hackmyagent-core 0.4.2 → 0.4.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +374 -353
- package/dist/hardening/scanner.d.ts +1 -1
- package/dist/hardening/scanner.d.ts.map +1 -1
- package/dist/hardening/scanner.js +60 -2
- package/dist/hardening/scanner.js.map +1 -1
- package/dist/hardening/scanner.test.js +48 -0
- package/dist/hardening/scanner.test.js.map +1 -1
- package/dist/index.d.ts +3 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +7 -2
- package/dist/index.js.map +1 -1
- package/dist/registry/client.d.ts +74 -0
- package/dist/registry/client.d.ts.map +1 -0
- package/dist/registry/client.js +159 -0
- package/dist/registry/client.js.map +1 -0
- package/dist/registry/index.d.ts +3 -0
- package/dist/registry/index.d.ts.map +1 -0
- package/dist/registry/index.js +8 -0
- package/dist/registry/index.js.map +1 -0
- package/package.json +1 -1
|
@@ -0,0 +1,159 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* OpenA2A Registry client for posting scan results.
|
|
4
|
+
*
|
|
5
|
+
* Maps HackMyAgent scan findings to the registry's ScanResult format
|
|
6
|
+
* and POSTs them to the registry callback endpoint.
|
|
7
|
+
*/
|
|
8
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
+
exports.RegistryClient = void 0;
|
|
10
|
+
exports.buildScanReport = buildScanReport;
|
|
11
|
+
exports.buildAttackReport = buildAttackReport;
|
|
12
|
+
class RegistryClient {
|
|
13
|
+
constructor(config) {
|
|
14
|
+
this.config = config;
|
|
15
|
+
}
|
|
16
|
+
/**
|
|
17
|
+
* Post scan results to registry callback endpoint.
|
|
18
|
+
*/
|
|
19
|
+
async reportScanResult(payload) {
|
|
20
|
+
const url = `${this.config.registryUrl}/api/v1/registry/internal/scan-result`;
|
|
21
|
+
const response = await fetch(url, {
|
|
22
|
+
method: 'POST',
|
|
23
|
+
headers: {
|
|
24
|
+
'Content-Type': 'application/json',
|
|
25
|
+
'Authorization': `Bearer ${this.config.apiKey}`,
|
|
26
|
+
'User-Agent': 'HackMyAgent-CLI',
|
|
27
|
+
},
|
|
28
|
+
body: JSON.stringify(payload),
|
|
29
|
+
});
|
|
30
|
+
if (!response.ok) {
|
|
31
|
+
const body = await response.text().catch(() => '');
|
|
32
|
+
throw new Error(`Registry report failed (${response.status}): ${body}`);
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
/**
|
|
36
|
+
* Look up package info from registry.
|
|
37
|
+
*/
|
|
38
|
+
async getPackage(publisherName, packageType, name) {
|
|
39
|
+
const url = `${this.config.registryUrl}/api/v1/registry/${packageType}/${name}?publisher=${publisherName}`;
|
|
40
|
+
const response = await fetch(url, {
|
|
41
|
+
headers: {
|
|
42
|
+
'User-Agent': 'HackMyAgent-CLI',
|
|
43
|
+
},
|
|
44
|
+
});
|
|
45
|
+
if (response.status === 404) {
|
|
46
|
+
return null;
|
|
47
|
+
}
|
|
48
|
+
if (!response.ok) {
|
|
49
|
+
throw new Error(`Registry lookup failed (${response.status})`);
|
|
50
|
+
}
|
|
51
|
+
return response.json();
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
exports.RegistryClient = RegistryClient;
|
|
55
|
+
/**
|
|
56
|
+
* Build a ScanReportPayload from HMA hardening scan results.
|
|
57
|
+
*/
|
|
58
|
+
function buildScanReport(versionId, findings) {
|
|
59
|
+
const failed = findings.filter(f => !f.passed && !f.fixed);
|
|
60
|
+
const counts = countBySeverity(failed);
|
|
61
|
+
const status = deriveStatus(counts);
|
|
62
|
+
// Map failed findings to vulnerability format
|
|
63
|
+
const vulnerabilities = failed.map(f => ({
|
|
64
|
+
id: f.checkId,
|
|
65
|
+
severity: f.severity,
|
|
66
|
+
title: f.name,
|
|
67
|
+
description: f.description,
|
|
68
|
+
}));
|
|
69
|
+
// Extract observed capabilities from capability-related checks
|
|
70
|
+
const observedCapabilities = [];
|
|
71
|
+
for (const f of findings) {
|
|
72
|
+
if (f.checkId.startsWith('FS-') && !f.passed)
|
|
73
|
+
observedCapabilities.push('filesystem');
|
|
74
|
+
if (f.checkId.startsWith('NET-') && !f.passed)
|
|
75
|
+
observedCapabilities.push('network');
|
|
76
|
+
if (f.checkId.startsWith('SHELL-') && !f.passed)
|
|
77
|
+
observedCapabilities.push('shell_exec');
|
|
78
|
+
}
|
|
79
|
+
return {
|
|
80
|
+
versionId,
|
|
81
|
+
scanId: `hma-${Date.now()}`,
|
|
82
|
+
status,
|
|
83
|
+
completedAt: new Date().toISOString(),
|
|
84
|
+
vulnerabilities,
|
|
85
|
+
criticalCount: counts.critical,
|
|
86
|
+
highCount: counts.high,
|
|
87
|
+
mediumCount: counts.medium,
|
|
88
|
+
lowCount: counts.low,
|
|
89
|
+
observedCapabilities: [...new Set(observedCapabilities)],
|
|
90
|
+
observedExternalApis: [],
|
|
91
|
+
capabilityMismatch: false,
|
|
92
|
+
behavioralFindings: [],
|
|
93
|
+
behavioralScore: 0,
|
|
94
|
+
rawReport: {
|
|
95
|
+
generator: 'hackmyagent',
|
|
96
|
+
totalFindings: findings.length,
|
|
97
|
+
failedFindings: failed.length,
|
|
98
|
+
},
|
|
99
|
+
};
|
|
100
|
+
}
|
|
101
|
+
/**
|
|
102
|
+
* Build a ScanReportPayload from HMA attack results.
