guardvibe 1.3.3 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/data/compliance-metadata.d.ts +24 -0
- package/build/data/compliance-metadata.d.ts.map +1 -0
- package/build/data/compliance-metadata.js +274 -0
- package/build/data/compliance-metadata.js.map +1 -0
- package/build/data/rules/index.d.ts.map +1 -1
- package/build/data/rules/index.js +3 -2
- package/build/data/rules/index.js.map +1 -1
- package/build/data/rules/types.d.ts +2 -0
- package/build/data/rules/types.d.ts.map +1 -1
- package/build/index.js +28 -8
- package/build/index.js.map +1 -1
- package/build/tools/audit-config.d.ts +11 -0
- package/build/tools/audit-config.d.ts.map +1 -0
- package/build/tools/audit-config.js +370 -0
- package/build/tools/audit-config.js.map +1 -0
- package/build/tools/compliance-report.d.ts +1 -1
- package/build/tools/compliance-report.d.ts.map +1 -1
- package/build/tools/compliance-report.js +110 -11
- package/build/tools/compliance-report.js.map +1 -1
- package/build/tools/generate-policy.d.ts +2 -0
- package/build/tools/generate-policy.d.ts.map +1 -0
- package/build/tools/generate-policy.js +368 -0
- package/build/tools/generate-policy.js.map +1 -0
- package/build/tools/scan-directory.d.ts +1 -1
- package/build/tools/scan-directory.d.ts.map +1 -1
- package/build/tools/scan-directory.js +121 -7
- package/build/tools/scan-directory.js.map +1 -1
- package/package.json +2 -2
|
@@ -0,0 +1,370 @@
|
|
|
1
|
+
import { readFileSync, existsSync, readdirSync } from "fs";
|
|
2
|
+
import { join, resolve, basename } from "path";
|
|
3
|
+
function tryRead(path) {
|
|
4
|
+
try {
|
|
5
|
+
return existsSync(path) ? readFileSync(path, "utf-8") : null;
|
|
6
|
+
}
|
|
7
|
+
catch {
|
|
8
|
+
return null;
|
|
9
|
+
}
|
|
10
|
+
}
|
|
11
|
+
function findRouteHandlers(dir, results, depth = 0) {
|
|
12
|
+
if (depth > 8)
|
|
13
|
+
return;
|
|
14
|
+
try {
|
|
15
|
+
const entries = readdirSync(dir, { withFileTypes: true });
|
|
16
|
+
for (const entry of entries) {
|
|
17
|
+
if (["node_modules", ".git", ".next", "build", "dist"].includes(entry.name))
|
|
18
|
+
continue;
|
|
19
|
+
const full = join(dir, entry.name);
|
|
20
|
+
if (entry.isDirectory()) {
|
|
21
|
+
findRouteHandlers(full, results, depth + 1);
|
|
22
|
+
}
|
|
23
|
+
else if (entry.isFile() && /^route\.(ts|js|tsx|jsx)$/.test(entry.name)) {
|
|
24
|
+
const content = tryRead(full);
|
|
25
|
+
if (content)
|
|
26
|
+
results.push({ path: full, content });
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
catch { /* skip unreadable dirs */ }
|
|
31
|
+
}
|
|
32
|
+
function discoverFiles(root) {
|
|
33
|
+
const nextConfigNames = ["next.config.ts", "next.config.mjs", "next.config.js"];
|
|
34
|
+
let nextConfig = null;
|
|
35
|
+
for (const name of nextConfigNames) {
|
|
36
|
+
const content = tryRead(join(root, name));
|
|
37
|
+
if (content) {
|
|
38
|
+
nextConfig = { path: join(root, name), content };
|
|
39
|
+
break;
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
const middlewareNames = ["middleware.ts", "middleware.js", "proxy.ts", "proxy.js"];
|
|
43
|
+
const middlewareDirs = [root, join(root, "src")];
|
|
44
|
+
let middleware = null;
|
|
45
|
+
for (const dir of middlewareDirs) {
|
|
46
|
+
for (const name of middlewareNames) {
|
|
47
|
+
const content = tryRead(join(dir, name));
|
|
48
|
+
if (content) {
|
|
49
|
+
middleware = { path: join(dir, name), content };
|
|
50
|
+
break;
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
if (middleware)
|
|
54
|
+
break;
|
|
55
|
+
}
|
|
56
|
+
const envNames = [".env", ".env.local", ".env.production", ".env.development", ".env.example"];
|
|
57
|
+
const envFiles = [];
|
|
58
|
+
for (const name of envNames) {
|
|
59
|
+
const content = tryRead(join(root, name));
|
|
60
|
+
if (content)
|
|
61
|
+
envFiles.push({ path: join(root, name), content, name });
|
|
62
|
+
}
|
|
63
|
+
const gitignore = tryRead(join(root, ".gitignore"));
|
|
64
|
+
const vercelJson = tryRead(join(root, "vercel.json"));
|
|
65
|
+
const routeHandlers = [];
|
|
66
|
+
const appDir = existsSync(join(root, "src", "app")) ? join(root, "src", "app") :
|
|
67
|
+
existsSync(join(root, "app")) ? join(root, "app") : null;
|
|
68
|
+
if (appDir)
|
|
69
|
+
findRouteHandlers(appDir, routeHandlers);
|
|
70
|
+
return {
|
|
71
|
+
nextConfig,
|
|
72
|
+
middleware,
|
|
73
|
+
envFiles,
|
|
74
|
+
gitignore: gitignore ? { path: join(root, ".gitignore"), content: gitignore } : null,
|
|
75
|
+
vercelConfig: vercelJson ? { path: join(root, "vercel.json"), content: vercelJson } : null,
|
|
76
|
+
routeHandlers,
|
|
77
|
+
};
|
|
78
|
+
}
|
|
79
|
+
function runChecks(files, root) {
|
|
80
|
+
const issues = [];
|
|
81
|
+
// --- HEADER CHECKS ---
|
|
82
|
+
const ncContent = files.nextConfig?.content ?? "";
|
|
83
|
+
const hasHeaders = /headers\s*\(/.test(ncContent);
|
|
84
|
+
const hasCSP = /Content-Security-Policy/i.test(ncContent);
|
|
85
|
+
const hasHSTS = /Strict-Transport-Security/i.test(ncContent);
|
|
86
|
+
const hasXFrame = /X-Frame-Options/i.test(ncContent);
|
|
87
|
+
const hasXContent = /X-Content-Type-Options/i.test(ncContent);
|
|
88
|
+
if (files.nextConfig && hasHeaders && !hasCSP) {
|
|
89
|
+
issues.push({
|
|
90
|
+
id: "AC001", severity: "high", category: "headers",
|
|
91
|
+
title: "headers() defined but Content-Security-Policy missing",
|
|
92
|
+
description: "next.config defines custom headers but does not include a Content-Security-Policy header. CSP is critical for preventing XSS attacks.",
|
|
93
|
+
fix: "Add a Content-Security-Policy header in your headers() function.",
|
|
94
|
+
files: [files.nextConfig.path],
|
|
95
|
+
});
|
|
96
|
+
}
|
|
97
|
+
if (files.nextConfig && hasHeaders && !hasHSTS) {
|
|
98
|
+
issues.push({
|
|
99
|
+
id: "AC002", severity: "high", category: "headers",
|
|
100
|
+
title: "headers() defined but Strict-Transport-Security missing",
|
|
101
|
+
description: "next.config defines custom headers but does not include HSTS. Without HSTS, browsers may use HTTP and expose traffic to interception.",
|
|
102
|
+
fix: 'Add Strict-Transport-Security header: "max-age=63072000; includeSubDomains; preload".',
|
|
103
|
+
files: [files.nextConfig.path],
|
|
104
|
+
});
|
|
105
|
+
}
|
|
106
|
+
if (files.nextConfig && hasHeaders && !hasXFrame) {
|
|
107
|
+
issues.push({
|
|
108
|
+
id: "AC003", severity: "medium", category: "headers",
|
|
109
|
+
title: "headers() defined but X-Frame-Options missing",
|
|
110
|
+
description: "Without X-Frame-Options, your app can be embedded in iframes for clickjacking attacks.",
|
|
111
|
+
fix: 'Add X-Frame-Options: DENY header.',
|
|
112
|
+
files: [files.nextConfig.path],
|
|
113
|
+
});
|
|
114
|
+
}
|
|
115
|
+
if (files.nextConfig && hasHeaders && !hasXContent) {
|
|
116
|
+
issues.push({
|
|
117
|
+
id: "AC004", severity: "medium", category: "headers",
|
|
118
|
+
title: "headers() defined but X-Content-Type-Options missing",
|
|
119
|
+
description: "Without X-Content-Type-Options: nosniff, browsers may MIME-sniff responses, leading to XSS via content type confusion.",
