codeslick-cli 1.4.0 → 1.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/packages/cli/src/commands/scan.d.ts.map +1 -1
- package/dist/packages/cli/src/commands/scan.js +7 -3
- package/dist/packages/cli/src/commands/scan.js.map +1 -1
- package/dist/packages/cli/src/reporters/cli-reporter.d.ts +11 -0
- package/dist/packages/cli/src/reporters/cli-reporter.d.ts.map +1 -1
- package/dist/packages/cli/src/reporters/cli-reporter.js +150 -45
- package/dist/packages/cli/src/reporters/cli-reporter.js.map +1 -1
- package/dist/packages/cli/src/scanner/local-scanner.d.ts +2 -2
- package/dist/packages/cli/src/scanner/local-scanner.d.ts.map +1 -1
- package/dist/packages/cli/src/scanner/local-scanner.js +40 -9
- package/dist/packages/cli/src/scanner/local-scanner.js.map +1 -1
- package/dist/src/lib/analyzers/go-analyzer.d.ts +12 -0
- package/dist/src/lib/analyzers/go-analyzer.d.ts.map +1 -1
- package/dist/src/lib/analyzers/go-analyzer.js +113 -0
- package/dist/src/lib/analyzers/go-analyzer.js.map +1 -1
- package/dist/src/lib/analyzers/iac/pii-detector.d.ts +27 -0
- package/dist/src/lib/analyzers/iac/pii-detector.d.ts.map +1 -0
- package/dist/src/lib/analyzers/iac/pii-detector.js +199 -0
- package/dist/src/lib/analyzers/iac/pii-detector.js.map +1 -0
- package/dist/src/lib/analyzers/iac/pii-patterns.d.ts +43 -0
- package/dist/src/lib/analyzers/iac/pii-patterns.d.ts.map +1 -0
- package/dist/src/lib/analyzers/iac/pii-patterns.js +228 -0
- package/dist/src/lib/analyzers/iac/pii-patterns.js.map +1 -0
- package/dist/src/lib/analyzers/java-analyzer.d.ts +5 -0
- package/dist/src/lib/analyzers/java-analyzer.d.ts.map +1 -1
- package/dist/src/lib/analyzers/java-analyzer.js +51 -0
- package/dist/src/lib/analyzers/java-analyzer.js.map +1 -1
- package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.d.ts +8 -4
- package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.d.ts.map +1 -1
- package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.js +109 -13
- package/dist/src/lib/analyzers/javascript/quality-checks/ai-hallucinations.js.map +1 -1
- package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.d.ts.map +1 -1
- package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.js +7 -8
- package/dist/src/lib/analyzers/javascript/quality-checks/reference-errors.js.map +1 -1
- package/dist/src/lib/analyzers/javascript-analyzer.d.ts.map +1 -1
- package/dist/src/lib/analyzers/javascript-analyzer.js +16 -12
- package/dist/src/lib/analyzers/javascript-analyzer.js.map +1 -1
- package/dist/src/lib/analyzers/kubernetes/checks/network-security.d.ts +33 -0
- package/dist/src/lib/analyzers/kubernetes/checks/network-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/kubernetes/checks/network-security.js +184 -0
- package/dist/src/lib/analyzers/kubernetes/checks/network-security.js.map +1 -0
- package/dist/src/lib/analyzers/kubernetes/checks/pod-security.d.ts +60 -0
- package/dist/src/lib/analyzers/kubernetes/checks/pod-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/kubernetes/checks/pod-security.js +418 -0
- package/dist/src/lib/analyzers/kubernetes/checks/pod-security.js.map +1 -0
- package/dist/src/lib/analyzers/kubernetes/checks/rbac-security.d.ts +44 -0
- package/dist/src/lib/analyzers/kubernetes/checks/rbac-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/kubernetes/checks/rbac-security.js +275 -0
- package/dist/src/lib/analyzers/kubernetes/checks/rbac-security.js.map +1 -0
- package/dist/src/lib/analyzers/kubernetes/checks/resource-management.d.ts +32 -0
- package/dist/src/lib/analyzers/kubernetes/checks/resource-management.d.ts.map +1 -0
- package/dist/src/lib/analyzers/kubernetes/checks/resource-management.js +176 -0
- package/dist/src/lib/analyzers/kubernetes/checks/resource-management.js.map +1 -0
- package/dist/src/lib/analyzers/kubernetes/checks/secrets-management.d.ts +38 -0
- package/dist/src/lib/analyzers/kubernetes/checks/secrets-management.d.ts.map +1 -0
- package/dist/src/lib/analyzers/kubernetes/checks/secrets-management.js +266 -0
- package/dist/src/lib/analyzers/kubernetes/checks/secrets-management.js.map +1 -0
- package/dist/src/lib/analyzers/kubernetes/checks/service-security.d.ts +26 -0
- package/dist/src/lib/analyzers/kubernetes/checks/service-security.d.ts.map +1 -0
- package/dist/src/lib/analyzers/kubernetes/checks/service-security.js +120 -0
- package/dist/src/lib/analyzers/kubernetes/checks/service-security.js.map +1 -0
- package/dist/src/lib/analyzers/kubernetes/parser.d.ts +74 -0
- package/dist/src/lib/analyzers/kubernetes/parser.d.ts.map +1 -0
- package/dist/src/lib/analyzers/kubernetes/parser.js +233 -0
- package/dist/src/lib/analyzers/kubernetes/parser.js.map +1 -0
- package/dist/src/lib/analyzers/kubernetes/pii-detector.d.ts +34 -0
- package/dist/src/lib/analyzers/kubernetes/pii-detector.d.ts.map +1 -0
