guardvibe 0.6.3 → 0.6.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +93 -156
- package/build/data/rules/core.js +11 -11
- package/build/data/rules/core.js.map +1 -1
- package/build/data/rules/index.d.ts.map +1 -1
- package/build/data/rules/index.js +0 -6
- package/build/data/rules/index.js.map +1 -1
- package/build/index.js +5 -5
- package/build/index.js.map +1 -1
- package/build/tools/check-code.d.ts +2 -2
- package/build/tools/check-code.d.ts.map +1 -1
- package/build/tools/check-code.js +4 -4
- package/build/tools/check-code.js.map +1 -1
- package/build/tools/check-project.d.ts.map +1 -1
- package/build/tools/check-project.js +4 -3
- package/build/tools/check-project.js.map +1 -1
- package/build/tools/compliance-report.d.ts.map +1 -1
- package/build/tools/compliance-report.js +7 -7
- package/build/tools/compliance-report.js.map +1 -1
- package/build/tools/export-sarif.d.ts.map +1 -1
- package/build/tools/export-sarif.js +7 -7
- package/build/tools/export-sarif.js.map +1 -1
- package/build/tools/scan-directory.d.ts.map +1 -1
- package/build/tools/scan-directory.js +7 -8
- package/build/tools/scan-directory.js.map +1 -1
- package/build/tools/scan-secrets.d.ts.map +1 -1
- package/build/tools/scan-secrets.js +100 -56
- package/build/tools/scan-secrets.js.map +1 -1
- package/build/tools/scan-staged.d.ts +1 -1
- package/build/tools/scan-staged.d.ts.map +1 -1
- package/build/tools/scan-staged.js +10 -9
- package/build/tools/scan-staged.js.map +1 -1
- package/build/utils/config.d.ts.map +1 -1
- package/build/utils/config.js +19 -11
- package/build/utils/config.js.map +1 -1
- package/build/utils/manifest-parser.d.ts.map +1 -1
- package/build/utils/manifest-parser.js +93 -68
- package/build/utils/manifest-parser.js.map +1 -1
- package/build/utils/osv-client.d.ts.map +1 -1
- package/build/utils/osv-client.js +3 -2
- package/build/utils/osv-client.js.map +1 -1
- package/package.json +2 -3
- package/build/data/rules/java.d.ts +0 -3
- package/build/data/rules/java.d.ts.map +0 -1
- package/build/data/rules/java.js +0 -70
- package/build/data/rules/java.js.map +0 -1
- package/build/data/rules/php.d.ts +0 -3
- package/build/data/rules/php.d.ts.map +0 -1
- package/build/data/rules/php.js +0 -59
- package/build/data/rules/php.js.map +0 -1
- package/build/data/rules/ruby.d.ts +0 -3
- package/build/data/rules/ruby.d.ts.map +0 -1
- package/build/data/rules/ruby.js +0 -59
- package/build/data/rules/ruby.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan-secrets.js","sourceRoot":"","sources":["../../src/tools/scan-secrets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"scan-secrets.js","sourceRoot":"","sources":["../../src/tools/scan-secrets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACrE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAC3E,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9E,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAgBhD,MAAM,uBAAuB,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;AACnF,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC;IACrC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAC7B,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAC7B,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM;IAC7B,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK;CACvC,CAAC,CAAC;AACH,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AAErG,MAAM,UAAU,WAAW,CAAC,OAAe,EAAE,QAAgB;IAC3D,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;QAChC,EAAE,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QACzB,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACnD,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACtD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAClD,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,EAAE,CAAC,QAAQ;gBACrB,QAAQ,EAAE,EAAE,CAAC,QAAQ;gBACrB,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,UAAU;gBAChB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtE,GAAG,EAAE,EAAE,CAAC,GAAG;aACZ,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAChC,IAAI,KAAK,KAAK,CAAC,CAAC;gBAAE,SAAS;YAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;YACpE,IAAI,KAAK,CAAC,MAAM,IAAI,EAAE,IAAI,gBAAgB,CAAC,KAAK,CAAC,GAAG,GAAG,EAAE,CAAC;gBACxD,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;gBACxE,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,QAAQ,CAAC,IAAI,CAAC;wBACZ,QAAQ,EAAE,qBAAqB;wBAC/B,QAAQ,EAAE,MAAM;wBAChB,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;wBACpC,GAAG,EAAE,6EAA6E;qBACnF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,cAAc,CAAC,GAAW,EAAE,SAAkB,EAAE,OAAiB,EAAE,QAAqB;IAC/F,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QACH,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAEvC,IAAI,KAAK,CAAC,WAAW,EAAE,IAAI,SAAS,EAAE,CAAC;YACrC,cAAc,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;YACvD,SAAS;QACX,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE;YAAE,SAAS;QAE9B,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;QACxB,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAExC,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,sBAAsB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,sBAAsB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAClG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB;IACnC,IAAI,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAEhC,OAAO,IAAI,EAAE,CAAC;QACZ,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAAE,OAAO,OAAO,CAAC;QACtD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,MAAM,KAAK,OAAO;YAAE,OAAO,IAAI,CAAC;QACpC,OAAO,GAAG,MAAM,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAAC,QAAgB;IAC/C,MAAM,OAAO,GAAqB,EAAE,CAAC;IACrC,MAAM,OAAO,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IACtC,IAAI,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAEhC,OAAO,IAAI,EAAE,CAAC;QACZ,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAClD,IAAI,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;YACpF,CAAC;YAAC,MAAM,CAAC;gBACP,sCAAsC;YACxC,CAAC;QACH,CAAC;QAED,IAAI,OAAO,KAAK,OAAO;YAAE,MAAM;QAE/B,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,MAAM,KAAK,OAAO;YAAE,MAAM;QAC9B,OAAO,GAAG,MAAM,CAAC;IACnB,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,uBAAuB,CAAC,OAAe,EAAE,gBAAkC;IAClF,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;IAElC,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE;QACpD,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACpE,OAAO,CACL,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;YACzB,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;YAC9B,OAAO,CAAC,QAAQ,CAAC,IAAI,YAAY,EAAE,CAAC;YACpC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;YACzB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CACzB,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,IAAY,EAAE,YAAqB,IAAI;IACjE,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,IAAI,UAAU,CAAC;IACf,IAAI,CAAC;QACH,UAAU,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,mEAAmE,IAAI,EAAE,CAAC;IACnF,CAAC;IAED,MAAM,QAAQ,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC7E,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,uBAAuB,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IAE/E,IAAI,UAAU,CAAC,MAAM,EAAE,EAAE,CAAC;QACxB,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,cAAc,CAAC,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;IAC5C,MAAM,WAAW,GAAoB,EAAE,CAAC;IAExC,KAAK,MAAM,QAAQ,IAAI,WAAW,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChC,IAAI,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW;gBAAE,SAAS;YAClD,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAChD,WAAW,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC;YACP,yBAAyB;QAC3B,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IACzF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;QACnE,IAAI,uBAAuB,CAAC,OAAO,EAAE,gBAAgB,CAAC;YAAE,SAAS;QAEjE,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClC,WAAW,CAAC,IAAI,CAAC;YACf,QAAQ,EAAE,wBAAwB;YAClC,QAAQ,EAAE,UAAU;YACpB,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,CAAC;YACP,KAAK,EAAE,GAAG,OAAO,8BAA8B;YAC/C,GAAG,EAAE,QAAQ,OAAO,yCAAyC;SAC9D,CAAC,CAAC;IACL,CAAC;IAED,MAAM,KAAK,GAAa;QACtB,gCAAgC;QAChC,EAAE;QACF,kBAAkB,WAAW,CAAC,MAAM,EAAE;QACtC,kBAAkB,WAAW,CAAC,MAAM,EAAE;KACvC,CAAC;IAEF,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QAC1F,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QACtF,KAAK,CAAC,IAAI,CAAC,eAAe,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC5F,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;QAE7C,MAAM,KAAK,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;QAC1E,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;QAEhF,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;YAClC,KAAK,CAAC,IAAI,CACR,QAAQ,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC,QAAQ,EAAE,EAC7D,aAAa,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EACxE,gBAAgB,OAAO,CAAC,KAAK,IAAI,EACjC,YAAY,OAAO,CAAC,GAAG,EAAE,EACzB,EAAE,CACH,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,EAAE,wDAAwD,CAAC,CAAC;IAC/F,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export declare function scanStaged(): string;
|
|
1
|
+
export declare function scanStaged(cwd?: string): string;
|
|
2
2
|
//# sourceMappingURL=scan-staged.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan-staged.d.ts","sourceRoot":"","sources":["../../src/tools/scan-staged.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"scan-staged.d.ts","sourceRoot":"","sources":["../../src/tools/scan-staged.ts"],"names":[],"mappings":"AAiDA,wBAAgB,UAAU,CAAC,GAAG,GAAE,MAAsB,GAAG,MAAM,CA6F9D"}
|
|
@@ -4,14 +4,14 @@ import { analyzeCode } from "./check-code.js";
|
|
|
4
4
|
const EXTENSION_MAP = {
|
|
5
5
|
".js": "javascript", ".jsx": "javascript", ".mjs": "javascript", ".cjs": "javascript",
|
|
6
6
|
".ts": "typescript", ".tsx": "typescript", ".mts": "typescript", ".cts": "typescript",
|
|
7
|
-
".py": "python", ".go": "go", ".
|
|
8
|
-
".php": "php", ".rb": "ruby", ".html": "html",
|
|
7
|
+
".py": "python", ".go": "go", ".html": "html",
|
|
9
8
|
".sql": "sql", ".sh": "shell", ".bash": "shell",
|
|
10
|
-
".yml": "yaml", ".yaml": "yaml",
|
|
9
|
+
".yml": "yaml", ".yaml": "yaml", ".tf": "terraform",
|
|
11
10
|
};
|
|
12
|
-
function getStagedFiles() {
|
|
11
|
+
function getStagedFiles(cwd) {
|
|
13
12
|
try {
|
|
14
13
|
const output = execFileSync("git", ["diff", "--cached", "--name-only"], {
|
|
14
|
+
cwd,
|
|
15
15
|
encoding: "utf-8",
|
|
16
16
|
timeout: 5000,
|
|
17
17
|
});
|
|
@@ -21,9 +21,10 @@ function getStagedFiles() {
|
|
|
21
21
|
return [];
|
|
22
22
|
}
|
|
23
23
|
}
|
|
24
|
-
function getStagedContent(filePath) {
|
|
24
|
+
function getStagedContent(filePath, cwd) {
|
|
25
25
|
try {
|
|
26
26
|
return execFileSync("git", ["show", `:${filePath}`], {
|
|
27
|
+
cwd,
|
|
27
28
|
encoding: "utf-8",
|
|
28
29
|
timeout: 5000,
|
|
29
30
|
});
|
|
@@ -40,8 +41,8 @@ function detectLanguage(filePath) {
|
|
|
40
41
|
return "dockerfile";
|
|
41
42
|
return null;
|
|
42
43
|
}
|
|
43
|
-
export function scanStaged() {
|
|
44
|
-
const stagedFiles = getStagedFiles();
|
|
44
|
+
export function scanStaged(cwd = process.cwd()) {
|
|
45
|
+
const stagedFiles = getStagedFiles(cwd);
|
|
45
46
|
if (stagedFiles.length === 0) {
|
|
46
47
|
return [
|
|
47
48
|
"# GuardVibe Pre-Commit Report",
|
|
@@ -57,12 +58,12 @@ export function scanStaged() {
|
|
|
57
58
|
skippedFiles.push(filePath);
|
|
58
59
|
continue;
|
|
59
60
|
}
|
|
60
|
-
const content = getStagedContent(filePath);
|
|
61
|
+
const content = getStagedContent(filePath, cwd);
|
|
61
62
|
if (!content) {
|
|
62
63
|
skippedFiles.push(filePath);
|
|
63
64
|
continue;
|
|
64
65
|
}
|
|
65
|
-
