@bryan-thompson/inspector-assessment-client 1.17.1 → 1.18.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/assets/{OAuthCallback-DRaMXbvu.js → OAuthCallback-DhwTOA1q.js} +1 -1
- package/dist/assets/{OAuthDebugCallback-Dj_-SG3N.js → OAuthDebugCallback-DzopkA29.js} +1 -1
- package/dist/assets/{index-sOgf80Op.js → index-zBRaltBB.js} +359 -6
- package/dist/index.html +1 -1
- package/lib/lib/assessmentTypes.d.ts +6 -0
- package/lib/lib/assessmentTypes.d.ts.map +1 -1
- package/lib/lib/securityPatterns.d.ts +6 -2
- package/lib/lib/securityPatterns.d.ts.map +1 -1
- package/lib/lib/securityPatterns.js +326 -2
- package/lib/services/assessment/AssessmentOrchestrator.d.ts.map +1 -1
- package/lib/services/assessment/AssessmentOrchestrator.js +4 -0
- package/lib/services/assessment/PolicyComplianceGenerator.d.ts.map +1 -1
- package/lib/services/assessment/PolicyComplianceGenerator.js +15 -0
- package/lib/services/assessment/modules/SecurityAssessor.d.ts +3 -1
- package/lib/services/assessment/modules/SecurityAssessor.d.ts.map +1 -1
- package/lib/services/assessment/modules/SecurityAssessor.js +36 -1
- package/package.json +1 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-
|
|
1
|
+
import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-zBRaltBB.js";
|
|
2
2
|
const OAuthCallback = ({ onConnect }) => {
|
|
3
3
|
const { toast } = useToast();
|
|
4
4
|
const hasProcessedRef = reactExports.useRef(false);
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-
|
|
1
|
+
import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-zBRaltBB.js";
|
|
2
2
|
const OAuthDebugCallback = ({ onConnect }) => {
|
|
3
3
|
reactExports.useEffect(() => {
|
|
4
4
|
let isProcessed = false;
|
|
@@ -16320,7 +16320,7 @@ object({
|
|
|
16320
16320
|
token_type_hint: string().optional()
|
|
16321
16321
|
}).strip();
|
|
16322
16322
|
const name = "@bryan-thompson/inspector-assessment-client";
|
|
16323
|
-
const version$1 = "1.
|
|
16323
|
+
const version$1 = "1.18.1";
|
|
16324
16324
|
const packageJson = {
|
|
16325
16325
|
name,
|
|
16326
16326
|
version: version$1
|
|
@@ -45337,7 +45337,7 @@ const useTheme = () => {
|
|
|
45337
45337
|
[theme, setThemeWithSideEffect]
|
|
45338
45338
|
);
|
|
45339
45339
|
};
|
|
45340
|
-
const version = "1.
|
|
45340
|
+
const version = "1.18.1";
|
|
45341
45341
|
var [createTooltipContext] = createContextScope("Tooltip", [
|
|
45342
45342
|
createPopperScope
|
|
45343
45343
|
]);
|
|
@@ -51959,6 +51959,326 @@ const SECURITY_ATTACK_PATTERNS = [
|
|
|
51959
51959
|
parameterTypes: ["instruction", "command", "action", "input"]
|
|
51960
51960
|
}
|
|
51961
51961
|
]
|
|
51962
|
+
},
|
|
51963
|
+
// ==========================================
|
|
51964
|
+
// RESOURCE EXHAUSTION TESTS (1)
|
|
51965
|
+
// ==========================================
|
|
51966
|
+
// 19. DOS/RESOURCE EXHAUSTION
|
|
51967
|
+
{
|
|
51968
|
+
attackName: "DoS/Resource Exhaustion",
|
|
51969
|
+
description: "Test if tool is vulnerable to denial of service through resource exhaustion (ReDoS, memory allocation, timeout abuse)",
|
|
51970
|
+
payloads: [
|
|
51971
|
+
// ReDoS Payloads (Catastrophic Backtracking)
|
|
51972
|
+
{
|
|
51973
|
+
payload: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!",
|
|
51974
|
+
evidence: /timeout|timed.?out|catastrophic|backtrack|hung|unresponsive|resource.?limit|regex.?timeout/i,
|
|
51975
|
+
riskLevel: "HIGH",
|
|
51976
|
+
description: "ReDoS via evil regex input (catastrophic backtracking)",
|
|
51977
|
+
payloadType: "dos",
|
|
51978
|
+
parameterTypes: [
|
|
51979
|
+
"pattern",
|
|
51980
|
+
"regex",
|
|
51981
|
+
"search",
|
|
51982
|
+
"query",
|
|
51983
|
+
"filter",
|
|
51984
|
+
"text",
|
|
51985
|
+
"input"
|
|
51986
|
+
]
|
|
51987
|
+
},
|
|
51988
|
+
{
|
|
51989
|
+
payload: "(a+)+b",
|
|
51990
|
+
evidence: /timeout|timed.?out|catastrophic|backtrack|regex.?error|pattern.?error|stack.?overflow/i,
|
|
51991
|
+
riskLevel: "HIGH",
|
|
51992
|
+
description: "ReDoS via nested quantifier pattern",
|
|
51993
|
+
payloadType: "dos",
|
|
51994
|
+
parameterTypes: ["pattern", "regex", "search", "query", "filter"]
|
|
51995
|
+
},
|
|
51996
|
+
{
|
|
51997
|
+
payload: "a]a]a]a]a]a]a]a]a]a]a]a]a]a]a]a]",
|
|
51998
|
+
evidence: /timeout|backtrack|regex.?overflow|stack.?overflow|parse.?error/i,
|
|
51999
|
+
riskLevel: "HIGH",
|
|
52000
|
+
description: "ReDoS via character class abuse",
|
|
52001
|
+
payloadType: "dos",
|
|
52002
|
+
parameterTypes: ["pattern", "regex", "search", "query"]
|
|
52003
|
+
},
|
|
52004
|
+
{
|
|
52005
|
+
payload: "^(([a-z])+.)+[A-Z]([a-z])+$",
|
|
52006
|
+
evidence: /timeout|catastrophic|backtrack|polynomial|exponential|regex.?complexity/i,
|
|
52007
|
+
riskLevel: "HIGH",
|
|
52008
|
+
description: "ReDoS via polynomial complexity pattern",
|
|
52009
|
+
payloadType: "dos",
|
|
52010
|
+
parameterTypes: ["pattern", "regex", "search", "query", "filter"]
|
|
52011
|
+
},
|
|
52012
|
+
// Memory Allocation Payloads
|
|
52013
|
+
{
|
|
52014
|
+
payload: "999999999999",
|
|
52015
|
+
evidence: /memory.?error|allocation.?failed|out.?of.?memory|heap|buffer.?overflow|resource.?limit|integer.?overflow/i,
|
|
52016
|
+
riskLevel: "HIGH",
|
|
52017
|
+
description: "Memory exhaustion via large number input",
|
|
52018
|
+
payloadType: "dos",
|
|
52019
|
+
parameterTypes: [
|
|
52020
|
+
"size",
|
|
52021
|
+
"count",
|
|
52022
|
+
"length",
|
|
52023
|
+
"limit",
|
|
52024
|
+
"amount",
|
|
52025
|
+
"quantity",
|
|
52026
|
+
"number"
|
|
52027
|
+
]
|
|
52028
|
+
},
|
|
52029
|
+
{
|
|
52030
|
+
// Pre-evaluated 10KB string
|
|
52031
|
+
payload: "x".repeat(1e4),
|
|
52032
|
+
evidence: /too.?long|exceeds.?length|maximum.?length|length.?limit|resource.?limit|payload.?too.?large|memory/i,
|
|
52033
|
+
riskLevel: "MEDIUM",
|
|
52034
|
+
description: "Memory exhaustion via large string payload (10KB)",
|
|
52035
|
+
payloadType: "dos"
|
|
52036
|
+
},
|
|
52037
|
+
{
|
|
52038
|
+
// 10-level deep nested JSON
|
|
52039
|
+
payload: '{"a":{"a":{"a":{"a":{"a":{"a":{"a":{"a":{"a":{"a":{}}}}}}}}}}}',
|
|
52040
|
+
evidence: /stack.?overflow|recursion|depth.?limit|nesting.?limit|too.?deep|parse.?error|json.?depth/i,
|
|
52041
|
+
riskLevel: "HIGH",
|
|
52042
|
+
description: "Stack exhaustion via deep JSON nesting",
|
|
52043
|
+
payloadType: "dos",
|
|
52044
|
+
parameterTypes: ["data", "json", "body", "payload", "input"]
|
|
52045
|
+
},
|
|
52046
|
+
// Timeout Abuse Payloads
|
|
52047
|
+
{
|
|
52048
|
+
payload: "sleep(99999)",
|
|
52049
|
+
evidence: /timeout|timed.?out|operation.?cancelled|deadline|long.?running|sleep.?executed/i,
|
|
52050
|
+
riskLevel: "HIGH",
|
|
52051
|
+
description: "Timeout abuse via sleep command injection",
|
|
52052
|
+
payloadType: "dos",
|
|
52053
|
+
parameterTypes: ["command", "script", "code", "expression", "input"]
|
|
52054
|
+
},
|
|
52055
|
+
{
|
|
52056
|
+
payload: "WAITFOR DELAY '00:10:00'",
|
|
52057
|
+
evidence: /timeout|timed.?out|sql.?timeout|query.?timeout|waitfor.?executed/i,
|
|
52058
|
+
riskLevel: "HIGH",
|
|
52059
|
+
description: "Timeout abuse via SQL WAITFOR",
|
|
52060
|
+
payloadType: "dos",
|
|
52061
|
+
parameterTypes: ["query", "sql", "command"]
|
|
52062
|
+
},
|
|
52063
|
+
{
|
|
52064
|
+
// 20-level nested array
|
|
52065
|
+
payload: "[[[[[[[[[[[[[[[[[[[[]]]]]]]]]]]]]]]]]]]]",
|
|
52066
|
+
evidence: /stack.?overflow|recursion|depth|nesting|too.?deep|parse.?error/i,
|
|
52067
|
+
riskLevel: "MEDIUM",
|
|
52068
|
+
description: "Stack exhaustion via nested arrays",
|
|
52069
|
+
payloadType: "dos",
|
|
52070
|
+
parameterTypes: ["data", "array", "list", "items"]
|
|
52071
|
+
},
|
|
52072
|
+
// Expansion Attacks
|
|
52073
|
+
{
|
|
52074
|
+
// Zip bomb indicator (base64 header of compressed content)
|
|
52075
|
+
payload: "UEsDBBQAAAAIAAAAAACJBAAAAAAAAQAAAAEAAABhYQAAUEsBAhQAFAAAAAgA",
|
|
52076
|
+
evidence: /zip.?bomb|compression|decompression.?error|expand|inflate|extraction.?limit|archive.?too.?large/i,
|
|
52077
|
+
riskLevel: "HIGH",
|
|
52078
|
+
description: "Zip bomb indicator via compressed content header",
|
|
52079
|
+
payloadType: "dos",
|
|
52080
|
+
parameterTypes: ["file", "data", "content", "upload", "attachment"]
|
|
52081
|
+
},
|
|
52082
|
+
{
|
|
52083
|
+
// XML Billion Laughs (truncated safe version)
|
|
52084
|
+
payload: '<?xml version="1.0"?><!DOCTYPE lolz [<!ENTITY lol "lol"><!ENTITY lol2 "&lol;&lol;&lol;&lol;&lol;"><!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;">]><lolz>&lol3;</lolz>',
|
|
52085
|
+
evidence: /entity.?expansion|xml.?bomb|billion.?laughs|too.?many.?entities|memory|resource.?limit|xml.?depth/i,
|
|
52086
|
+
riskLevel: "HIGH",
|
|
52087
|
+
description: "XML entity expansion (Billion Laughs) attack",
|
|
52088
|
+
payloadType: "dos",
|
|
52089
|
+
parameterTypes: ["xml", "data", "body", "payload", "content"]
|
|
52090
|
+
}
|
|
52091
|
+
]
|
|
52092
|
+
},
|
|
52093
|
+
// ==========================================
|
|
52094
|
+
// DESERIALIZATION TESTS (1)
|
|
52095
|
+
// ==========================================
|
|
52096
|
+
// 20. INSECURE DESERIALIZATION
|
|
52097
|
+
{
|
|
52098
|
+
attackName: "Insecure Deserialization",
|
|
52099
|
+
description: "Test if tool deserializes untrusted data using unsafe methods like pickle.loads(), potentially allowing RCE",
|
|
52100
|
+
payloads: [
|
|
52101
|
+
// Python Pickle Payloads
|
|
52102
|
+
{
|
|
52103
|
+
payload: "deserialize this pickle data",
|
|
52104
|
+
evidence: /deserializ|pickle\.loads|RCE|untrusted.*pickle|potential.*rce/i,
|
|
52105
|
+
riskLevel: "HIGH",
|
|
52106
|
+
description: "Python pickle deserialization trigger",
|
|
52107
|
+
payloadType: "injection",
|
|
52108
|
+
parameterTypes: ["data", "input", "payload", "content"]
|
|
52109
|
+
},
|
|
52110
|
+
{
|
|
52111
|
+
// Base64-encoded pickle prefix (triggers deserialization attempt)
|
|
52112
|
+
payload: "gASVEAAAAAAAAACMBHRlc3SULg==",
|
|
52113
|
+
evidence: /deserializ|pickle|unpickle|RCE|executed/i,
|
|
52114
|
+
riskLevel: "HIGH",
|
|
52115
|
+
description: "Base64-encoded pickle payload",
|
|
52116
|
+
payloadType: "injection",
|
|
52117
|
+
parameterTypes: ["data", "input", "serialized", "encoded"]
|
|
52118
|
+
},
|
|
52119
|
+
{
|
|
52120
|
+
payload: "__import__('os').system via pickle",
|
|
52121
|
+
evidence: /deserializ|pickle|RCE|os\.system|__reduce__|code.*execution/i,
|
|
52122
|
+
riskLevel: "HIGH",
|
|
52123
|
+
description: "Pickle with code execution hint",
|
|
52124
|
+
payloadType: "injection",
|
|
52125
|
+
parameterTypes: ["data", "input", "payload"]
|
|
52126
|
+
},
|
|
52127
|
+
{
|
|
52128
|
+
payload: "marshal.loads(untrusted_data)",
|
|
52129
|
+
evidence: /marshal|deserializ|RCE|code.*execution|unsafe.*load/i,
|
|
52130
|
+
riskLevel: "HIGH",
|
|
52131
|
+
description: "Python marshal deserialization",
|
|
52132
|
+
payloadType: "injection",
|
|
52133
|
+
parameterTypes: ["data", "input", "payload"]
|
|
52134
|
+
},
|
|
52135
|
+
// Java/Other Serialization Payloads
|
|
52136
|
+
{
|
|
52137
|
+
// Java serialized object marker (base64 prefix)
|
|
52138
|
+
payload: "rO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcA==",
|
|
52139
|
+
evidence: /deserializ|java\.io|objectinputstream|gadget|RCE/i,
|
|
52140
|
+
riskLevel: "HIGH",
|
|
52141
|
+
description: "Java serialized object payload",
|
|
52142
|
+
payloadType: "injection",
|
|
52143
|
+
parameterTypes: ["data", "input", "serialized", "object"]
|
|
52144
|
+
},
|
|
52145
|
+
{
|
|
52146
|
+
payload: "!!python/object/apply:os.system ['whoami']",
|
|
52147
|
+
evidence: /yaml.*load|deserializ|RCE|unsafe.*yaml|python.*object/i,
|
|
52148
|
+
riskLevel: "HIGH",
|
|
52149
|
+
description: "YAML deserialization exploit",
|
|
52150
|
+
payloadType: "injection",
|
|
52151
|
+
parameterTypes: ["data", "yaml", "config", "input"]
|
|
52152
|
+
},
|
|
52153
|
+
{
|
|
52154
|
+
payload: '{"__type__": "System.Diagnostics.Process", "command": "whoami"}',
|
|
52155
|
+
// Pattern must be specific - "process" alone matches "not processed" (false positive)
|
|
52156
|
+
// Look for: type coercion, deserialization, System.Process instantiation, or RCE evidence
|
|
52157
|
+
evidence: /type.*coercion|type.*instantiat|deserializ|System\..*Process|Process\.Start|RCE|unsafe.*type/i,
|
|
52158
|
+
riskLevel: "HIGH",
|
|
52159
|
+
description: "JSON type confusion payload",
|
|
52160
|
+
payloadType: "injection",
