opena2a-cli 0.1.2 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +225 -1
- package/dist/commands/guard-hooks.d.ts +27 -0
- package/dist/commands/guard-hooks.d.ts.map +1 -0
- package/dist/commands/guard-hooks.js +207 -0
- package/dist/commands/guard-hooks.js.map +1 -0
- package/dist/commands/guard-policy.d.ts +54 -0
- package/dist/commands/guard-policy.d.ts.map +1 -0
- package/dist/commands/guard-policy.js +251 -0
- package/dist/commands/guard-policy.js.map +1 -0
- package/dist/commands/guard-signing.d.ts +52 -0
- package/dist/commands/guard-signing.d.ts.map +1 -0
- package/dist/commands/guard-signing.js +185 -0
- package/dist/commands/guard-signing.js.map +1 -0
- package/dist/commands/guard-snapshots.d.ts +54 -0
- package/dist/commands/guard-snapshots.d.ts.map +1 -0
- package/dist/commands/guard-snapshots.js +346 -0
- package/dist/commands/guard-snapshots.js.map +1 -0
- package/dist/commands/guard.d.ts +60 -4
- package/dist/commands/guard.d.ts.map +1 -1
- package/dist/commands/guard.js +475 -95
- package/dist/commands/guard.js.map +1 -1
- package/dist/commands/init.js +3 -4
- package/dist/commands/init.js.map +1 -1
- package/dist/commands/shield.d.ts +3 -0
- package/dist/commands/shield.d.ts.map +1 -1
- package/dist/commands/shield.js +458 -30
- package/dist/commands/shield.js.map +1 -1
- package/dist/index.js +15 -6
- package/dist/index.js.map +1 -1
- package/dist/router.d.ts.map +1 -1
- package/dist/router.js +1 -0
- package/dist/router.js.map +1 -1
- package/dist/shield/arp-bridge.d.ts +62 -0
- package/dist/shield/arp-bridge.d.ts.map +1 -0
- package/dist/shield/arp-bridge.js +198 -0
- package/dist/shield/arp-bridge.js.map +1 -0
- package/dist/shield/baselines.d.ts +58 -0
- package/dist/shield/baselines.d.ts.map +1 -0
- package/dist/shield/baselines.js +371 -0
- package/dist/shield/baselines.js.map +1 -0
- package/dist/shield/findings.d.ts +52 -0
- package/dist/shield/findings.d.ts.map +1 -0
- package/dist/shield/findings.js +336 -0
- package/dist/shield/findings.js.map +1 -0
- package/dist/shield/integrity.d.ts.map +1 -1
- package/dist/shield/integrity.js +6 -2
- package/dist/shield/integrity.js.map +1 -1
- package/dist/shield/report-html.d.ts +29 -0
- package/dist/shield/report-html.d.ts.map +1 -0
- package/dist/shield/report-html.js +596 -0
- package/dist/shield/report-html.js.map +1 -0
- package/dist/shield/sarif.d.ts +65 -0
- package/dist/shield/sarif.d.ts.map +1 -0
- package/dist/shield/sarif.js +108 -0
- package/dist/shield/sarif.js.map +1 -0
- package/dist/shield/status.d.ts.map +1 -1
- package/dist/shield/status.js +6 -6
- package/dist/shield/status.js.map +1 -1
- package/dist/shield/types.d.ts +19 -1
- package/dist/shield/types.d.ts.map +1 -1
- package/dist/shield/types.js +2 -1
- package/dist/shield/types.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Shield Finding Taxonomy and Classification Engine.
|
|
3
|
+
*
|
|
4
|
+
* Maps Shield events to standardized finding IDs with:
|
|
5
|
+
* - OWASP Agentic Security Index (ASI) compliance references
|
|
6
|
+
* - MITRE ATLAS technique references
|
|
7
|
+
* - Actionable remediation commands
|
|
8
|
+
* - Severity classification
|
|
9
|
+
*
|
|
10
|
+
* Finding ID format: SHIELD-{CATEGORY}-{NUMBER}
|
|
11
|
+
* Categories: CRED (credential), POL (policy), PROC (process/runtime),
|
|
12
|
+
* INT (integrity), SUP (supply chain), BAS (behavioral)
|
|
13
|
+
*/
|
|
14
|
+
import type { ShieldEvent, EventSeverity, PolicyViolation } from './types.js';
|
|
15
|
+
export interface FindingDefinition {
|
|
16
|
+
id: string;
|
|
17
|
+
title: string;
|
|
18
|
+
severity: EventSeverity;
|
|
19
|
+
category: string;
|
|
20
|
+
owaspAgentic: string;
|
|
21
|
+
mitreAtlas: string;
|
|
22
|
+
remediation: string;
|
|
23
|
+
description: string;
|
|
24
|
+
}
|
|
25
|
+
export interface ClassifiedFinding {
|
|
26
|
+
finding: FindingDefinition;
|
|
27
|
+
count: number;
|
|
28
|
+
firstSeen: string;
|
|
29
|
+
lastSeen: string;
|
|
30
|
+
examples: ShieldEvent[];
|
|
31
|
+
}
|
|
32
|
+
export declare const FINDING_CATALOG: Record<string, FindingDefinition>;
|
|
33
|
+
/**
|
|
34
|
+
* Map a single Shield event to its finding definition.
|
|
35
|
+
* Returns null if the event does not match any known finding pattern.
|
|
36
|
+
*/
|
|
37
|
+
export declare function classifyEvent(event: ShieldEvent): FindingDefinition | null;
|
|
38
|
+
/**
|
|
39
|
+
* Classify a batch of events into deduplicated findings with counts.
|
|
40
|
+
* Returns findings sorted by severity (critical first), then by count.
|
|
41
|
+
*/
|
|
42
|
+
export declare function classifyEvents(events: ShieldEvent[]): ClassifiedFinding[];
|
|
43
|
+
/**
|
|
44
|
+
* Map a PolicyViolation to a finding definition.
|
|
45
|
+
* Used to enrich violation data in reports.
|
|
46
|
+
*/
|
|
47
|
+
export declare function classifyViolation(violation: PolicyViolation): FindingDefinition | null;
|
|
48
|
+
/**
|
|
49
|
+
* Get the remediation command for a finding ID.
|
|
50
|
+
*/
|
|
51
|
+
export declare function getRemediation(findingId: string): string;
|
|
52
|
+
//# sourceMappingURL=findings.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"findings.d.ts","sourceRoot":"","sources":["../../src/shield/findings.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAM9E,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,aAAa,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,iBAAiB,CAAC;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,WAAW,EAAE,CAAC;CACzB;AAMD,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAuJ7D,CAAC;AAMF;;;GAGG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,WAAW,GAAG,iBAAiB,GAAG,IAAI,CAyE1E;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,WAAW,EAAE,GAAG,iBAAiB,EAAE,CAiCzE;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,eAAe,GAAG,iBAAiB,GAAG,IAAI,CAqCtF;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAGxD"}
|
|
@@ -0,0 +1,336 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Shield Finding Taxonomy and Classification Engine.
