@datahogo/core 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +661 -0
- package/README.md +17 -0
- package/dist/engines/config.d.ts +3 -0
- package/dist/engines/config.d.ts.map +1 -0
- package/dist/engines/config.js +433 -0
- package/dist/engines/config.js.map +1 -0
- package/dist/engines/dast.d.ts +3 -0
- package/dist/engines/dast.d.ts.map +1 -0
- package/dist/engines/dast.js +167 -0
- package/dist/engines/dast.js.map +1 -0
- package/dist/engines/db-rules.d.ts +3 -0
- package/dist/engines/db-rules.d.ts.map +1 -0
- package/dist/engines/db-rules.js +166 -0
- package/dist/engines/db-rules.js.map +1 -0
- package/dist/engines/dependencies.d.ts +3 -0
- package/dist/engines/dependencies.d.ts.map +1 -0
- package/dist/engines/dependencies.js +167 -0
- package/dist/engines/dependencies.js.map +1 -0
- package/dist/engines/github-actions.d.ts +3 -0
- package/dist/engines/github-actions.d.ts.map +1 -0
- package/dist/engines/github-actions.js +215 -0
- package/dist/engines/github-actions.js.map +1 -0
- package/dist/engines/gitleaks.d.ts +3 -0
- package/dist/engines/gitleaks.d.ts.map +1 -0
- package/dist/engines/gitleaks.js +107 -0
- package/dist/engines/gitleaks.js.map +1 -0
- package/dist/engines/npm-audit.d.ts +3 -0
- package/dist/engines/npm-audit.d.ts.map +1 -0
- package/dist/engines/npm-audit.js +113 -0
- package/dist/engines/npm-audit.js.map +1 -0
- package/dist/engines/patterns.d.ts +3 -0
- package/dist/engines/patterns.d.ts.map +1 -0
- package/dist/engines/patterns.js +1330 -0
- package/dist/engines/patterns.js.map +1 -0
- package/dist/engines/secrets.d.ts +4 -0
- package/dist/engines/secrets.d.ts.map +1 -0
- package/dist/engines/secrets.js +260 -0
- package/dist/engines/secrets.js.map +1 -0
- package/dist/engines/semgrep.d.ts +3 -0
- package/dist/engines/semgrep.d.ts.map +1 -0
- package/dist/engines/semgrep.js +173 -0
- package/dist/engines/semgrep.js.map +1 -0
- package/dist/engines/types.d.ts +30 -0
- package/dist/engines/types.d.ts.map +1 -0
- package/dist/engines/types.js +3 -0
- package/dist/engines/types.js.map +1 -0
- package/dist/engines/url-scanner.d.ts +3 -0
- package/dist/engines/url-scanner.d.ts.map +1 -0
- package/dist/engines/url-scanner.js +469 -0
- package/dist/engines/url-scanner.js.map +1 -0
- package/dist/index.d.ts +8 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +8 -0
- package/dist/index.js.map +1 -0
- package/dist/orchestrator.d.ts +32 -0
- package/dist/orchestrator.d.ts.map +1 -0
- package/dist/orchestrator.js +237 -0
- package/dist/orchestrator.js.map +1 -0
- package/dist/rules/.gitkeep +0 -0
- package/dist/rules/ai-llm-security.yaml +199 -0
- package/dist/rules/api-security.yaml +489 -0
- package/dist/rules/auth-patterns.yaml +406 -0
- package/dist/rules/crypto-patterns.yaml +227 -0
- package/dist/rules/database-cloud-security.yaml +169 -0
- package/dist/rules/general-security.yaml +588 -0
- package/dist/rules/injection-patterns.yaml +318 -0
- package/dist/rules/nextjs-security.yaml +532 -0
- package/dist/rules/node-security.yaml +380 -0
- package/dist/rules/rules/.gitkeep +0 -0
- package/dist/rules/rules/ai-llm-security.yaml +199 -0
- package/dist/rules/rules/api-security.yaml +489 -0
- package/dist/rules/rules/auth-patterns.yaml +406 -0
- package/dist/rules/rules/crypto-patterns.yaml +227 -0
- package/dist/rules/rules/database-cloud-security.yaml +169 -0
- package/dist/rules/rules/general-security.yaml +588 -0
- package/dist/rules/rules/injection-patterns.yaml +318 -0
- package/dist/rules/rules/nextjs-security.yaml +532 -0
- package/dist/rules/rules/node-security.yaml +380 -0
- package/dist/rules/rules/supabase-security.yaml +387 -0
- package/dist/rules/supabase-security.yaml +387 -0
- package/dist/scanning/agents/csharp-agent.d.ts +12 -0
- package/dist/scanning/agents/csharp-agent.d.ts.map +1 -0
- package/dist/scanning/agents/csharp-agent.js +592 -0
- package/dist/scanning/agents/csharp-agent.js.map +1 -0
- package/dist/scanning/agents/go-agent.d.ts +14 -0
- package/dist/scanning/agents/go-agent.d.ts.map +1 -0
- package/dist/scanning/agents/go-agent.js +641 -0
- package/dist/scanning/agents/go-agent.js.map +1 -0
- package/dist/scanning/agents/java-agent.d.ts +8 -0
- package/dist/scanning/agents/java-agent.d.ts.map +1 -0
- package/dist/scanning/agents/java-agent.js +807 -0
- package/dist/scanning/agents/java-agent.js.map +1 -0
- package/dist/scanning/agents/javascript-agent.d.ts +8 -0
- package/dist/scanning/agents/javascript-agent.d.ts.map +1 -0
- package/dist/scanning/agents/javascript-agent.js +77 -0
- package/dist/scanning/agents/javascript-agent.js.map +1 -0
- package/dist/scanning/agents/mobile-agent.d.ts +8 -0
- package/dist/scanning/agents/mobile-agent.d.ts.map +1 -0
- package/dist/scanning/agents/mobile-agent.js +916 -0
- package/dist/scanning/agents/mobile-agent.js.map +1 -0
- package/dist/scanning/agents/php-agent.d.ts +8 -0
- package/dist/scanning/agents/php-agent.d.ts.map +1 -0
- package/dist/scanning/agents/php-agent.js +679 -0
- package/dist/scanning/agents/php-agent.js.map +1 -0
- package/dist/scanning/agents/python-agent.d.ts +8 -0
- package/dist/scanning/agents/python-agent.d.ts.map +1 -0
- package/dist/scanning/agents/python-agent.js +701 -0
- package/dist/scanning/agents/python-agent.js.map +1 -0
- package/dist/scanning/agents/supabase-agent.d.ts +8 -0
- package/dist/scanning/agents/supabase-agent.d.ts.map +1 -0
- package/dist/scanning/agents/supabase-agent.js +484 -0
- package/dist/scanning/agents/supabase-agent.js.map +1 -0
- package/dist/scanning/orchestrator.d.ts +29 -0
- package/dist/scanning/orchestrator.d.ts.map +1 -0
- package/dist/scanning/orchestrator.js +186 -0
- package/dist/scanning/orchestrator.js.map +1 -0
- package/dist/scanning/tech-detector.d.ts +12 -0
- package/dist/scanning/tech-detector.d.ts.map +1 -0
- package/dist/scanning/tech-detector.js +252 -0
- package/dist/scanning/tech-detector.js.map +1 -0
- package/dist/scanning/types.d.ts +87 -0
- package/dist/scanning/types.d.ts.map +1 -0
- package/dist/scanning/types.js +5 -0
- package/dist/scanning/types.js.map +1 -0
- package/dist/utils/child-process.d.ts +2 -0
- package/dist/utils/child-process.d.ts.map +1 -0
- package/dist/utils/child-process.js +4 -0
- package/dist/utils/child-process.js.map +1 -0
- package/dist/utils/context-classifier.d.ts +11 -0
- package/dist/utils/context-classifier.d.ts.map +1 -0
- package/dist/utils/context-classifier.js +79 -0
- package/dist/utils/context-classifier.js.map +1 -0
- package/dist/utils/exec.d.ts +18 -0
- package/dist/utils/exec.d.ts.map +1 -0
- package/dist/utils/exec.js +51 -0
- package/dist/utils/exec.js.map +1 -0
- package/dist/utils/file-filter.d.ts +4 -0
- package/dist/utils/file-filter.d.ts.map +1 -0
- package/dist/utils/file-filter.js +68 -0
- package/dist/utils/file-filter.js.map +1 -0
- package/dist/utils/fs.d.ts +2 -0
- package/dist/utils/fs.d.ts.map +1 -0
- package/dist/utils/fs.js +5 -0
- package/dist/utils/fs.js.map +1 -0
- package/dist/utils/logger.d.ts +12 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/logger.js +27 -0
- package/dist/utils/logger.js.map +1 -0
- package/dist/utils/post-processor.d.ts +10 -0
- package/dist/utils/post-processor.d.ts.map +1 -0
- package/dist/utils/post-processor.js +183 -0
- package/dist/utils/post-processor.js.map +1 -0
- package/package.json +44 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/engines/config.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C,wBAAgB,aAAa,CAC3B,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GACzB,WAAW,EAAE,CA8Bf"}
|
|
@@ -0,0 +1,433 @@
|
|
|
1
|
+
// Config analyzer engine - checks configuration files for security issues
|
|
2
|
+
// Analyzes: Dockerfile, next.config, package.json, .gitignore, etc.
