@vyuhlabs/dxkit 1.6.1 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +115 -0
- package/README.md +3 -3
- package/dist/agents/extract.d.ts +25 -0
- package/dist/agents/extract.d.ts.map +1 -0
- package/dist/agents/extract.js +186 -0
- package/dist/agents/extract.js.map +1 -0
- package/dist/agents/schemas.d.ts +106 -0
- package/dist/agents/schemas.d.ts.map +1 -0
- package/dist/agents/schemas.js +86 -0
- package/dist/agents/schemas.js.map +1 -0
- package/dist/agents/session.d.ts +28 -0
- package/dist/agents/session.d.ts.map +1 -0
- package/dist/agents/session.js +223 -0
- package/dist/agents/session.js.map +1 -0
- package/dist/analyzers/developer/detailed.js +1 -1
- package/dist/analyzers/developer/detailed.js.map +1 -1
- package/dist/analyzers/dispatcher.d.ts +36 -0
- package/dist/analyzers/dispatcher.d.ts.map +1 -0
- package/dist/analyzers/dispatcher.js +62 -0
- package/dist/analyzers/dispatcher.js.map +1 -0
- package/dist/analyzers/docs/shallow.d.ts +3 -2
- package/dist/analyzers/docs/shallow.d.ts.map +1 -1
- package/dist/analyzers/docs/shallow.js +2 -2
- package/dist/analyzers/docs/shallow.js.map +1 -1
- package/dist/analyzers/dx/shallow.d.ts +3 -2
- package/dist/analyzers/dx/shallow.d.ts.map +1 -1
- package/dist/analyzers/dx/shallow.js +2 -2
- package/dist/analyzers/dx/shallow.js.map +1 -1
- package/dist/analyzers/health/actions.d.ts +3 -3
- package/dist/analyzers/health/actions.d.ts.map +1 -1
- package/dist/analyzers/health/actions.js +99 -52
- package/dist/analyzers/health/actions.js.map +1 -1
- package/dist/analyzers/health/detailed.d.ts.map +1 -1
- package/dist/analyzers/health/detailed.js +6 -2
- package/dist/analyzers/health/detailed.js.map +1 -1
- package/dist/analyzers/health.d.ts +0 -2
- package/dist/analyzers/health.d.ts.map +1 -1
- package/dist/analyzers/health.js +134 -72
- package/dist/analyzers/health.js.map +1 -1
- package/dist/analyzers/maintainability/shallow.d.ts +3 -2
- package/dist/analyzers/maintainability/shallow.d.ts.map +1 -1
- package/dist/analyzers/maintainability/shallow.js +2 -2
- package/dist/analyzers/maintainability/shallow.js.map +1 -1
- package/dist/analyzers/quality/detailed.js +1 -1
- package/dist/analyzers/quality/detailed.js.map +1 -1
- package/dist/analyzers/quality/gather.d.ts +33 -4
- package/dist/analyzers/quality/gather.d.ts.map +1 -1
- package/dist/analyzers/quality/gather.js +81 -93
- package/dist/analyzers/quality/gather.js.map +1 -1
- package/dist/analyzers/quality/index.js +4 -4
- package/dist/analyzers/quality/index.js.map +1 -1
- package/dist/analyzers/quality/shallow.d.ts +3 -2
- package/dist/analyzers/quality/shallow.d.ts.map +1 -1
- package/dist/analyzers/quality/shallow.js +2 -2
- package/dist/analyzers/quality/shallow.js.map +1 -1
- package/dist/analyzers/scoring.d.ts +26 -9
- package/dist/analyzers/scoring.d.ts.map +1 -1
- package/dist/analyzers/scoring.js +83 -71
- package/dist/analyzers/scoring.js.map +1 -1
- package/dist/analyzers/security/detailed.js +1 -1
- package/dist/analyzers/security/detailed.js.map +1 -1
- package/dist/analyzers/security/gather.d.ts +28 -5
- package/dist/analyzers/security/gather.d.ts.map +1 -1
- package/dist/analyzers/security/gather.js +87 -135
- package/dist/analyzers/security/gather.js.map +1 -1
- package/dist/analyzers/security/index.d.ts +1 -1
- package/dist/analyzers/security/index.d.ts.map +1 -1
- package/dist/analyzers/security/index.js +16 -11
- package/dist/analyzers/security/index.js.map +1 -1
- package/dist/analyzers/security/report.d.ts +6 -0
- package/dist/analyzers/security/report.d.ts.map +1 -0
- package/dist/analyzers/security/report.js +118 -0
- package/dist/analyzers/security/report.js.map +1 -0
- package/dist/analyzers/security/shallow.d.ts +3 -2
- package/dist/analyzers/security/shallow.d.ts.map +1 -1
- package/dist/analyzers/security/shallow.js +2 -2
- package/dist/analyzers/security/shallow.js.map +1 -1
- package/dist/analyzers/tests/detailed.js +1 -1
- package/dist/analyzers/tests/detailed.js.map +1 -1
- package/dist/analyzers/tests/import-graph.d.ts +8 -22
- package/dist/analyzers/tests/import-graph.d.ts.map +1 -1
- package/dist/analyzers/tests/import-graph.js +22 -189
- package/dist/analyzers/tests/import-graph.js.map +1 -1
- package/dist/analyzers/tests/index.d.ts +1 -1
- package/dist/analyzers/tests/index.d.ts.map +1 -1
- package/dist/analyzers/tests/index.js +3 -3
- package/dist/analyzers/tests/index.js.map +1 -1
- package/dist/analyzers/tests/shallow.d.ts +3 -2
- package/dist/analyzers/tests/shallow.d.ts.map +1 -1
- package/dist/analyzers/tests/shallow.js +2 -2
- package/dist/analyzers/tests/shallow.js.map +1 -1
- package/dist/analyzers/tools/coverage.d.ts +21 -11
- package/dist/analyzers/tools/coverage.d.ts.map +1 -1
- package/dist/analyzers/tools/coverage.js +32 -44
- package/dist/analyzers/tools/coverage.js.map +1 -1
- package/dist/analyzers/tools/dotnet.d.ts +8 -0
- package/dist/analyzers/tools/dotnet.d.ts.map +1 -0
- package/dist/analyzers/tools/dotnet.js +81 -0
- package/dist/analyzers/tools/dotnet.js.map +1 -0
- package/dist/analyzers/tools/gather-cache.d.ts +16 -0
- package/dist/analyzers/tools/gather-cache.d.ts.map +1 -0
- package/dist/analyzers/tools/gather-cache.js +126 -0
- package/dist/analyzers/tools/gather-cache.js.map +1 -0
- package/dist/analyzers/tools/generic.d.ts.map +1 -1
- package/dist/analyzers/tools/generic.js +6 -28
- package/dist/analyzers/tools/generic.js.map +1 -1
- package/dist/analyzers/tools/gitleaks.d.ts +28 -5
- package/dist/analyzers/tools/gitleaks.d.ts.map +1 -1
- package/dist/analyzers/tools/gitleaks.js +91 -37
