dotenv-diff 2.4.11 → 2.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +19 -3
- package/README.md +2 -2
- package/dist/src/cli/run.js +2 -1
- package/dist/src/cli/run.js.map +1 -1
- package/dist/src/commands/compare.d.ts.map +1 -1
- package/dist/src/commands/compare.js +8 -22
- package/dist/src/commands/compare.js.map +1 -1
- package/dist/src/commands/ensureFilesOrPrompt.d.ts +6 -0
- package/dist/src/commands/ensureFilesOrPrompt.d.ts.map +1 -1
- package/dist/src/commands/ensureFilesOrPrompt.js +1 -1
- package/dist/src/commands/ensureFilesOrPrompt.js.map +1 -1
- package/dist/src/commands/scanUsage.js +1 -1
- package/dist/src/commands/scanUsage.js.map +1 -1
- package/dist/src/config/types.d.ts +18 -0
- package/dist/src/config/types.d.ts.map +1 -1
- package/dist/src/core/compare/calculateStats.d.ts +19 -0
- package/dist/src/core/compare/calculateStats.d.ts.map +1 -0
- package/dist/src/core/compare/calculateStats.js +27 -0
- package/dist/src/core/compare/calculateStats.js.map +1 -0
- package/dist/src/core/compare/parseAndFilterEnv.d.ts +20 -0
- package/dist/src/core/compare/parseAndFilterEnv.d.ts.map +1 -0
- package/dist/src/core/compare/parseAndFilterEnv.js +22 -0
- package/dist/src/core/compare/parseAndFilterEnv.js.map +1 -0
- package/dist/src/core/compare/updateTotals.d.ts +22 -0
- package/dist/src/core/compare/updateTotals.d.ts.map +1 -0
- package/dist/src/core/compare/updateTotals.js +37 -0
- package/dist/src/core/compare/updateTotals.js.map +1 -0
- package/dist/src/core/defaultExcludeKeys.d.ts +7 -0
- package/dist/src/core/defaultExcludeKeys.d.ts.map +1 -0
- package/dist/src/core/diffEnv.d.ts +9 -0
- package/dist/src/core/diffEnv.d.ts.map +1 -1
- package/dist/src/core/diffEnv.js +2 -2
- package/dist/src/core/diffEnv.js.map +1 -1
- package/dist/src/core/filterIgnoredKeys.d.ts +5 -0
- package/dist/src/core/filterIgnoredKeys.d.ts.map +1 -1
- package/dist/src/core/filterIgnoredKeys.js +14 -1
- package/dist/src/core/filterIgnoredKeys.js.map +1 -1
- package/dist/src/core/fixEnv.d.ts +6 -0
- package/dist/src/core/fixEnv.d.ts.map +1 -1
- package/dist/src/core/fixEnv.js.map +1 -1
- package/dist/src/core/frameworks/nextJsRules.js +2 -2
- package/dist/src/core/frameworks/nextJsRules.js.map +1 -1
- package/dist/src/core/frameworks/sveltekitRules.d.ts.map +1 -1
- package/dist/src/core/frameworks/sveltekitRules.js +12 -0
- package/dist/src/core/frameworks/sveltekitRules.js.map +1 -1
- package/dist/src/core/patterns.d.ts +4 -5
- package/dist/src/core/patterns.d.ts.map +1 -1
- package/dist/src/core/patterns.js +4 -13
- package/dist/src/core/patterns.js.map +1 -1
- package/dist/src/core/scan/compareScan.d.ts +10 -0
- package/dist/src/core/scan/compareScan.d.ts.map +1 -0
- package/dist/src/core/scan/compareScan.js +19 -0
- package/dist/src/core/scan/compareScan.js.map +1 -0
- package/dist/src/core/scan/computeHealthScore.d.ts +8 -0
- package/dist/src/core/scan/computeHealthScore.d.ts.map +1 -0
- package/dist/src/core/scan/computeHealthScore.js +35 -0
- package/dist/src/core/scan/computeHealthScore.js.map +1 -0
- package/dist/src/core/scan/determineComparisonFile.d.ts +13 -0
- package/dist/src/core/scan/determineComparisonFile.d.ts.map +1 -0
- package/dist/src/core/scan/determineComparisonFile.js +33 -0
- package/dist/src/core/scan/determineComparisonFile.js.map +1 -0
- package/dist/src/core/scan/scanFile.d.ts +10 -0
- package/dist/src/core/scan/scanFile.d.ts.map +1 -0
- package/dist/src/core/scan/scanFile.js +65 -0
- package/dist/src/core/scan/scanFile.js.map +1 -0
- package/dist/src/core/security/secretDetectors.d.ts +3 -0
- package/dist/src/core/security/secretDetectors.d.ts.map +1 -1
- package/dist/src/core/security/secretDetectors.js +14 -36
- package/dist/src/core/security/secretDetectors.js.map +1 -1
- package/dist/src/services/envDiscovery.d.ts.map +1 -1
- package/dist/src/services/envDiscovery.js +9 -1
- package/dist/src/services/envDiscovery.js.map +1 -1
- package/dist/src/services/printScanResult.js +1 -1
- package/dist/src/services/printScanResult.js.map +1 -1
- package/dist/src/services/processComparisonFile.d.ts +3 -0
- package/dist/src/services/processComparisonFile.d.ts.map +1 -1
- package/dist/src/services/processComparisonFile.js +1 -1
- package/dist/src/services/processComparisonFile.js.map +1 -1
- package/dist/src/services/scanCodebase.js +1 -1
- package/dist/src/services/scanCodebase.js.map +1 -1
- package/dist/src/ui/scan/printHeader.js +1 -1
- package/dist/src/ui/scan/printHeader.js.map +1 -1
- package/dist/src/ui/scan/scanJsonOutput.js +1 -1
- package/dist/src/ui/scan/scanJsonOutput.js.map +1 -1
- package/package.json +1 -1
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* default exclude environment variable keys (not expected in .env files)
|
|
3
|
+
* But may be used in code.
|
|
4
|
+
*/
|
|
5
|
+
export declare const DEFAULT_EXCLUDE_KEYS: string[];
|
|
1
6
|
/**
|
|
2
7
|
* Filters out keys that are in the ignore list or match any of the ignore regex patterns.
|
|
3
8
|
* @param keys - The list of keys to filter.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"filterIgnoredKeys.d.ts","sourceRoot":"","sources":["../../../src/core/filterIgnoredKeys.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,MAAM,EAAE,EACd,MAAM,EAAE,MAAM,EAAE,EAChB,WAAW,EAAE,MAAM,EAAE,GACpB,MAAM,EAAE,CAIV"}
|
|
1
|
+
{"version":3,"file":"filterIgnoredKeys.d.ts","sourceRoot":"","sources":["../../../src/core/filterIgnoredKeys.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,eAAO,MAAM,oBAAoB,UAQhC,CAAC;AAEF;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,MAAM,EAAE,EACd,MAAM,EAAE,MAAM,EAAE,EAChB,WAAW,EAAE,MAAM,EAAE,GACpB,MAAM,EAAE,CAIV"}
|
|
@@ -1,3 +1,16 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* default exclude environment variable keys (not expected in .env files)
|
|
3
|
+
* But may be used in code.
