@defai.digital/ax-cli 3.15.21 → 3.15.24

package/dist/analyzers/security/base-detector.d.ts

@@ -1,58 +0,0 @@
-/**
- * Base Security Detector
- *
- * Abstract base class for security vulnerability detectors
- */
-import type { SecurityDetector, SecurityVulnerability, SecuritySeverity, OWASPCategory } from './types.js';
-export declare abstract class BaseSecurityDetector implements SecurityDetector {
-    readonly id: string;
-    readonly name: string;
-    readonly description: string;
-    readonly severity: SecuritySeverity;
-    readonly owaspCategory?: OWASPCategory;
-    readonly cweId?: string;
-    readonly enabled: boolean;
-    protected readonly fileExtensions: readonly string[];
-    constructor(config: {
-        id: string;
-        name: string;
-        description: string;
-        severity: SecuritySeverity;
-        owaspCategory?: OWASPCategory;
-        cweId?: string;
-        fileExtensions?: readonly string[];
-        enabled?: boolean;
-    });
-    /**
-     * Check if detector applies to this file type
-     */
-    appliesTo(filePath: string): boolean;
-    /**
-     * Scan file content for vulnerabilities
-     */
-    abstract scan(content: string, filePath: string): Promise<SecurityVulnerability[]>;
-    /**
-     * Create a vulnerability finding
-     */
-    protected createVulnerability(file: string, line: number, code: string, description: string, recommendation: string, references?: string[]): SecurityVulnerability;
-    /**
-     * Find line number for a match in content
-     */
-    protected findLineNumber(content: string, matchIndex: number): number;
-    /**
-     * Extract code snippet around a match
-     */
-    protected extractCodeSnippet(content: string, matchIndex: number, contextLines?: number): string;
-    /**
-     * Check if line is in a comment
-     */
-    protected isInComment(content: string, matchIndex: number): boolean;
-    /**
-     * Check if match is in a string literal
-     */
-    protected isInString(content: string, matchIndex: number): boolean;
-    /**
-     * Check if match should be ignored
-     */
-    protected shouldIgnore(content: string, matchIndex: number): boolean;
-}

package/dist/analyzers/security/base-detector.js

@@ -1,104 +0,0 @@
-/**
- * Base Security Detector
- *
- * Abstract base class for security vulnerability detectors
- */
-import path from 'path';
-export class BaseSecurityDetector {
-    id;
-    name;
-    description;
-    severity;
-    owaspCategory;
-    cweId;
-    enabled;
-    fileExtensions;
-    constructor(config) {
-        this.id = config.id;
-        this.name = config.name;
-        this.description = config.description;
-        this.severity = config.severity;
-        this.owaspCategory = config.owaspCategory;
-        this.cweId = config.cweId;
-        this.fileExtensions = config.fileExtensions || ['.ts', '.tsx', '.js', '.jsx'];
-        this.enabled = config.enabled !== false;
-    }
-    /**
-     * Check if detector applies to this file type
-     */
-    appliesTo(filePath) {
-        const ext = path.extname(filePath).toLowerCase();
-        return this.fileExtensions.includes(ext);
-    }
-    /**
-     * Create a vulnerability finding
-     */
-    createVulnerability(file, line, code, description, recommendation, references = []) {
-        return Object.freeze({
-            id: this.id,
-            name: this.name,
-            description,
-            severity: this.severity,
-            owaspCategory: this.owaspCategory,
-            cweId: this.cweId,
-            file,
-            line,
-            code: code.trim(),
-            recommendation,
-            references: Object.freeze(references),
-        });
-    }
-    /**
-     * Find line number for a match in content
-     */
-    findLineNumber(content, matchIndex) {
-        const beforeMatch = content.substring(0, matchIndex);
-        return beforeMatch.split('\n').length;
-    }
-    /**
-     * Extract code snippet around a match
-     */
-    extractCodeSnippet(content, matchIndex, contextLines = 0) {
-        const lines = content.split('\n');
-        const lineNumber = this.findLineNumber(content, matchIndex);
-        const startLine = Math.max(0, lineNumber - contextLines - 1);
-        const endLine = Math.min(lines.length, lineNumber + contextLines);
-        return lines.slice(startLine, endLine).join('\n');
-    }
-    /**
-     * Check if line is in a comment
-     */
-    isInComment(content, matchIndex) {
-        const beforeMatch = content.substring(0, matchIndex);
-        const lastLineBreak = beforeMatch.lastIndexOf('\n');
-        const currentLine = content.substring(lastLineBreak + 1, matchIndex + 50);
-        // Check for single-line comment
-        if (currentLine.includes('//')) {
-            return true;
-        }
-        // Check for multi-line comment
-        const openComments = (beforeMatch.match(/\/\*/g) || []).length;
-        const closeComments = (beforeMatch.match(/\*\//g) || []).length;
-        return openComments > closeComments;
-    }
-    /**
-     * Check if match is in a string literal
-     */
-    isInString(content, matchIndex) {
-        const beforeMatch = content.substring(0, matchIndex);
-        const lastLineBreak = beforeMatch.lastIndexOf('\n');
-        const lineContent = beforeMatch.substring(lastLineBreak + 1);
-        // Count unescaped quotes
-        const singleQuotes = (lineContent.match(/(?<!\\)'/g) || []).length;
-        const doubleQuotes = (lineContent.match(/(?<!\\)"/g) || []).length;
-        const backticks = (lineContent.match(/(?<!\\)`/g) || []).length;
-        return (singleQuotes % 2 === 1) || (doubleQuotes % 2 === 1) || (backticks % 2 === 1);
-    }
-    /**
-     * Check if match should be ignored
-     */
-    shouldIgnore(content, matchIndex) {
-        return this.isInComment(content, matchIndex) || this.isInString(content, matchIndex);
-    }
-}
-//# sourceMappingURL=base-detector.js.map