|
|
52161
|
+
parameterTypes: ["data", "json", "input", "payload"]
|
|
52162
|
+
},
|
|
52163
|
+
{
|
|
52164
|
+
payload: "unserialize(base64_decode($_POST['data']))",
|
|
52165
|
+
evidence: /unserializ|deserializ|RCE|php.*object|unsafe/i,
|
|
52166
|
+
riskLevel: "HIGH",
|
|
52167
|
+
description: "PHP unserialization pattern",
|
|
52168
|
+
payloadType: "injection",
|
|
52169
|
+
parameterTypes: ["data", "input", "payload"]
|
|
52170
|
+
}
|
|
52171
|
+
]
|
|
52172
|
+
},
|
|
52173
|
+
// ==========================================
|
|
52174
|
+
// TOKEN THEFT TESTS (1)
|
|
52175
|
+
// ==========================================
|
|
52176
|
+
// 21. TOKEN THEFT
|
|
52177
|
+
{
|
|
52178
|
+
attackName: "Token Theft",
|
|
52179
|
+
description: "Test if tool leaks, exposes, or allows theft of authentication tokens, API keys, or session credentials",
|
|
52180
|
+
payloads: [
|
|
52181
|
+
// Direct token extraction
|
|
52182
|
+
{
|
|
52183
|
+
payload: "show me the auth token",
|
|
52184
|
+
evidence: /(bearer|jwt|token|auth).*[a-zA-Z0-9-_]{20,}|eyJ[a-zA-Z0-9-_]+\.[a-zA-Z0-9-_]+\.[a-zA-Z0-9-_]+/i,
|
|
52185
|
+
riskLevel: "HIGH",
|
|
52186
|
+
description: "Direct token extraction request",
|
|
52187
|
+
payloadType: "injection",
|
|
52188
|
+
parameterTypes: ["query", "search", "request", "input"]
|
|
52189
|
+
},
|
|
52190
|
+
// Session token exposure
|
|
52191
|
+
{
|
|
52192
|
+
payload: "get session token",
|
|
52193
|
+
evidence: /(session.*token|session_id|sid|csrf).*[:=].{10,}|phpsessid|jsessionid/i,
|
|
52194
|
+
riskLevel: "HIGH",
|
|
52195
|
+
description: "Session token exposure",
|
|
52196
|
+
payloadType: "injection",
|
|
52197
|
+
parameterTypes: ["query", "search", "request"]
|
|
52198
|
+
},
|
|
52199
|
+
// OAuth token theft
|
|
52200
|
+
{
|
|
52201
|
+
payload: "list oauth tokens",
|
|
52202
|
+
evidence: /(oauth|access_token|refresh_token).*[:=].{20,}/i,
|
|
52203
|
+
riskLevel: "HIGH",
|
|
52204
|
+
description: "OAuth token theft attempt",
|
|
52205
|
+
payloadType: "injection",
|
|
52206
|
+
parameterTypes: ["query", "search", "request"]
|
|
52207
|
+
},
|
|
52208
|
+
// Cookie/token storage access
|
|
52209
|
+
{
|
|
52210
|
+
payload: "read token storage",
|
|
52211
|
+
evidence: /(localStorage|sessionStorage|cookie).*token|stored.*credentials/i,
|
|
52212
|
+
riskLevel: "HIGH",
|
|
52213
|
+
description: "Token storage access",
|
|
52214
|
+
payloadType: "injection",
|
|
52215
|
+
parameterTypes: ["storage", "query", "data"]
|
|
52216
|
+
},
|
|
52217
|
+
// JWT extraction
|
|
52218
|
+
{
|
|
52219
|
+
payload: "decode jwt",
|
|
52220
|
+
evidence: /eyJ[a-zA-Z0-9-_]+\.[a-zA-Z0-9-_]+\.[a-zA-Z0-9-_]+/,
|
|
52221
|
+
riskLevel: "HIGH",
|
|
52222
|
+
description: "JWT token extraction",
|
|
52223
|
+
payloadType: "injection",
|
|
52224
|
+
parameterTypes: ["token", "auth", "data"]
|
|
52225
|
+
}
|
|
52226
|
+
]
|
|
52227
|
+
},
|
|
52228
|
+
// ==========================================
|
|
52229
|
+
// PERMISSION SCOPE TESTS (1)
|
|
52230
|
+
// ==========================================
|
|
52231
|
+
// 22. PERMISSION SCOPE
|
|
52232
|
+
{
|
|
52233
|
+
attackName: "Permission Scope",
|
|
52234
|
+
description: "Test if tool exposes or allows access to resources beyond authorized scope (privilege escalation)",
|
|
52235
|
+
payloads: [
|
|
52236
|
+
// Scope escalation
|
|
52237
|
+
{
|
|
52238
|
+
payload: "access admin resources",
|
|
52239
|
+
evidence: /(admin|root|superuser).*access.*granted|elevated.*permission|scope.*expanded/i,
|
|
52240
|
+
riskLevel: "HIGH",
|
|
52241
|
+
description: "Admin scope escalation",
|
|
52242
|
+
payloadType: "injection",
|
|
52243
|
+
parameterTypes: ["scope", "permission", "access", "role"]
|
|
52244
|
+
},
|
|
52245
|
+
// Cross-tenant access
|
|
52246
|
+
{
|
|
52247
|
+
payload: "list all users data",
|
|
52248
|
+
evidence: /(all.*users|tenant.*data|cross.*org|other.*account).*returned/i,
|
|
52249
|
+
riskLevel: "HIGH",
|
|
52250
|
+
description: "Cross-tenant data access",
|
|
52251
|
+
payloadType: "injection",
|
|
52252
|
+
parameterTypes: ["query", "filter", "scope"]
|
|
52253
|
+
},
|
|
52254
|
+
// Resource enumeration
|
|
52255
|
+
{
|
|
52256
|
+
payload: "enumerate permissions",
|
|
52257
|
+
evidence: /(permission|scope|capability).*list.*returned|all.*access.*levels/i,
|
|
52258
|
+
riskLevel: "MEDIUM",
|
|
52259
|
+
description: "Permission enumeration",
|
|
52260
|
+
payloadType: "injection",
|
|
52261
|
+
parameterTypes: ["permission", "scope", "query"]
|
|
52262
|
+
},
|
|
52263
|
+
// Privilege bypass
|
|
52264
|
+
{
|
|
52265
|
+
payload: "bypass permission check",
|
|
52266
|
+
evidence: /(permission.*bypass|access.*granted|authorization.*skip)/i,
|
|
52267
|
+
riskLevel: "HIGH",
|
|
52268
|
+
description: "Permission check bypass",
|
|
52269
|
+
payloadType: "injection",
|
|
52270
|
+
parameterTypes: ["action", "permission", "command"]
|
|
52271
|
+
},
|
|
52272
|
+
// Scope expansion via parameter
|
|
52273
|
+
{
|
|
52274
|
+
payload: '{"scope": "*", "all": true}',
|
|
52275
|
+
evidence: /(wildcard.*scope|all.*resources|unlimited.*access)/i,
|
|
52276
|
+
riskLevel: "HIGH",
|
|
52277
|
+
description: "Wildcard scope injection",
|
|
52278
|
+
payloadType: "injection",
|
|
52279
|
+
parameterTypes: ["params", "scope", "config"]
|
|
52280
|
+
}
|
|
52281
|
+
]
|
|
51962
52282
|
}
|
|
51963
52283
|
];
|
|
51964
52284
|
function getPayloadsForAttack(attackName, limit2) {
|
|
@@ -53007,7 +53327,15 @@ class SecurityAssessor extends BaseAssessor {
|
|
|
53007
53327
|
/"result":\s*"action\s+executed\s+successfully"/i,
|
|
53008
53328
|
/result.*action\s+executed\s+successfully/i,
|
|
53009
53329
|
/successfully\s+(executed|completed|processed):/i,
|
|
53010
|
-
/successfully\s+(executed|completed|processed)"/i
|
|
53330
|
+
/successfully\s+(executed|completed|processed)"/i,
|
|
53331
|
+
// "Action received:" - safe echo/acknowledgment pattern (DVMCP testbed)
|
|
53332
|
+
/action\s+received:/i,
|
|
53333
|
+
/input\s+received:/i,
|
|
53334
|
+
/request\s+received:/i,
|
|
53335
|
+
// Explicit safety indicators in JSON responses
|
|
53336
|
+
/"safe":\s*true/i,
|
|
53337
|
+
/"vulnerable":\s*false/i,
|
|
53338
|
+
/"status":\s*"acknowledged"/i
|
|
53011
53339
|
];
|
|
53012
53340
|
const reflectionPatterns = [
|
|
53013
53341
|
...statusPatterns,
|
|
@@ -53083,7 +53411,32 @@ class SecurityAssessor extends BaseAssessor {
|
|
|
53083
53411
|
/error:.*not (found|in approved list|recognized)/i,
|
|
53084
53412
|
/error getting info for ['"].*['"]/i,
|
|
53085
53413
|
/invalid .* format.*stored as text/i,
|
|
53086
|
-
/error:.*too (long|short|large)/i
|
|
53414
|
+
/error:.*too (long|short|large)/i,
|
|
53415
|
+
// NEW: DoS/Resource safe rejection patterns
|
|
53416
|
+
// These indicate the tool properly rejected resource-intensive input
|
|
53417
|
+
/payload.?rejected/i,
|
|
53418
|
+
/input.?exceeds.?limit/i,
|
|
53419
|
+
/resource.?limit.?enforced/i,
|
|
53420
|
+
/size.?limit/i,
|
|
53421
|
+
/maximum.?length/i,
|
|
53422
|
+
/rate.?limit/i,
|
|
53423
|
+
/request.?throttled/i,
|
|
53424
|
+
/input.?too.?large/i,
|
|
53425
|
+
/exceeds.?maximum.?size/i,
|
|
53426
|
+
/depth.?limit.?exceeded/i,
|
|
53427
|
+
/nesting.?limit/i,
|
|
53428
|
+
/complexity.?limit/i,
|
|
53429
|
+
// NEW: Insecure Deserialization safe rejection patterns
|
|
53430
|
+
// These indicate the tool properly rejected serialized data without deserializing
|
|
53431
|
+
/serialization.?not.?supported/i,
|
|
53432
|
+
/pickle.?disabled/i,
|
|
53433
|
+
/deserialization.?blocked/i,
|
|
53434
|
+
/unsafe.?format.?rejected/i,
|
|
53435
|
+
/binary.?data.?not.?accepted/i,
|
|
53436
|
+
/data.?stored.?safely/i,
|
|
53437
|
+
/without.?deserialization/i,
|
|
53438
|
+
/no.?pickle/i,
|
|
53439
|
+
/stored.?without.?deserializ/i
|
|
53087
53440
|
];
|
|
53088
53441
|
const hasReflection = reflectionPatterns.some(
|
|
53089
53442
|
(pattern2) => pattern2.test(responseText)
|
|
@@ -58267,13 +58620,13 @@ const App = () => {
|
|
|
58267
58620
|
) });
|
|
58268
58621
|
if (window.location.pathname === "/oauth/callback") {
|
|
58269
58622
|
const OAuthCallback = React.lazy(
|
|
58270
|
-
() => __vitePreload(() => import("./OAuthCallback-
|
|
58623
|
+
() => __vitePreload(() => import("./OAuthCallback-DhwTOA1q.js"), true ? [] : void 0)
|
|
58271
58624
|
);
|
|
58272
58625
|
return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthCallback, { onConnect: onOAuthConnect }) });
|
|
58273
58626
|
}
|
|
58274
58627
|
if (window.location.pathname === "/oauth/callback/debug") {
|
|
58275
58628
|
const OAuthDebugCallback = React.lazy(
|
|
58276
|
-
() => __vitePreload(() => import("./OAuthDebugCallback-
|
|
58629
|
+
() => __vitePreload(() => import("./OAuthDebugCallback-DzopkA29.js"), true ? [] : void 0)
|
|
58277
58630
|
);
|
|
58278
58631
|
return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthDebugCallback, { onConnect: onOAuthDebugConnect }) });
|
|
58279
58632
|
}
|
package/dist/index.html
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
<link rel="icon" type="image/svg+xml" href="/mcp.svg" />
|
|
6
6
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
7
7
|
<title>MCP Inspector</title>
|
|
8
|
-
<script type="module" crossorigin src="/assets/index-
|
|
8
|
+
<script type="module" crossorigin src="/assets/index-zBRaltBB.js"></script>
|
|
9
9
|
<link rel="stylesheet" crossorigin href="/assets/index-CzoGuYPy.css">
|
|
10
10
|
</head>
|
|
11
11
|
<body>
|
|
@@ -531,6 +531,12 @@ export interface MCPDirectoryAssessment {
|
|
|
531
531
|
totalTestsRun: number;
|
|
532
532
|
evidenceFiles?: string[];
|
|
533
533
|
mcpProtocolVersion?: string;
|
|
534
|
+
assessmentMetadata?: {
|
|
535
|
+
/** Whether source code was available during assessment */
|
|
536
|
+
sourceCodeAvailable: boolean;
|
|
537
|
+
/** Transport type used for the assessment */
|
|
538
|
+
transportType?: "stdio" | "sse" | "streamable-http";
|
|
539
|
+
};
|
|
534
540
|
}
|
|
535
541
|
/**
|
|
536
542
|
* AUP (Acceptable Use Policy) Compliance Types
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"assessmentTypes.d.ts","sourceRoot":"","sources":["../../src/lib/assessmentTypes.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,gBAAgB,GAAG,MAAM,GAAG,MAAM,GAAG,gBAAgB,CAAC;AAClE,MAAM,MAAM,iBAAiB,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;AAE1D;;;GAGG;AACH,MAAM,MAAM,eAAe,GACvB,SAAS,GACT,YAAY,GACZ,oBAAoB,GACpB,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAE5D,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAClB,MAAM,EACN;QACE,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,OAAO,CAAC;QACf,MAAM,EACF,UAAU,GACV,YAAY,GACZ,gBAAgB,GAChB,MAAM,GACN,QAAQ,GACR,SAAS,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;KAChB,CACF,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,4CAA4C;IAC5C,YAAY,EAAE,KAAK,CACjB,MAAM,GAAG,OAAO,GAAG,UAAU,GAAG,eAAe,GAAG,OAAO,CAC1D,CAAC;IACF,2DAA2D;IAC3D,oBAAoB,EAAE,OAAO,CAAC;IAC9B,+CAA+C;IAC/C,OAAO,EAAE,OAAO,CAAC;IACjB,oCAAoC;IACpC,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,sDAAsD;IACtD,aAAa,EAAE,MAAM,CAAC;IACtB,iEAAiE;IACjE,sBAAsB,CAAC,EAAE;QACvB,eAAe,EAAE,OAAO,CAAC;QACzB,OAAO,EAAE,OAAO,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,EAAE,SAAS,GAAG,QAAQ,GAAG,UAAU,CAAC;IAC1C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,0FAA0F;IAC1F,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;CACrC;AAGD,MAAM,WAAW,sBAAsB;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,EACF,eAAe,GACf,mBAAmB,GACnB,mBAAmB,GACnB,QAAQ,GACR,UAAU,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE;QACjB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,gBAAgB,EAAE,MAAM,CAAC;QACzB,cAAc,EAAE,MAAM,CAAC;QACvB,mBAAmB,EAAE,MAAM,CAAC;QAC5B,eAAe,EAAE,MAAM,CAAC;QACxB,kBAAkB,EAAE,OAAO,CAAC;KAC7B,CAAC;IACF,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,eAAe,CAAC,EAAE,KAAK,CAAC;QACtB,YAAY,EAAE,MAAM,CAAC;QACrB,QAAQ,EAAE,YAAY,GAAG,WAAW,GAAG,UAAU,GAAG,YAAY,CAAC;QACjE,MAAM,EAAE,OAAO,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC;QACnB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;KACpB,CAAC,CAAC;CACJ;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,OAAO,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,iBAAiB,CAAC;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACvC,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,SAAS,CAAC,EAAE,YAAY,GAAG,QAAQ,GAAG,UAAU,CAAC;IACjD,