@bryan-thompson/inspector-assessment-client 1.26.1 → 1.26.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/lib/assessment/extendedTypes.d.ts +80 -0
- package/lib/lib/assessment/extendedTypes.d.ts.map +1 -1
- package/lib/lib/prohibitedLibraries.d.ts +13 -0
- package/lib/lib/prohibitedLibraries.d.ts.map +1 -1
- package/lib/lib/prohibitedLibraries.js +78 -0
- package/lib/services/assessment/modules/AuthenticationAssessor.d.ts +14 -0
- package/lib/services/assessment/modules/AuthenticationAssessor.d.ts.map +1 -1
- package/lib/services/assessment/modules/AuthenticationAssessor.js +359 -2
- package/lib/services/assessment/modules/ProhibitedLibrariesAssessor.d.ts +7 -0
- package/lib/services/assessment/modules/ProhibitedLibrariesAssessor.d.ts.map +1 -1
- package/lib/services/assessment/modules/ProhibitedLibrariesAssessor.js +62 -22
- package/lib/services/assessment/modules/TemporalAssessor.d.ts +44 -0
- package/lib/services/assessment/modules/TemporalAssessor.d.ts.map +1 -1
- package/lib/services/assessment/modules/TemporalAssessor.js +267 -27
- package/package.json +1 -1
|
@@ -165,6 +165,7 @@ export interface ToolAnnotationAssessment {
|
|
|
165
165
|
};
|
|
166
166
|
}
|
|
167
167
|
export type ProhibitedLibraryCategory = "financial" | "media" | "payments" | "banking";
|
|
168
|
+
export type DependencyUsageStatus = "ACTIVE" | "UNUSED" | "UNKNOWN";
|
|
168
169
|
export interface ProhibitedLibraryMatch {
|
|
169
170
|
name: string;
|
|
170
171
|
category: ProhibitedLibraryCategory;
|
|
@@ -174,6 +175,12 @@ export interface ProhibitedLibraryMatch {
|
|
|
174
175
|
severity: "BLOCKING" | "HIGH" | "MEDIUM";
|
|
175
176
|
reason: string;
|
|
176
177
|
policyReference: string;
|
|
178
|
+
/** Whether the dependency is actually imported in source code (Issue #63) */
|
|
179
|
+
usageStatus?: DependencyUsageStatus;
|
|
180
|
+
/** Number of import statements found for this dependency */
|
|
181
|
+
importCount?: number;
|
|
182
|
+
/** Files where the dependency is imported */
|
|
183
|
+
importFiles?: string[];
|
|
177
184
|
}
|
|
178
185
|
export interface ProhibitedLibrariesAssessment {
|
|
179
186
|
matches: ProhibitedLibraryMatch[];
|
|
@@ -300,6 +307,45 @@ export interface TransportSecurityAnalysis {
|
|
|
300
307
|
sessionSecure: boolean;
|
|
301
308
|
recommendations: string[];
|
|
302
309
|
}
|
|
310
|
+
/** Type of authentication configuration finding */
|
|
311
|
+
export type AuthConfigFindingType = "ENV_DEPENDENT_AUTH" | "FAIL_OPEN_PATTERN" | "DEV_MODE_WARNING" | "HARDCODED_SECRET";
|
|
312
|
+
/** Severity of auth configuration finding */
|
|
313
|
+
export type AuthConfigSeverity = "HIGH" | "MEDIUM" | "LOW";
|
|
314
|
+
/** Context lines surrounding a finding (Issue #66) */
|
|
315
|
+
export interface AuthConfigFindingContext {
|
|
316
|
+
/** Line before the finding (undefined if finding is on first line) */
|
|
317
|
+
before?: string;
|
|
318
|
+
/** Line after the finding (undefined if finding is on last line) */
|
|
319
|
+
after?: string;
|
|
320
|
+
}
|
|
321
|
+
/** Single auth configuration finding */
|
|
322
|
+
export interface AuthConfigFinding {
|
|
323
|
+
type: AuthConfigFindingType;
|
|
324
|
+
severity: AuthConfigSeverity;
|
|
325
|
+
message: string;
|
|
326
|
+
evidence: string;
|
|
327
|
+
file?: string;
|
|
328
|
+
lineNumber?: number;
|
|
329
|
+
recommendation?: string;
|
|
330
|
+
/** Issue #66: Surrounding context lines for better understanding */
|
|
331
|
+
context?: AuthConfigFindingContext;
|
|
332
|
+
}
|
|
333
|
+
/** Auth configuration analysis results */
|
|
334
|
+
export interface AuthConfigAnalysis {
|
|
335
|
+
/** Total findings detected */
|
|
336
|
+
totalFindings: number;
|
|
337
|
+
/** Findings by type */
|
|
338
|
+
envDependentAuthCount: number;
|
|
339
|
+
failOpenPatternCount: number;
|
|
340
|
+
devModeWarningCount: number;
|
|
341
|
+
hardcodedSecretCount: number;
|
|
342
|
+
/** Detailed findings */
|
|
343
|
+
findings: AuthConfigFinding[];
|
|
344
|
+
/** Has any HIGH severity findings */
|
|
345
|
+
hasHighSeverity: boolean;
|
|
346
|
+
/** Environment variables detected for auth */
|
|
347
|
+
envVarsDetected: string[];
|
|
348
|
+
}
|
|
303
349
|
export interface AuthenticationAssessment {
|
|
304
350
|
authMethod: AuthMethod;
|
|
305
351
|
hasLocalDependencies: boolean;
|
|
@@ -312,6 +358,8 @@ export interface AuthenticationAssessment {
|
|
|
312
358
|
apiKeyIndicators: string[];
|
|
313
359
|
};
|
|
314
360
|
transportSecurity?: TransportSecurityAnalysis;
|
|
361
|
+
/** Issue #62: Auth configuration analysis for env-dependent auth and fail-open patterns */
|
|
362
|
+
authConfigAnalysis?: AuthConfigAnalysis;
|
|
315
363
|
status: AssessmentStatus;
|
|
316
364
|
explanation: string;
|
|
317
365
|
recommendations: string[];
|
|
@@ -339,6 +387,38 @@ export interface TemporalToolResult {
|
|
|
339
387
|
baselineSchema?: unknown;
|
|
340
388
|
mutatedSchema?: unknown;
|
|
341
389
|
};
|
|
390
|
+
/** Issue #69: Variance classification for reduced false positives */
|
|
391
|
+
varianceClassification?: VarianceClassification;
|
|
392
|
+
/** Issue #69: Per-invocation variance details for transparency */
|
|
393
|
+
varianceDetails?: Array<{
|
|
394
|
+
invocation: number;
|
|
395
|
+
classification: VarianceClassification;
|
|
396
|
+
}>;
|
|
397
|
+
}
|
|
398
|
+
/**
|
|
399
|
+
* Classification of temporal variance between tool invocations.
|
|
400
|
+
* Used to reduce false positives while maintaining detection capability.
|
|
401
|
+
*
|
|
402
|
+
* - LEGITIMATE: Expected variance (IDs, timestamps, search results, pagination)
|
|
403
|
+
* - SUSPICIOUS: Concerning changes (capabilities, permissions, schema structure)
|
|
404
|
+
* - BEHAVIORAL: Semantic changes (promotional keywords, error injection)
|
|
405
|
+
*/
|
|
406
|
+
export type VarianceType = "LEGITIMATE" | "SUSPICIOUS" | "BEHAVIORAL";
|
|
407
|
+
/**
|
|
408
|
+
* Result of variance classification analysis.
|
|
409
|
+
* Provides transparency into why a response difference was classified.
|
|
410
|
+
*/
|
|
411
|
+
export interface VarianceClassification {
|
|
412
|
+
/** Type of variance detected */
|
|
413
|
+
type: VarianceType;
|
|
414
|
+
/** Confidence in the classification */
|
|
415
|
+
confidence: "high" | "medium" | "low";
|
|
416
|
+
/** Human-readable reasons for the classification */
|
|
417
|
+
reasons: string[];
|
|
418
|
+
/** Field paths that varied between invocations */
|
|
419
|
+
variedFields?: string[];
|
|
420
|
+
/** Suspicious patterns detected (if type is SUSPICIOUS or BEHAVIORAL) */
|
|
421
|
+
suspiciousPatterns?: string[];
|
|
342
422
|
}
|
|
343
423
|
export interface TemporalAssessment {
|
|
344
424
|
toolsTested: number;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"extendedTypes.d.ts","sourceRoot":"","sources":["../../../src/lib/assessment/extendedTypes.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EAChB,MAAM,aAAa,CAAC;AAOrB,MAAM,MAAM,WAAW,GACnB,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,CAAC;AAER,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,MAAM,CAAC;AAElE,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,WAAW,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,WAAW,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,WAAW,GAAG,kBAAkB,GAAG,QAAQ,GAAG,aAAa,CAAC;IACtE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,mBAAmB,EAAE,OAAO,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,YAAY,EAAE,CAAC;IAC3B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,gBAAgB,EAAE;QAChB,SAAS,EAAE,OAAO,CAAC;QACnB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,MAAM,EAAE,OAAO,CAAC;QAChB,UAAU,EAAE,OAAO,CAAC;KACrB,CAAC;IACF,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,KAAK,GAAG,aAAa,GAAG,UAAU,GAAG,MAAM,CAAC;AAE3E,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,OAAO,CAAC;IACxB,WAAW,CAAC,EAAE;QACZ,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,CAAC,EAAE,OAAO,CAAC;KACzB,CAAC;IACF,gDAAgD;IAChD,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,gBAAgB,CAAC,EAAE;QACjB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;QAC7B,MAAM,EAAE,MAAM,CAAC;QACf,wCAAwC;QACxC,UAAU,EAAE,mBAAmB,CAAC;QAChC,yDAAyD;QACzD,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,iEAAiE;IACjE,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,iDAAiD;IACjD,oBAAoB,CAAC,EAAE;QACrB,QAAQ,EAAE,OAAO,CAAC;QAClB,QAAQ,EAAE,KAAK,CAAC;YACd,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,MAAM,CAAC;YAChB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;YACpC,QAAQ,EAAE,MAAM,CAAC;YACjB,QAAQ,EAAE,MAAM,CAAC;SAClB,CAAC,CAAC;QACH,SAAS,EAAE,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;KAC/C,CAAC;IACF,+CAA+C;IAC/C,gBAAgB,CAAC,EAAE;QACjB,kCAAkC;QAClC,SAAS,CAAC,EAAE;YACV,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;YAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;SAC5B,CAAC;QACF,oCAAoC;QACpC,WAAW,CAAC,EAAE;YACZ,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;YACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;SACnB,CAAC;QACF,6BAA6B;QAC7B,YAAY,CAAC,EAAE;YACb,SAAS,EAAE,OAAO,CAAC;YACnB,MAAM,CAAC,EAAE,MAAM,CAAC;SACjB,CAAC;QACF,6BAA6B;QAC7B,cAAc,CAAC,EAAE;YACf,SAAS,EAAE,OAAO,CAAC;YACnB,YAAY,CAAC,EAAE,MAAM,CAAC;SACvB,CAAC;KACH,CAAC;CACH;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,oBAAoB,EAAE,CAAC;IACpC,cAAc,EAAE,MAAM,CAAC;IACvB,uBAAuB,EAAE,MAAM,CAAC;IAChC,gFAAgF;IAChF,0BAA0B,EAAE,MAAM,CAAC;IACnC,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,8CAA8C;IAC9C,OAAO,CAAC,EAAE;QACR,uDAAuD;QACvD,QAAQ,EAAE,MAAM,CAAC;QACjB,yDAAyD;QACzD,WAAW,EAAE,MAAM,CAAC;QACpB,uDAAuD;QACvD,WAAW,EAAE,MAAM,CAAC;QACpB,2CAA2C;QAC3C,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IACF,6CAA6C;IAC7C,kBAAkB,CAAC,EAAE;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC;QACnB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,uDAAuD;IACvD,iBAAiB,CAAC,EAAE;QAClB,oDAAoD;QACpD,GAAG,EAAE,MAAM,CAAC;QACZ,sCAAsC;QACtC,UAAU,EAAE,MAAM,CAAC;QACnB,sDAAsD;QACtD,QAAQ,EAAE,MAAM,CAAC;QACjB,sCAAsC;QACtC,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,oEAAoE;IACpE,4BAA4B,CAAC,EAAE,MAAM,CAAC;IACtC,qDAAqD;IACrD,uBAAuB,CAAC,EAAE;QACxB,mBAAmB,EAAE,MAAM,CAAC;QAC5B,oBAAoB,EAAE,MAAM,CAAC;QAC7B,qBAAqB,EAAE,MAAM,CAAC;QAC9B,oBAAoB,EAAE,MAAM,CAAC;KAC9B,CAAC;IACF,+CAA+C;IAC/C,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;IAC5C,sDAAsD;IACtD,wBAAwB,CAAC,EAAE;QACzB,8CAA8C;QAC9C,kBAAkB,EAAE,MAAM,CAAC;QAC3B,qDAAqD;QACrD,kBAAkB,EAAE,MAAM,CAAC;QAC3B,gDAAgD;QAChD,aAAa,EAAE,MAAM,CAAC;QACtB,6DAA6D;QAC7D,uBAAuB,EAAE,MAAM,CAAC;KACjC,CAAC;CACH;AAOD,MAAM,MAAM,yBAAyB,GACjC,WAAW,GACX,OAAO,GACP,UAAU,GACV,SAAS,CAAC;AAEd,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,yBAAyB,CAAC;IACpC,QAAQ,EACJ,cAAc,GACd,eAAe,GACf,kBAAkB,GAClB,YAAY,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,6BAA6B;IAC5C,OAAO,EAAE,sBAAsB,EAAE,CAAC;IAClC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,kBAAkB;IACjC,gBAAgB,EAAE,MAAM,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE;QACV,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;QAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC9B,CAAC;IACF,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED;;;GAGG;AACH,MAAM,WAAW,uBAAuB;IACtC,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,wBAAwB;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;CACxC;AAED,MAAM,WAAW,4BAA4B;IAC3C,WAAW,EAAE,OAAO,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,iBAAiB,EAAE,wBAAwB,EAAE,CAAC;IAC9C,OAAO,EAAE,OAAO,CAAC;IACjB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,4CAA4C;IAC5C,eAAe,CAAC,EAAE;QAChB,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