guardrail-security 1.0.1 → 2.0.0

package/src/attack-surface/analyzer.ts

@@ -1,152 +0,0 @@
-import { prisma } from "@guardrail/database";
-
-export interface EntryPoint {
-  type: "http" | "graphql" | "websocket" | "grpc";
-  path: string;
-  method?: string;
-  file: string;
-  line: number;
-  authentication?: string;
-  rateLimit?: string;
-  parameters: ParameterInfo[];
-}
-
-export interface ParameterInfo {
-  name: string;
-  type: string;
-  required: boolean;
-  validated: boolean;
-}
-
-export interface APISecurityFinding {
-  category: string;
-  severity: "low" | "medium" | "high" | "critical";
-  endpoint: string;
-  description: string;
-  recommendation: string;
-}
-
-export interface AttackPath {
-  id: string;
-  entry: string;
-  steps: string[];
-  impact: string;
-  likelihood: "low" | "medium" | "high";
-}
-
-export interface AttackSurfaceAnalysisResult {
-  projectId: string;
-  summary: {
-    totalEntryPoints: number;
-    byType: Record<string, number>;
-    risksByLevel: Record<string, number>;
-  };
-  entryPoints: EntryPoint[];
-  attackPaths: AttackPath[];
-  apiFindings: APISecurityFinding[];
-}
-
-export class AttackSurfaceAnalyzer {
-  async analyzeProject(
-    projectPath: string,
-    projectId: string,
-  ): Promise<AttackSurfaceAnalysisResult> {
-    const entryPoints = await this.scanHTTPEndpoints(projectPath);
-    const apiFindings = await this.analyzeEndpoints(entryPoints);
-    const attackPaths = await this.buildAttackPaths(entryPoints, apiFindings);
-
-    const byType: Record<string, number> = {};
-    const risksByLevel: Record<string, number> = {};
-
-    for (const ep of entryPoints) {
-      byType[ep.type] = (byType[ep.type] || 0) + 1;
-    }
-
-    for (const finding of apiFindings) {
-      risksByLevel[finding.severity] =
-        (risksByLevel[finding.severity] || 0) + 1;
-    }
-
-    const result: AttackSurfaceAnalysisResult = {
-      projectId,
-      summary: {
-        totalEntryPoints: entryPoints.length,
-        byType,
-        risksByLevel,
-      },
-      entryPoints,
-      attackPaths,
-      apiFindings,
-    };
-
-    await prisma.attackSurfaceAnalysis.create({
-      data: {
-        projectId,
-        summary: JSON.parse(JSON.stringify(result.summary)),
-        endpoints: JSON.parse(JSON.stringify(entryPoints)),
-        attackPaths: JSON.parse(JSON.stringify(attackPaths)),
-        apiFindings: JSON.parse(JSON.stringify(apiFindings)),
-      },
-    });
-
-    return result;
-  }
-
-  private async scanHTTPEndpoints(_projectPath: string): Promise<EntryPoint[]> {
-    // In production, would use AST parsing to find routes
-    return [];
-  }
-
-  private async analyzeEndpoints(
-    entryPoints: EntryPoint[],
-  ): Promise<APISecurityFinding[]> {
-    const findings: APISecurityFinding[] = [];
-
-    for (const ep of entryPoints) {
-      if (!ep.authentication) {
-        findings.push({
-          category: "Broken Authentication",
-          severity: "high",
-          endpoint: ep.path,
-          description: "No authentication detected",
-          recommendation: "Add authentication middleware",
-        });
-      }
-
-      if (!ep.rateLimit) {
-        findings.push({
-          category: "Unrestricted Resource Consumption",
-          severity: "medium",
-          endpoint: ep.path,
-          description: "No rate limiting detected",
-          recommendation: "Add rate limiting middleware",
-        });
-      }
-    }
-
-    return findings;
-  }
-
-  private async buildAttackPaths(
-    _entryPoints: EntryPoint[],
-    _findings: APISecurityFinding[],
-  ): Promise<AttackPath[]> {
-    return [];
-  }
-
-  async generateVisualization(
-    analysis: AttackSurfaceAnalysisResult,
-  ): Promise<string> {
-    let mermaid = "graph TD\n";
-    mermaid += "  Start[External User]\n";
-
-    for (const ep of analysis.entryPoints) {
-      const epId = ep.path.replace(/[^a-zA-Z0-9]/g, "_");
-      mermaid += `  Start --> ${epId}[${ep.method} ${ep.path}]\n`;
-    }
-
-    return mermaid;
-  }
-}
-
-export const attackSurfaceAnalyzer = new AttackSurfaceAnalyzer();

