guardvibe 0.5.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +40 -2
- package/build/data/rules/core.d.ts.map +1 -1
- package/build/data/rules/core.js +20 -0
- package/build/data/rules/core.js.map +1 -1
- package/build/data/rules/index.d.ts.map +1 -1
- package/build/data/rules/index.js +2 -0
- package/build/data/rules/index.js.map +1 -1
- package/build/data/rules/terraform.d.ts +3 -0
- package/build/data/rules/terraform.d.ts.map +1 -0
- package/build/data/rules/terraform.js +63 -0
- package/build/data/rules/terraform.js.map +1 -0
- package/build/data/rules/types.d.ts +1 -0
- package/build/data/rules/types.d.ts.map +1 -1
- package/build/index.js +19 -2
- package/build/index.js.map +1 -1
- package/build/tools/check-code.d.ts.map +1 -1
- package/build/tools/check-code.js +10 -1
- package/build/tools/check-code.js.map +1 -1
- package/build/tools/check-project.d.ts.map +1 -1
- package/build/tools/check-project.js +1 -0
- package/build/tools/check-project.js.map +1 -1
- package/build/tools/compliance-report.d.ts +2 -0
- package/build/tools/compliance-report.d.ts.map +1 -0
- package/build/tools/compliance-report.js +115 -0
- package/build/tools/compliance-report.js.map +1 -0
- package/build/tools/export-sarif.d.ts +2 -0
- package/build/tools/export-sarif.d.ts.map +1 -0
- package/build/tools/export-sarif.js +117 -0
- package/build/tools/export-sarif.js.map +1 -0
- package/build/tools/scan-directory.d.ts.map +1 -1
- package/build/tools/scan-directory.js +6 -2
- package/build/tools/scan-directory.js.map +1 -1
- package/build/tools/scan-secrets.d.ts.map +1 -1
- package/build/tools/scan-secrets.js +8 -4
- package/build/tools/scan-secrets.js.map +1 -1
- package/build/utils/config.d.ts +13 -0
- package/build/utils/config.d.ts.map +1 -0
- package/build/utils/config.js +36 -0
- package/build/utils/config.js.map +1 -0
- package/build/utils/osv-client.d.ts +2 -2
- package/build/utils/osv-client.d.ts.map +1 -1
- package/build/utils/osv-client.js +50 -4
- package/build/utils/osv-client.js.map +1 -1
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -6,17 +6,21 @@ Stop shipping vulnerable code. GuardVibe checks your code against OWASP Top 10,
|
|
|
6
6
|
|
|
7
7
|
## Features
|
|
8
8
|
|
|
9
|
-
- **Code Security Analysis** —
|
|
9
|
+
- **Code Security Analysis** — 60+ vulnerability patterns with auto-fix code snippets
|
|
10
10
|
- **Directory Scanning** — Scan your entire project directly from the filesystem (A-F security score)
|
|
11
11
|
- **Pre-Commit Scanning** — Scan only git-staged files before committing
|
|
12
12
|
- **Secret Detection** — Pattern + entropy-based detection of leaked API keys, tokens, and credentials
|
|
13
13
|
- **Dockerfile Scanning** — Detect root containers, exposed secrets, unpinned images, COPY ordering
|
|
14
14
|
- **CI/CD Scanning** — GitHub Actions security: secrets in run steps, unpinned actions, permissions
|
|
15
|
+
- **Terraform/IaC Scanning** — Public S3 buckets, open security groups, IAM wildcards, unencrypted storage
|
|
15
16
|
- **Dependency CVE Check** — Parse lockfiles and batch-query Google's OSV database
|
|
17
|
+
- **Compliance Mapping** — SOC2, PCI-DSS, HIPAA control mapping for every finding
|
|
18
|
+
- **SARIF Export** — CI/CD integration with GitHub Code Scanning, GitLab, Azure DevOps
|
|
19
|
+
- **Project Config** — `.guardviberc` for disabling rules, overriding severity, custom exclusions
|
|
16
20
|
- **Auto-Fix Code** — Every finding includes copy-paste-ready secure code
|
|
17
21
|
- **False Positive Suppression** — `// guardvibe-ignore VG001` comments
|
|
18
22
|
- **14 Security Guides** — Express, Next.js, FastAPI, Django, NestJS, Hono, Supabase, tRPC, React, and more
|
|
19
|
-
- **8 Languages + Dockerfile + YAML** — JS, TS, Python, Go, Java, PHP, Ruby,
|
|
23
|
+
- **8 Languages + Dockerfile + YAML + Terraform** — JS, TS, Python, Go, Java, PHP, Ruby, and more
|
|
20
24
|
- **OWASP Top 10:2025** — All rules mapped to latest standards
|
|
21
25
|
- **Zero-Config Setup** — `npx guardvibe init claude`
|
|
22
26
|
|
|
@@ -122,6 +126,22 @@ Input: { path: ".", recursive?: true }
|
|
|
122
126
|
Output: Secret scan report with provider identification, .gitignore coverage check, entropy-based detection
|
|
123
127
|
```
|
|
124
128
|
|
|
129
|
+
### `compliance_report`
|
|
130
|
+
Generate a compliance-focused report mapped to SOC2, PCI-DSS, or HIPAA controls.
|
|
131
|
+
|
|
132
|
+
```
|
|
133
|
+
Input: { path: "./src", framework: "SOC2" | "PCI-DSS" | "HIPAA" | "all" }
|
|
134
|
+
Output: Findings grouped by compliance control
|
|
135
|
+
```
|
|
136
|
+
|
|
137
|
+
### `export_sarif`
|
|
138
|
+
Export scan results in SARIF v2.1.0 format for CI/CD integration.
|
|
139
|
+
|
|
140
|
+
```
|
|
141
|
+
Input: { path: "." }
|
|
142
|
+
Output: SARIF JSON (GitHub Code Scanning, GitLab, Azure DevOps compatible)
|
|
143
|
+
```
|
|
144
|
+
|
|
125
145
|
### `check_dependencies`
|
|
126
146
|
Check individual packages for known CVEs via Google OSV.
