vibescan-cli 0.1.0__py3-none-any.whl

vibescan/__init__.py

@@ -0,0 +1,3 @@
+"""VibeScan - Vibe-coded project security scanner."""
+
+__version__ = "0.1.0"

vibescan/__main__.py

@@ -0,0 +1,5 @@
+"""Allow running with `python -m vibescan`."""
+
+from vibescan.cli import app
+
+app()

vibescan/cli.py

@@ -0,0 +1,85 @@
+"""CLI entry point using typer."""
+
+from __future__ import annotations
+
+from pathlib import Path
+
+import typer
+
+from vibescan import __version__
+
+app = typer.Typer(
+    name="vibescan",
+    help="Scan your project for leaked secrets and security issues.",
+    add_completion=False,
+)
+
+
+def _version_callback(value: bool) -> None:
+    if value:
+        typer.echo(f"vibescan {__version__}")
+        raise typer.Exit()
+
+
+@app.command()
+def scan(
+    path: Path = typer.Argument(
+        ".",
+        help="Project directory to scan.",
+        exists=True,
+        file_okay=False,
+        resolve_path=True,
+    ),
+    min_severity: str = typer.Option(
+        "info",
+        "--min-severity", "-s",
+        help="Minimum severity to report: critical, high, medium, low, info.",
+    ),
+    version: bool = typer.Option(
+        False,
+        "--version", "-v",
+        help="Show version and exit.",
+        callback=_version_callback,
+        is_eager=True,
+    ),
+) -> None:
+    """Scan a project directory for security issues."""
+    from vibescan.collector import collect
+    from vibescan.models import ScanResult, Severity
+    from vibescan.reporters.console import print_report
+    from vibescan.rules import get_all_rules
+
+    # Validate min_severity
+    try:
+        threshold = Severity(min_severity.lower())
+    except ValueError:
+        typer.echo(f"Error: Invalid severity '{min_severity}'. "
+                   f"Choose from: critical, high, medium, low, info.")
+        raise typer.Exit(code=2)
+
+    # Collect project context
+    ctx = collect(path)
+
+    # Run rules
+    all_issues = []
+    for rule in get_all_rules():
+        all_issues.extend(rule.run(ctx))
+
+    # Filter by severity
+    filtered = [i for i in all_issues if i.severity >= threshold]
+
+    # Sort: critical first
+    filtered.sort(key=lambda i: -i.severity.rank)
+
+    # Build result
+    result = ScanResult(
+        issues=filtered,
+        project_root=str(ctx.project_root),
+        files_scanned=len(ctx.text_files),
+        files_skipped=len(ctx.skipped_files),
+    )
+
+    # Report
+    print_report(result)
+
+    raise typer.Exit(code=result.exit_code)

vibescan/collector/__init__.py

@@ -0,0 +1,4 @@
+from vibescan.collector.context import ProjectContext
+from vibescan.collector.file_collector import collect
+
+__all__ = ["ProjectContext", "collect"]

vibescan/collector/context.py

@@ -0,0 +1,19 @@
+from __future__ import annotations
+
+from dataclasses import dataclass, field
+from pathlib import Path
+
+
+@dataclass
+class TextFile:
+    path: str
+    content: str
+
+
+@dataclass
+class ProjectContext:
+    project_root: Path
+    text_files: list[TextFile] = field(default_factory=list)
+    all_files: list[str] = field(default_factory=list)
+    gitignore_patterns: list[str] = field(default_factory=list)
+    skipped_files: list[str] = field(default_factory=list)

