Merge branch 'development' of https://github.com/DMontgomery40/plugin-vulnerability-scanner into development

Author: DMontgomery40

.github/workflows/deploy.yml

@@ -4,29 +4,28 @@ on:
   push:
     branches:
       - main
+      - development
 
 jobs:
-  deploy:
+  build-and-deploy:
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
     steps:
-      - uses: actions/checkout@v3
-      
-      - name: Set up Node
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Node.js
         uses: actions/setup-node@v3
         with:
           node-version: '18'
-          
-      - name: Install dependencies
+
+      - name: Install Dependencies
         run: npm install
-        
+
       - name: Build
         run: npm run build
-        
+
       - name: Deploy to GitHub Pages
-        uses: peaceiris/actions-gh-pages@v3
+        uses: JamesIves/github-pages-deploy-action@v4
         with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          publish_dir: ./dist
-          force_orphan: true
+          branch: gh-pages
+          folder: dist  # Vite builds to the dist folder by default

.github/workflows/jekyll-gh-pages.yml

@@ -0,0 +1,51 @@
+# Sample workflow for building and deploying a Jekyll site to GitHub Pages
+name: Deploy Jekyll with GitHub Pages dependencies preinstalled
+
+on:
+  # Runs on pushes targeting the default branch
+  push:
+    branches: ["development"]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  # Build job
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Pages
+        uses: actions/configure-pages@v5
+      - name: Build with Jekyll
+        uses: actions/jekyll-build-pages@v1
+        with:
+          source: ./
+          destination: ./_site
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
+
+  # Deployment job
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

index.html

@@ -7,6 +7,6 @@
   </head>
   <body>
     <div id="root"></div>
-    <script type="module" src="/src/main.jsx"></script>
+    <script type="module" src="./main.jsx"></script>
   </body>
 </html>

src/lib/scanner.js

@@ -1,4 +1,5 @@
 import _ from 'lodash';
+<<<<<<< HEAD
 import { VULNERABILITY_PATTERNS as patterns } from './patterns/index.js';
 import { getScannerForFile, PACKAGE_FILE_PATTERNS } from './scanners/index.js';
 import { repoCache } from './cache.js';
@@ -18,6 +19,11 @@ const recommendations = {
     dynamicRequire: 'Use static imports and proper dependency management',
     unsafeDeserialization: 'Validate and sanitize data before deserialization'
 };
+=======
+import { corePatterns, enhancedPatterns, recommendations } from './patterns';
+import { getScannerForFile, PACKAGE_FILE_PATTERNS } from './scanners';
+import { repoCache } from './cache';
+>>>>>>> 81342ac2800f95e58c70d0204d4e1fd9b4d976ed
 
 class VulnerabilityScanner {
     constructor(config = {}) {
@@ -28,8 +34,16 @@ class VulnerabilityScanner {
             ...config
         };
 
+<<<<<<< HEAD
         // Use all patterns
         this.vulnerabilityPatterns = patterns;
+=======
+        // Combine patterns based on configuration
+        this.vulnerabilityPatterns = {
+            ...corePatterns,
+            ...(this.config.enableNewPatterns ? enhancedPatterns : {})
+        };
+>>>>>>> 81342ac2800f95e58c70d0204d4e1fd9b4d976ed
 
         // Track rate limit information
         this.rateLimitInfo = null;
@@ -42,6 +56,7 @@ class VulnerabilityScanner {
 
         if (token) {
             headers.Authorization = `token ${token}`;
+<<<<<<< HEAD
         }
 
         const response = await fetch(url, { headers });
@@ -140,8 +155,31 @@ class VulnerabilityScanner {
                 } catch (error) {
                     console.error(`Error fetching directory ${item.path}:`, error.message);
                 }
+=======
+        }
+
+        const response = await fetch(url, { headers });
+        
+        // Extract rate limit information from headers
+        this.rateLimitInfo = {
+            limit: parseInt(response.headers.get('x-ratelimit-limit') || '60'),
+            remaining: parseInt(response.headers.get('x-ratelimit-remaining') || '0'),
+            reset: parseInt(response.headers.get('x-ratelimit-reset') || '0')
+        };
+
+        if (!response.ok) {
+            if (response.status === 403 && this.rateLimitInfo.remaining === 0) {
+                const resetDate = new Date(this.rateLimitInfo.reset * 1000);
+                throw new Error(`GitHub API rate limit exceeded. Resets at ${resetDate.toLocaleString()}`);
+            }
+            if (response.status === 404) {
+                throw new Error('Repository or file not found. Check the URL and ensure you have access.');
+>>>>>>> 81342ac2800f95e58c70d0204d4e1fd9b4d976ed
             }
+            throw new Error(`GitHub API error: ${response.statusText}`);
         }
+
+        return response;
     }
 
     async scanFile(fileContent, filePath) {
@@ -202,6 +240,83 @@ class VulnerabilityScanner {
         }, []);
     }
 
