cc-recommender 0.8.1 → 0.8.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/CHANGELOG.md +13 -32
  2. package/dist/services/fetchers/skills/curated-list-fetcher.js +11 -1
  3. package/dist/services/fetchers/skills/curated-list-fetcher.js.map +1 -1
  4. package/dist/services/security-scanner.service.d.ts.map +1 -1
  5. package/dist/services/security-scanner.service.js +21 -3
  6. package/dist/services/security-scanner.service.js.map +1 -1
  7. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [0.8.2](https://github.com/yuji0809/cc-recommender/compare/v0.8.1...v0.8.2) (2026-02-01)
9
+
10
+
11
+ ### Bug Fixes
12
+
13
+ * **security:** enhance command injection prevention and regex safety ([f237c72](https://github.com/yuji0809/cc-recommender/commit/f237c723b03a4ad78eb9890978dcc3fb2c5bef62))
14
+
8
15
  ## [0.8.1](https://github.com/yuji0809/cc-recommender/compare/v0.8.0...v0.8.1) (2026-02-01)
9
16
 
10
17
 
@@ -22,47 +29,21 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
22
29
  ## [Unreleased]
23
30
 
24
31
  ### Added
25
- - OpenAI skills support (.curated and .experimental subdirectories)
26
- - Obra superpowers skills support
27
- - Direct skill source configuration separated from curated list sources
28
- - Automatic skill repository structure detection
29
- - VoltAgent repository exclusion to prevent false positives
30
32
  - Documentation Agent for checking MD file consistency with code
31
33
  - Pre-commit check command (`/pre-commit-check`) for comprehensive code review before commits
32
- - Quality scoring system for skills based on multiple metrics:
33
- - Official status (0-40 points)
34
- - Stars count (0-30 points, logarithmic scale)
35
- - Freshness (0-20 points, based on last updated date)
36
- - Source priority (0-10 points)
37
- - Quality badges (⭐, ⭐⭐, ⭐⭐⭐) in recommendation output
38
- - Official skills support from GitHub repositories (Anthropic, Supabase, Vercel, etc.)
39
- - GitHub topic search for automatic skill discovery from community (requires GITHUB_TOKEN)
40
- - Retry utility with exponential backoff for handling API rate limits
41
- - Environment variable centralization via `src/config/env.ts` for better maintainability
42
34
  - New agents: Documentation Agent, TDD Agent, Architecture Agent, Security Agent, TypeScript Agent
43
35
  - New skills: documentation-check, architecture-check, security-check, typescript-check, tdd
44
36
  - New commands: pre-commit-check
37
+ - Command injection protection in security scanner with shell argument escaping
38
+ - ReDoS (Regular Expression Denial of Service) protection in curated list fetcher
45
39
 
46
40
  ### Changed
47
- - SKILL_FILE_PATTERNS now prioritizes `SKILL.md` (uppercase) over lowercase variants
48
- - Split skill sources into direct repositories and curated lists for better organization
49
- - Improved skill validation with repository structure checks
50
- - Replace `console.error` with `console.log` for consistent logging across the codebase
51
- - Update score thresholds in `getScoreExplanation` function to use 1-100 scale
52
- - Use raw GitHub data (raw.githubusercontent.com) to avoid API rate limits
53
- - Reorganize fetchers into subdirectories by type (mcp/, plugins/, skills/)
54
- - Update frequency changed from weekly to daily for plugin marketplace, MCP servers, and skills list
55
- - Use `ENV` config instead of direct `process.env` access for better testability and type safety
56
- - Move module-level constants outside functions for improved performance
57
- - Update `.cc-audit.yaml` to treat MW-072 (Burp Suite) as warning instead of error
41
+ - Exclude `data/` directory from cc-audit scans (generated content already filtered by minSecurityScore: 70)
42
+ - Husky v10 compatibility: removed incompatible pre-commit hook lines
58
43
 
59
44
  ### Fixed
60
- - OpenAI experimental skills now correctly fetched (codex-readiness-*, create-plan, gitlab-address-comments)
61
- - Obra skills discovery now working with flat directory structure
62
