@bryan-thompson/inspector-assessment-client 1.26.5 → 1.26.7

package/lib/services/assessment/modules/securityTests/ChainExecutionTester.js

@@ -0,0 +1,257 @@
+/**
+ * Chain Execution Tester
+ * Dynamic testing for multi-tool chain exploitation vulnerabilities
+ *
+ * Issue #93, Challenge #6: Multi-tool chained exploitation attacks
+ * Tests for:
+ * 1. Arbitrary tool invocation without allowlist
+ * 2. Output injection via {{output}} template substitution
+ * 3. Recursive chain execution (DoS potential)
+ * 4. State poisoning between chain steps
+ * 5. Missing depth/size limits
+ *
+ * A/B Validation:
+ * - vulnerable-mcp (10900): Should detect all vulnerability categories
+ * - hardened-mcp (10901): 0 false positives (validation-only behavior)
+ */
+import { SecurityResponseAnalyzer, } from "./SecurityResponseAnalyzer.js";
+/**
+ * Tests for multi-tool chain exploitation vulnerabilities
+ */
+export class ChainExecutionTester {
+    verbose;
+    analyzer;
+    constructor(config = {}) {
+        this.verbose = config.verbose ?? false;
+        this.analyzer = new SecurityResponseAnalyzer();
+    }
+    /**
+     * Log message if verbose logging is enabled
+     */
+    log(message) {
+        if (this.verbose) {
+            // eslint-disable-next-line no-console
+            console.log(`[ChainExecutionTester] ${message}`);
+        }
+    }
+    /**
+     * Identify tools that might be chain executors
+     * Looks for tools with names/descriptions/parameters suggesting chain execution
+     */
+    identifyChainExecutorTools(tools) {
+        const chainNamePatterns = [
+            /chain/i,
+            /executor/i,
+            /pipeline/i,
+            /sequence/i,
+            /workflow/i,
+            /orchestrat/i,
+            /multi.*tool/i,
+            /batch/i,
+        ];
+        const chainParamPatterns = [
+            /chain/i,
+            /steps/i,
+            /sequence/i,
+            /pipeline/i,
+            /tools/i,
+            /commands/i,
+        ];
+        return tools.filter((tool) => {
+            // Check tool name
+            const nameMatches = chainNamePatterns.some((p) => p.test(tool.name));
+            // Check description
+            const descMatches = tool.description &&
+                chainNamePatterns.some((p) => p.test(tool.description || ""));
+            // Check parameter names
+            const schema = tool.inputSchema;
+            const paramNames = Object.keys(schema?.properties || {});
+            const paramMatches = paramNames.some((param) => chainParamPatterns.some((p) => p.test(param)));
+            return nameMatches || descMatches || paramMatches;
+        });
+    }
+    /**
+     * Get the parameter name for chain input from tool schema
+     */
+    getChainParamName(tool) {
+        const schema = tool.inputSchema;
+        const paramNames = Object.keys(schema?.properties || {});
+        // Look for chain-like parameter names
+        const chainParam = paramNames.find((p) => /chain|steps|sequence|pipeline/i.test(p));
+        return chainParam || "chain";
+    }
+    /**
+     * Extract text content from tool response
+     */
+    extractResponseText(response) {
+        if (!response)
+            return "";
+        // Handle content array format
+        if (response.content && Array.isArray(response.content)) {
+            return response.content
+                .map((item) => {
+                if (typeof item === "string")
+                    return item;
+                if (item && typeof item === "object" && "text" in item)
+                    return String(item.text);
+                return JSON.stringify(item);
+            })
+                .join("\n");
+        }
+        return "";
+    }
+    /**
+     * Determine the vulnerability reason from analysis result
+     */
+    determineVulnerabilityReason(analysis) {
+        if (analysis.vulnerabilityCategories.includes("OUTPUT_INJECTION")) {
+            return "output_injection_detected";
+        }
+        if (analysis.vulnerabilityCategories.includes("RECURSIVE_CHAIN")) {
+            return "recursive_execution_detected";
+        }
+        if (analysis.vulnerabilityCategories.includes("ARBITRARY_TOOL_INVOCATION")) {
+            return "arbitrary_tool_accepted";
+        }
+        if (analysis.vulnerabilityCategories.includes("STATE_POISONING")) {
+            return "state_poisoning_detected";
+        }
+        return "chain_execution_confirmed";
+    }
+    /**
+     * Test single chain payload against a tool
+     */
+    async testChainPayload(callTool, tool, chainPayload, paramName) {
+        const actualParamName = paramName || this.getChainParamName(tool);
