guardvibe 0.8.0 → 0.8.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/data/rules/auth.d.ts.map +1 -1
- package/build/data/rules/auth.js +6 -15
- package/build/data/rules/auth.js.map +1 -1
- package/build/data/rules/core.js +8 -8
- package/build/data/rules/core.js.map +1 -1
- package/build/data/rules/database.d.ts.map +1 -1
- package/build/data/rules/database.js +5 -14
- package/build/data/rules/database.js.map +1 -1
- package/build/data/rules/nextjs.js +1 -1
- package/build/data/rules/nextjs.js.map +1 -1
- package/build/index.js +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/data/rules/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,SAAS,EAAE,YAAY,
|
|
1
|
+
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/data/rules/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,SAAS,EAAE,YAAY,EA0GnC,CAAC"}
|
package/build/data/rules/auth.js
CHANGED
|
@@ -6,31 +6,22 @@ export const authRules = [
|
|
|
6
6
|
severity: "high",
|
|
7
7
|
owasp: "A01:2025 Broken Access Control",
|
|
8
8
|
description: "Route handler accesses database without authentication check. Anyone can call this endpoint.",
|
|
9
|
-
pattern: /export\s+(?:async\s+)?function\s+(?:GET|POST|PUT|DELETE|PATCH)\s*\([^)]*\)\s*\{(?:(?!auth\s*\(|getServerSession|currentUser|getUser|requireAuth)[\s\S])*?(?:prisma|db|supabase)\.\w+/g,
|
|
9
|
+
pattern: /export\s+(?:async\s+)?function\s+(?:GET|POST|PUT|DELETE|PATCH)\s*\([^)]*\)\s*\{(?:(?!auth\s*\(|getServerSession|currentUser|getUser|requireAuth|requireAdmin|isAuthenticated|verifyToken|checkAuth|protect)[\s\S])*?(?:prisma|db|supabase)\.\w+/g,
|
|
10
10
|
languages: ["javascript", "typescript"],
|
|
11
11
|
fix: "Add authentication check at the start of every route handler that accesses data.",
|
|
12
12
|
fixCode: 'import { auth } from "@clerk/nextjs/server";\n\nexport async function GET() {\n const { userId } = await auth();\n if (!userId) return new Response("Unauthorized", { status: 401 });\n const data = await db.query(...);\n}',
|
|
13
13
|
compliance: ["SOC2:CC6.6", "PCI-DSS:Req6.5.10", "HIPAA:§164.312(d)"],
|
|
14
14
|
},
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
severity: "high",
|
|
19
|
-
owasp: "A01:2025 Broken Access Control",
|
|
20
|
-
description: "Importing auth() from Clerk without clerkMiddleware configured. auth() returns empty data without middleware.",
|
|
21
|
-
pattern: /import\s*\{[^}]*\bauth\b[^}]*\}\s*from\s*["']@clerk\/nextjs\/server["']/g,
|
|
22
|
-
languages: ["javascript", "typescript"],
|
|
23
|
-
fix: "Ensure clerkMiddleware() is configured in proxy.ts (Next.js 16) or middleware.ts.",
|
|
24
|
-
fixCode: '// proxy.ts or middleware.ts\nimport { clerkMiddleware } from "@clerk/nextjs/server";\nexport default clerkMiddleware();',
|
|
25
|
-
compliance: ["SOC2:CC6.6"],
|
|
26
|
-
},
|
|
15
|
+
// VG421 removed — "Auth Without Middleware" requires project-level filesystem
|
|
16
|
+
// check (does middleware.ts/proxy.ts exist?) which regex-based scanning cannot do.
|
|
17
|
+
// Will be reimplemented as a project-level advisory in scan_directory.
