@empline/preflight 1.0.20

package/dist/checks/security/security-sla-enforcement.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-sla-enforcement.js","sourceRoot":"","sources":["../../../src/checks/security/security-sla-enforcement.ts"],"names":[],"mappings":";;AACA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,iDAAyC;AACzC,uCAAyB;AACzB,6DAAiE;AAGjE,iBAAiB;AACJ,QAAA,EAAE,GAAG,mCAAmC,CAAC;AACzC,QAAA,IAAI,GAAG,0BAA0B,CAAC;AAClC,QAAA,QAAQ,GAAG,UAAU,CAAC;AACtB,QAAA,QAAQ,GAAG,IAAI,CAAC;AAChB,QAAA,WAAW,GAAG,+CAA+C,CAAC;AAC9D,QAAA,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;AA0BjC,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACrD,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;AAEnD,0BAA0B;AAC1B,MAAM,WAAW,GAAc;IAC7B,QAAQ,EAAE,EAAE,EAAE,QAAQ;IACtB,IAAI,EAAE,GAAG,EAAE,SAAS;IACpB,QAAQ,EAAE,GAAG,EAAE,UAAU;IACzB,GAAG,EAAE,IAAI,EAAE,UAAU;CACtB,CAAC;AAEF,yBAAyB;AACzB,MAAM,UAAU,GAAc;IAC5B,QAAQ,EAAE,CAAC,EAAE,UAAU;IACvB,IAAI,EAAE,EAAE,EAAE,SAAS;IACnB,QAAQ,EAAE,GAAG,EAAE,SAAS;IACxB,GAAG,EAAE,GAAG,EAAE,UAAU;CACrB,CAAC;AAEF,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC;AAChD,MAAM,YAAY,GAAG,sCAAsC,CAAC;AAE5D,SAAS,WAAW;IAClB,MAAM,OAAO,GAAG,IAAI,GAAG,EAA+B,CAAC;IAEvD,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;YAChE,KAAK,MAAM,MAAM,IAAI,IAAI,EAAE,CAAC;gBAC1B,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,OAAO,+CAA+C,CAAC,CAAC;QAC/E,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,WAAW,CAAC,OAAyC;IAC5D,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1C,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAChE,CAAC;AAED,SAAS,cAAc,CAAC,KAAa;IACnC,IAAI,KAAK,GAAG,EAAE;QAAE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC;IAC/C,IAAI,KAAK,GAAG,GAAG;QAAE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,EAAE,CAAC,GAAG,CAAC;IACrD,IAAI,KAAK,GAAG,GAAG;QAAE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC;IACtD,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC;AACxC,CAAC;AAED,SAAS,eAAe,CAAC,SAAiB;IACxC,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;AACtE,CAAC;AAUD,KAAK,UAAU,yBAAyB;IACtC,MAAM,eAAe,GAAyB,EAAE,CAAC;IAEjD,IAAI,CAAC;QACH,kCAAkC;QAClC,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,wBAAwB,EAAE;YAChD,QAAQ,EAAE,OAAO;YACjB,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;YAC3B,KAAK,EAAE,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW;SAC/D,CAAC,CAAC;QAEH,eAAe;QACf,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACjD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAChC,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;oBACtB,KAAK,MAAM,CAAC,EAAE,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;wBAC/D,MAAM,GAAG,GAAG,QAAe,CAAC;wBAC5B,eAAe,CAAC,IAAI,CAAC;4BACnB,EAAE,EAAE,EAAE;4BACN,IAAI,EAAE,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,IAAI,IAAI,EAAE;4BACvC,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,KAAK;4BAC/B,GAAG,EAAE,GAAG,CAAC,GAAG,IAAI,EAAE;yBACnB,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,sBAAsB;YACxB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,uDAAuD;QACvD,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC;QAClC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAEjD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAChC,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;oBACtB,KAAK,MAAM,CAAC,EAAE,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;wBAC/D,MAAM,GAAG,GAAG,QAAe,CAAC;wBAC5B,eAAe,CAAC,IAAI,CAAC;4BACnB,EAAE,EAAE,EAAE;4BACN,IAAI,EAAE,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,IAAI,IAAI,EAAE;4BACvC,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,KAAK;4BAC/B,GAAG,EAAE,GAAG,CAAC,GAAG,IAAI,EAAE;yBACnB,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,sBAAsB;YACxB,CAAC;QACH,CAAC;QAED,8BAA8B;QAC9B,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjC,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,IAAA,wBAAQ,EAAC,iBAAiB,EAAE;oBAC7C,QAAQ,EAAE,OAAO;oBACjB,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;oBAC3B,KAAK,EAAE,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW;iBAC/D,CAAC,CAAC;gBAEH,uCAAuC;gBACvC,MAAM,aAAa,GAAG,UAAU,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;gBAC5D,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;gBACpD,MAAM,aAAa,GAAG,UAAU,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;gBAC5D,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;gBAElD,kDAAkD;gBAClD,MAAM,MAAM,GAAG;oBACb,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBACxD,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBAC5C,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBACxD,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;iBAC1C,CAAC;gBAEF,KAAK,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;oBACvD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;wBAC/B,eAAe,CAAC,IAAI,CAAC;4BACnB,EAAE,EAAE,GAAG,QAAQ,IAAI,CAAC,EAAE;4BACtB,IAAI,EAAE,WAAW,QAAQ,gBAAgB;4BACzC,QAAQ,EAAE,QAAoD;4BAC9D,GAAG,EAAE,EAAE;yBACR,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,4CAA4C;YAC9C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,qCAAqC,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,OAAO,CAAC,CAAC;IAC9D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACjC,OAAO,CAAC,GAAG,CAAC,gBAAgB,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,gBAAgB,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,gBAAgB,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,gBAAgB,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAEzD,eAAe;IACf,MAAM,OAAO,GAAG,WAAW,EAAE,CAAC;IAC9B,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,IAAI,WAAW,OAAO,CAAC,IAAI,qCAAqC,CAAC,CAAC;IAEvF,8BAA8B;IAC9B,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,MAAM,8BAA8B,CAAC,CAAC;IAC3D,MAAM,YAAY,GAAG,MAAM,yBAAyB,EAAE,CAAC;IAEvD,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,OAAO,8BAA8B,CAAC,CAAC;QAE5D,qCAAqC;QACrC,KAAK,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACnC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,MAAM,CAAC,OAAO,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YAC5C,CAAC;QACH,CAAC;QACD,WAAW,CAAC,OAAO,CAAC,CAAC;QAErB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;QAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,mCAAmC;IACnC,MAAM,UAAU,GAAmB,EAAE,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAErC,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,kCAAkC;QAClC,IAAI,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAElC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,qCAAqC;YACrC,MAAM,GAAG;gBACP,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,SAAS,EAAE,GAAG;aACf,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QAC/B,CAAC;QAED,uBAAuB;QACvB,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACtC,MAAM,YAAY,GAAG,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACvD,MAAM,OAAO,GAAG,YAAY,GAAG,QAAQ,CAAC;QACxC,MAAM,YAAY,GAAG,OAAO,CAAC,CAAC,CAAC,YAAY,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAE3D,UAAU,CAAC,IAAI,CAAC;YACd,aAAa,EAAE,MAAM;YACrB,QAAQ;YACR,YAAY;YACZ,OAAO;YACP,YAAY;SACb,CAAC,CAAC;IACL,CAAC;IAED,uBAAuB;IACvB,WAAW,CAAC,OAAO,CAAC,CAAC;IAErB,oBAAoB;IACpB,MAAM,UAAU,GAAG,IAAI,GAAG,EAA0B,CAAC;IACrD,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC;QAC1C,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAChD,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjB,UAAU,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACrC,CAAC;IAED,iBAAiB;IACjB,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IAExC,MAAM,iBAAiB,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC9D,MAAM,eAAe,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;IACjG,MAAM,WAAW,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IAEzF,kCAAkC;IAClC,KAAK,MAAM,QAAQ,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,KAAK,CAAC,EAAE,CAAC;QAC/D,MAAM,aAAa,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACrD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,OAAO,IAAI,QAAQ,CAAC,WAAW,EAAE,qBAAqB,CAAC,CAAC;YAC7E,SAAS;QACX,CAAC;QAED,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QACvD,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,qBAAK,CAAC,KAAK,CAAC,CAAC,CAAC,qBAAK,CAAC,OAAO,CAAC;QAE9D,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,IAAI,QAAQ,CAAC,WAAW,EAAE,KAAK,aAAa,CAAC,MAAM,kBAAkB,CAAC,CAAC;QAE1F,IAAI,SAAS,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,KAAK,MAAM,CAAC,IAAI,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC7E,MAAM,MAAM,GAAG,CAAC,CAAC,OAAO;oBACtB,CAAC,CAAC,cAAc,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,EAAE;oBAChD,CAAC,CAAC,GAAG,cAAc,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,YAAY,CAAC,YAAY,CAAC;gBAC/D,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,aAAa,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC,CAAC;YACzD,CAAC;YAED,IAAI,CAAC,SAAS,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3C,OAAO,CAAC,GAAG,CAAC,cAAc,aAAa,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,KAAK,uBAAuB,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,CAAC,6BAA6B,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9D,OAAO,CAAC,GAAG,CAAC,kBAAkB,UAAU,CAAC,MAAM,GAAG,iBAAiB,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,MAAM,qBAAK,CAAC,KAAK,aAAa,iBAAiB,CAAC,MAAM,EAAE,CAAC,CAAC;IAEtE,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QACzC,KAAK,MAAM,QAAQ,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,KAAK,CAAC,EAAE,CAAC;YAC/D,MAAM,KAAK,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;YAC5F,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBACd,OAAO,CAAC,GAAG,CAAC,QAAQ,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IAExC,sDAAsD;IACtD,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,4BAA4B,CAAC,CAAC;QAC1D,OAAO,CAAC,GAAG,CACT,MAAM,eAAe,CAAC,MAAM,iBAAiB,WAAW,CAAC,MAAM,mCAAmC,CACnG,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;QACnE,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAC;QACvE,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;QACnE,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;QAChE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,MAAM,iBAAiB,CAAC,MAAM,2CAA2C,CAAC,CAAC;QACvF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;IACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,GAAG,qBAAK,CAAC,KAAK,eAAe,EAAE,GAAG,CAAC,CAAC;IAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/checks/security/sensitive-data-exposure.d.ts

@@ -0,0 +1,36 @@
+#!/usr/bin/env tsx
+/**
+ * Sensitive Data Exposure Prevention Preflight (BLOCKING)
+ *
+ * Comprehensive detection of patterns that could expose sensitive data:
+ * - Passwords/secrets in API responses
+ * - Full credit card numbers in logs
+ * - PII in error messages (SSN, phone, email, address, DoB)
+ * - Sensitive fields not excluded from serialization
+ * - Hardcoded PII patterns in code
+ * - Unmasked sensitive data in logs
+ *
+ * PII Detection Categories (GDPR/CCPA compliant):
+ * - Social Security Numbers (SSN)
+ * - Phone numbers (US, international)
+ * - Email addresses in hardcoded strings
+ * - Physical addresses
+ * - Date of Birth patterns
+ * - Credit card numbers (PCI-DSS)
+ * - Bank account/routing numbers
+ * - Driver's license numbers
+ * - Passport numbers
+ * - IP addresses (when associated with users)
+ *
+ * Usage:
+ *   pnpm preflight:sensitive-data
+ *   pnpm preflight:sensitive-data --verbose
+ *   pnpm preflight:sensitive-data --pii-only
+ */
+export declare const id = "security/sensitive-data-exposure";
+export declare const name = "Sensitive Data Exposure";
+export declare const category = "security";
+export declare const blocking = true;
+export declare const description = "Sensitive Data Exposure Prevention Preflight (BLOCKING)";
+export declare const tags: string[];
+//# sourceMappingURL=sensitive-data-exposure.d.ts.map

