@fourteensystems/prodcheck 0.3.0

package/dist/rules/rate-limit-missing.js

@@ -0,0 +1,316 @@
+import { readFileSync } from "node:fs";
+import path from "node:path";
+import { isAllowlisted } from "../util/paths.js";
+import { detectOutboundFetcher } from "../util/outbound-fetch.js";
+export const RULE_ID = "RATE-LIMIT-MISSING";
+/**
+ * Paths commonly excluded from rate limiting.
+ * Health checks, static assets, internal probes, cron/task routes.
+ */
+const EXEMPT_PATH_PATTERNS = [
+    /\/health$/,
+    /\/ping$/,
+    /\/ready$/,
+    /\/live$/,
+    /\/_next\//,
+    /\/cron\//, // Cron routes are server-to-server
+    /\/tasks\//, // Task/job routes are server-to-server
+];
+/**
+ * Webhook path patterns — rate limiting is inappropriate for inbound webhooks.
+ * Matches any path containing "webhook" (e.g., /stripe-webhook, /webhooks/stripe).
+ */
+const WEBHOOK_PATH_PATTERNS = [
+    /webhook/i,
+];
+/**
+ * Login/signin paths — prime brute-force targets.
+ * Missing rate limiting on these is always critical.
+ */
+const LOGIN_PATH_PATTERNS = [
+    /\/login(\/|$)/i,
+    /\/signin(\/|$)/i,
+    /\/sign-in(\/|$)/i,
+    /\/auth\/login(\/|$)/i,
+    /\/auth\/signin(\/|$)/i,
+];
+/**
+ * Framework-managed routes where rate limiting is handled by the framework
+ * or is inappropriate (auth protocol flows, external callbacks, OG images).
+ */
+const FRAMEWORK_MANAGED_PATTERNS = [
+    /\/auth\/\[\.{3}[^\]]*\]/, // NextAuth catch-all: auth/[...nextauth], auth/[...params]
+    /\/callback\//, // Inbound callbacks from external services (OAuth, Stripe, Slack)
+    /\/callback$/, // Terminal callback path
+    /\/oauth\//, // OAuth protocol endpoints (token, userinfo, authorize)
+    /\/saml\//, // SAML SSO endpoints
+    /\/og\//, // OG image generation routes (stateless, CDN-cached)
+    /\/og$/, // Terminal OG path
+];
+export function run(index, config) {
+    const findings = [];
+    const maxSeverity = config.rules[RULE_ID]?.severity ?? "critical";
+    for (const route of index.routes.all) {
+        // Only check API routes
+        if (!route.isApi)
+            continue;
+        // Skip exempt paths and user allowlisted paths
+        if (isExemptPath(route.pathname))
+            continue;
+        if (isAllowlisted(route.file, config.hints.rateLimit.allowlistPaths))
+            continue;
+        // Skip tRPC proxy routes — rate limiting is checked at the procedure level
+        if (index.trpc.detected && route.file === index.trpc.proxyFile)
+            continue;
+        // Skip framework-managed routes (NextAuth, OAuth, SAML, callbacks, OG images)
+        if (isFrameworkManaged(route.pathname))
+            continue;
+        const result = checkRoute(route, index, config);
+        if (result) {
+            // Severity bumps for high-value targets
+            let severity = result.severity;
+            let { confidence, confidenceRationale } = result;
+            if (isLoginPath(route.pathname)) {
+                severity = "critical";
+                confidence = "high";
+                confidenceRationale = "High: login/signin endpoint without rate limiting — prime brute-force target";
+                result.evidence.push("login/signin endpoint — brute-force risk");
+            }
+            else if (hasFormDataUpload(route, index)) {
+                severity = "critical";
+                confidence = "high";
+                confidenceRationale = "High: public file upload endpoint without rate limiting — storage abuse risk";
+                result.evidence.push("public formData upload — storage abuse risk");
+            }
+            // public-intent: severity floor at HIGH + SSRF escalation
+            let tags = ["rate-limit", "server"];
+            if (route.publicIntent) {
+                result.evidence.push(`public-intent: "${route.publicIntent.reason}"`);
+                tags = ["rate-limit", "server", "public-intent"];
+                // Floor severity at HIGH — public by design means RL is mandatory
+                if (SEVERITY_RANK[severity] < SEVERITY_RANK["high"]) {
+                    severity = "high";
+                    confidence = "high";
+                    confidenceRationale = "High: developer declared endpoint intentionally public (prodcheck:public-intent) — rate limiting is mandatory";
+                }
+                // SSRF escalation: public endpoint with outbound fetch = critical
+                const src = readSource(index.rootDir, route.file);
+                if (src) {
+                    const fetcher = detectOutboundFetcher(src);
+                    if (fetcher.isRisky) {
+                        severity = "critical";
+                        confidence = "high";
