supamend
Version:
Pluggable DevSecOps Security Scanner with 10+ scanners and multiple reporting channels
46 lines • 1.41 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.InputValidator = void 0;
class InputValidator {
static validatePath(path) {
if (!path || typeof path !== 'string')
return false;
if (path.includes('..') || path.includes('\0'))
return false;
if (path.length > 1000)
return false;
return true;
}
static validateUrl(url) {
try {
const parsed = new URL(url);
return ['http:', 'https:'].includes(parsed.protocol);
}
catch {
return false;
}
}
static sanitizeString(input) {
return input
.replace(/[\r\n]/g, ' ')
.replace(/[\x00-\x1f\x7f-\x9f]/g, '')
.trim()
.substring(0, 1000);
}
static validateScannerName(name) {
const validNames = [
'gitleaks', 'bandit', 'npm-audit', 'yarn-audit', 'trivy',
'safety', 'eslint-security', 'checkov', 'semgrep', 'hadolint'
];
return validNames.includes(name);
}
static validateReporterName(name) {
const validNames = [
'console', 'json', 'github-issue', 'slack', 'email',
'discord', 'teams', 'metrics'
];
return validNames.includes(name);
}
}
exports.InputValidator = InputValidator;
//# sourceMappingURL=validation.js.map