+    async fetchRepositoryFiles(url, token = null) {
+        const githubRegex = /github\.com\/([^/]+)\/([^/]+)(?:\/tree\/[^/]+)?\/?(.*)/;
+        const match = url.match(githubRegex);
+        if (!match) {
+            throw new Error('Invalid GitHub URL format');
+        }
+
+        // Check cache first
+        const cachedData = repoCache.get(url, token);
+        if (cachedData) {
+            return {
+                files: cachedData.files,
+                rateLimit: this.rateLimitInfo,
+                fromCache: true
+            };
+        }
+
+        const [, owner, repo, path] = match;
+        const apiUrl = `https://api.github.com/repos/${owner}/${repo}/contents/${path}`;
+
+        try {
+            const response = await this.fetchWithAuth(apiUrl, token);
+            const data = await response.json();
+            const files = [];
+
+            await this.fetchFiles(files, data, owner, repo, token);
+            
+            // Cache the results
+            repoCache.set(url, token, { files });
+            
+            return {
+                files,
+                rateLimit: this.rateLimitInfo,
+                fromCache: false
+            };
+        } catch (error) {
+            throw new Error(error.message);
+        }
+    }
+
+    async fetchFiles(files, items, owner, repo, token) {
+        for (const item of items) {
+            // Check if we're running low on rate limit
+            if (this.rateLimitInfo && this.rateLimitInfo.remaining < 5) {
+                const resetDate = new Date(this.rateLimitInfo.reset * 1000);
+                console.warn(`Warning: Rate limit running low. Resets at ${resetDate.toLocaleString()}`);
+            }
+
+            const supportedExtensions = Object.keys(PACKAGE_FILE_PATTERNS)
+                .concat(['.json', '.py', '.css', '.html', '.config', '.conf', '.sh', '.patch', 
+                        '.yaml', '.yml', 'Dockerfile', '.ini', '.js', '.jsx', '.ts', '.tsx']);
+            
+            if (item.type === 'file' && 
+                (supportedExtensions.some(ext => item.name.toLowerCase().endsWith(ext.toLowerCase())) ||
+                 supportedExtensions.some(ext => item.name.toLowerCase() === ext.toLowerCase()))) {
+                try {
+                    const response = await this.fetchWithAuth(item.download_url, token);
+                    const content = await response.text();
+                    files.push({
+                        path: item.path,
+                        content: content
+                    });
+                } catch (error) {
+                    console.error(`Error fetching ${item.path}:`, error.message);
+                }
+            } else if (item.type === 'dir') {
+                try {
+                    const response = await this.fetchWithAuth(item._links.self, token);
+                    const data = await response.json();
+                    await this.fetchFiles(files, data, owner, repo, token);
+                } catch (error) {
+                    console.error(`Error fetching directory ${item.path}:`, error.message);
+                }
+            }
+        }
+    }
+
     generateReport(findings) {
         // Separate findings by scanner type
         const generalFindings = findings.filter(f => f.scannerType === 'general');

vite.config.js

@@ -1,11 +1,10 @@
-import { defineConfig } from 'vite';
-import react from '@vitejs/plugin-react';
-import path from 'path';
+import { defineConfig } from 'vite'
+import react from '@vitejs/plugin-react'
+import path from 'path'
 
-// https://vitejs.dev/config/
 export default defineConfig({
   plugins: [react()],
-  base: '/plugin-vulnerability-scanner/',  // This is correct for GitHub Pages
+  base: '/plugin-vulnerability-scanner/',
   resolve: {
     alias: {
       '@': path.resolve(__dirname, './src')
@@ -17,5 +16,13 @@ export default defineConfig({
     sourcemap: true,
     minify: 'terser',
     emptyOutDir: true,
+    rollupOptions: {
+      input: {
+        main: path.resolve(__dirname, 'index.html'),
+      },
+      output: {
+        manualChunks: undefined
+      }
+    }
   }
-});
+})