|
|
4
|
+
*
|
|
5
|
+
* Maps Shield events to standardized finding IDs with:
|
|
6
|
+
* - OWASP Agentic Security Index (ASI) compliance references
|
|
7
|
+
* - MITRE ATLAS technique references
|
|
8
|
+
* - Actionable remediation commands
|
|
9
|
+
* - Severity classification
|
|
10
|
+
*
|
|
11
|
+
* Finding ID format: SHIELD-{CATEGORY}-{NUMBER}
|
|
12
|
+
* Categories: CRED (credential), POL (policy), PROC (process/runtime),
|
|
13
|
+
* INT (integrity), SUP (supply chain), BAS (behavioral)
|
|
14
|
+
*/
|
|
15
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
16
|
+
exports.FINDING_CATALOG = void 0;
|
|
17
|
+
exports.classifyEvent = classifyEvent;
|
|
18
|
+
exports.classifyEvents = classifyEvents;
|
|
19
|
+
exports.classifyViolation = classifyViolation;
|
|
20
|
+
exports.getRemediation = getRemediation;
|
|
21
|
+
// ---------------------------------------------------------------------------
|
|
22
|
+
// Finding Catalog
|
|
23
|
+
// ---------------------------------------------------------------------------
|
|
24
|
+
exports.FINDING_CATALOG = {
|
|
25
|
+
'SHIELD-CRED-001': {
|
|
26
|
+
id: 'SHIELD-CRED-001',
|
|
27
|
+
title: 'Anthropic API key exposed in source',
|
|
28
|
+
severity: 'critical',
|
|
29
|
+
category: 'cred',
|
|
30
|
+
owaspAgentic: 'ASI04',
|
|
31
|
+
mitreAtlas: 'AML.T0025',
|
|
32
|
+
remediation: 'opena2a protect --dir . && git filter-repo --path <file> --invert-paths',
|
|
33
|
+
description: 'An Anthropic API key was found hardcoded in source files. This key grants full API access and can result in unauthorized billing.',
|
|
34
|
+
},
|
|
35
|
+
'SHIELD-CRED-002': {
|
|
36
|
+
id: 'SHIELD-CRED-002',
|
|
37
|
+
title: 'OpenAI API key exposed in source',
|
|
38
|
+
severity: 'critical',
|
|
39
|
+
category: 'cred',
|
|
40
|
+
owaspAgentic: 'ASI04',
|
|
41
|
+
mitreAtlas: 'AML.T0025',
|
|
42
|
+
remediation: 'opena2a protect --dir . && git filter-repo --path <file> --invert-paths',
|
|
43
|
+
description: 'An OpenAI API key was found hardcoded in source files. Exposed keys are exploited within minutes of public disclosure.',
|
|
44
|
+
},
|
|
45
|
+
'SHIELD-CRED-003': {
|
|
46
|
+
id: 'SHIELD-CRED-003',
|
|
47
|
+
title: 'GitHub token exposed in source',
|
|
48
|
+
severity: 'high',
|
|
49
|
+
category: 'cred',
|
|
50
|
+
owaspAgentic: 'ASI04',
|
|
51
|
+
mitreAtlas: 'AML.T0025',
|
|
52
|
+
remediation: 'opena2a protect --dir . && gh auth refresh',
|
|
53
|
+
description: 'A GitHub token was found hardcoded in source files. This token may grant repository access including private repos and org resources.',
|
|
54
|
+
},
|
|
55
|
+
'SHIELD-CRED-004': {
|
|
56
|
+
id: 'SHIELD-CRED-004',
|
|
57
|
+
title: 'Generic API key or secret exposed',
|
|
58
|
+
severity: 'medium',
|
|
59
|
+
category: 'cred',
|
|
60
|
+
owaspAgentic: 'ASI04',
|
|
61
|
+
mitreAtlas: 'AML.T0025',
|
|
62
|
+
remediation: 'opena2a protect --dir .',
|
|
63
|
+
description: 'A generic API key or secret was found in a variable assignment. Move it to environment variables or a secrets manager.',
|
|
64
|
+
},
|
|
65
|
+
'SHIELD-POL-001': {
|
|
66
|
+
id: 'SHIELD-POL-001',
|
|
67
|
+
title: 'No security policy defined',
|
|
68
|
+
severity: 'high',
|
|
69
|
+
category: 'pol',
|
|
70
|
+
owaspAgentic: 'ASI03',
|
|
71
|
+
mitreAtlas: 'AML.T0040',
|
|
72
|
+
remediation: 'opena2a shield init',
|
|
73
|
+
description: 'No Shield security policy is configured. Without a policy, all agent actions are unmonitored and unrestricted.',
|
|
74
|
+
},
|
|
75
|
+
'SHIELD-POL-002': {
|
|
76
|
+
id: 'SHIELD-POL-002',
|
|
77
|
+
title: 'Policy violation -- action blocked',
|
|
78
|
+
severity: 'high',
|
|
79
|
+
category: 'pol',
|
|
80
|
+
owaspAgentic: 'ASI02',
|
|
81
|
+
mitreAtlas: 'AML.T0040',
|
|
82
|
+
remediation: 'opena2a shield policy',
|
|
83
|
+
description: 'An agent action was blocked by the security policy. Review the policy to confirm the block is intentional or adjust rules.',
|
|
84
|
+
},
|
|
85
|
+
'SHIELD-POL-003': {
|
|
86
|
+
id: 'SHIELD-POL-003',
|
|
87
|
+
title: 'Policy in monitor-only mode',
|
|
88
|
+
severity: 'medium',
|
|
89
|
+
category: 'pol',
|
|
90
|
+
owaspAgentic: 'ASI03',
|
|
91
|
+
mitreAtlas: 'AML.T0040',
|
|
92
|
+
remediation: 'opena2a shield policy --enforce',
|
|
93
|
+
description: 'The security policy is in monitor-only mode. Violations are logged but not blocked. Consider enabling enforcement.',
|
|
94
|
+
},
|
|
95
|
+
'SHIELD-PROC-001': {
|
|
96
|
+
id: 'SHIELD-PROC-001',
|
|
97
|
+
title: 'Suspicious process spawned by agent',
|
|
98
|
+
severity: 'high',
|
|
99
|
+
category: 'proc',
|
|
100
|
+
owaspAgentic: 'ASI05',
|
|
101
|
+
mitreAtlas: 'AML.T0006',
|
|
102
|
+
remediation: 'opena2a shield evaluate --action process.spawn --target <binary>',
|
|
103
|
+
description: 'An AI agent spawned a process that was flagged as suspicious by the runtime protection engine.',
|
|
104
|
+
},
|
|
105
|
+
'SHIELD-PROC-002': {
|
|
106
|
+
id: 'SHIELD-PROC-002',
|
|
107
|
+
title: 'Network connection anomaly detected',
|
|
108
|
+
severity: 'medium',
|
|
109
|
+
category: 'proc',
|
|
110
|
+
owaspAgentic: 'ASI07',
|
|
111
|
+
mitreAtlas: 'AML.T0007',
|
|
112
|
+
remediation: 'opena2a shield evaluate --action network.connect --target <host>',
|
|
113
|
+
description: 'An anomalous network connection was made by an AI agent. This may indicate data exfiltration or C2 communication.',
|
|
114
|
+
},
|
|
115
|
+
'SHIELD-INT-001': {
|
|
116
|
+
id: 'SHIELD-INT-001',
|
|
117
|
+
title: 'Configuration file tampered',
|
|
118
|
+
severity: 'critical',
|
|
119
|
+
category: 'int',
|
|
120
|
+
owaspAgentic: 'ASI10',
|
|
121
|
+
mitreAtlas: 'AML.T0011',
|
|
122
|
+
remediation: 'opena2a guard diff && opena2a guard resign',
|
|
123
|
+
description: 'A monitored configuration file has been modified without authorization. The file signature no longer matches the stored hash.',
|
|
124
|
+
},
|
|
125
|
+
'SHIELD-INT-002': {
|
|
126
|
+
id: 'SHIELD-INT-002',
|
|
127
|
+
title: 'Event hash chain integrity broken',