- package/dist/src/lib/analyzers/kubernetes/pii-detector.js +182 -0
- package/dist/src/lib/analyzers/kubernetes/pii-detector.js.map +1 -0
- package/dist/src/lib/analyzers/kubernetes/types.d.ts +266 -0
- package/dist/src/lib/analyzers/kubernetes/types.d.ts.map +1 -0
- package/dist/src/lib/analyzers/kubernetes/types.js +77 -0
- package/dist/src/lib/analyzers/kubernetes/types.js.map +1 -0
- package/dist/src/lib/analyzers/kubernetes-analyzer.d.ts +93 -0
- package/dist/src/lib/analyzers/kubernetes-analyzer.d.ts.map +1 -0
- package/dist/src/lib/analyzers/kubernetes-analyzer.js +215 -0
- package/dist/src/lib/analyzers/kubernetes-analyzer.js.map +1 -0
- package/dist/src/lib/analyzers/python-analyzer.d.ts.map +1 -1
- package/dist/src/lib/analyzers/python-analyzer.js +32 -48
- package/dist/src/lib/analyzers/python-analyzer.js.map +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.d.ts +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/ai-providers.d.ts.map +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.d.ts +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/aws.d.ts.map +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.d.ts +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/cloud-providers.d.ts.map +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.d.ts +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/communication.d.ts.map +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.d.ts +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/generic.d.ts.map +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.d.ts +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/github.d.ts.map +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.d.ts +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys/stripe.d.ts.map +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys.d.ts +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/api-keys.d.ts.map +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/credentials.d.ts +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/credentials.d.ts.map +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/private-keys.d.ts +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/private-keys.d.ts.map +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/tokens.d.ts +1 -1
- package/dist/src/lib/analyzers/secrets/patterns/tokens.d.ts.map +1 -1
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts +2 -32
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.d.ts.map +1 -1
- package/dist/src/lib/analyzers/secrets/secrets-analyzer.js.map +1 -1
- package/dist/src/lib/analyzers/secrets/types.d.ts +40 -0
- package/dist/src/lib/analyzers/secrets/types.d.ts.map +1 -0
- package/dist/src/lib/analyzers/secrets/types.js +10 -0
- package/dist/src/lib/analyzers/secrets/types.js.map +1 -0
- package/dist/src/lib/analyzers/terraform-analyzer.d.ts +1 -0
- package/dist/src/lib/analyzers/terraform-analyzer.d.ts.map +1 -1
- package/dist/src/lib/analyzers/terraform-analyzer.js +28 -0
- package/dist/src/lib/analyzers/terraform-analyzer.js.map +1 -1
- package/dist/src/lib/analyzers/typescript-analyzer.d.ts +5 -0
- package/dist/src/lib/analyzers/typescript-analyzer.d.ts.map +1 -1
- package/dist/src/lib/analyzers/typescript-analyzer.js +76 -0
- package/dist/src/lib/analyzers/typescript-analyzer.js.map +1 -1
- package/dist/src/lib/analyzers/utils/false-positive-filter.d.ts +27 -0
- package/dist/src/lib/analyzers/utils/false-positive-filter.d.ts.map +1 -0
- package/dist/src/lib/analyzers/utils/false-positive-filter.js +176 -0
- package/dist/src/lib/analyzers/utils/false-positive-filter.js.map +1 -0
- package/dist/src/lib/security/epss-service.d.ts.map +1 -1
- package/dist/src/lib/security/epss-service.js +27 -8
- package/dist/src/lib/security/epss-service.js.map +1 -1
- package/dist/src/lib/security/severity-scoring.d.ts.map +1 -1
- package/dist/src/lib/security/severity-scoring.js +24 -0
- package/dist/src/lib/security/severity-scoring.js.map +1 -1
- package/dist/src/lib/types/index.d.ts +3 -3
- package/dist/src/lib/types/index.d.ts.map +1 -1
- package/dist/src/lib/utils/ignore-patterns.d.ts +60 -0
- package/dist/src/lib/utils/ignore-patterns.d.ts.map +1 -0
- package/dist/src/lib/utils/ignore-patterns.js +212 -0
- package/dist/src/lib/utils/ignore-patterns.js.map +1 -0
- package/package.json +1 -1
- package/src/commands/scan.ts +7 -3
- package/src/reporters/cli-reporter.ts +174 -48
- package/src/scanner/local-scanner.ts +54 -10
- package/tsconfig.tsbuildinfo +0 -1
|
@@ -13,38 +13,8 @@
|
|
|
13
13
|
* Date: January 7, 2026
|
|
14
14
|
*/
|
|
15
15
|
import { SecurityVulnerability } from '../types';
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
*/
|
|
19
|
-
export interface SecretPattern {
|
|
20
|
-
/** Pattern identifier (e.g., 'aws-access-key', 'github-token') */
|
|
21
|
-
id: string;
|
|
22
|
-
/** Human-readable name */
|
|
