vaspera 2.11.0 → 2.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +46 -0
- package/dist/__tests__/audit-trail.test.d.ts +7 -0
- package/dist/__tests__/audit-trail.test.d.ts.map +1 -0
- package/dist/__tests__/audit-trail.test.js +336 -0
- package/dist/__tests__/audit-trail.test.js.map +1 -0
- package/dist/__tests__/property-test-helpers.d.ts +1 -1
- package/dist/__tests__/siem-integration.test.d.ts +7 -0
- package/dist/__tests__/siem-integration.test.d.ts.map +1 -0
- package/dist/__tests__/siem-integration.test.js +285 -0
- package/dist/__tests__/siem-integration.test.js.map +1 -0
- package/dist/action/pr-comment.test.js +1 -0
- package/dist/action/pr-comment.test.js.map +1 -1
- package/dist/action/sarif-upload.test.js +1 -0
- package/dist/action/sarif-upload.test.js.map +1 -1
- package/dist/autofix/ast/__tests__/typescript.test.d.ts +5 -0
- package/dist/autofix/ast/__tests__/typescript.test.d.ts.map +1 -0
- package/dist/autofix/ast/__tests__/typescript.test.js +210 -0
- package/dist/autofix/ast/__tests__/typescript.test.js.map +1 -0
- package/dist/autofix/ast/index.d.ts +11 -0
- package/dist/autofix/ast/index.d.ts.map +1 -0
- package/dist/autofix/ast/index.js +11 -0
- package/dist/autofix/ast/index.js.map +1 -0
- package/dist/autofix/ast/types.d.ts +77 -0
- package/dist/autofix/ast/types.d.ts.map +1 -0
- package/dist/autofix/ast/types.js +9 -0
- package/dist/autofix/ast/types.js.map +1 -0
- package/dist/autofix/ast/typescript.d.ts +17 -0
- package/dist/autofix/ast/typescript.d.ts.map +1 -0
- package/dist/autofix/ast/typescript.js +427 -0
- package/dist/autofix/ast/typescript.js.map +1 -0
- package/dist/autofix/constitution.schema.d.ts +21 -21
- package/dist/autofix/index.d.ts +1 -0
- package/dist/autofix/index.d.ts.map +1 -1
- package/dist/autofix/index.js +2 -0
- package/dist/autofix/index.js.map +1 -1
- package/dist/config/flags.d.ts +6 -6
- package/dist/history/store.d.ts +55 -1
- package/dist/history/store.d.ts.map +1 -1
- package/dist/history/store.js +152 -4
- package/dist/history/store.js.map +1 -1
- package/dist/history/types.d.ts +9 -5
- package/dist/history/types.d.ts.map +1 -1
- package/dist/history/verify.d.ts.map +1 -1
- package/dist/history/verify.js +5 -3
- package/dist/history/verify.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +923 -16
- package/dist/index.js.map +1 -1
- package/dist/integrations/siem/datadog.d.ts +44 -0
- package/dist/integrations/siem/datadog.d.ts.map +1 -0
- package/dist/integrations/siem/datadog.js +211 -0
- package/dist/integrations/siem/datadog.js.map +1 -0
- package/dist/integrations/siem/format.d.ts +59 -0
- package/dist/integrations/siem/format.d.ts.map +1 -0
- package/dist/integrations/siem/format.js +360 -0
- package/dist/integrations/siem/format.js.map +1 -0
- package/dist/integrations/siem/index.d.ts +56 -0
- package/dist/integrations/siem/index.d.ts.map +1 -0
- package/dist/integrations/siem/index.js +117 -0
- package/dist/integrations/siem/index.js.map +1 -0
- package/dist/integrations/siem/sentinel.d.ts +53 -0
- package/dist/integrations/siem/sentinel.d.ts.map +1 -0
- package/dist/integrations/siem/sentinel.js +231 -0
- package/dist/integrations/siem/sentinel.js.map +1 -0
- package/dist/integrations/siem/splunk.d.ts +46 -0
- package/dist/integrations/siem/splunk.d.ts.map +1 -0
- package/dist/integrations/siem/splunk.js +210 -0
- package/dist/integrations/siem/splunk.js.map +1 -0
- package/dist/integrations/siem/types.d.ts +210 -0
- package/dist/integrations/siem/types.d.ts.map +1 -0
- package/dist/integrations/siem/types.js +9 -0
- package/dist/integrations/siem/types.js.map +1 -0
- package/dist/persistence/__tests__/json-fallback.test.d.ts +5 -0
- package/dist/persistence/__tests__/json-fallback.test.d.ts.map +1 -0
- package/dist/persistence/__tests__/json-fallback.test.js +249 -0
- package/dist/persistence/__tests__/json-fallback.test.js.map +1 -0
- package/dist/persistence/__tests__/persistence.test.d.ts +5 -0
- package/dist/persistence/__tests__/persistence.test.d.ts.map +1 -0
- package/dist/persistence/__tests__/persistence.test.js +369 -0
- package/dist/persistence/__tests__/persistence.test.js.map +1 -0
- package/dist/persistence/db.d.ts +30 -0
- package/dist/persistence/db.d.ts.map +1 -0
- package/dist/persistence/db.js +128 -0
- package/dist/persistence/db.js.map +1 -0
- package/dist/persistence/index.d.ts +75 -0
- package/dist/persistence/index.d.ts.map +1 -0
- package/dist/persistence/index.js +268 -0
- package/dist/persistence/index.js.map +1 -0
- package/dist/persistence/json-fallback.d.ts +52 -0
- package/dist/persistence/json-fallback.d.ts.map +1 -0
- package/dist/persistence/json-fallback.js +283 -0
- package/dist/persistence/json-fallback.js.map +1 -0
- package/dist/persistence/migrations/index.d.ts +10 -0