|
|
3
|
+
export function analyzeConfig(files) {
|
|
4
|
+
const findings = [];
|
|
5
|
+
for (const [filePath, content] of files) {
|
|
6
|
+
const fileName = filePath.split("/").pop() || "";
|
|
7
|
+
if (fileName === "Dockerfile" || fileName.endsWith(".dockerfile")) {
|
|
8
|
+
findings.push(...analyzeDockerfile(content, filePath));
|
|
9
|
+
}
|
|
10
|
+
if (fileName === "next.config.js" || fileName === "next.config.ts" || fileName === "next.config.mjs") {
|
|
11
|
+
findings.push(...analyzeNextConfig(content, filePath));
|
|
12
|
+
}
|
|
13
|
+
if (fileName === "package.json" && !filePath.includes("node_modules")) {
|
|
14
|
+
findings.push(...analyzePackageJson(content, filePath));
|
|
15
|
+
}
|
|
16
|
+
if (fileName === ".gitignore") {
|
|
17
|
+
findings.push(...analyzeGitignore(content, filePath, files));
|
|
18
|
+
}
|
|
19
|
+
if (fileName === "docker-compose.yml" || fileName === "docker-compose.yaml") {
|
|
20
|
+
findings.push(...analyzeDockerCompose(content, filePath));
|
|
21
|
+
}
|
|
22
|
+
if (fileName === "tsconfig.json" && !filePath.includes("node_modules")) {
|
|
23
|
+
findings.push(...analyzeTsConfig(content, filePath));
|
|
24
|
+
}
|
|
25
|
+
if (fileName === "vercel.json") {
|
|
26
|
+
findings.push(...analyzeVercelConfig(content, filePath));
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
return findings;
|
|
30
|
+
}
|
|
31
|
+
function analyzeDockerfile(content, filePath) {
|
|
32
|
+
const findings = [];
|
|
33
|
+
const lines = content.split("\n");
|
|
34
|
+
// Check for running as root (no USER instruction)
|
|
35
|
+
// Skip if FROM scratch or distroless (no shell, USER is irrelevant)
|
|
36
|
+
const baseImage = lines.find((l) => /^FROM\s+/i.test(l.trim()));
|
|
37
|
+
const isMinimalImage = baseImage && /(?:scratch|distroless|busybox)/i.test(baseImage);
|
|
38
|
+
const hasUserInstruction = lines.some((l) => /^USER\s+/i.test(l.trim()));
|
|
39
|
+
if (!hasUserInstruction && !isMinimalImage) {
|
|
40
|
+
findings.push({
|
|
41
|
+
vulnerability_id: 148,
|
|
42
|
+
severity: "medium",
|
|
43
|
+
category: "docker",
|
|
44
|
+
title: "Container Running as Root",
|
|
45
|
+
file_path: filePath,
|
|
46
|
+
code_snippet: "# No USER instruction found in Dockerfile",
|
|
47
|
+
owasp_ref: "A05:2021",
|
|
48
|
+
status: "open",
|
|
49
|
+
confidence: "low",
|
|
50
|
+
});
|
|
51
|
+
}
|
|
52
|
+
// Check for latest tag
|
|
53
|
+
for (let i = 0; i < lines.length; i++) {
|
|
54
|
+
const line = lines[i].trim();
|
|
55
|
+
if (/^FROM\s+\S+:latest/i.test(line)) {
|
|
56
|
+
findings.push({
|
|
57
|
+
vulnerability_id: 149,
|
|
58
|
+
severity: "low",
|
|
59
|
+
category: "docker",
|
|
60
|
+
title: "Using :latest Tag in Dockerfile",
|
|
61
|
+
file_path: filePath,
|
|
62
|
+
line_number: i + 1,
|
|
63
|
+
code_snippet: line,
|
|
64
|
+
status: "open",
|
|
65
|
+
confidence: "medium",
|
|
66
|
+
});
|
|
67
|
+
}
|
|
68
|
+
// Check for secrets in Dockerfile — skip if value references build arg or env var
|
|
69
|
+
if (/^(?:ENV|ARG)\s+(?:.*(?:PASSWORD|SECRET|KEY|TOKEN|PRIVATE))/i.test(line)) {
|
|
70
|
+
const hasHardcodedValue = /[=]\s*[^$\s{][^\s]+/.test(line);
|
|
71
|
+
findings.push({
|
|
72
|
+
vulnerability_id: 150,
|
|
73
|
+
severity: hasHardcodedValue ? "critical" : "medium",
|
|
74
|
+
category: "docker",
|
|
75
|
+
title: "Secrets in Dockerfile ENV/ARG",
|
|
76
|
+
file_path: filePath,
|
|
77
|
+
line_number: i + 1,
|
|
78
|
+
code_snippet: line,
|
|
79
|
+
status: "open",
|
|
80
|
+
confidence: hasHardcodedValue ? "high" : "low",
|
|
81
|
+
});
|
|
82
|
+
}
|
|
83
|
+
// Check for COPY .env — skip .env.example, .env.template, .env.sample
|
|
84
|
+
if (/^COPY\s+.*\.env(?!\.example|\.template|\.sample)/i.test(line)) {
|
|
85
|
+
findings.push({
|
|
86
|
+
vulnerability_id: 150,
|
|
87
|
+
severity: "critical",
|
|
88
|
+
category: "docker",
|
|
89
|
+
title: "Copying .env File into Docker Image",
|
|
90
|
+
file_path: filePath,
|
|
91
|
+
line_number: i + 1,
|
|
92
|
+
code_snippet: line,
|
|
93
|
+
status: "open",
|
|
94
|
+
confidence: "high",
|
|
95
|
+
});
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
// Check for HEALTHCHECK
|
|
99
|
+
const hasHealthcheck = lines.some((l) => /^HEALTHCHECK/i.test(l.trim()));
|
|
100
|
+
if (!hasHealthcheck) {
|
|
101
|
+
findings.push({
|
|
102
|
+
vulnerability_id: 152,
|
|
103
|
+
severity: "low",
|
|
104
|
+
category: "docker",
|
|
105
|
+
title: "No HEALTHCHECK in Dockerfile",
|
|
106
|
+
file_path: filePath,
|
|
107
|
+
code_snippet: "# No HEALTHCHECK instruction found",
|
|
108
|
+
status: "open",
|
|
109
|
+
confidence: "low",
|
|
110
|
+
});
|
|
111
|
+
}
|
|
112
|
+
return findings;
|
|
113
|
+
}
|
|
114
|
+
function analyzeNextConfig(content, filePath) {
|
|
115
|
+
const findings = [];
|
|
116
|
+
const lines = content.split("\n");
|
|
117
|
+
for (let i = 0; i < lines.length; i++) {
|
|
118
|
+
const line = lines[i];
|
|
119
|
+
// Check for exposed source maps
|
|
120
|
+
if (/productionBrowserSourceMaps\s*:\s*true/i.test(line)) {
|
|
121
|
+
findings.push({
|
|
122
|
+
vulnerability_id: 49,
|
|
123
|
+
severity: "medium",
|
|
124
|
+
category: "react-nextjs",
|
|
125
|
+
title: "Source Maps Exposed in Production",
|
|
126
|
+
file_path: filePath,
|
|
127
|
+
line_number: i + 1,
|
|
128
|
+
code_snippet: line.trim(),
|
|
129
|
+
status: "open",
|
|
130
|
+
confidence: "high",
|
|
131
|
+
});
|
|
132
|
+
}
|
|
133
|
+
// Check for permissive headers/CORS
|
|
134
|
+
if (/Access-Control-Allow-Origin.*\*/i.test(line)) {
|
|
135
|
+
findings.push({
|
|
136
|
+
vulnerability_id: 50,
|
|
137
|
+
severity: "medium",
|
|
138
|
+
category: "react-nextjs",
|
|
139
|
+
title: "Open CORS in Next.js Config",
|
|
140
|
+
file_path: filePath,
|
|
141
|
+
line_number: i + 1,
|
|
142
|
+
code_snippet: line.trim(),
|
|
143
|
+
status: "open",
|
|
144
|
+
confidence: "high",
|
|
145
|
+
});
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
// Check if poweredByHeader is explicitly disabled
|
|
149
|
+
if (!content.includes("poweredByHeader") || !/poweredByHeader\s*:\s*false/.test(content)) {
|
|
150
|
+
findings.push({
|
|
151
|
+
