@vyuhlabs/dxkit 1.5.0 → 1.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +272 -0
- package/README.md +272 -358
- package/THIRD_PARTY_NOTICES.md +40 -0
- package/dist/analyzers/developer/detailed.d.ts +26 -0
- package/dist/analyzers/developer/detailed.d.ts.map +1 -0
- package/dist/analyzers/developer/detailed.js +193 -0
- package/dist/analyzers/developer/detailed.js.map +1 -0
- package/dist/analyzers/developer/gather.d.ts +11 -0
- package/dist/analyzers/developer/gather.d.ts.map +1 -0
- package/dist/analyzers/developer/gather.js +167 -0
- package/dist/analyzers/developer/gather.js.map +1 -0
- package/dist/analyzers/developer/index.d.ts +8 -0
- package/dist/analyzers/developer/index.d.ts.map +1 -0
- package/dist/analyzers/developer/index.js +168 -0
- package/dist/analyzers/developer/index.js.map +1 -0
- package/dist/analyzers/developer/types.d.ts +49 -0
- package/dist/analyzers/developer/types.d.ts.map +1 -0
- package/dist/analyzers/developer/types.js +6 -0
- package/dist/analyzers/developer/types.js.map +1 -0
- package/dist/analyzers/docs/shallow.d.ts +9 -0
- package/dist/analyzers/docs/shallow.d.ts.map +1 -0
- package/dist/analyzers/docs/shallow.js +8 -0
- package/dist/analyzers/docs/shallow.js.map +1 -0
- package/dist/analyzers/dx/shallow.d.ts +9 -0
- package/dist/analyzers/dx/shallow.d.ts.map +1 -0
- package/dist/analyzers/dx/shallow.js +8 -0
- package/dist/analyzers/dx/shallow.js.map +1 -0
- package/dist/analyzers/evidence.d.ts +36 -0
- package/dist/analyzers/evidence.d.ts.map +1 -0
- package/dist/analyzers/evidence.js +3 -0
- package/dist/analyzers/evidence.js.map +1 -0
- package/dist/analyzers/health/actions.d.ts +10 -0
- package/dist/analyzers/health/actions.d.ts.map +1 -0
- package/dist/analyzers/health/actions.js +284 -0
- package/dist/analyzers/health/actions.js.map +1 -0
- package/dist/analyzers/health/detailed.d.ts +26 -0
- package/dist/analyzers/health/detailed.d.ts.map +1 -0
- package/dist/analyzers/health/detailed.js +147 -0
- package/dist/analyzers/health/detailed.js.map +1 -0
- package/dist/analyzers/health.d.ts +22 -0
- package/dist/analyzers/health.d.ts.map +1 -0
- package/dist/analyzers/health.js +270 -0
- package/dist/analyzers/health.js.map +1 -0
- package/dist/analyzers/index.d.ts +3 -0
- package/dist/analyzers/index.d.ts.map +1 -0
- package/dist/analyzers/index.js +6 -0
- package/dist/analyzers/index.js.map +1 -0
- package/dist/analyzers/maintainability/shallow.d.ts +9 -0
- package/dist/analyzers/maintainability/shallow.d.ts.map +1 -0
- package/dist/analyzers/maintainability/shallow.js +8 -0
- package/dist/analyzers/maintainability/shallow.js.map +1 -0
- package/dist/analyzers/quality/actions.d.ts +5 -0
- package/dist/analyzers/quality/actions.d.ts.map +1 -0
- package/dist/analyzers/quality/actions.js +158 -0
- package/dist/analyzers/quality/actions.js.map +1 -0
- package/dist/analyzers/quality/detailed.d.ts +17 -0
- package/dist/analyzers/quality/detailed.d.ts.map +1 -0
- package/dist/analyzers/quality/detailed.js +122 -0
- package/dist/analyzers/quality/detailed.js.map +1 -0
- package/dist/analyzers/quality/gather.d.ts +38 -0
- package/dist/analyzers/quality/gather.d.ts.map +1 -0
- package/dist/analyzers/quality/gather.js +279 -0
- package/dist/analyzers/quality/gather.js.map +1 -0
- package/dist/analyzers/quality/index.d.ts +12 -0
- package/dist/analyzers/quality/index.d.ts.map +1 -0
- package/dist/analyzers/quality/index.js +281 -0
- package/dist/analyzers/quality/index.js.map +1 -0
- package/dist/analyzers/quality/shallow.d.ts +9 -0
- package/dist/analyzers/quality/shallow.d.ts.map +1 -0
- package/dist/analyzers/quality/shallow.js +8 -0
- package/dist/analyzers/quality/shallow.js.map +1 -0
- package/dist/analyzers/quality/types.d.ts +66 -0
- package/dist/analyzers/quality/types.d.ts.map +1 -0
- package/dist/analyzers/quality/types.js +3 -0
- package/dist/analyzers/quality/types.js.map +1 -0
- package/dist/analyzers/remediation.d.ts +42 -0
- package/dist/analyzers/remediation.d.ts.map +1 -0
- package/dist/analyzers/remediation.js +28 -0
- package/dist/analyzers/remediation.js.map +1 -0
- package/dist/analyzers/scoring.d.ts +32 -0
- package/dist/analyzers/scoring.d.ts.map +1 -0
- package/dist/analyzers/scoring.js +410 -0
- package/dist/analyzers/scoring.js.map +1 -0
- package/dist/analyzers/security/actions.d.ts +7 -0
- package/dist/analyzers/security/actions.d.ts.map +1 -0
- package/dist/analyzers/security/actions.js +104 -0
- package/dist/analyzers/security/actions.js.map +1 -0
- package/dist/analyzers/security/detailed.d.ts +14 -0
- package/dist/analyzers/security/detailed.d.ts.map +1 -0
- package/dist/analyzers/security/detailed.js +124 -0
- package/dist/analyzers/security/detailed.js.map +1 -0
- package/dist/analyzers/security/gather.d.ts +12 -0
- package/dist/analyzers/security/gather.d.ts.map +1 -0
- package/dist/analyzers/security/gather.js +195 -0
- package/dist/analyzers/security/gather.js.map +1 -0
- package/dist/analyzers/security/index.d.ts +8 -0
- package/dist/analyzers/security/index.d.ts.map +1 -0
- package/dist/analyzers/security/index.js +173 -0
- package/dist/analyzers/security/index.js.map +1 -0
- package/dist/analyzers/security/scoring.d.ts +29 -0
- package/dist/analyzers/security/scoring.d.ts.map +1 -0
- package/dist/analyzers/security/scoring.js +40 -0
- package/dist/analyzers/security/scoring.js.map +1 -0
- package/dist/analyzers/security/shallow.d.ts +10 -0
- package/dist/analyzers/security/shallow.d.ts.map +1 -0
- package/dist/analyzers/security/shallow.js +8 -0
- package/dist/analyzers/security/shallow.js.map +1 -0
- package/dist/analyzers/security/types.d.ts +43 -0
- package/dist/analyzers/security/types.d.ts.map +1 -0
- package/dist/analyzers/security/types.js +6 -0
- package/dist/analyzers/security/types.js.map +1 -0
- package/dist/analyzers/tests/actions.d.ts +6 -0
- package/dist/analyzers/tests/actions.d.ts.map +1 -0
- package/dist/analyzers/tests/actions.js +80 -0
- package/dist/analyzers/tests/actions.js.map +1 -0
- package/dist/analyzers/tests/detailed.d.ts +14 -0
- package/dist/analyzers/tests/detailed.d.ts.map +1 -0
- package/dist/analyzers/tests/detailed.js +121 -0
- package/dist/analyzers/tests/detailed.js.map +1 -0
- package/dist/analyzers/tests/gather.d.ts +5 -0
- package/dist/analyzers/tests/gather.d.ts.map +1 -0
- package/dist/analyzers/tests/gather.js +270 -0
- package/dist/analyzers/tests/gather.js.map +1 -0
- package/dist/analyzers/tests/import-graph.d.ts +48 -0
- package/dist/analyzers/tests/import-graph.d.ts.map +1 -0
- package/dist/analyzers/tests/import-graph.js +231 -0
- package/dist/analyzers/tests/import-graph.js.map +1 -0
- package/dist/analyzers/tests/index.d.ts +8 -0