|
|
4
|
+
*/
|
|
5
|
+
export const DEFAULT_EXCLUDE_KEYS = [
|
|
6
|
+
'NODE_ENV',
|
|
7
|
+
'VITE_MODE',
|
|
8
|
+
'MODE',
|
|
9
|
+
'BASE_URL',
|
|
10
|
+
'PROD',
|
|
11
|
+
'DEV',
|
|
12
|
+
'SSR',
|
|
13
|
+
];
|
|
1
14
|
/**
|
|
2
15
|
* Filters out keys that are in the ignore list or match any of the ignore regex patterns.
|
|
3
16
|
* @param keys - The list of keys to filter.
|
|
@@ -6,6 +19,6 @@
|
|
|
6
19
|
* @returns The filtered list of keys.
|
|
7
20
|
*/
|
|
8
21
|
export function filterIgnoredKeys(keys, ignore, ignoreRegex) {
|
|
9
|
-
return keys.filter((k) => !ignore.includes(k) && !ignoreRegex.some((rx) => rx.test(k)));
|
|
22
|
+
return keys.filter((k) => !ignore.includes(k) && !DEFAULT_EXCLUDE_KEYS.includes(k) && !ignoreRegex.some((rx) => rx.test(k)));
|
|
10
23
|
}
|
|
11
24
|
//# sourceMappingURL=filterIgnoredKeys.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"filterIgnoredKeys.js","sourceRoot":"","sources":["../../../src/core/filterIgnoredKeys.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAC/B,IAAc,EACd,MAAgB,EAChB,WAAqB;IAErB,OAAO,IAAI,CAAC,MAAM,CAChB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,
|
|
1
|
+
{"version":3,"file":"filterIgnoredKeys.js","sourceRoot":"","sources":["../../../src/core/filterIgnoredKeys.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,UAAU;IACV,WAAW;IACX,MAAM;IACN,UAAU;IACV,MAAM;IACN,KAAK;IACL,KAAK;CACN,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAC/B,IAAc,EACd,MAAgB,EAChB,WAAqB;IAErB,OAAO,IAAI,CAAC,MAAM,CAChB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CACzG,CAAC;AACJ,CAAC"}
|
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Options for applying fixes to environment files
|
|
3
|
+
*/
|
|
1
4
|
interface ApplyFixesOptions {
|
|
2
5
|
envPath: string;
|
|
3
6
|
examplePath: string;
|
|
@@ -5,6 +8,9 @@ interface ApplyFixesOptions {
|
|
|
5
8
|
duplicateKeys: string[];
|
|
6
9
|
ensureGitignore?: boolean;
|
|
7
10
|
}
|
|
11
|
+
/**
|
|
12
|
+
* Result of applying fixes to environment files
|
|
13
|
+
*/
|
|
8
14
|
interface FixResult {
|
|
9
15
|
removedDuplicates: string[];
|
|
10
16
|
addedEnv: string[];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fixEnv.d.ts","sourceRoot":"","sources":["../../../src/core/fixEnv.ts"],"names":[],"mappings":"AAKA,UAAU,iBAAiB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED,UAAU,SAAS;IACjB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,iBAAiB,GAAG;IACtD,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,SAAS,CAAC;CACnB,CA0FA"}
|
|
1
|
+
{"version":3,"file":"fixEnv.d.ts","sourceRoot":"","sources":["../../../src/core/fixEnv.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,UAAU,iBAAiB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;GAEG;AACH,UAAU,SAAS;IACjB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,iBAAiB,GAAG;IACtD,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,SAAS,CAAC;CACnB,CA0FA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fixEnv.js","sourceRoot":"","sources":["../../../src/core/fixEnv.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAC/E,OAAO,EAAE,8BAA8B,EAAE,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"fixEnv.js","sourceRoot":"","sources":["../../../src/core/fixEnv.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAC/E,OAAO,EAAE,8BAA8B,EAAE,MAAM,wBAAwB,CAAC;AAuBxE;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,UAAU,CAAC,OAA0B;IAInD,MAAM,EACJ,OAAO,EACP,WAAW,EACX,WAAW,GAAG,EAAE,EAChB,aAAa,GAAG,EAAE,EAClB,eAAe,GAAG,KAAK,GACxB,GAAG,OAAO,CAAC;IAEZ,MAAM,MAAM,GAAc;QACxB,iBAAiB,EAAE,EAAE;QACrB,QAAQ,EAAE,EAAE;QACZ,YAAY,EAAE,EAAE;QAChB,gBAAgB,EAAE,KAAK;KACxB,CAAC;IAEF,4BAA4B;IAC5B,IAAI,aAAa,CAAC,MAAM,EAAE,CAAC;QACzB,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;QAE5C,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC5D,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAC/B,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,sDAAsD;QACtD,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3C,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,IAAI,KAAK,SAAS;gBAAE,SAAS;YAEjC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC9C,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC3B,IAAI,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC1B,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;wBAAE,SAAS,CAAC,iBAAiB;oBAC9C,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAChB,CAAC;YACH,CAAC;YACD,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACzB,CAAC;QAED,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAC/C,MAAM,CAAC,iBAAiB,GAAG,aAAa,CAAC;IAC3C,CAAC;IAED,mCAAmC;IACnC,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,UAAU,GACd,OAAO;YACP,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;YACpC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;YAC1C,IAAI,CAAC;QACP,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACtC,MAAM,CAAC,QAAQ,GAAG,WAAW,CAAC;IAChC,CAAC;IAED,2CAA2C;IAC3C,IAAI,WAAW,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;QACtC,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QACxD,MAAM,cAAc,GAAG,IAAI,GAAG,CAC5B,SAAS;aACN,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;aAClC,MAAM,CAAC,OAAO,CAAC,CACnB,CAAC;QACF,MAAM,cAAc,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAEzE,IAAI,cAAc,CAAC,MAAM,EAAE,CAAC;YAC1B,MAAM,YAAY,GAChB,SAAS;gBACT,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;gBACtC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;gBACzB,IAAI,CAAC;YACP,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;YAC5C,MAAM,CAAC,YAAY,GAAG,cAAc,CAAC;QACvC,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,CAAC,gBAAgB,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,OAAO,GACX,MAAM,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC;QACnC,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;QAC1B,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;QAC9B,MAAM,CAAC,gBAAgB,CAAC;IAE1B,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;AAC7B,CAAC;AAED;;;;;;GAMG;AACH,SAAS,qBAAqB,CAAC,OAAe;IAC5C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;QAEtC,IAAI,CAAC,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;YACpC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACvD,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAG,iBAAiB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC;QAE1E,2BAA2B;QAC3B,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,uBAAuB;QACvB,MAAM,QAAQ,GAAG,8BAA8B,CAAC;QAEhD,IAAI,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YACjC,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;YACvD,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YAElE,MAAM,eAAe,GAAG,QAAQ,CAAC,MAAM,CACrC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAC,CAC9C,CAAC;YAEF,IAAI,eAAe,CAAC,MAAM,EAAE,CAAC;gBAC3B,MAAM,QAAQ,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;gBACxF,EAAE,CAAC,cAAc,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;gBAC3C,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;aAAM,CAAC;YACN,wBAAwB;YACxB,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;YAC5D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,MAAM,CAAC;QACP,8BAA8B;QAC9B,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}