package/dist/checks/security/sensitive-data-exposure.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sensitive-data-exposure.d.ts","sourceRoot":"","sources":["../../../src/checks/security/sensitive-data-exposure.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AASH,eAAO,MAAM,EAAE,qCAAqC,CAAC;AACrD,eAAO,MAAM,IAAI,4BAA4B,CAAC;AAC9C,eAAO,MAAM,QAAQ,aAAa,CAAC;AACnC,eAAO,MAAM,QAAQ,OAAO,CAAC;AAC7B,eAAO,MAAM,WAAW,4DAA4D,CAAC;AACrF,eAAO,MAAM,IAAI,UAAe,CAAC"}

package/dist/checks/security/sensitive-data-exposure.js

@@ -0,0 +1,540 @@
+#!/usr/bin/env tsx
+"use strict";
+/**
+ * Sensitive Data Exposure Prevention Preflight (BLOCKING)
+ *
+ * Comprehensive detection of patterns that could expose sensitive data:
+ * - Passwords/secrets in API responses
+ * - Full credit card numbers in logs
+ * - PII in error messages (SSN, phone, email, address, DoB)
+ * - Sensitive fields not excluded from serialization
+ * - Hardcoded PII patterns in code
+ * - Unmasked sensitive data in logs
+ *
+ * PII Detection Categories (GDPR/CCPA compliant):
+ * - Social Security Numbers (SSN)
+ * - Phone numbers (US, international)
+ * - Email addresses in hardcoded strings
+ * - Physical addresses
+ * - Date of Birth patterns
+ * - Credit card numbers (PCI-DSS)
+ * - Bank account/routing numbers
+ * - Driver's license numbers
+ * - Passport numbers
+ * - IP addresses (when associated with users)
+ *
+ * Usage:
+ *   pnpm preflight:sensitive-data
+ *   pnpm preflight:sensitive-data --verbose
+ *   pnpm preflight:sensitive-data --pii-only
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.tags = exports.description = exports.blocking = exports.category = exports.name = exports.id = void 0;
+const fs = __importStar(require("fs"));
+const console_chars_1 = require("../../utils/console-chars");
+const file_cache_1 = require("../../shared/file-cache");
+const glob_patterns_1 = require("../../shared/glob-patterns");
+// Check metadata
+exports.id = "security/sensitive-data-exposure";
+exports.name = "Sensitive Data Exposure";
+exports.category = "security";
+exports.blocking = true;
+exports.description = "Sensitive Data Exposure Prevention Preflight (BLOCKING)";
+exports.tags = ["security"];
+const issues = [];
+const piiOnlyMode = process.argv.includes("--pii-only");
+// Sensitive field names that should never be in responses
+const SENSITIVE_FIELDS = [
+    "password",
+    "passwordHash",
+    "hashedPassword",
+    "secret",
+    "apiKey",
+    "apiSecret",
+    "accessToken",
+    "refreshToken",
+    "privateKey",
+    "creditCard",
+    "cardNumber",
+    "cvv",
+    "ssn",
+    "socialSecurity",
+    "taxId",
+    "bankAccount",
+    "routingNumber",
+    "dateOfBirth",
+    "dob",
+    "birthDate",
+    "driversLicense",
+    "passportNumber",
+    "nationalId",
+    "phoneNumber",
+    "mobileNumber",
+    "homeAddress",
+    "billingAddress",
+    "ipAddress",
+];
+// PII DETECTION PATTERNS (GDPR/CCPA/PCI-DSS Compliant)
+const PII_PATTERNS = [
+    // SSN - US Social Security Number
+    {
+        regex: /\b\d{3}[-\s]?\d{2}[-\s]?\d{4}\b/g,
+        name: "SSN",
+        message: "Potential SSN detected - must be masked or removed",
+        severity: "error",
+        category: "government-id",
+        // Exclude obvious non-SSN patterns (phone area codes, etc)
+        validate: (match) => {
+            const cleaned = match.replace(/[-\s]/g, "");
+            // SSN rules: can't start with 000, 666, or 9xx
+            const first3 = parseInt(cleaned.slice(0, 3));
+            if (first3 === 0 || first3 === 666 || first3 >= 900)
+                return false;
+            // Exclude sequential numbers like 123456789 (common passwords)
+            if (/^123456789$/.test(cleaned))
+                return false;
+            // Exclude repeated digits like 111111111
+            if (/^(\d)\1{8}$/.test(cleaned))
+                return false;
+            // Must have typical SSN format with dashes/spaces to be considered real
+            // Plain 9 digits without separators are usually not SSNs
+            if (!/[-\s]/.test(match))
+                return false;
+            return true;
+        },
+    },
+    // Credit Card Numbers (PCI-DSS)
+    {
+        regex: /\b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|6(?:011|5[0-9]{2})[0-9]{12})\b/g,
+        name: "Credit Card",
+        message: "Credit card number detected - PCI-DSS violation",
+        severity: "error",
+        category: "financial",
+        validate: (match) => luhnCheck(match),
+    },
+    // Credit Card with spaces/dashes
+    {
+        regex: /\b(?:\d{4}[-\s]){3}\d{4}\b/g,
+        name: "Credit Card (formatted)",
+        message: "Formatted credit card number detected - PCI-DSS violation",
+        severity: "error",
+        category: "financial",
+        validate: (match) => luhnCheck(match.replace(/[-\s]/g, "")),
+    },
+    // US Phone Numbers
+    {
+        regex: /\b(?:\+?1[-.\s]?)?(?:\(?[2-9]\d{2}\)?[-.\s]?)?[2-9]\d{2}[-.\s]?\d{4}\b/g,
+        name: "Phone Number",
+        message: "Phone number detected - should be masked in logs",
+        severity: "warning",
+        category: "contact",
+        // Exclude common false positives
+        validate: (match) => {
+            const cleaned = match.replace(/[-.\s()]/g, "");
+            return cleaned.length >= 10 && cleaned.length <= 11;
+        },
+    },
+    // Email in hardcoded strings (not variable names)
+    {
+        regex: /['"`][^'"`]*[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}[^'"`]*['"`]/g,
+        name: "Email in String",
+        message: "Hardcoded email address - use environment variable or config",
+        severity: "warning",
+        category: "contact",
+        // Exclude common test/example emails
+        validate: (match) => {
+            const lower = match.toLowerCase();
