dangerous-eval-ast.js +218 -0
- package/dist/detect/ast-rules/dangerous-eval-ast.js.map +1 -0
- package/dist/detect/ast-rules/data-exposure-ast.d.ts +13 -0
- package/dist/detect/ast-rules/data-exposure-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/data-exposure-ast.js +158 -0
- package/dist/detect/ast-rules/data-exposure-ast.js.map +1 -0
- package/dist/detect/ast-rules/dom-xss-ast.d.ts +14 -0
- package/dist/detect/ast-rules/dom-xss-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/dom-xss-ast.js +217 -0
- package/dist/detect/ast-rules/dom-xss-ast.js.map +1 -0
- package/dist/detect/ast-rules/endpoint-protection-ast.d.ts +13 -0
- package/dist/detect/ast-rules/endpoint-protection-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/endpoint-protection-ast.js +228 -0
- package/dist/detect/ast-rules/endpoint-protection-ast.js.map +1 -0
- package/dist/detect/ast-rules/entropy-ast.d.ts +17 -0
- package/dist/detect/ast-rules/entropy-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/entropy-ast.js +265 -0
- package/dist/detect/ast-rules/entropy-ast.js.map +1 -0
- package/dist/detect/ast-rules/flask-debug-ast.d.ts +10 -0
- package/dist/detect/ast-rules/flask-debug-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/flask-debug-ast.js +125 -0
- package/dist/detect/ast-rules/flask-debug-ast.js.map +1 -0
- package/dist/detect/ast-rules/framework-checks-ast.d.ts +13 -0
- package/dist/detect/ast-rules/framework-checks-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/framework-checks-ast.js +185 -0
- package/dist/detect/ast-rules/framework-checks-ast.js.map +1 -0
- package/dist/detect/ast-rules/helpers/call-analysis.d.ts +62 -0
- package/dist/detect/ast-rules/helpers/call-analysis.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/call-analysis.js +217 -0
- package/dist/detect/ast-rules/helpers/call-analysis.js.map +1 -0
- package/dist/detect/ast-rules/helpers/context-detection.d.ts +33 -0
- package/dist/detect/ast-rules/helpers/context-detection.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/context-detection.js +256 -0
- package/dist/detect/ast-rules/helpers/context-detection.js.map +1 -0
- package/dist/detect/ast-rules/helpers/control-flow.d.ts +40 -0
- package/dist/detect/ast-rules/helpers/control-flow.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/control-flow.js +174 -0
- package/dist/detect/ast-rules/helpers/control-flow.js.map +1 -0
- package/dist/detect/ast-rules/helpers/import-analysis.d.ts +43 -0
- package/dist/detect/ast-rules/helpers/import-analysis.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/import-analysis.js +149 -0
- package/dist/detect/ast-rules/helpers/import-analysis.js.map +1 -0
- package/dist/detect/ast-rules/helpers/index.d.ts +16 -0
- package/dist/detect/ast-rules/helpers/index.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/index.js +112 -0
- package/dist/detect/ast-rules/helpers/index.js.map +1 -0
- package/dist/detect/ast-rules/helpers/python-helpers.d.ts +215 -0
- package/dist/detect/ast-rules/helpers/python-helpers.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/python-helpers.js +935 -0
- package/dist/detect/ast-rules/helpers/python-helpers.js.map +1 -0
- package/dist/detect/ast-rules/helpers/scope-analysis.d.ts +50 -0
- package/dist/detect/ast-rules/helpers/scope-analysis.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/scope-analysis.js +194 -0
- package/dist/detect/ast-rules/helpers/scope-analysis.js.map +1 -0
- package/dist/detect/ast-rules/helpers/string-analysis.d.ts +57 -0
- package/dist/detect/ast-rules/helpers/string-analysis.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/string-analysis.js +184 -0
- package/dist/detect/ast-rules/helpers/string-analysis.js.map +1 -0
- package/dist/detect/ast-rules/helpers/type-extraction.d.ts +44 -0
- package/dist/detect/ast-rules/helpers/type-extraction.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/type-extraction.js +125 -0
- package/dist/detect/ast-rules/helpers/type-extraction.js.map +1 -0
- package/dist/detect/ast-rules/helpers/user-input.d.ts +35 -0
- package/dist/detect/ast-rules/helpers/user-input.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/user-input.js +243 -0
- package/dist/detect/ast-rules/helpers/user-input.js.map +1 -0
- package/dist/detect/ast-rules/index.d.ts +112 -0
- package/dist/detect/ast-rules/index.d.ts.map +1 -0
- package/dist/detect/ast-rules/index.js +232 -0
- package/dist/detect/ast-rules/index.js.map +1 -0
- package/dist/detect/ast-rules/json-parse-ast.d.ts +13 -0
- package/dist/detect/ast-rules/json-parse-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/json-parse-ast.js +143 -0
- package/dist/detect/ast-rules/json-parse-ast.js.map +1 -0
- package/dist/detect/ast-rules/log-injection-ast.d.ts +14 -0
- package/dist/detect/ast-rules/log-injection-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/log-injection-ast.js +235 -0
- package/dist/detect/ast-rules/log-injection-ast.js.map +1 -0
- package/dist/detect/ast-rules/logic-gates-ast.d.ts +14 -0
- package/dist/detect/ast-rules/logic-gates-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/logic-gates-ast.js +312 -0
- package/dist/detect/ast-rules/logic-gates-ast.js.map +1 -0
- package/dist/detect/ast-rules/mcp-security-ast.d.ts +14 -0
- package/dist/detect/ast-rules/mcp-security-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/mcp-security-ast.js +755 -0
- package/dist/detect/ast-rules/mcp-security-ast.js.map +1 -0
- package/dist/detect/ast-rules/model-supply-chain-ast.d.ts +13 -0
- package/dist/detect/ast-rules/model-supply-chain-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/model-supply-chain-ast.js +188 -0
- package/dist/detect/ast-rules/model-supply-chain-ast.js.map +1 -0
- package/dist/detect/ast-rules/package-hallucination-ast.d.ts +13 -0
- package/dist/detect/ast-rules/package-hallucination-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/package-hallucination-ast.js +607 -0
- package/dist/detect/ast-rules/package-hallucination-ast.js.map +1 -0
- package/dist/detect/ast-rules/prompt-hygiene-ast.d.ts +15 -0
- package/dist/detect/ast-rules/prompt-hygiene-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/prompt-hygiene-ast.js +332 -0
- package/dist/detect/ast-rules/prompt-hygiene-ast.js.map +1 -0
- package/dist/detect/ast-rules/rag-safety-ast.d.ts +18 -0
- package/dist/detect/ast-rules/rag-safety-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/rag-safety-ast.js +640 -0
- package/dist/detect/ast-rules/rag-safety-ast.js.map +1 -0
- package/dist/detect/ast-rules/request-validation-ast.d.ts +13 -0
- package/dist/detect/ast-rules/request-validation-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/request-validation-ast.js +116 -0
- package/dist/detect/ast-rules/request-validation-ast.js.map +1 -0
- package/dist/detect/ast-rules/risky-imports-ast.d.ts +14 -0
- package/dist/detect/ast-rules/risky-imports-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/risky-imports-ast.js +114 -0
- package/dist/detect/ast-rules/risky-imports-ast.js.map +1 -0
- package/dist/detect/ast-rules/schema-validation-ast.d.ts +14 -0
- package/dist/detect/ast-rules/schema-validation-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/schema-validation-ast.js +233 -0
- package/dist/detect/ast-rules/schema-validation-ast.js.map +1 -0
- package/dist/detect/ast-rules/secret-patterns-ast.d.ts +17 -0
- package/dist/detect/ast-rules/secret-patterns-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/secret-patterns-ast.js +199 -0
- package/dist/detect/ast-rules/secret-patterns-ast.js.map +1 -0
- package/dist/detect/ast-rules/security-headers-ast.d.ts +14 -0
- package/dist/detect/ast-rules/security-headers-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/security-headers-ast.js +187 -0
- package/dist/detect/ast-rules/security-headers-ast.js.map +1 -0
- package/dist/detect/ast-rules/sql-injection-ast.d.ts +17 -0
- package/dist/detect/ast-rules/sql-injection-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/sql-injection-ast.js +497 -0
- package/dist/detect/ast-rules/sql-injection-ast.js.map +1 -0
- package/dist/detect/ast-rules/ssrf-ast.d.ts +14 -0
- package/dist/detect/ast-rules/ssrf-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/ssrf-ast.js +573 -0
- package/dist/detect/ast-rules/ssrf-ast.js.map +1 -0
- package/dist/detect/ast-rules/taint-fix-templates.d.ts +18 -0
- package/dist/detect/ast-rules/taint-fix-templates.d.ts.map +1 -0
- package/dist/detect/ast-rules/taint-fix-templates.js +92 -0
- package/dist/detect/ast-rules/taint-fix-templates.js.map +1 -0
- package/dist/detect/ast-rules/taint-flow-ast.d.ts +24 -0
- package/dist/detect/ast-rules/taint-flow-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/taint-flow-ast.js +340 -0
- package/dist/detect/ast-rules/taint-flow-ast.js.map +1 -0
- package/dist/detect/ast-rules/variables-ast.d.ts +24 -0
- package/dist/detect/ast-rules/variables-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/variables-ast.js +362 -0
- package/dist/detect/ast-rules/variables-ast.js.map +1 -0
- package/dist/detect/ast-rules/weak-crypto-ast.d.ts +15 -0
- package/dist/detect/ast-rules/weak-crypto-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/weak-crypto-ast.js +406 -0
- package/dist/detect/ast-rules/weak-crypto-ast.js.map +1 -0
- package/dist/detect/ast-rules/xxe-ast.d.ts +13 -0
- package/dist/detect/ast-rules/xxe-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/xxe-ast.js +157 -0
- package/dist/detect/ast-rules/xxe-ast.js.map +1 -0
- package/dist/detect/config/agent-skill-injection.d.ts.map +1 -1
- package/dist/detect/config/agent-skill-injection.js +2 -24
- package/dist/detect/config/agent-skill-injection.js.map +1 -1
- package/dist/detect/config/index.d.ts +1 -0
- package/dist/detect/config/index.d.ts.map +1 -1
- package/dist/detect/config/index.js +3 -1
- package/dist/detect/config/index.js.map +1 -1
- package/dist/detect/config/osv-check.d.ts.map +1 -1
- package/dist/detect/config/osv-check.js +6 -1
- package/dist/detect/config/osv-check.js.map +1 -1
- package/dist/detect/config/package-check.d.ts.map +1 -1
- package/dist/detect/config/package-check.js +6 -1
- package/dist/detect/config/package-check.js.map +1 -1
- package/dist/detect/config/rules-file-backdoor.d.ts +36 -0
- package/dist/detect/config/rules-file-backdoor.d.ts.map +1 -0
- package/dist/detect/config/rules-file-backdoor.js +379 -0
- package/dist/detect/config/rules-file-backdoor.js.map +1 -0
- package/dist/detect/index.d.ts +43 -6
- package/dist/detect/index.d.ts.map +1 -1
- package/dist/detect/index.js +70 -7
- package/dist/detect/index.js.map +1 -1
- package/dist/detect/secrets/config-audit.d.ts.map +1 -1
- package/dist/detect/secrets/config-audit.js +36 -3
- package/dist/detect/secrets/config-audit.js.map +1 -1
- package/dist/detect/secrets/entropy.d.ts.map +1 -1
- package/dist/detect/secrets/entropy.js +180 -0
- package/dist/detect/secrets/entropy.js.map +1 -1
- package/dist/detect/secrets/index.d.ts +0 -2
- package/dist/detect/secrets/index.d.ts.map +1 -1
- package/dist/detect/secrets/index.js +7 -17
- package/dist/detect/secrets/index.js.map +1 -1
- package/dist/detect/structural/index.d.ts +15 -28
- package/dist/detect/structural/index.d.ts.map +1 -1
- package/dist/detect/structural/index.js +20 -497
- package/dist/detect/structural/index.js.map +1 -1
- package/dist/index.d.ts +3 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +9 -1
- package/dist/index.js.map +1 -1
- package/dist/model/auth-helper-detector.d.ts.map +1 -1
- package/dist/model/auth-helper-detector.js +2 -7
- package/dist/model/auth-helper-detector.js.map +1 -1
- package/dist/model/import-resolver.d.ts.map +1 -1
- package/dist/model/import-resolver.js +94 -0
- package/dist/model/import-resolver.js.map +1 -1
- package/dist/model/imported-auth-detector.js +8 -8
- package/dist/model/imported-auth-detector.js.map +1 -1
- package/dist/model/index.d.ts +8 -0
- package/dist/model/index.d.ts.map +1 -1
- package/dist/model/index.js +198 -73
- package/dist/model/index.js.map +1 -1
- package/dist/model/module-graph.d.ts.map +1 -1
- package/dist/model/module-graph.js +22 -9
- package/dist/model/module-graph.js.map +1 -1
- package/dist/model/project-context.d.ts +1 -1
- package/dist/model/project-context.d.ts.map +1 -1
- package/dist/model/project-context.js +34 -0
- package/dist/model/project-context.js.map +1 -1
- package/dist/model/route-auth-resolver.d.ts.map +1 -1
- package/dist/model/route-auth-resolver.js +17 -2
- package/dist/model/route-auth-resolver.js.map +1 -1
- package/dist/model/route-discovery/index.js +1 -1
- package/dist/model/route-discovery/index.js.map +1 -1
- package/dist/model/route-discovery/nextjs.js +1 -1
- package/dist/model/route-discovery/nextjs.js.map +1 -1
- package/dist/model/route-discovery/python.d.ts +6 -3
- package/dist/model/route-discovery/python.d.ts.map +1 -1
- package/dist/model/route-discovery/python.js +132 -9