package/dist/analyzers/security/base-detector.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"base-detector.js","sourceRoot":"","sources":["../../../src/analyzers/security/base-detector.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,MAAM,OAAgB,oBAAoB;IACxB,EAAE,CAAS;IACX,IAAI,CAAS;IACb,WAAW,CAAS;IACpB,QAAQ,CAAmB;IAC3B,aAAa,CAAiB;IAC9B,KAAK,CAAU;IACf,OAAO,CAAU;IAEd,cAAc,CAAoB;IAErD,YAAY,MASX;QACC,IAAI,CAAC,EAAE,GAAG,MAAM,CAAC,EAAE,CAAC;QACpB,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACxB,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;QACtC,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAChC,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;QAC1C,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAC1B,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC9E,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,KAAK,KAAK,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,QAAgB;QACxB,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;QACjD,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC3C,CAAC;IAOD;;OAEG;IACO,mBAAmB,CAC3B,IAAY,EACZ,IAAY,EACZ,IAAY,EACZ,WAAmB,EACnB,cAAsB,EACtB,aAAuB,EAAE;QAEzB,OAAO,MAAM,CAAC,MAAM,CAAC;YACnB,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,WAAW;YACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI;YACJ,IAAI;YACJ,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;YACjB,cAAc;YACd,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC;SACtC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACO,cAAc,CAAC,OAAe,EAAE,UAAkB;QAC1D,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;QACrD,OAAO,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;IACxC,CAAC;IAED;;OAEG;IACO,kBAAkB,CAAC,OAAe,EAAE,UAAkB,EAAE,eAAuB,CAAC;QACxF,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAC5D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,YAAY,GAAG,CAAC,CAAC,CAAC;QAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,YAAY,CAAC,CAAC;QAElE,OAAO,KAAK,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpD,CAAC;IAED;;OAEG;IACO,WAAW,CAAC,OAAe,EAAE,UAAkB;QACvD,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;QACrD,MAAM,aAAa,GAAG,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,aAAa,GAAG,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAC;QAE1E,gCAAgC;QAChC,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,+BAA+B;QAC/B,MAAM,YAAY,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QAC/D,MAAM,aAAa,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QAEhE,OAAO,YAAY,GAAG,aAAa,CAAC;IACtC,CAAC;IAED;;OAEG;IACO,UAAU,CAAC,OAAe,EAAE,UAAkB;QACtD,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;QACrD,MAAM,aAAa,GAAG,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,WAAW,GAAG,WAAW,CAAC,SAAS,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC;QAE7D,yBAAyB;QACzB,MAAM,YAAY,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QACnE,MAAM,YAAY,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QACnE,MAAM,SAAS,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QAEhE,OAAO,CAAC,YAAY,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;IACvF,CAAC;IAED;;OAEG;IACO,YAAY,CAAC,OAAe,EAAE,UAAkB;QACxD,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,UAAU,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IACvF,CAAC;CACF"}

package/dist/analyzers/security/detectors/command-injection-detector.d.ts

@@ -1,12 +0,0 @@
-/**
- * Command Injection Detector
- *
- * Detects potential command injection vulnerabilities
- * OWASP A03:2021 - Injection
- */
-import { BaseSecurityDetector } from '../base-detector.js';
-import type { SecurityVulnerability } from '../types.js';
-export declare class CommandInjectionDetector extends BaseSecurityDetector {
-    constructor();
-    scan(content: string, filePath: string): Promise<SecurityVulnerability[]>;
-}

