guardvibe 0.6.0 → 0.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/cli.js +0 -0
- package/build/index.js +1 -1
- package/build/tools/check-code.d.ts +2 -2
- package/build/tools/check-code.d.ts.map +1 -1
- package/build/tools/check-code.js +4 -4
- package/build/tools/check-code.js.map +1 -1
- package/build/tools/compliance-report.d.ts.map +1 -1
- package/build/tools/compliance-report.js +4 -3
- package/build/tools/compliance-report.js.map +1 -1
- package/build/tools/export-sarif.d.ts.map +1 -1
- package/build/tools/export-sarif.js +5 -4
- package/build/tools/export-sarif.js.map +1 -1
- package/build/tools/scan-directory.d.ts.map +1 -1
- package/build/tools/scan-directory.js +4 -3
- package/build/tools/scan-directory.js.map +1 -1
- package/build/tools/scan-secrets.d.ts.map +1 -1
- package/build/tools/scan-secrets.js +32 -14
- package/build/tools/scan-secrets.js.map +1 -1
- package/build/tools/scan-staged.d.ts +1 -1
- package/build/tools/scan-staged.d.ts.map +1 -1
- package/build/tools/scan-staged.js +11 -8
- package/build/tools/scan-staged.js.map +1 -1
- package/build/utils/config.d.ts.map +1 -1
- package/build/utils/config.js +17 -7
- package/build/utils/config.js.map +1 -1
- package/build/utils/manifest-parser.d.ts.map +1 -1
- package/build/utils/manifest-parser.js +45 -22
- package/build/utils/manifest-parser.js.map +1 -1
- package/build/utils/osv-client.d.ts +4 -0
- package/build/utils/osv-client.d.ts.map +1 -1
- package/build/utils/osv-client.js +42 -9
- package/build/utils/osv-client.js.map +1 -1
- package/package.json +3 -2
package/build/cli.js
CHANGED
|
File without changes
|
package/build/index.js
CHANGED
|
@@ -14,7 +14,7 @@ import { complianceReport } from "./tools/compliance-report.js";
|
|
|
14
14
|
import { exportSarif } from "./tools/export-sarif.js";
|
|
15
15
|
const server = new McpServer({
|
|
16
16
|
name: "guardvibe",
|
|
17
|
-
version: "0.6.
|
|
17
|
+
version: "0.6.2",
|
|
18
18
|
});
|
|
19
19
|
// Tool 1: Analyze code for security vulnerabilities
|
|
20
20
|
server.tool("check_code", "Analyze code for security vulnerabilities (OWASP Top 10, XSS, SQL injection, insecure patterns). Use this when reviewing or writing code to catch security issues early.", {
|
|
@@ -4,6 +4,6 @@ export interface Finding {
|
|
|
4
4
|
match: string;
|
|
5
5
|
line: number;
|
|
6
6
|
}
|
|
7
|
-
export declare function analyzeCode(code: string, language: string, framework?: string, filePath?: string): Finding[];
|
|
8
|
-
export declare function checkCode(code: string, language: string, framework?: string, filePath?: string): string;
|
|
7
|
+
export declare function analyzeCode(code: string, language: string, framework?: string, filePath?: string, configDir?: string): Finding[];
|
|
8
|
+
export declare function checkCode(code: string, language: string, framework?: string, filePath?: string, configDir?: string): string;
|
|
9
9
|
//# sourceMappingURL=check-code.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check-code.d.ts","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,KAAK,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAGvE,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,YAAY,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd;AAgCD,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"check-code.d.ts","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,KAAK,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAGvE,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,YAAY,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd;AAgCD,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,EAAE,CAsCX;AAED,wBAAgB,SAAS,CACvB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,GACjB,MAAM,CAQR"}
|
|
@@ -21,8 +21,8 @@ function parseSuppressionsFromCode(lines) {
|
|
|
21
21
|
function isLineSuppressed(suppressions, line, ruleId) {
|
|
22
22
|
return suppressions.some(s => s.line === line && (s.ruleId === null || s.ruleId === ruleId));
|
|
23
23
|
}
|
|
24
|
-
export function analyzeCode(code, language, framework, filePath) {
|
|
25
|
-
const config = loadConfig();
|
|
24
|
+
export function analyzeCode(code, language, framework, filePath, configDir) {
|
|
25
|
+
const config = loadConfig(configDir);
|
|
26
26
|
const findings = [];
|
|
27
27
|
const lines = code.split("\n");
|
|
28
28
|
const suppressions = parseSuppressionsFromCode(lines);
|
|
@@ -57,8 +57,8 @@ export function analyzeCode(code, language, framework, filePath) {
|
|
|
57
57
|
}
|
|
58
58
|
return findings;
|
|
59
59
|
}
|
|
60
|
-
export function checkCode(code, language, framework, filePath) {
|
|
61
|
-
const findings = analyzeCode(code, language, framework, filePath);
|
|
60
|
+
export function checkCode(code, language, framework, filePath, configDir) {
|
|
61
|
+
const findings = analyzeCode(code, language, framework, filePath, configDir);
|
|
62
62
|
if (findings.length === 0) {
|
|
63
63
|
return formatCleanReport(language, framework);
|
|
64
64
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check-code.js","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAqB,MAAM,wBAAwB,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAahD,SAAS,yBAAyB,CAAC,KAAe;IAChD,MAAM,YAAY,GAAkB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,0EAA0E,CAAC;IAE3F,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACrC,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAChC,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAC;QAEnE,IAAI,UAAU,EAAE,CAAC;YACf,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACtE,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACtE,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,gBAAgB,CAAC,YAA2B,EAAE,IAAY,EAAE,MAAc;IACjF,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,MAAM,KAAK,IAAI,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC;AAC/F,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,IAAY,EACZ,QAAgB,EAChB,SAAkB,EAClB,QAAiB;
|
|
1
|
+
{"version":3,"file":"check-code.js","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAqB,MAAM,wBAAwB,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAahD,SAAS,yBAAyB,CAAC,KAAe;IAChD,MAAM,YAAY,GAAkB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,0EAA0E,CAAC;IAE3F,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACrC,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAChC,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAC;QAEnE,IAAI,UAAU,EAAE,CAAC;YACf,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACtE,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACtE,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,gBAAgB,CAAC,YAA2B,EAAE,IAAY,EAAE,MAAc;IACjF,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,MAAM,KAAK,IAAI,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC;AAC/F,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,IAAY,EACZ,QAAgB,EAChB,SAAkB,EAClB,QAAiB,EACjB,SAAkB;IAElB,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,YAAY,GAAG,yBAAyB,CAAC,KAAK,CAAC,CAAC;IAEtD,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEjD,8BAA8B;QAC9B,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAAE,SAAS;QAErD,uDAAuD;QACvD,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,QAAQ,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAAE,SAAS;QAChG,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ;YAAE,SAAS,CAAC,yBAAyB;QAChF,IAAI,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAE3B,sCAAsC;QACtC,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAClD,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAQ,EAAE;YAC9D,CAAC,CAAC,IAAI,CAAC;QAET,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAClD,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACnD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAElD,IAAI,gBAAgB,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,CAAC,EAAE,CAAC;gBAAE,SAAS;YAElE,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,aAAa;gBACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;gBAChC,IAAI,EAAE,UAAU;aACjB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,SAAS,CACvB,IAAY,EACZ,QAAgB,EAChB,SAAkB,EAClB,QAAiB,EACjB,SAAkB;IAElB,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAE7E,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,iBAAiB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB,EAAE,SAAkB;IAC7D,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,KAAK,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/C,OAAO;QACL,6BAA6B;QAC7B,EAAE;QACF,iBAAiB,QAAQ,GAAG,GAAG,EAAE;QACjC,yCAAyC;QACzC,EAAE;QACF,mDAAmD;QACnD,6CAA6C;QAC7C,mDAAmD;QACnD,yCAAyC;QACzC,sCAAsC;KACvC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CACnB,QAAmB,EACnB,QAAgB,EAChB,SAAkB;IAElB,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,KAAK,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAE/C,oBAAoB;IACpB,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAE3E,4BAA4B;IAC5B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAqB,CAAC;IAC7C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,CAAC,EAAE,SAAS,CAAC,EAAE,EAAE;QACvF,OAAO,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC/F,CAAC,CAAC,CAAC;IAEH,+EAA+E;IAC/E,MAAM,WAAW,GAAG,QAAQ,CAAC;IAC7B,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACvF,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC/E,