@bryan-thompson/inspector-assessment 1.26.4 → 1.26.6

package/client/lib/services/assessment/modules/securityTests/ConfidenceScorer.js

@@ -0,0 +1,199 @@
+/**
+ * Confidence Scorer
+ * Calculates confidence levels for vulnerability detections
+ *
+ * Extracted from SecurityResponseAnalyzer.ts (Issue #53)
+ * Handles: confidence calculation, structured data tool detection, validation pattern checks
+ */
+/**
+ * Patterns for detecting structured data tools
+ */
+const STRUCTURED_DATA_TOOL_PATTERNS = [
+    /search/i,
+    /find/i,
+    /lookup/i,
+    /query/i,
+    /retrieve/i,
+    /fetch/i,
+    /get/i,
+    /list/i,
+    /resolve/i,
+    /discover/i,
+    /browse/i,
+];
+/**
+ * Ambiguous validation patterns that may cause false positives
+ */
+const VALIDATION_AMBIGUOUS_PATTERNS = [
+    "type.*error",
+    "invalid.*type",
+    "error",
+    "invalid",
+    "failed",
+    "negative.*not.*allowed",
+    "must.*be.*positive",
+    "invalid.*value",
+    "overflow",
+    "out.*of.*range",
+];
+/**
+ * Calculates confidence levels for security vulnerability detections
+ */
+export class ConfidenceScorer {
+    /**
+     * Calculate confidence level for a vulnerability detection
+     *
+     * Factors considered:
+     * - Sanitization detection (Issue #56)
+     * - Structured data tool context
+     * - Evidence quality
+     * - Response characteristics
+     *
+     * @param tool - The tool being tested
+     * @param isVulnerable - Whether the tool was flagged as vulnerable
+     * @param evidence - Evidence string from vulnerability detection
+     * @param responseText - The response text from the tool
+     * @param payload - The security payload used for testing
+     * @param sanitizationResult - Optional sanitization detection result (Issue #56)
+     * @returns Confidence result with manual review requirements
+     */
+    calculateConfidence(tool, isVulnerable, evidence, responseText, payload, sanitizationResult) {
+        // Issue #56: If sanitization is detected, reduce confidence for vulnerabilities
+        // This helps reduce false positives on well-protected servers
+        if (isVulnerable && sanitizationResult?.detected) {
+            const adjustment = sanitizationResult.totalConfidenceAdjustment;
+            // Strong sanitization evidence (adjustment >= 30) - downgrade to low confidence
+            // This indicates the tool has specific security libraries in place
+            if (adjustment >= 30) {
+                const libraries = sanitizationResult.libraries.join(", ") || "general";
+                return {
+                    confidence: "low",
+                    requiresManualReview: true,
+                    manualReviewReason: `Sanitization detected (${libraries}). ` +
+                        `Pattern match may be false positive due to security measures in place.`,
+                    reviewGuidance: `Tool uses sanitization libraries. Verify if the detected vulnerability ` +
+                        `actually bypasses the sanitization layer. Check: 1) Does the payload execute ` +
+                        `after sanitization? 2) Is the sanitization comprehensive for this attack type? ` +
+                        `3) Evidence: ${sanitizationResult.evidence.join("; ")}`,
+                };
+            }
+            // Moderate sanitization evidence (adjustment >= 15) - downgrade high to medium
+            if (adjustment >= 15) {
+                const patterns = sanitizationResult.libraries.length > 0
+                    ? sanitizationResult.libraries.join(", ")
+                    : sanitizationResult.genericPatterns.join(", ");
+                return {
+                    confidence: "medium",
+                    requiresManualReview: true,
+                    manualReviewReason: `Sanitization patterns detected (${patterns}). Verify actual vulnerability.`,
+                    reviewGuidance: `Tool mentions sanitization in description or shows sanitization in response. ` +
+                        `Verify if the detected pattern represents actual code execution or if it's ` +
+                        `safely handled. Evidence: ${sanitizationResult.evidence.join("; ")}`,
+                };
+            }
+        }
+        const toolDescription = (tool.description || "").toLowerCase();
+        const toolName = tool.name.toLowerCase();
+        const responseLower = responseText.toLowerCase();
+        const payloadLower = payload.payload.toLowerCase();
+        // HIGH CONFIDENCE: Clear cases
+        if (!isVulnerable &&
+            (evidence.includes("safely reflected") ||
+                evidence.includes("API wrapper") ||
+                evidence.includes("safe: true"))) {
+            return {
+                confidence: "high",
+                requiresManualReview: false,
+            };
+        }
+        if (isVulnerable &&
+            evidence.includes("executed") &&