|
|
27
18
|
{
|
|
28
19
|
id: "VG422",
|
|
29
20
|
name: "Clerk Secret Key Client Exposure",
|
|
30
21
|
severity: "critical",
|
|
31
22
|
owasp: "A07:2025 Sensitive Data Exposure",
|
|
32
23
|
description: "CLERK_SECRET_KEY is accessed in client-side code. This key grants full API access to your Clerk account.",
|
|
33
|
-
pattern: /["']use client["'][\s\S]
|
|
24
|
+
pattern: /["']use client["'][\s\S]{0,500}?CLERK_SECRET_KEY/g,
|
|
34
25
|
languages: ["javascript", "typescript"],
|
|
35
26
|
fix: "Never access CLERK_SECRET_KEY in client components. Use it only in server-side code.",
|
|
36
27
|
fixCode: '// Server-side only\nimport { clerkClient } from "@clerk/nextjs/server";\nconst users = await clerkClient.users.getUserList();',
|
|
@@ -78,7 +69,7 @@ export const authRules = [
|
|
|
78
69
|
severity: "high",
|
|
79
70
|
owasp: "A01:2025 Broken Access Control",
|
|
80
71
|
description: "Admin or dashboard route handler does not verify user role or permissions.",
|
|
81
|
-
pattern: /(?:\/admin|\/dashboard)[\s\S]*?export\s+(?:async\s+)?function\s+(?:GET|POST|PUT|DELETE|PATCH|default)\s*\([^)]*\)\s*\{(?:(?!role|permission|isAdmin|orgRole|checkRole)[\s\S])*?\}/g,
|
|
72
|
+
pattern: /(?:\/admin|\/dashboard)[\s\S]*?export\s+(?:async\s+)?function\s+(?:GET|POST|PUT|DELETE|PATCH|default)\s*\([^)]*\)\s*\{(?:(?!role|permission|isAdmin|orgRole|checkRole|requireAdmin|requireRole|adminOnly)[\s\S])*?\}/g,
|
|
82
73
|
languages: ["javascript", "typescript"],
|
|
83
74
|
fix: "Always verify user roles and permissions in admin routes.",
|
|
84
75
|
fixCode: 'import { auth } from "@clerk/nextjs/server";\n\nexport async function GET() {\n const { userId, orgRole } = await auth();\n if (orgRole !== "org:admin") {\n return new Response("Forbidden", { status: 403 });\n }\n}',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/data/rules/auth.ts"],"names":[],"mappings":"AAEA,+DAA+D;AAC/D,MAAM,CAAC,MAAM,SAAS,GAAmB;IACvC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,2BAA2B;QACjC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,8FAA8F;QAChG,OAAO,EACL,
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/data/rules/auth.ts"],"names":[],"mappings":"AAEA,+DAA+D;AAC/D,MAAM,CAAC,MAAM,SAAS,GAAmB;IACvC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,2BAA2B;QACjC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,8FAA8F;QAChG,OAAO,EACL,kPAAkP;QACpP,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,kFAAkF;QACvF,OAAO,EACL,iOAAiO;QACnO,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD,8EAA8E;IAC9E,mFAAmF;IACnF,uEAAuE;IACvE;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,0GAA0G;QAC5G,OAAO,EAAE,mDAAmD;QAC5D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,sFAAsF;QAC3F,OAAO,EACL,gIAAgI;QAClI,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,2GAA2G;QAC7G,OAAO,EAAE,6DAA6D;QACtE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4EAA4E;QACjF,OAAO,EACL,yHAAyH;QAC3H,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,CAAC;KAC7C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,8IAA8I;QAChJ,OAAO,EACL,4FAA4F;QAC9F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iFAAiF;QACtF,OAAO,EACL,iKAAiK;QACnK,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,gIAAgI;QAClI,OAAO,EACL,6GAA6G;QAC/G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iEAAiE;QACtE,OAAO,EACL,+MAA+M;QACjN,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,mCAAmC;QACzC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4EAA4E;QAC9E,OAAO,EACL,uNAAuN;QACzN,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,2DAA2D;QAChE,OAAO,EACL,8NAA8N;QAChO,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,6JAA6J;QAC/J,OAAO,EAAE,kCAAkC;QAC3C,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iDAAiD;QACtD,OAAO,EACL,gKAAgK;QAClK,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;CACF,CAAC"}
