@sulthonzh/mcp-audit 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +134 -0
- package/dist/cli.d.ts +3 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +165 -0
- package/dist/cli.js.map +1 -0
- package/dist/config/config-loader.d.ts +17 -0
- package/dist/config/config-loader.d.ts.map +1 -0
- package/dist/config/config-loader.js +72 -0
- package/dist/config/config-loader.js.map +1 -0
- package/dist/index.d.ts +8 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +22 -0
- package/dist/index.js.map +1 -0
- package/dist/reporter/report-generator.d.ts +7 -0
- package/dist/reporter/report-generator.d.ts.map +1 -0
- package/dist/reporter/report-generator.js +240 -0
- package/dist/reporter/report-generator.js.map +1 -0
- package/dist/reporters/sarif-reporter.d.ts +18 -0
- package/dist/reporters/sarif-reporter.d.ts.map +1 -0
- package/dist/reporters/sarif-reporter.js +148 -0
- package/dist/reporters/sarif-reporter.js.map +1 -0
- package/dist/scanners/config-scanner.d.ts +11 -0
- package/dist/scanners/config-scanner.d.ts.map +1 -0
- package/dist/scanners/config-scanner.js +399 -0
- package/dist/scanners/config-scanner.js.map +1 -0
- package/dist/scanners/docker-scanner.d.ts +13 -0
- package/dist/scanners/docker-scanner.d.ts.map +1 -0
- package/dist/scanners/docker-scanner.js +384 -0
- package/dist/scanners/docker-scanner.js.map +1 -0
- package/dist/scanners/helm-scanner.d.ts +16 -0
- package/dist/scanners/helm-scanner.d.ts.map +1 -0
- package/dist/scanners/helm-scanner.js +385 -0
- package/dist/scanners/helm-scanner.js.map +1 -0
- package/dist/scanners/k8s-scanner.d.ts +14 -0
- package/dist/scanners/k8s-scanner.d.ts.map +1 -0
- package/dist/scanners/k8s-scanner.js +315 -0
- package/dist/scanners/k8s-scanner.js.map +1 -0
- package/dist/scanners/server-scanner.d.ts +13 -0
- package/dist/scanners/server-scanner.d.ts.map +1 -0
- package/dist/scanners/server-scanner.js +346 -0
- package/dist/scanners/server-scanner.js.map +1 -0
- package/dist/types/security-result.d.ts +35 -0
- package/dist/types/security-result.d.ts.map +1 -0
- package/dist/types/security-result.js +3 -0
- package/dist/types/security-result.js.map +1 -0
- package/dist/utils/logger.d.ts +19 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/logger.js +71 -0
- package/dist/utils/logger.js.map +1 -0
- package/package.json +77 -0
|
@@ -0,0 +1,315 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.scanK8s = scanK8s;
|
|
7
|
+
const fs_extra_1 = __importDefault(require("fs-extra"));
|
|
8
|
+
const path_1 = __importDefault(require("path"));
|
|
9
|
+
const js_yaml_1 = __importDefault(require("js-yaml"));
|
|
10
|
+
const logger_1 = require("../utils/logger");
|
|
11
|
+
function extractPodSpec(manifest) {
|
|
12
|
+
const kind = manifest.kind?.toLowerCase() ?? '';
|
|
13
|
+
if (kind === 'pod')
|
|
14
|
+
return manifest.spec;
|
|
15
|
+
if (['deployment', 'statefulset', 'daemonset', 'replicaset', 'job'].includes(kind)) {
|
|
16
|
+
return manifest.spec?.template?.spec ?? null;
|
|
17
|
+
}
|
|
18
|
+
return null;
|
|
19
|
+
}
|
|
20
|
+
function checkPodSpec(podSpec, relPath, manifestName) {
|
|
21
|
+
const issues = [];
