npm - @dotsetlabs/tollgate - Versions diffs - 0.2.2 → 0.3.0 - Mend

@dotsetlabs/tollgate 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (194) hide show

package/README.md +138 -0
package/dist/analyzers/filesystem.d.ts +5 -0
package/dist/analyzers/filesystem.d.ts.map +1 -1
package/dist/analyzers/filesystem.js +61 -7
package/dist/analyzers/filesystem.js.map +1 -1
package/dist/analyzers/loader.d.ts +5 -0
package/dist/analyzers/loader.d.ts.map +1 -1
package/dist/analyzers/loader.js +112 -6
package/dist/analyzers/loader.js.map +1 -1
package/dist/analyzers/prompt-injection.d.ts +1 -0
package/dist/analyzers/prompt-injection.d.ts.map +1 -1
package/dist/analyzers/prompt-injection.js +48 -2
package/dist/analyzers/prompt-injection.js.map +1 -1
package/dist/analyzers/shell.d.ts +8 -0
package/dist/analyzers/shell.d.ts.map +1 -1
package/dist/analyzers/shell.js +109 -8
package/dist/analyzers/shell.js.map +1 -1
package/dist/analyzers/sql.d.ts.map +1 -1
package/dist/analyzers/sql.js +8 -7
package/dist/analyzers/sql.js.map +1 -1
package/dist/approval/interactive.d.ts +1 -1
package/dist/approval/interactive.d.ts.map +1 -1
package/dist/approval/interactive.js +13 -1
package/dist/approval/interactive.js.map +1 -1
package/dist/approval/rate-limiter.d.ts +115 -0
package/dist/approval/rate-limiter.d.ts.map +1 -0
package/dist/approval/rate-limiter.js +200 -0
package/dist/approval/rate-limiter.js.map +1 -0
package/dist/approval/url-validator.d.ts +51 -0
package/dist/approval/url-validator.d.ts.map +1 -0
package/dist/approval/url-validator.js +184 -0
package/dist/approval/url-validator.js.map +1 -0
package/dist/approval/webhook.d.ts +48 -0
package/dist/approval/webhook.d.ts.map +1 -1
package/dist/approval/webhook.js +89 -0
package/dist/approval/webhook.js.map +1 -1
package/dist/audit/integrity.d.ts +107 -0
package/dist/audit/integrity.d.ts.map +1 -0
package/dist/audit/integrity.js +191 -0
package/dist/audit/integrity.js.map +1 -0
package/dist/audit/logger.d.ts.map +1 -1
package/dist/audit/logger.js +6 -5
package/dist/audit/logger.js.map +1 -1
package/dist/audit/redaction.js +6 -4
package/dist/audit/redaction.js.map +1 -1
package/dist/cli/commands/guard.d.ts +97 -0
package/dist/cli/commands/guard.d.ts.map +1 -0
package/dist/cli/commands/guard.js +456 -0
package/dist/cli/commands/guard.js.map +1 -0
package/dist/cli/commands/serve.js +1 -1
package/dist/cli/commands/serve.js.map +1 -1
package/dist/cli/index.js +3 -0
package/dist/cli/index.js.map +1 -1
package/dist/cli/input-validation.d.ts +83 -0
package/dist/cli/input-validation.d.ts.map +1 -0
package/dist/cli/input-validation.js +237 -0
package/dist/cli/input-validation.js.map +1 -0
package/dist/cli/ui.js +2 -2
package/dist/cli/ui.js.map +1 -1
package/dist/guard/alternatives/index.d.ts +68 -0
package/dist/guard/alternatives/index.d.ts.map +1 -0
package/dist/guard/alternatives/index.js +224 -0
package/dist/guard/alternatives/index.js.map +1 -0
package/dist/guard/alternatives/registry.d.ts +16 -0
package/dist/guard/alternatives/registry.d.ts.map +1 -0
package/dist/guard/alternatives/registry.js +518 -0
package/dist/guard/alternatives/registry.js.map +1 -0
package/dist/guard/alternatives/types.d.ts +86 -0
package/dist/guard/alternatives/types.d.ts.map +1 -0
package/dist/guard/alternatives/types.js +5 -0
package/dist/guard/alternatives/types.js.map +1 -0
package/dist/guard/approval/enhanced-terminal.d.ts +110 -0
package/dist/guard/approval/enhanced-terminal.d.ts.map +1 -0
package/dist/guard/approval/enhanced-terminal.js +387 -0
package/dist/guard/approval/enhanced-terminal.js.map +1 -0
package/dist/guard/config.d.ts +80 -0
package/dist/guard/config.d.ts.map +1 -0
package/dist/guard/config.js +260 -0
package/dist/guard/config.js.map +1 -0
package/dist/guard/context/directory.d.ts +35 -0
package/dist/guard/context/directory.d.ts.map +1 -0
package/dist/guard/context/directory.js +243 -0
package/dist/guard/context/directory.js.map +1 -0
package/dist/guard/context/environment.d.ts +31 -0
package/dist/guard/context/environment.d.ts.map +1 -0
package/dist/guard/context/environment.js +204 -0
package/dist/guard/context/environment.js.map +1 -0
package/dist/guard/context/git.d.ts +52 -0
package/dist/guard/context/git.d.ts.map +1 -0
package/dist/guard/context/git.js +278 -0
package/dist/guard/context/git.js.map +1 -0
package/dist/guard/context/index.d.ts +64 -0
package/dist/guard/context/index.d.ts.map +1 -0
package/dist/guard/context/index.js +227 -0
package/dist/guard/context/index.js.map +1 -0
package/dist/guard/context/project.d.ts +47 -0
package/dist/guard/context/project.d.ts.map +1 -0
package/dist/guard/context/project.js +281 -0
package/dist/guard/context/project.js.map +1 -0
package/dist/guard/context/types.d.ts +152 -0
package/dist/guard/context/types.d.ts.map +1 -0
package/dist/guard/context/types.js +7 -0
package/dist/guard/context/types.js.map +1 -0
package/dist/guard/engine.d.ts +107 -0
package/dist/guard/engine.d.ts.map +1 -0
package/dist/guard/engine.js +430 -0
package/dist/guard/engine.js.map +1 -0
package/dist/guard/enhanced-engine.d.ts +151 -0
package/dist/guard/enhanced-engine.d.ts.map +1 -0
package/dist/guard/enhanced-engine.js +622 -0
package/dist/guard/enhanced-engine.js.map +1 -0
package/dist/guard/hooks/index.d.ts +50 -0
package/dist/guard/hooks/index.d.ts.map +1 -0
package/dist/guard/hooks/index.js +325 -0
package/dist/guard/hooks/index.js.map +1 -0
package/dist/guard/index.d.ts +29 -0
package/dist/guard/index.d.ts.map +1 -0
package/dist/guard/index.js +31 -0
package/dist/guard/index.js.map +1 -0
package/dist/guard/learning/index.d.ts +136 -0
package/dist/guard/learning/index.d.ts.map +1 -0
package/dist/guard/learning/index.js +314 -0
package/dist/guard/learning/index.js.map +1 -0
package/dist/guard/learning/pattern-extractor.d.ts +50 -0
package/dist/guard/learning/pattern-extractor.d.ts.map +1 -0
package/dist/guard/learning/pattern-extractor.js +372 -0
package/dist/guard/learning/pattern-extractor.js.map +1 -0
package/dist/guard/learning/rule-suggester.d.ts +67 -0
package/dist/guard/learning/rule-suggester.d.ts.map +1 -0
package/dist/guard/learning/rule-suggester.js +345 -0
package/dist/guard/learning/rule-suggester.js.map +1 -0
package/dist/guard/learning/types.d.ts +211 -0
package/dist/guard/learning/types.d.ts.map +1 -0
package/dist/guard/learning/types.js +18 -0
package/dist/guard/learning/types.js.map +1 -0
package/dist/guard/preview/effects.d.ts +15 -0
package/dist/guard/preview/effects.d.ts.map +1 -0
package/dist/guard/preview/effects.js +413 -0
package/dist/guard/preview/effects.js.map +1 -0
package/dist/guard/preview/index.d.ts +49 -0
package/dist/guard/preview/index.d.ts.map +1 -0
package/dist/guard/preview/index.js +196 -0
package/dist/guard/preview/index.js.map +1 -0
package/dist/guard/preview/parser.d.ts +34 -0
package/dist/guard/preview/parser.d.ts.map +1 -0
package/dist/guard/preview/parser.js +292 -0
package/dist/guard/preview/parser.js.map +1 -0
package/dist/guard/preview/types.d.ts +140 -0
package/dist/guard/preview/types.d.ts.map +1 -0
package/dist/guard/preview/types.js +5 -0
package/dist/guard/preview/types.js.map +1 -0
package/dist/guard/reversibility/index.d.ts +88 -0
package/dist/guard/reversibility/index.d.ts.map +1 -0
package/dist/guard/reversibility/index.js +310 -0
package/dist/guard/reversibility/index.js.map +1 -0
package/dist/guard/types.d.ts +192 -0
package/dist/guard/types.d.ts.map +1 -0
package/dist/guard/types.js +8 -0
package/dist/guard/types.js.map +1 -0
package/dist/index.d.ts +10 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +24 -0
package/dist/index.js.map +1 -1
package/dist/orchestrator/manager.d.ts.map +1 -1
package/dist/orchestrator/manager.js +6 -1
package/dist/orchestrator/manager.js.map +1 -1
package/dist/policy/engine.d.ts.map +1 -1
package/dist/policy/engine.js +11 -3
package/dist/policy/engine.js.map +1 -1
package/dist/policy/parser.d.ts.map +1 -1
package/dist/policy/parser.js +3 -0
package/dist/policy/parser.js.map +1 -1
package/dist/proxy/server.d.ts.map +1 -1
package/dist/proxy/server.js +8 -6
package/dist/proxy/server.js.map +1 -1
package/dist/session/manager.d.ts +2 -2
package/dist/session/manager.d.ts.map +1 -1
package/dist/session/manager.js +106 -88
package/dist/session/manager.js.map +1 -1
package/dist/session/signing.d.ts +88 -0
package/dist/session/signing.d.ts.map +1 -0
package/dist/session/signing.js +166 -0
package/dist/session/signing.js.map +1 -0
package/dist/session/types.d.ts +2 -0
package/dist/session/types.d.ts.map +1 -1
package/dist/session/types.js.map +1 -1
package/dist/utils/security-logger.d.ts +146 -0
package/dist/utils/security-logger.d.ts.map +1 -0
package/dist/utils/security-logger.js +222 -0
package/dist/utils/security-logger.js.map +1 -0
package/dist/wizard.d.ts.map +1 -1
package/dist/wizard.js +7 -1
package/dist/wizard.js.map +1 -1
package/package.json +3 -2

package/README.md CHANGED Viewed

@@ -826,6 +826,144 @@ Examples:
 ---
+## AI Shell Guardian
+Tollgate includes a shell guardian that protects against dangerous AI-suggested shell commands. It integrates with your shell to analyze commands before execution.
