@havoc-security/scanner 0.1.0

package/dist/index.js

@@ -0,0 +1,139 @@
+export * from './types/index.js';
+export * from './analyzers/index.js';
+export { PhpParser, PHP_FILE_PATTERNS } from './parsers/PhpParser.js';
+export { rules } from './rules/index.js';
+import { readFile } from 'node:fs/promises';
+import { existsSync } from 'node:fs';
+import { resolve, join } from 'node:path';
+import { glob } from 'glob';
+import { Severity } from './types/index.js';
+import { AuthorizationCoverageAnalyzer } from './analyzers/AuthorizationCoverageAnalyzer.js';
+import { MassAssignmentAnalyzer } from './analyzers/MassAssignmentAnalyzer.js';
+import { XssSurfaceAnalyzer } from './analyzers/XssSurfaceAnalyzer.js';
+import { SqlInjectionAnalyzer } from './analyzers/SqlInjectionAnalyzer.js';
+import { DependencyAuditAnalyzer } from './analyzers/DependencyAuditAnalyzer.js';
+import { IdorAnalyzer } from './analyzers/IdorAnalyzer.js';
+import { CredentialExposureAnalyzer } from './analyzers/CredentialExposureAnalyzer.js';
+import { SessionSecurityAnalyzer } from './analyzers/SessionSecurityAnalyzer.js';
+import { FileUploadAnalyzer } from './analyzers/FileUploadAnalyzer.js';
+import { RateLimitAnalyzer } from './analyzers/RateLimitAnalyzer.js';
+import { EncryptionAnalyzer } from './analyzers/EncryptionAnalyzer.js';
+import { PrivilegeEscalationAnalyzer } from './analyzers/PrivilegeEscalationAnalyzer.js';
+import { PhpParser } from './parsers/PhpParser.js';
+const SEVERITY_PENALTIES = {
+    [Severity.Critical]: 25,
+    [Severity.High]: 10,
+    [Severity.Medium]: 3,
+    [Severity.Low]: 1,
+    [Severity.Info]: 0,
+};
+const GRADE_THRESHOLDS = [
+    { grade: 'A', maxPenalty: 0 },
+    { grade: 'B', maxPenalty: 10 },
+    { grade: 'C', maxPenalty: 25 },
+    { grade: 'D', maxPenalty: 50 },
+    { grade: 'F', maxPenalty: Infinity },
+];
+export function calculateSecurityGrade(findings) {
+    const penalty = findings.reduce((sum, f) => sum + (SEVERITY_PENALTIES[f.severity] ?? 0), 0);
+    for (const threshold of GRADE_THRESHOLDS) {
+        if (penalty <= threshold.maxPenalty)
+            return threshold.grade;
+    }
+    return 'F';
+}
+// ─── Defaults ─────────────────────────────────────────────────────────────────
+export const DEFAULT_ANALYZERS = [
+    new AuthorizationCoverageAnalyzer(),
+    new MassAssignmentAnalyzer(),
+    new XssSurfaceAnalyzer(),
+    new SqlInjectionAnalyzer(),
+    new DependencyAuditAnalyzer(),
+    new IdorAnalyzer(),
+    new CredentialExposureAnalyzer(),
+    new SessionSecurityAnalyzer(),
+    new FileUploadAnalyzer(),
+    new RateLimitAnalyzer(),
+    new EncryptionAnalyzer(),
+    new PrivilegeEscalationAnalyzer(),
+];
+export const DEFAULT_CONFIG = {
+    framework: 'laravel',
+    failOn: Severity.High,
+    output: 'text',
+};
+const SCANNER_VERSION = '0.2.0';
+const DEFAULT_EXCLUDE_PATTERNS = [
+    'vendor/**', 'node_modules/**', 'storage/**',
+    'bootstrap/cache/**', 'public/vendor/**', '.git/**',
+];
+async function discoverProjectFiles(projectPath, config, parser) {
+    const absPath = resolve(projectPath);
+    const excludePatterns = [
+        ...DEFAULT_EXCLUDE_PATTERNS,
+        ...(config.exclude ?? []),
+    ].map((e) => `${absPath}/${e}`);
+    const phpFiles = await glob(`${absPath}/**/*.php`, { ignore: excludePatterns, nodir: true });
+    const bladeFiles = await glob(`${absPath}/resources/views/**/*.blade.php`, { ignore: excludePatterns, nodir: true });
+    const parsedPhp = await Promise.all(phpFiles.map((f) => parser.parseFile(f, absPath)));
+    const parsedBlade = await Promise.all(bladeFiles
+        .filter((f) => !phpFiles.includes(f))
+        .map(async (f) => ({
+        path: f.replace(`${absPath}/`, ''),
+        content: await readFile(f, 'utf-8').catch(() => ''),
+        ast: null,
+    })));
+    const composerJsonPath = join(absPath, 'composer.json');
+    const composerFiles = existsSync(composerJsonPath)
+        ? [{ path: 'composer.json', content: await readFile(composerJsonPath, 'utf-8').catch(() => ''), ast: null }]
+        : [];
+    return [...parsedPhp, ...parsedBlade, ...composerFiles];
+}
+function computeCoverage(files) {
+    let totalRoutes = 0;
+    let coveredRoutes = 0;
+    let totalModels = 0;
+    let protectedModels = 0;
+    for (const file of files) {
+        if (file.path.startsWith('routes/') || file.path.startsWith('routes\\')) {