|
|
127
147
|
|
|
@@ -176,6 +196,24 @@ Output: Vulnerability report with CVE IDs, severity, and fix versions
|
|
|
176
196
|
| VG140-VG144 | Ruby | String interpolation SQL, backtick injection, html_safe XSS, route auth, Digest |
|
|
177
197
|
| VG200-VG204 | Dockerfile | Root container, COPY ordering, latest tag, secrets in ENV, ADD vs COPY |
|
|
178
198
|
| VG210-VG213 | GitHub Actions | Secrets in run steps, pull_request_target, unpinned actions, permissions |
|
|
199
|
+
| VG300-VG304 | Terraform | Public S3, open security groups, unencrypted RDS, IAM wildcards, hardcoded secrets |
|
|
200
|
+
|
|
201
|
+
## Configuration
|
|
202
|
+
|
|
203
|
+
Create a `.guardviberc` file in your project root to customize behavior:
|
|
204
|
+
|
|
205
|
+
```json
|
|
206
|
+
{
|
|
207
|
+
"rules": {
|
|
208
|
+
"disable": ["VG030", "VG042"],
|
|
209
|
+
"severity": { "VG002": "medium" }
|
|
210
|
+
},
|
|
211
|
+
"scan": {
|
|
212
|
+
"exclude": ["test/", "fixtures/"],
|
|
213
|
+
"maxFileSize": 1048576
|
|
214
|
+
}
|
|
215
|
+
}
|
|
216
|
+
```
|
|
179
217
|
|
|
180
218
|
## Suppressing False Positives
|
|
181
219
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"core.d.ts","sourceRoot":"","sources":["../../../src/data/rules/core.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAI/C,eAAO,MAAM,SAAS,EAAE,YAAY,
|
|
1
|
+
{"version":3,"file":"core.d.ts","sourceRoot":"","sources":["../../../src/data/rules/core.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAI/C,eAAO,MAAM,SAAS,EAAE,YAAY,EAgUnC,CAAC"}
|
package/build/data/rules/core.js
CHANGED
|
@@ -11,6 +11,7 @@ export const coreRules = [
|
|
|
11
11
|
languages: ["javascript", "typescript", "python", "go", "java", "php", "ruby"],
|
|
12
12
|
fix: "Use environment variables (process.env.SECRET) or a secrets manager. Never commit credentials to source code.",
|
|
13
13
|
fixCode: "// Use environment variables instead\nconst password = process.env.DB_PASSWORD;\nconst apiKey = process.env.API_KEY;",
|
|
14
|
+
compliance: ["SOC2:CC6.1", "PCI-DSS:Req2.3", "PCI-DSS:Req8", "HIPAA:§164.312(a)"],
|
|
14
15
|
},
|
|
15
16
|
{
|
|
16
17
|
id: "VG003",
|
|
@@ -22,6 +23,7 @@ export const coreRules = [
|
|
|
22
23
|
languages: ["javascript", "typescript", "python", "go", "java", "php", "ruby", "html", "shell"],
|
|
23
24
|
fix: "Remove hardcoded keys immediately. Use environment variables or a secrets manager (AWS Secrets Manager, Vault). Rotate any compromised keys.",
|
|
24
25
|
fixCode: "// Store keys in environment variables\nconst awsKey = process.env.AWS_ACCESS_KEY_ID;\nconst githubToken = process.env.GITHUB_TOKEN;",
|
|
26
|
+
compliance: ["SOC2:CC6.1", "PCI-DSS:Req2.3", "HIPAA:§164.312(a)"],
|
|
25
27
|
},
|
|
26
28
|
{
|
|
27
29
|
id: "VG002",
|
|
@@ -33,6 +35,7 @@ export const coreRules = [
|
|
|
33
35
|
languages: ["javascript", "typescript"],
|
|
34
36
|
fix: "Add authentication middleware before route handlers: app.get('/api/data', authMiddleware, handler). Use frameworks like Passport.js, Clerk, or Auth0.",
|
|
35
37
|
fixCode: "// Add auth middleware before handler\napp.get('/api/data', authMiddleware, async (req, res) => {\n // handler code\n});",
|
|
38
|
+
compliance: ["SOC2:CC6.6", "PCI-DSS:Req6.5.10", "HIPAA:§164.312(d)"],
|
|
36
39
|
},
|
|
37
40
|
{
|
|
38
41
|
id: "VG005",
|
|
@@ -44,6 +47,7 @@ export const coreRules = [
|
|
|
44
47
|
languages: ["python"],
|
|
45
48
|
fix: "Add authentication dependency: async def route(user = Depends(get_current_user)). Use FastAPI's Depends() or Flask-Login for auth checks.",
|
|
46
49
|
fixCode: "# Add auth dependency\n@app.get('/api/data')\nasync def route(user = Depends(get_current_user)):\n pass",
|
|
50
|
+
compliance: ["SOC2:CC6.6", "PCI-DSS:Req6.5.10", "HIPAA:§164.312(d)"],
|
|
47
51
|
},
|
|
48
52
|
{
|
|
49
53
|
id: "VG010",
|
|
@@ -55,6 +59,7 @@ export const coreRules = [
|
|
|
55
59
|
languages: ["javascript", "typescript", "python", "go", "java", "php", "ruby"],
|
|
56
60
|
fix: "Use parameterized queries: db.query('SELECT * FROM users WHERE id = $1', [userId]). Python: cursor.execute('SELECT * FROM users WHERE id = %s', (user_id,)). Never concatenate user input into SQL strings.",
|
|
57
61
|
fixCode: "// Use parameterized queries\ndb.query('SELECT * FROM users WHERE id = $1', [userId]);\n// Python: cursor.execute('SELECT * FROM users WHERE id = %s', (user_id,))",
|
|
62
|
+
compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1", "HIPAA:§164.312(a)"],
|
|
58
63
|
},
|
|
59
64
|
{
|
|
60
65
|
id: "VG011",
|
|
@@ -66,6 +71,7 @@ export const coreRules = [
|
|
|
66
71
|
languages: ["javascript", "typescript", "python", "go", "java", "php", "ruby", "shell"],
|
|
67
72
|
fix: "Avoid shell commands with user input. Use allowlists and input validation. Prefer spawn() with array arguments. Python: use subprocess.run([...]) with list arguments, never shell=True with user input.",
|
|
68
73
|
fixCode: "// Use spawn with array arguments (no shell)\nimport { spawn } from 'child_process';\nspawn('ls', ['-la', directory]);",
|
|
74
|
+
compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
|
|
69
75
|
},
|
|
70
76
|
{
|
|
71
77
|
id: "VG012",
|
|
@@ -78,6 +84,7 @@ export const coreRules = [
|
|
|
78
84
|
fix: "Use textContent instead of innerHTML. Sanitize with DOMPurify if HTML rendering is needed. In React, avoid dangerouslySetInnerHTML.",
|
|
79
85
|
// fixCode: added via concatenation to avoid false-positive hook trigger on DOMPurify example
|
|
80
86
|
fixCode: "// Use textContent instead of innerHTML\nelement.textContent = userInput;\n// If HTML needed, sanitize first:\nimport DOMPurify from 'dompurify';\n" + "element.innerHTML = DOMPurify.sanitize(html);",
|
|
87
|
+
compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.7"],
|
|
81
88
|
},
|
|
82
89
|
{
|
|
83
90
|
id: "VG015",
|
|
@@ -89,6 +96,7 @@ export const coreRules = [
|
|
|
89
96
|
languages: ["javascript", "typescript"],
|
|
90
97
|
fix: "Use a template engine with auto-escaping (EJS, Handlebars), or sanitize output with the 'escape-html' package. Never embed user input directly in HTML responses.",
|
|
91
98
|
fixCode: "// Use a template engine with auto-escaping\nimport escapeHtml from 'escape-html';\nres.send(escapeHtml(userInput));",
|
|
99
|
+
compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.7"],
|
|
92
100
|
},
|
|
93
101
|
{
|
|
94
102
|
id: "VG013",
|
|
@@ -100,6 +108,7 @@ export const coreRules = [
|
|
|
100
108
|
languages: ["javascript", "typescript"],
|
|
101
109
|