+                        confidenceRationale = "Critical: public-intent endpoint performs outbound fetch with user-influenced URL — SSRF surface";
+                        result.evidence.push(...fetcher.evidence);
+                        tags = ["rate-limit", "server", "public-intent", "outbound-fetch", "ssrf-surface"];
+                    }
+                }
+            }
+            findings.push({
+                ruleId: RULE_ID,
+                severity: capSeverity(severity, maxSeverity),
+                confidence,
+                message: route.publicIntent
+                    ? `Intentionally public API route has no recognized rate limiting`
+                    : `Public API route has no recognized rate limiting`,
+                file: route.file,
+                line: result.line,
+                snippet: result.snippet,
+                evidence: result.evidence,
+                confidenceRationale,
+                remediation: route.publicIntent
+                    ? [
+                        "Rate limiting is mandatory for endpoints declared as public-intent",
+                        "Add rate limiting middleware or wrapper to this route",
+                        "If using @upstash/ratelimit, wrap the handler with a rate limit check",
+                        "If rate limiting is at the edge (Cloudflare, Vercel), add a waiver with reason",
+                    ]
+                    : [
+                        "Add rate limiting middleware or wrapper to this route",
+                        "If using @upstash/ratelimit, wrap the handler with a rate limit check",
+                        "If rate limiting is handled at the edge (Cloudflare, Vercel), add a waiver with reason",
+                        "Add custom wrapper names to hints.rateLimit.wrappers in config",
+                    ],
+                tags,
+            });
+        }
+    }
+    // Check tRPC mutation procedures (both public and protected)
+    for (const proc of index.trpc.mutationProcedures) {
+        if (isAllowlisted(proc.file, config.hints.rateLimit.allowlistPaths))
+            continue;
+        // Check if the procedure's file has rate limit calls
+        const src = readSource(index.rootDir, proc.file);
+        if (src && hasRateLimitCall(src, config.hints.rateLimit.wrappers))
+            continue;
+        const isProtected = proc.procedureType === "protected";
+        findings.push({
+            ruleId: RULE_ID,
+            severity: capSeverity(isProtected ? "high" : "med", maxSeverity),
+            confidence: "med",
+            message: `tRPC ${proc.procedureType} mutation "${proc.name}" has no recognized rate limiting`,
+            file: proc.file,
+            line: proc.line,
+            evidence: [
+                `${proc.procedureType}Procedure.mutation() without rate limit wrapper`,
+                ...(isProtected ? ["authenticated but still susceptible to abuse (cost, spam)"] : []),
+            ],
+            confidenceRationale: isProtected
+                ? "Medium: authenticated mutation still needs rate limiting to prevent abuse"
+                : "Medium: tRPC rate limiting may be handled at middleware or procedure level (not detected)",
+            remediation: [
+                "Add rate limiting middleware to the procedure chain",
+                "If rate limiting is handled at the tRPC middleware level, add a waiver with reason",
+                "If rate limiting is at the edge (Cloudflare, Vercel), add a waiver",
+            ],
+            tags: ["rate-limit", "trpc"],
+        });
+    }
+    return findings;
+}
+const SEVERITY_RANK = { critical: 4, high: 3, med: 2, low: 1 };
+function capSeverity(computed, max) {
+    const maxRank = SEVERITY_RANK[max] ?? 4;
+    const computedRank = SEVERITY_RANK[computed] ?? 2;
+    return computedRank > maxRank ? max : computed;
+}
+function checkRoute(route, index, config) {
+    // Use ProtectionSummary if available (computed during index building)
+    if (route.protection) {
+        if (route.protection.rateLimit.satisfied)
+            return null;
+        // If wrapper introspection deferred this to WRAPPER-UNRECOGNIZED, don't emit per-route finding
+        if (route.protection.rateLimit.unverifiedWrappers.length > 0)
+            return null;
+    }
+    const src = readSource(index.rootDir, route.file);
+    if (!src)
+        return null;
+    // Routes with webhook signature verification don't need rate limiting
+    if (hasWebhookSignatureAuth(src))
+        return null;
+    if (isWebhookPath(route.pathname))
+        return null;
+    // Routes with cron key auth are server-to-server (no rate limiting needed)
+    if (hasCronKeyAuth(src))
+        return null;
+    // Only suppress RL findings when auth is strongly enforced (proven throw/return on failure).
