@runsec/mcp 1.0.82 → 1.0.84
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/runsec-mcp.cjs +1 -1
- package/dist/index.js +6 -20
- package/package.json +1 -1
package/bin/runsec-mcp.cjs
CHANGED
package/dist/index.js
CHANGED
|
@@ -1239,7 +1239,6 @@ function applyCognitivePipeline(workspaceRoot, findings) {
|
|
|
1239
1239
|
(f) => f.suppressed || isNuclearSuppressedFinding(f) || !f.primary_log_eligible
|
|
1240
1240
|
)
|
|
1241
1241
|
).concat(duplicates);
|
|
1242
|
-
const allScored = [...primary, ...suppressed];
|
|
1243
1242
|
console.error(
|
|
1244
1243
|
`[runsec] cognitive: raw=${findings.length} nuclear=${nuclearSuppressed.length} primary=${primary.length} suppressed=${suppressed.length}`
|
|
1245
1244
|
);
|
|
@@ -1249,7 +1248,7 @@ function applyCognitivePipeline(workspaceRoot, findings) {
|
|
|
1249
1248
|
summary: {
|
|
1250
1249
|
version: "v1.0",
|
|
1251
1250
|
primary_log_threshold: PRIMARY_LOG_THRESHOLD,
|
|
1252
|
-
findings_total:
|
|
1251
|
+
findings_total: findings.length,
|
|
1253
1252
|
findings_primary: primary.length,
|
|
1254
1253
|
findings_suppressed: suppressed.length,
|
|
1255
1254
|
false_positive_filtering: true
|
|
@@ -1871,14 +1870,6 @@ function mapTrufflehogFindings(rows, workspaceRoot) {
|
|
|
1871
1870
|
const rawSecret = String(raw.Raw ?? "").trim();
|
|
1872
1871
|
const display = redacted || rawSecret || "[secret redacted]";
|
|
1873
1872
|
const description = `TruffleHog: exposed ${detector}${verified ? " (verified)" : ""}`;
|
|
1874
|
-
if (!isTrufflehogVerified(verified, description)) {
|
|
1875
|
-
const blob = `${display} ${rawSecret} ${description}`;
|
|
1876
|
-
if (isLockfileOrModulesPath(rel) || isStaticLayoutDumpPath(rel)) continue;
|
|
1877
|
-
if (hasEnvironmentInterpolation(blob)) continue;
|
|
1878
|
-
if (blobHasDevDatabaseSecret(blob)) continue;
|
|
1879
|
-
if (isHexChecksumBlob(display) || isHexChecksumBlob(rawSecret)) continue;
|
|
1880
|
-
if (isUnverifiedTrufflehogNoiseDetector(detector)) continue;
|
|
1881
|
-
}
|
|
1882
1873
|
const severity = severityForSecret(detector, verified);
|
|
1883
1874
|
findings.push({
|
|
1884
1875
|
category: "secrets",
|
|
@@ -2576,16 +2567,11 @@ var import_promises = __toESM(require("fs/promises"));
|
|
|
2576
2567
|
var import_node_os = __toESM(require("os"));
|
|
2577
2568
|
var import_node_path11 = __toESM(require("path"));
|
|
2578
2569
|
var TRUFFLEHOG_EXCLUDE_PATTERNS = [
|
|
2579
|
-
|
|
2580
|
-
|
|
2581
|
-
|
|
2582
|
-
|
|
2583
|
-
|
|
2584
|
-
"**/Cargo.lock",
|
|
2585
|
-
"**/composer.lock",
|
|
2586
|
-
"**/Gemfile.lock",
|
|
2587
|
-
"**/*-lock.json",
|
|
2588
|
-
"**/node_modules/**"
|
|
2570
|
+
String.raw`\.lock$`,
|
|
2571
|
+
String.raw`package-lock\.json$`,
|
|
2572
|
+
String.raw`pnpm-lock\.yaml$`,
|
|
2573
|
+
String.raw`-lock\.json$`,
|
|
2574
|
+
String.raw`(^|[\\/])node_modules([\\/]|$)`
|
|
2589
2575
|
];
|
|
2590
2576
|
async function createTrufflehogExcludeFile() {
|
|
2591
2577
|
const tmpDir = await import_promises.default.mkdtemp(import_node_path11.default.join(import_node_os.default.tmpdir(), "runsec-th-exclude-"));
|