vantaverse-ai-reviewer 0.3.2 → 0.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/ai/gemini-client.d.ts.map +1 -1
- package/dist/ai/gemini-client.js +6 -2
- package/dist/ai/gemini-client.js.map +1 -1
- package/dist/auth/token-manager.d.ts +1 -1
- package/dist/auth/token-manager.d.ts.map +1 -1
- package/dist/auth/token-manager.js +120 -10
- package/dist/auth/token-manager.js.map +1 -1
- package/dist/commands/scan.d.ts.map +1 -1
- package/dist/commands/scan.js +24 -4
- package/dist/commands/scan.js.map +1 -1
- package/dist/core/executor.d.ts +1 -0
- package/dist/core/executor.d.ts.map +1 -1
- package/dist/core/executor.js +16 -6
- package/dist/core/executor.js.map +1 -1
- package/dist/core/security-scanner.d.ts.map +1 -1
- package/dist/core/security-scanner.js +22 -15
- package/dist/core/security-scanner.js.map +1 -1
- package/dist/core/security.d.ts +18 -7
- package/dist/core/security.d.ts.map +1 -1
- package/dist/core/security.js +120 -48
- package/dist/core/security.js.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gemini-client.d.ts","sourceRoot":"","sources":["../../src/ai/gemini-client.ts"],"names":[],"mappings":"AAAA;;GAEG;
|
|
1
|
+
{"version":3,"file":"gemini-client.d.ts","sourceRoot":"","sources":["../../src/ai/gemini-client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,MAAM,WAAW,cAAc;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;CACtB;AAED,qBAAa,YAAY;IACrB,OAAO,CAAC,KAAK,CAAkB;IAC/B,OAAO,CAAC,SAAS,CAAS;gBAEd,MAAM,EAAE,MAAM,EAAE,SAAS,GAAE,MAA2B;IAMlE;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAYhE;;OAEG;IACG,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAkBtF;;OAEG;IACG,eAAe,CACjB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,EAC1B,OAAO,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,cAAc,CAAC;IAQ1B;;OAEG;IACH,OAAO,CAAC,WAAW;IAYnB;;OAEG;IACH,YAAY,IAAI,MAAM;CAGzB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,YAAY,CAE/E"}
|
package/dist/ai/gemini-client.js
CHANGED
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
* Gemini AI Client - Wrapper for Google's Generative AI SDK
|
|
3
3
|
*/
|
|
4
4
|
import { GoogleGenerativeAI } from '@google/generative-ai';
|
|
5
|
+
import { sanitizeErrorMessage } from '../core/security.js';
|
|
5
6
|
export class GeminiClient {
|
|
6
7
|
model;
|
|
7
8
|
modelName;
|
|
@@ -20,7 +21,8 @@ export class GeminiClient {
|
|
|
20
21
|
return { valid: !!text };
|
|
21
22
|
}
|
|
22
23
|
catch (error) {
|
|
23
|
-
|
|
24
|
+
// Sanitize error message to prevent credential leakage
|
|
25
|
+
const message = sanitizeErrorMessage(error);
|
|
24
26
|
return { valid: false, error: message };
|
|
25
27
|
}
|
|
26
28
|
}
|
|
@@ -38,7 +40,9 @@ export class GeminiClient {
|
|
|
38
40
|
};
|
|
39
41
|
}
|
|
40
42
|
catch (error) {
|
|
41
|
-
|
|
43
|
+
// Sanitize error to prevent API key or sensitive info leakage
|
|
44
|
+
const sanitizedMessage = sanitizeErrorMessage(error);
|
|
45
|
+
throw new Error(`Gemini API error: ${sanitizedMessage}`);
|
|
42
46
|
}
|
|
43
47
|
}
|
|
44
48
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gemini-client.js","sourceRoot":"","sources":["../../src/ai/gemini-client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,kBAAkB,EAAmB,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"gemini-client.js","sourceRoot":"","sources":["../../src/ai/gemini-client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,kBAAkB,EAAmB,MAAM,uBAAuB,CAAC;AAC5E,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAO3D,MAAM,OAAO,YAAY;IACb,KAAK,CAAkB;IACvB,SAAS,CAAS;IAE1B,YAAY,MAAc,EAAE,YAAoB,kBAAkB;QAC9D,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QAC5D,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACb,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,8BAA8B,CAAC,CAAC;YAChF,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,uDAAuD;YACvD,MAAM,OAAO,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;YAC5C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;QAC5C,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,MAAc,EAAE,IAAY,EAAE,OAAgB;QACxD,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAE3D,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;YAC5D,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;YAEjC,OAAO;gBACH,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE;gBACxB,UAAU,EAAE,QAAQ,CAAC,aAAa,EAAE,eAAe,IAAI,CAAC;aAC3D,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,8DAA8D;YAC9D,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACrD,MAAM,IAAI,KAAK,CAAC,qBAAqB,gBAAgB,EAAE,CAAC,CAAC;QAC7D,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACjB,MAAc,EACd,KAA0B,EAC1B,OAAgB;QAEhB,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;aAC3C,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,aAAa,IAAI,aAAa,OAAO,UAAU,CAAC;aACzE,IAAI,CAAC,MAAM,CAAC,CAAC;QAElB,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;IACvD,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,WAAmB,EAAE,IAAY,EAAE,OAAgB;QACnE,IAAI,MAAM,GAAG,WAAW,GAAG,MAAM,CAAC;QAElC,IAAI,OAAO,EAAE,CAAC;YACV,MAAM,IAAI,eAAe,OAAO,MAAM,CAAC;QAC3C,CAAC;QAED,MAAM,IAAI,uBAAuB,IAAI,EAAE,CAAC;QAExC,OAAO,MAAM,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,YAAY;QACR,OAAO,IAAI,CAAC,SAAS,CAAC;IAC1B,CAAC;CACJ;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAc,EAAE,KAAc;IAC7D,OAAO,IAAI,YAAY,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAC3C,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-manager.d.ts","sourceRoot":"","sources":["../../src/auth/token-manager.ts"],"names":[],"mappings":"AAAA;;;GAGG;
|
|
1
|
+
{"version":3,"file":"token-manager.d.ts","sourceRoot":"","sources":["../../src/auth/token-manager.ts"],"names":[],"mappings":"AAAA;;;GAGG;AA2HH;;GAEG;AACH,wBAAgB,QAAQ,IAAI,OAAO,CAMlC;AAED;;GAEG;AACH,wBAAgB,QAAQ,IAAI,MAAM,GAAG,SAAS,CAQ7C;AAED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAI5C;AAED;;GAEG;AACH,wBAAgB,UAAU,IAAI,IAAI,CAGjC;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAGzD;AAED;;GAEG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC,CAgCnD;AAED;;GAEG;AACH,wBAAgB,eAAe,IAAI,IAAI,CAWtC"}
|
|
@@ -1,29 +1,138 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Token Manager - Secure storage for Gemini API token
|
|
3
|
-
* Uses 'conf' for encrypted local storage
|
|
3
|
+
* Uses 'conf' for encrypted local storage with machine-specific key derivation
|
|
4
4
|
*/
|
|
5
5
|
import Conf from 'conf';
|
|
6
6
|
import inquirer from 'inquirer';
|
|
7
7
|
import chalk from 'chalk';
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
8
|
+
import { createHash } from 'crypto';
|
|
9
|
+
import os from 'os';
|
|
10
|
+
import fs from 'fs';
|
|
11
|
+
import path from 'path';
|
|
12
|
+
// Current key version - increment when changing key derivation
|
|
13
|
+
const KEY_VERSION = 'v2';
|
|
14
|
+
/**
|
|
15
|
+
* Derive a machine-specific encryption key
|
|
16
|
+
* This ensures stored tokens can only be decrypted on the same machine
|
|
17
|
+
*/
|
|
18
|
+
function deriveEncryptionKey() {
|
|
19
|
+
const machineIdentifiers = [
|
|
20
|
+
os.hostname(),
|
|
21
|
+
os.userInfo().username,
|
|
22
|
+
os.platform(),
|
|
23
|
+
os.arch(),
|
|
24
|
+
os.homedir(),
|
|
25
|
+
'ai-reviewer-v2-secure' // Salt
|
|
26
|
+
].join(':');
|
|
27
|
+
return createHash('sha256')
|
|
28
|
+
.update(machineIdentifiers)
|
|
29
|
+
.digest('hex')
|
|
30
|
+
.slice(0, 32);
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Get the config file path used by conf
|
|
34
|
+
*/
|
|
35
|
+
function getConfigPath() {
|
|
36
|
+
const appName = 'ai-reviewer';
|
|
37
|
+
if (process.platform === 'win32') {
|
|
38
|
+
return path.join(process.env.APPDATA || os.homedir(), appName, 'config.json');
|
|
39
|
+
}
|
|
40
|
+
else if (process.platform === 'darwin') {
|
|
41
|
+
return path.join(os.homedir(), 'Library', 'Preferences', `${appName}-nodejs`, 'config.json');
|
|
42
|
+
}
|
|
43
|
+
else {
|
|
44
|
+
return path.join(process.env.XDG_CONFIG_HOME || path.join(os.homedir(), '.config'), appName, 'config.json');
|
|
14
45
|
}
|
|
15
|
-
}
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* Clear old config file if it exists and can't be read
|
|
49
|
+
* This handles migration from old encryption key to new one
|
|
50
|
+
*/
|
|
51
|
+
function clearCorruptedConfig() {
|
|
52
|
+
const configPath = getConfigPath();
|
|
53
|
+
try {
|
|
54
|
+
if (fs.existsSync(configPath)) {
|
|
55
|
+
fs.unlinkSync(configPath);
|
|
56
|
+
console.log(chalk.yellow('⚠ Configuration migrated to new secure format.'));
|
|
57
|
+
console.log(chalk.dim(' You will need to re-enter your API token.\n'));
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
catch {
|
|
61
|
+
// Ignore errors - directory might not exist
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
/**
|
|
65
|
+
* Create config with error handling for corrupted/incompatible config files
|
|
66
|
+
*/
|
|
67
|
+
function createConfig() {
|
|
68
|
+
try {
|
|
69
|
+
const conf = new Conf({
|
|
70
|
+
projectName: 'ai-reviewer',
|
|
71
|
+
encryptionKey: deriveEncryptionKey(),
|
|
72
|
+
schema: {
|
|
73
|
+
geminiToken: { type: 'string' },
|
|
74
|
+
configuredAt: { type: 'string' },
|
|
75
|
+
keyVersion: { type: 'string' }
|
|
76
|
+
}
|
|
77
|
+
});
|
|
78
|
+
// Test if we can read the config (will throw if encrypted with different key)
|
|
79
|
+
const keyVersion = conf.get('keyVersion');
|
|
80
|
+
// If key version doesn't match, we need to migrate
|
|
81
|
+
if (keyVersion && keyVersion !== KEY_VERSION) {
|
|
82
|
+
conf.clear();
|
|
83
|
+
}
|
|
84
|
+
return conf;
|
|
85
|
+
}
|
|
86
|
+
catch (error) {
|
|
87
|
+
// Config is corrupted or encrypted with old key - clear it and try again
|
|
88
|
+
clearCorruptedConfig();
|
|
89
|
+
return new Conf({
|
|
90
|
+
projectName: 'ai-reviewer',
|
|
91
|
+
encryptionKey: deriveEncryptionKey(),
|
|
92
|
+
schema: {
|
|
93
|
+
geminiToken: { type: 'string' },
|
|
94
|
+
configuredAt: { type: 'string' },
|
|
95
|
+
keyVersion: { type: 'string' }
|
|
96
|
+
}
|
|
97
|
+
});
