@opensip-cli/checks-universal 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +202 -0
- package/NOTICE +8 -0
- package/README.md +31 -0
- package/dist/__tests__/all-checks-execute.test.d.ts +17 -0
- package/dist/__tests__/all-checks-execute.test.d.ts.map +1 -0
- package/dist/__tests__/all-checks-execute.test.js +452 -0
- package/dist/__tests__/all-checks-execute.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-10.test.d.ts +8 -0
- package/dist/__tests__/behavior-fixtures-10.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-10.test.js +200 -0
- package/dist/__tests__/behavior-fixtures-10.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-11.test.d.ts +8 -0
- package/dist/__tests__/behavior-fixtures-11.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-11.test.js +120 -0
- package/dist/__tests__/behavior-fixtures-11.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-12.test.d.ts +8 -0
- package/dist/__tests__/behavior-fixtures-12.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-12.test.js +157 -0
- package/dist/__tests__/behavior-fixtures-12.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-2.test.d.ts +8 -0
- package/dist/__tests__/behavior-fixtures-2.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-2.test.js +785 -0
- package/dist/__tests__/behavior-fixtures-2.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-3.test.d.ts +6 -0
- package/dist/__tests__/behavior-fixtures-3.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-3.test.js +663 -0
- package/dist/__tests__/behavior-fixtures-3.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-4.test.d.ts +5 -0
- package/dist/__tests__/behavior-fixtures-4.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-4.test.js +612 -0
- package/dist/__tests__/behavior-fixtures-4.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-5.test.d.ts +5 -0
- package/dist/__tests__/behavior-fixtures-5.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-5.test.js +469 -0
- package/dist/__tests__/behavior-fixtures-5.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-6.test.d.ts +8 -0
- package/dist/__tests__/behavior-fixtures-6.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-6.test.js +591 -0
- package/dist/__tests__/behavior-fixtures-6.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-7.test.d.ts +5 -0
- package/dist/__tests__/behavior-fixtures-7.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-7.test.js +662 -0
- package/dist/__tests__/behavior-fixtures-7.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-8.test.d.ts +11 -0
- package/dist/__tests__/behavior-fixtures-8.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-8.test.js +634 -0
- package/dist/__tests__/behavior-fixtures-8.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-9.test.d.ts +11 -0
- package/dist/__tests__/behavior-fixtures-9.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-9.test.js +271 -0
- package/dist/__tests__/behavior-fixtures-9.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures.test.d.ts +14 -0
- package/dist/__tests__/behavior-fixtures.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures.test.js +1423 -0
- package/dist/__tests__/behavior-fixtures.test.js.map +1 -0
- package/dist/__tests__/checks.test.d.ts +2 -0
- package/dist/__tests__/checks.test.d.ts.map +1 -0
- package/dist/__tests__/checks.test.js +61 -0
- package/dist/__tests__/checks.test.js.map +1 -0
- package/dist/__tests__/env-var-validation.test.d.ts +14 -0
- package/dist/__tests__/env-var-validation.test.d.ts.map +1 -0
- package/dist/__tests__/env-var-validation.test.js +53 -0
- package/dist/__tests__/env-var-validation.test.js.map +1 -0
- package/dist/__tests__/file-length-limit.test.d.ts +2 -0
- package/dist/__tests__/file-length-limit.test.d.ts.map +1 -0
- package/dist/__tests__/file-length-limit.test.js +29 -0
- package/dist/__tests__/file-length-limit.test.js.map +1 -0
- package/dist/__tests__/fixture-coverage.allowlist.d.ts +18 -0
- package/dist/__tests__/fixture-coverage.allowlist.d.ts.map +1 -0
- package/dist/__tests__/fixture-coverage.allowlist.js +35 -0
- package/dist/__tests__/fixture-coverage.allowlist.js.map +1 -0
- package/dist/__tests__/fixture-coverage.test.d.ts +13 -0
- package/dist/__tests__/fixture-coverage.test.d.ts.map +1 -0
- package/dist/__tests__/fixture-coverage.test.js +57 -0
- package/dist/__tests__/fixture-coverage.test.js.map +1 -0
- package/dist/__tests__/iic.test.d.ts +15 -0
- package/dist/__tests__/iic.test.d.ts.map +1 -0
- package/dist/__tests__/iic.test.js +316 -0
- package/dist/__tests__/iic.test.js.map +1 -0
- package/dist/__tests__/no-skipped-tests.test.d.ts +14 -0
- package/dist/__tests__/no-skipped-tests.test.d.ts.map +1 -0
- package/dist/__tests__/no-skipped-tests.test.js +144 -0
- package/dist/__tests__/no-skipped-tests.test.js.map +1 -0
- package/dist/__tests__/no-todo-comments.test.d.ts +2 -0
- package/dist/__tests__/no-todo-comments.test.d.ts.map +1 -0
- package/dist/__tests__/no-todo-comments.test.js +31 -0
- package/dist/__tests__/no-todo-comments.test.js.map +1 -0
- package/dist/__tests__/no-unimplemented-markers.test.d.ts +2 -0
- package/dist/__tests__/no-unimplemented-markers.test.d.ts.map +1 -0
- package/dist/__tests__/no-unimplemented-markers.test.js +140 -0
- package/dist/__tests__/no-unimplemented-markers.test.js.map +1 -0
- package/dist/__tests__/public-api-jsdoc-scope.test.d.ts +10 -0
- package/dist/__tests__/public-api-jsdoc-scope.test.d.ts.map +1 -0
- package/dist/__tests__/public-api-jsdoc-scope.test.js +176 -0
- package/dist/__tests__/public-api-jsdoc-scope.test.js.map +1 -0
- package/dist/__tests__/resilience-fp.test.d.ts +14 -0
- package/dist/__tests__/resilience-fp.test.d.ts.map +1 -0
- package/dist/__tests__/resilience-fp.test.js +110 -0
- package/dist/__tests__/resilience-fp.test.js.map +1 -0
- package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.d.ts +2 -0
- package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.d.ts.map +1 -0
- package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.js +32 -0
- package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.js.map +1 -0
- package/dist/checks/architecture/__tests__/tool-has-manifest.test.d.ts +2 -0
- package/dist/checks/architecture/__tests__/tool-has-manifest.test.d.ts.map +1 -0
- package/dist/checks/architecture/__tests__/tool-has-manifest.test.js +152 -0
- package/dist/checks/architecture/__tests__/tool-has-manifest.test.js.map +1 -0
- package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.d.ts +2 -0
- package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.d.ts.map +1 -0
- package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.js +129 -0
- package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.js.map +1 -0
- package/dist/checks/architecture/_yaml-doc-bindings.d.ts +23 -0
- package/dist/checks/architecture/_yaml-doc-bindings.d.ts.map +1 -0
- package/dist/checks/architecture/_yaml-doc-bindings.js +29 -0
- package/dist/checks/architecture/_yaml-doc-bindings.js.map +1 -0
- package/dist/checks/architecture/dependencies/index.d.ts +2 -0
- package/dist/checks/architecture/dependencies/index.d.ts.map +1 -0
- package/dist/checks/architecture/dependencies/index.js +2 -0
- package/dist/checks/architecture/dependencies/index.js.map +1 -0
- package/dist/checks/architecture/dependencies/no-duplicate-packages.d.ts +11 -0
- package/dist/checks/architecture/dependencies/no-duplicate-packages.d.ts.map +1 -0
- package/dist/checks/architecture/dependencies/no-duplicate-packages.js +171 -0
- package/dist/checks/architecture/dependencies/no-duplicate-packages.js.map +1 -0
- package/dist/checks/architecture/docker-best-practices.d.ts +23 -0
- package/dist/checks/architecture/docker-best-practices.d.ts.map +1 -0
- package/dist/checks/architecture/docker-best-practices.js +427 -0
- package/dist/checks/architecture/docker-best-practices.js.map +1 -0
- package/dist/checks/architecture/docker-ignore-validation.d.ts +18 -0
- package/dist/checks/architecture/docker-ignore-validation.d.ts.map +1 -0
- package/dist/checks/architecture/docker-ignore-validation.js +117 -0
- package/dist/checks/architecture/docker-ignore-validation.js.map +1 -0
- package/dist/checks/architecture/docker-version-sync.d.ts +16 -0
- package/dist/checks/architecture/docker-version-sync.d.ts.map +1 -0
- package/dist/checks/architecture/docker-version-sync.js +193 -0
- package/dist/checks/architecture/docker-version-sync.js.map +1 -0
- package/dist/checks/architecture/env-var-validation.d.ts +14 -0
- package/dist/checks/architecture/env-var-validation.d.ts.map +1 -0
- package/dist/checks/architecture/env-var-validation.js +289 -0
- package/dist/checks/architecture/env-var-validation.js.map +1 -0
- package/dist/checks/architecture/heavy-import-detection.d.ts +11 -0
- package/dist/checks/architecture/heavy-import-detection.d.ts.map +1 -0
- package/dist/checks/architecture/heavy-import-detection.js +91 -0
- package/dist/checks/architecture/heavy-import-detection.js.map +1 -0
- package/dist/checks/architecture/index.d.ts +16 -0
- package/dist/checks/architecture/index.d.ts.map +1 -0
- package/dist/checks/architecture/index.js +16 -0
- package/dist/checks/architecture/index.js.map +1 -0
- package/dist/checks/architecture/modules/empty-package-detection.d.ts +11 -0
- package/dist/checks/architecture/modules/empty-package-detection.d.ts.map +1 -0
- package/dist/checks/architecture/modules/empty-package-detection.js +277 -0