package/dist/analyzers/security/detectors/command-injection-detector.js

@@ -1,84 +0,0 @@
-/**
- * Command Injection Detector
- *
- * Detects potential command injection vulnerabilities
- * OWASP A03:2021 - Injection
- */
-import { BaseSecurityDetector } from '../base-detector.js';
-export class CommandInjectionDetector extends BaseSecurityDetector {
-    constructor() {
-        super({
-            id: 'command-injection',
-            name: 'Command Injection',
-            description: 'Detects potential command injection vulnerabilities',
-            severity: 'critical',
-            owaspCategory: 'A03:2021 - Injection',
-            cweId: 'CWE-78',
-        });
-    }
-    async scan(content, filePath) {
-        if (!this.appliesTo(filePath)) {
-            return [];
-        }
-        const vulnerabilities = [];
-        // Pattern 1: exec/execSync with user input
-        const execPatterns = [
-            {
-                pattern: /(?:exec|execSync|spawn|spawnSync)\([^)]*(?:req\.|params\.|query\.|input|user)/gi,
-                method: 'child_process method',
-            },
-            {
-                pattern: /(?:exec|execSync|spawn|spawnSync)\([`'][^`']*\$\{(?:req\.|params\.|query\.|input|user)/gi,
-                method: 'child_process method with template literal',
-            },
-        ];
-        for (const { pattern, method } of execPatterns) {
-            let match;
-            const regex = new RegExp(pattern);
-            while ((match = regex.exec(content)) !== null) {
-                if (this.shouldIgnore(content, match.index)) {
-                    continue;
-                }
-                const line = this.findLineNumber(content, match.index);
-                const code = this.extractCodeSnippet(content, match.index, 1);
-                vulnerabilities.push(this.createVulnerability(filePath, line, code, `${method} uses user input which may lead to command injection`, 'Never pass user input directly to shell commands. Use execFile with array arguments or validate/sanitize input strictly', [
-                    'https://owasp.org/www-community/attacks/Command_Injection',
-                    'https://cheatsheetseries.owasp.org/cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.html',
-                ]));
-            }
-        }
-        // Pattern 2: Shell: true option with user input
-        const shellTruePattern = /(?:exec|spawn)\([^,)]*,\s*\{[^}]*shell:\s*true[^}]*\}/gi;
-        let match;
-        while ((match = shellTruePattern.exec(content)) !== null) {
-            if (this.shouldIgnore(content, match.index)) {
-                continue;
-            }
-            // Check if user input is nearby
-            const contextStart = Math.max(0, match.index - 100);
-            const contextEnd = Math.min(content.length, match.index + 200);
-            const context = content.substring(contextStart, contextEnd);
-            if (/(?:req\.|params\.|query\.|input|user)/.test(context)) {
-                const line = this.findLineNumber(content, match.index);
-                const code = this.extractCodeSnippet(content, match.index, 1);
-                vulnerabilities.push(this.createVulnerability(filePath, line, code, 'Using shell: true with user input is extremely dangerous', 'Avoid shell: true. Use execFile or spawn with array arguments', [
-                    'https://owasp.org/www-community/attacks/Command_Injection',
-                ]));
-            }
-        }
-        // Pattern 3: String concatenation in commands
-        const commandConcatPattern = /(?:exec|execSync)\(['"`][^'"`]*\+\s*(?:req\.|params\.|query\.|input|user)/gi;
-        while ((match = commandConcatPattern.exec(content)) !== null) {
-            if (this.shouldIgnore(content, match.index)) {
-                continue;
-            }
-            const line = this.findLineNumber(content, match.index);
-            const code = this.extractCodeSnippet(content, match.index, 1);
-            vulnerabilities.push(this.createVulnerability(filePath, line, code, 'Command constructed using string concatenation with user input', 'Use execFile with array arguments to avoid command injection', [
-                'https://owasp.org/www-community/attacks/Command_Injection',
-            ]));
-        }
-        return vulnerabilities;
-    }
-}
-//# sourceMappingURL=command-injection-detector.js.map

