compromising-position 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +250 -0
- package/bin/compromising-position +29 -0
- package/dist/checks/hibp-email.d.ts +7 -0
- package/dist/checks/hibp-email.d.ts.map +1 -0
- package/dist/checks/hibp-email.js +99 -0
- package/dist/checks/hibp-email.js.map +1 -0
- package/dist/checks/hibp-password.d.ts +13 -0
- package/dist/checks/hibp-password.d.ts.map +1 -0
- package/dist/checks/hibp-password.js +119 -0
- package/dist/checks/hibp-password.js.map +1 -0
- package/dist/checks/local-check.d.ts +9 -0
- package/dist/checks/local-check.d.ts.map +1 -0
- package/dist/checks/local-check.js +36 -0
- package/dist/checks/local-check.js.map +1 -0
- package/dist/checks/plugin.d.ts +29 -0
- package/dist/checks/plugin.d.ts.map +1 -0
- package/dist/checks/plugin.js +2 -0
- package/dist/checks/plugin.js.map +1 -0
- package/dist/checks/plugins/common-secrets-plugin.d.ts +3 -0
- package/dist/checks/plugins/common-secrets-plugin.d.ts.map +1 -0
- package/dist/checks/plugins/common-secrets-plugin.js +130 -0
- package/dist/checks/plugins/common-secrets-plugin.js.map +1 -0
- package/dist/checks/plugins/dehashed-plugin.d.ts +3 -0
- package/dist/checks/plugins/dehashed-plugin.d.ts.map +1 -0
- package/dist/checks/plugins/dehashed-plugin.js +86 -0
- package/dist/checks/plugins/dehashed-plugin.js.map +1 -0
- package/dist/checks/plugins/emailrep-plugin.d.ts +3 -0
- package/dist/checks/plugins/emailrep-plugin.d.ts.map +1 -0
- package/dist/checks/plugins/emailrep-plugin.js +95 -0
- package/dist/checks/plugins/emailrep-plugin.js.map +1 -0
- package/dist/checks/plugins/gitguardian-hsl-plugin.d.ts +3 -0
- package/dist/checks/plugins/gitguardian-hsl-plugin.d.ts.map +1 -0
- package/dist/checks/plugins/gitguardian-hsl-plugin.js +75 -0
- package/dist/checks/plugins/gitguardian-hsl-plugin.js.map +1 -0
- package/dist/checks/plugins/hibp-email-plugin.d.ts +3 -0
- package/dist/checks/plugins/hibp-email-plugin.d.ts.map +1 -0
- package/dist/checks/plugins/hibp-email-plugin.js +73 -0
- package/dist/checks/plugins/hibp-email-plugin.js.map +1 -0
- package/dist/checks/plugins/hibp-password-plugin.d.ts +3 -0
- package/dist/checks/plugins/hibp-password-plugin.d.ts.map +1 -0
- package/dist/checks/plugins/hibp-password-plugin.js +39 -0
- package/dist/checks/plugins/hibp-password-plugin.js.map +1 -0
- package/dist/checks/plugins/intelx-plugin.d.ts +3 -0
- package/dist/checks/plugins/intelx-plugin.d.ts.map +1 -0
- package/dist/checks/plugins/intelx-plugin.js +113 -0
- package/dist/checks/plugins/intelx-plugin.js.map +1 -0
- package/dist/checks/plugins/leakcheck-plugin.d.ts +3 -0
- package/dist/checks/plugins/leakcheck-plugin.d.ts.map +1 -0
- package/dist/checks/plugins/leakcheck-plugin.js +82 -0
- package/dist/checks/plugins/leakcheck-plugin.js.map +1 -0
- package/dist/checks/plugins/local-analysis-plugin.d.ts +3 -0
- package/dist/checks/plugins/local-analysis-plugin.d.ts.map +1 -0
- package/dist/checks/plugins/local-analysis-plugin.js +36 -0
- package/dist/checks/plugins/local-analysis-plugin.js.map +1 -0
- package/dist/checks/registry.d.ts +24 -0
- package/dist/checks/registry.d.ts.map +1 -0
- package/dist/checks/registry.js +53 -0
- package/dist/checks/registry.js.map +1 -0
- package/dist/config/config.d.ts +10 -0
- package/dist/config/config.d.ts.map +1 -0
- package/dist/config/config.js +56 -0
- package/dist/config/config.js.map +1 -0
- package/dist/core/entropy.d.ts +23 -0
- package/dist/core/entropy.d.ts.map +1 -0
- package/dist/core/entropy.js +180 -0
- package/dist/core/entropy.js.map +1 -0
- package/dist/core/fingerprint.d.ts +7 -0
- package/dist/core/fingerprint.d.ts.map +1 -0
- package/dist/core/fingerprint.js +10 -0
- package/dist/core/fingerprint.js.map +1 -0
- package/dist/core/key-identifier.d.ts +9 -0
- package/dist/core/key-identifier.d.ts.map +1 -0
- package/dist/core/key-identifier.js +310 -0
- package/dist/core/key-identifier.js.map +1 -0
- package/dist/core/sanitize.d.ts +7 -0
- package/dist/core/sanitize.d.ts.map +1 -0
- package/dist/core/sanitize.js +15 -0
- package/dist/core/sanitize.js.map +1 -0
- package/dist/core/secure-buffer.d.ts +61 -0
- package/dist/core/secure-buffer.d.ts.map +1 -0
- package/dist/core/secure-buffer.js +122 -0
- package/dist/core/secure-buffer.js.map +1 -0
- package/dist/index.d.ts +4 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +472 -0
- package/dist/index.js.map +1 -0
- package/dist/input/batch-parser.d.ts +21 -0
- package/dist/input/batch-parser.d.ts.map +1 -0
- package/dist/input/batch-parser.js +65 -0
- package/dist/input/batch-parser.js.map +1 -0
- package/dist/input/secure-prompt.d.ts +11 -0
- package/dist/input/secure-prompt.d.ts.map +1 -0
- package/dist/input/secure-prompt.js +105 -0
- package/dist/input/secure-prompt.js.map +1 -0
- package/dist/output/audit-log.d.ts +11 -0
- package/dist/output/audit-log.d.ts.map +1 -0
- package/dist/output/audit-log.js +50 -0
- package/dist/output/audit-log.js.map +1 -0
- package/dist/output/csv.d.ts +6 -0
- package/dist/output/csv.d.ts.map +1 -0
- package/dist/output/csv.js +28 -0
- package/dist/output/csv.js.map +1 -0
- package/dist/output/formatter.d.ts +12 -0
- package/dist/output/formatter.d.ts.map +1 -0
- package/dist/output/formatter.js +154 -0
- package/dist/output/formatter.js.map +1 -0
- package/dist/output/sarif.d.ts +6 -0
- package/dist/output/sarif.d.ts.map +1 -0
- package/dist/output/sarif.js +52 -0
- package/dist/output/sarif.js.map +1 -0
- package/dist/types/index.d.ts +141 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +45 -0
- package/dist/types/index.js.map +1 -0
- package/dist/verification/anthropic-verifier.d.ts +3 -0
- package/dist/verification/anthropic-verifier.d.ts.map +1 -0
- package/dist/verification/anthropic-verifier.js +56 -0
- package/dist/verification/anthropic-verifier.js.map +1 -0
- package/dist/verification/aws-verifier.d.ts +14 -0
- package/dist/verification/aws-verifier.d.ts.map +1 -0
- package/dist/verification/aws-verifier.js +30 -0
- package/dist/verification/aws-verifier.js.map +1 -0
- package/dist/verification/github-verifier.d.ts +4 -0
- package/dist/verification/github-verifier.d.ts.map +1 -0
- package/dist/verification/github-verifier.js +62 -0
- package/dist/verification/github-verifier.js.map +1 -0
- package/dist/verification/openai-verifier.d.ts +4 -0
- package/dist/verification/openai-verifier.d.ts.map +1 -0
- package/dist/verification/openai-verifier.js +59 -0
- package/dist/verification/openai-verifier.js.map +1 -0
- package/dist/verification/slack-verifier.d.ts +4 -0
- package/dist/verification/slack-verifier.d.ts.map +1 -0
- package/dist/verification/slack-verifier.js +67 -0
- package/dist/verification/slack-verifier.js.map +1 -0
- package/dist/verification/verifier-registry.d.ts +13 -0
- package/dist/verification/verifier-registry.d.ts.map +1 -0
- package/dist/verification/verifier-registry.js +19 -0
- package/dist/verification/verifier-registry.js.map +1 -0
- package/dist/verification/verifier.d.ts +24 -0
- package/dist/verification/verifier.d.ts.map +1 -0
- package/dist/verification/verifier.js +2 -0
- package/dist/verification/verifier.js.map +1 -0
- package/package.json +61 -0
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
import { SecureBuffer } from "../core/secure-buffer.js";
|
|
2
|
+
/**
|
|
3
|
+
* Read a secret from stdin.
