scriptguard 1.0.4 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/scanners/index.ts"],"names":[],"mappings":"AAAA,sCAAsC;AAEtC,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,SAAS,EAAE,eAAe,EAAE,SAAS,EAAkB,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/scanners/index.ts"],"names":[],"mappings":"AAAA,sCAAsC;AAEtC,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,SAAS,EAAE,eAAe,EAAE,SAAS,EAAkB,MAAM,mBAAmB,CAAC;AA8FxH,wBAAsB,WAAW,CAAC,OAAO,EAAE,WAAW,GAAG;IAAE,EAAE,CAAC,EAAE,SAAS,CAAA;CAAE,GAAG,OAAO,CAAC,UAAU,CAAC,CAqBhG;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,WAAW,GAAG,UAAU,CAIhE;AAED,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,UAAU,CAS5D;AAED,wBAAsB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAaxG;AAED,wBAAgB,UAAU,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,SAAS,GAAG,OAAO,CAM7E;AAED,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,eAAe,EAAE,EAAE,QAAQ,EAAE,SAAS,GAAG,eAAe,EAAE,CAQrG"}
|
package/dist/scanners/index.js
CHANGED
|
@@ -85,6 +85,43 @@ function aggregateResults(analyses, startTime) {
|
|
|
85
85
|
scanDurationMs: Date.now() - startTime,
|
|
86
86
|
};
|
|
87
87
|
}
|
|
88
|
+
/**
|
|
89
|
+
* Recompute per-package and overall risk scores/levels from (potentially AI-adjusted) findings.
|
|
90
|
+
*/
|
|
91
|
+
function recalculateOverall(result) {
|
|
92
|
+
const analyses = result.analyses;
|
|
93
|
+
// Recalculate per-package scores from their findings (including synthetic AI findings)
|
|
94
|
+
for (const analysis of analyses) {
|
|
95
|
+
analysis.riskScore = (0, lifecycle_js_1.calculateRiskScore)(analysis.findings);
|
|
96
|
+
analysis.riskLevel = (0, lifecycle_js_1.riskLevelFromScore)(analysis.riskScore);
|
|
97
|
+
}
|
|
98
|
+
// Recalculate findings by level
|
|
99
|
+
const findingsByLevel = { low: 0, medium: 0, high: 0, critical: 0 };
|
|
100
|
+
for (const a of analyses) {
|
|
101
|
+
for (const f of a.findings) {
|
|
102
|
+
findingsByLevel[f.riskLevel]++;
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
// Recalculate overall risk score
|
|
106
|
+
let overallRiskScore = 0;
|
|
107
|
+
if (analyses.length > 0) {
|
|
108
|
+
const total = analyses.reduce((sum, a) => sum + a.riskScore, 0);
|
|
109
|
+
overallRiskScore = Math.round(total / analyses.length);
|
|
110
|
+
const maxScore = Math.max(...analyses.map((a) => a.riskScore));
|
|
111
|
+
overallRiskScore = Math.min(100, Math.round(overallRiskScore * 0.3 + maxScore * 0.7));
|
|
112
|
+
}
|
|
113
|
+
let overallRiskLevel = 'low';
|
|
114
|
+
if (findingsByLevel.critical > 0)
|
|
115
|
+
overallRiskLevel = 'critical';
|
|
116
|
+
else if (findingsByLevel.high > 0)
|
|
117
|
+
overallRiskLevel = 'high';
|
|
118
|
+
else if (findingsByLevel.medium > 0)
|
|
119
|
+
overallRiskLevel = 'medium';
|
|
120
|
+
result.totalFindings = analyses.reduce((sum, a) => sum + a.findings.length, 0);
|
|
121
|
+
result.overallRiskScore = overallRiskScore;
|
|
122
|
+
result.overallRiskLevel = overallRiskLevel;
|
|
123
|
+
result.findingsByLevel = findingsByLevel;
|
|
124
|
+
}
|
|
88
125
|
async function scanProject(options) {
|
|
89
126
|
const startTime = Date.now();
|
|
90
127
|
const analyses = (0, lifecycle_js_1.scanInstalledPackages)(options.path, options.includeDev, { ast: options.ast, deobfuscate: options.deobfuscate });
|
|
@@ -176,29 +213,23 @@ async function enrichWithAI(result, aiOptions) {
|
|
|
176
213
|
analysis.aiAnalysis = aiAnalysis;
|
|
177
214
|
totalFalsePositivesFiltered += aiAnalysis.falsePositivesFiltered;
|
|
178
215
|
totalNewThreatsDetected += aiAnalysis.newThreatsDetected;
|
|
179
|
-
//
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
216
|
+
// Create synthetic findings from AI threat insights so that
|
|
217
|
+
// findingsByLevel, overallRiskLevel, and shouldFail reflect AI-detected threats
|
|
218
|
+
const threatInsights = aiAnalysis.insights.filter(i => i.type === 'threat');
