@datahogo/core 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +661 -0
- package/README.md +17 -0
- package/dist/engines/config.d.ts +3 -0
- package/dist/engines/config.d.ts.map +1 -0
- package/dist/engines/config.js +433 -0
- package/dist/engines/config.js.map +1 -0
- package/dist/engines/dast.d.ts +3 -0
- package/dist/engines/dast.d.ts.map +1 -0
- package/dist/engines/dast.js +167 -0
- package/dist/engines/dast.js.map +1 -0
- package/dist/engines/db-rules.d.ts +3 -0
- package/dist/engines/db-rules.d.ts.map +1 -0
- package/dist/engines/db-rules.js +166 -0
- package/dist/engines/db-rules.js.map +1 -0
- package/dist/engines/dependencies.d.ts +3 -0
- package/dist/engines/dependencies.d.ts.map +1 -0
- package/dist/engines/dependencies.js +167 -0
- package/dist/engines/dependencies.js.map +1 -0
- package/dist/engines/github-actions.d.ts +3 -0
- package/dist/engines/github-actions.d.ts.map +1 -0
- package/dist/engines/github-actions.js +215 -0
- package/dist/engines/github-actions.js.map +1 -0
- package/dist/engines/gitleaks.d.ts +3 -0
- package/dist/engines/gitleaks.d.ts.map +1 -0
- package/dist/engines/gitleaks.js +107 -0
- package/dist/engines/gitleaks.js.map +1 -0
- package/dist/engines/npm-audit.d.ts +3 -0
- package/dist/engines/npm-audit.d.ts.map +1 -0
- package/dist/engines/npm-audit.js +113 -0
- package/dist/engines/npm-audit.js.map +1 -0
- package/dist/engines/patterns.d.ts +3 -0
- package/dist/engines/patterns.d.ts.map +1 -0
- package/dist/engines/patterns.js +1330 -0
- package/dist/engines/patterns.js.map +1 -0
- package/dist/engines/secrets.d.ts +4 -0
- package/dist/engines/secrets.d.ts.map +1 -0
- package/dist/engines/secrets.js +260 -0
- package/dist/engines/secrets.js.map +1 -0
- package/dist/engines/semgrep.d.ts +3 -0
- package/dist/engines/semgrep.d.ts.map +1 -0
- package/dist/engines/semgrep.js +173 -0
- package/dist/engines/semgrep.js.map +1 -0
- package/dist/engines/types.d.ts +30 -0
- package/dist/engines/types.d.ts.map +1 -0
- package/dist/engines/types.js +3 -0
- package/dist/engines/types.js.map +1 -0
- package/dist/engines/url-scanner.d.ts +3 -0
- package/dist/engines/url-scanner.d.ts.map +1 -0
- package/dist/engines/url-scanner.js +469 -0
- package/dist/engines/url-scanner.js.map +1 -0
- package/dist/index.d.ts +8 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +8 -0
- package/dist/index.js.map +1 -0
- package/dist/orchestrator.d.ts +32 -0
- package/dist/orchestrator.d.ts.map +1 -0
- package/dist/orchestrator.js +237 -0
- package/dist/orchestrator.js.map +1 -0
- package/dist/rules/.gitkeep +0 -0
- package/dist/rules/ai-llm-security.yaml +199 -0
- package/dist/rules/api-security.yaml +489 -0
- package/dist/rules/auth-patterns.yaml +406 -0
- package/dist/rules/crypto-patterns.yaml +227 -0
- package/dist/rules/database-cloud-security.yaml +169 -0
- package/dist/rules/general-security.yaml +588 -0
- package/dist/rules/injection-patterns.yaml +318 -0
- package/dist/rules/nextjs-security.yaml +532 -0
- package/dist/rules/node-security.yaml +380 -0
- package/dist/rules/rules/.gitkeep +0 -0
- package/dist/rules/rules/ai-llm-security.yaml +199 -0
- package/dist/rules/rules/api-security.yaml +489 -0
- package/dist/rules/rules/auth-patterns.yaml +406 -0
- package/dist/rules/rules/crypto-patterns.yaml +227 -0
- package/dist/rules/rules/database-cloud-security.yaml +169 -0
- package/dist/rules/rules/general-security.yaml +588 -0
- package/dist/rules/rules/injection-patterns.yaml +318 -0
- package/dist/rules/rules/nextjs-security.yaml +532 -0
- package/dist/rules/rules/node-security.yaml +380 -0
- package/dist/rules/rules/supabase-security.yaml +387 -0
- package/dist/rules/supabase-security.yaml +387 -0
- package/dist/scanning/agents/csharp-agent.d.ts +12 -0
- package/dist/scanning/agents/csharp-agent.d.ts.map +1 -0
- package/dist/scanning/agents/csharp-agent.js +592 -0
- package/dist/scanning/agents/csharp-agent.js.map +1 -0
- package/dist/scanning/agents/go-agent.d.ts +14 -0
- package/dist/scanning/agents/go-agent.d.ts.map +1 -0
- package/dist/scanning/agents/go-agent.js +641 -0
- package/dist/scanning/agents/go-agent.js.map +1 -0
- package/dist/scanning/agents/java-agent.d.ts +8 -0
- package/dist/scanning/agents/java-agent.d.ts.map +1 -0
- package/dist/scanning/agents/java-agent.js +807 -0
- package/dist/scanning/agents/java-agent.js.map +1 -0
- package/dist/scanning/agents/javascript-agent.d.ts +8 -0
- package/dist/scanning/agents/javascript-agent.d.ts.map +1 -0
- package/dist/scanning/agents/javascript-agent.js +77 -0
- package/dist/scanning/agents/javascript-agent.js.map +1 -0
- package/dist/scanning/agents/mobile-agent.d.ts +8 -0
- package/dist/scanning/agents/mobile-agent.d.ts.map +1 -0
- package/dist/scanning/agents/mobile-agent.js +916 -0
- package/dist/scanning/agents/mobile-agent.js.map +1 -0
- package/dist/scanning/agents/php-agent.d.ts +8 -0
- package/dist/scanning/agents/php-agent.d.ts.map +1 -0
- package/dist/scanning/agents/php-agent.js +679 -0
- package/dist/scanning/agents/php-agent.js.map +1 -0
- package/dist/scanning/agents/python-agent.d.ts +8 -0
- package/dist/scanning/agents/python-agent.d.ts.map +1 -0
- package/dist/scanning/agents/python-agent.js +701 -0
- package/dist/scanning/agents/python-agent.js.map +1 -0
- package/dist/scanning/agents/supabase-agent.d.ts +8 -0
- package/dist/scanning/agents/supabase-agent.d.ts.map +1 -0
- package/dist/scanning/agents/supabase-agent.js +484 -0
- package/dist/scanning/agents/supabase-agent.js.map +1 -0
- package/dist/scanning/orchestrator.d.ts +29 -0
- package/dist/scanning/orchestrator.d.ts.map +1 -0
- package/dist/scanning/orchestrator.js +186 -0
- package/dist/scanning/orchestrator.js.map +1 -0
- package/dist/scanning/tech-detector.d.ts +12 -0
- package/dist/scanning/tech-detector.d.ts.map +1 -0
- package/dist/scanning/tech-detector.js +252 -0
- package/dist/scanning/tech-detector.js.map +1 -0
- package/dist/scanning/types.d.ts +87 -0
- package/dist/scanning/types.d.ts.map +1 -0
- package/dist/scanning/types.js +5 -0
- package/dist/scanning/types.js.map +1 -0
- package/dist/utils/child-process.d.ts +2 -0
- package/dist/utils/child-process.d.ts.map +1 -0
- package/dist/utils/child-process.js +4 -0
