vaspera 2.13.0 → 2.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +78 -0
- package/README.md +15 -2
- package/dist/__tests__/antagonist-integration.test.d.ts +6 -0
- package/dist/__tests__/antagonist-integration.test.d.ts.map +1 -0
- package/dist/__tests__/antagonist-integration.test.js +239 -0
- package/dist/__tests__/antagonist-integration.test.js.map +1 -0
- package/dist/__tests__/certification/agent-certificate-e2e.test.d.ts +2 -0
- package/dist/__tests__/certification/agent-certificate-e2e.test.d.ts.map +1 -0
- package/dist/__tests__/certification/agent-certificate-e2e.test.js +90 -0
- package/dist/__tests__/certification/agent-certificate-e2e.test.js.map +1 -0
- package/dist/__tests__/certification/agent-certificate-map.test.d.ts +2 -0
- package/dist/__tests__/certification/agent-certificate-map.test.d.ts.map +1 -0
- package/dist/__tests__/certification/agent-certificate-map.test.js +107 -0
- package/dist/__tests__/certification/agent-certificate-map.test.js.map +1 -0
- package/dist/__tests__/certification/agent-certificate.test.d.ts +2 -0
- package/dist/__tests__/certification/agent-certificate.test.d.ts.map +1 -0
- package/dist/__tests__/certification/agent-certificate.test.js +78 -0
- package/dist/__tests__/certification/agent-certificate.test.js.map +1 -0
- package/dist/__tests__/certification/verify-endpoint.test.d.ts +2 -0
- package/dist/__tests__/certification/verify-endpoint.test.d.ts.map +1 -0
- package/dist/__tests__/certification/verify-endpoint.test.js +81 -0
- package/dist/__tests__/certification/verify-endpoint.test.js.map +1 -0
- package/dist/__tests__/compliance/ai-frameworks.test.d.ts +2 -0
- package/dist/__tests__/compliance/ai-frameworks.test.d.ts.map +1 -0
- package/dist/__tests__/compliance/ai-frameworks.test.js +87 -0
- package/dist/__tests__/compliance/ai-frameworks.test.js.map +1 -0
- package/dist/__tests__/eval/llm-analyzer.test.d.ts +2 -0
- package/dist/__tests__/eval/llm-analyzer.test.d.ts.map +1 -0
- package/dist/__tests__/eval/llm-analyzer.test.js +93 -0
- package/dist/__tests__/eval/llm-analyzer.test.js.map +1 -0
- package/dist/__tests__/eval/redteam-harness.test.d.ts +2 -0
- package/dist/__tests__/eval/redteam-harness.test.d.ts.map +1 -0
- package/dist/__tests__/eval/redteam-harness.test.js +136 -0
- package/dist/__tests__/eval/redteam-harness.test.js.map +1 -0
- package/dist/__tests__/evidence/evidence.test.d.ts +2 -0
- package/dist/__tests__/evidence/evidence.test.d.ts.map +1 -0
- package/dist/__tests__/evidence/evidence.test.js +240 -0
- package/dist/__tests__/evidence/evidence.test.js.map +1 -0
- package/dist/__tests__/history/decisions.test.d.ts +2 -0
- package/dist/__tests__/history/decisions.test.d.ts.map +1 -0
- package/dist/__tests__/history/decisions.test.js +54 -0
- package/dist/__tests__/history/decisions.test.js.map +1 -0
- package/dist/__tests__/http-auth.test.d.ts +2 -0
- package/dist/__tests__/http-auth.test.d.ts.map +1 -0
- package/dist/__tests__/http-auth.test.js +55 -0
- package/dist/__tests__/http-auth.test.js.map +1 -0
- package/dist/__tests__/http-policy.test.d.ts +2 -0
- package/dist/__tests__/http-policy.test.d.ts.map +1 -0
- package/dist/__tests__/http-policy.test.js +69 -0
- package/dist/__tests__/http-policy.test.js.map +1 -0
- package/dist/__tests__/http-server-transport.test.d.ts +2 -0
- package/dist/__tests__/http-server-transport.test.d.ts.map +1 -0
- package/dist/__tests__/http-server-transport.test.js +132 -0
- package/dist/__tests__/http-server-transport.test.js.map +1 -0
- package/dist/__tests__/integration/destructive-guards.test.d.ts +2 -0
- package/dist/__tests__/integration/destructive-guards.test.d.ts.map +1 -0
- package/dist/__tests__/integration/destructive-guards.test.js +49 -0
- package/dist/__tests__/integration/destructive-guards.test.js.map +1 -0
- package/dist/__tests__/logger-redaction.test.d.ts +2 -0
- package/dist/__tests__/logger-redaction.test.d.ts.map +1 -0
- package/dist/__tests__/logger-redaction.test.js +74 -0
- package/dist/__tests__/logger-redaction.test.js.map +1 -0
- package/dist/__tests__/manifest-schema.test.d.ts +2 -0
- package/dist/__tests__/manifest-schema.test.d.ts.map +1 -0
- package/dist/__tests__/manifest-schema.test.js +43 -0
- package/dist/__tests__/manifest-schema.test.js.map +1 -0
- package/dist/__tests__/scanners/builtin-rules.test.d.ts +2 -0
- package/dist/__tests__/scanners/builtin-rules.test.d.ts.map +1 -0
- package/dist/__tests__/scanners/builtin-rules.test.js +51 -0
- package/dist/__tests__/scanners/builtin-rules.test.js.map +1 -0
- package/dist/__tests__/scanners/runtime/golden-path-runner.test.js +13 -1
- package/dist/__tests__/scanners/runtime/golden-path-runner.test.js.map +1 -1
- package/dist/__tests__/tool-guard.test.d.ts +2 -0
- package/dist/__tests__/tool-guard.test.d.ts.map +1 -0
- package/dist/__tests__/tool-guard.test.js +97 -0
- package/dist/__tests__/tool-guard.test.js.map +1 -0
- package/dist/__tests__/util/contained-file.test.d.ts +2 -0
- package/dist/__tests__/util/contained-file.test.d.ts.map +1 -0
- package/dist/__tests__/util/contained-file.test.js +78 -0
- package/dist/__tests__/util/contained-file.test.js.map +1 -0
- package/dist/__tests__/util/subprocess.test.d.ts +2 -0
- package/dist/__tests__/util/subprocess.test.d.ts.map +1 -0
- package/dist/__tests__/util/subprocess.test.js +48 -0
- package/dist/__tests__/util/subprocess.test.js.map +1 -0
- package/dist/action/diff-mode.d.ts.map +1 -1
- package/dist/action/diff-mode.js +31 -12
- package/dist/action/diff-mode.js.map +1 -1
- package/dist/agents/antagonist/challenger.d.ts +46 -0
- package/dist/agents/antagonist/challenger.d.ts.map +1 -0
- package/dist/agents/antagonist/challenger.js +257 -0
- package/dist/agents/antagonist/challenger.js.map +1 -0
- package/dist/agents/antagonist/index.d.ts +31 -0
- package/dist/agents/antagonist/index.d.ts.map +1 -0
- package/dist/agents/antagonist/index.js +175 -0
- package/dist/agents/antagonist/index.js.map +1 -0
- package/dist/agents/antagonist/prioritizer.d.ts +27 -0
- package/dist/agents/antagonist/prioritizer.d.ts.map +1 -0
- package/dist/agents/antagonist/prioritizer.js +181 -0
- package/dist/agents/antagonist/prioritizer.js.map +1 -0
- package/dist/agents/antagonist/prompts.d.ts +12 -0
- package/dist/agents/antagonist/prompts.d.ts.map +1 -0
- package/dist/agents/antagonist/prompts.js +155 -0
