secure-scan 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +564 -0
- package/dist/ai/aiAnalyzer.d.ts +99 -0
- package/dist/ai/aiAnalyzer.d.ts.map +1 -0
- package/dist/ai/aiAnalyzer.js +669 -0
- package/dist/ai/aiAnalyzer.js.map +1 -0
- package/dist/ai/index.d.ts +5 -0
- package/dist/ai/index.d.ts.map +1 -0
- package/dist/ai/index.js +21 -0
- package/dist/ai/index.js.map +1 -0
- package/dist/analyzers/base/baseAnalyzer.d.ts +44 -0
- package/dist/analyzers/base/baseAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/base/baseAnalyzer.js +53 -0
- package/dist/analyzers/base/baseAnalyzer.js.map +1 -0
- package/dist/analyzers/base/index.d.ts +5 -0
- package/dist/analyzers/base/index.d.ts.map +1 -0
- package/dist/analyzers/base/index.js +21 -0
- package/dist/analyzers/base/index.js.map +1 -0
- package/dist/analyzers/c-cpp/cppAnalyzer.d.ts +60 -0
- package/dist/analyzers/c-cpp/cppAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/c-cpp/cppAnalyzer.js +218 -0
- package/dist/analyzers/c-cpp/cppAnalyzer.js.map +1 -0
- package/dist/analyzers/c-cpp/index.d.ts +5 -0
- package/dist/analyzers/c-cpp/index.d.ts.map +1 -0
- package/dist/analyzers/c-cpp/index.js +21 -0
- package/dist/analyzers/c-cpp/index.js.map +1 -0
- package/dist/analyzers/core/engine/index.d.ts +5 -0
- package/dist/analyzers/core/engine/index.d.ts.map +1 -0
- package/dist/analyzers/core/engine/index.js +21 -0
- package/dist/analyzers/core/engine/index.js.map +1 -0
- package/dist/analyzers/core/engine/ruleEngine.d.ts +46 -0
- package/dist/analyzers/core/engine/ruleEngine.d.ts.map +1 -0
- package/dist/analyzers/core/engine/ruleEngine.js +173 -0
- package/dist/analyzers/core/engine/ruleEngine.js.map +1 -0
- package/dist/analyzers/core/index.d.ts +8 -0
- package/dist/analyzers/core/index.d.ts.map +1 -0
- package/dist/analyzers/core/index.js +24 -0
- package/dist/analyzers/core/index.js.map +1 -0
- package/dist/analyzers/core/scanner/fileScanner.d.ts +31 -0
- package/dist/analyzers/core/scanner/fileScanner.d.ts.map +1 -0
- package/dist/analyzers/core/scanner/fileScanner.js +199 -0
- package/dist/analyzers/core/scanner/fileScanner.js.map +1 -0
- package/dist/analyzers/core/scanner/index.d.ts +5 -0
- package/dist/analyzers/core/scanner/index.d.ts.map +1 -0
- package/dist/analyzers/core/scanner/index.js +21 -0
- package/dist/analyzers/core/scanner/index.js.map +1 -0
- package/dist/analyzers/core/scoring/index.d.ts +5 -0
- package/dist/analyzers/core/scoring/index.d.ts.map +1 -0
- package/dist/analyzers/core/scoring/index.js +21 -0
- package/dist/analyzers/core/scoring/index.js.map +1 -0
- package/dist/analyzers/core/scoring/riskScoring.d.ts +49 -0
- package/dist/analyzers/core/scoring/riskScoring.d.ts.map +1 -0
- package/dist/analyzers/core/scoring/riskScoring.js +180 -0
- package/dist/analyzers/core/scoring/riskScoring.js.map +1 -0
- package/dist/analyzers/core/securityScanner.d.ts +47 -0
- package/dist/analyzers/core/securityScanner.d.ts.map +1 -0
- package/dist/analyzers/core/securityScanner.js +298 -0
- package/dist/analyzers/core/securityScanner.js.map +1 -0
- package/dist/analyzers/csharp/csharpAnalyzer.d.ts +64 -0
- package/dist/analyzers/csharp/csharpAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/csharp/csharpAnalyzer.js +232 -0
- package/dist/analyzers/csharp/csharpAnalyzer.js.map +1 -0
- package/dist/analyzers/csharp/index.d.ts +5 -0
- package/dist/analyzers/csharp/index.d.ts.map +1 -0
- package/dist/analyzers/csharp/index.js +21 -0
- package/dist/analyzers/csharp/index.js.map +1 -0
- package/dist/analyzers/iac/iacAnalyzer.d.ts +36 -0
- package/dist/analyzers/iac/iacAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/iac/iacAnalyzer.js +182 -0
- package/dist/analyzers/iac/iacAnalyzer.js.map +1 -0
- package/dist/analyzers/iac/index.d.ts +5 -0
- package/dist/analyzers/iac/index.d.ts.map +1 -0
- package/dist/analyzers/iac/index.js +21 -0
- package/dist/analyzers/iac/index.js.map +1 -0
- package/dist/analyzers/index.d.ts +30 -0
- package/dist/analyzers/index.d.ts.map +1 -0
- package/dist/analyzers/index.js +80 -0
- package/dist/analyzers/index.js.map +1 -0
- package/dist/analyzers/java/index.d.ts +5 -0
- package/dist/analyzers/java/index.d.ts.map +1 -0
- package/dist/analyzers/java/index.js +21 -0
- package/dist/analyzers/java/index.js.map +1 -0
- package/dist/analyzers/java/javaAnalyzer.d.ts +64 -0
- package/dist/analyzers/java/javaAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/java/javaAnalyzer.js +224 -0
- package/dist/analyzers/java/javaAnalyzer.js.map +1 -0
- package/dist/analyzers/javascript/astUtils.d.ts +170 -0
- package/dist/analyzers/javascript/astUtils.d.ts.map +1 -0
- package/dist/analyzers/javascript/astUtils.js +700 -0
- package/dist/analyzers/javascript/astUtils.js.map +1 -0
- package/dist/analyzers/javascript/index.d.ts +18 -0
- package/dist/analyzers/javascript/index.d.ts.map +1 -0
- package/dist/analyzers/javascript/index.js +50 -0
- package/dist/analyzers/javascript/index.js.map +1 -0
- package/dist/analyzers/javascript/javascriptAnalyzer.d.ts +111 -0
- package/dist/analyzers/javascript/javascriptAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/javascript/javascriptAnalyzer.js +860 -0
- package/dist/analyzers/javascript/javascriptAnalyzer.js.map +1 -0
- package/dist/analyzers/javascript/malwareDetector.d.ts +102 -0
- package/dist/analyzers/javascript/malwareDetector.d.ts.map +1 -0
- package/dist/analyzers/javascript/malwareDetector.js +616 -0
- package/dist/analyzers/javascript/malwareDetector.js.map +1 -0
- package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts +87 -0
- package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/javascript/packageJsonAnalyzer.js +553 -0
- package/dist/analyzers/javascript/packageJsonAnalyzer.js.map +1 -0
- package/dist/analyzers/javascript/taintAnalyzer.d.ts +120 -0
- package/dist/analyzers/javascript/taintAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/javascript/taintAnalyzer.js +526 -0
- package/dist/analyzers/javascript/taintAnalyzer.js.map +1 -0
- package/dist/analyzers/php/index.d.ts +5 -0
- package/dist/analyzers/php/index.d.ts.map +1 -0
- package/dist/analyzers/php/index.js +21 -0
- package/dist/analyzers/php/index.js.map +1 -0
- package/dist/analyzers/php/phpAnalyzer.d.ts +56 -0
- package/dist/analyzers/php/phpAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/php/phpAnalyzer.js +202 -0
- package/dist/analyzers/php/phpAnalyzer.js.map +1 -0
- package/dist/analyzers/python/index.d.ts +5 -0
- package/dist/analyzers/python/index.d.ts.map +1 -0
- package/dist/analyzers/python/index.js +21 -0
- package/dist/analyzers/python/index.js.map +1 -0
- package/dist/analyzers/python/pythonAnalyzer.d.ts +64 -0
- package/dist/analyzers/python/pythonAnalyzer.d.ts.map +1 -0
- package/dist/analyzers/python/pythonAnalyzer.js +226 -0
- package/dist/analyzers/python/pythonAnalyzer.js.map +1 -0
- package/dist/cli/index.d.ts +7 -0
- package/dist/cli/index.d.ts.map +1 -0
- package/dist/cli/index.js +281 -0
- package/dist/cli/index.js.map +1 -0
- package/dist/core/engine/index.d.ts +5 -0
- package/dist/core/engine/index.d.ts.map +1 -0
- package/dist/core/engine/index.js +21 -0
- package/dist/core/engine/index.js.map +1 -0
- package/dist/core/engine/ruleEngine.d.ts +46 -0
- package/dist/core/engine/ruleEngine.d.ts.map +1 -0
- package/dist/core/engine/ruleEngine.js +173 -0
- package/dist/core/engine/ruleEngine.js.map +1 -0
- package/dist/core/index.d.ts +8 -0
- package/dist/core/index.d.ts.map +1 -0
- package/dist/core/index.js +24 -0
- package/dist/core/index.js.map +1 -0
- package/dist/core/scanner/fileScanner.d.ts +31 -0
- package/dist/core/scanner/fileScanner.d.ts.map +1 -0
- package/dist/core/scanner/fileScanner.js +199 -0
- package/dist/core/scanner/fileScanner.js.map +1 -0
- package/dist/core/scanner/index.d.ts +5 -0
- package/dist/core/scanner/index.d.ts.map +1 -0
- package/dist/core/scanner/index.js +21 -0