- package/dist/model/route-discovery/python.js.map +1 -1
- package/dist/model/route-discovery/types.d.ts +1 -1
- package/dist/model/route-discovery/types.d.ts.map +1 -1
- package/dist/model/route-discovery/utils.d.ts +8 -0
- package/dist/model/route-discovery/utils.d.ts.map +1 -1
- package/dist/model/route-discovery/utils.js +70 -0
- package/dist/model/route-discovery/utils.js.map +1 -1
- package/dist/model/taint-types.d.ts +0 -4
- package/dist/model/taint-types.d.ts.map +1 -1
- package/dist/parse/ast.d.ts +58 -0
- package/dist/parse/ast.d.ts.map +1 -0
- package/dist/parse/ast.js +230 -0
- package/dist/parse/ast.js.map +1 -0
- package/dist/parse/call-graph.d.ts +41 -0
- package/dist/parse/call-graph.d.ts.map +1 -0
- package/dist/parse/call-graph.js +386 -0
- package/dist/parse/call-graph.js.map +1 -0
- package/dist/parse/file-classifier.d.ts +11 -0
- package/dist/parse/file-classifier.d.ts.map +1 -1
- package/dist/parse/file-classifier.js +63 -15
- package/dist/parse/file-classifier.js.map +1 -1
- package/dist/parse/node-index.d.ts +32 -0
- package/dist/parse/node-index.d.ts.map +1 -0
- package/dist/parse/node-index.js +103 -0
- package/dist/parse/node-index.js.map +1 -0
- package/dist/parse/type-extractor.d.ts +50 -0
- package/dist/parse/type-extractor.d.ts.map +1 -0
- package/dist/parse/type-extractor.js +243 -0
- package/dist/parse/type-extractor.js.map +1 -0
- package/dist/pipeline/config.d.ts +7 -1
- package/dist/pipeline/config.d.ts.map +1 -1
- package/dist/pipeline/config.js.map +1 -1
- package/dist/pipeline/index.d.ts +3 -3
- package/dist/pipeline/index.d.ts.map +1 -1
- package/dist/pipeline/index.js +192 -64
- package/dist/pipeline/index.js.map +1 -1
- package/dist/pipeline/modes/incremental.d.ts.map +1 -1
- package/dist/pipeline/modes/incremental.js +2 -7
- package/dist/pipeline/modes/incremental.js.map +1 -1
- package/dist/postprocess/dedup.d.ts +5 -2
- package/dist/postprocess/dedup.d.ts.map +1 -1
- package/dist/postprocess/dedup.js +47 -16
- package/dist/postprocess/dedup.js.map +1 -1
- package/dist/report/build-result.d.ts +9 -4
- package/dist/report/build-result.d.ts.map +1 -1
- package/dist/report/build-result.js +15 -4
- package/dist/report/build-result.js.map +1 -1
- package/dist/report/formatters/cli-terminal.d.ts +1 -1
- package/dist/report/formatters/cli-terminal.d.ts.map +1 -1
- package/dist/report/formatters/cli-terminal.js +434 -231
- package/dist/report/formatters/cli-terminal.js.map +1 -1
- package/dist/report/sanitize.d.ts +10 -0
- package/dist/report/sanitize.d.ts.map +1 -0
- package/dist/report/sanitize.js +19 -0
- package/dist/report/sanitize.js.map +1 -0
- package/dist/score/adjustments.d.ts +20 -2
- package/dist/score/adjustments.d.ts.map +1 -1
- package/dist/score/adjustments.js +108 -37
- package/dist/score/adjustments.js.map +1 -1
- package/dist/score/confidence.d.ts +6 -0
- package/dist/score/confidence.d.ts.map +1 -1
- package/dist/score/confidence.js +10 -4
- package/dist/score/confidence.js.map +1 -1
- package/dist/score/evidence.d.ts +25 -0
- package/dist/score/evidence.d.ts.map +1 -0
- package/dist/score/evidence.js +51 -0
- package/dist/score/evidence.js.map +1 -0
- package/dist/score/index.d.ts +3 -1
- package/dist/score/index.d.ts.map +1 -1
- package/dist/score/index.js +25 -50
- package/dist/score/index.js.map +1 -1
- package/dist/score/types.d.ts +5 -1
- package/dist/score/types.d.ts.map +1 -1
- package/dist/shared/category-filter.d.ts.map +1 -1
- package/dist/shared/category-filter.js +12 -0
- package/dist/shared/category-filter.js.map +1 -1
- package/dist/shared/regex-utils.d.ts +3 -0
- package/dist/shared/regex-utils.d.ts.map +1 -0
- package/dist/shared/regex-utils.js +8 -0
- package/dist/shared/regex-utils.js.map +1 -0
- package/dist/shared/registry-clients.d.ts +7 -0
- package/dist/shared/registry-clients.d.ts.map +1 -1
- package/dist/shared/registry-clients.js +94 -17
- package/dist/shared/registry-clients.js.map +1 -1
- package/dist/shared/rules/metadata.d.ts.map +1 -1
- package/dist/shared/rules/metadata.js +17 -0
- package/dist/shared/rules/metadata.js.map +1 -1
- package/dist/shared/types.d.ts +59 -15
- package/dist/shared/types.d.ts.map +1 -1
- package/dist/shared/types.js +38 -21
- package/dist/shared/types.js.map +1 -1
- package/dist/taint/async-flow.d.ts +44 -0
- package/dist/taint/async-flow.d.ts.map +1 -0
- package/dist/taint/async-flow.js +271 -0
- package/dist/taint/async-flow.js.map +1 -0
- package/dist/taint/cfg-builder.d.ts +35 -0
- package/dist/taint/cfg-builder.d.ts.map +1 -0
- package/dist/taint/cfg-builder.js +980 -0
- package/dist/taint/cfg-builder.js.map +1 -0
- package/dist/taint/cfg-types.d.ts +76 -0
- package/dist/taint/cfg-types.d.ts.map +1 -0
- package/dist/taint/cfg-types.js +13 -0
- package/dist/taint/cfg-types.js.map +1 -0
- package/dist/taint/constant-propagation.d.ts +34 -0
- package/dist/taint/constant-propagation.d.ts.map +1 -0
- package/dist/taint/constant-propagation.js +164 -0
- package/dist/taint/constant-propagation.js.map +1 -0
- package/dist/taint/cross-file-analyzer.d.ts +27 -0
- package/dist/taint/cross-file-analyzer.d.ts.map +1 -0
- package/dist/taint/cross-file-analyzer.js +99 -0
- package/dist/taint/cross-file-analyzer.js.map +1 -0
- package/dist/taint/cross-file-index.d.ts +59 -0
- package/dist/taint/cross-file-index.d.ts.map +1 -0
- package/dist/taint/cross-file-index.js +183 -0
- package/dist/taint/cross-file-index.js.map +1 -0
- package/dist/taint/def-use.d.ts +27 -0
- package/dist/taint/def-use.d.ts.map +1 -0
- package/dist/taint/def-use.js +519 -0
- package/dist/taint/def-use.js.map +1 -0
- package/dist/taint/file-analysis-cache.d.ts +47 -0
- package/dist/taint/file-analysis-cache.d.ts.map +1 -0
- package/dist/taint/file-analysis-cache.js +107 -0
- package/dist/taint/file-analysis-cache.js.map +1 -0
- package/dist/taint/framework-models.d.ts +77 -0
- package/dist/taint/framework-models.d.ts.map +1 -0
- package/dist/taint/framework-models.js +258 -0
- package/dist/taint/framework-models.js.map +1 -0
- package/dist/taint/helpers.d.ts +31 -0
- package/dist/taint/helpers.d.ts.map +1 -0
- package/dist/taint/helpers.js +130 -0
- package/dist/taint/helpers.js.map +1 -0
- package/dist/taint/index.d.ts +28 -0
- package/dist/taint/index.d.ts.map +1 -0
- package/dist/taint/index.js +77 -0
- package/dist/taint/index.js.map +1 -0
- package/dist/taint/llm-registry.d.ts +47 -0
- package/dist/taint/llm-registry.d.ts.map +1 -0
- package/dist/taint/llm-registry.js +152 -0
- package/dist/taint/llm-registry.js.map +1 -0
- package/dist/taint/llm-risk-scoring.d.ts +54 -0
- package/dist/taint/llm-risk-scoring.d.ts.map +1 -0
- package/dist/taint/llm-risk-scoring.js +376 -0
- package/dist/taint/llm-risk-scoring.js.map +1 -0
- package/dist/taint/propagation-types.d.ts +104 -0
- package/dist/taint/propagation-types.d.ts.map +1 -0
- package/dist/taint/propagation-types.js +98 -0
- package/dist/taint/propagation-types.js.map +1 -0
- package/dist/taint/propagation.d.ts +111 -0
- package/dist/taint/propagation.d.ts.map +1 -0
- package/dist/taint/propagation.js +1576 -0
- package/dist/taint/propagation.js.map +1 -0
- package/dist/taint/sanitizer-registry.d.ts +26 -0
- package/dist/taint/sanitizer-registry.d.ts.map +1 -0
- package/dist/taint/sanitizer-registry.js +422 -0
- package/dist/taint/sanitizer-registry.js.map +1 -0
- package/dist/taint/sink-classifier.d.ts +27 -0
- package/dist/taint/sink-classifier.d.ts.map +1 -0
- package/dist/taint/sink-classifier.js +1166 -0
- package/dist/taint/sink-classifier.js.map +1 -0
- package/dist/taint/source-classifier.d.ts +29 -0
- package/dist/taint/source-classifier.d.ts.map +1 -0
- package/dist/taint/source-classifier.js +814 -0
- package/dist/taint/source-classifier.js.map +1 -0
- package/dist/taint/taint-analyzer.d.ts +33 -0
- package/dist/taint/taint-analyzer.d.ts.map +1 -0
- package/dist/taint/taint-analyzer.js +88 -0
- package/dist/taint/taint-analyzer.js.map +1 -0
- package/dist/taint/taint-summary.d.ts +37 -0
- package/dist/taint/taint-summary.d.ts.map +1 -0
- package/dist/taint/taint-summary.js +293 -0
- package/dist/taint/taint-summary.js.map +1 -0
- package/dist/taint/types.d.ts +47 -0
- package/dist/taint/types.d.ts.map +1 -0
- package/dist/taint/types.js +19 -0
- package/dist/taint/types.js.map +1 -0
- package/dist/validate/clients.d.ts +2 -1
- package/dist/validate/clients.d.ts.map +1 -1
- package/dist/validate/clients.js +3 -2
- package/dist/validate/clients.js.map +1 -1
- package/dist/validate/index.d.ts +5 -6
- package/dist/validate/index.d.ts.map +1 -1
- package/dist/validate/index.js +22 -21
- package/dist/validate/index.js.map +1 -1
- package/dist/validate/prompts/modules/ai-patterns.d.ts +1 -1
- package/dist/validate/prompts/modules/ai-patterns.d.ts.map +1 -1
- package/dist/validate/prompts/modules/ai-patterns.js +16 -0
- package/dist/validate/prompts/modules/ai-patterns.js.map +1 -1
- package/dist/validate/prompts/modules/common.d.ts +1 -1
- package/dist/validate/prompts/modules/common.d.ts.map +1 -1
- package/dist/validate/prompts/modules/common.js +12 -3
- package/dist/validate/prompts/modules/common.js.map +1 -1
- package/dist/validate/providers/anthropic.d.ts +4 -4
- package/dist/validate/providers/anthropic.d.ts.map +1 -1
- package/dist/validate/providers/anthropic.js +85 -58
- package/dist/validate/providers/anthropic.js.map +1 -1
- package/dist/validate/providers/openai.d.ts +4 -4
- package/dist/validate/providers/openai.d.ts.map +1 -1
- package/dist/validate/providers/openai.js +149 -99
- package/dist/validate/providers/openai.js.map +1 -1
- package/dist/validate/request-builder.d.ts +2 -8
- package/dist/validate/request-builder.d.ts.map +1 -1
- package/dist/validate/request-builder.js +4 -34
- package/dist/validate/request-builder.js.map +1 -1
- package/dist/validate/types.d.ts +9 -0
- package/dist/validate/types.d.ts.map +1 -1
- package/dist/validate/types.js.map +1 -1
- package/dist/validate/utils/path-helpers.js +2 -2
- package/dist/validate/utils/path-helpers.js.map +1 -1
- package/dist/validate/utils/response-parser.d.ts +10 -0
- package/dist/validate/utils/response-parser.d.ts.map +1 -1
- package/dist/validate/utils/response-parser.js +21 -2
- package/dist/validate/utils/response-parser.js.map +1 -1
- package/dist/validate/utils/retry.d.ts.map +1 -1
- package/dist/validate/utils/retry.js +19 -4
- package/dist/validate/utils/retry.js.map +1 -1
- package/package.json +7 -4
- package/src/__tests__/benchmark/fixtures/layer2/ai-execution-sinks.ts +1 -1
- package/src/__tests__/benchmark/planted-benchmark.test.ts +337 -0
- package/src/__tests__/benchmark/utils/test-runner.ts +38 -4
- package/src/__tests__/category-filter.test.ts +5 -1
- package/src/__tests__/context-engine/route-discovery/python.test.ts +726 -0
- package/src/__tests__/detect/ast-rules.test.ts +1043 -0
- package/src/__tests__/detect/offline-mode.test.ts +147 -0
- package/src/__tests__/detect/python-ast-rules.test.ts +569 -0
- package/src/__tests__/detect/python-helpers.test.ts +536 -0
- package/src/__tests__/detect/python-sast-rules.test.ts +453 -0
- package/src/__tests__/detect/rules-file-backdoor-decoders.test.ts +151 -0
- package/src/__tests__/detect/rules-file-backdoor.test.ts +284 -0
- package/src/__tests__/detect/taint-fix-templates.test.ts +150 -0
- package/src/__tests__/detect/taint-path-serialization.test.ts +170 -0
- package/src/__tests__/parse/call-graph.test.ts +300 -0
- package/src/__tests__/parse/python-parser.test.ts +274 -0
- package/src/__tests__/regression/known-false-positives.test.ts +491 -9
- package/src/__tests__/regression/rules-file-backdoor.test.ts +137 -0
- package/src/__tests__/score/adjustments.test.ts +34 -16
- package/src/__tests__/score/confidence.test.ts +84 -57
- package/src/__tests__/score/evidence-scoring.test.ts +249 -0
- package/src/__tests__/score/evidence.test.ts +144 -0
- package/src/__tests__/score/scoring-integration.test.ts +56 -34
- package/src/__tests__/score/taint-adjustments.test.ts +14 -228
- package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +65 -59
- package/src/__tests__/snapshots/scan-depth.test.ts +39 -7
- package/src/__tests__/taint/async-flow.test.ts +247 -0
- package/src/__tests__/taint/cfg-builder.test.ts +835 -0
- package/src/__tests__/taint/constant-propagation.test.ts +302 -0
- package/src/__tests__/taint/cross-file-index.test.ts +683 -0
- package/src/__tests__/taint/cross-file-integration.test.ts +275 -0
- package/src/__tests__/taint/cross-file-propagation.test.ts +910 -0
- package/src/__tests__/taint/def-use.test.ts +132 -0
- package/src/__tests__/taint/field-sensitive-sinks.test.ts +179 -0
- package/src/__tests__/taint/field-sensitivity.test.ts +342 -0
- package/src/__tests__/taint/file-analysis-cache.test.ts +290 -0
- package/src/__tests__/taint/framework-models.test.ts +227 -0
- package/src/__tests__/taint/llm-flow-graph.test.ts +850 -0
- package/src/__tests__/taint/llm-risk-scoring.test.ts +439 -0
