@vyuhlabs/dxkit 2.10.0 → 2.11.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +122 -0
- package/dist/allowlist/cli.d.ts +23 -23
- package/dist/allowlist/cli.d.ts.map +1 -1
- package/dist/allowlist/cli.js +72 -34
- package/dist/allowlist/cli.js.map +1 -1
- package/dist/allowlist/file.d.ts +7 -1
- package/dist/allowlist/file.d.ts.map +1 -1
- package/dist/allowlist/file.js +7 -1
- package/dist/allowlist/file.js.map +1 -1
- package/dist/analysis-result.d.ts +10 -0
- package/dist/analysis-result.d.ts.map +1 -1
- package/dist/analyzers/cache.d.ts +1 -0
- package/dist/analyzers/cache.d.ts.map +1 -1
- package/dist/analyzers/cache.js +69 -0
- package/dist/analyzers/cache.js.map +1 -1
- package/dist/analyzers/security/aggregator.d.ts +90 -90
- package/dist/analyzers/security/aggregator.d.ts.map +1 -1
- package/dist/analyzers/security/aggregator.js +140 -56
- package/dist/analyzers/security/aggregator.js.map +1 -1
- package/dist/analyzers/security/gather.d.ts +2 -0
- package/dist/analyzers/security/gather.d.ts.map +1 -1
- package/dist/analyzers/security/gather.js +30 -4
- package/dist/analyzers/security/gather.js.map +1 -1
- package/dist/analyzers/security/types.d.ts +29 -7
- package/dist/analyzers/security/types.d.ts.map +1 -1
- package/dist/analyzers/tools/fingerprint.d.ts +133 -20
- package/dist/analyzers/tools/fingerprint.d.ts.map +1 -1
- package/dist/analyzers/tools/fingerprint.js +194 -20
- package/dist/analyzers/tools/fingerprint.js.map +1 -1
- package/dist/analyzers/tools/gitleaks.d.ts +2 -2
- package/dist/analyzers/tools/gitleaks.d.ts.map +1 -1
- package/dist/analyzers/tools/gitleaks.js +7 -1
- package/dist/analyzers/tools/gitleaks.js.map +1 -1
- package/dist/analyzers/tools/graphify.d.ts.map +1 -1
- package/dist/analyzers/tools/graphify.js +28 -0
- package/dist/analyzers/tools/graphify.js.map +1 -1
- package/dist/analyzers/tools/grep-secrets.d.ts.map +1 -1
- package/dist/analyzers/tools/grep-secrets.js +22 -12
- package/dist/analyzers/tools/grep-secrets.js.map +1 -1
- package/dist/analyzers/tools/salt.d.ts +68 -0
- package/dist/analyzers/tools/salt.d.ts.map +1 -0
- package/dist/{baseline → analyzers/tools}/salt.js +59 -18
- package/dist/analyzers/tools/salt.js.map +1 -0
- package/dist/analyzers/tools/semgrep.d.ts +7 -7
- package/dist/analyzers/tools/semgrep.d.ts.map +1 -1
- package/dist/analyzers/tools/semgrep.js +14 -7
- package/dist/analyzers/tools/semgrep.js.map +1 -1
- package/dist/analyzers/tools/tool-registry.js +4 -4
- package/dist/baseline/baseline-file.d.ts +9 -2
- package/dist/baseline/baseline-file.d.ts.map +1 -1
- package/dist/baseline/baseline-file.js.map +1 -1
- package/dist/baseline/check-renderers.d.ts.map +1 -1
- package/dist/baseline/check-renderers.js +14 -0
- package/dist/baseline/check-renderers.js.map +1 -1
- package/dist/baseline/check.d.ts +33 -0
- package/dist/baseline/check.d.ts.map +1 -1
- package/dist/baseline/check.js +78 -2
- package/dist/baseline/check.js.map +1 -1
- package/dist/baseline/create.d.ts +1 -1
- package/dist/baseline/create.d.ts.map +1 -1
- package/dist/baseline/create.js +3 -1
- package/dist/baseline/create.js.map +1 -1
- package/dist/baseline/finding-identity.d.ts +20 -13
- package/dist/baseline/finding-identity.d.ts.map +1 -1
- package/dist/baseline/finding-identity.js +51 -20
- package/dist/baseline/finding-identity.js.map +1 -1
- package/dist/baseline/migrate.d.ts +94 -0
- package/dist/baseline/migrate.d.ts.map +1 -0
- package/dist/baseline/migrate.js +238 -0
- package/dist/baseline/migrate.js.map +1 -0
- package/dist/baseline/producers/security.d.ts +9 -9
- package/dist/baseline/producers/security.d.ts.map +1 -1
- package/dist/baseline/producers/security.js +16 -4
- package/dist/baseline/producers/security.js.map +1 -1
- package/dist/baseline/types.d.ts +145 -95
- package/dist/baseline/types.d.ts.map +1 -1
- package/dist/baseline/types.js +30 -26
- package/dist/baseline/types.js.map +1 -1
- package/dist/explore/context-hook-format.d.ts +55 -0
- package/dist/explore/context-hook-format.d.ts.map +1 -0
- package/dist/explore/context-hook-format.js +153 -0
- package/dist/explore/context-hook-format.js.map +1 -0
- package/dist/explore/context-hook.d.ts +8 -18
- package/dist/explore/context-hook.d.ts.map +1 -1
- package/dist/explore/context-hook.js +24 -87
- package/dist/explore/context-hook.js.map +1 -1
- package/dist/explore/finding-context.d.ts +17 -0
- package/dist/explore/finding-context.d.ts.map +1 -1
- package/dist/explore/finding-context.js +34 -0
- package/dist/explore/finding-context.js.map +1 -1
- package/dist/explore/queries.d.ts +32 -15
- package/dist/explore/queries.d.ts.map +1 -1
- package/dist/explore/queries.js +36 -6
- package/dist/explore/queries.js.map +1 -1
- package/dist/ingest/normalize.d.ts +1 -1
- package/dist/ingest/normalize.d.ts.map +1 -1
- package/dist/ingest/normalize.js +5 -1
- package/dist/ingest/normalize.js.map +1 -1
- package/dist/ingest/sarif.d.ts.map +1 -1
- package/dist/ingest/sarif.js +16 -7
- package/dist/ingest/sarif.js.map +1 -1
- package/dist/ingest/types.d.ts +23 -12
- package/dist/ingest/types.d.ts.map +1 -1
- package/dist/languages/capabilities/types.d.ts +64 -53
- package/dist/languages/capabilities/types.d.ts.map +1 -1
- package/dist/languages/capabilities/types.js +4 -4
- package/dist/update.d.ts.map +1 -1
- package/dist/update.js +49 -0
- package/dist/update.js.map +1 -1
- package/dist/upgrade.d.ts.map +1 -1
- package/dist/upgrade.js +2 -1
- package/dist/upgrade.js.map +1 -1
- package/package.json +6 -3
- package/templates/.claude/skills/dxkit-update/SKILL.md +45 -4
- package/dist/baseline/salt.d.ts +0 -45
- package/dist/baseline/salt.d.ts.map +0 -1
- package/dist/baseline/salt.js.map +0 -1
package/dist/baseline/check.d.ts
CHANGED
|
@@ -172,7 +172,40 @@ export interface GuardrailCheckResult {
|
|
|
172
172
|
* see new suppressions being introduced. Absent when the
|
|
173
173
|
* baseline SHA wasn't reachable to diff against. */
|
|
174
174
|
readonly allowlistDelta: AllowlistDelta;
|
|
175
|
+
/** Kinds dropped from the diff because the resolved mode can't gather
|
|
176
|
+
* them comparably on the prior side. Populated only in `ref-based`
|
|
177
|
+
* mode: `duplication` + `test-gap` depend on build artifacts (jscpd's
|
|
178
|
+
* `node_modules`, the coverage report) that don't exist in a detached
|
|
179
|
+
* worktree, so the prior side systematically under-produces them and a
|
|
180
|
+
* naive diff would flag the entire current set as net-new. They're
|
|
181
|
+
* excluded from BOTH sides instead; this records what was dropped so
|
|
182
|
+
* renderers can disclose "not gated in ref-based mode — use
|
|
183
|
+
* committed-full to gate these." Empty in committed modes. */
|
|
184
|
+
readonly refExcludedKinds: ReadonlyArray<{
|
|
185
|
+
readonly kind: BaselineEntry['kind'];
|
|
186
|
+
readonly currentCount: number;
|
|
187
|
+
}>;
|
|
175
188
|
}
|
|
189
|
+
/**
|
|
190
|
+
* Apply the ref-based-mode kind exclusion to both sides of the diff.
|
|
191
|
+
*
|
|
192
|
+
* In ref-based mode the prior side is gathered from a detached worktree
|
|
193
|
+
* that can't produce the build-artifact-dependent kinds (REF_UNRELIABLE_KINDS),
|
|
194
|
+
* so they're dropped from BOTH sides to keep the comparison symmetric —
|
|
195
|
+
* otherwise the current side's full set has nothing to match against and
|
|
196
|
+
* every one reads as a net-new regression. The dropped current-side counts
|
|
197
|
+
* are returned for disclosure. In committed modes nothing is excluded.
|
|
198
|
+
*
|
|
199
|
+
* Pure + exported so the exclusion behavior is unit-testable without
|
|
200
|
+
* driving the (slow, environment-dependent) gather pipeline.