+        try {
+            this.log(`Testing payload on ${tool.name} with param ${actualParamName}`);
+            const response = await callTool(tool.name, {
+                [actualParamName]: chainPayload,
+            });
+            const responseText = this.extractResponseText(response);
+            // Analyze response for chain exploitation
+            const analysis = this.analyzer.analyzeChainExploitation(response);
+            if (analysis.vulnerable) {
+                return {
+                    vulnerable: true,
+                    reason: this.determineVulnerabilityReason(analysis),
+                    vulnerabilityCategories: analysis.vulnerabilityCategories,
+                    evidence: {
+                        chainPayload,
+                        response: responseText.substring(0, 500),
+                        analysisResult: analysis,
+                    },
+                };
+            }
+            if (analysis.safe) {
+                return {
+                    vulnerable: false,
+                    reason: analysis.chainType === "SAFE_VALIDATION"
+                        ? "validation_only"
+                        : "chain_rejected",
+                };
+            }
+            return {
+                vulnerable: false,
+                reason: "tool_not_chain_executor",
+            };
+        }
+        catch (error) {
+            return {
+                vulnerable: false,
+                reason: "test_error",
+                error: error instanceof Error ? error.message : String(error),
+            };
+        }
+    }
+    /**
+     * Get test payloads for chain exploitation testing
+     */
+    getTestPayloads() {
+        return [
+            {
+                name: "single_step_execution",
+                payload: '[{"tool": "vulnerable_calculator", "args": {"query": "2+2"}}]',
+                description: "Test basic chain execution without allowlist",
+            },
+            {
+                name: "output_injection",
+                payload: '[{"tool": "calc", "args": {"q": "test"}}, {"tool": "exec", "args": {"cmd": "{{output}}"}}]',
+                description: "Test output injection via {{output}} template",
+            },
+            {
+                name: "recursive_chain",
+                payload: '[{"tool": "vulnerable_chain_executor", "args": {"chain": "[]"}}]',
+                description: "Test recursive/circular chain execution",
+            },
+            {
+                name: "arbitrary_tool",
+                payload: '[{"tool": "UNKNOWN_MALICIOUS_TOOL_XYZ", "args": {}}]',
+                description: "Test acceptance of arbitrary tool names",
+            },
+            {
+                name: "state_poisoning",
+                payload: '[{"tool": "vulnerable_config_modifier", "args": {"setting": "admin_mode=true"}}, {"tool": "vulnerable_admin_action", "args": {"action": "read secrets"}}]',
+                description: "Test state poisoning between chain steps",
+            },
+            {
+                name: "depth_bypass",
+                payload: JSON.stringify(Array(15)
+                    .fill(null)
+                    .map(() => ({ tool: "test", args: {} }))),
+                description: "Test depth limit bypass with 15 steps",
+            },
+        ];
+    }
+    /**
+     * Run comprehensive chain exploitation tests on a tool
+     */
+    async runChainExploitationTests(callTool, tool) {
+        const results = new Map();
+        const testPayloads = this.getTestPayloads();
+        const chainParam = this.getChainParamName(tool);
+        this.log(`Running chain exploitation tests on ${tool.name}`);
+        this.log(`Using parameter: ${chainParam}`);
+        for (const test of testPayloads) {
+            this.log(`  Test: ${test.name} - ${test.description}`);
+            const result = await this.testChainPayload(callTool, tool, test.payload, chainParam);
+            results.set(test.name, result);
+            if (this.verbose) {
+                // eslint-disable-next-line no-console
+                console.log(`    Result: ${result.vulnerable ? "VULNERABLE" : "SAFE"} (${result.reason})`);
+            }
+        }
+        return results;
+    }
+    /**
+     * Summarize chain exploitation test results
+     */
+    summarizeResults(results) {
+        let vulnerable = 0;
+        let safe = 0;
+        let errors = 0;
+        const vulnerableTests = [];
+        const categories = new Set();
+        for (const [testName, result] of results) {
+            if (result.reason === "test_error") {
+                errors++;