- package/dist/checks/architecture/modules/empty-package-detection.js.map +1 -0
- package/dist/checks/architecture/modules/index.d.ts +3 -0
- package/dist/checks/architecture/modules/index.d.ts.map +1 -0
- package/dist/checks/architecture/modules/index.js +3 -0
- package/dist/checks/architecture/modules/index.js.map +1 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency.d.ts +12 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency.d.ts.map +1 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency.js +555 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency.js.map +1 -0
- package/dist/checks/architecture/no-custom-event-emitter.d.ts +11 -0
- package/dist/checks/architecture/no-custom-event-emitter.d.ts.map +1 -0
- package/dist/checks/architecture/no-custom-event-emitter.js +123 -0
- package/dist/checks/architecture/no-custom-event-emitter.js.map +1 -0
- package/dist/checks/architecture/no-kebab-option-indexing.d.ts +33 -0
- package/dist/checks/architecture/no-kebab-option-indexing.d.ts.map +1 -0
- package/dist/checks/architecture/no-kebab-option-indexing.js +81 -0
- package/dist/checks/architecture/no-kebab-option-indexing.js.map +1 -0
- package/dist/checks/architecture/node-version-consistency.d.ts +22 -0
- package/dist/checks/architecture/node-version-consistency.d.ts.map +1 -0
- package/dist/checks/architecture/node-version-consistency.js +225 -0
- package/dist/checks/architecture/node-version-consistency.js.map +1 -0
- package/dist/checks/architecture/project-readme-existence.d.ts +13 -0
- package/dist/checks/architecture/project-readme-existence.d.ts.map +1 -0
- package/dist/checks/architecture/project-readme-existence.js +55 -0
- package/dist/checks/architecture/project-readme-existence.js.map +1 -0
- package/dist/checks/architecture/stale-build-artifacts.d.ts +10 -0
- package/dist/checks/architecture/stale-build-artifacts.d.ts.map +1 -0
- package/dist/checks/architecture/stale-build-artifacts.js +55 -0
- package/dist/checks/architecture/stale-build-artifacts.js.map +1 -0
- package/dist/checks/architecture/tool-has-manifest.d.ts +27 -0
- package/dist/checks/architecture/tool-has-manifest.d.ts.map +1 -0
- package/dist/checks/architecture/tool-has-manifest.js +135 -0
- package/dist/checks/architecture/tool-has-manifest.js.map +1 -0
- package/dist/checks/architecture/vitest-config-extends-base.d.ts +15 -0
- package/dist/checks/architecture/vitest-config-extends-base.d.ts.map +1 -0
- package/dist/checks/architecture/vitest-config-extends-base.js +104 -0
- package/dist/checks/architecture/vitest-config-extends-base.js.map +1 -0
- package/dist/checks/architecture/vitest-config-required-with-tests.d.ts +49 -0
- package/dist/checks/architecture/vitest-config-required-with-tests.d.ts.map +1 -0
- package/dist/checks/architecture/vitest-config-required-with-tests.js +199 -0
- package/dist/checks/architecture/vitest-config-required-with-tests.js.map +1 -0
- package/dist/checks/documentation/_directives/eslint.d.ts +9 -0
- package/dist/checks/documentation/_directives/eslint.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/eslint.js +168 -0
- package/dist/checks/documentation/_directives/eslint.js.map +1 -0
- package/dist/checks/documentation/_directives/fitness.d.ts +9 -0
- package/dist/checks/documentation/_directives/fitness.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/fitness.js +64 -0
- package/dist/checks/documentation/_directives/fitness.js.map +1 -0
- package/dist/checks/documentation/_directives/graph.d.ts +10 -0
- package/dist/checks/documentation/_directives/graph.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/graph.js +65 -0
- package/dist/checks/documentation/_directives/graph.js.map +1 -0
- package/dist/checks/documentation/_directives/graph.test.d.ts +2 -0
- package/dist/checks/documentation/_directives/graph.test.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/graph.test.js +54 -0
- package/dist/checks/documentation/_directives/graph.test.js.map +1 -0
- package/dist/checks/documentation/_directives/semgrep.d.ts +8 -0
- package/dist/checks/documentation/_directives/semgrep.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/semgrep.js +72 -0
- package/dist/checks/documentation/_directives/semgrep.js.map +1 -0
- package/dist/checks/documentation/_directives/types.d.ts +21 -0
- package/dist/checks/documentation/_directives/types.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/types.js +9 -0
- package/dist/checks/documentation/_directives/types.js.map +1 -0
- package/dist/checks/documentation/_directives/typescript.d.ts +10 -0
- package/dist/checks/documentation/_directives/typescript.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/typescript.js +54 -0
- package/dist/checks/documentation/_directives/typescript.js.map +1 -0
- package/dist/checks/documentation/_public-api-graph.d.ts +30 -0
- package/dist/checks/documentation/_public-api-graph.d.ts.map +1 -0
- package/dist/checks/documentation/_public-api-graph.js +304 -0
- package/dist/checks/documentation/_public-api-graph.js.map +1 -0
- package/dist/checks/documentation/directive-audit.d.ts +26 -0
- package/dist/checks/documentation/directive-audit.d.ts.map +1 -0
- package/dist/checks/documentation/directive-audit.js +144 -0
- package/dist/checks/documentation/directive-audit.js.map +1 -0
- package/dist/checks/documentation/index.d.ts +3 -0
- package/dist/checks/documentation/index.d.ts.map +1 -0
- package/dist/checks/documentation/index.js +3 -0
- package/dist/checks/documentation/index.js.map +1 -0
- package/dist/checks/documentation/public-api-jsdoc.d.ts +10 -0
- package/dist/checks/documentation/public-api-jsdoc.d.ts.map +1 -0
- package/dist/checks/documentation/public-api-jsdoc.js +131 -0
- package/dist/checks/documentation/public-api-jsdoc.js.map +1 -0
- package/dist/checks/file-length-limit.d.ts +16 -0
- package/dist/checks/file-length-limit.d.ts.map +1 -0
- package/dist/checks/file-length-limit.js +47 -0
- package/dist/checks/file-length-limit.js.map +1 -0
- package/dist/checks/index.d.ts +16 -0
- package/dist/checks/index.d.ts.map +1 -0
- package/dist/checks/index.js +16 -0
- package/dist/checks/index.js.map +1 -0
- package/dist/checks/no-todo-comments.d.ts +18 -0
- package/dist/checks/no-todo-comments.d.ts.map +1 -0
- package/dist/checks/no-todo-comments.js +79 -0
- package/dist/checks/no-todo-comments.js.map +1 -0
- package/dist/checks/no-unimplemented-markers.d.ts +24 -0
- package/dist/checks/no-unimplemented-markers.d.ts.map +1 -0
- package/dist/checks/no-unimplemented-markers.js +198 -0
- package/dist/checks/no-unimplemented-markers.js.map +1 -0
- package/dist/checks/quality/api/graphql-offset-pagination.d.ts +9 -0
- package/dist/checks/quality/api/graphql-offset-pagination.d.ts.map +1 -0
- package/dist/checks/quality/api/graphql-offset-pagination.js +63 -0
- package/dist/checks/quality/api/graphql-offset-pagination.js.map +1 -0
- package/dist/checks/quality/api/index.d.ts +3 -0
- package/dist/checks/quality/api/index.d.ts.map +1 -0
- package/dist/checks/quality/api/index.js +3 -0
- package/dist/checks/quality/api/index.js.map +1 -0
- package/dist/checks/quality/api/zod-openapi-sync.d.ts +13 -0
- package/dist/checks/quality/api/zod-openapi-sync.d.ts.map +1 -0
- package/dist/checks/quality/api/zod-openapi-sync.js +88 -0
- package/dist/checks/quality/api/zod-openapi-sync.js.map +1 -0
- package/dist/checks/quality/code-structure/dead-code.d.ts +12 -0
- package/dist/checks/quality/code-structure/dead-code.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/dead-code.js +238 -0
- package/dist/checks/quality/code-structure/dead-code.js.map +1 -0
- package/dist/checks/quality/code-structure/index.d.ts +5 -0
- package/dist/checks/quality/code-structure/index.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/index.js +5 -0
- package/dist/checks/quality/code-structure/index.js.map +1 -0
- package/dist/checks/quality/code-structure/no-ai-attribution.d.ts +25 -0
- package/dist/checks/quality/code-structure/no-ai-attribution.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/no-ai-attribution.js +76 -0
- package/dist/checks/quality/code-structure/no-ai-attribution.js.map +1 -0
- package/dist/checks/quality/code-structure/no-console-log.d.ts +17 -0
- package/dist/checks/quality/code-structure/no-console-log.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/no-console-log.js +106 -0
- package/dist/checks/quality/code-structure/no-console-log.js.map +1 -0
- package/dist/checks/quality/code-structure/no-process-artifacts.d.ts +25 -0
- package/dist/checks/quality/code-structure/no-process-artifacts.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/no-process-artifacts.js +104 -0
- package/dist/checks/quality/code-structure/no-process-artifacts.js.map +1 -0
- package/dist/checks/quality/dependency-version-consistency.d.ts +20 -0
- package/dist/checks/quality/dependency-version-consistency.d.ts.map +1 -0
- package/dist/checks/quality/dependency-version-consistency.js +266 -0
- package/dist/checks/quality/dependency-version-consistency.js.map +1 -0
- package/dist/checks/quality/fitness-ignore-hygiene.d.ts +10 -0
- package/dist/checks/quality/fitness-ignore-hygiene.d.ts.map +1 -0
- package/dist/checks/quality/fitness-ignore-hygiene.js +93 -0
- package/dist/checks/quality/fitness-ignore-hygiene.js.map +1 -0
- package/dist/checks/quality/frontend/expo-vector-icons.d.ts +13 -0
- package/dist/checks/quality/frontend/expo-vector-icons.d.ts.map +1 -0