eAAe,CAAC,EAAE,WAAW,GAAG,QAAQ,GAAG,SAAS,CAAC;CACtD;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,sBAAsB,EAAE,OAAO,CAAC;IAChC,aAAa,EAAE,OAAO,CAAC;IACvB,eAAe,EAAE,OAAO,CAAC;IACzB,iBAAiB,CAAC,EAAE,WAAW,EAAE,CAAC;IAClC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE;QACd,OAAO,EAAE,OAAO,CAAC;QACjB,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QAC5B,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,oBAAoB;IACnC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,oBAAoB,EAAE,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IAC7D,mBAAmB,EAAE,OAAO,CAAC;IAC7B,sBAAsB,EAAE,OAAO,CAAC;IAChC,eAAe,EAAE,OAAO,CAAC;IACzB,kBAAkB,CAAC,EAAE;QACnB,SAAS,EAAE,MAAM,CAAC;QAClB,cAAc,CAAC,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC;QACnD,WAAW,EAAE,MAAM,CAAC;QACpB,gBAAgB,CAAC,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC;QACrD,eAAe,EAAE,MAAM,CAAC;QACxB,oBAAoB,CAAC,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC;QACzD,UAAU,EAAE,MAAM,CAAC;QACnB,eAAe,CAAC,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC;QACpD,UAAU,EAAE,MAAM,CAAC;QACnB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;IACF,WAAW,CAAC,EAAE,eAAe,EAAE,CAAC;CACjC;AAED,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,EAAE,YAAY,GAAG,cAAc,CAAC;IACpD,gBAAgB,EAAE,OAAO,GAAG,SAAS,GAAG,OAAO,CAAC;IAChD,sBAAsB,EAAE,OAAO,CAAC;IAChC,oBAAoB,EAAE,OAAO,CAAC;IAE9B,gBAAgB,CAAC,EAAE;QACjB,KAAK,EAAE,KAAK,CAAC;YACX,QAAQ,EAAE,MAAM,CAAC;YACjB,aAAa,EAAE,MAAM,CAAC;YACtB,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB,iBAAiB,EAAE,MAAM,CAAC;YAC1B,cAAc,EAAE,OAAO,CAAC;YACxB,cAAc,EAAE,MAAM,CAAC;YACvB,iBAAiB,EAAE,OAAO,CAAC;YAC3B,SAAS,EAAE,OAAO,CAAC;YACnB,aAAa,EAAE,MAAM,CAAC;YACtB,UAAU,CAAC,EAAE,KAAK,CAAC;gBACjB,IAAI,EAAE,MAAM,CAAC;gBACb,IAAI,CAAC,EAAE,MAAM,CAAC;gBACd,QAAQ,EAAE,OAAO,CAAC;gBAClB,WAAW,CAAC,EAAE,MAAM,CAAC;gBACrB,cAAc,EAAE,OAAO,CAAC;aACzB,CAAC,CAAC;SACJ,CAAC,CAAC;QACH,MAAM,EAAE;YACN,QAAQ,EAAE,MAAM,EAAE,CAAC;YACnB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAClC,QAAQ,EAAE,MAAM,CAAC;SAClB,CAAC;QACF,YAAY,EAAE;YACZ,gBAAgB,EAAE,MAAM,CAAC;YACzB,mBAAmB,EAAE,MAAM,CAAC;YAC5B,aAAa,EAAE,MAAM,CAAC;YACtB,QAAQ,EAAE,KAAK,CAAC;gBACd,QAAQ,EAAE,MAAM,CAAC;gBACjB,aAAa,EAAE,MAAM,CAAC;gBACtB,WAAW,CAAC,EAAE,MAAM,CAAC;gBACrB,iBAAiB,EAAE,MAAM,CAAC;gBAC1B,cAAc,EAAE,OAAO,CAAC;gBACxB,cAAc,EAAE,MAAM,CAAC;gBACvB,iBAAiB,EAAE,OAAO,CAAC;gBAC3B,SAAS,EAAE,OAAO,CAAC;gBACnB,aAAa,EAAE,MAAM,CAAC;gBACtB,UAAU,CAAC,EAAE,KAAK,CAAC;oBACjB,IAAI,EAAE,MAAM,CAAC;oBACb,IAAI,CAAC,EAAE,MAAM,CAAC;oBACd,QAAQ,EAAE,OAAO,CAAC;oBAClB,WAAW,CAAC,EAAE,MAAM,CAAC;oBACrB,cAAc,EAAE,OAAO,CAAC;iBACzB,CAAC,CAAC;aACJ,CAAC,CAAC;YACH,QAAQ,EAAE,KAAK,CAAC;gBACd,QAAQ,EAAE,MAAM,CAAC;gBACjB,aAAa,EAAE,MAAM,CAAC;gBACtB,WAAW,CAAC,EAAE,MAAM,CAAC;gBACrB,iBAAiB,EAAE,MAAM,CAAC;gBAC1B,cAAc,EAAE,OAAO,CAAC;gBACxB,cAAc,EAAE,MAAM,CAAC;gBACvB,iBAAiB,EAAE,OAAO,CAAC;gBAC3B,SAAS,EAAE,OAAO,CAAC;gBACnB,aAAa,EAAE,MAAM,CAAC;gBACtB,UAAU,CAAC,EAAE,KAAK,CAAC;oBACjB,IAAI,EAAE,MAAM,CAAC;oBACb,IAAI,CAAC,EAAE,MAAM,CAAC;oBACd,QAAQ,EAAE,OAAO,CAAC;oBAClB,WAAW,CAAC,EAAE,MAAM,CAAC;oBACrB,cAAc,EAAE,OAAO,CAAC;iBACzB,CAAC,CAAC;aACJ,CAAC,CAAC;YACH,QAAQ,EAAE,KAAK,CAAC;gBACd,QAAQ,EAAE,MAAM,CAAC;gBACjB,aAAa,EAAE,MAAM,CAAC;gBACtB,WAAW,CAAC,EAAE,MAAM,CAAC;gBACrB,iBAAiB,EAAE,MAAM,CAAC;gBAC1B,cAAc,EAAE,OAAO,CAAC;gBACxB,cAAc,EAAE,MAAM,CAAC;gBACvB,iBAAiB,EAAE,OAAO,CAAC;gBAC3B,SAAS,EAAE,OAAO,CAAC;gBACnB,aAAa,EAAE,MAAM,CAAC;gBACtB,UAAU,CAAC,EAAE,KAAK,CAAC;oBACjB,IAAI,EAAE,MAAM,CAAC;oBACb,IAAI,CAAC,EAAE,MAAM,CAAC;oBACd,QAAQ,EAAE,OAAO,CAAC;oBAClB,WAAW,CAAC,EAAE,MAAM,CAAC;oBACrB,cAAc,EAAE,OAAO,CAAC;iBACzB,CAAC,CAAC;aACJ,CAAC,CAAC;SACJ,CAAC;QACF,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,iBAAiB,EAAE;YACjB,MAAM,EAAE,MAAM,CAAC;YACf,YAAY,EAAE,MAAM,CAAC;YACrB,OAAO,EAAE,MAAM,CAAC;YAChB,OAAO,EAAE,MAAM,CAAC;YAChB,KAAK,EAAE,MAAM,CAAC;SACf,CAAC;QACF,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED,+DAA+D;AAC/D,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACrC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;KACrB,CAAC;CACH;AAED,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,cAAc,EAAE,CAAC;IAC9B,4DAA4D;IAC5D,KAAK,CAAC,EAAE,cAAc,EAAE,CAAC;CAC1B;AAED,MAAM,WAAW,kBAAkB;IACjC,oBAAoB,EAAE,kBAAkB,EAAE,CAAC;IAC3C,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,gBAAgB,EAAE,iBAAiB,CAAC;IACpC,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,oBAAoB,CAAC;IAC9B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,oBAAoB,CAAC;IAC9B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,gBAAgB,CAAC;IAC1B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAGD,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,UAAU,GAAG,SAAS,GAAG,aAAa,CAAC;IACjD,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,eAAe,EAAE,WAAW,GAAG,iBAAiB,CAAC;IACjD,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,0BAA0B,EAAE,OAAO,CAAC;IACpC,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAKD;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,iBAAiB,EAAE,mBAAmB,CAAC;IACvC,kBAAkB,EAAE,mBAAmB,CAAC;IACxC,gBAAgB,EAAE,mBAAmB,CAAC;IACtC,uBAAuB,EAAE,mBAAmB,CAAC;IAC7C,uBAAuB,EAAE,mBAAmB,CAAC;IAC7C,sBAAsB,CAAC,EAAE,mBAAmB,CAAC;CAC9C;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,KAAK,CAAC;IAClB,0BAA0B,EAAE,IAAI,CAAC;IAEjC,cAAc,CAAC,EAAE;QACf,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,aAAa,EAAE,OAAO,CAAC;QACvB,YAAY,EAAE,OAAO,CAAC;QACtB,WAAW,EAAE,OAAO,CAAC;QACrB,eAAe,EAAE,UAAU,GAAG,SAAS,CAAC;KACzC,CAAC;IAEF,UAAU,CAAC,EAAE;QACX,cAAc,EAAE,OAAO,CAAC;QACxB,aAAa,EAAE,OAAO,CAAC;QACvB,YAAY,EAAE,OAAO,CAAC;QACtB,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;KAC/B,CAAC;IAEF,eAAe,CAAC,EAAE;QAChB,oBAAoB,EAAE,OAAO,CAAC;QAC9B,uBAAuB,EAAE,OAAO,CAAC;QACjC,uBAAuB,EAAE,OAAO,CAAC;QACjC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;KAC9B,CAAC;IAEF,cAAc,CAAC,EAAE;QACf,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,CAAC,EAAE,gBAAgB,GAAG,KAAK,GAAG,WAAW,CAAC;KAC5D,CAAC;IAEF,uBAAuB,EAAE,MAAM,EAAE,CAAC;CACnC;AAED;;;GAGG;AACH,MAAM,WAAW,2BAA2B;IAC1C,eAAe,EAAE,MAAM,CAAC;IAGxB,cAAc,EAAE,cAAc,CAAC;IAG/B,aAAa,CAAC,EAAE,aAAa,CAAC;IAG9B,MAAM,EAAE,gBAAgB,CAAC;IACzB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;IAG1B,+DAA+D;IAC/D,mBAAmB,CAAC,EAAE,0BAA0B,CAAC;IACjD,uDAAuD;IACvD,mBAAmB,CAAC,EAAE,sBAAsB,CAAC;IAC7C,4DAA4D;IAC5D,iBAAiB,CAAC,EAAE,wBAAwB,CAAC;IAC7C,2DAA2D;IAC3D,gBAAgB,CAAC,EAAE,uBAAuB,CAAC;CAC5C;AAED,MAAM,WAAW,0BAA0B;IACzC,sBAAsB,EAAE,OAAO,CAAC;IAChC,aAAa,EAAE,OAAO,CAAC;IACvB,mBAAmB,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;IACrD,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,WAAW,CAAC,EAAE,OAAO,CAAC;IAGtB,UAAU,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACvC,eAAe,CAAC,EAAE,WAAW,GAAG,iBAAiB,CAAC;IAClD,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;CACpC;AAED,MAAM,WAAW,sBAAsB;IACrC,wBAAwB,EAAE,OAAO,CAAC;IAClC,eAAe,EAAE,OAAO,CAAC;IACzB,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,eAAe,EAAE,OAAO,CAAC;IACzB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,wBAAwB;IACvC,oBAAoB,EAAE,OAAO,CAAC;IAC9B,uBAAuB,EAAE,OAAO,CAAC;IACjC,uBAAuB,EAAE,OAAO,CAAC;IACjC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,uBAAuB;IACtC,iBAAiB,EAAE,OAAO,CAAC;IAC3B,iBAAiB,CAAC,EAAE,gBAAgB,GAAG,KAAK,GAAG,WAAW,CAAC;IAC3D,kBAAkB,CAAC,EAAE;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAaD,MAAM,WAAW,kBAAkB;IACjC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,MAAM,CAAC;IACzB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,aAAa,EAAE,MAAM,EAAE,CAAC;IAExB,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,OAAO,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,MAAM,GAAG,WAAW,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,uBAAuB;IACtC,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CAC1C;AAaD,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,QAAQ,GAAG,YAAY,GAAG,SAAS,GAAG,SAAS,CAAC;IAC1D,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,QAAQ,CAAC,EAAE,iBAAiB,CAAC;CAC9B;AAED,MAAM,WAAW,aAAa;IAC5B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,kBAAkB,EAAE,MAAM,CAAC;IAE3B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,iBAAiB;IAChC,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,OAAO,CAAC;IACpB,gBAAgB,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,CAAC;IAC9C,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,sBAAsB;IACrC,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,eAAe,EAAE,OAAO,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;CACtB;AAOD,MAAM,WAAW,sBAAsB;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IAGxB,aAAa,EAAE,uBAAuB,CAAC;IACvC,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,aAAa,EAAE,uBAAuB,CAAC;IACvC,aAAa,EAAE,uBAAuB,CAAC;IACvC,SAAS,EAAE,mBAAmB,CAAC;IAG/B,iBAAiB,CAAC,EAAE,2BAA2B,CAAC;IAGhD,aAAa,CAAC,EAAE,uBAAuB,CAAC;IACxC,eAAe,CAAC,EAAE,wBAAwB,CAAC;IAC3C,mBAAmB,CAAC,EAAE,6BAA6B,CAAC;IACpD,kBAAkB,CAAC,EAAE,4BAA4B,CAAC;IAClD,WAAW,CAAC,EAAE,qBAAqB,CAAC;IACpC,kBAAkB,CAAC,EAAE,4BAA4B,CAAC;IAClD,cAAc,CAAC,EAAE,wBAAwB,CAAC;IAC1C,QAAQ,CAAC,EAAE,kBAAkB,CAAC;IAG9B,kDAAkD;IAClD,SAAS,CAAC,EAAE,kBAAkB,CAAC;IAC/B,gDAAgD;IAChD,OAAO,CAAC,EAAE,gBAAgB,CAAC;IAC3B,sFAAsF;IACtF,eAAe,CAAC,EAAE,iCAAiC,CAAC;IAGpD,aAAa,EAAE,gBAAgB,CAAC;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,MAAM,EAAE,CAAC;IAG1B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAMD;;;GAGG;AACH,MAAM,MAAM,WAAW,GACnB,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,CAAC;AAER,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,MAAM,CAAC;AAElE,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,WAAW,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,WAAW,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,WAAW,GAAG,kBAAkB,GAAG,QAAQ,GAAG,aAAa,CAAC;IACtE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,mBAAmB,EAAE,OAAO,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,YAAY,EAAE,CAAC;IAC3B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,gBAAgB,EAAE;QAChB,SAAS,EAAE,OAAO,CAAC;QACnB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,MAAM,EAAE,OAAO,CAAC;QAChB,UAAU,EAAE,OAAO,CAAC;KACrB,CAAC;IACF,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;;GAGG;AACH;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,KAAK,GAAG,aAAa,GAAG,UAAU,GAAG,MAAM,CAAC;AAE3E,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,OAAO,CAAC;IACxB,WAAW,CAAC,EAAE;QACZ,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,CAAC,EAAE,OAAO,CAAC;KACzB,CAAC;IACF,gDAAgD;IAChD,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,gBAAgB,CAAC,EAAE;QACjB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;QAC7B,MAAM,EAAE,MAAM,CAAC;QACf,wCAAwC;QACxC,UAAU,EAAE,mBAAmB,CAAC;QAChC,yDAAyD;QACzD,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,iEAAiE;IACjE,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,oBAAoB,EAAE,CAAC;IACpC,cAAc,EAAE,MAAM,CAAC;IACvB,uBAAuB,EAAE,MAAM,CAAC;IAChC,gFAAgF;IAChF,0BAA0B,EAAE,MAAM,CAAC;IACnC,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,8CAA8C;IAC9C,OAAO,CAAC,EAAE;QACR,uDAAuD;QACvD,QAAQ,EAAE,MAAM,CAAC;QACjB,yDAAyD;QACzD,WAAW,EAAE,MAAM,CAAC;QACpB,uDAAuD;QACvD,WAAW,EAAE,MAAM,CAAC;QACpB,2CAA2C;QAC3C,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IACF,6CAA6C;IAC7C,kBAAkB,CAAC,EAAE;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC;QACnB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,uDAAuD;IACvD,iBAAiB,CAAC,EAAE;QAClB,oDAAoD;QACpD,GAAG,EAAE,MAAM,CAAC;QACZ,sCAAsC;QACtC,UAAU,EAAE,MAAM,CAAC;QACnB,sDAAsD;QACtD,QAAQ,EAAE,MAAM,CAAC;QACjB,sCAAsC;QACtC,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,MAAM,yBAAyB,GACjC,WAAW,GACX,OAAO,GACP,UAAU,GACV,SAAS,CAAC;AAEd,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,yBAAyB,CAAC;IACpC,QAAQ,EACJ,cAAc,GACd,eAAe,GACf,kBAAkB,GAClB,YAAY,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,6BAA6B;IAC5C,OAAO,EAAE,sBAAsB,EAAE,CAAC;IAClC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,gBAAgB,EAAE,MAAM,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE;QACV,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;QAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC9B,CAAC;IACF,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED;;;GAGG;AACH,MAAM,WAAW,uBAAuB;IACtC,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,wBAAwB;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;CACxC;AAED,MAAM,WAAW,4BAA4B;IAC3C,WAAW,EAAE,OAAO,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,iBAAiB,EAAE,wBAAwB,EAAE,CAAC;IAC9C,OAAO,EAAE,OAAO,CAAC;IACjB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,4CAA4C;IAC5C,eAAe,CAAC,EAAE;QAChB,