|
|
201
|
+
*/
|
|
202
|
+
export declare function partitionForRefBasedDiff<T extends {
|
|
203
|
+
readonly kind: BaselineEntry['kind'];
|
|
204
|
+
}>(priorFindings: ReadonlyArray<T>, currentFindings: ReadonlyArray<T>, isRefBased: boolean): {
|
|
205
|
+
diffablePrior: ReadonlyArray<T>;
|
|
206
|
+
diffableCurrent: ReadonlyArray<T>;
|
|
207
|
+
refExcludedKinds: GuardrailCheckResult['refExcludedKinds'];
|
|
208
|
+
};
|
|
176
209
|
/**
|
|
177
210
|
* Run the guardrail-check pipeline. Pure-orchestrator: loads the
|
|
178
211
|
* baseline, gathers current state, runs the matcher + classifier,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check.d.ts","sourceRoot":"","sources":["../../src/baseline/check.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AAMH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAO5C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAEpD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAKhD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,OAAO,KAAK,EAAE,gBAAgB,EAAmB,cAAc,EAAE,MAAM,UAAU,CAAC;AAGlF,OAAO,KAAK,EAAE,aAAa,EAAa,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"check.d.ts","sourceRoot":"","sources":["../../src/baseline/check.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AAMH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAO5C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAEpD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAKhD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,OAAO,KAAK,EAAE,gBAAgB,EAAmB,cAAc,EAAE,MAAM,UAAU,CAAC;AAGlF,OAAO,KAAK,EAAE,aAAa,EAAa,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAGjG,OAAO,EAAyB,KAAK,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAE/E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAEjE,MAAM,WAAW,wBAAwB;IACvC,oEAAoE;IACpE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB;gCAC4B;IAC5B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;2DAEuD;IACvD,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B;;gBAEY;IACZ,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC;IAC/B;;;;;0CAKsC;IACtC,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,sEAAsE;IACtE,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B;;8CAE0C;IAC1C,QAAQ,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IACrC;;oBAEgB;IAChB,QAAQ,CAAC,OAAO,CAAC,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC;IACxC;2DACuD;IACvD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;;;;GAKG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC;IACzB,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC;mEAC+D;IAC/D,QAAQ,CAAC,QAAQ,CAAC,EAAE,eAAe,CAAC;IACpC;gCAC4B;IAC5B,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACrC;mCAC+B;IAC/B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;;uBAKmB;IACnB,QAAQ,CAAC,oBAAoB,CAAC,EAAE,OAAO,CAAC;IACxC;;;;;yEAKqE;IACrE,QAAQ,CAAC,qBAAqB,CAAC,EAAE,oBAAoB,CAAC;CACvD;AAED;;;;;GAKG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC;IACrC;mCAC+B;IAC/B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,oBAAoB,EAAE,OAAO,CAAC;IACvC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,mBAAmB,EAAE,OAAO,CAAC;IACtC,6DAA6D;IAC7D,QAAQ,CAAC,gBAAgB,EAAE,aAAa,CAAC;QACvC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,eAAe,EAAE,MAAM,GAAG,SAAS,CAAC;QAC7C,QAAQ,CAAC,cAAc,EAAE,MAAM,GAAG,SAAS,CAAC;KAC7C,CAAC,CAAC;IACH;;;;kDAI8C;IAC9C,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;CACtD;AAED,MAAM,WAAW,oBAAoB;IACnC;;uDAEmD;IACnD,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B;;uCAEmC;IACnC,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAChC,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC;IAC9B,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC;IAClC,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IAC9C,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAClC;+BAC2B;IAC3B,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB;sCACkC;IAClC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB;;;;yDAIqD;IACrD,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC;;;;;;;;mEAQ+D;IAC/D,QAAQ,CAAC,gBAAgB,EAAE,aAAa,CAAC;QACvC,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;QACrC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;KAC/B,CAAC,CAAC;CACJ;AAoBD;;;;;;;;;;;;GAYG;AACH,wBAAgB,wBAAwB,CAAC,CAAC,SAAS;IAAE,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC,CAAA;CAAE,EACzF,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,EAC/B,eAAe,EAAE,aAAa,CAAC,CAAC,CAAC,EACjC,UAAU,EAAE,OAAO,GAClB;IACD,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC;IAChC,eAAe,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC;IAClC,gBAAgB,EAAE,oBAAoB,CAAC,kBAAkB,CAAC,CAAC;CAC5D,CAoBA;AAwBD;;;;GAIG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,wBAAwB,GAChC,OAAO,CAAC,oBAAoB,CAAC,CAoM/B;AA8KD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,uBAAuB,CACrC,SAAS,EAAE,aAAa,EACxB,WAAW,EAAE,aAAa,EAC1B,GAAG,EAAE,IAAI,GACR,oBAAoB,GAAG,SAAS,CAYlC"}
|
package/dist/baseline/check.js
CHANGED
|
@@ -70,6 +70,7 @@ var __importStar = (this && this.__importStar) || (function () {
|
|
|
70
70
|
};
|
|
71
71
|
})();
|
|
72
72
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
73
|
+
exports.partitionForRefBasedDiff = partitionForRefBasedDiff;
|
|
73
74
|
exports.runGuardrailCheck = runGuardrailCheck;
|
|
74
75
|
exports.allowlistSuppressionFor = allowlistSuppressionFor;
|
|
75
76
|
const child_process_1 = require("child_process");
|
|
@@ -84,8 +85,60 @@ const modes_1 = require("./modes");
|
|
|
84
85
|
const policy_1 = require("./policy");
|
|
85
86
|
const ref_baseline_1 = require("./ref-baseline");
|
|
86
87
|
const sanitize_1 = require("./sanitize");
|
|
88
|
+
const types_1 = require("./types");
|
|
87
89
|
const diff_1 = require("../allowlist/diff");
|
|
88
90
|
const file_1 = require("../allowlist/file");
|
|
91
|
+
/**
|
|
92
|
+
* Finding kinds that cannot be gathered comparably from a detached git
|
|
93
|
+
* worktree, so ref-based mode must not diff them. `duplication` runs
|
|
94
|
+
* jscpd, which needs the project's `node_modules`; `test-gap` reads the
|
|
95
|
+
* coverage report — neither exists in a bare `git worktree add` checkout.
|
|
96
|
+
* The prior (worktree) side therefore under-produces these systematically
|
|
97
|
+
* while the current (working-tree) side produces them in full, so a
|
|
98
|
+
* straight diff reports the entire current set as net-new regressions.
|
|
99
|
+
* Confirmed empirically: gathering the SAME commit via cwd vs a worktree
|
|
100
|
+
* differed only here (duplication 15→0, test-gap 44→12). Excluded from
|
|
101
|
+
* both sides in ref-based mode; committed-full (which captures them once
|
|
102
|
+
* from a fully-provisioned tree) is the mode that gates them. (D-G4.)
|
|
103
|
+
*/
|
|
104
|
+
const REF_UNRELIABLE_KINDS = new Set([
|
|
105
|
+
'duplication',
|
|
106
|
+
'test-gap',
|
|
107
|
+
]);
|
|
108
|
+
/**
|
|
109
|
+
* Apply the ref-based-mode kind exclusion to both sides of the diff.
|
|
110
|
+
*
|
|
111
|
+
* In ref-based mode the prior side is gathered from a detached worktree
|
|
112
|
+
* that can't produce the build-artifact-dependent kinds (REF_UNRELIABLE_KINDS),
|
|
113
|
+
* so they're dropped from BOTH sides to keep the comparison symmetric —
|
|
114
|
+
* otherwise the current side's full set has nothing to match against and
|
|
115
|
+
* every one reads as a net-new regression. The dropped current-side counts
|
|
116
|
+
* are returned for disclosure. In committed modes nothing is excluded.
|
|
117
|
+
*
|
|
118
|
+
* Pure + exported so the exclusion behavior is unit-testable without
|
|
119
|
+
* driving the (slow, environment-dependent) gather pipeline.
|
|
120
|
+
*/
|
|
121
|
+
function partitionForRefBasedDiff(priorFindings, currentFindings, isRefBased) {
|
|
122
|
+
if (!isRefBased) {
|
|
123
|
+
return {
|
|
124
|
+
diffablePrior: priorFindings,
|
|
125
|
+
diffableCurrent: currentFindings,
|
|
126
|
+
refExcludedKinds: [],
|
|
127
|
+
};
|
|
128
|
+
}
|
|
129
|
+
const keep = (f) => !REF_UNRELIABLE_KINDS.has(f.kind);
|
|
130
|
+
const refExcludedKinds = [...REF_UNRELIABLE_KINDS]
|
|
131
|
+
.map((kind) => ({
|
|
132
|
+
kind,
|
|
133
|
+
currentCount: currentFindings.filter((f) => f.kind === kind).length,
|
|
134
|
+
}))
|
|
135
|
+
.filter((e) => e.currentCount > 0);
|
|
136
|
+
return {
|
|
137
|
+
diffablePrior: priorFindings.filter(keep),
|
|
138
|
+
diffableCurrent: currentFindings.filter(keep),
|
|
139
|
+
refExcludedKinds,
|
|
140
|
+
};
|
|
141
|
+
}
|
|
89
142
|
const KIND_DEFAULT_SEVERITY = Object.freeze({
|
|
90
143
|
secret: 'high',
|
|
91
144
|
code: 'medium',
|
|
@@ -128,9 +181,30 @@ async function runGuardrailCheck(options) {
|
|
|
128
181
|
// `BaselineFile`-shaped value so the matcher / classifier
|
|
129
182
|
// downstream stay mode-agnostic.
|
|
130
183
|
const { baseline, baselinePath } = await loadPriorSide(cwd, mode, options);
|
|
184
|
+
// A committed baseline minted under an older identity scheme cannot be
|
|
185
|
+
// meaningfully diffed against the current one — every finding's id
|
|
186
|
+
// changed, so the matcher would report all pre-existing findings as
|
|
187
|
+
// net-new. Stop with an actionable message instead of that confusing
|
|
188
|
+
// churn. (ref-based re-gathers the prior side with the current dxkit, so
|
|
189
|
+
// it is always current-scheme and exempt; a baseline written before this
|
|
190
|
+
// field existed reads as the original 'v1'.)
|
|
191
|
+
if (mode.mode !== 'ref-based') {
|
|
192
|
+
const baselineScheme = baseline.identityScheme ?? 'v1';
|
|
193
|
+
if (baselineScheme !== types_1.CURRENT_IDENTITY_SCHEME) {
|
|
194
|
+
throw new Error(`Baseline "${baseline.name}" was captured under finding-identity scheme ` +
|
|
195
|
+
`${baselineScheme}, but this dxkit mints ${types_1.CURRENT_IDENTITY_SCHEME}. The identity ` +
|
|
196
|
+
`scheme changed between versions; diffing across schemes would flag every existing ` +
|
|
197
|
+
`finding as net-new. Run \`vyuh-dxkit update\` to migrate the baseline + allowlist ` +
|
|
198
|
+
`automatically, or \`vyuh-dxkit baseline create --force\` to re-anchor manually.`);
|
|
199
|
+
}
|
|
200
|
+
}
|
|
131
201
|
const current = await (0, create_1.gatherCurrentScan)({ cwd, verbose: options.verbose });
|
|
132
|
-
|
|
133
|
-
|
|
202
|
+
// In ref-based mode the prior side came from a detached worktree that
|
|
203
|
+
// can't gather the build-artifact-dependent kinds; drop them from both
|
|
204
|
+
// sides so the diff stays symmetric (see partitionForRefBasedDiff).