vulnerability_id: 4,
|
|
152
|
+
severity: "low",
|
|
153
|
+
category: "react-nextjs",
|
|
154
|
+
title: "X-Powered-By Header Not Disabled",
|
|
155
|
+
file_path: filePath,
|
|
156
|
+
code_snippet: "// Missing: poweredByHeader: false in next.config",
|
|
157
|
+
fix_description: "Add poweredByHeader: false to your next.config to prevent disclosing Next.js",
|
|
158
|
+
owasp_ref: "A05:2021",
|
|
159
|
+
status: "open",
|
|
160
|
+
confidence: "medium",
|
|
161
|
+
});
|
|
162
|
+
}
|
|
163
|
+
return findings;
|
|
164
|
+
}
|
|
165
|
+
function analyzePackageJson(content, filePath) {
|
|
166
|
+
const findings = [];
|
|
167
|
+
try {
|
|
168
|
+
const pkg = JSON.parse(content);
|
|
169
|
+
// Check for suspicious install scripts
|
|
170
|
+
if (pkg.scripts) {
|
|
171
|
+
const suspiciousScripts = ["preinstall", "postinstall", "install"];
|
|
172
|
+
for (const script of suspiciousScripts) {
|
|
173
|
+
const value = pkg.scripts[script];
|
|
174
|
+
if (value && (/curl|wget|bash|sh\s+-c|eval|exec/i.test(value))) {
|
|
175
|
+
findings.push({
|
|
176
|
+
vulnerability_id: 139,
|
|
177
|
+
severity: "high",
|
|
178
|
+
category: "supply-chain",
|
|
179
|
+
title: "Suspicious Install Script in package.json",
|
|
180
|
+
file_path: filePath,
|
|
181
|
+
code_snippet: `"${script}": "${value}"`,
|
|
182
|
+
status: "open",
|
|
183
|
+
confidence: "medium",
|
|
184
|
+
});
|
|
185
|
+
}
|
|
186
|
+
}
|
|
187
|
+
}
|
|
188
|
+
}
|
|
189
|
+
catch {
|
|
190
|
+
// Invalid JSON - not a security issue per se
|
|
191
|
+
}
|
|
192
|
+
return findings;
|
|
193
|
+
}
|
|
194
|
+
function analyzeGitignore(content, filePath, allFiles) {
|
|
195
|
+
const findings = [];
|
|
196
|
+
const lines = content.split("\n").map((l) => l.trim());
|
|
197
|
+
// Check if .env is ignored
|
|
198
|
+
const hasEnvIgnore = lines.some((l) => l === ".env" || l === ".env*" || l === ".env.local");
|
|
199
|
+
if (!hasEnvIgnore) {
|
|
200
|
+
findings.push({
|
|
201
|
+
vulnerability_id: 168,
|
|
202
|
+
severity: "medium",
|
|
203
|
+
category: "config",
|
|
204
|
+
title: "Inadequate .gitignore - Missing .env",
|
|
205
|
+
file_path: filePath,
|
|
206
|
+
code_snippet: "# .env is not listed in .gitignore",
|
|
207
|
+
status: "open",
|
|
208
|
+
confidence: "high",
|
|
209
|
+
});
|
|
210
|
+
}
|
|
211
|
+
// Check if .env.example exists
|
|
212
|
+
if (!allFiles.has(".env.example")) {
|
|
213
|
+
findings.push({
|
|
214
|
+
vulnerability_id: 165,
|
|
215
|
+
severity: "low",
|
|
216
|
+
category: "config",
|
|
217
|
+
title: "No .env.example File",
|
|
218
|
+
code_snippet: "Project is missing .env.example for documenting required env vars",
|
|
219
|
+
status: "open",
|
|
220
|
+
confidence: "low",
|
|
221
|
+
});
|
|
222
|
+
}
|
|
223
|
+
// Check if lockfile exists
|
|
224
|
+
const hasLockfile = allFiles.has("package-lock.json") ||
|
|
225
|
+
allFiles.has("yarn.lock") ||
|
|
226
|
+
allFiles.has("pnpm-lock.yaml");
|
|
227
|
+
if (allFiles.has("package.json") && !hasLockfile) {
|
|
228
|
+
findings.push({
|
|
229
|
+
vulnerability_id: 141,
|
|
230
|
+
severity: "medium",
|
|
231
|
+
category: "supply-chain",
|
|
232
|
+
title: "Missing Lockfile",
|
|
233
|
+
code_snippet: "No package-lock.json, yarn.lock, or pnpm-lock.yaml found",
|
|
234
|
+
status: "open",
|
|
235
|
+
confidence: "high",
|
|
236
|
+
});
|
|
237
|
+
}
|
|
238
|
+
return findings;
|
|
239
|
+
}
|
|
240
|
+
function analyzeDockerCompose(content, filePath) {
|
|
241
|
+
const findings = [];
|
|
242
|
+
const lines = content.split("\n");
|
|
243
|
+
for (let i = 0; i < lines.length; i++) {
|
|
244
|
+
const line = lines[i];
|
|
245
|
+
// Privileged mode
|
|
246
|
+
if (/privileged\s*:\s*true/i.test(line)) {
|
|
247
|
+
findings.push({
|
|
248
|
+
vulnerability_id: 148,
|
|
249
|
+
severity: "critical",
|
|
250
|
+
category: "docker",
|
|
251
|
+
title: "Docker Compose: Privileged Container",
|
|
252
|
+
description_technical: "Container runs in privileged mode, giving it full host access",
|
|
253
|
+
file_path: filePath,
|
|
254
|
+
line_number: i + 1,
|
|
255
|
+
code_snippet: line.trim(),
|
|
256
|
+
status: "open",
|
|
257
|
+
confidence: "high",
|
|
258
|
+
});
|
|
259
|
+
}
|
|
260
|
+
// Dangerous volume mounts
|
|
261
|
+
if (/volumes:/.test(line)) {
|
|
262
|
+
const nextLines = lines.slice(i + 1, i + 10).join("\n");
|
|
263
|
+
if (/["']?\/?(?:var\/run\/docker\.sock|\/etc|\/root|\/proc|\/sys)/.test(nextLines)) {
|
|
264
|
+
findings.push({
|
|
265
|
+
vulnerability_id: 148,
|
|
266
|
+
severity: "high",
|
|
267
|
+
category: "docker",
|
|
268
|
+
title: "Docker Compose: Sensitive Volume Mount",
|
|
269
|
+
description_technical: "Container mounts a sensitive host path (docker.sock, /etc, /root, /proc, /sys)",
|
|
270
|
+
file_path: filePath,
|
|
271
|
+
line_number: i + 1,
|
|
272
|
+
code_snippet: lines.slice(i, i + 4).join("\n"),
|
|
273
|
+
status: "open",
|
|
274
|
+
confidence: "high",
|
|
275
|
+
});
|
|
276
|
+
}
|
|
277
|
+
}
|
|
278
|
+
// Database without password
|
|
279
|
+
if (/(?:POSTGRES_PASSWORD|MYSQL_ROOT_PASSWORD|MONGO_INITDB_ROOT_PASSWORD)\s*:\s*["']?\s*["']?$/i.test(line)) {
|
|
280
|
+
findings.push({
|
|
281
|
+
vulnerability_id: 101,
|
|
282
|
+
severity: "critical",
|
|
283
|
+
category: "database",
|
|
284
|
+
title: "Docker Compose: Database Without Password",
|
|
285
|
+
file_path: filePath,
|
|
286
|
+
line_number: i + 1,
|
|
287
|
+
code_snippet: line.trim(),
|
|
288
|
+
status: "open",
|
|
289
|
+
confidence: "high",
|
|
290
|
+
});
|
|
291
|
+
}
|
|
292
|
+
// Default database credentials
|
|
293
|
+
if (/(?:POSTGRES_PASSWORD|MYSQL_ROOT_PASSWORD|MONGO_INITDB_ROOT_PASSWORD)\s*:\s*["']?(?:postgres|root|admin|password|secret|test|123456|changeme)["']?\s*$/i.test(line)) {
|
|
294
|
+
findings.push({
|
|
295
|
+
vulnerability_id: 101,
|
|
296
|
+
severity: "critical",
|
|
297
|
+
category: "database-connection",
|
|
298
|
+
title: "Docker Compose: Default Database Credentials",
|
|
299
|
+
description_technical: "Database uses default/weak credentials. Use strong, unique passwords via secrets management.",
|
|
300
|
+
file_path: filePath,
|
|