- package/dist/utils/child-process.js.map +1 -0
- package/dist/utils/context-classifier.d.ts +11 -0
- package/dist/utils/context-classifier.d.ts.map +1 -0
- package/dist/utils/context-classifier.js +79 -0
- package/dist/utils/context-classifier.js.map +1 -0
- package/dist/utils/exec.d.ts +18 -0
- package/dist/utils/exec.d.ts.map +1 -0
- package/dist/utils/exec.js +51 -0
- package/dist/utils/exec.js.map +1 -0
- package/dist/utils/file-filter.d.ts +4 -0
- package/dist/utils/file-filter.d.ts.map +1 -0
- package/dist/utils/file-filter.js +68 -0
- package/dist/utils/file-filter.js.map +1 -0
- package/dist/utils/fs.d.ts +2 -0
- package/dist/utils/fs.d.ts.map +1 -0
- package/dist/utils/fs.js +5 -0
- package/dist/utils/fs.js.map +1 -0
- package/dist/utils/logger.d.ts +12 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/logger.js +27 -0
- package/dist/utils/logger.js.map +1 -0
- package/dist/utils/post-processor.d.ts +10 -0
- package/dist/utils/post-processor.d.ts.map +1 -0
- package/dist/utils/post-processor.js +183 -0
- package/dist/utils/post-processor.js.map +1 -0
- package/package.json +44 -0
|
@@ -0,0 +1,469 @@
|
|
|
1
|
+
// URL scanner engine - checks deployed app for security headers, SSL, cookies
|
|
2
|
+
// Makes HTTP requests to the target URL and analyzes the response
|
|
3
|
+
const HEADER_CHECKS = [
|
|
4
|
+
{
|
|
5
|
+
id: 63,
|
|
6
|
+
header: "content-security-policy",
|
|
7
|
+
name: "Missing Content Security Policy",
|
|
8
|
+
severity: "medium",
|
|
9
|
+
expectedPresent: true,
|
|
10
|
+
category: "headers",
|
|
11
|
+
},
|
|
12
|
+
{
|
|
13
|
+
id: 64,
|
|
14
|
+
header: "x-frame-options",
|
|
15
|
+
name: "Missing X-Frame-Options",
|
|
16
|
+
severity: "medium",
|
|
17
|
+
expectedPresent: true,
|
|
18
|
+
category: "headers",
|
|
19
|
+
},
|
|
20
|
+
{
|
|
21
|
+
id: 65,
|
|
22
|
+
header: "x-content-type-options",
|
|
23
|
+
name: "Missing X-Content-Type-Options",
|
|
24
|
+
severity: "low",
|
|
25
|
+
expectedPresent: true,
|
|
26
|
+
category: "headers",
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
id: 66,
|
|
30
|
+
header: "strict-transport-security",
|
|
31
|
+
name: "Missing HSTS Header",
|
|
32
|
+
severity: "medium",
|
|
33
|
+
expectedPresent: true,
|
|
34
|
+
category: "headers",
|
|
35
|
+
},
|
|
36
|
+
{
|
|
37
|
+
id: 251,
|
|
38
|
+
header: "referrer-policy",
|
|
39
|
+
name: "Missing Referrer-Policy Header",
|
|
40
|
+
severity: "low",
|
|
41
|
+
expectedPresent: true,
|
|
42
|
+
category: "headers",
|
|
43
|
+
},
|
|
44
|
+
];
|
|
45
|
+
export async function scanUrl(appUrl) {
|
|
46
|
+
const findings = [];
|
|
47
|
+
try {
|
|
48
|
+
// Fetch the URL with a timeout
|
|
49
|
+
const controller = new AbortController();
|
|
50
|
+
const timeout = setTimeout(() => controller.abort(), 10000);
|
|
51
|
+
const response = await fetch(appUrl, {
|
|
52
|
+
method: "GET",
|
|
53
|
+
redirect: "follow",
|
|
54
|
+
signal: controller.signal,
|
|
55
|
+
headers: {
|
|
56
|
+
"User-Agent": "DataHogo-Scanner/1.0",
|
|
57
|
+
},
|
|
58
|
+
});
|
|
59
|
+
clearTimeout(timeout);
|
|
60
|
+
const body = (await response.text()).substring(0, 512_000);
|
|
61
|
+
const finalUrl = response.url || appUrl;
|
|
62
|
+
// Check security headers
|
|
63
|
+
for (const check of HEADER_CHECKS) {
|
|
64
|
+
const headerValue = response.headers.get(check.header);
|
|
65
|
+
if (check.expectedPresent && !headerValue) {
|
|
66
|
+
findings.push({
|
|
67
|
+
vulnerability_id: check.id,
|
|
68
|
+
severity: check.severity,
|
|
69
|
+
category: check.category,
|
|
70
|
+
title: check.name,
|
|
71
|
+
description_technical: `The ${check.header} header is not set on ${appUrl}`,
|
|
72
|
+
code_snippet: `Response headers missing: ${check.header}`,
|
|
73
|
+
status: "open",
|
|
74
|
+
});
|
|
75
|
+
}
|
|
76
|
+
if (headerValue && check.valuePredicate && !check.valuePredicate(headerValue)) {
|
|
77
|
+
findings.push({
|
|
78
|
+
vulnerability_id: check.id,
|
|
79
|
+
severity: check.severity,
|
|
80
|
+
category: check.category,
|
|
81
|
+
title: check.name,
|
|
82
|
+
description_technical: `The ${check.header} header has a weak value: ${headerValue}`,
|
|
83
|
+
code_snippet: `${check.header}: ${headerValue}`,
|
|
84
|
+
status: "open",
|
|
85
|
+
});
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
// Deep CSP analysis (when header IS present)
|
|
89
|
+
const csp = response.headers.get("content-security-policy");
|
|
90
|
+
if (csp) {
|
|
91
|
+
analyzeCspPolicy(csp, findings);
|
|
92
|
+
}
|
|
93
|
+
// Server version disclosure
|
|
94
|
+
const serverHeader = response.headers.get("server");
|
|
95
|
+
if (serverHeader && /\d+\.\d+/.test(serverHeader)) {
|
|
96
|
+
findings.push({
|
|
97
|
+
vulnerability_id: 4,
|
|
98
|
+
severity: "low",
|
|
99
|
+
category: "headers",
|
|
100
|
+
title: "Server Version Disclosed",
|
|
101
|
+
description_technical: `The Server header reveals version info: ${serverHeader}`,
|
|
102
|
+
code_snippet: `Server: ${serverHeader}`,
|
|
103
|
+
owasp_ref: "A05:2021",
|
|
104
|
+
status: "open",
|
|
105
|
+
});
|
|
106
|
+
}
|
|
107
|
+
// X-Powered-By disclosure
|
|
108
|
+
const poweredBy = response.headers.get("x-powered-by");
|
|
109
|
+
if (poweredBy) {
|
|
110
|
+
findings.push({
|
|
111
|
+
vulnerability_id: 4,
|
|
112
|
+
severity: "low",
|
|
113
|
+
category: "headers",
|
|
114
|
+
title: "X-Powered-By Header Disclosed",
|
|
115
|
+
description_technical: `The X-Powered-By header reveals technology: ${poweredBy}`,
|
|
116
|
+
code_snippet: `X-Powered-By: ${poweredBy}`,
|
|
117
|
+
owasp_ref: "A05:2021",
|
|
118
|
+
status: "open",
|
|
119
|
+
});
|
|
120
|
+
}
|
|
121
|
+
// Check cookies
|
|
122
|
+
const setCookieHeaders = response.headers.getSetCookie?.() ?? [];
|
|
123
|
+
for (const cookie of setCookieHeaders) {
|
|
124
|
+
// Extract just the cookie name (everything before the first '=')
|
|
125
|
+
const cookieName = cookie.split("=")[0].trim();
|
|
126
|
+
// Skip cookies managed by frameworks that intentionally omit HttpOnly because
|
|
127
|
+
// client-side JS must read them (Supabase Auth for session refresh, next-intl
|
|
128
|
+
// for locale sync via <Link>). Flagging these creates noise, not actionable findings.
