@vyuhlabs/dxkit 2.7.0 → 2.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +122 -0
- package/dist/analyzers/developer/gather.d.ts.map +1 -1
- package/dist/analyzers/developer/gather.js +9 -9
- package/dist/analyzers/developer/gather.js.map +1 -1
- package/dist/analyzers/quality/gather.js +3 -3
- package/dist/analyzers/quality/gather.js.map +1 -1
- package/dist/analyzers/security/gather.d.ts.map +1 -1
- package/dist/analyzers/security/gather.js +12 -3
- package/dist/analyzers/security/gather.js.map +1 -1
- package/dist/analyzers/tools/cloc.js +2 -2
- package/dist/analyzers/tools/cloc.js.map +1 -1
- package/dist/analyzers/tools/generic.d.ts.map +1 -1
- package/dist/analyzers/tools/generic.js +52 -14
- package/dist/analyzers/tools/generic.js.map +1 -1
- package/dist/analyzers/tools/gitleaks.d.ts.map +1 -1
- package/dist/analyzers/tools/gitleaks.js +28 -3
- package/dist/analyzers/tools/gitleaks.js.map +1 -1
- package/dist/analyzers/tools/grep-secrets.d.ts +6 -1
- package/dist/analyzers/tools/grep-secrets.d.ts.map +1 -1
- package/dist/analyzers/tools/grep-secrets.js +80 -60
- package/dist/analyzers/tools/grep-secrets.js.map +1 -1
- package/dist/analyzers/tools/jscpd.d.ts.map +1 -1
- package/dist/analyzers/tools/jscpd.js +2 -1
- package/dist/analyzers/tools/jscpd.js.map +1 -1
- package/dist/analyzers/tools/osv-scanner-deps.d.ts.map +1 -1
- package/dist/analyzers/tools/osv-scanner-deps.js +1 -1
- package/dist/analyzers/tools/osv-scanner-deps.js.map +1 -1
- package/dist/analyzers/tools/runner.d.ts +35 -2
- package/dist/analyzers/tools/runner.d.ts.map +1 -1
- package/dist/analyzers/tools/runner.js +112 -3
- package/dist/analyzers/tools/runner.js.map +1 -1
- package/dist/analyzers/tools/semgrep.d.ts.map +1 -1
- package/dist/analyzers/tools/semgrep.js +3 -1
- package/dist/analyzers/tools/semgrep.js.map +1 -1
- package/dist/analyzers/tools/tool-registry.d.ts +18 -0
- package/dist/analyzers/tools/tool-registry.d.ts.map +1 -1
- package/dist/analyzers/tools/tool-registry.js +140 -53
- package/dist/analyzers/tools/tool-registry.js.map +1 -1
- package/dist/analyzers/tools/tools-config.d.ts +46 -0
- package/dist/analyzers/tools/tools-config.d.ts.map +1 -0
- package/dist/analyzers/tools/tools-config.js +129 -0
- package/dist/analyzers/tools/tools-config.js.map +1 -0
- package/dist/analyzers/tools/walk-source-files.d.ts +8 -0
- package/dist/analyzers/tools/walk-source-files.d.ts.map +1 -1
- package/dist/analyzers/tools/walk-source-files.js +49 -4
- package/dist/analyzers/tools/walk-source-files.js.map +1 -1
- package/dist/baseline/baseline-file.d.ts +8 -0
- package/dist/baseline/baseline-file.d.ts.map +1 -1
- package/dist/baseline/baseline-file.js.map +1 -1
- package/dist/baseline/check-renderers.d.ts.map +1 -1
- package/dist/baseline/check-renderers.js +10 -0
- package/dist/baseline/check-renderers.js.map +1 -1
- package/dist/baseline/check.d.ts +7 -0
- package/dist/baseline/check.d.ts.map +1 -1
- package/dist/baseline/check.js +2 -0
- package/dist/baseline/check.js.map +1 -1
- package/dist/baseline/coverage.d.ts +57 -0
- package/dist/baseline/coverage.d.ts.map +1 -0
- package/dist/baseline/coverage.js +62 -0
- package/dist/baseline/coverage.js.map +1 -0
- package/dist/baseline/create.d.ts +13 -0
- package/dist/baseline/create.d.ts.map +1 -1
- package/dist/baseline/create.js +39 -6
- package/dist/baseline/create.js.map +1 -1
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +43 -1
- package/dist/cli.js.map +1 -1
- package/dist/doctor.d.ts.map +1 -1
- package/dist/doctor.js +8 -7
- package/dist/doctor.js.map +1 -1
- package/dist/explore/cli/context.d.ts +1 -1
- package/dist/explore/cli/context.d.ts.map +1 -1
- package/dist/explore/cli/context.js +173 -4
- package/dist/explore/cli/context.js.map +1 -1
- package/dist/explore/queries.d.ts +71 -0
- package/dist/explore/queries.d.ts.map +1 -1
- package/dist/explore/queries.js +76 -0
- package/dist/explore/queries.js.map +1 -1
- package/dist/explore/source-slice.d.ts +51 -0
- package/dist/explore/source-slice.d.ts.map +1 -0
- package/dist/explore/source-slice.js +88 -0
- package/dist/explore/source-slice.js.map +1 -0
- package/dist/explore-cli.js +6 -4
- package/dist/explore-cli.js.map +1 -1
- package/dist/generator.d.ts.map +1 -1
- package/dist/generator.js +12 -0
- package/dist/generator.js.map +1 -1
- package/dist/languages/csharp.d.ts +9 -0
- package/dist/languages/csharp.d.ts.map +1 -1
- package/dist/languages/csharp.js +112 -22
- package/dist/languages/csharp.js.map +1 -1
- package/dist/languages/go.js +13 -14
- package/dist/languages/go.js.map +1 -1
- package/dist/languages/java.js +9 -10
- package/dist/languages/java.js.map +1 -1
- package/dist/languages/kotlin.d.ts.map +1 -1
- package/dist/languages/kotlin.js +9 -10
- package/dist/languages/kotlin.js.map +1 -1
- package/dist/languages/python.d.ts.map +1 -1
- package/dist/languages/python.js +27 -20
- package/dist/languages/python.js.map +1 -1
- package/dist/languages/ruby.d.ts.map +1 -1
- package/dist/languages/ruby.js +26 -16
- package/dist/languages/ruby.js.map +1 -1
- package/dist/languages/rust.js +12 -13
- package/dist/languages/rust.js.map +1 -1
- package/dist/languages/typescript.js +17 -18
- package/dist/languages/typescript.js.map +1 -1
- package/dist/tools-cli.d.ts.map +1 -1
- package/dist/tools-cli.js +10 -4
- package/dist/tools-cli.js.map +1 -1
- package/dist/upgrade.js +2 -2
- package/dist/upgrade.js.map +1 -1
- package/package.json +1 -1
- package/templates/.claude/skills/dxkit-config/SKILL.md +26 -0
- package/templates/.claude/skills/dxkit-docs/SKILL.md +148 -0
- package/templates/.claude/skills/dxkit-feature/SKILL.md +189 -0
- package/templates/.claude/skills/dxkit-fix/SKILL.md +10 -0
|
@@ -46,6 +46,8 @@ exports.gatherGitleaksResult = gatherGitleaksResult;
|
|
|
46
46
|
* invocation per analyzer run.
|
|
47
47
|
*/
|
|
48
48
|
const fs = __importStar(require("fs"));
|
|
49
|
+
const os = __importStar(require("os"));
|
|
50
|
+
const path = __importStar(require("path"));
|
|
49
51
|
const runner_1 = require("./runner");
|
|
50
52
|
const tool_registry_1 = require("./tool-registry");
|
|
51
53
|
const exclusions_1 = require("./exclusions");
|
|
@@ -83,8 +85,25 @@ function computeGitleaksOutcome(cwd) {
|
|
|
83
85
|
if (!gitleaksCmd)
|
|
84
86
|
return { kind: 'unavailable', reason: 'not installed' };
|
|
85
87
|
// Run gitleaks with JSON report (--no-git scans files, not git history).
|
|
86
|
-
|
|
87
|
-
|
|
88
|
+
// Invoked via `runFileSync` (no shell) with an args array so the
|
|
89
|
+
// source path and report path need no quoting — single-quoted shell
|
|
90
|
+
// strings + `2>/dev/null` are POSIX-only and silently produced no
|
|
91
|
+
// report under Windows' cmd.exe. The temp report lives under
|
|
92
|
+
// `os.tmpdir()` rather than a hardcoded `/tmp`, which doesn't exist
|
|
93
|
+
// on Windows.