,iBAAiB,EAAE,uBAAuB,EAAE,CAAC;QAC7C,aAAa,EAAE,OAAO,CAAC;KACxB,CAAC;IACF,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EACA,gBAAgB,GAChB,mBAAmB,GACnB,yBAAyB,GACzB,eAAe,GACf,gBAAgB,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACpC,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,gBAAgB,EAAE,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE,OAAO,CAAC;IACrB,cAAc,EAAE,OAAO,CAAC;IACxB,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;IAE1B,yCAAyC;IACzC,aAAa,CAAC,EAAE,KAAK,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,OAAO,CAAC;QACpB,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,CAAC,CAAC;IACH,gCAAgC;IAChC,gBAAgB,CAAC,EAAE;QACjB,SAAS,EAAE,KAAK,GAAG,SAAS,GAAG,OAAO,GAAG,OAAO,CAAC;QACjD,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC;CACH;AAMD,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,4BAA4B;IAC3C,YAAY,EAAE,WAAW,EAAE,CAAC;IAC5B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAMD,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAAC;AAElE,MAAM,WAAW,mBAAmB;IAClC,aAAa,EAAE,OAAO,CAAC;IACvB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,yBAAyB;IACxC,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,OAAO,CAAC;IACrB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,aAAa,EAAE,OAAO,CAAC;IACvB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,UAAU,CAAC;IACvB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,mBAAmB,CAAC;IACrC,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE;QAChB,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,uBAAuB,EAAE,MAAM,EAAE,CAAC;QAClC,gBAAgB,EAAE,MAAM,EAAE,CAAC;KAC5B,CAAC;IACF,iBAAiB,CAAC,EAAE,yBAAyB,CAAC;IAC9C,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,OAAO,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,mBAAmB,GAAG,qBAAqB,GAAG,IAAI,CAAC;IAC5D,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,MAAM,CAAC;IACrC,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE;QACT,mBAAmB,EAAE,OAAO,CAAC;QAC7B,wBAAwB,EAAE,OAAO,CAAC;KACnC,CAAC;IAEF,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,oBAAoB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,kBAAkB,CAAC,EAAE;QACnB,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,CAAC,EAAE,OAAO,CAAC;KACzB,CAAC;CACH;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC;IACzB,2BAA2B,EAAE,MAAM,CAAC;IACpC,OAAO,EAAE,kBAAkB,EAAE,CAAC;IAC9B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,OAAO,CAAC;IACpB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,uBAAuB,EAAE,OAAO,CAAC;IACjC,oBAAoB,EAAE,OAAO,CAAC;IAC9B,uBAAuB,EAAE,OAAO,CAAC;IACjC,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,2DAA2D;IAC3D,iBAAiB,CAAC,EAAE,KAAK,CAAC;QACxB,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;QACzC,QAAQ,EAAE,OAAO,CAAC;KACnB,CAAC,CAAC;IACH,iCAAiC;IACjC,cAAc,CAAC,EAAE;QACf,YAAY,EAAE,OAAO,CAAC;QACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,oDAAoD;IACpD,kBAAkB,CAAC,EAAE,QAAQ,GAAG,UAAU,GAAG,cAAc,GAAG,YAAY,CAAC;CAC5E;AAED,MAAM,WAAW,kBAAkB;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,uBAAuB,EAAE,MAAM,CAAC;IAChC,mBAAmB,EAAE,MAAM,CAAC;IAC5B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,4BAA4B,EAAE,MAAM,CAAC;IACrC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,8BAA8B,EAAE,MAAM,CAAC;IACvC,OAAO,EAAE,kBAAkB,EAAE,CAAC;IAC9B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,OAAO,CAAC;IAChB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,EAAE,OAAO,CAAC;IACtB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,6CAA6C;IAC7C,cAAc,CAAC,EAAE;QACf,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,SAAS,EAAE,OAAO,CAAC;KACpB,CAAC;IACF,+BAA+B;IAC/B,cAAc,CAAC,EAAE;QACf,gBAAgB,EAAE,OAAO,CAAC;QAC1B,aAAa,EAAE,OAAO,CAAC;QACvB,eAAe,EAAE,MAAM,EAAE,CAAC;KAC3B,CAAC;CACH;AAED,MAAM,WAAW,gBAAgB;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,wBAAwB,EAAE,MAAM,CAAC;IACjC,wBAAwB,EAAE,MAAM,CAAC;IACjC,OAAO,EAAE,gBAAgB,EAAE,CAAC;IAC5B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,yBAAyB;IACxC,QAAQ,EACJ,kBAAkB,GAClB,gBAAgB,GAChB,kBAAkB,GAClB,sBAAsB,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,OAAO,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,iBAAiB,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;IAEpB,uDAAuD;IACvD,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,qCAAqC;IACrC,oBAAoB,CAAC,EAAE;QACrB,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,6DAA6D;IAC7D,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,wCAAwC;IACxC,UAAU,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CACxC;AAED,MAAM,WAAW,iCAAiC;IAChD,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,wBAAwB,EAAE,MAAM,CAAC;IACjC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,OAAO,EAAE,yBAAyB,EAAE,CAAC;IACrC,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAQD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,+BAA+B;IAC/B,MAAM,EAAE,OAAO,CAAC;IAChB,2CAA2C;IAC3C,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,kDAAkD;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,gEAAgE;IAChE,aAAa,EAAE,MAAM,CAAC;IACtB,mFAAmF;IACnF,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,6DAA6D;IAC7D,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;;;GAIG;AACH,MAAM,WAAW,6BAA6B;IAC5C,iCAAiC;IACjC,MAAM,EAAE;QACN,0FAA0F;QAC1F,mBAAmB,EAAE,aAAa,CAAC;QACnC,uEAAuE;QACvE,kBAAkB,EAAE,aAAa,CAAC;QAClC,iEAAiE;QACjE,uBAAuB,EAAE,aAAa,CAAC;QACvC,mFAAmF;QACnF,qBAAqB,CAAC,EAAE,aAAa,CAAC;QACtC,6EAA6E;QAC7E,gBAAgB,CAAC,EAAE,aAAa,CAAC;KAClC,CAAC;IACF,wCAAwC;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,mEAAmE;IACnE,MAAM,EAAE,gBAAgB,CAAC;IACzB,0DAA0D;IAC1D,WAAW,EAAE,MAAM,CAAC;IACpB,yDAAyD;IACzD,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD;;GAEG;AACH,MAAM,MAAM,eAAe,GACvB,OAAO,GACP,SAAS,GACT,QAAQ,GACR,YAAY,GACZ,OAAO,GACP,OAAO,GACP,UAAU,GACV,WAAW,GACX,UAAU,GACV,WAAW,GACX,eAAe,GACf,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;AAErD;;GAEG;AACH,MAAM,MAAM,sBAAsB,GAAG,OAAO,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAEnE;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,4CAA4C;IAC5C,UAAU,EAAE,sBAAsB,CAAC;IACnC,iDAAiD;IACjD,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,4DAA4D;IAC5D,gBAAgB,EAAE,eAAe,EAAE,CAAC;IACpC,mDAAmD;IACnD,cAAc,EAAE,aAAa,EAAE,CAAC;IAChC,6DAA6D;IAC7D,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,0DAA0D;IAC1D,qBAAqB,EAAE,OAAO,CAAC;IAC/B,uCAAuC;IACvC,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,uCAAuC;IACvC,QAAQ,EAAE;QACR,mDAAmD;QACnD,kBAAkB,EAAE,MAAM,EAAE,CAAC;QAC7B,oDAAoD;QACpD,mBAAmB,EAAE,MAAM,EAAE,CAAC;QAC9B,yDAAyD;QACzD,iBAAiB,EAAE,MAAM,EAAE,CAAC;KAC7B,CAAC;CACH;AAOD;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,uDAAuD;IACvD,gBAAgB,EAAE,OAAO,CAAC;IAC1B,yDAAyD;IACzD,mBAAmB,EAAE,OAAO,CAAC;IAC7B,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,uDAAuD;IACvD,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,+BAA+B;IAC9C,8BAA8B;IAC9B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,mBAAmB,EAAE,OAAO,CAAC;IAC7B,uCAAuC;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,yCAAyC;IACzC,WAAW,EAAE,OAAO,CAAC;IACrB,0CAA0C;IAC1C,OAAO,EAAE;QACP,6CAA6C;QAC7C,iBAAiB,CAAC,EAAE,eAAe,CAAC;QACpC,+CAA+C;QAC/C,iBAAiB,CAAC,EAAE,eAAe,CAAC;QACpC,wCAAwC;QACxC,iBAAiB,CAAC,EAAE,eAAe,CAAC;QACpC,yCAAyC;QACzC,kBAAkB,CAAC,EAAE,eAAe,CAAC;KACtC,CAAC;IACF,qDAAqD;IACrD,oBAAoB,EAAE,MAAM,CAAC;CAC9B"}
|
|
1
|
+
{"version":3,"file":"extendedTypes.d.ts","sourceRoot":"","sources":["../../../src/lib/assessment/extendedTypes.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EAChB,MAAM,aAAa,CAAC;AAOrB,MAAM,MAAM,WAAW,GACnB,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,CAAC;AAER,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,MAAM,CAAC;AAElE,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,WAAW,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,WAAW,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,WAAW,GAAG,kBAAkB,GAAG,QAAQ,GAAG,aAAa,CAAC;IACtE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,mBAAmB,EAAE,OAAO,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,YAAY,EAAE,CAAC;IAC3B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,gBAAgB,EAAE;QAChB,SAAS,EAAE,OAAO,CAAC;QACnB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,MAAM,EAAE,OAAO,CAAC;QAChB,UAAU,EAAE,OAAO,CAAC;KACrB,CAAC;IACF,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,KAAK,GAAG,aAAa,GAAG,UAAU,GAAG,MAAM,CAAC;AAE3E,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,OAAO,CAAC;IACxB,WAAW,CAAC,EAAE;QACZ,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,CAAC,EAAE,OAAO,CAAC;KACzB,CAAC;IACF,gDAAgD;IAChD,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,gBAAgB,CAAC,EAAE;QACjB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;QAC7B,MAAM,EAAE,MAAM,CAAC;QACf,wCAAwC;QACxC,UAAU,EAAE,mBAAmB,CAAC;QAChC,yDAAyD;QACzD,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,iEAAiE;IACjE,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,iDAAiD;IACjD,oBAAoB,CAAC,EAAE;QACrB,QAAQ,EAAE,OAAO,CAAC;QAClB,QAAQ,EAAE,KAAK,CAAC;YACd,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,MAAM,CAAC;YAChB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;YACpC,QAAQ,EAAE,MAAM,CAAC;YACjB,QAAQ,EAAE,MAAM,CAAC;SAClB,CAAC,CAAC;QACH,SAAS,EAAE,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;KAC/C,CAAC;IACF,+CAA+C;IAC/C,gBAAgB,CAAC,EAAE;QACjB,kCAAkC;QAClC,SAAS,CAAC,EAAE;YACV,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;YAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;SAC5B,CAAC;QACF,oCAAoC;QACpC,WAAW,CAAC,EAAE;YACZ,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;YACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;SACnB,CAAC;QACF,6BAA6B;QAC7B,YAAY,CAAC,EAAE;YACb,SAAS,EAAE,OAAO,CAAC;YACnB,MAAM,CAAC,EAAE,MAAM,CAAC;SACjB,CAAC;QACF,6BAA6B;QAC7B,cAAc,CAAC,EAAE;YACf,SAAS,EAAE,OAAO,CAAC;YACnB,YAAY,CAAC,EAAE,MAAM,CAAC;SACvB,CAAC;KACH,CAAC;CACH;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,oBAAoB,EAAE,CAAC;IACpC,cAAc,EAAE,MAAM,CAAC;IACvB,uBAAuB,EAAE,MAAM,CAAC;IAChC,gFAAgF;IAChF,0BAA0B,EAAE,MAAM,CAAC;IACnC,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,8CAA8C;IAC9C,OAAO,CAAC,EAAE;QACR,uDAAuD;QACvD,QAAQ,EAAE,MAAM,CAAC;QACjB,yDAAyD;QACzD,WAAW,EAAE,MAAM,CAAC;QACpB,uDAAuD;QACvD,WAAW,EAAE,MAAM,CAAC;QACpB,2CAA2C;QAC3C,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IACF,6CAA6C;IAC7C,kBAAkB,CAAC,EAAE;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC;QACnB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,uDAAuD;IACvD,iBAAiB,CAAC,EAAE;QAClB,oDAAoD;QACpD,GAAG,EAAE,MAAM,CAAC;QACZ,sCAAsC;QACtC,UAAU,EAAE,MAAM,CAAC;QACnB,sDAAsD;QACtD,QAAQ,EAAE,MAAM,CAAC;QACjB,sCAAsC;QACtC,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,oEAAoE;IACpE,4BAA4B,CAAC,EAAE,MAAM,CAAC;IACtC,qDAAqD;IACrD,uBAAuB,CAAC,EAAE;QACxB,mBAAmB,EAAE,MAAM,CAAC;QAC5B,oBAAoB,EAAE,MAAM,CAAC;QAC7B,qBAAqB,EAAE,MAAM,CAAC;QAC9B,oBAAoB,EAAE,MAAM,CAAC;KAC9B,CAAC;IACF,+CAA+C;IAC/C,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;IAC5C,sDAAsD;IACtD,wBAAwB,CAAC,EAAE;QACzB,8CAA8C;QAC9C,kBAAkB,EAAE,MAAM,CAAC;QAC3B,qDAAqD;QACrD,kBAAkB,EAAE,MAAM,CAAC;QAC3B,gDAAgD;QAChD,aAAa,EAAE,MAAM,CAAC;QACtB,6DAA6D;QAC7D,uBAAuB,EAAE,MAAM,CAAC;KACjC,CAAC;CACH;AAOD,MAAM,MAAM,yBAAyB,GACjC,WAAW,GACX,OAAO,GACP,UAAU,GACV,SAAS,CAAC;AAEd,MAAM,MAAM,qBAAqB,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;AAEpE,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,yBAAyB,CAAC;IACpC,QAAQ,EACJ,cAAc,GACd,eAAe,GACf,kBAAkB,GAClB,YAAY,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;IACxB,6EAA6E;IAC7E,WAAW,CAAC,EAAE,qBAAqB,CAAC;IACpC,4DAA4D;IAC5D,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,6CAA6C;IAC7C,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,6BAA6B;IAC5C,OAAO,