codeslick-cli 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +458 -0
- package/__tests__/cli-reporter.test.ts +86 -0
- package/__tests__/config-loader.test.ts +247 -0
- package/__tests__/local-scanner.test.ts +245 -0
- package/bin/codeslick.cjs +153 -0
- package/dist/packages/cli/src/commands/auth.d.ts +36 -0
- package/dist/packages/cli/src/commands/auth.d.ts.map +1 -0
- package/dist/packages/cli/src/commands/auth.js +226 -0
- package/dist/packages/cli/src/commands/auth.js.map +1 -0
- package/dist/packages/cli/src/commands/config.d.ts +37 -0
- package/dist/packages/cli/src/commands/config.d.ts.map +1 -0
- package/dist/packages/cli/src/commands/config.js +196 -0
- package/dist/packages/cli/src/commands/config.js.map +1 -0
- package/dist/packages/cli/src/commands/init.d.ts +32 -0
- package/dist/packages/cli/src/commands/init.d.ts.map +1 -0
- package/dist/packages/cli/src/commands/init.js +171 -0
- package/dist/packages/cli/src/commands/init.js.map +1 -0
- package/dist/packages/cli/src/commands/scan.d.ts +40 -0
- package/dist/packages/cli/src/commands/scan.d.ts.map +1 -0
- package/dist/packages/cli/src/commands/scan.js +204 -0
- package/dist/packages/cli/src/commands/scan.js.map +1 -0
- package/dist/packages/cli/src/config/config-loader.d.ts +67 -0
- package/dist/packages/cli/src/config/config-loader.d.ts.map +1 -0
- package/dist/packages/cli/src/config/config-loader.js +146 -0
- package/dist/packages/cli/src/config/config-loader.js.map +1 -0
- package/dist/packages/cli/src/reporters/cli-reporter.d.ts +69 -0
- package/dist/packages/cli/src/reporters/cli-reporter.d.ts.map +1 -0
- package/dist/packages/cli/src/reporters/cli-reporter.js +244 -0
- package/dist/packages/cli/src/reporters/cli-reporter.js.map +1 -0
- package/dist/packages/cli/src/scanner/local-scanner.d.ts +92 -0
- package/dist/packages/cli/src/scanner/local-scanner.d.ts.map +1 -0
- package/dist/packages/cli/src/scanner/local-scanner.js +221 -0
- package/dist/packages/cli/src/scanner/local-scanner.js.map +1 -0
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.d.ts +88 -0
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.d.ts.map +1 -0
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js +371 -0
- package/dist/src/lib/analyzers/helpers/ai-code-detection-utils.js.map +1 -0
- package/dist/src/lib/analyzers/helpers/jsx-helpers.d.ts +63 -0
- package/dist/src/lib/analyzers/helpers/jsx-helpers.d.ts.map +1 -0
- package/dist/src/lib/analyzers/helpers/jsx-helpers.js +95 -0
- package/dist/src/lib/analyzers/helpers/jsx-helpers.js.map +1 -0
- package/dist/src/lib/analyzers/helpers/variable-tracker.d.ts +59 -0
- package/dist/src/lib/analyzers/helpers/variable-tracker.d.ts.map +1 -0
- package/dist/src/lib/analyzers/helpers/variable-tracker.js +231 -0
- package/dist/src/lib/analyzers/helpers/variable-tracker.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/access-control.d.ts +20 -0
- package/dist/src/lib/analyzers/java/security-checks/access-control.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/access-control.js +129 -0
- package/dist/src/lib/analyzers/java/security-checks/access-control.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.d.ts +25 -0
- package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.js +221 -0
- package/dist/src/lib/analyzers/java/security-checks/ai-generated-code.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/code-quality.d.ts +18 -0
- package/dist/src/lib/analyzers/java/security-checks/code-quality.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/code-quality.js +84 -0
- package/dist/src/lib/analyzers/java/security-checks/code-quality.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/crypto-validation.d.ts +18 -0
- package/dist/src/lib/analyzers/java/security-checks/crypto-validation.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/crypto-validation.js +161 -0
- package/dist/src/lib/analyzers/java/security-checks/crypto-validation.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.d.ts +20 -0
- package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.js +163 -0
- package/dist/src/lib/analyzers/java/security-checks/deserialization-xxe.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.d.ts +24 -0
- package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.js +178 -0
- package/dist/src/lib/analyzers/java/security-checks/enhanced-supply-chain.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/exception-handling.d.ts +25 -0
- package/dist/src/lib/analyzers/java/security-checks/exception-handling.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/exception-handling.js +179 -0
- package/dist/src/lib/analyzers/java/security-checks/exception-handling.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/file-operations.d.ts +17 -0
- package/dist/src/lib/analyzers/java/security-checks/file-operations.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/file-operations.js +67 -0
- package/dist/src/lib/analyzers/java/security-checks/file-operations.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/framework-security.d.ts +25 -0
- package/dist/src/lib/analyzers/java/security-checks/framework-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/framework-security.js +396 -0
- package/dist/src/lib/analyzers/java/security-checks/framework-security.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.d.ts +20 -0
- package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.js +123 -0
- package/dist/src/lib/analyzers/java/security-checks/hardcoded-credentials.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/injection-attacks.d.ts +23 -0
- package/dist/src/lib/analyzers/java/security-checks/injection-attacks.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/injection-attacks.js +201 -0
- package/dist/src/lib/analyzers/java/security-checks/injection-attacks.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/insecure-design.d.ts +20 -0
- package/dist/src/lib/analyzers/java/security-checks/insecure-design.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/insecure-design.js +121 -0
- package/dist/src/lib/analyzers/java/security-checks/insecure-design.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/logging-failures.d.ts +20 -0