- package/dist/analyzers/tests/index.d.ts.map +1 -0
- package/dist/analyzers/tests/index.js +247 -0
- package/dist/analyzers/tests/index.js.map +1 -0
- package/dist/analyzers/tests/scoring.d.ts +27 -0
- package/dist/analyzers/tests/scoring.d.ts.map +1 -0
- package/dist/analyzers/tests/scoring.js +38 -0
- package/dist/analyzers/tests/scoring.js.map +1 -0
- package/dist/analyzers/tests/shallow.d.ts +9 -0
- package/dist/analyzers/tests/shallow.d.ts.map +1 -0
- package/dist/analyzers/tests/shallow.js +8 -0
- package/dist/analyzers/tests/shallow.js.map +1 -0
- package/dist/analyzers/tests/types.d.ts +49 -0
- package/dist/analyzers/tests/types.d.ts.map +1 -0
- package/dist/analyzers/tests/types.js +6 -0
- package/dist/analyzers/tests/types.js.map +1 -0
- package/dist/analyzers/tools/cloc.d.ts +8 -0
- package/dist/analyzers/tools/cloc.d.ts.map +1 -0
- package/dist/analyzers/tools/cloc.js +49 -0
- package/dist/analyzers/tools/cloc.js.map +1 -0
- package/dist/analyzers/tools/coverage.d.ts +59 -0
- package/dist/analyzers/tools/coverage.d.ts.map +1 -0
- package/dist/analyzers/tools/coverage.js +280 -0
- package/dist/analyzers/tools/coverage.js.map +1 -0
- package/dist/analyzers/tools/cvss-v4-lookup.d.ts +10 -0
- package/dist/analyzers/tools/cvss-v4-lookup.d.ts.map +1 -0
- package/dist/analyzers/tools/cvss-v4-lookup.js +284 -0
- package/dist/analyzers/tools/cvss-v4-lookup.js.map +1 -0
- package/dist/analyzers/tools/cvss-v4.d.ts +24 -0
- package/dist/analyzers/tools/cvss-v4.d.ts.map +1 -0
- package/dist/analyzers/tools/cvss-v4.js +362 -0
- package/dist/analyzers/tools/cvss-v4.js.map +1 -0
- package/dist/analyzers/tools/default-exclusions.gitignore +56 -0
- package/dist/analyzers/tools/exclusions.d.ts +70 -0
- package/dist/analyzers/tools/exclusions.d.ts.map +1 -0
- package/dist/analyzers/tools/exclusions.js +250 -0
- package/dist/analyzers/tools/exclusions.js.map +1 -0
- package/dist/analyzers/tools/generic.d.ts +4 -0
- package/dist/analyzers/tools/generic.d.ts.map +1 -0
- package/dist/analyzers/tools/generic.js +198 -0
- package/dist/analyzers/tools/generic.js.map +1 -0
- package/dist/analyzers/tools/gitleaks.d.ts +8 -0
- package/dist/analyzers/tools/gitleaks.d.ts.map +1 -0
- package/dist/analyzers/tools/gitleaks.js +58 -0
- package/dist/analyzers/tools/gitleaks.js.map +1 -0
- package/dist/analyzers/tools/graphify.d.ts +4 -0
- package/dist/analyzers/tools/graphify.d.ts.map +1 -0
- package/dist/analyzers/tools/graphify.js +222 -0
- package/dist/analyzers/tools/graphify.js.map +1 -0
- package/dist/analyzers/tools/osv.d.ts +51 -0
- package/dist/analyzers/tools/osv.d.ts.map +1 -0
- package/dist/analyzers/tools/osv.js +188 -0
- package/dist/analyzers/tools/osv.js.map +1 -0
- package/dist/analyzers/tools/parallel.d.ts +8 -0
- package/dist/analyzers/tools/parallel.d.ts.map +1 -0
- package/dist/analyzers/tools/parallel.js +195 -0
- package/dist/analyzers/tools/parallel.js.map +1 -0
- package/dist/analyzers/tools/runner.d.ts +13 -0
- package/dist/analyzers/tools/runner.d.ts.map +1 -0
- package/dist/analyzers/tools/runner.js +109 -0
- package/dist/analyzers/tools/runner.js.map +1 -0
- package/dist/analyzers/tools/suppressions.d.ts +55 -0
- package/dist/analyzers/tools/suppressions.d.ts.map +1 -0
- package/dist/analyzers/tools/suppressions.js +203 -0
- package/dist/analyzers/tools/suppressions.js.map +1 -0
- package/dist/analyzers/tools/timing.d.ts +9 -0
- package/dist/analyzers/tools/timing.d.ts.map +1 -0
- package/dist/analyzers/tools/timing.js +29 -0
- package/dist/analyzers/tools/timing.js.map +1 -0
- package/dist/analyzers/tools/tool-registry.d.ts +86 -0
- package/dist/analyzers/tools/tool-registry.d.ts.map +1 -0
- package/dist/analyzers/tools/tool-registry.js +705 -0
- package/dist/analyzers/tools/tool-registry.js.map +1 -0
- package/dist/analyzers/types.d.ts +125 -0
- package/dist/analyzers/types.d.ts.map +1 -0
- package/dist/analyzers/types.js +11 -0
- package/dist/analyzers/types.js.map +1 -0
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +462 -0
- package/dist/cli.js.map +1 -1
- package/dist/detect.d.ts.map +1 -1
- package/dist/detect.js +24 -15
- package/dist/detect.js.map +1 -1
- package/dist/languages/csharp.d.ts +5 -0
- package/dist/languages/csharp.d.ts.map +1 -0
- package/dist/languages/csharp.js +265 -0
- package/dist/languages/csharp.js.map +1 -0
- package/dist/languages/go.d.ts +11 -0
- package/dist/languages/go.d.ts.map +1 -0
- package/dist/languages/go.js +321 -0
- package/dist/languages/go.js.map +1 -0
- package/dist/languages/index.d.ts +6 -0
- package/dist/languages/index.d.ts.map +1 -0
- package/dist/languages/index.js +18 -0
- package/dist/languages/index.js.map +1 -0
- package/dist/languages/python.d.ts +3 -0
- package/dist/languages/python.d.ts.map +1 -0
- package/dist/languages/python.js +284 -0
- package/dist/languages/python.js.map +1 -0
- package/dist/languages/rust.d.ts +17 -0
- package/dist/languages/rust.d.ts.map +1 -0
- package/dist/languages/rust.js +333 -0
- package/dist/languages/rust.js.map +1 -0
- package/dist/languages/types.d.ts +38 -0
- package/dist/languages/types.d.ts.map +1 -0
- package/dist/languages/types.js +3 -0
- package/dist/languages/types.js.map +1 -0
- package/dist/languages/typescript.d.ts +15 -0
- package/dist/languages/typescript.d.ts.map +1 -0
- package/dist/languages/typescript.js +353 -0
- package/dist/languages/typescript.js.map +1 -0
- package/dist/logger.d.ts +1 -0
- package/dist/logger.d.ts.map +1 -1
- package/dist/logger.js +25 -12
- package/dist/logger.js.map +1 -1
- package/dist/project-yaml.d.ts.map +1 -1
- package/dist/project-yaml.js +1 -0
- package/dist/project-yaml.js.map +1 -1
- package/dist/tools-cli.d.ts +2 -0
- package/dist/tools-cli.d.ts.map +1 -0
- package/dist/tools-cli.js +231 -0
- package/dist/tools-cli.js.map +1 -0
- package/dist/types.d.ts +10 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +6 -2
- package/templates/.claude/commands/dev-report.md +34 -4
- package/templates/.claude/commands/health.md +45 -2
- package/templates/.claude/commands/quality.md.template +38 -15
- package/templates/.claude/commands/test-gaps.md +36 -2
- package/templates/.claude/commands/vulnerabilities.md +36 -2
- package/templates/.project/scripts/setup/interactive-setup.sh +6 -2
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.buildSecurityDetailed = buildSecurityDetailed;
|
|
4
|
+
exports.formatSecurityDetailedMarkdown = formatSecurityDetailedMarkdown;
|
|
5
|
+
const remediation_1 = require("../remediation");
|
|
6
|
+
const actions_1 = require("./actions");
|
|
7
|
+
const scoring_1 = require("./scoring");
|
|
8
|
+
function buildSecurityDetailed(report) {
