vibe-guard
Version:
██ Vibe-Guard Security Scanner - 28 essential security rules to catch vulnerabilities before they catch you! Zero dependencies, instant setup, works everywhere, optimized performance. Detects SQL injection, XSS, exposed secrets, CSRF, CORS issues, contain
185 lines • 8.53 kB
JavaScript
;
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
var __exportStar = (this && this.__exportStar) || function(m, exports) {
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.Reporter = exports.FileScanner = exports.VibeGuard = void 0;
const fs = __importStar(require("fs"));
const path = __importStar(require("path"));
const scanner_1 = require("./scanner");
const reporter_1 = require("./reporter");
const config_1 = require("./config");
const exposed_secrets_1 = require("./rules/exposed-secrets");
const missing_authentication_1 = require("./rules/missing-authentication");
const open_cors_1 = require("./rules/open-cors");
const hardcoded_sensitive_data_1 = require("./rules/hardcoded-sensitive-data");
const insecure_http_1 = require("./rules/insecure-http");
const sql_injection_1 = require("./rules/sql-injection");
const unvalidated_input_1 = require("./rules/unvalidated-input");
const directory_traversal_1 = require("./rules/directory-traversal");
const insecure_dependencies_1 = require("./rules/insecure-dependencies");
const missing_security_headers_1 = require("./rules/missing-security-headers");
const xss_detection_1 = require("./rules/xss-detection");
const csrf_protection_1 = require("./rules/csrf-protection");
const insecure_deserialization_1 = require("./rules/insecure-deserialization");
const broken_access_control_1 = require("./rules/broken-access-control");
const insecure_file_upload_1 = require("./rules/insecure-file-upload");
const insecure_random_generation_1 = require("./rules/insecure-random-generation");
const insecure_logging_1 = require("./rules/insecure-logging");
const insecure_session_management_1 = require("./rules/insecure-session-management");
const insecure_error_handling_1 = require("./rules/insecure-error-handling");
const insecure_configuration_1 = require("./rules/insecure-configuration");
const version_1 = require("./types/version");
// Main class for the VibeGuard application
class VibeGuard {
// Constructor for the VibeGuard class
constructor() {
this.rules = [
new exposed_secrets_1.ExposedSecretsRule(),
new missing_authentication_1.MissingAuthenticationRule(),
new open_cors_1.OpenCorsRule(),
new hardcoded_sensitive_data_1.HardcodedSensitiveDataRule(),
new insecure_http_1.InsecureHttpRule(),
new sql_injection_1.SqlInjectionRule(),
new unvalidated_input_1.UnvalidatedInputRule(),
new directory_traversal_1.DirectoryTraversalRule(),
new insecure_dependencies_1.InsecureDependenciesRule(),
new missing_security_headers_1.MissingSecurityHeadersRule(),
new xss_detection_1.XssDetectionRule(),
new csrf_protection_1.CsrfProtectionRule(),
new insecure_deserialization_1.InsecureDeserializationRule(),
new broken_access_control_1.BrokenAccessControlRule(),
new insecure_file_upload_1.InsecureFileUploadRule(),
new insecure_random_generation_1.InsecureRandomGenerationRule(),
new insecure_logging_1.InsecureLoggingRule(),
new insecure_session_management_1.InsecureSessionManagementRule(),
new insecure_error_handling_1.InsecureErrorHandlingRule(),
new insecure_configuration_1.InsecureConfigurationRule()
];
this.scanner = new scanner_1.FileScanner();
this.reporter = new reporter_1.Reporter();
}
// Scans the target path for security issues
async scan(options) {
const config = config_1.ConfigLoader.loadConfig(options.target);
const mergedOptions = config_1.ConfigLoader.mergeConfig(config, options);
const targetPath = path.resolve(mergedOptions.target);
if (mergedOptions.verbose) {
console.log('Configuration loaded from:', config_1.ConfigLoader.findConfigFile(options.target) || 'none');
console.log('Number of rules:', this.rules.length);
}
if (!fs.existsSync(targetPath)) {
throw new Error(`Target path does not exist: ${targetPath}`);
}
const stats = fs.statSync(targetPath);
if (mergedOptions.verbose) {
console.log('Target type:', stats.isFile() ? 'file' : 'directory');
}
if (stats.isFile()) {
if (mergedOptions.verbose) {
console.log('Scanning single file...');
}
const result = await this.scanner.scanFile(targetPath, this.rules);
if (mergedOptions.verbose) {
console.log('Scan completed:', {
filesScanned: result.filesScanned,
issuesFound: result.issuesFound,
summary: result.summary
});
}
return result;
}
else if (stats.isDirectory()) {
if (mergedOptions.verbose) {
console.log('Scanning directory...');
}
return await this.scanner.scanDirectory(targetPath, this.rules);
}
else {
throw new Error(`Target path is neither a file nor a directory: ${targetPath}`);
}
}
// Formats the scan results
formatResults(result, format = 'table') {
switch (format) {
case 'json':
return this.reporter.formatJson(result);
case 'sarif':
return this.reporter.formatSarif(result);
case 'html':
return this.reporter.formatHtml(result);
case 'table':
default:
return this.reporter.formatTable(result);
}
}
// Scans and formats the results
async scanAndFormat(options) {
const result = await this.scan(options);
return this.formatResults(result, options.format);
}
getRules() {
return [...this.rules];
}
getRuleByName(name) {
return this.rules.find(rule => rule.name === name);
}
getVersion() {
return version_1.VERSION;
}
generateConfig() {
return config_1.ConfigLoader.generateSampleConfig();
}
createConfigFile() {
const configPath = path.join(process.cwd(), 'vibe-guard.json');
if (fs.existsSync(configPath)) {
console.log('Configuration file already exists: vibe-guard.json');
return;
}
const configContent = config_1.ConfigLoader.generateSampleConfig();
fs.writeFileSync(configPath, configContent);
console.log('Created configuration file: vibe-guard.json');
}
}
exports.VibeGuard = VibeGuard;
__exportStar(require("./types"), exports);
__exportStar(require("./rules"), exports);
var scanner_2 = require("./scanner");
Object.defineProperty(exports, "FileScanner", { enumerable: true, get: function () { return scanner_2.FileScanner; } });
var reporter_2 = require("./reporter");
Object.defineProperty(exports, "Reporter", { enumerable: true, get: function () { return reporter_2.Reporter; } });
exports.default = VibeGuard;
//# sourceMappingURL=index.js.map