@bryan-thompson/inspector-assessment-client 1.26.5 → 1.26.7

package/lib/services/assessment/modules/securityTests/SecurityPayloadGenerator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SecurityPayloadGenerator.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityPayloadGenerator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAIzD;;GAEG;AACH,qBAAa,wBAAwB;IACnC,OAAO,CAAC,iBAAiB,CAAuC;IAEhE;;OAEG;IACH,kBAAkB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO;IAUvC;;OAEG;IACH,oBAAoB,CAClB,OAAO,EAAE,eAAe,EACxB,IAAI,EAAE,IAAI,GACT,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IA+H1B;;OAEG;IACH,YAAY,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO;IASjC;;;OAGG;IACH,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;CAQ7C"}
+{"version":3,"file":"SecurityPayloadGenerator.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityPayloadGenerator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAIzD;;GAEG;AACH,qBAAa,wBAAwB;IACnC,OAAO,CAAC,iBAAiB,CAAuC;IAEhE;;OAEG;IACH,kBAAkB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO;IAUvC;;OAEG;IACH,oBAAoB,CAClB,OAAO,EAAE,eAAe,EACxB,IAAI,EAAE,IAAI,GACT,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAwJ1B;;OAEG;IACH,YAAY,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO;IASjC;;;OAGG;IACH,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;CAQ7C"}

package/lib/services/assessment/modules/securityTests/SecurityPayloadGenerator.js

@@ -31,7 +31,55 @@ export class SecurityPayloadGenerator {
         const params = {};
         const targetParamTypes = payload.parameterTypes || [];
         let payloadInjected = false;
-        // Check for language-specific code execution parameters first
+        // PRIORITY 1: Handle auth payloads first (Issue #81)
+        // These MUST go to token/auth parameters, not language-detected params
+        if (!payloadInjected && payload.payloadType === "auth") {
+            const authParams = [
+                "token",
+                "auth_token",
+                "authorization",
+                "api_key",
+                "access_token",
+            ];
+            for (const [key, prop] of Object.entries(schema.properties)) {
+                const propSchema = prop;
+                if (propSchema.type === "string") {
+                    for (const authParam of authParams) {
+                        if (key.toLowerCase().includes(authParam.toLowerCase())) {
+                            params[key] = payload.payload;
+                            payloadInjected = true;
+                            break;
+                        }
+                    }
+                    if (payloadInjected)
+                        break;
+                }
+            }
+        }
+        // PRIORITY 2: Handle auth_failure payloads (Issue #79)
+        // These MUST go to simulate_failure parameters
+        if (!payloadInjected && payload.payloadType === "auth_failure") {
+            const authFailureParams = [
+                "simulate_failure",
+                "failure_mode",
+                "failure_type",
+            ];
+            for (const [key, prop] of Object.entries(schema.properties)) {
+                const propSchema = prop;
+                if (propSchema.type === "string") {
+                    for (const failParam of authFailureParams) {
+                        if (key.toLowerCase().includes(failParam.toLowerCase())) {
+                            params[key] = payload.payload;
+                            payloadInjected = true;
+                            break;
+                        }
+                    }
+                    if (payloadInjected)
+                        break;
+                }
+            }
+        }
+        // PRIORITY 3: Check for language-specific code execution parameters
         for (const [key, prop] of Object.entries(schema.properties)) {
             const propSchema = prop;
             if (propSchema.type !== "string")
@@ -71,29 +119,6 @@ export class SecurityPayloadGenerator {
                 }
             }
         }
-        // Special handling for auth_failure payloads (Issue #79)
-        // These target simulate_failure parameters to test fail-open behavior
-        if (!payloadInjected && payload.payloadType === "auth_failure") {
-            const authFailureParams = [
-                "simulate_failure",
-                "failure_mode",
-                "failure_type",
-            ];
-            for (const [key, prop] of Object.entries(schema.properties)) {
-                const propSchema = prop;
-                if (propSchema.type === "string") {
-                    for (const failParam of authFailureParams) {
-                        if (key.toLowerCase().includes(failParam.toLowerCase())) {
-                            params[key] = payload.payload;
-                            payloadInjected = true;
-                            break;
-                        }
-                    }
-                    if (payloadInjected)
-                        break;
-                }
-            }
-        }
         // Fall back to generic payload - inject into first string parameter
         if (!payloadInjected) {
             for (const [key, prop] of Object.entries(schema.properties)) {

package/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.d.ts

@@ -1,22 +1,24 @@
 /**
- * Security Response Analyzer
+ * Security Response Analyzer (Facade)
  * Analyzes tool responses for evidence-based vulnerability detection
  *
- * Extracted from SecurityAssessor.ts for maintainability.
