@kernlang/review 3.1.9 → 3.3.4

package/dist/taint-crossfile.js

@@ -4,7 +4,12 @@
  * Traces tainted data across import boundaries:
  *   handler(req) → importedFn(req.body) → exec() in another file.
  */
+import { extname } from 'path';
 import { classifyParams, detectSanitizers, findClosingParen, findTaintedSinks, propagateTaint } from './taint-regex.js';
+const TS_MORPH_GRAPH_EXTENSIONS = new Set(['.ts', '.tsx', '.js', '.jsx', '.mts', '.cts', '.mjs', '.cjs']);
+function supportsTsMorphGraphFile(filePath) {
+    return TS_MORPH_GRAPH_EXTENSIONS.has(extname(filePath).toLowerCase());
+}
 // ── Export Map ───────────────────────────────────────────────────────────
 /**
  * Build a map of exported functions across all files.
@@ -88,6 +93,154 @@ export function buildImportMap(inferredPerFile, graphImports) {
     }
     return importMap;
 }
+// ── ts-morph-Backed Export / Import Maps ────────────────────────────────
+/**
+ * Build an export map from ts-morph — works on ANY TypeScript codebase,
+ * regardless of whether the file has been KERN-inferred.
+ *
+ * Scans every exported function declaration and arrow/function-expression
+ * variable, extracts its body text, and runs the same sink detector the
+ * IR-based map uses. Output keys are identical (`filePath::fnName`) so the
+ * result merges cleanly with `buildExportMap`.
+ */
+export function buildExportMapFromGraph(project, graph) {
+    const exportMap = new Map();
+    for (const gf of graph.files) {
+        if (!supportsTsMorphGraphFile(gf.path))
+            continue;
+        const sf = project.getSourceFile(gf.path);
+        if (!sf)
+            continue;
+        for (const [exportName, decls] of sf.getExportedDeclarations()) {
+            for (const decl of decls) {
+                const collected = collectFnSignature(decl);
+                if (!collected)
+                    continue;
+                const { params, code } = collected;
+                const paramNames = params
+                    .split(',')
+                    .map((p) => p.trim().split(':')[0]?.trim())
+                    .filter(Boolean);
+                const sinks = [];
+                if (code && paramNames.length > 0) {
+                    const dummyTaint = paramNames.map((name) => ({
+                        name,
+                        origin: `param:${name}`,
+                    }));
+                    sinks.push(...findTaintedSinks(code, dummyTaint));
+                }
+                const key = `${gf.path}::${exportName}`;
+                exportMap.set(key, {
+                    filePath: gf.path,
+                    fnName: exportName,
+                    params,
+                    hasSink: sinks.length > 0,
+                    sinks,
+                });
+            }
+        }
+    }
+    return exportMap;
+}
+/**
+ * Build an import map from ts-morph for any TS codebase.
+ *
+ * Keys: `importingFile::localName`. Works for named imports (including
+ * aliased `import { foo as bar }`), default imports, and re-exports resolved
+ * via ts-morph's module resolution.
+ */
+export function buildImportMapFromGraph(project, graph) {
+    const importMap = new Map();
+    for (const gf of graph.files) {
+        if (!supportsTsMorphGraphFile(gf.path))
+            continue;
+        const sf = project.getSourceFile(gf.path);
+        if (!sf)
+            continue;
+        for (const imp of sf.getImportDeclarations()) {
+            let target;
+            try {
+                target = imp.getModuleSpecifierSourceFile() ?? undefined;
+            }
+            catch {
+                continue;
+            }
+            if (!target)
+                continue;
+            const targetPath = target.getFilePath();
+            for (const named of imp.getNamedImports()) {
+                const localName = named.getAliasNode()?.getText() ?? named.getName();
+                importMap.set(`${gf.path}::${localName}`, targetPath);
+            }
+            const def = imp.getDefaultImport();
+            if (def)
+                importMap.set(`${gf.path}::${def.getText()}`, targetPath);
+        }
+    }
+    return importMap;
+}
+/**
+ * Build a map of *local-name → exported-name* for aliased named imports.
+ *
+ * Keys: `importingFile::localName`. Values: the actual exported name at the
+ * import target. Identity mappings (localName === exportedName) are omitted
+ * to keep the map compact. Callers look up `aliasMap.get(key) ?? localName`
+ * when they need the name to match against an export map.
+ */
+export function buildImportAliasMap(project, graph) {
+    const aliasMap = new Map();
+    for (const gf of graph.files) {
+        if (!supportsTsMorphGraphFile(gf.path))
+            continue;
+        const sf = project.getSourceFile(gf.path);
+        if (!sf)
+            continue;
+        for (const imp of sf.getImportDeclarations()) {
+            for (const named of imp.getNamedImports()) {
+                const alias = named.getAliasNode();
+                if (!alias)
+                    continue; // not aliased — localName IS the exported name
+                const localName = alias.getText();
+                const exportedName = named.getName();
+                aliasMap.set(`${gf.path}::${localName}`, exportedName);
+            }
+        }
+    }
+    return aliasMap;
+}
+/** Extract `{ params, code }` from an exported function-ish declaration. */
+function collectFnSignature(decl) {
+    const kind = decl.getKindName();
+    if (kind === 'FunctionDeclaration') {
+        const fn = decl;
+        const body = fn.getBody();
+        return {
+            params: fn
+                .getParameters()
+                .map((p) => p.getText())
+                .join(','),
+            code: body?.getText() ?? '',
+        };
+    }
+    if (kind === 'VariableDeclaration') {
+        const vd = decl;
+        const init = vd.getInitializer();
+        if (!init)
+            return undefined;
+        const initKind = init.getKindName();
+        if (initKind !== 'ArrowFunction' && initKind !== 'FunctionExpression')
+            return undefined;
+        const fn = init;
+        return {
+            params: fn
+                .getParameters()
+                .map((p) => p.getText())
+                .join(','),
+            code: fn.getBody().getText(),
+        };
+    }
+    return undefined;
+}
 // ── Cross-File Analysis ─────────────────────────────────────────────────
 /**
  * Cross-file taint analysis.
@@ -98,74 +251,142 @@ export function buildImportMap(inferredPerFile, graphImports) {
  *   3. Look up the target function — does it have a dangerous sink?
  *   4. If yes and no sanitizer in between → cross-file taint path
  */
-export function analyzeTaintCrossFile(inferredPerFile, graphImports) {
+export function analyzeTaintCrossFile(inferredPerFile, graphImports, graph) {
     const exportMap = buildExportMap(inferredPerFile);
     const importMap = buildImportMap(inferredPerFile, graphImports);
+    // Alias resolution for aliased named imports (`import { foo as bar }`).
+    // Populated only from ts-morph — the IR-derived path does not preserve alias
+    // metadata. Keyed the same as importMap: `importingFile::localName`.
+    const aliasMap = new Map();
+    // Augment with ts-morph-derived maps so taint works on files that were
+    // never KERN-inferred. IR-derived entries take priority; ts-morph fills gaps.
+    if (graph?.project) {
+        const tsExportMap = buildExportMapFromGraph(graph.project, graph);
+        for (const [key, fn] of tsExportMap) {
+            if (!exportMap.has(key))
+                exportMap.set(key, fn);
+        }
+        const tsImportMap = buildImportMapFromGraph(graph.project, graph);
+        for (const [key, path] of tsImportMap) {
+            if (!importMap.has(key))
+                importMap.set(key, path);
+        }
+        const tsAliasMap = buildImportAliasMap(graph.project, graph);
+        for (const [key, exportedName] of tsAliasMap) {
+            aliasMap.set(key, exportedName);
+        }
+    }
+    // Also walk files that have no IR at all but are present in the graph.
+    // These are the files we previously missed entirely.
+    const iteratedFiles = new Set(inferredPerFile.keys());
+    const extraFiles = [];
+    if (graph?.project) {
+        for (const gf of graph.files) {
+            if (iteratedFiles.has(gf.path))
+                continue;
+            if (!supportsTsMorphGraphFile(gf.path))
+                continue;
+            const sf = graph.project.getSourceFile(gf.path);
+            if (sf)
+                extraFiles.push([gf.path, sf]);
+        }
+    }
     const results = [];
+    const analyzeCaller = (args) => {
+        const { filePath, fnName, paramsStr, code, startLine } = args;
+        if (!code)
+            return;
+        const taintedParams = classifyParams(paramsStr);
+        if (taintedParams.length === 0)
+            return;
+        const taintedVars = propagateTaint(code, taintedParams);
+        const taintedNames = new Set(taintedVars.map((v) => v.name));
+        const callRegex = /\b(\w+)\s*\(/g;
+        let callMatch;
+        while ((callMatch = callRegex.exec(code)) !== null) {
+            const calledFn = callMatch[0].replace(/\s*\($/, '');
+            const resolvedFile = importMap.get(`${filePath}::${calledFn}`);
+            if (!resolvedFile)
+                continue;
+            // Resolve alias: if `calledFn` is a local name for an aliased import, use
+            // the exported name for the export-map lookup.