|
|
219
|
+
if (threatInsights.length > 0) {
|
|
220
|
+
const bestScript = Object.keys(analysis.scripts)[0] || 'unknown';
|
|
221
|
+
const scriptContent = analysis.scripts[bestScript] || '';
|
|
222
|
+
for (const insight of threatInsights) {
|
|
223
|
+
analysis.findings.push({
|
|
224
|
+
package: analysis.name,
|
|
225
|
+
scriptName: bestScript,
|
|
226
|
+
scriptContent,
|
|
227
|
+
pattern: 'ai-threat',
|
|
228
|
+
description: insight.description,
|
|
229
|
+
riskLevel: insight.severity,
|
|
230
|
+
match: insight.attackTechnique || insight.description.substring(0, 80),
|
|
231
|
+
});
|
|
192
232
|
}
|
|
193
|
-
// Recalculate risk level
|
|
194
|
-
if (analysis.riskScore >= 75)
|
|
195
|
-
analysis.riskLevel = 'critical';
|
|
196
|
-
else if (analysis.riskScore >= 50)
|
|
197
|
-
analysis.riskLevel = 'high';
|
|
198
|
-
else if (analysis.riskScore >= 25)
|
|
199
|
-
analysis.riskLevel = 'medium';
|
|
200
|
-
else
|
|
201
|
-
analysis.riskLevel = 'low';
|
|
202
233
|
}
|
|
203
234
|
}
|
|
204
235
|
}
|
|
@@ -209,6 +240,8 @@ async function enrichWithAI(result, aiOptions) {
|
|
|
209
240
|
totalNewThreatsDetected,
|
|
210
241
|
durationMs: Date.now() - aiStartTime,
|
|
211
242
|
};
|
|
243
|
+
// Recompute overall score/level now that per-package scores may have changed
|
|
244
|
+
recalculateOverall(result);
|
|
212
245
|
return result;
|
|
213
246
|
}
|
|
214
247
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/scanners/index.ts"],"names":[],"mappings":";AAAA,sCAAsC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/scanners/index.ts"],"names":[],"mappings":";AAAA,sCAAsC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgGtC,kCAqBC;AAED,0CAIC;AAED,0CASC;AAED,sDAaC;AAED,gCAMC;AAED,8CAQC;AApKD,iDAA+G;AAC/G,6CAAiD;AACjD,4CAA8B;AAC9B,gDAAkC;AAElC,MAAM,gBAAgB,GAA8B;IAClD,GAAG,EAAE,CAAC;IACN,MAAM,EAAE,CAAC;IACT,IAAI,EAAE,CAAC;IACP,QAAQ,EAAE,CAAC;CACZ,CAAC;AAEF,SAAS,gBAAgB,CACvB,QAA2B,EAC3B,SAAiB;IAEjB,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC9E,MAAM,eAAe,GAA8B,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IAE/F,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC3B,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,CAAC;IACH,CAAC;IAED,MAAM,mBAAmB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC;IAE7F,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;QAChE,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;QACvD,wBAAwB;QACxB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;QAC/D,gBAAgB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,gBAAgB,GAAG,GAAG,GAAG,QAAQ,GAAG,GAAG,CAAC,CAAC,CAAC;IACxF,CAAC;IAED,IAAI,gBAAgB,GAAc,KAAK,CAAC;IACxC,IAAI,eAAe,CAAC,QAAQ,GAAG,CAAC;QAAE,gBAAgB,GAAG,UAAU,CAAC;SAC3D,IAAI,eAAe,CAAC,IAAI,GAAG,CAAC;QAAE,gBAAgB,GAAG,MAAM,CAAC;SACxD,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC;QAAE,gBAAgB,GAAG,QAAQ,CAAC;IAEjE,OAAO;QACL,aAAa,EAAE,QAAQ,CAAC,MAAM;QAC9B,mBAAmB;QACnB,QAAQ;QACR,aAAa;QACb,eAAe;QACf,gBAAgB;QAChB,gBAAgB;QAChB,cAAc,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;KACvC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,MAAkB;IAC5C,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;IAEjC,uFAAuF;IACvF,KAAK,MAAM,QAAQ,IAAI,QAAQ,EAAE,CAAC;QAChC,QAAQ,CAAC,SAAS,GAAG,IAAA,iCAAkB,EAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC3D,QAAQ,CAAC,SAAS,GAAG,IAAA,iCAAkB,EAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAC9D,CAAC;IAED,gCAAgC;IAChC,MAAM,eAAe,GAA8B,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IAC/F,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC3B,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,CAAC;IACH,CAAC;IAED,iCAAiC;IACjC,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;QAChE,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;QACvD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;QAC/D,gBAAgB