+            !this.isStructuredDataTool(toolName, toolDescription)) {
+            return {
+                confidence: "high",
+                requiresManualReview: false,
+            };
+        }
+        // LOW CONFIDENCE: Ambiguous pattern matches in structured data
+        if (isVulnerable) {
+            const isDataTool = this.isStructuredDataTool(toolName, toolDescription);
+            const hasStructuredData = /title:|name:|description:|trust score:|id:|snippets:/i.test(responseText) ||
+                /^\s*-\s+/m.test(responseText) ||
+                /"[^"]+"\s*:\s*"[^"]+"/g.test(responseText);
+            const patternInInput = payload.evidence?.test(payloadLower);
+            const echosInput = responseLower.includes(payloadLower);
+            if (isDataTool && (hasStructuredData || echosInput) && patternInInput) {
+                return {
+                    confidence: "low",
+                    requiresManualReview: true,
+                    manualReviewReason: "Pattern matched in structured data response. Tool may be legitimately " +
+                        "returning data containing search terms rather than executing malicious code.",
+                    reviewGuidance: "Verify: 1) Does the tool actually execute/compute the input? " +
+                        "2) Or does it just return pre-existing data that happens to contain the pattern? " +
+                        `3) Check if '${payload.evidence}' appears in legitimate tool output vs. execution results.`,
+                };
+            }
+            if (payload.evidence &&
+                /\b\d\b/.test(payload.evidence.toString()) &&
+                /\b(score|count|trust|rating|id|version)\b/i.test(responseText)) {
+                return {
+                    confidence: "low",
+                    requiresManualReview: true,
+                    manualReviewReason: "Numeric pattern found in response with numeric metadata (scores, counts, etc.). " +
+                        "May be coincidental data rather than arithmetic execution.",
+                    reviewGuidance: "Verify: 1) Did the tool actually compute an arithmetic result? " +
+                        "2) Or does the number appear in metadata like trust scores, version numbers, or counts? " +
+                        "3) Compare pattern location in response with tool's expected output format.",
+                };
+            }
+            if (/admin|role|privilege|elevated/i.test(payload.payload) &&
+                /\b(library|search|documentation|api|wrapper)\b/i.test(toolDescription)) {
+                return {
+                    confidence: "low",
+                    requiresManualReview: true,
+                    manualReviewReason: "Admin-related keywords found in search/retrieval tool results. " +
+                        "Tool may be returning data about admin-related libraries/APIs rather than elevating privileges.",
+                    reviewGuidance: "Verify: 1) Did the tool actually change behavior or assume admin role? " +
+                        "2) Or did it return search results for admin-related content? " +
+                        "3) Test if tool behavior actually changed after this request.",
+                };
+            }
+        }
+        // MEDIUM CONFIDENCE: Execution evidence but some ambiguity
+        if (isVulnerable && evidence.includes("executed")) {
+            return {
+                confidence: "medium",
+                requiresManualReview: true,
+                manualReviewReason: "Execution indicators found but context suggests possible ambiguity.",
+                reviewGuidance: "Verify: 1) Review the full response to confirm actual code execution. " +
+                    "2) Check if tool's intended function involves execution. " +
+                    "3) Test with variations to confirm consistency.",
+            };
+        }
+        // Default: HIGH confidence for clear safe cases
+        return {
+            confidence: "high",
+            requiresManualReview: false,
+        };
+    }
+    /**
+     * Check if tool is a structured data tool (search, lookup, retrieval)
+     *
+     * These tools are more likely to return data containing patterns
+     * that look like vulnerabilities but are actually just data.
+     */
+    isStructuredDataTool(toolName, toolDescription) {
+        const combined = `${toolName} ${toolDescription}`;
+        return STRUCTURED_DATA_TOOL_PATTERNS.some((pattern) => pattern.test(combined));
+    }
+    /**
+     * Check if evidence pattern is ambiguous (validation-like)
+     *
+     * Some patterns match both security issues AND normal validation errors.
+     * These require more careful analysis.
+     */
+    isValidationPattern(evidencePattern) {
+        const patternStr = evidencePattern.toString().toLowerCase();
+        return VALIDATION_AMBIGUOUS_PATTERNS.some((ambiguous) => patternStr.includes(ambiguous));
+    }
+}