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IAEnF,MAAM,KAAK,GAAG;QACZ,6BAA6B;QAC7B,EAAE;QACF,iBAAiB,QAAQ,GAAG,GAAG,EAAE;QACjC,qBAAqB,WAAW,CAAC,MAAM,EAAE;QACzC,kBAAkB,aAAa,cAAc,SAAS,UAAU,WAAW,SAAS;QACpF,EAAE;QACF,KAAK;QACL,EAAE;KACH,CAAC;IAEF,KAAK,MAAM,CAAC,EAAE,aAAa,CAAC,IAAI,YAAY,EAAE,CAAC;QAC7C,MAAM,KAAK,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,IAAI,GACR,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU;YAChC,CAAC,CAAC,UAAU;YACZ,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM;gBAC9B,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ;oBAChC,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,KAAK,CAAC;QAEhB,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnE,KAAK,CAAC,IAAI,CACR,OAAO,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG,EACpD,EAAE,EACF,cAAc,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAChC,oBAAoB,aAAa,CAAC,MAAM,YAAY,QAAQ,GAAG,EAC/D,wBAAwB,KAAK,CAAC,KAAK,IAAI,EACvC,EAAE,EACF,KAAK,CAAC,IAAI,CAAC,WAAW,EACtB,EAAE,EACF,YAAY,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,EAC5B,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAC/F,EAAE,EACF,KAAK,EACL,EAAE,CACH,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,oCAAoC;YACpC,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;gBACpC,KAAK,CAAC,IAAI,CACR,OAAO,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EACxD,EAAE,EACF,cAAc,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,EAClC,cAAc,OAAO,CAAC,IAAI,EAAE,EAC5B,gBAAgB,OAAO,CAAC,KAAK,IAAI,EACjC,EAAE,EACF,OAAO,CAAC,IAAI,CAAC,WAAW,EACxB,EAAE,EACF,YAAY,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,EAC9B,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EACnG,EAAE,EACF,KAAK,EACL,EAAE,CACH,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"compliance-report.d.ts","sourceRoot":"","sources":["../../src/tools/compliance-report.ts"],"names":[],"mappings":"AAoCA,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,
|
|
1
|
+
{"version":3,"file":"compliance-report.d.ts","sourceRoot":"","sources":["../../src/tools/compliance-report.ts"],"names":[],"mappings":"AAoCA,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAmFxE"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { readdirSync, readFileSync, statSync } from "fs";
|
|
2
|
-
import { join, extname, basename } from "path";
|
|
2
|
+
import { join, extname, basename, resolve } from "path";
|
|
3
3
|
import { analyzeCode } from "./check-code.js";
|
|
4
4
|
import { loadConfig } from "../utils/config.js";
|
|
5
5
|
const EXTENSION_MAP = {
|
|
@@ -38,7 +38,8 @@ function walkDir(dir, excludes, results) {
|
|
|
38
38
|
}
|
|
39
39
|
}
|
|
40
40
|
export function complianceReport(path, framework) {
|
|
41
|
-
const
|
|
41
|
+
const configDir = resolve(path);
|
|
42
|
+
const config = loadConfig(configDir);
|
|
42
43
|
const excludes = new Set([...DEFAULT_EXCLUDES, ...config.scan.exclude]);
|
|
43
44
|
const filePaths = [];
|
|
44
45
|
walkDir(path, excludes, filePaths);
|
|
@@ -56,7 +57,7 @@ export function complianceReport(path, framework) {
|
|
|
56
57
|
language = "dockerfile";
|
|
57
58
|
if (!language)
|
|
58
59
|
continue;
|
|
59
|
-
const findings = analyzeCode(content, language, undefined, filePath);
|
|
60
|
+
const findings = analyzeCode(content, language, undefined, filePath, configDir);
|
|
60
61
|
for (const f of findings) {
|
|
61
62
|
allFindings.push({ ...f, filePath });
|
|
62
63
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"compliance-report.js","sourceRoot":"","sources":["../../src/tools/compliance-report.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"compliance-report.js","sourceRoot":"","sources":["../../src/tools/compliance-report.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACxD,OAAO,EAAE,WAAW,EAAgB,MAAM,iBAAiB,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,MAAM,aAAa,GAA2B;IAC5C,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM;IAC7C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAC7C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;IAC/C,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW;CACpD,CAAC;AAEF,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa;IAChE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ;CACvC,CAAC,CAAC;AAEH,SAAS,OAAO,CAAC,GAAW,EAAE,QAAqB,EAAE,OAAiB;IACpE,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QAAC,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO;IAAC,CAAC;IAC9E,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,OAAO,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9C,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC9D,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAAY,EAAE,SAAiB;IAC9D,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChC,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,gBAAgB,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IACxE,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,OAAO,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAEnC,iBAAiB;IACjB,MAAM,WAAW,GAA0C,EAAE,CAAC;IAC9D,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChC,IAAI,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW;gBAAE,SAAS;YAClD,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAChD,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;YAC5C,IAAI,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;YAClC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,UAAU,CAAC,YAAY,CAAC;gBAAE,QAAQ,GAAG,YAAY,CAAC;YACtF,IAAI,CAAC,QAAQ;gBAAE,SAAS;YACxB,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;YAChF,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;gBACzB,WAAW,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;IACxB,CAAC;IAED,sBAAsB;IACtB,MAAM,cAAc,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;IAC/C,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACtC,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE;QAC1B,IAAI,cAAc,KAAK,KAAK;YAAE,OAAO,IAAI,CAAC;QAC1C,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;IACpD,CAAC,CAAC,CACH,CAAC;IAEF,mBAAmB;IACnB,MAAM,UAAU,GAAG,IAAI,GAAG,EAAkD,CAAC;IAC7E,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,EAAE,CAAC;YACxC,IAAI,cAAc,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC;gBAAE,SAAS;YACtF,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACzC,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;YAC9B,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAa;QACtB,+BAA+B;QAC/B,EAAE;QACF,cAAc,SAAS,EAAE;QACzB,cAAc,IAAI,EAAE;QACpB,kBAAkB,SAAS,CAAC,MAAM,EAAE;QACpC,sBAAsB,QAAQ,CAAC,MAAM,EAAE;QACvC,EAAE;KACH,CAAC;IAEF,IAAI,UAAU,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,EAAE,uBAAuB,SAAS,uBAAuB,CAAC,CAAC;QACnG,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,gBAAgB;IAChB,MAAM,cAAc,GAAG,CAAC,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAE1F,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,EAAE,sBAAsB,EAAE,sBAAsB,CAAC,CAAC;IAC7E,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,cAAc,EAAE,CAAC;QAC9C,KAAK,CAAC,IAAI,CAAC,KAAK,OAAO,MAAM,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC;IACjD,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAEtB,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,cAAc,EAAE,CAAC;QAC9C,KAAK,CAAC,IAAI,CAAC,MAAM,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC;QAChC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC;YACvB,KAAK,CAAC,IAAI,CACR,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,UAAU,CAAC,CAAC,QAAQ,MAAM,CAAC,CAAC,IAAI,EAAE,CACxG,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"export-sarif.d.ts","sourceRoot":"","sources":["../../src/tools/export-sarif.ts"],"names":[],"mappings":"AAuDA,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,
|
|
1
|
+
{"version":3,"file":"export-sarif.d.ts","sourceRoot":"","sources":["../../src/tools/export-sarif.ts"],"names":[],"mappings":"AAuDA,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAwEhD"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { readdirSync, readFileSync, statSync } from "fs";
|
|
2
|
-
import { join, extname, basename } from "path";
|
|
2
|
+
import { join, extname, basename, resolve } from "path";
|
|
3
3
|
import { analyzeCode } from "./check-code.js";
|
|
4
4
|
import { owaspRules } from "../data/rules/index.js";
|
|
5
5
|
import { loadConfig } from "../utils/config.js";
|
|
@@ -46,7 +46,8 @@ function severityToLevel(severity) {
|
|
|
46
46
|
return "note";
|
|
47
47
|
}
|
|
48
48
|
export function exportSarif(path) {
|
|
49
|
-
const
|
|
49
|
+
const configDir = resolve(path);
|
|
50
|
+
const config = loadConfig(configDir);
|
|
50
51
|
const excludes = new Set([...DEFAULT_EXCLUDES, ...config.scan.exclude]);
|
|
51
52
|
const filePaths = [];
|
|
52
53
|
walkDir(path, excludes, filePaths);
|
|
@@ -63,7 +64,7 @@ export function exportSarif(path) {
|
|
|
63
64
|
language = "dockerfile";
|
|
64
65
|
if (!language)
|
|
65
66
|
continue;
|
|
66
|
-
const findings = analyzeCode(content, language, undefined, filePath);
|
|
67
|
+
const findings = analyzeCode(content, language, undefined, filePath, configDir);
|
|
67
68
|
for (const f of findings) {
|
|
68
69
|
allResults.push({
|
|
69
70
|
ruleId: f.rule.id,
|
|
@@ -104,7 +105,7 @@ export function exportSarif(path) {
|
|
|
104
105
|
tool: {
|
|
105
106
|
driver: {
|
|
106
107
|
name: "GuardVibe",
|
|
107
|
-
version: "0.6.
