xploitscan-shared-rules 1.2.2 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/index.cjs +1792 -194
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +65 -1
- package/dist/index.d.ts +65 -1
- package/dist/index.js +1743 -194
- package/dist/index.js.map +1 -1
- package/package.json +2 -1
package/dist/index.d.cts
CHANGED
|
@@ -51,6 +51,22 @@ interface CustomRule {
|
|
|
51
51
|
*/
|
|
52
52
|
declare function getSnippet(content: string, line: number, contextLines?: number): string;
|
|
53
53
|
|
|
54
|
+
/**
|
|
55
|
+
* Real-world consequence descriptions for VC### rules.
|
|
56
|
+
*
|
|
57
|
+
* Surfaced in the scan results UI ("Impact:" line) and in the AI summary
|
|
58
|
+
* email so users understand *why* a finding matters, not just what it is.
|
|
59
|
+
*
|
|
60
|
+
* Lives in shared-rules so the CLI, the web API, the standalone API, and any
|
|
61
|
+
* future surface read the same copy. Previously this map was duplicated
|
|
62
|
+
* inline inside both API entrypoints — the kind of place the
|
|
63
|
+
* `totalRules: 158` drift bug came from.
|
|
64
|
+
*
|
|
65
|
+
* Adding a rule? Add its impact string here so it shows up everywhere at
|
|
66
|
+
* once. If a rule has no entry, the UI falls back to the rule description.
|
|
67
|
+
*/
|
|
68
|
+
declare const RULE_IMPACTS: Record<string, string>;
|
|
69
|
+
|
|
54
70
|
declare const hardcodedSecrets: CustomRule;
|
|
55
71
|
declare const exposedEnvFile: CustomRule;
|
|
56
72
|
declare const missingAuthMiddleware: CustomRule;
|
|
@@ -212,6 +228,54 @@ declare const hardcodedVercelToken: CustomRule;
|
|
|
212
228
|
declare const hardcodedSupabaseServiceRole: CustomRule;
|
|
213
229
|
declare const hardcodedVaultToken: CustomRule;
|
|
214
230
|
declare const hardcodedPineconeKey: CustomRule;
|
|
231
|
+
declare const hardcodedCohereKey: CustomRule;
|
|
232
|
+
declare const hardcodedReplicateKey: CustomRule;
|
|
233
|
+
declare const hardcodedMistralKey: CustomRule;
|
|
234
|
+
declare const hardcodedTogetherKey: CustomRule;
|
|
235
|
+
declare const hardcodedGroqKey: CustomRule;
|
|
236
|
+
declare const hardcodedFireworksKey: CustomRule;
|
|
237
|
+
declare const hardcodedPostmarkKey: CustomRule;
|
|
238
|
+
declare const hardcodedResendKey: CustomRule;
|
|
239
|
+
declare const hardcodedLoopsKey: CustomRule;
|
|
240
|
+
declare const hardcodedCloudflareToken: CustomRule;
|
|
241
|
+
declare const hardcodedFastlyToken: CustomRule;
|
|
242
|
+
declare const hardcodedNetlifyToken: CustomRule;
|
|
243
|
+
declare const hardcodedRailwayToken: CustomRule;
|
|
244
|
+
declare const hardcodedFlyToken: CustomRule;
|
|
245
|
+
declare const hardcodedAlgoliaAdminKey: CustomRule;
|
|
246
|
+
declare const hardcodedQdrantKey: CustomRule;
|
|
247
|
+
declare const hardcodedWeaviateKey: CustomRule;
|
|
248
|
+
declare const hardcodedLinearKey: CustomRule;
|
|
249
|
+
declare const hardcodedNotionKey: CustomRule;
|
|
250
|
+
declare const hardcodedDiscordToken: CustomRule;
|
|
251
|
+
declare const hardcodedIntercomToken: CustomRule;
|
|
252
|
+
declare const hardcodedSentryAuthToken: CustomRule;
|
|
253
|
+
declare const hardcodedLogtailToken: CustomRule;
|
|
254
|
+
declare const hardcodedHighlightKey: CustomRule;
|
|
255
|
+
declare const hardcodedPlivoToken: CustomRule;
|
|
256
|
+
declare const ghaPullRequestTargetCheckout: CustomRule;
|
|
257
|
+
declare const ghaPermissionsWriteAll: CustomRule;
|
|
258
|
+
declare const ghaExpressionInjection: CustomRule;
