@re-shell/cli
Version:
Full-stack development platform uniting microservices and microfrontends. Build complete applications with .NET (ASP.NET Core Web API, Minimal API), Java (Spring Boot, Quarkus, Micronaut, Vert.x), Rust (Actix-Web, Warp, Rocket, Axum), Python (FastAPI, Dja
368 lines (367 loc) ā¢ 18.6 kB
JavaScript
;
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.scanPluginSecurity = scanPluginSecurity;
exports.checkSecurityPolicy = checkSecurityPolicy;
exports.generateSecurityReport = generateSecurityReport;
exports.fixSecurityIssues = fixSecurityIssues;
const chalk_1 = __importDefault(require("chalk"));
const spinner_1 = require("../utils/spinner");
const error_handler_1 = require("../utils/error-handler");
const plugin_security_1 = require("../utils/plugin-security");
const plugin_system_1 = require("../utils/plugin-system");
// Scan plugin security
async function scanPluginSecurity(pluginName, options = {}) {
const { verbose = false, json = false, includeWarnings = false, severity } = options;
try {
const registry = (0, plugin_system_1.createPluginRegistry)();
await registry.initialize();
const securityValidator = (0, plugin_security_1.createSecurityValidator)((0, plugin_security_1.getDefaultSecurityPolicy)());
let pluginsToScan = registry.getPlugins();
if (pluginName) {
const plugin = registry.getPlugin(pluginName);
if (!plugin) {
throw new error_handler_1.ValidationError(`Plugin '${pluginName}' not found`);
}
pluginsToScan = [plugin];
}
const spinner = (0, spinner_1.createSpinner)(`Scanning ${pluginsToScan.length} plugin(s) for security issues...`);
spinner.start();
const results = [];
for (const plugin of pluginsToScan) {
try {
const result = await securityValidator.scanPlugin(plugin);
// Filter by severity if specified
if (severity) {
result.violations = result.violations.filter(v => v.severity === severity);
}
results.push(result);
}
catch (error) {
console.error(chalk_1.default.red(`Failed to scan ${plugin.manifest.name}: ${error instanceof Error ? error.message : String(error)}`));
}
}
spinner.stop();
if (json) {
console.log(JSON.stringify(results, null, 2));
return;
}
console.log(chalk_1.default.cyan(`\nš Plugin Security Scan Results\n`));
if (results.length === 0) {
console.log(chalk_1.default.yellow('No plugins scanned.'));
return;
}
// Summary statistics
const totalViolations = results.reduce((sum, r) => sum + r.violations.length, 0);
const criticalCount = results.reduce((sum, r) => sum + r.violations.filter(v => v.severity === 'critical').length, 0);
const highCount = results.reduce((sum, r) => sum + r.violations.filter(v => v.severity === 'high').length, 0);
const approvedCount = results.filter(r => r.approved).length;
console.log(chalk_1.default.yellow('Summary:'));
console.log(` Total Plugins: ${results.length}`);
console.log(` Approved: ${chalk_1.default.green(approvedCount)}`);
console.log(` Blocked: ${chalk_1.default.red(results.length - approvedCount)}`);
console.log(` Total Violations: ${totalViolations}`);
if (criticalCount > 0)
console.log(` Critical: ${chalk_1.default.red(criticalCount)}`);
if (highCount > 0)
console.log(` High: ${chalk_1.default.yellow(highCount)}`);
console.log('');
// Display results for each plugin
results.forEach(result => {
displaySecurityResult(result, verbose, includeWarnings);
console.log('');
});
}
catch (error) {
throw new error_handler_1.ValidationError(`Security scan failed: ${error instanceof Error ? error.message : String(error)}`);
}
}
// Check security policy compliance
async function checkSecurityPolicy(options = {}) {
const { verbose = false, json = false, policy } = options;
try {
let securityPolicy = (0, plugin_security_1.getDefaultSecurityPolicy)();
if (policy) {
// Load custom policy from file
const fs = require('fs-extra');