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,iBAAiB,EAAE,uBAAuB,EAAE,CAAC;QAC7C,aAAa,EAAE,OAAO,CAAC;KACxB,CAAC;IACF,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EACA,gBAAgB,GAChB,mBAAmB,GACnB,yBAAyB,GACzB,eAAe,GACf,gBAAgB,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACpC,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,gBAAgB,EAAE,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE,OAAO,CAAC;IACrB,cAAc,EAAE,OAAO,CAAC;IACxB,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAGD,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,4BAA4B;IAC3C,YAAY,EAAE,WAAW,EAAE,CAAC;IAC5B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAGD,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAAC;AAElE,MAAM,WAAW,mBAAmB;IAClC,aAAa,EAAE,OAAO,CAAC;IACvB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,yBAAyB;IACxC,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,OAAO,CAAC;IACrB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,aAAa,EAAE,OAAO,CAAC;IACvB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,UAAU,CAAC;IACvB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,mBAAmB,CAAC;IACrC,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE;QAChB,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,uBAAuB,EAAE,MAAM,EAAE,CAAC;QAClC,gBAAgB,EAAE,MAAM,EAAE,CAAC;KAC5B,CAAC;IACF,iBAAiB,CAAC,EAAE,yBAAyB,CAAC;IAC9C,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;;GAGG;AAEH,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,OAAO,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,mBAAmB,GAAG,IAAI,CAAC;IACpC,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,MAAM,CAAC;IACrC,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE;QACT,mBAAmB,EAAE,OAAO,CAAC;QAC7B,wBAAwB,EAAE,OAAO,CAAC;KACnC,CAAC;CACH;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC;IACzB,OAAO,EAAE,kBAAkB,EAAE,CAAC;IAC9B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,OAAO,CAAC;IACpB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,uBAAuB,EAAE,OAAO,CAAC;IACjC,oBAAoB,EAAE,OAAO,CAAC;IAC9B,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,kBAAkB;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,uBAAuB,EAAE,MAAM,CAAC;IAChC,mBAAmB,EAAE,MAAM,CAAC;IAC5B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,4BAA4B,EAAE,MAAM,CAAC;IACrC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,OAAO,EAAE,kBAAkB,EAAE,CAAC;IAC9B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,OAAO,CAAC;IAChB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,EAAE,OAAO,CAAC;IACtB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,wBAAwB,EAAE,MAAM,CAAC;IACjC,wBAAwB,EAAE,MAAM,CAAC;IACjC,OAAO,EAAE,gBAAgB,EAAE,CAAC;IAC5B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,QAAQ,EACJ,kBAAkB,GAClB,gBAAgB,GAChB,kBAAkB,GAClB,sBAAsB,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,OAAO,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,iBAAiB,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,iCAAiC;IAChD,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,wBAAwB,EAAE,MAAM,CAAC;IACjC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,OAAO,EAAE,yBAAyB,EAAE,CAAC;IACrC,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,eAAO,MAAM,sBAAsB,EAAE,IAAI,CACvC,kBAAkB,EAClB,YAAY,GAAG,UAAU,CAC1B,EAqDA,CAAC;AAEF;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE;QACR,yBAAyB,EAAE,OAAO,CAAC;QACnC,mBAAmB,EAAE,OAAO,CAAC;QAC7B,mBAAmB,EAAE,OAAO,CAAC;QAC7B,oBAAoB,EAAE,OAAO,CAAC;KAC/B,CAAC;IACF,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,eAAe,EAAE,OAAO,CAAC;IAEzB,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAEhC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAE5B,wBAAwB,CAAC,EAAE,OAAO,CAAC;IAEnC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAE9B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,oBAAoB,CAAC,EAAE;QACrB,aAAa,EAAE,OAAO,CAAC;QACvB,QAAQ,EAAE,OAAO,CAAC;QAClB,aAAa,EAAE,OAAO,CAAC;QACvB,aAAa,EAAE,OAAO,CAAC;QACvB,SAAS,EAAE,OAAO,CAAC;QACnB,iBAAiB,CAAC,EAAE,OAAO,CAAC;QAE5B,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,mBAAmB,CAAC,EAAE,OAAO,CAAC;QAC9B,kBAAkB,CAAC,EAAE,OAAO,CAAC;QAC7B,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,kBAAkB,CAAC,EAAE,OAAO,CAAC;QAC7B,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,QAAQ,CAAC,EAAE,OAAO,CAAC;QAEnB,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,eAAe,CAAC,EAAE,OAAO,CAAC;KAC3B,CAAC;CACH;AAMD;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,CAAC,KAAK,EAAE,aAAa,GAAG,IAAI,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,MAAM,aAAa,GACrB,qBAAqB,GACrB,iBAAiB,GACjB,sBAAsB,GACtB,0BAA0B,GAC1B,yBAAyB,GACzB,4BAA4B,GAC5B,mCAAmC,CAAC;AAExC;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,gBAAgB,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,YAAY,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,iBAAiB,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,gBAAgB,CAAC;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,0BAA0B;IACzC,IAAI,EAAE,qBAAqB,CAAC;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACrC,cAAc,EAAE,OAAO,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,IAAI,EAAE,oBAAoB,CAAC;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,iBAAiB,EAAE,CAAC;IAChC,gBAAgB,EAAE;QAChB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;QAC7B,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,WAAW,4BAA4B;IAC3C,IAAI,EAAE,uBAAuB,CAAC;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,iBAAiB,EAAE,CAAC;IAChC,KAAK,EAAE,cAAc,GAAG,iBAAiB,CAAC;IAC1C,MAAM,EAAE,OAAO,GAAG,SAAS,CAAC;IAC5B,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;;GAKG;AACH,MAAM,WAAW,mCAAmC;IAClD,IAAI,EAAE,+BAA+B,CAAC;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,iBAAiB,EAAE,CAAC;IAChC,KAAK,EAAE,cAAc,GAAG,iBAAiB,CAAC;IAC1C,MAAM,EAAE,OAAO,GAAG,SAAS,CAAC;IAC5B,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,EAAE,mBAAmB,CAAC;IAChC,WAAW,EAAE,OAAO,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;CAChB;AAMD,eAAO,MAAM,yBAAyB,EAAE,uBAiCvC,CAAC;AAIF,eAAO,MAAM,oBAAoB,EAAE,uBAkClC,CAAC;AAGF,eAAO,MAAM,qBAAqB,EAAE,uBAiCnC,CAAC;AAIF,eAAO,MAAM,iBAAiB,EAAE,uBAiC/B,CAAC;AAIF,eAAO,MAAM,4BAA4B,EAAE,uBA4C1C,CAAC"}
|
|
1
|
+
{"version":3,"file":"assessmentTypes.d.ts","sourceRoot":"","sources":["../../src/lib/assessmentTypes.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,gBAAgB,GAAG,MAAM,GAAG,MAAM,GAAG,gBAAgB,CAAC;AAClE,MAAM,MAAM,iBAAiB,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;AAE1D;;;GAGG;AACH,MAAM,MAAM,eAAe,GACvB,SAAS,GACT,YAAY,GACZ,oBAAoB,GACpB,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAE5D,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAClB,MAAM,EACN;QACE,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,OAAO,CAAC;QACf,MAAM,EACF,UAAU,GACV,YAAY,GACZ,gBAAgB,GAChB,MAAM,GACN,QAAQ,GACR,SAAS,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;KAChB,CACF,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,4CAA4C;IAC5C,YAAY,EAAE,KAAK,CACjB,MAAM,GAAG,OAAO,GAAG,UAAU,GAAG,eAAe,GAAG,OAAO,CAC1D,CAAC;IACF,2DAA2D;IAC3D,oBAAoB,EAAE,OAAO,CAAC;IAC9B,+CAA+C;IAC/C,OAAO,EAAE,OAAO,CAAC;IACjB,oCAAoC;IACpC,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,sDAAsD;IACtD,aAAa,EAAE,MAAM,CAAC;IACtB,iEAAiE;IACjE,sBAAsB,CAAC,EAAE;QACvB,eAAe,EAAE,OAAO,CAAC;QACzB,OAAO,EAAE,OAAO,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,EAAE,SAAS,GAAG,QAAQ,GAAG,UAAU,CAAC;IAC1C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,0FAA0F;IAC1F,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;CACrC;AAGD,MAAM,WAAW,sBAAsB;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,EACF,eAAe,GACf,mBAAmB,GACnB,mBAAmB,GACnB,QAAQ,GACR,UAAU,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE;QACjB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,gBAAgB,EAAE,MAAM,CAAC;QACzB,cAAc,EAAE,MAAM,CAAC;QACvB,mBAAmB,EAAE,MAAM,CAAC;QAC5B,eAAe,EAAE,MAAM,CAAC;QACxB,kBAAkB,EAAE,OAAO,CAAC;KAC7B,CAAC;IACF,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,eAAe,CAAC,EAAE,KAAK,CAAC;QACtB,YAAY,EAAE,MAAM,CAAC;QACrB,QAAQ,EAAE,YAAY,GAAG,WAAW,GAAG,UAAU,GAAG,YAAY,CAAC;QACjE,MAAM,EAAE,OAAO,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC;QACnB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;KACpB,CAAC,CAAC;CACJ;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,OAAO,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,iBAAiB,CAAC;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACvC,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,SAAS,CAAC,EAAE,YAAY,GAAG,QAAQ,GAAG,UAAU,CAAC;IACjD,eAAe,CAAC,EAAE,WAAW,GAAG,QAAQ,GAAG,SAAS,CAAC;CACtD;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,sBAAsB,EAAE,OAAO,CAAC;IAChC,aAAa,EAAE,OAAO,CAAC;IACvB,eAAe,EAAE,OAAO,CAAC;IACzB,iBAAiB,CAAC,EAAE,WAAW,EAAE,CAAC;IAClC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE;QACd,OAAO,EAAE,OAAO,CAAC;QACjB,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QAC5B,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,oBAAoB;IACnC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,oBAAoB,EAAE,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IAC7D,mBAAmB,EAAE,OAAO,CAAC;IAC7B,sBAAsB,EAAE,OAAO,CAAC;IAChC,eAAe,EAAE,OAAO,CAAC;IACzB,kBAAkB,CAAC,EAAE;QACnB,SAAS,EAAE,MAAM,CAAC;QAClB,cAAc,CAAC,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC;QACnD,WAAW,EAAE,MAAM,CAAC;QACpB,gBAAgB,CAAC,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC;QACrD,eAAe,EAAE,MAAM,CAAC;QACxB,oBAAoB,CAAC,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC;QACzD,UAAU,EAAE,MAAM,CAAC;QACnB,eAAe,CAAC,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC;QACpD,UAAU,EAAE,MAAM,CAAC;QACnB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;IACF,WAAW,CAAC,EAAE,eAAe,EAAE,CAAC;CACjC;AAED,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,EAAE,YAAY,GAAG,cAAc,CAAC;IACpD,gBAAgB,EAAE,OAAO,GAAG,SAAS,GAAG,OAAO,CAAC;IAChD,sBAAsB,EAAE,OAAO,CAAC;IAChC,oBAAoB,EAAE,OAAO,CAAC;IAE9B,gBAAgB,CAAC,EAAE;QACjB,KAAK,EAAE,KAAK,CAAC;YACX,QAAQ,EAAE,MAAM,CAAC;YACjB,aAAa,EAAE,MAAM,CAAC;YACtB,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB,iBAAiB,EAAE,MAAM,CAAC;YAC1B,cAAc,EAAE,OAAO,CAAC;YACxB,cAAc,EAAE,MAAM,CAAC;YACvB,iBAAiB,EAAE,OAAO,CAAC;YAC3B,SAAS,EAAE,OAAO,CAAC;YACnB,aAAa,EAAE,MAAM,CAAC;YACtB,UAAU,CAAC,EAAE,KAAK,CAAC;gBACjB,IAAI,EAAE,MAAM,CAAC;gBACb,IAAI,CAAC,EAAE,MAAM,CAAC;gBACd,QAAQ,EAAE,OAAO,CAAC;gBAClB,WAAW,CAAC,EAAE,MAAM,CAAC;gBACrB,cAAc,EAAE,OAAO,CAAC;aACzB,CAAC,CAAC;SACJ,CAAC,CAAC;QACH,MAAM,EAAE;YACN,QAAQ,EAAE,MAAM,EAAE,CAAC;YACnB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAClC,QAAQ,EAAE,MAAM,CAAC;SAClB,CAAC;QACF,YAAY,EAAE;YACZ,gBAAgB,EAAE,MAAM,CAAC;YACzB,mBAAmB,EAAE,MAAM,CAAC;YAC5B,aAAa,EAAE,MAAM,CAAC;YACtB,QAAQ,EAAE,KAAK,CAAC;gBACd,QAAQ,EAAE,MAAM,CAAC;gBACjB,aAAa,EAAE,MAAM,CAAC;gBACtB,WAAW,CAAC,EAAE,MAAM,CAAC;gBACrB,iBAAiB,EAAE,MAAM,CAAC;gBAC1B,cAAc,EAAE,OAAO,CAAC;gBACxB,cAAc,EAAE,MAAM,CAAC;gBACvB,iBAAiB,EAAE,OAAO,CAAC;gBAC3B,SAAS,EAAE,OAAO,CAAC;gBACnB,aAAa,EAAE,MAAM,CAAC;gBACtB,UAAU,CAAC,EAAE,KAAK,CAAC;oBACjB,IAAI,EAAE,MAAM,CAAC;oBACb,IAAI,CAAC,EAAE,MAAM,CAAC;oBACd,QAAQ,EAAE,OAAO,CAAC;oBAClB,WAAW,CAAC,EAAE,MAAM,CAAC;oBACrB,cAAc,EAAE,OAAO,CAAC;iBACzB,CAAC,CAAC;aACJ,CAAC,CAAC;YACH,QAAQ,EAAE,KAAK,CAAC;gBACd,QAAQ,EAAE,MAAM,CAAC;gBACjB,aAAa,EAAE,MAAM,CAAC;gBACtB,WAAW,CAAC,EAAE,MAAM,CAAC;gBACrB,iBAAiB,EAAE,MAAM,CAAC;gBAC1B,cAAc,EAAE,OAAO,CAAC;gBACxB,cAAc,EAAE,MAAM,CAAC;gBACvB,iBAAiB,EAAE,OAAO,CAAC;gBAC3B,SAAS,EAAE,OAAO,CAAC;gBACnB,aAAa,EAAE,MAAM,CAAC;gBACtB,UAAU,CAAC,EAAE,KAAK,CAAC;oBACjB,IAAI,EAAE,MAAM,CAAC;oBACb,IAAI,CAAC,EAAE,MAAM,CAAC;oBACd,QAAQ,EAAE,OAAO,CAAC;oBAClB,WAAW,CAAC,EAAE,MAAM,CAAC;oBACrB,cAAc,EAAE,OAAO,CAAC;iBACzB,CAAC,CAAC;aACJ,CAAC,CAAC;YACH,QAAQ,EAAE,KAAK,CAAC;gBACd,QAAQ,EAAE,MAAM,CAAC;gBACjB,aAAa,EAAE,MAAM,CAAC;gBACtB,WAAW,CAAC,EAAE,MAAM,CAAC;gBACrB,iBAAiB,EAAE,MAAM,CAAC;gBAC1B,cAAc,EAAE,OAAO,CAAC;gBACxB,cAAc,EAAE,MAAM,CAAC;gBACvB,iBAAiB,EAAE,OAAO,CAAC;gBAC3B,SAAS,EAAE,OAAO,CAAC;gBACnB,aAAa,EAAE,MAAM,CAAC;gBACtB,UAAU,CAAC,EAAE,KAAK,CAAC;oBACjB,IAAI,EAAE,MAAM,CAAC;oBACb,IAAI,CAAC,EAAE,MAAM,CAAC;oBACd,QAAQ,EAAE,OAAO,CAAC;oBAClB,WAAW,CAAC,EAAE,MAAM,CAAC;oBACrB,cAAc,EAAE,OAAO,CAAC;iBACzB,CAAC,CAAC;aACJ,CAAC,CAAC;SACJ,CAAC;QACF,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,iBAAiB,EAAE;YACjB,MAAM,EAAE,MAAM,CAAC;YACf,YAAY,EAAE,MAAM,CAAC;YACrB,OAAO,EAAE,MAAM,CAAC;YAChB,OAAO,EAAE,MAAM,CAAC;YAChB,KAAK,EAAE,MAAM,CAAC;SACf,CAAC;QACF,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED,+DAA+D;AAC/D,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACrC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;KACrB,CAAC;CACH;AAED,