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
// Create config instance with migration handling
|
|
101
|
+
let config;
|
|
102
|
+
try {
|
|
103
|
+
config = createConfig();
|
|
104
|
+
}
|
|
105
|
+
catch (error) {
|
|
106
|
+
// Last resort - create a new config
|
|
107
|
+
clearCorruptedConfig();
|
|
108
|
+
config = new Conf({
|
|
109
|
+
projectName: 'ai-reviewer',
|
|
110
|
+
encryptionKey: deriveEncryptionKey(),
|
|
111
|
+
});
|
|
112
|
+
}
|
|
16
113
|
/**
|
|
17
114
|
* Check if a valid token is stored
|
|
18
115
|
*/
|
|
19
116
|
export function hasToken() {
|
|
20
|
-
|
|
117
|
+
try {
|
|
118
|
+
return !!config.get('geminiToken');
|
|
119
|
+
}
|
|
120
|
+
catch {
|
|
121
|
+
return false;
|
|
122
|
+
}
|
|
21
123
|
}
|
|
22
124
|
/**
|
|
23
125
|
* Get the stored Gemini token
|
|
24
126
|
*/
|
|
25
127
|
export function getToken() {
|
|
26
|
-
|
|
128
|
+
try {
|
|
129
|
+
return config.get('geminiToken');
|
|
130
|
+
}
|
|
131
|
+
catch {
|
|
132
|
+
// Config corrupted, clear and return undefined
|
|
133
|
+
clearCorruptedConfig();
|
|
134
|
+
return undefined;
|
|
135
|
+
}
|
|
27
136
|
}
|
|
28
137
|
/**
|
|
29
138
|
* Store a new Gemini token
|
|
@@ -31,6 +140,7 @@ export function getToken() {
|
|
|
31
140
|
export function setToken(token) {
|
|
32
141
|
config.set('geminiToken', token);
|
|
33
142
|
config.set('configuredAt', new Date().toISOString());
|
|
143
|
+
config.set('keyVersion', KEY_VERSION);
|
|
34
144
|
}
|
|
35
145
|
/**
|
|
36
146
|
* Clear the stored token
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-manager.js","sourceRoot":"","sources":["../../src/auth/token-manager.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,QAAQ,MAAM,UAAU,CAAC;AAChC,OAAO,KAAK,MAAM,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"token-manager.js","sourceRoot":"","sources":["../../src/auth/token-manager.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,QAAQ,MAAM,UAAU,CAAC;AAChC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AAQxB,+DAA+D;AAC/D,MAAM,WAAW,GAAG,IAAI,CAAC;AAEzB;;;GAGG;AACH,SAAS,mBAAmB;IACxB,MAAM,kBAAkB,GAAG;QACvB,EAAE,CAAC,QAAQ,EAAE;QACb,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ;QACtB,EAAE,CAAC,QAAQ,EAAE;QACb,EAAE,CAAC,IAAI,EAAE;QACT,EAAE,CAAC,OAAO,EAAE;QACZ,uBAAuB,CAAC,OAAO;KAClC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEZ,OAAO,UAAU,CAAC,QAAQ,CAAC;SACtB,MAAM,CAAC,kBAAkB,CAAC;SAC1B,MAAM,CAAC,KAAK,CAAC;SACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa;IAClB,MAAM,OAAO,GAAG,aAAa,CAAC;IAC9B,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;IAClF,CAAC;SAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,OAAO,SAAS,EAAE,aAAa,CAAC,CAAC;IACjG,CAAC;SAAM,CAAC;QACJ,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,CAAC,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;IAChH,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB;IACzB,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,IAAI,CAAC;QACD,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5B,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAC1B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,gDAAgD,CAAC,CAAC,CAAC;YAC5E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC,CAAC;QAC5E,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACL,4CAA4C;IAChD,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,YAAY;IACjB,IAAI,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,IAAI,CAAc;YAC/B,WAAW,EAAE,aAAa;YAC1B,aAAa,EAAE,mBAAmB,EAAE;YACpC,MAAM,EAAE;gBACJ,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAC/B,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAChC,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;aACjC;SACJ,CAAC,CAAC;QAEH,8EAA8E;QAC9E,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAE1C,mDAAmD;QACnD,IAAI,UAAU,IAAI,UAAU,KAAK,WAAW,EAAE,CAAC;YAC3C,IAAI,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,yEAAyE;QACzE,oBAAoB,EAAE,CAAC;QAEvB,OAAO,IAAI,IAAI,CAAc;YACzB,WAAW,EAAE,aAAa;YAC1B,aAAa,EAAE,mBAAmB,EAAE;YACpC,MAAM,EAAE;gBACJ,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAC/B,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBAChC,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;aACjC;SACJ,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAED,iDAAiD;AACjD,IAAI,MAAyB,CAAC;AAC9B,IAAI,CAAC;IACD,MAAM,GAAG,YAAY,EAAE,CAAC;AAC5B,CAAC;AAAC,OAAO,KAAK,EAAE,CAAC;IACb,oCAAoC;IACpC,oBAAoB,EAAE,CAAC;IACvB,MAAM,GAAG,IAAI,IAAI,CAAc;QAC3B,WAAW,EAAE,aAAa;QAC1B,aAAa,EAAE,mBAAmB,EAAE;KACvC,CAAC,CAAC;AACP,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,QAAQ;IACpB,IAAI,CAAC;QACD,OAAO,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,KAAK,CAAC;IACjB,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,QAAQ;IACpB,IAAI,CAAC;QACD,OAAO,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACL,+CAA+C;QAC/C,oBAAoB,EAAE,CAAC;QACvB,OAAO,SAAS,CAAC;IACrB,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,QAAQ,CAAC,KAAa;IAClC,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;IACjC,MAAM,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;IACrD,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU;IACtB,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IAC7B,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAa;IAC5C,8CAA8C;IAC9C,OAAO,KAAK,CAAC,MAAM,IAAI,EAAE,IAAI,KAAK,CAAC,MAAM,IAAI,EAAE,IAAI,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACtF,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW;IAC7B,MAAM,QAAQ,GAAG,QAAQ,EAAE,CAAC;IAC5B,IAAI,QAAQ,EAAE,CAAC;QACX,OAAO,QAAQ,CAAC;IACpB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,oCAAoC,CAAC,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAC,CAAC;IAEtF,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAoB;QACvD;YACI,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,OAAO;YACb,OAAO,EAAE,8BAA8B;YACvC,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,CAAC,KAAa,EAAE,EAAE;gBACxB,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;oBAChB,OAAO,mBAAmB,CAAC;gBAC/B,CAAC;gBACD,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;oBACpC,OAAO,gEAAgE,CAAC;gBAC5E,CAAC;gBACD,OAAO,IAAI,CAAC;YAChB,CAAC;SACJ;KACJ,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAClC,QAAQ,CAAC,YAAY,CAAC,CAAC;IACvB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC,CAAC;IAEtD,OAAO,YAAY,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe;IAC3B,IAAI,QAAQ,EAAE,EAAE,CAAC;QACb,MAAM,YAAY,GAAG,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAChD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC,CAAC;QACzD,IAAI,YAAY,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,IAAI,IAAI,CAAC,YAAY,CAAC,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,CAAC;QACvF,CAAC;IACL,CAAC;SAAM,CAAC;QACJ,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,kCAAkC,CAAC,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC,CAAC;IACpE,CAAC;AACL,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan.d.ts","sourceRoot":"","sources":["../../src/commands/scan.ts"],"names":[],"mappings":"AAAA;;GAEG;
|
|
1
|
+
{"version":3,"file":"scan.d.ts","sourceRoot":"","sources":["../../src/commands/scan.ts"],"names":[],"mappings":"AAAA;;GAEG;AAoBH,MAAM,WAAW,WAAW;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,QAAQ,CAAC,EAAE,OAAO,CAAC;CACtB;AAgBD;;GAEG;AACH,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CA4TnE"}
|
package/dist/commands/scan.js
CHANGED
|
@@ -11,6 +11,7 @@ import { createGeminiClient } from '../ai/gemini-client.js';
|
|
|
11
11
|
import { createAgent } from '../ai/agent.js';
|
|
12
12
|
import { generateMarkdownReport, writeReport } from '../reporters/markdown.js';
|
|
13
13
|
import { getChangedFiles } from '../core/diff-analyzer.js';
|
|
14
|
+
import { validateBranchName, validateOutputPath, SecurityError } from '../core/security.js';
|
|
14
15
|
import { generateFolderTree, getFolderSummary } from '../utils/folder-tree.js';
|
|
15
16
|
import { analyzePackages, formatPackageReport } from '../utils/package-analyzer.js';
|
|
16
17
|
import fs from 'fs';
|
|
@@ -223,7 +224,16 @@ export async function scan(options = {}) {
|
|
|
223
224
|
type: 'input',
|
|
224
225
|
name: 'targetBranch',
|
|
225
226
|
message: 'Enter the branch name to compare against:',
|
|
226
|
-
default: 'main'
|
|
227
|
+
default: 'main',
|
|
228
|
+
validate: (input) => {
|
|
229
|
+
try {
|
|
230
|
+
validateBranchName(input);
|
|
231
|
+
return true;
|
|
232
|
+
}
|
|
233
|
+
catch (error) {
|
|
234
|
+
return error instanceof SecurityError ? error.message : 'Invalid branch name';
|
|
235
|
+
}
|
|
236
|
+
}
|
|
227
237
|
}
|
|
228
238
|
]);
|
|
229
239
|
console.log(chalk.bold.cyan(`\n━━━ 🔀 Diff Analysis: current vs ${targetBranch} ━━━`));
|
|
@@ -261,16 +271,26 @@ export async function scan(options = {}) {
|
|
|
261
271
|
const duration = ((Date.now() - startTime) / 1000).toFixed(1);
|
|
262
272
|
const outputFile = options.output || 'AI_REVIEW_REPORT.md';
|
|
263
273
|
console.log(chalk.bold.cyan('\n━━━ 💾 Saving Report ━━━'));
|
|
274
|
+
// Validate output path is within current directory and not sensitive
|
|
275
|
+
let safeOutputPath;
|
|
276
|
+
try {
|
|
277
|
+
safeOutputPath = validateOutputPath(outputFile, repoRoot);
|
|
278
|
+
}
|
|
279
|
+
catch (error) {
|
|
280
|
+
console.log(chalk.red(` ✗ ${error instanceof SecurityError ? error.message : 'Invalid output path'}`));
|
|
281
|
+
console.log(chalk.yellow(` Using default: AI_REVIEW_REPORT.md`));
|
|
282
|
+
safeOutputPath = path.resolve(repoRoot, 'AI_REVIEW_REPORT.md');
|
|
283
|
+
}
|
|
264
284
|
if (reportContent) {
|
|
265
|
-
await fs.promises.writeFile(
|
|
285
|
+
await fs.promises.writeFile(safeOutputPath, reportContent, 'utf-8');
|
|
266
286
|
}
|
|
267
287
|
else {
|
|
268
288
|
const mdReport = generateMarkdownReport(result, {
|
|
269
289
|
framework, scanResult, generatedAt: new Date(), modelName: client.getModelName()
|
|
270
290
|
});
|
|
271
|
-
await writeReport(mdReport,
|
|
291
|
+
await writeReport(mdReport, safeOutputPath);
|
|
272
292
|
}
|
|
273
|
-
console.log(chalk.green(` ✓ Report saved: ${
|
|
293
|
+
