npm - @sentriflow/core - Versions diffs - 0.3.2 → 0.4.0 - Mend

@sentriflow/core 0.3.2 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/package.json +65 -65
package/src/grx2-loader/GRX2ExtendedLoader.ts +2 -3
package/src/grx2-loader/index.ts +2 -0
package/src/grx2-loader/types.ts +9 -3
package/src/helpers/cisco/helpers.ts +19 -0
package/src/helpers/cisco/index.ts +1 -0
package/src/helpers/common/helpers.ts +29 -0
package/src/pack-provider/PackProvider.ts +1 -1

package/package.json CHANGED Viewed

@@ -1,65 +1,65 @@
-{
-  "name": "@sentriflow/core",
-  "version": "0.3.2",
-  "description": "SentriFlow core engine for network configuration validation",
-  "license": "Apache-2.0",
-  "module": "src/index.ts",
-  "type": "module",
-  "exports": {
-    ".": "./src/index.ts",
-    "./grx2-loader": "./src/grx2-loader/index.ts",
-    "./helpers": "./src/helpers/index.ts",
-    "./helpers/common": "./src/helpers/common/index.ts",
-    "./helpers/arista": "./src/helpers/arista/index.ts",
-    "./helpers/aruba": "./src/helpers/aruba/index.ts",
-    "./helpers/cisco": "./src/helpers/cisco/index.ts",
-    "./helpers/cumulus": "./src/helpers/cumulus/index.ts",
-    "./helpers/extreme": "./src/helpers/extreme/index.ts",
-    "./helpers/fortinet": "./src/helpers/fortinet/index.ts",
-    "./helpers/huawei": "./src/helpers/huawei/index.ts",
-    "./helpers/juniper": "./src/helpers/juniper/index.ts",
-    "./helpers/mikrotik": "./src/helpers/mikrotik/index.ts",
-    "./helpers/nokia": "./src/helpers/nokia/index.ts",
-    "./helpers/paloalto": "./src/helpers/paloalto/index.ts",
-    "./helpers/vyos": "./src/helpers/vyos/index.ts"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/sentriflow/sentriflow.git",
-    "directory": "packages/core"
-  },
-  "homepage": "https://github.com/sentriflow/sentriflow#readme",
-  "bugs": {
-    "url": "https://github.com/sentriflow/sentriflow/issues"
-  },
-  "keywords": [
-    "network",
-    "configuration",
-    "validation",
-    "security",
-    "cisco",
-    "juniper",
-    "arista",
-    "firewall",
-    "linter",
-    "helpers"
-  ],
-  "files": [
-    "src",
-    "LICENSE",
-    "README.md"
-  ],
-  "publishConfig": {
-    "access": "public"
-  },
-  "dependencies": {
-    "node-machine-id": "^1.1.12"
-  },
-  "devDependencies": {
-    "bun-types": "latest",
-    "@types/node": "^20.0.0"
-  },
-  "peerDependencies": {
-    "typescript": "^5.0.0"
-  }
-}
+{
+  "name": "@sentriflow/core",
+  "version": "0.4.0",
+  "description": "SentriFlow core engine for network configuration validation",
+  "license": "Apache-2.0",
+  "module": "src/index.ts",
+  "type": "module",
+  "exports": {
+    ".": "./src/index.ts",
+    "./grx2-loader": "./src/grx2-loader/index.ts",
+    "./helpers": "./src/helpers/index.ts",
+    "./helpers/common": "./src/helpers/common/index.ts",
+    "./helpers/arista": "./src/helpers/arista/index.ts",
+    "./helpers/aruba": "./src/helpers/aruba/index.ts",
+    "./helpers/cisco": "./src/helpers/cisco/index.ts",
+    "./helpers/cumulus": "./src/helpers/cumulus/index.ts",
+    "./helpers/extreme": "./src/helpers/extreme/index.ts",
+    "./helpers/fortinet": "./src/helpers/fortinet/index.ts",
+    "./helpers/huawei": "./src/helpers/huawei/index.ts",
+    "./helpers/juniper": "./src/helpers/juniper/index.ts",
+    "./helpers/mikrotik": "./src/helpers/mikrotik/index.ts",
+    "./helpers/nokia": "./src/helpers/nokia/index.ts",
+    "./helpers/paloalto": "./src/helpers/paloalto/index.ts",
+    "./helpers/vyos": "./src/helpers/vyos/index.ts"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/sentriflow/sentriflow.git",
+    "directory": "packages/core"
+  },
+  "homepage": "https://github.com/sentriflow/sentriflow#readme",
+  "bugs": {
+    "url": "https://github.com/sentriflow/sentriflow/issues"
+  },
+  "keywords": [
+    "network",
+    "configuration",
+    "validation",
+    "security",
+    "cisco",
+    "juniper",
+    "arista",
+    "firewall",
+    "linter",
+    "helpers"
+  ],
+  "files": [
+    "src",
+    "LICENSE",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "node-machine-id": "^1.1.12"
+  },
+  "devDependencies": {
+    "bun-types": "latest",
+    "@types/node": "^20.0.0"
+  },
+  "peerDependencies": {
+    "typescript": "^5.0.0"
+  }
+}