301
|
+
line_number: i + 1,
|
|
302
|
+
code_snippet: line.trim().replace(/:\s*["']?(.*)["']?/, ": ***REDACTED***"),
|
|
303
|
+
status: "open",
|
|
304
|
+
confidence: "high",
|
|
305
|
+
});
|
|
306
|
+
}
|
|
307
|
+
// Database port exposed to host without restriction
|
|
308
|
+
if (/ports:/.test(line)) {
|
|
309
|
+
const nextLines = lines.slice(i + 1, i + 5).join("\n");
|
|
310
|
+
if (/["']?(?:0\.0\.0\.0:)?(?:5432|3306|27017|6379|9200|9300|5984):/.test(nextLines)) {
|
|
311
|
+
findings.push({
|
|
312
|
+
vulnerability_id: 148,
|
|
313
|
+
severity: "high",
|
|
314
|
+
category: "database-connection",
|
|
315
|
+
title: "Docker Compose: Database Port Exposed to Host",
|
|
316
|
+
description_technical: "Database port is mapped to the host. In production, databases should only be accessible via internal network.",
|
|
317
|
+
file_path: filePath,
|
|
318
|
+
line_number: i + 1,
|
|
319
|
+
code_snippet: lines.slice(i, i + 3).join("\n"),
|
|
320
|
+
status: "open",
|
|
321
|
+
confidence: "medium",
|
|
322
|
+
});
|
|
323
|
+
}
|
|
324
|
+
}
|
|
325
|
+
// Redis without password
|
|
326
|
+
if (/redis/i.test(line) && i > 0) {
|
|
327
|
+
const serviceBlock = lines.slice(Math.max(0, i - 5), i + 15).join("\n");
|
|
328
|
+
if (/image\s*:\s*["']?redis/i.test(serviceBlock) && !/requirepass|--requirepass|REDIS_PASSWORD/i.test(serviceBlock)) {
|
|
329
|
+
if (/command|entrypoint/i.test(line) === false && /image\s*:\s*["']?redis/i.test(line)) {
|
|
330
|
+
findings.push({
|
|
331
|
+
vulnerability_id: 101,
|
|
332
|
+
severity: "high",
|
|
333
|
+
category: "database-connection",
|
|
334
|
+
title: "Docker Compose: Redis Without Password",
|
|
335
|
+
description_technical: "Redis service has no password configured. Use --requirepass or REDIS_PASSWORD.",
|
|
336
|
+
file_path: filePath,
|
|
337
|
+
line_number: i + 1,
|
|
338
|
+
code_snippet: line.trim(),
|
|
339
|
+
status: "open",
|
|
340
|
+
confidence: "medium",
|
|
341
|
+
});
|
|
342
|
+
}
|
|
343
|
+
}
|
|
344
|
+
}
|
|
345
|
+
// network_mode: host
|
|
346
|
+
if (/network_mode\s*:\s*["']?host/i.test(line)) {
|
|
347
|
+
findings.push({
|
|
348
|
+
vulnerability_id: 148,
|
|
349
|
+
severity: "medium",
|
|
350
|
+
category: "docker",
|
|
351
|
+
title: "Docker Compose: Host Network Mode",
|
|
352
|
+
description_technical: "Container uses host networking, bypassing Docker network isolation",
|
|
353
|
+
file_path: filePath,
|
|
354
|
+
line_number: i + 1,
|
|
355
|
+
code_snippet: line.trim(),
|
|
356
|
+
status: "open",
|
|
357
|
+
confidence: "medium",
|
|
358
|
+
});
|
|
359
|
+
}
|
|
360
|
+
}
|
|
361
|
+
return findings;
|
|
362
|
+
}
|
|
363
|
+
function analyzeTsConfig(content, filePath) {
|
|
364
|
+
const findings = [];
|
|
365
|
+
try {
|
|
366
|
+
const config = JSON.parse(content);
|
|
367
|
+
const compilerOptions = config.compilerOptions || {};
|
|
368
|
+
if (compilerOptions.strict === false) {
|
|
369
|
+
findings.push({
|
|
370
|
+
vulnerability_id: 166,
|
|
371
|
+
severity: "low",
|
|
372
|
+
category: "config",
|
|
373
|
+
title: "TypeScript Strict Mode Disabled",
|
|
374
|
+
description_technical: "tsconfig.json has strict: false. Strict mode catches many potential bugs at compile time.",
|
|
375
|
+
file_path: filePath,
|
|
376
|
+
code_snippet: '"strict": false',
|
|
377
|
+
status: "open",
|
|
378
|
+
confidence: "medium",
|
|
379
|
+
});
|
|
380
|
+
}
|
|
381
|
+
if (!compilerOptions.strict && compilerOptions.noImplicitAny === false) {
|
|
382
|
+
findings.push({
|
|
383
|
+
vulnerability_id: 166,
|
|
384
|
+
severity: "low",
|
|
385
|
+
category: "config",
|
|
386
|
+
title: "TypeScript noImplicitAny Disabled",
|
|
387
|
+
description_technical: "noImplicitAny is false, allowing implicit 'any' types which bypass type safety.",
|
|
388
|
+
file_path: filePath,
|
|
389
|
+
code_snippet: '"noImplicitAny": false',
|
|
390
|
+
status: "open",
|
|
391
|
+
confidence: "medium",
|
|
392
|
+
});
|
|
393
|
+
}
|
|
394
|
+
}
|
|
395
|
+
catch {
|
|
396
|
+
// Invalid JSON - skip
|
|
397
|
+
}
|
|
398
|
+
return findings;
|
|
399
|
+
}
|
|
400
|
+
function analyzeVercelConfig(content, filePath) {
|
|
401
|
+
const findings = [];
|
|
402
|
+
try {
|
|
403
|
+
const config = JSON.parse(content);
|
|
404
|
+
// Check for env vars with secret-looking values
|
|
405
|
+
if (config.env) {
|
|
406
|
+
for (const [key, value] of Object.entries(config.env)) {
|
|
407
|
+
if (typeof value === "string" &&
|
|
408
|
+
/(?:KEY|SECRET|TOKEN|PASSWORD|PRIVATE)/i.test(key) &&
|
|
409
|
+
value.length > 10 &&
|
|
410
|
+
!value.startsWith("@") // Vercel secret references start with @
|
|
411
|
+
) {
|
|
412
|
+
findings.push({
|
|
413
|
+
vulnerability_id: 53,
|
|
414
|
+
severity: "critical",
|
|
415
|
+
category: "vibecoding",
|
|
416
|
+
title: `Secret in vercel.json: ${key}`,
|
|
417
|
+
description_technical: "Environment variable with secret-looking value is hardcoded in vercel.json. Use Vercel Environment Variables UI or @secret references instead.",
|
|
418
|
+
file_path: filePath,
|
|
419
|
+
code_snippet: `"${key}": "***REDACTED***"`,
|
|
420
|
+
owasp_ref: "A07:2021",
|
|
421
|
+
status: "open",
|
|
422
|
+
confidence: "high",
|
|
423
|
+
});
|
|
424
|
+
}
|
|
425
|
+
}
|
|
426
|
+
}
|
|
427
|
+
}
|
|
428
|
+
catch {
|
|
429
|
+
// Invalid JSON - skip
|
|
430
|
+
}
|
|
431
|
+
return findings;
|
|
432
|
+
}
|
|
433
|
+