+            const routeMatches = file.content.match(/Route::\w+\s*\(/g) ?? [];
+            totalRoutes += routeMatches.length;
+            const authMatches = file.content.match(/->middleware\s*\(\s*['"]auth/g) ?? [];
+            coveredRoutes += authMatches.length;
+        }
+        if ((file.path.includes('app/Models') || file.path.includes('app\\Models')) && file.path.endsWith('.php')) {
+            totalModels++;
+            if (/\$fillable\s*=|protected\s+\$guarded\s*=\s*\[(?:[^\]]+)\]/.test(file.content)) {
+                protectedModels++;
+            }
+        }
+    }
+    const coveragePercent = totalRoutes > 0 ? Math.round((coveredRoutes / totalRoutes) * 100) : 100;
+    return { totalRoutes, coveredRoutes, coveragePercent, totalModels, protectedModels };
+}
+export async function scan(files, config = DEFAULT_CONFIG, analyzers = DEFAULT_ANALYZERS) {
+    const startTime = Date.now();
+    const allFindings = await Promise.all(analyzers.map((analyzer) => analyzer.analyze(files, config)));
+    const findings = allFindings.flat();
+    const coverage = computeCoverage(files);
+    return {
+        findings,
+        coverage,
+        metadata: {
+            scannedAt: new Date().toISOString(),
+            framework: config.framework,
+            filesScanned: files.length,
+            durationMs: Date.now() - startTime,
+            scannerVersion: SCANNER_VERSION,
+        },
+    };
+}
+export async function scanProject(projectPath, config = DEFAULT_CONFIG, analyzers = DEFAULT_ANALYZERS) {
+    const parser = new PhpParser();
+    const files = await discoverProjectFiles(projectPath, config, parser);
+    const configWithRoot = { ...config, projectRoot: resolve(projectPath) };
+    const result = await scan(files, configWithRoot, analyzers);
+    const grade = calculateSecurityGrade(result.findings);
+    return { ...result, grade };
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC;AACjC,cAAc,sBAAsB,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAEtE,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAEzC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAiD,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC3F,OAAO,EAAE,6BAA6B,EAAE,MAAM,8CAA8C,CAAC;AAC7F,OAAO,EAAE,sBAAsB,EAAE,MAAM,uCAAuC,CAAC;AAC/E,OAAO,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AACvE,OAAO,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAC;AAC3E,OAAO,EAAE,uBAAuB,EAAE,MAAM,wCAAwC,CAAC;AACjF,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,0BAA0B,EAAE,MAAM,2CAA2C,CAAC;AACvF,OAAO,EAAE,uBAAuB,EAAE,MAAM,wCAAwC,CAAC;AACjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AACvE,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AACvE,OAAO,EAAE,2BAA2B,EAAE,MAAM,4CAA4C,CAAC;AACzF,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAWnD,MAAM,kBAAkB,GAA6B;IACnD,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,EAAE;IACvB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE;IACnB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;IACpB,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;IACjB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;CACnB,CAAC;AAEF,MAAM,gBAAgB,GAA8B;IAClD,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,EAAE;IAC7B,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE;IAC9B,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE;IAC9B,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE;IAC9B,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU,EAAE,QAAQ,EAAE;CACrC,CAAC;AAEF,MAAM,UAAU,sBAAsB,CAAC,QAAkC;IACvE,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5F,KAAK,MAAM,SAAS,IAAI,gBAAgB,EAAE,CAAC;QACzC,IAAI,OAAO,IAAI,SAAS,CAAC,UAAU;YAAE,OAAO,SAAS,CAAC,KAAK,CAAC;IAC9D,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,iFAAiF;AAEjF,MAAM,CAAC,MAAM,iBAAiB,GAAe;IAC3C,IAAI,6BAA6B,EAAE;IACnC,IAAI,sBAAsB,EAAE;IAC5B,IAAI,kBAAkB,EAAE;IACxB,IAAI,oBAAoB,EAAE;IAC1B,IAAI,uBAAuB,EAAE;IAC7B,IAAI,YAAY,EAAE;IAClB,IAAI,0BAA0B,EAAE;IAChC,IAAI,uBAAuB,EAAE;IAC7B,IAAI,kBAAkB,EAAE;IACxB,IAAI,iBAAiB,EAAE;IACvB,IAAI,kBAAkB,EAAE;IACxB,IAAI,2BAA2B,EAAE;CAClC,CAAC;AAEF,MAAM,CAAC,MAAM,cAAc,GAAgB;IACzC,SAAS,EAAE,SAAS;IACpB,MAAM,EAAE,QAAQ,CAAC,IAAI;IACrB,MAAM,EAAE,MAAM;CACf,CAAC;AAEF,MAAM,eAAe,GAAG,OAAO,CAAC;AAEhC,MAAM,wBAAwB,GAAG;IAC/B,WAAW,EAAE,iBAAiB,EAAE,YAAY;IAC5C,oBAAoB,EAAE,kBAAkB,EAAE,SAAS;CACpD,CAAC;AAEF,KAAK,UAAU,oBAAoB,CACjC,WAAmB,EACnB,MAAmB,EACnB,MAAiB;IAEjB,MAAM,OAAO,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IACrC,MAAM,eAAe,GAAG;QACtB,GAAG,wBAAwB;QAC3B,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;KAC1B,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,OAAO,IAAI,CAAC,EAAE,CAAC,CAAC;IAEhC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,OAAO,WAAW,EAAE,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7F,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,GAAG,OAAO,iCAAiC,EAAE,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAErH,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;IAEvF,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CACnC,UAAU;SACP,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;SACpC,GAAG,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACjB,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,OAAO,GAAG,EAAE,EAAE,CAAC;QAClC,OAAO,EAAE,MAAM,QAAQ,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;QACnD,GAAG,EAAE,IAAI;KACV,CAAC,CAAC,CACN,CAAC;IAEF,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,aAAa,GAAiB,UAAU,CAAC,gBAAgB,CAAC;QAC9D,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;QAC5G,CAAC,CAAC,EAAE,CAAC;IAEP,OAAO,CAAC,GAAG,SAAS,EAAE,GAAG,WAAW,EAAE,GAAG,aAAa,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,eAAe,CAAC,KAAmB;IAC1C,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,eAAe,GAAG,CAAC,CAAC;IAExB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACxE,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;YAClE,WAAW,IAAI,YAAY,CAAC,MAAM,CAAC;YACnC,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,IAAI,EAAE,CAAC;YAC9E,aAAa,IAAI,WAAW,CAAC,MAAM,CAAC;QACtC,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1G,WAAW,EAAE,CAAC;YACd,IAAI,2DAA2D,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnF,eAAe,EAAE,CAAC;YACpB,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,eAAe,GAAG,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,aAAa,GAAG,WAAW,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAChG,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC;AACvF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,IAAI,CACxB,KAAmB,EACnB,SAAsB,cAAc,EACpC,YAAwB,iBAAiB;IAEzC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CACnC,SAAS,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAC7D,CAAC;IAEF,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,EAAE,CAAC;IACpC,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IAExC,OAAO;QACL,QAAQ;QACR,QAAQ;QACR,QAAQ,EAAE;YACR,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,YAAY,EAAE,KAAK,CAAC,MAAM;YAC1B,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAClC,cAAc,EAAE,eAAe;SAChC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,WAAmB,EACnB,SAAsB,cAAc,EACpC,YAAwB,iBAAiB;IAEzC,MAAM,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,MAAM,oBAAoB,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IACtE,MAAM,cAAc,GAAG,EAAE,GAAG,MAAM,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,CAAC,EAA2C,CAAC;IACjH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,EAAE,cAAc,EAAE,SAAS,CAAC,CAAC;IAC5D,MAAM,KAAK,GAAG,sBAAsB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtD,OAAO,EAAE,GAAG,MAAM,EAAE,KAAK,EAAE,CAAC;AAC9B,CAAC"}

package/dist/parsers/PhpParser.d.ts

@@ -0,0 +1,56 @@
+import { ParsedFile } from '../types/index.js';
+export interface PhpMethodInfo {
+    name: string;
+    visibility: 'public' | 'protected' | 'private';
+    isStatic: boolean;
+    line: number;
+    bodyText: string;
+    parameters: string[];
+}
+export interface PhpPropertyInfo {
+    name: string;
+    visibility: 'public' | 'protected' | 'private';
+    isStatic: boolean;
+    line: number;
+    initializer?: string;
+}
+export interface PhpClassInfo {
+    name: string;
+    isAbstract: boolean;
+    isTrait: boolean;
+    methods: PhpMethodInfo[];
+    properties: PhpPropertyInfo[];
+    traitUses: string[];
+    importedTraits: string[];
+    parent?: string;
+    line: number;
+}
+export interface ParsedPhpFile extends ParsedFile {
+    classes: PhpClassInfo[];
+    useStatements: string[];
+    namespace?: string;
+}
+export declare const PHP_FILE_PATTERNS: {
+    readonly CONTROLLERS: "app/Http/Controllers/**/*.php";
+    readonly MODELS: "app/Models/**/*.php";
+    readonly ROUTES_WEB: "routes/web.php";
+    readonly ROUTES_API: "routes/api.php";
+    readonly ROUTES_ALL: "routes/**/*.php";
+    readonly BLADE_TEMPLATES: "resources/views/**/*.blade.php";
+    readonly CONFIG: "config/**/*.php";
+    readonly ALL_PHP: "**/*.php";
+};