|
|
@@ -52,10 +52,10 @@ export function applyNextJsRules(u, warnings, fileContentMap) {
|
|
|
52
52
|
}
|
|
53
53
|
// Warn if NEXT_PUBLIC_ contains sensitive keywords
|
|
54
54
|
if (u.variable.startsWith('NEXT_PUBLIC_') &&
|
|
55
|
-
/SECRET|PRIVATE|
|
|
55
|
+
/SECRET|PRIVATE|PASSWORD/.test(u.variable)) {
|
|
56
56
|
warnings.push({
|
|
57
57
|
variable: u.variable,
|
|
58
|
-
reason: '
|
|
58
|
+
reason: 'Potential sensitive environment variable exposed to the browser',
|
|
59
59
|
file: normalizedFile,
|
|
60
60
|
line: u.line,
|
|
61
61
|
framework: 'nextjs',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"nextJsRules.js","sourceRoot":"","sources":["../../../../src/core/frameworks/nextJsRules.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAE9D;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAC9B,CAAW,EACX,QAA4B,EAC5B,cAAoC;IAEpC,2DAA2D;IAC3D,MAAM,cAAc,GAAG,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAE7C,sBAAsB;IACtB,IAAI,cAAc,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC9C,OAAO;IACT,CAAC;IAED,6DAA6D;IAC7D,IAAI,iBAAiB,GAAG,KAAK,CAAC;IAC9B,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,WAAW,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC/C,IAAI,WAAW,EAAE,CAAC;YAChB,mDAAmD;YACnD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnE,iBAAiB;gBACf,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC;oBACrC,iBAAiB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IACD,wDAAwD;IACxD,MAAM,uBAAuB,GAC3B,eAAe,CAAC,IAAI,CAAC,cAAc,CAAC;QACpC,CAAC,oBAAoB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAE7C,iBAAiB,KAAK,uBAAuB,CAAC;IAE9C,iDAAiD;IACjD,IAAI,iBAAiB,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAChE,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,gDAAgD;YACxD,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,SAAS,EAAE,QAAQ;SACpB,CAAC,CAAC;QACH,OAAO,CAAC,6CAA6C;IACvD,CAAC;IAED,oCAAoC;IACpC,IAAI,CAAC,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;QACpC,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,6DAA6D;YACrE,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,SAAS,EAAE,QAAQ;SACpB,CAAC,CAAC;QACH,OAAO,CAAC,6CAA6C;IACvD,CAAC;IAED,mDAAmD;IACnD,IACE,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,cAAc,CAAC;QACrC,
|
|
1
|
+
{"version":3,"file":"nextJsRules.js","sourceRoot":"","sources":["../../../../src/core/frameworks/nextJsRules.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAE9D;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAC9B,CAAW,EACX,QAA4B,EAC5B,cAAoC;IAEpC,2DAA2D;IAC3D,MAAM,cAAc,GAAG,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAE7C,sBAAsB;IACtB,IAAI,cAAc,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC9C,OAAO;IACT,CAAC;IAED,6DAA6D;IAC7D,IAAI,iBAAiB,GAAG,KAAK,CAAC;IAC9B,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,WAAW,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC/C,IAAI,WAAW,EAAE,CAAC;YAChB,mDAAmD;YACnD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnE,iBAAiB;gBACf,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC;oBACrC,iBAAiB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IACD,wDAAwD;IACxD,MAAM,uBAAuB,GAC3B,eAAe,CAAC,IAAI,CAAC,cAAc,CAAC;QACpC,CAAC,oBAAoB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAE7C,iBAAiB,KAAK,uBAAuB,CAAC;IAE9C,iDAAiD;IACjD,IAAI,iBAAiB,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAChE,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,gDAAgD;YACxD,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,SAAS,EAAE,QAAQ;SACpB,CAAC,CAAC;QACH,OAAO,CAAC,6CAA6C;IACvD,CAAC;IAED,oCAAoC;IACpC,IAAI,CAAC,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;QACpC,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,6DAA6D;YACrE,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,SAAS,EAAE,QAAQ;SACpB,CAAC,CAAC;QACH,OAAO,CAAC,6CAA6C;IACvD,CAAC;IAED,mDAAmD;IACnD,IACE,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,cAAc,CAAC;QACrC,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,EAC1C,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,iEAAiE;YACzE,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,SAAS,EAAE,QAAQ;SACpB,CAAC,CAAC;QACH,OAAO,CAAC,6CAA6C;IACvD,CAAC;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sveltekitRules.d.ts","sourceRoot":"","sources":["../../../../src/core/frameworks/sveltekitRules.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAGxE;;;;GAIG;AACH,wBAAgB,mBAAmB,CACjC,CAAC,EAAE,QAAQ,EACX,QAAQ,EAAE,gBAAgB,EAAE,GAC3B,IAAI,
|
|
1
|
+
{"version":3,"file":"sveltekitRules.d.ts","sourceRoot":"","sources":["../../../../src/core/frameworks/sveltekitRules.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAGxE;;;;GAIG;AACH,wBAAgB,mBAAmB,CACjC,CAAC,EAAE,QAAQ,EACX,QAAQ,EAAE,gBAAgB,EAAE,GAC3B,IAAI,CA0JN"}
|
|
@@ -122,5 +122,17 @@ export function applySvelteKitRules(u, warnings) {
|
|
|
122
122
|
});
|
|
123
123
|
return;
|
|
124
124
|
}
|
|
125
|
+
// Warn if PUBLIC_ or VITE_ contains sensitive keywords
|
|
126
|
+
if ((u.variable.startsWith('PUBLIC_') || u.variable.startsWith('VITE_')) &&
|
|
127
|
+
/SECRET|PRIVATE|PASSWORD/.test(u.variable)) {
|
|
128
|
+
warnings.push({
|
|
129
|
+
variable: u.variable,
|
|
130
|
+
reason: 'Potential sensitive environment variable exposed to the browser',
|
|
131
|
+
file: normalizedFile,
|
|
132
|
+
line: u.line,
|
|
133
|
+
framework: 'sveltekit',
|
|
134
|
+
});
|
|
135
|
+
return; // Stop processing other rules for this usage
|
|
136
|
+
}
|
|
125
137
|
}
|
|
126
138
|
//# sourceMappingURL=sveltekitRules.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sveltekitRules.js","sourceRoot":"","sources":["../../../../src/core/frameworks/sveltekitRules.