@datahogo/core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (153) hide show
  1. package/LICENSE +661 -0
  2. package/README.md +17 -0
  3. package/dist/engines/config.d.ts +3 -0
  4. package/dist/engines/config.d.ts.map +1 -0
  5. package/dist/engines/config.js +433 -0
  6. package/dist/engines/config.js.map +1 -0
  7. package/dist/engines/dast.d.ts +3 -0
  8. package/dist/engines/dast.d.ts.map +1 -0
  9. package/dist/engines/dast.js +167 -0
  10. package/dist/engines/dast.js.map +1 -0
  11. package/dist/engines/db-rules.d.ts +3 -0
  12. package/dist/engines/db-rules.d.ts.map +1 -0
  13. package/dist/engines/db-rules.js +166 -0
  14. package/dist/engines/db-rules.js.map +1 -0
  15. package/dist/engines/dependencies.d.ts +3 -0
  16. package/dist/engines/dependencies.d.ts.map +1 -0
  17. package/dist/engines/dependencies.js +167 -0
  18. package/dist/engines/dependencies.js.map +1 -0
  19. package/dist/engines/github-actions.d.ts +3 -0
  20. package/dist/engines/github-actions.d.ts.map +1 -0
  21. package/dist/engines/github-actions.js +215 -0
  22. package/dist/engines/github-actions.js.map +1 -0
  23. package/dist/engines/gitleaks.d.ts +3 -0
  24. package/dist/engines/gitleaks.d.ts.map +1 -0
  25. package/dist/engines/gitleaks.js +107 -0
  26. package/dist/engines/gitleaks.js.map +1 -0
  27. package/dist/engines/npm-audit.d.ts +3 -0
  28. package/dist/engines/npm-audit.d.ts.map +1 -0
  29. package/dist/engines/npm-audit.js +113 -0
  30. package/dist/engines/npm-audit.js.map +1 -0
  31. package/dist/engines/patterns.d.ts +3 -0
  32. package/dist/engines/patterns.d.ts.map +1 -0
  33. package/dist/engines/patterns.js +1330 -0
  34. package/dist/engines/patterns.js.map +1 -0
  35. package/dist/engines/secrets.d.ts +4 -0
  36. package/dist/engines/secrets.d.ts.map +1 -0
  37. package/dist/engines/secrets.js +260 -0
  38. package/dist/engines/secrets.js.map +1 -0
  39. package/dist/engines/semgrep.d.ts +3 -0
  40. package/dist/engines/semgrep.d.ts.map +1 -0
  41. package/dist/engines/semgrep.js +173 -0
  42. package/dist/engines/semgrep.js.map +1 -0
  43. package/dist/engines/types.d.ts +30 -0
  44. package/dist/engines/types.d.ts.map +1 -0
  45. package/dist/engines/types.js +3 -0
  46. package/dist/engines/types.js.map +1 -0
  47. package/dist/engines/url-scanner.d.ts +3 -0
  48. package/dist/engines/url-scanner.d.ts.map +1 -0
  49. package/dist/engines/url-scanner.js +469 -0
  50. package/dist/engines/url-scanner.js.map +1 -0
  51. package/dist/index.d.ts +8 -0
  52. package/dist/index.d.ts.map +1 -0
  53. package/dist/index.js +8 -0
  54. package/dist/index.js.map +1 -0
  55. package/dist/orchestrator.d.ts +32 -0
  56. package/dist/orchestrator.d.ts.map +1 -0
  57. package/dist/orchestrator.js +237 -0
  58. package/dist/orchestrator.js.map +1 -0
  59. package/dist/rules/.gitkeep +0 -0
  60. package/dist/rules/ai-llm-security.yaml +199 -0
  61. package/dist/rules/api-security.yaml +489 -0
  62. package/dist/rules/auth-patterns.yaml +406 -0
  63. package/dist/rules/crypto-patterns.yaml +227 -0
  64. package/dist/rules/database-cloud-security.yaml +169 -0
  65. package/dist/rules/general-security.yaml +588 -0
  66. package/dist/rules/injection-patterns.yaml +318 -0
  67. package/dist/rules/nextjs-security.yaml +532 -0
  68. package/dist/rules/node-security.yaml +380 -0
  69. package/dist/rules/rules/.gitkeep +0 -0
  70. package/dist/rules/rules/ai-llm-security.yaml +199 -0
  71. package/dist/rules/rules/api-security.yaml +489 -0
  72. package/dist/rules/rules/auth-patterns.yaml +406 -0
  73. package/dist/rules/rules/crypto-patterns.yaml +227 -0
  74. package/dist/rules/rules/database-cloud-security.yaml +169 -0
  75. package/dist/rules/rules/general-security.yaml +588 -0
  76. package/dist/rules/rules/injection-patterns.yaml +318 -0
  77. package/dist/rules/rules/nextjs-security.yaml +532 -0
  78. package/dist/rules/rules/node-security.yaml +380 -0
  79. package/dist/rules/rules/supabase-security.yaml +387 -0
  80. package/dist/rules/supabase-security.yaml +387 -0
  81. package/dist/scanning/agents/csharp-agent.d.ts +12 -0
  82. package/dist/scanning/agents/csharp-agent.d.ts.map +1 -0
  83. package/dist/scanning/agents/csharp-agent.js +592 -0
  84. package/dist/scanning/agents/csharp-agent.js.map +1 -0
  85. package/dist/scanning/agents/go-agent.d.ts +14 -0
  86. package/dist/scanning/agents/go-agent.d.ts.map +1 -0
  87. package/dist/scanning/agents/go-agent.js +641 -0
  88. package/dist/scanning/agents/go-agent.js.map +1 -0
  89. package/dist/scanning/agents/java-agent.d.ts +8 -0
  90. package/dist/scanning/agents/java-agent.d.ts.map +1 -0
  91. package/dist/scanning/agents/java-agent.js +807 -0
  92. package/dist/scanning/agents/java-agent.js.map +1 -0
  93. package/dist/scanning/agents/javascript-agent.d.ts +8 -0
  94. package/dist/scanning/agents/javascript-agent.d.ts.map +1 -0
  95. package/dist/scanning/agents/javascript-agent.js +77 -0
  96. package/dist/scanning/agents/javascript-agent.js.map +1 -0
  97. package/dist/scanning/agents/mobile-agent.d.ts +8 -0
  98. package/dist/scanning/agents/mobile-agent.d.ts.map +1 -0
  99. package/dist/scanning/agents/mobile-agent.js +916 -0
  100. package/dist/scanning/agents/mobile-agent.js.map +1 -0
  101. package/dist/scanning/agents/php-agent.d.ts +8 -0
  102. package/dist/scanning/agents/php-agent.d.ts.map +1 -0
  103. package/dist/scanning/agents/php-agent.js +679 -0
  104. package/dist/scanning/agents/php-agent.js.map +1 -0
  105. package/dist/scanning/agents/python-agent.d.ts +8 -0
  106. package/dist/scanning/agents/python-agent.d.ts.map +1 -0
  107. package/dist/scanning/agents/python-agent.js +701 -0
  108. package/dist/scanning/agents/python-agent.js.map +1 -0
  109. package/dist/scanning/agents/supabase-agent.d.ts +8 -0
  110. package/dist/scanning/agents/supabase-agent.d.ts.map +1 -0
  111. package/dist/scanning/agents/supabase-agent.js +484 -0
  112. package/dist/scanning/agents/supabase-agent.js.map +1 -0
  113. package/dist/scanning/orchestrator.d.ts +29 -0
  114. package/dist/scanning/orchestrator.d.ts.map +1 -0
  115. package/dist/scanning/orchestrator.js +186 -0