+export declare class PhpParser {
+    private engine;
+    constructor();
+    parseFile(filePath: string, rootDir?: string): Promise<ParsedPhpFile>;
+    parseDirectory(dir: string, exclude?: string[]): Promise<ParsedPhpFile[]>;
+    parseByPattern(rootDir: string, pattern: string, exclude?: string[]): Promise<ParsedPhpFile[]>;
+    parseBladeFiles(rootDir: string): Promise<ParsedFile[]>;
+    private extractFromAst;
+    private extractClass;
+    private extractMethod;
+    private extractProperty;
+    private stringifyNode;
+}
+//# sourceMappingURL=PhpParser.d.ts.map

package/dist/parsers/PhpParser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PhpParser.d.ts","sourceRoot":"","sources":["../../src/parsers/PhpParser.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAqB/C,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,QAAQ,GAAG,WAAW,GAAG,SAAS,CAAC;IAC/C,QAAQ,EAAE,OAAO,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,QAAQ,GAAG,WAAW,GAAG,SAAS,CAAC;IAC/C,QAAQ,EAAE,OAAO,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,OAAO,CAAC;IACpB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,aAAa,EAAE,CAAC;IACzB,UAAU,EAAE,eAAe,EAAE,CAAC;IAC9B,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,aAAc,SAAQ,UAAU;IAC/C,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,eAAO,MAAM,iBAAiB;;;;;;;;;CASpB,CAAC;AAkBX,qBAAa,SAAS;IACpB,OAAO,CAAC,MAAM,CAAyD;;IAYjE,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAarE,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,GAAE,MAAM,EAAO,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAS7E,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,GAAE,MAAM,EAAO,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IASlG,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAY7D,OAAO,CAAC,cAAc;IAyBtB,OAAO,CAAC,YAAY;IA6BpB,OAAO,CAAC,aAAa;IAmBrB,OAAO,CAAC,eAAe;IAiBvB,OAAO,CAAC,aAAa;CAyBtB"}

package/dist/parsers/PhpParser.js

@@ -0,0 +1,193 @@
+import { readFile } from 'node:fs/promises';
+import { createRequire } from 'node:module';
+import { resolve, relative } from 'node:path';
+import { glob } from 'glob';
+export const PHP_FILE_PATTERNS = {
+    CONTROLLERS: 'app/Http/Controllers/**/*.php',
+    MODELS: 'app/Models/**/*.php',
+    ROUTES_WEB: 'routes/web.php',
+    ROUTES_API: 'routes/api.php',
+    ROUTES_ALL: 'routes/**/*.php',
+    BLADE_TEMPLATES: 'resources/views/**/*.blade.php',
+    CONFIG: 'config/**/*.php',
+    ALL_PHP: '**/*.php',
+};
+function nodeName(n) {
+    if (!n)
+        return '';
+    if (typeof n === 'string')
+        return n;
+    if (typeof n === 'object') {
+        if (typeof n.name === 'string')
+            return n.name;
+        if (typeof n.name === 'object')
+            return nodeName(n.name);
+    }
+    return '';
+}
+function normalizeVisibility(v) {
+    if (v === 'protected')
+        return 'protected';
+    if (v === 'private')
+        return 'private';
+    return 'public';
+}
+export class PhpParser {
+    engine;
+    constructor() {
+        const _require = createRequire(import.meta.url);
+        const mod = _require('php-parser');
+        const Engine = mod.Engine ?? mod.default?.Engine ?? mod;
+        this.engine = new Engine({
+            parser: { extractDoc: true, suppressErrors: true, php7: true },
+            ast: { withPositions: true },
+        });
+    }
+    async parseFile(filePath, rootDir) {
+        const content = await readFile(filePath, 'utf-8').catch(() => '');
+        const relativePath = rootDir ? relative(rootDir, filePath) : filePath;
+        try {
+            const ast = this.engine.parseCode(content, filePath);
+            const extracted = this.extractFromAst(ast, content);
+            return { path: relativePath, content, ast, ...extracted };
+        }
+        catch {
+            return { path: relativePath, content, ast: null, classes: [], useStatements: [] };
+        }
+    }
+    async parseDirectory(dir, exclude = []) {
+        const absDir = resolve(dir);
+        const files = await glob(`${absDir}/${PHP_FILE_PATTERNS.ALL_PHP}`, {
+            ignore: exclude.map((e) => resolve(absDir, e)),
+            nodir: true,
+        });
+        return Promise.all(files.map((f) => this.parseFile(f, absDir)));
+    }
+    async parseByPattern(rootDir, pattern, exclude = []) {
+        const absRoot = resolve(rootDir);
+        const files = await glob(`${absRoot}/${pattern}`, {
+            ignore: exclude.map((e) => resolve(absRoot, e)),