vibescan/collector/file_collector.py

@@ -0,0 +1,90 @@
+"""File Collector - collects text files, all file paths, and .gitignore patterns."""
+
+from __future__ import annotations
+
+from pathlib import Path
+
+from vibescan.collector.context import ProjectContext, TextFile
+from vibescan.collector.gitignore_parser import parse_gitignore_files
+
+EXCLUDED_DIRS: set[str] = {
+    "node_modules", ".git", ".venv", "venv",
+    "build", "dist", "coverage", "__pycache__",
+    ".next", ".nuxt", ".output",
+    "vendor", "target", ".gradle",
+    ".tox", "eggs", ".mypy_cache", ".pytest_cache",
+}
+
+TEXT_EXTENSIONS: set[str] = {
+    ".py", ".js", ".ts", ".jsx", ".tsx", ".mjs", ".cjs",
+    ".java", ".go", ".rs", ".rb", ".php", ".c", ".cpp", ".h",
+    ".cs", ".swift", ".kt", ".kts", ".scala",
+    ".html", ".htm", ".css", ".scss", ".less",
+    ".json", ".yaml", ".yml", ".toml", ".ini", ".cfg", ".conf",
+    ".xml", ".csv", ".sql", ".sh", ".bash", ".zsh",
+    ".md", ".txt", ".rst", ".env", ".properties",
+    ".gradle", ".sbt", ".pom",
+    ".tf", ".hcl", ".vue", ".svelte",
+}
+
+TEXT_FILENAMES: set[str] = {
+    "Dockerfile", "Makefile", "Jenkinsfile", "Procfile",
+    "Caddyfile", "Gemfile", "Rakefile", "Fastfile",
+    ".gitignore", ".dockerignore", ".editorconfig",
+    ".htaccess", ".npmrc", ".pypirc", ".netrc",
+    ".pgpass", ".my.cnf", ".boto",
+}
+
+MAX_FILE_SIZE: int = 5 * 1024 * 1024  # 5MB
+
+
+def _is_text_file(path: Path) -> bool:
+    return path.suffix.lower() in TEXT_EXTENSIONS or path.name in TEXT_FILENAMES
+
+
+def _should_skip_dir(name: str) -> bool:
+    return name in EXCLUDED_DIRS or name.endswith(".egg-info")
+
+
+def collect(root: Path) -> ProjectContext:
+    root = root.resolve()
+    ctx = ProjectContext(project_root=root)
+
+    for item in _walk(root):
+        rel = str(item.relative_to(root))
+        ctx.all_files.append(rel)
+
+        if not _is_text_file(item):
+            continue
+
+        if item.stat().st_size > MAX_FILE_SIZE:
+            ctx.skipped_files.append(rel)
+            continue
+
+        try:
+            content = item.read_text(encoding="utf-8")
+        except (UnicodeDecodeError, PermissionError, OSError):
+            ctx.skipped_files.append(rel)
+            continue
+
+        ctx.text_files.append(TextFile(path=rel, content=content))
+
+    ctx.gitignore_patterns = parse_gitignore_files(root)
+    return ctx
+
+
+def _walk(root: Path):
+    """Recursively yield files, skipping excluded dirs and symlinks."""
+    try:
+        entries = sorted(root.iterdir())
+    except PermissionError:
+        return
+
+    for entry in entries:
+        if entry.is_symlink():
+            continue
+        if entry.is_dir():
+            if not _should_skip_dir(entry.name):
+                yield from _walk(entry)
+        elif entry.is_file():
+            yield entry

vibescan/collector/gitignore_parser.py

@@ -0,0 +1,24 @@
+"""Parse .gitignore files and extract patterns."""
+
+from __future__ import annotations
+
+from pathlib import Path
+
+
+def parse_gitignore_files(root: Path) -> list[str]:
+    patterns: list[str] = []
+
+    for gitignore in root.rglob(".gitignore"):
+        if gitignore.is_symlink():
+            continue
+        try:
+            text = gitignore.read_text(encoding="utf-8")
+        except (UnicodeDecodeError, PermissionError, OSError):
+            continue
+
+        for line in text.splitlines():
+            stripped = line.strip()
+            if stripped and not stripped.startswith("#"):
+                patterns.append(stripped)
+
+    return patterns

vibescan/models/__init__.py

@@ -0,0 +1,4 @@
+from vibescan.models.issue import Issue, Severity
+from vibescan.models.scan_result import ScanResult
+
+__all__ = ["Issue", "Severity", "ScanResult"]

vibescan/models/issue.py

@@ -0,0 +1,45 @@
+from __future__ import annotations
+
+from dataclasses import dataclass
+from enum import Enum
+
+
+class Severity(str, Enum):
+    CRITICAL = "critical"
+    HIGH = "high"
+    MEDIUM = "medium"
+    LOW = "low"
+    INFO = "info"
+
+    @property
+    def rank(self) -> int:
+        return {
+            Severity.CRITICAL: 4,
+            Severity.HIGH: 3,
+            Severity.MEDIUM: 2,
+            Severity.LOW: 1,
+            Severity.INFO: 0,
+        }[self]
+
+    def __ge__(self, other: Severity) -> bool:
+        return self.rank >= other.rank
+
+    def __gt__(self, other: Severity) -> bool:
+        return self.rank > other.rank
+
+    def __le__(self, other: Severity) -> bool:
+        return self.rank <= other.rank
+
+    def __lt__(self, other: Severity) -> bool:
+        return self.rank < other.rank
+
+
+@dataclass
+class Issue:
+    rule_id: str
+    severity: Severity
+    file: str
+    line: int | None
+    message: str
+    why: str
+    fix: str