|
|
129
|
+
const isFrameworkCookie = cookieName.startsWith("sb-") ||
|
|
130
|
+
cookieName.startsWith("__supabase") ||
|
|
131
|
+
cookieName === "NEXT_LOCALE";
|
|
132
|
+
if (isFrameworkCookie)
|
|
133
|
+
continue;
|
|
134
|
+
if (!cookie.toLowerCase().includes("secure")) {
|
|
135
|
+
findings.push({
|
|
136
|
+
vulnerability_id: 67,
|
|
137
|
+
severity: "medium",
|
|
138
|
+
category: "headers",
|
|
139
|
+
title: "Cookie Without Secure Flag",
|
|
140
|
+
code_snippet: maskCookieValue(cookie),
|
|
141
|
+
status: "open",
|
|
142
|
+
});
|
|
143
|
+
}
|
|
144
|
+
if (!cookie.toLowerCase().includes("httponly")) {
|
|
145
|
+
findings.push({
|
|
146
|
+
vulnerability_id: 68,
|
|
147
|
+
severity: "medium",
|
|
148
|
+
category: "headers",
|
|
149
|
+
title: "Cookie Without HttpOnly Flag",
|
|
150
|
+
code_snippet: maskCookieValue(cookie),
|
|
151
|
+
status: "open",
|
|
152
|
+
});
|
|
153
|
+
}
|
|
154
|
+
if (!cookie.toLowerCase().includes("samesite")) {
|
|
155
|
+
findings.push({
|
|
156
|
+
vulnerability_id: 69,
|
|
157
|
+
severity: "medium",
|
|
158
|
+
category: "headers",
|
|
159
|
+
title: "Cookie Without SameSite Attribute",
|
|
160
|
+
code_snippet: maskCookieValue(cookie),
|
|
161
|
+
status: "open",
|
|
162
|
+
});
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
// Check if source maps are accessible
|
|
166
|
+
await checkSourceMaps(appUrl, findings);
|
|
167
|
+
// Check for exposed API docs
|
|
168
|
+
await checkExposedEndpoints(appUrl, findings);
|
|
169
|
+
// Check HTTP to HTTPS redirect
|
|
170
|
+
if (appUrl.startsWith("https://")) {
|
|
171
|
+
const httpUrl = appUrl.replace("https://", "http://");
|
|
172
|
+
try {
|
|
173
|
+
const httpResponse = await fetch(httpUrl, {
|
|
174
|
+
method: "HEAD",
|
|
175
|
+
redirect: "manual",
|
|
176
|
+
signal: AbortSignal.timeout(5000),
|
|
177
|
+
});
|
|
178
|
+
const location = httpResponse.headers.get("location");
|
|
179
|
+
if (!location || !location.startsWith("https://")) {
|
|
180
|
+
findings.push({
|
|
181
|
+
vulnerability_id: 66,
|
|
182
|
+
severity: "medium",
|
|
183
|
+
category: "headers",
|
|
184
|
+
title: "HTTP Does Not Redirect to HTTPS",
|
|
185
|
+
description_technical: `${httpUrl} does not redirect to HTTPS`,
|
|
186
|
+
status: "open",
|
|
187
|
+
});
|
|
188
|
+
}
|
|
189
|
+
}
|
|
190
|
+
catch {
|
|
191
|
+
// HTTP not accessible - that's fine
|
|
192
|
+
}
|
|
193
|
+
}
|
|
194
|
+
// Mixed Content (ID 252) — HTTPS page loading HTTP subresources
|
|
195
|
+
if (finalUrl.startsWith("https://")) {
|
|
196
|
+
const mixedMatches = [...body.matchAll(/(src|href|action)\s*=\s*["']http:\/\/[^"']+["']/gi)]
|
|
197
|
+
.filter((m) => !m[0].includes("http://www.w3.org") && !m[0].includes("http://xmlns"))
|
|
198
|
+
.slice(0, 3);
|
|
199
|
+
if (mixedMatches.length > 0) {
|
|
200
|
+
findings.push({
|
|
201
|
+
vulnerability_id: 252,
|
|
202
|
+
severity: "medium",
|
|
203
|
+
category: "headers",
|
|
204
|
+
title: "Mixed Content Detected",
|
|
205
|
+
description_technical: `HTTPS page loads subresources over HTTP, exposing them to interception`,
|
|
206
|
+
code_snippet: mixedMatches.map((m) => m[0]).join("\n"),
|
|
207
|
+
owasp_ref: "A05:2021",
|
|
208
|
+
status: "open",
|
|
209
|
+
});
|
|
210
|
+
}
|
|
211
|
+
}
|
|
212
|
+
// Form Action Insecure (ID 253) — forms posting over HTTP from an HTTPS page
|
|
213
|
+
if (finalUrl.startsWith("https://")) {
|
|
214
|
+
const formMatches = [...body.matchAll(/<form[^>]*action\s*=\s*["']http:\/\/[^"']+["'][^>]*>/gi)]
|
|
215
|
+
.slice(0, 3);
|
|
216
|
+
if (formMatches.length > 0) {
|
|
217
|
+
findings.push({
|
|
218
|
+
vulnerability_id: 253,
|
|
219
|
+
severity: "medium",
|
|
220
|
+
category: "headers",
|
|
221
|
+
title: "Form Action Uses Insecure HTTP URL",
|
|
222
|
+
description_technical: `One or more HTML forms post data to an HTTP URL, exposing submitted data in transit`,
|
|
223
|
+
code_snippet: formMatches.map((m) => m[0]).join("\n"),
|
|
224
|
+
status: "open",
|
|
225
|
+
});
|
|
226
|
+
}
|
|
227
|
+
}
|
|
228
|
+
// Protocol-Relative Links (ID 254)
|
|
229
|
+
const protoRelativeMatches = [...body.matchAll(/(src|href)\s*=\s*["']\/\/[^"']+["']/gi)]
|
|
230
|
+
.slice(0, 3);
|
|
231
|
+
if (protoRelativeMatches.length > 0) {
|
|
232
|
+
findings.push({
|
|
233
|
+
vulnerability_id: 254,
|
|
234
|
+
severity: "low",
|
|
235
|
+
category: "headers",
|
|
236
|
+
title: "Protocol-Relative Links Detected",
|
|
237
|
+
description_technical: `Page uses protocol-relative URLs (//example.com), which inherit the page protocol and can load resources over HTTP`,
|
|
238
|
+
code_snippet: protoRelativeMatches.map((m) => m[0]).join("\n"),
|
|
239
|
+
status: "open",
|
|
240
|
+
});
|
|
241
|
+
}
|
|
242
|
+
// Bad Content-Type (ID 255)
|
|
243
|
+
const contentType = response.headers.get("content-type");
|
|
244
|
+
const urlPath = (() => {
|
|
245
|
+
try {
|
|
246
|
+
return new URL(finalUrl).pathname;
|
|
247
|
+
}
|
|
248
|
+
catch {
|
|
249
|
+
return finalUrl;
|
|
250
|
+
}
|
|
251
|
+
})();
|
|
252
|
+
const isLikelyHtmlPage = urlPath === "/" ||
|
|
253
|
+
urlPath === "" ||
|
|
254
|
+
urlPath.endsWith(".html") ||
|
|
255
|
+
urlPath.endsWith(".htm") ||
|
|
256
|
+
!urlPath.includes(".");
|
|
257
|
+
if (isLikelyHtmlPage) {
|
|
258
|
+
if (!contentType) {
|
|
259
|
+
findings.push({
|
|
260
|
+
vulnerability_id: 255,
|
|
261
|
+
severity: "low",
|
|
262
|
+
category: "headers",
