supasec 1.0.3 → 1.0.5

package/dist/scanners/storage/analyzer.js

@@ -0,0 +1,438 @@
+"use strict";
+/**
+ * Storage Bucket Analyzer
+ * Scans for storage bucket security issues and misconfigurations
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.analyzeStorage = analyzeStorage;
+exports.getMockStorageBuckets = getMockStorageBuckets;
+exports.getMockStorageObjects = getMockStorageObjects;
+const finding_js_1 = require("../../models/finding.js");
+/**
+ * Analyze storage buckets for security issues
+ */
+async function analyzeStorage(options) {
+    const findings = [];
+    let findingCounter = 1;
+    let publicCount = 0;
+    let misconfiguredCount = 0;
+    for (const bucket of options.buckets) {
+        // Check if bucket is public
+        if (bucket.public) {
+            publicCount++;
+            findings.push(createPublicBucketFinding(bucket, findingCounter++));
+        }
+        // Check for missing file size limits
+        if (!bucket.fileSizeLimit || bucket.fileSizeLimit > 50 * 1024 * 1024) {
+            findings.push(createNoSizeLimitFinding(bucket, findingCounter++));
+            misconfiguredCount++;
+        }
+        // Check for unrestricted mime types
+        if (!bucket.allowedMimeTypes || bucket.allowedMimeTypes.length === 0) {
+            findings.push(createUnrestrictedMimeTypesFinding(bucket, findingCounter++));
+            misconfiguredCount++;
+        }
+        // Check for dangerous mime types allowed
+        if (bucket.allowedMimeTypes) {
+            const dangerousMimeTypes = [
+                'application/x-httpd-php',
+                'application/x-httpd-cgi',
+                'application/x-javascript',
+                'text/html',
+                'application/xhtml+xml',
+                'application/x-executable'
+            ];
+            const hasDangerousTypes = bucket.allowedMimeTypes.some(type => dangerousMimeTypes.includes(type.toLowerCase()));
+            if (hasDangerousTypes) {
+                findings.push(createDangerousMimeTypesFinding(bucket, findingCounter++));
+                misconfiguredCount++;
+            }
+        }
+    }
+    // Analyze objects if provided
+    if (options.objects) {
+        for (const object of options.objects) {
+            // Check for sensitive file patterns
+            const sensitivePatterns = [
+                /\.env$/i,
+                /\.env\./i,
+                /config\.json$/i,
+                /secrets?\./i,
+                /password/i,
+                /key\./i,
+                /\.pem$/i,
+                /\.key$/i,
+                /\.p12$/i,
+                /\.pfx$/i,
+                /id_rsa/i,
+                /\.htpasswd/i,
+                /credentials/i
+            ];
+            const isSensitive = sensitivePatterns.some(pattern => pattern.test(object.name));
+            if (isSensitive && object.isPublic) {
+                findings.push(createSensitiveFileExposedFinding(object, findingCounter++));
+            }
+        }
+    }
+    return {
+        findings,
+        bucketsScanned: options.buckets.length,
+        objectsScanned: options.objects?.length || 0,
+        publicBuckets: publicCount,
+        misconfiguredBuckets: misconfiguredCount
+    };
+}
+/**
+ * Create finding for public bucket
+ */
+function createPublicBucketFinding(bucket, counter) {
+    return {
+        finding_id: (0, finding_js_1.generateFindingId)('storage', counter),
+        timestamp: new Date().toISOString(),
+        severity: 'HIGH',
+        category: 'storage',
+        subcategory: 'public_bucket',
+        title: `Storage bucket '${bucket.name}' is publicly accessible`,
+        description: `The storage bucket '${bucket.name}' is configured as public. All files in this bucket can be accessed by anyone without authentication.`,
+        location: {
+            table: `storage.buckets:${bucket.id}`
+        },
+        evidence: {
+            bucket_id: bucket.id,