|
|
22
|
+
if (!podSpec)
|
|
23
|
+
return issues;
|
|
24
|
+
const containers = podSpec.containers ?? [];
|
|
25
|
+
const initContainers = podSpec.initContainers ?? [];
|
|
26
|
+
const allContainers = [...containers, ...initContainers];
|
|
27
|
+
for (const ctr of allContainers) {
|
|
28
|
+
const cname = ctr.name ?? 'unnamed-container';
|
|
29
|
+
// Running as root
|
|
30
|
+
if (!ctr.securityContext?.runAsNonRoot) {
|
|
31
|
+
issues.push({
|
|
32
|
+
type: 'high',
|
|
33
|
+
category: 'permissions',
|
|
34
|
+
title: 'Container may run as root',
|
|
35
|
+
description: `Container "${cname}" in ${manifestName} does not set runAsNonRoot: true`,
|
|
36
|
+
recommendation: 'Add securityContext.runAsNonRoot: true and set runAsUser > 0',
|
|
37
|
+
evidence: relPath,
|
|
38
|
+
});
|
|
39
|
+
}
|
|
40
|
+
// Privileged mode
|
|
41
|
+
if (ctr.securityContext?.privileged) {
|
|
42
|
+
issues.push({
|
|
43
|
+
type: 'high',
|
|
44
|
+
category: 'permissions',
|
|
45
|
+
title: 'Privileged container',
|
|
46
|
+
description: `Container "${cname}" in ${manifestName} runs in privileged mode`,
|
|
47
|
+
recommendation: 'Remove securityContext.privileged or set to false. Use capabilities instead.',
|
|
48
|
+
evidence: relPath,
|
|
49
|
+
});
|
|
50
|
+
}
|
|
51
|
+
// No resource limits
|
|
52
|
+
if (!ctr.resources?.limits) {
|
|
53
|
+
issues.push({
|
|
54
|
+
type: 'medium',
|
|
55
|
+
category: 'config',
|
|
56
|
+
title: 'No resource limits set',
|
|
57
|
+
description: `Container "${cname}" in ${manifestName} has no resource limits`,
|
|
58
|
+
recommendation: 'Set resources.limits.cpu and resources.limits.memory to prevent resource exhaustion',
|
|
59
|
+
evidence: relPath,
|
|
60
|
+
});
|
|
61
|
+
}
|
|
62
|
+
// No resource requests
|
|
63
|
+
if (!ctr.resources?.requests) {
|
|
64
|
+
issues.push({
|
|
65
|
+
type: 'low',
|
|
66
|
+
category: 'config',
|
|
67
|
+
title: 'No resource requests set',
|
|
68
|
+
description: `Container "${cname}" in ${manifestName} has no resource requests`,
|
|
69
|
+
recommendation: 'Set resources.requests for predictable scheduling',
|
|
70
|
+
evidence: relPath,
|
|
71
|
+
});
|
|
72
|
+
}
|
|
73
|
+
// HostPath volumes
|
|
74
|
+
if (Array.isArray(ctr.volumeMounts)) {
|
|
75
|
+
for (const vm of ctr.volumeMounts) {
|
|
76
|
+
if (vm.mountPath && vm.mountPath.startsWith('/host')) {
|
|
77
|
+
issues.push({
|
|
78
|
+
type: 'high',
|
|
79
|
+
category: 'filesystem',
|
|
80
|
+
title: 'Suspicious host mount path',
|
|
81
|
+
description: `Container "${cname}" mounts at ${vm.mountPath} — likely a hostPath volume`,
|
|
82
|
+
recommendation: 'Avoid mounting host paths. Use PVCs or emptyDir instead.',
|
|
83
|
+
evidence: relPath,
|
|
84
|
+
});
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
// Using :latest tag
|
|
89
|
+
const image = ctr.image ?? '';
|
|
90
|
+
if (image.includes(':latest') || (!image.includes(':') && image.includes('/'))) {
|
|
91
|
+
issues.push({
|
|
92
|
+
type: 'medium',
|
|
93
|
+
category: 'supply-chain',
|
|
94
|
+
title: 'Using latest or untagged image',
|
|
95
|
+
description: `Container "${cname}" uses image "${image}" without a pinned tag`,
