logshield-cli 0.1.0 → 0.2.0

package/dist/cli/index.cjs

@@ -0,0 +1,402 @@
+#!/usr/bin/env node
+
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/cli/readInput.ts
+var readInput_exports = {};
+__export(readInput_exports, {
+  readInput: () => readInput
+});
+async function readInput(file) {
+  if (file) {
+    if (!import_node_fs.default.existsSync(file)) {
+      throw new Error(`File not found: ${file}`);
+    }
+    return import_node_fs.default.readFileSync(file, "utf8");
+  }
+  if (!process.stdin.isTTY) {
+    return new Promise((resolve, reject) => {
+      let data = "";
+      process.stdin.setEncoding("utf8");
+      process.stdin.on("data", (chunk) => {
+        data += chunk;
+      });
+      process.stdin.on("end", () => resolve(data));
+      process.stdin.on("error", reject);
+    });
+  }
+  throw new Error("No input provided");
+}
+var import_node_fs;
+var init_readInput = __esm({
+  "src/cli/readInput.ts"() {
+    "use strict";
+    import_node_fs = __toESM(require("node:fs"));
+  }
+});
+
+// src/cli/writeOutput.ts
+var writeOutput_exports = {};
+__export(writeOutput_exports, {
+  writeOutput: () => writeOutput
+});
+function writeOutput(result, opts) {
+  if (opts.json) {
+    process.stdout.write(JSON.stringify(result));
+  } else {
+    process.stdout.write(result.output);
+  }
+}
+var init_writeOutput = __esm({
+  "src/cli/writeOutput.ts"() {
+    "use strict";
+  }
+});
+
+// src/cli/summary.ts
+var summary_exports = {};
+__export(summary_exports, {
+  printSummary: () => printSummary
+});
+function printSummary(matches) {
+  const counter = {};
+  for (const m of matches) {
+    counter[m.rule] = (counter[m.rule] || 0) + 1;
+  }
+  process.stderr.write("LogShield Summary\n");
+  for (const [rule, count] of Object.entries(counter)) {
+    process.stderr.write(`${rule}: ${count}
+`);
+  }
+}
+var init_summary = __esm({
+  "src/cli/summary.ts"() {
+    "use strict";
+  }
+});
+
+// src/engine/applyRules.ts
+function applyRules(input, rules, ctx, matches) {
+  let output = input;
+  for (const rule of rules) {
+    output = output.replace(rule.pattern, (...args2) => {
+      const match = args2[0];
+      const groups = args2.slice(1, -2);
+      const replaced = rule.replace(match, ctx, groups);
+      if (replaced !== match) {
+        matches.push({
+          rule: rule.name,
+          value: match
+        });
+      }
+      return replaced;
+    });
+  }
+  return output;
+}
+var init_applyRules = __esm({
+  "src/engine/applyRules.ts"() {
+    "use strict";
+  }
+});
+
+// src/engine/guard.ts
+function guardInput(input) {
+  if (!input) return "";
+  if (input.length > MAX_SIZE) {
+    throw new Error("Log size exceeds 200KB limit");
+  }
+  return input;
+}
+var MAX_SIZE;
+var init_guard = __esm({
+  "src/engine/guard.ts"() {
+    "use strict";
+    MAX_SIZE = 200 * 1024;
+  }
+});
+
+// src/rules/tokens.ts
+var tokenRules;
+var init_tokens = __esm({
+  "src/rules/tokens.ts"() {
+    "use strict";
+    tokenRules = [
+      {
+        name: "JWT",
+        pattern: /\beyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\b/g,
+        replace: () => "<REDACTED_JWT>"
+      },
+      {
+        name: "AUTH_BEARER",
+        pattern: /\bBearer\s+[A-Za-z0-9._-]+\b/g,
+        replace: () => "Bearer <REDACTED_TOKEN>"
+      },
+      {
+        name: "EMAIL",
+        pattern: /\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b/gi,
+        replace: () => "<REDACTED_EMAIL>"
+      }
+    ];
+  }
+});
+
+// src/rules/credentials.ts
+var credentialRules;
+var init_credentials = __esm({
+  "src/rules/credentials.ts"() {
+    "use strict";
+    credentialRules = [
+      {
+        name: "PASSWORD",
+        pattern: /\bpassword=([^\s]+)/gi,
+        replace: (_match, _value, _ctx) => "password=<REDACTED_PASSWORD>"
+      },
+      {
+        name: "API_KEY",
+        pattern: /\bapiKey=([A-Za-z0-9_\-]{16,})\b/g,
+        replace: () => "<REDACTED_API_KEY>"
+      }
+    ];
+  }
+});
+
+// src/rules/cloud.ts
+var cloudRules;
+var init_cloud = __esm({
+  "src/rules/cloud.ts"() {
+    "use strict";
+    cloudRules = [
+      {
+        name: "AWS_ACCESS_KEY",
+        pattern: /\bAKIA[0-9A-Z]{16,20}\b/g,
+        replace: (match, { strict }) => strict ? "<REDACTED_AWS_KEY>" : match
+      },
+      {
+        name: "STRIPE_SECRET_KEY",
+        pattern: /\b(?:LS_STRIPE_(?:TEST|LIVE)_KEY_[A-Z0-9_]{10,}|sk_(?:test|live)_[A-Za-z0-9]{16,})\b/g,
+        replace: (match, ctx) => ctx.strict ? "<REDACTED_STRIPE_KEY>" : match