const findings = analyzeCode(content, language, undefined, filePath);
|
|
66
|
+
const findings = analyzeCode(content, language, undefined, filePath, cwd);
|
|
66
67
|
if (findings.length > 0) {
|
|
67
68
|
results.push({ path: filePath, findings });
|
|
68
69
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan-staged.js","sourceRoot":"","sources":["../../src/tools/scan-staged.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AACzC,OAAO,EAAE,WAAW,EAAgB,MAAM,iBAAiB,CAAC;AAE5D,MAAM,aAAa,GAA2B;IAC5C,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM;IAC7C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"scan-staged.js","sourceRoot":"","sources":["../../src/tools/scan-staged.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AACzC,OAAO,EAAE,WAAW,EAAgB,MAAM,iBAAiB,CAAC;AAE5D,MAAM,aAAa,GAA2B;IAC5C,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM;IAC7C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;IAC/C,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW;CACpD,CAAC;AAOF,SAAS,cAAc,CAAC,GAAW;IACjC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,aAAa,CAAC,EAAE;YACtE,GAAG;YACH,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,IAAI;SACd,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAgB,EAAE,GAAW;IACrD,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,KAAK,EAAE,CAAC,MAAM,EAAE,IAAI,QAAQ,EAAE,CAAC,EAAE;YACnD,GAAG;YACH,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,IAAI;SACd,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,QAAgB;IACtC,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IAC5C,IAAI,aAAa,CAAC,GAAG,CAAC;QAAE,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC;IAClD,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,GAAG,KAAK,aAAa;QAAE,OAAO,YAAY,CAAC;IAC9F,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,MAAc,OAAO,CAAC,GAAG,EAAE;IACpD,MAAM,WAAW,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IAExC,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO;YACL,+BAA+B;YAC/B,EAAE;YACF,0DAA0D;SAC3D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACf,CAAC;IAED,MAAM,OAAO,GAAmB,EAAE,CAAC;IACnC,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,KAAK,MAAM,QAAQ,IAAI,WAAW,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC1C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC5B,SAAS;QACX,CAAC;QAED,MAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAChD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC5B,SAAS;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC1E,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAAG,WAAW,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;IAC9D,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACrD,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACrF,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC7E,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IACjF,MAAM,WAAW,GAAG,aAAa,GAAG,SAAS,GAAG,WAAW,CAAC;IAC5D,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,GAAG,EAAE,GAAG,SAAS,GAAG,EAAE,GAAG,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC;IACtG,MAAM,KAAK,GAAG,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAElG,MAAM,KAAK,GAAa;QACtB,+BAA+B;QAC/B,EAAE;QACF,yBAAyB,YAAY,EAAE;QACvC,iBAAiB,WAAW,EAAE;QAC9B,mBAAmB,KAAK,KAAK,KAAK,OAAO;QACzC,EAAE;KACH,CAAC;IAEF,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,EAAE,sBAAsB,EAAE,sBAAsB,CAAC,CAAC;QAC7E,IAAI,aAAa,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,aAAa,QAAQ,CAAC,CAAC;QACzE,IAAI,SAAS,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,SAAS,QAAQ,CAAC,CAAC;QACjE,IAAI,WAAW,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,WAAW,QAAQ,CAAC,CAAC;QACrE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QACnG,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CACpC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACnB,IAAI,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,GAAG;YACrF,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE;SAC5C,CAAC,CAAC,CACJ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEjD,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC5B,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACvE,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAE1B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,KAAK,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,UAAU,EAAE,EAAE,CAAC,CAAC;YAC7E,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAChC,KAAK,CAAC,IAAI,CACR,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,GAAG,EACtE,cAAc,CAAC,CAAC,IAAI,mBAAmB,CAAC,CAAC,KAAK,IAAI,EAClD,CAAC,CAAC,IAAI,CAAC,WAAW,EAClB,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,EACxB,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EACjF,EAAE,CACH,CAAC;YACJ,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,EAAE,OAAO,YAAY,uDAAuD,CAAC,CAAC;IAC9G,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,YAAY,YAAY,CAAC,MAAM,sCAAsC,CAAC,CAAC;IACxF,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/utils/config.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE;QACL,OAAO,EAAE,MAAM,EAAE,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAClC,CAAC;IACF,IAAI,EAAE;QACJ,OAAO,EAAE,MAAM,EAAE,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;CACH;
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/utils/config.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE;QACL,OAAO,EAAE,MAAM,EAAE,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAClC,CAAC;IACF,IAAI,EAAE;QACJ,OAAO,EAAE,MAAM,EAAE,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;CACH;AAgBD,wBAAgB,UAAU,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,eAAe,CA4BxD;AAED,wBAAgB,gBAAgB,IAAI,IAAI,CAEvC"}
|
package/build/utils/config.js
CHANGED
|
@@ -1,18 +1,27 @@
|
|
|
1
1
|
import { readFileSync } from "fs";
|
|
2
|
-
import { join } from "path";
|
|
2
|
+
import { join, resolve } from "path";
|
|
3
3
|
const DEFAULT_CONFIG = {
