@vyuhlabs/dxkit 2.4.6 → 2.4.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +885 -0
- package/README.md +131 -26
- package/dist/analysis-result.d.ts +112 -0
- package/dist/analysis-result.d.ts.map +1 -0
- package/dist/analysis-result.js +52 -0
- package/dist/analysis-result.js.map +1 -0
- package/dist/analyzers/bom/detailed.d.ts.map +1 -1
- package/dist/analyzers/bom/detailed.js +19 -0
- package/dist/analyzers/bom/detailed.js.map +1 -1
- package/dist/analyzers/bom/gather.d.ts +27 -26
- package/dist/analyzers/bom/gather.d.ts.map +1 -1
- package/dist/analyzers/bom/gather.js +26 -87
- package/dist/analyzers/bom/gather.js.map +1 -1
- package/dist/analyzers/bom/index.d.ts +0 -7
- package/dist/analyzers/bom/index.d.ts.map +1 -1
- package/dist/analyzers/bom/index.js +98 -48
- package/dist/analyzers/bom/index.js.map +1 -1
- package/dist/analyzers/bom/types.d.ts +11 -13
- package/dist/analyzers/bom/types.d.ts.map +1 -1
- package/dist/analyzers/cache.d.ts +95 -0
- package/dist/analyzers/cache.d.ts.map +1 -0
- package/dist/analyzers/cache.js +309 -0
- package/dist/analyzers/cache.js.map +1 -0
- package/dist/analyzers/coverage-runner.d.ts +56 -0
- package/dist/analyzers/coverage-runner.d.ts.map +1 -0
- package/dist/analyzers/coverage-runner.js +72 -0
- package/dist/analyzers/coverage-runner.js.map +1 -0
- package/dist/analyzers/dashboard/index.d.ts +24 -0
- package/dist/analyzers/dashboard/index.d.ts.map +1 -0
- package/dist/analyzers/dashboard/index.js +666 -0
- package/dist/analyzers/dashboard/index.js.map +1 -0
- package/dist/analyzers/developer/gather.d.ts.map +1 -1
- package/dist/analyzers/developer/gather.js +205 -37
- package/dist/analyzers/developer/gather.js.map +1 -1
- package/dist/analyzers/developer/index.d.ts +1 -1
- package/dist/analyzers/developer/index.d.ts.map +1 -1
- package/dist/analyzers/developer/index.js +19 -8
- package/dist/analyzers/developer/index.js.map +1 -1
- package/dist/analyzers/dispatcher.d.ts +37 -0
- package/dist/analyzers/dispatcher.d.ts.map +1 -1
- package/dist/analyzers/dispatcher.js +56 -9
- package/dist/analyzers/dispatcher.js.map +1 -1
- package/dist/analyzers/docs/shallow.d.ts +17 -5
- package/dist/analyzers/docs/shallow.d.ts.map +1 -1
- package/dist/analyzers/docs/shallow.js +65 -2
- package/dist/analyzers/docs/shallow.js.map +1 -1
- package/dist/analyzers/dx/shallow.d.ts +17 -5
- package/dist/analyzers/dx/shallow.d.ts.map +1 -1
- package/dist/analyzers/dx/shallow.js +66 -2
- package/dist/analyzers/dx/shallow.js.map +1 -1
- package/dist/analyzers/health/actions.d.ts +1 -1
- package/dist/analyzers/health/actions.d.ts.map +1 -1
- package/dist/analyzers/health/actions.js +27 -9
- package/dist/analyzers/health/actions.js.map +1 -1
- package/dist/analyzers/health/detailed.d.ts +2 -1
- package/dist/analyzers/health/detailed.d.ts.map +1 -1
- package/dist/analyzers/health/detailed.js +11 -7
- package/dist/analyzers/health/detailed.js.map +1 -1
- package/dist/analyzers/health.d.ts +27 -0
- package/dist/analyzers/health.d.ts.map +1 -1
- package/dist/analyzers/health.js +271 -33
- package/dist/analyzers/health.js.map +1 -1
- package/dist/analyzers/licenses/gather.d.ts +35 -8
- package/dist/analyzers/licenses/gather.d.ts.map +1 -1
- package/dist/analyzers/licenses/gather.js +70 -13
- package/dist/analyzers/licenses/gather.js.map +1 -1
- package/dist/analyzers/licenses/index.d.ts +1 -1
- package/dist/analyzers/licenses/index.d.ts.map +1 -1
- package/dist/analyzers/licenses/index.js +52 -11
- package/dist/analyzers/licenses/index.js.map +1 -1
- package/dist/analyzers/licenses/types.d.ts +15 -0
- package/dist/analyzers/licenses/types.d.ts.map +1 -1
- package/dist/analyzers/maintainability/shallow.d.ts +17 -5
- package/dist/analyzers/maintainability/shallow.d.ts.map +1 -1
- package/dist/analyzers/maintainability/shallow.js +80 -2
- package/dist/analyzers/maintainability/shallow.js.map +1 -1
- package/dist/analyzers/quality/detailed.d.ts.map +1 -1
- package/dist/analyzers/quality/detailed.js +4 -6
- package/dist/analyzers/quality/detailed.js.map +1 -1
- package/dist/analyzers/quality/gather.d.ts +1 -14
- package/dist/analyzers/quality/gather.d.ts.map +1 -1
- package/dist/analyzers/quality/gather.js +48 -137
- package/dist/analyzers/quality/gather.js.map +1 -1
- package/dist/analyzers/quality/index.d.ts +9 -2
- package/dist/analyzers/quality/index.d.ts.map +1 -1
- package/dist/analyzers/quality/index.js +189 -117
- package/dist/analyzers/quality/index.js.map +1 -1
- package/dist/analyzers/quality/shallow.d.ts +50 -5
- package/dist/analyzers/quality/shallow.d.ts.map +1 -1
- package/dist/analyzers/quality/shallow.js +155 -2
- package/dist/analyzers/quality/shallow.js.map +1 -1
- package/dist/analyzers/quality/types.d.ts +14 -0
- package/dist/analyzers/quality/types.d.ts.map +1 -1
- package/dist/analyzers/security/actions.d.ts +11 -4
- package/dist/analyzers/security/actions.d.ts.map +1 -1
- package/dist/analyzers/security/actions.js +87 -37
- package/dist/analyzers/security/actions.js.map +1 -1
- package/dist/analyzers/security/aggregator.d.ts +236 -0
- package/dist/analyzers/security/aggregator.d.ts.map +1 -0
- package/dist/analyzers/security/aggregator.js +347 -0
- package/dist/analyzers/security/aggregator.js.map +1 -0
- package/dist/analyzers/security/detailed.d.ts +2 -2
- package/dist/analyzers/security/detailed.d.ts.map +1 -1
- package/dist/analyzers/security/detailed.js +10 -9
- package/dist/analyzers/security/detailed.js.map +1 -1
- package/dist/analyzers/security/gather.d.ts +103 -1
- package/dist/analyzers/security/gather.d.ts.map +1 -1
- package/dist/analyzers/security/gather.js +281 -9
- package/dist/analyzers/security/gather.js.map +1 -1
- package/dist/analyzers/security/index.d.ts +15 -0
- package/dist/analyzers/security/index.d.ts.map +1 -1
- package/dist/analyzers/security/index.js +463 -50
- package/dist/analyzers/security/index.js.map +1 -1
- package/dist/analyzers/security/shallow.d.ts +50 -6
- package/dist/analyzers/security/shallow.d.ts.map +1 -1
- package/dist/analyzers/security/shallow.js +154 -2
- package/dist/analyzers/security/shallow.js.map +1 -1
- package/dist/analyzers/security/types.d.ts +51 -0
- package/dist/analyzers/security/types.d.ts.map +1 -1
- package/dist/analyzers/tests/detailed.d.ts.map +1 -1
- package/dist/analyzers/tests/detailed.js +2 -3
- package/dist/analyzers/tests/detailed.js.map +1 -1
- package/dist/analyzers/tests/gather.d.ts +2 -1
- package/dist/analyzers/tests/gather.d.ts.map +1 -1
- package/dist/analyzers/tests/gather.js +98 -69
- package/dist/analyzers/tests/gather.js.map +1 -1
- package/dist/analyzers/tests/index.d.ts +11 -2
- package/dist/analyzers/tests/index.d.ts.map +1 -1
- package/dist/analyzers/tests/index.js +83 -18
- package/dist/analyzers/tests/index.js.map +1 -1
- package/dist/analyzers/tests/shallow.d.ts +19 -5
- package/dist/analyzers/tests/shallow.d.ts.map +1 -1
- package/dist/analyzers/tests/shallow.js +89 -2
- package/dist/analyzers/tests/shallow.js.map +1 -1
- package/dist/analyzers/tests/types.d.ts +41 -1
- package/dist/analyzers/tests/types.d.ts.map +1 -1
- package/dist/analyzers/tools/autogen-header.d.ts +8 -0
- package/dist/analyzers/tools/autogen-header.d.ts.map +1 -0
- package/dist/analyzers/tools/autogen-header.js +107 -0
- package/dist/analyzers/tools/autogen-header.js.map +1 -0
- package/dist/analyzers/tools/cloc.d.ts.map +1 -1
- package/dist/analyzers/tools/cloc.js +36 -5
- package/dist/analyzers/tools/cloc.js.map +1 -1
- package/dist/analyzers/tools/debug-statements.d.ts +17 -0
- package/dist/analyzers/tools/debug-statements.d.ts.map +1 -0
- package/dist/analyzers/tools/debug-statements.js +58 -0
- package/dist/analyzers/tools/debug-statements.js.map +1 -0
- package/dist/analyzers/tools/default-exclusions.gitignore +28 -0
- package/dist/analyzers/tools/exclusions.d.ts +33 -6
- package/dist/analyzers/tools/exclusions.d.ts.map +1 -1
- package/dist/analyzers/tools/exclusions.js +95 -26
- package/dist/analyzers/tools/exclusions.js.map +1 -1
- package/dist/analyzers/tools/generic.d.ts +17 -2
- package/dist/analyzers/tools/generic.d.ts.map +1 -1
- package/dist/analyzers/tools/generic.js +206 -109
- package/dist/analyzers/tools/generic.js.map +1 -1
- package/dist/analyzers/tools/gitleaks.d.ts.map +1 -1
- package/dist/analyzers/tools/gitleaks.js +48 -1
- package/dist/analyzers/tools/gitleaks.js.map +1 -1
- package/dist/analyzers/tools/graphify.d.ts +30 -2
- package/dist/analyzers/tools/graphify.d.ts.map +1 -1
- package/dist/analyzers/tools/graphify.js +131 -15
- package/dist/analyzers/tools/graphify.js.map +1 -1
- package/dist/analyzers/tools/jscpd.d.ts +12 -2
- package/dist/analyzers/tools/jscpd.d.ts.map +1 -1
- package/dist/analyzers/tools/jscpd.js +129 -6
- package/dist/analyzers/tools/jscpd.js.map +1 -1
- package/dist/analyzers/tools/minified-detection.d.ts +9 -0
- package/dist/analyzers/tools/minified-detection.d.ts.map +1 -0
- package/dist/analyzers/tools/minified-detection.js +147 -0
- package/dist/analyzers/tools/minified-detection.js.map +1 -0
