@datahogo/core 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +661 -0
- package/README.md +17 -0
- package/dist/engines/config.d.ts +3 -0
- package/dist/engines/config.d.ts.map +1 -0
- package/dist/engines/config.js +433 -0
- package/dist/engines/config.js.map +1 -0
- package/dist/engines/dast.d.ts +3 -0
- package/dist/engines/dast.d.ts.map +1 -0
- package/dist/engines/dast.js +167 -0
- package/dist/engines/dast.js.map +1 -0
- package/dist/engines/db-rules.d.ts +3 -0
- package/dist/engines/db-rules.d.ts.map +1 -0
- package/dist/engines/db-rules.js +166 -0
- package/dist/engines/db-rules.js.map +1 -0
- package/dist/engines/dependencies.d.ts +3 -0
- package/dist/engines/dependencies.d.ts.map +1 -0
- package/dist/engines/dependencies.js +167 -0
- package/dist/engines/dependencies.js.map +1 -0
- package/dist/engines/github-actions.d.ts +3 -0
- package/dist/engines/github-actions.d.ts.map +1 -0
- package/dist/engines/github-actions.js +215 -0
- package/dist/engines/github-actions.js.map +1 -0
- package/dist/engines/gitleaks.d.ts +3 -0
- package/dist/engines/gitleaks.d.ts.map +1 -0
- package/dist/engines/gitleaks.js +107 -0
- package/dist/engines/gitleaks.js.map +1 -0
- package/dist/engines/npm-audit.d.ts +3 -0
- package/dist/engines/npm-audit.d.ts.map +1 -0
- package/dist/engines/npm-audit.js +113 -0
- package/dist/engines/npm-audit.js.map +1 -0
- package/dist/engines/patterns.d.ts +3 -0
- package/dist/engines/patterns.d.ts.map +1 -0
- package/dist/engines/patterns.js +1330 -0
- package/dist/engines/patterns.js.map +1 -0
- package/dist/engines/secrets.d.ts +4 -0
- package/dist/engines/secrets.d.ts.map +1 -0
- package/dist/engines/secrets.js +260 -0
- package/dist/engines/secrets.js.map +1 -0
- package/dist/engines/semgrep.d.ts +3 -0
- package/dist/engines/semgrep.d.ts.map +1 -0
- package/dist/engines/semgrep.js +173 -0
- package/dist/engines/semgrep.js.map +1 -0
- package/dist/engines/types.d.ts +30 -0
- package/dist/engines/types.d.ts.map +1 -0
- package/dist/engines/types.js +3 -0
- package/dist/engines/types.js.map +1 -0
- package/dist/engines/url-scanner.d.ts +3 -0
- package/dist/engines/url-scanner.d.ts.map +1 -0
- package/dist/engines/url-scanner.js +469 -0
- package/dist/engines/url-scanner.js.map +1 -0
- package/dist/index.d.ts +8 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +8 -0
- package/dist/index.js.map +1 -0
- package/dist/orchestrator.d.ts +32 -0
- package/dist/orchestrator.d.ts.map +1 -0
- package/dist/orchestrator.js +237 -0
- package/dist/orchestrator.js.map +1 -0
- package/dist/rules/.gitkeep +0 -0
- package/dist/rules/ai-llm-security.yaml +199 -0
- package/dist/rules/api-security.yaml +489 -0
- package/dist/rules/auth-patterns.yaml +406 -0
- package/dist/rules/crypto-patterns.yaml +227 -0
- package/dist/rules/database-cloud-security.yaml +169 -0
- package/dist/rules/general-security.yaml +588 -0
- package/dist/rules/injection-patterns.yaml +318 -0
- package/dist/rules/nextjs-security.yaml +532 -0
- package/dist/rules/node-security.yaml +380 -0
- package/dist/rules/rules/.gitkeep +0 -0
- package/dist/rules/rules/ai-llm-security.yaml +199 -0
- package/dist/rules/rules/api-security.yaml +489 -0
- package/dist/rules/rules/auth-patterns.yaml +406 -0
- package/dist/rules/rules/crypto-patterns.yaml +227 -0
- package/dist/rules/rules/database-cloud-security.yaml +169 -0
- package/dist/rules/rules/general-security.yaml +588 -0
- package/dist/rules/rules/injection-patterns.yaml +318 -0
- package/dist/rules/rules/nextjs-security.yaml +532 -0
- package/dist/rules/rules/node-security.yaml +380 -0
- package/dist/rules/rules/supabase-security.yaml +387 -0
- package/dist/rules/supabase-security.yaml +387 -0
- package/dist/scanning/agents/csharp-agent.d.ts +12 -0
- package/dist/scanning/agents/csharp-agent.d.ts.map +1 -0
- package/dist/scanning/agents/csharp-agent.js +592 -0
- package/dist/scanning/agents/csharp-agent.js.map +1 -0
- package/dist/scanning/agents/go-agent.d.ts +14 -0
- package/dist/scanning/agents/go-agent.d.ts.map +1 -0
- package/dist/scanning/agents/go-agent.js +641 -0
- package/dist/scanning/agents/go-agent.js.map +1 -0
- package/dist/scanning/agents/java-agent.d.ts +8 -0
- package/dist/scanning/agents/java-agent.d.ts.map +1 -0
- package/dist/scanning/agents/java-agent.js +807 -0
- package/dist/scanning/agents/java-agent.js.map +1 -0
- package/dist/scanning/agents/javascript-agent.d.ts +8 -0
- package/dist/scanning/agents/javascript-agent.d.ts.map +1 -0
- package/dist/scanning/agents/javascript-agent.js +77 -0
- package/dist/scanning/agents/javascript-agent.js.map +1 -0
- package/dist/scanning/agents/mobile-agent.d.ts +8 -0
- package/dist/scanning/agents/mobile-agent.d.ts.map +1 -0
- package/dist/scanning/agents/mobile-agent.js +916 -0
- package/dist/scanning/agents/mobile-agent.js.map +1 -0
- package/dist/scanning/agents/php-agent.d.ts +8 -0
- package/dist/scanning/agents/php-agent.d.ts.map +1 -0
- package/dist/scanning/agents/php-agent.js +679 -0
- package/dist/scanning/agents/php-agent.js.map +1 -0
- package/dist/scanning/agents/python-agent.d.ts +8 -0
- package/dist/scanning/agents/python-agent.d.ts.map +1 -0
- package/dist/scanning/agents/python-agent.js +701 -0
- package/dist/scanning/agents/python-agent.js.map +1 -0
- package/dist/scanning/agents/supabase-agent.d.ts +8 -0
- package/dist/scanning/agents/supabase-agent.d.ts.map +1 -0
- package/dist/scanning/agents/supabase-agent.js +484 -0
- package/dist/scanning/agents/supabase-agent.js.map +1 -0
- package/dist/scanning/orchestrator.d.ts +29 -0
- package/dist/scanning/orchestrator.d.ts.map +1 -0
- package/dist/scanning/orchestrator.js +186 -0
- package/dist/scanning/orchestrator.js.map +1 -0
- package/dist/scanning/tech-detector.d.ts +12 -0
- package/dist/scanning/tech-detector.d.ts.map +1 -0
- package/dist/scanning/tech-detector.js +252 -0
- package/dist/scanning/tech-detector.js.map +1 -0
- package/dist/scanning/types.d.ts +87 -0
- package/dist/scanning/types.d.ts.map +1 -0
- package/dist/scanning/types.js +5 -0
- package/dist/scanning/types.js.map +1 -0
- package/dist/utils/child-process.d.ts +2 -0
- package/dist/utils/child-process.d.ts.map +1 -0
- package/dist/utils/child-process.js +4 -0
- package/dist/utils/child-process.js.map +1 -0
- package/dist/utils/context-classifier.d.ts +11 -0
- package/dist/utils/context-classifier.d.ts.map +1 -0
- package/dist/utils/context-classifier.js +79 -0
- package/dist/utils/context-classifier.js.map +1 -0
- package/dist/utils/exec.d.ts +18 -0
- package/dist/utils/exec.d.ts.map +1 -0
- package/dist/utils/exec.js +51 -0
- package/dist/utils/exec.js.map +1 -0
- package/dist/utils/file-filter.d.ts +4 -0
- package/dist/utils/file-filter.d.ts.map +1 -0
- package/dist/utils/file-filter.js +68 -0
- package/dist/utils/file-filter.js.map +1 -0
- package/dist/utils/fs.d.ts +2 -0
- package/dist/utils/fs.d.ts.map +1 -0
- package/dist/utils/fs.js +5 -0
- package/dist/utils/fs.js.map +1 -0
- package/dist/utils/logger.d.ts +12 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/logger.js +27 -0
- package/dist/utils/logger.js.map +1 -0
- package/dist/utils/post-processor.d.ts +10 -0
- package/dist/utils/post-processor.d.ts.map +1 -0
- package/dist/utils/post-processor.js +183 -0
- package/dist/utils/post-processor.js.map +1 -0
- package/package.json +44 -0
|
@@ -0,0 +1,592 @@
|
|
|
1
|
+
// C# / .NET ecosystem security scanner agent.