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,gBAAgB,GAAG,GAAG,GAAG,QAAQ,GAAG,GAAG,CAAC,CAAC,CAAC;IACxF,CAAC;IAED,IAAI,gBAAgB,GAAc,KAAK,CAAC;IACxC,IAAI,eAAe,CAAC,QAAQ,GAAG,CAAC;QAAE,gBAAgB,GAAG,UAAU,CAAC;SAC3D,IAAI,eAAe,CAAC,IAAI,GAAG,CAAC;QAAE,gBAAgB,GAAG,MAAM,CAAC;SACxD,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC;QAAE,gBAAgB,GAAG,QAAQ,CAAC;IAEjE,MAAM,CAAC,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC/E,MAAM,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;IAC3C,MAAM,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;IAC3C,MAAM,CAAC,eAAe,GAAG,eAAe,CAAC;AAC3C,CAAC;AAEM,KAAK,UAAU,WAAW,CAAC,OAAyC;IACzE,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,QAAQ,GAAG,IAAA,oCAAqB,EACpC,OAAO,CAAC,IAAI,EACZ,OAAO,CAAC,UAAU,EAClB,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CACvD,CAAC;IACF,IAAI,MAAM,GAAG,gBAAgB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAEnD,gCAAgC;IAChC,IAAI,OAAO,CAAC,EAAE,EAAE,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,iEAAiE;YACjE,OAAO,CAAC,IAAI,CAAC,+BAA+B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7D,OAAO,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,eAAe,CAAC,OAAoB;IAClD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,QAAQ,GAAG,IAAA,oCAAqB,EAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IACzE,OAAO,gBAAgB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;AAC/C,CAAC;AAED,SAAgB,eAAe,CAAC,QAAgB;IAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,IAAA,6BAAc,EAC7B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,EACjE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,OAAO,IAAI,SAAS,EACxC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,OAAO,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,gBAAgB,CAAC,CAAC,QAAQ,CAAC,EAAE,SAAS,CAAC,CAAC;AACjD,CAAC;AAEM,KAAK,UAAU,qBAAqB,CAAC,QAAgB,EAAE,SAAqB;IACjF,IAAI,MAAM,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;IAEvC,IAAI,SAAS,EAAE,OAAO,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,OAAO,CAAC,IAAI,CAAC,+BAA+B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7D,OAAO,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,UAAU,CAAC,MAAkB,EAAE,SAAqB;IAClE,IAAI,CAAC,SAAS;QAAE,OAAO,KAAK,CAAC;IAC7B,MAAM,SAAS,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;IAC9C,OAAO,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAChC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,CACnE,CAAC;AACJ,CAAC;AAED,SAAgB,iBAAiB,CAAC,QAA2B,EAAE,QAAmB;IAChF,MAAM,SAAS,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC7C,OAAO,QAAQ;SACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACX,GAAG,CAAC;QACJ,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC;KAC/E,CAAC,CAAC;SACF,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,YAAY,CAAC,MAAkB,EAAE,SAAoB;IAClE,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE/B,8EAA8E;IAC9E,MAAM,iBAAiB,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAC9C,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAChE,CAAC;IAEF,IAAI,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,sBAAsB;IACtB,MAAM,YAAY,GAAmB;QACnC,QAAQ,EAAE,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACpC,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;SACrB,CAAC,CAAC;QACH,IAAI,EAAE,SAAS,CAAC,IAAI,IAAI,UAAU;KACnC,CAAC;IAEF,kBAAkB;IAClB,MAAM,MAAM,GAAG,IAAA,0BAAe,EAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;IAE3D,sCAAsC;IACtC,MAAM,UAAU,GAAG,IAAI,GAAG,CACxB,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,CAC/D,CAAC;IAEF,IAAI,2BAA2B,GAAG,CAAC,CAAC;IACpC,IAAI,uBAAuB,GAAG,CAAC,CAAC;IAEhC,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,GAAG,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;QACnD,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAEvC,IAAI,UAAU,EAAE,CAAC;YACf,0CAA0C;YAC1C,QAAQ,CAAC,UAAU,GAAG,UAAU,CAAC;YAEjC,2BAA2B,IAAI,UAAU,CAAC,sBAAsB,CAAC;YACjE,uBAAuB,IAAI,UAAU,CAAC,kBAAkB,CAAC;YAEzD,4DAA4D;YAC5D,gFAAgF