agentsqripts/lib/security-vulns/vulnerabilityScanner.js

Comprehensive static code analysis toolkit for identifying technical debt, security vulnerabilities, performance issues, and code quality problems

/**
 * @file Vulnerability scanner
 * @description Main scanner for detecting security vulnerabilities in content
 */

const { COMMON_PATTERNS, getLanguageSpecificPatterns } = require('./patterns');
const { analyzeWithAST } = require('./astAnalyzer');
const { detectModernVulnerabilities } = require('./modernPatternDetector');
const { detectFrameworkSecurity } = require('./frameworkDetector');

/**
 * Scans content for security vulnerabilities
 * @param {string} content - File content
 * @param {string} language - Programming language
 * @param {string} filePath - File path for enhanced output
 * @returns {Object} Object containing vulnerabilities and framework findings
 */
function scanForVulnerabilities(content, language, filePath = '') {
  const vulnerabilities = [];
  const { matchPatterns } = require('./patternMatcher');
  
  // Traditional pattern-based scanning
  const languagePatterns = getLanguageSpecificPatterns(language);
  const allPatterns = [...COMMON_PATTERNS, ...languagePatterns];
  
  // Scan for each pattern
  allPatterns.forEach(pattern => {
    const matches = matchPatterns(content, pattern);
    vulnerabilities.push(...matches.map(m => ({ ...m, file: filePath })));
  });
  
  // AST-based analysis for JavaScript/TypeScript
  if (language === 'javascript' || language === 'typescript') {
    try {
      const astVulns = analyzeWithAST(content);
      vulnerabilities.push(...astVulns.map(v => ({
        name: v.type,
        severity: v.confidence === 'high' ? 'HIGH' : 'MEDIUM',
        category: 'Code Analysis',
        description: v.message,
        line: v.line,
        confidence: v.confidence,
        file: filePath,
        type: v.type
      })));
    } catch (error) {
      console.error('AST analysis error:', error.message);
    }
  }
  
  // Modern vulnerability detection
  try {
    const modernVulns = detectModernVulnerabilities(content);
    vulnerabilities.push(...modernVulns.map(v => ({ ...v, file: filePath })));
  } catch (error) {
    console.error('Modern pattern detection error:', error.message);
  }
  
  // Framework security analysis
  let frameworkFindings = {};
  try {
    frameworkFindings = detectFrameworkSecurity(content);
  } catch (error) {
    console.error('Framework detection error:', error.message);
  }
  
  return {
    vulnerabilities,
    frameworkFindings
  };
}

module.exports = {
  scanForVulnerabilities
};