|
|
9
|
+
const counts = (0, actions_1.countsFromReport)(report);
|
|
10
|
+
const actions = (0, remediation_1.rank)((0, actions_1.buildSecurityActions)(report), counts, scoring_1.scoreSecurityCounts);
|
|
11
|
+
return {
|
|
12
|
+
...report,
|
|
13
|
+
schemaVersion: '10c.1',
|
|
14
|
+
securityScore: (0, scoring_1.scoreSecurityCounts)(counts).score,
|
|
15
|
+
actions,
|
|
16
|
+
};
|
|
17
|
+
}
|
|
18
|
+
const SEV_ORDER = { critical: 0, high: 1, medium: 2, low: 3 };
|
|
19
|
+
function formatSecurityDetailedMarkdown(detailed, elapsed) {
|
|
20
|
+
const L = [];
|
|
21
|
+
const s = detailed.summary.findings;
|
|
22
|
+
const d = detailed.summary.dependencies;
|
|
23
|
+
L.push('# Vulnerability Scan — Detailed');
|
|
24
|
+
L.push('');
|
|
25
|
+
L.push(`**Date:** ${detailed.analyzedAt.slice(0, 10)}`);
|
|
26
|
+
L.push(`**Repository:** ${detailed.repo}`);
|
|
27
|
+
L.push(`**Branch:** ${detailed.branch} (${detailed.commitSha})`);
|
|
28
|
+
L.push(`**Security Score:** ${detailed.securityScore}/100`);
|
|
29
|
+
L.push(`**Schema version:** ${detailed.schemaVersion}`);
|
|
30
|
+
L.push('');
|
|
31
|
+
L.push('---');
|
|
32
|
+
L.push('');
|
|
33
|
+
// Summary
|
|
34
|
+
L.push('## Summary');
|
|
35
|
+
L.push('');
|
|
36
|
+
L.push(`Code findings: ${s.critical}C ${s.high}H ${s.medium}M ${s.low}L (${s.total} total). ` +
|
|
37
|
+
(d.tool
|
|
38
|
+
? `Dependency vulns: ${d.critical}C ${d.high}H ${d.medium}M ${d.low}L (${d.total}, via ${d.tool}).`
|
|
39
|
+
: 'No dependency audit data.'));
|
|
40
|
+
L.push('');
|
|
41
|
+
L.push('---');
|
|
42
|
+
L.push('');
|
|
43
|
+
// Ranked actions
|
|
44
|
+
L.push('## Recommended Actions');
|
|
45
|
+
L.push('');
|
|
46
|
+
if (detailed.actions.length === 0) {
|
|
47
|
+
L.push('No security findings — nothing to remediate.');
|
|
48
|
+
}
|
|
49
|
+
else {
|
|
50
|
+
L.push('Actions are ranked by projected score improvement.');
|
|
51
|
+
L.push('');
|
|
52
|
+
L.push('| # | Action | Score Δ | Projected |');
|
|
53
|
+
L.push('|---|--------|--------:|----------:|');
|
|
54
|
+
detailed.actions.forEach((a, i) => {
|
|
55
|
+
L.push(`| ${i + 1} | ${a.title} | +${a.scoreDelta} | ${a.projectedScore}/100 |`);
|
|
56
|
+
});
|
|
57
|
+
L.push('');
|
|
58
|
+
for (const a of detailed.actions) {
|
|
59
|
+
L.push(`### ${a.title} (+${a.scoreDelta})`);
|
|
60
|
+
L.push('');
|
|
61
|
+
L.push(`- **ID:** \`${a.id}\``);
|
|
62
|
+
L.push(`- **Baseline:** ${a.baselineScore}/100`);
|
|
63
|
+
L.push(`- **Projected:** ${a.projectedScore}/100`);
|
|
64
|
+
if (a.rationale)
|
|
65
|
+
L.push(`- **Why:** ${a.rationale}`);
|
|
66
|
+
if (a.evidence.length) {
|
|
67
|
+
L.push('- **Evidence:**');
|
|
68
|
+
for (const e of a.evidence.slice(0, 20)) {
|
|
69
|
+
const loc = e.line ? `:${e.line}` : '';
|
|
70
|
+
L.push(` - \`${e.file}${loc}\` — ${e.message || e.rule}`);
|
|
71
|
+
}
|
|
72
|
+
if (a.evidence.length > 20) {
|
|
73
|
+
L.push(` - … and ${a.evidence.length - 20} more`);
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
L.push('');
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
L.push('---');
|
|
80
|
+
L.push('');
|
|
81
|
+
// Full findings inventory
|
|
82
|
+
L.push('## Findings Inventory');
|
|
83
|
+
L.push('');
|
|
84
|
+
const sorted = [...detailed.findings].sort((a, b) => SEV_ORDER[a.severity] - SEV_ORDER[b.severity] || a.file.localeCompare(b.file));
|
|
85
|
+
if (sorted.length === 0) {
|
|
86
|
+
L.push('No code findings.');
|
|
87
|
+
}
|
|
88
|
+
else {
|
|
89
|
+
L.push('| Severity | Rule | File:Line | Tool | CWE |');
|
|
90
|
+
L.push('|----------|------|-----------|------|-----|');
|
|
91
|
+
for (const f of sorted) {
|
|
92
|
+
L.push(`| ${f.severity.toUpperCase()} | \`${f.rule}\` | \`${f.file}${f.line ? ':' + f.line : ''}\` | ${f.tool} | ${f.cwe || '—'} |`);
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
L.push('');
|
|
96
|
+
L.push('---');
|
|
97
|
+
L.push('');
|
|
98
|
+
// Dependencies
|
|
99
|
+
if (d.tool) {
|
|
100
|
+
L.push('## Dependency Vulnerabilities');
|
|
101
|
+
L.push('');
|
|
102
|
+
L.push(`Tool: ${d.tool}`);
|
|
103
|
+
L.push('');
|
|
104
|
+
L.push('| Severity | Count |');
|
|
105
|
+
L.push('|----------|------:|');
|
|
106
|
+
L.push(`| Critical | ${d.critical} |`);
|
|
107
|
+
L.push(`| High | ${d.high} |`);
|
|
108
|
+
L.push(`| Medium | ${d.medium} |`);
|
|
109
|
+
L.push(`| Low | ${d.low} |`);
|
|
110
|
+
L.push(`| **Total** | **${d.total}** |`);
|
|
111
|
+
L.push('');
|
|
112
|
+
L.push('---');
|
|
113
|
+
L.push('');
|
|
114
|
+
}
|
|
115
|
+
L.push(`**Tools used:** ${detailed.toolsUsed.join(', ')}`);
|
|
116
|
+
if (detailed.toolsUnavailable.length > 0) {
|
|
117
|
+
L.push(`**Tools unavailable:** ${detailed.toolsUnavailable.join(', ')}`);
|
|
118
|
+
}
|
|
119
|
+
L.push(`**Analysis time:** ${elapsed}s`);
|
|
120
|
+
L.push('');
|
|
121
|
+
L.push('*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit) — detailed mode*');
|
|
122
|
+
return L.join('\n');
|
|
123
|
+
}
|
|
124
|
+
//# sourceMappingURL=detailed.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"detailed.js","sourceRoot":"","sources":["../../../src/analyzers/security/detailed.ts"],"names":[],"mappings":";;AAcA,sDASC;AAID,wEAsHC;AA7ID,gDAAoD;AACpD,uCAAmE;AACnE,uCAAgE;AAQhE,SAAgB,qBAAqB,CAAC,MAAsB;IAC1D,MAAM,MAAM,GAAG,IAAA,0BAAgB,EAAC,MAAM,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,IAAA,kBAAI,EAAC,IAAA,8BAAoB,EAAC,MAAM,CAAC,EAAE,MAAM,EAAE,6BAAmB,CAAC,CAAC;IAChF,OAAO;QACL,GAAG,MAAM;QACT,aAAa,EAAE,OAAO;QACtB,aAAa,EAAE,IAAA,6BAAmB,EAAC,MAAM,CAAC,CAAC,KAAK;QAChD,OAAO;KACR,CAAC;AACJ,CAAC;AAED,MAAM,SAAS,GAA6B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;AAExF,SAAgB,8BAA8B,CAC5C,QAAgC,EAChC,OAAe;IAEf,MAAM,CAAC,GAAa,EAAE,CAAC;IACvB,MAAM,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC;IACpC,MAAM,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC;IAExC,CAAC,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;IAC1C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,aAAa,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;IACxD,CAAC,CAAC,IAAI,CAAC,mBAAmB,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3C,CAAC,CAAC,IAAI,CAAC,eAAe,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,SAAS,GAAG,CAAC,CAAC;IACjE,CAAC,CAAC,IAAI,CAAC,uBAAuB,QAAQ,CAAC,aAAa,MAAM,CAAC,CAAC;IAC5D,CAAC,CAAC,IAAI,CAAC,uBAAuB,QAAQ,CAAC,aAAa,EAAE,CAAC,CAAC;IACxD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,UAAU;IACV,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACrB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CACJ,kBAAkB,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,KAAK,WAAW;QACpF,CAAC,CAAC,CAAC,IAAI;YACL,CAAC,CAAC,qBAAqB,