|
|
108
|
+
version: "0.6.2",
|
|
108
109
|
informationUri: "https://github.com/goklab/guardvibe",
|
|
109
110
|
rules: sarifRules,
|
|
110
111
|
},
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"export-sarif.js","sourceRoot":"","sources":["../../src/tools/export-sarif.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,
|
|
1
|
+
{"version":3,"file":"export-sarif.js","sourceRoot":"","sources":["../../src/tools/export-sarif.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACxD,OAAO,EAAE,WAAW,EAAgB,MAAM,iBAAiB,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,MAAM,aAAa,GAA2B;IAC5C,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM;IAC7C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAC7C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;IAC/C,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW;CACpD,CAAC;AAEF,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa;IAChE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ;CACvC,CAAC,CAAC;AAEH,SAAS,OAAO,CAAC,GAAW,EAAE,QAAqB,EAAE,OAAiB;IACpE,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QAAC,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO;IAAC,CAAC;IAC9E,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,OAAO,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9C,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC9D,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAcD,SAAS,eAAe,CAAC,QAAgB;IACvC,IAAI,QAAQ,KAAK,UAAU,IAAI,QAAQ,KAAK,MAAM;QAAE,OAAO,OAAO,CAAC;IACnE,IAAI,QAAQ,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IAC5C,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChC,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,gBAAgB,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IACxE,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,OAAO,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAEnC,MAAM,UAAU,GAAkB,EAAE,CAAC;IAErC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChC,IAAI,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW;gBAAE,SAAS;YAClD,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAChD,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;YAC5C,IAAI,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;YAClC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,UAAU,CAAC,YAAY,CAAC;gBAAE,QAAQ,GAAG,YAAY,CAAC;YACtF,IAAI,CAAC,QAAQ;gBAAE,SAAS;YAExB,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;YAEhF,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;gBACzB,UAAU,CAAC,IAAI,CAAC;oBACd,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE;oBACjB,KAAK,EAAE,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;oBACvC,OAAO,EAAE;wBACP,IAAI,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,WAAW,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE;qBACjE;oBACD,SAAS,EAAE,CAAC;4BACV,gBAAgB,EAAE;gCAChB,gBAAgB,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE;gCACnC,MAAM,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,IAAI,EAAE;6BAC9B;yBACF,CAAC;iBACH,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;IACxB,CAAC;IAED,qEAAqE;IACrE,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;IAC5D,MAAM,UAAU,GAAG,UAAU;SAC1B,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;SACnC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACT,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,gBAAgB,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE;QAClC,eAAe,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE;QACxC,OAAO,EAAE,oDAAoD;QAC7D,UAAU,EAAE;YACV,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;YACf,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtD;KACF,CAAC,CAAC,CAAC;IAEN,MAAM,KAAK,GAAG;QACZ,OAAO,EAAE,sGAAsG;QAC/G,OAAO,EAAE,OAAO;QAChB,IAAI,EAAE,CAAC;gBACL,IAAI,EAAE;oBACJ,MAAM,EAAE;wBACN,IAAI,EAAE,WAAW;wBACjB,OAAO,EAAE,OAAO;wBAChB,cAAc,EAAE,qCAAqC;wBACrD,KAAK,EAAE,UAAU;qBAClB;iBACF;gBACD,OAAO,EAAE,UAAU;aACpB,CAAC;KACH,CAAC;IAEF,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACxC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan-directory.d.ts","sourceRoot":"","sources":["../../src/tools/scan-directory.ts"],"names":[],"mappings":"AA4DA,wBAAgB,aAAa,CAC3B,IAAI,EAAE,MAAM,EACZ,SAAS,GAAE,OAAc,EACzB,OAAO,GAAE,MAAM,EAAO,GACrB,MAAM,
|
|
1
|
+
{"version":3,"file":"scan-directory.d.ts","sourceRoot":"","sources":["../../src/tools/scan-directory.ts"],"names":[],"mappings":"AA4DA,wBAAgB,aAAa,CAC3B,IAAI,EAAE,MAAM,EACZ,SAAS,GAAE,OAAc,EACzB,OAAO,GAAE,MAAM,EAAO,GACrB,MAAM,CAoGR"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { readdirSync, readFileSync, statSync } from "fs";
|
|
2
|
-
import { join, extname, basename } from "path";
|
|
2
|
+
import { join, extname, basename, resolve } from "path";
|
|
3
3
|
import { analyzeCode } from "./check-code.js";
|
|
4
4
|
import { loadConfig } from "../utils/config.js";
|
|
5
5
|
const DEFAULT_EXCLUDES = new Set([
|
|
@@ -45,7 +45,8 @@ function walkDirectory(dir, recursive, excludes, results) {
|
|
|
45
45
|
}
|
|
46
46
|
}
|
|
47
47
|
export function scanDirectory(path, recursive = true, exclude = []) {
|
|
48
|
-
const
|
|
48
|
+
const configDir = resolve(path);
|
|
49
|
+
const config = loadConfig(configDir);
|
|
49
50
|
const excludes = new Set([...DEFAULT_EXCLUDES, ...exclude, ...config.scan.exclude]);
|
|
50
51
|
const maxSize = config.scan.maxFileSize;
|
|
51
52
|
const filePaths = [];
|
|
@@ -68,7 +69,7 @@ export function scanDirectory(path, recursive = true, exclude = []) {
|
|
|
68
69
|
}
|
|
69
70
|
if (!language)
|
|
70
71
|
continue;
|
|
71
|
-
const findings = analyzeCode(content, language, undefined, filePath);
|
|
72
|
+
const findings = analyzeCode(content, language, undefined, filePath, configDir);
|
|
72
73
|
if (findings.length > 0) {
|
|
73
74
|
scanResults.push({ path: filePath, findings });
|
|
74
75
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan-directory.js","sourceRoot":"","sources":["../../src/tools/scan-directory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"scan-directory.js","sourceRoot":"","sources":["../../src/tools/scan-directory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACxD,OAAO,EAAE,WAAW,EAAgB,MAAM,iBAAiB,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa;IAChE,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK;IACvD,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM;CACtC,CAAC,CAAC;AAEH,MAAM,aAAa,GAA2B;IAC5C,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM;IAC7C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAC7C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;IAC/C,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAC/B,KAAK,EAAE,WAAW;CACnB,CAAC;AAEF,MAAM,aAAa,GAAG,GAAG,GAAG,IAAI,CAAC,CAAC,QAAQ;AAO1C,SAAS,aAAa,CACpB,GAAW,EACX,SAAkB,EAClB,QAAqB,EACrB,OAAiB;IAEjB,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QACH,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAEvC,IAAI,KAAK,CAAC,WAAW,EAAE,IAAI,SAAS,EAAE,CAAC;YACrC,aAAa,CAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACxD,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9C,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvB,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;YACD,kCAAkC;YAClC,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBAC9E,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAC3B,IAAY,EACZ,YAAqB,IAAI,EACzB,UAAoB,EAAE;IAEtB,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChC,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,gBAAgB,EAAE,GAAG,OAAO,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IACpF,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC;IACxC,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAEpD,MAAM,WAAW,GAAiB,EAAE,CAAC;IACrC,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChC,IAAI,IAAI,CAAC,IAAI,GAAG,OAAO,EAAE,CAAC;gBACxB,YAAY,CAAC,IAAI,CAAC,GAAG,QAAQ,gBAAgB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;gBAChF,SAAS;YACX,CAAC;YAED,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAChD,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;YAC5C,IAAI,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;YAClC,4BAA4B;YAC5B,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,GAAG,KAAK,aAAa,CAAC,EAAE,CAAC;gBACxF,QAAQ,GAAG,YAAY,CAAC;YAC1B,CAAC;YACD,IAAI,CAAC,QAAQ;gBAAE,SAAS;YAExB,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;YAChF,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,WAAW,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,YAAY,CAAC,IAAI,CAAC,GAAG,QAAQ,eAAe,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAED,UAAU;IACV,MAAM,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACzD,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACrF,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC7E,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IACjF,MAAM,WAAW,GAAG,aAAa,GAAG,SAAS,GAAG,