guardvibe 0.10.0 → 0.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/data/rules/ai-security.d.ts +3 -0
- package/build/data/rules/ai-security.d.ts.map +1 -0
- package/build/data/rules/ai-security.js +52 -0
- package/build/data/rules/ai-security.js.map +1 -0
- package/build/data/rules/auth.d.ts.map +1 -1
- package/build/data/rules/auth.js +25 -0
- package/build/data/rules/auth.js.map +1 -1
- package/build/data/rules/core.js +5 -5
- package/build/data/rules/core.js.map +1 -1
- package/build/data/rules/database.d.ts.map +1 -1
- package/build/data/rules/database.js +12 -0
- package/build/data/rules/database.js.map +1 -1
- package/build/data/rules/index.d.ts.map +1 -1
- package/build/data/rules/index.js +8 -0
- package/build/data/rules/index.js.map +1 -1
- package/build/data/rules/nextjs.d.ts.map +1 -1
- package/build/data/rules/nextjs.js +12 -0
- package/build/data/rules/nextjs.js.map +1 -1
- package/build/data/rules/shell.d.ts +3 -0
- package/build/data/rules/shell.d.ts.map +1 -0
- package/build/data/rules/shell.js +63 -0
- package/build/data/rules/shell.js.map +1 -0
- package/build/data/rules/sql.d.ts +3 -0
- package/build/data/rules/sql.d.ts.map +1 -0
- package/build/data/rules/sql.js +51 -0
- package/build/data/rules/sql.js.map +1 -0
- package/build/data/rules/supply-chain.d.ts +3 -0
- package/build/data/rules/supply-chain.d.ts.map +1 -0
- package/build/data/rules/supply-chain.js +28 -0
- package/build/data/rules/supply-chain.js.map +1 -0
- package/build/data/secret-patterns.js +1 -1
- package/build/data/secret-patterns.js.map +1 -1
- package/build/index.js +2 -2
- package/build/index.js.map +1 -1
- package/build/tools/check-code.d.ts.map +1 -1
- package/build/tools/check-code.js +4 -3
- package/build/tools/check-code.js.map +1 -1
- package/build/tools/export-sarif.js +1 -1
- package/build/tools/export-sarif.js.map +1 -1
- package/package.json +2 -2
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ai-security.d.ts","sourceRoot":"","sources":["../../../src/data/rules/ai-security.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,eAAe,EAAE,YAAY,EA6DzC,CAAC"}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
// Security rules for AI/LLM applications (Vercel AI SDK, OpenAI, Anthropic)
|
|
2
|
+
export const aiSecurityRules = [
|
|
3
|
+
{
|
|
4
|
+
id: "VG850",
|
|
5
|
+
name: "AI Prompt Injection via User Input",
|
|
6
|
+
severity: "critical",
|
|
7
|
+
owasp: "A02:2025 Injection",
|
|
8
|
+
description: "User input interpolated directly into LLM system prompt. Attackers can manipulate AI behavior via prompt injection.",
|
|
9
|
+
pattern: /(?:system|systemPrompt|system_prompt|systemMessage)\s*[:=]\s*(?:`[^`]*\$\{|['"][^'"]*['"]\s*\+)/gi,
|
|
10
|
+
languages: ["javascript", "typescript"],
|
|
11
|
+
fix: "Never interpolate user input into system prompts. Pass user input as a separate user message.",
|
|
12
|
+
fixCode: '// WRONG: system: `You are a helper. Context: ${userInput}`\n// CORRECT: separate user input from system prompt\nconst result = await generateText({\n model,\n system: "You are a helpful assistant.",\n prompt: userInput, // user input in user message, not system\n});',
|
|
13
|
+
compliance: ["SOC2:CC7.1"],
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
id: "VG851",
|
|
17
|
+
name: "AI System Prompt Leaked in Error Response",
|
|
18
|
+
severity: "high",
|
|
19
|
+
owasp: "A07:2025 Sensitive Data Exposure",
|
|
20
|
+
description: "System prompt or AI configuration returned in error responses. This leaks proprietary instructions to users.",
|
|
21
|
+
pattern: /catch\s*\([^)]*\)\s*\{[\s\S]{0,500}?(?:Response\.json|res\.json|res\.send|return[\s\S]{0,30}?json)\s*\([\s\S]{0,200}?(?:system_?[Pp]rompt|SYSTEM_PROMPT|systemMessage)/g,
|
|
22
|
+
languages: ["javascript", "typescript"],
|
|
23
|
+
fix: "Never include system prompts in error responses. Return generic error messages.",
|
|
24
|
+
fixCode: 'catch (error) {\n console.error("AI error:", error);\n return Response.json({ error: "An error occurred" }, { status: 500 });\n}',
|
|
25
|
+
compliance: ["SOC2:CC6.1"],
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
id: "VG852",
|
|
29
|
+
name: "LLM Output Rendered as Unescaped HTML",
|
|
30
|
+
severity: "high",
|
|
31
|
+
owasp: "A02:2025 Injection",
|
|
32
|
+
description: "AI-generated content rendered via innerHTML without sanitization. LLMs can be tricked into generating malicious HTML/JavaScript. This is a security rule detector.",
|
|
33
|
+
pattern: /(?:useChat|useCompletion|message|completion|response|result)[\s\S]{0,300}?(?:dangerouslySetInnerHTML|\.innerHTML)\s*(?:=|:)/g,
|
|
34
|
+
languages: ["javascript", "typescript"],
|
|
35
|
+
fix: "Never render LLM output as raw HTML. Use a markdown renderer with XSS protection or sanitize with DOMPurify.",
|
|
36
|
+
fixCode: "// Use a safe markdown renderer\nimport ReactMarkdown from 'react-markdown';\n<ReactMarkdown>{message.content}</ReactMarkdown>",
|
|
37
|
+
compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.7"],
|
|
38
|
+
},
|
|
39
|
+
{
|
|
40
|
+
id: "VG853",
|
|
41
|
+
name: "AI Tool Execute With Unsanitized Input",
|
|
42
|
+
severity: "critical",
|
|
43
|
+
owasp: "A02:2025 Injection",
|
|
44
|
+
description: "AI SDK tool execute function uses LLM-generated parameters in raw SQL queries or shell commands. The LLM controls these values, making injection attacks possible.",
|
|
45
|
+
pattern: /execute\s*:\s*(?:async\s*)?\(\s*\{[^}]*\}\s*\)\s*=>[\s\S]{0,300}?(?:query\s*\(\s*`[^`]*\$\{|exec\s*\(|os\.system|subprocess)/g,
|
|
46
|
+
languages: ["javascript", "typescript"],
|
|
47
|
+
fix: "Always use parameterized queries and validated inputs inside AI tool execute functions.",
|
|
48
|
+
fixCode: 'const tools = {\n getUser: tool({\n parameters: z.object({ id: z.string().uuid() }),\n execute: async ({ id }) => {\n return db.query("SELECT name FROM users WHERE id = $1", [id]);\n },\n }),\n};',
|
|
49
|
+
compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
|
|
50
|
+
},
|
|
51
|
+
];
|
|
52
|
+
//# sourceMappingURL=ai-security.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ai-security.js","sourceRoot":"","sources":["../../../src/data/rules/ai-security.ts"],"names":[],"mappings":"AAEA,4EAA4E;AAC5E,MAAM,CAAC,MAAM,eAAe,GAAmB;IAC7C;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,oCAAoC;QAC1C,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,qHAAqH;QACvH,OAAO,EACL,mGAAmG;QACrG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,+FAA+F;QACpG,OAAO,EACL,gRAAgR;QAClR,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,2CAA2C;QACjD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,8GAA8G;QAChH,OAAO,EACL,yKAAyK;QAC3K,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iFAAiF;QACtF,OAAO,EACL,oIAAoI;QACtI,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uCAAuC;QAC7C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,oKAAoK;QACtK,OAAO,EACL,8HAA8H;QAChI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,8GAA8G;QACnH,OAAO,EACL,gIAAgI;QAClI,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,oKAAoK;QACtK,OAAO,EACL,+HAA+H;QACjI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,yFAAyF;QAC9F,OAAO,EACL,qNAAqN;QACvN,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;CACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/data/rules/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,SAAS,EAAE,YAAY,
|
|
1
|
+
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/data/rules/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,SAAS,EAAE,YAAY,EA0OnC,CAAC"}
|
package/build/data/rules/auth.js
CHANGED
|
@@ -87,6 +87,31 @@ export const authRules = [
|
|
|
87
87
|
fixCode: '// CORRECT: validates with Auth server\nconst { data: { user }, error } = await supabase.auth.getUser();\nif (error || !user) throw new Error("Unauthorized");',
|
|
88
88
|
compliance: ["SOC2:CC6.6"],
|
|
89
89
|
},
|
|
90
|
+
// Clerk-specific rules
|
|
91
|
+
{
|
|
92
|
+
id: "VG428",
|
|
93
|
+
name: "Clerk unsafeMetadata Used for Authorization",
|
|
94
|
+
severity: "high",
|
|
95
|
+
owasp: "A01:2025 Broken Access Control",
|
|
96
|
+
description: "unsafeMetadata is client-writable. Using it for role or permission checks allows users to escalate their own privileges.",
|
|
97
|
+
pattern: /unsafeMetadata\s*[\.\[]\s*["']?(?:role|admin|permission|isAdmin|access|level|tier)/gi,
|
|
98
|
+
languages: ["javascript", "typescript"],
|
|
99
|
+
fix: "Use publicMetadata (server-writable only) or Clerk Organizations for role-based access control.",
|
|
100
|
+
fixCode: '// WRONG: user.unsafeMetadata.role (client can modify!)\n// CORRECT: use publicMetadata (set server-side only)\nconst { user } = await currentUser();\nif (user.publicMetadata.role === "admin") { ... }\n\n// Or use Clerk Organizations\nconst { orgRole } = await auth();\nif (orgRole === "org:admin") { ... }',
|
|
101
|
+
compliance: ["SOC2:CC6.6"],
|
|
102
|
+
},
|
|
103
|
+
{
|
|
104
|
+
id: "VG429",
|
|
105
|
+
name: "Full Clerk User Object Passed to Client",
|
|
106
|
+
severity: "high",
|
|
107
|
+
owasp: "A07:2025 Sensitive Data Exposure",
|
|
108
|
+
description: "Full currentUser() object passed as prop to client component. This leaks privateMetadata and sensitive fields to the browser.",
|
|
109
|
+
pattern: /(?:await\s+)?currentUser\s*\(\s*\)[\s\S]{0,200}?<\w+[\s\S]{0,100}?user\s*=\s*\{/g,
|
|
110
|
+
languages: ["javascript", "typescript"],
|
|
111
|
+
fix: "Only pass specific safe fields to client components, never the full user object.",
|
|
112
|
+
fixCode: '// WRONG: <ClientComponent user={user} /> (leaks privateMetadata)\n// CORRECT: pick only needed fields\nconst user = await currentUser();\nconst safeUser = { id: user.id, name: user.firstName };\nreturn <ClientComponent user={safeUser} />;',
|
|
113
|
+
compliance: ["SOC2:CC6.1"],
|
|
114
|
+
},
|
|
90
115
|
// Supabase Auth specific rules
|