- package/dist/analyzers/tools/nuget-package-reference.d.ts +131 -0
- package/dist/analyzers/tools/nuget-package-reference.d.ts.map +1 -0
- package/dist/analyzers/tools/nuget-package-reference.js +175 -0
- package/dist/analyzers/tools/nuget-package-reference.js.map +1 -0
- package/dist/analyzers/tools/osv-scanner-deps.d.ts +3 -2
- package/dist/analyzers/tools/osv-scanner-deps.d.ts.map +1 -1
- package/dist/analyzers/tools/osv-scanner-deps.js +32 -14
- package/dist/analyzers/tools/osv-scanner-deps.js.map +1 -1
- package/dist/analyzers/tools/osv.d.ts +36 -0
- package/dist/analyzers/tools/osv.d.ts.map +1 -1
- package/dist/analyzers/tools/osv.js +26 -0
- package/dist/analyzers/tools/osv.js.map +1 -1
- package/dist/analyzers/tools/parallel.d.ts +1 -1
- package/dist/analyzers/tools/parallel.d.ts.map +1 -1
- package/dist/analyzers/tools/parallel.js +2 -2
- package/dist/analyzers/tools/parallel.js.map +1 -1
- package/dist/analyzers/tools/risk-score.d.ts +7 -0
- package/dist/analyzers/tools/risk-score.d.ts.map +1 -1
- package/dist/analyzers/tools/risk-score.js +9 -2
- package/dist/analyzers/tools/risk-score.js.map +1 -1
- package/dist/analyzers/tools/run-tests-helper.d.ts +43 -0
- package/dist/analyzers/tools/run-tests-helper.d.ts.map +1 -0
- package/dist/analyzers/tools/run-tests-helper.js +156 -0
- package/dist/analyzers/tools/run-tests-helper.js.map +1 -0
- package/dist/analyzers/tools/runner.d.ts.map +1 -1
- package/dist/analyzers/tools/runner.js +75 -12
- package/dist/analyzers/tools/runner.js.map +1 -1
- package/dist/analyzers/tools/semgrep.d.ts +39 -2
- package/dist/analyzers/tools/semgrep.d.ts.map +1 -1
- package/dist/analyzers/tools/semgrep.js +131 -9
- package/dist/analyzers/tools/semgrep.js.map +1 -1
- package/dist/analyzers/tools/timing.d.ts +17 -3
- package/dist/analyzers/tools/timing.d.ts.map +1 -1
- package/dist/analyzers/tools/timing.js +36 -14
- package/dist/analyzers/tools/timing.js.map +1 -1
- package/dist/analyzers/tools/tool-registry.d.ts.map +1 -1
- package/dist/analyzers/tools/tool-registry.js +11 -1
- package/dist/analyzers/tools/tool-registry.js.map +1 -1
- package/dist/analyzers/tools/tools-unavailable-prose.d.ts +18 -0
- package/dist/analyzers/tools/tools-unavailable-prose.d.ts.map +1 -0
- package/dist/analyzers/tools/tools-unavailable-prose.js +69 -0
- package/dist/analyzers/tools/tools-unavailable-prose.js.map +1 -0
- package/dist/analyzers/tools/upgrade-plan-resolver.d.ts.map +1 -1
- package/dist/analyzers/tools/upgrade-plan-resolver.js +7 -0
- package/dist/analyzers/tools/upgrade-plan-resolver.js.map +1 -1
- package/dist/analyzers/tools/vendored-advisor.d.ts +43 -0
- package/dist/analyzers/tools/vendored-advisor.d.ts.map +1 -0
- package/dist/analyzers/tools/vendored-advisor.js +107 -0
- package/dist/analyzers/tools/vendored-advisor.js.map +1 -0
- package/dist/analyzers/tools/walk-paths.d.ts +78 -0
- package/dist/analyzers/tools/walk-paths.d.ts.map +1 -0
- package/dist/analyzers/tools/walk-paths.js +150 -0
- package/dist/analyzers/tools/walk-paths.js.map +1 -0
- package/dist/analyzers/tools/walk-source-files.d.ts +70 -0
- package/dist/analyzers/tools/walk-source-files.d.ts.map +1 -0
- package/dist/analyzers/tools/walk-source-files.js +369 -0
- package/dist/analyzers/tools/walk-source-files.js.map +1 -0
- package/dist/analyzers/types.d.ts +204 -4
- package/dist/analyzers/types.d.ts.map +1 -1
- package/dist/analyzers/xlsx/bom.d.ts.map +1 -1
- package/dist/analyzers/xlsx/bom.js +8 -1
- package/dist/analyzers/xlsx/bom.js.map +1 -1
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +557 -189
- package/dist/cli.js.map +1 -1
- package/dist/detect.d.ts.map +1 -1
- package/dist/detect.js +24 -7
- package/dist/detect.js.map +1 -1
- package/dist/doctor.d.ts.map +1 -1
- package/dist/doctor.js +103 -53
- package/dist/doctor.js.map +1 -1
- package/dist/languages/capabilities/provider.d.ts +130 -1
- package/dist/languages/capabilities/provider.d.ts.map +1 -1
- package/dist/languages/capabilities/types.d.ts +68 -7
- package/dist/languages/capabilities/types.d.ts.map +1 -1
- package/dist/languages/csharp.d.ts +15 -1
- package/dist/languages/csharp.d.ts.map +1 -1
- package/dist/languages/csharp.js +624 -146
- package/dist/languages/csharp.js.map +1 -1
- package/dist/languages/go.d.ts.map +1 -1
- package/dist/languages/go.js +89 -11
- package/dist/languages/go.js.map +1 -1
- package/dist/languages/index.d.ts +131 -2
- package/dist/languages/index.d.ts.map +1 -1
- package/dist/languages/index.js +206 -0
- package/dist/languages/index.js.map +1 -1
- package/dist/languages/java.d.ts.map +1 -1
- package/dist/languages/java.js +113 -26
- package/dist/languages/java.js.map +1 -1
- package/dist/languages/kotlin.d.ts.map +1 -1
- package/dist/languages/kotlin.js +132 -26
- package/dist/languages/kotlin.js.map +1 -1
- package/dist/languages/python.d.ts.map +1 -1
- package/dist/languages/python.js +149 -44
- package/dist/languages/python.js.map +1 -1
- package/dist/languages/ruby.d.ts +39 -1
- package/dist/languages/ruby.d.ts.map +1 -1
- package/dist/languages/ruby.js +178 -44
- package/dist/languages/ruby.js.map +1 -1
- package/dist/languages/rust.d.ts.map +1 -1
- package/dist/languages/rust.js +103 -16
- package/dist/languages/rust.js.map +1 -1
- package/dist/languages/types.d.ts +228 -5
- package/dist/languages/types.d.ts.map +1 -1
- package/dist/languages/typescript.d.ts.map +1 -1
- package/dist/languages/typescript.js +201 -14
- package/dist/languages/typescript.js.map +1 -1
- package/dist/scoring/dimensions/documentation.d.ts +53 -0
- package/dist/scoring/dimensions/documentation.d.ts.map +1 -0
- package/dist/scoring/dimensions/documentation.js +106 -0
- package/dist/scoring/dimensions/documentation.js.map +1 -0
- package/dist/scoring/dimensions/dx.d.ts +53 -0
- package/dist/scoring/dimensions/dx.d.ts.map +1 -0
- package/dist/scoring/dimensions/dx.js +105 -0
- package/dist/scoring/dimensions/dx.js.map +1 -0
- package/dist/scoring/dimensions/maintainability.d.ts +53 -0
- package/dist/scoring/dimensions/maintainability.d.ts.map +1 -0
- package/dist/scoring/dimensions/maintainability.js +101 -0
- package/dist/scoring/dimensions/maintainability.js.map +1 -0
- package/dist/scoring/dimensions/quality.d.ts +108 -0
- package/dist/scoring/dimensions/quality.d.ts.map +1 -0
- package/dist/scoring/dimensions/quality.js +174 -0
- package/dist/scoring/dimensions/quality.js.map +1 -0
- package/dist/scoring/dimensions/security.d.ts +84 -0
- package/dist/scoring/dimensions/security.d.ts.map +1 -0
- package/dist/scoring/dimensions/security.js +135 -0
- package/dist/scoring/dimensions/security.js.map +1 -0
- package/dist/scoring/dimensions/testing.d.ts +56 -0
- package/dist/scoring/dimensions/testing.d.ts.map +1 -0
- package/dist/scoring/dimensions/testing.js +98 -0
- package/dist/scoring/dimensions/testing.js.map +1 -0
- package/dist/scoring/evaluator.d.ts +27 -0
- package/dist/scoring/evaluator.d.ts.map +1 -0
- package/dist/scoring/evaluator.js +124 -0
- package/dist/scoring/evaluator.js.map +1 -0
- package/dist/scoring/format.d.ts +34 -0
- package/dist/scoring/format.d.ts.map +1 -0
- package/dist/scoring/format.js +63 -0
- package/dist/scoring/format.js.map +1 -0
- package/dist/scoring/index.d.ts +37 -0
- package/dist/scoring/index.d.ts.map +1 -0
- package/dist/scoring/index.js +57 -0
- package/dist/scoring/index.js.map +1 -0
- package/dist/scoring/overall.d.ts +54 -0
- package/dist/scoring/overall.d.ts.map +1 -0
- package/dist/scoring/overall.js +76 -0
- package/dist/scoring/overall.js.map +1 -0
- package/dist/scoring/result.d.ts +111 -0
- package/dist/scoring/result.d.ts.map +1 -0
- package/dist/scoring/result.js +14 -0
- package/dist/scoring/result.js.map +1 -0
- package/dist/scoring/spec.d.ts +76 -0
- package/dist/scoring/spec.d.ts.map +1 -0
- package/dist/scoring/spec.js +22 -0
- package/dist/scoring/spec.js.map +1 -0
- package/dist/scoring/thresholds.d.ts +56 -0
- package/dist/scoring/thresholds.d.ts.map +1 -0
- package/dist/scoring/thresholds.js +75 -0
- package/dist/scoring/thresholds.js.map +1 -0
- package/dist/tools-cli.d.ts.map +1 -1
- package/dist/tools-cli.js +21 -2
- package/dist/tools-cli.js.map +1 -1
- package/dist/types.d.ts +16 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +1 -1
- package/templates/.claude/commands/dashboard.md +17 -9
- package/dist/analyzers/scoring.d.ts +0 -49
- package/dist/analyzers/scoring.d.ts.map +0 -1
- package/dist/analyzers/scoring.js +0 -422
- package/dist/analyzers/scoring.js.map +0 -1
- package/dist/analyzers/security/scoring.d.ts +0 -29
- package/dist/analyzers/security/scoring.d.ts.map +0 -1
- package/dist/analyzers/security/scoring.js +0 -40
