hackmyagent 0.9.9 → 0.10.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +24 -2
- package/dist/cli.js +177 -8
- package/dist/cli.js.map +1 -1
- package/dist/index.d.ts +3 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +9 -3
- package/dist/index.js.map +1 -1
- package/dist/registry/client.d.ts +49 -0
- package/dist/registry/client.d.ts.map +1 -1
- package/dist/registry/client.js +36 -0
- package/dist/registry/client.js.map +1 -1
- package/dist/registry/index.d.ts +2 -0
- package/dist/registry/index.d.ts.map +1 -1
- package/dist/registry/index.js +8 -1
- package/dist/registry/index.js.map +1 -1
- package/dist/registry/publish.d.ts +77 -0
- package/dist/registry/publish.d.ts.map +1 -0
- package/dist/registry/publish.js +316 -0
- package/dist/registry/publish.js.map +1 -0
- package/dist/scanner/external-scanner.d.ts.map +1 -1
- package/dist/scanner/external-scanner.js +43 -9
- package/dist/scanner/external-scanner.js.map +1 -1
- package/dist/scanner/types.d.ts +1 -0
- package/dist/scanner/types.d.ts.map +1 -1
- package/dist/soul/scanner.d.ts.map +1 -1
- package/dist/soul/scanner.js +2 -1
- package/dist/soul/scanner.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,316 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* ATP Publish Flow — Push scan results to the OpenA2A Registry.
|
|
4
|
+
*
|
|
5
|
+
* Supports two paths:
|
|
6
|
+
* 1. Claimed agent: reads Ed25519 keypair from ~/.opena2a/keys/, signs payload, full weight (1.0x)
|
|
7
|
+
* 2. Community fallback: no auth, results have lower weight (0.5x)
|
|
8
|
+
*
|
|
9
|
+
* Used by the --publish flag on secure, attack, and scan-soul commands.
|
|
10
|
+
*/
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.readAgentKeypair = readAgentKeypair;
|
|
13
|
+
exports.signPayload = signPayload;
|
|
14
|
+
exports.buildPublishPayload = buildPublishPayload;
|
|
15
|
+
exports.publishScanResults = publishScanResults;
|
|
16
|
+
exports.formatPublishOutput = formatPublishOutput;
|
|
17
|
+
const crypto_1 = require("crypto");
|
|
18
|
+
const client_1 = require("./client");
|
|
19
|
+
/**
|
|
20
|
+
* Read the agent's Ed25519 keypair from ~/.opena2a/keys/.
|
|
21
|
+
* Returns null if no keypair exists (agent not claimed).
|
|
22
|
+
*
|
|
23
|
+
* The keys directory can be overridden via OPENA2A_HOME env var
|
|
24
|
+
* (defaults to ~/.opena2a).
|
|
25
|
+
*/
|
|
26
|
+
function readAgentKeypair() {
|
|
27
|
+
try {
|
|
28
|
+
const fs = require('fs');
|
|
29
|
+
const path = require('path');
|
|
30
|
+
const os = require('os');
|
|
31
|
+
const opena2aHome = process.env.OPENA2A_HOME || path.join(os.homedir(), '.opena2a');
|
|
32
|
+
const keysDir = path.join(opena2aHome, 'keys');
|
|
33
|
+
if (!fs.existsSync(keysDir)) {
|
|
34
|
+
return null;
|
|
35
|
+
}
|
|
36
|
+
const pubKeyPath = path.join(keysDir, 'agent.pub');
|
|
37
|
+
const privKeyPath = path.join(keysDir, 'agent.key');
|
|
38
|
+
const agentIdPath = path.join(keysDir, 'agent-id');
|
|
39
|
+
if (!fs.existsSync(pubKeyPath) || !fs.existsSync(privKeyPath)) {
|
|
40
|
+
return null;
|
|
41
|
+
}
|
|
42
|
+
const publicKey = fs.readFileSync(pubKeyPath, 'utf-8').trim();
|
|
43
|
+
const privateKey = fs.readFileSync(privKeyPath, 'utf-8').trim();
|
|
44
|
+
const agentId = fs.existsSync(agentIdPath)
|
|
45
|
+
? fs.readFileSync(agentIdPath, 'utf-8').trim()
|
|
46
|
+
: undefined;
|
|
47
|
+
return { publicKey, privateKey, agentId };
|
|
48
|
+
}
|
|
49
|
+
catch {
|
|
50
|
+
return null;
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
/**
|
|
54
|
+
* Sign a payload string with the agent's Ed25519 private key.
|
|
55
|
+
* Returns the base64-encoded signature, or null if signing fails.
|
|
56
|
+
*/
|
|
57
|
+
function signPayload(payload, privateKeyPem) {
|
|
58
|
+
try {
|
|
59
|
+
const crypto = require('crypto');
|
|
60
|
+
const privateKey = crypto.createPrivateKey(privateKeyPem);
|
|
61
|
+
const signature = crypto.sign(null, Buffer.from(payload), privateKey);
|
|
62
|
+
return signature.toString('base64');
|
|
63
|
+
}
|
|
64
|
+
catch {
|
|
65
|
+
return null;
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* Build a unified publish payload from scan data.
|
|
70
|
+
* Combines results from hardening, attack, SOUL, and OASB scans.