console.log(chalk.green(` ✓ Report saved: ${path.relative(repoRoot, safeOutputPath)}`));
|
|
274
294
|
// Summary
|
|
275
295
|
console.log(chalk.bold.cyan('\n━━━ ✅ Complete ━━━'));
|
|
276
296
|
console.log(chalk.white(` Duration: ${duration}s`));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan.js","sourceRoot":"","sources":["../../src/commands/scan.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,MAAM,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,eAAe,EAAqB,MAAM,+BAA+B,CAAC;AACnF,OAAO,EAAE,cAAc,EAAmB,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAyB,MAAM,gBAAgB,CAAC;AACpE,OAAO,EAAE,sBAAsB,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAC/E,OAAO,EAAE,eAAe,EAAmB,MAAM,0BAA0B,CAAC;AAE5E,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC/E,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AAEpF,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,QAAQ,MAAM,UAAU,CAAC;AAchC,MAAM,UAAU,GAA2B;IACvC,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI;IAChD,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI;IACpD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;CACvD,CAAC;AAEF,SAAS,WAAW,CAAC,GAAW;IAC5B,OAAO,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;AACnC,CAAC;AAED,SAAS,KAAK,CAAC,EAAU;IACrB,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,UAAuB,EAAE;IAChD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC/B,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,KAAK,CAAC;IAEzC,MAAM,CAAC,MAAM,EAAE,CAAC;IAEhB,kEAAkE;IAClE,0BAA0B;IAC1B,kEAAkE;IAClE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,CAAC;IAE5D,MAAM,aAAa,GAAG,QAAQ,EAAE,CAAC;IACjC,IAAI,KAAa,CAAC;IAElB,IAAI,CAAC,aAAa,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACpD,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAChC,CAAC;SAAM,CAAC;QACJ,KAAK,GAAG,aAAa,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC;IACvD,CAAC;IAED,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACzC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC,CAAC;IAErE,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,WAAW,EAAE,CAAC;IAC9C,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;QAClC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,UAAU,CAAC,KAAK,IAAI,eAAe,EAAE,CAAC,CAAC,CAAC;QACrE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;IAEhC,kEAAkE;IAClE,6BAA6B;IAC7B,kEAAkE;IAClE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC,CAAC;IAE/D,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,QAAQ,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,kBAAkB,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAEtF,uBAAuB;IACvB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC,CAAC;IAC3D,MAAM,UAAU,GAAG,MAAM,kBAAkB,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;IACvE,MAAM,aAAa,GAAG,MAAM,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACvD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,aAAa,aAAa,CAAC,SAAS,aAAa,aAAa,CAAC,UAAU,QAAQ,CAAC,CAAC,CAAC;IAE5G,kBAAkB;IAClB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC,CAAC;IACxD,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAC7D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,eAAe,UAAU,CAAC,KAAK,CAAC,MAAM,mBAAmB,CAAC,CAAC,CAAC;IAEpF,kDAAkD;IAClD,IAAI,aAAa,GAAG,EAAE,CAAC;IACvB,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,EAAE,CAAC;QACrD,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,QAAQ,EAAE,CAAC,GAAG,EAAE,EAAE;YACxD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QACH,IAAI,WAAW,EAAE,CAAC;YACd,aAAa,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;QACrD,CAAC;IACL,CAAC;IAED,kEAAkE;IAClE,4BAA4B;IAC5B,kEAAkE;IAClE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC,CAAC;IAEhE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAyB;QACjE;YACI,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,kCAAkC;YAC3C,OAAO,EAAE;gBACL,EAAE,IAAI,EAAE,yDAAyD,EAAE,KAAK,EAAE,UAAU,EAAE;gBACtF,EAAE,IAAI,EAAE,0DAA0D,EAAE,KAAK,EAAE,cAAc,EAAE;gBAC3F,EAAE,IAAI,EAAE,0DAA0D,EAAE,KAAK,EAAE,MAAM,EAAE;gBACnF,EAAE,IAAI,EAAE,sDAAsD,EAAE,KAAK,EAAE,cAAc,EAAE;gBACvF,EAAE,IAAI,EAAE,sDAAsD,EAAE,KAAK,EAAE,aAAa,EAAE;aACzF;SACJ;KACJ,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IACxF,IAAI,MAAW,CAAC;IAChB,IAAI,aAAa,GAAG,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,kEAAkE;IAClE,0BAA0B;IAC1B,kEAAkE;IAElE,IAAI,UAAU,KAAK,UAAU,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC,CAAC;QAExE,mCAAmC;QACnC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC,CAAC;QAC1D,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC/C,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC1B,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACzC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;YACrF,MAAM,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,gCAAgC;QACrD,CAAC;QACD,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,aAAa,CAAC,CAAC,CAAC;QACtF,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,yDAAyD,CAAC,CAAC,CAAC;QAErF,MAAM,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,UAAU,EAAE;YAC9C,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE;gBAClB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;YACnF,CAAC;SACJ,CAAC,CAAC;QAEH,4BAA4B;QAC5B,aAAa,GAAG,kCAAkC,CAAC;QACnD,aAAa,IAAI,kBAAkB,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,IAAI,CAAC;QAChE,aAAa,IAAI,kBAAkB,SAAS,CAAC,WAAW,MAAM,CAAC;QAC/D,aAAa,IAAI,qCAAqC,UAAU,cAAc,CAAC;QAC/E,aAAa,IAAI,aAAa,CAAC;QAC/B,aAAa,IAAI,KAAK,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,OAAO,IAAI,EAAE,EAAE,CAAC;IAE9D,CAAC;SAAM,IAAI,UAAU,KAAK,cAAc,EAAE,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC,CAAC;QAE/E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC,CAAC;QAC/D,KAAK,MAAM,GAAG,IAAI,aAAa,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACxD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,GAAG,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC;YACvE,MAAM,KAAK,CAAC,EAAE,CAAC,CAAC;QACpB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,mDAAmD,CAAC,CAAC,CAAC;QAE/E,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC;QAChG,MAAM,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,UAAU,EAAE;YACzC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE;gBAClB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;YACnF,CAAC;SACJ,CAAC,CAAC;QAEH,aAAa,GAAG,wCAAwC,CAAC;QACzD,aAAa,IAAI,kBAAkB,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,IAAI,CAAC;QAChE,aAAa,IAAI,kBAAkB,SAAS,CAAC,WAAW,MAAM,CAAC;QAC/D,aAAa,IAAI,6CAA6C,UAAU,cAAc,CAAC;QACvF,aAAa,IAAI,aAAa,CAAC;QAC/B,aAAa,IAAI,KAAK,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;IAEpF,CAAC;SAAM,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC,CAAC;QACnE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,UAAU,CAAC,KAAK,CAAC,MAAM,aAAa,CAAC,CAAC,CAAC;QAE7E,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,EAAE;YAClC,QAAQ,EAAE,SAAS;YACnB,aAAa,EAAE,CAAC,UAAU,EAAE,aAAa,EAAE,eAAe,CAAC;SAC9D,CAAC,CAAC;QAEH,MAAM,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,UAAU,EAAE;YACzC,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;gBAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,KAAK,EAAE,CAAC,CAAC,CAAC;YACrD,CAAC;YACD,eAAe,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;gBAC7B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,oBAAoB,IAAI,GAAG,CAAC,CAAC,CAAC;YAC1D,CAAC;YACD,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;gBACjB,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;gBACtD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC;YACjF,CAAC;YACD,cAAc,EAAE,CAAC,IAAI,EAAE,EAAE;gBACrB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,IAAI,IAAI,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;YACtH,CAAC;YACD,SAAS,EAAE,GAAG,EAAE;gBACZ,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,gFAAgF,CAAC,CAAC,CAAC;YAChH,CAAC;YACD,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE;gBAClB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;YACpF,CAAC;YACD,YAAY,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;gBAC5B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,6BAA6B,MAAM,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC,CAAC;YAC5F,CAAC;SACJ,CAAC,CAAC;QAEH,aAAa,GAAG,sBAAsB,CAAC,MAAM,EAAE;YAC3C,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,EAAE,SAAS,EAAE,MAAM,CAAC,YAAY,EAAE;SACnF,CAAC,CAAC;IAEP,CAAC;SAAM,IAAI,UAAU,KAAK,cAAc,EAAE,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC,CAAC;QAE1E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC,CAAC;QAChE,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAE3D,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,qCAAqC,CAAC,CAAC,CAAC;YACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,aAAa,UAAU,CAAC,YAAY,CAAC,MAAM,gBAAgB,CAAC,CAAC,CAAC;QAEtF,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,YAAY,EAAE,CAAC;YACzC,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;QAC/E,CAAC;QAED,MAAM,QAAQ,GAAe;YACzB,GAAG,UAAU;YACb,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAC/B,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CACjG;SACJ,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,4CAA4C,CAAC,CAAC,CAAC;QAExE,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,EAAE;YAClC,QAAQ,EAAE,SAAS;YACnB,aAAa,EAAE,CAAC,aAAa,EAAE,UAAU,CAAC;SAC7C,CAAC,CAAC;QACH,MAAM,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAE3C,aAAa,GAAG,gDAAgD,CAAC;QACjE,aAAa,IAAI,sBAAsB,UAAU,CAAC,YAAY,CAAC,MAAM,MAAM,CAAC;QAC5E,aAAa,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAE7E,CAAC;SAAM,IAAI,UAAU,KAAK,aAAa,EAAE,CAAC;QACtC,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,QAAQ,CAAC,MAAM,CAA2B;YACrE;gBACI,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,cAAc;gBACpB,OAAO,EAAE,2CAA2C;gBACpD,OAAO,EAAE,MAAM;aAClB;SACJ,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,sCAAsC,YAAY,MAAM,CAAC,CAAC,CAAC;QAEvF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,sBAAsB,YAAY,KAAK,CAAC,CAAC,CAAC;QACjE,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAEjE,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,oCAAoC,YAAY,EAAE,CAAC,CAAC,CAAC;YAC9E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