agentsqripts
Version:
Comprehensive static code analysis toolkit for identifying technical debt, security vulnerabilities, performance issues, and code quality problems
34 lines (28 loc) • 1.66 kB
JavaScript
/**
* @file File collection utilities for security analysis
* @description Handles file discovery and filtering for security vulnerability scanning
* This module provides efficient file system traversal for security analysis, implementing
* configurable filtering to focus scanning on relevant source files while avoiding
* performance bottlenecks from scanning unnecessary directories like node_modules.
*/
const { getAllFiles } = require('../utils/directoryScanner');
/**
* Collect files for security analysis with smart filtering
* @param {string} projectPath - Root path to scan for security vulnerabilities
* @param {Object} options - Scanning configuration options
* @param {Array<string>} options.extensions - File extensions to include (defaults to common source file types)
* @param {Array<string>} options.excludePatterns - Directory patterns to skip for performance
* @returns {Array<string>} Array of absolute file paths that should be analyzed for security issues
*
* Rationale: Uses shared directory scanner for consistent file collection across all analysis tools.
*/
async function collectFiles(projectPath, options = {}) {
// Default to common source file extensions that typically contain security vulnerabilities
const extensions = options.extensions || ['.js', '.ts', '.jsx', '.tsx', '.py', '.java', '.php'];
// Exclude common build/dependency directories that rarely contain user code with vulnerabilities
const excludePatterns = options.excludePatterns || ['node_modules', '.git', 'dist', 'build'];
return await getAllFiles(projectPath, extensions, excludePatterns);
}
module.exports = {
collectFiles
};