|
|
205
|
+
const { diffablePrior, diffableCurrent, refExcludedKinds } = partitionForRefBasedDiff(baseline.findings, current.findings, mode.mode === 'ref-based');
|
|
206
|
+
const priorLocated = (0, entry_to_located_1.entriesToLocated)(diffablePrior);
|
|
207
|
+
const currentLocated = (0, entry_to_located_1.entriesToLocated)(diffableCurrent);
|
|
134
208
|
// The matcher needs the baseline's anchor commit to drive `git
|
|
135
209
|
// diff`. Empty string is the canonical "not a git repo at capture
|
|
136
210
|
// time" value; the matcher's reachability check handles it by
|
|
@@ -255,6 +329,7 @@ async function runGuardrailCheck(options) {
|
|
|
255
329
|
blocks: options.changedOnly ? filteredBlocks : blocks,
|
|
256
330
|
warns: options.changedOnly ? filteredWarns : warns,
|
|
257
331
|
allowlistDelta,
|
|
332
|
+
refExcludedKinds,
|
|
258
333
|
};
|
|
259
334
|
}
|
|
260
335
|
// `resolvePolicy` moved to `./policy.ts` so `createBaseline` and
|
|
@@ -564,6 +639,7 @@ async function loadPriorSide(cwd, mode, options) {
|
|
|
564
639
|
analysis: refScan.analysisMeta,
|
|
565
640
|
tools: refScan.tools,
|
|
566
641
|
saltMode: refScan.saltMode,
|
|
642
|
+
identityScheme: types_1.CURRENT_IDENTITY_SCHEME,
|
|
567
643
|
findings: refScan.findings,
|
|
568
644
|
};
|
|
569
645
|
return { baseline };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check.js","sourceRoot":"","sources":["../../src/baseline/check.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiMH,8CAwKC;AAiMD,0DAgBC;AAxjBD,iDAA6C;AAC7C,uCAAyB;AACzB,2CAA6B;AAC7B,qCAA6C;AAE7C,mDAKyB;AAEzB,yCAA0C;AAE1C,yDAAsD;AACtD,uDAAkD;AAElD,mCAA8C;AAE9C,qCAAmD;AAEnD,iDAA+C;AAC/C,yCAAyC;AAGzC,4CAA+E;AAC/E,4CAA4E;AA0I5E,MAAM,qBAAqB,GACzB,MAAM,CAAC,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM;IACd,IAAI,EAAE,QAAQ;IACd,MAAM,EAAE,QAAQ;IAChB,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,QAAQ;IACrB,cAAc,EAAE,QAAQ;IACxB,UAAU,EAAE,QAAQ;IACpB,OAAO,EAAE,KAAK;IACd,uBAAuB,EAAE,QAAQ;IACjC,UAAU,EAAE,QAAQ;IACpB,YAAY,EAAE,KAAK;IACnB,YAAY,EAAE,QAAQ;IACtB,aAAa,EAAE,MAAM;IACrB,iEAAiE;IACjE,mEAAmE;IACnE,mEAAmE;IACnE,QAAQ;IACR,aAAa,EAAE,KAAK;CACrB,CAAC,CAAC;AAEL;;;;GAIG;AACI,KAAK,UAAU,iBAAiB,CACrC,OAAiC;IAEjC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,IAAA,sBAAa,EAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACtD,MAAM,IAAI,GACR,OAAO,CAAC,YAAY;QACpB,IAAA,2BAAmB,EAAC;YAClB,GAAG;YACH,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,UAAU,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI;YACjC,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,GAAG;SAChC,CAAC,CAAC;IAEL,8DAA8D;IAC9D,kEAAkE;IAClE,gEAAgE;IAChE,0DAA0D;IAC1D,iCAAiC;IACjC,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,aAAa,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAE3E,MAAM,OAAO,GAAG,MAAM,IAAA,0BAAiB,EAAC,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAE3E,MAAM,YAAY,GAAmC,IAAA,mCAAgB,EAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACzF,MAAM,cAAc,GAAmC,IAAA,mCAAgB,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE1F,+DAA+D;IAC/D,kEAAkE;IAClE,8DAA8D;IAC9D,+DAA+D;IAC/D,MAAM,WAAW,GAAG,IAAA,+BAAa,EAAC,YAAY,EAAE,cAAc,EAAE;QAC9D,GAAG;QACH,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM;QAC1C,OAAO,EAAE,MAAM;KAChB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAChD,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAClE,MAAM,aAAa,GAAG,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAEvD,gDAAgD;IAChD,iEAAiE;IACjE,gEAAgE;IAChE,gEAAgE;IAChE,kDAAkD;IAClD,MAAM,WAAW,GAAG,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAExD,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAuB,CAAC;IACxD,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;IACxC,MAAM,eAAe,GAAG,CAAC,IAAY,EAA2B,EAAE;QAChE,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO;YAAE,OAAO,SAAS,CAAC;QAC3C,IAAI,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAC1B,MAAM,GAAG,kBAAkB,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QACzD,gBAAgB,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACnC,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IAEF,mEAAmE;IACnE,qEAAqE;IACrE,qEAAqE;IACrE,oEAAoE;IACpE,+CAA+C;IAC/C,MAAM,SAAS,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IACrC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,MAAM,eAAe,GAAqB,EAAE,CAAC;IAC7C,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,IAAI,KAAK,GAAG,KAAK,CAAC;IAClB,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,KAAK,EAAE,CAAC;QACrC,MAAM,WAAW,GACf,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC3D,IAAI,CAAC,WAAW;YAAE,SAAS;QAE3B,MAAM,QAAQ,GACZ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,qBAAqB,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAE1C,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,oBAAoB,GACxB,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,GAAG,CAAC;YAClD,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC;YAC7C,CAAC,CAAC,SAAS,CAAC;QAEhB,MAAM,qBAAqB,GACzB,IAAI,CAAC,MAAM,KAAK,OAAO,IAAI,mBAAmB,CAAC,WAAW,CAAC,IAAI,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;QAC/F,MAAM,aAAa,GACjB,IAAI,CAAC,MAAM,KAAK,OAAO;YACvB,CAAC,aAAa,CAAC,iBAAiB;gBAC9B,aAAa,CAAC,iBAAiB;gBAC/B,aAAa,CAAC,iBAAiB,CAAC,CAAC;QAErC,MAAM,OAAO,GAAoB;YAC/B,QAAQ;YACR,IAAI,EAAE,WAAW,CAAC,IAAI;YACtB,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjE,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACxE,CAAC;QAEF,MAAM,cAAc,GAAG,IAAA,iBAAQ,EAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAEvD,kEAAkE;QAClE,kEAAkE;QAClE,+DAA+D;QAC/D,mEAAmE;QACnE,oEAAoE;QACpE,MAAM,qBAAqB,GACzB,cAAc,CAAC,MAAM,IAAI,SAAS;YAChC,CAAC,CAAC,uBAAuB,CAAC,SAAS,EAAE,WAAW,EAAE,GAAG,CAAC;YACtD,CAAC,CAAC,SAAS,CAAC;QAEhB,MAAM,eAAe,GAAG,cAAc,CAAC,MAAM,IAAI,qBAAqB,KAAK,SAAS,CAAC;QACrF,IAAI,eAAe;YAAE,MAAM,GAAG,IAAI,CAAC;QACnC,IAAI,cAAc,CAAC,KAAK;YAAE,KAAK,GAAG,IAAI,CAAC;QAEvC,eAAe,CAAC,IAAI,CAAC;YACnB,IAAI;YACJ,cAAc;YACd,QAAQ;YACR,IAAI,EAAE,WAAW,CAAC,IAAI;YACtB,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,CAAC,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvE,GAAG,CAAC,qBAAqB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,qBAAqB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC1E,CAAC,CAAC;IACL,CAAC;IAED,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW;QACvC,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC;QACxD,CAAC,CAAC,eAAe,CAAC;IAEpB,+DAA+D;IAC/D,+DAA+D;IAC/D,mEAAmE;IACnE,gDAAgD;IAChD,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;QAC9B,IAAI,UAAU,CAAC,CAAC,CAAC;YAAE,cAAc,GAAG,IAAI,CAAC;QACzC,IAAI,CAAC,CAAC,cAAc,CAAC,KAAK;YAAE,aAAa,GAAG,IAAI,CAAC;IACnD,CAAC;IAED,4DAA4D;IAC5D,6DAA6D;IAC7D,+DAA+D;IAC/D,gEAAgE;IAChE,uDAAuD;IACvD,MAAM,cAAc,GAAmB,IAAA,4BAAqB,EAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAE3F,OAAO;QACL,IAAI;QACJ,GAAG,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvD,QAAQ;QACR,OAAO;QACP,WAAW;QACX,KAAK,EAAE,aAAa;QACpB,aAAa;QACb,MAAM;QACN,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM;QACrD,KAAK,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK;QAClD,cAAc;KACf,CAAC;AACJ,CAAC;AAED,iEAAiE;AACjE,kDAAkD;AAElD,SAAS,SAAS,CAAC,OAAqC;IACtD,MAAM,GAAG,GAAG,IAAI,GAAG,EAA4B,CAAC;IAChD,KAAK,MAAM,CAAC,IAAI,OAAO;QAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC1C,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,kBAAkB,CAAC,SAA4B;IACtD,MAAM,GAAG,GAAG,IAAI,GAAG,EAA8B,CAAC;IAClD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;QACpD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;QAClD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;QACpD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,UAAU,EAAE,CAAC;QACxD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CACvB,SAA4B;IAE5B,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,IAAI,SAAS,CAAC;IAClE,MAAM,QAAQ,GAAG,SAAS,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,IAAI,SAAS,CAAC;IACrE,MAAM,OAAO,GAAG,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,IAAI,SAAS,CAAC;IAChE,MAAM,YAAY,GAAG,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC;IAExD,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,IAAI,QAAQ;QAAE,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtC,IAAI,YAAY;QAAE,SAAS,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAEvD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,IAAI,UAAU;QAAE,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAE5C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,IAAI,OAAO;QAAE,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAEnC,OAAO;QACL,MAAM,EAAE,WAAW;QACnB,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,WAAW,EAAE,kEAAkE;QACvF,UAAU,EAAE,QAAQ;QACpB,aAAa,EAAE,WAAW;KAC3B,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAC1B,IAA2B,EAC3B,WAAkF,EAClF,KAAoB;IAEpB,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7C,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC1C,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;IACxC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,QAAsB,EAAE,OAAoB;IACjE,MAAM,gBAAgB,GAIjB,EAAE,CAAC;IACR,MAAM,KAAK,GAAG,IAAI,GAAG,CAAS,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/F,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACrC,MAAM,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3C,IAAI,eAAe,KAAK,cAAc,EAAE,CAAC;YACvC,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IACD,OAAO;QACL,oBAAoB,EAAE,QAAQ,CAAC,QAAQ,CAAC,aAAa,KAAK,OAAO,CAAC,YAAY,CAAC,aAAa;QAC5F,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,UAAU;QACnF,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,UAAU;QACnF,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,UAAU;QACnF,mBAAmB,EAAE,QAAQ,CAAC,QAAQ,CAAC,YAAY,KAAK,OAAO,CAAC,YAAY,CAAC,YAAY;QACzF,gBAAgB;QAChB,aAAa,EAAE,IAAA,uBAAY,EAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC;KACjE,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,KAAoB;IACvC,IAAI,IAAA,sBAAW,EAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACzC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,QAAQ,CAAC;QACd,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS,CAAC;QACf,KAAK,UAAU,CAAC;QAChB,KAAK,uBAAuB,CAAC;QAC7B,KAAK,UAAU,CAAC;QAChB,KAAK,YAAY,CAAC;QAClB,KAAK,YAAY;YACf,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,KAAK,cAAc;YACjB,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC,KAAK,CAAC;QACrB,KAAK,UAAU,CAAC;QAChB,KAAK,aAAa;YAChB,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAoB;IACvC,IAAI,IAAA,sBAAW,EAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACzC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,QAAQ,CAAC;QACd,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS;YACZ,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC,UAAU,CAAC;QAC1B,KAAK,cAAc;YACjB,OAAO,