@oxog/codeguardian 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.cjs +13 -4
- package/dist/cli.cjs.map +1 -1
- package/dist/cli.js +13 -4
- package/dist/cli.js.map +1 -1
- package/dist/index.cjs +13 -4
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +13 -4
- package/dist/index.js.map +1 -1
- package/dist/plugins/index.cjs +8 -3
- package/dist/plugins/index.cjs.map +1 -1
- package/dist/plugins/index.js +8 -3
- package/dist/plugins/index.js.map +1 -1
- package/package.json +1 -1
package/dist/cli.cjs
CHANGED
|
@@ -731,7 +731,11 @@ function resolveImportPath(fromFile, importSource, _rootDir) {
|
|
|
731
731
|
}
|
|
732
732
|
const fromDir = path8__namespace.dirname(fromFile);
|
|
733
733
|
let resolved = path8__namespace.posix.join(fromDir, importSource);
|
|
734
|
-
if (
|
|
734
|
+
if (resolved.endsWith(".js")) {
|
|
735
|
+
resolved = resolved.slice(0, -3) + ".ts";
|
|
736
|
+
} else if (resolved.endsWith(".jsx")) {
|
|
737
|
+
resolved = resolved.slice(0, -4) + ".tsx";
|
|
738
|
+
} else if (!resolved.endsWith(".ts") && !resolved.endsWith(".tsx")) {
|
|
735
739
|
resolved = resolved + ".ts";
|
|
736
740
|
}
|
|
737
741
|
return resolved.replace(/\\/g, "/");
|
|
@@ -1893,7 +1897,11 @@ function resolveImport(fromFile, source) {
|
|
|
1893
1897
|
else if (part !== ".") resolved.push(part);
|
|
1894
1898
|
}
|
|
1895
1899
|
let result = resolved.join("/");
|
|
1896
|
-
if (
|
|
1900
|
+
if (result.endsWith(".js")) {
|
|
1901
|
+
result = result.slice(0, -3) + ".ts";
|
|
1902
|
+
} else if (result.endsWith(".jsx")) {
|
|
1903
|
+
result = result.slice(0, -4) + ".tsx";
|
|
1904
|
+
} else if (!result.endsWith(".ts") && !result.endsWith(".tsx")) {
|
|
1897
1905
|
result += ".ts";
|
|
1898
1906
|
}
|
|
1899
1907
|
return result;
|
|
@@ -2196,7 +2204,8 @@ function securityPlugin(config = {}) {
|
|
|
2196
2204
|
if (ts2__default.default.isPropertyAccessExpression(call.expression)) {
|
|
2197
2205
|
if (ts2__default.default.isIdentifier(call.expression.expression) && call.expression.expression.text === "Math" && call.expression.name.text === "random") {
|
|
2198
2206
|
const fileText = context.ast.getFullText();
|
|
2199
|
-
const isSecurityContext = fileText.includes("token") || fileText.includes("secret") ||
|
|
2207
|
+
const isSecurityContext = fileText.includes("token") || fileText.includes("secret") || // codeguardian-disable-next-line security/hardcoded-secret -- detection keyword, not a real secret
|
|
2208
|
+
fileText.includes("password") || fileText.includes("hash") || fileText.includes("crypto") || fileText.includes("session");
|
|
2200
2209
|
if (isSecurityContext) {
|
|
2201
2210
|
const pos = context.ast.getLineAndCharacterOfPosition(call.getStart(context.ast));
|
|
2202
2211
|
findings.push({
|
|
@@ -2256,7 +2265,7 @@ function securityPlugin(config = {}) {
|
|
|
2256
2265
|
}
|
|
2257
2266
|
};
|
|
2258
2267
|
}
|
|
2259
|
-
var DB_CALL_PATTERNS = ["find", "findOne", "findAll", "findById", "query", "execute", "fetch", "
|
|
2268
|
+
var DB_CALL_PATTERNS = ["find", "findOne", "findAll", "findById", "query", "execute", "fetch", "select"];
|
|
2260
2269
|
var SYNC_FS_METHODS = ["readFileSync", "writeFileSync", "appendFileSync", "mkdirSync", "readdirSync", "statSync", "existsSync", "unlinkSync", "copyFileSync"];
|
|
2261
2270
|
function performancePlugin(config = {}) {
|
|
2262
2271
|
const fullConfig = {
|