|
|
128
|
+
severity: 'critical',
|
|
129
|
+
category: 'int',
|
|
130
|
+
owaspAgentic: 'ASI10',
|
|
131
|
+
mitreAtlas: 'AML.T0006',
|
|
132
|
+
remediation: 'opena2a shield selfcheck && opena2a shield recover --forensic',
|
|
133
|
+
description: 'The tamper-evident event log hash chain has been broken. This indicates log tampering or corruption.',
|
|
134
|
+
},
|
|
135
|
+
'SHIELD-INT-003': {
|
|
136
|
+
id: 'SHIELD-INT-003',
|
|
137
|
+
title: 'Configuration files not signed',
|
|
138
|
+
severity: 'medium',
|
|
139
|
+
category: 'int',
|
|
140
|
+
owaspAgentic: 'ASI09',
|
|
141
|
+
mitreAtlas: 'AML.T0011',
|
|
142
|
+
remediation: 'opena2a guard snapshot',
|
|
143
|
+
description: 'Monitored configuration files do not have cryptographic signatures. Enable ConfigGuard signing to detect unauthorized changes.',
|
|
144
|
+
},
|
|
145
|
+
'SHIELD-SUP-001': {
|
|
146
|
+
id: 'SHIELD-SUP-001',
|
|
147
|
+
title: 'Security advisory found in dependency',
|
|
148
|
+
severity: 'high',
|
|
149
|
+
category: 'sup',
|
|
150
|
+
owaspAgentic: 'ASI04',
|
|
151
|
+
mitreAtlas: 'AML.T0024',
|
|
152
|
+
remediation: 'npm audit fix || go get -u <package>',
|
|
153
|
+
description: 'A known security vulnerability was found in an installed dependency. Update the package to a patched version.',
|
|
154
|
+
},
|
|
155
|
+
'SHIELD-SUP-002': {
|
|
156
|
+
id: 'SHIELD-SUP-002',
|
|
157
|
+
title: 'Low-trust package installed',
|
|
158
|
+
severity: 'medium',
|
|
159
|
+
category: 'sup',
|
|
160
|
+
owaspAgentic: 'ASI04',
|
|
161
|
+
mitreAtlas: 'AML.T0024',
|
|
162
|
+
remediation: 'opena2a registry check <package>',
|
|
163
|
+
description: 'A package with a low trust score was installed. Review the package for legitimacy before use in production.',
|
|
164
|
+
},
|
|
165
|
+
'SHIELD-BAS-001': {
|
|
166
|
+
id: 'SHIELD-BAS-001',
|
|
167
|
+
title: 'Behavioral anomaly detected',
|
|
168
|
+
severity: 'medium',
|
|
169
|
+
category: 'bas',
|
|
170
|
+
owaspAgentic: 'ASI10',
|
|
171
|
+
mitreAtlas: 'AML.T0043',
|
|
172
|
+
remediation: 'opena2a shield baseline --agent <agent>',
|
|
173
|
+
description: 'An agent exhibited behavior that deviates significantly from its established baseline. Review the agent activity log.',
|
|
174
|
+
},
|
|
175
|
+
};
|
|
176
|
+
// ---------------------------------------------------------------------------
|
|
177
|
+
// Classification Logic
|
|
178
|
+
// ---------------------------------------------------------------------------
|
|
179
|
+
/**
|
|
180
|
+
* Map a single Shield event to its finding definition.
|
|
181
|
+
* Returns null if the event does not match any known finding pattern.
|
|
182
|
+
*/
|
|
183
|
+
function classifyEvent(event) {
|
|
184
|
+
// Credential findings
|
|
185
|
+
if (event.source === 'secretless' || event.category === 'credential-finding') {
|
|
186
|
+
const target = (event.target ?? '').toLowerCase();
|
|
187
|
+
const action = (event.action ?? '').toLowerCase();
|
|
188
|
+
if (target.includes('anthropic') || action.includes('anthropic') ||
|
|
189
|
+
event.detail?.findingId === 'CRED-001') {
|
|
190
|
+
return exports.FINDING_CATALOG['SHIELD-CRED-001'];
|
|
191
|
+
}
|
|
192
|
+
if (target.includes('openai') || action.includes('openai') ||
|
|
193
|
+
event.detail?.findingId === 'CRED-002') {
|
|
194
|
+
return exports.FINDING_CATALOG['SHIELD-CRED-002'];
|
|
195
|
+
}
|
|
196
|
+
if (target.includes('github') || action.includes('github') ||
|
|
197
|
+
event.detail?.findingId === 'CRED-003') {
|
|
198
|
+
return exports.FINDING_CATALOG['SHIELD-CRED-003'];
|
|
199
|
+
}
|
|
200
|
+
// Generic credential
|
|
201
|
+
return exports.FINDING_CATALOG['SHIELD-CRED-004'];
|
|
202
|
+
}
|
|
203
|
+
// ConfigGuard integrity findings
|
|
204
|
+
if (event.source === 'configguard') {
|
|
205
|
+
if (event.outcome === 'blocked' || event.action === 'tamper-detected' ||
|
|
206
|
+
event.detail?.outcome === 'tampered') {
|
|
207
|
+
return exports.FINDING_CATALOG['SHIELD-INT-001'];
|
|
208
|
+
}
|
|
209
|
+
if (event.action === 'unsigned' || event.category === 'config-unsigned') {
|
|
210
|
+
return exports.FINDING_CATALOG['SHIELD-INT-003'];
|
|
211
|
+
}
|
|
212
|
+
}
|
|
213
|
+
// Shield integrity findings
|
|
214
|
+
if (event.source === 'shield') {
|
|
215
|
+
if (event.category === 'integrity' && event.severity === 'critical') {
|
|
216
|
+
return exports.FINDING_CATALOG['SHIELD-INT-002'];
|
|
217
|
+
}
|
|
218
|
+
if (event.category === 'posture-assessment' || event.category === 'shield.init') {
|
|
219
|
+
return null; // Diagnostic events, not findings
|
|
220
|
+
}
|
|
221
|
+
}
|
|
222
|
+
// ARP runtime findings
|
|
223
|
+
if (event.source === 'arp') {
|
|
224
|
+
if (event.category === 'process.spawn' || event.category?.startsWith('process')) {
|
|
225
|
+
return exports.FINDING_CATALOG['SHIELD-PROC-001'];
|
|
226
|
+
}
|
|
227
|
+
if (event.category?.startsWith('network')) {
|
|
228
|
+
return exports.FINDING_CATALOG['SHIELD-PROC-002'];
|
|
229
|
+
}
|
|
230
|
+
if (event.category === 'anomaly' || event.category === 'behavioral-anomaly') {
|
|
231
|
+
return exports.FINDING_CATALOG['SHIELD-BAS-001'];
|
|
232
|
+
}
|
|
233
|
+
}
|
|
234
|
+
// Registry / supply chain findings
|
|
235
|
+
if (event.source === 'registry' || event.category?.includes('supply-chain')) {
|
|
236
|
+
if (event.severity === 'high' || event.severity === 'critical') {
|
|
237
|
+
return exports.FINDING_CATALOG['SHIELD-SUP-001'];
|
|
238
|
+
}
|
|
239
|
+
return exports.FINDING_CATALOG['SHIELD-SUP-002'];
|
|
240
|
+
}
|
|
241
|
+
// Policy findings
|
|
242
|
+
if (event.outcome === 'blocked') {
|
|
243
|
+
return exports.FINDING_CATALOG['SHIELD-POL-002'];
|
|
244
|
+
}
|
|
245
|
+
if (event.outcome === 'monitored' && (event.severity === 'high' || event.severity === 'critical')) {
|
|
246
|
+
return exports.FINDING_CATALOG['SHIELD-POL-003'];
|
|
247
|
+
}
|
|
248
|
+
return null;
|
|
249
|
+
}
|
|
250
|
+
/**
|
|
251
|
+
* Classify a batch of events into deduplicated findings with counts.