,aAAa,UAAU,CAAC,YAAY,CAAC,MAAM,kBAAkB,CAAC,CAAC,CAAC;QAExF,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACtD,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,UAAU,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACtC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,UAAU,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;QACvF,CAAC;QAED,MAAM,QAAQ,GAAe;YACzB,GAAG,UAAU;YACb,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAC/B,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CACjG;SACJ,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,wCAAwC,CAAC,CAAC,CAAC;QAEpE,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,EAAE;YAClC,QAAQ,EAAE,SAAS;YACnB,aAAa,EAAE,CAAC,aAAa,EAAE,UAAU,CAAC;SAC7C,CAAC,CAAC;QACH,MAAM,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAE3C,aAAa,GAAG,uCAAuC,YAAY,MAAM,CAAC;QAC1E,aAAa,IAAI,sBAAsB,UAAU,CAAC,YAAY,CAAC,MAAM,MAAM,CAAC;QAC5E,aAAa,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC7E,CAAC;IAED,kEAAkE;IAClE,cAAc;IACd,kEAAkE;IAClE,MAAM,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAC9D,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,IAAI,qBAAqB,CAAC;IAE3D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,CAAC;IAE3D,IAAI,aAAa,EAAE,CAAC;QAChB,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;IAClF,CAAC;SAAM,CAAC;QACJ,MAAM,QAAQ,GAAG,sBAAsB,CAAC,MAAM,EAAE;YAC5C,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,EAAE,SAAS,EAAE,MAAM,CAAC,YAAY,EAAE;SACnF,CAAC,CAAC;QACH,MAAM,WAAW,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC5C,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,qBAAqB,UAAU,EAAE,CAAC,CAAC,CAAC;IAE5D,UAAU;IACV,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,eAAe,QAAQ,GAAG,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,aAAa,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC;IACxF,OAAO,CAAC,GAAG,EAAE,CAAC;AAClB,CAAC"}
|
|
1
|
+
{"version":3,"file":"scan.js","sourceRoot":"","sources":["../../src/commands/scan.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,MAAM,MAAM,oBAAoB,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,eAAe,EAAqB,MAAM,+BAA+B,CAAC;AACnF,OAAO,EAAE,cAAc,EAAmB,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAyB,MAAM,gBAAgB,CAAC;AACpE,OAAO,EAAE,sBAAsB,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAC/E,OAAO,EAAE,eAAe,EAAmB,MAAM,0BAA0B,CAAC;AAE5E,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAC5F,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC/E,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AAEpF,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,QAAQ,MAAM,UAAU,CAAC;AAchC,MAAM,UAAU,GAA2B;IACvC,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI;IAChD,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI;IACpD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;CACvD,CAAC;AAEF,SAAS,WAAW,CAAC,GAAW;IAC5B,OAAO,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;AACnC,CAAC;AAED,SAAS,KAAK,CAAC,EAAU;IACrB,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,UAAuB,EAAE;IAChD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC/B,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,KAAK,CAAC;IAEzC,MAAM,CAAC,MAAM,EAAE,CAAC;IAEhB,kEAAkE;IAClE,0BAA0B;IAC1B,kEAAkE;IAClE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,CAAC;IAE5D,MAAM,aAAa,GAAG,QAAQ,EAAE,CAAC;IACjC,IAAI,KAAa,CAAC;IAElB,IAAI,CAAC,aAAa,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACpD,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAChC,CAAC;SAAM,CAAC;QACJ,KAAK,GAAG,aAAa,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC;IACvD,CAAC;IAED,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACzC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC,CAAC;IAErE,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,WAAW,EAAE,CAAC;IAC9C,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;QAClC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,UAAU,CAAC,KAAK,IAAI,eAAe,EAAE,CAAC,CAAC,CAAC;QACrE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;IAEhC,kEAAkE;IAClE,6BAA6B;IAC7B,kEAAkE;IAClE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC,CAAC;IAE/D,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,QAAQ,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,kBAAkB,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAEtF,uBAAuB;IACvB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC,CAAC;IAC3D,MAAM,UAAU,GAAG,MAAM,kBAAkB,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;IACvE,MAAM,aAAa,GAAG,MAAM,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACvD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,aAAa,aAAa,CAAC,SAAS,aAAa,aAAa,CAAC,UAAU,QAAQ,CAAC,CAAC,CAAC;IAE5G,kBAAkB;IAClB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC,CAAC;IACxD,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAC7D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,eAAe,UAAU,CAAC,KAAK,CAAC,MAAM,mBAAmB,CAAC,CAAC,CAAC;IAEpF,kDAAkD;IAClD,IAAI,aAAa,GAAG,EAAE,CAAC;IACvB,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,EAAE,CAAC;QACrD,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,QAAQ,EAAE,CAAC,GAAG,EAAE,EAAE;YACxD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QACH,IAAI,WAAW,EAAE,CAAC;YACd,aAAa,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;QACrD,CAAC;IACL,CAAC;IAED,kEAAkE;IAClE,4BAA4B;IAC5B,kEAAkE;IAClE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC,CAAC;IAEhE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAyB;QACjE;YACI,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,kCAAkC;YAC3C,OAAO,EAAE;gBACL,EAAE,IAAI,EAAE,yDAAyD,EAAE,KAAK,EAAE,UAAU,EAAE;gBACtF,EAAE,IAAI,EAAE,0DAA0D,EAAE,KAAK,EAAE,cAAc,EAAE;gBAC3F,EAAE,IAAI,EAAE,0DAA0D,EAAE,KAAK,EAAE,MAAM,EAAE;gBACnF,EAAE,IAAI,EAAE,sDAAsD,EAAE,KAAK,EAAE,cAAc,EAAE;gBACvF,EAAE,IAAI,EAAE,sDAAsD,EAAE,KAAK,EAAE,aAAa,EAAE;aACzF;SACJ;KACJ,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IACxF,IAAI,MAAW,CAAC;IAChB,IAAI,aAAa,GAAG,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,kEAAkE;IAClE,0BAA0B;IAC1B,kEAAkE;IAElE,IAAI,UAAU,KAAK,UAAU,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC,CAAC;QAExE,mCAAmC;QACnC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC,CAAC;QAC1D,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC/C,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC1B,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACzC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;YACrF,MAAM,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,gCAAgC;QACrD,CAAC;QACD,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,aAAa,CAAC,CAAC,CAAC;QACtF,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,yDAAyD,CAAC,CAAC,CAAC;QAErF,MAAM,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,UAAU,EAAE;YAC9C,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE;gBAClB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;YACnF,CAAC;SACJ,CAAC,CAAC;QAEH,4BAA4B;QAC5B,aAAa,GAAG,kCAAkC,CAAC;QACnD,aAAa,IAAI,kBAAkB,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,IAAI,CAAC;QAChE,aAAa,IAAI,kBAAkB,SAAS,CAAC,WAAW,MAAM,CAAC;QAC/D,aAAa,IAAI,qCAAqC,UAAU,cAAc,CAAC;QAC/E,aAAa,IAAI,aAAa,CAAC;QAC/B,aAAa,IAAI,KAAK,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,OAAO,IAAI,EAAE,EAAE,CAAC;IAE9D,CAAC;SAAM,IAAI,UAAU,KAAK,cAAc,EAAE,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC,CAAC;QAE/E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC,CAAC;QAC/D,KAAK,MAAM,GAAG,IAAI,aAAa,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACxD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,GAAG,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC;YACvE,MAAM,KAAK,CAAC,EAAE,CAAC,CAAC;QACpB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,mDAAmD,CAAC,CAAC,CAAC;QAE/E,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC;QAChG,MAAM,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,UAAU,EAAE;YACzC,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE;gBAClB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;YACnF,CAAC;SACJ,CAAC,CAAC;QAEH,aAAa,GAAG,wCAAwC,CAAC;QACzD,aAAa,IAAI,kBAAkB,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,IAAI,CAAC;QAChE,aAAa,IAAI,kBAAkB,SAAS,CAAC,WAAW,MAAM,CAAC;QAC/D,aAAa,IAAI,6CAA6C,UAAU,cAAc,CAAC;QACvF,aAAa,IAAI,aAAa,CAAC;QAC/B,aAAa,IAAI,KAAK,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;IAEpF,CAAC;SAAM,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC,CAAC;QACnE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,UAAU,CAAC,KAAK,CAAC,MAAM,aAAa,CAAC,CAAC,CAAC;QAE7E,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,EAAE;YAClC,QAAQ,EAAE,SAAS;YACnB,aAAa,EAAE,CAAC,UAAU,EAAE,aAAa,EAAE,eAAe,CAAC;SAC9D,CAAC,CAAC;QAEH,MAAM,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,UAAU,EAAE;YACzC,YAAY,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;gBAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,KAAK,EAAE,CAAC,CAAC,CAAC;YACrD,CAAC;YACD,eAAe,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;gBAC7B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,oBAAoB,IAAI,GAAG,CAAC,CAAC,CAAC;YAC1D,CAAC;YACD,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;gBACjB,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;gBACtD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC;YACjF,CAAC;YACD,cAAc,EAAE,CAAC,IAAI,EAAE,EAAE;gBACrB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,IAAI,IAAI,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;YACtH,CAAC;YACD,SAAS,EAAE,GAAG,EAAE;gBACZ,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,gFAAgF,CAAC,CAAC,CAAC;YAChH,CAAC;YACD,YAAY,EAAE,CAAC,GAAG,EAAE,EAAE;gBAClB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;YACpF,CAAC;YACD,YAAY,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;gBAC5B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,6BAA6B,MAAM,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC,CAAC;YAC5F,CAAC;SACJ,CAAC,CAAC;QAEH,aAAa,GAAG,sBAAsB,CAAC,MAAM,EAAE;YAC3C,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,EAAE,SAAS,EAAE,MAAM,CAAC,YAAY,EAAE;SACnF,CAAC,CAAC;IAEP,CAAC;SAAM,IAAI,UAAU,KAAK,cAAc,EAAE,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC,CAAC;QAE1E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC,CAAC;QAChE,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAE3D,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,qCAAqC,CAAC,CAAC,CAAC;YACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,aAAa,UAAU,CAAC,YAAY,CAAC,MAAM,gBAAgB,CAAC,CAAC,CAAC;QAEtF,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,YAAY,EAAE,CAAC;YACzC,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;QAC/E,CAAC;QAED,MAAM,QAAQ,GAAe;YACzB,GAAG,UAAU;YACb,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAC/B,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CACjG;SACJ,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,4CAA4C,CAAC,CAAC,CAAC;QAExE,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,EAAE;YAClC,QAAQ,EAAE,SAAS;YACnB,aAAa,EAAE,CAAC,aAAa,EAAE,UAAU,CAAC;SAC7C,CAAC,CAAC;QACH,MAAM,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAE3C,aAAa,GAAG,gDAAgD,CAAC;QACjE,aAAa,IAAI,sBAAsB,UAAU,CAAC,YAAY,CAAC,MAAM,MAAM,CAAC;QAC5E,aAAa,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAE7E,CAAC;SAAM,IAAI,UAAU,KAAK,aAAa,EAAE,CAAC;QACtC,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,QAAQ,CAAC,MAAM,CAA2B;YACrE;gBACI,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,cAAc;gBACpB,OAAO,EAAE,2CAA2C;gBACpD,OAAO,EAAE,MAAM;gBACf,QAAQ,EAAE,CAAC,KAAa,EAAE,EAAE;oBACxB,IAAI,CAAC;wBACD,kBAAkB,CAAC,KAAK,CAAC,CAAC;wBAC1B,OAAO,IAAI,CAAC;oBAChB,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACb,OAAO,KAAK,YAAY,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,qBAAqB,CAAC;oBAClF,CAAC;gBACL,CAAC;aACJ;SACJ,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,sCAAsC,YAAY,MAAM,CAAC,CAAC,CAAC;QAEvF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,sBAAsB,YAAY,KAAK,CAAC,CAAC,CAAC;QACjE,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAEjE,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,oCAAoC,YAAY,EAAE,CAAC,CAAC,CAAC;YAC9E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,aAAa,UAAU,CAAC,YAAY,CAAC,MAAM,kBAAkB,CAAC,CAAC,CAAC;QAExF,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACtD,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,UAAU,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACtC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,UAAU,CAAC,YAAY,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;QACvF,CAAC;QAED,MAAM,QAAQ,GAAe;YACzB,GAAG,UAAU;YACb,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAC/B,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CACjG;SACJ,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,wCAAwC,CAAC,CAAC,CAAC;QAEpE,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,EAAE;YAClC,QAAQ,EAAE,SAAS;YACnB,aAAa,EAAE,CAAC,aAAa,EAAE,UAAU,CAAC;SAC7C,CAAC,CAAC;QACH,MAAM,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAE3C,aAAa,GAAG,uCAAuC,YAAY,MAAM,CAAC;QAC1E,aAAa,IAAI,sBAAsB,UAAU,CAAC,YAAY,CAAC,MAAM,MAAM,CAAC;QAC5E,aAAa,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC7E,CAAC;IAED,kEAAkE;IAClE,cAAc;IACd,kEAAkE;IAClE,MAAM,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAC9D,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,IAAI,qBAAqB,CAAC;IAE3D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,CAAC;IAE3D,qEAAqE;IACrE,IAAI,cAAsB,CAAC;IAC3B,IAAI,CAAC;QACD,cAAc,GAAG,kBAAkB,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAC9D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,KAAK,YAAY,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,qBAAqB,EAAE,CAAC,CAAC,CAAC;QACxG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,sCAAsC,CAAC,CAAC,CAAC;QAClE,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;IACnE,CAAC;IAED,IAAI,aAAa,EAAE,CAAC;QAChB,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;IACxE,CAAC;SAAM,CAAC;QACJ,MAAM,QAAQ,GAAG,sBAAsB,CAAC,MAAM,EAAE;YAC5C,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,EAAE,SAAS,EAAE,MAAM,CAAC,YAAY,EAAE;SACnF,CAAC,CAAC;QACH,MAAM,WAAW,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,qBAAqB,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,cAAc,CAAC,EAAE,CAAC,CAAC,CAAC;IAEzF,UAAU;IACV,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,eAAe,QAAQ,GAAG,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,aAAa,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC;IACxF,OAAO,CAAC,GAAG,EAAE,CAAC;AAClB,CAAC"}
|
package/dist/core/executor.d.ts
CHANGED
|
@@ -13,6 +13,7 @@ export declare class ExecutorError extends Error {
|
|
|
13
13
|
}
|
|
14
14
|
/**
|
|
15
15
|
* Execute a command safely within the repository
|
|
16
|
+
* Uses stricter validation with command + args allowlisting
|
|
16
17
|
*/
|
|
17
18
|
export declare function executeCommand(command: string, args: string[], cwd: string, options?: {
|
|
18
19
|
timeout?: number;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../../src/core/executor.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,MAAM,WAAW,aAAa;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC;CACnB;AAED,qBAAa,aAAc,SAAQ,KAAK;gBACxB,OAAO,EAAE,MAAM;CAI9B;AAED
|
|
1
|
+
{"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../../src/core/executor.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,MAAM,WAAW,aAAa;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC;CACnB;AAED,qBAAa,aAAc,SAAQ,KAAK;gBACxB,OAAO,EAAE,MAAM;CAI9B;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAChC,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EAAE,EACd,GAAG,EAAE,MAAM,EACX,OAAO,GAAE;IACL,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACjB,GACP,OAAO,CAAC,aAAa,CAAC,CA+ExB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAqCzF;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAoBtE;AAED;;GAEG;AACH,wBAAsB,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAmBjE"}
|
package/dist/core/executor.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
* Dynamic Command Executor - Run safe commands for context gathering
|
|
3
3
|
*/
|
|
4
4
|
import { spawn } from 'child_process';
|
|
5
|
-
import { isAllowedCommand, sanitizeArgs } from './security.js';
|
|
5
|
+
import { isAllowedCommand, sanitizeArgs, SecurityError } from './security.js';
|
|
6
6
|
export class ExecutorError extends Error {
|
|
7
7
|
constructor(message) {
|
|
8
8
|
super(message);
|
|
@@ -11,15 +11,25 @@ export class ExecutorError extends Error {
|
|
|
11
11
|
}
|
|
12
12
|
/**
|
|
13
13
|
* Execute a command safely within the repository
|
|
14
|
+
* Uses stricter validation with command + args allowlisting
|
|
14
15
|
*/
|
|
15
16
|
export async function executeCommand(command, args, cwd, options = {}) {
|
|
16
17
|
const { timeout = 30000, maxOutput = 100000 } = options;
|
|
17
|
-
// Validate command
|
|
18
|
-
if (!isAllowedCommand(command)) {
|
|
19
|
-
throw new ExecutorError(`Command "${command}"
|
|
18
|
+
// Validate command AND args are allowed
|
|
19
|
+
if (!isAllowedCommand(command, args)) {
|
|
20
|
+
throw new ExecutorError(`Command "${command}" with args [${args.slice(0, 2).join(', ')}...] is not permitted`);
|
|
21
|
+
}
|
|
22
|
+
// Sanitize arguments - may throw SecurityError
|
|
23
|
+
let sanitizedArgs;
|
|
24
|
+
try {
|
|
25
|
+
sanitizedArgs = sanitizeArgs(args);
|
|
26
|
+
}
|
|
27
|
+
catch (error) {
|
|
28
|
+
if (error instanceof SecurityError) {
|
|
29
|
+
throw new ExecutorError(`Unsafe arguments: ${error.message}`);
|
|
30
|
+
}
|
|
31
|
+
throw error;
|
|
20
32
|
}
|
|
21
|
-
// Sanitize arguments
|
|
22
|
-
const sanitizedArgs = sanitizeArgs(args);
|
|
23
33
|
// Windows requires shell: true for npm/npx commands (.cmd files)
|
|
24
34
|
// Linux/Mac can run without shell for better security
|
|
25
35
|
const isWindows = process.platform === 'win32';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"executor.js","sourceRoot":"","sources":["../../src/core/executor.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AACtC,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"executor.js","sourceRoot":"","sources":["../../src/core/executor.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AACtC,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAU9E,MAAM,OAAO,aAAc,SAAQ,KAAK;IACpC,YAAY,OAAe;QACvB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;IAChC,CAAC;CACJ;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAChC,OAAe,EACf,IAAc,EACd,GAAW,EACX,UAGI,EAAE;IAEN,MAAM,EAAE,OAAO,GAAG,KAAK,EAAE,SAAS,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC;IAExD,wCAAwC;IACxC,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,aAAa,CAAC,YAAY,OAAO,gBAAgB,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IACnH,CAAC;IAED,+CAA+C;IAC/C,IAAI,aAAuB,CAAC;IAC5B,IAAI,CAAC;QACD,aAAa,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,IAAI,KAAK,YAAY,aAAa,EAAE,CAAC;YACjC,MAAM,IAAI,aAAa,CAAC,qBAAqB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAClE,CAAC;QACD,MAAM,KAAK,CAAC;IAChB,CAAC;IAED,iEAAiE;IACjE,sDAAsD;IACtD,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC;IAE/C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC3B,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,QAAQ,GAAG,KAAK,CAAC;QAErB,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,EAAE,aAAa,EAAE;YACvC,GAAG;YACH,KAAK,EAAE,SAAS,EAAE,4BAA4B;YAC9C,OAAO;YACP,WAAW,EAAE,IAAI,EAAE,iCAAiC;YACpD,GAAG,EAAE;gBACD,GAAG,OAAO,CAAC,GAAG;gBACd,EAAE,EAAE,MAAM;gBACV,WAAW,EAAE,GAAG;aACnB;SACJ,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE;YAC9B,QAAQ,GAAG,IAAI,CAAC;YAChB,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACzB,CAAC,EAAE,OAAO,CAAC,CAAC;QAEZ,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAC7B,IAAI,MAAM,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;gBAC5B,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC9B,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAC7B,IAAI,MAAM,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;gBAC5B,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC9B,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACtB,YAAY,CAAC,SAAS,CAAC,CAAC;YACxB,OAAO,CAAC;gBACJ,OAAO,EAAE,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ;gBAChC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC;gBAClC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC;gBAClC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;gBAChC,OAAO,EAAE,GAAG,OAAO,IAAI,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;aACnD,CAAC,CAAC;QACP,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YACvB,YAAY,CAAC,SAAS,CAAC,CAAC;YACxB,OAAO,CAAC;gBACJ,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,EAAE;gBACV,MAAM,EAAE,KAAK,CAAC,OAAO;gBACrB,QAAQ,EAAE,IAAI;gBACd,OAAO,EAAE,GAAG,OAAO,IAAI,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;aACnD,CAAC,CAAC;QACP,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,QAAgB;IACpD,MAAM,OAAO,GAA2B,EAAE,CAAC;IAE3C,eAAe;IACf,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC/E,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,MAAM,IAAI,oBAAoB,CAAC;IACrE,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,WAAW,EAAE,IAAI,CAAC,EAAE,QAAQ,CAAC,CAAC;IACjF,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACjB,OAAO,CAAC,gBAAgB,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC;IAC9C,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,gBAAgB,CAAC,EAAE,QAAQ,CAAC,CAAC;IACtF,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,gBAAgB,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IACxD,CAAC;IAED,eAAe;IACf,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,EAAE,QAAQ,CAAC,CAAC;IACvF,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QAClB,IAAI,CAAC;YACD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YACxC,OAAO,CAAC,cAAc,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9E,CAAC;QAAC,MAAM,CAAC;YACL,sBAAsB;QAC1B,CAAC;IACL,CAAC;IAED,uBAAuB;IACvB,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,WAAW,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC/E,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;QACrB,OAAO,CAAC,oBAAoB,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IAC7D,CAAC;IAED,OAAO,OAAO,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,QAAgB;IAC/C,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,QAAQ,EAAE;QAC3F,OAAO,EAAE,KAAK;KACjB,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACjB,OAAO,EAAE,CAAC;IACd,CAAC;IAED,0BAA0B;IAC1B,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAExC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7B,CAAC;IACL,CAAC;IAED,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,qBAAqB;AACrD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,QAAgB;IAC1C,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,UAAU,EAAE,SAAS,EAAE,gBAAgB,EAAE,IAAI,CAAC,EAAE,QAAQ,EAAE;QACjH,OAAO,EAAE,KAAK;KACjB,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACjB,OAAO,EAAE,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAExC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACrD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7B,CAAC;IACL,CAAC;IAED,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC/B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security-scanner.d.ts","sourceRoot":"","sources":["../../src/core/security-scanner.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,WAAW,aAAa;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;CAC5C;AAED,MAAM,WAAW,iBAAiB;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,kBAAkB;IAC/B,OAAO,EAAE,aAAa,EAAE,CAAC;IACzB,eAAe,EAAE,iBAAiB,EAAE,CAAC;IACrC,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;CACnB;
|
|
1
|
+
{"version":3,"file":"security-scanner.d.ts","sourceRoot":"","sources":["../../src/core/security-scanner.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,WAAW,aAAa;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;CAC5C;AAED,MAAM,WAAW,iBAAiB;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,kBAAkB;IAC/B,OAAO,EAAE,aAAa,EAAE,CAAC;IACzB,eAAe,EAAE,iBAAiB,EAAE,CAAC;IACrC,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;CACnB;AA2CD;;GAEG;AACH,wBAAsB,cAAc,CAChC,KAAK,EAAE,WAAW,EAAE,EACpB,QAAQ,EAAE,MAAM,GACjB,OAAO,CAAC,aAAa,EAAE,CAAC,CA4C1B;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAiChF;AAED;;GAEG;AACH,wBAAsB,eAAe,CACjC,KAAK,EAAE,WAAW,EAAE,EACpB,QAAQ,EAAE,MAAM,GACjB,OAAO,CAAC,kBAAkB,CAAC,CA4B7B"}
|
|
@@ -5,28 +5,35 @@ import { executeCommand } from './executor.js';
|
|
|
5
5
|
import { safeReadFile } from './security.js';
|
|
6
6
|
/**
|
|
7
7
|
* Secret detection patterns (regex-based, zero cost)
|
|
8
|
+
* Patterns are designed to be ReDoS-safe with:
|
|
9
|
+
* - Bounded quantifiers (no nested *)
|
|
10
|
+
* - Specific character counts where possible
|
|
11
|
+
* - Non-backtracking character classes
|
|
8
12
|
*/
|
|
9
13
|
const SECRET_PATTERNS = [
|
|
10
|
-
// AWS
|
|
14
|
+
// AWS - specific format with exact lengths
|
|
11
15
|
{ pattern: /AKIA[0-9A-Z]{16}/g, type: 'AWS Access Key', severity: 'critical' },
|
|
12
|
-
{ pattern: /
|
|
13
|
-
// Generic API Keys
|
|
14
|
-
{ pattern: /
|
|
15
|
-
{ pattern: /
|
|
16
|
-
// JWT Tokens
|
|
17
|
-
{ pattern: /eyJ[A-Za-z0-
|
|
18
|
-
// GitHub
|
|
16
|
+
{ pattern: /aws_secret_access_key\s*=\s*[A-Za-z0-9/+=]{40}/gi, type: 'AWS Secret Key', severity: 'critical' },
|
|
17
|
+
// Generic API Keys - bounded lengths, non-greedy
|
|
18
|
+
{ pattern: /api_key\s*=\s*["'][A-Za-z0-9_-]{20,64}["']/gi, type: 'API Key', severity: 'high' },
|
|
19
|
+
{ pattern: /secret\s*=\s*["'][A-Za-z0-9_-]{20,64}["']/gi, type: 'Secret/Token', severity: 'high' },
|
|
20
|
+
// JWT Tokens - use possessive-like matching with specific structure
|
|
21
|
+
{ pattern: /eyJ[A-Za-z0-9_-]{10,500}\.eyJ[A-Za-z0-9_-]{10,500}\.[A-Za-z0-9_.-]{10,500}/g, type: 'JWT Token', severity: 'medium' },
|
|
22
|
+
// GitHub - exact formats
|
|
19
23
|
{ pattern: /ghp_[A-Za-z0-9]{36}/g, type: 'GitHub Personal Token', severity: 'critical' },
|
|
20
24
|
{ pattern: /github_pat_[A-Za-z0-9]{22}_[A-Za-z0-9]{59}/g, type: 'GitHub PAT', severity: 'critical' },
|
|
21
|
-
|
|
25
|
+
{ pattern: /ghs_[A-Za-z0-9]{36}/g, type: 'GitHub App Token', severity: 'critical' },
|
|
26
|
+
// Private Keys - simple literal match
|
|
22
27
|
{ pattern: /-----BEGIN (?:RSA |EC |DSA )?PRIVATE KEY-----/g, type: 'Private Key', severity: 'critical' },
|
|
23
|
-
// Database URLs
|
|
24
|
-
{ pattern: /(?:mongodb|postgres|mysql|redis):\/\/[
|
|
25
|
-
// Slack
|
|
28
|
+
// Database URLs - bounded non-whitespace with max length
|
|
29
|
+
{ pattern: /(?:mongodb|postgres|mysql|redis):\/\/[^\s"']{10,200}/gi, type: 'Database URL with Credentials', severity: 'critical' },
|
|
30
|
+
// Slack - exact format with specific lengths
|
|
26
31
|
{ pattern: /xox[baprs]-[0-9]{10,13}-[0-9]{10,13}-[a-zA-Z0-9]{24}/g, type: 'Slack Token', severity: 'high' },
|
|
27
|
-
// Stripe
|
|
28
|
-
{ pattern: /sk_live_[A-Za-z0-9]{24,}/g, type: 'Stripe Secret Key', severity: 'critical' },
|
|
29
|
-
{ pattern: /pk_live_[A-Za-z0-9]{24,}/g, type: 'Stripe Publishable Key', severity: 'medium' },
|
|
32
|
+
// Stripe - exact prefix with bounded length
|
|
33
|
+
{ pattern: /sk_live_[A-Za-z0-9]{24,50}/g, type: 'Stripe Secret Key', severity: 'critical' },
|
|
34
|
+
{ pattern: /pk_live_[A-Za-z0-9]{24,50}/g, type: 'Stripe Publishable Key', severity: 'medium' },
|
|
35
|
+
// Google API Key
|
|
36
|
+
{ pattern: /AIza[A-Za-z0-9_-]{35}/g, type: 'Google API Key', severity: 'high' },
|
|
30
37
|
];
|
|
31
38
|
/**
|
|
32
39
|
* Scan files for secrets using regex patterns
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security-scanner.js","sourceRoot":"","sources":["../../src/core/security-scanner.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAyB7C
|
|
1
|
+
{"version":3,"file":"security-scanner.js","sourceRoot":"","sources":["../../src/core/security-scanner.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAyB7C;;;;;;GAMG;AACH,MAAM,eAAe,GAAkF;IACnG,2CAA2C;IAC3C,EAAE,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC9E,EAAE,OAAO,EAAE,kDAAkD,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,UAAU,EAAE;IAE7G,iDAAiD;IACjD,EAAE,OAAO,EAAE,8CAA8C,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC9F,EAAE,OAAO,EAAE,6CAA6C,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE;IAElG,oEAAoE;IACpE,EAAE,OAAO,EAAE,6EAA6E,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAEjI,yBAAyB;IACzB,EAAE,OAAO,EAAE,sBAAsB,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACxF,EAAE,OAAO,EAAE,6CAA6C,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,UAAU,EAAE;IACpG,EAAE,OAAO,EAAE,sBAAsB,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,UAAU,EAAE;IAEnF,sCAAsC;IACtC,EAAE,OAAO,EAAE,gDAAgD,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,UAAU,EAAE;IAExG,yDAAyD;IACzD,EAAE,OAAO,EAAE,wDAAwD,EAAE,IAAI,EAAE,+BAA+B,EAAE,QAAQ,EAAE,UAAU,EAAE;IAElI,6CAA6C;IAC7C,EAAE,OAAO,EAAE,uDAAuD,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,EAAE;IAE3G,4CAA4C;IAC5C,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC3F,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAE9F,iBAAiB;IACjB,EAAE,OAAO,EAAE,wBAAwB,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,EAAE;CAClF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAChC,KAAoB,EACpB,QAAgB;IAEhB,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACvB,iCAAiC;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;QACzC,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACpF,SAAS;QACb,CAAC;QAED,IAAI,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,GAAG,GAAG,IAAI,CAAC,CAAC;YACpE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACpC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAEtB,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,eAAe,EAAE,CAAC;oBACxD,oBAAoB;oBACpB,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;oBAEtB,IAAI,KAAK,CAAC;oBACV,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;wBAC3C,8BAA8B;wBAC9B,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,EAAE;4BACpC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;4BAC5E,CAAC,CAAC,KAAK,CAAC;wBAEZ,QAAQ,CAAC,IAAI,CAAC;4BACV,IAAI,EAAE,IAAI,CAAC,YAAY;4BACvB,IAAI,EAAE,CAAC,GAAG,CAAC;4BACX,IAAI;4BACJ,KAAK,EAAE,WAAW;4BAClB,QAAQ;yBACX,CAAC,CAAC;oBACP,CAAC;gBACL,CAAC;YACL,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACL,gCAAgC;QACpC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AACpB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,QAAgB;IAC9C,MAAM,MAAM,GAAG,MAAM,cAAc,CAC/B,KAAK,EACL,CAAC,OAAO,EAAE,QAAQ,CAAC,EACnB,QAAQ,EACR,EAAE,OAAO,EAAE,KAAK,EAAE,CACrB,CAAC;IAEF,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACpC,OAAO,EAAE,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,eAAe,GAAwB,EAAE,CAAC;QAEhD,8BAA8B;QAC9B,IAAI,KAAK,CAAC,eAAe,EAAE,CAAC;YACxB,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,CAAC;gBAC/D,MAAM,QAAQ,GAAG,IAAW,CAAC;gBAC7B,eAAe,CAAC,IAAI,CAAC;oBACjB,IAAI;oBACJ,QAAQ,EAAE,QAAQ,CAAC,QAAQ,IAAI,SAAS;oBACxC,WAAW,EAAE,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,gBAAgB;oBAC9E,YAAY,EAAE,QAAQ,CAAC,YAAY,IAAI,KAAK;iBAC/C,CAAC,CAAC;YACP,CAAC;QACL,CAAC;QAED,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,6BAA6B;IACtE,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,EAAE,CAAC;IACd,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACjC,KAAoB,EACpB,QAAgB;IAEhB,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACjD,cAAc,CAAC,KAAK,EAAE,QAAQ,CAAC;QAC/B,WAAW,CAAC,QAAQ,CAAC;KACxB,CAAC,CAAC;IAEH,MAAM,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;IACvE,MAAM,aAAa,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IAEtG,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC;IAEjE,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO,IAAI,MAAM,OAAO,CAAC,MAAM,4BAA4B,CAAC;IAChE,CAAC;IACD,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,IAAI,MAAM,aAAa,CAAC,MAAM,kCAAkC,CAAC;IAC5E,CAAC;IACD,IAAI,CAAC,SAAS,EAAE,CAAC;QACb,OAAO,GAAG,oDAAoD,CAAC;IACnE,CAAC;IAED,OAAO;QACH,OAAO;QACP,eAAe;QACf,SAAS;QACT,OAAO;KACV,CAAC;AACN,CAAC"}
|
package/dist/core/security.d.ts
CHANGED
|
@@ -17,12 +17,9 @@ export declare function isWithinRepo(filePath: string, repoRoot: string): boolea
|
|
|
17
17
|
* Validate a path and throw if it's outside the repo
|
|
18
18
|
*/
|
|
19
19
|
export declare function validatePath(filePath: string, repoRoot: string): string;
|
|
20
|
-
/**
|
|
21
|
-
* Check if path is a symlink pointing outside repo
|
|
22
|
-
*/
|
|
23
|
-
export declare function isSymlinkEscape(filePath: string, repoRoot: string): Promise<boolean>;
|
|
24
20
|
/**
|
|
25
21
|
* Safe file read with security validation
|
|
22
|
+
* Resolves symlinks FIRST to prevent TOCTOU race conditions
|
|
26
23
|
*/
|
|
27
24
|
export declare function safeReadFile(filePath: string, repoRoot: string, maxSizeBytes?: number): Promise<string>;
|
|
28
25
|
/**
|
|
@@ -30,11 +27,25 @@ export declare function safeReadFile(filePath: string, repoRoot: string, maxSize
|
|
|
30
27
|
*/
|
|
31
28
|
export declare const SECURITY_IGNORE_PATTERNS: string[];
|
|
32
29
|
/**
|
|
33
|
-
* Validate that a command
|
|
30
|
+
* Validate that a command and its first argument are in the allowlist
|
|
34
31
|
*/
|
|
35
|
-
export declare function isAllowedCommand(command: string): boolean;
|
|
32
|
+
export declare function isAllowedCommand(command: string, args?: string[]): boolean;
|
|
36
33
|
/**
|
|
37
|
-
*
|
|
34
|
+
* Comprehensive argument sanitization to prevent shell injection
|
|
35
|
+
* Strips ALL potentially dangerous characters for both Unix and Windows shells
|
|
38
36
|
*/
|
|
39
37
|
export declare function sanitizeArgs(args: string[]): string[];
|
|
38
|
+
/**
|
|
39
|
+
* Validate that an output path is safe to write to
|
|
40
|
+
* Must be within the working directory or a subdirectory
|
|
41
|
+
*/
|
|
42
|
+
export declare function validateOutputPath(outputPath: string, cwd: string): string;
|
|
43
|
+
/**
|
|
44
|
+
* Validate git branch name to prevent command injection
|
|
45
|
+
*/
|
|
46
|
+
export declare function validateBranchName(branchName: string): string;
|
|
47
|
+
/**
|
|
48
|
+
* Sanitize error messages to prevent credential leakage
|
|
49
|
+
*/
|
|
50
|
+
export declare function sanitizeErrorMessage(error: unknown): string;
|
|
40
51
|
//# sourceMappingURL=security.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../src/core/security.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,qBAAa,aAAc,SAAQ,KAAK;gBACxB,OAAO,EAAE,MAAM;CAI9B;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAEtD;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAOxE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAUvE;AAED
|
|
1
|
+
{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../src/core/security.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,qBAAa,aAAc,SAAQ,KAAK;gBACxB,OAAO,EAAE,MAAM;CAI9B;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAEtD;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAOxE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAUvE;AAED;;;GAGG;AACH,wBAAsB,YAAY,CAC9B,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,YAAY,GAAE,MAAoB,GACnC,OAAO,CAAC,MAAM,CAAC,CA2BjB;AAED;;GAEG;AACH,eAAO,MAAM,wBAAwB,UAUpC,CAAC;AAYF;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,GAAE,MAAM,EAAO,GAAG,OAAO,CAmB9E;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAwBrD;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAoB1E;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CA0B7D;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAqB3D"}
|
package/dist/core/security.js
CHANGED
|
@@ -32,42 +32,34 @@ export function isWithinRepo(filePath, repoRoot) {
|
|
|
32
32
|
export function validatePath(filePath, repoRoot) {
|
|
33
33
|
const normalized = normalizePath(filePath);
|
|
34
34
|
if (!isWithinRepo(normalized, repoRoot)) {
|
|
35
|
-
throw new SecurityError(`Access denied:
|
|
35
|
+
throw new SecurityError(`Access denied: Path is outside the repository boundary`);
|
|
36
36
|
}
|
|
37
37
|
return normalized;
|
|
38
38
|
}
|
|
39
|
-
/**
|
|
40
|
-
* Check if path is a symlink pointing outside repo
|
|
41
|
-
*/
|
|
42
|
-
export async function isSymlinkEscape(filePath, repoRoot) {
|
|
43
|
-
try {
|
|
44
|
-
const stats = await fs.promises.lstat(filePath);
|
|
45
|
-
if (stats.isSymbolicLink()) {
|
|
46
|
-
const realPath = await fs.promises.realpath(filePath);
|
|
47
|
-
return !isWithinRepo(realPath, repoRoot);
|
|
48
|
-
}
|
|
49
|
-
return false;
|
|
50
|
-
}
|
|
51
|
-
catch {
|
|
52
|
-
return false;
|
|
53
|
-
}
|
|
54
|
-
}
|
|
55
39
|
/**
|
|
56
40
|
* Safe file read with security validation
|
|
41
|
+
* Resolves symlinks FIRST to prevent TOCTOU race conditions
|
|
57
42
|
*/
|
|
58
43
|
export async function safeReadFile(filePath, repoRoot, maxSizeBytes = 1024 * 1024 // 1MB default
|
|
59
44
|
) {
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
45
|
+
// First, resolve to real path (follows symlinks)
|
|
46
|
+
let realPath;
|
|
47
|
+
try {
|
|
48
|
+
realPath = await fs.promises.realpath(filePath);
|
|
49
|
+
}
|
|
50
|
+
catch (error) {
|
|
51
|
+
throw new SecurityError(`Cannot resolve path: File does not exist or is inaccessible`);
|
|
52
|
+
}
|
|
53
|
+
// Validate the REAL path is within repo (prevents symlink escape)
|
|
54
|
+
if (!isWithinRepo(realPath, repoRoot)) {
|
|
55
|
+
throw new SecurityError(`Access denied: Path resolves outside the repository boundary`);
|
|
64
56
|
}
|
|
65
57
|
// Check file size
|
|
66
|
-
const stats = await fs.promises.stat(
|
|
58
|
+
const stats = await fs.promises.stat(realPath);
|
|
67
59
|
if (stats.size > maxSizeBytes) {
|
|
68
|
-
throw new SecurityError(`File too large:
|
|
60
|
+
throw new SecurityError(`File too large: ${(stats.size / 1024 / 1024).toFixed(2)}MB exceeds ${(maxSizeBytes / 1024 / 1024).toFixed(2)}MB limit`);
|
|
69
61
|
}
|
|
70
|
-
return fs.promises.readFile(
|
|
62
|
+
return fs.promises.readFile(realPath, 'utf-8');
|
|
71
63
|
}
|
|
72
64
|
/**
|
|
73
65
|
* Default patterns to always ignore (security sensitive)
|
|
@@ -84,35 +76,115 @@ export const SECURITY_IGNORE_PATTERNS = [
|
|
|
84
76
|
'**/.ssh/**',
|
|
85
77
|
];
|
|
86
78
|
/**
|
|
87
|
-
*
|
|
79
|
+
* Allowed commands with their permitted subcommands
|
|
80
|
+
* This provides defense-in-depth against command injection
|
|
81
|
+
*/
|
|
82
|
+
const ALLOWED_COMMANDS = new Map([
|
|
83
|
+
['git', new Set(['status', 'log', 'diff', 'branch', 'grep', 'show-current'])],
|
|
84
|
+
['npm', new Set(['outdated', 'list', 'audit'])],
|
|
85
|
+
['npx', new Set(['tsc', 'eslint'])], // Only specific trusted packages
|
|
86
|
+
]);
|
|
87
|
+
/**
|
|
88
|
+
* Validate that a command and its first argument are in the allowlist
|
|
88
89
|
*/
|
|
89
|
-
export function isAllowedCommand(command) {
|
|
90
|
-
const
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
'
|
|
99
|
-
'
|
|
100
|
-
'
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
];
|
|
106
|
-
const baseCommand = command.trim().split(/\s+/)[0];
|
|
107
|
-
return allowedCommands.includes(baseCommand);
|
|
90
|
+
export function isAllowedCommand(command, args = []) {
|
|
91
|
+
const baseCommand = command.trim().split(/\s+/)[0].toLowerCase();
|
|
92
|
+
// Check if command is in allowlist
|
|
93
|
+
const allowedSubcommands = ALLOWED_COMMANDS.get(baseCommand);
|
|
94
|
+
if (!allowedSubcommands) {
|
|
95
|
+
return false;
|
|
96
|
+
}
|
|
97
|
+
// For commands with subcommands, validate the first arg
|
|
98
|
+
if (args.length > 0 && allowedSubcommands.size > 0) {
|
|
99
|
+
const firstArg = args[0].replace(/^-+/, ''); // Remove leading dashes
|
|
100
|
+
// Allow if it's in the subcommand list OR if it starts with - (flags)
|
|
101
|
+
if (!args[0].startsWith('-') && !allowedSubcommands.has(args[0])) {
|
|
102
|
+
return false;
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
return true;
|
|
108
106
|
}
|
|
109
107
|
/**
|
|
110
|
-
*
|
|
108
|
+
* Comprehensive argument sanitization to prevent shell injection
|
|
109
|
+
* Strips ALL potentially dangerous characters for both Unix and Windows shells
|
|
111
110
|
*/
|
|
112
111
|
export function sanitizeArgs(args) {
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
112
|
+
// Dangerous characters for shell injection
|
|
113
|
+
const DANGEROUS_CHARS = /[;&|`$(){}[\]<>"'%^@#\r\n\t\\!?*~]/g;
|
|
114