EAAE,sBAAsB,EAAE,CAAC;IAClC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,kBAAkB;IACjC,gBAAgB,EAAE,MAAM,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE;QACV,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;QAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC9B,CAAC;IACF,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED;;;GAGG;AACH,MAAM,WAAW,uBAAuB;IACtC,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,wBAAwB;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;CACxC;AAED,MAAM,WAAW,4BAA4B;IAC3C,WAAW,EAAE,OAAO,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,iBAAiB,EAAE,wBAAwB,EAAE,CAAC;IAC9C,OAAO,EAAE,OAAO,CAAC;IACjB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,4CAA4C;IAC5C,eAAe,CAAC,EAAE;QAChB,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,iBAAiB,EAAE,uBAAuB,EAAE,CAAC;QAC7C,aAAa,EAAE,OAAO,CAAC;KACxB,CAAC;IACF,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EACA,gBAAgB,GAChB,mBAAmB,GACnB,yBAAyB,GACzB,eAAe,GACf,gBAAgB,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACpC,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,gBAAgB,EAAE,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE,OAAO,CAAC;IACrB,cAAc,EAAE,OAAO,CAAC;IACxB,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;IAE1B,yCAAyC;IACzC,aAAa,CAAC,EAAE,KAAK,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,OAAO,CAAC;QACpB,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,CAAC,CAAC;IACH,gCAAgC;IAChC,gBAAgB,CAAC,EAAE;QACjB,SAAS,EAAE,KAAK,GAAG,SAAS,GAAG,OAAO,GAAG,OAAO,CAAC;QACjD,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC;CACH;AAMD,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,4BAA4B;IAC3C,YAAY,EAAE,WAAW,EAAE,CAAC;IAC5B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAMD,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAAC;AAElE,MAAM,WAAW,mBAAmB;IAClC,aAAa,EAAE,OAAO,CAAC;IACvB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,yBAAyB;IACxC,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,OAAO,CAAC;IACrB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,aAAa,EAAE,OAAO,CAAC;IACvB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,mDAAmD;AACnD,MAAM,MAAM,qBAAqB,GAC7B,oBAAoB,GACpB,mBAAmB,GACnB,kBAAkB,GAClB,kBAAkB,CAAC;AAEvB,6CAA6C;AAC7C,MAAM,MAAM,kBAAkB,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAE3D,sDAAsD;AACtD,MAAM,WAAW,wBAAwB;IACvC,sEAAsE;IACtE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oEAAoE;IACpE,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wCAAwC;AACxC,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,qBAAqB,CAAC;IAC5B,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,oEAAoE;IACpE,OAAO,CAAC,EAAE,wBAAwB,CAAC;CACpC;AAED,0CAA0C;AAC1C,MAAM,WAAW,kBAAkB;IACjC,8BAA8B;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,uBAAuB;IACvB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,wBAAwB;IACxB,QAAQ,EAAE,iBAAiB,EAAE,CAAC;IAC9B,qCAAqC;IACrC,eAAe,EAAE,OAAO,CAAC;IACzB,8CAA8C;IAC9C,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,UAAU,CAAC;IACvB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,mBAAmB,CAAC;IACrC,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE;QAChB,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,uBAAuB,EAAE,MAAM,EAAE,CAAC;QAClC,gBAAgB,EAAE,MAAM,EAAE,CAAC;KAC5B,CAAC;IACF,iBAAiB,CAAC,EAAE,yBAAyB,CAAC;IAC9C,2FAA2F;IAC3F,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,OAAO,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,mBAAmB,GAAG,qBAAqB,GAAG,IAAI,CAAC;IAC5D,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,MAAM,CAAC;IACrC,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE;QACT,mBAAmB,EAAE,OAAO,CAAC;QAC7B,wBAAwB,EAAE,OAAO,CAAC;KACnC,CAAC;IAEF,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,oBAAoB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,kBAAkB,CAAC,EAAE;QACnB,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,CAAC,EAAE,OAAO,CAAC;KACzB,CAAC;IACF,qEAAqE;IACrE,sBAAsB,CAAC,EAAE,sBAAsB,CAAC;IAChD,kEAAkE;IAClE,eAAe,CAAC,EAAE,KAAK,CAAC;QACtB,UAAU,EAAE,MAAM,CAAC;QACnB,cAAc,EAAE,sBAAsB,CAAC;KACxC,CAAC,CAAC;CACJ;AAOD;;;;;;;GAOG;AACH,MAAM,MAAM,YAAY,GAAG,YAAY,GAAG,YAAY,GAAG,YAAY,CAAC;AAEtE;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC,gCAAgC;IAChC,IAAI,EAAE,YAAY,CAAC;IACnB,uCAAuC;IACvC,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,oDAAoD;IACpD,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,kDAAkD;IAClD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,yEAAyE;IACzE,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC/B;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC;IACzB,2BAA2B,EAAE,MAAM,CAAC;IACpC,OAAO,EAAE,kBAAkB,EAAE,CAAC;IAC9B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,OAAO,CAAC;IACpB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,uBAAuB,EAAE,OAAO,CAAC;IACjC,oBAAoB,EAAE,OAAO,CAAC;IAC9B,uBAAuB,EAAE,OAAO,CAAC;IACjC,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,2DAA2D;IAC3D,iBAAiB,CAAC,EAAE,KAAK,CAAC;QACxB,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;QACzC,QAAQ,EAAE,OAAO,CAAC;KACnB,CAAC,CAAC;IACH,iCAAiC;IACjC,cAAc,CAAC,EAAE;QACf,YAAY,EAAE,OAAO,CAAC;QACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,oDAAoD;IACpD,kBAAkB,CAAC,EAAE,QAAQ,GAAG,UAAU,GAAG,cAAc,GAAG,YAAY,CAAC;CAC5E;AAED,MAAM,WAAW,kBAAkB;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,uBAAuB,EAAE,MAAM,CAAC;IAChC,mBAAmB,EAAE,MAAM,CAAC;IAC5B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,4BAA4B,EAAE,MAAM,CAAC;IACrC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,8BAA8B,EAAE,MAAM,CAAC;IACvC,OAAO,EAAE,kBAAkB,EAAE,CAAC;IAC9B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,OAAO,CAAC;IAChB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,EAAE,OAAO,CAAC;IACtB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,6CAA6C;IAC7C,cAAc,CAAC,EAAE;QACf,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,SAAS,EAAE,OAAO,CAAC;KACpB,CAAC;IACF,+BAA+B;IAC/B,cAAc,CAAC,EAAE;QACf,gBAAgB,EAAE,OAAO,CAAC;QAC1B,aAAa,EAAE,OAAO,CAAC;QACvB,eAAe,EAAE,MAAM,EAAE,CAAC;KAC3B,CAAC;CACH;AAED,MAAM,WAAW,gBAAgB;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,wBAAwB,EAAE,MAAM,CAAC;IACjC,wBAAwB,EAAE,MAAM,CAAC;IACjC,OAAO,EAAE,gBAAgB,EAAE,CAAC;IAC5B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,yBAAyB;IACxC,QAAQ,EACJ,kBAAkB,GAClB,gBAAgB,GAChB,kBAAkB,GAClB,sBAAsB,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,OAAO,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,iBAAiB,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;IAEpB,uDAAuD;IACvD,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,qCAAqC;IACrC,oBAAoB,CAAC,EAAE;QACrB,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,6DAA6D;IAC7D,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,wCAAwC;IACxC,UAAU,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CACxC;AAED,MAAM,WAAW,iCAAiC;IAChD,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,wBAAwB,EAAE,MAAM,CAAC;IACjC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,OAAO,EAAE,yBAAyB,EAAE,CAAC;IACrC,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAQD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,+BAA+B;IAC/B,MAAM,EAAE,OAAO,CAAC;IAChB,2CAA2C;IAC3C,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,kDAAkD;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,gEAAgE;IAChE,aAAa,EAAE,MAAM,CAAC;IACtB,mFAAmF;IACnF,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,6DAA6D;IAC7D,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;;;GAIG;AACH,MAAM,WAAW,6BAA6B;IAC5C,iCAAiC;IACjC,MAAM,EAAE;QACN,0FAA0F;QAC1F,mBAAmB,EAAE,aAAa,CAAC;QACnC,uEAAuE;QACvE,kBAAkB,EAAE,aAAa,CAAC;QAClC,iEAAiE;QACjE,uBAAuB,EAAE,aAAa,CAAC;QACvC,mFAAmF;QACnF,qBAAqB,CAAC,EAAE,aAAa,CAAC;QACtC,6EAA6E;QAC7E,gBAAgB,CAAC,EAAE,aAAa,CAAC;KAClC,CAAC;IACF,wCAAwC;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,mEAAmE;IACnE,MAAM,EAAE,gBAAgB,CAAC;IACzB,0DAA0D;IAC1D,WAAW,EAAE,MAAM,CAAC;IACpB,yDAAyD;IACzD,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD;;GAEG;AACH,MAAM,MAAM,eAAe,GACvB,OAAO,GACP,SAAS,GACT,QAAQ,GACR,YAAY,GACZ,OAAO,GACP,OAAO,GACP,UAAU,GACV,WAAW,GACX,UAAU,GACV,WAAW,GACX,eAAe,GACf,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;AAErD;;GAEG;AACH,MAAM,MAAM,sBAAsB,GAAG,OAAO,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAEnE;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,4CAA4C;IAC5C,UAAU,EAAE,sBAAsB,CAAC;IACnC,iDAAiD;IACjD,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,4DAA4D;IAC5D,gBAAgB,EAAE,eAAe,EAAE,CAAC;IACpC,mDAAmD;IACnD,cAAc,EAAE,aAAa,EAAE,CAAC;IAChC,6DAA6D;IAC7D,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,0DAA0D;IAC1D,qBAAqB,EAAE,OAAO,CAAC;IAC/B,uCAAuC;IACvC,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,uCAAuC;IACvC,QAAQ,EAAE;QACR,mDAAmD;QACnD,kBAAkB,EAAE,MAAM,EAAE,CAAC;QAC7B,oDAAoD;QACpD,mBAAmB,EAAE,MAAM,EAAE,CAAC;QAC9B,yDAAyD;QACzD,iBAAiB,EAAE,MAAM,EAAE,CAAC;KAC7B,CAAC;CACH;AAOD;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,uDAAuD;IACvD,gBAAgB,EAAE,OAAO,CAAC;IAC1B,yDAAyD;IACzD,mBAAmB,EAAE,OAAO,CAAC;IAC7B,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,uDAAuD;IACvD,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,+BAA+B;IAC9C,8BAA8B;IAC9B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,mBAAmB,EAAE,OAAO,CAAC;IAC7B,uCAAuC;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,yCAAyC;IACzC,WAAW,EAAE,OAAO,CAAC;IACrB,0CAA0C;IAC1C,OAAO,EAAE;QACP,6CAA6C;QAC7C,iBAAiB,CAAC,EAAE,eAAe,CAAC;QACpC,+CAA+C;QAC/C,iBAAiB,CAAC,EAAE,eAAe,CAAC;QACpC,wCAAwC;QACxC,iBAAiB,CAAC,EAAE,eAAe,CAAC;QACpC,yCAAyC;QACzC,kBAAkB,CAAC,EAAE,eAAe,CAAC;KACtC,CAAC;IACF,qDAAqD;IACrD,oBAAoB,EAAE,MAAM,CAAC;CAC9B"}
|
|
@@ -65,6 +65,19 @@ export declare function checkRequirementsTxt(content: string): Array<{
|
|
|
65
65
|
matchedText: string;
|
|
66
66
|
lineNumber: number;
|
|
67
67
|
}>;
|
|
68
|
+
/**
|
|
69
|
+
* Check if a dependency is actually imported in source code (Issue #63)
|
|
70
|
+
*
|
|
71
|
+
* Used to distinguish between dependencies that are:
|
|
72
|
+
* - ACTIVE: Listed AND imported (actual usage)
|
|
73
|
+
* - UNUSED: Listed but NOT imported (can be removed)
|
|
74
|
+
* - UNKNOWN: Unable to determine (source code not available)
|
|
75
|
+
*/
|
|
76
|
+
export declare function checkDependencyUsage(dependencyName: string, sourceCodeFiles: Map<string, string>): {
|
|
77
|
+
status: "ACTIVE" | "UNUSED" | "UNKNOWN";
|
|
78
|
+
importCount: number;
|
|
79
|
+
files: string[];
|
|
80
|
+
};
|
|
68
81
|
/**
|
|
69
82
|
* Get libraries by severity level
|
|
70
83
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prohibitedLibraries.d.ts","sourceRoot":"","sources":["../../src/lib/prohibitedLibraries.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,mBAAmB,CAAC;AAEnE,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,EAAE,yBAAyB,CAAC;IACpC,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,eAAe,EAAE,MAAM,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;GAGG;AACH,eAAO,MAAM,mBAAmB,EAAE,iBAAiB,EAqHlD,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,eAAe,EAAE,iBAAiB,EAkH9C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,wBAAwB,EAAE,iBAAiB,EAGvD,CAAC;AAEF;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI,CASzE;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,KAAK,CAAC;IAC5D,OAAO,EAAE,iBAAiB,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC,CAgDD;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CAAC,WAAW,EAAE;IACxD,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACzC,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC3C,GAAG,KAAK,CAAC;IACR,OAAO,EAAE,iBAAiB,CAAC;IAC3B,cAAc,EAAE,cAAc,GAAG,iBAAiB,GAAG,kBAAkB,CAAC;IACxE,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC,CA8BD;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,KAAK,CAAC;IAC3D,OAAO,EAAE,iBAAiB,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC,CAgCD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GACvC,iBAAiB,EAAE,CAErB;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,yBAAyB,GAClC,iBAAiB,EAAE,CAErB"}