+            nodir: true,
+        });
+        return Promise.all(files.map((f) => this.parseFile(f, absRoot)));
+    }
+    async parseBladeFiles(rootDir) {
+        const absRoot = resolve(rootDir);
+        const files = await glob(`${absRoot}/${PHP_FILE_PATTERNS.BLADE_TEMPLATES}`, { nodir: true });
+        return Promise.all(files.map(async (f) => ({
+            path: relative(absRoot, f),
+            content: await readFile(f, 'utf-8').catch(() => ''),
+            ast: null,
+        })));
+    }
+    extractFromAst(ast, source) {
+        const classes = [];
+        const useStatements = [];
+        let namespace;
+        const processNodes = (nodes) => {
+            for (const node of nodes) {
+                if (node.kind === 'namespace') {
+                    namespace = nodeName(node.name);
+                    processNodes((node.children ?? []));
+                }
+                else if (node.kind === 'usegroup') {
+                    for (const item of (node.items ?? [])) {
+                        const name = nodeName(item.name);
+                        if (name)
+                            useStatements.push(name);
+                    }
+                }
+                else if (node.kind === 'class' || node.kind === 'trait') {
+                    classes.push(this.extractClass(node, source));
+                }
+            }
+        };
+        processNodes((ast.children ?? []));
+        return { classes, useStatements, namespace };
+    }
+    extractClass(node, source) {
+        const name = nodeName(node.name);
+        const isAbstract = node.isAbstract ?? false;
+        const isTrait = node.kind === 'trait';
+        const line = node.loc?.start.line ?? 1;
+        const methods = [];
+        const properties = [];
+        const importedTraits = [];
+        const body = (node.body ?? []);
+        for (const member of body) {
+            if (member.kind === 'method') {
+                methods.push(this.extractMethod(member, source));
+            }
+            else if (member.kind === 'propertystatement') {
+                const prop = this.extractProperty(member);
+                if (prop)
+                    properties.push(prop);
+            }
+            else if (member.kind === 'traituse') {
+                for (const trait of (member.traits ?? [])) {
+                    importedTraits.push(nodeName(trait));
+                }
+            }
+        }
+        const parentNode = node.extends;
+        const parent = parentNode ? nodeName(parentNode.name ?? parentNode) : undefined;
+        return { name, isAbstract, isTrait, methods, properties, traitUses: [], importedTraits, parent, line };
+    }
+    extractMethod(node, source) {
+        const name = nodeName(node.name);
+        const visibility = normalizeVisibility(node.visibility);
+        const isStatic = node.isStatic ?? false;
+        const line = node.loc?.start.line ?? 1;
+        const bodyNode = node.body;
+        let bodyText = '';
+        if (bodyNode?.loc) {
+            const lines = source.split('\n');
+            bodyText = lines.slice(bodyNode.loc.start.line - 1, bodyNode.loc.end.line).join('\n');
+        }
+        const params = (node.arguments ?? [])
+            .map((p) => nodeName(p.name));
+        return { name, visibility, isStatic, line, bodyText, parameters: params };
+    }
+    extractProperty(node) {
+        // php-parser uses "properties" for propertystatement children
+        const props = (node.properties ?? node.items ?? []);
+        if (props.length === 0)
+            return null;
+        const first = props[0];
+        const name = nodeName(first.name);
+        if (!name)
+            return null;
+        const visibility = normalizeVisibility(node.visibility);
+        const isStatic = node.isStatic ?? false;
+        const line = node.loc?.start.line ?? 1;
+        const initializer = first.value != null ? this.stringifyNode(first.value) : undefined;
+        return { name, visibility, isStatic, line, initializer };
+    }
+    stringifyNode(node) {
+        if (!node)
+            return '';
+        switch (node.kind) {
+            case 'string': return `"${node.value}"`;
+            case 'number': return String(node.value);
+            case 'boolean': return String(node.value);
+            case 'nullkeyword': return 'null';
+            case 'array': {
