npm - codeprobe-scanner - Versions diffs - 1.0.7 → 1.0.8 - Mend

codeprobe-scanner 1.0.7 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "codeprobe-scanner",
-  "version": "1.0.7",
+  "version": "1.0.8",
   "description": "Automated vulnerability scanner with exploit verification and video evidence",
   "type": "module",
   "bin": {

package/src/cli/index.ts ADDED Viewed

@@ -0,0 +1,137 @@
+#!/usr/bin/env bun
+import chalk from 'chalk';
+import { APP_NAME, APP_VERSION, EXIT_CODES } from '../shared/constants.js';
+import { ProgressLogger } from './progress.js';
+import { handleError } from './errors.js';
+import { scanCommand } from './commands/scan.js';
+import { reportCommand } from './commands/report.js';
+const logger = new ProgressLogger();
+function showHelp(): void {
+  console.log(`
+${chalk.bold.cyan(`⚡ ${APP_NAME} v${APP_VERSION}`)}
+${chalk.bold('USAGE')}
+  codeprobe <command> [options] [arguments]
+${chalk.bold('COMMANDS')}
+  scan [path]     Scan a repository for vulnerabilities (default: current dir)
+  report          Display last scan results
+  config          Manage configuration
+  help            Show this help message
+${chalk.bold('OPTIONS')}
+  --fix           Auto-fix vulnerabilities (creates git branch & commits)
+  --json          Output results as JSON
+  --verbose       Show detailed logs
+  --help          Show help
+${chalk.bold('EXAMPLES')}
+  codeprobe scan
+  codeprobe scan ./my-app
+  codeprobe scan --fix
+  codeprobe scan --json > report.json
+  codeprobe report
+  codeprobe config set bright_data_api_key <key>
+${chalk.bold('DOCS')}
+  https://github.com/codeprobe/codeprobe
+`);
+}
+async function main(): Promise<void> {
+  const args = process.argv.slice(2);
+  // No args = show help
+  if (args.length === 0) {
+    showHelp();
+    process.exit(EXIT_CODES.SUCCESS);
+  }
+  const command = args[0];
+  const restArgs = args.slice(1);
+  try {
+    switch (command) {
+      case 'scan':
+        await scanCommand(restArgs);
+        break;
+      case 'report':
+        await reportCommand(restArgs);
+        break;
+      case 'config':
+        await handleConfigCommand(restArgs);
+        break;
+      case '--help':
+      case '-h':
+      case 'help':
+        showHelp();
+        break;
+      default:
+        console.error(chalk.red(`Unknown command: ${command}`));
+        console.log(`Run ${chalk.cyan('codeprobe --help')} for usage`);
+        process.exit(EXIT_CODES.SCAN_FAILED);
+    }
+  } catch (error) {
+    handleError(error, logger, true);
+  }
+}
+async function handleConfigCommand(args: string[]): Promise<void> {
+  const { getConfig, setConfig, clearConfig } = await import('./config.js');
+  const subcommand = args[0];
+  switch (subcommand) {
+    case 'get':
+      {
+        const key = args[1];
+        if (!key) {
+          const config = await getConfig();
+          console.log(JSON.stringify(config, null, 2));
+        } else {
+          const value = await getConfig(key);
+          console.log(value || `${key} not set`);
+        }
+      }
+      break;
+    case 'set':
+      {
+        const key = args[1];
+        const value = args[2];
+        if (!key || !value) {
+          console.error(chalk.red('Usage: codeprobe config set <key> <value>'));
+          process.exit(EXIT_CODES.SCAN_FAILED);
+        }
+        await setConfig(key, value);
+      }
+      break;
+    case 'clear':
+      {
+        const key = args[1];
+        if (!key) {
+          console.error(chalk.red('Usage: codeprobe config clear <key>'));
+          process.exit(EXIT_CODES.SCAN_FAILED);
+        }
+        await clearConfig(key);
+      }
+      break;
+    default:
+      console.error(chalk.red(`Unknown config subcommand: ${subcommand}`));
+      console.log(`Usage: codeprobe config [get|set|clear]`);
+      process.exit(EXIT_CODES.SCAN_FAILED);
+  }
+}
+main().catch((error) => {
+  handleError(error, logger, true);
+});