- package/dist/checks/quality/frontend/expo-vector-icons.js +80 -0
- package/dist/checks/quality/frontend/expo-vector-icons.js.map +1 -0
- package/dist/checks/quality/frontend/image-optimization.d.ts +13 -0
- package/dist/checks/quality/frontend/image-optimization.d.ts.map +1 -0
- package/dist/checks/quality/frontend/image-optimization.js +166 -0
- package/dist/checks/quality/frontend/image-optimization.js.map +1 -0
- package/dist/checks/quality/frontend/index.d.ts +4 -0
- package/dist/checks/quality/frontend/index.d.ts.map +1 -0
- package/dist/checks/quality/frontend/index.js +4 -0
- package/dist/checks/quality/frontend/index.js.map +1 -0
- package/dist/checks/quality/frontend/navigation-typing.d.ts +12 -0
- package/dist/checks/quality/frontend/navigation-typing.d.ts.map +1 -0
- package/dist/checks/quality/frontend/navigation-typing.js +77 -0
- package/dist/checks/quality/frontend/navigation-typing.js.map +1 -0
- package/dist/checks/quality/graph-ignore-hygiene.d.ts +10 -0
- package/dist/checks/quality/graph-ignore-hygiene.d.ts.map +1 -0
- package/dist/checks/quality/graph-ignore-hygiene.js +95 -0
- package/dist/checks/quality/graph-ignore-hygiene.js.map +1 -0
- package/dist/checks/quality/graph-ignore-hygiene.test.d.ts +14 -0
- package/dist/checks/quality/graph-ignore-hygiene.test.d.ts.map +1 -0
- package/dist/checks/quality/graph-ignore-hygiene.test.js +58 -0
- package/dist/checks/quality/graph-ignore-hygiene.test.js.map +1 -0
- package/dist/checks/quality/index.d.ts +16 -0
- package/dist/checks/quality/index.d.ts.map +1 -0
- package/dist/checks/quality/index.js +16 -0
- package/dist/checks/quality/index.js.map +1 -0
- package/dist/checks/quality/linting/eslint-justifications.d.ts +12 -0
- package/dist/checks/quality/linting/eslint-justifications.d.ts.map +1 -0
- package/dist/checks/quality/linting/eslint-justifications.js +328 -0
- package/dist/checks/quality/linting/eslint-justifications.js.map +1 -0
- package/dist/checks/quality/linting/index.d.ts +4 -0
- package/dist/checks/quality/linting/index.d.ts.map +1 -0
- package/dist/checks/quality/linting/index.js +4 -0
- package/dist/checks/quality/linting/index.js.map +1 -0
- package/dist/checks/quality/linting/semgrep-justifications.d.ts +16 -0
- package/dist/checks/quality/linting/semgrep-justifications.d.ts.map +1 -0
- package/dist/checks/quality/linting/semgrep-justifications.js +229 -0
- package/dist/checks/quality/linting/semgrep-justifications.js.map +1 -0
- package/dist/checks/quality/linting/typescript-directive-hygiene.d.ts +12 -0
- package/dist/checks/quality/linting/typescript-directive-hygiene.d.ts.map +1 -0
- package/dist/checks/quality/linting/typescript-directive-hygiene.js +142 -0
- package/dist/checks/quality/linting/typescript-directive-hygiene.js.map +1 -0
- package/dist/checks/quality/no-compatibility-layer-names.d.ts +13 -0
- package/dist/checks/quality/no-compatibility-layer-names.d.ts.map +1 -0
- package/dist/checks/quality/no-compatibility-layer-names.js +100 -0
- package/dist/checks/quality/no-compatibility-layer-names.js.map +1 -0
- package/dist/checks/quality/no-deprecated-tags.d.ts +11 -0
- package/dist/checks/quality/no-deprecated-tags.d.ts.map +1 -0
- package/dist/checks/quality/no-deprecated-tags.js +76 -0
- package/dist/checks/quality/no-deprecated-tags.js.map +1 -0
- package/dist/checks/quality/no-markdown-references.d.ts +16 -0
- package/dist/checks/quality/no-markdown-references.d.ts.map +1 -0
- package/dist/checks/quality/no-markdown-references.js +145 -0
- package/dist/checks/quality/no-markdown-references.js.map +1 -0
- package/dist/checks/quality/no-raw-regex-on-code.d.ts +9 -0
- package/dist/checks/quality/no-raw-regex-on-code.d.ts.map +1 -0
- package/dist/checks/quality/no-raw-regex-on-code.js +61 -0
- package/dist/checks/quality/no-raw-regex-on-code.js.map +1 -0
- package/dist/checks/quality/no-temporary-workarounds.d.ts +11 -0
- package/dist/checks/quality/no-temporary-workarounds.d.ts.map +1 -0
- package/dist/checks/quality/no-temporary-workarounds.js +69 -0
- package/dist/checks/quality/no-temporary-workarounds.js.map +1 -0
- package/dist/checks/quality/no-window-alert.d.ts +19 -0
- package/dist/checks/quality/no-window-alert.d.ts.map +1 -0
- package/dist/checks/quality/no-window-alert.js +74 -0
- package/dist/checks/quality/no-window-alert.js.map +1 -0
- package/dist/checks/quality/observability/index.d.ts +2 -0
- package/dist/checks/quality/observability/index.d.ts.map +1 -0
- package/dist/checks/quality/observability/index.js +2 -0
- package/dist/checks/quality/observability/index.js.map +1 -0
- package/dist/checks/quality/observability/pino-serializer-coverage.d.ts +15 -0
- package/dist/checks/quality/observability/pino-serializer-coverage.d.ts.map +1 -0
- package/dist/checks/quality/observability/pino-serializer-coverage.js +209 -0
- package/dist/checks/quality/observability/pino-serializer-coverage.js.map +1 -0
- package/dist/checks/quality/patterns/async-state-pattern.d.ts +14 -0
- package/dist/checks/quality/patterns/async-state-pattern.d.ts.map +1 -0
- package/dist/checks/quality/patterns/async-state-pattern.js +80 -0
- package/dist/checks/quality/patterns/async-state-pattern.js.map +1 -0
- package/dist/checks/quality/patterns/index.d.ts +4 -0
- package/dist/checks/quality/patterns/index.d.ts.map +1 -0
- package/dist/checks/quality/patterns/index.js +4 -0
- package/dist/checks/quality/patterns/index.js.map +1 -0
- package/dist/checks/quality/patterns/no-non-null-assertions.d.ts +10 -0
- package/dist/checks/quality/patterns/no-non-null-assertions.d.ts.map +1 -0
- package/dist/checks/quality/patterns/no-non-null-assertions.js +97 -0
- package/dist/checks/quality/patterns/no-non-null-assertions.js.map +1 -0
- package/dist/checks/quality/patterns/performance-anti-patterns.d.ts +16 -0
- package/dist/checks/quality/patterns/performance-anti-patterns.d.ts.map +1 -0
- package/dist/checks/quality/patterns/performance-anti-patterns.js +239 -0
- package/dist/checks/quality/patterns/performance-anti-patterns.js.map +1 -0
- package/dist/checks/resilience/_helpers/config-validation.d.ts +27 -0
- package/dist/checks/resilience/_helpers/config-validation.d.ts.map +1 -0
- package/dist/checks/resilience/_helpers/config-validation.js +61 -0
- package/dist/checks/resilience/_helpers/config-validation.js.map +1 -0
- package/dist/checks/resilience/batch-operations.d.ts +22 -0
- package/dist/checks/resilience/batch-operations.d.ts.map +1 -0
- package/dist/checks/resilience/batch-operations.js +422 -0
- package/dist/checks/resilience/batch-operations.js.map +1 -0
- package/dist/checks/resilience/cache-ttl-validation.d.ts +13 -0
- package/dist/checks/resilience/cache-ttl-validation.d.ts.map +1 -0
- package/dist/checks/resilience/cache-ttl-validation.js +222 -0
- package/dist/checks/resilience/cache-ttl-validation.js.map +1 -0
- package/dist/checks/resilience/catch-clause-safety.d.ts +12 -0
- package/dist/checks/resilience/catch-clause-safety.d.ts.map +1 -0
- package/dist/checks/resilience/catch-clause-safety.js +110 -0
- package/dist/checks/resilience/catch-clause-safety.js.map +1 -0
- package/dist/checks/resilience/dangerous-config-defaults.d.ts +11 -0
- package/dist/checks/resilience/dangerous-config-defaults.d.ts.map +1 -0
- package/dist/checks/resilience/dangerous-config-defaults.js +304 -0
- package/dist/checks/resilience/dangerous-config-defaults.js.map +1 -0
- package/dist/checks/resilience/error-code-registration.d.ts +11 -0
- package/dist/checks/resilience/error-code-registration.d.ts.map +1 -0
- package/dist/checks/resilience/error-code-registration.js +88 -0
- package/dist/checks/resilience/error-code-registration.js.map +1 -0
- package/dist/checks/resilience/event-patterns.d.ts +21 -0
- package/dist/checks/resilience/event-patterns.d.ts.map +1 -0
- package/dist/checks/resilience/event-patterns.js +232 -0
- package/dist/checks/resilience/event-patterns.js.map +1 -0
- package/dist/checks/resilience/exit-code-correctness.d.ts +12 -0
- package/dist/checks/resilience/exit-code-correctness.d.ts.map +1 -0
- package/dist/checks/resilience/exit-code-correctness.js +107 -0
- package/dist/checks/resilience/exit-code-correctness.js.map +1 -0
- package/dist/checks/resilience/index.d.ts +18 -0
- package/dist/checks/resilience/index.d.ts.map +1 -0
- package/dist/checks/resilience/index.js +18 -0
- package/dist/checks/resilience/index.js.map +1 -0
- package/dist/checks/resilience/no-hardcoded-timeouts.d.ts +10 -0
- package/dist/checks/resilience/no-hardcoded-timeouts.d.ts.map +1 -0
- package/dist/checks/resilience/no-hardcoded-timeouts.js +291 -0
- package/dist/checks/resilience/no-hardcoded-timeouts.js.map +1 -0
- package/dist/checks/resilience/no-process-exit-in-finally.d.ts +11 -0
- package/dist/checks/resilience/no-process-exit-in-finally.d.ts.map +1 -0
- package/dist/checks/resilience/no-process-exit-in-finally.js +89 -0
- package/dist/checks/resilience/no-process-exit-in-finally.js.map +1 -0
- package/dist/checks/resilience/readline-cleanup.d.ts +11 -0
- package/dist/checks/resilience/readline-cleanup.d.ts.map +1 -0
- package/dist/checks/resilience/readline-cleanup.js +107 -0
- package/dist/checks/resilience/readline-cleanup.js.map +1 -0
- package/dist/checks/resilience/recovery-patterns.d.ts +25 -0
- package/dist/checks/resilience/recovery-patterns.d.ts.map +1 -0
- package/dist/checks/resilience/recovery-patterns.js +273 -0