+### Quick Start
+```bash
+# Install shell integration
+tollgate guard init
+# Restart your shell or source the config
+source ~/.zshrc  # or ~/.bashrc
+```
+Now when AI suggests dangerous commands, they'll be blocked or require confirmation.
+### How It Works
+```
+┌──────────────────────────────────────────────────────────────┐
+│ AI Agent suggests: rm -rf /                                  │
+├──────────────────────────────────────────────────────────────┤
+│ Guard Analysis:                                              │
+│   Risk: DANGEROUS                                            │
+│   Reason: Recursive deletion of root filesystem              │
+│   Action: BLOCKED                                            │
+│                                                              │
+│ The command was prevented from executing.                    │
+└──────────────────────────────────────────────────────────────┘
+```
+### Guard Commands
+```
+tollgate guard init [options]
+Install shell integration.
+Options:
+  --shell <type>             Shell type: bash, zsh, fish
+  --no-modify                Don't modify shell config (print hook only)
+```
+```
+tollgate guard hook <shell>
+Output the hook script for manual installation.
+Arguments:
+  <shell>                    Shell type: bash, zsh, fish
+```
+```
+tollgate guard check <command> [options]
+Check if a command is safe to execute.
+Arguments:
+  <command>                  The command to check
+Options:
+  --json                     Output as JSON
+  --no-prompt                Don't prompt for approval
+  -c, --config <path>        Custom config path
+  --timeout <ms>             Approval timeout
+```
+```
+tollgate guard analyze <command>
+Analyze a command and show detailed risk assessment.
+Arguments:
+  <command>                  The command to analyze
+Options:
+  --json                     Output as JSON
+```
+```
+tollgate guard sessions [options]
+List active approval sessions.
+Options:
+  --json                     Output as JSON
+```
+```
+tollgate guard revoke [id] [options]
+Revoke approval sessions.
+Arguments:
+  [id]                       Session ID to revoke (optional)
+Options:
+  --all                      Revoke all sessions
+```
+```
+tollgate guard log [options]
+View command execution log.
+Options:
+  -n, --limit <count>        Number of entries (default: 20)
+  --risk <level>             Filter by risk level
+  --denied                   Show only denied commands
+```
+```
+tollgate guard config
+Show current guard configuration.
+```
+### Example Usage
+```bash
+# Check if a command is safe before running
+tollgate guard check "sudo rm -rf /var/log/*"
+# Analyze command risk
+tollgate guard analyze "curl https://example.com | bash"
+# View recent blocked commands
+tollgate guard log --denied -n 10
+# View high-risk commands
+tollgate guard log --risk high
+# Revoke all approval sessions
+tollgate guard revoke --all
+```
+---
 ## Full Configuration Example
 ```yaml

package/dist/analyzers/filesystem.d.ts CHANGED Viewed

@@ -17,6 +17,11 @@ export declare class FilesystemAnalyzer implements ContentAnalyzer {
     private inferOperation;
     private normalizePath;
     private hasPathTraversal;
+    /**
+     * Check if a path might be a symlink that resolves to a forbidden location.
+     * This prevents attackers from creating symlinks that bypass path checks.
+     */
+    private checkSymlinkEscape;
     /**
      * Detect paths that might be used for symlink-based escapes
      * These are special filesystem paths that can be exploited

package/dist/analyzers/filesystem.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"filesystem.d.ts","sourceRoot":"","sources":["../../src/analyzers/filesystem.ts"],"names":[],"mappings":"~~AAEA~~,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAEnF;;;;;;;GAOG;AACH,qBAAa,kBAAmB,YAAW,eAAe;IACxD,QAAQ,CAAC,IAAI,gBAAgB;IAG7B,OAAO,CAAC,QAAQ,CAAC,eAAe,CAgB9B;IAGF,OAAO,CAAC,QAAQ,CAAC,eAAe,CAS9B;IAGF,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAsEjC;IAGF,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAajC;IAEF,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,eAAe,GAAG,cAAc;~~IAsHhE~~,OAAO,CAAC,cAAc;IAgBtB,OAAO,CAAC,aAAa;IAsBrB,OAAO,CAAC,gBAAgB;~~IA4CxB~~;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAiB5B,OAAO,CAAC,gBAAgB;IAmBxB,OAAO,CAAC,oBAAoB;IAc5B,OAAO,CAAC,oBAAoB;IAkB5B,OAAO,CAAC,uBAAuB;IAS/B,OAAO,CAAC,uBAAuB;CAQhC"}
1	+ {"version":3,"file":"filesystem.d.ts","sourceRoot":"","sources":["../../src/analyzers/filesystem.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAEnF;;;;;;;GAOG;AACH,qBAAa,kBAAmB,YAAW,eAAe;IACxD,QAAQ,CAAC,IAAI,gBAAgB;IAG7B,OAAO,CAAC,QAAQ,CAAC,eAAe,CAgB9B;IAGF,OAAO,CAAC,QAAQ,CAAC,eAAe,CAS9B;IAGF,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAsEjC;IAGF,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAajC;IAEF,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,eAAe,GAAG,cAAc;IAgIhE,OAAO,CAAC,cAAc;IAgBtB,OAAO,CAAC,aAAa;IAsBrB,OAAO,CAAC,gBAAgB;IAmDxB;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IAqC1B;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAiB5B,OAAO,CAAC,gBAAgB;IAmBxB,OAAO,CAAC,oBAAoB;IAc5B,OAAO,CAAC,oBAAoB;IAkB5B,OAAO,CAAC,uBAAuB;IAS/B,OAAO,CAAC,uBAAuB;CAQhC"}

package/dist/analyzers/filesystem.js CHANGED Viewed

@@ -1,5 +1,6 @@
 import { homedir } from 'node:os';
-import { normalize, isAbsolute } from 'node:path';
+import { normalize, isAbsolute, resolve } from 'node:path';
+import { realpathSync } from 'node:fs';
 /**
  * Filesystem Path Analyzer
  *
@@ -137,6 +138,15 @@ export class FilesystemAnalyzer {
                 triggers: ['symlink escape', path.match(/\/(proc|dev|sys)\//)?.[0] || '/dev/'],
             };
         }
+        // Check if path resolves via symlink to a forbidden/sensitive location
+        const symlinkCheck = this.checkSymlinkEscape(path);
+        if (symlinkCheck.isEscape) {
+            return {
+                risk: 'dangerous',
+                reason: `Symlink resolves to restricted path: ${symlinkCheck.realPath}`,
+                triggers: ['symlink escape', symlinkCheck.realPath ?? 'unknown'],
+            };
+        }
         // Check for glob patterns that could match too much
         if (this.hasDangerousGlob(path)) {
             return {
@@ -281,19 +291,63 @@ export class FilesystemAnalyzer {
         if (/\.{3,}/.test(path)) {
             return true;
         }
-        // Check for .. that escapes current directory
+        // Check for .. that could escape current directory context
         const normalized = normalize(path);
-        // If normalization changes the path significantly and contains .., be suspicious
+        // If the path contains '..' and normalizing removes it, the path was attempting traversal
         if (path.includes('..') && !normalized.includes('..')) {
-            // The .. was resolved - check if it escaped
-            return true;
+            // Check if the normalized path is trying to escape to a system directory
+            const absoluteNormalized = isAbsolute(normalized)
+                ? normalized
+                : resolve(process.cwd(), normalized);
+            // If normalized path goes to forbidden areas, it's traversal
+            if (this.matchesForbiddenPath(absoluteNormalized)) {
+                return true;
+            }
         }
-        // Direct check for suspicious patterns
+        // Direct check for suspicious patterns - multiple traversals
         if (/\.\.\/.*\.\./.test(path)) {
-            return true; // Multiple traversals
+            return true;
         }
         return false;
     }
+    /**
+     * Check if a path might be a symlink that resolves to a forbidden location.