|
package/build/data/rules/core.js
CHANGED
|
@@ -7,7 +7,7 @@ export const coreRules = [
|
|
|
7
7
|
severity: "critical",
|
|
8
8
|
owasp: "A01:2025 Broken Access Control",
|
|
9
9
|
description: "Hardcoded passwords, API keys, or secrets detected in source code.",
|
|
10
|
-
pattern: /(?:secret_?key|api_?key|api_?secret|private_?key|access_?key|password|passwd|pwd|
|
|
10
|
+
pattern: /(?:secret_?key|api_?key|api_?secret|private_?key|access_?key|password|passwd|pwd|auth_?token)\w*\s*[:=]\s*['"][^'"]{3,}['"]/gi,
|
|
11
11
|
languages: ["javascript", "typescript", "python", "go"],
|
|
12
12
|
fix: "Use environment variables (process.env.SECRET) or a secrets manager. Never commit credentials to source code.",
|
|
13
13
|
fixCode: "// Use environment variables instead\nconst password = process.env.DB_PASSWORD;\nconst apiKey = process.env.API_KEY;",
|
|
@@ -67,7 +67,7 @@ export const coreRules = [
|
|
|
67
67
|
severity: "critical",
|
|
68
68
|
owasp: "A02:2025 Injection",
|
|
69
69
|
description: "User input passed to shell command functions. This allows arbitrary command execution.",
|
|
70
|
-
pattern: /(?:exec(?:Sync)
|
|
70
|
+
pattern: /(?:(?:child_process|cp)[\s\S]*?(?:exec|execSync|spawn|spawnSync)|\.exec(?:Sync)?\s*\(|\.spawn(?:Sync)?\s*\(|os\.system|os\.popen|subprocess\.(?:call|run|Popen)|shell_exec)\s*\(\s*(?:`[^`]*\$\{|['"][^'"]*['"]\s*\+|f['"][^'"]*\{|.*(?:req\.|request\.|params\.|body\.|input|argv))/gi,
|
|
71
71
|
languages: ["javascript", "typescript", "python", "go", "shell"],
|
|
72
72
|
fix: "Avoid shell commands with user input. Use allowlists and input validation. Prefer spawn() with array arguments. Python: use subprocess.run([...]) with list arguments, never shell=True with user input.",
|
|
73
73
|
fixCode: "// Use spawn with array arguments (no shell)\nimport { spawn } from 'child_process';\nspawn('ls', ['-la', directory]);",
|
|
@@ -128,8 +128,8 @@ export const coreRules = [
|
|
|
128
128
|
severity: "medium",
|
|
129
129
|
owasp: "A03:2025 Software Supply Chain Failures",
|
|
130
130
|
description: "Using '*' or overly broad version ranges in package.json allows untested dependency updates.",
|
|
131
|
-
pattern: /["']\*["']|["']>=\d/gi,
|
|
132
|
-
languages: ["
|
|
131
|
+
pattern: /["']\w+["']\s*:\s*["']\*["']|["']\w+["']\s*:\s*["']>=\d/gi,
|
|
132
|
+
languages: ["json"],
|
|
133
133
|
fix: "Pin dependencies to specific versions or use caret ranges (^1.2.3). Run npm audit regularly.",
|
|
134
134
|
fixCode: "// Pin to specific version\n\"lodash\": \"^4.17.21\"\n// Run: npm audit to check for vulnerabilities",
|
|
135
135
|
},
|
|
@@ -139,7 +139,7 @@ export const coreRules = [
|
|
|
139
139
|
severity: "medium",
|
|
140
140
|
owasp: "A04:2025 Insecure Design",
|
|
141
141
|
description: "Authentication or API endpoints without rate limiting are vulnerable to brute force attacks.",
|
|
142
|
-
pattern: /(?:\/login|\/auth|\/
|
|
142
|
+