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAE9D;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CACjC,CAAW,EACX,QAA4B;IAE5B,2DAA2D;IAC3D,MAAM,cAAc,GAAG,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAE7C,sBAAsB;IACtB,IAAI,cAAc,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC9C,OAAO;IACT,CAAC;IAED,MAAM,YAAY;IAChB,+BAA+B;IAC/B,cAAc,CAAC,QAAQ,CAAC,WAAW,CAAC;QACpC,cAAc,CAAC,QAAQ,CAAC,UAAU,CAAC;QACnC,0CAA0C;QAC1C,oCAAoC,CAAC,IAAI,CAAC,cAAc,CAAC;QACzD,6BAA6B;QAC7B,oBAAoB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAE5C,MAAM,YAAY,GAChB,CAAC,cAAc,CAAC,QAAQ,CAAC,UAAU,CAAC;QACpC,CAAC,cAAc,CAAC,QAAQ,CAAC,gBAAgB,CAAC;YACxC,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC;YAClC,cAAc,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;IAE1C,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAEtD,kBAAkB;IAClB,IAAI,CAAC,CAAC,OAAO,KAAK,iBAAiB,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACvE,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,oEAAoE;YAC5E,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,SAAS,EAAE,WAAW;SACvB,CAAC,CAAC;QACH,OAAO,CAAC,6CAA6C;IACvD,CAAC;IAED,cAAc;IACd,IAAI,CAAC,CAAC,OAAO,KAAK,aAAa,EAAE,CAAC;QAChC,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,MAAM,EAAE,iDAAiD;gBACzD,IAAI,EAAE,cAAc;gBACpB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,SAAS,EAAE,WAAW;aACvB,CAAC,CAAC;YACH,OAAO;QACT,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,IACE,CAAC,CAAC,OAAO,KAAK,WAAW;QACzB,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,sBAAsB,CAAC;QAC3C,CAAC,YAAY,IAAI,YAAY,CAAC,EAC9B,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,yDAAyD;YACjE,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,SAAS,EAAE,WAAW;SACvB,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IACE,CAAC,CAAC,OAAO,KAAK,WAAW;QACzB,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,sBAAsB,CAAC;QAC3C,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,EAChC,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,8DAA8D;YACtE,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,SAAS,EAAE,WAAW;SACvB,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,qBAAqB;IACrB,IACE,CAAC,CAAC,OAAO,KAAK,WAAW;QACzB,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,qBAAqB,CAAC;QAC1C,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,EACjC,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,yDAAyD;YACjE,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,SAAS,EAAE,WAAW;SACvB,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,sBAAsB;IACtB,IAAI,CAAC,CAAC,OAAO,KAAK,WAAW,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAC5E,IAAI,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrC,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,MAAM,EAAE,6DAA6D;gBACrE,IAAI,EAAE,cAAc;gBACpB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,SAAS,EAAE,WAAW;aACvB,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,YAAY,IAAI,YAAY,EAAE,CAAC;YACjC,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,MAAM,EAAE,kEAAkE;gBAC1E,IAAI,EAAE,cAAc;gBACpB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,SAAS,EAAE,WAAW;aACvB,CAAC,CAAC;YACH,OAAO;QACT,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,IACE,CAAC,CAAC,OAAO,KAAK,WAAW;QACzB,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,oBAAoB,CAAC;QACzC,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,EACjC,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,wDAAwD;YAChE,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,SAAS,EAAE,WAAW;SACvB,CAAC,CAAC;QACH,OAAO;IACT,CAAC;AACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"sveltekitRules.js","sourceRoot":"","sources":["../../../../src/core/frameworks/sveltekitRules.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAE9D;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CACjC,CAAW,EACX,QAA4B;IAE5B,2DAA2D;IAC3D,MAAM,cAAc,GAAG,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAE7C,sBAAsB;IACtB,IAAI,cAAc,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC9C,OAAO;IACT,CAAC;IAED,MAAM,YAAY;IAChB,+BAA+B;IAC/B,cAAc,CAAC,QAAQ,CAAC,WAAW,CAAC;QACpC,cAAc,CAAC,QAAQ,CAAC,UAAU,CAAC;QACnC,0CAA0C;QAC1C,oCAAoC,CAAC,IAAI,CAAC,cAAc,CAAC;QACzD,6BAA6B;QAC7B,oBAAoB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAE5C,MAAM,YAAY,GAChB,CAAC,cAAc,CAAC,QAAQ,CAAC,UAAU,CAAC;QACpC,CAAC,cAAc,CAAC,QAAQ,CAAC,gBAAgB,CAAC;YACxC,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC;YAClC,cAAc,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;IAE1C,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAEtD,kBAAkB;IAClB,IAAI,CAAC,CAAC,OAAO,KAAK,iBAAiB,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACvE,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,oEAAoE;YAC5E,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,SAAS,EAAE,WAAW;SACvB,CAAC,CAAC;QACH,OAAO,CAAC,6CAA6C;IACvD,CAAC;IAED,cAAc;IACd,IAAI,CAAC,CAAC,OAAO,KAAK,aAAa,EAAE,CAAC;QAChC,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,MAAM,EAAE,iDAAiD;gBACzD,IAAI,EAAE,cAAc;gBACpB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,SAAS,EAAE,WAAW;aACvB,CAAC,CAAC;YACH,OAAO;QACT,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,IACE,CAAC,CAAC,OAAO,KAAK,WAAW;QACzB,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,sBAAsB,CAAC;QAC3C,CAAC,YAAY,IAAI,YAAY,CAAC,EAC9B,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,yDAAyD;YACjE,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,SAAS,EAAE,WAAW;SACvB,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IACE,CAAC,CAAC,OAAO,KAAK,WAAW;QACzB,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,sBAAsB,CAAC;QAC3C,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,EAChC,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,8DAA8D;YACtE,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,SAAS,EAAE,WAAW;SACvB,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,qBAAqB;IACrB,IACE,CAAC,CAAC,OAAO,KAAK,WAAW;QACzB,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,qBAAqB,CAAC;QAC1C,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,EACjC,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,yDAAyD;YACjE,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,SAAS,EAAE,WAAW;SACvB,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,sBAAsB;IACtB,IAAI,CAAC,CAAC,OAAO,KAAK,WAAW,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAC5E,IAAI,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrC,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,MAAM,EAAE,6DAA6D;gBACrE,IAAI,EAAE,cAAc;gBACpB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,SAAS,EAAE,WAAW;aACvB,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,YAAY,IAAI,YAAY,EAAE,CAAC;YACjC,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,MAAM,EAAE,kEAAkE;gBAC1E,IAAI,EAAE,cAAc;gBACpB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,SAAS,EAAE,WAAW;aACvB,CAAC,CAAC;YACH,OAAO;QACT,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,IACE,CAAC,CAAC,OAAO,KAAK,WAAW;QACzB,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,oBAAoB,CAAC;QACzC,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,EACjC,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,wDAAwD;YAChE,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,SAAS,EAAE,WAAW;SACvB,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,uDAAuD;IACrD,IACA,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACpE,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,EAC1C,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,iEAAiE;YACzE,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,SAAS,EAAE,WAAW;SACvB,CAAC,CAAC;QACH,OAAO,CAAC,6CAA6C;IACvD,CAAC;AACH,CAAC"}
|
|
@@ -1,3 +1,7 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Framework-specific regex patterns for detecting environment variable usage
|
|
3
|
+
* across different runtimes and frameworks.