const customPolicy = await fs.readJSON(policy);
securityPolicy = { ...securityPolicy, ...customPolicy };
}
const registry = (0, plugin_system_1.createPluginRegistry)();
await registry.initialize();
const plugins = registry.getPlugins();
const securityValidator = (0, plugin_security_1.createSecurityValidator)(securityPolicy);
const spinner = (0, spinner_1.createSpinner)('Checking security policy compliance...');
spinner.start();
const complianceResults = [];
for (const plugin of plugins) {
const result = await securityValidator.scanPlugin(plugin);
complianceResults.push({
plugin: plugin.manifest.name,
compliant: result.approved,
violations: result.violations,
securityLevel: result.securityLevel
});
}
spinner.stop();
if (json) {
console.log(JSON.stringify({ policy: securityPolicy, results: complianceResults }, null, 2));
return;
}
console.log(chalk_1.default.cyan('\nš”ļø Security Policy Compliance Check\n'));
const compliantCount = complianceResults.filter(r => r.compliant).length;
const nonCompliantCount = complianceResults.length - compliantCount;
console.log(chalk_1.default.yellow('Policy Compliance:'));
console.log(` Compliant: ${chalk_1.default.green(compliantCount)}/${complianceResults.length}`);
console.log(` Non-Compliant: ${chalk_1.default.red(nonCompliantCount)}/${complianceResults.length}`);
if (verbose) {
console.log(chalk_1.default.yellow('\nSecurity Policy:'));
console.log(` Network Access: ${securityPolicy.allowNetworkAccess ? chalk_1.default.green('Allowed') : chalk_1.default.red('Blocked')}`);
console.log(` Filesystem Access: ${securityPolicy.allowFileSystemAccess ? chalk_1.default.green('Allowed') : chalk_1.default.red('Blocked')}`);
console.log(` Process Execution: ${securityPolicy.allowProcessExecution ? chalk_1.default.green('Allowed') : chalk_1.default.red('Blocked')}`);
console.log(` Memory Limit: ${Math.round(securityPolicy.maxMemoryUsage / 1024 / 1024)}MB`);
console.log(` Execution Timeout: ${securityPolicy.maxExecutionTime}ms`);
}
if (nonCompliantCount > 0) {
console.log(chalk_1.default.red('\nNon-Compliant Plugins:'));
complianceResults
.filter(r => !r.compliant)
.forEach(result => {
console.log(` ${chalk_1.default.red('ā')} ${chalk_1.default.white(result.plugin)} (${result.securityLevel})`);
if (verbose) {
result.violations.forEach(violation => {
const severityColor = violation.severity === 'critical' ? chalk_1.default.red :
violation.severity === 'high' ? chalk_1.default.yellow :
chalk_1.default.gray;
console.log(` ${severityColor(violation.severity)}: ${violation.description}`);
});
}
});
}
}
catch (error) {
throw new error_handler_1.ValidationError(`Policy compliance check failed: ${error instanceof Error ? error.message : String(error)}`);
}
}
// Generate security report
async function generateSecurityReport(options = {}) {
const { verbose = false, json = false } = options;
try {
const registry = (0, plugin_system_1.createPluginRegistry)();
await registry.initialize();
const plugins = registry.getPlugins();
const securityValidator = (0, plugin_security_1.createSecurityValidator)();
const spinner = (0, spinner_1.createSpinner)('Generating security report...');
spinner.start();
const scanResults = [];
for (const plugin of plugins) {
const result = await securityValidator.scanPlugin(plugin);
scanResults.push(result);
}
const stats = securityValidator.getSecurityStats();
spinner.stop();
if (json) {
console.log(JSON.stringify({
summary: stats,
results: scanResults,
timestamp: new Date().toISOString()
}, null, 2));
return;
}
console.log(chalk_1.default.cyan('\nš Plugin Security Report\n'));
// Overall statistics
console.log(chalk_1.default.yellow('Security Overview:'));
console.log(` Total Plugins Scanned: ${stats.totalScans}`);
console.log(` Trusted Keys: ${stats.trustedKeys}`);