|
|
71
|
+
*/
|
|
72
|
+
function buildPublishPayload(data) {
|
|
73
|
+
const scanId = `hma-publish-${Date.now()}`;
|
|
74
|
+
const completedAt = new Date().toISOString();
|
|
75
|
+
// Determine overall status from hardening findings
|
|
76
|
+
let status = 'passed';
|
|
77
|
+
let criticalCount = 0;
|
|
78
|
+
let highCount = 0;
|
|
79
|
+
let mediumCount = 0;
|
|
80
|
+
let lowCount = 0;
|
|
81
|
+
const vulnerabilities = [];
|
|
82
|
+
if (data.hardeningFindings) {
|
|
83
|
+
const failed = data.hardeningFindings.filter(f => !f.passed && !f.fixed);
|
|
84
|
+
for (const f of failed) {
|
|
85
|
+
if (f.severity === 'critical')
|
|
86
|
+
criticalCount++;
|
|
87
|
+
else if (f.severity === 'high')
|
|
88
|
+
highCount++;
|
|
89
|
+
else if (f.severity === 'medium')
|
|
90
|
+
mediumCount++;
|
|
91
|
+
else if (f.severity === 'low')
|
|
92
|
+
lowCount++;
|
|
93
|
+
vulnerabilities.push({
|
|
94
|
+
id: f.checkId,
|
|
95
|
+
severity: f.severity,
|
|
96
|
+
title: f.name,
|
|
97
|
+
description: f.description,
|
|
98
|
+
});
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
// Incorporate attack results into severity counts
|
|
102
|
+
if (data.attackReport) {
|
|
103
|
+
const successfulAttacks = data.attackReport.results.filter(r => r.success);
|
|
104
|
+
for (const r of successfulAttacks) {
|
|
105
|
+
if (r.payload.severity === 'critical')
|
|
106
|
+
criticalCount++;
|
|
107
|
+
else if (r.payload.severity === 'high')
|
|
108
|
+
highCount++;
|
|
109
|
+
else if (r.payload.severity === 'medium')
|
|
110
|
+
mediumCount++;
|
|
111
|
+
else
|
|
112
|
+
lowCount++;
|
|
113
|
+
vulnerabilities.push({
|
|
114
|
+
id: r.payload.id,
|
|
115
|
+
severity: r.payload.severity,
|
|
116
|
+
title: `Attack: ${r.payload.category} - ${r.payload.id}`,
|
|
117
|
+
description: r.response?.substring(0, 500) || 'Attack succeeded',
|
|
118
|
+
});
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
// Derive overall status
|
|
122
|
+
if (criticalCount > 0 || highCount > 0)
|
|
123
|
+
status = 'failed';
|
|
124
|
+
else if (mediumCount > 0 || lowCount > 0)
|
|
125
|
+
status = 'warnings';
|
|
126
|
+
// Build raw report with all scan type data
|
|
127
|
+
const rawReport = {
|
|
128
|
+
generator: 'hackmyagent',
|
|
129
|
+
publishedVia: 'atp-publish',
|
|
130
|
+
};
|
|
131
|
+
if (data.hardeningFindings) {
|
|
132
|
+
const total = data.hardeningFindings.length;
|
|
133
|
+
const failed = data.hardeningFindings.filter(f => !f.passed && !f.fixed).length;
|
|
134
|
+
rawReport.hardening = {
|
|
135
|
+
totalChecks: total,
|
|
136
|
+
failedChecks: failed,
|
|
137
|
+
passRate: total > 0 ? Math.round(((total - failed) / total) * 100) : 100,
|
|
138
|
+
};
|
|
139
|
+
}
|
|
140
|
+
if (data.attackReport) {
|
|
141
|
+
rawReport.attack = {
|
|
142
|
+
riskScore: data.attackReport.riskScore,
|
|
143
|
+
riskRating: data.attackReport.riskRating,
|
|
144
|
+
totalPayloads: data.attackReport.summary.total,
|
|
145
|
+
successfulAttacks: data.attackReport.summary.successful,
|
|
146
|
+
blockedAttacks: data.attackReport.summary.blocked,
|
|
147
|
+
};
|
|
148
|
+
}
|
|
149
|
+
if (data.soulResult) {
|
|
150
|
+
rawReport.soul = {
|
|
151
|
+
score: data.soulResult.score,
|
|
152
|
+
conformance: data.soulResult.conformance,
|
|
153
|
+
agentTier: data.soulResult.agentTier,
|
|
154
|
+
totalControls: data.soulResult.totalControls,
|
|
155
|
+
totalPassed: data.soulResult.totalPassed,
|
|
156
|
+
};
|
|
157
|
+
}
|
|
158
|
+
if (data.oasbResult) {
|
|
159
|
+
rawReport.oasb = {
|
|
160
|
+
compliance: data.oasbResult.compliance,
|
|
161
|
+
rating: data.oasbResult.rating,
|
|
162
|
+
l1Compliance: data.oasbResult.l1Compliance,
|
|
163
|
+
l2Compliance: data.oasbResult.l2Compliance,
|
|
164
|
+
l3Compliance: data.oasbResult.l3Compliance,
|
|
165
|
+
};
|
|
166
|
+
}
|
|
167
|
+
// Compute content hash
|
|
168
|
+
const canonical = [
|
|
169
|
+
scanId,
|
|
170
|
+
data.packageName,
|
|
171
|
+
data.packageType || '',
|
|
172
|
+
data.packageVersion || '',
|
|
173
|
+
status,
|
|
174
|
+
criticalCount,
|
|
175
|
+
highCount,
|
|
176
|
+
mediumCount,
|
|
177
|
+
lowCount,
|
|
178
|
+
].join('|');
|
|
179
|
+
const contentHash = (0, crypto_1.createHash)('sha256').update(canonical).digest('hex');
|
|
180
|
+
const payload = {
|
|
181
|
+
packageName: data.packageName,
|
|
182
|
+
packageType: data.packageType,
|
|
183
|
+
version: data.packageVersion,
|
|
184
|
+
scanId,
|
|
185
|
+
status,
|
|
186
|
+
completedAt,
|
|
187
|
+
vulnerabilities,
|
|
188
|
+
criticalCount,
|
|
189
|
+
highCount,
|
|
190
|
+
mediumCount,
|
|
191
|
+
lowCount,
|
|
192
|
+
rawReport,
|
|
193
|
+
contentHash,
|
|
194
|
+
};
|
|
195
|
+
// Add ATP extension fields
|
|
196
|
+
if (data.oasbResult) {
|
|
197
|
+
payload.oasbCompliance = data.oasbResult.compliance;
|
|
198
|
+
payload.oasbRating = data.oasbResult.rating;
|
|
199
|
+
payload.oasbL1 = data.oasbResult.l1Compliance;
|
|
200
|
+
payload.oasbL2 = data.oasbResult.l2Compliance;
|
|
201
|
+
payload.oasbL3 = data.oasbResult.l3Compliance;
|
|
202
|
+
}
|
|
203
|
+
if (data.soulResult) {
|
|
204
|
+
payload.soulScore = data.soulResult.score;
|
|
205
|
+
payload.soulConformance = data.soulResult.conformance;
|
|
206
|
+
payload.soulAgentTier = data.soulResult.agentTier;
|
|
207
|
+
}
|
|
208
|
+
if (data.attackReport) {
|
|
209
|
+
payload.attackRiskScore = data.attackReport.riskScore;
|
|
210
|
+
payload.attackRiskRating = data.attackReport.riskRating;
|
|
211
|
+
payload.attackTotal = data.attackReport.summary.total;
|
|
212
|
+
payload.attackSucceeded = data.attackReport.summary.successful;
|
|
213
|
+
}
|
|
214
|
+
return payload;
|
|
215
|
+
}
|
|
216
|
+
/**
|
|
217
|
+
* Publish scan results to the OpenA2A Registry.