|
|
4
|
+
*/
|
|
1
5
|
export declare const ENV_PATTERNS: ({
|
|
2
6
|
name: "process.env";
|
|
3
7
|
regex: RegExp;
|
|
@@ -10,9 +14,4 @@ export declare const ENV_PATTERNS: ({
|
|
|
10
14
|
})[];
|
|
11
15
|
export declare const DEFAULT_INCLUDE_EXTENSIONS: string[];
|
|
12
16
|
export declare const DEFAULT_EXCLUDE_PATTERNS: string[];
|
|
13
|
-
/**
|
|
14
|
-
* default exclude environment variable keys (not expected in .env files)
|
|
15
|
-
* But may be used in code.
|
|
16
|
-
*/
|
|
17
|
-
export declare const DEFAULT_EXCLUDE_KEYS: string[];
|
|
18
17
|
//# sourceMappingURL=patterns.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../../src/core/patterns.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../../src/core/patterns.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,eAAO,MAAM,YAAY;;;;;;;;;IA4CxB,CAAC;AAGF,eAAO,MAAM,0BAA0B,UAStC,CAAC;AAGF,eAAO,MAAM,wBAAwB,UAiBpC,CAAC"}
|
|
@@ -1,4 +1,7 @@
|
|
|
1
|
-
|
|
1
|
+
/**
|
|
2
|
+
* Framework-specific regex patterns for detecting environment variable usage
|
|
3
|
+
* across different runtimes and frameworks.
|
|
4
|
+
*/
|
|
2
5
|
export const ENV_PATTERNS = [
|
|
3
6
|
// process.env.X
|
|
4
7
|
{
|
|
@@ -66,16 +69,4 @@ export const DEFAULT_EXCLUDE_PATTERNS = [
|
|
|
66
69
|
'__tests__',
|
|
67
70
|
'__mocks__',
|
|
68
71
|
];
|
|
69
|
-
/**
|
|
70
|
-
* default exclude environment variable keys (not expected in .env files)
|
|
71
|
-
* But may be used in code.
|
|
72
|
-
*/
|
|
73
|
-
export const DEFAULT_EXCLUDE_KEYS = [
|
|
74
|
-
'NODE_ENV',
|
|
75
|
-
'MODE',
|
|
76
|
-
'BASE_URL',
|
|
77
|
-
'PROD',
|
|
78
|
-
'DEV',
|
|
79
|
-
'SSR',
|
|
80
|
-
];
|
|
81
72
|
//# sourceMappingURL=patterns.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../../src/core/patterns.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../../src/core/patterns.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,gBAAgB;IAChB;QACE,IAAI,EAAE,aAAsB;QAC5B,KAAK,EAAE,mCAAmC;KAC3C;IAED,oBAAoB;IACpB;QACE,IAAI,EAAE,iBAA0B;QAChC,KAAK,EAAE,wCAAwC;KAChD;IAED,iCAAiC;IACjC,gDAAgD;IAChD,mDAAmD;IACnD;QACE,IAAI,EAAE,WAAoB;QAC1B,KAAK,EACH,2FAA2F;KAC9F;IAED,+BAA+B;IAC/B,uEAAuE;IACvE;QACE,IAAI,EAAE,WAAoB;QAC1B,KAAK,EAAE,oCAAoC;KAC5C;IAED,oDAAoD;IACpD,8CAA8C;IAC9C;QACE,IAAI,EAAE,WAAoB;QAC1B,KAAK,EACH,4FAA4F;KAC/F;IAED,8DAA8D;IAC9D,iCAAiC;IACjC;QACE,IAAI,EAAE,WAAoB;QAC1B,KAAK,EACH,6FAA6F;KAChG;CACF,CAAC;AAEF,8CAA8C;AAC9C,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,KAAK;IACL,KAAK;IACL,MAAM;IACN,MAAM;IACN,MAAM;IACN,SAAS;IACT,MAAM;IACN,MAAM;CACP,CAAC;AAEF,yCAAyC;AACzC,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,cAAc;IACd,YAAY;IACZ,aAAa;IACb,UAAU;IACV,MAAM;IACN,OAAO;IACP,OAAO;IACP,OAAO;IACP,UAAU;IACV,MAAM;IACN,SAAS;IACT,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,WAAW;IACX,WAAW;CACZ,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import type { ScanResult } from '../../config/types.js';
|
|
2
|
+
/**
|
|
3
|
+
* Compares the scan result with the environment variables.
|
|
4
|
+
* This function identifies missing and unused environment variables.
|
|
5
|
+
* @param scanResult - The result of the scan.
|
|
6
|
+
* @param envVariables - The environment variables to compare against.
|
|
7
|
+
* @returns The comparison result.
|
|
8
|
+
*/
|
|
9
|
+
export declare function compareWithEnvFiles(scanResult: ScanResult, envVariables: Record<string, string | undefined>): ScanResult;
|
|
10
|
+
//# sourceMappingURL=compareScan.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"compareScan.d.ts","sourceRoot":"","sources":["../../../../src/core/scan/compareScan.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAExD;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CACjC,UAAU,EAAE,UAAU,EACtB,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,GAC/C,UAAU,CAYZ"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Compares the scan result with the environment variables.
|
|
3
|
+
* This function identifies missing and unused environment variables.
|
|
4
|
+
* @param scanResult - The result of the scan.
|
|
5
|
+
* @param envVariables - The environment variables to compare against.
|
|
6
|
+
* @returns The comparison result.
|
|
7
|
+
*/
|
|
8
|
+
export function compareWithEnvFiles(scanResult, envVariables) {
|
|
9
|
+
const usedVariables = new Set(scanResult.used.map((u) => u.variable));
|
|
10
|
+
const envKeys = new Set(Object.keys(envVariables));
|
|
11
|
+
const missing = [...usedVariables].filter((v) => !envKeys.has(v));
|
|
12
|
+
const unused = [...envKeys].filter((v) => !usedVariables.has(v));
|
|
13
|
+
return {
|
|
14
|
+
...scanResult,
|
|
15
|
+
missing,
|
|
16
|
+
unused,
|
|
17
|
+
};
|
|
18
|
+
}
|
|
19
|
+
//# sourceMappingURL=compareScan.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"compareScan.js","sourceRoot":"","sources":["../../../../src/core/scan/compareScan.ts"],"names":[],"mappings":"AAEA;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CACjC,UAAsB,EACtB,YAAgD;IAEhD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IACtE,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;IAEnD,MAAM,OAAO,GAAG,CAAC,GAAG,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAClE,MAAM,MAAM,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAEjE,OAAO;QACL,GAAG,UAAU;QACb,OAAO;QACP,MAAM;KACP,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import type { ScanResult } from '../../config/types.js';
|
|
2
|
+
/**
|
|
3
|
+
* Computes a health score based on the scan results.
|
|
4
|
+
* @param scan - The result of the scan.
|
|
5
|
+
* @returns The computed health score as a number between 0 and 100.
|
|
6
|
+
*/
|
|
7
|
+
export declare function computeHealthScore(scan: ScanResult): number;
|
|
8
|
+
//# sourceMappingURL=computeHealthScore.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"computeHealthScore.d.ts","sourceRoot":"","sources":["../../../../src/core/scan/computeHealthScore.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAExD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,CAwC3D"}
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Computes a health score based on the scan results.
|
|
3
|
+
* @param scan - The result of the scan.
