secure-scan 1.2.2

package/dist/core/scanner/fileScanner.js

@@ -0,0 +1,199 @@
+"use strict";
+/**
+ * File Scanner Module
+ * Scans directories and collects files for analysis
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FileScanner = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const glob_1 = require("glob");
+const utils_1 = require("../../utils");
+const logger_1 = require("../../utils/logger");
+/**
+ * Default file extensions to scan
+ */
+const DEFAULT_EXTENSIONS = [
+    '.js', '.jsx', '.mjs', '.cjs',
+    '.ts', '.tsx',
+    '.py', '.pyw',
+    '.php', '.phtml',
+    '.java',
+    '.c', '.h', '.cpp', '.cc', '.cxx', '.hpp',
+    '.cs',
+    '.yaml', '.yml',
+    '.tf', '.tfvars'
+];
+/**
+ * Default max file size (5MB)
+ */
+const DEFAULT_MAX_FILE_SIZE = 5 * 1024 * 1024;
+/**
+ * File Scanner Class
+ */
+class FileScanner {
+    config;
+    extensions;
+    constructor(config) {
+        this.config = config;
+        this.extensions = DEFAULT_EXTENSIONS;
+    }
+    /**
+     * Scan project directory for files
+     */
+    async scan() {
+        const projectPath = path.resolve(this.config.projectPath);
+        if (!fs.existsSync(projectPath)) {
+            throw new Error(`Project path does not exist: ${projectPath}`);
+        }
+        const stats = fs.statSync(projectPath);
+        if (!stats.isDirectory()) {
+            throw new Error(`Project path is not a directory: ${projectPath}`);
+        }
+        logger_1.logger.info(`🔍 Starting file scan in: ${projectPath}`);
+        // Build glob pattern
+        const patterns = this.extensions.map(ext => `**/*${ext}`);
+        patterns.push('**/Dockerfile');
+        patterns.push('**/.github/**/*.yml');
+        patterns.push('**/.github/**/*.yaml');
+        patterns.push('**/.gitlab-ci.yml');
+        const files = [];
+        for (const pattern of patterns) {
+            const matches = await (0, glob_1.glob)(pattern, {
+                cwd: projectPath,
+                nodir: true,
+                absolute: false,
+                ignore: this.getIgnorePatterns()
+            });
+            for (const match of matches) {
+                const absolutePath = path.join(projectPath, match);
+                // Skip if already processed
+                if (files.some(f => f.absolutePath === absolutePath)) {
+                    continue;
+                }
+                // Skip excluded paths
+                if ((0, utils_1.shouldExclude)(match, this.config.exclude || [])) {
+                    logger_1.logger.debug(`Skipping excluded file: ${match}`);
+                    continue;
+                }
+                try {
+                    const scannedFile = await this.processFile(absolutePath, match, projectPath);
+                    if (scannedFile) {
+                        files.push(scannedFile);
+                    }
+                }
+                catch (error) {
+                    logger_1.logger.warn(`Failed to process file: ${match} - ${error}`);
+                }
+            }
+        }
+        // Filter by language if specified
+        let filteredFiles = files;
+        if (this.config.languages && this.config.languages.length > 0) {
+            filteredFiles = files.filter(f => f.language && this.config.languages.includes(f.language));
+        }
+        logger_1.logger.info(`📂 Found ${filteredFiles.length} files to analyze`);
+        return filteredFiles;
+    }
+    /**
+     * Process a single file
+     */
+    async processFile(absolutePath, relativePath, projectPath) {
+        const stats = fs.statSync(absolutePath);
+        const maxSize = this.config.maxFileSize || DEFAULT_MAX_FILE_SIZE;
+        // Skip files that are too large
+        if (stats.size > maxSize) {
+            logger_1.logger.debug(`Skipping large file: ${relativePath} (${stats.size} bytes)`);
+            return null;
+        }
+        // Read file content
+        const content = fs.readFileSync(absolutePath, 'utf-8');
+        // Detect language
+        const language = (0, utils_1.getLanguageFromExtension)(absolutePath);
+        return {
+            absolutePath,
+            relativePath,
+            extension: path.extname(absolutePath).toLowerCase(),
+            language,
+            size: stats.size,
+            content,
+            lineCount: (0, utils_1.countLines)(content),
+            hash: (0, utils_1.calculateHash)(content)
+        };
+    }
+    /**
+     * Get ignore patterns for glob
+     */
+    getIgnorePatterns() {
+        const defaultIgnore = [
+            '**/node_modules/**',
+            '**/vendor/**',
+            '**/.git/**',
+            '**/dist/**',
+            '**/build/**',
+            '**/out/**',
+            '**/__pycache__/**',
+            '**/.venv/**',
+            '**/venv/**',
+            '**/coverage/**',
+            '**/.nyc_output/**',
+            '**/.next/**',
+            '**/.nuxt/**',
+            '**/target/**',
+            '**/bin/**',
+            '**/obj/**',
+            '**/*.min.js',
+            '**/*.bundle.js',
+            '**/*.map'
+        ];
+        const customIgnore = (this.config.exclude || []).map((p) => `**/${p}/**`);
+        return [...defaultIgnore, ...customIgnore];
+    }
+    /**
+     * Get file statistics
+     */
+    getFileStats(files) {
+        const stats = {};
+        for (const file of files) {
+            const lang = file.language || 'unknown';
+            stats[lang] = (stats[lang] || 0) + 1;
+        }
+        return stats;
+    }
+}
+exports.FileScanner = FileScanner;
+exports.default = FileScanner;
+//# sourceMappingURL=fileScanner.js.map