- package/src/__tests__/taint/performance-parity.test.ts +315 -0
- package/src/__tests__/taint/propagation.test.ts +621 -0
- package/src/__tests__/taint/python-cross-file.test.ts +494 -0
- package/src/__tests__/taint/python-taint.test.ts +1344 -0
- package/src/__tests__/taint/sanitizer-registry.test.ts +304 -0
- package/src/__tests__/taint/sanitizer-regression.test.ts +111 -0
- package/src/__tests__/taint/sink-classifier.test.ts +537 -0
- package/src/__tests__/taint/source-classifier.test.ts +367 -0
- package/src/__tests__/taint/taint-pipeline.test.ts +418 -0
- package/src/__tests__/taint/taint-smoke.test.ts +400 -0
- package/src/__tests__/taint/taint-summary.test.ts +472 -0
- package/src/detect/ai-code/index.ts +6 -11
- package/src/detect/ast-rules/agent-tools-ast.ts +861 -0
- package/src/detect/ast-rules/ai-fingerprinting-ast.ts +451 -0
- package/src/detect/ast-rules/auth-patterns-ast.ts +304 -0
- package/src/detect/ast-rules/byok-ast.ts +195 -0
- package/src/detect/ast-rules/child-process-ast.ts +276 -0
- package/src/detect/ast-rules/dangerous-eval-ast.ts +227 -0
- package/src/detect/ast-rules/data-exposure-ast.ts +162 -0
- package/src/detect/ast-rules/dom-xss-ast.ts +260 -0
- package/src/detect/ast-rules/endpoint-protection-ast.ts +231 -0
- package/src/detect/ast-rules/entropy-ast.ts +268 -0
- package/src/detect/ast-rules/flask-debug-ast.ts +148 -0
- package/src/detect/ast-rules/framework-checks-ast.ts +200 -0
- package/src/detect/ast-rules/helpers/call-analysis.ts +256 -0
- package/src/detect/ast-rules/helpers/context-detection.ts +277 -0
- package/src/detect/ast-rules/helpers/control-flow.ts +179 -0
- package/src/detect/ast-rules/helpers/import-analysis.ts +185 -0
- package/src/detect/ast-rules/helpers/index.ts +133 -0
- package/src/detect/ast-rules/helpers/python-helpers.ts +1054 -0
- package/src/detect/ast-rules/helpers/scope-analysis.ts +224 -0
- package/src/detect/ast-rules/helpers/string-analysis.ts +215 -0
- package/src/detect/ast-rules/helpers/type-extraction.ts +138 -0
- package/src/detect/ast-rules/helpers/user-input.ts +256 -0
- package/src/detect/ast-rules/index.ts +311 -0
- package/src/detect/ast-rules/json-parse-ast.ts +162 -0
- package/src/detect/ast-rules/log-injection-ast.ts +243 -0
- package/src/detect/ast-rules/logic-gates-ast.ts +343 -0
- package/src/detect/ast-rules/mcp-security-ast.ts +808 -0
- package/src/detect/ast-rules/model-supply-chain-ast.ts +202 -0
- package/src/detect/ast-rules/package-hallucination-ast.ts +664 -0
- package/src/detect/ast-rules/prompt-hygiene-ast.ts +329 -0
- package/src/detect/ast-rules/rag-safety-ast.ts +689 -0
- package/src/detect/ast-rules/request-validation-ast.ts +122 -0
- package/src/detect/ast-rules/risky-imports-ast.ts +133 -0
- package/src/detect/ast-rules/schema-validation-ast.ts +244 -0
- package/src/detect/ast-rules/secret-patterns-ast.ts +223 -0
- package/src/detect/ast-rules/security-headers-ast.ts +206 -0
- package/src/detect/ast-rules/sql-injection-ast.ts +614 -0
- package/src/detect/ast-rules/ssrf-ast.ts +601 -0
- package/src/detect/ast-rules/taint-fix-templates.ts +108 -0
- package/src/detect/ast-rules/taint-flow-ast.ts +416 -0
- package/src/detect/ast-rules/variables-ast.ts +446 -0
- package/src/detect/ast-rules/weak-crypto-ast.ts +441 -0
- package/src/detect/ast-rules/xxe-ast.ts +184 -0
- package/src/detect/config/agent-skill-injection.ts +2 -24
- package/src/detect/config/index.ts +1 -0
- package/src/detect/config/osv-check.ts +6 -1
- package/src/detect/config/package-check.ts +6 -1
- package/src/detect/config/rules-file-backdoor.ts +438 -0
- package/src/detect/index.ts +146 -52
- package/src/detect/secrets/config-audit.ts +37 -3
- package/src/detect/secrets/entropy.ts +195 -0
- package/src/detect/secrets/index.ts +7 -16
- package/src/detect/structural/index.ts +23 -566
- package/src/index.ts +7 -0
- package/src/model/auth-helper-detector.ts +1 -7
- package/src/model/import-resolver.ts +104 -0
- package/src/model/imported-auth-detector.ts +1 -1
- package/src/model/index.ts +240 -80
- package/src/model/module-graph.ts +17 -5
- package/src/model/project-context.ts +28 -1
- package/src/model/route-auth-resolver.ts +18 -3
- package/src/model/route-discovery/index.ts +1 -1
- package/src/model/route-discovery/nextjs.ts +1 -1
- package/src/model/route-discovery/python.ts +156 -9
- package/src/model/route-discovery/types.ts +1 -1
- package/src/model/route-discovery/utils.ts +73 -0
- package/src/model/taint-types.ts +1 -6
- package/src/parse/ast.ts +271 -0
- package/src/parse/call-graph.ts +419 -0
- package/src/parse/file-classifier.ts +69 -15
- package/src/parse/node-index.ts +118 -0
- package/src/parse/type-extractor.ts +293 -0
- package/src/pipeline/config.ts +7 -0
- package/src/pipeline/index.ts +464 -199
- package/src/pipeline/modes/incremental.ts +1 -7
- package/src/postprocess/dedup.ts +48 -17
- package/src/report/build-result.ts +57 -29
- package/src/report/formatters/cli-terminal.ts +731 -415
- package/src/report/sanitize.ts +27 -0
- package/src/score/adjustments.ts +113 -40
- package/src/score/confidence.ts +10 -5
- package/src/score/evidence.ts +55 -0
- package/src/score/index.ts +27 -55
- package/src/score/types.ts +4 -0
- package/src/shared/category-filter.ts +12 -0
- package/src/shared/regex-utils.ts +4 -0
- package/src/shared/registry-clients.ts +106 -18
- package/src/shared/rules/__tests__/metadata.test.ts +5 -1
- package/src/shared/rules/metadata.ts +19 -0
- package/src/shared/types.ts +372 -253
- package/src/taint/async-flow.ts +301 -0
- package/src/taint/cfg-builder.ts +1127 -0
- package/src/taint/cfg-types.ts +110 -0
- package/src/taint/constant-propagation.ts +170 -0
- package/src/taint/cross-file-analyzer.ts +118 -0
- package/src/taint/cross-file-index.ts +275 -0
- package/src/taint/def-use.ts +556 -0
- package/src/taint/file-analysis-cache.ts +145 -0
- package/src/taint/framework-models.ts +313 -0
- package/src/taint/helpers.ts +138 -0
- package/src/taint/index.ts +71 -0
- package/src/taint/llm-registry.ts +174 -0
- package/src/taint/llm-risk-scoring.ts +412 -0
- package/src/taint/propagation-types.ts +188 -0
- package/src/taint/propagation.ts +1750 -0
- package/src/taint/sanitizer-registry.ts +490 -0
- package/src/taint/sink-classifier.ts +1402 -0
- package/src/taint/source-classifier.ts +859 -0
- package/src/taint/taint-analyzer.ts +112 -0
- package/src/taint/taint-summary.ts +341 -0
- package/src/taint/types.ts +86 -0
- package/src/validate/clients.ts +3 -2
- package/src/validate/index.ts +89 -53
- package/src/validate/prompts/modules/ai-patterns.ts +16 -0
- package/src/validate/prompts/modules/common.ts +12 -3
- package/src/validate/providers/anthropic.ts +254 -148
- package/src/validate/providers/openai.ts +363 -218
- package/src/validate/request-builder.ts +2 -45
- package/src/validate/types.ts +9 -0
- package/src/validate/utils/path-helpers.ts +2 -2
- package/src/validate/utils/response-parser.ts +32 -3
- package/src/validate/utils/retry.ts +19 -4
- package/dist/ai-context/index.d.ts +0 -6
- package/dist/ai-context/index.d.ts.map +0 -1
- package/dist/ai-context/index.js +0 -13
- package/dist/ai-context/index.js.map +0 -1
- package/dist/ai-context/manager.d.ts +0 -67
- package/dist/ai-context/manager.d.ts.map +0 -1
- package/dist/ai-context/manager.js +0 -104
- package/dist/ai-context/manager.js.map +0 -1
- package/dist/baseline/diff.d.ts +0 -32
- package/dist/baseline/diff.d.ts.map +0 -1
- package/dist/baseline/diff.js +0 -119
- package/dist/baseline/diff.js.map +0 -1
- package/dist/baseline/index.d.ts +0 -9
- package/dist/baseline/index.d.ts.map +0 -1
- package/dist/baseline/index.js +0 -19
- package/dist/baseline/index.js.map +0 -1
- package/dist/baseline/manager.d.ts +0 -67
- package/dist/baseline/manager.d.ts.map +0 -1
- package/dist/baseline/manager.js +0 -180
- package/dist/baseline/manager.js.map +0 -1
- package/dist/baseline/types.d.ts +0 -91
- package/dist/baseline/types.d.ts.map +0 -1
- package/dist/baseline/types.js +0 -12
- package/dist/baseline/types.js.map +0 -1
- package/dist/category-filter.d.ts +0 -125
- package/dist/category-filter.d.ts.map +0 -1
- package/dist/category-filter.js +0 -360
- package/dist/category-filter.js.map +0 -1
- package/dist/detect/ai-code/agent-tools.d.ts +0 -22
- package/dist/detect/ai-code/agent-tools.d.ts.map +0 -1
- package/dist/detect/ai-code/agent-tools.js +0 -1509
- package/dist/detect/ai-code/agent-tools.js.map +0 -1
- package/dist/detect/ai-code/byok-patterns.d.ts +0 -15
- package/dist/detect/ai-code/byok-patterns.d.ts.map +0 -1
- package/dist/detect/ai-code/byok-patterns.js +0 -313
- package/dist/detect/ai-code/byok-patterns.js.map +0 -1
- package/dist/detect/ai-code/endpoint-protection.d.ts +0 -38
- package/dist/detect/ai-code/endpoint-protection.d.ts.map +0 -1
- package/dist/detect/ai-code/endpoint-protection.js +0 -349
- package/dist/detect/ai-code/endpoint-protection.js.map +0 -1
- package/dist/detect/ai-code/execution-sinks.d.ts +0 -21
- package/dist/detect/ai-code/execution-sinks.d.ts.map +0 -1
- package/dist/detect/ai-code/execution-sinks.js +0 -1158
- package/dist/detect/ai-code/execution-sinks.js.map +0 -1
- package/dist/detect/ai-code/fingerprinting.d.ts +0 -10
- package/dist/detect/ai-code/fingerprinting.d.ts.map +0 -1
- package/dist/detect/ai-code/fingerprinting.js +0 -665
- package/dist/detect/ai-code/fingerprinting.js.map +0 -1
- package/dist/detect/ai-code/mcp-security.d.ts +0 -20
- package/dist/detect/ai-code/mcp-security.d.ts.map +0 -1
- package/dist/detect/ai-code/mcp-security.js +0 -880
- package/dist/detect/ai-code/mcp-security.js.map +0 -1
- package/dist/detect/ai-code/model-supply-chain.d.ts +0 -23
- package/dist/detect/ai-code/model-supply-chain.d.ts.map +0 -1
- package/dist/detect/ai-code/model-supply-chain.js +0 -447
- package/dist/detect/ai-code/model-supply-chain.js.map +0 -1
- package/dist/detect/ai-code/package-hallucination.d.ts +0 -22
- package/dist/detect/ai-code/package-hallucination.d.ts.map +0 -1
- package/dist/detect/ai-code/package-hallucination.js +0 -841
- package/dist/detect/ai-code/package-hallucination.js.map +0 -1
- package/dist/detect/ai-code/prompt-hygiene.d.ts +0 -22
- package/dist/detect/ai-code/prompt-hygiene.d.ts.map +0 -1
- package/dist/detect/ai-code/prompt-hygiene.js +0 -1177
- package/dist/detect/ai-code/prompt-hygiene.js.map +0 -1
- package/dist/detect/ai-code/rag-safety.d.ts +0 -24
- package/dist/detect/ai-code/rag-safety.d.ts.map +0 -1
- package/dist/detect/ai-code/rag-safety.js +0 -913
- package/dist/detect/ai-code/rag-safety.js.map +0 -1
- package/dist/detect/ai-code/schema-validation.d.ts +0 -28
- package/dist/detect/ai-code/schema-validation.d.ts.map +0 -1
- package/dist/detect/ai-code/schema-validation.js +0 -378
- package/dist/detect/ai-code/schema-validation.js.map +0 -1
- package/dist/detect/secrets/patterns.d.ts +0 -11
- package/dist/detect/secrets/patterns.d.ts.map +0 -1
- package/dist/detect/secrets/patterns.js +0 -518
- package/dist/detect/secrets/patterns.js.map +0 -1
- package/dist/detect/secrets/weak-crypto.d.ts +0 -10
- package/dist/detect/secrets/weak-crypto.d.ts.map +0 -1
- package/dist/detect/secrets/weak-crypto.js +0 -432
- package/dist/detect/secrets/weak-crypto.js.map +0 -1
- package/dist/detect/structural/auth-patterns.d.ts +0 -22
- package/dist/detect/structural/auth-patterns.d.ts.map +0 -1
- package/dist/detect/structural/auth-patterns.js +0 -533
- package/dist/detect/structural/auth-patterns.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/child-process.d.ts +0 -16
- package/dist/detect/structural/dangerous-functions/child-process.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/child-process.js +0 -74
- package/dist/detect/structural/dangerous-functions/child-process.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/dom-xss.d.ts +0 -34
- package/dist/detect/structural/dangerous-functions/dom-xss.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/dom-xss.js +0 -230
- package/dist/detect/structural/dangerous-functions/dom-xss.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/index.d.ts +0 -16
- package/dist/detect/structural/dangerous-functions/index.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/index.js +0 -1193
- package/dist/detect/structural/dangerous-functions/index.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/json-parse.d.ts +0 -31
- package/dist/detect/structural/dangerous-functions/json-parse.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/json-parse.js +0 -326
- package/dist/detect/structural/dangerous-functions/json-parse.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/math-random.d.ts +0 -111
- package/dist/detect/structural/dangerous-functions/math-random.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/math-random.js +0 -684
- package/dist/detect/structural/dangerous-functions/math-random.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/patterns.d.ts +0 -21