|
|
263
|
+
title: "Missing Content-Type Header",
|
|
264
|
+
description_technical: `The response does not include a Content-Type header, leaving browsers to sniff the content type`,
|
|
265
|
+
code_snippet: `Content-Type header absent for ${finalUrl}`,
|
|
266
|
+
status: "open",
|
|
267
|
+
});
|
|
268
|
+
}
|
|
269
|
+
else if (!contentType.includes("text/html")) {
|
|
270
|
+
findings.push({
|
|
271
|
+
vulnerability_id: 255,
|
|
272
|
+
severity: "low",
|
|
273
|
+
category: "headers",
|
|
274
|
+
title: "Unexpected Content-Type for Web Page",
|
|
275
|
+
description_technical: `Expected text/html for this URL but received: ${contentType}`,
|
|
276
|
+
code_snippet: `Content-Type: ${contentType}`,
|
|
277
|
+
status: "open",
|
|
278
|
+
});
|
|
279
|
+
}
|
|
280
|
+
}
|
|
281
|
+
}
|
|
282
|
+
catch (error) {
|
|
283
|
+
// URL unreachable - not a finding, just means we can't scan
|
|
284
|
+
// The caller should handle this gracefully
|
|
285
|
+
}
|
|
286
|
+
return findings;
|
|
287
|
+
}
|
|
288
|
+
async function checkSourceMaps(baseUrl, findings) {
|
|
289
|
+
const mapPaths = [
|
|
290
|
+
"/_next/static/chunks/main.js.map",
|
|
291
|
+
"/static/js/main.js.map",
|
|
292
|
+
"/bundle.js.map",
|
|
293
|
+
];
|
|
294
|
+
for (const path of mapPaths) {
|
|
295
|
+
try {
|
|
296
|
+
const response = await fetch(`${baseUrl}${path}`, {
|
|
297
|
+
method: "HEAD",
|
|
298
|
+
signal: AbortSignal.timeout(5000),
|
|
299
|
+
});
|
|
300
|
+
if (response.ok) {
|
|
301
|
+
findings.push({
|
|
302
|
+
vulnerability_id: 49,
|
|
303
|
+
severity: "medium",
|
|
304
|
+
category: "react-nextjs",
|
|
305
|
+
title: "Source Maps Accessible in Production",
|
|
306
|
+
description_technical: `Source map file accessible at ${path}`,
|
|
307
|
+
code_snippet: `GET ${path} → ${response.status}`,
|
|
308
|
+
status: "open",
|
|
309
|
+
});
|
|
310
|
+
break; // One finding is enough
|
|
311
|
+
}
|
|
312
|
+
}
|
|
313
|
+
catch {
|
|
314
|
+
// Not accessible - good
|
|
315
|
+
}
|
|
316
|
+
}
|
|
317
|
+
}
|
|
318
|
+
async function checkExposedEndpoints(baseUrl, findings) {
|
|
319
|
+
const endpoints = [
|
|
320
|
+
{ path: "/swagger", id: 94, severity: "low" },
|
|
321
|
+
{ path: "/api-docs", id: 94, severity: "low" },
|
|
322
|
+
{ path: "/swagger-ui.html", id: 94, severity: "low" },
|
|
323
|
+
{ path: "/graphql", id: 95, severity: "low" },
|
|
324
|
+
{ path: "/debug", id: 116, severity: "medium" },
|
|
325
|
+
{ path: "/_debug", id: 116, severity: "medium" },
|
|
326
|
+
{ path: "/.env", id: 62, severity: "critical" },
|
|
327
|
+
{ path: "/.git/HEAD", id: 62, severity: "critical" },
|
|
328
|
+
{ path: "/.git/config", id: 62, severity: "critical" },
|
|
329
|
+
{ path: "/server-status", id: 116, severity: "medium" },
|
|
330
|
+
{ path: "/server-info", id: 116, severity: "medium" },
|
|
331
|
+
{ path: "/actuator", id: 116, severity: "medium" },
|
|
332
|
+
{ path: "/actuator/health", id: 116, severity: "low" },
|
|
333
|
+
{ path: "/phpinfo.php", id: 116, severity: "medium" },
|
|
334
|
+
{ path: "/wp-admin", id: 116, severity: "low" },
|
|
335
|
+
{ path: "/wp-login.php", id: 116, severity: "low" },
|
|
336
|
+
{ path: "/.DS_Store", id: 99, severity: "low" },
|
|
337
|
+
{ path: "/robots.txt", id: 99, severity: "info" },
|
|
338
|
+
];
|
|
339
|
+
for (const endpoint of endpoints) {
|
|
340
|
+
try {
|
|
341
|
+
const response = await fetch(`${baseUrl}${endpoint.path}`, {
|
|
342
|
+
method: "GET",
|
|
343
|
+
signal: AbortSignal.timeout(5000),
|
|
344
|
+
headers: { "User-Agent": "DataHogo-Scanner/1.0" },
|
|
345
|
+
});
|
|
346
|
+
if (response.ok) {
|
|
347
|
+
findings.push({
|
|
348
|
+
vulnerability_id: endpoint.id,
|
|
349
|
+
severity: endpoint.severity,
|
|
350
|
+
category: endpoint.id === 62 ? "vibecoding" : endpoint.id === 95 ? "api" : "config",
|
|
351
|
+
title: `Exposed Endpoint: ${endpoint.path}`,
|
|
352
|
+
description_technical: `${endpoint.path} is publicly accessible and returned HTTP ${response.status}`,
|
|
353
|
+
code_snippet: `GET ${endpoint.path} → ${response.status} OK`,
|
|
354
|
+
owasp_ref: endpoint.id === 62 ? "A07:2021" : "A05:2021",
|
|
355
|
+
status: "open",
|
|
356
|
+
});
|
|
357
|
+
}
|
|
358
|
+
}
|
|
359
|
+
catch {
|
|
360
|
+
// Not accessible - fine
|
|
361
|
+
}
|
|
362
|
+
}
|
|
363
|
+
// CORS preflight test — check if server reflects arbitrary origins
|
|
364
|
+
await checkCorsPreflight(baseUrl, findings);
|
|
365
|
+
}
|
|
366
|
+
function maskCookieValue(cookie) {
|
|
367
|
+
// Mask the cookie value, keep the name and attributes
|
|
368
|
+
return cookie.replace(/=([^;]{10,})/, "=***REDACTED***");
|
|
369
|
+
}
|
|
370
|
+
function analyzeCspPolicy(csp, findings) {
|
|
371
|
+
const directives = csp.split(";").map((d) => d.trim().toLowerCase());
|
|
372
|
+
for (const directive of directives) {
|
|
373
|
+
// Check for unsafe-inline in script-src
|
|
374
|
+
if (directive.startsWith("script-src") && directive.includes("'unsafe-inline'")) {
|
|
375
|
+
findings.push({
|
|
376
|
+
vulnerability_id: 63,
|
|
377
|
+
severity: "medium",
|
|
378
|
+
category: "headers",
|
|
379
|
+
title: "CSP Allows unsafe-inline Scripts",
|
|
380
|
+
description_technical: "Content-Security-Policy script-src includes 'unsafe-inline', enabling inline script execution",
|
|
381
|
+
code_snippet: directive,
|
|
382
|
+
owasp_ref: "A05:2021",
|
|
383
|
+
status: "open",
|
|
384
|
+
});
|