+            return (!lower.includes("example.com") &&
+                !lower.includes("test@") &&
+                !lower.includes("@test.") &&
+                !lower.includes("placeholder"));
+        },
+    },
+    // Date of Birth patterns
+    {
+        regex: /\b(?:0[1-9]|1[0-2])[-/](?:0[1-9]|[12]\d|3[01])[-/](?:19|20)\d{2}\b/g,
+        name: "Date of Birth",
+        message: "Potential date of birth - PII that should be protected",
+        severity: "warning",
+        category: "personal",
+    },
+    // Bank Account Numbers (8-17 digits)
+    {
+        regex: /\b(?:account|acct)[-_\s]*(?:number|num|#)?[-_\s:]*['"]?\d{8,17}['"]?\b/gi,
+        name: "Bank Account",
+        message: "Potential bank account number - financial PII",
+        severity: "error",
+        category: "financial",
+    },
+    // Routing Numbers (9 digits, starts with 0-3)
+    {
+        regex: /\b(?:routing|aba)[-_\s]*(?:number|num|#)?[-_\s:]*['"]?[0-3]\d{8}['"]?\b/gi,
+        name: "Routing Number",
+        message: "Potential bank routing number - financial PII",
+        severity: "error",
+        category: "financial",
+    },
+    // Driver's License (varies by state, catch common patterns)
+    {
+        regex: /\b(?:license|dl)[-_\s]*(?:number|num|#)?[-_\s:]*['"]?[A-Z]\d{7,8}['"]?\b/gi,
+        name: "Driver's License",
+        message: "Potential driver's license number - government ID PII",
+        severity: "error",
+        category: "government-id",
+    },
+    // Passport Number
+    {
+        regex: /\b(?:passport)[-_\s]*(?:number|num|#)?[-_\s:]*['"]?[A-Z0-9]{6,9}['"]?\b/gi,
+        name: "Passport",
+        message: "Potential passport number - government ID PII",
+        severity: "error",
+        category: "government-id",
+    },
+    // IP Address logging with user context
+    {
+        regex: /(?:user|customer|client)[-_\s]*ip[-_\s:]*['"]?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}['"]?/gi,
+        name: "User IP Address",
+        message: "User IP address logged - PII under GDPR",
+        severity: "warning",
+        category: "technical",
+    },
+    // Street Address patterns
+    {
+        regex: /\b\d{1,5}\s+(?:[A-Z][a-z]+\s+){1,3}(?:Street|St|Avenue|Ave|Road|Rd|Boulevard|Blvd|Drive|Dr|Lane|Ln|Way|Court|Ct|Circle|Cir)\b/gi,
+        name: "Street Address",
+        message: "Physical address detected - location PII",
+        severity: "warning",
+        category: "location",
+    },
+];
+// Luhn algorithm for credit card validation
+function luhnCheck(cardNumber) {
+    const digits = cardNumber.replace(/\D/g, "");
+    if (digits.length < 13 || digits.length > 19)
+        return false;
+    let sum = 0;
+    let isEven = false;
+    for (let i = digits.length - 1; i >= 0; i--) {
+        let digit = parseInt(digits[i], 10);
+        if (isEven) {
+            digit *= 2;
+            if (digit > 9)
+                digit -= 9;
+        }
+        sum += digit;
+        isEven = !isEven;
+    }
+    return sum % 10 === 0;
+}
+// Patterns that indicate potential data exposure
+const DANGEROUS_PATTERNS = [
+    {
+        // Returning user object without selecting fields (includes password)
+        regex: /return\s+(?:await\s+)?prisma\.(?:authUser|user)\.(?:findUnique|findFirst|findMany)\s*\(\s*\{[^}]*\}\s*\)(?!\s*\.)/g,
+        message: "User query without select - may expose password hash. Use select: { ... } to exclude sensitive fields",
+        severity: "warning",
+        checkContext: true,
+    },
+    {
+        // JSON.stringify on user/auth objects
+        regex: /JSON\.stringify\s*\(\s*(?:user|session|auth|credentials)/gi,
+        message: "Serializing auth object - ensure sensitive fields are excluded",
+        severity: "warning",
+    },
+    {
+        // Logging actual sensitive variables (not just mentioning the word)
+        // Match: logger.error(password), logger.warn(apiKey), console.log(secret)
+        // Don't match: logger.error('Password reset error')
+        regex: /(?:console|logger)\.\w+\s*\(\s*(?:password|secret|apiKey|apiSecret|accessToken|refreshToken|privateKey|creditCard|cvv|ssn)\s*[,)]/gi,
+        message: "Logging sensitive variable directly",
+        severity: "error",
+    },
+    {
+        // NextResponse.json with spread user
+        regex: /NextResponse\.json\s*\(\s*\{\s*\.\.\.(?:user|session)/gi,
+        message: "Spreading user/session in response - may expose sensitive fields",
+        severity: "error",
+    },
+    {
+        // Returning full user in API response (only if not using select earlier)
+        regex: /return\s+NextResponse\.json\s*\(\s*(?:user|session)\s*[,)]/gi,
+        message: "Returning full user/session object - use DTO pattern to exclude sensitive fields",
+        severity: "warning",
+        checkContext: true, // Will check for select: clause nearby
+    },
+];
+// Files to skip
+const SKIP_PATTERNS = (0, glob_patterns_1.extendExcludes)(glob_patterns_1.STANDARD_EXCLUDES, [
+    "node_modules",
+    ".next",
+    "dist",
+    ".git",
+    "*.test.ts",
+    "*.spec.ts",
+    "__mocks__",
+    "tests/",
+    "scripts/",
+    "prisma/seed.ts",
+    // Config files with legitimate emails/addresses
+    "lib/site-config.ts",
+    "lib/template-variables.ts",
+    "lib/email-utils.ts",
+    "lib/email-template-components.ts",
+    "lib/sendgrid-service.ts",
+    "lib/simple-auth.ts",
+    "lib/learning-system.ts",
+    "lib/auth.ts",
+    // Admin dashboards with example/mock data
+    "components/admin/",
+    // Public pages with contact info
+    "app/contact/",
+    "app/terms-conditions/",
+    "app/privacy-policy/",
+    // Admin/template pages with examples
+    "app/admin/templates/",
+    "app/api/admin/settings/",
+    // Store pages with legitimate data
+    "app/store/payouts/",
+    "app/register/store/",