- package/dist/src/lib/analyzers/java/security-checks/logging-failures.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/logging-failures.js +89 -0
- package/dist/src/lib/analyzers/java/security-checks/logging-failures.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.d.ts +26 -0
- package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.js +309 -0
- package/dist/src/lib/analyzers/java/security-checks/security-misconfiguration.js.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.d.ts +18 -0
- package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.js +114 -0
- package/dist/src/lib/analyzers/java/security-checks/unsafe-patterns.js.map +1 -0
- package/dist/src/lib/analyzers/java/utils/createVulnerability.d.ts +58 -0
- package/dist/src/lib/analyzers/java/utils/createVulnerability.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java/utils/createVulnerability.js +71 -0
- package/dist/src/lib/analyzers/java/utils/createVulnerability.js.map +1 -0
- package/dist/src/lib/analyzers/java-analyzer.d.ts +209 -0
- package/dist/src/lib/analyzers/java-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/java-analyzer.js +1720 -0
- package/dist/src/lib/analyzers/java-analyzer.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.d.ts +27 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.js +123 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.d.ts +44 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.js +224 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/async-patterns.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.d.ts +50 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.js +284 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/code-patterns.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.d.ts +27 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.js +86 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/comparison-issues.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.d.ts +32 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.js +44 -0
- package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/access-control.d.ts +22 -0
- package/dist/src/lib/analyzers/javascript/security-checks/access-control.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/access-control.js +168 -0
- package/dist/src/lib/analyzers/javascript/security-checks/access-control.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.d.ts +25 -0
- package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.js +232 -0
- package/dist/src/lib/analyzers/javascript/security-checks/ai-generated-code.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.d.ts +27 -0
- package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.js +222 -0
- package/dist/src/lib/analyzers/javascript/security-checks/authentication-failures.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.d.ts +28 -0
- package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.js +176 -0
- package/dist/src/lib/analyzers/javascript/security-checks/credential-crypto.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.d.ts +23 -0
- package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.js +113 -0
- package/dist/src/lib/analyzers/javascript/security-checks/enhanced-supply-chain.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.d.ts +28 -0
- package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.js +227 -0
- package/dist/src/lib/analyzers/javascript/security-checks/exception-handling.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.d.ts +32 -0
- package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.js +260 -0
- package/dist/src/lib/analyzers/javascript/security-checks/injection-attacks.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.d.ts +26 -0
- package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.js +164 -0
- package/dist/src/lib/analyzers/javascript/security-checks/insecure-design.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.d.ts +26 -0
- package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.js +775 -0
- package/dist/src/lib/analyzers/javascript/security-checks/security-misconfiguration.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.d.ts +25 -0
- package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.js +168 -0
- package/dist/src/lib/analyzers/javascript/security-checks/software-integrity.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/storage-security.d.ts +27 -0
- package/dist/src/lib/analyzers/javascript/security-checks/storage-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/storage-security.js +108 -0
- package/dist/src/lib/analyzers/javascript/security-checks/storage-security.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.d.ts +28 -0
- package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.js +143 -0
- package/dist/src/lib/analyzers/javascript/security-checks/xss-dom-security.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.d.ts +53 -0
- package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.js +144 -0
- package/dist/src/lib/analyzers/javascript/syntax/syntax-helpers.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.d.ts +72 -0
- package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.js +314 -0
- package/dist/src/lib/analyzers/javascript/syntax/typescript-syntax.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/utils/createVulnerability.d.ts +58 -0
- package/dist/src/lib/analyzers/javascript/utils/createVulnerability.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/utils/createVulnerability.js +71 -0
- package/dist/src/lib/analyzers/javascript/utils/createVulnerability.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.d.ts +36 -0
- package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.js +70 -0
- package/dist/src/lib/analyzers/javascript/utils/metrics-calculator.js.map +1 -0
- package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.d.ts +29 -0
- package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.js +55 -0
- package/dist/src/lib/analyzers/javascript/utils/performance-analyzer.js.map +1 -0
- package/dist/src/lib/analyzers/javascript-analyzer.d.ts +95 -0
- package/dist/src/lib/analyzers/javascript-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/javascript-analyzer.js +2141 -0