|
|
4
4
|
rules: { disable: [], severity: {} },
|
|
5
5
|
scan: { exclude: [], maxFileSize: 500 * 1024 },
|
|
6
6
|
};
|
|
7
|
-
|
|
7
|
+
const configCache = new Map();
|
|
8
|
+
function cloneDefaultConfig() {
|
|
9
|
+
return {
|
|
10
|
+
rules: { disable: [...DEFAULT_CONFIG.rules.disable], severity: { ...DEFAULT_CONFIG.rules.severity } },
|
|
11
|
+
scan: { exclude: [...DEFAULT_CONFIG.scan.exclude], maxFileSize: DEFAULT_CONFIG.scan.maxFileSize },
|
|
12
|
+
};
|
|
13
|
+
}
|
|
8
14
|
export function loadConfig(dir) {
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
15
|
+
const configDir = resolve(dir || process.cwd());
|
|
16
|
+
const cached = configCache.get(configDir);
|
|
17
|
+
if (cached)
|
|
18
|
+
return cached;
|
|
19
|
+
const configPath = join(configDir, ".guardviberc");
|
|
20
|
+
let resolvedConfig = cloneDefaultConfig();
|
|
12
21
|
try {
|
|
13
22
|
const content = readFileSync(configPath, "utf-8");
|
|
14
23
|
const parsed = JSON.parse(content);
|
|
15
|
-
|
|
24
|
+
resolvedConfig = {
|
|
16
25
|
rules: {
|
|
17
26
|
disable: Array.isArray(parsed.rules?.disable) ? parsed.rules.disable : [],
|
|
18
27
|
severity: typeof parsed.rules?.severity === "object" && parsed.rules.severity !== null
|
|
@@ -25,12 +34,11 @@ export function loadConfig(dir) {
|
|
|
25
34
|
},
|
|
26
35
|
};
|
|
27
36
|
}
|
|
28
|
-
catch {
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
return cachedConfig;
|
|
37
|
+
catch { }
|
|
38
|
+
configCache.set(configDir, resolvedConfig);
|
|
39
|
+
return resolvedConfig;
|
|
32
40
|
}
|
|
33
41
|
export function resetConfigCache() {
|
|
34
|
-
|
|
42
|
+
configCache.clear();
|
|
35
43
|
}
|
|
36
44
|
//# sourceMappingURL=config.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/utils/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/utils/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAarC,MAAM,cAAc,GAAoB;IACtC,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;IACpC,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,WAAW,EAAE,GAAG,GAAG,IAAI,EAAE;CAC/C,CAAC;AAEF,MAAM,WAAW,GAAG,IAAI,GAAG,EAA2B,CAAC;AAEvD,SAAS,kBAAkB;IACzB,OAAO;QACL,KAAK,EAAE,EAAE,OAAO,EAAE,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,EAAE,GAAG,cAAc,CAAC,KAAK,CAAC,QAAQ,EAAE,EAAE;QACrG,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,GAAG,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,WAAW,EAAE,cAAc,CAAC,IAAI,CAAC,WAAW,EAAE;KAClG,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,GAAY;IACrC,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC1C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;IACnD,IAAI,cAAc,GAAG,kBAAkB,EAAE,CAAC;IAE1C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAEnC,cAAc,GAAG;YACf,KAAK,EAAE;gBACL,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;gBACzE,QAAQ,EAAE,OAAO,MAAM,CAAC,KAAK,EAAE,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,KAAK,IAAI;oBACpF,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;aAC/B;YACD,IAAI,EAAE;gBACJ,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;gBACvE,WAAW,EAAE,OAAO,MAAM,CAAC,IAAI,EAAE,WAAW,KAAK,QAAQ;oBACvD,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,WAAW;aAC9D;SACF,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IAEV,WAAW,CAAC,GAAG,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;IAC3C,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,WAAW,CAAC,KAAK,EAAE,CAAC;AACtB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"manifest-parser.d.ts","sourceRoot":"","sources":["../../src/utils/manifest-parser.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;
|
|
1
|
+
{"version":3,"file":"manifest-parser.d.ts","sourceRoot":"","sources":["../../src/utils/manifest-parser.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAID,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,aAAa,EAAE,CAShF"}
|
|
@@ -8,95 +8,120 @@ export function parseManifest(content, filename) {
|
|
|
8
8
|
return parseRequirementsTxt(content);
|
|
9
9
|
if (lower === "go.mod")
|
|
10
10
|
return parseGoMod(content);
|
|
11
|
-
if (lower === "gemfile.lock")
|
|
12
|
-
return parseGemfileLock(content);
|
|
13
|
-
if (lower === "cargo.lock")
|
|
14
|
-
return parseCargoLock(content);
|
|
15
11
|
throw new Error(`Unsupported manifest format: ${filename}`);
|
|
16
12
|
}
|
|
13
|
+
function addPackage(packages, pkg) {
|
|
14
|
+
const key = `${pkg.ecosystem}:${pkg.name}@${pkg.version}`;
|
|
15
|
+
packages.set(key, pkg);
|
|
16
|
+
}
|
|
17
|
+
function sanitizeVersion(rawVersion) {
|
|
18
|
+
const trimmed = rawVersion.trim();
|
|
19
|
+
if (!trimmed)
|
|
20
|
+
return null;
|
|
21
|
+
if (trimmed.startsWith("file:") ||
|
|
22
|
+
trimmed.startsWith("link:") ||
|
|
23
|
+
trimmed.startsWith("workspace:") ||
|
|
24
|
+
trimmed.startsWith("git+") ||
|
|
25
|
+
trimmed.startsWith("github:") ||
|
|
26
|
+
trimmed.startsWith("http://") ||
|
|
27
|
+
trimmed.startsWith("https://")) {
|
|
28
|
+
return null;
|
|
29
|
+
}
|
|
30
|
+
const normalized = trimmed.replace(/^[\^~<>=\sv]*/g, "");
|
|
31
|
+
return normalized || null;
|
|
32
|
+
}
|
|
17
33
|
function parsePackageJson(content) {
|
|
18
34
|
const pkg = JSON.parse(content);
|
|
19
|
-
const packages =
|
|
20
|
-
for (const
|
|
21
|
-
const
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
if (version)
|
|
28
|
-
packages.push({ name, version, ecosystem: "npm" });
|
|
35
|
+
const packages = new Map();
|
|
36
|
+
for (const section of ["dependencies", "devDependencies", "optionalDependencies"]) {
|
|
37
|
+
for (const [name, ver] of Object.entries(pkg[section] || {})) {
|
|
38
|
+
const version = sanitizeVersion(String(ver));
|
|
39
|
+
if (!version)
|
|
40
|
+
continue;
|
|
41
|
+
addPackage(packages, { name, version, ecosystem: "npm" });
|
|
42
|
+
}
|
|
29
43
|
}
|
|
30
|
-
return packages;
|
|
44
|
+
return [...packages.values()];