  116. package/dist/scanning/orchestrator.js.map +1 -0
  117. package/dist/scanning/tech-detector.d.ts +12 -0
  118. package/dist/scanning/tech-detector.d.ts.map +1 -0
  119. package/dist/scanning/tech-detector.js +252 -0
  120. package/dist/scanning/tech-detector.js.map +1 -0
  121. package/dist/scanning/types.d.ts +87 -0
  122. package/dist/scanning/types.d.ts.map +1 -0
  123. package/dist/scanning/types.js +5 -0
  124. package/dist/scanning/types.js.map +1 -0
  125. package/dist/utils/child-process.d.ts +2 -0
  126. package/dist/utils/child-process.d.ts.map +1 -0
  127. package/dist/utils/child-process.js +4 -0
  128. package/dist/utils/child-process.js.map +1 -0
  129. package/dist/utils/context-classifier.d.ts +11 -0
  130. package/dist/utils/context-classifier.d.ts.map +1 -0
  131. package/dist/utils/context-classifier.js +79 -0
  132. package/dist/utils/context-classifier.js.map +1 -0
  133. package/dist/utils/exec.d.ts +18 -0
  134. package/dist/utils/exec.d.ts.map +1 -0
  135. package/dist/utils/exec.js +51 -0
  136. package/dist/utils/exec.js.map +1 -0
  137. package/dist/utils/file-filter.d.ts +4 -0
  138. package/dist/utils/file-filter.d.ts.map +1 -0
  139. package/dist/utils/file-filter.js +68 -0
  140. package/dist/utils/file-filter.js.map +1 -0
  141. package/dist/utils/fs.d.ts +2 -0
  142. package/dist/utils/fs.d.ts.map +1 -0
  143. package/dist/utils/fs.js +5 -0
  144. package/dist/utils/fs.js.map +1 -0
  145. package/dist/utils/logger.d.ts +12 -0
  146. package/dist/utils/logger.d.ts.map +1 -0
  147. package/dist/utils/logger.js +27 -0
  148. package/dist/utils/logger.js.map +1 -0
  149. package/dist/utils/post-processor.d.ts +10 -0
  150. package/dist/utils/post-processor.d.ts.map +1 -0
  151. package/dist/utils/post-processor.js +183 -0
  152. package/dist/utils/post-processor.js.map +1 -0
  153. package/package.json +44 -0
@@ -0,0 +1,3 @@
1
+ import type { FindingData } from "./types.js";
2
+ export declare function analyzeConfig(files: Map<string, string>): FindingData[];
3
+ //# sourceMappingURL=config.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/engines/config.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C,wBAAgB,aAAa,CAC3B,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GACzB,WAAW,EAAE,CA8Bf"}
@@ -0,0 +1,433 @@
1
+ // Config analyzer engine - checks configuration files for security issues
2
+ // Analyzes: Dockerfile, next.config, package.json, .gitignore, etc.
3
+ export function analyzeConfig(files) {
4
+ const findings = [];
5
+ for (const [filePath, content] of files) {
6
+ const fileName = filePath.split("/").pop() || "";
7
+ if (fileName === "Dockerfile" || fileName.endsWith(".dockerfile")) {
8
+ findings.push(...analyzeDockerfile(content, filePath));
9
+ }
10
+ if (fileName === "next.config.js" || fileName === "next.config.ts" || fileName === "next.config.mjs") {
11
+ findings.push(...analyzeNextConfig(content, filePath));
12
+ }
13
+ if (fileName === "package.json" && !filePath.includes("node_modules")) {
14
+ findings.push(...analyzePackageJson(content, filePath));
15
+ }
16
+ if (fileName === ".gitignore") {
17
+ findings.push(...analyzeGitignore(content, filePath, files));
18
+ }
19
+ if (fileName === "docker-compose.yml" || fileName === "docker-compose.yaml") {
20
+ findings.push(...analyzeDockerCompose(content, filePath));
21
+ }
22
+ if (fileName === "tsconfig.json" && !filePath.includes("node_modules")) {
23
+ findings.push(...analyzeTsConfig(content, filePath));
24
+ }
25
+ if (fileName === "vercel.json") {
26
+ findings.push(...analyzeVercelConfig(content, filePath));
27
+ }
28
+ }
29
+ return findings;
30
+ }
31
+ function analyzeDockerfile(content, filePath) {
32
+ const findings = [];
33
+ const lines = content.split("\n");
34
+ // Check for running as root (no USER instruction)
35
+ // Skip if FROM scratch or distroless (no shell, USER is irrelevant)
36
+ const baseImage = lines.find((l) => /^FROM\s+/i.test(l.trim()));
37
+ const isMinimalImage = baseImage && /(?:scratch|distroless|busybox)/i.test(baseImage);
38
+ const hasUserInstruction = lines.some((l) => /^USER\s+/i.test(l.trim()));
39
+ if (!hasUserInstruction && !isMinimalImage) {
40
+ findings.push({
41
+ vulnerability_id: 148,
42
+ severity: "medium",
43
+ category: "docker",
44
+ title: "Container Running as Root",
45
+ file_path: filePath,
46
+ code_snippet: "# No USER instruction found in Dockerfile",
47
+ owasp_ref: "A05:2021",
48
+ status: "open",
49
+ confidence: "low",
50
+ });
51
+ }
52
+ // Check for latest tag
53
+ for (let i = 0; i < lines.length; i++) {
54
+ const line = lines[i].trim();
55
+ if (/^FROM\s+\S+:latest/i.test(line)) {
56
+ findings.push({
57
+ vulnerability_id: 149,
58
+ severity: "low",
59
+ category: "docker",
60
+ title: "Using :latest Tag in Dockerfile",
61
+ file_path: filePath,
62
+ line_number: i + 1,
63
+ code_snippet: line,
64
+ status: "open",
65
+ confidence: "medium",
66
+ });
67
+ }
68
+ // Check for secrets in Dockerfile — skip if value references build arg or env var
69
+ if (/^(?:ENV|ARG)\s+(?:.*(?:PASSWORD|SECRET|KEY|TOKEN|PRIVATE))/i.test(line)) {
70
+ const hasHardcodedValue = /[=]\s*[^$\s{][^\s]+/.test(line);
71
+ findings.push({
72
+ vulnerability_id: 150,
73
+ severity: hasHardcodedValue ? "critical" : "medium",
74
+ category: "docker",
75
+ title: "Secrets in Dockerfile ENV/ARG",
76
+ file_path: filePath,
77
+ line_number: i + 1,
78
+ code_snippet: line,
79
+ status: "open",
80
+ confidence: hasHardcodedValue ? "high" : "low",
81
+ });
82
+ }
83
+ // Check for COPY .env — skip .env.example, .env.template, .env.sample
84
+ if (/^COPY\s+.*\.env(?!\.example|\.template|\.sample)/i.test(line)) {
85
+ findings.push({
86
+ vulnerability_id: 150,
87
+ severity: "critical",
88
+ category: "docker",
89
+ title: "Copying .env File into Docker Image",
90
+ file_path: filePath,
91
+ line_number: i + 1,
92
+ code_snippet: line,
93
+ status: "open",
94
+ confidence: "high",
95
+ });
96
+ }
97
+ }
98
+ // Check for HEALTHCHECK
99
+ const hasHealthcheck = lines.some((l) => /^HEALTHCHECK/i.test(l.trim()));
100
+ if (!hasHealthcheck) {