|
|
103
|
+
*/
|
|
104
|
+
function buildAttackReport(versionId, report) {
|
|
105
|
+
const vulnerabilities = report.results
|
|
106
|
+
.filter(r => r.success)
|
|
107
|
+
.map(r => ({
|
|
108
|
+
id: r.payload.id,
|
|
109
|
+
severity: r.payload.severity,
|
|
110
|
+
title: `${r.payload.category}: ${r.payload.id}`,
|
|
111
|
+
description: r.response?.substring(0, 500) || 'Attack succeeded',
|
|
112
|
+
}));
|
|
113
|
+
const counts = {
|
|
114
|
+
critical: vulnerabilities.filter(v => v.severity === 'critical').length,
|
|
115
|
+
high: vulnerabilities.filter(v => v.severity === 'high').length,
|
|
116
|
+
medium: vulnerabilities.filter(v => v.severity === 'medium').length,
|
|
117
|
+
low: vulnerabilities.filter(v => v.severity === 'low').length,
|
|
118
|
+
};
|
|
119
|
+
const status = deriveStatus(counts);
|
|
120
|
+
return {
|
|
121
|
+
versionId,
|
|
122
|
+
scanId: `hma-attack-${Date.now()}`,
|
|
123
|
+
status,
|
|
124
|
+
completedAt: new Date().toISOString(),
|
|
125
|
+
vulnerabilities,
|
|
126
|
+
criticalCount: counts.critical,
|
|
127
|
+
highCount: counts.high,
|
|
128
|
+
mediumCount: counts.medium,
|
|
129
|
+
lowCount: counts.low,
|
|
130
|
+
observedCapabilities: [],
|
|
131
|
+
observedExternalApis: [],
|
|
132
|
+
capabilityMismatch: false,
|
|
133
|
+
behavioralFindings: [],
|
|
134
|
+
behavioralScore: 0,
|
|
135
|
+
rawReport: {
|
|
136
|
+
generator: 'hackmyagent-attack',
|
|
137
|
+
target: report.target,
|
|
138
|
+
riskRating: report.riskRating,
|
|
139
|
+
totalPayloads: report.summary.total,
|
|
140
|
+
successfulAttacks: report.summary.successful,
|
|
141
|
+
},
|
|
142
|
+
};
|
|
143
|
+
}
|
|
144
|
+
function countBySeverity(findings) {
|
|
145
|
+
return {
|
|
146
|
+
critical: findings.filter(f => f.severity === 'critical').length,
|
|
147
|
+
high: findings.filter(f => f.severity === 'high').length,
|
|
148
|
+
medium: findings.filter(f => f.severity === 'medium').length,
|
|
149
|
+
low: findings.filter(f => f.severity === 'low').length,
|
|
150
|
+
};
|
|
151
|
+
}
|
|
152
|
+
function deriveStatus(counts) {
|
|
153
|
+
if (counts.critical > 0 || counts.high > 0)
|
|
154
|
+
return 'failed';
|
|
155
|
+
if (counts.medium > 0 || counts.low > 0)
|
|
156
|
+
return 'warnings';
|
|
157
|
+
return 'passed';
|
|
158
|
+
}
|
|
159
|
+
//# sourceMappingURL=client.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/registry/client.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAqHH,0CA8CC;AAKD,8CA6CC;AA9JD,MAAa,cAAc;IAGzB,YAAY,MAAsB;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,OAA0B;QAC/C,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,uCAAuC,CAAC;QAE9E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;gBAC/C,YAAY,EAAE,iBAAiB;aAChC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;SAC9B,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACnD,MAAM,IAAI,KAAK,CACb,2BAA2B,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CACvD,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CACd,aAAqB,EACrB,WAAmB,EACnB,IAAY;QAEZ,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,oBAAoB,WAAW,IAAI,IAAI,cAAc,aAAa,EAAE,CAAC;QAE3G,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,OAAO,EAAE;gBACP,YAAY,EAAE,iBAAiB;aAChC;SACF,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,2BAA2B,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;QACjE,CAAC;QAED,OAAO,QAAQ,CAAC,IAAI,EAA8B,CAAC;IACrD,CAAC;CACF;AAzDD,wCAyDC;AAED;;GAEG;AACH,SAAgB,eAAe,CAC7B,SAAiB,EACjB,QAA2B;IAE3B,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAE3D,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACvC,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IAEpC,8CAA8C;IAC9C,MAAM,eAAe,GAA2B,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC/D,EAAE,EAAE,CAAC,CAAC,OAAO;QACb,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,KAAK,EAAE,CAAC,CAAC,IAAI;QACb,WAAW,EAAE,CAAC,CAAC,WAAW;KAC3B,CAAC,CAAC,CAAC;IAEJ,+DAA+D;IAC/D,MAAM,oBAAoB,GAAa,EAAE