- package/dist/persistence/migrations/index.d.ts.map +1 -0
- package/dist/persistence/migrations/index.js +125 -0
- package/dist/persistence/migrations/index.js.map +1 -0
- package/dist/persistence/repositories/findings.d.ts +41 -0
- package/dist/persistence/repositories/findings.d.ts.map +1 -0
- package/dist/persistence/repositories/findings.js +238 -0
- package/dist/persistence/repositories/findings.js.map +1 -0
- package/dist/persistence/repositories/projects.d.ts +22 -0
- package/dist/persistence/repositories/projects.d.ts.map +1 -0
- package/dist/persistence/repositories/projects.js +71 -0
- package/dist/persistence/repositories/projects.js.map +1 -0
- package/dist/persistence/repositories/scans.d.ts +30 -0
- package/dist/persistence/repositories/scans.d.ts.map +1 -0
- package/dist/persistence/repositories/scans.js +107 -0
- package/dist/persistence/repositories/scans.js.map +1 -0
- package/dist/persistence/repositories/trends.d.ts +42 -0
- package/dist/persistence/repositories/trends.d.ts.map +1 -0
- package/dist/persistence/repositories/trends.js +178 -0
- package/dist/persistence/repositories/trends.js.map +1 -0
- package/dist/persistence/types.d.ts +105 -0
- package/dist/persistence/types.d.ts.map +1 -0
- package/dist/persistence/types.js +13 -0
- package/dist/persistence/types.js.map +1 -0
- package/dist/plugins/types.d.ts +2 -2
- package/dist/scanners/ai-code/index.d.ts.map +1 -1
- package/dist/scanners/ai-code/index.js +90 -2
- package/dist/scanners/ai-code/index.js.map +1 -1
- package/dist/scanners/ai-code/types.d.ts +24 -12
- package/dist/scanners/ai-code/types.d.ts.map +1 -1
- package/dist/scanners/cache.d.ts.map +1 -1
- package/dist/scanners/cache.js +1 -0
- package/dist/scanners/cache.js.map +1 -1
- package/dist/scanners/deploy/types.d.ts +13 -13
- package/dist/scanners/detection/__tests__/detection.test.d.ts +5 -0
- package/dist/scanners/detection/__tests__/detection.test.d.ts.map +1 -0
- package/dist/scanners/detection/__tests__/detection.test.js +265 -0
- package/dist/scanners/detection/__tests__/detection.test.js.map +1 -0
- package/dist/scanners/detection/engines/ast-query.d.ts +23 -0
- package/dist/scanners/detection/engines/ast-query.d.ts.map +1 -0
- package/dist/scanners/detection/engines/ast-query.js +232 -0
- package/dist/scanners/detection/engines/ast-query.js.map +1 -0
- package/dist/scanners/detection/engines/data-flow.d.ts +12 -0
- package/dist/scanners/detection/engines/data-flow.d.ts.map +1 -0
- package/dist/scanners/detection/engines/data-flow.js +269 -0
- package/dist/scanners/detection/engines/data-flow.js.map +1 -0
- package/dist/scanners/detection/index.d.ts +29 -0
- package/dist/scanners/detection/index.d.ts.map +1 -0
- package/dist/scanners/detection/index.js +140 -0
- package/dist/scanners/detection/index.js.map +1 -0
- package/dist/scanners/detection/rules/builtin.d.ts +14 -0
- package/dist/scanners/detection/rules/builtin.d.ts.map +1 -0
- package/dist/scanners/detection/rules/builtin.js +307 -0
- package/dist/scanners/detection/rules/builtin.js.map +1 -0
- package/dist/scanners/detection/rules/loader.d.ts +19 -0
- package/dist/scanners/detection/rules/loader.d.ts.map +1 -0
- package/dist/scanners/detection/rules/loader.js +111 -0
- package/dist/scanners/detection/rules/loader.js.map +1 -0
- package/dist/scanners/detection/types.d.ts +171 -0
- package/dist/scanners/detection/types.d.ts.map +1 -0
- package/dist/scanners/detection/types.js +36 -0
- package/dist/scanners/detection/types.js.map +1 -0
- package/dist/scanners/eslint.d.ts.map +1 -1
- package/dist/scanners/eslint.js +45 -3
- package/dist/scanners/eslint.js.map +1 -1
- package/dist/scanners/index.d.ts +9 -1
- package/dist/scanners/index.d.ts.map +1 -1
- package/dist/scanners/index.js +64 -0
- package/dist/scanners/index.js.map +1 -1
- package/dist/scanners/index.test.js +6 -6
- package/dist/scanners/index.test.js.map +1 -1
- package/dist/scanners/scale/bottleneck-detector.d.ts +13 -2
- package/dist/scanners/scale/bottleneck-detector.d.ts.map +1 -1
- package/dist/scanners/scale/bottleneck-detector.js +199 -72
- package/dist/scanners/scale/bottleneck-detector.js.map +1 -1
- package/dist/scanners/scale/types.d.ts +3 -3
- package/dist/scanners/types.d.ts +19 -2
- package/dist/scanners/types.d.ts.map +1 -1
- package/dist/scanners/types.js +1 -0
- package/dist/scanners/types.js.map +1 -1
- package/dist/scanners/typescript.d.ts.map +1 -1
- package/dist/scanners/typescript.js +36 -4
- package/dist/scanners/typescript.js.map +1 -1
- package/package.json +5 -1
|
@@ -0,0 +1,171 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Detection Engine Types
|
|
3
|
+
*
|
|
4
|
+
* Types for the custom detection engine that provides proprietary
|
|
5
|
+
* security analysis beyond wrapped tools like Semgrep.
