@kernlang/review 3.1.9 → 3.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cache.js +4 -0
- package/dist/cache.js.map +1 -1
- package/dist/file-context.d.ts +6 -0
- package/dist/file-context.js +6 -1
- package/dist/file-context.js.map +1 -1
- package/dist/rules/a11y.d.ts +10 -0
- package/dist/rules/a11y.js +294 -0
- package/dist/rules/a11y.js.map +1 -0
- package/dist/rules/async.d.ts +8 -0
- package/dist/rules/async.js +154 -0
- package/dist/rules/async.js.map +1 -0
- package/dist/rules/index.d.ts +12 -0
- package/dist/rules/index.js +283 -4
- package/dist/rules/index.js.map +1 -1
- package/dist/rules/ink.js +41 -0
- package/dist/rules/ink.js.map +1 -1
- package/dist/rules/kern-source.js +94 -14
- package/dist/rules/kern-source.js.map +1 -1
- package/dist/rules/nextjs-app-router.d.ts +11 -0
- package/dist/rules/nextjs-app-router.js +277 -0
- package/dist/rules/nextjs-app-router.js.map +1 -0
- package/dist/rules/nextjs.js +77 -1
- package/dist/rules/nextjs.js.map +1 -1
- package/dist/rules/perf.d.ts +11 -0
- package/dist/rules/perf.js +131 -0
- package/dist/rules/perf.js.map +1 -0
- package/dist/rules/react-composition.d.ts +12 -0
- package/dist/rules/react-composition.js +360 -0
- package/dist/rules/react-composition.js.map +1 -0
- package/dist/rules/react-hooks.d.ts +11 -0
- package/dist/rules/react-hooks.js +380 -0
- package/dist/rules/react-hooks.js.map +1 -0
- package/dist/rules/security-v5.d.ts +11 -0
- package/dist/rules/security-v5.js +200 -0
- package/dist/rules/security-v5.js.map +1 -0
- package/dist/rules/utils.d.ts +16 -0
- package/dist/rules/utils.js +46 -0
- package/dist/rules/utils.js.map +1 -1
- package/dist/taint-ast.js +32 -6
- package/dist/taint-ast.js.map +1 -1
- package/dist/taint-findings.js +3 -0
- package/dist/taint-findings.js.map +1 -1
- package/dist/taint-types.d.ts +2 -2
- package/dist/taint-types.js +38 -4
- package/dist/taint-types.js.map +1 -1
- package/dist/types.d.ts +20 -0
- package/dist/types.js.map +1 -1
- package/package.json +2 -2
package/dist/rules/utils.js
CHANGED
|
@@ -6,6 +6,52 @@ import { createFingerprint } from '../types.js';
|
|
|
6
6
|
export function span(file, line, col = 1, endLine, endCol) {
|
|
7
7
|
return { file, startLine: line, startCol: col, endLine: endLine ?? line, endCol: endCol ?? col };
|
|
8
8
|
}
|
|
9
|
+
/**
|
|
10
|
+
* Compute a precise SourceSpan for a ts-morph Node, using 1-based line/column.
|
|
11
|
+
* Used by autofix rules that need character-accurate replacement coordinates.
|
|
12
|
+
*/
|
|
13
|
+
export function nodeSpan(node, file) {
|
|
14
|
+
const sf = node.getSourceFile();
|
|
15
|
+
const start = sf.getLineAndColumnAtPos(node.getStart());
|
|
16
|
+
const end = sf.getLineAndColumnAtPos(node.getEnd());
|
|
17
|
+
return {
|
|
18
|
+
file,
|
|
19
|
+
startLine: start.line,
|
|
20
|
+
startCol: start.column,
|
|
21
|
+
endLine: end.line,
|
|
22
|
+
endCol: end.column,
|
|
23
|
+
};
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* Compute a SourceSpan for the insertion point immediately before a node.
|
|
27
|
+
* For use with FixAction.type === 'insert-before'.
|
|
28
|
+
*/
|
|
29
|
+
export function insertBeforeSpan(node, file) {
|
|
30
|
+
const sf = node.getSourceFile();
|
|
31
|
+
const start = sf.getLineAndColumnAtPos(node.getStart());
|
|
32
|
+
return {
|
|
33
|
+
file,
|
|
34
|
+
startLine: start.line,
|
|
35
|
+
startCol: start.column,
|
|
36
|
+
endLine: start.line,
|
|
37
|
+
endCol: start.column,
|
|
38
|
+
};
|
|
39
|
+
}
|
|
40
|
+
/**
|
|
41
|
+
* Compute a SourceSpan for the insertion point immediately after a node.
|
|
42
|
+
* For use with FixAction.type === 'insert-after'.
|
|
43
|
+
*/
|
|
44
|
+
export function insertAfterSpan(node, file) {
|
|
45
|
+
const sf = node.getSourceFile();
|
|
46
|
+
const end = sf.getLineAndColumnAtPos(node.getEnd());
|
|
47
|
+
return {
|
|
48
|
+
file,
|
|
49
|
+
startLine: end.line,
|
|
50
|
+
startCol: end.column,
|
|
51
|
+
endLine: end.line,
|
|
52
|
+
endCol: end.column,
|
|
53
|
+
};
|
|
54
|
+
}
|
|
9
55
|
export function finding(ruleId, severity, category, message, file, line, col = 1, extra) {
|
|
10
56
|
return {
|
|
11
57
|
source: 'kern',
|
package/dist/rules/utils.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/rules/utils.ts"],"names":[],"mappings":"AAAA;;;GAGG;
|
|
1
|
+
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/rules/utils.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,MAAM,UAAU,IAAI,CAAC,IAAY,EAAE,IAAY,EAAE,GAAG,GAAG,CAAC,EAAE,OAAgB,EAAE,MAAe;IACzF,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,IAAI,IAAI,EAAE,MAAM,EAAE,MAAM,IAAI,GAAG,EAAE,CAAC;AACnG,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,QAAQ,CAAC,IAAU,EAAE,IAAY;IAC/C,MAAM,EAAE,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;IAChC,MAAM,KAAK,GAAG,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IACxD,MAAM,GAAG,GAAG,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACpD,OAAO;QACL,IAAI;QACJ,SAAS,EAAE,KAAK,CAAC,IAAI;QACrB,QAAQ,EAAE,KAAK,CAAC,MAAM;QACtB,OAAO,EAAE,GAAG,CAAC,IAAI;QACjB,MAAM,EAAE,GAAG,CAAC,MAAM;KACnB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAU,EAAE,IAAY;IACvD,MAAM,EAAE,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;IAChC,MAAM,KAAK,GAAG,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IACxD,OAAO;QACL,IAAI;QACJ,SAAS,EAAE,KAAK,CAAC,IAAI;QACrB,QAAQ,EAAE,KAAK,CAAC,MAAM;QACtB,OAAO,EAAE,KAAK,CAAC,IAAI;QACnB,MAAM,EAAE,KAAK,CAAC,MAAM;KACrB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,IAAU,EAAE,IAAY;IACtD,MAAM,EAAE,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;IAChC,MAAM,GAAG,GAAG,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACpD,OAAO;QACL,IAAI;QACJ,SAAS,EAAE,GAAG,CAAC,IAAI;QACnB,QAAQ,EAAE,GAAG,CAAC,MAAM;QACpB,OAAO,EAAE,GAAG,CAAC,IAAI;QACjB,MAAM,EAAE,GAAG,CAAC,MAAM;KACnB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,OAAO,CACrB,MAAc,EACd,QAAsC,EACtC,QAAmC,EACnC,OAAe,EACf,IAAY,EACZ,IAAY,EACZ,GAAG,GAAG,CAAC,EACP,KAA8B;IAE9B,OAAO;QACL,MAAM,EAAE,MAAM;QACd,MAAM;QACN,QAAQ;QACR,QAAQ;QACR,OAAO;QACP,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC;QAClC,WAAW,EAAE,iBAAiB,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC;QACjD,GAAG,KAAK;KACT,CAAC;AACJ,CAAC"}
|
package/dist/taint-ast.js
CHANGED
|
@@ -208,10 +208,10 @@ export function analyzeTaintAST(_inferred, filePath, sourceFile) {
|
|
|
208
208
|
calls.push(n);
|
|
209
209
|
});
|
|
210
210
|
for (const call of calls) {
|
|
211
|
-
const
|
|
212
|
-
|
|
213
|
-
if (!sinkDef)
|
|
211
|
+
const resolved = resolveSinkCategory(call);
|
|
212
|
+
if (!resolved)
|
|
214
213
|
continue;
|
|
214
|
+
const { category: sinkDef, name: calleeName } = resolved;
|
|
215
215
|
// Check if any argument references a tainted variable
|
|
216
216
|
for (const arg of call.getArguments()) {
|
|
217
217
|
const taintedArg = findTaintedIdentifier(arg, taintedNames);
|
|
@@ -249,10 +249,12 @@ export function analyzeTaintAST(_inferred, filePath, sourceFile) {
|
|
|
249
249
|
}
|
|
250
250
|
// Step 3b: Interprocedural — check calls to internal functions that contain sinks
|
|
251
251
|
for (const call of calls) {
|
|
252
|
-
|
|
253
|
-
//
|
|
254
|
-
|
|
252
|
+
// Skip if it's already a known sink (handled above) — use the same
|
|
253
|
+
// full-path-first resolver so qualified sinks like `axios.request` are
|
|
254
|
+
// correctly skipped.
