@bryan-thompson/inspector-assessment-client 1.33.3 → 1.34.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/assets/{OAuthCallback-Dh4NOmXj.js → OAuthCallback-C27_rGpA.js} +1 -1
- package/dist/assets/{OAuthDebugCallback-Bv0nFlfP.js → OAuthDebugCallback-DpgDVJTf.js} +1 -1
- package/dist/assets/{index-BABurola.js → index-BX8lZxC_.js} +4 -4
- package/dist/index.html +1 -1
- package/lib/lib/assessment/extendedTypes.d.ts +24 -0
- package/lib/lib/assessment/extendedTypes.d.ts.map +1 -1
- package/lib/services/assessment/modules/ResourceAssessor.d.ts +27 -0
- package/lib/services/assessment/modules/ResourceAssessor.d.ts.map +1 -1
- package/lib/services/assessment/modules/ResourceAssessor.js +334 -4
- package/package.json +1 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-
|
|
1
|
+
import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-BX8lZxC_.js";
|
|
2
2
|
const OAuthCallback = ({ onConnect }) => {
|
|
3
3
|
const { toast } = useToast();
|
|
4
4
|
const hasProcessedRef = reactExports.useRef(false);
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-
|
|
1
|
+
import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-BX8lZxC_.js";
|
|
2
2
|
const OAuthDebugCallback = ({ onConnect }) => {
|
|
3
3
|
reactExports.useEffect(() => {
|
|
4
4
|
let isProcessed = false;
|
|
@@ -16373,7 +16373,7 @@ object({
|
|
|
16373
16373
|
token_type_hint: string().optional()
|
|
16374
16374
|
}).strip();
|
|
16375
16375
|
const name = "@bryan-thompson/inspector-assessment-client";
|
|
16376
|
-
const version$1 = "1.
|
|
16376
|
+
const version$1 = "1.34.0";
|
|
16377
16377
|
const packageJson = {
|
|
16378
16378
|
name,
|
|
16379
16379
|
version: version$1
|
|
@@ -48919,7 +48919,7 @@ const useTheme = () => {
|
|
|
48919
48919
|
[theme, setThemeWithSideEffect]
|
|
48920
48920
|
);
|
|
48921
48921
|
};
|
|
48922
|
-
const version = "1.
|
|
48922
|
+
const version = "1.34.0";
|
|
48923
48923
|
var [createTooltipContext] = createContextScope("Tooltip", [
|
|
48924
48924
|
createPopperScope
|
|
48925
48925
|
]);
|
|
@@ -52514,13 +52514,13 @@ const App = () => {
|
|
|
52514
52514
|
) });
|
|
52515
52515
|
if (window.location.pathname === "/oauth/callback") {
|
|
52516
52516
|
const OAuthCallback = React.lazy(
|
|
52517
|
-
() => __vitePreload(() => import("./OAuthCallback-
|
|
52517
|
+
() => __vitePreload(() => import("./OAuthCallback-C27_rGpA.js"), true ? [] : void 0)
|
|
52518
52518
|
);
|
|
52519
52519
|
return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthCallback, { onConnect: onOAuthConnect }) });
|
|
52520
52520
|
}
|
|
52521
52521
|
if (window.location.pathname === "/oauth/callback/debug") {
|
|
52522
52522
|
const OAuthDebugCallback = React.lazy(
|
|
52523
|
-
() => __vitePreload(() => import("./OAuthDebugCallback-
|
|
52523
|
+
() => __vitePreload(() => import("./OAuthDebugCallback-DpgDVJTf.js"), true ? [] : void 0)
|
|
52524
52524
|
);
|
|
52525
52525
|
return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthDebugCallback, { onConnect: onOAuthDebugConnect }) });
|
|
52526
52526
|
}
|
package/dist/index.html
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
<link rel="icon" type="image/svg+xml" href="/mcp.svg" />
|
|
6
6
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
7
7
|
<title>MCP Inspector</title>
|
|
8
|
-
<script type="module" crossorigin src="/assets/index-
|
|
8
|
+
<script type="module" crossorigin src="/assets/index-BX8lZxC_.js"></script>
|
|
9
9
|
<link rel="stylesheet" crossorigin href="/assets/index-BoUA5OL1.css">
|
|
10
10
|
</head>
|
|
11
11
|
<body>
|
|
@@ -475,6 +475,24 @@ export interface ResourceTestResult {
|
|
|
475
475
|
hiddenResourceProbe?: boolean;
|
|
476
476
|
/** The pattern used to probe for this hidden resource */
|
|
477
477
|
probePattern?: string;
|
|
478
|
+
/** Whether blob DoS testing was performed */
|
|
479
|
+
blobDosTested?: boolean;
|
|
480
|
+
/** DoS risk level from size analysis */
|
|
481
|
+
blobDosRiskLevel?: "HIGH" | "MEDIUM" | "LOW" | "NONE";
|
|
482
|
+
/** Requested blob size in bytes */
|
|
483
|
+
blobRequestedSize?: number;
|
|
484
|
+
/** Whether polyglot testing was performed */
|
|
485
|
+
polyglotTested?: boolean;
|
|
486
|
+
/** Polyglot combination detected (e.g., "gif/javascript") */
|
|
487
|
+
polyglotCombination?: string;
|
|
488
|
+
/** Whether MIME validation was performed */
|
|
489
|
+
mimeValidationPerformed?: boolean;
|
|
490
|
+
/** MIME type mismatch detected */
|
|
491
|
+
mimeTypeMismatch?: boolean;
|
|
492
|
+
/** Expected MIME type based on content magic bytes */
|
|
493
|
+
expectedMimeType?: string;
|
|
494
|
+
/** Declared MIME type from resource */
|
|
495
|
+
declaredMimeType?: string;
|
|
478
496
|
}
|
|
479
497
|
export interface ResourceAssessment {
|
|
480
498
|
resourcesTested: number;
|
|
@@ -484,6 +502,12 @@ export interface ResourceAssessment {
|
|
|
484
502
|
pathTraversalVulnerabilities: number;
|
|
485
503
|
sensitiveDataExposures: number;
|
|
486
504
|
promptInjectionVulnerabilities: number;
|
|
505
|
+
/** Number of blob DoS vulnerabilities detected */
|
|
506
|
+
blobDosVulnerabilities: number;
|
|
507
|
+
/** Number of polyglot file vulnerabilities detected */
|
|
508
|
+
polyglotVulnerabilities: number;
|
|
509
|
+
/** Number of MIME validation failures detected */
|
|
510
|
+
mimeValidationFailures: number;
|
|
487
511
|
results: ResourceTestResult[];
|
|
488
512
|
status: AssessmentStatus;
|
|
489
513
|
explanation: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"extendedTypes.d.ts","sourceRoot":"","sources":["../../../src/lib/assessment/extendedTypes.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EAChB,MAAM,aAAa,CAAC;AAOrB,MAAM,MAAM,WAAW,GACnB,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,CAAC;AAER,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,MAAM,CAAC;AAElE,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,WAAW,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,WAAW,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,WAAW,GAAG,kBAAkB,GAAG,QAAQ,GAAG,aAAa,CAAC;IACtE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,mBAAmB,EAAE,OAAO,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,YAAY,EAAE,CAAC;IAC3B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,gBAAgB,EAAE;QAChB,SAAS,EAAE,OAAO,CAAC;QACnB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,MAAM,EAAE,OAAO,CAAC;QAChB,UAAU,EAAE,OAAO,CAAC;KACrB,CAAC;IACF,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,KAAK,GAAG,aAAa,GAAG,UAAU,GAAG,MAAM,CAAC;AAE3E,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,OAAO,CAAC;IACxB,WAAW,CAAC,EAAE;QACZ,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,CAAC,EAAE,OAAO,CAAC;KACzB,CAAC;IACF,gDAAgD;IAChD,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,gBAAgB,CAAC,EAAE;QACjB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;QAC7B,MAAM,EAAE,MAAM,CAAC;QACf,wCAAwC;QACxC,UAAU,EAAE,mBAAmB,CAAC;QAChC,yDAAyD;QACzD,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,iEAAiE;IACjE,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,iDAAiD;IACjD,oBAAoB,CAAC,EAAE;QACrB,QAAQ,EAAE,OAAO,CAAC;QAClB,QAAQ,EAAE,KAAK,CAAC;YACd,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,MAAM,CAAC;YAChB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;YACpC,QAAQ,EAAE,MAAM,CAAC;YACjB,QAAQ,EAAE,MAAM,CAAC;SAClB,CAAC,CAAC;QACH,SAAS,EAAE,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;KAC/C,CAAC;IACF,+CAA+C;IAC/C,gBAAgB,CAAC,EAAE;QACjB,kCAAkC;QAClC,SAAS,CAAC,EAAE;YACV,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;YAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;SAC5B,CAAC;QACF,oCAAoC;QACpC,WAAW,CAAC,EAAE;YACZ,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;YACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;SACnB,CAAC;QACF,6BAA6B;QAC7B,YAAY,CAAC,EAAE;YACb,SAAS,EAAE,OAAO,CAAC;YACnB,MAAM,CAAC,EAAE,MAAM,CAAC;SACjB,CAAC;QACF,6BAA6B;QAC7B,cAAc,CAAC,EAAE;YACf,SAAS,EAAE,OAAO,CAAC;YACnB,YAAY,CAAC,EAAE,MAAM,CAAC;SACvB,CAAC;KACH,CAAC;CACH;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,oBAAoB,EAAE,CAAC;IACpC,cAAc,EAAE,MAAM,CAAC;IACvB,uBAAuB,EAAE,MAAM,CAAC;IAChC,gFAAgF;IAChF,0BAA0B