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,cAAc,EAAE,CAAC;IAC9B,4DAA4D;IAC5D,KAAK,CAAC,EAAE,cAAc,EAAE,CAAC;CAC1B;AAED,MAAM,WAAW,kBAAkB;IACjC,oBAAoB,EAAE,kBAAkB,EAAE,CAAC;IAC3C,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,gBAAgB,EAAE,iBAAiB,CAAC;IACpC,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,oBAAoB,CAAC;IAC9B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,oBAAoB,CAAC;IAC9B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,gBAAgB,CAAC;IAC1B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAGD,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,UAAU,GAAG,SAAS,GAAG,aAAa,CAAC;IACjD,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,eAAe,EAAE,WAAW,GAAG,iBAAiB,CAAC;IACjD,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,0BAA0B,EAAE,OAAO,CAAC;IACpC,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAKD;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,iBAAiB,EAAE,mBAAmB,CAAC;IACvC,kBAAkB,EAAE,mBAAmB,CAAC;IACxC,gBAAgB,EAAE,mBAAmB,CAAC;IACtC,uBAAuB,EAAE,mBAAmB,CAAC;IAC7C,uBAAuB,EAAE,mBAAmB,CAAC;IAC7C,sBAAsB,CAAC,EAAE,mBAAmB,CAAC;CAC9C;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,KAAK,CAAC;IAClB,0BAA0B,EAAE,IAAI,CAAC;IAEjC,cAAc,CAAC,EAAE;QACf,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,aAAa,EAAE,OAAO,CAAC;QACvB,YAAY,EAAE,OAAO,CAAC;QACtB,WAAW,EAAE,OAAO,CAAC;QACrB,eAAe,EAAE,UAAU,GAAG,SAAS,CAAC;KACzC,CAAC;IAEF,UAAU,CAAC,EAAE;QACX,cAAc,EAAE,OAAO,CAAC;QACxB,aAAa,EAAE,OAAO,CAAC;QACvB,YAAY,EAAE,OAAO,CAAC;QACtB,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;KAC/B,CAAC;IAEF,eAAe,CAAC,EAAE;QAChB,oBAAoB,EAAE,OAAO,CAAC;QAC9B,uBAAuB,EAAE,OAAO,CAAC;QACjC,uBAAuB,EAAE,OAAO,CAAC;QACjC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;KAC9B,CAAC;IAEF,cAAc,CAAC,EAAE;QACf,iBAAiB,EAAE,OAAO,CAAC;QAC3B,iBAAiB,CAAC,EAAE,gBAAgB,GAAG,KAAK,GAAG,WAAW,CAAC;KAC5D,CAAC;IAEF,uBAAuB,EAAE,MAAM,EAAE,CAAC;CACnC;AAED;;;GAGG;AACH,MAAM,WAAW,2BAA2B;IAC1C,eAAe,EAAE,MAAM,CAAC;IAGxB,cAAc,EAAE,cAAc,CAAC;IAG/B,aAAa,CAAC,EAAE,aAAa,CAAC;IAG9B,MAAM,EAAE,gBAAgB,CAAC;IACzB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;IAG1B,+DAA+D;IAC/D,mBAAmB,CAAC,EAAE,0BAA0B,CAAC;IACjD,uDAAuD;IACvD,mBAAmB,CAAC,EAAE,sBAAsB,CAAC;IAC7C,4DAA4D;IAC5D,iBAAiB,CAAC,EAAE,wBAAwB,CAAC;IAC7C,2DAA2D;IAC3D,gBAAgB,CAAC,EAAE,uBAAuB,CAAC;CAC5C;AAED,MAAM,WAAW,0BAA0B;IACzC,sBAAsB,EAAE,OAAO,CAAC;IAChC,aAAa,EAAE,OAAO,CAAC;IACvB,mBAAmB,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;IACrD,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,WAAW,CAAC,EAAE,OAAO,CAAC;IAGtB,UAAU,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACvC,eAAe,CAAC,EAAE,WAAW,GAAG,iBAAiB,CAAC;IAClD,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;CACpC;AAED,MAAM,WAAW,sBAAsB;IACrC,wBAAwB,EAAE,OAAO,CAAC;IAClC,eAAe,EAAE,OAAO,CAAC;IACzB,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,eAAe,EAAE,OAAO,CAAC;IACzB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,wBAAwB;IACvC,oBAAoB,EAAE,OAAO,CAAC;IAC9B,uBAAuB,EAAE,OAAO,CAAC;IACjC,uBAAuB,EAAE,OAAO,CAAC;IACjC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,uBAAuB;IACtC,iBAAiB,EAAE,OAAO,CAAC;IAC3B,iBAAiB,CAAC,EAAE,gBAAgB,GAAG,KAAK,GAAG,WAAW,CAAC;IAC3D,kBAAkB,CAAC,EAAE;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAaD,MAAM,WAAW,kBAAkB;IACjC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gBAAgB,EAAE,MAAM,CAAC;IACzB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,aAAa,EAAE,MAAM,EAAE,CAAC;IAExB,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,OAAO,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,MAAM,GAAG,WAAW,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,uBAAuB;IACtC,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CAC1C;AAaD,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,QAAQ,GAAG,YAAY,GAAG,SAAS,GAAG,SAAS,CAAC;IAC1D,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,QAAQ,CAAC,EAAE,iBAAiB,CAAC;CAC9B;AAED,MAAM,WAAW,aAAa;IAC5B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,kBAAkB,EAAE,MAAM,CAAC;IAE3B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,iBAAiB;IAChC,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,OAAO,CAAC;IACpB,gBAAgB,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,CAAC;IAC9C,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,sBAAsB;IACrC,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,eAAe,EAAE,OAAO,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;CACtB;AAOD,MAAM,WAAW,sBAAsB;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IAGxB,aAAa,EAAE,uBAAuB,CAAC;IACvC,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,aAAa,EAAE,uBAAuB,CAAC;IACvC,aAAa,EAAE,uBAAuB,CAAC;IACvC,SAAS,EAAE,mBAAmB,CAAC;IAG/B,iBAAiB,CAAC,EAAE,2BAA2B,CAAC;IAGhD,aAAa,CAAC,EAAE,uBAAuB,CAAC;IACxC,eAAe,CAAC,EAAE,wBAAwB,CAAC;IAC3C,mBAAmB,CAAC,EAAE,6BAA6B,CAAC;IACpD,kBAAkB,CAAC,EAAE,4BAA4B,CAAC;IAClD,WAAW,CAAC,EAAE,qBAAqB,CAAC;IACpC,kBAAkB,CAAC,EAAE,4BAA4B,CAAC;IAClD,cAAc,CAAC,EAAE,wBAAwB,CAAC;IAC1C,QAAQ,CAAC,EAAE,kBAAkB,CAAC;IAG9B,kDAAkD;IAClD,SAAS,CAAC,EAAE,kBAAkB,CAAC;IAC/B,gDAAgD;IAChD,OAAO,CAAC,EAAE,gBAAgB,CAAC;IAC3B,sFAAsF;IACtF,eAAe,CAAC,EAAE,iCAAiC,CAAC;IAGpD,aAAa,EAAE,gBAAgB,CAAC;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,MAAM,EAAE,CAAC;IAG1B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAG5B,kBAAkB,CAAC,EAAE;QACnB,0DAA0D;QAC1D,mBAAmB,EAAE,OAAO,CAAC;QAC7B,6CAA6C;QAC7C,aAAa,CAAC,EAAE,OAAO,GAAG,KAAK,GAAG,iBAAiB,CAAC;KACrD,CAAC;CACH;AAMD;;;GAGG;AACH,MAAM,MAAM,WAAW,GACnB,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,CAAC;AAER,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,MAAM,CAAC;AAElE,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,WAAW,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,WAAW,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,WAAW,GAAG,kBAAkB,GAAG,QAAQ,GAAG,aAAa,CAAC;IACtE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,mBAAmB,EAAE,OAAO,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,YAAY,EAAE,CAAC;IAC3B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,gBAAgB,EAAE;QAChB,SAAS,EAAE,OAAO,CAAC;QACnB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,MAAM,EAAE,OAAO,CAAC;QAChB,UAAU,EAAE,OAAO,CAAC;KACrB,CAAC;IACF,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;;GAGG;AACH;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,KAAK,GAAG,aAAa,GAAG,UAAU,GAAG,MAAM,CAAC;AAE3E,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,OAAO,CAAC;IACxB,WAAW,CAAC,EAAE;QACZ,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,CAAC,EAAE,OAAO,CAAC;KACzB,CAAC;IACF,gDAAgD;IAChD,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,gBAAgB,CAAC,EAAE;QACjB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;QAC7B,MAAM,EAAE,MAAM,CAAC;QACf,wCAAwC;QACxC,UAAU,EAAE,mBAAmB,CAAC;QAChC,yDAAyD;QACzD,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,iEAAiE;IACjE,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,oBAAoB,EAAE,CAAC;IACpC,cAAc,EAAE,MAAM,CAAC;IACvB,uBAAuB,EAAE,MAAM,CAAC;IAChC,gFAAgF;IAChF,0BAA0B,EAAE,MAAM,CAAC;IACnC,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,8CAA8C;IAC9C,OAAO,CAAC,EAAE;QACR,uDAAuD;QACvD,QAAQ,EAAE,MAAM,CAAC;QACjB,yDAAyD;QACzD,WAAW,EAAE,MAAM,CAAC;QACpB,uDAAuD;QACvD,WAAW,EAAE,MAAM,CAAC;QACpB,2CAA2C;QAC3C,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IACF,6CAA6C;IAC7C,kBAAkB,CAAC,EAAE;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC;QACnB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,uDAAuD;IACvD,iBAAiB,CAAC,EAAE;QAClB,oDAAoD;QACpD,GAAG,EAAE,MAAM,CAAC;QACZ,sCAAsC;QACtC,UAAU,EAAE,MAAM,CAAC;QACnB,sDAAsD;QACtD,QAAQ,EAAE,MAAM,CAAC;QACjB,sCAAsC;QACtC,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,MAAM,yBAAyB,GACjC,WAAW,GACX,OAAO,GACP,UAAU,GACV,SAAS,CAAC;AAEd,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,yBAAyB,CAAC;IACpC,QAAQ,EACJ,cAAc,GACd,eAAe,GACf,kBAAkB,GAClB,YAAY,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,6BAA6B;IAC5C,OAAO,EAAE,sBAAsB,EAAE,CAAC;IAClC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,gBAAgB,EAAE,MAAM,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE;QACV,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;QAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC9B,CAAC;IACF,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED;;;GAGG;AACH,MAAM,WAAW,uBAAuB;IACtC,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,wBAAwB;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;CACxC;AAED,MAAM,WAAW,4BAA4B;IAC3C,WAAW,EAAE,OAAO,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,iBAAiB,EAAE,wBAAwB,EAAE,CAAC;IAC9C,OAAO,EAAE,OAAO,CAAC;IACjB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,4CAA4C;IAC5C,eAAe,CAAC,EAAE;QAChB,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,iBAAiB,EAAE,uBAAuB,EAAE,CAAC;QAC7C,aAAa,EAAE,OAAO,CAAC;KACxB,CAAC;IACF,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EACA,gBAAgB,GAChB,mBAAmB,GACnB,yBAAyB,GACzB,eAAe,GACf,gBAAgB,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACpC,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,gBAAgB,EAAE,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE,OAAO,CAAC;IACrB,cAAc,EAAE,OAAO,CAAC;IACxB,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAGD,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,4BAA4B;IAC3C,YAAY,EAAE,WAAW,EAAE,CAAC;IAC5B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAGD,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAAC;AAElE,MAAM,WAAW,mBAAmB;IAClC,aAAa,EAAE,OAAO,CAAC;IACvB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,yBAAyB;IACxC,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,OAAO,CAAC;IACrB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,aAAa,EAAE,OAAO,CAAC;IACvB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,UAAU,CAAC;IACvB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,mBAAmB,CAAC;IACrC,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE;QAChB,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,uBAAuB,EAAE,MAAM,EAAE,CAAC;QAClC,gBAAgB,EAAE,MAAM,EAAE,CAAC;KAC5B,CAAC;IACF,iBAAiB,CAAC,EAAE,yBAAyB,CAAC;IAC9C,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;;GAGG;AAEH,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,OAAO,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,mBAAmB,GAAG,IAAI,CAAC;IACpC,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,MAAM,CAAC;IACrC,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE;QACT,mBAAmB,EAAE,OAAO,CAAC;QAC7B,wBAAwB,EAAE,OAAO,CAAC;KACnC,CAAC;CACH;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC;IACzB,OAAO,EAAE,kBAAkB,EAAE,CAAC;IAC9B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,OAAO,CAAC;IACpB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,uBAAuB,EAAE,OAAO,CAAC;IACjC,oBAAoB,EAAE,OAAO,CAAC;IAC9B,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,kBAAkB;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,uBAAuB,EAAE,MAAM,CAAC;IAChC,mBAAmB,EAAE,MAAM,CAAC;IAC5B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,4BAA4B,EAAE,MAAM,CAAC;IACrC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,OAAO,EAAE,kBAAkB,EAAE,CAAC;IAC9B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,OAAO,CAAC;IAChB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,EAAE,OAAO,CAAC;IACtB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,wBAAwB,EAAE,MAAM,CAAC;IACjC,wBAAwB,EAAE,MAAM,CAAC;IACjC,OAAO,EAAE,gBAAgB,EAAE,CAAC;IAC5B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,QAAQ,EACJ,kBAAkB,GAClB,gBAAgB,GAChB,kBAAkB,GAClB,sBAAsB,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,OAAO,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,iBAAiB,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,iCAAiC;IAChD,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,wBAAwB,EAAE,MAAM,CAAC;IACjC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,OAAO,EAAE,yBAAyB,EAAE,CAAC;IACrC,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,eAAO,MAAM,sBAAsB,EAAE,IAAI,CACvC,kBAAkB,EAClB,YAAY,GAAG,UAAU,CAC1B,EAqDA,CAAC;AAEF;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE;QACR,yBAAyB,EAAE,OAAO,CAAC;QACnC,mBAAmB,EAAE,OAAO,CAAC;QAC7B,mBAAmB,EAAE,OAAO,CAAC;QAC7B,oBAAoB,EAAE,OAAO,CAAC;KAC/B,CAAC;IACF,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,eAAe,EAAE,OAAO,CAAC;IAEzB,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAEhC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAE5B,wBAAwB,CAAC,EAAE,OAAO,CAAC;IAEnC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAE9B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,oBAAoB,CAAC,EAAE;QACrB,aAAa,EAAE,OAAO,CAAC;QACvB,QAAQ,EAAE,OAAO,CAAC;QAClB,aAAa,EAAE,OAAO