|
|
4
|
+
* @returns The computed health score as a number between 0 and 100.
|
|
5
|
+
*/
|
|
6
|
+
export function computeHealthScore(scan) {
|
|
7
|
+
let score = 100;
|
|
8
|
+
// === 1. Secrets detected ===
|
|
9
|
+
const highSecrets = scan.secrets?.filter((s) => s.severity === 'high') ?? [];
|
|
10
|
+
const medSecrets = scan.secrets?.filter((s) => s.severity === 'medium') ?? [];
|
|
11
|
+
score -= highSecrets.length * 20;
|
|
12
|
+
score -= medSecrets.length * 10;
|
|
13
|
+
// === 2. Missing environment variables ===
|
|
14
|
+
score -= scan.missing.length * 20;
|
|
15
|
+
// === 3. Uppercase naming issues ===
|
|
16
|
+
score -= (scan.uppercaseWarnings?.length ?? 0) * 2;
|
|
17
|
+
// === 4. Console logging ===
|
|
18
|
+
score -= (scan.logged?.length ?? 0) * 10;
|
|
19
|
+
// === 5. Unused vars (less important) ===
|
|
20
|
+
score -= (scan.unused?.length ?? 0) * 1;
|
|
21
|
+
// === 6. Framework warnings ===
|
|
22
|
+
score -= (scan.frameworkWarnings?.length ?? 0) * 5;
|
|
23
|
+
// === 7. Example secrets ===
|
|
24
|
+
score -= (scan.exampleWarnings?.length ?? 0) * 10;
|
|
25
|
+
// === 8. Expiration warnings ===
|
|
26
|
+
score -= (scan.expireWarnings?.length ?? 0) * 5;
|
|
27
|
+
// === 9. Inconsistent naming warnings ===
|
|
28
|
+
score -= (scan.inconsistentNamingWarnings?.length ?? 0) * 3;
|
|
29
|
+
// === 10. Duplicate definitions ===
|
|
30
|
+
score -= (scan.duplicates?.env?.length ?? 0) * 10;
|
|
31
|
+
score -= (scan.duplicates?.example?.length ?? 0) * 10;
|
|
32
|
+
// Never go below 0 or above 100
|
|
33
|
+
return Math.max(0, Math.min(100, score));
|
|
34
|
+
}
|
|
35
|
+
//# sourceMappingURL=computeHealthScore.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"computeHealthScore.js","sourceRoot":"","sources":["../../../../src/core/scan/computeHealthScore.ts"],"names":[],"mappings":"AAEA;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAgB;IACjD,IAAI,KAAK,GAAG,GAAG,CAAC;IAEhB,8BAA8B;IAC9B,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC;IAC7E,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,IAAI,EAAE,CAAC;IAE9E,KAAK,IAAI,WAAW,CAAC,MAAM,GAAG,EAAE,CAAC;IACjC,KAAK,IAAI,UAAU,CAAC,MAAM,GAAG,EAAE,CAAC;IAEhC,2CAA2C;IAC3C,KAAK,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC;IAElC,qCAAqC;IACrC,KAAK,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAEnD,6BAA6B;IAC7B,KAAK,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;IAEzC,0CAA0C;IAC1C,KAAK,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAExC,gCAAgC;IAChC,KAAK,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAEnD,6BAA6B;IAC7B,KAAK,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;IAElD,iCAAiC;IACjC,KAAK,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAEhD,0CAA0C;IAC1C,KAAK,IAAI,CAAC,IAAI,CAAC,0BAA0B,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAE5D,oCAAoC;IACpC,KAAK,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;IAClD,KAAK,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;IAEtD,gCAAgC;IAChC,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;AAC3C,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import type { ScanUsageOptions } from '../../config/types.js';
|
|
2
|
+
type ComparisonFile = {
|
|
3
|
+
path: string;
|
|
4
|
+
name: string;
|
|
5
|
+
};
|
|
6
|
+
/**
|
|
7
|
+
* Determines which file to use for comparison based on provided options
|
|
8
|
+
* @param {ScanUsageOptions} opts - Scan configuration options
|
|
9
|
+
* @returns Comparison file info with absolute path and basename, or undefined if not found
|
|
10
|
+
*/
|
|
11
|
+
export declare function determineComparisonFile(opts: ScanUsageOptions): ComparisonFile | undefined;
|
|
12
|
+
export {};
|
|
13
|
+
//# sourceMappingURL=determineComparisonFile.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"determineComparisonFile.d.ts","sourceRoot":"","sources":["../../../../src/core/scan/determineComparisonFile.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAI9D,KAAK,cAAc,GAAG;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd,CAAC;AAEF;;;;GAIG;AACH,wBAAgB,uBAAuB,CACrC,IAAI,EAAE,gBAAgB,GACrB,cAAc,GAAG,SAAS,CA0B5B"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
import fs from 'fs';
|
|
2
|
+
import path from 'path';
|
|
3
|
+
import { resolveFromCwd } from '../helpers/resolveFromCwd.js';
|
|
4
|
+
import { DEFAULT_ENV_CANDIDATES } from '../../config/constants.js';
|
|
5
|
+
/**
|
|
6
|
+
* Determines which file to use for comparison based on provided options
|
|
7
|
+
* @param {ScanUsageOptions} opts - Scan configuration options
|
|
8
|
+
* @returns Comparison file info with absolute path and basename, or undefined if not found
|
|
9
|
+
*/
|
|
10
|
+
export function determineComparisonFile(opts) {
|
|
11
|
+
// Priority: explicit flags first, then auto-discovery
|
|
12
|
+
if (opts.examplePath) {
|
|
13
|
+
const p = resolveFromCwd(opts.cwd, opts.examplePath);
|
|
14
|
+
if (fs.existsSync(p)) {
|
|
15
|
+
return { path: p, name: path.basename(opts.examplePath) };
|
|
16
|
+
}
|
|
17
|
+
}
|
|
18
|
+
if (opts.envPath) {
|
|
19
|
+
const p = resolveFromCwd(opts.cwd, opts.envPath);
|
|
20
|
+
if (fs.existsSync(p)) {
|
|
21
|
+
return { path: p, name: path.basename(opts.envPath) };
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
// Auto-discovery: look for common env files relative to cwd
|
|
25
|
+
for (const candidate of DEFAULT_ENV_CANDIDATES) {
|
|
26
|
+
const fullPath = path.resolve(opts.cwd, candidate);
|
|
27
|
+
if (fs.existsSync(fullPath)) {
|
|
28
|
+
return { path: fullPath, name: candidate };
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
return undefined;
|
|
32
|
+
}
|
|
33
|
+
//# sourceMappingURL=determineComparisonFile.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"determineComparisonFile.js","sourceRoot":"","sources":["../../../../src/core/scan/determineComparisonFile.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AAOnE;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CACrC,IAAsB;IAEtB,sDAAsD;IAEtD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,MAAM,CAAC,GAAG,cAAc,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QACrD,IAAI,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YACrB,OAAO,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,MAAM,CAAC,GAAG,cAAc,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YACrB,OAAO,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,KAAK,MAAM,SAAS,IAAI,sBAAsB,EAAE,CAAC;QAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACnD,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QAC7C,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import type { EnvUsage, ScanOptions } from '../../config/types.js';
|
|
2
|
+
/**
|
|
3
|
+
* Scans a file for environment variable usage.