|
|
6
|
+
*
|
|
7
|
+
* @module scanners/detection/types
|
|
8
|
+
*/
|
|
9
|
+
import type { Severity } from "../../certification/types.js";
|
|
10
|
+
/**
|
|
11
|
+
* Supported detection engines
|
|
12
|
+
*/
|
|
13
|
+
export type DetectionEngine = "ast-query" | "data-flow" | "control-flow" | "semantic";
|
|
14
|
+
/**
|
|
15
|
+
* A taint source - where untrusted data enters
|
|
16
|
+
*/
|
|
17
|
+
export interface TaintSource {
|
|
18
|
+
pattern: string;
|
|
19
|
+
description?: string;
|
|
20
|
+
parameterIndex?: number;
|
|
21
|
+
}
|
|
22
|
+
/**
|
|
23
|
+
* A taint sink - dangerous operation that consumes data
|
|
24
|
+
*/
|
|
25
|
+
export interface TaintSink {
|
|
26
|
+
pattern: string;
|
|
27
|
+
description?: string;
|
|
28
|
+
parameterIndex?: number;
|
|
29
|
+
}
|
|
30
|
+
/**
|
|
31
|
+
* A sanitizer that neutralizes tainted data
|
|
32
|
+
*/
|
|
33
|
+
export interface Sanitizer {
|
|
34
|
+
pattern: string;
|
|
35
|
+
description?: string;
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Data flow rule configuration
|
|
39
|
+
*/
|
|
40
|
+
export interface DataFlowConfig {
|
|
41
|
+
sources: TaintSource[];
|
|
42
|
+
sinks: TaintSink[];
|
|
43
|
+
sanitizers?: Sanitizer[];
|
|
44
|
+
requireAllSources?: boolean;
|
|
45
|
+
}
|
|
46
|
+
/**
|
|
47
|
+
* Control flow rule configuration
|
|
48
|
+
*/
|
|
49
|
+
export interface ControlFlowConfig {
|
|
50
|
+
entryPoints?: string[];
|
|
51
|
+
mustReach?: {
|
|
52
|
+
pattern: string;
|
|
53
|
+
description?: string;
|
|
54
|
+
}[];
|
|
55
|
+
mustNotReach?: {
|
|
56
|
+
pattern: string;
|
|
57
|
+
description?: string;
|
|
58
|
+
}[];
|
|
59
|
+
}
|
|
60
|
+
/**
|
|
61
|
+
* AST query rule configuration
|
|
62
|
+
*/
|
|
63
|
+
export interface ASTQueryConfig {
|
|
64
|
+
pattern: string;
|
|
65
|
+
language?: "typescript" | "javascript" | "python" | "go" | "ruby";
|
|
66
|
+
capture?: string;
|
|
67
|
+
constraints?: Record<string, string>;
|
|
68
|
+
}
|
|
69
|
+
/**
|
|
70
|
+
* Detection rule definition
|
|
71
|
+
*/
|
|
72
|
+
export interface DetectionRule {
|
|
73
|
+
id: string;
|
|
74
|
+
name: string;
|
|
75
|
+
description: string;
|
|
76
|
+
category: string;
|
|
77
|
+
severity: Severity;
|
|
78
|
+
confidence: number;
|
|
79
|
+
enabled?: boolean;
|
|
80
|
+
engines: {
|
|
81
|
+
astQuery?: ASTQueryConfig;
|
|
82
|
+
dataFlow?: DataFlowConfig;
|
|
83
|
+
controlFlow?: ControlFlowConfig;
|
|
84
|
+
};
|
|
85
|
+
cweIds?: string[];
|
|
86
|
+
owaspRefs?: string[];
|
|
87
|
+
autofixPatternId?: string;
|
|
88
|
+
metadata?: Record<string, unknown>;
|
|
89
|
+
}
|
|
90
|
+
/**
|
|
91
|
+
* A path from taint source to sink
|
|
92
|
+
*/
|
|
93
|
+
export interface TaintPath {
|
|
94
|
+
source: {
|
|
95
|
+
pattern: string;
|
|
96
|
+
file: string;
|
|
97
|
+
line: number;
|
|
98
|
+
column?: number;
|
|
99
|
+
expression: string;
|
|
100
|
+
};
|
|
101
|
+
sink: {
|
|
102
|
+
pattern: string;
|
|
103
|
+
file: string;
|
|
104
|
+
line: number;
|
|
105
|
+
column?: number;
|
|
106
|
+
expression: string;
|
|
107
|
+
};
|
|
108
|
+
intermediateNodes: {
|
|
109
|
+
file: string;
|
|
110
|
+
line: number;
|
|
111
|
+
expression: string;
|
|
112
|
+
}[];
|
|
113
|
+
sanitized: boolean;
|
|
114
|
+
sanitizer?: string;
|
|
115
|
+
}
|
|
116
|
+
/**
|
|
117
|
+
* Result from running detection on a single file
|
|
118
|
+
*/
|
|
119
|
+
export interface DetectionMatch {
|
|
120
|
+
ruleId: string;
|
|
121
|
+
file: string;
|
|
122
|
+
line: number;
|
|
123
|
+
column?: number;
|
|
124
|
+
endLine?: number;
|
|
125
|
+
endColumn?: number;
|
|
126
|
+
message: string;
|
|
127
|
+
severity: Severity;
|
|
128
|
+
confidence: number;
|
|
129
|
+
category: string;
|
|
130
|
+
evidence: string;
|
|
131
|
+
taintPath?: TaintPath;
|
|
132
|
+
cweIds?: string[];
|
|
133
|
+
owaspRefs?: string[];
|
|
134
|
+
autofixPatternId?: string;
|
|
135
|
+
}
|
|
136
|
+
/**
|
|
137
|
+
* Result from running detection engine
|
|
138
|
+
*/
|
|
139
|
+
export interface DetectionResult {
|
|
140
|
+
success: boolean;
|
|
141
|
+
matches: DetectionMatch[];
|
|
142
|
+
rulesEvaluated: number;
|
|
143
|
+
filesAnalyzed: number;
|
|
144
|
+
duration: number;
|
|
145
|
+
errors?: string[];
|
|
146
|
+
}
|
|
147
|
+
/**
|
|
148
|
+
* Detection engine context
|
|
149
|
+
*/
|
|
150
|
+
export interface DetectionContext {
|
|
151
|
+
projectPath: string;
|
|
152
|
+
files?: string[];
|
|
153
|
+
rules?: DetectionRule[];
|
|
154
|
+
include?: string[];
|
|
155
|
+
exclude?: string[];
|
|
156
|
+
timeout?: number;
|
|
157
|
+
}
|
|
158
|
+
/**
|
|
159
|
+
* Built-in detection categories
|
|
160
|
+
*/
|
|
161
|
+
export declare const DETECTION_CATEGORIES: readonly ["sql-injection", "xss", "ssrf", "path-traversal", "command-injection", "idor", "bola", "auth-bypass", "race-condition", "secrets", "insecure-deserialization", "xxe", "open-redirect", "csrf"];
|
|
162
|
+
export type DetectionCategory = (typeof DETECTION_CATEGORIES)[number];
|
|
163
|
+
/**
|
|
164
|
+
* Default confidence thresholds
|
|
165
|
+
*/
|
|
166
|
+
export declare const CONFIDENCE_THRESHOLDS: {
|
|
167
|
+
readonly high: 85;
|
|
168
|
+
readonly medium: 60;
|
|
169
|
+
readonly low: 40;
|
|
170
|
+
};
|
|
171
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/scanners/detection/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAC;AAE7D;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,WAAW,GAAG,WAAW,GAAG,cAAc,GAAG,UAAU,CAAC;AAEtF;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,KAAK,EAAE,SAAS,EAAE,CAAC;IACnB,UAAU,CAAC,EAAE,SAAS,EAAE,CAAC;IACzB,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IACxD,YAAY,CAAC,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CAC5D;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,YAAY,GAAG,YAAY,GAAG,QAAQ,GAAG,IAAI,GAAG,MAAM,CAAC;IAClE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACtC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB,OAAO,EAAE;QACP,QAAQ,CAAC,EAAE,cAAc,CAAC;QAC1B,QAAQ,CAAC,EAAE,cAAc,CAAC;QAC1B,WAAW,CAAC,EAAE,iBAAiB,CAAC;KACjC,CAAC;IAEF,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE;QACN,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,IAAI,EAAE;QACJ,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,iBAAiB,EAAE;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC;KACpB,EAAE,CAAC;IACJ,SAAS,EAAE,OAAO,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,cAAc,EAAE,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,CAAC,EAAE,aAAa,EAAE,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,eAAO,MAAM,oBAAoB,0MAevB,CAAC;AAEX,MAAM,MAAM,iBAAiB,GAAG,CAAC,OAAO,oBAAoB,CAAC,CAAC,MAAM,CAAC,CAAC;AAEtE;;GAEG;AACH,eAAO,MAAM,qBAAqB;;;;CAIxB,CAAC"}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Detection Engine Types
|
|
3
|
+
*
|
|
4
|
+
* Types for the custom detection engine that provides proprietary
|
|
5
|
+
* security analysis beyond wrapped tools like Semgrep.