package/client/lib/services/assessment/modules/securityTests/ErrorClassifier.d.ts

@@ -0,0 +1,57 @@
+/**
+ * Error Classifier
+ * Classifies and analyzes error responses for security testing
+ *
+ * Extracted from SecurityResponseAnalyzer.ts (Issue #53)
+ * Handles: connection error detection, error classification, error info extraction
+ */
+import { CompatibilityCallToolResult } from "@modelcontextprotocol/sdk/types.js";
+/**
+ * Error classification types
+ */
+export type ErrorClassification = "connection" | "server" | "protocol";
+/**
+ * Extracted error information from response
+ */
+export interface ErrorInfo {
+    code?: string | number;
+    message?: string;
+}
+/**
+ * Classifies errors from tool responses and exceptions
+ */
+export declare class ErrorClassifier {
+    /**
+     * Check if response indicates connection/server failure
+     */
+    isConnectionError(response: CompatibilityCallToolResult): boolean;
+    /**
+     * Check if caught exception indicates connection/server failure
+     */
+    isConnectionErrorFromException(error: unknown): boolean;
+    /**
+     * Internal: Check if text indicates connection/server failure
+     */
+    private isConnectionErrorFromText;
+    /**
+     * Classify error type for reporting
+     */
+    classifyError(response: CompatibilityCallToolResult): ErrorClassification;
+    /**
+     * Classify error type from caught exception
+     */
+    classifyErrorFromException(error: unknown): ErrorClassification;
+    /**
+     * Internal: Classify error type from text
+     */
+    private classifyErrorFromText;
+    /**
+     * Extract error info from response
+     */
+    extractErrorInfo(response: CompatibilityCallToolResult): ErrorInfo;
+    /**
+     * Extract response content from MCP response
+     */
+    extractResponseContent(response: CompatibilityCallToolResult): string;
+}
+//# sourceMappingURL=ErrorClassifier.d.ts.map

package/client/lib/services/assessment/modules/securityTests/ErrorClassifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ErrorClassifier.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/ErrorClassifier.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,2BAA2B,EAAE,MAAM,oCAAoC,CAAC;AAQjF;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,YAAY,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEvE;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,qBAAa,eAAe;IAC1B;;OAEG;IACH,iBAAiB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,OAAO;IAKjE;;OAEG;IACH,8BAA8B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO;IAQvD;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAgBjC;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,2BAA2B,GAAG,mBAAmB;IAKzE;;OAEG;IACH,0BAA0B,CAAC,KAAK,EAAE,OAAO,GAAG,mBAAmB;IAQ/D;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAgB7B;;OAEG;IACH,gBAAgB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,SAAS;IAsBlE;;OAEG;IACH,sBAAsB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,MAAM;CAUtE"}