|
|
120
|
+
fix: 'Add X-Content-Type-Options: nosniff header.',
|
|
121
|
+
files: [files.nextConfig.path],
|
|
122
|
+
});
|
|
123
|
+
}
|
|
124
|
+
if (files.nextConfig && !hasHeaders) {
|
|
125
|
+
issues.push({
|
|
126
|
+
id: "AC005", severity: "high", category: "headers",
|
|
127
|
+
title: "next.config has no headers() — missing all security headers",
|
|
128
|
+
description: "No security headers are configured. The application is missing CSP, HSTS, X-Frame-Options, and X-Content-Type-Options.",
|
|
129
|
+
fix: "Add a headers() function in next.config with all security headers.",
|
|
130
|
+
files: [files.nextConfig.path],
|
|
131
|
+
});
|
|
132
|
+
}
|
|
133
|
+
// --- MIDDLEWARE / AUTH CHECKS ---
|
|
134
|
+
if (files.middleware) {
|
|
135
|
+
const mwContent = files.middleware.content;
|
|
136
|
+
const hasAuth = /auth|clerkMiddleware|withAuth|getToken|getServerSession|requireAuth/i.test(mwContent);
|
|
137
|
+
const hasMatcher = /matcher/.test(mwContent);
|
|
138
|
+
if (!hasAuth) {
|
|
139
|
+
issues.push({
|
|
140
|
+
id: "AC010", severity: "high", category: "auth",
|
|
141
|
+
title: "Middleware/proxy exists but has no authentication logic",
|
|
142
|
+
description: "Middleware file exists but does not call any auth function. This means routes are not protected at the middleware level.",
|
|
143
|
+
fix: "Add authentication checks (e.g., clerkMiddleware, auth()) in your middleware/proxy.",
|
|
144
|
+
files: [files.middleware.path],
|
|
145
|
+
});
|
|
146
|
+
}
|
|
147
|
+
// Cross-check: middleware-protected paths vs actual route handlers
|
|
148
|
+
if (hasMatcher && files.routeHandlers.length > 0) {
|
|
149
|
+
const matcherMatch = /matcher\s*[=:]\s*(\[[\s\S]*?\])/g.exec(mwContent);
|
|
150
|
+
if (matcherMatch) {
|
|
151
|
+
const matcherPaths = [...matcherMatch[1].matchAll(/["']([^"']+)["']/g)].map(m => m[1]);
|
|
152
|
+
const apiRoutes = files.routeHandlers
|
|
153
|
+
.map(r => r.path.replace(resolve(root), "").replace(/\\/g, "/"))
|
|
154
|
+
.filter(p => p.includes("/api/"));
|
|
155
|
+
const unprotectedApiRoutes = apiRoutes.filter(route => {
|
|
156
|
+
return !matcherPaths.some(pattern => {
|
|
157
|
+
const normalized = pattern.replace(/:path\*/, "").replace(/\(.*?\)/, "");
|
|
158
|
+
return route.startsWith(normalized) || route.includes(normalized);
|
|
159
|
+
});
|
|
160
|
+
});
|
|
161
|
+
if (unprotectedApiRoutes.length > 0) {
|
|
162
|
+
issues.push({
|
|
163
|
+
id: "AC011", severity: "high", category: "auth",
|
|
164
|
+
title: `${unprotectedApiRoutes.length} API route(s) not covered by middleware matcher`,
|
|
165
|
+
description: `Route handlers exist at paths not matched by middleware: ${unprotectedApiRoutes.slice(0, 5).join(", ")}. These routes bypass middleware auth.`,
|
|
166
|
+
fix: "Update the middleware matcher to include all API routes, or add auth checks in each route handler.",
|
|
167
|
+
files: [files.middleware.path, ...unprotectedApiRoutes.slice(0, 3).map(r => resolve(root) + r)],
|
|
168
|
+
});
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
}
|
|
172
|
+
}
|
|
173
|
+
else if (files.nextConfig) {
|
|
174
|
+
// Next.js project without middleware
|
|
175
|
+
issues.push({
|
|
176
|
+
id: "AC012", severity: "medium", category: "auth",
|
|
177
|
+
title: "Next.js project has no middleware/proxy for route protection",
|
|
178
|
+
description: "No middleware.ts or proxy.ts found. Without middleware, there is no centralized auth check. Each route handler must implement its own auth.",
|
|
179
|
+
fix: "Create a middleware.ts (or proxy.ts for Next.js 16) with auth checks.",
|
|
180
|
+
files: [],
|
|
181
|
+
});
|
|
182
|
+
}
|
|
183
|
+
// --- ENV CHECKS ---
|
|
184
|
+
const gitignoreContent = files.gitignore?.content ?? "";
|
|
185
|
+
const envInGitignore = /\.env\b/.test(gitignoreContent) || /\.env\.\*/.test(gitignoreContent) || /\.env\.local/.test(gitignoreContent);
|
|
186
|
+
if (files.envFiles.length > 0 && !envInGitignore) {
|
|
187
|
+
issues.push({
|
|
188
|
+
id: "AC020", severity: "critical", category: "secrets",
|
|
189
|
+
title: ".env files exist but .gitignore does not exclude them",
|
|
190
|
+
description: "Found .env files but .gitignore does not contain .env patterns. Secrets will be committed to version control.",
|
|
191
|
+
fix: "Add .env, .env.*, .env.local to .gitignore immediately.",
|
|
192
|
+
files: [files.gitignore?.path ?? join(root, ".gitignore"), ...files.envFiles.map(e => e.path)],
|
|
193
|
+
});
|
|
194
|
+
}
|
|
195
|
+
// Check for secrets in .env files that are also in NEXT_PUBLIC_
|
|
196
|
+
for (const envFile of files.envFiles) {
|
|
197
|
+
const lines = envFile.content.split("\n");
|
|
198
|
+
for (const line of lines) {
|
|
199
|
+
const match = /^(NEXT_PUBLIC_\w*(?:SECRET|KEY|PASSWORD|TOKEN|PRIVATE|CREDENTIAL)\w*)\s*=/.exec(line);
|
|
200
|
+
if (match && !/PUBLISHABLE/i.test(match[1])) {
|
|
201
|
+
issues.push({
|
|
202
|
+
id: "AC021", severity: "critical", category: "secrets",
|
|
203
|
+
title: `NEXT_PUBLIC_ exposes secret: ${match[1]}`,
|
|
204
|
+
description: `${match[1]} in ${envFile.name} has NEXT_PUBLIC_ prefix, making it visible in the client bundle.`,
|
|
205
|
+
fix: `Remove NEXT_PUBLIC_ prefix from ${match[1]}. Access it only server-side.`,
|
|
206
|
+
files: [envFile.path],
|
|
207
|
+
});
|
|
208
|
+
}
|
|
209
|
+
}
|
|
210
|
+
}
|
|
211
|
+
// Check for real secrets in .env.example
|
|
212
|
+
for (const envFile of files.envFiles.filter(e => e.name === ".env.example")) {
|
|
213
|
+
const realSecretPattern = /(?:SECRET|KEY|TOKEN|PASSWORD)\w*\s*=\s*(?:sk_live_|sk_test_|re_|whsec_|phx_|AKIA|ghp_|gho_|eyJ)[A-Za-z0-9_\-]{10,}/g;
|
|
214
|
+
if (realSecretPattern.test(envFile.content)) {
|
|
215
|
+
issues.push({
|
|
216
|
+
id: "AC022", severity: "high", category: "secrets",
|
|
217
|
+
title: ".env.example contains real secret values",
|
|
218
|
+
description: "The .env.example file appears to contain actual secrets instead of placeholder values.",
|
|
219
|
+
fix: "Replace real values with placeholders like 'your_key_here'.",
|
|
220
|
+
files: [envFile.path],
|
|
221
|
+
});
|
|
222
|
+
}
|
|
223
|
+
}
|
|
224
|
+
// --- CROSS-FILE: vercel.json + next.config ---
|
|
225
|
+
if (files.vercelConfig) {
|
|
226
|
+
const vc = files.vercelConfig.content;
|
|
227
|
+
const hasCrons = /crons/.test(vc);
|
|
228
|
+
if (hasCrons) {
|
|
229
|
+
const cronPaths = [...vc.matchAll(/["']path["']\s*:\s*["']([^"']+)["']/g)].map(m => m[1]);
|
|
230
|
+
for (const cronPath of cronPaths) {
|
|
231
|
+
const handler = files.routeHandlers.find(r => r.path.replace(/\\/g, "/").includes(cronPath.replace(/^\//, "")));
|
|
232
|
+
if (handler && !/CRON_SECRET/.test(handler.content)) {
|
|
233
|
+
issues.push({
|
|
234
|
+
id: "AC030", severity: "high", category: "auth",
|
|
235
|
+
title: `Cron endpoint ${cronPath} does not verify CRON_SECRET`,
|
|
236
|
+
description: `vercel.json defines a cron job at ${cronPath} but the route handler does not check CRON_SECRET. Anyone can trigger this endpoint.`,