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,IAAI,IAAI;YACnG,CAAC,CAAC,2BAA2B,CAAC,CACnC,CAAC;IACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,iBAAiB;IACjB,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IACjC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,CAAC,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;IACzD,CAAC;SAAM,CAAC;QACN,CAAC,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAC7D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QAC/C,CAAC,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QAC/C,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YAChC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC,UAAU,MAAM,CAAC,CAAC,cAAc,QAAQ,CAAC,CAAC;QACnF,CAAC,CAAC,CAAC;QACH,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACjC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC;YAC5C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACX,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;YAChC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,aAAa,MAAM,CAAC,CAAC;YACjD,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,cAAc,MAAM,CAAC,CAAC;YACnD,IAAI,CAAC,CAAC,SAAS;gBAAE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;YACrD,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACtB,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;gBAC1B,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;oBACxC,MAAM,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACvC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,GAAG,GAAG,QAAQ,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC7D,CAAC;gBACD,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;oBAC3B,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC,CAAC;gBACrD,CAAC;YACH,CAAC;YACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACb,CAAC;IACH,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,0BAA0B;IAC1B,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAChC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,MAAM,MAAM,GAAsB,CAAC,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,IAAI,CAC3D,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CACxF,CAAC;IACF,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,CAAC,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QACvD,CAAC,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QACvD,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,CAAC,CAAC,IAAI,CACJ,KAAK,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,GAAG,IAAI,GAAG,IAAI,CAC7H,CAAC;QACJ,CAAC;IACH,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,eAAe;IACf,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QACxC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC1B,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC/B,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC/B,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC;QACvC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC;QACnC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC;QACrC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAClC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;QACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,CAAC,CAAC,IAAI,CAAC,mBAAmB,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3D,IAAI,QAAQ,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzC,CAAC,CAAC,IAAI,CAAC,0BAA0B,QAAQ,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,sBAAsB,OAAO,GAAG,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CACJ,gGAAgG,CACjG,CAAC;IACF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { SecurityFinding, DepVulnSummary } from './types';
|
|
2
|
+
export declare function gatherSecrets(cwd: string): {
|
|
3
|
+
findings: SecurityFinding[];
|
|
4
|
+
toolUsed: string | null;
|
|
5
|
+
};
|
|
6
|
+
export declare function gatherFileFindings(cwd: string): SecurityFinding[];
|
|
7
|
+
export declare function gatherCodePatterns(cwd: string): {
|
|
8
|
+
findings: SecurityFinding[];
|
|
9
|
+
toolUsed: string | null;
|
|
10
|
+
};
|
|
11
|
+
export declare function gatherDepVulns(cwd: string): DepVulnSummary;
|
|
12
|
+
//# sourceMappingURL=gather.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"gather.d.ts","sourceRoot":"","sources":["../../../src/analyzers/security/gather.ts"],"names":[],"mappings":"AAaA,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAW1D,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG;IAC1C,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CAyCA;AAID,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe,EAAE,CAuCjE;AAiCD,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG;IAC/C,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CA8CA;AAuCD,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,CAgB1D"}
|
|
@@ -0,0 +1,195 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.gatherSecrets = gatherSecrets;
|
|
4
|
+
exports.gatherFileFindings = gatherFileFindings;
|
|
5
|
+
exports.gatherCodePatterns = gatherCodePatterns;
|
|
6
|
+
exports.gatherDepVulns = gatherDepVulns;
|
|
7
|
+
/**
|
|
8
|
+
* Security finding gatherers — one function per tool, no overlap.
|
|
9
|
+
*
|
|
10
|
+
* Tool boundaries:
|
|
11
|
+
* gitleaks → secrets (hardcoded credentials, API keys, private keys in source)
|
|
12
|
+
* find/git → private key files on disk (.key, .pem), .env tracked in git
|
|
13
|
+
* semgrep → code patterns (eval, exec, TLS, CORS, SQLi, XSS, SSRF, etc.)
|
|
14
|
+
* npm audit → dependency CVEs
|
|
15
|
+
*/
|
|
16
|
+
const detect_1 = require("../../detect");
|
|
17
|
+
const runner_1 = require("../tools/runner");
|
|
18
|
+
const tool_registry_1 = require("../tools/tool-registry");
|
|
19
|
+
const exclusions_1 = require("../tools/exclusions");
|
|
20
|
+
function gatherSecrets(cwd) {
|
|
21
|
+
const status = (0, tool_registry_1.findTool)(tool_registry_1.TOOL_DEFS.gitleaks, cwd);
|
|
22
|
+
if (!status.available || !status.path)
|
|
23
|
+
return { findings: [], toolUsed: null };
|
|
24
|
+
const reportPath = `/tmp/dxkit-gitleaks-${Date.now()}.json`;
|
|
25
|
+
(0, runner_1.run)(`${status.path} detect --source '${cwd}' --report-format json --report-path '${reportPath}' --no-git --exit-code 0 2>/dev/null`, cwd, 120000);
|
|
26
|
+
const raw = (0, runner_1.run)(`cat '${reportPath}' 2>/dev/null`, cwd);
|
|
27
|
+
(0, runner_1.run)(`rm -f '${reportPath}'`, cwd);
|
|
28
|
+
if (!raw)
|
|
29
|
+
return { findings: [], toolUsed: 'gitleaks' };
|
|
30
|
+
try {
|
|
31
|
+
const entries = JSON.parse(raw);
|
|
32
|
+
if (!Array.isArray(entries))
|
|
33
|
+
return { findings: [], toolUsed: 'gitleaks' };
|
|
34
|
+
// Post-filter via the centralized exclusions predicate so we never drift
|
|
35
|
+
// between tools on what counts as "ignored".
