@oxog/codeguardian 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.cjs +13 -4
- package/dist/cli.cjs.map +1 -1
- package/dist/cli.js +13 -4
- package/dist/cli.js.map +1 -1
- package/dist/index.cjs +13 -4
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +13 -4
- package/dist/index.js.map +1 -1
- package/dist/plugins/index.cjs +8 -3
- package/dist/plugins/index.cjs.map +1 -1
- package/dist/plugins/index.js +8 -3
- package/dist/plugins/index.js.map +1 -1
- package/package.json +1 -1
package/dist/cli.js
CHANGED
|
@@ -705,7 +705,11 @@ function resolveImportPath(fromFile, importSource, _rootDir) {
|
|
|
705
705
|
}
|
|
706
706
|
const fromDir = path8.dirname(fromFile);
|
|
707
707
|
let resolved = path8.posix.join(fromDir, importSource);
|
|
708
|
-
if (
|
|
708
|
+
if (resolved.endsWith(".js")) {
|
|
709
|
+
resolved = resolved.slice(0, -3) + ".ts";
|
|
710
|
+
} else if (resolved.endsWith(".jsx")) {
|
|
711
|
+
resolved = resolved.slice(0, -4) + ".tsx";
|
|
712
|
+
} else if (!resolved.endsWith(".ts") && !resolved.endsWith(".tsx")) {
|
|
709
713
|
resolved = resolved + ".ts";
|
|
710
714
|
}
|
|
711
715
|
return resolved.replace(/\\/g, "/");
|
|
@@ -1867,7 +1871,11 @@ function resolveImport(fromFile, source) {
|
|
|
1867
1871
|
else if (part !== ".") resolved.push(part);
|
|
1868
1872
|
}
|
|
1869
1873
|
let result = resolved.join("/");
|
|
1870
|
-
if (
|
|
1874
|
+
if (result.endsWith(".js")) {
|
|
1875
|
+
result = result.slice(0, -3) + ".ts";
|
|
1876
|
+
} else if (result.endsWith(".jsx")) {
|
|
1877
|
+
result = result.slice(0, -4) + ".tsx";
|
|
1878
|
+
} else if (!result.endsWith(".ts") && !result.endsWith(".tsx")) {
|
|
1871
1879
|
result += ".ts";
|
|
1872
1880
|
}
|
|
1873
1881
|
return result;
|
|
@@ -2170,7 +2178,8 @@ function securityPlugin(config = {}) {
|
|
|
2170
2178
|
if (ts2.isPropertyAccessExpression(call.expression)) {
|
|
2171
2179
|
if (ts2.isIdentifier(call.expression.expression) && call.expression.expression.text === "Math" && call.expression.name.text === "random") {
|
|
2172
2180
|
const fileText = context.ast.getFullText();
|
|
2173
|
-
const isSecurityContext = fileText.includes("token") || fileText.includes("secret") ||
|
|
2181
|
+
const isSecurityContext = fileText.includes("token") || fileText.includes("secret") || // codeguardian-disable-next-line security/hardcoded-secret -- detection keyword, not a real secret
|
|
2182
|
+
fileText.includes("password") || fileText.includes("hash") || fileText.includes("crypto") || fileText.includes("session");
|
|
2174
2183
|
if (isSecurityContext) {
|
|
2175
2184
|
const pos = context.ast.getLineAndCharacterOfPosition(call.getStart(context.ast));
|
|
2176
2185
|
findings.push({
|
|
@@ -2230,7 +2239,7 @@ function securityPlugin(config = {}) {
|
|
|
2230
2239
|
}
|
|
2231
2240
|
};
|
|
2232
2241
|
}
|
|
2233
|
-
var DB_CALL_PATTERNS = ["find", "findOne", "findAll", "findById", "query", "execute", "fetch", "
|
|
2242
|
+
var DB_CALL_PATTERNS = ["find", "findOne", "findAll", "findById", "query", "execute", "fetch", "select"];
|
|
2234
2243
|
var SYNC_FS_METHODS = ["readFileSync", "writeFileSync", "appendFileSync", "mkdirSync", "readdirSync", "statSync", "existsSync", "unlinkSync", "copyFileSync"];
|
|
2235
2244
|
function performancePlugin(config = {}) {
|
|
2236
2245
|
const fullConfig = {
|