|
|
237
|
+
fix: "Verify the authorization header against process.env.CRON_SECRET in the route handler.",
|
|
238
|
+
files: [files.vercelConfig.path, handler.path],
|
|
239
|
+
});
|
|
240
|
+
}
|
|
241
|
+
}
|
|
242
|
+
}
|
|
243
|
+
if (/["'](?:SECRET|KEY|TOKEN|PASSWORD)\w*["']\s*:\s*["'][A-Za-z0-9_\-]{12,}["']/i.test(vc)) {
|
|
244
|
+
issues.push({
|
|
245
|
+
id: "AC031", severity: "critical", category: "secrets",
|
|
246
|
+
title: "Hardcoded secret in vercel.json",
|
|
247
|
+
description: "vercel.json contains what appears to be a hardcoded secret value. This file is committed to git.",
|
|
248
|
+
fix: "Use Vercel environment variables (vercel env add) instead.",
|
|
249
|
+
files: [files.vercelConfig.path],
|
|
250
|
+
});
|
|
251
|
+
}
|
|
252
|
+
}
|
|
253
|
+
// --- CROSS-FILE: no middleware + route handlers without auth ---
|
|
254
|
+
if (!files.middleware && files.routeHandlers.length > 0) {
|
|
255
|
+
const unauthedRoutes = files.routeHandlers.filter(r => {
|
|
256
|
+
return !/(auth|getServerSession|currentUser|getUser|requireAuth|clerkClient|getToken|CRON_SECRET)/i.test(r.content);
|
|
257
|
+
});
|
|
258
|
+
if (unauthedRoutes.length > 0) {
|
|
259
|
+
issues.push({
|
|
260
|
+
id: "AC040", severity: "high", category: "auth",
|
|
261
|
+
title: `${unauthedRoutes.length} route handler(s) have no auth check and no middleware`,
|
|
262
|
+
description: `Without middleware, these route handlers have no authentication: ${unauthedRoutes.slice(0, 5).map(r => basename(r.path.replace(/route\.(ts|js)/, ""))).join(", ")}`,
|
|
263
|
+
fix: "Add authentication to each route handler or create a middleware file.",
|
|
264
|
+
files: unauthedRoutes.slice(0, 5).map(r => r.path),
|
|
265
|
+
});
|
|
266
|
+
}
|
|
267
|
+
}
|
|
268
|
+
// --- NEXT CONFIG SPECIFIC ---
|
|
269
|
+
if (files.nextConfig) {
|
|
270
|
+
if (/poweredByHeader\s*:\s*true/.test(ncContent)) {
|
|
271
|
+
issues.push({
|
|
272
|
+
id: "AC050", severity: "low", category: "config",
|
|
273
|
+
title: "X-Powered-By header enabled in next.config",
|
|
274
|
+
description: "The X-Powered-By header reveals the framework, helping attackers target known vulnerabilities.",
|
|
275
|
+
fix: "Set poweredByHeader: false in next.config.",
|
|
276
|
+
files: [files.nextConfig.path],
|
|
277
|
+
});
|
|
278
|
+
}
|
|
279
|
+
if (/productionBrowserSourceMaps\s*:\s*true/.test(ncContent)) {
|
|
280
|
+
issues.push({
|
|
281
|
+
id: "AC051", severity: "medium", category: "config",
|
|
282
|
+
title: "Production source maps enabled",
|
|
283
|
+
description: "productionBrowserSourceMaps is true, exposing original source code in production.",
|
|
284
|
+
fix: "Set productionBrowserSourceMaps: false.",
|
|
285
|
+
files: [files.nextConfig.path],
|
|
286
|
+
});
|
|
287
|
+
}
|
|
288
|
+
if (/remotePatterns[\s\S]*?hostname\s*:\s*["'](?:\*\*|\*)["']/.test(ncContent)) {
|
|
289
|
+
issues.push({
|
|
290
|
+
id: "AC052", severity: "high", category: "config",
|
|
291
|
+
title: "Wildcard remote image pattern allows any host",
|
|
292
|
+
description: "next.config allows images from any hostname, enabling SSRF and hotlinking.",
|
|
293
|
+
fix: "Restrict remotePatterns to specific trusted hostnames.",
|
|
294
|
+
files: [files.nextConfig.path],
|
|
295
|
+
});
|
|
296
|
+
}
|
|
297
|
+
}
|
|
298
|
+
return issues;
|
|
299
|
+
}
|
|
300
|
+
export function auditConfig(path, format = "markdown") {
|
|
301
|
+
const root = resolve(path);
|
|
302
|
+
const files = discoverFiles(root);
|
|
303
|
+
const issues = runChecks(files, root);
|
|
304
|
+
const severityOrder = { critical: 0, high: 1, medium: 2, low: 3 };
|
|
305
|
+
issues.sort((a, b) => severityOrder[a.severity] - severityOrder[b.severity]);
|
|
306
|
+
if (format === "json") {
|
|
307
|
+
const critical = issues.filter(i => i.severity === "critical").length;
|
|
308
|
+
const high = issues.filter(i => i.severity === "high").length;
|
|
309
|
+
const medium = issues.filter(i => i.severity === "medium").length;
|
|
310
|
+
const low = issues.filter(i => i.severity === "low").length;
|
|
311
|
+
return JSON.stringify({
|
|
312
|
+
summary: {
|
|
313
|
+
total: issues.length, critical, high, medium, low,
|
|
314
|
+
filesAnalyzed: {
|
|
315
|
+
nextConfig: files.nextConfig?.path ?? null,
|
|
316
|
+
middleware: files.middleware?.path ?? null,
|
|
317
|
+
envFiles: files.envFiles.map(e => e.path),
|
|
318
|
+
vercelConfig: files.vercelConfig?.path ?? null,
|
|
319
|
+
routeHandlers: files.routeHandlers.length,
|
|
320
|
+
},
|
|
321
|
+
},
|
|
322
|
+
issues: issues.map(i => ({
|
|
323
|
+
id: i.id, severity: i.severity, category: i.category,
|
|
324
|
+
title: i.title, description: i.description, fix: i.fix, files: i.files,
|
|
325
|
+
})),
|
|
326
|
+
});
|
|
327
|
+
}
|
|
328
|
+
const lines = [
|
|
329
|
+
`# GuardVibe Configuration Audit`,
|
|
330
|
+
``,
|
|
331
|
+
`Directory: ${root}`,
|
|
332
|
+
``,
|
|
333
|
+
`## Files Analyzed`,
|
|
334
|
+
`- next.config: ${files.nextConfig?.path ?? "not found"}`,
|
|
335
|
+
`- middleware/proxy: ${files.middleware?.path ?? "not found"}`,
|
|
336
|
+
`- .env files: ${files.envFiles.length > 0 ? files.envFiles.map(e => e.name).join(", ") : "none"}`,
|
|
337
|
+
`- vercel.json: ${files.vercelConfig ? "found" : "not found"}`,
|
|
338
|
+
`- Route handlers: ${files.routeHandlers.length}`,
|
|
339
|
+
``,
|
|
340
|
+
];
|
|
341
|
+
if (issues.length === 0) {
|
|
342
|
+
lines.push(`## No Issues Found`, ``, `Configuration looks secure. All cross-file checks passed.`);
|
|
343
|
+
return lines.join("\n");
|
|
344
|
+
}
|
|
345
|
+
const critical = issues.filter(i => i.severity === "critical").length;
|
|
346
|
+
const high = issues.filter(i => i.severity === "high").length;
|
|
347
|
+
const medium = issues.filter(i => i.severity === "medium").length;
|
|
348
|
+
lines.push(`## Summary: ${issues.length} issues found`, ``, `| Severity | Count |`, `|----------|-------|`);
|
|
349
|
+
if (critical > 0)
|
|
350
|
+
lines.push(`| Critical | ${critical} |`);
|
|
351
|
+
if (high > 0)
|
|
352
|
+
lines.push(`| High | ${high} |`);
|
|
353
|
+
if (medium > 0)
|
|
354
|
+
lines.push(`| Medium | ${medium} |`);
|
|
355
|
+
lines.push(``);
|
|
356
|
+
const categories = new Map();
|
|
357
|
+
for (const issue of issues) {
|
|
358
|
+
const existing = categories.get(issue.category) ?? [];
|
|
359
|
+
existing.push(issue);
|
|
360
|
+
categories.set(issue.category, existing);
|
|
361
|
+
}
|
|
362
|
+
for (const [cat, catIssues] of categories) {
|
|
363
|
+
lines.push(`## ${cat.charAt(0).toUpperCase() + cat.slice(1)}`, ``);
|
|
364
|
+
for (const issue of catIssues) {
|
|
365
|
+
lines.push(`### [${issue.severity.toUpperCase()}] ${issue.title} (${issue.id})`, `${issue.description}`, `**Fix:** ${issue.fix}`, issue.files.length > 0 ? `**Files:** ${issue.files.join(", ")}` : "", ``);
|
|
366
|
+
}
|
|
367
|
+
}
|
|
368
|
+
return lines.join("\n");
|
|
369
|
+
}
|
|
370
|
+