//# sourceMappingURL=config.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/engines/config.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,oEAAoE;AAIpE,MAAM,UAAU,aAAa,CAC3B,KAA0B;IAE1B,MAAM,QAAQ,GAAkB,EAAE,CAAC;IAEnC,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,KAAK,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;QAEjD,IAAI,QAAQ,KAAK,YAAY,IAAI,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YAClE,QAAQ,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QACzD,CAAC;QACD,IAAI,QAAQ,KAAK,gBAAgB,IAAI,QAAQ,KAAK,gBAAgB,IAAI,QAAQ,KAAK,iBAAiB,EAAE,CAAC;YACrG,QAAQ,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QACzD,CAAC;QACD,IAAI,QAAQ,KAAK,cAAc,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACtE,QAAQ,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC1D,CAAC;QACD,IAAI,QAAQ,KAAK,YAAY,EAAE,CAAC;YAC9B,QAAQ,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;QAC/D,CAAC;QACD,IAAI,QAAQ,KAAK,oBAAoB,IAAI,QAAQ,KAAK,qBAAqB,EAAE,CAAC;YAC5E,QAAQ,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,QAAQ,KAAK,eAAe,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACvE,QAAQ,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,QAAQ,KAAK,aAAa,EAAE,CAAC;YAC/B,QAAQ,CAAC,IAAI,CAAC,GAAG,mBAAmB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,iBAAiB,CAAC,OAAe,EAAE,QAAgB;IAC1D,MAAM,QAAQ,GAAkB,EAAE,CAAC;IACnC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,kDAAkD;IAClD,oEAAoE;IACpE,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAChE,MAAM,cAAc,GAAG,SAAS,IAAI,iCAAiC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACtF,MAAM,kBAAkB,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC1C,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAC3B,CAAC;IACF,IAAI,CAAC,kBAAkB,IAAI,CAAC,cAAc,EAAE,CAAC;QAC3C,QAAQ,CAAC,IAAI,CAAC;YACZ,gBAAgB,EAAE,GAAG;YACrB,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,2BAA2B;YAClC,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE,2CAA2C;YACzD,SAAS,EAAE,UAAU;YACrB,MAAM,EAAE,MAAM;YACd,UAAU,EAAE,KAAK;SAClB,CAAC,CAAC;IACL,CAAC;IAED,uBAAuB;IACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACrC,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,GAAG;gBACrB,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,iCAAiC;gBACxC,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;gBAClB,YAAY,EAAE,IAAI;gBAClB,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,QAAQ;aACrB,CAAC,CAAC;QACL,CAAC;QAED,kFAAkF;QAClF,IAAI,6DAA6D,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7E,MAAM,iBAAiB,GAAG,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC3D,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,GAAG;gBACrB,QAAQ,EAAE,iBAAiB,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ;gBACnD,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,+BAA+B;gBACtC,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;gBAClB,YAAY,EAAE,IAAI;gBAClB,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,iBAAiB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK;aAC/C,CAAC,CAAC;QACL,CAAC;QAED,sEAAsE;QACtE,IAAI,mDAAmD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnE,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,GAAG;gBACrB,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,qCAAqC;gBAC5C,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;gBAClB,YAAY,EAAE,IAAI;gBAClB,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACtC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAC/B,CAAC;IACF,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,QAAQ,CAAC,IAAI,CAAC;YACZ,gBAAgB,EAAE,GAAG;YACrB,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,8BAA8B;YACrC,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE,oCAAoC;YAClD,MAAM,EAAE,MAAM;YACd,UAAU,EAAE,KAAK;SAClB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,iBAAiB,CAAC,OAAe,EAAE,QAAgB;IAC1D,MAAM,QAAQ,GAAkB,EAAE,CAAC;IACnC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,gCAAgC;QAChC,IAAI,yCAAyC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACzD,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,EAAE;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,cAAc;gBACxB,KAAK,EAAE,mCAAmC;gBAC1C,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;gBAClB,YAAY,EAAE,IAAI,CAAC,IAAI,EAAE;gBACzB,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;QAED,oCAAoC;QACpC,IAAI,kCAAkC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAClD,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,EAAE;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,cAAc;gBACxB,KAAK,EAAE,6BAA6B;gBACpC,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;gBAClB,YAAY,EAAE,IAAI,CAAC,IAAI,EAAE;gBACzB,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACzF,QAAQ,CAAC,IAAI,CAAC;YACZ,gBAAgB,EAAE,CAAC;YACnB,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,cAAc;YACxB,KAAK,EAAE,kCAAkC;YACzC,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE,mDAAmD;YACjE,eAAe,EAAE,8EAA8E;YAC/F,SAAS,EAAE,UAAU;YACrB,MAAM,EAAE,MAAM;YACd,UAAU,EAAE,QAAQ;SACrB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAe,EAAE,QAAgB;IAC3D,MAAM,QAAQ,GAAkB,EAAE,CAAC;IAEnC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAEhC,uCAAuC;QACvC,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,MAAM,iBAAiB,GAAG,CAAC,YAAY,EAAE,aAAa,EAAE,SAAS,CAAC,CAAC;YACnE,KAAK,MAAM,MAAM,IAAI,iBAAiB,EAAE,CAAC;gBACvC,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBAClC,IAAI,KAAK,IAAI,CAAC,mCAAmC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;oBAC/D,QAAQ,CAAC,IAAI,CAAC;wBACZ,gBAAgB,EAAE,GAAG;wBACrB,QAAQ,EAAE,MAAM;wBAChB,QAAQ,EAAE,cAAc;wBACxB,KAAK,EAAE,2CAA2C;wBAClD,SAAS,EAAE,QAAQ;wBACnB,YAAY,EAAE,IAAI,MAAM,OAAO,KAAK,GAAG;wBACvC,MAAM,EAAE,MAAM;wBACd,UAAU,EAAE,QAAQ;qBACrB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IAEH,CAAC;IAAC,MAAM,CAAC;QACP,6CAA6C;IAC/C,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CACvB,OAAe,EACf,QAAgB,EAChB,QAA6B;IAE7B,MAAM,QAAQ,GAAkB,EAAE,CAAC;IACnC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAEvD,2BAA2B;IAC3B,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAC7B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,OAAO,IAAI,CAAC,KAAK,YAAY,CAC3D,CAAC;IACF,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,QAAQ,CAAC,IAAI,CAAC;YACZ,gBAAgB,EAAE,GAAG;YACrB,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,sCAAsC;YAC7C,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE,oCAAoC;YAClD,MAAM,EAAE,MAAM;YACd,UAAU,EAAE,MAAM;SACnB,CAAC,CAAC;IACL,CAAC;IAED,+BAA+B;IAC/B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,CAAC;QAClC,QAAQ,CAAC,IAAI,CAAC;YACZ,gBAAgB,EAAE,GAAG;YACrB,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,sBAAsB;YAC7B,YAAY,EAAE,mEAAmE;YACjF,MAAM,EAAE,MAAM;YACd,UAAU,EAAE,KAAK;SAClB,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAC3B,MAAM,WAAW,GACf,QAAQ,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACjC,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC;QACzB,QAAQ,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