|
|
252
|
+
* Returns findings sorted by severity (critical first), then by count.
|
|
253
|
+
*/
|
|
254
|
+
function classifyEvents(events) {
|
|
255
|
+
const map = new Map();
|
|
256
|
+
for (const event of events) {
|
|
257
|
+
const finding = classifyEvent(event);
|
|
258
|
+
if (!finding)
|
|
259
|
+
continue;
|
|
260
|
+
const existing = map.get(finding.id);
|
|
261
|
+
if (existing) {
|
|
262
|
+
existing.count += 1;
|
|
263
|
+
if (event.timestamp < existing.firstSeen)
|
|
264
|
+
existing.firstSeen = event.timestamp;
|
|
265
|
+
if (event.timestamp > existing.lastSeen)
|
|
266
|
+
existing.lastSeen = event.timestamp;
|
|
267
|
+
if (existing.examples.length < 3)
|
|
268
|
+
existing.examples.push(event);
|
|
269
|
+
}
|
|
270
|
+
else {
|
|
271
|
+
map.set(finding.id, {
|
|
272
|
+
finding,
|
|
273
|
+
count: 1,
|
|
274
|
+
firstSeen: event.timestamp,
|
|
275
|
+
lastSeen: event.timestamp,
|
|
276
|
+
examples: [event],
|
|
277
|
+
});
|
|
278
|
+
}
|
|
279
|
+
}
|
|
280
|
+
const severityOrder = {
|
|
281
|
+
critical: 0, high: 1, medium: 2, low: 3, info: 4,
|
|
282
|
+
};
|
|
283
|
+
return Array.from(map.values()).sort((a, b) => {
|
|
284
|
+
const sevDiff = severityOrder[a.finding.severity] - severityOrder[b.finding.severity];
|
|
285
|
+
if (sevDiff !== 0)
|
|
286
|
+
return sevDiff;
|
|
287
|
+
return b.count - a.count;
|
|
288
|
+
});
|
|
289
|
+
}
|
|
290
|
+
/**
|
|
291
|
+
* Map a PolicyViolation to a finding definition.
|
|
292
|
+
* Used to enrich violation data in reports.
|
|
293
|
+
*/
|
|
294
|
+
function classifyViolation(violation) {
|
|
295
|
+
const action = (violation.action ?? '').toLowerCase();
|
|
296
|
+
const target = (violation.target ?? '').toLowerCase();
|
|
297
|
+
// Credential-related violations
|
|
298
|
+
if (action.includes('credential') || action.includes('secret') || action.includes('key')) {
|
|
299
|
+
if (target.includes('anthropic'))
|
|
300
|
+
return exports.FINDING_CATALOG['SHIELD-CRED-001'];
|
|
301
|
+
if (target.includes('openai'))
|
|
302
|
+
return exports.FINDING_CATALOG['SHIELD-CRED-002'];
|
|
303
|
+
if (target.includes('github'))
|
|
304
|
+
return exports.FINDING_CATALOG['SHIELD-CRED-003'];
|
|
305
|
+
return exports.FINDING_CATALOG['SHIELD-CRED-004'];
|
|
306
|
+
}
|
|
307
|
+
// Process violations
|
|
308
|
+
if (action.includes('process') || action.includes('spawn') || action.includes('exec')) {
|
|
309
|
+
return exports.FINDING_CATALOG['SHIELD-PROC-001'];
|
|
310
|
+
}
|
|
311
|
+
// Network violations
|
|
312
|
+
if (action.includes('network') || action.includes('connect') || action.includes('http')) {
|
|
313
|
+
return exports.FINDING_CATALOG['SHIELD-PROC-002'];
|
|
314
|
+
}
|
|
315
|
+
// Config integrity violations
|
|
316
|
+
if (action.includes('config') || action.includes('tamper')) {
|
|
317
|
+
return exports.FINDING_CATALOG['SHIELD-INT-001'];
|
|
318
|
+
}
|
|
319
|
+
// Supply chain violations
|
|
320
|
+
if (action.includes('install') || action.includes('package') || action.includes('dependency')) {
|
|
321
|
+
return exports.FINDING_CATALOG['SHIELD-SUP-001'];
|
|
322
|
+
}
|
|
323
|
+
// Default: policy violation
|
|
324
|
+
if (violation.severity === 'critical' || violation.severity === 'high') {
|
|
325
|
+
return exports.FINDING_CATALOG['SHIELD-POL-002'];
|
|
326
|
+
}
|
|
327
|
+
return exports.FINDING_CATALOG['SHIELD-POL-003'];
|
|
328
|
+
}
|
|
329
|
+
/**
|
|
330
|
+
* Get the remediation command for a finding ID.
|
|
331
|
+
*/
|
|
332
|
+
function getRemediation(findingId) {
|
|
333
|
+
const finding = exports.FINDING_CATALOG[findingId];
|
|
334
|
+
return finding?.remediation ?? 'opena2a shield selfcheck';
|
|
335
|
+
}
|
|
336
|
+
//# sourceMappingURL=findings.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"findings.js","sourceRoot":"","sources":["../../src/shield/findings.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AAgMH,sCAyEC;AAMD,wCAiCC;AAMD,8CAqCC;AAKD,wCAGC;AAxUD,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAEjE,QAAA,eAAe,GAAsC;IAChE,iBAAiB,EAAE;QACjB,EAAE,EAAE,iBAAiB;QACrB,KAAK,EAAE,qCAAqC;QAC5C,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,MAAM;QAChB,YAAY,EAAE,OAAO;QACrB,UAAU,EAAE,WAAW;QACvB,WAAW,EAAE,yEAAyE;QACtF,WAAW,EAAE,mIAAmI;KACjJ;IACD,iBAAiB,EAAE;QACjB,EAAE,EAAE,iBAAiB;QACrB,KAAK,EAAE,kCAAkC;QACzC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,MAAM;QAChB,YAAY,EAAE,OAAO;QACrB,UAAU,EAAE,WAAW;QACvB,WAAW,EAAE,yEAAyE;QACtF,WAAW,EAAE,wHAAwH;KACtI;IACD,iBAAiB,EAAE;QACjB,EAAE,EAAE,iBAAiB;QACrB,KAAK,EAAE,gCAAgC;QACvC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,MAAM;QAChB,YAAY,EAAE,OAAO;QACrB,UAAU,EAAE,WAAW;QACvB,WAAW,EAAE,4CAA4C;QACzD,WAAW,EAAE,uIAAuI;KACrJ;IACD,iBAAiB,EAAE;QACjB,EAAE,EAAE,iBAAiB;QACrB,KAAK,EAAE,mCAAmC;QAC1C,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,MAAM;QAChB,YAAY,EAAE,OAAO;QACrB,UAAU,EAAE,WAAW;QACvB,WAAW,EAAE,yBAAyB;QACtC,WAAW,EAAE,wHAAwH;KACtI;IACD,gBAAgB,EAAE;QAChB,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,4BAA4B;QACnC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,KAAK;QACf,YAAY,EAAE,OAAO;QACrB,UAAU,EAAE,WAAW;QACvB,WAAW,EAAE,qBAAqB;QAClC,WAAW,EAAE,gHAAgH;KAC9H;IACD,gBAAgB,EAAE;QAChB,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,oCAAoC;QAC3C,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,KAAK;QACf,YAAY,EAAE,OAAO;QACrB,UAAU,EAAE,WAAW;QACvB,WAAW,EAAE,uBAAuB;QACpC,WAAW,EAAE,4HAA4H;KAC1I;IACD,gBAAgB,EAAE;QAChB,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,6BAA6B;QACpC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,KAAK;QACf,YAAY,EAAE,OAAO;QACrB,UAAU,EAAE,WAAW;QACvB,WAAW,EAAE,iCAAiC;QAC9C,WAAW,EAAE,oHAAoH;KAClI;IACD,iBAAiB,EAAE;QACjB,EAAE,EAAE,iBAAiB;QACrB,KAAK,EAAE,qCAAqC;QAC5C,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,MAAM;QAChB,YAAY,EAAE,OAAO;QACrB,UAAU,EAAE,WAAW;QACvB,WAAW,EAAE,kEAAkE;QAC/E,WAAW,EAAE,gGAAgG;KAC9G;IACD,iBAAiB,EAAE;QACjB,EAAE,EAAE,iBAAiB;QACrB,KAAK,EAAE,qCAAqC;QAC5C,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,MAAM;QAChB,YAAY,EAAE,OAAO;QACrB,UAAU,EAAE,WAAW;QACvB,WAAW,EAAE,kEAAkE;QAC/E,WAAW,EAAE,mHAAmH;KACjI;IACD,gBAAgB,EAAE;QAChB,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,6BAA6B;QACpC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,KAAK;QACf,YAAY,EAAE,OAAO;QACrB,UAAU,EAAE,WAAW;QACvB,WAAW,EAAE,4CAA4C;QACzD,WAAW,EAAE,+HAA+H;KAC7I;IACD,gBAAgB,EAAE;QAChB,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,mCAAmC;QAC1C,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,KAAK;QACf,YAAY,EAAE,OAAO;QACrB,UAAU,EAAE,WAAW;QACvB,WAAW,EAAE,+DAA+D;QAC5E,WAAW,EAAE,sGAAsG;KACpH;IACD,gBAAgB,EAAE;QAChB,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,gCAAgC;QACvC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,KAAK;QACf,YAAY,EAAE,OAAO;QACrB,UAAU,EAAE,WAAW;QACvB,WAAW,EAAE,wBAAwB;QACrC,WAAW,EAAE,gIAAgI;KAC9I;IACD,gBAAgB,EAAE;QAChB,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,uCAAuC;QAC9C,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,KAAK;QACf,YAAY,EAAE,OAAO;QACrB,UAAU,EAAE,WAAW;QACvB,WAAW,EAAE,sCAAsC;QACnD,WAAW,EAAE,+GAA+G;KAC7H;IACD,gBAAgB,EAAE;QAChB,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,6BAA6B;QACpC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,KAAK;QACf,YAAY,EAAE,OAAO;QACrB,UAAU,EAAE,WAAW;QACvB,WAAW,EAAE,kCAAkC;QAC/C,WAAW,EAAE,6GAA6G;KAC3H;IACD,gBAAgB,EAAE;QAChB,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,6BAA6B;QACpC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,KAAK;QACf,YAAY,EAAE,OAAO;QACrB,UAAU,EAAE,WAAW;QACvB,WAAW,EAAE,yCAAyC;QACtD,WAAW,EAAE,uHAAuH;KACrI;CACF,CAAC;AAEF,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E;;;GAGG;AACH,SAAgB,aAAa,CAAC,KAAkB;IAC9C,sBAAsB;IACtB,IAAI,KAAK,CAAC,MAAM,KAAK,YAAY,IAAI,KAAK,CAAC,QAAQ,KAAK,oBAAoB,EAAE,CAAC;QAC7E,MAAM,MAAM,GAAG,CAAC,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAClD,MAAM,MAAM,GAAG,CAAC,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAElD,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;YAC3D,KAAK,CAAC,MAAkC,EAAE,SAAS,KAAK,UAAU,EAAE,CAAC;YACxE,OAAO,uBAAe,CAAC,iBAAiB,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACrD,KAAK,CAAC,MAAkC,EAAE,SAAS,KAAK,UAAU,EAAE,CAAC;YACxE,OAAO,uBAAe,CAAC,iBAAiB,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACrD,KAAK,CAAC,MAAkC,EAAE,SAAS,KAAK,UAAU,EAAE,CAAC;YACxE,OAAO,uBAAe,CAAC,iBAAiB,CAAC,CAAC;QAC5C,CAAC;QACD,qBAAqB;QACrB,OAAO,uBAAe,CAAC,iBAAiB,CAAC,CAAC;IAC5C,CAAC;IAED,iCAAiC;IACjC,IAAI,KAAK,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;QACnC,IAAI,KAAK,CAAC,OAAO,KAAK,SAAS,IAAI,KAAK,CAAC,MAAM,KAAK,iBAAiB;YAChE,KAAK,CAAC,MAAkC,EAAE,OAAO,KAAK,UAAU,EAAE,CAAC;YACtE,OAAO,uBAAe,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QACD,IAAI,KAAK,CAAC,MAAM,KAAK,UAAU,IAAI,KAAK,CAAC,QAAQ,KAAK,iBAAiB,EAAE,CAAC;YACxE,OAAO,uBAAe,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,IAAI,KAAK,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC9B,IAAI,KAAK,CAAC,QAAQ,KAAK,WAAW,IAAI,KAAK,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;YACpE,OAAO,uBAAe,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QACD,IAAI,KAAK,CAAC,QAAQ,KAAK,oBAAoB,IAAI,KAAK,CAAC,QAAQ,KAAK,aAAa,EAAE,CAAC;YAChF,OAAO,IAAI,CAAC,CAAC,kCAAkC;QACjD,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QAC3B,IAAI,KAAK,CAAC,QAAQ,KAAK,eAAe,IAAI,KAAK,CAAC,QAAQ,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAChF,OAAO,uBAAe,CAAC,iBAAiB,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,KAAK,CAAC,QAAQ,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1C,OAAO,uBAAe,CAAC,iBAAiB,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,KAAK,CAAC,QAAQ,KAAK,SAAS,IAAI,KAAK,CAAC,QAAQ,KAAK,oBAAoB,EAAE,CAAC;YAC5E,OAAO,uBAAe,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,mCAAmC;IACnC,IAAI,KAAK,CAAC,MAAM,KAAK,UAAU,IAAI,KAAK,CAAC,QAAQ,EAAE,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QAC5E,IAAI,KAAK,CAAC,QAAQ,KAAK,MAAM,IAAI,KAAK,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;YAC/D,OAAO,uBAAe,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO,uBAAe,CAAC,gBAAgB,CAAC,CAAC;IAC3C,CAAC;IAED,kBAAkB;IAClB,IAAI,KAAK,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAChC,OAAO,uBAAe,CAAC,gBAAgB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,KAAK,WAAW,IAAI,CAAC,KAAK,CAAC,QAAQ,KAAK,MAAM,IAAI,KAAK,CAAC,QAAQ,KAAK,UAAU,CAAC,EAAE,CAAC;QAClG,OAAO,uBAAe,CAAC,gBAAgB,CAAC,CAAC;IAC3C,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAgB,cAAc,CAAC,MAAqB;IAClD,MAAM,GAAG,GAAG,IAAI,GAAG,EAA6B,CAAC;IAEjD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;QACrC,IAAI,CAAC,OAAO;YAAE,SAAS;QAEvB,MAAM,QAAQ,GAAG,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACrC,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,KAAK,IAAI,CAAC,CAAC;YACpB,IAAI,KAAK,CAAC,SAAS,GAAG,QAAQ,CAAC,SAAS;gBAAE,QAAQ,CAAC,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC;YAC/E,IAAI,KAAK,CAAC,SAAS,GAAG,QAAQ,CAAC,QAAQ;gBAAE,QAAQ,CAAC,QAAQ,GAAG,KAAK,CAAC,SAAS,CAAC;YAC7E,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;gBAAE,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClE,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE;gBAClB,OAAO;gBACP,KAAK,EAAE,CAAC;gBACR,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,QAAQ,EAAE,KAAK,CAAC,SAAS;gBACzB,QAAQ,EAAE,CAAC,KAAK,CAAC;aAClB