|
|
4
|
+
*
|
|
5
|
+
* - If stdin is a pipe: reads all data from the pipe.
|
|
6
|
+
* - If stdin is a TTY: prompts interactively with hidden input.
|
|
7
|
+
*
|
|
8
|
+
* Always returns a SecureBuffer (Buffer-backed, not String).
|
|
9
|
+
*/
|
|
10
|
+
export async function readSecret() {
|
|
11
|
+
if (!process.stdin.isTTY) {
|
|
12
|
+
return readFromPipe();
|
|
13
|
+
}
|
|
14
|
+
return readFromTTY();
|
|
15
|
+
}
|
|
16
|
+
async function readFromPipe() {
|
|
17
|
+
const chunks = [];
|
|
18
|
+
return new Promise((resolve, reject) => {
|
|
19
|
+
process.stdin.on("data", (chunk) => {
|
|
20
|
+
chunks.push(chunk);
|
|
21
|
+
});
|
|
22
|
+
process.stdin.on("end", () => {
|
|
23
|
+
const combined = Buffer.concat(chunks);
|
|
24
|
+
// Strip trailing newline that shells typically add.
|
|
25
|
+
// Note: combined.subarray() returns a view, not a copy.
|
|
26
|
+
// SecureBuffer.fromBuffer() copies the data before we zero combined.
|
|
27
|
+
let end = combined.length;
|
|
28
|
+
while (end > 0 && (combined[end - 1] === 0x0a || combined[end - 1] === 0x0d)) {
|
|
29
|
+
end--;
|
|
30
|
+
}
|
|
31
|
+
const trimmed = combined.subarray(0, end);
|
|
32
|
+
const secret = SecureBuffer.fromBuffer(trimmed);
|
|
33
|
+
// Zero the intermediate buffers
|
|
34
|
+
for (const chunk of chunks) {
|
|
35
|
+
chunk.fill(0);
|
|
36
|
+
}
|
|
37
|
+
combined.fill(0);
|
|
38
|
+
resolve(secret);
|
|
39
|
+
});
|
|
40
|
+
process.stdin.on("error", (err) => {
|
|
41
|
+
// Zero any accumulated data before rejecting
|
|
42
|
+
for (const chunk of chunks) {
|
|
43
|
+
chunk.fill(0);
|
|
44
|
+
}
|
|
45
|
+
reject(err);
|
|
46
|
+
});
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
/** Max input length for TTY (4 KiB should be sufficient for any API key). */
|
|
50
|
+
const TTY_BUFFER_SIZE = 4096;
|
|
51
|
+
async function readFromTTY() {
|
|
52
|
+
process.stderr.write("Enter secret (input hidden): ");
|
|
53
|
+
return new Promise((resolve, reject) => {
|
|
54
|
+
const stdin = process.stdin;
|
|
55
|
+
const wasRaw = stdin.isRaw;
|
|
56
|
+
// Accumulate input directly into a Buffer (not strings) so we can zero it.
|
|
57
|
+
const buf = Buffer.alloc(TTY_BUFFER_SIZE);
|
|
58
|
+
let pos = 0;
|
|
59
|
+
stdin.setRawMode(true);
|
|
60
|
+
stdin.resume();
|
|
61
|
+
const cleanup = () => {
|
|
62
|
+
stdin.setRawMode(wasRaw ?? false);
|
|
63
|
+
stdin.pause();
|
|
64
|
+
stdin.removeListener("data", onData);
|
|
65
|
+
};
|
|
66
|
+
const onData = (data) => {
|
|
67
|
+
// data is a Buffer in raw mode when encoding is not set
|
|
68
|
+
for (let i = 0; i < data.length; i++) {
|
|
69
|
+
const byte = data[i];
|
|
70
|
+
// Ctrl+C (0x03)
|
|
71
|
+
if (byte === 0x03) {
|
|
72
|
+
cleanup();
|
|
73
|
+
process.stderr.write("\n");
|
|
74
|
+
buf.fill(0);
|
|
75
|
+
reject(new Error("Aborted"));
|
|
76
|
+
return;
|
|
77
|
+
}
|
|
78
|
+
// Enter (CR=0x0d or LF=0x0a)
|
|
79
|
+
if (byte === 0x0d || byte === 0x0a) {
|
|
80
|
+
cleanup();
|
|
81
|
+
process.stderr.write("\n");
|
|
82
|
+
const secret = SecureBuffer.fromBuffer(buf.subarray(0, pos));
|
|
83
|
+
buf.fill(0);
|
|
84
|
+
resolve(secret);
|
|
85
|
+
return;
|
|
86
|
+
}
|
|
87
|
+
// Backspace (0x7f) or BS (0x08)
|
|
88
|
+
if (byte === 0x7f || byte === 0x08) {
|
|
89
|
+
if (pos > 0) {
|
|
90
|
+
pos--;
|
|
91
|
+
buf[pos] = 0; // Zero the removed byte
|
|
92
|
+
}
|
|
93
|
+
continue;
|
|
94
|
+
}
|
|
95
|
+
// Regular byte — don't echo. Silently discard if buffer full.
