UNPKG

sicua

Version:

A tool for analyzing project structure and dependencies

github.com/sicua-labs/sicua

sicua-labs/sicua

85 lines (84 loc) 3.7 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
/** * Abstract base class for security vulnerability detectors */ import ts from "typescript"; import { Vulnerability, VulnerabilityType, SeverityLevel, ConfidenceLevel, VulnerabilityLocation, VulnerabilityContext } from "../types/vulnerability.types"; import { PatternDefinition, PatternMatchResult } from "../types/pattern.types"; import { AnalysisContext } from "../types/analysis.types"; import { FileContextInfo } from "../utils/SecurityContext"; import { ScanResult } from "../../../types"; export declare abstract class BaseDetector { protected readonly detectorName: string; protected readonly vulnerabilityType: VulnerabilityType; protected readonly defaultSeverity: SeverityLevel; protected readonly patterns: PatternDefinition[]; constructor(detectorName: string, vulnerabilityType: VulnerabilityType, defaultSeverity: SeverityLevel, patterns?: PatternDefinition[]); /** * Main detection method - must be implemented by subclasses */ abstract detect(scanResult: ScanResult, context: AnalysisContext): Promise<Vulnerability[]>; /** * Apply text-based pattern matching to file content */ protected applyPatternMatching(content: string, filePath: string, patterns?: PatternDefinition[]): PatternMatchResult[]; /** * Apply AST-based analysis to TypeScript source files */ protected applyASTAnalysis(sourceFile: ts.SourceFile, filePath: string, customAnalyzer?: (sourceFile: ts.SourceFile, filePath: string) => Vulnerability[]): Vulnerability[]; /** * Create a vulnerability instance with proper metadata */ protected createVulnerability(filePath: string, location: VulnerabilityLocation, context: VulnerabilityContext, description: string, severity?: SeverityLevel, confidence?: ConfidenceLevel, metadata?: Record<string, unknown>): Vulnerability; /** * Convert pattern match results to vulnerabilities */ protected convertPatternMatchesToVulnerabilities(patternResults: PatternMatchResult[], additionalValidator?: (match: PatternMatchResult) => boolean): Vulnerability[]; /** * Filter files that should be analyzed by this detector */ protected filterRelevantFiles(scanResult: ScanResult, fileExtensions?: string[], excludePatterns?: string[]): string[]; /** * Get file context information for security analysis */ protected getFileContext(filePath: string, content: string): FileContextInfo; /** * Check if a pattern should be applied to a specific file */ protected shouldApplyPattern(pattern: PatternDefinition, filePath: string): boolean; /** * Generate a unique ID for a vulnerability */ private generateVulnerabilityId; /** * Extract function name from context */ private extractFunctionName; /** * Extract component name from file path */ protected extractComponentName(filePath: string): string | undefined; /** * Validate vulnerability before adding to results */ protected validateVulnerability(vulnerability: Vulnerability): boolean; /** * Apply confidence adjustments based on context */ protected adjustConfidenceBasedOnContext(vulnerability: Vulnerability, fileContext: FileContextInfo): ConfidenceLevel; /** * Helper to lower confidence level */ private lowerConfidence; /** * Helper to raise confidence level */ private raiseConfidence; /** * Check if context suggests this is test code */ protected isInTestContext(context: string): boolean; /** * Check if text is in a comment */ protected isInComment(context: string, text: string): boolean; }