package/dist/core/scanner/fileScanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fileScanner.js","sourceRoot":"","sources":["../../../src/core/scanner/fileScanner.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,2CAA6B;AAC7B,+BAA4B;AAE5B,uCAMqB;AACrB,+CAA4C;AAE5C;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAC7B,KAAK,EAAE,MAAM;IACb,KAAK,EAAE,MAAM;IACb,MAAM,EAAE,QAAQ;IAChB,OAAO;IACP,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM;IACzC,KAAK;IACL,OAAO,EAAE,MAAM;IACf,KAAK,EAAE,SAAS;CACjB,CAAC;AAEF;;GAEG;AACH,MAAM,qBAAqB,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;AAE9C;;GAEG;AACH,MAAa,WAAW;IACd,MAAM,CAAa;IACnB,UAAU,CAAW;IAE7B,YAAY,MAAkB;QAC5B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,kBAAkB,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI;QACR,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAE1D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,gCAAgC,WAAW,EAAE,CAAC,CAAC;QACjE,CAAC;QAED,MAAM,KAAK,GAAG,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,oCAAoC,WAAW,EAAE,CAAC,CAAC;QACrE,CAAC;QAED,eAAM,CAAC,IAAI,CAAC,6BAA6B,WAAW,EAAE,CAAC,CAAC;QAExD,qBAAqB;QACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC;QAC1D,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QACrC,QAAQ,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACtC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAEnC,MAAM,KAAK,GAAkB,EAAE,CAAC;QAEhC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG,MAAM,IAAA,WAAI,EAAC,OAAO,EAAE;gBAClC,GAAG,EAAE,WAAW;gBAChB,KAAK,EAAE,IAAI;gBACX,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,IAAI,CAAC,iBAAiB,EAAE;aACjC,CAAC,CAAC;YAEH,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;gBAEnD,4BAA4B;gBAC5B,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,YAAY,CAAC,EAAE,CAAC;oBACrD,SAAS;gBACX,CAAC;gBAED,sBAAsB;gBACtB,IAAI,IAAA,qBAAa,EAAC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,CAAC;oBACpD,eAAM,CAAC,KAAK,CAAC,2BAA2B,KAAK,EAAE,CAAC,CAAC;oBACjD,SAAS;gBACX,CAAC;gBAED,IAAI,CAAC;oBACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,KAAK,EAAE,WAAW,CAAC,CAAC;oBAC7E,IAAI,WAAW,EAAE,CAAC;wBAChB,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;oBAC1B,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,eAAM,CAAC,IAAI,CAAC,2BAA2B,KAAK,MAAM,KAAK,EAAE,CAAC,CAAC;gBAC7D,CAAC;YACH,CAAC;QACH,CAAC;QAED,kCAAkC;QAClC,IAAI,aAAa,GAAG,KAAK,CAAC;QAC1B,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9D,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAC/B,CAAC,CAAC,QAAQ,IAAI,IAAI,CAAC,MAAM,CAAC,SAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAC1D,CAAC;QACJ,CAAC;QAED,eAAM,CAAC,IAAI,CAAC,YAAY,aAAa,CAAC,MAAM,mBAAmB,CAAC,CAAC;QAEjE,OAAO,aAAa,CAAC;IACvB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,WAAW,CACvB,YAAoB,EACpB,YAAoB,EACpB,WAAmB;QAEnB,MAAM,KAAK,GAAG,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QACxC,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,qBAAqB,CAAC;QAEjE,gCAAgC;QAChC,IAAI,KAAK,CAAC,IAAI,GAAG,OAAO,EAAE,CAAC;YACzB,eAAM,CAAC,KAAK,CAAC,wBAAwB,YAAY,KAAK,KAAK,CAAC,IAAI,SAAS,CAAC,CAAC;YAC3E,OAAO,IAAI,CAAC;QACd,CAAC;QAED,oBAAoB;QACpB,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAEvD,kBAAkB;QAClB,MAAM,QAAQ,GAAG,IAAA,gCAAwB,EAAC,YAAY,CAAC,CAAC;QAExD,OAAO;YACL,YAAY;YACZ,YAAY;YACZ,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE;YACnD,QAAQ;YACR,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,OAAO;YACP,SAAS,EAAE,IAAA,kBAAU,EAAC,OAAO,CAAC;YAC9B,IAAI,EAAE,IAAA,qBAAa,EAAC,OAAO,CAAC;SAC7B,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,iBAAiB;QACvB,MAAM,aAAa,GAAG;YACpB,oBAAoB;YACpB,cAAc;YACd,YAAY;YACZ,YAAY;YACZ,aAAa;YACb,WAAW;YACX,mBAAmB;YACnB,aAAa;YACb,YAAY;YACZ,gBAAgB;YAChB,mBAAmB;YACnB,aAAa;YACb,aAAa;YACb,cAAc;YACd,WAAW;YACX,WAAW;YACX,aAAa;YACb,gBAAgB;YAChB,UAAU;SACX,CAAC;QAEF,MAAM,YAAY,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAElF,OAAO,CAAC,GAAG,aAAa,EAAE,GAAG,YAAY,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,KAAoB;QAC/B,MAAM,KAAK,GAA2B,EAAE,CAAC;QAEzC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,IAAI,SAAS,CAAC;YACxC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACvC,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAhKD,kCAgKC;AAED,kBAAe,WAAW,CAAC"}