|
|
36
|
+
const findings = entries
|
|
37
|
+
.filter((e) => {
|
|
38
|
+
const relPath = e.File.replace(cwd + '/', '').replace(cwd, '');
|
|
39
|
+
return !(0, exclusions_1.isExcludedPath)(cwd, relPath);
|
|
40
|
+
})
|
|
41
|
+
.map((e) => ({
|
|
42
|
+
severity: e.RuleID === 'private-key' ? 'critical' : 'high',
|
|
43
|
+
category: 'secret',
|
|
44
|
+
cwe: 'CWE-798',
|
|
45
|
+
rule: e.RuleID,
|
|
46
|
+
title: e.Description,
|
|
47
|
+
file: e.File.replace(cwd + '/', '').replace(cwd, ''),
|
|
48
|
+
line: e.StartLine,
|
|
49
|
+
tool: 'gitleaks',
|
|
50
|
+
}));
|
|
51
|
+
return { findings, toolUsed: 'gitleaks' };
|
|
52
|
+
}
|
|
53
|
+
catch {
|
|
54
|
+
return { findings: [], toolUsed: 'gitleaks' };
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
// ─── find/git: private key files, .env in git ───────────────────────────────
|
|
58
|
+
function gatherFileFindings(cwd) {
|
|
59
|
+
const findings = [];
|
|
60
|
+
const EXCLUDE = (0, exclusions_1.getFindExcludeFlags)(cwd, false); // don't exclude source paths for security scanning
|
|
61
|
+
// Private key / cert files on disk
|
|
62
|
+
const keyFiles = (0, runner_1.run)(`find . \\( -name "*.key" -o -name "*.pem" \\) ${EXCLUDE} 2>/dev/null`, cwd);
|
|
63
|
+
if (keyFiles) {
|
|
64
|
+
for (const f of keyFiles.split('\n').filter((l) => l.trim())) {
|
|
65
|
+
findings.push({
|
|
66
|
+
severity: 'critical',
|
|
67
|
+
category: 'secret',
|
|
68
|
+
cwe: 'CWE-798',
|
|
69
|
+
rule: 'private-key-file',
|
|
70
|
+
title: `Private key or certificate file: ${f.replace('./', '')}`,
|
|
71
|
+
file: f.replace('./', ''),
|
|
72
|
+
line: 0,
|
|
73
|
+
tool: 'find',
|
|
74
|
+
});
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
// .env tracked in git
|
|
78
|
+
const envFiles = (0, runner_1.run)('git ls-files .env .env.* 2>/dev/null', cwd);
|
|
79
|
+
if (envFiles) {
|
|
80
|
+
for (const f of envFiles.split('\n').filter((l) => l.trim())) {
|
|
81
|
+
findings.push({
|
|
82
|
+
severity: 'high',
|
|
83
|
+
category: 'config',
|
|
84
|
+
cwe: 'CWE-798',
|
|
85
|
+
rule: 'env-in-git',
|
|
86
|
+
title: `.env file tracked in git: ${f}`,
|
|
87
|
+
file: f,
|
|
88
|
+
line: 0,
|
|
89
|
+
tool: 'git',
|
|
90
|
+
});
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
return findings;
|
|
94
|
+
}
|
|
95
|
+
function mapSeverity(sgSeverity, impact) {
|
|
96
|
+
// Primary: use semgrep's impact field (most meaningful)
|
|
97
|
+
const imp = (impact || '').toUpperCase();
|
|
98
|
+
if (imp === 'HIGH')
|
|
99
|
+
return sgSeverity === 'ERROR' ? 'critical' : 'high';
|
|
100
|
+
if (imp === 'MEDIUM')
|
|
101
|
+
return 'medium';
|
|
102
|
+
if (imp === 'LOW')
|
|
103
|
+
return 'low';
|
|
104
|
+
// Fallback: semgrep severity
|
|
105
|
+
if (sgSeverity === 'ERROR')
|
|
106
|
+
return 'high';
|
|
107
|
+
if (sgSeverity === 'WARNING')
|
|
108
|
+
return 'medium';
|
|
109
|
+
return 'low';
|
|
110
|
+
}
|
|
111
|
+
function gatherCodePatterns(cwd) {
|
|
112
|
+
const status = (0, tool_registry_1.findTool)(tool_registry_1.TOOL_DEFS.semgrep ?? {}, cwd);
|
|
113
|
+
if (!status.available || !status.path)
|
|
114
|
+
return { findings: [], toolUsed: null };
|
|
115
|
+
// Derive rulesets from detected stack — not hardcoded
|
|
116
|
+
const stack = (0, detect_1.detect)(cwd);
|
|
117
|
+
const rulesets = (0, tool_registry_1.getSemgrepRulesets)(stack.languages);
|
|
118
|
+
const configs = rulesets.map((r) => `--config ${r}`).join(' ');
|
|
119
|
+
const excludes = (0, exclusions_1.getSemgrepExcludeFlags)(cwd);
|
|
120
|
+
const reportPath = `/tmp/dxkit-semgrep-${Date.now()}.json`;
|
|
121
|
+
(0, runner_1.run)(`${status.path} scan ${configs} --json --quiet --output '${reportPath}' ${excludes} '${cwd}' 2>/dev/null`, cwd, 300000);
|
|
122
|
+
const raw = (0, runner_1.run)(`cat '${reportPath}' 2>/dev/null`, cwd);
|
|
123
|
+
(0, runner_1.run)(`rm -f '${reportPath}'`, cwd);
|
|
124
|
+
if (!raw)
|
|
125
|
+
return { findings: [], toolUsed: 'semgrep' };
|
|
126
|
+
try {
|
|
127
|
+
const data = JSON.parse(raw);
|
|
128
|
+
if (!Array.isArray(data.results))
|
|
129
|
+
return { findings: [], toolUsed: 'semgrep' };
|
|
130
|
+
const findings = data.results
|
|
131
|
+
.filter((r) => {
|
|
132
|
+
// Skip LOW confidence to cut false positives
|
|
133
|
+
const conf = (r.extra.metadata?.confidence || '').toUpperCase();
|
|
134
|
+
return conf !== 'LOW';
|
|
135
|
+
})
|
|
136
|
+
.map((r) => ({
|
|
137
|
+
severity: mapSeverity(r.extra.severity, r.extra.metadata?.impact),
|
|
138
|
+
category: 'code',
|
|
139
|
+
cwe: r.extra.metadata?.cwe?.[0]?.split(':')[0] || '',
|
|
140
|
+
rule: r.check_id.split('.').slice(-1)[0],
|
|
141
|
+
title: r.extra.message.split('\n')[0].slice(0, 200),
|
|
142
|
+
file: r.path.replace(cwd + '/', '').replace(cwd, ''),
|
|
143
|
+
line: r.start.line,
|
|
144
|
+
tool: 'semgrep',
|
|
145
|
+
}));
|
|
146
|
+
return { findings, toolUsed: 'semgrep' };
|
|
147
|
+
}
|
|
148
|
+
catch {
|
|
149
|
+
return { findings: [], toolUsed: 'semgrep' };
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
function parseAuditJson(raw) {
|
|
153
|
+
try {
|
|
154
|
+
const data = JSON.parse(raw);
|
|
155
|
+
if (data.metadata?.vulnerabilities) {
|
|
156
|
+
const v = data.metadata.vulnerabilities;
|
|
157
|
+
return { c: v.critical || 0, h: v.high || 0, m: v.moderate || 0, l: v.low || 0 };
|
|
158
|
+
}
|
|
159
|
+
if (data.vulnerabilities) {
|
|
160
|
+
let c = 0, h = 0, m = 0, l = 0;
|
|
161
|
+
for (const v of Object.values(data.vulnerabilities)) {
|
|
162
|
+
if (v.severity === 'critical')
|
|
163
|
+
c++;
|
|
164
|
+
else if (v.severity === 'high')
|
|
165
|
+
h++;
|
|
166
|
+
else if (v.severity === 'moderate')
|
|
167
|
+
m++;
|
|
168
|
+
else if (v.severity === 'low')
|
|
169
|
+
l++;
|
|
170
|
+
}
|
|
171
|
+
return { c, h, m, l };
|
|
172
|
+
}
|
|
173
|
+
return null;
|
|
174
|
+
}
|
|
175
|
+
catch {
|
|
176
|
+
return null;
|
|
177
|
+
}
|
|
178
|
+
}
|
|
179
|
+
function gatherDepVulns(cwd) {
|
|
180
|
+
if (!(0, runner_1.fileExists)(cwd, 'package.json'))
|
|
181
|
+
return { critical: 0, high: 0, medium: 0, low: 0, total: 0, tool: null };
|
|
182
|
+
const raw = (0, runner_1.run)('npm audit --json 2>&1', cwd, 60000);
|
|
183
|
+
const result = raw ? parseAuditJson(raw) : null;
|
|
184
|
+
if (!result)
|
|
185
|
+
return { critical: 0, high: 0, medium: 0, low: 0, total: 0, tool: null };
|
|
186
|
+
return {
|
|
187
|
+
critical: result.c,
|
|
188
|
+
high: result.h,
|
|
189
|
+
medium: result.m,
|
|
190
|
+
low: result.l,
|
|
191
|
+
total: result.c + result.h + result.m + result.l,
|
|
192
|
+
tool: 'npm-audit',
|
|
193
|
+
};
|
|
194
|
+
}
|
|
195
|
+