|
|
94
|
+
const reportPath = path.join(os.tmpdir(), `dxkit-gitleaks-${Date.now()}.json`);
|
|
95
|
+
(0, runner_1.runFileSync)(gitleaksCmd, [
|
|
96
|
+
'detect',
|
|
97
|
+
'--source',
|
|
98
|
+
cwd,
|
|
99
|
+
'--report-format',
|
|
100
|
+
'json',
|
|
101
|
+
'--report-path',
|
|
102
|
+
reportPath,
|
|
103
|
+
'--no-git',
|
|
104
|
+
'--exit-code',
|
|
105
|
+
'0',
|
|
106
|
+
], cwd, 120000);
|
|
88
107
|
// Read the report file directly. Pre-fix this used `run('cat
|
|
89
108
|
// <path>')` which routed through execSync — large reports on
|
|
90
109
|
// enterprise codebases would exceed the 1MB default maxBuffer and
|
|
@@ -99,7 +118,13 @@ function computeGitleaksOutcome(cwd) {
|
|
|
99
118
|
catch {
|
|
100
119
|
reportRaw = '';
|
|
101
120
|
}
|
|
102
|
-
|
|
121
|
+
// Best-effort cleanup; failure is non-fatal (the OS reaps tmpdir).
|
|
122
|
+
try {
|
|
123
|
+
fs.unlinkSync(reportPath);
|
|
124
|
+
}
|
|
125
|
+
catch {
|
|
126
|
+
/* file already gone or never written — fine */
|
|
127
|
+
}
|
|
103
128
|
if (!reportRaw)
|
|
104
129
|
return { kind: 'unavailable', reason: 'no output' };
|
|
105
130
|
let parsed;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gitleaks.js","sourceRoot":"","sources":["../../../src/analyzers/tools/gitleaks.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"gitleaks.js","sourceRoot":"","sources":["../../../src/analyzers/tools/gitleaks.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwFA,oDAMC;AA9FD;;;;;;;;;GASG;AACH,uCAAyB;AACzB,uCAAyB;AACzB,2CAA6B;AAC7B,qCAAuC;AACvC,mDAAsD;AACtD,6CAA8C;AAC9C,mCAA4C;AAC5C,iDAAqE;AAmDrE;;;;;;;;;;;GAWG;AACH,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAAgC,CAAC;AAErE;;;;;GAKG;AACH,SAAgB,oBAAoB,CAAC,GAAW;IAC9C,MAAM,MAAM,GAAG,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAC1B,MAAM,OAAO,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;IAC5C,oBAAoB,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACvC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,sBAAsB,CAAC,GAAW;IACzC,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,CAAC,WAAW;QAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAE1E,yEAAyE;IACzE,iEAAiE;IACjE,oEAAoE;IACpE,kEAAkE;IAClE,6DAA6D;IAC7D,oEAAoE;IACpE,cAAc;IACd,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,kBAAkB,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC/E,IAAA,oBAAW,EACT,WAAW,EACX;QACE,QAAQ;QACR,UAAU;QACV,GAAG;QACH,iBAAiB;QACjB,MAAM;QACN,eAAe;QACf,UAAU;QACV,UAAU;QACV,aAAa;QACb,GAAG;KACJ,EACD,GAAG,EACH,MAAM,CACP,CAAC;IACF,6DAA6D;IAC7D,6DAA6D;IAC7D,kEAAkE;IAClE,kEAAkE;IAClE,0DAA0D;IAC1D,6DAA6D;IAC7D,YAAY;IACZ,IAAI,SAAiB,CAAC;IACtB,IAAI,CAAC;QACH,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,SAAS,GAAG,EAAE,CAAC;IACjB,CAAC;IACD,mEAAmE;IACnE,IAAI,CAAC;QACH,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,+CAA+C;IACjD,CAAC;IAED,IAAI,CAAC,SAAS;QAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAEpE,IAAI,MAAyB,CAAC;IAC9B,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAsB,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;IACxD,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,wEAAwE;QACxE,MAAM,QAAQ,GAAkB;YAC9B,aAAa,EAAE,CAAC;YAChB,IAAI,EAAE,UAAU;YAChB,QAAQ,EAAE,EAAE;YACZ,eAAe,EAAE,CAAC;SACnB,CAAC;QACF,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,eAAe,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC3E,CAAC;IAMD,MAAM,QAAQ,GAAe,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9C,OAAO,EAAE;YACP,IAAI,EAAE,IAAA,yBAAiB,EAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC;YACpC,IAAI,EAAE,CAAC,CAAC,SAAS;YACjB,IAAI,EAAE,CAAC,CAAC,MAAM;YACd,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM;YAChE,KAAK,EAAE,CAAC,CAAC,WAAW;SACrB;QACD,MAAM,EAAE,CAAC,CAAC,MAAM;KACjB,CAAC,CAAC,CAAC;IAEJ,sEAAsE;IACtE,+DAA+D;IAC/D,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,2BAAc,EAAC,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IAEtF,yEAAyE;IACzE,MAAM,YAAY,GAAG,IAAA,+BAAgB,EAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,IAAA,gCAAiB,EAC5C,gBAAgB,EAChB,YAAY,CAAC,QAAQ,EACrB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EACrB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CACtB,CAAC;IAEF,MAAM,QAAQ,GAAkB;QAC9B,aAAa,EAAE,CAAC;QAChB,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;QACpC,eAAe,EAAE,UAAU,CAAC,MAAM;KACnC,CAAC;IACF,MAAM,UAAU,GAAwB,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACvD,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI;QACpB,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI;QACpB,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI;QACpB,MAAM,EAAE,CAAC,CAAC,MAAM;KACjB,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,eAAe,EAAE,UAAU,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC;AACvF,CAAC;AAED;;;;GAIG;AACU,QAAA,gBAAgB,GAAsC;IACjE,MAAM,EAAE,UAAU;IAClB,KAAK,CAAC,MAAM,CAAC,GAAG;QACd,MAAM,OAAO,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;QAC1C,OAAO,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9D,CAAC;CACF,CAAC;AAEF,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,yBAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IACjD,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;AAC/C,CAAC"}
|
|
@@ -1,6 +1,11 @@
|
|
|
1
1
|
import type { CapabilityProvider } from '../../languages/capabilities/provider';
|
|
2
2
|
import type { SecretsResult } from '../../languages/capabilities/types';
|
|
3
|
-
/**
|
|
3
|
+
/**
|
|
4
|
+
* Scan source files for hardcoded secrets gitleaks doesn't cover (plus
|
|
5
|
+
* the branded fallback set when gitleaks is absent). Never returns null:
|
|
6
|
+
* the generic patterns always contribute, so this provider runs on every
|
|
7
|
+
* analysis rather than yielding wholesale to gitleaks.
|
|
8
|
+
*/
|
|
4
9
|
export declare function gatherGrepSecretsResult(cwd: string): SecretsResult | null;
|
|
5
10
|
export declare const grepSecretsProvider: CapabilityProvider<SecretsResult>;
|
|
6
11
|
//# sourceMappingURL=grep-secrets.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"grep-secrets.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/grep-secrets.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"grep-secrets.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/grep-secrets.ts"],"names":[],"mappings":"AAiCA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,KAAK,EAAiB,aAAa,EAAE,MAAM,oCAAoC,CAAC;AAqCvF;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAkDzE;AAED,eAAO,MAAM,mBAAmB,EAAE,kBAAkB,CAAC,aAAa,CAKjE,CAAC"}
|
|
@@ -36,81 +36,101 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
36
36
|
exports.grepSecretsProvider = void 0;
|
|
37
37
|
exports.gatherGrepSecretsResult = gatherGrepSecretsResult;
|
|
38
38
|
/**
|
|
39
|
-
*
|
|
40
|
-
* gitleaks is unavailable. Re-registered under `GLOBAL_CAPABILITIES.secrets`
|
|
41
|
-
* in Phase 10e.C.7.5 after `generic.ts`'s legacy Layer-0 equivalent was
|
|
42
|
-
* deleted alongside the capability-owned `HealthMetrics.secretDetails`.
|
|
39
|
+
* Pattern-based secret scanner that COMPLEMENTS gitleaks.
|
|
43
40
|
*
|
|
44
|
-
*
|
|
45
|
-
*
|
|
46
|
-
*
|
|
47
|
-
*
|
|
48
|
-
*
|
|
49
|
-
*
|
|
50
|
-
*
|
|
41
|
+
* gitleaks is keyed to known token *formats* (AWS / GitHub / Stripe /
|
|
42
|
+
* private keys) — it is excellent at those and deliberately does NOT
|
|
43
|
+
* flag generic hardcoded credentials like `password = "hunter2"`,
|
|
44
|
+
* because a naive entropy rule floods every codebase with false
|
|
45
|
+
* positives. Verified empirically: gitleaks reports zero on
|
|
46
|
+
* `password = "..."` / `api_key = "..."` assignments.