|
|
6
|
+
*
|
|
7
|
+
* @module scanners/detection/types
|
|
8
|
+
*/
|
|
9
|
+
/**
|
|
10
|
+
* Built-in detection categories
|
|
11
|
+
*/
|
|
12
|
+
export const DETECTION_CATEGORIES = [
|
|
13
|
+
"sql-injection",
|
|
14
|
+
"xss",
|
|
15
|
+
"ssrf",
|
|
16
|
+
"path-traversal",
|
|
17
|
+
"command-injection",
|
|
18
|
+
"idor",
|
|
19
|
+
"bola",
|
|
20
|
+
"auth-bypass",
|
|
21
|
+
"race-condition",
|
|
22
|
+
"secrets",
|
|
23
|
+
"insecure-deserialization",
|
|
24
|
+
"xxe",
|
|
25
|
+
"open-redirect",
|
|
26
|
+
"csrf",
|
|
27
|
+
];
|
|
28
|
+
/**
|
|
29
|
+
* Default confidence thresholds
|
|
30
|
+
*/
|
|
31
|
+
export const CONFIDENCE_THRESHOLDS = {
|
|
32
|
+
high: 85,
|
|
33
|
+
medium: 60,
|
|
34
|
+
low: 40,
|
|
35
|
+
};
|
|
36
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/scanners/detection/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAiKH;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,eAAe;IACf,KAAK;IACL,MAAM;IACN,gBAAgB;IAChB,mBAAmB;IACnB,MAAM;IACN,MAAM;IACN,aAAa;IACb,gBAAgB;IAChB,SAAS;IACT,0BAA0B;IAC1B,KAAK;IACL,eAAe;IACf,MAAM;CACE,CAAC;AAIX;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,IAAI,EAAE,EAAE;IACR,MAAM,EAAE,EAAE;IACV,GAAG,EAAE,EAAE;CACC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"eslint.d.ts","sourceRoot":"","sources":["../../src/scanners/eslint.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,OAAO,KAAK,EAAwB,aAAa,EAAE,mBAAmB,
|
|
1
|
+
{"version":3,"file":"eslint.d.ts","sourceRoot":"","sources":["../../src/scanners/eslint.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,OAAO,KAAK,EAAwB,aAAa,EAAE,mBAAmB,EAAuB,MAAM,YAAY,CAAC;AAqEhH;;GAEG;AACH,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAiBzE;AAmDD;;GAEG;AACH,wBAAsB,SAAS,CAC7B,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IACR,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,GAAG,CAAC,EAAE,OAAO,CAAC;CACf,GACA,OAAO,CAAC,aAAa,CAAC,CA0JxB;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAExE"}
|
package/dist/scanners/eslint.js
CHANGED
|
@@ -9,6 +9,14 @@ import { exec } from "child_process";
|
|
|
9
9
|
import { promisify } from "util";
|
|
10
10
|
import { access } from "fs/promises";
|
|
11
11
|
import { join } from "path";
|
|
12
|
+
function buildErrorDetails(phase, message, suggestions = [], fullOutput) {
|
|
13
|
+
return {
|
|
14
|
+
message,
|
|
15
|
+
phase,
|
|
16
|
+
suggestions,
|
|
17
|
+
fullOutput,
|
|
18
|
+
};
|
|
19
|
+
}
|
|
12
20
|
const execAsync = promisify(exec);
|
|
13
21
|
/**
|
|
14
22
|
* Security-related ESLint rules to flag
|
|
@@ -114,7 +122,12 @@ export async function runEslint(projectPath, options) {
|
|
|
114
122
|
findings: [],
|
|
115
123
|
duration: Date.now() - startTime,
|
|
116
124
|
success: false,
|
|
117
|
-
error: "ESLint is not installed
|
|
125
|
+
error: "ESLint is not installed",
|
|
126
|
+
errorDetails: buildErrorDetails("init", "ESLint is not installed", [
|
|
127
|
+
"Install ESLint: npm install eslint --save-dev",
|
|
128
|
+
"Or globally: npm install -g eslint",
|
|
129
|
+
"Then run: npx eslint --init to configure",
|
|
130
|
+
]),
|
|
118
131
|
};
|
|
119
132
|
}
|
|
120
133
|
// Check if project has ESLint config
|
|
@@ -125,7 +138,12 @@ export async function runEslint(projectPath, options) {
|
|
|
125
138
|
findings: [],
|
|
126
139
|
duration: Date.now() - startTime,
|
|
127
140
|
success: false,
|
|
128
|
-
error: "No ESLint configuration found
|
|
141
|
+
error: "No ESLint configuration found",
|
|
142
|
+
errorDetails: buildErrorDetails("init", "No ESLint configuration found", [
|
|
143
|
+
"Run: npx eslint --init to create a config",
|
|
144
|
+
"Or create eslint.config.js (flat config) or .eslintrc.json",
|
|
145
|
+
"Check eslint.org/docs/user-guide/configuring",
|
|
146
|
+
]),
|
|
129
147
|
};
|
|
130
148
|
}
|
|
131
149
|
// Build command
|
|
@@ -153,12 +171,18 @@ export async function runEslint(projectPath, options) {
|
|
|
153
171
|
output = JSON.parse(stdout);
|
|
154
172
|
}
|
|
155
173
|
catch {
|
|
174
|
+
const combinedOutput = `stdout: ${stdout.slice(0, 2000)}\nstderr: ${stderr?.slice(0, 500) || ""}`;
|
|
156
175
|
return {
|
|
157
176
|
scanner: "eslint",
|
|
158
177
|
findings: [],
|
|
159
178
|
duration: Date.now() - startTime,
|
|
160
179
|
success: false,
|
|
161
180
|
error: "Failed to parse ESLint output",
|
|
181
|
+
errorDetails: buildErrorDetails("parse", "ESLint output was not valid JSON", [
|
|
182
|
+
"Check if ESLint config is valid",
|
|
183
|
+
"Run: npx eslint --print-config . to debug",
|
|
184
|
+
"Ensure no plugins are missing",
|
|
185
|
+
], combinedOutput),
|
|
162
186
|
};
|
|
163
187
|
}
|
|
164
188
|
// Convert to DeterministicFindings
|
|
@@ -202,12 +226,30 @@ export async function runEslint(projectPath, options) {
|
|
|
202
226
|
};
|
|
203
227
|
}
|
|
204
228
|
catch (error) {
|
|
229
|
+
const errorMessage = error instanceof Error ? error.message : "Unknown error";
|
|
230
|
+
const suggestions = [];
|
|
231
|
+
if (errorMessage.includes("Cannot find module")) {
|
|
232
|
+
suggestions.push("Run: npm install to install dependencies");
|
|
233
|
+
suggestions.push("Check if required ESLint plugins are installed");
|
|
234
|
+
}
|
|
235
|
+