- package/dist/src/lib/analyzers/javascript-analyzer.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/access-control.d.ts +21 -0
- package/dist/src/lib/analyzers/python/security-checks/access-control.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/access-control.js +305 -0
- package/dist/src/lib/analyzers/python/security-checks/access-control.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.d.ts +25 -0
- package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.js +242 -0
- package/dist/src/lib/analyzers/python/security-checks/ai-generated-code.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.d.ts +24 -0
- package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.js +207 -0
- package/dist/src/lib/analyzers/python/security-checks/authentication-flaws.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/code-quality.d.ts +27 -0
- package/dist/src/lib/analyzers/python/security-checks/code-quality.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/code-quality.js +206 -0
- package/dist/src/lib/analyzers/python/security-checks/code-quality.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.d.ts +24 -0
- package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.js +113 -0
- package/dist/src/lib/analyzers/python/security-checks/credentials-crypto.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/crypto-failures.d.ts +20 -0
- package/dist/src/lib/analyzers/python/security-checks/crypto-failures.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/crypto-failures.js +129 -0
- package/dist/src/lib/analyzers/python/security-checks/crypto-failures.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/data-integrity.d.ts +19 -0
- package/dist/src/lib/analyzers/python/security-checks/data-integrity.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/data-integrity.js +90 -0
- package/dist/src/lib/analyzers/python/security-checks/data-integrity.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/deserialization.d.ts +20 -0
- package/dist/src/lib/analyzers/python/security-checks/deserialization.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/deserialization.js +68 -0
- package/dist/src/lib/analyzers/python/security-checks/deserialization.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/django-security.d.ts +25 -0
- package/dist/src/lib/analyzers/python/security-checks/django-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/django-security.js +180 -0
- package/dist/src/lib/analyzers/python/security-checks/django-security.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.d.ts +23 -0
- package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.js +127 -0
- package/dist/src/lib/analyzers/python/security-checks/enhanced-supply-chain.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/exception-handling.d.ts +23 -0
- package/dist/src/lib/analyzers/python/security-checks/exception-handling.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/exception-handling.js +120 -0
- package/dist/src/lib/analyzers/python/security-checks/exception-handling.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/flask-security.d.ts +24 -0
- package/dist/src/lib/analyzers/python/security-checks/flask-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/flask-security.js +143 -0
- package/dist/src/lib/analyzers/python/security-checks/flask-security.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts +28 -0
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js +174 -0
- package/dist/src/lib/analyzers/python/security-checks/injection-attacks.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/insecure-design.d.ts +20 -0
- package/dist/src/lib/analyzers/python/security-checks/insecure-design.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/insecure-design.js +160 -0
- package/dist/src/lib/analyzers/python/security-checks/insecure-design.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/logging-failures.d.ts +20 -0
- package/dist/src/lib/analyzers/python/security-checks/logging-failures.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/logging-failures.js +121 -0
- package/dist/src/lib/analyzers/python/security-checks/logging-failures.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/nosql-injection.d.ts +26 -0
- package/dist/src/lib/analyzers/python/security-checks/nosql-injection.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/nosql-injection.js +248 -0
- package/dist/src/lib/analyzers/python/security-checks/nosql-injection.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.d.ts +26 -0
- package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.js +375 -0
- package/dist/src/lib/analyzers/python/security-checks/security-misconfiguration.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.d.ts +26 -0
- package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.js +160 -0
- package/dist/src/lib/analyzers/python/security-checks/ssrf-detection.js.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/web-security.d.ts +23 -0
- package/dist/src/lib/analyzers/python/security-checks/web-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/security-checks/web-security.js +117 -0
- package/dist/src/lib/analyzers/python/security-checks/web-security.js.map +1 -0
- package/dist/src/lib/analyzers/python/utils/createVulnerability.d.ts +58 -0
- package/dist/src/lib/analyzers/python/utils/createVulnerability.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python/utils/createVulnerability.js +71 -0
- package/dist/src/lib/analyzers/python/utils/createVulnerability.js.map +1 -0
- package/dist/src/lib/analyzers/python-analyzer.d.ts +111 -0
- package/dist/src/lib/analyzers/python-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/python-analyzer.js +1600 -0