- package/dist/agents/antagonist/prompts.js.map +1 -0
- package/dist/agents/antagonist/synthesizer.d.ts +34 -0
- package/dist/agents/antagonist/synthesizer.d.ts.map +1 -0
- package/dist/agents/antagonist/synthesizer.js +451 -0
- package/dist/agents/antagonist/synthesizer.js.map +1 -0
- package/dist/agents/antagonist/types.d.ts +145 -0
- package/dist/agents/antagonist/types.d.ts.map +1 -0
- package/dist/agents/antagonist/types.js +63 -0
- package/dist/agents/antagonist/types.js.map +1 -0
- package/dist/agents/index.d.ts +1 -0
- package/dist/agents/index.d.ts.map +1 -1
- package/dist/agents/index.js +2 -0
- package/dist/agents/index.js.map +1 -1
- package/dist/certification/agent-certificate-map.d.ts +51 -0
- package/dist/certification/agent-certificate-map.d.ts.map +1 -0
- package/dist/certification/agent-certificate-map.js +265 -0
- package/dist/certification/agent-certificate-map.js.map +1 -0
- package/dist/certification/agent-certificate-sample.d.ts +25 -0
- package/dist/certification/agent-certificate-sample.d.ts.map +1 -0
- package/dist/certification/agent-certificate-sample.js +207 -0
- package/dist/certification/agent-certificate-sample.js.map +1 -0
- package/dist/certification/agent-certificate.d.ts +1981 -0
- package/dist/certification/agent-certificate.d.ts.map +1 -0
- package/dist/certification/agent-certificate.js +309 -0
- package/dist/certification/agent-certificate.js.map +1 -0
- package/dist/certification/autofix.d.ts.map +1 -1
- package/dist/certification/autofix.js +5 -3
- package/dist/certification/autofix.js.map +1 -1
- package/dist/certification/consensus.test.js +2 -0
- package/dist/certification/consensus.test.js.map +1 -1
- package/dist/certification/store.d.ts.map +1 -1
- package/dist/certification/store.js +11 -3
- package/dist/certification/store.js.map +1 -1
- package/dist/certification/types.d.ts +1 -1
- package/dist/certification/types.d.ts.map +1 -1
- package/dist/certification/types.js +2 -0
- package/dist/certification/types.js.map +1 -1
- package/dist/certification/verify-endpoint.d.ts +48 -0
- package/dist/certification/verify-endpoint.d.ts.map +1 -0
- package/dist/certification/verify-endpoint.js +79 -0
- package/dist/certification/verify-endpoint.js.map +1 -0
- package/dist/compliance/index.d.ts +2 -0
- package/dist/compliance/index.d.ts.map +1 -1
- package/dist/compliance/index.js +4 -0
- package/dist/compliance/index.js.map +1 -1
- package/dist/compliance/iso42001.d.ts +21 -0
- package/dist/compliance/iso42001.d.ts.map +1 -0
- package/dist/compliance/iso42001.js +160 -0
- package/dist/compliance/iso42001.js.map +1 -0
- package/dist/compliance/mapper.d.ts.map +1 -1
- package/dist/compliance/mapper.js +12 -0
- package/dist/compliance/mapper.js.map +1 -1
- package/dist/compliance/nist-ai-rmf.d.ts +20 -0
- package/dist/compliance/nist-ai-rmf.d.ts.map +1 -0
- package/dist/compliance/nist-ai-rmf.js +140 -0
- package/dist/compliance/nist-ai-rmf.js.map +1 -0
- package/dist/config/flags.d.ts +4 -4
- package/dist/eval/fixtures.d.ts.map +1 -1
- package/dist/eval/fixtures.js +161 -119
- package/dist/eval/fixtures.js.map +1 -1
- package/dist/eval/fixtures.test.js +4 -2
- package/dist/eval/fixtures.test.js.map +1 -1
- package/dist/eval/llm-analyzer.d.ts +40 -0
- package/dist/eval/llm-analyzer.d.ts.map +1 -0
- package/dist/eval/llm-analyzer.js +154 -0
- package/dist/eval/llm-analyzer.js.map +1 -0
- package/dist/eval/redteam-harness.d.ts +95 -0
- package/dist/eval/redteam-harness.d.ts.map +1 -0
- package/dist/eval/redteam-harness.js +137 -0
- package/dist/eval/redteam-harness.js.map +1 -0
- package/dist/evidence/collector.d.ts.map +1 -1
- package/dist/evidence/collector.js +21 -1
- package/dist/evidence/collector.js.map +1 -1
- package/dist/evidence/store.d.ts.map +1 -1
- package/dist/evidence/store.js +29 -5
- package/dist/evidence/store.js.map +1 -1
- package/dist/evidence/types.d.ts +16 -9
- package/dist/evidence/types.d.ts.map +1 -1
- package/dist/history/decisions.d.ts +63 -0
- package/dist/history/decisions.d.ts.map +1 -0
- package/dist/history/decisions.js +60 -0
- package/dist/history/decisions.js.map +1 -0
- package/dist/history/index.d.ts +2 -0
- package/dist/history/index.d.ts.map +1 -1
- package/dist/history/index.js +2 -0
- package/dist/history/index.js.map +1 -1
- package/dist/history/types.d.ts +34 -5
- package/dist/history/types.d.ts.map +1 -1
- package/dist/history/types.js +2 -0
- package/dist/history/types.js.map +1 -1
- package/dist/http-auth.d.ts +22 -0
- package/dist/http-auth.d.ts.map +1 -0
- package/dist/http-auth.js +58 -0
- package/dist/http-auth.js.map +1 -0
- package/dist/http-policy.d.ts +30 -0
- package/dist/http-policy.d.ts.map +1 -0
- package/dist/http-policy.js +54 -0
- package/dist/http-policy.js.map +1 -0
- package/dist/http-server.js +195 -12
- package/dist/http-server.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +411 -15
- package/dist/index.js.map +1 -1
- package/dist/logger.d.ts.map +1 -1
- package/dist/logger.js +56 -2
- package/dist/logger.js.map +1 -1
- package/dist/plugins/types.d.ts +2 -2
- package/dist/sbom/provenance.test.js +2 -2
- package/dist/sbom/provenance.test.js.map +1 -1
- package/dist/sbom/signing.d.ts.map +1 -1
- package/dist/sbom/signing.js +5 -3
- package/dist/sbom/signing.js.map +1 -1
- package/dist/scanners/agent/prompt-injection-fuzzer.d.ts.map +1 -1
- package/dist/scanners/agent/prompt-injection-fuzzer.js +26 -0
- package/dist/scanners/agent/prompt-injection-fuzzer.js.map +1 -1
- package/dist/scanners/agent/types.d.ts +10 -10
- package/dist/scanners/bandit.d.ts.map +1 -1
- package/dist/scanners/bandit.js +35 -29
- package/dist/scanners/bandit.js.map +1 -1
- package/dist/scanners/binary-analysis.d.ts.map +1 -1
- package/dist/scanners/binary-analysis.js +24 -49
- package/dist/scanners/binary-analysis.js.map +1 -1
- package/dist/scanners/brakeman.d.ts.map +1 -1
- package/dist/scanners/brakeman.js +19 -33
- package/dist/scanners/brakeman.js.map +1 -1
- package/dist/scanners/builtin-rules.d.ts +24 -0
- package/dist/scanners/builtin-rules.d.ts.map +1 -0
- package/dist/scanners/builtin-rules.js +175 -0
- package/dist/scanners/builtin-rules.js.map +1 -0
- package/dist/scanners/dast.d.ts.map +1 -1
- package/dist/scanners/dast.js +24 -34
- package/dist/scanners/dast.js.map +1 -1
- package/dist/scanners/deploy/types.d.ts +6 -6
- package/dist/scanners/eslint.d.ts.map +1 -1
- package/dist/scanners/eslint.js +15 -24
- package/dist/scanners/eslint.js.map +1 -1
- package/dist/scanners/gosec.d.ts.map +1 -1
- package/dist/scanners/gosec.js +14 -62
- package/dist/scanners/gosec.js.map +1 -1
- package/dist/scanners/index.d.ts.map +1 -1
- package/dist/scanners/index.js +38 -7
- package/dist/scanners/index.js.map +1 -1
- package/dist/scanners/memory-safety.d.ts.map +1 -1
- package/dist/scanners/memory-safety.js +27 -28
- package/dist/scanners/memory-safety.js.map +1 -1
- package/dist/scanners/openapi.d.ts.map +1 -1
- package/dist/scanners/openapi.js +14 -22
- package/dist/scanners/openapi.js.map +1 -1
- package/dist/scanners/race-condition.d.ts.map +1 -1
- package/dist/scanners/race-condition.js +17 -16
- package/dist/scanners/race-condition.js.map +1 -1
- package/dist/scanners/runtime/types.d.ts +4 -4
- package/dist/scanners/rust.d.ts.map +1 -1
- package/dist/scanners/rust.js +38 -37
- package/dist/scanners/rust.js.map +1 -1
- package/dist/scanners/scale/types.d.ts +16 -16
- package/dist/scanners/secrets.d.ts.map +1 -1
- package/dist/scanners/secrets.js +66 -78
- package/dist/scanners/secrets.js.map +1 -1
- package/dist/scanners/semgrep.d.ts +2 -0
- package/dist/scanners/semgrep.d.ts.map +1 -1
- package/dist/scanners/semgrep.js +12 -0
- package/dist/scanners/semgrep.js.map +1 -1
- package/dist/scanners/terraform.d.ts.map +1 -1
- package/dist/scanners/terraform.js +47 -40
- package/dist/scanners/terraform.js.map +1 -1
- package/dist/scanners/trivy.d.ts.map +1 -1
- package/dist/scanners/trivy.js +38 -30
- package/dist/scanners/trivy.js.map +1 -1
- package/dist/tool-guard.d.ts +40 -0
- package/dist/tool-guard.d.ts.map +1 -0
- package/dist/tool-guard.js +55 -0
- package/dist/tool-guard.js.map +1 -0
- package/dist/util/index.d.ts +2 -1
- package/dist/util/index.d.ts.map +1 -1
- package/dist/util/index.js +2 -1
- package/dist/util/index.js.map +1 -1
- package/dist/util/paths.d.ts +20 -3
- package/dist/util/paths.d.ts.map +1 -1
- package/dist/util/paths.js +84 -4
- package/dist/util/paths.js.map +1 -1
- package/dist/util/subprocess.d.ts +51 -0
- package/dist/util/subprocess.d.ts.map +1 -0
- package/dist/util/subprocess.js +77 -0
- package/dist/util/subprocess.js.map +1 -0
- package/package.json +12 -2
- package/dist/eval/fixtures/healthcare/audit-gaps.d.ts +0 -28
- package/dist/eval/fixtures/healthcare/audit-gaps.d.ts.map +0 -1
- package/dist/eval/fixtures/healthcare/audit-gaps.js +0 -90
- package/dist/eval/fixtures/healthcare/audit-gaps.js.map +0 -1
- package/dist/eval/fixtures/healthcare/consent-bypass.d.ts +0 -31
- package/dist/eval/fixtures/healthcare/consent-bypass.d.ts.map +0 -1
- package/dist/eval/fixtures/healthcare/consent-bypass.js +0 -61
- package/dist/eval/fixtures/healthcare/consent-bypass.js.map +0 -1
- package/dist/eval/fixtures/healthcare/phi-in-logs.d.ts +0 -24
- package/dist/eval/fixtures/healthcare/phi-in-logs.d.ts.map +0 -1
- package/dist/eval/fixtures/healthcare/phi-in-logs.js +0 -41
- package/dist/eval/fixtures/healthcare/phi-in-logs.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rust.d.ts","sourceRoot":"","sources":["../../src/scanners/rust.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,OAAO,KAAK,EAAwB,aAAa,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"rust.d.ts","sourceRoot":"","sources":["../../src/scanners/rust.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,OAAO,KAAK,EAAwB,aAAa,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAiE3F,wBAAsB,wBAAwB,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAc7E;AAED,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAczE;AAgBD,wBAAsB,aAAa,CACjC,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAC7B,OAAO,CAAC,aAAa,CAAC,CAgFxB;AAED,wBAAsB,SAAS,CAC7B,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAC7B,OAAO,CAAC,aAAa,CAAC,CA4FxB;AAED,wBAAsB,eAAe,CACnC,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAC7B,OAAO,CAAC,aAAa,CAAC,CAkBxB;AAED,wBAAsB,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAOtE"}
|
package/dist/scanners/rust.js
CHANGED
|
@@ -6,44 +6,39 @@
|
|
|
6
6
|
*
|
|
7
7
|
* @module scanners/rust
|
|
8
8
|
*/
|
|
9
|
-
import { exec } from "child_process";
|
|
10
|
-
import { promisify } from "util";
|
|
11
9
|
import { access } from "fs/promises";
|
|
12
10
|
import { join } from "path";
|
|
13
|
-
|
|
11
|
+
import { runCommand, probeBinary } from "../util/subprocess.js";
|
|
12
|
+
import { parseJson } from "../util/json.js";
|
|
14
13
|
export async function checkCargoAuditAvailable() {
|
|
15
|
-
|
|
16
|
-
|
|
14
|
+
const version = await probeBinary("cargo", ["audit", "--version"], 10000);
|
|
15
|
+
if (version !== null) {
|
|
17
16
|
return {
|
|
18
17
|
scanner: "cargo-audit",
|
|
19
18
|
available: true,
|
|
20
|
-
version
|
|
21
|
-
};
|
|
22
|
-
}
|
|
23
|
-
catch {
|
|
24
|
-
return {
|
|
25
|
-
scanner: "cargo-audit",
|
|
26
|
-
available: false,
|
|
27
|
-
error: "cargo-audit not found. Install with: cargo install cargo-audit",
|
|
19
|
+
version,
|
|
28
20
|
};
|
|
29
21
|
}
|
|
22
|
+
return {
|
|
23
|
+
scanner: "cargo-audit",
|
|
24
|
+
available: false,
|
|
25
|
+
error: "cargo-audit not found. Install with: cargo install cargo-audit",
|
|
26
|
+
};
|
|
30
27
|
}
|
|
31
28
|
export async function checkClippyAvailable() {
|
|
32
|
-
|
|
33
|
-
|
|
29
|
+
const version = await probeBinary("cargo", ["clippy", "--version"], 10000);
|
|
30
|
+
if (version !== null) {
|
|
34
31
|
return {
|
|
35
32
|
scanner: "clippy",
|
|
36
33
|
available: true,
|
|
37
|
-
version
|
|
38
|
-
};
|
|
39
|
-
}
|
|
40
|
-
catch {
|
|
41
|
-
return {
|
|
42
|
-
scanner: "clippy",
|
|
43
|
-
available: false,
|
|
44
|
-
error: "clippy not found. Install with: rustup component add clippy",
|
|
34
|
+
version,
|
|
45
35
|
};
|
|
46
36
|
}
|
|
37
|
+
return {
|
|
38
|
+
scanner: "clippy",
|
|
39
|
+
available: false,
|
|
40
|
+
error: "clippy not found. Install with: rustup component add clippy",
|
|
41
|
+
};
|
|
47
42
|
}
|
|
48
43
|
function mapAuditSeverity(severity) {
|
|
49
44
|
switch (severity.toLowerCase()) {
|
|
@@ -71,16 +66,14 @@ export async function runCargoAudit(projectPath, options) {
|
|
|
71
66
|
error: availability.error,
|
|
72
67
|
};
|
|
73
68
|
}
|
|
74
|
-
|
|
69
|
+
// cargo audit exits non-zero when vulnerabilities are found;
|
|
70
|
+
// runCommand tolerates non-zero exits that still produced stdout.