else if (errorMessage.includes("ENOENT")) {
|
|
236
|
+
suggestions.push("Ensure ESLint is installed in the project");
|
|
237
|
+
}
|
|
238
|
+
else if (errorMessage.includes("timeout")) {
|
|
239
|
+
suggestions.push("Increase timeout or reduce number of files");
|
|
240
|
+
suggestions.push("Use .eslintignore to skip large directories");
|
|
241
|
+
}
|
|
242
|
+
else {
|
|
243
|
+
suggestions.push("Check ESLint configuration for errors");
|
|
244
|
+
suggestions.push("Run: npx eslint --debug to get more info");
|
|
245
|
+
}
|
|
205
246
|
return {
|
|
206
247
|
scanner: "eslint",
|
|
207
248
|
findings: [],
|
|
208
249
|
duration: Date.now() - startTime,
|
|
209
250
|
success: false,
|
|
210
|
-
error:
|
|
251
|
+
error: errorMessage,
|
|
252
|
+
errorDetails: buildErrorDetails("scan", errorMessage, suggestions),
|
|
211
253
|
};
|
|
212
254
|
}
|
|
213
255
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"eslint.js","sourceRoot":"","sources":["../../src/scanners/eslint.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AA6BlC;;GAEG;AACH,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,SAAS;IACT,iBAAiB;IACjB,aAAa;IACb,eAAe;IACf,oCAAoC;IACpC,sCAAsC;IACtC,yCAAyC;IACzC,oCAAoC;IACpC,qCAAqC;IACrC,kCAAkC;IAClC,yCAAyC;IACzC,mCAAmC;IACnC,8BAA8B;IAC9B,iCAAiC;IACjC,+BAA+B;IAC/B,yCAAyC;IACzC,gDAAgD;IAChD,iCAAiC;CAClC,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB;IACxC,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,sBAAsB,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QAC/E,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;QAE9B,OAAO;YACL,OAAO,EAAE,QAAQ;YACjB,SAAS,EAAE,IAAI;YACf,OAAO;SACR,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,QAAQ;YACjB,SAAS,EAAE,KAAK;YAChB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,kBAAkB;SACnE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,cAAqB,EAAE,MAAqB;IAC/D,0CAA0C;IAC1C,IAAI,MAAM,IAAI,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QACzC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,+BAA+B;IAC/B,OAAO,cAAc,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAAC,WAAmB;IAChD,MAAM,WAAW,GAAG;QAClB,cAAc;QACd,eAAe;QACf,gBAAgB;QAChB,eAAe;QACf,gBAAgB;QAChB,kBAAkB;QAClB,mBAAmB;QACnB,mBAAmB;KACpB,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC;YACtC,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,qBAAqB;QACvB,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;QAClD,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;QACtB,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACjD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QACzD,OAAO,cAAc,IAAI,GAAG,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,WAAmB,EACnB,OAIC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,+BAA+B;QAC/B,MAAM,YAAY,GAAG,MAAM,oBAAoB,EAAE,CAAC;QAClD,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,QAAQ;gBACjB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"eslint.js","sourceRoot":"","sources":["../../src/scanners/eslint.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,SAAS,iBAAiB,CACxB,KAAgC,EAChC,OAAe,EACf,cAAwB,EAAE,EAC1B,UAAmB;IAEnB,OAAO;QACL,OAAO;QACP,KAAK;QACL,WAAW;QACX,UAAU;KACX,CAAC;AACJ,CAAC;AAED,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AA6BlC;;GAEG;AACH,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,SAAS;IACT,iBAAiB;IACjB,aAAa;IACb,eAAe;IACf,oCAAoC;IACpC,sCAAsC;IACtC,yCAAyC;IACzC,oCAAoC;IACpC,qCAAqC;IACrC,kCAAkC;IAClC,yCAAyC;IACzC,mCAAmC;IACnC,8BAA8B;IAC9B,iCAAiC;IACjC,+BAA+B;IAC/B,yCAAyC;IACzC,gDAAgD;IAChD,iCAAiC;CAClC,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB;IACxC,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,sBAAsB,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QAC/E,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;QAE9B,OAAO;YACL,OAAO,EAAE,QAAQ;YACjB,SAAS,EAAE,IAAI;YACf,OAAO;SACR,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,QAAQ;YACjB,SAAS,EAAE,KAAK;YAChB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,kBAAkB;SACnE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,cAAqB,EAAE,MAAqB;IAC/D,0CAA0C;IAC1C,IAAI,MAAM,IAAI,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QACzC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,+BAA+B;IAC/B,OAAO,cAAc,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAAC,WAAmB;IAChD,MAAM,WAAW,GAAG;QAClB,cAAc;QACd,eAAe;QACf,gBAAgB;QAChB,eAAe;QACf,gBAAgB;QAChB,kBAAkB;QAClB,mBAAmB;QACnB,mBAAmB;KACpB,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC;YACtC,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,qBAAqB;QACvB,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;QAClD,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;QACtB,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACjD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QACzD,OAAO,cAAc,IAAI,GAAG,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,WAAmB,EACnB,OAIC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,+BAA+B;QAC/B,MAAM,YAAY,GAAG,MAAM,oBAAoB,EAAE,CAAC;QAClD,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,QAAQ;gBACjB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,yBAAyB;gBAChC,YAAY,EAAE,iBAAiB,CAAC,MAAM,EAAE,yBAAyB,EAAE;oBACjE,+CAA+C;oBAC/C,oCAAoC;oBACpC,0CAA0C;iBAC3C,CAAC;aACH,