|
|
1
|
+
{"version":3,"file":"prohibitedLibraries.d.ts","sourceRoot":"","sources":["../../src/lib/prohibitedLibraries.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,mBAAmB,CAAC;AAEnE,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,EAAE,yBAAyB,CAAC;IACpC,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,eAAe,EAAE,MAAM,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;GAGG;AACH,eAAO,MAAM,mBAAmB,EAAE,iBAAiB,EAqHlD,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,eAAe,EAAE,iBAAiB,EAkH9C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,wBAAwB,EAAE,iBAAiB,EAGvD,CAAC;AAEF;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI,CASzE;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,KAAK,CAAC;IAC5D,OAAO,EAAE,iBAAiB,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC,CAgDD;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CAAC,WAAW,EAAE;IACxD,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACzC,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC3C,GAAG,KAAK,CAAC;IACR,OAAO,EAAE,iBAAiB,CAAC;IAC3B,cAAc,EAAE,cAAc,GAAG,iBAAiB,GAAG,kBAAkB,CAAC;IACxE,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC,CA8BD;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,KAAK,CAAC;IAC3D,OAAO,EAAE,iBAAiB,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC,CAgCD;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAClC,cAAc,EAAE,MAAM,EACtB,eAAe,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GACnC;IACD,MAAM,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;IACxC,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB,CAkDA;AA+BD;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GACvC,iBAAiB,EAAE,CAErB;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,yBAAyB,GAClC,iBAAiB,EAAE,CAErB"}
|
|
@@ -350,6 +350,84 @@ export function checkRequirementsTxt(content) {
|
|
|
350
350
|
}
|
|
351
351
|
return matches;
|
|
352
352
|
}
|
|
353
|
+
/**
|
|
354
|
+
* Check if a dependency is actually imported in source code (Issue #63)
|
|
355
|
+
*
|
|
356
|
+
* Used to distinguish between dependencies that are:
|
|
357
|
+
* - ACTIVE: Listed AND imported (actual usage)
|
|
358
|
+
* - UNUSED: Listed but NOT imported (can be removed)
|
|
359
|
+
* - UNKNOWN: Unable to determine (source code not available)
|
|
360
|
+
*/
|
|
361
|
+
export function checkDependencyUsage(dependencyName, sourceCodeFiles) {
|
|
362
|
+
if (!sourceCodeFiles || sourceCodeFiles.size === 0) {
|
|
363
|
+
return { status: "UNKNOWN", importCount: 0, files: [] };
|
|
364
|
+
}
|
|
365
|
+
// Escape special regex characters in dependency name
|
|
366
|
+
const escapedName = dependencyName.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
|
|
367
|
+
// Build regex patterns for the specific dependency
|
|
368
|
+
const importPatterns = [
|
|
369
|
+
// ES6: import X from 'dep' or import { X } from 'dep'
|
|
370
|
+
new RegExp(`import\\s+.*from\\s+['"\`]${escapedName}['"\`]`, "g"),
|
|
371
|
+
// ES6: import 'dep' (side effect import)
|
|
372
|
+
new RegExp(`import\\s+['"\`]${escapedName}['"\`]`, "g"),
|
|
373
|
+
// CommonJS: require('dep')
|
|
374
|
+
new RegExp(`require\\s*\\(\\s*['"\`]${escapedName}['"\`]\\s*\\)`, "g"),
|
|
375
|
+
// Python: from dep import X
|
|
376
|
+
new RegExp(`from\\s+${escapedName}\\s+import`, "g"),
|
|
377
|
+
// Python: import dep
|
|
378
|
+
new RegExp(`^import\\s+${escapedName}\\b`, "gm"),
|
|
379
|
+
// Handle scoped packages: import X from '@scope/dep' or '@scope/dep/subpath'
|
|
380
|
+
new RegExp(`import\\s+.*from\\s+['"\`]${escapedName}/`, "g"),
|
|
381
|
+
new RegExp(`require\\s*\\(\\s*['"\`]${escapedName}/`, "g"),
|
|
382
|
+
];
|
|
383
|
+
const matchingFiles = [];
|
|
384
|
+
let totalMatches = 0;
|
|
385
|
+
for (const [filePath, content] of sourceCodeFiles) {
|
|
386
|
+
// Skip non-source files
|
|
387
|
+
if (!isSourceFileForUsageCheck(filePath))
|
|
388
|
+
continue;
|
|
389
|
+
for (const pattern of importPatterns) {
|
|
390
|
+
// Reset lastIndex for global regex
|
|
391
|
+
pattern.lastIndex = 0;
|
|
392
|
+
const matches = content.match(pattern);
|
|
393
|
+
if (matches) {
|
|
394
|
+
totalMatches += matches.length;
|
|
395
|
+
if (!matchingFiles.includes(filePath)) {
|
|
396
|
+
matchingFiles.push(filePath);
|
|
397
|
+
}
|
|
398
|
+
}
|
|
399
|
+
}
|
|
400
|
+
}
|
|
401
|
+
return {
|
|
402
|
+
status: totalMatches > 0 ? "ACTIVE" : "UNUSED",
|
|
403
|
+
importCount: totalMatches,
|
|
404
|
+
files: matchingFiles,
|
|
405
|
+
};
|
|
406
|
+
}
|
|
407
|
+
/**
|
|
408
|
+
* Check if file is a source file for usage analysis
|
|
409
|
+
*/
|
|
410
|
+
function isSourceFileForUsageCheck(filePath) {
|
|
411
|
+
const sourceExtensions = [
|
|
412
|
+
".ts",
|
|
413
|
+
".tsx",
|
|
414
|
+
".js",
|
|
415
|
+
".jsx",
|
|
416
|
+
".mjs",
|
|
417
|
+
".cjs",
|
|
418
|
+
".py",
|
|
419
|
+
".rs",
|
|
420
|
+
".go",
|
|
421
|
+
];
|
|
422
|
+
// Skip test files and node_modules
|
|
423
|
+
if (filePath.includes("node_modules") ||
|
|
424
|
+
filePath.includes(".test.") ||
|
|
425
|
+
filePath.includes(".spec.") ||
|
|
426
|
+
filePath.includes("__tests__")) {
|
|
427
|
+
return false;
|
|
428
|
+
}
|
|
429
|
+
return sourceExtensions.some((ext) => filePath.endsWith(ext));
|
|
430
|
+
}
|
|
353
431
|
/**
|
|
354
432
|
* Get libraries by severity level
|
|
355
433
|
*/
|
|
@@ -48,5 +48,19 @@ export declare class AuthenticationAssessor extends BaseAssessor {
|
|
|
48
48
|
* Generate recommendations
|
|
49
49
|
*/
|
|
50
50
|
private generateRecommendations;
|
|
51
|
+
/**
|
|
52
|
+
* Analyze source code for authentication configuration issues (Issue #62)
|
|
53
|
+
*
|
|
54
|
+
* Detects:
|
|
55
|
+
* - Environment-dependent auth (process.env.SECRET, process.env.AUTH_KEY, etc.)
|
|
56
|
+
* - Fail-open patterns (auth bypassed when env var missing with || or ?? fallback)
|
|
57
|
+
* - Development mode warnings (dev mode bypasses that weaken security)
|
|
58
|
+
* - Hardcoded secrets (credentials that should be in env vars)
|
|
59
|
+
*/
|
|
60
|
+
private analyzeAuthConfiguration;
|
|
61
|
+
/**
|
|
62
|
+
* Deduplicate findings by file, line, and type
|
|
63
|
+
*/
|
|
64
|
+
private deduplicateFindings;
|
|
51
65
|
}
|
|
52
66
|
//# sourceMappingURL=AuthenticationAssessor.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthenticationAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/AuthenticationAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAIV,wBAAwB,
|
|
1
|
+
{"version":3,"file":"AuthenticationAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/AuthenticationAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAIV,wBAAwB,EAMzB,MAAM,uBAAuB,CAAC;AA+L/B,qBAAa,sBAAuB,SAAQ,YAAY;IACtD;;OAEG;IACG,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,wBAAwB,CAAC;IAsJ3E;;OAEG;IACH,OAAO,CAAC,wBAAwB;IA6FhC;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA+BxB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAa3B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA2D/B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAyB9B;;OAEG;IACH,OAAO,CAAC,cAAc;IActB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAmB3B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA0C/B;;;;;;;;OAQG;IACH,OAAO,CAAC,wBAAwB;IA+OhC;;OAEG;IACH,OAAO,CAAC,mBAAmB;CAW5B"}
|
|
@@ -60,6 +60,124 @@ const SECURE_TRANSPORT_PATTERNS = [
|
|
|
60
60
|
/helmet/i, // Security middleware
|
|
61
61
|
/cors.*origin.*string|cors.*origin.*array/i, // Specific CORS origins
|
|
62
62
|
];
|
|
63
|
+
// ============================================================================
|
|
64
|
+
// Issue #62: Auth Configuration Patterns
|
|
65
|
+
// Detects environment-dependent auth, fail-open patterns, and dev mode warnings
|
|
66
|
+
// ============================================================================
|
|
67
|
+
// Patterns for env vars that control authentication
|
|
68
|
+
const AUTH_ENV_VAR_PATTERNS = [
|
|
69
|
+
/process\.env\.([A-Z_]*SECRET[A-Z_]*)/i,
|
|
70
|
+
/process\.env\.([A-Z_]*AUTH[A-Z_]*)/i,
|
|
71
|
+
/process\.env\.([A-Z_]*TOKEN[A-Z_]*)/i,
|
|
72
|
+
/process\.env\.([A-Z_]*API[_-]?KEY[A-Z_]*)/i,
|
|
73
|
+
/process\.env\.([A-Z_]*PASSWORD[A-Z_]*)/i,
|
|
74
|
+
/process\.env\.([A-Z_]*CREDENTIAL[A-Z_]*)/i,
|
|
75
|
+
/os\.environ\.get\(['"](.*(?:SECRET|AUTH|TOKEN|API[_-]?KEY|PASSWORD|CREDENTIAL).*)['"]/i, // Python
|
|
76
|
+
/os\.getenv\(['"](.*(?:SECRET|AUTH|TOKEN|API[_-]?KEY|PASSWORD|CREDENTIAL).*)['"]/i, // Python
|
|
77
|
+
];
|
|
78
|
+
// Patterns that indicate fail-open behavior (auth bypassed when env var missing)
|
|
79
|
+
// These capture the context around env var usage with fallback operators
|
|
80
|
+
const FAIL_OPEN_PATTERNS = [
|
|
81
|
+
// JavaScript/TypeScript: process.env.X || 'fallback' or process.env.X ?? 'fallback'
|
|
82
|
+
{
|
|
83
|
+
pattern: /process\.env\.[A-Z_]*(SECRET|AUTH|TOKEN|API[_-]?KEY)[A-Z_]*\s*\|\|/gi,
|
|
84
|
+
name: "OR_FALLBACK",
|
|
85
|
+
},
|
|
86
|
+
{
|
|
87
|
+
pattern: /process\.env\.[A-Z_]*(SECRET|AUTH|TOKEN|API[_-]?KEY)[A-Z_]*\s*\?\?/gi,
|
|
88
|
+
name: "NULLISH_FALLBACK",
|
|
89
|
+
},
|
|
90
|
+
// if (!process.env.X) pattern suggesting bypass
|
|
91
|
+
{
|
|
92
|
+
pattern: /if\s*\(\s*!?\s*process\.env\.[A-Z_]*(SECRET|AUTH|TOKEN|API[_-]?KEY)/gi,
|
|
93
|
+
name: "CONDITIONAL_CHECK",
|
|
94
|
+
},
|
|
95
|
+
// Python: os.environ.get('X', 'default') or os.getenv('X', 'default')
|
|
96
|
+
{
|
|
97
|
+
pattern: /os\.environ\.get\([^,]+(?:SECRET|AUTH|TOKEN|API[_-]?KEY)[^,]*,\s*['"]/gi,
|
|
98
|
+
name: "PYTHON_DEFAULT",
|
|
99
|
+
},
|
|
100
|
+
{
|
|
101
|
+
pattern: /os\.getenv\([^,]+(?:SECRET|AUTH|TOKEN|API[_-]?KEY)[^,]*,\s*['"]/gi,
|
|
102
|
+
name: "PYTHON_GETENV_DEFAULT",
|
|
103
|
+
},
|
|
104
|
+
];
|
|
105
|
+
// Patterns that indicate dev mode weakening security
|
|
106
|
+
// Warning 2 fix: Added word boundaries and assignment context to reduce false positives
|
|
107
|
+
const DEV_MODE_PATTERNS = [
|
|
108
|
+
// Development mode bypasses
|
|
109
|
+
{
|
|
110
|
+
pattern: /NODE_ENV.*development|development.*NODE_ENV/i,
|
|
111
|
+
severity: "LOW",
|
|
112
|
+
},
|
|
113
|
+
{
|
|
114
|
+
pattern: /if\s*\(\s*(?:process\.env\.)?NODE_ENV\s*[!=]==?\s*['"]development['"]\s*\)/i,
|
|
115
|
+
severity: "MEDIUM",
|
|
116
|
+
},
|
|
117
|
+
{
|
|
118
|
+
// Require word boundary and assignment context to avoid matching unrelated identifiers
|
|
119
|
+
pattern: /\b(isDev|isDevelopment|devMode|debugMode)\s*[=:]/i,
|
|
120
|
+
severity: "LOW",
|
|
121
|
+
},
|
|
122
|
+
// Debug authentication bypasses
|
|
123
|
+
{
|
|
124
|
+
pattern: /skip.*auth.*dev|dev.*skip.*auth/i,
|
|
125
|
+
severity: "HIGH",
|
|
126
|
+
},
|
|
127
|
+
{
|
|
128
|
+
pattern: /disable.*auth.*debug|debug.*disable.*auth/i,
|
|
129
|
+
severity: "HIGH",
|
|
130
|
+
},
|
|
131
|
+
{
|
|
132
|
+
pattern: /auth.*bypass|bypass.*auth/i,
|
|
133
|
+
severity: "HIGH",
|
|
134
|
+
},
|
|
135
|
+
// "authenticate all requests as dev user" pattern from issue
|
|
136
|
+
{
|
|
137
|
+
pattern: /authenticate.*all.*requests|all.*requests.*authenticate/i,
|
|
138
|
+
severity: "HIGH",
|
|
139
|
+
},
|
|
140
|
+
{
|
|
141
|
+
pattern: /as\s+dev\s+user|dev\s+user.*auth/i,
|
|
142
|
+
severity: "HIGH",
|
|
143
|
+
},
|
|
144
|
+
];
|
|
145
|
+
// Patterns that indicate hardcoded secrets (should be env vars)