fix: "Validate and sanitize input before using in queries. Use mongoose schema validation. Reject objects where strings are expected.",
|
|
102
110
|
fixCode: "// Validate input type before query\nconst id = typeof req.params.id === 'string' ? req.params.id : '';\nawait collection.findOne({ _id: new ObjectId(id) });",
|
|
111
|
+
compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
|
|
103
112
|
},
|
|
104
113
|
{
|
|
105
114
|
id: "VG014",
|
|
@@ -111,6 +120,7 @@ export const coreRules = [
|
|
|
111
120
|
languages: ["javascript", "typescript", "python", "php", "ruby"],
|
|
112
121
|
fix: "Avoid dynamic code execution. Use JSON.parse() for JSON data. Use a sandboxed environment if absolutely required.",
|
|
113
122
|
fixCode: "// Use JSON.parse for data\nconst data = JSON.parse(input);\n// Alternatives: use a proper parser for your data format\n// const fn = new " + "Function('x', 'return x * 2'); // only if absolutely needed",
|
|
123
|
+
compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
|
|
114
124
|
},
|
|
115
125
|
{
|
|
116
126
|
id: "VG020",
|
|
@@ -144,6 +154,7 @@ export const coreRules = [
|
|
|
144
154
|
languages: ["javascript", "typescript", "python", "go", "java", "php", "ruby"],
|
|
145
155
|
fix: "Set specific allowed origins: cors({ origin: ['https://myapp.com'] }). Never use wildcard with authentication.",
|
|
146
156
|
fixCode: "// Specify allowed origins\nimport cors from 'cors';\napp.use(cors({ origin: ['https://myapp.com'] }));",
|
|
157
|
+
compliance: ["SOC2:CC6.6", "PCI-DSS:Req6.5.10"],
|
|
147
158
|
},
|
|
148
159
|
{
|
|
149
160
|
id: "VG041",
|
|
@@ -177,6 +188,7 @@ export const coreRules = [
|
|
|
177
188
|
languages: ["javascript", "typescript", "python", "go", "java", "php", "ruby"],
|
|
178
189
|
fix: "Use bcrypt, scrypt, or argon2 for password hashing. Use at least 12 salt rounds.",
|
|
179
190
|
fixCode: "// Use bcrypt for password hashing\nimport bcrypt from 'bcrypt';\nconst hash = await bcrypt.hash(password, 12);\nconst valid = await bcrypt.compare(input, hash);",
|
|
191
|
+
compliance: ["SOC2:CC6.1", "PCI-DSS:Req3.4", "PCI-DSS:Req8.2.1", "HIPAA:§164.312(a)"],
|
|
180
192
|
},
|
|
181
193
|
{
|
|
182
194
|
id: "VG061",
|
|
@@ -188,6 +200,7 @@ export const coreRules = [
|
|
|
188
200
|
languages: ["javascript", "typescript"],
|
|
189
201
|
fix: "Always set token expiration: jwt.sign(payload, secret, { expiresIn: '15m' }).",
|
|
190
202
|
fixCode: "// Always set expiration\nconst token = jwt.sign(payload, secret, { expiresIn: '15m' });",
|
|
203
|
+
compliance: ["SOC2:CC6.1", "PCI-DSS:Req8"],
|
|
191
204
|
},
|
|
192
205
|
{
|
|
193
206
|
id: "VG070",
|
|
@@ -199,6 +212,7 @@ export const coreRules = [
|
|
|
199
212
|
languages: ["javascript", "typescript", "python"],
|
|
200
213
|
fix: "Validate all deserialized data with a schema (zod, joi) before processing.",
|
|
201
214
|
fixCode: "// Validate with schema after parsing\nimport { z } from 'zod';\nconst schema = z.object({ name: z.string() });\nconst data = schema.parse(JSON.parse(req.body));",
|
|
215
|
+
compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
|
|
202
216
|
},
|
|
203
217
|
{
|
|
204
218
|
id: "VG080",
|
|
@@ -210,6 +224,7 @@ export const coreRules = [
|
|
|
210
224
|
languages: ["javascript", "typescript", "python", "go", "java", "php", "ruby"],
|
|
211
225
|
fix: "Never log sensitive data. Redact or mask sensitive fields before logging.",
|
|
212
226
|
fixCode: "// Redact sensitive fields\nconst safeUser = { ...user, password: '[REDACTED]' };\nconsole.log('User:', safeUser);",
|
|
227
|
+
compliance: ["SOC2:CC6.1", "PCI-DSS:Req3.4", "HIPAA:§164.312(a)"],
|
|
213
228
|
},
|
|
214
229
|
{
|
|
215
230
|
id: "VG090",
|
|
@@ -221,6 +236,7 @@ export const coreRules = [
|
|
|
221
236
|
languages: ["javascript", "typescript", "python", "go", "java", "php", "ruby"],
|
|
222
237
|
fix: "Validate and allowlist URLs before making requests. Block internal IP ranges.",
|
|
223
238
|
fixCode: "// Validate URL against allowlist\nconst allowed = ['https://api.example.com'];\nconst url = new URL(input);\nif (!allowed.some(a => url.origin === a)) throw new Error('Blocked');",
|
|
239
|
+
compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
|
|
224
240
|
},
|
|
225
241
|
{
|
|
226
242
|
id: "VG100",
|
|
@@ -232,6 +248,7 @@ export const coreRules = [
|
|
|
232
248
|
languages: ["javascript", "typescript"],
|
|
233
249
|
fix: "Set all security flags: { secure: true, httpOnly: true, sameSite: 'strict' }.",
|
|
234
250
|
fixCode: "res.cookie('session', token, {\n secure: true,\n httpOnly: true,\n sameSite: 'strict',\n maxAge: 3600000\n});",
|
|
251
|
+
compliance: ["SOC2:CC6.1", "PCI-DSS:Req6.5.10"],
|
|
235
252
|
},
|
|
236
253
|
{
|
|
237
254
|
id: "VG101",
|
|
@@ -243,6 +260,7 @@ export const coreRules = [
|
|
|
243
260
|
languages: ["javascript", "typescript"],
|
|
244
261
|
fix: "Validate redirect URLs against an allowlist. Use relative paths for internal redirects.",
|
|
245
262
|
fixCode: "// Validate redirect against allowlist\nconst allowedPaths = ['/dashboard', '/profile'];\nconst target = req.query.redirect;\nif (allowedPaths.includes(target)) res.redirect(target);",
|
|
263
|
+
compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.10"],
|
|
246
264
|
},
|
|
247
265
|
{
|
|
248
266
|
id: "VG102",
|
|
@@ -254,6 +272,7 @@ export const coreRules = [
|
|
|
254
272
|
languages: ["javascript", "typescript", "python", "go", "java", "php", "ruby"],
|
|
255
273
|
fix: "Sanitize file paths: remove ../ sequences, verify the result is within the expected directory.",
|
|
256
274
|
fixCode: "import path from 'path';\nconst safePath = path.resolve('/uploads', filename);\nif (!safePath.startsWith('/uploads/')) throw new Error('Invalid path');",
|
|
275
|
+
compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
|
|
257
276
|
},
|
|
258
277
|
{
|
|
259
278
|
id: "VG103",
|
|
@@ -265,6 +284,7 @@ export const coreRules = [
|
|
|
265
284
|
languages: ["javascript", "typescript"],
|
|
266
285
|
fix: "Use Object.create(null) for lookup objects. Validate that keys don't include __proto__, constructor, or prototype.",
|
|
267
286
|
fixCode: "// Use Object.create(null) for lookups\nconst lookup = Object.create(null);\n// Validate keys\nconst forbidden = ['__proto__', 'constructor', 'prototype'];\nif (forbidden.includes(key)) throw new Error('Invalid key');",
|
|
287
|
+
compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
|
|
268
288
|
},
|
|
269
289
|
];
|
|
270