//# sourceMappingURL=gather.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"gather.js","sourceRoot":"","sources":["../../../src/analyzers/security/gather.ts"],"names":[],"mappings":";;AAwBA,sCA4CC;AAID,gDAuCC;AAiCD,gDAiDC;AAuCD,wCAgBC;AAxPD;;;;;;;;GAQG;AACH,yCAAsC;AACtC,4CAAkD;AAClD,0DAAiF;AACjF,oDAAkG;AAYlG,SAAgB,aAAa,CAAC,GAAW;IAIvC,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,yBAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IACjD,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,IAAI;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAE/E,MAAM,UAAU,GAAG,uBAAuB,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;IAC5D,IAAA,YAAG,EACD,GAAG,MAAM,CAAC,IAAI,qBAAqB,GAAG,yCAAyC,UAAU,sCAAsC,EAC/H,GAAG,EACH,MAAM,CACP,CAAC;IACF,MAAM,GAAG,GAAG,IAAA,YAAG,EAAC,QAAQ,UAAU,eAAe,EAAE,GAAG,CAAC,CAAC;IACxD,IAAA,YAAG,EAAC,UAAU,UAAU,GAAG,EAAE,GAAG,CAAC,CAAC;IAElC,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IAExD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB,CAAC;QACnD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;QAE3E,yEAAyE;QACzE,6CAA6C;QAC7C,MAAM,QAAQ,GAAsB,OAAO;aACxC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YACZ,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,GAAG,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YAC/D,OAAO,CAAC,IAAA,2BAAc,EAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC,CAAC;aACD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACX,QAAQ,EAAE,CAAC,CAAC,MAAM,KAAK,aAAa,CAAC,CAAC,CAAE,UAAoB,CAAC,CAAC,CAAE,MAAgB;YAChF,QAAQ,EAAE,QAAiB;YAC3B,GAAG,EAAE,SAAS;YACd,IAAI,EAAE,CAAC,CAAC,MAAM;YACd,KAAK,EAAE,CAAC,CAAC,WAAW;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,GAAG,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC;YACpD,IAAI,EAAE,CAAC,CAAC,SAAS;YACjB,IAAI,EAAE,UAAU;SACjB,CAAC,CAAC,CAAC;QAEN,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IAChD,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,SAAgB,kBAAkB,CAAC,GAAW;IAC5C,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,IAAA,gCAAmB,EAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,mDAAmD;IAEpG,mCAAmC;IACnC,MAAM,QAAQ,GAAG,IAAA,YAAG,EAAC,iDAAiD,OAAO,cAAc,EAAE,GAAG,CAAC,CAAC;IAClG,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,SAAS;gBACd,IAAI,EAAE,kBAAkB;gBACxB,KAAK,EAAE,oCAAoC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE;gBAChE,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;gBACzB,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,MAAM;aACb,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,MAAM,QAAQ,GAAG,IAAA,YAAG,EAAC,sCAAsC,EAAE,GAAG,CAAC,CAAC;IAClE,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,SAAS;gBACd,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,6BAA6B,CAAC,EAAE;gBACvC,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,KAAK;aACZ,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAqBD,SAAS,WAAW,CAAC,UAAkB,EAAE,MAAe;IACtD,wDAAwD;IACxD,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACzC,IAAI,GAAG,KAAK,MAAM;QAAE,OAAO,UAAU,KAAK,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;IACxE,IAAI,GAAG,KAAK,QAAQ;QAAE,OAAO,QAAQ,CAAC;IACtC,IAAI,GAAG,KAAK,KAAK;QAAE,OAAO,KAAK,CAAC;IAChC,6BAA6B;IAC7B,IAAI,UAAU,KAAK,OAAO;QAAE,OAAO,MAAM,CAAC;IAC1C,IAAI,UAAU,KAAK,SAAS;QAAE,OAAO,QAAQ,CAAC;IAC9C,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAgB,kBAAkB,CAAC,GAAW;IAI5C,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,yBAAS,CAAC,OAAO,IAAK,EAAY,EAAE,GAAG,CAAC,CAAC;IACjE,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,IAAI;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAE/E,sDAAsD;IACtD,MAAM,KAAK,GAAG,IAAA,eAAM,EAAC,GAAG,CAAC,CAAC;IAC1B,MAAM,QAAQ,GAAG,IAAA,kCAAkB,EAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACrD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,IAAA,mCAAsB,EAAC,GAAG,CAAC,CAAC;IAE7C,MAAM,UAAU,GAAG,sBAAsB,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;IAC3D,IAAA,YAAG,EACD,GAAG,MAAM,CAAC,IAAI,SAAS,OAAO,6BAA6B,UAAU,KAAK,QAAQ,KAAK,GAAG,eAAe,EACzG,GAAG,EACH,MAAM,CACP,CAAC;IACF,MAAM,GAAG,GAAG,IAAA,YAAG,EAAC,QAAQ,UAAU,eAAe,EAAE,GAAG,CAAC,CAAC;IACxD,IAAA,YAAG,EAAC,UAAU,UAAU,GAAG,EAAE,GAAG,CAAC,CAAC;IAElC,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAEvD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAkB,CAAC;QAC9C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;QAE/E,MAAM,QAAQ,GAAsB,IAAI,CAAC,OAAO;aAC7C,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YACZ,6CAA6C;YAC7C,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,UAAU,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;YAChE,OAAO,IAAI,KAAK,KAAK,CAAC;QACxB,CAAC,CAAC;aACD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACX,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC;YACjE,QAAQ,EAAE,MAAe;YACzB,GAAG,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE;YACpD,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACxC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YACnD,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,GAAG,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC;YACpD,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI;YAClB,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC,CAAC;QAEN,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAC/C,CAAC;AACH,CAAC;AAaD,SAAS,cAAc,CAAC,GAAW;IACjC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4B,CAAC;QACxD,IAAI,IAAI,CAAC,QAAQ,EAAE,eAAe,EAAE,CAAC;YACnC,MAAM,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC;YACxC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC,QAAQ,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,QAAQ,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,EAAE,CAAC;QACnF,CAAC;QACD,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,IAAI,CAAC,GAAG,CAAC,EACP,CAAC,GAAG,CAAC,EACL,CAAC,GAAG,CAAC,EACL,CAAC,GAAG,CAAC,CAAC;YACR,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;gBACpD,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU;oBAAE,CAAC,EAAE,CAAC;qBAC9B,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM;oBAAE,CAAC,EAAE,CAAC;qBAC/B,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU;oBAAE,CAAC,EAAE,CAAC;qBACnC,IAAI,CAAC,CAAC,QAAQ,KAAK,KAAK;oBAAE,CAAC,EAAE,CAAC;YACrC,CAAC;YACD,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;QACxB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,cAAc,CAAC,GAAW;IACxC,IAAI,CAAC,IAAA,mBAAU,EAAC,GAAG,EAAE,cAAc,CAAC;QAClC,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAE3E,MAAM,GAAG,GAAG,IAAA,YAAG,EAAC,uBAAuB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACrD,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAChD,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAEtF,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,CAAC;QAClB,IAAI,EAAE,MAAM,CAAC,CAAC;QACd,MAAM,EAAE,MAAM,CAAC,CAAC;QAChB,GAAG,EAAE,MAAM,CAAC,CAAC;QACb,KAAK,EAAE,MAAM,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC;QAChD,IAAI,EAAE,WAAW;KAClB,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import { SecurityReport } from './types';
|
|
2
|
+
export type { SecurityReport, SecurityFinding } from './types';
|
|
3
|
+
export interface AnalyzeSecurityOptions {
|
|
4
|
+
verbose?: boolean;
|
|
5
|
+
}
|
|
6
|
+
export declare function analyzeSecurity(repoPath: string, options?: AnalyzeSecurityOptions): SecurityReport;
|
|
7
|
+
export declare function formatSecurityReport(report: SecurityReport, elapsed: string): string;
|
|
8
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analyzers/security/index.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,cAAc,EAA6B,MAAM,SAAS,CAAC;AAEpE,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAE/D,MAAM,WAAW,sBAAsB;IACrC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAQD,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,sBAA2B,GACnC,cAAc,CAwChB;AAED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAqFpF"}
|
|
@@ -0,0 +1,173 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.analyzeSecurity = analyzeSecurity;
|
|
37
|
+
exports.formatSecurityReport = formatSecurityReport;
|
|
38
|
+
/**
|
|
39
|
+
* Security analyzer — public API.