|
|
71
|
+
const { stdout } = await runCommand("cargo", ["audit", "--json"], {
|
|
72
|
+
cwd: projectPath,
|
|
75
73
|
timeout: options?.timeout || 120000,
|
|
76
74
|
maxBuffer: 10 * 1024 * 1024,
|
|
77
|
-
}).catch((error) => {
|
|
78
|
-
if (error.stdout) {
|
|
79
|
-
return { stdout: error.stdout, stderr: error.stderr || "" };
|
|
80
|
-
}
|
|
81
|
-
throw error;
|
|
82
75
|
});
|
|
83
|
-
const output =
|
|
76
|
+
const output = parseJson(stdout, "cargo-audit output");
|
|
84
77
|
const findings = [];
|
|
85
78
|
for (const vuln of output.vulnerabilities.list) {
|
|
86
79
|
findings.push({
|
|
@@ -149,20 +142,28 @@ export async function runClippy(projectPath, options) {
|
|
|
149
142
|
error: availability.error,
|
|
150
143
|
};
|
|
151
144
|
}
|
|
152
|
-
|
|
145
|
+
// clippy exits non-zero when lints are denied; runCommand tolerates
|
|
146
|
+
// non-zero exits that still produced stdout.
|
|
147
|
+
const { stdout } = await runCommand("cargo", [
|
|
148
|
+
"clippy",
|
|
149
|
+
"--message-format=json",
|
|
150
|
+
"--",
|
|
151
|
+
"-W",
|
|
152
|
+
"clippy::all",
|
|
153
|
+
"-W",
|
|
154
|
+
"clippy::pedantic",
|
|
155
|
+
"-W",
|
|
156
|
+
"clippy::nursery",
|
|
157
|
+
], {
|
|
158
|
+
cwd: projectPath,
|
|
153
159
|
timeout: options?.timeout || 300000,
|
|
154
160
|
maxBuffer: 50 * 1024 * 1024,
|
|
155
|
-
}).catch((error) => {
|
|
156
|
-
if (error.stdout) {
|
|
157
|
-
return { stdout: error.stdout, stderr: error.stderr || "" };
|
|
158
|
-
}
|
|
159
|
-
throw error;
|
|
160
161
|
});
|
|
161
162
|
const findings = [];
|
|
162
163
|
const lines = stdout.split("\n").filter((l) => l.trim());
|
|
163
164
|
for (const line of lines) {
|
|
164
165
|
try {
|
|
165
|
-
const msg =
|
|
166
|
+
const msg = parseJson(line, "clippy output");
|
|
166
167
|
if (msg.reason === "compiler-message" && msg.message && msg.message.spans?.length > 0) {
|
|
167
168
|
const primarySpan = msg.message.spans.find((s) => s.is_primary) || msg.message.spans[0];
|
|
168
169
|
// Only include security-relevant lints
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rust.js","sourceRoot":"","sources":["../../src/scanners/rust.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"rust.js","sourceRoot":"","sources":["../../src/scanners/rust.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAkE5C,MAAM,CAAC,KAAK,UAAU,wBAAwB;IAC5C,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,WAAW,CAAC,EAAE,KAAK,CAAC,CAAC;IAC1E,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACrB,OAAO;YACL,OAAO,EAAE,aAAa;YACtB,SAAS,EAAE,IAAI;YACf,OAAO;SACR,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,EAAE,aAAa;QACtB,SAAS,EAAE,KAAK;QAChB,KAAK,EAAE,gEAAgE;KACxE,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB;IACxC,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,KAAK,CAAC,CAAC;IAC3E,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACrB,OAAO;YACL,OAAO,EAAE,QAAQ;YACjB,SAAS,EAAE,IAAI;YACf,OAAO;SACR,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,EAAE,QAAQ;QACjB,SAAS,EAAE,KAAK;QAChB,KAAK,EAAE,6DAA6D;KACrE,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAgB;IACxC,QAAQ,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/B,KAAK,UAAU;YACb,OAAO,UAAU,CAAC;QACpB,KAAK,MAAM;YACT,OAAO,MAAM,CAAC;QAChB,KAAK,QAAQ,CAAC;QACd,KAAK,UAAU;YACb,OAAO,QAAQ,CAAC;QAClB;YACE,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,WAAmB,EACnB,OAA8B;IAE9B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,wBAAwB,EAAE,CAAC;QACtD,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,aAAa;gBACtB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,YAAY,CAAC,KAAK;aAC1B,CAAC;QACJ,CAAC;QAED,6DAA6D;QAC7D,kEAAkE;QAClE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE;YAChE,GAAG,EAAE,WAAW;YAChB,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,MAAM;YACnC,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;SAC5B,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,SAAS,CAAmB,MAAM,EAAE,oBAAoB,CAAC,CAAC;QACzE,MAAM,QAAQ,GAA2B,EAAE,CAAC;QAE5C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,aAAsB;gBAC/B,MAAM,EAAE,eAAe,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;gBACzC,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC;gBACP,OAAO,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE;gBACjF,QAAQ,EAAE,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAClD,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE;oBACR,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI;oBAC1B,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO;oBAC7B,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG;oBAC9B,eAAe,EAAE,IAAI,CAAC,QAAQ,CAAC,OAAO;oBACtC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;oBACxB,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW;iBACvC;aACF,CAAC,CAAC;QACL,CAAC;QAED,yCAAyC;QACzC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,YAAY,IAAI,EAAE,EAAE,CAAC;YACtD,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,aAAsB;gBAC/B,MAAM,EAAE,eAAe,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;gBACzC,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC;gBACP,OAAO,EAAE,yBAAyB,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE;gBACtG,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE;oBACR,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI;oBAC1B,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO;oBAC7B,IAAI,EAAE,cAAc;iBACrB;aACF,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,OAAO,EAAE,aAAa;YACtB,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,YAAY,CAAC,OAAO;SAC9B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,aAAa;YACtB,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,WAAmB,EACnB,OAA8B;IAE9B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,oBAAoB,EAAE,CAAC;QAClD,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,QAAQ;gBACjB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,YAAY,CAAC,KAAK;aAC1B,CAAC;QACJ,CAAC;QAED,oEAAoE;QACpE,6CAA6C;QAC7C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,UAAU,CACjC,OAAO,EACP;YACE,QAAQ;YACR,uBAAuB;YACvB,IAAI;YACJ,IAAI;YACJ,aAAa;YACb,IAAI;YACJ,kBAAkB;YAClB,IAAI;YACJ,iBAAiB;SAClB,EACD;YACE,GAAG,EAAE,WAAW;YAChB,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,MAAM;YACnC,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;SAC5B,CACF,CAAC;QAEF,MAAM,QAAQ,GAA2B,EAAE,CAAC;QAC5C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAEjE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,SAAS,CAAgB,IAAI,EAAE,eAAe,CAAC,CAAC;gBAC5D,IAAI,GAAG,CAAC,MAAM,KAAK,kBAAkB,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,CAAC,EAAE,CAAC;oBACtF,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAExF,uCAAuC;oBACvC,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC;oBAC1C