|
|
47
|
+
*
|
|
48
|
+
* That leaves a real gap: a developer who hardcodes a plain password
|
|
49
|
+
* sails through the guardrail. This provider closes it. The patterns
|
|
50
|
+
* split into two classes:
|
|
51
|
+
*
|
|
52
|
+
* - GENERIC keyword-assignment secrets (`password`/`secret`/`token` =
|
|
53
|
+
* a quoted literal). gitleaks misses these, so they run ALWAYS —
|
|
54
|
+
* they are the complement of gitleaks coverage, not a fallback.
|
|
55
|
+
* - BRANDED token shapes (AWS keys, GitHub PATs, private keys).
|
|
56
|
+
* gitleaks covers these with higher precision, so they run ONLY
|
|
57
|
+
* when gitleaks is absent — full standalone fallback, no
|
|
58
|
+
* double-counting when both scanners are present.
|
|
59
|
+
*
|
|
60
|
+
* Scanning is in-process via the canonical `walkSourceFiles` walker
|
|
61
|
+
* (not POSIX `grep -r`, which is unavailable on Windows and overflows
|
|
62
|
+
* maxBuffer on large repos). Findings flow through the same SECRETS
|
|
63
|
+
* capability + fingerprint + baseline path as gitleaks, so a hardcoded
|
|
64
|
+
* password gates a push exactly like a leaked AWS key.
|
|
51
65
|
*/
|
|
66
|
+
const fs = __importStar(require("fs"));
|
|
52
67
|
const path = __importStar(require("path"));
|
|
53
|
-
const runner_1 = require("./runner");
|
|
54
68
|
const tool_registry_1 = require("./tool-registry");
|
|
55
|
-
const exclusions_1 = require("./exclusions");
|
|
56
|
-
const paths_1 = require("./paths");
|
|
57
69
|
const suppressions_1 = require("./suppressions");
|
|
58
|
-
const
|
|
70
|
+
const walk_source_files_1 = require("./walk-source-files");
|
|
71
|
+
/**
|
|
72
|
+
* Generic keyword-to-quoted-literal assignments. Case-insensitive; the
|
|
73
|
+
* trailing `["'][^"']{3,}` anchor requires an actual quoted value of at
|
|
74
|
+
* least 3 chars, which is what separates a real hardcoded secret from a
|
|
75
|
+
* config read (`password = config.get("x")` — value isn't a literal),
|
|
76
|
+
* a comparison (`if password ==`), or an empty placeholder
|
|
77
|
+
* (`password = ""`). These run on every scan — gitleaks does not.
|
|
78
|
+
*/
|
|
79
|
+
const GENERIC_PATTERNS = [
|
|
80
|
+
{ regex: /password\s*[:=]\s*["'][^"']{3,}/i, rule: 'hardcoded-password' },
|
|
81
|
+
{ regex: /(?:api[_-]?key|apikey)\s*[:=]\s*["'][^"']{3,}/i, rule: 'hardcoded-api-key' },
|
|
82
|
+
{ regex: /(?:secret|token|passwd|pwd)\s*[:=]\s*["'][^"']{3,}/i, rule: 'hardcoded-secret' },
|
|
83
|
+
];
|
|
59
84
|
/**
|
|
60
|
-
*
|
|
61
|
-
*
|
|
62
|
-
*
|
|
85
|
+
* Branded / structured token shapes. gitleaks detects these with higher
|
|
86
|
+
* precision (and fewer false positives), so they only run as a
|
|
87
|
+
* standalone fallback when gitleaks is unavailable.
|
|
63
88
|
*/
|
|
64
|
-
const
|
|
65
|
-
{
|
|
66
|
-
{
|
|
67
|
-
{
|
|
68
|
-
{
|
|
69
|
-
{ pattern: 'AKIA[0-9A-Z]{16}', rule: 'aws-access-key' },
|
|
70
|
-
{ pattern: 'ghp_[a-zA-Z0-9]{36}', rule: 'github-token' },
|
|
71
|
-
{ pattern: 'sk-ant-[a-zA-Z0-9]', rule: 'anthropic-api-key' },
|
|
89
|
+
const BRANDED_PATTERNS = [
|
|
90
|
+
{ regex: /BEGIN.*PRIVATE KEY/, rule: 'private-key-in-source' },
|
|
91
|
+
{ regex: /AKIA[0-9A-Z]{16}/, rule: 'aws-access-key' },
|
|
92
|
+
{ regex: /ghp_[a-zA-Z0-9]{36}/, rule: 'github-token' },
|
|
93
|
+
{ regex: /sk-ant-[a-zA-Z0-9]/, rule: 'anthropic-api-key' },
|
|
72
94
|
];
|
|
73
95
|
function severityFor(rule) {
|
|
74
96
|
return rule.includes('private-key') || rule.includes('password') ? 'critical' : 'high';
|
|
75
97
|
}
|
|
76
|
-
/**
|
|
98
|
+
/**
|
|
99
|
+
* Scan source files for hardcoded secrets gitleaks doesn't cover (plus
|
|
100
|
+
* the branded fallback set when gitleaks is absent). Never returns null:
|
|
101
|
+
* the generic patterns always contribute, so this provider runs on every
|
|
102
|
+
* analysis rather than yielding wholesale to gitleaks.
|
|
103
|
+
*/
|
|
77
104
|
function gatherGrepSecretsResult(cwd) {
|
|
78
|
-
// Yield to gitleaks — superset coverage, no point running both. When
|
|
79
|
-
// gitleaks is absent `findTool` returns `available: false` and we proceed
|
|
80
|
-
// with the fallback scan.
|
|
81
105
|
const gitleaks = (0, tool_registry_1.findTool)(tool_registry_1.TOOL_DEFS.gitleaks, cwd);
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
//
|
|
89
|
-
//
|
|
90
|
-
//
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
.join(' ');
|
|
106
|
+
// Generic keyword-assignment patterns always run (gitleaks misses
|
|
107
|
+
// them). Branded patterns only when gitleaks is absent (it covers them
|
|
108
|
+
// better, and running both would double-count the same AWS key).
|
|
109
|
+
const patterns = gitleaks.available
|
|
110
|
+
? GENERIC_PATTERNS
|
|
111
|
+
: [...GENERIC_PATTERNS, ...BRANDED_PATTERNS];
|
|
112
|
+
// Canonical walker: project-relative source paths with the resolved
|
|
113
|
+
// exclusion set already applied. includeTests so a password hardcoded
|
|
114
|
+
// in a test still surfaces (a real fixture is allowlisted as
|
|
115
|
+
// `test-fixture`, not silently ignored).