|
|
2
|
+
// Detects .NET projects (.csproj, .fsproj, .sln) and scans for 13 security
|
|
3
|
+
// vulnerabilities spanning hardcoded secrets, injection flaws, insecure
|
|
4
|
+
// deserialization, missing authorization, weak cryptography, and more.
|
|
5
|
+
export class CSharpScanAgent {
|
|
6
|
+
async detect(files) {
|
|
7
|
+
for (const filePath of files.keys()) {
|
|
8
|
+
if (filePath.endsWith(".csproj") ||
|
|
9
|
+
filePath.endsWith(".fsproj") ||
|
|
10
|
+
filePath.endsWith(".sln")) {
|
|
11
|
+
return true;
|
|
12
|
+
}
|
|
13
|
+
}
|
|
14
|
+
return false;
|
|
15
|
+
}
|
|
16
|
+
async scan(files) {
|
|
17
|
+
const results = [];
|
|
18
|
+
// Collect all file contents for project-level detection.
|
|
19
|
+
const allContent = Array.from(files.values()).join("\n");
|
|
20
|
+
// Detect project-level auth middleware (UseAuthorization / AddAuthorization).
|
|
21
|
+
// When present, missing-[Authorize] findings become low confidence because
|
|
22
|
+
// global or policy-based auth may be in effect.
|
|
23
|
+
const hasGlobalAuth = /(?:AddAuthorization|UseAuthorization)\s*\(/.test(allContent) ||
|
|
24
|
+
/AddAuthentication\s*\(/.test(allContent) ||
|
|
25
|
+
/UseAuthentication\s*\(/.test(allContent);
|
|
26
|
+
// Detect project-level rate limiting middleware.
|
|
27
|
+
const hasRateLimiter = /(?:AddRateLimiter|UseRateLimiter)\s*\(/.test(allContent);
|
|
28
|
+
for (const [filePath, content] of files) {
|
|
29
|
+
if (isCSharpFile(filePath)) {
|
|
30
|
+
results.push(...checkMissingAuthorize(filePath, content, hasGlobalAuth));
|
|
31
|
+
results.push(...checkSqlInjection(filePath, content));
|
|
32
|
+
results.push(...checkCorsWildcard(filePath, content));
|
|
33
|
+
results.push(...checkUnsafeDeserialization(filePath, content));
|
|
34
|
+
results.push(...checkXxeVulnerability(filePath, content));
|
|
35
|
+
results.push(...checkPathTraversal(filePath, content));
|
|
36
|
+
results.push(...checkHardcodedConnectionStrings(filePath, content));
|
|
37
|
+
results.push(...checkDeveloperExceptionPage(filePath, content));
|
|
38
|
+
results.push(...checkCommandInjection(filePath, content));
|
|
39
|
+
results.push(...checkWeakHashAlgorithm(filePath, content));
|
|
40
|
+
results.push(...checkMissingAntiForgeryToken(filePath, content));
|
|
41
|
+
results.push(...checkAllowAnonymousOnSensitiveController(filePath, content));
|
|
42
|
+
}
|
|
43
|
+
if (isConfigFile(filePath)) {
|
|
44
|
+
results.push(...checkSecretsInAppSettings(filePath, content));
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
// Suppress or downgrade rate-limit-related findings if global rate limiting is
|
|
48
|
+
// detected at the project level (placeholder for future rate-limit check).
|
|
49
|
+
void hasRateLimiter;
|
|
50
|
+
return results;
|
|
51
|
+
}
|
|
52
|
+
getMetadata() {
|
|
53
|
+
return {
|
|
54
|
+
name: "csharp-agent",
|
|
55
|
+
version: "1.0.0",
|
|
56
|
+
technologies: ["dotnet"],
|
|
57
|
+
};
|
|
58
|
+
}
|
|
59
|
+
getChecks() {
|
|
60
|
+
return [
|
|
61
|
+
{
|
|
62
|
+
id: "csharp:secrets-in-appsettings",
|
|
63
|
+
name: "Secret hardcoded in appsettings.json",
|
|
64
|
+
severity: "CRITICAL",
|
|
65
|
+
},
|
|
66
|
+
{
|
|
67
|
+
id: "csharp:missing-authorize",
|
|
68
|
+
name: "Mutating HTTP endpoint missing [Authorize] attribute",
|
|
69
|
+
severity: "MEDIUM",
|
|
70
|
+
},
|
|
71
|
+
{
|
|
72
|
+
id: "csharp:sql-injection",
|
|
73
|
+
name: "SQL injection via string concatenation or interpolation",
|
|
74
|
+
severity: "CRITICAL",
|
|
75
|
+
},
|
|
76
|
+
{
|
|
77
|
+
id: "csharp:cors-wildcard",
|
|
78
|
+
name: "CORS configured to allow any origin",
|
|
79
|
+
severity: "MEDIUM",
|
|
80
|
+
},
|
|
81
|
+
{
|
|
82
|
+
id: "csharp:unsafe-deserialization",
|
|
83
|
+
name: "Unsafe deserialization via BinaryFormatter",
|
|
84
|
+
severity: "CRITICAL",
|
|
85
|
+
},
|
|
86
|
+
{
|
|
87
|
+
id: "csharp:xxe-vulnerability",
|
|
88
|
+
name: "XXE vulnerability: XML parsed without DTD restrictions",
|
|
89
|
+
severity: "HIGH",
|
|
90
|
+
},
|
|
91
|
+
{
|
|
92
|
+
id: "csharp:path-traversal",
|
|
93
|
+
name: "Potential path traversal via user-controlled path",
|
|
94
|
+
severity: "HIGH",
|
|
95
|
+
},
|
|
96
|
+
{
|
|
97
|
+
id: "csharp:hardcoded-connection-string",
|
|
98
|
+
name: "Hardcoded connection string in source code",
|
|
99
|
+
severity: "HIGH",
|
|
100
|
+
},
|
|
101
|
+
{
|
|
102
|
+
id: "csharp:developer-exception-page",
|
|
103
|
+
name: "Developer exception page enabled without environment check",
|
|
104
|
+
severity: "HIGH",
|
|
105
|
+
},
|
|
106
|
+
{
|
|
107
|
+
id: "csharp:command-injection",
|
|
108
|
+
name: "Command injection via Process.Start with dynamic input",
|
|
109
|
+
severity: "CRITICAL",
|
|
110
|
+
},
|
|
111
|
+
{
|
|
112
|
+
id: "csharp:weak-hash-algorithm",
|
|
113
|
+
name: "Weak hash algorithm: MD5 or SHA-1",
|
|
114
|
+
severity: "HIGH",
|
|
115
|
+
},
|
|
116
|
+
{
|
|
117
|
+
id: "csharp:missing-antiforgery-token",
|
|
118
|
+
name: "POST action missing [ValidateAntiForgeryToken]",
|
|
119
|
+
severity: "MEDIUM",
|
|
120
|
+
},
|
|
121
|
+
{
|
|
122
|
+
id: "csharp:allow-anonymous-sensitive",
|
|
123
|
+
name: "[AllowAnonymous] on sensitive controller or action",
|
|
124
|
+
severity: "HIGH",
|
|
125
|
+
},
|
|
126
|
+
];
|
|
127
|
+
}
|
|
128
|
+
}
|
|
129
|
+
// --- Helper predicates ---
|
|
130
|
+
/** Returns true if the file is a C# source file. */
|
|
131
|
+
export function isCSharpFile(path) {
|
|
132
|
+
return path.endsWith(".cs");
|
|
133
|
+
}
|
|
134
|
+
/** Returns true if the file matches the appsettings*.json pattern. */
|
|
135
|
+
export function isConfigFile(path) {
|
|
136
|
+
const filename = path.split("/").pop() ?? path;
|
|
137
|
+
return /^appsettings.*\.json$/.test(filename);
|
|
138
|
+
}
|
|
139
|
+
// --- Check 1: Secrets in appsettings*.json (CWE-798) ---
|
|
140
|
+
// Values that look like placeholders and should not be flagged.