|
|
96
|
+
if (pos < TTY_BUFFER_SIZE) {
|
|
97
|
+
buf[pos] = byte;
|
|
98
|
+
pos++;
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
};
|
|
102
|
+
stdin.on("data", onData);
|
|
103
|
+
});
|
|
104
|
+
}
|
|
105
|
+
//# sourceMappingURL=secure-prompt.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secure-prompt.js","sourceRoot":"","sources":["../../src/input/secure-prompt.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAExD;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU;IAC9B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACzB,OAAO,YAAY,EAAE,CAAC;IACxB,CAAC;IACD,OAAO,WAAW,EAAE,CAAC;AACvB,CAAC;AAED,KAAK,UAAU,YAAY;IACzB,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACzC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC,CAAC,CAAC;QAEH,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YAC3B,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACvC,oDAAoD;YACpD,wDAAwD;YACxD,qEAAqE;YACrE,IAAI,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC;YAC1B,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,IAAI,IAAI,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC;gBAC7E,GAAG,EAAE,CAAC;YACR,CAAC;YACD,MAAM,OAAO,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;YAC1C,MAAM,MAAM,GAAG,YAAY,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAChD,gCAAgC;YAChC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACjB,OAAO,CAAC,MAAM,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;QAEH,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YAChC,6CAA6C;YAC7C,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,CAAC;YACD,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,6EAA6E;AAC7E,MAAM,eAAe,GAAG,IAAI,CAAC;AAE7B,KAAK,UAAU,WAAW;IACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;IAEtD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC5B,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC;QAE3B,2EAA2E;QAC3E,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QAC1C,IAAI,GAAG,GAAG,CAAC,CAAC;QAEZ,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACvB,KAAK,CAAC,MAAM,EAAE,CAAC;QAEf,MAAM,OAAO,GAAG,GAAG,EAAE;YACnB,KAAK,CAAC,UAAU,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC;YAClC,KAAK,CAAC,KAAK,EAAE,CAAC;YACd,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACvC,CAAC,CAAC;QAEF,MAAM,MAAM,GAAG,CAAC,IAAY,EAAE,EAAE;YAC9B,wDAAwD;YACxD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACrC,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAE,CAAC;gBAEtB,gBAAgB;gBAChB,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;oBAClB,OAAO,EAAE,CAAC;oBACV,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBACZ,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;oBAC7B,OAAO;gBACT,CAAC;gBAED,6BAA6B;gBAC7B,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;oBACnC,OAAO,EAAE,CAAC;oBACV,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,MAAM,MAAM,GAAG,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC7D,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBACZ,OAAO,CAAC,MAAM,CAAC,CAAC;oBAChB,OAAO;gBACT,CAAC;gBAED,gCAAgC;gBAChC,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;oBACnC,IAAI,GAAG,GAAG,CAAC,EAAE,CAAC;wBACZ,GAAG,EAAE,CAAC;wBACN,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,wBAAwB;oBACxC,CAAC;oBACD,SAAS;gBACX,CAAC;gBAED,8DAA8D;gBAC9D,IAAI,GAAG,GAAG,eAAe,EAAE,CAAC;oBAC1B,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;oBAChB,GAAG,EAAE,CAAC;gBACR,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import type { AuditEntry, CheckResult } from "../types/index.js";
|
|
2
|
+
/** Convert a CheckResult to an audit entry (no secrets, only fingerprint). */
|
|
3
|
+
export declare function toAuditEntry(result: CheckResult): AuditEntry;
|
|
4
|
+
/**
|
|
5
|
+
* Validate an audit log path to prevent path traversal and device file writes.
|
|
6
|
+
* Returns the resolved absolute path, or throws on invalid paths.
|
|
7
|
+
*/
|
|
8
|
+
export declare function validateAuditLogPath(path: string): Promise<string>;
|
|
9
|
+
/** Append an audit entry to a JSONL file. */
|
|
10
|
+
export declare function writeAuditLog(path: string, result: CheckResult): Promise<void>;
|
|
11
|
+
//# sourceMappingURL=audit-log.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit-log.d.ts","sourceRoot":"","sources":["../../src/output/audit-log.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEjE,8EAA8E;AAC9E,wBAAgB,YAAY,CAAC,MAAM,EAAE,WAAW,GAAG,UAAU,CAS5D;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAyBxE;AAED,6CAA6C;AAC7C,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,WAAW,GAClB,OAAO,CAAC,IAAI,CAAC,CAKf"}
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
import { appendFile, lstat } from "node:fs/promises";
|
|
2
|
+
import { resolve } from "node:path";
|
|
3
|
+
/** Convert a CheckResult to an audit entry (no secrets, only fingerprint). */
|
|
4
|
+
export function toAuditEntry(result) {
|
|
5
|
+
return {
|
|
6
|
+
timestamp: result.timestamp,
|
|
7
|
+
fingerprint: result.fingerprint,
|
|
8
|
+
provider: result.local.identification.provider,
|
|
9
|
+
riskLevel: result.riskLevel,
|
|
10
|
+
hibpFound: result.hibpPassword?.found ?? null,
|
|
11
|
+
summary: result.summary,
|
|
12
|
+
};
|
|
13
|
+
}
|
|
14
|
+
/**
|
|
15
|
+
* Validate an audit log path to prevent path traversal and device file writes.
|
|
16
|
+
* Returns the resolved absolute path, or throws on invalid paths.