23
|
-
name: string;
|
|
24
|
-
/** Regex pattern to match the secret */
|
|
25
|
-
pattern: RegExp;
|
|
26
|
-
/** Minimum entropy threshold (0-8, where 8 is maximum randomness) */
|
|
27
|
-
minEntropy?: number;
|
|
28
|
-
/** Description of the secret type */
|
|
29
|
-
description: string;
|
|
30
|
-
/** Severity: 'critical', 'high', 'medium' */
|
|
31
|
-
severity: 'critical' | 'high' | 'medium';
|
|
32
|
-
/** OWASP 2025 category */
|
|
33
|
-
owaspCategory: string;
|
|
34
|
-
/** CWE identifier */
|
|
35
|
-
cwe: string;
|
|
36
|
-
}
|
|
37
|
-
/**
|
|
38
|
-
* Secret detection result
|
|
39
|
-
*/
|
|
40
|
-
export interface SecretMatch {
|
|
41
|
-
pattern: SecretPattern;
|
|
42
|
-
value: string;
|
|
43
|
-
line: number;
|
|
44
|
-
column: number;
|
|
45
|
-
entropy: number;
|
|
46
|
-
context: string;
|
|
47
|
-
}
|
|
16
|
+
import type { SecretPattern, SecretMatch } from './types';
|
|
17
|
+
export type { SecretPattern, SecretMatch };
|
|
48
18
|
/**
|
|
49
19
|
* Main secrets analyzer class
|
|
50
20
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secrets-analyzer.d.ts","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/secrets/secrets-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"secrets-analyzer.d.ts","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/secrets/secrets-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AAWjD,OAAO,KAAK,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAC1D,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC;AAE3C;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAkB;;IAYlC;;;;;;;OAOG;IACI,WAAW,CAChB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,YAAY,GAAG,QAAQ,GAAG,MAAM,GAAG,YAAY,GAAG,IAAI,GAC/D,qBAAqB,EAAE;IAiC1B;;OAEG;IACH,OAAO,CAAC,WAAW;IA4BnB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAwC3B;;OAEG;IACH,OAAO,CAAC,UAAU;IASlB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAiBzB;;OAEG;IACH,OAAO,CAAC,aAAa;IAerB;;OAEG;IACH,OAAO,CAAC,mBAAmB;CAiB5B;AAED;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,eAAe,CAEvD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secrets-analyzer.js","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/secrets/secrets-analyzer.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;
|
|
1
|
+
{"version":3,"file":"secrets-analyzer.js","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/secrets/secrets-analyzer.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;AAkOH,sDAEC;AAjOD,kDAAuD;AACvD,0DAA+D;AAC/D,wDAA6D;AAC7D,8CAAmD;AACnD,kEAAgE;AAChE,kEAAqE;AACrE,sEAAyE;AACzE,0EAAyE;AAMzE;;GAEG;AACH,MAAa,eAAe;IAG1B;QACE,iDAAiD;QACjD,IAAI,CAAC,QAAQ,GAAG;YACd,GAAG,2BAAgB;YACnB,GAAG,mCAAoB;YACvB,GAAG,iCAAmB;YACtB,GAAG,uBAAc;SAClB,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,WAAW,CAChB,IAAY,EACZ,QAAgB,EAChB,QAAgE;QAEhE,MAAM,eAAe,GAA4B,EAAE,CAAC;QACpD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE/B,6BAA6B;QAC7B,KAAK,IAAI,SAAS,GAAG,CAAC,EAAE,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,CAAC;YAC9D,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC;YAC9B,MAAM,UAAU,GAAG,SAAS,GAAG,CAAC,CAAC;YAEjC,6BAA6B;YAC7B,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACpC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;gBAE5D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;oBAC5B,+BAA+B;oBAC/B,IAAI,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC,OAAO,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;wBAC7D,SAAS,CAAC,2BAA2B;oBACvC,CAAC;oBAED,4BAA4B;oBAC5B,IAAI,IAAA,uCAAqB,EAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;wBAChE,SAAS,CAAC,8BAA8B;oBAC1C,CAAC;oBAED,uBAAuB;oBACvB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;gBAC5E,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,eAAe,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,WAAW,CACjB,IAAY,EACZ,OAAsB,EACtB,UAAkB;QAElB,MAAM,OAAO,GAAkB,EAAE,CAAC;QAClC,IAAI,KAA6B,CAAC;QAElC,sCAAsC;QACtC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAEtD,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC3C,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACvB,MAAM,OAAO,GAAG,IAAA,kCAAgB,EAAC,KAAK,CAAC,CAAC;YAExC,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO;gBACP,KAAK;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,KAAK,CAAC,KAAK;gBACnB,OAAO;gBACP,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE;aACrB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,mBAAmB,CACzB,KAAkB,EAClB,QAAgB,EAChB,QAAgB;QAEhB,4DAA4D;QAC5D,MAAM,QAAQ,GAAG,oBAAoB,KAAK,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;QACxD,MAAM,OAAO,GAAG,IAAA,yCAAsB,EAAC,QAAQ,CAAC,CAAC;QACjD,MAAM,UAAU,GAAG,IAAA,yCAAoB,EAAC,QAAQ,CAAC,CAAC;QAElD,OAAO;YACL,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,OAAO,EAAE,8BAA8B,KAAK,CAAC,OAAO,CAAC,IAAI,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;YAC7F,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