+    // Weak/optional auth (satisfied but not enforced) is treated as unauthenticated for RL purposes.
+    const authStrong = route.protection?.auth.satisfied && route.protection?.auth.enforced;
+    if (authStrong)
+        return null;
+    const evidence = [];
+    let severity;
+    let confidence;
+    let confidenceRationale;
+    const isMutation = route.signals.hasMutationEvidence || route.signals.hasDbWriteEvidence;
+    if (isMutation) {
+        severity = "critical";
+        confidence = "high";
+        confidenceRationale = "High: public mutation route without rate limiting (higher abuse risk)";
+        evidence.push("route performs mutations (higher abuse risk)");
+        evidence.push(...route.signals.mutationDetails);
+    }
+    else if (hasBodyParsing(src)) {
+        severity = "high";
+        confidence = "high";
+        confidenceRationale = "High: public route reads request body without rate limiting";
+        evidence.push("route reads request body");
+    }
+    else {
+        severity = "med";
+        confidence = "med";
+        confidenceRationale = "Medium: public API route without rate limiting (GET-only, lower risk)";
+        evidence.push("public API route without rate limiting");
+    }
+    return { severity, confidence, confidenceRationale, evidence };
+}
+function hasRateLimitCall(src, wrappers) {
+    for (const wrapper of wrappers) {
+        const pattern = new RegExp(`\\b${escapeRegex(wrapper)}\\s*[.(]`, "m");
+        if (pattern.test(src))
+            return true;
+    }
+    // Also check for common rate limit import patterns
+    if (/@upstash\/ratelimit/.test(src))
+        return true;
+    if (/rate-limiter-flexible/.test(src))
+        return true;
+    if (/@arcjet\/next/.test(src))
+        return true;
+    if (/@unkey\/ratelimit/.test(src))
+        return true;
+    // Upstash-style: ratelimit.limit(identifier) in route source
+    if (/(?:ratelimit|rateLimit|rl|limiter|rateLimiter)\.limit\s*\(/i.test(src))
+        return true;
+    // General pattern: any function name containing "ratelimit" or "rate_limit"
+    // Catches: ratelimit(), ratelimitOrThrow(), checkRateLimit(), rateLimitMiddleware(), etc.
+    if (/\b\w*(?:rateLimit|ratelimit|rate_limit)\w*\s*\(/i.test(src))
+        return true;
+    return false;
+}
+/**
+ * Webhook signature verification — these routes don't need rate limiting.
+ */
+function hasWebhookSignatureAuth(src) {
+    if (/stripe\.webhooks\.constructEvent\s*\(/m.test(src))
+        return true;
+    if (/verifyQstashSignature\s*\(/m.test(src))
+        return true;
+    if (/createHmac\s*\(/.test(src) && /signature/i.test(src))
+        return true;
+    return false;
+}
+/**
+ * Cron routes protected by API key are server-to-server.