|
|
146
|
+
const HARDCODED_SECRET_PATTERNS = [
|
|
147
|
+
{
|
|
148
|
+
pattern: /['"]sk[-_](?:live|test)_[a-zA-Z0-9]{20,}['"]/i,
|
|
149
|
+
name: "STRIPE_KEY",
|
|
150
|
+
}, // Stripe keys
|
|
151
|
+
{
|
|
152
|
+
pattern: /['"]pk[-_](?:live|test)_[a-zA-Z0-9]{20,}['"]/i,
|
|
153
|
+
name: "STRIPE_PUBLISHABLE",
|
|
154
|
+
},
|
|
155
|
+
{
|
|
156
|
+
pattern: /api[_-]?key\s*[:=]\s*['"][a-zA-Z0-9]{20,}['"]/i,
|
|
157
|
+
name: "API_KEY",
|
|
158
|
+
},
|
|
159
|
+
{
|
|
160
|
+
pattern: /secret[_-]?key\s*[:=]\s*['"][a-zA-Z0-9]{16,}['"]/i,
|
|
161
|
+
name: "SECRET_KEY",
|
|
162
|
+
},
|
|
163
|
+
{
|
|
164
|
+
// Warning 3 fix: Exclude env var interpolation and common placeholder values
|
|
165
|
+
pattern: /password\s*[:=]\s*['"](?!\$\{|password|changeme|example|test)[a-zA-Z0-9!@#$%^&*]{8,}['"]/i,
|
|
166
|
+
name: "HARDCODED_PASSWORD",
|
|
167
|
+
},
|
|
168
|
+
{
|
|
169
|
+
pattern: /auth[_-]?token\s*[:=]\s*['"][a-zA-Z0-9._-]{20,}['"]/i,
|
|
170
|
+
name: "AUTH_TOKEN",
|
|
171
|
+
},
|
|
172
|
+
];
|
|
173
|
+
// ============================================================================
|
|
174
|
+
// Issue #65: Rate Limiting Constants
|
|
175
|
+
// Prevents performance issues when analyzing large codebases
|
|
176
|
+
// ============================================================================
|
|
177
|
+
/** Maximum number of source files to analyze (prevents performance degradation) */
|
|
178
|
+
const MAX_FILES = 500;
|
|
179
|
+
/** Maximum number of findings per type (prevents overwhelming output) */
|
|
180
|
+
const MAX_FINDINGS = 100;
|
|
63
181
|
export class AuthenticationAssessor extends BaseAssessor {
|
|
64
182
|
/**
|
|
65
183
|
* Run authentication assessment
|
|
@@ -126,7 +244,23 @@ export class AuthenticationAssessor extends BaseAssessor {
|
|
|
126
244
|
if (transportSecurity.hasInsecurePatterns) {
|
|
127
245
|
appropriateness.concerns.push(...transportSecurity.insecurePatterns.map((p) => `Insecure transport pattern: ${p}`));
|
|
128
246
|
}
|
|
129
|
-
|
|
247
|
+
// Issue #62: Analyze auth configuration for env-dependent auth and fail-open patterns
|
|
248
|
+
const authConfigAnalysis = this.analyzeAuthConfiguration(context);
|
|
249
|
+
// Add auth config findings to concerns
|
|
250
|
+
if (authConfigAnalysis.hasHighSeverity) {
|
|
251
|
+
appropriateness.concerns.push(...authConfigAnalysis.findings
|
|
252
|
+
.filter((f) => f.severity === "HIGH")
|
|
253
|
+
.map((f) => `Auth config issue: ${f.message}`));
|
|
254
|
+
}
|
|
255
|
+
// Update status based on auth config findings
|
|
256
|
+
let finalStatus = status;
|
|
257
|
+
if (authConfigAnalysis.hasHighSeverity) {
|
|
258
|
+
finalStatus = "NEED_MORE_INFO";
|
|
259
|
+
}
|
|
260
|
+
// Generate additional recommendations from auth config findings
|
|
261
|
+
const authConfigRecommendations = authConfigAnalysis.findings.map((f) => f.recommendation ||
|
|
262
|
+
`Review ${f.type}: ${f.message} (${f.file || "unknown file"})`);
|
|
263
|
+
this.log(`Assessment complete: auth=${authMethod}, localDeps=${hasLocalDependencies}, tlsEnforced=${transportSecurity.tlsEnforced}, authConfigFindings=${authConfigAnalysis.totalFindings}`);
|
|
130
264
|
return {
|
|
131
265
|
authMethod,
|
|
132
266
|
hasLocalDependencies,
|
|
@@ -139,11 +273,13 @@ export class AuthenticationAssessor extends BaseAssessor {
|
|
|
139
273
|
apiKeyIndicators,
|
|
140
274
|
},
|
|
141
275
|
transportSecurity,
|
|
142
|
-
|
|
276
|
+
authConfigAnalysis,
|
|
277
|
+
status: finalStatus,
|
|
143
278
|
explanation,
|
|
144
279
|
recommendations: [
|
|
145
280
|
...recommendations,
|
|
146
281
|
...transportSecurity.recommendations,
|
|
282
|
+
...authConfigRecommendations,
|
|
147
283
|
],
|
|
148
284
|
};
|
|
149
285
|
}
|
|
@@ -363,4 +499,225 @@ export class AuthenticationAssessor extends BaseAssessor {
|
|
|
363
499
|
}
|
|
364
500
|
return recommendations;
|
|
365
501
|
}
|
|
502
|
+
// ============================================================================
|
|
503
|
+
// Issue #62: Authentication Configuration Analysis
|
|
504
|
+
// Detects env-dependent auth, fail-open patterns, and dev mode warnings
|
|
505
|
+
// ============================================================================
|
|
506
|
+
/**
|
|
507
|
+
* Analyze source code for authentication configuration issues (Issue #62)
|
|
508
|
+
*
|
|
509
|
+
* Detects:
|
|
510
|
+
* - Environment-dependent auth (process.env.SECRET, process.env.AUTH_KEY, etc.)
|
|
511
|
+
* - Fail-open patterns (auth bypassed when env var missing with || or ?? fallback)
|
|
512
|
+
* - Development mode warnings (dev mode bypasses that weaken security)
|
|
513
|
+
* - Hardcoded secrets (credentials that should be in env vars)
|
|
514
|
+
*/
|
|
515
|
+
analyzeAuthConfiguration(context) {
|
|
516
|
+
const findings = [];
|
|
517
|
+
const envVarsDetected = [];
|
|
518
|
+
if (!context.sourceCodeFiles) {
|
|
519
|
+
return {
|
|
520
|
+
totalFindings: 0,
|
|
521
|
+
envDependentAuthCount: 0,
|
|
522
|
+
failOpenPatternCount: 0,
|
|
523
|
+
devModeWarningCount: 0,
|
|
524
|
+
hardcodedSecretCount: 0,
|
|
525
|
+
findings: [],
|
|
526
|
+
hasHighSeverity: false,
|
|
527
|
+
envVarsDetected: [],
|
|
528
|
+
};
|
|
529
|
+
}
|
|
530
|
+
// Issue #65: Apply file limit to prevent performance issues on large codebases
|
|
531
|
+
let sourceFiles = Array.from(context.sourceCodeFiles);
|
|
532
|
+
if (sourceFiles.length > MAX_FILES) {
|
|
533
|
+
this.log(`Rate limiting: Analyzing ${MAX_FILES} of ${sourceFiles.length} files`);
|
|
534
|
+
sourceFiles = sourceFiles.slice(0, MAX_FILES);
|
|
535
|
+
}
|
|
536
|
+
for (const [filePath, content] of sourceFiles) {
|
|
537
|
+
// Warning 4 fix: Add error handling for malformed files
|
|
538
|
+
try {
|
|
539
|
+
this.testCount++;
|
|
540
|
+
const lines = content.split("\n");
|
|
541
|
+
// 1. Detect env vars used for auth
|
|
542
|
+
for (const pattern of AUTH_ENV_VAR_PATTERNS) {
|
|
543
|
+
const matches = content.match(pattern);
|
|
544
|
+
if (matches) {
|
|
545
|
+
// Extract the env var name from capture group or full match
|
|
546
|
+
for (const match of matches) {
|
|
547
|
+
const envVarMatch = match.match(/(?:process\.env\.|os\.environ\.get\(['"]|os\.getenv\(['"])([A-Z_]+)/i);
|
|
548
|
+
if (envVarMatch && !envVarsDetected.includes(envVarMatch[1])) {
|
|
549
|
+
envVarsDetected.push(envVarMatch[1]);
|
|
550
|
+
}
|
|
551
|
+
}
|
|
552
|
+
}
|
|
553
|
+
}
|
|
554
|
+
// Helper to check if we've hit the findings cap for a type (Issue #65)
|
|
555
|
+
const countByType = (type) => findings.filter((f) => f.type === type).length;
|
|
556
|
+
// Helper to get context lines (Issue #66)
|
|
557
|
+
const getContext = (lineIndex) => {
|
|
558
|
+
const before = lineIndex > 0 ? lines[lineIndex - 1]?.trim() : undefined;
|
|
559
|
+
const after = lineIndex < lines.length - 1
|
|
560
|
+
? lines[lineIndex + 1]?.trim()
|
|
561
|
+
: undefined;
|
|
562
|
+
return before || after ? { before, after } : undefined;
|
|
563
|
+
};
|
|
564
|
+
// 2. Detect fail-open patterns (auth with fallback values)
|
|
565
|
+
for (const { pattern, name } of FAIL_OPEN_PATTERNS) {
|
|
566
|
+
// Issue #65: Skip if we've hit the cap for this type
|
|
567
|
+
if (countByType("FAIL_OPEN_PATTERN") >= MAX_FINDINGS)
|
|
568
|
+
break;
|
|
569
|
+
// Reset lastIndex for global patterns
|
|
570
|
+
pattern.lastIndex = 0;
|
|
571
|
+
let match;
|
|
572
|
+
while ((match = pattern.exec(content)) !== null) {
|
|
573
|
+
// Issue #65: Check cap before adding
|
|
574
|
+
if (countByType("FAIL_OPEN_PATTERN") >= MAX_FINDINGS)
|
|
575
|
+
break;
|
|
576
|
+
// Find line number
|
|
577
|
+
const beforeMatch = content.substring(0, match.index);
|
|
578
|
+
const lineNumber = beforeMatch.split("\n").length;
|
|
579
|
+
const lineContent = lines[lineNumber - 1]?.trim() || match[0];
|
|
580
|
+
findings.push({
|
|
581
|
+
type: "FAIL_OPEN_PATTERN",
|
|
582
|
+
severity: "MEDIUM",
|
|
583
|
+
message: `Authentication may be bypassed when environment variable is not set (${name} pattern)`,
|
|
584
|
+
evidence: lineContent,
|
|
585
|
+
file: filePath,
|
|
586
|
+
lineNumber,
|
|
587
|
+
recommendation: `Ensure authentication fails securely when credentials are missing. Do not use fallback values for auth secrets.`,
|
|
588
|
+
context: getContext(lineNumber - 1), // Issue #66: Add context
|
|
589
|
+
});
|
|
590
|
+
}
|
|
591
|
+
}
|
|
592
|
+
// 3. Detect dev mode patterns that weaken security
|
|
593
|
+
for (const { pattern, severity } of DEV_MODE_PATTERNS) {
|
|
594
|
+
// Issue #65: Skip if we've hit the cap for this type
|
|
595
|
+
if (countByType("DEV_MODE_WARNING") >= MAX_FINDINGS)
|
|
596
|
+
break;
|
|
597
|
+
if (pattern.test(content)) {
|
|
598
|
+
// Find first occurrence for line number
|
|
599
|
+
const matchResult = content.match(pattern);
|
|
600
|
+
if (matchResult) {
|
|
601
|
+
const matchIndex = content.indexOf(matchResult[0]);
|
|
602
|
+
const beforeMatch = content.substring(0, matchIndex);
|
|
603
|
+
const lineNumber = beforeMatch.split("\n").length;
|
|
604
|
+
const lineContent = lines[lineNumber - 1]?.trim() || matchResult[0];
|
|
605
|
+
findings.push({
|
|
606
|
+
type: "DEV_MODE_WARNING",
|
|
607
|
+
severity,
|
|
608
|
+
message: `Development mode pattern detected that may weaken authentication`,
|
|
609
|
+
evidence: lineContent,
|
|
610
|
+
file: filePath,
|
|
611
|
+
lineNumber,
|
|
612
|
+
recommendation: severity === "HIGH"
|
|
613
|
+
? `Remove auth bypass logic. Authentication should never be disabled based on environment.`
|
|
614
|
+
: `Ensure development mode does not weaken security controls in production.`,
|
|
615
|
+
context: getContext(lineNumber - 1), // Issue #66: Add context
|
|
616
|
+
});
|
|
617
|
+
}
|
|
618
|
+
}
|
|
619
|
+
}
|
|
620
|
+
// 4. Detect hardcoded secrets
|
|
621
|
+
for (const { pattern, name } of HARDCODED_SECRET_PATTERNS) {
|
|
622
|
+
// Issue #65: Skip if we've hit the cap for this type
|
|
623
|
+
if (countByType("HARDCODED_SECRET") >= MAX_FINDINGS)
|
|
624
|
+
break;
|
|
625
|
+
if (pattern.test(content)) {
|
|
626
|
+
const matchResult = content.match(pattern);
|
|
627
|
+
if (matchResult) {
|
|
628
|
+
const matchIndex = content.indexOf(matchResult[0]);
|
|
629
|
+
const beforeMatch = content.substring(0, matchIndex);
|
|
630
|
+
const lineNumber = beforeMatch.split("\n").length;
|
|
631
|
+
// Redact the actual secret in evidence
|
|
632
|
+
const lineContent = lines[lineNumber - 1]
|
|
633
|
+
?.trim()
|
|
634
|
+
.replace(/['"][^'"]{8,}['"]/, '"[REDACTED]"') ||
|
|
635
|
+
"[secret value]";
|
|
636
|
+
findings.push({
|
|
637
|
+
type: "HARDCODED_SECRET",
|
|
638
|
+
severity: "HIGH",
|
|
639
|
+
message: `Hardcoded ${name} detected - should use environment variable`,
|
|
640
|
+
evidence: lineContent,
|
|
641
|
+
file: filePath,
|
|
642
|
+
lineNumber,
|
|
643
|
+
recommendation: `Move ${name} to environment variable. Never commit secrets to source control.`,
|
|
644
|
+
context: getContext(lineNumber - 1), // Issue #66: Add context
|
|
645
|
+
});
|
|
646
|
+
}
|
|
647
|
+
}
|
|
648
|
+
}
|
|
649
|
+
// 5. Detect env-dependent auth patterns (env var usage with auth context)
|
|
650
|
+
// Only flag if there's auth context around env var usage
|
|
651
|
+
for (const [index, line] of lines.entries()) {
|
|
652
|
+
// Issue #65: Skip if we've hit the cap for this type
|
|
653
|
+
if (countByType("ENV_DEPENDENT_AUTH") >= MAX_FINDINGS)
|
|
654
|
+
break;
|
|
655
|
+
// Check for env var with auth context in surrounding lines
|
|
656
|
+
const surroundingContext = lines