|
|
31
45
|
}
|
|
32
46
|
function parsePackageLock(content) {
|
|
33
47
|
const lock = JSON.parse(content);
|
|
34
|
-
const packages =
|
|
35
|
-
if (lock.packages) {
|
|
36
|
-
for (const [
|
|
37
|
-
if (
|
|
48
|
+
const packages = new Map();
|
|
49
|
+
if (lock.packages && typeof lock.packages === "object") {
|
|
50
|
+
for (const [pkgPath, info] of Object.entries(lock.packages)) {
|
|
51
|
+
if (pkgPath === "")
|
|
38
52
|
continue;
|
|
39
53
|
const pkg = info;
|
|
40
54
|
if (!pkg.version)
|
|
41
55
|
continue;
|
|
42
|
-
const name =
|
|
43
|
-
|
|
56
|
+
const name = pkgPath.split("node_modules/").filter(Boolean).at(-1);
|
|
57
|
+
if (!name)
|
|
58
|
+
continue;
|
|
59
|
+
addPackage(packages, { name, version: pkg.version, ecosystem: "npm" });
|
|
44
60
|
}
|
|
45
61
|
}
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
function parseRequirementsTxt(content) {
|
|
49
|
-
return content.split("\n")
|
|
50
|
-
.map(line => line.trim())
|
|
51
|
-
.filter(line => line && !line.startsWith("#") && !line.startsWith("-"))
|
|
52
|
-
.map(line => {
|
|
53
|
-
const match = line.match(/^([a-zA-Z0-9_.-]+)==([a-zA-Z0-9_.]+)/);
|
|
54
|
-
if (!match)
|
|
55
|
-
return null;
|
|
56
|
-
return { name: match[1], version: match[2], ecosystem: "PyPI" };
|
|
57
|
-
})
|
|
58
|
-
.filter((p) => p !== null);
|
|
59
|
-
}
|
|
60
|
-
function parseGoMod(content) {
|
|
61
|
-
const packages = [];
|
|
62
|
-
const requireBlock = content.match(/require\s*\(([\s\S]*?)\)/);
|
|
63
|
-
const lines = requireBlock ? requireBlock[1].split("\n") : [];
|
|
64
|
-
const singleRequires = content.matchAll(/require\s+(\S+)\s+v?(\S+)/g);
|
|
65
|
-
for (const m of singleRequires) {
|
|
66
|
-
packages.push({ name: m[1], version: m[2].replace(/^v/, ""), ecosystem: "Go" });
|
|
62
|
+
if (packages.size === 0 && lock.dependencies && typeof lock.dependencies === "object") {
|
|
63
|
+
walkPackageLockDependencies(lock.dependencies, packages);
|
|
67
64
|
}
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
65
|
+
return [...packages.values()];
|
|
66
|
+
}
|
|
67
|
+
function walkPackageLockDependencies(dependencies, packages) {
|
|
68
|
+
for (const [name, info] of Object.entries(dependencies)) {
|
|
69
|
+
if (!info || typeof info !== "object")
|
|
70
|
+
continue;
|
|
71
|
+
const pkg = info;
|
|
72
|
+
if (pkg.version) {
|
|
73
|
+
addPackage(packages, { name, version: pkg.version, ecosystem: "npm" });
|
|
74
|
+
}
|
|
75
|
+
if (pkg.dependencies) {
|
|
76
|
+
walkPackageLockDependencies(pkg.dependencies, packages);
|
|
72
77
|
}
|
|
73
78
|
}
|
|
74
|
-
return packages;
|
|
75
79
|
}
|
|
76
|
-
function
|
|
77
|
-
const packages =
|
|
78
|
-
const
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
80
|
+
function parseRequirementsTxt(content) {
|
|
81
|
+
const packages = new Map();
|
|
82
|
+
for (const line of content.split("\n")) {
|
|
83
|
+
const trimmed = line.trim();
|
|
84
|
+
if (!trimmed || trimmed.startsWith("#") || trimmed.startsWith("-"))
|
|
85
|
+
continue;
|
|
86
|
+
const match = trimmed.match(/^([a-zA-Z0-9_.-]+)==([a-zA-Z0-9_.+-]+)/);
|
|
87
|
+
if (!match)
|
|
88
|
+
continue;
|
|
89
|
+
addPackage(packages, {
|
|
90
|
+
name: match[1],
|
|
91
|
+
version: match[2],
|
|
92
|
+
ecosystem: "PyPI",
|
|
93
|
+
});
|
|
87
94
|
}
|
|
88
|
-
return packages;
|
|
95
|
+
return [...packages.values()];
|
|
89
96
|
}
|
|
90
|
-
function
|
|
91
|
-
const packages =
|
|
92
|
-
const
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
const
|
|
96
|
-
if (
|
|
97
|
-
|
|
97
|
+
function parseGoMod(content) {
|
|
98
|
+
const packages = new Map();
|
|
99
|
+
const lines = content.split("\n");
|
|
100
|
+
let inRequireBlock = false;
|
|
101
|
+
for (const rawLine of lines) {
|
|
102
|
+
const line = rawLine.trim();
|
|
103
|
+
if (!line || line.startsWith("//"))
|
|
104
|
+
continue;
|
|
105
|
+
if (line.startsWith("require (")) {
|
|
106
|
+
inRequireBlock = true;
|
|
107
|
+
continue;
|
|
98
108
|
}
|
|
109
|
+
if (inRequireBlock && line === ")") {
|
|
110
|
+
inRequireBlock = false;
|
|
111
|
+
continue;
|
|
112
|
+
}
|
|
113
|
+
const candidate = inRequireBlock ? line : line.startsWith("require ") ? line.slice("require ".length).trim() : "";
|
|
114
|
+
if (!candidate)
|
|
115
|
+
continue;
|
|
116
|
+
const match = candidate.match(/^(\S+)\s+v?([^\s]+)(?:\s+\/\/.*)?$/);
|
|
117
|
+
if (!match)
|
|
118
|
+
continue;
|
|
119
|
+
addPackage(packages, {
|
|
120
|
+
name: match[1],
|
|
121
|
+
version: match[2].replace(/^v/, ""),
|
|
122
|
+
ecosystem: "Go",
|
|
123
|
+
});
|
|
99
124
|
}
|
|
100
|
-
return packages;
|
|
125
|
+
return [...packages.values()];
|
|
101
126
|
}
|
|
102
127
|
//# sourceMappingURL=manifest-parser.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"manifest-parser.js","sourceRoot":"","sources":["../../src/utils/manifest-parser.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"manifest-parser.js","sourceRoot":"","sources":["../../src/utils/manifest-parser.ts"],"names":[],"mappings":"AAQA,MAAM,UAAU,aAAa,CAAC,OAAe,EAAE,QAAgB;IAC7D,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IAErC,IAAI,KAAK,KAAK,mBAAmB;QAAE,OAAO,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACpE,IAAI,KAAK,KAAK,cAAc;QAAE,OAAO,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC/D,IAAI,KAAK,KAAK,kBAAkB;QAAE,OAAO,oBAAoB,CAAC,OAAO,CAAC,CAAC;IACvE,IAAI,KAAK,KAAK,QAAQ;QAAE,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC;IAEnD,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,SAAS,UAAU,CAAC,QAA4B,EAAE,GAAkB;IAClE,MAAM,GAAG,GAAG,GAAG,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;IAC1D,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,eAAe,CAAC,UAAkB;IACzC,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;IAClC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,IACE,