- package/dist/src/lib/analyzers/python-analyzer.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.d.ts +14 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.js +47 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.d.ts +13 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.js +36 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.d.ts +15 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.js +68 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.d.ts +15 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.js +68 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.d.ts +12 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.js +45 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.d.ts +14 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.js +47 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.d.ts +13 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.js +36 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys.d.ts +15 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys.js +32 -0
- package/dist/src/lib/analyzers/secrets/patterns/api-keys.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/credentials.d.ts +15 -0
- package/dist/src/lib/analyzers/secrets/patterns/credentials.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/credentials.js +68 -0
- package/dist/src/lib/analyzers/secrets/patterns/credentials.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/private-keys.d.ts +16 -0
- package/dist/src/lib/analyzers/secrets/patterns/private-keys.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/private-keys.js +79 -0
- package/dist/src/lib/analyzers/secrets/patterns/private-keys.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/tokens.d.ts +15 -0
- package/dist/src/lib/analyzers/secrets/patterns/tokens.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/patterns/tokens.js +58 -0
- package/dist/src/lib/analyzers/secrets/patterns/tokens.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts +88 -0
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.js +162 -0
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/validators/context-checker.d.ts +56 -0
- package/dist/src/lib/analyzers/secrets/validators/context-checker.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/validators/context-checker.js +199 -0
- package/dist/src/lib/analyzers/secrets/validators/context-checker.js.map +1 -0
- package/dist/src/lib/analyzers/secrets/validators/entropy-checker.d.ts +56 -0
- package/dist/src/lib/analyzers/secrets/validators/entropy-checker.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/validators/entropy-checker.js +102 -0
- package/dist/src/lib/analyzers/secrets/validators/entropy-checker.js.map +1 -0
- package/dist/src/lib/analyzers/security-checks/es6-security.d.ts +38 -0
- package/dist/src/lib/analyzers/security-checks/es6-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/security-checks/es6-security.js +125 -0
- package/dist/src/lib/analyzers/security-checks/es6-security.js.map +1 -0
- package/dist/src/lib/analyzers/security-checks/python-async-security.d.ts +46 -0
- package/dist/src/lib/analyzers/security-checks/python-async-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/security-checks/python-async-security.js +92 -0
- package/dist/src/lib/analyzers/security-checks/python-async-security.js.map +1 -0
- package/dist/src/lib/analyzers/security-checks/react-security.d.ts +49 -0
- package/dist/src/lib/analyzers/security-checks/react-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/security-checks/react-security.js +125 -0
- package/dist/src/lib/analyzers/security-checks/react-security.js.map +1 -0
- package/dist/src/lib/analyzers/types.d.ts +92 -0
- package/dist/src/lib/analyzers/types.d.ts.map +1 -0
- package/dist/src/lib/analyzers/types.js +3 -0
- package/dist/src/lib/analyzers/types.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/access-control.d.ts +19 -0
- package/dist/src/lib/analyzers/typescript/security-checks/access-control.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/access-control.js +210 -0
- package/dist/src/lib/analyzers/typescript/security-checks/access-control.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.d.ts +25 -0
- package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.js +242 -0
- package/dist/src/lib/analyzers/typescript/security-checks/ai-generated-code.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/authentication.d.ts +28 -0
- package/dist/src/lib/analyzers/typescript/security-checks/authentication.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/authentication.js +357 -0
- package/dist/src/lib/analyzers/typescript/security-checks/authentication.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-injection.d.ts +26 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-injection.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-injection.js +380 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-injection.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-quality.d.ts +23 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-quality.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-quality.js +109 -0
- package/dist/src/lib/analyzers/typescript/security-checks/code-quality.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.d.ts +21 -0
- package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.js +153 -0
- package/dist/src/lib/analyzers/typescript/security-checks/credentials-crypto.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.d.ts +23 -0
- package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.js +146 -0
- package/dist/src/lib/analyzers/typescript/security-checks/enhanced-supply-chain.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.d.ts +23 -0
- package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.js +187 -0
- package/dist/src/lib/analyzers/typescript/security-checks/exception-handling.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.d.ts +19 -0
- package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.js +97 -0
- package/dist/src/lib/analyzers/typescript/security-checks/information-disclosure.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.d.ts +29 -0
- package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.js +319 -0
- package/dist/src/lib/analyzers/typescript/security-checks/injection-attacks.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.d.ts +21 -0
- package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.js +121 -0
- package/dist/src/lib/analyzers/typescript/security-checks/logging-failures.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.d.ts +27 -0
- package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.js +213 -0