|
|
657
|
+
.slice(Math.max(0, index - 2), index + 3)
|
|
658
|
+
.join("\n");
|
|
659
|
+
for (const pattern of AUTH_ENV_VAR_PATTERNS) {
|
|
660
|
+
if (pattern.test(line) &&
|
|
661
|
+
/\b(auth|secret|key|token|password|credential)\b/i.test(surroundingContext)) {
|
|
662
|
+
const matchResult = line.match(pattern);
|
|
663
|
+
if (matchResult) {
|
|
664
|
+
// Check if we already have a finding for this line (avoid duplicates)
|
|
665
|
+
const existingFinding = findings.find((f) => f.file === filePath &&
|
|
666
|
+
f.lineNumber === index + 1 &&
|
|
667
|
+
f.type === "ENV_DEPENDENT_AUTH");
|
|
668
|
+
if (!existingFinding) {
|
|
669
|
+
findings.push({
|
|
670
|
+
type: "ENV_DEPENDENT_AUTH",
|
|
671
|
+
severity: "LOW",
|
|
672
|
+
message: `Authentication depends on environment variable that may not be set`,
|
|
673
|
+
evidence: line.trim(),
|
|
674
|
+
file: filePath,
|
|
675
|
+
lineNumber: index + 1,
|
|
676
|
+
recommendation: `Document required environment variables and validate they are set at startup.`,
|
|
677
|
+
context: getContext(index), // Issue #66: Add context
|
|
678
|
+
});
|
|
679
|
+
}
|
|
680
|
+
}
|
|
681
|
+
}
|
|
682
|
+
}
|
|
683
|
+
}
|
|
684
|
+
}
|
|
685
|
+
catch (error) {
|
|
686
|
+
// Warning 4 fix: Handle malformed files gracefully
|
|
687
|
+
this.log(`Error analyzing ${filePath}: ${error}`);
|
|
688
|
+
continue;
|
|
689
|
+
}
|
|
690
|
+
}
|
|
691
|
+
// Deduplicate findings by file+line+type
|
|
692
|
+
const uniqueFindings = this.deduplicateFindings(findings);
|
|
693
|
+
// Count by type
|
|
694
|
+
const envDependentAuthCount = uniqueFindings.filter((f) => f.type === "ENV_DEPENDENT_AUTH").length;
|
|
695
|
+
const failOpenPatternCount = uniqueFindings.filter((f) => f.type === "FAIL_OPEN_PATTERN").length;
|
|
696
|
+
const devModeWarningCount = uniqueFindings.filter((f) => f.type === "DEV_MODE_WARNING").length;
|
|
697
|
+
const hardcodedSecretCount = uniqueFindings.filter((f) => f.type === "HARDCODED_SECRET").length;
|
|
698
|
+
const hasHighSeverity = uniqueFindings.some((f) => f.severity === "HIGH");
|
|
699
|
+
return {
|
|
700
|
+
totalFindings: uniqueFindings.length,
|
|
701
|
+
envDependentAuthCount,
|
|
702
|
+
failOpenPatternCount,
|
|
703
|
+
devModeWarningCount,
|
|
704
|
+
hardcodedSecretCount,
|
|
705
|
+
findings: uniqueFindings,
|
|
706
|
+
hasHighSeverity,
|
|
707
|
+
envVarsDetected,
|
|
708
|
+
};
|
|
709
|
+
}
|
|
710
|
+
/**
|
|
711
|
+
* Deduplicate findings by file, line, and type
|
|
712
|
+
*/
|
|
713
|
+
deduplicateFindings(findings) {
|
|
714
|
+
const seen = new Set();
|
|
715
|
+
return findings.filter((f) => {
|
|
716
|
+
const key = `${f.file || ""}:${f.lineNumber || 0}:${f.type}`;
|
|
717
|
+
if (seen.has(key))
|
|
718
|
+
return false;
|
|
719
|
+
seen.add(key);
|
|
720
|
+
return true;
|
|
721
|
+
});
|
|
722
|
+
}
|
|
366
723
|
}
|
|
@@ -27,6 +27,11 @@ export declare class ProhibitedLibrariesAssessor extends BaseAssessor {
|
|
|
27
27
|
private deduplicateMatches;
|
|
28
28
|
/**
|
|
29
29
|
* Calculate overall status from matches
|
|
30
|
+
*
|
|
31
|
+
* Issue #63: Status now considers dependency usage:
|
|
32
|
+
* - ACTIVE dependencies are actively imported (high risk)
|
|
33
|
+
* - UNUSED dependencies are listed but not imported (lower risk, recommend removal)
|
|
34
|
+
* - UNKNOWN usage falls back to previous behavior
|
|
30
35
|
*/
|
|
31
36
|
private calculateStatusFromMatches;
|
|
32
37
|
/**
|
|
@@ -35,6 +40,8 @@ export declare class ProhibitedLibrariesAssessor extends BaseAssessor {
|
|
|
35
40
|
private generateExplanation;
|
|
36
41
|
/**
|
|
37
42
|
* Generate recommendations
|
|
43
|
+
*
|
|
44
|
+
* Issue #63: Recommendations now distinguish between ACTIVE and UNUSED dependencies
|
|
38
45
|
*/
|
|
39
46
|
private generateRecommendations;
|
|
40
47
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ProhibitedLibrariesAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/ProhibitedLibrariesAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EACV,6BAA6B,EAG9B,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"ProhibitedLibrariesAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/ProhibitedLibrariesAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EACV,6BAA6B,EAG9B,MAAM,uBAAuB,CAAC;AAS/B,qBAAa,2BAA4B,SAAQ,YAAY;IAC3D;;OAEG;IACG,MAAM,CACV,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,6BAA6B,CAAC;IAiKzC;;OAEG;IACH,OAAO,CAAC,YAAY;IA0BpB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAqB1B;;;;;;;OAOG;IACH,OAAO,CAAC,0BAA0B;IAiClC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAoD3B;;;;OAIG;IACH,OAAO,CAAC,uBAAuB;CA2EhC"}
|
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
* Reference: Anthropic MCP Directory Policy #28-30
|
|
11
11
|
*/
|
|
12
12
|
import { BaseAssessor } from "./BaseAssessor.js";
|
|
13
|
-
import { checkPackageJsonDependencies, checkRequirementsTxt, checkSourceImports, } from "../../../lib/prohibitedLibraries.js";
|
|
13
|
+
import { checkPackageJsonDependencies, checkRequirementsTxt, checkSourceImports, checkDependencyUsage, } from "../../../lib/prohibitedLibraries.js";
|
|
14
14
|
export class ProhibitedLibrariesAssessor extends BaseAssessor {
|
|
15
15
|
/**
|
|
16
16
|
* Run prohibited libraries assessment
|
|
@@ -30,6 +30,17 @@ export class ProhibitedLibrariesAssessor extends BaseAssessor {
|
|
|
30
30
|
const packageJson = context.packageJson;
|
|
31
31
|
const depMatches = checkPackageJsonDependencies(packageJson);
|
|
32
32
|
for (const match of depMatches) {
|
|
33
|
+
// Issue #63: Check if dependency is actually used in source code
|
|
34
|
+
let usageStatus = "UNKNOWN";
|
|
35
|
+
let importCount = 0;
|
|
36
|
+
let importFiles = [];
|
|
37
|
+
if (context.sourceCodeFiles &&
|
|
38
|
+
context.config.enableSourceCodeAnalysis) {
|
|
39
|
+
const usage = checkDependencyUsage(match.library.name, context.sourceCodeFiles);
|
|
40
|
+
usageStatus = usage.status;
|
|
41
|
+
importCount = usage.importCount;
|
|
42
|
+
importFiles = usage.files;
|
|
43
|
+
}
|
|
33
44
|
matches.push({
|
|
34
45
|
name: match.library.name,
|
|
35
46
|
category: match.library.category,
|
|
@@ -37,6 +48,9 @@ export class ProhibitedLibrariesAssessor extends BaseAssessor {
|
|
|
37
48
|
severity: match.library.severity,
|
|
38
49
|
reason: match.library.reason,
|
|
39
50
|
policyReference: match.library.policyReference,
|
|
51
|
+
usageStatus,
|
|
52
|
+
importCount,
|
|
53
|
+
importFiles,
|
|
40
54
|
});
|
|
41
55
|
if (match.library.category === "financial" ||
|
|
42
56
|
match.library.category === "payments" ||
|
|
@@ -169,19 +183,30 @@ export class ProhibitedLibrariesAssessor extends BaseAssessor {
|
|
|
169
183
|
}
|
|
170
184
|
/**
|
|
171
185
|
* Calculate overall status from matches
|
|
186
|
+
*
|
|
187
|
+
* Issue #63: Status now considers dependency usage:
|
|
188
|
+
* - ACTIVE dependencies are actively imported (high risk)
|
|
189
|
+
* - UNUSED dependencies are listed but not imported (lower risk, recommend removal)
|
|
190
|
+
* - UNKNOWN usage falls back to previous behavior
|
|
172
191
|
*/
|
|
173
192
|
calculateStatusFromMatches(matches) {
|
|
174
|
-
//
|
|
175
|
-
const
|
|
176
|
-
|
|
193
|
+
// Separate matches by usage status
|
|
194
|
+
const activeMatches = matches.filter((m) => m.usageStatus !== "UNUSED");
|
|
195
|
+
const unusedMatches = matches.filter((m) => m.usageStatus === "UNUSED");
|
|
196
|
+
// Only ACTIVE BLOCKING libraries = FAIL (actually imported and dangerous)
|
|
197
|
+
const blockingActive = activeMatches.filter((m) => m.severity === "BLOCKING");
|
|
198
|
+
if (blockingActive.length > 0) {
|
|
177
199
|
return "FAIL";
|
|
178
200
|
}
|
|
179
|
-
//
|
|
180
|
-
|
|
181
|
-
|
|
201
|
+
// UNUSED BLOCKING = NEED_MORE_INFO (recommend removal, but not actively dangerous)
|
|
202
|
+
if (unusedMatches.some((m) => m.severity === "BLOCKING")) {
|
|
203
|
+
return "NEED_MORE_INFO";
|
|
204
|
+
}
|
|
205
|
+
// ACTIVE HIGH severity = NEED_MORE_INFO (requires justification)
|
|
206
|
+
if (activeMatches.some((m) => m.severity === "HIGH")) {
|
|
182
207
|
return "NEED_MORE_INFO";
|
|
183
208
|
}
|
|
184
|
-
//
|
|
209
|
+
// Any remaining matches = NEED_MORE_INFO (review recommended)
|
|
185
210
|
if (matches.length > 0) {
|
|
186
211
|
return "NEED_MORE_INFO";
|
|
187
212
|
}
|
|
@@ -220,31 +245,46 @@ export class ProhibitedLibrariesAssessor extends BaseAssessor {
|
|
|
220
245
|
}
|
|
221
246
|
/**
|
|
222
247
|
* Generate recommendations
|
|
248
|
+
*
|
|
249
|
+
* Issue #63: Recommendations now distinguish between ACTIVE and UNUSED dependencies
|
|
223
250
|
*/
|
|
224
251
|
generateRecommendations(matches) {
|
|
225
252
|
const recommendations = [];
|
|
226
|
-
//
|
|
227
|
-
const
|
|
228
|
-
const
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
253
|
+
// Issue #63: Separate active vs unused dependencies
|
|
254
|
+
const activeMatches = matches.filter((m) => m.usageStatus !== "UNUSED");
|
|
255
|
+
const unusedMatches = matches.filter((m) => m.usageStatus === "UNUSED");
|
|
256
|
+
// Group active matches by severity
|
|
257
|
+
const blockingActive = activeMatches.filter((m) => m.severity === "BLOCKING");
|
|
258
|
+
const highActive = activeMatches.filter((m) => m.severity === "HIGH");
|
|
259
|
+
const mediumActive = activeMatches.filter((m) => m.severity === "MEDIUM");
|
|
260
|
+
if (blockingActive.length > 0) {
|
|
261
|
+
recommendations.push("BLOCKING (ACTIVE) - The following libraries are imported and must be removed:");
|
|
262
|
+
for (const match of blockingActive) {
|
|
263
|
+
const files = match.importFiles && match.importFiles.length > 0
|
|
264
|
+
? ` (imported in: ${match.importFiles.slice(0, 2).join(", ")})`
|
|
265
|
+
: "";
|
|
266
|
+
recommendations.push(`- ${match.name} (${match.policyReference}): ${match.reason}${files}`);
|
|
234
267
|
}
|
|
235
268
|
}
|
|
236
|
-
if (
|
|
237
|
-
recommendations.push("HIGH - The following libraries require strong justification:");
|
|
238
|
-
for (const match of
|
|
269
|
+
if (highActive.length > 0) {
|
|
270
|
+
recommendations.push("HIGH (ACTIVE) - The following libraries are imported and require strong justification:");
|
|
271
|
+
for (const match of highActive) {
|
|
239
272
|
recommendations.push(`- ${match.name} (${match.policyReference}): ${match.reason}`);
|
|
240
273
|
}
|
|
241
274
|
}
|
|
242
|
-
if (
|
|
243
|
-
recommendations.push("MEDIUM - Review the following libraries
|
|
244
|
-
for (const match of
|
|
275
|
+
if (mediumActive.length > 0) {
|
|
276
|
+
recommendations.push("MEDIUM (ACTIVE) - Review the following imported libraries:");
|
|
277
|
+
for (const match of mediumActive.slice(0, 3)) {
|
|
245
278
|
recommendations.push(`- ${match.name} (${match.policyReference}): ${match.reason}`);
|
|
246
279
|
}
|
|
247
280
|
}
|
|
281
|
+
// Issue #63: Add recommendations for unused dependencies
|
|
282
|
+
if (unusedMatches.length > 0) {
|
|
283
|
+
recommendations.push("UNUSED - The following libraries are listed but not imported (consider removing):");
|
|
284
|
+
for (const match of unusedMatches) {
|
|
285
|
+
recommendations.push(`- npm uninstall ${match.name} (${match.policyReference}): Listed in package.json but not imported`);
|
|
286
|
+
}
|
|
287
|
+
}
|
|
248
288
|
if (matches.length === 0) {
|
|
249
289
|
recommendations.push("No prohibited libraries detected. Server is compliant with library restrictions.");
|
|
250
290
|
}
|
|
@@ -29,6 +29,21 @@ export declare class TemporalAssessor extends BaseAssessor {
|
|
|
29
29
|
* "add_observations" matches "add" but "address_validator" does not.