package/dist/analyzers/security/detectors/command-injection-detector.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"command-injection-detector.js","sourceRoot":"","sources":["../../../../src/analyzers/security/detectors/command-injection-detector.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAG3D,MAAM,OAAO,wBAAyB,SAAQ,oBAAoB;IAChE;QACE,KAAK,CAAC;YACJ,EAAE,EAAE,mBAAmB;YACvB,IAAI,EAAE,mBAAmB;YACzB,WAAW,EAAE,qDAAqD;YAClE,QAAQ,EAAE,UAAU;YACpB,aAAa,EAAE,sBAAsB;YACrC,KAAK,EAAE,QAAQ;SAChB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAe,EAAE,QAAgB;QAC1C,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,eAAe,GAA4B,EAAE,CAAC;QAEpD,2CAA2C;QAC3C,MAAM,YAAY,GAAG;YACnB;gBACE,OAAO,EAAE,iFAAiF;gBAC1F,MAAM,EAAE,sBAAsB;aAC/B;YACD;gBACE,OAAO,EAAE,0FAA0F;gBACnG,MAAM,EAAE,4CAA4C;aACrD;SACF,CAAC;QAEF,KAAK,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;YAC/C,IAAI,KAAK,CAAC;YACV,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC9C,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC5C,SAAS;gBACX,CAAC;gBAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;gBAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,GAAG,MAAM,sDAAsD,EAC/D,yHAAyH,EACzH;oBACE,2DAA2D;oBAC3D,8FAA8F;iBAC/F,CACF,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,gDAAgD;QAChD,MAAM,gBAAgB,GAAG,yDAAyD,CAAC;QACnF,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACzD,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,gCAAgC;YAChC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC;YACpD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC;YAC/D,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;YAE5D,IAAI,uCAAuC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1D,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;gBAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,0DAA0D,EAC1D,+DAA+D,EAC/D;oBACE,2DAA2D;iBAC5D,CACF,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,8CAA8C;QAC9C,MAAM,oBAAoB,GAAG,6EAA6E,CAAC;QAC3G,OAAO,CAAC,KAAK,GAAG,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7D,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,gEAAgE,EAChE,8DAA8D,EAC9D;gBACE,2DAA2D;aAC5D,CACF,CACF,CAAC;QACJ,CAAC;QAED,OAAO,eAAe,CAAC;IACzB,CAAC;CACF"}

package/dist/analyzers/security/detectors/hardcoded-secrets-detector.d.ts

@@ -1,16 +0,0 @@
-/**
- * Hardcoded Secrets Detector
- *
- * Detects hardcoded passwords, API keys, tokens, and other secrets
- * OWASP A02:2021 - Cryptographic Failures
- */
-import { BaseSecurityDetector } from '../base-detector.js';
-import type { SecurityVulnerability } from '../types.js';
-export declare class HardcodedSecretsDetector extends BaseSecurityDetector {
-    constructor();
-    scan(content: string, filePath: string): Promise<SecurityVulnerability[]>;
-    /**
-     * Check if value looks like a placeholder
-     */
-    private isPlaceholder;
-}