package/src/engine/index.ts ADDED Viewed

@@ -0,0 +1,90 @@
+import { createParser } from "./parser";
+import { createScraper } from "./scraper";
+import { createSandbox } from "./sandbox";
+import { createMatcher } from "./matcher";
+import { createPatcher } from "./patcher";
+import { createReportBuilder } from "./report";
+import { Report } from "../shared/types";
+export class CodeProbeEngine {
+  private parser = createParser();
+  private scraper = createScraper();
+  private sandbox = createSandbox();
+  private matcher = createMatcher();
+  private patcher = createPatcher();
+  private reportBuilder = createReportBuilder();
+  getVideoRecorder() {
+    return this.sandbox.getVideoRecorder();
+  }
+  async scan(repoPath: string): Promise<Report> {
+    const startTime = Date.now();
+    try {
+      // Step 1: Parse dependencies
+      console.log("📦 Parsing dependencies...");
+      const dependencies = await this.parser.parseDependencies(repoPath);
+      console.log(`   Found ${dependencies.length} dependencies`);
+      // Step 2: Scrape CVEs (Bright Data)
+      console.log("\x1b[33m[Bright Data]\x1b[0m 🔍 Scraping CVE data from NVD, Exploit-DB, Snyk...");
+      const cves = await this.scraper.scrapeAll(dependencies);
+      console.log(`   Found ${cves.length} CVEs`);
+      // Step 3: Match dependencies to CVEs
+      console.log("🎯 Matching dependencies to CVEs...");
+      const matchedCves = this.matcher.matchDependenciesToCVEs(dependencies, cves);
+      console.log(`   Matched ${matchedCves.length} CVEs`);
+      // Step 4: Filter CRITICAL/HIGH for sandbox verification
+      const criticalCves = this.matcher.filterBySeverity(matchedCves, "HIGH");
+      console.log(`   Testing ${criticalCves.length} critical/high severity CVEs...`);
+      // Step 5: Run exploit verification in sandboxes (Daytona)
+      const exploits = criticalCves.map((cve) => ({
+        packageName: cve.package,
+        version: cve.version_vulnerable,
+        cveId: cve.id,
+      }));
+      console.log("\x1b[33m[Daytona]\x1b[0m 🏗️  Spawning isolated sandboxes for exploit verification...");
+      const sandboxResults = await this.sandbox.parallelRun(exploits);
+      // Step 6: Update CVEs with sandbox results
+      for (const cve of matchedCves) {
+        const sandboxResult = sandboxResults.get(cve.id);
+        if (sandboxResult) {
+          cve.exploitable = sandboxResult.success;
+          cve.exploit_evidence = sandboxResult.stdout;
+          cve.verification_time_ms = sandboxResult.time_ms;
+        }
+      }
+      // Step 7: Generate patches (Nosana)
+      console.log("\x1b[33m[Nosana]\x1b[0m 🔧 Generating patches with LLM...");
+      await this.patcher.loadPrebakedPatches();
+      const patches = await this.patcher.generateAllPatches(matchedCves.filter((c) => c.exploitable));
+      for (const cve of matchedCves) {
+        if (patches.has(cve.id)) {
+          cve.patch_diff = patches.get(cve.id);
+        }
+      }
+      // Step 8: Calculate risk score
+      const riskScore = this.matcher.calculateRiskScore(matchedCves);
+      // Step 9: Build and save report
+      const scanDuration = Date.now() - startTime;
+      const report = await this.reportBuilder.buildReport(repoPath, matchedCves, riskScore, scanDuration, dependencies.length);
+      await this.reportBuilder.saveReport(report);
+      return report;
+    } catch (error) {
+      throw new Error(`Scan failed: ${error instanceof Error ? error.message : String(error)}`);
+    }
+  }
+}
+export const createEngine = () => new CodeProbeEngine();