pattern: /(?:app|router)\.\s*(?:get|post|put|delete|patch|use)\s*\(\s*['"](?:\/login|\/auth|\/signin|\/register|\/signup|\/forgot-password)/gi,
|
|
143
143
|
languages: ["javascript", "typescript", "python", "go"],
|
|
144
144
|
fix: "Add rate limiting middleware. Express: npm install express-rate-limit. FastAPI: use slowapi. Apply stricter limits on auth endpoints (e.g. 5 requests/minute).",
|
|
145
145
|
fixCode: "// Express rate limiting\nimport rateLimit from 'express-rate-limit';\napp.use('/api/', rateLimit({ windowMs: 15 * 60 * 1000, max: 100 }));",
|
|
@@ -162,7 +162,7 @@ export const coreRules = [
|
|
|
162
162
|
severity: "medium",
|
|
163
163
|
owasp: "A05:2025 Security Misconfiguration",
|
|
164
164
|
description: "Debug mode or verbose error messages exposed in production.",
|
|
165
|
-
pattern: /(?:DEBUG\s*[:=]\s*['"]?(?:true|\*)|console\.log\(.*(?:password|
|
|
165
|
+
pattern: /(?:DEBUG\s*[:=]\s*['"]?(?:true|\*)|console\.log\(.*(?:password|secret_?key|api_?key|private_?key|auth_?token))/gi,
|
|
166
166
|
languages: ["javascript", "typescript", "python"],
|
|
167
167
|
fix: "Disable debug mode in production. Never expose stack traces to users.",
|
|
168
168
|
fixCode: "// Use environment-based config\nconst DEBUG = process.env.NODE_ENV !== 'production';",
|
|
@@ -184,7 +184,7 @@ export const coreRules = [
|
|
|
184
184
|
severity: "critical",
|
|
185
185
|
owasp: "A07:2025 Auth Failures",
|
|
186
186
|
description: "Using MD5 or SHA-1 for password hashing. These are fast hashes, not designed for passwords.",
|
|
187
|
-
pattern: /(?:md5|sha1|
|
|
187
|
+
pattern: /(?:createHash\s*\(\s*['"](?:md5|sha1)['"]\s*\)|(?:md5|sha1)\s*\.\s*(?:new|update|digest|hexdigest|Sum|New)\s*\(|import\s+(?:md5|sha1)|require\s*\(\s*['"](?:md5|sha1)['"]\s*\))/gi,
|
|
188
188
|
languages: ["javascript", "typescript", "python", "go"],
|
|
189
189
|
fix: "Use bcrypt, scrypt, or argon2 for password hashing. Use at least 12 salt rounds.",
|
|
190
190
|
fixCode: "// Use bcrypt for password hashing\nimport bcrypt from 'bcrypt';\nconst hash = await bcrypt.hash(password, 12);\nconst valid = await bcrypt.compare(input, hash);",
|
|
@@ -232,7 +232,7 @@ export const coreRules = [
|
|
|
232
232
|
severity: "high",
|
|
233
233
|
owasp: "A10:2025 SSRF",
|
|
234
234
|
description: "User-supplied URLs passed to fetch/request functions can be used for SSRF attacks.",
|
|
235
|
-
pattern: /(?:fetch|axios|request|http\.get|urllib|requests\.get)\s*\(\s*(?:req\.|request\.|body
|
|
235
|
+
pattern: /(?:fetch|axios|request|http\.get|urllib|requests\.get)\s*\(\s*(?:req\.(?:body|query|params)\.|request\.(?:body|query)\.|body\.\w+|params\.\w+|query\.\w+)/gi,
|
|
236
236
|
languages: ["javascript", "typescript", "python", "go"],
|
|
237
237
|
fix: "Validate and allowlist URLs before making requests. Block internal IP ranges.",
|
|
238
238
|
fixCode: "// Validate URL against allowlist\nconst allowed = ['https://api.example.com'];\nconst url = new URL(input);\nif (!allowed.some(a => url.origin === a)) throw new Error('Blocked');",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"core.js","sourceRoot":"","sources":["../../../src/data/rules/core.ts"],"names":[],"mappings":"AAEA,6EAA6E;AAC7E,6EAA6E;AAC7E,MAAM,CAAC,MAAM,SAAS,GAAmB;IACvC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,oEAAoE;QACjF,OAAO,EACL
|
|
1
|
+