101
+ findings.push({
102
+ vulnerability_id: 152,
103
+ severity: "low",
104
+ category: "docker",
105
+ title: "No HEALTHCHECK in Dockerfile",
106
+ file_path: filePath,
107
+ code_snippet: "# No HEALTHCHECK instruction found",
108
+ status: "open",
109
+ confidence: "low",
110
+ });
111
+ }
112
+ return findings;
113
+ }
114
+ function analyzeNextConfig(content, filePath) {
115
+ const findings = [];
116
+ const lines = content.split("\n");
117
+ for (let i = 0; i < lines.length; i++) {
118
+ const line = lines[i];
119
+ // Check for exposed source maps
120
+ if (/productionBrowserSourceMaps\s*:\s*true/i.test(line)) {
121
+ findings.push({
122
+ vulnerability_id: 49,
123
+ severity: "medium",
124
+ category: "react-nextjs",
125
+ title: "Source Maps Exposed in Production",
126
+ file_path: filePath,
127
+ line_number: i + 1,
128
+ code_snippet: line.trim(),
129
+ status: "open",
130
+ confidence: "high",
131
+ });
132
+ }
133
+ // Check for permissive headers/CORS
134
+ if (/Access-Control-Allow-Origin.*\*/i.test(line)) {
135
+ findings.push({
136
+ vulnerability_id: 50,
137
+ severity: "medium",
138
+ category: "react-nextjs",
139
+ title: "Open CORS in Next.js Config",
140
+ file_path: filePath,
141
+ line_number: i + 1,
142
+ code_snippet: line.trim(),
143
+ status: "open",
144
+ confidence: "high",
145
+ });
146
+ }
147
+ }
148
+ // Check if poweredByHeader is explicitly disabled
149
+ if (!content.includes("poweredByHeader") || !/poweredByHeader\s*:\s*false/.test(content)) {
150
+ findings.push({
151
+ vulnerability_id: 4,
152
+ severity: "low",
153
+ category: "react-nextjs",
154
+ title: "X-Powered-By Header Not Disabled",
155
+ file_path: filePath,
156
+ code_snippet: "// Missing: poweredByHeader: false in next.config",
157
+ fix_description: "Add poweredByHeader: false to your next.config to prevent disclosing Next.js",
158
+ owasp_ref: "A05:2021",
159
+ status: "open",
160
+ confidence: "medium",
161
+ });
162
+ }
163
+ return findings;
164
+ }
165
+ function analyzePackageJson(content, filePath) {
166
+ const findings = [];
167
+ try {
168
+ const pkg = JSON.parse(content);
169
+ // Check for suspicious install scripts
170
+ if (pkg.scripts) {
171
+ const suspiciousScripts = ["preinstall", "postinstall", "install"];
172
+ for (const script of suspiciousScripts) {
173
+ const value = pkg.scripts[script];
174
+ if (value && (/curl|wget|bash|sh\s+-c|eval|exec/i.test(value))) {
175
+ findings.push({
176
+ vulnerability_id: 139,
177
+ severity: "high",
178
+ category: "supply-chain",
179
+ title: "Suspicious Install Script in package.json",
180
+ file_path: filePath,
181
+ code_snippet: `"${script}": "${value}"`,
182
+ status: "open",
183
+ confidence: "medium",
184
+ });
185
+ }
186
+ }
187
+ }
188
+ }
189
+ catch {
190
+ // Invalid JSON - not a security issue per se
191
+ }
192
+ return findings;
193
+ }
194
+ function analyzeGitignore(content, filePath, allFiles) {
195
+ const findings = [];
196
+ const lines = content.split("\n").map((l) => l.trim());
197
+ // Check if .env is ignored
198
+ const hasEnvIgnore = lines.some((l) => l === ".env" || l === ".env*" || l === ".env.local");
199
+ if (!hasEnvIgnore) {
200
+ findings.push({
201
+ vulnerability_id: 168,
202
+ severity: "medium",
203
+ category: "config",
204
+ title: "Inadequate .gitignore - Missing .env",
205
+ file_path: filePath,
206
+ code_snippet: "# .env is not listed in .gitignore",
207
+ status: "open",
208
+ confidence: "high",
209
+ });
210
+ }
211
+ // Check if .env.example exists
212
+ if (!allFiles.has(".env.example")) {
213
+ findings.push({
214
+ vulnerability_id: 165,
215
+ severity: "low",
216
+ category: "config",
217
+ title: "No .env.example File",
218
+ code_snippet: "Project is missing .env.example for documenting required env vars",
219
+ status: "open",
220
+ confidence: "low",
221
+ });
222
+ }
223
+ // Check if lockfile exists
224
+ const hasLockfile = allFiles.has("package-lock.json") ||
225
+ allFiles.has("yarn.lock") ||
226
+ allFiles.has("pnpm-lock.yaml");
227
+ if (allFiles.has("package.json") && !hasLockfile) {
228
+ findings.push({
229
+ vulnerability_id: 141,
230
+ severity: "medium",
231
+ category: "supply-chain",
232
+ title: "Missing Lockfile",
233
+ code_snippet: "No package-lock.json, yarn.lock, or pnpm-lock.yaml found",
234
+ status: "open",
235
+ confidence: "high",
236
+ });
237
+ }
238
+ return findings;
239
+ }
240
+ function analyzeDockerCompose(content, filePath) {
241
+ const findings = [];
242
+ const lines = content.split("\n");
243
+ for (let i = 0; i < lines.length; i++) {
244
+ const line = lines[i];
245
+ // Privileged mode
246
+ if (/privileged\s*:\s*true/i.test(line)) {
247
+ findings.push({
248
+ vulnerability_id: 148,
249
+ severity: "critical",
250
+ category: "docker",
251
+ title: "Docker Compose: Privileged Container",
252
+ description_technical: "Container runs in privileged mode, giving it full host access",
253
+ file_path: filePath,
254
+ line_number: i + 1,
255
+ code_snippet: line.trim(),
256
+ status: "open",
257
+ confidence: "high",
258
+ });
259
+ }
260
+ // Dangerous volume mounts
261
+ if (/volumes:/.test(line)) {
262
+ const nextLines = lines.slice(i + 1, i + 10).join("\n");
263
+ if (/["']?\/?(?:var\/run\/docker\.sock|\/etc|\/root|\/proc|\/sys)/.test(nextLines)) {
264
+ findings.push({
265
+ vulnerability_id: 148,
266
+ severity: "high",
267
+ category: "docker",
268
+ title: "Docker Compose: Sensitive Volume Mount",
269
+ description_technical: "Container mounts a sensitive host path (docker.sock, /etc, /root, /proc, /sys)",
270
+ file_path: filePath,
271
+ line_number: i + 1,
272
+ code_snippet: lines.slice(i, i + 4).join("\n"),
273
+ status: "open",
274
+ confidence: "high",
275
+ });
276
+ }
277
+ }
278
+ // Database without password
279
+ if (/(?:POSTGRES_PASSWORD|MYSQL_ROOT_PASSWORD|MONGO_INITDB_ROOT_PASSWORD)\s*:\s*["']?\s*["']?$/i.test(line)) {
280
+ findings.push({
281
+ vulnerability_id: 101,
282
+ severity: "critical",
283
+ category: "database",
284
+ title: "Docker Compose: Database Without Password",
285
+ file_path: filePath,
286
+ line_number: i + 1,