|
91
116
|
{
|
|
92
117
|
id: "VG440",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/data/rules/auth.ts"],"names":[],"mappings":"AAEA,+DAA+D;AAC/D,MAAM,CAAC,MAAM,SAAS,GAAmB;IACvC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,2BAA2B;QACjC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,8FAA8F;QAChG,OAAO,EACL,kPAAkP;QACpP,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,kFAAkF;QACvF,OAAO,EACL,iOAAiO;QACnO,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD,8EAA8E;IAC9E,mFAAmF;IACnF,uEAAuE;IACvE;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,0GAA0G;QAC5G,OAAO,EAAE,mDAAmD;QAC5D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,sFAAsF;QAC3F,OAAO,EACL,gIAAgI;QAClI,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,2GAA2G;QAC7G,OAAO,EAAE,6DAA6D;QACtE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4EAA4E;QACjF,OAAO,EACL,yHAAyH;QAC3H,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,CAAC;KAC7C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,8IAA8I;QAChJ,OAAO,EACL,4FAA4F;QAC9F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iFAAiF;QACtF,OAAO,EACL,iKAAiK;QACnK,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,gIAAgI;QAClI,OAAO,EACL,6GAA6G;QAC/G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iEAAiE;QACtE,OAAO,EACL,+MAA+M;QACjN,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,mCAAmC;QACzC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4EAA4E;QAC9E,OAAO,EACL,uNAAuN;QACzN,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,2DAA2D;QAChE,OAAO,EACL,8NAA8N;QAChO,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,6JAA6J;QAC/J,OAAO,EAAE,kCAAkC;QAC3C,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iDAAiD;QACtD,OAAO,EACL,gKAAgK;QAClK,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IAED,+BAA+B;IAC/B;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,iDAAiD;QACvD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,gJAAgJ;QAClJ,OAAO,EAAE,8HAA8H;QACvI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4IAA4I;QACjJ,OAAO,EACL,wMAAwM;QAC1M,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8CAA8C;QACpD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,gJAAgJ;QAClJ,OAAO,EAAE,6HAA6H;QACtI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,8DAA8D;QACnE,OAAO,EACL,4cAA4c;QAC9c,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,mDAAmD;QACzD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,6KAA6K;QAC/K,OAAO,EAAE,yJAAyJ;QAClK,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,2GAA2G;QAChH,OAAO,EACL,yeAAye;QAC3e,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,4CAA4C;QAClD,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yLAAyL;QAC3L,OAAO,EAAE,kEAAkE;QAC3E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,qFAAqF;QAC1F,OAAO,EACL,wLAAwL;QAC1L,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,yHAAyH;QAC3H,OAAO,EAAE,6GAA6G;QACtH,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,uEAAuE;QAC5E,UAAU,EAAE,CAAC,YAAY,EAAE,cAAc,CAAC;KAC3C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,4CAA4C;QAClD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,iJAAiJ;QACnJ,OAAO,EAAE,qIAAqI;QAC9I,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,gHAAgH;QACrH,OAAO,EACL,sNAAsN;QACxN,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,2KAA2K;QAC7K,OAAO,EAAE,sJAAsJ;QAC/J,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,kDAAkD;QACvD,OAAO,EACL,+ZAA+Z;QACja,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;CACF,CAAC"}
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/data/rules/auth.ts"],"names":[],"mappings":"AAEA,+DAA+D;AAC/D,MAAM,CAAC,MAAM,SAAS,GAAmB;IACvC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,2BAA2B;QACjC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,8FAA8F;QAChG,OAAO,EACL,kPAAkP;QACpP,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,kFAAkF;QACvF,OAAO,EACL,iOAAiO;QACnO,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD,8EAA8E;IAC9E,mFAAmF;IACnF,uEAAuE;IACvE;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,0GAA0G;QAC5G,OAAO,EAAE,mDAAmD;QAC5D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,sFAAsF;QAC3F,OAAO,EACL,gIAAgI;QAClI,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,2GAA2G;QAC7G,OAAO,EAAE,6DAA6D;QACtE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4EAA4E;QACjF,OAAO,EACL,yHAAyH;QAC3H,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,CAAC;KAC7C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,8IAA8I;QAChJ,OAAO,EACL,4FAA4F;QAC9F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iFAAiF;QACtF,OAAO,EACL,iKAAiK;QACnK,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,gIAAgI;QAClI,OAAO,EACL,6GAA6G;QAC/G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iEAAiE;QACtE,OAAO,EACL,+MAA+M;QACjN,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,mCAAmC;QACzC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4EAA4E;QAC9E,OAAO,EACL,uNAAuN;QACzN,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,2DAA2D;QAChE,OAAO,EACL,8NAA8N;QAChO,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,6JAA6J;QAC/J,OAAO,EAAE,kCAAkC;QAC3C,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iDAAiD;QACtD,OAAO,EACL,gKAAgK;QAClK,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IAED,uBAAuB;IACvB;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6CAA6C;QACnD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,0HAA0H;QAC5H,OAAO,EAAE,sFAAsF;QAC/F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iGAAiG;QACtG,OAAO,EACL,oTAAoT;QACtT,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,yCAAyC;QAC/C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,+HAA+H;QACjI,OAAO,EAAE,kFAAkF;QAC3F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,kFAAkF;QACvF,OAAO,EACL,iPAAiP;QACnP,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IAED,+BAA+B;IAC/B;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,iDAAiD;QACvD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,gJAAgJ;QAClJ,OAAO,EAAE,8HAA8H;QACvI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4IAA4I;QACjJ,OAAO,EACL,wMAAwM;QAC1M,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8CAA8C;QACpD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,gJAAgJ;QAClJ,OAAO,EAAE,6HAA6H;QACtI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,8DAA8D;QACnE,OAAO,EACL,4cAA4c;QAC9c,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,mDAAmD;QACzD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,6KAA6K;QAC/K,OAAO,EAAE,yJAAyJ;QAClK,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,2GAA2G;QAChH,OAAO,EACL,yeAAye;QAC3e,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,4CAA4C;QAClD,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yLAAyL;QAC3L,OAAO,EAAE,kEAAkE;QAC3E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,qFAAqF;QAC1F,OAAO,EACL,wLAAwL;QAC1L,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,yHAAyH;QAC3H,OAAO,EAAE,6GAA6G;QACtH,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,uEAAuE;QAC5E,UAAU,EAAE,CAAC,YAAY,EAAE,cAAc,CAAC;KAC3C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,4CAA4C;QAClD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,iJAAiJ;QACnJ,OAAO,EAAE,qIAAqI;QAC9I,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,gHAAgH;QACrH,OAAO,EACL,sNAAsN;QACxN,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,2KAA2K;QAC7K,OAAO,EAAE,sJAAsJ;QAC/J,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,kDAAkD;QACvD,OAAO,EACL,+ZAA+Z;QACja,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;CACF,CAAC"}
|
package/build/data/rules/core.js
CHANGED
|
@@ -7,7 +7,7 @@ export const coreRules = [
|
|
|
7
7
|
severity: "critical",
|
|
8
8
|
owasp: "A01:2025 Broken Access Control",
|
|
9
9
|
description: "Hardcoded passwords, API keys, or secrets detected in source code.",
|
|
10
|
-
pattern: /(?:secret_?key|api_?key|api_?secret|private_?key|access_?key|password|passwd|pwd|auth_?token)\w*\s*[:=]\s*['"][^'"]{3,}['"]/gi,
|
|
10
|
+
pattern: /(?:secret_?key|api_?key|api_?secret|private_?key|access_?key|password|passwd|pwd|auth_?token|jwt_?secret|app_?secret|master_?key|signing_?key|encryption_?key)\w*\s*[:=]\s*['"][^'"]{3,}['"]/gi,
|
|
11
11
|
languages: ["javascript", "typescript", "python", "go"],
|
|
12
12
|
fix: "Use environment variables (process.env.SECRET) or a secrets manager. Never commit credentials to source code.",
|
|
13
13
|
fixCode: "// Use environment variables instead\nconst password = process.env.DB_PASSWORD;\nconst apiKey = process.env.API_KEY;",
|
|
@@ -19,7 +19,7 @@ export const coreRules = [
|
|
|
19
19
|
severity: "critical",
|
|
20
20
|
owasp: "A01:2025 Broken Access Control",
|
|
21
21
|
description: "Cloud provider API key or token pattern detected in source code (AWS, GitHub, OpenAI, Stripe).",
|
|
22
|
-
pattern: /(?:AKIA[0-9A-Z]{16}|(?:ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9_]{36,}|sk-[A-Za-z0-9]{20,}|sk_live_[A-Za-z0-9]{
|
|
22
|
+
pattern: /(?:AKIA[0-9A-Z]{16}|(?:ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9_]{36,}|sk-[A-Za-z0-9]{20,}|sk_live_[A-Za-z0-9]{5,}|rk_live_[A-Za-z0-9]{5,})/g,
|
|
23
23
|
languages: ["javascript", "typescript", "python", "go", "html", "shell"],
|
|
24
24
|
fix: "Remove hardcoded keys immediately. Use environment variables or a secrets manager (AWS Secrets Manager, Vault). Rotate any compromised keys.",
|
|
25
25
|
fixCode: "// Store keys in environment variables\nconst awsKey = process.env.AWS_ACCESS_KEY_ID;\nconst githubToken = process.env.GITHUB_TOKEN;",
|
|
@@ -116,7 +116,7 @@ export const coreRules = [
|
|
|
116
116
|
severity: "critical",
|
|
117
117
|
owasp: "A02:2025 Injection",
|
|
118
118
|
description: "Dynamic code execution function detected. This can run arbitrary code and is a major security risk.",
|
|
119
|
-
pattern:
|
|
119
|
+
pattern: /(?:\beval\s*\(|new\s+Function\s*\()/gi,
|
|
120
120
|
languages: ["javascript", "typescript", "python"],
|
|
121
121
|
