Skip to content

Commit e350591

Browse files
DMontgomery40DMontgomery40
committed
feat: enhance vulnerability scanner with improved logging and pattern validation
- Added debug logging during scanner initialization and file scanning processes. - Enhanced validation for vulnerability patterns, ensuring only valid patterns are retained. - Improved error messages for invalid patterns and scanning issues. - Provided detailed logs for package file matches and total findings per scanned file.
1 parent e200b49 commit e350591

File tree

1 file changed

+25
-1
lines changed

1 file changed

+25
-1
lines changed

src/lib/scanner.js

Lines changed: 25 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,25 +15,38 @@ class VulnerabilityScanner {
1515
...config
1616
};
1717

18+
// Debug logging
19+
console.log('Initializing scanner with patterns:', {
20+
corePatterns: !!corePatterns,
21+
enhancedPatterns: !!enhancedPatterns
22+
});
23+
1824
this.vulnerabilityPatterns = {};
1925

2026
if (corePatterns && typeof corePatterns === 'object') {
2127
this.vulnerabilityPatterns = { ...corePatterns };
28+
console.log('Loaded core patterns:', Object.keys(corePatterns));
2229
}
2330

2431
if (this.config.enableNewPatterns && enhancedPatterns && typeof enhancedPatterns === 'object') {
2532
this.vulnerabilityPatterns = {
2633
...this.vulnerabilityPatterns,
2734
...enhancedPatterns
2835
};
36+
console.log('Loaded enhanced patterns:', Object.keys(enhancedPatterns));
2937
}
3038

39+
// Validate patterns
40+
let validPatterns = 0;
3141
Object.entries(this.vulnerabilityPatterns).forEach(([key, pattern]) => {
3242
if (!pattern.pattern || !pattern.severity || !pattern.description) {
33-
console.error(`Invalid pattern configuration for ${key}`);
43+
console.error(`Invalid pattern configuration for ${key}:`, pattern);
3444
delete this.vulnerabilityPatterns[key];
45+
} else {
46+
validPatterns++;
3547
}
3648
});
49+
console.log(`Scanner initialized with ${validPatterns} valid patterns`);
3750

3851
this.rateLimitInfo = null;
3952
}
@@ -156,6 +169,8 @@ class VulnerabilityScanner {
156169
}
157170

158171
async scanFile(fileContent, filePath) {
172+
console.log(`Scanning file: ${filePath}`);
173+
159174
if (!fileContent || typeof fileContent !== 'string') {
160175
console.error('Invalid file content provided to scanner');
161176
return [];
@@ -168,26 +183,33 @@ class VulnerabilityScanner {
168183
return findings;
169184
}
170185

186+
console.log(`Active patterns: ${Object.keys(this.vulnerabilityPatterns).length}`);
187+
171188
try {
189+
// Package scanners
172190
if (this.config.enablePackageScanners) {
173191
for (const [pattern, type] of Object.entries(PACKAGE_FILE_PATTERNS)) {
174192
if (filePath.toLowerCase().endsWith(pattern.toLowerCase())) {
193+
console.log(`Found package file match: ${pattern} -> ${type}`);
175194
const scanner = getScannerForFile(type);
176195
if (scanner) {
177196
const packageFindings = await scanner.scan(filePath, fileContent);
197+
console.log(`Package scanner found ${packageFindings.length} issues`);
178198
findings.push(...packageFindings);
179199
}
180200
break;
181201
}
182202
}
183203
}
184204

205+
// Pattern scanning
185206
for (const [vulnType, vulnInfo] of Object.entries(this.vulnerabilityPatterns)) {
186207
try {
187208
const regex = new RegExp(vulnInfo.pattern, 'g');
188209
const matches = fileContent.match(regex);
189210

190211
if (matches && matches.length > 0) {
212+
console.log(`Found ${matches.length} matches for pattern: ${vulnType}`);
191213
findings.push({
192214
type: vulnType,
193215
severity: vulnInfo.severity,
@@ -203,6 +225,8 @@ class VulnerabilityScanner {
203225
console.error(`Error analyzing pattern ${vulnType}:`, error);
204226
}
205227
}
228+
229+
console.log(`Total findings for ${filePath}: ${findings.length}`);
206230
} catch (error) {
207231
console.error(`Error scanning file ${filePath}:`, error);
208232
}

0 commit comments

Comments
 (0)