guardvibe 1.1.1 → 1.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +191 -21
- package/README.md +98 -32
- package/build/cli.js +0 -0
- package/build/data/rules/api-security.d.ts +3 -0
- package/build/data/rules/api-security.d.ts.map +1 -0
- package/build/data/rules/api-security.js +131 -0
- package/build/data/rules/api-security.js.map +1 -0
- package/build/data/rules/auth.js +1 -1
- package/build/data/rules/auth.js.map +1 -1
- package/build/data/rules/core.js +4 -4
- package/build/data/rules/core.js.map +1 -1
- package/build/data/rules/cve-versions.d.ts.map +1 -1
- package/build/data/rules/cve-versions.js +97 -0
- package/build/data/rules/cve-versions.js.map +1 -1
- package/build/data/rules/database.js +4 -4
- package/build/data/rules/database.js.map +1 -1
- package/build/data/rules/index.d.ts.map +1 -1
- package/build/data/rules/index.js +4 -0
- package/build/data/rules/index.js.map +1 -1
- package/build/data/rules/modern-stack.d.ts +3 -0
- package/build/data/rules/modern-stack.d.ts.map +1 -0
- package/build/data/rules/modern-stack.js +414 -0
- package/build/data/rules/modern-stack.js.map +1 -0
- package/build/data/rules/nextjs.js +1 -1
- package/build/data/rules/nextjs.js.map +1 -1
- package/build/index.js +20 -1
- package/build/index.js.map +1 -1
- package/build/tools/check-code.d.ts.map +1 -1
- package/build/tools/check-code.js +45 -0
- package/build/tools/check-code.js.map +1 -1
- package/build/tools/fix-code.d.ts +17 -0
- package/build/tools/fix-code.d.ts.map +1 -0
- package/build/tools/fix-code.js +142 -0
- package/build/tools/fix-code.js.map +1 -0
- package/package.json +17 -5
|
@@ -21,6 +21,40 @@ function parseSuppressionsFromCode(lines) {
|
|
|
21
21
|
function isLineSuppressed(suppressions, line, ruleId) {
|
|
22
22
|
return suppressions.some(s => s.line === line && (s.ruleId === null || s.ruleId === ruleId));
|
|
23
23
|
}
|
|
24
|
+
/**
|
|
25
|
+
* Check if a match falls entirely within a comment line.
|
|
26
|
+
* Supports //, #, /asterisk, <!-- style comments.
|
|
27
|
+
*/
|
|
28
|
+
function isInComment(lines, lineNumber) {
|
|
29
|
+
const line = lines[lineNumber - 1];
|
|
30
|
+
if (!line)
|
|
31
|
+
return false;
|
|
32
|
+
const trimmed = line.trimStart();
|
|
33
|
+
return (trimmed.startsWith("//") ||
|
|
34
|
+
trimmed.startsWith("#") ||
|
|
35
|
+
trimmed.startsWith("*") ||
|
|
36
|
+
trimmed.startsWith("<!--") ||
|
|
37
|
+
trimmed.startsWith("/*"));
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* Check if a match on a given line is inside a string value used as a
|
|
41
|
+
* human-readable message (UI label, error text) rather than an actual secret.
|
|
42
|
+
*/
|
|
43
|
+
function isHumanReadableString(lines, lineNumber) {
|
|
44
|
+
const line = lines[lineNumber - 1];
|
|
45
|
+
if (!line)
|
|
46
|
+
return false;
|
|
47
|
+
// Extract the string value portion after the key assignment
|
|
48
|
+
const strMatch = /[:=]\s*["'`]([^"'`]{10,})["'`]/.exec(line);
|
|
49
|
+
if (!strMatch)
|
|
50
|
+
return false;
|
|
51
|
+
const value = strMatch[1];
|
|
52
|
+
// If the value contains 4+ words it's a natural-language sentence, not a secret
|
|
53
|
+
const words = value.split(/\s+/);
|
|
54
|
+
if (words.length >= 4)
|
|
55
|
+
return true;
|
|
56
|
+
return false;
|
|
57
|
+
}
|
|
24
58
|
export function analyzeCode(code, language, framework, filePath, configDir, rules) {
|
|
25
59
|
const config = loadConfig(configDir);
|
|
26
60
|
const findings = [];
|
|
@@ -50,6 +84,17 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
|
|
|
50
84
|
const lineNumber = beforeMatch.split("\n").length;
|
|
51
85
|
if (isLineSuppressed(suppressions, lineNumber, rule.id))
|
|
52
86
|
continue;
|
|
87
|
+
// Skip matches on comment lines for code-pattern rules.