|
|
218
|
+
*
|
|
219
|
+
* Flow:
|
|
220
|
+
* 1. Read keypair from ~/.opena2a/keys/ (if claimed)
|
|
221
|
+
* 2. Build unified payload from scan data
|
|
222
|
+
* 3. Sign payload if keypair exists
|
|
223
|
+
* 4. POST to registry (claimed or community path)
|
|
224
|
+
*/
|
|
225
|
+
async function publishScanResults(data, registryUrl) {
|
|
226
|
+
const keypair = readAgentKeypair();
|
|
227
|
+
const isCommunity = !keypair;
|
|
228
|
+
if (isCommunity) {
|
|
229
|
+
console.log("No signing keys found at ~/.opena2a/keys/. Run 'opena2a claim <package>' to create keys for full-weight publishing. Submitting as community contribution (0.5x weight).");
|
|
230
|
+
}
|
|
231
|
+
const payload = buildPublishPayload(data);
|
|
232
|
+
// Sign if we have a keypair
|
|
233
|
+
if (keypair) {
|
|
234
|
+
const payloadString = JSON.stringify(payload);
|
|
235
|
+
const signature = signPayload(payloadString, keypair.privateKey);
|
|
236
|
+
if (signature) {
|
|
237
|
+
payload.signature = signature;
|
|
238
|
+
payload.publicKey = keypair.publicKey;
|
|
239
|
+
}
|
|
240
|
+
if (keypair.agentId) {
|
|
241
|
+
payload.agentId = keypair.agentId;
|
|
242
|
+
}
|
|
243
|
+
}
|
|
244
|
+
try {
|
|
245
|
+
const client = new client_1.RegistryClient({ registryUrl, apiKey: '' });
|
|
246
|
+
// Request a scan token before submitting (required by registry)
|
|
247
|
+
const tokenResponse = await client.requestScanToken(data.packageName, {
|
|
248
|
+
packageType: data.packageType,
|
|
249
|
+
version: data.packageVersion,
|
|
250
|
+
});
|
|
251
|
+
const scanToken = tokenResponse?.scanToken;
|
|
252
|
+
const result = await client.reportPublishResult(payload, scanToken);
|
|
253
|
+
return {
|
|
254
|
+
success: true,
|
|
255
|
+
scanId: result.scanId,
|
|
256
|
+
profileUrl: result.profileUrl,
|
|
257
|
+
status: result.status,
|
|
258
|
+
isCommunity,
|
|
259
|
+
};
|
|
260
|
+
}
|
|
261
|
+
catch (err) {
|
|
262
|
+
const message = err instanceof Error ? err.message : 'Unknown error';
|
|
263
|
+
return {
|
|
264
|
+
success: false,
|
|
265
|
+
scanId: payload.scanId,
|
|
266
|
+
profileUrl: `${registryUrl}/agents/${data.packageName}`,
|
|
267
|
+
status: 'error',
|
|
268
|
+
isCommunity,
|
|
269
|
+
error: message,
|
|
270
|
+
};
|
|
271
|
+
}
|
|
272
|
+
}
|
|
273
|
+
/**
|
|
274
|
+
* Format the publish result for terminal output.
|
|
275
|
+
*/
|
|
276
|
+
function formatPublishOutput(result, data, registryUrl) {
|
|
277
|
+
const lines = [];
|
|
278
|
+
if (result.success) {
|
|
279
|
+
lines.push('Published to ' + new URL(registryUrl).hostname);
|
|
280
|
+
lines.push(' Agent: ' + data.packageName);
|
|
281
|
+
lines.push(' Scan ID: ' + result.scanId);
|
|
282
|
+
lines.push(' Status: ' + result.status);
|
|
283
|
+
// Build summary of what was included
|
|
284
|
+
const parts = [];
|
|
285
|
+
if (data.hardeningFindings) {
|
|
286
|
+
const failed = data.hardeningFindings.filter(f => !f.passed && !f.fixed);
|
|
287
|
+
parts.push(`hardening (${failed.length} finding${failed.length === 1 ? '' : 's'})`);
|
|
288
|
+
}
|
|
289
|
+
if (data.oasbResult) {
|
|
290
|
+
parts.push(`OASB (${data.oasbResult.compliance}% compliance)`);
|
|
291
|
+
}
|
|
292
|
+
if (data.soulResult) {
|
|
293
|
+
parts.push(`SOUL (${data.soulResult.score}/100)`);
|
|
294
|
+
}
|
|
295
|
+
if (data.attackReport) {
|
|
296
|
+
parts.push(`attack (${data.attackReport.riskRating} risk)`);
|
|
297
|
+
}
|
|
298
|
+
if (parts.length > 0) {
|
|
299
|
+
lines.push(' Scans: ' + parts.join(', '));
|
|
300
|
+
}
|
|
301
|
+
lines.push(' Trust impact: score may increase on next recalculation');
|
|
302
|
+
if (result.isCommunity) {
|
|
303
|
+
lines.push('');
|
|
304
|
+
lines.push(' Published as community scan (0.5x weight).');
|
|
305
|
+
lines.push(' Run `opena2a claim` first for full weight (1.0x).');
|
|
306
|
+
}
|
|
307
|
+
lines.push('');
|
|
308
|
+
lines.push('Profile: ' + result.profileUrl);
|
|
309
|
+
}
|
|
310
|
+
else {
|
|
311
|
+
lines.push('Failed to publish to registry: ' + (result.error || 'unknown error'));
|
|
312
|
+
lines.push('Scan results are still available locally.');
|
|
313
|
+
}
|
|
314
|
+
return lines.join('\n');
|
|
315
|
+
}
|
|
316
|
+
//# sourceMappingURL=publish.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"publish.js","sourceRoot":"","sources":["../../src/registry/publish.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;AAiDH,4CA8BC;AAMD,kCASC;AAMD,kDA2JC;AAWD,gDAwDC;AAKD,kDAgDC;AArXD,mCAAoC;AAKpC,qCAAqE;AAmCrE;;;;;;GAMG;AACH,SAAgB,gBAAgB;IAC9B,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QACzB,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;QAC7B,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAEzB,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAC;QACpF,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QAC/C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACnD,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACpD,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAEnD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC9D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9D,MAAM,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QAChE,MAAM,OAAO,GAAG,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC;YACxC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE;YAC9C,CAAC,CAAC,SAAS,CAAC;QAEd,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,WAAW,CAAC,OAAe,EAAE,aAAqB;IAChE,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;QAC1D,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,UAAU,CAAC,CAAC;QACtE,OAAO,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,mBAAmB,CAAC,IAAqB;IACvD,MAAM,MAAM,GAAG,eAAe,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;IAC3C,MAAM,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAE7C,mDAAmD;IACnD,IAAI,MAAM,GAA+C,QAAQ,CAAC;IAClE,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,MAAM,eAAe,GAKhB,EAAE,CAAC;IAER,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACzE,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU;gBAAE,aAAa,EAAE,CAAC;iBAC1C,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM;gBAAE,SAAS,EAAE,CAAC;iBACvC,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ;gBAAE,WAAW,EAAE,CAAC;iBAC3C,IAAI,CAAC,CAAC,QAAQ,KAAK,KAAK;gBAAE,QAAQ,EAAE,CAAC;YAE1C,eAAe,CAAC,IAAI,CAAC;gBACnB,EAAE,EAAE,CAAC,CAAC,OAAO;gBACb,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,KAAK,EAAE,CAAC,CAAC,IAAI;gBACb,WAAW,EAAE,CAAC,CAAC,WAAW;aAC3B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,MAAM,iBAAiB,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAC3E,KAAK,MAAM,CAAC,IAAI,iBAAiB,EAAE,CAAC;YAClC,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,UAAU;gBAAE,aAAa,EAAE,CAAC;iBAClD,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,MAAM;gBAAE,SAAS,EAAE,CAAC;iBAC/C,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,QAAQ;gBAAE,WAAW,EAAE,CAAC;;gBACnD,QAAQ,EAAE,CAAC;YAEhB,eAAe,CAAC,IAAI,CAAC;gBACnB,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE;gBAChB,QAAQ,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ;gBAC5B,KAAK,EAAE,WAAW,CAAC,CAAC,OAAO,CAAC,QAAQ,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,EAAE;gBACxD,WAAW,EAAE,CAAC,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,kBAAkB;aACjE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,IAAI,aAAa,GAAG,CAAC,IAAI,SAAS,GAAG,CAAC;QAAE,MAAM,GAAG,QAAQ,CAAC;SACrD,IAAI,WAAW,GAAG,CAAC,IAAI,QAAQ,GAAG,CAAC;QAAE,MAAM,GAAG,UAAU,CAAC;IAE9D,2CAA2C;IAC3C,MAAM,SAAS,GAA4B;QACzC,SAAS,EAAE,aAAa;QACxB,YAAY,EAAE,aAAa;KAC5B,CAAC;IAEF,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC;QAC5C,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;QAChF,SAAS,CAAC,SAAS,GAAG;YACpB,WAAW,EAAE,KAAK;YAClB,YAAY,EAAE,MAAM;YACpB,QAAQ,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,MAAM,CAAC,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG;SACzE,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,SAAS,CAAC,MAAM,GAAG;YACjB,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,SAAS;YACtC,UAAU,EAAE,IAAI,CAAC,YAAY,CAAC,UAAU;YACxC,aAAa,EAAE,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK;YAC9C,iBAAiB,EAAE,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,UAAU;YACvD,cAAc,EAAE,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO;SAClD,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,SAAS,CAAC,IAAI,GAAG;YACf,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,KAAK;YAC5B,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,WAAW;YACxC,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,SAAS;YACpC,aAAa,EAAE,IAAI,CAAC,UAAU,CAAC,aAAa;YAC5C,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,WAAW;SACzC,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,SAAS,CAAC,IAAI,GAAG;YACf,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;YACtC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM;YAC9B,YAAY,EAAE,IAAI,CAAC,UAAU,CAAC,YAAY;YAC1C,YAAY,EAAE,IAAI,CAAC,UAAU,CAAC,YAAY;YAC1C,YAAY,EAAE,IAAI,CAAC,UAAU,CAAC,YAAY;SAC3C,CAAC;IACJ,CAAC;IAED,uBAAuB;IACvB,MAAM,SAAS,GAAG;QAChB,MAAM;QACN,IAAI,CAAC,WAAW;QAChB,IAAI,CAAC,WAAW,IAAI,EAAE;QACtB,IAAI,CAAC,cAAc,IAAI,EAAE;QACzB,MAAM;QACN,aAAa;QACb,SAAS;QACT,WAAW;QACX,QAAQ;KACT,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,MAAM,WAAW,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEzE,MAAM,OAAO,GAAmD;QAC9D,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,OAAO,EAAE,IAAI,CAAC,cAAc;QAC5B,MAAM;QACN,MAAM;QACN,WAAW;QACX,eAAe;QACf,aAAa;QACb,SAAS;QACT,WAAW;QACX,QAAQ;QACR,SAAS;QACT,WAAW;KACZ,CAAC;IAEF,2BAA2B;IAC3B,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QACpD,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;QAC5C,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;QAC9C,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;QAC9C,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;IAChD,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;QAC1C,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;QACtD,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;IACpD,CAAC;IAED,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC;QACtD,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC;QACxD,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC;QACtD,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC;IACjE,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;;;GAQG;AACI,KAAK,UAAU,kBAAkB,CACtC,IAAqB,EACrB,WAAmB;IAEnB,MAAM,OAAO,GAAG,gBAAgB,EAAE,CAAC;IACnC,MAAM,WAAW,GAAG,CAAC,OAAO,CAAC;IAE7B,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,yKAAyK,CAAC,CAAC;IACzL,CAAC;IAED,MAAM,OAAO,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IAE1C,4BAA4B;IAC5B,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,SAAS,GAAG,WAAW,CAAC,aAAa,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;QACjE,IAAI,SAAS,EAAE,CAAC;YACb,OAAmC,CAAC,SAAS,GAAG,SAAS,CAAC;YAC1D,OAAmC,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QACrE,CAAC;QACD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACnB,OAAmC,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QACjE,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,uBAAc,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;QAE/D,gEAAgE;QAChE,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,WAAW,EAAE;YACpE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,OAAO,EAAE,IAAI,CAAC,cAAc;SAC7B,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,aAAa,EAAE,SAAS,CAAC;QAE3C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,OAAc,EAAE,SAAS,CAAC,CAAC;QAE3E,OAAO;YACL,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,WAAW;SACZ,CAAC;IACJ,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;QACrE,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,UAAU,EAAE,GAAG,WAAW,WAAW,IAAI,CAAC,WAAW,EAAE;YACvD,MAAM,EAAE,OAAO;YACf,WAAW;YACX,KAAK,EAAE,OAAO;SACf,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CACjC,MAAqB,EACrB,IAAqB,EACrB,WAAmB;IAEnB,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,KAAK,CAAC,IAAI,CAAC,eAAe,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC;QAC3C,KAAK,CAAC,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;QAC1C,KAAK,CAAC,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;QAEzC,qCAAqC;QACrC,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YACzE,KAAK,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,MAAM,WAAW,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;QACtF,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,UAAU,eAAe,CAAC,CAAC;QACjE,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,KAAK,OAAO,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY,CAAC,UAAU,QAAQ,CAAC,CAAC;QAC9D,CAAC;QACD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,KAAK,CAAC,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7C,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;QAEvE,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACf,KAAK,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;YAC3D,KAAK,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;QACpE,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;IAC9C,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,iCAAiC,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,eAAe,CAAC,CAAC,CAAC;QAClF,KAAK,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"external-scanner.d.ts","sourceRoot":"","sources":["../../src/scanner/external-scanner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,OAAO,KAAK,EAAE,kBAAkB,EAAmB,cAAc,EAAmB,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"external-scanner.d.ts","sourceRoot":"","sources":["../../src/scanner/external-scanner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,OAAO,KAAK,EAAE,kBAAkB,EAAmB,cAAc,EAAmB,MAAM,SAAS,CAAC;AA0EpG,qBAAa,eAAe;IACpB,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,kBAAkB,CAAC;YAqDnE,SAAS;IAmBvB,OAAO,CAAC,UAAU;YAyBJ,SAAS;IAwHvB,OAAO,CAAC,SAAS;CA+ClB"}
|
|
@@ -87,8 +87,41 @@ function calculateGrade(score) {
|
|
|
87
87
|
return 'D';
|
|
88
88
|
return 'F';
|
|
89
89
|
}
|
|
90
|
+
function isPrivateOrReserved(hostname) {
|
|
91
|
+
if (hostname === '169.254.169.254' || hostname === 'metadata.google.internal')
|
|
92
|
+
return true;
|
|
93
|
+
if (net.isIPv4(hostname)) {
|
|
94
|
+
const parts = hostname.split('.').map(Number);
|
|
95
|
+
if (parts[0] === 10)
|
|
96
|
+
return true;
|
|
97
|
+
if (parts[0] === 172 && parts[1] >= 16 && parts[1] <= 31)
|
|
98
|
+
return true;
|
|
99
|
+
if (parts[0] === 192 && parts[1] === 168)
|
|
100
|
+
return true;
|
|
101
|
+
if (parts[0] === 0)
|
|
102
|
+
return true;
|
|
103
|
+
}
|
|
104
|
+
return false;
|
|
105
|
+
}
|
|
106
|
+
function validateTarget(target) {
|
|
107
|
+
// Validate protocol if a full URL was provided
|
|
108
|
+
if (target.includes('://')) {
|
|
109
|
+
const protocol = target.split('://')[0].toLowerCase();
|
|
110
|
+
if (protocol !== 'http' && protocol !== 'https') {
|
|
111
|
+
throw new Error(`Unsupported protocol "${protocol}". Only http and https are allowed.`);
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
}
|
|
90
115
|
class ExternalScanner {
|
|
91
116
|
async scan(target, options) {
|
|
117
|
+
// Validate protocol (block file://, gopher://, etc.)
|
|
118
|
+
validateTarget(target);
|
|
119
|
+
// Extract hostname for private IP warning
|
|
120
|
+
const hostname = target.replace(/^https?:\/\//, '').split(/[:/]/)[0];
|
|
121
|
+
if (isPrivateOrReserved(hostname)) {
|
|
122
|
+
// Log warning but allow — scanning local services is a core use case for security testing
|
|
123
|
+
console.warn(`[HMA] Warning: scanning private/reserved address "${hostname}". Ensure you have authorization.`);
|
|
124
|
+
}
|
|
92
125
|
const startTime = Date.now();
|
|
93
126
|
const timeout = options?.timeout ?? 5000;
|
|
94
127
|
const ports = options?.ports ?? DEFAULT_PORTS;
|
|
@@ -100,8 +133,9 @@ class ExternalScanner {
|
|
|
100
133
|
}
|
|
101
134
|
// Run security checks on open ports
|
|
102
135
|
const findings = [];
|
|
136
|
+
const insecure = options?.insecure === true;
|
|
103
137
|
for (const port of openPorts) {
|
|
104
|
-
const portFindings = await this.checkPort(target, port, timeout);
|
|
138
|
+
const portFindings = await this.checkPort(target, port, timeout, insecure);
|
|
105
139
|
findings.push(...portFindings);
|
|
106
140
|
}
|
|
107
141
|
// Calculate score
|
|
@@ -152,13 +186,13 @@ class ExternalScanner {
|
|
|
152
186
|
socket.connect(port, host);
|
|
153
187
|
});
|
|
154
188
|
}
|
|
155
|
-
async checkPort(target, port, timeout) {
|
|
189
|
+
async checkPort(target, port, timeout, insecure = false) {
|
|
156
190
|
const findings = [];
|
|
157
191
|
const useHttps = port === 443;
|
|
158
192
|
const baseUrl = `http${useHttps ? 's' : ''}://${target}:${port}`;
|
|
159
193
|
// Check MCP SSE endpoints
|
|
160
194
|
for (const path of MCP_SSE_PATHS) {
|
|
161
|
-
const result = await this.httpProbe(baseUrl + path, timeout);
|
|
195
|
+
const result = await this.httpProbe(baseUrl + path, timeout, insecure);
|
|
162
196
|
if (result && result.contentType?.includes('text/event-stream')) {
|
|
163
197
|
findings.push({
|
|
164
198
|
id: generateId(),
|
|
@@ -177,7 +211,7 @@ class ExternalScanner {
|
|
|
177
211
|
}
|
|
178
212
|
// Check MCP tools endpoints
|
|
179
213
|
for (const path of MCP_TOOLS_PATHS) {
|
|
180
|
-
const result = await this.httpProbe(baseUrl + path, timeout);
|
|
214
|
+
const result = await this.httpProbe(baseUrl + path, timeout, insecure);
|
|
181
215
|
if (result && result.status === 200 && result.body?.includes('tools')) {
|
|
182
216
|
findings.push({
|
|
183
217
|
id: generateId(),
|
|
@@ -196,7 +230,7 @@ class ExternalScanner {
|
|
|
196
230
|
}
|
|
197
231
|
// Check config files
|
|
198
232
|
for (const path of CONFIG_PATHS) {
|
|
199
|
-
const result = await this.httpProbe(baseUrl + path, timeout);
|
|
233
|
+
const result = await this.httpProbe(baseUrl + path, timeout, insecure);
|
|
200
234
|
if (result && result.status === 200 && result.body) {
|
|
201
235
|
// Check if it looks like JSON config
|
|
202
236
|
if (result.contentType?.includes('application/json') ||