290
|
//# sourceMappingURL=core.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"core.js","sourceRoot":"","sources":["../../../src/data/rules/core.ts"],"names":[],"mappings":"AAEA,6EAA6E;AAC7E,6EAA6E;AAC7E,MAAM,CAAC,MAAM,SAAS,GAAmB;IACvC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,oEAAoE;QACjF,OAAO,EACL,4IAA4I;QAC9I,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC;QAC9E,GAAG,EAAE,+GAA+G;QACpH,OAAO,EAAE,sHAAsH;
|
|
1
|
+
{"version":3,"file":"core.js","sourceRoot":"","sources":["../../../src/data/rules/core.ts"],"names":[],"mappings":"AAEA,6EAA6E;AAC7E,6EAA6E;AAC7E,MAAM,CAAC,MAAM,SAAS,GAAmB;IACvC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,oEAAoE;QACjF,OAAO,EACL,4IAA4I;QAC9I,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC;QAC9E,GAAG,EAAE,+GAA+G;QACpH,OAAO,EAAE,sHAAsH;QAC/H,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,cAAc,EAAE,mBAAmB,CAAC;KAClF;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,gGAAgG;QAClG,OAAO,EACL,8GAA8G;QAChH,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC;QAC/F,GAAG,EAAE,8IAA8I;QACnJ,OAAO,EAAE,sIAAsI;QAC/I,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,oEAAoE;QACtE,OAAO,EACL,2GAA2G;QAC7G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,uJAAuJ;QAC5J,OAAO,EAAE,2HAA2H;QACpI,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,kEAAkE;QACpE,OAAO,EACL,yGAAyG;QAC3G,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,GAAG,EAAE,2IAA2I;QAChJ,OAAO,EAAE,4GAA4G;QACrH,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,+GAA+G;QACjH,OAAO,EACL,iNAAiN;QACnN,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC;QAC9E,GAAG,EAAE,6MAA6M;QAClN,OAAO,EAAE,oKAAoK;QAC7K,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,EAAE,mBAAmB,CAAC;KACpE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EAAE,wFAAwF;QACrG,OAAO,EACL,yLAAyL;QAC3L,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC;QACvF,GAAG,EAAE,0MAA0M;QAC/M,OAAO,EAAE,wHAAwH;QACjI,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,oFAAoF;QACtF,OAAO,EAAE,yEAAyE;QAClF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,MAAM,CAAC;QAC/C,GAAG,EAAE,qIAAqI;QAC1I,6FAA6F;QAC7F,OAAO,EAAE,qJAAqJ,GAAG,+CAA+C;QAChN,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,kHAAkH;QACpH,OAAO,EACL,qEAAqE;QACvE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,mKAAmK;QACxK,OAAO,EAAE,sHAAsH;QAC/H,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,8DAA8D;QAChE,OAAO,EACL,oGAAoG;QACtG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iIAAiI;QACtI,OAAO,EAAE,+JAA+J;QACxK,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,qGAAqG;QACvG,OAAO,EAAE,eAAe;QACxB,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC;QAChE,GAAG,EAAE,mHAAmH;QACxH,OAAO,EAAE,4IAA4I,GAAG,6DAA6D;QACrN,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,yCAAyC;QAChD,WAAW,EACT,8FAA8F;QAChG,OAAO,EAAE,uBAAuB;QAChC,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,8FAA8F;QACnG,OAAO,EAAE,sGAAsG;KAChH;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,0BAA0B;QACjC,WAAW,EACT,8FAA8F;QAChG,OAAO,EACL,6EAA6E;QAC/E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC;QAC9E,GAAG,EAAE,gKAAgK;QACrK,OAAO,EAAE,6IAA6I;KACvJ;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,2FAA2F;QAC7F,OAAO,EACL,+IAA+I;QACjJ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC;QAC9E,GAAG,EAAE,gHAAgH;QACrH,OAAO,EAAE,yGAAyG;QAClH,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,6DAA6D;QAC1E,OAAO,EACL,qFAAqF;QACvF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,GAAG,EAAE,uEAAuE;QAC5E,OAAO,EAAE,uFAAuF;KACjG;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,gDAAgD;QAC7D,OAAO,EAAE,yCAAyC;QAClD,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oEAAoE;QACzE,OAAO,EAAE,sFAAsF;KAChG;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EACT,6FAA6F;QAC/F,OAAO,EACL,kEAAkE;QACpE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC;QAC9E,GAAG,EAAE,kFAAkF;QACvF,OAAO,EAAE,mKAAmK;QAC5K,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,mBAAmB,CAAC;KACtF;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE,4CAA4C;QACzD,OAAO,EAAE,+CAA+C;QACxD,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,+EAA+E;QACpF,OAAO,EAAE,0FAA0F;QACnG,UAAU,EAAE,CAAC,YAAY,EAAE,cAAc,CAAC;KAC3C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,iEAAiE;QACnE,OAAO,EAAE,mDAAmD;QAC5D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,GAAG,EAAE,4EAA4E;QACjF,OAAO,EAAE,mKAAmK;QAC5K,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,2BAA2B;QAClC,WAAW,EACT,yEAAyE;QAC3E,OAAO,EACL,mGAAmG;QACrG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC;QAC9E,GAAG,EAAE,2EAA2E;QAChF,OAAO,EAAE,oHAAoH;QAC7H,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,WAAW;QACjB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,eAAe;QACtB,WAAW,EACT,oFAAoF;QACtF,OAAO,EACL,4HAA4H;QAC9H,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC;QAC9E,GAAG,EAAE,+EAA+E;QACpF,OAAO,EAAE,qLAAqL;QAC9L,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,0DAA0D;QACvE,OAAO,EACL,+FAA+F;QACjG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,+EAA+E;QACpF,OAAO,EAAE,mHAAmH;QAC5H,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,wDAAwD;QACrE,OAAO,EACL,yGAAyG;QAC3G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,yFAAyF;QAC9F,OAAO,EAAE,wLAAwL;QACjM,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,qDAAqD;QAClE,OAAO,EACL,iIAAiI;QACnI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC;QAC9E,GAAG,EAAE,gGAAgG;QACrG,OAAO,EAAE,yJAAyJ;QAClK,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,kFAAkF;QACpF,OAAO,EACL,sFAAsF;QACxF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oHAAoH;QACzH,OAAO,EAAE,2NAA2N;QACpO,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;CACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/data/rules/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/data/rules/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAU/C,eAAO,MAAM,UAAU,qCAStB,CAAC"}
|
|
@@ -5,6 +5,7 @@ import { phpRules } from "./php.js";
|
|
|
5
5
|
import { rubyRules } from "./ruby.js";
|
|
6
6
|
import { dockerfileRules } from "./dockerfile.js";
|
|
7
7
|
import { cicdRules } from "./cicd.js";
|
|
8
|
+
import { terraformRules } from "./terraform.js";
|
|
8
9
|
export const owaspRules = [
|
|
9
10
|
...coreRules,
|
|
10
11
|
...goRules,
|
|
@@ -13,5 +14,6 @@ export const owaspRules = [
|
|
|
13
14
|
...rubyRules,
|
|
14
15
|
...dockerfileRules,
|
|
15
16
|
...cicdRules,
|
|
17
|
+
...terraformRules,
|
|
16
18
|
];
|
|
17
19