- - VoltAgent awesome-agent-skills no longer incorrectly detected as a skill itself
63
- - Security scanning now succeeds for all repositories (31/31)
64
- - Improved error handling in data fetching services
65
- - Better retry logic for GitHub API rate limits and temporary failures
45
+ - Command injection vulnerability in `security-scanner.service.ts` (added input validation and escapeShellArg)
46
+ - ReDoS vulnerability in `curated-list-fetcher.ts` (added escapeRegExp for dynamic regex patterns)
66
47
 
67
48
  ## [0.7.0](https://github.com/yuji0809/cc-recommender/compare/v0.6.1...v0.7.0) (2026-01-31)
68
49
 
package/dist/services/fetchers/skills/curated-list-fetcher.js CHANGED
@@ -208,6 +208,15 @@ async function fetchExternalSkill(org, repo, url, _parentMetadata) {
208
208
  return [];
209
209
  }
210
210
  }
211
+ /**
212
+ * 正規表現の特殊文字をエスケープしてReDoS攻撃を防ぐ
213
+ *
214
+ * @param str - エスケープする文字列
215
+ * @returns エスケープされた文字列
216
+ */
217
+ function escapeRegExp(str) {
218
+ return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
219
+ }
211
220
  /**
212
221
  * Extract skill links from README content
213
222
  * Supports both full GitHub URLs and relative paths
@@ -216,7 +225,8 @@ function extractSkillLinksFromReadme(content, section) {
216
225
  let contentToParse = content;
217
226
  // If section specified, extract only that section
218
227
  if (section) {
219
- const sectionRegex = new RegExp(`##\\s+${section}\\s*\\n([\\s\\S]*?)(?=\\n##|$)`, "i");
228
+ const escapedSection = escapeRegExp(section);
229
+ const sectionRegex = new RegExp(`##\\s+${escapedSection}\\s*\\n([\\s\\S]*?)(?=\\n##|$)`, "i");
220
230
  const match = content.match(sectionRegex);
221
231
  if (match?.[1]) {
222
232
  contentToParse = match[1];
package/dist/services/fetchers/skills/curated-list-fetcher.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"curated-list-fetcher.js","sourceRoot":"","sources":["../../../../src/services/fetchers/skills/curated-list-fetcher.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,oBAAoB,GAErB,MAAM,yCAAyC,CAAC;AAEjD,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAC1E,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAGhF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAC1C,OAAO,CAAC,GAAG,CAAC,4DAA4D,CAAC,CAAC;IAE1E,MAAM,SAAS,GAAqB,EAAE,CAAC;IAEvC,KAAK,MAAM,MAAM,IAAI,oBAAoB,EAAE,CAAC;QAC1C,IAAI,CAAC;YACH,OAAO,CAAC,GAAG,CAAC,QAAQ,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,IAAI,oBAAoB,CAAC,CAAC;YACnF,MAAM,MAAM,GAAG,MAAM,0BAA0B,CAAC,MAAM,CAAC,CAAC;YACxD,SAAS,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC;YAC1B,OAAO,CAAC,GAAG,CAAC,gBAAgB,MAAM,CAAC,MAAM,SAAS,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,+BAA+B,MAAM,CAAC,IAAI,GAAG,EAAE,KAAK,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,yCAAyC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IACzE,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,0BAA0B,CAAC,MAAyB;IACjE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,UAAU,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC;IAE7D,0BAA0B;IAC1B,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;IAEzD,2BAA2B;IAC3B,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,GAAG,EAAE,IAAI,EAAE,UAAU,EAAE,aAAa,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;IAEhG,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,qBAAqB,CAClC,GAAW,EACX,IAAY,EACZ,UAAkB,EAClB,OAA2B,EAC3B,QAAsB,EACtB,QAAgB;IAEhB,MAAM,MAAM,GAAqB,EAAE,CAAC;IAEpC,eAAe;IACf,MAAM,SAAS,GAAG,qCAAqC,GAAG,IAAI,IAAI,SAAS,UAAU,EAAE,CAAC;IACxF,MAAM,aAAa,GAAG,MAAM,YAAY,CAAC,SAAS,CAAC,CAAC;IAEpD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,CAAC,GAAG,CAAC,8BAA8B,UAAU,EAAE,CAAC,CAAC;QACxD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,kCAAkC;IAClC,MAAM,UAAU,GAAG,2BAA2B,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IAEvE,OAAO,CAAC,GAAG,CAAC,gBAAgB,UAAU,CAAC,MAAM,mCAAmC,CAAC,CAAC;IAElF,sCAAsC;IACtC,MAAM,YAAY,GAAG,UAAU;SAC5B,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;QACZ,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