|
|
116
|
+
const files = (0, walk_source_files_1.walkSourceFiles)(cwd, { includeTests: true, includeAutogen: true });
|
|
94
117
|
const raw = [];
|
|
95
|
-
for (const
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
118
|
+
for (const rel of files) {
|
|
119
|
+
let content;
|
|
120
|
+
try {
|
|
121
|
+
content = fs.readFileSync(path.join(cwd, rel), 'utf-8');
|
|
122
|
+
}
|
|
123
|
+
catch {
|
|
99
124
|
continue;
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
file,
|
|
110
|
-
line: parseInt(match[2], 10),
|
|
111
|
-
rule: sp.rule,
|
|
112
|
-
severity: severityFor(sp.rule),
|
|
113
|
-
});
|
|
125
|
+
}
|
|
126
|
+
const lines = content.split('\n');
|
|
127
|
+
for (let i = 0; i < lines.length; i++) {
|
|
128
|
+
for (const sp of patterns) {
|
|
129
|
+
if (sp.regex.test(lines[i])) {
|
|
130
|
+
raw.push({ file: rel, line: i + 1, rule: sp.rule, severity: severityFor(sp.rule) });
|
|
131
|
+
break; // at most one finding per line
|
|
132
|
+
}
|
|
133
|
+
}
|
|
114
134
|
}
|
|
115
135
|
}
|
|
116
136
|
// Apply `.dxkit-suppressions.json` under the same key gitleaks uses, so
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"grep-secrets.js","sourceRoot":"","sources":["../../../src/analyzers/tools/grep-secrets.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"grep-secrets.js","sourceRoot":"","sources":["../../../src/analyzers/tools/grep-secrets.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6EA,0DAkDC;AA/HD;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,uCAAyB;AACzB,2CAA6B;AAC7B,mDAAsD;AACtD,iDAAqE;AACrE,2DAAsD;AAStD;;;;;;;GAOG;AACH,MAAM,gBAAgB,GAAoB;IACxC,EAAE,KAAK,EAAE,kCAAkC,EAAE,IAAI,EAAE,oBAAoB,EAAE;IACzE,EAAE,KAAK,EAAE,gDAAgD,EAAE,IAAI,EAAE,mBAAmB,EAAE;IACtF,EAAE,KAAK,EAAE,qDAAqD,EAAE,IAAI,EAAE,kBAAkB,EAAE;CAC3F,CAAC;AAEF;;;;GAIG;AACH,MAAM,gBAAgB,GAAoB;IACxC,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,uBAAuB,EAAE;IAC9D,EAAE,KAAK,EAAE,kBAAkB,EAAE,IAAI,EAAE,gBAAgB,EAAE;IACrD,EAAE,KAAK,EAAE,qBAAqB,EAAE,IAAI,EAAE,cAAc,EAAE;IACtD,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,mBAAmB,EAAE;CAC3D,CAAC;AAEF,SAAS,WAAW,CAAC,IAAY;IAC/B,OAAO,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;AACzF,CAAC;AAED;;;;;GAKG;AACH,SAAgB,uBAAuB,CAAC,GAAW;IACjD,MAAM,QAAQ,GAAG,IAAA,wBAAQ,EAAC,yBAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IACnD,kEAAkE;IAClE,uEAAuE;IACvE,iEAAiE;IACjE,MAAM,QAAQ,GAAG,QAAQ,CAAC,SAAS;QACjC,CAAC,CAAC,gBAAgB;QAClB,CAAC,CAAC,CAAC,GAAG,gBAAgB,EAAE,GAAG,gBAAgB,CAAC,CAAC;IAE/C,oEAAoE;IACpE,sEAAsE;IACtE,6DAA6D;IAC7D,yCAAyC;IACzC,MAAM,KAAK,GAAG,IAAA,mCAAe,EAAC,GAAG,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;IAEjF,MAAM,GAAG,GAAoB,EAAE,CAAC;IAChC,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;QACxB,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,OAAO,CAAC,CAAC;QAC1D,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,KAAK,MAAM,EAAE,IAAI,QAAQ,EAAE,CAAC;gBAC1B,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC5B,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,WAAW,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;oBACpF,MAAM,CAAC,+BAA+B;gBACxC,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,wEAAwE;IACxE,sDAAsD;IACtD,MAAM,YAAY,GAAG,IAAA,+BAAgB,EAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,IAAA,gCAAiB,EAC5C,GAAG,EACH,YAAY,CAAC,QAAQ,EACrB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EACb,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CACd,CAAC;IAEF,OAAO;QACL,aAAa,EAAE,CAAC;QAChB,IAAI,EAAE,cAAc;QACpB,QAAQ,EAAE,IAAI;QACd,eAAe,EAAE,UAAU,CAAC,MAAM;KACnC,CAAC;AACJ,CAAC;AAEY,QAAA,mBAAmB,GAAsC;IACpE,MAAM,EAAE,cAAc;IACtB,KAAK,CAAC,MAAM,CAAC,GAAG;QACd,OAAO,uBAAuB,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC;CACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jscpd.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/jscpd.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;
|
|
1
|
+
{"version":3,"file":"jscpd.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/jscpd.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAMH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,KAAK,EAAoB,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAuB9F;;;;;GAKG;AACH,MAAM,MAAM,wBAAwB,GAChC;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,QAAQ,EAAE,iBAAiB,CAAA;CAAE,GAChD;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AA8C5C;;;;;;;;;;;GAWG;AACH,wBAAsB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAqGtF;AAED;;;GAGG;AAUH,eAAO,MAAM,aAAa,EAAE,kBAAkB,CAAC,iBAAiB,CAAC,GAAG;IAClE,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAAC;CAU/D,CAAC"}
|
|
@@ -51,6 +51,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
51
51
|
exports.jscpdProvider = void 0;
|
|
52
52
|
exports.gatherJscpdResult = gatherJscpdResult;
|
|
53
53
|
const fs = __importStar(require("fs"));
|
|
54
|
+
const os = __importStar(require("os"));
|
|
54
55
|
const path = __importStar(require("path"));
|
|
55
56
|
const languages_1 = require("../../languages");
|
|
56
57
|
const exclusions_1 = require("./exclusions");
|
|
@@ -114,7 +115,7 @@ async function gatherJscpdResult(cwd) {
|
|
|
114
115
|
const status = (0, tool_registry_1.findTool)(tool_registry_1.TOOL_DEFS.jscpd, cwd);
|
|
115
116
|
if (!status.available || !status.path)
|
|
116
117
|
return { kind: 'unavailable', reason: 'not installed' };
|
|
117
|
-
const reportDir =
|
|
118
|
+
const reportDir = path.join(os.tmpdir(), `dxkit-jscpd-${Date.now()}`);
|
|
118
119
|
const pattern = buildJscpdPattern();
|
|
119
120
|
// jscpd's `--ignore` receives the union of:
|
|
120
121
|
//
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jscpd.js","sourceRoot":"","sources":["../../../src/analyzers/tools/jscpd.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"jscpd.js","sourceRoot":"","sources":["../../../src/analyzers/tools/jscpd.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgGH,8CAqGC;AAnMD,uCAAyB;AACzB,uCAAyB;AACzB,2CAA6B;AAC7B,+CAAsE;AAGtE,6CAAsD;AACtD,qCAAuC;AACvC,mDAAsD;AA8BtD;;;;;;;;;;;GAWG;AACH,SAAS,iBAAiB;IACxB,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,IAAI,IAAI,qBAAS,EAAE,CAAC;QAC7B,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;AAChD,CAAC;AAED,0DAA0D;AAC1D,SAAS,aAAa,CAAC,UAA+B,EAAE,KAAK,GAAG,EAAE;IAChE,OAAO,UAAU;SACd,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,IAAI,IAAI,CAAC,CAAC,UAAU,EAAE,IAAI,IAAI,CAAC,CAAC,KAAK,CAAC;SACjE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACX,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC;QACnB,MAAM,EAAE,CAAC,CAAC,MAAM,IAAI,CAAC;QACrB,CAAC,EAAE;YACD,IAAI,EAAE,CAAC,CAAC,SAAU,CAAC,IAAK;YACxB,SAAS,EAAE,CAAC,CAAC,SAAU,CAAC,KAAK,IAAI,CAAC;YAClC,OAAO,EAAE,CAAC,CAAC,SAAU,CAAC,GAAG,IAAI,CAAC;SAC/B;QACD,CAAC,EAAE;YACD,IAAI,EAAE,CAAC,CAAC,UAAW,CAAC,IAAK;YACzB,SAAS,EAAE,CAAC,CAAC,UAAW,CAAC,KAAK,IAAI,CAAC;YACnC,OAAO,EAAE,CAAC,CAAC,UAAW,CAAC,GAAG,IAAI,CAAC;SAChC;KACF,CAAC,CAAC;SACF,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;SACjC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;AACrB,CAAC;AAED;;;;;;;;;;;GAWG;AACI,KAAK,UAAU,iBAAiB,CAAC,GAAW;IACjD,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,yBAAS,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAC9C,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,IAAI;QAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAE/F,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,eAAe,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACtE,MAAM,OAAO,GAAG,iBAAiB,EAAE,CAAC;IACpC,4CAA4C;IAC5C,EAAE;IACF,sEAAsE;IACtE,iEAAiE;IACjE,+DAA+D;IAC/D,iEAAiE;IACjE,sEAAsE;IACtE,8DAA8D;IAC9D,+DAA+D;IAC/D,gEAAgE;IAChE,mEAAmE;IACnE,uDAAuD;IACvD,EAAE;IACF,4DAA4D;IAC5D,6DAA6D;IAC7D,+DAA+D;IAC/D,gEAAgE;IAChE,gEAAgE;IAChE,mEAAmE;IACnE,6CAA6C;IAC7C,EAAE;IACF,oEAAoE;IACpE,MAAM,eAAe,GAAG,IAAA,mCAAsB,EAAC,GAAG,CAAC,CAAC;IACpD,MAAM,aAAa,GAAG,IAAA,oCAAwB,GAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACvE,MAAM,cAAc,GAAG,CAAC,GAAG,eAAe,EAAE,GAAG,aAAa,CAAC,CAAC;IAC9D,MAAM,IAAI,GAAG,CAAC,aAAa,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,aAAa,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;IACjG,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;IAEzD,MAAM,OAAO,GAAG,MAAM,IAAA,oBAAW,EAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;IAEjF,qDAAqD;IACrD,qEAAqE;IACrE,kEAAkE;IAClE,sFAAsF;IACtF,8DAA8D;IAC9D,4DAA4D;IAC5D,kDAAkD;IAClD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,mBAAmB,CAAC,CAAC;IAC7D,IAAI,SAAiB,CAAC;IACtB,IAAI,CAAC;QACH,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,SAAS,GAAG,EAAE,CAAC;IACjB,CAAC;IACD,IAAI,CAAC;QACH,EAAE,CAAC,MAAM,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,8CAA8C;IAChD,CAAC;IAED,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACrB,OAAO;gBACL,IAAI,EAAE,aAAa;gBACnB,MAAM,EAAE,gEAAgE;aACzE,CAAC;QACJ,CAAC;QACD,MAAM,eAAe,GAAG,OAAO,CAAC,MAAM;aACnC,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC7B,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC,IAAI,OAAO,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