|
|
96
|
+
recommendation: 'Pin image tags to specific versions (e.g., nginx:1.25.3) for reproducible builds',
|
|
97
|
+
evidence: relPath,
|
|
98
|
+
});
|
|
99
|
+
}
|
|
100
|
+
// No liveness/readiness probes
|
|
101
|
+
if (!ctr.livenessProbe) {
|
|
102
|
+
issues.push({
|
|
103
|
+
type: 'low',
|
|
104
|
+
category: 'config',
|
|
105
|
+
title: 'No liveness probe',
|
|
106
|
+
description: `Container "${cname}" has no liveness probe`,
|
|
107
|
+
recommendation: 'Add a livenessProbe so K8s can restart unhealthy containers',
|
|
108
|
+
evidence: relPath,
|
|
109
|
+
});
|
|
110
|
+
}
|
|
111
|
+
if (!ctr.readinessProbe) {
|
|
112
|
+
issues.push({
|
|
113
|
+
type: 'low',
|
|
114
|
+
category: 'config',
|
|
115
|
+
title: 'No readiness probe',
|
|
116
|
+
description: `Container "${cname}" has no readiness probe`,
|
|
117
|
+
recommendation: 'Add a readinessProbe to control traffic routing',
|
|
118
|
+
evidence: relPath,
|
|
119
|
+
});
|
|
120
|
+
}
|
|
121
|
+
// Environment variables with potential secrets
|
|
122
|
+
if (Array.isArray(ctr.env)) {
|
|
123
|
+
for (const env of ctr.env) {
|
|
124
|
+
const name = (env.name ?? '').toLowerCase();
|
|
125
|
+
if (name.includes('password') || name.includes('secret') || name.includes('token') || name.includes('key')) {
|
|
126
|
+
if (env.value && !env.valueFrom) {
|
|
127
|
+
issues.push({
|
|
128
|
+
type: 'high',
|
|
129
|
+
category: 'config',
|
|
130
|
+
title: 'Hardcoded secret in env var',
|
|
131
|
+
description: `Container "${cname}" has "${env.name}" set as plaintext in the manifest`,
|
|
132
|
+
recommendation: 'Use Secrets or external secret managers instead of plaintext env vars',
|
|
133
|
+
evidence: `${relPath} → env.${env.name}`,
|
|
134
|
+
});
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
// hostPath volumes at pod level
|
|
141
|
+
if (Array.isArray(podSpec.volumes)) {
|
|
142
|
+
for (const vol of podSpec.volumes) {
|
|
143
|
+
if (vol.hostPath) {
|
|
144
|
+
issues.push({
|
|
145
|
+
type: 'high',
|
|
146
|
+
category: 'filesystem',
|
|
147
|
+
title: 'hostPath volume mounted',
|
|
148
|
+
description: `Pod ${manifestName} uses hostPath volume "${vol.name}" → ${vol.hostPath.path}`,
|
|
149
|
+
recommendation: 'Avoid hostPath volumes. They expose the node filesystem to the pod.',
|
|
150
|
+
evidence: relPath,
|
|
151
|
+
});
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
// hostNetwork
|
|
156
|
+
if (podSpec.hostNetwork) {
|
|
157
|
+
issues.push({
|
|
158
|
+
type: 'high',
|
|
159
|
+
category: 'network',
|
|
160
|
+
title: 'hostNetwork enabled',
|
|
161
|
+
description: `Pod ${manifestName} uses hostNetwork: true`,
|
|
162
|
+
recommendation: 'Only use hostNetwork when absolutely necessary. It gives the pod access to the node network.',
|
|
163
|
+
evidence: relPath,
|
|
164
|
+
});
|
|
165
|
+
}
|
|
166
|
+
// hostPID / hostIPC
|
|
167
|
+
if (podSpec.hostPID) {
|
|
168
|
+
issues.push({
|
|
169
|
+
type: 'medium',
|
|
170
|
+
category: 'permissions',
|
|
171
|
+
title: 'hostPID enabled',
|
|
172
|
+
description: `Pod ${manifestName} uses hostPID: true`,