,UAAU,EAAE,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC;YAC3D,QAAQ;YACR,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;YAC5C,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,KAAK,EAAE,UAAU,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,aAAa;YACtD,GAAG,EAAE,UAAU,CAAC,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG;YACxC,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,YAAY,EAAE;gBACZ,WAAW,EAAE,aAAa,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,oEAAoE;gBAC9H,cAAc,EAAE,0CAA0C,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;gBACxF,eAAe,EAAE;oBACf,gCAAgC;oBAChC,uCAAuC;oBACvC,iCAAiC;oBACjC,sCAAsC;iBACvC;aACF;YACD,WAAW,EAAE;gBACX,MAAM,EAAE,KAAK,CAAC,OAAO;gBACrB,KAAK,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC;gBAClD,WAAW,EAAE,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC;aAC7D;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,KAAa;QAC9B,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACtB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,KAAK,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC/C,OAAO,GAAG,KAAK,MAAM,IAAI,EAAE,CAAC;IAC9B,CAAC;IAED;;OAEG;IACK,iBAAiB,CAAC,OAAsB,EAAE,QAAgB;QAChE,MAAM,kBAAkB,GAAG,OAAO,CAAC,WAAW,CAAC;QAE/C,MAAM,aAAa,GAAG,QAAQ,KAAK,QAAQ;YACzC,CAAC,CAAC,2BAA2B;YAC7B,CAAC,CAAC,QAAQ,KAAK,MAAM;gBACrB,CAAC,CAAC,0BAA0B;gBAC5B,CAAC,CAAC,qBAAqB,CAAC;QAE1B,OAAO,GAAG,kBAAkB,wBAAwB;YAClD,0CAA0C;YAC1C,oEAAoE;YACpE,WAAW,aAAa,IAAI;YAC5B,iDAAiD;YACjD,0CAA0C,CAAC;IAC/C,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,OAAsB,EAAE,QAAgB;QAC5D,MAAM,OAAO,GAAG,OAAO,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAE5D,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC1B,OAAO,cAAc,OAAO,sBAAsB,OAAO,0BAA0B,CAAC;QACtF,CAAC;aAAM,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;YAC/B,OAAO,UAAU,OAAO,CAAC,WAAW,EAAE,qBAAqB,OAAO,KAAK,CAAC;QAC1E,CAAC;aAAM,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YAC7B,OAAO,gBAAgB,OAAO,CAAC,WAAW,EAAE,kBAAkB,OAAO,IAAI,CAAC;QAC5E,CAAC;aAAM,CAAC;YACN,wBAAwB;YACxB,OAAO,SAAS,OAAO,CAAC,WAAW,EAAE,kBAAkB,OAAO,0BAA0B,CAAC;QAC3F,CAAC;IACH,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,KAAkB;QAC5C,IAAI,UAAU,GAAG,EAAE,CAAC,CAAC,kBAAkB;QAEvC,qCAAqC;QACrC,IAAI,KAAK,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC;YACxB,UAAU,IAAI,EAAE,CAAC;QACnB,CAAC;aAAM,IAAI,KAAK,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC;YAC/B,UAAU,IAAI,EAAE,CAAC;QACnB,CAAC;QAED,8CAA8C;QAC9C,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5E,UAAU,IAAI,EAAE,CAAC;QACnB,CAAC;QAED,OAAO,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACnC,CAAC;CACF;AA1MD,0CA0MC;AAED;;GAEG;AACH,SAAgB,qBAAqB;IACnC,OAAO,IAAI,eAAe,EAAE,CAAC;AAC/B,CAAC"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Shared types for the Secrets Detection module.
|
|
3
|
+
*
|
|
4
|
+
* Extracted here to break the circular dependency between secrets-analyzer.ts
|
|
5
|
+
* and the pattern files (patterns/* imported SecretPattern from secrets-analyzer,
|
|
6
|
+
* which already imported from patterns/*).
|
|
7
|
+
*/
|
|
8
|
+
/**
|
|
9
|
+
* Secret pattern definition
|
|
10
|
+
*/
|
|
11
|
+
export interface SecretPattern {
|
|
12
|
+
/** Pattern identifier (e.g., 'aws-access-key', 'github-token') */
|
|
13
|
+
id: string;
|
|
14
|
+
/** Human-readable name */
|
|
15
|
+
name: string;
|
|
16
|
+
/** Regex pattern to match the secret */
|
|
17
|
+
pattern: RegExp;
|
|
18
|
+
/** Minimum entropy threshold (0-8, where 8 is maximum randomness) */
|
|
19
|
+
minEntropy?: number;
|
|
20
|
+
/** Description of the secret type */
|
|
21
|
+
description: string;
|
|
22
|
+
/** Severity: 'critical', 'high', 'medium' */
|
|
23
|
+
severity: 'critical' | 'high' | 'medium';
|
|
24
|
+
/** OWASP 2025 category */
|
|
25
|
+
owaspCategory: string;
|
|
26
|
+
/** CWE identifier */
|
|
27
|
+
cwe: string;
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* Secret detection result
|
|
31
|
+
*/
|
|
32
|
+
export interface SecretMatch {
|
|
33
|
+
pattern: SecretPattern;
|
|
34
|
+
value: string;
|
|
35
|
+
line: number;
|
|
36
|
+
column: number;
|
|
37
|
+
entropy: number;
|
|
38
|
+
context: string;
|
|
39
|
+
}
|
|
40
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/secrets/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,kEAAkE;IAClE,EAAE,EAAE,MAAM,CAAC;IACX,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,wCAAwC;IACxC,OAAO,EAAE,MAAM,CAAC;IAChB,qEAAqE;IACrE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,qCAAqC;IACrC,WAAW,EAAE,MAAM,CAAC;IACpB,6CAA6C;IAC7C,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,0BAA0B;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,qBAAqB;IACrB,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,aAAa,CAAC;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Shared types for the Secrets Detection module.