+            }
+            else if (result.vulnerable) {
+                vulnerable++;
+                vulnerableTests.push(testName);
+                result.vulnerabilityCategories?.forEach((c) => categories.add(c));
+            }
+            else {
+                safe++;
+            }
+        }
+        return {
+            total: results.size,
+            vulnerable,
+            safe,
+            errors,
+            vulnerableTests,
+            vulnerabilityCategories: Array.from(categories),
+        };
+    }
+}

package/lib/services/assessment/modules/securityTests/ConfidenceScorer.d.ts

@@ -0,0 +1,57 @@
+/**
+ * Confidence Scorer
+ * Calculates confidence levels for vulnerability detections
+ *
+ * Extracted from SecurityResponseAnalyzer.ts (Issue #53)
+ * Handles: confidence calculation, structured data tool detection, validation pattern checks
+ */
+import { Tool } from "@modelcontextprotocol/sdk/types.js";
+import { SecurityPayload } from "../../../../lib/securityPatterns.js";
+import type { SanitizationDetectionResult } from "./SanitizationDetector.js";
+/**
+ * Result of confidence calculation
+ */
+export interface ConfidenceResult {
+    confidence: "high" | "medium" | "low";
+    requiresManualReview: boolean;
+    manualReviewReason?: string;
+    reviewGuidance?: string;
+}
+/**
+ * Calculates confidence levels for security vulnerability detections
+ */
+export declare class ConfidenceScorer {
+    /**
+     * Calculate confidence level for a vulnerability detection
+     *
+     * Factors considered:
+     * - Sanitization detection (Issue #56)
+     * - Structured data tool context
+     * - Evidence quality
+     * - Response characteristics
+     *
+     * @param tool - The tool being tested
+     * @param isVulnerable - Whether the tool was flagged as vulnerable
+     * @param evidence - Evidence string from vulnerability detection
+     * @param responseText - The response text from the tool
+     * @param payload - The security payload used for testing
+     * @param sanitizationResult - Optional sanitization detection result (Issue #56)
+     * @returns Confidence result with manual review requirements
+     */
+    calculateConfidence(tool: Tool, isVulnerable: boolean, evidence: string, responseText: string, payload: SecurityPayload, sanitizationResult?: SanitizationDetectionResult): ConfidenceResult;
+    /**
+     * Check if tool is a structured data tool (search, lookup, retrieval)
+     *
+     * These tools are more likely to return data containing patterns
+     * that look like vulnerabilities but are actually just data.
+     */
+    isStructuredDataTool(toolName: string, toolDescription: string): boolean;
+    /**
+     * Check if evidence pattern is ambiguous (validation-like)
+     *
+     * Some patterns match both security issues AND normal validation errors.
+     * These require more careful analysis.
+     */
+    isValidationPattern(evidencePattern: RegExp): boolean;
+}
+//# sourceMappingURL=ConfidenceScorer.d.ts.map

package/lib/services/assessment/modules/securityTests/ConfidenceScorer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ConfidenceScorer.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/ConfidenceScorer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,wBAAwB,CAAC;AAE1E;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,oBAAoB,EAAE,OAAO,CAAC;IAC9B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAmCD;;GAEG;AACH,qBAAa,gBAAgB;IAC3B;;;;;;;;;;;;;;;;OAgBG;IACH,mBAAmB,CACjB,IAAI,EAAE,IAAI,EACV,YAAY,EAAE,OAAO,EACrB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,eAAe,EACxB,kBAAkB,CAAC,EAAE,2BAA2B,GAC/C,gBAAgB;IA4JnB;;;;;OAKG;IACH,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,OAAO;IAOxE;;;;;OAKG;IACH,mBAAmB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO;CAOtD"}

package/lib/services/assessment/modules/securityTests/ConfidenceScorer.js

@@ -0,0 +1,199 @@
+/**
+ * Confidence Scorer
+ * Calculates confidence levels for vulnerability detections
+ *
+ * Extracted from SecurityResponseAnalyzer.ts (Issue #53)
+ * Handles: confidence calculation, structured data tool detection, validation pattern checks
+ */
+/**
+ * Patterns for detecting structured data tools
+ */
+const STRUCTURED_DATA_TOOL_PATTERNS = [
+    /search/i,
+    /find/i,
+    /lookup/i,
+    /query/i,
+    /retrieve/i,
+    /fetch/i,
+    /get/i,
+    /list/i,
+    /resolve/i,
+    /discover/i,
+    /browse/i,
+];
+/**
+ * Ambiguous validation patterns that may cause false positives
+ */
+const VALIDATION_AMBIGUOUS_PATTERNS = [
+    "type.*error",
+    "invalid.*type",
+    "error",
+    "invalid",
+    "failed",
+    "negative.*not.*allowed",