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;QAC3B,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;QAC3B,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC;QAChC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC;QAC1B,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC;QAC7B,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC;QAC7B,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,EAC9B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;IACzD,OAAO,UAAU,IAAI,IAAI,CAAC;AAC5B,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAChC,MAAM,QAAQ,GAAuB,IAAI,GAAG,EAAE,CAAC;IAE/C,KAAK,MAAM,OAAO,IAAI,CAAC,cAAc,EAAE,iBAAiB,EAAE,sBAAsB,CAAC,EAAE,CAAC;QAClF,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC7D,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAC7C,IAAI,CAAC,OAAO;gBAAE,SAAS;YACvB,UAAU,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACjC,MAAM,QAAQ,GAAuB,IAAI,GAAG,EAAE,CAAC;IAE/C,IAAI,IAAI,CAAC,QAAQ,IAAI,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACvD,KAAK,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5D,IAAI,OAAO,KAAK,EAAE;gBAAE,SAAS;YAC7B,MAAM,GAAG,GAAG,IAA4B,CAAC;YACzC,IAAI,CAAC,GAAG,CAAC,OAAO;gBAAE,SAAS;YAE3B,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YACnE,IAAI,CAAC,IAAI;gBAAE,SAAS;YAEpB,UAAU,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,YAAY,IAAI,OAAO,IAAI,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;QACtF,2BAA2B,CAAC,IAAI,CAAC,YAAuC,EAAE,QAAQ,CAAC,CAAC;IACtF,CAAC;IAED,OAAO,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,2BAA2B,CAClC,YAAqC,EACrC,QAA4B;IAE5B,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;QACxD,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,SAAS;QAChD,MAAM,GAAG,GAAG,IAAoE,CAAC;QAEjF,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,UAAU,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;QACzE,CAAC;QAED,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;YACrB,2BAA2B,CAAC,GAAG,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAe;IAC3C,MAAM,QAAQ,GAAuB,IAAI,GAAG,EAAE,CAAC;IAE/C,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAE7E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;QACtE,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,UAAU,CAAC,QAAQ,EAAE;YACnB,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;YACd,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;YACjB,SAAS,EAAE,MAAM;SAClB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,UAAU,CAAC,OAAe;IACjC,MAAM,QAAQ,GAAuB,IAAI,GAAG,EAAE,CAAC;IAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,IAAI,cAAc,GAAG,KAAK,CAAC;IAE3B,KAAK,MAAM,OAAO,IAAI,KAAK,EAAE,CAAC;QAC5B,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,SAAS;QAE7C,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACjC,cAAc,GAAG,IAAI,CAAC;YACtB,SAAS;QACX,CAAC;QAED,IAAI,cAAc,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACnC,cAAc,GAAG,KAAK,CAAC;YACvB,SAAS;QACX,CAAC;QAED,MAAM,SAAS,GAAG,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAClH,IAAI,CAAC,SAAS;YAAE,SAAS;QAEzB,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACpE,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,UAAU,CAAC,QAAQ,EAAE;YACnB,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;YACd,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;YACnC,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;AAChC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"osv-client.d.ts","sourceRoot":"","sources":["../../src/utils/osv-client.ts"],"names":[],"mappings":"AAAA,UAAU,gBAAgB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAClD,iBAAiB,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC;IAClE,QAAQ,CAAC,EAAE,KAAK,CAAC;QACf,OAAO,CAAC,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,SAAS,EAAE,MAAM,CAAA;SAAE,CAAC;QAC9C,MAAM,CAAC,EAAE,KAAK,CAAC;YACb,IAAI,EAAE,MAAM,CAAC;YACb,MAAM,EAAE,KAAK,CAAC;gBAAE,UAAU,CAAC,EAAE,MAAM,CAAC;gBAAC,KAAK,CAAC,EAAE,MAAM,CAAA;aAAE,CAAC,CAAC;SACxD,CAAC,CAAC;KACJ,CAAC,CAAC;IACH,UAAU,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACnD;AAMD,wBAAsB,QAAQ,CAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAiB7B;AAED,UAAU,UAAU;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAsB,aAAa,CACjC,QAAQ,EAAE,UAAU,EAAE,GACrB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC,
|
|
1
|
+
{"version":3,"file":"osv-client.d.ts","sourceRoot":"","sources":["../../src/utils/osv-client.ts"],"names":[],"mappings":"AAAA,UAAU,gBAAgB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAClD,iBAAiB,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC;IAClE,QAAQ,CAAC,EAAE,KAAK,CAAC;QACf,OAAO,CAAC,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,SAAS,EAAE,MAAM,CAAA;SAAE,CAAC;QAC9C,MAAM,CAAC,EAAE,KAAK,CAAC;YACb,IAAI,EAAE,MAAM,CAAC;YACb,MAAM,EAAE,KAAK,CAAC;gBAAE,UAAU,CAAC,EAAE,MAAM,CAAC;gBAAC,KAAK,CAAC,EAAE,MAAM,CAAA;aAAE,CAAC,CAAC;SACxD,CAAC,CAAC;KACJ,CAAC,CAAC;IACH,UAAU,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACnD;AAMD,wBAAsB,QAAQ,CAC5B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAiB7B;AAED,UAAU,UAAU;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAsB,aAAa,CACjC,QAAQ,EAAE,UAAU,EAAE,GACrB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAmD1C;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,gBAAgB,GAAG,GAAG,GAAG,MAAM,CAmDtE;AAED,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,gBAAgB,GAAG,MAAM,CA4BlE"}
|
|
@@ -26,8 +26,9 @@ export async function queryOsvBatch(packages) {
|
|
|
26
26
|
signal: AbortSignal.timeout(10000),
|
|
27
27
|
});
|
|
28
28
|
const results = new Map();
|
|
29
|
-
if (!response.ok)
|
|
30
|
-
|
|
29
|
+
if (!response.ok) {
|
|
30
|
+
throw new Error(`OSV batch API error: ${response.status} ${response.statusText}`);
|
|
31
|
+
}
|
|
31
32
|
const data = await response.json();
|
|
32
33
|
// Batch API returns minimal vuln info (just id). Fetch full details for each.