+    // Integration handlers with notification emails
+    "app/api/integrations/ebay/",
+    "app/api/admin/integrations/",
+    // Phone validation endpoint (uses example format)
+    "app/api/account/phone/",
+]);
+function shouldSkip(filePath) {
+    const normalized = filePath.replace(/\\/g, "/");
+    return SKIP_PATTERNS.some((pattern) => {
+        if (pattern.startsWith("*")) {
+            return normalized.endsWith(pattern.slice(1));
+        }
+        return normalized.includes(pattern);
+    });
+}
+// CACHED FILE LISTS - Scan once, use everywhere
+let _cachedAllTsTsxFiles = null;
+async function getAllTsTsxFiles() {
+    if (!_cachedAllTsTsxFiles) {
+        _cachedAllTsTsxFiles = await file_cache_1.fileCache.getAllTsTsx();
+    }
+    return _cachedAllTsTsxFiles;
+}
+async function scanFile(filePath) {
+    if (shouldSkip(filePath))
+        return;
+    const content = fs.readFileSync(filePath, "utf-8");
+    const lines = content.split("\n");
+    // Check for dangerous patterns
+    for (const pattern of DANGEROUS_PATTERNS) {
+        let match;
+        const regex = new RegExp(pattern.regex.source, pattern.regex.flags);
+        while ((match = regex.exec(content)) !== null) {
+            const beforeMatch = content.slice(0, match.index);
+            const lineNumber = beforeMatch.split("\n").length;
+            const line = lines[lineNumber - 1] || "";
+            if (line.trim().startsWith("//") || line.trim().startsWith("*")) {
+                continue;
+            }
+            // For user queries, check if select is used nearby (within 500 chars)
+            if (pattern.checkContext) {
+                const context = content.slice(Math.max(0, match.index - 500), match.index + match[0].length + 100);
+                if (context.includes("select:") || context.includes("select :")) {
+                    continue; // Has select clause, likely safe
+                }
+            }
+            issues.push({
+                file: filePath,
+                line: lineNumber,
+                pattern: match[0].slice(0, 80) + (match[0].length > 80 ? "..." : ""),
+                severity: pattern.severity,
+                message: pattern.message,
+            });
+        }
+    }
+    // Check for API routes returning sensitive fields
+    if (filePath.includes("/api/") && filePath.endsWith("route.ts")) {
+        for (const field of SENSITIVE_FIELDS) {
+            const fieldRegex = new RegExp(`['"\`]${field}['"\`]\\s*:`, "gi");
+            let match;
+            while ((match = fieldRegex.exec(content)) !== null) {
+                const beforeMatch = content.slice(0, match.index);
+                const lineNumber = beforeMatch.split("\n").length;
+                // Check if it's in a select: false context (which is safe)
+                const context = content.slice(match.index, match.index + 50);
+                if (context.includes(": false") || context.includes(":false")) {
+                    continue;
+                }
+                issues.push({
+                    file: filePath,
+                    line: lineNumber,
+                    pattern: `${field}: ...`,
+                    severity: "warning",
+                    message: `Sensitive field "${field}" in API route - ensure it's excluded from response`,
+                });
+            }
+        }
+    }
+}
+// PII SCANNING - Comprehensive detection of hardcoded PII
+async function scanFileForPII(filePath) {
+    if (shouldSkip(filePath))
+        return;
+    // Skip test data files that might have fake PII for testing
+    const normalized = filePath.replace(/\\/g, "/");
+    if (normalized.includes("fixtures/") ||
+        normalized.includes("testdata/") ||
+        normalized.includes("mock") ||
+        normalized.includes("seed")) {
+        return;
+    }
+    const content = fs.readFileSync(filePath, "utf-8");
+    const lines = content.split("\n");
+    for (const piiPattern of PII_PATTERNS) {
+        const regex = new RegExp(piiPattern.regex.source, piiPattern.regex.flags);
+        let match;
+        while ((match = regex.exec(content)) !== null) {
+            const beforeMatch = content.slice(0, match.index);
+            const lineNumber = beforeMatch.split("\n").length;
+            const line = lines[lineNumber - 1] || "";
+            // Skip comments
+            if (line.trim().startsWith("//") || line.trim().startsWith("*")) {
+                continue;
+            }
+            // Skip if marked as safe
+            if (line.includes("@pii-ok") ||
+                line.includes("pii-safe") ||
+                line.includes("test-data") ||
+                line.includes("fake-data")) {
+                continue;
+            }
+            // Apply validation if defined
+            if (piiPattern.validate && !piiPattern.validate(match[0])) {
+                continue;
+            }
+            // Mask the detected value for security
+            const maskedValue = match[0].slice(0, 4) + "****" + match[0].slice(-2);
+            issues.push({
+                file: filePath,
+                line: lineNumber,
+                pattern: maskedValue,
+                severity: piiPattern.severity,
+                message: `[${piiPattern.name}] ${piiPattern.message}`,
+                category: piiPattern.category,
+            });
+        }
+    }
+}
+async function main() {
+    const verbose = process.argv.includes("--verbose") || process.argv.includes("-v");
+    console.log("🔐 Sensitive Data Exposure Prevention Preflight");
+    console.log((0, console_chars_1.createDivider)(60, "heavy"));
+    console.log(`Mode: ${piiOnlyMode ? "PII Detection Only" : "Full Scan (API + PII)"}`);
+    console.log(`PII Patterns: ${PII_PATTERNS.length} categories\n`);
+    const files = await getAllTsTsxFiles();