|
|
88
|
+
// CVE version rules (VG9xx) scan package.json so they're exempt.
|
|
89
|
+
if (!rule.id.startsWith("VG9")) {
|
|
90
|
+
if (isInComment(lines, lineNumber))
|
|
91
|
+
continue;
|
|
92
|
+
}
|
|
93
|
+
// Skip hardcoded-credential rules when the value is a human-readable sentence
|
|
94
|
+
if (rule.id === "VG001" || rule.id === "VG062") {
|
|
95
|
+
if (isHumanReadableString(lines, lineNumber))
|
|
96
|
+
continue;
|
|
97
|
+
}
|
|
53
98
|
findings.push({
|
|
54
99
|
rule: effectiveRule,
|
|
55
100
|
match: match[0].substring(0, 80),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check-code.js","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAqB,MAAM,wBAAwB,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAahD,SAAS,yBAAyB,CAAC,KAAe;IAChD,MAAM,YAAY,GAAkB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,0EAA0E,CAAC;IAE3F,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACrC,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAChC,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAC;QAEnE,IAAI,UAAU,EAAE,CAAC;YACf,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACtE,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACtE,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,gBAAgB,CAAC,YAA2B,EAAE,IAAY,EAAE,MAAc;IACjF,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,MAAM,KAAK,IAAI,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC;AAC/F,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,IAAY,EACZ,QAAgB,EAChB,SAAkB,EAClB,QAAiB,EACjB,SAAkB,EAClB,KAAsB;IAEtB,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,YAAY,GAAG,yBAAyB,CAAC,KAAK,CAAC,CAAC;IAEtD,MAAM,cAAc,GAAG,KAAK,IAAI,UAAU,CAAC;IAE3C,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEjD,8BAA8B;QAC9B,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAAE,SAAS;QAErD,4EAA4E;QAC5E,0DAA0D;QAC1D,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,QAAQ,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAAE,SAAS;QAChG,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,QAAQ,KAAK,MAAM;YAAE,SAAS;QAC7E,IAAI,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAE3B,sCAAsC;QACtC,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAClD,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAQ,EAAE;YAC9D,CAAC,CAAC,IAAI,CAAC;QAET,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAClD,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACnD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAElD,IAAI,gBAAgB,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,CAAC,EAAE,CAAC;gBAAE,SAAS;YAElE,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,aAAa;gBACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;gBAChC,IAAI,EAAE,UAAU;aACjB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,QAAmB,EAAE,KAA+B;IACrF,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAC7E,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACrE,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IACzE,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM,CAAC;IAEnE,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,OAAO,EAAE;YACP,KAAK,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG;YACnD,OAAO,EAAE,QAAQ,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC;YACjC,GAAG,KAAK;SACT;QACD,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC3B,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ;YAC3D,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK;YACjD,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU;SACxE,CAAC,CAAC;KACJ,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,SAAS,CACvB,IAAY,EACZ,QAAgB,EAChB,SAAkB,EAClB,QAAiB,EACjB,SAAkB,EAClB,SAA8B,UAAU,EACxC,KAAsB;IAEtB,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;IAEpF,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,kBAAkB,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,iBAAiB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB,EAAE,SAAkB;IAC7D,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,KAAK,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/C,OAAO;QACL,6BAA6B;QAC7B,EAAE;QACF,iBAAiB,QAAQ,GAAG,GAAG,EAAE;QACjC,yCAAyC;QACzC,EAAE;QACF,mDAAmD;QACnD,6CAA6C;QAC7C,mDAAmD;QACnD,yCAAyC;QACzC,sCAAsC;KACvC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CACnB,QAAmB,EACnB,QAAgB,EAChB,SAAkB;IAElB,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,KAAK,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAE/C,oBAAoB;IACpB,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAE3E,4BAA4B;IAC5B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAqB,CAAC;IAC7C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,CAAC,EAAE,SAAS,CAAC,EAAE,EAAE;QACvF,OAAO,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC/F,CAAC,CAAC,CAAC;IAEH,+EAA+E;IAC/E,MAAM,WAAW,GAAG,QAAQ,CAAC;IAC7B,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACvF,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC/E,