- * Handles response analysis, reflection detection, and confidence calculation.
+ * REFACTORED in Issue #53 (v2.0.0): Converted to facade pattern
+ * Delegates to focused classes for maintainability (CC 218 → ~50)
+ *
+ * Extracted classes:
+ * - ErrorClassifier: Error classification and connection error detection
+ * - ExecutionArtifactDetector: Execution evidence detection
+ * - MathAnalyzer: Math computation detection (Calculator Injection)
+ * - SafeResponseDetector: Safe response pattern detection
+ * - ConfidenceScorer: Confidence level calculation
  */
 import { CompatibilityCallToolResult, Tool } from "@modelcontextprotocol/sdk/types.js";
 import { SecurityPayload } from "../../../../lib/securityPatterns.js";
 import type { SanitizationDetectionResult } from "./SanitizationDetector.js";
-/**
- * Result of confidence calculation
- */
-export interface ConfidenceResult {
-    confidence: "high" | "medium" | "low";
-    requiresManualReview: boolean;
-    manualReviewReason?: string;
-    reviewGuidance?: string;
-}
+import { MathResultAnalysis } from "./MathAnalyzer.js";
+import { ConfidenceResult } from "./ConfidenceScorer.js";
+export type { ConfidenceResult } from "./ConfidenceScorer.js";
+export type { MathResultAnalysis } from "./MathAnalyzer.js";
 /**
  * Result of response analysis
  */
@@ -24,14 +26,6 @@ export interface AnalysisResult {
     isVulnerable: boolean;
     evidence?: string;
 }
-/**
- * Result of computed math analysis with confidence level (Issue #58)
- */
-export interface MathResultAnalysis {
-    isComputed: boolean;
-    confidence: "high" | "medium" | "low";
-    reason?: string;
-}
 /**
  * Result of auth bypass response analysis (Issue #75)
  * Detects fail-open authentication vulnerabilities (CVE-2025-52882)
@@ -41,6 +35,40 @@ export interface AuthBypassResult {
     failureMode: "FAIL_OPEN" | "FAIL_CLOSED" | "UNKNOWN";
     evidence?: string;
 }
+/**
+ * Result of cross-tool state-based auth bypass analysis (Issue #92, Challenge #7)
+ * Detects privilege escalation via shared mutable state between tools
+ */
+export interface StateBasedAuthResult {
+    vulnerable: boolean;
+    safe: boolean;
+    stateDependency: "SHARED_STATE" | "INDEPENDENT" | "UNKNOWN";
+    evidence: string;
+}
+/**
+ * Chain execution type classification (Issue #93, Challenge #6)
+ */
+export type ChainExecutionType = "VULNERABLE_EXECUTION" | "SAFE_VALIDATION" | "PARTIAL" | "UNKNOWN";
+/**
+ * Chain vulnerability categories (Issue #93, Challenge #6)
+ */
+export type ChainVulnerabilityCategory = "OUTPUT_INJECTION" | "RECURSIVE_CHAIN" | "ARBITRARY_TOOL_INVOCATION" | "TOOL_SHADOWING" | "MISSING_DEPTH_LIMIT" | "STATE_POISONING";
+/**
+ * Result of chain exploitation analysis (Issue #93, Challenge #6)
+ * Detects multi-tool chained exploitation attacks
+ */
+export interface ChainExploitationAnalysis {
+    vulnerable: boolean;
+    safe: boolean;
+    chainType: ChainExecutionType;
+    vulnerabilityCategories: ChainVulnerabilityCategory[];
+    evidence: {
+        vulnerablePatterns: string[];
+        safePatterns: string[];
+        vulnerableScore: number;
+        safeScore: number;
+    };
+}
 /**
  * Error classification types
  */
@@ -48,8 +76,17 @@ export type ErrorClassification = "connection" | "server" | "protocol";
 /**
  * Analyzes tool responses for security vulnerabilities
  * Distinguishes between safe reflection and actual execution
+ *
+ * This class serves as a facade, delegating to focused analyzers
+ * while maintaining the same public API for backward compatibility.