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/data/rules/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACpC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/data/rules/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACpC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAEhD,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,GAAG,SAAS;IACZ,GAAG,OAAO;IACV,GAAG,SAAS;IACZ,GAAG,QAAQ;IACX,GAAG,SAAS;IACZ,GAAG,eAAe;IAClB,GAAG,SAAS;IACZ,GAAG,cAAc;CAClB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"terraform.d.ts","sourceRoot":"","sources":["../../../src/data/rules/terraform.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/C,eAAO,MAAM,cAAc,EAAE,YAAY,EA6DxC,CAAC"}
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
export const terraformRules = [
|
|
2
|
+
{
|
|
3
|
+
id: "VG300",
|
|
4
|
+
name: "Public S3 bucket",
|
|
5
|
+
severity: "critical",
|
|
6
|
+
owasp: "A01:2025 Broken Access Control",
|
|
7
|
+
description: "S3 bucket configured with public access. This exposes data to the entire internet.",
|
|
8
|
+
pattern: /(?:acl\s*=\s*["']public|public_access_block_configuration[\s\S]*?block_public_acls\s*=\s*false)/gi,
|
|
9
|
+
languages: ["terraform"],
|
|
10
|
+
fix: "Set ACL to private and enable public access blocking.",
|
|
11
|
+
fixCode: 'resource "aws_s3_bucket" "example" {\n bucket = "my-bucket"\n}\n\nresource "aws_s3_bucket_public_access_block" "example" {\n bucket = aws_s3_bucket.example.id\n block_public_acls = true\n block_public_policy = true\n}',
|
|
12
|
+
compliance: ["SOC2:CC6.1", "PCI-DSS:Req3.4", "HIPAA:§164.312(a)"],
|
|
13
|
+
},
|
|
14
|
+
{
|
|
15
|
+
id: "VG301",
|
|
16
|
+
name: "Open security group ingress",
|
|
17
|
+
severity: "critical",
|
|
18
|
+
owasp: "A05:2025 Security Misconfiguration",
|
|
19
|
+
description: "Security group allows inbound traffic from 0.0.0.0/0 (entire internet).",
|
|
20
|
+
pattern: /cidr_blocks\s*=\s*\[?\s*["']0\.0\.0\.0\/0["']/gi,
|
|
21
|
+
languages: ["terraform"],
|
|
22
|
+
fix: "Restrict cidr_blocks to specific IP ranges needed for access.",
|
|
23
|
+
fixCode: 'ingress {\n from_port = 443\n to_port = 443\n protocol = "tcp"\n cidr_blocks = ["10.0.0.0/8"] # Internal only\n}',
|
|
24
|
+
compliance: ["SOC2:CC6.6", "PCI-DSS:Req6.5.10"],
|
|
25
|
+
},
|
|
26
|
+
{
|
|
27
|
+
id: "VG302",
|
|
28
|
+
name: "Unencrypted RDS instance",
|
|
29
|
+
severity: "high",
|
|
30
|
+
owasp: "A02:2025 Cryptographic Failures",
|
|
31
|
+
description: "RDS database instance without storage encryption. Data at rest is unprotected.",
|
|
32
|
+
pattern: /resource\s*["']aws_db_instance["'][^{]*\{[^}]*storage_encrypted\s*=\s*false/gi,
|
|
33
|
+
languages: ["terraform"],
|
|
34
|
+
fix: "Add storage_encrypted = true to all RDS instances.",
|
|
35
|
+
fixCode: 'resource "aws_db_instance" "example" {\n storage_encrypted = true\n # ...\n}',
|
|
36
|
+
compliance: ["SOC2:CC6.1", "PCI-DSS:Req3.4", "HIPAA:§164.312(a)"],
|
|
37
|
+
},
|
|
38
|
+
{
|
|
39
|
+
id: "VG303",
|
|
40
|
+
name: "IAM wildcard policy",
|
|
41
|
+
severity: "critical",
|
|
42
|
+
owasp: "A01:2025 Broken Access Control",
|
|
43
|
+
description: "IAM policy with wildcard (*) Action or Resource grants excessive permissions.",
|
|
44
|
+
pattern: /(?:Action|Resource)\s*=\s*["']\*["']/gi,
|
|
45
|
+
languages: ["terraform"],
|
|
46
|
+
fix: "Follow least-privilege: specify exact actions and resources needed.",
|
|
47
|
+
fixCode: 'statement {\n actions = ["s3:GetObject", "s3:PutObject"]\n resources = ["arn:aws:s3:::my-bucket/*"]\n}',
|
|
48
|
+
compliance: ["SOC2:CC6.1", "PCI-DSS:Req8"],
|
|
49
|
+
},
|
|
50
|
+
{
|
|
51
|
+
id: "VG304",
|
|
52
|
+
name: "Hardcoded secrets in Terraform",
|
|
53
|
+
severity: "critical",
|
|
54
|
+
owasp: "A01:2025 Broken Access Control",
|
|
55
|
+
description: "Secrets or credentials hardcoded in Terraform configuration files.",
|
|
56
|
+
pattern: /(?:password|secret_key|access_key|api_key|token)\s*=\s*["'][^"']{8,}["']/gi,
|
|
57
|
+
languages: ["terraform"],
|
|
58
|
+
fix: "Use Terraform variables with sensitive = true or reference a secrets manager.",
|
|
59
|
+
fixCode: 'variable "db_password" {\n type = string\n sensitive = true\n}\n\nresource "aws_db_instance" "example" {\n password = var.db_password\n}',
|
|
60
|
+
compliance: ["SOC2:CC6.1", "PCI-DSS:Req2.3", "HIPAA:§164.312(a)"],
|
|
61
|
+
},
|
|
62
|
+
];
|
|
63
|
+
//# sourceMappingURL=terraform.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"terraform.js","sourceRoot":"","sources":["../../../src/data/rules/terraform.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,cAAc,GAAmB;IAC5C;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,oFAAoF;QACjG,OAAO,EAAE,mGAAmG;QAC5G,SAAS,EAAE,CAAC,WAAW,CAAC;QACxB,GAAG,EAAE,uDAAuD;QAC5D,OAAO,EAAE,+NAA+N;QACxO,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,yEAAyE;QACtF,OAAO,EAAE,iDAAiD;QAC1D,SAAS,EAAE,CAAC,WAAW,CAAC;QACxB,GAAG,EAAE,+DAA+D;QACpE,OAAO,EAAE,gIAAgI;QACzI,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,iCAAiC;QACxC,WAAW,EAAE,gFAAgF;QAC7F,OAAO,EAAE,+EAA+E;QACxF,SAAS,EAAE,CAAC,WAAW,CAAC;QACxB,GAAG,EAAE,oDAAoD;QACzD,OAAO,EAAE,gFAAgF;QACzF,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,+EAA+E;QAC5F,OAAO,EAAE,wCAAwC;QACjD,SAAS,EAAE,CAAC,WAAW,CAAC;QACxB,GAAG,EAAE,qEAAqE;QAC1E,OAAO,EAAE,4GAA4G;QACrH,UAAU,EAAE,CAAC,YAAY,EAAE,cAAc,CAAC;KAC3C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,gCAAgC;QACtC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,oEAAoE;QACjF,OAAO,EAAE,4EAA4E;QACrF,SAAS,EAAE,CAAC,WAAW,CAAC;QACxB,GAAG,EAAE,+EAA+E;QACpF,OAAO,EAAE,kJAAkJ;QAC3J,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;CACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/data/rules/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IAC1D,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/data/rules/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IAC1D,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB"}
|
package/build/index.js
CHANGED
|
@@ -10,15 +10,17 @@ import { scanDirectory } from "./tools/scan-directory.js";
|
|
|
10
10
|
import { scanDependencies } from "./tools/scan-dependencies.js";
|
|
11
11
|
import { scanSecrets } from "./tools/scan-secrets.js";
|
|
12
12
|
import { scanStaged } from "./tools/scan-staged.js";
|
|
13
|
+
import { complianceReport } from "./tools/compliance-report.js";
|
|
14
|
+
import { exportSarif } from "./tools/export-sarif.js";
|
|
13
15
|
const server = new McpServer({
|
|
14
16
|
name: "guardvibe",
|
|
15
|
-
version: "0.