{"version":3,"file":"core.js","sourceRoot":"","sources":["../../../src/data/rules/core.ts"],"names":[],"mappings":"AAEA,6EAA6E;AAC7E,6EAA6E;AAC7E,MAAM,CAAC,MAAM,SAAS,GAAmB;IACvC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,oEAAoE;QACjF,OAAO,EACL,+HAA+H;QACjI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,+GAA+G;QACpH,OAAO,EAAE,sHAAsH;QAC/H,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,cAAc,EAAE,mBAAmB,CAAC;KAClF;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,gGAAgG;QAClG,OAAO,EACL,8GAA8G;QAChH,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC;QACxE,GAAG,EAAE,8IAA8I;QACnJ,OAAO,EAAE,sIAAsI;QAC/I,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,oEAAoE;QACtE,OAAO,EACL,2GAA2G;QAC7G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,uJAAuJ;QAC5J,OAAO,EAAE,2HAA2H;QACpI,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,kEAAkE;QACpE,OAAO,EACL,yGAAyG;QAC3G,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,GAAG,EAAE,2IAA2I;QAChJ,OAAO,EAAE,4GAA4G;QACrH,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,+GAA+G;QACjH,OAAO,EACL,gQAAgQ;QAClQ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,6MAA6M;QAClN,OAAO,EAAE,oKAAoK;QAC7K,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,EAAE,mBAAmB,CAAC;KACpE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EAAE,wFAAwF;QACrG,OAAO,EACL,wRAAwR;QAC1R,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC;QAChE,GAAG,EAAE,0MAA0M;QAC/M,OAAO,EAAE,wHAAwH;QACjI,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,oFAAoF;QACtF,OAAO,EAAE,yEAAyE;QAClF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,MAAM,CAAC;QAC/C,GAAG,EAAE,qIAAqI;QAC1I,6FAA6F;QAC7F,OAAO,EAAE,qJAAqJ,GAAG,+CAA+C;QAChN,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,kHAAkH;QACpH,OAAO,EACL,qEAAqE;QACvE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,mKAAmK;QACxK,OAAO,EAAE,sHAAsH;QAC/H,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,8DAA8D;QAChE,OAAO,EACL,oGAAoG;QACtG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iIAAiI;QACtI,OAAO,EAAE,+JAA+J;QACxK,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,qGAAqG;QACvG,OAAO,EAAE,eAAe;QACxB,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,GAAG,EAAE,mHAAmH;QACxH,OAAO,EAAE,4IAA4I,GAAG,6DAA6D;QACrN,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,yCAAyC;QAChD,WAAW,EACT,8FAA8F;QAChG,OAAO,EAAE,2DAA2D;QACpE,SAAS,EAAE,CAAC,MAAM,CAAC;QACnB,GAAG,EAAE,8FAA8F;QACnG,OAAO,EAAE,sGAAsG;KAChH;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,0BAA0B;QACjC,WAAW,EACT,8FAA8F;QAChG,OAAO,EACL,qIAAqI;QACvI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,gKAAgK;QACrK,OAAO,EAAE,6IAA6I;KACvJ;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,2FAA2F;QAC7F,OAAO,EACL,+IAA+I;QACjJ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,gHAAgH;QACrH,OAAO,EAAE,yGAAyG;QAClH,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,6DAA6D;QAC1E,OAAO,EACL,kHAAkH;QACpH,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,GAAG,EAAE,uEAAuE;QAC5E,OAAO,EAAE,uFAAuF;KACjG;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,gDAAgD;QAC7D,OAAO,EAAE,yCAAyC;QAClD,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oEAAoE;QACzE,OAAO,EAAE,sFAAsF;KAChG;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EACT,6FAA6F;QAC/F,OAAO,EACL,mLAAmL;QACrL,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,kFAAkF;QACvF,OAAO,EAAE,mKAAmK;QAC5K,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,mBAAmB,CAAC;KACtF;