- package/dist/src/lib/analyzers/typescript/security-checks/security-misconfiguration.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/type-security.d.ts +19 -0
- package/dist/src/lib/analyzers/typescript/security-checks/type-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/security-checks/type-security.js +59 -0
- package/dist/src/lib/analyzers/typescript/security-checks/type-security.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/type-checker.d.ts +17 -0
- package/dist/src/lib/analyzers/typescript/type-checker.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/type-checker.js +515 -0
- package/dist/src/lib/analyzers/typescript/type-checker.js.map +1 -0
- package/dist/src/lib/analyzers/typescript/utils/createVulnerability.d.ts +58 -0
- package/dist/src/lib/analyzers/typescript/utils/createVulnerability.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript/utils/createVulnerability.js +71 -0
- package/dist/src/lib/analyzers/typescript/utils/createVulnerability.js.map +1 -0
- package/dist/src/lib/analyzers/typescript-analyzer.d.ts +116 -0
- package/dist/src/lib/analyzers/typescript-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/typescript-analyzer.js +1660 -0
- package/dist/src/lib/analyzers/typescript-analyzer.js.map +1 -0
- package/dist/src/lib/security/compliance-mapping.d.ts +29 -0
- package/dist/src/lib/security/compliance-mapping.d.ts.map +1 -0
- package/dist/src/lib/security/compliance-mapping.js +1342 -0
- package/dist/src/lib/security/compliance-mapping.js.map +1 -0
- package/dist/src/lib/security/severity-scoring.d.ts +47 -0
- package/dist/src/lib/security/severity-scoring.d.ts.map +1 -0
- package/dist/src/lib/security/severity-scoring.js +965 -0
- package/dist/src/lib/security/severity-scoring.js.map +1 -0
- package/dist/src/lib/standards/references.d.ts +16 -0
- package/dist/src/lib/standards/references.d.ts.map +1 -0
- package/dist/src/lib/standards/references.js +1161 -0
- package/dist/src/lib/standards/references.js.map +1 -0
- package/dist/src/lib/types/index.d.ts +167 -0
- package/dist/src/lib/types/index.d.ts.map +1 -0
- package/dist/src/lib/types/index.js +3 -0
- package/dist/src/lib/types/index.js.map +1 -0
- package/dist/src/lib/utils/code-cleaner.d.ts +59 -0
- package/dist/src/lib/utils/code-cleaner.d.ts.map +1 -0
- package/dist/src/lib/utils/code-cleaner.js +283 -0
- package/dist/src/lib/utils/code-cleaner.js.map +1 -0
- package/package.json +51 -0
- package/src/commands/auth.ts +308 -0
- package/src/commands/config.ts +226 -0
- package/src/commands/init.ts +202 -0
- package/src/commands/scan.ts +238 -0
- package/src/config/config-loader.ts +175 -0
- package/src/reporters/cli-reporter.ts +282 -0
- package/src/scanner/local-scanner.ts +250 -0
- package/tsconfig.json +24 -0
- package/tsconfig.tsbuildinfo +1 -0
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Utility function to create security vulnerability objects for Java analyzer
|
|
3
|
+
*
|
|
4
|
+
* This module provides a standardized way to create SecurityVulnerability objects
|
|
5
|
+
* with proper CVSS scoring, OWASP mapping, and compliance information.
|
|
6
|
+
*/
|
|
7
|
+
import { SecurityVulnerability } from '../../types';
|
|
8
|
+
/**
|
|
9
|
+
* Parameters for creating a security vulnerability object
|
|
10
|
+
*/
|
|
11
|
+
interface VulnerabilityParams {
|
|
12
|
+
category: string;
|
|
13
|
+
severity: string;
|
|
14
|
+
confidence: string;
|
|
15
|
+
message: string;
|
|
16
|
+
line: number;
|
|
17
|
+
suggestion: string;
|
|
18
|
+
owasp: string;
|
|
19
|
+
cwe: string;
|
|
20
|
+
pciDss: string;
|
|
21
|
+
securityRelevant?: boolean;
|
|
22
|
+
remediation: {
|
|
23
|
+
explanation: string;
|
|
24
|
+
before: string;
|
|
25
|
+
after: string;
|
|
26
|
+
};
|
|
27
|
+
attackVector: {
|
|
28
|
+
description: string;
|
|
29
|
+
exploitExample?: string;
|
|
30
|
+
realWorldImpact: string[];
|
|
31
|
+
};
|
|
32
|
+
}
|
|
33
|
+
/**
|
|
34
|
+
* Creates a standardized security vulnerability object for Java code
|
|
35
|
+
* Supports both object parameter style (OWASP 2025) and legacy individual parameters
|
|
36
|
+
*
|
|
37
|
+
* @param params - Object containing all vulnerability parameters (OWASP 2025 style)
|
|
38
|
+
* @returns SecurityVulnerability object with all required fields
|
|
39
|
+
*/
|
|
40
|
+
export declare function createJavaSecurityVulnerability(params: VulnerabilityParams): SecurityVulnerability;
|
|
41
|
+
/**
|
|
42
|
+
* Legacy function signature for backward compatibility
|
|
43
|
+
*
|
|
44
|
+
* @param vulnerabilityType - Type identifier for severity scoring (e.g., 'sql-injection')
|
|
45
|
+
* @param message - User-friendly vulnerability message
|
|
46
|
+
* @param suggestion - Remediation suggestion
|
|
47
|
+
* @param lineNumber - Line number where vulnerability was detected
|
|
48
|
+
* @param attackDescription - Detailed description of the attack vector
|
|
49
|
+
* @param exploitExample - Example of how the vulnerability can be exploited
|
|
50
|
+
* @param realWorldImpact - Array of potential real-world impacts
|
|
51
|
+
* @param remediationBefore - Code example showing vulnerable pattern
|
|
52
|
+
* @param remediationAfter - Code example showing secure pattern
|
|
53
|
+
* @param remediationExplanation - Explanation of why the fix works
|
|
54
|
+
* @returns SecurityVulnerability object with all required fields
|
|
55
|
+
*/
|
|
56
|
+
export declare function createJavaSecurityVulnerability(vulnerabilityType: string, message: string, suggestion: string, lineNumber: number, attackDescription: string, exploitExample: string, realWorldImpact: string[], remediationBefore: string, remediationAfter: string, remediationExplanation: string): SecurityVulnerability;
|
|
57
|
+
export {};
|
|
58
|
+
