supasec 1.0.4 → 1.0.5

package/dist/scanners/secrets/patterns.js

@@ -5,10 +5,131 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.allPatterns = exports.envPatterns = exports.genericPatterns = exports.apiKeyPatterns = exports.supabasePatterns = void 0;
+exports.analyzeJWT = analyzeJWT;
+exports.getJWTPermissionLevel = getJWTPermissionLevel;
 exports.calculateEntropy = calculateEntropy;
 exports.hasHighEntropy = hasHighEntropy;
 exports.maskSecret = maskSecret;
 exports.detectSecrets = detectSecrets;
+/**
+ * Decode and analyze a JWT token
+ * Extracts role, permissions, and other security-relevant claims
+ */
+function analyzeJWT(token) {
+    const parts = token.split('.');
+    if (parts.length !== 3) {
+        return { isValid: false };
+    }
+    try {
+        // Decode header (for validation)
+        JSON.parse(Buffer.from(parts[0], 'base64url').toString());
+        // Decode payload
+        const payload = JSON.parse(Buffer.from(parts[1], 'base64url').toString());
+        // Determine role
+        let role = 'unknown';
+        const tokenRole = payload.role ||
+            (payload.app_metadata && payload.app_metadata.role) ||
+            (payload.user_metadata && payload.user_metadata.role);
+        if (tokenRole === 'service_role') {
+            role = 'service_role';
+        }
+        else if (tokenRole === 'anon') {
+            role = 'anon';
+        }
+        else if (tokenRole === 'authenticated') {
+            role = 'authenticated';
+        }
+        // Extract permissions
+        const permissions = [];
+        if (payload.permissions) {
+            permissions.push(...payload.permissions);
+        }
+        if (payload.app_metadata && payload.app_metadata.permissions) {
+            permissions.push(...payload.app_metadata.permissions);
+        }
+        // Check for dangerous permissions
+        const dangerousPermissions = [
+            'supabase_admin',
+            'postgres',
+            'superuser',
+            'all',
+            '*'
+        ];
+        const hasDangerousPermissions = permissions.some(p => dangerousPermissions.includes(p.toLowerCase()));
+        return {
+            isValid: true,
+            role,
+            permissions: permissions.length > 0 ? permissions : undefined,
+            issuer: payload.iss,
+            audience: payload.aud,
+            expiresAt: payload.exp ? new Date(payload.exp * 1000) : undefined,
+            claims: {
+                ...payload,
+                hasDangerousPermissions,
+                isExpired: payload.exp ? Date.now() > payload.exp * 1000 : false
+            }
+        };
+    }
+    catch {
+        return { isValid: false };
+    }
+}
+/**
+ * Get permission level description for a JWT
+ */
+function getJWTPermissionLevel(analysis) {
+    if (!analysis.isValid) {
+        return {
+            level: 'LOW',
+            description: 'Invalid or malformed JWT token',
+            risks: ['Token may not be functional']
+        };
+    }
+    switch (analysis.role) {
+        case 'service_role':
+            return {
+                level: 'CRITICAL',
+                description: 'Service Role Key - Full database access with bypass privileges',
+                risks: [
+                    'Can bypass all RLS policies',
+                    'Can read/write/delete any data',
+                    'Can execute admin operations',
+                    'Can manage users and auth',
+                    'Complete database compromise possible'
+                ]
+            };
+        case 'anon':
+            return {
+                level: 'MEDIUM',
+                description: 'Anonymous Key - Public access with RLS restrictions',
+                risks: [
+                    'Access limited by RLS policies',
+                    'Can sign up new users',
+                    'Can access public data',
+                    'Low risk if RLS properly configured'
+                ]
+            };
+        case 'authenticated':
+            return {
+                level: 'HIGH',
+                description: 'Authenticated User Token - User-level access',
+                risks: [
+                    'Access limited to user\'s own data (via RLS)',
+                    'Can perform actions as the user',
+                    'Risk depends on user permissions'
+                ]
+            };
+        default:
+            return {
+                level: 'MEDIUM',
+                description: 'Unknown role - Manual verification required',
+                risks: [