|
385
|
+
}
|
|
386
|
+
// Check for unsafe-eval in script-src
|
|
387
|
+
if (directive.startsWith("script-src") && directive.includes("'unsafe-eval'")) {
|
|
388
|
+
findings.push({
|
|
389
|
+
vulnerability_id: 63,
|
|
390
|
+
severity: "high",
|
|
391
|
+
category: "headers",
|
|
392
|
+
title: "CSP Allows unsafe-eval Scripts",
|
|
393
|
+
description_technical: "Content-Security-Policy script-src includes 'unsafe-eval', enabling eval() execution",
|
|
394
|
+
code_snippet: directive,
|
|
395
|
+
owasp_ref: "A05:2021",
|
|
396
|
+
status: "open",
|
|
397
|
+
});
|
|
398
|
+
}
|
|
399
|
+
// Check for wildcard in any source directive
|
|
400
|
+
if (directive.includes(" *") && !directive.includes("*.")) {
|
|
401
|
+
findings.push({
|
|
402
|
+
vulnerability_id: 63,
|
|
403
|
+
severity: "medium",
|
|
404
|
+
category: "headers",
|
|
405
|
+
title: "CSP Contains Wildcard Source",
|
|
406
|
+
description_technical: "Content-Security-Policy contains a wildcard (*) source, allowing resources from any origin",
|
|
407
|
+
code_snippet: directive,
|
|
408
|
+
owasp_ref: "A05:2021",
|
|
409
|
+
status: "open",
|
|
410
|
+
});
|
|
411
|
+
}
|
|
412
|
+
}
|
|
413
|
+
// Check for missing frame-ancestors (clickjacking protection)
|
|
414
|
+
const hasFrameAncestors = directives.some((d) => d.startsWith("frame-ancestors"));
|
|
415
|
+
if (!hasFrameAncestors) {
|
|
416
|
+
findings.push({
|
|
417
|
+
vulnerability_id: 64,
|
|
418
|
+
severity: "low",
|
|
419
|
+
category: "headers",
|
|
420
|
+
title: "CSP Missing frame-ancestors Directive",
|
|
421
|
+
description_technical: "Content-Security-Policy does not include frame-ancestors, relying on X-Frame-Options for clickjacking protection",
|
|
422
|
+
code_snippet: `CSP: ${csp.substring(0, 200)}${csp.length > 200 ? "..." : ""}`,
|
|
423
|
+
status: "open",
|
|
424
|
+
});
|
|
425
|
+
}
|
|
426
|
+
}
|
|
427
|
+
async function checkCorsPreflight(baseUrl, findings) {
|
|
428
|
+
try {
|
|
429
|
+
const response = await fetch(baseUrl, {
|
|
430
|
+
method: "OPTIONS",
|
|
431
|
+
signal: AbortSignal.timeout(5000),
|
|
432
|
+
headers: {
|
|
433
|
+
"User-Agent": "DataHogo-Scanner/1.0",
|
|
434
|
+
Origin: "https://evil-attacker.com",
|
|
435
|
+
"Access-Control-Request-Method": "GET",
|
|
436
|
+
},
|
|
437
|
+
});
|
|
438
|
+
const allowOrigin = response.headers.get("access-control-allow-origin");
|
|
439
|
+
if (allowOrigin === "*" || allowOrigin === "https://evil-attacker.com") {
|
|
440
|
+
findings.push({
|
|
441
|
+
vulnerability_id: 4,
|
|
442
|
+
severity: "medium",
|
|
443
|
+
category: "headers",
|
|
444
|
+
title: "CORS Reflects Arbitrary Origins",
|
|
445
|
+
description_technical: `Server reflects arbitrary Origin in Access-Control-Allow-Origin: ${allowOrigin}`,
|
|
446
|
+
code_snippet: `OPTIONS ${baseUrl}\nOrigin: https://evil-attacker.com\n→ Access-Control-Allow-Origin: ${allowOrigin}`,
|
|
447
|
+
owasp_ref: "A05:2021",
|
|
448
|
+
status: "open",
|
|
449
|
+
});
|
|
450
|
+
}
|
|
451
|
+
const allowCredentials = response.headers.get("access-control-allow-credentials");
|
|
452
|
+
if (allowCredentials === "true" && (allowOrigin === "*" || allowOrigin === "https://evil-attacker.com")) {
|
|
453
|
+
findings.push({
|
|
454
|
+
vulnerability_id: 4,
|
|
455
|
+
severity: "high",
|
|
456
|
+
category: "headers",
|
|
457
|
+
title: "CORS Allows Credentials from Any Origin",
|
|
458
|
+
description_technical: "Server allows credentials (cookies) from arbitrary origins — critical cross-origin data theft risk",
|
|
459
|
+
code_snippet: `Access-Control-Allow-Origin: ${allowOrigin}\nAccess-Control-Allow-Credentials: true`,
|
|
460
|
+
owasp_ref: "A05:2021",
|
|
461
|
+
status: "open",
|
|
462
|
+
});
|
|
463
|
+
}
|
|
464
|
+
}
|
|
465
|
+
catch {
|
|
466
|
+
// CORS preflight not supported or request failed — fine
|
|
467
|
+
}
|
|
468
|
+
}
|
|
469
|
+
//# sourceMappingURL=url-scanner.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"url-scanner.js","sourceRoot":"","sources":["../../src/engines/url-scanner.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,kEAAkE;AAclE,MAAM,aAAa,GAAkB;IACnC;QACE,EAAE,EAAE,EAAE;QACN,MAAM,EAAE,yBAAyB;QACjC,IAAI,EAAE,iCAAiC;QACvC,QAAQ,EAAE,QAAQ;QAClB,eAAe,EAAE,IAAI;QACrB,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,EAAE,EAAE,EAAE;QACN,MAAM,EAAE,iBAAiB;QACzB,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,QAAQ;QAClB,eAAe,EAAE,IAAI;QACrB,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,EAAE,EAAE,EAAE;QACN,MAAM,EAAE,wBAAwB;QAChC,IAAI,EAAE,gCAAgC;QACtC,QAAQ,EAAE,KAAK;QACf,eAAe,EAAE,IAAI;QACrB,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,EAAE,EAAE,EAAE;QACN,MAAM,EAAE,2BAA2B;QACnC,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,QAAQ;QAClB,eAAe,EAAE,IAAI;QACrB,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,EAAE,EAAE,GAAG;QACP,MAAM,EAAE,iBAAiB;QACzB,IAAI,EAAE,gCAAgC;QACtC,QAAQ,EAAE,KAAK;QACf,eAAe,EAAE,IAAI;QACrB,QAAQ,EAAE,SAAS;KACpB;CACF,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,MAAc;IAC1C,MAAM,QAAQ,GAAkB,EAAE,CAAC;IAEnC,IAAI,CAAC;QACH,+BAA+B;QAC/B,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,KAAK,CAAC,CAAC;QAE5D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;YACnC,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,OAAO,EAAE;gBACP,YAAY,EAAE,sBAAsB;aACrC;SACF,CAAC,CAAC;QAEH,YAAY,CAAC,OAAO,CAAC,CAAC;QAEtB,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAC3D,MAAM,QAAQ,GAAG