+            bucket_name: bucket.name,
+            is_public: bucket.public,
+            owner: bucket.owner
+        },
+        impact: {
+            severity_score: 7.5,
+            description: 'Any file uploaded to this bucket is publicly accessible - potential data leak',
+            affected_resources: [`storage.buckets:${bucket.id}`],
+            compliance_violations: ['GDPR-Article-32', 'SOC2-CC6.1']
+        },
+        remediation: {
+            summary: `Make storage bucket '${bucket.name}' private`,
+            priority: 'HIGH',
+            effort: 'LOW',
+            steps: [
+                {
+                    order: 1,
+                    action: 'Update bucket to private',
+                    sql: `-- Make bucket private
+UPDATE storage.buckets
+SET public = false
+WHERE id = '${bucket.id}';`
+                },
+                {
+                    order: 2,
+                    action: 'Create RLS policies for bucket access',
+                    sql: `-- Allow authenticated users to read their own files
+CREATE POLICY "Users can read own files"
+ON storage.objects FOR SELECT
+USING (auth.uid()::text = (storage.foldername(name))[1]);
+
+-- Allow authenticated users to upload files
+CREATE POLICY "Users can upload files"
+ON storage.objects FOR INSERT
+WITH CHECK (auth.role() = 'authenticated');`
+                }
+            ],
+            auto_fixable: true
+        },
+        references: [
+            {
+                title: 'Supabase Storage Security',
+                url: 'https://supabase.com/docs/guides/storage/security/access-control'
+            }
+        ],
+        false_positive_likelihood: 'LOW',
+        confidence: 0.95
+    };
+}
+/**
+ * Create finding for missing file size limit
+ */
+function createNoSizeLimitFinding(bucket, counter) {
+    const currentLimit = bucket.fileSizeLimit ? `${(bucket.fileSizeLimit / 1024 / 1024).toFixed(0)}MB` : 'No limit';
+    return {
+        finding_id: (0, finding_js_1.generateFindingId)('storage', counter),
+        timestamp: new Date().toISOString(),
+        severity: 'MEDIUM',
+        category: 'storage',
+        subcategory: 'no_size_limit',
+        title: `Storage bucket '${bucket.name}' has no file size limit`,
+        description: `The storage bucket '${bucket.name}' does not have a file size limit configured (current: ${currentLimit}). This could allow denial of service through large file uploads.`,
+        location: {
+            table: `storage.buckets:${bucket.id}`
+        },
+        evidence: {
+            bucket_id: bucket.id,
+            bucket_name: bucket.name,
+            file_size_limit: bucket.fileSizeLimit,
+            current_limit_formatted: currentLimit
+        },
+        impact: {
+            severity_score: 5.0,
+            description: 'Potential DoS through large file uploads - storage abuse and costs',
+            affected_resources: [`storage.buckets:${bucket.id}`]
+        },
+        remediation: {
+            summary: `Set file size limit for bucket '${bucket.name}'`,
+            priority: 'MEDIUM',
+            effort: 'LOW',
+            steps: [
+                {
+                    order: 1,
+                    action: 'Set appropriate file size limit (e.g., 5MB)',
+                    sql: `-- Set file size limit to 5MB
+UPDATE storage.buckets
+SET file_size_limit = 5242880
+WHERE id = '${bucket.id}';`
+                }
+            ],
+            auto_fixable: true
+        },
+        references: [
+            {
+                title: 'Supabase Storage Limits',
+                url: 'https://supabase.com/docs/guides/storage/uploads/file-limits'
+            }
+        ],
+        false_positive_likelihood: 'MEDIUM',
+        confidence: 0.8
+    };
+}
+/**
+ * Create finding for unrestricted mime types
+ */
+function createUnrestrictedMimeTypesFinding(bucket, counter) {
+    return {
+        finding_id: (0, finding_js_1.generateFindingId)('storage', counter),