|
|
141
|
+
const PLACEHOLDER_PATTERN = /^(?:your[-_]|change[-_]|todo|example|placeholder|\$\{)/i;
|
|
142
|
+
function checkSecretsInAppSettings(filePath, content) {
|
|
143
|
+
const results = [];
|
|
144
|
+
// Match sensitive JSON key names with non-placeholder string values.
|
|
145
|
+
// The character class excludes the literal dollar sign so that ${VAR} substitution
|
|
146
|
+
// references (which start with $) are excluded at the regex level.
|
|
147
|
+
const pattern = /"(?:ConnectionString|Password|Secret|ApiKey|Token|PrivateKey)"\s*:\s*"([^"$]{4,})"/gi;
|
|
148
|
+
const lines = content.split("\n");
|
|
149
|
+
for (let i = 0; i < lines.length; i++) {
|
|
150
|
+
const line = lines[i];
|
|
151
|
+
// Reset lastIndex since we reuse the regex across iterations.
|
|
152
|
+
pattern.lastIndex = 0;
|
|
153
|
+
const match = pattern.exec(line);
|
|
154
|
+
if (!match)
|
|
155
|
+
continue;
|
|
156
|
+
const value = match[1];
|
|
157
|
+
// Skip empty strings and placeholder patterns.
|
|
158
|
+
if (!value || value.trim().length < 4)
|
|
159
|
+
continue;
|
|
160
|
+
if (PLACEHOLDER_PATTERN.test(value))
|
|
161
|
+
continue;
|
|
162
|
+
results.push({
|
|
163
|
+
checkId: "csharp:secrets-in-appsettings",
|
|
164
|
+
title: "Secret hardcoded in appsettings.json",
|
|
165
|
+
severity: "CRITICAL",
|
|
166
|
+
confidence: "high",
|
|
167
|
+
file: filePath,
|
|
168
|
+
line: i + 1,
|
|
169
|
+
description: "A sensitive value (connection string, password, API key, or token) is hardcoded " +
|
|
170
|
+
"directly in appsettings.json. Anyone with read access to the repository or the " +
|
|
171
|
+
"deployed artifact can extract this secret.",
|
|
172
|
+
fix: "Use User Secrets, environment variables, or Azure Key Vault.",
|
|
173
|
+
cwe: "CWE-798",
|
|
174
|
+
});
|
|
175
|
+
}
|
|
176
|
+
return results;
|
|
177
|
+
}
|
|
178
|
+
// --- Check 2: Missing [Authorize] on mutating HTTP endpoints (CWE-306) ---
|
|
179
|
+
function checkMissingAuthorize(filePath, content, hasGlobalAuth) {
|
|
180
|
+
const results = [];
|
|
181
|
+
const lines = content.split("\n");
|
|
182
|
+
// Skip controllers that are intentionally public.
|
|
183
|
+
const skipControllerNames = /Auth|Login|Public|Health/i;
|
|
184
|
+
if (skipControllerNames.test(filePath))
|
|
185
|
+
return results;
|
|
186
|
+
// Check if the class itself carries [Authorize] or if global auth middleware
|
|
187
|
+
// is registered at the project level.
|
|
188
|
+
const classHasAuthorize = /\[Authorize\]/.test(content);
|
|
189
|
+
if (classHasAuthorize)
|
|
190
|
+
return results;
|
|
191
|
+
// Confidence is low when project-level auth middleware is present because
|
|
192
|
+
// global policy-based auth may protect all routes.
|
|
193
|
+
const confidence = hasGlobalAuth ? "low" : "medium";
|
|
194
|
+
for (let i = 0; i < lines.length; i++) {
|
|
195
|
+
const line = lines[i];
|
|
196
|
+
if (!/\[Http(?:Post|Put|Delete)(?:\([^)]*\))?\]/.test(line))
|
|
197
|
+
continue;
|
|
198
|
+
// Look at the 5 lines immediately above for [Authorize].
|
|
199
|
+
const windowStart = Math.max(0, i - 5);
|
|
200
|
+
const window = lines.slice(windowStart, i).join("\n");
|
|
201
|
+
if (!/\[Authorize\]/.test(window)) {
|
|
202
|
+
results.push({
|
|
203
|
+
checkId: "csharp:missing-authorize",
|
|
204
|
+
title: "Mutating HTTP endpoint missing [Authorize] attribute",
|
|
205
|
+
severity: "MEDIUM",
|
|
206
|
+
confidence,
|
|
207
|
+
file: filePath,
|
|
208
|
+
line: i + 1,
|
|
209
|
+
description: "This controller action uses [HttpPost], [HttpPut], or [HttpDelete] but has no " +
|
|
210
|
+
"[Authorize] attribute and the controller class is also not annotated. The endpoint " +
|
|
211
|
+
"may be accessible to unauthenticated users.",
|
|
212
|
+
fix: "Add [Authorize] attribute to controllers or actions handling sensitive operations.",
|
|
213
|
+
cwe: "CWE-306",
|
|
214
|
+
});
|
|
215
|
+
}
|
|
216
|
+
}
|
|
217
|
+
return results;
|
|
218
|
+
}
|
|
219
|
+
// --- Check 3: SQL injection via string building (CWE-89) ---
|
|
220
|
+
function checkSqlInjection(filePath, content) {
|
|
221
|
+
const results = [];
|
|
222
|
+
const lines = content.split("\n");
|
|
223
|
+
for (let i = 0; i < lines.length; i++) {
|
|
224
|
+
const line = lines[i];
|
|
225
|
+
// new SqlCommand(... + or $" interpolation
|
|
226
|
+
const hasSqlCommand = /(?:new\s+)?SqlCommand\s*\(/.test(line);
|
|
227
|
+
const hasRawSql = /(?:ExecuteSqlRaw|FromSqlRaw)\s*\(/.test(line);
|
|
228
|
+
if (!hasSqlCommand && !hasRawSql)
|
|
229
|
+
continue;
|
|
230
|
+
// Skip parameterized queries: @paramName, SqlParameter, or AddWithValue
|
|
231
|
+
// in the same line indicates safe, parameterized usage.
|
|
232
|
+
if (/@\w+|SqlParameter|AddWithValue/.test(line))
|
|
233
|
+
continue;
|
|
234
|
+
// Flag if the same line uses string concatenation or interpolation.