package/dist/analyzers/security/detectors/hardcoded-secrets-detector.js

@@ -1,140 +0,0 @@
-/**
- * Hardcoded Secrets Detector
- *
- * Detects hardcoded passwords, API keys, tokens, and other secrets
- * OWASP A02:2021 - Cryptographic Failures
- */
-import { BaseSecurityDetector } from '../base-detector.js';
-export class HardcodedSecretsDetector extends BaseSecurityDetector {
-    constructor() {
-        super({
-            id: 'hardcoded-secrets',
-            name: 'Hardcoded Secrets',
-            description: 'Detects hardcoded passwords, API keys, and tokens',
-            severity: 'critical',
-            owaspCategory: 'A02:2021 - Cryptographic Failures',
-            cweId: 'CWE-798',
-        });
-    }
-    async scan(content, filePath) {
-        if (!this.appliesTo(filePath)) {
-            return [];
-        }
-        const vulnerabilities = [];
-        // Pattern 1: Common secret variable names with hardcoded values
-        const secretVarPatterns = [
-            {
-                pattern: /(?:password|passwd|pwd|secret|token|apikey|api_key|private_key|privatekey)\s*[:=]\s*['"`]([^'"`]{8,})['"`]/gi,
-                type: 'password/token',
-            },
-            {
-                pattern: /(?:auth|authorization|bearer)\s*[:=]\s*['"`]([^'"`]{20,})['"`]/gi,
-                type: 'auth token',
-            },
-            {
-                pattern: /(?:access_token|accesstoken|refresh_token|refreshtoken)\s*[:=]\s*['"`]([^'"`]{20,})['"`]/gi,
-                type: 'access token',
-            },
-        ];
-        for (const { pattern, type } of secretVarPatterns) {
-            let match;
-            const regex = new RegExp(pattern);
-            while ((match = regex.exec(content)) !== null) {
-                if (this.shouldIgnore(content, match.index)) {
-                    continue;
-                }
-                // Skip if it looks like a placeholder
-                const value = match[1];
-                if (this.isPlaceholder(value)) {
-                    continue;
-                }
-                const line = this.findLineNumber(content, match.index);
-                const code = this.extractCodeSnippet(content, match.index, 0);
-                vulnerabilities.push(this.createVulnerability(filePath, line, code, `Hardcoded ${type} detected in source code`, 'Use environment variables or secure secret management systems (e.g., AWS Secrets Manager, HashiCorp Vault)', [
-                    'https://owasp.org/www-community/vulnerabilities/Use_of_hard-coded_password',
-                    'https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html',
-                ]));
-            }
-        }
-        // Pattern 2: AWS Access Keys
-        const awsKeyPattern = /(?:AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}/g;
-        let match;
-        while ((match = awsKeyPattern.exec(content)) !== null) {
-            if (this.shouldIgnore(content, match.index)) {
-                continue;
-            }
-            const line = this.findLineNumber(content, match.index);
-            const code = this.extractCodeSnippet(content, match.index, 0);
-            vulnerabilities.push(this.createVulnerability(filePath, line, code, 'AWS Access Key ID detected in source code', 'Remove hardcoded AWS credentials. Use IAM roles or environment variables', [
-                'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html',
-            ]));
-        }
-        // Pattern 3: Generic API key patterns
-        const apiKeyPattern = /['"`]([a-zA-Z0-9_-]{32,})['"`]/g;
-        while ((match = apiKeyPattern.exec(content)) !== null) {
-            if (this.shouldIgnore(content, match.index)) {
-                continue;
-            }
-            // Check if preceded by key-related variable names
-            const beforeMatch = content.substring(Math.max(0, match.index - 50), match.index);
-            if (/(?:key|token|secret|api)/i.test(beforeMatch)) {
-                const value = match[1];
-                if (this.isPlaceholder(value)) {
-                    continue;
-                }
-                const line = this.findLineNumber(content, match.index);
-                const code = this.extractCodeSnippet(content, match.index, 0);
-                vulnerabilities.push(this.createVulnerability(filePath, line, code, 'Potential API key or token detected in source code', 'Use environment variables to store sensitive credentials', [
-                    'https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html',
-                ]));
-            }
-        }
-        // Pattern 4: JWT tokens
-        const jwtPattern = /eyJ[a-zA-Z0-9_-]+\.eyJ[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+/g;
-        while ((match = jwtPattern.exec(content)) !== null) {
-            if (this.shouldIgnore(content, match.index)) {
-                continue;
-            }
-            const line = this.findLineNumber(content, match.index);
-            const code = this.extractCodeSnippet(content, match.index, 0);
-            vulnerabilities.push(this.createVulnerability(filePath, line, code, 'JWT token detected in source code', 'Never hardcode JWT tokens. Generate them at runtime', [
-                'https://jwt.io/introduction',
-            ]));
-        }
-        // Pattern 5: Database connection strings
-        const dbConnectionPattern = /(?:mongodb|mysql|postgresql|postgres|redis):\/\/[^\s;'"]+:[^\s;'"]+@/gi;
-        while ((match = dbConnectionPattern.exec(content)) !== null) {
-            if (this.shouldIgnore(content, match.index)) {
-                continue;
-            }
-            const line = this.findLineNumber(content, match.index);
-            const code = this.extractCodeSnippet(content, match.index, 0);
-            vulnerabilities.push(this.createVulnerability(filePath, line, code, 'Database connection string with credentials detected in source code', 'Use environment variables for database credentials', [
-                'https://cheatsheetseries.owasp.org/cheatsheets/Database_Security_Cheat_Sheet.html',
-            ]));
-        }
-        return vulnerabilities;
-    }
-    /**
-     * Check if value looks like a placeholder
-     */
-    isPlaceholder(value) {
-        const placeholders = [
-            /^[xX]+$/,
-            /^[*]+$/,
-            /^your[_-]?/i,
-            /^test[_-]?/i,
-            /^example/i,
-            /^placeholder/i,
-            /^dummy/i,
-            /^fake/i,
-            /^sample/i,
-            /^xxx/i,
-            /^todo/i,
-            /^changeme/i,
-            /^replace/i,
-        ];
-        return placeholders.some(pattern => pattern.test(value));
-    }
-}
-//# sourceMappingURL=hardcoded-secrets-detector.js.map

