@trust-assurance-protocol/owaspscan 1.0.0

package/dist/utils/suppression.js

@@ -0,0 +1,33 @@
+// ============================================================
+// Suppression — allow inline disable comments
+// Supports: // owaspscan-disable-next-line RULE-ID
+//           // owaspscan-disable-line
+//           # owaspscan-disable-next-line RULE-ID  (Python)
+// ============================================================
+const DISABLE_LINE_RE = /owaspscan-disable-line(?:\s+([\w,-]+))?/i;
+const DISABLE_NEXT_LINE_RE = /owaspscan-disable-next-line(?:\s+([\w,-]+))?/i;
+export function isSuppressed(lines, lineIndex, // 0-based
+ruleId) {
+    const currentLine = lines[lineIndex] ?? '';
+    const prevLine = lines[lineIndex - 1] ?? '';
+    // Check current line for disable-line
+    const lineMatch = DISABLE_LINE_RE.exec(currentLine);
+    if (lineMatch) {
+        if (!lineMatch[1])
+            return true; // disable all
+        const rules = lineMatch[1].split(',').map((r) => r.trim());
+        if (rules.includes(ruleId))
+            return true;
+    }
+    // Check previous line for disable-next-line
+    const nextLineMatch = DISABLE_NEXT_LINE_RE.exec(prevLine);
+    if (nextLineMatch) {
+        if (!nextLineMatch[1])
+            return true; // disable all
+        const rules = nextLineMatch[1].split(',').map((r) => r.trim());
+        if (rules.includes(ruleId))
+            return true;
+    }
+    return false;
+}
+//# sourceMappingURL=suppression.js.map

package/dist/utils/suppression.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"suppression.js","sourceRoot":"","sources":["../../src/utils/suppression.ts"],"names":[],"mappings":"AAAA,+DAA+D;AAC/D,8CAA8C;AAC9C,mDAAmD;AACnD,sCAAsC;AACtC,4DAA4D;AAC5D,+DAA+D;AAE/D,MAAM,eAAe,GAAG,0CAA0C,CAAC;AACnE,MAAM,oBAAoB,GAAG,+CAA+C,CAAC;AAE7E,MAAM,UAAU,YAAY,CAC1B,KAAe,EACf,SAAiB,EAAE,UAAU;AAC7B,MAAc;IAEd,MAAM,WAAW,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAE5C,sCAAsC;IACtC,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACpD,IAAI,SAAS,EAAE,CAAC;QACd,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC,CAAC,cAAc;QAC9C,MAAM,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3D,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,IAAI,CAAC;IAC1C,CAAC;IAED,4CAA4C;IAC5C,MAAM,aAAa,GAAG,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC1D,IAAI,aAAa,EAAE,CAAC;QAClB,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC,CAAC,cAAc;QAClD,MAAM,KAAK,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC/D,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,IAAI,CAAC;IAC1C,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/package.json

@@ -0,0 +1,94 @@
+{
+  "name": "@trust-assurance-protocol/owaspscan",
+  "version": "1.0.0",
+  "description": "Professional OWASP Top 10 + LLM Top 10 security auditor for AI-generated and human-written code",
+  "keywords": [
+    "owasp",
+    "security",
+    "audit",
+    "llm",
+    "ai",
+    "vulnerability",
+    "static-analysis",
+    "mcp"
+  ],
+  "author": "OWASPScan Contributors",
+  "license": "MIT",
+  "type": "module",
+  "bin": {
+    "owaspscan": "./dist/cli/index.js"
+  },
+  "main": "./dist/scanner/engine.js",
+  "types": "./dist/scanner/engine.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/scanner/engine.d.ts",
+      "default": "./dist/scanner/engine.js"
+    },
+    "./types": {
+      "types": "./dist/types/index.d.ts",
+      "default": "./dist/types/index.js"
+    },
+    "./mcp": {
+      "types": "./dist/mcp/server.d.ts",
+      "default": "./dist/mcp/server.js"
+    }
+  },
+  "files": [
+    "dist/",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "clean": "rm -rf dist",
+    "build": "npm run clean && tsc",
+    "build:watch": "tsc --watch",
+    "dev": "tsx src/cli/index.ts",
+    "start": "node dist/cli/index.js",
+    "test": "NODE_OPTIONS='--experimental-vm-modules' npx jest",
+    "test:watch": "NODE_OPTIONS='--experimental-vm-modules' npx jest --watch",
+    "lint": "eslint src --ext .ts",
+    "lint:fix": "eslint src --ext .ts --fix",
+    "mcp": "tsx src/mcp/server.ts",
+    "prepublishOnly": "npm run build && npm test"
+  },
+  "dependencies": {
+    "@anthropic-ai/sdk": "^0.78.0",
+    "@modelcontextprotocol/sdk": "^1.0.0",
+    "chalk": "^5.3.0",
+    "commander": "^12.0.0",
+    "glob": "^11.0.0",
+    "ignore": "^5.3.0",
+    "tree-sitter": "^0.25.0",
+    "tree-sitter-javascript": "^0.25.0",
+    "tree-sitter-python": "^0.25.0",
+    "zod": "^3.25.76"
+  },
+  "devDependencies": {
+    "@types/jest": "^29.5.0",
+    "@types/node": "^20.0.0",
+    "@typescript-eslint/eslint-plugin": "^7.0.0",
+    "@typescript-eslint/parser": "^7.0.0",
+    "eslint": "^8.57.0",
+    "jest": "^29.7.0",
+    "ts-jest": "^29.1.0",
+    "tsx": "^4.7.0",
+    "typescript": "^5.4.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "jest": {
+    "preset": "ts-jest/presets/default-esm",
+    "extensionsToTreatAsEsm": [
+      ".ts"
+    ],
+    "moduleNameMapper": {
+      "^(\\.{1,2}/.*)\\.js$": "$1"
+    },
+    "testEnvironment": "node",
+    "testMatch": [
+      "**/tests/**/*.test.ts"
+    ]
+  }
+}