console.log(` Reputation Data: ${stats.reputationData}`);
console.log(chalk_1.default.yellow('\nSecurity Levels:'));
Object.entries(stats.securityLevels).forEach(([level, count]) => {
const color = level === 'trusted' ? chalk_1.default.green :
level === 'verified' ? chalk_1.default.blue :
level === 'sandboxed' ? chalk_1.default.yellow :
level === 'restricted' ? chalk_1.default.magenta :
chalk_1.default.red;
console.log(` ${color(level)}: ${count}`);
});
if (Object.keys(stats.violationTypes).length > 0) {
console.log(chalk_1.default.yellow('\nViolation Types:'));
Object.entries(stats.violationTypes).forEach(([type, count]) => {
console.log(` ${type}: ${count}`);
});
}
if (verbose) {
console.log(chalk_1.default.yellow('\nDetailed Results:'));
scanResults.forEach(result => {
displaySecurityResult(result, true, true);
console.log('');
});
}
// Recommendations
const blockedPlugins = scanResults.filter(r => r.securityLevel === plugin_security_1.SecurityLevel.BLOCKED);
const restrictedPlugins = scanResults.filter(r => r.securityLevel === plugin_security_1.SecurityLevel.RESTRICTED);
if (blockedPlugins.length > 0 || restrictedPlugins.length > 0) {
console.log(chalk_1.default.yellow('\nš” Recommendations:'));
if (blockedPlugins.length > 0) {
console.log(chalk_1.default.red(` ā¢ Review and potentially remove ${blockedPlugins.length} blocked plugin(s)`));
}
if (restrictedPlugins.length > 0) {
console.log(chalk_1.default.yellow(` ā¢ Consider sandboxing ${restrictedPlugins.length} restricted plugin(s)`));
}
console.log(chalk_1.default.gray(' ā¢ Regularly update plugins to latest versions'));
console.log(chalk_1.default.gray(' ā¢ Enable plugin signatures for enhanced security'));
}
}
catch (error) {
throw new error_handler_1.ValidationError(`Security report generation failed: ${error instanceof Error ? error.message : String(error)}`);
}
}
// Fix security issues
async function fixSecurityIssues(pluginName, options = {}) {
const { verbose = false, fix = false } = options;
try {
const registry = (0, plugin_system_1.createPluginRegistry)();
await registry.initialize();
let pluginsToFix = registry.getPlugins();
if (pluginName) {
const plugin = registry.getPlugin(pluginName);
if (!plugin) {
throw new error_handler_1.ValidationError(`Plugin '${pluginName}' not found`);
}
pluginsToFix = [plugin];
}
const securityValidator = (0, plugin_security_1.createSecurityValidator)();
const spinner = (0, spinner_1.createSpinner)(`Analyzing security issues for ${pluginsToFix.length} plugin(s)...`);
spinner.start();
const fixableIssues = [];
for (const plugin of pluginsToFix) {
const result = await securityValidator.scanPlugin(plugin);
result.violations.forEach(violation => {
const autoFix = getAutoFix(violation);
if (autoFix) {
fixableIssues.push({
plugin: plugin.manifest.name,
issue: violation.description,
fix: autoFix,
autoFixable: true
});
}
else {
fixableIssues.push({
plugin: plugin.manifest.name,
issue: violation.description,
fix: violation.recommendation,
autoFixable: false
});
}
});
}
spinner.stop();
console.log(chalk_1.default.cyan('\nš§ Security Issue Analysis\n'));
if (fixableIssues.length === 0) {
console.log(chalk_1.default.green('No security issues found that can be automatically fixed.'));
return;
}
const autoFixableCount = fixableIssues.filter(i => i.autoFixable).length;
console.log(chalk_1.default.yellow('Summary:'));
console.log(` Total Issues: ${fixableIssues.length}`);
console.log(` Auto-fixable: ${chalk_1.default.green(autoFixableCount)}`);
console.log(` Manual fixes required: ${chalk_1.default.yellow(fixableIssues.length - autoFixableCount)}`);
console.log(chalk_1.default.yellow('\nIssues Found:'));
fixableIssues.forEach((issue, index) => {
const fixType = issue.autoFixable ? chalk_1.default.green('AUTO') : chalk_1.default.yellow('MANUAL');