|
|
30
30
|
*/
|
|
31
31
|
private readonly STATEFUL_TOOL_PATTERNS;
|
|
32
|
+
/**
|
|
33
|
+
* Issue #69: Patterns for resource-creating operations that legitimately return
|
|
34
|
+
* different IDs/resources each invocation.
|
|
35
|
+
*
|
|
36
|
+
* These tools CREATE new resources, so they should use schema comparison + variance
|
|
37
|
+
* classification rather than exact comparison. Unlike STATEFUL_TOOL_PATTERNS, these
|
|
38
|
+
* may overlap with DESTRUCTIVE_PATTERNS (e.g., "create", "insert") but should still
|
|
39
|
+
* use intelligent variance classification to avoid false positives.
|
|
40
|
+
*
|
|
41
|
+
* Examples:
|
|
42
|
+
* - create_billing_product → new product_id each time (LEGITIMATE variance)
|
|
43
|
+
* - generate_report → new report_id each time (LEGITIMATE variance)
|
|
44
|
+
* - insert_record → new record_id each time (LEGITIMATE variance)
|
|
45
|
+
*/
|
|
46
|
+
private readonly RESOURCE_CREATING_PATTERNS;
|
|
32
47
|
constructor(config: AssessmentConfiguration);
|
|
33
48
|
assess(context: AssessmentContext): Promise<TemporalAssessment>;
|
|
34
49
|
private assessTool;
|
|
@@ -63,6 +78,35 @@ export declare class TemporalAssessor extends BaseAssessor {
|
|
|
63
78
|
* - "address_validator" does NOT match "add" ✓
|
|
64
79
|
*/
|
|
65
80
|
private isStatefulTool;
|
|
81
|
+
/**
|
|
82
|
+
* Issue #69: Check if a tool creates new resources that legitimately vary per invocation.
|
|
83
|
+
* Resource-creating tools return different IDs, creation timestamps, etc.
|
|
84
|
+
* for each new resource - this is expected behavior, NOT a rug pull.
|
|
85
|
+
*
|
|
86
|
+
* Unlike isStatefulTool(), this DOES include patterns that overlap with DESTRUCTIVE_PATTERNS
|
|
87
|
+
* because resource-creating tools need intelligent variance classification, not exact comparison.
|
|
88
|
+
*
|
|
89
|
+
* Uses word-boundary matching like isStatefulTool() to prevent false matches.
|
|
90
|
+
* - "create_billing_product" matches "create" ✓
|
|
91
|
+
* - "recreate_view" does NOT match "create" ✓ (must be at word boundary)
|
|
92
|
+
*/
|
|
93
|
+
private isResourceCreatingTool;
|
|
94
|
+
/**
|
|
95
|
+
* Issue #69: Classify variance between two responses to reduce false positives.
|
|
96
|
+
* Returns LEGITIMATE for expected variance (IDs, timestamps), SUSPICIOUS for
|
|
97
|
+
* schema changes, and BEHAVIORAL for semantic changes (promotional keywords, errors).
|
|
98
|
+
*/
|
|
99
|
+
private classifyVariance;
|
|
100
|
+
/**
|
|
101
|
+
* Issue #69: Check if a field name represents legitimate variance.
|
|
102
|
+
* Fields containing IDs, timestamps, tokens, etc. are expected to vary.
|
|
103
|
+
*/
|
|
104
|
+
private isLegitimateFieldVariance;
|
|
105
|
+
/**
|
|
106
|
+
* Issue #69: Find which fields differ between two responses.
|
|
107
|
+
* Returns field paths that have different values.
|
|
108
|
+
*/
|
|
109
|
+
private findVariedFields;
|
|
66
110
|
/**
|
|
67
111
|
* Compare response schemas (field names) rather than full content.
|
|
68
112
|
* Stateful tools may have different values but should have consistent fields.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"TemporalAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/TemporalAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,uBAAuB,EAEvB,kBAAkB,
|
|
1
|
+
{"version":3,"file":"TemporalAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/TemporalAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,uBAAuB,EAEvB,kBAAkB,EAGnB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AA+B9C,qBAAa,gBAAiB,SAAQ,YAAY;IAChD,OAAO,CAAC,kBAAkB,CAAS;IAGnC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAoBnC;IAGF,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAU;IAEjD;;;;;;;;;;;;;;OAcG;IACH,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAqBrC;IAEF;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAYzC;gBAEU,MAAM,EAAE,uBAAuB;IAKrC,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;YAqEvD,UAAU;IAuHxB;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAkChC,OAAO,CAAC,gBAAgB;IAsJxB;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAsC3B;;;;OAIG;IACH,OAAO,CAAC,iBAAiB;IAiFzB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAKzB;;;;;;;;OAQG;IACH,OAAO,CAAC,cAAc;IAetB;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,sBAAsB;IAQ9B;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;IAmExB;;;OAGG;IACH,OAAO,CAAC,yBAAyB;IAgEjC;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IA2DxB;;;;;;OAMG;IACH,OAAO,CAAC,cAAc;IAuBtB;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IAiCzB;;;;;;;;OAQG;IACH,OAAO,CAAC,2BAA2B;IAmDnC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAM1B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAcxB;;;;;OAKG;IACH,OAAO,CAAC,sBAAsB;IAU9B;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IAgB1B,OAAO,CAAC,uBAAuB;IAa/B,OAAO,CAAC,mBAAmB;IA+C3B,OAAO,CAAC,uBAAuB;CA+DhC"}
|
|
@@ -72,6 +72,33 @@ export class TemporalAssessor extends BaseAssessor {
|
|
|
72
72
|
"push",
|
|
73
73
|
"enqueue",
|
|
74
74
|
];
|
|
75
|
+
/**
|
|
76
|
+
* Issue #69: Patterns for resource-creating operations that legitimately return
|
|
77
|
+
* different IDs/resources each invocation.
|
|
78
|
+
*
|
|
79
|
+
* These tools CREATE new resources, so they should use schema comparison + variance
|
|
80
|
+
* classification rather than exact comparison. Unlike STATEFUL_TOOL_PATTERNS, these
|
|
81
|
+
* may overlap with DESTRUCTIVE_PATTERNS (e.g., "create", "insert") but should still
|
|
82
|
+
* use intelligent variance classification to avoid false positives.
|
|
83
|
+
*
|
|
84
|
+
* Examples:
|
|
85
|
+
* - create_billing_product → new product_id each time (LEGITIMATE variance)
|
|
86
|
+
* - generate_report → new report_id each time (LEGITIMATE variance)
|
|
87
|
+
* - insert_record → new record_id each time (LEGITIMATE variance)
|
|
88
|
+
*/
|
|
89
|
+
RESOURCE_CREATING_PATTERNS = [
|
|
90
|
+
"create",
|
|
91
|
+
"new",
|
|
92
|
+
"insert",
|
|
93
|
+
"generate",
|
|
94
|
+
"register",
|
|
95
|
+
"allocate",
|
|
96
|
+
"provision",
|
|
97
|
+
"spawn",
|
|
98
|
+
"instantiate",
|
|
99
|
+
"init",
|
|
100
|
+
"make",
|
|
101
|
+
];
|
|
75
102
|
constructor(config) {
|
|
76
103
|
super(config);
|
|
77
104
|
this.invocationsPerTool = config.temporalInvocations ?? 25;
|
|
@@ -260,39 +287,61 @@ export class TemporalAssessor extends BaseAssessor {
|
|
|
260
287
|
const baseline = this.normalizeResponse(responses[0].response);
|
|
261
288
|
const deviations = [];
|
|
262
289
|
const errors = [];
|
|
263
|
-
//
|
|
264
|
-
|
|
290
|
+
// Issue #69: Track variance details for transparency
|
|
291
|
+
const varianceDetails = [];
|
|
292
|
+
// Determine comparison strategy
|
|
293
|
+
// 1. Stateful tools (search, list, etc.) - use schema comparison
|
|
294
|
+
// 2. Resource-creating tools (create, insert, etc.) - use variance classification
|
|
295
|
+
// 3. All other tools - use exact comparison
|
|
265
296
|
const isStateful = this.isStatefulTool(tool);
|
|
297
|
+
const isResourceCreating = this.isResourceCreatingTool(tool);
|
|
266
298
|
if (isStateful) {
|
|
267
299
|
this.log(`${tool.name} classified as stateful - using schema comparison`);
|
|
268
300
|
}
|
|
301
|
+
else if (isResourceCreating) {
|
|
302
|
+
this.log(`${tool.name} classified as resource-creating - using variance classification`);
|
|
303
|
+
}
|
|
269
304
|
for (let i = 1; i < responses.length; i++) {
|
|
270
305
|
if (responses[i].error) {
|
|
271
306
|
errors.push(i + 1); // Track errors as potential indicators
|
|
272
307
|
deviations.push(i + 1);
|
|
273
308
|
}
|
|
274
|
-
else {
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
if (
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
isDifferent = true;
|
|
286
|
-
this.log(`${tool.name}: Content semantic change detected at invocation ${i + 1} - ${contentChange.reason}`);
|
|
287
|
-
}
|
|
309
|
+
else if (isStateful) {
|
|
310
|
+
// Original stateful tool logic: schema comparison + behavioral content check
|
|
311
|
+
// Content variance is allowed as long as schema is consistent
|
|
312
|
+
let isDifferent = !this.compareSchemas(responses[0].response, responses[i].response);
|
|
313
|
+
// Secondary detection: Check for content semantic changes (rug pull patterns)
|
|
314
|
+
// This catches cases where schema is same but content shifts from helpful to harmful
|
|
315
|
+
if (!isDifferent) {
|
|
316
|
+
const contentChange = this.detectStatefulContentChange(responses[0].response, responses[i].response);
|
|
317
|
+
if (contentChange.detected) {
|
|
318
|
+
isDifferent = true;
|
|
319
|
+
this.log(`${tool.name}: Content semantic change detected at invocation ${i + 1} - ${contentChange.reason}`);
|
|
288
320
|
}
|
|
289
321
|
}
|
|
290
|
-
else {
|
|
291
|
-
// Exact comparison for non-stateful tools
|
|
292
|
-
const normalized = this.normalizeResponse(responses[i].response);
|
|
293
|
-
isDifferent = normalized !== baseline;
|
|
294
|
-
}
|
|
295
322
|
if (isDifferent) {
|
|
323
|
+
deviations.push(i + 1);
|
|
324
|
+
}
|
|
325
|
+
}
|
|
326
|
+
else if (isResourceCreating) {
|
|
327
|
+
// Issue #69: Use variance classification for resource-creating tools
|
|
328
|
+
// These need intelligent classification to distinguish ID variance from rug pulls
|
|
329
|
+
const classification = this.classifyVariance(tool, responses[0].response, responses[i].response);
|
|
330
|
+
varianceDetails.push({
|
|
331
|
+
invocation: i + 1,
|
|
332
|
+
classification,
|
|
333
|
+
});
|
|
334
|
+
// Only flag SUSPICIOUS and BEHAVIORAL as deviations
|
|
335
|
+
// LEGITIMATE variance is expected for resource-creating tools
|
|
336
|
+
if (classification.type !== "LEGITIMATE") {
|
|
337
|
+
deviations.push(i + 1);
|
|
338
|
+
this.log(`${tool.name}: ${classification.type} variance at invocation ${i + 1} - ${classification.reasons.join(", ")}`);
|
|
339
|
+
}
|
|
340
|
+
}
|
|
341
|
+
else {
|
|
342
|
+
// Exact comparison for non-stateful, non-resource-creating tools
|
|
343
|
+
const normalized = this.normalizeResponse(responses[i].response);
|
|
344
|
+
if (normalized !== baseline) {
|
|
296
345
|
deviations.push(i + 1); // 1-indexed
|
|
297
346
|
}
|
|
298
347
|
}
|
|
@@ -302,6 +351,21 @@ export class TemporalAssessor extends BaseAssessor {
|
|
|
302
351
|
// - deviationCount = total behavior changes (including errors)
|
|
303
352
|
// - errorCount = how many of those were errors specifically
|
|
304
353
|
const isVulnerable = deviations.length > 0;
|
|
354
|
+
// Generate appropriate note based on tool type and result
|
|
355
|
+
let note;
|
|
356
|
+
if (isStateful) {
|
|
357
|
+
// Preserve original stateful tool messages for backward compatibility
|
|
358
|
+
note = isVulnerable
|
|
359
|
+
? "Stateful tool - secondary content analysis detected rug pull"
|
|
360
|
+
: "Stateful tool - content variation expected, schema consistent";
|
|
361
|
+
}
|
|
362
|
+
else if (isResourceCreating) {
|
|
363
|
+
note = isVulnerable
|
|
364
|
+
? "Resource-creating tool - variance classification detected suspicious/behavioral change"
|
|
365
|
+
: "Resource-creating tool - ID/timestamp variance expected, no suspicious patterns";
|
|
366
|
+
}
|
|
367
|
+
// Issue #69: Get the first suspicious/behavioral classification for evidence
|
|
368
|
+
const firstSuspiciousClassification = varianceDetails.find((v) => v.classification.type !== "LEGITIMATE");
|
|
305
369
|
return {
|
|
306
370
|
tool: tool.name,
|
|
307
371
|
vulnerable: isVulnerable,
|
|
@@ -317,12 +381,10 @@ export class TemporalAssessor extends BaseAssessor {
|
|
|
317
381
|
maliciousResponseExample: responses[deviations[0] - 1]?.response ?? null,
|
|
318
382
|
}
|
|
319
383
|
: undefined,
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
: "Stateful tool - content variation expected, schema consistent"
|
|
325
|
-
: undefined,
|
|
384
|
+
note,
|
|
385
|
+
// Issue #69: Include variance classification for transparency
|
|
386
|
+
varianceClassification: firstSuspiciousClassification?.classification,
|
|
387
|
+
varianceDetails: varianceDetails.length > 0 ? varianceDetails : undefined,
|
|
326
388
|
};
|
|
327
389
|
}
|
|
328
390
|
/**
|
|
@@ -451,6 +513,184 @@ export class TemporalAssessor extends BaseAssessor {
|
|
|
451
513
|
return wordBoundaryRegex.test(toolName);
|
|
452
514
|
});
|
|
453
515
|
}
|
|
516
|
+
/**
|
|
517
|
+
* Issue #69: Check if a tool creates new resources that legitimately vary per invocation.