,MAAM,kBAAkB,GACtB,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;wBACvB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;wBACtB,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;wBACvB,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;wBACvB,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;wBAC1B,GAAG,CAAC,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC;oBAEhC,IAAI,kBAAkB,EAAE,CAAC;wBACvB,QAAQ,CAAC,IAAI,CAAC;4BACZ,OAAO,EAAE,QAAiB;4BAC1B,MAAM,EAAE,UAAU,IAAI,EAAE;4BACxB,IAAI,EAAE,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,WAAW,GAAG,GAAG,EAAE,EAAE,CAAC;4BAC1D,IAAI,EAAE,WAAW,CAAC,UAAU;4BAC5B,OAAO,EAAE,WAAW,CAAC,QAAQ;4BAC7B,MAAM,EAAE,WAAW,CAAC,YAAY;4BAChC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;4BAC5B,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;4BAC3D,UAAU,EAAE,GAAG;4BACf,QAAQ,EAAE,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI;yBACtC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,sBAAsB;YACxB,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,QAAQ;YACjB,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,YAAY,CAAC,OAAO;SAC9B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,QAAQ;YACjB,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,WAAmB,EACnB,OAA8B;IAE9B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,MAAM,CAAC,WAAW,EAAE,YAAY,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACpD,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC;QACnC,SAAS,CAAC,WAAW,EAAE,OAAO,CAAC;KAChC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,CAAC,GAAG,WAAW,CAAC,QAAQ,EAAE,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACrE,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,IAAI,YAAY,CAAC,OAAO,CAAC;IAE5D,OAAO;QACL,OAAO,EAAE,MAAM;QACf,QAAQ;QACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;QAChC,OAAO;QACP,KAAK,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,4BAA4B,CAAC,CAAC,CAAC,SAAS;KAC3D,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}
|
|
@@ -37,8 +37,8 @@ export declare const EndpointSchema: z.ZodObject<{
|
|
|
37
37
|
errorRate?: number | undefined;
|
|
38
38
|
}>>;
|
|
39
39
|
}, "strip", z.ZodTypeAny, {
|
|
40
|
-
path: string;
|
|
41
40
|
method: "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
|
|
41
|
+
path: string;
|
|
42
42
|
weight: number;
|
|
43
43
|
headers?: Record<string, string> | undefined;
|
|
44
44
|
body?: Record<string, unknown> | undefined;
|
|
@@ -49,9 +49,9 @@ export declare const EndpointSchema: z.ZodObject<{
|
|
|
49
49
|
} | undefined;
|
|
50
50
|
}, {
|
|
51
51
|
path: string;
|
|
52
|
+
method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
|
|
52
53
|
headers?: Record<string, string> | undefined;
|
|
53
54
|
body?: Record<string, unknown> | undefined;
|
|
54
|
-
method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
|
|
55
55
|
thresholds?: {
|
|
56
56
|
p95?: number | undefined;
|
|
57
57
|
p99?: number | undefined;
|
|
@@ -97,8 +97,8 @@ export declare const ScenarioSchema: z.ZodObject<{
|
|
|
97
97
|
errorRate?: number | undefined;
|
|
98
98
|
}>>;
|
|
99
99
|
}, "strip", z.ZodTypeAny, {
|
|
100
|
-
path: string;
|
|
101
100
|
method: "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
|
|
101
|
+
path: string;
|
|
102
102
|
weight: number;
|
|
103
103
|
headers?: Record<string, string> | undefined;
|
|
104
104
|
body?: Record<string, unknown> | undefined;
|
|
@@ -109,9 +109,9 @@ export declare const ScenarioSchema: z.ZodObject<{
|
|
|
109
109
|
} | undefined;
|
|
110
110
|
}, {
|
|
111
111
|
path: string;
|
|
112
|
+
method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
|
|
112
113
|
headers?: Record<string, string> | undefined;
|
|
113
114
|
body?: Record<string, unknown> | undefined;
|
|
114
|
-
method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
|
|
115
115
|
thresholds?: {
|
|
116
116
|
p95?: number | undefined;
|
|
117
117
|
p99?: number | undefined;
|
|
@@ -128,8 +128,8 @@ export declare const ScenarioSchema: z.ZodObject<{
|
|
|
128
128
|
start: number;
|
|
129
129
|
};
|
|
130
130
|
endpoints?: {
|
|
131
|
-
path: string;
|
|
132
131
|
method: "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
|
|
132
|
+
path: string;
|
|
133
133
|
weight: number;
|
|
134
134
|
headers?: Record<string, string> | undefined;
|
|
135
135
|
body?: Record<string, unknown> | undefined;
|
|
@@ -149,9 +149,9 @@ export declare const ScenarioSchema: z.ZodObject<{
|
|
|
149
149
|
type?: "ramp" | "spike" | "soak" | "stress" | "breakpoint" | undefined;
|
|
150
150
|
endpoints?: {
|
|
151
151
|
path: string;
|
|
152
|
+
method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
|
|
152
153
|
headers?: Record<string, string> | undefined;
|
|
153
154
|
body?: Record<string, unknown> | undefined;
|
|
154
|
-
method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
|
|
155
155
|
thresholds?: {
|
|
156
156
|
p95?: number | undefined;
|
|
157
157
|
p99?: number | undefined;
|
|
@@ -203,8 +203,8 @@ export declare const LoadProfileSchema: z.ZodObject<{
|
|
|
203
203
|
errorRate?: number | undefined;
|
|
204
204
|
}>>;
|
|
205
205
|
}, "strip", z.ZodTypeAny, {
|
|
206
|
-
path: string;
|
|
207
206
|
method: "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
|
|
207
|
+
path: string;
|
|
208
208
|
weight: number;
|
|
209
209
|
headers?: Record<string, string> | undefined;
|
|
210
210
|
body?: Record<string, unknown> | undefined;
|
|
@@ -215,9 +215,9 @@ export declare const LoadProfileSchema: z.ZodObject<{
|
|
|
215
215
|
} | undefined;
|
|
216
216
|
}, {
|
|
217
217
|
path: string;
|
|
218
|
+
method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
|
|
218
219
|
headers?: Record<string, string> | undefined;
|
|
219
220
|
body?: Record<string, unknown> | undefined;
|
|
220
|
-
method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
|
|
221
221
|
thresholds?: {
|
|
222
222
|
p95?: number | undefined;
|
|
223
223
|
p99?: number | undefined;
|
|
@@ -234,8 +234,8 @@ export declare const LoadProfileSchema: z.ZodObject<{
|
|
|
234
234
|
start: number;
|
|
235
235
|
};
|
|
236
236
|
endpoints?: {
|
|
237
|
-
path: string;
|
|
238
237
|
method: "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
|
|
238
|
+
path: string;
|
|
239
239
|
weight: number;
|
|
240
240
|
headers?: Record<string, string> | undefined;
|
|
241
241
|
body?: Record<string, unknown> | undefined;
|
|
@@ -255,9 +255,9 @@ export declare const LoadProfileSchema: z.ZodObject<{
|
|
|
255
255
|
type?: "ramp" | "spike" | "soak" | "stress" | "breakpoint" | undefined;
|
|
256
256
|
endpoints?: {
|
|
257
257
|
path: string;
|
|
258
|
+
method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
|
|
258
259
|
headers?: Record<string, string> | undefined;
