xploitscan-shared-rules 1.6.0 → 1.6.1

package/dist/index.cjs

@@ -8046,7 +8046,21 @@ For each finding, respond ONLY with a JSON array. No other text.
 Each element: {"index": <number>, "verdict": "real" or "fp", "reason": "<1 sentence>"}`;
 var MAX_FINDINGS_PER_BATCH = 15;
 var MAX_CONTEXT_LINES = 10;
-var MAX_TOTAL_FINDINGS = 50;
+var DEFAULT_MAX_TOTAL_FINDINGS = 200;
+var MAX_TOTAL_FINDINGS = (() => {
+  const raw = process.env.XPLOITSCAN_AI_FILTER_MAX;
+  if (!raw) return DEFAULT_MAX_TOTAL_FINDINGS;
+  const n = parseInt(raw, 10);
+  if (!Number.isFinite(n) || n < 1) return DEFAULT_MAX_TOTAL_FINDINGS;
+  return Math.min(n, 1e3);
+})();
+var SEVERITY_PRIORITY = {
+  critical: 0,
+  high: 1,
+  medium: 2,
+  low: 3,
+  info: 4
+};
 function getExpandedContext(content, line, contextLines = MAX_CONTEXT_LINES) {
   const lines = content.split("\n");
   const start = Math.max(0, line - 1 - contextLines);
@@ -8094,8 +8108,13 @@ async function filterFalsePositives(findings, fileContents) {
   const empty = { findings, filteredFindings: [], aiReviewed: false, removedCount: 0, totalBefore: findings.length };
   if (!process.env.ANTHROPIC_API_KEY) return empty;
   if (findings.length === 0) return empty;
-  const toReview = findings.slice(0, MAX_TOTAL_FINDINGS);
-  const overflow = findings.slice(MAX_TOTAL_FINDINGS);
+  const prioritized = [...findings].sort((a, b) => {
+    const pa = SEVERITY_PRIORITY[(a.severity || "").toLowerCase()] ?? 5;
+    const pb = SEVERITY_PRIORITY[(b.severity || "").toLowerCase()] ?? 5;
+    return pa - pb;
+  });
+  const toReview = prioritized.slice(0, MAX_TOTAL_FINDINGS);
+  const overflow = prioritized.slice(MAX_TOTAL_FINDINGS);
   const totalBefore = findings.length;
   const byFile = /* @__PURE__ */ new Map();
   for (const f of toReview) {