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE,4CAA4C;QACzD,OAAO,EAAE,+CAA+C;QACxD,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,+EAA+E;QACpF,OAAO,EAAE,0FAA0F;QACnG,UAAU,EAAE,CAAC,YAAY,EAAE,cAAc,CAAC;KAC3C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,iEAAiE;QACnE,OAAO,EAAE,mDAAmD;QAC5D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,GAAG,EAAE,4EAA4E;QACjF,OAAO,EAAE,mKAAmK;QAC5K,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,2BAA2B;QAClC,WAAW,EACT,yEAAyE;QAC3E,OAAO,EACL,mGAAmG;QACrG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,2EAA2E;QAChF,OAAO,EAAE,oHAAoH;QAC7H,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,WAAW;QACjB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,eAAe;QACtB,WAAW,EACT,oFAAoF;QACtF,OAAO,EACL,6JAA6J;QAC/J,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,+EAA+E;QACpF,OAAO,EAAE,qLAAqL;QAC9L,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,0DAA0D;QACvE,OAAO,EACL,+FAA+F;QACjG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,+EAA+E;QACpF,OAAO,EAAE,mHAAmH;QAC5H,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,wDAAwD;QACrE,OAAO,EACL,yGAAyG;QAC3G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,yFAAyF;QAC9F,OAAO,EAAE,wLAAwL;QACjM,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,qDAAqD;QAClE,OAAO,EACL,iIAAiI;QACnI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,gGAAgG;QACrG,OAAO,EAAE,yJAAyJ;QAClK,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,kFAAkF;QACpF,OAAO,EACL,sFAAsF;QACxF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oHAAoH;QACzH,OAAO,EAAE,2NAA2N;QACpO,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;CACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"database.d.ts","sourceRoot":"","sources":["../../../src/data/rules/database.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,aAAa,EAAE,YAAY,
|
|
1
|
+
{"version":3,"file":"database.d.ts","sourceRoot":"","sources":["../../../src/data/rules/database.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,aAAa,EAAE,YAAY,EAuGvC,CAAC"}
|
|
@@ -12,18 +12,9 @@ export const databaseRules = [
|
|
|
12
12
|
fixCode: '// Server-side: use service role key\nconst supabase = createClient(\n process.env.SUPABASE_URL!,\n process.env.SUPABASE_SERVICE_ROLE_KEY!\n);',
|
|
13
13
|
compliance: ["SOC2:CC6.6", "HIPAA:§164.312(a)"],
|
|
14
14
|
},
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
severity: "medium",
|
|
19
|
-
owasp: "A01:2025 Broken Access Control",
|
|
20
|
-
description: "Supabase client queries data. Ensure Row Level Security policies are configured on your tables.",
|
|
21
|
-
pattern: /supabase\s*\.from\s*\(\s*["']\w+["']\s*\)\s*\.(?:select|insert|update|delete|upsert)\s*\(/g,
|
|
22
|
-
languages: ["javascript", "typescript"],
|
|
23
|
-
fix: "Enable Row Level Security (RLS) on all Supabase tables and create appropriate policies.",
|
|
24
|
-
fixCode: "-- Enable RLS on tables\nALTER TABLE posts ENABLE ROW LEVEL SECURITY;\n\nCREATE POLICY \"Users can read own posts\"\n ON posts FOR SELECT\n USING (auth.uid() = user_id);",
|
|
25
|
-
compliance: ["SOC2:CC6.6"],
|
|
26
|
-
},
|
|
15
|
+
// VG431 removed — "Supabase Missing RLS Warning" triggered on every single
|
|
16
|
+
// supabase.from().select() call, creating extreme noise (1000+ hits in real projects).
|
|
17
|
+
// RLS is a database-level config, not detectable from application code patterns.