- package/dist/detect/structural/dangerous-functions/patterns.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/patterns.js +0 -163
- package/dist/detect/structural/dangerous-functions/patterns.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/request-validation.d.ts +0 -13
- package/dist/detect/structural/dangerous-functions/request-validation.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/request-validation.js +0 -126
- package/dist/detect/structural/dangerous-functions/request-validation.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts +0 -24
- package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/utils/control-flow.js +0 -70
- package/dist/detect/structural/dangerous-functions/utils/control-flow.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts +0 -31
- package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/utils/helpers.js +0 -147
- package/dist/detect/structural/dangerous-functions/utils/helpers.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/utils/index.d.ts +0 -9
- package/dist/detect/structural/dangerous-functions/utils/index.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/utils/index.js +0 -23
- package/dist/detect/structural/dangerous-functions/utils/index.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts +0 -22
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.js +0 -102
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.js.map +0 -1
- package/dist/detect/structural/data-exposure.d.ts +0 -19
- package/dist/detect/structural/data-exposure.d.ts.map +0 -1
- package/dist/detect/structural/data-exposure.js +0 -262
- package/dist/detect/structural/data-exposure.js.map +0 -1
- package/dist/detect/structural/framework-checks.d.ts +0 -10
- package/dist/detect/structural/framework-checks.d.ts.map +0 -1
- package/dist/detect/structural/framework-checks.js +0 -389
- package/dist/detect/structural/framework-checks.js.map +0 -1
- package/dist/detect/structural/log-injection.d.ts +0 -18
- package/dist/detect/structural/log-injection.d.ts.map +0 -1
- package/dist/detect/structural/log-injection.js +0 -217
- package/dist/detect/structural/log-injection.js.map +0 -1
- package/dist/detect/structural/logic-gates.d.ts +0 -10
- package/dist/detect/structural/logic-gates.d.ts.map +0 -1
- package/dist/detect/structural/logic-gates.js +0 -227
- package/dist/detect/structural/logic-gates.js.map +0 -1
- package/dist/detect/structural/risky-imports.d.ts +0 -10
- package/dist/detect/structural/risky-imports.d.ts.map +0 -1
- package/dist/detect/structural/risky-imports.js +0 -168
- package/dist/detect/structural/risky-imports.js.map +0 -1
- package/dist/detect/structural/security-headers.d.ts +0 -18
- package/dist/detect/structural/security-headers.d.ts.map +0 -1
- package/dist/detect/structural/security-headers.js +0 -196
- package/dist/detect/structural/security-headers.js.map +0 -1
- package/dist/detect/structural/ssrf-detection.d.ts +0 -18
- package/dist/detect/structural/ssrf-detection.d.ts.map +0 -1
- package/dist/detect/structural/ssrf-detection.js +0 -263
- package/dist/detect/structural/ssrf-detection.js.map +0 -1
- package/dist/detect/structural/variables.d.ts +0 -11
- package/dist/detect/structural/variables.d.ts.map +0 -1
- package/dist/detect/structural/variables.js +0 -159
- package/dist/detect/structural/variables.js.map +0 -1
- package/dist/detect/structural/xxe-detection.d.ts +0 -18
- package/dist/detect/structural/xxe-detection.d.ts.map +0 -1
- package/dist/detect/structural/xxe-detection.js +0 -245
- package/dist/detect/structural/xxe-detection.js.map +0 -1
- package/dist/filtering/context-adjustments.d.ts +0 -23
- package/dist/filtering/context-adjustments.d.ts.map +0 -1
- package/dist/filtering/context-adjustments.js +0 -100
- package/dist/filtering/context-adjustments.js.map +0 -1
- package/dist/filtering/index.d.ts +0 -3
- package/dist/filtering/index.d.ts.map +0 -1
- package/dist/filtering/index.js +0 -8
- package/dist/filtering/index.js.map +0 -1
- package/dist/filtering/pipeline.d.ts +0 -48
- package/dist/filtering/pipeline.d.ts.map +0 -1
- package/dist/filtering/pipeline.js +0 -76
- package/dist/filtering/pipeline.js.map +0 -1
- package/dist/formatters/ai-context.d.ts +0 -23
- package/dist/formatters/ai-context.d.ts.map +0 -1
- package/dist/formatters/ai-context.js +0 -238
- package/dist/formatters/ai-context.js.map +0 -1
- package/dist/formatters/cli-terminal.d.ts +0 -65
- package/dist/formatters/cli-terminal.d.ts.map +0 -1
- package/dist/formatters/cli-terminal.js +0 -735
- package/dist/formatters/cli-terminal.js.map +0 -1
- package/dist/formatters/github-comment.d.ts +0 -41
- package/dist/formatters/github-comment.d.ts.map +0 -1
- package/dist/formatters/github-comment.js +0 -370
- package/dist/formatters/github-comment.js.map +0 -1
- package/dist/formatters/grouping.d.ts +0 -52
- package/dist/formatters/grouping.d.ts.map +0 -1
- package/dist/formatters/grouping.js +0 -152
- package/dist/formatters/grouping.js.map +0 -1
- package/dist/formatters/ide/claude-code.d.ts +0 -17
- package/dist/formatters/ide/claude-code.d.ts.map +0 -1
- package/dist/formatters/ide/claude-code.js +0 -94
- package/dist/formatters/ide/claude-code.js.map +0 -1
- package/dist/formatters/ide/cursor.d.ts +0 -13
- package/dist/formatters/ide/cursor.d.ts.map +0 -1
- package/dist/formatters/ide/cursor.js +0 -125
- package/dist/formatters/ide/cursor.js.map +0 -1
- package/dist/formatters/ide/index.d.ts +0 -62
- package/dist/formatters/ide/index.d.ts.map +0 -1
- package/dist/formatters/ide/index.js +0 -184
- package/dist/formatters/ide/index.js.map +0 -1
- package/dist/formatters/ide/windsurf.d.ts +0 -13
- package/dist/formatters/ide/windsurf.d.ts.map +0 -1
- package/dist/formatters/ide/windsurf.js +0 -117
- package/dist/formatters/ide/windsurf.js.map +0 -1
- package/dist/formatters/index.d.ts +0 -11
- package/dist/formatters/index.d.ts.map +0 -1
- package/dist/formatters/index.js +0 -54
- package/dist/formatters/index.js.map +0 -1
- package/dist/formatters/vscode-diagnostic.d.ts +0 -103
- package/dist/formatters/vscode-diagnostic.d.ts.map +0 -1
- package/dist/formatters/vscode-diagnostic.js +0 -151
- package/dist/formatters/vscode-diagnostic.js.map +0 -1
- package/dist/layer1/comments.d.ts +0 -11
- package/dist/layer1/comments.d.ts.map +0 -1
- package/dist/layer1/comments.js +0 -203
- package/dist/layer1/comments.js.map +0 -1
- package/dist/layer1/config-audit.d.ts +0 -11
- package/dist/layer1/config-audit.d.ts.map +0 -1
- package/dist/layer1/config-audit.js +0 -311
- package/dist/layer1/config-audit.js.map +0 -1
- package/dist/layer1/config-mcp-audit.d.ts +0 -23
- package/dist/layer1/config-mcp-audit.d.ts.map +0 -1
- package/dist/layer1/config-mcp-audit.js +0 -239
- package/dist/layer1/config-mcp-audit.js.map +0 -1
- package/dist/layer1/entropy.d.ts +0 -11
- package/dist/layer1/entropy.d.ts.map +0 -1
- package/dist/layer1/entropy.js +0 -741
- package/dist/layer1/entropy.js.map +0 -1
- package/dist/layer1/file-flags.d.ts +0 -10
- package/dist/layer1/file-flags.d.ts.map +0 -1
- package/dist/layer1/file-flags.js +0 -119
- package/dist/layer1/file-flags.js.map +0 -1
- package/dist/layer1/index.d.ts +0 -38
- package/dist/layer1/index.d.ts.map +0 -1
- package/dist/layer1/index.js +0 -170
- package/dist/layer1/index.js.map +0 -1
- package/dist/layer1/patterns.d.ts +0 -11
- package/dist/layer1/patterns.d.ts.map +0 -1
- package/dist/layer1/patterns.js +0 -512
- package/dist/layer1/patterns.js.map +0 -1
- package/dist/layer1/urls.d.ts +0 -11
- package/dist/layer1/urls.d.ts.map +0 -1
- package/dist/layer1/urls.js +0 -444
- package/dist/layer1/urls.js.map +0 -1
- package/dist/layer1/weak-crypto.d.ts +0 -10
- package/dist/layer1/weak-crypto.d.ts.map +0 -1
- package/dist/layer1/weak-crypto.js +0 -428
- package/dist/layer1/weak-crypto.js.map +0 -1
- package/dist/layer2/ai-agent-tools.d.ts +0 -22
- package/dist/layer2/ai-agent-tools.d.ts.map +0 -1
- package/dist/layer2/ai-agent-tools.js +0 -1490
- package/dist/layer2/ai-agent-tools.js.map +0 -1
- package/dist/layer2/ai-endpoint-protection.d.ts +0 -38
- package/dist/layer2/ai-endpoint-protection.d.ts.map +0 -1
- package/dist/layer2/ai-endpoint-protection.js +0 -346
- package/dist/layer2/ai-endpoint-protection.js.map +0 -1
- package/dist/layer2/ai-execution-sinks.d.ts +0 -21
- package/dist/layer2/ai-execution-sinks.d.ts.map +0 -1
- package/dist/layer2/ai-execution-sinks.js +0 -1155
- package/dist/layer2/ai-execution-sinks.js.map +0 -1
- package/dist/layer2/ai-fingerprinting.d.ts +0 -10
- package/dist/layer2/ai-fingerprinting.d.ts.map +0 -1
- package/dist/layer2/ai-fingerprinting.js +0 -650
- package/dist/layer2/ai-fingerprinting.js.map +0 -1
- package/dist/layer2/ai-mcp-security.d.ts +0 -20
- package/dist/layer2/ai-mcp-security.d.ts.map +0 -1
- package/dist/layer2/ai-mcp-security.js +0 -877
- package/dist/layer2/ai-mcp-security.js.map +0 -1
- package/dist/layer2/ai-package-hallucination.d.ts +0 -22
- package/dist/layer2/ai-package-hallucination.d.ts.map +0 -1
- package/dist/layer2/ai-package-hallucination.js +0 -828
- package/dist/layer2/ai-package-hallucination.js.map +0 -1
- package/dist/layer2/ai-prompt-hygiene.d.ts +0 -22
- package/dist/layer2/ai-prompt-hygiene.d.ts.map +0 -1
- package/dist/layer2/ai-prompt-hygiene.js +0 -1156
- package/dist/layer2/ai-prompt-hygiene.js.map +0 -1
- package/dist/layer2/ai-rag-safety.d.ts +0 -24
- package/dist/layer2/ai-rag-safety.d.ts.map +0 -1
- package/dist/layer2/ai-rag-safety.js +0 -910
- package/dist/layer2/ai-rag-safety.js.map +0 -1
- package/dist/layer2/ai-schema-validation.d.ts +0 -28
- package/dist/layer2/ai-schema-validation.d.ts.map +0 -1
- package/dist/layer2/ai-schema-validation.js +0 -375
- package/dist/layer2/ai-schema-validation.js.map +0 -1
- package/dist/layer2/auth-antipatterns.d.ts +0 -22
- package/dist/layer2/auth-antipatterns.d.ts.map +0 -1
- package/dist/layer2/auth-antipatterns.js +0 -522
- package/dist/layer2/auth-antipatterns.js.map +0 -1
- package/dist/layer2/byok-patterns.d.ts +0 -15
- package/dist/layer2/byok-patterns.d.ts.map +0 -1
- package/dist/layer2/byok-patterns.js +0 -302
- package/dist/layer2/byok-patterns.js.map +0 -1
- package/dist/layer2/dangerous-functions/child-process.d.ts +0 -16
- package/dist/layer2/dangerous-functions/child-process.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/child-process.js +0 -74
- package/dist/layer2/dangerous-functions/child-process.js.map +0 -1
- package/dist/layer2/dangerous-functions/dom-xss.d.ts +0 -34
- package/dist/layer2/dangerous-functions/dom-xss.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/dom-xss.js +0 -230
- package/dist/layer2/dangerous-functions/dom-xss.js.map +0 -1
- package/dist/layer2/dangerous-functions/index.d.ts +0 -16
- package/dist/layer2/dangerous-functions/index.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/index.js +0 -1152
- package/dist/layer2/dangerous-functions/index.js.map +0 -1
- package/dist/layer2/dangerous-functions/json-parse.d.ts +0 -31
- package/dist/layer2/dangerous-functions/json-parse.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/json-parse.js +0 -319
- package/dist/layer2/dangerous-functions/json-parse.js.map +0 -1
- package/dist/layer2/dangerous-functions/math-random.d.ts +0 -111
- package/dist/layer2/dangerous-functions/math-random.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/math-random.js +0 -684
- package/dist/layer2/dangerous-functions/math-random.js.map +0 -1
- package/dist/layer2/dangerous-functions/patterns.d.ts +0 -21
- package/dist/layer2/dangerous-functions/patterns.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/patterns.js +0 -163
- package/dist/layer2/dangerous-functions/patterns.js.map +0 -1
- package/dist/layer2/dangerous-functions/request-validation.d.ts +0 -13
- package/dist/layer2/dangerous-functions/request-validation.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/request-validation.js +0 -119
- package/dist/layer2/dangerous-functions/request-validation.js.map +0 -1
- package/dist/layer2/dangerous-functions/utils/control-flow.d.ts +0 -24
- package/dist/layer2/dangerous-functions/utils/control-flow.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/utils/control-flow.js +0 -70
- package/dist/layer2/dangerous-functions/utils/control-flow.js.map +0 -1
- package/dist/layer2/dangerous-functions/utils/helpers.d.ts +0 -31
- package/dist/layer2/dangerous-functions/utils/helpers.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/utils/helpers.js +0 -147
- package/dist/layer2/dangerous-functions/utils/helpers.js.map +0 -1
- package/dist/layer2/dangerous-functions/utils/index.d.ts +0 -9
- package/dist/layer2/dangerous-functions/utils/index.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/utils/index.js +0 -23
- package/dist/layer2/dangerous-functions/utils/index.js.map +0 -1
- package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts +0 -22
- package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/utils/schema-validation.js +0 -102