package/dist/core/scanner/index.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Scanner Module Exports
+ */
+export * from './fileScanner';
+//# sourceMappingURL=index.d.ts.map

package/dist/core/scanner/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/core/scanner/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,eAAe,CAAC"}

package/dist/core/scanner/index.js

@@ -0,0 +1,21 @@
+"use strict";
+/**
+ * Scanner Module Exports
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./fileScanner"), exports);
+//# sourceMappingURL=index.js.map

package/dist/core/scanner/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/core/scanner/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;;;;;;;;;;;;AAEH,gDAA8B"}

package/dist/core/scoring/index.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Scoring Module Exports
+ */
+export * from './riskScoring';
+//# sourceMappingURL=index.d.ts.map

package/dist/core/scoring/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/core/scoring/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,eAAe,CAAC"}

package/dist/core/scoring/index.js

@@ -0,0 +1,21 @@
+"use strict";
+/**
+ * Scoring Module Exports
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./riskScoring"), exports);
+//# sourceMappingURL=index.js.map

package/dist/core/scoring/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/core/scoring/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;;;;;;;;;;;;AAEH,gDAA8B"}

package/dist/core/scoring/riskScoring.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Risk Scoring Engine
+ * Calculates risk scores and severity levels for scan results
+ */
+import { Finding, Severity, FindingCategory } from '../../types';
+/**
+ * Risk Scoring Engine Class
+ */
+export declare class RiskScoringEngine {
+    /**
+     * Calculate overall risk score for findings
+     */
+    calculateRiskScore(findings: Finding[], totalFiles: number): number;
+    /**
+     * Determine risk level from score
+     */
+    getRiskLevel(score: number): 'safe' | 'low' | 'medium' | 'high' | 'critical';
+    /**
+     * Get severity distribution
+     */
+    getSeverityDistribution(findings: Finding[]): Record<Severity, number>;
+    /**
+     * Get category distribution
+     */
+    getCategoryDistribution(findings: Finding[]): Record<FindingCategory, number>;
+    /**
+     * Get top affected files
+     */
+    getTopAffectedFiles(findings: Finding[], limit?: number): Array<{
+        file: string;
+        count: number;
+        criticalCount: number;
+    }>;
+    /**
+     * Get threat type distribution
+     */
+    getThreatTypeDistribution(findings: Finding[]): Record<string, number>;
+    /**
+     * Calculate security posture metrics
+     */
+    calculateSecurityPosture(findings: Finding[], totalFiles: number, totalLines: number): {
+        score: number;
+        grade: string;
+        findingsPerKLOC: number;
+        criticalRatio: number;
+    };
+}
+export default RiskScoringEngine;
+//# sourceMappingURL=riskScoring.d.ts.map

package/dist/core/scoring/riskScoring.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"riskScoring.d.ts","sourceRoot":"","sources":["../../../src/core/scoring/riskScoring.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAc,eAAe,EAAE,MAAM,aAAa,CAAC;AAkC7E;;GAEG;AACH,qBAAa,iBAAiB;IAC5B;;OAEG;IACH,kBAAkB,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM;IAyBnE;;OAEG;IACH,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU;IAQ5E;;OAEG;IACH,uBAAuB,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC;IAgBtE;;OAEG;IACH,uBAAuB,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC;IAe7E;;OAEG;IACH,mBAAmB,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,KAAK,GAAE,MAAW,GAAG,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,CAAA;KAAE,CAAC;IAkB3H;;OAEG;IACH,yBAAyB,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAUtE;;OAEG;IACH,wBAAwB,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG;QACrF,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,eAAe,EAAE,MAAM,CAAC;QACxB,aAAa,EAAE,MAAM,CAAC;KACvB;CAkCF;AAED,eAAe,iBAAiB,CAAC"}