|
|
27
18
|
{
|
|
28
19
|
id: "VG432",
|
|
29
20
|
name: "Prisma Raw Query Injection",
|
|
@@ -66,7 +57,7 @@ export const databaseRules = [
|
|
|
66
57
|
severity: "critical",
|
|
67
58
|
owasp: "A07:2025 Sensitive Data Exposure",
|
|
68
59
|
description: "DATABASE_URL or DIRECT_URL is accessed in client-side code. This exposes your database connection string to the browser.",
|
|
69
|
-
pattern: /["']use client["'][\s\S]
|
|
60
|
+
pattern: /["']use client["'][\s\S]{0,500}?process\.env\.(?:DATABASE_URL|DIRECT_URL)/g,
|
|
70
61
|
languages: ["javascript", "typescript"],
|
|
71
62
|
fix: "Never access database URLs in client components. Use Server Components or API routes.",
|
|
72
63
|
fixCode: "// Access database only server-side (no 'use client')\nexport default async function Page() {\n const data = await prisma.user.findMany();\n return <UserList users={data} />;\n}",
|
|
@@ -90,7 +81,7 @@ export const databaseRules = [
|
|
|
90
81
|
severity: "critical",
|
|
91
82
|
owasp: "A07:2025 Sensitive Data Exposure",
|
|
92
83
|
description: "SUPABASE_SERVICE_ROLE_KEY is accessed in client-side code. This key bypasses RLS and grants full database access.",
|
|
93
|
-
pattern: /["']use client["'][\s\S]
|
|
84
|
+
pattern: /["']use client["'][\s\S]{0,500}?(?:SUPABASE_SERVICE_ROLE_KEY|SERVICE_ROLE)/g,
|
|
94
85
|
languages: ["javascript", "typescript"],
|
|
95
86
|
fix: "Never use the service role key in client code.",
|
|
96
87
|
fixCode: '// Server-side only\n"use server";\nconst adminClient = createClient(url, process.env.SUPABASE_SERVICE_ROLE_KEY!);',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"database.js","sourceRoot":"","sources":["../../../src/data/rules/database.ts"],"names":[],"mappings":"AAEA,uDAAuD;AACvD,MAAM,CAAC,MAAM,aAAa,GAAmB;IAC3C;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4GAA4G;QAC9G,OAAO,EAAE,6EAA6E;QACtF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4FAA4F;QACjG,OAAO,EACL,kJAAkJ;QACpJ,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD
|
|
1
|
+
{"version":3,"file":"database.js","sourceRoot":"","sources":["../../../src/data/rules/database.ts"],"names":[],"mappings":"AAEA,uDAAuD;AACvD,MAAM,CAAC,MAAM,aAAa,GAAmB;IAC3C;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4GAA4G;QAC9G,OAAO,EAAE,6EAA6E;QACtF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4FAA4F;QACjG,OAAO,EACL,kJAAkJ;QACpJ,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD,2EAA2E;IAC3E,uFAAuF;IACvF,iFAAiF;IACjF;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,4BAA4B;QAClC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,gIAAgI;QAClI,OAAO,EAAE,oDAAoD;QAC7D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,2DAA2D;QAChE,OAAO,EACL,gJAAgJ;QAClJ,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,2HAA2H;QAC7H,OAAO,EAAE,+CAA+C;QACxD,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,0DAA0D;QAC/D,OAAO,EACL,oGAAoG;QACtG,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,kHAAkH;QACpH,OAAO,EAAE,+DAA+D;QACxE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,8DAA8D;QACnE,OAAO,EACL,+JAA+J;QACjK,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,0HAA0H;QAC5H,OAAO,EAAE,4EAA4E;QACrF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,uFAAuF;QAC5F,OAAO,EACL,qLAAqL;QACvL,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,+EAA+E;QACjF,OAAO,EACL,mFAAmF;QACrF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,OAAO,CAAC;QAChD,GAAG,EAAE,qEAAqE;QAC1E,OAAO,EACL,uIAAuI;QACzI,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,qCAAqC;QAC3C,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,mHAAmH;QACrH,OAAO,EAAE,6EAA6E;QACtF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,gDAAgD;QACrD,OAAO,EACL,oHAAoH;QACtH,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;CACF,CAAC"}
|
|
@@ -6,7 +6,7 @@ export const nextjsRules = [
|
|
|
6
6
|
severity: "critical",
|
|
7
7
|
owasp: "A01:2025 Broken Access Control",
|
|
8
8
|
description: "Server-side environment variable accessed in a 'use client' component. These values are exposed to the browser. Only NEXT_PUBLIC_ variables are safe in client components.",