+    "must.*be.*positive",
+    "invalid.*value",
+    "overflow",
+    "out.*of.*range",
+];
+/**
+ * Calculates confidence levels for security vulnerability detections
+ */
+export class ConfidenceScorer {
+    /**
+     * Calculate confidence level for a vulnerability detection
+     *
+     * Factors considered:
+     * - Sanitization detection (Issue #56)
+     * - Structured data tool context
+     * - Evidence quality
+     * - Response characteristics
+     *
+     * @param tool - The tool being tested
+     * @param isVulnerable - Whether the tool was flagged as vulnerable
+     * @param evidence - Evidence string from vulnerability detection
+     * @param responseText - The response text from the tool
+     * @param payload - The security payload used for testing
+     * @param sanitizationResult - Optional sanitization detection result (Issue #56)
+     * @returns Confidence result with manual review requirements
+     */
+    calculateConfidence(tool, isVulnerable, evidence, responseText, payload, sanitizationResult) {
+        // Issue #56: If sanitization is detected, reduce confidence for vulnerabilities
+        // This helps reduce false positives on well-protected servers
+        if (isVulnerable && sanitizationResult?.detected) {
+            const adjustment = sanitizationResult.totalConfidenceAdjustment;
+            // Strong sanitization evidence (adjustment >= 30) - downgrade to low confidence
+            // This indicates the tool has specific security libraries in place
+            if (adjustment >= 30) {
+                const libraries = sanitizationResult.libraries.join(", ") || "general";
+                return {
+                    confidence: "low",
+                    requiresManualReview: true,
+                    manualReviewReason: `Sanitization detected (${libraries}). ` +
+                        `Pattern match may be false positive due to security measures in place.`,
+                    reviewGuidance: `Tool uses sanitization libraries. Verify if the detected vulnerability ` +
+                        `actually bypasses the sanitization layer. Check: 1) Does the payload execute ` +
+                        `after sanitization? 2) Is the sanitization comprehensive for this attack type? ` +
+                        `3) Evidence: ${sanitizationResult.evidence.join("; ")}`,
+                };
+            }
+            // Moderate sanitization evidence (adjustment >= 15) - downgrade high to medium
+            if (adjustment >= 15) {
+                const patterns = sanitizationResult.libraries.length > 0
+                    ? sanitizationResult.libraries.join(", ")
+                    : sanitizationResult.genericPatterns.join(", ");
+                return {
+                    confidence: "medium",
+                    requiresManualReview: true,
+                    manualReviewReason: `Sanitization patterns detected (${patterns}). Verify actual vulnerability.`,
+                    reviewGuidance: `Tool mentions sanitization in description or shows sanitization in response. ` +
+                        `Verify if the detected pattern represents actual code execution or if it's ` +
+                        `safely handled. Evidence: ${sanitizationResult.evidence.join("; ")}`,
+                };
+            }
+        }
+        const toolDescription = (tool.description || "").toLowerCase();
+        const toolName = tool.name.toLowerCase();
+        const responseLower = responseText.toLowerCase();
+        const payloadLower = payload.payload.toLowerCase();
+        // HIGH CONFIDENCE: Clear cases
+        if (!isVulnerable &&
+            (evidence.includes("safely reflected") ||
+                evidence.includes("API wrapper") ||
+                evidence.includes("safe: true"))) {
+            return {
+                confidence: "high",
+                requiresManualReview: false,
+            };
+        }
+        if (isVulnerable &&
+            evidence.includes("executed") &&
+            !this.isStructuredDataTool(toolName, toolDescription)) {
+            return {
+                confidence: "high",
+                requiresManualReview: false,
+            };
+        }
+        // LOW CONFIDENCE: Ambiguous pattern matches in structured data
+        if (isVulnerable) {
+            const isDataTool = this.isStructuredDataTool(toolName, toolDescription);
+            const hasStructuredData = /title:|name:|description:|trust score:|id:|snippets:/i.test(responseText) ||
+                /^\s*-\s+/m.test(responseText) ||
+                /"[^"]+"\s*:\s*"[^"]+"/g.test(responseText);
+            const patternInInput = payload.evidence?.test(payloadLower);