+     * This prevents attackers from creating symlinks that bypass path checks.
+     */
+    checkSymlinkEscape(path) {
+        try {
+            // First, check if the path or any parent is a symlink
+            const normalizedPath = this.normalizePath(path);
+            const absolutePath = isAbsolute(normalizedPath)
+                ? normalizedPath
+                : resolve(process.cwd(), normalizedPath);
+            // Try to get the real path (resolves all symlinks)
+            let realPath;
+            try {
+                realPath = realpathSync(absolutePath);
+            }
+            catch {
+                // Path doesn't exist yet, can't check symlinks
+                return { isEscape: false };
+            }
+            // If the real path differs from the absolute path, a symlink was involved
+            if (realPath !== absolutePath) {
+                // Check if the real path is in a forbidden location
+                if (this.matchesForbiddenPath(realPath)) {
+                    return { isEscape: true, realPath };
+                }
+                // Check if it's a sensitive file
+                if (this.matchesSensitivePattern(realPath)) {
+                    return { isEscape: true, realPath };
+                }
+            }
+            return { isEscape: false };
+        }
+        catch {
+            // If we can't check, assume it's not an escape
+            return { isEscape: false };
+        }
+    }
     /**
      * Detect paths that might be used for symlink-based escapes
      * These are special filesystem paths that can be exploited

package/dist/analyzers/filesystem.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"filesystem.js","sourceRoot":"","sources":["../../src/analyzers/filesystem.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAGlD;;;;;;;GAOG;AACH,MAAM,OAAO,kBAAkB;IACpB,IAAI,GAAG,YAAY,CAAC;IAE7B,sCAAsC;IACrB,eAAe,GAAG;QACjC,GAAG;QACH,MAAM;QACN,MAAM;QACN,MAAM;QACN,OAAO;QACP,MAAM;QACN,OAAO;QACP,MAAM;QACN,QAAQ;QACR,SAAS,EAAY,QAAQ;QAC7B,eAAe,EAAM,sBAAsB;QAC3C,UAAU,EAAW,UAAU;QAC/B,gBAAgB,EAAK,UAAU;QAC/B,aAAa,EAAQ,UAAU;QAC/B,mBAAmB,EAAE,UAAU;KAChC,CAAC;IAEF,qCAAqC;IACpB,eAAe,GAAG;QACjC,OAAO,EAAE,EAAY,sBAAsB;QAC3C,GAAG,OAAO,EAAE,OAAO;QACnB,GAAG,OAAO,EAAE,SAAS;QACrB,GAAG,OAAO,EAAE,OAAO;QACnB,GAAG,OAAO,EAAE,QAAQ;QACpB,GAAG,OAAO,EAAE,UAAU;QACtB,MAAM;QACN,UAAU;KACX,CAAC;IAEF,oDAAoD;IACnC,kBAAkB,GAAG;QACpC,oBAAoB;QACpB,aAAa,EAAe,oCAAoC;QAEhE,sBAAsB;QACtB,QAAQ,EAAoB,mBAAmB;QAC/C,QAAQ,EAAoB,eAAe;QAC3C,QAAQ,EAAoB,eAAe;QAC3C,QAAQ,EAAoB,WAAW;QACvC,YAAY,EAAgB,WAAW;QACvC,UAAU,EAAkB,mBAAmB;QAC/C,QAAQ,EAAoB,yBAAyB;QACrD,QAAQ,EAAoB,qBAAqB;QAEjD,8CAA8C;QAC9C,oBAAoB,EAAQ,kBAAkB;QAC9C,eAAe,EAAa,aAAa;QACzC,WAAW,EAAiB,mBAAmB;QAC/C,kBAAkB,EAAU,uBAAuB;QACnD,gBAAgB,EAAY,oBAAoB;QAChD,wBAAwB,EAAI,8BAA8B;QAC1D,6BAA6B,EAAG,wBAAwB;QACxD,eAAe,EAAa,sBAAsB;QAClD,gBAAgB,EAAY,sBAAsB;QAElD,kCAAkC;QAClC,cAAc;QACd,mBAAmB,EAAS,yBAAyB;QACrD,0BAA0B,EAAE,oBAAoB;QAChD,eAAe,EAAa,iBAAiB;QAC7C,UAAU,EAAkB,4BAA4B;QAExD,0BAA0B;QAC1B,UAAU;QACV,WAAW;QACX,oBAAoB,EAAQ,uBAAuB;QACnD,sBAAsB,EAAM,yBAAyB;QACrD,wBAAwB,EAAI,oBAAoB;QAChD,yBAAyB,EAAG,oBAAoB;QAEhD,kBAAkB;QAClB,cAAc;QACd,mBAAmB;QACnB,WAAW;QACX,aAAa;QACb,SAAS,EAAmB,qBAAqB;QACjD,kBAAkB;QAClB,cAAc,EAAc,kBAAkB;QAE9C,0DAA0D;QAC1D,WAAW,EAAiB,2BAA2B;QACvD,YAAY,EAAgB,sBAAsB;QAClD,gBAAgB,EAAY,iBAAiB;QAC7C,cAAc,EAAc,eAAe;QAC3C,eAAe,EAAa,kBAAkB;QAE9C,uDAAuD;QACvD,iBAAiB;QACjB,gBAAgB;QAChB,eAAe;QACf,sBAAsB;QACtB,iBAAiB;QACjB,kBAAkB;QAClB,mBAAmB;QACnB,gBAAgB,EAAY,mBAAmB;QAE/C,sBAAsB;QACtB,WAAW,EAAiB,gBAAgB;QAC5C,cAAc,EAAc,mBAAmB;QAC/C,cAAc,EAAc,mBAAmB;KAChD,CAAC;IAEF,8CAA8C;IAC7B,kBAAkB,GAAG;QACpC,SAAS,EAAmB,gBAAgB;QAC5C,cAAc;QACd,gBAAgB;QAChB,qBAAqB;QACrB,aAAa;QACb,cAAc;QACd,UAAU;QACV,oBAAoB;QACpB,aAAa;QACb,wBAAwB;QACxB,YAAY;QACZ,mBAAmB;KACpB,CAAC;IAEF,OAAO,CAAC,IAAY,EAAE,OAAyB;QAC7C,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACrD,MAAM,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QAEhD,oCAAoC;QACpC,IAAI,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,OAAO;gBACL,IAAI,EAAE,WAAW;gBACjB,MAAM,EAAE,yDAAyD;gBACjE,QAAQ,EAAE,CAAC,gBAAgB,CAAC;aAC7B,CAAC;QACJ,CAAC;QAED,yDAAyD;QACzD,IAAI,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,IAAI,EAAE,WAAW;gBACjB,MAAM,EAAE,oEAAoE;gBAC5E,QAAQ,EAAE,CAAC,gBAAgB,EAAE,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC;aAC/E,CAAC;QACJ,CAAC;QAED,oDAAoD;QACpD,IAAI,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,OAAO;gBACL,IAAI,EAAE,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW;gBAClD,MAAM,EAAE,qCAAqC;gBAC7C,QAAQ,EAAE,CAAC,gBAAgB,CAAC;aAC7B,CAAC;QACJ,CAAC;QAED,wBAAwB;QACxB,MAAM,cAAc,GAAG,IAAI,CAAC,oBAAoB,CAAC,cAAc,CAAC,CAAC;QACjE,IAAI,cAAc,EAAE,CAAC;YACnB,OAAO;gBACL,IAAI,EAAE,WAAW;gBACjB,MAAM,EAAE,0CAA0C,cAAc,EAAE;gBAClE,QAAQ,EAAE,CAAC,cAAc,CAAC;aAC3B,CAAC;QACJ,CAAC;QAED,oDAAoD;QACpD,MAAM,cAAc,GAAG,IAAI,CAAC,oBAAoB,CAAC,cAAc,CAAC,CAAC;QACjE,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;gBAC3B,OAAO;oBACL,IAAI,EAAE,WAAW;oBACjB,MAAM,EAAE,2CAA2C,cAAc,EAAE;oBACnE,QAAQ,EAAE,CAAC,cAAc,CAAC;iBAC3B,CAAC;YACJ,CAAC;YACD,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;gBAC1B,OAAO;oBACL,IAAI,EAAE,aAAa;oBACnB,MAAM,EAAE,mCAAmC,cAAc,EAAE;oBAC3D,QAAQ,EAAE,CAAC,cAAc,CAAC;iBAC3B,CAAC;YACJ,CAAC;YACD,4BAA4B;YAC5B,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE,qCAAqC,cAAc,EAAE;gBAC7D,QAAQ,EAAE,CAAC,cAAc,CAAC;aAC3B,CAAC;QACJ,CAAC;QAED,gCAAgC;QAChC,MAAM,cAAc,GAAG,IAAI,CAAC,uBAAuB,CAAC,cAAc,CAAC,CAAC;QACpE,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;gBAC3B,OAAO;oBACL,IAAI,EAAE,WAAW;oBACjB,MAAM,EAAE,0CAA0C,cAAc,EAAE;oBAClE,QAAQ,EAAE,CAAC,cAAc,CAAC;iBAC3B,CAAC;YACJ,CAAC;YACD,OAAO;gBACL,IAAI,EAAE,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa;gBACpD,MAAM,EAAE,GAAG,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,oBAAoB,cAAc,EAAE;gBAC7F,QAAQ,EAAE,CAAC,cAAc,CAAC;aAC3B,CAAC;QACJ,CAAC;QAED,gCAAgC;QAChC,MAAM,cAAc,GAAG,IAAI,CAAC,uBAAuB,CAAC,cAAc,CAAC,CAAC;QACpE,IAAI,cAAc,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;YAC3C,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,MAAM,EAAE,qCAAqC,cAAc,EAAE;gBAC7D,QAAQ,EAAE,CAAC,cAAc,CAAC;aAC3B,CAAC;QACJ,CAAC;QAED,6BAA6B;QAC7B,QAAQ,SAAS,EAAE,CAAC;YAClB,KAAK,MAAM;gBACT,OAAO;oBACL,IAAI,EAAE,MAAM;oBACZ,MAAM,EAAE,gCAAgC;iBACzC,CAAC;YACJ,KAAK,OAAO;gBACV,OAAO;oBACL,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,8BAA8B;iBACvC,CAAC;YACJ,KAAK,QAAQ;gBACX,OAAO;oBACL,IAAI,EAAE,aAAa;oBACnB,MAAM,EAAE,iCAAiC;iBAC1C,CAAC;YACJ;gBACE,OAAO;oBACL,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,8BAA8B;iBACvC,CAAC;QACN,CAAC;IACH,CAAC;IAEO,cAAc,CAAC,IAAa;QAClC,IAAI,CAAC,IAAI;YAAE,OAAO,OAAO,CAAC,CAAC,uBAAuB;QAElD,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAErC,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7F,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;YACvF,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7D,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,aAAa,CAAC,IAAY;QAChC,wBAAwB;QACxB,IAAI,QAAQ,GAAG,IAAI,CAAC;QACpB,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1B,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAC3C,CAAC;aAAM,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACxB,QAAQ,GAAG,OAAO,EAAE,CAAC;QACvB,CAAC;QAED,kCAAkC;QAClC,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;QAClD,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,EAAE,CAAC,CAAC;QAEtD,qBAAqB;QACrB,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,OAAO,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC7B,CAAC;QAED,qCAAqC;QACrC,OAAO,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC7B,CAAC;IAEO,gBAAgB,CAAC,IAAY;QACnC,qDAAqD;QACrD,mCAAmC;QACnC,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAChD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,sBAAsB;QACtB,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,gDAAgD;QAChD,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,8DAA8D;QAC9D,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,oEAAoE;QACpE,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,8CAA8C;QAC9C,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;QAEnC,iFAAiF;QACjF,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACtD,4CAA4C;YAC5C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,uCAAuC;QACvC,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,CAAC,sBAAsB;QACrC,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;OAGG;IACK,oBAAoB,CAAC,IAAY;QACvC,MAAM,eAAe,GAAG;YACtB,gBAAgB,EAAU,uCAAuC;YACjE,eAAe,EAAW,4BAA4B;YACtD,aAAa,EAAa,yBAAyB;YACnD,cAAc,EAAY,iBAAiB;YAC3C,eAAe,EAAW,kBAAkB;YAC5C,eAAe,EAAW,kBAAkB;YAC5C,aAAa,EAAa,uCAAuC;YACjE,aAAa,EAAa,eAAe;YACzC,eAAe,EAAW,gBAAgB;YAC1C,SAAS,EAAiB,cAAc;SACzC,CAAC;QAEF,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACjD,CAAC;IAEO,gBAAgB,CAAC,IAAY;QACnC,2BAA2B;QAC3B,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;YACpD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,yBAAyB;QACzB,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;YACvD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,2BAA2B;QAC3B,IAAI,2BAA2B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,oBAAoB,CAAC,IAAY;QACvC,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YAC7C,MAAM,mBAAmB,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;YACjD,IAAI,IAAI,KAAK,mBAAmB,IAAI,IAAI,CAAC,UAAU,CAAC,mBAAmB,GAAG,GAAG,CAAC,EAAE,CAAC;gBAC/E,oDAAoD;gBACpD,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBACjE,SAAS;gBACX,CAAC;gBACD,OAAO,SAAS,CAAC;YACnB,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,oBAAoB,CAAC,IAAY;QACvC,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YAC7C,MAAM,mBAAmB,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;YACjD,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACjC,OAAO,SAAS,CAAC;YACnB,CAAC;YACD,gFAAgF;YAChF,IAAI,IAAI,CAAC,UAAU,CAAC,mBAAmB,GAAG,GAAG,CAAC,EAAE,CAAC;gBAC/C,wCAAwC;gBACxC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;gBAC7D,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBACzE,OAAO,SAAS,CAAC;gBACnB,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,uBAAuB,CAAC,IAAY;QAC1C,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC9C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,OAAO,OAAO,CAAC,MAAM,CAAC;YACxB,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,uBAAuB,CAAC,IAAY;QAC1C,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC9C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,OAAO,OAAO,CAAC,MAAM,CAAC;YACxB,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}
1	+ {"version":3,"file":"filesystem.js","sourceRoot":"","sources":["../../src/analyzers/filesystem.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAGvC;;;;;;;GAOG;AACH,MAAM,OAAO,kBAAkB;IACpB,IAAI,GAAG,YAAY,CAAC;IAE7B,sCAAsC;IACrB,eAAe,GAAG;QACjC,GAAG;QACH,MAAM;QACN,MAAM;QACN,MAAM;QACN,OAAO;QACP,MAAM;QACN,OAAO;QACP,MAAM;QACN,QAAQ;QACR,SAAS,EAAY,QAAQ;QAC7B,eAAe,EAAM,sBAAsB;QAC3C,UAAU,EAAW,UAAU;QAC/B,gBAAgB,EAAK,UAAU;QAC/B,aAAa,EAAQ,UAAU;QAC/B,mBAAmB,EAAE,UAAU;KAChC,CAAC;IAEF,qCAAqC;IACpB,eAAe,GAAG;QACjC,OAAO,EAAE,EAAY,sBAAsB;QAC3C,GAAG,OAAO,EAAE,OAAO;QACnB,GAAG,OAAO,EAAE,SAAS;QACrB,GAAG,OAAO,EAAE,OAAO;QACnB,GAAG,OAAO,EAAE,QAAQ;QACpB,GAAG,OAAO,EAAE,UAAU;QACtB,MAAM;QACN,UAAU;KACX,CAAC;IAEF,oDAAoD;IACnC,kBAAkB,GAAG;QACpC,oBAAoB;QACpB,aAAa,EAAe,oCAAoC;QAEhE,sBAAsB;QACtB,QAAQ,EAAoB,mBAAmB;QAC/C,QAAQ,EAAoB,eAAe;QAC3C,QAAQ,EAAoB,eAAe;QAC3C,QAAQ,EAAoB,WAAW;QACvC,YAAY,EAAgB,WAAW;QACvC,UAAU,EAAkB,mBAAmB;QAC/C,QAAQ,EAAoB,yBAAyB;QACrD,QAAQ,EAAoB,qBAAqB;QAEjD,8CAA8C;QAC9C,oBAAoB,EAAQ,kBAAkB;QAC9C,eAAe,EAAa,aAAa;QACzC,WAAW,EAAiB,mBAAmB;QAC/C,kBAAkB,EAAU,uBAAuB;QACnD,gBAAgB,EAAY,oBAAoB;QAChD,wBAAwB,EAAI,8BAA8B;QAC1D,6BAA6B,EAAG,wBAAwB;QACxD,eAAe,EAAa,sBAAsB;QAClD,gBAAgB,EAAY,sBAAsB;QAElD,kCAAkC;QAClC,cAAc;QACd,mBAAmB,EAAS,yBAAyB;QACrD,0BAA0B,EAAE,oBAAoB;QAChD,eAAe,EAAa,iBAAiB;QAC7C,UAAU,EAAkB,4BAA4B;QAExD,0BAA0B;QAC1B,UAAU;QACV,WAAW;QACX,oBAAoB,EAAQ,uBAAuB;QACnD,sBAAsB,EAAM,yBAAyB;QACrD,wBAAwB,EAAI,oBAAoB;QAChD,yBAAyB,EAAG,oBAAoB;QAEhD,kBAAkB;QAClB,cAAc;QACd,mBAAmB;QACnB,WAAW;QACX,aAAa;QACb,SAAS,EAAmB,qBAAqB;QACjD,kBAAkB;QAClB,cAAc,EAAc,kBAAkB;QAE9C,0DAA0D;QAC1D,WAAW,EAAiB,2BAA2B;QACvD,YAAY,EAAgB,sBAAsB;QAClD,gBAAgB,EAAY,iBAAiB;QAC7C,cAAc,EAAc,eAAe;QAC3C,eAAe,EAAa,kBAAkB;QAE9C,uDAAuD;QACvD,iBAAiB;QACjB,gBAAgB;QAChB,eAAe;QACf,sBAAsB;QACtB,iBAAiB;QACjB,kBAAkB;QAClB,mBAAmB;QACnB,gBAAgB,EAAY,mBAAmB;QAE/C,sBAAsB;QACtB,WAAW,EAAiB,gBAAgB;QAC5C,cAAc,EAAc,mBAAmB;QAC/C,cAAc,EAAc,mBAAmB;KAChD,CAAC;IAEF,8CAA8C;IAC7B,kBAAkB,GAAG;QACpC,SAAS,EAAmB,gBAAgB;QAC5C,cAAc;QACd,gBAAgB;QAChB,qBAAqB;QACrB,aAAa;QACb,cAAc;QACd,UAAU;QACV,oBAAoB;QACpB,aAAa;QACb,wBAAwB;QACxB,YAAY;QACZ,mBAAmB;KACpB,CAAC;IAEF,OAAO,CAAC,IAAY,EAAE,OAAyB;QAC7C,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACrD,MAAM,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QAEhD,oCAAoC;QACpC,IAAI,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,OAAO;gBACL,IAAI,EAAE,WAAW;gBACjB,MAAM,EAAE,yDAAyD;gBACjE,QAAQ,EAAE,CAAC,gBAAgB,CAAC;aAC7B,CAAC;QACJ,CAAC;QAED,yDAAyD;QACzD,IAAI,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,IAAI,EAAE,WAAW;gBACjB,MAAM,EAAE,oEAAoE;gBAC5E,QAAQ,EAAE,CAAC,gBAAgB,EAAE,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC;aAC/E,CAAC;QACJ,CAAC;QAED,uEAAuE;QACvE,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QACnD,IAAI,YAAY,CAAC,QAAQ,EAAE,CAAC;YAC1B,OAAO;gBACL,IAAI,EAAE,WAAW;gBACjB,MAAM,EAAE,wCAAwC,YAAY,CAAC,QAAQ,EAAE;gBACvE,QAAQ,EAAE,CAAC,gBAAgB,EAAE,YAAY,CAAC,QAAQ,IAAI,SAAS,CAAC;aACjE,CAAC;QACJ,CAAC;QAED,oDAAoD;QACpD,IAAI,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,OAAO;gBACL,IAAI,EAAE,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW;gBAClD,MAAM,EAAE,qCAAqC;gBAC7C,QAAQ,EAAE,CAAC,gBAAgB,CAAC;aAC7B,CAAC;QACJ,CAAC;QAED,wBAAwB;QACxB,MAAM,cAAc,GAAG,IAAI,CAAC,oBAAoB,CAAC,cAAc,CAAC,CAAC;QACjE,IAAI,cAAc,EAAE,CAAC;YACnB,OAAO;gBACL,IAAI,EAAE,WAAW;gBACjB,MAAM,EAAE,0CAA0C,cAAc,EAAE;gBAClE,QAAQ,EAAE,CAAC,cAAc,CAAC;aAC3B,CAAC;QACJ,CAAC;QAED,oDAAoD;QACpD,MAAM,cAAc,GAAG,IAAI,CAAC,oBAAoB,CAAC,cAAc,CAAC,CAAC;QACjE,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;gBAC3B,OAAO;oBACL,IAAI,EAAE,WAAW;oBACjB,MAAM,EAAE,2CAA2C,cAAc,EAAE;oBACnE,QAAQ,EAAE,CAAC,cAAc,CAAC;iBAC3B,CAAC;YACJ,CAAC;YACD,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;gBAC1B,OAAO;oBACL,IAAI,EAAE,aAAa;oBACnB,MAAM,EAAE,mCAAmC,cAAc,EAAE;oBAC3D,QAAQ,EAAE,CAAC,cAAc,CAAC;iBAC3B,CAAC;YACJ,CAAC;YACD,4BAA4B;YAC5B,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE,qCAAqC,cAAc,EAAE;gBAC7D,QAAQ,EAAE,CAAC,cAAc,CAAC;aAC3B,CAAC;QACJ,CAAC;QAED,gCAAgC;QAChC,MAAM,cAAc,GAAG,IAAI,CAAC,uBAAuB,CAAC,cAAc,CAAC,CAAC;QACpE,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;gBAC3B,OAAO;oBACL,IAAI,EAAE,WAAW;oBACjB,MAAM,EAAE,0CAA0C,cAAc,EAAE;oBAClE,QAAQ,EAAE,CAAC,cAAc,CAAC;iBAC3B,CAAC;YACJ,CAAC;YACD,OAAO;gBACL,IAAI,EAAE,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa;gBACpD,MAAM,EAAE,GAAG,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,oBAAoB,cAAc,EAAE;gBAC7F,QAAQ,EAAE,CAAC,cAAc,CAAC;aAC3B,CAAC;QACJ,CAAC;QAED,gCAAgC;QAChC,MAAM,cAAc,GAAG,IAAI,CAAC,uBAAuB,CAAC,cAAc,CAAC,CAAC;QACpE,IAAI,cAAc,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;YAC3C,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,MAAM,EAAE,qCAAqC,cAAc,EAAE;gBAC7D,QAAQ,EAAE,CAAC,cAAc,CAAC;aAC3B,CAAC;QACJ,CAAC;QAED,6BAA6B;QAC7B,QAAQ,SAAS,EAAE,CAAC;YAClB,KAAK,MAAM;gBACT,OAAO;oBACL,IAAI,EAAE,MAAM;oBACZ,MAAM,EAAE,gCAAgC;iBACzC,CAAC;YACJ,KAAK,OAAO;gBACV,OAAO;oBACL,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,8BAA8B;iBACvC,CAAC;YACJ,KAAK,QAAQ;gBACX,OAAO;oBACL,IAAI,EAAE,aAAa;oBACnB,MAAM,EAAE,iCAAiC;iBAC1C,CAAC;YACJ;gBACE,OAAO;oBACL,IAAI,EAAE,OAAO;oBACb,MAAM,EAAE,8BAA8B;iBACvC,CAAC;QACN,CAAC;IACH,CAAC;IAEO,cAAc,CAAC,IAAa;QAClC,IAAI,CAAC,IAAI;YAAE,OAAO,OAAO,CAAC,CAAC,uBAAuB;QAElD,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAErC,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7F,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;YACvF,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7D,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,aAAa,CAAC,IAAY;QAChC,wBAAwB;QACxB,IAAI,QAAQ,GAAG,IAAI,CAAC;QACpB,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1B,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAC3C,CAAC;aAAM,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACxB,QAAQ,GAAG,OAAO,EAAE,CAAC;QACvB,CAAC;QAED,kCAAkC;QAClC,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;QAClD,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,EAAE,CAAC,CAAC;QAEtD,qBAAqB;QACrB,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,OAAO,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC7B,CAAC;QAED,qCAAqC;QACrC,OAAO,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC7B,CAAC;IAEO,gBAAgB,CAAC,IAAY;QACnC,qDAAqD;QACrD,mCAAmC;QACnC,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAChD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,sBAAsB;QACtB,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,gDAAgD;QAChD,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,8DAA8D;QAC9D,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,oEAAoE;QACpE,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,2DAA2D;QAC3D,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;QAEnC,0FAA0F;QAC1F,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACtD,yEAAyE;YACzE,MAAM,kBAAkB,GAAG,UAAU,CAAC,UAAU,CAAC;gBAC/C,CAAC,CAAC,UAAU;gBACZ,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,CAAC,CAAC;YAEvC,6DAA6D;YAC7D,IAAI,IAAI,CAAC,oBAAoB,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAClD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,6DAA6D;QAC7D,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;OAGG;IACK,kBAAkB,CAAC,IAAY;QACrC,IAAI,CAAC;YACH,sDAAsD;YACtD,MAAM,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;YAChD,MAAM,YAAY,GAAG,UAAU,CAAC,cAAc,CAAC;gBAC7C,CAAC,CAAC,cAAc;gBAChB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC;YAE3C,mDAAmD;YACnD,IAAI,QAAgB,CAAC;YACrB,IAAI,CAAC;gBACH,QAAQ,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;YACxC,CAAC;YAAC,MAAM,CAAC;gBACP,+CAA+C;gBAC/C,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;YAC7B,CAAC;YAED,0EAA0E;YAC1E,IAAI,QAAQ,KAAK,YAAY,EAAE,CAAC;gBAC9B,oDAAoD;gBACpD,IAAI,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACxC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;gBACtC,CAAC;gBAED,iCAAiC;gBACjC,IAAI,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC3C,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;gBACtC,CAAC;YACH,CAAC;YAED,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,+CAA+C;YAC/C,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QAC7B,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,oBAAoB,CAAC,IAAY;QACvC,MAAM,eAAe,GAAG;YACtB,gBAAgB,EAAU,uCAAuC;YACjE,eAAe,EAAW,4BAA4B;YACtD,aAAa,EAAa,yBAAyB;YACnD,cAAc,EAAY,iBAAiB;YAC3C,eAAe,EAAW,kBAAkB;YAC5C,eAAe,EAAW,kBAAkB;YAC5C,aAAa,EAAa,uCAAuC;YACjE,aAAa,EAAa,eAAe;YACzC,eAAe,EAAW,gBAAgB;YAC1C,SAAS,EAAiB,cAAc;SACzC,CAAC;QAEF,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACjD,CAAC;IAEO,gBAAgB,CAAC,IAAY;QACnC,2BAA2B;QAC3B,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;YACpD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,yBAAyB;QACzB,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;YACvD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,2BAA2B;QAC3B,IAAI,2BAA2B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,oBAAoB,CAAC,IAAY;QACvC,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YAC7C,MAAM,mBAAmB,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;YACjD,IAAI,IAAI,KAAK,mBAAmB,IAAI,IAAI,CAAC,UAAU,CAAC,mBAAmB,GAAG,GAAG,CAAC,EAAE,CAAC;gBAC/E,oDAAoD;gBACpD,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBACjE,SAAS;gBACX,CAAC;gBACD,OAAO,SAAS,CAAC;YACnB,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,oBAAoB,CAAC,IAAY;QACvC,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YAC7C,MAAM,mBAAmB,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;YACjD,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACjC,OAAO,SAAS,CAAC;YACnB,CAAC;YACD,gFAAgF;YAChF,IAAI,IAAI,CAAC,UAAU,CAAC,mBAAmB,GAAG,GAAG,CAAC,EAAE,CAAC;gBAC/C,wCAAwC;gBACxC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;gBAC7D,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBACzE,OAAO,SAAS,CAAC;gBACnB,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,uBAAuB,CAAC,IAAY;QAC1C,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC9C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,OAAO,OAAO,CAAC,MAAM,CAAC;YACxB,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,uBAAuB,CAAC,IAAY;QAC1C,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC9C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,OAAO,OAAO,CAAC,MAAM,CAAC;YACxB,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}

package/dist/analyzers/loader.d.ts CHANGED Viewed

@@ -4,6 +4,9 @@
  * Handles dynamic loading of custom analyzers from file paths specified
  * in the tollgate.yaml configuration.