+        timestamp: new Date().toISOString(),
+        severity: 'MEDIUM',
+        category: 'storage',
+        subcategory: 'unrestricted_mime_types',
+        title: `Storage bucket '${bucket.name}' allows all file types`,
+        description: `The storage bucket '${bucket.name}' does not restrict allowed MIME types. This could allow upload of executable or dangerous files.`,
+        location: {
+            table: `storage.buckets:${bucket.id}`
+        },
+        evidence: {
+            bucket_id: bucket.id,
+            bucket_name: bucket.name,
+            allowed_mime_types: bucket.allowedMimeTypes || 'All types allowed'
+        },
+        impact: {
+            severity_score: 5.5,
+            description: 'Potential for malicious file uploads - malware distribution risk',
+            affected_resources: [`storage.buckets:${bucket.id}`],
+            compliance_violations: ['OWASP-A05-2021']
+        },
+        remediation: {
+            summary: `Restrict allowed MIME types for bucket '${bucket.name}'`,
+            priority: 'MEDIUM',
+            effort: 'LOW',
+            steps: [
+                {
+                    order: 1,
+                    action: 'Set allowed MIME types',
+                    sql: `-- Restrict to images and documents only
+UPDATE storage.buckets
+SET allowed_mime_types = ARRAY[
+  'image/jpeg',
+  'image/png',
+  'image/gif',
+  'application/pdf',
+  'text/plain'
+]
+WHERE id = '${bucket.id}';`
+                }
+            ],
+            auto_fixable: true
+        },
+        references: [
+            {
+                title: 'MIME Type Security',
+                url: 'https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload'
+            }
+        ],
+        false_positive_likelihood: 'MEDIUM',
+        confidence: 0.75
+    };
+}
+/**
+ * Create finding for dangerous mime types
+ */
+function createDangerousMimeTypesFinding(bucket, counter) {
+    return {
+        finding_id: (0, finding_js_1.generateFindingId)('storage', counter),
+        timestamp: new Date().toISOString(),
+        severity: 'HIGH',
+        category: 'storage',
+        subcategory: 'dangerous_mime_types',
+        title: `Storage bucket '${bucket.name}' allows dangerous file types`,
+        description: `The storage bucket '${bucket.name}' allows potentially dangerous MIME types (HTML, PHP, executables). This could enable XSS attacks or code execution.`,
+        location: {
+            table: `storage.buckets:${bucket.id}`
+        },
+        evidence: {
+            bucket_id: bucket.id,
+            bucket_name: bucket.name,
+            allowed_mime_types: bucket.allowedMimeTypes
+        },
+        impact: {
+            severity_score: 8.0,
+            description: 'XSS and code execution risk - malicious files can be served to users',
+            affected_resources: [`storage.buckets:${bucket.id}`],
+            compliance_violations: ['OWASP-A03-2021', 'XSS-CWE-79']
+        },
+        remediation: {
+            summary: `Remove dangerous MIME types from bucket '${bucket.name}'`,
+            priority: 'HIGH',
+            effort: 'LOW',
+            steps: [
+                {
+                    order: 1,
+                    action: 'Review and restrict MIME types',
+                    sql: `-- Remove dangerous types, keep safe ones
+UPDATE storage.buckets
+SET allowed_mime_types = ARRAY[
+  'image/jpeg',
+  'image/png',
+  'image/gif',
+  'image/webp',
+  'application/pdf'
+]
+WHERE id = '${bucket.id}';`
+                }
+            ],
+            auto_fixable: true
+        },
+        references: [
+            {
+                title: 'OWASP XSS Prevention',
+                url: 'https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html'
+            }
+        ],
+        false_positive_likelihood: 'LOW',
+        confidence: 0.9
+    };
+}
+/**
+ * Create finding for sensitive file exposed
+ */