|
|
173
|
+
recommendation: 'Avoid hostPID unless needed for debugging.',
|
|
174
|
+
evidence: relPath,
|
|
175
|
+
});
|
|
176
|
+
}
|
|
177
|
+
if (podSpec.hostIPC) {
|
|
178
|
+
issues.push({
|
|
179
|
+
type: 'medium',
|
|
180
|
+
category: 'permissions',
|
|
181
|
+
title: 'hostIPC enabled',
|
|
182
|
+
description: `Pod ${manifestName} uses hostIPC: true`,
|
|
183
|
+
recommendation: 'Avoid hostIPC unless shared memory is required.',
|
|
184
|
+
evidence: relPath,
|
|
185
|
+
});
|
|
186
|
+
}
|
|
187
|
+
return issues;
|
|
188
|
+
}
|
|
189
|
+
function checkService(manifest, relPath) {
|
|
190
|
+
const issues = [];
|
|
191
|
+
const spec = manifest.spec;
|
|
192
|
+
if (!spec)
|
|
193
|
+
return issues;
|
|
194
|
+
const name = manifest.metadata?.name ?? 'unnamed-service';
|
|
195
|
+
// LoadBalancer exposing internally
|
|
196
|
+
if (spec.type === 'LoadBalancer') {
|
|
197
|
+
issues.push({
|
|
198
|
+
type: 'medium',
|
|
199
|
+
category: 'network',
|
|
200
|
+
title: 'Service exposed via LoadBalancer',
|
|
201
|
+
description: `Service "${name}" is a LoadBalancer — it will be externally accessible`,
|
|
202
|
+
recommendation: 'Use ClusterIP + Ingress for internal services. Only use LoadBalancer for public endpoints.',
|
|
203
|
+
evidence: relPath,
|
|
204
|
+
});
|
|
205
|
+
}
|
|
206
|
+
// NodePort
|
|
207
|
+
if (spec.type === 'NodePort') {
|
|
208
|
+
issues.push({
|
|
209
|
+
type: 'low',
|
|
210
|
+
category: 'network',
|
|
211
|
+
title: 'Service uses NodePort',
|
|
212
|
+
description: `Service "${name}" uses NodePort — accessible on all cluster nodes`,
|
|
213
|
+
recommendation: 'Prefer Ingress over NodePort for production workloads.',
|
|
214
|
+
evidence: relPath,
|
|
215
|
+
});
|
|
216
|
+
}
|
|
217
|
+
return issues;
|
|
218
|
+
}
|
|
219
|
+
function checkManifest(doc, relPath) {
|
|
220
|
+
const issues = [];
|
|
221
|
+
if (!doc || typeof doc !== 'object' || !doc.kind)
|
|
222
|
+
return issues;
|
|
223
|
+
const manifestName = doc.metadata?.name ?? 'unnamed';
|
|
224
|
+
const podSpec = extractPodSpec(doc);
|
|
225
|
+
if (podSpec) {
|
|
226
|
+
issues.push(...checkPodSpec(podSpec, relPath, manifestName));
|
|
227
|
+
}
|
|
228
|
+
if ((doc.kind ?? '').toLowerCase() === 'service') {
|
|
229
|
+
issues.push(...checkService(doc, relPath));
|
|
230
|
+
}
|
|
231
|
+
return issues;
|
|
232
|
+
}
|
|
233
|
+
// ---- File discovery ----
|
|
234
|
+
async function findYamlFiles(targetPath) {
|
|
235
|
+
const files = [];
|
|
236
|
+
if (!(await fs_extra_1.default.pathExists(targetPath)))
|
|
237
|
+
return files;
|
|
238
|
+
const stat = await fs_extra_1.default.stat(targetPath);
|
|
239
|
+
if (stat.isFile()) {
|
|
240
|
+
const ext = path_1.default.extname(targetPath).toLowerCase();
|
|
241
|
+
if (['.yaml', '.yml'].includes(ext))
|
|
242
|
+
files.push(targetPath);
|
|
243
|
+
return files;
|
|
244
|
+
}
|
|
245
|
+
async function walk(dir) {
|
|
246
|
+
const entries = await fs_extra_1.default.readdir(dir, { withFileTypes: true });
|
|
247
|
+
for (const entry of entries) {
|
|
248
|
+
if (entry.name.startsWith('.') || entry.name === 'node_modules')