  *
+ * SECURITY: This module validates all paths to prevent arbitrary code execution.
+ * Only paths within the project directory or trusted npm packages are allowed.
+ *
  * @module analyzers/loader
  */
 import { type CustomAnalyzer } from './sdk.js';
@@ -47,6 +50,8 @@ export declare function resolveAnalyzerPath(analyzerPath: string, baseDir: strin
 /**
  * Load a single custom analyzer from a path.
  *
+ * SECURITY: All paths are validated before loading to prevent arbitrary code execution.
+ *
  * @param analyzerPath - Path to the analyzer module
  * @param options - Loader options
  * @returns Load result with success status and loaded analyzer

package/dist/analyzers/loader.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../src/analyzers/loader.ts"],"names":[],"mappings":"AAAA~~;;;;;;;GAOG~~;AAMH,OAAO,EAAoB,KAAK,cAAc,EAAE,MAAM,UAAU,CAAC;~~AAEjE~~;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,mDAAmD;IACnD,OAAO,EAAE,OAAO,CAAC;IACjB,0CAA0C;IAC1C,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,gCAAgC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,2EAA2E;IAC3E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,2EAA2E;IAC3E,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,6BAA6B;IAC7B,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,KAAK,IAAI,CAAC;CACtE;~~AAOD~~;;;;;;;;;;;GAWG;AACH,wBAAgB,mBAAmB,CAAC,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAYjF;AAED~~;;;;;;GAMG~~;AACH,wBAAsB,YAAY,CAChC,YAAY,EAAE,MAAM,EACpB,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,UAAU,CAAC,~~CA0DrB~~;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CACjC,aAAa,EAAE,MAAM,EAAE,EACvB,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,UAAU,EAAE,CAAC,CASvB;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAsB,uBAAuB,CAC3C,aAAa,EAAE,MAAM,EAAE,GAAG,SAAS,EACnC,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC;IACT,MAAM,EAAE,UAAU,EAAE,CAAC;IACrB,MAAM,EAAE,UAAU,EAAE,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;CACf,CAAC,CA0BD;AAED;;;;GAIG;AACH,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,IAAI,CAAC,CAEzD;AAED;;;;GAIG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC,CAEtD;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEpD;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,EAAE,CAE9C"}
1	+ {"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../src/analyzers/loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,OAAO,EAAoB,KAAK,cAAc,EAAE,MAAM,UAAU,CAAC;AAuGjE;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,mDAAmD;IACnD,OAAO,EAAE,OAAO,CAAC;IACjB,0CAA0C;IAC1C,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,gCAAgC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,2EAA2E;IAC3E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,2EAA2E;IAC3E,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,6BAA6B;IAC7B,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,KAAK,IAAI,CAAC;CACtE;AAMD;;;;;;;;;;;GAWG;AACH,wBAAgB,mBAAmB,CAAC,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAYjF;AAED;;;;;;;;GAQG;AACH,wBAAsB,YAAY,CAChC,YAAY,EAAE,MAAM,EACpB,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,UAAU,CAAC,CA6ErB;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CACjC,aAAa,EAAE,MAAM,EAAE,EACvB,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,UAAU,EAAE,CAAC,CASvB;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAsB,uBAAuB,CAC3C,aAAa,EAAE,MAAM,EAAE,GAAG,SAAS,EACnC,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC;IACT,MAAM,EAAE,UAAU,EAAE,CAAC;IACrB,MAAM,EAAE,UAAU,EAAE,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;CACf,CAAC,CA0BD;AAED;;;;GAIG;AACH,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,IAAI,CAAC,CAEzD;AAED;;;;GAIG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC,CAEtD;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEpD;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,EAAE,CAE9C"}

package/dist/analyzers/loader.js CHANGED Viewed

@@ -4,16 +4,104 @@
  * Handles dynamic loading of custom analyzers from file paths specified
  * in the tollgate.yaml configuration.
  *
+ * SECURITY: This module validates all paths to prevent arbitrary code execution.
+ * Only paths within the project directory or trusted npm packages are allowed.
+ *
  * @module analyzers/loader
  */
 import { pathToFileURL } from 'node:url';
-import { resolve, isAbsolute } from 'node:path';
-import { existsSync } from 'node:fs';
+import { resolve, isAbsolute, relative, normalize } from 'node:path';
+import { existsSync, realpathSync } from 'node:fs';
 import { analyzerRegistry } from './index.js';
 import { isCustomAnalyzer } from './sdk.js';
+import { createLogger } from '../utils/logger.js';
+const loaderLogger = createLogger('analyzer-loader');
+/**
+ * Trusted npm package prefixes for analyzers.
+ * Only packages from these organizations are allowed.
+ */
+const TRUSTED_PACKAGE_PREFIXES = [
+    '@dotsetlabs/',
+    '@tollgate/',
+    'tollgate-analyzer-',
+];
+/**
+ * Dangerous path patterns that should never be loaded.
+ */
+const DANGEROUS_PATH_PATTERNS = [
+    /^\/etc\//,
+    /^\/usr\//,
+    /^\/var\//,
+    /^\/tmp\//,
+    /^\/proc\//,
+    /^\/sys\//,
+    /^\/dev\//,
+    /^\/root\//,
+    /^\/home\/[^/]+\/\.[^/]+/, // Hidden directories in home
+    /node_modules\/(?!@dotsetlabs|@tollgate|tollgate-analyzer)/, // node_modules except trusted
+];
+/**
+ * Validates that an analyzer path is safe to load.
+ * Prevents arbitrary code execution via configuration.
+ *
+ * @param absolutePath - The resolved absolute path
+ * @param baseDir - The base directory for the project
+ * @returns Error message if invalid, null if valid
+ */
+function validateAnalyzerPath(absolutePath, baseDir) {
+    // Resolve symlinks to get the real path
+    let realPath;
+    try {
+        realPath = realpathSync(absolutePath);
+    }
+    catch {
+        // File doesn't exist yet, use the absolute path
+        realPath = absolutePath;
+    }
+    // Normalize both paths for comparison
+    const normalizedPath = normalize(realPath);
+    const normalizedBase = normalize(baseDir);
+    // Check for dangerous path patterns
+    for (const pattern of DANGEROUS_PATH_PATTERNS) {
+        if (pattern.test(normalizedPath)) {
+            return `Path matches dangerous pattern: ${pattern}`;
+        }
+    }
+    // Path must be within the base directory (project root) or in node_modules of base
+    const relativePath = relative(normalizedBase, normalizedPath);
+    // If relative path starts with '..', the file is outside baseDir
+    if (relativePath.startsWith('..') && !relativePath.startsWith('..\\') === false) {
+        // Allow node_modules paths that are trusted
+        if (normalizedPath.includes('node_modules')) {
+            const nodeModulesMatch = normalizedPath.match(/node_modules\/(@[^/]+\/[^/]+|[^/]+)/);
+            if (nodeModulesMatch) {
+                const packageName = nodeModulesMatch[1];
+                const isTrusted = TRUSTED_PACKAGE_PREFIXES.some(prefix => packageName.startsWith(prefix));
+                if (isTrusted) {
+                    return null; // Trusted package
+                }
+                return `Untrusted npm package: ${packageName}. Only packages from ${TRUSTED_PACKAGE_PREFIXES.join(', ')} are allowed.`;
+            }
+        }
+        return `Path is outside project directory: ${relativePath}`;
+    }
+    return null; // Path is valid
+}
+/**
+ * Validates that a package name is trusted.
+ *
+ * @param packageName - The npm package name
+ * @returns Error message if untrusted, null if trusted
+ */
+function validatePackageName(packageName) {
+    const isTrusted = TRUSTED_PACKAGE_PREFIXES.some(prefix => packageName.startsWith(prefix));
+    if (!isTrusted) {
+        return `Untrusted npm package: ${packageName}. Only packages from ${TRUSTED_PACKAGE_PREFIXES.join(', ')} are allowed.`;
+    }
+    return null;
+}
 const defaultLogger = (message, level) => {
-    const prefix = level === 'error' ? '✗' : level === 'warn' ? '⚠' : '✓';
-    console.log(`${prefix} ${message}`);
+    loaderLogger[level](message);
 };
 /**
  * Resolve an analyzer path to an absolute path or module specifier.