;YAChF,MAAM,cAAc,GAAG,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;YAC5E,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC;gBACjE,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;gBACzD,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;oBACrC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC;wBACrB,OAAO,EAAE,QAAQ,CAAC,IAAI;wBACtB,UAAU,EAAE,UAAU;wBACtB,aAAa;wBACb,OAAO,EAAE,WAAW;wBACpB,WAAW,EAAE,OAAO,CAAC,WAAW;wBAChC,SAAS,EAAE,OAAO,CAAC,QAAQ;wBAC3B,KAAK,EAAE,OAAO,CAAC,eAAe,IAAI,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;qBACvE,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,MAAM,CAAC,UAAU,GAAG;QAClB,eAAe,EAAE,UAAU,CAAC,eAAe;QAC3C,2BAA2B;QAC3B,uBAAuB;QACvB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW;KACrC,CAAC;IAEF,6EAA6E;IAC7E,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAE3B,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../src/scanners/patterns.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAE5E,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD,eAAO,MAAM,aAAa,EAAE,WAAW,
|
|
1
|
+
{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../src/scanners/patterns.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAE5E,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD,eAAO,MAAM,aAAa,EAAE,WAAW,EAuNtC,CAAC"}
|
|
@@ -46,6 +46,13 @@ exports.PATTERN_RULES = [
|
|
|
46
46
|
description: 'DNS lookup — can be used for DNS-based data exfiltration',
|
|
47
47
|
category: 'network',
|
|
48
48
|
},
|
|
49
|
+
{
|
|
50
|
+
name: 'geo-ip-lookup',
|
|
51
|
+
pattern: /(?:ipgeo|geolocation|ipify|ipinfo|ip-api|freegeoip|ipgeolocation)\.(?:io|com|net|org)|\/ipgeo\?|geoip/,
|
|
52
|
+
riskLevel: 'critical',
|
|
53
|
+
description: 'IP geolocation lookup — targeting based on location',
|
|
54
|
+
category: 'network',
|
|
55
|
+
},
|
|
49
56
|
// === EXECUTION — arbitrary code execution ===
|
|
50
57
|
{
|
|
51
58
|
name: 'eval-usage',
|
|
@@ -125,6 +132,20 @@ exports.PATTERN_RULES = [
|
|
|
125
132
|
description: 'Makes a file executable',
|
|
126
133
|
category: 'filesystem',
|
|
127
134
|
},
|
|
135
|
+
{
|
|
136
|
+
name: 'fs-write',
|
|
137
|
+
pattern: /fs\.(writeFile|writeFileSync|appendFile|appendFileSync|unlink|unlinkSync|rename|renameSync|rmdir|rmdirSync)\s*\(/,
|
|
138
|
+
riskLevel: 'high',
|
|
139
|
+
description: 'Writes or modifies files on the filesystem',
|
|
140
|
+
category: 'filesystem',
|
|
141
|
+
},
|
|
142
|
+
{
|
|
143
|
+
name: 'home-dir-access',
|
|
144
|
+
pattern: /homedir\s*\(\)/,
|
|
145
|
+
riskLevel: 'high',
|
|
146
|
+
description: 'Accesses the user home directory path',
|
|
147
|
+
category: 'filesystem',
|
|
148
|
+
},
|
|
128
149
|
// === EXFILTRATION — stealing data ===
|
|
129
150
|
{
|
|
130
151
|
name: 'env-exfil',
|
|
@@ -147,6 +168,13 @@ exports.PATTERN_RULES = [
|
|
|
147
168
|
description: 'Accesses macOS Keychain or credential store',
|
|
148
169
|
category: 'exfiltration',
|
|
149
170
|
},
|
|
171
|
+
{
|
|
172
|
+
name: 'network-interfaces',
|
|
173
|
+
pattern: /networkInterfaces\s*\(\)/,
|
|
174
|
+
riskLevel: 'medium',
|
|
175
|
+
description: 'Enumerates network interfaces — information gathering',
|
|
176
|
+
category: 'exfiltration',
|
|
177
|
+
},
|
|
150
178
|
// === OBFUSCATION — hiding malicious intent ===
|
|
151
179
|
{
|
|
152
180
|