+            const exportedName = aliasMap.get(`${filePath}::${calledFn}`) ?? calledFn;
+            const targetFn = exportMap.get(`${resolvedFile}::${exportedName}`);
+            if (!targetFn?.hasSink)
+                continue;
+            const callStart = callMatch.index + callMatch[0].length;
+            const parenEnd = findClosingParen(code, callStart);
+            const argText = code.slice(callStart, parenEnd);
+            const taintedArgs = [];
+            for (const tName of taintedNames) {
+                if (new RegExp(`\\b${tName}\\b`).test(argText))
+                    taintedArgs.push(tName);
+            }
+            if (taintedArgs.length === 0)
+                continue;
+            const beforeCall = code.slice(0, callMatch.index);
+            const foundSanitizers = detectSanitizers(beforeCall);
+            const hasSanitizer = taintedArgs.some((arg) => foundSanitizers.some((s) => new RegExp(`\\b${arg}\\b`).test(s.context)));
+            if (hasSanitizer)
+                continue;
+            for (const sink of targetFn.sinks) {
+                const source = taintedVars.find((v) => taintedArgs.includes(v.name));
+                if (!source)
+                    continue;
+                results.push({
+                    callerFile: filePath,
+                    callerFn: fnName,
+                    callerLine: startLine,
+                    calleeFile: resolvedFile,
+                    calleeFn: exportedName,
+                    taintedArgs,
+                    sinkInCallee: sink,
+                    source,
+                });
+            }
+        }
+    };
+    // IR-derived callers
     for (const [filePath, inferred] of inferredPerFile) {
         for (const r of inferred) {
             if (r.node.type !== 'fn')
                 continue;
-            const fnName = r.node.props?.name || 'anonymous';
-            const paramsStr = r.node.props?.params || '';
             const handler = r.node.children?.find((c) => c.type === 'handler');
-            const code = handler?.props?.code || '';
-            if (!code)
-                continue;
-            // Only analyze functions with tainted params
-            const taintedParams = classifyParams(paramsStr);
-            if (taintedParams.length === 0)
-                continue;
-            const taintedVars = propagateTaint(code, taintedParams);
-            const taintedNames = new Set(taintedVars.map((v) => v.name));
-            // Find calls to imported functions: importedFn(taintedVar)
-            const callRegex = /\b(\w+)\s*\(/g;
-            let callMatch;
-            while ((callMatch = callRegex.exec(code)) !== null) {
-                const calledFn = callMatch[0].replace(/\s*\($/, '');
-                // Is this an imported function?
-                const resolvedFile = importMap.get(`${filePath}::${calledFn}`);
-                if (!resolvedFile)
-                    continue;
-                // Does the target have dangerous sinks?
-                const targetFn = exportMap.get(`${resolvedFile}::${calledFn}`);
-                if (!targetFn?.hasSink)
-                    continue;
-                // Extract arguments passed to this call
-                const callStart = callMatch.index + callMatch[0].length;
-                const parenEnd = findClosingParen(code, callStart);
-                const argText = code.slice(callStart, parenEnd);
-                // Check if any tainted variable is passed as argument
-                const taintedArgs = [];
-                for (const tName of taintedNames) {
-                    if (new RegExp(`\\b${tName}\\b`).test(argText)) {
-                        taintedArgs.push(tName);
-                    }
-                }
-                if (taintedArgs.length === 0)
+            analyzeCaller({
+                filePath,
+                fnName: r.node.props?.name || 'anonymous',
+                paramsStr: r.node.props?.params || '',
+                code: handler?.props?.code || '',
+                startLine: r.startLine,
+            });
+        }
+    }
+    // ts-morph-derived callers for files that were never KERN-inferred.
+    const seenCallers = new Set(); // dedup: filePath::fnName
+    for (const [filePath, inferred] of inferredPerFile) {
+        for (const r of inferred) {
+            if (r.node.type !== 'fn')
+                continue;
+            const name = r.node.props?.name || '';
+            if (name)
+                seenCallers.add(`${filePath}::${name}`);
+        }
+    }
+    for (const [filePath, sf] of extraFiles) {
+        for (const [exportName, decls] of sf.getExportedDeclarations()) {
+            if (seenCallers.has(`${filePath}::${exportName}`))
+                continue;
+            for (const decl of decls) {
+                const sig = collectFnSignature(decl);
+                if (!sig)
                     continue;
-                // Check for sanitizers between the taint and the call
-                const beforeCall = code.slice(0, callMatch.index);
-                const foundSanitizers = detectSanitizers(beforeCall);
-                const hasSanitizer = taintedArgs.some((arg) => foundSanitizers.some((s) => new RegExp(`\\b${arg}\\b`).test(s.context)));
-                if (hasSanitizer)
-                    continue; // Sanitized before passing to callee
-                // Found cross-file taint path
-                for (const sink of targetFn.sinks) {
-                    const source = taintedVars.find((v) => taintedArgs.includes(v.name));
-                    if (!source)
-                        continue;
-                    results.push({
-                        callerFile: filePath,
-                        callerFn: fnName,
-                        callerLine: r.startLine,
-                        calleeFile: resolvedFile,
-                        calleeFn: calledFn,
-                        taintedArgs,
-                        sinkInCallee: sink,
-                        source,
-                    });
-                }
+                analyzeCaller({
+                    filePath,
+                    fnName: exportName,
+                    paramsStr: sig.params,
+                    code: sig.code,
+                    startLine: decl.getStartLineNumber(),
+                });
             }
         }
     }

package/dist/taint-crossfile.js.map

@@ -1 +1 @@
-{"version":3,"file":"taint-crossfile.js","sourceRoot":"","sources":["../src/taint-crossfile.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAIxH,4EAA4E;AAE5E;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,eAA2C;IACxE,MAAM,SAAS,GAAG,IAAI,GAAG,EAA4B,CAAC;IAEtD,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,eAAe,EAAE,CAAC;QACnD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI;gBAAE,SAAS;YACnC,MAAM,MAAM,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAe,IAAI,EAAE,CAAC;YACpD,IAAI,CAAC,MAAM;gBAAE,SAAS;YAEtB,2EAA2E;YAC3E,MAAM,UAAU,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC;YACpD,IAAI,CAAC,UAAU;gBAAE,SAAS;YAE1B,MAAM,MAAM,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,MAAiB,IAAI,EAAE,CAAC;YACtD,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;YACnE,MAAM,IAAI,GAAI,OAAO,EAAE,KAAK,EAAE,IAAe,IAAI,EAAE,CAAC;YAEpD,sDAAsD;YACtD,MAAM,KAAK,GAAgB,EAAE,CAAC;YAC9B,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,UAAU,GAAkB,EAAE,CAAC;gBACrC,wDAAwD;gBACxD,MAAM,UAAU,GAAG,MAAM;qBACtB,KAAK,CAAC,GAAG,CAAC;qBACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;qBAC1C,MAAM,CAAC,OAAO,CAAC,CAAC;gBACnB,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;oBAC9B,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,IAAI,EAAE,EAAE,CAAC,CAAC;gBACrD,CAAC;gBACD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC1B,KAAK,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;gBACpD,CAAC;YACH,CAAC;YAED,SAAS,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,MAAM,EAAE,EAAE;gBACtC,QAAQ;gBACR,MAAM;gBACN,MAAM;gBACN,OAAO,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC;gBACzB,KAAK;aACN,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,2EAA2E;AAE3E;;;GAGG;AACH,MAAM,UAAU,cAAc,CAC5B,eAA2C,EAC3C,YAAmC;IAEnC,MAAM,SAAS,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE5C,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,eAAe,EAAE,CAAC;QACnD,MAAM,eAAe,GAAG,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEzD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,QAAQ;gBAAE,SAAS;YACvC,MAAM,IAAI,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAe,IAAI,EAAE,CAAC;YAClD,MAAM,KAAK,