verification-layer 0.10.0 → 0.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +37 -0
- package/dist/acknowledgments.d.ts +22 -0
- package/dist/acknowledgments.d.ts.map +1 -0
- package/dist/acknowledgments.js +97 -0
- package/dist/acknowledgments.js.map +1 -0
- package/dist/baseline.d.ts +48 -0
- package/dist/baseline.d.ts.map +1 -0
- package/dist/baseline.js +86 -0
- package/dist/baseline.js.map +1 -0
- package/dist/cli.js +102 -7
- package/dist/cli.js.map +1 -1
- package/dist/index.d.ts +5 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +3 -0
- package/dist/index.js.map +1 -1
- package/dist/reporters/index.d.ts.map +1 -1
- package/dist/reporters/index.js +14 -5
- package/dist/reporters/index.js.map +1 -1
- package/dist/rules/scanner.d.ts.map +1 -1
- package/dist/rules/scanner.js +2 -0
- package/dist/rules/scanner.js.map +1 -1
- package/dist/rules/schema.d.ts +24 -0
- package/dist/rules/schema.d.ts.map +1 -1
- package/dist/rules/schema.js +4 -0
- package/dist/rules/schema.js.map +1 -1
- package/dist/scan.d.ts.map +1 -1
- package/dist/scan.js +44 -1
- package/dist/scan.js.map +1 -1
- package/dist/semantic-analysis.d.ts +19 -0
- package/dist/semantic-analysis.d.ts.map +1 -0
- package/dist/semantic-analysis.js +220 -0
- package/dist/semantic-analysis.js.map +1 -0
- package/dist/suppression.d.ts +14 -0
- package/dist/suppression.d.ts.map +1 -0
- package/dist/suppression.js +110 -0
- package/dist/suppression.js.map +1 -0
- package/dist/types.d.ts +38 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +11 -2
package/dist/types.d.ts
CHANGED
|
@@ -6,6 +6,7 @@ export interface ContextLine {
|
|
|
6
6
|
isMatch: boolean;
|
|
7
7
|
}
|
|
8
8
|
export type FixType = 'sql-injection-template' | 'sql-injection-concat' | 'hardcoded-password' | 'hardcoded-secret' | 'api-key-exposed' | 'phi-console-log' | 'http-url' | 'innerhtml-unsanitized' | 'phi-localstorage' | 'phi-url-param' | 'phi-log-unredacted' | 'cookie-insecure' | 'backup-unencrypted';
|
|
9
|
+
export type Confidence = 'high' | 'medium' | 'low';
|
|
9
10
|
export interface Finding {
|
|
10
11
|
id: string;
|
|
11
12
|
category: ComplianceCategory;
|
|
@@ -19,6 +20,22 @@ export interface Finding {
|
|
|
19
20
|
hipaaReference?: string;
|
|
20
21
|
context?: ContextLine[];
|
|
21
22
|
fixType?: FixType;
|
|
23
|
+
confidence?: Confidence;
|
|
24
|
+
adjustConfidenceByContext?: boolean;
|
|
25
|
+
acknowledged?: boolean;
|
|
26
|
+
acknowledgment?: {
|
|
27
|
+
reason: string;
|
|
28
|
+
acknowledgedBy: string;
|
|
29
|
+
acknowledgedAt: string;
|
|
30
|
+
ticketUrl?: string;
|
|
31
|
+
expired?: boolean;
|
|
32
|
+
};
|
|
33
|
+
suppressed?: boolean;
|
|
34
|
+
suppression?: {
|
|
35
|
+
reason: string;
|
|
36
|
+
comment: string;
|
|
37
|
+
};
|
|
38
|
+
isBaseline?: boolean;
|
|
22
39
|
}
|
|
23
40
|
export interface StackInfo {
|
|
24
41
|
framework: string;
|
|
@@ -42,6 +59,8 @@ export interface ScanOptions {
|
|
|
42
59
|
configFile?: string;
|
|
43
60
|
config?: VlayerConfig;
|
|
44
61
|
fix?: boolean;
|
|
62
|
+
baselineFile?: string;
|
|
63
|
+
minConfidence?: Confidence;
|
|
45
64
|
}
|
|
46
65
|
export interface Scanner {
|
|
47
66
|
name: string;
|
|
@@ -53,6 +72,10 @@ export interface Report {
|
|
|
53
72
|
targetPath: string;
|
|
54
73
|
summary: {
|
|
55
74
|
total: number;
|
|
75
|
+
acknowledged: number;
|
|
76
|
+
suppressed: number;
|
|
77
|
+
baseline: number;
|
|
78
|
+
unacknowledged: number;
|
|
56
79
|
critical: number;
|
|
57
80
|
high: number;
|
|
58
81
|
medium: number;
|
|
@@ -68,6 +91,17 @@ export interface ReportOptions {
|
|
|
68
91
|
format: 'json' | 'html' | 'markdown';
|
|
69
92
|
outputPath?: string;
|
|
70
93
|
}
|
|
94
|
+
export interface AcknowledgedFinding {
|
|
95
|
+
pattern: string;
|
|
96
|
+
id?: string;
|
|
97
|
+
category?: ComplianceCategory;
|
|
98
|
+
severity?: Severity;
|
|
99
|
+
reason: string;
|
|
100
|
+
acknowledgedBy: string;
|
|
101
|
+
acknowledgedAt: string;
|
|
102
|
+
expiresAt?: string;
|
|
103
|
+
ticketUrl?: string;
|
|
104
|
+
}
|
|
71
105
|
export interface VlayerConfig {
|
|
72
106
|
exclude?: string[];
|
|
73
107
|
ignorePaths?: string[];
|
|
@@ -76,6 +110,7 @@ export interface VlayerConfig {
|
|
|
76
110
|
categories?: ComplianceCategory[];
|
|
77
111
|
customRulesPath?: string;
|
|
78
112
|
disableBuiltinRules?: string[];
|
|
113
|
+
acknowledgedFindings?: AcknowledgedFinding[];
|
|
79
114
|
}
|
|
80
115
|
export interface FixResult {
|
|
81
116
|
finding: Finding;
|
|
@@ -166,5 +201,8 @@ export interface CompiledCustomRule {
|
|
|
166
201
|
fix?: CustomRuleFix;
|
|
167
202
|
compiledPattern: RegExp;
|
|
168
203
|
compiledMustNotContain?: RegExp;
|
|
204
|
+
confidence?: Confidence;