|
|
33
34
|
for (let i = 0; i < packages.length; i++) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"osv-client.js","sourceRoot":"","sources":["../../src/utils/osv-client.ts"],"names":[],"mappings":"AAoBA,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,IAAY,EACZ,OAAe,EACf,SAAiB;IAEjB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,8BAA8B,EAAE;QAC3D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,OAAO;YACP,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;SAC7B,CAAC;QACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;KAClC,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,kBAAkB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqB,CAAC;IACzD,OAAO,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;AAC1B,CAAC;AAQD,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,QAAsB;IAEtB,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACnC,OAAO,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE;QACrD,OAAO,EAAE,GAAG,CAAC,OAAO;KACrB,CAAC,CAAC,CAAC;IAEJ,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,mCAAmC,EAAE;QAChE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC;QACjC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;KACnC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,GAAG,EAA8B,CAAC;IACtD,IAAI,CAAC,QAAQ,CAAC,EAAE;
|
|
1
|
+
{"version":3,"file":"osv-client.js","sourceRoot":"","sources":["../../src/utils/osv-client.ts"],"names":[],"mappings":"AAoBA,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,IAAY,EACZ,OAAe,EACf,SAAiB;IAEjB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,8BAA8B,EAAE;QAC3D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,OAAO;YACP,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;SAC7B,CAAC;QACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;KAClC,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,kBAAkB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqB,CAAC;IACzD,OAAO,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;AAC1B,CAAC;AAQD,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,QAAsB;IAEtB,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACnC,OAAO,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE;QACrD,OAAO,EAAE,GAAG,CAAC,OAAO;KACrB,CAAC,CAAC,CAAC;IAEJ,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,mCAAmC,EAAE;QAChE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC;QACjC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;KACnC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,GAAG,EAA8B,CAAC;IACtD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,wBAAwB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IACpF,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA2D,CAAC;IAE5F,8EAA8E;IAC9E,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,GAAG,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QACzD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QAEhD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACrB,SAAS;QACX,CAAC;QAED,yCAAyC;QACzC,MAAM,SAAS,GAAuB,EAAE,CAAC;QACzC,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,gCAAgC,EAAE,CAAC,EAAE,EAAE,EAAE;oBACxE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;iBAClC,CAAC,CAAC;gBACH,IAAI,YAAY,CAAC,EAAE,EAAE,CAAC;oBACpB,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,IAAI,EAAsB,CAAC;oBAC/D,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAC3B,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,8CAA8C;gBAC9C,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,OAAO,EAAE,qBAAqB,EAAsB,CAAC,CAAC;YACpF,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC9B,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAA4B;IAC5D,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,iDAAiD;QACjD,IAAI,IAAI,CAAC,iBAAiB,EAAE,QAAQ,EAAE,CAAC;YACrC,MAAM,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YACxD,IAAI,CAAC,KAAK,UAAU;gBAAE,OAAO,UAAU,CAAC;YACxC,IAAI,CAAC,KAAK,MAAM;gBAAE,OAAO,MAAM,CAAC;YAChC,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,QAAQ;gBAAE,OAAO,QAAQ,CAAC;YACxD,IAAI,CAAC,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAC;QAChC,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;IAC1F,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,iDAAiD;QACjD,IAAI,IAAI,CAAC,iBAAiB,EAAE,QAAQ,EAAE,CAAC;YACrC,MAAM,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YACxD,IAAI,CAAC,KAAK,UAAU;gBAAE,OAAO,UAAU,CAAC;YACxC,IAAI,CAAC,KAAK,MAAM;gBAAE,OAAO,MAAM,CAAC;YAChC,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,QAAQ;gBAAE,OAAO,QAAQ,CAAC;YACxD,IAAI,CAAC,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAC;QAChC,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,yEAAyE;IACzE,IAAI,KAAK,GAAkB,IAAI,CAAC;IAChC,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACnC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;IACrB,CAAC;SAAM,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC1C,8BAA8B;QAC9B,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACtC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACtD,KAAK,GAAG,MAAM,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,0DAA0D;YAC1D,0CAA0C;YAC1C,IAAI,IAAI,CAAC,iBAAiB,EAAE,QAAQ,EAAE,CAAC;gBACrC,MAAM,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;gBACxD,IAAI,CAAC,KAAK,UAAU;oBAAE,OAAO,UAAU,CAAC;gBACxC,IAAI,CAAC,KAAK,MAAM;oBAAE,OAAO,MAAM,CAAC;gBAChC,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,QAAQ;oBAAE,OAAO,QAAQ,CAAC;gBACxD,IAAI,CAAC,KAAK,KAAK;oBAAE,OAAO,KAAK,CAAC;YAChC,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IACD,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,SAAS,CAAC;IACrC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,UAAU,CAAC;IACpC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,MAAM,CAAC;IAChC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,QAAQ,CAAC;IAClC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,IAAsB;IACxD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC;QAC3C,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YAC1C,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjC,IAAI,KAAK,CAAC,KAAK;oBAAE,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GACX,aAAa,CAAC,MAAM,GAAG,CAAC;QACtB,CAAC,CAAC,aAAa,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACzC,CAAC,CAAC,sBAAsB,CAAC;IAE7B,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC;IAE/C,OAAO;QACL,OAAO,IAAI,CAAC,EAAE,EAAE;QAChB,iBAAiB,QAAQ,EAAE;QAC3B,gBAAgB,IAAI,CAAC,OAAO,EAAE;QAC9B,KAAK,OAAO,IAAI;QAChB,MAAM,CAAC,CAAC,CAAC,kBAAkB,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE;KACzC;SACE,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,8 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "guardvibe",