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,KAAgB,IAAI,EAAE,CAAC;YACpD,MAAM,aAAa,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,OAAkB,IAAI,EAAE,CAAC;YAE9D,IAAI,CAAC,IAAI;gBAAE,SAAS;YAEpB,mDAAmD;YACnD,MAAM,YAAY,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC9C,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,CACpE,CAAC;YACF,IAAI,CAAC,YAAY;gBAAE,SAAS;YAE5B,8CAA8C;YAC9C,IAAI,KAAK,EAAE,CAAC;gBACV,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;oBACzD,IAAI,IAAI;wBAAE,SAAS,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,IAAI,EAAE,EAAE,YAAY,CAAC,CAAC;gBAChE,CAAC;YACH,CAAC;YACD,IAAI,aAAa,EAAE,CAAC;gBAClB,SAAS,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,aAAa,EAAE,EAAE,YAAY,CAAC,CAAC;YAC/D,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,2EAA2E;AAE3E;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CACnC,eAA2C,EAC3C,YAAmC;IAEnC,MAAM,SAAS,GAAG,cAAc,CAAC,eAAe,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,cAAc,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;IAChE,MAAM,OAAO,GAA2B,EAAE,CAAC;IAE3C,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,eAAe,EAAE,CAAC;QACnD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI;gBAAE,SAAS;YAEnC,MAAM,MAAM,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAe,IAAI,WAAW,CAAC;YAC7D,MAAM,SAAS,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,MAAiB,IAAI,EAAE,CAAC;YACzD,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;YACnE,MAAM,IAAI,GAAI,OAAO,EAAE,KAAK,EAAE,IAAe,IAAI,EAAE,CAAC;YACpD,IAAI,CAAC,IAAI;gBAAE,SAAS;YAEpB,6CAA6C;YAC7C,MAAM,aAAa,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;YAChD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAEzC,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;YACxD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;YAE7D,2DAA2D;YAC3D,MAAM,SAAS,GAAG,eAAe,CAAC;YAClC,IAAI,SAAS,CAAC;YACd,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBACnD,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;gBAEpD,gCAAgC;gBAChC,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,QAAQ,EAAE,CAAC,CAAC;gBAC/D,IAAI,CAAC,YAAY;oBAAE,SAAS;gBAE5B,wCAAwC;gBACxC,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,YAAY,KAAK,QAAQ,EAAE,CAAC,CAAC;gBAC/D,IAAI,CAAC,QAAQ,EAAE,OAAO;oBAAE,SAAS;gBAEjC,wCAAwC;gBACxC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBACxD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;gBACnD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;gBAEhD,sDAAsD;gBACtD,MAAM,WAAW,GAAa,EAAE,CAAC;gBACjC,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;oBACjC,IAAI,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;wBAC/C,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;oBAC1B,CAAC;gBACH,CAAC;gBAED,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;oBAAE,SAAS;gBAEvC,sDAAsD;gBACtD,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;gBAClD,MAAM,eAAe,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;gBACrD,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAC5C,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CACxE,CAAC;gBAEF,IAAI,YAAY;oBAAE,SAAS,CAAC,qCAAqC;gBAEjE,8BAA8B;gBAC9B,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;oBAClC,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;oBACrE,IAAI,CAAC,MAAM;wBAAE,SAAS;oBAEtB,OAAO,CAAC,IAAI,CAAC;wBACX,UAAU,EAAE,QAAQ;wBACpB,QAAQ,EAAE,MAAM;wBAChB,UAAU,EAAE,CAAC,CAAC,SAAS;wBACvB,UAAU,EAAE,YAAY;wBACxB,QAAQ,EAAE,QAAQ;wBAClB,WAAW;wBACX,YAAY,EAAE,IAAI;wBAClB,MAAM;qBACP,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}
+{"version":3,"file":"taint-crossfile.js","sourceRoot":"","sources":["../src/taint-crossfile.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAE/B,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAIxH,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AAE1G,SAAS,wBAAwB,CAAC,QAAgB;IAChD,OAAO,yBAAyB,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,4EAA4E;AAE5E;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,eAA2C;IACxE,MAAM,SAAS,GAAG,IAAI,GAAG,EAA4B,CAAC;IAEtD,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,eAAe,EAAE,CAAC;QACnD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI;gBAAE,SAAS;YACnC,MAAM,MAAM,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAe,IAAI,EAAE,CAAC;YACpD,IAAI,CAAC,MAAM;gBAAE,SAAS;YAEtB,2EAA2E;YAC3E,MAAM,UAAU,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC;YACpD,IAAI,CAAC,UAAU;gBAAE,SAAS;YAE1B,MAAM,MAAM,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,MAAiB,IAAI,EAAE,CAAC;YACtD,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;YACnE,MAAM,IAAI,GAAI,OAAO,EAAE,KAAK,EAAE,IAAe,IAAI,EAAE,CAAC;YAEpD,sDAAsD;YACtD,MAAM,KAAK,GAAgB,EAAE,CAAC;YAC9B,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,UAAU,GAAkB,EAAE,CAAC;gBACrC,wDAAwD;gBACxD,MAAM,UAAU,GAAG,MAAM;qBACtB,KAAK,CAAC,GAAG,CAAC;qBACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;qBAC1C,MAAM,CAAC,OAAO,CAAC,CAAC;gBACnB,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;oBAC9B,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,IAAI,EAAE,EAAE,CAAC,CAAC;gBACrD,CAAC;gBACD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC1B,KAAK,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;gBACpD,CAAC;YACH,CAAC;YAED,SAAS,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,MAAM,EAAE,EAAE;gBACtC,QAAQ;gBACR,MAAM;gBACN,MAAM;gBACN,OAAO,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC;gBACzB,KAAK;aACN,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,2EAA2E;AAE3E;;;GAGG;AACH,MAAM,UAAU,cAAc,CAC5B,eAA2C,EAC3C,YAAmC;IAEnC,MAAM,SAAS,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE5C,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,eAAe,EAAE,CAAC;QACnD,MAAM,eAAe,GAAG,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEzD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,QAAQ;gBAAE,SAAS;YACvC,MAAM,IAAI,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAe,IAAI,EAAE,CAAC;YAClD,MAAM,KAAK,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,KAAgB,IAAI,EAAE,CAAC;YACpD,MAAM,aAAa,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,OAAkB,IAAI,EAAE,CAAC;YAE9D,IAAI,CAAC,IAAI;gBAAE,SAAS;YAEpB,mDAAmD;YACnD,MAAM,YAAY,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC9C,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,CACpE,CAAC;YACF,IAAI,CAAC,YAAY;gBAAE,SAAS;YAE5B,8CAA8C;YAC9C,IAAI,KAAK,EAAE,CAAC;gBACV,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;oBACzD,IAAI,IAAI;wBAAE,SAAS,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,IAAI,EAAE,EAAE,YAAY,CAAC,CAAC;gBAChE,CAAC;YACH,CAAC;YACD,IAAI,aAAa,EAAE,CAAC;gBAClB,SAAS,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,aAAa,EAAE,EAAE,YAAY,CAAC,CAAC;YAC/D,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,2EAA2E;AAE3E;;;;;;;;GAQG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAAgB,EAAE,KAAkB;IAC1E,MAAM,SAAS,GAAG,IAAI,GAAG,EAA4B,CAAC;IAEtD,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC7B,IAAI,CAAC,wBAAwB,CAAC,EAAE,CAAC,IAAI,CAAC;YAAE,SAAS;QACjD,MAAM,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,EAAE;YAAE,SAAS;QAElB,KAAK,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,uBAAuB,EAAE,EAAE,CAAC;YAC/D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,SAAS,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;gBAC3C,IAAI,CAAC,SAAS;oBAAE,SAAS;gBAEzB,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,SAAS,CAAC;gBACnC,MAAM,UAAU,GAAG,MAAM;qBACtB,KAAK,CAAC,GAAG,CAAC;qBACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;qBAC1C,MAAM,CAAC,OAAO,CAAC,CAAC;gBAEnB,MAAM,KAAK,GAAgB,EAAE,CAAC;gBAC9B,IAAI,IAAI,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAClC,MAAM,UAAU,GAAkB,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;wBAC1D,IAAI;wBACJ,MAAM,EAAE,SAAS,IAAI,EAAE;qBACxB,CAAC,CAAC,CAAC;oBACJ,KAAK,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;gBACpD,CAAC;gBAED,MAAM,GAAG,GAAG,GAAG,EAAE,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBACxC,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE;oBACjB,QAAQ,EAAE,EAAE,CAAC,IAAI;oBACjB,MAAM,EAAE,UAAU;oBAClB,MAAM;oBACN,OAAO,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC;oBACzB,KAAK;iBACN,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAAgB,EAAE,KAAkB;IAC1E,MAAM,SAAS,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE5C,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC7B,IAAI,CAAC,wBAAwB,CAAC,EAAE,CAAC,IAAI,CAAC;YAAE,SAAS;QACjD,MAAM,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,EAAE;YAAE,SAAS;QAElB,KAAK,MAAM,GAAG,IAAI,EAAE,CAAC,qBAAqB,EAAE,EAAE,CAAC;YAC7C,IAAI,MAA8B,CAAC;YACnC,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,CAAC,4BAA4B,EAAE,IAAI,SAAS,CAAC;YAC3D,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