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAkC;QACnD,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC;KACjD,CAAC;IAEF,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC5C,MAAM,OAAO,GAAG,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACtF,IAAI,OAAO,KAAK,CAAC;YAAE,OAAO,OAAO,CAAC;QAClC,OAAO,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,SAAgB,iBAAiB,CAAC,SAA0B;IAC1D,MAAM,MAAM,GAAG,CAAC,SAAS,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACtD,MAAM,MAAM,GAAG,CAAC,SAAS,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAEtD,gCAAgC;IAChC,IAAI,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACzF,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;YAAE,OAAO,uBAAe,CAAC,iBAAiB,CAAC,CAAC;QAC5E,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO,uBAAe,CAAC,iBAAiB,CAAC,CAAC;QACzE,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO,uBAAe,CAAC,iBAAiB,CAAC,CAAC;QACzE,OAAO,uBAAe,CAAC,iBAAiB,CAAC,CAAC;IAC5C,CAAC;IAED,qBAAqB;IACrB,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACtF,OAAO,uBAAe,CAAC,iBAAiB,CAAC,CAAC;IAC5C,CAAC;IAED,qBAAqB;IACrB,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACxF,OAAO,uBAAe,CAAC,iBAAiB,CAAC,CAAC;IAC5C,CAAC;IAED,8BAA8B;IAC9B,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3D,OAAO,uBAAe,CAAC,gBAAgB,CAAC,CAAC;IAC3C,CAAC;IAED,0BAA0B;IAC1B,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAC9F,OAAO,uBAAe,CAAC,gBAAgB,CAAC,CAAC;IAC3C,CAAC;IAED,4BAA4B;IAC5B,IAAI,SAAS,CAAC,QAAQ,KAAK,UAAU,IAAI,SAAS,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QACvE,OAAO,uBAAe,CAAC,gBAAgB,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,uBAAe,CAAC,gBAAgB,CAAC,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,SAAiB;IAC9C,MAAM,OAAO,GAAG,uBAAe,CAAC,SAAS,CAAC,CAAC;IAC3C,OAAO,OAAO,EAAE,WAAW,IAAI,0BAA0B,CAAC;AAC5D,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"integrity.d.ts","sourceRoot":"","sources":["../../src/shield/integrity.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,cAAc,EAAE,cAAc,EAAmB,MAAM,YAAY,CAAC;AAiBlF;;;GAGG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAMxD;AAMD;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAkBzD;AAED;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CACnC,UAAU,CAAC,EAAE,MAAM,GAClB;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAoCpC;AASD;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,KAAK,GAAG,MAAM,GAAG,MAAM,
|
|
1
|
+
{"version":3,"file":"integrity.d.ts","sourceRoot":"","sources":["../../src/shield/integrity.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,cAAc,EAAE,cAAc,EAAmB,MAAM,YAAY,CAAC;AAiBlF;;;GAGG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAMxD;AAMD;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAkBzD;AAED;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CACnC,UAAU,CAAC,EAAE,MAAM,GAClB;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAoCpC;AASD;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,KAAK,GAAG,MAAM,GAAG,MAAM,CA0BpE;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CACtC,KAAK,CAAC,EAAE,KAAK,GAAG,MAAM,GACrB,cAAc,CAoDhB;AAMD;;;GAGG;AACH,wBAAgB,sBAAsB,IAAI,cAAc,CA8BvD;AA8FD;;GAEG;AACH,wBAAgB,UAAU,IAAI,OAAO,CAEpC;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAkBlD;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,IAAI,CAKnC;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,GAAG,IAAI,CAajD;AAMD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE;IAC1C,KAAK,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;CACxB,GAAG,cAAc,CA8EjB"}
|
package/dist/shield/integrity.js
CHANGED
|
@@ -117,7 +117,9 @@ function getExpectedHookContent(shell) {
|
|
|
117
117
|
return [
|
|
118
118
|
HOOK_START_MARKER,
|
|
119
119
|
'opena2a_shield_preexec() {',
|
|
120
|
-
' opena2a shield evaluate "$1"',
|
|
120
|
+
' if ! opena2a shield evaluate "$1" 2>/dev/null; then',
|
|
121
|
+
' return 1',
|
|
122
|
+
' fi',
|
|
121
123
|
'}',
|
|
122
124
|
'autoload -Uz add-zsh-hook',
|
|
123
125
|
'add-zsh-hook preexec opena2a_shield_preexec',
|
|
@@ -128,7 +130,9 @@ function getExpectedHookContent(shell) {
|
|
|
128
130
|
return [
|
|
129
131
|
HOOK_START_MARKER,
|
|
130
132
|
'opena2a_shield_debug() {',
|
|
131
|
-
' opena2a shield evaluate "$BASH_COMMAND"',
|
|
133
|
+
' if ! opena2a shield evaluate "$BASH_COMMAND" 2>/dev/null; then',
|
|
134
|
+
' return 1',
|
|
135
|
+
' fi',
|
|
132
136
|
'}',
|
|
133
137
|
"trap 'opena2a_shield_debug' DEBUG",
|
|
134
138
|
HOOK_END_MARKER,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"integrity.js","sourceRoot":"","sources":["../../src/shield/integrity.ts"],"names":[],"mappings":";AAAA,gCAAgC;AAChC,6EAA6E;;AAkC7E,0CAMC;AAUD,4CAkBC;AAYD,sDAsCC;AAYD,
|
|
1
|
+
{"version":3,"file":"integrity.js","sourceRoot":"","sources":["../../src/shield/integrity.ts"],"names":[],"mappings":";AAAA,gCAAgC;AAChC,6EAA6E;;AAkC7E,0CAMC;AAUD,4CAkBC;AAYD,sDAsCC;AAYD,wDA0BC;AAMD,4DAsDC;AAUD,wDA8BC;AAiGD,gCAEC;AAKD,sCAkBC;AAKD,oCAKC;AAMD,8CAaC;AAqBD,gDAgFC;AA1fD,6CAAyC;AACzC,qCAMiB;AACjB,yCAAiC;AACjC,qCAAkC;AAGlC,yCAAgD;AAChD,6CAAkD;AAClD,2CAA2C;AAE3C,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,YAAY;IACnB,OAAO,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;AAC/C,CAAC;AAED,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E;;;GAGG;AACH,SAAgB,eAAe,CAAC,QAAgB;IAC9C,IAAI,CAAC,IAAA,oBAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,QAAQ,GAAG,IAAA,sBAAY,EAAC,QAAQ,CAAC,CAAC;IACxC,OAAO,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC7D,CAAC;AAED,8EAA8E;AAC9E,uCAAuC;AACvC,8EAA8E;AAE9E;;;GAGG;AACH,SAAgB,gBAAgB,CAAC,UAAkB;IACjD,MAAM,IAAI,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IAEjC,IAAI,CAAC,IAAA,oBAAU,EAAC,SAAS,CAAC,EAAE,CAAC;QAC3B,IAAA,mBAAS,EAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,MAAM,GAAG;QACb,IAAI;QACJ,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACrC,CAAC;IAEF,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;IACrD,IAAA,uBAAa,EAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;QACvD,QAAQ,EAAE,OAAO;QACjB,IAAI,EAAE,KAAK;KACZ,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,qBAAqB,CACnC,UAAmB;IAEnB,MAAM,YAAY,GAAG,UAAU,IAAI,IAAA,gBAAI,EAAC,YAAY,EAAE,EAAE,6BAAkB,CAAC,CAAC;IAE5E,IAAI,CAAC,IAAA,oBAAU,EAAC,YAAY,CAAC,EAAE,CAAC;QAC9B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,0CAA0C,EAAE,CAAC;IAC7E,CAAC;IAED,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,YAAY,EAAE,EAAE,kBAAkB,CAAC,CAAC;IAE1D,IAAI,CAAC,IAAA,oBAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO;YACL,KAAK,EAAE,IAAI;YACX,MAAM,EAAE,iDAAiD;SAC1D,CAAC;IACJ,CAAC;IAED,IAAI,QAA8C,CAAC;IACnD,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,sBAAY,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,0DAA0D;SACnE,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IAElD,IAAI,WAAW,KAAK,QAAQ,CAAC,IAAI,EAAE,CAAC;QAClC,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,qCAAqC,EAAE,CAAC;IACxE,CAAC;IAED,OAAO;QACL,KAAK,EAAE,KAAK;QACZ,MAAM,EAAE,uCAAuC,QAAQ,CAAC,UAAU,mBAAmB,QAAQ,CAAC,IAAI,SAAS,WAAW,GAAG;KAC1H,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,oCAAoC;AACpC,8EAA8E;AAE9E,MAAM,iBAAiB,GAAG,+BAA+B,CAAC;AAC1D,MAAM,eAAe,GAAG,+BAA+B,CAAC;AAExD;;GAEG;AACH,SAAgB,sBAAsB,CAAC,KAAqB;IAC1D,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;QACpB,OAAO;YACL,iBAAiB;YACjB,4BAA4B;YAC5B,uDAAuD;YACvD,cAAc;YACd,MAAM;YACN,GAAG;YACH,2BAA2B;YAC3B,6CAA6C;YAC7C,eAAe;SAChB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACf,CAAC;IAED,OAAO;IACP,OAAO;QACL,iBAAiB;QACjB,0BAA0B;QAC1B,kEAAkE;QAClE,cAAc;QACd,MAAM;QACN,GAAG;QACH,mCAAmC;QACnC,eAAe;KAChB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAgB,wBAAwB,CACtC,KAAsB;IAEtB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,aAAa,GAAG,KAAK,IAAI,KAAK,CAAC;IACrC,MAAM,MAAM,GACV,aAAa,KAAK,KAAK;QACrB,CAAC,CAAC,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,QAAQ,CAAC;QAC3B,CAAC,CAAC,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,SAAS,CAAC,CAAC;IAEjC,IAAI,CAAC,IAAA,oBAAU,EAAC,MAAM,CAAC,EAAE,CAAC;QACxB,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,WAAW,MAAM,kBAAkB;YAC3C,SAAS,EAAE,GAAG;SACf,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,IAAA,sBAAY,EAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAEhD,MAAM,QAAQ,GAAG,SAAS,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACtD,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAElD,IAAI,QAAQ,KAAK,CAAC,CAAC,IAAI,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;QACrC,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,sEAAsE;YAC9E,SAAS,EAAE,GAAG;SACf,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,SAAS;SAC7B,KAAK,CAAC,QAAQ,EAAE,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC;SAChD,IAAI,EAAE,CAAC;IACV,MAAM,QAAQ,GAAG,sBAAsB,CAAC,aAAa,CAAC,CAAC,IAAI,EAAE,CAAC;IAE9D,IAAI,cAAc,KAAK,QAAQ,EAAE,CAAC;QAChC,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,sCAAsC;YAC9C,SAAS,EAAE,GAAG;SACf,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,MAAM,EAAE,MAAM;QACd,MAAM,EACJ,6FAA6F;QAC/F,SAAS,EAAE,GAAG;KACf,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E;;;GAGG;AACH,SAAgB,sBAAsB;IACpC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAElC,IAAI,CAAC,IAAA,oBAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO;YACL,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,gCAAgC,QAAQ,GAAG;YACnD,SAAS,EAAE,GAAG;SACf,CAAC;IACJ,CAAC;IAED,8DAA8D;IAC9D,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;IACnD,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/C,OAAO;YACL,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,oBAAoB,UAAU,iDAAiD;YACvF,SAAS,EAAE,GAAG;SACf,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,MAAM;QACd,MAAM,EAAE,wBAAwB,QAAQ,GAAG;QAC3C,SAAS,EAAE,GAAG;KACf,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,wBAAwB;AACxB,8EAA8E;AAE9E;;;GAGG;AACH,SAAS,yBAAyB;IAChC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,UAAU,GAAG,IAAA,gBAAI,EAAC,YAAY,EAAE,EAAE,cAAc,CAAC,CAAC;IAExD,IAAI,CAAC,IAAA,oBAAU,EAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO;YACL,IAAI,EAAE,aAAa;YACnB,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,iDAAiD;YACzD,SAAS,EAAE,GAAG;SACf,CAAC;IACJ,CAAC;IAED,IAAI,KAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,sBAAY,EAAC,UAAU,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QACrD,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrB,OAAO;gBACL,IAAI,EAAE,aAAa;gBACnB,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,iDAAiD;gBACzD,SAAS,EAAE,GAAG;aACf,CAAC;QACJ,CAAC;QACD,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,IAAI,EAAE,aAAa;YACnB,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,6BAA6B;YACrC,SAAS,EAAE,GAAG;SACf,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,GAAG,wBAAY,CAAC;IAEhC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,KAAgD,CAAC;QACrD,IAAI,CAAC;YACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,IAAI,EAAE,aAAa;gBACnB,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,gCAAgC,CAAC,GAAG,CAAC,GAAG;gBAChD,SAAS,EAAE,GAAG;aACf,CAAC;QACJ,CAAC;QAED,IAAI,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;YAC9E,OAAO;gBACL,IAAI,EAAE,aAAa;gBACnB,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,iBAAiB,CAAC,GAAG,CAAC,oCAAoC;gBAClE,SAAS,EAAE,GAAG;aACf,CAAC;QACJ,CAAC;QAED,IAAI,KAAK,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