|
|
4
|
+
* @param filePath - The path to the file being scanned.
|
|
5
|
+
* @param content - The content of the file.
|
|
6
|
+
* @param opts - The scan options.
|
|
7
|
+
* @returns An array of environment variable usages found in the file.
|
|
8
|
+
*/
|
|
9
|
+
export declare function scanFile(filePath: string, content: string, opts: ScanOptions): EnvUsage[];
|
|
10
|
+
//# sourceMappingURL=scanFile.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scanFile.d.ts","sourceRoot":"","sources":["../../../../src/core/scan/scanFile.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAKnE;;;;;;GAMG;AACH,wBAAgB,QAAQ,CACtB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,WAAW,GAChB,QAAQ,EAAE,CAsEZ"}
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
import path from 'path';
|
|
2
|
+
import { ENV_PATTERNS } from '../patterns.js';
|
|
3
|
+
import { hasIgnoreComment } from '../security/secretDetectors.js';
|
|
4
|
+
import { normalizePath } from '../helpers/normalizePath.js';
|
|
5
|
+
/**
|
|
6
|
+
* Scans a file for environment variable usage.
|
|
7
|
+
* @param filePath - The path to the file being scanned.
|
|
8
|
+
* @param content - The content of the file.
|
|
9
|
+
* @param opts - The scan options.
|
|
10
|
+
* @returns An array of environment variable usages found in the file.
|
|
11
|
+
*/
|
|
12
|
+
export function scanFile(filePath, content, opts) {
|
|
13
|
+
const usages = [];
|
|
14
|
+
const lines = content.split('\n');
|
|
15
|
+
// Get relative path from cwd corss-platform compatible
|
|
16
|
+
const relativePath = normalizePath(path.relative(opts.cwd, filePath));
|
|
17
|
+
// Collect all $env imports used in this file
|
|
18
|
+
const envImports = [];
|
|
19
|
+
const importRegex = /import\s+(?:\{[^}]*\}|\w+)\s+from\s+['"](\$env\/(?:static|dynamic)\/(?:private|public))['"]/g;
|
|
20
|
+
let importMatch;
|
|
21
|
+
while ((importMatch = importRegex.exec(content)) !== null) {
|
|
22
|
+
if (importMatch[1]) {
|
|
23
|
+
envImports.push(importMatch[1]);
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
for (const pattern of ENV_PATTERNS) {
|
|
27
|
+
let match;
|
|
28
|
+
const regex = new RegExp(pattern.regex.source, pattern.regex.flags);
|
|
29
|
+
while ((match = regex.exec(content)) !== null) {
|
|
30
|
+
const variable = match[1];
|
|
31
|
+
if (!variable)
|
|
32
|
+
continue;
|
|
33
|
+
const matchIndex = match.index;
|
|
34
|
+
// Find line and column
|
|
35
|
+
const beforeMatch = content.substring(0, matchIndex);
|
|
36
|
+
const lineNumber = beforeMatch.split('\n').length;
|
|
37
|
+
const lastNewlineIndex = beforeMatch.lastIndexOf('\n');
|
|
38
|
+
const column = lastNewlineIndex === -1
|
|
39
|
+
? matchIndex + 1
|
|
40
|
+
: matchIndex - lastNewlineIndex;
|
|
41
|
+
// Get the context (the actual line)
|
|
42
|
+
const contextLine = lines[lineNumber - 1] ?? '';
|
|
43
|
+
// Determine previous line for ignore detection
|
|
44
|
+
const prevLine = lines[lineNumber - 2] ?? '';
|
|
45
|
+
const isIgnored = hasIgnoreComment(contextLine) || hasIgnoreComment(prevLine);
|
|
46
|
+
// If usage is ignored, skip it entirely
|
|
47
|
+
if (isIgnored)
|
|
48
|
+
continue;
|
|
49
|
+
// Check if console.log
|
|
50
|
+
const isLogged = /\bconsole\.(log|error|warn|info|debug)\s*\(/.test(contextLine);
|
|
51
|
+
usages.push({
|
|
52
|
+
variable,
|
|
53
|
+
file: relativePath,
|
|
54
|
+
line: lineNumber,
|
|
55
|
+
column,
|
|
56
|
+
pattern: pattern.name,
|
|
57
|
+
imports: envImports,
|
|
58
|
+
context: contextLine,
|
|
59
|
+
isLogged,
|
|
60
|
+
});
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
return usages;
|
|
64
|
+
}
|
|
65
|
+
//# sourceMappingURL=scanFile.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scanFile.js","sourceRoot":"","sources":["../../../../src/core/scan/scanFile.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAE5D;;;;;;GAMG;AACH,MAAM,UAAU,QAAQ,CACtB,QAAgB,EAChB,OAAe,EACf,IAAiB;IAEjB,MAAM,MAAM,GAAe,EAAE,CAAC;IAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,uDAAuD;IACvD,MAAM,YAAY,GAAG,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC;IAEtE,6CAA6C;IAC7C,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,MAAM,WAAW,GACf,8FAA8F,CAAC;IAEjG,IAAI,WAAmC,CAAC;IAExC,OAAO,CAAC,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC1D,IAAI,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;YACnB,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAED,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;QACnC,IAAI,KAA6B,CAAC;QAClC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEpE,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,IAAI,CAAC,QAAQ;gBAAE,SAAS;YACxB,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC;YAE/B,uBAAuB;YACvB,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;YACrD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAClD,MAAM,gBAAgB,GAAG,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,MAAM,GACV,gBAAgB,KAAK,CAAC,CAAC;gBACrB,CAAC,CAAC,UAAU,GAAG,CAAC;gBAChB,CAAC,CAAC,UAAU,GAAG,gBAAgB,CAAC;YAEpC,oCAAoC;YACpC,MAAM,WAAW,GAAG,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YAEhD,+CAA+C;YAC/C,MAAM,QAAQ,GAAG,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YAE7C,MAAM,SAAS,GACb,gBAAgB,CAAC,WAAW,CAAC,IAAI,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAE9D,wCAAwC;YACxC,IAAI,SAAS;gBAAE,SAAS;YAExB,uBAAuB;YACvB,MAAM,QAAQ,GAAG,6CAA6C,CAAC,IAAI,CACjE,WAAW,CACZ,CAAC;YAEF,MAAM,CAAC,IAAI,CAAC;gBACV,QAAQ;gBACR,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,UAAU;gBAChB,MAAM;gBACN,OAAO,EAAE,OAAO,CAAC,IAAI;gBACrB,OAAO,EAAE,UAAU;gBACnB,OAAO,EAAE,WAAW;gBACpB,QAAQ;aACT,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secretDetectors.d.ts","sourceRoot":"","sources":["../../../../src/core/security/secretDetectors.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;