|
|
259
260
|
body?: Record<string, unknown> | undefined;
|
|
260
|
-
method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
|
|
261
261
|
thresholds?: {
|
|
262
262
|
p95?: number | undefined;
|
|
263
263
|
p99?: number | undefined;
|
|
@@ -302,8 +302,8 @@ export declare const LoadProfileSchema: z.ZodObject<{
|
|
|
302
302
|
errorRate?: number | undefined;
|
|
303
303
|
}>>;
|
|
304
304
|
}, "strip", z.ZodTypeAny, {
|
|
305
|
-
path: string;
|
|
306
305
|
method: "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
|
|
306
|
+
path: string;
|
|
307
307
|
weight: number;
|
|
308
308
|
headers?: Record<string, string> | undefined;
|
|
309
309
|
body?: Record<string, unknown> | undefined;
|
|
@@ -314,9 +314,9 @@ export declare const LoadProfileSchema: z.ZodObject<{
|
|
|
314
314
|
} | undefined;
|
|
315
315
|
}, {
|
|
316
316
|
path: string;
|
|
317
|
+
method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
|
|
317
318
|
headers?: Record<string, string> | undefined;
|
|
318
319
|
body?: Record<string, unknown> | undefined;
|
|
319
|
-
method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
|
|
320
320
|
thresholds?: {
|
|
321
321
|
p95?: number | undefined;
|
|
322
322
|
p99?: number | undefined;
|
|
@@ -336,8 +336,8 @@ export declare const LoadProfileSchema: z.ZodObject<{
|
|
|
336
336
|
start: number;
|
|
337
337
|
};
|
|
338
338
|
endpoints?: {
|
|
339
|
-
path: string;
|
|
340
339
|
method: "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
|
|
340
|
+
path: string;
|
|
341
341
|
weight: number;
|
|
342
342
|
headers?: Record<string, string> | undefined;
|
|
343
343
|
body?: Record<string, unknown> | undefined;
|
|
@@ -357,8 +357,8 @@ export declare const LoadProfileSchema: z.ZodObject<{
|
|
|
357
357
|
} | undefined;
|
|
358
358
|
baseUrl?: string | undefined;
|
|
359
359
|
endpoints?: {
|
|
360
|
-
path: string;
|
|
361
360
|
method: "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
|
|
361
|
+
path: string;
|
|
362
362
|
weight: number;
|
|
363
363
|
headers?: Record<string, string> | undefined;
|
|
364
364
|
body?: Record<string, unknown> | undefined;
|
|
@@ -380,9 +380,9 @@ export declare const LoadProfileSchema: z.ZodObject<{
|
|
|
380
380
|
type?: "ramp" | "spike" | "soak" | "stress" | "breakpoint" | undefined;
|
|
381
381
|
endpoints?: {
|
|
382
382
|
path: string;
|
|
383
|
+
method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
|
|
383
384
|
headers?: Record<string, string> | undefined;
|
|
384
385
|
body?: Record<string, unknown> | undefined;
|
|
385
|
-
method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
|
|
386
386
|
thresholds?: {
|
|
387
387
|
p95?: number | undefined;
|
|
388
388
|
p99?: number | undefined;
|
|
@@ -402,9 +402,9 @@ export declare const LoadProfileSchema: z.ZodObject<{
|
|
|
402
402
|
baseUrl?: string | undefined;
|
|
403
403
|
endpoints?: {
|
|
404
404
|
path: string;
|
|
405
|
+
method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
|
|
405
406
|
headers?: Record<string, string> | undefined;
|
|
406
407
|
body?: Record<string, unknown> | undefined;
|
|
407
|
-
method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
|
|
408
408
|
thresholds?: {
|
|
409
409
|
p95?: number | undefined;
|
|
410
410
|
p99?: number | undefined;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/scanners/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;
|
|
1
|
+
{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/scanners/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,OAAO,KAAK,EAAwB,aAAa,EAAE,MAAM,YAAY,CAAC;AA4ItE;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAgBnF;AAmPD;;GAEG;AACH,wBAAsB,sBAAsB,IAAI,OAAO,CAAC;IACtD,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC,CAMD"}
|
package/dist/scanners/secrets.js
CHANGED
|
@@ -9,9 +9,10 @@
|
|
|
9
9
|
*
|
|
10
10
|
* @module scanners/secrets
|
|
11
11
|
*/
|
|
12
|
-
import spawn from "cross-spawn";
|
|
13
12
|
import { readFile, readdir, stat } from "fs/promises";
|
|
14
13
|
import { join, relative, extname } from "path";
|
|
14
|
+
import { runCommand, probeBinary, CommandError } from "../util/subprocess.js";
|
|
15
|
+
import { parseJson } from "../util/json.js";
|
|
15
16
|
import { logger } from "../logger.js";
|
|
16
17
|
/**
|
|
17
18
|
* Secret detection patterns (fallback when gitleaks not available)
|
|
@@ -152,71 +153,73 @@ async function runGitleaks(projectPath, startTime) {
|
|
|
152
153
|
catch {
|
|
153
154
|
// No config file, use defaults
|
|
154
155
|
}
|
|
155
|
-
|
|
156
|
-
|
|
156
|
+
let stdout = "";
|
|
157
|
+
let exitCode;
|
|
158
|
+
try {
|
|
159
|
+
// gitleaks returns 1 if secrets found, 0 if clean; runCommand
|
|
160
|
+
// tolerates non-zero exits that still produced stdout.
|
|
161
|
+
const result = await runCommand("gitleaks", args, {
|
|
157
162
|
cwd: projectPath,
|
|
158
163
|
timeout: 120000, // 2 minute timeout
|
|
159
164
|
});
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
try {
|
|
172
|
-
const results = JSON.parse(stdout);
|
|
173
|
-
for (const result of results) {
|
|
174
|
-
const relativePath = relative(projectPath, result.File) || result.File;
|
|
175
|
-
findings.push({
|
|
176
|
-
scanner: "gitleaks",
|
|
177
|
-
ruleId: `gitleaks:${result.RuleID}`,
|
|
178
|
-
file: relativePath,
|
|
179
|
-
line: result.StartLine,
|
|
180
|
-
column: result.StartColumn,
|
|
181
|
-
endLine: result.EndLine,
|
|
182
|
-
endColumn: result.EndColumn,
|
|
183
|
-
message: result.Description,
|
|
184
|
-
severity: "critical", // All secrets are critical
|
|
185
|
-
confidence: 100,
|
|
186
|
-
evidence: redactSecret(result.Match),
|
|
187
|
-
metadata: {
|
|
188
|
-
entropy: result.Entropy,
|
|
189
|
-
fingerprint: result.Fingerprint,
|
|
190
|
-
tags: result.Tags,
|
|
191
|
-
},
|
|
192
|
-
});
|
|
193
|
-
}
|
|
194
|
-
}
|
|
195
|
-
catch (parseError) {
|
|
196
|
-
// Empty array or parsing failed
|
|
197
|
-
logger.debug("scanners.gitleaks_parse_error", {
|
|
198
|
-
error: parseError instanceof Error ? parseError.message : String(parseError),
|
|
199
|
-
});
|
|
200
|
-
}
|
|
201
|
-
}
|
|
202
|
-
resolve({
|
|
203
|
-
scanner: "gitleaks",
|
|
204
|
-
findings,
|
|
205
|
-
duration: Date.now() - startTime,
|
|
206
|
-
success: true,
|
|
207
|
-
exitCode: code ?? undefined,
|
|
208
|
-
});
|
|
209
|
-
});
|
|
210
|
-
child.on("error", (err) => {
|
|
211
|
-
resolve({
|
|
165
|
+
stdout = result.stdout;
|
|
166
|
+
exitCode = result.exitCode;
|
|
167
|
+
}
|
|
168
|
+
catch (err) {
|
|
169
|
+
if (err instanceof CommandError && err.exitCode !== null) {
|
|
170
|
+
// Ran but exited non-zero without findings output — keep the
|
|
171
|
+
// historical "scan completed" behavior.