fix: "Avoid dynamic code execution. Use JSON.parse() for JSON data. Use a sandboxed environment if absolutely required.",
|
|
122
122
|
fixCode: "// Use JSON.parse for data\nconst data = JSON.parse(input);\n// Alternatives: use a proper parser for your data format\n// const fn = new " + "Function('x', 'return x * 2'); // only if absolutely needed",
|
|
@@ -184,7 +184,7 @@ export const coreRules = [
|
|
|
184
184
|
severity: "critical",
|
|
185
185
|
owasp: "A07:2025 Auth Failures",
|
|
186
186
|
description: "Using MD5 or SHA-1 for password hashing. These are fast hashes, not designed for passwords.",
|
|
187
|
-
pattern: /(?:createHash\s*\(\s*['"](?:md5|sha1)['"]\s*\)|(?:md5|sha1)\s*\.\s*(?:new|update|digest|hexdigest|Sum|New)\s*\(|import\s+(?:md5|sha1)|require\s*\(\s*['"](?:md5|sha1)['"]\s*\))/gi,
|
|
187
|
+
pattern: /(?:createHash\s*\(\s*['"](?:md5|sha1)['"]\s*\)|(?:md5|sha1)\s*\.\s*(?:new|update|digest|hexdigest|Sum|New)\s*\(|import\s+(?:md5|sha1)|require\s*\(\s*['"](?:md5|sha1)['"]\s*\)|hashlib\.(?:md5|sha1)\s*\()/gi,
|
|
188
188
|
languages: ["javascript", "typescript", "python", "go"],
|
|
189
189
|
fix: "Use bcrypt, scrypt, or argon2 for password hashing. Use at least 12 salt rounds.",
|
|
190
190
|
fixCode: "// Use bcrypt for password hashing\nimport bcrypt from 'bcrypt';\nconst hash = await bcrypt.hash(password, 12);\nconst valid = await bcrypt.compare(input, hash);",
|
|
@@ -208,7 +208,7 @@ export const coreRules = [
|
|
|
208
208
|
severity: "high",
|
|
209
209
|
owasp: "A08:2025 Data Integrity Failures",
|
|
210
210
|
description: "Deserializing untrusted data can lead to remote code execution.",
|
|
211
|
-
pattern: /(?:JSON\.parse\s*\(\s*(?:req\.|request\.|body))/gi,
|
|
211
|
+
pattern: /(?:JSON\.parse\s*\(\s*(?:req\.|request\.|body)|pickle\.loads?\s*\(|yaml\.(?:load|unsafe_load)\s*\()/gi,
|
|
212
212
|
languages: ["javascript", "typescript", "python"],
|
|
213
213
|
fix: "Validate all deserialized data with a schema (zod, joi) before processing.",
|
|
214
214
|
fixCode: "// Validate with schema after parsing\nimport { z } from 'zod';\nconst schema = z.object({ name: z.string() });\nconst data = schema.parse(JSON.parse(req.body));",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"core.js","sourceRoot":"","sources":["../../../src/data/rules/core.ts"],"names":[],"mappings":"AAEA,6EAA6E;AAC7E,6EAA6E;AAC7E,MAAM,CAAC,MAAM,SAAS,GAAmB;IACvC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,oEAAoE;QACjF,OAAO,EACL
|
|
1
|
+
{"version":3,"file":"core.js","sourceRoot":"","sources":["../../../src/data/rules/core.ts"],"names":[],"mappings":"AAEA,6EAA6E;AAC7E,6EAA6E;AAC7E,MAAM,CAAC,MAAM,SAAS,GAAmB;IACvC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,oEAAoE;QACjF,OAAO,EACL,gMAAgM;QAClM,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,+GAA+G;QACpH,OAAO,EAAE,sHAAsH;QAC/H,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,cAAc,EAAE,mBAAmB,CAAC;KAClF;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,gGAAgG;QAClG,OAAO,EACL,qIAAqI;QACvI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC;QACxE,GAAG,EAAE,8IAA8I;QACnJ,OAAO,EAAE,sIAAsI;QAC/I,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,oEAAoE;QACtE,OAAO,EACL,2GAA2G;QAC7G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,uJAAuJ;QAC5J,OAAO,EAAE,2HAA2H;QACpI,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,kEAAkE;QACpE,OAAO,EACL,yGAAyG;QAC3G,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,GAAG,EAAE,2IAA2I;QAChJ,OAAO,EAAE,4GAA4G;QACrH,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,+GAA+G;QACjH,OAAO,EACL,gQAAgQ;QAClQ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,6MAA6M;QAClN,OAAO,EAAE,oKAAoK;QAC7K,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,EAAE,mBAAmB,CAAC;KACpE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EAAE,wFAAwF;QACrG,OAAO,EACL,wRAAwR;QAC1R,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC;QAChE,GAAG,EAAE,0MAA0M;QAC/M,OAAO,EAAE,wHAAwH;QACjI,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,oFAAoF;QACtF,OAAO,EAAE,yEAAyE;QAClF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,MAAM,CAAC;QAC/C,GAAG,EAAE,qIAAqI;QAC1I,6FAA6F;QAC7F,OAAO,EAAE,qJAAqJ,GAAG,+CAA+C;QAChN,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,kHAAkH;QACpH,OAAO,EACL,qEAAqE;QACvE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,mKAAmK;QACxK,OAAO,EAAE,sHAAsH;QAC/H,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,8DAA8D;QAChE,OAAO,EACL,oGAAoG;QACtG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iIAAiI;QACtI,OAAO,EAAE,+JAA+J;QACxK,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,qGAAqG;QACvG,OAAO,EAAE,uCAAuC;QAChD,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,GAAG,EAAE,mHAAmH;QACxH,OAAO,EAAE,4IAA4I,GAAG,6DAA6D;QACrN,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,yCAAyC;QAChD,WAAW,EACT,8FAA8F;QAChG,OAAO,EAAE,2DAA2D;QACpE,SAAS,EAAE,CAAC,MAAM,CAAC;QACnB,GAAG,EAAE,8FAA8F;QACnG,OAAO,EAAE,sGAAsG;KAChH;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,0BAA0B;QACjC,WAAW,EACT,8FAA8F;QAChG,OAAO,EACL,qIAAqI;QACvI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,gKAAgK;QACrK,OAAO,EAAE,6IAA6I;KACvJ;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,2FAA2F;QAC7F,OAAO,EACL,+IAA+I;QACjJ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,gHAAgH;QACrH,OAAO,EAAE,yGAAyG;QAClH,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,6DAA6D;QAC1E,OAAO,EACL,kHAAkH;QACpH,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,GAAG,EAAE,uEAAuE;QAC5E,OAAO,EAAE,uFAAuF;KACjG;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,gDAAgD;QAC7D,OAAO,EAAE,yCAAyC;QAClD,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oEAAoE;QACzE,OAAO,EAAE,sFAAsF;KAChG;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EACT,6FAA6F;QAC/F,OAAO,EACL,8MAA8M;QAChN,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,kFAAkF;QACvF,OAAO,EAAE,mKAAmK;QAC5K,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,mBAAmB,CAAC;KACtF;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE,4CAA4C;QACzD,OAAO,EAAE,+CAA+C;QACxD,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,+EAA+E;QACpF,OAAO,EAAE,0FAA0F;QACnG,UAAU,EAAE,CAAC,YAAY,EAAE,cAAc,CAAC;KAC3C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,iEAAiE;QACnE,OAAO,EAAE,uGAAuG;QAChH,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,GAAG,EAAE,4EAA4E;QACjF,OAAO,EAAE,mKAAmK;QAC5K,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,2BAA2B;QAClC,WAAW,EACT,yEAAyE;QAC3E,OAAO,EACL,mGAAmG;QACrG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,2EAA2E;QAChF,OAAO,EAAE,oHAAoH;QAC7H,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,WAAW;QACjB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,eAAe;QACtB,WAAW,EACT,oFAAoF;QACtF,OAAO,EACL,6JAA6J;QAC/J,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,+EAA+E;QACpF,OAAO,EAAE,qLAAqL;QAC9L,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,0DAA0D;QACvE,OAAO,EACL,+FAA+F;QACjG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,+EAA+E;QACpF,OAAO,EAAE,mHAAmH;QAC5H,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,wDAAwD;QACrE,OAAO,EACL,yGAAyG;QAC3G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,yFAAyF;QAC9F,OAAO,EAAE,wLAAwL;QACjM,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,qDAAqD;QAClE,OAAO,EACL,iIAAiI;QACnI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,gGAAgG;QACrG,OAAO,EAAE,yJAAyJ;QAClK,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,kFAAkF;QACpF,OAAO,EACL,sFAAsF;QACxF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oHAAoH;QACzH,OAAO,EAAE,2NAA2N;QACpO,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;CACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"database.d.ts","sourceRoot":"","sources":["../../../src/data/rules/database.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,aAAa,EAAE,YAAY,
|
|
1
|
+
{"version":3,"file":"database.d.ts","sourceRoot":"","sources":["../../../src/data/rules/database.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,aAAa,EAAE,YAAY,EAqHvC,CAAC"}
|
|
@@ -87,5 +87,17 @@ export const databaseRules = [
|
|
|
87
87
|
fixCode: '// Server-side only\n"use server";\nconst adminClient = createClient(url, process.env.SUPABASE_SERVICE_ROLE_KEY!);',
|
|
88
88
|
compliance: ["SOC2:CC6.1", "HIPAA:§164.312(a)"],
|
|
89
89
|
},
|
|
90
|
+
{
|
|
91
|
+
id: "VG438",
|
|
92
|
+
name: "Supabase Public Storage Bucket",
|
|
93
|
+
severity: "high",
|
|
94
|
+
owasp: "A01:2025 Broken Access Control",
|
|
95
|
+
description: "Supabase storage bucket created with public: true. Without proper RLS policies, all files are accessible to anyone.",
|
|
96
|
+
pattern: /createBucket\s*\(\s*['"][^'"]+['"]\s*,\s*\{[\s\S]{0,200}?public\s*:\s*true/g,
|
|
97
|
+
languages: ["javascript", "typescript"],
|
|
98
|
+
fix: "Add storage RLS policies in Supabase Dashboard. Limit file types and sizes.",
|
|
99
|
+
fixCode: '// Create bucket with auth requirement\nconst { data } = await supabase.storage.createBucket("avatars", {\n public: false, // require auth\n fileSizeLimit: 5 * 1024 * 1024, // 5MB\n allowedMimeTypes: ["image/png", "image/jpeg"],\n});',
|
|
100
|
+
compliance: ["SOC2:CC6.1"],
|
|
101
|
+
},
|
|
90
102
|
];
|
|
91
103
|