+ */
+function hasCronKeyAuth(src) {
+    if (/process\.env\.CRON_(?:API_KEY|SECRET)/m.test(src))
+        return true;
+    if (/verifyVercelSignature\s*\(/m.test(src))
+        return true;
+    return false;
+}
+function isWebhookPath(pathname) {
+    if (!pathname)
+        return false;
+    return WEBHOOK_PATH_PATTERNS.some((p) => p.test(pathname));
+}
+function isFrameworkManaged(pathname) {
+    if (!pathname)
+        return false;
+    return FRAMEWORK_MANAGED_PATTERNS.some((p) => p.test(pathname));
+}
+function hasBodyParsing(src) {
+    return /request\.json\s*\(|request\.formData\s*\(|request\.body\b|req\.body/.test(src);
+}
+function isExemptPath(pathname) {
+    if (!pathname)
+        return false;
+    return EXEMPT_PATH_PATTERNS.some((p) => p.test(pathname));
+}
+function isLoginPath(pathname) {
+    if (!pathname)
+        return false;
+    return LOGIN_PATH_PATTERNS.some((p) => p.test(pathname));
+}
+function hasFormDataUpload(route, index) {
+    const src = readSource(index.rootDir, route.file);
+    if (!src)
+        return false;
+    // FormData upload or raw body stream to blob/object storage
+    return /request\.formData\s*\(|req\.formData\s*\(/.test(src)
+        || (/request\.body\b/.test(src) && /\bput\s*\(/.test(src));
+}
+function readSource(rootDir, file) {
+    try {
+        return readFileSync(path.join(rootDir, file), "utf8");
+    }
+    catch {
+        return null;
+    }
+}
+function escapeRegex(str) {
+    return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+//# sourceMappingURL=rate-limit-missing.js.map

package/dist/rules/rate-limit-missing.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limit-missing.js","sourceRoot":"","sources":["../../src/rules/rate-limit-missing.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,IAAI,MAAM,WAAW,CAAC;AAI7B,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAElE,MAAM,CAAC,MAAM,OAAO,GAAG,oBAAoB,CAAC;AAE5C;;;GAGG;AACH,MAAM,oBAAoB,GAAG;IAC3B,WAAW;IACX,SAAS;IACT,UAAU;IACV,SAAS;IACT,WAAW;IACX,UAAU,EAAK,mCAAmC;IAClD,WAAW,EAAI,uCAAuC;CACvD,CAAC;AAEF;;;GAGG;AACH,MAAM,qBAAqB,GAAG;IAC5B,UAAU;CACX,CAAC;AAEF;;;GAGG;AACH,MAAM,mBAAmB,GAAG;IAC1B,gBAAgB;IAChB,iBAAiB;IACjB,kBAAkB;IAClB,sBAAsB;IACtB,uBAAuB;CACxB,CAAC;AAEF;;;GAGG;AACH,MAAM,0BAA0B,GAAG;IACjC,yBAAyB,EAAG,2DAA2D;IACvF,cAAc,EAAe,kEAAkE;IAC/F,aAAa,EAAgB,yBAAyB;IACtD,WAAW,EAAkB,wDAAwD;IACrF,UAAU,EAAmB,qBAAqB;IAClD,QAAQ,EAAqB,qDAAqD;IAClF,OAAO,EAAsB,mBAAmB;CACjD,CAAC;AAEF,MAAM,UAAU,GAAG,CAAC,KAAgB,EAAE,MAAuB;IAC3D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,QAAQ,IAAI,UAAU,CAAC;IAElE,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;QACrC,wBAAwB;QACxB,IAAI,CAAC,KAAK,CAAC,KAAK;YAAE,SAAS;QAE3B,+CAA+C;QAC/C,IAAI,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC;YAAE,SAAS;QAC3C,IAAI,aAAa,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,cAAc,CAAC;YAAE,SAAS;QAE/E,2EAA2E;QAC3E,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,SAAS;YAAE,SAAS;QAEzE,8EAA8E;QAC9E,IAAI,kBAAkB,CAAC,KAAK,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEjD,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAChD,IAAI,MAAM,EAAE,CAAC;YACX,wCAAwC;YACxC,IAAI,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;YAC/B,IAAI,EAAE,UAAU,EAAE,mBAAmB,EAAE,GAAG,MAAM,CAAC;YAEjD,IAAI,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAChC,QAAQ,GAAG,UAAU,CAAC;gBACtB,UAAU,GAAG,MAAM,CAAC;gBACpB,mBAAmB,GAAG,8EAA8E,CAAC;gBACrG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;YACnE,CAAC;iBAAM,IAAI,iBAAiB,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,CAAC;gBAC3C,QAAQ,GAAG,UAAU,CAAC;gBACtB