package/dist/analyzers/security/detectors/hardcoded-secrets-detector.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"hardcoded-secrets-detector.js","sourceRoot":"","sources":["../../../../src/analyzers/security/detectors/hardcoded-secrets-detector.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAG3D,MAAM,OAAO,wBAAyB,SAAQ,oBAAoB;IAChE;QACE,KAAK,CAAC;YACJ,EAAE,EAAE,mBAAmB;YACvB,IAAI,EAAE,mBAAmB;YACzB,WAAW,EAAE,mDAAmD;YAChE,QAAQ,EAAE,UAAU;YACpB,aAAa,EAAE,mCAAmC;YAClD,KAAK,EAAE,SAAS;SACjB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAe,EAAE,QAAgB;QAC1C,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,eAAe,GAA4B,EAAE,CAAC;QAEpD,gEAAgE;QAChE,MAAM,iBAAiB,GAAG;YACxB;gBACE,OAAO,EAAE,8GAA8G;gBACvH,IAAI,EAAE,gBAAgB;aACvB;YACD;gBACE,OAAO,EAAE,kEAAkE;gBAC3E,IAAI,EAAE,YAAY;aACnB;YACD;gBACE,OAAO,EAAE,4FAA4F;gBACrG,IAAI,EAAE,cAAc;aACrB;SACF,CAAC;QAEF,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,iBAAiB,EAAE,CAAC;YAClD,IAAI,KAAK,CAAC;YACV,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC9C,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC5C,SAAS;gBACX,CAAC;gBAED,sCAAsC;gBACtC,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACvB,IAAI,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC9B,SAAS;gBACX,CAAC;gBAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;gBAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,aAAa,IAAI,0BAA0B,EAC3C,4GAA4G,EAC5G;oBACE,4EAA4E;oBAC5E,oFAAoF;iBACrF,CACF,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,MAAM,aAAa,GAAG,8DAA8D,CAAC;QACrF,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACtD,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,2CAA2C,EAC3C,0EAA0E,EAC1E;gBACE,kFAAkF;aACnF,CACF,CACF,CAAC;QACJ,CAAC;QAED,sCAAsC;QACtC,MAAM,aAAa,GAAG,iCAAiC,CAAC;QACxD,OAAO,CAAC,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACtD,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,kDAAkD;YAClD,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,GAAG,EAAE,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YAClF,IAAI,2BAA2B,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBAClD,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACvB,IAAI,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC9B,SAAS;gBACX,CAAC;gBAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;gBAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,oDAAoD,EACpD,0DAA0D,EAC1D;oBACE,oFAAoF;iBACrF,CACF,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,wBAAwB;QACxB,MAAM,UAAU,GAAG,uDAAuD,CAAC;QAC3E,OAAO,CAAC,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACnD,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,mCAAmC,EACnC,qDAAqD,EACrD;gBACE,6BAA6B;aAC9B,CACF,CACF,CAAC;QACJ,CAAC;QAED,yCAAyC;QACzC,MAAM,mBAAmB,GAAG,wEAAwE,CAAC;QACrG,OAAO,CAAC,KAAK,GAAG,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC5D,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,qEAAqE,EACrE,oDAAoD,EACpD;gBACE,mFAAmF;aACpF,CACF,CACF,CAAC;QACJ,CAAC;QAED,OAAO,eAAe,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,KAAa;QACjC,MAAM,YAAY,GAAG;YACnB,SAAS;YACT,QAAQ;YACR,aAAa;YACb,aAAa;YACb,WAAW;YACX,eAAe;YACf,SAAS;YACT,QAAQ;YACR,UAAU;YACV,OAAO;YACP,QAAQ;YACR,YAAY;YACZ,WAAW;SACZ,CAAC;QAEF,OAAO,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IAC3D,CAAC;CACF"}

package/dist/analyzers/security/detectors/insecure-deserialization-detector.d.ts

@@ -1,12 +0,0 @@
-/**
- * Insecure Deserialization Detector
- *
- * Detects insecure deserialization vulnerabilities
- * OWASP A08:2021 - Software and Data Integrity Failures
- */
-import { BaseSecurityDetector } from '../base-detector.js';
-import type { SecurityVulnerability } from '../types.js';
-export declare class InsecureDeserializationDetector extends BaseSecurityDetector {
-    constructor();
-    scan(content: string, filePath: string): Promise<SecurityVulnerability[]>;
-}