package/client/lib/services/assessment/modules/securityTests/ErrorClassifier.js

@@ -0,0 +1,113 @@
+/**
+ * Error Classifier
+ * Classifies and analyzes error responses for security testing
+ *
+ * Extracted from SecurityResponseAnalyzer.ts (Issue #53)
+ * Handles: connection error detection, error classification, error info extraction
+ */
+import { CONNECTION_ERROR_PATTERNS, ERROR_CLASSIFICATION_PATTERNS, matchesAny, hasMcpErrorPrefix, } from "./SecurityPatternLibrary.js";
+/**
+ * Classifies errors from tool responses and exceptions
+ */
+export class ErrorClassifier {
+    /**
+     * Check if response indicates connection/server failure
+     */
+    isConnectionError(response) {
+        const text = this.extractResponseContent(response).toLowerCase();
+        return this.isConnectionErrorFromText(text);
+    }
+    /**
+     * Check if caught exception indicates connection/server failure
+     */
+    isConnectionErrorFromException(error) {
+        if (error instanceof Error) {
+            const message = error.message.toLowerCase();
+            return this.isConnectionErrorFromText(message);
+        }
+        return false;
+    }
+    /**
+     * Internal: Check if text indicates connection/server failure
+     */
+    isConnectionErrorFromText(text) {
+        // Check unambiguous patterns first
+        if (matchesAny(CONNECTION_ERROR_PATTERNS.unambiguous, text)) {
+            return true;
+        }
+        // Check contextual patterns only if text has MCP error prefix
+        if (hasMcpErrorPrefix(text)) {
+            if (matchesAny(CONNECTION_ERROR_PATTERNS.contextual, text)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    /**
+     * Classify error type for reporting
+     */
+    classifyError(response) {
+        const text = this.extractResponseContent(response).toLowerCase();
+        return this.classifyErrorFromText(text);
+    }
+    /**
+     * Classify error type from caught exception
+     */
+    classifyErrorFromException(error) {
+        if (error instanceof Error) {
+            const message = error.message.toLowerCase();
+            return this.classifyErrorFromText(message);
+        }
+        return "protocol";
+    }
+    /**
+     * Internal: Classify error type from text
+     */
+    classifyErrorFromText(text) {
+        if (ERROR_CLASSIFICATION_PATTERNS.connection.test(text)) {
+            return "connection";
+        }
+        if (ERROR_CLASSIFICATION_PATTERNS.server.test(text)) {
+            return "server";
+        }
+        if (ERROR_CLASSIFICATION_PATTERNS.protocol.test(text)) {
+            return "protocol";
+        }
+        return "protocol";
+    }
+    /**
+     * Extract error info from response
+     */
+    extractErrorInfo(response) {
+        const content = this.extractResponseContent(response);
+        try {
+            const parsed = JSON.parse(content);
+            if (parsed.error) {
+                return {
+                    code: parsed.error.code || parsed.code,
+                    message: parsed.error.message || parsed.message,
+                };
+            }
+            return { code: parsed.code, message: parsed.message };
+        }
+        catch {
+            // Check for MCP error format in text
+            const mcpMatch = content.match(/MCP error (-?\d+):\s*(.*)/i);
+            if (mcpMatch) {
+                return { code: parseInt(mcpMatch[1]), message: mcpMatch[2] };
+            }
+            return {};
+        }
+    }
+    /**
+     * Extract response content from MCP response
+     */
+    extractResponseContent(response) {
+        if (response.content && Array.isArray(response.content)) {
+            return response.content
+                .map((c) => c.type === "text" ? c.text : "")
+                .join(" ");
+        }
+        return String(response.content || "");
+    }
+}