|
|
17
|
+
version: "0.6.0",
|
|
16
18
|
});
|
|
17
19
|
// Tool 1: Analyze code for security vulnerabilities
|
|
18
20
|
server.tool("check_code", "Analyze code for security vulnerabilities (OWASP Top 10, XSS, SQL injection, insecure patterns). Use this when reviewing or writing code to catch security issues early.", {
|
|
19
21
|
code: z.string().describe("The code snippet to analyze"),
|
|
20
22
|
language: z
|
|
21
|
-
.enum(["javascript", "typescript", "python", "go", "java", "php", "ruby", "dockerfile", "html", "sql", "shell", "yaml"])
|
|
23
|
+
.enum(["javascript", "typescript", "python", "go", "java", "php", "ruby", "dockerfile", "html", "sql", "shell", "yaml", "terraform"])
|
|
22
24
|
.describe("Programming language of the code"),
|
|
23
25
|
framework: z
|
|
24
26
|
.string()
|
|
@@ -111,6 +113,21 @@ server.tool("scan_staged", "Scan git-staged files for security vulnerabilities b
|
|
|
111
113
|
const results = scanStaged();
|
|
112
114
|
return { content: [{ type: "text", text: results }] };
|
|
113
115
|
});
|
|
116
|
+
// Tool 9: Generate compliance-focused security report
|
|
117
|
+
server.tool("compliance_report", "Generate a compliance-focused security report mapped to SOC2, PCI-DSS, or HIPAA controls. Scans a directory and groups findings by compliance control.", {
|
|
118
|
+
path: z.string().describe("Directory to scan"),
|
|
119
|
+
framework: z.enum(["SOC2", "PCI-DSS", "HIPAA", "all"]).describe("Compliance framework"),
|
|
120
|
+
}, async ({ path, framework }) => {
|
|
121
|
+
const results = complianceReport(path, framework);
|
|
122
|
+
return { content: [{ type: "text", text: results }] };
|
|
123
|
+
});
|
|
124
|
+
// Tool 10: Export scan results in SARIF v2.1.0 format
|
|
125
|
+
server.tool("export_sarif", "Scan a directory and export results in SARIF v2.1.0 format for CI/CD integration (GitHub, GitLab, Azure DevOps). Returns JSON string.", {
|
|
126
|
+
path: z.string().describe("Directory to scan"),
|
|
127
|
+
}, async ({ path }) => {
|
|
128
|
+
const results = exportSarif(path);
|
|
129
|
+
return { content: [{ type: "text", text: results }] };
|
|
130
|
+
});
|
|
114
131
|
async function main() {
|
|
115
132
|
const transport = new StdioServerTransport();
|
|
116
133
|
await server.connect(transport);
|
package/build/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAEtD,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;IAC3B,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,OAAO;CACjB,CAAC,CAAC;AAEH,oDAAoD;AACpD,MAAM,CAAC,IAAI,CACT,YAAY,EACZ,0KAA0K,EAC1K;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;IACxD,QAAQ,EAAE,CAAC;SACR,IAAI,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;SACpI,QAAQ,CAAC,kCAAkC,CAAC;IAC/C,SAAS,EAAE,CAAC;SACT,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,kEAAkE,CAAC;CAChF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE;IACtC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IACrD,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,2DAA2D;AAC3D,MAAM,CAAC,IAAI,CACT,eAAe,EACf,iKAAiK,EACjK;IACE,KAAK,EAAE,CAAC;SACL,KAAK,CACJ,CAAC,CAAC,MAAM,CAAC;QACP,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;QACjE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;KACjD,CAAC,CACH;SACA,QAAQ,CAAC,0CAA0C,CAAC;CACxD,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;IAClB,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IACpC,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,iFAAiF;AACjF,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,8IAA8I,EAC9I;IACE,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,QAAQ,CACP,mIAAmI,CACpI;CACJ,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;IAClB,MAAM,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACpC,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;KACxC,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,uDAAuD;AACvD,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;IACxE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC9D,SAAS,EAAE,CAAC;SACT,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;SACtE,OAAO,CAAC,KAAK,CAAC;SACd,QAAQ,CAAC,mBAAmB,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,IAAI,CACT,oBAAoB,EACpB,gKAAgK,EAChK;IACE,QAAQ,EAAE,CAAC,CAAC,UAAU,CACpB,CAAC,GAAG,EAAE,EAAE;QACN,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,EACD,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CACvB,CAAC,QAAQ,CAAC,yDAAyD,CAAC;CACtE,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;IACrB,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAClD,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,0EAA0E;AAC1E,MAAM,CAAC,IAAI,CACT,gBAAgB,EAChB,gMAAgM,EAChM;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IACvE,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAC/E,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,mCAAmC,CAAC;CAClG,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE;IACrC,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IACxD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,gEAAgE;AAChE,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,0LAA0L,EAC1L;IACE,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2EAA2E,CAAC;CAChH,EACD,KAAK,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE;IAC1B,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,aAAa,CAAC,CAAC;IACtD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,6DAA6D;AAC7D,MAAM,CAAC,IAAI,CACT,cAAc,EACd,mKAAmK,EACnK;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC3D,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;CAChF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE;IAC5B,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAC7C,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,kDAAkD;AAClD,MAAM,CAAC,IAAI,CACT,aAAa,EACb,+KAA+K,EAC/K,EAAE,EACF,KAAK,IAAI,EAAE;IACT,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,sDAAsD;AACtD,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,wJAAwJ,EACxJ;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IAC9C,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,sBAAsB,CAAC;CACxF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE;IAC5B,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAClD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,sDAAsD;AACtD,MAAM,CAAC,IAAI,CACT,cAAc,EACd,uIAAuI,EACvI;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;CAC/C,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;IACjB,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAClC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;AAClE,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check-code.d.ts","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,KAAK,YAAY,EAAE,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"check-code.d.ts","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,KAAK,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAGvE,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,YAAY,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd;AAgCD,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,EAAE,CAsCX;AAED,wBAAgB,SAAS,CACvB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,GAChB,MAAM,CAQR"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { owaspRules } from "../data/rules/index.js";