package/dist/analyzers/security/detectors/insecure-deserialization-detector.js

@@ -1,109 +0,0 @@
-/**
- * Insecure Deserialization Detector
- *
- * Detects insecure deserialization vulnerabilities
- * OWASP A08:2021 - Software and Data Integrity Failures
- */
-import { BaseSecurityDetector } from '../base-detector.js';
-export class InsecureDeserializationDetector extends BaseSecurityDetector {
-    constructor() {
-        super({
-            id: 'insecure-deserialization',
-            name: 'Insecure Deserialization',
-            description: 'Detects insecure deserialization vulnerabilities',
-            severity: 'high',
-            owaspCategory: 'A08:2021 - Software and Data Integrity Failures',
-            cweId: 'CWE-502',
-        });
-    }
-    async scan(content, filePath) {
-        if (!this.appliesTo(filePath)) {
-            return [];
-        }
-        const vulnerabilities = [];
-        // Pattern 1: JSON.parse with user input without validation
-        const jsonParsePattern = /JSON\.parse\((?:req\.|params\.|query\.|input|user)[^)]+\)/gi;
-        let match;
-        while ((match = jsonParsePattern.exec(content)) !== null) {
-            if (this.shouldIgnore(content, match.index)) {
-                continue;
-            }
-            const line = this.findLineNumber(content, match.index);
-            const code = this.extractCodeSnippet(content, match.index, 1);
-            vulnerabilities.push(this.createVulnerability(filePath, line, code, 'JSON.parse with user input without validation may lead to prototype pollution', 'Validate JSON structure after parsing and use Object.create(null) to avoid prototype pollution', [
-                'https://owasp.org/www-community/vulnerabilities/Deserialization_of_untrusted_data',
-                'https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html',
-            ]));
-        }
-        // Pattern 2: eval() with JSON (extremely dangerous)
-        const evalJsonPattern = /eval\([^)]*(?:JSON|json|parse)/gi;
-        while ((match = evalJsonPattern.exec(content)) !== null) {
-            if (this.shouldIgnore(content, match.index)) {
-                continue;
-            }
-            const line = this.findLineNumber(content, match.index);
-            const code = this.extractCodeSnippet(content, match.index, 1);
-            vulnerabilities.push(this.createVulnerability(filePath, line, code, 'Using eval() for JSON parsing is extremely dangerous', 'Use JSON.parse() instead of eval()', [
-                'https://owasp.org/www-community/attacks/Code_Injection',
-            ]));
-        }
-        // Pattern 3: Node.js serialize packages with user input
-        const serializePackages = ['node-serialize', 'serialize-javascript', 'funcster'];
-        for (const pkg of serializePackages) {
-            const pattern = new RegExp(`require\\(['"\`]${pkg}['"\`]\\)`, 'gi');
-            let pkgMatch;
-            while ((pkgMatch = pattern.exec(content)) !== null) {
-                // Check if there's deserialization with user input nearby
-                const contextStart = pkgMatch.index;
-                const contextEnd = Math.min(content.length, pkgMatch.index + 500);
-                const context = content.substring(contextStart, contextEnd);
-                if (/(?:unserialize|deserialize|parse)\([^)]*(?:req\.|params\.|query\.|input|user)/i.test(context)) {
-                    const line = this.findLineNumber(content, pkgMatch.index);
-                    const code = this.extractCodeSnippet(content, pkgMatch.index, 2);
-                    vulnerabilities.push(this.createVulnerability(filePath, line, code, `Package ${pkg} used for deserialization of user input is dangerous`, 'Avoid deserializing untrusted data. Use JSON.parse() with validation', [
-                        'https://owasp.org/www-community/vulnerabilities/Deserialization_of_untrusted_data',
-                    ]));
-                }
-            }
-        }
-        // Pattern 4: Object.assign with user input (prototype pollution)
-        const objectAssignPattern = /Object\.assign\([^,)]*,\s*(?:req\.|params\.|query\.|input|user)/gi;
-        while ((match = objectAssignPattern.exec(content)) !== null) {
-            if (this.shouldIgnore(content, match.index)) {
-                continue;
-            }
-            const line = this.findLineNumber(content, match.index);
-            const code = this.extractCodeSnippet(content, match.index, 1);
-            vulnerabilities.push(this.createVulnerability(filePath, line, code, 'Object.assign with user input may lead to prototype pollution', 'Validate and sanitize user input before using Object.assign. Consider using Object.create(null)', [
-                'https://owasp.org/www-community/vulnerabilities/Deserialization_of_untrusted_data',
-                'https://cheatsheetseries.owasp.org/cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.html',
-            ]));
-        }
-        // Pattern 5: Spread operator with user input
-        const spreadPattern = /\{\.\.\.(?:req\.|params\.|query\.|input|user)[^}]*\}/gi;
-        while ((match = spreadPattern.exec(content)) !== null) {
-            if (this.shouldIgnore(content, match.index)) {
-                continue;
-            }
-            const line = this.findLineNumber(content, match.index);
-            const code = this.extractCodeSnippet(content, match.index, 1);
-            vulnerabilities.push(this.createVulnerability(filePath, line, code, 'Spread operator with user input may lead to prototype pollution', 'Validate user input before spreading. Use allowlist of permitted fields', [
-                'https://cheatsheetseries.owasp.org/cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.html',
-            ]));
-        }
-        // Pattern 6: vm module with user input
-        const vmPattern = /(?:runInContext|runInNewContext|runInThisContext)\([^)]*(?:req\.|params\.|query\.|input|user)/gi;
-        while ((match = vmPattern.exec(content)) !== null) {
-            if (this.shouldIgnore(content, match.index)) {
-                continue;
-            }
-            const line = this.findLineNumber(content, match.index);
-            const code = this.extractCodeSnippet(content, match.index, 1);
-            vulnerabilities.push(this.createVulnerability(filePath, line, code, 'vm module with user input is extremely dangerous', 'Never execute user-provided code. Find alternative solutions', [
-                'https://nodejs.org/api/vm.html#vm_vm_executing_javascript',
-            ]));
-        }
-        return vulnerabilities;
-    }
-}
-//# sourceMappingURL=insecure-deserialization-detector.js.map