|
|
255
|
+
if (resolveSinkCategory(call))
|
|
255
256
|
continue;
|
|
257
|
+
const calleeName = getCalleeBaseName(call);
|
|
256
258
|
const internalFn = internalSinkMap.get(calleeName);
|
|
257
259
|
if (!internalFn)
|
|
258
260
|
continue;
|
|
@@ -353,6 +355,30 @@ function getCalleeBaseName(call) {
|
|
|
353
355
|
return expr.getName();
|
|
354
356
|
return '';
|
|
355
357
|
}
|
|
358
|
+
/**
|
|
359
|
+
* Resolve the sink category for a call by trying the full dotted path first
|
|
360
|
+
* (e.g., `axios.request` → ssrf) and falling back to the last-segment base
|
|
361
|
+
* name (e.g., `exec` → command). Without this, qualified sinks like
|
|
362
|
+
* `axios.request`, `http.request`, `https.request`, and `undici.request`
|
|
363
|
+
* never match because their base name (`request`) is too generic to register.
|
|
364
|
+
*/
|
|
365
|
+
function resolveSinkCategory(call) {
|
|
366
|
+
const expr = call.getExpression();
|
|
367
|
+
const k = expr.getKindName();
|
|
368
|
+
if (k === 'PropertyAccessExpression') {
|
|
369
|
+
const fullPath = getStaticAccessPath(expr);
|
|
370
|
+
if (fullPath) {
|
|
371
|
+
const byFullPath = SINK_NAMES.get(fullPath);
|
|
372
|
+
if (byFullPath)
|
|
373
|
+
return { category: byFullPath, name: fullPath };
|
|
374
|
+
}
|
|
375
|
+
}
|
|
376
|
+
const baseName = getCalleeBaseName(call);
|
|
377
|
+
const byBase = SINK_NAMES.get(baseName);
|
|
378
|
+
if (byBase)
|
|
379
|
+
return { category: byBase, name: baseName };
|
|
380
|
+
return undefined;
|
|
381
|
+
}
|
|
356
382
|
/** Get the full static access path (e.g., req.query.id). Returns undefined for dynamic access. */
|
|
357
383
|
function getStaticAccessPath(expr) {
|
|
358
384
|
const k = expr.getKindName();
|
package/dist/taint-ast.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"taint-ast.js","sourceRoot":"","sources":["../src/taint-ast.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAOL,UAAU,GACX,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,UAAU,GACX,MAAM,kBAAkB,CAAC;AAG1B,2EAA2E;AAE3E;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAAC,UAAsB;IACzD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAgC,CAAC;IAExD,MAAM,MAAM,GAGP,EAAE,CAAC;IACR,KAAK,MAAM,EAAE,IAAI,UAAU,CAAC,YAAY,EAAE,EAAE,CAAC;QAC3C,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;QAC1B,IAAI,IAAI;YAAE,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IAC5C,CAAC;IACD,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,qBAAqB,EAAE,EAAE,CAAC;QACtD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YACnC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,eAAe,IAAI,IAAI,CAAC,WAAW,EAAE,KAAK,oBAAoB,CAAC,EAAE,CAAC;gBACpG,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,IAAW,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,MAAM,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,EAAE,CAAC,aAAa,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;QAC1B,IAAI,CAAC,IAAI,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAE3C,sDAAsD;QACtD,MAAM,KAAK,GAAwC,EAAE,CAAC;QACtD,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,EAAE;YAC3B,IAAI,CAAC,CAAC,WAAW,EAAE,KAAK,gBAAgB;gBAAE,KAAK,CAAC,IAAI,CAAC,CAAsC,CAAC,CAAC;QAC/F,CAAC,CAAC,CAAC;QAEH,MAAM,mBAAmB,GAAG,IAAI,GAAG,EAAU,CAAC;QAC9C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAsC,CAAC;QAErE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAC3C,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAC3C,IAAI,CAAC,OAAO;gBAAE,SAAS;YAEvB,6DAA6D;YAC7D,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;gBACtC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC;gBAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACvC,MAAM,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;oBACtC,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,SAAS,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,SAAS,GAAG,CAAC,EAAE,CAAC;wBACxG,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;wBAC3B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC;4BAAE,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;wBAC7D,cAAc,CAAC,GAAG,CAAC,CAAC,CAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;oBACtC,CAAC;gBACH,CAAC;YACH,CAAC;YAED,wCAAwC;YACxC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;gBACtC,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,oBAAoB,EAAE,CAAC;oBAC/C,KAAK,MAAM,OAAO,IAAK,GAAW,CAAC,gBAAgB,EAAE,EAAE,CAAC;wBACtD,MAAM,IAAI,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;wBACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;wBAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;4BACvC,MAAM,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;4BACtC,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,SAAS,GAAG,CAAC,EAAE,CAAC;gCACnE,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gCAC3B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC;oCAAE,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;gCAC7D,cAAc,CAAC,GAAG,CAAC,CAAC,CAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;4BACtC,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,mBAAmB,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,cAAc,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,2EAA2E;AAE3E;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,SAAwB,EAAE,QAAgB,EAAE,UAAsB;IAChG,MAAM,OAAO,GAAkB,EAAE,CAAC;IAElC,uEAAuE;IACvE,MAAM,eAAe,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;IAEzD,0DAA0D;IAC1D,MAAM,MAAM,GAGP,EAAE,CAAC;IACR,KAAK,MAAM,EAAE,IAAI,UAAU,CAAC,YAAY,EAAE;QAAE,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;IAC1G,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,qBAAqB,EAAE,EAAE,CAAC;QACtD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YACnC,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBACpC,IAAI,QAAQ,KAAK,eAAe,IAAI,QAAQ,KAAK,oBAAoB,EAAE,CAAC;oBACtE,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAW,EAAE,SAAS,EAAE,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;gBAC3E,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,UAAU,CAAC,UAAU,EAAE,EAAE,CAAC;QAC1C,KAAK,MAAM,MAAM,IAAI,GAAG,CAAC,UAAU,EAAE,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IAED,KAAK,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,MAAM,EAAE,CAAC;QAC7C,MAAM,MAAM,GAAG,EAAE,CAAC,aAAa,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,SAAS,IAAI,EAAE,IAAI,OAAO,EAAE,CAAC,OAAO,KAAK,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,EAAE,IAAI,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC;QAE/G,qDAAqD;QACrD,MAAM,aAAa,GAAkB,EAAE,CAAC;QACxC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;YAC7B,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAChD,IAAI,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACnE,aAAa,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,eAAe,EAAE,CAAC,CAAC;YAC/D,CAAC;QACH,CAAC;QACD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEzC,gEAAgE;QAChE,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;QAC1B,IAAI,CAAC,IAAI;YAAE,SAAS;QAEpB,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAC/D,MAAM,WAAW,GAAG,IAAI,GAAG,EAAuB,CAAC;QACnD,KAAK,MAAM,CAAC,IAAI,aAAa;YAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QAE1D,wEAAwE;QACxE,mEAAmE;QACnE,MAAM,QAAQ,GAA6C,EAAE,CAAC;QAC9D,IAAI,CAAC,iBAAiB,CAAC,CAAC,IAAI,EAAE,EAAE;YAC9B,IAAI,IAAI,CAAC,OAAO,EAAE,KAAK,UAAU,CAAC,mBAAmB,EAAE,CAAC;gBACtD,QAAQ,CAAC,IAAI,CAAC,IAA8C,CAAC,CAAC;YAChE,CAAC;QACH,CAAC,CAAC,CAAC;QACH,8DAA8D;QAC9D,KAAK,IAAI,GAAG,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,CAAC;YACjC,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;gBAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBACpC,MAAM,QAAQ,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;gBAExC,wDAAwD;gBACxD,IAAI,QAAQ,KAAK,YAAY,EAAE,CAAC;oBAC9B,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,EAAE,CAAC;oBACpC,IAAI,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC;wBAAE,SAAS;oBACzC,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;oBACnC,IAAI,CAAC,IAAI;wBAAE,SAAS;oBACpB,IAAI,sBAAsB,CAAC,IAAI,EAAE,YAAY,CAAC,EAAE,CAAC;wBAC/C,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;wBAC3B,MAAM,OAAO,GAAG,qBAAqB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;wBAC1D,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;wBAC9D,MAAM,SAAS,GAAG,MAAM,EAAE,MAAM,CAAC;wBACjC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,IAAI,SAAS,EAAE,CAAC,CAAC;oBAChF,CAAC;gBACH,CAAC;gBAED,oDAAoD;gBACpD,IAAI,QAAQ,KAAK,sBAAsB,EAAE,CAAC;oBACxC,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;oBACnC,IAAI,CAAC,IAAI,IAAI,CAAC,sBAAsB,CAAC,IAAI,EAAE,YAAY,CAAC;wBAAE,SAAS;oBACnE,MAAM,OAAO,GAAG,qBAAqB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;oBAC1D,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;oBAC/D,MAAM,SAAS,GAAG,OAAO,EAAE,MAAM,CAAC;oBAClC,KAAK,MAAM,OAAO,IAAK,QAAgB,CAAC,WAAW,EAAE,EAAE,CAAC;wBACtD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;wBACjC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;4BAC9B,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;4BACzB,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,IAAI,cAAc,EAAE,CAAC,CAAC;wBACjF,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,iDAAiD;gBACjD,IAAI,QAAQ,KAAK,qBAAqB,EAAE,CAAC;oBACvC,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;oBACnC,IAAI,CAAC,IAAI,IAAI,CAAC,sBAAsB,CAAC,IAAI,EAAE,YAAY,CAAC;wBAAE,SAAS;oBACnE,MAAM,OAAO,GAAG,qBAAqB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;oBAC1D,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;oBAC/D,MAAM,SAAS,GAAG,OAAO,EAAE,MAAM,CAAC;oBAClC,KAAK,MAAM,OAAO,IAAK,QAAgB,CAAC,WAAW,EAAE,EAAE,CAAC;wBACtD,IAAI,OAAO,CAAC,WAAW,EAAE,KAAK,gBAAgB,EAAE,CAAC;4BAC/C,MAAM,MAAM,GAAI,OAAe,CAAC,OAAO,EAAE,CAAC;4BAC1C,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gCAC9B,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gCACzB,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,IAAI,cAAc,EAAE,CAAC,CAAC;4BACjF,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,iDAAiD;QACjD,MAAM,KAAK,GAAgB,EAAE,CAAC;QAC9B,MAAM,KAAK,GAAwC,EAAE,CAAC;QACtD,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,EAAE;YAC3B,IAAI,CAAC,CAAC,WAAW,EAAE,KAAK,gBAAgB;gBAAE,KAAK,CAAC,IAAI,CAAC,CAAsC,CAAC,CAAC;QAC/F,CAAC,CAAC,CAAC;QACH,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAC3C,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAC3C,IAAI,CAAC,OAAO;gBAAE,SAAS;YAEvB,sDAAsD;YACtD,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;gBACtC,MAAM,UAAU,GAAG,qBAAqB,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;gBAC5D,IAAI,UAAU,EAAE,CAAC;oBACf,KAAK,CAAC,IAAI,CAAC;wBACT,IAAI,EAAE,UAAU;wBAChB,QAAQ,EAAE,OAAO;wBACjB,UAAU;wBACV,IAAI,EAAE,IAAI,CAAC,kBAAkB,EAAE;qBAChC,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;YAED,wCAAwC;YACxC,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;gBACpD,MAAM,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC1B,OAAO,CAAC,KAAK,oBAAoB,IAAI,CAAC,KAAK,+BAA+B,CAAC;YAC7E,CAAC,CAAC,CAAC;YACH,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;gBAC/B,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,oBAAoB,EAAE,CAAC;oBAC/C,KAAK,MAAM,IAAI,IAAK,GAAW,CAAC,gBAAgB,EAAE,EAAE,CAAC;wBACnD,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;wBAClC,MAAM,UAAU,GAAG,qBAAqB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;wBAC7D,IAAI,UAAU,EAAE,CAAC;4BACf,KAAK,CAAC,IAAI,CAAC;gCACT,IAAI,EAAE,GAAG,UAAU,aAAa;gCAChC,QAAQ,EAAE,OAAO;gCACjB,UAAU;gCACV,IAAI,EAAE,IAAI,CAAC,kBAAkB,EAAE;6BAChC,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,kFAAkF;QAClF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAC3C,oDAAoD;YACpD,IAAI,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC;gBAAE,SAAS;YACzC,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YACnD,IAAI,CAAC,UAAU;gBAAE,SAAS;YAE1B,qEAAqE;YACrE,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;YACrC,KAAK,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC,IAAI,UAAU,CAAC,cAAc,EAAE,CAAC;gBAC/D,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM;oBAAE,SAAS;gBAC1C,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBAC/B,MAAM,UAAU,GAAG,qBAAqB,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;gBAC5D,IAAI,UAAU,EAAE,CAAC;oBACf,yEAAyE;oBACzE,KAAK,MAAM,YAAY,IAAI,UAAU,EAAE,CAAC;wBACtC,KAAK,CAAC,IAAI,CAAC;4BACT,IAAI,EAAE,GAAG,UAAU,SAAS;4BAC5B,QAAQ,EAAE,YAAY;4BACtB,UAAU;4BACV,IAAI,EAAE,IAAI,CAAC,kBAAkB,EAAE;yBAChC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEjC,2CAA2C;QAC3C,MAAM,eAAe,GAAG,iBAAiB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;QAE9D,cAAc;QACd,MAAM,KAAK,GAAgB,EAAE,CAAC;QAC9B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,aAAa,CAAC,CAAC,CAAC,CAAC;YACpE,iFAAiF;YACjF,uFAAuF;YACvF,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;gBAC3C,KAAK,MAAM,EAAE,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC;oBACjC,IAAI,EAAE,KAAK,IAAI,CAAC,UAAU;wBAAE,OAAO,IAAI,CAAC;oBACxC,yDAAyD;oBACzD,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC;wBAAE,OAAO,IAAI,CAAC;gBACxD,CAAC;gBACD,OAAO,KAAK,CAAC;YACf,CAAC,CAAC,CAAC;YACH,MAAM,YAAY,GAAG,SAAS,IAAI,IAAI,CAAC;YACvC,MAAM,UAAU,GAAG,SAAS,IAAI,IAAI,CAAC,CAAC,CAAC,qBAAqB,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YAEpG,KAAK,CAAC,IAAI,CAAC;gBACT,MAAM;gBACN,IAAI;gBACJ,SAAS,EAAE,YAAY,IAAI,UAAU;gBACrC,SAAS,EAAE,SAAS,EAAE,IAAI;gBAC1B,qBAAqB,EAAE,YAAY,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;aAChF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,2EAA2E;AAE3E,kEAAkE;AAClE,SAAS,sBAAsB,CAAC,IAAU,EAAE,YAAyB;IACnE,MAAM,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAC7B,IAAI,CAAC,KAAK,YAAY,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QAAE,OAAO,IAAI,CAAC;IACxE,IAAI,CAAC,KAAK,0BAA0B,EAAE,CAAC;QACrC,OAAO,sBAAsB,CAAE,IAAY,CAAC,aAAa,EAAE,EAAE,YAAY,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,CAAC,KAAK,yBAAyB,EAAE,CAAC;QACpC,OAAO,sBAAsB,CAAE,IAAY,CAAC,aAAa,EAAE,EAAE,YAAY,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,CAAC,KAAK,gBAAgB,EAAE,CAAC;QAC3B,IAAI,sBAAsB,CAAE,IAAY,CAAC,aAAa,EAAE,EAAE,YAAY,CAAC;YAAE,OAAO,IAAI,CAAC;QACrF,KAAK,MAAM,GAAG,IAAK,IAAY,CAAC,YAAY,EAAE,EAAE,CAAC;YAC/C,IAAI,sBAAsB,CAAC,GAAG,EAAE,YAAY,CAAC;gBAAE,OAAO,IAAI,CAAC;QAC7D,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC,KAAK,iBAAiB,EAAE,CAAC;QAC5B,OAAO,sBAAsB,CAAE,IAAY,CAAC,aAAa,EAAE,EAAE,YAAY,CAAC,CAAC;IAC7E,CAAC;IACD,6CAA6C;IAC7C,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;QACvC,IAAI,sBAAsB,CAAC,KAAK,EAAE,YAAY,CAAC;YAAE,OAAO,IAAI,CAAC;IAC/D,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,sFAAsF;AACtF,SAAS,iBAAiB,CAAC,IAAuC;IAChE,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;IAClC,MAAM,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAC7B,IAAI,CAAC,KAAK,YAAY;QAAE,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC;IAC9C,IAAI,CAAC,KAAK,0BAA0B;QAAE,OAAQ,IAAY,CAAC,OAAO,EAAE,CAAC;IACrE,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,kGAAkG;AAClG,SAAS,mBAAmB,CAAC,IAAU;IACrC,MAAM,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAC7B,IAAI,CAAC,KAAK,YAAY;QAAE,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC;IAC9C,IAAI,CAAC,KAAK,0BAA0B,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,mBAAmB,CAAE,IAAY,CAAC,aAAa,EAAE,CAAC,CAAC;QAC/D,IAAI,GAAG;YAAE,OAAO,GAAG,GAAG,IAAK,IAAY,CAAC,OAAO,EAAE,EAAE,CAAC;IACtD,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,8DAA8D;AAC9D,SAAS,qBAAqB,CAAC,IAAU,EAAE,YAAyB;IAClE,MAAM,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAC7B,IAAI,CAAC,KAAK,YAAY,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QAAE,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC;IAClF,IAAI,CAAC,KAAK,0BAA0B,EAAE,CAAC;QACrC,OAAO,qBAAqB,CAAE,IAAY,CAAC,aAAa,EAAE,EAAE,YAAY,CAAC,CAAC;IAC5E,CAAC;IACD,sEAAsE;IACtE,IAAI,CAAC,KAAK,kBAAkB,EAAE,CAAC;QAC7B,OAAO,CACL,qBAAqB,CAAE,IAAY,CAAC,OAAO,EAAE,EAAE,YAAY,CAAC;YAC5D,qBAAqB,CAAE,IAAY,CAAC,QAAQ,EAAE,EAAE,YAAY,CAAC,CAC9D,CAAC;IACJ,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,qBAAqB,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;QACzD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;IAC1B,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,oCAAoC;AACpC,SAAS,iBAAiB,CAAC,IAAU,EAAE,YAAyB;IAC9D,MAAM,UAAU,GAAwD,EAAE,CAAC;IAE3E,MAAM,QAAQ,GAAwC,EAAE,CAAC;IACzD,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,EAAE;QAC3B,IAAI,CAAC,CAAC,WAAW,EAAE,KAAK,gBAAgB;YAAE,QAAQ,CAAC,IAAI,CAAC,CAAsC,CAAC,CAAC;IAClG,CAAC,CAAC,CAAC;IACH,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAC3C,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QACrF,IAAI,CAAC,gBAAgB;YAAE,SAAS;QAEhC,sDAAsD;QACtD,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;QACxC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;YACtC,2FAA2F;YAC3F,MAAM,QAAQ,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAC1C,IAAI,QAAQ,IAAI,qBAAqB,CAAC,GAAG,EAAE,YAAY,CAAC,EAAE,CAAC;gBACzD,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC9B,CAAC;iBAAM,CAAC;gBACN,MAAM,OAAO,GAAG,qBAAqB,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;gBACzD,IAAI,OAAO;oBAAE,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;QAED,mFAAmF;QACnF,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAChC,IAAI,MAAM,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,qBAAqB,EAAE,CAAC;YAC7D,MAAM,QAAQ,GAAI,MAAc,CAAC,OAAO,EAAE,CAAC;YAC3C,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC9B,CAAC;QAED,IAAI,aAAa,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC3B,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,aAAa,EAAE,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC"}