YACD,IAAI,CAAC,MAAM;gBAAE,SAAS;YACtB,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;YAExC,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,eAAe,EAAE,EAAE,CAAC;gBAC1C,MAAM,SAAS,GAAG,KAAK,CAAC,YAAY,EAAE,EAAE,OAAO,EAAE,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;gBACrE,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,IAAI,KAAK,SAAS,EAAE,EAAE,UAAU,CAAC,CAAC;YACxD,CAAC;YACD,MAAM,GAAG,GAAG,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACnC,IAAI,GAAG;gBAAE,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,EAAE,EAAE,UAAU,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAgB,EAAE,KAAkB;IACtE,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE3C,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC7B,IAAI,CAAC,wBAAwB,CAAC,EAAE,CAAC,IAAI,CAAC;YAAE,SAAS;QACjD,MAAM,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,EAAE;YAAE,SAAS;QAElB,KAAK,MAAM,GAAG,IAAI,EAAE,CAAC,qBAAqB,EAAE,EAAE,CAAC;YAC7C,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,eAAe,EAAE,EAAE,CAAC;gBAC1C,MAAM,KAAK,GAAG,KAAK,CAAC,YAAY,EAAE,CAAC;gBACnC,IAAI,CAAC,KAAK;oBAAE,SAAS,CAAC,+CAA+C;gBACrE,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;gBAClC,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;gBACrC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,IAAI,KAAK,SAAS,EAAE,EAAE,YAAY,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,4EAA4E;AAC5E,SAAS,kBAAkB,CAAC,IAA6B;IACvD,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAEhC,IAAI,IAAI,KAAK,qBAAqB,EAAE,CAAC;QACnC,MAAM,EAAE,GAAG,IAA8C,CAAC;QAC1D,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;QAC1B,OAAO;YACL,MAAM,EAAE,EAAE;iBACP,aAAa,EAAE;iBACf,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;iBACvB,IAAI,CAAC,GAAG,CAAC;YACZ,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE;SAC5B,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,KAAK,qBAAqB,EAAE,CAAC;QACnC,MAAM,EAAE,GAAG,IAA8C,CAAC;QAC1D,MAAM,IAAI,GAAG,EAAE,CAAC,cAAc,EAAE,CAAC;QACjC,IAAI,CAAC,IAAI;YAAE,OAAO,SAAS,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACpC,IAAI,QAAQ,KAAK,eAAe,IAAI,QAAQ,KAAK,oBAAoB;YAAE,OAAO,SAAS,CAAC;QACxF,MAAM,EAAE,GAAG,IAAgF,CAAC;QAC5F,OAAO;YACL,MAAM,EAAE,EAAE;iBACP,aAAa,EAAE;iBACf,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;iBACvB,IAAI,CAAC,GAAG,CAAC;YACZ,IAAI,EAAE,EAAE,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE;SAC7B,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,2EAA2E;AAE3E;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CACnC,eAA2C,EAC3C,YAAmC,EACnC,KAAmB;IAEnB,MAAM,SAAS,GAAG,cAAc,CAAC,eAAe,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,cAAc,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;IAEhE,wEAAwE;IACxE,6EAA6E;IAC7E,qEAAqE;IACrE,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE3C,uEAAuE;IACvE,8EAA8E;IAC9E,IAAI,KAAK,EAAE,OAAO,EAAE,CAAC;QACnB,MAAM,WAAW,GAAG,uBAAuB,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAClE,KAAK,MAAM,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC;YACpC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAClD,CAAC;QACD,MAAM,WAAW,GAAG,uBAAuB,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAClE,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,WAAW,EAAE,CAAC;YACtC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACpD,CAAC;QACD,MAAM,UAAU,GAAG,mBAAmB,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC7D,KAAK,MAAM,CAAC,GAAG,EAAE,YAAY,CAAC,IAAI,UAAU,EAAE,CAAC;YAC7C,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,qDAAqD;IACrD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC;IACtD,MAAM,UAAU,GAAgC,EAAE,CAAC;IACnD,IAAI,KAAK,EAAE,OAAO,EAAE,CAAC;QACnB,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YAC7B,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC;gBAAE,SAAS;YACzC,IAAI,CAAC,wBAAwB,CAAC,EAAE,CAAC,IAAI,CAAC;gBAAE,SAAS;YACjD,MAAM,EAAE,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;YAChD,IAAI,EAAE;gBAAE,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAA2B,EAAE,CAAC;IAE3C,MAAM,aAAa,GAAG,CAAC,IAMtB,EAAE,EAAE;QACH,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;QAC9D,IAAI,CAAC,IAAI;YAAE,OAAO;QAElB,MAAM,aAAa,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;QAChD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAEvC,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACxD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAE7D,MAAM,SAAS,GAAG,eAAe,CAAC;QAClC,IAAI,SAAS,CAAC;QACd,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACnD,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YAEpD,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,QAAQ,EAAE,CAAC,CAAC;YAC/D,IAAI,CAAC,YAAY;gBAAE,SAAS;YAE5B,0EAA0E;YAC1E,+CAA+C;YAC/C,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,QAAQ,EAAE,CAAC,IAAI,QAAQ,CAAC;YAC1E,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,YAAY,KAAK,YAAY,EAAE,CAAC,CAAC;YACnE,IAAI,CAAC,QAAQ,EAAE,OAAO;gBAAE,SAAS;YAEjC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YACxD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YACnD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAEhD,MAAM,WAAW,GAAa,EAAE,CAAC;YACjC,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;gBACjC,IAAI,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;oBAAE,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1E,CAAC;YACD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAEvC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;YAClD,MAAM,eAAe,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;YACrD,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAC5C,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CACxE,CAAC;YACF,IAAI,YAAY;gBAAE,SAAS;YAE3B,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;gBAClC,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;gBACrE,IAAI,CAAC,MAAM;oBAAE,SAAS;gBACtB,OAAO,CAAC,IAAI,CAAC;oBACX,UAAU,EAAE,QAAQ;oBACpB,QAAQ,EAAE,MAAM;oBAChB,UAAU,EAAE,SAAS;oBACrB,UAAU,EAAE,YAAY;oBACxB,QAAQ,EAAE,YAAY;oBACtB,WAAW;oBACX,YAAY,EAAE,IAAI;oBAClB,MAAM;iBACP,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC;IAEF,qBAAqB;IACrB,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,eAAe,EAAE,CAAC;QACnD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI;gBAAE,SAAS;YACnC,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;YACnE,aAAa,CAAC;gBACZ,QAAQ;gBACR,MAAM,EAAG,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAe,IAAI,WAAW;gBACrD,SAAS,EAAG,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,MAAiB,IAAI,EAAE;gBACjD,IAAI,EAAG,OAAO,EAAE,KAAK,EAAE,IAAe,IAAI,EAAE;gBAC5C,SAAS,EAAE,CAAC,CAAC,SAAS;aACvB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,oEAAoE;IACpE,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC,CAAC,0BAA0B;IACjE,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,eAAe,EAAE,CAAC;QACnD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI;gBAAE,SAAS;YACnC,MAAM,IAAI,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAe,IAAI,EAAE,CAAC;YAClD,IAAI,IAAI;gBAAE,WAAW,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,IAAI,EAAE,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IACD,KAAK,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAI,UAAU,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,uBAAuB,EAAE,EAAE,CAAC;YAC/D,IAAI,WAAW,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,UAAU,EAAE,CAAC;gBAAE,SAAS;YAC5D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,GAAG,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;gBACrC,IAAI,CAAC,GAAG;oBAAE,SAAS;gBACnB,aAAa,CAAC;oBACZ,QAAQ;oBACR,MAAM,EAAE,UAAU;oBAClB,SAAS,EAAE,GAAG,CAAC,MAAM;oBACrB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,SAAS,EAAE,IAAI,CAAC,kBAAkB,EAAE;iBACrC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/taint-findings.js

@@ -14,6 +14,7 @@ const categoryLabels = {
     eval: 'code injection',
     template: 'template injection',
     codegen: 'code generation injection',
+    ssrf: 'server-side request forgery',
 };
 export function getSuggestion(category) {
     switch (category) {
@@ -31,6 +32,8 @@ export function getSuggestion(category) {
             return 'Sanitize user input before embedding in templates';
         case 'codegen':
             return 'Validate type and format of external values before interpolating into generated source code (e.g., parseInt for numeric values)';
+        case 'ssrf':
+            return 'Validate the target URL against a host allowlist before making outbound requests — encodeURIComponent is NOT sufficient';
     }
 }
 // ── Intra-File Findings ─────────────────────────────────────────────────

package/dist/taint-findings.js.map

@@ -1 +1 @@