- package/dist/analyzers/tools/gitleaks.js.map +1 -1
- package/dist/analyzers/tools/go.d.ts +8 -0
- package/dist/analyzers/tools/go.d.ts.map +1 -0
- package/dist/analyzers/tools/go.js +84 -0
- package/dist/analyzers/tools/go.js.map +1 -0
- package/dist/analyzers/tools/graphify.d.ts +31 -3
- package/dist/analyzers/tools/graphify.d.ts.map +1 -1
- package/dist/analyzers/tools/graphify.js +78 -36
- package/dist/analyzers/tools/graphify.js.map +1 -1
- package/dist/analyzers/tools/grep-secrets.d.ts +6 -0
- package/dist/analyzers/tools/grep-secrets.d.ts.map +1 -0
- package/dist/analyzers/tools/grep-secrets.js +124 -0
- package/dist/analyzers/tools/grep-secrets.js.map +1 -0
- package/dist/analyzers/tools/jscpd.d.ts +40 -0
- package/dist/analyzers/tools/jscpd.d.ts.map +1 -0
- package/dist/analyzers/tools/jscpd.js +96 -0
- package/dist/analyzers/tools/jscpd.js.map +1 -0
- package/dist/analyzers/tools/node.d.ts +8 -0
- package/dist/analyzers/tools/node.d.ts.map +1 -0
- package/dist/analyzers/tools/node.js +160 -0
- package/dist/analyzers/tools/node.js.map +1 -0
- package/dist/analyzers/tools/package-json.d.ts +6 -0
- package/dist/analyzers/tools/package-json.d.ts.map +1 -0
- package/dist/analyzers/tools/package-json.js +67 -0
- package/dist/analyzers/tools/package-json.js.map +1 -0
- package/dist/analyzers/tools/parallel.d.ts +22 -5
- package/dist/analyzers/tools/parallel.d.ts.map +1 -1
- package/dist/analyzers/tools/parallel.js +26 -185
- package/dist/analyzers/tools/parallel.js.map +1 -1
- package/dist/analyzers/tools/paths.d.ts +21 -0
- package/dist/analyzers/tools/paths.d.ts.map +1 -0
- package/dist/analyzers/tools/paths.js +62 -0
- package/dist/analyzers/tools/paths.js.map +1 -0
- package/dist/analyzers/tools/python.d.ts +8 -0
- package/dist/analyzers/tools/python.d.ts.map +1 -0
- package/dist/analyzers/tools/python.js +81 -0
- package/dist/analyzers/tools/python.js.map +1 -0
- package/dist/analyzers/tools/rust.d.ts +8 -0
- package/dist/analyzers/tools/rust.d.ts.map +1 -0
- package/dist/analyzers/tools/rust.js +86 -0
- package/dist/analyzers/tools/rust.js.map +1 -0
- package/dist/analyzers/tools/semgrep.d.ts +39 -0
- package/dist/analyzers/tools/semgrep.d.ts.map +1 -0
- package/dist/analyzers/tools/semgrep.js +129 -0
- package/dist/analyzers/tools/semgrep.js.map +1 -0
- package/dist/analyzers/tools/tool-registry.d.ts +0 -41
- package/dist/analyzers/tools/tool-registry.d.ts.map +1 -1
- package/dist/analyzers/tools/tool-registry.js +0 -87
- package/dist/analyzers/tools/tool-registry.js.map +1 -1
- package/dist/analyzers/types.d.ts +42 -30
- package/dist/analyzers/types.d.ts.map +1 -1
- package/dist/cli.js +2 -2
- package/dist/cli.js.map +1 -1
- package/dist/constants.d.ts +1 -3
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.js +55 -14
- package/dist/constants.js.map +1 -1
- package/dist/languages/capabilities/descriptors.d.ts +74 -0
- package/dist/languages/capabilities/descriptors.d.ts.map +1 -0
- package/dist/languages/capabilities/descriptors.js +250 -0
- package/dist/languages/capabilities/descriptors.js.map +1 -0
- package/dist/languages/capabilities/global.d.ts +43 -0
- package/dist/languages/capabilities/global.d.ts.map +1 -0
- package/dist/languages/capabilities/global.js +48 -0
- package/dist/languages/capabilities/global.js.map +1 -0
- package/dist/languages/capabilities/index.d.ts +31 -0
- package/dist/languages/capabilities/index.d.ts.map +1 -0
- package/dist/languages/capabilities/index.js +56 -0
- package/dist/languages/capabilities/index.js.map +1 -0
- package/dist/languages/capabilities/provider.d.ts +16 -0
- package/dist/languages/capabilities/provider.d.ts.map +1 -0
- package/dist/languages/capabilities/provider.js +12 -0
- package/dist/languages/capabilities/provider.js.map +1 -0
- package/dist/languages/capabilities/types.d.ts +226 -0
- package/dist/languages/capabilities/types.d.ts.map +1 -0
- package/dist/languages/capabilities/types.js +23 -0
- package/dist/languages/capabilities/types.js.map +1 -0
- package/dist/languages/csharp.d.ts +8 -0
- package/dist/languages/csharp.d.ts.map +1 -1
- package/dist/languages/csharp.js +203 -103
- package/dist/languages/csharp.js.map +1 -1
- package/dist/languages/go.d.ts +13 -7
- package/dist/languages/go.d.ts.map +1 -1
- package/dist/languages/go.js +277 -183
- package/dist/languages/go.js.map +1 -1
- package/dist/languages/python.d.ts +14 -0
- package/dist/languages/python.d.ts.map +1 -1
- package/dist/languages/python.js +276 -169
- package/dist/languages/python.js.map +1 -1
- package/dist/languages/rust.d.ts +8 -0
- package/dist/languages/rust.d.ts.map +1 -1
- package/dist/languages/rust.js +218 -131
- package/dist/languages/rust.js.map +1 -1
- package/dist/languages/types.d.ts +16 -15
- package/dist/languages/types.d.ts.map +1 -1
- package/dist/languages/typescript.d.ts +12 -11
- package/dist/languages/typescript.d.ts.map +1 -1
- package/dist/languages/typescript.js +256 -161
- package/dist/languages/typescript.js.map +1 -1
- package/package.json +1 -1
- package/templates/.ai/templates/session-checkpoint-template.md +97 -0
|
@@ -8,51 +8,40 @@ exports.gatherDepVulns = gatherDepVulns;
|
|
|
8
8
|
* Security finding gatherers — one function per tool, no overlap.
|
|
9
9
|
*
|
|
10
10
|
* Tool boundaries:
|
|
11
|
-
* gitleaks
|
|
12
|
-
* find/git
|
|
13
|
-
* semgrep
|
|
14
|
-
*
|
|
11
|
+
* gitleaks → secrets (hardcoded credentials, API keys, private keys in source)
|
|
12
|
+
* find/git → private key files on disk (.key, .pem), .env tracked in git
|
|
13
|
+
* semgrep → code patterns (eval, exec, TLS, CORS, SQLi, XSS, SSRF, etc.)