|
|
17
|
+
*/
|
|
18
|
+
export async function validateAuditLogPath(path) {
|
|
19
|
+
const resolved = resolve(path);
|
|
20
|
+
// Refuse device files
|
|
21
|
+
if (resolved.startsWith("/dev/") || resolved.startsWith("/proc/") || resolved.startsWith("/sys/")) {
|
|
22
|
+
throw new Error(`Refusing to write audit log to device path: ${resolved}`);
|
|
23
|
+
}
|
|
24
|
+
// Check if path is a symlink (could point to unexpected location)
|
|
25
|
+
try {
|
|
26
|
+
const stats = await lstat(resolved);
|
|
27
|
+
if (stats.isSymbolicLink()) {
|
|
28
|
+
throw new Error(`Refusing to write audit log to symlink: ${resolved}`);
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
catch (err) {
|
|
32
|
+
// File doesn't exist yet — that's fine, appendFile will create it
|
|
33
|
+
if (err instanceof Error && "code" in err && err.code === "ENOENT") {
|
|
34
|
+
// OK
|
|
35
|
+
}
|
|
36
|
+
else if (err instanceof Error && err.message.includes("Refusing")) {
|
|
37
|
+
throw err;
|
|
38
|
+
}
|
|
39
|
+
// Other stat errors — let appendFile handle them
|
|
40
|
+
}
|
|
41
|
+
return resolved;
|
|
42
|
+
}
|
|
43
|
+
/** Append an audit entry to a JSONL file. */
|
|
44
|
+
export async function writeAuditLog(path, result) {
|
|
45
|
+
const validatedPath = await validateAuditLogPath(path);
|
|
46
|
+
const entry = toAuditEntry(result);
|
|
47
|
+
const line = JSON.stringify(entry) + "\n";
|
|
48
|
+
await appendFile(validatedPath, line, "utf-8");
|
|
49
|
+
}
|
|
50
|
+
//# sourceMappingURL=audit-log.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit-log.js","sourceRoot":"","sources":["../../src/output/audit-log.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC,8EAA8E;AAC9E,MAAM,UAAU,YAAY,CAAC,MAAmB;IAC9C,OAAO;QACL,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,QAAQ;QAC9C,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,SAAS,EAAE,MAAM,CAAC,YAAY,EAAE,KAAK,IAAI,IAAI;QAC7C,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,IAAY;IACrD,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/B,sBAAsB;IACtB,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAClG,MAAM,IAAI,KAAK,CAAC,+CAA+C,QAAQ,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,kEAAkE;IAClE,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,CAAC;QACpC,IAAI,KAAK,CAAC,cAAc,EAAE,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,2CAA2C,QAAQ,EAAE,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,kEAAkE;QAClE,IAAI,GAAG,YAAY,KAAK,IAAI,MAAM,IAAI,GAAG,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC9F,KAAK;QACP,CAAC;aAAM,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACpE,MAAM,GAAG,CAAC;QACZ,CAAC;QACD,iDAAiD;IACnD,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,6CAA6C;AAC7C,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,IAAY,EACZ,MAAmB;IAEnB,MAAM,aAAa,GAAG,MAAM,oBAAoB,CAAC,IAAI,CAAC,CAAC;IACvD,MAAM,KAAK,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;IAC1C,MAAM,UAAU,CAAC,aAAa,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;AACjD,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"csv.d.ts","sourceRoot":"","sources":["../../src/output/csv.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAUrD;;GAEG;AACH,wBAAgB,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,GAAG,MAAM,CAiBxD"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
/** Escape a value for CSV (RFC 4180). */
|
|
2
|
+
function csvEscape(value) {
|
|
3
|
+
if (value.includes(",") || value.includes('"') || value.includes("\n")) {
|
|
4
|
+
return `"${value.replace(/"/g, '""')}"`;
|
|
5
|
+
}
|
|
6
|
+
return value;
|
|
7
|
+
}
|
|
8
|
+
/**
|
|
9
|
+
* Format check results as CSV.
|
|
10
|
+
*/
|
|
11
|
+
export function formatCsv(results) {
|
|
12
|
+
const header = "fingerprint,provider,confidence,risk_level,hibp_found,hibp_occurrences,entropy,summary,timestamp";
|
|
13
|
+
const rows = results.map((r) => {
|
|
14
|
+
return [
|
|
15
|
+
r.fingerprint,
|
|
16
|
+
csvEscape(r.local.identification.provider),
|
|
17
|
+
r.local.identification.confidence,
|
|
18
|
+
r.riskLevel,
|
|
19
|
+
r.hibpPassword?.found ?? "",
|
|
20
|
+
r.hibpPassword?.occurrences ?? "",
|
|
21
|
+
r.local.entropy.shannonEntropy,
|
|
22
|
+
csvEscape(r.summary),
|
|
23
|
+
r.timestamp,
|
|
24
|
+
].join(",");
|
|
25
|
+
});
|
|
26
|
+
return [header, ...rows].join("\n");
|
|
27
|
+
}
|
|
28
|
+
//# sourceMappingURL=csv.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"csv.js","sourceRoot":"","sources":["../../src/output/csv.ts"],"names":[],"mappings":"AAEA,yCAAyC;AACzC,SAAS,SAAS,CAAC,KAAa;IAC9B,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACvE,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC;IAC1C,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,OAAsB;IAC9C,MAAM,MAAM,GAAG,kGAAkG,CAAC;IAClH,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QAC7B,OAAO;YACL,CAAC,CAAC,WAAW;YACb,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,QAAQ,CAAC;YAC1C,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,UAAU;YACjC,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,YAAY,EAAE,KAAK,IAAI,EAAE;YAC3B,CAAC,CAAC,YAAY,EAAE,WAAW,IAAI,EAAE;YACjC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc;YAC9B,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC;YACpB,CAAC,CAAC,SAAS;SACZ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACd,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtC,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { CheckResult } from "../types/index.js";
|
|
2
|
+
/** Format a full check result as a colored terminal report. Writes to stderr. */
|
|
3
|
+
export declare function formatReport(result: CheckResult): string;
|
|
4
|
+
/** Format a result as JSON for piping. */
|
|
5
|
+
export declare function formatJson(result: CheckResult): string;
|
|
6
|
+
/** Format a privacy summary for all plugins. */
|
|
7
|
+
export declare function formatPrivacySummary(plugins: readonly {
|
|
8
|
+
id: string;
|
|
9
|
+
name: string;
|
|
10
|
+
privacySummary: string;
|
|
11
|
+
}[]): string;
|
|
12
|
+
//# sourceMappingURL=formatter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"formatter.d.ts","sourceRoot":"","sources":["../../src/output/formatter.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAa,MAAM,mBAAmB,CAAC;AA2BhE,iFAAiF;AACjF,wBAAgB,YAAY,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CA2IxD;AAED,0CAA0C;AAC1C,wBAAgB,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAEtD;AAED,gDAAgD;AAChD,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,SAAS;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,cAAc,EAAE,MAAM,CAAA;CAAE,EAAE,GACvE,MAAM,CASR"}