- package/dist/analyzers/security/scoring.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"detailed.js","sourceRoot":"","sources":["../../../src/analyzers/security/detailed.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"detailed.js","sourceRoot":"","sources":["../../../src/analyzers/security/detailed.ts"],"names":[],"mappings":";;AAgBA,sDAYC;AAID,wEAuKC;AAlMD,gDAAoD;AACpD,uCAAmE;AACnE,2CAAwF;AACxF,8EAA+E;AAQ/E,SAAgB,qBAAqB,CAAC,MAAsB;IAC1D,MAAM,KAAK,GAAG,IAAA,0BAAgB,EAAC,MAAM,CAAC,CAAC;IACvC,MAAM,cAAc,GAAG,CAAC,CAAqB,EAAE,EAAE,CAAC,IAAA,sBAAY,EAAC,+BAAqB,EAAE,CAAC,CAAC,CAAC;IACzF,MAAM,OAAO,GAAG,IAAA,kBAAI,EAAC,IAAA,8BAAoB,EAAC,MAAM,CAAC,EAAE,KAAK,EAAE,cAAc,CAAC,CAAC;IAC1E,OAAO;QACL,GAAG,MAAM;QACT,8DAA8D;QAC9D,qDAAqD;QACrD,aAAa,EAAE,IAAI;QACnB,aAAa,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC,KAAK;QAC1C,OAAO;KACR,CAAC;AACJ,CAAC;AAED,MAAM,SAAS,GAA6B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;AAExF,SAAgB,8BAA8B,CAC5C,QAAgC,EAChC,OAAe;IAEf,MAAM,CAAC,GAAa,EAAE,CAAC;IACvB,MAAM,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC;IACpC,MAAM,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC;IAExC,CAAC,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;IAC1C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,aAAa,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;IACxD,CAAC,CAAC,IAAI,CAAC,mBAAmB,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3C,CAAC,CAAC,IAAI,CAAC,eAAe,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,SAAS,GAAG,CAAC,CAAC;IACjE,CAAC,CAAC,IAAI,CAAC,uBAAuB,QAAQ,CAAC,aAAa,MAAM,CAAC,CAAC;IAC5D,CAAC,CAAC,IAAI,CAAC,uBAAuB,QAAQ,CAAC,aAAa,EAAE,CAAC,CAAC;IACxD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,8DAA8D;IAC9D,gEAAgE;IAChE,2DAA2D;IAC3D,gEAAgE;IAChE,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACrB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAChC,CAAC,CAAC,IAAI,CAAC,uFAAuF,CAAC,CAAC;IAChG,CAAC,CAAC,IAAI,CACJ,uGAAuG,CACxG,CAAC;IACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;IACjG,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QACX,CAAC,CAAC,IAAI,CACJ,yBAAyB,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,KAAK,eAAe,CAAC,CAAC,IAAI,GAAG,CAC3G,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,WAAW,CAAC,CAAC,KAAK,cAAc,CAAC,CAAC;IACjG,CAAC;SAAM,CAAC;QACN,CAAC,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QAC9C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,KAAK,cAAc,CAAC,CAAC;IACzD,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,iBAAiB;IACjB,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IACjC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,CAAC,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;IACzD,CAAC;SAAM,CAAC;QACN,CAAC,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAC7D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QAC/C,CAAC,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QAC/C,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YAChC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC,UAAU,MAAM,CAAC,CAAC,cAAc,QAAQ,CAAC,CAAC;QACnF,CAAC,CAAC,CAAC;QACH,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACjC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC;YAC5C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACX,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;YAChC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,aAAa,MAAM,CAAC,CAAC;YACjD,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,cAAc,MAAM,CAAC,CAAC;YACnD,IAAI,CAAC,CAAC,SAAS;gBAAE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;YACrD,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACtB,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;gBAC1B,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;oBACxC,MAAM,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACvC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,GAAG,GAAG,QAAQ,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC7D,CAAC;gBACD,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;oBAC3B,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC,CAAC;gBACrD,CAAC;YACH,CAAC;YACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACb,CAAC;IACH,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,0BAA0B;IAC1B,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAChC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,MAAM,MAAM,GAAsB,CAAC,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,IAAI,CAC3D,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CACxF,CAAC;IACF,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,CAAC,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QACvD,CAAC,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QACvD,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,CAAC,CAAC,IAAI,CACJ,KAAK,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,GAAG,IAAI,GAAG,IAAI,CAC7H,CAAC;QACJ,CAAC;IACH,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,eAAe;IACf,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QACxC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC1B,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC/B,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC/B,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC;QACvC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC;QACnC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC;QACrC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAClC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;QACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,6DAA6D;YAC7D,qEAAqE;YACrE,2DAA2D;YAC3D,MAAM,UAAU,GAAqB,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;gBACjE,MAAM,EAAE,GAAG,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC;gBAC7B,MAAM,EAAE,GAAG,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC;gBAC7B,IAAI,EAAE,KAAK,EAAE;oBAAE,OAAO,EAAE,GAAG,EAAE,CAAC;gBAC9B,OAAO,CACL,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;oBAC7C,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC;oBAClC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CACzB,CAAC;YACJ,CAAC,CAAC,CAAC;YACH,CAAC,CAAC,IAAI,CAAC,wBAAwB,UAAU,CAAC,MAAM,aAAa,CAAC,CAAC;YAC/D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACX,CAAC,CAAC,IAAI,CACJ,2FAA2F,CAC5F,CAAC;YACF,CAAC,CAAC,IAAI,CACJ,2FAA2F,CAC5F,CAAC;YACF,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;gBAC3B,MAAM,IAAI,GAAG,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;gBACtE,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBAC1F,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC7B,MAAM,KAAK,GAAG,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC5E,gEAAgE;gBAChE,kDAAkD;gBAClD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;gBACrF,CAAC,CAAC,IAAI,CACJ,KAAK,IAAI,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,KAAK,QAAQ,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,OAAO,QAAQ,CAAC,CAAC,gBAAgB,IAAI,GAAG,MAAM,CAAC,CAAC,YAAY,IAAI,GAAG,MAAM,IAAI,MAAM,IAAI,MAAM,CAAC,CAAC,IAAI,IAAI,CAC3L,CAAC;YACJ,CAAC;YACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACb,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,CAAC,CAAC,IAAI,CAAC,mBAAmB,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3D,CAAC,CAAC,IAAI,CAAC,GAAG,IAAA,qDAA2B,EAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAClE,CAAC,CAAC,IAAI,CAAC,sBAAsB,OAAO,GAAG,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CACJ,gGAAgG,CACjG,CAAC;IACF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC"}
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
import { SecurityFinding, DepVulnSummary } from './types';
|
|
1
|
+
import { SecurityFinding, DepVulnSummary, Severity } from './types';
|
|
2
|
+
import { type SecurityAggregate } from './aggregator';
|
|
3
|
+
import type { DepVulnResult } from '../../languages/capabilities/types';
|
|
2
4
|
/**
|
|
3
5
|
* Secrets are a global capability: one scanner (gitleaks today) runs once
|
|
4
6
|
* per repo and the dispatcher aggregates its envelope through the SECRETS
|
|
@@ -11,6 +13,51 @@ export declare function gatherSecrets(cwd: string): Promise<{
|
|
|
11
13
|
toolUsed: string | null;
|
|
12
14
|
}>;
|
|
13
15
|
export declare function gatherFileFindings(cwd: string): SecurityFinding[];
|
|
16
|
+
/**
|
|
17
|
+
* D045 (2.4.7): surface TLS-bypass idioms as first-class
|
|
18
|
+
* `SecurityFinding[]` entries with file:line attribution. Each pack
|
|
19
|
+
* declares its language-specific patterns via
|
|
20
|
+
* `LanguageSupport.tlsBypassPatterns` (D034); this gather runs the
|
|
21
|
+
* unioned alternation across every registered pack's source
|
|
22
|
+
* extensions and emits one finding per matching line.
|
|
23
|
+
*
|
|
24
|
+
* Architecture note (why this is independent of semgrep): semgrep's
|
|
25
|
+
* `p/security-audit` ruleset does not include per-language TLS-bypass
|
|
26
|
+
* idioms (`ServerCertificateValidationCallback`,
|
|
27
|
+
* `DangerousAcceptAnyServerCertificateValidator`,
|
|
28
|
+
* `InsecureSkipVerify: true`, `danger_accept_invalid_certs`,
|
|
29
|
+
* `TrustAllX509TrustManager`, `OpenSSL::SSL::VERIFY_NONE`, etc.). The
|
|
30
|
+
* registry-driven per-pack patterns ARE the source of truth for these
|
|
31
|
+
* checks; both the health-side `tlsDisabledCount` metric and the
|
|
32
|
+
* standalone vuln-scan Code Findings table flow through the same
|
|
33
|
+
* patterns. False-positive rate is near zero — these are tight
|
|
34
|
+
* class/method tokens, not loose word matches.