- package/dist/core/scanner/index.js.map +1 -0
- package/dist/core/scoring/index.d.ts +5 -0
- package/dist/core/scoring/index.d.ts.map +1 -0
- package/dist/core/scoring/index.js +21 -0
- package/dist/core/scoring/index.js.map +1 -0
- package/dist/core/scoring/riskScoring.d.ts +49 -0
- package/dist/core/scoring/riskScoring.d.ts.map +1 -0
- package/dist/core/scoring/riskScoring.js +180 -0
- package/dist/core/scoring/riskScoring.js.map +1 -0
- package/dist/core/securityScanner.d.ts +47 -0
- package/dist/core/securityScanner.d.ts.map +1 -0
- package/dist/core/securityScanner.js +298 -0
- package/dist/core/securityScanner.js.map +1 -0
- package/dist/dependencies/aiDependencyAnalyzer.d.ts +96 -0
- package/dist/dependencies/aiDependencyAnalyzer.d.ts.map +1 -0
- package/dist/dependencies/aiDependencyAnalyzer.js +435 -0
- package/dist/dependencies/aiDependencyAnalyzer.js.map +1 -0
- package/dist/dependencies/database/cveDatabase.d.ts +32 -0
- package/dist/dependencies/database/cveDatabase.d.ts.map +1 -0
- package/dist/dependencies/database/cveDatabase.js +393 -0
- package/dist/dependencies/database/cveDatabase.js.map +1 -0
- package/dist/dependencies/database/index.d.ts +6 -0
- package/dist/dependencies/database/index.d.ts.map +1 -0
- package/dist/dependencies/database/index.js +22 -0
- package/dist/dependencies/database/index.js.map +1 -0
- package/dist/dependencies/database/maliciousPackages.d.ts +43 -0
- package/dist/dependencies/database/maliciousPackages.d.ts.map +1 -0
- package/dist/dependencies/database/maliciousPackages.js +279 -0
- package/dist/dependencies/database/maliciousPackages.js.map +1 -0
- package/dist/dependencies/dependencyAnalyzer.d.ts +74 -0
- package/dist/dependencies/dependencyAnalyzer.d.ts.map +1 -0
- package/dist/dependencies/dependencyAnalyzer.js +349 -0
- package/dist/dependencies/dependencyAnalyzer.js.map +1 -0
- package/dist/dependencies/detectors/index.d.ts +7 -0
- package/dist/dependencies/detectors/index.d.ts.map +1 -0
- package/dist/dependencies/detectors/index.js +28 -0
- package/dist/dependencies/detectors/index.js.map +1 -0
- package/dist/dependencies/detectors/securityStandards.d.ts +15 -0
- package/dist/dependencies/detectors/securityStandards.d.ts.map +1 -0
- package/dist/dependencies/detectors/securityStandards.js +178 -0
- package/dist/dependencies/detectors/securityStandards.js.map +1 -0
- package/dist/dependencies/detectors/vulnerabilityDetector.d.ts +53 -0
- package/dist/dependencies/detectors/vulnerabilityDetector.d.ts.map +1 -0
- package/dist/dependencies/detectors/vulnerabilityDetector.js +289 -0
- package/dist/dependencies/detectors/vulnerabilityDetector.js.map +1 -0
- package/dist/dependencies/index.d.ts +14 -0
- package/dist/dependencies/index.d.ts.map +1 -0
- package/dist/dependencies/index.js +43 -0
- package/dist/dependencies/index.js.map +1 -0
- package/dist/dependencies/installed/index.d.ts +8 -0
- package/dist/dependencies/installed/index.d.ts.map +1 -0
- package/dist/dependencies/installed/index.js +24 -0
- package/dist/dependencies/installed/index.js.map +1 -0
- package/dist/dependencies/installed/installedScanner.d.ts +91 -0
- package/dist/dependencies/installed/installedScanner.d.ts.map +1 -0
- package/dist/dependencies/installed/installedScanner.js +766 -0
- package/dist/dependencies/installed/installedScanner.js.map +1 -0
- package/dist/dependencies/installed/malwarePatterns.d.ts +32 -0
- package/dist/dependencies/installed/malwarePatterns.d.ts.map +1 -0
- package/dist/dependencies/installed/malwarePatterns.js +480 -0
- package/dist/dependencies/installed/malwarePatterns.js.map +1 -0
- package/dist/dependencies/installed/types.d.ts +274 -0
- package/dist/dependencies/installed/types.d.ts.map +1 -0
- package/dist/dependencies/installed/types.js +7 -0
- package/dist/dependencies/installed/types.js.map +1 -0
- package/dist/dependencies/parsers/base/baseParser.d.ts +44 -0
- package/dist/dependencies/parsers/base/baseParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/base/baseParser.js +80 -0
- package/dist/dependencies/parsers/base/baseParser.js.map +1 -0
- package/dist/dependencies/parsers/base/index.d.ts +6 -0
- package/dist/dependencies/parsers/base/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/base/index.js +27 -0
- package/dist/dependencies/parsers/base/index.js.map +1 -0
- package/dist/dependencies/parsers/cpp/cppParser.d.ts +36 -0
- package/dist/dependencies/parsers/cpp/cppParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/cpp/cppParser.js +196 -0
- package/dist/dependencies/parsers/cpp/cppParser.js.map +1 -0
- package/dist/dependencies/parsers/cpp/index.d.ts +6 -0
- package/dist/dependencies/parsers/cpp/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/cpp/index.js +27 -0
- package/dist/dependencies/parsers/cpp/index.js.map +1 -0
- package/dist/dependencies/parsers/csharp/csharpParser.d.ts +32 -0
- package/dist/dependencies/parsers/csharp/csharpParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/csharp/csharpParser.js +125 -0
- package/dist/dependencies/parsers/csharp/csharpParser.js.map +1 -0
- package/dist/dependencies/parsers/csharp/index.d.ts +6 -0
- package/dist/dependencies/parsers/csharp/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/csharp/index.js +27 -0
- package/dist/dependencies/parsers/csharp/index.js.map +1 -0
- package/dist/dependencies/parsers/index.d.ts +24 -0
- package/dist/dependencies/parsers/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/index.js +69 -0
- package/dist/dependencies/parsers/index.js.map +1 -0
- package/dist/dependencies/parsers/java/index.d.ts +6 -0
- package/dist/dependencies/parsers/java/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/java/index.js +27 -0
- package/dist/dependencies/parsers/java/index.js.map +1 -0
- package/dist/dependencies/parsers/java/javaParser.d.ts +32 -0
- package/dist/dependencies/parsers/java/javaParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/java/javaParser.js +168 -0
- package/dist/dependencies/parsers/java/javaParser.js.map +1 -0
- package/dist/dependencies/parsers/javascript/index.d.ts +6 -0
- package/dist/dependencies/parsers/javascript/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/javascript/index.js +27 -0
- package/dist/dependencies/parsers/javascript/index.js.map +1 -0
- package/dist/dependencies/parsers/javascript/javascriptParser.d.ts +55 -0
- package/dist/dependencies/parsers/javascript/javascriptParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/javascript/javascriptParser.js +266 -0
- package/dist/dependencies/parsers/javascript/javascriptParser.js.map +1 -0
- package/dist/dependencies/parsers/php/index.d.ts +6 -0
- package/dist/dependencies/parsers/php/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/php/index.js +27 -0
- package/dist/dependencies/parsers/php/index.js.map +1 -0
- package/dist/dependencies/parsers/php/phpParser.d.ts +35 -0
- package/dist/dependencies/parsers/php/phpParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/php/phpParser.js +162 -0
- package/dist/dependencies/parsers/php/phpParser.js.map +1 -0
- package/dist/dependencies/parsers/python/index.d.ts +6 -0
- package/dist/dependencies/parsers/python/index.d.ts.map +1 -0
- package/dist/dependencies/parsers/python/index.js +27 -0
- package/dist/dependencies/parsers/python/index.js.map +1 -0
- package/dist/dependencies/parsers/python/pythonParser.d.ts +60 -0
- package/dist/dependencies/parsers/python/pythonParser.d.ts.map +1 -0
- package/dist/dependencies/parsers/python/pythonParser.js +336 -0
- package/dist/dependencies/parsers/python/pythonParser.js.map +1 -0
- package/dist/dependencies/types.d.ts +280 -0
- package/dist/dependencies/types.d.ts.map +1 -0
- package/dist/dependencies/types.js +59 -0
- package/dist/dependencies/types.js.map +1 -0
- package/dist/i18n/index.d.ts +2 -0
- package/dist/i18n/index.d.ts.map +1 -0
- package/dist/i18n/index.js +18 -0
- package/dist/i18n/index.js.map +1 -0