|
|
@@ -218,7 +252,7 @@ class ExternalScanner {
|
|
|
218
252
|
}
|
|
219
253
|
// Check CLAUDE.md
|
|
220
254
|
for (const path of CLAUDE_MD_PATHS) {
|
|
221
|
-
const result = await this.httpProbe(baseUrl + path, timeout);
|
|
255
|
+
const result = await this.httpProbe(baseUrl + path, timeout, insecure);
|
|
222
256
|
if (result && result.status === 200 && result.body) {
|
|
223
257
|
findings.push({
|
|
224
258
|
id: generateId(),
|
|
@@ -236,7 +270,7 @@ class ExternalScanner {
|
|
|
236
270
|
}
|
|
237
271
|
}
|
|
238
272
|
// Check root path for API keys in responses
|
|
239
|
-
const rootResult = await this.httpProbe(baseUrl + '/', timeout);
|
|
273
|
+
const rootResult = await this.httpProbe(baseUrl + '/', timeout, insecure);
|
|
240
274
|
if (rootResult && rootResult.body) {
|
|
241
275
|
for (const { name, pattern } of API_KEY_PATTERNS) {
|
|
242
276
|
if (pattern.test(rootResult.body)) {
|
|
@@ -258,7 +292,7 @@ class ExternalScanner {
|
|
|
258
292
|
}
|
|
259
293
|
return findings;
|
|
260
294
|
}
|
|
261
|
-
httpProbe(url, timeout) {
|
|
295
|
+
httpProbe(url, timeout, insecure = false) {
|
|
262
296
|
return new Promise((resolve) => {
|
|
263
297
|
const isHttps = url.startsWith('https://');
|
|
264
298
|
const client = isHttps ? https : http;
|
|
@@ -268,7 +302,7 @@ class ExternalScanner {
|
|
|
268
302
|
'User-Agent': 'HackMyAgent-Scanner/1.0',
|
|
269
303
|
'ngrok-skip-browser-warning': 'true',
|
|
270
304
|
},
|
|
271
|
-
rejectUnauthorized:
|
|
305
|
+
rejectUnauthorized: !insecure,
|
|
272
306
|
}, (res) => {
|
|
273
307
|
let body = '';
|
|
274
308
|
res.on('data', (chunk) => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"external-scanner.js","sourceRoot":"","sources":["../../src/scanner/external-scanner.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,yCAA2B;AAC3B,2CAA6B;AAC7B,6CAA+B;AAG/B,wBAAwB;AACxB,MAAM,aAAa,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;AAExF,6BAA6B;AAC7B,MAAM,YAAY,GAAG;IACnB,wBAAwB;IACxB,WAAW;IACX,mBAAmB;IACnB,mBAAmB;IACnB,cAAc;IACd,OAAO;CACR,CAAC;AAEF,8BAA8B;AAC9B,MAAM,aAAa,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;AACrE,MAAM,eAAe,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;AAEvE,kBAAkB;AAClB,MAAM,eAAe,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;AAE7D,mBAAmB;AACnB,MAAM,gBAAgB,GAAG;IACvB,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,mCAAmC,EAAE;IACnE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,yBAAyB,EAAE;IACtD,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,qBAAqB,EAAE;IAClD,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,kBAAkB,EAAE;IAC5C,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,qBAAqB,EAAE;IAClD,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,4CAA4C,EAAE;CAC1E,CAAC;AAEF,+BAA+B;AAC/B,MAAM,gBAAgB,GAAoC;IACxD,QAAQ,EAAE,EAAE;IACZ,IAAI,EAAE,EAAE;IACR,MAAM,EAAE,EAAE;IACV,GAAG,EAAE,CAAC;CACP,CAAC;AAEF,SAAS,UAAU;IACjB,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,cAAc,CAAC,KAAa;IACnC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAa,eAAe;IAC1B,KAAK,CAAC,IAAI,CAAC,MAAc,EAAE,OAAwB;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,IAAI,CAAC;QACzC,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,IAAI,aAAa,CAAC;QAC9C,MAAM,YAAY,GAAG,OAAO,EAAE,YAAY,IAAI,KAAK,CAAC;QAEpD,YAAY;QACZ,IAAI,SAAS,GAAa,EAAE,CAAC;QAC7B,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QAC3D,CAAC;QAED,oCAAoC;QACpC,MAAM,QAAQ,GAAsB,EAAE,CAAC;QAEvC,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"external-scanner.js","sourceRoot":"","sources":["../../src/scanner/external-scanner.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,yCAA2B;AAC3B,2CAA6B;AAC7B,6CAA+B;AAG/B,wBAAwB;AACxB,MAAM,aAAa,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;AAExF,6BAA6B;AAC7B,MAAM,YAAY,GAAG;IACnB,wBAAwB;IACxB,WAAW;IACX,mBAAmB;IACnB,mBAAmB;IACnB,cAAc;IACd,OAAO;CACR,CAAC;AAEF,8BAA8B;AAC9B,MAAM,aAAa,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;AACrE,MAAM,eAAe,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;AAEvE,kBAAkB;AAClB,MAAM,eAAe,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;AAE7D,mBAAmB;AACnB,MAAM,gBAAgB,GAAG;IACvB,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,mCAAmC,EAAE;IACnE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,yBAAyB,EAAE;IACtD,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,qBAAqB,EAAE;IAClD,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,kBAAkB,EAAE;IAC5C,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,qBAAqB,EAAE;IAClD,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,4CAA4C,EAAE;CAC1E,CAAC;AAEF,+BAA+B;AAC/B,MAAM,gBAAgB,GAAoC;IACxD,QAAQ,EAAE,EAAE;IACZ,IAAI,EAAE,EAAE;IACR,MAAM,EAAE,EAAE;IACV,GAAG,EAAE,CAAC;CACP,CAAC;AAEF,SAAS,UAAU;IACjB,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,cAAc,CAAC,KAAa;IACnC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAgB;IAC3C,IAAI,QAAQ,KAAK,iBAAiB,IAAI,QAAQ,KAAK,0BAA0B;QAAE,OAAO,IAAI,CAAC;IAC3F,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE;YAAE,OAAO,IAAI,CAAC;QACjC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE;YAAE,OAAO,IAAI,CAAC;QACtE,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QACtD,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;IAClC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CAAC,MAAc;IACpC,+CAA+C;IAC/C,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACtD,IAAI,QAAQ,KAAK,MAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,qCAAqC,CAAC,CAAC;QAC1F,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAa,eAAe;IAC1B,KAAK,CAAC,IAAI,CAAC,MAAc,EAAE,OAAwB;QACjD,qDAAqD;QACrD,cAAc,CAAC,MAAM,CAAC,CAAC;QAEvB,0CAA0C;QAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACrE,IAAI,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,0FAA0F;YAC1F,OAAO,CAAC,IAAI,CAAC,qDAAqD,QAAQ,mCAAmC,CAAC,CAAC;QACjH,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,IAAI,CAAC;QACzC,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,IAAI,aAAa,CAAC;QAC9C,MAAM,YAAY,GAAG,OAAO,EAAE,YAAY,IAAI,KAAK,CAAC