//# sourceMappingURL=audit-config.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"audit-config.js","sourceRoot":"","sources":["../../src/tools/audit-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,IAAI,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AAqB/C,SAAS,OAAO,CAAC,IAAY;IAC3B,IAAI,CAAC;QACH,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW,EAAE,OAAiD,EAAE,KAAK,GAAG,CAAC;IAClG,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO;IACtB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC;gBAAE,SAAS;YACtF,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YACnC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,iBAAiB,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YAC9C,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,IAAI,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzE,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;gBAC9B,IAAI,OAAO;oBAAE,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,0BAA0B,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,MAAM,eAAe,GAAG,CAAC,gBAAgB,EAAE,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;IAChF,IAAI,UAAU,GAA+B,IAAI,CAAC;IAClD,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;QAC1C,IAAI,OAAO,EAAE,CAAC;YAAC,UAAU,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC;YAAC,MAAM;QAAC,CAAC;IAC3E,CAAC;IAED,MAAM,eAAe,GAAG,CAAC,eAAe,EAAE,eAAe,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;IACnF,MAAM,cAAc,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;IACjD,IAAI,UAAU,GAA+B,IAAI,CAAC;IAClD,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;QACjC,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;YACzC,IAAI,OAAO,EAAE,CAAC;gBAAC,UAAU,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC;gBAAC,MAAM;YAAC,CAAC;QAC1E,CAAC;QACD,IAAI,UAAU;YAAE,MAAM;IACxB,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,MAAM,EAAE,YAAY,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,cAAc,CAAC,CAAC;IAC/F,MAAM,QAAQ,GAA6B,EAAE,CAAC;IAC9C,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;QAC1C,IAAI,OAAO;YAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC;IAEtD,MAAM,aAAa,GAA6C,EAAE,CAAC;IACnE,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;QACjE,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACxE,IAAI,MAAM;QAAE,iBAAiB,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAErD,OAAO;QACL,UAAU;QACV,UAAU;QACV,QAAQ;QACR,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI;QACpF,YAAY,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,IAAI;QAC1F,aAAa;KACd,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,KAAmB,EAAE,IAAY;IAClD,MAAM,MAAM,GAAkB,EAAE,CAAC;IAEjC,wBAAwB;IACxB,MAAM,SAAS,GAAG,KAAK,CAAC,UAAU,EAAE,OAAO,IAAI,EAAE,CAAC;IAClD,MAAM,UAAU,GAAG,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,0BAA0B,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,4BAA4B,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC7D,MAAM,SAAS,GAAG,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACrD,MAAM,WAAW,GAAG,yBAAyB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAE9D,IAAI,KAAK,CAAC,UAAU,IAAI,UAAU,IAAI,CAAC,MAAM,EAAE,CAAC;QAC9C,MAAM,CAAC,IAAI,CAAC;YACV,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS;YAClD,KAAK,EAAE,uDAAuD;YAC9D,WAAW,EAAE,uIAAuI;YACpJ,GAAG,EAAE,kEAAkE;YACvE,KAAK,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,IAAI,UAAU,IAAI,CAAC,OAAO,EAAE,CAAC;QAC/C,MAAM,CAAC,IAAI,CAAC;YACV,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS;YAClD,KAAK,EAAE,yDAAyD;YAChE,WAAW,EAAE,uIAAuI;YACpJ,GAAG,EAAE,uFAAuF;YAC5F,KAAK,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,IAAI,UAAU,IAAI,CAAC,SAAS,EAAE,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC;YACV,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS;YACpD,KAAK,EAAE,+CAA+C;YACtD,WAAW,EAAE,wFAAwF;YACrG,GAAG,EAAE,mCAAmC;YACxC,KAAK,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,IAAI,UAAU,IAAI,CAAC,WAAW,EAAE,CAAC;QACnD,MAAM,CAAC,IAAI,CAAC;YACV,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS;YACpD,KAAK,EAAE,sDAAsD;YAC7D,WAAW,EAAE,wHAAwH;YACrI,GAAG,EAAE,6CAA6C;YAClD,KAAK,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,IAAI,CAAC,UAAU,EAAE,CAAC;QACpC,MAAM,CAAC,IAAI,CAAC;YACV,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS;YAClD,KAAK,EAAE,6DAA6D;YACpE,WAAW,EAAE,wHAAwH;YACrI,GAAG,EAAE,oEAAoE;YACzE,KAAK,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,mCAAmC;IACnC,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;QACrB,MAAM,SAAS,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC;QAC3C,MAAM,OAAO,GAAG,sEAAsE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACvG,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE7C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC;gBACV,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM;gBAC/C,KAAK,EAAE,yDAAyD;gBAChE,WAAW,EAAE,0HAA0H;gBACvI,GAAG,EAAE,qFAAqF;gBAC1F,KAAK,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;aAC/B,CAAC,CAAC;QACL,CAAC;QAED,mEAAmE;QACnE,IAAI,UAAU,IAAI,KAAK,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjD,MAAM,YAAY,GAAG,kCAAkC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACxE,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,YAAY,GAAG,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACvF,MAAM,SAAS,GAAG,KAAK,CAAC,aAAa;qBAClC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;qBAC/D,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;gBAEpC,MAAM,oBAAoB,GAAG,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;oBACpD,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;wBAClC,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;wBACzE,OAAO,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;oBACpE,CAAC,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;gBAEH,IAAI,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACpC,MAAM,CAAC,IAAI,CAAC;wBACV,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM;wBAC/C,KAAK,EAAE,GAAG,oBAAoB,CAAC,MAAM,iDAAiD;wBACtF,WAAW,EAAE,4DAA4D,oBAAoB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,wCAAwC;wBAC5J,GAAG,EAAE,oGAAoG;wBACzG,KAAK,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;qBAChG,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;SAAM,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;QAC5B,qCAAqC;QACrC,MAAM,CAAC,IAAI,CAAC;YACV,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM;YACjD,KAAK,EAAE,8DAA8D;YACrE,WAAW,EAAE,6IAA6I;YAC1J,GAAG,EAAE,uEAAuE;YAC5E,KAAK,EAAE,EAAE;SACV,CAAC,CAAC;IACL,CAAC;IAED,qBAAqB;IACrB,MAAM,gBAAgB,GAAG,KAAK,CAAC,SAAS,EAAE,OAAO,IAAI,EAAE,CAAC;IACxD,MAAM,cAAc,GAAG,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAEvI,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC;YACV,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS;YACtD,KAAK,EAAE,uDAAuD;YAC9D,WAAW,EAAE,+GAA+G;YAC5H,GAAG,EAAE,yDAAyD;YAC9D,KAAK,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC,EAAE,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;SAC/F,CAAC,CAAC;IACL,CAAC;IAED,gEAAgE;IAChE,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC1C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,2EAA2E,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrG,IAAI,KAAK,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC5C,MAAM,CAAC,IAAI,CAAC;oBACV,