- package/dist/i18n/translations.d.ts +55 -0
- package/dist/i18n/translations.d.ts.map +1 -0
- package/dist/i18n/translations.js +119 -0
- package/dist/i18n/translations.js.map +1 -0
- package/dist/index.d.ts +14 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +36 -0
- package/dist/index.js.map +1 -0
- package/dist/reports/dependencyReportGenerator.d.ts +20 -0
- package/dist/reports/dependencyReportGenerator.d.ts.map +1 -0
- package/dist/reports/dependencyReportGenerator.js +690 -0
- package/dist/reports/dependencyReportGenerator.js.map +1 -0
- package/dist/reports/htmlReportGenerator.d.ts +43 -0
- package/dist/reports/htmlReportGenerator.d.ts.map +1 -0
- package/dist/reports/htmlReportGenerator.js +793 -0
- package/dist/reports/htmlReportGenerator.js.map +1 -0
- package/dist/reports/index.d.ts +7 -0
- package/dist/reports/index.d.ts.map +1 -0
- package/dist/reports/index.js +23 -0
- package/dist/reports/index.js.map +1 -0
- package/dist/reports/installedDepsReportGenerator.d.ts +14 -0
- package/dist/reports/installedDepsReportGenerator.d.ts.map +1 -0
- package/dist/reports/installedDepsReportGenerator.js +872 -0
- package/dist/reports/installedDepsReportGenerator.js.map +1 -0
- package/dist/rules/index.d.ts +31 -0
- package/dist/rules/index.d.ts.map +1 -0
- package/dist/rules/index.js +95 -0
- package/dist/rules/index.js.map +1 -0
- package/dist/rules/malware/categories/backdoors.d.ts +12 -0
- package/dist/rules/malware/categories/backdoors.d.ts.map +1 -0
- package/dist/rules/malware/categories/backdoors.js +163 -0
- package/dist/rules/malware/categories/backdoors.js.map +1 -0
- package/dist/rules/malware/categories/cryptominers.d.ts +13 -0
- package/dist/rules/malware/categories/cryptominers.d.ts.map +1 -0
- package/dist/rules/malware/categories/cryptominers.js +415 -0
- package/dist/rules/malware/categories/cryptominers.js.map +1 -0
- package/dist/rules/malware/categories/exfiltration.d.ts +20 -0
- package/dist/rules/malware/categories/exfiltration.d.ts.map +1 -0
- package/dist/rules/malware/categories/exfiltration.js +658 -0
- package/dist/rules/malware/categories/exfiltration.js.map +1 -0
- package/dist/rules/malware/categories/keyloggers.d.ts +19 -0
- package/dist/rules/malware/categories/keyloggers.d.ts.map +1 -0
- package/dist/rules/malware/categories/keyloggers.js +763 -0
- package/dist/rules/malware/categories/keyloggers.js.map +1 -0
- package/dist/rules/malware/categories/loaders.d.ts +20 -0
- package/dist/rules/malware/categories/loaders.d.ts.map +1 -0
- package/dist/rules/malware/categories/loaders.js +702 -0
- package/dist/rules/malware/categories/loaders.js.map +1 -0
- package/dist/rules/malware/categories/network.d.ts +19 -0
- package/dist/rules/malware/categories/network.d.ts.map +1 -0
- package/dist/rules/malware/categories/network.js +622 -0
- package/dist/rules/malware/categories/network.js.map +1 -0
- package/dist/rules/malware/categories/obfuscation.d.ts +22 -0
- package/dist/rules/malware/categories/obfuscation.d.ts.map +1 -0
- package/dist/rules/malware/categories/obfuscation.js +766 -0
- package/dist/rules/malware/categories/obfuscation.js.map +1 -0
- package/dist/rules/malware/constants/index.d.ts +281 -0
- package/dist/rules/malware/constants/index.d.ts.map +1 -0
- package/dist/rules/malware/constants/index.js +327 -0
- package/dist/rules/malware/constants/index.js.map +1 -0
- package/dist/rules/malware/engine/index.d.ts +178 -0
- package/dist/rules/malware/engine/index.d.ts.map +1 -0
- package/dist/rules/malware/engine/index.js +552 -0
- package/dist/rules/malware/engine/index.js.map +1 -0
- package/dist/rules/malware/index.d.ts +205 -0
- package/dist/rules/malware/index.d.ts.map +1 -0
- package/dist/rules/malware/index.js +837 -0
- package/dist/rules/malware/index.js.map +1 -0
- package/dist/rules/malware/scoring/index.d.ts +84 -0
- package/dist/rules/malware/scoring/index.d.ts.map +1 -0
- package/dist/rules/malware/scoring/index.js +441 -0
- package/dist/rules/malware/scoring/index.js.map +1 -0
- package/dist/rules/malware/types/index.d.ts +616 -0
- package/dist/rules/malware/types/index.d.ts.map +1 -0
- package/dist/rules/malware/types/index.js +155 -0
- package/dist/rules/malware/types/index.js.map +1 -0
- package/dist/rules/malware/utils/index.d.ts +117 -0
- package/dist/rules/malware/utils/index.d.ts.map +1 -0
- package/dist/rules/malware/utils/index.js +514 -0
- package/dist/rules/malware/utils/index.js.map +1 -0
- package/dist/rules/standards.d.ts +26 -0
- package/dist/rules/standards.d.ts.map +1 -0
- package/dist/rules/standards.js +352 -0
- package/dist/rules/standards.js.map +1 -0
- package/dist/rules/vulnerabilities/constants/index.d.ts +835 -0
- package/dist/rules/vulnerabilities/constants/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/constants/index.js +544 -0
- package/dist/rules/vulnerabilities/constants/index.js.map +1 -0
- package/dist/rules/vulnerabilities/engine/index.d.ts +145 -0
- package/dist/rules/vulnerabilities/engine/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/engine/index.js +581 -0
- package/dist/rules/vulnerabilities/engine/index.js.map +1 -0
- package/dist/rules/vulnerabilities/index.d.ts +148 -0
- package/dist/rules/vulnerabilities/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/index.js +252 -0
- package/dist/rules/vulnerabilities/index.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/authentication.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/authentication.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/authentication.js +419 -0
- package/dist/rules/vulnerabilities/rules/authentication.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/commandInjection.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/commandInjection.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/commandInjection.js +300 -0
- package/dist/rules/vulnerabilities/rules/commandInjection.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/csrf.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/csrf.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/csrf.js +261 -0
- package/dist/rules/vulnerabilities/rules/csrf.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/deserialization.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/deserialization.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/deserialization.js +336 -0
- package/dist/rules/vulnerabilities/rules/deserialization.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/fileUpload.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/fileUpload.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/fileUpload.js +325 -0
- package/dist/rules/vulnerabilities/rules/fileUpload.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js +446 -0
- package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/index.d.ts +17 -0
- package/dist/rules/vulnerabilities/rules/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/index.js +47 -0
- package/dist/rules/vulnerabilities/rules/index.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/pathTraversal.js +351 -0
- package/dist/rules/vulnerabilities/rules/pathTraversal.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/prototypePollution.js +272 -0
- package/dist/rules/vulnerabilities/rules/prototypePollution.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js +438 -0
- package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts +12 -0
- package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/sqlInjection.js +636 -0
- package/dist/rules/vulnerabilities/rules/sqlInjection.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/ssrf.d.ts +8 -0
- package/dist/rules/vulnerabilities/rules/ssrf.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/ssrf.js +401 -0
- package/dist/rules/vulnerabilities/rules/ssrf.js.map +1 -0
- package/dist/rules/vulnerabilities/rules/xss.d.ts +11 -0
- package/dist/rules/vulnerabilities/rules/xss.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/rules/xss.js +724 -0