  */
 export declare class SecurityResponseAnalyzer {
+    private errorClassifier;
+    private executionDetector;
+    private mathAnalyzer;
+    private safeDetector;
+    private confidenceScorer;
+    constructor();
     /**
      * Analyze response with evidence-based detection
      * CRITICAL: Distinguish between safe reflection and actual execution
@@ -59,24 +96,59 @@ export declare class SecurityResponseAnalyzer {
      */
     analyzeResponse(response: CompatibilityCallToolResult, payload: SecurityPayload, tool: Tool): AnalysisResult;
     /**
-     * Check for safe error responses that indicate proper input rejection
-     * Handles: MCP validation errors (-32602), HTTP 4xx/5xx errors
+     * Calculate confidence level and manual review requirements
      */
-    private checkSafeErrorResponses;
+    calculateConfidence(tool: Tool, isVulnerable: boolean, evidence: string, responseText: string, payload: SecurityPayload, sanitizationResult?: SanitizationDetectionResult): ConfidenceResult;
     /**
-     * Check for safe tool behavior patterns
-     * Handles: Tool categories, reflection, computed math, validation rejection
+     * Analyze response for auth bypass patterns (Issue #75)
+     * Detects fail-open authentication vulnerabilities (CVE-2025-52882)
      */
-    private checkSafeToolBehavior;
+    analyzeAuthBypassResponse(response: CompatibilityCallToolResult): AuthBypassResult;
     /**
-     * Check for vulnerability evidence in response
-     * Handles: Evidence pattern matching, fallback injection analysis
+     * Analyze response for cross-tool state-based authorization bypass (Issue #92)
+     * Detects Challenge #7: Privilege escalation via shared mutable state
+     *
+     * Vulnerable pattern: Tool checks shared state (e.g., config_state["admin_mode"])
+     * that can be modified by another tool (e.g., config_modifier)
+     *
+     * Safe pattern: Tool uses independent per-request authorization,
+     * indicated by shared_state_checked: false or independent_auth_required: true
+     */
+    analyzeStateBasedAuthBypass(response: CompatibilityCallToolResult): StateBasedAuthResult;
+    /**
+     * Analyze response for chain exploitation vulnerabilities (Issue #93, Challenge #6)
+     * Detects multi-tool chained exploitation attacks including:
+     * - Arbitrary tool invocation without allowlist
+     * - Output injection via {{output}} template substitution
+     * - Recursive/circular chain execution (DoS potential)
+     * - State poisoning between chain steps
+     * - Tool shadowing in chains
+     * - Missing depth/size limits
+     *
+     * @param response The tool response to analyze
+     * @returns Analysis result with vulnerability status and evidence
      */
-    private checkVulnerabilityEvidence;
+    analyzeChainExploitation(response: CompatibilityCallToolResult): ChainExploitationAnalysis;
     /**
-     * Check if tool explicitly rejected input with validation error (SAFE)
+     * Check if response indicates connection/server failure
      */
-    isValidationRejection(response: CompatibilityCallToolResult): boolean;
+    isConnectionError(response: CompatibilityCallToolResult): boolean;
+    /**
+     * Check if caught exception indicates connection/server failure
+     */
+    isConnectionErrorFromException(error: unknown): boolean;
+    /**
+     * Classify error type for reporting
+     */
+    classifyError(response: CompatibilityCallToolResult): ErrorClassification;
+    /**
+     * Classify error type from caught exception
+     */
+    classifyErrorFromException(error: unknown): ErrorClassification;
+    /**
+     * Extract response content from MCP response
+     */
+    extractResponseContent(response: CompatibilityCallToolResult): string;
     /**
      * Check if response is an MCP validation error (safe rejection)
      */
