opensecurity 0.2.1 → 0.3.0

package/README.md

@@ -303,7 +303,8 @@ Global config: `~/.config/opensecurity/config.json`
 
 ## Rules
 
-Default rules are in `src/rules/defaultRules.ts`.
+Default rules are in `src/engines/rules/defaultRules.ts`.
+Taint rule coverage by language: `docs/coverage-matrix.md`.
 You can override with a JSON file (`--rules` or `rulesPath`).
 
 Pattern-based detectors run alongside rules (hardcoded secrets, insecure crypto, unsafe deserialization).

package/dist/adapters/semgrep.js

@@ -52,7 +52,7 @@ export const semgrepAdapter = {
             description: item.extra?.message ?? "Semgrep issue detected.",
             file: normalizePath(item.path ?? "", cwd),
             line: item.start?.line ? Number(item.start.line) : undefined,
-            column: item.start?.col ? Number(item.start.col) : undefined,
+            column: item.start?.col ? Number(item.start.col) + 1 : undefined,
             category: "code"
         }));
     }

package/dist/core/config.js

@@ -0,0 +1,72 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+import os from "node:os";
+export const DEFAULT_INCLUDE = ["**/*"];
+export const DEFAULT_EXCLUDE = [
+    "**/.git/**",
+    "**/node_modules/**",
+    "**/dist/**",
+    "**/build/**",
+    "**/coverage/**",
+    "**/.opensecurity.json",
+    "**/.opensecurity-cache.json",
+    "**/.opensecurity/ai-cache.json",
+    "**/.opensecurity/native-taint-cache.json"
+];
+const DEFAULT_GLOBALS = {
+    baseUrl: "https://api.openai.com/v1/responses",
+    model: "gpt-4o-mini",
+    apiType: "responses",
+    provider: "openai"
+};
+export function getConfigDir(env = process.env) {
+    const override = env.OPENSECURITY_CONFIG_HOME;
+    if (override && override.trim())
+        return override;
+    return path.join(os.homedir(), ".config", "opensecurity");
+}
+export function getGlobalConfigPath(env = process.env) {
+    return path.join(getConfigDir(env), "config.json");
+}
+export function getProjectConfigPath(cwd = process.cwd()) {
+    return path.join(cwd, ".opensecurity.json");
+}
+async function readJsonFile(filePath) {
+    try {
+        const raw = await fs.readFile(filePath, "utf8");
+        return JSON.parse(raw);
+    }
+    catch (err) {
+        if (err?.code === "ENOENT")
+            return null;
+        throw err;
+    }
+}
+async function writeJsonFile(filePath, data) {
+    await fs.mkdir(path.dirname(filePath), { recursive: true });
+    await fs.writeFile(filePath, JSON.stringify(data, null, 2), "utf8");
+}
+export async function loadGlobalConfig(env = process.env) {
+    const filePath = getGlobalConfigPath(env);
+    const existing = await readJsonFile(filePath);
+    return {
+        ...DEFAULT_GLOBALS,
+        ...(existing ?? {})
+    };
+}
+export async function saveGlobalConfig(config, env = process.env) {
+    const current = await loadGlobalConfig(env);
+    const merged = { ...current, ...config };
+    await writeJsonFile(getGlobalConfigPath(env), merged);
+}
+export async function loadProjectConfig(cwd = process.cwd()) {
+    const filePath = getProjectConfigPath(cwd);
+    const existing = await readJsonFile(filePath);
+    return existing ?? {};
+}
+export function resolveProjectFilters(project) {
+    return {
+        include: project.include?.length ? project.include : [...DEFAULT_INCLUDE],
+        exclude: project.exclude?.length ? project.exclude : [...DEFAULT_EXCLUDE]
+    };
+}