|
+
// Additional validation patterns
|
|
115
|
+
const OPTION_INJECTION = /^-/; // Arguments starting with - could be interpreted as options
|
|
116
|
+
return args.map((arg, index) => {
|
|
117
|
+
// Remove all dangerous characters
|
|
118
|
+
let sanitized = arg.replace(DANGEROUS_CHARS, '');
|
|
119
|
+
// Prevent null byte injection
|
|
120
|
+
sanitized = sanitized.replace(/\0/g, '');
|
|
121
|
+
// Trim whitespace
|
|
122
|
+
sanitized = sanitized.trim();
|
|
123
|
+
// Prevent empty arguments after sanitization
|
|
124
|
+
if (sanitized.length === 0 && arg.length > 0) {
|
|
125
|
+
throw new SecurityError(`Argument ${index} contains only unsafe characters`);
|
|
126
|
+
}
|
|
127
|
+
return sanitized;
|
|
116
128
|
});
|
|
117
129
|
}
|
|
130
|
+
/**
|
|
131
|
+
* Validate that an output path is safe to write to
|
|
132
|
+
* Must be within the working directory or a subdirectory
|
|
133
|
+
*/
|
|
134
|
+
export function validateOutputPath(outputPath, cwd) {
|
|
135
|
+
const resolved = path.resolve(cwd, outputPath);
|
|
136
|
+
const normalizedCwd = normalizePath(cwd);
|
|
137
|
+
if (!resolved.startsWith(normalizedCwd + path.sep) && resolved !== normalizedCwd) {
|
|
138
|
+
throw new SecurityError(`Output path must be within the current working directory`);
|
|
139
|
+
}
|
|
140
|
+
// Prevent writing to sensitive files
|
|
141
|
+
const basename = path.basename(resolved).toLowerCase();
|
|
142
|
+
const sensitiveNames = ['.env', '.gitignore', 'package.json', 'package-lock.json', '.npmrc'];
|
|
143
|
+
if (sensitiveNames.includes(basename)) {
|
|
144
|
+
throw new SecurityError(`Cannot write to sensitive file: ${basename}`);
|
|
145
|
+
}
|
|
146
|
+
return resolved;
|
|
147
|
+
}
|
|
148
|
+
/**
|
|
149
|
+
* Validate git branch name to prevent command injection
|
|
150
|
+
*/
|
|
151
|
+
export function validateBranchName(branchName) {
|
|
152
|
+
// Git branch naming rules: alphanumeric, dash, underscore, slash, dot
|
|
153
|
+
const SAFE_BRANCH_PATTERN = /^[a-zA-Z0-9][a-zA-Z0-9_.\-\/]*$/;
|
|
154
|
+
if (!SAFE_BRANCH_PATTERN.test(branchName)) {
|
|
155
|
+
throw new SecurityError(`Invalid branch name. Use only: letters, numbers, _, ., -, /`);
|
|
156
|
+
}
|
|
157
|
+
// Prevent option injection
|
|
158
|
+
if (branchName.startsWith('-')) {
|
|
159
|
+
throw new SecurityError(`Branch name cannot start with a hyphen`);
|
|
160
|
+
}
|
|
161
|
+
// Prevent path traversal
|
|
162
|
+
if (branchName.includes('..')) {
|
|
163
|
+
throw new SecurityError(`Branch name cannot contain '..'`);
|
|
164
|
+
}
|
|
165
|
+
// Max length check
|
|
166
|
+
if (branchName.length > 255) {
|
|
167
|
+
throw new SecurityError(`Branch name too long (max 255 characters)`);
|
|
168
|
+
}
|
|
169
|
+
return branchName;
|
|
170
|
+
}
|
|
171
|
+
/**
|
|
172
|
+
* Sanitize error messages to prevent credential leakage
|
|
173
|
+
*/
|
|
174
|
+
export function sanitizeErrorMessage(error) {
|
|
175
|
+
let message = 'Unknown error';
|
|
176
|
+
if (error instanceof Error) {
|
|
177
|
+
message = error.message;
|
|
178
|
+
// Remove potential API keys (30+ alphanumeric characters)
|
|
179
|
+
message = message.replace(/[A-Za-z0-9_-]{30,}/g, '[REDACTED]');
|
|
180
|
+
// Remove URL query parameters that might contain keys
|
|
181
|
+
message = message.replace(/[?&](key|token|api_key|apikey|secret)=[^&\s]*/gi, '?$1=[REDACTED]');
|
|
182
|
+
// Remove bearer tokens
|
|
183
|
+
message = message.replace(/Bearer\s+[A-Za-z0-9._-]+/gi, 'Bearer [REDACTED]');
|
|
184
|
+
// Remove file paths that might reveal system info
|
|
185
|
+
message = message.replace(/[A-Z]:\\[^\s:]+/gi, '[PATH]'); // Windows paths
|
|
186
|
+
message = message.replace(/\/home\/[^\s:]+/g, '[PATH]'); // Unix home paths
|
|
187
|
+
}
|
|
188
|
+
return message;
|
|
189
|
+
}
|
|
118
190
|
//# sourceMappingURL=security.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security.js","sourceRoot":"","sources":["../../src/core/security.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,IAAI,CAAC;AAEpB,MAAM,OAAO,aAAc,SAAQ,KAAK;IACpC,YAAY,OAAe;QACvB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;IAChC,CAAC;CACJ;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,QAAgB;IAC1C,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,QAAgB;IAC3D,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAE/C,4CAA4C;IAC5C,OAAO,cAAc,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC;QACvD,cAAc,KAAK,cAAc,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,QAAgB;IAC3D,MAAM,UAAU,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAE3C,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE,CAAC;QACtC,MAAM,IAAI,aAAa,CACnB,
|
|
1
|
+
{"version":3,"file":"security.js","sourceRoot":"","sources":["../../src/core/security.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,IAAI,CAAC;AAEpB,MAAM,OAAO,aAAc,SAAQ,KAAK;IACpC,YAAY,OAAe;QACvB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;IAChC,CAAC;CACJ;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,QAAgB;IAC1C,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,QAAgB;IAC3D,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAE/C,4CAA4C;IAC5C,OAAO,cAAc,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC;QACvD,cAAc,KAAK,cAAc,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,QAAgB;IAC3D,MAAM,UAAU,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAE3C,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE,CAAC;QACtC,MAAM,IAAI,aAAa,CACnB,wDAAwD,CAC3D,CAAC;IACN,CAAC;IAED,OAAO,UAAU,CAAC;AACtB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAC9B,QAAgB,EAChB,QAAgB,EAChB,eAAuB,IAAI,GAAG,IAAI,CAAC,cAAc;;IAEjD,iDAAiD;IACjD,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACD,QAAQ,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACpD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,MAAM,IAAI,aAAa,CACnB,6DAA6D,CAChE,CAAC;IACN,CAAC;IAED,kEAAkE;IAClE,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,aAAa,CACnB,8DAA8D,CACjE,CAAC;IACN,CAAC;IAED,kBAAkB;IAClB,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC/C,IAAI,KAAK,CAAC,IAAI,GAAG,YAAY,EAAE,CAAC;QAC5B,MAAM,IAAI,aAAa,CACnB,mBAAmB,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC,YAAY,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAC1H,CAAC;IACN,CAAC;IAED,OAAO,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;AACnD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACpC,YAAY;IACZ,SAAS;IACT,WAAW;IACX,oBAAoB;IACpB,UAAU;IACV,UAAU;IACV,eAAe;IACf,YAAY;IACZ,YAAY;CACf,CAAC;AAEF;;;GAGG;AACH,MAAM,gBAAgB,GAA6B,IAAI,GAAG,CAAC;IACvD,CAAC,KAAK,EAAE,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC;IAC7E,CAAC,KAAK,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAC/C,CAAC,KAAK,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,iCAAiC;CACzE,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAe,EAAE,OAAiB,EAAE;IACjE,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IAEjE,mCAAmC;IACnC,MAAM,kBAAkB,GAAG,gBAAgB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAC7D,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACtB,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,wDAAwD;IACxD,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,kBAAkB,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QACjD,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,wBAAwB;QACrE,sEAAsE;QACtE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/D,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;IAED,OAAO,IAAI,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,IAAc;IACvC,2CAA2C;IAC3C,MAAM,eAAe,GAAG,qCAAqC,CAAC;IAE9D,iCAAiC;IACjC,MAAM,gBAAgB,GAAG,IAAI,CAAC,CAAC,4DAA4D;IAE3F,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;QAC3B,kCAAkC;QAClC,IAAI,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;QAEjD,8BAA8B;QAC9B,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAEzC,kBAAkB;QAClB,SAAS,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;QAE7B,6CAA6C;QAC7C,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3C,MAAM,IAAI,aAAa,CAAC,YAAY,KAAK,kCAAkC,CAAC,CAAC;QACjF,CAAC;QAED,OAAO,SAAS,CAAC;IACrB,CAAC,CAAC,CAAC;AACP,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,UAAkB,EAAE,GAAW;IAC9D,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IAC/C,MAAM,aAAa,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IAEzC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,QAAQ,KAAK,aAAa,EAAE,CAAC;QAC/E,MAAM,IAAI,aAAa,CACnB,0DAA0D,CAC7D,CAAC;IACN,CAAC;IAED,qCAAqC;IACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IACvD,MAAM,cAAc,GAAG,CAAC,MAAM,EAAE,YAAY,EAAE,cAAc,EAAE,mBAAmB,EAAE,QAAQ,CAAC,CAAC;IAC7F,IAAI,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,aAAa,CACnB,mCAAmC,QAAQ,EAAE,CAChD,CAAC;IACN,CAAC;IAED,OAAO,QAAQ,CAAC;AACpB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,UAAkB;IACjD,sEAAsE;IACtE,MAAM,mBAAmB,GAAG,iCAAiC,CAAC;IAE9D,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,aAAa,CACnB,6DAA6D,CAChE,CAAC;IACN,CAAC;IAED,2BAA2B;IAC3B,IAAI,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,aAAa,CAAC,wCAAwC,CAAC,CAAC;IACtE,CAAC;IAED,yBAAyB;IACzB,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,aAAa,CAAC,iCAAiC,CAAC,CAAC;IAC/D,CAAC;IAED,mBAAmB;IACnB,IAAI,UAAU,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QAC1B,MAAM,IAAI,aAAa,CAAC,2CAA2C,CAAC,CAAC;IACzE,CAAC;IAED,OAAO,UAAU,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,KAAc;IAC/C,IAAI,OAAO,GAAG,eAAe,CAAC;IAE9B,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;QACzB,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAExB,0DAA0D;QAC1D,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,qBAAqB,EAAE,YAAY,CAAC,CAAC;QAE/D,sDAAsD;QACtD,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,iDAAiD,EAAE,gBAAgB,CAAC,CAAC;QAE/F,uBAAuB;QACvB,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,4BAA4B,EAAE,mBAAmB,CAAC,CAAC;QAE7E,kDAAkD;QAClD,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,mBAAmB,EAAE,QAAQ,CAAC,CAAC,CAAC,gBAAgB;QAC1E,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAC,CAAC,kBAAkB;IAC/E,CAAC;IAED,OAAO,OAAO,CAAC;AACnB,CAAC"}
|