- package/dist/checks/resilience/recovery-patterns.js.map +1 -0
- package/dist/checks/resilience/reentrancy-guard.d.ts +12 -0
- package/dist/checks/resilience/reentrancy-guard.d.ts.map +1 -0
- package/dist/checks/resilience/reentrancy-guard.js +86 -0
- package/dist/checks/resilience/reentrancy-guard.js.map +1 -0
- package/dist/checks/resilience/retry-config-validation.d.ts +13 -0
- package/dist/checks/resilience/retry-config-validation.d.ts.map +1 -0
- package/dist/checks/resilience/retry-config-validation.js +159 -0
- package/dist/checks/resilience/retry-config-validation.js.map +1 -0
- package/dist/checks/resilience/sentry/_helpers/sentry.d.ts +25 -0
- package/dist/checks/resilience/sentry/_helpers/sentry.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/_helpers/sentry.js +68 -0
- package/dist/checks/resilience/sentry/_helpers/sentry.js.map +1 -0
- package/dist/checks/resilience/sentry/index.d.ts +8 -0
- package/dist/checks/resilience/sentry/index.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/index.js +8 -0
- package/dist/checks/resilience/sentry/index.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-dsn-configured.d.ts +12 -0
- package/dist/checks/resilience/sentry/sentry-dsn-configured.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-dsn-configured.js +55 -0
- package/dist/checks/resilience/sentry/sentry-dsn-configured.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-environment-set.d.ts +12 -0
- package/dist/checks/resilience/sentry/sentry-environment-set.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-environment-set.js +51 -0
- package/dist/checks/resilience/sentry/sentry-environment-set.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-error-boundary.d.ts +12 -0
- package/dist/checks/resilience/sentry/sentry-error-boundary.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-error-boundary.js +75 -0
- package/dist/checks/resilience/sentry/sentry-error-boundary.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-pii-scrubbing.d.ts +13 -0
- package/dist/checks/resilience/sentry/sentry-pii-scrubbing.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-pii-scrubbing.js +125 -0
- package/dist/checks/resilience/sentry/sentry-pii-scrubbing.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-release-set.d.ts +12 -0
- package/dist/checks/resilience/sentry/sentry-release-set.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-release-set.js +51 -0
- package/dist/checks/resilience/sentry/sentry-release-set.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-sample-rate.d.ts +12 -0
- package/dist/checks/resilience/sentry/sentry-sample-rate.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-sample-rate.js +78 -0
- package/dist/checks/resilience/sentry/sentry-sample-rate.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-source-maps.d.ts +12 -0
- package/dist/checks/resilience/sentry/sentry-source-maps.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-source-maps.js +83 -0
- package/dist/checks/resilience/sentry/sentry-source-maps.js.map +1 -0
- package/dist/checks/resilience/service-patterns.d.ts +18 -0
- package/dist/checks/resilience/service-patterns.d.ts.map +1 -0
- package/dist/checks/resilience/service-patterns.js +230 -0
- package/dist/checks/resilience/service-patterns.js.map +1 -0
- package/dist/checks/resilience/timer-lifecycle.d.ts +10 -0
- package/dist/checks/resilience/timer-lifecycle.d.ts.map +1 -0
- package/dist/checks/resilience/timer-lifecycle.js +78 -0
- package/dist/checks/resilience/timer-lifecycle.js.map +1 -0
- package/dist/checks/resilience/transaction-patterns.d.ts +21 -0
- package/dist/checks/resilience/transaction-patterns.d.ts.map +1 -0
- package/dist/checks/resilience/transaction-patterns.js +258 -0
- package/dist/checks/resilience/transaction-patterns.js.map +1 -0
- package/dist/checks/security/__tests__/no-hardcoded-secrets.test.d.ts +9 -0
- package/dist/checks/security/__tests__/no-hardcoded-secrets.test.d.ts.map +1 -0
- package/dist/checks/security/__tests__/no-hardcoded-secrets.test.js +37 -0
- package/dist/checks/security/__tests__/no-hardcoded-secrets.test.js.map +1 -0
- package/dist/checks/security/__tests__/package-supply-chain-policy.test.d.ts +2 -0
- package/dist/checks/security/__tests__/package-supply-chain-policy.test.d.ts.map +1 -0
- package/dist/checks/security/__tests__/package-supply-chain-policy.test.js +128 -0
- package/dist/checks/security/__tests__/package-supply-chain-policy.test.js.map +1 -0
- package/dist/checks/security/api-key-rotation.d.ts +10 -0
- package/dist/checks/security/api-key-rotation.d.ts.map +1 -0
- package/dist/checks/security/api-key-rotation.js +186 -0
- package/dist/checks/security/api-key-rotation.js.map +1 -0
- package/dist/checks/security/auth-middleware-coverage.d.ts +11 -0
- package/dist/checks/security/auth-middleware-coverage.d.ts.map +1 -0
- package/dist/checks/security/auth-middleware-coverage.js +210 -0
- package/dist/checks/security/auth-middleware-coverage.js.map +1 -0
- package/dist/checks/security/auth-route-guard.d.ts +12 -0
- package/dist/checks/security/auth-route-guard.d.ts.map +1 -0
- package/dist/checks/security/auth-route-guard.js +70 -0
- package/dist/checks/security/auth-route-guard.js.map +1 -0
- package/dist/checks/security/cors-configuration.d.ts +11 -0
- package/dist/checks/security/cors-configuration.d.ts.map +1 -0
- package/dist/checks/security/cors-configuration.js +126 -0
- package/dist/checks/security/cors-configuration.js.map +1 -0
- package/dist/checks/security/csp-headers.d.ts +11 -0
- package/dist/checks/security/csp-headers.d.ts.map +1 -0
- package/dist/checks/security/csp-headers.js +192 -0
- package/dist/checks/security/csp-headers.js.map +1 -0
- package/dist/checks/security/dependency-vulnerability-audit.d.ts +15 -0
- package/dist/checks/security/dependency-vulnerability-audit.d.ts.map +1 -0
- package/dist/checks/security/dependency-vulnerability-audit.js +184 -0
- package/dist/checks/security/dependency-vulnerability-audit.js.map +1 -0
- package/dist/checks/security/env-secret-exposure.d.ts +11 -0
- package/dist/checks/security/env-secret-exposure.d.ts.map +1 -0
- package/dist/checks/security/env-secret-exposure.js +127 -0
- package/dist/checks/security/env-secret-exposure.js.map +1 -0
- package/dist/checks/security/hasura-production-config.d.ts +11 -0
- package/dist/checks/security/hasura-production-config.d.ts.map +1 -0
- package/dist/checks/security/hasura-production-config.js +122 -0
- package/dist/checks/security/hasura-production-config.js.map +1 -0
- package/dist/checks/security/index.d.ts +17 -0
- package/dist/checks/security/index.d.ts.map +1 -0
- package/dist/checks/security/index.js +17 -0
- package/dist/checks/security/index.js.map +1 -0
- package/dist/checks/security/jwt-validation.d.ts +11 -0
- package/dist/checks/security/jwt-validation.d.ts.map +1 -0
- package/dist/checks/security/jwt-validation.js +294 -0
- package/dist/checks/security/jwt-validation.js.map +1 -0
- package/dist/checks/security/no-eval.d.ts +16 -0
- package/dist/checks/security/no-eval.d.ts.map +1 -0
- package/dist/checks/security/no-eval.js +83 -0
- package/dist/checks/security/no-eval.js.map +1 -0
- package/dist/checks/security/no-hardcoded-secrets.d.ts +28 -0
- package/dist/checks/security/no-hardcoded-secrets.d.ts.map +1 -0
- package/dist/checks/security/no-hardcoded-secrets.js +209 -0
- package/dist/checks/security/no-hardcoded-secrets.js.map +1 -0
- package/dist/checks/security/package-supply-chain-policy.d.ts +12 -0
- package/dist/checks/security/package-supply-chain-policy.d.ts.map +1 -0
- package/dist/checks/security/package-supply-chain-policy.js +534 -0
- package/dist/checks/security/package-supply-chain-policy.js.map +1 -0
- package/dist/checks/security/rate-limit-coverage.d.ts +10 -0
- package/dist/checks/security/rate-limit-coverage.d.ts.map +1 -0
- package/dist/checks/security/rate-limit-coverage.js +143 -0
- package/dist/checks/security/rate-limit-coverage.js.map +1 -0
- package/dist/checks/security/semgrep-scan.d.ts +13 -0
- package/dist/checks/security/semgrep-scan.d.ts.map +1 -0
- package/dist/checks/security/semgrep-scan.js +86 -0
- package/dist/checks/security/semgrep-scan.js.map +1 -0
- package/dist/checks/security/use-centralized-crypto.d.ts +11 -0
- package/dist/checks/security/use-centralized-crypto.d.ts.map +1 -0
- package/dist/checks/security/use-centralized-crypto.js +129 -0
- package/dist/checks/security/use-centralized-crypto.js.map +1 -0
- package/dist/checks/security/webhook-signature-verification.d.ts +10 -0
- package/dist/checks/security/webhook-signature-verification.d.ts.map +1 -0
- package/dist/checks/security/webhook-signature-verification.js +183 -0
- package/dist/checks/security/webhook-signature-verification.js.map +1 -0
- package/dist/checks/testing/index.d.ts +6 -0
- package/dist/checks/testing/index.d.ts.map +1 -0
- package/dist/checks/testing/index.js +6 -0
- package/dist/checks/testing/index.js.map +1 -0
- package/dist/checks/testing/no-skipped-tests.d.ts +40 -0
- package/dist/checks/testing/no-skipped-tests.d.ts.map +1 -0
- package/dist/checks/testing/no-skipped-tests.js +174 -0
- package/dist/checks/testing/no-skipped-tests.js.map +1 -0
- package/dist/checks/testing/no-stub-tests.d.ts +11 -0
- package/dist/checks/testing/no-stub-tests.d.ts.map +1 -0
- package/dist/checks/testing/no-stub-tests.js +103 -0
- package/dist/checks/testing/no-stub-tests.js.map +1 -0