package/dist/core/scoring/riskScoring.js

@@ -0,0 +1,180 @@
+"use strict";
+/**
+ * Risk Scoring Engine
+ * Calculates risk scores and severity levels for scan results
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RiskScoringEngine = void 0;
+const types_1 = require("../../types");
+/**
+ * Risk weights for different factors
+ */
+const SEVERITY_WEIGHTS = {
+    [types_1.Severity.CRITICAL]: 100,
+    [types_1.Severity.HIGH]: 70,
+    [types_1.Severity.MEDIUM]: 40,
+    [types_1.Severity.LOW]: 15,
+    [types_1.Severity.INFO]: 5
+};
+/**
+ * Category weights
+ */
+const CATEGORY_WEIGHTS = {
+    [types_1.FindingCategory.MALWARE]: 1.5,
+    [types_1.FindingCategory.VULNERABILITY]: 1.0,
+    [types_1.FindingCategory.CODE_SMELL]: 0.5,
+    [types_1.FindingCategory.BEST_PRACTICE]: 0.3
+};
+/**
+ * Risk level thresholds
+ */
+const RISK_THRESHOLDS = {
+    safe: 10,
+    low: 30,
+    medium: 50,
+    high: 75
+};
+/**
+ * Risk Scoring Engine Class
+ */
+class RiskScoringEngine {
+    /**
+     * Calculate overall risk score for findings
+     */
+    calculateRiskScore(findings, totalFiles) {
+        if (findings.length === 0) {
+            return 0;
+        }
+        let totalScore = 0;
+        for (const finding of findings) {
+            const severityWeight = SEVERITY_WEIGHTS[finding.severity];
+            const categoryWeight = CATEGORY_WEIGHTS[finding.category];
+            const confidenceMultiplier = finding.confidence / 100;
+            totalScore += severityWeight * categoryWeight * confidenceMultiplier;
+        }
+        // Normalize score based on codebase size
+        // More files = slightly lower weight per finding
+        const sizeNormalizer = Math.log10(Math.max(totalFiles, 1)) + 1;
+        // Calculate normalized score (0-100)
+        const normalizedScore = Math.min(100, (totalScore / sizeNormalizer) / 2);
+        return Math.round(normalizedScore);
+    }
+    /**
+     * Determine risk level from score
+     */
+    getRiskLevel(score) {
+        if (score >= RISK_THRESHOLDS.high)
+            return 'critical';
+        if (score >= RISK_THRESHOLDS.medium)
+            return 'high';
+        if (score >= RISK_THRESHOLDS.low)
+            return 'medium';
+        if (score >= RISK_THRESHOLDS.safe)
+            return 'low';
+        return 'safe';
+    }
+    /**
+     * Get severity distribution
+     */
+    getSeverityDistribution(findings) {
+        const distribution = {
+            [types_1.Severity.CRITICAL]: 0,
+            [types_1.Severity.HIGH]: 0,
+            [types_1.Severity.MEDIUM]: 0,
+            [types_1.Severity.LOW]: 0,
+            [types_1.Severity.INFO]: 0
+        };
+        for (const finding of findings) {
+            distribution[finding.severity]++;
+        }
+        return distribution;
+    }
+    /**
+     * Get category distribution
+     */
+    getCategoryDistribution(findings) {
+        const distribution = {
+            [types_1.FindingCategory.MALWARE]: 0,
+            [types_1.FindingCategory.VULNERABILITY]: 0,
+            [types_1.FindingCategory.CODE_SMELL]: 0,
+            [types_1.FindingCategory.BEST_PRACTICE]: 0
+        };
+        for (const finding of findings) {
+            distribution[finding.category]++;
+        }
+        return distribution;
+    }
+    /**
+     * Get top affected files
+     */
+    getTopAffectedFiles(findings, limit = 10) {
+        const fileMap = new Map();
+        for (const finding of findings) {
+            const current = fileMap.get(finding.location.file) || { count: 0, criticalCount: 0 };
+            current.count++;
+            if (finding.severity === types_1.Severity.CRITICAL || finding.severity === types_1.Severity.HIGH) {
+                current.criticalCount++;
+            }
+            fileMap.set(finding.location.file, current);
+        }
+        return Array.from(fileMap.entries())
+            .map(([file, stats]) => ({ file, ...stats }))
+            .sort((a, b) => b.criticalCount - a.criticalCount || b.count - a.count)
+            .slice(0, limit);
+    }
+    /**
+     * Get threat type distribution
+     */
+    getThreatTypeDistribution(findings) {
+        const distribution = {};
+        for (const finding of findings) {
+            distribution[finding.threatType] = (distribution[finding.threatType] || 0) + 1;
+        }
+        return distribution;
+    }
+    /**
+     * Calculate security posture metrics
+     */
+    calculateSecurityPosture(findings, totalFiles, totalLines) {
+        const score = 100 - this.calculateRiskScore(findings, totalFiles);
+        // Calculate grade
+        let grade;
+        if (score >= 90)
+            grade = 'A+';
+        else if (score >= 85)
+            grade = 'A';
+        else if (score >= 80)
+            grade = 'A-';
+        else if (score >= 75)
+            grade = 'B+';
+        else if (score >= 70)
+            grade = 'B';
+        else if (score >= 65)
+            grade = 'B-';
+        else if (score >= 60)
+            grade = 'C+';
+        else if (score >= 55)
+            grade = 'C';
+        else if (score >= 50)
+            grade = 'C-';
+        else if (score >= 40)
+            grade = 'D';
+        else
+            grade = 'F';
+        // Findings per 1000 lines of code
+        const kloc = totalLines / 1000;
+        const findingsPerKLOC = kloc > 0 ? findings.length / kloc : 0;
+        // Ratio of critical/high findings
+        const criticalCount = findings.filter(f => f.severity === types_1.Severity.CRITICAL || f.severity === types_1.Severity.HIGH).length;
+        const criticalRatio = findings.length > 0 ? criticalCount / findings.length : 0;
+        return {
+            score: Math.round(score),
+            grade,
+            findingsPerKLOC: Math.round(findingsPerKLOC * 100) / 100,
+            criticalRatio: Math.round(criticalRatio * 100) / 100
+        };
+    }
+}
+exports.RiskScoringEngine = RiskScoringEngine;
+exports.default = RiskScoringEngine;
+//# sourceMappingURL=riskScoring.js.map