;QAEpD,YAAY;QACZ,IAAI,SAAS,GAAa,EAAE,CAAC;QAC7B,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QAC3D,CAAC;QAED,oCAAoC;QACpC,MAAM,QAAQ,GAAsB,EAAE,CAAC;QAEvC,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,KAAK,IAAI,CAAC;QAC5C,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;YAC3E,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;QACjC,CAAC;QAED,kBAAkB;QAClB,IAAI,KAAK,GAAG,GAAG,CAAC;QAChB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,KAAK,IAAI,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC9C,CAAC;QACD,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QAE3B,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAExC,OAAO;YACL,EAAE,EAAE,UAAU,EAAE;YAChB,MAAM;YACN,KAAK;YACL,KAAK;YACL,QAAQ;YACR,QAAQ;YACR,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,SAAS;SACV,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,SAAS,CACrB,MAAc,EACd,KAAe,EACf,OAAe;QAEf,MAAM,SAAS,GAAa,EAAE,CAAC;QAE/B,MAAM,OAAO,CAAC,GAAG,CACf,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;YACvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAC5D,IAAI,MAAM,EAAE,CAAC;gBACX,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvB,CAAC;QACH,CAAC,CAAC,CACH,CAAC;QAEF,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC;IAEO,UAAU,CAAC,IAAY,EAAE,IAAY,EAAE,OAAe;QAC5D,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;YAEhC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAE3B,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;gBACxB,MAAM,CAAC,OAAO,EAAE,CAAC;gBACjB,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;gBACxB,MAAM,CAAC,OAAO,EAAE,CAAC;gBACjB,OAAO,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACtB,MAAM,CAAC,OAAO,EAAE,CAAC;gBACjB,OAAO,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,SAAS,CACrB,MAAc,EACd,IAAY,EACZ,OAAe,EACf,QAAQ,GAAG,KAAK;QAEhB,MAAM,QAAQ,GAAsB,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,IAAI,KAAK,GAAG,CAAC;QAC9B,MAAM,OAAO,GAAG,OAAO,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,MAAM,MAAM,IAAI,IAAI,EAAE,CAAC;QAEjE,0BAA0B;QAC1B,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,GAAG,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;YACvE,IAAI,MAAM,IAAI,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBAChE,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,UAAU,EAAE;oBAChB,OAAO,EAAE,SAAS;oBAClB,QAAQ,EAAE,UAAU;oBACpB,KAAK,EAAE,0BAA0B;oBACjC,WAAW,EAAE,4DAA4D;oBACzE,IAAI;oBACJ,IAAI;oBACJ,QAAQ,EAAE,iBAAiB,MAAM,CAAC,WAAW,EAAE;oBAC/C,MAAM,EAAE,0EAA0E;oBAClF,GAAG,EAAE,uDAAuD;iBAC7D,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;YACnC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,GAAG,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;YACvE,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBACtE,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,UAAU,EAAE;oBAChB,OAAO,EAAE,WAAW;oBACpB,QAAQ,EAAE,UAAU;oBACpB,KAAK,EAAE,4BAA4B;oBACnC,WAAW,EAAE,0CAA0C;oBACvD,IAAI;oBACJ,IAAI;oBACJ,QAAQ,EAAE,0BAA0B,IAAI,EAAE;oBAC1C,MAAM,EAAE,8DAA8D;oBACtE,GAAG,EAAE,kEAAkE;iBACxE,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;QAED,qBAAqB;QACrB,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;YAChC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,GAAG,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;YACvE,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;gBACnD,qCAAqC;gBACrC,IACE,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,kBAAkB,CAAC;oBAChD,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAClC,CAAC;oBACD,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,UAAU,EAAE;wBAChB,OAAO,EAAE,gBAAgB;wBACzB,QAAQ,EAAE,UAAU;wBACpB,KAAK,EAAE,4BAA4B;wBACnC,WAAW,EAAE,sBAAsB,IAAI,yBAAyB;wBAChE,IAAI;wBACJ,IAAI;wBACJ,QAAQ,EAAE,eAAe,IAAI,EAAE;wBAC/B,MAAM,EAAE,iFAAiF;wBACzF,GAAG,EAAE,uEAAuE;qBAC7E,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,kBAAkB;QAClB,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;YACnC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,GAAG,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;YACvE,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;gBACnD,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,UAAU,EAAE;oBAChB,OAAO,EAAE,mBAAmB;oBAC5B,QAAQ,EAAE,MAAM;oBAChB,KAAK,EAAE,uCAAuC;oBAC9C,WAAW,EAAE,uDAAuD;oBACpE,IAAI;oBACJ,IAAI;oBACJ,QAAQ,EAAE,sBAAsB,IAAI,EAAE;oBACtC,MAAM,EAAE,mFAAmF;oBAC3F,GAAG,EAAE,uEAAuE;iBAC7E,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC1E,IAAI,UAAU,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;YAClC,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,gBAAgB,EAAE,CAAC;gBACjD,IAAI,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;oBAClC,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,UAAU,EAAE;wBAChB,OAAO,EAAE,iBAAiB;wBAC1B,QAAQ,EAAE,UAAU;wBACpB,KAAK,EAAE,GAAG,IAAI,kBAAkB;wBAChC,WAAW,EAAE,GAAG,IAAI,iCAAiC;wBACrD,IAAI;wBACJ,IAAI,EAAE,GAAG;wBACT,QAAQ,EAAE,SAAS,IAAI,8BAA8B;wBACrD,MAAM,EAAE,qEAAqE;wBAC7E,GAAG,EAAE,4DAA4D;qBAClE,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,SAAS,CACf,GAAW,EACX,OAAe,EACf,QAAQ,GAAG,KAAK;QAEhB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,OAAO,GAAG,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAC3C,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YAEtC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CACpB,GAAG,EACH;gBACE,OAAO;gBACP,OAAO,EAAE;oBACP,YAAY,EAAE,yBAAyB;oBACvC,4BAA4B,EAAE,MAAM;iBACrC;gBACD,kBAAkB,EAAE,CAAC,QAAQ;aAC9B,EACD,CAAC,GAAG,EAAE,EAAE;gBACN,IAAI,IAAI,GAAG,EAAE,CAAC;gBACd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;oBACvB,IAAI,IAAI,KAAK,CAAC;oBACd,kBAAkB;oBAClB,IAAI,IAAI,CAAC,MAAM,GAAG,KAAK,EAAE,CAAC;wBACxB,GAAG,CAAC,OAAO,EAAE,CAAC;oBAChB,CAAC;gBACH,CAAC,CAAC,CAAC;gBACH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;oBACjB,OAAO,CAAC;wBACN,MAAM,EAAE,GAAG,CAAC,UAAU,IAAI,CAAC;wBAC3B,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;wBACxC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC;qBAC/B,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;gBACH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YACvC,CAAC,CACF,CAAC;YAEF,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;gBACrB,GAAG,CAAC,OAAO,EAAE,CAAC;gBACd,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAzQD,0CAyQC"}