+                const items = (node.items ?? []);
+                const parts = items.map((item) => {
+                    // php-parser wraps array values in "entry" nodes
+                    const entryVal = item.value ?? item;
+                    const val = this.stringifyNode(entryVal);
+                    const entryKey = item.key;
+                    return entryKey ? `${this.stringifyNode(entryKey)} => ${val}` : val;
+                });
+                return `[${parts.join(', ')}]`;
+            }
+            case 'identifier':
+            case 'name':
+                return nodeName(node);
+            default:
+                return '';
+        }
+    }
+}
+//# sourceMappingURL=PhpParser.js.map

package/dist/parsers/PhpParser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PhpParser.js","sourceRoot":"","sources":["../../src/parsers/PhpParser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAyD5B,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,WAAW,EAAE,+BAA+B;IAC5C,MAAM,EAAE,qBAAqB;IAC7B,UAAU,EAAE,gBAAgB;IAC5B,UAAU,EAAE,gBAAgB;IAC5B,UAAU,EAAE,iBAAiB;IAC7B,eAAe,EAAE,gCAAgC;IACjD,MAAM,EAAE,iBAAiB;IACzB,OAAO,EAAE,UAAU;CACX,CAAC;AAEX,SAAS,QAAQ,CAAC,CAAsC;IACtD,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAClB,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAC;IACpC,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC1B,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC;QAC9C,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;YAAE,OAAO,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,mBAAmB,CAAC,CAAqB;IAChD,IAAI,CAAC,KAAK,WAAW;QAAE,OAAO,WAAW,CAAC;IAC1C,IAAI,CAAC,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IACtC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,OAAO,SAAS;IACZ,MAAM,CAAyD;IAEvE;QACE,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChD,MAAM,GAAG,GAAG,QAAQ,CAAC,YAAY,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,OAAO,EAAE,MAAM,IAAI,GAAG,CAAC;QACxD,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CAAC;YACvB,MAAM,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE;YAC9D,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE;SAC7B,CAA2D,CAAC;IAC/D,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,QAAgB,EAAE,OAAgB;QAChD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAClE,MAAM,YAAY,GAAG,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QAEtE,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YACrD,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YACpD,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,SAAS,EAAE,CAAC;QAC5D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,CAAC;QACpF,CAAC;IACH,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,GAAW,EAAE,UAAoB,EAAE;QACtD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,GAAG,MAAM,IAAI,iBAAiB,CAAC,OAAO,EAAE,EAAE;YACjE,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YAC9C,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAAe,EAAE,OAAe,EAAE,UAAoB,EAAE;QAC3E,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QACjC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,GAAG,OAAO,IAAI,OAAO,EAAE,EAAE;YAChD,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YAC/C,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,OAAe;QACnC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QACjC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,GAAG,OAAO,IAAI,iBAAiB,CAAC,eAAe,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7F,OAAO,OAAO,CAAC,GAAG,CAChB,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;YACtB,IAAI,EAAE,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1B,OAAO,EAAE,MAAM,QAAQ,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;YACnD,GAAG,EAAE,IAAI;SACV,CAAC,CAAC,CACJ,CAAC;IACJ,CAAC;IAEO,cAAc,CAAC,GAAY,EAAE,MAAc;QACjD,MAAM,OAAO,GAAmB,EAAE,CAAC;QACnC,MAAM,aAAa,GAAa,EAAE,CAAC;QACnC,IAAI,SAA6B,CAAC;QAElC,MAAM,YAAY,GAAG,CAAC,KAAgB,EAAE,EAAE;YACxC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,IAAI,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;oBAC9B,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAChC,YAAY,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAc,CAAC,CAAC;gBACnD,CAAC;qBAAM,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;oBACpC,KAAK,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAc,EAAE,CAAC;wBACnD,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBACjC,IAAI,IAAI;4BAAE,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACrC,CAAC;gBACH,CAAC;qBAAM,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAC1D,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;gBAChD,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF,YAAY,CAAC,CAAC,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAc,CAAC,CAAC;QAChD,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,CAAC;IAC/C,CAAC;IAEO,YAAY,CAAC,IAAa,EAAE,MAAc;QAChD,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,KAAK,CAAC;QAC5C,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC;QACtC,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;QACvC,MAAM,OAAO,GAAoB,EAAE,CAAC;QACpC,MAAM,UAAU,GAAsB,EAAE,CAAC;QACzC,MAAM,cAAc,GAAa,EAAE,CAAC;QAEpC,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,CAAc,CAAC;QAC5C,KAAK,MAAM,MAAM,IAAI,IAAI,EAAE,CAAC;YAC1B,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC7B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;YACnD,CAAC;iBAAM,IAAI,MAAM,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBAC/C,MAAM,IAAI,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;gBAC1C,IAAI,IAAI;oBAAE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,CAAC;iBAAM,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBACtC,KAAK,MAAM,KAAK,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAc,EAAE,CAAC;oBACvD,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;gBACvC,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC;QAChC,MAAM,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAE,UAAsB,CAAC,IAAI,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAE7F,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IACzG,CAAC;IAEO,aAAa,CAAC,IAAa,EAAE,MAAc;QACjD,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,mBAAmB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACxD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAC;QACxC,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;QAEvC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAsB,CAAC;QAC7C,IAAI,QAAQ,GAAG,EAAE,CAAC;QAClB,IAAI,QAAQ,EAAE,GAAG,EAAE,CAAC;YAClB,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACjC,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,MAAM,GAAG,CAAE,IAA4C,CAAC,SAAS,IAAI,EAAE,CAAC;aAC3E,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAEhC,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC;IAC5E,CAAC;IAEO,eAAe,CAAC,IAAa;QACnC,8DAA8D;QAC9D,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,IAAI,EAAE,CAAc,CAAC;QACjE,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAEpC,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACvB,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAEvB,MAAM,UAAU,GAAG,mBAAmB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACxD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAC;QACxC,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;QACvC,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,KAAgB,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEjG,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;IAC3D,CAAC;IAEO,aAAa,CAAC,IAAa;QACjC,IAAI,CAAC,IAAI;YAAE,OAAO,EAAE,CAAC;QACrB,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;YAClB,KAAK,QAAQ,CAAC,CAAC,OAAO,IAAI,IAAI,CAAC,KAAe,GAAG,CAAC;YAClD,KAAK,QAAQ,CAAC,CAAC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACzC,KAAK,SAAS,CAAC,CAAC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1C,KAAK,aAAa,CAAC,CAAC,OAAO,MAAM,CAAC;YAClC,KAAK,OAAO,CAAC,CAAC,CAAC;gBACb,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAc,CAAC;gBAC9C,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;oBAC/B,iDAAiD;oBACjD,MAAM,QAAQ,GAAI,IAAsC,CAAC,KAAK,IAAI,IAAI,CAAC;oBACvE,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,CAAC,QAAmB,CAAC,CAAC;oBACpD,MAAM,QAAQ,GAAI,IAA2C,CAAC,GAAG,CAAC;oBAClE,OAAO,QAAQ,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;gBACtE,CAAC,CAAC,CAAC;gBACH,OAAO,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;YACjC,CAAC;YACD,KAAK,YAAY,CAAC;YAClB,KAAK,MAAM;gBACT,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC;YACxB;gBACE,OAAO,EAAE,CAAC;QACd,CAAC;IACH,CAAC;CACF"}

package/dist/parsers/RouteParser.d.ts

@@ -0,0 +1,87 @@
+/**
+ * HAVOC Route Parser
+ *
+ * Parses Laravel route files (routes/web.php, routes/api.php, etc.) to extract
+ * route definitions and their associated middleware — including group-inherited
+ * middleware. This data is used by the AuthorizationCoverageAnalyzer to eliminate
+ * false positives where auth/authorization is handled at the route level.