package/dist/core/scoring/riskScoring.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"riskScoring.js","sourceRoot":"","sources":["../../../src/core/scoring/riskScoring.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,uCAA6E;AAG7E;;GAEG;AACH,MAAM,gBAAgB,GAA6B;IACjD,CAAC,gBAAQ,CAAC,QAAQ,CAAC,EAAE,GAAG;IACxB,CAAC,gBAAQ,CAAC,IAAI,CAAC,EAAE,EAAE;IACnB,CAAC,gBAAQ,CAAC,MAAM,CAAC,EAAE,EAAE;IACrB,CAAC,gBAAQ,CAAC,GAAG,CAAC,EAAE,EAAE;IAClB,CAAC,gBAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;CACnB,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAoC;IACxD,CAAC,uBAAe,CAAC,OAAO,CAAC,EAAE,GAAG;IAC9B,CAAC,uBAAe,CAAC,aAAa,CAAC,EAAE,GAAG;IACpC,CAAC,uBAAe,CAAC,UAAU,CAAC,EAAE,GAAG;IACjC,CAAC,uBAAe,CAAC,aAAa,CAAC,EAAE,GAAG;CACrC,CAAC;AAEF;;GAEG;AACH,MAAM,eAAe,GAAG;IACtB,IAAI,EAAE,EAAE;IACR,GAAG,EAAE,EAAE;IACP,MAAM,EAAE,EAAE;IACV,IAAI,EAAE,EAAE;CACT,CAAC;AAEF;;GAEG;AACH,MAAa,iBAAiB;IAC5B;;OAEG;IACH,kBAAkB,CAAC,QAAmB,EAAE,UAAkB;QACxD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,CAAC,CAAC;QACX,CAAC;QAED,IAAI,UAAU,GAAG,CAAC,CAAC;QAEnB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC1D,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC1D,MAAM,oBAAoB,GAAG,OAAO,CAAC,UAAU,GAAG,GAAG,CAAC;YAEtD,UAAU,IAAI,cAAc,GAAG,cAAc,GAAG,oBAAoB,CAAC;QACvE,CAAC;QAED,yCAAyC;QACzC,iDAAiD;QACjD,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAE/D,qCAAqC;QACrC,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,UAAU,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC;QAEzE,OAAO,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,KAAa;QACxB,IAAI,KAAK,IAAI,eAAe,CAAC,IAAI;YAAE,OAAO,UAAU,CAAC;QACrD,IAAI,KAAK,IAAI,eAAe,CAAC,MAAM;YAAE,OAAO,MAAM,CAAC;QACnD,IAAI,KAAK,IAAI,eAAe,CAAC,GAAG;YAAE,OAAO,QAAQ,CAAC;QAClD,IAAI,KAAK,IAAI,eAAe,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QAChD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,uBAAuB,CAAC,QAAmB;QACzC,MAAM,YAAY,GAA6B;YAC7C,CAAC,gBAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACtB,CAAC,gBAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAClB,CAAC,gBAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACpB,CAAC,gBAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACjB,CAAC,gBAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;SACnB,CAAC;QAEF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,YAAY,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnC,CAAC;QAED,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,uBAAuB,CAAC,QAAmB;QACzC,MAAM,YAAY,GAAoC;YACpD,CAAC,uBAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