|
|
249
|
+
continue;
|
|
250
|
+
const full = path_1.default.join(dir, entry.name);
|
|
251
|
+
if (entry.isDirectory()) {
|
|
252
|
+
await walk(full);
|
|
253
|
+
}
|
|
254
|
+
else {
|
|
255
|
+
const ext = path_1.default.extname(entry.name).toLowerCase();
|
|
256
|
+
if (['.yaml', '.yml'].includes(ext)) {
|
|
257
|
+
files.push(full);
|
|
258
|
+
}
|
|
259
|
+
}
|
|
260
|
+
}
|
|
261
|
+
}
|
|
262
|
+
await walk(targetPath);
|
|
263
|
+
return files;
|
|
264
|
+
}
|
|
265
|
+
// ---- Public API ----
|
|
266
|
+
async function scanK8s(targetPath, options = {}) {
|
|
267
|
+
const issues = [];
|
|
268
|
+
let filesScanned = 0;
|
|
269
|
+
try {
|
|
270
|
+
const yamlFiles = await findYamlFiles(targetPath);
|
|
271
|
+
for (const fp of yamlFiles) {
|
|
272
|
+
const content = await fs_extra_1.default.readFile(fp, 'utf8');
|
|
273
|
+
const rel = path_1.default.relative(targetPath, fp);
|
|
274
|
+
// YAML may contain multiple docs separated by ---
|
|
275
|
+
const docs = js_yaml_1.default.loadAll(content);
|
|
276
|
+
let hadK8sManifest = false;
|
|
277
|
+
for (const doc of docs) {
|
|
278
|
+
if (!doc || typeof doc !== 'object' || !doc.kind)
|
|
279
|
+
continue;
|
|
280
|
+
hadK8sManifest = true;
|
|
281
|
+
issues.push(...checkManifest(doc, rel));
|
|
282
|
+
}
|
|
283
|
+
if (hadK8sManifest)
|
|
284
|
+
filesScanned++;
|
|
285
|
+
}
|
|
286
|
+
}
|
|
287
|
+
catch (err) {
|
|
288
|
+
logger_1.logger.warn('K8s scan error:', err);
|
|
289
|
+
issues.push({
|
|
290
|
+
type: 'medium',
|
|
291
|
+
category: 'config',
|
|
292
|
+
title: 'K8s Scan Error',
|
|
293
|
+
description: `Could not complete K8s scan: ${err instanceof Error ? err.message : String(err)}`,
|
|
294
|
+
recommendation: 'Ensure the target path is accessible and YAML is valid',
|
|
295
|
+
});
|
|
296
|
+
}
|
|
297
|
+
const high = issues.filter(i => i.type === 'high').length;
|
|
298
|
+
const medium = issues.filter(i => i.type === 'medium').length;
|
|
299
|
+
const low = issues.filter(i => i.type === 'low').length;
|
|
300
|
+
const score = Math.max(0, 100 - high * 25 - medium * 10 - low * 3);
|
|
301
|
+
return {
|
|
302
|
+
scanType: 'server',
|
|
303
|
+
timestamp: new Date().toISOString(),
|
|
304
|
+
target: targetPath,
|
|
305
|
+
issues,
|
|
306
|
+
score,
|
|
307
|
+
summary: {
|
|
308
|
+
configFilesFound: filesScanned,
|
|
309
|
+
highRiskIssues: high,
|
|
310
|
+
mediumRiskIssues: medium,
|
|
311
|
+
lowRiskIssues: low,
|
|
312
|
+
},
|
|
313
|
+
};
|
|
314
|
+
}
|
|
315
|
+
//# sourceMappingURL=k8s-scanner.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"k8s-scanner.js","sourceRoot":"","sources":["../../src/scanners/k8s-scanner.ts"],"names":[],"mappings":";;;;;AAmTA,0BAqDC;AAxWD,wDAA0B;AAC1B,gDAAwB;AACxB,sDAA2B;AAC3B,4CAAyC;AAyBzC,SAAS,cAAc,CAAC,QAAqB;IAC3C,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAChD,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,QAAQ,CAAC,IAAI,CAAC;IACzC,IAAI,CAAC,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnF,OAAO,QAAQ,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,IAAI,IAAI,CAAC;IAC/C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