+            const echosInput = responseLower.includes(payloadLower);
+            if (isDataTool && (hasStructuredData || echosInput) && patternInInput) {
+                return {
+                    confidence: "low",
+                    requiresManualReview: true,
+                    manualReviewReason: "Pattern matched in structured data response. Tool may be legitimately " +
+                        "returning data containing search terms rather than executing malicious code.",
+                    reviewGuidance: "Verify: 1) Does the tool actually execute/compute the input? " +
+                        "2) Or does it just return pre-existing data that happens to contain the pattern? " +
+                        `3) Check if '${payload.evidence}' appears in legitimate tool output vs. execution results.`,
+                };
+            }
+            if (payload.evidence &&
+                /\b\d\b/.test(payload.evidence.toString()) &&
+                /\b(score|count|trust|rating|id|version)\b/i.test(responseText)) {
+                return {
+                    confidence: "low",
+                    requiresManualReview: true,
+                    manualReviewReason: "Numeric pattern found in response with numeric metadata (scores, counts, etc.). " +
+                        "May be coincidental data rather than arithmetic execution.",
+                    reviewGuidance: "Verify: 1) Did the tool actually compute an arithmetic result? " +
+                        "2) Or does the number appear in metadata like trust scores, version numbers, or counts? " +
+                        "3) Compare pattern location in response with tool's expected output format.",
+                };
+            }
+            if (/admin|role|privilege|elevated/i.test(payload.payload) &&
+                /\b(library|search|documentation|api|wrapper)\b/i.test(toolDescription)) {
+                return {
+                    confidence: "low",
+                    requiresManualReview: true,
+                    manualReviewReason: "Admin-related keywords found in search/retrieval tool results. " +
+                        "Tool may be returning data about admin-related libraries/APIs rather than elevating privileges.",
+                    reviewGuidance: "Verify: 1) Did the tool actually change behavior or assume admin role? " +
+                        "2) Or did it return search results for admin-related content? " +
+                        "3) Test if tool behavior actually changed after this request.",
+                };
+            }
+        }
+        // MEDIUM CONFIDENCE: Execution evidence but some ambiguity
+        if (isVulnerable && evidence.includes("executed")) {
+            return {
+                confidence: "medium",
+                requiresManualReview: true,
+                manualReviewReason: "Execution indicators found but context suggests possible ambiguity.",
+                reviewGuidance: "Verify: 1) Review the full response to confirm actual code execution. " +
+                    "2) Check if tool's intended function involves execution. " +
+                    "3) Test with variations to confirm consistency.",
+            };
+        }
+        // Default: HIGH confidence for clear safe cases
+        return {
+            confidence: "high",
+            requiresManualReview: false,
+        };
+    }
+    /**
+     * Check if tool is a structured data tool (search, lookup, retrieval)
+     *
+     * These tools are more likely to return data containing patterns
+     * that look like vulnerabilities but are actually just data.
+     */
+    isStructuredDataTool(toolName, toolDescription) {
+        const combined = `${toolName} ${toolDescription}`;
+        return STRUCTURED_DATA_TOOL_PATTERNS.some((pattern) => pattern.test(combined));
+    }
+    /**
+     * Check if evidence pattern is ambiguous (validation-like)
+     *
+     * Some patterns match both security issues AND normal validation errors.
+     * These require more careful analysis.
+     */
+    isValidationPattern(evidencePattern) {
+        const patternStr = evidencePattern.toString().toLowerCase();
+        return VALIDATION_AMBIGUOUS_PATTERNS.some((ambiguous) => patternStr.includes(ambiguous));
+    }
+}

package/lib/services/assessment/modules/securityTests/CrossToolStateTester.d.ts

@@ -0,0 +1,91 @@
+/**
+ * Cross-Tool State Tester
+ * Tests for privilege escalation by calling tools in sequence
+ *
+ * Issue #92, Challenge #7: Cross-tool state-based authorization bypass
+ * Detects when one tool can modify shared state that affects another tool's authorization.
+ *
+ * Attack flow:
+ * 1. Call admin_action → should get "access denied"
+ * 2. Call config_modifier with "admin_mode=true"
+ * 3. Call admin_action again → if now succeeds, VULNERABLE
+ */
+import { CompatibilityCallToolResult, Tool } from "@modelcontextprotocol/sdk/types.js";
+import { ProgressCallback } from "../../../../lib/assessment/progressTypes.js";
+/**
+ * Function type for calling MCP tools
+ */
+export type CallToolFunction = (name: string, params: Record<string, unknown>) => Promise<CompatibilityCallToolResult>;
+/**
+ * Result of cross-tool privilege escalation test
+ */
+export interface CrossToolTestResult {
+    vulnerable: boolean;
+    reason: "privilege_escalation_confirmed" | "escalation_blocked" | "baseline_has_access" | "modifier_rejected" | "test_error";
+    evidence?: {
+        baseline: string;
+        afterModifier: string;
+        enableResult?: string;
+    };
+    error?: string;
+}
+/**
+ * Identified tool pair for cross-tool testing
+ */
+export interface ToolPair {
+    admin: Tool;
+    modifier: Tool;
+}
+/**
+ * Configuration for cross-tool state testing
+ */
+export interface CrossToolTestConfig {
+    /** Timeout for each tool call in ms (default: 5000) */
+    timeout?: number;
+    /** Enable verbose logging */
+    verbose?: boolean;
+}
+/**
+ * Tests for cross-tool privilege escalation via shared mutable state
+ */
+export declare class CrossToolStateTester {
+    private readonly verbose;
+    constructor(config?: CrossToolTestConfig);
+    /**
+     * Log message if verbose logging is enabled
+     */
+    private log;
+    /**
+     * Identify potential cross-tool pairs for testing
+     * Looks for admin_action/privileged tools and config_modifier/setting tools
+     */
+    identifyCrossToolPairs(tools: Tool[]): ToolPair[];
+    /**
+     * Test cross-tool privilege escalation
+     *
+     * Attack flow:
+     * 1. Call admin_action → expect "access denied"
+     * 2. Call config_modifier with "admin_mode=true"
+     * 3. Call admin_action again → if now succeeds, VULNERABLE
+     */
+    testPrivilegeEscalation(callTool: CallToolFunction, adminTool: Tool, modifierTool: Tool, onProgress?: ProgressCallback): Promise<CrossToolTestResult>;
+    /**
+     * Run sequence tests on all identified tool pairs
+     */
+    runAllSequenceTests(tools: Tool[], callTool: CallToolFunction, onProgress?: ProgressCallback): Promise<Map<string, CrossToolTestResult>>;
+    /**
+     * Get summary of sequence test results
+     */
+    summarizeResults(results: Map<string, CrossToolTestResult>): {
+        total: number;
+        vulnerable: number;
+        safe: number;
+        errors: number;
+        vulnerablePairs: string[];
+    };
+    /**
+     * Extract text content from MCP response
+     */
+    private extractResponseText;
+}
+//# sourceMappingURL=CrossToolStateTester.d.ts.map

package/lib/services/assessment/modules/securityTests/CrossToolStateTester.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CrossToolStateTester.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/CrossToolStateTester.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,2BAA2B,EAC3B,IAAI,EACL,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AAElE;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,CAC7B,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC5B,OAAO,CAAC,2BAA2B,CAAC,CAAC;AAE1C;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,OAAO,CAAC;IACpB,MAAM,EACF,gCAAgC,GAChC,oBAAoB,GACpB,qBAAqB,GACrB,mBAAmB,GACnB,YAAY,CAAC;IACjB,QAAQ,CAAC,EAAE;QACT,QAAQ,EAAE,MAAM,CAAC;QACjB,aAAa,EAAE,MAAM,CAAC;QACtB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE,IAAI,CAAC;IACZ,QAAQ,EAAE,IAAI,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,uDAAuD;IACvD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,6BAA6B;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;gBAEtB,MAAM,GAAE,mBAAwB;IAK5C;;OAEG;IACH,OAAO,CAAC,GAAG;IAOX;;;OAGG;IACH,sBAAsB,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,QAAQ,EAAE;IA8BjD;;;;;;;OAOG;IACG,uBAAuB,CAC3B,QAAQ,EAAE,gBAAgB,EAC1B,SAAS,EAAE,IAAI,EACf,YAAY,EAAE,IAAI,EAClB,UAAU,CAAC,EAAE,gBAAgB,GAC5B,OAAO,CAAC,mBAAmB,CAAC;IAkI/B;;OAEG;IACG,mBAAmB,CACvB,KAAK,EAAE,IAAI,EAAE,EACb,QAAQ,EAAE,gBAAgB,EAC1B,UAAU,CAAC,EAAE,gBAAgB,GAC5B,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;IAkB5C;;OAEG;IACH,gBAAgB,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,mBAAmB,CAAC,GAAG;QAC3D,KAAK,EAAE,MAAM,CAAC;QACd,UAAU,EAAE,MAAM,CAAC;QACnB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,eAAe,EAAE,MAAM,EAAE,CAAC;KAC3B;IA0BD;;OAEG;IACH,OAAO,CAAC,mBAAmB;CAkB5B"}