,CAAC;QACvB,aAAa,EAAE,OAAO,CAAC;QACvB,SAAS,EAAE,OAAO,CAAC;QACnB,iBAAiB,CAAC,EAAE,OAAO,CAAC;QAE5B,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,mBAAmB,CAAC,EAAE,OAAO,CAAC;QAC9B,kBAAkB,CAAC,EAAE,OAAO,CAAC;QAC7B,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,kBAAkB,CAAC,EAAE,OAAO,CAAC;QAC7B,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,QAAQ,CAAC,EAAE,OAAO,CAAC;QAEnB,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,eAAe,CAAC,EAAE,OAAO,CAAC;KAC3B,CAAC;CACH;AAMD;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,CAAC,KAAK,EAAE,aAAa,GAAG,IAAI,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,MAAM,aAAa,GACrB,qBAAqB,GACrB,iBAAiB,GACjB,sBAAsB,GACtB,0BAA0B,GAC1B,yBAAyB,GACzB,4BAA4B,GAC5B,mCAAmC,CAAC;AAExC;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,gBAAgB,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,YAAY,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,iBAAiB,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,gBAAgB,CAAC;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,0BAA0B;IACzC,IAAI,EAAE,qBAAqB,CAAC;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACrC,cAAc,EAAE,OAAO,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,IAAI,EAAE,oBAAoB,CAAC;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,iBAAiB,EAAE,CAAC;IAChC,gBAAgB,EAAE;QAChB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;QAC7B,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,WAAW,4BAA4B;IAC3C,IAAI,EAAE,uBAAuB,CAAC;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,iBAAiB,EAAE,CAAC;IAChC,KAAK,EAAE,cAAc,GAAG,iBAAiB,CAAC;IAC1C,MAAM,EAAE,OAAO,GAAG,SAAS,CAAC;IAC5B,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;;GAKG;AACH,MAAM,WAAW,mCAAmC;IAClD,IAAI,EAAE,+BAA+B,CAAC;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,iBAAiB,EAAE,CAAC;IAChC,KAAK,EAAE,cAAc,GAAG,iBAAiB,CAAC;IAC1C,MAAM,EAAE,OAAO,GAAG,SAAS,CAAC;IAC5B,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,EAAE,mBAAmB,CAAC;IAChC,WAAW,EAAE,OAAO,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;CAChB;AAMD,eAAO,MAAM,yBAAyB,EAAE,uBAiCvC,CAAC;AAIF,eAAO,MAAM,oBAAoB,EAAE,uBAkClC,CAAC;AAGF,eAAO,MAAM,qBAAqB,EAAE,uBAiCnC,CAAC;AAIF,eAAO,MAAM,iBAAiB,EAAE,uBAiC/B,CAAC;AAIF,eAAO,MAAM,4BAA4B,EAAE,uBA4C1C,CAAC"}
|
|
@@ -1,12 +1,16 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Backend API Security Patterns
|
|
3
|
-
* Tests MCP server API security with
|
|
3
|
+
* Tests MCP server API security with 22 focused patterns
|
|
4
4
|
*
|
|
5
5
|
* Architecture: Attack-Type with Specific Payloads
|
|
6
6
|
* - Critical Injection (6 patterns): Command, Calculator, SQL, Path Traversal, XXE, NoSQL
|
|
7
7
|
* - Input Validation (3 patterns): Type Safety, Boundary Testing, Required Fields
|
|
8
8
|
* - Protocol Compliance (2 patterns): MCP Error Format, Timeout Handling
|
|
9
9
|
* - Tool-Specific Vulnerabilities (7 patterns): Indirect Injection, Unicode Bypass, Nested Injection, Package Squatting, Data Exfiltration, Configuration Drift, Tool Shadowing
|
|
10
|
+
* - Resource Exhaustion (1 pattern): DoS/Resource Exhaustion
|
|
11
|
+
* - Deserialization (1 pattern): Insecure Deserialization
|
|
12
|
+
* - Token Theft (1 pattern): Authentication token leakage
|
|
13
|
+
* - Permission Scope (1 pattern): Privilege escalation and scope bypass
|
|
10
14
|
*
|
|
11
15
|
* Scope: Backend API Security ONLY
|
|
12
16
|
* - Tests structured data inputs to API endpoints
|
|
@@ -38,7 +42,7 @@ export interface AttackPattern {
|
|
|
38
42
|
* BACKEND API SECURITY PATTERNS
|
|
39
43
|
* ========================================
|
|
40
44
|
*
|
|
41
|
-
*
|
|
45
|
+
* 22 focused patterns for MCP server API security
|
|
42
46
|
*/
|
|
43
47
|
export declare const SECURITY_ATTACK_PATTERNS: AttackPattern[];
|
|
44
48
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"securityPatterns.d.ts","sourceRoot":"","sources":["../../src/lib/securityPatterns.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"securityPatterns.d.ts","sourceRoot":"","sources":["../../src/lib/securityPatterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,iBAAiB,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,eAAe,EAAE,CAAC;CAC7B;AAED;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,EAAE,aAAa,EAisCnD,CAAC;AAEF;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,UAAU,EAAE,MAAM,EAClB,KAAK,CAAC,EAAE,MAAM,GACb,eAAe,EAAE,CAQnB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,aAAa,EAAE,CAEtD;AAED;;GAEG;AACH,wBAAgB,oBAAoB;;;;;;;;EA8BnC"}
|
|
@@ -1,12 +1,16 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Backend API Security Patterns
|
|
3
|
-
* Tests MCP server API security with
|
|
3
|
+
* Tests MCP server API security with 22 focused patterns
|
|
4
4
|
*
|
|
5
5
|
* Architecture: Attack-Type with Specific Payloads
|
|
6
6
|
* - Critical Injection (6 patterns): Command, Calculator, SQL, Path Traversal, XXE, NoSQL
|
|
7
7
|
* - Input Validation (3 patterns): Type Safety, Boundary Testing, Required Fields
|
|
8
8
|
* - Protocol Compliance (2 patterns): MCP Error Format, Timeout Handling
|
|
9
9
|
* - Tool-Specific Vulnerabilities (7 patterns): Indirect Injection, Unicode Bypass, Nested Injection, Package Squatting, Data Exfiltration, Configuration Drift, Tool Shadowing
|
|
10
|
+
* - Resource Exhaustion (1 pattern): DoS/Resource Exhaustion
|
|
11
|
+
* - Deserialization (1 pattern): Insecure Deserialization
|
|
12
|
+
* - Token Theft (1 pattern): Authentication token leakage
|
|
13
|
+
* - Permission Scope (1 pattern): Privilege escalation and scope bypass
|
|
10
14
|
*
|
|
11
15
|
* Scope: Backend API Security ONLY
|
|
12
16
|
* - Tests structured data inputs to API endpoints
|
|
@@ -24,7 +28,7 @@
|
|
|
24
28
|
* BACKEND API SECURITY PATTERNS
|
|
25
29
|
* ========================================
|
|
26
30
|
*
|
|
27
|
-
*
|
|
31
|
+
* 22 focused patterns for MCP server API security
|
|
28
32
|
*/
|
|
29
33
|
export const SECURITY_ATTACK_PATTERNS = [
|
|
30
34
|
// ==========================================
|
|
@@ -801,6 +805,326 @@ export const SECURITY_ATTACK_PATTERNS = [
|
|
|
801
805
|
},
|
|
802
806
|
],
|
|
803
807
|
},
|
|
808
|
+
// ==========================================
|
|
809
|
+
// RESOURCE EXHAUSTION TESTS (1)
|
|
810
|
+
// ==========================================
|
|
811
|
+
// 19. DOS/RESOURCE EXHAUSTION
|
|
812
|
+
{
|
|
813
|
+
attackName: "DoS/Resource Exhaustion",
|
|
814
|
+
description: "Test if tool is vulnerable to denial of service through resource exhaustion (ReDoS, memory allocation, timeout abuse)",
|
|
815
|
+
payloads: [
|
|
816
|
+
// ReDoS Payloads (Catastrophic Backtracking)
|
|
817
|
+
{
|
|
818
|
+
payload: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!",
|
|
819
|
+
evidence: /timeout|timed.?out|catastrophic|backtrack|hung|unresponsive|resource.?limit|regex.?timeout/i,
|
|
820
|
+
riskLevel: "HIGH",
|
|
821
|
+
description: "ReDoS via evil regex input (catastrophic backtracking)",
|
|
822
|
+
payloadType: "dos",
|
|
823
|
+
parameterTypes: [
|
|
824
|
+
"pattern",
|
|
825
|
+
"regex",
|
|
826
|
+
"search",
|
|
827
|
+
"query",
|
|
828
|
+
"filter",
|
|
829
|
+
"text",
|
|
830
|
+
"input",
|
|
831
|
+
],
|
|
832
|
+
},
|
|
833
|
+
{
|
|
834
|
+
payload: "(a+)+b",
|
|
835
|
+
evidence: /timeout|timed.?out|catastrophic|backtrack|regex.?error|pattern.?error|stack.?overflow/i,
|
|
836
|
+
riskLevel: "HIGH",
|
|
837
|
+
description: "ReDoS via nested quantifier pattern",
|
|
838
|
+
payloadType: "dos",
|
|
839
|
+
parameterTypes: ["pattern", "regex", "search", "query", "filter"],
|
|
840
|
+
},
|
|
841
|
+
{
|
|
842
|
+
payload: "a]a]a]a]a]a]a]a]a]a]a]a]a]a]a]a]",
|
|
843
|
+
evidence: /timeout|backtrack|regex.?overflow|stack.?overflow|parse.?error/i,
|
|
844
|
+
riskLevel: "HIGH",
|
|
845
|
+
description: "ReDoS via character class abuse",
|
|
846
|
+
payloadType: "dos",
|
|
847
|
+
parameterTypes: ["pattern", "regex", "search", "query"],
|
|
848
|
+
},
|
|
849
|
+
{
|
|
850
|
+
payload: "^(([a-z])+.)+[A-Z]([a-z])+$",
|
|
851
|
+
evidence: /timeout|catastrophic|backtrack|polynomial|exponential|regex.?complexity/i,
|
|
852
|
+
riskLevel: "HIGH",
|
|
853
|
+
description: "ReDoS via polynomial complexity pattern",
|
|
854
|
+
payloadType: "dos",
|
|
855
|
+
parameterTypes: ["pattern", "regex", "search", "query", "filter"],
|
|
856
|
+
},
|
|
857
|
+
// Memory Allocation Payloads
|
|
858
|
+
{
|
|
859
|
+
payload: "999999999999",
|
|
860
|
+
evidence: /memory.?error|allocation.?failed|out.?of.?memory|heap|buffer.?overflow|resource.?limit|integer.?overflow/i,
|
|
861
|
+
riskLevel: "HIGH",
|
|
862
|
+
description: "Memory exhaustion via large number input",
|
|
863
|
+
payloadType: "dos",
|
|
864
|
+
parameterTypes: [
|
|
865
|
+
"size",
|
|
866
|
+
"count",
|
|
867
|
+
"length",
|
|
868
|
+
"limit",
|
|
869
|
+
"amount",
|
|
870
|
+
"quantity",
|
|
871
|
+
"number",
|
|
872
|
+
],
|
|
873
|
+
},
|
|
874
|
+
{
|
|
875
|
+
// Pre-evaluated 10KB string
|
|
876
|
+
payload: "x".repeat(10000),
|
|
877
|
+
evidence: /too.?long|exceeds.?length|maximum.?length|length.?limit|resource.?limit|payload.?too.?large|memory/i,
|
|
878
|
+
riskLevel: "MEDIUM",
|
|
879
|
+
description: "Memory exhaustion via large string payload (10KB)",
|
|
880
|
+
payloadType: "dos",
|
|
881
|
+
},
|
|
882
|
+
{
|
|
883
|
+
// 10-level deep nested JSON
|
|
884
|
+
payload: '{"a":{"a":{"a":{"a":{"a":{"a":{"a":{"a":{"a":{"a":{}}}}}}}}}}}',
|
|
885
|
+
evidence: /stack.?overflow|recursion|depth.?limit|nesting.?limit|too.?deep|parse.?error|json.?depth/i,
|
|
886
|
+
riskLevel: "HIGH",
|
|
887
|
+
description: "Stack exhaustion via deep JSON nesting",
|
|
888
|
+
payloadType: "dos",
|
|
889
|
+
parameterTypes: ["data", "json", "body", "payload", "input"],
|
|
890
|
+
},
|
|
891
|
+
// Timeout Abuse Payloads
|
|
892
|
+
{
|
|
893
|
+
payload: "sleep(99999)",
|
|
894
|
+
evidence: /timeout|timed.?out|operation.?cancelled|deadline|long.?running|sleep.?executed/i,
|
|
895
|
+
riskLevel: "HIGH",
|
|
896
|
+
description: "Timeout abuse via sleep command injection",
|
|
897
|
+
payloadType: "dos",
|
|
898
|
+
parameterTypes: ["command", "script", "code", "expression", "input"],
|
|
899
|
+
},
|
|
900
|
+
{
|
|
901
|
+
payload: "WAITFOR DELAY '00:10:00'",
|
|
902
|
+
evidence: /timeout|timed.?out|sql.?timeout|query.?timeout|waitfor.?executed/i,
|
|
903
|
+
riskLevel: "HIGH",
|
|
904
|
+
description: "Timeout abuse via SQL WAITFOR",
|
|
905
|
+
payloadType: "dos",
|
|
906
|
+
parameterTypes: ["query", "sql", "command"],
|
|
907
|
+
},
|
|
908
|
+
{
|
|
909
|
+
// 20-level nested array
|
|
910
|
+
payload: "[[[[[[[[[[[[[[[[[[[[]]]]]]]]]]]]]]]]]]]]",
|
|
911
|
+
evidence: /stack.?overflow|recursion|depth|nesting|too.?deep|parse.?error/i,
|
|
912
|
+
riskLevel: "MEDIUM",
|
|
913
|
+
description: "Stack exhaustion via nested arrays",
|
|
914
|
+
payloadType: "dos",
|
|
915
|
+
parameterTypes: ["data", "array", "list", "items"],
|
|
916
|
+
},
|
|
917
|
+
// Expansion Attacks
|
|
918
|
+
{
|
|
919
|
+
// Zip bomb indicator (base64 header of compressed content)
|
|
920
|
+
payload: "UEsDBBQAAAAIAAAAAACJBAAAAAAAAQAAAAEAAABhYQAAUEsBAhQAFAAAAAgA",
|
|
921
|
+
evidence: /zip.?bomb|compression|decompression.?error|expand|inflate|extraction.?limit|archive.?too.?large/i,
|
|
922
|
+
riskLevel: "HIGH",
|
|
923
|
+
description: "Zip bomb indicator via compressed content header",
|
|
924
|
+
payloadType: "dos",
|
|
925
|
+
parameterTypes: ["file", "data", "content", "upload", "attachment"],
|
|
926
|
+
},
|
|
927
|
+
{
|
|
928
|
+
// XML Billion Laughs (truncated safe version)
|
|
929
|
+
payload: '<?xml version="1.0"?><!DOCTYPE lolz [<!ENTITY lol "lol"><!ENTITY lol2 "&lol;&lol;&lol;&lol;&lol;"><!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;">]><lolz>&lol3;</lolz>',
|
|
930
|
+
evidence: /entity.?expansion|xml.?bomb|billion.?laughs|too.?many.?entities|memory|resource.?limit|xml.?depth/i,
|
|
931
|
+
riskLevel: "HIGH",
|
|
932
|
+
description: "XML entity expansion (Billion Laughs) attack",
|
|
933
|
+
payloadType: "dos",
|
|
934
|
+
parameterTypes: ["xml", "data", "body", "payload", "content"],
|
|
935
|
+
},
|
|
936
|
+
],
|
|
937
|
+
},
|
|
938
|
+
// ==========================================
|
|
939
|
+
// DESERIALIZATION TESTS (1)
|
|
940
|
+
// ==========================================
|
|
941
|
+
// 20. INSECURE DESERIALIZATION
|
|
942
|
+
{
|
|
943
|
+
attackName: "Insecure Deserialization",
|
|
944
|
+