@@ -98,45 +170,19 @@ export declare class SecurityResponseAnalyzer {
     hasExecutionEvidence(responseText: string): boolean;
     /**
      * Check if a math expression payload was computed (execution evidence)
+     * @deprecated Use analyzeComputedMathResult instead
      */
     isComputedMathResult(payload: string, responseText: string): boolean;
     /**
-     * Check if numeric value appears in structured data context (not as computation result)
-     * Distinguishes {"records": 4} from computed "4" (Issue #58)
-     *
-     * @param result The computed numeric result to check for
-     * @param responseText The response text to analyze
-     * @returns true if the number appears to be coincidental data, not a computed result
+     * Check if numeric value appears in structured data context
      */
     isCoincidentalNumericInStructuredData(result: number, responseText: string): boolean;
     /**
      * Enhanced computed math result analysis with tool context (Issue #58)
-     *
-     * Returns a confidence level indicating how likely this is a real Calculator Injection:
-     * - high: Strong evidence of computation (should flag as vulnerable)
-     * - medium: Ambiguous (excluded from vulnerability count per user decision)
-     * - low: Likely coincidental data (excluded from vulnerability count)
      */
     analyzeComputedMathResult(payload: string, responseText: string, tool?: Tool): MathResultAnalysis;
-    /**
-     * Check if response indicates connection/server failure
-     */
-    isConnectionError(response: CompatibilityCallToolResult): boolean;
-    /**
-     * Check if caught exception indicates connection/server failure
-     */
-    isConnectionErrorFromException(error: unknown): boolean;
-    /**
-     * Classify error type for reporting
-     */
-    classifyError(response: CompatibilityCallToolResult): ErrorClassification;
-    /**
-     * Classify error type from caught exception
-     */
-    classifyErrorFromException(error: unknown): ErrorClassification;
     /**
      * Check if response is just reflection (safe)
-     * Two-layer defense: Match reflection patterns, verify NO execution evidence
      */
     isReflectionResponse(responseText: string): boolean;
     /**
@@ -148,21 +194,9 @@ export declare class SecurityResponseAnalyzer {
      */
     containsEchoedInjectionPayload(responseText: string): boolean;
     /**
-     * Analyze injection response (fallback logic)
-     */
-    analyzeInjectionResponse(response: CompatibilityCallToolResult, _payload: string): AnalysisResult;
-    /**
-     * Calculate confidence level and manual review requirements
-     *
-     * @param tool - The tool being tested
-     * @param isVulnerable - Whether the tool was flagged as vulnerable
-     * @param evidence - Evidence string from vulnerability detection
-     * @param responseText - The response text from the tool
-     * @param payload - The security payload used for testing
-     * @param sanitizationResult - Optional sanitization detection result (Issue #56)
-     * @returns Confidence result with manual review requirements
+     * Check if tool explicitly rejected input with validation error (SAFE)
      */
-    calculateConfidence(tool: Tool, isVulnerable: boolean, evidence: string, responseText: string, payload: SecurityPayload, sanitizationResult?: SanitizationDetectionResult): ConfidenceResult;
+    isValidationRejection(response: CompatibilityCallToolResult): boolean;
     /**
      * Check if tool is a structured data tool
      */
@@ -171,25 +205,28 @@ export declare class SecurityResponseAnalyzer {
      * Check if response is returning search results
      */
     isSearchResultResponse(responseText: string): boolean;
-    /**
-     * Analyze response for auth bypass patterns (Issue #75)
-     * Detects fail-open authentication vulnerabilities (CVE-2025-52882)