287
+ code_snippet: line.trim(),
288
+ status: "open",
289
+ confidence: "high",
290
+ });
291
+ }
292
+ // Default database credentials
293
+ if (/(?:POSTGRES_PASSWORD|MYSQL_ROOT_PASSWORD|MONGO_INITDB_ROOT_PASSWORD)\s*:\s*["']?(?:postgres|root|admin|password|secret|test|123456|changeme)["']?\s*$/i.test(line)) {
294
+ findings.push({
295
+ vulnerability_id: 101,
296
+ severity: "critical",
297
+ category: "database-connection",
298
+ title: "Docker Compose: Default Database Credentials",
299
+ description_technical: "Database uses default/weak credentials. Use strong, unique passwords via secrets management.",
300
+ file_path: filePath,
301
+ line_number: i + 1,
302
+ code_snippet: line.trim().replace(/:\s*["']?(.*)["']?/, ": ***REDACTED***"),
303
+ status: "open",
304
+ confidence: "high",
305
+ });
306
+ }
307
+ // Database port exposed to host without restriction
308
+ if (/ports:/.test(line)) {
309
+ const nextLines = lines.slice(i + 1, i + 5).join("\n");
310
+ if (/["']?(?:0\.0\.0\.0:)?(?:5432|3306|27017|6379|9200|9300|5984):/.test(nextLines)) {
311
+ findings.push({
312
+ vulnerability_id: 148,
313
+ severity: "high",
314
+ category: "database-connection",
315
+ title: "Docker Compose: Database Port Exposed to Host",
316
+ description_technical: "Database port is mapped to the host. In production, databases should only be accessible via internal network.",
317
+ file_path: filePath,
318
+ line_number: i + 1,
319
+ code_snippet: lines.slice(i, i + 3).join("\n"),
320
+ status: "open",
321
+ confidence: "medium",
322
+ });
323
+ }
324
+ }
325
+ // Redis without password
326
+ if (/redis/i.test(line) && i > 0) {
327
+ const serviceBlock = lines.slice(Math.max(0, i - 5), i + 15).join("\n");
328
+ if (/image\s*:\s*["']?redis/i.test(serviceBlock) && !/requirepass|--requirepass|REDIS_PASSWORD/i.test(serviceBlock)) {
329
+ if (/command|entrypoint/i.test(line) === false && /image\s*:\s*["']?redis/i.test(line)) {
330
+ findings.push({
331
+ vulnerability_id: 101,
332
+ severity: "high",
333
+ category: "database-connection",
334
+ title: "Docker Compose: Redis Without Password",
335
+ description_technical: "Redis service has no password configured. Use --requirepass or REDIS_PASSWORD.",
336
+ file_path: filePath,
337
+ line_number: i + 1,
338
+ code_snippet: line.trim(),
339
+ status: "open",
340
+ confidence: "medium",
341
+ });
342
+ }
343
+ }
344
+ }
345
+ // network_mode: host
346
+ if (/network_mode\s*:\s*["']?host/i.test(line)) {
347
+ findings.push({
348
+ vulnerability_id: 148,
349
+ severity: "medium",
350
+ category: "docker",
351
+ title: "Docker Compose: Host Network Mode",
352
+ description_technical: "Container uses host networking, bypassing Docker network isolation",
353
+ file_path: filePath,
354
+ line_number: i + 1,
355
+ code_snippet: line.trim(),
356
+ status: "open",
357
+ confidence: "medium",
358
+ });
359
+ }
360
+ }
361
+ return findings;
362
+ }
363
+ function analyzeTsConfig(content, filePath) {
364
+ const findings = [];
365
+ try {
366
+ const config = JSON.parse(content);
367
+ const compilerOptions = config.compilerOptions || {};
368
+ if (compilerOptions.strict === false) {
369
+ findings.push({
370
+ vulnerability_id: 166,
371
+ severity: "low",
372
+ category: "config",
373
+ title: "TypeScript Strict Mode Disabled",
374
+ description_technical: "tsconfig.json has strict: false. Strict mode catches many potential bugs at compile time.",
375
+ file_path: filePath,
376
+ code_snippet: '"strict": false',
377
+ status: "open",
378
+ confidence: "medium",
379
+ });
380
+ }
381
+ if (!compilerOptions.strict && compilerOptions.noImplicitAny === false) {
382
+ findings.push({
383
+ vulnerability_id: 166,
384
+ severity: "low",
385
+ category: "config",
386
+ title: "TypeScript noImplicitAny Disabled",
387
+ description_technical: "noImplicitAny is false, allowing implicit 'any' types which bypass type safety.",
388
+ file_path: filePath,
389
+ code_snippet: '"noImplicitAny": false',
390
+ status: "open",
391
+ confidence: "medium",
392
+ });
393
+ }
394
+ }
395
+ catch {
396
+ // Invalid JSON - skip
397
+ }
398
+ return findings;
399
+ }
400
+ function analyzeVercelConfig(content, filePath) {
401
+ const findings = [];
402
+ try {
403
+ const config = JSON.parse(content);
404
+ // Check for env vars with secret-looking values
405
+ if (config.env) {
406
+ for (const [key, value] of Object.entries(config.env)) {
407
+ if (typeof value === "string" &&
408
+ /(?:KEY|SECRET|TOKEN|PASSWORD|PRIVATE)/i.test(key) &&
409
+ value.length > 10 &&
410
+ !value.startsWith("@") // Vercel secret references start with @
411
+ ) {
412
+ findings.push({
413
+ vulnerability_id: 53,
414
+ severity: "critical",
415
+ category: "vibecoding",
416
+ title: `Secret in vercel.json: ${key}`,
417
+ description_technical: "Environment variable with secret-looking value is hardcoded in vercel.json. Use Vercel Environment Variables UI or @secret references instead.",
418
+ file_path: filePath,
419
+ code_snippet: `"${key}": "***REDACTED***"`,
420
+ owasp_ref: "A07:2021",
421
+ status: "open",
422
+ confidence: "high",
423
+ });
424
+ }
425
+ }
426
+ }
427
+ }
428
+ catch {
429
+ // Invalid JSON - skip
430
+ }
431
+ return findings;
432
+ }
433