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9B;YACE,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH;;;;;;GAMG;AACH,SAAS,UAAU,CAAC,CAAiB;IACnC,OAAO,CAAC,CAAC,cAAc,CAAC,MAAM,IAAI,CAAC,CAAC,qBAAqB,KAAK,SAAS,CAAC;AAC1E,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,uBAAuB,CACrC,SAAwB,EACxB,WAA0B,EAC1B,GAAS;IAET,KAAK,MAAM,EAAE,IAAI,qBAAqB,CAAC,WAAW,CAAC,EAAE,CAAC;QACpD,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,CAAC,IAAI;YAAE,SAAS;QACxD,IAAI,CAAC,IAAA,oBAAa,EAAC,KAAK,EAAE,GAAG,CAAC;YAAE,SAAS;QACzC,OAAO;YACL,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,GAAG,CAAC,KAAK,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;GAKG;AACH,SAAS,qBAAqB,CAAC,KAAoB;IACjD,IAAI,IAAA,sBAAW,EAAC,KAAK,CAAC;QAAE,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC1C,IACE,CAAC,KAAK,CAAC,IAAI,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,CAAC;QAC7E,KAAK,CAAC,oBAAoB;QAC1B,KAAK,CAAC,oBAAoB,CAAC,MAAM,GAAG,CAAC,EACrC,CAAC;QACD,OAAO,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;AACpB,CAAC;AAED,SAAS,oBAAoB,CAAC,CAAiB;IAC7C,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAC9D,MAAM,SAAS,GACb,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,OAAO;QACnC,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,eAAe;QAC3C,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,cAAc;QAC1C,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,gBAAgB,CAAC;IAC/C,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAC5B,OAAO,CAAC,CAAC,oBAAoB,KAAK,IAAI,CAAC;AACzC,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,CAAC;QACH,OAAO,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,WAAW,EAAE,MAAM,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACtF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,kBAAkB,CACzB,GAAW,EACX,OAAe,EACf,OAAe,EACf,IAAY;IAEZ,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,IAAI,IAAY,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,GAAG,IAAA,4BAAY,EACjB,KAAK,EACL,CAAC,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,gBAAgB,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EACrF,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,CAC1B,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,GAAG,CAAC;IACb,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC7B,MAAM,MAAM,GAAG,2CAA2C,CAAC;IAC3D,IAAI,KAA6B,CAAC;IAClC,OAAO,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC5C,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACrE,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;YACnB,0DAA0D;YAC1D,SAAS;QACX,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,EAAE,CAAC,EAAE;YAAE,GAAG,CAAC,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,KAAK,UAAU,aAAa,CAC1B,GAAW,EACX,IAAkB,EAClB,OAAiC;IAEjC,IAAI,IAAI,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QAC9B,MAAM,YAAY,GAChB,OAAO,CAAC,YAAY,IAAI,IAAA,+BAAe,EAAC,GAAG,EAAE,OAAO,CAAC,IAAI,IAAI,qCAAqB,CAAC,CAAC;QACtF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,4BAA4B,YAAY,IAAI;gBAC1C,oEAAoE,CACvE,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,IAAA,gCAAgB,EAAC,YAAY,CAAC,EAAE,YAAY,EAAE,CAAC;IACpE,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QACd,+DAA+D;QAC/D,yDAAyD;QACzD,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACrF,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,IAAA,4BAAa,EAAC,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IACtF,MAAM,QAAQ,GAAiB;QAC7B,aAAa,EAAE,uCAAuB;QACtC,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,qCAAqB;QAC3C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,IAAI,EAAE,OAAO,CAAC,SAAS;QACvB,QAAQ,EAAE,OAAO,CAAC,YAAY;QAC9B,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC3B,CAAC;IACF,OAAO,EAAE,QAAQ,EAAE,CAAC;AACtB,CAAC"}
|
|
1
|
+
{"version":3,"file":"check.js","sourceRoot":"","sources":["../../src/baseline/check.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmNH,4DA4BC;AA6BD,8CAsMC;AAiMD,0DAgBC;AAjqBD,iDAA6C;AAC7C,uCAAyB;AACzB,2CAA6B;AAC7B,qCAA6C;AAE7C,mDAKyB;AAEzB,yCAA0C;AAE1C,yDAAsD;AACtD,uDAAkD;AAElD,mCAA8C;AAE9C,qCAAmD;AAEnD,iDAA+C;AAC/C,yCAAyC;AAEzC,mCAAkD;AAElD,4CAA+E;AAC/E,4CAA4E;AAuJ5E;;;;;;;;;;;;GAYG;AACH,MAAM,oBAAoB,GAAuC,IAAI,GAAG,CAAC;IACvE,aAAa;IACb,UAAU;CACX,CAAC,CAAC;AAEH;;;;;;;;;;;;GAYG;AACH,SAAgB,wBAAwB,CACtC,aAA+B,EAC/B,eAAiC,EACjC,UAAmB;IAMnB,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;YACL,aAAa,EAAE,aAAa;YAC5B,eAAe,EAAE,eAAe;YAChC,gBAAgB,EAAE,EAAE;SACrB,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,CAAI,EAAW,EAAE,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAClE,MAAM,gBAAgB,GAAG,CAAC,GAAG,oBAAoB,CAAC;SAC/C,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACd,IAAI;QACJ,YAAY,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC,MAAM;KACpE,CAAC,CAAC;SACF,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC;IACrC,OAAO;QACL,aAAa,EAAE,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC;QACzC,eAAe,EAAE,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC;QAC7C,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED,MAAM,qBAAqB,GACzB,MAAM,CAAC,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM;IACd,IAAI,EAAE,QAAQ;IACd,MAAM,EAAE,QAAQ;IAChB,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,QAAQ;IACrB,cAAc,EAAE,QAAQ;IACxB,UAAU,EAAE,QAAQ;IACpB,OAAO,EAAE,KAAK;IACd,uBAAuB,EAAE,QAAQ;IACjC,UAAU,EAAE,QAAQ;IACpB,YAAY,EAAE,KAAK;IACnB,YAAY,EAAE,QAAQ;IACtB,aAAa,EAAE,MAAM;IACrB,iEAAiE;IACjE,mEAAmE;IACnE,mEAAmE;IACnE,QAAQ;IACR,aAAa,EAAE,KAAK;CACrB,CAAC,CAAC;AAEL;;;;GAIG;AACI,KAAK,UAAU,iBAAiB,CACrC,OAAiC;IAEjC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,IAAA,sBAAa,EAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACtD,MAAM,IAAI,GACR,OAAO,CAAC,YAAY;QACpB,IAAA,2BAAmB,EAAC;YAClB,GAAG;YACH,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,UAAU,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI;YACjC,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,GAAG;SAChC,CAAC,CAAC;IAEL,8DAA8D;IAC9D,kEAAkE;IAClE,gEAAgE;IAChE,0DAA0D;IAC1D,iCAAiC;IACjC,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,aAAa,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAE3E,uEAAuE;IACvE,mEAAmE;IACnE,oEAAoE;IACpE,qEAAqE;IACrE,yEAAyE;IACzE,yEAAyE;IACzE,6CAA6C;IAC7C,IAAI,IAAI,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QAC9B,MAAM,cAAc,GAAG,QAAQ,CAAC,cAAc,IAAI,IAAI,CAAC;QACvD,IAAI,cAAc,KAAK,+BAAuB,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CACb,aAAa,QAAQ,CAAC,IAAI,+CAA+C;gBACvE,GAAG,cAAc,0BAA0B,+BAAuB,iBAAiB;gBACnF,oFAAoF;gBACpF,oFAAoF;gBACpF,iFAAiF,CACpF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,IAAA,0BAAiB,EAAC,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAE3E,sEAAsE;IACtE,uEAAuE;IACvE,oEAAoE;IACpE,MAAM,EAAE,aAAa,EAAE,eAAe,EAAE,gBAAgB,EAAE,GAAG,wBAAwB,CACnF,QAAQ,CAAC,QAAQ,EACjB,OAAO,CAAC,QAAQ,EAChB,IAAI,CAAC,IAAI,KAAK,WAAW,CAC1B,CAAC;IAEF,MAAM,YAAY,GAAmC,IAAA,mCAAgB,EAAC,aAAa,CAAC,CAAC;IACrF,MAAM,cAAc,GAAmC,IAAA,mCAAgB,EAAC,eAAe,CAAC,CAAC;IAEzF,+DAA+D;IAC/D,kEAAkE;IAClE,8DAA8D;IAC9D,+DAA+D;IAC/D,MAAM,WAAW,GAAG,IAAA,+BAAa,EAAC,YAAY,EAAE,cAAc,EAAE;QAC9D,GAAG;QACH,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM;QAC1C,OAAO,EAAE,MAAM;KAChB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAChD,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAClE,MAAM,aAAa,GAAG,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAEvD,gDAAgD;IAChD,iEAAiE;IACjE,gEAAgE;IAChE,gEAAgE;IAChE,kDAAkD;IAClD,MAAM,WAAW,GAAG,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAExD,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAuB,CAAC;IACxD,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;IACxC,MAAM,eAAe,GAAG,CAAC,IAAY,EAA2B,EAAE;QAChE,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO;YAAE,OAAO,SAAS,CAAC;QAC3C,IAAI,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAC1B,MAAM,GAAG,kBAAkB,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QACzD,gBAAgB,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACnC,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IAEF,mEAAmE;IACnE,qEAAqE;IACrE,qEAAqE;IACrE,oEAAoE;IACpE,+CAA+C;IAC/C,MAAM,SAAS,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IACrC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,MAAM,eAAe,GAAqB,EAAE,CAAC;IAC7C,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,IAAI,KAAK,GAAG,KAAK,CAAC;IAClB,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,KAAK,EAAE,CAAC;QACrC,MAAM,WAAW,GACf,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC3D,IAAI,CAAC,WAAW;YAAE,SAAS;QAE3B,MAAM,QAAQ,GACZ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,qBAAqB,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAE1C,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,oBAAoB,GACxB,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,GAAG,CAAC;YAClD,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC;YAC7C,CAAC,CAAC,SAAS,CAAC;QAEhB,MAAM,qBAAqB,GACzB,IAAI,CAAC,MAAM,KAAK,OAAO,IAAI,mBAAmB,CAAC,WAAW,CAAC,IAAI,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;QAC/F,MAAM,aAAa,GACjB,IAAI,CAAC,MAAM,KAAK,OAAO;YACvB,CAAC,aAAa,CAAC,iBAAiB;gBAC9B,aAAa,CAAC,iBAAiB;gBAC/B,aAAa,CAAC,iBAAiB,CAAC,CAAC;QAErC,MAAM,OAAO,GAAoB;YAC/B,QAAQ;YACR,IAAI,EAAE,WAAW,CAAC,IAAI;YACtB,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjE,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACxE,CAAC;QAEF,MAAM,cAAc,GAAG,IAAA,iBAAQ,EAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAEvD,kEAAkE;QAClE,kEAAkE;QAClE,+DAA+D;QAC/D,mEAAmE;QACnE,oEAAoE;QACpE,MAAM,qBAAqB,GACzB,cAAc,CAAC,MAAM,IAAI,SAAS;YAChC,CAAC,CAAC,uBAAuB,CAAC,SAAS,EAAE,WAAW,EAAE,GAAG,CAAC;YACtD,CAAC,CAAC,SAAS,CAAC;QAEhB,MAAM,eAAe,GAAG,cAAc,CAAC,MAAM,IAAI,qBAAqB,KAAK,SAAS,CAAC;QACrF,IAAI,eAAe;YAAE,MAAM,GAAG,IAAI,CAAC;QACnC,IAAI,cAAc,CAAC,KAAK;YAAE,KAAK,GAAG,IAAI,CAAC;QAEvC,eAAe,CAAC,IAAI,CAAC;YACnB,IAAI;YACJ,cAAc;YACd,QAAQ;YACR,IAAI,EAAE,WAAW,CAAC,IAAI;YACtB,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,CAAC,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvE,GAAG,CAAC,qBAAqB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,qBAAqB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC1E,CAAC,CAAC;IACL,CAAC;IAED,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW;QACvC,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC;QACxD,CAAC,CAAC,eAAe,CAAC;IAEpB,+DAA+D;IAC/D,+DAA+D;IAC/D,mEAAmE;IACnE,gDAAgD;IAChD,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;QAC9B,IAAI,UAAU,CAAC,CAAC,CAAC;YAAE,cAAc,GAAG,IAAI,CAAC;QACzC,IAAI,CAAC,CAAC,cAAc,CAAC,KAAK;YAAE,aAAa,GAAG,IAAI,CAAC;IACnD,CAAC;IAED,4DAA4D;IAC5D,6DAA6D;IAC7D,+DAA+D;IAC/D,gEAAgE;IAChE,uDAAuD;IACvD,MAAM,cAAc,GAAmB,IAAA,4BAAqB,EAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAE3F,OAAO;QACL,IAAI;QACJ,GAAG,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvD,QAAQ;QACR,OAAO;QACP,WAAW;QACX,KAAK,EAAE,aAAa;QACpB,aAAa;QACb,MAAM;QACN,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM;QACrD,KAAK,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK;QAClD,cAAc;QACd,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED,iEAAiE;AACjE,kDAAkD;AAElD,SAAS,SAAS,CAAC,OAAqC;IACtD,MAAM,GAAG,GAAG,IAAI,GAAG,EAA4B,CAAC;IAChD,KAAK,MAAM,CAAC,IAAI,OAAO;QAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC1C,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,kBAAkB,CAAC,SAA4B;IACtD,MAAM,GAAG,GAAG,IAAI,GAAG,EAA8B,CAAC;IAClD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;QACpD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;QAClD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;QACpD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,UAAU,EAAE,CAAC;QACxD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CACvB,SAA4B;IAE5B,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,IAAI,SAAS,CAAC;IAClE,MAAM,QAAQ,GAAG,SAAS,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,IAAI,SAAS,CAAC;IACrE,MAAM,OAAO,GAAG,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,IAAI,SAAS,CAAC;IAChE,MAAM,YAAY,GAAG,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC;IAExD,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,IAAI,QAAQ;QAAE,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtC,IAAI,YAAY;QAAE,SAAS,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAEvD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,IAAI,UAAU;QAAE,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAE5C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,IAAI,OAAO;QAAE,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAEnC,OAAO;QACL,MAAM,EAAE,WAAW;QACnB,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,WAAW,EAAE,kEAAkE;QACvF,UAAU,EAAE,QAAQ;QACpB,aAAa,EAAE,WAAW;KAC3B,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAC1B,IAA2B,EAC3B,WAAkF,EAClF,KAAoB;IAEpB,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7C,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC1C,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;IACxC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,QAAsB,EAAE,OAAoB;IACjE,MAAM,gBAAgB,GAIjB,EAAE,CAAC;IACR,MAAM,KAAK,GAAG,IAAI,GAAG,CAAS,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/F,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACrC,MAAM,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3C,IAAI,eAAe,KAAK,cAAc,EAAE,CAAC;YACvC,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IACD,OAAO;QACL,oBAAoB,EAAE,QAAQ,CAAC,QAAQ,CAAC,aAAa,KAAK,OAAO,CAAC,YAAY,CAAC,aAAa;QAC5F,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,UAAU;QACnF,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,UAAU;QACnF,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,UAAU;QACnF,mBAAmB,EAAE,QAAQ,CAAC,QAAQ,CAAC,YAAY,KAAK,OAAO,CAAC,YAAY,CAAC,YAAY;QACzF,gBAAgB;QAChB,aAAa,EAAE,IAAA,uBAAY,EAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC;KACjE,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,KAAoB;IACvC,IAAI,IAAA,sBAAW,EAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACzC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,QAAQ,CAAC;QACd,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS,CAAC;QACf,KAAK,UAAU,CAAC;QAChB,KAAK,uBAAuB,CAAC;QAC7B,KAAK,UAAU,CAAC;QAChB,KAAK,YAAY,CAAC;QAClB,KAAK,YAAY;YACf,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,KAAK,cAAc;YACjB,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC,KAAK,CAAC;QACrB,KAAK,UAAU,CAAC;QAChB,KAAK,aAAa;YAChB,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAoB;IACvC,IAAI,IAAA,sBAAW,EAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACzC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,QAAQ,CAAC;QACd,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS;YACZ,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC,UAAU,CAAC;QAC1B,KAAK,cAAc;YACjB,OAAO,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9B;YACE,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH;;;;;;GAMG;AACH,SAAS,UAAU,CAAC,CAAiB;IACnC,OAAO,CAAC,CAAC,cAAc,CAAC,MAAM,IAAI,CAAC,CAAC,qBAAqB,KAAK,SAAS,CAAC;AAC1E,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,uBAAuB,CACrC,SAAwB,EACxB,WAA0B,EAC1B,GAAS;IAET,KAAK,MAAM,EAAE,IAAI,qBAAqB,CAAC,WAAW,CAAC,EAAE,CAAC;QACpD,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,CAAC,IAAI;YAAE,SAAS;QACxD,IAAI,CAAC,IAAA,oBAAa,EAAC,KAAK,EAAE,GAAG,CAAC;YAAE,SAAS;QACzC,OAAO;YACL,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,GAAG,CAAC,KAAK,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;GAKG;AACH,SAAS,qBAAqB,CAAC,KAAoB;IACjD,IAAI,IAAA,sBAAW,EAAC,KAAK,CAAC;QAAE,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC1C,IACE,CAAC,KAAK,CAAC,IAAI,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,CAAC;QAC7E,KAAK,CAAC,oBAAoB;QAC1B,KAAK,CAAC,oBAAoB,CAAC,MAAM,GAAG,CAAC,EACrC,CAAC;QACD,OAAO,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;AACpB,CAAC;AAED,SAAS,oBAAoB,CAAC,CAAiB;IAC7C,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAC9D,MAAM,SAAS,GACb,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,OAAO;QACnC,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,eAAe;QAC3C,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,cAAc;QAC1C,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,gBAAgB,CAAC;IAC/C,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAC5B,OAAO,CAAC,CAAC,oBAAoB,KAAK,IAAI,CAAC;AACzC,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,CAAC;QACH,OAAO,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,WAAW,EAAE,MAAM,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACtF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,kBAAkB,CACzB,GAAW,EACX,OAAe,EACf,OAAe,EACf,IAAY;IAEZ,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,IAAI,IAAY,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,GAAG,IAAA,4BAAY,EACjB,KAAK,EACL,CAAC,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,gBAAgB,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EACrF,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,CAC1B,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,GAAG,CAAC;IACb,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC7B,MAAM,MAAM,GAAG,2CAA2C,CAAC;IAC3D,IAAI,KAA6B,CAAC;IAClC,OAAO,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC5C,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACrE,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;YACnB,0DAA0D;YAC1D,SAAS;QACX,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,EAAE,CAAC,EAAE;YAAE,GAAG,CAAC,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,KAAK,UAAU,aAAa,CAC1B,GAAW,EACX,IAAkB,EAClB,OAAiC;IAEjC,IAAI,IAAI,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QAC9B,MAAM,YAAY,GAChB,OAAO,CAAC,YAAY,IAAI,IAAA,+BAAe,EAAC,GAAG,EAAE,OAAO,CAAC,IAAI,IAAI,qCAAqB,CAAC,CAAC;QACtF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,4BAA4B,YAAY,IAAI;gBAC1C,oEAAoE,CACvE,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,IAAA,gCAAgB,EAAC,YAAY,CAAC,EAAE,YAAY,EAAE,CAAC;IACpE,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QACd,+DAA+D;QAC/D,yDAAyD;QACzD,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACrF,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,IAAA,4BAAa,EAAC,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IACtF,MAAM,QAAQ,GAAiB;QAC7B,aAAa,EAAE,uCAAuB;QACtC,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,qCAAqB;QAC3C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,IAAI,EAAE,OAAO,CAAC,SAAS;QACvB,QAAQ,EAAE,OAAO,CAAC,YAAY;QAC9B,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,cAAc,EAAE,+BAAuB;QACvC,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC3B,CAAC;IACF,OAAO,EAAE,QAAQ,EAAE,CAAC;AACtB,CAAC"}
|
|
@@ -22,7 +22,7 @@ import type { ScanCoverage } from './coverage';
|
|
|
22
22
|
import type { BaselineAnalysisMeta, BaselineFile, BaselineRepoState } from './baseline-file';
|
|
23
23
|
import type { ResolvedMode } from './modes';
|
|
24
24
|
import type { ProducerContext } from './producers';
|
|
25
|
-
import type { SaltMode } from '
|
|
25
|
+
import type { SaltMode } from '../analyzers/tools/salt';
|
|
26
26
|
import type { RichBaselineEntry } from './types';
|
|
27
27
|
import type { SecurityAggregate } from '../analyzers/security/aggregator';
|
|
28
28
|
export interface CreateBaselineOptions {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../src/baseline/create.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAeH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAQ/C,OAAO,KAAK,EAAE,oBAAoB,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAG5C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../src/baseline/create.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAeH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAQ/C,OAAO,KAAK,EAAE,oBAAoB,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAG5C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AAExD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAEjD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAG1E,MAAM,WAAW,qBAAqB;IACpC,kEAAkE;IAClE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB;;oDAEgD;IAChD,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;yCAGqC;IACrC,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;IACzB,qEAAqE;IACrE,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B;;4DAEwD;IACxD,QAAQ,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IACrC;;oBAEgB;IAChB,QAAQ,CAAC,OAAO,CAAC,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC;IACxC;2DACuD;IACvD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;;kCAGkC;AAClC,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,YAAY,CAAC;CAC9B;AA6JD;;;;;GAKG;AACH,wBAAgB,qBAAqB,IAAI,IAAI,CAE5C;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC;IACpD,QAAQ,CAAC,SAAS,EAAE,iBAAiB,CAAC;IACtC,QAAQ,CAAC,SAAS,EAAE,iBAAiB,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC5B,mEAAmE;IACnE,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACjD;uEACmE;IACnE,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAChC;iCAC6B;IAC7B,QAAQ,CAAC,YAAY,EAAE,oBAAoB,CAAC;IAC5C;yEACqE;IACrE,QAAQ,CAAC,WAAW,EAAE,eAAe,CAAC;CACvC;AAED;;;;;;;;GAQG;AACH,wBAAsB,iBAAiB,CAAC,OAAO,EAAE;IAC/C,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;CAC5B,GAAG,OAAO,CAAC,WAAW,CAAC,CAmGvB;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,YAAY,CAG5D;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,qBAAqB,GAC7B,OAAO,CAAC,oBAAoB,CAAC,CAkD/B"}
|
package/dist/baseline/create.js
CHANGED
|
@@ -74,8 +74,9 @@ const baseline_file_1 = require("./baseline-file");
|
|
|
74
74
|
const modes_1 = require("./modes");
|
|
75
75
|
const policy_1 = require("./policy");
|
|
76
76
|
const producers_1 = require("./producers");
|
|
77
|
-
const salt_1 = require("
|
|
77
|
+