;QAC9D,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,CAAC,EAAE,OAAO,EAAE,QAAQ,CAAC,GAAG,SAAS,CAAC;YACxC,oDAAoD;YACpD,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;YAClE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;QACtD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;SACD,MAAM,CAAC,CAAC,CAAC,EAAmD,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;IAE9E,OAAO,CAAC,GAAG,CAAC,qBAAqB,YAAY,CAAC,MAAM,kBAAkB,CAAC,CAAC;IAExE,2EAA2E;IAC3E,MAAM,UAAU,GAAG,EAAE,CAAC,CAAC,2DAA2D;IAClF,MAAM,cAAc,GAAwE,EAAE,CAAC;IAE/F,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,IAAI,UAAU,EAAE,CAAC;QACzD,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,CAAC;QAEpD,6BAA6B;QAC7B,MAAM,iBAAiB,GAAG,MAAM,OAAO,CAAC,GAAG,CACzC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;YACrC,MAAM,OAAO,GAAG,MAAM,uBAAuB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YACzD,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;QACrC,CAAC,CAAC,CACH,CAAC;QAEF,cAAc,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,CAAC;QAE1C,qBAAqB;QACrB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,UAAU,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC;QAChE,IAAI,SAAS,GAAG,EAAE,KAAK,CAAC,IAAI,SAAS,KAAK,YAAY,CAAC,MAAM,EAAE,CAAC;YAC9D,MAAM,UAAU,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;YAClE,OAAO,CAAC,GAAG,CACT,sBAAsB,SAAS,IAAI,YAAY,CAAC,MAAM,kBAAkB,UAAU,SAAS,CAC5F,CAAC;QACJ,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,MAAM,UAAU,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC3D,OAAO,CAAC,GAAG,CAAC,gBAAgB,UAAU,CAAC,MAAM,2BAA2B,CAAC,CAAC;IAE1E,mDAAmD;IACnD,MAAM,aAAa,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;QAChE,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;YACvE,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IACtD,MAAM,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC;IAEpC,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,MAAM,gBAAgB,UAAU,CAAC,MAAM,eAAe,CAAC,CAAC;IAE7F,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH;;;GAGG;AACH,MAAM,kBAAkB,GAAG,CAAC,gCAAgC,EAAE,kCAAkC,CAAC,CAAC;AAElG;;GAEG;AACH,SAAS,iBAAiB,CAAC,GAAW,EAAE,IAAY;IAClD,MAAM,OAAO,GAAG,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACjC,OAAO,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AAC9C,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,uBAAuB,CAAC,GAAW,EAAE,IAAY;IAC9D,oCAAoC;IACpC,IAAI,iBAAiB,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC;QACjC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,kDAAkD;IAClD,MAAM,gBAAgB,GAAG,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;IACtD,MAAM,iBAAiB,GAAG,CAAC,UAAU,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;IAEhE,sCAAsC;IACtC,KAAK,MAAM,UAAU,IAAI,gBAAgB,EAAE,CAAC;QAC1C,MAAM,MAAM,GAAG,qCAAqC,GAAG,IAAI,IAAI,SAAS,UAAU,YAAY,CAAC;QAC/F,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,CAAC,yBAAyB;QACxC,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,KAAK,MAAM,WAAW,IAAI,iBAAiB,EAAE,CAAC;QAC5C,MAAM,OAAO,GAAG,qCAAqC,GAAG,IAAI,IAAI,SAAS,WAAW,EAAE,CAAC;QACvF,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAChD,IAAI,WAAW,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC,CAAC,mBAAmB;QAClC,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,CAAC,yBAAyB;AACzC,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC/B,GAAW,EACX,IAAY,EACZ,GAAW,EACX,eAA6B;IAE7B,IAAI,CAAC;QACH,MAAM,MAAM,GAAqB,EAAE,CAAC;QAEpC,qFAAqF;QACrF,MAAM,eAAe,GAAG,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC;QAErD,KAAK,MAAM,SAAS,IAAI,eAAe,EAAE,CAAC;YACxC,gDAAgD;YAChD,MAAM,gBAAgB,GAAG,MAAM,kBAAkB,CAAC,GAAG,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;YAExE,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChC,+CAA+C;gBAC/C,OAAO,CAAC,GAAG,CACT,sCAAsC,GAAG,IAAI,IAAI,IAAI,SAAS,KAAK,gBAAgB,CAAC,MAAM,UAAU,CACrG,CAAC;gBAEF,KAAK,MAAM,SAAS,IAAI,gBAAgB,EAAE,CAAC;oBACzC,IAAI,CAAC;wBACH,MAAM,SAAS,GAAG,GAAG,SAAS,IAAI,SAAS,EAAE,CAAC;wBAC9C,MAAM,KAAK,GAAG,MAAM,iBAAiB,CACnC,GAAG,EACH,IAAI,EACJ,SAAS,EACT;4BACE,IAAI,EAAE,IAAI;4BACV,WAAW,EAAE,eAAe,GAAG,IAAI,IAAI,EAAE;4BACzC,KAAK,EAAE,CAAC;4BACR,GAAG;4BACH,KAAK,EAAE,GAAG;4BACV,QAAQ,EAAE,sBAAsB,GAAG,EAAE;4BACrC,MAAM,EAAE,EAAE;yBACX,EACD,GAAG,CACJ,CAAC;wBAEF,IAAI,KAAK,EAAE,CAAC;4BACV,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;wBACrB,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,iCAAiC;oBACnC,CAAC;gBACH,CAAC;gBAED,OAAO,MAAM,CAAC,CAAC,sCAAsC;YACvD,CAAC;QACH,CAAC;QAED,6CAA6C;QAC7C,6DAA6D;QAC7D,MAAM,gBAAgB,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,mCAAmC;QAE5E,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;YACxC,MAAM,KAAK,GAAG,MAAM,iBAAiB,CACnC,GAAG,EACH,IAAI,EACJ,QAAQ,EACR;gBACE,IAAI,EAAE,IAAI;gBACV,WAAW,EAAE,cAAc,GAAG,IAAI,IAAI,EAAE;gBACxC,KAAK,EAAE,CAAC;gBACR,GAAG;gBACH,KAAK,EAAE,GAAG;gBACV,QAAQ,EAAE,sBAAsB,GAAG,EAAE;gBACrC,MAAM,EAAE,EAAE;aACX,EACD,GAAG,CACJ,CAAC;YAEF,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CACT,kCAAkC,GAAG,IAAI,IAAI,GAAG,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CACzF,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,4DAA4D;QAC5D,OAAO,EAAE,CAAC;IACZ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,2BAA2B,CAAC,OAAe,EAAE,OAAgB;IACpE,IAAI,cAAc,GAAG,OAAO,CAAC;IAE7B,kDAAkD;IAClD,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,YAAY,GAAG,IAAI,MAAM,CAAC,SAAS,OAAO,gCAAgC,EAAE,GAAG,CAAC,CAAC;QACvF,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAC1C,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACf,cAAc,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,8BAA8B;IAC9B,MAAM,cAAc,GAAG,iDAAiD,CAAC;IACzE,MAAM,UAAU,GAAG,cAAc,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAC3D,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;QAC/B,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YACb,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,sEAAsE;IACtE,MAAM,aAAa,GAAG,yCAAyC,CAAC;IAChE,MAAM,eAAe,GAAG,cAAc,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;IAC/D,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YACb,kEAAkE;YAClE,sDAAsD;YACtD,0DAA0D;QAC5D,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;AAC7B,CAAC"}
1
+ {"version":3,"file":"curated-list-fetcher.js","sourceRoot":"","sources":["../../../../src/services/fetchers/skills/curated-list-fetcher.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,oBAAoB,GAErB,MAAM,yCAAyC,CAAC;AAEjD,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAC1E,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAGhF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAC1C,OAAO,CAAC,GAAG,CAAC,4DAA4D,CAAC,CAAC;IAE1E,MAAM,SAAS,GAAqB,EAAE,CAAC;IAEvC,KAAK,MAAM,MAAM,IAAI,oBAAoB,EAAE,CAAC;QAC1C,IAAI,CAAC;YACH,OAAO,CAAC,GAAG,CAAC,QAAQ,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,IAAI,oBAAoB,CAAC,CAAC;YACnF,MAAM,MAAM,GAAG,MAAM,0BAA0B,CAAC,MAAM,CAAC,CAAC;YACxD,SAAS,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC;YAC1B,OAAO,CAAC,GAAG,CAAC,gBAAgB,MAAM,CAAC,MAAM,SAAS,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,+BAA+B,MAAM,CAAC,IAAI,GAAG,EAAE,KAAK,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,yCAAyC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IACzE,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,0BAA0B,CAAC,MAAyB;IACjE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,UAAU,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC;IAE7D,0BAA0B;IAC1B,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;IAEzD,2BAA2B;IAC3B,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,GAAG,EAAE,IAAI,EAAE,UAAU,EAAE,aAAa,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;IAEhG,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,qBAAqB,CAClC,GAAW,EACX,IAAY,EACZ,UAAkB,EAClB,OAA2B,EAC3B,QAAsB,EACtB,QAAgB;IAEhB,MAAM,MAAM,GAAqB,EAAE,CAAC;IAEpC,eAAe;IACf,MAAM,SAAS,GAAG,qCAAqC,GAAG,IAAI,IAAI,SAAS,UAAU,EAAE,CAAC;IACxF,MAAM,aAAa,GAAG,MAAM,YAAY,CAAC,SAAS,CAAC,CAAC;IAEpD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,CAAC,GAAG,CAAC,8BAA8B,UAAU,EAAE,CAAC,CAAC;QACxD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,kCAAkC;IAClC,MAAM,UAAU,GAAG,2BAA2B,