+ //# sourceMappingURL=config.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/engines/config.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,oEAAoE;AAIpE,MAAM,UAAU,aAAa,CAC3B,KAA0B;IAE1B,MAAM,QAAQ,GAAkB,EAAE,CAAC;IAEnC,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,KAAK,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;QAEjD,IAAI,QAAQ,KAAK,YAAY,IAAI,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YAClE,QAAQ,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QACzD,CAAC;QACD,IAAI,QAAQ,KAAK,gBAAgB,IAAI,QAAQ,KAAK,gBAAgB,IAAI,QAAQ,KAAK,iBAAiB,EAAE,CAAC;YACrG,QAAQ,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QACzD,CAAC;QACD,IAAI,QAAQ,KAAK,cAAc,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACtE,QAAQ,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC1D,CAAC;QACD,IAAI,QAAQ,KAAK,YAAY,EAAE,CAAC;YAC9B,QAAQ,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;QAC/D,CAAC;QACD,IAAI,QAAQ,KAAK,oBAAoB,IAAI,QAAQ,KAAK,qBAAqB,EAAE,CAAC;YAC5E,QAAQ,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,QAAQ,KAAK,eAAe,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACvE,QAAQ,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,QAAQ,KAAK,aAAa,EAAE,CAAC;YAC/B,QAAQ,CAAC,IAAI,CAAC,GAAG,mBAAmB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,iBAAiB,CAAC,OAAe,EAAE,QAAgB;IAC1D,MAAM,QAAQ,GAAkB,EAAE,CAAC;IACnC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,kDAAkD;IAClD,oEAAoE;IACpE,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAChE,MAAM,cAAc,GAAG,SAAS,IAAI,iCAAiC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACtF,MAAM,kBAAkB,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC1C,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAC3B,CAAC;IACF,IAAI,CAAC,kBAAkB,IAAI,CAAC,cAAc,EAAE,CAAC;QAC3C,QAAQ,CAAC,IAAI,CAAC;YACZ,gBAAgB,EAAE,GAAG;YACrB,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,2BAA2B;YAClC,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE,2CAA2C;YACzD,SAAS,EAAE,UAAU;YACrB,MAAM,EAAE,MAAM;YACd,UAAU,EAAE,KAAK;SAClB,CAAC,CAAC;IACL,CAAC;IAED,uBAAuB;IACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACrC,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,GAAG;gBACrB,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,iCAAiC;gBACxC,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;gBAClB,YAAY,EAAE,IAAI;gBAClB,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,QAAQ;aACrB,CAAC,CAAC;QACL,CAAC;QAED,kFAAkF;QAClF,IAAI,6DAA6D,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7E,MAAM,iBAAiB,GAAG,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC3D,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,GAAG;gBACrB,QAAQ,EAAE,iBAAiB,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ;gBACnD,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,+BAA+B;gBACtC,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;gBAClB,YAAY,EAAE,IAAI;gBAClB,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,iBAAiB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK;aAC/C,CAAC,CAAC;QACL,CAAC;QAED,sEAAsE;QACtE,IAAI,mDAAmD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnE,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,GAAG;gBACrB,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,qCAAqC;gBAC5C,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;gBAClB,YAAY,EAAE,IAAI;gBAClB,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACtC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAC/B,CAAC;IACF,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,QAAQ,CAAC,IAAI,CAAC;YACZ,gBAAgB,EAAE,GAAG;YACrB,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,8BAA8B;YACrC,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE,oCAAoC;YAClD,MAAM,EAAE,MAAM;YACd,UAAU,EAAE,KAAK;SAClB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,iBAAiB,CAAC,OAAe,EAAE,QAAgB;IAC1D,MAAM,QAAQ,GAAkB,EAAE,CAAC;IACnC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,gCAAgC;QAChC,IAAI,yCAAyC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACzD,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,EAAE;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,cAAc;gBACxB,KAAK,EAAE,mCAAmC;gBAC1C,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;gBAClB,YAAY,EAAE,IAAI,CAAC,IAAI,EAAE;gBACzB,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;QAED,oCAAoC;QACpC,IAAI,kCAAkC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAClD,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,EAAE;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,cAAc;gBACxB,KAAK,EAAE,6BAA6B;gBACpC,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;gBAClB,YAAY,EAAE,IAAI,CAAC,IAAI,EAAE;gBACzB,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACzF,QAAQ,CAAC,IAAI,CAAC;YACZ,gBAAgB,EAAE,CAAC;YACnB,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,cAAc;YACxB,KAAK,EAAE,kCAAkC;YACzC,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE,mDAAmD;YACjE,eAAe,EAAE,8EAA8E;YAC/F,SAAS,EAAE,UAAU;YACrB,MAAM,EAAE,MAAM;YACd,UAAU,EAAE,QAAQ;SACrB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAe,EAAE,QAAgB;IAC3D,MAAM,QAAQ,GAAkB,EAAE,CAAC;IAEnC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAEhC,uCAAuC;QACvC,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,MAAM,iBAAiB,GAAG,CAAC,YAAY,EAAE,aAAa,EAAE,SAAS,CAAC,CAAC;YACnE,KAAK,MAAM,MAAM,IAAI,iBAAiB,EAAE,CAAC;gBACvC,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBAClC,IAAI,KAAK,IAAI,CAAC,mCAAmC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;oBAC/D,QAAQ,CAAC,IAAI,CAAC;wBACZ,gBAAgB,EAAE,GAAG;wBACrB,QAAQ,EAAE,MAAM;wBAChB,QAAQ,EAAE,cAAc;wBACxB,KAAK,EAAE,2CAA2C;wBAClD,SAAS,EAAE,QAAQ;wBACnB,YAAY,EAAE,IAAI,MAAM,OAAO,KAAK,GAAG;wBACvC,MAAM,EAAE,MAAM;wBACd,UAAU,EAAE,QAAQ;qBACrB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IAEH,CAAC;IAAC,MAAM,CAAC;QACP,6CAA6C;IAC/C,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CACvB,OAAe,EACf,QAAgB,EAChB,QAA6B;IAE7B,MAAM,QAAQ,GAAkB,EAAE,CAAC;IACnC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAEvD,2BAA2B;IAC3B,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAC7B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,OAAO,IAAI,CAAC,KAAK,YAAY,CAC3D,CAAC;IACF,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,QAAQ,CAAC,IAAI,CAAC;YACZ,gBAAgB,EAAE,GAAG;YACrB,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,sCAAsC;YAC7C,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE,oCAAoC;YAClD,MAAM,EAAE,MAAM;YACd,UAAU,EAAE,MAAM;SACnB,CAAC,CAAC;IACL,CAAC;IAED,+BAA+B;IAC/B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,CAAC;QAClC,QAAQ,CAAC,IAAI,CAAC;YACZ,gBAAgB,EAAE,GAAG;YACrB,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,sBAAsB;YAC7B,YAAY,EAAE,mEAAmE;YACjF,MAAM,EAAE,MAAM;YACd,UAAU,EAAE,KAAK;SAClB,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAC3B,MAAM,WAAW,GACf,QAAQ,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACjC,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC;QACzB,QAAQ,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IACjC,IAAI,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjD,QAAQ,CAAC,IAAI,CAAC;YACZ,gBAAgB,EAAE,GAAG;YACrB,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,cAAc;YACxB,KAAK,EAAE,kBAAkB;YACzB,YAAY,EAAE,0DAA0D;YACxE,MAAM,EAAE,MAAM;YACd,UAAU,EAAE,MAAM;SACnB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAe,EAAE,QAAgB;IAC7D,MAAM,QAAQ,GAAkB,EAAE,CAAC;IACnC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,kBAAkB;QAClB,IAAI,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACxC,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,GAAG;gBACrB,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,sCAAsC;gBAC7C,qBAAqB,EAAE,+DAA+D;gBACtF,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;gBAClB,YAAY,EAAE,IAAI,CAAC,IAAI,EAAE;gBACzB,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;QAED,0BAA0B;QAC1B,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1B,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxD,IAAI,8DAA8D,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBACnF,QAAQ,CAAC,IAAI,CAAC;oBACZ,gBAAgB,EAAE,GAAG;oBACrB,QAAQ,EAAE,MAAM;oBAChB,QAAQ,EAAE,QAAQ;oBAClB,KAAK,EAAE,wCAAwC;oBAC/C,qBAAqB,EAAE,gFAAgF;oBACvG,SAAS,EAAE,QAAQ;oBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;oBAClB,YAAY,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;oBAC9C,MAAM,EAAE,MAAM;oBACd,UAAU,EAAE,MAAM;iBACnB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,IAAI,4FAA4F,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5G,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,GAAG;gBACrB,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,2CAA2C;gBAClD,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;gBAClB,YAAY,EAAE,IAAI,CAAC,IAAI,EAAE;gBACzB,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;QAED,+BAA+B;QAC/B,IAAI,wJAAwJ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACxK,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,GAAG;gBACrB,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,qBAAqB;gBAC/B,KAAK,EAAE,8CAA8C;gBACrD,qBAAqB,EAAE,8FAA8F;gBACrH,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;gBAClB,YAAY,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,oBAAoB,EAAE,kBAAkB,CAAC;gBAC3E,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;QAED,oDAAoD;QACpD,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvD,IAAI,+DAA+D,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBACpF,QAAQ,CAAC,IAAI,CAAC;oBACZ,gBAAgB,EAAE,GAAG;oBACrB,QAAQ,EAAE,MAAM;oBAChB,QAAQ,EAAE,qBAAqB;oBAC/B,KAAK,EAAE,+CAA+C;oBACtD,qBAAqB,EAAE,+GAA+G;oBACtI,SAAS,EAAE,QAAQ;oBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;oBAClB,YAAY,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;oBAC9C,MAAM,EAAE,MAAM;oBACd,UAAU,EAAE,QAAQ;iBACrB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,YAAY,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxE,IAAI,yBAAyB,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,2CAA2C,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBACpH,IAAI,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,KAAK,IAAI,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvF,QAAQ,CAAC,IAAI,CAAC;wBACZ,gBAAgB,EAAE,GAAG;wBACrB,QAAQ,EAAE,MAAM;wBAChB,QAAQ,EAAE,qBAAqB;wBAC/B,KAAK,EAAE,wCAAwC;wBAC/C,qBAAqB,EAAE,gFAAgF;wBACvG,SAAS,EAAE,QAAQ;wBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;wBAClB,YAAY,EAAE,IAAI,CAAC,IAAI,EAAE;wBACzB,MAAM,EAAE,MAAM;wBACd,UAAU,EAAE,QAAQ;qBACrB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,qBAAqB;QACrB,IAAI,+BAA+B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,GAAG;gBACrB,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,mCAAmC;gBAC1C,qBAAqB,EAAE,oEAAoE;gBAC3F,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;gBAClB,YAAY,EAAE,IAAI,CAAC,IAAI,EAAE;gBACzB,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,QAAQ;aACrB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,eAAe,CAAC,OAAe,EAAE,QAAgB;IACxD,MAAM,QAAQ,GAAkB,EAAE,CAAC;IAEnC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,eAAe,GAAG,MAAM,CAAC,eAAe,IAAI,EAAE,CAAC;QAErD,IAAI,eAAe,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YACrC,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,GAAG;gBACrB,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,iCAAiC;gBACxC,qBAAqB,EAAE,2FAA2F;gBAClH,SAAS,EAAE,QAAQ;gBACnB,YAAY,EAAE,iBAAiB;gBAC/B,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,QAAQ;aACrB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,eAAe,CAAC,MAAM,IAAI,eAAe,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YACvE,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,GAAG;gBACrB,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,mCAAmC;gBAC1C,qBAAqB,EAAE,iFAAiF;gBACxG,SAAS,EAAE,QAAQ;gBACnB,YAAY,EAAE,wBAAwB;gBACtC,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,QAAQ;aACrB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,sBAAsB;IACxB,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAe,EAAE,QAAgB;IAC5D,MAAM,QAAQ,GAAkB,EAAE,CAAC;IAEnC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAEnC,gDAAgD;QAChD,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;YACf,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtD,IACE,OAAO,KAAK,KAAK,QAAQ;oBACzB,wCAAwC,CAAC,IAAI,CAAC,GAAG,CAAC;oBAClD,KAAK,CAAC,MAAM,GAAG,EAAE;oBACjB,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,wCAAwC;kBAC/D,CAAC;oBACD,QAAQ,CAAC,IAAI,CAAC;wBACZ,gBAAgB,EAAE,EAAE;wBACpB,QAAQ,EAAE,UAAU;wBACpB,QAAQ,EAAE,YAAY;wBACtB,KAAK,EAAE,0BAA0B,GAAG,EAAE;wBACtC,qBAAqB,EAAE,gJAAgJ;wBACvK,SAAS,EAAE,QAAQ;wBACnB,YAAY,EAAE,IAAI,GAAG,qBAAqB;wBAC1C,SAAS,EAAE,UAAU;wBACrB,MAAM,EAAE,MAAM;wBACd,UAAU,EAAE,MAAM;qBACnB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,sBAAsB;IACxB,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
@@ -0,0 +1,3 @@
1
+ import type { FindingData } from "./types.js";
2
+ export declare function runDast(appUrl: string): Promise<FindingData[]>;
3
+ //# sourceMappingURL=dast.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"dast.d.ts","sourceRoot":"","sources":["../../src/engines/dast.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,WAAW,EAAY,MAAM,YAAY,CAAC;AAmExD,wBAAsB,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,CA8CpE"}
@@ -0,0 +1,167 @@
1
+ // DAST engine - Dynamic Application Security Testing via Nuclei.