YAChD,MAAM,GAAG,GAAG,eAAe,CAAC,CAAC,CAAC,aAAa,eAAe,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACnE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,OAAO,CAAC,IAAI,GAAG,GAAG,EAAE,EAAE,CAAC;QAC5E,CAAC;QACD,IAAI,eAAe,EAAE,CAAC;YACpB,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,sBAAsB,eAAe,GAAG,EAAE,CAAC;QACnF,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IACtD,CAAC;IAED,IAAI,IAAiB,CAAC;IACtB,IAAI,CAAC;QACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAgB,CAAC;IAC9C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;IACxD,CAAC;IAED,MAAM,CAAC,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC;IACjC,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;IAEjE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC;IACzC,MAAM,QAAQ,GAAsB;QAClC,aAAa,EAAE,CAAC;QAChB,IAAI,EAAE,OAAO;QACb,UAAU,EAAE,CAAC,CAAC,KAAK;QACnB,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,GAAG,CAAC,GAAG,GAAG;QAChD,UAAU,EAAE,UAAU,CAAC,MAAM;QAC7B,SAAS,EAAE,aAAa,CAAC,UAAU,CAAC;KACrC,CAAC;IACF,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,uEAAuE;AACvE,wEAAwE;AACxE,wEAAwE;AACxE,oEAAoE;AACpE,sEAAsE;AACtE,6DAA6D;AAC7D,uEAAuE;AACvE,oEAAoE;AACpE,aAAa;AACA,QAAA,aAAa,GAEtB;IACF,MAAM,EAAE,OAAO;IACf,KAAK,CAAC,MAAM,CAAC,GAAG;QACd,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC;QAC7C,OAAO,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9D,CAAC;IACD,KAAK,CAAC,aAAa,CAAC,GAAG;QACrB,OAAO,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;CACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"osv-scanner-deps.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/osv-scanner-deps.ts"],"names":[],"mappings":"AAoCA,OAAO,KAAK,EACV,cAAc,EACd,oBAAoB,EAEpB,cAAc,EACf,MAAM,oCAAoC,CAAC;AAC5C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAiB9C;;;;;;;;;;;;GAYG;AACH,wBAAgB,uBAAuB,CACrC,GAAG,EAAE,MAAM,EACX,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,UAAU,GAClB;IACD,MAAM,EAAE,cAAc,CAAC;IACvB,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,YAAY,EAAE,KAAK,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;CAC5F,CA8EA;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,8BAA8B,CAClD,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,UAAU,EAClB,SAAS,EAAE,MAAM,EACjB,kBAAkB,EAAE,MAAM,EAAE,GAC3B,OAAO,CAAC,oBAAoB,CAAC,
|
|
1
|
+
{"version":3,"file":"osv-scanner-deps.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/osv-scanner-deps.ts"],"names":[],"mappings":"AAoCA,OAAO,KAAK,EACV,cAAc,EACd,oBAAoB,EAEpB,cAAc,EACf,MAAM,oCAAoC,CAAC;AAC5C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAiB9C;;;;;;;;;;;;GAYG;AACH,wBAAgB,uBAAuB,CACrC,GAAG,EAAE,MAAM,EACX,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,UAAU,GAClB;IACD,MAAM,EAAE,cAAc,CAAC;IACvB,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,YAAY,EAAE,KAAK,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;CAC5F,CA8EA;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,8BAA8B,CAClD,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,UAAU,EAClB,SAAS,EAAE,MAAM,EACjB,kBAAkB,EAAE,MAAM,EAAE,GAC3B,OAAO,CAAC,oBAAoB,CAAC,CA6C/B"}
|
|
@@ -165,7 +165,7 @@ async function gatherOsvScannerDepVulnsResult(cwd, packId, ecosystem, manifestCa
|
|
|
165
165
|
if (!scanner.available || !scanner.path) {
|
|
166
166
|
return { kind: 'unavailable', reason: 'osv-scanner not installed' };
|
|
167
167
|
}
|
|
168
|
-
const raw = (0, runner_1.run)(`${scanner.path} scan source --lockfile ${manifest} --format json
|
|
168
|
+
const raw = (0, runner_1.run)(`${scanner.path} scan source --lockfile ${manifest} --format json`, cwd, 180000);
|
|
169
169
|
if (!raw)
|
|
170
170
|
return { kind: 'unavailable', reason: 'osv-scanner produced no output' };
|
|
171
171
|
const { counts, findings, vulnsForCvss } = parseOsvScannerFindings(raw, ecosystem, packId);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"osv-scanner-deps.js","sourceRoot":"","sources":["../../../src/analyzers/tools/osv-scanner-deps.ts"],"names":[],"mappings":";;AAwEA,0DAsFC;AAwBD,
|
|
1
|
+
{"version":3,"file":"osv-scanner-deps.js","sourceRoot":"","sources":["../../../src/analyzers/tools/osv-scanner-deps.ts"],"names":[],"mappings":";;AAwEA,0DAsFC;AAwBD,wEAkDC;AAxOD;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,+BAMe;AACf,qCAA2C;AAC3C,mDAAsD;AAwBtD;;;;;;;;;;;;GAYG;AACH,SAAgB,uBAAuB,CACrC,GAAW,EACX,SAAiB,EACjB,MAAmB;IAMnB,MAAM,MAAM,GAAmB,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAC3E,MAAM,QAAQ,GAAqB,EAAE,CAAC;IACtC,MAAM,YAAY,GAIb,EAAE,CAAC;IACR,IAAI,IAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAqB,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;IAC5C,CAAC;IACD,oEAAoE;IACpE,sEAAsE;IACtE,oEAAoE;IACpE,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,IAAI,EAAE,EAAE,CAAC;QACxC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC;YACxC,IAAI,GAAG,CAAC,OAAO,EAAE,SAAS,KAAK,SAAS;gBAAE,SAAS;YACnD,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,SAAS,CAAC;YAC9C,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC;YACvC,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,eAAe,IAAI,EAAE,EAAE,CAAC;gBAC7C,IAAI,CAAC,IAAI,CAAC,EAAE;oBAAE,SAAS;gBACvB,MAAM,QAAQ,GAAG,GAAG,OAAO,KAAK,UAAU,IAAI,EAAE,KAAK,IAAI,CAAC,EAAE,EAAE,CAAC;gBAC/D,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC;oBAAE,SAAS;gBACjC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBAEnB,MAAM,GAAG,GAAG,IAAA,yBAAmB,EAAC,IAAI,CAAC,CAAC;gBACtC,MAAM,IAAI,GACR,GAAG,KAAK,UAAU,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,KAAK;oBACvE,CAAC,CAAC,GAAG;oBACL,CAAC,CAAC,QAAQ,CAAC;gBACf,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBAEf,MAAM,IAAI,GAAG,IAAA,yBAAmB,EAAC,IAAI,CAAC,CAAC;gBACvC,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;gBACtE,MAAM,OAAO,GAAmB;oBAC9B,EAAE,EAAE,IAAI,CAAC,EAAE;oBACX,OAAO,EAAE,OAAO;oBAChB,gBAAgB,EAAE,UAAU;oBAC5B,IAAI,EAAE,aAAa;oBACnB,QAAQ,EAAE,IAAI;iBACf,CAAC;gBACF,oEAAoE;gBACpE,qEAAqE;gBACrE,kEAAkE;gBAClE,8DAA8D;gBAC9D,IAAI,MAAM;oBAAE,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;gBACpC,IAAI,IAAI,KAAK,IAAI;oBAAE,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;gBAC5C,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;oBAAE,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;gBAClD,IAAI,IAAI,CAAC,OAAO;oBAAE,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;gBACjD,0DAA0D;gBAC1D,gEAAgE;gBAChE,2DAA2D;gBAC3D,+DAA+D;gBAC/D,2DAA2D;gBAC3D,kDAAkD;gBAClD,MAAM,UAAU,GAAG,IAAA,0BAAoB,EAAC,IAAI,CAAC,CAAC;gBAC9C,IAAI,UAAU;oBAAE,OAAO,CAAC,YAAY,GAAG,UAAU,CAAC;gBAClD,8DAA8D;gBAC9D,uDAAuD;gBACvD,sBAAsB;gBACtB,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC1F,OAAO,CAAC,UAAU;oBAChB,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,iCAAiC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC9E,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAEvB,YAAY,CAAC,IAAI,CAAC;oBAChB,SAAS,EAAE,IAAI,CAAC,EAAE;oBAClB,YAAY,EAAE,IAAI;oBAClB,OAAO;iBACR,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;AAC5C,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACI,KAAK,UAAU,8BAA8B,CAClD,GAAW,EACX,MAAkB,EAClB,SAAiB,EACjB,kBAA4B;IAE5B,IAAI,QAAQ,GAAkB,IAAI,CAAC;IACnC,KAAK,MAAM,GAAG,IAAI,kBAAkB,EAAE,CAAC;QACrC,IAAI,IAAA,mBAAU,EAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;YACzB,QAAQ,GAAG,GAAG,CAAC;YACf,MAAM;QACR,CAAC;IACH,CAAC;IACD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO;YACL,IAAI,EAAE,aAAa;YACnB,MAAM,EAAE,kCAAkC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;SAC3E,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,IAAA,wBAAQ,EAAC,yBAAS,CAAC,aAAa,CAAC,EAAE,GAAG,CAAC,CAAC;IACxD,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACxC,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,2BAA2B,EAAE,CAAC;IACtE,CAAC;IAED,MAAM,GAAG,GAAG,IAAA,YAAG,EAAC,GAAG,OAAO,CAAC,IAAI,2BAA2B,QAAQ,gBAAgB,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;IACjG,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAC;IAEnF,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,uBAAuB,CAAC,GAAG,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IAE3F,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,QAAQ,GAAG,MAAM,IAAA,uBAAiB,EAAC,YAAY,CAAC,CAAC;QACvD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACjC,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS;gBAAE,CAAC,CAAC,SAAS,GAAG,KAAK,CAAC;QACjE,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAkB;QAC9B,aAAa,EAAE,CAAC;QAChB,IAAI,EAAE,aAAa;QACnB,UAAU,EAAE,SAAS;QACrB,MAAM;QACN,QAAQ;KACT,CAAC;IACF,uEAAuE;IACvE,0EAA0E;IAC1E,mEAAmE;IACnE,+CAA+C;IAC/C,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AACvC,CAAC"}
|
|
@@ -11,14 +11,47 @@
|
|
|
11
11
|
export declare function parseJsonStream(raw: string): unknown[];
|
|
12
12
|
/** Run a command and return stdout. Returns empty string on failure. */
|
|
13
13
|
export declare function run(cmd: string, cwd: string, timeoutMs?: number): string;
|
|
14
|
+
/**
|
|
15
|
+
* Run a binary directly (NO shell) and return stdout, or '' on failure.