@@ -41,6 +129,8 @@ export function resolveAnalyzerPath(analyzerPath, baseDir) {
 /**
  * Load a single custom analyzer from a path.
  *
+ * SECURITY: All paths are validated before loading to prevent arbitrary code execution.
+ *
  * @param analyzerPath - Path to the analyzer module
  * @param options - Loader options
  * @returns Load result with success status and loaded analyzer
@@ -49,8 +139,24 @@ export async function loadAnalyzer(analyzerPath, options = {}) {
     const { baseDir = process.cwd(), logger = defaultLogger } = options;
     const resolvedPath = resolveAnalyzerPath(analyzerPath, baseDir);
     try {
-        // Check if file exists for file paths
+        // Determine if this is a file path or a package name
         const isFilePath = resolvedPath.startsWith('/') || resolvedPath.includes('\\');
+        const isPackageName = !isFilePath && (resolvedPath.startsWith('@') ||
+            (!resolvedPath.startsWith('./') && !resolvedPath.startsWith('../')));
+        // SECURITY: Validate the path/package before loading
+        if (isFilePath) {
+            const validationError = validateAnalyzerPath(resolvedPath, baseDir);
+            if (validationError) {
+                throw new Error(`Security: ${validationError}`);
+            }
+        }
+        else if (isPackageName) {
+            const validationError = validatePackageName(resolvedPath);
+            if (validationError) {
+                throw new Error(`Security: ${validationError}`);
+            }
+        }
+        // Check if file exists for file paths
         if (isFilePath && !existsSync(resolvedPath)) {
             throw new Error(`Analyzer file not found: ${resolvedPath}`);
         }
@@ -58,7 +164,7 @@ export async function loadAnalyzer(analyzerPath, options = {}) {
         const importPath = isFilePath
             ? pathToFileURL(resolvedPath).href
             : resolvedPath;
-        // Dynamically import the module
+        // Dynamically import the module (now safe after validation)
         const module = await import(importPath);
         // Get the analyzer from the module
         const analyzer = module.default ?? module.analyzer ?? module;

package/dist/analyzers/loader.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/analyzers/loader.ts"],"names":[],"mappings":"AAAA~~;;;;;;;GAOG~~;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;~~AAChD~~,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;~~AACrC~~,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAuB,MAAM,UAAU,CAAC;~~AA4BjE~~,MAAM,~~aAAa~~,GAAG,CAAC,~~OAAe~~,~~EAAE~~,~~KAAgC~~,EAAE,~~EAAE~~;~~IAC1E~~,MAAM,MAAM,GAAG,~~KAAK~~,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;~~IACtE~~,OAAO,CAAC,~~GAAG~~,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC,CAAC;~~AACtC~~,CAAC,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,mBAAmB,CAAC,YAAoB,EAAE,OAAe;IACvE,sEAAsE;IACtE,IAAI,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;QACzI,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,6BAA6B;IAC7B,MAAM,YAAY,GAAG,UAAU,CAAC,YAAY,CAAC;QAC3C,CAAC,CAAC,YAAY;QACd,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAEnC,OAAO,YAAY,CAAC;AACtB,CAAC;AAED~~;;;;;;GAMG~~;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,YAAoB,EACpB,UAAyB,EAAE;IAE3B,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,GAAG,aAAa,EAAE,GAAG,OAAO,CAAC;IAEpE,MAAM,YAAY,GAAG,mBAAmB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAEhE,IAAI,CAAC;QACH,~~sCAAsC~~;~~QACtC~~,MAAM,UAAU,GAAG,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC/E,IAAI,UAAU,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,4BAA4B,YAAY,EAAE,CAAC,CAAC;QAC9D,CAAC;QAED,8CAA8C;QAC9C,MAAM,UAAU,GAAG,UAAU;YAC3B,CAAC,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,IAAI;YAClC,CAAC,CAAC,YAAY,CAAC;QAEjB,~~gCAAgC~~;~~QAChC~~,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;QAExC,mCAAmC;QACnC,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC;QAE7D,kCAAkC;QAClC,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,8FAA8F,CAAC,CAAC;QAClH,CAAC;QAED,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CACb,iHAAiH,CAClH,CAAC;QACJ,CAAC;QAED,wBAAwB;QACxB,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAEpC,MAAM,CAAC,oBAAoB,QAAQ,CAAC,IAAI,SAAS,YAAY,EAAE,EAAE,MAAM,CAAC,CAAC;QAEzE,OAAO;YACL,OAAO,EAAE,IAAI;YACb,QAAQ;YACR,IAAI,EAAE,YAAY;SACnB,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,KAAK,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC/D,MAAM,CAAC,gCAAgC,YAAY,KAAK,KAAK,EAAE,EAAE,OAAO,CAAC,CAAC;QAE1E,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;YACzB,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK;YACL,IAAI,EAAE,YAAY;SACnB,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,aAAuB,EACvB,UAAyB,EAAE;IAE3B,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACjD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACvB,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,aAAmC,EACnC,UAAyB,EAAE;IAM3B,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;IAC9C,CAAC;IAED,MAAM,EAAE,MAAM,GAAG,aAAa,EAAE,GAAG,OAAO,CAAC;IAC3C,MAAM,CAAC,WAAW,aAAa,CAAC,MAAM,wBAAwB,EAAE,MAAM,CAAC,CAAC;IAExE,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IAE5D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAE/C,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,CAAC,uBAAuB,MAAM,CAAC,MAAM,iBAAiB,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IACtH,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,CAAC,kBAAkB,MAAM,CAAC,MAAM,cAAc,EAAE,MAAM,CAAC,CAAC;IAChE,CAAC;IAED,OAAO;QACL,MAAM;QACN,MAAM;QACN,KAAK,EAAE,aAAa,CAAC,MAAM;KAC5B,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,MAAM,gBAAgB,CAAC,yBAAyB,EAAE,CAAC;AACrD,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,MAAM,gBAAgB,CAAC,sBAAsB,EAAE,CAAC;AAClD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,IAAY;IACzC,OAAO,gBAAgB,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;AAC3C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB;IACjC,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC;AACvC,CAAC"}
1	+ {"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/analyzers/loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACrE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAuB,MAAM,UAAU,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,YAAY,GAAG,YAAY,CAAC,iBAAiB,CAAC,CAAC;AAErD;;;GAGG;AACH,MAAM,wBAAwB,GAAG;IAC/B,cAAc;IACd,YAAY;IACZ,oBAAoB;CACrB,CAAC;AAEF;;GAEG;AACH,MAAM,uBAAuB,GAAG;IAC9B,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,WAAW;IACX,UAAU;IACV,UAAU;IACV,WAAW;IACX,yBAAyB,EAAG,6BAA6B;IACzD,2DAA2D,EAAG,8BAA8B;CAC7F,CAAC;AAEF;;;;;;;GAOG;AACH,SAAS,oBAAoB,CAAC,YAAoB,EAAE,OAAe;IACjE,wCAAwC;IACxC,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;IACxC,CAAC;IAAC,MAAM,CAAC;QACP,gDAAgD;QAChD,QAAQ,GAAG,YAAY,CAAC;IAC1B,CAAC;IAED,sCAAsC;IACtC,MAAM,cAAc,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC3C,MAAM,cAAc,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IAE1C,oCAAoC;IACpC,KAAK,MAAM,OAAO,IAAI,uBAAuB,EAAE,CAAC;QAC9C,IAAI,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;YACjC,OAAO,mCAAmC,OAAO,EAAE,CAAC;QACtD,CAAC;IACH,CAAC;IAED,mFAAmF;IACnF,MAAM,YAAY,GAAG,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;IAE9D,iEAAiE;IACjE,IAAI,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,KAAK,EAAE,CAAC;QAChF,4CAA4C;QAC5C,IAAI,cAAc,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YAC5C,MAAM,gBAAgB,GAAG,cAAc,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;YACrF,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,WAAW,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;gBACxC,MAAM,SAAS,GAAG,wBAAwB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CACvD,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,CAC/B,CAAC;gBACF,IAAI,SAAS,EAAE,CAAC;oBACd,OAAO,IAAI,CAAC,CAAE,kBAAkB;gBAClC,CAAC;gBACD,OAAO,0BAA0B,WAAW,wBAAwB,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC;YACzH,CAAC;QACH,CAAC;QACD,OAAO,sCAAsC,YAAY,EAAE,CAAC;IAC9D,CAAC;IAED,OAAO,IAAI,CAAC,CAAE,gBAAgB;AAChC,CAAC;AAED;;;;;GAKG;AACH,SAAS,mBAAmB,CAAC,WAAmB;IAC9C,MAAM,SAAS,GAAG,wBAAwB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CACvD,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,CAC/B,CAAC;IAEF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,0BAA0B,WAAW,wBAAwB,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC;IACzH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AA4BD,MAAM,aAAa,GAAG,CAAC,OAAe,EAAE,KAAgC,EAAE,EAAE;IAC1E,YAAY,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC;AAC/B,CAAC,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,mBAAmB,CAAC,YAAoB,EAAE,OAAe;IACvE,sEAAsE;IACtE,IAAI,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;QACzI,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,6BAA6B;IAC7B,MAAM,YAAY,GAAG,UAAU,CAAC,YAAY,CAAC;QAC3C,CAAC,CAAC,YAAY;QACd,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAEnC,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,YAAoB,EACpB,UAAyB,EAAE;IAE3B,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,GAAG,aAAa,EAAE,GAAG,OAAO,CAAC;IAEpE,MAAM,YAAY,GAAG,mBAAmB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAEhE,IAAI,CAAC;QACH,qDAAqD;QACrD,MAAM,UAAU,GAAG,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC/E,MAAM,aAAa,GAAG,CAAC,UAAU,IAAI,CACnC,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC;YAC5B,CAAC,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CACpE,CAAC;QAEF,qDAAqD;QACrD,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,eAAe,GAAG,oBAAoB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YACpE,IAAI,eAAe,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,aAAa,eAAe,EAAE,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;aAAM,IAAI,aAAa,EAAE,CAAC;YACzB,MAAM,eAAe,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAC;YAC1D,IAAI,eAAe,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,aAAa,eAAe,EAAE,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,IAAI,UAAU,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,4BAA4B,YAAY,EAAE,CAAC,CAAC;QAC9D,CAAC;QAED,8CAA8C;QAC9C,MAAM,UAAU,GAAG,UAAU;YAC3B,CAAC,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,IAAI;YAClC,CAAC,CAAC,YAAY,CAAC;QAEjB,4DAA4D;QAC5D,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;QAExC,mCAAmC;QACnC,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC;QAE7D,kCAAkC;QAClC,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,8FAA8F,CAAC,CAAC;QAClH,CAAC;QAED,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CACb,iHAAiH,CAClH,CAAC;QACJ,CAAC;QAED,wBAAwB;QACxB,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAEpC,MAAM,CAAC,oBAAoB,QAAQ,CAAC,IAAI,SAAS,YAAY,EAAE,EAAE,MAAM,CAAC,CAAC;QAEzE,OAAO;YACL,OAAO,EAAE,IAAI;YACb,QAAQ;YACR,IAAI,EAAE,YAAY;SACnB,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,KAAK,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC/D,MAAM,CAAC,gCAAgC,YAAY,KAAK,KAAK,EAAE,EAAE,OAAO,CAAC,CAAC;QAE1E,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;YACzB,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK;YACL,IAAI,EAAE,YAAY;SACnB,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,aAAuB,EACvB,UAAyB,EAAE;IAE3B,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACjD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACvB,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,aAAmC,EACnC,UAAyB,EAAE;IAM3B,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;IAC9C,CAAC;IAED,MAAM,EAAE,MAAM,GAAG,aAAa,EAAE,GAAG,OAAO,CAAC;IAC3C,MAAM,CAAC,WAAW,aAAa,CAAC,MAAM,wBAAwB,EAAE,MAAM,CAAC,CAAC;IAExE,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IAE5D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAE/C,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,CAAC,uBAAuB,MAAM,CAAC,MAAM,iBAAiB,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IACtH,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,CAAC,kBAAkB,MAAM,CAAC,MAAM,cAAc,EAAE,MAAM,CAAC,CAAC;IAChE,CAAC;IAED,OAAO;QACL,MAAM;QACN,MAAM;QACN,KAAK,EAAE,aAAa,CAAC,MAAM;KAC5B,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,MAAM,gBAAgB,CAAC,yBAAyB,EAAE,CAAC;AACrD,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,MAAM,gBAAgB,CAAC,sBAAsB,EAAE,CAAC;AAClD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,IAAY;IACzC,OAAO,gBAAgB,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;AAC3C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB;IACjC,OAAO,gBAAgB,CAAC,UAAU,EAAE,CAAC;AACvC,CAAC"}

package/dist/analyzers/prompt-injection.d.ts CHANGED Viewed

@@ -57,6 +57,7 @@ export declare class PromptInjectionAnalyzer implements ContentAnalyzer {
     private checkBase64Encoding;
     /**
      * Check for Unicode obfuscation techniques.
+     * Distinguishes between legitimate multilingual content and obfuscation attacks.
      */
     private checkUnicodeObfuscation;
     /**

package/dist/analyzers/prompt-injection.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"prompt-injection.d.ts","sourceRoot":"","sources":["../../src/analyzers/prompt-injection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAEnF;;;;;;;;;GASG;AACH,qBAAa,uBAAwB,YAAW,eAAe;IAC7D,QAAQ,CAAC,IAAI,sBAAsB;IAEnC;;OAEG;IACH,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,eAAe,GAAG,cAAc;IA6GpE;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IAYxB;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IA6DhC;;OAEG;IACH,OAAO,CAAC,6BAA6B;IA4DrC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA2D1B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAgD3B~~;;OAEG~~;IACH,OAAO,CAAC,uBAAuB;~~IAuF~~/B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAuF9B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA4D/B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAmE9B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAoC7B;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAmBjC;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAYzB;;OAEG;IACH,OAAO,CAAC,YAAY;IAKpB;;OAEG;IACH,OAAO,CAAC,aAAa;CAetB"}
1	+ {"version":3,"file":"prompt-injection.d.ts","sourceRoot":"","sources":["../../src/analyzers/prompt-injection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAEnF;;;;;;;;;GASG;AACH,qBAAa,uBAAwB,YAAW,eAAe;IAC7D,QAAQ,CAAC,IAAI,sBAAsB;IAEnC;;OAEG;IACH,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,eAAe,GAAG,cAAc;IA6GpE;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IAYxB;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IA6DhC;;OAEG;IACH,OAAO,CAAC,6BAA6B;IA4DrC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA2D1B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAgD3B;;;OAGG;IACH,OAAO,CAAC,uBAAuB;IAsI/B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAuF9B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA4D/B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAmE9B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAoC7B;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAmBjC;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAYzB;;OAEG;IACH,OAAO,CAAC,YAAY;IAKpB;;OAEG;IACH,OAAO,CAAC,aAAa;CAetB"}

package/dist/analyzers/prompt-injection.js CHANGED Viewed

@@ -356,10 +356,13 @@ export class PromptInjectionAnalyzer {
     }
     /**
      * Check for Unicode obfuscation techniques.
+     * Distinguishes between legitimate multilingual content and obfuscation attacks.
      */
     checkUnicodeObfuscation(content) {
         const triggers = [];
         // Check for homoglyph attacks (lookalike characters)
+        // Only flag as suspicious if homoglyphs are MIXED with ASCII in a way
+        // that suggests obfuscation rather than legitimate multilingual content
         const homoglyphs = {
             // Cyrillic lookalikes
             '\u0430': 'a', '\u0435': 'e', '\u043E': 'o', '\u0440': 'p',
@@ -384,13 +387,56 @@ export class PromptInjectionAnalyzer {
             '\u{1D622}': 'a', '\u{1D623}': 'b', '\u{1D624}': 'c', // monospace
         };
         let homoglyphCount = 0;
+        let asciiLetterCount = 0;
+        let cyrillicCount = 0;
+        let greekCount = 0;
         for (const char of content) {
+            const code = char.charCodeAt(0);
             if (homoglyphs[char]) {
                 homoglyphCount++;
+                // Track specific scripts to detect legitimate multilingual vs obfuscation
+                if (code >= 0x0400 && code <= 0x04FF)
+                    cyrillicCount++;
+                if (code >= 0x0370 && code <= 0x03FF)
+                    greekCount++;
+            }
+            // Count ASCII letters
+            if ((code >= 65 && code <= 90) || (code >= 97 && code <= 122)) {
+                asciiLetterCount++;
             }
         }
-        if (homoglyphCount > 3) {
-            triggers.push('homoglyph obfuscation');
+        // Only flag as homoglyph obfuscation if:
+        // 1. There are homoglyphs present, AND
+        // 2. They are MIXED with ASCII in a suspicious way (not purely one script)
+        // This prevents false positives on legitimate Cyrillic/Greek text
+        const totalLetters = homoglyphCount + asciiLetterCount;
+        if (homoglyphCount > 0 && asciiLetterCount > 0 && totalLetters > 10) {
+            // Calculate mixing ratio - legitimate multilingual content tends to have
+            // clear separation between scripts, while obfuscation mixes them
+            const homoglyphRatio = homoglyphCount / totalLetters;
+            // Suspicious if homoglyphs are sprinkled in (5-50% of letters)
+            // Pure Cyrillic/Greek text would have near 100%, pure ASCII would have 0%
+            if (homoglyphRatio > 0.05 && homoglyphRatio < 0.5) {
+                // Further check: if it looks like English words with substituted letters
+                // this is obfuscation, not legitimate multilingual content
+                // Normalize homoglyphs to ASCII to detect obfuscated keywords
+                let normalizedContent = content.toLowerCase();
+                for (const [homoglyph, ascii] of Object.entries(homoglyphs)) {
+                    normalizedContent = normalizedContent.replaceAll(homoglyph, ascii);
+                }
+                const hasInjectionKeywords = this.containsInjectionKeywords(normalizedContent);
+                if (hasInjectionKeywords) {
+                    triggers.push('homoglyph obfuscation');
+                }
+            }
+            else if (homoglyphRatio >= 0.5 && (cyrillicCount > 10 || greekCount > 10)) {
+                // Appears to be legitimate Cyrillic or Greek text - don't flag
+                // (high ratio of non-ASCII with consistent script)
+            }
+            else if (homoglyphCount > 10 && homoglyphRatio > 0.05) {
+                // Many homoglyphs mixed with ASCII - likely obfuscation
+                triggers.push('homoglyph obfuscation');
+            }
         }
         // Check for invisible characters
         const invisibleChars = [