|
|
4
|
+
*
|
|
5
|
+
* Extracted here to break the circular dependency between secrets-analyzer.ts
|
|
6
|
+
* and the pattern files (patterns/* imported SecretPattern from secrets-analyzer,
|
|
7
|
+
* which already imported from patterns/*).
|
|
8
|
+
*/
|
|
9
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../../../../src/lib/analyzers/secrets/types.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG"}
|
|
@@ -37,6 +37,7 @@ export declare class TerraformAnalyzer implements ICodeAnalyzer {
|
|
|
37
37
|
readonly language: SupportedLanguage;
|
|
38
38
|
analyze(input: AnalyzerInput): Promise<AnalyzerResult>;
|
|
39
39
|
private analyzeSecurity;
|
|
40
|
+
private analyzePII;
|
|
40
41
|
private calculateMetrics;
|
|
41
42
|
private detectProductionContext;
|
|
42
43
|
validateSyntax(code: string): Promise<boolean>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"terraform-analyzer.d.ts","sourceRoot":"","sources":["../../../../../../src/lib/analyzers/terraform-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAyB,MAAM,SAAS,CAAC;AAC9F,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"terraform-analyzer.d.ts","sourceRoot":"","sources":["../../../../../../src/lib/analyzers/terraform-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAyB,MAAM,SAAS,CAAC;AAC9F,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAuB7C,qBAAa,iBAAkB,YAAW,aAAa;IACrD,SAAgB,QAAQ,EAAE,iBAAiB,CAAe;IAEpD,OAAO,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;IAsD5D,OAAO,CAAC,eAAe;IA0BvB,OAAO,CAAC,UAAU;IA0BlB,OAAO,CAAC,gBAAgB;IAaxB,OAAO,CAAC,uBAAuB;IAMzB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IASpD,eAAe,IAAI;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;KACrB;CAOF"}
|
|
@@ -36,6 +36,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
36
36
|
exports.TerraformAnalyzer = void 0;
|
|
37
37
|
const parser_1 = require("./terraform/parser");
|
|
38
38
|
const aws_checks_1 = require("./terraform/aws-checks");
|
|
39
|
+
const pii_detector_1 = require("./iac/pii-detector");
|
|
40
|
+
const ignore_patterns_1 = require("../utils/ignore-patterns");
|
|
39
41
|
class TerraformAnalyzer {
|
|
40
42
|
constructor() {
|
|
41
43
|
this.language = 'terraform';
|
|
@@ -53,8 +55,12 @@ class TerraformAnalyzer {
|
|
|
53
55
|
const parsed = (0, parser_1.parseTerraform)(input.code);
|
|
54
56
|
// Analyze security for all resources
|
|
55
57
|
this.analyzeSecurity(parsed.resources, result);
|
|
58
|
+
// Analyze PII across all block types (WR3 Week 5.5)
|
|
59
|
+
this.analyzePII(parsed, result);
|
|
56
60
|
// Calculate basic metrics
|
|
57
61
|
this.calculateMetrics(input.code, result);
|
|
62
|
+
// Filter suppressed vulnerabilities (inline comments: # codeslick-ignore-next-line)
|
|
63
|
+
result.security.vulnerabilities = (0, ignore_patterns_1.filterSuppressedVulnerabilities)(input.code, result.security.vulnerabilities);
|
|
58
64
|
// Feature 1 Phase 1: Smart Triage with EPSS scoring
|
|
59
65
|
// TODO (WR3 Week 2): Re-enable triage after fixing severity vs priority field issue
|
|
60
66
|
// For MVP Day 1-2, disabled to test base checks without triage interference
|
|
@@ -104,6 +110,28 @@ class TerraformAnalyzer {
|
|
|
104
110
|
}
|
|
105
111
|
}
|
|
106
112
|
}
|
|
113
|
+
analyzePII(parsed, result) {
|
|
114
|
+
// Check resources for PII
|
|
115
|
+
for (const resource of parsed.resources || []) {
|
|
116
|
+
const piiVulns = (0, pii_detector_1.checkResourcePII)(resource);
|
|
117
|
+
result.security.vulnerabilities.push(...piiVulns);
|
|
118
|
+
}
|
|
119
|
+
// Check variables for PII in defaults
|
|
120
|
+
for (const variable of parsed.variables || []) {
|
|
121
|
+
const piiVulns = (0, pii_detector_1.checkVariablePII)(variable);
|
|
122
|
+
result.security.vulnerabilities.push(...piiVulns);
|
|
123
|
+
}
|
|
124
|
+
// Check locals for PII
|
|
125
|
+
for (const locals of parsed.locals || []) {
|
|
126
|
+
const piiVulns = (0, pii_detector_1.checkLocalsPII)(locals);
|
|
127
|
+
result.security.vulnerabilities.push(...piiVulns);
|
|
128
|
+
}
|
|
129
|
+
// Check outputs for PII exposure
|
|
130
|
+
for (const output of parsed.outputs || []) {
|
|
131
|
+
const piiVulns = (0, pii_detector_1.checkOutputPII)(output);
|
|
132
|
+
result.security.vulnerabilities.push(...piiVulns);
|
|
133
|
+
}
|
|
134
|
+
}
|
|
107
135
|
calculateMetrics(code, result) {
|
|
108
136
|
const lines = code.split('\n');
|
|
109
137
|
result.metrics.lines = lines.length;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"terraform-analyzer.js","sourceRoot":"","sources":["../../../../../../src/lib/analyzers/terraform-analyzer.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;;;AAIH,+CAAoD;AACpD,uDAWgC;
