69 lines
1.9 KiB
TypeScript
69 lines
1.9 KiB
TypeScript
import fs from "node:fs";
|
|
import path from "node:path";
|
|
import { describe, expect, it } from "vitest";
|
|
|
|
const SCAN_ROOTS = ["src", "extensions"] as const;
|
|
const SKIP_DIRS = new Set([".git", "dist", "node_modules"]);
|
|
|
|
function collectTypeScriptFiles(rootDir: string): string[] {
|
|
const out: string[] = [];
|
|
const stack = [rootDir];
|
|
while (stack.length > 0) {
|
|
const current = stack.pop();
|
|
if (!current) {
|
|
continue;
|
|
}
|
|
for (const entry of fs.readdirSync(current, { withFileTypes: true })) {
|
|
const fullPath = path.join(current, entry.name);
|
|
if (entry.isDirectory()) {
|
|
if (!SKIP_DIRS.has(entry.name)) {
|
|
stack.push(fullPath);
|
|
}
|
|
continue;
|
|
}
|
|
if (!entry.isFile()) {
|
|
continue;
|
|
}
|
|
if (
|
|
!entry.name.endsWith(".ts") ||
|
|
entry.name.endsWith(".test.ts") ||
|
|
entry.name.endsWith(".d.ts")
|
|
) {
|
|
continue;
|
|
}
|
|
out.push(fullPath);
|
|
}
|
|
}
|
|
return out;
|
|
}
|
|
|
|
function findWeakRandomPatternMatches(repoRoot: string): string[] {
|
|
const matches: string[] = [];
|
|
for (const scanRoot of SCAN_ROOTS) {
|
|
const root = path.join(repoRoot, scanRoot);
|
|
if (!fs.existsSync(root)) {
|
|
continue;
|
|
}
|
|
const files = collectTypeScriptFiles(root);
|
|
for (const filePath of files) {
|
|
const lines = fs.readFileSync(filePath, "utf8").split(/\r?\n/);
|
|
for (let idx = 0; idx < lines.length; idx += 1) {
|
|
const line = lines[idx] ?? "";
|
|
if (!line.includes("Date.now") || !line.includes("Math.random")) {
|
|
continue;
|
|
}
|
|
matches.push(`${path.relative(repoRoot, filePath)}:${idx + 1}`);
|
|
}
|
|
}
|
|
}
|
|
return matches;
|
|
}
|
|
|
|
describe("weak random pattern guardrail", () => {
|
|
it("rejects Date.now + Math.random token/id patterns in runtime code", () => {
|
|
const repoRoot = path.resolve(process.cwd());
|
|
const matches = findWeakRandomPatternMatches(repoRoot);
|
|
expect(matches).toEqual([]);
|
|
});
|
|
});
|