|
|
35
|
+
*
|
|
36
|
+
* Pre-D045 dpl-studio surfaced `tlsDisabledCount: 1` in
|
|
37
|
+
* `gatherGenericMetrics` (via `countTlsBypassLines`), but the
|
|
38
|
+
* standalone vuln scan's Code Findings table reported `_Sources:
|
|
39
|
+
* (none)_` with all zeros — the count never reached the standalone
|
|
40
|
+
* scan because TLS-bypass wasn't a first-class finding source. This
|
|
41
|
+
* gather closes that gap.
|
|
42
|
+
*
|
|
43
|
+
* Severity assignment: `high`. CWE: 295 (Improper Certificate
|
|
44
|
+
* Validation).
|
|
45
|
+
*
|
|
46
|
+
* Empty patterns array → returns []. Empty grep output → returns [].
|
|
47
|
+
* Both are legitimate "no TLS-bypass idioms in this codebase" states.
|
|
48
|
+
*/
|
|
49
|
+
/**
|
|
50
|
+
* G_v4_7 (2.4.7): route TLS-bypass discovery through the canonical
|
|
51
|
+
* walker + per-file in-process line scan. Eliminates the `grep -rnEf`
|
|
52
|
+
* shell path (no maxBuffer ceiling, no per-finding shell escaping).
|
|
53
|
+
* D074 closure: skip comment lines so a commented-out
|
|
54
|
+
* `// NODE_TLS_REJECT_UNAUTHORIZED=0` no longer renders as a HIGH
|
|
55
|
+
* SecurityFinding (the platform vuln-scan false-positive class).
|
|
56
|
+
*
|
|
57
|
+
* `includeTests: true` preserves pre-migration scope — TLS-bypass
|
|
58
|
+
* idioms inside test fixtures were detected before; still are.
|
|
59
|
+
*/
|
|
60
|
+
export declare function gatherTlsBypassFindings(cwd: string): SecurityFinding[];
|
|
14
61
|
/**
|
|
15
62
|
* Code-pattern findings are a global capability: the CODE_PATTERNS
|
|
16
63
|
* dispatcher routes to `semgrepProvider` (tools/semgrep.ts) which
|
|
@@ -31,5 +78,60 @@ export declare function gatherCodePatterns(cwd: string): Promise<{
|
|
|
31
78
|
* provider, or when every provider returned null (no tool installed
|
|
32
79
|
* / nothing to audit).
|
|
33
80
|
*/
|
|
81
|
+
/**
|
|
82
|
+
* Shared primitive for availability-aware dep-vuln aggregation. Used by
|
|
83
|
+
* both `gatherDepVulns` (standalone scan + BoM, with enrichment) and
|
|
84
|
+
* `gatherCapabilityReport` in health.ts (no enrichment). Bypassing the
|
|
85
|
+
* dispatcher is the whole point — the dispatcher's `gather()` path
|
|
86
|
+
* collapses every non-success outcome to null, which makes the scorer
|
|
87
|
+
* blind to "tool unavailable" vs "no findings" (the F4 dpl-studio
|
|
88
|
+
* customer-credibility lie). Calling `gatherOutcome` directly preserves
|
|
89
|
+
* the discriminant, then we aggregate via the existing DEP_VULNS
|
|
90
|
+
* descriptor's aggregator.
|
|
91
|
+
*
|
|
92
|
+
* Returned envelope is null only when NO success outcomes occurred;
|
|
93
|
+
* `available` is false when at least one active pack returned
|
|
94
|
+
* `unavailable`. `no-manifest` outcomes do NOT degrade availability —
|
|
95
|
+
* polyglot repos where one pack activates but has nothing to scan are
|
|
96
|
+
* a clean "we checked, found nothing here" state.
|
|
97
|
+
*/
|
|
98
|
+
export declare function gatherDepVulnsWithAvailability(cwd: string): Promise<{
|
|
99
|
+
envelope: DepVulnResult | null;
|
|
100
|
+
available: boolean;
|
|
101
|
+
unavailableReason: string;
|
|
102
|
+
}>;
|
|
34
103
|
export declare function gatherDepVulns(cwd: string): Promise<DepVulnSummary>;
|
|
104
|
+
/**
|
|
105
|
+
* Build the canonical `SecurityAggregate` from inputs available to the
|
|
106
|
+
* health analyzer. Re-uses the capability envelopes already gathered by
|
|
107
|
+
* `gatherCapabilityReport` (no double-shells — dispatcher cache hits
|
|
108
|
+
* are free), additionally invoking the two finders not represented in
|
|
109
|
+
* the capability layer (TLS-bypass-registry walk, file findings for
|
|
110
|
+
* private keys + `.env`-in-git).
|
|
111
|
+
*
|
|
112
|
+
* D086 closure foundation: health's `scoreSecurityDimension` reads
|
|
113
|
+
* from this aggregate via `c.securityAggregate?.codeBySeverity`,
|
|
114
|
+
* which is the SAME field the standalone vuln-scan reads after C1.2.
|
|
115
|
+
* Two consumers, one source — no drift possible.
|
|
116
|
+
*/
|
|
117
|
+
export declare function buildSecurityAggregateForHealth(cwd: string, secrets: {
|
|
118
|
+
tool: string;
|
|
119
|
+
findings: ReadonlyArray<{
|
|
120
|
+
severity: Severity;
|
|
121
|
+
rule: string;
|
|
122
|
+
title?: string;
|
|
123
|
+
file: string;
|
|
124
|
+
line: number;
|
|
125
|
+
}>;
|
|
126
|
+
} | undefined, codePatterns: {
|
|
127
|
+
tool: string;
|
|
128
|
+
findings: ReadonlyArray<{
|
|
129
|
+
severity: Severity;
|
|
130
|
+
rule: string;
|
|
131
|
+
title: string;
|
|
132
|
+
file: string;
|
|
133
|
+
line: number;
|
|
134
|
+
cwe: string;
|
|
135
|
+
}>;
|
|
136
|
+
} | undefined, depVulnsEnvelope: DepVulnResult | undefined, depVulnsAvailable: boolean, depVulnsUnavailableReason: string): Promise<SecurityAggregate>;
|
|
35
137
|
//# sourceMappingURL=gather.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gather.d.ts","sourceRoot":"","sources":["../../../src/analyzers/security/gather.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"gather.d.ts","sourceRoot":"","sources":["../../../src/analyzers/security/gather.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACpE,OAAO,EAA0B,KAAK,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAU9E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oCAAoC,CAAC;AAIxE;;;;;;GAMG;AACH,wBAAsB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IACxD,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CAAC,CAeD;AAID,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe,EAAE,CAuCjE;AAID;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH;;;;;;;;;;GAUG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe,EAAE,CA0CtE;AAID;;;;;;GAMG;AACH,wBAAsB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAC7D,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CAAC,CAmBD;AAoBD;;;;;;;;GAQG;AACH;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,8BAA8B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IACzE,QAAQ,EAAE,aAAa,GAAG,IAAI,CAAC;IAC/B,SAAS,EAAE,OAAO,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;CAC3B,CAAC,CAkDD;AAED,wBAAsB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CA6HzE;AAID;;;;;;;;;;;;GAYG;AACH,wBAAsB,+BAA+B,CACnD,GAAG,EAAE,MAAM,EACX,OAAO,EACH;IACE,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,aAAa,CAAC;QACtB,QAAQ,EAAE,QAAQ,CAAC;QACnB,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;KACd,CAAC,CAAC;CACJ,GACD,SAAS,EACb,YAAY,EACR;IACE,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,aAAa,CAAC;QACtB,QAAQ,EAAE,QAAQ,CAAC;QACnB,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,GAAG,EAAE,MAAM,CAAC;KACb,CAAC,CAAC;CACJ,GACD,SAAS,EACb,gBAAgB,EAAE,aAAa,GAAG,SAAS,EAC3C,iBAAiB,EAAE,OAAO,EAC1B,yBAAyB,EAAE,MAAM,GAChC,OAAO,CAAC,iBAAiB,CAAC,CA+C5B"}
|
|
@@ -1,9 +1,45 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
2
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
36
|
exports.gatherSecrets = gatherSecrets;
|
|
4
37
|
exports.gatherFileFindings = gatherFileFindings;
|
|
38
|
+
exports.gatherTlsBypassFindings = gatherTlsBypassFindings;
|
|
5
39
|
exports.gatherCodePatterns = gatherCodePatterns;
|
|
40
|
+
exports.gatherDepVulnsWithAvailability = gatherDepVulnsWithAvailability;
|
|
6
41
|
exports.gatherDepVulns = gatherDepVulns;
|
|
42
|
+
exports.buildSecurityAggregateForHealth = buildSecurityAggregateForHealth;
|
|
7
43
|
/**
|
|
8
44
|
* Security finding gatherers — one function per tool, no overlap.
|
|
9
45
|
*
|
|
@@ -13,6 +49,7 @@ exports.gatherDepVulns = gatherDepVulns;
|
|
|
13
49
|
* semgrep → code patterns (eval, exec, TLS, CORS, SQLi, XSS, SSRF, etc.)
|
|
14
50
|
* dispatcher → dependency CVEs unioned across every active language pack
|
|
15
51
|
*/
|
|
52
|
+
const fs = __importStar(require("fs"));
|
|
16
53
|
const runner_1 = require("../tools/runner");
|
|
17
54
|
const epss_1 = require("../tools/epss");
|
|
18
55
|
const fingerprint_1 = require("../tools/fingerprint");
|
|
@@ -22,6 +59,9 @@ const reachability_1 = require("../tools/reachability");
|
|
|
22
59
|
const risk_score_1 = require("../tools/risk-score");
|
|
23
60
|
const upgrade_plan_resolver_1 = require("../tools/upgrade-plan-resolver");
|
|
24
61
|
const exclusions_1 = require("../tools/exclusions");
|
|
62
|
+
const walk_source_files_1 = require("../tools/walk-source-files");
|
|
63
|
+
const path = __importStar(require("path"));
|
|
64
|
+
const aggregator_1 = require("./aggregator");
|
|
25
65
|
const dispatcher_1 = require("../dispatcher");
|
|
26
66
|
const languages_1 = require("../../languages");
|
|
27
67
|
const descriptors_1 = require("../../languages/capabilities/descriptors");
|
|
@@ -88,6 +128,98 @@ function gatherFileFindings(cwd) {
|
|
|
88
128
|
}
|
|
89
129
|
return findings;
|
|
90
130
|
}
|
|
131
|
+
// ─── TLS / certificate-validation bypass gather (D045 / D034) ──────────────
|
|
132
|
+
/**
|
|
133
|
+
* D045 (2.4.7): surface TLS-bypass idioms as first-class
|
|
134
|
+
* `SecurityFinding[]` entries with file:line attribution. Each pack
|
|
135
|
+
* declares its language-specific patterns via
|
|
136
|
+
* `LanguageSupport.tlsBypassPatterns` (D034); this gather runs the
|
|
137
|
+
* unioned alternation across every registered pack's source
|
|
138
|
+
* extensions and emits one finding per matching line.