|
|
1
|
+
{"version":3,"file":"terraform-analyzer.js","sourceRoot":"","sources":["../../../../../../src/lib/analyzers/terraform-analyzer.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;;;AAIH,+CAAoD;AACpD,uDAWgC;AAChC,qDAK4B;AAE5B,8DAA2E;AAE3E,MAAa,iBAAiB;IAA9B;QACkB,aAAQ,GAAsB,WAAW,CAAC;IAmJ5D,CAAC;IAjJC,KAAK,CAAC,OAAO,CAAC,KAAoB;QAChC,MAAM,MAAM,GAAmB;YAC7B,MAAM,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE;YACnD,OAAO,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,EAAE;YACnC,WAAW,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,WAAW,EAAE,EAAE,EAAE;YAC5C,QAAQ,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE;YACjC,OAAO,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,eAAe,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE;SACzE,CAAC;QAEF,IAAI,CAAC;YACH,sBAAsB;YACtB,MAAM,MAAM,GAAG,IAAA,uBAAc,EAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAE1C,qCAAqC;YACrC,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YAE/C,oDAAoD;YACpD,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAEhC,0BAA0B;YAC1B,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAE1C,oFAAoF;YACpF,MAAM,CAAC,QAAQ,CAAC,eAAe,GAAG,IAAA,iDAA+B,EAC/D,KAAK,CAAC,IAAI,EACV,MAAM,CAAC,QAAQ,CAAC,eAAe,CAChC,CAAC;YAEF,oDAAoD;YACpD,oFAAoF;YACpF,4EAA4E;YAC5E,QAAQ;YACR,sDAAsD;YACtD,0FAA0F;YAC1F,8BAA8B;YAC9B,4EAA4E;YAC5E,WAAW;YACX,UAAU;YACV,0FAA0F;YAC1F,2EAA2E;YAC3E,MAAM;YACN,0BAA0B;YAC1B,yEAAyE;YACzE,uIAAuI;YACvI,IAAI;QACN,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YAC9E,MAAM,CAAC,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;YAC5B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,6BAA6B,YAAY,EAAE,CAAC,CAAC;QACzE,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,eAAe,CAAC,SAAgB,EAAE,MAAsB;QAC9D,MAAM,MAAM,GAAG;YACb,2BAA2B;YAC3B,6BAAgB;YAChB,8BAAiB;YACjB,8BAAiB;YACjB,2BAAc;YACd,qCAAwB;YACxB,4BAA4B;YAC5B,oCAAuB;YACvB,sCAAyB;YACzB,gCAAmB;YACnB,wCAA2B;YAC3B,qCAAwB;SACzB,CAAC;QAEF,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YACjC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,MAAM,aAAa,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC;gBACtC,IAAI,aAAa,EAAE,CAAC;oBAClB,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAEO,UAAU,CAAC,MAAW,EAAE,MAAsB;QACpD,0BAA0B;QAC1B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,IAAI,EAAE,EAAE,CAAC;YAC9C,MAAM,QAAQ,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;YAC5C,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;QACpD,CAAC;QAED,sCAAsC;QACtC,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,IAAI,EAAE,EAAE,CAAC;YAC9C,MAAM,QAAQ,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;YAC5C,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;QACpD,CAAC;QAED,uBAAuB;QACvB,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YACzC,MAAM,QAAQ,GAAG,IAAA,6BAAc,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;QACpD,CAAC;QAED,iCAAiC;QACjC,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,IAAI,EAAE,EAAE,CAAC;YAC1C,MAAM,QAAQ,GAAG,IAAA,6BAAc,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAEO,gBAAgB,CAAC,IAAY,EAAE,MAAsB;QAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC/B,MAAM,CAAC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC;QAEpC,6CAA6C;QAC7C,MAAM,aAAa,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QACnE,MAAM,CAAC,OAAO,CAAC,SAAS,GAAG,aAAa,CAAC;QAEzC,gDAAgD;QAChD,MAAM,CAAC,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,GAAG,aAAa,GAAG,CAAC,CAAC,CAAC;IACzE,CAAC;IAEO,uBAAuB,CAAC,QAAgB;QAC9C,MAAM,cAAc,GAAG,CAAC,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9D,MAAM,aAAa,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC7C,OAAO,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;IAC7E,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,IAAY;QAC/B,IAAI,CAAC;YACH,IAAA,uBAAc,EAAC,IAAI,CAAC,CAAC;YACrB,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,eAAe;QAKb,OAAO;YACL,IAAI,EAAE,WAAW;YACjB,UAAU,EAAE,CAAC,KAAK,EAAE,SAAS,CAAC;YAC9B,WAAW,EAAE,wEAAwE;SACtF,CAAC;IACJ,CAAC;CACF;AApJD,8CAoJC"}
|
|
@@ -112,6 +112,11 @@ export declare class TypeScriptAnalyzer implements ICodeAnalyzer {
|
|
|
112
112
|
*/
|
|
113
113
|
private detectDuplicateIdentifiers;
|
|
114
114
|
private calculateMetrics;
|
|
115
|
+
/**
|
|
116
|
+
* Detect AI Hallucinations - Common method name errors from AI code generators
|
|
117
|
+
* February 6, 2026 - Individual line detection for Monaco editor highlighting
|
|
118
|
+
*/
|
|
119
|
+