IACjC,IAAI,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjD,QAAQ,CAAC,IAAI,CAAC;YACZ,gBAAgB,EAAE,GAAG;YACrB,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,cAAc;YACxB,KAAK,EAAE,kBAAkB;YACzB,YAAY,EAAE,0DAA0D;YACxE,MAAM,EAAE,MAAM;YACd,UAAU,EAAE,MAAM;SACnB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAe,EAAE,QAAgB;IAC7D,MAAM,QAAQ,GAAkB,EAAE,CAAC;IACnC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,kBAAkB;QAClB,IAAI,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACxC,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,GAAG;gBACrB,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,sCAAsC;gBAC7C,qBAAqB,EAAE,+DAA+D;gBACtF,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;gBAClB,YAAY,EAAE,IAAI,CAAC,IAAI,EAAE;gBACzB,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;QAED,0BAA0B;QAC1B,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1B,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxD,IAAI,8DAA8D,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBACnF,QAAQ,CAAC,IAAI,CAAC;oBACZ,gBAAgB,EAAE,GAAG;oBACrB,QAAQ,EAAE,MAAM;oBAChB,QAAQ,EAAE,QAAQ;oBAClB,KAAK,EAAE,wCAAwC;oBAC/C,qBAAqB,EAAE,gFAAgF;oBACvG,SAAS,EAAE,QAAQ;oBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;oBAClB,YAAY,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;oBAC9C,MAAM,EAAE,MAAM;oBACd,UAAU,EAAE,MAAM;iBACnB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,IAAI,4FAA4F,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5G,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,GAAG;gBACrB,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,2CAA2C;gBAClD,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;gBAClB,YAAY,EAAE,IAAI,CAAC,IAAI,EAAE;gBACzB,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;QAED,+BAA+B;QAC/B,IAAI,wJAAwJ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACxK,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,GAAG;gBACrB,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,qBAAqB;gBAC/B,KAAK,EAAE,8CAA8C;gBACrD,qBAAqB,EAAE,8FAA8F;gBACrH,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;gBAClB,YAAY,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,oBAAoB,EAAE,kBAAkB,CAAC;gBAC3E,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,MAAM;aACnB,CAAC,CAAC;QACL,CAAC;QAED,oDAAoD;QACpD,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvD,IAAI,+DAA+D,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBACpF,QAAQ,CAAC,IAAI,CAAC;oBACZ,gBAAgB,EAAE,GAAG;oBACrB,QAAQ,EAAE,MAAM;oBAChB,QAAQ,EAAE,qBAAqB;oBAC/B,KAAK,EAAE,+CAA+C;oBACtD,qBAAqB,EAAE,+GAA+G;oBACtI,SAAS,EAAE,QAAQ;oBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;oBAClB,YAAY,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;oBAC9C,MAAM,EAAE,MAAM;oBACd,UAAU,EAAE,QAAQ;iBACrB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,yBAAyB;QACzB,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,YAAY,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxE,IAAI,yBAAyB,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,2CAA2C,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBACpH,IAAI,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,KAAK,IAAI,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvF,QAAQ,CAAC,IAAI,CAAC;wBACZ,gBAAgB,EAAE,GAAG;wBACrB,QAAQ,EAAE,MAAM;wBAChB,QAAQ,EAAE,qBAAqB;wBAC/B,KAAK,EAAE,wCAAwC;wBAC/C,qBAAqB,EAAE,gFAAgF;wBACvG,SAAS,EAAE,QAAQ;wBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;wBAClB,YAAY,EAAE,IAAI,CAAC,IAAI,EAAE;wBACzB,MAAM,EAAE,MAAM;wBACd,UAAU,EAAE,QAAQ;qBACrB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,qBAAqB;QACrB,IAAI,+BAA+B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,GAAG;gBACrB,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,mCAAmC;gBAC1C,qBAAqB,EAAE,oEAAoE;gBAC3F,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,CAAC,GAAG,CAAC;gBAClB,YAAY,EAAE,IAAI,CAAC,IAAI,EAAE;gBACzB,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,QAAQ;aACrB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,eAAe,CAAC,OAAe,EAAE,QAAgB;IACxD,MAAM,QAAQ,GAAkB,EAAE,CAAC;IAEnC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,eAAe,GAAG,MAAM,CAAC,eAAe,IAAI,EAAE,CAAC;QAErD,IAAI,eAAe,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YACrC,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,GAAG;gBACrB,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,iCAAiC;gBACxC,qBAAqB,EAAE,2FAA2F;gBAClH,SAAS,EAAE,QAAQ;gBACnB,YAAY,EAAE,iBAAiB;gBAC/B,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,QAAQ;aACrB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,eAAe,CAAC,MAAM,IAAI,eAAe,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;YACvE,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,GAAG;gBACrB,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,mCAAmC;gBAC1C,qBAAqB,EAAE,iFAAiF;gBACxG,SAAS,EAAE,QAAQ;gBACnB,YAAY,EAAE,wBAAwB;gBACtC,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,QAAQ;aACrB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,sBAAsB;IACxB,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAe,EAAE,QAAgB;IAC5D,MAAM,QAAQ,GAAkB,EAAE,CAAC;IAEnC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAEnC,gDAAgD;QAChD,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;YACf,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtD,IACE,OAAO,KAAK,KAAK,QAAQ;oBACzB,wCAAwC,CAAC,IAAI,CAAC,GAAG,CAAC;oBAClD,KAAK,CAAC,MAAM,GAAG,EAAE;oBACjB,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,wCAAwC;kBAC/D,CAAC;oBACD,QAAQ,CAAC,IAAI,CAAC;wBACZ,gBAAgB,EAAE,EAAE;wBACpB,QAAQ,EAAE,UAAU;wBACpB,QAAQ,EAAE,YAAY;wBACtB,KAAK,EAAE,0BAA0B,GAAG,EAAE;wBACtC,qBAAqB,EAAE,gJAAgJ;wBACvK,SAAS,EAAE,QAAQ;wBACnB,YAAY,EAAE,IAAI,GAAG,qBAAqB;wBAC1C,SAAS,EAAE,UAAU;wBACrB,MAAM,EAAE,MAAM;wBACd,UAAU,EAAE,MAAM;qBACnB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,sBAAsB;IACxB,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dast.d.ts","sourceRoot":"","sources":["../../src/engines/dast.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,WAAW,EAAY,MAAM,YAAY,CAAC;AAmExD,wBAAsB,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,CA8CpE"}
|
|
@@ -0,0 +1,167 @@
|
|
|
1
|
+
// DAST engine - Dynamic Application Security Testing via Nuclei.