|
|
1
|
+
{"version":3,"file":"taint-ast.js","sourceRoot":"","sources":["../src/taint-ast.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAOL,UAAU,GACX,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,UAAU,GACX,MAAM,kBAAkB,CAAC;AAG1B,2EAA2E;AAE3E;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAAC,UAAsB;IACzD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAgC,CAAC;IAExD,MAAM,MAAM,GAGP,EAAE,CAAC;IACR,KAAK,MAAM,EAAE,IAAI,UAAU,CAAC,YAAY,EAAE,EAAE,CAAC;QAC3C,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;QAC1B,IAAI,IAAI;YAAE,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IAC5C,CAAC;IACD,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,qBAAqB,EAAE,EAAE,CAAC;QACtD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YACnC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,eAAe,IAAI,IAAI,CAAC,WAAW,EAAE,KAAK,oBAAoB,CAAC,EAAE,CAAC;gBACpG,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,IAAW,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,MAAM,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,EAAE,CAAC,aAAa,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;QAC1B,IAAI,CAAC,IAAI,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAE3C,sDAAsD;QACtD,MAAM,KAAK,GAAwC,EAAE,CAAC;QACtD,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,EAAE;YAC3B,IAAI,CAAC,CAAC,WAAW,EAAE,KAAK,gBAAgB;gBAAE,KAAK,CAAC,IAAI,CAAC,CAAsC,CAAC,CAAC;QAC/F,CAAC,CAAC,CAAC;QAEH,MAAM,mBAAmB,GAAG,IAAI,GAAG,EAAU,CAAC;QAC9C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAsC,CAAC;QAErE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAC3C,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAC3C,IAAI,CAAC,OAAO;gBAAE,SAAS;YAEvB,6DAA6D;YAC7D,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;gBACtC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC;gBAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACvC,MAAM,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;oBACtC,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,SAAS,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,SAAS,GAAG,CAAC,EAAE,CAAC;wBACxG,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;wBAC3B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC;4BAAE,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;wBAC7D,cAAc,CAAC,GAAG,CAAC,CAAC,CAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;oBACtC,CAAC;gBACH,CAAC;YACH,CAAC;YAED,wCAAwC;YACxC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;gBACtC,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,oBAAoB,EAAE,CAAC;oBAC/C,KAAK,MAAM,OAAO,IAAK,GAAW,CAAC,gBAAgB,EAAE,EAAE,CAAC;wBACtD,MAAM,IAAI,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;wBACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;wBAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;4BACvC,MAAM,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;4BACtC,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,SAAS,GAAG,CAAC,EAAE,CAAC;gCACnE,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gCAC3B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC;oCAAE,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;gCAC7D,cAAc,CAAC,GAAG,CAAC,CAAC,CAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;4BACtC,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,mBAAmB,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,cAAc,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,2EAA2E;AAE3E;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,SAAwB,EAAE,QAAgB,EAAE,UAAsB;IAChG,MAAM,OAAO,GAAkB,EAAE,CAAC;IAElC,uEAAuE;IACvE,MAAM,eAAe,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;IAEzD,0DAA0D;IAC1D,MAAM,MAAM,GAGP,EAAE,CAAC;IACR,KAAK,MAAM,EAAE,IAAI,UAAU,CAAC,YAAY,EAAE;QAAE,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;IAC1G,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,qBAAqB,EAAE,EAAE,CAAC;QACtD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;YAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YACnC,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBACpC,IAAI,QAAQ,KAAK,eAAe,IAAI,QAAQ,KAAK,oBAAoB,EAAE,CAAC;oBACtE,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAW,EAAE,SAAS,EAAE,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;gBAC3E,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,UAAU,CAAC,UAAU,EAAE,EAAE,CAAC;QAC1C,KAAK,MAAM,MAAM,IAAI,GAAG,CAAC,UAAU,EAAE,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IAED,KAAK,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,MAAM,EAAE,CAAC;QAC7C,MAAM,MAAM,GAAG,EAAE,CAAC,aAAa,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,SAAS,IAAI,EAAE,IAAI,OAAO,EAAE,CAAC,OAAO,KAAK,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,EAAE,IAAI,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC;QAE/G,qDAAqD;QACrD,MAAM,aAAa,GAAkB,EAAE,CAAC;QACxC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;YAC7B,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAChD,IAAI,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACnE,aAAa,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,eAAe,EAAE,CAAC,CAAC;YAC/D,CAAC;QACH,CAAC;QACD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEzC,gEAAgE;QAChE,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;QAC1B,IAAI,CAAC,IAAI;YAAE,SAAS;QAEpB,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAC/D,MAAM,WAAW,GAAG,IAAI,GAAG,EAAuB,CAAC;QACnD,KAAK,MAAM,CAAC,IAAI,aAAa;YAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QAE1D,wEAAwE;QACxE,mEAAmE;QACnE,MAAM,QAAQ,GAA6C,EAAE,CAAC;QAC9D,IAAI,CAAC,iBAAiB,CAAC,CAAC,IAAI,EAAE,EAAE;YAC9B,IAAI,IAAI,CAAC,OAAO,EAAE,KAAK,UAAU,CAAC,mBAAmB,EAAE,CAAC;gBACtD,QAAQ,CAAC,IAAI,CAAC,IAA8C,CAAC,CAAC;YAChE,CAAC;QACH,CAAC,CAAC,CAAC;QACH,8DAA8D;QAC9D,KAAK,IAAI,GAAG,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,CAAC;YACjC,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;gBAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBACpC,MAAM,QAAQ,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;gBAExC,wDAAwD;gBACxD,IAAI,QAAQ,KAAK,YAAY,EAAE,CAAC;oBAC9B,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,EAAE,CAAC;oBACpC,IAAI,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC;wBAAE,SAAS;oBACzC,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;oBACnC,IAAI,CAAC,IAAI;wBAAE,SAAS;oBACpB,IAAI,sBAAsB,CAAC,IAAI,EAAE,YAAY,CAAC,EAAE,CAAC;wBAC/C,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;wBAC3B,MAAM,OAAO,GAAG,qBAAqB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;wBAC1D,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;wBAC9D,MAAM,SAAS,GAAG,MAAM,EAAE,MAAM,CAAC;wBACjC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,IAAI,SAAS,EAAE,CAAC,CAAC;oBAChF,CAAC;gBACH,CAAC;gBAED,oDAAoD;gBACpD,IAAI,QAAQ,KAAK,sBAAsB,EAAE,CAAC;oBACxC,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;oBACnC,IAAI,CAAC,IAAI,IAAI,CAAC,sBAAsB,CAAC,IAAI,EAAE,YAAY,CAAC;wBAAE,SAAS;oBACnE,MAAM,OAAO,GAAG,qBAAqB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;oBAC1D,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;oBAC/D,MAAM,SAAS,GAAG,OAAO,EAAE,MAAM,CAAC;oBAClC,KAAK,MAAM,OAAO,IAAK,QAAgB,CAAC,WAAW,EAAE,EAAE,CAAC;wBACtD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;wBACjC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;4BAC9B,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;4BACzB,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,IAAI,cAAc,EAAE,CAAC,CAAC;wBACjF,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,iDAAiD;gBACjD,IAAI,QAAQ,KAAK,qBAAqB,EAAE,CAAC;oBACvC,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;oBACnC,IAAI,CAAC,IAAI,IAAI,CAAC,sBAAsB,CAAC,IAAI,EAAE,YAAY,CAAC;wBAAE,SAAS;oBACnE,MAAM,OAAO,GAAG,qBAAqB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;oBAC1D,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;oBAC/D,MAAM,SAAS,GAAG,OAAO,EAAE,MAAM,CAAC;oBAClC,KAAK,MAAM,OAAO,IAAK,QAAgB,CAAC,WAAW,EAAE,EAAE,CAAC;wBACtD,IAAI,OAAO,CAAC,WAAW,EAAE,KAAK,gBAAgB,EAAE,CAAC;4BAC/C,MAAM,MAAM,GAAI,OAAe,CAAC,OAAO,EAAE,CAAC;4BAC1C,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gCAC9B,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gCACzB,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,IAAI,cAAc,EAAE,CAAC,CAAC;4BACjF,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,iDAAiD;QACjD,MAAM,KAAK,GAAgB,EAAE,CAAC;QAC9B,MAAM,KAAK,GAAwC,EAAE,CAAC;QACtD,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,EAAE;YAC3B,IAAI,CAAC,CAAC,WAAW,EAAE,KAAK,gBAAgB;gBAAE,KAAK,CAAC,IAAI,CAAC,CAAsC,CAAC,CAAC;QAC/F,CAAC,CAAC,CAAC;QACH,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;YAC3C,IAAI,CAAC,QAAQ;gBAAE,SAAS;YACxB,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,QAAQ,CAAC;YAEzD,sDAAsD;YACtD,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;gBACtC,MAAM,UAAU,GAAG,qBAAqB,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;gBAC5D,IAAI,UAAU,EAAE,CAAC;oBACf,KAAK,CAAC,IAAI,CAAC;wBACT,IAAI,EAAE,UAAU;wBAChB,QAAQ,EAAE,OAAO;wBACjB,UAAU;wBACV,IAAI,EAAE,IAAI,CAAC,kBAAkB,EAAE;qBAChC,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;YAED,wCAAwC;YACxC,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;gBACpD,MAAM,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC1B,OAAO,CAAC,KAAK,oBAAoB,IAAI,CAAC,KAAK,+BAA+B,CAAC;YAC7E,CAAC,CAAC,CAAC;YACH,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;gBAC/B,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,oBAAoB,EAAE,CAAC;oBAC/C,KAAK,MAAM,IAAI,IAAK,GAAW,CAAC,gBAAgB,EAAE,EAAE,CAAC;wBACnD,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;wBAClC,MAAM,UAAU,GAAG,qBAAqB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;wBAC7D,IAAI,UAAU,EAAE,CAAC;4BACf,KAAK,CAAC,IAAI,CAAC;gCACT,IAAI,EAAE,GAAG,UAAU,aAAa;gCAChC,QAAQ,EAAE,OAAO;gCACjB,UAAU;gCACV,IAAI,EAAE,IAAI,CAAC,kBAAkB,EAAE;6BAChC,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,kFAAkF;QAClF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,mEAAmE;YACnE,uEAAuE;YACvE,qBAAqB;YACrB,IAAI,mBAAmB,CAAC,IAAI,CAAC;gBAAE,SAAS;YACxC,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAC3C,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YACnD,IAAI,CAAC,UAAU;gBAAE,SAAS;YAE1B,qEAAqE;YACrE,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;YACrC,KAAK,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC,IAAI,UAAU,CAAC,cAAc,EAAE,CAAC;gBAC/D,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM;oBAAE,SAAS;gBAC1C,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBAC/B,MAAM,UAAU,GAAG,qBAAqB,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;gBAC5D,IAAI,UAAU,EAAE,CAAC;oBACf,yEAAyE;oBACzE,KAAK,MAAM,YAAY,IAAI,UAAU,EAAE,CAAC;wBACtC,KAAK,CAAC,IAAI,CAAC;4BACT,IAAI,EAAE,GAAG,UAAU,SAAS;4BAC5B,QAAQ,EAAE,YAAY;4BACtB,UAAU;4BACV,IAAI,EAAE,IAAI,CAAC,kBAAkB,EAAE;yBAChC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEjC,2CAA2C;QAC3C,MAAM,eAAe,GAAG,iBAAiB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;QAE9D,cAAc;QACd,MAAM,KAAK,GAAgB,EAAE,CAAC;QAC9B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,aAAa,CAAC,CAAC,CAAC,CAAC;YACpE,iFAAiF;YACjF,uFAAuF;YACvF,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;gBAC3C,KAAK,MAAM,EAAE,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC;oBACjC,IAAI,EAAE,KAAK,IAAI,CAAC,UAAU;wBAAE,OAAO,IAAI,CAAC;oBACxC,yDAAyD;oBACzD,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC;wBAAE,OAAO,IAAI,CAAC;gBACxD,CAAC;gBACD,OAAO,KAAK,CAAC;YACf,CAAC,CAAC,CAAC;YACH,MAAM,YAAY,GAAG,SAAS,IAAI,IAAI,CAAC;YACvC,MAAM,UAAU,GAAG,SAAS,IAAI,IAAI,CAAC,CAAC,CAAC,qBAAqB,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YAEpG,KAAK,CAAC,IAAI,CAAC;gBACT,MAAM;gBACN,IAAI;gBACJ,SAAS,EAAE,YAAY,IAAI,UAAU;gBACrC,SAAS,EAAE,SAAS,EAAE,IAAI;gBAC1B,qBAAqB,EAAE,YAAY,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;aAChF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,2EAA2E;AAE3E,kEAAkE;AAClE,SAAS,sBAAsB,CAAC,IAAU,EAAE,YAAyB;IACnE,MAAM,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAC7B,IAAI,CAAC,KAAK,YAAY,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QAAE,OAAO,IAAI,CAAC;IACxE,IAAI,CAAC,KAAK,0BAA0B,EAAE,CAAC;QACrC,OAAO,sBAAsB,CAAE,IAAY,CAAC,aAAa,EAAE,EAAE,YAAY,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,CAAC,KAAK,yBAAyB,EAAE,CAAC;QACpC,OAAO,sBAAsB,CAAE,IAAY,CAAC,aAAa,EAAE,EAAE,YAAY,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,CAAC,KAAK,gBAAgB,EAAE,CAAC;QAC3B,IAAI,sBAAsB,CAAE,IAAY,CAAC,aAAa,EAAE,EAAE,YAAY,CAAC;YAAE,OAAO,IAAI,CAAC;QACrF,KAAK,MAAM,GAAG,IAAK,IAAY,CAAC,YAAY,EAAE,EAAE,CAAC;YAC/C,IAAI,sBAAsB,CAAC,GAAG,EAAE,YAAY,CAAC;gBAAE,OAAO,IAAI,CAAC;QAC7D,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC,KAAK,iBAAiB,EAAE,CAAC;QAC5B,OAAO,sBAAsB,CAAE,IAAY,CAAC,aAAa,EAAE,EAAE,YAAY,CAAC,CAAC;IAC7E,CAAC;IACD,6CAA6C;IAC7C,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;QACvC,IAAI,sBAAsB,CAAC,KAAK,EAAE,YAAY,CAAC;YAAE,OAAO,IAAI,CAAC;IAC/D,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,sFAAsF;AACtF,SAAS,iBAAiB,CAAC,IAAuC;IAChE,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;IAClC,MAAM,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAC7B,IAAI,CAAC,KAAK,YAAY;QAAE,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC;IAC9C,IAAI,CAAC,KAAK,0BAA0B;QAAE,OAAQ,IAAY,CAAC,OAAO,EAAE,CAAC;IACrE,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,mBAAmB,CAAC,IAAuC;IAMlE,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;IAClC,MAAM,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAC7B,IAAI,CAAC,KAAK,0BAA0B,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAC3C,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC5C,IAAI,UAAU;gBAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAClE,CAAC;IACH,CAAC;IACD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACxC,IAAI,MAAM;QAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IACxD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,kGAAkG;AAClG,SAAS,mBAAmB,CAAC,IAAU;IACrC,MAAM,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAC7B,IAAI,CAAC,KAAK,YAAY;QAAE,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC;IAC9C,IAAI,CAAC,KAAK,0BAA0B,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,mBAAmB,CAAE,IAAY,CAAC,aAAa,EAAE,CAAC,CAAC;QAC/D,IAAI,GAAG;YAAE,OAAO,GAAG,GAAG,IAAK,IAAY,CAAC,OAAO,EAAE,EAAE,CAAC;IACtD,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,8DAA8D;AAC9D,SAAS,qBAAqB,CAAC,IAAU,EAAE,YAAyB;IAClE,MAAM,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAC7B,IAAI,CAAC,KAAK,YAAY,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QAAE,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC;IAClF,IAAI,CAAC,KAAK,0BAA0B,EAAE,CAAC;QACrC,OAAO,qBAAqB,CAAE,IAAY,CAAC,aAAa,EAAE,EAAE,YAAY,CAAC,CAAC;IAC5E,CAAC;IACD,sEAAsE;IACtE,IAAI,CAAC,KAAK,kBAAkB,EAAE,CAAC;QAC7B,OAAO,CACL,qBAAqB,CAAE,IAAY,CAAC,OAAO,EAAE,EAAE,YAAY,CAAC;YAC5D,qBAAqB,CAAE,IAAY,CAAC,QAAQ,EAAE,EAAE,YAAY,CAAC,CAC9D,CAAC;IACJ,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,qBAAqB,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;QACzD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;IAC1B,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,oCAAoC;AACpC,SAAS,iBAAiB,CAAC,IAAU,EAAE,YAAyB;IAC9D,MAAM,UAAU,GAAwD,EAAE,CAAC;IAE3E,MAAM,QAAQ,GAAwC,EAAE,CAAC;IACzD,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,EAAE;QAC3B,IAAI,CAAC,CAAC,WAAW,EAAE,KAAK,gBAAgB;YAAE,QAAQ,CAAC,IAAI,CAAC,CAAsC,CAAC,CAAC;IAClG,CAAC,CAAC,CAAC;IACH,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAC3C,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QACrF,IAAI,CAAC,gBAAgB;YAAE,SAAS;QAEhC,sDAAsD;QACtD,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;QACxC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;YACtC,2FAA2F;YAC3F,MAAM,QAAQ,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAC1C,IAAI,QAAQ,IAAI,qBAAqB,CAAC,GAAG,EAAE,YAAY,CAAC,EAAE,CAAC;gBACzD,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC9B,CAAC;iBAAM,CAAC;gBACN,MAAM,OAAO,GAAG,qBAAqB,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;gBACzD,IAAI,OAAO;oBAAE,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;QAED,mFAAmF;QACnF,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAChC,IAAI,MAAM,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,qBAAqB,EAAE,CAAC;YAC7D,MAAM,QAAQ,GAAI,MAAc,CAAC,OAAO,EAAE,CAAC;YAC3C,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC9B,CAAC;QAED,IAAI,aAAa,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC3B,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,aAAa,EAAE,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC"}