+function createSensitiveFileExposedFinding(object, counter) {
+    return {
+        finding_id: (0, finding_js_1.generateFindingId)('storage', counter),
+        timestamp: new Date().toISOString(),
+        severity: 'CRITICAL',
+        category: 'storage',
+        subcategory: 'sensitive_file_exposed',
+        title: `Sensitive file '${object.name}' is publicly accessible`,
+        description: `The file '${object.name}' appears to contain sensitive information (credentials, keys, or configuration) and is publicly accessible.`,
+        location: {
+            table: `storage.objects:${object.bucketId}/${object.name}`
+        },
+        evidence: {
+            object_id: object.id,
+            bucket_id: object.bucketId,
+            file_name: object.name,
+            mime_type: object.mimeType,
+            size_bytes: object.size,
+            is_public: object.isPublic
+        },
+        impact: {
+            severity_score: 9.5,
+            description: 'Credentials or sensitive configuration exposed - immediate security breach',
+            affected_resources: [`storage.objects:${object.bucketId}/${object.name}`],
+            compliance_violations: ['GDPR-Article-32', 'PCI-DSS-3.2']
+        },
+        remediation: {
+            summary: `Remove or secure sensitive file '${object.name}'`,
+            priority: 'IMMEDIATE',
+            effort: 'LOW',
+            steps: [
+                {
+                    order: 1,
+                    action: 'Delete the exposed file immediately',
+                    sql: `-- Delete exposed file
+DELETE FROM storage.objects
+WHERE id = '${object.id}';`
+                },
+                {
+                    order: 2,
+                    action: 'Rotate any exposed credentials',
+                    code: '# Change passwords, API keys, and secrets that were exposed'
+                },
+                {
+                    order: 3,
+                    action: 'Make bucket private and add RLS policies',
+                    sql: `-- Secure the bucket
+UPDATE storage.buckets
+SET public = false
+WHERE id = '${object.bucketId}';`
+                }
+            ],
+            auto_fixable: false
+        },
+        references: [
+            {
+                title: 'OWASP Sensitive Data Exposure',
+                url: 'https://owasp.org/Top10/A02_2021-Cryptographic_Failures/'
+            }
+        ],
+        false_positive_likelihood: 'LOW',
+        confidence: 0.9
+    };
+}
+/**
+ * Mock storage buckets for testing
+ */
+function getMockStorageBuckets() {
+    return [
+        {
+            id: 'avatars',
+            name: 'avatars',
+            public: true,
+            fileSizeLimit: 1024 * 1024, // 1MB
+            allowedMimeTypes: ['image/jpeg', 'image/png', 'image/gif']
+        },
+        {
+            id: 'documents',
+            name: 'documents',
+            public: false,
+            fileSizeLimit: 10 * 1024 * 1024, // 10MB
+            allowedMimeTypes: ['application/pdf', 'text/plain']
+        },
+        {
+            id: 'uploads',
+            name: 'uploads',
+            public: true,
+            // No size limit
+            // No mime type restrictions
+        }
+    ];
+}
+/**
+ * Mock storage objects for testing
+ */
+function getMockStorageObjects() {
+    return [
+        {
+            id: 'obj-1',
+            bucketId: 'avatars',
+            name: 'user123/profile.jpg',
+            size: 102400,
+            mimeType: 'image/jpeg',
+            isPublic: true
+        },
+        {
+            id: 'obj-2',
+            bucketId: 'uploads',
+            name: 'backup/.env',
+            size: 2048,
+            mimeType: 'text/plain',
+            isPublic: true
+        }
+    ];
+}
+//# sourceMappingURL=analyzer.js.map