WAAW,CAAC;IAC5D,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,GAAG,EAAE,GAAG,SAAS,GAAG,EAAE,GAAG,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC;IACtG,MAAM,KAAK,GAAG,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAElG,MAAM,KAAK,GAAa;QACtB,uCAAuC;QACvC,EAAE;QACF,cAAc,IAAI,EAAE;QACpB,kBAAkB,SAAS,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,EAAE;QAC1D,iBAAiB,WAAW,EAAE;QAC9B,mBAAmB,KAAK,KAAK,KAAK,OAAO;QACzC,EAAE;KACH,CAAC;IAEF,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,EAAE,sBAAsB,EAAE,sBAAsB,CAAC,CAAC;QAC7E,IAAI,aAAa,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,aAAa,QAAQ,CAAC,CAAC;QACzE,IAAI,SAAS,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,SAAS,QAAQ,CAAC,CAAC;QACjE,IAAI,WAAW,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,WAAW,QAAQ,CAAC,CAAC;QACrE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QACnG,MAAM,SAAS,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CACxC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACnB,IAAI,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,GAAG;YACrF,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE;SAC5C,CAAC,CAAC,CACJ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEjD,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC5B,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACvE,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAE1B,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;YACjC,KAAK,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,UAAU,EAAE,EAAE,CAAC,CAAC;YAC7E,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAChC,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;gBAC3C,KAAK,CAAC,IAAI,CACR,QAAQ,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,GAAG,EAC7C,cAAc,CAAC,CAAC,IAAI,mBAAmB,CAAC,CAAC,KAAK,IAAI,EAClD,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,EACvB,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,EACxB,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EACvF,EAAE,CACH,CAAC;YACJ,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,EAAE,mCAAmC,CAAC,CAAC;IAC5E,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,oBAAoB,CAAC,CAAC;QACrC,KAAK,MAAM,CAAC,IAAI,YAAY;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan-secrets.d.ts","sourceRoot":"","sources":["../../src/tools/scan-secrets.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;CACb;AAED,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,aAAa,EAAE,CA8C9E;
|
|
1
|
+
{"version":3,"file":"scan-secrets.d.ts","sourceRoot":"","sources":["../../src/tools/scan-secrets.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;CACb;AAED,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,aAAa,EAAE,CA8C9E;AAoDD,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,GAAE,OAAc,GAAG,MAAM,CAiF3E"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { readdirSync, readFileSync, statSync } from "fs";
|
|
2
|
-
import { join, extname, basename } from "path";
|
|
2
|
+
import { join, extname, basename, dirname, resolve } from "path";
|
|
3
3
|
import { secretPatterns, calculateEntropy } from "../data/secret-patterns.js";
|
|
4
4
|
import { loadConfig } from "../utils/config.js";
|
|
5
5
|
export function scanContent(content, filename) {
|
|
@@ -49,6 +49,26 @@ export function scanContent(content, filename) {
|
|
|
49
49
|
return findings;
|
|
50
50
|
}
|
|
51
51
|
const DEFAULT_SECRET_EXCLUDES = new Set(["node_modules", ".git", "build", "dist"]);
|
|
52
|
+
function collectGitignoreContent(startDir) {
|
|
53
|
+
const contents = [];
|
|
54
|
+
let currentDir = resolve(startDir);
|
|
55
|
+
while (true) {
|
|
56
|
+
try {
|
|
57
|
+
contents.push(readFileSync(join(currentDir, ".gitignore"), "utf-8"));
|
|
58
|
+
}
|
|
59
|
+
catch { /* ignore */ }
|
|
60
|
+
try {
|
|
61
|
+
statSync(join(currentDir, ".git"));
|
|
62
|
+
break;
|
|
63
|
+
}
|
|
64
|
+
catch { /* keep walking */ }
|
|
65
|
+
const parentDir = dirname(currentDir);
|
|
66
|
+
if (parentDir === currentDir)
|
|
67
|
+
break;
|
|
68
|
+
currentDir = parentDir;
|
|
69
|
+
}
|
|
70
|
+
return contents.join("\n");
|
|
71
|
+
}
|
|
52
72
|
function walkForSecrets(dir, recursive, results, excludes = DEFAULT_SECRET_EXCLUDES) {
|
|
53
73
|
let entries;
|
|
54
74
|
try {
|
|
@@ -79,27 +99,31 @@ function walkForSecrets(dir, recursive, results, excludes = DEFAULT_SECRET_EXCLU
|
|
|
79
99
|
}
|
|
80
100
|
}
|
|
81
101
|
export function scanSecrets(path, recursive = true) {
|
|
82
|
-
const
|
|
83
|
-
const excludes = new Set([...DEFAULT_SECRET_EXCLUDES, ...config.scan.exclude]);
|
|
102
|
+
const targetPath = resolve(path);
|
|
84
103
|
const filePaths = [];
|
|
104
|
+
let configDir = process.cwd();
|
|
85
105
|
try {
|
|
86
|
-
const stat = statSync(
|
|
106
|
+
const stat = statSync(targetPath);
|
|
107
|
+
configDir = stat.isFile() ? dirname(targetPath) : targetPath;
|
|
108
|
+
const config = loadConfig(configDir);
|
|
109
|
+
const excludes = new Set([...DEFAULT_SECRET_EXCLUDES, ...config.scan.exclude]);
|
|
87
110
|
if (stat.isFile()) {
|
|
88
|
-
filePaths.push(
|
|
111
|
+
filePaths.push(targetPath);
|
|
89
112
|
}
|
|
90
113
|
else {
|
|
91
|
-
walkForSecrets(
|
|
114
|
+
walkForSecrets(targetPath, recursive, filePaths, excludes);
|
|
92
115
|
}
|
|
93
116
|
}
|
|
94
117
|
catch {
|
|
95
118
|
return `# GuardVibe Secret Scan Report\n\nError: Could not access path: ${path}`;
|
|
96
119
|
}
|
|
120
|
+
const config = loadConfig(configDir);
|
|
97
121
|
const uniquePaths = [...new Set(filePaths)];
|
|
98
122
|
const allFindings = [];
|
|
99
123
|
for (const filePath of uniquePaths) {
|
|
100
124
|
try {
|
|
101
125
|
const stat = statSync(filePath);
|
|
102
|
-
if (stat.size >
|
|
126
|
+
if (stat.size > config.scan.maxFileSize)
|
|
103
127
|
continue;
|
|
104
128
|
const content = readFileSync(filePath, "utf-8");
|
|
105
129
|
const findings = scanContent(content, filePath);
|
|
@@ -107,16 +131,10 @@ export function scanSecrets(path, recursive = true) {
|
|
|
107
131
|
}
|
|
108
132
|
catch { /* skip */ }
|
|
109
133
|
}
|
|
110
|
-
// Check .gitignore for .env coverage
|
|
111
|
-
let gitignoreContent = "";
|
|
112
|
-
try {
|
|
113
|
-
const gitignorePath = statSync(path).isDirectory() ? join(path, ".gitignore") : ".gitignore";
|
|
114
|
-
gitignoreContent = readFileSync(gitignorePath, "utf-8");
|
|
115
|
-
}
|
|
116
|
-
catch { /* no gitignore */ }
|
|
117
134
|
const envFiles = uniquePaths.filter(f => basename(f).startsWith(".env"));
|
|
118
135
|
for (const envFile of envFiles) {
|
|
119
136
|
const envName = basename(envFile);
|
|
137
|
+
const gitignoreContent = collectGitignoreContent(dirname(envFile));
|
|
120
138
|
if (!gitignoreContent.includes(envName) && !gitignoreContent.includes(".env*") && !gitignoreContent.includes(".env")) {
|
|
121
139
|
allFindings.push({
|
|
122
140
|
provider: ".env not in .gitignore",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan-secrets.js","sourceRoot":"","sources":["../../src/tools/scan-secrets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"scan-secrets.js","sourceRoot":"","sources":["../../src/tools/scan-secrets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9E,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAWhD,MAAM,UAAU,WAAW,CAAC,OAAe,EAAE,QAAgB;IAC3D,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;QAChC,EAAE,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QACzB,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACnD,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACtD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAClD,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,EAAE,CAAC,QAAQ;gBACrB,QAAQ,EAAE,EAAE,CAAC,QAAQ;gBACrB,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,UAAU;gBAChB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtE,GAAG,EAAE,EAAE,CAAC,GAAG;aACZ,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yCAAyC;IACzC,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAChC,IAAI,KAAK,KAAK,CAAC,CAAC;gBAAE,SAAS;YAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;YACpE,IAAI,KAAK,CAAC,MAAM,IAAI,EAAE,IAAI,gBAAgB,CAAC,KAAK,CAAC,GAAG,GAAG,EAAE,CAAC;gBACxD,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC1D,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,QAAQ,CAAC,IAAI,CAAC;wBACZ,QAAQ,EAAE,qBAAqB;wBAC/B,QAAQ,EAAE,MAAM;wBAChB,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;wBACpC,GAAG,EAAE,6EAA6E;qBACnF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,uBAAuB,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;AAEnF,SAAS,uBAAuB,CAAC,QAAgB;IAC/C,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,IAAI,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAEnC,OAAO,IAAI,EAAE,CAAC;QACZ,IAAI,CAAC;YACH,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;QACvE,