package/dist/analyzers/security/detectors/insecure-deserialization-detector.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"insecure-deserialization-detector.js","sourceRoot":"","sources":["../../../../src/analyzers/security/detectors/insecure-deserialization-detector.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAG3D,MAAM,OAAO,+BAAgC,SAAQ,oBAAoB;IACvE;QACE,KAAK,CAAC;YACJ,EAAE,EAAE,0BAA0B;YAC9B,IAAI,EAAE,0BAA0B;YAChC,WAAW,EAAE,kDAAkD;YAC/D,QAAQ,EAAE,MAAM;YAChB,aAAa,EAAE,iDAAiD;YAChE,KAAK,EAAE,SAAS;SACjB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAe,EAAE,QAAgB;QAC1C,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,eAAe,GAA4B,EAAE,CAAC;QAEpD,2DAA2D;QAC3D,MAAM,gBAAgB,GAAG,6DAA6D,CAAC;QACvF,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACzD,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,+EAA+E,EAC/E,gGAAgG,EAChG;gBACE,mFAAmF;gBACnF,iFAAiF;aAClF,CACF,CACF,CAAC;QACJ,CAAC;QAED,oDAAoD;QACpD,MAAM,eAAe,GAAG,kCAAkC,CAAC;QAC3D,OAAO,CAAC,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACxD,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,sDAAsD,EACtD,oCAAoC,EACpC;gBACE,wDAAwD;aACzD,CACF,CACF,CAAC;QACJ,CAAC;QAED,wDAAwD;QACxD,MAAM,iBAAiB,GAAG,CAAC,gBAAgB,EAAE,sBAAsB,EAAE,UAAU,CAAC,CAAC;QACjF,KAAK,MAAM,GAAG,IAAI,iBAAiB,EAAE,CAAC;YACpC,MAAM,OAAO,GAAG,IAAI,MAAM,CAAC,mBAAmB,GAAG,WAAW,EAAE,IAAI,CAAC,CAAC;YACpE,IAAI,QAAQ,CAAC;YAEb,OAAO,CAAC,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBACnD,0DAA0D;gBAC1D,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC;gBACpC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC;gBAClE,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;gBAE5D,IAAI,gFAAgF,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBACnG,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC;oBAC1D,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;oBAEjE,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,WAAW,GAAG,sDAAsD,EACpE,sEAAsE,EACtE;wBACE,mFAAmF;qBACpF,CACF,CACF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,iEAAiE;QACjE,MAAM,mBAAmB,GAAG,mEAAmE,CAAC;QAChG,OAAO,CAAC,KAAK,GAAG,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC5D,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,+DAA+D,EAC/D,iGAAiG,EACjG;gBACE,mFAAmF;gBACnF,gGAAgG;aACjG,CACF,CACF,CAAC;QACJ,CAAC;QAED,6CAA6C;QAC7C,MAAM,aAAa,GAAG,wDAAwD,CAAC;QAC/E,OAAO,CAAC,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACtD,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,iEAAiE,EACjE,yEAAyE,EACzE;gBACE,gGAAgG;aACjG,CACF,CACF,CAAC;QACJ,CAAC;QAED,uCAAuC;QACvC,MAAM,SAAS,GAAG,iGAAiG,CAAC;QACpH,OAAO,CAAC,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAClD,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACvD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAE9D,eAAe,CAAC,IAAI,CAClB,IAAI,CAAC,mBAAmB,CACtB,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,kDAAkD,EAClD,8DAA8D,EAC9D;gBACE,2DAA2D;aAC5D,CACF,CACF,CAAC;QACJ,CAAC;QAED,OAAO,eAAe,CAAC;IACzB,CAAC;CACF"}

package/dist/analyzers/security/detectors/insecure-random-detector.d.ts

@@ -1,12 +0,0 @@
-/**
- * Insecure Random Detector
- *
- * Detects use of cryptographically weak random number generators
- * OWASP A02:2021 - Cryptographic Failures
- */
-import { BaseSecurityDetector } from '../base-detector.js';
-import type { SecurityVulnerability } from '../types.js';
-export declare class InsecureRandomDetector extends BaseSecurityDetector {
-    constructor();
-    scan(content: string, filePath: string): Promise<SecurityVulnerability[]>;
-}