|
|
139
|
+
*
|
|
140
|
+
* Architecture note (why this is independent of semgrep): semgrep's
|
|
141
|
+
* `p/security-audit` ruleset does not include per-language TLS-bypass
|
|
142
|
+
* idioms (`ServerCertificateValidationCallback`,
|
|
143
|
+
* `DangerousAcceptAnyServerCertificateValidator`,
|
|
144
|
+
* `InsecureSkipVerify: true`, `danger_accept_invalid_certs`,
|
|
145
|
+
* `TrustAllX509TrustManager`, `OpenSSL::SSL::VERIFY_NONE`, etc.). The
|
|
146
|
+
* registry-driven per-pack patterns ARE the source of truth for these
|
|
147
|
+
* checks; both the health-side `tlsDisabledCount` metric and the
|
|
148
|
+
* standalone vuln-scan Code Findings table flow through the same
|
|
149
|
+
* patterns. False-positive rate is near zero — these are tight
|
|
150
|
+
* class/method tokens, not loose word matches.
|
|
151
|
+
*
|
|
152
|
+
* Pre-D045 dpl-studio surfaced `tlsDisabledCount: 1` in
|
|
153
|
+
* `gatherGenericMetrics` (via `countTlsBypassLines`), but the
|
|
154
|
+
* standalone vuln scan's Code Findings table reported `_Sources:
|
|
155
|
+
* (none)_` with all zeros — the count never reached the standalone
|
|
156
|
+
* scan because TLS-bypass wasn't a first-class finding source. This
|
|
157
|
+
* gather closes that gap.
|
|
158
|
+
*
|
|
159
|
+
* Severity assignment: `high`. CWE: 295 (Improper Certificate
|
|
160
|
+
* Validation).
|
|
161
|
+
*
|
|
162
|
+
* Empty patterns array → returns []. Empty grep output → returns [].
|
|
163
|
+
* Both are legitimate "no TLS-bypass idioms in this codebase" states.
|
|
164
|
+
*/
|
|
165
|
+
/**
|
|
166
|
+
* G_v4_7 (2.4.7): route TLS-bypass discovery through the canonical
|
|
167
|
+
* walker + per-file in-process line scan. Eliminates the `grep -rnEf`
|
|
168
|
+
* shell path (no maxBuffer ceiling, no per-finding shell escaping).
|
|
169
|
+
* D074 closure: skip comment lines so a commented-out
|
|
170
|
+
* `// NODE_TLS_REJECT_UNAUTHORIZED=0` no longer renders as a HIGH
|
|
171
|
+
* SecurityFinding (the platform vuln-scan false-positive class).
|
|
172
|
+
*
|
|
173
|
+
* `includeTests: true` preserves pre-migration scope — TLS-bypass
|
|
174
|
+
* idioms inside test fixtures were detected before; still are.
|
|
175
|
+
*/
|
|
176
|
+
function gatherTlsBypassFindings(cwd) {
|
|
177
|
+
const patterns = (0, languages_1.allTlsBypassPatterns)();
|
|
178
|
+
if (patterns.length === 0)
|
|
179
|
+
return [];
|
|
180
|
+
const compiled = patterns.map((p) => new RegExp(p));
|
|
181
|
+
const files = (0, walk_source_files_1.walkSourceFiles)(cwd, { includeTests: true });
|
|
182
|
+
const findings = [];
|
|
183
|
+
for (const relPath of files) {
|
|
184
|
+
let content;
|
|
185
|
+
try {
|
|
186
|
+
content = fs.readFileSync(path.join(cwd, relPath), 'utf-8');
|
|
187
|
+
}
|
|
188
|
+
catch {
|
|
189
|
+
continue;
|
|
190
|
+
}
|
|
191
|
+
const lines = content.split('\n');
|
|
192
|
+
const syntax = (0, walk_source_files_1.commentSyntaxFor)(relPath);
|
|
193
|
+
for (let i = 0; i < lines.length; i++) {
|
|
194
|
+
const line = lines[i];
|
|
195
|
+
if (syntax !== 'none' && (0, walk_source_files_1.isCommentLine)(line, syntax))
|
|
196
|
+
continue;
|
|
197
|
+
let matched = false;
|
|
198
|
+
for (const re of compiled) {
|
|
199
|
+
re.lastIndex = 0;
|
|
200
|
+
if (re.test(line)) {
|
|
201
|
+
matched = true;
|
|
202
|
+
break;
|
|
203
|
+
}
|
|
204
|
+
}
|
|
205
|
+
if (!matched)
|
|
206
|
+
continue;
|
|
207
|
+
const trimmed = line.trim();
|
|
208
|
+
const snippet = trimmed.length > 100 ? `${trimmed.slice(0, 97)}…` : trimmed;
|
|
209
|
+
findings.push({
|
|
210
|
+
severity: 'high',
|
|
211
|
+
category: 'code',
|
|
212
|
+
cwe: 'CWE-295',
|
|
213
|
+
rule: 'tls-validation-disabled',
|
|
214
|
+
title: `TLS / certificate validation bypass: ${snippet}`,
|
|
215
|
+
file: relPath,
|
|
216
|
+
line: i + 1,
|
|
217
|
+
tool: 'tls-bypass-registry',
|
|
218
|
+
});
|
|
219
|
+
}
|
|
220
|
+
}
|
|
221
|
+
return findings;
|
|
222
|
+
}
|
|
91
223
|
// ─── dispatcher-driven codePatterns gather ──────────────────────────────────
|
|
92
224
|
/**
|
|
93
225
|
* Code-pattern findings are a global capability: the CODE_PATTERNS
|
|
@@ -121,6 +253,12 @@ const EMPTY_DEP_VULNS = {
|
|
|
121
253
|
total: 0,
|
|
122
254
|
tool: null,
|
|
123
255
|
findings: [],
|
|
256
|
+
// No active pack → genuinely "nothing to scan" (not "scan failed"). The
|
|
257
|
+
// security scorer should not cap the dimension in this case; e.g. a
|
|
258
|
+
// pure-static-asset repo with no language packs active legitimately
|
|
259
|
+
// has no deps to audit. available=true preserves this.
|
|
260
|
+
available: true,
|
|
261
|
+
unavailableReason: '',
|
|
124
262
|
};
|
|
125
263
|
/**
|
|
126
264
|
* Aggregates dependency vulnerabilities across every active language pack
|
|
@@ -131,17 +269,85 @@ const EMPTY_DEP_VULNS = {
|
|
|
131
269
|
* provider, or when every provider returned null (no tool installed
|
|
132
270
|
* / nothing to audit).
|
|
133
271
|
*/
|
|
272
|
+
/**
|
|
273
|
+
* Shared primitive for availability-aware dep-vuln aggregation. Used by
|
|
274
|
+
* both `gatherDepVulns` (standalone scan + BoM, with enrichment) and
|
|
275
|
+
* `gatherCapabilityReport` in health.ts (no enrichment). Bypassing the
|
|
276
|
+
* dispatcher is the whole point — the dispatcher's `gather()` path
|
|
277
|
+
* collapses every non-success outcome to null, which makes the scorer
|
|
278
|
+
* blind to "tool unavailable" vs "no findings" (the F4 dpl-studio
|
|
279
|
+
* customer-credibility lie). Calling `gatherOutcome` directly preserves
|
|
280
|
+
* the discriminant, then we aggregate via the existing DEP_VULNS
|
|
281
|
+
* descriptor's aggregator.
|
|
282
|
+
*
|
|
283
|
+
* Returned envelope is null only when NO success outcomes occurred;
|
|
284
|
+
* `available` is false when at least one active pack returned
|
|
285
|
+
* `unavailable`. `no-manifest` outcomes do NOT degrade availability —
|
|
286
|
+
* polyglot repos where one pack activates but has nothing to scan are
|
|
287
|
+
* a clean "we checked, found nothing here" state.
|
|
288
|
+
*/
|
|
289
|
+
async function gatherDepVulnsWithAvailability(cwd) {
|
|
290
|
+
const activePacks = (0, languages_1.detectActiveLanguages)(cwd).filter((l) => l.capabilities?.depVulns);
|
|
291
|
+
if (activePacks.length === 0) {
|
|
292
|
+
return { envelope: null, available: true, unavailableReason: '' };
|
|
293
|
+
}
|
|
294
|
+
const outcomes = await Promise.allSettled(activePacks.map((l) => l.capabilities.depVulns.gatherOutcome(cwd)));
|
|
295
|
+
const successEnvelopes = [];
|
|
296
|
+
let firstUnavailable = null;
|
|
297
|
+
for (let i = 0; i < outcomes.length; i++) {
|
|
298
|
+
const r = outcomes[i];
|
|
299
|
+
if (r.status === 'rejected') {
|
|
300
|
+
if (!firstUnavailable) {
|
|
301
|
+
firstUnavailable = {
|
|
302
|
+
pack: activePacks[i].id,
|
|
303
|
+
reason: `provider threw: ${r.reason?.message ?? 'unknown error'}`,
|
|
304
|
+
};
|
|
305
|
+
}
|
|
306
|
+
continue;
|
|
307
|
+
}
|
|
308
|
+
const outcome = r.value;
|
|
309
|
+
if (outcome.kind === 'success') {
|
|
310
|
+
successEnvelopes.push(outcome.envelope);
|
|
311
|
+
}
|
|
312
|
+
else if (outcome.kind === 'unavailable' && !firstUnavailable) {
|
|
313
|
+
firstUnavailable = { pack: activePacks[i].id, reason: outcome.reason };
|
|
314
|
+
}
|
|
315
|
+
}
|
|
316
|
+
const envelope = successEnvelopes.length > 0 ? descriptors_1.DEP_VULNS.aggregate(successEnvelopes) : null;
|
|
317
|
+
// G_v4_8 (2.4.7 Phase C1.3): stamp fingerprints on the envelope's
|
|
318
|
+
// findings here, in the shared primitive, so BOTH the health path
|
|
319
|
+
// and the enrichment path (`gatherDepVulns`) produce fingerprint-
|
|
320
|
+
// stamped findings. The aggregator's dep-side dedup needs the
|
|
321
|
+
// fingerprint key; without it, unstamped findings each get a
|
|
322
|
+
// synthetic unique key (no dedup), and health's
|
|
323
|
+
// `depBySeverity` / `dependencyAdvisoryUniqueCount` would drift
|
|
324
|
+
// from vuln-scan's. Idempotent — re-stamping in `gatherDepVulns`
|
|
325
|
+
// produces the same hashes.