- package/dist/checks/testing/test-convention-consistency.d.ts +14 -0
- package/dist/checks/testing/test-convention-consistency.d.ts.map +1 -0
- package/dist/checks/testing/test-convention-consistency.js +93 -0
- package/dist/checks/testing/test-convention-consistency.js.map +1 -0
- package/dist/checks/testing/test-file-naming.d.ts +13 -0
- package/dist/checks/testing/test-file-naming.d.ts.map +1 -0
- package/dist/checks/testing/test-file-naming.js +218 -0
- package/dist/checks/testing/test-file-naming.js.map +1 -0
- package/dist/checks/testing/test-file-pairing.d.ts +13 -0
- package/dist/checks/testing/test-file-pairing.d.ts.map +1 -0
- package/dist/checks/testing/test-file-pairing.js +274 -0
- package/dist/checks/testing/test-file-pairing.js.map +1 -0
- package/dist/display/architecture.d.ts +9 -0
- package/dist/display/architecture.d.ts.map +1 -0
- package/dist/display/architecture.js +29 -0
- package/dist/display/architecture.js.map +1 -0
- package/dist/display/index.d.ts +20 -0
- package/dist/display/index.d.ts.map +1 -0
- package/dist/display/index.js +30 -0
- package/dist/display/index.js.map +1 -0
- package/dist/display/quality.d.ts +7 -0
- package/dist/display/quality.d.ts.map +1 -0
- package/dist/display/quality.js +34 -0
- package/dist/display/quality.js.map +1 -0
- package/dist/display/resilience.d.ts +7 -0
- package/dist/display/resilience.d.ts.map +1 -0
- package/dist/display/resilience.js +36 -0
- package/dist/display/resilience.js.map +1 -0
- package/dist/display/security-testing.d.ts +9 -0
- package/dist/display/security-testing.d.ts.map +1 -0
- package/dist/display/security-testing.js +31 -0
- package/dist/display/security-testing.js.map +1 -0
- package/dist/display/types.d.ts +6 -0
- package/dist/display/types.d.ts.map +1 -0
- package/dist/display/types.js +6 -0
- package/dist/display/types.js.map +1 -0
- package/dist/index.d.ts +19 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +21 -0
- package/dist/index.js.map +1 -0
- package/package.json +52 -0
|
@@ -0,0 +1,186 @@
|
|
|
1
|
+
// @fitness-ignore-file duplicate-implementation-detection -- similar patterns across diagnostic modules
|
|
2
|
+
// @fitness-ignore-file no-todo-comments -- JSDoc uses XXX as a placeholder token in example env-var names
|
|
3
|
+
/**
|
|
4
|
+
* @fileoverview Validate API key handling supports rotation
|
|
5
|
+
*/
|
|
6
|
+
import { logger } from '@opensip-cli/core';
|
|
7
|
+
import { defineCheck } from '@opensip-cli/fitness';
|
|
8
|
+
import { stripStringLiterals, stripStringsAndComments } from '@opensip-cli/fitness';
|
|
9
|
+
/**
|
|
10
|
+
* Checks if text contains a single API key equality comparison
|
|
11
|
+
* Pattern: === or !== followed by process.env.API_KEY (without rotation suffixes)
|
|
12
|
+
*/
|
|
13
|
+
function matchesSingleKeyEquality(text) {
|
|
14
|
+
logger.debug({
|
|
15
|
+
evt: 'fitness.checks.api_key_rotation.match_single_key_equality',
|
|
16
|
+
msg: 'Checking for single key equality comparison',
|
|
17
|
+
});
|
|
18
|
+
// Match comparison operators followed by process.env key access
|
|
19
|
+
// Exclude keys with rotation suffixes (CURRENT, PREVIOUS, PRIMARY, SECONDARY)
|
|
20
|
+
const match = /(?:===|!==|==|!=)\s*process\.env\.(API_?KEY|SECRET_?KEY|AUTH_?KEY)(\w*)/i.exec(text);
|
|
21
|
+
if (!match)
|
|
22
|
+
return null;
|
|
23
|
+
const suffix = match[2] ?? '';
|
|
24
|
+
const rotationSuffixes = ['CURRENT', 'PREVIOUS', 'PRIMARY', 'SECONDARY'];
|
|
25
|
+
if (rotationSuffixes.some((s) => suffix.toUpperCase().includes(s))) {
|
|
26
|
+
return null;
|
|
27
|
+
}
|
|
28
|
+
return match;
|
|
29
|
+
}
|
|
30
|
+
/**
|
|
31
|
+
* Checks if text contains a single API key assignment
|
|
32
|
+
* Pattern: const API_KEY = process.env.SOMETHING (not followed by function call)
|
|
33
|
+
*/
|
|
34
|
+
function matchesSingleKeyAssignment(text) {
|
|
35
|
+
logger.debug({
|
|
36
|
+
evt: 'fitness.checks.api_key_rotation.match_single_key_assignment',
|
|
37
|
+
msg: 'Checking for single key assignment pattern',
|
|
38
|
+
});
|
|
39
|
+
// Match const declaration with API key name
|
|
40
|
+
const match = /const\s+(API_?KEY|SECRET_?KEY|AUTH_?KEY)\s*=\s*process\.env\.(\w+)/i.exec(text);
|
|
41
|
+
if (!match)
|
|
42
|
+
return null;
|
|
43
|
+
// Check if followed by function call (indicates wrapped/processed key)
|
|
44
|
+
const matchIndex = match.index;
|
|
45
|
+
const afterMatch = text.slice(matchIndex + match[0].length);
|
|
46
|
+
if (/^\s*\(/.test(afterMatch)) {
|
|
47
|
+
return null;
|
|
48
|
+
}
|
|
49
|
+
return match;
|
|
50
|
+
}
|
|
51
|
+
// Patterns that indicate single-key validation (no rotation support)
|
|
52
|
+
const SINGLE_KEY_PATTERNS = [
|
|
53
|
+
// Direct equality check with single env var
|
|
54
|
+
{
|
|
55
|
+
match: matchesSingleKeyEquality,
|
|
56
|
+
message: 'Single API key validation detected - consider supporting key rotation with current/previous keys',
|
|
57
|
+
suggestion: 'Store multiple API keys (current + previous) in environment variables and validate against both during rotation periods. Use API_KEY_CURRENT and API_KEY_PREVIOUS pattern.',
|
|
58
|
+
severity: 'warning',
|
|
59
|
+
},
|
|
60
|
+
// Single key assignment (not array)
|
|
61
|
+
{
|
|
62
|
+
match: matchesSingleKeyAssignment,
|
|
63
|
+
message: 'Single API key configuration - consider supporting multiple keys for rotation',
|
|
64
|
+
suggestion: 'Load keys as an array: const VALID_KEYS = [process.env.API_KEY_CURRENT, process.env.API_KEY_PREVIOUS].filter(Boolean). Then use validKeys.includes(providedKey) for validation.',
|
|
65
|
+
severity: 'warning',
|
|
66
|
+
},
|
|
67
|
+
];
|
|
68
|
+
// Keywords that indicate rotation support is already implemented
|
|
69
|
+
const ROTATION_SUPPORT_KEYWORDS = [
|
|
70
|
+
'api_key_current',
|
|
71
|
+
'api_key_previous',
|
|
72
|
+
'api_key_primary',
|
|
73
|
+
'api_key_secondary',
|
|
74
|
+
'apikey_current',
|
|
75
|
+
'apikey_previous',
|
|
76
|
+
'apikey_primary',
|
|
77
|
+
'apikey_secondary',
|
|
78
|
+
'validkeys.includes',
|
|
79
|
+
'keys.some',
|
|
80
|
+
'keys.find',
|
|
81
|
+
];
|
|
82
|
+
/**
|
|
83
|
+
* Check if content already has rotation support indicators
|
|
84
|
+
*/
|
|
85
|
+
function hasRotationSupport(content) {
|
|
86
|
+
logger.debug({
|
|
87
|
+
evt: 'fitness.checks.api_key_rotation.has_rotation_support',
|
|
88
|
+
msg: 'Checking if content has rotation support indicators',
|
|
89
|
+
});
|
|
90
|
+
const lowerContent = content.toLowerCase();
|
|
91
|
+
return ROTATION_SUPPORT_KEYWORDS.some((kw) => lowerContent.includes(kw));
|
|
92
|
+
}
|
|
93
|
+
/**
|
|
94
|
+
* Check if content contains API key related references
|
|
95
|
+
*/
|
|
96
|
+
function containsApiKeyReferences(content) {
|
|
97
|
+
logger.debug({
|
|
98
|
+
evt: 'fitness.checks.api_key_rotation.contains_api_key_references',
|
|
99
|
+
msg: 'Checking if content contains API key references',
|
|
100
|
+
});
|
|
101
|
+
const stripped = stripStringsAndComments(content).toLowerCase();
|
|
102
|
+
const hasApiKeyTerms = stripped.includes('api_key') || stripped.includes('apikey') || stripped.includes('api-key');
|
|
103
|
+
const hasSecretKeyTerms = stripped.includes('secret_key') ||
|
|
104
|
+
stripped.includes('secretkey') ||
|
|
105
|
+
stripped.includes('secret-key');
|
|
106
|
+
const hasAuthKeyTerms = stripped.includes('auth_key') || stripped.includes('authkey') || stripped.includes('auth-key');
|
|
107
|
+
return hasApiKeyTerms || hasSecretKeyTerms || hasAuthKeyTerms;
|
|
108
|
+
}
|
|
109
|
+
/**
|
|
110
|
+
* Determine if a file should be processed for API key rotation checks
|
|
111
|
+
*/
|
|
112
|
+
function shouldProcessFile(filePath, content) {
|
|
113
|
+
logger.debug({
|
|
114
|
+
evt: 'fitness.checks.api_key_rotation.should_process_file',
|
|
115
|
+
msg: 'Determining if file should be processed for API key rotation checks',
|
|
116
|
+
});
|
|
117
|
+
// Only check files that deal with API keys
|
|
118
|
+
if (!containsApiKeyReferences(content)) {
|
|
119
|
+
return false;
|
|
120
|
+
}
|
|
121
|
+
// Skip if file already has rotation patterns
|
|
122
|
+
if (hasRotationSupport(content)) {
|
|
123
|
+
return false;
|
|
124
|
+
}
|
|
125
|
+
return true;
|
|
126
|
+
}
|
|
127
|
+
/**
|
|
128
|
+
* Check: security/api-key-rotation
|
|
129
|
+
*
|
|
130
|
+
* Validates that API key handling supports key rotation.
|
|
131
|
+
*/
|
|
132
|
+
export const apiKeyRotation = defineCheck({
|
|
133
|
+
id: '32f69a85-7a07-4f60-88dd-cc4a0982c1b4',
|
|
134
|
+
slug: 'api-key-rotation',
|
|
135
|
+
scope: { languages: ['typescript'], concerns: ['backend', 'server'] },
|
|
136
|
+
contentFilter: 'strip-strings',
|
|
137
|
+
confidence: 'medium',
|
|
138
|
+
description: 'Validate API key handling supports rotation',
|
|
139
|
+
longDescription: `**Purpose:** Ensures API key validation logic supports key rotation rather than relying on a single static key.
|
|
140
|
+
|
|
141
|
+
**Detects:**
|
|
142
|
+
- Single-key equality comparisons: \`=== process.env.API_KEY\` / \`SECRET_KEY\` / \`AUTH_KEY\` without rotation suffixes (CURRENT/PREVIOUS/PRIMARY/SECONDARY)
|
|
143
|
+
- Single-key assignments: \`const API_KEY = process.env.SOMETHING\` not followed by a processing function call
|
|
144
|
+
|
|
145
|
+
**Why it matters:** Without rotation support, key changes cause downtime because old keys stop working immediately. Supporting current + previous keys allows zero-downtime rotation.