//# sourceMappingURL=database.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"database.js","sourceRoot":"","sources":["../../../src/data/rules/database.ts"],"names":[],"mappings":"AAEA,uDAAuD;AACvD,MAAM,CAAC,MAAM,aAAa,GAAmB;IAC3C;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4GAA4G;QAC9G,OAAO,EAAE,6EAA6E;QACtF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4FAA4F;QACjG,OAAO,EACL,kJAAkJ;QACpJ,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD,2EAA2E;IAC3E,uFAAuF;IACvF,iFAAiF;IACjF;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,4BAA4B;QAClC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,gIAAgI;QAClI,OAAO,EAAE,oDAAoD;QAC7D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,2DAA2D;QAChE,OAAO,EACL,gJAAgJ;QAClJ,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,2HAA2H;QAC7H,OAAO,EAAE,+CAA+C;QACxD,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,0DAA0D;QAC/D,OAAO,EACL,oGAAoG;QACtG,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,kHAAkH;QACpH,OAAO,EAAE,+DAA+D;QACxE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,8DAA8D;QACnE,OAAO,EACL,+JAA+J;QACjK,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,0HAA0H;QAC5H,OAAO,EAAE,4EAA4E;QACrF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,uFAAuF;QAC5F,OAAO,EACL,qLAAqL;QACvL,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,+EAA+E;QACjF,OAAO,EACL,mFAAmF;QACrF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,OAAO,CAAC;QAChD,GAAG,EAAE,qEAAqE;QAC1E,OAAO,EACL,uIAAuI;QACzI,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,qCAAqC;QAC3C,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,mHAAmH;QACrH,OAAO,EAAE,6EAA6E;QACtF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,gDAAgD;QACrD,OAAO,EACL,oHAAoH;QACtH,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;CACF,CAAC"}
|
|
1
|
+
{"version":3,"file":"database.js","sourceRoot":"","sources":["../../../src/data/rules/database.ts"],"names":[],"mappings":"AAEA,uDAAuD;AACvD,MAAM,CAAC,MAAM,aAAa,GAAmB;IAC3C;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4GAA4G;QAC9G,OAAO,EAAE,6EAA6E;QACtF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4FAA4F;QACjG,OAAO,EACL,kJAAkJ;QACpJ,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD,2EAA2E;IAC3E,uFAAuF;IACvF,iFAAiF;IACjF;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,4BAA4B;QAClC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,gIAAgI;QAClI,OAAO,EAAE,oDAAoD;QAC7D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,2DAA2D;QAChE,OAAO,EACL,gJAAgJ;QAClJ,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,2HAA2H;QAC7H,OAAO,EAAE,+CAA+C;QACxD,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,0DAA0D;QAC/D,OAAO,EACL,oGAAoG;QACtG,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,kHAAkH;QACpH,OAAO,EAAE,+DAA+D;QACxE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,8DAA8D;QACnE,OAAO,EACL,+JAA+J;QACjK,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,0HAA0H;QAC5H,OAAO,EAAE,4EAA4E;QACrF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,uFAAuF;QAC5F,OAAO,EACL,qLAAqL;QACvL,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,+EAA+E;QACjF,OAAO,EACL,mFAAmF;QACrF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,OAAO,CAAC;QAChD,GAAG,EAAE,qEAAqE;QAC1E,OAAO,EACL,uIAAuI;QACzI,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,qCAAqC;QAC3C,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,mHAAmH;QACrH,OAAO,EAAE,6EAA6E;QACtF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,gDAAgD;QACrD,OAAO,EACL,oHAAoH;QACtH,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,gCAAgC;QACtC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,qHAAqH;QACvH,OAAO,EAAE,6EAA6E;QACtF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,6EAA6E;QAClF,OAAO,EACL,8OAA8O;QAChP,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;CACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/data/rules/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/data/rules/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAqB/C,eAAO,MAAM,UAAU,qCAoBtB,CAAC;AAGF,eAAO,MAAM,YAAY,qCAAa,CAAC"}
|
|
@@ -13,6 +13,10 @@ import { webSecurityRules } from "./web-security.js";
|
|
|
13
13
|
import { reactNativeRules } from "./react-native.js";
|
|
14
14
|
import { firebaseRules } from "./firebase.js";
|
|
15
15
|
import { otherServiceRules } from "./other-services.js";
|
|
16
|
+
import { shellRules } from "./shell.js";
|
|
17
|
+
import { sqlRules } from "./sql.js";
|
|
18
|
+
import { aiSecurityRules } from "./ai-security.js";
|
|
19
|
+
import { supplyChainRules } from "./supply-chain.js";
|
|
16
20
|
export const owaspRules = [
|
|
17
21
|
...coreRules,
|
|
18
22
|
...goRules,
|
|
@@ -29,6 +33,10 @@ export const owaspRules = [
|
|
|
29
33
|
...reactNativeRules,
|
|
30
34
|
...firebaseRules,
|
|
31
35
|
...otherServiceRules,
|
|
36
|
+
...shellRules,
|
|
37
|
+
...sqlRules,
|
|
38
|
+
...aiSecurityRules,
|
|
39
|
+
...supplyChainRules,
|
|
32
40
|
];
|
|
33
41
|
// Alias for clarity — these are the built-in rules without plugins
|
|
34
42
|
export const builtinRules = owaspRules;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/data/rules/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/data/rules/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACpC,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAErD,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,GAAG,SAAS;IACZ,GAAG,OAAO;IACV,GAAG,eAAe;IAClB,GAAG,SAAS;IACZ,GAAG,cAAc;IACjB,GAAG,WAAW;IACd,GAAG,SAAS;IACZ,GAAG,aAAa;IAChB,GAAG,eAAe;IAClB,GAAG,YAAY;IACf,GAAG,YAAY;IACf,GAAG,gBAAgB;IACnB,GAAG,gBAAgB;IACnB,GAAG,aAAa;IAChB,GAAG,iBAAiB;IACpB,GAAG,UAAU;IACb,GAAG,QAAQ;IACX,GAAG,eAAe;IAClB,GAAG,gBAAgB;CACpB,CAAC;AAEF,mEAAmE;AACnE,MAAM,CAAC,MAAM,YAAY,GAAG,UAAU,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"nextjs.d.ts","sourceRoot":"","sources":["../../../src/data/rules/nextjs.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,WAAW,EAAE,YAAY,
|
|
1
|
+
{"version":3,"file":"nextjs.d.ts","sourceRoot":"","sources":["../../../src/data/rules/nextjs.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,WAAW,EAAE,YAAY,EAiMrC,CAAC"}
|
|
@@ -144,5 +144,17 @@ export const nextjsRules = [
|
|
|
144
144
|
fixCode: "# .env.local — WRONG\n# NEXT_PUBLIC_SECRET_KEY=sk_live_xxx\n\n# .env.local — CORRECT\nSECRET_KEY=sk_live_xxx\n# Access server-side only: process.env.SECRET_KEY",
|
|
145
145
|
compliance: ["SOC2:CC6.1", "PCI-DSS:Req2.3", "HIPAA:§164.312(a)"],
|
|
146
146
|
},
|
|
147
|
+
{
|
|
148
|
+
id: "VG412",
|
|
149
|
+
name: "Server Action Returns Full Database Object",
|
|
150
|
+
severity: "high",
|
|
151
|
+
owasp: "A01:2025 Broken Access Control",
|
|
152
|
+
description: "Server Action returns a full database query result without field selection. Sensitive fields (passwordHash, internalNotes) get serialized to the client.",
|
|
153
|
+
pattern: /["']use server["'][\s\S]{0,800}?(?:findUnique|findFirst|findMany)\s*\([^)]*\)\s*;?\s*\n\s*return/g,
|
|
154
|
+
languages: ["javascript", "typescript"],
|
|
155
|
+
fix: "Always use select to return only needed fields from Server Actions.",
|
|
156
|
+
fixCode: '"use server";\nexport async function getUser(id: string) {\n return prisma.user.findUnique({\n where: { id },\n select: { id: true, name: true, email: true },\n });\n}',
|
|
157
|
+
compliance: ["SOC2:CC6.1", "HIPAA:§164.312(a)"],
|
|
158
|
+
},
|
|
147
159
|
];
|
|
148
160
|
//# sourceMappingURL=nextjs.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"nextjs.js","sourceRoot":"","sources":["../../../src/data/rules/nextjs.ts"],"names":[],"mappings":"AAEA,iDAAiD;AACjD,MAAM,CAAC,MAAM,WAAW,GAAmB;IACzC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4KAA4K;QAC9K,OAAO,EAAE,oEAAoE;QAC7E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,sIAAsI;QAC3I,OAAO,EACL,uLAAuL;QACzL,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,+GAA+G;QACjH,OAAO,EACL,oJAAoJ;QACtJ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,kFAAkF;QACvF,OAAO,EACL,sPAAsP;QACxP,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,0IAA0I;QAC5I,OAAO,EACL,+KAA+K;QACjL,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,mEAAmE;QACxE,OAAO,EACL,uMAAuM;QACzM,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,uHAAuH;QACzH,OAAO,EACL,4GAA4G;QAC9G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,gEAAgE;QACrE,OAAO,EACL,kLAAkL;QACpL,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yGAAyG;QAC3G,OAAO,EAAE,yDAAyD;QAClE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,2DAA2D;QAChE,OAAO,EACL,4GAA4G;QAC9G,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,yCAAyC;QAC/C,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,0HAA0H;QAC5H,OAAO,EACL,6EAA6E;QAC/E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4DAA4D;QACjE,OAAO,EACL,mTAAmT;QACrT,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,yHAAyH;QAC3H,OAAO,EACL,4JAA4J;QAC9J,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,qFAAqF;QAC1F,OAAO,EACL,+RAA+R;QACjS,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,+GAA+G;QACjH,OAAO,EACL,2FAA2F;QAC7F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oFAAoF;QACzF,OAAO,EACL,yNAAyN;QAC3N,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,uLAAuL;QACzL,OAAO,EAAE,qDAAqD;QAC9D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oFAAoF;QACzF,OAAO,EACL,oOAAoO;QACtO,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,qIAAqI;QACvI,OAAO,EACL,qFAAqF;QACvF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iEAAiE;QACtE,OAAO,EACL,+RAA+R;QACjS,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,iCAAiC;QACvC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yIAAyI;QAC3I,OAAO,EACL,0IAA0I;QAC5I,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,uEAAuE;QAC5E,OAAO,EACL,oRAAoR;QACtR,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,2LAA2L;QAC7L,OAAO,EACL,6FAA6F;QAC/F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,OAAO,CAAC;QAChD,GAAG,EAAE,iFAAiF;QACtF,OAAO,EACL,iKAAiK;QACnK,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;CACF,CAAC"}
|
|
1
|
+