,YAAY,CAAC,OAAY,EAAE,OAAe,EAAE,YAAoB;IACvE,MAAM,MAAM,GAAoB,EAAE,CAAC;IACnC,IAAI,CAAC,OAAO;QAAE,OAAO,MAAM,CAAC;IAE5B,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,EAAE,CAAC;IAC5C,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,EAAE,CAAC;IACpD,MAAM,aAAa,GAAG,CAAC,GAAG,UAAU,EAAE,GAAG,cAAc,CAAC,CAAC;IAEzD,KAAK,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;QAChC,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,IAAI,mBAAmB,CAAC;QAE9C,kBAAkB;QAClB,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,YAAY,EAAE,CAAC;YACvC,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,MAAM;gBACZ,QAAQ,EAAE,aAAa;gBACvB,KAAK,EAAE,2BAA2B;gBAClC,WAAW,EAAE,cAAc,KAAK,QAAQ,YAAY,kCAAkC;gBACtF,cAAc,EAAE,8DAA8D;gBAC9E,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;QACL,CAAC;QAED,kBAAkB;QAClB,IAAI,GAAG,CAAC,eAAe,EAAE,UAAU,EAAE,CAAC;YACpC,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,MAAM;gBACZ,QAAQ,EAAE,aAAa;gBACvB,KAAK,EAAE,sBAAsB;gBAC7B,WAAW,EAAE,cAAc,KAAK,QAAQ,YAAY,0BAA0B;gBAC9E,cAAc,EAAE,8EAA8E;gBAC9F,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;QACL,CAAC;QAED,qBAAqB;QACrB,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,wBAAwB;gBAC/B,WAAW,EAAE,cAAc,KAAK,QAAQ,YAAY,yBAAyB;gBAC7E,cAAc,EAAE,qFAAqF;gBACrG,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;QACL,CAAC;QAED,uBAAuB;QACvB,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,KAAK;gBACX,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,0BAA0B;gBACjC,WAAW,EAAE,cAAc,KAAK,QAAQ,YAAY,2BAA2B;gBAC/E,cAAc,EAAE,mDAAmD;gBACnE,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;QACL,CAAC;QAED,mBAAmB;QACnB,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YACpC,KAAK,MAAM,EAAE,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;gBAClC,IAAI,EAAE,CAAC,SAAS,IAAI,EAAE,CAAC,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;oBACrD,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,MAAM;wBACZ,QAAQ,EAAE,YAAY;wBACtB,KAAK,EAAE,4BAA4B;wBACnC,WAAW,EAAE,cAAc,KAAK,eAAe,EAAE,CAAC,SAAS,6BAA6B;wBACxF,cAAc,EAAE,0DAA0D;wBAC1E,QAAQ,EAAE,OAAO;qBAClB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC;QAC9B,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YAC/E,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,cAAc;gBACxB,KAAK,EAAE,gCAAgC;gBACvC,WAAW,EAAE,cAAc,KAAK,iBAAiB,KAAK,wBAAwB;gBAC9E,cAAc,EAAE,kFAAkF;gBAClG,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;QACL,CAAC;QAED,+BAA+B;QAC/B,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC;YACvB,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,KAAK;gBACX,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,mBAAmB;gBAC1B,WAAW,EAAE,cAAc,KAAK,yBAAyB;gBACzD,cAAc,EAAE,6DAA6D;gBAC7E,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;QACL,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,KAAK;gBACX,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,oBAAoB;gBAC3B,WAAW,EAAE,cAAc,KAAK,0BAA0B;gBAC1D,cAAc,EAAE,iDAAiD;gBACjE,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;QACL,CAAC;QAED,+CAA+C;QAC/C,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAC3B,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC;gBAC1B,MAAM,