- package/dist/layer2/dangerous-functions/utils/schema-validation.js.map +0 -1
- package/dist/layer2/data-exposure.d.ts +0 -19
- package/dist/layer2/data-exposure.d.ts.map +0 -1
- package/dist/layer2/data-exposure.js +0 -255
- package/dist/layer2/data-exposure.js.map +0 -1
- package/dist/layer2/framework-checks.d.ts +0 -10
- package/dist/layer2/framework-checks.d.ts.map +0 -1
- package/dist/layer2/framework-checks.js +0 -384
- package/dist/layer2/framework-checks.js.map +0 -1
- package/dist/layer2/index.d.ts +0 -74
- package/dist/layer2/index.d.ts.map +0 -1
- package/dist/layer2/index.js +0 -544
- package/dist/layer2/index.js.map +0 -1
- package/dist/layer2/log-injection.d.ts +0 -18
- package/dist/layer2/log-injection.d.ts.map +0 -1
- package/dist/layer2/log-injection.js +0 -214
- package/dist/layer2/log-injection.js.map +0 -1
- package/dist/layer2/logic-gates.d.ts +0 -10
- package/dist/layer2/logic-gates.d.ts.map +0 -1
- package/dist/layer2/logic-gates.js +0 -220
- package/dist/layer2/logic-gates.js.map +0 -1
- package/dist/layer2/model-supply-chain.d.ts +0 -23
- package/dist/layer2/model-supply-chain.d.ts.map +0 -1
- package/dist/layer2/model-supply-chain.js +0 -444
- package/dist/layer2/model-supply-chain.js.map +0 -1
- package/dist/layer2/risky-imports.d.ts +0 -10
- package/dist/layer2/risky-imports.d.ts.map +0 -1
- package/dist/layer2/risky-imports.js +0 -165
- package/dist/layer2/risky-imports.js.map +0 -1
- package/dist/layer2/security-headers.d.ts +0 -18
- package/dist/layer2/security-headers.d.ts.map +0 -1
- package/dist/layer2/security-headers.js +0 -187
- package/dist/layer2/security-headers.js.map +0 -1
- package/dist/layer2/ssrf-detection.d.ts +0 -18
- package/dist/layer2/ssrf-detection.d.ts.map +0 -1
- package/dist/layer2/ssrf-detection.js +0 -252
- package/dist/layer2/ssrf-detection.js.map +0 -1
- package/dist/layer2/variables.d.ts +0 -11
- package/dist/layer2/variables.d.ts.map +0 -1
- package/dist/layer2/variables.js +0 -156
- package/dist/layer2/variables.js.map +0 -1
- package/dist/layer2/xxe-detection.d.ts +0 -18
- package/dist/layer2/xxe-detection.d.ts.map +0 -1
- package/dist/layer2/xxe-detection.js +0 -242
- package/dist/layer2/xxe-detection.js.map +0 -1
- package/dist/layer3/anthropic/auto-dismiss.d.ts +0 -24
- package/dist/layer3/anthropic/auto-dismiss.d.ts.map +0 -1
- package/dist/layer3/anthropic/auto-dismiss.js +0 -199
- package/dist/layer3/anthropic/auto-dismiss.js.map +0 -1
- package/dist/layer3/anthropic/clients.d.ts +0 -44
- package/dist/layer3/anthropic/clients.d.ts.map +0 -1
- package/dist/layer3/anthropic/clients.js +0 -81
- package/dist/layer3/anthropic/clients.js.map +0 -1
- package/dist/layer3/anthropic/index.d.ts +0 -41
- package/dist/layer3/anthropic/index.d.ts.map +0 -1
- package/dist/layer3/anthropic/index.js +0 -141
- package/dist/layer3/anthropic/index.js.map +0 -1
- package/dist/layer3/anthropic/prompts/index.d.ts +0 -8
- package/dist/layer3/anthropic/prompts/index.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/index.js +0 -16
- package/dist/layer3/anthropic/prompts/index.js.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts +0 -19
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.js +0 -156
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.js.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts +0 -9
- package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/auth-access.js +0 -25
- package/dist/layer3/anthropic/prompts/modules/auth-access.js.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/common.d.ts +0 -11
- package/dist/layer3/anthropic/prompts/modules/common.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/common.js +0 -152
- package/dist/layer3/anthropic/prompts/modules/common.js.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/index.d.ts +0 -54
- package/dist/layer3/anthropic/prompts/modules/index.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/index.js +0 -185
- package/dist/layer3/anthropic/prompts/modules/index.js.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts +0 -8
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.js +0 -84
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.js.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts +0 -8
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js +0 -68
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts +0 -8
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.js +0 -22
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.js.map +0 -1
- package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts +0 -15
- package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/semantic-analysis.js +0 -169
- package/dist/layer3/anthropic/prompts/semantic-analysis.js.map +0 -1
- package/dist/layer3/anthropic/prompts/validation.d.ts +0 -18
- package/dist/layer3/anthropic/prompts/validation.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/validation.js +0 -25
- package/dist/layer3/anthropic/prompts/validation.js.map +0 -1
- package/dist/layer3/anthropic/providers/anthropic.d.ts +0 -21
- package/dist/layer3/anthropic/providers/anthropic.d.ts.map +0 -1
- package/dist/layer3/anthropic/providers/anthropic.js +0 -269
- package/dist/layer3/anthropic/providers/anthropic.js.map +0 -1
- package/dist/layer3/anthropic/providers/index.d.ts +0 -8
- package/dist/layer3/anthropic/providers/index.d.ts.map +0 -1
- package/dist/layer3/anthropic/providers/index.js +0 -15
- package/dist/layer3/anthropic/providers/index.js.map +0 -1
- package/dist/layer3/anthropic/providers/openai.d.ts +0 -18
- package/dist/layer3/anthropic/providers/openai.d.ts.map +0 -1
- package/dist/layer3/anthropic/providers/openai.js +0 -343
- package/dist/layer3/anthropic/providers/openai.js.map +0 -1
- package/dist/layer3/anthropic/request-builder.d.ts +0 -27
- package/dist/layer3/anthropic/request-builder.d.ts.map +0 -1
- package/dist/layer3/anthropic/request-builder.js +0 -150
- package/dist/layer3/anthropic/request-builder.js.map +0 -1
- package/dist/layer3/anthropic/types.d.ts +0 -88
- package/dist/layer3/anthropic/types.d.ts.map +0 -1
- package/dist/layer3/anthropic/types.js +0 -38
- package/dist/layer3/anthropic/types.js.map +0 -1
- package/dist/layer3/anthropic/utils/context-extractor.d.ts +0 -55
- package/dist/layer3/anthropic/utils/context-extractor.d.ts.map +0 -1
- package/dist/layer3/anthropic/utils/context-extractor.js +0 -161
- package/dist/layer3/anthropic/utils/context-extractor.js.map +0 -1
- package/dist/layer3/anthropic/utils/index.d.ts +0 -11
- package/dist/layer3/anthropic/utils/index.d.ts.map +0 -1
- package/dist/layer3/anthropic/utils/index.js +0 -27
- package/dist/layer3/anthropic/utils/index.js.map +0 -1
- package/dist/layer3/anthropic/utils/path-helpers.d.ts +0 -21
- package/dist/layer3/anthropic/utils/path-helpers.d.ts.map +0 -1
- package/dist/layer3/anthropic/utils/path-helpers.js +0 -69
- package/dist/layer3/anthropic/utils/path-helpers.js.map +0 -1
- package/dist/layer3/anthropic/utils/response-parser.d.ts +0 -40
- package/dist/layer3/anthropic/utils/response-parser.d.ts.map +0 -1
- package/dist/layer3/anthropic/utils/response-parser.js +0 -285
- package/dist/layer3/anthropic/utils/response-parser.js.map +0 -1
- package/dist/layer3/anthropic/utils/retry.d.ts +0 -15
- package/dist/layer3/anthropic/utils/retry.d.ts.map +0 -1
- package/dist/layer3/anthropic/utils/retry.js +0 -62
- package/dist/layer3/anthropic/utils/retry.js.map +0 -1
- package/dist/layer3/index.d.ts +0 -27
- package/dist/layer3/index.d.ts.map +0 -1
- package/dist/layer3/index.js +0 -150
- package/dist/layer3/index.js.map +0 -1
- package/dist/layer3/osv-check.d.ts +0 -75
- package/dist/layer3/osv-check.d.ts.map +0 -1
- package/dist/layer3/osv-check.js +0 -308
- package/dist/layer3/osv-check.js.map +0 -1
- package/dist/layer3/package-check.d.ts +0 -63
- package/dist/layer3/package-check.d.ts.map +0 -1
- package/dist/layer3/package-check.js +0 -508
- package/dist/layer3/package-check.js.map +0 -1
- package/dist/model/cross-file-taint.d.ts +0 -40
- package/dist/model/cross-file-taint.d.ts.map +0 -1
- package/dist/model/cross-file-taint.js +0 -290
- package/dist/model/cross-file-taint.js.map +0 -1
- package/dist/model/function-classifier.d.ts +0 -32
- package/dist/model/function-classifier.d.ts.map +0 -1
- package/dist/model/function-classifier.js +0 -143
- package/dist/model/function-classifier.js.map +0 -1
- package/dist/model/sanitiser-detection.d.ts +0 -27
- package/dist/model/sanitiser-detection.d.ts.map +0 -1
- package/dist/model/sanitiser-detection.js +0 -224
- package/dist/model/sanitiser-detection.js.map +0 -1
- package/dist/model/sink-matcher.d.ts +0 -17
- package/dist/model/sink-matcher.d.ts.map +0 -1
- package/dist/model/sink-matcher.js +0 -141
- package/dist/model/sink-matcher.js.map +0 -1
- package/dist/model/sink-patterns.d.ts +0 -19
- package/dist/model/sink-patterns.d.ts.map +0 -1
- package/dist/model/sink-patterns.js +0 -88
- package/dist/model/sink-patterns.js.map +0 -1
- package/dist/model/source-discovery.d.ts +0 -15
- package/dist/model/source-discovery.d.ts.map +0 -1
- package/dist/model/source-discovery.js +0 -170
- package/dist/model/source-discovery.js.map +0 -1
- package/dist/model/taint-tracker.d.ts +0 -21
- package/dist/model/taint-tracker.d.ts.map +0 -1
- package/dist/model/taint-tracker.js +0 -281
- package/dist/model/taint-tracker.js.map +0 -1
- package/dist/modes/incremental.d.ts +0 -66
- package/dist/modes/incremental.d.ts.map +0 -1
- package/dist/modes/incremental.js +0 -200
- package/dist/modes/incremental.js.map +0 -1
- package/dist/rules/framework-fixes.d.ts +0 -48
- package/dist/rules/framework-fixes.d.ts.map +0 -1
- package/dist/rules/framework-fixes.js +0 -439
- package/dist/rules/framework-fixes.js.map +0 -1
- package/dist/rules/index.d.ts +0 -8
- package/dist/rules/index.d.ts.map +0 -1
- package/dist/rules/index.js +0 -18
- package/dist/rules/index.js.map +0 -1
- package/dist/rules/metadata.d.ts +0 -43
- package/dist/rules/metadata.d.ts.map +0 -1
- package/dist/rules/metadata.js +0 -800
- package/dist/rules/metadata.js.map +0 -1
- package/dist/score/auto-dismiss.d.ts +0 -28
- package/dist/score/auto-dismiss.d.ts.map +0 -1
- package/dist/score/auto-dismiss.js +0 -200
- package/dist/score/auto-dismiss.js.map +0 -1
- package/dist/suppression/config-loader.d.ts +0 -74
- package/dist/suppression/config-loader.d.ts.map +0 -1
- package/dist/suppression/config-loader.js +0 -424
- package/dist/suppression/config-loader.js.map +0 -1
- package/dist/suppression/hash.d.ts +0 -48
- package/dist/suppression/hash.d.ts.map +0 -1
- package/dist/suppression/hash.js +0 -88
- package/dist/suppression/hash.js.map +0 -1
- package/dist/suppression/index.d.ts +0 -11
- package/dist/suppression/index.d.ts.map +0 -1
- package/dist/suppression/index.js +0 -39
- package/dist/suppression/index.js.map +0 -1
- package/dist/suppression/inline-parser.d.ts +0 -39
- package/dist/suppression/inline-parser.d.ts.map +0 -1
- package/dist/suppression/inline-parser.js +0 -218
- package/dist/suppression/inline-parser.js.map +0 -1
- package/dist/suppression/manager.d.ts +0 -94
- package/dist/suppression/manager.d.ts.map +0 -1
- package/dist/suppression/manager.js +0 -292
- package/dist/suppression/manager.js.map +0 -1
- package/dist/suppression/types.d.ts +0 -151
- package/dist/suppression/types.d.ts.map +0 -1
- package/dist/suppression/types.js +0 -28
- package/dist/suppression/types.js.map +0 -1
- package/dist/types.d.ts +0 -331
- package/dist/types.d.ts.map +0 -1
- package/dist/types.js +0 -124
- package/dist/types.js.map +0 -1
- package/dist/utils/auth-helper-detector.d.ts +0 -56
- package/dist/utils/auth-helper-detector.d.ts.map +0 -1
- package/dist/utils/auth-helper-detector.js +0 -360
- package/dist/utils/auth-helper-detector.js.map +0 -1
- package/dist/utils/code-analysis.d.ts +0 -39
- package/dist/utils/code-analysis.d.ts.map +0 -1
- package/dist/utils/code-analysis.js +0 -159
- package/dist/utils/code-analysis.js.map +0 -1
- package/dist/utils/comment-analyzer.d.ts +0 -38
- package/dist/utils/comment-analyzer.d.ts.map +0 -1
- package/dist/utils/comment-analyzer.js +0 -218
- package/dist/utils/comment-analyzer.js.map +0 -1
- package/dist/utils/context-helpers.d.ts +0 -219
- package/dist/utils/context-helpers.d.ts.map +0 -1
- package/dist/utils/context-helpers.js +0 -886
- package/dist/utils/context-helpers.js.map +0 -1
- package/dist/utils/diff-detector.d.ts +0 -53
- package/dist/utils/diff-detector.d.ts.map +0 -1
- package/dist/utils/diff-detector.js +0 -104
- package/dist/utils/diff-detector.js.map +0 -1
- package/dist/utils/diff-parser.d.ts +0 -80
- package/dist/utils/diff-parser.d.ts.map +0 -1
- package/dist/utils/diff-parser.js +0 -202
- package/dist/utils/diff-parser.js.map +0 -1
- package/dist/utils/environment-context.d.ts +0 -76
- package/dist/utils/environment-context.d.ts.map +0 -1
- package/dist/utils/environment-context.js +0 -271
- package/dist/utils/environment-context.js.map +0 -1