package/dist/scanners/storage/analyzer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"analyzer.js","sourceRoot":"","sources":["../../../src/scanners/storage/analyzer.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AA0CH,wCAkFC;AAyTD,sDAwBC;AAKD,sDAmBC;AAneD,wDAAqE;AAqCrE;;GAEG;AACI,KAAK,UAAU,cAAc,CAAC,OAA2B;IAC9D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,cAAc,GAAG,CAAC,CAAC;IACvB,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,kBAAkB,GAAG,CAAC,CAAC;IAE3B,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACrC,4BAA4B;QAC5B,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,WAAW,EAAE,CAAC;YACd,QAAQ,CAAC,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;QACrE,CAAC;QAED,qCAAqC;QACrC,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,aAAa,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,CAAC;YACrE,QAAQ,CAAC,IAAI,CAAC,wBAAwB,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;YAClE,kBAAkB,EAAE,CAAC;QACvB,CAAC;QAED,oCAAoC;QACpC,IAAI,CAAC,MAAM,CAAC,gBAAgB,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrE,QAAQ,CAAC,IAAI,CAAC,kCAAkC,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;YAC5E,kBAAkB,EAAE,CAAC;QACvB,CAAC;QAED,yCAAyC;QACzC,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC5B,MAAM,kBAAkB,GAAG;gBACzB,yBAAyB;gBACzB,yBAAyB;gBACzB,0BAA0B;gBAC1B,WAAW;gBACX,uBAAuB;gBACvB,0BAA0B;aAC3B,CAAC;YAEF,MAAM,iBAAiB,GAAG,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC5D,kBAAkB,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAChD,CAAC;YAEF,IAAI,iBAAiB,EAAE,CAAC;gBACtB,QAAQ,CAAC,IAAI,CAAC,+BAA+B,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;gBACzE,kBAAkB,EAAE,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACrC,oCAAoC;YACpC,MAAM,iBAAiB,GAAG;gBACxB,SAAS;gBACT,UAAU;gBACV,gBAAgB;gBAChB,aAAa;gBACb,WAAW;gBACX,QAAQ;gBACR,SAAS;gBACT,SAAS;gBACT,SAAS;gBACT,SAAS;gBACT,SAAS;gBACT,aAAa;gBACb,cAAc;aACf,CAAC;YAEF,MAAM,WAAW,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;YAEjF,IAAI,WAAW,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACnC,QAAQ,CAAC,IAAI,CAAC,iCAAiC,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ;QACR,cAAc,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM;QACtC,cAAc,EAAE,OAAO,CAAC,OAAO,EAAE,MAAM,IAAI,CAAC;QAC5C,aAAa,EAAE,WAAW;QAC1B,oBAAoB,EAAE,kBAAkB;KACzC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,yBAAyB,CAAC,MAAyB,EAAE,OAAe;IAC3E,OAAO;QACL,UAAU,EAAE,IAAA,8BAAiB,EAAC,SAAS,EAAE,OAAO,CAAC;QACjD,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,eAAe;QAC5B,KAAK,EAAE,mBAAmB,MAAM,CAAC,IAAI,0BAA0B;QAC/D,WAAW,EAAE,uBAAuB,MAAM,CAAC,IAAI,uGAAuG;QACtJ,QAAQ,EAAE;YACR,KAAK,EAAE,mBAAmB,MAAM,CAAC,EAAE,EAAE;SACtC;QACD,QAAQ,EAAE;YACR,SAAS,EAAE,MAAM,CAAC,EAAE;YACpB,WAAW,EAAE,MAAM,CAAC,IAAI;YACxB,SAAS,EAAE,MAAM,CAAC,MAAM;YACxB,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB;QACD,MAAM,EAAE;YACN,cAAc,EAAE,GAAG;YACnB,WAAW,EAAE,+EAA+E;YAC5F,kBAAkB,EAAE,CAAC,mBAAmB,MAAM,CAAC,EAAE,EAAE,CAAC;YACpD,qBAAqB,EAAE,CAAC,iBAAiB,EAAE,YAAY,CAAC;SACzD;QACD,WAAW,EAAE;YACX,OAAO,EAAE,wBAAwB,MAAM,CAAC,IAAI,WAAW;YACvD,QAAQ,EAAE,MAAM;YAChB,MAAM,EAAE,KAAK;YACb,KAAK,EAAE;gBACL;oBACE,KAAK,EAAE,CAAC;oBACR,MAAM,EAAE,0BAA0B;oBAClC,GAAG,EAAE;;;cAGD,MAAM,CAAC,EAAE,IAAI;iBAClB;gBACD;oBACE,KAAK,EAAE,CAAC;oBACR,MAAM,EAAE,uCAAuC;oBAC/C,GAAG,EAAE;;;;;;;;4CAQ6B;iBACnC;aACF;YACD,YAAY,EAAE,IAAI;SACnB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,2BAA2B;gBAClC,GAAG,EAAE,kEAAkE;aACxE;SACF;QACD,yBAAyB,EAAE,KAAK;QAChC,UAAU,EAAE,IAAI;KACjB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,MAAyB,EAAE,OAAe;IAC1E,MAAM,YAAY,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,aAAa,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC;IAEhH,OAAO;QACL,UAAU,EAAE,IAAA,8BAAiB,EAAC,SAAS,EAAE,OAAO,CAAC;QACjD,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,eAAe;QAC5B,KAAK,EAAE,mBAAmB,MAAM,CAAC,IAAI,0BAA0B;QAC/D,WAAW,EAAE,uBAAuB,MAAM,CAAC,IAAI,0DAA0D,YAAY,mEAAmE;QACxL,QAAQ,EAAE;YACR,KAAK,EAAE,mBAAmB,MAAM,CAAC,EAAE,EAAE;SACtC;QACD,QAAQ,EAAE;YACR,SAAS,EAAE,MAAM,CAAC,EAAE;YACpB,WAAW,EAAE,MAAM,CAAC,IAAI;YACxB,eAAe,EAAE,MAAM,CAAC,aAAa;YACrC,uBAAuB,EAAE,YAAY;SACtC;QACD,MAAM,EAAE;YACN,cAAc,EAAE,GAAG;YACnB,WAAW,EAAE,oEAAoE;YACjF,kBAAkB,EAAE,CAAC,mBAAmB,MAAM,CAAC,EAAE,EAAE,CAAC;SACrD;QACD,WAAW,EAAE;YACX,OAAO,EAAE,mCAAmC,MAAM,CAAC,IAAI,GAAG;YAC1D,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,KAAK;YACb,KAAK,EAAE;gBACL;oBACE,KAAK,EAAE,CAAC;oBACR,MAAM,EAAE,6CAA6C;oBACrD,GAAG,EAAE;;;cAGD,MAAM,CAAC,EAAE,IAAI;iBAClB;aACF;YACD,YAAY,EAAE,IAAI;SACnB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,yBAAyB;gBAChC,GAAG,EAAE,8DAA8D;aACpE;SACF;QACD,yBAAyB,EAAE,QAAQ;QACnC,UAAU,EAAE,GAAG;KAChB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,kCAAkC,CAAC,MAAyB,EAAE,OAAe;IACpF,OAAO;QACL,UAAU,EAAE,IAAA,8BAAiB,EAAC,SAAS,EAAE,OAAO,CAAC;QACjD,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,yBAAyB;QACtC,KAAK,EAAE,mBAAmB,MAAM,CAAC,IAAI,yBAAyB;QAC9D,WAAW,EAAE,uBAAuB,MAAM,CAAC,IAAI,mGAAmG;QAClJ,QAAQ,EAAE;YACR,KAAK,EAAE,mBAAmB,MAAM,CAAC,EAAE,EAAE;SACtC;QACD,QAAQ,EAAE;YACR,SAAS,EAAE,MAAM,CAAC,EAAE;YACpB,WAAW,EAAE,MAAM,CAAC,IAAI;YACxB,kBAAkB,EAAE,MAAM,CAAC,gBAAgB,IAAI,mBAAmB;SACnE;QACD,MAAM,EAAE;YACN,cAAc,EAAE,GAAG;YACnB,WAAW,EAAE,kEAAkE;YAC/E,kBAAkB,EAAE,CAAC,mBAAmB,MAAM,CAAC,EAAE,EAAE,CAAC;YACpD,qBAAqB,EAAE,CAAC,gBAAgB,CAAC;SAC1C;QACD,WAAW,EAAE;YACX,OAAO,EAAE,2CAA2C,MAAM,CAAC,IAAI,GAAG;YAClE,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,KAAK;YACb,KAAK,EAAE;gBACL;oBACE,KAAK,EAAE,CAAC;oBACR,MAAM,EAAE,wBAAwB;oBAChC,GAAG,EAAE;;;;;;;;;cASD,MAAM,CAAC,EAAE,IAAI;iBAClB;aACF;YACD,YAAY,EAAE,IAAI;SACnB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,oBAAoB;gBAC3B,GAAG,EAAE,0EAA0E;aAChF;SACF;QACD,yBAAyB,EAAE,QAAQ;QACnC,UAAU,EAAE,IAAI;KACjB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,+BAA+B,CAAC,MAAyB,EAAE,OAAe;IACjF,OAAO;QACL,UAAU,EAAE,IAAA,8BAAiB,EAAC,SAAS,EAAE,OAAO,CAAC;QACjD,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,sBAAsB;QACnC,KAAK,EAAE,mBAAmB,MAAM,CAAC,IAAI,+BAA+B;QACpE,WAAW,EAAE,uBAAuB,MAAM,CAAC,IAAI,sHAAsH;QACrK,QAAQ,EAAE;YACR,KAAK,EAAE,mBAAmB,MAAM,CAAC,EAAE,EAAE;SACtC;QACD,QAAQ,EAAE;YACR,SAAS,EAAE,MAAM,CAAC,EAAE;YACpB,WAAW,EAAE,MAAM,CAAC,IAAI;YACxB,kBAAkB,EAAE,MAAM,CAAC,gBAAgB;SAC5C;QACD,MAAM,EAAE;YACN,cAAc,EAAE,GAAG;YACnB,WAAW,EAAE,sEAAsE;YACnF,kBAAkB,EAAE,CAAC,mBAAmB,MAAM,CAAC,EAAE,EAAE,CAAC;YACpD,qBAAqB,EAAE,CAAC,gBAAgB,EAAE,YAAY,CAAC;SACxD;QACD,WAAW,EAAE;YACX,OAAO,EAAE,4CAA4C,MAAM,CAAC,IAAI,GAAG;YACnE,QAAQ,EAAE,MAAM;YAChB,MAAM,EAAE,KAAK;YACb,KAAK,EAAE;gBACL;oBACE,KAAK,EAAE,CAAC;oBACR,MAAM,EAAE,gCAAgC;oBACxC,GAAG,EAAE;;;;;;;;;cASD,MAAM,CAAC,EAAE,IAAI;iBAClB;aACF;YACD,YAAY,EAAE,IAAI;SACnB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,sBAAsB;gBAC7B,GAAG,EAAE,iGAAiG;aACvG;SACF;QACD,yBAAyB,EAAE,KAAK;QAChC,UAAU,EAAE,GAAG;KAChB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,iCAAiC,CAAC,MAAyB,EAAE,OAAe;IACnF,OAAO;QACL,UAAU,EAAE,IAAA,8BAAiB,EAAC,SAAS,EAAE,OAAO,CAAC;QACjD,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,wBAAwB;QACrC,KAAK,EAAE,mBAAmB,MAAM,CAAC,IAAI,0BAA0B;QAC/D,WAAW,EAAE,aAAa,MAAM,CAAC,IAAI,8GAA8G;QACnJ,QAAQ,EAAE;YACR,KAAK,EAAE,mBAAmB,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,IAAI,EAAE;SAC3D;QACD,QAAQ,EAAE;YACR,SAAS,EAAE,MAAM,CAAC,EAAE;YACpB,SAAS,EAAE,MAAM,CAAC,QAAQ;YAC1B,SAAS,EAAE,MAAM,CAAC,IAAI;YACtB,SAAS,EAAE,MAAM,CAAC,QAAQ;YAC1B,UAAU,EAAE,MAAM,CAAC,IAAI;YACvB,SAAS,EAAE,MAAM,CAAC,QAAQ;SAC3B;QACD,MAAM,EAAE;YACN,cAAc,EAAE,GAAG;YACnB,WAAW,EAAE,4EAA4E;YACzF,kBAAkB,EAAE,CAAC,mBAAmB,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YACzE,qBAAqB,EAAE,CAAC,iBAAiB,EAAE,aAAa,CAAC;SAC1D;QACD,WAAW,EAAE;YACX,OAAO,EAAE,oCAAoC,MAAM,CAAC,IAAI,GAAG;YAC3D,QAAQ,EAAE,WAAW;YACrB,MAAM,EAAE,KAAK;YACb,KAAK,EAAE;gBACL;oBACE,KAAK,EAAE,CAAC;oBACR,MAAM,EAAE,qCAAqC;oBAC7C,GAAG,EAAE;;cAED,MAAM,CAAC,EAAE,IAAI;iBAClB;gBACD;oBACE,KAAK,EAAE,CAAC;oBACR,MAAM,EAAE,gCAAgC;oBACxC,IAAI,EAAE,6DAA6D;iBACpE;gBACD;oBACE,KAAK,EAAE,CAAC;oBACR,MAAM,EAAE,0CAA0C;oBAClD,GAAG,EAAE;;;cAGD,MAAM,CAAC,QAAQ,IAAI;iBACxB;aACF;YACD,YAAY,EAAE,KAAK;SACpB;QACD,UAAU,EAAE;YACV;gBACE,KAAK,EAAE,+BAA+B;gBACtC,GAAG,EAAE,0DAA0D;aAChE;SACF;QACD,yBAAyB,EAAE,KAAK;QAChC,UAAU,EAAE,GAAG;KAChB