- package/dist/rules/vulnerabilities/rules/xss.js.map +1 -0
- package/dist/rules/vulnerabilities/scoring/index.d.ts +80 -0
- package/dist/rules/vulnerabilities/scoring/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/scoring/index.js +414 -0
- package/dist/rules/vulnerabilities/scoring/index.js.map +1 -0
- package/dist/rules/vulnerabilities/types/index.d.ts +830 -0
- package/dist/rules/vulnerabilities/types/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/types/index.js +164 -0
- package/dist/rules/vulnerabilities/types/index.js.map +1 -0
- package/dist/rules/vulnerabilities/utils/index.d.ts +206 -0
- package/dist/rules/vulnerabilities/utils/index.d.ts.map +1 -0
- package/dist/rules/vulnerabilities/utils/index.js +615 -0
- package/dist/rules/vulnerabilities/utils/index.js.map +1 -0
- package/dist/types/index.d.ts +359 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +61 -0
- package/dist/types/index.js.map +1 -0
- package/dist/utils/index.d.ts +82 -0
- package/dist/utils/index.d.ts.map +1 -0
- package/dist/utils/index.js +326 -0
- package/dist/utils/index.js.map +1 -0
- package/dist/utils/logger.d.ts +40 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/logger.js +139 -0
- package/dist/utils/logger.js.map +1 -0
- package/docs/ARCHITECTURE.md +320 -0
- package/docs/V1.2.1-IA_Performances.md +116 -0
- package/docs/images/WIN_Defender.png +0 -0
- package/package.json +68 -0
- package/secure-scan.config.json +134 -0
- package/secure-scan.sln +29 -0
- package/src/ai/aiAnalyzer.ts +714 -0
- package/src/ai/index.ts +5 -0
- package/src/analyzers/base/baseAnalyzer.ts +66 -0
- package/src/analyzers/base/index.ts +5 -0
- package/src/analyzers/c-cpp/cppAnalyzer.ts +308 -0
- package/src/analyzers/c-cpp/index.ts +5 -0
- package/src/analyzers/core/engine/index.ts +5 -0
- package/src/analyzers/core/engine/ruleEngine.ts +221 -0
- package/src/analyzers/core/index.ts +8 -0
- package/src/analyzers/core/scanner/fileScanner.ts +204 -0
- package/src/analyzers/core/scanner/index.ts +5 -0
- package/src/analyzers/core/scoring/index.ts +5 -0
- package/src/analyzers/core/scoring/riskScoring.ts +198 -0
- package/src/analyzers/core/securityScanner.ts +321 -0
- package/src/analyzers/csharp/csharpAnalyzer.ts +328 -0
- package/src/analyzers/csharp/index.ts +5 -0
- package/src/analyzers/iac/iacAnalyzer.ts +318 -0
- package/src/analyzers/iac/index.ts +5 -0
- package/src/analyzers/index.ts +67 -0
- package/src/analyzers/java/index.ts +5 -0
- package/src/analyzers/java/javaAnalyzer.ts +320 -0
- package/src/analyzers/javascript/PROMPT_JS_ANALYZER.md +267 -0
- package/src/analyzers/javascript/astUtils.ts +789 -0
- package/src/analyzers/javascript/index.ts +50 -0
- package/src/analyzers/javascript/javascriptAnalyzer.ts +984 -0
- package/src/analyzers/javascript/malwareDetector.ts +697 -0
- package/src/analyzers/javascript/packageJsonAnalyzer.ts +626 -0
- package/src/analyzers/javascript/taintAnalyzer.ts +630 -0
- package/src/analyzers/php/index.ts +5 -0
- package/src/analyzers/php/phpAnalyzer.ts +280 -0
- package/src/analyzers/python/index.ts +5 -0
- package/src/analyzers/python/pythonAnalyzer.ts +319 -0
- package/src/cli/index.ts +276 -0
- package/src/dependencies/aiDependencyAnalyzer.ts +496 -0
- package/src/dependencies/database/cveDatabase.ts +426 -0
- package/src/dependencies/database/index.ts +6 -0
- package/src/dependencies/database/maliciousPackages.ts +286 -0
- package/src/dependencies/dependencyAnalyzer.ts +394 -0
- package/src/dependencies/detectors/index.ts +7 -0
- package/src/dependencies/detectors/securityStandards.ts +200 -0
- package/src/dependencies/detectors/vulnerabilityDetector.ts +343 -0
- package/src/dependencies/index.ts +27 -0
- package/src/dependencies/installed/index.ts +8 -0
- package/src/dependencies/installed/installedScanner.ts +821 -0
- package/src/dependencies/installed/malwarePatterns.ts +492 -0
- package/src/dependencies/installed/types.ts +287 -0
- package/src/dependencies/parsers/base/baseParser.ts +108 -0
- package/src/dependencies/parsers/base/index.ts +6 -0
- package/src/dependencies/parsers/cpp/cppParser.ts +245 -0
- package/src/dependencies/parsers/cpp/index.ts +6 -0
- package/src/dependencies/parsers/csharp/csharpParser.ts +151 -0
- package/src/dependencies/parsers/csharp/index.ts +6 -0
- package/src/dependencies/parsers/index.ts +56 -0
- package/src/dependencies/parsers/java/index.ts +6 -0
- package/src/dependencies/parsers/java/javaParser.ts +203 -0
- package/src/dependencies/parsers/javascript/index.ts +6 -0
- package/src/dependencies/parsers/javascript/javascriptParser.ts +362 -0
- package/src/dependencies/parsers/php/index.ts +6 -0
- package/src/dependencies/parsers/php/phpParser.ts +208 -0
- package/src/dependencies/parsers/python/index.ts +6 -0
- package/src/dependencies/parsers/python/pythonParser.ts +437 -0
- package/src/dependencies/types.ts +330 -0
- package/src/i18n/index.ts +1 -0
- package/src/i18n/translations.ts +194 -0
- package/src/index.ts +16 -0
- package/src/reports/dependencyReportGenerator.ts +717 -0
- package/src/reports/htmlReportGenerator.ts +781 -0
- package/src/reports/index.ts +7 -0
- package/src/reports/installedDepsReportGenerator.ts +899 -0
- package/src/rules/index.ts +58 -0
- package/src/rules/malware/INFO.md +287 -0
- package/src/rules/malware/categories/backdoors.ts +174 -0
- package/src/rules/malware/categories/cryptominers.ts +434 -0
- package/src/rules/malware/categories/exfiltration.ts +677 -0
- package/src/rules/malware/categories/keyloggers.ts +780 -0
- package/src/rules/malware/categories/loaders.ts +721 -0
- package/src/rules/malware/categories/network.ts +639 -0
- package/src/rules/malware/categories/obfuscation.ts +788 -0
- package/src/rules/malware/constants/index.ts +358 -0
- package/src/rules/malware/engine/index.ts +758 -0
- package/src/rules/malware/index.ts +928 -0
- package/src/rules/malware/scoring/index.ts +549 -0
- package/src/rules/malware/types/index.ts +752 -0
- package/src/rules/malware/utils/index.ts +643 -0
- package/src/rules/standards.ts +372 -0
- package/src/rules/vulnerabilities/PROMPT_VULNERABILITIES.md +226 -0
- package/src/rules/vulnerabilities/constants/index.ts +625 -0
- package/src/rules/vulnerabilities/engine/index.ts +831 -0
- package/src/rules/vulnerabilities/index.ts +312 -0
- package/src/rules/vulnerabilities/rules/authentication.ts +426 -0
- package/src/rules/vulnerabilities/rules/commandInjection.ts +307 -0
- package/src/rules/vulnerabilities/rules/csrf.ts +268 -0
- package/src/rules/vulnerabilities/rules/deserialization.ts +343 -0
- package/src/rules/vulnerabilities/rules/fileUpload.ts +332 -0
- package/src/rules/vulnerabilities/rules/hardcodedSecrets.ts +453 -0
- package/src/rules/vulnerabilities/rules/index.ts +17 -0
- package/src/rules/vulnerabilities/rules/pathTraversal.ts +358 -0
- package/src/rules/vulnerabilities/rules/prototypePollution.ts +279 -0
- package/src/rules/vulnerabilities/rules/securityMisconfiguration.ts +445 -0
- package/src/rules/vulnerabilities/rules/sqlInjection.ts +669 -0
- package/src/rules/vulnerabilities/rules/ssrf.ts +408 -0
- package/src/rules/vulnerabilities/rules/xss.ts +753 -0
- package/src/rules/vulnerabilities/scoring/index.ts +543 -0
- package/src/rules/vulnerabilities/types/index.ts +1004 -0
- package/src/rules/vulnerabilities/utils/index.ts +709 -0
- package/src/types/index.ts +391 -0
- package/src/utils/index.ts +306 -0
- package/src/utils/logger.ts +150 -0
- package/test-installed-scanner.ts +136 -0
- package/tsconfig.json +30 -0
|
@@ -0,0 +1,709 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview Vulnerability Detection Module - Utility Functions
|
|
3
|
+
* @module rules/vulnerabilities/utils
|
|
4
|
+
*
|
|
5
|
+
* Utility functions for vulnerability detection including safe regex matching,
|
|
6
|
+
* snippet extraction, taint analysis helpers, and code normalization.