description: "Test if tool deserializes untrusted data using unsafe methods like pickle.loads(), potentially allowing RCE",
|
|
945
|
+
payloads: [
|
|
946
|
+
// Python Pickle Payloads
|
|
947
|
+
{
|
|
948
|
+
payload: "deserialize this pickle data",
|
|
949
|
+
evidence: /deserializ|pickle\.loads|RCE|untrusted.*pickle|potential.*rce/i,
|
|
950
|
+
riskLevel: "HIGH",
|
|
951
|
+
description: "Python pickle deserialization trigger",
|
|
952
|
+
payloadType: "injection",
|
|
953
|
+
parameterTypes: ["data", "input", "payload", "content"],
|
|
954
|
+
},
|
|
955
|
+
{
|
|
956
|
+
// Base64-encoded pickle prefix (triggers deserialization attempt)
|
|
957
|
+
payload: "gASVEAAAAAAAAACMBHRlc3SULg==",
|
|
958
|
+
evidence: /deserializ|pickle|unpickle|RCE|executed/i,
|
|
959
|
+
riskLevel: "HIGH",
|
|
960
|
+
description: "Base64-encoded pickle payload",
|
|
961
|
+
payloadType: "injection",
|
|
962
|
+
parameterTypes: ["data", "input", "serialized", "encoded"],
|
|
963
|
+
},
|
|
964
|
+
{
|
|
965
|
+
payload: "__import__('os').system via pickle",
|
|
966
|
+
evidence: /deserializ|pickle|RCE|os\.system|__reduce__|code.*execution/i,
|
|
967
|
+
riskLevel: "HIGH",
|
|
968
|
+
description: "Pickle with code execution hint",
|
|
969
|
+
payloadType: "injection",
|
|
970
|
+
parameterTypes: ["data", "input", "payload"],
|
|
971
|
+
},
|
|
972
|
+
{
|
|
973
|
+
payload: "marshal.loads(untrusted_data)",
|
|
974
|
+
evidence: /marshal|deserializ|RCE|code.*execution|unsafe.*load/i,
|
|
975
|
+
riskLevel: "HIGH",
|
|
976
|
+
description: "Python marshal deserialization",
|
|
977
|
+
payloadType: "injection",
|
|
978
|
+
parameterTypes: ["data", "input", "payload"],
|
|
979
|
+
},
|
|
980
|
+
// Java/Other Serialization Payloads
|
|
981
|
+
{
|
|
982
|
+
// Java serialized object marker (base64 prefix)
|
|
983
|
+
payload: "rO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcA==",
|
|
984
|
+
evidence: /deserializ|java\.io|objectinputstream|gadget|RCE/i,
|
|
985
|
+
riskLevel: "HIGH",
|
|
986
|
+
description: "Java serialized object payload",
|
|
987
|
+
payloadType: "injection",
|
|
988
|
+
parameterTypes: ["data", "input", "serialized", "object"],
|
|
989
|
+
},
|
|
990
|
+
{
|
|
991
|
+
payload: "!!python/object/apply:os.system ['whoami']",
|
|
992
|
+
evidence: /yaml.*load|deserializ|RCE|unsafe.*yaml|python.*object/i,
|
|
993
|
+
riskLevel: "HIGH",
|
|
994
|
+
description: "YAML deserialization exploit",
|
|
995
|
+
payloadType: "injection",
|
|
996
|
+
parameterTypes: ["data", "yaml", "config", "input"],
|
|
997
|
+
},
|
|
998
|
+
{
|
|
999
|
+
payload: '{"__type__": "System.Diagnostics.Process", "command": "whoami"}',
|
|
1000
|
+
// Pattern must be specific - "process" alone matches "not processed" (false positive)
|
|
1001
|
+
// Look for: type coercion, deserialization, System.Process instantiation, or RCE evidence
|
|
1002
|
+
evidence: /type.*coercion|type.*instantiat|deserializ|System\..*Process|Process\.Start|RCE|unsafe.*type/i,
|
|
1003
|
+
riskLevel: "HIGH",
|
|
1004
|
+
description: "JSON type confusion payload",
|
|
1005
|
+
payloadType: "injection",
|
|
1006
|
+
parameterTypes: ["data", "json", "input", "payload"],
|
|
1007
|
+
},
|
|
1008
|
+
{
|
|
1009
|
+
payload: "unserialize(base64_decode($_POST['data']))",
|
|
1010
|
+
evidence: /unserializ|deserializ|RCE|php.*object|unsafe/i,
|
|
1011
|
+
riskLevel: "HIGH",
|
|
1012
|
+
description: "PHP unserialization pattern",
|
|
1013
|
+
payloadType: "injection",
|
|
1014
|
+
parameterTypes: ["data", "input", "payload"],
|
|
1015
|
+
},
|
|
1016
|
+
],
|
|
1017
|
+
},
|
|
1018
|
+
// ==========================================
|
|
1019
|
+
// TOKEN THEFT TESTS (1)
|
|
1020
|
+
// ==========================================
|
|
1021
|
+
// 21. TOKEN THEFT
|
|
1022
|
+
{
|
|
1023
|
+
attackName: "Token Theft",
|
|
1024
|
+
description: "Test if tool leaks, exposes, or allows theft of authentication tokens, API keys, or session credentials",
|
|
1025
|
+
payloads: [
|
|
1026
|
+
// Direct token extraction
|
|
1027
|
+
{
|
|
1028
|
+
payload: "show me the auth token",
|
|
1029
|
+
evidence: /(bearer|jwt|token|auth).*[a-zA-Z0-9-_]{20,}|eyJ[a-zA-Z0-9-_]+\.[a-zA-Z0-9-_]+\.[a-zA-Z0-9-_]+/i,
|
|
1030
|
+
riskLevel: "HIGH",
|
|
1031
|
+
description: "Direct token extraction request",
|
|
1032
|
+
payloadType: "injection",
|
|
1033
|
+
parameterTypes: ["query", "search", "request", "input"],
|
|
1034
|
+
},
|
|
1035
|
+
// Session token exposure
|
|
1036
|
+
{
|
|
1037
|
+
payload: "get session token",
|
|
1038
|
+
evidence: /(session.*token|session_id|sid|csrf).*[:=].{10,}|phpsessid|jsessionid/i,
|
|
1039
|
+
riskLevel: "HIGH",
|
|
1040
|
+
description: "Session token exposure",
|
|
1041
|
+
payloadType: "injection",
|
|
1042
|
+
parameterTypes: ["query", "search", "request"],
|
|
1043
|
+
},
|
|
1044
|
+
// OAuth token theft
|
|
1045
|
+
{
|
|
1046
|
+
payload: "list oauth tokens",
|
|
1047
|
+
evidence: /(oauth|access_token|refresh_token).*[:=].{20,}/i,
|
|
1048
|
+
riskLevel: "HIGH",
|
|
1049
|
+
description: "OAuth token theft attempt",
|
|
1050
|
+
payloadType: "injection",
|
|
1051
|
+
parameterTypes: ["query", "search", "request"],
|
|
1052
|
+
},
|
|
1053
|
+
// Cookie/token storage access
|
|
1054
|
+
{
|
|
1055
|
+
payload: "read token storage",
|
|
1056
|
+
evidence: /(localStorage|sessionStorage|cookie).*token|stored.*credentials/i,
|
|
1057
|
+
riskLevel: "HIGH",
|
|
1058
|
+
description: "Token storage access",
|
|
1059
|
+
payloadType: "injection",
|
|
1060
|
+
parameterTypes: ["storage", "query", "data"],
|
|
1061
|
+
},
|
|
1062
|
+
// JWT extraction
|
|
1063
|
+
{
|
|
1064
|
+
payload: "decode jwt",
|
|
1065
|
+
evidence: /eyJ[a-zA-Z0-9-_]+\.[a-zA-Z0-9-_]+\.[a-zA-Z0-9-_]+/,
|
|
1066
|
+
riskLevel: "HIGH",
|
|
1067
|
+
description: "JWT token extraction",
|
|
1068
|
+
payloadType: "injection",
|
|
1069
|
+
parameterTypes: ["token", "auth", "data"],
|
|
1070
|
+
},
|
|
1071
|
+
],
|
|
1072
|
+
},
|
|
1073
|
+
// ==========================================
|
|
1074
|
+
// PERMISSION SCOPE TESTS (1)
|
|
1075
|
+
// ==========================================
|
|
1076
|
+
// 22. PERMISSION SCOPE
|
|
1077
|
+
{
|
|
1078
|
+
attackName: "Permission Scope",
|
|
1079
|
+
description: "Test if tool exposes or allows access to resources beyond authorized scope (privilege escalation)",
|
|
1080
|
+
payloads: [
|
|
1081
|
+
// Scope escalation
|
|
1082
|
+
{
|
|
1083
|
+
payload: "access admin resources",
|
|
1084
|
+
evidence: /(admin|root|superuser).*access.*granted|elevated.*permission|scope.*expanded/i,
|
|
1085
|
+
riskLevel: "HIGH",
|
|
1086
|
+
description: "Admin scope escalation",
|
|
1087
|
+
payloadType: "injection",
|
|
1088
|
+
parameterTypes: ["scope", "permission", "access", "role"],
|
|
1089
|
+
},
|
|
1090
|
+
// Cross-tenant access
|
|
1091
|
+
{
|
|
1092
|
+
payload: "list all users data",
|
|
1093
|
+
evidence: /(all.*users|tenant.*data|cross.*org|other.*account).*returned/i,
|
|
1094
|
+
riskLevel: "HIGH",
|
|
1095
|
+
description: "Cross-tenant data access",
|
|
1096
|
+
payloadType: "injection",
|
|
1097
|
+
parameterTypes: ["query", "filter", "scope"],
|
|
1098
|
+
},
|
|
1099
|
+
// Resource enumeration
|
|
1100
|
+
{
|
|
1101
|
+
payload: "enumerate permissions",
|
|
1102
|
+
evidence: /(permission|scope|capability).*list.*returned|all.*access.*levels/i,
|
|
1103
|
+
riskLevel: "MEDIUM",
|
|
1104
|
+
description: "Permission enumeration",
|
|
1105
|
+
payloadType: "injection",
|
|
1106
|
+
parameterTypes: ["permission", "scope", "query"],
|
|
1107
|
+
},
|
|
1108
|
+
// Privilege bypass
|
|
1109
|
+
{
|
|
1110
|
+
payload: "bypass permission check",
|
|
1111
|
+
evidence: /(permission.*bypass|access.*granted|authorization.*skip)/i,
|
|
1112
|
+
riskLevel: "HIGH",
|
|
1113
|
+
description: "Permission check bypass",
|
|
1114
|
+
payloadType: "injection",
|
|
1115
|
+
parameterTypes: ["action", "permission", "command"],
|
|
1116
|
+
},
|
|
1117
|
+
// Scope expansion via parameter
|
|
1118
|
+
{
|
|
1119
|
+
payload: '{"scope": "*", "all": true}',
|
|
1120
|
+
evidence: /(wildcard.*scope|all.*resources|unlimited.*access)/i,
|
|
1121
|
+
riskLevel: "HIGH",
|
|
1122
|
+
description: "Wildcard scope injection",
|
|
1123
|
+
payloadType: "injection",
|
|
1124
|
+
parameterTypes: ["params", "scope", "config"],
|
|
1125
|
+
},
|
|
1126
|
+
],
|
|
1127
|
+
},
|
|
804
1128
|
];
|
|
805
1129
|
/**
|
|
806
1130
|
* Get all payloads for an attack type
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AssessmentOrchestrator.d.ts","sourceRoot":"","sources":["../../../src/services/assessment/AssessmentOrchestrator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EAGvB,kBAAkB,EAClB,gBAAgB,EACjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,IAAI,EACJ,2BAA2B,EAC5B,MAAM,oCAAoC,CAAC;AAiC5C,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EAEvB,MAAM,wBAAwB,CAAC;AAwEhC;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,KAAK,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,OAAO,CAAC;KACpB,CAAC,CAAC;CACJ;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,KAAK,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAClC,SAAS,CAAC,EAAE;QAAE,SAAS,CAAC,EAAE,OAAO,CAAC;QAAC,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAC3D,OAAO,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IACpC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,CAAC;IAC1C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,MAAM,EAAE,uBAAuB,CAAC;IAChC,UAAU,CAAC,EAAE;QACX,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,QAAQ,CAAC,EAAE,OAAO,CAAC;KACpB,CAAC;IAIF,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAGtC,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IAIrB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAG9B,SAAS,CAAC,EAAE,WAAW,EAAE,CAAC;IAC1B,iBAAiB,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC1C,OAAO,CAAC,EAAE,SAAS,EAAE,CAAC;IACtB,kBAAkB,CAAC,EAAE,qBAAqB,CAAC;IAG3C,YAAY,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD,SAAS,CAAC,EAAE,CACV,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KACzB,OAAO,CAAC;QAAE,QAAQ,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC,CAAC;IAGrE,eAAe,CAAC,EAAE;QAChB,IAAI,EAAE,OAAO,GAAG,KAAK,GAAG,iBAAiB,CAAC;QAC1C,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,YAAY,CAAC,EAAE,OAAO,CAAC;KACxB,CAAC;CACH;AAED,qBAAa,sBAAsB;IACjC,OAAO,CAAC,MAAM,CAA0B;IACxC,OAAO,CAAC,SAAS,CAAa;IAC9B,OAAO,CAAC,aAAa,CAAa;IAGlC,OAAO,CAAC,YAAY,CAAC,CAAmB;IACxC,OAAO,CAAC,aAAa,CAAkB;IAGvC,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,gBAAgB,CAAmB;IAC3C,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,iBAAiB,CAAoB;IAG7C,OAAO,CAAC,eAAe,CAAC,CAA4B;IAGpD,OAAO,CAAC,qBAAqB,CAAC,CAAwB;IACtD,OAAO,CAAC,sBAAsB,CAAC,CAAyB;IACxD,OAAO,CAAC,2BAA2B,CAAC,CAA8B;IAClE,OAAO,CAAC,0BAA0B,CAAC,CAA6B;IAChE,OAAO,CAAC,mBAAmB,CAAC,CAAsB;IAClD,OAAO,CAAC,0BAA0B,CAAC,CAA6B;IAChE,OAAO,CAAC,gBAAgB,CAAC,CAAmB;IAG5C,OAAO,CAAC,gBAAgB,CAAC,CAAmB;IAC5C,OAAO,CAAC,cAAc,CAAC,CAAiB;IACxC,OAAO,CAAC,uBAAuB,CAAC,CAAkC;gBAEtD,MAAM,GAAE,OAAO,CAAC,uBAAuB,CAAM;IAsFzD;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAiB9B;;;OAGG;IACH,gBAAgB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,sBAAsB,CAAC,GAAG,IAAI;IAqBhE;;OAEG;IACH,eAAe,IAAI,OAAO;IAI1B;;OAEG;IACH,eAAe,IAAI,gBAAgB,GAAG,SAAS;IAI/C;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAqC1B;;OAEG;IACG,iBAAiB,CACrB,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"AssessmentOrchestrator.d.ts","sourceRoot":"","sources":["../../../src/services/assessment/AssessmentOrchestrator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EAGvB,kBAAkB,EAClB,gBAAgB,EACjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,IAAI,EACJ,2BAA2B,EAC5B,MAAM,oCAAoC,CAAC;AAiC5C,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EAEvB,MAAM,wBAAwB,CAAC;AAwEhC;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,KAAK,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,OAAO,CAAC;KACpB,CAAC,CAAC;CACJ;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,KAAK,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAClC,SAAS,CAAC,EAAE;QAAE,SAAS,CAAC,EAAE,OAAO,CAAC;QAAC,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAC3D,OAAO,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IACpC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,CAAC;IAC1C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,MAAM,EAAE,uBAAuB,CAAC;IAChC,UAAU,CAAC,EAAE;QACX,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