+                    'Unable to determine permission level',
+                    'May have unexpected access rights'
+                ]
+            };
+    }
+}
 /**
  * Supabase-specific patterns
  */
@@ -18,22 +139,10 @@ exports.supabasePatterns = [
         pattern: /eyJ[A-Za-z0-9-_]*\.eyJ[A-Za-z0-9-_]*\.[A-Za-z0-9-_]*/g,
         severity: 'CRITICAL',
         category: 'supabase',
-        description: 'Potential Supabase JWT token - needs role verification',
+        description: 'Service role key with full database access - can bypass all RLS policies',
         validator: (match) => {
-            // Check if it's a valid JWT format
-            const parts = match.split('.');
-            if (parts.length !== 3)
-                return false;
-            try {
-                // Decode payload
-                const payload = JSON.parse(Buffer.from(parts[1], 'base64url').toString());
-                // Check for service_role claim
-                return payload.role === 'service_role' ||
-                    (payload.app_metadata && payload.app_metadata.role === 'service_role');
-            }
-            catch {
-                return false;
-            }
+            const analysis = analyzeJWT(match);
+            return analysis.isValid && analysis.role === 'service_role';
         }
     },
     {
@@ -41,19 +150,21 @@ exports.supabasePatterns = [
         pattern: /eyJ[A-Za-z0-9-_]*\.eyJ[A-Za-z0-9-_]*\.[A-Za-z0-9-_]*/g,
         severity: 'MEDIUM',
         category: 'supabase',
-        description: 'Potential Supabase anon key - verify if properly scoped',
+        description: 'Anonymous key with public access - limited by RLS policies',
         validator: (match) => {
-            const parts = match.split('.');
-            if (parts.length !== 3)
-                return false;
-            try {
-                const payload = JSON.parse(Buffer.from(parts[1], 'base64url').toString());
-                return payload.role === 'anon' ||
-                    (payload.app_metadata && payload.app_metadata.role === 'anon');
-            }
-            catch {
-                return false;
-            }
+            const analysis = analyzeJWT(match);
+            return analysis.isValid && analysis.role === 'anon';
+        }
+    },
+    {
+        name: 'Supabase Authenticated User Token',
+        pattern: /eyJ[A-Za-z0-9-_]*\.eyJ[A-Za-z0-9-_]*\.[A-Za-z0-9-_]*/g,
+        severity: 'HIGH',
+        category: 'supabase',
+        description: 'Authenticated user token - access limited to user data via RLS',
+        validator: (match) => {
+            const analysis = analyzeJWT(match);
+            return analysis.isValid && analysis.role === 'authenticated';
         }
     },
     {

package/dist/scanners/secrets/patterns.js.map

@@ -1 +1 @@
-{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../../src/scanners/secrets/patterns.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAwNH,4CAgBC;AAKD,wCAEC;AAKD,gCAUC;AAaD,sCA4CC;AA5SD;;GAEG;AACU,QAAA,gBAAgB,GAAoB;IAC/C;QACE,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,wDAAwD;QACrE,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,mCAAmC;YACnC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YAErC,IAAI,CAAC;gBACH,iBAAiB;gBACjB,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC1E,+BAA+B;gBAC/B,OAAO,OAAO,CAAC,IAAI,KAAK,cAAc;oBAC/B,CAAC,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC,IAAI,KAAK,cAAc,CAAC,CAAC;YAChF,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;KACF;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,yDAAyD;QACtE,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YAErC,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC1E,OAAO,OAAO,CAAC,IAAI,KAAK,MAAM;oBACvB,CAAC,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;YACxE,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;KACF;IACD;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,sCAAsC;QAC/C,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,+BAA+B;KAC7C;IACD;QACE,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,wEAAwE;QACjF,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,sCAAsC;KACpD;CACF,CAAC;AAEF;;GAEG;AACU,QAAA,cAAc,GAAoB;IAC7C;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,8CAA8C;KAC5D;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,wBAAwB;KACtC;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,qBAAqB;QAC9B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE,gBAAgB;KAC9B;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,8BAA8B;KAC5C;