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IAEnF,MAAM,KAAK,GAAG;QACZ,6BAA6B;QAC7B,EAAE;QACF,iBAAiB,QAAQ,GAAG,GAAG,EAAE;QACjC,qBAAqB,WAAW,CAAC,MAAM,EAAE;QACzC,kBAAkB,aAAa,cAAc,SAAS,UAAU,WAAW,SAAS;QACpF,EAAE;QACF,KAAK;QACL,EAAE;KACH,CAAC;IAEF,KAAK,MAAM,CAAC,EAAE,aAAa,CAAC,IAAI,YAAY,EAAE,CAAC;QAC7C,MAAM,KAAK,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,IAAI,GACR,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU;YAChC,CAAC,CAAC,UAAU;YACZ,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM;gBAC9B,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ;oBAChC,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,KAAK,CAAC;QAEhB,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnE,KAAK,CAAC,IAAI,CACR,OAAO,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG,EACpD,EAAE,EACF,cAAc,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAChC,oBAAoB,aAAa,CAAC,MAAM,YAAY,QAAQ,GAAG,EAC/D,wBAAwB,KAAK,CAAC,KAAK,IAAI,EACvC,EAAE,EACF,KAAK,CAAC,IAAI,CAAC,WAAW,EACtB,EAAE,EACF,YAAY,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,EAC5B,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAC/F,EAAE,EACF,KAAK,EACL,EAAE,CACH,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,oCAAoC;YACpC,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;gBACpC,KAAK,CAAC,IAAI,CACR,OAAO,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EACxD,EAAE,EACF,cAAc,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,EAClC,cAAc,OAAO,CAAC,IAAI,EAAE,EAC5B,gBAAgB,OAAO,CAAC,KAAK,IAAI,EACjC,EAAE,EACF,OAAO,CAAC,IAAI,CAAC,WAAW,EACxB,EAAE,EACF,YAAY,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,EAC9B,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EACnG,EAAE,EACF,KAAK,EACL,EAAE,CACH,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
1
|
+
{"version":3,"file":"check-code.js","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAqB,MAAM,wBAAwB,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAahD,SAAS,yBAAyB,CAAC,KAAe;IAChD,MAAM,YAAY,GAAkB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,0EAA0E,CAAC;IAE3F,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACrC,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAChC,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,4BAA4B,CAAC,CAAC;QAEnE,IAAI,UAAU,EAAE,CAAC;YACf,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACtE,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACtE,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,gBAAgB,CAAC,YAA2B,EAAE,IAAY,EAAE,MAAc;IACjF,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,MAAM,KAAK,IAAI,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC;AAC/F,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAAC,KAAe,EAAE,UAAkB;IACtD,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;IACnC,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IACxB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;IACjC,OAAO,CACL,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;QACxB,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QACvB,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QACvB,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC;QAC1B,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CACzB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAAC,KAAe,EAAE,UAAkB;IAChE,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;IACnC,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IAExB,4DAA4D;IAC5D,MAAM,QAAQ,GAAG,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7D,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5B,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAE1B,gFAAgF;IAChF,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACjC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAEnC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,IAAY,EACZ,QAAgB,EAChB,SAAkB,EAClB,QAAiB,EACjB,SAAkB,EAClB,KAAsB;IAEtB,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,YAAY,GAAG,yBAAyB,CAAC,KAAK,CAAC,CAAC;IAEtD,MAAM,cAAc,GAAG,KAAK,IAAI,UAAU,CAAC;IAE3C,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEjD,8BAA8B;QAC9B,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAAE,SAAS;QAErD,4EAA4E;QAC5E,0DAA0D;QAC1D,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,QAAQ,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAAE,SAAS;QAChG,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,QAAQ,KAAK,MAAM;YAAE,SAAS;QAC7E,IAAI,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAE3B,sCAAsC;QACtC,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAClD,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAQ,EAAE;YAC9D,CAAC,CAAC,IAAI,CAAC;QAET,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAClD,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACnD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAElD,IAAI,gBAAgB,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,CAAC,EAAE,CAAC;gBAAE,SAAS;YAElE,wDAAwD;YACxD,iEAAiE;YACjE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC/B,IAAI,WAAW,CAAC,KAAK,EAAE,UAAU,CAAC;oBAAE,SAAS;YAC/C,CAAC;YAED,8EAA8E;YAC9E,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO,IAAI,IAAI,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;gBAC/C,IAAI,qBAAqB,CAAC,KAAK,EAAE,UAAU,CAAC;oBAAE,SAAS;YACzD,CAAC;YAED,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,aAAa;gBACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;gBAChC,IAAI,EAAE,UAAU;aACjB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,QAAmB,EAAE,KAA+B;IACrF,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAC7E,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACrE,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IACzE,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM,CAAC;IAEnE,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,OAAO,EAAE;YACP,KAAK,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG;YACnD,OAAO,EAAE,QAAQ,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC;YACjC,GAAG,KAAK;SACT;QACD,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC3B,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ;YAC3D,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK;YACjD,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU;SACxE,CAAC,CAAC;KACJ,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,SAAS,CACvB,IAAY,EACZ,QAAgB,EAChB,SAAkB,EAClB,QAAiB,EACjB,SAAkB,EAClB,SAA8B,UAAU,EACxC,KAAsB;IAEtB,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;IAEpF,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,kBAAkB,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,iBAAiB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB,EAAE,SAAkB;IAC7D,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,KAAK,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/C,OAAO;QACL,6BAA6B;QAC7B,EAAE;QACF,iBAAiB,QAAQ,GAAG,GAAG,EAAE;QACjC,yCAAyC;QACzC,EAAE;QACF,mDAAmD;QACnD,6CAA6C;QAC7C,mDAAmD;QACnD,yCAAyC;QACzC,sCAAsC;KACvC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CACnB,QAAmB,EACnB,QAAgB,EAChB,SAAkB;IAElB,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,KAAK,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAE/C,oBAAoB;IACpB,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAE3E,4BAA4B;IAC5B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAqB,CAAC;IAC7C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,CAAC,EAAE,SAAS,CAAC,EAAE,EAAE;QACvF,OAAO,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC/F,CAAC,CAAC,CAAC;IAEH,+EAA+E;IAC/E,MAAM,WAAW,GAAG,QAAQ,CAAC;IAC7B,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACvF,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC/E,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IAEnF,MAAM,KAAK,GAAG;QACZ,6BAA6B;QAC7B,EAAE;QACF,iBAAiB,QAAQ,GAAG,GAAG,EAAE;QACjC,qBAAqB,WAAW,CAAC,MAAM,EAAE;QACzC,kBAAkB,aAAa,cAAc,SAAS,UAAU,WAAW,SAAS;QACpF,EAAE;QACF,KAAK;QACL,EAAE;KACH,CAAC;IAEF,KAAK,MAAM,CAAC,EAAE,aAAa,CAAC,IAAI,YAAY,EAAE,CAAC;QAC7C,MAAM,KAAK,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,IAAI,GACR,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU;YAChC,CAAC,CAAC,UAAU;YACZ,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM;gBAC9B,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ;oBAChC,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,KAAK,CAAC;QAEhB,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnE,KAAK,CAAC,IAAI,CACR,OAAO,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG,EACpD,EAAE,EACF,cAAc,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAChC,oBAAoB,aAAa,CAAC,MAAM,YAAY,QAAQ,GAAG,EAC/D,wBAAwB,KAAK,CAAC,KAAK,IAAI,EACvC,EAAE,EACF,KAAK,CAAC,IAAI,CAAC,WAAW,EACtB,EAAE,EACF,YAAY,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,EAC5B,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAC/F,EAAE,EACF,KAAK,EACL,EAAE,CACH,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,oCAAoC;YACpC,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;gBACpC,KAAK,CAAC,IAAI,CACR,OAAO,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EACxD,EAAE,EACF,cAAc,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,EAClC,cAAc,OAAO,CAAC,IAAI,EAAE,EAC5B,gBAAgB,OAAO,CAAC,KAAK,IAAI,EACjC,EAAE,EACF,OAAO,CAAC,IAAI,CAAC,WAAW,EACxB,EAAE,EACF,YAAY,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,EAC9B,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,kBAAkB,EAAE,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EACnG,EAAE,EACF,KAAK,EACL,EAAE,CACH,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import { type SecurityRule } from "../data/rules/index.js";
|
|
2
|
+
export interface FixSuggestion {
|
|
3
|
+
ruleId: string;
|
|
4
|
+
ruleName: string;
|
|
5
|
+
severity: string;
|
|
6
|
+
line: number;
|
|
7
|
+
match: string;
|
|
8
|
+
description: string;
|
|
9
|
+
fix: string;
|
|
10
|
+
fixCode?: string;
|
|
11
|
+
patch?: string;
|
|
12
|
+
}
|
|
13
|
+
/**
|
|
14
|
+
* Analyze code and return structured fix suggestions that an AI agent can apply.
