@oxog/codeguardian 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.cjs +13 -4
- package/dist/cli.cjs.map +1 -1
- package/dist/cli.js +13 -4
- package/dist/cli.js.map +1 -1
- package/dist/index.cjs +13 -4
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +13 -4
- package/dist/index.js.map +1 -1
- package/dist/plugins/index.cjs +8 -3
- package/dist/plugins/index.cjs.map +1 -1
- package/dist/plugins/index.js +8 -3
- package/dist/plugins/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -612,7 +612,11 @@ function resolveImportPath(fromFile, importSource, _rootDir) {
|
|
|
612
612
|
}
|
|
613
613
|
const fromDir = path7.dirname(fromFile);
|
|
614
614
|
let resolved = path7.posix.join(fromDir, importSource);
|
|
615
|
-
if (
|
|
615
|
+
if (resolved.endsWith(".js")) {
|
|
616
|
+
resolved = resolved.slice(0, -3) + ".ts";
|
|
617
|
+
} else if (resolved.endsWith(".jsx")) {
|
|
618
|
+
resolved = resolved.slice(0, -4) + ".tsx";
|
|
619
|
+
} else if (!resolved.endsWith(".ts") && !resolved.endsWith(".tsx")) {
|
|
616
620
|
resolved = resolved + ".ts";
|
|
617
621
|
}
|
|
618
622
|
return resolved.replace(/\\/g, "/");
|
|
@@ -1795,7 +1799,11 @@ function resolveImport(fromFile, source) {
|
|
|
1795
1799
|
else if (part !== ".") resolved.push(part);
|
|
1796
1800
|
}
|
|
1797
1801
|
let result = resolved.join("/");
|
|
1798
|
-
if (
|
|
1802
|
+
if (result.endsWith(".js")) {
|
|
1803
|
+
result = result.slice(0, -3) + ".ts";
|
|
1804
|
+
} else if (result.endsWith(".jsx")) {
|
|
1805
|
+
result = result.slice(0, -4) + ".tsx";
|
|
1806
|
+
} else if (!result.endsWith(".ts") && !result.endsWith(".tsx")) {
|
|
1799
1807
|
result += ".ts";
|
|
1800
1808
|
}
|
|
1801
1809
|
return result;
|
|
@@ -2098,7 +2106,8 @@ function securityPlugin(config = {}) {
|
|
|
2098
2106
|
if (ts2.isPropertyAccessExpression(call.expression)) {
|
|
2099
2107
|
if (ts2.isIdentifier(call.expression.expression) && call.expression.expression.text === "Math" && call.expression.name.text === "random") {
|
|
2100
2108
|
const fileText = context.ast.getFullText();
|
|
2101
|
-
const isSecurityContext = fileText.includes("token") || fileText.includes("secret") ||
|
|
2109
|
+
const isSecurityContext = fileText.includes("token") || fileText.includes("secret") || // codeguardian-disable-next-line security/hardcoded-secret -- detection keyword, not a real secret
|
|
2110
|
+
fileText.includes("password") || fileText.includes("hash") || fileText.includes("crypto") || fileText.includes("session");
|
|
2102
2111
|
if (isSecurityContext) {
|
|
2103
2112
|
const pos = context.ast.getLineAndCharacterOfPosition(call.getStart(context.ast));
|
|
2104
2113
|
findings.push({
|
|
@@ -2158,7 +2167,7 @@ function securityPlugin(config = {}) {
|
|
|
2158
2167
|
}
|
|
2159
2168
|
};
|
|
2160
2169
|
}
|
|
2161
|
-
var DB_CALL_PATTERNS = ["find", "findOne", "findAll", "findById", "query", "execute", "fetch", "
|
|
2170
|
+
var DB_CALL_PATTERNS = ["find", "findOne", "findAll", "findById", "query", "execute", "fetch", "select"];
|
|
2162
2171
|
var SYNC_FS_METHODS = ["readFileSync", "writeFileSync", "appendFileSync", "mkdirSync", "readdirSync", "statSync", "existsSync", "unlinkSync", "copyFileSync"];
|
|
2163
2172
|
function performancePlugin(config = {}) {
|
|
2164
2173
|
const fullConfig = {
|