package/client/lib/services/assessment/modules/securityTests/ExecutionArtifactDetector.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Execution Artifact Detector
+ * Detects evidence of actual code/command execution in tool responses
+ *
+ * Extracted from SecurityResponseAnalyzer.ts (Issue #53)
+ * Handles: execution evidence detection, artifact detection, injection payload echoing
+ */
+import { CompatibilityCallToolResult } from "@modelcontextprotocol/sdk/types.js";
+/**
+ * Result of response analysis
+ */
+export interface AnalysisResult {
+    isVulnerable: boolean;
+    evidence?: string;
+}
+/**
+ * Detects execution artifacts in tool responses
+ */
+export declare class ExecutionArtifactDetector {
+    /**
+     * Check if response contains evidence of actual execution
+     * Used to distinguish between safe reflection and actual command/code execution
+     */
+    hasExecutionEvidence(responseText: string): boolean;
+    /**
+     * Detect execution artifacts in response
+     * Two-tier detection: unambiguous artifacts + context-sensitive patterns
+     */
+    detectExecutionArtifacts(responseText: string): boolean;
+    /**
+     * Check if response contains echoed injection payload patterns
+     * These indicate the payload was stored/reflected, not executed
+     */
+    containsEchoedInjectionPayload(responseText: string): boolean;
+    /**
+     * Analyze injection response (fallback logic)
+     * Used when primary detection methods are inconclusive
+     *
+     * @param responseText The response text to analyze
+     * @param isReflectionCheck Function to check if response is reflection
+     * @returns Analysis result with vulnerability status
+     */
+    analyzeInjectionResponse(responseText: string, isReflectionCheck: (text: string) => boolean): AnalysisResult;
+    /**
+     * Extract response content from MCP response
+     */
+    extractResponseContent(response: CompatibilityCallToolResult): string;
+}
+//# sourceMappingURL=ExecutionArtifactDetector.d.ts.map

package/client/lib/services/assessment/modules/securityTests/ExecutionArtifactDetector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ExecutionArtifactDetector.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/ExecutionArtifactDetector.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,2BAA2B,EAAE,MAAM,oCAAoC,CAAC;AASjF;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,qBAAa,yBAAyB;IACpC;;;OAGG;IACH,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAInD;;;OAGG;IACH,wBAAwB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAqBvD;;;OAGG;IACH,8BAA8B,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO;IAI7D;;;;;;;OAOG;IACH,wBAAwB,CACtB,YAAY,EAAE,MAAM,EACpB,iBAAiB,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,GAC3C,cAAc;IAajB;;OAEG;IACH,sBAAsB,CAAC,QAAQ,EAAE,2BAA2B,GAAG,MAAM;CAUtE"}

package/client/lib/services/assessment/modules/securityTests/ExecutionArtifactDetector.js

@@ -0,0 +1,74 @@
+/**
+ * Execution Artifact Detector
+ * Detects evidence of actual code/command execution in tool responses
+ *
+ * Extracted from SecurityResponseAnalyzer.ts (Issue #53)
+ * Handles: execution evidence detection, artifact detection, injection payload echoing
+ */
+import { EXECUTION_INDICATORS, EXECUTION_ARTIFACT_PATTERNS, ECHOED_PAYLOAD_PATTERNS, FALLBACK_EXECUTION_PATTERNS, matchesAny, } from "./SecurityPatternLibrary.js";
+/**
+ * Detects execution artifacts in tool responses
+ */
+export class ExecutionArtifactDetector {
+    /**
+     * Check if response contains evidence of actual execution
+     * Used to distinguish between safe reflection and actual command/code execution
+     */
+    hasExecutionEvidence(responseText) {
+        return matchesAny(EXECUTION_INDICATORS, responseText);
+    }
+    /**
+     * Detect execution artifacts in response
+     * Two-tier detection: unambiguous artifacts + context-sensitive patterns
+     */
+    detectExecutionArtifacts(responseText) {
+        const containsEchoedPayload = this.containsEchoedInjectionPayload(responseText);
+        // Check always-execution patterns
+        if (matchesAny(EXECUTION_ARTIFACT_PATTERNS.alwaysExecution, responseText)) {
+            return true;
+        }
+        // Context-sensitive patterns only count if no echoed payload present
+        if (!containsEchoedPayload) {
+            if (matchesAny(EXECUTION_ARTIFACT_PATTERNS.contextSensitive, responseText)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    /**
+     * Check if response contains echoed injection payload patterns
+     * These indicate the payload was stored/reflected, not executed
+     */
+    containsEchoedInjectionPayload(responseText) {
+        return matchesAny(ECHOED_PAYLOAD_PATTERNS, responseText);
+    }
+    /**
+     * Analyze injection response (fallback logic)
+     * Used when primary detection methods are inconclusive
+     *
+     * @param responseText The response text to analyze
+     * @param isReflectionCheck Function to check if response is reflection
+     * @returns Analysis result with vulnerability status
+     */
+    analyzeInjectionResponse(responseText, isReflectionCheck) {
+        const hasExecution = matchesAny(FALLBACK_EXECUTION_PATTERNS, responseText);
+        if (hasExecution && !isReflectionCheck(responseText)) {
+            return {
+                isVulnerable: true,
+                evidence: "Tool executed instruction: found execution keywords",
+            };
+        }
+        return { isVulnerable: false };
+    }
+    /**
+     * Extract response content from MCP response
+     */
+    extractResponseContent(response) {
+        if (response.content && Array.isArray(response.content)) {
+            return response.content
+                .map((c) => c.type === "text" ? c.text : "")
+                .join(" ");
+        }
+        return String(response.content || "");
+    }
+}