|
|
172
|
+
exitCode = err.exitCode;
|
|
173
|
+
}
|
|
174
|
+
else {
|
|
175
|
+
return {
|
|
212
176
|
scanner: "gitleaks",
|
|
213
177
|
findings: [],
|
|
214
178
|
duration: Date.now() - startTime,
|
|
215
179
|
success: false,
|
|
216
|
-
error: err.message,
|
|
180
|
+
error: err instanceof Error ? err.message : String(err),
|
|
181
|
+
};
|
|
182
|
+
}
|
|
183
|
+
}
|
|
184
|
+
if (stdout) {
|
|
185
|
+
try {
|
|
186
|
+
const results = parseJson(stdout, "gitleaks output");
|
|
187
|
+
for (const result of results) {
|
|
188
|
+
const relativePath = relative(projectPath, result.File) || result.File;
|
|
189
|
+
findings.push({
|
|
190
|
+
scanner: "gitleaks",
|
|
191
|
+
ruleId: `gitleaks:${result.RuleID}`,
|
|
192
|
+
file: relativePath,
|
|
193
|
+
line: result.StartLine,
|
|
194
|
+
column: result.StartColumn,
|
|
195
|
+
endLine: result.EndLine,
|
|
196
|
+
endColumn: result.EndColumn,
|
|
197
|
+
message: result.Description,
|
|
198
|
+
severity: "critical", // All secrets are critical
|
|
199
|
+
confidence: 100,
|
|
200
|
+
evidence: redactSecret(result.Match),
|
|
201
|
+
metadata: {
|
|
202
|
+
entropy: result.Entropy,
|
|
203
|
+
fingerprint: result.Fingerprint,
|
|
204
|
+
tags: result.Tags,
|
|
205
|
+
},
|
|
206
|
+
});
|
|
207
|
+
}
|
|
208
|
+
}
|
|
209
|
+
catch (parseError) {
|
|
210
|
+
// Empty array or parsing failed
|
|
211
|
+
logger.debug("scanners.gitleaks_parse_error", {
|
|
212
|
+
error: parseError instanceof Error ? parseError.message : String(parseError),
|
|
217
213
|
});
|
|
218
|
-
}
|
|
219
|
-
}
|
|
214
|
+
}
|
|
215
|
+
}
|
|
216
|
+
return {
|
|
217
|
+
scanner: "gitleaks",
|
|
218
|
+
findings,
|
|
219
|
+
duration: Date.now() - startTime,
|
|
220
|
+
success: true,
|
|
221
|
+
exitCode,
|
|
222
|
+
};
|
|
220
223
|
}
|
|
221
224
|
/**
|
|
222
225
|
* Run regex-based secret detection (fallback)
|
|
@@ -354,25 +357,10 @@ function redactSecret(secret) {
|
|
|
354
357
|
* Check if gitleaks is available
|
|
355
358
|
*/
|
|
356
359
|
export async function checkGitleaksAvailable() {
|
|
357
|
-
|
|
358
|
-
|
|
359
|
-
|
|
360
|
-
|
|
361
|
-
|
|
362
|
-
child.stdout?.on("data", (data) => {
|
|
363
|
-
version += data.toString().trim();
|
|
364
|
-
});
|
|
365
|
-
child.on("close", (code) => {
|
|
366
|
-
if (code === 0 && version) {
|
|
367
|
-
resolve({ available: true, version });
|
|
368
|
-
}
|
|
369
|
-
else {
|
|
370
|
-
resolve({ available: false, error: "gitleaks not found" });
|
|
371
|
-
}
|
|
372
|
-
});
|
|
373
|
-
child.on("error", () => {
|
|
374
|
-
resolve({ available: false, error: "gitleaks not found" });
|
|
375
|
-
});
|
|
376
|
-
});
|
|
360
|
+
const version = await probeBinary("gitleaks", ["version"]);
|
|
361
|
+
if (version) {
|
|
362
|
+
return { available: true, version };
|
|
363
|
+
}
|
|
364
|
+
return { available: false, error: "gitleaks not found" };
|
|
377
365
|
}
|
|
378
366
|
//# sourceMappingURL=secrets.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/scanners/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,
|
|
1
|
+
{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/scanners/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAC9E,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAE5C,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AA0BtC;;GAEG;AACH,MAAM,eAAe,GAIhB;IACH;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,mBAAmB;QAC5B,WAAW,EAAE,mBAAmB;KACjC;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,oBAAoB;QAC7B,WAAW,EAAE,iCAAiC;KAC/C;IACD;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,8BAA8B;QACvC,WAAW,EAAE,8BAA8B;KAC5C;IACD;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,wBAAwB;QACjC,WAAW,EAAE,oBAAoB;KAClC;IACD;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,2BAA2B;QACpC,WAAW,EAAE,mBAAmB;KACjC;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,2BAA2B;QACpC,WAAW,EAAE,wDAAwD;KACtE;IACD;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,+BAA+B;QACxC,WAAW,EAAE,aAAa;KAC3B;IACD;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,sFAAsF;QAC/F,WAAW,EAAE,mBAAmB;KACjC;IACD;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,qBAAqB;QAC9B,WAAW,EAAE,gBAAgB;KAC9B;IACD;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,0BAA0B;QACnC,WAAW,EAAE,mBAAmB;KACjC;IACD;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,uDAAuD;QAChE,WAAW,EAAE,+BAA+B;KAC7C;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,kGAAkG;QAC3G,WAAW,EAAE,4BAA4B;KAC1C;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,6FAA6F;QACtG,WAAW,EAAE,2BAA2B;KACzC;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,wFAAwF;QACjG,WAAW,EAAE,oBAAoB;KAClC;IACD;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,yDAAyD;QAClE,WAAW,EAAE,oBAAoB;KAClC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,aAAa,GAAG;IACpB,cAAc;IACd,SAAS;IACT,QAAQ;IACR,SAAS;IACT,YAAY;IACZ,SAAS;IACT,SAAS;IACT,SAAS;IACT,UAAU;IACV,UAAU;CACX,CAAC;AAEF;;GAEG;AACH,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO;IACjC,MAAM,EAAE,cAAc,EAAE,YAAY,EAAE,kBAAkB;IACxD,KAAK,EAAE,OAAO,EAAE,MAAM;IACtB,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO;IAC5B,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO;CAC/C,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IACzD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,qBAAqB;IACrB,MAAM,iBAAiB,GAAG,MAAM,sBAAsB,EAAE,CAAC;IAEzD,IAAI,iBAAiB,CAAC,SAAS,EAAE,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,iCAAiC,EAAE,EAAE,OAAO,EAAE,iBAAiB,CAAC,OAAO,EAAE,CAAC,CAAC;QACvF,OAAO,WAAW,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IAC7C,CAAC;IAED,oCAAoC;IACpC,MAAM,CAAC,IAAI,CAAC,iCAAiC,EAAE;QAC7C,MAAM,EAAE,8CAA8C;KACvD,CAAC,CAAC;IACH,OAAO,eAAe,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,WAAW,CAAC,WAAmB,EAAE,SAAiB;IAC/D,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAE5C,+BAA+B;IAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;IACvD,MAAM,IAAI,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;IAE9G,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,UAAU,CAAC,CAAC;QACvB,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAClC,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,+BAA+B;IACjC,CAAC;IAED,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,QAA4B,CAAC;IAEjC,IAAI,CAAC;QACH,8DAA8D;QAC9D,uDAAuD;QACvD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,UAAU,EAAE,IAAI,EAAE;YAChD,GAAG,EAAE,WAAW;YAChB,OAAO,EAAE,MAAM,EAAE,mBAAmB;SACrC,CAAC,CAAC;QACH,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QACvB,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;IAC7B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,YAAY,IAAI,GAAG,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;YACzD,6DAA6D;YAC7D,wCAAwC;YACxC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,OAAO;gBACL,OAAO,EAAE,UAAU;gBACnB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,SAAS,CAAmB,MAAM,EAAE,iBAAiB,CAAC,CAAC;YAEvE,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC7B,MAAM,YAAY,GAAG,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC;gBAEvE,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,UAAU;oBACnB,MAAM,EAAE,YAAY,MAAM,CAAC,MAAM,EAAE;oBACnC,IAAI,EAAE,YAAY;oBAClB,IAAI,EAAE,MAAM,CAAC,SAAS;oBACtB,MAAM,EAAE,MAAM,CAAC,WAAW;oBAC1B,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,SAAS,EAAE,MAAM,CAAC,SAAS;oBAC3B,OAAO,EAAE,MAAM,CAAC,WAAW;oBAC3B,QAAQ,EAAE,UAAU,EAAE,2BAA2B;oBACjD,UAAU,EAAE,GAAG;oBACf,QAAQ,EAAE,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC;oBACpC,QAAQ,EAAE;wBACR,OAAO,EAAE,MAAM,CAAC,OAAO;wBACvB,WAAW,EAAE,MAAM,CAAC,WAAW;wBAC/B,IAAI,EAAE,MAAM,CAAC,IAAI;qBAClB;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,OAAO,UAAU,EAAE,CAAC;YACpB,gCAAgC;YAChC,MAAM,CAAC,KAAK,CAAC,+BAA+B,EAAE;gBAC5C,KAAK,EAAE,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC;aAC7E,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,UAAU;QACnB,QAAQ;QACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;QAChC,OAAO,EAAE,IAAI;QACb,QAAQ;KACT,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAAC,WAAmB,EAAE,SAAiB;IACnE,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAC5C,IAAI,YAAY,GAAG,CAAC,CAAC;IAErB,KAAK,UAAU,aAAa,CAAC,OAAe;QAC1C,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAEhE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAC3C,MAAM,YAAY,GAAG,QAAQ,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;YAErD,yBAAyB;YACzB,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC;gBAChE,SAAS;YACX,CAAC;YAED,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;YAChC,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;gBAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC9C,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;gBAE7E,IAAI,UAAU,EAAE,CAAC;oBACf,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;oBAC5D,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;oBAC/B,YAAY,EAAE,CAAC;gBACjB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,aAAa,CAAC,WAAW,CAAC,CAAC;QAEjC,MAAM,CAAC,IAAI,CAAC,iCAAiC,EAAE;YAC7C,YAAY;YACZ,aAAa,EAAE,QAAQ,CAAC,MAAM;YAC9B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,UAAU,EAAE,oCAAoC;YACzD,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,IAAI;YACb,YAAY;YACZ,SAAS,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SAC9C,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5E,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC;QAEjE,OAAO;YACL,OAAO,EAAE,UAAU;YACnB,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,YAAY;SACpB,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,QAAQ,CAAC,QAAgB,EAAE,YAAoB;IAC5D,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAE5C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;YACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;YAE5B,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;gBACtC,oBAAoB;gBACpB,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;gBAE9B,IAAI,KAA6B,CAAC;gBAClC,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBACrD,sCAAsC;oBACtC,IAAI,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;wBAAE,SAAS;oBAEtC,4BAA4B;oBAC5B,IAAI,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC;wBAAE,SAAS;oBAE7C,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,UAAU;wBACnB,MAAM,EAAE,YAAY,OAAO,CAAC,IAAI,EAAE;wBAClC,IAAI,EAAE,YAAY;wBAClB,IAAI,EAAE,OAAO,GAAG,CAAC;wBACjB,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,CAAC;wBACvB,OAAO,EAAE,OAAO,CAAC,WAAW;wBAC5B,QAAQ,EAAE,UAAU;wBACpB,UAAU,EAAE,GAAG;wBACf,QAAQ,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;qBACjC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,gCAAgC;IAClC,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,KAAa;IAClC,MAAM,KAAK,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IAClC,OAAO,CACL,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC;QACzB,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC;QAC7B,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;QACvB,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC;QACrB,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC;QACrB,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC;QACrB,KAAK,KAAK,IAAI;QACd,KAAK,KAAK,IAAI;QACd,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAC1B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,IAAY,EAAE,QAAgB;IACjD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC5C,OAAO,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AAClE,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,MAAc;IAClC,IAAI,MAAM,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;QACxB,OAAO,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IACD,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;IAChE,OAAO,CACL,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC;QAC7B,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,YAAY,GAAG,CAAC,CAAC;QAC5C,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAC5B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAK1C,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,UAAU,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;IAC3D,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IACtC,CAAC;IACD,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;AAC3D,CAAC"}
|
|
@@ -17,6 +17,8 @@ export declare function runSemgrep(projectPath: string, options?: {
|
|
|
17
17
|
configs?: string[];
|
|
18
18
|
customRulesDir?: string;
|
|
19
19
|
timeout?: number;
|
|
20
|
+
/** Include the built-in taint rules (SQLi/cmd/SSRF). Default true. */
|
|
21
|
+
includeBuiltinRules?: boolean;
|
|
20
22
|
}): Promise<ScannerResult>;
|
|
21
23
|
/**
|
|
22
24
|
* Check if Semgrep is available
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"semgrep.d.ts","sourceRoot":"","sources":["../../src/scanners/semgrep.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,OAAO,KAAK,EAAwB,aAAa,EAAe,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"semgrep.d.ts","sourceRoot":"","sources":["../../src/scanners/semgrep.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,OAAO,KAAK,EAAwB,aAAa,EAAe,MAAM,YAAY,CAAC;AAiFnF;;GAEG;AACH,wBAAsB,UAAU,CAC9B,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IACR,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,sEAAsE;IACtE,mBAAmB,CAAC,EAAE,OAAO,CAAC;CAC/B,GACA,OAAO,CAAC,aAAa,CAAC,CA+GxB;AAmJD;;GAEG;AACH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC;IACrD,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC,CAmCD;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA6D9E"}
|
package/dist/scanners/semgrep.js
CHANGED
|
@@ -13,6 +13,7 @@ import spawn from "cross-spawn";
|
|
|
13
13
|
import { access, mkdir, writeFile } from "fs/promises";
|
|
14
14
|
import { join, relative } from "path";
|
|
15
15
|
import { logger } from "../logger.js";
|
|
16
|
+
import { getBuiltinRulesPath } from "./builtin-rules.js";
|
|
16
17
|
/**
|
|
17
18
|
* Default Semgrep rule configs to use
|
|
18
19
|
*/
|
|
@@ -62,6 +63,17 @@ export async function runSemgrep(projectPath, options) {
|
|
|
62
63
|
for (const config of configs) {
|
|
63
64
|
configArgs.push("--config", config);
|
|
64
65
|
}
|
|
66
|
+
// Always include the built-in taint rules — they catch SQL injection,
|
|
67
|
+
// command injection, and SSRF, which the free community rulesets do
|
|
68
|
+
// NOT (those need `semgrep login`). Works offline.
|
|
69
|
+
if (options?.includeBuiltinRules !== false) {
|
|
70
|
+
try {
|
|
71
|
+
configArgs.push("--config", await getBuiltinRulesPath());
|
|
72
|
+
}
|
|
73
|
+
catch {
|
|
74
|
+
// Non-fatal: fall back to the configured rulesets only.
|
|
75
|
+
}
|
|
76
|
+
}
|
|
65
77
|
// Add custom rules directory if provided
|
|
66
78
|
if (options?.customRulesDir) {
|
|
67
79
|
try {
|