|
|
14
|
+
* dispatcher → dependency CVEs unioned across every active language pack
|
|
15
15
|
*/
|
|
16
|
-
const detect_1 = require("../../detect");
|
|
17
16
|
const runner_1 = require("../tools/runner");
|
|
18
|
-
const tool_registry_1 = require("../tools/tool-registry");
|
|
19
17
|
const exclusions_1 = require("../tools/exclusions");
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
18
|
+
const dispatcher_1 = require("../dispatcher");
|
|
19
|
+
const languages_1 = require("../../languages");
|
|
20
|
+
const descriptors_1 = require("../../languages/capabilities/descriptors");
|
|
21
|
+
const capabilities_1 = require("../../languages/capabilities");
|
|
22
|
+
// ─── dispatcher-driven secrets gather ────────────────────────────────────────
|
|
23
|
+
/**
|
|
24
|
+
* Secrets are a global capability: one scanner (gitleaks today) runs once
|
|
25
|
+
* per repo and the dispatcher aggregates its envelope through the SECRETS
|
|
26
|
+
* descriptor. Exclusions + suppressions are already applied inside the
|
|
27
|
+
* provider (see tools/gitleaks.ts), so this layer only maps the envelope
|
|
28
|
+
* into the SecurityFinding shape used by the security report.
|
|
29
|
+
*/
|
|
30
|
+
async function gatherSecrets(cwd) {
|
|
31
|
+
const result = await dispatcher_1.defaultDispatcher.gather(cwd, descriptors_1.SECRETS, (0, capabilities_1.providersFor)(descriptors_1.SECRETS));
|
|
32
|
+
if (!result)
|
|
23
33
|
return { findings: [], toolUsed: null };
|
|
24
|
-
const
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
// between tools on what counts as "ignored".
|
|
36
|
-
const findings = entries
|
|
37
|
-
.filter((e) => {
|
|
38
|
-
const relPath = e.File.replace(cwd + '/', '').replace(cwd, '');
|
|
39
|
-
return !(0, exclusions_1.isExcludedPath)(cwd, relPath);
|
|
40
|
-
})
|
|
41
|
-
.map((e) => ({
|
|
42
|
-
severity: e.RuleID === 'private-key' ? 'critical' : 'high',
|
|
43
|
-
category: 'secret',
|
|
44
|
-
cwe: 'CWE-798',
|
|
45
|
-
rule: e.RuleID,
|
|
46
|
-
title: e.Description,
|
|
47
|
-
file: e.File.replace(cwd + '/', '').replace(cwd, ''),
|
|
48
|
-
line: e.StartLine,
|
|
49
|
-
tool: 'gitleaks',
|
|
50
|
-
}));
|
|
51
|
-
return { findings, toolUsed: 'gitleaks' };
|
|
52
|
-
}
|
|
53
|
-
catch {
|
|
54
|
-
return { findings: [], toolUsed: 'gitleaks' };
|
|
55
|
-
}
|
|
34
|
+
const findings = result.findings.map((f) => ({
|
|
35
|
+
severity: f.severity,
|
|
36
|
+
category: 'secret',
|
|
37
|
+
cwe: 'CWE-798',
|
|
38
|
+
rule: f.rule,
|
|
39
|
+
title: f.title ?? `Secret detected: ${f.rule}`,
|
|
40
|
+
file: f.file,
|
|
41
|
+
line: f.line,
|
|
42
|
+
tool: result.tool,
|
|
43
|
+
}));
|
|
44
|
+
return { findings, toolUsed: result.tool };
|
|
56
45
|
}
|
|
57
46
|
// ─── find/git: private key files, .env in git ───────────────────────────────
|
|
58
47
|
function gatherFileFindings(cwd) {
|
|
@@ -92,104 +81,67 @@ function gatherFileFindings(cwd) {
|
|
|
92
81
|
}
|
|
93
82
|
return findings;
|
|
94
83
|
}
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
if (
|
|
106
|
-
return 'high';
|
|
107
|
-
if (sgSeverity === 'WARNING')
|
|
108
|
-
return 'medium';
|
|
109
|
-
return 'low';
|
|
110
|
-
}
|
|
111
|
-
function gatherCodePatterns(cwd) {
|
|
112
|
-
const status = (0, tool_registry_1.findTool)(tool_registry_1.TOOL_DEFS.semgrep ?? {}, cwd);
|
|
113
|
-
if (!status.available || !status.path)
|
|
84
|
+
// ─── dispatcher-driven codePatterns gather ──────────────────────────────────
|
|
85
|
+
/**
|
|
86
|
+
* Code-pattern findings are a global capability: the CODE_PATTERNS
|
|
87
|
+
* dispatcher routes to `semgrepProvider` (tools/semgrep.ts) which
|
|
88
|
+
* applies exclusions, suppressions, and the low-confidence filter
|
|
89
|
+
* internally. This layer only reshapes the envelope into
|
|
90
|
+
* `SecurityFinding[]` for the security report.
|
|
91
|
+
*/
|
|
92
|
+
async function gatherCodePatterns(cwd) {
|
|
93
|
+
const result = await dispatcher_1.defaultDispatcher.gather(cwd, descriptors_1.CODE_PATTERNS, (0, capabilities_1.providersFor)(descriptors_1.CODE_PATTERNS));
|
|
94
|
+
if (!result)
|
|
114
95
|
return { findings: [], toolUsed: null };
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
try {
|
|
127
|
-
const data = JSON.parse(raw);
|
|
128
|
-
if (!Array.isArray(data.results))
|
|
129
|
-
return { findings: [], toolUsed: 'semgrep' };
|
|
130
|
-
const findings = data.results
|
|
131
|
-
.filter((r) => {
|
|
132
|
-
// Skip LOW confidence to cut false positives
|
|
133
|
-
const conf = (r.extra.metadata?.confidence || '').toUpperCase();
|
|
134
|
-
return conf !== 'LOW';
|
|
135
|
-
})
|
|
136
|
-
.map((r) => ({
|
|
137
|
-
severity: mapSeverity(r.extra.severity, r.extra.metadata?.impact),
|
|
138
|
-
category: 'code',
|
|
139
|
-
cwe: r.extra.metadata?.cwe?.[0]?.split(':')[0] || '',
|
|
140
|
-
rule: r.check_id.split('.').slice(-1)[0],
|
|
141
|
-
title: r.extra.message.split('\n')[0].slice(0, 200),
|
|
142
|
-
file: r.path.replace(cwd + '/', '').replace(cwd, ''),
|
|
143
|
-
line: r.start.line,
|
|
144
|
-
tool: 'semgrep',
|
|
145
|
-
}));
|
|
146
|
-
return { findings, toolUsed: 'semgrep' };
|
|
147
|
-
}
|
|
148
|
-
catch {
|
|
149
|
-
return { findings: [], toolUsed: 'semgrep' };
|
|
150
|
-
}
|
|
96
|
+
const findings = result.findings.map((f) => ({
|
|
97
|
+
severity: f.severity,
|
|
98
|
+
category: 'code',
|
|
99
|
+
cwe: f.cwe,
|
|
100
|
+
rule: f.rule,
|
|
101
|
+
title: f.title,
|
|
102
|
+
file: f.file,
|
|
103
|
+
line: f.line,
|
|
104
|
+
tool: result.tool,
|
|
105
|
+
}));
|
|
106
|
+
return { findings, toolUsed: result.tool };
|
|
151
107
|
}
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
catch {
|
|
176
|
-
return null;
|
|
108
|
+
// ─── dependency CVEs via the capabilities dispatcher ────────────────────────
|
|
109
|
+
const EMPTY_DEP_VULNS = {
|
|
110
|
+
critical: 0,
|
|
111
|
+
high: 0,
|
|
112
|
+
medium: 0,
|
|
113
|
+
low: 0,
|
|
114
|
+
total: 0,
|
|
115
|
+
tool: null,
|
|
116
|
+
};
|
|
117
|
+
/**
|
|
118
|
+
* Aggregates dependency vulnerabilities across every active language pack
|
|
119
|
+
* via the capability dispatcher. Replaces the prior hardcoded `npm audit`
|
|
120
|
+
* implementation that silently ignored Python/Go/Rust/C# deps.