const salt_1 = require("../analyzers/tools/salt");
|
|
78
78
|
const sanitize_1 = require("./sanitize");
|
|
79
|
+
const types_1 = require("./types");
|
|
79
80
|
const gather_2 = require("../allowlist/gather");
|
|
80
81
|
/** Hash used for baseline-envelope metadata fields (policy, ignore,
|
|
81
82
|
* toolchain, config). Distinct concern from finding-identity
|
|
@@ -400,6 +401,7 @@ async function createBaseline(options) {
|
|
|
400
401
|
analysis: scan.analysisMeta,
|
|
401
402
|
tools: scan.tools,
|
|
402
403
|
saltMode: scan.saltMode,
|
|
404
|
+
identityScheme: types_1.CURRENT_IDENTITY_SCHEME,
|
|
403
405
|
coverage: scan.coverage,
|
|
404
406
|
findings: scan.findings,
|
|
405
407
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create.js","sourceRoot":"","sources":["../../src/baseline/create.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;GAmBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"create.js","sourceRoot":"","sources":["../../src/baseline/create.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;GAmBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2OH,sDAEC;AAwCD,8CAsGC;AAUD,gDAGC;AAkBD,wCAoDC;AA5cD,iDAA6C;AAC7C,mCAAoC;AACpC,uCAAyB;AACzB,2CAA6B;AAC7B,gDAA+D;AAC/D,8CAA+D;AAC/D,wDAAmE;AACnE,8CAAqD;AACrD,0DAAmE;AAEnE,oEAAsF;AACtF,sCAAmC;AACnC,yCAAsD;AAEtD,4CAAwD;AACxD,mDAKyB;AAEzB,mCAA8C;AAE9C,qCAAwE;AACxE,2CAAsD;AAEtD,kDAAsD;AAEtD,yCAA0C;AAE1C,mCAAkD;AAElD,gDAAuE;AAuCvE;;qEAEqE;AACrE,SAAS,WAAW,CAAC,OAAe;IAClC,OAAO,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sEAAsE;AAC9I,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CAAC,QAAgB;IACxC,IAAI,CAAC;QACH,OAAO,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;qCAGqC;AACrC,SAAS,aAAa,CAAC,GAAW;IAChC,MAAM,GAAG,GAAG,CAAC,GAAG,IAAc,EAAU,EAAE;QACxC,IAAI,CAAC;YACH,OAAO,IAAA,4BAAY,EAAC,KAAK,EAAE,IAAI,EAAE;gBAC/B,GAAG;gBACH,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;aAClC,CAAC,CAAC,IAAI,EAAE,CAAC;QACZ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC,CAAC;IACF,OAAO;QACL,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC;QACnC,MAAM,EAAE,GAAG,CAAC,WAAW,EAAE,cAAc,EAAE,MAAM,CAAC;KACjD,CAAC;AACJ,CAAC;AAED,qEAAqE;AACrE,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,kCAAyB,CAAC,CAAC,CAAC;IAC1E,MAAM,UAAU,GAAG,WAAW,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC;IAClF,MAAM,UAAU,GAAG,WAAW,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACrF,0DAA0D;IAC1D,kEAAkE;IAClE,OAAO,EAAE,YAAY,EAAE,mBAAa,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC;AAChG,CAAC;AAED;;;;;;;;;;;;;;;;2CAgB2C;AAC3C,SAAS,aAAa,CAAC,SAAgC,EAAE,GAAW;IAClE,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,GAAG,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC,CAAC,qBAAqB,EAAE,cAAc,CAAC,CAAC,CAAC;AAE/F;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,aAAa,GAAG,IAAI,GAAG,EAAkB,CAAC;AAEhD,SAAS,kBAAkB,CAAC,IAAY,EAAE,GAAW;IACnD,MAAM,QAAQ,GAAG,GAAG,IAAI,KAAK,GAAG,EAAE,CAAC;IACnC,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC3C,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IACxC,MAAM,QAAQ,GAAG,0BAA0B,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACvD,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACtC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,0BAA0B,CAAC,IAAY,EAAE,GAAW;IAC3D,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC;QAAE,OAAO,SAAS,mBAAa,EAAE,CAAC;IAChE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,yBAAS,CAAC,SAAS,CAAC,CAAC;QACjC,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,iEAAiE;QACjE,iEAAiE;QACjE,4DAA4D;QAC5D,+DAA+D;QAC/D,8DAA8D;QAC9D,iEAAiE;QACjE,iEAAiE;QACjE,+DAA+D;QAC/D,8DAA8D;QAC9D,kDAAkD;QAClD,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,CAAC,EAAE,OAAO,EAAE,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAClC,IAAI,MAAM,CAAC,OAAO;gBAAE,OAAO,MAAM,CAAC,OAAO,CAAC;QAC5C,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,qBAAqB;IACnC,aAAa,CAAC,KAAK,EAAE,CAAC;AACxB,CAAC;AA+BD;;;;;;;;GAQG;AACI,KAAK,UAAU,iBAAiB,CAAC,OAGvC;IACC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAEtC,MAAM,cAAc,GAAG,MAAM,IAAA,iCAAyB,EAAC;QACrD,GAAG;QACH,KAAK,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAA,iCAAwB,EAAC,QAAQ,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;KACxF,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,cAAc,CAAC,YAAY,CAAC,iBAAiB,CAAC;IAChE,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,iEAAiE;YAC/D,yDAAyD,CAC5D,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAsB;QACnC,GAAG,aAAa,CAAC,GAAG,CAAC;QACrB,IAAI,EAAE,GAAG;KACV,CAAC;IAEF,iEAAiE;IACjE,4DAA4D;IAC5D,kEAAkE;IAClE,aAAa;IACb,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,IAAA,kBAAW,EAAC,GAAG,CAAC,CAAC;IAElD,gEAAgE;IAChE,kEAAkE;IAClE,6DAA6D;IAC7D,0DAA0D;IAC1D,2DAA2D;IAC3D,MAAM,cAAc,GAAG,MAAM,IAAA,uBAAe,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAClF,MAAM,cAAc,GAAG,IAAA,6BAAoB,EAAC,GAAG,CAAC,CAAC;IACjD,MAAM,eAAe,GAAG,IAAA,+BAAoB,EAAC,GAAG,CAAC,CAAC;IAClD,MAAM,UAAU,GACd,eAAe,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IACvE,gEAAgE;IAChE,kEAAkE;IAClE,yBAAyB;IACzB,MAAM,0BAA0B,GAAG,IAAA,yCAAgC,EAAC,GAAG,CAAC,CAAC;IAEzE,MAAM,WAAW,GAAoB;QACnC,GAAG;QACH,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,IAAI;QACJ,cAAc;QACd,cAAc;QACd,OAAO,EAAE,cAAc;QACvB,UAAU;QACV,0BAA0B;KAC3B,CAAC;IAEF,8DAA8D;IAC9D,2DAA2D;IAC3D,gEAAgE;IAChE,QAAQ;IACR,MAAM,QAAQ,GAAwB,IAAA,wBAAY,EAAC,WAAW,EAAE,qBAAS,CAAC,CAAC;IAE3E,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,oEAAoE;IACpE,yEAAyE;IACzE,sEAAsE;IACtE,qEAAqE;IACrE,mEAAmE;IACnE,MAAM,QAAQ,GAAG,CAAC,MAAiC,EAAE,EAAE;QACrD,IAAI,CAAC,MAAM;YAAE,OAAO;QACpB,KAAK,MAAM,IAAI,IAAI,MAAM;aACtB,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YACnB,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACtB,CAAC;IACH,CAAC,CAAC;IACF,QAAQ,CAAC,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C,QAAQ,CAAC,SAAS,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IACjD,QAAQ,CAAC,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7C,IAAI,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG;QAAE,SAAS,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAC7E,MAAM,KAAK,GAAG,aAAa,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;IAExD,MAAM,YAAY,GAAyB;QACzC,GAAG,iBAAiB,CAAC,GAAG,CAAC;QACzB,aAAa,EAAE,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;KAClD,CAAC;IAEF,sEAAsE;IACtE,kEAAkE;IAClE,wDAAwD;IACxD,MAAM,QAAQ,GAAG,IAAA,mCAAwB,EAAC,IAAA,6BAAa,EAAC,cAAc,CAAC,KAAK,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC;IAE9F,OAAO;QACL,QAAQ;QACR,SAAS;QACT,SAAS;QACT,QAAQ;QACR,KAAK;QACL,QAAQ;QACR,YAAY;QACZ,WAAW;KACZ,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,kBAAkB,CAAC,GAAW;IAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACnC,OAAO,IAAA,mCAAwB,EAAC,IAAA,6BAAa,EAAC,IAAA,eAAM,EAAC,QAAQ,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC;AACvF,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACI,KAAK,UAAU,cAAc,CAClC,OAA8B;IAE9B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,qCAAqB,CAAC;IACnD,MAAM,IAAI,GACR,OAAO,CAAC,YAAY;QACpB,CAAC,GAAG,EAAE;YACJ,MAAM,MAAM,GAAG,IAAA,0BAAiB,EAAC,GAAG,CAAC,CAAC;YACtC,OAAO,IAAA,2BAAmB,EAAC;gBACzB,GAAG;gBACH,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,UAAU,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI;gBACjC,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,GAAG;aAChC,CAAC,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;IAEP,IAAI,IAAI,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QAC9B,8DAA8D;QAC9D,8DAA8D;QAC9D,+DAA+D;QAC/D,gEAAgE;QAChE,OAAO,EAAE,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,MAAM,QAAQ,GAAG,IAAA,+BAAe,EAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC5C,IAAI,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CACb,8BAA8B,QAAQ,mCAAmC;YACvE,yCAAyC,CAC5C,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAExE,MAAM,QAAQ,GAAiB;QAC7B,aAAa,EAAE,uCAAuB;QACtC,IAAI;QACJ,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,IAAI,EAAE,IAAI,CAAC,SAAS;QACpB,QAAQ,EAAE,IAAI,CAAC,YAAY;QAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,cAAc,EAAE,+BAAuB;QACvC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;KACxB,CAAC;IAEF,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,KAAK,qBAAqB,CAAC,CAAC,CAAC,IAAA,uBAAY,EAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;IACrF,IAAA,iCAAiB,EAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAClC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;AACxC,CAAC"}
|
|
@@ -12,16 +12,23 @@
|
|
|
12
12
|
*/
|
|
13
13
|
import type { FindingId, IdentityInput, IdentitySchemeVersion, MatchResult } from './types';
|
|
14
14
|
/**
|
|
15
|
-
* Compute the durable identity for a finding
|
|
16
|
-
*
|
|
17
|
-
* silent identity drift.
|
|
15
|
+
* Compute the durable identity for a finding under a given scheme
|
|
16
|
+
* version (defaults to the current scheme, `'v2'`).
|
|
18
17
|
*
|
|
19
|
-
*
|
|
20
|
-
*
|
|
21
|
-
*
|
|
22
|
-
*
|
|
23
|
-
*
|
|
24
|
-
*
|
|
18
|
+
* `identityFor` can compute ANY shipped scheme, not just the current one:
|
|
19
|
+
* only two kinds changed between `v1` and `v2` — code/secret/config and
|
|
20
|
+
* dep-vuln — and both prior formulas are retained, so passing
|
|
21
|
+
* `version: 'v1'` reproduces a finding's pre-2.11 id byte-for-byte. That
|
|
22
|
+
* is the mechanism the identity migrator (`src/baseline/migrate.ts`)
|
|
23
|
+
* relies on: it computes each current finding's `(old, new)` id pair from
|
|
24
|
+
* one scan and remaps allowlist entries across the upgrade. Every other
|
|
25
|
+
* finding kind is version-independent (its branch ignores `version`), so
|
|
26
|
+
* its id is stable across schemes and needs no migration.
|
|
27
|
+
*
|
|
28
|
+
* Identity is the SAME 16-char hex string format across all kinds, so a
|
|
29
|
+
* baseline can store identities in a single flat set without tracking
|
|
30
|
+
* which kind they came from. The input space for each scheme is disjoint
|
|
31
|
+
* at SHA-1 strength, so mixing across kinds is safe.
|
|
25
32
|
*/
|
|
26
33
|
export declare function identityFor(input: IdentityInput, version?: IdentitySchemeVersion): FindingId;
|
|
27
34
|
/**
|
|
@@ -32,10 +39,10 @@ export declare function identityFor(input: IdentityInput, version?: IdentitySche
|
|
|
32
39
|
* incorrectly collapsed those to a single persisted).
|
|
33
40
|
*
|
|
34
41
|
* For each shared identity:
|
|
35
|
-
*
|
|
36
|
-
*
|
|
37
|
-
*
|
|
38
|
-
*
|
|
42
|
+
* - the first `min(priorCount, currentCount)` occurrences pair as
|
|
43
|
+
* `persisted` with confidence 1.0 (exact byte equality).
|
|
44
|
+
* - excess occurrences in `current` produce `added` pairs.
|
|
45
|
+
* - excess occurrences in `prior` produce `removed` pairs.