|
package/dist/taint-findings.js
CHANGED
|
@@ -14,6 +14,7 @@ const categoryLabels = {
|
|
|
14
14
|
eval: 'code injection',
|
|
15
15
|
template: 'template injection',
|
|
16
16
|
codegen: 'code generation injection',
|
|
17
|
+
ssrf: 'server-side request forgery',
|
|
17
18
|
};
|
|
18
19
|
export function getSuggestion(category) {
|
|
19
20
|
switch (category) {
|
|
@@ -31,6 +32,8 @@ export function getSuggestion(category) {
|
|
|
31
32
|
return 'Sanitize user input before embedding in templates';
|
|
32
33
|
case 'codegen':
|
|
33
34
|
return 'Validate type and format of external values before interpolating into generated source code (e.g., parseInt for numeric values)';
|
|
35
|
+
case 'ssrf':
|
|
36
|
+
return 'Validate the target URL against a host allowlist before making outbound requests — encodeURIComponent is NOT sufficient';
|
|
34
37
|
}
|
|
35
38
|
}
|
|
36
39
|
// ── Intra-File Findings ─────────────────────────────────────────────────
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"taint-findings.js","sourceRoot":"","sources":["../src/taint-findings.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE/C,2EAA2E;AAE3E,MAAM,cAAc,GAA0C;IAC5D,OAAO,EAAE,mBAAmB;IAC5B,EAAE,EAAE,6BAA6B;IACjC,GAAG,EAAE,eAAe;IACpB,QAAQ,EAAE,eAAe;IACzB,IAAI,EAAE,gBAAgB;IACtB,QAAQ,EAAE,oBAAoB;IAC9B,OAAO,EAAE,2BAA2B;
|
|
1
|
+
{"version":3,"file":"taint-findings.js","sourceRoot":"","sources":["../src/taint-findings.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE/C,2EAA2E;AAE3E,MAAM,cAAc,GAA0C;IAC5D,OAAO,EAAE,mBAAmB;IAC5B,EAAE,EAAE,6BAA6B;IACjC,GAAG,EAAE,eAAe;IACpB,QAAQ,EAAE,eAAe;IACzB,IAAI,EAAE,gBAAgB;IACtB,QAAQ,EAAE,oBAAoB;IAC9B,OAAO,EAAE,2BAA2B;IACpC,IAAI,EAAE,6BAA6B;CACpC,CAAC;AAEF,MAAM,UAAU,aAAa,CAAC,QAA+B;IAC3D,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,SAAS;YACZ,OAAO,qFAAqF,CAAC;QAC/F,KAAK,IAAI;YACP,OAAO,4FAA4F,CAAC;QACtG,KAAK,KAAK;YACR,OAAO,mEAAmE,CAAC;QAC7E,KAAK,UAAU;YACb,OAAO,iEAAiE,CAAC;QAC3E,KAAK,MAAM;YACT,OAAO,2EAA2E,CAAC;QACrF,KAAK,UAAU;YACb,OAAO,mDAAmD,CAAC;QAC7D,KAAK,SAAS;YACZ,OAAO,iIAAiI,CAAC;QAC3I,KAAK,MAAM;YACT,OAAO,yHAAyH,CAAC;IACrI,CAAC;AACH,CAAC;AAED,2EAA2E;AAE3E;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,OAAsB;IACpD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,4DAA4D;QAC5D,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QACvD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEtC,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,MAAM,QAAQ,GACZ,IAAI,CAAC,IAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM;gBAC/D,CAAC,CAAE,OAAiB;gBACpB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,KAAK,SAAS;oBAChC,CAAC,CAAE,SAAmB,CAAC,gFAAgF;oBACvG,CAAC,CAAE,SAAmB,CAAC;YAE7B,MAAM,WAAW,GAAe;gBAC9B,IAAI,EAAE,CAAC,CAAC,QAAQ;gBAChB,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,QAAQ,EAAE,CAAC;gBACX,OAAO,EAAE,CAAC,CAAC,SAAS;gBACpB,MAAM,EAAE,CAAC;aACV,CAAC;YAEF,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBAC/B,iDAAiD;gBACjD,QAAQ,CAAC,IAAI,CAAC;oBACZ,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,8BAA8B;oBACtC,QAAQ;oBACR,QAAQ,EAAE,KAAK;oBACf,OAAO,EACL,4BAA4B,IAAI,CAAC,qBAAqB,8BAA8B,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI;wBAC1H,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,0BAA0B;oBACrE,WAAW;oBACX,UAAU,EAAE,GAAG,IAAI,CAAC,qBAAqB,0BAA0B,IAAI,CAAC,IAAI,CAAC,QAAQ,WAAW,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;oBACnI,WAAW,EAAE,iBAAiB,CAAC,oBAAoB,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;iBACrE,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,sBAAsB;gBACtB,QAAQ,CAAC,IAAI,CAAC;oBACZ,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,SAAS,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE;oBACrC,QAAQ;oBACR,QAAQ,EAAE,KAAK;oBACf,OAAO,EACL,eAAe,IAAI,CAAC,MAAM,CAAC,MAAM,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,kBAAkB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI;wBAC7G,aAAa,IAAI,CAAC,IAAI,CAAC,UAAU,gDAAgD;oBACnF,WAAW;oBACX,UAAU,EAAE,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;oBAC7C,WAAW,EAAE,iBAAiB,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;iBAC9E,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,2EAA2E;AAE3E;;GAEG;AACH,MAAM,UAAU,wBAAwB,CAAC,OAA+B;IACtE,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,QAAQ,GACZ,CAAC,CAAC,YAAY,CAAC,QAAQ,KAAK,SAAS,IAAI,CAAC,CAAC,YAAY,CAAC,QAAQ,KAAK,MAAM;YACzE,CAAC,CAAE,OAAiB;YACpB,CAAC,CAAE,SAAmB,CAAC;QAE3B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,mBAAmB,CAAC,CAAC,YAAY,CAAC,QAAQ,EAAE;YACpD,QAAQ;YACR,QAAQ,EAAE,KAAK;YACf,OAAO,EACL,qBAAqB,CAAC,CAAC,MAAM,CAAC,MAAM,OAAO,CAAC,CAAC,QAAQ,QAAQ,CAAC,CAAC,QAAQ,QAAQ,CAAC,CAAC,YAAY,CAAC,IAAI,MAAM;gBACxG,+CAA+C,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ;YAChG,WAAW,EAAE;gBACX,IAAI,EAAE,CAAC,CAAC,UAAU;gBAClB,SAAS,EAAE,CAAC,CAAC,UAAU;gBACvB,QAAQ,EAAE,CAAC;gBACX,OAAO,EAAE,CAAC,CAAC,UAAU;gBACrB,MAAM,EAAE,CAAC;aACV;YACD,YAAY,EAAE;gBACZ;oBACE,IAAI,EAAE,CAAC,CAAC,UAAU;oBAClB,SAAS,EAAE,CAAC;oBACZ,QAAQ,EAAE,CAAC;oBACX,OAAO,EAAE,CAAC;oBACV,MAAM,EAAE,CAAC;iBACV;aACF;YACD,UAAU,EAAE,aAAa,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,QAAQ,OAAO,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE;YACjI,WAAW,EAAE,iBAAiB,CAAC,eAAe,CAAC,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC;SAC1F,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
package/dist/taint-types.d.ts
CHANGED
|
@@ -8,7 +8,7 @@ export interface TaintSource {
|
|
|
8
8
|
}
|
|
9
9
|
export interface TaintSink {
|
|
10
10
|
name: string;
|
|
11
|
-
category: 'command' | 'fs' | 'sql' | 'redirect' | 'eval' | 'template' | 'codegen';
|
|
11
|
+
category: 'command' | 'fs' | 'sql' | 'redirect' | 'eval' | 'template' | 'codegen' | 'ssrf';
|
|
12
12
|
taintedArg: string;
|
|
13
13
|
line?: number;
|
|
14
14
|
}
|
|
@@ -124,5 +124,5 @@ export type SinkCategory = TaintSink['category'];
|
|
|
124
124
|
* a mismatch (e.g., parseInt used to "sanitize" command injection).
|
|
125
125
|
*/
|
|
126
126
|
export declare function isSanitizerSufficient(sanitizerName: string, sinkCategory: SinkCategory): boolean;
|
|
127
|
-
export declare const SINK_NAMES: Map<string, "command" | "fs" | "sql" | "redirect" | "eval" | "template" | "codegen">;
|
|
127
|
+
export declare const SINK_NAMES: Map<string, "command" | "fs" | "sql" | "redirect" | "eval" | "template" | "codegen" | "ssrf">;
|
|
128
128
|
export declare const SANITIZER_PATTERN_NAMES: string[];
|
package/dist/taint-types.js
CHANGED
|
@@ -60,6 +60,24 @@ export const SINK_PATTERNS = [
|
|
|
60
60
|
{ pattern: /\blines\.push\s*\(`/, name: 'lines.push(template)', category: 'codegen' },
|
|
61
61
|
{ pattern: /\bhelperBlock\.push\s*\(`/, name: 'helperBlock.push(template)', category: 'codegen' },
|
|
62
62
|
{ pattern: /\bcode\s*\+=\s*`/, name: 'code += template', category: 'codegen' },
|
|
63
|
+
// SSRF — outbound HTTP request sinks
|
|
64
|
+
{ pattern: /\bfetch\s*\(/, name: 'fetch', category: 'ssrf' },
|
|
65
|
+
{ pattern: /\baxios\s*\(/, name: 'axios', category: 'ssrf' },
|
|
66
|
+
{ pattern: /\baxios\.(get|post|put|delete|patch|head|request)\s*\(/, name: 'axios.request', category: 'ssrf' },
|
|
67
|
+
{ pattern: /\bgot\s*\(/, name: 'got', category: 'ssrf' },
|
|
68
|
+
{ pattern: /\bgot\.(get|post|put|delete|patch|head)\s*\(/, name: 'got.request', category: 'ssrf' },
|
|
69
|
+
{ pattern: /\bhttp\.request\s*\(/, name: 'http.request', category: 'ssrf' },
|
|
70
|
+
{ pattern: /\bhttps\.request\s*\(/, name: 'https.request', category: 'ssrf' },
|
|
71
|
+
{ pattern: /\bundici\.(fetch|request)\s*\(/, name: 'undici.request', category: 'ssrf' },
|
|
72
|
+
// SQL — raw query sinks beyond generic `query`
|
|
73
|
+
{ pattern: /\$queryRawUnsafe\s*\(/, name: '$queryRawUnsafe', category: 'sql' },
|
|
74
|
+
{ pattern: /\$queryRaw\s*\(/, name: '$queryRaw', category: 'sql' },
|
|
75
|
+
{ pattern: /\bsequelize\.query\s*\(/, name: 'sequelize.query', category: 'sql' },
|
|
76
|
+
// NOTE: crypto sinks are handled by bespoke rules in rules/security-v5.ts
|
|
77
|
+
// (crypto-iv-reuse, crypto-weak-kdf). Adding them as generic taint sinks
|
|
78
|
+
// would flag normal password input to pbkdf2() as "misuse" — passwords ARE
|
|
79
|
+
// user input by design. The dedicated rules check the specific arg positions
|
|
80
|
+
// that actually indicate misuse (literal IV, iterations < 100k).