- package/dist/utils/imported-auth-detector.d.ts +0 -37
- package/dist/utils/imported-auth-detector.d.ts.map +0 -1
- package/dist/utils/imported-auth-detector.js +0 -251
- package/dist/utils/imported-auth-detector.js.map +0 -1
- package/dist/utils/intent-detector.d.ts +0 -66
- package/dist/utils/intent-detector.d.ts.map +0 -1
- package/dist/utils/intent-detector.js +0 -282
- package/dist/utils/intent-detector.js.map +0 -1
- package/dist/utils/middleware-detector.d.ts +0 -55
- package/dist/utils/middleware-detector.d.ts.map +0 -1
- package/dist/utils/middleware-detector.js +0 -260
- package/dist/utils/middleware-detector.js.map +0 -1
- package/dist/utils/oauth-flow-detector.d.ts +0 -41
- package/dist/utils/oauth-flow-detector.d.ts.map +0 -1
- package/dist/utils/oauth-flow-detector.js +0 -202
- package/dist/utils/oauth-flow-detector.js.map +0 -1
- package/dist/utils/parsed-file.d.ts +0 -51
- package/dist/utils/parsed-file.d.ts.map +0 -1
- package/dist/utils/parsed-file.js +0 -95
- package/dist/utils/parsed-file.js.map +0 -1
- package/dist/utils/path-exclusions.d.ts +0 -55
- package/dist/utils/path-exclusions.d.ts.map +0 -1
- package/dist/utils/path-exclusions.js +0 -224
- package/dist/utils/path-exclusions.js.map +0 -1
- package/dist/utils/project-context-builder.d.ts +0 -119
- package/dist/utils/project-context-builder.d.ts.map +0 -1
- package/dist/utils/project-context-builder.js +0 -534
- package/dist/utils/project-context-builder.js.map +0 -1
- package/dist/utils/registry-clients.d.ts +0 -93
- package/dist/utils/registry-clients.d.ts.map +0 -1
- package/dist/utils/registry-clients.js +0 -273
- package/dist/utils/registry-clients.js.map +0 -1
- package/dist/utils/route-hierarchy.d.ts +0 -50
- package/dist/utils/route-hierarchy.d.ts.map +0 -1
- package/dist/utils/route-hierarchy.js +0 -226
- package/dist/utils/route-hierarchy.js.map +0 -1
- package/dist/utils/schema-semantics.d.ts +0 -45
- package/dist/utils/schema-semantics.d.ts.map +0 -1
- package/dist/utils/schema-semantics.js +0 -193
- package/dist/utils/schema-semantics.js.map +0 -1
- package/dist/utils/trpc-analyzer.d.ts +0 -78
- package/dist/utils/trpc-analyzer.d.ts.map +0 -1
- package/dist/utils/trpc-analyzer.js +0 -297
- package/dist/utils/trpc-analyzer.js.map +0 -1
- package/src/__tests__/context-engine/cross-file-taint.test.ts +0 -284
- package/src/__tests__/context-engine/function-classifier.test.ts +0 -146
- package/src/__tests__/context-engine/integration.test.ts +0 -320
- package/src/__tests__/context-engine/sanitiser-detection.test.ts +0 -187
- package/src/__tests__/context-engine/sink-matcher.test.ts +0 -251
- package/src/__tests__/context-engine/source-discovery.test.ts +0 -186
- package/src/__tests__/context-engine/taint-tracker.test.ts +0 -182
- package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +0 -750
- package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +0 -555
- package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +0 -321
- package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +0 -439
- package/src/detect/ai-code/agent-tools.ts +0 -1662
- package/src/detect/ai-code/byok-patterns.ts +0 -354
- package/src/detect/ai-code/endpoint-protection.ts +0 -406
- package/src/detect/ai-code/execution-sinks.ts +0 -1310
- package/src/detect/ai-code/fingerprinting.ts +0 -774
- package/src/detect/ai-code/mcp-security.ts +0 -937
- package/src/detect/ai-code/model-supply-chain.ts +0 -535
- package/src/detect/ai-code/package-hallucination.ts +0 -955
- package/src/detect/ai-code/prompt-hygiene.ts +0 -1314
- package/src/detect/ai-code/rag-safety.ts +0 -977
- package/src/detect/ai-code/schema-validation.ts +0 -427
- package/src/detect/secrets/patterns.ts +0 -561
- package/src/detect/secrets/weak-crypto.ts +0 -485
- package/src/detect/structural/__tests__/math-random-enhanced.test.ts +0 -405
- package/src/detect/structural/auth-patterns.ts +0 -621
- package/src/detect/structural/dangerous-functions/child-process.ts +0 -98
- package/src/detect/structural/dangerous-functions/dom-xss.ts +0 -292
- package/src/detect/structural/dangerous-functions/index.ts +0 -1556
- package/src/detect/structural/dangerous-functions/json-parse.ts +0 -393
- package/src/detect/structural/dangerous-functions/math-random.ts +0 -789
- package/src/detect/structural/dangerous-functions/patterns.ts +0 -176
- package/src/detect/structural/dangerous-functions/request-validation.ts +0 -153
- package/src/detect/structural/dangerous-functions/utils/control-flow.ts +0 -35
- package/src/detect/structural/dangerous-functions/utils/helpers.ts +0 -170
- package/src/detect/structural/dangerous-functions/utils/index.ts +0 -25
- package/src/detect/structural/dangerous-functions/utils/schema-validation.ts +0 -106
- package/src/detect/structural/data-exposure.ts +0 -302
- package/src/detect/structural/framework-checks.ts +0 -439
- package/src/detect/structural/log-injection.ts +0 -254
- package/src/detect/structural/logic-gates.ts +0 -256
- package/src/detect/structural/risky-imports.ts +0 -197
- package/src/detect/structural/security-headers.ts +0 -231
- package/src/detect/structural/ssrf-detection.ts +0 -300
- package/src/detect/structural/variables.ts +0 -177
- package/src/detect/structural/xxe-detection.ts +0 -295
- package/src/model/cross-file-taint.ts +0 -374
- package/src/model/function-classifier.ts +0 -184
- package/src/model/sanitiser-detection.ts +0 -268
- package/src/model/sink-matcher.ts +0 -178
- package/src/model/sink-patterns.ts +0 -109
- package/src/model/source-discovery.ts +0 -209
- package/src/model/taint-tracker.ts +0 -333
- package/src/score/auto-dismiss.ts +0 -224
|
@@ -1,735 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* CLI Terminal Formatter
|
|
4
|
-
* Formats scan results with ANSI colors for terminal output
|
|
5
|
-
*/
|
|
6
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
|
-
exports.formatTerminalOutput = formatTerminalOutput;
|
|
8
|
-
exports.formatCompactSummary = formatCompactSummary;
|
|
9
|
-
exports.getNumberedFindings = getNumberedFindings;
|
|
10
|
-
exports.formatFindingDetail = formatFindingDetail;
|
|
11
|
-
exports.formatSimpleList = formatSimpleList;
|
|
12
|
-
exports.formatJSON = formatJSON;
|
|
13
|
-
exports.formatSARIF = formatSARIF;
|
|
14
|
-
const grouping_1 = require("./grouping");
|
|
15
|
-
const hash_1 = require("../suppression/hash");
|
|
16
|
-
/**
|
|
17
|
-
* ANSI color codes
|
|
18
|
-
*/
|
|
19
|
-
const colors = {
|
|
20
|
-
reset: '\x1b[0m',
|
|
21
|
-
bold: '\x1b[1m',
|
|
22
|
-
dim: '\x1b[2m',
|
|
23
|
-
underline: '\x1b[4m',
|
|
24
|
-
// Foreground colors
|
|
25
|
-
red: '\x1b[31m',
|
|
26
|
-
green: '\x1b[32m',
|
|
27
|
-
yellow: '\x1b[33m',
|
|
28
|
-
blue: '\x1b[34m',
|
|
29
|
-
magenta: '\x1b[35m',
|
|
30
|
-
cyan: '\x1b[36m',
|
|
31
|
-
white: '\x1b[37m',
|
|
32
|
-
gray: '\x1b[90m',
|
|
33
|
-
// Background colors
|
|
34
|
-
bgRed: '\x1b[41m',
|
|
35
|
-
bgYellow: '\x1b[43m',
|
|
36
|
-
bgBlue: '\x1b[44m',
|
|
37
|
-
};
|
|
38
|
-
/**
|
|
39
|
-
* Severity colors and symbols
|
|
40
|
-
*/
|
|
41
|
-
const SEVERITY_STYLE = {
|
|
42
|
-
critical: { color: colors.bgRed + colors.white, symbol: '●', label: 'CRITICAL' },
|
|
43
|
-
high: { color: colors.red, symbol: '●', label: 'HIGH' },
|
|
44
|
-
medium: { color: colors.yellow, symbol: '●', label: 'MEDIUM' },
|
|
45
|
-
low: { color: colors.blue, symbol: '○', label: 'LOW' },
|
|
46
|
-
info: { color: colors.gray, symbol: '○', label: 'INFO' },
|
|
47
|
-
};
|
|
48
|
-
/**
|
|
49
|
-
* Format colored text
|
|
50
|
-
*/
|
|
51
|
-
function c(color, text) {
|
|
52
|
-
return `${color}${text}${colors.reset}`;
|
|
53
|
-
}
|
|
54
|
-
/**
|
|
55
|
-
* Format severity badge
|
|
56
|
-
*/
|
|
57
|
-
function severityBadge(severity) {
|
|
58
|
-
const style = SEVERITY_STYLE[severity];
|
|
59
|
-
return c(style.color, `${style.symbol} ${style.label}`);
|
|
60
|
-
}
|
|
61
|
-
/**
|
|
62
|
-
* Format a single finding for terminal
|
|
63
|
-
* Default: Actionable output with impact, code, and fix steps
|
|
64
|
-
* Compact: Severity + title + location only
|
|
65
|
-
* Verbose: All of the above plus references and validation notes
|
|
66
|
-
*/
|
|
67
|
-
function formatFinding(finding, options = {}) {
|
|
68
|
-
const { indent = ' ', compact = false, verbose = false } = options;
|
|
69
|
-
const badge = severityBadge(finding.severity);
|
|
70
|
-
const location = c(colors.cyan, `${finding.filePath}:${finding.lineNumber}`);
|
|
71
|
-
const hash = (0, hash_1.computeFindingHash)(finding);
|
|
72
|
-
// Compact mode: just severity, title, and location
|
|
73
|
-
if (compact) {
|
|
74
|
-
return `${indent}${badge} ${c(colors.bold, finding.title)} ${location}\n`;
|
|
75
|
-
}
|
|
76
|
-
// Default actionable output
|
|
77
|
-
let output = `${indent}${badge} ${c(colors.bold, finding.title)}\n`;
|
|
78
|
-
output += `${indent} ${location}\n`;
|
|
79
|
-
output += '\n';
|
|
80
|
-
// Impact (why this matters) - shown by default
|
|
81
|
-
if (finding.impact) {
|
|
82
|
-
output += `${indent} ${c(colors.yellow + colors.bold, 'Impact:')} ${finding.impact}\n`;
|
|
83
|
-
output += '\n';
|
|
84
|
-
}
|
|
85
|
-
// Code snippet
|
|
86
|
-
if (finding.lineContent && finding.lineContent.trim()) {
|
|
87
|
-
output += `${indent} ${c(colors.dim, 'Code:')} ${c(colors.white, finding.lineContent.trim().substring(0, 80))}${finding.lineContent.trim().length > 80 ? '...' : ''}\n`;
|
|
88
|
-
output += '\n';
|
|
89
|
-
}
|
|
90
|
-
// Fix steps - shown by default (numbered list)
|
|
91
|
-
if (finding.fixSteps && finding.fixSteps.length > 0) {
|
|
92
|
-
output += `${indent} ${c(colors.green + colors.bold, 'Fix:')}\n`;
|
|
93
|
-
finding.fixSteps.forEach((step, i) => {
|
|
94
|
-
output += `${indent} ${c(colors.green, `${i + 1}. ${step}`)}\n`;
|
|
95
|
-
});
|
|
96
|
-
output += '\n';
|
|
97
|
-
}
|
|
98
|
-
else if (finding.suggestedFix) {
|
|
99
|
-
// Fallback to legacy suggestedFix field
|
|
100
|
-
output += `${indent} ${c(colors.green, '💡 ' + finding.suggestedFix)}\n`;
|
|
101
|
-
output += '\n';
|
|
102
|
-
}
|
|
103
|
-
// Verbose mode: show additional details
|
|
104
|
-
if (verbose) {
|
|
105
|
-
// Description
|
|
106
|
-
output += `${indent} ${c(colors.dim, finding.description)}\n`;
|
|
107
|
-
// References (OWASP/CWE links)
|
|
108
|
-
if (finding.references && finding.references.length > 0) {
|
|
109
|
-
output += `${indent} ${c(colors.blue, 'References:')}\n`;
|
|
110
|
-
finding.references.forEach(ref => {
|
|
111
|
-
output += `${indent} ${c(colors.blue, ` • ${ref}`)}\n`;
|
|
112
|
-
});
|
|
113
|
-
}
|
|
114
|
-
// Validation notes (if AI validated)
|
|
115
|
-
if (finding.validationNotes) {
|
|
116
|
-
output += `${indent} ${c(colors.dim, `[AI] ${finding.validationNotes}`)}\n`;
|
|
117
|
-
}
|
|
118
|
-
// AI enhanced indicator
|
|
119
|
-
if (finding.aiEnhanced) {
|
|
120
|
-
output += `${indent} ${c(colors.magenta, '✨ AI-enhanced fix suggestion')}\n`;
|
|
121
|
-
}
|
|
122
|
-
}
|
|
123
|
-
// Suppress command - always shown
|
|
124
|
-
output += `${indent} ${c(colors.dim, `Suppress: oculum ignore ${hash} --file "${finding.filePath}:${finding.lineNumber}" --reason "..."`)}\n`;
|
|
125
|
-
return output;
|
|
126
|
-
}
|
|
127
|
-
/**
|
|
128
|
-
* Format a group of findings
|
|
129
|
-
*/
|
|
130
|
-
function formatGroup(group, options = {}) {
|
|
131
|
-
const { maxFindings = 10, compact = false, verbose = false } = options;
|
|
132
|
-
const { theme, themeName, findings, severityCounts } = group;
|
|
133
|
-
const config = grouping_1.THEME_CONFIG[theme];
|
|
134
|
-
// Count summary
|
|
135
|
-
const counts = [];
|
|
136
|
-
if (severityCounts.critical > 0)
|
|
137
|
-
counts.push(c(colors.red, `${severityCounts.critical} critical`));
|
|
138
|
-
if (severityCounts.high > 0)
|
|
139
|
-
counts.push(c(colors.red, `${severityCounts.high} high`));
|
|
140
|
-
if (severityCounts.medium > 0)
|
|
141
|
-
counts.push(c(colors.yellow, `${severityCounts.medium} medium`));
|
|
142
|
-
if (severityCounts.low > 0)
|
|
143
|
-
counts.push(c(colors.blue, `${severityCounts.low} low`));
|
|
144
|
-
if (severityCounts.info > 0)
|
|
145
|
-
counts.push(c(colors.gray, `${severityCounts.info} info`));
|
|
146
|
-
let output = `\n${c(colors.bold, `${config.icon} ${themeName}`)} (${counts.join(', ')})\n`;
|
|
147
|
-
output += c(colors.dim, '─'.repeat(60)) + '\n';
|
|
148
|
-
// Show findings
|
|
149
|
-
const shown = findings.slice(0, maxFindings);
|
|
150
|
-
for (const finding of shown) {
|
|
151
|
-
output += formatFinding(finding, { compact, verbose }) + '\n';
|
|
152
|
-
}
|
|
153
|
-
// Truncation notice
|
|
154
|
-
if (findings.length > maxFindings) {
|
|
155
|
-
output += c(colors.dim, ` ... and ${findings.length - maxFindings} more\n`);
|
|
156
|
-
}
|
|
157
|
-
return output;
|
|
158
|
-
}
|
|
159
|
-
/**
|
|
160
|
-
* Format baseline diff summary
|
|
161
|
-
*/
|
|
162
|
-
function formatDiffSummary(baselineDiff) {
|
|
163