-{"version":3,"file":"taint-findings.js","sourceRoot":"","sources":["../src/taint-findings.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE/C,2EAA2E;AAE3E,MAAM,cAAc,GAA0C;IAC5D,OAAO,EAAE,mBAAmB;IAC5B,EAAE,EAAE,6BAA6B;IACjC,GAAG,EAAE,eAAe;IACpB,QAAQ,EAAE,eAAe;IACzB,IAAI,EAAE,gBAAgB;IACtB,QAAQ,EAAE,oBAAoB;IAC9B,OAAO,EAAE,2BAA2B;CACrC,CAAC;AAEF,MAAM,UAAU,aAAa,CAAC,QAA+B;IAC3D,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,SAAS;YACZ,OAAO,qFAAqF,CAAC;QAC/F,KAAK,IAAI;YACP,OAAO,4FAA4F,CAAC;QACtG,KAAK,KAAK;YACR,OAAO,mEAAmE,CAAC;QAC7E,KAAK,UAAU;YACb,OAAO,iEAAiE,CAAC;QAC3E,KAAK,MAAM;YACT,OAAO,2EAA2E,CAAC;QACrF,KAAK,UAAU;YACb,OAAO,mDAAmD,CAAC;QAC7D,KAAK,SAAS;YACZ,OAAO,iIAAiI,CAAC;IAC7I,CAAC;AACH,CAAC;AAED,2EAA2E;AAE3E;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,OAAsB;IACpD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,4DAA4D;QAC5D,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QACvD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEtC,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,MAAM,QAAQ,GACZ,IAAI,CAAC,IAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM;gBAC/D,CAAC,CAAE,OAAiB;gBACpB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,KAAK,SAAS;oBAChC,CAAC,CAAE,SAAmB,CAAC,gFAAgF;oBACvG,CAAC,CAAE,SAAmB,CAAC;YAE7B,MAAM,WAAW,GAAe;gBAC9B,IAAI,EAAE,CAAC,CAAC,QAAQ;gBAChB,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,QAAQ,EAAE,CAAC;gBACX,OAAO,EAAE,CAAC,CAAC,SAAS;gBACpB,MAAM,EAAE,CAAC;aACV,CAAC;YAEF,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBAC/B,iDAAiD;gBACjD,QAAQ,CAAC,IAAI,CAAC;oBACZ,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,8BAA8B;oBACtC,QAAQ;oBACR,QAAQ,EAAE,KAAK;oBACf,OAAO,EACL,4BAA4B,IAAI,CAAC,qBAAqB,8BAA8B,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI;wBAC1H,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,0BAA0B;oBACrE,WAAW;oBACX,UAAU,EAAE,GAAG,IAAI,CAAC,qBAAqB,0BAA0B,IAAI,CAAC,IAAI,CAAC,QAAQ,WAAW,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;oBACnI,WAAW,EAAE,iBAAiB,CAAC,oBAAoB,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;iBACrE,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,sBAAsB;gBACtB,QAAQ,CAAC,IAAI,CAAC;oBACZ,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,SAAS,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE;oBACrC,QAAQ;oBACR,QAAQ,EAAE,KAAK;oBACf,OAAO,EACL,eAAe,IAAI,CAAC,MAAM,CAAC,MAAM,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,kBAAkB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI;wBAC7G,aAAa,IAAI,CAAC,IAAI,CAAC,UAAU,gDAAgD;oBACnF,WAAW;oBACX,UAAU,EAAE,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;oBAC7C,WAAW,EAAE,iBAAiB,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;iBAC9E,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,2EAA2E;AAE3E;;GAEG;AACH,MAAM,UAAU,wBAAwB,CAAC,OAA+B;IACtE,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,QAAQ,GACZ,CAAC,CAAC,YAAY,CAAC,QAAQ,KAAK,SAAS,IAAI,CAAC,CAAC,YAAY,CAAC,QAAQ,KAAK,MAAM;YACzE,CAAC,CAAE,OAAiB;YACpB,CAAC,CAAE,SAAmB,CAAC;QAE3B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,mBAAmB,CAAC,CAAC,YAAY,CAAC,QAAQ,EAAE;YACpD,QAAQ;YACR,QAAQ,EAAE,KAAK;YACf,OAAO,EACL,qBAAqB,CAAC,CAAC,MAAM,CAAC,MAAM,OAAO,CAAC,CAAC,QAAQ,QAAQ,CAAC,CAAC,QAAQ,QAAQ,CAAC,CAAC,YAAY,CAAC,IAAI,MAAM;gBACxG,+CAA+C,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ;YAChG,WAAW,EAAE;gBACX,IAAI,EAAE,CAAC,CAAC,UAAU;gBAClB,SAAS,EAAE,CAAC,CAAC,UAAU;gBACvB,QAAQ,EAAE,CAAC;gBACX,OAAO,EAAE,CAAC,CAAC,UAAU;gBACrB,MAAM,EAAE,CAAC;aACV;YACD,YAAY,EAAE;gBACZ;oBACE,IAAI,EAAE,CAAC,CAAC,UAAU;oBAClB,SAAS,EAAE,CAAC;oBACZ,QAAQ,EAAE,CAAC;oBACX,OAAO,EAAE,CAAC;oBACV,MAAM,EAAE,CAAC;iBACV;aACF;YACD,UAAU,EAAE,aAAa,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,QAAQ,OAAO,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE;YACjI,WAAW,EAAE,iBAAiB,CAAC,eAAe,CAAC,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC;SAC1F,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
+{"version":3,"file":"taint-findings.js","sourceRoot":"","sources":["../src/taint-findings.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE/C,2EAA2E;AAE3E,MAAM,cAAc,GAA0C;IAC5D,OAAO,EAAE,mBAAmB;IAC5B,EAAE,EAAE,6BAA6B;IACjC,GAAG,EAAE,eAAe;IACpB,QAAQ,EAAE,eAAe;IACzB,IAAI,EAAE,gBAAgB;IACtB,QAAQ,EAAE,oBAAoB;IAC9B,OAAO,EAAE,2BAA2B;IACpC,IAAI,EAAE,6BAA6B;CACpC,CAAC;AAEF,MAAM,UAAU,aAAa,CAAC,QAA+B;IAC3D,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,SAAS;YACZ,OAAO,qFAAqF,CAAC;QAC/F,KAAK,IAAI;YACP,OAAO,4FAA4F,CAAC;QACtG,KAAK,KAAK;YACR,OAAO,mEAAmE,CAAC;QAC7E,KAAK,UAAU;YACb,OAAO,iEAAiE,CAAC;QAC3E,KAAK,MAAM;YACT,OAAO,2EAA2E,CAAC;QACrF,KAAK,UAAU;YACb,OAAO,mDAAmD,CAAC;QAC7D,KAAK,SAAS;YACZ,OAAO,iIAAiI,CAAC;QAC3I,KAAK,MAAM;YACT,OAAO,yHAAyH,CAAC;IACrI,CAAC;AACH,CAAC;AAED,2EAA2E;AAE3E;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,OAAsB;IACpD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,4DAA4D;QAC5D,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QACvD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEtC,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,MAAM,QAAQ,GACZ,IAAI,CAAC,IAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,KAAK,MAAM;gBAC/D,CAAC,CAAE,OAAiB;gBACpB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,KAAK,SAAS;oBAChC,CAAC,CAAE,SAAmB,CAAC,gFAAgF;oBACvG,CAAC,CAAE,SAAmB,CAAC;YAE7B,MAAM,WAAW,GAAe;gBAC9B,IAAI,EAAE,CAAC,CAAC,QAAQ;gBAChB,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,QAAQ,EAAE,CAAC;gBACX,OAAO,EAAE,CAAC,CAAC,SAAS;gBACpB,MAAM,EAAE,CAAC;aACV,CAAC;YAEF,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBAC/B,iDAAiD;gBACjD,QAAQ,CAAC,IAAI,CAAC;oBACZ,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,8BAA8B;oBACtC,QAAQ;oBACR,QAAQ,EAAE,KAAK;oBACf,OAAO,EACL,4BAA4B,IAAI,CAAC,qBAAqB,8BAA8B,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI;wBAC1H,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,0BAA0B;oBACrE,WAAW;oBACX,UAAU,EAAE,GAAG,IAAI,CAAC,qBAAqB,0BAA0B,IAAI,CAAC,IAAI,CAAC,QAAQ,WAAW,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;oBACnI,WAAW,EAAE,iBAAiB,CAAC,oBAAoB,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;iBACrE,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,sBAAsB;gBACtB,QAAQ,CAAC,IAAI,CAAC;oBACZ,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,SAAS,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE;oBACrC,QAAQ;oBACR,QAAQ,EAAE,KAAK;oBACf,OAAO,EACL,eAAe,IAAI,CAAC,MAAM,CAAC,MAAM,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,kBAAkB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI;wBAC7G,aAAa,IAAI,CAAC,IAAI,CAAC,UAAU,gDAAgD;oBACnF,WAAW;oBACX,UAAU,EAAE,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;oBAC7C,WAAW,EAAE,iBAAiB,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;iBAC9E,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,2EAA2E;AAE3E;;GAEG;AACH,MAAM,UAAU,wBAAwB,CAAC,OAA+B;IACtE,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,QAAQ,GACZ,CAAC,CAAC,YAAY,CAAC,QAAQ,KAAK,SAAS,IAAI,CAAC,CAAC,YAAY,CAAC,QAAQ,KAAK,MAAM;YACzE,CAAC,CAAE,OAAiB;YACpB,CAAC,CAAE,SAAmB,CAAC;QAE3B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,mBAAmB,CAAC,CAAC,YAAY,CAAC,QAAQ,EAAE;YACpD,QAAQ;YACR,QAAQ,EAAE,KAAK;YACf,OAAO,EACL,qBAAqB,CAAC,CAAC,MAAM,CAAC,MAAM,OAAO,CAAC,CAAC,QAAQ,QAAQ,CAAC,CAAC,QAAQ,QAAQ,CAAC,CAAC,YAAY,CAAC,IAAI,MAAM;gBACxG,+CAA+C,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ;YAChG,WAAW,EAAE;gBACX,IAAI,EAAE,CAAC,CAAC,UAAU;gBAClB,SAAS,EAAE,CAAC,CAAC,UAAU;gBACvB,QAAQ,EAAE,CAAC;gBACX,OAAO,EAAE,CAAC,CAAC,UAAU;gBACrB,MAAM,EAAE,CAAC;aACV;YACD,YAAY,EAAE;gBACZ;oBACE,IAAI,EAAE,CAAC,CAAC,UAAU;oBAClB,SAAS,EAAE,CAAC;oBACZ,QAAQ,EAAE,CAAC;oBACX,OAAO,EAAE,CAAC;oBACV,MAAM,EAAE,CAAC;iBACV;aACF;YACD,UAAU,EAAE,aAAa,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,QAAQ,OAAO,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE;YACjI,WAAW,EAAE,iBAAiB,CAAC,eAAe,CAAC,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC;SAC1F,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/taint-types.d.ts

@@ -8,7 +8,7 @@ export interface TaintSource {
 }
 export interface TaintSink {
     name: string;
-    category: 'command' | 'fs' | 'sql' | 'redirect' | 'eval' | 'template' | 'codegen';
+    category: 'command' | 'fs' | 'sql' | 'redirect' | 'eval' | 'template' | 'codegen' | 'ssrf';
     taintedArg: string;
     line?: number;
 }
@@ -121,8 +121,9 @@ export type SinkCategory = TaintSink['category'];
 /**
  * Check if a sanitizer is actually sufficient for a given sink category.
  * Returns true if the sanitizer protects against the sink, false if it's
- * a mismatch (e.g., parseInt used to "sanitize" command injection).
+ * a mismatch (e.g., parseInt used to "sanitize" command injection) or if the
+ * sanitizer name is unrecognized (default-deny so real taint still fires).
