Replaced tree-sitter with a lighter parser-based context verifier built from handwritten lexers plus tl/cssparser, preserving context-dependent matching while cutting about 19 MB from the release binary.

2026-04-08 08:02:14 -07:00 · 2026-04-08 08:02:14 -07:00 · 5aa5e1e218
commit 5aa5e1e218
parent 0cb854872b
3 changed files with 25 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -17,6 +17,8 @@ logs/*
 *.orig
 *.rej
 *.html
+!testdata/html_vulnerable.html
+!testdata/html_embedded_vulnerable.html
 !docs/access-map-viewer/index.html
 !docs-site/overrides/*.html
 *.dot
--- a/testdata/html_embedded_vulnerable.html
+++ b/testdata/html_embedded_vulnerable.html
@ -0,0 +1,16 @@
+<!doctype html>
+<html>
+  <head>
+    <style>
+      .auth0_client_secret {
+        content: "abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234";
+      }
+    </style>
+  </head>
+  <body>
+    <script>
+      const auth0_client_secret = "abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234";
+      const password = "superSecret123";
+    </script>
+  </body>
+</html>
--- a/testdata/html_vulnerable.html
+++ b/testdata/html_vulnerable.html
@ -0,0 +1,7 @@
+<!doctype html>
+<html>
+  <body data-api-key="html-key-123" secret_key="all along the watchtower">
+    <div password="blink182">hunter2</div>
+    <meta name="auth0_client_secret" content="abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234">
+  </body>
+</html>