|
|
259
|
+
declare const ghaThirdPartyActionWithSecrets: CustomRule;
|
|
260
|
+
declare const dockerfileADDInsteadOfCOPY: CustomRule;
|
|
261
|
+
declare const dockerfileUnverifiedShellPipe: CustomRule;
|
|
262
|
+
declare const dockerfileMissingHealthcheck: CustomRule;
|
|
263
|
+
declare const pyRequestsVerifyFalse: CustomRule;
|
|
264
|
+
declare const pyJinja2AutoescapeOff: CustomRule;
|
|
265
|
+
declare const pyTempfileMktemp: CustomRule;
|
|
266
|
+
declare const pyDjangoMarkSafe: CustomRule;
|
|
267
|
+
declare const pyParamikoAutoAdd: CustomRule;
|
|
268
|
+
declare const pyDjangoAllowedHostsWildcard: CustomRule;
|
|
269
|
+
declare const pyJWTDecodeWeakConfig: CustomRule;
|
|
270
|
+
declare const llmPromptInjection: CustomRule;
|
|
271
|
+
declare const llmSystemPromptInjection: CustomRule;
|
|
272
|
+
declare const llmOutputAsHTML: CustomRule;
|
|
273
|
+
declare const vectorStoreQueryNoUserFilter: CustomRule;
|
|
274
|
+
declare const vectorStoreUpsertNoMetadata: CustomRule;
|
|
275
|
+
declare const llmCallNoMaxTokens: CustomRule;
|
|
276
|
+
declare const graphqlNoDepthLimit: CustomRule;
|
|
277
|
+
declare const graphqlNoComplexityLimit: CustomRule;
|
|
278
|
+
declare const graphqlCSRFDisabled: CustomRule;
|
|
215
279
|
declare const secretInURLParam: CustomRule;
|
|
216
280
|
declare const secretLoggedToConsole: CustomRule;
|
|
217
281
|
declare const secretInErrorResponse: CustomRule;
|
|
@@ -403,4 +467,4 @@ declare function getObjectProperty(node: ObjectExpression, key: string): {
|
|
|
403
467
|
/** Does this CallExpression spread an expression `matcher` returns true for? */
|
|
404
468
|
declare function callSpreads(call: CallExpression, matcher: (node: Node) => boolean): boolean;
|
|
405
469
|
|
|
406
|
-
export { type AIFilterResult, type Confidence, type CustomRule, type DetectedFramework, type FilteredFinding, type Finding, type GradeResult, type ParsedFile, type RuleMatch, type SecurityGrade, type Severity, type TaintMap, allCustomRules, allRules, androidDebuggable, blockingMainThread, buildTaintMap, calculateGrade, callSpreads, callbackHell, clickjacking, clientComponentSecret, clientSideAuth, commandInjection, complianceMap, consoleLogProduction, corsLocalhost, corsServerless, corsWildcard, dangerousInnerHTML, deprecatedTLS, detectFramework, disabledTLSVerification, djangoDebug, dockerCopySensitive, dockerLatestTag, dockerRunAsRoot, dockerTooManyPorts, ecbModeEncryption, electronNavigationUnrestricted, emptyCatchBlock, envNotGitignored, evalUsage, eventListenerLeak, exposedAdminRoutes, exposedAuthSecret, exposedDBCredentials, exposedDatabaseStudio, exposedDebugMode, exposedDockerPorts, exposedEnvFile, exposedGitDir, exposedServerActions, exposedSourceMaps, exposedStackTraces, filterFalsePositives, firebaseClientConfig, flaskSecretKey, freeRules, getObjectProperty, getSnippet, githubActionsInjection, graphqlIntrospection, hardcodedAnthropicKey, hardcodedDatadogKey, hardcodedEncryptionKey, hardcodedGCPServiceAccount, hardcodedGitHubPAT, hardcodedGitLabToken, hardcodedIPAllowlist, hardcodedJWTSecret, hardcodedMailgunKey, hardcodedOAuthSecret, hardcodedPineconeKey, hardcodedSecrets, hardcodedSendGridKey, hardcodedShopifyToken, hardcodedSlackToken, hardcodedSupabaseServiceRole, hardcodedTwilioKey, hardcodedVaultToken, hardcodedVercelToken, hostHeaderRedirect, httpRequestSmuggling, insecureCookies, insecureDeepLink, insecureDeserialization, insecureDirectObjectReference, insecureElectronWindow, insecureFileUpload, insecureGRPC, insecureHTTPMethods, insecurePasswordReset, insecureRandomness, insecureWebSocket, ipcPathTraversal, isCalleeNamed, isMethodCall, javaDeserialization, jwtAlgConfusion, k8sNoResourceLimits, k8sPrivileged, k8sSecretNotEncrypted, lambdaWithoutVPC, largeBundleImport, logInjection, magicNumbers, massAssignment, missingAIRateLimit, missingAuthMiddleware, missingAuthRateLimit, missingBruteForce, missingCSP, missingCSRF, missingCertPinning, missingCloudTrail, missingContentDisposition, missingDBEncryption, missingErrorBoundary, missingFileSizeLimits, missingHSTS, missingHTTPS, missingLockFile, missingOAuthState, missingPagination, missingRequestSizeLimit, missingRequestValidation, missingSRI, missingSecurityMeta, nPlusOneQuery, nextPublicSecret, noRateLimiting, nosqlInjection, openRedirectParams, overlyPermissiveIAM, parseFile, pathTraversal, pickleDeserialization, piiInLogs, prototypePollution, raceCondition, rdsPubliclyAccessible, reflectedCORSOrigin, regexDos, runCustomRules, s3BucketNoEncryption, scanEntropy, secretInBundleConfig, secretInCLIArgument, secretInErrorResponse, secretInHTMLAttribute, secretInURLParam, secretLoggedToConsole, secretsInCI, securityGroupAllInbound, sensitiveAsyncStorage, sensitiveLocalStorage, sensitiveURLParams, sessionFixation, sqlInjection, ssrfVulnerability, ssti, stripeWebhookUnprotected, supabaseAnonAdmin, supabaseNoRLS, syncFileOps, terraformStateExposed, timingAttack, todoLeftInCode, unencryptedPII, unpinnedGitHubAction, unprotectedAPIRoutes, unprotectedDownload, unsafeObjectAssign, unsanitizedFilenames, unsanitizedHTMLExport, unvalidatedAPIParams, unvalidatedEventData, unvalidatedRedirect, visitBinary, visitCalls, vulnerableDependencies, weakHashing, weakPasswordRequirements, weakRSAKeySize, webhookSignatureVerification, xssVulnerability, xxeVulnerability };
|
|
470
|
+
export { type AIFilterResult, type Confidence, type CustomRule, type DetectedFramework, type FilteredFinding, type Finding, type GradeResult, type ParsedFile, RULE_IMPACTS, type RuleMatch, type SecurityGrade, type Severity, type TaintMap, allCustomRules, allRules, androidDebuggable, blockingMainThread, buildTaintMap, calculateGrade, callSpreads, callbackHell, clickjacking, clientComponentSecret, clientSideAuth, commandInjection, complianceMap, consoleLogProduction, corsLocalhost, corsServerless, corsWildcard, dangerousInnerHTML, deprecatedTLS, detectFramework, disabledTLSVerification, djangoDebug, dockerCopySensitive, dockerLatestTag, dockerRunAsRoot, dockerTooManyPorts, dockerfileADDInsteadOfCOPY, dockerfileMissingHealthcheck, dockerfileUnverifiedShellPipe, ecbModeEncryption, electronNavigationUnrestricted, emptyCatchBlock, envNotGitignored, evalUsage, eventListenerLeak, exposedAdminRoutes, exposedAuthSecret, exposedDBCredentials, exposedDatabaseStudio, exposedDebugMode, exposedDockerPorts, exposedEnvFile, exposedGitDir, exposedServerActions, exposedSourceMaps, exposedStackTraces, filterFalsePositives, firebaseClientConfig, flaskSecretKey, freeRules, getObjectProperty, getSnippet, ghaExpressionInjection, ghaPermissionsWriteAll, ghaPullRequestTargetCheckout, ghaThirdPartyActionWithSecrets, githubActionsInjection, graphqlCSRFDisabled, graphqlIntrospection, graphqlNoComplexityLimit, graphqlNoDepthLimit, hardcodedAlgoliaAdminKey, hardcodedAnthropicKey, hardcodedCloudflareToken, hardcodedCohereKey, hardcodedDatadogKey