  */
 export declare function isSanitizerSufficient(sanitizerName: string, sinkCategory: SinkCategory): boolean;
-export declare const SINK_NAMES: Map<string, "command" | "fs" | "sql" | "redirect" | "eval" | "template" | "codegen">;
+export declare const SINK_NAMES: Map<string, "command" | "fs" | "sql" | "redirect" | "eval" | "template" | "codegen" | "ssrf">;
 export declare const SANITIZER_PATTERN_NAMES: string[];

package/dist/taint-types.js

@@ -60,6 +60,24 @@ export const SINK_PATTERNS = [
     { pattern: /\blines\.push\s*\(`/, name: 'lines.push(template)', category: 'codegen' },
     { pattern: /\bhelperBlock\.push\s*\(`/, name: 'helperBlock.push(template)', category: 'codegen' },
     { pattern: /\bcode\s*\+=\s*`/, name: 'code += template', category: 'codegen' },
+    // SSRF — outbound HTTP request sinks
+    { pattern: /\bfetch\s*\(/, name: 'fetch', category: 'ssrf' },
+    { pattern: /\baxios\s*\(/, name: 'axios', category: 'ssrf' },
+    { pattern: /\baxios\.(get|post|put|delete|patch|head|request)\s*\(/, name: 'axios.request', category: 'ssrf' },
+    { pattern: /\bgot\s*\(/, name: 'got', category: 'ssrf' },
+    { pattern: /\bgot\.(get|post|put|delete|patch|head)\s*\(/, name: 'got.request', category: 'ssrf' },
+    { pattern: /\bhttp\.request\s*\(/, name: 'http.request', category: 'ssrf' },
+    { pattern: /\bhttps\.request\s*\(/, name: 'https.request', category: 'ssrf' },
+    { pattern: /\bundici\.(fetch|request)\s*\(/, name: 'undici.request', category: 'ssrf' },
+    // SQL — raw query sinks beyond generic `query`
+    { pattern: /\$queryRawUnsafe\s*\(/, name: '$queryRawUnsafe', category: 'sql' },
+    { pattern: /\$queryRaw\s*\(/, name: '$queryRaw', category: 'sql' },
+    { pattern: /\bsequelize\.query\s*\(/, name: 'sequelize.query', category: 'sql' },
+    // NOTE: crypto sinks are handled by bespoke rules in rules/security-v5.ts
+    // (crypto-iv-reuse, crypto-weak-kdf). Adding them as generic taint sinks
+    // would flag normal password input to pbkdf2() as "misuse" — passwords ARE
+    // user input by design. The dedicated rules check the specific arg positions
+    // that actually indicate misuse (literal IV, iterations < 100k).
 ];
 // ── Sanitizer Detection ─────────────────────────────────────────────────
 export const SANITIZER_PATTERNS = [
@@ -91,23 +109,53 @@ export const SANITIZER_PATTERNS = [
     { pattern: /\bstripDelimiters\s*\(/, name: 'stripDelimiters' },
     { pattern: /\bcleanForPrompt\s*\(/, name: 'cleanForPrompt' },
 ];
+// SANITIZER_PATTERN_NAMES emits bare names ('safeParse', 'parse'); SANITIZER_PATTERNS (regex) emits
+// prefixed names ('schema.safeParse', 'path.normalize'). Both call isSanitizerSufficient(), so the
+// table below carries BOTH forms explicitly for each sanitizer.
+//
+// Design rule: only include a BARE key when the name is unlikely to collide with unrelated methods.
+// `safeParse` is distinctive enough (almost always a Zod/Yup schema call), but bare `parse`,
+// `validate`, `normalize`, `resolve`, `basename` are ambiguous — a user's custom `.parse()` or
+// `.normalize()` would otherwise be silently treated as a full sanitizer, producing false negatives
+// on real taint bugs. Those stay prefixed-only so the regex engine catches them and the AST engine
+// defaults to deny (unknown sanitizer → taint still fires, conservative).
 const SANITIZER_SUFFICIENCY = {
+    // Coercion sanitizers (bare names are unambiguous)
     parseInt: new Set(['sql']),
     parseFloat: new Set(['sql']),
+    Number: new Set(['sql']),
     'Number()': new Set(['sql']),
-    'Boolean()': new Set([]), // too weak for anything
-    'schema.parse': new Set(['command', 'fs', 'sql', 'redirect', 'eval', 'template']),
-    'schema.safeParse': new Set(['command', 'fs', 'sql', 'redirect', 'eval', 'template']),
-    'schema.validate': new Set(['command', 'fs', 'sql', 'redirect', 'eval', 'template']),
-    'schema.validateSync': new Set(['command', 'fs', 'sql', 'redirect', 'eval', 'template']),
+    Boolean: new Set([]), // too weak for any sink — documented for intent
+    'Boolean()': new Set([]),
+    // Schema validation — `safeParse` stays bare (Zod/Yup-specific); `parse`/`validate`/`validateSync` only as prefixed to avoid colliding with JSON.parse, Date.parse, user methods, etc.
+    'schema.parse': new Set(['command', 'fs', 'sql', 'redirect', 'eval', 'template', 'ssrf']),
+    'schema.safeParse': new Set(['command', 'fs', 'sql', 'redirect', 'eval', 'template', 'ssrf']),
+    safeParse: new Set(['command', 'fs', 'sql', 'redirect', 'eval', 'template', 'ssrf']),
+    'schema.validate': new Set(['command', 'fs', 'sql', 'redirect', 'eval', 'template', 'ssrf']),
+    'schema.validateSync': new Set(['command', 'fs', 'sql', 'redirect', 'eval', 'template', 'ssrf']),
+    // String sanitization
     'sanitize()': new Set(['template']),
+    sanitize: new Set(['template']),
     'escape()': new Set(['sql', 'template']),
+    escape: new Set(['sql', 'template']),
+    escapeHtml: new Set(['template']),
     DOMPurify: new Set(['template']),
+    purify: new Set(['template']),
+    xss: new Set(['template']),
+    // encodeURIComponent prevents open-redirect but NOT SSRF — the attacker still controls the host
     encodeURIComponent: new Set(['redirect']),
+    encodeURI: new Set(['redirect']),
+    // Path sanitization — only prefixed; a user's `.normalize()` is not safe to treat as FS-sufficient
     'path.normalize': new Set(['fs']),
+    'path.resolve': new Set(['fs']),
+    'path.basename': new Set(['fs']),
     'replace(../)': new Set(['fs']),
+    // SQL parameterization
     'parameterized query ($N)': new Set(['sql']),
     'parameterized query (?)': new Set(['sql']),
+    parameterized: new Set(['sql']),
+    sqlstring: new Set(['sql']),
+    // Prompt sanitization
     sanitizeForPrompt: new Set(['template']),
     escapePrompt: new Set(['template']),
     stripDelimiters: new Set(['template']),
@@ -116,7 +164,8 @@ const SANITIZER_SUFFICIENCY = {
 /**
  * Check if a sanitizer is actually sufficient for a given sink category.
  * Returns true if the sanitizer protects against the sink, false if it's
- * a mismatch (e.g., parseInt used to "sanitize" command injection).
+ * a mismatch (e.g., parseInt used to "sanitize" command injection) or if the
+ * sanitizer name is unrecognized (default-deny so real taint still fires).