|
|
2
|
+
import { loadConfig } from "../utils/config.js";
|
|
2
3
|
function parseSuppressionsFromCode(lines) {
|
|
3
4
|
const suppressions = [];
|
|
4
5
|
const pattern = /(?:\/\/|#|<!--)\s*guardvibe-ignore(?:-next-line)?\s*(VG\d+)?\s*(?:-->)?/i;
|
|
@@ -21,18 +22,26 @@ function isLineSuppressed(suppressions, line, ruleId) {
|
|
|
21
22
|
return suppressions.some(s => s.line === line && (s.ruleId === null || s.ruleId === ruleId));
|
|
22
23
|
}
|
|
23
24
|
export function analyzeCode(code, language, framework, filePath) {
|
|
25
|
+
const config = loadConfig();
|
|
24
26
|
const findings = [];
|
|
25
27
|
const lines = code.split("\n");
|
|
26
28
|
const suppressions = parseSuppressionsFromCode(lines);
|
|
27
29
|
for (const rule of owaspRules) {
|
|
28
30
|
if (!rule.languages.includes(language))
|
|
29
31
|
continue;
|
|
32
|
+
// Config: skip disabled rules
|
|
33
|
+
if (config.rules.disable.includes(rule.id))
|
|
34
|
+
continue;
|
|
30
35
|
// Skip CI/CD rules unless file is in .github/workflows
|
|
31
36
|
if (rule.id.startsWith("VG21") && filePath && !filePath.includes(".github/workflows"))
|
|
32
37
|
continue;
|
|
33
38
|
if (rule.id.startsWith("VG21") && !filePath)
|
|
34
39
|
continue; // CI rules need filePath
|
|
35
40
|
rule.pattern.lastIndex = 0;
|
|
41
|
+
// Apply severity override from config
|
|
42
|
+
const effectiveRule = config.rules.severity[rule.id]
|
|
43
|
+
? { ...rule, severity: config.rules.severity[rule.id] }
|
|
44
|
+
: rule;
|
|
36
45
|
let match;
|
|
37
46
|
while ((match = rule.pattern.exec(code)) !== null) {
|
|
38
47
|
const beforeMatch = code.substring(0, match.index);
|
|
@@ -40,7 +49,7 @@ export function analyzeCode(code, language, framework, filePath) {
|
|
|
40
49
|
if (isLineSuppressed(suppressions, lineNumber, rule.id))
|
|
41
50
|
continue;
|
|
42
51
|
findings.push({
|
|
43
|
-
rule,
|
|
52
|
+
rule: effectiveRule,
|
|
44
53
|
match: match[0].substring(0, 80),
|
|
45
54
|
line: lineNumber,
|
|
46
55
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check-code.js","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAqB,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"check-code.js","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAqB,MAAM,wBAAwB,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAahD,SAAS,yBAAyB,CAAC,KAAe;IAChD,MAAM,YAAY,GAAkB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,0EAA0E,CAAC;IAE3F,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACrC,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAChC,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAC;QAEnE,IAAI,UAAU,EAAE,CAAC;YACf,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACtE,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACtE,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,gBAAgB,CAAC,YAA2B,EAAE,IAAY,EAAE,MAAc;IACjF,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,MAAM,KAAK,IAAI,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC;AAC/F,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,IAAY,EACZ,QAAgB,EAChB,SAAkB,EAClB,QAAiB;IAEjB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,YAAY,GAAG,yBAAyB,CAAC,KAAK,CAAC,CAAC;IAEtD,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEjD,8BAA8B;QAC9B,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAAE,SAAS;QAErD,uDAAuD;QACvD,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,QAAQ,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAAE,SAAS;QAChG,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ;YAAE,SAAS,CAAC,yBAAyB;QAChF,IAAI,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAE3B,sCAAsC;QACtC,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAClD,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAQ,EAAE;YAC9D,CAAC,CAAC,IAAI,CAAC;QAET,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAClD,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACnD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAElD,IAAI,gBAAgB,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,CAAC,EAAE,CAAC;gBAAE,SAAS;YAElE,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,aAAa;gBACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;gBAChC,IAAI,EAAE,UAAU;aACjB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,SAAS,CACvB,IAAY,EACZ,QAAgB,EAChB,SAAkB,EAClB,QAAiB;IAEjB,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IAElE,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,iBAAiB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB,EAAE,SAAkB;IAC7D,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,KAAK,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/C,OAAO;QACL,6BAA6B;QAC7B,EAAE;QACF,iBAAiB,QAAQ,GAAG,GAAG,EAAE;QACjC,yCAAyC;QACzC,EAAE;QACF,mDAAmD;QACnD,6CAA6C;QAC7C,mDAAmD;QACnD,yCAAyC;QACzC,sCAAsC;KACvC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CACnB,QAAmB,EACnB,QAAgB,EAChB,SAAkB;IAElB,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,KAAK,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAE/C,oBAAoB;IACpB,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAE3E,4BAA4B;IAC5B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAqB,CAAC;IAC7C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,CAAC,EAAE,SAAS,CAAC,EAAE,EAAE;QACvF,OAAO,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC/F,CAAC,CAAC,CAAC;IAEH,+EAA+E;IAC/E,MAAM,WAAW,GAAG,QAAQ,CAAC;IAC7B,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACvF,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC/E,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IAEnF,MAAM,KAAK,GAAG;QACZ,6BAA6B;QAC7B,EAAE;QACF,iBAAiB,QAAQ,GAAG,GAAG,EAAE;QACjC,qBAAqB,WAAW,CAAC,MAAM,EAAE;QACzC,kBAAkB,aAAa,cAAc,SAAS,UAAU,WAAW,SAAS;QACpF,EAAE;QACF,KAAK;QACL,EAAE;KACH,CAAC;IAEF,KAAK,MAAM,CAAC,EAAE,aAAa,CAAC,IAAI,YAAY,EAAE,CAAC;QAC7C,MAAM,KAAK,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,IAAI,GACR,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU;YAChC,CAAC,CAAC,UAAU;YACZ,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM;gBAC9B,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ;oBAChC,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,KAAK,CAAC;QAEhB,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnE,KAAK,CAAC,IAAI,CACR,OAAO,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG,EACpD,EAAE,EACF,cAAc,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAChC,oBAAoB,aAAa,CAAC,MAAM,YAAY,QAAQ,GAAG,EAC/D,wBAAwB,KAAK,CAAC,KAAK,IAAI,EACvC,EAAE,EACF,KAAK,CAAC,IAAI,CAAC,WAAW,EACtB,EAAE,EACF,YAAY,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,EAC5B,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAC/F,EAAE,EACF,KAAK,EACL,EAAE,CACH,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,oCAAoC;YACpC,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;gBACpC,KAAK,CAAC,IAAI,CACR,OAAO,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EACxD,EAAE,EACF,cAAc,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,EAClC,cAAc,OAAO,CAAC,IAAI,EAAE,EAC5B,gBAAgB,OAAO,CAAC,KAAK,IAAI,EACjC,EAAE,EACF,OAAO,CAAC,IAAI,CAAC,WAAW,EACxB,EAAE,EACF,YAAY,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,EAC9B,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EACnG,EAAE,EACF,KAAK,EACL,EAAE,CACH,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check-project.d.ts","sourceRoot":"","sources":["../../src/tools/check-project.ts"],"names":[],"mappings":"AAEA,UAAU,SAAS;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;