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IAEvE,OAAO,CAAC,GAAG,CAAC,gBAAgB,UAAU,CAAC,MAAM,mCAAmC,CAAC,CAAC;IAElF,sCAAsC;IACtC,MAAM,YAAY,GAAG,UAAU;SAC5B,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;QACZ,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;QAC9D,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,CAAC,EAAE,OAAO,EAAE,QAAQ,CAAC,GAAG,SAAS,CAAC;YACxC,oDAAoD;YACpD,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;YAClE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;QACtD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;SACD,MAAM,CAAC,CAAC,CAAC,EAAmD,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;IAE9E,OAAO,CAAC,GAAG,CAAC,qBAAqB,YAAY,CAAC,MAAM,kBAAkB,CAAC,CAAC;IAExE,2EAA2E;IAC3E,MAAM,UAAU,GAAG,EAAE,CAAC,CAAC,2DAA2D;IAClF,MAAM,cAAc,GAAwE,EAAE,CAAC;IAE/F,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,IAAI,UAAU,EAAE,CAAC;QACzD,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,CAAC;QAEpD,6BAA6B;QAC7B,MAAM,iBAAiB,GAAG,MAAM,OAAO,CAAC,GAAG,CACzC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;YACrC,MAAM,OAAO,GAAG,MAAM,uBAAuB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YACzD,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;QACrC,CAAC,CAAC,CACH,CAAC;QAEF,cAAc,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,CAAC;QAE1C,qBAAqB;QACrB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,UAAU,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC;QAChE,IAAI,SAAS,GAAG,EAAE,KAAK,CAAC,IAAI,SAAS,KAAK,YAAY,CAAC,MAAM,EAAE,CAAC;YAC9D,MAAM,UAAU,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;YAClE,OAAO,CAAC,GAAG,CACT,sBAAsB,SAAS,IAAI,YAAY,CAAC,MAAM,kBAAkB,UAAU,SAAS,CAC5F,CAAC;QACJ,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,MAAM,UAAU,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC3D,OAAO,CAAC,GAAG,CAAC,gBAAgB,UAAU,CAAC,MAAM,2BAA2B,CAAC,CAAC;IAE1E,mDAAmD;IACnD,MAAM,aAAa,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;QAChE,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;YACvE,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IACtD,MAAM,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC;IAEpC,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,MAAM,gBAAgB,UAAU,CAAC,MAAM,eAAe,CAAC,CAAC;IAE7F,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH;;;GAGG;AACH,MAAM,kBAAkB,GAAG,CAAC,gCAAgC,EAAE,kCAAkC,CAAC,CAAC;AAElG;;GAEG;AACH,SAAS,iBAAiB,CAAC,GAAW,EAAE,IAAY;IAClD,MAAM,OAAO,GAAG,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACjC,OAAO,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AAC9C,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,uBAAuB,CAAC,GAAW,EAAE,IAAY;IAC9D,oCAAoC;IACpC,IAAI,iBAAiB,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC;QACjC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,kDAAkD;IAClD,MAAM,gBAAgB,GAAG,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;IACtD,MAAM,iBAAiB,GAAG,CAAC,UAAU,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;IAEhE,sCAAsC;IACtC,KAAK,MAAM,UAAU,IAAI,gBAAgB,EAAE,CAAC;QAC1C,MAAM,MAAM,GAAG,qCAAqC,GAAG,IAAI,IAAI,SAAS,UAAU,YAAY,CAAC;QAC/F,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,CAAC,yBAAyB;QACxC,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,KAAK,MAAM,WAAW,IAAI,iBAAiB,EAAE,CAAC;QAC5C,MAAM,OAAO,GAAG,qCAAqC,GAAG,IAAI,IAAI,SAAS,WAAW,EAAE,CAAC;QACvF,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAChD,IAAI,WAAW,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC,CAAC,mBAAmB;QAClC,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,CAAC,yBAAyB;AACzC,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC/B,GAAW,EACX,IAAY,EACZ,GAAW,EACX,eAA6B;IAE7B,IAAI,CAAC;QACH,MAAM,MAAM,GAAqB,EAAE,CAAC;QAEpC,qFAAqF;QACrF,MAAM,eAAe,GAAG,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC;QAErD,KAAK,MAAM,SAAS,IAAI,eAAe,EAAE,CAAC;YACxC,gDAAgD;YAChD,MAAM,gBAAgB,GAAG,MAAM,kBAAkB,CAAC,GAAG,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;YAExE,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChC,+CAA+C;gBAC/C,OAAO,CAAC,GAAG,CACT,sCAAsC,GAAG,IAAI,IAAI,IAAI,SAAS,KAAK,gBAAgB,CAAC,MAAM,UAAU,CACrG,CAAC;gBAEF,KAAK,MAAM,SAAS,IAAI,gBAAgB,EAAE,CAAC;oBACzC,IAAI,CAAC;wBACH,MAAM,SAAS,GAAG,GAAG,SAAS,IAAI,SAAS,EAAE,CAAC;wBAC9C,MAAM,KAAK,GAAG,MAAM,iBAAiB,CACnC,GAAG,EACH,IAAI,EACJ,SAAS,EACT;4BACE,IAAI,EAAE,IAAI;4BACV,WAAW,EAAE,eAAe,GAAG,IAAI,IAAI,EAAE;4BACzC,KAAK,EAAE,CAAC;4BACR,GAAG;4BACH,KAAK,EAAE,GAAG;4BACV,QAAQ,EAAE,sBAAsB,GAAG,EAAE;4BACrC,MAAM,EAAE,EAAE;yBACX,EACD,GAAG,CACJ,CAAC;wBAEF,IAAI,KAAK,EAAE,CAAC;4BACV,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;wBACrB,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,iCAAiC;oBACnC,CAAC;gBACH,CAAC;gBAED,OAAO,MAAM,CAAC,CAAC,sCAAsC;YACvD,CAAC;QACH,CAAC;QAED,6CAA6C;QAC7C,6DAA6D;QAC7D,MAAM,gBAAgB,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,mCAAmC;QAE5E,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;YACxC,MAAM,KAAK,GAAG,MAAM,iBAAiB,CACnC,GAAG,EACH,IAAI,EACJ,QAAQ,EACR;gBACE,IAAI,EAAE,IAAI;gBACV,WAAW,EAAE,cAAc,GAAG,IAAI,IAAI,EAAE;gBACxC,KAAK,EAAE,CAAC;gBACR,GAAG;gBACH,KAAK,EAAE,GAAG;gBACV,QAAQ,EAAE,sBAAsB,GAAG,EAAE;gBACrC,MAAM,EAAE,EAAE;aACX,EACD,GAAG,CACJ,CAAC;YAEF,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CACT,kCAAkC,GAAG,IAAI,IAAI,GAAG,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CACzF,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,4DAA4D;QAC5D,OAAO,EAAE,CAAC;IACZ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAS,YAAY,CAAC,GAAW;IAC/B,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED;;;GAGG;AACH,SAAS,2BAA2B,CAAC,OAAe,EAAE,OAAgB;IACpE,IAAI,cAAc,GAAG,OAAO,CAAC;IAE7B,kDAAkD;IAClD,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,cAAc,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;QAC7C,MAAM,YAAY,GAAG,IAAI,MAAM,CAAC,SAAS,cAAc,gCAAgC,EAAE,GAAG,CAAC,CAAC;QAC9F,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAC1C,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACf,cAAc,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,8BAA8B;IAC9B,MAAM,cAAc,GAAG,iDAAiD,CAAC;IACzE,MAAM,UAAU,GAAG,cAAc,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAC3D,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;QAC/B,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YACb,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,sEAAsE;IACtE,MAAM,aAAa,GAAG,yCAAyC,CAAC;IAChE,MAAM,eAAe,GAAG,cAAc,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;IAC/D,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YACb,kEAAkE;YAClE,sDAAsD;YACtD,0DAA0D;QAC5D,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;AAC7B,CAAC"}
package/dist/services/security-scanner.service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"security-scanner.service.d.ts","sourceRoot":"","sources":["../../src/services/security-scanner.service.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAOH,sBAAsB;AACtB,MAAM,MAAM,kBAAkB,GAAG;IAC/B,kCAAkC;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB;IACjB,QAAQ,EAAE;QACR,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;IACF,gBAAgB;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,wBAAwB;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF;;;;;;GAMG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,MAAM,EACf,QAAQ,GAAE,KAAK,GAAG,OAAO,GAAG,QAAgB,GAC3C,OAAO,CAAC,kBAAkB,CAAC,CAmD7B;AAED;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CACpC,KAAK,EAAE,KAAK,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,KAAK,GAAG,OAAO,GAAG,QAAQ,CAAA;CAAE,CAAC,EAC/D,WAAW,SAAK,GACf,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC,CAuB1C;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAKtD"}
1
+ {"version":3,"file":"security-scanner.service.d.ts","sourceRoot":"","sources":["../../src/services/security-scanner.service.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAOH,sBAAsB;AACtB,MAAM,MAAM,kBAAkB,GAAG;IAC/B,kCAAkC;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB;IACjB,QAAQ,EAAE;QACR,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;IACF,gBAAgB;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,wBAAwB;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAYF;;;;;;GAMG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,MAAM,EACf,QAAQ,GAAE,KAAK,GAAG,OAAO,GAAG,QAAgB,GAC3C,OAAO,CAAC,kBAAkB,CAAC,CA+D7B;AAED;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CACpC,KAAK,EAAE,KAAK,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,KAAK,GAAG,OAAO,GAAG,QAAQ,CAAA;CAAE,CAAC,EAC/D,WAAW,SAAK,GACf,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC,CAuB1C;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAKtD"}