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS;oBACtD,KAAK,EAAE,gCAAgC,KAAK,CAAC,CAAC,CAAC,EAAE;oBACjD,WAAW,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,OAAO,OAAO,CAAC,IAAI,mEAAmE;oBAC9G,GAAG,EAAE,mCAAmC,KAAK,CAAC,CAAC,CAAC,+BAA+B;oBAC/E,KAAK,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;iBACtB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,yCAAyC;IACzC,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,EAAE,CAAC;QAC5E,MAAM,iBAAiB,GAAG,qHAAqH,CAAC;QAChJ,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5C,MAAM,CAAC,IAAI,CAAC;gBACV,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS;gBAClD,KAAK,EAAE,0CAA0C;gBACjD,WAAW,EAAE,wFAAwF;gBACrG,GAAG,EAAE,6DAA6D;gBAClE,KAAK,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;aACtB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;QACvB,MAAM,EAAE,GAAG,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC;QACtC,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAElC,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,SAAS,GAAG,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1F,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,MAAM,OAAO,GAAG,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;gBAChH,IAAI,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;oBACpD,MAAM,CAAC,IAAI,CAAC;wBACV,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM;wBAC/C,KAAK,EAAE,iBAAiB,QAAQ,8BAA8B;wBAC9D,WAAW,EAAE,qCAAqC,QAAQ,sFAAsF;wBAChJ,GAAG,EAAE,uFAAuF;wBAC5F,KAAK,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC;qBAC/C,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,6EAA6E,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAC3F,MAAM,CAAC,IAAI,CAAC;gBACV,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS;gBACtD,KAAK,EAAE,iCAAiC;gBACxC,WAAW,EAAE,kGAAkG;gBAC/G,GAAG,EAAE,4DAA4D;gBACjE,KAAK,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,IAAI,CAAC,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxD,MAAM,cAAc,GAAG,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;YACpD,OAAO,CAAC,2FAA2F,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QACtH,CAAC,CAAC,CAAC;QACH,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC;gBACV,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM;gBAC/C,KAAK,EAAE,GAAG,cAAc,CAAC,MAAM,wDAAwD;gBACvF,WAAW,EAAE,oEAAoE,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBACjL,GAAG,EAAE,uEAAuE;gBAC5E,KAAK,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;aACnD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;QACrB,IAAI,4BAA4B,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YACjD,MAAM,CAAC,IAAI,CAAC;gBACV,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ;gBAChD,KAAK,EAAE,4CAA4C;gBACnD,WAAW,EAAE,gGAAgG;gBAC7G,GAAG,EAAE,4CAA4C;gBACjD,KAAK,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;aAC/B,CAAC,CAAC;QACL,CAAC;QAED,IAAI,wCAAwC,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7D,MAAM,CAAC,IAAI,CAAC;gBACV,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ;gBACnD,KAAK,EAAE,gCAAgC;gBACvC,WAAW,EAAE,mFAAmF;gBAChG,GAAG,EAAE,yCAAyC;gBAC9C,KAAK,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;aAC/B,CAAC,CAAC;QACL,CAAC;QAED,IAAI,0DAA0D,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/E,MAAM,CAAC,IAAI,CAAC;gBACV,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ;gBACjD,KAAK,EAAE,+CAA+C;gBACtD,WAAW,EAAE,4EAA4E;gBACzF,GAAG,EAAE,wDAAwD;gBAC7D,KAAK,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;aAC/B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,IAAY,EACZ,SAA8B,UAAU;IAExC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAEtC,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAC1F,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IAE7E,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QACtE,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QAC9D,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;QAClE,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM,CAAC;QAC5D,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,OAAO,EAAE;gBACP,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG;gBACjD,aAAa,EAAE;oBACb,UAAU,EAAE,KAAK,CAAC,UAAU,EAAE,IAAI,IAAI,IAAI;oBAC1C,UAAU,EAAE,KAAK,CAAC,UAAU,EAAE,IAAI,IAAI,IAAI;oBAC1C,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;oBACzC,YAAY,EAAE,KAAK,CAAC,YAAY,EAAE,IAAI,IAAI,IAAI;oBAC9C,aAAa,EAAE,KAAK,CAAC,aAAa,CAAC,MAAM;iBAC1C;aACF;YACD,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACvB,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpD,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK;aACvE,CAAC,CAAC;SACJ,CAAC,CAAC;IACL,CAAC;IAED,MAAM,KAAK,GAAa;QACtB,iCAAiC;QACjC,EAAE;QACF,cAAc,IAAI,EAAE;QACpB,EAAE;QACF,mBAAmB;QACnB,kBAAkB,KAAK,CAAC,UAAU,EAAE,IAAI,IAAI,WAAW,EAAE;QACzD,uBAAuB,KAAK,CAAC,UAAU,EAAE,IAAI,IAAI,WAAW,EAAE;QAC9D,iBAAiB,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE;QAClG,kBAAkB,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE;QAC9D,qBAAqB,KAAK,CAAC,aAAa,CAAC,MAAM,EAAE;QACjD,EAAE;KACH,CAAC;IAEF,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,EAAE,2DAA2D,CAAC,CAAC;QAClG,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACtE,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC9D,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IAElE,KAAK,CAAC,IAAI,CACR,eAAe,MAAM,CAAC,MAAM,eAAe,EAC3C,EAAE,EACF,sBAAsB,EACtB,sBAAsB,CACvB,CAAC;IACF,IAAI,QAAQ,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,QAAQ,IAAI,CAAC,CAAC;IAC3D,IAAI,IAAI,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC;IAC/C,IAAI,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,cAAc,MAAM,IAAI,CAAC,CAAC;IACrD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,MAAM,UAAU,GAAG,IAAI,GAAG,EAAyB,CAAC;IACpD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACtD,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC3C,CAAC;IAED,KAAK,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,IAAI,UAAU,EAAE,CAAC;QAC1C,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACnE,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;YAC9B,KAAK,CAAC,IAAI,CACR,QAAQ,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,EAAE,GAAG,EACpE,GAAG,KAAK,CAAC,WAAW,EAAE,EACtB,YAAY,KAAK,CAAC,GAAG,EAAE,EACvB,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EACpE,EAAE,CACH,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
import type { SecurityRule } from "../data/rules/types.js";
|
|
2
|
-
export declare function complianceReport(path: string, framework: string, format?: "markdown" | "json", rules?: SecurityRule[]): string;
|
|
2
|
+
export declare function complianceReport(path: string, framework: string, format?: "markdown" | "json", rules?: SecurityRule[], mode?: "full" | "executive"): string;
|
|
3
3
|
//# sourceMappingURL=compliance-report.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"compliance-report.d.ts","sourceRoot":"","sources":["../../src/tools/compliance-report.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AA6C3D,wBAAgB,gBAAgB,
|
|
1
|
+