, hardcodedDiscordToken, hardcodedEncryptionKey, hardcodedFastlyToken, hardcodedFireworksKey, hardcodedFlyToken, hardcodedGCPServiceAccount, hardcodedGitHubPAT, hardcodedGitLabToken, hardcodedGroqKey, hardcodedHighlightKey, hardcodedIPAllowlist, hardcodedIntercomToken, hardcodedJWTSecret, hardcodedLinearKey, hardcodedLogtailToken, hardcodedLoopsKey, hardcodedMailgunKey, hardcodedMistralKey, hardcodedNetlifyToken, hardcodedNotionKey, hardcodedOAuthSecret, hardcodedPineconeKey, hardcodedPlivoToken, hardcodedPostmarkKey, hardcodedQdrantKey, hardcodedRailwayToken, hardcodedReplicateKey, hardcodedResendKey, hardcodedSecrets, hardcodedSendGridKey, hardcodedSentryAuthToken, hardcodedShopifyToken, hardcodedSlackToken, hardcodedSupabaseServiceRole, hardcodedTogetherKey, hardcodedTwilioKey, hardcodedVaultToken, hardcodedVercelToken, hardcodedWeaviateKey, hostHeaderRedirect, httpRequestSmuggling, insecureCookies, insecureDeepLink, insecureDeserialization, insecureDirectObjectReference, insecureElectronWindow, insecureFileUpload, insecureGRPC, insecureHTTPMethods, insecurePasswordReset, insecureRandomness, insecureWebSocket, ipcPathTraversal, isCalleeNamed, isMethodCall, javaDeserialization, jwtAlgConfusion, k8sNoResourceLimits, k8sPrivileged, k8sSecretNotEncrypted, lambdaWithoutVPC, largeBundleImport, llmCallNoMaxTokens, llmOutputAsHTML, llmPromptInjection, llmSystemPromptInjection, logInjection, magicNumbers, massAssignment, missingAIRateLimit, missingAuthMiddleware, missingAuthRateLimit, missingBruteForce, missingCSP, missingCSRF, missingCertPinning, missingCloudTrail, missingContentDisposition, missingDBEncryption, missingErrorBoundary, missingFileSizeLimits, missingHSTS, missingHTTPS, missingLockFile, missingOAuthState, missingPagination, missingRequestSizeLimit, missingRequestValidation, missingSRI, missingSecurityMeta, nPlusOneQuery, nextPublicSecret, noRateLimiting, nosqlInjection, openRedirectParams, overlyPermissiveIAM, parseFile, pathTraversal, pickleDeserialization, piiInLogs, prototypePollution, pyDjangoAllowedHostsWildcard, pyDjangoMarkSafe, pyJWTDecodeWeakConfig, pyJinja2AutoescapeOff, pyParamikoAutoAdd, pyRequestsVerifyFalse, pyTempfileMktemp, raceCondition, rdsPubliclyAccessible, reflectedCORSOrigin, regexDos, runCustomRules, s3BucketNoEncryption, scanEntropy, secretInBundleConfig, secretInCLIArgument, secretInErrorResponse, secretInHTMLAttribute, secretInURLParam, secretLoggedToConsole, secretsInCI, securityGroupAllInbound, sensitiveAsyncStorage, sensitiveLocalStorage, sensitiveURLParams, sessionFixation, sqlInjection, ssrfVulnerability, ssti, stripeWebhookUnprotected, supabaseAnonAdmin, supabaseNoRLS, syncFileOps, terraformStateExposed, timingAttack, todoLeftInCode, unencryptedPII, unpinnedGitHubAction, unprotectedAPIRoutes, unprotectedDownload, unsafeObjectAssign, unsanitizedFilenames, unsanitizedHTMLExport, unvalidatedAPIParams, unvalidatedEventData, unvalidatedRedirect, vectorStoreQueryNoUserFilter, vectorStoreUpsertNoMetadata, visitBinary, visitCalls, vulnerableDependencies, weakHashing, weakPasswordRequirements, weakRSAKeySize, webhookSignatureVerification, xssVulnerability, xxeVulnerability };
|
package/dist/index.d.ts
CHANGED
|
@@ -51,6 +51,22 @@ interface CustomRule {
|
|
|
51
51
|
*/
|
|
52
52
|
declare function getSnippet(content: string, line: number, contextLines?: number): string;
|
|
53
53
|
|
|
54
|
+
/**
|
|
55
|
+
* Real-world consequence descriptions for VC### rules.