//# sourceMappingURL=createVulnerability.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"createVulnerability.d.ts","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/java/utils/createVulnerability.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAIpD;;GAEG;AACH,UAAU,mBAAmB;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,WAAW,EAAE;QACX,WAAW,EAAE,MAAM,CAAC;QACpB,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,YAAY,EAAE;QACZ,WAAW,EAAE,MAAM,CAAC;QACpB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,EAAE,CAAC;KAC3B,CAAC;CACH;AAED;;;;;;GAMG;AACH,wBAAgB,+BAA+B,CAC7C,MAAM,EAAE,mBAAmB,GAC1B,qBAAqB,CAAC;AAEzB;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,+BAA+B,CAC7C,iBAAiB,EAAE,MAAM,EACzB,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,EAClB,iBAAiB,EAAE,MAAM,EACzB,cAAc,EAAE,MAAM,EACtB,eAAe,EAAE,MAAM,EAAE,EACzB,iBAAiB,EAAE,MAAM,EACzB,gBAAgB,EAAE,MAAM,EACxB,sBAAsB,EAAE,MAAM,GAC7B,qBAAqB,CAAC"}
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Utility function to create security vulnerability objects for Java analyzer
|
|
4
|
+
*
|
|
5
|
+
* This module provides a standardized way to create SecurityVulnerability objects
|
|
6
|
+
* with proper CVSS scoring, OWASP mapping, and compliance information.
|
|
7
|
+
*/
|
|
8
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
+
exports.createJavaSecurityVulnerability = createJavaSecurityVulnerability;
|
|
10
|
+
const severity_scoring_1 = require("../../../security/severity-scoring");
|
|
11
|
+
const compliance_mapping_1 = require("../../../security/compliance-mapping");
|
|
12
|
+
function createJavaSecurityVulnerability(paramsOrType, message, suggestion, lineNumber, attackDescription, exploitExample, realWorldImpact, remediationBefore, remediationAfter, remediationExplanation) {
|
|
13
|
+
// Check if using new object-style parameters (OWASP 2025)
|
|
14
|
+
if (typeof paramsOrType === 'object') {
|
|
15
|
+
const params = paramsOrType;
|
|
16
|
+
const scoring = (0, severity_scoring_1.calculateSeverityScore)(params.category);
|
|
17
|
+
const compliance = (0, compliance_mapping_1.getComplianceMapping)(params.category);
|
|
18
|
+
return {
|
|
19
|
+
severity: params.severity.toUpperCase(),
|
|
20
|
+
message: params.message,
|
|
21
|
+
suggestion: params.suggestion,
|
|
22
|
+
line: params.line,
|
|
23
|
+
category: params.category,
|
|
24
|
+
securityRelevant: params.securityRelevant, // P3: Propagate security relevance flag
|
|
25
|
+
cvssScore: scoring.cvssScore,
|
|
26
|
+
exploitLikelihood: scoring.exploitLikelihood,
|
|
27
|
+
impact: scoring.impact,
|
|
28
|
+
owasp: params.owasp,
|
|
29
|
+
cwe: params.cwe,
|
|
30
|
+
pciDss: params.pciDss,
|
|
31
|
+
attackVector: {
|
|
32
|
+
description: params.attackVector.description,
|
|
33
|
+
exploitExample: params.attackVector.exploitExample || '',
|
|
34
|
+
realWorldImpact: params.attackVector.realWorldImpact
|
|
35
|
+
},
|
|
36
|
+
remediation: {
|
|
37
|
+
before: params.remediation.before,
|
|
38
|
+
after: params.remediation.after,
|
|
39
|
+
explanation: params.remediation.explanation
|
|
40
|
+
}
|
|
41
|
+
};
|
|
42
|
+
}
|
|
43
|
+
// Legacy 10-parameter signature (backward compatibility)
|
|
44
|
+
const vulnerabilityType = paramsOrType;
|
|
45
|
+
const scoring = (0, severity_scoring_1.calculateSeverityScore)(vulnerabilityType);
|
|
46
|
+
const compliance = (0, compliance_mapping_1.getComplianceMapping)(vulnerabilityType);
|
|
47
|
+
return {
|
|
48
|
+
severity: scoring.severity,
|
|
49
|
+
message: message,
|
|
50
|
+
suggestion: suggestion,
|
|
51
|
+
line: lineNumber,
|
|
52
|
+
category: vulnerabilityType,
|
|
53
|
+
cvssScore: scoring.cvssScore,
|
|
54
|
+
exploitLikelihood: scoring.exploitLikelihood,
|
|
55
|
+
impact: scoring.impact,
|
|
56
|
+
owasp: compliance.owasp,
|
|
57
|
+
cwe: compliance.cwe,
|
|
58
|
+
pciDss: compliance.pciDss,
|
|
59
|
+
attackVector: {
|
|
60
|
+
description: attackDescription,
|
|
61
|
+
exploitExample: exploitExample,
|
|
62
|
+
realWorldImpact: realWorldImpact
|
|
63
|
+
},
|
|
64
|
+
remediation: {
|
|
65
|
+
before: remediationBefore,
|
|
66
|
+
after: remediationAfter,
|
|
67
|
+
explanation: remediationExplanation
|
|
68
|
+
}
|
|
69
|
+
};
|
|
70
|
+
}
|
|
71
|
+
//# sourceMappingURL=createVulnerability.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"createVulnerability.js","sourceRoot":"","sources":["../../../../../../../../src/lib/analyzers/java/utils/createVulnerability.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAuEH,0EAyEC;AA7ID,yEAA4E;AAC5E,6EAA4E;AAmE5E,SAAgB,+BAA+B,CAC7C,YAA0C,EAC1C,OAAgB,EAChB,UAAmB,EACnB,UAAmB,EACnB,iBAA0B,EAC1B,cAAuB,EACvB,eAA0B,EAC1B,iBAA0B,EAC1B,gBAAyB,EACzB,sBAA+B;IAE/B,0DAA0D;IAC1D,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,YAAmC,CAAC;QAEnD,MAAM,OAAO,GAAG,IAAA,yCAAsB,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACxD,MAAM,UAAU,GAAG,IAAA,yCAAoB,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAEzD,OAAO;YACL,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAS;YAC9C,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,EAAE,wCAAwC;YACnF,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;YAC5C,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,GAAG,EAAE,MAAM,CAAC,GAAG;YACf,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,YAAY,EAAE;gBACZ,WAAW,EAAE,MAAM,CAAC,YAAY,CAAC,WAAW;gBAC5C,cAAc,EAAE,MAAM,CAAC,YAAY,CAAC,cAAc,IAAI,EAAE;gBACxD,eAAe,EAAE,MAAM,CAAC,YAAY,CAAC,eAAe;aACrD;YACD,WAAW,EAAE;gBACX,MAAM,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM;gBACjC,KAAK,EAAE,MAAM,CAAC,WAAW,CAAC,KAAK;gBAC/B,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,WAAW;aAC5C;SACF,CAAC;IACJ,CAAC;IAED,yDAAyD;IACzD,MAAM,iBAAiB,GAAG,YAAsB,CAAC;IACjD,MAAM,OAAO,GAAG,IAAA,yCAAsB,EAAC,iBAAiB,CAAC,CAAC;IAC1D,MAAM,UAAU,GAAG,IAAA,yCAAoB,EAAC,iBAAiB,CAAC,CAAC;IAE3D,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,OAAO,EAAE,OAAQ;QACjB,UAAU,EAAE,UAAW;QACvB,IAAI,EAAE,UAAW;QACjB,QAAQ,EAAE,iBAAiB;QAC3B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;QAC5C,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,KAAK,EAAE,UAAU,CAAC,KAAK;QACvB,GAAG,EAAE,UAAU,CAAC,GAAG;QACnB,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,YAAY,EAAE;YACZ,WAAW,EAAE,iBAAkB;YAC/B,cAAc,EAAE,cAAe;YAC/B,eAAe,EAAE,eAAgB;SAClC;QACD,WAAW,EAAE;YACX,MAAM,EAAE,iBAAkB;YAC1B,KAAK,EAAE,gBAAiB;YACxB,WAAW,EAAE,sBAAuB;SACrC;KACF,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,209 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* ⚠️ SHARED MODULE: Java Security Analyzer
|
|
3
|
+
*
|
|
4
|
+
* CRITICAL: This module is used by BOTH WebTool and GitHub App
|
|
5
|
+
*
|
|
6
|
+