|
|
121
|
+
*
|
|
122
|
+
* Returns `EMPTY_DEP_VULNS` when no active pack exposes a depVulns
|
|
123
|
+
* provider, or when every provider returned null (no tool installed
|
|
124
|
+
* / nothing to audit).
|
|
125
|
+
*/
|
|
126
|
+
async function gatherDepVulns(cwd) {
|
|
127
|
+
const providers = [];
|
|
128
|
+
for (const lang of (0, languages_1.detectActiveLanguages)(cwd)) {
|
|
129
|
+
if (lang.capabilities?.depVulns)
|
|
130
|
+
providers.push(lang.capabilities.depVulns);
|
|
177
131
|
}
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
const
|
|
184
|
-
if (!result)
|
|
185
|
-
return { critical: 0, high: 0, medium: 0, low: 0, total: 0, tool: null };
|
|
132
|
+
if (providers.length === 0)
|
|
133
|
+
return EMPTY_DEP_VULNS;
|
|
134
|
+
const envelope = await dispatcher_1.defaultDispatcher.gather(cwd, descriptors_1.DEP_VULNS, providers);
|
|
135
|
+
if (!envelope)
|
|
136
|
+
return EMPTY_DEP_VULNS;
|
|
137
|
+
const { critical, high, medium, low } = envelope.counts;
|
|
186
138
|
return {
|
|
187
|
-
critical
|
|
188
|
-
high
|
|
189
|
-
medium
|
|
190
|
-
low
|
|
191
|
-
total:
|
|
192
|
-
tool:
|
|
139
|
+
critical,
|
|
140
|
+
high,
|
|
141
|
+
medium,
|
|
142
|
+
low,
|
|
143
|
+
total: critical + high + medium + low,
|
|
144
|
+
tool: envelope.tool,
|
|
193
145
|
};
|
|
194
146
|
}
|
|
195
147
|
//# sourceMappingURL=gather.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gather.js","sourceRoot":"","sources":["../../../src/analyzers/security/gather.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"gather.js","sourceRoot":"","sources":["../../../src/analyzers/security/gather.ts"],"names":[],"mappings":";;AA4BA,sCAkBC;AAID,gDAuCC;AAWD,gDAkBC;AAsBD,wCAmBC;AA/JD;;;;;;;;GAQG;AACH,4CAAsC;AACtC,oDAA0D;AAE1D,8CAAkD;AAClD,+CAAwD;AACxD,0EAA6F;AAC7F,+DAA4D;AAI5D,gFAAgF;AAEhF;;;;;;GAMG;AACI,KAAK,UAAU,aAAa,CAAC,GAAW;IAI7C,MAAM,MAAM,GAAG,MAAM,8BAAiB,CAAC,MAAM,CAAC,GAAG,EAAE,qBAAO,EAAE,IAAA,2BAAY,EAAC,qBAAO,CAAC,CAAC,CAAC;IACnF,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAErD,MAAM,QAAQ,GAAsB,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9D,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,QAAQ,EAAE,QAAiB;QAC3B,GAAG,EAAE,SAAS;QACd,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,oBAAoB,CAAC,CAAC,IAAI,EAAE;QAC9C,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,MAAM,CAAC,IAAI;KAClB,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;AAC7C,CAAC;AAED,+EAA+E;AAE/E,SAAgB,kBAAkB,CAAC,GAAW;IAC5C,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,IAAA,gCAAmB,EAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,mDAAmD;IAEpG,mCAAmC;IACnC,MAAM,QAAQ,GAAG,IAAA,YAAG,EAAC,iDAAiD,OAAO,cAAc,EAAE,GAAG,CAAC,CAAC;IAClG,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,SAAS;gBACd,IAAI,EAAE,kBAAkB;gBACxB,KAAK,EAAE,oCAAoC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE;gBAChE,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;gBACzB,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,MAAM;aACb,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,MAAM,QAAQ,GAAG,IAAA,YAAG,EAAC,sCAAsC,EAAE,GAAG,CAAC,CAAC;IAClE,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,SAAS;gBACd,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,6BAA6B,CAAC,EAAE;gBACvC,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,KAAK;aACZ,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,+EAA+E;AAE/E;;;;;;GAMG;AACI,KAAK,UAAU,kBAAkB,CAAC,GAAW;IAIlD,MAAM,MAAM,GAAG,MAAM,8BAAiB,CAAC,MAAM,CAAC,GAAG,EAAE,2BAAa,EAAE,IAAA,2BAAY,EAAC,2BAAa,CAAC,CAAC,CAAC;IAC/F,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAErD,MAAM,QAAQ,GAAsB,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9D,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,QAAQ,EAAE,MAAe;QACzB,GAAG,EAAE,CAAC,CAAC,GAAG;QACV,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,MAAM,CAAC,IAAI;KAClB,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;AAC7C,CAAC;AAED,+EAA+E;AAE/E,MAAM,eAAe,GAAmB;IACtC,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;IACN,KAAK,EAAE,CAAC;IACR,IAAI,EAAE,IAAI;CACX,CAAC;AAEF;;;;;;;;GAQG;AACI,KAAK,UAAU,cAAc,CAAC,GAAW;IAC9C,MAAM,SAAS,GAAwC,EAAE,CAAC;IAC1D,KAAK,MAAM,IAAI,IAAI,IAAA,iCAAqB,EAAC,GAAG,CAAC,EAAE,CAAC;QAC9C,IAAI,IAAI,CAAC,YAAY,EAAE,QAAQ;YAAE,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC9E,CAAC;IACD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,eAAe,CAAC;IAEnD,MAAM,QAAQ,GAAG,MAAM,8BAAiB,CAAC,MAAM,CAAC,GAAG,EAAE,uBAAS,EAAE,SAAS,CAAC,CAAC;IAC3E,IAAI,CAAC,QAAQ;QAAE,OAAO,eAAe,CAAC;IAEtC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC;IACxD,OAAO;QACL,QAAQ;QACR,IAAI;QACJ,MAAM;QACN,GAAG;QACH,KAAK,EAAE,QAAQ,GAAG,IAAI,GAAG,MAAM,GAAG,GAAG;QACrC,IAAI,EAAE,QAAQ,CAAC,IAAI;KACpB,CAAC;AACJ,CAAC"}
|
|
@@ -3,6 +3,6 @@ export type { SecurityReport, SecurityFinding } from './types';
|
|
|
3
3
|
export interface AnalyzeSecurityOptions {
|
|
4
4
|
verbose?: boolean;
|
|
5
5
|
}
|
|
6
|
-
export declare function analyzeSecurity(repoPath: string, options?: AnalyzeSecurityOptions): SecurityReport
|
|
6
|
+
export declare function analyzeSecurity(repoPath: string, options?: AnalyzeSecurityOptions): Promise<SecurityReport>;
|
|
7
7
|
export declare function formatSecurityReport(report: SecurityReport, elapsed: string): string;
|
|
8
8
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analyzers/security/index.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,cAAc,EAA6B,MAAM,SAAS,CAAC;AAEpE,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAE/D,MAAM,WAAW,sBAAsB;IACrC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAQD,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analyzers/security/index.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,cAAc,EAA6B,MAAM,SAAS,CAAC;AAEpE,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAE/D,MAAM,WAAW,sBAAsB;IACrC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAQD,wBAAsB,eAAe,CACnC,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,sBAA2B,GACnC,OAAO,CAAC,cAAc,CAAC,CA6CzB;AAED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CA0FpF"}
|
|
@@ -49,31 +49,36 @@ function countBySeverity(findings) {
