pumuki 6.3.339 → 6.3.340

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/core/facts/detectors/text/ios.test.ts +9 -0
  2. package/core/facts/detectors/text/ios.ts +18 -10
  3. package/package.json +1 -1
package/core/facts/detectors/text/ios.test.ts CHANGED
@@ -1979,12 +1979,21 @@ final class Credentials {
1979
1979
  let label = "public title"
1980
1980
  // let apiKey = "sk_live_123456789"
1981
1981
  }
1982
+ `;
1983
+ const emptyFormDefaults = `
1984
+ @MainActor
1985
+ public final class BuyerAppViewModel {
1986
+ public var authEmail: String = ""
1987
+ public var authPassword: String = ""
1988
+ }
1982
1989
  `;
1983
1990
 
1984
1991
  assert.equal(hasSwiftHardcodedSensitiveStringUsage(source), true);
1985
1992
  assert.deepEqual(collectSwiftHardcodedSensitiveStringLines(source), [3, 4]);
1986
1993
  assert.equal(hasSwiftHardcodedSensitiveStringUsage(safe), false);
1987
1994
  assert.deepEqual(collectSwiftHardcodedSensitiveStringLines(safe), []);
1995
+ assert.equal(hasSwiftHardcodedSensitiveStringUsage(emptyFormDefaults), false);
1996
+ assert.deepEqual(collectSwiftHardcodedSensitiveStringLines(emptyFormDefaults), []);
1988
1997
  });
1989
1998
 
1990
1999
  test('hasSwiftUnlocalizedDateFormatterUsage detecta dateFormat fijo sin locale explicito', () => {
package/core/facts/detectors/text/ios.ts CHANGED
@@ -1718,18 +1718,26 @@ export const collectSwiftSensitiveLoggingLines = (source: string): readonly numb
1718
1718
  return sortedUniqueLines(lines);
1719
1719
  };
1720
1720
 
1721
- export const hasSwiftHardcodedSensitiveStringUsage = (source: string): boolean => {
1722
- return collectSwiftRegexLines(
1723
- source,
1724
- /\b(?:(?:private|fileprivate|internal|public|open|static|class|final|lazy)\s+)*(?:let|var)\s+(?=[A-Za-z_])[A-Za-z0-9_]*(?:token|secret|password|apikey|clientsecret|privatekey|sessionid)[A-Za-z0-9_]*\s*(?::\s*String\s*)?=\s*""/i
1725
- ).length > 0;
1726
- };
1721
+ const swiftHardcodedSensitiveStringPattern =
1722
+ /\b(?:(?:private|fileprivate|internal|public|open|static|class|final|lazy)\s+)*(?:let|var)\s+(?=[A-Za-z_])[A-Za-z0-9_]*(?:token|secret|password|apikey|clientsecret|privatekey|sessionid)[A-Za-z0-9_]*\s*(?::\s*String\s*)?=\s*"((?:\\.|[^"\\])*)"/i;
1727
1723
 
1728
1724
  export const collectSwiftHardcodedSensitiveStringLines = (source: string): readonly number[] => {
1729
- return collectSwiftRegexLines(
1730
- source,
1731
- /\b(?:(?:private|fileprivate|internal|public|open|static|class|final|lazy)\s+)*(?:let|var)\s+(?=[A-Za-z_])[A-Za-z0-9_]*(?:token|secret|password|apikey|clientsecret|privatekey|sessionid)[A-Za-z0-9_]*\s*(?::\s*String\s*)?=\s*""/i
1732
- );
1725
+ const matches: number[] = [];
1726
+
1727
+ source.split(/\r?\n/).forEach((rawLine, index) => {
1728
+ const line = rawLine.replace(/\/\/.*$/, '');
1729
+ const match = swiftHardcodedSensitiveStringPattern.exec(line);
1730
+ const literalValue = match?.[1] ?? '';
1731
+ if (literalValue.length > 0) {
1732
+ matches.push(index + 1);
1733
+ }
1734
+ });
1735
+
1736
+ return matches;
1737
+ };
1738
+
1739
+ export const hasSwiftHardcodedSensitiveStringUsage = (source: string): boolean => {
1740
+ return collectSwiftHardcodedSensitiveStringLines(source).length > 0;
1733
1741
  };
1734
1742
 
1735
1743
  export const hasSwiftUnlocalizedDateFormatterUsage = (source: string): boolean => {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "pumuki",
3
- "version": "6.3.339",
3
+ "version": "6.3.340",
4
4
  "description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
5
5
  "main": "index.js",
6
6
  "bin": {