|
|
1
|
+
{"version":3,"file":"secretDetectors.d.ts","sourceRoot":"","sources":["../../../../src/core/security/secretDetectors.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAEvD;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,SAAS,GAAG,SAAS,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,cAAc,CAAC;CAC1B,CAAC;AAGF,eAAO,MAAM,eAAe,QAC6E,CAAC;AAG1G,eAAO,MAAM,iBAAiB,EAAE,MAAM,EAYrC,CAAC;AAoDF;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAUtD;AAmGD;;;;;GAKG;AACH,wBAAgB,qBAAqB,CACnC,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EACd,IAAI,CAAC,EAAE;IAAE,UAAU,CAAC,EAAE,MAAM,EAAE,CAAA;CAAE,GAC/B,aAAa,EAAE,CAiIjB"}
|
|
@@ -15,7 +15,9 @@ export const PROVIDER_PATTERNS = [
|
|
|
15
15
|
/\beyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\b/, // JWT token
|
|
16
16
|
/\bAC[0-9a-fA-F]{32}\b/, // Twilio Account SID
|
|
17
17
|
];
|
|
18
|
+
// Regex for detecting long literals
|
|
18
19
|
const LONG_LITERAL = /["'`]{1}([A-Za-z0-9+/_\-]{24,})["'`]{1}/g;
|
|
20
|
+
// Regex for detecting HTTPS URLs
|
|
19
21
|
const HTTPS_PATTERN = /["'`](https?:\/\/(?!localhost)[^"'`]*)["'`]/g;
|
|
20
22
|
// List of harmless URL patterns to ignore
|
|
21
23
|
const HARMLESS_URLS = [
|
|
@@ -27,13 +29,9 @@ const HARMLESS_URLS = [
|
|
|
27
29
|
];
|
|
28
30
|
// Known harmless attribute keys commonly used in UI / analytics
|
|
29
31
|
const HARMLESS_ATTRIBUTE_KEYS = /\b(trackingId|trackingContext|data-testid|data-test|aria-label)\b/i;
|
|
30
|
-
// Checks if a line is an HTML text node
|
|
31
32
|
// Checks if a line is an HTML text node or tag
|
|
32
33
|
function isHtmlTextNode(line) {
|
|
33
34
|
const trimmed = line.trim();
|
|
34
|
-
// Empty line
|
|
35
|
-
if (!trimmed)
|
|
36
|
-
return false;
|
|
37
35
|
// Starts with <tag> and ends with </tag> with text inside
|
|
38
36
|
// OR is a self-contained HTML tag (even without closing tag on same line)
|
|
39
37
|
return ((/^<[^>]+>[^<]*<\/[^>]+>$/.test(trimmed) &&
|
|
@@ -42,38 +40,17 @@ function isHtmlTextNode(line) {
|
|
|
42
40
|
);
|
|
43
41
|
}
|
|
44
42
|
/**
|
|
45
|
-
* Determines the severity of
|
|
46
|
-
*
|
|
47
|
-
* @param
|
|
48
|
-
* @param literalLength The length of the literal string (if applicable)
|
|
43
|
+
* Determines the severity of an entropy-based secret finding.
|
|
44
|
+
* Note: This function assumes literalLength >= 32 (filtered before calling).
|
|
45
|
+
* @param literalLength The length of the literal string
|
|
49
46
|
* @returns The severity level of the secret finding
|
|
50
47
|
*/
|
|
51
|
-
function
|
|
52
|
-
// HIGH:
|
|
53
|
-
if (
|
|
54
|
-
return 'high';
|
|
55
|
-
}
|
|
56
|
-
// HIGH: Very high-entropy long strings
|
|
57
|
-
if (kind === 'entropy' && literalLength && literalLength >= 48) {
|
|
48
|
+
function determineEntropySeverity(literalLength) {
|
|
49
|
+
// HIGH: Very high-entropy long strings (48+ chars)
|
|
50
|
+
if (literalLength >= 48) {
|
|
58
51
|
return 'high';
|
|
59
52
|
}
|
|
60
|
-
// MEDIUM:
|
|
61
|
-
if (message.includes('password/secret/token-like')) {
|
|
62
|
-
return 'medium';
|
|
63
|
-
}
|
|
64
|
-
// MEDIUM: Medium high-entropy strings
|
|
65
|
-
if (kind === 'entropy' && literalLength && literalLength >= 32) {
|
|
66
|
-
return 'medium';
|
|
67
|
-
}
|
|
68
|
-
// MEDIUM: HTTP URLs
|
|
69
|
-
if (message.includes('HTTP URL detected')) {
|
|
70
|
-
return 'medium';
|
|
71
|
-
}
|
|
72
|
-
// LOW: HTTPS URLs
|
|
73
|
-
if (message.includes('HTTPS URL detected')) {
|
|
74
|
-
return 'low';
|
|
75
|
-
}
|
|
76
|
-
// Default to medium if we can't determine
|
|
53
|
+
// MEDIUM: Medium high-entropy strings (32-47 chars)
|
|
77
54
|
return 'medium';
|
|
78
55
|
}
|
|
79
56
|
/**
|
|
@@ -203,7 +180,7 @@ export function detectSecretsInSource(file, source, opts) {
|
|
|
203
180
|
HTTPS_PATTERN.lastIndex = 0;
|
|
204
181
|
let httpsMatch;
|
|
205
182
|
while ((httpsMatch = HTTPS_PATTERN.exec(line))) {
|
|
206
|
-
const url = httpsMatch[1]
|
|
183
|
+
const url = httpsMatch[1];
|
|
207
184
|
if (url && !looksHarmlessLiteral(url)) {
|
|
208
185
|
if (ignoreUrlsMatch(url, opts?.ignoreUrls))
|
|
209
186
|
continue;
|
|
@@ -264,7 +241,7 @@ export function detectSecretsInSource(file, source, opts) {
|
|
|
264
241
|
LONG_LITERAL.lastIndex = 0;
|
|
265
242
|
let lm;
|
|
266
243
|
while ((lm = LONG_LITERAL.exec(line))) {
|
|
267
|
-
const literal = lm[1]
|
|
244
|
+
const literal = lm[1];
|
|
268
245
|
if (looksHarmlessLiteral(literal))
|
|
269
246
|
continue;
|
|
270
247
|
if (literal.length < 32)
|
|
@@ -278,7 +255,7 @@ export function detectSecretsInSource(file, source, opts) {
|
|
|
278
255
|
kind: 'entropy',
|
|
279
256
|
message,
|
|
280
257
|
snippet: line.trim().slice(0, 180),
|
|
281
|
-
severity:
|
|
258
|
+
severity: determineEntropySeverity(literal.length),
|
|
282
259
|
});
|
|
283
260
|
}
|
|
284
261
|
}
|
|
@@ -286,7 +263,8 @@ export function detectSecretsInSource(file, source, opts) {
|
|
|
286
263
|
const uniqueFindings = findings.filter((f, idx, arr) => idx ===
|
|
287
264
|
arr.findIndex((other) => other.file === f.file &&
|
|
288
265
|
other.line === f.line &&
|
|
289
|
-
other.snippet === f.snippet
|
|
266
|
+
other.snippet === f.snippet &&
|
|
267
|
+
other.kind === f.kind));
|
|
290
268
|
return uniqueFindings;
|
|
291
269
|
}
|
|
292
270
|
//# sourceMappingURL=secretDetectors.js.map
|