Skip to content

Commit

Permalink
chore(js): js package updates
Browse files Browse the repository at this point in the history
VigneshKna committed Sep 28, 2024
1 parent f75f3c3 commit 15465df
Showing 13 changed files with 455 additions and 188 deletions.
84 changes: 78 additions & 6 deletions src/js/README.md
Original file line number Diff line number Diff line change
@@ -1,14 +1,86 @@
# How2Validate

How2Validate is a package designed to validate secrets and sensitive information across multiple platforms.
**How2Validate** is a security-focused tool designed to validate sensitive secrets by querying official secret provider endpoints. It provides real-time feedback on the authenticity of the credentials, ensuring that the secrets are valid.

## Why How2Validate?
The need for **How2Validate** arises from the growing concern of exposing sensitive information in various applications, repositories, and environments. Leaked API keys, invalid credentials, and misconfigured secrets can lead to significant security vulnerabilities. **How2Validate** helps mitigate these risks by verifying secrets directly with the official providers before they are used in any system.

## Features

- Validate API keys, passwords, and other sensitive information.
- Cross-platform support (Windows, Linux, macOS).
- Easy integration with existing applications.
- **Validate API keys, passwords, and sensitive information**: It interacts with official provider authentication endpoints to ensure the authenticity of the secrets.
- **Cross-platform support**: Packages available for JavaScript, Python, and Docker environments.
- **Easy to use**: Simplifies secret validation with straightforward commands and functions.
- **Real-time feedback**: Instantly know the status of your secrets — whether they are valid or not.

## How It Works

**How2Validate** utilizes the official authentication endpoints provided by different service providers (like NPM, GitHub, Snyk, etc.) to validate secrets such as API keys, tokens, and other sensitive data. By querying these trusted endpoints, **How2Validate** ensures that the secrets are correct and not expired or invalid.

For every provider, **How2Validate** relies on well-maintained libraries and packages suggested by those providers to handle the authentication process.

## Detailed CLI Help

The **How2Validate** tool provides multiple command-line options for validating secrets with precision.

To see all available commands, use:

```npm
how2validate --help
usage: How2Validate Tool
Validate various types of secrets for different services.
options:
-h, --help show this help message and exit
-secretscope Explore the secret universe. Your next target awaits.
-provider PROVIDER Specify your provider. Unleash your validation arsenal.
-service SERVICE Specify your target service. Validate your secrets with precision.
-secret SECRET Unveil your secrets to verify their authenticity.
-r, --response Monitor the status. View if your secret Active or InActive.
-report Get detailed reports. Receive validated secrets via email [Alpha Feature].
-v, --version Expose the version.
--update Hack the tool to the latest version.
Ensuring the authenticity of your secrets.
```

## Installation
## How to Utilize the Functions

**How2Validate** can be easily installed and used programmatically within projects.

### Install the package:

- Npm

```bash
npx jsr add @how2validate/how2validate
npm install how2validate
```

#### Import the package and use the validate function:

```js
import { validate } from 'how2validate'

# Validate secrets programmatically
var validation_result = validate(provider,service, secret, response, report)
print(validation_result)

```

### Example usage of validate function:

```js
import { validate } from 'how2validate'

# Validate secrets programmatically
var validation_result = validate(
provider="NPM",
service="NPM Access Token",
secret="<<SECRET_HERE>>",
response=False,
report=False,
)
print(validation_result)

```
2 changes: 1 addition & 1 deletion src/js/config.ini
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[DEFAULT]
package_name = @how2validate/how2validate
version = 0.0.1-beta.6
version = 0.0.1-beta.14

[SECRET]
secret_active = Active
29 changes: 16 additions & 13 deletions src/js/how2validate/handler/validator_handler.ts
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
import { validateSnykAuthKey } from "../validators/snyk/snyk_auth_key"; // Import the Snyk authentication key validator
import { validateSonarcloudToken } from "../validators/sonarcloud/sonarcloud_token"; // Import the Sonarcloud token validator
import { validateNpmAccessToken } from "../validators/npm/npm_access_token"; // Import the NPM access token validator
import { validateSnykAuthKey } from "../validators/snyk/snyk_auth_key.js"; // Import the Snyk authentication key validator
import { validateSonarcloudToken } from "../validators/sonarcloud/sonarcloud_token.js"; // Import the Sonarcloud token validator
import { validateNpmAccessToken } from "../validators/npm/npm_access_token.js"; // Import the NPM access token validator

// Define a type for the validator function signature
type ValidatorFunction = (
service: string,
secret: string,
response: boolean,
report?: boolean
) => Promise<string>;
service: string, // The name of the service being validated
secret: string, // The secret (e.g., API key, token) to validate
response: boolean, // Indicates whether to include response data in the output
report?: boolean // Optional parameter for additional reporting functionality
) => Promise<string>; // The function returns a promise that resolves to a validation result message

// Map of service names to their corresponding validator functions
const serviceHandlers: Record<string, ValidatorFunction> = {
@@ -20,11 +20,14 @@ const serviceHandlers: Record<string, ValidatorFunction> = {