|
|
3
|
-
"version": "0.6.
|
|
4
|
-
"description": "
|
|
5
|
-
"author": "GokLab <info@goklab.com>",
|
|
3
|
+
"version": "0.6.4",
|
|
4
|
+
"description": "Local-first security MCP for vibe coding. Focused on TypeScript, JavaScript, Python, Go, Dockerfile, YAML, and Terraform.",
|
|
6
5
|
"type": "module",
|
|
7
6
|
"bin": {
|
|
8
7
|
"guardvibe": "./build/index.js",
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"java.d.ts","sourceRoot":"","sources":["../../../src/data/rules/java.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,SAAS,EAAE,YAAY,EAyEnC,CAAC"}
|
package/build/data/rules/java.js
DELETED
|
@@ -1,70 +0,0 @@
|
|
|
1
|
-
// === Java-specific rules ===
|
|
2
|
-
export const javaRules = [
|
|
3
|
-
{
|
|
4
|
-
id: "VG120",
|
|
5
|
-
name: "Java SQL injection via string concat",
|
|
6
|
-
severity: "critical",
|
|
7
|
-
owasp: "A02:2025 Injection",
|
|
8
|
-
description: "String concatenation in SQL queries allows SQL injection attacks.",
|
|
9
|
-
pattern: /(?:executeQuery|executeUpdate|prepareStatement|createQuery|createNativeQuery)\s*\(\s*['"][^'"]*['"]\s*\+/gi,
|
|
10
|
-
languages: ["java"],
|
|
11
|
-
fix: "Use PreparedStatement with parameter binding: stmt.setString(1, userInput). Never concatenate strings into SQL.",
|
|
12
|
-
fixCode: "// Use PreparedStatement\nPreparedStatement stmt = conn.prepareStatement(\"SELECT * FROM users WHERE id = ?\");\nstmt.setString(1, userId);",
|
|
13
|
-
},
|
|
14
|
-
{
|
|
15
|
-
id: "VG121",
|
|
16
|
-
name: "Java command injection",
|
|
17
|
-
severity: "critical",
|
|
18
|
-
owasp: "A02:2025 Injection",
|
|
19
|
-
description: "User input passed to Runtime.exec() allows arbitrary command execution.",
|
|
20
|
-
pattern: /Runtime\.getRuntime\(\)\.exec\s*\(\s*(?:[^")]*\+|.*(?:request|param|input|args))/gi,
|
|
21
|
-
languages: ["java"],
|
|
22
|
-
fix: "Use ProcessBuilder with a list of arguments. Validate input against an allowlist.",
|
|
23
|
-
fixCode: "// Use ProcessBuilder with list args\nProcessBuilder pb = new ProcessBuilder(\"ls\", \"-la\", dir);\nProcess p = pb.start();",
|
|
24
|
-
},
|
|
25
|
-
{
|
|
26
|
-
id: "VG122",
|
|
27
|
-
name: "Java XSS via JSP",
|
|
28
|
-
severity: "high",
|
|
29
|
-
owasp: "A02:2025 Injection",
|
|
30
|
-
description: "Unescaped output in JSP pages enables Cross-Site Scripting attacks.",
|
|
31
|
-
pattern: /<%=\s*(?:request\.getParameter|session\.getAttribute)/gi,
|
|
32
|
-
languages: ["java"],
|
|
33
|
-
fix: "Use JSTL <c:out> tag or fn:escapeXml() for output encoding. Never use <%= with user input.",
|
|
34
|
-
fixCode: "<!-- Use JSTL c:out for auto-escaping -->\n<c:out value=\"${param.name}\" />",
|
|
35
|
-
},
|
|
36
|
-
{
|
|
37
|
-
id: "VG123",
|
|
38
|
-
name: "Java endpoint without auth annotation",
|
|
39
|
-
severity: "high",
|
|
40
|
-
owasp: "A01:2025 Broken Access Control",
|
|
41
|
-
description: "Spring endpoint without security annotation may be publicly accessible.",
|
|
42
|
-
pattern: /@(?:RequestMapping|GetMapping|PostMapping|PutMapping|DeleteMapping)\s*\([^)]*(?:\/api|\/admin|\/users|\/account)/gi,
|
|
43
|
-
languages: ["java"],
|
|
44
|
-
fix: "Add @PreAuthorize, @Secured, or @RolesAllowed annotation to protect endpoints.",
|
|
45
|
-
fixCode: "// Add Spring Security annotation\n@PreAuthorize(\"hasRole('USER')\")\n@GetMapping(\"/api/data\")\npublic ResponseEntity<?> getData() { }",
|
|
46
|
-
},
|
|
47
|
-
{
|
|
48
|
-
id: "VG124",
|
|
49
|
-
name: "Java weak hashing",
|
|
50
|
-
severity: "critical",
|
|
51
|
-
owasp: "A07:2025 Auth Failures",
|
|
52
|
-
description: "Using MessageDigest with MD5 or SHA-1. These are cryptographically weak for passwords.",
|
|
53
|
-
pattern: /MessageDigest\.getInstance\s*\(\s*['"](?:MD5|SHA-?1)['"]\s*\)/gi,
|
|
54
|
-
languages: ["java"],
|
|
55
|
-
fix: "Use BCryptPasswordEncoder or Argon2PasswordEncoder for password hashing.",
|
|
56
|
-
fixCode: "// Use BCrypt for passwords\nimport org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;\nBCryptPasswordEncoder encoder = new BCryptPasswordEncoder();\nString hash = encoder.encode(password);",
|
|
57
|
-
},
|
|
58
|
-
{
|
|
59
|
-
id: "VG125",
|
|
60
|
-
name: "Java CORS wildcard",
|
|
61
|
-
severity: "high",
|
|
62
|
-
owasp: "A05:2025 Security Misconfiguration",
|
|
63
|
-
description: "Spring @CrossOrigin with wildcard allows any website to access your API.",
|
|
64
|
-
pattern: /@CrossOrigin\s*\(\s*(?:origins\s*=\s*)?['"]?\s*\*/gi,
|
|
65
|
-
languages: ["java"],
|
|
66
|
-
fix: "Set specific allowed origins in @CrossOrigin annotation.",
|
|
67
|
-
fixCode: "// Specify allowed origins\n@CrossOrigin(origins = \"https://myapp.com\")\n@GetMapping(\"/api/data\")",
|
|
68
|
-
},
|
|
69
|
-
];
|
|
70
|
-
//# sourceMappingURL=java.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"java.js","sourceRoot":"","sources":["../../../src/data/rules/java.ts"],"names":[],"mappings":"AAEA,8BAA8B;AAC9B,MAAM,CAAC,MAAM,SAAS,GAAmB;IACvC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,sCAAsC;QAC5C,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,mEAAmE;QACrE,OAAO,EAAE,4GAA4G;QACrH,SAAS,EAAE,CAAC,MAAM,CAAC;QACnB,GAAG,EAAE,iHAAiH;QACtH,OAAO,EAAE,6IAA6I;KACvJ;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,yEAAyE;QAC3E,OAAO,EAAE,oFAAoF;QAC7F,SAAS,EAAE,CAAC,MAAM,CAAC;QACnB,GAAG,EAAE,mFAAmF;QACxF,OAAO,EAAE,8HAA8H;KACxI;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,qEAAqE;QACvE,OAAO,EAAE,yDAAyD;QAClE,SAAS,EAAE,CAAC,MAAM,CAAC;QACnB,GAAG,EAAE,4FAA4F;QACjG,OAAO,EAAE,8EAA8E;KACxF;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uCAAuC;QAC7C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yEAAyE;QAC3E,OAAO,EAAE,oHAAoH;QAC7H,SAAS,EAAE,CAAC,MAAM,CAAC;QACnB,GAAG,EAAE,gFAAgF;QACrF,OAAO,EAAE,2IAA2I;KACrJ;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EACT,wFAAwF;QAC1F,OAAO,EAAE,iEAAiE;QAC1E,SAAS,EAAE,CAAC,MAAM,CAAC;QACnB,GAAG,EAAE,0EAA0E;QAC/E,OAAO,EAAE,8MAA8M;KACxN;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,0EAA0E;QAC5E,OAAO,EAAE,qDAAqD;QAC9D,SAAS,EAAE,CAAC,MAAM,CAAC;QACnB,GAAG,EAAE,0DAA0D;QAC/D,OAAO,EAAE,uGAAuG;KACjH;CACF,CAAC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"php.d.ts","sourceRoot":"","sources":["../../../src/data/rules/php.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,QAAQ,EAAE,YAAY,EA6DlC,CAAC"}
|