+    // Run standard exposure checks (unless --pii-only)
+    if (!piiOnlyMode) {
+        console.log(`${console_chars_1.emoji.search} Scanning for API exposure patterns...`);
+        for (const file of files) {
+            await scanFile(file);
+        }
+    }
+    // Run PII detection
+    console.log(`${console_chars_1.emoji.search} Scanning for PII patterns...`);
+    for (const file of files) {
+        await scanFileForPII(file);
+    }
+    const errors = issues.filter((i) => i.severity === "error");
+    const warnings = issues.filter((i) => i.severity === "warning");
+    // Group PII issues by category for reporting
+    const piiByCategory = new Map();
+    for (const issue of issues) {
+        if (issue.category) {
+            const existing = piiByCategory.get(issue.category) || [];
+            existing.push(issue);
+            piiByCategory.set(issue.category, existing);
+        }
+    }
+    if (verbose || issues.length > 0) {
+        if (errors.length > 0) {
+            console.log(`\n${console_chars_1.emoji.error} ERRORS (blocking):`);
+            errors.forEach((issue) => {
+                console.log(`   ${issue.file}:${issue.line}`);
+                console.log(`      ${issue.message}`);
+            });
+        }
+        if (warnings.length > 0) {
+            console.log(`\n${console_chars_1.emoji.warning}  WARNINGS:`);
+            warnings.slice(0, 20).forEach((issue) => {
+                console.log(`   ${issue.file}:${issue.line}`);
+                console.log(`      ${issue.message}`);
+            });
+            if (warnings.length > 20) {
+                console.log(`   ... and ${warnings.length - 20} more warnings`);
+            }
+        }
+        // Show PII breakdown by category
+        if (piiByCategory.size > 0 && verbose) {
+            console.log(`\n${console_chars_1.emoji.info} PII by Category:`);
+            for (const [category, categoryIssues] of piiByCategory) {
+                const categoryErrors = categoryIssues.filter((i) => i.severity === "error").length;
+                const categoryWarnings = categoryIssues.filter((i) => i.severity === "warning").length;
+                console.log(`   ${category}: ${categoryErrors} errors, ${categoryWarnings} warnings`);
+            }
+        }
+    }
+    console.log("\n" + (0, console_chars_1.createDivider)(60, "heavy"));
+    console.log(`Files scanned: ${files.length}`);
+    console.log(`Errors: ${errors.length}`);
+    console.log(`Warnings: ${warnings.length}`);
+    if (piiByCategory.size > 0) {
+        console.log(`PII Categories Detected: ${piiByCategory.size}`);
+    }
+    if (errors.length > 0) {
+        console.log(`\n${console_chars_1.emoji.error} Sensitive Data Exposure Prevention FAILED`);
+        console.log("\nBest practices:");
+        console.log("  1. Use select: { } to explicitly choose returned fields");
+        console.log("  2. Create DTOs that exclude sensitive fields");
+        console.log("  3. Never log passwords, tokens, or API keys");
+        console.log("  4. Use { password: false } in Prisma select");
+        console.log("  5. Mask PII data: SSN → XXX-XX-1234, Credit Card → ****-****-****-1234");
+        console.log("  6. Use environment variables for test PII data");
+        console.log("  7. Add // @pii-ok comment for intentionally exposed test data");
+        process.exit(1);
+    }
+    console.log(`\n${console_chars_1.emoji.success} Sensitive Data Exposure Prevention PASSED`);
+}
+main().catch(console.error);
+//# sourceMappingURL=sensitive-data-exposure.js.map

package/dist/checks/security/sensitive-data-exposure.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sensitive-data-exposure.js","sourceRoot":"","sources":["../../../src/checks/security/sensitive-data-exposure.ts"],"names":[],"mappings":";;AACA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,6DAAiE;AACjE,wDAAoD;AACpD,8DAA+E;AAG/E,iBAAiB;AACJ,QAAA,EAAE,GAAG,kCAAkC,CAAC;AACxC,QAAA,IAAI,GAAG,yBAAyB,CAAC;AACjC,QAAA,QAAQ,GAAG,UAAU,CAAC;AACtB,QAAA,QAAQ,GAAG,IAAI,CAAC;AAChB,QAAA,WAAW,GAAG,yDAAyD,CAAC;AACxE,QAAA,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;AAWjC,MAAM,MAAM,GAAY,EAAE,CAAC;AAC3B,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;AAExD,0DAA0D;AAC1D,MAAM,gBAAgB,GAAG;IACvB,UAAU;IACV,cAAc;IACd,gBAAgB;IAChB,QAAQ;IACR,QAAQ;IACR,WAAW;IACX,aAAa;IACb,cAAc;IACd,YAAY;IACZ,YAAY;IACZ,YAAY;IACZ,KAAK;IACL,KAAK;IACL,gBAAgB;IAChB,OAAO;IACP,aAAa;IACb,eAAe;IACf,aAAa;IACb,KAAK;IACL,WAAW;IACX,gBAAgB;IAChB,gBAAgB;IAChB,YAAY;IACZ,aAAa;IACb,cAAc;IACd,aAAa;IACb,gBAAgB;IAChB,WAAW;CACZ,CAAC;AAEF,uDAAuD;AAEvD,MAAM,YAAY,GAAG;IACnB,kCAAkC;IAClC;QACE,KAAK,EAAE,kCAAkC;QACzC,IAAI,EAAE,KAAK;QACX,OAAO,EAAE,oDAAoD;QAC7D,QAAQ,EAAE,OAAgB;QAC1B,QAAQ,EAAE,eAAe;QACzB,2DAA2D;QAC3D,QAAQ,EAAE,CAAC,KAAa,EAAE,EAAE;YAC1B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YAC5C,+CAA+C;YAC/C,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAC7C,IAAI,MAAM,KAAK,CAAC,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,IAAI,GAAG;gBAAE,OAAO,KAAK,CAAC;YAClE,+DAA+D;YAC/D,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC9C,yCAAyC;YACzC,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC9C,wEAAwE;YACxE,yDAAyD;YACzD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YACvC,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IACD,gCAAgC;IAChC;QACE,KAAK,EACH,6FAA6F;QAC/F,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,iDAAiD;QAC1D,QAAQ,EAAE,OAAgB;QAC1B,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC;KAC9C;IACD,iCAAiC;IACjC;QACE,KAAK,EAAE,6BAA6B;QACpC,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,2DAA2D;QACpE,QAAQ,EAAE,OAAgB;QAC1B,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;KACpE;IACD,mBAAmB;IACnB;QACE,KAAK,EAAE,yEAAyE;QAChF,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,kDAAkD;QAC3D,QAAQ,EAAE,SAAkB;QAC5B,QAAQ,EAAE,