/**
* Handle the validation of a service's secret.
* @param service - The name of the service to validate.
* @param secret - The secret (e.g., API key, token) to validate.
* @param response - A boolean indicating whether to include response data in the output.
* @param report - An optional parameter for additional reporting functionality.
* @returns A promise that resolves to a string message indicating the validation result.
* This function retrieves the appropriate validator function for the specified service
* and invokes it with the provided secret and parameters.
*
* @param {string} service - The name of the service to validate.
* @param {string} secret - The secret (e.g., API key, token) to validate.
* @param {boolean} response - A boolean indicating whether to include response data in the output.
* @param {boolean} [report] - An optional parameter for additional reporting functionality.
* @returns {Promise<string>} A promise that resolves to a string message indicating the validation result.
*/
export async function validatorHandleService(
service: string,
85 changes: 63 additions & 22 deletions src/js/how2validate/index.ts
100644 → 100755
Original file line number Diff line number Diff line change
@@ -1,25 +1,40 @@
/**
* @module How2Validate Tool
* @description
* A Command-Line Interface (CLI) tool designed to validate various types of secrets across different services.
* It leverages multiple secret providers and services to ensure the authenticity and status of secrets.
*
* @requires commander
* @requires ./utility/config_utility.js
* @requires ./utility/tool_utility.js
* @requires ./handler/validator_handler.js
*/

import { Command } from "commander"; // Importing Commander for building CLI applications
import { setupLogging } from "./utility/log_utility"; // Importing the logging setup function
import {
getActiveSecretStatus,
getInactiveSecretStatus,
getVersion,
} from "./utility/config_utility"; // Importing configuration utility functions
} from "./utility/config_utility.js"; // Importing configuration utility functions
import {
formatString,
getSecretProviders,
getSecretscope,
getSecretServices,
updateTool,
validateChoice,
} from "./utility/tool_utility"; // Importing utility functions for secret validation
import { validatorHandleService } from "./handler/validator_handler"; // Importing the validation handler
} from "./utility/tool_utility.js"; // Importing utility functions for secret validation
import { validatorHandleService } from "./handler/validator_handler.js"; // Importing the validation handler

// Call the logging setup function to configure logging
setupLogging();

const program = new Command(); // Create a new Commander program instance
/**
* Creates a new instance of the Commander program to build the CLI application.
* @type {Command}
*/
const program = new Command();

// Configure the CLI program details
/**
* Configure the CLI program details including name, description, and version.
*/
program
.name("How2Validate Tool") // Set the name of the CLI tool
.description("Validate various types of secrets for different services.") // Description of what the tool does
@@ -29,18 +44,28 @@ program
"Expose the version."
); // Set the version and help flag

const providerChoices = getSecretProviders(); // Get supported secret providers
const serviceChoices = getSecretServices(); // Get supported secret services
/**
* Retrieve the list of supported secret providers.
* @type {string[]}
*/
const providerChoices = getSecretProviders();

/**
* Retrieve the list of supported secret services.
* @type {string[]}
*/
const serviceChoices = getSecretServices();

/**
* Define CLI options using Commander.
* - secretscope: Option for secret scope
* - provider: Option to specify a provider with validation
* - service: Option to specify a service with validation
* - secret: Option to specify the secret to validate
* - response: Option to check if the secret is active or inactive
* - report: Option to get reports via email (Alpha feature)
* - update: Option to update the tool
*
* - `-secretscope`: Option for secret scope.
* - `-provider`: Option to specify a provider with validation.
* - `-service`: Option to specify a service with validation.
* - `-secret`: Option to specify the secret to validate.
* - `-response`: Option to check if the secret is active or inactive.
* - `-report`: Option to get reports via email (Alpha feature).
* - `--update`: Option to update the tool.
*/
program
.option(
@@ -65,16 +90,27 @@ program
.option("-report", "Get detailed reports. Receive validated secrets via email [Alpha Feature].", false)
.option("--update", "Hack the tool to the latest version.");

export function getProvider(): string[] {
return providerChoices
}

export function getService(provider:string): string[] {
return getSecretServices(undefined,provider)
}


/**
* Validate the provided secret using the given provider, service, and options.
*
* @async
* @function validate
* @param {string} provider - The provider to use for validation.
* @param {string} service - The service to validate the secret with.
* @param {string} secret - The secret that needs to be validated.
* @param {boolean} response - Whether to get a response status for the secret.
* @param {boolean} report - Whether to generate a report for the validation.
*
* @returns {Promise<void>} - A promise that resolves when validation is complete.
* @throws Will throw an error if validation fails.
*/
export async function validate(
provider: string,
@@ -85,7 +121,7 @@ export async function validate(
): Promise<void> {
console.info("Started validating secret...");
const result = await validatorHandleService(
service,
formatString(service),
secret,
response,
report
@@ -97,7 +133,10 @@ export async function validate(
* Main function that executes the CLI program logic.
* Parses the command-line arguments and performs actions based on the options provided.
*
* @async
* @function main
* @returns {Promise<void>} - A promise that resolves when the program execution is complete.
* @throws Will throw an error if an unexpected issue occurs during execution.
*/
async function main(): Promise<void> {
program.parse(process.argv); // Parse command-line arguments
@@ -160,5 +199,7 @@ async function main(): Promise<void> {
}
}

// Start the main function and handle any unexpected errors
main().catch((error) => console.error(`Unexpected error: ${error}`));
/**
* Execute the main function and handle any unexpected errors.
*/
main().catch((error) => console.error(`Unexpected error: ${error}`));
Loading

0 comments on commit 15465df

Please sign in to comment.