1+ const Step = require ( '../../actions' ) . Step ;
2+
3+ // Common encryption-related patterns and keywords
4+ const CRYPTO_PATTERNS = {
5+ // Known non-standard encryption algorithms
6+ nonStandardAlgorithms : [
7+ 'xor\\s*\\(' ,
8+ 'rot13' ,
9+ 'caesar\\s*cipher' ,
10+ 'custom\\s*encrypt' ,
11+ 'simple\\s*encrypt' ,
12+ 'homebrew\\s*crypto' ,
13+ 'custom\\s*hash'
14+ ] ,
15+
16+ // Suspicious operations that might indicate custom crypto Implementation
17+ suspiciousOperations : [
18+ 'bit\\s*shift' ,
19+ 'bit\\s*rotate' ,
20+ '\\^=' ,
21+ '\\^' ,
22+ '>>>' ,
23+ '<<<' ,
24+ 'shuffle\\s*bytes'
25+ ] ,
26+
27+ // Common encryption-related variable names
28+ suspiciousVariables : [
29+ 'cipher' ,
30+ 'encrypt' ,
31+ 'decrypt' ,
32+ 'scramble' ,
33+ 'salt(?!\\w)' ,
34+ 'iv(?!\\w)' ,
35+ 'nonce'
36+ ]
37+ } ;
38+
39+ function analyzeCodeForCrypto ( diffContent ) {
40+ const issues = [ ] ;
41+ // Check for above mentioned cryto Patterns
42+ if ( ! diffContent ) return issues ;
43+
44+ CRYPTO_PATTERNS . nonStandardAlgorithms . forEach ( pattern => {
45+ const regex = new RegExp ( pattern , 'gi' ) ;
46+ const matches = diffContent . match ( regex ) ;
47+ if ( matches ) {
48+ issues . push ( {
49+ type : 'non_standard_algorithm' ,
50+ pattern : pattern ,
51+ matches : matches ,
52+ severity : 'high' ,
53+ message : `Detected possible non-standard encryption algorithm: ${ matches . join ( ', ' ) }
54+ } ) ;
55+ }
56+ } ) ;
57+
58+ CRYPTO_PATTERNS . suspiciousOperations . forEach ( pattern => {
59+ const regex = new RegExp ( pattern , 'gi' ) ;
60+ const matches = diffContent . match ( regex ) ;
61+ if ( matches ) {
62+ issues . push ( {
63+ type : 'suspicious_operation' ,
64+ pattern : pattern ,
65+ matches : matches ,
66+ severity : 'medium' ,
67+ message : `Detected suspicious cryptographic operation: ${ matches . join ( ', ' ) }
68+ } ) ;
69+ }
70+ } ) ;
71+
72+ CRYPTO_PATTERNS . suspiciousVariables . forEach ( pattern => {
73+ const regex = new RegExp ( pattern , 'gi' ) ;
74+ const matches = diffContent . match ( regex ) ;
75+ if ( matches ) {
76+ issues . push ( {
77+ type : 'suspicious_variable' ,
78+ pattern : pattern ,
79+ matches : matches ,
80+ severity : 'low' ,
81+ message : `Detected potential encryption-related variable: ${ matches . join ( ', ' ) }
82+ } ) ;
83+ }
84+ } ) ;
85+
86+ return issues ;
87+ }
88+
89+ const exec = async ( req , action ) => {
90+ const step = new Step ( 'checkCryptoImplementation' ) ;
91+
92+ try {
93+ let hasIssues = false ;
94+ const allIssues = [ ] ;
95+
96+ for ( const commit of action . commitData ) {
97+ const diff = commit . diff || '' ;
98+ const issues = analyzeCodeForCrypto ( diff ) ;
99+
100+ if ( issues . length > 0 ) {
101+ hasIssues = true ;
102+ allIssues . push ( {
103+ commit : commit . hash ,
104+ issues : issues
105+ } ) ;
106+ }
107+ }
108+
109+ if ( hasIssues ) {
110+ step . error = true ;
111+
112+ const errorMessage = allIssues . map ( commitIssues => {
113+ return `Commit ${ commitIssues . commit } +
114+ commitIssues . issues . map ( issue =>
115+ `- ${ issue . severity . toUpperCase ( ) } ${ issue . message }
116+ ) . join ( '\n' ) ;
117+ } ) . join ( '\n\n' ) ;
118+
119+ step . setError (
120+ '\n\nYour push has been blocked.\n' +
121+ 'Potential non-standard cryptographic implementations detected:\n\n' +
122+ `${ errorMessage } +
123+ 'Please use standard cryptographic libraries instead of custom implementations.\n' +
124+ 'Recommended: Use established libraries like crypto, node-forge, or Web Crypto API.\n'
125+ ) ;
126+ }
127+
128+ action . addStep ( step ) ;
129+ return action ;
130+ } catch ( error ) {
131+ step . error = true ;
132+ step . setError ( `Error analyzing crypto implementation: ${ error . message } ) ;
133+ action . addStep ( step ) ;
134+ return action ;
135+ }
136+ } ;
137+
138+ // exec.displayName = 'checkCryptoImplementation.exec';
139+ exports . exec = exec ;
140+ exports . analyzeCodeForCrypto = analyzeCodeForCrypto ;
0 commit comments