|
|
@@ -0,0 +1,154 @@
|
|
|
1
|
+
import chalk from "chalk";
|
|
2
|
+
import { sanitizeForTerminal } from "../core/sanitize.js";
|
|
3
|
+
const RISK_COLORS = {
|
|
4
|
+
critical: chalk.bgRed.white.bold,
|
|
5
|
+
high: chalk.red.bold,
|
|
6
|
+
medium: chalk.yellow.bold,
|
|
7
|
+
low: chalk.green.bold,
|
|
8
|
+
info: chalk.blue,
|
|
9
|
+
};
|
|
10
|
+
const RISK_LABELS = {
|
|
11
|
+
critical: "CRITICAL",
|
|
12
|
+
high: "HIGH",
|
|
13
|
+
medium: "MEDIUM",
|
|
14
|
+
low: "LOW",
|
|
15
|
+
info: "INFO",
|
|
16
|
+
};
|
|
17
|
+
function riskBadge(level) {
|
|
18
|
+
return RISK_COLORS[level](`[${RISK_LABELS[level]}]`);
|
|
19
|
+
}
|
|
20
|
+
/** Sanitize a value from an external API before terminal output. */
|
|
21
|
+
function s(val) {
|
|
22
|
+
return sanitizeForTerminal(val ?? "");
|
|
23
|
+
}
|
|
24
|
+
/** Format a full check result as a colored terminal report. Writes to stderr. */
|
|
25
|
+
export function formatReport(result) {
|
|
26
|
+
const lines = [];
|
|
27
|
+
lines.push("");
|
|
28
|
+
lines.push(chalk.bold("--- Credential Exposure Report ---"));
|
|
29
|
+
lines.push("");
|
|
30
|
+
// Risk level
|
|
31
|
+
lines.push(` Risk Level: ${riskBadge(result.riskLevel)}`);
|
|
32
|
+
lines.push(` Summary: ${s(result.summary)}`);
|
|
33
|
+
lines.push(` Fingerprint: ${chalk.dim(result.fingerprint)}`);
|
|
34
|
+
lines.push("");
|
|
35
|
+
// Local analysis
|
|
36
|
+
const local = result.local;
|
|
37
|
+
lines.push(chalk.bold.underline("Local Analysis"));
|
|
38
|
+
lines.push(` Provider: ${local.identification.provider} (${local.identification.confidence} confidence)`);
|
|
39
|
+
lines.push(` Description: ${local.identification.description}`);
|
|
40
|
+
lines.push(` Entropy: ${local.entropy.shannonEntropy} bits/char (${local.entropy.normalizedEntropy} normalized)`);
|
|
41
|
+
lines.push(` Encoding: ${local.entropy.encoding} | Length: ${local.entropy.length}`);
|
|
42
|
+
if (local.warnings.length > 0) {
|
|
43
|
+
lines.push("");
|
|
44
|
+
lines.push(chalk.yellow(" Warnings:"));
|
|
45
|
+
for (const w of local.warnings) {
|
|
46
|
+
lines.push(chalk.yellow(` ! ${w}`));
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
// HIBP password check
|
|
50
|
+
if (result.hibpPassword) {
|
|
51
|
+
lines.push("");
|
|
52
|
+
lines.push(chalk.bold.underline("HIBP Password Check (k-Anonymity)"));
|
|
53
|
+
const hp = result.hibpPassword;
|
|
54
|
+
if (hp.error) {
|
|
55
|
+
lines.push(chalk.red(` Error: ${s(hp.error)}`));
|
|
56
|
+
}
|
|
57
|
+
else if (hp.found) {
|
|
58
|
+
lines.push(chalk.red.bold(` FOUND in breach data — ${hp.occurrences.toLocaleString()} occurrence(s)`));
|
|
59
|
+
}
|
|
60
|
+
else {
|
|
61
|
+
lines.push(chalk.green(" Not found in breach data"));
|
|
62
|
+
}
|
|
63
|
+
lines.push(chalk.dim(` Hash prefix sent: ${hp.hashPrefix}`));
|
|
64
|
+
}
|
|
65
|
+
// HIBP email check
|
|
66
|
+
if (result.hibpEmail) {
|
|
67
|
+
lines.push("");
|
|
68
|
+
lines.push(chalk.bold.underline("HIBP Email Breach Check"));
|
|
69
|
+
const he = result.hibpEmail;
|
|
70
|
+
if (he.error) {
|
|
71
|
+
lines.push(chalk.red(` Error: ${s(he.error)}`));
|
|
72
|
+
}
|
|
73
|
+
else {
|
|
74
|
+
if (he.breaches.length > 0) {
|
|
75
|
+
lines.push(chalk.red(` Found in ${he.breaches.length} breach(es):`));
|
|
76
|
+
for (const b of he.breaches.slice(0, 10)) {
|
|
77
|
+
lines.push(` - ${s(b.Name)} (${s(b.BreachDate)})`);
|
|
78
|
+
}
|
|
79
|
+
if (he.breaches.length > 10) {
|
|
80
|
+
lines.push(chalk.dim(` ... and ${he.breaches.length - 10} more`));
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
else {
|
|
84
|
+
lines.push(chalk.green(" No breaches found"));
|
|
85
|
+
}
|
|
86
|
+
if (he.stealerLogs.length > 0) {
|
|
87
|
+
lines.push(chalk.red(` Found in ${he.stealerLogs.length} stealer log(s):`));
|
|
88
|
+
for (const sl of he.stealerLogs.slice(0, 5)) {
|
|
89
|
+
lines.push(` - ${s(sl.Name)} (${s(sl.Date)})`);
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
if (he.pastes.length > 0) {
|
|
93
|
+
lines.push(chalk.yellow(` Found in ${he.pastes.length} paste(s):`));
|
|
94
|
+
for (const p of he.pastes.slice(0, 5)) {
|
|
95
|
+
lines.push(` - ${s(p.Source)}: ${s(p.Title ?? p.Id)}`);
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
// Plugin results
|
|
101
|
+
if (result.pluginResults.length > 0) {
|
|
102
|
+
lines.push("");
|
|
103
|
+
lines.push(chalk.bold.underline("Plugin Results"));
|
|
104
|
+
for (const pr of result.pluginResults) {
|
|
105
|
+
const badge = riskBadge(pr.severity);
|
|
106
|
+
if (pr.error) {
|
|
107
|
+
lines.push(` ${s(pr.pluginName)}: ${chalk.red(`Error: ${s(pr.error)}`)}`);
|
|
108
|
+
}
|
|
109
|
+
else if (pr.found) {
|
|
110
|
+
lines.push(` ${s(pr.pluginName)}: ${badge} ${s(pr.details)}`);
|
|
111
|
+
}
|
|
112
|
+
else {
|
|
113
|
+
lines.push(` ${s(pr.pluginName)}: ${chalk.green(s(pr.details))}`);
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
// Verification result
|
|
118
|
+
if (result.verification) {
|
|
119
|
+
lines.push("");
|
|
120
|
+
lines.push(chalk.bold.underline("Active Key Verification"));
|
|
121
|
+
const v = result.verification;
|
|
122
|
+
if (v.error) {
|
|
123
|
+
lines.push(chalk.red(` Error: ${s(v.error)}`));
|
|
124
|
+
}
|
|
125
|
+
else if (v.active) {
|
|
126
|
+
lines.push(chalk.bgRed.white.bold(" KEY IS ACTIVE — rotate immediately!"));
|
|
127
|
+
lines.push(` ${s(v.details)}`);
|
|
128
|
+
}
|
|
129
|
+
else {
|
|
130
|
+
lines.push(chalk.green(` Key is inactive/revoked: ${s(v.details)}`));
|
|
131
|
+
}
|
|
132
|
+
lines.push(chalk.dim(` Endpoint checked: ${s(v.endpoint)}`));
|
|
133
|
+
}
|
|
134
|
+
lines.push("");
|
|
135
|
+
lines.push(chalk.dim(` Timestamp: ${result.timestamp}`));
|
|
136
|
+
lines.push("");
|
|
137
|
+
return lines.join("\n");
|
|
138
|
+
}
|
|
139
|
+
/** Format a result as JSON for piping. */
|
|
140
|
+
export function formatJson(result) {
|
|
141
|
+
return JSON.stringify(result, null, 2);
|
|
142
|
+
}
|
|
143
|
+
/** Format a privacy summary for all plugins. */
|
|
144
|
+
export function formatPrivacySummary(plugins) {
|
|
145
|
+
const lines = [];
|
|
146
|
+
lines.push("");
|
|
147
|
+
lines.push(chalk.bold("Privacy summary:"));
|
|
148
|
+
for (const p of plugins) {
|
|
149
|
+
lines.push(` ${chalk.cyan(p.id.padEnd(24))} ${p.privacySummary}`);
