feat: add security sink detection patterns for JavaScript/TypeScript

- Introduced `sink-detect.js` with various security sink detection patterns categorized by type (e.g., command injection, SQL injection, file operations). - Implemented functions to build a lookup map for fast sink detection and to match sink calls against known patterns. - Added `package-lock.json` for dependency management.
2025-12-22 23:21:21 +02:00
parent 3ba7157b00
commit 5146204f1b
529 changed files with 73579 additions and 5985 deletions
--- a/src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.Alpine/AlpineConnector.cs
+++ b/src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.Alpine/AlpineConnector.cs
@@ -327,7 +327,7 @@ public sealed class AlpineConnector : IFeedConnector
        }
    }

-    private static string[] NormalizeList(string[] values)
+    private static string[] NormalizeList(string[]? values)
    {
        if (values is null || values.Length == 0)
        {
--- a/src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.Alpine/Configuration/AlpineOptions.cs
+++ b/src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.Alpine/Configuration/AlpineOptions.cs
@@ -14,13 +14,25 @@ public sealed class AlpineOptions

    /// <summary>
    /// Releases to fetch (for example: v3.18, v3.19, v3.20, edge).
+    /// Defaults to v3.18, v3.19, v3.20, edge if not configured.
    /// </summary>
-    public string[] Releases { get; set; } = new[] { "v3.18", "v3.19", "v3.20", "edge" };
+    public string[]? Releases { get; set; }

    /// <summary>
    /// Repository names to fetch (for example: main, community).
+    /// Defaults to main, community if not configured.
    /// </summary>
-    public string[] Repositories { get; set; } = new[] { "main", "community" };
+    public string[]? Repositories { get; set; }
+
+    /// <summary>
+    /// Default Alpine releases if none are configured.
+    /// </summary>
+    public static readonly string[] DefaultReleases = ["v3.18", "v3.19", "v3.20", "edge"];
+
+    /// <summary>
+    /// Default Alpine repositories if none are configured.
+    /// </summary>
+    public static readonly string[] DefaultRepositories = ["main", "community"];

    /// <summary>
    /// Cap on release+repo documents fetched in a single run.
@@ -64,12 +76,16 @@ public sealed class AlpineOptions
            throw new InvalidOperationException("RequestDelay must be between 0 and 10 seconds.");
        }

-        if (Releases is null || Releases.Length == 0 || Releases.All(static value => string.IsNullOrWhiteSpace(value)))
+        // Apply defaults for releases/repositories if not configured
+        Releases ??= DefaultReleases;
+        Repositories ??= DefaultRepositories;
+
+        if (Releases.Length == 0 || Releases.All(static value => string.IsNullOrWhiteSpace(value)))
        {
            throw new InvalidOperationException("At least one Alpine release must be configured.");
        }

-        if (Repositories is null || Repositories.Length == 0 || Repositories.All(static value => string.IsNullOrWhiteSpace(value)))
+        if (Repositories.Length == 0 || Repositories.All(static value => string.IsNullOrWhiteSpace(value)))
        {
            throw new InvalidOperationException("At least one Alpine repository must be configured.");
        }