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB;IACnC,OAAO;QACL;YACE,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,IAAI;YACZ,aAAa,EAAE,IAAI,GAAG,IAAI,EAAE,MAAM;YAClC,gBAAgB,EAAE,CAAC,YAAY,EAAE,WAAW,EAAE,WAAW,CAAC;SAC3D;QACD;YACE,EAAE,EAAE,WAAW;YACf,IAAI,EAAE,WAAW;YACjB,MAAM,EAAE,KAAK;YACb,aAAa,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,OAAO;YACxC,gBAAgB,EAAE,CAAC,iBAAiB,EAAE,YAAY,CAAC;SACpD;QACD;YACE,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,IAAI;YACZ,gBAAgB;YAChB,4BAA4B;SAC7B;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB;IACnC,OAAO;QACL;YACE,EAAE,EAAE,OAAO;YACX,QAAQ,EAAE,SAAS;YACnB,IAAI,EAAE,qBAAqB;YAC3B,IAAI,EAAE,MAAM;YACZ,QAAQ,EAAE,YAAY;YACtB,QAAQ,EAAE,IAAI;SACf;QACD;YACE,EAAE,EAAE,OAAO;YACX,QAAQ,EAAE,SAAS;YACnB,IAAI,EAAE,aAAa;YACnB,IAAI,EAAE,IAAI;YACV,QAAQ,EAAE,YAAY;YACtB,QAAQ,EAAE,IAAI;SACf;KACF,CAAC;AACJ,CAAC"}

package/dist/scanners/storage/index.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Storage Scanner Module
+ * Export all storage analysis functionality
+ */
+export * from './analyzer.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/scanners/storage/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/scanners/storage/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,cAAc,eAAe,CAAC"}

package/dist/scanners/storage/index.js

@@ -0,0 +1,22 @@
+"use strict";
+/**
+ * Storage Scanner Module
+ * Export all storage analysis functionality
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./analyzer.js"), exports);
+//# sourceMappingURL=index.js.map

package/dist/scanners/storage/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/scanners/storage/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;AAEH,gDAA8B"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "supasec",
-  "version": "1.0.3",
+  "version": "1.0.5",
   "description": "A free, open-source CLI tool for comprehensive Supabase security auditing",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/reports/{supasec-audityour-app-2026-01-28-17-09-24.html → supasec-audityour-app-2026-01-28-19-42-22.html}

@@ -522,17 +522,10 @@
         <!-- Header -->
         <div class="header">
             <div class="logo">S</div>
-            <h1>supasec.io</h1>
+            <h1>supasec</h1>
         </div>
         
-        <!-- Info Banner -->
-        <div class="info-banner">
-            <div class="icon">ℹ️</div>
-            <div>
-                <h2>Demo Security Report</h2>
-                <p>This is a sample report showing what Supasec findings look like. Ready to scan your own project?</p>
-            </div>
-        </div>
+
         
         <!-- Success Card -->
         <div class="success-card">
@@ -540,7 +533,7 @@
                 <div class="success-icon">✓</div>
                 <div>
                     <div class="success-title">Scan completed successfully in 0 seconds</div>
-                    <p style="font-size: 14px; color: #3b82f6; margin-top: 4px;">We found <a href="#findings">2 issues to review</a></p>
+                    <p style="font-size: 14px; color: #3b82f6; margin-top: 4px;">We found <a href="#findings">3 issues to review</a></p>
                 </div>
             </div>
             
@@ -555,11 +548,11 @@
                 </div>
                 <div class="info-group">
                     <h4>Duration</h4>
-                    <p>0.04 seconds</p>
+                    <p>0.07 seconds</p>
                 </div>
                 <div class="info-group">
                     <h4>Scan Date</h4>
-                    <p>28/1/2026, 10:39:24 pm</p>
+                    <p>29/1/2026, 1:12:22 am</p>
                 </div>
             </div>
         </div>
@@ -572,7 +565,7 @@
             </div>
             <div class="stat-card">
                 <div class="stat-label">High</div>
-                <div class="stat-value" style="color: #d97706;">1</div>
+                <div class="stat-value" style="color: #d97706;">2</div>
             </div>