name: 'base64-exec',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/scanners/patterns.ts"],"names":[],"mappings":";AAAA,4EAA4E;;;AAI/D,QAAA,aAAa,GAAkB;IAC1C,8CAA8C;IAC9C;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,uCAAuC;QAChD,SAAS,EAAE,UAAU;QACrB,WAAW,EAAE,kDAAkD;QAC/D,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,oCAAoC;QAC7C,SAAS,EAAE,UAAU;QACrB,WAAW,EAAE,kDAAkD;QAC/D,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,kBAAkB;QAC3B,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,mDAAmD;QAChE,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,qCAAqC;QAC9C,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,kDAAkD;QAC/D,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,qFAAqF;QAC9F,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,gCAAgC;QAC7C,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,+CAA+C;QACxD,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,0DAA0D;QACvE,QAAQ,EAAE,SAAS;KACpB;IAED,+CAA+C;IAC/C;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,6CAA6C;QACtD,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,6DAA6D;QAC1E,QAAQ,EAAE,WAAW;KACtB;IACD;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,sDAAsD;QAC/D,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,uDAAuD;QACpE,QAAQ,EAAE,WAAW;KACtB;IACD;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,iEAAiE;QAC1E,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,wBAAwB;QACrC,QAAQ,EAAE,WAAW;KACtB;IACD;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,cAAc;QACvB,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,0CAA0C;QACvD,QAAQ,EAAE,WAAW;KACtB;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,yBAAyB;QAClC,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,2CAA2C;QACxD,QAAQ,EAAE,WAAW;KACtB;IAED,6CAA6C;IAC7C;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,iDAAiD;QAC1D,SAAS,EAAE,UAAU;QACrB,WAAW,EAAE,2CAA2C;QACxD,QAAQ,EAAE,YAAY;KACvB;IACD;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,yDAAyD;QAClE,SAAS,EAAE,UAAU;QACrB,WAAW,EAAE,wDAAwD;QACrE,QAAQ,EAAE,YAAY;KACvB;IACD;QACE,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,0CAA0C;QACnD,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,uCAAuC;QACpD,QAAQ,EAAE,YAAY;KACvB;IACD;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,wCAAwC;QACjD,SAAS,EAAE,UAAU;QACrB,WAAW,EAAE,+BAA+B;QAC5C,QAAQ,EAAE,YAAY;KACvB;IACD;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,8DAA8D;QACvE,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,qCAAqC;QAClD,QAAQ,EAAE,YAAY;KACvB;IACD;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,aAAa;QACtB,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,yBAAyB;QACtC,QAAQ,EAAE,YAAY;KACvB;IAED,uCAAuC;IACvC;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,wCAAwC;QACjD,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,mDAAmD;QAChE,QAAQ,EAAE,cAAc;KACzB;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,iCAAiC;QAC1C,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,mDAAmD;QAChE,QAAQ,EAAE,cAAc;KACzB;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,kDAAkD;QAC3D,SAAS,EAAE,UAAU;QACrB,WAAW,EAAE,6CAA6C;QAC1D,QAAQ,EAAE,cAAc;KACzB;IAED,gDAAgD;IAChD;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,mGAAmG;QAC5G,SAAS,EAAE,UAAU;QACrB,WAAW,EAAE,yDAAyD;QACtE,QAAQ,EAAE,aAAa;KACxB;IACD;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,yDAAyD;QAClE,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,6CAA6C;QAC1D,QAAQ,EAAE,aAAa;KACxB;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,yDAAyD;QAClE,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,iDAAiD;QAC9D,QAAQ,EAAE,aAAa;KACxB;IAED,wCAAwC;IACxC;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,oDAAoD;QAC7D,SAAS,EAAE,UAAU;QACrB,WAAW,EAAE,gCAAgC;QAC7C,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,iDAAiD;QAC1D,SAAS,EAAE,UAAU;QACrB,WAAW,EAAE,8CAA8C;QAC3D,QAAQ,EAAE,WAAW;KACtB;CACF,CAAC"}
|
|
1
|
+