|
|
146
|
+
|
|
147
|
+
**Scope:** General best practice. Analyzes each file individually.`,
|
|
148
|
+
tags: ['security', 'api-keys', 'rotation'],
|
|
149
|
+
fileTypes: ['ts'],
|
|
150
|
+
analyze(content, filePath) {
|
|
151
|
+
logger.debug({
|
|
152
|
+
evt: 'fitness.checks.api_key_rotation.analyze',
|
|
153
|
+
msg: 'Analyzing file for API key rotation support',
|
|
154
|
+
});
|
|
155
|
+
if (!shouldProcessFile(filePath, content)) {
|
|
156
|
+
return [];
|
|
157
|
+
}
|
|
158
|
+
const violations = [];
|
|
159
|
+
const lines = content.split('\n');
|
|
160
|
+
for (const [lineNum, line_] of lines.entries()) {
|
|
161
|
+
const line = line_ ?? '';
|
|
162
|
+
// Skip comments
|
|
163
|
+
const trimmed = line.trim();
|
|
164
|
+
if (trimmed.startsWith('//') || trimmed.startsWith('*')) {
|
|
165
|
+
continue;
|
|
166
|
+
}
|
|
167
|
+
const strippedLine = stripStringLiterals(line);
|
|
168
|
+
for (const pattern of SINGLE_KEY_PATTERNS) {
|
|
169
|
+
const match = pattern.match(strippedLine);
|
|
170
|
+
if (match) {
|
|
171
|
+
violations.push({
|
|
172
|
+
line: lineNum + 1,
|
|
173
|
+
column: match.index,
|
|
174
|
+
message: pattern.message,
|
|
175
|
+
severity: pattern.severity,
|
|
176
|
+
suggestion: pattern.suggestion,
|
|
177
|
+
match: match[0],
|
|
178
|
+
filePath,
|
|
179
|
+
});
|
|
180
|
+
}
|
|
181
|
+
}
|
|
182
|
+
}
|
|
183
|
+
return violations;
|
|
184
|
+
},
|
|
185
|
+
});
|
|
186
|
+
//# sourceMappingURL=api-key-rotation.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"api-key-rotation.js","sourceRoot":"","sources":["../../../src/checks/security/api-key-rotation.ts"],"names":[],"mappings":"AAAA,wGAAwG;AACxG,0GAA0G;AAC1G;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAuB,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAEpF;;;GAGG;AACH,SAAS,wBAAwB,CAAC,IAAY;IAC5C,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,2DAA2D;QAChE,GAAG,EAAE,6CAA6C;KACnD,CAAC,CAAC;IACH,gEAAgE;IAChE,8EAA8E;IAC9E,MAAM,KAAK,GAAG,0EAA0E,CAAC,IAAI,CAC3F,IAAI,CACL,CAAC;IACF,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAC9B,MAAM,gBAAgB,GAAG,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IACzE,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACnE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,0BAA0B,CAAC,IAAY;IAC9C,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,6DAA6D;QAClE,GAAG,EAAE,4CAA4C;KAClD,CAAC,CAAC;IACH,4CAA4C;IAC5C,MAAM,KAAK,GAAG,qEAAqE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/F,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,uEAAuE;IACvE,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC;IAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IAC5D,IAAI,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,qEAAqE;AACrE,MAAM,mBAAmB,GAAG;IAC1B,4CAA4C;IAC5C;QACE,KAAK,EAAE,wBAAwB;QAC/B,OAAO,EACL,kGAAkG;QACpG,UAAU,EACR,4KAA4K;QAC9K,QAAQ,EAAE,SAAkB;KAC7B;IACD,oCAAoC;IACpC;QACE,KAAK,EAAE,0BAA0B;QACjC,OAAO,EAAE,+EAA+E;QACxF,UAAU,EACR,iLAAiL;QACnL,QAAQ,EAAE,SAAkB;KAC7B;CACF,CAAC;AAEF,iEAAiE;AACjE,MAAM,yBAAyB,GAAG;IAChC,iBAAiB;IACjB,kBAAkB;IAClB,iBAAiB;IACjB,mBAAmB;IACnB,gBAAgB;IAChB,iBAAiB;IACjB,gBAAgB;IAChB,kBAAkB;IAClB,oBAAoB;IACpB,WAAW;IACX,WAAW;CACZ,CAAC;AAEF;;GAEG;AACH,SAAS,kBAAkB,CAAC,OAAe;IACzC,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,sDAAsD;QAC3D,GAAG,EAAE,qDAAqD;KAC3D,CAAC,CAAC;IACH,MAAM,YAAY,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAC3C,OAAO,yBAAyB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;AAC3E,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,OAAe;IAC/C,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,6DAA6D;QAClE,GAAG,EAAE,iDAAiD;KACvD,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;IAChE,MAAM,cAAc,GAClB,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAC9F,MAAM,iBAAiB,GACrB,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC;QAC/B,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC;QAC9B,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;IAClC,MAAM,eAAe,GACnB,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACjG,OAAO,cAAc,IAAI,iBAAiB,IAAI,eAAe,CAAC;AAChE,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,QAAgB,EAAE,OAAe;IAC1D,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,qDAAqD;QAC1D,GAAG,EAAE,qEAAqE;KAC3E,CAAC,CAAC;IACH,2CAA2C;IAC3C,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;QACvC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,6CAA6C;IAC7C,IAAI,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,WAAW,CAAC;IACxC,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,kBAAkB;IACxB,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE;IACrE,aAAa,EAAE,eAAe;IAE9B,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,6CAA6C;IAC1D,eAAe,EAAE;;;;;;;;mEAQgD;IACjE,IAAI,EAAE,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,CAAC;IAC1C,SAAS,EAAE,CAAC,IAAI,CAAC;IAEjB,OAAO,CAAC,OAAe,EAAE,QAAgB;QACvC,MAAM,CAAC,KAAK,CAAC;YACX,GAAG,EAAE,yCAAyC;YAC9C,GAAG,EAAE,6CAA6C;SACnD,CAAC,CAAC;QACH,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;YAC1C,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,UAAU,GAAqB,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElC,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YAC/C,MAAM,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YAEzB,gBAAgB;YAChB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxD,SAAS;YACX,CAAC;YAED,MAAM,YAAY,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;YAC/C,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;gBAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;gBAC1C,IAAI,KAAK,EAAE,CAAC;oBACV,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,OAAO,GAAG,CAAC;wBACjB,MAAM,EAAE,KAAK,CAAC,KAAK;wBACnB,OAAO,EAAE,OAAO,CAAC,OAAO;wBACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;wBAC9B,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;wBACf,QAAQ;qBACT,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAC,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview Validate routes have authentication middleware
|
|
3
|
+
*/
|
|
4
|
+
/**
|
|
5
|
+
* Check: security/auth-middleware-coverage
|
|
6
|
+
*
|
|
7
|
+
* Validates all routes have proper authentication middleware.
|
|
8
|
+
* Ensures no endpoints are accidentally exposed without auth.
|
|
9
|
+
*/
|
|
10
|
+
export declare const authMiddlewareCoverage: import("@opensip-cli/fitness").Check;
|
|
11
|
+
//# sourceMappingURL=auth-middleware-coverage.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-middleware-coverage.d.ts","sourceRoot":"","sources":["../../../src/checks/security/auth-middleware-coverage.ts"],"names":[],"mappings":"AACA;;GAEG;AA+JH;;;;;GAKG;AACH,eAAO,MAAM,sBAAsB,sCAiEjC,CAAC"}
|
|
@@ -0,0 +1,210 @@
|
|
|
1
|
+
// @fitness-ignore-file fitness-ignore-validation -- Fitness-ignore directives reference internal check IDs that may not be statically resolvable
|
|
2
|
+
/**
|
|
3
|
+
* @fileoverview Validate routes have authentication middleware
|
|
4
|
+
*/
|
|
5
|
+
import { logger } from '@opensip-cli/core';
|
|
6
|
+
import { defineCheck } from '@opensip-cli/fitness';
|
|
7
|
+
import { stripStringsAndComments } from '@opensip-cli/fitness';
|
|
8
|
+
/**
|
|
9
|
+
* Match Fastify route definitions
|
|
10
|
+
* Pattern: fastify.METHOD('/path', handler)
|
|
11
|
+
*/
|
|
12
|
+
function matchFastifyRoute(line) {
|
|
13
|
+
logger.debug({
|
|
14
|
+
evt: 'fitness.checks.auth_middleware_coverage.match_fastify_route',
|
|
15
|
+
msg: 'Checking for Fastify route definition',
|
|
16
|
+
});
|
|
17
|
+
// @fitness-ignore-next-line sonarjs-regular-expr -- Simple pattern with no backtracking risk; negated character class [^'"`]+ is linear
|
|
18
|
+
return /fastify\.(get|post|put|patch|delete)\s*\(\s*['"`]([^'"`]+)['"`]/i.exec(line);
|
|
19
|
+
}
|
|
20
|
+
/**
|
|
21
|
+
* Match Express route definitions
|
|
22
|
+
* Pattern: app.METHOD('/path', handler) or router.METHOD('/path', handler)
|
|
23
|
+
*/
|
|
24
|
+
function matchExpressRoute(line) {
|
|
25
|
+
logger.debug({
|
|
26
|
+
evt: 'fitness.checks.auth_middleware_coverage.match_express_route',
|
|
27
|
+
msg: 'Checking for Express route definition',
|
|
28
|
+
});
|
|
29
|
+
// @fitness-ignore-next-line sonarjs-regular-expr -- Simple pattern with no backtracking risk; negated character class [^'"`]+ is linear
|
|
30
|
+
return /(?:app|router)\.(get|post|put|patch|delete)\s*\(\s*['"`]([^'"`]+)['"`]/i.exec(line);
|
|
31
|
+
}
|
|
32
|
+
// Patterns that indicate route definitions
|
|
33
|
+
const ROUTE_PATTERNS = [
|
|
34
|
+
// Fastify routes without auth
|
|
35
|
+
{
|
|
36
|
+
match: matchFastifyRoute,
|
|
37
|
+
check: (line) => !hasAuthMiddleware(line) && !isPublicRoute(line),
|
|
38
|
+
message: 'Route may be missing authentication middleware',
|
|
39
|
+
suggestion: 'Add auth middleware via preHandler: { preHandler: [authMiddleware] } or use onRequest hook with authentication check.',
|
|
40
|
+
severity: 'warning',
|
|
41
|
+
},
|
|
42
|
+
// Express routes without auth
|
|
43
|
+
{
|
|
44
|
+
match: matchExpressRoute,
|
|
45
|
+
check: (line) => !hasAuthMiddleware(line) && !isPublicRoute(line),
|
|
46
|
+
message: 'Route may be missing authentication middleware',
|
|
47
|
+
suggestion: 'Add auth middleware before the route handler: router.get("/path", authMiddleware, handler). Or mark as public: { public: true }.',
|
|
48
|
+
severity: 'warning',
|
|
49
|
+
},
|
|
50
|
+
];
|
|
51
|
+
// Keywords indicating auth middleware is present
|
|
52
|
+
const AUTH_MIDDLEWARE_KEYWORDS = [
|
|
53
|
+
'authmiddleware',
|
|
54
|
+
'authenticate',
|
|
55
|
+
'requireauth',
|
|
56
|
+
'isauthenticated',
|
|
57
|
+
'verifytoken',
|
|
58
|
+
'verifyjwt',
|
|
59
|
+
];
|
|
60
|
+
// Keywords indicating intentionally public routes
|
|
61
|
+
const PUBLIC_ROUTE_KEYWORDS = [
|
|
62
|
+
'public',
|
|
63
|
+
'skipauth',
|
|
64
|
+
'noauth',
|
|
65
|
+
'/health',
|
|
66
|
+
'/status',
|
|
67
|
+
'/ping',
|
|
68
|
+
'/ready',
|
|
69
|
+
'/live',
|
|
70
|
+
'/metrics',
|
|
71
|
+
'/docs',
|
|
72
|
+
'/swagger',
|
|
73
|
+
'/openapi',
|
|
74
|
+
'/.well-known',
|
|
75
|
+
];
|
|
76
|
+
function hasAuthMiddleware(line) {
|
|
77
|
+
logger.debug({
|
|
78
|
+
evt: 'fitness.checks.auth_middleware_coverage.has_auth_middleware',
|
|
79
|
+
msg: 'Checking if line has auth middleware',
|
|
80
|
+
});
|
|
81
|
+
const lowerLine = line.toLowerCase();
|
|
82
|
+
if (AUTH_MIDDLEWARE_KEYWORDS.some((kw) => lowerLine.includes(kw))) {
|
|
83
|
+
return true;
|
|
84
|
+
}
|
|
85
|
+
// Check for preHandler.*auth or onRequest.*auth patterns
|
|
86
|
+
if ((lowerLine.includes('prehandler') || lowerLine.includes('onrequest')) &&
|
|
87
|
+
lowerLine.includes('auth')) {
|
|
88
|
+
return true;
|
|
89
|
+
}
|
|
90
|
+
return false;
|
|
91
|
+
}
|
|
92
|
+
function isPublicRoute(line) {
|
|
93
|
+
logger.debug({
|
|
94