|
|
1
|
+
{"version":3,"file":"check-project.d.ts","sourceRoot":"","sources":["../../src/tools/check-project.ts"],"names":[],"mappings":"AAEA,UAAU,SAAS;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAgDD,wBAAgB,YAAY,CAAC,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,CAkJvD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check-project.js","sourceRoot":"","sources":["../../src/tools/check-project.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAgB,MAAM,iBAAiB,CAAC;AAY5D,MAAM,YAAY,GAA2B;IAC3C,KAAK,EAAE,YAAY;IACnB,MAAM,EAAE,YAAY;IACpB,KAAK,EAAE,YAAY;IACnB,MAAM,EAAE,YAAY;IACpB,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,IAAI;IACX,OAAO,EAAE,MAAM;IACf,MAAM,EAAE,KAAK;IACb,KAAK,EAAE,MAAM;IACb,OAAO,EAAE,MAAM;IACf,MAAM,EAAE,KAAK;IACb,KAAK,EAAE,OAAO;IACd,OAAO,EAAE,OAAO;IAChB,aAAa,EAAE,YAAY;IAC3B,MAAM,EAAE,MAAM;IACd,OAAO,EAAE,MAAM;
|
|
1
|
+
{"version":3,"file":"check-project.js","sourceRoot":"","sources":["../../src/tools/check-project.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAgB,MAAM,iBAAiB,CAAC;AAY5D,MAAM,YAAY,GAA2B;IAC3C,KAAK,EAAE,YAAY;IACnB,MAAM,EAAE,YAAY;IACpB,KAAK,EAAE,YAAY;IACnB,MAAM,EAAE,YAAY;IACpB,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,IAAI;IACX,OAAO,EAAE,MAAM;IACf,MAAM,EAAE,KAAK;IACb,KAAK,EAAE,MAAM;IACb,OAAO,EAAE,MAAM;IACf,MAAM,EAAE,KAAK;IACb,KAAK,EAAE,OAAO;IACd,OAAO,EAAE,OAAO;IAChB,aAAa,EAAE,YAAY;IAC3B,MAAM,EAAE,MAAM;IACd,OAAO,EAAE,MAAM;IACf,KAAK,EAAE,WAAW;CACnB,CAAC;AAEF,SAAS,cAAc,CAAC,QAAgB;IACtC,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;IACjD,IAAI,QAAQ,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QAC1E,OAAO,YAAY,CAAC;IACtB,CAAC;IACD,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;IAC3D,OAAO,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;AAChD,CAAC;AAED,SAAS,cAAc,CAAC,QAAgB,EAAE,IAAY,EAAE,MAAc;IACpE,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,QAAQ,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE,GAAG,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;AAClF,CAAC;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,KAAkB;IAC7C,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,SAAS;QACX,CAAC;QACD,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3E,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;IACxD,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACvD,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACvF,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC/E,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IACnF,MAAM,WAAW,GAAG,aAAa,GAAG,SAAS,GAAG,WAAW,CAAC;IAC5D,MAAM,KAAK,GAAG,cAAc,CAAC,aAAa,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IACpE,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IAElC,MAAM,KAAK,GAAa;QACtB,qCAAqC;QACrC,EAAE;QACF,kBAAkB,YAAY,EAAE;QAChC,iBAAiB,WAAW,EAAE;QAC9B,mBAAmB,KAAK,KAAK,KAAK,OAAO;QACzC,EAAE;KACH,CAAC;IAEF,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACnC,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACnC,IAAI,aAAa,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,aAAa,QAAQ,CAAC,CAAC;QACzE,IAAI,SAAS,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,SAAS,QAAQ,CAAC,CAAC;QACjE,IAAI,WAAW,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,WAAW,QAAQ,CAAC,CAAC;QACrE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,gCAAgC;QAChC,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QACnG,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CACtC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACrB,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ;YACzB,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE;YAC3C,IAAI,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,GAAG;SACtF,CAAC,CAAC,CACJ,CAAC;QACF,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;QAE5C,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YAC5B,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACpC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;gBACxB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YACxC,CAAC,CAAC,CAAC;YACH,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAEtB,mBAAmB;QACnB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,MAAM,cAAc,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;YACzC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,KAAK,cAAc,UAAU,EAAE,EAAE,CAAC,CAAC;YAEhE,2DAA2D;YAC3D,MAAM,OAAO,GAAG,IAAI,GAAG,EAAqB,CAAC;YAC7C,KAAK,MAAM,OAAO,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;gBACjC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC9C,IAAI,QAAQ,EAAE,CAAC;oBACb,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACzB,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;gBAC1C,CAAC;YACH,CAAC;YAED,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,CAAC,EAAE,SAAS,CAAC,EAAE,EAAE;gBACvF,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;YAC/G,CAAC,CAAC,CAAC;YAEH,KAAK,MAAM,CAAC,EAAE,aAAa,CAAC,IAAI,YAAY,EAAE,CAAC;gBAC7C,MAAM,KAAK,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;gBAC/B,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;gBAE/C,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC7B,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACnE,KAAK,CAAC,IAAI,CACR,OAAO,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG,EACpD,EAAE,EACF,cAAc,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAChC,oBAAoB,aAAa,CAAC,MAAM,YAAY,QAAQ,GAAG,EAC/D,wBAAwB,KAAK,CAAC,KAAK,IAAI,EACvC,EAAE,EACF,KAAK,CAAC,IAAI,CAAC,WAAW,EACtB,EAAE,EACF,YAAY,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,EAC5B,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAC/F,EAAE,EACF,KAAK,EACL,EAAE,CACH,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;wBACpC,KAAK,CAAC,IAAI,CACR,OAAO,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EACxD,EAAE,EACF,cAAc,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,EAClC,cAAc,OAAO,CAAC,IAAI,EAAE,EAC5B,gBAAgB,OAAO,CAAC,KAAK,IAAI,EACjC,EAAE,EACF,OAAO,CAAC,IAAI,CAAC,WAAW,EACxB,EAAE,EACF,YAAY,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,EAC9B,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EACnG,EAAE,EACF,KAAK,EACL,EAAE,CACH,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CACR,oBAAoB,EACpB,EAAE,EACF,OAAO,YAAY,2CAA2C,EAC9D,EAAE,EACF,0BAA0B,EAC1B,6BAA6B,EAC7B,wCAAwC,EACxC,yCAAyC,EACzC,sCAAsC,CACvC,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,YAAY,YAAY,CAAC,MAAM,sCAAsC,CAAC,CAAC;IACxF,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"compliance-report.d.ts","sourceRoot":"","sources":["../../src/tools/compliance-report.ts"],"names":[],"mappings":"AAoCA,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAkFxE"}
|