|
|
16
|
+
*
|
|
17
|
+
* Synchronous sibling of `runDetached` for single-binary tools that must
|
|
18
|
+
* stay on a synchronous call path (e.g. the memoized `gatherGitleaksResult`).
|
|
19
|
+
* Because there's no shell, there are no cross-platform quoting hazards:
|
|
20
|
+
* pass the resolved binary path plus an args array and Node hands them to
|
|
21
|
+
* the OS verbatim. This is the portable replacement for building a shell
|
|
22
|
+
* string with single-quotes + `2>/dev/null` — both of which are POSIX-only
|
|
23
|
+
* and break under Windows' cmd.exe (single-quotes don't quote; the
|
|
24
|
+
* redirect writes a stray `nul` file instead of discarding stderr).
|
|
25
|
+
*/
|
|
26
|
+
export declare function runFileSync(file: string, args: string[], cwd: string, timeoutMs?: number): string;
|
|
14
27
|
/** Run a command and return the exit code. */
|
|
15
28
|
export declare function runExitCode(cmd: string, cwd: string, timeoutMs?: number): number;
|
|
16
29
|
/** Run a command and parse stdout as JSON. Returns null on failure. */
|
|
17
30
|
export declare function runJSON<T>(cmd: string, cwd: string, timeoutMs?: number): T | null;
|
|
18
31
|
/** Count lines in command output. */
|
|
19
32
|
export declare function countLines(cmd: string, cwd: string): number;
|
|
20
|
-
/**
|
|
21
|
-
|
|
33
|
+
/**
|
|
34
|
+
* Cross-platform "where is this binary on PATH?" resolver. Returns the
|
|
35
|
+
* absolute path of the first match, or null.
|
|
36
|
+
*
|
|
37
|
+
* Pure-Node: walks `process.env.PATH` entries and checks each candidate
|
|
38
|
+
* with `fs`, honoring `%PATHEXT%` on Windows. This replaces the prior
|
|
39
|
+
* `which <binary> 2>/dev/null` shell probe, which silently
|
|
40
|
+
* false-negatived EVERY tool on Windows — cmd.exe has no `which` (it's
|
|
41
|
+
* `where`), and `2>/dev/null` is a POSIX redirect that writes a stray
|
|
42
|
+
* `nul` file rather than discarding stderr. The shell probe is also
|
|
43
|
+
* unnecessary: PATH resolution is a filesystem walk that Node can do
|
|
44
|
+
* directly, with no subprocess to spawn.
|
|
45
|
+
*/
|
|
46
|
+
export declare function resolveOnPath(binary: string): string | null;
|
|
47
|
+
/** Resolve `binary` against an explicit list of directories, honoring
|
|
48
|
+
* `%PATHEXT%` on Windows. Returns the first matching absolute path, or
|
|
49
|
+
* null. Used for system probe dirs and user-configured tool paths so
|
|
50
|
+
* they match `git.exe` / `tool.cmd` on Windows the same way a PATH
|
|
51
|
+
* walk does. */
|
|
52
|
+
export declare function resolveInDirs(binary: string, dirs: string[]): string | null;
|
|
53
|
+
/** Check if a command is available on PATH (cross-platform). */
|
|
54
|
+
export declare function commandExists(cmd: string, _cwd?: string): boolean;
|
|
22
55
|
/** Check if a file exists relative to cwd. */
|
|
23
56
|
export declare function fileExists(cwd: string, ...paths: string[]): boolean;
|
|
24
57
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runner.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/runner.ts"],"names":[],"mappings":"AAOA;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,EAAE,CAqCtD;AAED,wEAAwE;AACxE,wBAAgB,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,SAAS,SAAQ,GAAG,MAAM,CA0BvE;AAED,8CAA8C;AAC9C,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,SAAS,SAAQ,GAAG,MAAM,CAY/E;AAED,uEAAuE;AACvE,wBAAgB,OAAO,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,SAAS,SAAQ,GAAG,CAAC,GAAG,IAAI,CAQhF;AAED,qCAAqC;AACrC,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAI3D;AAED,
|
|
1
|
+
{"version":3,"file":"runner.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/runner.ts"],"names":[],"mappings":"AAOA;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,EAAE,CAqCtD;AAED,wEAAwE;AACxE,wBAAgB,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,SAAS,SAAQ,GAAG,MAAM,CA0BvE;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,SAAS,SAAQ,GAAG,MAAM,CAgBhG;AAED,8CAA8C;AAC9C,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,SAAS,SAAQ,GAAG,MAAM,CAY/E;AAED,uEAAuE;AACvE,wBAAgB,OAAO,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,SAAS,SAAQ,GAAG,CAAC,GAAG,IAAI,CAQhF;AAED,qCAAqC;AACrC,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAI3D;AAwCD;;;;;;;;;;;;GAYG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAI3D;AAED;;;;iBAIiB;AACjB,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,GAAG,IAAI,CAS3E;AAED,gEAAgE;AAChE,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAEjE;AAED,8CAA8C;AAC9C,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAEnE;AAED;;;;;GAKG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,wBAAsB,WAAW,CAC/B,GAAG,EAAE,MAAM,EACX,IAAI,EAAE,MAAM,EAAE,EACd,IAAI,EAAE;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GACvC,OAAO,CAAC,kBAAkB,CAAC,CAuG7B"}
|
|
@@ -35,9 +35,12 @@ var __importStar = (this && this.__importStar) || (function () {
|
|
|
35
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
36
|
exports.parseJsonStream = parseJsonStream;
|
|
37
37
|
exports.run = run;
|
|
38
|
+
exports.runFileSync = runFileSync;
|
|
38
39
|
exports.runExitCode = runExitCode;
|
|
39
40
|
exports.runJSON = runJSON;
|
|
40
41
|
exports.countLines = countLines;
|
|
42
|
+
exports.resolveOnPath = resolveOnPath;
|
|
43
|
+
exports.resolveInDirs = resolveInDirs;
|
|
41
44
|
exports.commandExists = commandExists;
|
|
42
45
|
exports.fileExists = fileExists;
|
|
43
46
|
exports.runDetached = runDetached;
|
|
@@ -129,6 +132,37 @@ function run(cmd, cwd, timeoutMs = 30000) {
|
|
|
129
132
|
return '';
|
|
130
133
|
}
|
|
131
134
|
}
|
|
135
|
+
/**
|
|
136
|
+
* Run a binary directly (NO shell) and return stdout, or '' on failure.