console.log(`${index + 1}. [${fixType}] ${chalk_1.default.white(issue.plugin)}: ${issue.issue}`);
console.log(` Fix: ${chalk_1.default.gray(issue.fix)}`);
console.log('');
});
if (fix && autoFixableCount > 0) {
console.log(chalk_1.default.blue('Applying automatic fixes...'));
// Apply auto-fixes (simplified implementation)
for (const issue of fixableIssues.filter(i => i.autoFixable)) {
try {
await applyAutoFix(issue);
console.log(chalk_1.default.green(`ā Fixed: ${issue.plugin} - ${issue.issue}`));
}
catch (error) {
console.log(chalk_1.default.red(`ā Failed to fix: ${issue.plugin} - ${error instanceof Error ? error.message : String(error)}`));
}
}
}
else if (autoFixableCount > 0) {
console.log(chalk_1.default.blue(`\nTo apply automatic fixes, run with --fix flag`));
}
}
catch (error) {
throw new error_handler_1.ValidationError(`Security fix analysis failed: ${error instanceof Error ? error.message : String(error)}`);
}
}
// Display security scan result
function displaySecurityResult(result, verbose, includeWarnings) {
const levelColor = result.securityLevel === plugin_security_1.SecurityLevel.TRUSTED ? chalk_1.default.green :
result.securityLevel === plugin_security_1.SecurityLevel.VERIFIED ? chalk_1.default.blue :
result.securityLevel === plugin_security_1.SecurityLevel.SANDBOXED ? chalk_1.default.yellow :
result.securityLevel === plugin_security_1.SecurityLevel.RESTRICTED ? chalk_1.default.magenta :
chalk_1.default.red;
const statusIcon = result.approved ? chalk_1.default.green('ā') : chalk_1.default.red('ā');
console.log(`${statusIcon} ${chalk_1.default.white(result.plugin)} - ${levelColor(result.securityLevel)}`);
if (result.violations.length > 0) {
console.log(chalk_1.default.red(` Violations: ${result.violations.length}`));
if (verbose) {
result.violations.forEach(violation => {
const severityColor = violation.severity === 'critical' ? chalk_1.default.red :
violation.severity === 'high' ? chalk_1.default.yellow :
violation.severity === 'medium' ? chalk_1.default.blue :
chalk_1.default.gray;
console.log(` ${severityColor(violation.severity)}: ${violation.description}`);
if (violation.blocked) {
console.log(` ${chalk_1.default.red('BLOCKED')} - ${violation.recommendation}`);
}
});
}
}
if (result.permissions.length > 0 && verbose) {
console.log(` Permissions: ${result.permissions.length}`);
result.permissions.forEach(permission => {
console.log(` ${permission.type}:${permission.access} - ${permission.description}`);
});
}
if (result.signature && verbose) {
const signStatus = result.signature.verified ? chalk_1.default.green('verified') : chalk_1.default.red('unverified');
console.log(` Signature: ${signStatus} (${result.signature.algorithm})`);
}
if (result.reputation && verbose) {
console.log(` Reputation: ${result.reputation.rating}/5.0 (${result.reputation.downloads} downloads)`);
}
if (result.sandboxRequired) {
console.log(` ${chalk_1.default.yellow('Sandbox required')}`);
}
if (includeWarnings && result.warnings.length > 0) {
console.log(` Warnings:`);
result.warnings.forEach(warning => {
console.log(` ${chalk_1.default.yellow('ā ')} ${warning}`);
});
}
}
// Get automatic fix for a violation
function getAutoFix(violation) {
switch (violation.type) {
case 'permission':
if (violation.description.includes('excessive permissions')) {
return 'Remove unnecessary permissions from plugin manifest';
}
break;
case 'signature':
if (violation.description.includes('not found')) {
return 'Generate and add plugin signature';
}
break;
}
return null;
}
// Apply automatic fix
async function applyAutoFix(issue) {
// Simplified implementation - in reality would make actual changes
await new Promise(resolve => setTimeout(resolve, 100));
// TODO: Implement actual auto-fix logic based on issue type
}