,QAAQ,CAAC,GAAG,IAAI,MAAM,CAAC;QAExC,yBAAyB;QACzB,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;YAClC,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAEvD,IAAI,KAAK,CAAC,eAAe,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC1C,QAAQ,CAAC,IAAI,CAAC;oBACZ,gBAAgB,EAAE,KAAK,CAAC,EAAE;oBAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;oBACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;oBACxB,KAAK,EAAE,KAAK,CAAC,IAAI;oBACjB,qBAAqB,EAAE,OAAO,KAAK,CAAC,MAAM,yBAAyB,MAAM,EAAE;oBAC3E,YAAY,EAAE,6BAA6B,KAAK,CAAC,MAAM,EAAE;oBACzD,MAAM,EAAE,MAAM;iBACf,CAAC,CAAC;YACL,CAAC;YAED,IAAI,WAAW,IAAI,KAAK,CAAC,cAAc,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC9E,QAAQ,CAAC,IAAI,CAAC;oBACZ,gBAAgB,EAAE,KAAK,CAAC,EAAE;oBAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;oBACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;oBACxB,KAAK,EAAE,KAAK,CAAC,IAAI;oBACjB,qBAAqB,EAAE,OAAO,KAAK,CAAC,MAAM,6BAA6B,WAAW,EAAE;oBACpF,YAAY,EAAE,GAAG,KAAK,CAAC,MAAM,KAAK,WAAW,EAAE;oBAC/C,MAAM,EAAE,MAAM;iBACf,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,6CAA6C;QAC7C,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QAC5D,IAAI,GAAG,EAAE,CAAC;YACR,gBAAgB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC;QAED,4BAA4B;QAC5B,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACpD,IAAI,YAAY,IAAI,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YAClD,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,CAAC;gBACnB,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,0BAA0B;gBACjC,qBAAqB,EAAE,2CAA2C,YAAY,EAAE;gBAChF,YAAY,EAAE,WAAW,YAAY,EAAE;gBACvC,SAAS,EAAE,UAAU;gBACrB,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;QACL,CAAC;QAED,0BAA0B;QAC1B,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACvD,IAAI,SAAS,EAAE,CAAC;YACd,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,CAAC;gBACnB,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,+BAA+B;gBACtC,qBAAqB,EAAE,+CAA+C,SAAS,EAAE;gBACjF,YAAY,EAAE,iBAAiB,SAAS,EAAE;gBAC1C,SAAS,EAAE,UAAU;gBACrB,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;QACL,CAAC;QAED,gBAAgB;QAChB,MAAM,gBAAgB,GAAG,QAAQ,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,CAAC;QACjE,KAAK,MAAM,MAAM,IAAI,gBAAgB,EAAE,CAAC;YACtC,iEAAiE;YACjE,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAE/C,8EAA8E;YAC9E,8EAA8E;YAC9E,sFAAsF;YACtF,MAAM,iBAAiB,GACrB,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC;gBAC5B,UAAU,CAAC,UAAU,CAAC,YAAY,CAAC;gBACnC,UAAU,KAAK,aAAa,CAAC;YAE/B,IAAI,iBAAiB;gBAAE,SAAS;YAEhC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7C,QAAQ,CAAC,IAAI,CAAC;oBACZ,gBAAgB,EAAE,EAAE;oBACpB,QAAQ,EAAE,QAAQ;oBAClB,QAAQ,EAAE,SAAS;oBACnB,KAAK,EAAE,4BAA4B;oBACnC,YAAY,EAAE,eAAe,CAAC,MAAM,CAAC;oBACrC,MAAM,EAAE,MAAM;iBACf,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC/C,QAAQ,CAAC,IAAI,CAAC;oBACZ,gBAAgB,EAAE,EAAE;oBACpB,QAAQ,EAAE,QAAQ;oBAClB,QAAQ,EAAE,SAAS;oBACnB,KAAK,EAAE,8BAA8B;oBACrC,YAAY,EAAE,eAAe,CAAC,MAAM,CAAC;oBACrC,MAAM,EAAE,MAAM;iBACf,CAAC,CAAC;YACL,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC/C,QAAQ,CAAC,IAAI,CAAC;oBACZ,gBAAgB,EAAE,EAAE;oBACpB,QAAQ,EAAE,QAAQ;oBAClB,QAAQ,EAAE,SAAS;oBACnB,KAAK,EAAE,mCAAmC;oBAC1C,YAAY,EAAE,eAAe,CAAC,MAAM,CAAC;oBACrC,MAAM,EAAE,MAAM;iBACf,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,MAAM,eAAe,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAExC,6BAA6B;QAC7B,MAAM,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAE9C,+BAA+B;QAC/B,IAAI,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;YACtD,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE;oBACxC,MAAM,EAAE,MAAM;oBACd,QAAQ,EAAE,QAAQ;oBAClB,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;iBAClC,CAAC,CAAC;gBACH,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACtD,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;oBAClD,QAAQ,CAAC,IAAI,CAAC;wBACZ,gBAAgB,EAAE,EAAE;wBACpB,QAAQ,EAAE,QAAQ;wBAClB,QAAQ,EAAE,SAAS;wBACnB,KAAK,EAAE,iCAAiC;wBACxC,qBAAqB,EAAE,GAAG,OAAO,6BAA6B;wBAC9D,MAAM,EAAE,MAAM;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,oCAAoC;YACtC,CAAC;QACH,CAAC;QAED,gEAAgE;QAChE,IAAI,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACpC,MAAM,YAAY,GAAG,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,mDAAmD,CAAC,CAAC;iBACzF,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;iBACpF,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACf,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5B,QAAQ,CAAC,IAAI,CAAC;oBACZ,gBAAgB,EAAE,GAAG;oBACrB,QAAQ,EAAE,QAAQ;oBAClB,QAAQ,EAAE,SAAS;oBACnB,KAAK,EAAE,wBAAwB;oBAC/B,qBAAqB,EAAE,wEAAwE;oBAC/F,YAAY,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;oBACtD,SAAS,EAAE,UAAU;oBACrB,MAAM,EAAE,MAAM;iBACf,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,6EAA6E;QAC7E,IAAI,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACpC,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,wDAAwD,CAAC,CAAC;iBAC7F,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACf,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3B,QAAQ,CAAC,IAAI,CAAC;oBACZ,gBAAgB,EAAE,GAAG;oBACrB,QAAQ,EAAE,QAAQ;oBAClB,QAAQ,EAAE,SAAS;oBACnB,KAAK,EAAE,oCAAoC;oBAC3C,qBAAqB,EAAE,qFAAqF;oBAC5G,YAAY,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;oBACrD,MAAM,EAAE,MAAM;iBACf,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,mCAAmC;QACnC,MAAM,oBAAoB,GAAG,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,uCAAuC,CAAC,CAAC;aACrF,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACf,IAAI,