|
|
235
|
+
if (/\+/.test(line) || /\$"/.test(line)) {
|
|
236
|
+
results.push({
|
|
237
|
+
checkId: "csharp:sql-injection",
|
|
238
|
+
title: "SQL injection via string concatenation or interpolation",
|
|
239
|
+
severity: "CRITICAL",
|
|
240
|
+
confidence: "high",
|
|
241
|
+
file: filePath,
|
|
242
|
+
line: i + 1,
|
|
243
|
+
description: "A SQL command is constructed using string concatenation (+) or interpolation ($\"\"). " +
|
|
244
|
+
"If any part of the string comes from user input, an attacker can inject arbitrary SQL " +
|
|
245
|
+
"to read, modify, or delete data.",
|
|
246
|
+
fix: 'Use parameterized queries: new SqlCommand("SELECT * FROM Users WHERE Id = @id", conn)',
|
|
247
|
+
cwe: "CWE-89",
|
|
248
|
+
});
|
|
249
|
+
}
|
|
250
|
+
}
|
|
251
|
+
return results;
|
|
252
|
+
}
|
|
253
|
+
// --- Check 4: CORS wildcard (CWE-942) ---
|
|
254
|
+
function checkCorsWildcard(filePath, content) {
|
|
255
|
+
const results = [];
|
|
256
|
+
const lines = content.split("\n");
|
|
257
|
+
for (let i = 0; i < lines.length; i++) {
|
|
258
|
+
const line = lines[i];
|
|
259
|
+
if (/AllowAnyOrigin\s*\(\s*\)/.test(line) ||
|
|
260
|
+
/WithOrigins\s*\(\s*["']\*["']\s*\)/.test(line) ||
|
|
261
|
+
/SetIsOriginAllowed\s*\(\s*_\s*=>/.test(line)) {
|
|
262
|
+
results.push({
|
|
263
|
+
checkId: "csharp:cors-wildcard",
|
|
264
|
+
title: "CORS configured to allow any origin",
|
|
265
|
+
severity: "MEDIUM",
|
|
266
|
+
confidence: "high",
|
|
267
|
+
file: filePath,
|
|
268
|
+
line: i + 1,
|
|
269
|
+
description: "The CORS policy allows requests from any origin. This lets malicious websites make " +
|
|
270
|
+
"authenticated cross-origin requests to your API on behalf of logged-in users.",
|
|
271
|
+
fix: 'Restrict CORS: builder.WithOrigins("https://yourdomain.com")',
|
|
272
|
+
cwe: "CWE-942",
|
|
273
|
+
});
|
|
274
|
+
}
|
|
275
|
+
}
|
|
276
|
+
return results;
|
|
277
|
+
}
|
|
278
|
+
// --- Check 5: Unsafe deserialization via BinaryFormatter (CWE-502) ---
|
|
279
|
+
function checkUnsafeDeserialization(filePath, content) {
|
|
280
|
+
const results = [];
|
|
281
|
+
const lines = content.split("\n");
|
|
282
|
+
for (let i = 0; i < lines.length; i++) {
|
|
283
|
+
if (/BinaryFormatter/.test(lines[i])) {
|
|
284
|
+
results.push({
|
|
285
|
+
checkId: "csharp:unsafe-deserialization",
|
|
286
|
+
title: "Unsafe deserialization via BinaryFormatter",
|
|
287
|
+
severity: "CRITICAL",
|
|
288
|
+
confidence: "high",
|
|
289
|
+
file: filePath,
|
|
290
|
+
line: i + 1,
|
|
291
|
+
description: "BinaryFormatter is obsolete and unsafe. Deserializing attacker-controlled data with " +
|
|
292
|
+
"BinaryFormatter can lead to remote code execution because it instantiates arbitrary " +
|
|
293
|
+
"types during deserialization.",
|
|
294
|
+
fix: "Use System.Text.Json or JsonSerializer instead of BinaryFormatter.",
|
|
295
|
+
cwe: "CWE-502",
|
|
296
|
+
});
|
|
297
|
+
}
|
|
298
|
+
}
|
|
299
|
+
return results;
|
|
300
|
+
}
|
|
301
|
+
// --- Check 6: XXE vulnerability via XmlDocument without DTD prohibition (CWE-611) ---
|
|
302
|
+
function checkXxeVulnerability(filePath, content) {
|
|
303
|
+
const results = [];
|
|
304
|
+
// If the file already globally disables DTD processing, skip it.
|
|
305
|
+
if (/DtdProcessing\.Prohibit|ProhibitDtd\s*=\s*true/i.test(content)) {
|
|
306
|
+
return results;
|
|
307
|
+
}
|
|
308
|
+
const lines = content.split("\n");
|
|
309
|
+
for (let i = 0; i < lines.length; i++) {
|
|
310
|
+
const line = lines[i];
|
|
311
|
+
if (/new\s+XmlDocument\s*\(\s*\)|XmlReader\.Create\s*\(/.test(line)) {
|
|
312
|
+
results.push({
|
|
313
|
+
checkId: "csharp:xxe-vulnerability",
|
|
314
|
+
title: "XXE vulnerability: XML parsed without DTD restrictions",
|
|
315
|
+
severity: "HIGH",
|
|
316
|
+
// Medium confidence: some XmlDocument/XmlReader.Create usages process only
|
|
317
|
+
// trusted internal XML and are not actually exploitable. Context matters.
|
|
318
|
+
confidence: "medium",
|
|
319
|
+
file: filePath,
|
|
320
|
+
line: i + 1,
|
|
321
|
+
description: "XmlDocument or XmlReader.Create() is used without setting DtdProcessing.Prohibit. " +
|
|
322
|
+
"Attackers can exploit external entity references in crafted XML to read local files, " +
|
|
323
|
+
"perform server-side request forgery, or cause denial-of-service.",
|
|
324
|
+
fix: "Set XmlReaderSettings.DtdProcessing = DtdProcessing.Prohibit",
|
|
325
|
+
cwe: "CWE-611",
|
|
326
|
+
});
|
|
327
|
+
}
|
|
328
|
+
}
|
|
329
|
+
return results;
|
|
330
|
+
}
|
|
331
|
+
// --- Check 7: Path traversal (CWE-22) ---
|
|
332
|
+
// User-input terms that when passed as arguments to Path.Combine indicate
|
|
333
|
+
// potentially attacker-controlled path components. The regex is case-insensitive
|
|
334
|
+
// and does NOT require word boundaries on both sides so it catches compound
|
|
335
|
+
// identifiers like `userParam`, `queryString`, `requestBody`, etc.
|
|
336
|
+
const PATH_USER_INPUT_TERMS = /(?:request|query|param|body|header|routedata)/i;
|
|
337
|
+
function checkPathTraversal(filePath, content) {
|
|
338
|
+
const results = [];
|
|
339
|
+
const lines = content.split("\n");
|
|
340
|
+
for (let i = 0; i < lines.length; i++) {
|
|
341
|
+
const line = lines[i];
|
|
342
|
+
if (!/Path\.Combine\s*\(/.test(line))
|
|
343
|
+
continue;
|
|
344
|
+
// Extract the argument list from Path.Combine(...).
|
|
345
|
+
// We want user-input terms to appear INSIDE the call's argument list,
|
|
346
|
+
// not just anywhere on the line.
|
|
347
|
+
const combineArgMatch = /Path\.Combine\s*\(([^)]+)\)/.exec(line);
|
|
348
|
+
if (!combineArgMatch)
|
|
349
|
+
continue;
|
|
350
|
+
const args = combineArgMatch[1];
|
|
351
|
+
if (!PATH_USER_INPUT_TERMS.test(args))
|
|
352
|
+
continue;
|
|
353
|
+
// Check if Path.GetFullPath or similar normalization appears within
|
|
354
|
+
// the next 3 lines — if so, the developer likely validates the result.
|
|
355
|
+
const lookAheadEnd = Math.min(lines.length, i + 4);
|
|
356
|
+
const lookAhead = lines.slice(i, lookAheadEnd).join("\n");
|
|
357
|
+
if (/Path\.GetFullPath\s*\(/.test(lookAhead))
|
|
358
|
+
continue;
|
|
359
|
+
results.push({
|
|
360
|
+
checkId: "csharp:path-traversal",
|
|
361
|
+
title: "Potential path traversal via user-controlled path",
|
|
362
|
+
severity: "HIGH",
|
|
363
|
+
// Medium: user-input term is in arguments, but we can't verify how
|
|
364
|
+
// it was derived without deeper data-flow analysis.
|
|
365
|
+
confidence: "medium",
|
|
366
|
+
file: filePath,
|
|
367
|
+
line: i + 1,
|
|
368
|
+
description: "Path.Combine() is called with what appears to be request-derived input. An attacker " +
|
|
369
|
+
"could supply path segments like '../' to escape the intended directory and access " +
|
|
370
|
+
"arbitrary files on the server.",
|
|
371
|
+
fix: "Validate paths against a whitelist. Use Path.GetFullPath() and verify the result stays within the expected directory.",
|
|
372
|
+
cwe: "CWE-22",
|
|
373
|
+
});
|
|
374
|
+
}
|
|
375
|
+
return results;
|
|
376
|
+
}
|
|
377
|
+
// --- Check 8: Hardcoded connection strings in .cs source (CWE-798) ---
|
|
378
|
+
function checkHardcodedConnectionStrings(filePath, content) {
|
|
379
|
+
const results = [];
|
|
380
|
+
// Match inline connection string syntax inside string literals.