  */
 export function isSanitizerSufficient(sanitizerName, sinkCategory) {
     const allowed = SANITIZER_SUFFICIENCY[sanitizerName];
@@ -146,9 +195,24 @@ export const SINK_NAMES = new Map([
     ['raw', 'sql'],
     ['$queryRaw', 'sql'],
     ['$queryRawUnsafe', 'sql'],
+    ['sequelize.query', 'sql'],
     ['redirect', 'redirect'],
     ['eval', 'eval'],
     ['Function', 'eval'],
+    // SSRF — outbound HTTP request sinks
+    ['fetch', 'ssrf'],
+    ['axios', 'ssrf'],
+    ['axios.get', 'ssrf'],
+    ['axios.post', 'ssrf'],
+    ['axios.put', 'ssrf'],
+    ['axios.delete', 'ssrf'],
+    ['axios.patch', 'ssrf'],
+    ['axios.request', 'ssrf'],
+    ['got', 'ssrf'],
+    ['http.request', 'ssrf'],
+    ['https.request', 'ssrf'],
+    ['undici.fetch', 'ssrf'],
+    ['undici.request', 'ssrf'],
 ]);
 // Sanitizer names to detect (from SANITIZER_PATTERNS)
 export const SANITIZER_PATTERN_NAMES = [

package/dist/taint-types.js.map

@@ -1 +1 @@
-{"version":3,"file":"taint-types.js","sourceRoot":"","sources":["../src/taint-types.ts"],"names":[],"mappings":"AAAA;;GAEG;AA+DH,4EAA4E;AAE5E,2DAA2D;AAC3D,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC;AACnD,MAAM,CAAC,MAAM,gBAAgB,GAAG,2DAA2D,CAAC;AAE5F,+DAA+D;AAC/D,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE;IAChD,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE;IAClD,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,YAAY,EAAE;IACpD,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,aAAa,EAAE;IACtD,EAAE,OAAO,EAAE,mBAAmB,EAAE,MAAM,EAAE,cAAc,EAAE;IACxD,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,EAAE,eAAe,EAAE;IAC1D,EAAE,OAAO,EAAE,qBAAqB,EAAE,MAAM,EAAE,gBAAgB,EAAE;IAC5D,EAAE,OAAO,EAAE,mBAAmB,EAAE,MAAM,EAAE,cAAc,EAAE;IACxD,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,aAAa,EAAE;IACtD,+CAA+C;IAC/C,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE;IAChD,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,SAAS,EAAE;IAC7C,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,UAAU,EAAE;IAC/C,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,SAAS,EAAE;IAC7C,EAAE,OAAO,EAAE,sBAAsB,EAAE,MAAM,EAAE,iBAAiB,EAAE;IAC9D,wBAAwB;IACxB,EAAE,OAAO,EAAE,yBAAyB,EAAE,MAAM,EAAE,oBAAoB,EAAE;IACpE,EAAE,OAAO,EAAE,sBAAsB,EAAE,MAAM,EAAE,kBAAkB,EAAE;IAC/D,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,aAAa,EAAE;CAC9C,CAAC;AAUX,MAAM,CAAC,MAAM,aAAa,GAAkB;IAC1C,oBAAoB;IACpB,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC7D,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE;IACrE,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC/D,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE;IACvE,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE;IACrE,aAAa;IACb,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,EAAE;IAClE,EAAE,OAAO,EAAE,sBAAsB,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,IAAI,EAAE;IAC1E,EAAE,OAAO,EAAE,0BAA0B,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,IAAI,EAAE;IAClF,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE;IAC5D,EAAE,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE;IACpE,+CAA+C;IAC/C,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC3D,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE;IAClE,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE;IACvD,WAAW;IACX,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,UAAU,EAAE;IACtE,OAAO;IACP,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC1D,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC5E,yCAAyC;IACzC,EAAE,OAAO,EAAE,wBAAwB,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACpF,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC5E,EAAE,OAAO,EAAE,kCAAkC,EAAE,IAAI,EAAE,yBAAyB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACtG,4CAA4C;IAC5C,EAAE,OAAO,EAAE,yBAAyB,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,EAAE;IACjF,EAAE,OAAO,EAAE,4BAA4B,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,EAAE;IACvF,kFAAkF;IAClF,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACrF,EAAE,OAAO,EAAE,2BAA2B,EAAE,IAAI,EAAE,4BAA4B,EAAE,QAAQ,EAAE,SAAS,EAAE;IACjG,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,SAAS,EAAE;CAC/E,CAAC;AAEF,2EAA2E;AAE3E,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,yCAAyC;IACzC,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,UAAU,EAAE;IAChD,EAAE,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,YAAY,EAAE;IACpD,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,UAAU,EAAE;IAC9C,EAAE,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,EAAE;IAChD,oBAAoB;IACpB,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,cAAc,EAAE;IACjD,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,kBAAkB,EAAE;IACzD,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,iBAAiB,EAAE;IACvD,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,qBAAqB,EAAE;IAC/D,sBAAsB;IACtB,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,YAAY,EAAE;IACrD,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,UAAU,EAAE;IACjD,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,WAAW,EAAE;IAC/C,EAAE,OAAO,EAAE,8BAA8B,EAAE,IAAI,EAAE,oBAAoB,EAAE;IACvE,oBAAoB;IACpB,EAAE,OAAO,EAAE,yCAAyC,EAAE,IAAI,EAAE,gBAAgB,EAAE;IAC9E,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,cAAc,EAAE;IAChE,uBAAuB;IACvB,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,0BAA0B,EAAE;IACtD,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,yBAAyB,EAAE;IACtD,sBAAsB;IACtB,EAAE,OAAO,EAAE,0BAA0B,EAAE,IAAI,EAAE,mBAAmB,EAAE;IAClE,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,cAAc,EAAE;IACxD,0BAA0B;IAC1B,EAAE,OAAO,EAAE,wBAAwB,EAAE,IAAI,EAAE,iBAAiB,EAAE;IAC9D,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,gBAAgB,EAAE;CAC7D,CAAC;AAQF,MAAM,qBAAqB,GAAsC;IAC/D,QAAQ,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAC1B,UAAU,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAC5B,UAAU,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAC5B,WAAW,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,EAAE,wBAAwB;IAClD,cAAc,EAAE,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;IACjF,kBAAkB,EAAE,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;IACrF,iBAAiB,EAAE,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;IACpF,qBAAqB,EAAE,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;IACxF,YAAY,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IACnC,UAAU,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IACxC,SAAS,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IAChC,kBAAkB,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IACzC,gBAAgB,EAAE,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;IACjC,cAAc,EAAE,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;IAC/B,0BAA0B,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAC5C,yBAAyB,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAC3C,iBAAiB,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IACxC,YAAY,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IACnC,eAAe,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IACtC,cAAc,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;CACtC,CAAC;AAEF;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CAAC,aAAqB,EAAE,YAA0B;IACrF,MAAM,OAAO,GAAG,qBAAqB,CAAC,aAAa,CAAC,CAAC;IACrD,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC,CAAC,oDAAoD;IAChF,OAAO,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;AACnC,CAAC;AAED,2EAA2E;AAE3E,4DAA4D;AAC5D,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAgC;IAC/D,CAAC,MAAM,EAAE,SAAS,CAAC;IACnB,CAAC,UAAU,EAAE,SAAS,CAAC;IACvB,CAAC,OAAO,EAAE,SAAS,CAAC;IACpB,CAAC,WAAW,EAAE,SAAS,CAAC;IACxB,CAAC,UAAU,EAAE,SAAS,CAAC;IACvB,CAAC,cAAc,EAAE,SAAS,CAAC;IAC3B,CAAC,UAAU,EAAE,IAAI,CAAC;IAClB,CAAC,cAAc,EAAE,IAAI,CAAC;IACtB,CAAC,WAAW,EAAE,IAAI,CAAC;IACnB,CAAC,eAAe,EAAE,IAAI,CAAC;IACvB,CAAC,mBAAmB,EAAE,IAAI,CAAC;IAC3B,CAAC,kBAAkB,EAAE,IAAI,CAAC;IAC1B,CAAC,QAAQ,EAAE,IAAI,CAAC;IAChB,CAAC,YAAY,EAAE,IAAI,CAAC;IACpB,CAAC,OAAO,EAAE,KAAK,CAAC;IAChB,CAAC,UAAU,EAAE,KAAK,CAAC;IACnB,CAAC,KAAK,EAAE,KAAK,CAAC;IACd,CAAC,WAAW,EAAE,KAAK,CAAC;IACpB,CAAC,iBAAiB,EAAE,KAAK,CAAC;IAC1B,CAAC,UAAU,EAAE,UAAU,CAAC;IACxB,CAAC,MAAM,EAAE,MAAM,CAAC;IAChB,CAAC,UAAU,EAAE,MAAM,CAAC;CACrB,CAAC,CAAC;AAEH,sDAAsD;AACtD,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,UAAU;IACV,YAAY;IACZ,QAAQ;IACR,SAAS;IACT,QAAQ;IACR,WAAW;IACX,oBAAoB;IACpB,QAAQ;IACR,UAAU;IACV,WAAW;IACX,QAAQ;IACR,KAAK;IACL,YAAY;IACZ,WAAW;IACX,eAAe;IACf,OAAO;IACP,WAAW;IACX,UAAU;CACX,CAAC"}
