bugnitor-security-scanner
Version:
AI-Era Security Scanner: Intelligent automated security review agent specializing in AI-generated vulnerability patterns
205 lines ā¢ 10.9 kB
JavaScript
;
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.program = void 0;
const commander_1 = require("commander");
const path = __importStar(require("path"));
const chalk_1 = __importDefault(require("chalk"));
const scanner_1 = require("./scanner");
const reporter_1 = require("./reporter");
const program = new commander_1.Command();
exports.program = program;
program
.name('bugnitor')
.description('AI-era security scanner that detects vulnerabilities and exposed secrets in codebases')
.version('1.0.0');
program
.command('scan')
.description('Comprehensive security analysis of entire repository including code, dependencies, and CI/CD')
.argument('[path]', 'Path to scan (defaults to current directory)', '.')
.option('-e, --exclude <patterns...>', 'Exclude patterns (glob format)')
.option('-i, --include <patterns...>', 'Include patterns (glob format)')
.option('--secrets-only', 'Only scan for exposed secrets and credentials')
.option('--vulnerabilities-only', 'Only scan for code vulnerabilities')
.option('--ai-vulnerabilities', 'Focus on AI-assistant generated vulnerability patterns')
.option('--dependencies-only', 'Only scan dependencies for known vulnerabilities')
.option('--cicd-only', 'Only scan CI/CD configurations for security issues')
.option('--min-severity <level>', 'Minimum severity level (low, medium, high, critical)', 'low')
.option('-f, --format <format>', 'Output format (text, json, sarif)', 'text')
.option('-o, --output <file>', 'Output file path')
.option('--detailed', 'Show detailed file-by-file and folder-by-folder analysis')
.option('--show-grade', 'Display security grade and recommendations')
.option('--no-color', 'Disable colored output')
.action(async (targetPath, options) => {
try {
if (options.noColor) {
chalk_1.default.level = 0;
}
console.log(chalk_1.default.blue('š Starting Bugnitor Intelligent Security Review...'));
console.log(chalk_1.default.gray(`Target: ${path.resolve(targetPath)}`));
console.log(chalk_1.default.gray('Analyzing: Code, Dependencies, CI/CD, Configuration\n'));
const scanner = new scanner_1.SecurityScanner();
const reporter = new reporter_1.Reporter();
const scanOptions = {
path: path.resolve(targetPath),
excludePatterns: options.exclude,
includePatterns: options.include,
secretsOnly: options.secretsOnly || options.dependenciesOnly || options.cicdOnly ? false : options.secretsOnly,
vulnerabilitiesOnly: options.vulnerabilitiesOnly || options.dependenciesOnly || options.cicdOnly ? false : options.vulnerabilitiesOnly,
minSeverity: options.minSeverity,
outputFormat: options.format
};
const result = await scanner.scan(scanOptions);
if (options.output || options.format !== 'text') {
await reporter.saveReport(result, options.format, options.output);
}
if (options.format === 'text' && !options.output) {
console.log('\n' + reporter.generateTextReport(result));
}
// Determine exit code based on severity and grade
const exitCode = result.summary.critical > 0 ? 2 :
result.summary.high > 0 ? 1 :
result.securityGrade.overall === 'F' ? 1 : 0;
console.log('\n' + chalk_1.default.gray('ā'.repeat(80)));
console.log(chalk_1.default.bold('šÆ Security Assessment Complete'));
if (exitCode === 2) {
console.log(chalk_1.default.red.bold('šØ CRITICAL: Immediate action required! Critical vulnerabilities detected.'));
}
else if (exitCode === 1) {
console.log(chalk_1.default.yellow.bold('ā ļø HIGH PRIORITY: Security improvements needed.'));
}
else if (result.summary.medium > 0 || result.summary.low > 0) {
console.log(chalk_1.default.blue('š§ Some security issues found. Consider addressing them.'));
}
else {
console.log(chalk_1.default.green.bold('ā
Excellent! No critical security issues detected.'));
}
// Show grade summary
const gradeColor = result.securityGrade.overall === 'A' ? chalk_1.default.green :
result.securityGrade.overall === 'B' ? chalk_1.default.blue :
result.securityGrade.overall === 'C' ? chalk_1.default.yellow :
result.securityGrade.overall === 'D' ? chalk_1.default.red :
chalk_1.default.red.bold;
console.log(gradeColor(`š Security Grade: ${result.securityGrade.overall} (${result.securityGrade.score}/100)`));