SAAS;QACnB,iCAAiC;QACjC,QAAQ,EAAE,CAAC,KAAa,EAAE,EAAE;YAC1B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YAC/C,OAAO,OAAO,CAAC,MAAM,IAAI,EAAE,IAAI,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;QACtD,CAAC;KACF;IACD,kDAAkD;IAClD;QACE,KAAK,EAAE,yEAAyE;QAChF,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,8DAA8D;QACvE,QAAQ,EAAE,SAAkB;QAC5B,QAAQ,EAAE,SAAS;QACnB,qCAAqC;QACrC,QAAQ,EAAE,CAAC,KAAa,EAAE,EAAE;YAC1B,MAAM,KAAK,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;YAClC,OAAO,CACL,CAAC,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC;gBAC9B,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;gBACxB,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBACzB,CAAC,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,CAC/B,CAAC;QACJ,CAAC;KACF;IACD,yBAAyB;IACzB;QACE,KAAK,EAAE,qEAAqE;QAC5E,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,wDAAwD;QACjE,QAAQ,EAAE,SAAkB;QAC5B,QAAQ,EAAE,UAAU;KACrB;IACD,qCAAqC;IACrC;QACE,KAAK,EAAE,0EAA0E;QACjF,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,+CAA+C;QACxD,QAAQ,EAAE,OAAgB;QAC1B,QAAQ,EAAE,WAAW;KACtB;IACD,8CAA8C;IAC9C;QACE,KAAK,EAAE,2EAA2E;QAClF,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,+CAA+C;QACxD,QAAQ,EAAE,OAAgB;QAC1B,QAAQ,EAAE,WAAW;KACtB;IACD,4DAA4D;IAC5D;QACE,KAAK,EAAE,4EAA4E;QACnF,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,OAAgB;QAC1B,QAAQ,EAAE,eAAe;KAC1B;IACD,kBAAkB;IAClB;QACE,KAAK,EAAE,2EAA2E;QAClF,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,+CAA+C;QACxD,QAAQ,EAAE,OAAgB;QAC1B,QAAQ,EAAE,eAAe;KAC1B;IACD,uCAAuC;IACvC;QACE,KAAK,EACH,yFAAyF;QAC3F,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,yCAAyC;QAClD,QAAQ,EAAE,SAAkB;QAC5B,QAAQ,EAAE,WAAW;KACtB;IACD,0BAA0B;IAC1B;QACE,KAAK,EACH,iIAAiI;QACnI,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,SAAkB;QAC5B,QAAQ,EAAE,UAAU;KACrB;CACF,CAAC;AAEF,4CAA4C;AAC5C,SAAS,SAAS,CAAC,UAAkB;IACnC,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC7C,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE;QAAE,OAAO,KAAK,CAAC;IAE3D,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,MAAM,GAAG,KAAK,CAAC;IAEnB,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,IAAI,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEpC,IAAI,MAAM,EAAE,CAAC;YACX,KAAK,IAAI,CAAC,CAAC;YACX,IAAI,KAAK,GAAG,CAAC;gBAAE,KAAK,IAAI,CAAC,CAAC;QAC5B,CAAC;QAED,GAAG,IAAI,KAAK,CAAC;QACb,MAAM,GAAG,CAAC,MAAM,CAAC;IACnB,CAAC;IAED,OAAO,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;AACxB,CAAC;AAED,iDAAiD;AACjD,MAAM,kBAAkB,GAAG;IACzB;QACE,qEAAqE;QACrE,KAAK,EACH,oHAAoH;QACtH,OAAO,EACL,uGAAuG;QACzG,QAAQ,EAAE,SAAkB;QAC5B,YAAY,EAAE,IAAI;KACnB;IACD;QACE,sCAAsC;QACtC,KAAK,EAAE,4DAA4D;QACnE,OAAO,EAAE,gEAAgE;QACzE,QAAQ,EAAE,SAAkB;KAC7B;IACD;QACE,oEAAoE;QACpE,0EAA0E;QAC1E,oDAAoD;QACpD,KAAK,EACH,qIAAqI;QACvI,OAAO,EAAE,qCAAqC;QAC9C,QAAQ,EAAE,OAAgB;KAC3B;IACD;QACE,qCAAqC;QACrC,KAAK,EAAE,yDAAyD;QAChE,OAAO,EAAE,kEAAkE;QAC3E,QAAQ,EAAE,OAAgB;KAC3B;IACD;QACE,yEAAyE;QACzE,KAAK,EAAE,8DAA8D;QACrE,OAAO,EAAE,kFAAkF;QAC3F,QAAQ,EAAE,SAAkB;QAC5B,YAAY,EAAE,IAAI,EAAE,uCAAuC;KAC5D;CACF,CAAC;AAEF,gBAAgB;AAChB,MAAM,aAAa,GAAG,IAAA,8BAAc,EAAC,iCAAiB,EAAE;IACtD,cAAc;IACd,OAAO;IACP,MAAM;IACN,MAAM;IACN,WAAW;IACX,WAAW;IACX,WAAW;IACX,QAAQ;IACR,UAAU;IACV,gBAAgB;IAChB,gDAAgD;IAChD,oBAAoB;IACpB,2BAA2B;IAC3B,oBAAoB;IACpB,kCAAkC;IAClC,yBAAyB;IACzB,oBAAoB;IACpB,wBAAwB;IACxB,aAAa;IACb,0CAA0C;IAC1C,mBAAmB;IACnB,iCAAiC;IACjC,cAAc;IACd,uBAAuB;IACvB,qBAAqB;IACrB,qCAAqC;IACrC,sBAAsB;IACtB,yBAAyB;IACzB,mCAAmC;IACnC,oBAAoB;IACpB,qBAAqB;IACrB,gDAAgD;IAChD,4BAA4B;IAC5B,6BAA6B;IAC7B,kDAAkD;IAClD,wBAAwB;CACzB,CAAC,CAAC;AAEH,SAAS,UAAU,CAAC,QAAgB;IAClC,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAChD,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QACpC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,CAAC;QACD,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,gDAAgD;AAEhD,IAAI,oBAAoB,GAAoB,IAAI,CAAC;AACjD,KAAK,UAAU,gBAAgB;IAC7B,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC1B,oBAAoB,GAAG,MAAM,sBAAS,CAAC,WAAW,EAAE,CAAC;IACvD,CAAC;IACD,OAAO,oBAAoB,CAAC;AAC9B,CAAC;AAED,KAAK,UAAU,QAAQ,CAAC,QAAgB;IACtC,IAAI,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO;IAEjC,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,+BAA+B;IAC/B,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,IAAI,KAAK,CAAC;QACV,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEpE,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YAClD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAElD,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACzC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChE,SAAS;YACX,CAAC;YAED,sEAAsE;YACtE,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;gBACzB,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAC3B,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,EAC9B,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,GAAG,CACpC,CAAC;gBACF,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBAChE,SAAS,CAAC,iCAAiC;gBAC7C,CAAC;YACH,CAAC;YAED,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,UAAU;gBAChB,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpE,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAChE,KAAK,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;YACrC,MAAM,UAAU,GAAG,IAAI,MAAM,CAAC,SAAS,KAAK,aAAa,EAAE,IAAI,CAAC,CAAC;YACjE,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBACnD,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAClD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;gBAElD,2DAA2D;gBAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC;gBAC7D,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9D,SAAS;gBACX,CAAC;gBAED,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,UAAU;oBAChB,OAAO,EAAE,GAAG,KAAK,OAAO;oBACxB,QAAQ,EAAE,SAAS;oBACnB,OAAO,EAAE,oBAAoB,KAAK,qDAAqD;iBACxF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,0DAA0D;AAE1D,KAAK,UAAU,cAAc,CAAC,QAAgB;IAC5C,IAAI