,UAAU,GAAG,MAAM,CAAC;gBACpB,mBAAmB,GAAG,8EAA8E,CAAC;gBACrG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;YACtE,CAAC;YAED,0DAA0D;YAC1D,IAAI,IAAI,GAAG,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;YACpC,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;gBACvB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,KAAK,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC;gBACtE,IAAI,GAAG,CAAC,YAAY,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;gBAEjD,kEAAkE;gBAClE,IAAI,aAAa,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;oBACpD,QAAQ,GAAG,MAAM,CAAC;oBAClB,UAAU,GAAG,MAAM,CAAC;oBACpB,mBAAmB,GAAG,+GAA+G,CAAC;gBACxI,CAAC;gBAED,kEAAkE;gBAClE,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;gBAClD,IAAI,GAAG,EAAE,CAAC;oBACR,MAAM,OAAO,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC;oBAC3C,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;wBACpB,QAAQ,GAAG,UAAU,CAAC;wBACtB,UAAU,GAAG,MAAM,CAAC;wBACpB,mBAAmB,GAAG,kGAAkG,CAAC;wBACzH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;wBAC1C,IAAI,GAAG,CAAC,YAAY,EAAE,QAAQ,EAAE,eAAe,EAAE,gBAAgB,EAAE,cAAc,CAAC,CAAC;oBACrF,CAAC;gBACH,CAAC;YACH,CAAC;YAED,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC;gBAC5C,UAAU;gBACV,OAAO,EAAE,KAAK,CAAC,YAAY;oBACzB,CAAC,CAAC,gEAAgE;oBAClE,CAAC,CAAC,kDAAkD;gBACtD,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,mBAAmB;gBACnB,WAAW,EAAE,KAAK,CAAC,YAAY;oBAC7B,CAAC,CAAC;wBACE,oEAAoE;wBACpE,uDAAuD;wBACvD,uEAAuE;wBACvE,gFAAgF;qBACjF;oBACH,CAAC,CAAC;wBACE,uDAAuD;wBACvD,uEAAuE;wBACvE,wFAAwF;wBACxF,gEAAgE;qBACjE;gBACL,IAAI;aACL,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACjD,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,cAAc,CAAC;YAAE,SAAS;QAE9E,qDAAqD;QACrD,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,IAAI,GAAG,IAAI,gBAAgB,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC;YAAE,SAAS;QAE5E,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,KAAK,WAAW,CAAC;QACvD,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,OAAO;YACf,QAAQ,EAAE,WAAW,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,EAAE,WAAW,CAAC;YAChE,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE,QAAQ,IAAI,CAAC,aAAa,cAAc,IAAI,CAAC,IAAI,mCAAmC;YAC7F,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,QAAQ,EAAE;gBACR,GAAG,IAAI,CAAC,aAAa,iDAAiD;gBACtE,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,2DAA2D,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;aACtF;YACD,mBAAmB,EAAE,WAAW;gBAC9B,CAAC,CAAC,2EAA2E;gBAC7E,CAAC,CAAC,2FAA2F;YAC/F,WAAW,EAAE;gBACX,qDAAqD;gBACrD,oFAAoF;gBACpF,oEAAoE;aACrE;YACD,IAAI,EAAE,CAAC,YAAY,EAAE,MAAM,CAAC;SAC7B,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;AAEvF,SAAS,WAAW,CAAC,QAAkB,EAAE,GAAW;IAClD,MAAM,OAAO,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACxC,MAAM,YAAY,GAAG,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAClD,OAAO,YAAY,GAAG,OAAO,CAAC,CAAC,CAAE,GAAgB,CAAC,CAAC,CAAC,QAAQ,CAAC;AAC/D,CAAC;AAWD,SAAS,UAAU,CACjB,KAAgB,EAChB,KAAgB,EAChB,MAAuB;IAEvB,sEAAsE;IACtE,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;QACrB,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QAEtD,+FAA+F;QAC/F,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;IAC5E,CAAC;IAED,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;IAClD,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAEtB,sEAAsE;IACtE,IAAI,uBAAuB,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9C,IAAI,aAAa,CAAC,KAAK,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAE/C,2EAA2E;IAC3E,IAAI,cAAc,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAErC,6FAA6F;IAC7F,iGAAiG;IACjG,