private detectAIHallucinations;
|
|
115
120
|
/**
|
|
116
121
|
* Detect if code is likely production code based on file path
|
|
117
122
|
* Feature 1 Phase 1: Environment context for smart triage
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"typescript-analyzer.d.ts","sourceRoot":"","sources":["../../../../../../src/lib/analyzers/typescript-analyzer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAkD,MAAM,SAAS,CAAC;AACvH,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"typescript-analyzer.d.ts","sourceRoot":"","sources":["../../../../../../src/lib/analyzers/typescript-analyzer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAkD,MAAM,SAAS,CAAC;AACvH,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AA2B7C,qBAAa,kBAAmB,YAAW,aAAa;IACtD,SAAgB,QAAQ,EAAE,iBAAiB,CAAgB;IAE3D;;;;;;;OAOG;IACH,OAAO,CAAC,oBAAoB;IAgDtB,OAAO,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;IAmEtD,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAiBpD,eAAe;;;;;IAQf,OAAO,CAAC,aAAa;IAoCrB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA+JxB;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAwH5B;;;;OAIG;IACH,OAAO,CAAC,2BAA2B;IAgCnC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAkD3B;;OAEG;IACH,OAAO,CAAC,6BAA6B;IA2DrC;;OAEG;IACH,OAAO,CAAC,0BAA0B;IA8DlC;;OAEG;IACH,OAAO,CAAC,wBAAwB;IAiEhC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA0E1B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAmC7B;;OAEG;IACH,OAAO,CAAC,4BAA4B;IAkDpC;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAsDlC;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA6C5B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA+C/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA0D/B;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAiDjC;;OAEG;IACH,OAAO,CAAC,2BAA2B;IAiFnC,OAAO,CAAC,mBAAmB;IA2K3B,OAAO,CAAC,cAAc;IAwCtB,OAAO,CAAC,kBAAkB;IAwB1B,OAAO,CAAC,eAAe;IAmFvB;;;;;OAKG;IACH,OAAO,CAAC,0BAA0B;IAkDlC;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,0BAA0B;IA2IlC,OAAO,CAAC,gBAAgB;IAsBxB;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IA6E9B;;;OAGG;IACH,OAAO,CAAC,uBAAuB;CA+BhC"}
|
|
@@ -20,6 +20,8 @@ const secrets_analyzer_1 = require("./secrets/secrets-analyzer");
|
|
|
20
20
|
const ai_generated_code_1 = require("./typescript/security-checks/ai-generated-code");
|
|
21
21
|
const type_safety_1 = require("./typescript/security-checks/type-safety");
|
|
22
22
|
const triage_service_1 = require("../security/triage-service");
|
|
23
|
+
const ignore_patterns_1 = require("../utils/ignore-patterns");
|
|
24
|
+
const false_positive_filter_1 = require("./utils/false-positive-filter");
|
|
23
25
|
// TypeScript Compiler API Integration (2025-12-02)
|
|
24
26
|
const type_checker_1 = require("./typescript/type-checker");
|
|
25
27
|
class TypeScriptAnalyzer {
|
|
@@ -103,6 +105,10 @@ class TypeScriptAnalyzer {
|
|
|
103
105
|
result.security.vulnerabilities.push(...(0, ai_generated_code_1.checkAIGeneratedCode)(lines, input.filename));
|
|
104
106
|
// Type Safety Detection - Common type mismatches (Jan 23, 2026)
|
|
105
107
|
result.security.vulnerabilities.push(...(0, type_safety_1.checkTypeSafety)(lines, input.filename));
|
|
108
|
+
// Filter suppressed vulnerabilities (inline comments: // codeslick-ignore-next-line)
|
|
109
|
+
result.security.vulnerabilities = (0, ignore_patterns_1.filterSuppressedVulnerabilities)(input.code, result.security.vulnerabilities);
|
|
110
|
+
// Filter false positives (documentation, UI code, analyzer code, test files)
|
|
111
|
+
result.security.vulnerabilities = (0, false_positive_filter_1.filterFalsePositives)(result.security.vulnerabilities, input.filename);
|
|
106
112
|
// Feature 1 Phase 1: Smart Triage with EPSS scoring
|
|
107
113
|
// Enhance vulnerabilities with priority scores and exploit predictions
|
|
108
114
|
try {
|
|
@@ -170,6 +176,7 @@ class TypeScriptAnalyzer {
|
|
|
170
176
|
this.detectConfigurationIssues(code, lineErrors);
|
|
171
177
|
this.detectReactTypeScriptIssues(code, lineErrors);
|
|
172
178
|
this.detectDuplicateIdentifiers(code, lineErrors); // PHASE 6: NEW
|
|
179
|
+
this.detectAIHallucinations(code, lineErrors); // Feb 6, 2026: Individual line detection
|
|
173
180
|
// Balance checks
|
|
174
181
|
this.checkBracketBalance(code, errors, lineErrors);
|
|
175
182
|
result.syntax.errors = errors;
|
|
@@ -1680,6 +1687,75 @@ class TypeScriptAnalyzer {
|
|
|
1680
1687
|
result.metrics.complexity = complexity;
|
|
1681
1688
|
result.metrics.maintainability = Math.max(0, 100 - complexity * 3);
|
|
1682
1689
|
}
|
|
