wormclaude 1.0.172 → 1.0.173

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/commands.js CHANGED
@@ -273,6 +273,8 @@ function formatFinding(x) {
273
273
  return `${sev}${tt('missing security headers', 'eksik güvenlik başlıkları')}: ${(x.missing || []).join(', ')}`;
274
274
  if (x.type === 'path')
275
275
  return `${sev}${tt('path', 'yol')} ${x.url || ''} → ${x.status || ''}`;
276
+ if (x.type === 'info')
277
+ return `${sev}${x.evidence || x.url || 'info'}`;
276
278
  if (x.value)
277
279
  return `${x.value}`;
278
280
  // GENEL: şablon bulguları (ssrf/ssti/lfi/ldap/cmd-injection/nosql/open-redirect/crlf/graphql/cors/exposure…)
@@ -317,7 +319,7 @@ export function summarizeScan(target, findings) {
317
319
  if (low.length)
318
320
  out.push((L ? `🔵 ${low.length} düşük (minör): ` : `🔵 ${low.length} low (minor): `) + grp(low, false).map((s) => s.replace(/^ {2}• /, '')).join('; '));
319
321
  if (info.length)
320
- out.push((L ? `⚪ ${info.length} bilgi (korumalı/bilgilendirme): ` : `⚪ ${info.length} info: `) + grp(info, false).map((s) => s.replace(/^ {2}• /, '')).join('; '));
322
+ out.push((L ? `⚪ ${info.length} bilgi: ` : `⚪ ${info.length} info: `) + info.map((f) => (f.evidence || f.type || '').toString().split(' — ')[0]).slice(0, 5).join(' · '));
321
323
  // verdict
322
324
  if (high.length)
323
325
  out.push(L ? `\n➤ Sonuç: ${high.length} GERÇEK yüksek-risk açık — acil düzeltilmeli. Detaylı rapor için: /report`
@@ -496,6 +498,17 @@ async function fullScanCmd(arg, ctx) {
496
498
  all.push(...f);
497
499
  ctx.note(` ${label}: ${f.length} ${tt('finding(s)', 'bulgu')}`);
498
500
  }
501
+ // "Parametreli uç bulunamadı" notlarını TEK mesaja topla (her inject tarayıcı bir tane ekliyor → 12 kopya).
502
+ const _np = all.filter((f) => f.note === 'no_params');
503
+ if (_np.length) {
504
+ for (let i = all.length - 1; i >= 0; i--)
505
+ if (all[i].note === 'no_params')
506
+ all.splice(i, 1);
507
+ if (_np.length >= 2) {
508
+ all.push({ type: 'info', severity: 'info', url: target, note: 'no_params',
509
+ evidence: tt(`${_np.length} injection scanners found NO GET parameter to test — target inputs are likely POST forms / behind login (not covered by GET-based scanning; use a parameterized URL or test manually).`, `${_np.length} enjeksiyon tarayıcısı test edecek GET parametresi BULAMADI — hedefin girdileri muhtemelen POST form / login-arkası (GET taraması kapsamı dışı; parametreli URL ver ya da manuel test et).`) });
510
+ }
511
+ }
499
512
  const order = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
500
513
  all.sort((a, b) => (order[a.severity] ?? 9) - (order[b.severity] ?? 9));
501
514
  setLastScan(target, all); // /report için sakla
package/dist/theme.js CHANGED
@@ -16,4 +16,4 @@ export const theme = {
16
16
  synType: '#a78bfa', // tip/sınıf adları, sabitler
17
17
  synProp: '#e0e0e0', // özellik/anahtar adları
18
18
  };
19
- export const VERSION = '1.0.172';
19
+ export const VERSION = '1.0.173';
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "wormclaude",
3
- "version": "1.0.172",
3
+ "version": "1.0.173",
4
4
  "description": "WormClaude CLI - uncensored security+code assistant (ink TUI, Claude-style)",
5
5
  "type": "module",
6
6
  "bin": {