@runa-ai/runa-cli 0.5.46 → 0.5.47
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js
CHANGED
|
@@ -929,7 +929,7 @@ var CLI_VERSION, HAS_ADMIN_COMMAND;
|
|
|
929
929
|
var init_version = __esm({
|
|
930
930
|
"src/version.ts"() {
|
|
931
931
|
init_esm_shims();
|
|
932
|
-
CLI_VERSION = "0.5.
|
|
932
|
+
CLI_VERSION = "0.5.47";
|
|
933
933
|
HAS_ADMIN_COMMAND = false;
|
|
934
934
|
}
|
|
935
935
|
});
|
|
@@ -1905,6 +1905,14 @@ function calculateConfidence(pattern) {
|
|
|
1905
1905
|
"github-token",
|
|
1906
1906
|
// ghp_/gho_/etc prefix is unique
|
|
1907
1907
|
"github-oauth",
|
|
1908
|
+
"openai-api-key",
|
|
1909
|
+
// sk- prefix with length constraint
|
|
1910
|
+
"openai-project-key",
|
|
1911
|
+
// sk-proj- prefix is unique
|
|
1912
|
+
"anthropic-api-key",
|
|
1913
|
+
// sk-ant-api prefix is unique
|
|
1914
|
+
"google-api-key",
|
|
1915
|
+
// AIza prefix is unique to Google (Gemini, Vertex AI, etc.)
|
|
1908
1916
|
"stripe-secret",
|
|
1909
1917
|
// sk_live_ prefix is unique
|
|
1910
1918
|
"stripe-test",
|
|
@@ -1926,8 +1934,6 @@ function calculateConfidence(pattern) {
|
|
|
1926
1934
|
return 0.95;
|
|
1927
1935
|
}
|
|
1928
1936
|
const mediumConfidencePatterns = [
|
|
1929
|
-
"google-api-key",
|
|
1930
|
-
// AIza prefix is fairly unique
|
|
1931
1937
|
"google-oauth",
|
|
1932
1938
|
"database-url",
|
|
1933
1939
|
// Has structure but could be example
|
|
@@ -2150,13 +2156,13 @@ var init_secret_analyzer = __esm({
|
|
|
2150
2156
|
description: "GitHub OAuth Token detected",
|
|
2151
2157
|
cweId: CWE.HARDCODED_CREDENTIALS
|
|
2152
2158
|
},
|
|
2153
|
-
// Google
|
|
2159
|
+
// Google / Gemini
|
|
2154
2160
|
{
|
|
2155
2161
|
id: "google-api-key",
|
|
2156
|
-
name: "Google API Key",
|
|
2162
|
+
name: "Google / Gemini API Key",
|
|
2157
2163
|
pattern: /AIza[0-9A-Za-z\-_]{35}/g,
|
|
2158
|
-
severity: "
|
|
2159
|
-
description: "Google API Key detected",
|
|
2164
|
+
severity: "critical",
|
|
2165
|
+
description: "Google API Key detected (used by Gemini, Vertex AI, Maps, etc.)",
|
|
2160
2166
|
cweId: CWE.HARDCODED_CREDENTIALS
|
|
2161
2167
|
},
|
|
2162
2168
|
{
|
|
@@ -2190,7 +2196,12 @@ var init_secret_analyzer = __esm({
|
|
|
2190
2196
|
{
|
|
2191
2197
|
id: "supabase-service-role",
|
|
2192
2198
|
name: "Supabase Service Role Key",
|
|
2193
|
-
|
|
2199
|
+
// Supabase JWT: header.payload.signature
|
|
2200
|
+
// Header: {"alg":"HS256","typ":"JWT"} (fixed)
|
|
2201
|
+
// Payload prefix: {"iss":"supabase","ref": (24 bytes, 3-byte aligned = stable base64url)
|
|
2202
|
+
// Service role marker: role":"service_role" = cm9sZSI6InNlcnZpY2Vfcm9sZSI (stable)
|
|
2203
|
+
// Variable content between prefix and marker covers the encoded project ref
|
|
2204
|
+
pattern: /eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6[A-Za-z0-9_-]+cm9sZSI6InNlcnZpY2Vfcm9sZSI[A-Za-z0-9_-]*\.[A-Za-z0-9_-]+/g,
|
|
2194
2205
|
severity: "critical",
|
|
2195
2206
|
description: "Supabase Service Role Key detected",
|
|
2196
2207
|
cweId: CWE.HARDCODED_CREDENTIALS
|
|
@@ -2354,6 +2365,26 @@ var init_secret_analyzer = __esm({
|
|
|
2354
2365
|
// ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
2355
2366
|
// AI Service API Keys (2024-2026 patterns)
|
|
2356
2367
|
// ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
2368
|
+
{
|
|
2369
|
+
id: "openai-api-key",
|
|
2370
|
+
name: "OpenAI API Key",
|
|
2371
|
+
// Format: sk-{48+ alphanumeric chars} (real keys are typically 51 chars)
|
|
2372
|
+
// SECURITY: Bounded quantifier to prevent ReDoS
|
|
2373
|
+
pattern: /sk-[a-zA-Z0-9]{48,200}/g,
|
|
2374
|
+
severity: "critical",
|
|
2375
|
+
description: "OpenAI API key detected",
|
|
2376
|
+
cweId: CWE.HARDCODED_CREDENTIALS
|
|
2377
|
+
},
|
|
2378
|
+
{
|
|
2379
|
+
id: "openai-project-key",
|
|
2380
|
+
name: "OpenAI Project Key",
|
|
2381
|
+
// Format: sk-proj-{48+ alphanumeric/dash/underscore chars}
|
|
2382
|
+
// SECURITY: Bounded quantifier to prevent ReDoS
|
|
2383
|
+
pattern: /sk-proj-[a-zA-Z0-9_-]{48,200}/g,
|
|
2384
|
+
severity: "critical",
|
|
2385
|
+
description: "OpenAI Project API key detected",
|
|
2386
|
+
cweId: CWE.HARDCODED_CREDENTIALS
|
|
2387
|
+
},
|
|
2357
2388
|
{
|
|
2358
2389
|
id: "anthropic-api-key",
|
|
2359
2390
|
name: "Anthropic API Key",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secret-analyzer.d.ts","sourceRoot":"","sources":["../../../../src/internal/vuln-checker/analyzers/secret-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAKH,OAAO,KAAK,EAAE,QAAQ,EAAE,eAAe,EAAE,QAAQ,EAAE,OAAO,EAAoB,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"secret-analyzer.d.ts","sourceRoot":"","sources":["../../../../src/internal/vuln-checker/analyzers/secret-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAKH,OAAO,KAAK,EAAE,QAAQ,EAAE,eAAe,EAAE,QAAQ,EAAE,OAAO,EAAoB,MAAM,aAAa,CAAC;AAulClG;;GAEG;AACH,qBAAa,cAAe,YAAW,QAAQ;IAC7C,IAAI,SAAoB;IACxB,UAAU,EAAE,QAAQ,EAAE,CAAc;IAE9B,OAAO,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;YAkB7C,cAAc;IAY5B,OAAO,CAAC,UAAU;CAGnB"}
|