+      }
+    ];
+  }
+});
+
+// src/utils/luhn.ts
+function isValidLuhn(input) {
+  const digits = input.replace(/\D/g, "");
+  let sum = 0;
+  let alt = false;
+  for (let i = digits.length - 1; i >= 0; i--) {
+    let n = parseInt(digits[i], 10);
+    if (alt) {
+      n *= 2;
+      if (n > 9) n -= 9;
+    }
+    sum += n;
+    alt = !alt;
+  }
+  return sum % 10 === 0;
+}
+var init_luhn = __esm({
+  "src/utils/luhn.ts"() {
+    "use strict";
+  }
+});
+
+// src/rules/creditCard.ts
+var creditCardRules;
+var init_creditCard = __esm({
+  "src/rules/creditCard.ts"() {
+    "use strict";
+    init_luhn();
+    creditCardRules = [
+      {
+        name: "CREDIT_CARD",
+        pattern: /\b(?:\d[ -]*?){13,19}\b/g,
+        replace: (match, { strict }) => {
+          if (!strict) return match;
+          return isValidLuhn(match) ? "<REDACTED_CC>" : match;
+        }
+      }
+    ];
+  }
+});
+
+// src/rules/urls.ts
+var urlRules;
+var init_urls = __esm({
+  "src/rules/urls.ts"() {
+    "use strict";
+    urlRules = [
+      {
+        name: "URL",
+        pattern: /\bhttps?:\/\/[^\s/$.?#].[^\s]*\b/gi,
+        replace: () => "<REDACTED_URL>"
+      }
+    ];
+  }
+});
+
+// src/rules/custom.ts
+var customRules;
+var init_custom = __esm({
+  "src/rules/custom.ts"() {
+    "use strict";
+    customRules = [
+      {
+        name: "GENERIC_SECRET_KV",
+        pattern: /"(\w+)":"([^"]{12,})"/g,
+        replace: (match, ctx, groups) => {
+          if (!ctx.strict) return match;
+          const key = groups[0] ?? "token";
+          return `"${key}":"<REDACTED_SECRET>"`;
+        }
+      }
+    ];
+  }
+});
+
+// src/rules/index.ts
+function normalize(rules) {
+  return rules.map((rule) => {
+    if (typeof rule.replace === "function") {
+      return rule;
+    }
+    const value = rule.replace;
+    return {
+      ...rule,
+      replace: () => value
+    };
+  });
+}
+var allRules;
+var init_rules = __esm({
+  "src/rules/index.ts"() {
+    "use strict";
+    init_tokens();
+    init_credentials();
+    init_cloud();
+    init_creditCard();
+    init_urls();
+    init_custom();
+    allRules = normalize([
+      ...tokenRules,
+      ...credentialRules,
+      ...cloudRules,
+      ...creditCardRules,
+      ...urlRules,
+      ...customRules
+    ]);
+  }
+});
+
+// src/engine/sanitizeLog.ts
+var sanitizeLog_exports = {};
+__export(sanitizeLog_exports, {
+  sanitizeLog: () => sanitizeLog
+});
+function sanitizeLog(input, options) {
+  guardInput(input);
+  if (!input) {
+    return { output: "", matches: [] };
+  }
+  const ctx = {
+    strict: Boolean(options?.strict)
+  };
+  const matches = [];
+  const output = applyRules(input, allRules, ctx, matches);
+  return { output, matches };
+}
+var init_sanitizeLog = __esm({
+  "src/engine/sanitizeLog.ts"() {
+    "use strict";
+    init_applyRules();
+    init_guard();
+    init_rules();
+  }
+});
+
+// src/cli/index.ts
+var { readInput: readInput2 } = (init_readInput(), __toCommonJS(readInput_exports));
+var { writeOutput: writeOutput2 } = (init_writeOutput(), __toCommonJS(writeOutput_exports));
+var { printSummary: printSummary2 } = (init_summary(), __toCommonJS(summary_exports));
+var { sanitizeLog: sanitizeLog2 } = (init_sanitizeLog(), __toCommonJS(sanitizeLog_exports));
+var args = process.argv.slice(2);
+function hasFlag(flag) {
+  return args.includes(flag);
+}
+function getFileArg() {
+  const file = args[1];
+  if (!file || file.startsWith("--")) return void 0;
+  return file;
+}
+async function main() {
+  if (hasFlag("--help") || args.length === 0) {
+    process.stdout.write(`Usage: logshield scan [file]
+
+Options:
+  --strict
+  --json
+  --summary
+  --version
+  --help
+`);
+    process.exit(0);
+  }
+  if (hasFlag("--version")) {
+    process.stdout.write("logshield v0.2.0\n");
+    process.exit(0);
+  }
+  const command = args[0];
+  if (command !== "scan") {
+    process.stderr.write("Unknown command\n");
+    process.exit(1);
+  }
+  const strict = hasFlag("--strict");
+  const json = hasFlag("--json");
+  const summary = hasFlag("--summary");
+  const file = getFileArg();
+  try {
+    const input = await readInput2(file);
+    const result = sanitizeLog2(input, { strict });
+    writeOutput2(result, { json });
+    if (summary) {
+      printSummary2(result.matches);
+    }
+  } catch (err) {
+    process.stderr.write(err && err.message || "Unexpected error");
+    process.stderr.write("\n");
+    process.exit(2);
+  }
+}
+main();