|
|
518
|
+
* Resource-creating tools return different IDs, creation timestamps, etc.
|
|
519
|
+
* for each new resource - this is expected behavior, NOT a rug pull.
|
|
520
|
+
*
|
|
521
|
+
* Unlike isStatefulTool(), this DOES include patterns that overlap with DESTRUCTIVE_PATTERNS
|
|
522
|
+
* because resource-creating tools need intelligent variance classification, not exact comparison.
|
|
523
|
+
*
|
|
524
|
+
* Uses word-boundary matching like isStatefulTool() to prevent false matches.
|
|
525
|
+
* - "create_billing_product" matches "create" ✓
|
|
526
|
+
* - "recreate_view" does NOT match "create" ✓ (must be at word boundary)
|
|
527
|
+
*/
|
|
528
|
+
isResourceCreatingTool(tool) {
|
|
529
|
+
const toolName = tool.name.toLowerCase();
|
|
530
|
+
return this.RESOURCE_CREATING_PATTERNS.some((pattern) => {
|
|
531
|
+
const wordBoundaryRegex = new RegExp(`(^|_|-)${pattern}($|_|-)`);
|
|
532
|
+
return wordBoundaryRegex.test(toolName);
|
|
533
|
+
});
|
|
534
|
+
}
|
|
535
|
+
/**
|
|
536
|
+
* Issue #69: Classify variance between two responses to reduce false positives.
|
|
537
|
+
* Returns LEGITIMATE for expected variance (IDs, timestamps), SUSPICIOUS for
|
|
538
|
+
* schema changes, and BEHAVIORAL for semantic changes (promotional keywords, errors).
|
|
539
|
+
*/
|
|
540
|
+
classifyVariance(_tool, baseline, current) {
|
|
541
|
+
// 1. Schema comparison - structural changes are SUSPICIOUS
|
|
542
|
+
const schemaMatch = this.compareSchemas(baseline, current);
|
|
543
|
+
if (!schemaMatch) {
|
|
544
|
+
return {
|
|
545
|
+
type: "SUSPICIOUS",
|
|
546
|
+
confidence: "high",
|
|
547
|
+
reasons: ["Schema/field structure changed between invocations"],
|
|
548
|
+
suspiciousPatterns: ["schema_change"],
|
|
549
|
+
};
|
|
550
|
+
}
|
|
551
|
+
// 2. Content change detection - promotional/error keywords are BEHAVIORAL
|
|
552
|
+
const contentChange = this.detectStatefulContentChange(baseline, current);
|
|
553
|
+
if (contentChange.detected) {
|
|
554
|
+
return {
|
|
555
|
+
type: "BEHAVIORAL",
|
|
556
|
+
confidence: "high",
|
|
557
|
+
reasons: [`Behavioral change detected: ${contentChange.reason}`],
|
|
558
|
+
suspiciousPatterns: [contentChange.reason || "content_change"],
|
|
559
|
+
};
|
|
560
|
+
}
|
|
561
|
+
// 3. After normalization, if responses match = LEGITIMATE
|
|
562
|
+
const normalizedBaseline = this.normalizeResponse(baseline);
|
|
563
|
+
const normalizedCurrent = this.normalizeResponse(current);
|
|
564
|
+
if (normalizedBaseline === normalizedCurrent) {
|
|
565
|
+
return {
|
|
566
|
+
type: "LEGITIMATE",
|
|
567
|
+
confidence: "high",
|
|
568
|
+
reasons: ["All differences normalized (IDs, timestamps, counters)"],
|
|
569
|
+
};
|
|
570
|
+
}
|
|
571
|
+
// 4. Check for legitimate field variance (any _id, _at, token fields)
|
|
572
|
+
const variedFields = this.findVariedFields(baseline, current);
|
|
573
|
+
const unexplainedFields = variedFields.filter((f) => !this.isLegitimateFieldVariance(f));
|
|
574
|
+
if (unexplainedFields.length === 0) {
|
|
575
|
+
return {
|
|
576
|
+
type: "LEGITIMATE",
|
|
577
|
+
confidence: "high",
|
|
578
|
+
reasons: [
|
|
579
|
+
`Variance only in legitimate fields: ${variedFields.join(", ")}`,
|
|
580
|
+
],
|
|
581
|
+
variedFields,
|
|
582
|
+
};
|
|
583
|
+
}
|
|
584
|
+
// 5. Some unexplained variance - flag as suspicious with low confidence
|
|
585
|
+
return {
|
|
586
|
+
type: "SUSPICIOUS",
|
|
587
|
+
confidence: "low",
|
|
588
|
+
reasons: [
|
|
589
|
+
`Unexplained variance in fields: ${unexplainedFields.join(", ")}`,
|
|
590
|
+
],
|
|
591
|
+
variedFields,
|
|
592
|
+
suspiciousPatterns: ["unclassified_variance"],
|
|
593
|
+
};
|
|
594
|
+
}
|
|
595
|
+
/**
|
|
596
|
+
* Issue #69: Check if a field name represents legitimate variance.
|
|
597
|
+
* Fields containing IDs, timestamps, tokens, etc. are expected to vary.
|
|
598
|
+
*/
|
|
599
|
+
isLegitimateFieldVariance(field) {
|
|
600
|
+
const fieldLower = field.toLowerCase();
|
|
601
|
+
// ID fields - any field ending in _id or containing "id" at word boundary
|
|
602
|
+
if (fieldLower.endsWith("_id") || fieldLower.endsWith("id"))
|
|
603
|
+
return true;
|
|
604
|
+
if (fieldLower.includes("_id_") || fieldLower.startsWith("id_"))
|
|
605
|
+
return true;
|
|
606
|
+
// Timestamp fields
|
|
607
|
+
if (fieldLower.endsWith("_at") || fieldLower.endsWith("at"))
|
|
608
|
+
return true;
|
|
609
|
+
if (fieldLower.includes("time") ||
|
|
610
|
+
fieldLower.includes("date") ||
|
|
611
|
+
fieldLower.includes("timestamp"))
|
|
612
|
+
return true;
|
|
613
|
+
// Token/session fields
|
|
614
|
+
if (fieldLower.includes("token") ||
|
|
615
|
+
fieldLower.includes("cursor") ||
|
|
616
|
+
fieldLower.includes("nonce"))
|
|
617
|
+
return true;
|
|
618
|
+
if (fieldLower.includes("session") || fieldLower.includes("correlation"))
|
|
619
|
+
return true;
|
|
620
|
+
// Pagination fields
|
|
621
|
+
if (fieldLower.includes("offset") ||
|
|
622
|
+
fieldLower.includes("page") ||
|
|
623
|
+
fieldLower.includes("next"))
|
|
624
|
+
return true;
|
|
625
|
+
// Counter/accumulation fields
|
|
626
|
+
if (fieldLower.includes("count") ||
|
|
627
|
+
fieldLower.includes("total") ||
|
|
628
|
+
fieldLower.includes("size"))
|
|
629
|
+
return true;
|
|
630
|
+
if (fieldLower.includes("length") || fieldLower.includes("index"))
|
|
631
|
+
return true;
|
|
632
|
+
// Array content fields (search results, items)
|
|
633
|
+
if (fieldLower.includes("results") ||
|
|
634
|
+
fieldLower.includes("items") ||
|
|
635
|
+
fieldLower.includes("data"))
|
|
636
|
+
return true;
|
|
637
|
+
// Hash/version fields
|
|
638
|
+
if (fieldLower.includes("hash") ||
|
|
639
|
+
fieldLower.includes("etag") ||
|
|
640
|
+
fieldLower.includes("version"))
|
|
641
|
+
return true;
|
|
642
|
+
return false;
|
|
643
|
+
}
|
|
644
|
+
/**
|
|
645
|
+
* Issue #69: Find which fields differ between two responses.
|
|
646
|
+
* Returns field paths that have different values.
|
|
647
|
+
*/
|
|
648
|
+
findVariedFields(obj1, obj2, prefix = "") {
|
|
649
|
+
const varied = [];
|
|
650
|
+
// Handle primitives
|
|
651
|
+
if (typeof obj1 !== "object" || obj1 === null) {
|
|
652
|
+
if (obj1 !== obj2) {
|
|
653
|
+
return [prefix || "value"];
|
|
654
|
+
}
|
|
655
|
+
return [];
|
|
656
|
+
}
|
|
657
|
+
if (typeof obj2 !== "object" || obj2 === null) {
|
|
658
|
+
return [prefix || "value"];
|
|
659
|
+
}
|
|
660
|
+
// Handle arrays - just note if length or content differs
|
|
661
|
+
if (Array.isArray(obj1) || Array.isArray(obj2)) {
|
|
662
|
+
const arr1 = Array.isArray(obj1) ? obj1 : [];
|
|
663
|
+
const arr2 = Array.isArray(obj2) ? obj2 : [];
|
|
664
|
+
if (JSON.stringify(arr1) !== JSON.stringify(arr2)) {
|
|
665
|
+
return [prefix || "array"];
|
|
666
|
+
}
|
|
667
|
+
return [];
|
|
668
|
+
}
|
|
669
|
+
// Handle objects
|
|
670
|
+
const allKeys = new Set([
|
|
671
|
+
...Object.keys(obj1),
|
|
672
|
+
...Object.keys(obj2),
|
|
673
|
+
]);
|
|
674
|
+
for (const key of allKeys) {
|
|
675
|
+
const val1 = obj1[key];
|
|
676
|
+
const val2 = obj2[key];
|
|
677
|
+
const fieldPath = prefix ? `${prefix}.${key}` : key;
|
|
678
|
+
if (JSON.stringify(val1) !== JSON.stringify(val2)) {
|
|
679
|
+
// If both are objects, recurse to find specific field
|
|
680
|
+
if (typeof val1 === "object" &&
|
|
681
|
+
val1 !== null &&
|
|
682
|
+
typeof val2 === "object" &&
|
|
683
|
+
val2 !== null) {
|
|
684
|
+
const nestedVaried = this.findVariedFields(val1, val2, fieldPath);
|
|
685
|
+
varied.push(...nestedVaried);
|
|
686
|
+
}
|
|
687
|
+
else {
|
|
688
|
+
varied.push(fieldPath);
|
|
689
|
+
}
|
|
690
|
+
}
|
|
691
|
+
}
|
|
692
|
+
return varied;
|
|
693
|
+
}
|
|
454
694
|
/**
|
|
455
695
|
* Compare response schemas (field names) rather than full content.
|
|
456
696
|
* Stateful tools may have different values but should have consistent fields.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@bryan-thompson/inspector-assessment-client",
|
|
3
|
-
"version": "1.26.
|
|
3
|
+
"version": "1.26.2",
|
|
4
4
|
"description": "Client-side application for the Enhanced MCP Inspector with assessment capabilities",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"author": "Bryan Thompson <bryan@triepod.ai>",
|