|
|
63
81
|
];
|
|
64
82
|
// ── Sanitizer Detection ─────────────────────────────────────────────────
|
|
65
83
|
export const SANITIZER_PATTERNS = [
|
|
@@ -96,13 +114,14 @@ const SANITIZER_SUFFICIENCY = {
|
|
|
96
114
|
parseFloat: new Set(['sql']),
|
|
97
115
|
'Number()': new Set(['sql']),
|
|
98
116
|
'Boolean()': new Set([]), // too weak for anything
|
|
99
|
-
'schema.parse': new Set(['command', 'fs', 'sql', 'redirect', 'eval', 'template']),
|
|
100
|
-
'schema.safeParse': new Set(['command', 'fs', 'sql', 'redirect', 'eval', 'template']),
|
|
101
|
-
'schema.validate': new Set(['command', 'fs', 'sql', 'redirect', 'eval', 'template']),
|
|
102
|
-
'schema.validateSync': new Set(['command', 'fs', 'sql', 'redirect', 'eval', 'template']),
|
|
117
|
+
'schema.parse': new Set(['command', 'fs', 'sql', 'redirect', 'eval', 'template', 'ssrf']),
|
|
118
|
+
'schema.safeParse': new Set(['command', 'fs', 'sql', 'redirect', 'eval', 'template', 'ssrf']),
|
|
119
|
+
'schema.validate': new Set(['command', 'fs', 'sql', 'redirect', 'eval', 'template', 'ssrf']),
|
|
120
|
+
'schema.validateSync': new Set(['command', 'fs', 'sql', 'redirect', 'eval', 'template', 'ssrf']),
|
|
103
121
|
'sanitize()': new Set(['template']),
|
|
104
122
|
'escape()': new Set(['sql', 'template']),
|
|
105
123
|
DOMPurify: new Set(['template']),
|
|
124
|
+
// encodeURIComponent prevents open-redirect but NOT SSRF — the attacker still controls the host
|
|
106
125
|
encodeURIComponent: new Set(['redirect']),
|
|
107
126
|
'path.normalize': new Set(['fs']),
|
|
108
127
|
'replace(../)': new Set(['fs']),
|
|
@@ -146,9 +165,24 @@ export const SINK_NAMES = new Map([
|
|
|
146
165
|
['raw', 'sql'],
|
|
147
166
|
['$queryRaw', 'sql'],
|
|
148
167
|
['$queryRawUnsafe', 'sql'],
|
|
168
|
+
['sequelize.query', 'sql'],
|
|
149
169
|
['redirect', 'redirect'],
|
|
150
170
|
['eval', 'eval'],
|
|
151
171
|
['Function', 'eval'],
|
|
172
|
+
// SSRF — outbound HTTP request sinks
|
|
173
|
+
['fetch', 'ssrf'],
|
|
174
|
+
['axios', 'ssrf'],
|
|
175
|
+
['axios.get', 'ssrf'],
|
|
176
|
+
['axios.post', 'ssrf'],
|
|
177
|
+
['axios.put', 'ssrf'],
|
|
178
|
+
['axios.delete', 'ssrf'],
|
|
179
|
+
['axios.patch', 'ssrf'],
|
|
180
|
+
['axios.request', 'ssrf'],
|
|
181
|
+
['got', 'ssrf'],
|
|
182
|
+
['http.request', 'ssrf'],
|
|
183
|
+
['https.request', 'ssrf'],
|
|
184
|
+
['undici.fetch', 'ssrf'],
|
|
185
|
+
['undici.request', 'ssrf'],
|
|
152
186
|
]);
|
|
153
187
|
// Sanitizer names to detect (from SANITIZER_PATTERNS)
|
|
154
188
|
export const SANITIZER_PATTERN_NAMES = [
|
package/dist/taint-types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"taint-types.js","sourceRoot":"","sources":["../src/taint-types.ts"],"names":[],"mappings":"AAAA;;GAEG;AA+DH,4EAA4E;AAE5E,2DAA2D;AAC3D,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC;AACnD,MAAM,CAAC,MAAM,gBAAgB,GAAG,2DAA2D,CAAC;AAE5F,+DAA+D;AAC/D,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE;IAChD,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE;IAClD,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,YAAY,EAAE;IACpD,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,aAAa,EAAE;IACtD,EAAE,OAAO,EAAE,mBAAmB,EAAE,MAAM,EAAE,cAAc,EAAE;IACxD,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,EAAE,eAAe,EAAE;IAC1D,EAAE,OAAO,EAAE,qBAAqB,EAAE,MAAM,EAAE,gBAAgB,EAAE;IAC5D,EAAE,OAAO,EAAE,mBAAmB,EAAE,MAAM,EAAE,cAAc,EAAE;IACxD,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,aAAa,EAAE;IACtD,+CAA+C;IAC/C,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE;IAChD,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,SAAS,EAAE;IAC7C,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,UAAU,EAAE;IAC/C,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,SAAS,EAAE;IAC7C,EAAE,OAAO,EAAE,sBAAsB,EAAE,MAAM,EAAE,iBAAiB,EAAE;IAC9D,wBAAwB;IACxB,EAAE,OAAO,EAAE,yBAAyB,EAAE,MAAM,EAAE,oBAAoB,EAAE;IACpE,EAAE,OAAO,EAAE,sBAAsB,EAAE,MAAM,EAAE,kBAAkB,EAAE;IAC/D,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,aAAa,EAAE;CAC9C,CAAC;AAUX,MAAM,CAAC,MAAM,aAAa,GAAkB;IAC1C,oBAAoB;IACpB,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC7D,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE;IACrE,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC/D,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE;IACvE,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE;IACrE,aAAa;IACb,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,EAAE;IAClE,EAAE,OAAO,EAAE,sBAAsB,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,IAAI,EAAE;IAC1E,EAAE,OAAO,EAAE,0BAA0B,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,IAAI,EAAE;IAClF,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE;IAC5D,EAAE,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE;IACpE,+CAA+C;IAC/C,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC3D,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE;IAClE,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE;IACvD,WAAW;IACX,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,UAAU,EAAE;IACtE,OAAO;IACP,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC1D,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC5E,yCAAyC;IACzC,EAAE,OAAO,EAAE,wBAAwB,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACpF,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC5E,EAAE,OAAO,EAAE,kCAAkC,EAAE,IAAI,EAAE,yBAAyB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACtG,4CAA4C;IAC5C,EAAE,OAAO,EAAE,yBAAyB,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,EAAE;IACjF,EAAE,OAAO,EAAE,4BAA4B,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,EAAE;IACvF,kFAAkF;IAClF,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACrF,EAAE,OAAO,EAAE,2BAA2B,EAAE,IAAI,EAAE,4BAA4B,EAAE,QAAQ,EAAE,SAAS,EAAE;IACjG,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,SAAS,EAAE;
|
|
1
|
+
{"version":3,"file":"taint-types.js","sourceRoot":"","sources":["../src/taint-types.ts"],"names":[],"mappings":"AAAA;;GAEG;AA+DH,4EAA4E;AAE5E,2DAA2D;AAC3D,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC;AACnD,MAAM,CAAC,MAAM,gBAAgB,GAAG,2DAA2D,CAAC;AAE5F,+DAA+D;AAC/D,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE;IAChD,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE;IAClD,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,YAAY,EAAE;IACpD,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,aAAa,EAAE;IACtD,EAAE,OAAO,EAAE,mBAAmB,EAAE,MAAM,EAAE,cAAc,EAAE;IACxD,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,EAAE,eAAe,EAAE;IAC1D,EAAE,OAAO,EAAE,qBAAqB,EAAE,MAAM,EAAE,gBAAgB,EAAE;IAC5D,EAAE,OAAO,EAAE,mBAAmB,EAAE,MAAM,EAAE,cAAc,EAAE;IACxD,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,aAAa,EAAE;IACtD,+CAA+C;IAC/C,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE;IAChD,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,SAAS,EAAE;IAC7C,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,UAAU,EAAE;IAC/C,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,SAAS,EAAE;IAC7C,EAAE,OAAO,EAAE,sBAAsB,EAAE,MAAM,EAAE,iBAAiB,EAAE;IAC9D,wBAAwB;IACxB,EAAE,OAAO,EAAE,yBAAyB,EAAE,MAAM,EAAE,oBAAoB,EAAE;IACpE,EAAE,OAAO,EAAE,sBAAsB,EAAE,MAAM,EAAE,kBAAkB,EAAE;IAC/D,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,aAAa,EAAE;CAC9C,CAAC;AAUX,MAAM,CAAC,MAAM,aAAa,GAAkB;IAC1C,oBAAoB;IACpB,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC7D,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE;IACrE,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC/D,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE;IACvE,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE;IACrE,aAAa;IACb,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,EAAE;IAClE,EAAE,OAAO,EAAE,sBAAsB,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,IAAI,EAAE;IAC1E,EAAE,OAAO,EAAE,0BAA0B,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,IAAI,EAAE;IAClF,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE;IAC5D,EAAE,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE;IACpE,+CAA+C;IAC/C,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC3D,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE;IAClE,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE;IACvD,WAAW;IACX,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,UAAU,EAAE;IACtE,OAAO;IACP,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC1D,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC5E,yCAAyC;IACzC,EAAE,OAAO,EAAE,wBAAwB,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACpF,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC5E,EAAE,OAAO,EAAE,kCAAkC,EAAE,IAAI,EAAE,yBAAyB