* WebTool uses this for:
|
|
7
|
+
* - /api/analyze endpoint - Interactive single-file analysis (<3s target)
|
|
8
|
+
* - Real-time vulnerability detection for individual developers
|
|
9
|
+
*
|
|
10
|
+
* GitHub App uses this for:
|
|
11
|
+
* - /api/github/webhook - Batch PR analysis (10-30s OK)
|
|
12
|
+
* - Automated security checks for professional teams
|
|
13
|
+
*
|
|
14
|
+
* ⚠️ BEFORE MODIFYING THIS FILE:
|
|
15
|
+
* 1. Run all 96 analyzer tests: npm test analyzers
|
|
16
|
+
* 2. Test WebTool: Paste Java code at /analyze → Verify results
|
|
17
|
+
* 3. Test GitHub: Open PR with Java → Verify webhook comment
|
|
18
|
+
* 4. Verify performance: Analysis must complete in <2s per file
|
|
19
|
+
* 5. Check detection rate: All 18 Java checks must still detect
|
|
20
|
+
*
|
|
21
|
+
* CRITICAL OUTPUT FORMAT (DO NOT CHANGE):
|
|
22
|
+
* - result.security.vulnerabilities - Used by both systems
|
|
23
|
+
* - Each vulnerability has: line, message, severity, cvssScore, owasp, cwe
|
|
24
|
+
* - Changing this structure breaks BOTH WebTool and GitHub UI parsing
|
|
25
|
+
*
|
|
26
|
+
* See: docs/technical/WEBTOOL_GITHUB_SEPARATION.md
|
|
27
|
+
*
|
|
28
|
+
* Last modified: 2025-11-18
|
|
29
|
+
* Last verified (both systems): 2025-11-18
|
|
30
|
+
*/
|
|
31
|
+
import { ICodeAnalyzer, AnalyzerInput, AnalyzerResult } from './types';
|
|
32
|
+
import { SupportedLanguage } from '../types';
|
|
33
|
+
export declare class JavaAnalyzer implements ICodeAnalyzer {
|
|
34
|
+
readonly language: SupportedLanguage;
|
|
35
|
+
analyze(input: AnalyzerInput): Promise<AnalyzerResult>;
|
|
36
|
+
validateSyntax(code: string): Promise<boolean>;
|
|
37
|
+
getLanguageInfo(): {
|
|
38
|
+
name: string;
|
|
39
|
+
extensions: string[];
|
|
40
|
+
description: string;
|
|
41
|
+
};
|
|
42
|
+
private analyzeSyntax;
|
|
43
|
+
/**
|
|
44
|
+
* Detect method signature errors - Missing parentheses, malformed signatures
|
|
45
|
+
*
|
|
46
|
+
* Fixed logic:
|
|
47
|
+
* - Checks ALL lines ending with { (not just method signatures)
|
|
48
|
+
* - Detects missing ) in method signatures, catch blocks, if/while/for statements
|
|
49
|
+
* - Avoids false positives on multi-line declarations (lines without {)
|
|
50
|
+
*/
|
|
51
|
+
private detectMethodSignatureErrors;
|
|
52
|
+
/**
|
|
53
|
+
* Detect unbalanced braces - Missing opening or closing braces
|
|
54
|
+
*
|
|
55
|
+
* Tracks brace balance across the entire file to detect:
|
|
56
|
+
* - Methods/blocks with missing closing }
|
|
57
|
+
* - Extra closing } without matching opening {
|
|
58
|
+
*/
|
|
59
|
+
private detectUnbalancedBraces;
|
|
60
|
+
/**
|
|
61
|
+
* Detect NullPointerException risks - null checks and Optional usage
|
|
62
|
+
*/
|
|
63
|
+
private detectNullPointerRisks;
|
|
64
|
+
/**
|
|
65
|
+
* Detect compilation errors - Cannot find symbol, type mismatches
|
|
66
|
+
*/
|
|
67
|
+
private detectCompilationErrors;
|
|
68
|
+
/**
|
|
69
|
+
* Detect runtime exceptions - ClassCast, ArrayBounds, IllegalArgument, IllegalState
|
|
70
|
+
*/
|
|
71
|
+
private detectRuntimeExceptions;
|
|
72
|
+
/**
|
|
73
|
+
* Detect concurrency issues - ConcurrentModification, synchronized, volatile
|
|
74
|
+
*/
|
|
75
|
+
private detectConcurrencyIssues;
|
|
76
|
+
/**
|
|
77
|
+
* Detect memory leaks - Unclosed resources, static collections, listeners
|
|
78
|
+
*/
|
|
79
|
+
private detectMemoryLeaks;
|
|
80
|
+
/**
|
|
81
|
+
* Detect IO exceptions - File operations without try-with-resources
|
|
82
|
+
*/
|
|
83
|
+
private detectIOExceptions;
|
|
84
|
+
/**
|
|
85
|
+
* Detect SQL injection - String concatenation in SQL
|
|
86
|
+
*
|
|
87
|
+
* NOTE: SQL Injection is now detected in analyzeSecurity() with full CVSS scoring,
|
|
88
|
+
* compliance mapping (OWASP/CWE/PCI-DSS), and remediation details.
|
|
89
|
+
* This method is kept for backward compatibility but does NOT add duplicates to lineErrors.
|
|
90
|
+
*/
|
|
91
|
+
private detectSQLInjection;
|
|
92
|
+
/**
|
|
93
|
+
* Detect serialization issues - Unsafe deserialization
|
|
94
|
+
*/
|
|
95
|
+
private detectSerializationIssues;
|
|
96
|
+
/**
|
|
97
|
+
* Detect performance issues - Vector/Hashtable, String concat in loops, inefficient loops
|
|
98
|
+
*/
|
|
99
|
+
private detectPerformanceIssues;
|
|
100
|
+
/**
|
|
101
|
+
* Detect naming convention violations - camelCase, PascalCase, UPPER_CASE
|
|
102
|
+
*/
|
|
103
|
+
private detectNamingConventions;
|
|
104
|
+
/**
|
|
105
|
+
* Detect access modifier issues - Methods without explicit modifiers
|
|
106
|
+
*/
|
|
107
|
+
private detectAccessModifierIssues;
|
|
108
|
+
/**
|
|
109
|
+
* Detect resource leaks - Missing try-with-resources for AutoCloseable
|
|
110
|
+
*/
|
|
111
|
+
private detectResourceLeaks;
|
|
112
|
+
/**
|
|
113
|
+
* Detect boxing/unboxing - Unnecessary autoboxing
|
|
114
|
+
*/
|
|
115
|
+
private detectBoxingUnboxing;
|
|
116
|
+
/**
|
|
117
|
+
* Detect deprecated APIs - Date, Vector, Hashtable, etc.
|
|
118
|
+
*/
|
|
119
|
+
private detectDeprecatedAPIs;
|
|
120
|
+
/**
|
|
121
|
+
* Detect exception handling issues - Empty catch, catching Exception/Throwable
|
|
122
|
+
*/
|
|
123
|
+
private detectExceptionHandling;
|
|
124
|
+
/**
|
|
125
|
+
* Detect duplicate variable declarations - SYNTAX ERROR (Error 26)
|
|
126
|
+
*
|
|
127
|
+
* Tracks variable declarations within method scope and detects when
|
|
128
|
+
* the same variable name is declared twice, which is a compilation error.
|
|
129
|
+
*/
|
|
130
|
+
private detectDuplicateVariables;
|
|
131
|
+
/**
|
|
132
|
+
* Detect method naming issues - Methods not in camelCase (e.g., Process_User_Data)
|
|
133
|
+
*/
|
|
134
|
+
private detectMethodNamingIssues;
|
|
135
|
+
/**
|
|
136
|
+
* Detect magic numbers - Numeric literals that should be named constants
|
|
137
|
+
*/
|
|
138
|
+
private detectMagicNumbers;
|
|
139
|
+
/**
|
|
140
|
+
* Detect God Classes - Classes with too many methods (violates SRP)
|
|
141
|
+
*/
|
|
142
|
+
private detectGodClasses;
|
|
143
|
+
/**
|
|
144
|
+
* Detect methods with too many parameters (>7 is a code smell)
|
|
145
|
+
* Methods with many parameters are hard to test, maintain, and understand.