|
|
56
|
+
*
|
|
57
|
+
* Surfaced in the scan results UI ("Impact:" line) and in the AI summary
|
|
58
|
+
* email so users understand *why* a finding matters, not just what it is.
|
|
59
|
+
*
|
|
60
|
+
* Lives in shared-rules so the CLI, the web API, the standalone API, and any
|
|
61
|
+
* future surface read the same copy. Previously this map was duplicated
|
|
62
|
+
* inline inside both API entrypoints — the kind of place the
|
|
63
|
+
* `totalRules: 158` drift bug came from.
|
|
64
|
+
*
|
|
65
|
+
* Adding a rule? Add its impact string here so it shows up everywhere at
|
|
66
|
+
* once. If a rule has no entry, the UI falls back to the rule description.
|
|
67
|
+
*/
|
|
68
|
+
declare const RULE_IMPACTS: Record<string, string>;
|
|
69
|
+
|
|
54
70
|
declare const hardcodedSecrets: CustomRule;
|
|
55
71
|
declare const exposedEnvFile: CustomRule;
|
|
56
72
|
declare const missingAuthMiddleware: CustomRule;
|
|
@@ -212,6 +228,54 @@ declare const hardcodedVercelToken: CustomRule;
|
|
|
212
228
|
declare const hardcodedSupabaseServiceRole: CustomRule;
|
|
213
229
|
declare const hardcodedVaultToken: CustomRule;
|
|
214
230
|
declare const hardcodedPineconeKey: CustomRule;
|
|
231
|
+
declare const hardcodedCohereKey: CustomRule;
|
|
232
|
+
declare const hardcodedReplicateKey: CustomRule;
|
|
233
|
+
declare const hardcodedMistralKey: CustomRule;
|
|
234
|
+
declare const hardcodedTogetherKey: CustomRule;
|
|
235
|
+
declare const hardcodedGroqKey: CustomRule;
|
|
236
|
+
declare const hardcodedFireworksKey: CustomRule;
|
|
237
|
+
declare const hardcodedPostmarkKey: CustomRule;
|
|
238
|
+
declare const hardcodedResendKey: CustomRule;
|
|
239
|
+
declare const hardcodedLoopsKey: CustomRule;
|
|
240
|
+
declare const hardcodedCloudflareToken: CustomRule;
|
|
241
|
+
declare const hardcodedFastlyToken: CustomRule;
|
|
242
|
+
declare const hardcodedNetlifyToken: CustomRule;
|
|
243
|
+
declare const hardcodedRailwayToken: CustomRule;
|
|
244
|
+
declare const hardcodedFlyToken: CustomRule;
|
|
245
|
+
declare const hardcodedAlgoliaAdminKey: CustomRule;
|
|
246
|
+
declare const hardcodedQdrantKey: CustomRule;
|
|
247
|
+
declare const hardcodedWeaviateKey: CustomRule;
|
|
248
|
+
declare const hardcodedLinearKey: CustomRule;
|
|
249
|
+
declare const hardcodedNotionKey: CustomRule;
|
|
250
|
+
declare const hardcodedDiscordToken: CustomRule;
|
|
251
|
+
declare const hardcodedIntercomToken: CustomRule;
|
|
252
|
+
declare const hardcodedSentryAuthToken: CustomRule;
|
|
253
|
+
declare const hardcodedLogtailToken: CustomRule;
|
|
254
|
+
declare const hardcodedHighlightKey: CustomRule;
|
|
255
|
+
declare const hardcodedPlivoToken: CustomRule;
|
|
256
|
+
declare const ghaPullRequestTargetCheckout: CustomRule;
|
|
257
|
+
declare const ghaPermissionsWriteAll: CustomRule;
|
|
258
|
+
declare const ghaExpressionInjection: CustomRule;
|
|
259
|
+
declare const ghaThirdPartyActionWithSecrets: CustomRule;
|
|
260
|
+
declare const dockerfileADDInsteadOfCOPY: CustomRule;
|
|
261
|
+
declare const dockerfileUnverifiedShellPipe: CustomRule;
|
|
262
|
+
declare const dockerfileMissingHealthcheck: CustomRule;
|
|
263
|
+
declare const pyRequestsVerifyFalse: CustomRule;
|
|
264
|