2
+ // Scans deployed URLs for real vulnerabilities (SQL injection, XSS, SSRF, etc.).
3
+ // Only runs when appUrl is provided in scan params.
4
+ import { execWithTimeout } from "../utils/exec.js";
5
+ const SEVERITY_MAP = {
6
+ critical: "critical",
7
+ high: "high",
8
+ medium: "medium",
9
+ low: "low",
10
+ info: "info",
11
+ };
12
+ // Map Nuclei template tags/IDs to our vulnerability catalog
13
+ const TAG_TO_VULN_ID = {
14
+ sqli: 5,
15
+ "sql-injection": 5,
16
+ xss: 7,
17
+ ssrf: 10,
18
+ lfi: 106,
19
+ rfi: 106,
20
+ rce: 75,
21
+ "command-injection": 75,
22
+ xxe: 72,
23
+ ssti: 76,
24
+ "open-redirect": 119,
25
+ cors: 4,
26
+ csrf: 8,
27
+ idor: 1,
28
+ "path-traversal": 106,
29
+ "file-inclusion": 106,
30
+ "directory-listing": 116,
31
+ "exposed-panel": 116,
32
+ "admin-panel": 116,
33
+ misconfiguration: 4,
34
+ disclosure: 99,
35
+ "information-disclosure": 99,
36
+ "default-login": 77,
37
+ "default-credential": 77,
38
+ "weak-password": 55,
39
+ cve: 3,
40
+ token: 53,
41
+ "api-key": 53,
42
+ debug: 116,
43
+ "source-map": 49,
44
+ };
45
+ export async function runDast(appUrl) {
46
+ const args = [
47
+ "-u", appUrl,
48
+ "-jsonl",
49
+ "-severity", "critical,high,medium",
50
+ "-t", "misconfiguration/",
51
+ "-t", "exposed-panels/",
52
+ "-t", "vulnerabilities/",
53
+ "-t", "exposures/",
54
+ "-silent",
55
+ "-no-color",
56
+ "-rate-limit", "100",
57
+ "-timeout", "10",
58
+ "-retries", "1",
59
+ "-no-interactsh", // Don't use out-of-band testing service
60
+ "-disable-update-check",
61
+ ];
62
+ let stdout;
63
+ try {
64
+ const result = await execWithTimeout("nuclei", args, {
65
+ timeoutMs: 170_000, // 10s under orchestrator's 180s DAST timeout
66
+ env: { HOME: "/home/worker" }, // Nuclei needs HOME for templates
67
+ });
68
+ stdout = result.stdout;
69
+ }
70
+ catch (error) {
71
+ // Nuclei may fail for many reasons (missing binary, missing templates,
72
+ // timeout, non-zero exit). Never mark DAST as failed — just return empty.
73
+ console.warn(`[dast] Nuclei failed: ${error instanceof Error ? error.message : error}`);
74
+ return [];
75
+ }
76
+ if (!stdout.trim())
77
+ return [];
78
+ const findings = [];
79
+ for (const line of stdout.split("\n")) {
80
+ if (!line.trim())
81
+ continue;
82
+ try {
83
+ const result = JSON.parse(line);
84
+ findings.push(mapNucleiToFinding(result));
85
+ }
86
+ catch {
87
+ // Skip malformed lines
88
+ }
89
+ }
90
+ return findings;
91
+ }
92
+ function mapNucleiToFinding(result) {
93
+ const severity = SEVERITY_MAP[result.info.severity] ?? "medium";
94
+ const vulnId = resolveVulnerabilityId(result);
95
+ const tags = result.info.tags ?? [];
96
+ const cves = result.info.classification?.["cve-id"] ?? [];
97
+ const cwes = result.info.classification?.["cwe-id"] ?? [];
98
+ const technicalDetails = [
99
+ result.info.description,
100
+ cves.length > 0 ? `CVE: ${cves.join(", ")}` : "",
101
+ cwes.length > 0 ? `CWE: ${cwes.join(", ")}` : "",
102
+ result.info.reference?.length ? `References: ${result.info.reference.join(", ")}` : "",
103
+ `Matched at: ${result["matched-at"]}`,
104
+ tags.length > 0 ? `Tags: ${tags.join(", ")}` : "",
105
+ ].filter(Boolean).join("\n");
106
+ return {
107
+ vulnerability_id: vulnId,
108
+ severity,
109
+ category: "dast",
110
+ title: `[DAST] ${result.info.name}`,
111
+ description_technical: technicalDetails,
112
+ file_path: result["matched-at"],
113
+ code_snippet: result["curl-command"] ?? `Template: ${result["template-id"]}`,
114
+ owasp_ref: mapToOwasp(tags),
115
+ status: "open",
116
+ };
117
+ }
118
+ function resolveVulnerabilityId(result) {
119
+ const tags = result.info.tags ?? [];
120
+ // Check template tags first (most specific)
121
+ for (const tag of tags) {
122
+ const id = TAG_TO_VULN_ID[tag.toLowerCase()];
123
+ if (id)
124
+ return id;
125
+ }
126
+ // Check template ID for known patterns
127
+ const templateId = result["template-id"].toLowerCase();
128
+ if (templateId.includes("sqli"))
129
+ return 5;
130
+ if (templateId.includes("xss"))
131
+ return 7;
132
+ if (templateId.includes("ssrf"))
133
+ return 10;
134
+ if (templateId.includes("rce"))
135
+ return 75;
136
+ if (templateId.includes("lfi") || templateId.includes("path-traversal"))
137
+ return 106;
138
+ if (templateId.includes("redirect"))
139
+ return 119;
140
+ if (templateId.includes("cve-"))
141
+ return 3;
142
+ if (templateId.includes("panel") || templateId.includes("admin"))
143
+ return 116;
144
+ if (templateId.includes("config") || templateId.includes("misconfig"))
145
+ return 4;
146
+ // Fallback based on type
147
+ if (result.type === "http")
148
+ return 4; // Security misconfiguration
149
+ return 199; // Generic best practice
150
+ }
151
+ function mapToOwasp(tags) {
152
+ const tagSet = new Set(tags.map((t) => t.toLowerCase()));
153
+ if (tagSet.has("sqli") || tagSet.has("xss") || tagSet.has("rce") || tagSet.has("xxe") || tagSet.has("ssti"))
154
+ return "A03:2021";
155
+ if (tagSet.has("ssrf"))
156
+ return "A10:2021";
157
+ if (tagSet.has("idor") || tagSet.has("open-redirect"))
158
+ return "A01:2021";
159
+ if (tagSet.has("cve"))
160
+ return "A06:2021";
161
+ if (tagSet.has("misconfiguration") || tagSet.has("cors"))
162
+ return "A05:2021";
163
+ if (tagSet.has("default-login") || tagSet.has("default-credential"))
164
+ return "A07:2021";
165
+ return undefined;
166
+ }
167