{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/scanners/patterns.ts"],"names":[],"mappings":";AAAA,4EAA4E;;;AAI/D,QAAA,aAAa,GAAkB;IAC1C,8CAA8C;IAC9C;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,uCAAuC;QAChD,SAAS,EAAE,UAAU;QACrB,WAAW,EAAE,kDAAkD;QAC/D,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,oCAAoC;QAC7C,SAAS,EAAE,UAAU;QACrB,WAAW,EAAE,kDAAkD;QAC/D,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,kBAAkB;QAC3B,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,mDAAmD;QAChE,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,qCAAqC;QAC9C,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,kDAAkD;QAC/D,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,qFAAqF;QAC9F,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,gCAAgC;QAC7C,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,+CAA+C;QACxD,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,0DAA0D;QACvE,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,uGAAuG;QAChH,SAAS,EAAE,UAAU;QACrB,WAAW,EAAE,qDAAqD;QAClE,QAAQ,EAAE,SAAS;KACpB;IAED,+CAA+C;IAC/C;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,6CAA6C;QACtD,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,6DAA6D;QAC1E,QAAQ,EAAE,WAAW;KACtB;IACD;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,sDAAsD;QAC/D,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,uDAAuD;QACpE,QAAQ,EAAE,WAAW;KACtB;IACD;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,iEAAiE;QAC1E,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,wBAAwB;QACrC,QAAQ,EAAE,WAAW;KACtB;IACD;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,cAAc;QACvB,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,0CAA0C;QACvD,QAAQ,EAAE,WAAW;KACtB;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,yBAAyB;QAClC,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,2CAA2C;QACxD,QAAQ,EAAE,WAAW;KACtB;IAED,6CAA6C;IAC7C;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,iDAAiD;QAC1D,SAAS,EAAE,UAAU;QACrB,WAAW,EAAE,2CAA2C;QACxD,QAAQ,EAAE,YAAY;KACvB;IACD;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,yDAAyD;QAClE,SAAS,EAAE,UAAU;QACrB,WAAW,EAAE,wDAAwD;QACrE,QAAQ,EAAE,YAAY;KACvB;IACD;QACE,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,0CAA0C;QACnD,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,uCAAuC;QACpD,QAAQ,EAAE,YAAY;KACvB;IACD;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,wCAAwC;QACjD,SAAS,EAAE,UAAU;QACrB,WAAW,EAAE,+BAA+B;QAC5C,QAAQ,EAAE,YAAY;KACvB;IACD;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,8DAA8D;QACvE,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,qCAAqC;QAClD,QAAQ,EAAE,YAAY;KACvB;IACD;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,aAAa;QACtB,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,yBAAyB;QACtC,QAAQ,EAAE,YAAY;KACvB;IACD;QACE,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,kHAAkH;QAC3H,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,4CAA4C;QACzD,QAAQ,EAAE,YAAY;KACvB;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,gBAAgB;QACzB,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,uCAAuC;QACpD,QAAQ,EAAE,YAAY;KACvB;IAED,uCAAuC;IACvC;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,wCAAwC;QACjD,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,mDAAmD;QAChE,QAAQ,EAAE,cAAc;KACzB;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,iCAAiC;QAC1C,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,mDAAmD;QAChE,QAAQ,EAAE,cAAc;KACzB;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,kDAAkD;QAC3D,SAAS,EAAE,UAAU;QACrB,WAAW,EAAE,6CAA6C;QAC1D,QAAQ,EAAE,cAAc;KACzB;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,0BAA0B;QACnC,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,uDAAuD;QACpE,QAAQ,EAAE,cAAc;KACzB;IAED,gDAAgD;IAChD;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,mGAAmG;QAC5G,SAAS,EAAE,UAAU;QACrB,WAAW,EAAE,yDAAyD;QACtE,QAAQ,EAAE,aAAa;KACxB;IACD;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,yDAAyD;QAClE,SAAS,EAAE,MAAM;QACjB,WAAW,EAAE,6CAA6C;QAC1D,QAAQ,EAAE,aAAa;KACxB;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,yDAAyD;QAClE,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,iDAAiD;QAC9D,QAAQ,EAAE,aAAa;KACxB;IAED,wCAAwC;IACxC;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,oDAAoD;QAC7D,SAAS,EAAE,UAAU;QACrB,WAAW,EAAE,gCAAgC;QAC7C,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,iDAAiD;QAC1D,SAAS,EAAE,UAAU;QACrB,WAAW,EAAE,8CAA8C;QAC3D,QAAQ,EAAE,WAAW;KACtB;CACF,CAAC"}
|
package/package.json
CHANGED