,EAAE,MAAM,CAAC;IACnC,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,8CAA8C;IAC9C,OAAO,CAAC,EAAE;QACR,uDAAuD;QACvD,QAAQ,EAAE,MAAM,CAAC;QACjB,yDAAyD;QACzD,WAAW,EAAE,MAAM,CAAC;QACpB,uDAAuD;QACvD,WAAW,EAAE,MAAM,CAAC;QACpB,2CAA2C;QAC3C,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IACF,6CAA6C;IAC7C,kBAAkB,CAAC,EAAE;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC;QACnB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,uDAAuD;IACvD,iBAAiB,CAAC,EAAE;QAClB,oDAAoD;QACpD,GAAG,EAAE,MAAM,CAAC;QACZ,sCAAsC;QACtC,UAAU,EAAE,MAAM,CAAC;QACnB,sDAAsD;QACtD,QAAQ,EAAE,MAAM,CAAC;QACjB,sCAAsC;QACtC,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,oEAAoE;IACpE,4BAA4B,CAAC,EAAE,MAAM,CAAC;IACtC,qDAAqD;IACrD,uBAAuB,CAAC,EAAE;QACxB,mBAAmB,EAAE,MAAM,CAAC;QAC5B,oBAAoB,EAAE,MAAM,CAAC;QAC7B,qBAAqB,EAAE,MAAM,CAAC;QAC9B,oBAAoB,EAAE,MAAM,CAAC;KAC9B,CAAC;IACF,+CAA+C;IAC/C,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;IAC5C,sDAAsD;IACtD,wBAAwB,CAAC,EAAE;QACzB,8CAA8C;QAC9C,kBAAkB,EAAE,MAAM,CAAC;QAC3B,qDAAqD;QACrD,kBAAkB,EAAE,MAAM,CAAC;QAC3B,gDAAgD;QAChD,aAAa,EAAE,MAAM,CAAC;QACtB,6DAA6D;QAC7D,uBAAuB,EAAE,MAAM,CAAC;KACjC,CAAC;CACH;AAOD,MAAM,MAAM,yBAAyB,GACjC,WAAW,GACX,OAAO,GACP,UAAU,GACV,SAAS,CAAC;AAEd,MAAM,MAAM,qBAAqB,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;AAEpE,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,yBAAyB,CAAC;IACpC,QAAQ,EACJ,cAAc,GACd,eAAe,GACf,kBAAkB,GAClB,YAAY,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;IACxB,6EAA6E;IAC7E,WAAW,CAAC,EAAE,qBAAqB,CAAC;IACpC,4DAA4D;IAC5D,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,6CAA6C;IAC7C,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,6BAA6B;IAC5C,OAAO,EAAE,sBAAsB,EAAE,CAAC;IAClC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,kBAAkB;IACjC,gBAAgB,EAAE,MAAM,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE;QACV,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;QAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC9B,CAAC;IACF,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED;;;GAGG;AACH,MAAM,WAAW,uBAAuB;IACtC,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,wBAAwB;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;CACxC;AAED,MAAM,WAAW,4BAA4B;IAC3C,WAAW,EAAE,OAAO,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,iBAAiB,EAAE,wBAAwB,EAAE,CAAC;IAC9C,OAAO,EAAE,OAAO,CAAC;IACjB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,4CAA4C;IAC5C,eAAe,CAAC,EAAE;QAChB,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,iBAAiB,EAAE,uBAAuB,EAAE,CAAC;QAC7C,aAAa,EAAE,OAAO,CAAC;KACxB,CAAC;IACF,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EACA,gBAAgB,GAChB,mBAAmB,GACnB,yBAAyB,GACzB,eAAe,GACf,gBAAgB,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACpC,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,gBAAgB,EAAE,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE,OAAO,CAAC;IACrB,cAAc,EAAE,OAAO,CAAC;IACxB,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;IAE1B,yCAAyC;IACzC,aAAa,CAAC,EAAE,KAAK,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,OAAO,CAAC;QACpB,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,CAAC,CAAC;IACH,gCAAgC;IAChC,gBAAgB,CAAC,EAAE;QACjB,SAAS,EAAE,KAAK,GAAG,SAAS,GAAG,OAAO,GAAG,OAAO,CAAC;QACjD,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC;CACH;AAMD,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,4BAA4B;IAC3C,YAAY,EAAE,WAAW,EAAE,CAAC;IAC5B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAMD,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAAC;AAElE,MAAM,WAAW,mBAAmB;IAClC,aAAa,EAAE,OAAO,CAAC;IACvB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,yBAAyB;IACxC,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,OAAO,CAAC;IACrB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,aAAa,EAAE,OAAO,CAAC;IACvB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,mDAAmD;AACnD,MAAM,MAAM,qBAAqB,GAC7B,oBAAoB,GACpB,mBAAmB,GACnB,iBAAiB,GACjB,kBAAkB,GAClB,kBAAkB,CAAC;AAEvB,6CAA6C;AAC7C,MAAM,MAAM,kBAAkB,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAE3D,sDAAsD;AACtD,MAAM,WAAW,wBAAwB;IACvC,sEAAsE;IACtE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oEAAoE;IACpE,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wCAAwC;AACxC,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,qBAAqB,CAAC;IAC5B,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,oEAAoE;IACpE,OAAO,CAAC,EAAE,wBAAwB,CAAC;CACpC;AAED,0CAA0C;AAC1C,MAAM,WAAW,kBAAkB;IACjC,8BAA8B;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,uBAAuB;IACvB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,wBAAwB;IACxB,QAAQ,EAAE,iBAAiB,EAAE,CAAC;IAC9B,qCAAqC;IACrC,eAAe,EAAE,OAAO,CAAC;IACzB,8CAA8C;IAC9C,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,UAAU,CAAC;IACvB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,mBAAmB,CAAC;IACrC,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE;QAChB,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,uBAAuB,EAAE,MAAM,EAAE,CAAC;QAClC,gBAAgB,EAAE,MAAM,EAAE,CAAC;KAC5B,CAAC;IACF,iBAAiB,CAAC,EAAE,yBAAyB,CAAC;IAC9C,2FAA2F;IAC3F,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,OAAO,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,mBAAmB,GAAG,qBAAqB,GAAG,IAAI,CAAC;IAC5D,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,MAAM,CAAC;IACrC,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE;QACT,mBAAmB,EAAE,OAAO,CAAC;QAC7B,wBAAwB,EAAE,OAAO,CAAC;KACnC,CAAC;IAEF,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,oBAAoB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,kBAAkB,CAAC,EAAE;QACnB,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,CAAC,EAAE,OAAO,CAAC;KACzB,CAAC;IACF,qEAAqE;IACrE,sBAAsB,CAAC,EAAE,sBAAsB,CAAC;IAChD,kEAAkE;IAClE,eAAe,CAAC,EAAE,KAAK,CAAC;QACtB,UAAU,EAAE,MAAM,CAAC;QACnB,cAAc,EAAE,sBAAsB,CAAC;KACxC,CAAC,CAAC;IACH;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,UAAU,GAAG,YAAY,GAAG,IAAI,CAAC;CACnD;AAOD;;;;;;;GAOG;AACH,MAAM,MAAM,YAAY,GAAG,YAAY,GAAG,YAAY,GAAG,YAAY,CAAC;AAEtE;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC,gCAAgC;IAChC,IAAI,EAAE,YAAY,CAAC;IACnB,uCAAuC;IACvC,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,oDAAoD;IACpD,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,kDAAkD;IAClD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,yEAAyE;IACzE,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC/B;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC;IACzB,2BAA2B,EAAE,MAAM,CAAC;IACpC,OAAO,EAAE,kBAAkB,EAAE,CAAC;IAC9B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,OAAO,CAAC;IACpB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,uBAAuB,EAAE,OAAO,CAAC;IACjC,oBAAoB,EAAE,OAAO,CAAC;IAC9B,uBAAuB,EAAE,OAAO,CAAC;IACjC,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,2DAA2D;IAC3D,iBAAiB,CAAC,EAAE,KAAK,CAAC;QACxB,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;QACzC,QAAQ,EAAE,OAAO,CAAC;KACnB,CAAC,CAAC;IACH,iCAAiC;IACjC,cAAc,CAAC,EAAE;QACf,YAAY,EAAE,OAAO,CAAC;QACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,oDAAoD;IACpD,kBAAkB,CAAC,EAAE,QAAQ,GAAG,UAAU,GAAG,cAAc,GAAG,YAAY,CAAC;IAE3E,kDAAkD;IAClD,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,8CAA8C;IAC9C,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAE7B,0DAA0D;IAC1D,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,yDAAyD;IACzD,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,kBAAkB;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,uBAAuB,EAAE,MAAM,CAAC;IAChC,mBAAmB,EAAE,MAAM,CAAC;IAC5B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,4BAA4B,EAAE,MAAM,CAAC;IACrC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,8BAA8B,EAAE,MAAM,CAAC;IACvC,OAAO,EAAE,kBAAkB,EAAE,CAAC;IAC9B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,OAAO,CAAC;IAChB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,EAAE,OAAO,CAAC;IACtB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,6CAA6C;IAC7C,cAAc,CAAC,EAAE;QACf,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,SAAS,EAAE,OAAO,CAAC;KACpB,CAAC;IACF,+BAA+B;IAC/B,cAAc,CAAC,EAAE;QACf,gBAAgB,EAAE,OAAO,CAAC;QAC1B,aAAa,EAAE,OAAO,CAAC;QACvB,eAAe,EAAE,MAAM,EAAE,CAAC;KAC3B,CAAC;CACH;AAED,MAAM,WAAW,gBAAgB;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,wBAAwB,EAAE,MAAM,CAAC;IACjC,wBAAwB,EAAE,MAAM,CAAC;IACjC,OAAO,EAAE,gBAAgB,EAAE,CAAC;IAC5B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,yBAAyB;IACxC,QAAQ,EACJ,kBAAkB,GAClB,gBAAgB,GAChB,kBAAkB,GAClB,sBAAsB,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,OAAO,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,iBAAiB,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;IAEpB,uDAAuD;IACvD,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,qCAAqC;IACrC,oBAAoB,CAAC,EAAE;QACrB,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,6DAA6D;IAC7D,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,wCAAwC;IACxC,UAAU,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CACxC;AAED,MAAM,WAAW,iCAAiC;IAChD,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,wBAAwB,EAAE,MAAM,CAAC;IACjC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,OAAO,EAAE,yBAAyB,EAAE,CAAC;IACrC,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAQD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,+BAA+B;IAC/B,MAAM,EAAE,OAAO,CAAC;IAChB,2CAA2C;IAC3C,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,kDAAkD;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,gEAAgE;IAChE,aAAa,EAAE,MAAM,CAAC;IACtB,mFAAmF;IACnF,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,6DAA6D;IAC7D,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;;;GAIG;AACH,MAAM,WAAW,6BAA6B;IAC5C,iCAAiC;IACjC,MAAM,EAAE;QACN,0FAA0F;QAC1F,mBAAmB,EAAE,aAAa,CAAC;QACnC,uEAAuE;QACvE,kBAAkB,EAAE,aAAa,CAAC;QAClC,iEAAiE;QACjE,uBAAuB,EAAE,aAAa,CAAC;QACvC,mFAAmF;QACnF,qBAAqB,CAAC,EAAE,aAAa,CAAC;QACtC,6EAA6E;QAC7E,gBAAgB,CAAC,EAAE,aAAa,CAAC;KAClC,CAAC;IACF,wCAAwC;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,mEAAmE;IACnE,MAAM,EAAE,gBAAgB,CAAC;IACzB,0DAA0D;IAC1D,WAAW,EAAE,MAAM,CAAC;IACpB,yDAAyD;IACzD,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD;;GAEG;AACH,MAAM,MAAM,eAAe,GACvB,OAAO,GACP,SAAS,GACT,QAAQ,GACR,YAAY,GACZ,OAAO,GACP,OAAO,GACP,UAAU,GACV,WAAW,GACX,UAAU,GACV,WAAW,GACX,eAAe,GACf,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;AAErD;;GAEG;AACH,MAAM,MAAM,sBAAsB,GAAG,OAAO,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAEnE;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,4CAA4C;IAC5C,UAAU,EAAE,sBAAsB,CAAC;IACnC,iDAAiD;IACjD,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,4DAA4D;IAC5D,gBAAgB,EAAE,eAAe,EAAE,CAAC;IACpC,mDAAmD;IACnD,cAAc,EAAE,aAAa,EAAE,CAAC;IAChC,6DAA6D;IAC7D,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,0DAA0D;IAC1D,qBAAqB,EAAE,OAAO,CAAC;IAC/B,uCAAuC;IACvC,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,uCAAuC;IACvC,QAAQ,EAAE;QACR,mDAAmD;QACnD,kBAAkB,EAAE,MAAM,EAAE,CAAC;QAC7B,oDAAoD;QACpD,mBAAmB,EAAE,MAAM,EAAE,CAAC;QAC9B,yDAAyD;QACzD,iBAAiB,EAAE,MAAM,EAAE,CAAC;KAC7B,CAAC;CACH;AAOD;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,uDAAuD;IACvD,gBAAgB,EAAE,OAAO,CAAC;IAC1B,yDAAyD;IACzD,mBAAmB,EAAE,OAAO,CAAC;IAC7B,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,uDAAuD;IACvD,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,+BAA+B;IAC9C,8BAA8B;IAC9B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,mBAAmB,EAAE,OAAO,CAAC;IAC7B,uCAAuC;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,yCAAyC;IACzC,WAAW,EAAE,OAAO,CAAC;IACrB,0CAA0C;IAC1C,OAAO,EAAE;QACP,6CAA6C;QAC7C,iBAAiB,CAAC,EAAE,eAAe,CAAC;QACpC,+CAA+C;QAC/C,iBAAiB,CAAC,EAAE,eAAe,CAAC;QACpC,wCAAwC;QACxC,iBAAiB,CAAC,EAAE,eAAe,CAAC;QACpC,yCAAyC;QACzC,kBAAkB,CAAC,EAAE,eAAe,CAAC;KACtC,CAAC;IACF,qDAAqD;IACrD,oBAAoB,EAAE,MAAM,CAAC;CAC9B;AAOD;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAE9D;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,uBAAuB;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,0CAA0C;IAC1C,SAAS,EAAE,MAAM,CAAC;IAClB,2CAA2C;IAC3C,QAAQ,EAAE,YAAY,CAAC;IACvB,4CAA4C;IAC5C,cAAc,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,mEAAmE;IACnE,SAAS,EAAE,MAAM,CAAC;IAClB,+BAA+B;IAC/B,MAAM,EAAE,OAAO,CAAC;IAChB,yBAAyB;IACzB,QAAQ,EAAE,YAAY,CAAC;IACvB,qCAAqC;IACrC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yCAAyC;IACzC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,4BAA4B;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,4CAA4C;IAC5C,gBAAgB,EAAE,MAAM,CAAC;IACzB,0CAA0C;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,iDAAiD;IACjD,YAAY,EAAE,aAAa,EAAE,CAAC;IAC9B,0DAA0D;IAC1D,kBAAkB,EAAE,MAAM,CAAC;IAC3B,wDAAwD;IACxD,kBAAkB,EAAE,MAAM,CAAC;IAC3B,6CAA6C;IAC7C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,6CAA6C;IAC7C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,8EAA8E;IAC9E,mBAAmB,EAAE,OAAO,CAAC;IAC7B,2CAA2C;IAC3C,mBAAmB,EAAE,MAAM,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC3C,yBAAyB;IACzB,OAAO,EAAE,yBAAyB,CAAC;IACnC,+BAA+B;IAC/B,MAAM,EAAE,mBAAmB,EAAE,CAAC;IAC9B,gCAAgC;IAChC,MAAM,EAAE,gBAAgB,CAAC;IACzB,mDAAmD;IACnD,WAAW,EAAE,MAAM,CAAC;IACpB,+CAA+C;IAC/C,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,oCAAoC;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,+BAA+B;IAC/B,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IACjC,mDAAmD;IACnD,OAAO,EAAE,MAAM,CAAC;IAChB,6CAA6C;IAC7C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,wCAAwC;IACxC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,8DAA8D;IAC9D,IAAI,EAAE,MAAM,CAAC;IACb,8BAA8B;IAC9B,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IACjC,6CAA6C;IAC7C,MAAM,EAAE,gBAAgB,EAAE,CAAC;IAC3B,qCAAqC;IACrC,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,gCAAgC;IAChC,MAAM,EAAE,gBAAgB,CAAC;IACzB,8CAA8C;IAC9C,kBAAkB,EAAE,MAAM,CAAC;IAC3B,0CAA0C;IAC1C,eAAe,EAAE,MAAM,CAAC;IACxB,uDAAuD;IACvD,SAAS,EAAE,mBAAmB,EAAE,CAAC;IACjC,uDAAuD;IACvD,cAAc,EAAE,gBAAgB,EAAE,CAAC;IACnC,mCAAmC;IACnC,YAAY,EAAE,MAAM,CAAC;IACrB,iCAAiC;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,+BAA+B;IAC/B,eAAe,EAAE,MAAM,CAAC;IACxB,iCAAiC;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,gDAAgD;IAChD,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,wEAAwE;IACxE,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,wCAAwC;IACxC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAQD,OAAO,KAAK,EACV,uBAAuB,EACvB,mBAAmB,EACpB,MAAM,eAAe,CAAC;AAEvB;;;;;;;;;GASG;AACH,MAAM,WAAW,6BAA6B;IAC5C,uCAAuC;IACvC,aAAa,EAAE,uBAAuB,CAAC;IACvC,mCAAmC;IACnC,SAAS,EAAE,mBAAmB,CAAC;IAC/B,+CAA+C;IAC/C,MAAM,EAAE,gBAAgB,CAAC;IACzB,4EAA4E;IAC5E,KAAK,EAAE,MAAM,CAAC;CACf"}
|
|
1
|
+
{"version":3,"file":"extendedTypes.d.ts","sourceRoot":"","sources":["../../../src/lib/assessment/extendedTypes.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EAChB,MAAM,aAAa,CAAC;AAOrB,MAAM,MAAM,WAAW,GACnB,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,GACH,GAAG,CAAC;AAER,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,MAAM,CAAC;AAElE,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,WAAW,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,WAAW,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,WAAW,GAAG,kBAAkB,GAAG,QAAQ,GAAG,aAAa,CAAC;IACtE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,mBAAmB,EAAE,OAAO,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,YAAY,EAAE,CAAC;IAC3B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,gBAAgB,EAAE;QAChB,SAAS,EAAE,OAAO,CAAC;QACnB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,MAAM,EAAE,OAAO,CAAC;QAChB,UAAU,EAAE,OAAO,CAAC;KACrB,CAAC;IACF,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,KAAK,GAAG,aAAa,GAAG,UAAU,GAAG,MAAM,CAAC;AAE3E,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,OAAO,CAAC;IACxB,WAAW,CAAC,EAAE;QACZ,YAAY,CAAC,EAAE,OAAO,CAAC;QACvB,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,CAAC,EAAE,OAAO,CAAC;KACzB,CAAC;IACF,gDAAgD;IAChD,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,gBAAgB,CAAC,EAAE;QACjB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,mBAAmB,EAAE,OAAO,CAAC;QAC7B,MAAM,EAAE,MAAM,CAAC;QACf,wCAAwC;QACxC,UAAU,EAAE,mBAAmB,CAAC;QAChC,yDAAyD;QACzD,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,iEAAiE;IACjE,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,iDAAiD;IACjD,oBAAoB,CAAC,EAAE;QACrB,QAAQ,EAAE,OAAO,CAAC;QAClB,QAAQ,EAAE,KAAK,CAAC;YACd,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,MAAM,CAAC;YAChB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;YACpC,QAAQ,EAAE,MAAM,CAAC;YACjB,QAAQ,EAAE,MAAM,CAAC;SAClB,CAAC,CAAC;QACH,SAAS,EAAE,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;KAC/C,CAAC;IACF,+CAA+C;IAC/C,gBAAgB,CAAC,EAAE;QACjB,kCAAkC;QAClC,SAAS,CAAC,EAAE;YACV,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;YAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;SAC5B,CAAC;QACF,oCAAoC;QACpC,WAAW,CAAC,EAAE;YACZ,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;YACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;SACnB,CAAC;QACF,6BAA6B;QAC7B,YAAY,CAAC,EAAE;YACb,SAAS,EAAE,OAAO,CAAC;YACnB,MAAM,CAAC,EAAE,MAAM,CAAC;SACjB,CAAC;QACF,6BAA6B;QAC7B,cAAc,CAAC,EAAE;YACf,SAAS,EAAE,OAAO,CAAC;YACnB,YAAY,CAAC,EAAE,MAAM,CAAC;SACvB,CAAC;KACH,CAAC;CACH;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,oBAAoB,EAAE,CAAC;IACpC,cAAc,EAAE,MAAM,CAAC;IACvB,uBAAuB,EAAE,MAAM,CAAC;IAChC,gFAAgF;IAChF,0BAA0B,EAAE,MAAM,CAAC;IACnC,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,8CAA8C;IAC9C,OAAO,CAAC,EAAE;QACR,uDAAuD;QACvD,QAAQ,EAAE,MAAM,CAAC;QACjB,yDAAyD;QACzD,WAAW,EAAE,MAAM,CAAC;QACpB,uDAAuD;QACvD,WAAW,EAAE,MAAM,CAAC;QACpB,2CAA2C;QAC3C,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IACF,6CAA6C;IAC7C,kBAAkB,CAAC,EAAE;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC;QACnB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,uDAAuD;IACvD,iBAAiB,CAAC,EAAE;QAClB,oDAAoD;QACpD,GAAG,EAAE,MAAM,CAAC;QACZ,sCAAsC;QACtC,UAAU,EAAE,MAAM,CAAC;QACnB,sDAAsD;QACtD,QAAQ,EAAE,MAAM,CAAC;QACjB,sCAAsC;QACtC,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,oEAAoE;IACpE,4BAA4B,CAAC,EAAE,MAAM,CAAC;IACtC,qDAAqD;IACrD,uBAAuB,CAAC,EAAE;QACxB,mBAAmB,EAAE,MAAM,CAAC;QAC5B,oBAAoB,EAAE,MAAM,CAAC;QAC7B,qBAAqB,EAAE,MAAM,CAAC;QAC9B,oBAAoB,EAAE,MAAM,CAAC;KAC9B,CAAC;IACF,+CAA+C;IAC/C,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;IAC5C,sDAAsD;IACtD,wBAAwB,CAAC,EAAE;QACzB,8CAA8C;QAC9C,kBAAkB,EAAE,MAAM,CAAC;QAC3B,qDAAqD;QACrD,kBAAkB,EAAE,MAAM,CAAC;QAC3B,gDAAgD;QAChD,aAAa,EAAE,MAAM,CAAC;QACtB,6DAA6D;QAC7D,uBAAuB,EAAE,MAAM,CAAC;KACjC,CAAC;CACH;AAOD,MAAM,MAAM,yBAAyB,GACjC,WAAW,GACX,OAAO,GACP,UAAU,GACV,SAAS,CAAC;AAEd,MAAM,MAAM,qBAAqB,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;AAEpE,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,yBAAyB,CAAC;IACpC,QAAQ,EACJ,cAAc,GACd,eAAe,GACf,kBAAkB,GAClB,YAAY,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;IACzC,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;IACxB,6EAA6E;IAC7E,WAAW,CAAC,EAAE,qBAAqB,CAAC;IACpC,4DAA4D;IAC5D,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,6CAA6C;IAC7C,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,6BAA6B;IAC5C,OAAO,EAAE,sBAAsB,EAAE,CAAC;IAClC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,kBAAkB;IACjC,gBAAgB,EAAE,MAAM,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE;QACV,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;QAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC9B,CAAC;IACF,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED;;;GAGG;AACH,MAAM,WAAW,uBAAuB;IACtC,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,wBAAwB;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;CACxC;AAED,MAAM,WAAW,4BAA4B;IAC3C,WAAW,EAAE,OAAO,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,iBAAiB,EAAE,wBAAwB,EAAE,CAAC;IAC9C,OAAO,EAAE,OAAO,CAAC;IACjB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,4CAA4C;IAC5C,eAAe,CAAC,EAAE;QAChB,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,iBAAiB,EAAE,uBAAuB,EAAE,CAAC;QAC7C,aAAa,EAAE,OAAO,CAAC;KACxB,CAAC;IACF,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EACA,gBAAgB,GAChB,mBAAmB,GACnB,yBAAyB,GACzB,eAAe,GACf,gBAAgB,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACpC,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,gBAAgB,EAAE,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE,OAAO,CAAC;IACrB,cAAc,EAAE,OAAO,CAAC;IACxB,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;IAE1B,yCAAyC;IACzC,aAAa,CAAC,EAAE,KAAK,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,OAAO,CAAC;QACpB,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,CAAC,CAAC;IACH,gCAAgC;IAChC,gBAAgB,CAAC,EAAE;QACjB,SAAS,EAAE,KAAK,GAAG,SAAS,GAAG,OAAO,GAAG,OAAO,CAAC;QACjD,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC;CACH;AAMD,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,4BAA4B;IAC3C,YAAY,EAAE,WAAW,EAAE,CAAC;IAC5B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAMD,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAAC;AAElE,MAAM,WAAW,mBAAmB;IAClC,aAAa,EAAE,OAAO,CAAC;IACvB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,yBAAyB;IACxC,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,OAAO,CAAC;IACrB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,aAAa,EAAE,OAAO,CAAC;IACvB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,mDAAmD;AACnD,MAAM,MAAM,qBAAqB,GAC7B,oBAAoB,GACpB,mBAAmB,GACnB,iBAAiB,GACjB,kBAAkB,GAClB,kBAAkB,CAAC;AAEvB,6CAA6C;AAC7C,MAAM,MAAM,kBAAkB,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAE3D,sDAAsD;AACtD,MAAM,WAAW,wBAAwB;IACvC,sEAAsE;IACtE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oEAAoE;IACpE,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wCAAwC;AACxC,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,qBAAqB,CAAC;IAC5B,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,oEAAoE;IACpE,OAAO,CAAC,EAAE,wBAAwB,CAAC;CACpC;AAED,0CAA0C;AAC1C,MAAM,WAAW,kBAAkB;IACjC,8BAA8B;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,uBAAuB;IACvB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,wBAAwB;IACxB,QAAQ,EAAE,iBAAiB,EAAE,CAAC;IAC9B,qCAAqC;IACrC,eAAe,EAAE,OAAO,CAAC;IACzB,8CAA8C;IAC9C,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,UAAU,CAAC;IACvB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,mBAAmB,CAAC;IACrC,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE;QAChB,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,uBAAuB,EAAE,MAAM,EAAE,CAAC;QAClC,gBAAgB,EAAE,MAAM,EAAE,CAAC;KAC5B,CAAC;IACF,iBAAiB,CAAC,EAAE,yBAAyB,CAAC;IAC9C,2FAA2F;IAC3F,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,OAAO,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,mBAAmB,GAAG,qBAAqB,GAAG,IAAI,CAAC;IAC5D,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,MAAM,CAAC;IACrC,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE;QACT,mBAAmB,EAAE,OAAO,CAAC;QAC7B,wBAAwB,EAAE,OAAO,CAAC;KACnC,CAAC;IAEF,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,oBAAoB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,kBAAkB,CAAC,EAAE;QACnB,mBAAmB,CAAC,EAAE,MAAM,CAAC;QAC7B,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,CAAC,EAAE,OAAO,CAAC;KACzB,CAAC;IACF,qEAAqE;IACrE,sBAAsB,CAAC,EAAE,sBAAsB,CAAC;IAChD,kEAAkE;IAClE,eAAe,CAAC,EAAE,KAAK,CAAC;QACtB,UAAU,EAAE,MAAM,CAAC;QACnB,cAAc,EAAE,sBAAsB,CAAC;KACxC,CAAC,CAAC;IACH;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,UAAU,GAAG,YAAY,GAAG,IAAI,CAAC;CACnD;AAOD;;;;;;;GAOG;AACH,MAAM,MAAM,YAAY,GAAG,YAAY,GAAG,YAAY,GAAG,YAAY,CAAC;AAEtE;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC,gCAAgC;IAChC,IAAI,EAAE,YAAY,CAAC;IACnB,uCAAuC;IACvC,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,oDAAoD;IACpD,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,kDAAkD;IAClD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,yEAAyE;IACzE,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC/B;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC;IACzB,2BAA2B,EAAE,MAAM,CAAC;IACpC,OAAO,EAAE,kBAAkB,EAAE,CAAC;IAC9B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,OAAO,CAAC;IACpB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,uBAAuB,EAAE,OAAO,CAAC;IACjC,oBAAoB,EAAE,OAAO,CAAC;IAC9B,uBAAuB,EAAE,OAAO,CAAC;IACjC,uBAAuB,EAAE,MAAM,EAAE,CAAC;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,2DAA2D;IAC3D,iBAAiB,CAAC,EAAE,KAAK,CAAC;QACxB,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;QACzC,QAAQ,EAAE,OAAO,CAAC;KACnB,CAAC,CAAC;IACH,iCAAiC;IACjC,cAAc,CAAC,EAAE;QACf,YAAY,EAAE,OAAO,CAAC;QACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,oDAAoD;IACpD,kBAAkB,CAAC,EAAE,QAAQ,GAAG,UAAU,GAAG,cAAc,GAAG,YAAY,CAAC;IAE3E,kDAAkD;IAClD,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,8CAA8C;IAC9C,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAE7B,0DAA0D;IAC1D,