|
|
381
|
+
const pattern = /"(?:Server|Data Source|Initial Catalog)=/i;
|
|
382
|
+
const lines = content.split("\n");
|
|
383
|
+
for (let i = 0; i < lines.length; i++) {
|
|
384
|
+
if (pattern.test(lines[i])) {
|
|
385
|
+
results.push({
|
|
386
|
+
checkId: "csharp:hardcoded-connection-string",
|
|
387
|
+
title: "Hardcoded connection string in source code",
|
|
388
|
+
severity: "HIGH",
|
|
389
|
+
confidence: "medium",
|
|
390
|
+
file: filePath,
|
|
391
|
+
line: i + 1,
|
|
392
|
+
description: "A database connection string (Server=, Data Source=, or Initial Catalog=) is " +
|
|
393
|
+
"embedded directly in C# source code. This exposes database credentials to anyone " +
|
|
394
|
+
"who can read the repository.",
|
|
395
|
+
fix: "Store connection strings in configuration or environment variables.",
|
|
396
|
+
cwe: "CWE-798",
|
|
397
|
+
});
|
|
398
|
+
}
|
|
399
|
+
}
|
|
400
|
+
return results;
|
|
401
|
+
}
|
|
402
|
+
// --- Check 9: Developer exception page without environment guard (CWE-215) ---
|
|
403
|
+
function checkDeveloperExceptionPage(filePath, content) {
|
|
404
|
+
const results = [];
|
|
405
|
+
// If the file guards the call with IsDevelopment(), it is safe.
|
|
406
|
+
if (/IsDevelopment\s*\(\s*\)/.test(content)) {
|
|
407
|
+
return results;
|
|
408
|
+
}
|
|
409
|
+
const lines = content.split("\n");
|
|
410
|
+
for (let i = 0; i < lines.length; i++) {
|
|
411
|
+
if (/UseDeveloperExceptionPage\s*\(\s*\)/.test(lines[i])) {
|
|
412
|
+
results.push({
|
|
413
|
+
checkId: "csharp:developer-exception-page",
|
|
414
|
+
title: "Developer exception page enabled without environment check",
|
|
415
|
+
severity: "HIGH",
|
|
416
|
+
confidence: "high",
|
|
417
|
+
file: filePath,
|
|
418
|
+
line: i + 1,
|
|
419
|
+
description: "UseDeveloperExceptionPage() is called without a surrounding IsDevelopment() guard. " +
|
|
420
|
+
"In production this reveals full stack traces, source code snippets, and request " +
|
|
421
|
+
"details to users who trigger an unhandled exception.",
|
|
422
|
+
fix: "Only use in development: if (app.Environment.IsDevelopment()) app.UseDeveloperExceptionPage();",
|
|
423
|
+
cwe: "CWE-215",
|
|
424
|
+
});
|
|
425
|
+
}
|
|
426
|
+
}
|
|
427
|
+
return results;
|
|
428
|
+
}
|
|
429
|
+
// --- Check 10: Command injection via Process.Start with dynamic input (CWE-78) ---
|
|
430
|
+
// Terms that indicate user-controlled data flowing into Process.Start arguments.
|
|
431
|
+
const COMMAND_USER_INPUT_TERMS = /\b(?:[Rr]equest|[Uu]ser[Ii]nput|[Uu]ser[Nn]ame|[Qq]uery)\b/;
|
|
432
|
+
function checkCommandInjection(filePath, content) {
|
|
433
|
+
const results = [];
|
|
434
|
+
const lines = content.split("\n");
|
|
435
|
+
for (let i = 0; i < lines.length; i++) {
|
|
436
|
+
const line = lines[i];
|
|
437
|
+
if (!/Process\.Start\s*\(/.test(line))
|
|
438
|
+
continue;
|
|
439
|
+
// Only flag when BOTH conditions are met:
|
|
440
|
+
// 1. The line contains string concatenation (+) or interpolation ($").
|
|
441
|
+
// 2. The interpolated/concatenated value involves user-input terms
|
|
442
|
+
// OR the string concat is plain (+) which can include any variable.
|
|
443
|
+
//
|
|
444
|
+
// Rationale: `var x = Process.Start("notepad.exe")` has `var` on the line
|
|
445
|
+
// but no concat/interpolation, so it is NOT flagged.
|
|
446
|
+
// `Process.Start($"cmd /c {userInput}")` has interpolation → flagged.
|
|
447
|
+
// `Process.Start("bash", "-c " + userInput)` has concat + user term → flagged.
|
|
448
|
+
const hasConcatOrInterpolation = /\+/.test(line) || /\$"/.test(line);
|
|
449
|
+
if (!hasConcatOrInterpolation)
|
|
450
|
+
continue;
|
|
451
|
+
// For plain concat (+) without an explicit user-input term, require at least
|
|
452
|
+
// one user-input-derived identifier to avoid flagging benign constants.
|
|
453
|
+
const hasInterpolation = /\$"/.test(line);
|
|
454
|
+
const hasUserInputTerm = COMMAND_USER_INPUT_TERMS.test(line);
|
|
455
|
+
// $"..." interpolation with any variable is suspicious (flag it).
|
|
456
|
+
// Plain + concat is only flagged when user-input terms are also present.
|
|
457
|
+
if (!hasInterpolation && !hasUserInputTerm)
|
|
458
|
+
continue;
|
|
459
|
+
results.push({
|
|
460
|
+
checkId: "csharp:command-injection",
|
|
461
|
+
title: "Command injection via Process.Start with dynamic input",
|
|
462
|
+
severity: "CRITICAL",
|
|
463
|
+
confidence: "high",
|
|
464
|
+
file: filePath,
|
|
465
|
+
line: i + 1,
|
|
466
|
+
description: "Process.Start() is called with what appears to be dynamic (potentially user-controlled) " +
|
|
467
|
+
"arguments. If user input is passed unsanitized to a shell command, an attacker can " +
|
|
468
|
+
"execute arbitrary commands on the host.",
|
|
469
|
+
fix: "Validate all input before passing to Process.Start(). Use allowlists.",
|
|
470
|
+
cwe: "CWE-78",
|
|
471
|
+
});
|
|
472
|
+
}
|
|
473
|
+
return results;
|
|
474
|
+
}
|
|
475
|
+
// --- Check 11: Weak hash algorithm (CWE-328) ---
|
|
476
|
+
function checkWeakHashAlgorithm(filePath, content) {
|
|
477
|
+
const results = [];
|
|
478
|
+
const pattern = /MD5\.Create\s*\(\s*\)|SHA1\.Create\s*\(\s*\)|new\s+MD5CryptoServiceProvider\s*\(\s*\)|new\s+SHA1CryptoServiceProvider\s*\(\s*\)/;
|
|
479
|
+
const lines = content.split("\n");
|
|
480
|
+
for (let i = 0; i < lines.length; i++) {
|
|
481
|
+
if (pattern.test(lines[i])) {
|
|
482
|
+
results.push({
|
|
483
|
+
checkId: "csharp:weak-hash-algorithm",
|
|
484
|
+
title: "Weak hash algorithm: MD5 or SHA-1",
|
|
485
|
+
severity: "HIGH",
|
|
486
|
+
confidence: "medium",
|
|
487
|
+
file: filePath,
|
|
488
|
+
line: i + 1,
|
|
489
|
+
description: "MD5 and SHA-1 are cryptographically broken. Collisions are computationally feasible " +
|
|
490
|
+
"for both algorithms. Using them for integrity checks or password hashing provides " +
|
|
491
|
+
"insufficient protection.",
|
|
492
|
+
fix: "Use SHA256.Create() or SHA512.Create() for hashing.",
|
|
493
|
+
cwe: "CWE-328",
|
|
494
|
+
});
|
|
495
|
+
}
|
|
496
|
+
}
|
|
497
|
+
return results;
|
|
498
|
+
}
|
|
499
|
+
// --- Check 12: Missing anti-forgery token on POST actions (CWE-352) ---
|
|
500
|
+
function checkMissingAntiForgeryToken(filePath, content) {
|
|
501
|
+
const results = [];
|
|
502
|
+
const lines = content.split("\n");
|
|
503
|
+
for (let i = 0; i < lines.length; i++) {
|
|
504
|
+
const line = lines[i];
|
|
505
|
+
if (!/\[HttpPost\]/.test(line))
|
|
506
|
+
continue;
|
|
507
|
+
// Look at up to 3 lines immediately above for the anti-forgery attribute.