|
|
2
|
+
// Scans deployed URLs for real vulnerabilities (SQL injection, XSS, SSRF, etc.).
|
|
3
|
+
// Only runs when appUrl is provided in scan params.
|
|
4
|
+
import { execWithTimeout } from "../utils/exec.js";
|
|
5
|
+
const SEVERITY_MAP = {
|
|
6
|
+
critical: "critical",
|
|
7
|
+
high: "high",
|
|
8
|
+
medium: "medium",
|
|
9
|
+
low: "low",
|
|
10
|
+
info: "info",
|
|
11
|
+
};
|
|
12
|
+
// Map Nuclei template tags/IDs to our vulnerability catalog
|
|
13
|
+
const TAG_TO_VULN_ID = {
|
|
14
|
+
sqli: 5,
|
|
15
|
+
"sql-injection": 5,
|
|
16
|
+
xss: 7,
|
|
17
|
+
ssrf: 10,
|
|
18
|
+
lfi: 106,
|
|
19
|
+
rfi: 106,
|
|
20
|
+
rce: 75,
|
|
21
|
+
"command-injection": 75,
|
|
22
|
+
xxe: 72,
|
|
23
|
+
ssti: 76,
|
|
24
|
+
"open-redirect": 119,
|
|
25
|
+
cors: 4,
|
|
26
|
+
csrf: 8,
|
|
27
|
+
idor: 1,
|
|
28
|
+
"path-traversal": 106,
|
|
29
|
+
"file-inclusion": 106,
|
|
30
|
+
"directory-listing": 116,
|
|
31
|
+
"exposed-panel": 116,
|
|
32
|
+
"admin-panel": 116,
|
|
33
|
+
misconfiguration: 4,
|
|
34
|
+
disclosure: 99,
|
|
35
|
+
"information-disclosure": 99,
|
|
36
|
+
"default-login": 77,
|
|
37
|
+
"default-credential": 77,
|
|
38
|
+
"weak-password": 55,
|
|
39
|
+
cve: 3,
|
|
40
|
+
token: 53,
|
|
41
|
+
"api-key": 53,
|
|
42
|
+
debug: 116,
|
|
43
|
+
"source-map": 49,
|
|
44
|
+
};
|
|
45
|
+
export async function runDast(appUrl) {
|
|
46
|
+
const args = [
|
|
47
|
+
"-u", appUrl,
|
|
48
|
+
"-jsonl",
|
|
49
|
+
"-severity", "critical,high,medium",
|
|
50
|
+
"-t", "misconfiguration/",
|
|
51
|
+
"-t", "exposed-panels/",
|
|
52
|
+
"-t", "vulnerabilities/",
|
|
53
|
+
"-t", "exposures/",
|
|
54
|
+
"-silent",
|
|
55
|
+
"-no-color",
|
|
56
|
+
"-rate-limit", "100",
|
|
57
|
+
"-timeout", "10",
|
|
58
|
+
"-retries", "1",
|
|
59
|
+
"-no-interactsh", // Don't use out-of-band testing service
|
|
60
|
+
"-disable-update-check",
|
|
61
|
+
];
|
|
62
|
+
let stdout;
|
|
63
|
+
try {
|
|
64
|
+
const result = await execWithTimeout("nuclei", args, {
|
|
65
|
+
timeoutMs: 170_000, // 10s under orchestrator's 180s DAST timeout
|
|
66
|
+
env: { HOME: "/home/worker" }, // Nuclei needs HOME for templates
|
|
67
|
+
});
|
|
68
|
+
stdout = result.stdout;
|
|
69
|
+
}
|
|
70
|
+
catch (error) {
|
|
71
|
+
// Nuclei may fail for many reasons (missing binary, missing templates,
|
|
72
|
+
// timeout, non-zero exit). Never mark DAST as failed — just return empty.
|
|
73
|
+
console.warn(`[dast] Nuclei failed: ${error instanceof Error ? error.message : error}`);
|
|
74
|
+
return [];
|
|
75
|
+
}
|
|
76
|
+
if (!stdout.trim())
|
|
77
|
+
return [];
|
|
78
|
+
const findings = [];
|
|
79
|
+
for (const line of stdout.split("\n")) {
|
|
80
|
+
if (!line.trim())
|
|
81
|
+
continue;
|
|
82
|
+
try {
|
|
83
|
+
const result = JSON.parse(line);
|
|
84
|
+
findings.push(mapNucleiToFinding(result));
|
|
85
|
+
}
|
|
86
|
+
catch {
|
|
87
|
+
// Skip malformed lines
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
return findings;
|
|
91
|
+
}
|
|
92
|
+
function mapNucleiToFinding(result) {
|
|
93
|
+
const severity = SEVERITY_MAP[result.info.severity] ?? "medium";
|
|
94
|
+
const vulnId = resolveVulnerabilityId(result);
|
|
95
|
+
const tags = result.info.tags ?? [];
|
|
96
|
+
const cves = result.info.classification?.["cve-id"] ?? [];
|
|
97
|
+
const cwes = result.info.classification?.["cwe-id"] ?? [];
|
|
98
|
+
const technicalDetails = [
|
|
99
|
+
result.info.description,
|
|
100
|
+
cves.length > 0 ? `CVE: ${cves.join(", ")}` : "",
|
|
101
|
+
cwes.length > 0 ? `CWE: ${cwes.join(", ")}` : "",
|
|
102
|
+
result.info.reference?.length ? `References: ${result.info.reference.join(", ")}` : "",
|
|
103
|
+
`Matched at: ${result["matched-at"]}`,
|
|
104
|
+
tags.length > 0 ? `Tags: ${tags.join(", ")}` : "",
|
|
105
|
+
].filter(Boolean).join("\n");
|
|
106
|
+
return {
|
|
107
|
+
vulnerability_id: vulnId,
|
|
108
|
+
severity,
|
|
109
|
+
category: "dast",
|
|
110
|
+
title: `[DAST] ${result.info.name}`,
|
|
111
|
+
description_technical: technicalDetails,
|
|
112
|
+
file_path: result["matched-at"],
|
|
113
|
+
code_snippet: result["curl-command"] ?? `Template: ${result["template-id"]}`,
|
|
114
|
+
owasp_ref: mapToOwasp(tags),
|
|
115
|
+
status: "open",
|
|
116
|
+
};
|
|
117
|
+
}
|
|
118
|
+
function resolveVulnerabilityId(result) {
|
|
119
|
+
const tags = result.info.tags ?? [];
|
|
120
|
+
// Check template tags first (most specific)
|
|
121
|
+
for (const tag of tags) {
|
|
122
|
+
const id = TAG_TO_VULN_ID[tag.toLowerCase()];
|
|
123
|
+
if (id)
|
|
124
|
+
return id;
|
|
125
|
+
}
|
|
126
|
+
// Check template ID for known patterns
|
|
127
|
+
const templateId = result["template-id"].toLowerCase();
|
|
128
|
+
if (templateId.includes("sqli"))
|
|
129
|
+
return 5;
|
|
130
|
+
if (templateId.includes("xss"))
|
|
131
|
+
return 7;
|
|
132
|
+
if (templateId.includes("ssrf"))
|
|
133
|
+
return 10;
|
|
134
|
+
if (templateId.includes("rce"))
|
|
135
|
+
return 75;
|
|
136
|
+
if (templateId.includes("lfi") || templateId.includes("path-traversal"))
|
|
137
|
+
return 106;
|
|
138
|
+
if (templateId.includes("redirect"))
|
|
139
|
+
return 119;
|
|
140
|
+
if (templateId.includes("cve-"))
|
|
141
|
+
return 3;
|
|
142
|
+
if (templateId.includes("panel") || templateId.includes("admin"))
|
|
143
|
+
return 116;
|
|
144
|
+
if (templateId.includes("config") || templateId.includes("misconfig"))
|
|
145
|
+
return 4;
|
|
146
|
+
// Fallback based on type
|
|
147
|
+
if (result.type === "http")
|
|
148
|
+
return 4; // Security misconfiguration
|
|
149
|
+
return 199; // Generic best practice
|
|
150
|
+
}
|
|
151
|
+
function mapToOwasp(tags) {
|
|
152
|
+
const tagSet = new Set(tags.map((t) => t.toLowerCase()));
|
|
153
|
+
if (tagSet.has("sqli") || tagSet.has("xss") || tagSet.has("rce") || tagSet.has("xxe") || tagSet.has("ssti"))
|
|
154
|
+
return "A03:2021";
|
|
155
|
+