|
|
7
|
+
*/
|
|
8
|
+
|
|
9
|
+
import {
|
|
10
|
+
SupportedLanguage,
|
|
11
|
+
PatternMatch,
|
|
12
|
+
SourceLocation,
|
|
13
|
+
VulnerabilityPattern,
|
|
14
|
+
RegexPattern,
|
|
15
|
+
PatternType,
|
|
16
|
+
TaintSource,
|
|
17
|
+
TaintSink,
|
|
18
|
+
TaintSanitizer,
|
|
19
|
+
VulnerabilityType,
|
|
20
|
+
ConfidenceLevel
|
|
21
|
+
} from '../types';
|
|
22
|
+
import { LIMITS } from '../constants';
|
|
23
|
+
|
|
24
|
+
// ============================================================================
|
|
25
|
+
// SAFE REGEX MATCHING
|
|
26
|
+
// ============================================================================
|
|
27
|
+
|
|
28
|
+
/**
|
|
29
|
+
* Execute regex with timeout protection (ReDoS prevention)
|
|
30
|
+
*
|
|
31
|
+
* @param code - Source code to match against
|
|
32
|
+
* @param pattern - Regex pattern to match
|
|
33
|
+
* @returns Array of pattern matches
|
|
34
|
+
*/
|
|
35
|
+
export function safeRegexMatch(
|
|
36
|
+
code: string,
|
|
37
|
+
pattern: RegexPattern
|
|
38
|
+
): PatternMatch[] {
|
|
39
|
+
const matches: PatternMatch[] = [];
|
|
40
|
+
const timeout = pattern.timeout ?? LIMITS.REGEX_TIMEOUT;
|
|
41
|
+
const maxMatches = pattern.maxMatches ?? LIMITS.MAX_MATCHES_PER_PATTERN;
|
|
42
|
+
|
|
43
|
+
try {
|
|
44
|
+
const regex = new RegExp(pattern.pattern, pattern.flags ?? 'g');
|
|
45
|
+
const startTime = Date.now();
|
|
46
|
+
let match: RegExpExecArray | null;
|
|
47
|
+
|
|
48
|
+
while ((match = regex.exec(code)) !== null) {
|
|
49
|
+
// Check timeout
|
|
50
|
+
if (Date.now() - startTime > timeout) {
|
|
51
|
+
console.warn(`Regex timeout for pattern: ${pattern.patternId || pattern.pattern.substring(0, 50)}`);
|
|
52
|
+
break;
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
// Check max matches
|
|
56
|
+
if (matches.length >= maxMatches) {
|
|
57
|
+
break;
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
const line = getLineNumber(code, match.index);
|
|
61
|
+
const column = getColumnNumber(code, match.index);
|
|
62
|
+
|
|
63
|
+
matches.push({
|
|
64
|
+
pattern,
|
|
65
|
+
matchedText: match[0],
|
|
66
|
+
location: {
|
|
67
|
+
filePath: '',
|
|
68
|
+
startLine: line,
|
|
69
|
+
endLine: line,
|
|
70
|
+
startColumn: column,
|
|
71
|
+
endColumn: column + match[0].length
|
|
72
|
+
},
|
|
73
|
+
captures: match.slice(1)
|
|
74
|
+
});
|
|
75
|
+
|
|
76
|
+
// Prevent infinite loops for zero-length matches
|
|
77
|
+
if (match.index === regex.lastIndex) {
|
|
78
|
+
regex.lastIndex++;
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
} catch (error) {
|
|
82
|
+
console.error(`Regex error for pattern ${pattern.patternId}:`, error);
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
return matches;
|
|
86
|
+
}
|
|
87
|
+
|
|
88
|
+
/**
|
|
89
|
+
* Execute regex match with promise-based timeout
|
|
90
|
+
*
|
|
91
|
+
* @param code - Source code to match against
|
|
92
|
+
* @param pattern - Regex pattern to match
|
|
93
|
+
* @param timeout - Timeout in milliseconds
|
|
94
|
+
* @returns Promise of pattern matches
|
|
95
|
+
*/
|
|
96
|
+
export async function safeRegexMatchAsync(
|
|
97
|
+
code: string,
|
|
98
|
+
pattern: RegexPattern,
|
|
99
|
+
timeout: number = LIMITS.REGEX_TIMEOUT
|
|
100
|
+
): Promise<PatternMatch[]> {
|
|
101
|
+
return new Promise((resolve) => {
|
|
102
|
+
const timeoutId = setTimeout(() => {
|
|
103
|
+
resolve([]);
|
|
104
|
+
}, timeout);
|
|
105
|
+
|
|
106
|
+
try {
|
|
107
|
+
const results = safeRegexMatch(code, pattern);
|
|
108
|
+
clearTimeout(timeoutId);
|
|
109
|
+
resolve(results);
|
|
110
|
+
} catch {
|
|
111
|
+
clearTimeout(timeoutId);
|
|
112
|
+
resolve([]);
|
|
113
|
+
}
|
|
114
|
+
});
|
|
115
|
+
}
|
|
116
|
+
|
|
117
|
+
// ============================================================================
|
|
118
|
+
// LINE AND COLUMN UTILITIES
|
|
119
|
+
// ============================================================================
|
|
120
|
+
|
|
121
|
+
/**
|
|
122
|
+
* Get line number from character index (1-based)
|
|
123
|
+
*
|
|
124
|
+
* @param code - Source code
|
|
125
|
+
* @param index - Character index
|
|
126
|
+
* @returns Line number (1-based)
|
|
127
|
+
*/
|
|
128
|
+
export function getLineNumber(code: string, index: number): number {
|
|
129
|
+
return code.substring(0, index).split('\n').length;
|
|
130
|
+
}
|
|
131
|
+
|
|
132
|
+
/**
|
|
133
|
+
* Get column number from character index (0-based)
|
|
134
|
+
*
|
|
135
|
+
* @param code - Source code
|
|
136
|
+
* @param index - Character index
|
|
137
|
+
* @returns Column number (0-based)
|
|
138
|
+
*/
|
|
139
|
+
export function getColumnNumber(code: string, index: number): number {
|
|
140
|
+
const lastNewline = code.lastIndexOf('\n', index - 1);
|
|
141
|
+
return index - lastNewline - 1;
|
|
142
|
+
}
|
|
143
|
+
|
|
144
|
+
/**
|
|
145
|
+
* Get character index from line and column
|
|
146
|
+
*
|
|
147
|
+
* @param code - Source code
|
|
148
|
+
* @param line - Line number (1-based)
|
|
149
|
+
* @param column - Column number (0-based)
|
|
150
|
+
* @returns Character index
|
|
151
|
+
*/
|
|
152
|
+
export function getCharacterIndex(code: string, line: number, column: number): number {
|
|
153
|
+
const lines = code.split('\n');
|
|
154
|
+
let index = 0;
|
|
155
|
+
|
|
156
|
+
for (let i = 0; i < line - 1 && i < lines.length; i++) {
|
|
157
|
+
index += lines[i].length + 1; // +1 for newline
|
|
158
|
+
}
|
|
159
|
+
|
|
160
|
+
return index + column;
|
|
161
|
+
}
|
|
162
|
+
|
|
163
|
+
// ============================================================================
|
|
164
|
+
// SNIPPET EXTRACTION
|
|
165
|
+
// ============================================================================
|
|
166
|
+
|
|
167
|
+
/**
|
|
168
|
+
* Extract code snippet with context
|
|
169
|
+
*
|
|
170
|
+
* @param code - Full source code
|
|
171
|
+
* @param location - Source location
|
|
172
|
+
* @param contextLines - Number of context lines before/after
|
|
173
|
+
* @returns Code snippet with context
|
|
174
|
+
*/
|
|
175
|
+
export function extractSnippet(
|
|
176
|
+
code: string,
|
|
177
|
+
location: SourceLocation,
|
|
178
|
+
contextLines: number = 3
|
|
179
|
+
): { snippet: string; highlightStart: number; highlightEnd: number } {
|
|
180
|
+
const lines = code.split('\n');
|
|
181
|
+
|
|
182
|
+
const startLine = Math.max(1, location.startLine - contextLines);
|
|
183
|
+
const endLine = Math.min(lines.length, location.endLine + contextLines);
|
|
184
|
+
|
|
185
|
+
const snippetLines = lines.slice(startLine - 1, endLine);
|
|
186
|
+
const snippet = snippetLines.join('\n');
|
|
187
|
+
|
|
188
|
+
// Calculate highlight positions
|
|
189
|
+
let highlightStart = 0;
|