{"version":3,"file":"nextjs.js","sourceRoot":"","sources":["../../../src/data/rules/nextjs.ts"],"names":[],"mappings":"AAEA,iDAAiD;AACjD,MAAM,CAAC,MAAM,WAAW,GAAmB;IACzC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4KAA4K;QAC9K,OAAO,EAAE,oEAAoE;QAC7E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,sIAAsI;QAC3I,OAAO,EACL,uLAAuL;QACzL,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,+GAA+G;QACjH,OAAO,EACL,oJAAoJ;QACtJ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,kFAAkF;QACvF,OAAO,EACL,sPAAsP;QACxP,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,0IAA0I;QAC5I,OAAO,EACL,+KAA+K;QACjL,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,mEAAmE;QACxE,OAAO,EACL,uMAAuM;QACzM,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,uHAAuH;QACzH,OAAO,EACL,4GAA4G;QAC9G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,gEAAgE;QACrE,OAAO,EACL,kLAAkL;QACpL,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yGAAyG;QAC3G,OAAO,EAAE,yDAAyD;QAClE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,2DAA2D;QAChE,OAAO,EACL,4GAA4G;QAC9G,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,yCAAyC;QAC/C,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,0HAA0H;QAC5H,OAAO,EACL,6EAA6E;QAC/E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4DAA4D;QACjE,OAAO,EACL,mTAAmT;QACrT,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,yHAAyH;QAC3H,OAAO,EACL,4JAA4J;QAC9J,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,qFAAqF;QAC1F,OAAO,EACL,+RAA+R;QACjS,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,+GAA+G;QACjH,OAAO,EACL,2FAA2F;QAC7F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oFAAoF;QACzF,OAAO,EACL,yNAAyN;QAC3N,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,uLAAuL;QACzL,OAAO,EAAE,qDAAqD;QAC9D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oFAAoF;QACzF,OAAO,EACL,oOAAoO;QACtO,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,qIAAqI;QACvI,OAAO,EACL,qFAAqF;QACvF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iEAAiE;QACtE,OAAO,EACL,+RAA+R;QACjS,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,iCAAiC;QACvC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yIAAyI;QAC3I,OAAO,EACL,0IAA0I;QAC5I,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,uEAAuE;QAC5E,OAAO,EACL,oRAAoR;QACtR,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,2LAA2L;QAC7L,OAAO,EACL,6FAA6F;QAC/F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,OAAO,CAAC;QAChD,GAAG,EAAE,iFAAiF;QACtF,OAAO,EACL,iKAAiK;QACnK,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,4CAA4C;QAClD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,0JAA0J;QAC5J,OAAO,EACL,mGAAmG;QACrG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,qEAAqE;QAC1E,OAAO,EACL,iLAAiL;QACnL,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;CACF,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"shell.d.ts","sourceRoot":"","sources":["../../../src/data/rules/shell.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/C,eAAO,MAAM,UAAU,EAAE,YAAY,EAuEpC,CAAC"}
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
export const shellRules = [
|
|
2
|
+
{
|
|
3
|
+
id: "VG500",
|
|
4
|
+
name: "Pipe to shell execution",
|
|
5
|
+
severity: "critical",
|
|
6
|
+
owasp: "A02:2025 Injection",
|
|
7
|
+
description: "Piping downloaded content directly to a shell interpreter (curl|bash, wget|sh) executes arbitrary remote code without inspection.",
|
|
8
|
+
pattern: /(?:curl|wget)\s+[^|]*\|\s*(?:bash|sh|zsh|ksh|dash|source\s+\/dev\/stdin)|base64\s+(?:-d|--decode)\s+[^|]*\|\s*(?:bash|sh)/gi,
|
|
9
|
+
languages: ["shell"],
|
|
10
|
+
fix: "Download the script first, inspect it, then execute: curl -o script.sh URL && chmod +x script.sh && ./script.sh",
|
|
11
|
+
fixCode: "# Download first, inspect, then run\ncurl -fsSL https://example.com/install.sh -o install.sh\ncat install.sh # inspect it\nchmod +x install.sh\n./install.sh",
|
|
12
|
+
compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
|
|
13
|
+
},
|
|
14
|
+
{
|
|
15
|
+
id: "VG501",
|
|
16
|
+
name: "Dangerous file permissions",
|
|
17
|
+
severity: "high",
|
|
18
|
+
owasp: "A01:2025 Broken Access Control",
|
|
19
|
+
description: "chmod 777 or overly permissive permissions (o+w) make files world-writable, creating a security risk.",
|
|
20
|
+
pattern: /chmod\s+(?:777|666|a\+w|o\+w)\s+/gi,
|
|
21
|
+
languages: ["shell"],
|
|
22
|
+
fix: "Use least-privilege permissions. Typical: 755 for executables, 644 for files, 700 for private dirs.",
|
|
23
|
+
fixCode: "# Use restrictive permissions\nchmod 755 script.sh # owner rwx, others rx\nchmod 644 config.txt # owner rw, others r\nchmod 700 ~/.ssh # owner only",
|
|
24
|
+
compliance: ["SOC2:CC6.1", "PCI-DSS:Req7"],
|
|
25
|
+
},
|
|
26
|
+
{
|
|
27
|
+
id: "VG502",
|
|
28
|
+
name: "Destructive rm command",
|
|
29
|
+
severity: "critical",
|
|
30
|
+
owasp: "A05:2025 Security Misconfiguration",
|
|
31
|
+
description: "rm -rf on root or system directories can destroy the entire filesystem.",
|
|
32
|
+
pattern: /rm\s+-[a-zA-Z]*r[a-zA-Z]*f[a-zA-Z]*\s+(?:\/\s|\/\*|\/etc|\/usr|\/var|\/home|\/boot|\/sys|\/proc|\$\{?\w*\}?\s*\/)/gi,
|
|
33
|
+
languages: ["shell"],
|
|
34
|
+
fix: "Never rm -rf system directories. Use safeguards: check variables are non-empty before deletion.",
|
|
35
|
+
fixCode: '# Always guard rm -rf with variable checks\nif [ -n "$DIR" ] && [ "$DIR" != "/" ]; then\n rm -rf "$DIR"\nfi\n\n# Or use safe-rm: apt install safe-rm',
|
|
36
|
+
compliance: ["SOC2:CC7.1"],
|
|
37
|
+
},
|
|
38
|
+
{
|
|
39
|
+
id: "VG503",
|
|
40
|
+
name: "Password in command line",
|
|
41
|
+
severity: "critical",
|
|
42
|
+
owasp: "A07:2025 Auth Failures",
|
|
43
|
+
description: "Passing passwords via echo/pipe to sudo or as command-line arguments exposes them in process lists and shell history.",
|
|
44
|
+
pattern: /(?:echo\s+['"]?[^'"|\n]+['"]?\s*\|\s*sudo\s+-[Ss]|(?:mysql|psql|mongosh?)\s+.*-p\s*['"]?\w+['"]?)/gi,
|
|
45
|
+
languages: ["shell"],
|
|
46
|
+
fix: "Use SSH keys, sudo NOPASSWD for CI, or credential files instead of inline passwords.",
|
|
47
|
+
fixCode: "# Use sudoers NOPASSWD for CI\n# visudo: user ALL=(ALL) NOPASSWD: /usr/bin/apt\n\n# Use .pgpass for PostgreSQL\necho 'host:5432:db:user:pass' > ~/.pgpass\nchmod 600 ~/.pgpass\n\n# Use mysql_config_editor for MySQL\nmysql_config_editor set --login-path=local --password",
|
|
48
|
+
compliance: ["SOC2:CC6.1", "PCI-DSS:Req8", "HIPAA:§164.312(a)"],
|
|
49
|
+
},
|
|
50
|
+
{
|
|
51
|
+
id: "VG504",
|
|
52
|
+
name: "Unsafe eval/exec in shell",
|
|
53
|
+
severity: "high",
|
|
54
|
+
owasp: "A02:2025 Injection",
|
|
55
|
+
description: "Using eval with variables in shell scripts can lead to code injection if the variable contains malicious input.",
|
|
56
|
+
pattern: /\beval\s+['"]?\$[\{(]?\w+/gi,
|
|
57
|
+
languages: ["shell"],
|
|
58
|
+
fix: "Avoid eval with variables. Use arrays or direct execution instead.",
|
|
59
|
+
fixCode: '# Instead of: eval "$cmd"\n# Use arrays:\ncmd=(ls -la /tmp)\n"${cmd[@]}"\n\n# Or case-based dispatch:\ncase "$action" in\n start) start_service ;;\n stop) stop_service ;;\nesac',
|
|
60
|
+
compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
|
|
61
|
+
},
|
|
62
|
+
];
|
|
63
|
+
//# sourceMappingURL=shell.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"shell.js","sourceRoot":"","sources":["../../../src/data/rules/shell.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,UAAU,GAAmB;IACxC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,mIAAmI;QACrI,OAAO,EAAE,6HAA6H;QACtI,SAAS,EAAE,CAAC,OAAO,CAAC;QACpB,GAAG,EAAE,iHAAiH;QACtH,OAAO,EACL,+JAA+J;QACjK,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,4BAA4B;QAClC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,uGAAuG;QACzG,OAAO,EAAE,oCAAoC;QAC7C,SAAS,EAAE,CAAC,OAAO,CAAC;QACpB,GAAG,EAAE,qGAAqG;QAC1G,OAAO,EACL,gKAAgK;QAClK,UAAU,EAAE,CAAC,YAAY,EAAE,cAAc,CAAC;KAC3C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,yEAAyE;QAC3E,OAAO,EAAE,qHAAqH;QAC9H,SAAS,EAAE,CAAC,OAAO,CAAC;QACpB,GAAG,EAAE,iGAAiG;QACtG,OAAO,EACL,uJAAuJ;QACzJ,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EACT,uHAAuH;QACzH,OAAO,EAAE,qGAAqG;QAC9G,SAAS,EAAE,CAAC,OAAO,CAAC;QACpB,GAAG,EAAE,sFAAsF;QAC3F,OAAO,EACL,8QAA8Q;QAChR,UAAU,EAAE,CAAC,YAAY,EAAE,cAAc,EAAE,mBAAmB,CAAC;KAChE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,2BAA2B;QACjC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,iHAAiH;QACnH,OAAO,EAAE,6BAA6B;QACtC,SAAS,EAAE,CAAC,OAAO,CAAC;QACpB,GAAG,EAAE,oEAAoE;QACzE,OAAO,EACL,oLAAoL;QACtL,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;CACF,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sql.d.ts","sourceRoot":"","sources":["../../../src/data/rules/sql.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/C,eAAO,MAAM,QAAQ,EAAE,YAAY,EAyDlC,CAAC"}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
export const sqlRules = [
|
|
2
|
+
{
|
|
3
|
+
id: "VG510",
|
|
4
|
+
name: "Destructive DDL statement",
|
|
5
|
+
severity: "critical",
|
|
6
|
+
owasp: "A01:2025 Broken Access Control",
|
|
7
|
+
description: "DROP TABLE/DATABASE in SQL can permanently destroy data. Ensure this is intentional and authorized.",
|
|
8
|
+
pattern: /\b(?:DROP\s+(?:TABLE|DATABASE|SCHEMA|INDEX|VIEW)\s+(?:IF\s+EXISTS\s+)?)/gi,
|
|
9
|
+
languages: ["sql"],
|
|
10
|
+
fix: "Use migrations for schema changes. Restrict DROP privileges to admin roles only. Always backup before destructive DDL.",
|
|
11
|
+
fixCode: "-- Use migrations instead of raw DROP\n-- In a migration file:\nALTER TABLE users RENAME TO users_backup;\n\n-- Restrict privileges\nREVOKE DROP ON SCHEMA public FROM app_user;",
|
|
12
|
+
compliance: ["SOC2:CC6.1", "PCI-DSS:Req7"],
|
|
13
|
+
},
|
|
14
|
+
{
|
|
15
|
+
id: "VG511",
|
|
16
|
+
name: "Dangerous GRANT statement",
|
|
17
|
+
severity: "critical",
|
|
18
|
+
owasp: "A01:2025 Broken Access Control",
|
|
19
|
+
description: "GRANT ALL PRIVILEGES or GRANT with wildcard grants excessive permissions. Follow the principle of least privilege.",
|
|
20
|
+
pattern: /\bGRANT\s+ALL\s+(?:PRIVILEGES\s+)?ON\s+/gi,
|
|
21
|
+
languages: ["sql"],
|
|
22
|
+
fix: "Grant only the specific privileges needed: GRANT SELECT, INSERT ON table TO role.",
|
|
23
|
+
fixCode: "-- Least privilege: grant only what's needed\nGRANT SELECT, INSERT ON users TO app_role;\n\n-- Never: GRANT ALL PRIVILEGES ON *.* TO 'user'@'%';",
|
|
24
|
+
compliance: ["SOC2:CC6.1", "PCI-DSS:Req7", "HIPAA:§164.312(a)"],
|
|
25
|
+
},
|
|
26
|
+
{
|
|
27
|
+
id: "VG512",
|
|
28
|
+