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,GAAG;gBACrB,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,kCAAkC;gBACzC,qBAAqB,EAAE,oHAAoH;gBAC3I,YAAY,EAAE,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;gBAC9D,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;QACL,CAAC;QAED,4BAA4B;QAC5B,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,CAAC,GAAG,EAAE;YACpB,IAAI,CAAC;gBACH,OAAO,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC;YACpC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;QACL,MAAM,gBAAgB,GACpB,OAAO,KAAK,GAAG;YACf,OAAO,KAAK,EAAE;YACd,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;YACzB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;YACxB,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QACzB,IAAI,gBAAgB,EAAE,CAAC;YACrB,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,QAAQ,CAAC,IAAI,CAAC;oBACZ,gBAAgB,EAAE,GAAG;oBACrB,QAAQ,EAAE,KAAK;oBACf,QAAQ,EAAE,SAAS;oBACnB,KAAK,EAAE,6BAA6B;oBACpC,qBAAqB,EAAE,iGAAiG;oBACxH,YAAY,EAAE,kCAAkC,QAAQ,EAAE;oBAC1D,MAAM,EAAE,MAAM;iBACf,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC9C,QAAQ,CAAC,IAAI,CAAC;oBACZ,gBAAgB,EAAE,GAAG;oBACrB,QAAQ,EAAE,KAAK;oBACf,QAAQ,EAAE,SAAS;oBACnB,KAAK,EAAE,sCAAsC;oBAC7C,qBAAqB,EAAE,iDAAiD,WAAW,EAAE;oBACrF,YAAY,EAAE,iBAAiB,WAAW,EAAE;oBAC5C,MAAM,EAAE,MAAM;iBACf,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IAEH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,4DAA4D;QAC5D,2CAA2C;IAC7C,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,OAAe,EAAE,QAAuB;IACrE,MAAM,QAAQ,GAAG;QACf,kCAAkC;QAClC,wBAAwB;QACxB,gBAAgB;KACjB,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,GAAG,IAAI,EAAE,EAAE;gBAChD,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;aAClC,CAAC,CAAC;YACH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,QAAQ,CAAC,IAAI,CAAC;oBACZ,gBAAgB,EAAE,EAAE;oBACpB,QAAQ,EAAE,QAAQ;oBAClB,QAAQ,EAAE,cAAc;oBACxB,KAAK,EAAE,sCAAsC;oBAC7C,qBAAqB,EAAE,iCAAiC,IAAI,EAAE;oBAC9D,YAAY,EAAE,OAAO,IAAI,MAAM,QAAQ,CAAC,MAAM,EAAE;oBAChD,MAAM,EAAE,MAAM;iBACf,CAAC,CAAC;gBACH,MAAM,CAAC,wBAAwB;YACjC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,qBAAqB,CAAC,OAAe,EAAE,QAAuB;IAC3E,MAAM,SAAS,GAAG;QAChB,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAc,EAAE;QACtD,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAc,EAAE;QACvD,EAAE,IAAI,EAAE,kBAAkB,EAAE,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAc,EAAE;QAC9D,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAc,EAAE;QACtD,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAiB,EAAE;QACxD,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAiB,EAAE;QACzD,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,UAAmB,EAAE;QACxD,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,UAAmB,EAAE;QAC7D,EAAE,IAAI,EAAE,cAAc,EAAE,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,UAAmB,EAAE;QAC/D,EAAE,IAAI,EAAE,gBAAgB,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAiB,EAAE;QAChE,EAAE,IAAI,EAAE,cAAc,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAiB,EAAE;QAC9D,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAiB,EAAE;QAC3D,EAAE,IAAI,EAAE,kBAAkB,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAc,EAAE;QAC/D,EAAE,IAAI,EAAE,cAAc,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAiB,EAAE;QAC9D,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAc,EAAE;QACxD,EAAE,IAAI,EAAE,eAAe,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAc,EAAE;QAC5D,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAc,EAAE;QACxD,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAe,EAAE;KAC3D,CAAC;IAEF,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,GAAG,QAAQ,CAAC,IAAI,EAAE,EAAE;gBACzD,MAAM,EAAE,KAAK;gBACb,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;gBACjC,OAAO,EAAE,EAAE,YAAY,EAAE,sBAAsB,EAAE;aAClD,CAAC,CAAC;YACH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,QAAQ,CAAC,IAAI,CAAC;oBACZ,gBAAgB,EAAE,QAAQ,CAAC,EAAE;oBAC7B,QAAQ,EAAE,QAAQ,CAAC,QAAQ;oBAC3B,QAAQ,EAAE,QAAQ,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ;oBACnF,KAAK,EAAE,qBAAqB,QAAQ,CAAC,IAAI,EAAE;oBAC3C,qBAAqB,EAAE,GAAG,QAAQ,CAAC,IAAI,6CAA6C,QAAQ,CAAC,MAAM,EAAE;oBACrG,YAAY,EAAE,OAAO,QAAQ,CAAC,IAAI,MAAM,QAAQ,CAAC,MAAM,KAAK;oBAC5D,SAAS,EAAE,QAAQ,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU;oBACvD,MAAM,EAAE,MAAM;iBACf,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;IACH,CAAC;IAED,mEAAmE;IACnE,MAAM,kBAAkB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,eAAe,CAAC,MAAc;IACrC,sDAAsD;IACtD,OAAO,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,iBAAiB,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAW,EAAE,QAAuB;IAC5D,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;IAErE,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,wCAAwC;QACxC,IAAI,SAAS,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;YAChF,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,EAAE;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,kCAAkC;gBACzC,qBAAqB,EAAE,+FAA+F;gBACtH,YAAY,EAAE,SAAS;gBACvB,SAAS,EAAE,UAAU;gBACrB,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;QACL,CAAC;QAED,sCAAsC;QACtC,IAAI,SAAS,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;YAC9E,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,EAAE;gBACpB,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,gCAAgC;gBACvC,qBAAqB,EAAE,sFAAsF;gBAC7G,YAAY,EAAE,SAAS;gBACvB,SAAS,EAAE,UAAU;gBACrB,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;QACL,CAAC;QAED,6CAA6C;QAC7C,IAAI,