supascan 0.0.9 → 0.0.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/supascan.js +18 -7
- package/package.json +1 -1
package/dist/supascan.js
CHANGED
|
@@ -14062,11 +14062,22 @@ class SupabaseService {
|
|
|
14062
14062
|
}
|
|
14063
14063
|
const hasData = data && data.length > 0;
|
|
14064
14064
|
if (hasData) {
|
|
14065
|
-
|
|
14066
|
-
|
|
14065
|
+
const { count } = await ctx.client.schema(schema).from(table).select("*", { count: "estimated", head: true });
|
|
14066
|
+
log.debug(ctx, `Table ${table} is readable with ~${count ?? "unknown"} rows (EXPOSED)`);
|
|
14067
|
+
return ok({
|
|
14068
|
+
status: "readable",
|
|
14069
|
+
accessible: true,
|
|
14070
|
+
hasData: true,
|
|
14071
|
+
rowCount: count ?? undefined
|
|
14072
|
+
});
|
|
14067
14073
|
}
|
|
14068
14074
|
log.debug(ctx, `Table ${table} returned 0 rows (empty or RLS blocked)`);
|
|
14069
|
-
return ok({
|
|
14075
|
+
return ok({
|
|
14076
|
+
status: "empty",
|
|
14077
|
+
accessible: true,
|
|
14078
|
+
hasData: false,
|
|
14079
|
+
rowCount: 0
|
|
14080
|
+
});
|
|
14070
14081
|
}
|
|
14071
14082
|
static async testTablesRead(ctx, schema, tables) {
|
|
14072
14083
|
log.debug(ctx, `Testing read access for ${tables.length} tables`);
|
|
@@ -14881,12 +14892,12 @@ function TableRow({
|
|
|
14881
14892
|
switch (access?.status) {
|
|
14882
14893
|
case "readable":
|
|
14883
14894
|
statusClass = "bg-green-100 text-green-800 border-green-200";
|
|
14884
|
-
statusText = "
|
|
14895
|
+
statusText = `~${access.rowCount ?? "?"} rows exposed`;
|
|
14885
14896
|
statusIcon = "[+]";
|
|
14886
14897
|
break;
|
|
14887
14898
|
case "empty":
|
|
14888
14899
|
statusClass = "bg-yellow-100 text-yellow-800 border-yellow-200";
|
|
14889
|
-
statusText = "
|
|
14900
|
+
statusText = "0 rows - empty or RLS";
|
|
14890
14901
|
statusIcon = "[-]";
|
|
14891
14902
|
break;
|
|
14892
14903
|
case "denied":
|
|
@@ -15719,7 +15730,7 @@ function displayAnalysisResult(result) {
|
|
|
15719
15730
|
switch (access?.status) {
|
|
15720
15731
|
case "readable":
|
|
15721
15732
|
indicator = import_picocolors2.default.green("[+]");
|
|
15722
|
-
description = import_picocolors2.default.dim(
|
|
15733
|
+
description = import_picocolors2.default.dim(`(~${access.rowCount ?? "?"} rows exposed)`);
|
|
15723
15734
|
break;
|
|
15724
15735
|
case "empty":
|
|
15725
15736
|
indicator = import_picocolors2.default.yellow("[-]");
|
|
@@ -16184,7 +16195,7 @@ var experimentalWarning2 = onlyOnce2(() => {
|
|
|
16184
16195
|
}
|
|
16185
16196
|
});
|
|
16186
16197
|
// package.json
|
|
16187
|
-
var version = "0.0.
|
|
16198
|
+
var version = "0.0.10";
|
|
16188
16199
|
|
|
16189
16200
|
// version.ts
|
|
16190
16201
|
var VERSION = version;
|