name: "DELETE/UPDATE without WHERE",
|
|
29
|
+
severity: "high",
|
|
30
|
+
owasp: "A01:2025 Broken Access Control",
|
|
31
|
+
description: "DELETE or UPDATE without a WHERE clause affects all rows in the table, which is almost always unintentional.",
|
|
32
|
+
pattern: /\b(?:DELETE\s+FROM\s+\w+\s*;|UPDATE\s+\w+\s+SET\s+(?:(?!WHERE)[^;])*;)/gi,
|
|
33
|
+
languages: ["sql"],
|
|
34
|
+
fix: "Always include a WHERE clause. For bulk operations, use explicit WHERE 1=1 to show intent.",
|
|
35
|
+
fixCode: "-- Always include WHERE\nDELETE FROM sessions WHERE expired_at < NOW();\n\n-- If you really want all rows, be explicit\nDELETE FROM temp_data WHERE 1=1; -- explicit intent",
|
|
36
|
+
compliance: ["SOC2:CC7.1"],
|
|
37
|
+
},
|
|
38
|
+
{
|
|
39
|
+
id: "VG513",
|
|
40
|
+
name: "SQL comment injection / stacked queries",
|
|
41
|
+
severity: "high",
|
|
42
|
+
owasp: "A02:2025 Injection",
|
|
43
|
+
description: "SQL comment markers (--) or stacked queries (;) combined with suspicious keywords suggest SQL injection payload.",
|
|
44
|
+
pattern: /;\s*(?:DROP|DELETE|INSERT|UPDATE|ALTER|GRANT|REVOKE|EXEC|EXECUTE|UNION)\b/gi,
|
|
45
|
+
languages: ["sql"],
|
|
46
|
+
fix: "Use parameterized queries. Never concatenate user input into SQL. Use an ORM where possible.",
|
|
47
|
+
fixCode: "-- Use parameterized queries in application code\n-- Node.js: db.query('SELECT * FROM users WHERE id = $1', [id])\n-- Python: cursor.execute('SELECT * FROM users WHERE id = %s', (id,))",
|
|
48
|
+
compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
|
|
49
|
+
},
|
|
50
|
+
];
|
|
51
|
+
//# sourceMappingURL=sql.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sql.js","sourceRoot":"","sources":["../../../src/data/rules/sql.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,QAAQ,GAAmB;IACtC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,2BAA2B;QACjC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,qGAAqG;QACvG,OAAO,EAAE,2EAA2E;QACpF,SAAS,EAAE,CAAC,KAAK,CAAC;QAClB,GAAG,EAAE,wHAAwH;QAC7H,OAAO,EACL,kLAAkL;QACpL,UAAU,EAAE,CAAC,YAAY,EAAE,cAAc,CAAC;KAC3C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,2BAA2B;QACjC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,oHAAoH;QACtH,OAAO,EAAE,2CAA2C;QACpD,SAAS,EAAE,CAAC,KAAK,CAAC;QAClB,GAAG,EAAE,mFAAmF;QACxF,OAAO,EACL,kJAAkJ;QACpJ,UAAU,EAAE,CAAC,YAAY,EAAE,cAAc,EAAE,mBAAmB,CAAC;KAChE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,8GAA8G;QAChH,OAAO,EAAE,0EAA0E;QACnF,SAAS,EAAE,CAAC,KAAK,CAAC;QAClB,GAAG,EAAE,4FAA4F;QACjG,OAAO,EACL,8KAA8K;QAChL,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,yCAAyC;QAC/C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,kHAAkH;QACpH,OAAO,EAAE,6EAA6E;QACtF,SAAS,EAAE,CAAC,KAAK,CAAC;QAClB,GAAG,EAAE,8FAA8F;QACnG,OAAO,EACL,0LAA0L;QAC5L,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;CACF,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"supply-chain.d.ts","sourceRoot":"","sources":["../../../src/data/rules/supply-chain.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,gBAAgB,EAAE,YAAY,EA+B1C,CAAC"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
// Supply chain and package security rules
|
|
2
|
+
export const supplyChainRules = [
|
|
3
|
+
{
|
|
4
|
+
id: "VG860",
|
|
5
|
+
name: "Malicious postinstall Script",
|
|
6
|
+
severity: "critical",
|
|
7
|
+
owasp: "A03:2025 Software Supply Chain Failures",
|
|
8
|
+
description: "postinstall or preinstall script contains network requests, eval, or exec. This is the #1 npm supply chain attack vector.",
|
|
9
|
+
pattern: /["'](?:post|pre)install["']\s*:\s*["'][^"']*(?:curl|wget|http|https|eval|exec|node\s+-e|sh\s+-c|bash\s+-c)/gi,
|
|
10
|
+
languages: ["json"],
|
|
11
|
+
fix: "Review postinstall scripts carefully. Remove or replace packages with suspicious install scripts.",
|
|
12
|
+
fixCode: '// Safe: no network/exec in install scripts\n"scripts": {\n "postinstall": "prisma generate"\n}\n\n// DANGEROUS: network calls in install\n// "postinstall": "node -e \\"require(\'https\').get(...)\\""',
|
|
13
|
+
compliance: ["SOC2:CC7.1"],
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
id: "VG861",
|
|
17
|
+
name: "GitHub Actions persist-credentials Not Disabled",
|
|
18
|
+
severity: "medium",
|
|
19
|
+
owasp: "A01:2025 Broken Access Control",
|
|
20
|
+
description: "actions/checkout with persist-credentials enabled (default: true) leaves Git credentials on the runner. Third-party actions in later steps can push to your repository.",
|
|
21
|
+
pattern: /uses:\s*actions\/checkout@[\s\S]{0,200}?uses:\s*(?!actions\/)[^\s]+@/g,
|
|
22
|
+
languages: ["yaml"],
|
|
23
|
+
fix: "Add persist-credentials: false to actions/checkout when using third-party actions.",
|
|
24
|
+
fixCode: "- uses: actions/checkout@v4\n with:\n persist-credentials: false",
|
|
25
|
+
compliance: ["SOC2:CC6.1"],
|
|
26
|
+
},
|
|
27
|
+
];
|
|
28
|
+
//# sourceMappingURL=supply-chain.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"supply-chain.js","sourceRoot":"","sources":["../../../src/data/rules/supply-chain.ts"],"names":[],"mappings":"AAEA,0CAA0C;AAC1C,MAAM,CAAC,MAAM,gBAAgB,GAAmB;IAC9C;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,yCAAyC;QAChD,WAAW,EACT,2HAA2H;QAC7H,OAAO,EACL,8GAA8G;QAChH,SAAS,EAAE,CAAC,MAAM,CAAC;QACnB,GAAG,EAAE,mGAAmG;QACxG,OAAO,EACL,2MAA2M;QAC7M,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,iDAAiD;QACvD,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yKAAyK;QAC3K,OAAO,EACL,uEAAuE;QACzE,SAAS,EAAE,CAAC,MAAM,CAAC;QACnB,GAAG,EAAE,oFAAoF;QACzF,OAAO,EACL,sEAAsE;QACxE,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;CACF,CAAC"}
|
|
@@ -67,7 +67,7 @@ export const secretPatterns = [
|
|
|
67
67
|
},
|
|
68
68
|
{
|
|
69
69
|
provider: "NEXT_PUBLIC_ Secret Exposure",
|
|
70
|
-
pattern: /NEXT_PUBLIC_[A-Z_]*(?:SECRET|
|
|
70
|
+
pattern: /NEXT_PUBLIC_[A-Z_]*(?:SECRET|PRIVATE_KEY|SERVICE_ROLE|PASSWORD|CREDENTIAL)[A-Z_]*\s*=/gi,
|
|
71
71
|
severity: "high",
|
|
72
72
|
fix: "Remove NEXT_PUBLIC_ prefix — it exposes the value to the browser. Use server-side environment variables instead.",
|
|
73
73
|
},
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secret-patterns.js","sourceRoot":"","sources":["../../src/data/secret-patterns.ts"],"names":[],"mappings":"AAOA,MAAM,CAAC,MAAM,cAAc,GAAoB;IAC7C;QACE,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,mBAAmB;QAC5B,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,wGAAwG;KAC9G;IACD;QACE,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,+EAA+E;QACxF,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,wEAAwE;KAC9E;IACD;QACE,QAAQ,EAAE,cAAc;QACxB,OAAO,EAAE,4CAA4C;QACrD,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,0FAA0F;KAChG;IACD;QACE,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,4EAA4E;KAClF;IACD;QACE,QAAQ,EAAE,iBAAiB;QAC3B,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,yEAAyE;KAC/E;IACD;QACE,QAAQ,EAAE,6BAA6B;QACvC,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,QAAQ;QAClB,GAAG,EAAE,mFAAmF;KACzF;IACD;QACE,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,MAAM;QAChB,GAAG,EAAE,sEAAsE;KAC5E;IACD;QACE,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,+BAA+B;QACxC,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,0EAA0E;KAChF;IACD;QACE,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,oBAAoB;QAC7B,QAAQ,EAAE,MAAM;QAChB,GAAG,EAAE,uCAAuC;KAC7C;IACD;QACE,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,2CAA2C;QACpD,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,mDAAmD;KACzD;IACD;QACE,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,gDAAgD;QACzD,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,wEAAwE;KAC9E;IACD;QACE,QAAQ,EAAE,8BAA8B;QACxC,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"secret-patterns.js","sourceRoot":"","sources":["../../src/data/secret-patterns.ts"],"names":[],"mappings":"AAOA,MAAM,CAAC,MAAM,cAAc,GAAoB;IAC7C;QACE,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,mBAAmB;QAC5B,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,wGAAwG;KAC9G;IACD;QACE,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,+EAA+E;QACxF,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,wEAAwE;KAC9E;IACD;QACE,QAAQ,EAAE,cAAc;QACxB,OAAO,EAAE,4CAA4C;QACrD,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,0FAA0F;KAChG;IACD;QACE,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,4EAA4E;KAClF;IACD;QACE,QAAQ,EAAE,iBAAiB;QAC3B,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,yEAAyE;KAC/E;IACD;QACE,QAAQ,EAAE,6BAA6B;QACvC,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,QAAQ;QAClB,GAAG,EAAE,mFAAmF;KACzF;IACD;QACE,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,MAAM;QAChB,GAAG,EAAE,sEAAsE;KAC5E;IACD;QACE,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,+BAA+B;QACxC,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,0EAA0E;KAChF;IACD;QACE,QAAQ,EAAE,gBAAgB;QAC1B,OAAO,EAAE,oBAAoB;QAC7B,QAAQ,EAAE,MAAM;QAChB,GAAG,EAAE,uCAAuC;KAC7C;IACD;QACE,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,2CAA2C;QACpD,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,mDAAmD;KACzD;IACD;QACE,QAAQ,EAAE,aAAa;QACvB,OAAO,EAAE,gDAAgD;QACzD,QAAQ,EAAE,UAAU;QACpB,GAAG,EAAE,wEAAwE;KAC9E;IACD;QACE,QAAQ,EAAE,8BAA8B;QACxC,OAAO,EAAE,yFAAyF;QAClG,QAAQ,EAAE,MAAM;QAChB,GAAG,EAAE,kHAAkH;KACxH;CACF,CAAC;AAEF,MAAM,UAAU,gBAAgB,CAAC,GAAW;IAC1C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvC,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;QACrB,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACxC,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC;QAC7B,OAAO,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
package/build/index.js
CHANGED
|
@@ -18,13 +18,13 @@ import { builtinRules } from "./data/rules/index.js";
|
|
|
18
18
|
import { loadConfig } from "./utils/config.js";
|
|
19
19
|
const server = new McpServer({
|
|
20
20
|
name: "guardvibe",
|
|
21
|
-
version: "0.