|
|
9
|
-
pattern: /["']use client["'][\s\S]
|
|
9
|
+
pattern: /["']use client["'][\s\S]{0,500}?process\.env\.(?!NEXT_PUBLIC_)\w+/g,
|
|
10
10
|
languages: ["javascript", "typescript"],
|
|
11
11
|
fix: "Move this logic to a Server Component or Server Action. Only process.env.NEXT_PUBLIC_* variables are available in client components.",
|
|
12
12
|
fixCode: '// Move to a Server Component (no \'use client\')\nexport default async function Page() {\n const secret = process.env.SECRET_KEY;\n return <ClientComponent data={safeData} />;\n}',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"nextjs.js","sourceRoot":"","sources":["../../../src/data/rules/nextjs.ts"],"names":[],"mappings":"AAEA,iDAAiD;AACjD,MAAM,CAAC,MAAM,WAAW,GAAmB;IACzC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4KAA4K;QAC9K,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"nextjs.js","sourceRoot":"","sources":["../../../src/data/rules/nextjs.ts"],"names":[],"mappings":"AAEA,iDAAiD;AACjD,MAAM,CAAC,MAAM,WAAW,GAAmB;IACzC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4KAA4K;QAC9K,OAAO,EAAE,oEAAoE;QAC7E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,sIAAsI;QAC3I,OAAO,EACL,uLAAuL;QACzL,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,+GAA+G;QACjH,OAAO,EACL,qDAAqD;QACvD,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,kFAAkF;QACvF,OAAO,EACL,sPAAsP;QACxP,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,0IAA0I;QAC5I,OAAO,EACL,2KAA2K;QAC7K,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,mEAAmE;QACxE,OAAO,EACL,uMAAuM;QACzM,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,uHAAuH;QACzH,OAAO,EACL,4GAA4G;QAC9G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,gEAAgE;QACrE,OAAO,EACL,kLAAkL;QACpL,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yGAAyG;QAC3G,OAAO,EAAE,yDAAyD;QAClE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,2DAA2D;QAChE,OAAO,EACL,4GAA4G;QAC9G,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,yCAAyC;QAC/C,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,0HAA0H;QAC5H,OAAO,EACL,6EAA6E;QAC/E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4DAA4D;QACjE,OAAO,EACL,mTAAmT;QACrT,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,yHAAyH;QAC3H,OAAO,EACL,4JAA4J;QAC9J,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,qFAAqF;QAC1F,OAAO,EACL,+RAA+R;QACjS,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,+GAA+G;QACjH,OAAO,EACL,2FAA2F;QAC7F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oFAAoF;QACzF,OAAO,EACL,yNAAyN;QAC3N,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,uLAAuL;QACzL,OAAO,EAAE,qDAAqD;QAC9D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oFAAoF;QACzF,OAAO,EACL,oOAAoO;QACtO,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,qIAAqI;QACvI,OAAO,EACL,qFAAqF;QACvF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iEAAiE;QACtE,OAAO,EACL,+RAA+R;QACjS,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,iCAAiC;QACvC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yIAAyI;QAC3I,OAAO,EACL,0IAA0I;QAC5I,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,uEAAuE;QAC5E,OAAO,EACL,oRAAoR;QACtR,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,2LAA2L;QAC7L,OAAO,EACL,2EAA2E;QAC7E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,OAAO,CAAC;QAChD,GAAG,EAAE,iFAAiF;QACtF,OAAO,EACL,iKAAiK;QACnK,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;CACF,CAAC"}
|
package/build/index.js
CHANGED
|
@@ -18,7 +18,7 @@ import { builtinRules } from "./data/rules/index.js";
|
|
|
18
18
|
import { loadConfig } from "./utils/config.js";
|
|
19
19
|
const server = new McpServer({
|
|
20
20
|
name: "guardvibe",
|
|
21
|
-
version: "0.8.
|
|
21
|
+
version: "0.8.2",
|
|
22
22
|
});
|
|
23
23
|
// Tool 1: Analyze code for security vulnerabilities
|
|
24
24
|
server.tool("check_code", "Analyze code for security vulnerabilities (OWASP Top 10, XSS, SQL injection, insecure patterns). Use this when reviewing or writing code to catch security issues early.", {
|
package/package.json
CHANGED