package/src/grx2-loader/GRX2ExtendedLoader.ts CHANGED Viewed

@@ -358,9 +358,8 @@ export async function loadExtendedPack(
   machineId: string,
   debug?: (msg: string) => void
 ): Promise<RulePack> {
-  debug?.(`[GRX2Loader] Loading pack: ${filePath}`);
-  debug?.(`[GRX2Loader] License key length: ${licenseKey.length}, first 20 chars: ${licenseKey.substring(0, 20)}...`);
-  debug?.(`[GRX2Loader] Machine ID: "${machineId}" (length: ${machineId.length})`);
+  debug?.(`[GRX2Loader] Loading pack: ${filePath}`);
+  debug?.(`[GRX2Loader] Machine ID: "${machineId}" (length: ${machineId.length})`);
   // Read pack file
   const data = await readFile(filePath);

package/src/grx2-loader/index.ts CHANGED Viewed

@@ -31,7 +31,9 @@ export {
   GRX2_KDF_PBKDF2,
   GRX2_KEY_TYPE_TMK,
   GRX2_KEY_TYPE_CTMK,
+  SENTRIFLOW_HOME,
   DEFAULT_PACKS_DIRECTORY,
+  DEFAULT_RULES_DIRECTORY,
   CACHE_DIRECTORY,
 } from './types';

package/src/grx2-loader/types.ts CHANGED Viewed

@@ -25,7 +25,7 @@ export interface LicensePayload {
   sub: string;
   /** Customer tier */
-  tier: 'community' | 'professional' | 'enterprise';
+  tier: 'basic' | 'professional' | 'enterprise';
   /** Entitled feed IDs */
   feeds: string[];
@@ -274,8 +274,14 @@ export const GRX2_KEY_TYPE_TMK = 1;
 /** CTMK key type */
 export const GRX2_KEY_TYPE_CTMK = 2;
+/** Base SentriFlow home directory (platform-aware: ~/.sentriflow or %USERPROFILE%\.sentriflow) */
+export const SENTRIFLOW_HOME = join(homedir(), '.sentriflow');
 /** Default packs directory (platform-aware) */
-export const DEFAULT_PACKS_DIRECTORY = join(homedir(), '.sentriflow', 'packs');
+export const DEFAULT_PACKS_DIRECTORY = join(SENTRIFLOW_HOME, 'packs');
+/** Default custom rules directory (platform-aware) */
+export const DEFAULT_RULES_DIRECTORY = join(SENTRIFLOW_HOME, 'rules');
 /** Cache directory (for downloaded packs, platform-aware) */
-export const CACHE_DIRECTORY = join(homedir(), '.sentriflow', 'cache');
+export const CACHE_DIRECTORY = join(SENTRIFLOW_HOME, 'cache');

package/src/helpers/cisco/helpers.ts CHANGED Viewed

@@ -10,6 +10,7 @@ import {
   includesIgnoreCase,
   startsWithIgnoreCase,
   parseInteger,
+  findParentSection,
 } from '../common/helpers';
 // Re-export common helpers for convenience
@@ -214,6 +215,24 @@ export const hasWeakUsernamePassword = (node: ConfigNode): boolean => {
   return false;
 };
+/**
+ * Check if password is under a line configuration section (vty, console, aux).
+ * Line passwords cannot be encrypted in Cisco IOS - they only support plaintext.
+ * Security for these should be enforced via AAA authentication instead.
+ *
+ * @param ast The full AST (array of ConfigNode)
+ * @param node The password node to check
+ * @returns true if the password is under a line vty/console/aux section
+ */
+export const isLineConfigPassword = (ast: ConfigNode[], node: ConfigNode): boolean => {
+  const parent = findParentSection(ast, node);
+  if (!parent) return false;
+  const parentId = parent.id.toLowerCase();
+  return parentId.startsWith('line vty') ||
+         parentId.startsWith('line console') ||
+         parentId.startsWith('line aux');
+};
 /**
  * Get SSH version from configuration
  */

package/src/helpers/cisco/index.ts CHANGED Viewed

@@ -8,4 +8,5 @@ export {
   hasChildCommand,
   getChildCommand,
   getChildCommands,
+  findParentSection,
 } from '../common/helpers';

package/src/helpers/common/helpers.ts CHANGED Viewed

@@ -202,6 +202,35 @@ export const isShutdown = (node: ConfigNode): boolean => {
   });
 };
+/**
+ * Find the parent section of a node in the AST.
+ * Traverses the AST to locate the parent section containing the target node.
+ * Useful for context-aware rules that need to check parent context.
+ *
+ * @param ast The full AST (array of ConfigNode)
+ * @param targetNode The node to find the parent for
+ * @returns The parent section node, or undefined if not found
+ */
+export const findParentSection = (
+  ast: ConfigNode[],
+  targetNode: ConfigNode
+): ConfigNode | undefined => {
+  for (const node of ast) {
+    if (node.type === 'section') {
+      // Check if target is a direct child (by line number match)
+      if (node.children.some(child =>
+        child.loc.startLine === targetNode.loc.startLine
+      )) {
+        return node;
+      }
+      // Recurse into children
+      const found = findParentSection(node.children, targetNode);
+      if (found) return found;
+    }
+  }
+  return undefined;
+};
 /**
  * Check if a node is an actual interface definition (not a reference or sub-command).
  * Interface definitions are top-level sections that define physical/logical interfaces.

package/src/pack-provider/PackProvider.ts CHANGED Viewed

@@ -39,7 +39,7 @@ export interface PackProviderLicenseStatus {
   isValid: boolean;
   /** License tier */
-  tier: 'community' | 'professional' | 'enterprise' | string;
+  tier: 'basic' | 'professional' | 'enterprise' | string;
   /** List of entitled feed/pack IDs */
   entitledFeeds: string[];