|
|
|
49
49
|
counts[f.severity]++;
|
|
50
50
|
return counts;
|
|
51
51
|
}
|
|
52
|
-
function analyzeSecurity(repoPath, options = {}) {
|
|
52
|
+
async function analyzeSecurity(repoPath, options = {}) {
|
|
53
53
|
const verbose = !!options.verbose;
|
|
54
54
|
const stack = (0, detect_1.detect)(repoPath);
|
|
55
55
|
const toolsUsed = ['find', 'git'];
|
|
56
56
|
const toolsUnavailable = [];
|
|
57
|
-
// 1. Secrets (gitleaks)
|
|
58
|
-
const secrets = (0, timing_1.
|
|
57
|
+
// 1. Secrets (gitleaks) — dispatcher-driven via the SECRETS capability.
|
|
58
|
+
const secrets = await (0, timing_1.timedAsync)('gitleaks', verbose, () => (0, gather_1.gatherSecrets)(repoPath));
|
|
59
59
|
if (secrets.toolUsed)
|
|
60
60
|
toolsUsed.push(secrets.toolUsed);
|
|
61
61
|
else
|
|
62
62
|
toolsUnavailable.push('gitleaks');
|
|
63
63
|
// 2. File findings (private keys, .env)
|
|
64
64
|
const files = (0, timing_1.timed)('file-findings', verbose, () => (0, gather_1.gatherFileFindings)(repoPath));
|
|
65
|
-
// 3. Code patterns (semgrep)
|
|
66
|
-
const code = (0, timing_1.
|
|
65
|
+
// 3. Code patterns (semgrep) — dispatcher-driven via CODE_PATTERNS.
|
|
66
|
+
const code = await (0, timing_1.timedAsync)('semgrep', verbose, () => (0, gather_1.gatherCodePatterns)(repoPath));
|
|
67
67
|
if (code.toolUsed)
|
|
68
68
|
toolsUsed.push(code.toolUsed);
|
|
69
69
|
else
|
|
70
70
|
toolsUnavailable.push('semgrep');
|
|
71
|
-
// 4. Dependency CVEs
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
71
|
+
// 4. Dependency CVEs — capability dispatcher across every active language
|
|
72
|
+
// pack. The envelope's tool field already joins multiple sources
|
|
73
|
+
// ('pip-audit, npm-audit'); split it back out for toolsUsed.
|
|
74
|
+
const deps = await (0, timing_1.timedAsync)('dep-audit', verbose, () => (0, gather_1.gatherDepVulns)(repoPath));
|
|
75
|
+
if (deps.tool) {
|
|
76
|
+
for (const t of deps.tool.split(', '))
|
|
77
|
+
toolsUsed.push(t);
|
|
78
|
+
}
|
|
79
|
+
else {
|
|
80
|
+
toolsUnavailable.push('dep-audit');
|
|
81
|
+
}
|
|
77
82
|
const allFindings = [...secrets.findings, ...files, ...code.findings];
|
|
78
83
|
const counts = countBySeverity(allFindings);
|
|
79
84
|
return {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analyzers/security/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsBA,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analyzers/security/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsBA,0CAgDC;AAED,oDA0FC;AAlKD;;GAEG;AACH,2CAA6B;AAC7B,yCAAsC;AACtC,4CAAsC;AACtC,4CAAoD;AACpD,qCAAiG;AASjG,SAAS,eAAe,CAAC,QAA2B;IAClD,MAAM,MAAM,GAA6B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IACrF,KAAK,MAAM,CAAC,IAAI,QAAQ;QAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;IAC/C,OAAO,MAAM,CAAC;AAChB,CAAC;AAEM,KAAK,UAAU,eAAe,CACnC,QAAgB,EAChB,UAAkC,EAAE;IAEpC,MAAM,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAClC,MAAM,KAAK,GAAG,IAAA,eAAM,EAAC,QAAQ,CAAC,CAAC;IAC/B,MAAM,SAAS,GAAa,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAC5C,MAAM,gBAAgB,GAAa,EAAE,CAAC;IAEtC,wEAAwE;IACxE,MAAM,OAAO,GAAG,MAAM,IAAA,mBAAU,EAAC,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAA,sBAAa,EAAC,QAAQ,CAAC,CAAC,CAAC;IACrF,IAAI,OAAO,CAAC,QAAQ;QAAE,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;;QAClD,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAEvC,wCAAwC;IACxC,MAAM,KAAK,GAAG,IAAA,cAAK,EAAC,eAAe,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAA,2BAAkB,EAAC,QAAQ,CAAC,CAAC,CAAC;IAElF,oEAAoE;IACpE,MAAM,IAAI,GAAG,MAAM,IAAA,mBAAU,EAAC,SAAS,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAA,2BAAkB,EAAC,QAAQ,CAAC,CAAC,CAAC;IACtF,IAAI,IAAI,CAAC,QAAQ;QAAE,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;;QAC5C,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAEtC,0EAA0E;IAC1E,oEAAoE;IACpE,gEAAgE;IAChE,MAAM,IAAI,GAAG,MAAM,IAAA,mBAAU,EAAC,WAAW,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAA,uBAAc,EAAC,QAAQ,CAAC,CAAC,CAAC;IACpF,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC3D,CAAC;SAAM,CAAC;QACN,gBAAgB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACrC,CAAC;IAED,MAAM,WAAW,GAAG,CAAC,GAAG,OAAO,CAAC,QAAQ,EAAE,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;IAE5C,OAAO;QACL,IAAI,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAClD,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,SAAS,EAAE,IAAA,YAAG,EAAC,wCAAwC,EAAE,QAAQ,CAAC;QAClE,MAAM,EAAE,IAAA,YAAG,EAAC,6CAA6C,EAAE,QAAQ,CAAC;QACpE,OAAO,EAAE;YACP,QAAQ,EAAE,EAAE,GAAG,MAAM,EAAE,KAAK,EAAE,WAAW,CAAC,MAAM,EAAE;YAClD,YAAY,EAAE,IAAI;SACnB;QACD,QAAQ,EAAE,WAAW;QACrB,SAAS;QACT,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED,SAAgB,oBAAoB,CAAC,MAAsB,EAAE,OAAe;IAC1E,MAAM,CAAC,GAAa,EAAE,CAAC;IACvB,CAAC,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;IACtC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;IACtD,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC;IAC7D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,oBAAoB;IACpB,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC;IAClC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAC/B,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAC/B,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAC/B,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC;IACvC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC;IACnC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAClC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC;IACtC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,qBAAqB,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,KAAK,eAAe,CAAC,CAAC,IAAI,IAAI,CACxG,CAAC;IACJ,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,2EAA2E;IAC3E,wEAAwE;IACxE,qEAAqE;IACrE,YAAY;IACZ,MAAM,UAAU,GAA0C;QACxD,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,uBAAuB,EAAE;QACjD,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,6BAA6B,EAAE;QACrD,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,sBAAsB,EAAE;KACjD,CAAC;IACF,MAAM,MAAM,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAEnF,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ;aAC1B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,GAAG,CAAC;aACrC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC3D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEjC,CAAC,CAAC,IAAI,CAAC,MAAM,UAAU,KAAK,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;QACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YACtD,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;YACjE,IAAI,CAAC,CAAC,GAAG;gBAAE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;YACzC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YAC5C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACb,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,UAAU,EAAE,CAAC;IACf,CAAC;IAED,eAAe;IACf,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,MAAM,UAAU,8BAA8B,CAAC,CAAC;QACvD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC/B,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC/B,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC;QACvC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC;QACnC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC;QACrC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAClC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;QACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,SAAS;IACT,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzD,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,CAAC,CAAC,IAAI,CAAC,0BAA0B,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,sBAAsB,OAAO,GAAG,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,gFAAgF,CAAC,CAAC;IACzF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Markdown report formatter matching tmp/reports/vulnerability-scan-*.md format.
|
|
3
|
+
*/
|
|
4
|
+
import { SecurityReport } from './types';
|
|
5
|
+
export declare function formatSecurityReport(report: SecurityReport, elapsed: string): string;
|
|
6
|
+
//# sourceMappingURL=report.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"report.d.ts","sourceRoot":"","sources":["../../../src/analyzers/security/report.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,cAAc,EAAmB,MAAM,SAAS,CAAC;AA6C1D,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAuFpF"}
|
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.formatSecurityReport = formatSecurityReport;
|
|
4
|
+
const SEVERITY_ORDER = ['critical', 'high', 'medium', 'low'];
|
|
5
|
+
const CATEGORY_SECTIONS = [
|
|
6
|
+
{
|
|
7
|
+
key: 'secrets-and-keys',
|
|
8
|
+
title: '1. Secrets & Credentials Exposure',
|
|
9
|
+
filter: (f) => f.category === 'secret' || f.category === 'private-key',
|
|
10
|
+
},
|
|
11
|
+
{
|
|
12
|
+
key: 'code-vuln',
|
|
13
|
+
title: '2. Code Vulnerability Patterns',
|
|
14
|
+
filter: (f) => f.category === 'code-vuln',
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
key: 'config',
|
|
18
|
+
title: '3. Configuration Vulnerabilities',
|
|
19
|
+
filter: (f) => f.category === 'config',
|
|
20
|
+
},
|
|
21
|
+
];
|
|
22
|
+
function severityLabel(s) {
|
|
23
|
+
return s.toUpperCase();
|
|
24
|
+
}
|
|
25
|
+
function formatFinding(f) {
|
|
26
|
+
const lines = [];
|
|
27
|
+
lines.push(`### ${severityLabel(f.severity)}: ${f.description}`);
|
|
28
|
+
if (f.file) {
|
|
29
|
+
const loc = f.line ? `${f.file}:${f.line}` : f.file;
|
|
30
|
+
lines.push(`- **File:** \`${loc}\``);
|
|
31
|
+
}
|
|
32
|
+
if (f.cwe)
|
|
33
|
+
lines.push(`- **CWE:** ${f.cwe}`);
|
|
34
|
+
lines.push(`- **Rule:** ${f.rule}`);
|
|
35
|
+
if (f.snippet)
|
|
36
|
+
lines.push(`- **Snippet:** \`${f.snippet}\``);
|
|
37
|
+
if (f.remediation)
|
|
38
|
+
lines.push(`- **Remediation:** ${f.remediation}`);
|
|
39
|
+
lines.push('');
|
|
40
|
+
return lines.join('\n');
|
|
41
|
+
}
|
|
42
|
+
function formatSecurityReport(report, elapsed) {
|
|
43
|
+
const lines = [];
|
|
44
|
+
lines.push('# Vulnerability Scan Report');
|
|
45
|
+
lines.push('');
|
|
46
|
+
lines.push(`**Date:** ${report.analyzedAt.slice(0, 10)}`);
|
|
47
|
+
lines.push(`**Repository:** ${report.repo}`);
|
|
48
|
+
lines.push(`**Branch:** ${report.branch}`);
|
|
49
|
+
lines.push(`**Commit:** ${report.commitSha}`);
|
|
50
|
+
lines.push('');
|
|
51
|
+
lines.push('---');
|
|
52
|
+
lines.push('');
|
|
53
|
+
// Executive Summary
|
|
54
|
+
lines.push('## Executive Summary');
|
|
55
|
+
lines.push('');
|
|
56
|
+
lines.push('| Severity | Count |');
|
|
57
|
+
lines.push('|----------|-------|');
|
|
58
|
+
lines.push(`| CRITICAL | ${report.summary.critical} |`);
|
|
59
|
+
lines.push(`| HIGH | ${report.summary.high} |`);
|
|
60
|
+
lines.push(`| MEDIUM | ${report.summary.medium} |`);
|
|
61
|
+
lines.push(`| LOW | ${report.summary.low} |`);
|
|
62
|
+
lines.push(`| **Total** | **${report.summary.total}** |`);
|
|
63
|
+
lines.push('');
|
|
64
|
+
lines.push(`Overall severity: **${report.summary.overallSeverity.toUpperCase()}**. ` +
|
|
65
|
+
`Dependency audit flagged ${report.dependencies.total} vulnerable packages.`);
|
|
66
|
+
lines.push('');
|
|
67
|
+
lines.push('---');
|
|
68
|
+
lines.push('');
|
|
69
|
+
// Category sections — sorted by severity within each
|
|
70
|
+
for (const section of CATEGORY_SECTIONS) {
|
|
71
|
+
const sectionFindings = report.findings.filter(section.filter);
|
|
72
|
+
if (sectionFindings.length === 0)
|
|
73
|
+
continue;
|
|
74
|
+
lines.push(`## ${section.title}`);
|
|
75
|
+
lines.push('');
|
|
76
|
+
sectionFindings.sort((a, b) => SEVERITY_ORDER.indexOf(a.severity) - SEVERITY_ORDER.indexOf(b.severity));
|
|
77
|
+
for (const f of sectionFindings) {
|
|
78
|
+
lines.push(formatFinding(f));
|
|
79
|
+
}
|
|
80
|
+
lines.push('---');
|
|
81
|
+
lines.push('');
|
|
82
|
+
}
|
|
83
|
+
// Dependency section
|
|
84
|
+
lines.push('## 4. Dependency Vulnerabilities');
|
|
85
|
+
lines.push('');
|
|
86
|
+
lines.push(`**Tool:** ${report.dependencies.tool || 'not available'}`);
|
|
87
|
+
lines.push('');
|
|
88
|
+
lines.push('| Severity | Count |');
|
|
89
|
+
lines.push('|----------|-------|');
|
|
90
|
+
lines.push(`| Critical | ${report.dependencies.critical} |`);
|
|
91
|
+
lines.push(`| High | ${report.dependencies.high} |`);