+ */
+export interface RouteInfo {
+    /** HTTP method (GET, POST, PUT, PATCH, DELETE, ANY) or 'resource' */
+    method: string;
+    /** Route URI */
+    uri: string;
+    /** Controller class name (short, without namespace) */
+    controller: string;
+    /** Controller action/method name */
+    action: string;
+    /** All effective middleware applied to this route (including group inheritance) */
+    middleware: string[];
+}
+export interface ParsedRouteFile {
+    /** Source file path (relative) */
+    path: string;
+    /** All extracted route definitions */
+    routes: RouteInfo[];
+}
+export declare function isAuthorizationMiddleware(mw: string): boolean;
+export declare function isAuthenticationMiddleware(mw: string): boolean;
+export declare function hasAuthorizationMiddleware(middleware: string[]): boolean;
+export declare function hasAuthenticationMiddleware(middleware: string[]): boolean;
+export declare function isWebhookHandler(bodyText: string): boolean;
+/**
+ * Regex-based Laravel route file parser.
+ *
+ * Handles:
+ * - Route::get/post/put/patch/delete/any('uri', ...)
+ * - Route::resource('resource', Controller::class)
+ * - Route::middleware([...])->group(function () { ... })
+ * - Nested groups
+ */
+export declare class RouteParser {
+    /**
+     * Parse a single route file's content and return extracted routes.
+     */
+    parseContent(content: string, filePath?: string): ParsedRouteFile;
+    /**
+     * Parse a route file from disk.
+     */
+    parseFile(filePath: string, rootDir?: string): Promise<ParsedRouteFile>;
+    /**
+     * Parse all route files in a Laravel project's routes/ directory.
+     */
+    parseDirectory(projectRoot: string): Promise<ParsedRouteFile[]>;
+    /**
+     * Recursively parse a block of PHP route code, tracking inherited middleware.
+     */
+    private parseBlock;
+    /**
+     * Extract the full chained call text starting at a Route:: position.
+     * Stops at semicolons not inside brackets/parens.
+     */
+    private extractChain;
+    /**
+     * If the chain is a Route::middleware(...)->group(...), extract the middleware list.
+     * Returns null if this is not a group.
+     */
+    private extractGroupMiddleware;
+    /**
+     * Find the closure body of a ->group(function () { ... }) call.
+     */
+    private extractGroupBody;
+    /**
+     * Extract route info from a single Route::method() chain.
+     */
+    private extractRoute;
+}
+/**
+ * Build a lookup map: "ControllerName::action" → RouteInfo[]
+ * Used by analyzers for O(1) route lookups.
+ */
+export declare function buildRouteMap(routeFiles: ParsedRouteFile[]): Map<string, RouteInfo[]>;
+/**
+ * Get all middleware for a given controller action from the route map.
+ * Returns an empty array if the action is not found in any route.
+ */
+export declare function getRouteMiddleware(routeMap: Map<string, RouteInfo[]>, controller: string, action: string): string[];
+//# sourceMappingURL=RouteParser.d.ts.map

package/dist/parsers/RouteParser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"RouteParser.d.ts","sourceRoot":"","sources":["../../src/parsers/RouteParser.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAQH,MAAM,WAAW,SAAS;IACxB,qEAAqE;IACrE,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,uDAAuD;IACvD,UAAU,EAAE,MAAM,CAAC;IACnB,oCAAoC;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,mFAAmF;IACnF,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,kCAAkC;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,sCAAsC;IACtC,MAAM,EAAE,SAAS,EAAE,CAAC;CACrB;AAmBD,wBAAgB,yBAAyB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAE7D;AAED,wBAAgB,0BAA0B,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAE9D;AAED,wBAAgB,0BAA0B,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CAExE;AAED,wBAAgB,2BAA2B,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CAEzE;AAeD,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAE1D;AAkED;;;;;;;;GAQG;AACH,qBAAa,WAAW;IACtB;;OAEG;IACH,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,GAAE,MAAW,GAAG,eAAe;IAMrE;;OAEG;IACG,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAM7E;;OAEG;IACG,cAAc,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAMrE;;OAEG;IACH,OAAO,CAAC,UAAU;IAgClB;;;OAGG;IACH,OAAO,CAAC,YAAY;IAmCpB;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAO9B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAmBxB;;OAEG;IACH,OAAO,CAAC,YAAY;CAoDrB;AAID;;;GAGG;AACH,wBAAgB,aAAa,CAAC,UAAU,EAAE,eAAe,EAAE,GAAG,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,CAAC,CAYrF;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,CAAC,EAClC,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,GACb,MAAM,EAAE,CAKV"}