if (tagSet.has("ssrf"))
|
|
156
|
+
return "A10:2021";
|
|
157
|
+
if (tagSet.has("idor") || tagSet.has("open-redirect"))
|
|
158
|
+
return "A01:2021";
|
|
159
|
+
if (tagSet.has("cve"))
|
|
160
|
+
return "A06:2021";
|
|
161
|
+
if (tagSet.has("misconfiguration") || tagSet.has("cors"))
|
|
162
|
+
return "A05:2021";
|
|
163
|
+
if (tagSet.has("default-login") || tagSet.has("default-credential"))
|
|
164
|
+
return "A07:2021";
|
|
165
|
+
return undefined;
|
|
166
|
+
}
|
|
167
|
+
//# sourceMappingURL=dast.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dast.js","sourceRoot":"","sources":["../../src/engines/dast.ts"],"names":[],"mappings":"AAAA,iEAAiE;AACjE,iFAAiF;AACjF,oDAAoD;AAEpD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AA0BnD,MAAM,YAAY,GAA6B;IAC7C,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;IACV,IAAI,EAAE,MAAM;CACb,CAAC;AAEF,4DAA4D;AAC5D,MAAM,cAAc,GAA2B;IAC7C,IAAI,EAAE,CAAC;IACP,eAAe,EAAE,CAAC;IAClB,GAAG,EAAE,CAAC;IACN,IAAI,EAAE,EAAE;IACR,GAAG,EAAE,GAAG;IACR,GAAG,EAAE,GAAG;IACR,GAAG,EAAE,EAAE;IACP,mBAAmB,EAAE,EAAE;IACvB,GAAG,EAAE,EAAE;IACP,IAAI,EAAE,EAAE;IACR,eAAe,EAAE,GAAG;IACpB,IAAI,EAAE,CAAC;IACP,IAAI,EAAE,CAAC;IACP,IAAI,EAAE,CAAC;IACP,gBAAgB,EAAE,GAAG;IACrB,gBAAgB,EAAE,GAAG;IACrB,mBAAmB,EAAE,GAAG;IACxB,eAAe,EAAE,GAAG;IACpB,aAAa,EAAE,GAAG;IAClB,gBAAgB,EAAE,CAAC;IACnB,UAAU,EAAE,EAAE;IACd,wBAAwB,EAAE,EAAE;IAC5B,eAAe,EAAE,EAAE;IACnB,oBAAoB,EAAE,EAAE;IACxB,eAAe,EAAE,EAAE;IACnB,GAAG,EAAE,CAAC;IACN,KAAK,EAAE,EAAE;IACT,SAAS,EAAE,EAAE;IACb,KAAK,EAAE,GAAG;IACV,YAAY,EAAE,EAAE;CACjB,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,MAAc;IAC1C,MAAM,IAAI,GAAG;QACX,IAAI,EAAE,MAAM;QACZ,QAAQ;QACR,WAAW,EAAE,sBAAsB;QACnC,IAAI,EAAE,mBAAmB;QACzB,IAAI,EAAE,iBAAiB;QACvB,IAAI,EAAE,kBAAkB;QACxB,IAAI,EAAE,YAAY;QAClB,SAAS;QACT,WAAW;QACX,aAAa,EAAE,KAAK;QACpB,UAAU,EAAE,IAAI;QAChB,UAAU,EAAE,GAAG;QACf,gBAAgB,EAAE,wCAAwC;QAC1D,uBAAuB;KACxB,CAAC;IAEF,IAAI,MAAc,CAAC;IACnB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,QAAQ,EAAE,IAAI,EAAE;YACnD,SAAS,EAAE,OAAO,EAAE,6CAA6C;YACjE,GAAG,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,EAAE,kCAAkC;SAClE,CAAC,CAAC;QACH,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IACzB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,uEAAuE;QACvE,0EAA0E;QAC1E,OAAO,CAAC,IAAI,CAAC,yBAAyB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QACxF,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE;QAAE,OAAO,EAAE,CAAC;IAE9B,MAAM,QAAQ,GAAkB,EAAE,CAAC;IACnC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;YAAE,SAAS;QAC3B,IAAI,CAAC;YACH,MAAM,MAAM,GAAiB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC9C,QAAQ,CAAC,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACP,uBAAuB;QACzB,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAoB;IAC9C,MAAM,QAAQ,GAAG,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC;IAChE,MAAM,MAAM,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;IACpC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC1D,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IAE1D,MAAM,gBAAgB,GAAG;QACvB,MAAM,CAAC,IAAI,CAAC,WAAW;QACvB,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE;QAChD,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE;QAChD,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,eAAe,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE;QACtF,eAAe,MAAM,CAAC,YAAY,CAAC,EAAE;QACrC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE;KAClD,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE7B,OAAO;QACL,gBAAgB,EAAE,MAAM;QACxB,QAAQ;QACR,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,UAAU,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE;QACnC,qBAAqB,EAAE,gBAAgB;QACvC,SAAS,EAAE,MAAM,CAAC,YAAY,CAAC;QAC/B,YAAY,EAAE,MAAM,CAAC,cAAc,CAAC,IAAI,aAAa,MAAM,CAAC,aAAa,CAAC,EAAE;QAC5E,SAAS,EAAE,UAAU,CAAC,IAAI,CAAC;QAC3B,MAAM,EAAE,MAAM;KACf,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAAC,MAAoB;IAClD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;IAEpC,4CAA4C;IAC5C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,EAAE,GAAG,cAAc,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;QAC7C,IAAI,EAAE;YAAE,OAAO,EAAE,CAAC;IACpB,CAAC;IAED,uCAAuC;IACvC,MAAM,UAAU,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC,WAAW,EAAE,CAAC;IACvD,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,CAAC,CAAC;IAC1C,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IACzC,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,CAAC;IAC3C,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAC1C,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QAAE,OAAO,GAAG,CAAC;IACpF,IAAI,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,GAAG,CAAC;IAChD,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,CAAC,CAAC;IAC1C,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,GAAG,CAAC;IAC7E,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC;QAAE,OAAO,CAAC,CAAC;IAEhF,yBAAyB;IACzB,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM;QAAE,OAAO,CAAC,CAAC,CAAC,4BAA4B;IAClE,OAAO,GAAG,CAAC,CAAC,wBAAwB;AACtC,CAAC;AAED,SAAS,UAAU,CAAC,IAAc;IAChC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;IACzD,IAAI,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;QAAE,OAAO,UAAU,CAAC;IAC/H,IAAI,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;QAAE,OAAO,UAAU,CAAC;IAC1C,IAAI,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC;QAAE,OAAO,UAAU,CAAC;IACzE,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,UAAU,CAAC;IACzC,IAAI,MAAM,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;QAAE,OAAO,UAAU,CAAC;IAC5E,IAAI,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAAE,OAAO,UAAU,CAAC;IACvF,OAAO,SAAS,CAAC;AACnB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"db-rules.d.ts","sourceRoot":"","sources":["../../src/engines/db-rules.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C,wBAAgB,cAAc,CAC5B,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,UAAU,GAAG,UAAU,GAAG,MAAM,GAC1C,WAAW,EAAE,CAWf"}
|