|
|
205
|
+
contexts?: Array<'code' | 'string' | 'comment' | 'template'>;
|
|
206
|
+
adjustConfidenceByContext?: boolean;
|
|
169
207
|
}
|
|
170
208
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAEvE,MAAM,MAAM,kBAAkB,GAC1B,cAAc,GACd,YAAY,GACZ,eAAe,GACf,gBAAgB,GAChB,gBAAgB,CAAC;AAErB,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,MAAM,OAAO,GACf,wBAAwB,GACxB,sBAAsB,GACtB,oBAAoB,GACpB,kBAAkB,GAClB,iBAAiB,GACjB,iBAAiB,GACjB,UAAU,GACV,uBAAuB,GACvB,kBAAkB,GAClB,eAAe,GACf,oBAAoB,GACpB,iBAAiB,GACjB,oBAAoB,CAAC;AAEzB,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,OAAO,CAAC,EAAE,WAAW,EAAE,CAAC;IACxB,OAAO,CAAC,EAAE,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAEvE,MAAM,MAAM,kBAAkB,GAC1B,cAAc,GACd,YAAY,GACZ,eAAe,GACf,gBAAgB,GAChB,gBAAgB,CAAC;AAErB,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,MAAM,OAAO,GACf,wBAAwB,GACxB,sBAAsB,GACtB,oBAAoB,GACpB,kBAAkB,GAClB,iBAAiB,GACjB,iBAAiB,GACjB,UAAU,GACV,uBAAuB,GACvB,kBAAkB,GAClB,eAAe,GACf,oBAAoB,GACpB,iBAAiB,GACjB,oBAAoB,CAAC;AAEzB,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAEnD,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,OAAO,CAAC,EAAE,WAAW,EAAE,CAAC;IACxB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,yBAAyB,CAAC,EAAE,OAAO,CAAC;IACpC,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,cAAc,CAAC,EAAE;QACf,MAAM,EAAE,MAAM,CAAC;QACf,cAAc,EAAE,MAAM,CAAC;QACvB,cAAc,EAAE,MAAM,CAAC;QACvB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB,CAAC;IACF,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,WAAW,CAAC,EAAE;QACZ,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,SAAS;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,SAAS,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,kBAAkB,EAAE,CAAC;IAClC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,UAAU,CAAC;CAC5B;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;CACjE;AAED,MAAM,WAAW,MAAM;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,YAAY,EAAE,MAAM,CAAC;QACrB,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,EAAE,MAAM,CAAC;QACjB,cAAc,EAAE,MAAM,CAAC;QACvB,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,SAAS,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;IACrC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,QAAQ,CAAC,EAAE,kBAAkB,CAAC;IAC9B,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,kBAAkB,EAAE,CAAC;IAClC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,oBAAoB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC9C;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,OAAO,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,SAAS;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,SAAS,EAAE,CAAC;CACpB;AAID,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,YAAY,CAAC;IACrB,KAAK,EAAE,YAAY,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,MAAM,kBAAkB,GAC1B,gBAAgB,GAChB,UAAU,GACV,aAAa,GACb,UAAU,GACV,eAAe,CAAC;AAEpB,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,kBAAkB,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,aAAa,EAAE,gBAAgB,EAAE,CAAC;IAClC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAID,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,SAAS,GAAG,QAAQ,GAAG,MAAM,CAAC;IACpC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE;QACR,MAAM,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,QAAQ,EAAE,QAAQ,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,GAAG,CAAC,EAAE,aAAa,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;IACxB,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAEhC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,QAAQ,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,QAAQ,GAAG,SAAS,GAAG,UAAU,CAAC,CAAC;IAC7D,yBAAyB,CAAC,EAAE,OAAO,CAAC;CACrC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "verification-layer",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.12.0",
|
|
4
4
|
"description": "CLI tool for HIPAA compliance scanning and reporting",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -40,7 +40,15 @@
|
|
|
40
40
|
"phi",
|
|
41
41
|
"audit",
|
|
42
42
|
"encryption",
|
|
43
|
-
"medical"
|
|
43
|
+
"medical",
|
|
44
|
+
"protected-health-information",
|
|
45
|
+
"vulnerability-scanner",
|
|
46
|
+
"static-analysis",
|
|
47
|
+
"security-scanner",
|
|
48
|
+
"hipaa-compliance",
|
|
49
|
+
"baseline",
|
|
50
|
+
"suppression",
|
|
51
|
+
"github-action"
|
|
44
52
|
],
|
|
45
53
|
"author": "Simon Franco",
|
|
46
54
|
"license": "MIT",
|
|
@@ -66,6 +74,7 @@
|
|
|
66
74
|
},
|
|
67
75
|
"dependencies": {
|
|
68
76
|
"@types/pdfkit": "^0.17.4",
|
|
77
|
+
"@typescript-eslint/typescript-estree": "^8.54.0",
|
|
69
78
|
"chalk": "^5.3.0",
|
|
70
79
|
"commander": "^12.0.0",
|
|
71
80
|
"glob": "^10.3.0",
|