|
|
150
|
+
}
|
|
151
|
+
lines.push("");
|
|
152
|
+
return lines.join("\n");
|
|
153
|
+
}
|
|
154
|
+
//# sourceMappingURL=formatter.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"formatter.js","sourceRoot":"","sources":["../../src/output/formatter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAG1D,MAAM,WAAW,GAAgD;IAC/D,QAAQ,EAAE,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI;IAChC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,IAAI;IACpB,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,IAAI;IACzB,GAAG,EAAE,KAAK,CAAC,KAAK,CAAC,IAAI;IACrB,IAAI,EAAE,KAAK,CAAC,IAAI;CACjB,CAAC;AAEF,MAAM,WAAW,GAA8B;IAC7C,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;IACV,IAAI,EAAE,MAAM;CACb,CAAC;AAEF,SAAS,SAAS,CAAC,KAAgB;IACjC,OAAO,WAAW,CAAC,KAAK,CAAC,CAAC,IAAI,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AACvD,CAAC;AAED,oEAAoE;AACpE,SAAS,CAAC,CAAC,GAA8B;IACvC,OAAO,mBAAmB,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC;AACxC,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,YAAY,CAAC,MAAmB;IAC9C,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC,CAAC;IAC7D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,aAAa;IACb,KAAK,CAAC,IAAI,CAAC,kBAAkB,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IAC5D,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAClD,KAAK,CAAC,IAAI,CAAC,kBAAkB,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IAC9D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,iBAAiB;IACjB,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACnD,KAAK,CAAC,IAAI,CACR,kBAAkB,KAAK,CAAC,cAAc,CAAC,QAAQ,KAAK,KAAK,CAAC,cAAc,CAAC,UAAU,cAAc,CAClG,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,kBAAkB,KAAK,CAAC,cAAc,CAAC,WAAW,EAAE,CAAC,CAAC;IACjE,KAAK,CAAC,IAAI,CACR,kBAAkB,KAAK,CAAC,OAAO,CAAC,cAAc,eAAe,KAAK,CAAC,OAAO,CAAC,iBAAiB,cAAc,CAC3G,CAAC;IACF,KAAK,CAAC,IAAI,CACR,kBAAkB,KAAK,CAAC,OAAO,CAAC,QAAQ,cAAc,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,CAC7E,CAAC;IAEF,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;QACxC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YAC/B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;QACtE,MAAM,EAAE,GAAG,MAAM,CAAC,YAAY,CAAC;QAC/B,IAAI,EAAE,CAAC,KAAK,EAAE,CAAC;YACb,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;QACnD,CAAC;aAAM,IAAI,EAAE,CAAC,KAAK,EAAE,CAAC;YACpB,KAAK,CAAC,IAAI,CACR,KAAK,CAAC,GAAG,CAAC,IAAI,CACZ,4BAA4B,EAAE,CAAC,WAAW,CAAC,cAAc,EAAE,gBAAgB,CAC5E,CACF,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC;QACxD,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,uBAAuB,EAAE,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IAChE,CAAC;IAED,mBAAmB;IACnB,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAC,CAAC;QAC5D,MAAM,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC;QAC5B,IAAI,EAAE,CAAC,KAAK,EAAE,CAAC;YACb,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;QACnD,CAAC;aAAM,CAAC;YACN,IAAI,EAAE,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3B,KAAK,CAAC,IAAI,CACR,KAAK,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,QAAQ,CAAC,MAAM,cAAc,CAAC,CAC1D,CAAC;gBACF,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;oBACzC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;gBACxD,CAAC;gBACD,IAAI,EAAE,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;oBAC5B,KAAK,CAAC,IAAI,CACR,KAAK,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC,CACzD,CAAC;gBACJ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;YACjD,CAAC;YAED,IAAI,EAAE,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,KAAK,CAAC,IAAI,CACR,KAAK,CAAC,GAAG,CACP,cAAc,EAAE,CAAC,WAAW,CAAC,MAAM,kBAAkB,CACtD,CACF,CAAC;gBACF,KAAK,MAAM,EAAE,IAAI,EAAE,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;oBAC5C,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACpD,CAAC;YACH,CAAC;YAED,IAAI,EAAE,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzB,KAAK,CAAC,IAAI,CACR,KAAK,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC,MAAM,CAAC,MAAM,YAAY,CAAC,CACzD,CAAC;gBACF,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;oBACtC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC5D,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,iBAAiB;IACjB,IAAI,MAAM,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC,CAAC;QACnD,KAAK,MAAM,EAAE,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,SAAS,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC;YACrC,IAAI,EAAE,CAAC,KAAK,EAAE,CAAC;gBACb,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;YAC7E,CAAC;iBAAM,IAAI,EAAE,CAAC,KAAK,EAAE,CAAC;gBACpB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YACjE,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,KAAK,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC;YACrE,CAAC;QACH,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAC,CAAC;QAC5D,MAAM,CAAC,GAAG,MAAM,CAAC,YAAY,CAAC;QAC9B,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACZ,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;QAClD,CAAC;aAAM,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;YACpB,KAAK,CAAC,IAAI,CACR,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAChE,CAAC;YACF,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAClC,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;QACxE,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IAChE,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,gBAAgB,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;IAC1D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,0CAA0C;AAC1C,MAAM,UAAU,UAAU,CAAC,MAAmB;IAC5C,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACzC,CAAC;AAED,gDAAgD;AAChD,MAAM,UAAU,oBAAoB,CAClC,OAAwE;IAExE,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC3C,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC;IACrE,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sarif.d.ts","sourceRoot":"","sources":["../../src/output/sarif.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAa,MAAM,mBAAmB,CAAC;AAgDhE;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,WAAW,EAAE,GAAG,MAAM,CAsC1D"}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* SARIF severity mapping.
|
|
3
|
+
* See: https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html
|
|
4
|
+
*/
|
|
5
|
+
const SARIF_SEVERITY = {
|
|
6
|
+
critical: "error",
|
|
7
|
+
high: "error",
|
|
8
|
+
medium: "warning",
|
|
9
|
+
low: "note",
|
|
10
|
+
info: "none",
|
|
11
|
+
};
|
|
12
|
+
/**
|
|
13
|
+
* Format check results as SARIF for GitHub Advanced Security.