|
|
40
|
+
*/
|
|
41
|
+
const path = __importStar(require("path"));
|
|
42
|
+
const detect_1 = require("../../detect");
|
|
43
|
+
const runner_1 = require("../tools/runner");
|
|
44
|
+
const timing_1 = require("../tools/timing");
|
|
45
|
+
const gather_1 = require("./gather");
|
|
46
|
+
function countBySeverity(findings) {
|
|
47
|
+
const counts = { critical: 0, high: 0, medium: 0, low: 0 };
|
|
48
|
+
for (const f of findings)
|
|
49
|
+
counts[f.severity]++;
|
|
50
|
+
return counts;
|
|
51
|
+
}
|
|
52
|
+
function analyzeSecurity(repoPath, options = {}) {
|
|
53
|
+
const verbose = !!options.verbose;
|
|
54
|
+
const stack = (0, detect_1.detect)(repoPath);
|
|
55
|
+
const toolsUsed = ['find', 'git'];
|
|
56
|
+
const toolsUnavailable = [];
|
|
57
|
+
// 1. Secrets (gitleaks)
|
|
58
|
+
const secrets = (0, timing_1.timed)('gitleaks', verbose, () => (0, gather_1.gatherSecrets)(repoPath));
|
|
59
|
+
if (secrets.toolUsed)
|
|
60
|
+
toolsUsed.push(secrets.toolUsed);
|
|
61
|
+
else
|
|
62
|
+
toolsUnavailable.push('gitleaks');
|
|
63
|
+
// 2. File findings (private keys, .env)
|
|
64
|
+
const files = (0, timing_1.timed)('file-findings', verbose, () => (0, gather_1.gatherFileFindings)(repoPath));
|
|
65
|
+
// 3. Code patterns (semgrep)
|
|
66
|
+
const code = (0, timing_1.timed)('semgrep', verbose, () => (0, gather_1.gatherCodePatterns)(repoPath));
|
|
67
|
+
if (code.toolUsed)
|
|
68
|
+
toolsUsed.push(code.toolUsed);
|
|
69
|
+
else
|
|
70
|
+
toolsUnavailable.push('semgrep');
|
|
71
|
+
// 4. Dependency CVEs (npm audit)
|
|
72
|
+
const deps = (0, timing_1.timed)('dep-audit', verbose, () => (0, gather_1.gatherDepVulns)(repoPath));
|
|
73
|
+
if (deps.tool)
|
|
74
|
+
toolsUsed.push(deps.tool);
|
|
75
|
+
else
|
|
76
|
+
toolsUnavailable.push('npm-audit');
|
|
77
|
+
const allFindings = [...secrets.findings, ...files, ...code.findings];
|
|
78
|
+
const counts = countBySeverity(allFindings);
|
|
79
|
+
return {
|
|
80
|
+
repo: stack.projectName || path.basename(repoPath),
|
|
81
|
+
analyzedAt: new Date().toISOString(),
|
|
82
|
+
commitSha: (0, runner_1.run)('git rev-parse --short HEAD 2>/dev/null', repoPath),
|
|
83
|
+
branch: (0, runner_1.run)('git rev-parse --abbrev-ref HEAD 2>/dev/null', repoPath),
|
|
84
|
+
summary: {
|
|
85
|
+
findings: { ...counts, total: allFindings.length },
|
|
86
|
+
dependencies: deps,
|
|
87
|
+
},
|
|
88
|
+
findings: allFindings,
|
|
89
|
+
toolsUsed,
|
|
90
|
+
toolsUnavailable,
|
|
91
|
+
};
|
|
92
|
+
}
|
|
93
|
+
function formatSecurityReport(report, elapsed) {
|
|
94
|
+
const L = [];
|
|
95
|
+
L.push('# Vulnerability Scan Report');
|
|
96
|
+
L.push('');
|
|
97
|
+
L.push(`**Date:** ${report.analyzedAt.slice(0, 10)}`);
|
|
98
|
+
L.push(`**Repository:** ${report.repo}`);
|
|
99
|
+
L.push(`**Branch:** ${report.branch} (${report.commitSha})`);
|
|
100
|
+
L.push('');
|
|
101
|
+
L.push('---');
|
|
102
|
+
L.push('');
|
|
103
|
+
// Executive summary
|
|
104
|
+
const s = report.summary.findings;
|
|
105
|
+
L.push('## Executive Summary');
|
|
106
|
+
L.push('');
|
|
107
|
+
L.push('| Severity | Count |');
|
|
108
|
+
L.push('|----------|-------|');
|
|
109
|
+
L.push(`| CRITICAL | ${s.critical} |`);
|
|
110
|
+
L.push(`| HIGH | ${s.high} |`);
|
|
111
|
+
L.push(`| MEDIUM | ${s.medium} |`);
|
|
112
|
+
L.push(`| LOW | ${s.low} |`);
|
|
113
|
+
L.push(`| **Total** | **${s.total}** |`);
|
|
114
|
+
L.push('');
|
|
115
|
+
const d = report.summary.dependencies;
|
|
116
|
+
if (d.tool) {
|
|
117
|
+
L.push(`Dependency audit: ${d.critical}C ${d.high}H ${d.medium}M ${d.low}L (${d.total} total, via ${d.tool}).`);
|
|
118
|
+
}
|
|
119
|
+
L.push('');
|
|
120
|
+
L.push('---');
|
|
121
|
+
L.push('');
|
|
122
|
+
// Findings grouped by category
|
|
123
|
+
const categories = [
|
|
124
|
+
{ key: 'secret', title: '1. Secrets & Credentials' },
|
|
125
|
+
{ key: 'code', title: '2. Code Vulnerability Patterns' },
|
|
126
|
+
{ key: 'config', title: '3. Configuration Issues' },
|
|
127
|
+
];
|
|
128
|
+
const SORDER = { critical: 0, high: 1, medium: 2, low: 3 };
|
|
129
|
+
for (const cat of categories) {
|
|
130
|
+
const items = report.findings
|
|
131
|
+
.filter((f) => f.category === cat.key)
|
|
132
|
+
.sort((a, b) => SORDER[a.severity] - SORDER[b.severity]);
|
|
133
|
+
if (items.length === 0)
|
|
134
|
+
continue;
|
|
135
|
+
L.push(`## ${cat.title}`);
|
|
136
|
+
L.push('');
|
|
137
|
+
for (const f of items) {
|
|
138
|
+
L.push(`### ${f.severity.toUpperCase()}: ${f.title}`);
|
|
139
|
+
L.push(`- **File:** \`${f.file}${f.line ? ':' + f.line : ''}\``);
|
|
140
|
+
if (f.cwe)
|
|
141
|
+
L.push(`- **CWE:** ${f.cwe}`);
|
|
142
|
+
L.push(`- **Tool:** ${f.tool} / ${f.rule}`);
|
|
143
|
+
L.push('');
|
|
144
|
+
}
|
|
145
|
+
L.push('---');
|
|
146
|
+
L.push('');
|
|
147
|
+
}
|
|
148
|
+
// Dependencies
|
|
149
|
+
if (d.tool) {
|
|
150
|
+
L.push('## 4. Dependency Vulnerabilities');
|
|
151
|
+
L.push('');
|
|
152
|
+
L.push('| Severity | Count |');
|
|
153
|
+
L.push('|----------|-------|');
|
|
154
|
+
L.push(`| Critical | ${d.critical} |`);
|
|
155
|
+
L.push(`| High | ${d.high} |`);
|
|
156
|
+
L.push(`| Medium | ${d.medium} |`);
|
|
157
|
+
L.push(`| Low | ${d.low} |`);
|
|
158
|
+
L.push(`| **Total** | **${d.total}** |`);
|
|
159
|
+
L.push('');
|
|
160
|
+
L.push('---');
|
|
161
|
+
L.push('');
|
|
162
|
+
}
|
|
163
|
+
// Footer
|
|
164
|
+
L.push(`**Tools used:** ${report.toolsUsed.join(', ')}`);
|
|
165
|
+
if (report.toolsUnavailable.length > 0) {
|
|
166
|
+
L.push(`**Tools unavailable:** ${report.toolsUnavailable.join(', ')}`);
|
|
167
|
+
}
|
|
168
|
+
L.push(`**Analysis time:** ${elapsed}s`);
|
|
169
|
+
L.push('');
|
|
170
|
+
L.push('*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*');
|
|
171
|
+
return L.join('\n');
|
|
172
|
+
}
|
|
173
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analyzers/security/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsBA,0CA2CC;AAED,oDAqFC;AAxJD;;GAEG;AACH,2CAA6B;AAC7B,yCAAsC;AACtC,4CAAsC;AACtC,4CAAwC;AACxC,qCAAiG;AASjG,SAAS,eAAe,CAAC,QAA2B;IAClD,MAAM,MAAM,GAA6B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IACrF,KAAK,MAAM,CAAC,IAAI,QAAQ;QAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;IAC/C,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,eAAe,CAC7B,QAAgB,EAChB,UAAkC,EAAE;IAEpC,MAAM,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAClC,MAAM,KAAK,GAAG,IAAA,eAAM,EAAC,QAAQ,CAAC,CAAC;IAC/B,MAAM,SAAS,GAAa,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAC5C,MAAM,gBAAgB,GAAa,EAAE,CAAC;IAEtC,wBAAwB;IACxB,MAAM,OAAO,GAAG,IAAA,cAAK,EAAC,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAA,sBAAa,EAAC,QAAQ,CAAC,CAAC,CAAC;IAC1E,IAAI,OAAO,CAAC,QAAQ;QAAE,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;;QAClD,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAEvC,wCAAwC;IACxC,MAAM,KAAK,GAAG,IAAA,cAAK,EAAC,eAAe,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAA,2BAAkB,EAAC,QAAQ,CAAC,CAAC,CAAC;IAElF,6BAA6B;IAC7B,MAAM,IAAI,GAAG,IAAA,cAAK,EAAC,SAAS,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAA,2BAAkB,EAAC,QAAQ,CAAC,CAAC,CAAC;IAC3E,IAAI,IAAI,CAAC,QAAQ;QAAE,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;;QAC5C,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAEtC,iCAAiC;IACjC,MAAM,IAAI,GAAG,IAAA,cAAK,EAAC,WAAW,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAA,uBAAc,EAAC,QAAQ,CAAC,CAAC,CAAC;IACzE,IAAI,IAAI,CAAC,IAAI;QAAE,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;;QACpC,gBAAgB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAExC,MAAM,WAAW,GAAG,CAAC,GAAG,OAAO,CAAC,QAAQ,EAAE,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;IAE5C,OAAO;QACL,IAAI,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAClD,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,SAAS,EAAE,IAAA,YAAG,EAAC,wCAAwC,EAAE,QAAQ,CAAC;QAClE,MAAM,EAAE,IAAA,YAAG,EAAC,6CAA6C,EAAE,QAAQ,CAAC;QACpE,OAAO,EAAE;YACP,QAAQ,EAAE,EAAE,GAAG,MAAM,EAAE,KAAK,EAAE,WAAW,CAAC,MAAM,EAAE;YAClD,YAAY,EAAE,IAAI;SACnB;QACD,QAAQ,EAAE,WAAW;QACrB,SAAS;QACT,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED,SAAgB,oBAAoB,CAAC,MAAsB,EAAE,OAAe;IAC1E,MAAM,CAAC,GAAa,EAAE,CAAC;IACvB,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;IACtC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;IACtD,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC;IAC7D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,oBAAoB;IACpB,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC;IAClC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAC/B,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAC/B,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAC/B,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC;IACvC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC;IACnC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAClC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC;IACtC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,qBAAqB,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,KAAK,eAAe,CAAC,CAAC,IAAI,IAAI,CACxG,CAAC;IACJ,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,+BAA+B;IAC/B,MAAM,UAAU,GAA0C;QACxD,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,0BAA0B,EAAE;QACpD,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,gCAAgC,EAAE;QACxD,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,yBAAyB,EAAE;KACpD,CAAC;IACF,MAAM,MAAM,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAEnF,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ;aAC1B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,GAAG,CAAC;aACrC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC3D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEjC,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;QAC1B,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YACtD,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;YACjE,IAAI,CAAC,CAAC,GAAG;gBAAE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;YACzC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YAC5C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACb,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,eAAe;IACf,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;QAC3C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC/B,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC/B,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC;QACvC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC;QACnC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC;QACrC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAClC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;QACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,SAAS;IACT,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzD,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,CAAC,CAAC,IAAI,CAAC,0BAA0B,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,sBAAsB,OAAO,GAAG,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,gFAAgF,CAAC,CAAC;IACzF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Security scoring — internal scorer over finding+dep counts, used for
|
|
3
|
+
* RemediationAction ranking in detailed reports.
|
|
4
|
+
*
|
|
5
|
+
* Distinct from src/analyzers/scoring.ts scoreSecurity() which operates on
|
|
6
|
+
* HealthMetrics for the health dimension rollup. This scorer is scoped to
|
|
7
|
+
* SecurityReport's own shape so remediation actions can simulate deltas
|
|
8
|
+
* without going through HealthMetrics.
|
|
9
|
+
*/
|
|
10
|
+
/** Counts summarized from a SecurityReport. Patches produce a new snapshot. */
|
|
11
|
+
export interface SecurityCounts {
|
|
12
|
+
critical: number;
|
|
13
|
+
high: number;
|
|
14
|
+
medium: number;
|
|
15
|
+
low: number;
|
|
16
|
+
depCritical: number;
|
|
17
|
+
depHigh: number;
|
|
18
|
+
depMedium: number;
|
|
19
|
+
depLow: number;
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* 0-100 security score from finding + dep counts.
|
|
23
|
+
* Mirrors the health-side scoreSecurity() thresholds so projected values stay
|
|
24
|
+
* intuitive to users who also read the health report.
|
|
25
|
+
*/
|
|
26
|
+
export declare function scoreSecurityCounts(c: SecurityCounts): {
|
|
27
|
+
score: number;
|
|
28
|
+
};
|
|
29
|
+
//# sourceMappingURL=scoring.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scoring.d.ts","sourceRoot":"","sources":["../../../src/analyzers/security/scoring.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,+EAA+E;AAC/E,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,CAAC,EAAE,cAAc,GAAG;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,CAiBxE"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Security scoring — internal scorer over finding+dep counts, used for
|
|
4
|
+
* RemediationAction ranking in detailed reports.
|
|
5
|
+
*
|
|
6
|
+
* Distinct from src/analyzers/scoring.ts scoreSecurity() which operates on
|
|
7
|
+
* HealthMetrics for the health dimension rollup. This scorer is scoped to
|
|
8
|
+
* SecurityReport's own shape so remediation actions can simulate deltas
|
|
9
|
+
* without going through HealthMetrics.
|
|
10
|
+
*/
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.scoreSecurityCounts = scoreSecurityCounts;
|
|
13
|
+
/**
|
|
14
|
+
* 0-100 security score from finding + dep counts.
|
|
15
|
+
* Mirrors the health-side scoreSecurity() thresholds so projected values stay
|
|
16
|
+
* intuitive to users who also read the health report.
|
|
17
|
+
*/
|
|
18
|
+
function scoreSecurityCounts(c) {
|
|
19
|
+
let score = 100;
|
|
20
|
+
if (c.critical > 10)
|
|
21
|
+
score -= 25;
|
|
22
|
+
else if (c.critical > 5)
|
|
23
|
+
score -= 20;
|
|
24
|
+
else if (c.critical > 0)
|
|
25
|
+
score -= 15;
|
|
26
|
+
if (c.high > 5)
|
|
27
|
+
score -= 10;
|
|
28
|
+
else if (c.high > 0)
|
|
29
|
+
score -= 5;
|
|
30
|
+
if (c.medium > 10)
|
|
31
|
+
score -= 5;
|
|
32
|
+
if (c.depCritical > 0)
|
|
33
|
+
score -= 15;
|
|
34
|
+
if (c.depHigh > 5)
|
|
35
|
+
score -= 10;
|
|
36
|
+
else if (c.depHigh > 0)
|
|
37
|
+
score -= 5;
|
|
38
|
+
return { score: Math.max(0, Math.min(100, score)) };
|
|
39
|
+
}
|
|
40
|
+
//# sourceMappingURL=scoring.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scoring.js","sourceRoot":"","sources":["../../../src/analyzers/security/scoring.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;AAmBH,kDAiBC;AAtBD;;;;GAIG;AACH,SAAgB,mBAAmB,CAAC,CAAiB;IACnD,IAAI,KAAK,GAAG,GAAG,CAAC;IAEhB,IAAI,CAAC,CAAC,QAAQ,GAAG,EAAE;QAAE,KAAK,IAAI,EAAE,CAAC;SAC5B,IAAI,CAAC,CAAC,QAAQ,GAAG,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;SAChC,IAAI,CAAC,CAAC,QAAQ,GAAG,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;IAErC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;SACvB,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC;QAAE,KAAK,IAAI,CAAC,CAAC;IAEhC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE;QAAE,KAAK,IAAI,CAAC,CAAC;IAE9B,IAAI,CAAC,CAAC,WAAW,GAAG,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;IACnC,IAAI,CAAC,CAAC,OAAO,GAAG,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;SAC1B,IAAI,CAAC,CAAC,OAAO,GAAG,CAAC;QAAE,KAAK,IAAI,CAAC,CAAC;IAEnC,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;AACtD,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Security dimension — shallow score for health aggregation.
|
|
3
|
+
*
|
|
4
|
+
* Computes the DimensionScore using the same formula as scoring.ts
|
|
5
|
+
* (delegating to it), but Phase 4b+ can switch to using the deep
|
|
6
|
+
* analyzer's findings for more accurate scoring.
|
|
7
|
+
*/
|
|
8
|
+
import { HealthMetrics, DimensionScore } from '../types';
|
|
9
|
+
export declare function scoreSecurityDimension(m: HealthMetrics): DimensionScore;
|
|
10
|
+
//# sourceMappingURL=shallow.d.ts.map
|