{"version":3,"file":"compliance-report.d.ts","sourceRoot":"","sources":["../../src/tools/compliance-report.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AA6C3D,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,MAAM,GAAE,UAAU,GAAG,MAAmB,EACxC,KAAK,CAAC,EAAE,YAAY,EAAE,EACtB,IAAI,GAAE,MAAM,GAAG,WAAoB,GAClC,MAAM,CA0HR"}
|
|
@@ -48,7 +48,7 @@ function walkDir(dir, excludes, results) {
|
|
|
48
48
|
}
|
|
49
49
|
}
|
|
50
50
|
}
|
|
51
|
-
export function complianceReport(path, framework, format = "markdown", rules) {
|
|
51
|
+
export function complianceReport(path, framework, format = "markdown", rules, mode = "full") {
|
|
52
52
|
const scanRoot = resolve(path);
|
|
53
53
|
const config = loadConfig(scanRoot);
|
|
54
54
|
const excludes = new Set([...DEFAULT_EXCLUDES, ...config.scan.exclude]);
|
|
@@ -95,25 +95,40 @@ export function complianceReport(path, framework, format = "markdown", rules) {
|
|
|
95
95
|
controlMap.set(c, existing);
|
|
96
96
|
}
|
|
97
97
|
}
|
|
98
|
-
const lines = [
|
|
99
|
-
`# GuardVibe Compliance Report`,
|
|
100
|
-
``,
|
|
101
|
-
`Framework: ${framework}`,
|
|
102
|
-
`Directory: ${scanRoot}`,
|
|
103
|
-
`Files scanned: ${filePaths.length}`,
|
|
104
|
-
`Compliance issues: ${relevant.length}`,
|
|
105
|
-
``,
|
|
106
|
-
];
|
|
107
98
|
if (format === "json") {
|
|
108
99
|
const controls = {};
|
|
109
100
|
for (const [control, items] of controlMap.entries()) {
|
|
110
101
|
controls[control] = items.map(i => ({
|
|
111
102
|
id: i.finding.rule.id, name: i.finding.rule.name,
|
|
112
103
|
severity: i.finding.rule.severity, file: i.finding.filePath, line: i.finding.line,
|
|
104
|
+
exploit: i.finding.rule.exploit, audit: i.finding.rule.audit,
|
|
113
105
|
}));
|
|
114
106
|
}
|
|
115
|
-
|
|
107
|
+
const critical = relevant.filter(f => f.rule.severity === "critical").length;
|
|
108
|
+
const high = relevant.filter(f => f.rule.severity === "high").length;
|
|
109
|
+
const medium = relevant.filter(f => f.rule.severity === "medium").length;
|
|
110
|
+
return JSON.stringify({
|
|
111
|
+
summary: {
|
|
112
|
+
framework, total: relevant.length, controls: controlMap.size,
|
|
113
|
+
critical, high, medium, mode,
|
|
114
|
+
},
|
|
115
|
+
controls,
|
|
116
|
+
});
|
|
116
117
|
}
|
|
118
|
+
// --- EXECUTIVE SUMMARY MODE ---
|
|
119
|
+
if (mode === "executive") {
|
|
120
|
+
return formatExecutiveSummary(framework, scanRoot, filePaths.length, relevant, controlMap);
|
|
121
|
+
}
|
|
122
|
+
// --- FULL MODE ---
|
|
123
|
+
const lines = [
|
|
124
|
+
`# GuardVibe Compliance Report`,
|
|
125
|
+
``,
|
|
126
|
+
`Framework: ${framework}`,
|
|
127
|
+
`Directory: ${scanRoot}`,
|
|
128
|
+
`Files scanned: ${filePaths.length}`,
|
|
129
|
+
`Compliance issues: ${relevant.length}`,
|
|
130
|
+
``,
|
|
131
|
+
];
|
|
117
132
|
if (controlMap.size === 0) {
|
|
118
133
|
lines.push(`## No Compliance Issues`, ``, `No issues mapped to ${framework} controls were found.`);
|
|
119
134
|
return lines.join("\n");
|
|
@@ -131,9 +146,93 @@ export function complianceReport(path, framework, format = "markdown", rules) {
|
|
|
131
146
|
for (const item of items) {
|
|
132
147
|
const f = item.finding;
|
|
133
148
|
lines.push(`- **[${f.rule.severity.toUpperCase()}]** ${f.rule.name} (${f.rule.id}) in \`${f.filePath}\`:${f.line}`);
|
|
149
|
+
if (f.rule.exploit) {
|
|
150
|
+
lines.push(` - **Exploit scenario:** ${f.rule.exploit}`);
|
|
151
|
+
}
|
|
152
|
+
if (f.rule.audit) {
|
|
153
|
+
lines.push(` - **Audit evidence:** ${f.rule.audit}`);
|
|
154
|
+
}
|
|
134
155
|
}
|
|
135
156
|
lines.push(``);
|
|
136
157
|
}
|
|
137
158
|
return lines.join("\n");
|
|
138
159
|
}
|
|
160
|
+
function formatExecutiveSummary(framework, scanRoot, filesScanned, relevant, controlMap) {
|
|
161
|
+
const critical = relevant.filter(f => f.rule.severity === "critical").length;
|
|
162
|
+
const high = relevant.filter(f => f.rule.severity === "high").length;
|
|
163
|
+
const medium = relevant.filter(f => f.rule.severity === "medium").length;
|
|
164
|
+
const total = critical + high + medium;
|
|
165
|
+
const riskLevel = critical > 0 ? "HIGH" : high > 0 ? "MEDIUM" : total > 0 ? "LOW" : "MINIMAL";
|
|
166
|
+
const lines = [
|
|
167
|
+
`# Executive Security Summary`,
|
|
168
|
+
``,
|
|
169
|
+
`**Framework:** ${framework} | **Date:** ${new Date().toISOString().split("T")[0]}`,
|
|
170
|
+
`**Directory:** ${scanRoot}`,
|
|
171
|
+
`**Files scanned:** ${filesScanned}`,
|
|
172
|
+
``,
|
|
173
|
+
`## Risk Assessment: ${riskLevel}`,
|
|
174
|
+
``,
|
|
175
|
+
`| Metric | Value |`,
|
|
176
|
+
`|--------|-------|`,
|
|
177
|
+
`| Total compliance issues | ${total} |`,
|
|
178
|
+
`| Critical findings | ${critical} |`,
|
|
179
|
+
`| High findings | ${high} |`,
|
|
180
|
+
`| Medium findings | ${medium} |`,
|
|
181
|
+
`| Controls affected | ${controlMap.size} |`,
|
|
182
|
+
``,
|
|
183
|
+
];
|
|
184
|
+
// Top risks
|
|
185
|
+
if (total > 0) {
|
|
186
|
+
lines.push(`## Top Risks`, ``);
|
|
187
|
+
const uniqueRules = new Map();
|
|
188
|
+
for (const f of relevant) {
|
|
189
|
+
const existing = uniqueRules.get(f.rule.id);
|
|
190
|
+
if (existing) {
|
|
191
|
+
existing.count++;
|
|
192
|
+
if (!existing.files.includes(f.filePath))
|
|
193
|
+
existing.files.push(f.filePath);
|
|
194
|
+
}
|
|
195
|
+
else {
|
|
196
|
+
uniqueRules.set(f.rule.id, { rule: f.rule, count: 1, files: [f.filePath] });
|
|
197
|
+
}
|
|
198
|
+
}
|
|
199
|
+
const sortedRisks = [...uniqueRules.values()]
|
|
200
|
+
.sort((a, b) => {
|
|
201
|
+
const order = { critical: 0, high: 1, medium: 2, low: 3 };
|
|
202
|
+
return (order[a.rule.severity] ?? 4) - (order[b.rule.severity] ?? 4);
|
|
203
|
+
})
|
|
204
|
+
.slice(0, 5);
|
|
205
|
+
for (const risk of sortedRisks) {
|
|
206
|
+
lines.push(`### [${risk.rule.severity.toUpperCase()}] ${risk.rule.name} (${risk.count} occurrence${risk.count > 1 ? "s" : ""})`, `${risk.rule.description}`);
|
|
207
|
+
if (risk.rule.exploit) {
|
|
208
|
+
lines.push(`**Risk:** ${risk.rule.exploit}`);
|
|
209
|
+
}
|
|
210
|
+
lines.push(`**Remediation:** ${risk.rule.fix}`, ``);
|
|
211
|
+
}
|
|
212
|
+
}
|
|
213
|
+
// Compliance coverage
|
|
214
|
+
lines.push(`## Compliance Coverage`, ``, `| Control | Status | Issues |`, `|---------|--------|--------|`);
|
|
215
|
+
const sortedControls = [...controlMap.entries()].sort((a, b) => a[0].localeCompare(b[0]));
|
|
216
|
+
for (const [control, items] of sortedControls) {
|
|
217
|
+
const hasCritical = items.some(i => i.finding.rule.severity === "critical");
|
|
218
|
+
const status = hasCritical ? "FAIL" : "REVIEW";
|
|
219
|
+
lines.push(`| ${control} | ${status} | ${items.length} |`);
|
|
220
|
+
}
|
|
221
|
+
lines.push(``);
|
|
222
|
+
// Recommendations
|
|
223
|
+
lines.push(`## Recommended Actions`, ``);
|
|
224
|
+
if (critical > 0) {
|
|
225
|
+
lines.push(`1. **IMMEDIATE:** Address ${critical} critical finding(s) — these represent exploitable vulnerabilities with direct compliance impact.`);
|
|
226
|
+
}
|
|
227
|
+
if (high > 0) {
|
|
228
|
+
lines.push(`${critical > 0 ? "2" : "1"}. **SHORT-TERM:** Remediate ${high} high-severity finding(s) within the current sprint.`);
|
|
229
|