|
|
21
|
+
version: "0.11.0",
|
|
22
22
|
});
|
|
23
23
|
// Tool 1: Analyze code for security vulnerabilities
|
|
24
24
|
server.tool("check_code", "Analyze code for security vulnerabilities (OWASP Top 10, XSS, SQL injection, insecure patterns). Use this when reviewing or writing code to catch security issues early.", {
|
|
25
25
|
code: z.string().describe("The code snippet to analyze"),
|
|
26
26
|
language: z
|
|
27
|
-
.enum(["javascript", "typescript", "python", "go", "dockerfile", "html", "sql", "shell", "yaml", "terraform"])
|
|
27
|
+
.enum(["javascript", "typescript", "python", "go", "dockerfile", "html", "sql", "shell", "yaml", "terraform", "firestore"])
|
|
28
28
|
.describe("Programming language of the code"),
|
|
29
29
|
framework: z
|
|
30
30
|
.string()
|
package/build/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;IAC3B,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,QAAQ;CAClB,CAAC,CAAC;AAEH,oDAAoD;AACpD,MAAM,CAAC,IAAI,CACT,YAAY,EACZ,0KAA0K,EAC1K;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;IACxD,QAAQ,EAAE,CAAC;SACR,IAAI,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;IAC3B,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,QAAQ;CAClB,CAAC,CAAC;AAEH,oDAAoD;AACpD,MAAM,CAAC,IAAI,CACT,YAAY,EACZ,0KAA0K,EAC1K;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;IACxD,QAAQ,EAAE,CAAC;SACR,IAAI,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;SAC1H,QAAQ,CAAC,kCAAkC,CAAC;IAC/C,SAAS,EAAE,CAAC;SACT,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,kEAAkE,CAAC;IAC/E,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE;IAC9C,MAAM,KAAK,GAAI,UAAkB,CAAC,iBAA+C,CAAC;IAClF,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IAC1F,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,2DAA2D;AAC3D,MAAM,CAAC,IAAI,CACT,eAAe,EACf,iKAAiK,EACjK;IACE,KAAK,EAAE,CAAC;SACL,KAAK,CACJ,CAAC,CAAC,MAAM,CAAC;QACP,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;QACjE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;KACjD,CAAC,CACH;SACA,QAAQ,CAAC,0CAA0C,CAAC;IACvD,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE;IAC1B,MAAM,KAAK,GAAI,UAAkB,CAAC,iBAA+C,CAAC;IAClF,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACnD,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,iFAAiF;AACjF,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,8IAA8I,EAC9I;IACE,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,QAAQ,CACP,mIAAmI,CACpI;CACJ,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;IAClB,MAAM,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACpC,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;KACxC,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,uDAAuD;AACvD,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;IACxE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC9D,SAAS,EAAE,CAAC;SACT,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;SAC3B,OAAO,CAAC,KAAK,CAAC;SACd,QAAQ,CAAC,mBAAmB,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,IAAI,CACT,oBAAoB,EACpB,sKAAsK,EACtK;IACE,QAAQ,EAAE,CAAC,CAAC,UAAU,CACpB,CAAC,GAAG,EAAE,EAAE;QACN,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,EACD,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CACvB,CAAC,QAAQ,CAAC,yDAAyD,CAAC;CACtE,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;IACrB,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAClD,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,0EAA0E;AAC1E,MAAM,CAAC,IAAI,CACT,gBAAgB,EAChB,gMAAgM,EAChM;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IACvE,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAC/E,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,mCAAmC,CAAC;IACjG,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE;IAC7C,MAAM,KAAK,GAAI,UAAkB,CAAC,iBAA+C,CAAC;IAClF,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACvE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,gEAAgE;AAChE,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,mLAAmL,EACnL;IACE,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2EAA2E,CAAC;IAC/G,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,EAAE,EAAE;IAClC,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;IAC9D,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,6DAA6D;AAC7D,MAAM,CAAC,IAAI,CACT,cAAc,EACd,mKAAmK,EACnK;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC3D,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAC/E,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE;IACpC,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IACrD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,kDAAkD;AAClD,MAAM,CAAC,IAAI,CACT,aAAa,EACb,+KAA+K,EAC/K;IACE,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;IACnB,MAAM,KAAK,GAAI,UAAkB,CAAC,iBAA+C,CAAC;IAClF,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACzD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,sDAAsD;AACtD,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,wJAAwJ,EACxJ;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IAC9C,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,sBAAsB,CAAC;IACvF,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE;IACpC,MAAM,KAAK,GAAI,UAAkB,CAAC,iBAA+C,CAAC;IAClF,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACjE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,sDAAsD;AACtD,MAAM,CAAC,IAAI,CACT,cAAc,EACd,uIAAuI,EACvI;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;CAC/C,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;IACjB,MAAM,KAAK,GAAI,UAAkB,CAAC,iBAA+C,CAAC;IAClF,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACzC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,mDAAmD;AACnD,MAAM,CAAC,IAAI,CACT,sBAAsB,EACtB,8KAA8K,EAC9K;IACE,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,2EAA2E,CAAC;IACnH,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE;IAC7B,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC3D,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,KAAK,UAAU,IAAI;IACjB,eAAe;IACf,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IAErE,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,KAAK,CAAC,sBAAsB,OAAO,CAAC,MAAM,CAAC,MAAM,eAAe,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACvG,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACjC,OAAO,CAAC,KAAK,CAAC,+BAA+B,GAAG,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,gCAAgC;IAChC,MAAM,QAAQ,GAAmB,CAAC,GAAG,YAAY,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;IAErE,wBAAwB;IACxB,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,MAAa,EAClB,KAAK,EAAE,KAAU,EAAE,EAAE;YACnB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YACzC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;QAChE,CAAC,CACF,CAAC;IACJ,CAAC;IAED,uCAAuC;IACtC,UAAkB,CAAC,iBAAiB,GAAG,QAAQ,CAAC;IAEjD,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;AAClE,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check-code.d.ts","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,KAAK,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAGvE,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,YAAY,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd;AAgCD,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,EAClB,KAAK,CAAC,EAAE,YAAY,EAAE,GACrB,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"check-code.d.ts","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,KAAK,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAGvE,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,YAAY,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd;AAgCD,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,EAClB,KAAK,CAAC,EAAE,YAAY,EAAE,GACrB,OAAO,EAAE,CAyCX;AAED,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAkB/F;AAED,wBAAgB,SAAS,CACvB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,EAClB,MAAM,GAAE,UAAU,GAAG,MAAmB,EACxC,KAAK,CAAC,EAAE,YAAY,EAAE,GACrB,MAAM,CAYR"}
|
|
@@ -33,11 +33,12 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
|
|
|
33
33
|
// Config: skip disabled rules
|
|
34
34
|
if (config.rules.disable.includes(rule.id))
|
|
35
35
|
continue;
|
|
36
|
-
// Skip CI/CD rules
|
|
36
|
+
// Skip CI/CD rules: when filePath is given, require .github/workflows path.
|
|
37
|
+
// When no filePath (MCP call), allow if language is yaml.