|
+
evt: 'fitness.checks.auth_middleware_coverage.is_public_route',
|
|
95
|
+
msg: 'Checking if route is public',
|
|
96
|
+
});
|
|
97
|
+
const lowerLine = line.toLowerCase();
|
|
98
|
+
return PUBLIC_ROUTE_KEYWORDS.some((kw) => lowerLine.includes(kw));
|
|
99
|
+
}
|
|
100
|
+
// Paths to exclude from checking
|
|
101
|
+
const PUBLIC_ROUTE_PATTERNS = ['/health/', '/status/'];
|
|
102
|
+
/**
|
|
103
|
+
* Check if content contains route-defining framework references
|
|
104
|
+
*/
|
|
105
|
+
function containsRouteFramework(content) {
|
|
106
|
+
logger.debug({
|
|
107
|
+
evt: 'fitness.checks.auth_middleware_coverage.contains_route_framework',
|
|
108
|
+
msg: 'Checking if content contains route framework references',
|
|
109
|
+
});
|
|
110
|
+
const stripped = stripStringsAndComments(content);
|
|
111
|
+
return /(?:fastify|app|router)\.(get|post|put|patch|delete)\s*\(/i.test(stripped);
|
|
112
|
+
}
|
|
113
|
+
/**
|
|
114
|
+
* Check if file has global auth middleware applied
|
|
115
|
+
*/
|
|
116
|
+
function hasGlobalAuthMiddleware(content) {
|
|
117
|
+
logger.debug({
|
|
118
|
+
evt: 'fitness.checks.auth_middleware_coverage.has_global_auth_middleware',
|
|
119
|
+
msg: 'Checking if file has global auth middleware applied',
|
|
120
|
+
});
|
|
121
|
+
const stripped = stripStringsAndComments(content);
|
|
122
|
+
return /\.register\s*\(\s*auth/i.test(stripped) || /\.use\s*\(\s*auth/i.test(stripped);
|
|
123
|
+
}
|
|
124
|
+
/**
|
|
125
|
+
* Determine if a file should be processed for auth middleware checks
|
|
126
|
+
*/
|
|
127
|
+
function shouldProcessFile(filePath, content) {
|
|
128
|
+
logger.debug({
|
|
129
|
+
evt: 'fitness.checks.auth_middleware_coverage.should_process_file',
|
|
130
|
+
msg: 'Determining if file should be processed for auth middleware checks',
|
|
131
|
+
});
|
|
132
|
+
// Skip excluded paths
|
|
133
|
+
if (PUBLIC_ROUTE_PATTERNS.some((p) => filePath.includes(p))) {
|
|
134
|
+
return false;
|
|
135
|
+
}
|
|
136
|
+
// Only check files that might define routes
|
|
137
|
+
if (!containsRouteFramework(content)) {
|
|
138
|
+
return false;
|
|
139
|
+
}
|
|
140
|
+
// If global auth is applied, skip detailed checking
|
|
141
|
+
if (hasGlobalAuthMiddleware(content)) {
|
|
142
|
+
return false;
|
|
143
|
+
}
|
|
144
|
+
return true;
|
|
145
|
+
}
|
|
146
|
+
/**
|
|
147
|
+
* Check: security/auth-middleware-coverage
|
|
148
|
+
*
|
|
149
|
+
* Validates all routes have proper authentication middleware.
|
|
150
|
+
* Ensures no endpoints are accidentally exposed without auth.
|
|
151
|
+
*/
|
|
152
|
+
export const authMiddlewareCoverage = defineCheck({
|
|
153
|
+
id: 'eb8b97f1-3125-4391-be4d-020c74413817',
|
|
154
|
+
slug: 'auth-middleware-coverage',
|
|
155
|
+
scope: { languages: ['typescript'], concerns: ['backend', 'server'] },
|
|
156
|
+
// 'raw', not 'strip-strings': the route matcher needs the quoted route PATH
|
|
157
|
+
// (`fastify.get('/users', …)`), which string-stripping would blank — making
|
|
158
|
+
// the `[^'"\`]+` path group unmatchable and the check inert.
|
|
159
|
+
contentFilter: 'raw',
|
|
160
|
+
confidence: 'medium',
|
|
161
|
+
description: 'Validate routes have authentication middleware',
|
|
162
|
+
longDescription: `**Purpose:** Ensures all Fastify and Express route definitions include authentication middleware, preventing accidental exposure of unprotected endpoints.
|
|
163
|
+
|
|
164
|
+
**Detects:**
|
|
165
|
+
- Fastify routes: \`fastify.(get|post|put|patch|delete)('/path', ...)\` without auth middleware keywords (authMiddleware, authenticate, requireAuth, verifyToken, verifyJwt) or preHandler/onRequest auth hooks
|
|
166
|
+
- Express routes: \`(app|router).(get|post|put|patch|delete)('/path', ...)\` without auth middleware
|
|
167
|
+
|
|
168
|
+
**Why it matters:** A single unprotected endpoint can expose sensitive data or allow unauthorized actions. This check catches routes missing auth before they reach production.
|
|
169
|
+
|
|
170
|
+
**Scope:** General best practice. Analyzes each file individually. Skips files with global auth middleware (\`register\`/\`use\` + \`auth\`) and public routes (/health, /status, /docs, etc.).`,
|
|
171
|
+
tags: ['security', 'authentication', 'middleware', 'routes'],
|
|
172
|
+
fileTypes: ['ts'],
|
|
173
|
+
analyze(content, filePath) {
|
|
174
|
+
logger.debug({
|
|
175
|
+
evt: 'fitness.checks.auth_middleware_coverage.analyze',
|
|
176
|
+
msg: 'Analyzing file for auth middleware coverage',
|
|
177
|
+
});
|
|
178
|
+
if (!shouldProcessFile(filePath, content)) {
|
|
179
|
+
return [];
|
|
180
|
+
}
|
|
181
|
+
const violations = [];
|
|
182
|
+
const lines = content.split('\n');
|
|
183
|
+
for (let lineNum = 0; lineNum < lines.length; lineNum++) {
|
|
184
|
+
const line = lines[lineNum] ?? '';
|
|
185
|
+
// Get context (current line + next few lines)
|
|
186
|
+
const context = lines.slice(lineNum, lineNum + 5).join(' ');
|
|
187
|
+
// Skip comments
|
|
188
|
+
const trimmed = line.trim();
|
|
189
|
+
if (trimmed.startsWith('//') || trimmed.startsWith('*')) {
|
|
190
|
+
continue;
|
|
191
|
+
}
|
|
192
|
+
for (const pattern of ROUTE_PATTERNS) {
|
|
193
|
+
const match = pattern.match(line);
|
|
194
|
+
if (match && pattern.check(context)) {
|
|
195
|
+
violations.push({
|
|
196
|
+
line: lineNum + 1,
|
|
197
|
+
column: match.index,
|
|
198
|
+
message: pattern.message,
|
|
199
|
+
severity: pattern.severity,
|
|
200
|
+
suggestion: pattern.suggestion,
|
|
201
|
+
match: match[0],
|
|
202
|
+
filePath,
|
|
203
|
+
});
|
|
204
|
+
}
|
|
205
|
+
}
|
|
206
|
+
}
|
|
207
|
+
return violations;
|
|
208
|
+
},
|
|
209
|
+
});
|
|
210
|
+
//# sourceMappingURL=auth-middleware-coverage.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-middleware-coverage.js","sourceRoot":"","sources":["../../../src/checks/security/auth-middleware-coverage.ts"],"names":[],"mappings":"AAAA,iJAAiJ;AACjJ;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAuB,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAE/D;;;GAGG;AACH,SAAS,iBAAiB,CAAC,IAAY;IACrC,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,6DAA6D;QAClE,GAAG,EAAE,uCAAuC;KAC7C,CAAC,CAAC;IACH,wIAAwI;IACxI,OAAO,kEAAkE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACvF,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB,CAAC,IAAY;IACrC,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,6DAA6D;QAClE,GAAG,EAAE,uCAAuC;KAC7C,CAAC,CAAC;IACH,wIAAwI;IACxI,OAAO,yEAAyE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC9F,CAAC;AAED,2CAA2C;AAC3C,MAAM,cAAc,GAAG;IACrB,8BAA8B;IAC9B;QACE,KAAK,EAAE,iBAAiB;QACxB,KAAK,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC;QACzE,OAAO,EAAE,gDAAgD;QACzD,UAAU,EACR,uHAAuH;QACzH,QAAQ,EAAE,SAAkB;KAC7B;IACD,8BAA8B;IAC9B;QACE,KAAK,EAAE,iBAAiB;QACxB,KAAK,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC;QACzE,OAAO,EAAE,gDAAgD;QACzD,UAAU,EACR,kIAAkI;QACpI,QAAQ,EAAE,SAAkB;KAC7B;CACF,CAAC;AAEF,iDAAiD;AACjD,MAAM,wBAAwB,GAAG;IAC/B,gBAAgB;IAChB,cAAc;IACd,aAAa;IACb,iBAAiB;IACjB,aAAa;IACb,WAAW;CACZ,CAAC;AAEF,kDAAkD;AAClD,MAAM,qBAAqB,GAAG;IAC5B,QAAQ;IACR,UAAU;IACV,QAAQ;IACR,SAAS;IACT,SAAS;IACT,OAAO;IACP,QAAQ;IACR,OAAO;IACP,UAAU;IACV,OAAO;IACP,UAAU;IACV,UAAU;IACV,cAAc;CACf,CAAC;AAEF,SAAS,iBAAiB,CAAC,IAAY;IACrC,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,6DAA6D;QAClE,GAAG,EAAE,sCAAsC;KAC5C,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACrC,IAAI,wBAAwB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QAClE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,yDAAyD;IACzD,IACE,CAAC,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACrE,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,EAC1B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,yDAAyD;QAC9D,GAAG,EAAE,6BAA6B;KACnC,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACrC,OAAO,qBAAqB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;AACpE,CAAC;AAED,iCAAiC;AACjC,MAAM,qBAAqB,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;AAEvD;;GAEG;AACH,SAAS,sBAAsB,CAAC,OAAe;IAC7C,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,kEAAkE;QACvE,GAAG,EAAE,yDAAyD;KAC/D,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAClD,OAAO,2DAA2D,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACpF,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAAC,OAAe;IAC9C,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,oEAAoE;QACzE,GAAG,EAAE,qDAAqD;KAC3D,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAClD,OAAO,yBAAyB,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACzF,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,QAAgB,EAAE,OAAe;IAC1D,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,6DAA6D;QAClE,GAAG,EAAE,oEAAoE;KAC1E,CAAC,CAAC;IACH,sBAAsB;IACtB,IAAI,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5D,OAAO,KAAK,CAAC;IACf,CAAC;IACD,4CAA4C;IAC5C,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,oDAAoD;IACpD,IAAI,uBAAuB,CAAC,OAAO,CAAC,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,WAAW,CAAC;IAChD,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,0BAA0B;IAChC,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE;IACrE,4EAA4E;IAC5E,4EAA4E;IAC5E,6DAA6D;IAC7D,aAAa,EAAE,KAAK;IAEpB,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,gDAAgD;IAC7D,eAAe,EAAE;;;;;;;;gMAQ6K;IAC9L,IAAI,EAAE,CAAC,UAAU,EAAE,gBAAgB,EAAE,YAAY,EAAE,QAAQ,CAAC;IAC5D,SAAS,EAAE,CAAC,IAAI,CAAC;IAEjB,OAAO,CAAC,OAAe,EAAE,QAAgB;QACvC,MAAM,CAAC,KAAK,CAAC;YACX,GAAG,EAAE,iDAAiD;YACtD,GAAG,EAAE,6CAA6C;SACnD,CAAC,CAAC;QACH,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;YAC1C,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,UAAU,GAAqB,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;YACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAElC,8CAA8C;YAC9C,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAE5D,gBAAgB;YAChB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxD,SAAS;YACX,CAAC;YAED,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;gBACrC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAClC,IAAI,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;oBACpC,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,OAAO,GAAG,CAAC;wBACjB,MAAM,EAAE,KAAK,CAAC,KAAK;wBACnB,OAAO,EAAE,OAAO,CAAC,OAAO;wBACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;wBAC9B,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;wBACf,QAAQ;qBACT,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAC,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview Verify auth group routes are protected
|
|
3
|
+
*/
|
|
4
|
+
/**
|
|
5
|
+
* Check: security/auth-route-guard
|
|
6
|
+
*
|
|
7
|
+
* Verifies that routes in the (auth) group are properly protected
|
|
8
|
+
* by global auth state. Layout files in (auth) directories should
|
|
9
|
+
* include authentication checks.