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;QAExB,IAAI,CAAC;YACH,QAAQ,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;YACnC,MAAM;QACR,CAAC;QAAC,MAAM,CAAC,CAAC,kBAAkB,CAAC,CAAC;QAE9B,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;QACtC,IAAI,SAAS,KAAK,UAAU;YAAE,MAAM;QACpC,UAAU,GAAG,SAAS,CAAC;IACzB,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,cAAc,CAAC,GAAW,EAAE,SAAkB,EAAE,OAAiB,EAAE,WAAwB,uBAAuB;IACzH,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QAAC,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO;IAAC,CAAC;IAE9E,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAEvC,IAAI,KAAK,CAAC,WAAW,EAAE,IAAI,SAAS,EAAE,CAAC;YACrC,cAAc,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QACzD,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;YACxB,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAExC,mCAAmC;YACnC,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1G,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;YACD,yBAAyB;YACzB,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvE,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,IAAY,EAAE,YAAqB,IAAI;IACjE,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,IAAI,SAAS,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAE9B,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC;QAClC,SAAS,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;QAC7D,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;QACrC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,uBAAuB,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QAE/E,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;YAClB,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7B,CAAC;aAAM,CAAC;YACN,cAAc,CAAC,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,mEAAmE,IAAI,EAAE,CAAC;IACnF,CAAC;IAED,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACrC,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;IAC5C,MAAM,WAAW,GAAoB,EAAE,CAAC;IAExC,KAAK,MAAM,QAAQ,IAAI,WAAW,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChC,IAAI,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW;gBAAE,SAAS;YAClD,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAChD,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAChD,WAAW,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;IACxB,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IACzE,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClC,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;QACnE,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACrH,WAAW,CAAC,IAAI,CAAC;gBACf,QAAQ,EAAE,wBAAwB;gBAClC,QAAQ,EAAE,UAAU;gBACpB,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,CAAC;gBACP,KAAK,EAAE,GAAG,OAAO,8BAA8B;gBAC/C,GAAG,EAAE,QAAQ,OAAO,yCAAyC;aAC9D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,gBAAgB;IAChB,MAAM,KAAK,GAAa;QACtB,gCAAgC;QAChC,EAAE;QACF,kBAAkB,WAAW,CAAC,MAAM,EAAE;QACtC,kBAAkB,WAAW,CAAC,MAAM,EAAE;KACvC,CAAC;IAEF,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QAC5E,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QACxE,KAAK,CAAC,IAAI,CAAC,eAAe,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC5F,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;QAE7C,MAAM,KAAK,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;QAC1E,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAElE,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;YAC5B,KAAK,CAAC,IAAI,CACR,QAAQ,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,QAAQ,EAAE,EACjD,aAAa,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EACtD,gBAAgB,CAAC,CAAC,KAAK,IAAI,EAC3B,YAAY,CAAC,CAAC,GAAG,EAAE,EACnB,EAAE,CACH,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,EAAE,wDAAwD,CAAC,CAAC;IAC/F,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export declare function scanStaged(): string;
|
|
1
|
+
export declare function scanStaged(cwd?: string): string;
|
|
2
2
|
//# sourceMappingURL=scan-staged.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan-staged.d.ts","sourceRoot":"","sources":["../../src/tools/scan-staged.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"scan-staged.d.ts","sourceRoot":"","sources":["../../src/tools/scan-staged.ts"],"names":[],"mappings":"AAkDA,wBAAgB,UAAU,CAAC,GAAG,GAAE,MAAsB,GAAG,MAAM,CA8F9D"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { execFileSync } from "child_process";
|
|
2
|
-
import { extname, basename } from "path";
|
|
2
|
+
import { extname, basename, resolve } from "path";
|
|
3
3
|
import { analyzeCode } from "./check-code.js";
|
|
4
4
|
const EXTENSION_MAP = {
|
|
5
5
|
".js": "javascript", ".jsx": "javascript", ".mjs": "javascript", ".cjs": "javascript",
|
|
@@ -7,11 +7,12 @@ const EXTENSION_MAP = {
|
|
|
7
7
|
".py": "python", ".go": "go", ".java": "java",
|
|
8
8
|
".php": "php", ".rb": "ruby", ".html": "html",
|
|
9
9
|
".sql": "sql", ".sh": "shell", ".bash": "shell",
|
|
10
|
-
".yml": "yaml", ".yaml": "yaml",
|
|
10
|
+
".yml": "yaml", ".yaml": "yaml", ".tf": "terraform",
|
|
11
11
|
};
|
|
12
|
-
function getStagedFiles() {
|
|
12
|
+
function getStagedFiles(cwd) {
|
|
13
13
|
try {
|
|
14
14
|
const output = execFileSync("git", ["diff", "--cached", "--name-only"], {
|
|
15
|
+
cwd,
|
|
15
16
|
encoding: "utf-8",
|
|
16
17
|
timeout: 5000,
|
|
17
18
|
});
|
|
@@ -21,9 +22,10 @@ function getStagedFiles() {
|
|
|
21
22
|
return [];
|
|
22
23
|
}
|
|
23
24
|
}
|
|
24
|
-
function getStagedContent(filePath) {
|
|
25
|
+
function getStagedContent(filePath, cwd) {
|
|
25
26
|
try {
|
|
26
27
|
return execFileSync("git", ["show", `:${filePath}`], {
|
|
28
|
+
cwd,
|
|
27
29
|
encoding: "utf-8",
|
|
28
30
|
timeout: 5000,
|
|
29
31
|
});
|
|
@@ -40,8 +42,9 @@ function detectLanguage(filePath) {
|
|
|
40
42
|
return "dockerfile";
|
|
41
43
|
return null;
|
|
42
44
|
}
|
|
43
|
-
export function scanStaged() {
|
|
44
|
-
const
|
|
45
|
+
export function scanStaged(cwd = process.cwd()) {
|
|
46
|
+
const repoDir = resolve(cwd);
|
|
47
|
+
const stagedFiles = getStagedFiles(repoDir);
|
|
45
48
|
if (stagedFiles.length === 0) {
|
|
46
49
|
return [
|
|
47
50
|
"# GuardVibe Pre-Commit Report",
|
|
@@ -57,12 +60,12 @@ export function scanStaged() {
|
|
|
57
60
|
skippedFiles.push(filePath);
|
|
58
61
|
continue;
|
|
59
62
|
}
|
|
60
|
-
const content = getStagedContent(filePath);
|
|
63
|
+
const content = getStagedContent(filePath, repoDir);
|
|
61
64
|
if (!content) {
|
|
62
65
|
skippedFiles.push(filePath);
|
|
63
66
|
continue;
|
|
64
67
|
}
|
|
65
|
-
const findings = analyzeCode(content, language, undefined, filePath);
|
|
68
|
+
const findings = analyzeCode(content, language, undefined, filePath, repoDir);
|
|
66
69
|
if (findings.length > 0) {
|
|
67
70
|
results.push({ path: filePath, findings });
|
|
68
71
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan-staged.js","sourceRoot":"","sources":["../../src/tools/scan-staged.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"scan-staged.js","sourceRoot":"","sources":["../../src/tools/scan-staged.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAClD,OAAO,EAAE,WAAW,EAAgB,MAAM,iBAAiB,CAAC;AAE5D,MAAM,aAAa,GAA2B;IAC5C,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM;IAC7C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAC7C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;IAC/C,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW;CACpD,CAAC;AAOF,SAAS,cAAc,CAAC,GAAW;IACjC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,aAAa,CAAC,EAAE;YACtE,GAAG;YACH,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,IAAI;SACd,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAgB,EAAE,GAAW;IACrD,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,KAAK,EAAE,CAAC,MAAM,EAAE,IAAI,QAAQ,EAAE,CAAC,EAAE;YACnD,GAAG;YACH,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,IAAI;SACd,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,QAAgB;IACtC,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IAC5C,IAAI,aAAa,CAAC,GAAG,CAAC;QAAE,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC;IAClD,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,GAAG,KAAK,aAAa;QAAE,OAAO,YAAY,CAAC;IAC9F,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,MAAc,OAAO,CAAC,GAAG,EAAE;IACpD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IAC7B,MAAM,WAAW,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IAE5C,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO;YACL,+BAA+B;YAC/B,EAAE;YACF,0DAA0D;SAC3D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACf,CAAC;IAED,MAAM,OAAO,GAAmB,EAAE,CAAC;IACnC,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,KAAK,MAAM,QAAQ,IAAI,WAAW,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC1C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC5B,SAAS;QACX,CAAC;QAED,MAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACpD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC5B,SAAS;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9E,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAAG,WAAW,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;IAC9D,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACrD,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACrF,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC7E,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IACjF,MAAM,WAAW,GAAG,aAAa,GAAG,SAAS,GAAG,WAAW,CAAC;IAC5D,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,GAAG,EAAE,GAAG,SAAS,GAAG,EAAE,GAAG,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC;IACtG,MAAM,KAAK,GAAG,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAElG,MAAM,KAAK,GAAa;QACtB,+BAA+B;QAC/B,EAAE;QACF,yBAAyB,YAAY,EAAE;QACvC,iBAAiB,WAAW,EAAE;QAC9B,mBAAmB,KAAK,KAAK,KAAK,OAAO;QACzC,EAAE;KACH,CAAC;IAEF,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,EAAE,sBAAsB,EAAE,sBAAsB,CAAC,CAAC;QAC7E,IAAI,aAAa,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,aAAa,QAAQ,CAAC,CAAC;QACzE,IAAI,SAAS,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,SAAS,QAAQ,CAAC,CAAC;QACjE,IAAI,WAAW,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,WAAW,QAAQ,CAAC,CAAC;QACrE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QACnG,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CACpC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACnB,IAAI,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,GAAG;YACrF,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE;SAC5C,CAAC,CAAC,CACJ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEjD,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC5B,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACvE,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAE1B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,KAAK,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,UAAU,EAAE,EAAE,CAAC,CAAC;YAC7E,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAChC,KAAK,CAAC,IAAI,CACR,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,GAAG,EACtE,cAAc,CAAC,CAAC,IAAI,mBAAmB,CAAC,CAAC,KAAK,IAAI,EAClD,CAAC,CAAC,IAAI,CAAC,WAAW,EAClB,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,EACxB,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EACjF,EAAE,CACH,CAAC;YACJ,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,EAAE,OAAO,YAAY,uDAAuD,CAAC,CAAC;IAC9G,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,YAAY,YAAY,CAAC,MAAM,sCAAsC,CAAC,CAAC;IACxF,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/utils/config.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE;QACL,OAAO,EAAE,MAAM,EAAE,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAClC,CAAC;IACF,IAAI,EAAE;QACJ,OAAO,EAAE,MAAM,EAAE,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;CACH;
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/utils/config.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE;QACL,OAAO,EAAE,MAAM,EAAE,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAClC,CAAC;IACF,IAAI,EAAE;QACJ,OAAO,EAAE,MAAM,EAAE,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;CACH;AAgBD,wBAAgB,UAAU,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,eAAe,CA8BxD;AAED,wBAAgB,gBAAgB,IAAI,IAAI,CAEvC"}
|
package/build/utils/config.js
CHANGED
|
@@ -1,18 +1,27 @@
|
|
|
1
1
|
import { readFileSync } from "fs";
|
|
2
|
-
import { join } from "path";
|
|
2
|
+
import { join, resolve } from "path";
|
|
3
3
|
const DEFAULT_CONFIG = {
|
|
4
4
|
rules: { disable: [], severity: {} },
|
|
5
5
|
scan: { exclude: [], maxFileSize: 500 * 1024 },
|
|
6
6
|
};
|
|
7
|
-
|
|
7
|
+
const cachedConfigs = new Map();
|
|
8
|
+
function cloneDefaultConfig() {
|
|
9
|
+
return {
|
|
10
|
+
rules: { disable: [], severity: {} },
|
|
11
|
+
scan: { exclude: [], maxFileSize: DEFAULT_CONFIG.scan.maxFileSize },
|
|
12
|
+
};
|
|
13
|
+
}
|
|
8
14
|
export function loadConfig(dir) {
|
|
15
|
+
const configDir = resolve(dir || process.cwd());
|
|
16
|
+
const cachedConfig = cachedConfigs.get(configDir);
|
|
9
17
|
if (cachedConfig)
|
|
10
18
|
return cachedConfig;
|
|
11
|
-
const configPath = join(
|
|
19
|
+
const configPath = join(configDir, ".guardviberc");
|
|
20
|
+
let config;
|
|
12
21
|
try {
|
|
13
22
|
const content = readFileSync(configPath, "utf-8");
|
|
14
23
|
const parsed = JSON.parse(content);
|
|
15
|
-
|
|
24
|
+
config = {
|
|
16
25
|
rules: {
|
|
17
26
|
disable: Array.isArray(parsed.rules?.disable) ? parsed.rules.disable : [],
|
|
18
27
|
severity: typeof parsed.rules?.severity === "object" && parsed.rules.severity !== null
|
|
@@ -26,11 +35,12 @@ export function loadConfig(dir) {
|
|
|
26
35
|
};
|
|
27
36
|
}
|
|
28
37
|
catch {
|
|
29
|
-
|
|
38
|
+
config = cloneDefaultConfig();
|
|
30
39
|
}
|
|
31
|
-
|
|
40
|
+
cachedConfigs.set(configDir, config);
|
|
41
|
+
return config;
|
|
32
42
|
}
|
|
33
43
|
export function resetConfigCache() {
|
|
34
|
-
|
|
44
|
+
cachedConfigs.clear();
|
|
35
45
|
}
|
|
36
46
|
//# sourceMappingURL=config.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/utils/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/utils/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAarC,MAAM,cAAc,GAAoB;IACtC,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;IACpC,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,WAAW,EAAE,GAAG,GAAG,IAAI,EAAE;CAC/C,CAAC;AAEF,MAAM,aAAa,GAAG,IAAI,GAAG,EAA2B,CAAC;AAEzD,SAAS,kBAAkB;IACzB,OAAO;QACL,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;QACpC,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,WAAW,EAAE,cAAc,CAAC,IAAI,CAAC,WAAW,EAAE;KACpE,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,GAAY;IACrC,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAChD,MAAM,YAAY,GAAG,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAClD,IAAI,YAAY;QAAE,OAAO,YAAY,CAAC;IAEtC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;IACnD,IAAI,MAAuB,CAAC;IAE5B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAEnC,MAAM,GAAG;YACP,KAAK,EAAE;gBACL,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;gBACzE,QAAQ,EAAE,OAAO,MAAM,CAAC,KAAK,EAAE,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,KAAK,IAAI;oBACpF,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;aAC/B;YACD,IAAI,EAAE;gBACJ,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;gBACvE,WAAW,EAAE,OAAO,MAAM,CAAC,IAAI,EAAE,WAAW,KAAK,QAAQ;oBACvD,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,WAAW;aAC9D;SACF,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,GAAG,kBAAkB,EAAE,CAAC;IAChC,CAAC;IAED,aAAa,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACrC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,aAAa,CAAC,KAAK,EAAE,CAAC;AACxB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"manifest-parser.d.ts","sourceRoot":"","sources":["../../src/utils/manifest-parser.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"manifest-parser.d.ts","sourceRoot":"","sources":["../../src/utils/manifest-parser.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,aAAa,EAAE,CAahF"}
|
|
@@ -1,18 +1,31 @@
|
|
|
1
1
|
export function parseManifest(content, filename) {
|
|
2
2
|
const lower = filename.toLowerCase();
|
|
3
|
+
let packages;
|
|
3
4
|
if (lower === "package-lock.json")
|
|
4
|
-
|
|
5
|
-
if (lower === "package.json")
|
|
6
|
-
|
|
7
|
-
if (lower === "requirements.txt")
|
|
8
|
-
|
|
9
|
-
if (lower === "go.mod")
|
|
10
|
-
|
|
11
|
-
if (lower === "gemfile.lock")
|
|
12
|
-
|
|
13
|
-
if (lower === "cargo.lock")
|
|
14
|
-
|
|
15
|
-
|
|
5
|
+
packages = parsePackageLock(content);
|
|
6
|
+
else if (lower === "package.json")
|
|
7
|
+
packages = parsePackageJson(content);
|
|
8
|
+
else if (lower === "requirements.txt")
|
|
9
|
+
packages = parseRequirementsTxt(content);
|
|
10
|
+
else if (lower === "go.mod")
|
|
11
|
+
packages = parseGoMod(content);
|
|
12
|
+
else if (lower === "gemfile.lock")
|
|
13
|
+
packages = parseGemfileLock(content);
|
|
14
|
+
else if (lower === "cargo.lock")
|
|
15
|
+
packages = parseCargoLock(content);
|
|
16
|
+
else
|
|
17
|
+
throw new Error(`Unsupported manifest format: ${filename}`);
|
|
18
|
+
return dedupePackages(packages);
|
|
19
|
+
}
|
|
20
|
+
function dedupePackages(packages) {
|
|
21
|
+
const seen = new Set();
|
|
22
|
+
return packages.filter((pkg) => {
|
|
23
|
+
const key = `${pkg.ecosystem}:${pkg.name}@${pkg.version}`;
|
|
24
|
+
if (seen.has(key))
|
|
25
|
+
return false;
|
|
26
|
+
seen.add(key);
|
|
27
|
+
return true;
|
|
28
|
+
});
|
|
16
29
|
}
|
|
17
30
|
function parsePackageJson(content) {
|
|
18
31
|
const pkg = JSON.parse(content);
|
|
@@ -39,7 +52,9 @@ function parsePackageLock(content) {
|
|
|
39
52
|
const pkg = info;
|
|
40
53
|
if (!pkg.version)
|
|
41
54
|
continue;
|
|
42
|
-
const name = path.