|
|
14
|
+
*/
|
|
15
|
+
export function formatSarif(results) {
|
|
16
|
+
const sarifResults = results.map((r) => ({
|
|
17
|
+
ruleId: `credential-exposure/${r.local.identification.provider.toLowerCase().replace(/\s+/g, "-")}`,
|
|
18
|
+
level: SARIF_SEVERITY[r.riskLevel],
|
|
19
|
+
message: { text: r.summary },
|
|
20
|
+
fingerprints: { primaryLocationHash: r.fingerprint },
|
|
21
|
+
properties: {
|
|
22
|
+
riskLevel: r.riskLevel,
|
|
23
|
+
provider: r.local.identification.provider,
|
|
24
|
+
timestamp: r.timestamp,
|
|
25
|
+
},
|
|
26
|
+
}));
|
|
27
|
+
const report = {
|
|
28
|
+
version: "2.1.0",
|
|
29
|
+
$schema: "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
|
|
30
|
+
runs: [
|
|
31
|
+
{
|
|
32
|
+
tool: {
|
|
33
|
+
driver: {
|
|
34
|
+
name: "compromising-position",
|
|
35
|
+
version: "1.0.0",
|
|
36
|
+
informationUri: "https://github.com/your-org/compromising-position",
|
|
37
|
+
rules: [
|
|
38
|
+
{
|
|
39
|
+
id: "credential-exposure",
|
|
40
|
+
shortDescription: { text: "Credential found in breach database or identified as weak" },
|
|
41
|
+
defaultConfiguration: { level: "error" },
|
|
42
|
+
},
|
|
43
|
+
],
|
|
44
|
+
},
|
|
45
|
+
},
|
|
46
|
+
results: sarifResults,
|
|
47
|
+
},
|
|
48
|
+
],
|
|
49
|
+
};
|
|
50
|
+
return JSON.stringify(report, null, 2);
|
|
51
|
+
}
|
|
52
|
+
//# sourceMappingURL=sarif.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sarif.js","sourceRoot":"","sources":["../../src/output/sarif.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,MAAM,cAAc,GAA8B;IAChD,QAAQ,EAAE,OAAO;IACjB,IAAI,EAAE,OAAO;IACb,MAAM,EAAE,SAAS;IACjB,GAAG,EAAE,MAAM;IACX,IAAI,EAAE,MAAM;CACb,CAAC;AAoCF;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,OAAsB;IAChD,MAAM,YAAY,GAAkB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACtD,MAAM,EAAE,uBAAuB,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE;QACnG,KAAK,EAAE,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;QAClC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;QAC5B,YAAY,EAAE,EAAE,mBAAmB,EAAE,CAAC,CAAC,WAAW,EAAE;QACpD,UAAU,EAAE;YACV,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,QAAQ;YACzC,SAAS,EAAE,CAAC,CAAC,SAAS;SACvB;KACF,CAAC,CAAC,CAAC;IAEJ,MAAM,MAAM,GAAgB;QAC1B,OAAO,EAAE,OAAO;QAChB,OAAO,EAAE,sGAAsG;QAC/G,IAAI,EAAE;YACJ;gBACE,IAAI,EAAE;oBACJ,MAAM,EAAE;wBACN,IAAI,EAAE,uBAAuB;wBAC7B,OAAO,EAAE,OAAO;wBAChB,cAAc,EAAE,mDAAmD;wBACnE,KAAK,EAAE;4BACL;gCACE,EAAE,EAAE,qBAAqB;gCACzB,gBAAgB,EAAE,EAAE,IAAI,EAAE,2DAA2D,EAAE;gCACvF,oBAAoB,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE;6BACzC;yBACF;qBACF;iBACF;gBACD,OAAO,EAAE,YAAY;aACtB;SACF;KACF,CAAC;IAEF,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACzC,CAAC"}
|
|
@@ -0,0 +1,141 @@
|
|
|
1
|
+
export declare enum KeyProvider {
|
|
2
|
+
OpenAI = "OpenAI",
|
|
3
|
+
OpenAIService = "OpenAI Service Account",
|
|
4
|
+
Anthropic = "Anthropic",
|
|
5
|
+
AWS = "AWS",
|
|
6
|
+
GitHubPAT = "GitHub PAT",
|
|
7
|
+
GitHubFineGrained = "GitHub Fine-Grained",
|
|
8
|
+
StripeLive = "Stripe Live",
|
|
9
|
+
StripeTest = "Stripe Test",
|
|
10
|
+
GoogleAPI = "Google API",
|
|
11
|
+
SlackBot = "Slack Bot",
|
|
12
|
+
SlackUser = "Slack User",
|
|
13
|
+
SendGrid = "SendGrid",
|
|
14
|
+
Twilio = "Twilio",
|
|
15
|
+
Mailgun = "Mailgun",
|
|
16
|
+
DiscordBot = "Discord Bot",
|
|
17
|
+
TelegramBot = "Telegram Bot",
|
|
18
|
+
GitLabPAT = "GitLab PAT",
|
|
19
|
+
GitLabPipeline = "GitLab Pipeline",
|
|
20
|
+
NpmToken = "npm Token",
|
|
21
|
+
PyPIToken = "PyPI Token",
|
|
22
|
+
ShopifyPrivate = "Shopify Private",
|
|
23
|
+
ShopifyAccess = "Shopify Access",
|
|
24
|
+
DigitalOceanPAT = "DigitalOcean PAT",
|
|
25
|
+
DigitalOceanOAuth = "DigitalOcean OAuth",
|
|
26
|
+
Supabase = "Supabase",
|
|
27
|
+
HashiCorpVault = "HashiCorp Vault",
|
|
28
|
+
TerraformCloud = "Terraform Cloud",
|
|
29
|
+
PlanetScale = "PlanetScale",
|
|
30
|
+
Postman = "Postman",
|
|
31
|
+
GrafanaService = "Grafana Service",
|
|
32
|
+
Linear = "Linear",
|
|
33
|
+
Netlify = "Netlify",
|
|
34
|
+
DopplerServiceToken = "Doppler Service Token",
|
|
35
|
+
DopplerServiceAccount = "Doppler Service Account",
|
|
36
|
+
Buildkite = "Buildkite",
|
|
37
|
+
Atlassian = "Atlassian",
|
|
38
|
+
Figma = "Figma",
|
|
39
|
+
CircleCI = "CircleCI",
|
|
40
|
+
Notion = "Notion",
|
|
41
|
+
Unknown = "Unknown"
|
|
42
|
+
}
|
|
43
|
+
export type Encoding = "base64" | "hex" | "base62" | "alphanumeric" | "mixed";
|
|
44
|
+
export interface EntropyResult {
|
|
45
|
+
shannonEntropy: number;
|
|
46
|
+
maxPossibleEntropy: number;
|
|
47
|
+
normalizedEntropy: number;
|
|
48
|
+
encoding: Encoding;
|
|
49
|
+
length: number;
|
|
50
|
+
warning: string | null;
|
|
51
|
+
}
|
|
52
|
+
export interface KeyIdentification {
|
|
53
|
+
provider: KeyProvider;
|
|
54
|
+
confidence: "high" | "medium" | "low";
|
|
55
|
+
description: string;
|
|
56
|
+
}
|
|
57
|
+
export interface LocalCheckResult {
|
|
58
|
+
identification: KeyIdentification;