|
|
137
|
+
*
|
|
138
|
+
* Synchronous sibling of `runDetached` for single-binary tools that must
|
|
139
|
+
* stay on a synchronous call path (e.g. the memoized `gatherGitleaksResult`).
|
|
140
|
+
* Because there's no shell, there are no cross-platform quoting hazards:
|
|
141
|
+
* pass the resolved binary path plus an args array and Node hands them to
|
|
142
|
+
* the OS verbatim. This is the portable replacement for building a shell
|
|
143
|
+
* string with single-quotes + `2>/dev/null` — both of which are POSIX-only
|
|
144
|
+
* and break under Windows' cmd.exe (single-quotes don't quote; the
|
|
145
|
+
* redirect writes a stray `nul` file instead of discarding stderr).
|
|
146
|
+
*/
|
|
147
|
+
function runFileSync(file, args, cwd, timeoutMs = 30000) {
|
|
148
|
+
try {
|
|
149
|
+
return (0, child_process_1.execFileSync)(file, args, {
|
|
150
|
+
cwd,
|
|
151
|
+
encoding: 'utf-8',
|
|
152
|
+
stdio: ['pipe', 'pipe', 'pipe'],
|
|
153
|
+
timeout: timeoutMs,
|
|
154
|
+
maxBuffer: 64 * 1024 * 1024,
|
|
155
|
+
}).trim();
|
|
156
|
+
}
|
|
157
|
+
catch (err) {
|
|
158
|
+
// Mirror `run()`'s graceful degradation: some tools write valid
|
|
159
|
+
// output to stdout even on non-zero exit.
|
|
160
|
+
const e = err;
|
|
161
|
+
if (e.stdout && typeof e.stdout === 'string')
|
|
162
|
+
return e.stdout.trim();
|
|
163
|
+
return '';
|
|
164
|
+
}
|
|
165
|
+
}
|
|
132
166
|
/** Run a command and return the exit code. */
|
|
133
167
|
function runExitCode(cmd, cwd, timeoutMs = 60000) {
|
|
134
168
|
try {
|
|
@@ -163,9 +197,84 @@ function countLines(cmd, cwd) {
|
|
|
163
197
|
return 0;
|
|
164
198
|
return output.split('\n').filter((l) => l.trim()).length;
|
|
165
199
|
}
|
|
166
|
-
/**
|
|
167
|
-
|
|
168
|
-
|
|
200
|
+
/**
|
|
201
|
+
* Candidate filename extensions to try for a bare binary name when
|
|
202
|
+
* resolving it against PATH.
|
|
203
|
+
*
|
|
204
|
+
* On POSIX the binary name is used verbatim (`['']`). On Windows an
|
|
205
|
+
* executable is named `git.exe` / `npm.cmd` / `dotnet.exe`, and the
|
|
206
|
+
* shell finds it by appending each entry of `%PATHEXT%`. We replicate
|
|
207
|
+
* that here so a pure-Node PATH walk matches the same files the OS
|
|
208
|
+
* would. If the caller already passed an extension (`foo.exe`), we
|
|
209
|
+
* don't append more.
|
|
210
|
+
*/
|
|
211
|
+
function pathExtensions(binary) {
|
|
212
|
+
if (process.platform !== 'win32')
|
|
213
|
+
return [''];
|
|
214
|
+
if (path.extname(binary))
|
|
215
|
+
return [''];
|
|
216
|
+
const pathext = process.env.PATHEXT || '.COM;.EXE;.BAT;.CMD';
|
|
217
|
+
const exts = pathext
|
|
218
|
+
.split(';')
|
|
219
|
+
.map((e) => e.trim())
|
|
220
|
+
.filter(Boolean);
|
|
221
|
+
// Try the bare name first (some tools ship extension-less shims),
|
|
222
|
+
// then each PATHEXT candidate.
|
|
223
|
+
return ['', ...exts];
|
|
224
|
+
}
|
|
225
|
+
/** True when `p` exists, is a regular file, and (on POSIX) is executable. */
|
|
226
|
+
function isExecutableFile(p) {
|
|
227
|
+
try {
|
|
228
|
+
const st = fs.statSync(p);
|
|
229
|
+
if (!st.isFile())
|
|
230
|
+
return false;
|
|
231
|
+
// Windows has no executable bit; presence + PATHEXT match is enough.
|
|
232
|
+
if (process.platform === 'win32')
|
|
233
|
+
return true;
|
|
234
|
+
fs.accessSync(p, fs.constants.X_OK);
|
|
235
|
+
return true;
|
|
236
|
+
}
|
|
237
|
+
catch {
|
|
238
|
+
return false;
|
|
239
|
+
}
|
|
240
|
+
}
|
|
241
|
+
/**
|
|
242
|
+
* Cross-platform "where is this binary on PATH?" resolver. Returns the
|
|
243
|
+
* absolute path of the first match, or null.
|
|
244
|
+
*
|
|
245
|
+
* Pure-Node: walks `process.env.PATH` entries and checks each candidate
|
|
246
|
+
* with `fs`, honoring `%PATHEXT%` on Windows. This replaces the prior
|
|
247
|
+
* `which <binary> 2>/dev/null` shell probe, which silently
|
|
248
|
+
* false-negatived EVERY tool on Windows — cmd.exe has no `which` (it's
|
|
249
|
+
* `where`), and `2>/dev/null` is a POSIX redirect that writes a stray
|
|
250
|
+
* `nul` file rather than discarding stderr. The shell probe is also
|
|
251
|
+
* unnecessary: PATH resolution is a filesystem walk that Node can do
|
|
252
|
+
* directly, with no subprocess to spawn.
|
|
253
|
+
*/
|
|
254
|
+
function resolveOnPath(binary) {
|
|
255
|
+
const pathVar = process.env.PATH ?? process.env.Path ?? '';
|
|
256
|
+
const dirs = pathVar.split(path.delimiter).filter(Boolean);
|
|
257
|
+
return resolveInDirs(binary, dirs);
|
|
258
|
+
}
|
|
259
|
+
/** Resolve `binary` against an explicit list of directories, honoring
|
|
260
|
+
* `%PATHEXT%` on Windows. Returns the first matching absolute path, or
|
|
261
|
+
* null. Used for system probe dirs and user-configured tool paths so
|
|
262
|
+
* they match `git.exe` / `tool.cmd` on Windows the same way a PATH
|
|
263
|
+
* walk does. */
|
|
264
|
+
function resolveInDirs(binary, dirs) {
|
|
265
|
+
const exts = pathExtensions(binary);
|
|
266
|
+
for (const dir of dirs) {
|
|
267
|
+
for (const ext of exts) {
|
|
268
|
+
const candidate = path.join(dir, binary + ext);
|
|
269
|
+
if (isExecutableFile(candidate))
|
|
270
|
+
return candidate;
|
|
271
|
+
}
|
|
272
|
+
}
|
|
273
|
+
return null;
|
|
274
|
+
}
|
|
275
|
+
/** Check if a command is available on PATH (cross-platform). */
|
|
276
|
+
function commandExists(cmd, _cwd) {
|
|
277
|
+
return resolveOnPath(cmd) !== null;
|
|
169
278
|
}
|
|
170
279
|
/** Check if a file exists relative to cwd. */
|
|
171
280
|
function fileExists(cwd, ...paths) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runner.js","sourceRoot":"","sources":["../../../src/analyzers/tools/runner.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiBA,0CAqCC;AAGD,kBA0BC;AAGD,kCAYC;AAGD,0BAQC;AAGD,gCAIC;AAGD,sCAEC;AAGD,gCAEC;AA8CD,kCA2GC;
|
|
1
|
+
{"version":3,"file":"runner.js","sourceRoot":"","sources":["../../../src/analyzers/tools/runner.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiBA,0CAqCC;AAGD,kBA0BC;AAcD,kCAgBC;AAGD,kCAYC;AAGD,0BAQC;AAGD,gCAIC;AAqDD,sCAIC;AAOD,sCASC;AAGD,sCAEC;AAGD,gCAEC;AA8CD,kCA2GC;AA9XD;;GAEG;AACH,iDAA8D;AAC9D,uCAAyB;AACzB,2CAA6B;AAE7B;;;;;;;;;GASG;AACH,SAAgB,eAAe,CAAC,GAAW;IACzC,MAAM,GAAG,GAAc,EAAE,CAAC;IAC1B,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC;IACf,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QAClB,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,GAAG,KAAK,CAAC;YACf,SAAS;QACX,CAAC;QACD,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,EAAE,KAAK,IAAI;gBAAE,MAAM,GAAG,IAAI,CAAC;iBAC1B,IAAI,EAAE,KAAK,GAAG;gBAAE,QAAQ,GAAG,KAAK,CAAC;YACtC,SAAS;QACX,CAAC;QACD,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,QAAQ,GAAG,IAAI,CAAC;YAChB,SAAS;QACX,CAAC;QACD,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,IAAI,KAAK,KAAK,CAAC;gBAAE,KAAK,GAAG,CAAC,CAAC;YAC3B,KAAK,EAAE,CAAC;QACV,CAAC;aAAM,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACtB,KAAK,EAAE,CAAC;YACR,IAAI,KAAK,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;gBAC9B,IAAI,CAAC;oBACH,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBAChD,CAAC;gBAAC,MAAM,CAAC;oBACP,4BAA4B;gBAC9B,CAAC;gBACD,KAAK,