|
|
326
|
+
if (envelope?.findings) {
|
|
327
|
+
(0, fingerprint_1.stampFingerprints)(envelope.findings);
|
|
328
|
+
}
|
|
329
|
+
return {
|
|
330
|
+
envelope,
|
|
331
|
+
available: firstUnavailable === null,
|
|
332
|
+
unavailableReason: firstUnavailable
|
|
333
|
+
? `${firstUnavailable.pack}: ${firstUnavailable.reason}`
|
|
334
|
+
: '',
|
|
335
|
+
};
|
|
336
|
+
}
|
|
134
337
|
async function gatherDepVulns(cwd) {
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
338
|
+
// D025b (2.4.7): delegates to `gatherDepVulnsWithAvailability` for
|
|
339
|
+
// the availability-aware aggregation; this function adds the
|
|
340
|
+
// enrichment passes (EPSS, KEV, reachability, risk scoring) on top.
|
|
341
|
+
// Health audit calls the shared primitive directly without enrichment;
|
|
342
|
+
// standalone vuln scan + BoM call this function for the enriched path.
|
|
343
|
+
const { envelope, available, unavailableReason } = await gatherDepVulnsWithAvailability(cwd);
|
|
344
|
+
if (!envelope) {
|
|
345
|
+
return {
|
|
346
|
+
...EMPTY_DEP_VULNS,
|
|
347
|
+
available,
|
|
348
|
+
unavailableReason,
|
|
349
|
+
};
|
|
139
350
|
}
|
|
140
|
-
if (providers.length === 0)
|
|
141
|
-
return EMPTY_DEP_VULNS;
|
|
142
|
-
const envelope = await dispatcher_1.defaultDispatcher.gather(cwd, descriptors_1.DEP_VULNS, providers);
|
|
143
|
-
if (!envelope)
|
|
144
|
-
return EMPTY_DEP_VULNS;
|
|
145
351
|
// Cross-pack EPSS enrichment. Every pack's dep-vuln provider emits
|
|
146
352
|
// findings with an `id` + optional `aliases` list; we hoist CVE IDs
|
|
147
353
|
// across the whole batch, fetch once, then attach `epssScore` in
|
|
@@ -243,6 +449,72 @@ async function gatherDepVulns(cwd) {
|
|
|
243
449
|
total: critical + high + medium + low,
|
|
244
450
|
tool: envelope.tool,
|
|
245
451
|
findings,
|
|
452
|
+
// Even with successful envelopes from some packs, ONE pack returning
|
|
453
|
+
// unavailable means the overall scan was partial — cap honesty
|
|
454
|
+
// applies. The dpl-studio shape post-D025f (sub-branch #3) will have
|
|
455
|
+
// csharp surfacing real CVEs AND any other unavailable pack still
|
|
456
|
+
// capping; that's the architecturally-correct outcome.
|
|
457
|
+
available,
|
|
458
|
+
unavailableReason,
|
|
246
459
|
};
|
|
247
460
|
}
|
|
461
|
+
// ─── Shared aggregate builder for health (G_v4_8 / C1.3) ─────────────────────
|
|
462
|
+
/**
|
|
463
|
+
* Build the canonical `SecurityAggregate` from inputs available to the
|
|
464
|
+
* health analyzer. Re-uses the capability envelopes already gathered by
|
|
465
|
+
* `gatherCapabilityReport` (no double-shells — dispatcher cache hits
|
|
466
|
+
* are free), additionally invoking the two finders not represented in
|
|
467
|
+
* the capability layer (TLS-bypass-registry walk, file findings for
|
|
468
|
+
* private keys + `.env`-in-git).
|
|
469
|
+
*
|
|
470
|
+
* D086 closure foundation: health's `scoreSecurityDimension` reads
|
|
471
|
+
* from this aggregate via `c.securityAggregate?.codeBySeverity`,
|
|
472
|
+
* which is the SAME field the standalone vuln-scan reads after C1.2.
|
|
473
|
+
* Two consumers, one source — no drift possible.
|
|
474
|
+
*/
|
|
475
|
+
async function buildSecurityAggregateForHealth(cwd, secrets, codePatterns, depVulnsEnvelope, depVulnsAvailable, depVulnsUnavailableReason) {
|
|
476
|
+
// The two gathers not represented in CapabilityReport (vuln-scan-only).
|
|
477
|
+
// Both are cheap: `gatherTlsBypassFindings` is a JS line-scan via
|
|
478
|
+
// `walkSourceFiles`; `gatherFileFindings` is one `find` + one `git
|
|
479
|
+
// ls-files`. Total ~0.5s on a 500-file repo.
|
|
480
|
+
const tlsBypass = gatherTlsBypassFindings(cwd);
|
|
481
|
+
const fileFindings = gatherFileFindings(cwd);
|
|
482
|
+
const secretFindings = secrets
|
|
483
|
+
? secrets.findings.map((f) => ({
|
|
484
|
+
severity: f.severity,
|
|
485
|
+
category: 'secret',
|
|
486
|
+
cwe: 'CWE-798',
|
|
487
|
+
rule: f.rule,
|
|
488
|
+
title: f.title ?? `Secret detected: ${f.rule}`,
|
|
489
|
+
file: f.file,
|
|
490
|
+
line: f.line,
|
|
491
|
+
tool: secrets.tool,
|
|
492
|
+
}))
|
|
493
|
+
: [];
|
|
494
|
+
const codeFindings = codePatterns
|
|
495
|
+
? codePatterns.findings.map((f) => ({
|
|
496
|
+
severity: f.severity,
|
|
497
|
+
category: 'code',
|
|
498
|
+
cwe: f.cwe,
|
|
499
|
+
rule: f.rule,
|
|
500
|
+
title: f.title,
|
|
501
|
+
file: f.file,
|
|
502
|
+
line: f.line,
|
|
503
|
+
tool: codePatterns.tool,
|
|
504
|
+
}))
|
|
505
|
+
: [];
|
|
506
|
+
return (0, aggregator_1.buildSecurityAggregate)({
|
|
507
|
+
secrets: { findings: secretFindings, toolUsed: secrets?.tool ?? null },
|
|
508
|
+
fileFindings,
|
|
509
|
+
codePatterns: { findings: codeFindings, toolUsed: codePatterns?.tool ?? null },
|
|
510
|
+
tlsBypass,
|
|
511
|
+
tlsBypassPatternCount: (0, languages_1.allTlsBypassPatterns)().length,
|
|
512
|
+
depVulns: {
|
|
513
|
+
findings: depVulnsEnvelope?.findings ?? [],
|
|
514
|
+
tool: depVulnsEnvelope?.tool ?? null,
|
|
515
|
+
available: depVulnsAvailable,
|
|
516
|
+
unavailableReason: depVulnsUnavailableReason,
|
|
517
|
+
},
|
|
518
|
+
});
|
|
519
|
+
}
|
|
248
520
|
//# sourceMappingURL=gather.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gather.js","sourceRoot":"","sources":["../../../src/analyzers/security/gather.ts"],"names":[],"mappings":";;AAwCA,sCAkBC;AAID,gDAuCC;AAWD,gDAsBC;AAuBD,wCAgHC;AA7QD;;;;;;;;GAQG;AACH,4CAAsC;AACtC,wCAAyD;AACzD,sDAAyD;AACzD,sCAAyC;AACzC,sCAA8C;AAC9C,wDAAgF;AAChF,oDAAoD;AACpD,0EAA+E;AAC/E,oDAA0D;AAE1D,8CAAkD;AAClD,+CAAwD;AACxD,0EAKkD;AAClD,+DAA4D;AAI5D,gFAAgF;AAEhF;;;;;;GAMG;AACI,KAAK,UAAU,aAAa,CAAC,GAAW;IAI7C,MAAM,MAAM,GAAG,MAAM,8BAAiB,CAAC,MAAM,CAAC,GAAG,EAAE,qBAAO,EAAE,IAAA,2BAAY,EAAC,qBAAO,EAAE,GAAG,CAAC,CAAC,CAAC;IACxF,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAErD,MAAM,QAAQ,GAAsB,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9D,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,QAAQ,EAAE,QAAiB;QAC3B,GAAG,EAAE,SAAS;QACd,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,oBAAoB,CAAC,CAAC,IAAI,EAAE;QAC9C,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,MAAM,CAAC,IAAI;KAClB,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;AAC7C,CAAC;AAED,+EAA+E;AAE/E,SAAgB,kBAAkB,CAAC,GAAW;IAC5C,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,IAAA,gCAAmB,EAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,mDAAmD;IAEpG,mCAAmC;IACnC,MAAM,QAAQ,GAAG,IAAA,YAAG,EAAC,iDAAiD,OAAO,cAAc,EAAE,GAAG,CAAC,CAAC;IAClG,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,SAAS;gBACd,IAAI,EAAE,kBAAkB;gBACxB,KAAK,EAAE,oCAAoC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE;gBAChE,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;gBACzB,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,MAAM;aACb,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,MAAM,QAAQ,GAAG,IAAA,YAAG,EAAC,sCAAsC,EAAE,GAAG,CAAC,CAAC;IAClE,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,SAAS;gBACd,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,6BAA6B,CAAC,EAAE;gBACvC,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,KAAK;aACZ,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,+EAA+E;AAE/E;;;;;;GAMG;AACI,KAAK,UAAU,kBAAkB,CAAC,GAAW;IAIlD,MAAM,MAAM,GAAG,MAAM,8BAAiB,CAAC,MAAM,CAC3C,GAAG,EACH,2BAAa,EACb,IAAA,2BAAY,EAAC,2BAAa,EAAE,GAAG,CAAC,CACjC,CAAC;IACF,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAErD,MAAM,QAAQ,GAAsB,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9D,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,QAAQ,EAAE,MAAe;QACzB,GAAG,EAAE,CAAC,CAAC,GAAG;QACV,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,MAAM,CAAC,IAAI;KAClB,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;AAC7C,CAAC;AAED,+EAA+E;AAE/E,MAAM,eAAe,GAAmB;IACtC,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;IACN,KAAK,EAAE,CAAC;IACR,IAAI,EAAE,IAAI;IACV,QAAQ,EAAE,EAAE;CACb,CAAC;AAEF;;;;;;;;GAQG;AACI,KAAK,UAAU,cAAc,CAAC,GAAW;IAC9C,MAAM,SAAS,GAAwC,EAAE,CAAC;IAC1D,KAAK,MAAM,IAAI,IAAI,IAAA,iCAAqB,EAAC,GAAG,CAAC,EAAE,CAAC;QAC9C,IAAI,IAAI,CAAC,YAAY,EAAE,QAAQ;YAAE,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC9E,CAAC;IACD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,eAAe,CAAC;IAEnD,MAAM,QAAQ,GAAG,MAAM,8BAAiB,CAAC,MAAM,CAAC,GAAG,EAAE,uBAAS,EAAE,SAAS,CAAC,CAAC;IAC3E,IAAI,CAAC,QAAQ;QAAE,OAAO,eAAe,CAAC;IAEtC,mEAAmE;IACnE,oEAAoE;IACpE,iEAAiE;IACjE,iEAAiE;IACjE,mEAAmE;IACnE,kEAAkE;IAClE,gDAAgD;IAChD,EAAE;IACF,gEAAgE;IAChE,+DAA+D;IAC/D,kEAAkE;IAClE,+DAA+D;IAC/D,mDAAmD;IACnD,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,IAAI,EAAE,CAAC;IACzC,sEAAsE;IACtE,oEAAoE;IACpE,oEAAoE;IACpE,sDAAsD;IACtD,IAAA,+BAAiB,EAAC,QAAQ,CAAC,CAAC;IAC5B,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkB,CAAC;QAC/C,MAAM,gBAAgB,GAA4C,EAAE,CAAC;QACrE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,MAAM,MAAM,GAAG,IAAA,mBAAY,EAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACzC,IAAI,MAAM,EAAE,CAAC;gBACX,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YAC9B,CAAC;iBAAM,CAAC;gBACN,gBAAgB,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QACD,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,QAAQ,GAAG,MAAM,IAAA,oBAAc,EAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;YAC9E,KAAK,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,gBAAgB,EAAE,CAAC;gBAChD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBAC5C,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;gBACtD,IAAI,GAAG;oBAAE,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;QACD,IAAI,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACvD,+DAA+D;YAC/D,8DAA8D;YAC9D,gEAAgE;YAChE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,IAAA,iBAAU,EAAC,UAAU,CAAC,EAAE,IAAA,eAAS,EAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAC7F,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,YAAY,EAAE,CAAC;gBACtC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAC9B,IAAI,KAAK,KAAK,SAAS;oBAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,SAAS,GAAG,KAAK,CAAC;gBACzD,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC;YACjD,CAAC;QACH,CAAC;QAED,+DAA+D;QAC/D,+DAA+D;QAC/D,kEAAkE;QAClE,+DAA+D;QAC/D,2DAA2D;QAC3D,gEAAgE;QAChE,uBAAuB;QACvB,EAAE;QACF,mEAAmE;QACnE,oEAAoE;QACpE,mEAAmE;QACnE,mEAAmE;QACnE,+DAA+D;QAC/D,mEAAmE;QACnE,kEAAkE;QAClE,wBAAwB;QACxB,MAAM,gBAAgB,GAAG,IAAA,2BAAY,EAAC,qBAAO,CAAC,CAAC;QAC/C,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,eAAe,GAAG,MAAM,8BAAiB,CAAC,MAAM,CAAC,GAAG,EAAE,qBAAO,EAAE,gBAAgB,CAAC,CAAC;YACvF,IAAI,eAAe,IAAI,eAAe,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;gBAC1D,MAAM,SAAS,GAAG,IAAA,uCAAwB,EAAC,eAAe,CAAC,CAAC;gBAC5D,IAAA,4BAAa,EAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,+DAA+D;QAC/D,+DAA+D;QAC/D,4DAA4D;QAC5D,+DAA+D;QAC/D,+DAA+D;QAC/D,+DAA+D;QAC/D,6DAA6D;QAC7D,IAAA,qDAA6B,EAAC,QAAQ,CAAC,CAAC;QAExC,iEAAiE;QACjE,yDAAyD;QACzD,+DAA+D;QAC/D,wCAAwC;QACxC,IAAA,0BAAa,EAAC,QAAQ,CAAC,CAAC;IAC1B,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC;IACxD,OAAO;QACL,QAAQ;QACR,IAAI;QACJ,MAAM;QACN,GAAG;QACH,KAAK,EAAE,QAAQ,GAAG,IAAI,GAAG,MAAM,GAAG,GAAG;QACrC,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,QAAQ;KACT,CAAC;AACJ,CAAC"}
|
|
1
|
+
{"version":3,"file":"gather.js","sourceRoot":"","sources":["../../../src/analyzers/security/gather.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2CA,sCAkBC;AAID,gDAuCC;AAgDD,0DA0CC;AAWD,gDAsBC;AA8CD,wEAsDC;AAED,wCA6HC;AAiBD,0EA6EC;AApiBD;;;;;;;;GAQG;AACH,uCAAyB;AACzB,4CAAsC;AACtC,wCAAyD;AACzD,sDAAyD;AACzD,sCAAyC;AACzC,sCAA8C;AAC9C,wDAAgF;AAChF,oDAAoD;AACpD,0EAA+E;AAC/E,oDAA0D;AAC1D,kEAA8F;AAC9F,2CAA6B;AAE7B,6CAA8E;AAC9E,8CAAkD;AAClD,+CAA8E;AAC9E,0EAKkD;AAClD,+DAA4D;AAG5D,gFAAgF;AAEhF;;;;;;GAMG;AACI,KAAK,UAAU,aAAa,CAAC,GAAW;IAI7C,MAAM,MAAM,GAAG,MAAM,8BAAiB,CAAC,MAAM,CAAC,GAAG,EAAE,qBAAO,EAAE,IAAA,2BAAY,EAAC,qBAAO,EAAE,GAAG,CAAC,CAAC,CAAC;IACxF,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAErD,MAAM,QAAQ,GAAsB,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9D,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,QAAQ,EAAE,QAAiB;QAC3B,GAAG,EAAE,SAAS;QACd,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,oBAAoB,CAAC,CAAC,IAAI,EAAE;QAC9C,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,MAAM,CAAC,IAAI;KAClB,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;AAC7C,CAAC;AAED,+EAA+E;AAE/E,SAAgB,kBAAkB,CAAC,GAAW;IAC5C,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,IAAA,gCAAmB,EAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,mDAAmD;IAEpG,mCAAmC;IACnC,MAAM,QAAQ,GAAG,IAAA,YAAG,EAAC,iDAAiD,OAAO,cAAc,EAAE,GAAG,CAAC,CAAC;IAClG,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,SAAS;gBACd,IAAI,EAAE,kBAAkB;gBACxB,KAAK,EAAE,oCAAoC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE;gBAChE,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;gBACzB,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,MAAM;aACb,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,MAAM,QAAQ,GAAG,IAAA,YAAG,EAAC,sCAAsC,EAAE,GAAG,CAAC,CAAC;IAClE,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,SAAS;gBACd,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,6BAA6B,CAAC,EAAE;gBACvC,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,CAAC;gBACP,IAAI,EAAE,KAAK;aACZ,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH;;;;;;;;;;GAUG;AACH,SAAgB,uBAAuB,CAAC,GAAW;IACjD,MAAM,QAAQ,GAAG,IAAA,gCAAoB,GAAE,CAAC;IACxC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,MAAM,KAAK,GAAG,IAAA,mCAAe,EAAC,GAAG,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3D,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,KAAK,MAAM,OAAO,IAAI,KAAK,EAAE,CAAC;QAC5B,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;QAC9D,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,IAAA,oCAAgB,EAAC,OAAO,CAAC,CAAC;QACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,MAAM,KAAK,MAAM,IAAI,IAAA,iCAAa,EAAC,IAAI,EAAE,MAAM,CAAC;gBAAE,SAAS;YAC/D,IAAI,OAAO,GAAG,KAAK,CAAC;YACpB,KAAK,MAAM,EAAE,IAAI,QAAQ,EAAE,CAAC;gBAC1B,EAAE,CAAC,SAAS,GAAG,CAAC,CAAC;gBACjB,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAClB,OAAO,GAAG,IAAI,CAAC;oBACf,MAAM;gBACR,CAAC;YACH,CAAC;YACD,IAAI,CAAC,OAAO;gBAAE,SAAS;YACvB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC;YAC5E,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,SAAS;gBACd,IAAI,EAAE,yBAAyB;gBAC/B,KAAK,EAAE,wCAAwC,OAAO,EAAE;gBACxD,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,IAAI,EAAE,qBAAqB;aAC5B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,+EAA+E;AAE/E;;;;;;GAMG;AACI,KAAK,UAAU,kBAAkB,CAAC,GAAW;IAIlD,MAAM,MAAM,GAAG,MAAM,8BAAiB,CAAC,MAAM,CAC3C,GAAG,EACH,2BAAa,EACb,IAAA,2BAAY,EAAC,2BAAa,EAAE,GAAG,CAAC,CACjC,CAAC;IACF,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAErD,MAAM,QAAQ,GAAsB,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9D,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,QAAQ,EAAE,MAAe;QACzB,GAAG,EAAE,CAAC,CAAC,GAAG;QACV,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,MAAM,CAAC,IAAI;KAClB,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;AAC7C,CAAC;AAED,+EAA+E;AAE/E,MAAM,eAAe,GAAmB;IACtC,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;IACN,KAAK,EAAE,CAAC;IACR,IAAI,EAAE,IAAI;IACV,QAAQ,EAAE,EAAE;IACZ,wEAAwE;IACxE,oEAAoE;IACpE,oEAAoE;IACpE,uDAAuD;IACvD,SAAS,EAAE,IAAI;IACf,iBAAiB,EAAE,EAAE;CACtB,CAAC;AAEF;;;;;;;;GAQG;AACH;;;;;;;;;;;;;;;;GAgBG;AACI,KAAK,UAAU,8BAA8B,CAAC,GAAW;IAK9D,MAAM,WAAW,GAAG,IAAA,iCAAqB,EAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IACvF,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,EAAE,EAAE,EAAE,CAAC;IACpE,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,UAAU,CACvC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAa,CAAC,QAAS,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CACrE,CAAC;IACF,MAAM,gBAAgB,GAAoB,EAAE,CAAC;IAC7C,IAAI,gBAAgB,GAA4C,IAAI,CAAC;IACrE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,CAAC,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC5B,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,gBAAgB,GAAG;oBACjB,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE;oBACvB,MAAM,EAAE,mBAAoB,CAAC,CAAC,MAAgB,EAAE,OAAO,IAAI,eAAe,EAAE;iBAC7E,CAAC;YACJ,CAAC;YACD,SAAS;QACX,CAAC;QACD,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC;QACxB,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC/B,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC1C,CAAC;aAAM,IAAI,OAAO,CAAC,IAAI,KAAK,aAAa,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC/D,gBAAgB,GAAG,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC;QACzE,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,uBAAS,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC5F,kEAAkE;IAClE,kEAAkE;IAClE,kEAAkE;IAClE,8DAA8D;IAC9D,6DAA6D;IAC7D,gDAAgD;IAChD,gEAAgE;IAChE,iEAAiE;IACjE,4BAA4B;IAC5B,IAAI,QAAQ,EAAE,QAAQ,EAAE,CAAC;QACvB,IAAA,+BAAiB,EAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IACD,OAAO;QACL,QAAQ;QACR,SAAS,EAAE,gBAAgB,KAAK,IAAI;QACpC,iBAAiB,EAAE,gBAAgB;YACjC,CAAC,CAAC,GAAG,gBAAgB,CAAC,IAAI,KAAK,gBAAgB,CAAC,MAAM,EAAE;YACxD,CAAC,CAAC,EAAE;KACP,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,cAAc,CAAC,GAAW;IAC9C,mEAAmE;IACnE,6DAA6D;IAC7D,oEAAoE;IACpE,uEAAuE;IACvE,uEAAuE;IACvE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,iBAAiB,EAAE,GAAG,MAAM,8BAA8B,CAAC,GAAG,CAAC,CAAC;IAE7F,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO;YACL,GAAG,eAAe;YAClB,SAAS;YACT,iBAAiB;SAClB,CAAC;IACJ,CAAC;IAED,mEAAmE;IACnE,oEAAoE;IACpE,iEAAiE;IACjE,iEAAiE;IACjE,mEAAmE;IACnE,kEAAkE;IAClE,gDAAgD;IAChD,EAAE;IACF,gEAAgE;IAChE,+DAA+D;IAC/D,kEAAkE;IAClE,+DAA+D;IAC/D,mDAAmD;IACnD,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,IAAI,EAAE,CAAC;IACzC,sEAAsE;IACtE,oEAAoE;IACpE,oEAAoE;IACpE,sDAAsD;IACtD,IAAA,+BAAiB,EAAC,QAAQ,CAAC,CAAC;IAC5B,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkB,CAAC;QAC/C,MAAM,gBAAgB,GAA4C,EAAE,CAAC;QACrE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,MAAM,MAAM,GAAG,IAAA,mBAAY,EAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACzC,IAAI,MAAM,EAAE,CAAC;gBACX,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YAC9B,CAAC;iBAAM,CAAC;gBACN,gBAAgB,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QACD,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,QAAQ,GAAG,MAAM,IAAA,oBAAc,EAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;YAC9E,KAAK,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,gBAAgB,EAAE,CAAC;gBAChD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBAC5C,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;gBACtD,IAAI,GAAG;oBAAE,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;QACD,IAAI,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACvD,+DAA+D;YAC/D,8DAA8D;YAC9D,gEAAgE;YAChE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,IAAA,iBAAU,EAAC,UAAU,CAAC,EAAE,IAAA,eAAS,EAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAC7F,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,YAAY,EAAE,CAAC;gBACtC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAC9B,IAAI,KAAK,KAAK,SAAS;oBAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,SAAS,GAAG,KAAK,CAAC;gBACzD,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC;YACjD,CAAC;QACH,CAAC;QAED,+DAA+D;QAC/D,+DAA+D;QAC/D,kEAAkE;QAClE,+DAA+D;QAC/D,2DAA2D;QAC3D,gEAAgE;QAChE,uBAAuB;QACvB,EAAE;QACF,mEAAmE;QACnE,oEAAoE;QACpE,mEAAmE;QACnE,mEAAmE;QACnE,+DAA+D;QAC/D,mEAAmE;QACnE,kEAAkE;QAClE,wBAAwB;QACxB,MAAM,gBAAgB,GAAG,IAAA,2BAAY,EAAC,qBAAO,CAAC,CAAC;QAC/C,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,eAAe,GAAG,MAAM,8BAAiB,CAAC,MAAM,CAAC,GAAG,EAAE,qBAAO,EAAE,gBAAgB,CAAC,CAAC;YACvF,IAAI,eAAe,IAAI,eAAe,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;gBAC1D,MAAM,SAAS,GAAG,IAAA,uCAAwB,EAAC,eAAe,CAAC,CAAC;gBAC5D,IAAA,4BAAa,EAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,+DAA+D;QAC/D,+DAA+D;QAC/D,4DAA4D;QAC5D,+DAA+D;QAC/D,+DAA+D;QAC/D,+DAA+D;QAC/D,6DAA6D;QAC7D,IAAA,qDAA6B,EAAC,QAAQ,CAAC,CAAC;QAExC,iEAAiE;QACjE,yDAAyD;QACzD,+DAA+D;QAC/D,wCAAwC;QACxC,IAAA,0BAAa,EAAC,QAAQ,CAAC,CAAC;IAC1B,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC;IACxD,OAAO;QACL,QAAQ;QACR,IAAI;QACJ,MAAM;QACN,GAAG;QACH,KAAK,EAAE,QAAQ,GAAG,IAAI,GAAG,MAAM,GAAG,GAAG;QACrC,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,QAAQ;QACR,qEAAqE;QACrE,+DAA+D;QAC/D,qEAAqE;QACrE,kEAAkE;QAClE,uDAAuD;QACvD,SAAS;QACT,iBAAiB;KAClB,CAAC;AACJ,CAAC;AAED,gFAAgF;AAEhF;;;;;;;;;;;;GAYG;AACI,KAAK,UAAU,+BAA+B,CACnD,GAAW,EACX,OAWa,EACb,YAYa,EACb,gBAA2C,EAC3C,iBAA0B,EAC1B,yBAAiC;IAEjC,wEAAwE;IACxE,kEAAkE;IAClE,mEAAmE;IACnE,6CAA6C;IAC7C,MAAM,SAAS,GAAG,uBAAuB,CAAC,GAAG,CAAC,CAAC;IAC/C,MAAM,YAAY,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;IAE7C,MAAM,cAAc,GAAsB,OAAO;QAC/C,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3B,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,QAAiB;YAC3B,GAAG,EAAE,SAAS;YACd,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,oBAAoB,CAAC,CAAC,IAAI,EAAE;YAC9C,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,OAAO,CAAC,IAAI;SACnB,CAAC,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,YAAY,GAAsB,YAAY;QAClD,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAChC,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,MAAe;YACzB,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,KAAK,EAAE,CAAC,CAAC,KAAK;YACd,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,YAAY,CAAC,IAAI;SACxB,CAAC,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;IAEP,OAAO,IAAA,mCAAsB,EAAC;QAC5B,OAAO,EAAE,EAAE,QAAQ,EAAE,cAAc,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,IAAI,IAAI,EAAE;QACtE,YAAY;QACZ,YAAY,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,IAAI,IAAI,EAAE;QAC9E,SAAS;QACT,qBAAqB,EAAE,IAAA,gCAAoB,GAAE,CAAC,MAAM;QACpD,QAAQ,EAAE;YACR,QAAQ,EAAE,gBAAgB,EAAE,QAAQ,IAAI,EAAE;YAC1C,IAAI,EAAE,gBAAgB,EAAE,IAAI,IAAI,IAAI;YACpC,SAAS,EAAE,iBAAiB;YAC5B,iBAAiB,EAAE,yBAAyB;SAC7C;KACF,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -3,6 +3,21 @@ export type { SecurityReport, SecurityFinding } from './types';
|
|
|
3
3
|
export interface AnalyzeSecurityOptions {
|
|
4
4
|
verbose?: boolean;
|
|
5
5
|
}
|
|
6
|
+
/**
|
|
7
|
+
* G_v4_10 / D111 (2.4.7 Phase C3): canonical UI title for a dep-vuln
|
|
8
|
+
* action. Branches on `fixedVersion` because "upgrade" and "mitigate"
|
|
9
|
+
* are linguistically different actions — squashing them into one
|
|
10
|
+
* template with a `?? '(no patch)'` literal produced the grammatically
|
|
11
|
+
* broken "Upgrade `SharpCompress` to (no patch)" on dpl-studio when
|
|
12
|
+
* D108 sparse-tier fallback floated mitigation-only items into Top 5.
|
|
13
|
+
*
|
|
14
|
+
* This is the ONLY authorized site for phrasing "(no patch)" / "no
|
|
15
|
+
* patch available" in code; `scripts/check-architecture.sh` enforces
|
|
16
|
+
* G_v4_10 by banning the literal `'(no patch)'` outside this helper.
|
|
17
|
+
* Consumers (Top 5, future risk-prioritized lists, etc.) call this
|
|
18
|
+
* instead of templating inline.
|
|
19
|
+
*/
|
|
20
|
+
export declare function formatDepActionTitle(pkg: string, fixedVersion: string | undefined): string;
|
|
6
21
|
export declare function analyzeSecurity(repoPath: string, options?: AnalyzeSecurityOptions): Promise<SecurityReport>;
|
|
7
22
|
export declare function formatSecurityReport(report: SecurityReport, elapsed: string): string;
|
|
8
23
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analyzers/security/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analyzers/security/index.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAOzC,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAE/D,MAAM,WAAW,sBAAsB;IACrC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AA8CD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,CAI1F;AAED,wBAAsB,eAAe,CACnC,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,sBAA2B,GACnC,OAAO,CAAC,cAAc,CAAC,CAmHzB;AAED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAsepF"}
|