package/client/lib/services/assessment/modules/securityTests/MathAnalyzer.d.ts

@@ -0,0 +1,58 @@
+/**
+ * Math Analyzer
+ * Detects computed math expression results (Calculator Injection)
+ *
+ * Extracted from SecurityResponseAnalyzer.ts (Issue #53)
+ * Handles: math computation detection, coincidental numeric detection
+ */
+import { Tool } from "@modelcontextprotocol/sdk/types.js";
+/**
+ * Result of computed math analysis with confidence level (Issue #58)
+ */
+export interface MathResultAnalysis {
+    isComputed: boolean;
+    confidence: "high" | "medium" | "low";
+    reason?: string;
+}
+/**
+ * Analyzes tool responses for math computation evidence (Calculator Injection)
+ */
+export declare class MathAnalyzer {
+    /**
+     * Enhanced computed math result analysis with tool context (Issue #58)
+     *
+     * Returns a confidence level indicating how likely this is a real Calculator Injection:
+     * - high: Strong evidence of computation (should flag as vulnerable)
+     * - medium: Ambiguous (excluded from vulnerability count per user decision)
+     * - low: Likely coincidental data (excluded from vulnerability count)
+     */
+    analyzeComputedMathResult(payload: string, responseText: string, tool?: Tool): MathResultAnalysis;
+    /**
+     * Legacy method for backward compatibility
+     * @deprecated Use analyzeComputedMathResult instead
+     */
+    isComputedMathResult(payload: string, responseText: string): boolean;
+    /**
+     * Check if numeric value appears in structured data context (not as computation result)
+     * Distinguishes {"records": 4} from computed "4" (Issue #58)
+     *
+     * @param result The computed numeric result to check for
+     * @param responseText The response text to analyze
+     * @returns true if the number appears to be coincidental data, not a computed result
+     */
+    isCoincidentalNumericInStructuredData(result: number, responseText: string): boolean;
+    /**
+     * Recursively check JSON object for coincidental numeric values
+     */
+    private checkObjectForCoincidentalNumeric;
+    /**
+     * Check text for structured patterns containing coincidental numerics
+     */
+    private checkTextForCoincidentalNumeric;
+    /**
+     * Compute math expression from regex match
+     * Returns null if invalid operator
+     */
+    private computeExpression;
+}
+//# sourceMappingURL=MathAnalyzer.d.ts.map

package/client/lib/services/assessment/modules/securityTests/MathAnalyzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"MathAnalyzer.d.ts","sourceRoot":"","sources":["../../../../../src/services/assessment/modules/securityTests/MathAnalyzer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAW1D;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACtC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,YAAY;IACvB;;;;;;;OAOG;IACH,yBAAyB,CACvB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,EACpB,IAAI,CAAC,EAAE,IAAI,GACV,kBAAkB;IAkIrB;;;OAGG;IACH,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO;IAKpE;;;;;;;OAOG;IACH,qCAAqC,CACnC,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,GACnB,OAAO;IAWV;;OAEG;IACH,OAAO,CAAC,iCAAiC;IAyCzC;;OAEG;IACH,OAAO,CAAC,+BAA+B;IAqBvC;;;OAGG;IACH,OAAO,CAAC,iBAAiB;CA+C1B"}