|
|
15
|
+
*/
|
|
16
|
+
export declare function fixCode(code: string, language: string, framework?: string, filePath?: string, format?: "markdown" | "json", rules?: SecurityRule[]): string;
|
|
17
|
+
//# sourceMappingURL=fix-code.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"fix-code.d.ts","sourceRoot":"","sources":["../../src/tools/fix-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,KAAK,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAGvE,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,wBAAgB,OAAO,CACrB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,EACjB,MAAM,GAAE,UAAU,GAAG,MAAe,EACpC,KAAK,CAAC,EAAE,YAAY,EAAE,GACrB,MAAM,CAsBR"}
|
|
@@ -0,0 +1,142 @@
|
|
|
1
|
+
import { owaspRules } from "../data/rules/index.js";
|
|
2
|
+
import { analyzeCode } from "./check-code.js";
|
|
3
|
+
/**
|
|
4
|
+
* Analyze code and return structured fix suggestions that an AI agent can apply.
|
|
5
|
+
*/
|
|
6
|
+
export function fixCode(code, language, framework, filePath, format = "json", rules) {
|
|
7
|
+
const effectiveRules = rules ?? owaspRules;
|
|
8
|
+
const findings = analyzeCode(code, language, framework, filePath, undefined, effectiveRules);
|
|
9
|
+
if (findings.length === 0) {
|
|
10
|
+
if (format === "json") {
|
|
11
|
+
return JSON.stringify({ status: "clean", fixes: [] });
|
|
12
|
+
}
|
|
13
|
+
return "# GuardVibe Auto-Fix\n\n**Status:** No security issues found. Code is clean!";
|
|
14
|
+
}
|
|
15
|
+
const suggestions = generateFixSuggestions(findings, code);
|
|
16
|
+
if (format === "json") {
|
|
17
|
+
return JSON.stringify({
|
|
18
|
+
status: "issues_found",
|
|
19
|
+
total: suggestions.length,
|
|
20
|
+
fixes: suggestions,
|
|
21
|
+
});
|
|
22
|
+
}
|
|
23
|
+
return formatFixMarkdown(suggestions);
|
|
24
|
+
}
|
|
25
|
+
function generateFixSuggestions(findings, code) {
|
|
26
|
+
const lines = code.split("\n");
|
|
27
|
+
const seen = new Set();
|
|
28
|
+
const suggestions = [];
|
|
29
|
+
for (const finding of findings) {
|
|
30
|
+
// Deduplicate by rule+line
|
|
31
|
+
const key = `${finding.rule.id}:${finding.line}`;
|
|
32
|
+
if (seen.has(key))
|
|
33
|
+
continue;
|
|
34
|
+
seen.add(key);
|
|
35
|
+
const sourceLine = lines[finding.line - 1] || "";
|
|
36
|
+
const patch = generatePatch(finding, sourceLine);
|
|
37
|
+
suggestions.push({
|
|
38
|
+
ruleId: finding.rule.id,
|
|
39
|
+
ruleName: finding.rule.name,
|
|
40
|
+
severity: finding.rule.severity,
|
|
41
|
+
line: finding.line,
|
|
42
|
+
match: finding.match,
|
|
43
|
+
description: finding.rule.description,
|
|
44
|
+
fix: finding.rule.fix,
|
|
45
|
+
fixCode: finding.rule.fixCode,
|
|
46
|
+
patch,
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
// Sort by severity (critical first)
|
|
50
|
+
const severityOrder = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
|
|
51
|
+
suggestions.sort((a, b) => (severityOrder[a.severity] ?? 4) - (severityOrder[b.severity] ?? 4));
|
|
52
|
+
return suggestions;
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* Generate a concrete patch suggestion for the matched line.