|
|
146
|
+
* Consider using parameter objects or builder pattern.
|
|
147
|
+
*/
|
|
148
|
+
private detectTooManyParameters;
|
|
149
|
+
/**
|
|
150
|
+
* Detect string comparison using == instead of .equals()
|
|
151
|
+
* IMPORTANT: This is a QUALITY/LOGIC issue, NOT a syntax error
|
|
152
|
+
* Using == compares object references, not string content
|
|
153
|
+
*/
|
|
154
|
+
private detectStringComparisonWithEquals;
|
|
155
|
+
/**
|
|
156
|
+
* Detect empty catch blocks - Multi-line empty catch blocks
|
|
157
|
+
*/
|
|
158
|
+
private detectEmptyCatchBlocks;
|
|
159
|
+
/**
|
|
160
|
+
* Detect uninitialized variables - Variables declared but not initialized
|
|
161
|
+
*/
|
|
162
|
+
private detectUninitializedVariables;
|
|
163
|
+
/**
|
|
164
|
+
* Detect missing return statements - Non-void methods without return in all paths
|
|
165
|
+
*/
|
|
166
|
+
private detectMissingReturnStatements;
|
|
167
|
+
/**
|
|
168
|
+
* Detect invalid modifier order - Incorrect order (e.g., "static public" instead of "public static")
|
|
169
|
+
*/
|
|
170
|
+
private detectInvalidModifierOrder;
|
|
171
|
+
private analyzeQuality;
|
|
172
|
+
private analyzePerformance;
|
|
173
|
+
/**
|
|
174
|
+
* Analyzes Java code for security vulnerabilities using modular security checks
|
|
175
|
+
*
|
|
176
|
+
* This method coordinates all security analysis by delegating to specialized modules:
|
|
177
|
+
* - Injection attacks (SQL, Command, LDAP, XPath)
|
|
178
|
+
* - Deserialization and XXE vulnerabilities
|
|
179
|
+
* - Hardcoded credentials detection
|
|
180
|
+
* - Cryptographic validation (weak algorithms, insecure random)
|
|
181
|
+
* - File operation security (path traversal, upload validation)
|
|
182
|
+
* - Unsafe patterns (reflection, NPE, exception handling)
|
|
183
|
+
* - Code quality issues (God classes, debug output)
|
|
184
|
+
*
|
|
185
|
+
* All checks are performed in parallel for optimal performance.
|
|
186
|
+
*/
|
|
187
|
+
private analyzeSecurity;
|
|
188
|
+
/**
|
|
189
|
+
* Deduplicate vulnerabilities that appear on the same line
|
|
190
|
+
*
|
|
191
|
+
* Beta Testing Fix (Dec 9, 2025):
|
|
192
|
+
* - Deserialization reported twice (line 56, CVSS 9.8 and 5.0)
|
|
193
|
+
* - XXE reported twice (lines 50 and 52)
|
|
194
|
+
*
|
|
195
|
+
* Strategy: For each line with multiple vulnerabilities of similar type,
|
|
196
|
+
* keep only the one with the highest CVSS score.
|
|
197
|
+
*
|
|
198
|
+
* @param vulnerabilities - Array of all detected vulnerabilities
|
|
199
|
+
* @returns Deduplicated array with highest CVSS per line
|
|
200
|
+
*/
|
|
201
|
+
/**
|
|
202
|
+
* P1-5: Generic deduplication for ALL vulnerability types (Dec 30, 2025)
|
|
203
|
+
* Previous: Only handled deserialization and XXE
|
|
204
|
+
* Now: Handles all duplicates using category-based deduplication
|
|
205
|
+
*/
|
|
206
|
+
private deduplicateVulnerabilities;
|
|
207
|
+
private calculateMetrics;
|
|
208
|
+
}
|
|
209
|
+
//# sourceMappingURL=java-analyzer.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"java-analyzer.d.ts","sourceRoot":"","sources":["../../../../../../src/lib/analyzers/java-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAEH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAkD,MAAM,SAAS,CAAC;AACvH,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAsB7C,qBAAa,YAAa,YAAW,aAAa;IAChD,SAAgB,QAAQ,EAAE,iBAAiB,CAAU;IAE/C,OAAO,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;IA4BtD,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAoBpD,eAAe;;;;;IAQf,OAAO,CAAC,aAAa;IA0FrB;;;;;;;OAOG;IACH,OAAO,CAAC,2BAA2B;IAiFnC;;;;;;OAMG;IACH,OAAO,CAAC,sBAAsB;IA4D9B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAyC9B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA6D/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA+D/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA0D/B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAqDzB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA8B1B;;;;;;OAMG;IACH,OAAO,CAAC,kBAAkB;IAM1B;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAoCjC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA4D/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAgD/B;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAkClC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAkC3B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAoC5B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA8B5B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAqD/B;;;;;OAKG;IACH,OAAO,CAAC,wBAAwB;IAuEhC;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAwChC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAqD1B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAoDxB;;;;OAIG;IACH,OAAO,CAAC,uBAAuB;IA0E/B;;;;OAIG;IACH,OAAO,CAAC,gCAAgC;IAsCxC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAwD9B;;OAEG;IACH,OAAO,CAAC,4BAA4B;IA+DpC;;OAEG;IACH,OAAO,CAAC,6BAA6B;IAyErC;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAoClC,OAAO,CAAC,cAAc;IAyDtB,OAAO,CAAC,kBAAkB;IAqC1B;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,eAAe;IAwCvB;;;;;;;;;;;;OAYG;IACH;;;;OAIG;IACH,OAAO,CAAC,0BAA0B;IA8ClC,OAAO,CAAC,gBAAgB;CA4BzB"}
|