if (result.nextSteps.length > 0) {
console.log(chalk_1.default.gray(`š Next: ${result.nextSteps[0]}`));
}
process.exit(exitCode);
}
catch (error) {
console.error(chalk_1.default.red('ā Scan failed:'), error);
process.exit(1);
}
});
program
.command('patterns')
.description('List all available security analysis capabilities')
.action(() => {
console.log(chalk_1.default.blue('š Bugnitor Intelligent Security Analysis\n'));
console.log(chalk_1.default.bold('š¤ AI-Generated Vulnerability Patterns:'));
console.log('ā¢ Missing Authorization Checks on DELETE/Admin Operations');
console.log('ā¢ Direct Database Queries with User Input');
console.log('ā¢ Unsanitized CSV/File Processing');
console.log('ā¢ Hardcoded Secrets from AI Examples');
console.log('ā¢ Detailed Error Information Exposure');
console.log('ā¢ Weak Cryptographic Algorithms from AI Suggestions');
console.log('ā¢ Unvalidated Redirects');
console.log('ā¢ Missing Input Validation on Endpoints');
console.log(chalk_1.default.bold('\nš Enhanced Secret Detection:'));
console.log('ā¢ AWS Access Keys & Secret Keys (Context-Aware)');
console.log('ā¢ GitHub Personal Access Tokens');
console.log('ā¢ OpenAI API Keys');
console.log('ā¢ Stripe API Keys');
console.log('ā¢ Google API Keys');
console.log('ā¢ Firebase Tokens');
console.log('ā¢ JWT Signing Secrets');
console.log('ā¢ SSH Private Keys');
console.log('ā¢ Database Connection Strings with Credentials');
console.log('ā¢ Slack & Discord Tokens');
console.log('ā¢ Generic API Keys & Passwords with Context Analysis');
console.log(chalk_1.default.bold('\nš Injection & Syntax Attacks:'));
console.log('ā¢ SQL Injection (concatenation & interpolation)');
console.log('ā¢ NoSQL Injection');
console.log('ā¢ Cross-Site Scripting (XSS) - DOM & Stored');
console.log('ā¢ Command Injection / Shell Injection');
console.log('ā¢ Server-Side Template Injection');
console.log('ā¢ Code Injection via eval()');
console.log(chalk_1.default.bold('\nš Broken Access & Authorization:'));
console.log('ā¢ Missing Authorization Checks');
console.log('ā¢ Insecure Direct Object References');
console.log('ā¢ Privilege Escalation Vulnerabilities');
console.log(chalk_1.default.bold('\nš¦ Deserialization & Remote Code Execution:'));
console.log('ā¢ Unsafe Deserialization (pickle, yaml, JSON)');
console.log('ā¢ Log4Shell JNDI Lookup Attacks');
console.log('ā¢ Object Injection Vulnerabilities');
console.log(chalk_1.default.bold('\nš File, Path & Resource Manipulation:'));
console.log('ā¢ Directory Traversal / Path Traversal');
console.log('ā¢ Unrestricted File Upload');
console.log('ā¢ Zip-Slip / Archive Traversal');
console.log(chalk_1.default.bold('\nš§ Memory & Language-Specific:'));
console.log('ā¢ Buffer Overflow (C/C++)');
console.log('ā¢ Format String Vulnerabilities');
console.log('ā¢ Integer Overflow/Underflow');
console.log(chalk_1.default.bold('\nš Cryptography & Configuration:'));
console.log('ā¢ Weak Cryptographic Algorithms (MD5, SHA1, DES)');
console.log('ā¢ Insecure Random Number Generation');
console.log('ā¢ Improper SSL/TLS Configuration');
console.log('ā¢ Missing Encryption for Sensitive Data');
console.log(chalk_1.default.bold('\nš Dependency & Supply-Chain:'));
console.log('ā¢ Vulnerable Dependencies (Log4j, Lodash, etc.)');
console.log('ā¢ Outdated Package Versions');
console.log('ā¢ Suspicious Package Names');
console.log('ā¢ Insecure Package Sources (HTTP)');
console.log(chalk_1.default.bold('\nš CI/CD & Infrastructure:'));
console.log('ā¢ GitHub Actions Security Issues');
console.log('ā¢ GitLab CI Configuration Problems');
console.log('ā¢ Jenkins Pipeline Vulnerabilities');
console.log('ā¢ Docker Security Misconfigurations');
console.log('ā¢ Secrets in CI/CD Files');
console.log('ā¢ Excessive Permissions');
console.log(chalk_1.default.bold('\nš Security Assessment:'));
console.log('ā¢ Overall Security Grade (A-F)');
console.log('ā¢ Category-based Scoring');
console.log('ā¢ Confidence Scoring (0-100%)');
console.log('ā¢ CWE & OWASP Mapping');
console.log('ā¢ Impact Assessment');
console.log('ā¢ Effort Estimation');
console.log('ā¢ Intelligent Recommendations');
console.log('ā¢ Next Steps Planning');
});
//# sourceMappingURL=cli.js.map