|
|
56
|
+
* Returns a before/after replacement when possible.
|
|
57
|
+
*/
|
|
58
|
+
function generatePatch(finding, sourceLine) {
|
|
59
|
+
const { rule } = finding;
|
|
60
|
+
switch (rule.id) {
|
|
61
|
+
// Hardcoded credentials -> env var
|
|
62
|
+
case "VG001":
|
|
63
|
+
case "VG062": {
|
|
64
|
+
const match = /(\w+)\s*[:=]\s*['"][^'"]+['"]/.exec(sourceLine);
|
|
65
|
+
if (match) {
|
|
66
|
+
const varName = match[1];
|
|
67
|
+
const envName = varName.replace(/([a-z])([A-Z])/g, "$1_$2").toUpperCase();
|
|
68
|
+
return `// Before:\n${sourceLine.trim()}\n// After:\nconst ${varName} = process.env.${envName};`;
|
|
69
|
+
}
|
|
70
|
+
break;
|
|
71
|
+
}
|
|
72
|
+
// innerHTML -> textContent
|
|
73
|
+
case "VG012":
|
|
74
|
+
case "VG408": {
|
|
75
|
+
if (sourceLine.includes("innerHTML")) {
|
|
76
|
+
return `// Before:\n${sourceLine.trim()}\n// After:\n${sourceLine.trim().replace("innerHTML", "textContent")}`;
|
|
77
|
+
}
|
|
78
|
+
if (sourceLine.includes("dangerouslySetInnerHTML")) {
|
|
79
|
+
return '// Replace dangerouslySetInnerHTML with a sanitizer:\nimport DOMPurify from "dompurify";\n// Use: <div dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(content) }} />';
|
|
80
|
+
}
|
|
81
|
+
break;
|
|
82
|
+
}
|
|
83
|
+
// SQL injection -> parameterized
|
|
84
|
+
case "VG010": {
|
|
85
|
+
return "// Replace template literal interpolation with parameterized query:\n// Before: query(`SELECT * FROM users WHERE id = ${id}`)\n// After: query('SELECT * FROM users WHERE id = $1', [id])";
|
|
86
|
+
}
|
|
87
|
+
// Missing auth -> add auth check
|
|
88
|
+
case "VG002":
|
|
89
|
+
case "VG420":
|
|
90
|
+
case "VG952": {
|
|
91
|
+
return '// Add authentication check at the start:\nconst { userId } = await auth();\nif (!userId) return new Response("Unauthorized", { status: 401 });';
|
|
92
|
+
}
|
|
93
|
+
// Mass assignment -> explicit fields
|
|
94
|
+
case "VG953": {
|
|
95
|
+
return "// Replace spread with explicit field selection:\n// Before: data: { ...req.body }\n// After: const { field1, field2 } = schema.parse(req.body);\n// data: { field1, field2 }";
|
|
96
|
+
}
|
|
97
|
+
// CORS wildcard -> specific origin
|
|
98
|
+
case "VG040":
|
|
99
|
+
case "VG403": {
|
|
100
|
+
return '// Replace wildcard with specific origin:\n// Before: "Access-Control-Allow-Origin": "*"\n// After: "Access-Control-Allow-Origin": process.env.ALLOWED_ORIGIN';
|
|
101
|
+
}
|
|
102
|
+
// Error leak -> generic message
|
|
103
|
+
case "VG959": {
|
|
104
|
+
return '// Replace error details with generic message:\ncatch (error) {\n console.error("Internal error:", error);\n return Response.json({ error: "Something went wrong" }, { status: 500 });\n}';
|
|
105
|
+
}
|
|
106
|
+
// BOLA -> add ownership check
|
|
107
|
+
case "VG950":
|
|
108
|
+
case "VG951": {
|
|
109
|
+
return "// Add ownership check to the query:\n// Before: where: { id: params.id }\n// After: where: { id: params.id, userId }";
|
|
110
|
+
}
|
|
111
|
+
default:
|
|
112
|
+
break;
|
|
113
|
+
}
|
|
114
|
+
// Fallback: no specific patch
|
|
115
|
+
return undefined;
|
|
116
|
+
}
|
|
117
|
+
function formatFixMarkdown(suggestions) {
|
|
118
|
+