,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO;IAEjC,4DAA4D;IAC5D,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAChD,IACE,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC;QAChC,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC;QAChC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC3B,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,EAC3B,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,MAAM,UAAU,IAAI,YAAY,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1E,IAAI,KAAK,CAAC;QAEV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YAClD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAClD,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YAEzC,gBAAgB;YAChB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChE,SAAS;YACX,CAAC;YAED,yBAAyB;YACzB,IACE,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;gBACxB,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC;gBACzB,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAC1B,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAC1B,CAAC;gBACD,SAAS;YACX,CAAC;YAED,8BAA8B;YAC9B,IAAI,UAAU,CAAC,QAAQ,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1D,SAAS;YACX,CAAC;YAED,uCAAuC;YACvC,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAEvE,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,UAAU;gBAChB,OAAO,EAAE,WAAW;gBACpB,QAAQ,EAAE,UAAU,CAAC,QAAQ;gBAC7B,OAAO,EAAE,IAAI,UAAU,CAAC,IAAI,KAAK,UAAU,CAAC,OAAO,EAAE;gBACrD,QAAQ,EAAE,UAAU,CAAC,QAAQ;aAC9B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAElF,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,uBAAuB,EAAE,CAAC,CAAC;IACrF,OAAO,CAAC,GAAG,CAAC,iBAAiB,YAAY,CAAC,MAAM,eAAe,CAAC,CAAC;IAEjE,MAAM,KAAK,GAAG,MAAM,gBAAgB,EAAE,CAAC;IAEvC,mDAAmD;IACnD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,MAAM,wCAAwC,CAAC,CAAC;QACrE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,OAAO,CAAC,GAAG,CAAC,GAAG,qBAAK,CAAC,MAAM,+BAA+B,CAAC,CAAC;IAC5D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,cAAc,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;IAC5D,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;IAEhE,6CAA6C;IAC7C,MAAM,aAAa,GAAG,IAAI,GAAG,EAAmB,CAAC;IACjD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACzD,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrB,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,IAAI,OAAO,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,qBAAqB,CAAC,CAAC;YACnD,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;gBACvB,OAAO,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC9C,OAAO,CAAC,GAAG,CAAC,SAAS,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YACxC,CAAC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,aAAa,CAAC,CAAC;YAC7C,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;gBACtC,OAAO,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC9C,OAAO,CAAC,GAAG,CAAC,SAAS,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YACxC,CAAC,CAAC,CAAC;YACH,IAAI,QAAQ,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;gBACzB,OAAO,CAAC,GAAG,CAAC,cAAc,QAAQ,CAAC,MAAM,GAAG,EAAE,gBAAgB,CAAC,CAAC;YAClE,CAAC;QACH,CAAC;QAED,iCAAiC;QACjC,IAAI,aAAa,CAAC,IAAI,GAAG,CAAC,IAAI,OAAO,EAAE,CAAC;YACtC,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,IAAI,mBAAmB,CAAC,CAAC;YAChD,KAAK,MAAM,CAAC,QAAQ,EAAE,cAAc,CAAC,IAAI,aAAa,EAAE,CAAC;gBACvD,MAAM,cAAc,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,MAAM,CAAC;gBACnF,MAAM,gBAAgB,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,MAAM,CAAC;gBACvF,OAAO,CAAC,GAAG,CAAC,MAAM,QAAQ,KAAK,cAAc,YAAY,gBAAgB,WAAW,CAAC,CAAC;YACxF,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAA,6BAAa,EAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,aAAa,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5C,IAAI,aAAa,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,4BAA4B,aAAa,CAAC,IAAI,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,KAAK,4CAA4C,CAAC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,2DAA2D,CAAC,CAAC;QACzE,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,0EAA0E,CAAC,CAAC;QACxF,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;QAChE,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;QAC/E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAK,CAAC,OAAO,4CAA4C,CAAC,CAAC;AAC9E,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC"}

package/dist/checks/security/sql-injection-prevention.d.ts

@@ -0,0 +1,25 @@
+#!/usr/bin/env tsx
+/**
+ * SQL Injection Prevention Preflight (BLOCKING)
+ *
+ * Detects patterns that could lead to SQL injection vulnerabilities:
+ * - Raw SQL queries with string concatenation
+ * - Template literals in $queryRaw/$executeRaw without proper escaping
+ * - User input directly in SQL strings
+ *
+ * Safe patterns (allowed):
+ * - Prisma's parameterized queries ($queryRaw with Prisma.sql tagged template)
+ * - Prisma's standard query methods (findMany, create, etc.)
+ * - TypedSQL files (.sql in prisma/sql/)
+ *
+ * Usage:
+ *   pnpm preflight:sql-injection
+ *   pnpm preflight:sql-injection:verbose
+ */
+export declare const id = "security/sql-injection-prevention";
+export declare const name = "Sql Injection Prevention";
+export declare const category = "security";
+export declare const blocking = true;
+export declare const description = "SQL Injection Prevention Preflight (BLOCKING)";
+export declare const tags: string[];
+//# sourceMappingURL=sql-injection-prevention.d.ts.map

package/dist/checks/security/sql-injection-prevention.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sql-injection-prevention.d.ts","sourceRoot":"","sources":["../../../src/checks/security/sql-injection-prevention.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;GAgBG;AAWH,eAAO,MAAM,EAAE,sCAAsC,CAAC;AACtD,eAAO,MAAM,IAAI,6BAA6B,CAAC;AAC/C,eAAO,MAAM,QAAQ,aAAa,CAAC;AACnC,eAAO,MAAM,QAAQ,OAAO,CAAC;AAC7B,eAAO,MAAM,WAAW,kDAAkD,CAAC;AAC3E,eAAO,MAAM,IAAI,UAAe,CAAC"}