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,yDAAyD;IACzD,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,6CAA6C;IAC7C,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,wCAAwC;IACxC,gBAAgB,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IACtD,mCAAmC;IACnC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,6CAA6C;IAC7C,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,6DAA6D;IAC7D,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,4CAA4C;IAC5C,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,kCAAkC;IAClC,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,sDAAsD;IACtD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,uCAAuC;IACvC,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,kBAAkB;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,uBAAuB,EAAE,MAAM,CAAC;IAChC,mBAAmB,EAAE,MAAM,CAAC;IAC5B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,4BAA4B,EAAE,MAAM,CAAC;IACrC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,8BAA8B,EAAE,MAAM,CAAC;IAEvC,kDAAkD;IAClD,sBAAsB,EAAE,MAAM,CAAC;IAC/B,uDAAuD;IACvD,uBAAuB,EAAE,MAAM,CAAC;IAChC,kDAAkD;IAClD,sBAAsB,EAAE,MAAM,CAAC;IAC/B,OAAO,EAAE,kBAAkB,EAAE,CAAC;IAC9B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,OAAO,CAAC;IAChB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,EAAE,OAAO,CAAC;IACtB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,6CAA6C;IAC7C,cAAc,CAAC,EAAE;QACf,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB,SAAS,EAAE,OAAO,CAAC;KACpB,CAAC;IACF,+BAA+B;IAC/B,cAAc,CAAC,EAAE;QACf,gBAAgB,EAAE,OAAO,CAAC;QAC1B,aAAa,EAAE,OAAO,CAAC;QACvB,eAAe,EAAE,MAAM,EAAE,CAAC;KAC3B,CAAC;CACH;AAED,MAAM,WAAW,gBAAgB;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,wBAAwB,EAAE,MAAM,CAAC;IACjC,wBAAwB,EAAE,MAAM,CAAC;IACjC,OAAO,EAAE,gBAAgB,EAAE,CAAC;IAC5B,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD,MAAM,WAAW,yBAAyB;IACxC,QAAQ,EACJ,kBAAkB,GAClB,gBAAgB,GAChB,kBAAkB,GAClB,sBAAsB,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,OAAO,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,iBAAiB,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;IAEpB,uDAAuD;IACvD,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,qCAAqC;IACrC,oBAAoB,CAAC,EAAE;QACrB,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,6DAA6D;IAC7D,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,wCAAwC;IACxC,UAAU,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CACxC;AAED,MAAM,WAAW,iCAAiC;IAChD,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,wBAAwB,EAAE,MAAM,CAAC;IACjC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,OAAO,EAAE,yBAAyB,EAAE,CAAC;IACrC,MAAM,EAAE,gBAAgB,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAQD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,+BAA+B;IAC/B,MAAM,EAAE,OAAO,CAAC;IAChB,2CAA2C;IAC3C,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,kDAAkD;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,gEAAgE;IAChE,aAAa,EAAE,MAAM,CAAC;IACtB,mFAAmF;IACnF,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,6DAA6D;IAC7D,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;;;GAIG;AACH,MAAM,WAAW,6BAA6B;IAC5C,iCAAiC;IACjC,MAAM,EAAE;QACN,0FAA0F;QAC1F,mBAAmB,EAAE,aAAa,CAAC;QACnC,uEAAuE;QACvE,kBAAkB,EAAE,aAAa,CAAC;QAClC,iEAAiE;QACjE,uBAAuB,EAAE,aAAa,CAAC;QACvC,mFAAmF;QACnF,qBAAqB,CAAC,EAAE,aAAa,CAAC;QACtC,6EAA6E;QAC7E,gBAAgB,CAAC,EAAE,aAAa,CAAC;KAClC,CAAC;IACF,wCAAwC;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,mEAAmE;IACnE,MAAM,EAAE,gBAAgB,CAAC;IACzB,0DAA0D;IAC1D,WAAW,EAAE,MAAM,CAAC;IACpB,yDAAyD;IACzD,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD;;GAEG;AACH,MAAM,MAAM,eAAe,GACvB,OAAO,GACP,SAAS,GACT,QAAQ,GACR,YAAY,GACZ,OAAO,GACP,OAAO,GACP,UAAU,GACV,WAAW,GACX,UAAU,GACV,WAAW,GACX,eAAe,GACf,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;AAErD;;GAEG;AACH,MAAM,MAAM,sBAAsB,GAAG,OAAO,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAEnE;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,4CAA4C;IAC5C,UAAU,EAAE,sBAAsB,CAAC;IACnC,iDAAiD;IACjD,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,4DAA4D;IAC5D,gBAAgB,EAAE,eAAe,EAAE,CAAC;IACpC,mDAAmD;IACnD,cAAc,EAAE,aAAa,EAAE,CAAC;IAChC,6DAA6D;IAC7D,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,0DAA0D;IAC1D,qBAAqB,EAAE,OAAO,CAAC;IAC/B,uCAAuC;IACvC,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,uCAAuC;IACvC,QAAQ,EAAE;QACR,mDAAmD;QACnD,kBAAkB,EAAE,MAAM,EAAE,CAAC;QAC7B,oDAAoD;QACpD,mBAAmB,EAAE,MAAM,EAAE,CAAC;QAC9B,yDAAyD;QACzD,iBAAiB,EAAE,MAAM,EAAE,CAAC;KAC7B,CAAC;CACH;AAOD;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,uDAAuD;IACvD,gBAAgB,EAAE,OAAO,CAAC;IAC1B,yDAAyD;IACzD,mBAAmB,EAAE,OAAO,CAAC;IAC7B,+BAA+B;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,uDAAuD;IACvD,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,+BAA+B;IAC9C,8BAA8B;IAC9B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,mBAAmB,EAAE,OAAO,CAAC;IAC7B,uCAAuC;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,yCAAyC;IACzC,WAAW,EAAE,OAAO,CAAC;IACrB,0CAA0C;IAC1C,OAAO,EAAE;QACP,6CAA6C;QAC7C,iBAAiB,CAAC,EAAE,eAAe,CAAC;QACpC,+CAA+C;QAC/C,iBAAiB,CAAC,EAAE,eAAe,CAAC;QACpC,wCAAwC;QACxC,iBAAiB,CAAC,EAAE,eAAe,CAAC;QACpC,yCAAyC;QACzC,kBAAkB,CAAC,EAAE,eAAe,CAAC;KACtC,CAAC;IACF,qDAAqD;IACrD,oBAAoB,EAAE,MAAM,CAAC;CAC9B;AAOD;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAE9D;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,uBAAuB;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,0CAA0C;IAC1C,SAAS,EAAE,MAAM,CAAC;IAClB,2CAA2C;IAC3C,QAAQ,EAAE,YAAY,CAAC;IACvB,4CAA4C;IAC5C,cAAc,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,mEAAmE;IACnE,SAAS,EAAE,MAAM,CAAC;IAClB,+BAA+B;IAC/B,MAAM,EAAE,OAAO,CAAC;IAChB,yBAAyB;IACzB,QAAQ,EAAE,YAAY,CAAC;IACvB,qCAAqC;IACrC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yCAAyC;IACzC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,4BAA4B;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,4CAA4C;IAC5C,gBAAgB,EAAE,MAAM,CAAC;IACzB,0CAA0C;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,iDAAiD;IACjD,YAAY,EAAE,aAAa,EAAE,CAAC;IAC9B,0DAA0D;IAC1D,kBAAkB,EAAE,MAAM,CAAC;IAC3B,wDAAwD;IACxD,kBAAkB,EAAE,MAAM,CAAC;IAC3B,6CAA6C;IAC7C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,6CAA6C;IAC7C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,8EAA8E;IAC9E,mBAAmB,EAAE,OAAO,CAAC;IAC7B,2CAA2C;IAC3C,mBAAmB,EAAE,MAAM,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC3C,yBAAyB;IACzB,OAAO,EAAE,yBAAyB,CAAC;IACnC,+BAA+B;IAC/B,MAAM,EAAE,mBAAmB,EAAE,CAAC;IAC9B,gCAAgC;IAChC,MAAM,EAAE,gBAAgB,CAAC;IACzB,mDAAmD;IACnD,WAAW,EAAE,MAAM,CAAC;IACpB,+CAA+C;IAC/C,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAOD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,oCAAoC;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,+BAA+B;IAC/B,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IACjC,mDAAmD;IACnD,OAAO,EAAE,MAAM,CAAC;IAChB,6CAA6C;IAC7C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,wCAAwC;IACxC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,8DAA8D;IAC9D,IAAI,EAAE,MAAM,CAAC;IACb,8BAA8B;IAC9B,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IACjC,6CAA6C;IAC7C,MAAM,EAAE,gBAAgB,EAAE,CAAC;IAC3B,qCAAqC;IACrC,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,gCAAgC;IAChC,MAAM,EAAE,gBAAgB,CAAC;IACzB,8CAA8C;IAC9C,kBAAkB,EAAE,MAAM,CAAC;IAC3B,0CAA0C;IAC1C,eAAe,EAAE,MAAM,CAAC;IACxB,uDAAuD;IACvD,SAAS,EAAE,mBAAmB,EAAE,CAAC;IACjC,uDAAuD;IACvD,cAAc,EAAE,gBAAgB,EAAE,CAAC;IACnC,mCAAmC;IACnC,YAAY,EAAE,MAAM,CAAC;IACrB,iCAAiC;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,+BAA+B;IAC/B,eAAe,EAAE,MAAM,CAAC;IACxB,iCAAiC;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,gDAAgD;IAChD,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,wEAAwE;IACxE,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,wCAAwC;IACxC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAQD,OAAO,KAAK,EACV,uBAAuB,EACvB,mBAAmB,EACpB,MAAM,eAAe,CAAC;AAEvB;;;;;;;;;GASG;AACH,MAAM,WAAW,6BAA6B;IAC5C,uCAAuC;IACvC,aAAa,EAAE,uBAAuB,CAAC;IACvC,mCAAmC;IACnC,SAAS,EAAE,mBAAmB,CAAC;IAC/B,+CAA+C;IAC/C,MAAM,EAAE,gBAAgB,CAAC;IACzB,4EAA4E;IAC5E,KAAK,EAAE,MAAM,CAAC;CACf"}
|
|
@@ -42,6 +42,33 @@ export declare class ResourceAssessor extends BaseAssessor {
|
|
|