|
|
508
|
+
const windowStart = Math.max(0, i - 3);
|
|
509
|
+
const window = lines.slice(windowStart, i).join("\n");
|
|
510
|
+
if (!/\[ValidateAntiForgeryToken\]/.test(window)) {
|
|
511
|
+
results.push({
|
|
512
|
+
checkId: "csharp:missing-antiforgery-token",
|
|
513
|
+
title: "POST action missing [ValidateAntiForgeryToken]",
|
|
514
|
+
severity: "MEDIUM",
|
|
515
|
+
confidence: "medium",
|
|
516
|
+
file: filePath,
|
|
517
|
+
line: i + 1,
|
|
518
|
+
description: "This [HttpPost] action does not have a [ValidateAntiForgeryToken] attribute within " +
|
|
519
|
+
"the preceding 3 lines. Without CSRF validation, a malicious page can trick a logged-in " +
|
|
520
|
+
"user's browser into submitting unintended requests.",
|
|
521
|
+
fix: "Add [ValidateAntiForgeryToken] to POST actions, or use [AutoValidateAntiforgeryToken] on the controller.",
|
|
522
|
+
cwe: "CWE-352",
|
|
523
|
+
});
|
|
524
|
+
}
|
|
525
|
+
}
|
|
526
|
+
return results;
|
|
527
|
+
}
|
|
528
|
+
// --- Check 13: [AllowAnonymous] on sensitive controller or action (CWE-306) ---
|
|
529
|
+
// Terms that suggest an endpoint handles privileged or personal data.
|
|
530
|
+
const SENSITIVE_TERMS = /admin|user|account|settings|manage/i;
|
|
531
|
+
// Method names that suggest mutating or privileged operations.
|
|
532
|
+
const SENSITIVE_METHOD_NAMES = /Create|Update|Delete|Admin|Settings|Manage|Account/;
|
|
533
|
+
// HTTP verbs that mutate state — AllowAnonymous on these is riskier than on GET.
|
|
534
|
+
const MUTATING_HTTP_VERBS = /\[Http(?:Post|Put|Delete|Patch)(?:\([^)]*\))?\]/;
|
|
535
|
+
function checkAllowAnonymousOnSensitiveController(filePath, content) {
|
|
536
|
+
const results = [];
|
|
537
|
+
const lines = content.split("\n");
|
|
538
|
+
for (let i = 0; i < lines.length; i++) {
|
|
539
|
+
const line = lines[i];
|
|
540
|
+
if (!/\[AllowAnonymous\]/.test(line))
|
|
541
|
+
continue;
|
|
542
|
+
// --- Path-based detection ---
|
|
543
|
+
// If the file path itself signals a sensitive controller (e.g. AdminController.cs),
|
|
544
|
+
// flag regardless of HTTP verb because the entire class is presumably privileged.
|
|
545
|
+
if (SENSITIVE_TERMS.test(filePath)) {
|
|
546
|
+
results.push({
|
|
547
|
+
checkId: "csharp:allow-anonymous-sensitive",
|
|
548
|
+
title: "[AllowAnonymous] on sensitive controller or action",
|
|
549
|
+
severity: "HIGH",
|
|
550
|
+
confidence: "low",
|
|
551
|
+
file: filePath,
|
|
552
|
+
line: i + 1,
|
|
553
|
+
description: "[AllowAnonymous] is applied in a file whose name suggests it handles admin, user, " +
|
|
554
|
+
"account, settings, or management functionality. This overrides any controller-level " +
|
|
555
|
+
"[Authorize] attribute and makes the endpoint publicly accessible.",
|
|
556
|
+
fix: "Remove [AllowAnonymous] from sensitive endpoints. Use [Authorize] instead.",
|
|
557
|
+
cwe: "CWE-306",
|
|
558
|
+
});
|
|
559
|
+
continue;
|
|
560
|
+
}
|
|
561
|
+
// --- Code-level detection ---
|
|
562
|
+
// For files without a sensitive name, flag when the surrounding context contains
|
|
563
|
+
// a sensitive class or method name (e.g. UserSettingsController, AdminAction,
|
|
564
|
+
// CreateUser). HTTP verb context is used to confirm this is a controller action
|
|
565
|
+
// (not a utility class), but we don't restrict to mutating verbs only — a GET
|
|
566
|
+
// endpoint exposing admin data is also a concern.
|
|
567
|
+
const windowStart = Math.max(0, i - 4);
|
|
568
|
+
const windowEnd = Math.min(lines.length, i + 5);
|
|
569
|
+
const window = lines.slice(windowStart, windowEnd).join("\n");
|
|
570
|
+
// Require at least one HTTP verb attribute nearby to confirm this is a
|
|
571
|
+
// controller action (not just a random class with the attribute).
|
|
572
|
+
const hasHttpVerb = /\[Http(?:Get|Post|Put|Delete|Patch)(?:\([^)]*\))?\]/.test(window);
|
|
573
|
+
const hasSensitiveName = SENSITIVE_TERMS.test(window) || SENSITIVE_METHOD_NAMES.test(window);
|
|
574
|
+
if (hasHttpVerb && hasSensitiveName) {
|
|
575
|
+
results.push({
|
|
576
|
+
checkId: "csharp:allow-anonymous-sensitive",
|
|
577
|
+
title: "[AllowAnonymous] on sensitive controller or action",
|
|
578
|
+
severity: "HIGH",
|
|
579
|
+
confidence: "low",
|
|
580
|
+
file: filePath,
|
|
581
|
+
line: i + 1,
|
|
582
|
+
description: "[AllowAnonymous] is applied near code that appears to handle admin, user, account, " +
|
|
583
|
+
"settings, or management functionality. This overrides any controller-level [Authorize] " +
|
|
584
|
+
"attribute and makes the endpoint publicly accessible.",
|
|
585
|
+
fix: "Remove [AllowAnonymous] from sensitive endpoints. Use [Authorize] instead.",
|
|
586
|
+
cwe: "CWE-306",
|
|
587
|
+
});
|
|
588
|
+
}
|
|
589
|
+
}
|
|
590
|
+
return results;
|
|
591
|
+
}
|
|
592
|
+
//# sourceMappingURL=csharp-agent.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"csharp-agent.js","sourceRoot":"","sources":["../../../src/scanning/agents/csharp-agent.ts"],"names":[],"mappings":"AAAA,8CAA8C;AAC9C,2EAA2E;AAC3E,wEAAwE;AACxE,uEAAuE;AAIvE,MAAM,OAAO,eAAe;IAC1B,KAAK,CAAC,MAAM,CAAC,KAA0B;QACrC,KAAK,MAAM,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;YACpC,IACE,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAC5B,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAC5B,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EACzB,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAA0B;QACnC,MAAM,OAAO,GAAiB,EAAE,CAAC;QAEjC,yDAAyD;QACzD,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEzD,8EAA8E;QAC9E,2EAA2E;QAC3E,gDAAgD;QAChD,MAAM,aAAa,GACjB,4CAA4C,CAAC,IAAI,CAAC,UAAU,CAAC;YAC7D,wBAAwB,CAAC,IAAI,CAAC,UAAU,CAAC;YACzC,wBAAwB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAE5C,iDAAiD;QACjD,MAAM,cAAc,GAAG,wCAAwC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAEjF,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,KAAK,EAAE,CAAC;YACxC,IAAI,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC3B,OAAO,CAAC,IAAI,CAAC,GAAG,qBAAqB,CAAC,QAAQ,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC;gBACzE,OAAO,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBACtD,OAAO,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBACtD,OAAO,CAAC,IAAI,CAAC,GAAG,0BAA0B,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBAC/D,OAAO,CAAC,IAAI,CAAC,GAAG,qBAAqB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBAC1D,OAAO,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBACvD,OAAO,CAAC,IAAI,CAAC,GAAG,+BAA+B,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBACpE,OAAO,CAAC,IAAI,CAAC,GAAG,2BAA2B,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBAChE,OAAO,CAAC,IAAI,CAAC,GAAG,qBAAqB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBAC1D,OAAO,CAAC,IAAI,CAAC,GAAG,sBAAsB