+ //# sourceMappingURL=dast.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"dast.js","sourceRoot":"","sources":["../../src/engines/dast.ts"],"names":[],"mappings":"AAAA,iEAAiE;AACjE,iFAAiF;AACjF,oDAAoD;AAEpD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AA0BnD,MAAM,YAAY,GAA6B;IAC7C,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;IACV,IAAI,EAAE,MAAM;CACb,CAAC;AAEF,4DAA4D;AAC5D,MAAM,cAAc,GAA2B;IAC7C,IAAI,EAAE,CAAC;IACP,eAAe,EAAE,CAAC;IAClB,GAAG,EAAE,CAAC;IACN,IAAI,EAAE,EAAE;IACR,GAAG,EAAE,GAAG;IACR,GAAG,EAAE,GAAG;IACR,GAAG,EAAE,EAAE;IACP,mBAAmB,EAAE,EAAE;IACvB,GAAG,EAAE,EAAE;IACP,IAAI,EAAE,EAAE;IACR,eAAe,EAAE,GAAG;IACpB,IAAI,EAAE,CAAC;IACP,IAAI,EAAE,CAAC;IACP,IAAI,EAAE,CAAC;IACP,gBAAgB,EAAE,GAAG;IACrB,gBAAgB,EAAE,GAAG;IACrB,mBAAmB,EAAE,GAAG;IACxB,eAAe,EAAE,GAAG;IACpB,aAAa,EAAE,GAAG;IAClB,gBAAgB,EAAE,CAAC;IACnB,UAAU,EAAE,EAAE;IACd,wBAAwB,EAAE,EAAE;IAC5B,eAAe,EAAE,EAAE;IACnB,oBAAoB,EAAE,EAAE;IACxB,eAAe,EAAE,EAAE;IACnB,GAAG,EAAE,CAAC;IACN,KAAK,EAAE,EAAE;IACT,SAAS,EAAE,EAAE;IACb,KAAK,EAAE,GAAG;IACV,YAAY,EAAE,EAAE;CACjB,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,MAAc;IAC1C,MAAM,IAAI,GAAG;QACX,IAAI,EAAE,MAAM;QACZ,QAAQ;QACR,WAAW,EAAE,sBAAsB;QACnC,IAAI,EAAE,mBAAmB;QACzB,IAAI,EAAE,iBAAiB;QACvB,IAAI,EAAE,kBAAkB;QACxB,IAAI,EAAE,YAAY;QAClB,SAAS;QACT,WAAW;QACX,aAAa,EAAE,KAAK;QACpB,UAAU,EAAE,IAAI;QAChB,UAAU,EAAE,GAAG;QACf,gBAAgB,EAAE,wCAAwC;QAC1D,uBAAuB;KACxB,CAAC;IAEF,IAAI,MAAc,CAAC;IACnB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,QAAQ,EAAE,IAAI,EAAE;YACnD,SAAS,EAAE,OAAO,EAAE,6CAA6C;YACjE,GAAG,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,EAAE,kCAAkC;SAClE,CAAC,CAAC;QACH,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IACzB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,uEAAuE;QACvE,0EAA0E;QAC1E,OAAO,CAAC,IAAI,CAAC,yBAAyB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QACxF,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE;QAAE,OAAO,EAAE,CAAC;IAE9B,MAAM,QAAQ,GAAkB,EAAE,CAAC;IACnC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;YAAE,SAAS;QAC3B,IAAI,CAAC;YACH,MAAM,MAAM,GAAiB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC9C,QAAQ,CAAC,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACP,uBAAuB;QACzB,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAoB;IAC9C,MAAM,QAAQ,GAAG,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC;IAChE,MAAM,MAAM,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;IACpC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC1D,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IAE1D,MAAM,gBAAgB,GAAG;QACvB,MAAM,CAAC,IAAI,CAAC,WAAW;QACvB,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE;QAChD,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE;QAChD,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,eAAe,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE;QACtF,eAAe,MAAM,CAAC,YAAY,CAAC,EAAE;QACrC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE;KAClD,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE7B,OAAO;QACL,gBAAgB,EAAE,MAAM;QACxB,QAAQ;QACR,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,UAAU,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE;QACnC,qBAAqB,EAAE,gBAAgB;QACvC,SAAS,EAAE,MAAM,CAAC,YAAY,CAAC;QAC/B,YAAY,EAAE,MAAM,CAAC,cAAc,CAAC,IAAI,aAAa,MAAM,CAAC,aAAa,CAAC,EAAE;QAC5E,SAAS,EAAE,UAAU,CAAC,IAAI,CAAC;QAC3B,MAAM,EAAE,MAAM;KACf,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAAC,MAAoB;IAClD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;IAEpC,4CAA4C;IAC5C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,EAAE,GAAG,cAAc,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;QAC7C,IAAI,EAAE;YAAE,OAAO,EAAE,CAAC;IACpB,CAAC;IAED,uCAAuC;IACvC,MAAM,UAAU,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC,WAAW,EAAE,CAAC;IACvD,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,CAAC,CAAC;IAC1C,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IACzC,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,CAAC;IAC3C,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAC1C,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QAAE,OAAO,GAAG,CAAC;IACpF,IAAI,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,GAAG,CAAC;IAChD,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,CAAC,CAAC;IAC1C,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,GAAG,CAAC;IAC7E,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC;QAAE,OAAO,CAAC,CAAC;IAEhF,yBAAyB;IACzB,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM;QAAE,OAAO,CAAC,CAAC,CAAC,4BAA4B;IAClE,OAAO,GAAG,CAAC,CAAC,wBAAwB;AACtC,CAAC;AAED,SAAS,UAAU,CAAC,IAAc;IAChC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;IACzD,IAAI,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;QAAE,OAAO,UAAU,CAAC;IAC/H,IAAI,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;QAAE,OAAO,UAAU,CAAC;IAC1C,IAAI,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC;QAAE,OAAO,UAAU,CAAC;IACzE,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,UAAU,CAAC;IACzC,IAAI,MAAM,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;QAAE,OAAO,UAAU,CAAC;IAC5E,IAAI,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAAE,OAAO,UAAU,CAAC;IACvF,OAAO,SAAS,CAAC;AACnB,CAAC"}
@@ -0,0 +1,3 @@
1
+ import type { FindingData } from "./types.js";
2
+ export declare function analyzeDbRules(rulesInput: string, rulesType: "supabase" | "firebase" | "auto"): FindingData[];
3
+ //# sourceMappingURL=db-rules.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"db-rules.d.ts","sourceRoot":"","sources":["../../src/engines/db-rules.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C,wBAAgB,cAAc,CAC5B,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,UAAU,GAAG,UAAU,GAAG,MAAM,GAC1C,WAAW,EAAE,CAWf"}