|
package/dist/scanner/types.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/scanner/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,eAAe,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAErE,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,eAAe,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,CAAC,EAAE,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/scanner/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,eAAe,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAErE,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,eAAe,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../src/soul/scanner.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAWH,MAAM,MAAM,SAAS,GAAG,OAAO,GAAG,YAAY,GAAG,SAAS,GAAG,aAAa,CAAC;AAE3E,MAAM,MAAM,SAAS,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAEpD,qFAAqF;AACrF,MAAM,MAAM,SAAS,GAAG,UAAU,GAAG,UAAU,GAAG,YAAY,GAAG,SAAS,GAAG,aAAa,CAAC;AAE3F,MAAM,MAAM,gBAAgB,GAAG,MAAM,GAAG,WAAW,GAAG,UAAU,GAAG,UAAU,CAAC;AAE9E,sEAAsE;AACtE,MAAM,MAAM,YAAY,GACpB,gBAAgB,GAChB,gBAAgB,GAChB,YAAY,GACZ,YAAY,GACZ,cAAc,GACd,QAAQ,CAAC;AAEb,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,YAAY,EAAE,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,wEAAwE;IACxE,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,4FAA4F;IAC5F,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,SAAS,CAAC;IACrB,UAAU,EAAE,OAAO,CAAC;IACpB,wCAAwC;IACxC,YAAY,EAAE,YAAY,CAAC;IAC3B,aAAa,EAAE,OAAO,CAAC;IACvB,mDAAmD;IACnD,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,wEAAwE;IACxE,KAAK,EAAE,SAAS,CAAC;IACjB,wCAAwC;IACxC,KAAK,EAAE,SAAS,CAAC;IACjB,WAAW,EAAE,gBAAgB,CAAC;IAC9B,aAAa,EAAE,OAAO,CAAC;IACvB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB,CAAC,EAAE,iBAAiB,EAAE,CAAC;IAC1C,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACjC;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,OAAO,CAAC;CACxB;AAMD,QAAA,MAAM,gBAAgB,UAWrB,CAAC;AAMF,UAAU,UAAU;IAClB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,oEAAoE;IACpE,KAAK,EAAE,SAAS,EAAE,CAAC;IACnB,6EAA6E;IAC7E,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAOD,QAAA,MAAM,YAAY,EAAE,UAAU,EA0O7B,CAAC;AAGF,QAAA,MAAM,YAAY,UAUjB,CAAC;AAMF,6CAA6C;AAC7C,QAAA,MAAM,eAAe,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,EAAE,CAOnD,CAAC;AA4BF,qBAAa,WAAW;IACtB;;;OAGG;IACH,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAUpD;;;OAGG;IACH,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,GAAG,SAAS;IA0CnE;;;OAGG;IACH,aAAa,CAAC,iBAAiB,EAAE,MAAM,GAAG,YAAY;IAiCtD;;;OAGG;IACH,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,OAAO;IAUvD;;;;OAIG;IACH,OAAO,CAAC,cAAc;YAUR,kBAAkB;
|
|
1
|
+
{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../src/soul/scanner.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAWH,MAAM,MAAM,SAAS,GAAG,OAAO,GAAG,YAAY,GAAG,SAAS,GAAG,aAAa,CAAC;AAE3E,MAAM,MAAM,SAAS,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAEpD,qFAAqF;AACrF,MAAM,MAAM,SAAS,GAAG,UAAU,GAAG,UAAU,GAAG,YAAY,GAAG,SAAS,GAAG,aAAa,CAAC;AAE3F,MAAM,MAAM,gBAAgB,GAAG,MAAM,GAAG,WAAW,GAAG,UAAU,GAAG,UAAU,CAAC;AAE9E,sEAAsE;AACtE,MAAM,MAAM,YAAY,GACpB,gBAAgB,GAChB,gBAAgB,GAChB,YAAY,GACZ,YAAY,GACZ,cAAc,GACd,QAAQ,CAAC;AAEb,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,YAAY,EAAE,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,wEAAwE;IACxE,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,4FAA4F;IAC5F,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,SAAS,CAAC;IACrB,UAAU,EAAE,OAAO,CAAC;IACpB,wCAAwC;IACxC,YAAY,EAAE,YAAY,CAAC;IAC3B,aAAa,EAAE,OAAO,CAAC;IACvB,mDAAmD;IACnD,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,wEAAwE;IACxE,KAAK,EAAE,SAAS,CAAC;IACjB,wCAAwC;IACxC,KAAK,EAAE,SAAS,CAAC;IACjB,WAAW,EAAE,gBAAgB,CAAC;IAC9B,aAAa,EAAE,OAAO,CAAC;IACvB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB,CAAC,EAAE,iBAAiB,EAAE,CAAC;IAC1C,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACjC;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,OAAO,CAAC;CACxB;AAMD,QAAA,MAAM,gBAAgB,UAWrB,CAAC;AAMF,UAAU,UAAU;IAClB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,oEAAoE;IACpE,KAAK,EAAE,SAAS,EAAE,CAAC;IACnB,6EAA6E;IAC7E,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAOD,QAAA,MAAM,YAAY,EAAE,UAAU,EA0O7B,CAAC;AAGF,QAAA,MAAM,YAAY,UAUjB,CAAC;AAMF,6CAA6C;AAC7C,QAAA,MAAM,eAAe,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,EAAE,CAOnD,CAAC;AA4BF,qBAAa,WAAW;IACtB;;;OAGG;IACH,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAUpD;;;OAGG;IACH,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,GAAG,SAAS;IA0CnE;;;OAGG;IACH,aAAa,CAAC,iBAAiB,EAAE,MAAM,GAAG,YAAY;IAiCtD;;;OAGG;IACH,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,OAAO;IAUvD;;;;OAIG;IACH,OAAO,CAAC,cAAc;YAUR,kBAAkB;IAmDhC;;;OAGG;IACH,OAAO,CAAC,cAAc;IAgBtB;;OAEG;IACH,OAAO,CAAC,cAAc;IAQtB;;;;;;OAMG;IACH,OAAO,CAAC,oBAAoB;IAU5B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAO1B;;OAEG;IACG,QAAQ,CACZ,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,OAAO,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,YAAY,CAAC,EAAE,OAAO,CAAA;KAAE,GACvF,OAAO,CAAC,cAAc,CAAC;IAyN1B;;;;OAIG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,OAAO,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,YAAY,CAAC;CAyG7G;AAGD,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,CAAC"}
|
package/dist/soul/scanner.js
CHANGED
|
@@ -472,7 +472,8 @@ class SoulScanner {
|
|
|
472
472
|
const tmpFile = path.join(require('os').tmpdir(), `soul-deep-${Date.now()}.txt`);
|
|
473
473
|
fs.writeFileSync(tmpFile, prompt, 'utf-8');
|
|
474
474
|
try {
|
|
475
|
-
const
|
|
475
|
+
const promptContent = fs.readFileSync(tmpFile, 'utf-8');
|
|
476
|
+
const result = (0, child_process_1.execFileSync)(claudePath, ['--print', promptContent], {
|
|
476
477
|
encoding: 'utf-8',
|
|
477
478
|
timeout: 15000,
|
|
478
479
|
stdio: ['pipe', 'pipe', 'ignore'],
|