42
42
|
* Helper: Probe a single hidden resource URI
|
|
43
43
|
*/
|
|
44
44
|
private probeHiddenResource;
|
|
45
|
+
/**
|
|
46
|
+
* Issue #127, Challenge #24: Test blob resource templates for DoS vulnerabilities
|
|
47
|
+
* Detects arbitrary size acceptance without validation/limits (CWE-400, CWE-409)
|
|
48
|
+
*/
|
|
49
|
+
private testBlobDoS;
|
|
50
|
+
/**
|
|
51
|
+
* Issue #127, Challenge #24: Test polyglot resource generation vulnerabilities
|
|
52
|
+
* Detects dual-format file injection (CWE-434, CWE-436)
|
|
53
|
+
*/
|
|
54
|
+
private testPolyglotResources;
|
|
55
|
+
/**
|
|
56
|
+
* Issue #127, Challenge #24: Validate MIME type matches actual content
|
|
57
|
+
* Detects content-type confusion (CWE-436)
|
|
58
|
+
*/
|
|
59
|
+
private validateMimeType;
|
|
60
|
+
/**
|
|
61
|
+
* Issue #127: Format bytes as human-readable string
|
|
62
|
+
*/
|
|
63
|
+
private formatBytes;
|
|
64
|
+
/**
|
|
65
|
+
* Issue #127: Convert string to bytes for magic byte comparison
|
|
66
|
+
*/
|
|
67
|
+
private stringToBytes;
|
|
68
|
+
/**
|
|
69
|
+
* Issue #127: Check if content starts with expected magic bytes
|
|
70
|
+
*/
|
|
71
|
+
private startsWithBytes;
|
|
45
72
|
private isValidUri;
|
|
46
73
|
private isValidUriTemplate;
|
|
47
74
|
private isSensitiveUri;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ResourceAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/ResourceAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,kBAAkB,EAGnB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"ResourceAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/ResourceAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,kBAAkB,EAGnB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AA+U9D,qBAAa,gBAAiB,SAAQ,YAAY;IAC1C,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IA+HrE,OAAO,CAAC,yBAAyB;YAoBnB,YAAY;IAuH1B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAY/B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA4B3B;;OAEG;IACH,OAAO,CAAC,uBAAuB;YAsBjB,oBAAoB;IAkGlC;;;OAGG;YACW,6BAA6B;IA4F3C;;;OAGG;YACW,2BAA2B;IAgEzC;;OAEG;YACW,mBAAmB;IAmEjC;;;OAGG;YACW,WAAW;IA2FzB;;;OAGG;YACW,qBAAqB;IA0FnC;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IA6BxB;;OAEG;IACH,OAAO,CAAC,WAAW;IAQnB;;OAEG;IACH,OAAO,CAAC,aAAa;IASrB;;OAEG;IACH,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,UAAU;IAsBlB,OAAO,CAAC,kBAAkB;IAM1B,OAAO,CAAC,cAAc;IAItB,OAAO,CAAC,wBAAwB;IAIhC;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IAc7B,OAAO,CAAC,yBAAyB;IAYjC,OAAO,CAAC,uBAAuB;IA4B/B,OAAO,CAAC,mBAAmB;IA0D3B,OAAO,CAAC,uBAAuB;CA8FhC"}
|
|
@@ -85,6 +85,67 @@ const HIDDEN_RESOURCE_PATTERNS = [
|
|
|
85
85
|
".git/config",
|
|
86
86
|
".aws/credentials",
|
|
87
87
|
];
|
|
88
|
+
// Issue #127, Challenge #24: Blob DoS size payloads for resource template testing
|
|
89
|
+
const DOS_SIZE_PAYLOADS = [
|
|
90
|
+
"999999999", // ~1GB request (HIGH risk)
|
|
91
|
+
"100000000", // 100MB request (HIGH risk)
|
|
92
|
+
"10000000", // 10MB request (MEDIUM risk)
|
|
93
|
+
"-1", // Negative size (invalid)
|
|
94
|
+
"0", // Zero size (edge case)
|
|
95
|
+
"NaN", // Invalid number
|
|
96
|
+
"Infinity", // Overflow attempt
|
|
97
|
+
];
|
|
98
|
+
// Issue #127, Challenge #24: Known polyglot file combinations for testing
|
|
99
|
+
const POLYGLOT_COMBINATIONS = [
|
|
100
|
+
{
|
|
101
|
+
baseType: "gif",
|
|
102
|
+
hiddenType: "javascript",
|
|
103
|
+
description: "GIF89a + JS comment trick",
|
|
104
|
+
magicBytes: [0x47, 0x49, 0x46, 0x38, 0x39, 0x61],
|
|
105
|
+
},
|
|
106
|
+
{
|
|
107
|
+
baseType: "image",
|
|
108
|
+
hiddenType: "javascript",
|
|
109
|
+
description: "Generic image polyglot",
|
|
110
|
+
magicBytes: [0x47, 0x49, 0x46, 0x38, 0x39, 0x61],
|
|
111
|
+
},
|
|
112
|
+
{
|
|
113
|
+
baseType: "png",
|
|
114
|
+
hiddenType: "html",
|
|
115
|
+
description: "PNG + HTML injection",
|
|
116
|
+
magicBytes: [0x89, 0x50, 0x4e, 0x47],
|
|
117
|
+
},
|
|
118
|
+
{
|
|
119
|
+
baseType: "pdf",
|
|
120
|
+
hiddenType: "javascript",
|
|
121
|
+
description: "PDF + JS injection",
|
|
122
|
+
magicBytes: [0x25, 0x50, 0x44, 0x46, 0x2d],
|
|
123
|
+
},
|
|
124
|
+
{
|
|
125
|
+
baseType: "zip",
|
|
126
|
+
hiddenType: "html",
|
|
127
|
+
description: "ZIP + HTML injection",
|
|
128
|
+
magicBytes: [0x50, 0x4b],
|
|
129
|
+
},
|
|
130
|
+
{
|
|
131
|
+
baseType: "jpeg",
|
|
132
|
+
hiddenType: "php",
|
|
133
|
+
description: "JPEG + PHP webshell",
|
|
134
|
+
magicBytes: [0xff, 0xd8, 0xff],
|
|
135
|
+
},
|
|
136
|
+
];
|
|
137
|
+
// Issue #127, Challenge #24: MIME type magic bytes for content validation
|
|
138
|
+
const MIME_MAGIC_BYTES = {
|
|
139
|
+
"image/png": { bytes: [0x89, 0x50, 0x4e, 0x47], description: "PNG" },
|
|
140
|
+
"image/gif": { bytes: [0x47, 0x49, 0x46, 0x38], description: "GIF" },
|
|
141
|
+
"image/jpeg": { bytes: [0xff, 0xd8, 0xff], description: "JPEG" },
|
|
142
|
+
"application/pdf": {
|
|
143
|
+
bytes: [0x25, 0x50, 0x44, 0x46],
|
|
144
|
+
description: "PDF",
|
|
145
|
+
},
|
|
146
|
+
"application/zip": { bytes: [0x50, 0x4b], description: "ZIP" },
|
|
147
|
+
"application/gzip": { bytes: [0x1f, 0x8b], description: "GZIP" },
|
|
148
|
+
};
|
|
88
149
|
// Sensitive content patterns in resource content
|
|
89
150
|
const SENSITIVE_CONTENT_PATTERNS = [
|
|
90
151
|
/-----BEGIN.*PRIVATE KEY-----/i,
|
|
@@ -275,6 +336,12 @@ export class ResourceAssessor extends BaseAssessor {
|
|
|
275
336
|
// Issue #119, Challenge #14: Test URI injection on templates
|
|
276
337
|
const injectionResults = await this.testParameterizedUriInjection(template, context);
|
|
277
338
|
results.push(...injectionResults);
|
|
339
|
+
// Issue #127, Challenge #24: Test blob DoS vulnerabilities
|
|
340
|
+
const blobDosResults = await this.testBlobDoS(template, context);
|
|
341
|
+
results.push(...blobDosResults);
|
|
342
|
+
// Issue #127, Challenge #24: Test polyglot file vulnerabilities
|
|
343
|
+
const polyglotResults = await this.testPolyglotResources(template, context);
|
|
344
|
+
results.push(...polyglotResults);
|
|
278
345
|
}
|
|
279
346
|
// Issue #119, Challenge #14: Probe for hidden/undeclared resources
|
|
280
347
|
const hiddenResourceResults = await this.testHiddenResourceDiscovery(resources, context);
|
|
@@ -285,10 +352,16 @@ export class ResourceAssessor extends BaseAssessor {
|
|
|
285
352
|
const pathTraversalVulnerabilities = results.filter((r) => r.pathTraversalVulnerable).length;
|
|
286
353
|
const sensitiveDataExposures = results.filter((r) => r.sensitiveDataExposed).length;
|
|
287
354
|
const promptInjectionVulnerabilities = results.filter((r) => r.promptInjectionDetected).length;
|
|
355
|
+
// Issue #127, Challenge #24: Binary resource vulnerability metrics
|
|
356
|
+
const blobDosVulnerabilities = results.filter((r) => r.blobDosTested &&
|
|
357
|
+
r.blobDosRiskLevel &&
|
|
358
|
+
["HIGH", "MEDIUM"].includes(r.blobDosRiskLevel)).length;
|
|
359
|
+
const polyglotVulnerabilities = results.filter((r) => r.polyglotTested && r.securityIssues.length > 0).length;
|
|
360
|
+
const mimeValidationFailures = results.filter((r) => r.mimeTypeMismatch === true).length;
|
|
288
361
|
// Determine status
|
|
289
|
-
const status = this.determineResourceStatus(pathTraversalVulnerabilities, sensitiveDataExposures, promptInjectionVulnerabilities, securityIssuesFound, results.length);
|
|
362
|
+
const status = this.determineResourceStatus(pathTraversalVulnerabilities, sensitiveDataExposures, promptInjectionVulnerabilities, blobDosVulnerabilities, polyglotVulnerabilities, mimeValidationFailures, securityIssuesFound, results.length);
|
|
290
363
|
// Generate explanation and recommendations
|
|
291
|
-
const explanation = this.generateExplanation(results, pathTraversalVulnerabilities, sensitiveDataExposures, promptInjectionVulnerabilities);
|
|
364
|
+
const explanation = this.generateExplanation(results, pathTraversalVulnerabilities, sensitiveDataExposures, promptInjectionVulnerabilities, blobDosVulnerabilities, polyglotVulnerabilities, mimeValidationFailures);
|
|
292
365
|
const recommendations = this.generateRecommendations(results);