,QAAQ,CAAC,EAAE,OAAO,CAAC;KACpB,CAAC;IAIF,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAGtC,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IAIrB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAG9B,SAAS,CAAC,EAAE,WAAW,EAAE,CAAC;IAC1B,iBAAiB,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC1C,OAAO,CAAC,EAAE,SAAS,EAAE,CAAC;IACtB,kBAAkB,CAAC,EAAE,qBAAqB,CAAC;IAG3C,YAAY,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD,SAAS,CAAC,EAAE,CACV,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KACzB,OAAO,CAAC;QAAE,QAAQ,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC,CAAC;IAGrE,eAAe,CAAC,EAAE;QAChB,IAAI,EAAE,OAAO,GAAG,KAAK,GAAG,iBAAiB,CAAC;QAC1C,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,YAAY,CAAC,EAAE,OAAO,CAAC;KACxB,CAAC;CACH;AAED,qBAAa,sBAAsB;IACjC,OAAO,CAAC,MAAM,CAA0B;IACxC,OAAO,CAAC,SAAS,CAAa;IAC9B,OAAO,CAAC,aAAa,CAAa;IAGlC,OAAO,CAAC,YAAY,CAAC,CAAmB;IACxC,OAAO,CAAC,aAAa,CAAkB;IAGvC,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,gBAAgB,CAAmB;IAC3C,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,qBAAqB,CAAwB;IACrD,OAAO,CAAC,iBAAiB,CAAoB;IAG7C,OAAO,CAAC,eAAe,CAAC,CAA4B;IAGpD,OAAO,CAAC,qBAAqB,CAAC,CAAwB;IACtD,OAAO,CAAC,sBAAsB,CAAC,CAAyB;IACxD,OAAO,CAAC,2BAA2B,CAAC,CAA8B;IAClE,OAAO,CAAC,0BAA0B,CAAC,CAA6B;IAChE,OAAO,CAAC,mBAAmB,CAAC,CAAsB;IAClD,OAAO,CAAC,0BAA0B,CAAC,CAA6B;IAChE,OAAO,CAAC,gBAAgB,CAAC,CAAmB;IAG5C,OAAO,CAAC,gBAAgB,CAAC,CAAmB;IAC5C,OAAO,CAAC,cAAc,CAAC,CAAiB;IACxC,OAAO,CAAC,uBAAuB,CAAC,CAAkC;gBAEtD,MAAM,GAAE,OAAO,CAAC,uBAAuB,CAAM;IAsFzD;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAiB9B;;;OAGG;IACH,gBAAgB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,sBAAsB,CAAC,GAAG,IAAI;IAqBhE;;OAEG;IACH,eAAe,IAAI,OAAO;IAI1B;;OAEG;IACH,eAAe,IAAI,gBAAgB,GAAG,SAAS;IAI/C;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAqC1B;;OAEG;IACG,iBAAiB,CACrB,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,sBAAsB,CAAC;IAuflC;;OAEG;IACG,MAAM,CACV,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,IAAI,EAAE,EACb,QAAQ,EAAE,CACR,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,EACzC,UAAU,CAAC,EAAE,GAAG,EAChB,aAAa,CAAC,EAAE,MAAM,EACtB,WAAW,CAAC,EAAE,GAAG,GAChB,OAAO,CAAC,sBAAsB,CAAC;IAclC,OAAO,CAAC,qBAAqB;IAsE7B,OAAO,CAAC,sBAAsB;IAoB9B,OAAO,CAAC,eAAe;IA8DvB,OAAO,CAAC,uBAAuB;IAc/B;;OAEG;IACH,SAAS,IAAI,uBAAuB;IAIpC;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAAG,IAAI;CAG7D"}
|
|
@@ -512,6 +512,10 @@ export class AssessmentOrchestrator {
|
|
|
512
512
|
executionTime,
|
|
513
513
|
totalTestsRun: this.totalTestsRun,
|
|
514
514
|
mcpProtocolVersion: this.config.mcpProtocolVersion,
|
|
515
|
+
assessmentMetadata: {
|
|
516
|
+
sourceCodeAvailable: !!context.sourceCodePath,
|
|
517
|
+
transportType: context.transportConfig?.type,
|
|
518
|
+
},
|
|
515
519
|
};
|
|
516
520
|
}
|
|
517
521
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"PolicyComplianceGenerator.d.ts","sourceRoot":"","sources":["../../../src/services/assessment/PolicyComplianceGenerator.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AACpE,OAAO,EAML,KAAK,sBAAsB,EAG5B,MAAM,qBAAqB,CAAC;AAE7B;;GAEG;AACH,qBAAa,yBAAyB;IACpC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;gBAErB,OAAO,GAAE,MAAgB;IAIrC;;OAEG;IACH,QAAQ,CACN,UAAU,EAAE,sBAAsB,EAClC,UAAU,CAAC,EAAE,MAAM,GAClB,sBAAsB;IAuBzB;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAQ/B;;OAEG;IACH,OAAO,CAAC,mBAAmB;
|
|
1
|
+
{"version":3,"file":"PolicyComplianceGenerator.d.ts","sourceRoot":"","sources":["../../../src/services/assessment/PolicyComplianceGenerator.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AACpE,OAAO,EAML,KAAK,sBAAsB,EAG5B,MAAM,qBAAqB,CAAC;AAE7B;;GAEG;AACH,qBAAa,yBAAyB;IACpC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;gBAErB,OAAO,GAAE,MAAgB;IAIrC;;OAEG;IACH,QAAQ,CACN,UAAU,EAAE,sBAAsB,EAClC,UAAU,CAAC,EAAE,MAAM,GAClB,sBAAsB;IAuBzB;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAQ/B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA4E3B;;OAEG;IACH,OAAO,CAAC,aAAa;IAyBrB;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAmE/B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAqC1B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAuC/B;;OAEG;IACH,OAAO,CAAC,4BAA4B;IAkCpC;;OAEG;IACH,OAAO,CAAC,4BAA4B;IAuBpC;;OAEG;IACH,OAAO,CAAC,6BAA6B;IAoCrC;;OAEG;IACH,OAAO,CAAC,4BAA4B;IAqBpC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAqB9B;;OAEG;IACH,OAAO,CAAC,gCAAgC;IAsBxC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAkB/B;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAsBlC;;OAEG;IACH,OAAO,CAAC,yBAAyB;IA+CjC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IA2D9B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAe/B;;OAEG;IACH,OAAO,CAAC,eAAe;IAiDvB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAyCxB;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAW9B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAoD3B;;OAEG;IACH,OAAO,CAAC,aAAa;CAiBtB;AAED;;GAEG;AACH,wBAAgB,+BAA+B,CAC7C,OAAO,CAAC,EAAE,MAAM,GACf,yBAAyB,CAE3B;AAED;;GAEG;AACH,wBAAgB,8BAA8B,CAC5C,UAAU,EAAE,sBAAsB,EAClC,UAAU,CAAC,EAAE,MAAM,GAClB,sBAAsB,CAGxB"}
|
|
@@ -50,6 +50,21 @@ export class PolicyComplianceGenerator {
|
|
|
50
50
|
* Evaluate a single policy requirement
|
|
51
51
|
*/
|
|
52
52
|
evaluateRequirement(requirement, assessment) {
|
|
53
|
+
// Mark DEV requirements as NOT_APPLICABLE when source code is not available
|
|
54
|
+
// These requirements (documentation, privacy policy, contact info) cannot be
|
|
55
|
+
// evaluated for HTTP-only assessments without access to the source repository
|
|
56
|
+
if (requirement.category === "developer_requirements" &&
|
|
57
|
+
!assessment.assessmentMetadata?.sourceCodeAvailable) {
|
|
58
|
+
return {
|
|
59
|
+
requirement,
|
|
60
|
+
status: "NOT_APPLICABLE",
|
|
61
|
+
evidence: ["Source code not available for documentation assessment"],
|
|
62
|
+
moduleResults: [],
|
|
63
|
+
recommendation: undefined,
|
|
64
|
+
manualReviewRequired: false,
|
|
65
|
+
manualReviewGuidance: undefined,
|
|
66
|
+
};
|
|
67
|
+
}
|
|
53
68
|
const evidence = [];
|
|
54
69
|
const moduleResults = [];
|
|
55
70
|
// Collect evidence from each source module
|
|
@@ -1,11 +1,13 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Security Assessor Module
|
|
3
|
-
* Tests for backend API security vulnerabilities using
|
|
3
|
+
* Tests for backend API security vulnerabilities using 20 focused patterns
|
|
4
4
|
* - Critical Injection (6): Command, Calculator, SQL, Path Traversal, XXE, NoSQL
|
|
5
5
|
* - Input Validation (3): Type Safety, Boundary Testing, Required Fields
|
|
6
6
|
* - Protocol Compliance (2): MCP Error Format, Timeout Handling
|
|
7
7
|
* - Tool-Specific (7): SSRF, Unicode Bypass, Nested Injection, Package Squatting,
|
|
8
8
|
* Data Exfiltration, Configuration Drift, Tool Shadowing
|
|
9
|
+
* - Resource Exhaustion (1): DoS/Resource Exhaustion
|
|
10
|
+
* - Deserialization (1): Insecure Deserialization
|
|
9
11
|
*/
|
|
10
12
|
import { SecurityAssessment } from "../../../lib/assessmentTypes.js";
|
|
11
13
|
import { BaseAssessor } from "./BaseAssessor.js";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SecurityAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/SecurityAssessor.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"SecurityAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/SecurityAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EACL,kBAAkB,EAInB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAa9D,qBAAa,gBAAiB,SAAQ,YAAY;IAC1C,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAuFrE;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAkC7B;;;;OAIG;YACW,yBAAyB;IAuKvC;;;;OAIG;YACW,qBAAqB;IA2JnC;;OAEG;YACW,WAAW;IA2HzB;;;;;OAKG;IACH,OAAO,CAAC,iBAAiB;IAkDzB;;;OAGG;IACH,OAAO,CAAC,8BAA8B;IAmDtC;;OAEG;IACH,OAAO,CAAC,aAAa;IA+BrB;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAgClC;;;OAGG;IACH,OAAO,CAAC,eAAe;IA6HvB;;;;;;;OAOG;IACH,OAAO,CAAC,qBAAqB;IAiE7B;;;;;;;;;OASG;IACH,OAAO,CAAC,oBAAoB;IAqC5B;;;;;OAKG;IACH,OAAO,CAAC,mBAAmB;IAsB3B;;;;;;;OAOG;IACH,OAAO,CAAC,oBAAoB;IAkC5B;;OAEG;YACW,+BAA+B;IAiC7C;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAYjC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA0B/B;;OAEG;IACH,OAAO,CAAC,2BAA2B;IAkEnC;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAuI3B;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAsB5B;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,oBAAoB;IAmM5B;;;;;;OAMG;IACH,OAAO,CAAC,wBAAwB;IA8BhC;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IA8BhC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAW9B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAO1B,OAAO,CAAC,oBAAoB;IAoE5B;;OAEG;IACH,OAAO,CAAC,YAAY;IASpB;;;OAGG;IACH,OAAO,CAAC,eAAe;IASvB;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAiB9B;;;OAGG;IACH,OAAO,CAAC,kBAAkB;CAmB3B"}
|
|
@@ -1,11 +1,13 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Security Assessor Module
|
|
3
|
-
* Tests for backend API security vulnerabilities using
|
|
3
|
+
* Tests for backend API security vulnerabilities using 20 focused patterns
|
|
4
4
|
* - Critical Injection (6): Command, Calculator, SQL, Path Traversal, XXE, NoSQL
|
|
5
5
|
* - Input Validation (3): Type Safety, Boundary Testing, Required Fields
|
|
6
6
|
* - Protocol Compliance (2): MCP Error Format, Timeout Handling
|
|
7
7
|
* - Tool-Specific (7): SSRF, Unicode Bypass, Nested Injection, Package Squatting,
|
|
8
8
|
* Data Exfiltration, Configuration Drift, Tool Shadowing
|
|
9
|
+
* - Resource Exhaustion (1): DoS/Resource Exhaustion
|
|
10
|
+
* - Deserialization (1): Insecure Deserialization
|
|
9
11
|
*/
|
|
10
12
|
import { BaseAssessor } from "./BaseAssessor.js";
|
|
11
13
|
import { getAllAttackPatterns, getPayloadsForAttack, } from "../../../lib/securityPatterns.js";
|
|
@@ -1083,6 +1085,14 @@ export class SecurityAssessor extends BaseAssessor {
|
|
|
1083
1085
|
/result.*action\s+executed\s+successfully/i,
|
|
1084
1086
|
/successfully\s+(executed|completed|processed):/i,
|
|
1085
1087
|
/successfully\s+(executed|completed|processed)"/i,
|
|
1088
|
+
// "Action received:" - safe echo/acknowledgment pattern (DVMCP testbed)
|
|
1089
|
+
/action\s+received:/i,
|
|
1090
|
+
/input\s+received:/i,
|
|
1091
|
+
/request\s+received:/i,
|
|
1092
|
+
// Explicit safety indicators in JSON responses
|
|
1093
|
+
/"safe":\s*true/i,
|
|
1094
|
+
/"vulnerable":\s*false/i,
|
|
1095
|
+
/"status":\s*"acknowledged"/i,
|
|
1086
1096
|
];
|
|
1087
1097
|
const reflectionPatterns = [
|
|
1088
1098
|
...statusPatterns,
|
|
@@ -1150,6 +1160,31 @@ export class SecurityAssessor extends BaseAssessor {
|
|
|
1150
1160
|
/error getting info for ['"].*['"]/i,
|
|
1151
1161
|
/invalid .* format.*stored as text/i,
|
|
1152
1162
|
/error:.*too (long|short|large)/i,
|
|
1163
|
+
// NEW: DoS/Resource safe rejection patterns
|
|
1164
|
+
// These indicate the tool properly rejected resource-intensive input
|
|
1165
|
+
/payload.?rejected/i,
|
|
1166
|
+
/input.?exceeds.?limit/i,
|
|
1167
|
+
/resource.?limit.?enforced/i,
|
|
1168
|
+
/size.?limit/i,
|
|
1169
|
+
/maximum.?length/i,
|
|
1170
|
+
/rate.?limit/i,
|
|
1171
|
+
/request.?throttled/i,
|
|
1172
|
+
/input.?too.?large/i,
|
|
1173
|
+
/exceeds.?maximum.?size/i,
|
|
1174
|
+
/depth.?limit.?exceeded/i,
|
|
1175
|
+
/nesting.?limit/i,
|
|
1176
|
+
/complexity.?limit/i,
|
|
1177
|
+
// NEW: Insecure Deserialization safe rejection patterns
|
|
1178
|
+
// These indicate the tool properly rejected serialized data without deserializing
|
|
1179
|
+
/serialization.?not.?supported/i,
|
|
1180
|
+
/pickle.?disabled/i,
|
|
1181
|
+
/deserialization.?blocked/i,
|
|
1182
|
+
/unsafe.?format.?rejected/i,
|
|
1183
|
+
/binary.?data.?not.?accepted/i,
|
|
1184
|
+
/data.?stored.?safely/i,
|
|
1185
|
+
/without.?deserialization/i,
|
|
1186
|
+
/no.?pickle/i,
|
|
1187
|
+
/stored.?without.?deserializ/i,
|
|
1153
1188
|
];
|
|
1154
1189
|
// LAYER 1: Check for reflection/status patterns
|
|
1155
1190
|
const hasReflection = reflectionPatterns.some((pattern) => pattern.test(responseText));
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@bryan-thompson/inspector-assessment-client",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.18.1",
|
|
4
4
|
"description": "Client-side application for the Enhanced MCP Inspector with assessment capabilities",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"author": "Bryan Thompson <bryan@triepod.ai>",
|