+
declare const pyJinja2AutoescapeOff: CustomRule;
|
|
265
|
+
declare const pyTempfileMktemp: CustomRule;
|
|
266
|
+
declare const pyDjangoMarkSafe: CustomRule;
|
|
267
|
+
declare const pyParamikoAutoAdd: CustomRule;
|
|
268
|
+
declare const pyDjangoAllowedHostsWildcard: CustomRule;
|
|
269
|
+
declare const pyJWTDecodeWeakConfig: CustomRule;
|
|
270
|
+
declare const llmPromptInjection: CustomRule;
|
|
271
|
+
declare const llmSystemPromptInjection: CustomRule;
|
|
272
|
+
declare const llmOutputAsHTML: CustomRule;
|
|
273
|
+
declare const vectorStoreQueryNoUserFilter: CustomRule;
|
|
274
|
+
declare const vectorStoreUpsertNoMetadata: CustomRule;
|
|
275
|
+
declare const llmCallNoMaxTokens: CustomRule;
|
|
276
|
+
declare const graphqlNoDepthLimit: CustomRule;
|
|
277
|
+
declare const graphqlNoComplexityLimit: CustomRule;
|
|
278
|
+
declare const graphqlCSRFDisabled: CustomRule;
|
|
215
279
|
declare const secretInURLParam: CustomRule;
|
|
216
280
|
declare const secretLoggedToConsole: CustomRule;
|
|
217
281
|
declare const secretInErrorResponse: CustomRule;
|
|
@@ -403,4 +467,4 @@ declare function getObjectProperty(node: ObjectExpression, key: string): {
|
|
|
403
467
|
/** Does this CallExpression spread an expression `matcher` returns true for? */
|
|
404
468
|
declare function callSpreads(call: CallExpression, matcher: (node: Node) => boolean): boolean;
|
|
405
469
|
|
|
406
|
-
export { type AIFilterResult, type Confidence, type CustomRule, type DetectedFramework, type FilteredFinding, type Finding, type GradeResult, type ParsedFile, type RuleMatch, type SecurityGrade, type Severity, type TaintMap, allCustomRules, allRules, androidDebuggable, blockingMainThread, buildTaintMap, calculateGrade, callSpreads, callbackHell, clickjacking, clientComponentSecret, clientSideAuth, commandInjection, complianceMap, consoleLogProduction, corsLocalhost, corsServerless, corsWildcard, dangerousInnerHTML, deprecatedTLS, detectFramework, disabledTLSVerification, djangoDebug, dockerCopySensitive, dockerLatestTag, dockerRunAsRoot, dockerTooManyPorts, ecbModeEncryption, electronNavigationUnrestricted, emptyCatchBlock, envNotGitignored, evalUsage, eventListenerLeak, exposedAdminRoutes, exposedAuthSecret, exposedDBCredentials, exposedDatabaseStudio, exposedDebugMode, exposedDockerPorts, exposedEnvFile, exposedGitDir, exposedServerActions, exposedSourceMaps, exposedStackTraces, filterFalsePositives, firebaseClientConfig, flaskSecretKey, freeRules, getObjectProperty, getSnippet, githubActionsInjection, graphqlIntrospection, hardcodedAnthropicKey, hardcodedDatadogKey, hardcodedEncryptionKey, hardcodedGCPServiceAccount, hardcodedGitHubPAT, hardcodedGitLabToken, hardcodedIPAllowlist, hardcodedJWTSecret, hardcodedMailgunKey, hardcodedOAuthSecret, hardcodedPineconeKey, hardcodedSecrets, hardcodedSendGridKey, hardcodedShopifyToken, hardcodedSlackToken, hardcodedSupabaseServiceRole, hardcodedTwilioKey, hardcodedVaultToken, hardcodedVercelToken, hostHeaderRedirect, httpRequestSmuggling, insecureCookies, insecureDeepLink, insecureDeserialization, insecureDirectObjectReference, insecureElectronWindow, insecureFileUpload, insecureGRPC, insecureHTTPMethods, insecurePasswordReset, insecureRandomness, insecureWebSocket, ipcPathTraversal, isCalleeNamed, isMethodCall, javaDeserialization, jwtAlgConfusion, k8sNoResourceLimits, k8sPrivileged, k8sSecretNotEncrypted, lambdaWithoutVPC, largeBundleImport, logInjection, magicNumbers, massAssignment, missingAIRateLimit, missingAuthMiddleware, missingAuthRateLimit, missingBruteForce, missingCSP, missingCSRF, missingCertPinning, missingCloudTrail, missingContentDisposition, missingDBEncryption, missingErrorBoundary, missingFileSizeLimits, missingHSTS, missingHTTPS, missingLockFile, missingOAuthState, missingPagination, missingRequestSizeLimit, missingRequestValidation, missingSRI, missingSecurityMeta, nPlusOneQuery, nextPublicSecret, noRateLimiting, nosqlInjection, openRedirectParams, overlyPermissiveIAM, parseFile, pathTraversal, pickleDeserialization, piiInLogs, prototypePollution, raceCondition, rdsPubliclyAccessible, reflectedCORSOrigin, regexDos, runCustomRules, s3BucketNoEncryption, scanEntropy, secretInBundleConfig, secretInCLIArgument, secretInErrorResponse, secretInHTMLAttribute, secretInURLParam, secretLoggedToConsole, secretsInCI, securityGroupAllInbound, sensitiveAsyncStorage, sensitiveLocalStorage, sensitiveURLParams, sessionFixation, sqlInjection, ssrfVulnerability, ssti, stripeWebhookUnprotected, supabaseAnonAdmin, supabaseNoRLS, syncFileOps, terraformStateExposed, timingAttack, todoLeftInCode, unencryptedPII, unpinnedGitHubAction, unprotectedAPIRoutes, unprotectedDownload, unsafeObjectAssign, unsanitizedFilenames, unsanitizedHTMLExport, unvalidatedAPIParams, unvalidatedEventData, unvalidatedRedirect, visitBinary, visitCalls, vulnerableDependencies, weakHashing, weakPasswordRequirements, weakRSAKeySize, webhookSignatureVerification, xssVulnerability, xxeVulnerability };
|
|
470
|
+
export { type AIFilterResult, type Confidence, type CustomRule, type DetectedFramework, type FilteredFinding, type Finding, type GradeResult, type ParsedFile, RULE_IMPACTS, type RuleMatch, type SecurityGrade, type Severity, type TaintMap, allCustomRules, allRules, androidDebuggable, blockingMainThread, buildTaintMap, calculateGrade, callSpreads, callbackHell, clickjacking, clientComponentSecret, clientSideAuth, commandInjection, complianceMap, consoleLogProduction, corsLocalhost, corsServerless, corsWildcard, dangerousInnerHTML, deprecatedTLS, detectFramework, disabledTLSVerification, djangoDebug, dockerCopySensitive, dockerLatestTag, dockerRunAsRoot, dockerTooManyPorts, dockerfileADDInsteadOfCOPY, dockerfileMissingHealthcheck, dockerfileUnverifiedShellPipe, ecbModeEncryption, electronNavigationUnrestricted, emptyCatchBlock, envNotGitignored, evalUsage, eventListenerLeak, exposedAdminRoutes, exposedAuthSecret, exposedDBCredentials, exposedDatabaseStudio, exposedDebugMode, exposedDockerPorts, exposedEnvFile, exposedGitDir, exposedServerActions, exposedSourceMaps, exposedStackTraces, filterFalsePositives, firebaseClientConfig, flaskSecretKey, freeRules, getObjectProperty, getSnippet, ghaExpressionInjection, ghaPermissionsWriteAll, ghaPullRequestTargetCheckout, ghaThirdPartyActionWithSecrets, githubActionsInjection, graphqlCSRFDisabled, graphqlIntrospection, graphqlNoComplexityLimit, graphqlNoDepthLimit, hardcodedAlgoliaAdminKey, hardcodedAnthropicKey, hardcodedCloudflareToken, hardcodedCohereKey, hardcodedDatadogKey, hardcodedDiscordToken, hardcodedEncryptionKey, hardcodedFastlyToken, hardcodedFireworksKey, hardcodedFlyToken, hardcodedGCPServiceAccount, hardcodedGitHubPAT, hardcodedGitLabToken, hardcodedGroqKey, hardcodedHighlightKey, hardcodedIPAllowlist, hardcodedIntercomToken, hardcodedJWTSecret, hardcodedLinearKey, hardcodedLogtailToken, hardcodedLoopsKey, hardcodedMailgunKey, hardcodedMistralKey, hardcodedNetlifyToken, hardcodedNotionKey, hardcodedOAuthSecret, hardcodedPineconeKey, hardcodedPlivoToken, hardcodedPostmarkKey, hardcodedQdrantKey, hardcodedRailwayToken, hardcodedReplicateKey, hardcodedResendKey, hardcodedSecrets, hardcodedSendGridKey, hardcodedSentryAuthToken, hardcodedShopifyToken, hardcodedSlackToken, hardcodedSupabaseServiceRole, hardcodedTogetherKey, hardcodedTwilioKey, hardcodedVaultToken, hardcodedVercelToken, hardcodedWeaviateKey, hostHeaderRedirect, httpRequestSmuggling, insecureCookies, insecureDeepLink, insecureDeserialization, insecureDirectObjectReference, insecureElectronWindow, insecureFileUpload, insecureGRPC, insecureHTTPMethods, insecurePasswordReset, insecureRandomness, insecureWebSocket, ipcPathTraversal, isCalleeNamed, isMethodCall, javaDeserialization, jwtAlgConfusion, k8sNoResourceLimits, k8sPrivileged, k8sSecretNotEncrypted, lambdaWithoutVPC, largeBundleImport, llmCallNoMaxTokens, llmOutputAsHTML, llmPromptInjection, llmSystemPromptInjection, logInjection, magicNumbers, massAssignment, missingAIRateLimit, missingAuthMiddleware, missingAuthRateLimit, missingBruteForce, missingCSP, missingCSRF, missingCertPinning, missingCloudTrail, missingContentDisposition, missingDBEncryption, missingErrorBoundary, missingFileSizeLimits, missingHSTS, missingHTTPS, missingLockFile, missingOAuthState, missingPagination, missingRequestSizeLimit, missingRequestValidation, missingSRI, missingSecurityMeta, nPlusOneQuery, nextPublicSecret, noRateLimiting, nosqlInjection, openRedirectParams, overlyPermissiveIAM, parseFile, pathTraversal, pickleDeserialization, piiInLogs, prototypePollution, pyDjangoAllowedHostsWildcard, pyDjangoMarkSafe, pyJWTDecodeWeakConfig, pyJinja2AutoescapeOff, pyParamikoAutoAdd, pyRequestsVerifyFalse, pyTempfileMktemp, raceCondition, rdsPubliclyAccessible, reflectedCORSOrigin, regexDos, runCustomRules, s3BucketNoEncryption, scanEntropy, secretInBundleConfig, secretInCLIArgument, secretInErrorResponse, secretInHTMLAttribute, secretInURLParam, secretLoggedToConsole, secretsInCI, securityGroupAllInbound, sensitiveAsyncStorage, sensitiveLocalStorage, sensitiveURLParams, sessionFixation, sqlInjection, ssrfVulnerability, ssti, stripeWebhookUnprotected, supabaseAnonAdmin, supabaseNoRLS, syncFileOps, terraformStateExposed, timingAttack, todoLeftInCode, unencryptedPII, unpinnedGitHubAction, unprotectedAPIRoutes, unprotectedDownload, unsafeObjectAssign, unsanitizedFilenames, unsanitizedHTMLExport, unvalidatedAPIParams, unvalidatedEventData, unvalidatedRedirect, vectorStoreQueryNoUserFilter, vectorStoreUpsertNoMetadata, visitBinary, visitCalls, vulnerableDependencies, weakHashing, weakPasswordRequirements, weakRSAKeySize, webhookSignatureVerification, xssVulnerability, xxeVulnerability };
|