CAAC;QACJ,CAAC;QAED,qCAAqC;QACrC,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,WAAW,CAAC,CAAC;QACrD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE,QAAQ;gBACjB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,+BAA+B;gBACtC,YAAY,EAAE,iBAAiB,CAAC,MAAM,EAAE,+BAA+B,EAAE;oBACvE,2CAA2C;oBAC3C,4DAA4D;oBAC5D,8CAA8C;iBAC/C,CAAC;aACH,CAAC;QACJ,CAAC;QAED,gBAAgB;QAChB,MAAM,UAAU,GAAG,OAAO,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QACzE,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACnE,IAAI,OAAO,GAAG,eAAe,WAAW,WAAW,MAAM,gBAAgB,CAAC;QAE1E,IAAI,OAAO,EAAE,GAAG,EAAE,CAAC;YACjB,OAAO,IAAI,QAAQ,CAAC;QACtB,CAAC;QAED,aAAa;QACb,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE;YAClD,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,MAAM;YACnC,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,OAAO;YACpC,GAAG,EAAE,WAAW;SACjB,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACjB,+CAA+C;YAC/C,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjB,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YAC9D,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,oBAAoB;QACpB,IAAI,MAAsB,CAAC;QAC3B,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,cAAc,GAAG,WAAW,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,aAAa,MAAM,EAAE,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;YAClG,OAAO;gBACL,OAAO,EAAE,QAAQ;gBACjB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,+BAA+B;gBACtC,YAAY,EAAE,iBAAiB,CAC7B,OAAO,EACP,kCAAkC,EAClC;oBACE,iCAAiC;oBACjC,2CAA2C;oBAC3C,+BAA+B;iBAChC,EACD,cAAc,CACf;aACF,CAAC;QACJ,CAAC;QAED,mCAAmC;QACnC,MAAM,QAAQ,GAA2B,EAAE,CAAC;QAE5C,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;YAC1B,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,GAAG,GAAG,EAAE,EAAE,CAAC,CAAC;YAElE,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACpC,IAAI,CAAC,OAAO,CAAC,MAAM;oBAAE,SAAS,CAAC,sBAAsB;gBAErD,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,QAAiB;oBAC1B,MAAM,EAAE,UAAU,OAAO,CAAC,MAAM,EAAE;oBAClC,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC;oBACvD,UAAU,EAAE,GAAG;oBACf,YAAY,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG;oBAC3B,QAAQ,EAAE;wBACR,MAAM,EAAE,OAAO,CAAC,MAAM;wBACtB,cAAc,EAAE,OAAO,CAAC,QAAQ;wBAChC,cAAc,EAAE,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC;qBACnD;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC;QACnC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QACpE,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;QAExE,OAAO;YACL,OAAO,EAAE,QAAQ;YACjB,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,YAAY,CAAC,OAAO;YAC7B,YAAY;SACb,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;QAC9E,MAAM,WAAW,GAAa,EAAE,CAAC;QAEjC,IAAI,YAAY,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAChD,WAAW,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;YAC7D,WAAW,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;QACrE,CAAC;aAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3C,WAAW,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QAChE,CAAC;aAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAC5C,WAAW,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;YAC/D,WAAW,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;QAClE,CAAC;aAAM,CAAC;YACN,WAAW,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;YAC1D,WAAW,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;QAC/D,CAAC;QAED,OAAO;YACL,OAAO,EAAE,QAAQ;YACjB,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,YAAY;YACnB,YAAY,EAAE,iBAAiB,CAAC,MAAM,EAAE,YAAY,EAAE,WAAW,CAAC;SACnE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,WAAmB;IACpD,OAAO,eAAe,CAAC,WAAW,CAAC,CAAC;AACtC,CAAC"}
|
package/dist/scanners/index.d.ts
CHANGED
|
@@ -24,7 +24,8 @@ export { runTfsec, runCheckov, runTerraformScanners, checkTfsecAvailable, checkC
|
|
|
24
24
|
export { runSpectral, runOpenAPIScan, checkSpectralAvailable, findOpenAPISpecs, detectOpenAPI } from "./openapi.js";
|
|
25
25
|
export { runCargoAudit, runClippy, runRustScanners, checkCargoAuditAvailable, checkClippyAvailable, detectRust } from "./rust.js";
|
|
26
26
|
export { runNuclei, runDASTScan, runQuickDASTScan, checkNucleiAvailable, generateDASTReport, formatDASTReport } from "./dast.js";
|
|
27
|
-
|
|
27
|
+
export { runDetection, runDetectionWithCustomRules, listAvailableRules, getDetectionCategories, getBuiltinRules, BUILTIN_RULES, type DetectionRule, type DetectionResult, type DetectionMatch, type DetectionContext, } from "./detection/index.js";
|
|
28
|
+
import type { AggregatedScanResult, ScannerOptions, ScannerResult, ScannerType } from "./types.js";
|
|
28
29
|
import type { Severity } from "../certification/types.js";
|
|
29
30
|
/**
|
|
30
31
|
* Detected project languages and technologies
|
|
@@ -42,6 +43,13 @@ export interface ProjectLanguages {
|
|
|
42
43
|
* Run all enabled scanners and aggregate results
|
|
43
44
|
*/
|
|
44
45
|
export declare function runAllScanners(projectPath: string, options?: ScannerOptions): Promise<AggregatedScanResult>;
|
|
46
|
+
/**
|
|
47
|
+
* Run Vaspera proprietary detection engine as a scanner
|
|
48
|
+
*/
|
|
49
|
+
export declare function runDetectionScanner(projectPath: string, options?: {
|
|
50
|
+
timeout?: number;
|
|
51
|
+