const lines = [
|
|
119
|
+
"# GuardVibe Auto-Fix Suggestions",
|
|
120
|
+
"",
|
|
121
|
+
`**Issues found:** ${suggestions.length}`,
|
|
122
|
+
"",
|
|
123
|
+
"Apply these fixes to resolve security vulnerabilities:",
|
|
124
|
+
"",
|
|
125
|
+
"---",
|
|
126
|
+
"",
|
|
127
|
+
];
|
|
128
|
+
for (let i = 0; i < suggestions.length; i++) {
|
|
129
|
+
const s = suggestions[i];
|
|
130
|
+
const severity = s.severity.toUpperCase();
|
|
131
|
+
lines.push(`## Fix ${i + 1}: ${s.ruleName} (${s.ruleId})`, "", `**Severity:** ${severity}`, `**Line:** ${s.line}`, `**Match:** \`${s.match}\``, "", s.description, "", `**How to fix:** ${s.fix}`, "");
|
|
132
|
+
if (s.patch) {
|
|
133
|
+
lines.push("**Suggested patch:**", "```", s.patch, "```", "");
|
|
134
|
+
}
|
|
135
|
+
if (s.fixCode) {
|
|
136
|
+
lines.push("**Reference secure code:**", "```", s.fixCode, "```", "");
|
|
137
|
+
}
|
|
138
|
+
lines.push("---", "");
|
|
139
|
+
}
|
|
140
|
+
return lines.join("\n");
|
|
141
|
+
}
|
|
142
|
+
//# sourceMappingURL=fix-code.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"fix-code.js","sourceRoot":"","sources":["../../src/tools/fix-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAqB,MAAM,wBAAwB,CAAC;AACvE,OAAO,EAAE,WAAW,EAAgB,MAAM,iBAAiB,CAAC;AAc5D;;GAEG;AACH,MAAM,UAAU,OAAO,CACrB,IAAY,EACZ,QAAgB,EAChB,SAAkB,EAClB,QAAiB,EACjB,SAA8B,MAAM,EACpC,KAAsB;IAEtB,MAAM,cAAc,GAAG,KAAK,IAAI,UAAU,CAAC;IAC3C,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;IAE7F,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,8EAA8E,CAAC;IACxF,CAAC;IAED,MAAM,WAAW,GAAG,sBAAsB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAE3D,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,MAAM,EAAE,cAAc;YACtB,KAAK,EAAE,WAAW,CAAC,MAAM;YACzB,KAAK,EAAE,WAAW;SACnB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,iBAAiB,CAAC,WAAW,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,sBAAsB,CAAC,QAAmB,EAAE,IAAY;IAC/D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,WAAW,GAAoB,EAAE,CAAC;IAExC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,2BAA2B;QAC3B,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjD,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAEd,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACjD,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAEjD,WAAW,CAAC,IAAI,CAAC;YACf,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,EAAE;YACvB,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI;YAC3B,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,QAAQ;YAC/B,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,WAAW;YACrC,GAAG,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG;YACrB,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,OAAO;YAC7B,KAAK;SACN,CAAC,CAAC;IACL,CAAC;IAED,oCAAoC;IACpC,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACnG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEhG,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,OAAgB,EAAE,UAAkB;IACzD,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IAEzB,QAAQ,IAAI,CAAC,EAAE,EAAE,CAAC;QAChB,mCAAmC;QACnC,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,KAAK,GAAG,+BAA+B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC/D,