5B,CAAC,uBAAe,CAAC,aAAa,CAAC,EAAE,CAAC;YAClC,CAAC,uBAAe,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/B,CAAC,uBAAe,CAAC,aAAa,CAAC,EAAE,CAAC;SACnC,CAAC;QAEF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,YAAY,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnC,CAAC;QAED,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,QAAmB,EAAE,QAAgB,EAAE;QACzD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAoD,CAAC;QAE5E,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC,EAAE,CAAC;YACrF,OAAO,CAAC,KAAK,EAAE,CAAC;YAChB,IAAI,OAAO,CAAC,QAAQ,KAAK,gBAAQ,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,KAAK,gBAAQ,CAAC,IAAI,EAAE,CAAC;gBACjF,OAAO,CAAC,aAAa,EAAE,CAAC;YAC1B,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;aACjC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,GAAG,KAAK,EAAE,CAAC,CAAC;aAC5C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;aACtE,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,yBAAyB,CAAC,QAAmB;QAC3C,MAAM,YAAY,GAA2B,EAAE,CAAC;QAEhD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACjF,CAAC;QAED,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,wBAAwB,CAAC,QAAmB,EAAE,UAAkB,EAAE,UAAkB;QAMlF,MAAM,KAAK,GAAG,GAAG,GAAG,IAAI,CAAC,kBAAkB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QAElE,kBAAkB;QAClB,IAAI,KAAa,CAAC;QAClB,IAAI,KAAK,IAAI,EAAE;YAAE,KAAK,GAAG,IAAI,CAAC;aACzB,IAAI,KAAK,IAAI,EAAE;YAAE,KAAK,GAAG,GAAG,CAAC;aAC7B,IAAI,KAAK,IAAI,EAAE;YAAE,KAAK,GAAG,IAAI,CAAC;aAC9B,IAAI,KAAK,IAAI,EAAE;YAAE,KAAK,GAAG,IAAI,CAAC;aAC9B,IAAI,KAAK,IAAI,EAAE;YAAE,KAAK,GAAG,GAAG,CAAC;aAC7B,IAAI,KAAK,IAAI,EAAE;YAAE,KAAK,GAAG,IAAI,CAAC;aAC9B,IAAI,KAAK,IAAI,EAAE;YAAE,KAAK,GAAG,IAAI,CAAC;aAC9B,IAAI,KAAK,IAAI,EAAE;YAAE,KAAK,GAAG,GAAG,CAAC;aAC7B,IAAI,KAAK,IAAI,EAAE;YAAE,KAAK,GAAG,IAAI,CAAC;aAC9B,IAAI,KAAK,IAAI,EAAE;YAAE,KAAK,GAAG,GAAG,CAAC;;YAC7B,KAAK,GAAG,GAAG,CAAC;QAEjB,kCAAkC;QAClC,MAAM,IAAI,GAAG,UAAU,GAAG,IAAI,CAAC;QAC/B,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAE9D,kCAAkC;QAClC,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACxC,CAAC,CAAC,QAAQ,KAAK,gBAAQ,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,KAAK,gBAAQ,CAAC,IAAI,CACjE,CAAC,MAAM,CAAC;QACT,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAEhF,OAAO;YACL,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;YACxB,KAAK;YACL,eAAe,EAAE,IAAI,CAAC,KAAK,CAAC,eAAe,GAAG,GAAG,CAAC,GAAG,GAAG;YACxD,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,aAAa,GAAG,GAAG,CAAC,GAAG,GAAG;SACrD,CAAC;IACJ,CAAC;CACF;AAzJD,8CAyJC;AAED,kBAAe,iBAAiB,CAAC"}

