UNPKG

@syntropysoft/praetorian

Version:

Praetorian CLI – A universal multi-environment configuration validator for DevSecOps teams. Validate, compare, and secure YAML/ENV files with ease.

github.com/syntropysoft/praetorian

syntropysoft/praetorian

194 lines 8.58 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.EqualityRule = void 0; class EqualityRule { constructor() { this.id = 'equality-rule'; this.name = 'equality'; this.description = 'Validates that configuration files have consistent keys across environments'; this.category = 'compliance'; this.severity = 'error'; this.enabled = true; this.config = {}; } async execute(files, context) { const startTime = Date.now(); const ignoreKeys = context?.ignoreKeys || []; const requiredKeys = context?.requiredKeys || []; if (files.length < 2) { return { success: true, errors: [], warnings: [{ code: 'INSUFFICIENT_FILES', message: 'Need at least 2 files to compare', severity: 'warning' }], metadata: { duration: Date.now() - startTime, rulesChecked: 1, rulesPassed: 1, rulesFailed: 0, filesCompared: files.length } }; } // Pasada 1: Recolectar todas las claves de todos los archivos (excluyendo ignoradas) const masterKeyDictionary = this.collectAllKeys(files, ignoreKeys); // Pasada 2: Comparar diferencias - qué le falta a cada archivo const missingKeysReport = this.compareDifferences(files, masterKeyDictionary, ignoreKeys); // Pasada 3: Validar claves requeridas const requiredKeysReport = this.validateRequiredKeys(files, requiredKeys); // Pasada 4: Detectar claves vacías (solo información, no afecta success) const emptyKeysReport = this.detectEmptyKeys(files, ignoreKeys); // Combinar todos los errores y warnings const allErrors = [...missingKeysReport.errors, ...requiredKeysReport.errors]; const allWarnings = [...missingKeysReport.warnings, ...requiredKeysReport.warnings]; // Las claves vacías NO afectan el success - solo son información const success = allErrors.length === 0; return { success, errors: allErrors, warnings: allWarnings, info: emptyKeysReport.emptyKeys, // Nueva sección para información metadata: { duration: Date.now() - startTime, rulesChecked: 1, rulesPassed: success ? 1 : 0, rulesFailed: success ? 0 : 1, filesCompared: files.length, totalKeys: masterKeyDictionary.size, ignoredKeys: ignoreKeys.length, requiredKeys: requiredKeys.length, emptyKeys: emptyKeysReport.emptyKeys.length // Metadata para estadísticas } }; } // Pasada 1: Recolectar todas las claves de todos los archivos (excluyendo ignoradas) collectAllKeys(files, ignoreKeys) { return new Set(files.flatMap(file => Array.from(this.extractAllKeys(file.content)) .filter(key => !this.isKeyIgnored(key, ignoreKeys)))); } // Pasada 2: Comparar diferencias - qué le falta a cada archivo compareDifferences(files, masterKeyDictionary, ignoreKeys) { const errors = files.flatMap(file => { const fileKeys = this.extractAllKeys(file.content); // Encontrar claves que faltan en este archivo (excluyendo ignoradas) const missingKeys = Array.from(masterKeyDictionary).filter(masterKey => !fileKeys.has(masterKey) && !this.isKeyIgnored(masterKey, ignoreKeys)); // Crear errores por cada clave faltante return missingKeys.map(missingKey => ({ code: 'MISSING_KEY', message: `Key '${missingKey}' is missing in ${file.path}`, severity: 'error', path: missingKey, context: { file: file.path, missingKey, availableKeys: Array.from(fileKeys) } })); }); return { errors, warnings: [] }; } extractAllKeys(obj, prefix = '') { const keys = new Set(); if (obj && typeof obj === 'object' && !Array.isArray(obj)) { for (const [key, value] of Object.entries(obj)) { const fullKey = prefix ? `${prefix}.${key}` : key; keys.add(fullKey); // Recursively extract nested keys if (value && typeof value === 'object' && !Array.isArray(value)) { const nestedKeys = this.extractAllKeys(value, fullKey); nestedKeys.forEach(nestedKey => keys.add(nestedKey)); } } } return keys; } // Verificar si una clave debe ser ignorada isKeyIgnored(key, ignoreKeys) { return ignoreKeys.some(ignoreKey => { // Soporte para patrones exactos y wildcards if (ignoreKey.includes('*')) { const pattern = ignoreKey.replace(/\*/g, '.*'); return new RegExp(`^${pattern}$`).test(key); } return key === ignoreKey || key.startsWith(ignoreKey + '.'); }); } // Validar claves requeridas validateRequiredKeys(files, requiredKeys) { const errors = requiredKeys.flatMap(requiredKey => files.flatMap(file => { const fileKeys = this.extractAllKeys(file.content); return !fileKeys.has(requiredKey) ? [{ code: 'REQUIRED_KEY_MISSING', message: `Required key '${requiredKey}' is missing in ${file.path}`, severity: 'error', path: requiredKey, context: { file: file.path, requiredKey, availableKeys: Array.from(fileKeys) } }] : []; })); return { errors, warnings: [] }; } // Detectar claves vacías (solo información, no afecta success) detectEmptyKeys(files, ignoreKeys) { const emptyKeys = []; files.forEach(file => { const emptyKeysInFile = this.findEmptyKeysInObject(file.content, '', file.path, ignoreKeys); emptyKeys.push(...emptyKeysInFile); }); return { emptyKeys }; } // Buscar claves vacías recursivamente en un objeto findEmptyKeysInObject(obj, prefix, filePath, ignoreKeys) { const emptyKeys = []; if (obj && typeof obj === 'object' && !Array.isArray(obj)) { for (const [key, value] of Object.entries(obj)) { const fullKey = prefix ? `${prefix}.${key}` : key; // Verificar si la clave debe ser ignorada if (this.isKeyIgnored(fullKey, ignoreKeys)) { continue; } // Verificar si el valor está vacío if (this.isEmptyValue(value)) { emptyKeys.push({ code: 'EMPTY_KEY', message: `Key '${fullKey}' has empty value in ${filePath}`, severity: 'info', path: fullKey, context: { file: filePath, key: fullKey, value: value, valueType: typeof value } }); } // Recursivamente buscar en objetos anidados if (value && typeof value === 'object' && !Array.isArray(value)) { const nestedEmptyKeys = this.findEmptyKeysInObject(value, fullKey, filePath, ignoreKeys); emptyKeys.push(...nestedEmptyKeys); } } } return emptyKeys; } // Verificar si un valor está vacío isEmptyValue(value) { if (value === null || value === undefined) return true; if (typeof value === 'string' && value.trim() === '') return true; if (Array.isArray(value) && value.length === 0) return true; if (typeof value === 'object' && !Array.isArray(value) && Object.keys(value).length === 0) return true; return false; } } exports.EqualityRule = EqualityRule; //# sourceMappingURL=EqualityRule.js.map