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,oBAAoB;KAClC;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,mBAAmB;QAC5B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,OAAO;QACjB,WAAW,EAAE,mBAAmB;KACjC;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,wGAAwG;QACjH,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,OAAO;QACjB,WAAW,EAAE,uBAAuB;KACrC;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,2CAA2C;QACpD,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,OAAO;QACjB,WAAW,EAAE,kBAAkB;KAChC;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,iBAAiB;QAC1B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,gBAAgB;KAC9B;IACD;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,WAAW;QACrB,WAAW,EAAE,sBAAsB;KACpC;CACF,CAAC;AAEF;;GAEG;AACU,QAAA,eAAe,GAAoB;IAC9C;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,wFAAwF;QACjG,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,yBAAyB;KACvC;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,wEAAwE;QACjF,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,iCAAiC;KAC/C;IACD;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,sBAAsB;KACpC;IACD;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,oBAAoB;KAClC;IACD;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,8BAA8B;QACvC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,uBAAuB;KACrC;CACF,CAAC;AAEF;;GAEG;AACU,QAAA,WAAW,GAAoB;IAC1C;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,wEAAwE;QACjF,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,4BAA4B;KAC1C;CACF,CAAC;AAEF;;GAEG;AACU,QAAA,WAAW,GAAoB;IAC1C,GAAG,wBAAgB;IACnB,GAAG,sBAAc;IACjB,GAAG,uBAAe;IAClB,GAAG,mBAAW;CACf,CAAC;AAEF;;;GAGG;AACH,SAAgB,gBAAgB,CAAC,GAAW;IAC1C,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC;IACvB,IAAI,GAAG,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IAExB,MAAM,IAAI,GAA2B,EAAE,CAAC;IACxC,KAAK,MAAM,IAAI,IAAI,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACrC,CAAC;IAED,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC;QACxB,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;QAC3B,OAAO,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,GAAW,EAAE,YAAoB,GAAG;IACjE,OAAO,gBAAgB,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,SAAgB,UAAU,CAAC,MAAc,EAAE,eAAuB,CAAC;IACjE,IAAI,MAAM,CAAC,MAAM,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;QACtC,OAAO,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC5C,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,YAAY,GAAG,CAAC,CAAC,CAAC;IAE5D,OAAO,GAAG,KAAK,GAAG,MAAM,GAAG,GAAG,EAAE,CAAC;AACnC,CAAC;AAaD,SAAgB,aAAa,CAAC,OAAe,EAAE,WAA4B,mBAAW;IACpF,MAAM,QAAQ,GAAqB,EAAE,CAAC;IACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,wBAAwB;QACxB,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAE9B,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACxD,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC7B,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC;YAE/B,+BAA+B;YAC/B,IAAI,OAAO,CAAC,SAAS,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzD,SAAS;YACX,CAAC;YAED,uBAAuB;YACvB,IAAI,IAAI,GAAG,CAAC,CAAC;YACb,IAAI,MAAM,GAAG,CAAC,CAAC;YACf,IAAI,YAAY,GAAG,CAAC,CAAC;YAErB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,iBAAiB;gBACzD,IAAI,YAAY,GAAG,UAAU,GAAG,UAAU,EAAE,CAAC;oBAC3C,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;oBACb,MAAM,GAAG,UAAU,GAAG,YAAY,GAAG,CAAC,CAAC;oBACvC,MAAM;gBACR,CAAC;gBACD,YAAY,IAAI,UAAU,CAAC;YAC7B,CAAC;YAED,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO;gBACP,KAAK,EAAE,WAAW;gBAClB,IAAI;gBACJ,MAAM;gBACN,MAAM,EAAE,UAAU,CAAC,WAAW,CAAC;aAChC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
+{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../../src/scanners/secrets/patterns.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AA4BH,gCAiEC;AAKD,sDA4DC;AAuMD,4CAgBC;AAKD,wCAEC;AAKD,gCAUC;AAaD,sCA4CC;AA5aD;;;GAGG;AACH,SAAgB,UAAU,CAAC,KAAa;IACtC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC5B,CAAC;IAED,IAAI,CAAC;QACH,iCAAiC;QACjC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QAE1D,iBAAiB;QACjB,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QAE1E,iBAAiB;QACjB,IAAI,IAAI,GAA8B,SAAS,CAAC;QAChD,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI;YACZ,CAAC,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC;YACnD,CAAC,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QAExE,IAAI,SAAS,KAAK,cAAc,EAAE,CAAC;YACjC,IAAI,GAAG,cAAc,CAAC;QACxB,CAAC;aAAM,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;YAChC,IAAI,GAAG,MAAM,CAAC;QAChB,CAAC;aAAM,IAAI,SAAS,KAAK,eAAe,EAAE,CAAC;YACzC,IAAI,GAAG,eAAe,CAAC;QACzB,CAAC;QAED,sBAAsB;QACtB,MAAM,WAAW,GAAa,EAAE,CAAC;QACjC,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACxB,WAAW,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;QAC3C,CAAC;QACD,IAAI,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC;YAC7D,WAAW,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;QACxD,CAAC;QAED,kCAAkC;QAClC,MAAM,oBAAoB,GAAG;YAC3B,gBAAgB;YAChB,UAAU;YACV,WAAW;YACX,KAAK;YACL,GAAG;SACJ,CAAC;QAEF,MAAM,uBAAuB,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACnD,oBAAoB,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAC/C,CAAC;QAEF,OAAO;YACL,OAAO,EAAE,IAAI;YACb,IAAI;YACJ,WAAW,EAAE,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;YAC7D,MAAM,EAAE,OAAO,CAAC,GAAG;YACnB,QAAQ,EAAE,OAAO,CAAC,GAAG;YACrB,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;YACjE,MAAM,EAAE;gBACN,GAAG,OAAO;gBACV,uBAAuB;gBACvB,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,KAAK;aACjE;SACF,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC5B,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CAAC,QAA2B;IAK/D,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACtB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,WAAW,EAAE,gCAAgC;YAC7C,KAAK,EAAE,CAAC,6BAA6B,CAAC;SACvC,CAAC;IACJ,CAAC;IAED,QAAQ,QAAQ,CAAC,IAAI,EAAE,CAAC;QACtB,KAAK,cAAc;YACjB,OAAO;gBACL,KAAK,EAAE,UAAU;gBACjB,WAAW,EAAE,gEAAgE;gBAC7E,KAAK,EAAE;oBACL,6BAA6B;oBAC7B,gCAAgC;oBAChC,8BAA8B;oBAC9B,2BAA2B;oBAC3B,uCAAuC;iBACxC;aACF,CAAC;QAEJ,KAAK,MAAM;YACT,OAAO;gBACL,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,qDAAqD;gBAClE,KAAK,EAAE;oBACL,gCAAgC;oBAChC,uBAAuB;oBACvB,wBAAwB;oBACxB,qCAAqC;iBACtC;aACF,CAAC;QAEJ,KAAK,eAAe;YAClB,OAAO;gBACL,KAAK,EAAE,MAAM;gBACb,WAAW,EAAE,8CAA8C;gBAC3D,KAAK,EAAE;oBACL,8CAA8C;oBAC9C,iCAAiC;oBACjC,kCAAkC;iBACnC;aACF,CAAC;QAEJ;YACE,OAAO;gBACL,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,6CAA6C;gBAC1D,KAAK,EAAE;oBACL,sCAAsC;oBACtC,mCAAmC;iBACpC;aACF,CAAC;IACN,CAAC;AACH,CAAC;AAED;;GAEG;AACU,QAAA,gBAAgB,GAAoB;IAC/C;QACE,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,0EAA0E;QACvF,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;YACnC,OAAO,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,IAAI,KAAK,cAAc,CAAC;QAC9D,CAAC;KACF;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,4DAA4D;QACzE,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;YACnC,OAAO,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,IAAI,KAAK,MAAM,CAAC;QACtD,CAAC;KACF;IACD;QACE,IAAI,EAAE,mCAAmC;QACzC,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,gEAAgE;QAC7E,SAAS,EAAE,CAAC,KAAa,EAAE,EAAE;YAC3B,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;YACnC,OAAO,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,IAAI,KAAK,eAAe,CAAC;QAC/D,CAAC;KACF;IACD;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,sCAAsC;QAC/C,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,+BAA+B;KAC7C;IACD;QACE,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,wEAAwE;QACjF,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,sCAAsC;KACpD;CACF,CAAC;AAEF;;GAEG;AACU,QAAA,cAAc,GAAoB;IAC7C;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,8CAA8C;KAC5D;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,wBAAwB;KACtC;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,qBAAqB;QAC9B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE,gBAAgB;KAC9B;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,8BAA8B;KAC5C;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,sBAAsB;QAC/B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,oBAAoB;KAClC;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,mBAAmB;QAC5B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,OAAO;QACjB,WAAW,EAAE,mBAAmB;KACjC;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,wGAAwG;QACjH,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,OAAO;QACjB,WAAW,EAAE,uBAAuB;KACrC;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,2CAA2C;QACpD,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,OAAO;QACjB,WAAW,EAAE,kBAAkB;KAChC;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,iBAAiB;QAC1B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,gBAAgB;KAC9B;IACD;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,WAAW;QACrB,WAAW,EAAE,sBAAsB;KACpC;CACF,CAAC;AAEF;;GAEG;AACU,QAAA,eAAe,GAAoB;IAC9C;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,wFAAwF;QACjG,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,yBAAyB;KACvC;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,wEAAwE;QACjF,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,iCAAiC;KAC/C;IACD;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,sBAAsB;KACpC;IACD;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,oBAAoB;KAClC;IACD;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,8BAA8B;QACvC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,uBAAuB;KACrC;CACF,CAAC;AAEF;;GAEG;AACU,QAAA,WAAW,GAAoB;IAC1C;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,wEAAwE;QACjF,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,4BAA4B;KAC1C;CACF,CAAC;AAEF;;GAEG;AACU,QAAA,WAAW,GAAoB;IAC1C,GAAG,wBAAgB;IACnB,GAAG,sBAAc;IACjB,GAAG,uBAAe;IAClB,GAAG,mBAAW;CACf,CAAC;AAEF;;;GAGG;AACH,SAAgB,gBAAgB,CAAC,GAAW;IAC1C,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC;IACvB,IAAI,GAAG,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IAExB,MAAM,IAAI,GAA2B,EAAE,CAAC;IACxC,KAAK,MAAM,IAAI,IAAI,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACrC,CAAC;IAED,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC;QACxB,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;QAC3B,OAAO,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,GAAW,EAAE,YAAoB,GAAG;IACjE,OAAO,gBAAgB,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,SAAgB,UAAU,CAAC,MAAc,EAAE,eAAuB,CAAC;IACjE,IAAI,MAAM,CAAC,MAAM,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;QACtC,OAAO,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC5C,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,YAAY,GAAG,CAAC,CAAC,CAAC;IAE5D,OAAO,GAAG,KAAK,GAAG,MAAM,GAAG,GAAG,EAAE,CAAC;AACnC,CAAC;AAaD,SAAgB,aAAa,CAAC,OAAe,EAAE,WAA4B,mBAAW;IACpF,MAAM,QAAQ,GAAqB,EAAE,CAAC;IACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,wBAAwB;QACxB,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAE9B,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACxD,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC7B,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC;YAE/B,+BAA+B;YAC/B,IAAI,OAAO,CAAC,SAAS,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzD,SAAS;YACX,CAAC;YAED,uBAAuB;YACvB,IAAI,IAAI,GAAG,CAAC,CAAC;YACb,IAAI,MAAM,GAAG,CAAC,CAAC;YACf,IAAI,YAAY,GAAG,CAAC,CAAC;YAErB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,iBAAiB;gBACzD,IAAI,YAAY,GAAG,UAAU,GAAG,UAAU,EAAE,CAAC;oBAC3C,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;oBACb,MAAM,GAAG,UAAU,GAAG,YAAY,GAAG,CAAC,CAAC;oBACvC,MAAM;gBACR,CAAC;gBACD,YAAY,IAAI,UAAU,CAAC;YAC7B,CAAC;YAED,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO;gBACP,KAAK,EAAE,WAAW;gBAClB,IAAI;gBACJ,MAAM;gBACN,MAAM,EAAE,UAAU,CAAC,WAAW,CAAC;aAChC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/scanners/storage/analyzer.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Storage Bucket Analyzer
+ * Scans for storage bucket security issues and misconfigurations
+ */
+import { Finding } from '../../models/finding.js';
+export interface StorageBucketInfo {
+    id: string;
+    name: string;
+    public: boolean;
+    fileSizeLimit?: number;
+    allowedMimeTypes?: string[];
+    owner?: string;
+    createdAt?: string;
+}
+export interface StorageObjectInfo {
+    id: string;
+    bucketId: string;
+    name: string;
+    size: number;
+    mimeType: string;
+    isPublic: boolean;
+    metadata?: Record<string, any>;
+}
+export interface StorageScanOptions {
+    buckets: StorageBucketInfo[];
+    objects?: StorageObjectInfo[];
+    supabaseUrl: string;
+    anonKey?: string;
+}
+export interface StorageScanResult {
+    findings: Finding[];
+    bucketsScanned: number;
+    objectsScanned: number;
+    publicBuckets: number;
+    misconfiguredBuckets: number;
+}
+/**
+ * Analyze storage buckets for security issues
+ */
+export declare function analyzeStorage(options: StorageScanOptions): Promise<StorageScanResult>;
+/**
+ * Mock storage buckets for testing
+ */
+export declare function getMockStorageBuckets(): StorageBucketInfo[];
+/**
+ * Mock storage objects for testing
+ */
+export declare function getMockStorageObjects(): StorageObjectInfo[];
+//# sourceMappingURL=analyzer.d.ts.map

package/dist/scanners/storage/analyzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"analyzer.d.ts","sourceRoot":"","sources":["../../../src/scanners/storage/analyzer.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,EAAqB,MAAM,yBAAyB,CAAC;AAErE,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,iBAAiB,EAAE,CAAC;IAC7B,OAAO,CAAC,EAAE,iBAAiB,EAAE,CAAC;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,oBAAoB,EAAE,MAAM,CAAC;CAC9B;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAkF5F;AAsTD;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,iBAAiB,EAAE,CAwB3D;AAED;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,iBAAiB,EAAE,CAmB3D"}