|
|
92
|
+
lines.push(`| Medium | ${report.dependencies.medium} |`);
|
|
93
|
+
lines.push(`| Low | ${report.dependencies.low} |`);
|
|
94
|
+
lines.push(`| **Total** | **${report.dependencies.total}** |`);
|
|
95
|
+
lines.push('');
|
|
96
|
+
if (report.dependencies.subprojects && report.dependencies.subprojects.length > 0) {
|
|
97
|
+
lines.push('### By subproject');
|
|
98
|
+
lines.push('');
|
|
99
|
+
lines.push('| Subproject | Critical | High | Medium | Low | Total |');
|
|
100
|
+
lines.push('|------------|----------|------|--------|-----|-------|');
|
|
101
|
+
for (const sp of report.dependencies.subprojects) {
|
|
102
|
+
lines.push(`| ${sp.name} | ${sp.critical} | ${sp.high} | ${sp.medium} | ${sp.low} | ${sp.total} |`);
|
|
103
|
+
}
|
|
104
|
+
lines.push('');
|
|
105
|
+
}
|
|
106
|
+
lines.push('---');
|
|
107
|
+
lines.push('');
|
|
108
|
+
// Footer
|
|
109
|
+
lines.push(`**Tools used:** ${report.toolsUsed.join(', ')}`);
|
|
110
|
+
if (report.toolsUnavailable.length > 0) {
|
|
111
|
+
lines.push(`**Tools unavailable:** ${report.toolsUnavailable.join(', ')}`);
|
|
112
|
+
}
|
|
113
|
+
lines.push(`**Analysis time:** ${elapsed}s`);
|
|
114
|
+
lines.push('');
|
|
115
|
+
lines.push('*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*');
|
|
116
|
+
return lines.join('\n');
|
|
117
|
+
}
|
|
118
|
+
//# sourceMappingURL=report.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"report.js","sourceRoot":"","sources":["../../../src/analyzers/security/report.ts"],"names":[],"mappings":";;AAgDA,oDAuFC;AAlID,MAAM,cAAc,GAAkC,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;AAE5F,MAAM,iBAAiB,GAIlB;IACH;QACE,GAAG,EAAE,kBAAkB;QACvB,KAAK,EAAE,mCAAmC;QAC1C,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,QAAQ,KAAK,aAAa;KACvE;IACD;QACE,GAAG,EAAE,WAAW;QAChB,KAAK,EAAE,gCAAgC;QACvC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,WAAW;KAC1C;IACD;QACE,GAAG,EAAE,QAAQ;QACb,KAAK,EAAE,kCAAkC;QACzC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ;KACvC;CACF,CAAC;AAEF,SAAS,aAAa,CAAC,CAA8B;IACnD,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;AACzB,CAAC;AAED,SAAS,aAAa,CAAC,CAAkB;IACvC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,OAAO,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACjE,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QACX,MAAM,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACpD,KAAK,CAAC,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAC;IACvC,CAAC;IACD,IAAI,CAAC,CAAC,GAAG;QAAE,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAC7C,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACpC,IAAI,CAAC,CAAC,OAAO;QAAE,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC;IAC7D,IAAI,CAAC,CAAC,WAAW;QAAE,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACrE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,oBAAoB,CAAC,MAAsB,EAAE,OAAe;IAC1E,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;IAC1C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;IAC1D,KAAK,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7C,KAAK,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3C,KAAK,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;IAC9C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,oBAAoB;IACpB,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,OAAO,CAAC,QAAQ,IAAI,CAAC,CAAC;IACxD,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC;IACpD,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,CAAC;IACtD,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;IACnD,KAAK,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,OAAO,CAAC,KAAK,MAAM,CAAC,CAAC;IAC1D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CACR,uBAAuB,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,WAAW,EAAE,MAAM;QACvE,4BAA4B,MAAM,CAAC,YAAY,CAAC,KAAK,uBAAuB,CAC/E,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,qDAAqD;IACrD,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;QACxC,MAAM,eAAe,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC/D,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAE3C,KAAK,CAAC,IAAI,CAAC,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,eAAe,CAAC,IAAI,CAClB,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAClF,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,eAAe,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/B,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,qBAAqB;IACrB,KAAK,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAC/C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,YAAY,CAAC,IAAI,IAAI,eAAe,EAAE,CAAC,CAAC;IACvE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,YAAY,CAAC,QAAQ,IAAI,CAAC,CAAC;IAC7D,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,YAAY,CAAC,IAAI,IAAI,CAAC,CAAC;IACzD,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,YAAY,CAAC,MAAM,IAAI,CAAC,CAAC;IAC3D,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC;IACxD,KAAK,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,YAAY,CAAC,KAAK,MAAM,CAAC,CAAC;IAC/D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,MAAM,CAAC,YAAY,CAAC,WAAW,IAAI,MAAM,CAAC,YAAY,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClF,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;QACtE,KAAK,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;QACtE,KAAK,MAAM,EAAE,IAAI,MAAM,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,IAAI,MAAM,EAAE,CAAC,QAAQ,MAAM,EAAE,CAAC,IAAI,MAAM,EAAE,CAAC,MAAM,MAAM,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,KAAK,IAAI,CAAC,CAAC;QACtG,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,SAAS;IACT,KAAK,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7D,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,KAAK,CAAC,IAAI,CAAC,0BAA0B,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,sBAAsB,OAAO,GAAG,CAAC,CAAC;IAC7C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,gFAAgF,CAAC,CAAC;IAE7F,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -5,6 +5,7 @@
|
|
|
5
5
|
* (delegating to it), but Phase 4b+ can switch to using the deep
|
|
6
6
|
* analyzer's findings for more accurate scoring.