|
|
55
|
+
const name = pkg.name || path.split("node_modules/").filter(Boolean).pop() || "";
|
|
56
|
+
if (!name)
|
|
57
|
+
continue;
|
|
43
58
|
packages.push({ name, version: pkg.version, ecosystem: "npm" });
|
|
44
59
|
}
|
|
45
60
|
}
|
|
@@ -59,15 +74,23 @@ function parseRequirementsTxt(content) {
|
|
|
59
74
|
}
|
|
60
75
|
function parseGoMod(content) {
|
|
61
76
|
const packages = [];
|
|
62
|
-
|
|
63
|
-
const
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
77
|
+
let inRequireBlock = false;
|
|
78
|
+
for (const rawLine of content.split("\n")) {
|
|
79
|
+
const line = rawLine.trim();
|
|
80
|
+
if (!line || line.startsWith("//"))
|
|
81
|
+
continue;
|
|
82
|
+
if (line === "require (") {
|
|
83
|
+
inRequireBlock = true;
|
|
84
|
+
continue;
|
|
85
|
+
}
|
|
86
|
+
if (inRequireBlock && line === ")") {
|
|
87
|
+
inRequireBlock = false;
|
|
88
|
+
continue;
|
|
89
|
+
}
|
|
90
|
+
const match = inRequireBlock
|
|
91
|
+
? line.match(/^(\S+)\s+v?(\S+)/)
|
|
92
|
+
: line.match(/^require\s+(\S+)\s+v?(\S+)/);
|
|
93
|
+
if (match) {
|
|
71
94
|
packages.push({ name: match[1], version: match[2].replace(/^v/, ""), ecosystem: "Go" });
|
|
72
95
|
}
|
|
73
96
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"manifest-parser.js","sourceRoot":"","sources":["../../src/utils/manifest-parser.ts"],"names":[],"mappings":"AAMA,MAAM,UAAU,aAAa,CAAC,OAAe,EAAE,QAAgB;IAC7D,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"manifest-parser.js","sourceRoot":"","sources":["../../src/utils/manifest-parser.ts"],"names":[],"mappings":"AAMA,MAAM,UAAU,aAAa,CAAC,OAAe,EAAE,QAAgB;IAC7D,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACrC,IAAI,QAAyB,CAAC;IAE9B,IAAI,KAAK,KAAK,mBAAmB;QAAE,QAAQ,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;SACnE,IAAI,KAAK,KAAK,cAAc;QAAE,QAAQ,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;SACnE,IAAI,KAAK,KAAK,kBAAkB;QAAE,QAAQ,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;SAC3E,IAAI,KAAK,KAAK,QAAQ;QAAE,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;SACvD,IAAI,KAAK,KAAK,cAAc;QAAE,QAAQ,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;SACnE,IAAI,KAAK,KAAK,YAAY;QAAE,QAAQ,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;;QAC/D,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,EAAE,CAAC,CAAC;IAEjE,OAAO,cAAc,CAAC,QAAQ,CAAC,CAAC;AAClC,CAAC;AAED,SAAS,cAAc,CAAC,QAAyB;IAC/C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QAC7B,MAAM,GAAG,GAAG,GAAG,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;QAC1D,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC;QAChC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACd,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAChC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;QACjE,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACvD,IAAI,OAAO;YAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;IAClE,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;QACpE,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACvD,IAAI,OAAO;YAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACjC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzD,IAAI,IAAI,KAAK,EAAE;gBAAE,SAAS;YAC1B,MAAM,GAAG,GAAG,IAA2C,CAAC;YACxD,IAAI,CAAC,GAAG,CAAC,OAAO;gBAAE,SAAS;YAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;YACjF,IAAI,CAAC,IAAI;gBAAE,SAAS;YACpB,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAe;IAC3C,OAAO,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC;SACvB,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SACxB,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;SACtE,GAAG,CAAC,IAAI,CAAC,EAAE;QACV,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;QACjE,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QACxB,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;IAClE,CAAC,CAAC;SACD,MAAM,CAAC,CAAC,CAAC,EAAsB,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,UAAU,CAAC,OAAe;IACjC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,IAAI,cAAc,GAAG,KAAK,CAAC;IAE3B,KAAK,MAAM,OAAO,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,SAAS;QAE7C,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;YACzB,cAAc,GAAG,IAAI,CAAC;YACtB,SAAS;QACX,CAAC;QAED,IAAI,cAAc,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACnC,cAAc,GAAG,KAAK,CAAC;YACvB,SAAS;QACX,CAAC;QAED,MAAM,KAAK,GAAG,cAAc;YAC1B,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC;YAChC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAE7C,IAAI,KAAK,EAAE,CAAC;YACV,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1F,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACxE,IAAI,CAAC,YAAY;QAAE,OAAO,QAAQ,CAAC;IAEnC,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;QACtD,IAAI,KAAK,EAAE,CAAC;YACV,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,cAAc,CAAC,OAAe;IACrC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IAE5C,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,sBAAsB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACtD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,yBAAyB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5D,IAAI,IAAI,IAAI,OAAO,EAAE,CAAC;YACpB,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"osv-client.d.ts","sourceRoot":"","sources":["../../src/utils/osv-client.ts"],"names":[],"mappings":"AAAA,UAAU,gBAAgB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAClD,QAAQ,CAAC,EAAE,KAAK,CAAC;QACf,OAAO,CAAC,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,SAAS,EAAE,MAAM,CAAA;SAAE,CAAC;QAC9C,MAAM,CAAC,EAAE,KAAK,CAAC;YACb,IAAI,EAAE,MAAM,CAAC;YACb,MAAM,EAAE,KAAK,CAAC;gBAAE,UAAU,CAAC,EAAE,MAAM,CAAC;gBAAC,KAAK,CAAC,EAAE,MAAM,CAAA;aAAE,CAAC,CAAC;SACxD,CAAC,CAAC;KACJ,CAAC,CAAC;IACH,UAAU,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACnD;AAMD,wBAAsB,QAAQ,CAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAiB7B;AAED,UAAU,UAAU;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAsB,aAAa,CACjC,QAAQ,EAAE,UAAU,EAAE,GACrB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC,
|
|
1
|
+
{"version":3,"file":"osv-client.d.ts","sourceRoot":"","sources":["../../src/utils/osv-client.ts"],"names":[],"mappings":"AAAA,UAAU,gBAAgB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAClD,iBAAiB,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC;IAClE,QAAQ,CAAC,EAAE,KAAK,CAAC;QACf,OAAO,CAAC,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,SAAS,EAAE,MAAM,CAAA;SAAE,CAAC;QAC9C,MAAM,CAAC,EAAE,KAAK,CAAC;YACb,IAAI,EAAE,MAAM,CAAC;YACb,MAAM,EAAE,KAAK,CAAC;gBAAE,UAAU,CAAC,EAAE,MAAM,CAAC;gBAAC,KAAK,CAAC,EAAE,MAAM,CAAA;aAAE,CAAC,CAAC;SACxD,CAAC,CAAC;KACJ,CAAC,CAAC;IACH,UAAU,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACnD;AAMD,wBAAsB,QAAQ,CAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAiB7B;AAED,UAAU,UAAU;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAsB,aAAa,CACjC,QAAQ,EAAE,UAAU,EAAE,GACrB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAmD1C;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,gBAAgB,GAAG,GAAG,GAAG,MAAM,CAmDtE;AAED,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,gBAAgB,GAAG,MAAM,CA4BlE"}
|
|
@@ -26,8 +26,9 @@ export async function queryOsvBatch(packages) {
|
|
|
26
26
|
signal: AbortSignal.timeout(10000),
|
|
27
27
|
});
|
|
28
28
|
const results = new Map();
|
|
29
|
-
if (!response.ok)
|
|
30
|
-
|
|
29
|
+
if (!response.ok) {
|
|
30
|
+
throw new Error(`OSV API error: ${response.status} ${response.statusText}`);
|
|
31
|
+
}
|
|
31
32
|
const data = await response.json();
|
|
32
33
|
// Batch API returns minimal vuln info (just id). Fetch full details for each.