|
-
let output = '';
|
|
164
|
-
output += c(colors.bold, 'Baseline Comparison') + '\n';
|
|
165
|
-
output += c(colors.dim, '─'.repeat(40)) + '\n';
|
|
166
|
-
output += ` 🆕 ${c(colors.yellow, `${baselineDiff.newCount} new`)} findings\n`;
|
|
167
|
-
output += ` ✅ ${c(colors.green, `${baselineDiff.fixedCount} fixed`)} since baseline\n`;
|
|
168
|
-
output += ` 📋 ${c(colors.dim, `${baselineDiff.existingCount} existing`)} (in baseline)\n`;
|
|
169
|
-
output += '\n';
|
|
170
|
-
// Format baseline date
|
|
171
|
-
const baselineDate = new Date(baselineDiff.baselineCreatedAt);
|
|
172
|
-
const dateStr = baselineDate.toLocaleDateString('en-US', {
|
|
173
|
-
year: 'numeric',
|
|
174
|
-
month: 'short',
|
|
175
|
-
day: 'numeric',
|
|
176
|
-
});
|
|
177
|
-
const commitStr = baselineDiff.baselineCommit ? ` (${baselineDiff.baselineCommit})` : '';
|
|
178
|
-
output += c(colors.dim, `Baseline from ${dateStr}${commitStr}`) + '\n\n';
|
|
179
|
-
return output;
|
|
180
|
-
}
|
|
181
|
-
/**
|
|
182
|
-
* Format full scan result for terminal
|
|
183
|
-
*/
|
|
184
|
-
function formatTerminalOutput(result, options = {}) {
|
|
185
|
-
const { maxFindingsPerGroup = 10, showAllFindings = false, compact = false, verbose = false, } = options;
|
|
186
|
-
const { vulnerabilities, severityCounts, hasBlockingIssues, filesScanned, scanDuration, baselineDiff } = result;
|
|
187
|
-
let output = '\n';
|
|
188
|
-
// Header
|
|
189
|
-
output += c(colors.bold, '═'.repeat(60)) + '\n';
|
|
190
|
-
output += c(colors.bold, ' OCULUM SECURITY SCAN RESULTS') + '\n';
|
|
191
|
-
output += c(colors.bold, '═'.repeat(60)) + '\n\n';
|
|
192
|
-
// Baseline diff summary (if present)
|
|
193
|
-
if (baselineDiff) {
|
|
194
|
-
output += formatDiffSummary(baselineDiff);
|
|
195
|
-
}
|
|
196
|
-
// Status
|
|
197
|
-
if (hasBlockingIssues) {
|
|
198
|
-
const blocking = severityCounts.critical + severityCounts.high;
|
|
199
|
-
output += c(colors.bgRed + colors.white + colors.bold, ` 🚨 ${blocking} BLOCKING ISSUES FOUND `) + '\n\n';
|
|
200
|
-
}
|
|
201
|
-
else if (vulnerabilities.length > 0) {
|
|
202
|
-
output += c(colors.yellow, `⚠️ ${vulnerabilities.length} issues found (no blocking issues)`) + '\n\n';
|
|
203
|
-
}
|
|
204
|
-
else {
|
|
205
|
-
output += c(colors.green, '✅ No security issues found!') + '\n\n';
|
|
206
|
-
output += c(colors.dim, `Scanned ${filesScanned} files in ${(scanDuration / 1000).toFixed(1)}s`) + '\n';
|
|
207
|
-
return output;
|
|
208
|
-
}
|
|
209
|
-
// Summary counts
|
|
210
|
-
output += c(colors.bold, 'Summary:') + '\n';
|
|
211
|
-
if (severityCounts.critical > 0)
|
|
212
|
-
output += ` ${severityBadge('critical')} ${severityCounts.critical}\n`;
|
|
213
|
-
if (severityCounts.high > 0)
|
|
214
|
-
output += ` ${severityBadge('high')} ${severityCounts.high}\n`;
|
|
215
|
-
if (severityCounts.medium > 0)
|
|
216
|
-
output += ` ${severityBadge('medium')} ${severityCounts.medium}\n`;
|
|
217
|
-
if (severityCounts.low > 0)
|
|
218
|
-
output += ` ${severityBadge('low')} ${severityCounts.low}\n`;
|
|
219
|
-
if (severityCounts.info > 0)
|
|
220
|
-
output += ` ${severityBadge('info')} ${severityCounts.info}\n`;
|
|
221
|
-
output += '\n';
|
|
222
|
-
// Blocking issues first
|
|
223
|
-
const blockingIssues = (0, grouping_1.getBlockingIssues)(vulnerabilities);
|
|
224
|
-
if (blockingIssues.length > 0) {
|
|
225
|
-
output += c(colors.bgRed + colors.white + colors.bold, ' BLOCKING ISSUES ') + '\n';
|
|
226
|
-
output += c(colors.red, 'These must be fixed before merging:') + '\n\n';
|
|
227
|
-
for (const finding of blockingIssues.slice(0, 10)) {
|
|
228
|
-
output += formatFinding(finding, { compact, verbose });
|
|
229
|
-
output += '\n';
|
|
230
|
-
}
|
|
231
|
-
if (blockingIssues.length > 10) {
|
|
232
|
-
output += c(colors.dim, ` ... and ${blockingIssues.length - 10} more blocking issues\n`);
|
|
233
|
-
}
|
|
234
|
-
output += '\n';
|
|
235
|
-
}
|
|
236
|
-
// Grouped findings
|
|
237
|
-
const grouped = (0, grouping_1.groupByTheme)(vulnerabilities);
|
|
238
|
-
output += c(colors.bold, '─'.repeat(60)) + '\n';
|
|
239
|
-
output += c(colors.bold, 'ALL FINDINGS BY CATEGORY') + '\n';
|
|
240
|
-
for (const group of grouped) {
|
|
241
|
-
// Skip if only showing non-blocking and all are blocking
|
|
242
|
-
if (!showAllFindings) {
|
|
243
|
-
const nonBlocking = group.findings.filter(f => f.severity !== 'critical' && f.severity !== 'high');
|
|
244
|
-
if (nonBlocking.length === 0 && blockingIssues.length > 0)
|
|
245
|
-
continue;
|
|
246
|
-
}
|
|
247
|
-
output += formatGroup(group, { maxFindings: maxFindingsPerGroup, compact, verbose });
|
|
248
|
-
}
|
|
249
|
-
// Suppressed findings section (if any)
|
|
250
|
-
if (result.suppressedVulnerabilities && result.suppressedVulnerabilities.length > 0) {
|
|
251
|
-
output += '\n' + c(colors.dim, '─'.repeat(60)) + '\n';
|
|
252
|
-
output += c(colors.dim + colors.bold, 'SUPPRESSED FINDINGS') + '\n';
|
|
253
|
-
output += c(colors.dim, `${result.suppressedVulnerabilities.length} findings suppressed`) + '\n\n';
|
|
254
|
-
for (const suppressed of result.suppressedVulnerabilities.slice(0, 5)) {
|
|
255
|
-
const typeLabel = suppressed.suppressionType === 'inline' ? 'inline'
|
|
256
|
-
: suppressed.suppressionType === 'config-finding' ? 'config'
|
|
257
|
-
: 'rule';
|
|
258
|
-
output += c(colors.dim, ` ${suppressed.hash.slice(0, 8)} ${suppressed.filePath}:${suppressed.lineNumber}`) + '\n';
|
|
259
|
-
output += c(colors.dim, ` ${suppressed.title}`) + '\n';
|
|
260
|
-
output += c(colors.dim, ` [${typeLabel}] ${suppressed.suppressionReason}`) + '\n';
|
|
261
|
-
if (suppressed.expires) {
|
|
262
|
-
output += c(colors.dim, ` Expires: ${suppressed.expires}`) + '\n';
|
|
263
|
-
}
|
|
264
|
-
output += '\n';
|
|
265
|
-
}
|
|
266
|
-
if (result.suppressedVulnerabilities.length > 5) {
|
|
267
|
-
output += c(colors.dim, ` ... and ${result.suppressedVulnerabilities.length - 5} more suppressed\n`);
|
|
268
|
-
}
|
|
269
|
-
}
|
|
270
|
-
// Suppression stats (if any)
|
|
271
|
-
if (result.suppressionStats && (result.suppressionStats.inlineSuppressed > 0 ||
|
|
272
|
-
result.suppressionStats.configFindingSuppressed > 0 ||
|
|
273
|
-
result.suppressionStats.configRuleSuppressed > 0)) {
|
|
274
|
-
const stats = result.suppressionStats;
|
|
275
|
-
const parts = [];
|
|
276
|
-
if (stats.inlineSuppressed > 0)
|
|
277
|
-
parts.push(`${stats.inlineSuppressed} inline`);
|
|
278
|
-
if (stats.configFindingSuppressed > 0)
|
|
279
|
-
parts.push(`${stats.configFindingSuppressed} config`);
|
|
280
|
-
if (stats.configRuleSuppressed > 0)
|
|
281
|
-
parts.push(`${stats.configRuleSuppressed} rule`);
|
|
282
|
-
if (stats.expired > 0)
|
|
283
|
-
parts.push(`${stats.expired} expired`);
|
|
284
|
-
if (!result.suppressedVulnerabilities) {
|
|
285
|
-
output += '\n' + c(colors.dim, `Suppressed: ${parts.join(', ')}`) + '\n';
|
|
286
|
-
}
|
|
287
|
-
}
|
|
288
|
-
// Footer
|
|
289
|
-
output += '\n' + c(colors.dim, '─'.repeat(60)) + '\n';
|
|
290
|
-
output += c(colors.dim, `Scanned ${filesScanned} files in ${(scanDuration / 1000).toFixed(1)}s`) + '\n';
|
|
291
|
-
return output;
|
|
292
|
-
}
|
|
293
|
-
/**
|
|
294
|
-
* Format compact summary grouped by severity
|
|
295
|
-
* Output format:
|
|
296
|
-
* HIGH (2)
|
|
297
|
-
* 1. SQL injection in src/api/users.ts:42
|
|
298
|
-
* 2. Missing auth in src/api/admin.ts:15
|
|
299
|
-
*/
|
|
300
|
-
function formatCompactSummary(vulnerabilities, options = {}) {
|
|
301
|
-
const { showNumbers = true, maxPerSeverity = 5, showHint = true, noColor = false, } = options;
|
|
302
|
-
if (vulnerabilities.length === 0) {
|
|
303
|
-
return noColor
|
|
304
|
-
? 'No security issues found.'
|
|
305
|
-
: c(colors.green, '✓ No security issues found.');
|
|
306
|
-
}
|
|
307
|
-
// Group by severity
|
|
308
|
-
const bySeverity = {
|
|
309
|
-
critical: [],
|
|
310
|
-
high: [],
|
|
311
|
-
medium: [],
|
|
312
|
-
low: [],
|
|
313
|
-
info: [],
|
|
314
|
-
};
|
|
315
|
-
for (const v of vulnerabilities) {
|
|
316
|
-
bySeverity[v.severity].push(v);
|
|
317
|
-
}
|
|
318
|
-
// Build output
|
|
319
|
-
let output = '';
|
|
320
|
-
let globalIndex = 1;
|
|
321
|
-
const severityOrder = ['critical', 'high', 'medium', 'low', 'info'];
|
|
322
|
-
const severityColors = {
|
|
323
|
-
critical: colors.bgRed + colors.white,
|
|
324
|
-
high: colors.red,
|
|
325
|
-
medium: colors.yellow,
|
|
326
|
-
low: colors.blue,
|
|
327
|
-
info: colors.gray,
|
|
328
|
-
};
|
|
329
|
-
for (const severity of severityOrder) {
|
|
330
|
-
const findings = bySeverity[severity];
|
|
331
|
-
if (findings.length === 0)
|
|
332
|
-
continue;
|
|
333
|
-
// Severity header
|
|
334
|
-
const label = severity.toUpperCase();
|
|
335
|
-
const header = noColor
|
|
336
|
-
? `${label} (${findings.length})`
|
|
337
|
-
: c(severityColors[severity] + colors.bold, `${label} (${findings.length})`);
|
|
338
|
-
output += `\n ${header}\n`;
|
|
339
|
-
// Show findings
|
|
340
|
-
const shown = findings.slice(0, maxPerSeverity);
|
|
341
|
-
for (const finding of shown) {
|
|
342
|
-
const num = showNumbers ? `${globalIndex}. ` : '';
|
|
343
|
-
const location = noColor
|
|
344
|
-
? `${finding.filePath}:${finding.lineNumber}`
|
|
345
|
-
: c(colors.cyan, `${finding.filePath}:${finding.lineNumber}`);
|
|
346
|
-
output += noColor
|
|
347
|
-
? ` ${num}${finding.title} in ${location}\n`
|
|
348
|
-
: ` ${c(colors.dim, num)}${finding.title} ${c(colors.dim, 'in')} ${location}\n`;
|
|
349
|
-
globalIndex++;
|
|
350
|
-
}
|
|
351
|
-
// Show truncation notice
|
|
352
|
-
if (findings.length > maxPerSeverity) {
|
|
353
|
-
const more = findings.length - maxPerSeverity;
|
|
354
|
-
const truncated = noColor
|
|
355
|
-
? ` ... and ${more} more\n`
|
|
356
|
-
: c(colors.dim, ` ... and ${more} more\n`);
|
|
357
|
-
output += truncated;
|
|
358
|
-
globalIndex += more; // Increment for hidden findings
|
|
359
|
-
}
|
|
360
|
-
}
|
|
361
|
-
// Hint at bottom
|
|
362
|
-
if (showHint && vulnerabilities.length > 0) {
|
|
363
|
-
output += '\n';
|
|
364
|
-
output += noColor
|
|
365
|
-
? "Run 'oculum show 1' for details · 'oculum fix' for suggestions\n"
|
|
366
|
-
: c(colors.dim, "Run 'oculum show 1' for details · 'oculum fix' for suggestions\n");
|
|
367
|
-
}
|
|
368
|
-
return output;
|
|
369
|
-
}
|
|
370
|
-
/**
|
|
371
|
-
* Format a numbered finding list for the show command
|
|
372
|
-
* Returns findings with their numbers for reference
|
|
373
|
-
*/
|
|
374
|
-
function getNumberedFindings(vulnerabilities) {
|
|
375
|
-
return vulnerabilities.map((finding, index) => ({
|
|
376
|
-
number: index + 1,
|
|
377
|
-
finding,
|
|
378
|
-
}));
|
|
379
|
-
}
|
|
380
|
-
/**
|
|
381
|
-
* Format a single finding detail view for the show command
|
|
382
|
-
*/
|
|
383
|
-
function formatFindingDetail(finding, number, options = {}) {
|
|
384
|
-
const { verbose = false, noColor = false } = options;
|
|
385
|
-
let output = '';
|
|
386
|
-
// Header
|
|
387
|
-
const badge = noColor
|
|
388
|
-
? `[${finding.severity.toUpperCase()}]`
|
|
389
|
-
: severityBadge(finding.severity);
|
|
390
|
-
const title = noColor ? finding.title : c(colors.bold, finding.title);
|
|
391
|
-
output += `\n#${number} ${badge} ${title}\n`;
|
|
392
|
-
// Location
|
|
393
|
-
const location = noColor
|
|
394
|
-
? finding.filePath + ':' + finding.lineNumber
|
|
395
|
-
: c(colors.cyan, `${finding.filePath}:${finding.lineNumber}`);
|
|
396
|
-
output += ` ${location}\n`;
|
|
397
|
-
output += '\n';
|
|
398
|
-
// Impact
|
|
399
|
-
if (finding.impact) {
|
|
400
|
-
const impactLabel = noColor ? 'Impact:' : c(colors.yellow + colors.bold, 'Impact:');
|
|
401
|
-
output += ` ${impactLabel} ${finding.impact}\n`;
|
|
402
|
-
output += '\n';
|
|
403
|
-
}
|
|
404
|
-
// Code snippet
|
|
405
|
-
if (finding.lineContent && finding.lineContent.trim()) {
|
|
406
|
-
const codeLabel = noColor ? 'Code:' : c(colors.dim, 'Code:');
|
|
407
|
-
const code = finding.lineContent.trim().substring(0, 100);
|
|
408
|
-
const codeText = noColor ? code : c(colors.white, code);
|
|
409
|
-
output += ` ${codeLabel} ${codeText}${finding.lineContent.trim().length > 100 ? '...' : ''}\n`;
|
|
410
|
-
output += '\n';
|
|
411
|
-
}
|
|
412
|
-
// Description
|
|
413
|
-
output += noColor
|
|
414
|
-
? ` ${finding.description}\n`
|
|
415
|
-
: ` ${c(colors.dim, finding.description)}\n`;
|
|
416
|
-
output += '\n';
|
|
417
|
-
// Fix steps
|
|
418
|
-
if (finding.fixSteps && finding.fixSteps.length > 0) {
|
|
419
|
-
const fixLabel = noColor ? 'How to fix:' : c(colors.green + colors.bold, 'How to fix:');
|
|
420
|
-
output += ` ${fixLabel}\n`;
|
|
421
|
-
finding.fixSteps.forEach((step, i) => {
|
|
422
|
-
const stepText = noColor ? `${i + 1}. ${step}` : c(colors.green, `${i + 1}. ${step}`);
|
|
423
|
-
output += ` ${stepText}\n`;
|
|
424
|
-
});
|
|
425
|
-
output += '\n';
|
|
426
|
-
}
|
|
427
|
-
else if (finding.suggestedFix) {