|
|
39
46
|
*
|
|
40
47
|
* Output ordering: pairs grouped by identity, then by status. The
|
|
41
48
|
* flat-array views (`persisted`, `added`, `removed`) preserve
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"finding-identity.d.ts","sourceRoot":"","sources":["../../src/baseline/finding-identity.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;
|
|
1
|
+
{"version":3,"file":"finding-identity.d.ts","sourceRoot":"","sources":["../../src/baseline/finding-identity.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAiBH,OAAO,KAAK,EACV,SAAS,EAET,aAAa,EACb,qBAAqB,EAGrB,WAAW,EAGZ,MAAM,SAAS,CAAC;AAGjB;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,WAAW,CACzB,KAAK,EAAE,aAAa,EACpB,OAAO,GAAE,qBAA+C,GACvD,SAAS,CAmEX;AA0KD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,eAAe,CAC7B,KAAK,EAAE,QAAQ,CAAC,SAAS,CAAC,EAC1B,OAAO,EAAE,QAAQ,CAAC,SAAS,CAAC,GAC3B,WAAW,CAyDb"}
|
|
@@ -16,20 +16,28 @@ exports.identityFor = identityFor;
|
|
|
16
16
|
exports.matchAcrossRuns = matchAcrossRuns;
|
|
17
17
|
const crypto_1 = require("crypto");
|
|
18
18
|
const fingerprint_1 = require("../analyzers/tools/fingerprint");
|
|
19
|
+
const types_1 = require("./types");
|
|
19
20
|
/**
|
|
20
|
-
* Compute the durable identity for a finding
|
|
21
|
-
*
|
|
22
|
-
* silent identity drift.
|
|
21
|
+
* Compute the durable identity for a finding under a given scheme
|
|
22
|
+
* version (defaults to the current scheme, `'v2'`).
|
|
23
23
|
*
|
|
24
|
-
*
|
|
25
|
-
*
|
|
26
|
-
*
|
|
27
|
-
*
|
|
28
|
-
*
|
|
29
|
-
*
|
|
24
|
+
* `identityFor` can compute ANY shipped scheme, not just the current one:
|
|
25
|
+
* only two kinds changed between `v1` and `v2` — code/secret/config and
|
|
26
|
+
* dep-vuln — and both prior formulas are retained, so passing
|
|
27
|
+
* `version: 'v1'` reproduces a finding's pre-2.11 id byte-for-byte. That
|
|
28
|
+
* is the mechanism the identity migrator (`src/baseline/migrate.ts`)
|
|
29
|
+
* relies on: it computes each current finding's `(old, new)` id pair from
|
|
30
|
+
* one scan and remaps allowlist entries across the upgrade. Every other
|
|
31
|
+
* finding kind is version-independent (its branch ignores `version`), so
|
|
32
|
+
* its id is stable across schemes and needs no migration.
|
|
33
|
+
*
|
|
34
|
+
* Identity is the SAME 16-char hex string format across all kinds, so a
|
|
35
|
+
* baseline can store identities in a single flat set without tracking
|
|
36
|
+
* which kind they came from. The input space for each scheme is disjoint
|
|
37
|
+
* at SHA-1 strength, so mixing across kinds is safe.
|
|
30
38
|
*/
|
|
31
|
-
function identityFor(input, version =
|
|
32
|
-
if (version !== 'v1') {
|
|
39
|
+
function identityFor(input, version = types_1.CURRENT_IDENTITY_SCHEME) {
|
|
40
|
+
if (version !== 'v1' && version !== 'v2') {
|
|
33
41
|
throw new Error(`Unsupported identity-scheme version: ${version}`);
|
|
34
42
|
}
|
|
35
43
|
switch (input.kind) {
|
|
@@ -37,14 +45,37 @@ function identityFor(input, version = 'v1') {
|
|
|
37
45
|
case 'code':
|
|
38
46
|
case 'config': {
|
|
39
47
|
const canonicalRule = (0, fingerprint_1.canonicalRuleFor)(input.tool, input.rule);
|
|
48
|
+
// v1: pure line-window hash, keyed on the per-tool canonical rule
|
|
49
|
+
// (preserved byte-for-byte for migration). v2: anchor to CONTENT when
|
|
50
|
+
// an anchor is available, so a finding that moves keeps its identity;
|
|
51
|
+
// falls back to the line-window hash when no anchor was resolvable,
|
|
52
|
+
// which keeps identity defined for every finding (just less
|
|
53
|
+
// motion-stable) AND means an anchorless v2 id equals the v1 id.
|
|
54
|
+
if (version === 'v2' && input.contentAnchor !== undefined) {
|
|
55
|
+
// Secrets discriminate on a tool-independent constant, not the
|
|
56
|
+
// per-tool rule: the same leak found by different scanners (under
|
|
57
|
+
// different rule names) must share one identity. Code/config keep
|
|
58
|
+
// their per-tool rule — for code, distinct rules on one construct
|
|
59
|
+
// are distinct findings.
|
|
60
|
+
const v2Rule = input.kind === 'secret' ? fingerprint_1.SECRET_CANONICAL_RULE : canonicalRule;
|
|
61
|
+
return (0, fingerprint_1.computeContentFingerprint)(v2Rule, input.file, input.contentAnchor);
|
|
62
|
+
}
|
|
40
63
|
return (0, fingerprint_1.computeCodeFingerprint)(canonicalRule, input.file, input.line);
|
|
41
64
|
}
|
|
42
65
|
case 'dep-vuln':
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
66
|
+
// v1 hashed the (environment-dependent) installed version; v2 drops
|
|
67
|
+
// it and canonicalizes the advisory id across namespaces.
|
|
68
|
+
return version === 'v1'
|
|
69
|
+
? (0, fingerprint_1.computeFingerprintV1)({
|
|
70
|
+
package: input.package,
|
|
71
|
+
installedVersion: input.installedVersion,
|
|
72
|
+
id: input.id,
|
|
73
|
+
})
|
|
74
|
+
: (0, fingerprint_1.computeFingerprint)({
|
|
75
|
+
package: input.package,
|
|
76
|
+
id: input.id,
|
|
77
|
+
aliases: input.aliases,
|
|
78
|
+
});
|
|
48
79
|
case 'duplication':
|
|
49
80
|
return computeDuplicationIdentity(input.fileA, input.fileB, input.lines, input.startLineA, input.startLineB);
|
|
50
81
|
case 'coverage-gap':
|
|
@@ -218,10 +249,10 @@ function computeStaleAllowIdentity(file, line, category) {
|
|
|
218
249
|
* incorrectly collapsed those to a single persisted).
|
|
219
250
|
*
|
|
220
251
|
* For each shared identity:
|
|
221
|
-
*
|
|
222
|
-
*
|
|
223
|
-
*
|
|
224
|
-
*
|
|
252
|
+
* - the first `min(priorCount, currentCount)` occurrences pair as
|
|
253
|
+
* `persisted` with confidence 1.0 (exact byte equality).
|
|
254
|
+
* - excess occurrences in `current` produce `added` pairs.
|
|
255
|
+
* - excess occurrences in `prior` produce `removed` pairs.
|
|
225
256
|
*
|
|
226
257
|
* Output ordering: pairs grouped by identity, then by status. The
|
|
227
258
|
* flat-array views (`persisted`, `added`, `removed`) preserve
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"finding-identity.js","sourceRoot":"","sources":["../../src/baseline/finding-identity.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;
|
|
1
|
+
{"version":3,"file":"finding-identity.js","sourceRoot":"","sources":["../../src/baseline/finding-identity.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;AAiDH,kCAsEC;AA6LD,0CA4DC;AA9WD,mCAAoC;AACpC,gEAQwC;AAiBxC,mCAAkD;AAElD;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,WAAW,CACzB,KAAoB,EACpB,UAAiC,+BAAuB;IAExD,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,wCAAwC,OAAO,EAAE,CAAC,CAAC;IACrE,CAAC;IACD,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,QAAQ,CAAC;QACd,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,aAAa,GAAG,IAAA,8BAAgB,EAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAC/D,kEAAkE;YAClE,sEAAsE;YACtE,sEAAsE;YACtE,oEAAoE;YACpE,4DAA4D;YAC5D,iEAAiE;YACjE,IAAI,OAAO,KAAK,IAAI,IAAI,KAAK,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;gBAC1D,+DAA+D;gBAC/D,kEAAkE;gBAClE,kEAAkE;gBAClE,kEAAkE;gBAClE,yBAAyB;gBACzB,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,mCAAqB,CAAC,CAAC,CAAC,aAAa,CAAC;gBAC/E,OAAO,IAAA,uCAAyB,EAAC,MAAM,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC;YAC5E,CAAC;YACD,OAAO,IAAA,oCAAsB,EAAC,aAAa,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACvE,CAAC;QACD,KAAK,UAAU;YACb,oEAAoE;YACpE,0DAA0D;YAC1D,OAAO,OAAO,KAAK,IAAI;gBACrB,CAAC,CAAC,IAAA,kCAAoB,EAAC;oBACnB,OAAO,EAAE,KAAK,CAAC,OAAO;oBACtB,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;oBACxC,EAAE,EAAE,KAAK,CAAC,EAAE;iBACb,CAAC;gBACJ,CAAC,CAAC,IAAA,gCAAkB,EAAC;oBACjB,OAAO,EAAE,KAAK,CAAC,OAAO;oBACtB,EAAE,EAAE,KAAK,CAAC,EAAE;oBACZ,OAAO,EAAE,KAAK,CAAC,OAAO;iBACvB,CAAC,CAAC;QACT,KAAK,aAAa;YAChB,OAAO,0BAA0B,CAC/B,KAAK,CAAC,KAAK,EACX,KAAK,CAAC,KAAK,EACX,KAAK,CAAC,KAAK,EACX,KAAK,CAAC,UAAU,EAChB,KAAK,CAAC,UAAU,CACjB,CAAC;QACJ,KAAK,cAAc;YACjB,OAAO,0BAA0B,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;QAC/E,KAAK,UAAU;YACb,OAAO,sBAAsB,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACxD,KAAK,SAAS;YACZ,OAAO,sBAAsB,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QACtE,KAAK,uBAAuB;YAC1B,OAAO,kCAAkC,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QACtE,KAAK,UAAU;YACb,OAAO,sBAAsB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC5C,KAAK,YAAY;YACf,OAAO,wBAAwB,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAC5D,KAAK,YAAY;YACf,OAAO,wBAAwB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9C,KAAK,aAAa;YAChB,OAAO,yBAAyB,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACvE,KAAK,aAAa;YAChB,OAAO,yBAAyB,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;IAC7E,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAS,0BAA0B,CACjC,KAAa,EACb,KAAa,EACb,KAAa,EACb,UAAkB,EAClB,UAAkB;IAElB,MAAM,KAAK,GAA4B;QACrC,CAAC,KAAK,EAAE,UAAU,CAAC;QACnB,CAAC,KAAK,EAAE,UAAU,CAAC;KACpB,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACzE,MAAM,KAAK,GAAG,oBAAoB,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,EAAE,CAAC;IAC1G,OAAO,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACrE,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAS,0BAA0B,CACjC,IAAY,EACZ,MAA0B,EAC1B,SAAgD;IAEhD,IAAI,CAAC,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CACb,yEAAyE,IAAI,GAAG,CACjF,CAAC;IACJ,CAAC;IACD,MAAM,aAAa,GAAG,MAAM,CAAC,CAAC,CAAC,OAAO,MAAM,EAAE,CAAC,CAAC,CAAC,SAAS,SAAU,CAAC,CAAC,CAAC,IAAI,SAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAC3F,MAAM,KAAK,GAAG,qBAAqB,IAAI,KAAK,aAAa,EAAE,CAAC;IAC5D,OAAO,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACrE,CAAC;AAED;;;;;;GAMG;AACH,SAAS,sBAAsB,CAAC,IAAY,EAAE,IAAiB;IAC7D,MAAM,KAAK,GAAG,iBAAiB,IAAI,KAAK,IAAI,EAAE,CAAC;IAC/C,OAAO,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACrE,CAAC;AAED;;;;;;GAMG;AACH,SAAS,sBAAsB,CAAC,IAAY,EAAE,IAAY,EAAE,MAAqB;IAC/E,MAAM,KAAK,GAAG,gBAAgB,MAAM,KAAK,IAAI,KAAK,IAAA,2BAAa,EAAC,IAAI,CAAC,EAAE,CAAC;IACxE,OAAO,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACrE,CAAC;AAED;;;;;GAKG;AACH,SAAS,kCAAkC,CACzC,IAAY,EACZ,MAAiC;IAEjC,MAAM,KAAK,GAAG,8BAA8B,IAAI,KAAK,MAAM,EAAE,CAAC;IAC9D,OAAO,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACrE,CAAC;AAED;;;;;;GAMG;AACH,SAAS,sBAAsB,CAAC,IAAY;IAC1C,MAAM,KAAK,GAAG,iBAAiB,IAAI,EAAE,CAAC;IACtC,OAAO,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACrE,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,wBAAwB,CAAC,IAAY,EAAE,MAAc;IAC5D,MAAM,KAAK,GAAG,mBAAmB,IAAI,KAAK,MAAM,EAAE,CAAC;IACnD,OAAO,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACrE,CAAC;AAED;;;;;GAKG;AACH,SAAS,wBAAwB,CAAC,IAAY;IAC5C,MAAM,KAAK,GAAG,mBAAmB,IAAI,EAAE,CAAC;IACxC,OAAO,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACrE,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAS,yBAAyB,CAAC,IAAY,EAAE,IAAY,EAAE,IAAY;IACzE,MAAM,aAAa,GAAG,IAAA,8BAAgB,EAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,oBAAoB,aAAa,KAAK,IAAI,EAAE,CAAC;IAC3D,OAAO,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACrE,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,yBAAyB,CAAC,IAAY,EAAE,IAAY,EAAE,QAAgB;IAC7E,MAAM,KAAK,GAAG,oBAAoB,IAAI,KAAK,IAAA,2BAAa,EAAC,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;IAC9E,OAAO,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACrE,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,eAAe,CAC7B,KAA0B,EAC1B,OAA4B;IAE5B,MAAM,WAAW,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IACzC,MAAM,aAAa,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,IAAI,GAAG,CAAY,CAAC,GAAG,WAAW,CAAC,IAAI,EAAE,EAAE,GAAG,aAAa,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAEpF,MAAM,KAAK,GAAgB,EAAE,CAAC;IAC9B,MAAM,SAAS,GAAgB,EAAE,CAAC;IAClC,MAAM,KAAK,GAAgB,EAAE,CAAC;IAC9B,MAAM,OAAO,GAAgB,EAAE,CAAC;IAChC,MAAM,WAAW,GAAgB;QAC/B,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,wDAAwD;KACjE,CAAC;IACF,MAAM,SAAS,GAAgB;QAC7B,IAAI,EAAE,gBAAgB;QACtB,MAAM,EAAE,kDAAkD;KAC3D,CAAC;IACF,MAAM,UAAU,GAAgB;QAC9B,IAAI,EAAE,kBAAkB;QACxB,MAAM,EAAE,sDAAsD;KAC/D,CAAC;IAEF,KAAK,MAAM,EAAE,IAAI,MAAM,EAAE,CAAC;QACxB,MAAM,CAAC,GAAG,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QACnC,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,EAAE,CAAC,EAAE,EAAE,CAAC;YACjC,KAAK,CAAC,IAAI,CAAC;gBACT,OAAO,EAAE,EAAE;gBACX,SAAS,EAAE,EAAE;gBACb,MAAM,EAAE,WAAW;gBACnB,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,CAAC,WAAW,CAAC;aACvB,CAAC,CAAC;YACH,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACrB,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,OAAO,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,KAAK,CAAC,IAAI,CAAC;gBACT,SAAS,EAAE,EAAE;gBACb,MAAM,EAAE,OAAO;gBACf,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,CAAC,SAAS,CAAC;aACrB,CAAC,CAAC;YACH,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,OAAO,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,KAAK,CAAC,IAAI,CAAC;gBACT,OAAO,EAAE,EAAE;gBACX,MAAM,EAAE,SAAS;gBACjB,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,CAAC,UAAU,CAAC;aACtB,CAAC,CAAC;YACH,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;AAC/D,CAAC;AAED,SAAS,aAAa,CAAC,KAA0B;IAC/C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAqB,CAAC;IAC5C,KAAK,MAAM,EAAE,IAAI,KAAK,EAAE,CAAC;QACvB,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Identity-scheme migrator — carries a repo's baseline + allowlist across
|
|
3
|
+
* a finding-identity scheme change so an upgrade is a single command
|
|
4
|
+
* instead of a manual re-baseline + re-allowlist.
|
|
5
|
+
*
|
|
6
|
+
* The mechanism rests on two properties:
|
|
7
|
+
*
|
|
8
|
+
* 1. `identityFor` can compute ANY shipped scheme (see
|
|
9
|
+
* `finding-identity.ts`), so for each current finding we can derive
|
|
10
|
+
* both its OLD-scheme id and its NEW-scheme id.
|
|
11
|
+
* 2. A current scan's baseline entries already carry the NEW (current)
|
|
12
|
+
* scheme id; recomputing the OLD id from each entry's metadata yields
|
|
13
|
+
* an `old → new` remap built from one scan, with no dependency on the
|
|
14
|
+
* stale artifact's stored ids.
|
|
15
|
+
*
|
|
16
|
+
* From that remap we:
|
|
17
|
+
* - rewrite the allowlist's `fingerprint`s onto the new scheme
|
|
18
|
+
* (preserving every reviewed suppression decision), and
|
|
19
|
+
* - regenerate the baseline with fresh new-scheme ids.
|
|
20
|
+
*
|
|
21
|
+
* Allowlist entries whose fingerprint matches neither the remap NOR a
|
|
22
|
+
* current finding's id are surfaced as `unmapped` (the finding they
|
|
23
|
+
* suppressed is gone — already-stale entries), never silently dropped.
|
|
24
|
+
*
|
|
25
|
+
* This is general across schemes: only the version-VARYING finding kinds
|
|
26
|
+
* change id between two schemes (everything else maps to itself and is
|
|
27
|
+
* left untouched), and `identityFor` + the retained prior-scheme id
|
|
28
|
+
* functions handle any `from → to` pair. A future scheme needs no new
|
|
29
|
+
* wiring here.
|
|
30
|
+
*/
|
|
31
|
+
import type { BaselineEntry, IdentityInput, IdentitySchemeVersion } from './types';
|
|
32
|
+
import type { AllowlistEntry } from '../allowlist/file';
|
|
33
|
+
export interface MigrationResult {
|
|
34
|
+
readonly fromScheme: IdentitySchemeVersion;
|
|
35
|
+
readonly toScheme: IdentitySchemeVersion;
|
|
36
|
+
/** Number of `old → new` id pairs whose id actually changed between the
|
|
37
|
+
* two schemes (version-independent kinds are excluded). */
|
|
38
|
+
readonly remapSize: number;
|
|
39
|
+
readonly allowlistTotal: number;
|
|
40
|
+
/** Allowlist entries whose fingerprint was rewritten onto the new scheme. */
|
|
41
|
+
readonly allowlistRemapped: number;
|
|
42
|
+
/** Allowlist entries left unchanged because they already match a current
|
|
43
|
+
* finding under the new scheme (version-independent kinds / already
|
|
44
|
+
* current) — not a problem. */
|
|
45
|
+
readonly allowlistUnchanged: number;
|
|
46
|
+
/** Allowlist entries that match no current finding at all — the finding
|
|
47
|
+
* they suppressed is gone (already-stale). Surfaced for review. */
|
|
48
|
+
readonly allowlistUnmapped: ReadonlyArray<AllowlistEntry>;
|
|
49
|
+
/** Path of the regenerated baseline, or null when none was written
|
|
50
|
+
* (e.g. ref-based repos hold no committed baseline). */
|
|
51
|
+
readonly baselinePath: string | null;
|
|
52
|
+
}
|
|
53
|
+
/**
|
|
54
|
+
* Reconstruct the `IdentityInput` a baseline entry was minted from, so its
|
|
55
|
+
* id can be recomputed under a different scheme. Fidelity is sufficient to
|
|
56
|
+
* reproduce any scheme's id: `contentAnchor` is intentionally omitted —
|
|
57
|
+
* only the v2 code/secret path consumes it, and an entry's stored `id`
|
|
58
|
+
* already IS its current-scheme id (we never recompute the current id, only
|
|
59
|
+
* the prior one, which no scheme derives from the anchor). Returns
|
|
60
|
+
* `undefined` for sanitized entries (identity-only, no metadata).
|
|
61
|
+
*/
|
|
62
|
+
export declare function baselineEntryToIdentityInput(entry: BaselineEntry): IdentityInput | undefined;
|
|
63
|
+
/**
|
|
64
|
+
* Build an `old → new` id remap from a current scan's entries. Each
|
|
65
|
+
* entry's own `id` is the new (current) scheme id; the old id is
|
|
66
|
+
* recomputed from its reconstructed input. Only ids that actually change
|
|
67
|
+
* between the two schemes enter the map — version-independent kinds map to
|
|
68
|
+
* themselves and are skipped. Pure.
|
|
69
|
+
*/
|
|
70
|
+
export declare function buildIdentityRemap(entries: ReadonlyArray<BaselineEntry>, from: IdentitySchemeVersion): Map<string, string>;
|
|
71
|
+
/**
|
|
72
|
+
* Detect whether a repo's committed artifacts (baseline + allowlist) were
|
|
73
|
+
* written under an OLDER identity scheme than the current one, returning
|
|
74
|
+
* the scheme to migrate FROM (today only `'v1'`), or `null` when
|
|
75
|
+
* everything is already current / there's nothing to migrate. A
|
|
76
|
+
* lightweight probe — reads the stamped `identityScheme` (absent ⇒ `'v1'`)
|
|
77
|
+
* without re-scanning. Used by `vyuh-dxkit update` to decide whether to
|
|
78
|
+
* run the migrator after an upgrade.
|
|
79
|
+
*/
|
|
80
|
+
export declare function detectStaleScheme(cwd: string, baselineName?: string): IdentitySchemeVersion | null;
|
|
81
|
+
/**
|
|
82
|
+
* Migrate a repo's baseline + allowlist from `from` scheme to the current
|
|
83
|
+
* scheme: one scan, rewrite the allowlist through the remap, regenerate
|
|
84
|
+
* the baseline (only if one exists). Idempotent in spirit — running it
|
|
85
|
+
* when already current produces an empty remap and a re-stamped baseline.
|
|
86
|
+
* Returns a summary the caller renders.
|
|
87
|
+
*/
|
|
88
|
+
export declare function migrateIdentity(opts: {
|
|
89
|
+
readonly cwd: string;
|
|
90
|
+
readonly from: IdentitySchemeVersion;
|
|
91
|
+
readonly baselineName?: string;
|
|
92
|
+
readonly verbose?: boolean;
|
|
93
|
+
}): Promise<MigrationResult>;
|
|
94
|
+
//# sourceMappingURL=migrate.d.ts.map
|