|
|
37
38
|
if (rule.id.startsWith("VG21") && filePath && !filePath.includes(".github/workflows"))
|
|
38
39
|
continue;
|
|
39
|
-
if (rule.id.startsWith("VG21") && !filePath)
|
|
40
|
-
continue;
|
|
40
|
+
if (rule.id.startsWith("VG21") && !filePath && language !== "yaml")
|
|
41
|
+
continue;
|
|
41
42
|
rule.pattern.lastIndex = 0;
|
|
42
43
|
// Apply severity override from config
|
|
43
44
|
const effectiveRule = config.rules.severity[rule.id]
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check-code.js","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAqB,MAAM,wBAAwB,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAahD,SAAS,yBAAyB,CAAC,KAAe;IAChD,MAAM,YAAY,GAAkB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,0EAA0E,CAAC;IAE3F,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACrC,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAChC,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAC;QAEnE,IAAI,UAAU,EAAE,CAAC;YACf,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACtE,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACtE,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,gBAAgB,CAAC,YAA2B,EAAE,IAAY,EAAE,MAAc;IACjF,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,MAAM,KAAK,IAAI,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC;AAC/F,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,IAAY,EACZ,QAAgB,EAChB,SAAkB,EAClB,QAAiB,EACjB,SAAkB,EAClB,KAAsB;IAEtB,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,YAAY,GAAG,yBAAyB,CAAC,KAAK,CAAC,CAAC;IAEtD,MAAM,cAAc,GAAG,KAAK,IAAI,UAAU,CAAC;IAE3C,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEjD,8BAA8B;QAC9B,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAAE,SAAS;QAErD,
|
|
1
|
+
{"version":3,"file":"check-code.js","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAqB,MAAM,wBAAwB,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAahD,SAAS,yBAAyB,CAAC,KAAe;IAChD,MAAM,YAAY,GAAkB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,0EAA0E,CAAC;IAE3F,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACrC,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAChC,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAC;QAEnE,IAAI,UAAU,EAAE,CAAC;YACf,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACtE,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACtE,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,gBAAgB,CAAC,YAA2B,EAAE,IAAY,EAAE,MAAc;IACjF,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,MAAM,KAAK,IAAI,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC;AAC/F,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,IAAY,EACZ,QAAgB,EAChB,SAAkB,EAClB,QAAiB,EACjB,SAAkB,EAClB,KAAsB;IAEtB,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,YAAY,GAAG,yBAAyB,CAAC,KAAK,CAAC,CAAC;IAEtD,MAAM,cAAc,GAAG,KAAK,IAAI,UAAU,CAAC;IAE3C,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEjD,8BAA8B;QAC9B,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAAE,SAAS;QAErD,4EAA4E;QAC5E,0DAA0D;QAC1D,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,QAAQ,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAAE,SAAS;QAChG,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,QAAQ,KAAK,MAAM;YAAE,SAAS;QAC7E,IAAI,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAE3B,sCAAsC;QACtC,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAClD,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAQ,EAAE;YAC9D,CAAC,CAAC,IAAI,CAAC;QAET,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAClD,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACnD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAElD,IAAI,gBAAgB,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,CAAC,EAAE,CAAC;gBAAE,SAAS;YAElE,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,aAAa;gBACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;gBAChC,IAAI,EAAE,UAAU;aACjB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,QAAmB,EAAE,KAA+B;IACrF,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAC7E,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACrE,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IACzE,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM,CAAC;IAEnE,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,OAAO,EAAE;YACP,KAAK,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG;YACnD,OAAO,EAAE,QAAQ,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC;YACjC,GAAG,KAAK;SACT;QACD,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC3B,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ;YAC3D,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK;YACjD,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU;SACxE,CAAC,CAAC;KACJ,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,SAAS,CACvB,IAAY,EACZ,QAAgB,EAChB,SAAkB,EAClB,QAAiB,EACjB,SAAkB,EAClB,SAA8B,UAAU,EACxC,KAAsB;IAEtB,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;IAEpF,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,kBAAkB,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,iBAAiB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB,EAAE,SAAkB;IAC7D,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,KAAK,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/C,OAAO;QACL,6BAA6B;QAC7B,EAAE;QACF,iBAAiB,QAAQ,GAAG,GAAG,EAAE;QACjC,yCAAyC;QACzC,EAAE;QACF,mDAAmD;QACnD,6CAA6C;QAC7C,mDAAmD;QACnD,yCAAyC;QACzC,sCAAsC;KACvC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CACnB,QAAmB,EACnB,QAAgB,EAChB,SAAkB;IAElB,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,KAAK,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAE/C,oBAAoB;IACpB,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAE3E,4BAA4B;IAC5B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAqB,CAAC;IAC7C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,CAAC,EAAE,SAAS,CAAC,EAAE,EAAE;QACvF,OAAO,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC/F,CAAC,CAAC,CAAC;IAEH,+EAA+E;IAC/E,MAAM,WAAW,GAAG,QAAQ,CAAC;IAC7B,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACvF,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC/E,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IAEnF,MAAM,KAAK,GAAG;QACZ,6BAA6B;QAC7B,EAAE;QACF,iBAAiB,QAAQ,GAAG,GAAG,EAAE;QACjC,qBAAqB,WAAW,CAAC,MAAM,EAAE;QACzC,kBAAkB,aAAa,cAAc,SAAS,UAAU,WAAW,SAAS;QACpF,EAAE;QACF,KAAK;QACL,EAAE;KACH,CAAC;IAEF,KAAK,MAAM,CAAC,EAAE,aAAa,CAAC,IAAI,YAAY,EAAE,CAAC;QAC7C,MAAM,KAAK,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,IAAI,GACR,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU;YAChC,CAAC,CAAC,UAAU;YACZ,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM;gBAC9B,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ;oBAChC,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,KAAK,CAAC;QAEhB,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnE,KAAK,CAAC,IAAI,CACR,OAAO,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG,EACpD,EAAE,EACF,cAAc,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAChC,oBAAoB,aAAa,CAAC,MAAM,YAAY,QAAQ,GAAG,EAC/D,wBAAwB,KAAK,CAAC,KAAK,IAAI,EACvC,EAAE,EACF,KAAK,CAAC,IAAI,CAAC,WAAW,EACtB,EAAE,EACF,YAAY,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,EAC5B,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAC/F,EAAE,EACF,KAAK,EACL,EAAE,CACH,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,oCAAoC;YACpC,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;gBACpC,KAAK,CAAC,IAAI,CACR,OAAO,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EACxD,EAAE,EACF,cAAc,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,EAClC,cAAc,OAAO,CAAC,IAAI,EAAE,EAC5B,gBAAgB,OAAO,CAAC,KAAK,IAAI,EACjC,EAAE,EACF,OAAO,CAAC,IAAI,CAAC,WAAW,EACxB,EAAE,EACF,YAAY,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,EAC9B,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EACnG,EAAE,EACF,KAAK,EACL,EAAE,CACH,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"export-sarif.js","sourceRoot":"","sources":["../../src/tools/export-sarif.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACxD,OAAO,EAAE,WAAW,EAAgB,MAAM,iBAAiB,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAGhD,MAAM,aAAa,GAA2B;IAC5C,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM;IAC7C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;IAC/C,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW;CACpD,CAAC;AAEF,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa;IAChE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ;CACvC,CAAC,CAAC;AAEH,SAAS,OAAO,CAAC,GAAW,EAAE,QAAqB,EAAE,OAAiB;IACpE,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QAAC,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO;IAAC,CAAC;IAC9E,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,OAAO,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9C,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC9D,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAcD,SAAS,eAAe,CAAC,QAAgB;IACvC,IAAI,QAAQ,KAAK,UAAU,IAAI,QAAQ,KAAK,MAAM;QAAE,OAAO,OAAO,CAAC;IACnE,IAAI,QAAQ,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IAC5C,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,IAAY,EAAE,KAAsB;IAC9D,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,gBAAgB,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IACxE,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,OAAO,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAEvC,MAAM,UAAU,GAAkB,EAAE,CAAC;IAErC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChC,IAAI,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW;gBAAE,SAAS;YAClD,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAChD,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;YAC5C,IAAI,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;YAClC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,UAAU,CAAC,YAAY,CAAC;gBAAE,QAAQ,GAAG,YAAY,CAAC;YACtF,IAAI,CAAC,QAAQ;gBAAE,SAAS;YAExB,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;YAEtF,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;gBACzB,UAAU,CAAC,IAAI,CAAC;oBACd,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE;oBACjB,KAAK,EAAE,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;oBACvC,OAAO,EAAE;wBACP,IAAI,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,WAAW,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE;qBACjE;oBACD,SAAS,EAAE,CAAC;4BACV,gBAAgB,EAAE;gCAChB,gBAAgB,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE;gCACnC,MAAM,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,IAAI,EAAE;6BAC9B;yBACF,CAAC;iBACH,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;IACxB,CAAC;IAED,qEAAqE;IACrE,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;IAC5D,MAAM,UAAU,GAAG,UAAU;SAC1B,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;SACnC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACT,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,gBAAgB,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE;QAClC,eAAe,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE;QACxC,OAAO,EAAE,uBAAuB;QAChC,UAAU,EAAE;YACV,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;YACf,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtD;KACF,CAAC,CAAC,CAAC;IAEN,MAAM,KAAK,GAAG;QACZ,OAAO,EAAE,sGAAsG;QAC/G,OAAO,EAAE,OAAO;QAChB,IAAI,EAAE,CAAC;gBACL,IAAI,EAAE;oBACJ,MAAM,EAAE;wBACN,IAAI,EAAE,WAAW;wBACjB,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"export-sarif.js","sourceRoot":"","sources":["../../src/tools/export-sarif.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACxD,OAAO,EAAE,WAAW,EAAgB,MAAM,iBAAiB,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAGhD,MAAM,aAAa,GAA2B;IAC5C,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM;IAC7C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;IAC/C,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW;CACpD,CAAC;AAEF,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa;IAChE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ;CACvC,CAAC,CAAC;AAEH,SAAS,OAAO,CAAC,GAAW,EAAE,QAAqB,EAAE,OAAiB;IACpE,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QAAC,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO;IAAC,CAAC;IAC9E,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,OAAO,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9C,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC9D,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAcD,SAAS,eAAe,CAAC,QAAgB;IACvC,IAAI,QAAQ,KAAK,UAAU,IAAI,QAAQ,KAAK,MAAM;QAAE,OAAO,OAAO,CAAC;IACnE,IAAI,QAAQ,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IAC5C,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,IAAY,EAAE,KAAsB;IAC9D,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,gBAAgB,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IACxE,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,OAAO,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAEvC,MAAM,UAAU,GAAkB,EAAE,CAAC;IAErC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChC,IAAI,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW;gBAAE,SAAS;YAClD,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAChD,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;YAC5C,IAAI,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;YAClC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,UAAU,CAAC,YAAY,CAAC;gBAAE,QAAQ,GAAG,YAAY,CAAC;YACtF,IAAI,CAAC,QAAQ;gBAAE,SAAS;YAExB,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;YAEtF,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;gBACzB,UAAU,CAAC,IAAI,CAAC;oBACd,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE;oBACjB,KAAK,EAAE,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;oBACvC,OAAO,EAAE;wBACP,IAAI,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,WAAW,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE;qBACjE;oBACD,SAAS,EAAE,CAAC;4BACV,gBAAgB,EAAE;gCAChB,gBAAgB,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE;gCACnC,MAAM,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,IAAI,EAAE;6BAC9B;yBACF,CAAC;iBACH,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;IACxB,CAAC;IAED,qEAAqE;IACrE,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;IAC5D,MAAM,UAAU,GAAG,UAAU;SAC1B,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;SACnC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACT,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,gBAAgB,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE;QAClC,eAAe,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE;QACxC,OAAO,EAAE,uBAAuB;QAChC,UAAU,EAAE;YACV,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;YACf,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtD;KACF,CAAC,CAAC,CAAC;IAEN,MAAM,KAAK,GAAG;QACZ,OAAO,EAAE,sGAAsG;QAC/G,OAAO,EAAE,OAAO;QAChB,IAAI,EAAE,CAAC;gBACL,IAAI,EAAE;oBACJ,MAAM,EAAE;wBACN,IAAI,EAAE,WAAW;wBACjB,OAAO,EAAE,QAAQ;wBACjB,cAAc,EAAE,uBAAuB;wBACvC,KAAK,EAAE,UAAU;qBAClB;iBACF;gBACD,OAAO,EAAE,UAAU;aACpB,CAAC;KACH,CAAC;IAEF,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACxC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "guardvibe",
|
|
3
|
-
"version": "0.
|
|
4
|
-
"description": "Security MCP for vibe coding.
|
|
3
|
+
"version": "0.11.0",
|
|
4
|
+
"description": "Security MCP for vibe coding. 170+ rules for Next.js, React Native, Expo, Firebase, Supabase, Stripe, Clerk, Prisma, Vercel, and the full AI-generated web + mobile stack.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
7
7
|
"guardvibe": "build/index.js",
|