-     *
-     * @param response The tool response to analyze
-     * @returns AuthBypassResult with detection status and failure mode classification
-     */
-    analyzeAuthBypassResponse(response: CompatibilityCallToolResult): AuthBypassResult;
     /**
      * Check if response is from a creation/modification operation
      */
     isCreationResponse(responseText: string): boolean;
     /**
-     * Extract response content
+     * Check for safe error responses that indicate proper input rejection
+     * Handles: MCP validation errors (-32602), HTTP 4xx/5xx errors
      */
-    extractResponseContent(response: CompatibilityCallToolResult): string;
+    private checkSafeErrorResponses;
+    /**
+     * Check for safe tool behavior patterns
+     * Handles: Tool categories, reflection, computed math, validation rejection
+     */
+    private checkSafeToolBehavior;
     /**
-     * Extract error info from response
+     * Check for vulnerability evidence in response
+     * Handles: Evidence pattern matching, fallback injection analysis
+     */
+    private checkVulnerabilityEvidence;
+    /**
+     * Analyze injection response (fallback logic)
      */
-    private extractErrorInfo;
+    private analyzeInjectionResponse;
 }
 //# sourceMappingURL=SecurityResponseAnalyzer.d.ts.map

package/lib/services/assessment/modules/securityTests/SecurityResponseAnalyzer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SecurityResponseAnalyzer.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityResponseAnalyzer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,2BAA2B,EAC3B,IAAI,EACL,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,wBAAwB,CAAC;AAE1E;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,oBAAoB,EAAE,OAAO,CAAC;IAC9B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,WAAW,GAAG,aAAa,GAAG,SAAS,CAAC;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,YAAY,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEvE;;;GAGG;AACH,qBAAa,wBAAwB;IACnC;;;;;;OAMG;IACH,eAAe,CACb,QAAQ,EAAE,2BAA2B,EACrC,OAAO,EAAE,eAAe,EACxB,IAAI,EAAE,IAAI,GACT,cAAc;IAqBjB;;;OAGG;IACH,OAAO,CAAC,uBAAuB;IA2B/B;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IAkF7B;;;OAGG;IACH,OAAO,CAAC,0BAA0B;IAuClC;;OAEG;IACH,qBAAqB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IA2DrE;;OAEG;IACH,oBAAoB,CAClB,SAAS,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,EACvD,YAAY,EAAE,MAAM,GACnB,OAAO;IA6BV;;OAEG;IACH,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAiBlD;;OAEG;IACH,mBAAmB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO;IAqBrD;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IA6BnD;;OAEG;IACH,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO;IAiFpE;;;;;;;OAOG;IACH,qCAAqC,CACnC,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,GACnB,OAAO;IAwFV;;;;;;;OAOG;IACH,yBAAyB,CACvB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,EACpB,IAAI,CAAC,EAAE,IAAI,GACV,kBAAkB;IAoMrB;;OAEG;IACH,iBAAiB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IA4CjE;;OAEG;IACH,8BAA8B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO;IA8CvD;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,2BAA2B,GAAG,mBAAmB;IA0BzE;;OAEG;IACH,0BAA0B,CAAC,KAAK,EAAE,OAAO,GAAG,mBAAmB;IA2B/D;;;OAGG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IA+KnD;;OAEG;IACH,wBAAwB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAuCvD;;OAEG;IACH,8BAA8B,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAgB7D;;OAEG;IACH,wBAAwB,CACtB,QAAQ,EAAE,2BAA2B,EACrC,QAAQ,EAAE,MAAM,GACf,cAAc;IAyBjB;;;;;;;;;;OAUG;IACH,mBAAmB,CACjB,IAAI,EAAE,IAAI,EACV,YAAY,EAAE,OAAO,EACrB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,eAAe,EACxB,kBAAkB,CAAC,EAAE,2BAA2B,GAC/C,gBAAgB;IA4JnB;;OAEG;IACH,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,OAAO;IAmBxE;;OAEG;IACH,sBAAsB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAiBrD;;;;;;OAMG;IACH,yBAAyB,CACvB,QAAQ,EAAE,2BAA2B,GACpC,gBAAgB;IAsGnB;;OAEG;IACH,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAoBjD;;OAEG;IACH,sBAAsB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,MAAM;IAWrE;;OAEG;IACH,OAAO,CAAC,gBAAgB;CAwBzB"}
