feat: add security sink detection patterns for JavaScript/TypeScript

- Introduced `sink-detect.js` with various security sink detection patterns categorized by type (e.g., command injection, SQL injection, file operations). - Implemented functions to build a lookup map for fast sink detection and to match sink calls against known patterns. - Added `package-lock.json` for dependency management.
2025-12-22 23:21:21 +02:00
parent 3ba7157b00
commit 5146204f1b
529 changed files with 73579 additions and 5985 deletions
--- a/src/Cli/StellaOps.Cli/Services/Models/SbomModels.cs
+++ b/src/Cli/StellaOps.Cli/Services/Models/SbomModels.cs
@@ -1,7 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.Text.Json;
-using System.Text.Json;
 using System.Text.Json.Serialization;

 namespace StellaOps.Cli.Services.Models;
@@ -68,102 +67,6 @@ internal sealed class SbomListResponse
    public string? NextCursor { get; init; }
 }

-/// <summary>
-/// SBOM upload request payload.
-/// </summary>
-internal sealed class SbomUploadRequest
-{
-    [JsonPropertyName("artifactRef")]
-    public string ArtifactRef { get; init; } = string.Empty;
-
-    [JsonPropertyName("sbom")]
-    public JsonElement? Sbom { get; init; }
-
-    [JsonPropertyName("sbomBase64")]
-    public string? SbomBase64 { get; init; }
-
-    [JsonPropertyName("format")]
-    public string? Format { get; init; }
-
-    [JsonPropertyName("source")]
-    public SbomUploadSource? Source { get; init; }
-}
-
-/// <summary>
-/// SBOM upload source metadata.
-/// </summary>
-internal sealed class SbomUploadSource
-{
-    [JsonPropertyName("tool")]
-    public string? Tool { get; init; }
-
-    [JsonPropertyName("version")]
-    public string? Version { get; init; }
-
-    [JsonPropertyName("ciContext")]
-    public SbomUploadCiContext? CiContext { get; init; }
-}
-
-/// <summary>
-/// CI context metadata for SBOM uploads.
-/// </summary>
-internal sealed class SbomUploadCiContext
-{
-    [JsonPropertyName("buildId")]
-    public string? BuildId { get; init; }
-
-    [JsonPropertyName("repository")]
-    public string? Repository { get; init; }
-}
-
-/// <summary>
-/// SBOM upload response payload.
-/// </summary>
-internal sealed class SbomUploadResponse
-{
-    [JsonPropertyName("sbomId")]
-    public string SbomId { get; init; } = string.Empty;
-
-    [JsonPropertyName("artifactRef")]
-    public string ArtifactRef { get; init; } = string.Empty;
-
-    [JsonPropertyName("digest")]
-    public string Digest { get; init; } = string.Empty;
-
-    [JsonPropertyName("format")]
-    public string Format { get; init; } = string.Empty;
-
-    [JsonPropertyName("formatVersion")]
-    public string FormatVersion { get; init; } = string.Empty;
-
-    [JsonPropertyName("validationResult")]
-    public SbomUploadValidationSummary ValidationResult { get; init; } = new();
-
-    [JsonPropertyName("analysisJobId")]
-    public string AnalysisJobId { get; init; } = string.Empty;
-}
-
-/// <summary>
-/// SBOM upload validation summary.
-/// </summary>
-internal sealed class SbomUploadValidationSummary
-{
-    [JsonPropertyName("valid")]
-    public bool Valid { get; init; }
-
-    [JsonPropertyName("qualityScore")]
-    public double QualityScore { get; init; }
-
-    [JsonPropertyName("warnings")]
-    public IReadOnlyList<string> Warnings { get; init; } = [];
-
-    [JsonPropertyName("errors")]
-    public IReadOnlyList<string> Errors { get; init; } = [];
-
-    [JsonPropertyName("componentCount")]
-    public int ComponentCount { get; init; }
-}
-
 /// <summary>
 /// Summary view of an SBOM.
 /// </summary>