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,IAAI,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC;IACvF,IAAI,UAAU;QAAE,OAAO,IAAI,CAAC;IAE5B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,IAAI,QAAkB,CAAC;IACvB,IAAI,UAAsB,CAAC;IAC3B,IAAI,mBAA2B,CAAC;IAEhC,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,mBAAmB,IAAI,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC;IAEzF,IAAI,UAAU,EAAE,CAAC;QACf,QAAQ,GAAG,UAAU,CAAC;QACtB,UAAU,GAAG,MAAM,CAAC;QACpB,mBAAmB,GAAG,uEAAuE,CAAC;QAC9F,QAAQ,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QAC9D,QAAQ,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAClD,CAAC;SAAM,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,QAAQ,GAAG,MAAM,CAAC;QAClB,UAAU,GAAG,MAAM,CAAC;QACpB,mBAAmB,GAAG,6DAA6D,CAAC;QACpF,QAAQ,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAC5C,CAAC;SAAM,CAAC;QACN,QAAQ,GAAG,KAAK,CAAC;QACjB,UAAU,GAAG,KAAK,CAAC;QACnB,mBAAmB,GAAG,uEAAuE,CAAC;QAC9F,QAAQ,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,mBAAmB,EAAE,QAAQ,EAAE,CAAC;AACjE,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAW,EAAE,QAAkB;IACvD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,IAAI,MAAM,CAAC,MAAM,WAAW,CAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;IACrC,CAAC;IAED,mDAAmD;IACnD,IAAI,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACjD,IAAI,uBAAuB,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACnD,IAAI,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC3C,IAAI,mBAAmB,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAE/C,6DAA6D;IAC7D,IAAI,6DAA6D,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAEzF,4EAA4E;IAC5E,0FAA0F;IAC1F,IAAI,kDAAkD,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAE9E,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAAC,GAAW;IAC1C,IAAI,wCAAwC,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACpE,IAAI,6BAA6B,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACzD,IAAI,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACvE,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,GAAW;IACjC,IAAI,wCAAwC,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACpE,IAAI,6BAA6B,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACzD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,QAAiB;IACtC,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5B,OAAO,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,SAAS,kBAAkB,CAAC,QAAiB;IAC3C,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5B,OAAO,0BAA0B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;AAClE,CAAC;AAED,SAAS,cAAc,CAAC,GAAW;IACjC,OAAO,qEAAqE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACzF,CAAC;AAED,SAAS,YAAY,CAAC,QAAiB;IACrC,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5B,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,WAAW,CAAC,QAAiB;IACpC,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5B,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAgB,EAAE,KAAgB;IAC3D,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;IAClD,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,4DAA4D;IAC5D,OAAO,2CAA2C,CAAC,IAAI,CAAC,GAAG,CAAC;WACvD,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,SAAS,UAAU,CAAC,OAAe,EAAE,IAAY;IAC/C,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC"}

package/dist/rules/rate-limit-missing.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=rate-limit-missing.test.d.ts.map

package/dist/rules/rate-limit-missing.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limit-missing.test.d.ts","sourceRoot":"","sources":["../../src/rules/rate-limit-missing.test.ts"],"names":[],"mappings":""}