package/dist/services/security-scanner.service.js CHANGED
@@ -6,6 +6,15 @@
6
6
  import { exec } from "node:child_process";
7
7
  import { promisify } from "node:util";
8
8
  const execAsync = promisify(exec);
9
+ /**
10
+ * シェル引数をエスケープしてコマンドインジェクションを防ぐ
11
+ *
12
+ * @param arg - エスケープする引数
13
+ * @returns エスケープされた引数
14
+ */
15
+ function escapeShellArg(arg) {
16
+ return `'${arg.replace(/'/g, "'\\''")}'`;
17
+ }
9
18
  /**
10
19
  * GitHubリポジトリをcc-auditでスキャン
11
20
  *
@@ -15,12 +24,21 @@ const execAsync = promisify(exec);
15
24
  */
16
25
  export async function scanRepository(repoUrl, scanType = "mcp") {
17
26
  try {
27
+ // バリデーション: repoUrl が有効な GitHub URL であることを確認
28
+ const urlPattern = /^https:\/\/github\.com\/[\w-]+\/[\w-]+(\/.*)?$/;
29
+ if (!urlPattern.test(repoUrl)) {
30
+ throw new Error(`Invalid GitHub repository URL: ${repoUrl}`);
31
+ }
32
+ // バリデーション: scanType が有効な値であることを確認
33
+ const validScanTypes = ["mcp", "skill", "plugin"];
34
+ if (!validScanTypes.includes(scanType)) {
35
+ throw new Error(`Invalid scan type: ${scanType}`);
36
+ }
18
37
  // cc-audit を --remote モードで実行
19
38
  // --config で現在のプロジェクトの設定ファイルを使用
20
39
  const configPath = `${process.cwd()}/.cc-audit.yaml`;
21
- // Escape shell arguments to prevent command injection
22
- const escapedConfigPath = configPath.replace(/'/g, "'\\''");
23
- const command = `npx -y @cc-audit/cc-audit check --remote ${repoUrl} --type ${scanType} --config '${escapedConfigPath}' --format json --ci`;
40
+ // コマンドインジェクション対策: すべての引数をエスケープ
41
+ const command = `npx -y @cc-audit/cc-audit check --remote ${escapeShellArg(repoUrl)} --type ${escapeShellArg(scanType)} --config ${escapeShellArg(configPath)} --format json --ci`;
24
42
  const { stdout } = await execAsync(command, {
25
43
  timeout: 30000, // 30秒タイムアウト
26
44
  });
package/dist/services/security-scanner.service.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"security-scanner.service.js","sourceRoot":"","sources":["../../src/services/security-scanner.service.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAmBlC;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAe,EACf,WAAuC,KAAK;IAE5C,IAAI,CAAC;QACH,6BAA6B;QAC7B,gCAAgC;QAChC,MAAM,UAAU,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,iBAAiB,CAAC;QACrD,sDAAsD;QACtD,MAAM,iBAAiB,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC5D,MAAM,OAAO,GAAG,4CAA4C,OAAO,WAAW,QAAQ,cAAc,iBAAiB,sBAAsB,CAAC;QAE5I,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE;YAC1C,OAAO,EAAE,KAAK,EAAE,YAAY;SAC7B,CAAC,CAAC;QAEH,aAAa;QACb,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAElC,sBAAsB;QACtB,oDAAoD;QACpD,MAAM,QAAQ,GAAG;YACf,QAAQ,EAAE,MAAM,CAAC,OAAO,EAAE,QAAQ,IAAI,CAAC;YACvC,IAAI,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC;YAC/B,MAAM,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,CAAC;YACnC,GAAG,EAAE,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;SAC9B,CAAC;QAEF,MAAM,SAAS,GACb,QAAQ,CAAC,QAAQ,GAAG,EAAE,GAAG,QAAQ,CAAC,IAAI,GAAG,EAAE,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAC;QAEvF,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,SAAS,CAAC,CAAC;QAE3C,OAAO;YACL,KAAK;YACL,QAAQ;YACR,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,OAAO,GAAG,EAAE,KAAK,CAAC,CAAC;QAE7D,gBAAgB;QAChB,OAAO;YACL,KAAK,EAAE,CAAC;YACR,QAAQ,EAAE;gBACR,QAAQ,EAAE,CAAC;gBACX,IAAI,EAAE,CAAC;gBACP,MAAM,EAAE,CAAC;gBACT,GAAG,EAAE,CAAC;aACP;YACD,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,KAA+D,EAC/D,WAAW,GAAG,EAAE;IAEhB,MAAM,OAAO,GAAG,IAAI,GAAG,EAA8B,CAAC;IAEtD,mBAAmB;IACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC;QACnD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC;QAE9C,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CACpC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;YACzB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,MAAM,EAAE,MAAM,cAAc,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC;SAClD,CAAC,CAAC,CACJ,CAAC;QAEF,KAAK,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAC3B,CAAC;QAED,OAAO;QACP,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,MAAM,eAAe,CAAC,CAAC;IACjG,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAa;IAC5C,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,cAAc,CAAC;IACvC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,SAAS,CAAC;IAClC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,SAAS,CAAC;IAClC,OAAO,SAAS,CAAC;AACnB,CAAC"}
1
+ {"version":3,"file":"security-scanner.service.js","sourceRoot":"","sources":["../../src/services/security-scanner.service.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAmBlC;;;;;GAKG;AACH,SAAS,cAAc,CAAC,GAAW;IACjC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC;AAC3C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAe,EACf,WAAuC,KAAK;IAE5C,IAAI,CAAC;QACH,4CAA4C;QAC5C,MAAM,UAAU,GAAG,gDAAgD,CAAC;QACpE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,kCAAkC,OAAO,EAAE,CAAC,CAAC;QAC/D,CAAC;QAED,kCAAkC;QAClC,MAAM,cAAc,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAU,CAAC;QAC3D,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,sBAAsB,QAAQ,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,6BAA6B;QAC7B,gCAAgC;QAChC,MAAM,UAAU,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,iBAAiB,CAAC;QAErD,+BAA+B;QAC/B,MAAM,OAAO,GAAG,4CAA4C,cAAc,CAAC,OAAO,CAAC,WAAW,cAAc,CAAC,QAAQ,CAAC,aAAa,cAAc,CAAC,UAAU,CAAC,qBAAqB,CAAC;QAEnL,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE;YAC1C,OAAO,EAAE,KAAK,EAAE,YAAY;SAC7B,CAAC,CAAC;QAEH,aAAa;QACb,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAElC,sBAAsB;QACtB,oDAAoD;QACpD,MAAM,QAAQ,GAAG;YACf,QAAQ,EAAE,MAAM,CAAC,OAAO,EAAE,QAAQ,IAAI,CAAC;YACvC,IAAI,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC;YAC/B,MAAM,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,CAAC;YACnC,GAAG,EAAE,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;SAC9B,CAAC;QAEF,MAAM,SAAS,GACb,QAAQ,CAAC,QAAQ,GAAG,EAAE,GAAG,QAAQ,CAAC,IAAI,GAAG,EAAE,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,GAAG,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAC;QAEvF,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,SAAS,CAAC,CAAC;QAE3C,OAAO;YACL,KAAK;YACL,QAAQ;YACR,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,OAAO,GAAG,EAAE,KAAK,CAAC,CAAC;QAE7D,gBAAgB;QAChB,OAAO;YACL,KAAK,EAAE,CAAC;YACR,QAAQ,EAAE;gBACR,QAAQ,EAAE,CAAC;gBACX,IAAI,EAAE,CAAC;gBACP,MAAM,EAAE,CAAC;gBACT,GAAG,EAAE,CAAC;aACP;YACD,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,KAA+D,EAC/D,WAAW,GAAG,EAAE;IAEhB,MAAM,OAAO,GAAG,IAAI,GAAG,EAA8B,CAAC;IAEtD,mBAAmB;IACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC;QACnD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC;QAE9C,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CACpC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;YACzB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,MAAM,EAAE,MAAM,cAAc,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC;SAClD,CAAC,CAAC,CACJ,CAAC;QAEF,KAAK,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAC3B,CAAC;QAED,OAAO;QACP,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,MAAM,eAAe,CAAC,CAAC;IACjG,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAa;IAC5C,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,cAAc,CAAC;IACvC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,SAAS,CAAC;IAClC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,SAAS,CAAC;IAClC,OAAO,SAAS,CAAC;AACnB,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cc-recommender",
3
- "version": "0.8.1",
3
+ "version": "0.8.2",
4
4
  "description": "MCP server for recommending Claude Code skills, plugins, and MCP servers",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",