|
190
|
+
for (let i = startLine; i < location.startLine; i++) {
|
|
191
|
+
highlightStart += lines[i - 1].length + 1;
|
|
192
|
+
}
|
|
193
|
+
highlightStart += location.startColumn ?? 0;
|
|
194
|
+
|
|
195
|
+
let highlightEnd = highlightStart;
|
|
196
|
+
for (let i = location.startLine; i <= location.endLine; i++) {
|
|
197
|
+
if (i === location.endLine) {
|
|
198
|
+
highlightEnd += (location.endColumn ?? lines[i - 1].length) - (i === location.startLine ? (location.startColumn ?? 0) : 0);
|
|
199
|
+
} else {
|
|
200
|
+
highlightEnd += lines[i - 1].length + 1 - (i === location.startLine ? (location.startColumn ?? 0) : 0);
|
|
201
|
+
}
|
|
202
|
+
}
|
|
203
|
+
|
|
204
|
+
return { snippet, highlightStart, highlightEnd };
|
|
205
|
+
}
|
|
206
|
+
|
|
207
|
+
/**
|
|
208
|
+
* Extract the specific line of code
|
|
209
|
+
*
|
|
210
|
+
* @param code - Full source code
|
|
211
|
+
* @param lineNumber - Line number (1-based)
|
|
212
|
+
* @returns The line content
|
|
213
|
+
*/
|
|
214
|
+
export function extractLine(code: string, lineNumber: number): string {
|
|
215
|
+
const lines = code.split('\n');
|
|
216
|
+
if (lineNumber < 1 || lineNumber > lines.length) {
|
|
217
|
+
return '';
|
|
218
|
+
}
|
|
219
|
+
return lines[lineNumber - 1];
|
|
220
|
+
}
|
|
221
|
+
|
|
222
|
+
/**
|
|
223
|
+
* Format snippet for display with line numbers
|
|
224
|
+
*
|
|
225
|
+
* @param snippet - Code snippet
|
|
226
|
+
* @param startLine - Starting line number
|
|
227
|
+
* @returns Formatted snippet with line numbers
|
|
228
|
+
*/
|
|
229
|
+
export function formatSnippetWithLineNumbers(snippet: string, startLine: number): string {
|
|
230
|
+
const lines = snippet.split('\n');
|
|
231
|
+
const maxLineNumWidth = String(startLine + lines.length - 1).length;
|
|
232
|
+
|
|
233
|
+
return lines.map((line, i) => {
|
|
234
|
+
const lineNum = String(startLine + i).padStart(maxLineNumWidth, ' ');
|
|
235
|
+
return `${lineNum} | ${line}`;
|
|
236
|
+
}).join('\n');
|
|
237
|
+
}
|
|
238
|
+
|
|
239
|
+
// ============================================================================
|
|
240
|
+
// CODE NORMALIZATION
|
|
241
|
+
// ============================================================================
|
|
242
|
+
|
|
243
|
+
/**
|
|
244
|
+
* Normalize code for consistent analysis
|
|
245
|
+
*
|
|
246
|
+
* @param code - Source code
|
|
247
|
+
* @param language - Programming language
|
|
248
|
+
* @returns Normalized code
|
|
249
|
+
*/
|
|
250
|
+
export function normalizeCode(code: string, language: SupportedLanguage): string {
|
|
251
|
+
let normalized = code;
|
|
252
|
+
|
|
253
|
+
// Normalize line endings
|
|
254
|
+
normalized = normalized.replace(/\r\n/g, '\n').replace(/\r/g, '\n');
|
|
255
|
+
|
|
256
|
+
// Truncate very long lines
|
|
257
|
+
const lines = normalized.split('\n');
|
|
258
|
+
normalized = lines.map(line => {
|
|
259
|
+
if (line.length > LIMITS.MAX_LINE_LENGTH) {
|
|
260
|
+
return line.substring(0, LIMITS.MAX_LINE_LENGTH) + '/* ... truncated */';
|
|
261
|
+
}
|
|
262
|
+
return line;
|
|
263
|
+
}).join('\n');
|
|
264
|
+
|
|
265
|
+
return normalized;
|
|
266
|
+
}
|
|
267
|
+
|
|
268
|
+
/**
|
|
269
|
+
* Remove comments from code (approximate)
|
|
270
|
+
*
|
|
271
|
+
* @param code - Source code
|
|
272
|
+
* @param language - Programming language
|
|
273
|
+
* @returns Code without comments
|
|
274
|
+
*/
|
|
275
|
+
export function removeComments(code: string, language: SupportedLanguage): string {
|
|
276
|
+
let result = code;
|
|
277
|
+
|
|
278
|
+
switch (language) {
|
|
279
|
+
case SupportedLanguage.JAVASCRIPT:
|
|
280
|
+
case SupportedLanguage.TYPESCRIPT:
|
|
281
|
+
case SupportedLanguage.JAVA:
|
|
282
|
+
case SupportedLanguage.CSHARP:
|
|
283
|
+
case SupportedLanguage.CPP:
|
|
284
|
+
case SupportedLanguage.C:
|
|
285
|
+
// Remove single-line comments
|
|
286
|
+
result = result.replace(/\/\/[^\n]*/g, '');
|
|
287
|
+
// Remove multi-line comments (non-greedy)
|
|
288
|
+
result = result.replace(/\/\*[\s\S]*?\*\//g, '');
|
|
289
|
+
break;
|
|
290
|
+
|
|
291
|
+
case SupportedLanguage.PYTHON:
|
|
292
|
+
case SupportedLanguage.RUBY:
|
|
293
|
+
case SupportedLanguage.SHELL:
|
|
294
|
+
case SupportedLanguage.YAML:
|
|
295
|
+
// Remove hash comments
|
|
296
|
+
result = result.replace(/#[^\n]*/g, '');
|
|
297
|
+
// Remove docstrings (Python)
|
|
298
|
+
result = result.replace(/'''[\s\S]*?'''/g, '');
|
|
299
|
+
result = result.replace(/"""[\s\S]*?"""/g, '');
|
|
300
|
+
break;
|
|
301
|
+
|
|
302
|
+
case SupportedLanguage.PHP:
|
|
303
|
+
// Remove single-line comments (// and #)
|
|
304
|
+
result = result.replace(/(?:\/\/|#)[^\n]*/g, '');
|
|
305
|
+
// Remove multi-line comments
|
|
306
|
+
result = result.replace(/\/\*[\s\S]*?\*\//g, '');
|
|
307
|
+
break;
|
|
308
|
+
}
|
|
309
|
+
|
|
310
|
+
return result;
|
|
311
|
+
}
|
|
312
|
+
|
|
313
|
+
// ============================================================================
|
|
314
|
+
// STRING ANALYSIS
|
|
315
|
+
// ============================================================================
|
|
316
|
+
|
|
317
|
+
/**
|
|
318
|
+
* Check if a string appears to be a SQL query
|
|
319
|
+
*
|
|
320
|
+
* @param text - Text to check
|
|
321
|
+
* @returns True if text looks like SQL
|
|
322
|
+
*/
|
|
323
|
+
export function looksLikeSql(text: string): boolean {
|
|
324
|
+
const sqlKeywords = /\b(SELECT|INSERT|UPDATE|DELETE|DROP|CREATE|ALTER|TRUNCATE|EXEC|EXECUTE|UNION|WHERE|FROM|INTO|VALUES|SET)\b/i;
|
|
325
|
+
return sqlKeywords.test(text);
|
|
326
|
+
}
|
|
327
|
+
|
|
328
|
+
/**
|
|
329
|
+
* Check if a string appears to be a shell command
|
|
330
|
+
*
|
|
331
|
+
* @param text - Text to check
|
|
332
|
+
* @returns True if text looks like a shell command
|
|
333
|
+
*/
|
|
334
|
+
export function looksLikeCommand(text: string): boolean {
|
|
335
|
+
const commandPatterns = /\b(bash|sh|cmd|powershell|ls|dir|cat|rm|del|wget|curl|nc|netcat|chmod|chown|sudo|su)\b|\||\&\&|\|\|/i;
|
|
336
|
+
return commandPatterns.test(text);
|
|
337
|
+
}
|
|
338
|
+
|
|
339
|
+
/**
|
|
340
|
+
* Check if a string appears to be HTML
|
|
341
|
+
*
|
|
342
|
+
* @param text - Text to check
|
|
343
|
+
* @returns True if text looks like HTML
|
|
344
|
+
*/
|
|
345
|
+
export function looksLikeHtml(text: string): boolean {
|
|
346
|
+
const htmlPatterns = /<\s*(?:script|img|iframe|a|div|span|input|form|button|svg|object|embed|link|style)[^>]*>/i;
|
|
347
|
+
return htmlPatterns.test(text);
|
|
348
|
+
}
|
|
349
|
+
|
|
350
|
+
/**
|
|
351
|
+
* Check if text contains user-controlled input indicators
|
|
352
|
+
*
|
|
353
|
+
* @param text - Text to check
|
|
354
|
+
* @param language - Programming language