|
|
33
34
|
for (let i = 0; i < packages.length; i++) {
|
|
@@ -75,19 +76,51 @@ export function normalizeSeverity(vuln) {
|
|
|
75
76
|
return "unknown";
|
|
76
77
|
}
|
|
77
78
|
const cvss = vuln.severity.find((s) => s.type === "CVSS_V3" || s.type === "CVSS_V4");
|
|
78
|
-
if (!cvss)
|
|
79
|
+
if (!cvss) {
|
|
80
|
+
// No CVSS entry — try database_specific fallback
|
|
81
|
+
if (vuln.database_specific?.severity) {
|
|
82
|
+
const s = vuln.database_specific.severity.toLowerCase();
|
|
83
|
+
if (s === "critical")
|
|
84
|
+
return "critical";
|
|
85
|
+
if (s === "high")
|
|
86
|
+
return "high";
|
|
87
|
+
if (s === "moderate" || s === "medium")
|
|
88
|
+
return "medium";
|
|
89
|
+
if (s === "low")
|
|
90
|
+
return "low";
|
|
91
|
+
}
|
|
79
92
|
return "unknown";
|
|
80
|
-
|
|
81
|
-
|
|
93
|
+
}
|
|
94
|
+
// CVSS score can be: a number, a numeric string, or a CVSS vector string
|
|
95
|
+
let score = null;
|
|
82
96
|
if (typeof cvss.score === "number") {
|
|
83
97
|
score = cvss.score;
|
|
84
98
|
}
|
|
85
|
-
else if (typeof cvss.score === "string"
|
|
86
|
-
|
|
99
|
+
else if (typeof cvss.score === "string") {
|
|
100
|
+
// Try parsing as number first
|
|
101
|
+
const parsed = parseFloat(cvss.score);
|
|
102
|
+
if (!isNaN(parsed) && !cvss.score.startsWith("CVSS:")) {
|
|
103
|
+
score = parsed;
|
|
104
|
+
}
|
|
105
|
+
else {
|
|
106
|
+
// It's a CVSS vector string like "CVSS:3.1/AV:N/AC:L/..."
|
|
107
|
+
// Fall back to database_specific severity
|
|
108
|
+
if (vuln.database_specific?.severity) {
|
|
109
|
+
const s = vuln.database_specific.severity.toLowerCase();
|
|
110
|
+
if (s === "critical")
|
|
111
|
+
return "critical";
|
|
112
|
+
if (s === "high")
|
|
113
|
+
return "high";
|
|
114
|
+
if (s === "moderate" || s === "medium")
|
|
115
|
+
return "medium";
|
|
116
|
+
if (s === "low")
|
|
117
|
+
return "low";
|
|
118
|
+
}
|
|
119
|
+
return "unknown";
|
|
120
|
+
}
|
|
87
121
|
}
|
|
88
|
-
|
|
122
|
+
if (score === null)
|
|
89
123
|
return "unknown";
|
|
90
|
-
}
|
|
91
124
|
if (score >= 9.0)
|
|
92
125
|
return "critical";
|
|
93
126
|
if (score >= 7.0)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"osv-client.js","sourceRoot":"","sources":["../../src/utils/osv-client.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"osv-client.js","sourceRoot":"","sources":["../../src/utils/osv-client.ts"],"names":[],"mappings":"AAoBA,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,IAAY,EACZ,OAAe,EACf,SAAiB;IAEjB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,8BAA8B,EAAE;QAC3D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,OAAO;YACP,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;SAC7B,CAAC;QACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;KAClC,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,kBAAkB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqB,CAAC;IACzD,OAAO,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;AAC1B,CAAC;AAQD,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,QAAsB;IAEtB,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACnC,OAAO,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE;QACrD,OAAO,EAAE,GAAG,CAAC,OAAO;KACrB,CAAC,CAAC,CAAC;IAEJ,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,mCAAmC,EAAE;QAChE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC;QACjC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;KACnC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,GAAG,EAA8B,CAAC;IACtD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,kBAAkB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA2D,CAAC;IAE5F,8EAA8E;IAC9E,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,GAAG,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QACzD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QAEhD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACrB,SAAS;QACX,CAAC;QAED,yCAAyC;QACzC,MAAM,SAAS,GAAuB,EAAE,CAAC;QACzC,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,gCAAgC,EAAE,CAAC,EAAE,EAAE,EAAE;oBACxE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;iBAClC,CAAC,CAAC;gBACH,IAAI,YAAY,CAAC,EAAE,EAAE,CAAC;oBACpB,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,IAAI,EAAsB,CAAC;oBAC/D,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAC3B,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,8CAA8C;gBAC9C,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,OAAO,EAAE,qBAAqB,EAAsB,CAAC,CAAC;YACpF,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC9B,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAA4B;IAC5D,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,iDAAiD;QACjD,IAAI,IAAI,CAAC,iBAAiB,EAAE,QAAQ,EAAE,CAAC;YACrC,MAAM,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YACxD,IAAI,CAAC,KAAK,UAAU;gBAAE,OAAO,UAAU,CAAC;YACxC,IAAI,CAAC,KAAK,MAAM;gBAAE,OAAO,MAAM,CAAC;YAChC,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,QAAQ;gBAAE,OAAO,QAAQ,CAAC;YACxD,IAAI,CAAC,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAC;QAChC,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;IAC1F,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,iDAAiD;QACjD,IAAI,IAAI,CAAC,iBAAiB,EAAE,QAAQ,EAAE,CAAC;YACrC,MAAM,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YACxD,IAAI,CAAC,KAAK,UAAU;gBAAE,OAAO,UAAU,CAAC;YACxC,IAAI,CAAC,KAAK,MAAM;gBAAE,OAAO,MAAM,CAAC;YAChC,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,QAAQ;gBAAE,OAAO,QAAQ,CAAC;YACxD,IAAI,CAAC,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAC;QAChC,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,yEAAyE;IACzE,IAAI,KAAK,GAAkB,IAAI,CAAC;IAChC,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACnC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;IACrB,CAAC;SAAM,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC1C,8BAA8B;QAC9B,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACtC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACtD,KAAK,GAAG,MAAM,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,0DAA0D;YAC1D,0CAA0C;YAC1C,IAAI,IAAI,CAAC,iBAAiB,EAAE,QAAQ,EAAE,CAAC;gBACrC,MAAM,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;gBACxD,IAAI,CAAC,KAAK,UAAU;oBAAE,OAAO,UAAU,CAAC;gBACxC,IAAI,CAAC,KAAK,MAAM;oBAAE,OAAO,MAAM,CAAC;gBAChC,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,QAAQ;oBAAE,OAAO,QAAQ,CAAC;gBACxD,IAAI,CAAC,KAAK,KAAK;oBAAE,OAAO,KAAK,CAAC;YAChC,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IACD,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,SAAS,CAAC;IACrC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,UAAU,CAAC;IACpC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,MAAM,CAAC;IAChC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,QAAQ,CAAC;IAClC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,IAAsB;IACxD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC;QAC3C,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YAC1C,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjC,IAAI,KAAK,CAAC,KAAK;oBAAE,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GACX,aAAa,CAAC,MAAM,GAAG,CAAC;QACtB,CAAC,CAAC,aAAa,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACzC,CAAC,CAAC,sBAAsB,CAAC;IAE7B,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC;IAE/C,OAAO;QACL,OAAO,IAAI,CAAC,EAAE,EAAE;QAChB,iBAAiB,QAAQ,EAAE;QAC3B,gBAAgB,IAAI,CAAC,OAAO,EAAE;QAC9B,KAAK,OAAO,IAAI;QAChB,MAAM,CAAC,CAAC,CAAC,kBAAkB,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE;KACzC;SACE,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "guardvibe",
|
|
3
|
-
"version": "0.6.
|
|
3
|
+
"version": "0.6.2",
|
|
4
4
|
"description": "GuardVibe — Security MCP server for vibe-coders. OWASP rules, dependency CVE checks, secret detection, and framework security guides — right inside your AI coding assistant.",
|
|
5
|
+
"author": "GokLab <info@goklab.com>",
|
|
5
6
|
"type": "module",
|
|
6
7
|
"bin": {
|
|
7
8
|
"guardvibe": "./build/index.js",
|
|
@@ -32,7 +33,7 @@
|
|
|
32
33
|
"author": "GuardVibe",
|
|
33
34
|
"license": "MIT",
|
|
34
35
|
"dependencies": {
|
|
35
|
-
"@modelcontextprotocol/sdk": "^1.
|
|
36
|
+
"@modelcontextprotocol/sdk": "^1.26.0",
|
|
36
37
|
"zod": "^3.25.0"
|
|
37
38
|
},
|
|
38
39
|
"devDependencies": {
|