+{"version":3,"file":"taint-types.js","sourceRoot":"","sources":["../src/taint-types.ts"],"names":[],"mappings":"AAAA;;GAEG;AA+DH,4EAA4E;AAE5E,2DAA2D;AAC3D,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAC;AACnD,MAAM,CAAC,MAAM,gBAAgB,GAAG,2DAA2D,CAAC;AAE5F,+DAA+D;AAC/D,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE;IAChD,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE;IAClD,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,YAAY,EAAE;IACpD,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,aAAa,EAAE;IACtD,EAAE,OAAO,EAAE,mBAAmB,EAAE,MAAM,EAAE,cAAc,EAAE;IACxD,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,EAAE,eAAe,EAAE;IAC1D,EAAE,OAAO,EAAE,qBAAqB,EAAE,MAAM,EAAE,gBAAgB,EAAE;IAC5D,EAAE,OAAO,EAAE,mBAAmB,EAAE,MAAM,EAAE,cAAc,EAAE;IACxD,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,aAAa,EAAE;IACtD,+CAA+C;IAC/C,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE;IAChD,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,SAAS,EAAE;IAC7C,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,UAAU,EAAE;IAC/C,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,SAAS,EAAE;IAC7C,EAAE,OAAO,EAAE,sBAAsB,EAAE,MAAM,EAAE,iBAAiB,EAAE;IAC9D,wBAAwB;IACxB,EAAE,OAAO,EAAE,yBAAyB,EAAE,MAAM,EAAE,oBAAoB,EAAE;IACpE,EAAE,OAAO,EAAE,sBAAsB,EAAE,MAAM,EAAE,kBAAkB,EAAE;IAC/D,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,aAAa,EAAE;CAC9C,CAAC;AAUX,MAAM,CAAC,MAAM,aAAa,GAAkB;IAC1C,oBAAoB;IACpB,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC7D,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE;IACrE,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC/D,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE;IACvE,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE;IACrE,aAAa;IACb,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,EAAE;IAClE,EAAE,OAAO,EAAE,sBAAsB,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,IAAI,EAAE;IAC1E,EAAE,OAAO,EAAE,0BAA0B,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,IAAI,EAAE;IAClF,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE;IAC5D,EAAE,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE;IACpE,+CAA+C;IAC/C,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC3D,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE;IAClE,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE;IACvD,WAAW;IACX,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,UAAU,EAAE;IACtE,OAAO;IACP,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC1D,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC5E,yCAAyC;IACzC,EAAE,OAAO,EAAE,wBAAwB,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACpF,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC5E,EAAE,OAAO,EAAE,kCAAkC,EAAE,IAAI,EAAE,yBAAyB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACtG,4CAA4C;IAC5C,EAAE,OAAO,EAAE,yBAAyB,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,EAAE;IACjF,EAAE,OAAO,EAAE,4BAA4B,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,EAAE;IACvF,kFAAkF;IAClF,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACrF,EAAE,OAAO,EAAE,2BAA2B,EAAE,IAAI,EAAE,4BAA4B,EAAE,QAAQ,EAAE,SAAS,EAAE;IACjG,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,kBAAkB,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC9E,qCAAqC;IACrC,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC5D,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC5D,EAAE,OAAO,EAAE,wDAAwD,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC9G,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE;IACxD,EAAE,OAAO,EAAE,8CAA8C,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,EAAE;IAClG,EAAE,OAAO,EAAE,sBAAsB,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC3E,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,EAAE;IAC7E,EAAE,OAAO,EAAE,gCAAgC,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,EAAE;IACvF,+CAA+C;IAC/C,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC9E,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,KAAK,EAAE;IAClE,EAAE,OAAO,EAAE,yBAAyB,EAAE,IAAI,EAAE,iBAAiB,EAAE,QAAQ,EAAE,KAAK,EAAE;IAChF,0EAA0E;IAC1E,yEAAyE;IACzE,2EAA2E;IAC3E,6EAA6E;IAC7E,iEAAiE;CAClE,CAAC;AAEF,2EAA2E;AAE3E,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,yCAAyC;IACzC,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,UAAU,EAAE;IAChD,EAAE,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,YAAY,EAAE;IACpD,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,UAAU,EAAE;IAC9C,EAAE,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,EAAE;IAChD,oBAAoB;IACpB,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,cAAc,EAAE;IACjD,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,kBAAkB,EAAE;IACzD,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,iBAAiB,EAAE;IACvD,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,qBAAqB,EAAE;IAC/D,sBAAsB;IACtB,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,YAAY,EAAE;IACrD,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,UAAU,EAAE;IACjD,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,WAAW,EAAE;IAC/C,EAAE,OAAO,EAAE,8BAA8B,EAAE,IAAI,EAAE,oBAAoB,EAAE;IACvE,oBAAoB;IACpB,EAAE,OAAO,EAAE,yCAAyC,EAAE,IAAI,EAAE,gBAAgB,EAAE;IAC9E,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,cAAc,EAAE;IAChE,uBAAuB;IACvB,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,0BAA0B,EAAE;IACtD,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,yBAAyB,EAAE;IACtD,sBAAsB;IACtB,EAAE,OAAO,EAAE,0BAA0B,EAAE,IAAI,EAAE,mBAAmB,EAAE;IAClE,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,cAAc,EAAE;IACxD,0BAA0B;IAC1B,EAAE,OAAO,EAAE,wBAAwB,EAAE,IAAI,EAAE,iBAAiB,EAAE;IAC9D,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,gBAAgB,EAAE;CAC7D,CAAC;AAQF,oGAAoG;AACpG,mGAAmG;AACnG,gEAAgE;AAChE,EAAE;AACF,oGAAoG;AACpG,6FAA6F;AAC7F,+FAA+F;AAC/F,oGAAoG;AACpG,mGAAmG;AACnG,0EAA0E;AAC1E,MAAM,qBAAqB,GAAsC;IAC/D,mDAAmD;IACnD,QAAQ,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAC1B,UAAU,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAC5B,MAAM,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IACxB,UAAU,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAC5B,OAAO,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,EAAE,gDAAgD;IACtE,WAAW,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC;IACxB,uLAAuL;IACvL,cAAc,EAAE,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IACzF,kBAAkB,EAAE,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IAC7F,SAAS,EAAE,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IACpF,iBAAiB,EAAE,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IAC5F,qBAAqB,EAAE,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IAChG,sBAAsB;IACtB,YAAY,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IACnC,QAAQ,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IAC/B,UAAU,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IACxC,MAAM,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IACpC,UAAU,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IACjC,SAAS,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IAChC,MAAM,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IAC7B,GAAG,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IAC1B,gGAAgG;IAChG,kBAAkB,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IACzC,SAAS,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IAChC,mGAAmG;IACnG,gBAAgB,EAAE,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;IACjC,cAAc,EAAE,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;IAC/B,eAAe,EAAE,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;IAChC,cAAc,EAAE,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;IAC/B,uBAAuB;IACvB,0BAA0B,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAC5C,yBAAyB,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAC3C,aAAa,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAC/B,SAAS,EAAE,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAC3B,sBAAsB;IACtB,iBAAiB,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IACxC,YAAY,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IACnC,eAAe,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IACtC,cAAc,EAAE,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;CACtC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,aAAqB,EAAE,YAA0B;IACrF,MAAM,OAAO,GAAG,qBAAqB,CAAC,aAAa,CAAC,CAAC;IACrD,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC,CAAC,oDAAoD;IAChF,OAAO,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;AACnC,CAAC;AAED,2EAA2E;AAE3E,4DAA4D;AAC5D,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAgC;IAC/D,CAAC,MAAM,EAAE,SAAS,CAAC;IACnB,CAAC,UAAU,EAAE,SAAS,CAAC;IACvB,CAAC,OAAO,EAAE,SAAS,CAAC;IACpB,CAAC,WAAW,EAAE,SAAS,CAAC;IACxB,CAAC,UAAU,EAAE,SAAS,CAAC;IACvB,CAAC,cAAc,EAAE,SAAS,CAAC;IAC3B,CAAC,UAAU,EAAE,IAAI,CAAC;IAClB,CAAC,cAAc,EAAE,IAAI,CAAC;IACtB,CAAC,WAAW,EAAE,IAAI,CAAC;IACnB,CAAC,eAAe,EAAE,IAAI,CAAC;IACvB,CAAC,mBAAmB,EAAE,IAAI,CAAC;IAC3B,CAAC,kBAAkB,EAAE,IAAI,CAAC;IAC1B,CAAC,QAAQ,EAAE,IAAI,CAAC;IAChB,CAAC,YAAY,EAAE,IAAI,CAAC;IACpB,CAAC,OAAO,EAAE,KAAK,CAAC;IAChB,CAAC,UAAU,EAAE,KAAK,CAAC;IACnB,CAAC,KAAK,EAAE,KAAK,CAAC;IACd,CAAC,WAAW,EAAE,KAAK,CAAC;IACpB,CAAC,iBAAiB,EAAE,KAAK,CAAC;IAC1B,CAAC,iBAAiB,EAAE,KAAK,CAAC;IAC1B,CAAC,UAAU,EAAE,UAAU,CAAC;IACxB,CAAC,MAAM,EAAE,MAAM,CAAC;IAChB,CAAC,UAAU,EAAE,MAAM,CAAC;IACpB,qCAAqC;IACrC,CAAC,OAAO,EAAE,MAAM,CAAC;IACjB,CAAC,OAAO,EAAE,MAAM,CAAC;IACjB,CAAC,WAAW,EAAE,MAAM,CAAC;IACrB,CAAC,YAAY,EAAE,MAAM,CAAC;IACtB,CAAC,WAAW,EAAE,MAAM,CAAC;IACrB,CAAC,cAAc,EAAE,MAAM,CAAC;IACxB,CAAC,aAAa,EAAE,MAAM,CAAC;IACvB,CAAC,eAAe,EAAE,MAAM,CAAC;IACzB,CAAC,KAAK,EAAE,MAAM,CAAC;IACf,CAAC,cAAc,EAAE,MAAM,CAAC;IACxB,CAAC,eAAe,EAAE,MAAM,CAAC;IACzB,CAAC,cAAc,EAAE,MAAM,CAAC;IACxB,CAAC,gBAAgB,EAAE,MAAM,CAAC;CAC3B,CAAC,CAAC;AAEH,sDAAsD;AACtD,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,UAAU;IACV,YAAY;IACZ,QAAQ;IACR,SAAS;IACT,QAAQ;IACR,WAAW;IACX,oBAAoB;IACpB,QAAQ;IACR,UAAU;IACV,WAAW;IACX,QAAQ;IACR,KAAK;IACL,YAAY;IACZ,WAAW;IACX,eAAe;IACf,OAAO;IACP,WAAW;IACX,UAAU;CACX,CAAC"}

package/dist/taint.d.ts

@@ -12,7 +12,7 @@ export { HTTP_PARAM_NAMES, HTTP_PARAM_TYPES, isSanitizerSufficient, SANITIZER_PA
 export { analyzeTaintAST, buildInternalSinkMap } from './taint-ast.js';
 export { analyzeTaintRegex, buildPaths, classifyParams, detectSanitizers, extractAllAssignments, extractDependencies, findClosingParen, findTaintedSinks, isCircularAssignment, parseLineAssignments, propagateTaint, propagateTaintMultiHop, } from './taint-regex.js';
 export { crossFileTaintToFindings, taintToFindings } from './taint-findings.js';
-export { analyzeTaintCrossFile, buildExportMap, buildImportMap } from './taint-crossfile.js';
+export { analyzeTaintCrossFile, buildExportMap, buildExportMapFromGraph, buildImportAliasMap, buildImportMap, buildImportMapFromGraph, } from './taint-crossfile.js';
 /**
  * Run taint analysis on all fn nodes in inferred results.
  * When sourceFile is provided, uses AST-based analysis (more accurate).