package/dist/core/securityScanner.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Security Scanner Orchestrator
+ * Main scanner that coordinates all analyzers
+ */
+import { ScanConfig, ScanResult } from '../types';
+/**
+ * Security Scanner Class
+ * Main orchestrator for the SAST tool
+ */
+export declare class SecurityScanner {
+    private config;
+    private fileScanner;
+    private ruleEngine;
+    private riskScoring;
+    private aiAnalyzer?;
+    constructor(config: ScanConfig);
+    /**
+     * Normalize and validate configuration
+     */
+    private normalizeConfig;
+    /**
+     * Run the security scan
+     */
+    scan(): Promise<ScanResult>;
+    /**
+     * Analyze a single file
+     */
+    private analyzeFile;
+    /**
+     * Filter findings by minimum severity
+     */
+    private filterBySeverity;
+    /**
+     * Calculate scan statistics
+     */
+    private calculateStats;
+    /**
+     * Create empty result when no files found
+     */
+    private createEmptyResult;
+    /**
+     * Generate report
+     */
+    private generateReport;
+}
+export default SecurityScanner;
+//# sourceMappingURL=securityScanner.d.ts.map

package/dist/core/securityScanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"securityScanner.d.ts","sourceRoot":"","sources":["../../src/core/securityScanner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,EACL,UAAU,EACV,UAAU,EAMX,MAAM,UAAU,CAAC;AAWlB;;;GAGG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,MAAM,CAAa;IAC3B,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,WAAW,CAAoB;IACvC,OAAO,CAAC,UAAU,CAAC,CAAa;gBAEpB,MAAM,EAAE,UAAU;IAY9B;;OAEG;IACH,OAAO,CAAC,eAAe;IAYvB;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,UAAU,CAAC;IA4GjC;;OAEG;YACW,WAAW;IAoCzB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAUxB;;OAEG;IACH,OAAO,CAAC,cAAc;IA6BtB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAoCzB;;OAEG;YACW,cAAc;CAiB7B;AAED,eAAe,eAAe,CAAC"}