,CAAC;IAC1C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM;YAAE,oBAAoB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACtF,IAAI,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM;YAAE,oBAAoB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACpF,IAAI,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM;YAAE,oBAAoB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC3F,CAAC;IAED,OAAO;QACL,SAAS;QACT,MAAM,EAAE,OAAO,IAAI,CAAC,GAAG,EAAE,EAAE;QAC3B,MAAM;QACN,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,eAAe;QACf,aAAa,EAAE,MAAM,CAAC,QAAQ;QAC9B,SAAS,EAAE,MAAM,CAAC,IAAI;QACtB,WAAW,EAAE,MAAM,CAAC,MAAM;QAC1B,QAAQ,EAAE,MAAM,CAAC,GAAG;QACpB,oBAAoB,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,oBAAoB,CAAC,CAAC;QACxD,oBAAoB,EAAE,EAAE;QACxB,kBAAkB,EAAE,KAAK;QACzB,kBAAkB,EAAE,EAAE;QACtB,eAAe,EAAE,CAAC;QAClB,SAAS,EAAE;YACT,SAAS,EAAE,aAAa;YACxB,aAAa,EAAE,QAAQ,CAAC,MAAM;YAC9B,cAAc,EAAE,MAAM,CAAC,MAAM;SAC9B;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAC/B,SAAiB,EACjB,MAAoB;IAEpB,MAAM,eAAe,GAA2B,MAAM,CAAC,OAAO;SAC3D,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACT,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE;QAChB,QAAQ,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ;QAC5B,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,CAAC,CAAC,OAAO,CAAC,EAAE,EAAE;QAC/C,WAAW,EAAE,CAAC,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,kBAAkB;KACjE,CAAC,CAAC,CAAC;IAEN,MAAM,MAAM,GAAG;QACb,QAAQ,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;QACvE,IAAI,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;QAC/D,MAAM,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;QACnE,GAAG,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;KAC9D,CAAC;IAEF,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IAEpC,OAAO;QACL,SAAS;QACT,MAAM,EAAE,cAAc,IAAI,CAAC,GAAG,EAAE,EAAE;QAClC,MAAM;QACN,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,eAAe;QACf,aAAa,EAAE,MAAM,CAAC,QAAQ;QAC9B,SAAS,EAAE,MAAM,CAAC,IAAI;QACtB,WAAW,EAAE,MAAM,CAAC,MAAM;QAC1B,QAAQ,EAAE,MAAM,CAAC,GAAG;QACpB,oBAAoB,EAAE,EAAE;QACxB,oBAAoB,EAAE,EAAE;QACxB,kBAAkB,EAAE,KAAK;QACzB,kBAAkB,EAAE,EAAE;QACtB,eAAe,EAAE,CAAC;QAClB,SAAS,EAAE;YACT,SAAS,EAAE,oBAAoB;YAC/B,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,aAAa,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK;YACnC,iBAAiB,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU;SAC7C;KACF,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,QAA2C;IAMlE,OAAO;QACL,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;QAChE,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;QACxD,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;QAC5D,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;KACvD,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,MAKrB;IACC,IAAI,MAAM,CAAC,QAAQ,GAAG,CAAC,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC5D,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,GAAG,CAAC;QAAE,OAAO,UAAU,CAAC;IAC3D,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/registry/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,eAAe,EACf,iBAAiB,GAClB,MAAM,UAAU,CAAC;AAElB,YAAY,EACV,cAAc,EACd,eAAe,EACf,iBAAiB,GAClB,MAAM,UAAU,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.buildAttackReport = exports.buildScanReport = exports.RegistryClient = void 0;
|
|
4
|
+
var client_1 = require("./client");
|
|
5
|
+
Object.defineProperty(exports, "RegistryClient", { enumerable: true, get: function () { return client_1.RegistryClient; } });
|
|
6
|
+
Object.defineProperty(exports, "buildScanReport", { enumerable: true, get: function () { return client_1.buildScanReport; } });
|
|
7
|
+
Object.defineProperty(exports, "buildAttackReport", { enumerable: true, get: function () { return client_1.buildAttackReport; } });
|
|
8
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/registry/index.ts"],"names":[],"mappings":";;;AAAA,mCAIkB;AAHhB,wGAAA,cAAc,OAAA;AACd,yGAAA,eAAe,OAAA;AACf,2GAAA,iBAAiB,OAAA"}
|