|
|
59
|
+
entropy: EntropyResult;
|
|
60
|
+
warnings: string[];
|
|
61
|
+
looksLikeSecret: boolean;
|
|
62
|
+
}
|
|
63
|
+
export interface HibpPasswordResult {
|
|
64
|
+
checked: boolean;
|
|
65
|
+
found: boolean;
|
|
66
|
+
occurrences: number;
|
|
67
|
+
hashPrefix: string;
|
|
68
|
+
error: string | null;
|
|
69
|
+
}
|
|
70
|
+
export interface BreachEntry {
|
|
71
|
+
Name: string;
|
|
72
|
+
BreachDate: string;
|
|
73
|
+
DataClasses: string[];
|
|
74
|
+
}
|
|
75
|
+
export interface PasteEntry {
|
|
76
|
+
Source: string;
|
|
77
|
+
Id: string;
|
|
78
|
+
Title: string | null;
|
|
79
|
+
Date: string | null;
|
|
80
|
+
}
|
|
81
|
+
export interface StealerLogEntry {
|
|
82
|
+
Name: string;
|
|
83
|
+
Date: string;
|
|
84
|
+
}
|
|
85
|
+
export interface HibpEmailResult {
|
|
86
|
+
checked: boolean;
|
|
87
|
+
breaches: BreachEntry[];
|
|
88
|
+
stealerLogs: StealerLogEntry[];
|
|
89
|
+
pastes: PasteEntry[];
|
|
90
|
+
error: string | null;
|
|
91
|
+
}
|
|
92
|
+
export type RiskLevel = "critical" | "high" | "medium" | "low" | "info";
|
|
93
|
+
export type PluginInputKind = "secret" | "email" | "both";
|
|
94
|
+
export interface PluginCheckResult {
|
|
95
|
+
pluginId: string;
|
|
96
|
+
pluginName: string;
|
|
97
|
+
found: boolean;
|
|
98
|
+
details: string;
|
|
99
|
+
severity: RiskLevel;
|
|
100
|
+
error: string | null;
|
|
101
|
+
metadata?: Record<string, unknown>;
|
|
102
|
+
}
|
|
103
|
+
export interface VerificationResult {
|
|
104
|
+
provider: KeyProvider;
|
|
105
|
+
active: boolean;
|
|
106
|
+
details: string;
|
|
107
|
+
error: string | null;
|
|
108
|
+
endpoint: string;
|
|
109
|
+
}
|
|
110
|
+
export interface CheckResult {
|
|
111
|
+
local: LocalCheckResult;
|
|
112
|
+
hibpPassword: HibpPasswordResult | null;
|
|
113
|
+
hibpEmail: HibpEmailResult | null;
|
|
114
|
+
pluginResults: PluginCheckResult[];
|
|
115
|
+
verification: VerificationResult | null;
|
|
116
|
+
riskLevel: RiskLevel;
|
|
117
|
+
summary: string;
|
|
118
|
+
fingerprint: string;
|
|
119
|
+
timestamp: string;
|
|
120
|
+
}
|
|
121
|
+
export interface AuditEntry {
|
|
122
|
+
timestamp: string;
|
|
123
|
+
fingerprint: string;
|
|
124
|
+
provider: KeyProvider;
|
|
125
|
+
riskLevel: RiskLevel;
|
|
126
|
+
hibpFound: boolean | null;
|
|
127
|
+
summary: string;
|
|
128
|
+
}
|
|
129
|
+
export interface AppConfig {
|
|
130
|
+
hibpApiKey: string | null;
|
|
131
|
+
auditLogPath: string | null;
|
|
132
|
+
envFile?: string;
|
|
133
|
+
offline: boolean;
|
|
134
|
+
json: boolean;
|
|
135
|
+
verbose: boolean;
|
|
136
|
+
verify: boolean;
|
|
137
|
+
enabledPlugins: string[];
|
|
138
|
+
disabledPlugins: string[];
|
|
139
|
+
pluginApiKeys: Record<string, string>;
|
|
140
|
+
}
|
|
141
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,oBAAY,WAAW;IACrB,MAAM,WAAW;IACjB,aAAa,2BAA2B;IACxC,SAAS,cAAc;IACvB,GAAG,QAAQ;IACX,SAAS,eAAe;IACxB,iBAAiB,wBAAwB;IACzC,UAAU,gBAAgB;IAC1B,UAAU,gBAAgB;IAC1B,SAAS,eAAe;IACxB,QAAQ,cAAc;IACtB,SAAS,eAAe;IACxB,QAAQ,aAAa;IACrB,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,UAAU,gBAAgB;IAC1B,WAAW,iBAAiB;IAE5B,SAAS,eAAe;IACxB,cAAc,oBAAoB;IAClC,QAAQ,cAAc;IACtB,SAAS,eAAe;IACxB,cAAc,oBAAoB;IAClC,aAAa,mBAAmB;IAChC,eAAe,qBAAqB;IACpC,iBAAiB,uBAAuB;IACxC,QAAQ,aAAa;IACrB,cAAc,oBAAoB;IAClC,cAAc,oBAAoB;IAClC,WAAW,gBAAgB;IAC3B,OAAO,YAAY;IACnB,cAAc,oBAAoB;IAClC,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,mBAAmB,0BAA0B;IAC7C,qBAAqB,4BAA4B;IACjD,SAAS,cAAc;IACvB,SAAS,cAAc;IACvB,KAAK,UAAU;IACf,QAAQ,aAAa;IACrB,MAAM,WAAW;IACjB,OAAO,YAAY;CACpB;AAED,MAAM,MAAM,QAAQ,GAAG,QAAQ,GAAG,KAAK,GAAG,QAAQ,GAAG,cAAc,GAAG,OAAO,CAAC;AAE9E,MAAM,WAAW,aAAa;IAC5B,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,QAAQ,EAAE,QAAQ,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,WAAW,CAAC;IACtB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,gBAAgB;IAC/B,cAAc,EAAE,iBAAiB,CAAC;IAClC,OAAO,EAAE,aAAa,CAAC;IACvB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,eAAe,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,OAAO,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,WAAW,EAAE,eAAe,EAAE,CAAC;IAC/B,MAAM,EAAE,UAAU,EAAE,CAAC;IACrB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,MAAM,MAAM,SAAS,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAExE,MAAM,MAAM,eAAe,GAAG,QAAQ,GAAG,OAAO,GAAG,MAAM,CAAC;AAE1D,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,SAAS,CAAC;IACpB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,WAAW,CAAC;IACtB,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,gBAAgB,CAAC;IACxB,YAAY,EAAE,kBAAkB,GAAG,IAAI,CAAC;IACxC,SAAS,EAAE,eAAe,GAAG,IAAI,CAAC;IAClC,aAAa,EAAE,iBAAiB,EAAE,CAAC;IACnC,YAAY,EAAE,kBAAkB,GAAG,IAAI,CAAC;IACxC,SAAS,EAAE,SAAS,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,WAAW,CAAC;IACtB,SAAS,EAAE,SAAS,CAAC;IACrB,SAAS,EAAE,OAAO,GAAG,IAAI,CAAC;IAC1B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,SAAS;IACxB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACvC"}
|