|
|
7
7
|
*/
|
|
8
|
-
import {
|
|
9
|
-
|
|
8
|
+
import { DimensionScore } from '../types';
|
|
9
|
+
import { ScoreInput } from '../scoring';
|
|
10
|
+
export declare function scoreSecurityDimension(input: ScoreInput): DimensionScore;
|
|
10
11
|
//# sourceMappingURL=shallow.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shallow.d.ts","sourceRoot":"","sources":["../../../src/analyzers/security/shallow.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"shallow.d.ts","sourceRoot":"","sources":["../../../src/analyzers/security/shallow.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAiB,MAAM,YAAY,CAAC;AAEvD,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,UAAU,GAAG,cAAc,CAExE"}
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.scoreSecurityDimension = scoreSecurityDimension;
|
|
4
4
|
const scoring_1 = require("../scoring");
|
|
5
|
-
function scoreSecurityDimension(
|
|
6
|
-
return (0, scoring_1.scoreSecurity)(
|
|
5
|
+
function scoreSecurityDimension(input) {
|
|
6
|
+
return (0, scoring_1.scoreSecurity)(input);
|
|
7
7
|
}
|
|
8
8
|
//# sourceMappingURL=shallow.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shallow.js","sourceRoot":"","sources":["../../../src/analyzers/security/shallow.ts"],"names":[],"mappings":";;AAUA,wDAEC;AAJD,
|
|
1
|
+
{"version":3,"file":"shallow.js","sourceRoot":"","sources":["../../../src/analyzers/security/shallow.ts"],"names":[],"mappings":";;AAUA,wDAEC;AAJD,wCAAuD;AAEvD,SAAgB,sBAAsB,CAAC,KAAiB;IACtD,OAAO,IAAA,uBAAa,EAAC,KAAK,CAAC,CAAC;AAC9B,CAAC"}
|
|
@@ -10,7 +10,7 @@ function buildTestGapsDetailed(report) {
|
|
|
10
10
|
const actions = (0, remediation_1.rank)((0, actions_1.buildTestGapsActions)(report), counts, scoring_1.scoreTestGapsCounts);
|
|
11
11
|
return {
|
|
12
12
|
...report,
|
|
13
|
-
schemaVersion: '
|
|
13
|
+
schemaVersion: '11',
|
|
14
14
|
coverageScore: (0, scoring_1.scoreTestGapsCounts)(counts).score,
|
|
15
15
|
actions,
|
|
16
16
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"detailed.js","sourceRoot":"","sources":["../../../src/analyzers/tests/detailed.ts"],"names":[],"mappings":";;AAcA,sDASC;AAID,wEA8GC;AArID,gDAAoD;AACpD,uCAAmE;AACnE,uCAAgE;AAQhE,SAAgB,qBAAqB,CAAC,MAAsB;IAC1D,MAAM,MAAM,GAAG,IAAA,0BAAgB,EAAC,MAAM,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,IAAA,kBAAI,EAAC,IAAA,8BAAoB,EAAC,MAAM,CAAC,EAAE,MAAM,EAAE,6BAAmB,CAAC,CAAC;IAChF,OAAO;QACL,GAAG,MAAM;QACT,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"detailed.js","sourceRoot":"","sources":["../../../src/analyzers/tests/detailed.ts"],"names":[],"mappings":";;AAcA,sDASC;AAID,wEA8GC;AArID,gDAAoD;AACpD,uCAAmE;AACnE,uCAAgE;AAQhE,SAAgB,qBAAqB,CAAC,MAAsB;IAC1D,MAAM,MAAM,GAAG,IAAA,0BAAgB,EAAC,MAAM,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,IAAA,kBAAI,EAAC,IAAA,8BAAoB,EAAC,MAAM,CAAC,EAAE,MAAM,EAAE,6BAAmB,CAAC,CAAC;IAChF,OAAO;QACL,GAAG,MAAM;QACT,aAAa,EAAE,IAAI;QACnB,aAAa,EAAE,IAAA,6BAAmB,EAAC,MAAM,CAAC,CAAC,KAAK;QAChD,OAAO;KACR,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,GAA6B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;AAEzF,SAAgB,8BAA8B,CAC5C,QAAgC,EAChC,OAAe;IAEf,MAAM,CAAC,GAAa,EAAE,CAAC;IACvB,MAAM,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC;IAE3B,CAAC,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,aAAa,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;IACxD,CAAC,CAAC,IAAI,CAAC,mBAAmB,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3C,CAAC,CAAC,IAAI,CAAC,eAAe,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,SAAS,GAAG,CAAC,CAAC;IACjE,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,iBAAiB,GAAG,CAAC,CAAC;IAC1D,CAAC,CAAC,IAAI,CAAC,4BAA4B,QAAQ,CAAC,aAAa,MAAM,CAAC,CAAC;IACjE,CAAC,CAAC,IAAI,CAAC,uBAAuB,QAAQ,CAAC,aAAa,EAAE,CAAC,CAAC;IACxD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,UAAU;IACV,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACrB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAC7B,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAC7B,CAAC,CAAC,IAAI,CACJ,kBAAkB,CAAC,CAAC,SAAS,aAAa,CAAC,CAAC,eAAe,oBAAoB,CAAC,CAAC,iBAAiB,KAAK,CACxG,CAAC;IACF,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC;IAC9C,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,gBAAgB,IAAI,CAAC,CAAC;IAC1D,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC;IAClD,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,cAAc,IAAI,CAAC,CAAC;IACtD,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,UAAU;IACV,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IACjC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,CAAC,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC3E,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QAC/C,CAAC,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QAC/C,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YAChC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC,UAAU,MAAM,CAAC,CAAC,cAAc,QAAQ,CAAC,CAAC;QACnF,CAAC,CAAC,CAAC;QACH,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACjC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC;YAC5C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACX,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;YAChC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,aAAa,MAAM,CAAC,CAAC;YACjD,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,cAAc,MAAM,CAAC,CAAC;YACnD,IAAI,CAAC,CAAC,SAAS;gBAAE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;YACrD,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACtB,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBACvB,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;oBACxC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;gBACvD,CAAC;gBACD,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE;oBAAE,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC,CAAC;YACjF,CAAC;YACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACb,CAAC;IACH,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,8BAA8B;IAC9B,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IACnC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,MAAM,MAAM,GAAiB,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAClD,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CACvE,CAAC;IACF,MAAM,OAAO,GAAmC;QAC9C,QAAQ,EAAE,EAAE;QACZ,IAAI,EAAE,EAAE;QACR,MAAM,EAAE,EAAE;QACV,GAAG,EAAE,EAAE;KACR,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,MAAM;QAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEhD,KAAK,MAAM,IAAI,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAe,EAAE,CAAC;QACvE,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QACjC,CAAC,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;QACtD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAClC,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACnC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE;YAAE,CAAC,CAAC,IAAI,CAAC,WAAW,KAAK,CAAC,MAAM,GAAG,EAAE,aAAa,CAAC,CAAC;QACzE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,CAAC,CAAC,IAAI,CAAC,mBAAmB,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3D,IAAI,QAAQ,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzC,CAAC,CAAC,IAAI,CAAC,0BAA0B,QAAQ,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,sBAAsB,OAAO,GAAG,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CACJ,gGAAgG,CACjG,CAAC;IACF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC"}
|