|
|
10
|
+
*/
|
|
11
|
+
export declare const authRouteGuard: import("@opensip-cli/fitness").Check;
|
|
12
|
+
//# sourceMappingURL=auth-route-guard.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-route-guard.d.ts","sourceRoot":"","sources":["../../../src/checks/security/auth-route-guard.ts"],"names":[],"mappings":"AAAA;;GAEG;AAkBH;;;;;;GAMG;AACH,eAAO,MAAM,cAAc,sCAoDzB,CAAC"}
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview Verify auth group routes are protected
|
|
3
|
+
*/
|
|
4
|
+
import { logger } from '@opensip-cli/core';
|
|
5
|
+
import { defineCheck } from '@opensip-cli/fitness';
|
|
6
|
+
// Patterns indicating auth protection
|
|
7
|
+
const AUTH_PROTECTION_PATTERNS = [
|
|
8
|
+
/useAuth/,
|
|
9
|
+
/useSession/,
|
|
10
|
+
/isAuthenticated/,
|
|
11
|
+
/authState/,
|
|
12
|
+
/requireAuth/,
|
|
13
|
+
/withAuth/,
|
|
14
|
+
/ProtectedRoute/,
|
|
15
|
+
/AuthGuard/,
|
|
16
|
+
/useUser/,
|
|
17
|
+
];
|
|
18
|
+
/**
|
|
19
|
+
* Check: security/auth-route-guard
|
|
20
|
+
*
|
|
21
|
+
* Verifies that routes in the (auth) group are properly protected
|
|
22
|
+
* by global auth state. Layout files in (auth) directories should
|
|
23
|
+
* include authentication checks.
|
|
24
|
+
*/
|
|
25
|
+
export const authRouteGuard = defineCheck({
|
|
26
|
+
id: 'e33d59ea-da9d-45c0-bab7-037f737b8560',
|
|
27
|
+
slug: 'auth-route-guard',
|
|
28
|
+
disabled: true,
|
|
29
|
+
scope: { languages: ['typescript'], concerns: ['backend', 'server'] },
|
|
30
|
+
contentFilter: 'strip-strings',
|
|
31
|
+
confidence: 'medium',
|
|
32
|
+
description: 'Verify (auth) group _layout files include authentication checks (useAuth/useSession hooks)',
|
|
33
|
+
longDescription: `**Purpose:** Ensures Expo Router \`(auth)\` group layout files contain an authentication check, so protected routes redirect unauthenticated users.
|
|
34
|
+
|
|
35
|
+
**Detects:**
|
|
36
|
+
- \`_layout\` files inside \`(auth)\` directories that do not reference any auth protection pattern: \`useAuth\`, \`useSession\`, \`isAuthenticated\`, \`authState\`, \`requireAuth\`, \`withAuth\`, \`ProtectedRoute\`, \`AuthGuard\`, or \`useUser\`
|
|
37
|
+
|
|
38
|
+
**Why it matters:** Without an auth guard in the layout, users can navigate directly to protected screens without being authenticated, bypassing access control.
|
|
39
|
+
|
|
40
|
+
**Scope:** Codebase-specific convention for Expo Router auth groups. Analyzes each file individually.`,
|
|
41
|
+
tags: ['security', 'authentication', 'routes', 'expo'],
|
|
42
|
+
fileTypes: ['ts', 'tsx'],
|
|
43
|
+
analyze(content, filePath) {
|
|
44
|
+
logger.debug({
|
|
45
|
+
evt: 'fitness.checks.auth_route_guard.analyze',
|
|
46
|
+
msg: 'Analyzing file for auth route guard compliance',
|
|
47
|
+
});
|
|
48
|
+
// Only check auth group layout files
|
|
49
|
+
if (!filePath.includes('(auth)') || !filePath.includes('_layout')) {
|
|
50
|
+
return [];
|
|
51
|
+
}
|
|
52
|
+
// Check if file has auth protection
|
|
53
|
+
const hasAuthCheck = AUTH_PROTECTION_PATTERNS.some((pattern) => pattern.test(content));
|
|
54
|
+
if (!hasAuthCheck) {
|
|
55
|
+
return [
|
|
56
|
+
{
|
|
57
|
+
line: 1,
|
|
58
|
+
column: 0,
|
|
59
|
+
message: 'Auth group layout missing authentication check - add useAuth hook and redirect unauthenticated users',
|
|
60
|
+
severity: 'warning',
|
|
61
|
+
suggestion: 'Add useAuth() or useSession() hook at the top of the layout component and redirect to login if not authenticated: const { isAuthenticated } = useAuth(); if (!isAuthenticated) return <Redirect href="/login" />;',
|
|
62
|
+
match: '(auth)/_layout',
|
|
63
|
+
filePath,
|
|
64
|
+
},
|
|
65
|
+
];
|
|
66
|
+
}
|
|
67
|
+
return [];
|
|
68
|
+
},
|
|
69
|
+
});
|
|
70
|
+
//# sourceMappingURL=auth-route-guard.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-route-guard.js","sourceRoot":"","sources":["../../../src/checks/security/auth-route-guard.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAuB,MAAM,sBAAsB,CAAC;AAExE,sCAAsC;AACtC,MAAM,wBAAwB,GAAG;IAC/B,SAAS;IACT,YAAY;IACZ,iBAAiB;IACjB,WAAW;IACX,aAAa;IACb,UAAU;IACV,gBAAgB;IAChB,WAAW;IACX,SAAS;CACV,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,WAAW,CAAC;IACxC,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,kBAAkB;IACxB,QAAQ,EAAE,IAAI;IACd,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE;IACrE,aAAa,EAAE,eAAe;IAE9B,UAAU,EAAE,QAAQ;IACpB,WAAW,EACT,4FAA4F;IAC9F,eAAe,EAAE;;;;;;;sGAOmF;IACpG,IAAI,EAAE,CAAC,UAAU,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,CAAC;IACtD,SAAS,EAAE,CAAC,IAAI,EAAE,KAAK,CAAC;IAExB,OAAO,CAAC,OAAe,EAAE,QAAgB;QACvC,MAAM,CAAC,KAAK,CAAC;YACX,GAAG,EAAE,yCAAyC;YAC9C,GAAG,EAAE,gDAAgD;SACtD,CAAC,CAAC;QACH,qCAAqC;QACrC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAClE,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,oCAAoC;QACpC,MAAM,YAAY,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QAEvF,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO;gBACL;oBACE,IAAI,EAAE,CAAC;oBACP,MAAM,EAAE,CAAC;oBACT,OAAO,EACL,sGAAsG;oBACxG,QAAQ,EAAE,SAAS;oBACnB,UAAU,EACR,mNAAmN;oBACrN,KAAK,EAAE,gBAAgB;oBACvB,QAAQ;iBACT;aACF,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;CACF,CAAC,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview Validate CORS configuration follows security best practices
|
|
3
|
+
*/
|
|
4
|
+
/**
|
|
5
|
+
* Check: security/cors-configuration
|
|
6
|
+
*
|
|
7
|
+
* Validates CORS configuration is properly restrictive.
|
|
8
|
+
* Prevents overly permissive cross-origin access.
|
|
9
|
+
*/
|
|
10
|
+
export declare const corsConfiguration: import("@opensip-cli/fitness").Check;
|
|
11
|
+
//# sourceMappingURL=cors-configuration.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cors-configuration.d.ts","sourceRoot":"","sources":["../../../src/checks/security/cors-configuration.ts"],"names":[],"mappings":"AACA;;GAEG;AAmEH;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB,sCAiE5B,CAAC"}
|