package/src/attack-surface/index.ts

@@ -1,5 +0,0 @@
-/**
- * Attack Surface Analyzer
- */
-
-export * from './analyzer';

package/src/index.ts

@@ -1,21 +0,0 @@
-/**
- * Guardrail Security Package
- *
- * Comprehensive security layer including:
- * - Secrets & Credential Guardian
- * - Supply Chain Attack Detection
- * - License Compliance Engine
- * - Attack Surface Analyzer
- */
-
-export * from './secrets';
-export * from './supply-chain';
-export * from './license';
-export * from './attack-surface';
-export { 
-  SBOMGenerator, 
-  sbomGenerator,
-  type SBOMFormat,
-  type SBOMGeneratorOptions,
-  type SBOMDependency,
-} from './sbom';

package/src/languages/index.ts

@@ -1,91 +0,0 @@
-/**
- * Multi-Language Security Analysis
- *
- * Provides security analysis for multiple programming languages
- */
-
-export * from "./python-analyzer";
-export * from "./java-analyzer";
-
-export type SupportedLanguage =
-  | "javascript"
-  | "typescript"
-  | "python"
-  | "java"
-  | "go"
-  | "rust";
-
-export interface LanguageDetectionResult {
-  primaryLanguage: SupportedLanguage;
-  languages: { language: SupportedLanguage; percentage: number }[];
-  buildTools: string[];
-}
-
-/**
- * Detect project languages
- */
-export function detectProjectLanguages(
-  projectPath: string,
-): LanguageDetectionResult {
-  const { existsSync } = require("fs");
-  const { join } = require("path");
-
-  const languages: { language: SupportedLanguage; percentage: number }[] = [];
-  const buildTools: string[] = [];
-
-  // Check for JavaScript/TypeScript
-  if (existsSync(join(projectPath, "package.json"))) {
-    if (existsSync(join(projectPath, "tsconfig.json"))) {
-      languages.push({ language: "typescript", percentage: 0 });
-      buildTools.push("npm/yarn/pnpm");
-    } else {
-      languages.push({ language: "javascript", percentage: 0 });
-      buildTools.push("npm/yarn/pnpm");
-    }
-  }
-
-  // Check for Python
-  if (
-    existsSync(join(projectPath, "requirements.txt")) ||
-    existsSync(join(projectPath, "pyproject.toml")) ||
-    existsSync(join(projectPath, "Pipfile"))
-  ) {
-    languages.push({ language: "python", percentage: 0 });
-    buildTools.push("pip/poetry/pipenv");
-  }
-
-  // Check for Java
-  if (existsSync(join(projectPath, "pom.xml"))) {
-    languages.push({ language: "java", percentage: 0 });
-    buildTools.push("maven");
-  }
-  if (
-    existsSync(join(projectPath, "build.gradle")) ||
-    existsSync(join(projectPath, "build.gradle.kts"))
-  ) {
-    languages.push({ language: "java", percentage: 0 });
-    buildTools.push("gradle");
-  }
-
-  // Check for Go
-  if (existsSync(join(projectPath, "go.mod"))) {
-    languages.push({ language: "go", percentage: 0 });
-    buildTools.push("go");
-  }
-
-  // Check for Rust
-  if (existsSync(join(projectPath, "Cargo.toml"))) {
-    languages.push({ language: "rust", percentage: 0 });
-    buildTools.push("cargo");
-  }
-
-  // Determine primary language (first detected)
-  const primaryLanguage =
-    languages.length > 0 && languages[0] ? languages[0].language : "javascript";
-
-  return {
-    primaryLanguage,
-    languages,
-    buildTools: [...new Set(buildTools)],
-  };
-}