|
|
293
366
|
return {
|
|
294
367
|
resourcesTested: resources.length,
|
|
@@ -298,6 +371,9 @@ export class ResourceAssessor extends BaseAssessor {
|
|
|
298
371
|
pathTraversalVulnerabilities,
|
|
299
372
|
sensitiveDataExposures,
|
|
300
373
|
promptInjectionVulnerabilities,
|
|
374
|
+
blobDosVulnerabilities,
|
|
375
|
+
polyglotVulnerabilities,
|
|
376
|
+
mimeValidationFailures,
|
|
301
377
|
results,
|
|
302
378
|
status,
|
|
303
379
|
explanation,
|
|
@@ -313,6 +389,9 @@ export class ResourceAssessor extends BaseAssessor {
|
|
|
313
389
|
pathTraversalVulnerabilities: 0,
|
|
314
390
|
sensitiveDataExposures: 0,
|
|
315
391
|
promptInjectionVulnerabilities: 0,
|
|
392
|
+
blobDosVulnerabilities: 0,
|
|
393
|
+
polyglotVulnerabilities: 0,
|
|
394
|
+
mimeValidationFailures: 0,
|
|
316
395
|
results: [],
|
|
317
396
|
status: "PASS",
|
|
318
397
|
explanation: "No resources declared by server. Resource assessment skipped.",
|
|
@@ -381,6 +460,19 @@ export class ResourceAssessor extends BaseAssessor {
|
|
|
381
460
|
result.securityIssues.push(`Prompt injection patterns detected: ${injectionMatches.join(", ")}`);
|
|
382
461
|
}
|
|
383
462
|
}
|
|
463
|
+
// Issue #127, Challenge #24: MIME type validation
|
|
464
|
+
if (content && resource.mimeType) {
|
|
465
|
+
const mimeValidation = this.validateMimeType(content, resource.mimeType);
|
|
466
|
+
result.mimeValidationPerformed = true;
|
|
467
|
+
result.declaredMimeType = resource.mimeType;
|
|
468
|
+
if (mimeValidation.expectedMimeType) {
|
|
469
|
+
result.expectedMimeType = mimeValidation.expectedMimeType;
|
|
470
|
+
}
|
|
471
|
+
if (mimeValidation.mismatch) {
|
|
472
|
+
result.mimeTypeMismatch = true;
|
|
473
|
+
result.securityIssues.push(`MIME type mismatch: declared ${resource.mimeType} but content appears to be ${mimeValidation.expectedMimeType} (CWE-436)`);
|
|
474
|
+
}
|
|
475
|
+
}
|
|
384
476
|
}
|
|
385
477
|
catch (error) {
|
|
386
478
|
result.error = this.extractErrorMessage(error);
|
|
@@ -685,6 +777,210 @@ export class ResourceAssessor extends BaseAssessor {
|
|
|
685
777
|
}
|
|
686
778
|
return null; // Only return results for accessible hidden resources
|
|
687
779
|
}
|
|
780
|
+
/**
|
|
781
|
+
* Issue #127, Challenge #24: Test blob resource templates for DoS vulnerabilities
|
|
782
|
+
* Detects arbitrary size acceptance without validation/limits (CWE-400, CWE-409)
|
|
783
|
+
*/
|
|
784
|
+
async testBlobDoS(template, context) {
|
|
785
|
+
const results = [];
|
|
786
|
+
// Only test blob:// templates
|
|
787
|
+
if (!template.uriTemplate.startsWith("blob://")) {
|
|
788
|
+
return results;
|
|
789
|
+
}
|
|
790
|
+
if (!context.readResource) {
|
|
791
|
+
return results;
|
|
792
|
+
}
|
|
793
|
+
const PROBE_DELAY_MS = 50;
|
|
794
|
+
for (const sizePayload of DOS_SIZE_PAYLOADS) {
|
|
795
|
+
this.testCount++;
|
|
796
|
+
// Construct URI: blob://{size}/{mime_base}/{mime_subtype}
|
|
797
|
+
const testUri = template.uriTemplate
|
|
798
|
+
.replace(/\{size\}/g, sizePayload)
|
|
799
|
+
.replace(/\{mime_base\}/g, "application")
|
|
800
|
+
.replace(/\{mime_subtype\}/g, "octet-stream");
|
|
801
|
+
const dosResult = {
|
|
802
|
+
resourceUri: testUri,
|
|
803
|
+
resourceName: `${template.name || "blob"} (DoS size test: ${sizePayload})`,
|
|
804
|
+
tested: true,
|
|
805
|
+
accessible: false,
|
|
806
|
+
securityIssues: [],
|
|
807
|
+
pathTraversalVulnerable: false,
|
|
808
|
+
sensitiveDataExposed: false,
|
|
809
|
+
promptInjectionDetected: false,
|
|
810
|
+
promptInjectionPatterns: [],
|
|
811
|
+
validUri: true,
|
|
812
|
+
sensitivePatterns: [],
|
|
813
|
+
accessControls: { requiresAuth: false },
|
|
814
|
+
dataClassification: "internal",
|
|
815
|
+
blobDosTested: true,
|
|
816
|
+
blobRequestedSize: parseInt(sizePayload) || 0,
|
|
817
|
+
};
|
|
818
|
+
try {
|
|
819
|
+
const content = await this.executeWithTimeout(context.readResource(testUri), 2000);
|
|
820
|
+
if (content) {
|
|
821
|
+
dosResult.accessible = true;
|
|
822
|
+
const requestedSize = parseInt(sizePayload);
|
|
823
|
+
// Detect vulnerability: server accepted arbitrary large size
|
|
824
|
+
if (!isNaN(requestedSize) && requestedSize > 1024 * 1024) {
|
|
825
|
+
dosResult.blobDosRiskLevel =
|
|
826
|
+
requestedSize > 100 * 1024 * 1024 ? "HIGH" : "MEDIUM";
|
|
827
|
+
dosResult.securityIssues.push(`Blob DoS vulnerability: server accepted ${this.formatBytes(requestedSize)} request without size validation (CWE-400, CWE-409)`);
|
|
828
|
+
}
|
|
829
|
+
else if (sizePayload === "-1" ||
|
|
830
|
+
sizePayload === "NaN" ||
|
|
831
|
+
sizePayload === "Infinity") {
|
|
832
|
+
// Invalid values accepted = poor input validation
|
|
833
|
+
dosResult.securityIssues.push(`Blob size validation bypass: server accepted invalid size "${sizePayload}"`);
|
|
834
|
+
dosResult.blobDosRiskLevel = "MEDIUM";
|
|
835
|
+
}
|
|
836
|
+
else {
|
|
837
|
+
dosResult.blobDosRiskLevel = "LOW";
|
|
838
|
+
}
|
|
839
|
+
}
|
|
840
|
+
}
|
|
841
|
+
catch {
|
|
842
|
+
// Expected - large sizes should be rejected
|
|
843
|
+
this.logger.debug(`Blob DoS test correctly rejected for ${testUri}`);
|
|
844
|
+
dosResult.blobDosRiskLevel = "NONE";
|
|
845
|
+
}
|
|
846
|
+
if (dosResult.securityIssues.length > 0) {
|
|
847
|
+
results.push(dosResult);
|
|
848
|
+
}
|
|
849
|
+
await new Promise((resolve) => setTimeout(resolve, PROBE_DELAY_MS));
|
|
850
|
+
}
|
|
851
|
+
return results;
|
|
852
|
+
}
|
|
853
|
+
/**
|
|
854
|
+
* Issue #127, Challenge #24: Test polyglot resource generation vulnerabilities
|
|
855
|
+
* Detects dual-format file injection (CWE-434, CWE-436)
|
|
856
|
+
*/
|
|
857
|
+
async testPolyglotResources(template, context) {
|
|
858
|
+
const results = [];
|
|
859
|
+
// Only test polyglot:// templates
|
|
860
|
+
if (!template.uriTemplate.startsWith("polyglot://")) {
|
|
861
|
+
return results;
|
|
862
|
+
}
|
|
863
|
+
if (!context.readResource) {
|
|
864
|
+
return results;
|
|
865
|
+
}
|
|
866
|
+
const PROBE_DELAY_MS = 50;
|
|
867
|
+
for (const combo of POLYGLOT_COMBINATIONS) {
|
|
868
|
+
this.testCount++;
|
|
869
|
+
const testUri = template.uriTemplate
|
|
870
|
+
.replace(/\{base_type\}/g, combo.baseType)
|
|
871
|
+
.replace(/\{hidden_type\}/g, combo.hiddenType);
|
|
872
|
+
const polyglotResult = {
|
|
873
|
+
resourceUri: testUri,
|
|
874
|
+
resourceName: `${template.name || "polyglot"} (${combo.baseType}/${combo.hiddenType})`,
|
|
875
|
+
tested: true,
|
|
876
|
+
accessible: false,
|
|
877
|
+
securityIssues: [],
|
|
878
|
+
pathTraversalVulnerable: false,
|
|
879
|
+
sensitiveDataExposed: false,
|
|
880
|
+
promptInjectionDetected: false,
|
|
881
|
+
promptInjectionPatterns: [],
|
|
882
|
+
validUri: true,
|
|
883
|
+
sensitivePatterns: [],
|
|
884
|
+
accessControls: { requiresAuth: false },
|
|
885
|
+
dataClassification: "internal",
|
|
886
|
+
polyglotTested: true,
|
|
887
|
+
polyglotCombination: `${combo.baseType}/${combo.hiddenType}`,
|
|
888
|
+
};
|
|
889
|
+
try {
|
|
890
|
+
const content = await this.executeWithTimeout(context.readResource(testUri), 3000);
|
|
891
|
+
if (content) {
|
|
892
|
+
polyglotResult.accessible = true;
|
|
893
|
+
// Check for magic bytes first (primary detection method)
|
|
894
|
+
// This ensures we detect polyglot content even if server doesn't self-report
|
|
895
|
+
const contentBytes = this.stringToBytes(content);
|
|
896
|
+
if (this.startsWithBytes(contentBytes, combo.magicBytes)) {
|
|
897
|
+
polyglotResult.securityIssues.push(`Polyglot file vulnerability: response contains ${combo.baseType} magic bytes with potential ${combo.hiddenType} payload (CWE-434, CWE-436)`);
|
|
898
|
+
}
|
|
899
|
+
else {
|
|
900
|
+
// Check if response indicates polyglot generation (supplementary detection)
|
|
901
|
+
// Only used when magic bytes aren't present but server self-reports
|
|
902
|
+
try {
|
|
903
|
+
const parsed = JSON.parse(content);
|
|
904
|
+
if (parsed.vulnerable === true ||
|
|
905
|
+
parsed.polyglot_known === true) {
|
|
906
|
+
polyglotResult.securityIssues.push(`Polyglot file vulnerability: server generates ${combo.description} (CWE-434, CWE-436)`);