+{"version":3,"file":"SecurityResponseAnalyzer.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/SecurityResponseAnalyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EACL,2BAA2B,EAC3B,IAAI,EACL,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,wBAAwB,CAAC;AAK1E,OAAO,EAAgB,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAElE,OAAO,EAAoB,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAYxE,YAAY,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,YAAY,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEzD;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,WAAW,GAAG,aAAa,GAAG,SAAS,CAAC;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,eAAe,EAAE,cAAc,GAAG,aAAa,GAAG,SAAS,CAAC;IAC5D,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAC1B,sBAAsB,GACtB,iBAAiB,GACjB,SAAS,GACT,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,MAAM,0BAA0B,GAClC,kBAAkB,GAClB,iBAAiB,GACjB,2BAA2B,GAC3B,gBAAgB,GAChB,qBAAqB,GACrB,iBAAiB,CAAC;AAEtB;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,SAAS,EAAE,kBAAkB,CAAC;IAC9B,uBAAuB,EAAE,0BAA0B,EAAE,CAAC;IACtD,QAAQ,EAAE;QACR,kBAAkB,EAAE,MAAM,EAAE,CAAC;QAC7B,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,eAAe,EAAE,MAAM,CAAC;QACxB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,YAAY,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEvE;;;;;;GAMG;AACH,qBAAa,wBAAwB;IAEnC,OAAO,CAAC,eAAe,CAAkB;IACzC,OAAO,CAAC,iBAAiB,CAA4B;IACrD,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,YAAY,CAAuB;IAC3C,OAAO,CAAC,gBAAgB,CAAmB;;IAc3C;;;;;;OAMG;IACH,eAAe,CACb,QAAQ,EAAE,2BAA2B,EACrC,OAAO,EAAE,eAAe,EACxB,IAAI,EAAE,IAAI,GACT,cAAc;IAqBjB;;OAEG;IACH,mBAAmB,CACjB,IAAI,EAAE,IAAI,EACV,YAAY,EAAE,OAAO,EACrB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,eAAe,EACxB,kBAAkB,CAAC,EAAE,2BAA2B,GAC/C,gBAAgB;IAWnB;;;OAGG;IACH,yBAAyB,CACvB,QAAQ,EAAE,2BAA2B,GACpC,gBAAgB;IAsFnB;;;;;;;;;OASG;IACH,2BAA2B,CACzB,QAAQ,EAAE,2BAA2B,GACpC,oBAAoB;IAmGvB;;;;;;;;;;;;OAYG;IACH,wBAAwB,CACtB,QAAQ,EAAE,2BAA2B,GACpC,yBAAyB;IA6D5B;;OAEG;IACH,iBAAiB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAIjE;;OAEG;IACH,8BAA8B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO;IAIvD;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,2BAA2B,GAAG,mBAAmB;IAIzE;;OAEG;IACH,0BAA0B,CAAC,KAAK,EAAE,OAAO,GAAG,mBAAmB;IAI/D;;OAEG;IACH,sBAAsB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,MAAM;IAQrE;;OAEG;IACH,oBAAoB,CAClB,SAAS,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,EACvD,YAAY,EAAE,MAAM,GACnB,OAAO;IAIV;;OAEG;IACH,mBAAmB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIlD;;OAEG;IACH,mBAAmB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAInD;;;OAGG;IACH,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO;IAIpE;;OAEG;IACH,qCAAqC,CACnC,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,GACnB,OAAO;IAOV;;OAEG;IACH,yBAAyB,CACvB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,EACpB,IAAI,CAAC,EAAE,IAAI,GACV,kBAAkB;IAQrB;;OAEG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAInD;;OAEG;IACH,wBAAwB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIvD;;OAEG;IACH,8BAA8B,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAI7D;;OAEG;IACH,qBAAqB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAIrE;;OAEG;IACH,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,OAAO;IAOxE;;OAEG;IACH,sBAAsB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAIrD;;OAEG;IACH,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAQjD;;;OAGG;IACH,OAAO,CAAC,uBAAuB;IAyB/B;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IA+E7B;;;OAGG;IACH,OAAO,CAAC,0BAA0B;IAwClC;;OAEG;IACH,OAAO,CAAC,wBAAwB;CAoBjC"}