vibescan/models/scan_result.py

@@ -0,0 +1,27 @@
+from __future__ import annotations
+
+from dataclasses import dataclass, field
+
+from vibescan.models.issue import Issue, Severity
+
+
+@dataclass
+class ScanResult:
+    issues: list[Issue] = field(default_factory=list)
+    project_root: str = ""
+    files_scanned: int = 0
+    files_skipped: int = 0
+
+    @property
+    def summary(self) -> dict[str, int]:
+        counts: dict[str, int] = {}
+        for sev in Severity:
+            counts[sev.value] = sum(1 for i in self.issues if i.severity == sev)
+        return counts
+
+    @property
+    def exit_code(self) -> int:
+        for issue in self.issues:
+            if issue.severity in (Severity.CRITICAL, Severity.HIGH):
+                return 1
+        return 0

vibescan/reporters/console.py

@@ -0,0 +1,89 @@
+"""Console Reporter - rich-based colored terminal output."""
+
+from __future__ import annotations
+
+from rich.console import Console
+from rich.panel import Panel
+from rich.table import Table
+from rich.text import Text
+
+from vibescan.models.issue import Severity
+from vibescan.models.scan_result import ScanResult
+
+SEVERITY_COLORS: dict[Severity, str] = {
+    Severity.CRITICAL: "bold red",
+    Severity.HIGH: "red",
+    Severity.MEDIUM: "yellow",
+    Severity.LOW: "cyan",
+    Severity.INFO: "dim",
+}
+
+SEVERITY_ICONS: dict[Severity, str] = {
+    Severity.CRITICAL: "[!]",
+    Severity.HIGH: "[H]",
+    Severity.MEDIUM: "[M]",
+    Severity.LOW: "[L]",
+    Severity.INFO: "[i]",
+}
+
+
+def print_report(result: ScanResult, console: Console | None = None) -> None:
+    console = console or Console()
+
+    # Header
+    console.print()
+    console.print(
+        Panel(
+            f"[bold]VibeScan[/bold] scanned [cyan]{result.files_scanned}[/cyan] files "
+            f"in [cyan]{result.project_root}[/cyan]",
+            title="Scan Complete",
+            border_style="blue",
+        )
+    )
+
+    if not result.issues:
+        console.print("\n[bold green]No issues found. Your project looks clean![/bold green]\n")
+        return
+
+    # Summary table
+    summary = result.summary
+    summary_table = Table(title="Summary", show_header=False, box=None, padding=(0, 2))
+    summary_table.add_column("Severity", style="bold")
+    summary_table.add_column("Count", justify="right")
+    for sev in Severity:
+        count = summary[sev.value]
+        if count > 0:
+            style = SEVERITY_COLORS[sev]
+            summary_table.add_row(
+                Text(sev.value.upper(), style=style),
+                Text(str(count), style=style),
+            )
+    console.print(summary_table)
+    console.print()
+
+    # Issues grouped by file
+    issues_by_file: dict[str, list] = {}
+    for issue in result.issues:
+        issues_by_file.setdefault(issue.file, []).append(issue)
+
+    for file_path, issues in sorted(issues_by_file.items()):
+        console.print(f"[bold underline]{file_path}[/bold underline]")
+        for issue in issues:
+            sev = issue.severity
+            icon = SEVERITY_ICONS[sev]
+            color = SEVERITY_COLORS[sev]
+            loc = f":{issue.line}" if issue.line else ""
+
+            console.print(f"  [{color}]{icon}[/{color}] {issue.message}")
+            if issue.line:
+                console.print(f"      Line {issue.line}")
+            console.print(f"      [dim]Why:[/dim] {issue.why}")
+            console.print(f"      [dim]Fix:[/dim] {issue.fix}")
+            console.print()
+
+    # Exit code hint
+    if result.exit_code != 0:
+        console.print("[bold red]Exit code 1: CRITICAL or HIGH issues found.[/bold red]")
+    else:
+        console.print("[bold green]Exit code 0: No critical issues.[/bold green]")
+    console.print()

vibescan/rules/__init__.py

@@ -0,0 +1,4 @@
+from vibescan.rules.base import BaseRule
+from vibescan.rules.registry import get_all_rules
+
+__all__ = ["BaseRule", "get_all_rules"]

vibescan/rules/base.py

@@ -0,0 +1,14 @@
+"""Base class for all rules."""
+
+from __future__ import annotations
+
+from abc import ABC, abstractmethod
+
+from vibescan.collector.context import ProjectContext
+from vibescan.models.issue import Issue
+
+
+class BaseRule(ABC):
+    @abstractmethod
+    def run(self, ctx: ProjectContext) -> list[Issue]:
+        ...