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC5C,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC3G,IAAI,GAAG,CAAC,KAAK,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC;wBAChC,MAAM,CAAC,IAAI,CAAC;4BACV,IAAI,EAAE,MAAM;4BACZ,QAAQ,EAAE,QAAQ;4BAClB,KAAK,EAAE,6BAA6B;4BACpC,WAAW,EAAE,cAAc,KAAK,UAAU,GAAG,CAAC,IAAI,oCAAoC;4BACtF,cAAc,EAAE,uEAAuE;4BACvF,QAAQ,EAAE,GAAG,OAAO,UAAU,GAAG,CAAC,IAAI,EAAE;yBACzC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnC,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YAClC,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACjB,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,MAAM;oBACZ,QAAQ,EAAE,YAAY;oBACtB,KAAK,EAAE,yBAAyB;oBAChC,WAAW,EAAE,OAAO,YAAY,0BAA0B,GAAG,CAAC,IAAI,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE;oBAC5F,cAAc,EAAE,qEAAqE;oBACrF,QAAQ,EAAE,OAAO;iBAClB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,cAAc;IACd,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,MAAM;YACZ,QAAQ,EAAE,SAAS;YACnB,KAAK,EAAE,qBAAqB;YAC5B,WAAW,EAAE,OAAO,YAAY,yBAAyB;YACzD,cAAc,EAAE,8FAA8F;YAC9G,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC;IACL,CAAC;IAED,oBAAoB;IACpB,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,aAAa;YACvB,KAAK,EAAE,iBAAiB;YACxB,WAAW,EAAE,OAAO,YAAY,qBAAqB;YACrD,cAAc,EAAE,4CAA4C;YAC5D,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC;IACL,CAAC;IACD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,aAAa;YACvB,KAAK,EAAE,iBAAiB;YACxB,WAAW,EAAE,OAAO,YAAY,qBAAqB;YACrD,cAAc,EAAE,iDAAiD;YACjE,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,YAAY,CAAC,QAAqB,EAAE,OAAe;IAC1D,MAAM,MAAM,GAAoB,EAAE,CAAC;IACnC,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;IAC3B,IAAI,CAAC,IAAI;QAAE,OAAO,MAAM,CAAC;IAEzB,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,EAAE,IAAI,IAAI,iBAAiB,CAAC;IAE1D,mCAAmC;IACnC,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,SAAS;YACnB,KAAK,EAAE,kCAAkC;YACzC,WAAW,EAAE,YAAY,IAAI,wDAAwD;YACrF,cAAc,EAAE,4FAA4F;YAC5G,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC;IACL,CAAC;IAED,WAAW;IACX,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,KAAK;YACX,QAAQ,EAAE,SAAS;YACnB,KAAK,EAAE,uBAAuB;YAC9B,WAAW,EAAE,YAAY,IAAI,mDAAmD;YAChF,cAAc,EAAE,wDAAwD;YACxE,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,aAAa,CAAC,GAAQ,EAAE,OAAe;IAC9C,MAAM,MAAM,GAAoB,EAAE,CAAC;IAEnC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,IAAI;QAAE,OAAO,MAAM,CAAC;IAEhE,MAAM,YAAY,GAAG,GAAG,CAAC,QAAQ,EAAE,IAAI,IAAI,SAAS,CAAC;IACrD,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,KAAK,SAAS,EAAE,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;IAC7C,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,2BAA2B;AAE3B,KAAK,UAAU,aAAa,CAAC,UAAkB;IAC7C,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,CAAC,CAAC,MAAM,kBAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAErD,MAAM,IAAI,GAAG,MAAM,kBAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACvC,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,cAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;QACnD,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC5D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