GAAG,CAAC,CAAC,CAAC;YACb,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,wEAAwE;AACxE,SAAgB,GAAG,CAAC,GAAW,EAAE,GAAW,EAAE,SAAS,GAAG,KAAK;IAC7D,IAAI,CAAC;QACH,OAAO,IAAA,wBAAQ,EAAC,GAAG,EAAE;YACnB,GAAG;YACH,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;YAC/B,OAAO,EAAE,SAAS;YAClB,8DAA8D;YAC9D,0DAA0D;YAC1D,8EAA8E;YAC9E,6DAA6D;YAC7D,+DAA+D;YAC/D,yDAAyD;YACzD,8DAA8D;YAC9D,4DAA4D;YAC5D,+DAA+D;YAC/D,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;SAC5B,CAAC,CAAC,IAAI,EAAE,CAAC;IACZ,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,4EAA4E;QAC5E,MAAM,CAAC,GAAG,GAA0B,CAAC;QACrC,IAAI,CAAC,CAAC,MAAM,IAAI,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC7C,OAAO,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACzB,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAgB,WAAW,CAAC,IAAY,EAAE,IAAc,EAAE,GAAW,EAAE,SAAS,GAAG,KAAK;IACtF,IAAI,CAAC;QACH,OAAO,IAAA,4BAAY,EAAC,IAAI,EAAE,IAAI,EAAE;YAC9B,GAAG;YACH,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;YAC/B,OAAO,EAAE,SAAS;YAClB,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;SAC5B,CAAC,CAAC,IAAI,EAAE,CAAC;IACZ,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,gEAAgE;QAChE,0CAA0C;QAC1C,MAAM,CAAC,GAAG,GAA0B,CAAC;QACrC,IAAI,CAAC,CAAC,MAAM,IAAI,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ;YAAE,OAAO,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACrE,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,8CAA8C;AAC9C,SAAgB,WAAW,CAAC,GAAW,EAAE,GAAW,EAAE,SAAS,GAAG,KAAK;IACrE,IAAI,CAAC;QACH,IAAA,wBAAQ,EAAC,GAAG,EAAE;YACZ,GAAG;YACH,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;YAC/B,OAAO,EAAE,SAAS;SACnB,CAAC,CAAC;QACH,OAAO,CAAC,CAAC;IACX,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,CAAC,GAAG,GAA0B,CAAC;QACrC,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC;IACvB,CAAC;AACH,CAAC;AAED,uEAAuE;AACvE,SAAgB,OAAO,CAAI,GAAW,EAAE,GAAW,EAAE,SAAS,GAAG,KAAK;IACpE,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;IACxC,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAM,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,qCAAqC;AACrC,SAAgB,UAAU,CAAC,GAAW,EAAE,GAAW;IACjD,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC7B,IAAI,CAAC,MAAM;QAAE,OAAO,CAAC,CAAC;IACtB,OAAO,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;AAC3D,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAS,cAAc,CAAC,MAAc;IACpC,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO,CAAC,EAAE,CAAC,CAAC;IAC9C,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,CAAC,EAAE,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,qBAAqB,CAAC;IAC7D,MAAM,IAAI,GAAG,OAAO;SACjB,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,OAAO,CAAC,CAAC;IACnB,kEAAkE;IAClE,+BAA+B;IAC/B,OAAO,CAAC,EAAE,EAAE,GAAG,IAAI,CAAC,CAAC;AACvB,CAAC;AAED,6EAA6E;AAC7E,SAAS,gBAAgB,CAAC,CAAS;IACjC,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC1B,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE;YAAE,OAAO,KAAK,CAAC;QAC/B,qEAAqE;QACrE,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO;YAAE,OAAO,IAAI,CAAC;QAC9C,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAgB,aAAa,CAAC,MAAc;IAC1C,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;IAC3D,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3D,OAAO,aAAa,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AACrC,CAAC;AAED;;;;iBAIiB;AACjB,SAAgB,aAAa,CAAC,MAAc,EAAE,IAAc;IAC1D,MAAM,IAAI,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IACpC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC,CAAC;YAC/C,IAAI,gBAAgB,CAAC,SAAS,CAAC;gBAAE,OAAO,SAAS,CAAC;QACpD,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,gEAAgE;AAChE,SAAgB,aAAa,CAAC,GAAW,EAAE,IAAa;IACtD,OAAO,aAAa,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC;AACrC,CAAC;AAED,8CAA8C;AAC9C,SAAgB,UAAU,CAAC,GAAW,EAAE,GAAG,KAAe;IACxD,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7D,CAAC;AAeD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACI,KAAK,UAAU,WAAW,CAC/B,GAAW,EACX,IAAc,EACd,IAAwC;IAExC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,QAAQ,GAAG,KAAK,CAAC;QAErB,+DAA+D;QAC/D,+DAA+D;QAC/D,gEAAgE;QAChE,oFAAoF;QACpF,uDAAuD;QACvD,+DAA+D;QAC/D,iEAAiE;QACjE,8DAA8D;QAC9D,6DAA6D;QAC7D,6DAA6D;QAC7D,2DAA2D;QAC3D,MAAM,MAAM,GAAG,CAAC,OAA2B,EAAQ,EAAE;YACnD,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,OAAO,CAAC,OAAO,CAAC,CAAC;QACnB,CAAC,CAAC;QAEF,MAAM,KAAK,GAAG,IAAA,qBAAK,EAAC,GAAG,EAAE,IAAI,EAAE;YAC7B,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,QAAQ,EAAE,IAAI,EAAE,8CAA8C;YAC9D,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;SAClC,CAAC,CAAC;QAEH,kEAAkE;QAClE,8DAA8D;QAC9D,gEAAgE;QAChE,iEAAiE;QACjE,iEAAiE;QACjE,YAAY;QACZ,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE;YACvB,oDAAoD;YACpD,gEAAgE;YAChE,kDAAkD;YAClD,mCAAmC;YACnC,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,YAAY,CAAC,WAAW,CAAC,CAAC;YAC1B,MAAM,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE;YACrC,MAAM,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE;YACrC,MAAM,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,QAAQ,GAAG,IAAI,CAAC;YAChB,IAAI,CAAC;gBACH,IAAI,KAAK,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;oBAC5B,6DAA6D;oBAC7D,+DAA+D;oBAC/D,+DAA+D;oBAC/D,6DAA6D;oBAC7D,4DAA4D;oBAC5D,2DAA2D;oBAC3D,SAAS;oBACT,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;gBACtC,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,uCAAuC;YACzC,CAAC;QACH,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAEnB,8DAA8D;QAC9D,8DAA8D;QAC9D,kEAAkE;QAClE,2DAA2D;QAC3D,4DAA4D;QAC5D,+DAA+D;QAC/D,8DAA8D;QAC9D,gEAAgE;QAChE,4DAA4D;QAC5D,6DAA6D;QAC7D,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,EAAE;YAClC,IAAI,CAAC;gBACH,IAAI,KAAK,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;oBAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;gBACtC,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,gCAAgC;YAClC,CAAC;YACD,MAAM,CAAC;gBACL,MAAM;gBACN,MAAM;gBACN,IAAI,EAAE,IAAI;gBACV,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;QACL,CAAC,EAAE,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,CAAC;QAE5B,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAC1B,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,YAAY,CAAC,WAAW,CAAC,CAAC;YAC1B,MAAM,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"semgrep.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/semgrep.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;
|
|
1
|
+
{"version":3,"file":"semgrep.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/semgrep.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAMH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,KAAK,EAAsB,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AA6BjG;;;;;GAKG;AACH,MAAM,MAAM,yBAAyB,GACjC;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,QAAQ,EAAE,kBAAkB,CAAA;CAAE,GACjD;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAE5C;;;;GAIG;AACH;;;;;;;;;;GAUG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,GAAG,MAAM,CAKrE;AA4BD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,yBAAyB,CAAC,CAuGzF;AAED;;;GAGG;AAMH,eAAO,MAAM,eAAe,EAAE,kBAAkB,CAAC,kBAAkB,CAAC,GAAG;IACrE,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,yBAAyB,CAAC,CAAC;CAUhE,CAAC"}
|