|
|
355
|
+
* @returns True if text contains user input patterns
|
|
356
|
+
*/
|
|
357
|
+
export function containsUserInput(text: string, language: SupportedLanguage): boolean {
|
|
358
|
+
const patterns: Record<string, RegExp[]> = {
|
|
359
|
+
javascript: [
|
|
360
|
+
/req\.(body|query|params|headers|cookies)/,
|
|
361
|
+
/\$\.(get|post|ajax)/,
|
|
362
|
+
/location\.(search|hash|href)/,
|
|
363
|
+
/document\.(cookie|referrer)/
|
|
364
|
+
],
|
|
365
|
+
typescript: [
|
|
366
|
+
/req\.(body|query|params|headers|cookies)/,
|
|
367
|
+
/location\.(search|hash|href)/
|
|
368
|
+
],
|
|
369
|
+
python: [
|
|
370
|
+
/request\.(args|form|data|json|headers|cookies)/,
|
|
371
|
+
/\binput\s*\(/,
|
|
372
|
+
/sys\.argv/
|
|
373
|
+
],
|
|
374
|
+
php: [
|
|
375
|
+
/\$_(GET|POST|REQUEST|COOKIE|SERVER|FILES)\s*\[/
|
|
376
|
+
],
|
|
377
|
+
java: [
|
|
378
|
+
/getParameter|getHeader|getCookies|getInputStream|@RequestBody|@PathVariable/
|
|
379
|
+
],
|
|
380
|
+
csharp: [
|
|
381
|
+
/Request\.(Form|QueryString|Headers|Cookies)|FromBody|FromQuery|FromRoute/
|
|
382
|
+
]
|
|
383
|
+
};
|
|
384
|
+
|
|
385
|
+
const langPatterns = patterns[language] || [];
|
|
386
|
+
return langPatterns.some(p => p.test(text));
|
|
387
|
+
}
|
|
388
|
+
|
|
389
|
+
// ============================================================================
|
|
390
|
+
// TAINT ANALYSIS HELPERS
|
|
391
|
+
// ============================================================================
|
|
392
|
+
|
|
393
|
+
/**
|
|
394
|
+
* Find taint sources in code
|
|
395
|
+
*
|
|
396
|
+
* @param code - Source code
|
|
397
|
+
* @param sources - Taint source definitions
|
|
398
|
+
* @param language - Programming language
|
|
399
|
+
* @returns Array of found sources with locations
|
|
400
|
+
*/
|
|
401
|
+
export function findTaintSources(
|
|
402
|
+
code: string,
|
|
403
|
+
sources: TaintSource[],
|
|
404
|
+
language: SupportedLanguage
|
|
405
|
+
): Array<{ source: TaintSource; location: SourceLocation; matchedText: string }> {
|
|
406
|
+
const results: Array<{ source: TaintSource; location: SourceLocation; matchedText: string }> = [];
|
|
407
|
+
|
|
408
|
+
for (const source of sources) {
|
|
409
|
+
// Check language compatibility
|
|
410
|
+
if (source.languages && !source.languages.includes(language)) {
|
|
411
|
+
continue;
|
|
412
|
+
}
|
|
413
|
+
|
|
414
|
+
const pattern = typeof source.pattern === 'string'
|
|
415
|
+
? new RegExp(source.pattern, 'g')
|
|
416
|
+
: source.pattern;
|
|
417
|
+
|
|
418
|
+
let match: RegExpExecArray | null;
|
|
419
|
+
const regex = new RegExp(pattern.source, pattern.flags.includes('g') ? pattern.flags : pattern.flags + 'g');
|
|
420
|
+
|
|
421
|
+
while ((match = regex.exec(code)) !== null) {
|
|
422
|
+
const line = getLineNumber(code, match.index);
|
|
423
|
+
const column = getColumnNumber(code, match.index);
|
|
424
|
+
|
|
425
|
+
results.push({
|
|
426
|
+
source,
|
|
427
|
+
location: {
|
|
428
|
+
filePath: '',
|
|
429
|
+
startLine: line,
|
|
430
|
+
endLine: line,
|
|
431
|
+
startColumn: column,
|
|
432
|
+
endColumn: column + match[0].length
|
|
433
|
+
},
|
|
434
|
+
matchedText: match[0]
|
|
435
|
+
});
|
|
436
|
+
|
|
437
|
+
if (results.length >= LIMITS.MAX_MATCHES_PER_PATTERN) {
|
|
438
|
+
break;
|
|
439
|
+
}
|
|
440
|
+
}
|
|
441
|
+
}
|
|
442
|
+
|
|
443
|
+
return results;
|
|
444
|
+
}
|
|
445
|
+
|
|
446
|
+
/**
|
|
447
|
+
* Find taint sinks in code
|
|
448
|
+
*
|
|
449
|
+
* @param code - Source code
|
|
450
|
+
* @param sinks - Taint sink definitions
|
|
451
|
+
* @param language - Programming language
|
|
452
|
+
* @returns Array of found sinks with locations
|
|
453
|
+
*/
|
|
454
|
+
export function findTaintSinks(
|
|
455
|
+
code: string,
|
|
456
|
+
sinks: TaintSink[],
|
|
457
|
+
language: SupportedLanguage
|
|
458
|
+
): Array<{ sink: TaintSink; location: SourceLocation; matchedText: string }> {
|
|
459
|
+
const results: Array<{ sink: TaintSink; location: SourceLocation; matchedText: string }> = [];
|
|
460
|
+
|
|
461
|
+
for (const sink of sinks) {
|
|
462
|
+
// Check language compatibility
|
|
463
|
+
if (sink.languages && !sink.languages.includes(language)) {
|
|
464
|
+
continue;
|
|
465
|
+
}
|
|
466
|
+
|
|
467
|
+
const pattern = typeof sink.pattern === 'string'
|
|
468
|
+
? new RegExp(sink.pattern, 'g')
|
|
469
|
+
: sink.pattern;
|
|
470
|
+
|
|
471
|
+
let match: RegExpExecArray | null;
|
|
472
|
+
const regex = new RegExp(pattern.source, pattern.flags.includes('g') ? pattern.flags : pattern.flags + 'g');
|
|
473
|
+
|
|
474
|
+
while ((match = regex.exec(code)) !== null) {
|
|
475
|
+
const line = getLineNumber(code, match.index);
|
|
476
|
+
const column = getColumnNumber(code, match.index);
|
|
477
|
+
|
|
478
|
+
results.push({
|
|
479
|
+
sink,
|
|
480
|
+
location: {
|
|
481
|
+
filePath: '',
|
|
482
|
+
startLine: line,
|
|
483
|
+
endLine: line,
|
|
484
|
+
startColumn: column,
|
|
485
|
+
endColumn: column + match[0].length
|
|
486
|
+
},
|
|
487
|
+
matchedText: match[0]
|
|
488
|
+
});
|
|
489
|
+
|
|
490
|
+
if (results.length >= LIMITS.MAX_MATCHES_PER_PATTERN) {
|
|
491
|
+
break;
|
|
492
|
+
}
|
|
493
|
+
}
|
|
494
|
+
}
|
|
495
|
+
|
|
496
|
+
return results;
|
|
497
|
+
}
|
|
498
|
+
|
|
499
|
+
/**
|
|
500
|
+
* Check if sanitization is present between source and sink
|
|
501
|
+
*
|
|
502
|
+
* @param code - Source code
|
|
503
|
+
* @param sourceLocation - Source location
|
|
504
|
+
* @param sinkLocation - Sink location
|
|
505
|
+
* @param sanitizers - Sanitizer definitions
|
|
506
|
+
* @returns Found sanitizers between source and sink
|
|
507
|
+
*/
|
|
508
|
+
export function findSanitizers(
|
|
509
|
+
code: string,
|
|
510
|
+
sourceLocation: SourceLocation,
|
|
511
|
+
sinkLocation: SourceLocation,
|
|
512
|
+
sanitizers: TaintSanitizer[]
|
|
513
|
+
): TaintSanitizer[] {
|
|
514
|
+
const found: TaintSanitizer[] = [];
|
|
515
|
+
|
|
516
|
+
// Get code between source and sink
|
|
517
|
+
const sourceIndex = getCharacterIndex(code, sourceLocation.startLine, sourceLocation.startColumn ?? 0);
|
|
518
|
+
const sinkIndex = getCharacterIndex(code, sinkLocation.startLine, sinkLocation.startColumn ?? 0);
|
|
519
|
+
|
|
520
|
+
// Handle both directions
|
|
521
|
+
const start = Math.min(sourceIndex, sinkIndex);
|
|
522
|
+
const end = Math.max(sourceIndex, sinkIndex);
|
|
523
|
+
const codeBetween = code.substring(start, end);
|
|
524
|
+
|
|
525
|
+
for (const sanitizer of sanitizers) {
|
|
526
|
+
const pattern = typeof sanitizer.pattern === 'string'
|
|
527
|
+
? new RegExp(sanitizer.pattern, 'gi')
|
|
528
|
+
: sanitizer.pattern;
|
|
529
|
+
|
|
530
|
+
if (pattern.test(codeBetween)) {
|
|
531