customRulesDir?: string;
|
|
52
|
+
}): Promise<ScannerResult>;
|
|
45
53
|
/**
|
|
46
54
|
* Detect if project uses JavaScript/TypeScript
|
|
47
55
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/scanners/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAC1E,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACxF,OAAO,EAAE,SAAS,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC5E,OAAO,EAAE,QAAQ,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACrE,OAAO,EAAE,QAAQ,EAAE,mBAAmB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACtE,OAAO,EAAE,SAAS,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC5E,OAAO,EAAE,WAAW,EAAE,sBAAsB,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAEjF,OAAO,EAAE,iBAAiB,EAAE,4BAA4B,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC5G,OAAO,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AACvI,OAAO,EAAE,wBAAwB,EAAE,MAAM,qBAAqB,CAAC;AAE/D,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAE5E,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEzI,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAEpH,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,eAAe,EAAE,wBAAwB,EAAE,oBAAoB,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAElI,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/scanners/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAC1E,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACxF,OAAO,EAAE,SAAS,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC5E,OAAO,EAAE,QAAQ,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACrE,OAAO,EAAE,QAAQ,EAAE,mBAAmB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACtE,OAAO,EAAE,SAAS,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC5E,OAAO,EAAE,WAAW,EAAE,sBAAsB,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAEjF,OAAO,EAAE,iBAAiB,EAAE,4BAA4B,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC5G,OAAO,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AACvI,OAAO,EAAE,wBAAwB,EAAE,MAAM,qBAAqB,CAAC;AAE/D,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAE5E,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEzI,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAEpH,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,eAAe,EAAE,wBAAwB,EAAE,oBAAoB,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAElI,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAEjI,OAAO,EACL,YAAY,EACZ,2BAA2B,EAC3B,kBAAkB,EAClB,sBAAsB,EACtB,eAAe,EACf,aAAa,EACb,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,gBAAgB,GACtB,MAAM,sBAAsB,CAAC;AAQ9B,OAAO,KAAK,EACV,oBAAoB,EACpB,cAAc,EACd,aAAa,EACb,WAAW,EAEZ,MAAM,YAAY,CAAC;AAEpB,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,2BAA2B,CAAC;AAoB1D;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,OAAO,CAAC;IACpB,MAAM,EAAE,OAAO,CAAC;IAChB,EAAE,EAAE,OAAO,CAAC;IACZ,IAAI,EAAE,OAAO,CAAC;IACd,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,EAAE,OAAO,CAAC;IAChB,SAAS,EAAE,OAAO,CAAC;CACpB;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,oBAAoB,CAAC,CAuI/B;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,cAAc,CAAC,EAAE,MAAM,CAAA;CAAE,GACtD,OAAO,CAAC,aAAa,CAAC,CA6CxB;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAgB5E;AAED;;GAEG;AACH,wBAAsB,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAqBtE;AAED;;GAEG;AACH,wBAAsB,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CA0BtE;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAUxE;AAGD;;GAEG;AACH,wBAAsB,sBAAsB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAoB3F;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,4BAA4B,CAChD,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IACR,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,+DAA+D;IAC/D,WAAW,CAAC,EAAE,WAAW,EAAE,CAAC;IAC5B,gEAAgE;IAChE,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;CAC9B,GACA,OAAO,CAAC,oBAAoB,GAAG;IAAE,iBAAiB,EAAE,gBAAgB,CAAA;CAAE,CAAC,CA4EzE;AAiMD;;GAEG;AACH,wBAAsB,sBAAsB,IAAI,OAAO,CACrD,MAAM,CAAC,WAAW,EAAE;IAAE,SAAS,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAC9E,CAmDA;AAED;;GAEG;AACH,wBAAgB,yBAAyB,IAAI,MAAM,CAAC,WAAW,EAAE;IAC/D,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE;QACf,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,OAAO,EAAE,MAAM,CAAC;QAChB,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAC;IACF,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC,CA0RD;AAED;;GAEG;AACH,wBAAgB,sCAAsC,CACpD,UAAU,EAAE,oBAAoB,GAC/B,KAAK,CAAC;IACP,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,QAAQ,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,GAAG,CAAC;IAChB,cAAc,EAAE,WAAW,CAAC;IAC5B,eAAe,EAAE,MAAM,CAAC;CACzB,CAAC,CAkED;AA8DD;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,oBAAoB,GAAG,MAAM,CA+C3E"}
|
package/dist/scanners/index.js
CHANGED
|
@@ -30,6 +30,8 @@ export { runSpectral, runOpenAPIScan, checkSpectralAvailable, findOpenAPISpecs,
|
|
|
30
30
|
export { runCargoAudit, runClippy, runRustScanners, checkCargoAuditAvailable, checkClippyAvailable, detectRust } from "./rust.js";
|
|
31
31
|
// DAST scanner (Nuclei)
|
|
32
32
|
export { runNuclei, runDASTScan, runQuickDASTScan, checkNucleiAvailable, generateDASTReport, formatDASTReport } from "./dast.js";
|
|
33
|
+
// Vaspera proprietary detection engine