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACtG,4CAA4C;IAC5C,EAAE,OAAO,EAAE,yBAAyB,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,EAAE;IACjF,EAAE,OAAO,EAAE,4BAA4B,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,EAAE;IACvF,kFAAkF;IAClF,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACrF,EAAE,OAAO,EAAE,2BAA2B,EAAE,IAAI,EAAE,4BAA4B,EAAE,QAAQ,EAAE,SAAS,EAAE;IACjG,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC9E,qCAAqC;IACrC,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC5D,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC5D,EAAE,OAAO,EAAE,wDAAwD,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC9G,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE;IACxD,EAAE,OAAO,EAAE,8CAA8C,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,EAAE;IAClG,EAAE,OAAO,EAAE,sBAAsB,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC3E,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC7E,EAAE,OAAO,EAAE,gCAAgC,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,EAAE;IACvF,+CAA+C;IAC/C,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC9E,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,KAAK,EAAE;IAClE,EAAE,OAAO,EAAE,yBAAyB,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,KAAK,EAAE;IAChF,0EAA0E;IAC1E,yEAAyE;IACzE,2EAA2E;IAC3E,6EAA6E;IAC7E,iEAAiE;CAClE,CAAC;AAEF,2EAA2E;AAE3E,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,yCAAyC;IACzC,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,UAAU,EAAE;IAChD,EAAE,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,YAAY,EAAE;IACpD,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,UAAU,EAAE;IAC9C,EAAE,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,EAAE;IAChD,oBAAoB;IACpB,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,cAAc,EAAE;IACjD,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,kBAAkB,EAAE;IACzD,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,iBAAiB,EAAE;IACvD,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,qBAAqB,EAAE;IAC/D,sBAAsB;IACtB,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,YAAY,EAAE;IACrD,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,UAAU,EAAE;IACjD,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,WAAW,EAAE;IAC/C,EAAE,OAAO,EAAE,8BAA8B,EAAE,IAAI,EAAE,oBAAoB,EAAE;IACvE,oBAAoB;IACpB,EAAE,OAAO,EAAE,yCAAyC,EAAE,IAAI,EAAE,gBAAgB,EAAE;IAC9E,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,cAAc,EAAE;IAChE,uBAAuB;IACvB,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,0BAA0B,EAAE;IACtD,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,yBAAyB,EAAE;IACtD,sBAAsB;IACtB,EAAE,OAAO,EAAE,0BAA0B,EAAE,IAAI,EAAE,mBAAmB,EAAE;IAClE,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,cAAc,EAAE;IACxD,0BAA0B;IAC1B,EAAE,OAAO,EAAE,wBAAwB,EAAE,IAAI,EAAE,iBAAiB,EAAE;IAC9D,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,gBAAgB,EAAE;CAC7D,CAAC;AAQF,MAAM,qBAAqB,GAAsC;IAC/D,QAAQ,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAC1B,UAAU,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAC5B,UAAU,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAC5B,WAAW,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,EAAE,wBAAwB;IAClD,cAAc,EAAE,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IACzF,kBAAkB,EAAE,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IAC7F,iBAAiB,EAAE,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IAC5F,qBAAqB,EAAE,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IAChG,YAAY,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IACnC,UAAU,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IACxC,SAAS,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IAChC,gGAAgG;IAChG,kBAAkB,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IACzC,gBAAgB,EAAE,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;IACjC,cAAc,EAAE,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;IAC/B,0BAA0B,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAC5C,yBAAyB,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAC3C,iBAAiB,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IACxC,YAAY,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IACnC,eAAe,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IACtC,cAAc,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;CACtC,CAAC;AAEF;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CAAC,aAAqB,EAAE,YAA0B;IACrF,MAAM,OAAO,GAAG,qBAAqB,CAAC,aAAa,CAAC,CAAC;IACrD,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC,CAAC,oDAAoD;IAChF,OAAO,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;AACnC,CAAC;AAED,2EAA2E;AAE3E,4DAA4D;AAC5D,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAgC;IAC/D,CAAC,MAAM,EAAE,SAAS,CAAC;IACnB,CAAC,UAAU,EAAE,SAAS,CAAC;IACvB,CAAC,OAAO,EAAE,SAAS,CAAC;IACpB,CAAC,WAAW,EAAE,SAAS,CAAC;IACxB,CAAC,UAAU,EAAE,SAAS,CAAC;IACvB,CAAC,cAAc,EAAE,SAAS,CAAC;IAC3B,CAAC,UAAU,EAAE,IAAI,CAAC;IAClB,CAAC,cAAc,EAAE,IAAI,CAAC;IACtB,CAAC,WAAW,EAAE,IAAI,CAAC;IACnB,CAAC,eAAe,EAAE,IAAI,CAAC;IACvB,CAAC,mBAAmB,EAAE,IAAI,CAAC;IAC3B,CAAC,kBAAkB,EAAE,IAAI,CAAC;IAC1B,CAAC,QAAQ,EAAE,IAAI,CAAC;IAChB,CAAC,YAAY,EAAE,IAAI,CAAC;IACpB,CAAC,OAAO,EAAE,KAAK,CAAC;IAChB,CAAC,UAAU,EAAE,KAAK,CAAC;IACnB,CAAC,KAAK,EAAE,KAAK,CAAC;IACd,CAAC,WAAW,EAAE,KAAK,CAAC;IACpB,CAAC,iBAAiB,EAAE,KAAK,CAAC;IAC1B,CAAC,iBAAiB,EAAE,KAAK,CAAC;IAC1B,CAAC,UAAU,EAAE,UAAU,CAAC;IACxB,CAAC,MAAM,EAAE,MAAM,CAAC;IAChB,CAAC,UAAU,EAAE,MAAM,CAAC;IACpB,qCAAqC;IACrC,CAAC,OAAO,EAAE,MAAM,CAAC;IACjB,CAAC,OAAO,EAAE,MAAM,CAAC;IACjB,CAAC,WAAW,EAAE,MAAM,CAAC;IACrB,CAAC,YAAY,EAAE,MAAM,CAAC;IACtB,CAAC,WAAW,EAAE,MAAM,CAAC;IACrB,CAAC,cAAc,EAAE,MAAM,CAAC;IACxB,CAAC,aAAa,EAAE,MAAM,CAAC;IACvB,CAAC,eAAe,EAAE,MAAM,CAAC;IACzB,CAAC,KAAK,EAAE,MAAM,CAAC;IACf,CAAC,cAAc,EAAE,MAAM,CAAC;IACxB,CAAC,eAAe,EAAE,MAAM,CAAC;IACzB,CAAC,cAAc,EAAE,MAAM,CAAC;IACxB,CAAC,gBAAgB,EAAE,MAAM,CAAC;CAC3B,CAAC,CAAC;AAEH,sDAAsD;AACtD,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,UAAU;IACV,YAAY;IACZ,QAAQ;IACR,SAAS;IACT,QAAQ;IACR,WAAW;IACX,oBAAoB;IACpB,QAAQ;IACR,UAAU;IACV,WAAW;IACX,QAAQ;IACR,KAAK;IACL,YAAY;IACZ,WAAW;IACX,eAAe;IACf,OAAO;IACP,WAAW;IACX,UAAU;CACX,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -32,6 +32,24 @@ export interface FixAction {
|
|
|
32
32
|
replacement: string;
|
|
33
33
|
description: string;
|
|
34
34
|
}
|
|
35
|
+
/** Single hop in an evidence chain — where a finding came from */
|
|
36
|
+
export interface ProvenanceStep {
|
|
37
|
+
/** What this step represents — source, sanitizer, boundary, sink, etc. */
|
|
38
|
+
kind: 'source' | 'sanitizer' | 'boundary' | 'sink' | 'import' | 'call';
|
|
39
|
+
/** File + location of this step */
|
|
40
|
+
location: SourceSpan;
|
|
41
|
+
/** Short human-readable label (e.g., "req.body", "fetch(url)", "use client") */
|
|
42
|
+
label: string;
|
|
43
|
+
/** Optional longer explanation rendered in the "why this fired" tooltip */
|
|
44
|
+
detail?: string;
|
|
45
|
+
}
|
|
46
|
+
/** Evidence chain: ordered steps from root cause to the reported sink */
|
|
47
|
+
export interface ProvenanceChain {
|
|
48
|
+
/** Ordered steps from source → sink */
|
|
49
|
+
steps: ProvenanceStep[];
|
|
50
|
+
/** Optional one-line summary shown before expanding the chain */
|
|
51
|
+
summary?: string;
|
|
52
|
+
}
|
|
35
53
|
/** Unified finding from any review layer */
|
|
36
54
|
export interface ReviewFinding {
|
|
37
55
|
/** Which layer produced this finding */
|
|
@@ -62,6 +80,8 @@ export interface ReviewFinding {
|
|
|
62
80
|
origin?: 'changed' | 'upstream';
|
|
63
81
|
/** Distance from nearest entry file (0 = entry, 1 = direct import, etc.) */
|
|
64
82
|
distance?: number;
|
|
83
|
+
/** Evidence chain explaining WHY the finding fired (taint path, boundary walk, etc.) */
|
|
84
|
+
provenance?: ProvenanceChain;
|
|
65
85
|
}
|
|
66
86
|
/** Confidence level for an inference match */
|
|
67
87
|
export type Confidence = 'high' | 'medium' | 'low';
|
package/dist/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAoUH,4EAA4E;AAE5E;sEACsE;AACtE,MAAM,UAAU,iBAAiB,CAAC,MAAc,EAAE,SAAiB,EAAE,QAAgB;IACnF,OAAO,GAAG,MAAM,IAAI,SAAS,IAAI,QAAQ,EAAE,CAAC;AAC9C,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kernlang/review",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.2.3",
|
|
4
4
|
"description": "Kern Review — scan TS, infer .kern IR, roundtrip diff, report",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -26,7 +26,7 @@
|
|
|
26
26
|
"license": "AGPL-3.0",
|
|
27
27
|
"dependencies": {
|
|
28
28
|
"ts-morph": "^27.0.0",
|
|
29
|
-
"@kernlang/core": "3.
|
|
29
|
+
"@kernlang/core": "3.2.3"
|
|
30
30
|
},
|
|
31
31
|
"scripts": {
|
|
32
32
|
"build": "tsc -b",
|