|
+
found.push(sanitizer);
|
|
532
|
+
}
|
|
533
|
+
}
|
|
534
|
+
|
|
535
|
+
return found;
|
|
536
|
+
}
|
|
537
|
+
|
|
538
|
+
// ============================================================================
|
|
539
|
+
// CONTEXT DETECTION
|
|
540
|
+
// ============================================================================
|
|
541
|
+
|
|
542
|
+
/**
|
|
543
|
+
* Check if code location is inside a test file
|
|
544
|
+
*
|
|
545
|
+
* @param filePath - File path
|
|
546
|
+
* @returns True if file is a test file
|
|
547
|
+
*/
|
|
548
|
+
export function isTestFile(filePath: string): boolean {
|
|
549
|
+
const testPatterns = [
|
|
550
|
+
/\.test\.[jt]sx?$/,
|
|
551
|
+
/\.spec\.[jt]sx?$/,
|
|
552
|
+
/_test\.[jt]sx?$/,
|
|
553
|
+
/_spec\.[jt]sx?$/,
|
|
554
|
+
/test_.*\.(py|js|ts)$/,
|
|
555
|
+
/.*_test\.(py|js|ts)$/,
|
|
556
|
+
/tests?\//i,
|
|
557
|
+
/__tests__\//,
|
|
558
|
+
/spec\//i
|
|
559
|
+
];
|
|
560
|
+
|
|
561
|
+
return testPatterns.some(p => p.test(filePath));
|
|
562
|
+
}
|
|
563
|
+
|
|
564
|
+
/**
|
|
565
|
+
* Check if code location is inside vendor/node_modules
|
|
566
|
+
*
|
|
567
|
+
* @param filePath - File path
|
|
568
|
+
* @returns True if file is vendor code
|
|
569
|
+
*/
|
|
570
|
+
export function isVendorCode(filePath: string): boolean {
|
|
571
|
+
const vendorPatterns = [
|
|
572
|
+
/node_modules\//,
|
|
573
|
+
/vendor\//,
|
|
574
|
+
/bower_components\//,
|
|
575
|
+
/third_party\//,
|
|
576
|
+
/external\//,
|
|
577
|
+
/\.min\.js$/,
|
|
578
|
+
/\.bundle\.js$/
|
|
579
|
+
];
|
|
580
|
+
|
|
581
|
+
return vendorPatterns.some(p => p.test(filePath));
|
|
582
|
+
}
|
|
583
|
+
|
|
584
|
+
/**
|
|
585
|
+
* Detect the programming language from file extension
|
|
586
|
+
*
|
|
587
|
+
* @param filePath - File path
|
|
588
|
+
* @returns Detected language or null
|
|
589
|
+
*/
|
|
590
|
+
export function detectLanguage(filePath: string): SupportedLanguage | null {
|
|
591
|
+
const extension = filePath.split('.').pop()?.toLowerCase();
|
|
592
|
+
|
|
593
|
+
const extensionMap: Record<string, SupportedLanguage> = {
|
|
594
|
+
'js': SupportedLanguage.JAVASCRIPT,
|
|
595
|
+
'jsx': SupportedLanguage.JAVASCRIPT,
|
|
596
|
+
'mjs': SupportedLanguage.JAVASCRIPT,
|
|
597
|
+
'cjs': SupportedLanguage.JAVASCRIPT,
|
|
598
|
+
'ts': SupportedLanguage.TYPESCRIPT,
|
|
599
|
+
'tsx': SupportedLanguage.TYPESCRIPT,
|
|
600
|
+
'py': SupportedLanguage.PYTHON,
|
|
601
|
+
'php': SupportedLanguage.PHP,
|
|
602
|
+
'java': SupportedLanguage.JAVA,
|
|
603
|
+
'c': SupportedLanguage.C,
|
|
604
|
+
'h': SupportedLanguage.C,
|
|
605
|
+
'cpp': SupportedLanguage.CPP,
|
|
606
|
+
'cc': SupportedLanguage.CPP,
|
|
607
|
+
'cxx': SupportedLanguage.CPP,
|
|
608
|
+
'hpp': SupportedLanguage.CPP,
|
|
609
|
+
'cs': SupportedLanguage.CSHARP,
|
|
610
|
+
'rb': SupportedLanguage.RUBY,
|
|
611
|
+
'go': SupportedLanguage.GO,
|
|
612
|
+
'rs': SupportedLanguage.RUST,
|
|
613
|
+
'sh': SupportedLanguage.SHELL,
|
|
614
|
+
'bash': SupportedLanguage.SHELL,
|
|
615
|
+
'ps1': SupportedLanguage.POWERSHELL,
|
|
616
|
+
'dockerfile': SupportedLanguage.DOCKERFILE,
|
|
617
|
+
'yaml': SupportedLanguage.YAML,
|
|
618
|
+
'yml': SupportedLanguage.YAML,
|
|
619
|
+
'tf': SupportedLanguage.TERRAFORM
|
|
620
|
+
};
|
|
621
|
+
|
|
622
|
+
return extensionMap[extension ?? ''] ?? null;
|
|
623
|
+
}
|
|
624
|
+
|
|
625
|
+
// ============================================================================
|
|
626
|
+
// CONFIDENCE CALCULATION
|
|
627
|
+
// ============================================================================
|
|
628
|
+
|
|
629
|
+
/**
|
|
630
|
+
* Calculate confidence based on multiple factors
|
|
631
|
+
*
|
|
632
|
+
* @param factors - Array of confidence factors (0-1)
|
|
633
|
+
* @returns Combined confidence level
|
|
634
|
+
*/
|
|
635
|
+
export function calculateConfidence(factors: number[]): ConfidenceLevel {
|
|
636
|
+
if (factors.length === 0) return ConfidenceLevel.TENTATIVE;
|
|
637
|
+
|
|
638
|
+
const average = factors.reduce((sum, f) => sum + f, 0) / factors.length;
|
|
639
|
+
|
|
640
|
+
if (average >= 0.95) return ConfidenceLevel.CONFIRMED;
|
|
641
|
+
if (average >= 0.80) return ConfidenceLevel.HIGH;
|
|
642
|
+
if (average >= 0.60) return ConfidenceLevel.MEDIUM;
|
|
643
|
+
if (average >= 0.40) return ConfidenceLevel.LOW;
|
|
644
|
+
return ConfidenceLevel.TENTATIVE;
|
|
645
|
+
}
|
|
646
|
+
|
|
647
|
+
/**
|
|
648
|
+
* Boost confidence when taint flow is confirmed
|
|
649
|
+
*
|
|
650
|
+
* @param baseConfidence - Base confidence level
|
|
651
|
+
* @param hasTaintFlow - Whether taint flow was detected
|
|
652
|
+
* @returns Adjusted confidence level
|
|
653
|
+
*/
|
|
654
|
+
export function adjustConfidenceForTaintFlow(
|
|
655
|
+
baseConfidence: ConfidenceLevel,
|
|
656
|
+
hasTaintFlow: boolean
|
|
657
|
+
): ConfidenceLevel {
|
|
658
|
+
if (!hasTaintFlow) return baseConfidence;
|
|
659
|
+
|
|
660
|
+
const levels: ConfidenceLevel[] = [
|
|
661
|
+
ConfidenceLevel.TENTATIVE,
|
|
662
|
+
ConfidenceLevel.LOW,
|
|
663
|
+
ConfidenceLevel.MEDIUM,
|
|
664
|
+
ConfidenceLevel.HIGH,
|
|
665
|
+
ConfidenceLevel.CONFIRMED
|
|
666
|
+
];
|
|
667
|
+
|
|
668
|
+
const currentIndex = levels.indexOf(baseConfidence);
|
|
669
|
+
const newIndex = Math.min(currentIndex + 1, levels.length - 1);
|
|
670
|
+
|
|
671
|
+
return levels[newIndex];
|
|
672
|
+
}
|
|
673
|
+
|
|
674
|
+
// ============================================================================
|
|
675
|
+
// UNIQUE ID GENERATION
|
|
676
|
+
// ============================================================================
|
|
677
|
+
|
|
678
|
+
/**
|
|
679
|
+
* Generate unique finding ID
|
|
680
|
+
*
|
|
681
|
+
* @param ruleId - Rule ID
|
|
682
|
+
* @param filePath - File path
|
|
683
|
+
* @param line - Line number
|
|
684
|
+
* @returns Unique finding ID
|
|
685
|
+
*/
|
|
686
|
+
export function generateFindingId(
|
|
687
|
+
ruleId: string,
|
|
688
|
+
filePath: string,
|
|
689
|
+
line: number
|
|
690
|
+
): string {
|
|
691
|
+
const hash = simpleHash(`${ruleId}:${filePath}:${line}`);
|
|
692
|
+
return `${ruleId}-${hash}`;
|
|
693
|
+
}
|
|
694
|
+
|
|
695
|
+
/**
|
|
696
|
+
* Simple string hash function
|
|
697
|
+
*
|
|
698
|
+
* @param str - String to hash
|
|
699
|
+
* @returns Hash string
|
|
700
|
+
*/
|
|
701
|
+
function simpleHash(str: string): string {
|
|
702
|
+
let hash = 0;
|
|
703
|
+
for (let i = 0; i < str.length; i++) {
|
|
704
|
+
const char = str.charCodeAt(i);
|
|
705
|
+
hash = ((hash << 5) - hash) + char;
|
|
706
|
+
hash = hash & hash; // Convert to 32-bit integer
|
|
707
|
+
}
|
|
708
|
+
return Math.abs(hash).toString(16).substring(0, 8);
|
|
709
|
+
}
|