|
|
907
|
+
}
|
|
908
|
+
}
|
|
909
|
+
catch {
|
|
910
|
+
// Expected for non-JSON content - no action needed
|
|
911
|
+
}
|
|
912
|
+
}
|
|
913
|
+
}
|
|
914
|
+
}
|
|
915
|
+
catch {
|
|
916
|
+
this.logger.debug(`Polyglot test correctly rejected for ${testUri}`);
|
|
917
|
+
}
|
|
918
|
+
if (polyglotResult.securityIssues.length > 0) {
|
|
919
|
+
results.push(polyglotResult);
|
|
920
|
+
}
|
|
921
|
+
await new Promise((resolve) => setTimeout(resolve, PROBE_DELAY_MS));
|
|
922
|
+
}
|
|
923
|
+
return results;
|
|
924
|
+
}
|
|
925
|
+
/**
|
|
926
|
+
* Issue #127, Challenge #24: Validate MIME type matches actual content
|
|
927
|
+
* Detects content-type confusion (CWE-436)
|
|
928
|
+
*/
|
|
929
|
+
validateMimeType(content, declaredMimeType) {
|
|
930
|
+
if (!declaredMimeType) {
|
|
931
|
+
return { valid: true, mismatch: false };
|
|
932
|
+
}
|
|
933
|
+
const bytes = typeof content === "string"
|
|
934
|
+
? this.stringToBytes(content)
|
|
935
|
+
: new Uint8Array(content);
|
|
936
|
+
for (const [mimeType, info] of Object.entries(MIME_MAGIC_BYTES)) {
|
|
937
|
+
if (this.startsWithBytes(bytes, info.bytes)) {
|
|
938
|
+
const mismatch = declaredMimeType.toLowerCase() !== mimeType.toLowerCase();
|
|
939
|
+
return {
|
|
940
|
+
valid: !mismatch,
|
|
941
|
+
expectedMimeType: mimeType,
|
|
942
|
+
mismatch,
|
|
943
|
+
};
|
|
944
|
+
}
|
|
945
|
+
}
|
|
946
|
+
// No magic bytes matched - could be text or unknown binary
|
|
947
|
+
return { valid: true, mismatch: false };
|
|
948
|
+
}
|
|
949
|
+
/**
|
|
950
|
+
* Issue #127: Format bytes as human-readable string
|
|
951
|
+
*/
|
|
952
|
+
formatBytes(bytes) {
|
|
953
|
+
if (bytes >= 1024 * 1024 * 1024)
|
|
954
|
+
return `${(bytes / (1024 * 1024 * 1024)).toFixed(1)}GB`;
|
|
955
|
+
if (bytes >= 1024 * 1024)
|
|
956
|
+
return `${(bytes / (1024 * 1024)).toFixed(1)}MB`;
|
|
957
|
+
if (bytes >= 1024)
|
|
958
|
+
return `${(bytes / 1024).toFixed(1)}KB`;
|
|
959
|
+
return `${bytes}B`;
|
|
960
|
+
}
|
|
961
|
+
/**
|
|
962
|
+
* Issue #127: Convert string to bytes for magic byte comparison
|
|
963
|
+
*/
|
|
964
|
+
stringToBytes(str) {
|
|
965
|
+
// Use raw char codes, not UTF-8 encoding, for magic byte detection
|
|
966
|
+
const bytes = new Uint8Array(str.length);
|
|
967
|
+
for (let i = 0; i < str.length; i++) {
|
|
968
|
+
bytes[i] = str.charCodeAt(i) & 0xff;
|
|
969
|
+
}
|
|
970
|
+
return bytes;
|
|
971
|
+
}
|
|
972
|
+
/**
|
|
973
|
+
* Issue #127: Check if content starts with expected magic bytes
|
|
974
|
+
*/
|
|
975
|
+
startsWithBytes(content, pattern) {
|
|
976
|
+
if (content.length < pattern.length)
|
|
977
|
+
return false;
|
|
978
|
+
for (let i = 0; i < pattern.length; i++) {
|
|
979
|
+
if (content[i] !== pattern[i])
|
|
980
|
+
return false;
|
|
981
|
+
}
|
|
982
|
+
return true;
|
|
983
|
+
}
|
|
688
984
|
isValidUri(uri) {
|
|
689
985
|
try {
|
|
690
986
|
// Check for common URI schemes
|
|
@@ -740,7 +1036,7 @@ export class ResourceAssessor extends BaseAssessor {
|
|
|
740
1036
|
}
|
|
741
1037
|
return result;
|
|
742
1038
|
}
|
|
743
|
-
determineResourceStatus(pathTraversalVulnerabilities, sensitiveDataExposures, promptInjectionVulnerabilities, securityIssuesFound, totalResources) {
|
|
1039
|
+
determineResourceStatus(pathTraversalVulnerabilities, sensitiveDataExposures, promptInjectionVulnerabilities, blobDosVulnerabilities, polyglotVulnerabilities, mimeValidationFailures, securityIssuesFound, totalResources) {
|
|
744
1040
|
// Critical failures
|
|
745
1041
|
if (pathTraversalVulnerabilities > 0)
|
|
746
1042
|
return "FAIL";
|
|
@@ -748,7 +1044,14 @@ export class ResourceAssessor extends BaseAssessor {
|
|
|
748
1044
|
return "FAIL";
|
|
749
1045
|
if (promptInjectionVulnerabilities > 0)
|
|
750
1046
|
return "FAIL";
|
|
1047
|
+
// Issue #127, Challenge #24: Binary resource vulnerabilities
|
|
1048
|
+
if (blobDosVulnerabilities > 0)
|
|
1049
|
+
return "FAIL";
|
|
1050
|
+
if (polyglotVulnerabilities > 0)
|
|
1051
|
+
return "FAIL";
|
|
751
1052
|
// Moderate issues
|
|
1053
|
+
if (mimeValidationFailures > 0)
|
|
1054
|
+
return "NEED_MORE_INFO";
|
|
752
1055
|
if (securityIssuesFound > 0)
|
|
753
1056
|
return "NEED_MORE_INFO";
|
|
754
1057
|
// No resources tested
|
|
@@ -756,7 +1059,7 @@ export class ResourceAssessor extends BaseAssessor {
|
|
|
756
1059
|
return "PASS";
|
|
757
1060
|
return "PASS";
|
|
758
1061
|
}
|
|
759
|
-
generateExplanation(results, pathTraversalVulnerabilities, sensitiveDataExposures, promptInjectionVulnerabilities) {
|
|
1062
|
+
generateExplanation(results, pathTraversalVulnerabilities, sensitiveDataExposures, promptInjectionVulnerabilities, blobDosVulnerabilities, polyglotVulnerabilities, mimeValidationFailures) {
|
|
760
1063
|
const parts = [];
|
|
761
1064
|
parts.push(`Tested ${results.length} resource(s).`);
|
|
762
1065
|
if (pathTraversalVulnerabilities > 0) {
|
|
@@ -768,6 +1071,16 @@ export class ResourceAssessor extends BaseAssessor {
|
|
|
768
1071
|
if (promptInjectionVulnerabilities > 0) {
|
|
769
1072
|
parts.push(`CRITICAL: ${promptInjectionVulnerabilities} resource(s) contain prompt injection patterns.`);
|
|
770
1073
|
}
|
|
1074
|
+
// Issue #127, Challenge #24: Binary resource vulnerability explanations
|
|
1075
|
+
if (blobDosVulnerabilities > 0) {
|
|
1076
|
+
parts.push(`CRITICAL: ${blobDosVulnerabilities} blob DoS vulnerability(ies) detected (arbitrary size acceptance).`);
|
|
1077
|
+
}
|
|
1078
|
+
if (polyglotVulnerabilities > 0) {
|
|
1079
|
+
parts.push(`CRITICAL: ${polyglotVulnerabilities} polyglot file vulnerability(ies) detected (dual-format injection).`);
|
|
1080
|
+
}
|
|
1081
|
+
if (mimeValidationFailures > 0) {
|
|
1082
|
+
parts.push(`WARNING: ${mimeValidationFailures} MIME type validation failure(s) detected.`);
|
|
1083
|
+
}
|
|
771
1084
|
const accessibleCount = results.filter((r) => r.accessible).length;
|
|
772
1085
|
if (accessibleCount > 0) {
|
|
773
1086
|
parts.push(`${accessibleCount} resource(s) are accessible.`);
|
|
@@ -811,6 +1124,23 @@ export class ResourceAssessor extends BaseAssessor {
|
|
|
811
1124
|
if (inaccessibleResults.length > 0) {
|
|
812
1125
|
recommendations.push(`${inaccessibleResults.length} declared resource(s) are not accessible. Verify resource paths and permissions.`);
|
|
813
1126
|
}
|
|
1127
|
+
// Issue #127, Challenge #24: Blob DoS recommendations
|
|
1128
|
+
const blobDosResults = results.filter((r) => r.blobDosTested &&
|
|
1129
|
+
r.blobDosRiskLevel &&
|
|
1130
|
+
["HIGH", "MEDIUM"].includes(r.blobDosRiskLevel));
|
|
1131
|
+
if (blobDosResults.length > 0) {
|
|
1132
|
+
recommendations.push("CRITICAL: Implement blob size limits and validation. Reject requests exceeding reasonable thresholds (e.g., 10MB max). (CWE-400, CWE-409)");
|
|
1133
|
+
}
|
|
1134
|
+
// Issue #127, Challenge #24: Polyglot file recommendations
|
|
1135
|
+
const polyglotResults = results.filter((r) => r.polyglotTested && r.securityIssues.length > 0);
|
|
1136
|
+
if (polyglotResults.length > 0) {
|
|
1137
|
+
recommendations.push("CRITICAL: Validate binary content matches declared MIME type. Block polyglot file generation that could be used for content-type confusion attacks. (CWE-434, CWE-436)");
|
|
1138
|
+
}
|
|
1139
|
+
// Issue #127, Challenge #24: MIME validation recommendations
|
|
1140
|
+
const mimeResults = results.filter((r) => r.mimeTypeMismatch === true);
|
|
1141
|
+
if (mimeResults.length > 0) {
|
|
1142
|
+
recommendations.push("Implement content-type validation using magic byte verification. Do not trust declared MIME types without verification. (CWE-436)");
|
|
1143
|
+
}
|
|
814
1144
|
return recommendations;
|
|
815
1145
|
}
|
|
816
1146
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@bryan-thompson/inspector-assessment-client",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.34.1",
|
|
4
4
|
"description": "Client-side application for the Enhanced MCP Inspector with assessment capabilities",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"author": "Bryan Thompson <bryan@triepod.ai>",
|