|
|
428
|
-
const fixLabel = noColor ? 'Suggested fix:' : c(colors.green + colors.bold, 'Suggested fix:');
|
|
429
|
-
output += ` ${fixLabel} ${finding.suggestedFix}\n`;
|
|
430
|
-
output += '\n';
|
|
431
|
-
}
|
|
432
|
-
// Verbose mode: additional details
|
|
433
|
-
if (verbose) {
|
|
434
|
-
// References
|
|
435
|
-
if (finding.references && finding.references.length > 0) {
|
|
436
|
-
const refLabel = noColor ? 'References:' : c(colors.blue, 'References:');
|
|
437
|
-
output += ` ${refLabel}\n`;
|
|
438
|
-
finding.references.forEach(ref => {
|
|
439
|
-
output += noColor
|
|
440
|
-
? ` - ${ref}\n`
|
|
441
|
-
: ` ${c(colors.blue, `- ${ref}`)}\n`;
|
|
442
|
-
});
|
|
443
|
-
output += '\n';
|
|
444
|
-
}
|
|
445
|
-
// Validation notes
|
|
446
|
-
if (finding.validationNotes) {
|
|
447
|
-
const notesLabel = noColor ? '[AI]' : c(colors.magenta, '[AI]');
|
|
448
|
-
output += ` ${notesLabel} ${finding.validationNotes}\n`;
|
|
449
|
-
output += '\n';
|
|
450
|
-
}
|
|
451
|
-
// Category and confidence
|
|
452
|
-
output += noColor
|
|
453
|
-
? ` Category: ${finding.category} · Confidence: ${finding.confidence || 'medium'} · Layer: ${finding.layer}\n`
|
|
454
|
-
: c(colors.dim, ` Category: ${finding.category} · Confidence: ${finding.confidence || 'medium'} · Layer: ${finding.layer}\n`);
|
|
455
|
-
}
|
|
456
|
-
return output;
|
|
457
|
-
}
|
|
458
|
-
/**
|
|
459
|
-
* Format as simple list (no grouping, no colors)
|
|
460
|
-
*/
|
|
461
|
-
function formatSimpleList(vulnerabilities) {
|
|
462
|
-
let output = '';
|
|
463
|
-
for (const finding of vulnerabilities) {
|
|
464
|
-
const severity = finding.severity.toUpperCase().padEnd(8);
|
|
465
|
-
output += `[${severity}] ${finding.filePath}:${finding.lineNumber} - ${finding.title}\n`;
|
|
466
|
-
}
|
|
467
|
-
return output;
|
|
468
|
-
}
|
|
469
|
-
/**
|
|
470
|
-
* Format as JSON (for piping to other tools)
|
|
471
|
-
*/
|
|
472
|
-
function formatJSON(result, pretty = false) {
|
|
473
|
-
if (pretty) {
|
|
474
|
-
return JSON.stringify(result, null, 2);
|
|
475
|
-
}
|
|
476
|
-
return JSON.stringify(result);
|
|
477
|
-
}
|
|
478
|
-
/**
|
|
479
|
-
* Rule metadata for SARIF output
|
|
480
|
-
*/
|
|
481
|
-
const RULE_METADATA = {
|
|
482
|
-
hardcoded_secret: {
|
|
483
|
-
name: 'Hardcoded Secret',
|
|
484
|
-
description: 'Sensitive credentials or API keys hardcoded in source code. These can be extracted from version control history or compiled binaries.',
|
|
485
|
-
helpUri: 'https://oculum.dev/docs/rules/hardcoded-secrets',
|
|
486
|
-
tags: ['security', 'secrets', 'credentials'],
|
|
487
|
-
},
|
|
488
|
-
high_entropy_string: {
|
|
489
|
-
name: 'High Entropy String',
|
|
490
|
-
description: 'A high-entropy string that may be a secret or API key. Review to ensure it is not sensitive data.',
|
|
491
|
-
helpUri: 'https://oculum.dev/docs/rules/high-entropy',
|
|
492
|
-
tags: ['security', 'secrets'],
|
|
493
|
-
},
|
|
494
|
-
ai_prompt_injection: {
|
|
495
|
-
name: 'AI Prompt Injection',
|
|
496
|
-
description: 'User input is included in AI prompts without proper sanitization, potentially allowing prompt injection attacks.',
|
|
497
|
-
helpUri: 'https://oculum.dev/docs/rules/prompt-injection',
|
|
498
|
-
tags: ['security', 'ai', 'injection'],
|
|
499
|
-
},
|
|
500
|
-
ai_unsafe_execution: {
|
|
501
|
-
name: 'AI Unsafe Execution',
|
|
502
|
-
description: 'AI-generated content is used in code execution, SQL queries, or other dangerous sinks without validation.',
|
|
503
|
-
helpUri: 'https://oculum.dev/docs/rules/unsafe-execution',
|
|
504
|
-
tags: ['security', 'ai', 'injection'],
|
|
505
|
-
},
|
|
506
|
-
ai_overpermissive_tool: {
|
|
507
|
-
name: 'AI Overpermissive Tool',
|
|
508
|
-
description: 'AI agent tool has excessive permissions without proper restrictions or sandboxing.',
|
|
509
|
-
helpUri: 'https://oculum.dev/docs/rules/overpermissive-tools',
|
|
510
|
-
tags: ['security', 'ai', 'authorization'],
|
|
511
|
-
},
|
|
512
|
-
ai_rag_exfiltration: {
|
|
513
|
-
name: 'AI RAG Data Exfiltration',
|
|
514
|
-
description: 'RAG (Retrieval Augmented Generation) queries may expose data across tenant boundaries or leak sensitive context.',
|
|
515
|
-
helpUri: 'https://oculum.dev/docs/rules/rag-exfiltration',
|
|
516
|
-
tags: ['security', 'ai', 'data-exposure'],
|
|
517
|
-
},
|
|
518
|
-
ai_endpoint_unprotected: {
|
|
519
|
-
name: 'AI Endpoint Unprotected',
|
|
520
|
-
description: 'AI endpoint lacks authentication or rate limiting, potentially allowing abuse or cost attacks.',
|
|
521
|
-
helpUri: 'https://oculum.dev/docs/rules/unprotected-endpoints',
|
|
522
|
-
tags: ['security', 'ai', 'authentication'],
|
|
523
|
-
},
|
|
524
|
-
ai_schema_mismatch: {
|
|
525
|
-
name: 'AI Schema Validation Missing',
|
|
526
|
-
description: 'AI-generated output is used without schema validation, potentially allowing malformed or malicious data.',
|
|
527
|
-
helpUri: 'https://oculum.dev/docs/rules/schema-validation',
|
|
528
|
-
tags: ['security', 'ai', 'validation'],
|
|
529
|
-
},
|
|
530
|
-
sql_injection: {
|
|
531
|
-
name: 'SQL Injection',
|
|
532
|
-
description: 'User input is concatenated into SQL queries without parameterization, allowing SQL injection attacks.',
|
|
533
|
-
helpUri: 'https://oculum.dev/docs/rules/sql-injection',
|
|
534
|
-
tags: ['security', 'injection', 'database'],
|
|
535
|
-
},
|
|
536
|
-
xss: {
|
|
537
|
-
name: 'Cross-Site Scripting (XSS)',
|
|
538
|
-
description: 'User input is rendered in HTML without proper escaping, allowing script injection.',
|
|
539
|
-
helpUri: 'https://oculum.dev/docs/rules/xss',
|
|
540
|
-
tags: ['security', 'injection', 'web'],
|
|
541
|
-
},
|
|
542
|
-
command_injection: {
|
|
543
|
-
name: 'Command Injection',
|
|
544
|
-
description: 'User input is passed to shell commands without sanitization, allowing arbitrary command execution.',
|
|
545
|
-
helpUri: 'https://oculum.dev/docs/rules/command-injection',
|
|
546
|
-
tags: ['security', 'injection', 'shell'],
|
|
547
|
-
},
|
|
548
|
-
missing_auth: {
|
|
549
|
-
name: 'Missing Authentication',
|
|
550
|
-
description: 'Sensitive endpoint or route lacks authentication checks.',
|
|
551
|
-
helpUri: 'https://oculum.dev/docs/rules/missing-auth',
|
|
552
|
-
tags: ['security', 'authentication'],
|
|
553
|
-
},
|
|
554
|
-
data_exposure: {
|
|
555
|
-
name: 'Data Exposure',
|
|
556
|
-
description: 'Sensitive data may be exposed through logging, error messages, or API responses.',
|
|
557
|
-
helpUri: 'https://oculum.dev/docs/rules/data-exposure',
|
|
558
|
-
tags: ['security', 'data-exposure'],
|
|
559
|
-
},
|
|
560
|
-
insecure_config: {
|
|
561
|
-
name: 'Insecure Configuration',
|
|
562
|
-
description: 'Security-relevant configuration is set to an insecure value.',
|
|
563
|
-
helpUri: 'https://oculum.dev/docs/rules/insecure-config',
|
|
564
|
-
tags: ['security', 'configuration'],
|
|
565
|
-
},
|
|
566
|
-
dangerous_function: {
|
|
567
|
-
name: 'Dangerous Function',
|
|
568
|
-
description: 'Use of a function known to be dangerous or deprecated for security reasons.',
|
|
569
|
-
helpUri: 'https://oculum.dev/docs/rules/dangerous-functions',
|
|
570
|
-
tags: ['security', 'code-quality'],
|
|
571
|
-
},
|
|
572
|
-
};
|
|
573
|
-
/**
|
|
574
|
-
* Format as SARIF (Static Analysis Results Interchange Format)
|
|
575
|
-
* For integration with GitHub Code Scanning
|
|
576
|
-
*/
|
|
577
|
-
function formatSARIF(result) {
|
|
578
|
-
// Build results from active vulnerabilities
|
|
579
|
-
const activeResults = result.vulnerabilities.map((v, index) => ({
|
|
580
|
-
ruleId: v.category,
|
|
581
|
-
ruleIndex: getRuleIndex(result.vulnerabilities, v.category),
|
|
582
|
-
level: mapSeverityToSARIF(v.severity),
|
|
583
|
-
message: {
|
|
584
|
-
text: v.description,
|
|
585
|
-
},
|
|
586
|
-
locations: [{
|
|
587
|
-
physicalLocation: {
|
|
588
|
-
artifactLocation: {
|
|
589
|
-
uri: v.filePath,
|
|
590
|
-
uriBaseId: '%SRCROOT%',
|
|
591
|
-
},
|
|
592
|
-
region: {
|
|
593
|
-
startLine: v.lineNumber,
|
|
594
|
-
startColumn: 1,
|
|
595
|
-
snippet: v.lineContent ? { text: v.lineContent } : undefined,
|
|
596
|
-
},
|
|
597
|
-
},
|
|
598
|
-
}],
|
|
599
|
-
fingerprints: {
|
|
600
|
-
'oculum/v1': `${v.category}:${v.filePath}:${v.lineNumber}`,
|
|
601
|
-
},
|
|
602
|
-
fixes: v.suggestedFix ? [{
|
|
603
|
-
description: {
|
|
604
|
-
text: v.suggestedFix,
|
|
605
|
-
},
|
|
606
|
-
}] : undefined,
|
|
607
|
-
properties: {
|
|
608
|
-
confidence: v.confidence,
|
|
609
|
-
layer: v.layer,
|
|
610
|
-
},
|
|
611
|
-
}));
|
|
612
|
-
// Build results from suppressed vulnerabilities (with SARIF suppression state)
|
|
613
|
-
const suppressedResults = (result.suppressedVulnerabilities || []).map((s) => ({
|
|
614
|
-
ruleId: s.category,
|
|
615
|
-
ruleIndex: 0, // Will be resolved by GitHub
|
|
616
|
-
level: mapSeverityToSARIF(s.severity),
|
|
617
|
-
message: {
|
|
618
|
-
text: s.title,
|
|
619
|
-
},
|
|
620
|
-
locations: [{
|
|
621
|
-
physicalLocation: {
|
|
622
|
-
artifactLocation: {
|
|
623
|
-
uri: s.filePath,
|
|
624
|
-
uriBaseId: '%SRCROOT%',
|
|
625
|
-
},
|
|
626
|
-
region: {
|
|
627
|
-
startLine: s.lineNumber,
|
|
628
|
-
startColumn: 1,
|
|
629
|
-
},
|
|
630
|
-
},
|
|
631
|
-
}],
|
|
632
|
-
fingerprints: {
|
|
633
|
-
'oculum/v1': `${s.category}:${s.filePath}:${s.lineNumber}`,
|
|
634
|
-
'oculum/hash': s.hash,
|
|
635
|
-
},
|
|
636
|
-
suppressions: [{
|
|
637
|
-
kind: s.suppressionType === 'inline' ? 'inSource' : 'external',
|
|
638
|
-
justification: s.suppressionReason,
|
|
639
|
-
state: 'accepted',
|
|
640
|
-
}],
|
|
641
|
-
properties: {
|
|
642
|
-
suppressionType: s.suppressionType,
|
|
643
|
-
expires: s.expires,
|
|
644
|
-
},
|
|
645
|
-
}));
|
|
646
|
-
return {
|
|
647
|
-
$schema: 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json',
|
|
648
|
-
version: '2.1.0',
|
|
649
|
-
runs: [{
|
|
650
|
-
tool: {
|
|
651
|
-
driver: {
|
|
652
|
-
name: 'Oculum',
|
|
653
|
-
version: '1.0.0',
|
|
654
|
-
informationUri: 'https://oculum.dev',
|
|
655
|
-
organization: 'Oculum Security',
|
|
656
|
-
rules: getUniqueRules(result.vulnerabilities),
|
|
657
|
-
},
|
|
658
|
-
},
|
|
659
|
-
results: [...activeResults, ...suppressedResults],
|
|
660
|
-
columnKind: 'utf16CodeUnits',
|
|
661
|
-
}],
|
|
662
|
-
};
|
|
663
|
-
}
|
|
664
|
-
function mapSeverityToSARIF(severity) {
|
|
665
|
-
switch (severity) {
|
|
666
|
-
case 'critical':
|
|
667
|
-
case 'high':
|
|
668
|
-
return 'error';
|
|
669
|
-
case 'medium':
|
|
670
|
-
return 'warning';
|
|
671
|
-
default:
|
|
672
|
-
return 'note';
|
|
673
|
-
}
|
|
674
|
-
}
|
|
675
|
-
function getRuleIndex(vulnerabilities, category) {
|
|
676
|
-
const seen = new Set();
|
|
677
|
-
let index = 0;
|
|
678
|
-
for (const v of vulnerabilities) {
|
|
679
|
-
if (!seen.has(v.category)) {
|
|
680
|
-
if (v.category === category)
|
|
681
|
-
return index;
|
|
682
|
-
seen.add(v.category);
|
|
683
|
-
index++;
|
|
684
|
-
}
|
|
685
|
-
}
|
|
686
|
-
return 0;
|
|
687
|
-
}
|
|
688
|
-
function getUniqueRules(vulnerabilities) {
|
|
689
|
-
const seen = new Set();
|
|
690
|
-
const rules = [];
|
|
691
|
-
for (const v of vulnerabilities) {
|
|
692
|
-
if (seen.has(v.category))
|
|
693
|
-
continue;
|
|
694
|
-
seen.add(v.category);
|
|
695
|
-
const metadata = RULE_METADATA[v.category];
|
|
696
|
-
const ruleName = metadata?.name || v.category.replace(/_/g, ' ').replace(/\b\w/g, c => c.toUpperCase());
|
|
697
|
-
rules.push({
|
|
698
|
-
id: v.category,
|
|
699
|
-
name: ruleName,
|
|
700
|
-
shortDescription: { text: ruleName },
|
|
701
|
-
fullDescription: {
|
|
702
|
-
text: metadata?.description || v.description,
|
|
703
|
-
},
|
|
704
|
-
helpUri: metadata?.helpUri || `https://oculum.dev/docs/rules/${v.category.replace(/_/g, '-')}`,
|
|
705
|
-
help: {
|
|
706
|
-
text: metadata?.description || v.description,
|
|
707
|
-
markdown: `# ${ruleName}\n\n${metadata?.description || v.description}\n\n[Learn more](${metadata?.helpUri || 'https://oculum.dev/docs'})`,
|
|
708
|
-
},
|
|
709
|
-
defaultConfiguration: {
|
|
710
|
-
level: mapSeverityToSARIF(v.severity),
|
|
711
|
-
},
|
|
712
|
-
properties: {
|
|
713
|
-
tags: metadata?.tags || ['security'],
|
|
714
|
-
precision: v.confidence === 'high' ? 'high' : v.confidence === 'medium' ? 'medium' : 'low',
|
|
715
|
-
'security-severity': mapSeverityToScore(v.severity),
|
|
716
|
-
},
|
|
717
|
-
});
|
|
718
|
-
}
|
|
719
|
-
return rules;
|
|
720
|
-
}
|
|
721
|
-
function mapSeverityToScore(severity) {
|
|
722
|
-
switch (severity) {
|
|
723
|
-
case 'critical':
|
|
724
|
-
return '9.0';
|
|
725
|
-
case 'high':
|
|
726
|
-
return '7.0';
|
|
727
|
-
case 'medium':
|
|
728
|
-
return '5.0';
|
|
729
|
-
case 'low':
|
|
730
|
-
return '3.0';
|
|
731
|
-
default:
|
|
732
|
-
return '1.0';
|
|
733
|
-
}
|
|
734
|
-
}
|
|
735
|
-
//# sourceMappingURL=cli-terminal.js.map
|