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACzB,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC1E,OAAO,eAAe,UAAU,CAAC,IAAI,EAAE,sBAAsB,OAAO,kBAAkB,OAAO,GAAG,CAAC;YACnG,CAAC;YACD,MAAM;QACR,CAAC;QAED,2BAA2B;QAC3B,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,IAAI,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACrC,OAAO,eAAe,UAAU,CAAC,IAAI,EAAE,gBAAgB,UAAU,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,aAAa,CAAC,EAAE,CAAC;YACjH,CAAC;YACD,IAAI,UAAU,CAAC,QAAQ,CAAC,yBAAyB,CAAC,EAAE,CAAC;gBACnD,OAAO,6KAA6K,CAAC;YACvL,CAAC;YACD,MAAM;QACR,CAAC;QAED,iCAAiC;QACjC,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,OAAO,4LAA4L,CAAC;QACtM,CAAC;QAED,iCAAiC;QACjC,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,OAAO,iJAAiJ,CAAC;QAC3J,CAAC;QAED,qCAAqC;QACrC,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,OAAO,wLAAwL,CAAC;QAClM,CAAC;QAED,mCAAmC;QACnC,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,OAAO,gKAAgK,CAAC;QAC1K,CAAC;QAED,gCAAgC;QAChC,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,OAAO,6LAA6L,CAAC;QACvM,CAAC;QAED,8BAA8B;QAC9B,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,OAAO,wHAAwH,CAAC;QAClI,CAAC;QAED;YACE,MAAM;IACV,CAAC;IAED,8BAA8B;IAC9B,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,iBAAiB,CAAC,WAA4B;IACrD,MAAM,KAAK,GAAG;QACZ,kCAAkC;QAClC,EAAE;QACF,qBAAqB,WAAW,CAAC,MAAM,EAAE;QACzC,EAAE;QACF,wDAAwD;QACxD,EAAE;QACF,KAAK;QACL,EAAE;KACH,CAAC;IAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;QACzB,MAAM,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAE1C,KAAK,CAAC,IAAI,CACR,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,MAAM,GAAG,EAC9C,EAAE,EACF,iBAAiB,QAAQ,EAAE,EAC3B,aAAa,CAAC,CAAC,IAAI,EAAE,EACrB,gBAAgB,CAAC,CAAC,KAAK,IAAI,EAC3B,EAAE,EACF,CAAC,CAAC,WAAW,EACb,EAAE,EACF,mBAAmB,CAAC,CAAC,GAAG,EAAE,EAC1B,EAAE,CACH,CAAC;QAEF,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACZ,KAAK,CAAC,IAAI,CAAC,sBAAsB,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;YACd,KAAK,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QACxE,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACxB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "guardvibe",
|
|
3
|
-
"version": "1.
|
|
4
|
-
"description": "Security MCP for vibe coding.
|
|
3
|
+
"version": "1.3.2",
|
|
4
|
+
"description": "Security MCP for vibe coding. 239 rules for Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
7
7
|
"guardvibe": "build/index.js",
|
|
@@ -63,11 +63,23 @@
|
|
|
63
63
|
"firebase",
|
|
64
64
|
"mcp-server",
|
|
65
65
|
"prompt-injection",
|
|
66
|
-
"supply-chain"
|
|
66
|
+
"supply-chain",
|
|
67
|
+
"trpc",
|
|
68
|
+
"hono",
|
|
69
|
+
"graphql",
|
|
70
|
+
"convex",
|
|
71
|
+
"turso",
|
|
72
|
+
"libsql",
|
|
73
|
+
"uploadthing",
|
|
74
|
+
"oauth",
|
|
75
|
+
"csp",
|
|
76
|
+
"bola",
|
|
77
|
+
"mass-assignment",
|
|
78
|
+
"auto-fix"
|
|
67
79
|
],
|
|
68
80
|
"author": "GokLab",
|
|
69
|
-
"license": "
|
|
70
|
-
"homepage": "https://guardvibe
|
|
81
|
+
"license": "Apache-2.0",
|
|
82
|
+
"homepage": "https://github.com/goklab/guardvibe",
|
|
71
83
|
"repository": {
|
|
72
84
|
"type": "git",
|
|
73
85
|
"url": "https://github.com/goklab/guardvibe.git"
|