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1D,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,EAAE;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,8BAA8B;gBACrC,qBAAqB,EAAE,4FAA4F;gBACnH,YAAY,EAAE,SAAS;gBACvB,SAAS,EAAE,UAAU;gBACrB,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,8DAA8D;IAC9D,MAAM,iBAAiB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAClF,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,QAAQ,CAAC,IAAI,CAAC;YACZ,gBAAgB,EAAE,EAAE;YACpB,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,SAAS;YACnB,KAAK,EAAE,uCAAuC;YAC9C,qBAAqB,EAAE,kHAAkH;YACzI,YAAY,EAAE,QAAQ,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;YAC7E,MAAM,EAAE,MAAM;SACf,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,OAAe,EAAE,QAAuB;IACxE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE;YACpC,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;YACjC,OAAO,EAAE;gBACP,YAAY,EAAE,sBAAsB;gBACpC,MAAM,EAAE,2BAA2B;gBACnC,+BAA+B,EAAE,KAAK;aACvC;SACF,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QACxE,IAAI,WAAW,KAAK,GAAG,IAAI,WAAW,KAAK,2BAA2B,EAAE,CAAC;YACvE,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,CAAC;gBACnB,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,iCAAiC;gBACxC,qBAAqB,EAAE,oEAAoE,WAAW,EAAE;gBACxG,YAAY,EAAE,WAAW,OAAO,uEAAuE,WAAW,EAAE;gBACpH,SAAS,EAAE,UAAU;gBACrB,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;QACL,CAAC;QAED,MAAM,gBAAgB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;QAClF,IAAI,gBAAgB,KAAK,MAAM,IAAI,CAAC,WAAW,KAAK,GAAG,IAAI,WAAW,KAAK,2BAA2B,CAAC,EAAE,CAAC;YACxG,QAAQ,CAAC,IAAI,CAAC;gBACZ,gBAAgB,EAAE,CAAC;gBACnB,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,yCAAyC;gBAChD,qBAAqB,EAAE,oGAAoG;gBAC3H,YAAY,EAAE,gCAAgC,WAAW,0CAA0C;gBACnG,SAAS,EAAE,UAAU;gBACrB,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,wDAAwD;IAC1D,CAAC;AACH,CAAC"}
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
export { runScan } from "./orchestrator.js";
|
|
2
|
+
export type { ScanParams, ScanResult } from "./orchestrator.js";
|
|
3
|
+
export type { Severity, FindingContext, FindingConfidence, FindingData, EngineResult, } from "./engines/types.js";
|
|
4
|
+
export { isRelevantFile, filterFiles } from "./utils/file-filter.js";
|
|
5
|
+
export { detectTechnologies } from "./scanning/tech-detector.js";
|
|
6
|
+
export type { TechDetectionResult } from "./scanning/tech-detector.js";
|
|
7
|
+
export type { Technology, ScanLog } from "./scanning/types.js";
|
|
8
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAC5C,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEhE,YAAY,EACV,QAAQ,EACR,cAAc,EACd,iBAAiB,EACjB,WAAW,EACX,YAAY,GACb,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,YAAY,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AACvE,YAAY,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
// @datahogo/core — public API.
|
|
2
|
+
// The scan engine takes a map of file paths to contents (plus an optional
|
|
3
|
+
// directory on disk to enable the external-binary engines) and returns
|
|
4
|
+
// findings, a security score, and per-engine results.
|
|
5
|
+
export { runScan } from "./orchestrator.js";
|
|
6
|
+
export { isRelevantFile, filterFiles } from "./utils/file-filter.js";
|
|
7
|
+
export { detectTechnologies } from "./scanning/tech-detector.js";
|
|
8
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,+BAA+B;AAC/B,0EAA0E;AAC1E,uEAAuE;AACvE,sDAAsD;AAEtD,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAW5C,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC"}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
import type { FindingData, EngineResult } from "./engines/types.js";
|
|
2
|
+
import type { ScanLog } from "./scanning/types.js";
|
|
3
|
+
export interface ScanParams {
|
|
4
|
+
files: Map<string, string>;
|
|
5
|
+
repoDir?: string;
|
|
6
|
+
appUrl?: string;
|
|
7
|
+
dbRulesInput?: string;
|
|
8
|
+
}
|
|
9
|
+
export interface ScanResult {
|
|
10
|
+
findings: FindingData[];
|
|
11
|
+
engineResults: EngineResult[];
|
|
12
|
+
score: number;
|
|
13
|
+
summary: {
|
|
14
|
+
total: number;
|
|
15
|
+
critical: number;
|
|
16
|
+
high: number;
|
|
17
|
+
medium: number;
|
|
18
|
+
low: number;
|
|
19
|
+
info: number;
|
|
20
|
+
allFindings: number;
|
|
21
|
+
production: number;
|
|
22
|
+
nonProduction: number;
|
|
23
|
+
byContext: Record<string, number>;
|
|
24
|
+
actionable: number;
|
|
25
|
+
informational: number;
|
|
26
|
+
};
|
|
27
|
+
failedEngines: string[];
|
|
28
|
+
durationMs: number;
|
|
29
|
+
scanLog?: ScanLog;
|
|
30
|
+
}
|
|
31
|
+
export declare function runScan(params: ScanParams): Promise<ScanResult>;
|
|
32
|
+
//# sourceMappingURL=orchestrator.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"orchestrator.d.ts","sourceRoot":"","sources":["../src/orchestrator.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,WAAW,EAAqC,YAAY,EAAY,MAAM,oBAAoB,CAAC;AACjH,OAAO,KAAK,EAAE,OAAO,EAAiC,MAAM,qBAAqB,CAAC;AAMlF,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,aAAa,EAAE,YAAY,EAAE,CAAC;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE;QAEP,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;QAEb,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,aAAa,EAAE,MAAM,CAAC;QACtB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAElC,UAAU,EAAE,MAAM,CAAC;QACnB,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,wBAAsB,OAAO,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CA2FrE"}
|