;YACpC,OAAO;gBACL,IAAI,EAAE,aAAa;gBACnB,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,8BAA8B,CAAC,GAAG,CAAC,wBAAwB,YAAY,WAAW,KAAK,CAAC,QAAQ,IAAI;gBAC5G,SAAS,EAAE,GAAG;aACf,CAAC;QACJ,CAAC;QAED,YAAY,GAAG,KAAK,CAAC,SAAS,CAAC;IACjC,CAAC;IAED,OAAO;QACL,IAAI,EAAE,aAAa;QACnB,MAAM,EAAE,MAAM;QACd,MAAM,EAAE,4BAA4B,KAAK,CAAC,MAAM,UAAU;QAC1D,SAAS,EAAE,GAAG;KACf,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,sBAAsB;AACtB,8EAA8E;AAE9E,MAAM,aAAa,GAAG,UAAU,CAAC;AAEjC;;GAEG;AACH,SAAgB,UAAU;IACxB,OAAO,IAAA,oBAAU,EAAC,IAAA,gBAAI,EAAC,YAAY,EAAE,EAAE,aAAa,CAAC,CAAC,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa,CAAC,MAAc;IAC1C,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IAEjC,IAAI,CAAC,IAAA,oBAAU,EAAC,SAAS,CAAC,EAAE,CAAC;QAC3B,IAAA,mBAAS,EAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,MAAM,GAAG;QACb,MAAM;QACN,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,SAAS,EAAE,WAAW;KACvB,CAAC;IAEF,IAAA,uBAAa,EACX,IAAA,gBAAI,EAAC,SAAS,EAAE,aAAa,CAAC,EAC9B,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAC/B,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CACnC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY;IAC1B,MAAM,YAAY,GAAG,IAAA,gBAAI,EAAC,YAAY,EAAE,EAAE,aAAa,CAAC,CAAC;IACzD,IAAI,IAAA,oBAAU,EAAC,YAAY,CAAC,EAAE,CAAC;QAC7B,IAAA,oBAAU,EAAC,YAAY,CAAC,CAAC;IAC3B,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,iBAAiB;IAC/B,MAAM,YAAY,GAAG,IAAA,gBAAI,EAAC,YAAY,EAAE,EAAE,aAAa,CAAC,CAAC;IAEzD,IAAI,CAAC,IAAA,oBAAU,EAAC,YAAY,CAAC,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,sBAAY,EAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;QAC7D,OAAQ,IAAI,CAAC,MAAiB,IAAI,IAAI,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,iCAAiC;AACjC,8EAA8E;AAE9E;;;;;;;;;;;;;;GAcG;AACH,SAAgB,kBAAkB,CAAC,OAElC;IACC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAErC,8DAA8D;IAC9D,IAAI,UAAU,EAAE,EAAE,CAAC;QACjB,MAAM,MAAM,GAAG,iBAAiB,EAAE,IAAI,gBAAgB,CAAC;QACvD,OAAO;YACL,MAAM,EAAE,UAAU;YAClB,MAAM,EAAE;gBACN;oBACE,IAAI,EAAE,UAAU;oBAChB,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,0BAA0B,MAAM,EAAE;oBAC1C,SAAS,EAAE,GAAG;iBACf;aACF;YACD,YAAY,EAAE,GAAG;YACjB,SAAS,EAAE,EAAE;SACd,CAAC;IACJ,CAAC;IAED,sBAAsB;IACtB,MAAM,YAAY,GAAG,qBAAqB,EAAE,CAAC;IAC7C,MAAM,WAAW,GAAmB;QAClC,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;QAC5C,MAAM,EAAE,YAAY,CAAC,MAAM;QAC3B,SAAS,EAAE,GAAG;KACf,CAAC;IAEF,0BAA0B;IAC1B,MAAM,cAAc,GAAG,wBAAwB,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAE/D,2BAA2B;IAC3B,MAAM,eAAe,GAAG,yBAAyB,EAAE,CAAC;IAEpD,uBAAuB;IACvB,MAAM,YAAY,GAAG,sBAAsB,EAAE,CAAC;IAE9C,yBAAyB;IACzB,MAAM,cAAc,GAAG,IAAA,+BAAkB,GAAE,CAAC;IAC5C,MAAM,aAAa,GAAmB;QACpC,IAAI,EAAE,qBAAqB;QAC3B,MAAM,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;QAC9C,MAAM,EAAE,cAAc,CAAC,MAAM;QAC7B,SAAS,EAAE,GAAG;KACf,CAAC;IAEF,MAAM,MAAM,GAAqB;QAC/B,WAAW;QACX,cAAc;QACd,eAAe;QACf,YAAY;QACZ,aAAa;KACd,CAAC;IAEF,yBAAyB;IACzB,IAAI,MAAM,GAAoB,SAAS,CAAC;IAExC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;IACxD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;IAExD,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,GAAG,aAAa,CAAC;IACzB,CAAC;SAAM,IAAI,OAAO,EAAE,CAAC;QACnB,MAAM,GAAG,UAAU,CAAC;IACtB,CAAC;IAED,oEAAoE;IACpE,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACpF,MAAM,SAAS,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAExE,OAAO;QACL,MAAM;QACN,MAAM;QACN,YAAY,EAAE,GAAG;QACjB,SAAS;KACV,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Shield HTML Posture Report Generator.
|
|
3
|
+
*
|
|
4
|
+
* Generates a self-contained HTML file with:
|
|
5
|
+
* - Dark theme (slate-900 background, slate-800 cards)
|
|
6
|
+
* - Posture score circular gauge with grade letter
|
|
7
|
+
* - Severity breakdown horizontal bar chart
|
|
8
|
+
* - Agent activity table
|
|
9
|
+
* - Policy violations table with severity filter
|
|
10
|
+
* - Runtime protection, credential exposure, supply chain cards
|
|
11
|
+
* - Event timeline / narrative section
|
|
12
|
+
*
|
|
13
|
+
* Design tokens:
|
|
14
|
+
* Background: #0f172a (slate-900), Card: #1e293b (slate-800)
|
|
15
|
+
* Primary: #06b6d4 (teal), Score: teal
|
|
16
|
+
* Critical: #ef4444, High: #f97316, Medium: #eab308, Low: #3b82f6, Info: #6b7280
|
|
17
|
+
* Font: system monospace (JetBrains Mono fallback)
|
|
18
|
+
*
|
|
19
|
+
* No external dependencies. No emojis.
|
|
20
|
+
*/
|
|
21
|
+
import type { WeeklyReport, ReportNarrative, PostureTrend } from './types.js';
|
|
22
|
+
import type { ClassifiedFinding } from './findings.js';
|
|
23
|
+
/**
|
|
24
|
+
* Generate the executive summary text from report data.
|
|
25
|
+
* No LLM needed -- deterministic sentence generation.
|
|
26
|
+
*/
|
|
27
|
+
export declare function generateExecutiveSummary(report: WeeklyReport, findings: ClassifiedFinding[], trend: PostureTrend | null): string;
|
|
28
|
+
export declare function generateShieldHtmlReport(report: WeeklyReport, narrative?: ReportNarrative | null, findings?: ClassifiedFinding[], trend?: PostureTrend | null): string;
|
|
29
|
+
//# sourceMappingURL=report-html.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"report-html.d.ts","sourceRoot":"","sources":["../../src/shield/report-html.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC9E,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAEvD;;;GAGG;AACH,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,YAAY,EACpB,QAAQ,EAAE,iBAAiB,EAAE,EAC7B,KAAK,EAAE,YAAY,GAAG,IAAI,GACzB,MAAM,CAkER;AAED,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,YAAY,EACpB,SAAS,CAAC,EAAE,eAAe,GAAG,IAAI,EAClC,QAAQ,CAAC,EAAE,iBAAiB,EAAE,EAC9B,KAAK,CAAC,EAAE,YAAY,GAAG,IAAI,GAC1B,MAAM,CAsER"}
|