,UAAU,IAAI,CAAC,GAAW;QAC7B,MAAM,OAAO,GAAG,MAAM,kBAAE,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc;gBAAE,SAAS;YAC1E,MAAM,IAAI,GAAG,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YACxC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,CAAC;iBAAM,CAAC;gBACN,MAAM,GAAG,GAAG,cAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;gBACnD,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBACpC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACnB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,IAAI,CAAC,UAAU,CAAC,CAAC;IACvB,OAAO,KAAK,CAAC;AACf,CAAC;AAED,uBAAuB;AAEhB,KAAK,UAAU,OAAO,CAAC,UAAkB,EAAE,UAA0B,EAAE;IAC5E,MAAM,MAAM,GAAoB,EAAE,CAAC;IACnC,IAAI,YAAY,GAAG,CAAC,CAAC;IAErB,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,CAAC;QAElD,KAAK,MAAM,EAAE,IAAI,SAAS,EAAE,CAAC;YAC3B,MAAM,OAAO,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;YAC9C,MAAM,GAAG,GAAG,cAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;YAE1C,kDAAkD;YAClD,MAAM,IAAI,GAAG,iBAAI,CAAC,OAAO,CAAC,OAAO,CAAU,CAAC;YAC5C,IAAI,cAAc,GAAG,KAAK,CAAC;YAE3B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,IAAI;oBAAE,SAAS;gBAC3D,cAAc,GAAG,IAAI,CAAC;gBACtB,MAAM,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;YAC1C,CAAC;YAED,IAAI,cAAc;gBAAE,YAAY,EAAE,CAAC;QACrC,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;QACpC,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,gBAAgB;YACvB,WAAW,EAAE,gCAAgC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;YAC/F,cAAc,EAAE,wDAAwD;SACzE,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC1D,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IAC9D,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,MAAM,CAAC;IAExD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,IAAI,GAAG,EAAE,GAAG,MAAM,GAAG,EAAE,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC;IAEnE,OAAO;QACL,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,MAAM,EAAE,UAAU;QAClB,MAAM;QACN,KAAK;QACL,OAAO,EAAE;YACP,gBAAgB,EAAE,YAAY;YAC9B,cAAc,EAAE,IAAI;YACpB,gBAAgB,EAAE,MAAM;YACxB,aAAa,EAAE,GAAG;SACnB;KACF,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { SecurityResult } from '../types/security-result';
|
|
2
|
+
export interface ScanOptions {
|
|
3
|
+
scanDepth: number;
|
|
4
|
+
vulnerabilityDatabase: string;
|
|
5
|
+
trustWeight: {
|
|
6
|
+
stars: number;
|
|
7
|
+
tests: number;
|
|
8
|
+
ci: number;
|
|
9
|
+
age: number;
|
|
10
|
+
};
|
|
11
|
+
}
|
|
12
|
+
export declare function checkServer(repository: string, options: ScanOptions, verbose?: boolean): Promise<SecurityResult>;
|
|
13
|
+
//# sourceMappingURL=server-scanner.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"server-scanner.d.ts","sourceRoot":"","sources":["../../src/scanners/server-scanner.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,cAAc,EAAiB,MAAM,0BAA0B,CAAC;AAczE,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,WAAW,EAAE;QACX,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,EAAE,EAAE,MAAM,CAAC;QACX,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;CACH;AAED,wBAAsB,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,UAAQ,GAAG,OAAO,CAAC,cAAc,CAAC,CA8DpH"}
|