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBAC3D,OAAO,CAAC,IAAI,CAAC,GAAG,4BAA4B,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBACjE,OAAO,CAAC,IAAI,CAAC,GAAG,wCAAwC,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;YAC/E,CAAC;YAED,IAAI,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC3B,OAAO,CAAC,IAAI,CAAC,GAAG,yBAAyB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;YAChE,CAAC;QACH,CAAC;QAED,+EAA+E;QAC/E,2EAA2E;QAC3E,KAAK,cAAc,CAAC;QAEpB,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,WAAW;QACT,OAAO;YACL,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,OAAO;YAChB,YAAY,EAAE,CAAC,QAAQ,CAAC;SACzB,CAAC;IACJ,CAAC;IAED,SAAS;QACP,OAAO;YACL;gBACE,EAAE,EAAE,+BAA+B;gBACnC,IAAI,EAAE,sCAAsC;gBAC5C,QAAQ,EAAE,UAAU;aACrB;YACD;gBACE,EAAE,EAAE,0BAA0B;gBAC9B,IAAI,EAAE,sDAAsD;gBAC5D,QAAQ,EAAE,QAAQ;aACnB;YACD;gBACE,EAAE,EAAE,sBAAsB;gBAC1B,IAAI,EAAE,yDAAyD;gBAC/D,QAAQ,EAAE,UAAU;aACrB;YACD;gBACE,EAAE,EAAE,sBAAsB;gBAC1B,IAAI,EAAE,qCAAqC;gBAC3C,QAAQ,EAAE,QAAQ;aACnB;YACD;gBACE,EAAE,EAAE,+BAA+B;gBACnC,IAAI,EAAE,4CAA4C;gBAClD,QAAQ,EAAE,UAAU;aACrB;YACD;gBACE,EAAE,EAAE,0BAA0B;gBAC9B,IAAI,EAAE,wDAAwD;gBAC9D,QAAQ,EAAE,MAAM;aACjB;YACD;gBACE,EAAE,EAAE,uBAAuB;gBAC3B,IAAI,EAAE,mDAAmD;gBACzD,QAAQ,EAAE,MAAM;aACjB;YACD;gBACE,EAAE,EAAE,oCAAoC;gBACxC,IAAI,EAAE,4CAA4C;gBAClD,QAAQ,EAAE,MAAM;aACjB;YACD;gBACE,EAAE,EAAE,iCAAiC;gBACrC,IAAI,EAAE,4DAA4D;gBAClE,QAAQ,EAAE,MAAM;aACjB;YACD;gBACE,EAAE,EAAE,0BAA0B;gBAC9B,IAAI,EAAE,wDAAwD;gBAC9D,QAAQ,EAAE,UAAU;aACrB;YACD;gBACE,EAAE,EAAE,4BAA4B;gBAChC,IAAI,EAAE,mCAAmC;gBACzC,QAAQ,EAAE,MAAM;aACjB;YACD;gBACE,EAAE,EAAE,kCAAkC;gBACtC,IAAI,EAAE,gDAAgD;gBACtD,QAAQ,EAAE,QAAQ;aACnB;YACD;gBACE,EAAE,EAAE,kCAAkC;gBACtC,IAAI,EAAE,oDAAoD;gBAC1D,QAAQ,EAAE,MAAM;aACjB;SACF,CAAC;IACJ,CAAC;CACF;AAED,4BAA4B;AAE5B,oDAAoD;AACpD,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC9B,CAAC;AAED,sEAAsE;AACtE,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC;IAC/C,OAAO,uBAAuB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAChD,CAAC;AAED,0DAA0D;AAE1D,gEAAgE;AAChE,MAAM,mBAAmB,GAAG,yDAAyD,CAAC;AAEtF,SAAS,yBAAyB,CAAC,QAAgB,EAAE,OAAe;IAClE,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,qEAAqE;IACrE,mFAAmF;IACnF,mEAAmE;IACnE,MAAM,OAAO,GACX,sFAAsF,CAAC;IAEzF,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,8DAA8D;QAC9D,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QACtB,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjC,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACvB,+CAA+C;QAC/C,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;YAAE,SAAS;QAChD,IAAI,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,SAAS;QAE9C,OAAO,CAAC,IAAI,CAAC;YACX,OAAO,EAAE,+BAA+B;YACxC,KAAK,EAAE,sCAAsC;YAC7C,QAAQ,EAAE,UAAU;YACpB,UAAU,EAAE,MAAM;YAClB,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,GAAG,CAAC;YACX,WAAW,EACT,kFAAkF;gBAClF,iFAAiF;gBACjF,4CAA4C;YAC9C,GAAG,EAAE,8DAA8D;YACnE,GAAG,EAAE,SAAS;SACf,CAAC,CAAC;IACL,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,4EAA4E;AAE5E,SAAS,qBAAqB,CAC5B,QAAgB,EAChB,OAAe,EACf,aAAsB;IAEtB,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,kDAAkD;IAClD,MAAM,mBAAmB,GAAG,2BAA2B,CAAC;IACxD,IAAI,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,OAAO,OAAO,CAAC;IAEvD,6EAA6E;IAC7E,sCAAsC;IACtC,MAAM,iBAAiB,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxD,IAAI,iBAAiB;QAAE,OAAO,OAAO,CAAC;IAEtC,0EAA0E;IAC1E,mDAAmD;IACnD,MAAM,UAAU,GAAG,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC;IAEpD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,IAAI,CAAC,2CAA2C,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAEtE,yDAAyD;QACzD,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEtD,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,0BAA0B;gBACnC,KAAK,EAAE,sDAAsD;gBAC7D,QAAQ,EAAE,QAAQ;gBAClB,UAAU;gBACV,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,WAAW,EACT,gFAAgF;oBAChF,qFAAqF;oBACrF,6CAA6C;gBAC/C,GAAG,EAAE,oFAAoF;gBACzF,GAAG,EAAE,SAAS;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8DAA8D;AAE9D,SAAS,iBAAiB,CAAC,QAAgB,EAAE,OAAe;IAC1D,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,2CAA2C;QAC3C,MAAM,aAAa,GAAG,4BAA4B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9D,MAAM,SAAS,GAAG,mCAAmC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEjE,IAAI,CAAC,aAAa,IAAI,CAAC,SAAS;YAAE,SAAS;QAE3C,wEAAwE;QACxE,wDAAwD;QACxD,IAAI,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAE1D,oEAAoE;QACpE,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACxC,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,sBAAsB;gBAC/B,KAAK,EAAE,yDAAyD;gBAChE,QAAQ,EAAE,UAAU;gBACpB,UAAU,EAAE,MAAM;gBAClB,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,WAAW,EACT,wFAAwF;oBACxF,wFAAwF;oBACxF,kCAAkC;gBACpC,GAAG,EAAE,uFAAuF;gBAC5F,GAAG,EAAE,QAAQ;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,2CAA2C;AAE3C,SAAS,iBAAiB,CAAC,QAAgB,EAAE,OAAe;IAC1D,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,IACE,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC;YACrC,oCAAoC,CAAC,IAAI,CAAC,IAAI,CAAC;YAC/C,kCAAkC,CAAC,IAAI,CAAC,IAAI,CAAC,EAC7C,CAAC;YACD,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,sBAAsB;gBAC/B,KAAK,EAAE,qCAAqC;gBAC5C,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,MAAM;gBAClB,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,WAAW,EACT,qFAAqF;oBACrF,+EAA+E;gBACjF,GAAG,EAAE,8DAA8D;gBACnE,GAAG,EAAE,SAAS;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,wEAAwE;AAExE,SAAS,0BAA0B,CAAC,QAAgB,EAAE,OAAe;IACnE,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACrC,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,+BAA+B;gBACxC,KAAK,EAAE,4CAA4C;gBACnD,QAAQ,EAAE,UAAU;gBACpB,UAAU,EAAE,MAAM;gBAClB,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,WAAW,EACT,sFAAsF;oBACtF,sFAAsF;oBACtF,+BAA+B;gBACjC,GAAG,EAAE,oEAAoE;gBACzE,GAAG,EAAE,SAAS;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,uFAAuF;AAEvF,SAAS,qBAAqB,CAAC,QAAgB,EAAE,OAAe;IAC9D,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,iEAAiE;IACjE,IAAI,iDAAiD,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACpE,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,IAAI,oDAAoD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACpE,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,0BAA0B;gBACnC,KAAK,EAAE,wDAAwD;gBAC/D,QAAQ,EAAE,MAAM;gBAChB,2EAA2E;gBAC3E,0EAA0E;gBAC1E,UAAU,EAAE,QAAQ;gBACpB,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,WAAW,EACT,oFAAoF;oBACpF,uFAAuF;oBACvF,kEAAkE;gBACpE,GAAG,EAAE,8DAA8D;gBACnE,GAAG,EAAE,SAAS;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,2CAA2C;AAE3C,0EAA0E;AAC1E,iFAAiF;AACjF,4EAA4E;AAC5E,mEAAmE;AACnE,MAAM,qBAAqB,GAAG,gDAAgD,CAAC;AAE/E,SAAS,kBAAkB,CAAC,QAAgB,EAAE,OAAe;IAC3D,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAE/C,oDAAoD;QACpD,sEAAsE;QACtE,iCAAiC;QACjC,MAAM,eAAe,GAAG,6BAA6B