|
|
34
|
+
export { runDetection, runDetectionWithCustomRules, listAvailableRules, getDetectionCategories, getBuiltinRules, BUILTIN_RULES, } from "./detection/index.js";
|
|
33
35
|
import { DEFAULT_SCANNER_OPTIONS } from "./types.js";
|
|
34
36
|
import { runDependencyAudit } from "./dependencies.js";
|
|
35
37
|
import { runTypeScriptAnalysis } from "./typescript.js";
|
|
@@ -41,6 +43,7 @@ import { runTrivy } from "./trivy.js";
|
|
|
41
43
|
import { runEslint } from "./eslint.js";
|
|
42
44
|
import { runBrakeman } from "./brakeman.js";
|
|
43
45
|
import { detectTerraform } from "./terraform.js";
|
|
46
|
+
import { runDetection as runDetectionEngine } from "./detection/index.js";
|
|
44
47
|
import { logger } from "../logger.js";
|
|
45
48
|
import { access } from "fs/promises";
|
|
46
49
|
import { join } from "path";
|
|
@@ -133,6 +136,7 @@ export async function runAllScanners(projectPath, options) {
|
|
|
133
136
|
rust: 0,
|
|
134
137
|
"cargo-audit": 0,
|
|
135
138
|
clippy: 0,
|
|
139
|
+
detection: 0,
|
|
136
140
|
plugin: 0,
|
|
137
141
|
};
|
|
138
142
|
for (const finding of allFindings) {
|
|
@@ -163,6 +167,53 @@ export async function runAllScanners(projectPath, options) {
|
|
|
163
167
|
});
|
|
164
168
|
return result;
|
|
165
169
|
}
|
|
170
|
+
/**
|
|
171
|
+
* Run Vaspera proprietary detection engine as a scanner
|
|
172
|
+
*/
|
|
173
|
+
export async function runDetectionScanner(projectPath, options) {
|
|
174
|
+
const startTime = Date.now();
|
|
175
|
+
try {
|
|
176
|
+
const result = await runDetectionEngine({
|
|
177
|
+
projectPath,
|
|
178
|
+
timeout: options?.timeout,
|
|
179
|
+
});
|
|
180
|
+
const findings = result.matches.map((match) => ({
|
|
181
|
+
scanner: "detection",
|
|
182
|
+
ruleId: match.ruleId,
|
|
183
|
+
file: match.file,
|
|
184
|
+
line: match.line,
|
|
185
|
+
column: match.column,
|
|
186
|
+
endLine: match.endLine,
|
|
187
|
+
endColumn: match.endColumn,
|
|
188
|
+
message: match.message,
|
|
189
|
+
severity: match.severity,
|
|
190
|
+
confidence: match.confidence,
|
|
191
|
+
category: match.category,
|
|
192
|
+
cweIds: match.cweIds,
|
|
193
|
+
evidence: match.evidence,
|
|
194
|
+
fixAvailable: !!match.autofixPatternId,
|
|
195
|
+
metadata: match.taintPath ? { taintPath: match.taintPath } : undefined,
|
|
196
|
+
}));
|
|
197
|
+
return {
|
|
198
|
+
scanner: "detection",
|
|
199
|
+
findings,
|
|
200
|
+
duration: result.duration,
|
|
201
|
+
success: result.success,
|
|
202
|
+
error: result.errors?.join("; "),
|
|
203
|
+
filesScanned: result.filesAnalyzed,
|
|
204
|
+
rulesUsed: result.matches.map((m) => m.ruleId).filter((v, i, a) => a.indexOf(v) === i),
|
|
205
|
+
};
|
|
206
|
+
}
|
|
207
|
+
catch (error) {
|
|
208
|
+
return {
|
|
209
|
+
scanner: "detection",
|
|
210
|
+
findings: [],
|
|
211
|
+
duration: Date.now() - startTime,
|
|
212
|
+
success: false,
|
|
213
|
+
error: error instanceof Error ? error.message : "Unknown error",
|
|
214
|
+
};
|
|
215
|
+
}
|
|
216
|
+
}
|
|
166
217
|
/**
|
|
167
218
|
* Detect if project uses JavaScript/TypeScript
|
|
168
219
|
*/
|
|
@@ -448,6 +499,7 @@ async function runAllScannersExtended(projectPath, options) {
|
|
|
448
499
|
rust: 0,
|
|
449
500
|
"cargo-audit": 0,
|
|
450
501
|
clippy: 0,
|
|
502
|
+
detection: 0,
|
|
451
503
|
plugin: 0,
|
|
452
504
|
};
|
|
453
505
|
for (const finding of allFindings) {
|
|
@@ -559,6 +611,7 @@ export async function checkScannersAvailable() {
|
|
|
559
611
|
rust: { available: cargoAudit.available || clippy.available, version: cargoAudit.version || clippy.version },
|
|
560
612
|
"cargo-audit": { available: cargoAudit.available, version: cargoAudit.version, error: cargoAudit.error },
|
|
561
613
|
clippy: { available: clippy.available, version: clippy.version, error: clippy.error },
|
|
614
|
+
detection: { available: true, version: "1.0.0" }, // Vaspera detection engine always available
|
|
562
615
|
plugin: { available: true, version: "1.0.0" }, // Plugin loader is always available
|
|
563
616
|
};
|
|
564
617
|
}
|
|
@@ -826,6 +879,16 @@ export function getScannerInstallCommands() {
|
|
|
826
879
|
},
|
|
827
880
|
documentation: "https://github.com/rust-lang/rust-clippy",
|
|
828
881
|
},
|
|
882
|
+
detection: {
|
|
883
|
+
name: "Vaspera Detection Engine",
|
|
884
|
+
description: "Proprietary taint tracking and pattern detection engine",
|
|
885
|
+
installCommands: {
|
|
886
|
+
macos: "Built-in - no installation required",
|
|
887
|
+
linux: "Built-in - no installation required",
|
|
888
|
+
windows: "Built-in - no installation required",
|
|
889
|
+
},
|
|
890
|
+
documentation: "https://github.com/vaspera/hardening-mcp#detection",
|
|
891
|
+
},
|
|
829
892
|
plugin: {
|
|
830
893
|
name: "Custom Plugin",
|
|
831
894
|
description: "Custom scanner plugin loaded from .vaspera/plugins/",
|
|
@@ -882,6 +945,7 @@ export function scannerFindingsToCertificationFindings(scanResult) {
|
|
|
882
945
|
rust: "rs",
|
|
883
946
|
"cargo-audit": "cra",
|
|
884
947
|
clippy: "clp",
|
|
948
|
+
detection: "det",
|
|
885
949
|
};
|
|
886
950
|
const prefix = prefixMap[scanner];
|
|
887
951
|
for (let i = 0; i < scannerFindings.length; i++) {
|