1690
|
+
/**
|
|
1691
|
+
* Detect AI Hallucinations - Common method name errors from AI code generators
|
|
1692
|
+
* February 6, 2026 - Individual line detection for Monaco editor highlighting
|
|
1693
|
+
*/
|
|
1694
|
+
detectAIHallucinations(code, lineErrors) {
|
|
1695
|
+
const lines = code.split('\n');
|
|
1696
|
+
// TypeScript AI hallucination patterns (17 patterns)
|
|
1697
|
+
const hallucinationMap = new Map([
|
|
1698
|
+
// Python-style methods in TypeScript
|
|
1699
|
+
['append', { description: 'TypeScript arrays use .push(), not .append() (Python method)', correct: '.push()' }],
|
|
1700
|
+
['strip', { description: 'TypeScript strings use .trim(), not .strip() (Python method)', correct: '.trim()' }],
|
|
1701
|
+
['len', { description: 'TypeScript uses .length property, not .len() method', correct: '.length' }],
|
|
1702
|
+
['split_by', { description: 'Non-existent method. Use .split()', correct: '.split()' }],
|
|
1703
|
+
// Case sensitivity errors (AI typos)
|
|
1704
|
+
['toUppercase', { description: 'Case error. Use .toUpperCase() with capital C', correct: '.toUpperCase()' }],
|
|
1705
|
+
['toLowercase', { description: 'Case error. Use .toLowerCase() with capital C', correct: '.toLowerCase()' }],
|
|
1706
|
+
// Non-existent methods (hallucinations)
|
|
1707
|
+
['contains', { description: 'Use .includes(), not .contains() (Java method)', correct: '.includes()' }],
|
|
1708
|
+
['remove', { description: 'Arrays do not have .remove(). Use .splice() or .filter()', correct: '.splice() or .filter()' }],
|
|
1709
|
+
['replace_all', { description: 'TypeScript uses camelCase: .replaceAll()', correct: '.replaceAll()' }],
|
|
1710
|
+
['substring_of', { description: 'Non-existent method. Use .includes()', correct: '.includes()' }],
|
|
1711
|
+
['to_string', { description: 'TypeScript uses camelCase: .toString()', correct: '.toString()' }],
|
|
1712
|
+
['is_empty', { description: 'Non-existent method. Use .length === 0', correct: '.length === 0' }],
|
|
1713
|
+
// Property access errors
|
|
1714
|
+
['length', { description: 'Use .length property, not len() function', correct: 'use .length directly' }],
|
|
1715
|
+
['size', { description: 'Arrays use .length property, not .size', correct: '.length' }],
|
|
1716
|
+
// TypeScript-specific hallucinations
|
|
1717
|
+
['as_type', { description: 'Non-existent method. Use "as Type" type assertion', correct: 'value as Type' }],
|
|
1718
|
+
['typeof', { description: 'typeof is an operator, not a method', correct: 'typeof value' }],
|
|
1719
|
+
]);
|
|
1720
|
+
lines.forEach((line, index) => {
|
|
1721
|
+
const lineNumber = index + 1;
|
|
1722
|
+
if (line.trim().startsWith('//') || line.trim().startsWith('/*'))
|
|
1723
|
+
return;
|
|
1724
|
+
// CRITICAL FIX: Remove comments before pattern matching to prevent false positives
|
|
1725
|
+
const lineWithoutComments = line.replace(/\/\/.*$/, '').replace(/\/\*.*?\*\//g, '');
|
|
1726
|
+
// Detect method hallucinations with pattern: .method(
|
|
1727
|
+
const methodMatches = lineWithoutComments.matchAll(/\.(\w+)\s*\(/g);
|
|
1728
|
+
for (const match of methodMatches) {
|
|
1729
|
+
const method = match[1];
|
|
1730
|
+
const details = hallucinationMap.get(method);
|
|
1731
|
+
if (details) {
|
|
1732
|
+
lineErrors.push({
|
|
1733
|
+
line: lineNumber,
|
|
1734
|
+
error: `AttributeError: ${details.description}`,
|
|
1735
|
+
suggestion: `Use ${details.correct}`,
|
|
1736
|
+
severity: 'error'
|
|
1737
|
+
});
|
|
1738
|
+
}
|
|
1739
|
+
}
|
|
1740
|
+
// Detect property hallucinations (without parentheses, like .size, incorrect .length usage)
|
|
1741
|
+
const propertyMatches = lineWithoutComments.matchAll(/\.(\w+)(?!\s*\()/g);
|
|
1742
|
+
for (const match of propertyMatches) {
|
|
1743
|
+
const property = match[1];
|
|
1744
|
+
// Only flag specific properties we know are hallucinations (size, len)
|
|
1745
|
+
if (property === 'size' && !line.includes('Size') && !line.includes('.fontSize')) {
|
|
1746
|
+
const details = hallucinationMap.get(property);
|
|
1747
|
+
if (details) {
|
|
1748
|
+
lineErrors.push({
|
|
1749
|
+
line: lineNumber,
|
|
1750
|
+
error: `AttributeError: ${details.description}`,
|
|
1751
|
+
suggestion: `Use ${details.correct}`,
|
|
1752
|
+
severity: 'error'
|
|
1753
|
+
});
|
|
1754
|
+
}
|
|
1755
|
+
}
|
|
1756
|
+
}
|
|
1757
|
+
});
|
|
1758
|
+
}
|
|
1683
1759
|
/**
|
|
1684
1760
|
* Detect if code is likely production code based on file path
|
|
1685
1761
|
* Feature 1 Phase 1: Environment context for smart triage
|