+
}
|
|
230
|
+
if (medium > 0) {
|
|
231
|
+
lines.push(`${critical > 0 && high > 0 ? "3" : critical > 0 || high > 0 ? "2" : "1"}. **PLANNED:** Schedule ${medium} medium-severity finding(s) for upcoming releases.`);
|
|
232
|
+
}
|
|
233
|
+
if (total === 0) {
|
|
234
|
+
lines.push(`No compliance issues found. Continue regular security scanning.`);
|
|
235
|
+
}
|
|
236
|
+
return lines.join("\n");
|
|
237
|
+
}
|
|
139
238
|
//# sourceMappingURL=compliance-report.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"compliance-report.js","sourceRoot":"","sources":["../../src/tools/compliance-report.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACxD,OAAO,EAAE,WAAW,EAAgB,MAAM,iBAAiB,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAGhD,MAAM,aAAa,GAA2B;IAC5C,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM;IAC7C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;IAC/C,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW;IACnD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CACjC,CAAC;AAEF,MAAM,eAAe,GAA2B;IAC9C,aAAa,EAAE,eAAe;IAC9B,gBAAgB,EAAE,eAAe;IACjC,iBAAiB,EAAE,eAAe;IAClC,gBAAgB,EAAE,eAAe;IACjC,oBAAoB,EAAE,gBAAgB;IACtC,qBAAqB,EAAE,gBAAgB;IACvC,UAAU,EAAE,YAAY;IACxB,aAAa,EAAE,eAAe;IAC9B,cAAc,EAAE,gBAAgB;CACjC,CAAC;AAEF,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa;IAChE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ;CACvC,CAAC,CAAC;AAEH,SAAS,OAAO,CAAC,GAAW,EAAE,QAAqB,EAAE,OAAiB;IACpE,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QAAC,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO;IAAC,CAAC;IAC9E,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,OAAO,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9C,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7F,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAAY,EAAE,SAAiB,EAAE,SAA8B,UAAU,EAAE,KAAsB;IAChI,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,gBAAgB,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IACxE,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,OAAO,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAEvC,iBAAiB;IACjB,MAAM,WAAW,GAA0C,EAAE,CAAC;IAC9D,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChC,IAAI,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW;gBAAE,SAAS;YAClD,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAChD,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;YAC5C,IAAI,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;YAClC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,UAAU,CAAC,YAAY,CAAC;gBAAE,QAAQ,GAAG,YAAY,CAAC;YACtF,IAAI,CAAC,QAAQ;gBAAE,QAAQ,GAAG,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC9D,IAAI,CAAC,QAAQ;gBAAE,SAAS;YACxB,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;YACtF,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;gBACzB,WAAW,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;IACxB,CAAC;IAED,sBAAsB;IACtB,MAAM,cAAc,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;IAC/C,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACtC,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE;QAC1B,IAAI,cAAc,KAAK,KAAK;YAAE,OAAO,IAAI,CAAC;QAC1C,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;IACpD,CAAC,CAAC,CACH,CAAC;IAEF,mBAAmB;IACnB,MAAM,UAAU,GAAG,IAAI,GAAG,EAAkD,CAAC;IAC7E,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,EAAE,CAAC;YACxC,IAAI,cAAc,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC;gBAAE,SAAS;YACtF,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACzC,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;YAC9B,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAa;QACtB,+BAA+B;QAC/B,EAAE;QACF,cAAc,SAAS,EAAE;QACzB,cAAc,QAAQ,EAAE;QACxB,kBAAkB,SAAS,CAAC,MAAM,EAAE;QACpC,sBAAsB,QAAQ,CAAC,MAAM,EAAE;QACvC,EAAE;KACH,CAAC;IAEF,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,MAAM,QAAQ,GAAsG,EAAE,CAAC;QACvH,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC;YACpD,QAAQ,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAClC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI;gBAChD,QAAQ,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI;aAClF,CAAC,CAAC,CAAC;QACN,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;IACjH,CAAC;IAED,IAAI,UAAU,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,EAAE,uBAAuB,SAAS,uBAAuB,CAAC,CAAC;QACnG,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,gBAAgB;IAChB,MAAM,cAAc,GAAG,CAAC,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAE1F,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,EAAE,sBAAsB,EAAE,sBAAsB,CAAC,CAAC;IAC7E,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,cAAc,EAAE,CAAC;QAC9C,KAAK,CAAC,IAAI,CAAC,KAAK,OAAO,MAAM,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC;IACjD,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAEtB,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,cAAc,EAAE,CAAC;QAC9C,KAAK,CAAC,IAAI,CAAC,MAAM,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC;QAChC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC;YACvB,KAAK,CAAC,IAAI,CACR,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,UAAU,CAAC,CAAC,QAAQ,MAAM,CAAC,CAAC,IAAI,EAAE,CACxG,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
1
|
+
{"version":3,"file":"compliance-report.js","sourceRoot":"","sources":["../../src/tools/compliance-report.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACxD,OAAO,EAAE,WAAW,EAAgB,MAAM,iBAAiB,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAGhD,MAAM,aAAa,GAA2B;IAC5C,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM;IAC7C,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;IAC/C,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW;IACnD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CACjC,CAAC;AAEF,MAAM,eAAe,GAA2B;IAC9C,aAAa,EAAE,eAAe;IAC9B,gBAAgB,EAAE,eAAe;IACjC,iBAAiB,EAAE,eAAe;IAClC,gBAAgB,EAAE,eAAe;IACjC,oBAAoB,EAAE,gBAAgB;IACtC,qBAAqB,EAAE,gBAAgB;IACvC,UAAU,EAAE,YAAY;IACxB,aAAa,EAAE,eAAe;IAC9B,cAAc,EAAE,gBAAgB;CACjC,CAAC;AAEF,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa;IAChE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ;CACvC,CAAC,CAAC;AAEH,SAAS,OAAO,CAAC,GAAW,EAAE,QAAqB,EAAE,OAAiB;IACpE,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QAAC,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO;IAAC,CAAC;IAC9E,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,OAAO,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9C,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7F,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,IAAY,EACZ,SAAiB,EACjB,SAA8B,UAAU,EACxC,KAAsB,EACtB,OAA6B,MAAM;IAEnC,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,gBAAgB,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IACxE,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,OAAO,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAEvC,iBAAiB;IACjB,MAAM,WAAW,GAA0C,EAAE,CAAC;IAC9D,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChC,IAAI,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW;gBAAE,SAAS;YAClD,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAChD,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;YAC5C,IAAI,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;YAClC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,UAAU,CAAC,YAAY,CAAC;gBAAE,QAAQ,GAAG,YAAY,CAAC;YACtF,IAAI,CAAC,QAAQ;gBAAE,QAAQ,GAAG,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC9D,IAAI,CAAC,QAAQ;gBAAE,SAAS;YACxB,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;YACtF,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;gBACzB,WAAW,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;IACxB,CAAC;IAED,sBAAsB;IACtB,MAAM,cAAc,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;IAC/C,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACtC,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE;QAC1B,IAAI,cAAc,KAAK,KAAK;YAAE,OAAO,IAAI,CAAC;QAC1C,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;IACpD,CAAC,CAAC,CACH,CAAC;IAEF,mBAAmB;IACnB,MAAM,UAAU,GAAG,IAAI,GAAG,EAAkD,CAAC;IAC7E,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,EAAE,CAAC;YACxC,IAAI,cAAc,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC;gBAAE,SAAS;YACtF,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACzC,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;YAC9B,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,MAAM,QAAQ,GAGR,EAAE,CAAC;QACT,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC;YACpD,QAAQ,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAClC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI;gBAChD,QAAQ,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI;gBACjF,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK;aAC7D,CAAC,CAAC,CAAC;QACN,CAAC;QAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QAC7E,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QACrE,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;QAEzE,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,OAAO,EAAE;gBACP,SAAS,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,IAAI;gBAC5D,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI;aAC7B;YACD,QAAQ;SACT,CAAC,CAAC;IACL,CAAC;IAED,iCAAiC;IACjC,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;QACzB,OAAO,sBAAsB,CAAC,SAAS,EAAE,QAAQ,EAAE,SAAS,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC7F,CAAC;IAED,oBAAoB;IACpB,MAAM,KAAK,GAAa;QACtB,+BAA+B;QAC/B,EAAE;QACF,cAAc,SAAS,EAAE;QACzB,cAAc,QAAQ,EAAE;QACxB,kBAAkB,SAAS,CAAC,MAAM,EAAE;QACpC,sBAAsB,QAAQ,CAAC,MAAM,EAAE;QACvC,EAAE;KACH,CAAC;IAEF,IAAI,UAAU,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,EAAE,uBAAuB,SAAS,uBAAuB,CAAC,CAAC;QACnG,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,gBAAgB;IAChB,MAAM,cAAc,GAAG,CAAC,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAE1F,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,EAAE,sBAAsB,EAAE,sBAAsB,CAAC,CAAC;IAC7E,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,cAAc,EAAE,CAAC;QAC9C,KAAK,CAAC,IAAI,CAAC,KAAK,OAAO,MAAM,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC;IACjD,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAEtB,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,cAAc,EAAE,CAAC;QAC9C,KAAK,CAAC,IAAI,CAAC,MAAM,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC;QAChC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC;YACvB,KAAK,CAAC,IAAI,CACR,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,UAAU,CAAC,CAAC,QAAQ,MAAM,CAAC,CAAC,IAAI,EAAE,CACxG,CAAC;YACF,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACnB,KAAK,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;YAC5D,CAAC;YACD,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACjB,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,sBAAsB,CAC7B,SAAiB,EACjB,QAAgB,EAChB,YAAoB,EACpB,QAA+C,EAC/C,UAA2E;IAE3E,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAC7E,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACrE,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IACzE,MAAM,KAAK,GAAG,QAAQ,GAAG,IAAI,GAAG,MAAM,CAAC;IAEvC,MAAM,SAAS,GAAG,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;IAE9F,MAAM,KAAK,GAAa;QACtB,8BAA8B;QAC9B,EAAE;QACF,kBAAkB,SAAS,gBAAgB,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;QACnF,kBAAkB,QAAQ,EAAE;QAC5B,sBAAsB,YAAY,EAAE;QACpC,EAAE;QACF,uBAAuB,SAAS,EAAE;QAClC,EAAE;QACF,oBAAoB;QACpB,oBAAoB;QACpB,+BAA+B,KAAK,IAAI;QACxC,yBAAyB,QAAQ,IAAI;QACrC,qBAAqB,IAAI,IAAI;QAC7B,uBAAuB,MAAM,IAAI;QACjC,yBAAyB,UAAU,CAAC,IAAI,IAAI;QAC5C,EAAE;KACH,CAAC;IAEF,YAAY;IACZ,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACd,KAAK,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;QAC/B,MAAM,WAAW,GAAG,IAAI,GAAG,EAAkE,CAAC;QAC9F,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC5C,IAAI,QAAQ,EAAE,CAAC;gBACb,QAAQ,CAAC,KAAK,EAAE,CAAC;gBACjB,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;oBAAE,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;YAC5E,CAAC;iBAAM,CAAC;gBACN,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YAC9E,CAAC;QACH,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,GAAG,WAAW,CAAC,MAAM,EAAE,CAAC;aAC1C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACb,MAAM,KAAK,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;YAClF,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QACvE,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAEf,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,KAAK,CAAC,IAAI,CACR,QAAQ,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,KAAK,cAAc,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EACpH,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAC3B,CAAC;YACF,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACtB,KAAK,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;YAC/C,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,oBAAoB,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,KAAK,CAAC,IAAI,CACR,wBAAwB,EACxB,EAAE,EACF,+BAA+B,EAC/B,+BAA+B,CAChC,CAAC;IACF,MAAM,cAAc,GAAG,CAAC,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1F,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,cAAc,EAAE,CAAC;QAC9C,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;QAC5E,MAAM,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC;QAC/C,KAAK,CAAC,IAAI,CAAC,KAAK,OAAO,MAAM,MAAM,MAAM,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC;IAC7D,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,kBAAkB;IAClB,KAAK,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,CAAC,CAAC;IACzC,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,6BAA6B,QAAQ,mGAAmG,CAAC,CAAC;IACvJ,CAAC;IACD,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;QACb,KAAK,CAAC,IAAI,CAAC,GAAG,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,+BAA+B,IAAI,sDAAsD,CAAC,CAAC;IACnI,CAAC;IACD,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,GAAG,QAAQ,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,2BAA2B,MAAM,oDAAoD,CAAC,CAAC;IAC5K,CAAC;IACD,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;QAChB,KAAK,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;IAChF,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"generate-policy.d.ts","sourceRoot":"","sources":["../../src/tools/generate-policy.ts"],"names":[],"mappings":"AAkWA,wBAAgB,cAAc,CAC5B,IAAI,EAAE,MAAM,EACZ,MAAM,GAAE,UAAU,GAAG,MAAmB,GACvC,MAAM,CA4HR"}
|