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjE,IAAI,CAAC,eAAe;YAAE,SAAS;QAE/B,MAAM,IAAI,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;QAChC,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAEhD,oEAAoE;QACpE,uEAAuE;QACvE,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QACnD,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,IAAI,wBAAwB,CAAC,IAAI,CAAC,SAAS,CAAC;YAAE,SAAS;QAEvD,OAAO,CAAC,IAAI,CAAC;YACX,OAAO,EAAE,uBAAuB;YAChC,KAAK,EAAE,mDAAmD;YAC1D,QAAQ,EAAE,MAAM;YAChB,mEAAmE;YACnE,oDAAoD;YACpD,UAAU,EAAE,QAAQ;YACpB,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,GAAG,CAAC;YACX,WAAW,EACT,sFAAsF;gBACtF,oFAAoF;gBACpF,gCAAgC;YAClC,GAAG,EAAE,uHAAuH;YAC5H,GAAG,EAAE,QAAQ;SACd,CAAC,CAAC;IACL,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,wEAAwE;AAExE,SAAS,+BAA+B,CAAC,QAAgB,EAAE,OAAe;IACxE,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,gEAAgE;IAChE,MAAM,OAAO,GAAG,2CAA2C,CAAC;IAC5D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,oCAAoC;gBAC7C,KAAK,EAAE,4CAA4C;gBACnD,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,QAAQ;gBACpB,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,WAAW,EACT,+EAA+E;oBAC/E,mFAAmF;oBACnF,8BAA8B;gBAChC,GAAG,EAAE,qEAAqE;gBAC1E,GAAG,EAAE,SAAS;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,gFAAgF;AAEhF,SAAS,2BAA2B,CAAC,QAAgB,EAAE,OAAe;IACpE,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,gEAAgE;IAChE,IAAI,yBAAyB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5C,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,qCAAqC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACzD,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,iCAAiC;gBAC1C,KAAK,EAAE,4DAA4D;gBACnE,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,MAAM;gBAClB,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,WAAW,EACT,qFAAqF;oBACrF,kFAAkF;oBAClF,sDAAsD;gBACxD,GAAG,EAAE,gGAAgG;gBACrG,GAAG,EAAE,SAAS;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,oFAAoF;AAEpF,iFAAiF;AACjF,MAAM,wBAAwB,GAAG,4DAA4D,CAAC;AAE9F,SAAS,qBAAqB,CAAC,QAAgB,EAAE,OAAe;IAC9D,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAEhD,0CAA0C;QAC1C,uEAAuE;QACvE,mEAAmE;QACnE,uEAAuE;QACvE,EAAE;QACF,0EAA0E;QAC1E,qDAAqD;QACrD,sEAAsE;QACtE,+EAA+E;QAC/E,MAAM,wBAAwB,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrE,IAAI,CAAC,wBAAwB;YAAE,SAAS;QAExC,6EAA6E;QAC7E,wEAAwE;QACxE,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,MAAM,gBAAgB,GAAG,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE7D,kEAAkE;QAClE,yEAAyE;QACzE,IAAI,CAAC,gBAAgB,IAAI,CAAC,gBAAgB;YAAE,SAAS;QAErD,OAAO,CAAC,IAAI,CAAC;YACX,OAAO,EAAE,0BAA0B;YACnC,KAAK,EAAE,wDAAwD;YAC/D,QAAQ,EAAE,UAAU;YACpB,UAAU,EAAE,MAAM;YAClB,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,GAAG,CAAC;YACX,WAAW,EACT,0FAA0F;gBAC1F,qFAAqF;gBACrF,yCAAyC;YAC3C,GAAG,EAAE,uEAAuE;YAC5E,GAAG,EAAE,QAAQ;SACd,CAAC,CAAC;IACL,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,kDAAkD;AAElD,SAAS,sBAAsB,CAAC,QAAgB,EAAE,OAAe;IAC/D,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,OAAO,GACX,iIAAiI,CAAC;IACpI,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,4BAA4B;gBACrC,KAAK,EAAE,mCAAmC;gBAC1C,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,QAAQ;gBACpB,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,WAAW,EACT,sFAAsF;oBACtF,oFAAoF;oBACpF,0BAA0B;gBAC5B,GAAG,EAAE,qDAAqD;gBAC1D,GAAG,EAAE,SAAS;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,yEAAyE;AAEzE,SAAS,4BAA4B,CAAC,QAAgB,EAAE,OAAe;IACrE,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAEzC,0EAA0E;QAC1E,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEtD,IAAI,CAAC,8BAA8B,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACjD,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,kCAAkC;gBAC3C,KAAK,EAAE,gDAAgD;gBACvD,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,QAAQ;gBACpB,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,WAAW,EACT,qFAAqF;oBACrF,yFAAyF;oBACzF,qDAAqD;gBACvD,GAAG,EAAE,0GAA0G;gBAC/G,GAAG,EAAE,SAAS;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,iFAAiF;AAEjF,sEAAsE;AACtE,MAAM,eAAe,GAAG,qCAAqC,CAAC;AAE9D,+DAA+D;AAC/D,MAAM,sBAAsB,GAAG,oDAAoD,CAAC;AAEpF,iFAAiF;AACjF,MAAM,mBAAmB,GAAG,iDAAiD,CAAC;AAE9E,SAAS,wCAAwC,CAC/C,QAAgB,EAChB,OAAe;IAEf,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QAE/C,+BAA+B;QAC/B,oFAAoF;QACpF,kFAAkF;QAClF,IAAI,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,kCAAkC;gBAC3C,KAAK,EAAE,oDAAoD;gBAC3D,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,KAAK;gBACjB,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,WAAW,EACT,oFAAoF;oBACpF,sFAAsF;oBACtF,mEAAmE;gBACrE,GAAG,EAAE,4EAA4E;gBACjF,GAAG,EAAE,SAAS;aACf,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,+BAA+B;QAC/B,iFAAiF;QACjF,8EAA8E;QAC9E,gFAAgF;QAChF,8EAA8E;QAC9E,kDAAkD;QAClD,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QACvC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAChD,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE9D,uEAAuE;QACvE,kEAAkE;QAClE,MAAM,WAAW,GAAG,qDAAqD,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvF,MAAM,gBAAgB,GAAG,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAE7F,IAAI,WAAW,IAAI,gBAAgB,EAAE,CAAC;YACpC,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,kCAAkC;gBAC3C,KAAK,EAAE,oDAAoD;gBAC3D,QAAQ,EAAE,MAAM;gBAChB,UAAU,EAAE,KAAK;gBACjB,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,WAAW,EACT,qFAAqF;oBACrF,yFAAyF;oBACzF,uDAAuD;gBACzD,GAAG,EAAE,4EAA4E;gBACjF,GAAG,EAAE,SAAS;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import type { ScanAgent, ScanResult, AgentMetadata, CheckDefinition } from "../types.js";
|
|
2
|
+
export type Confidence = "high" | "medium" | "low";
|
|
3
|
+
export interface GoScanResult extends ScanResult {
|
|
4
|
+
confidence: Confidence;
|
|
5
|
+
}
|
|
6
|
+
export declare class GoScanAgent implements ScanAgent {
|
|
7
|
+
detect(files: Map<string, string>): Promise<boolean>;
|
|
8
|
+
scan(files: Map<string, string>): Promise<ScanResult[]>;
|
|
9
|
+
getMetadata(): AgentMetadata;
|
|
10
|
+
getChecks(): CheckDefinition[];
|
|
11
|
+
}
|
|
12
|
+
/** Returns true if the file path ends with .go. */
|
|
13
|
+
export declare function isGoFile(path: string): boolean;
|
|
14
|
+
//# sourceMappingURL=go-agent.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"go-agent.d.ts","sourceRoot":"","sources":["../../../src/scanning/agents/go-agent.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAKzF,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAEnD,MAAM,WAAW,YAAa,SAAQ,UAAU;IAC9C,UAAU,EAAE,UAAU,CAAC;CACxB;AAED,qBAAa,WAAY,YAAW,SAAS;IACrC,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;IASpD,IAAI,CAAC,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAyB7D,WAAW,IAAI,aAAa;IAQ5B,SAAS,IAAI,eAAe,EAAE;CAoB/B;AAID,mDAAmD;AACnD,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAE9C"}
|