             <div class="stat-card">
                 <div class="stat-label">Medium</div>
@@ -637,6 +630,40 @@
             </div></div>
         </div>
     </div>
+    <div class="accordion-card">
+        <div class="accordion-header">
+            <div style="flex: 1;">
+                <div class="accordion-title">
+                    <h3>HTTPS Analysis Failed</h3>
+                    <span class="badge badge-risk">⊘ Confirmed Risk</span>
+                </div>
+                <p>Failed to analyze HTTPS configuration: Invalid URL</p>
+            </div>
+            <span class="accordion-icon">▼</span>
+        </div>
+        <div class="accordion-content">
+            
+        <div class="content-section">
+            <h4>What we found</h4>
+            <p>Failed to analyze HTTPS configuration: Invalid URL</p>
+        </div>
+        <div class="content-section">
+            <h4>Impact</h4>
+            <p>Failed to analyze HTTPS configuration: Invalid URL</p>
+        </div>
+        <div class="content-section">
+            <h4>Our recommendation</h4>
+            <ul></ul></div>
+        <div class="tech-details-section" style="margin-top: 16px; padding: 16px; background: #f8fafc; border-radius: 8px; border: 1px solid #e2e8f0;">
+            <h4 style="font-size: 13px; font-weight: 600; color: #1e293b; margin-bottom: 12px; text-transform: uppercase; letter-spacing: 0.5px;">Technical Details</h4>
+            <div style="margin-bottom: 12px;">
+                <span style="font-size: 12px; color: #64748b; display: block; margin-bottom: 4px;">Key Type:</span>
+                <span style="font-size: 13px; color: #334155; font-weight: 500;">analysis</span>
+            </div>
+            <div style="margin-bottom: 12px;">
+                <span style="font-size: 12px; color: #64748b; display: block; margin-bottom: 4px;">Location:</span><div style="font-family: 'Monaco', 'Consolas', monospace; font-size: 13px; color: #334155;">audityour.app</div></div></div>
+        </div>
+    </div>
     <div class="accordion-card">
         <div class="accordion-header">
             <div style="flex: 1;">
@@ -644,7 +671,7 @@
                     <h3>Supabase Anon Key Exposed</h3>
                     <span class="badge badge-concern">⚠ Potential Concern</span>
                 </div>
-                <p>Found supabase anon key in javascript content. Potential Supabase anon key - verify if properly scop...</p>
+                <p>Found supabase anon key in javascript content. Anonymous key with public access - limited by RLS pol...</p>
             </div>
             <span class="accordion-icon">▼</span>
         </div>
@@ -652,7 +679,15 @@
             
         <div class="content-section">
             <h4>What we found</h4>
-            <p>Found supabase anon key in javascript content. Potential Supabase anon key - verify if properly scoped</p>
+            <p>Found supabase anon key in javascript content. Anonymous key with public access - limited by RLS policies
+
+Permission Level: Anonymous Key - Public access with RLS restrictions
+
+Potential Risks:
+• Access limited by RLS policies
+• Can sign up new users
+• Can access public data
+• Low risk if RLS properly configured</p>
         </div>
         <div class="content-section">
             <h4>Impact</h4>
@@ -703,7 +738,7 @@
         <div class="footer">
             <p>Supasec is an independent service and is not affiliated, associated, authorized, endorsed by, or in any way officially connected with Supabase Inc.</p>
             <p>"Supabase" and related marks are trademarks of Supabase Inc. Any mention is for descriptive purposes only and does not imply any partnership.</p>
-            <p style="margin-top: 16px; color: #64748b;">Generated by Supasec • Report ID: scan_2026-01-28T17-09-24</p>
+            <p style="margin-top: 16px; color: #64748b;">Generated by Supasec • Report ID: scan_2026-01-28T19-42-22</p>
         </div>
     </div>