@kevinrabun/judges 1.0.0

package/dist/evaluators/cost-effectiveness.js

@@ -0,0 +1,206 @@
+import { getLineNumbers } from "./shared.js";
+export function analyzeCostEffectiveness(code, language) {
+    const findings = [];
+    let ruleNum = 1;
+    const prefix = "COST";
+    // Nested loops (potential O(n²))
+    const lines = code.split("\n");
+    let loopDepth = 0;
+    const nestedLoopLines = [];
+    for (let i = 0; i < lines.length; i++) {
+        if (/\b(?:for|while)\s*\(/.test(lines[i])) {
+            loopDepth++;
+            if (loopDepth >= 2) {
+                nestedLoopLines.push(i + 1);
+            }
+        }
+        if (/\}/.test(lines[i]) && loopDepth > 0) {
+            loopDepth--;
+        }
+    }
+    if (nestedLoopLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Nested loops detected — potential O(n²) complexity",
+            description: "Nested loops can lead to quadratic or worse time complexity. At scale, this causes dramatically increased compute costs and response times.",
+            lineNumbers: nestedLoopLines,
+            recommendation: "Consider using hash maps for lookups (O(1)), sorting + binary search, or restructuring the algorithm. If the nested loop is necessary, ensure the inner dataset is bounded.",
+            reference: "Algorithm Efficiency Best Practices",
+        });
+    }
+    // N+1 query patterns (loop with await inside)
+    const awaitInLoopPattern = /(?:for|while|\.forEach|\.map)\s*\([\s\S]*?await\s/gi;
+    if (awaitInLoopPattern.test(code)) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "Potential N+1 query pattern (await in loop)",
+            description: "An await call inside a loop suggests sequential asynchronous operations that could be batched. This causes N+1 performance problems and increased latency/cost.",
+            recommendation: "Use Promise.all() to parallelize independent operations, or batch database queries (e.g., WHERE id IN (...) instead of per-ID queries).",
+            reference: "Database Performance Anti-Patterns",
+        });
+    }
+    // Unbounded data fetching
+    const unboundedPattern = /\.find\s*\(\s*\{\s*\}\s*\)|SELECT\s+\*\s+FROM(?!\s+.*(?:WHERE|LIMIT))|\.findAll\s*\(\s*\)|\.objects\.all\(\)|\.ToList\s*\(\s*\)/gi;
+    const unboundedLines = getLineNumbers(code, unboundedPattern);
+    if (unboundedLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Unbounded data query",
+            description: "A query fetches all records without filtering or pagination. With growing data, this will consume excessive memory, bandwidth, and compute.",
+            lineNumbers: unboundedLines,
+            recommendation: "Add pagination (LIMIT/OFFSET or cursor-based), filtering (WHERE clauses), and projection (select only needed fields). Default to a reasonable page size.",
+            reference: "Database Query Optimization",
+        });
+    }
+    // Large synchronous file reads (multi-language)
+    const syncReadPattern = /readFileSync|readSync|fs\.readFile\s*\(\s*[^,]+\s*\)|open\s*\(.*\)\.read\(\)|File\.ReadAllText|File\.ReadAllLines|File\.ReadAllBytes|ioutil\.ReadFile/gi;
+    const syncReadLines = getLineNumbers(code, syncReadPattern);
+    if (syncReadLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "low",
+            title: "Synchronous/blocking file I/O detected",
+            description: "Synchronous file operations block the event loop or thread, reducing throughput and wasting compute resources — especially costly in serverless environments billed per-ms.",
+            lineNumbers: syncReadLines,
+            recommendation: "Use asynchronous file operations (fs.promises.readFile, aiofiles, async File.ReadAllTextAsync) or streaming for large files.",
+            reference: "I/O Performance Best Practices",
+        });
+    }
+    // No caching hints
+    const hasCaching = /cache|redis|memcached|lru|memoize|Cache-Control|@Cacheable|functools\.lru_cache|@cache/gi.test(code);
+    if (!hasCaching && code.split("\n").length > 50) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "info",
+            title: "No caching strategy detected",
+            description: "The code has no apparent caching mechanism. For read-heavy workloads, caching can significantly reduce compute costs and latency.",
+            recommendation: "Consider adding caching at appropriate layers: in-memory (LRU), distributed (Redis/Memcached), or HTTP (Cache-Control headers).",
+            reference: "Caching Best Practices",
+        });
+    }
+    // String concatenation in loops (Java/C#/Python)
+    const strConcatLoopLines = [];
+    lines.forEach((line, i) => {
+        if (/\b(?:for|while)\s*[\s(]/.test(line)) {
+            const loopBody = lines.slice(i + 1, Math.min(lines.length, i + 10)).join("\n");
+            if (/\+=\s*["']|\+\s*=\s*str|\.concat\s*\(|String\s*\+/i.test(loopBody)) {
+                strConcatLoopLines.push(i + 1);
+            }
+        }
+    });
+    if (strConcatLoopLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "String concatenation inside loop",
+            description: "String concatenation in loops creates many intermediate string objects (especially in Java/C#/Python), leading to O(n²) memory allocation.",
+            lineNumbers: strConcatLoopLines,
+            recommendation: "Use StringBuilder (Java/C#), list with join (Python), or array with join (JavaScript) for building strings in loops.",
+            reference: "String Performance Optimization",
+        });
+    }
+    // Over-logging in production paths
+    const logLines = getLineNumbers(code, /console\.(log|info|debug|warn|trace)\s*\(|logger\.(log|info|debug|trace)\s*\(|print\s*\(|fmt\.Print/gi);
+    if (logLines.length > 15) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "low",
+            title: "Excessive logging may increase costs",
+            description: `Found ${logLines.length} log statements. Excessive logging in cloud environments increases storage and log ingestion costs (CloudWatch, Azure Monitor, Datadog).`,
+            lineNumbers: logLines.slice(0, 5),
+            recommendation: "Use appropriate log levels. Set DEBUG/TRACE only in development. Use sampling for high-frequency operations. Estimate log volume costs.",
+            reference: "Cloud Logging Cost Optimization",
+        });
+    }
+    // Unnecessary object creation / deep cloning
+    const deepCloneLines = getLineNumbers(code, /JSON\.parse\s*\(\s*JSON\.stringify|structuredClone|cloneDeep|\.deepCopy|copy\.deepcopy/gi);
+    if (deepCloneLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "low",
+            title: "Deep cloning may be unnecessary",
+            description: "Deep cloning (JSON.parse(JSON.stringify(...)), structuredClone, cloneDeep) is expensive. Ensure it's necessary and not used on large objects in hot paths.",
+            lineNumbers: deepCloneLines,
+            recommendation: "Consider shallow copies (spread operator, Object.assign) when deep cloning isn't needed. Use immutable data structures if cloning is for safety.",
+            reference: "Memory Efficiency Patterns",
+        });
+    }
+    // Eager loading / over-fetching
+    const eagerLoadLines = getLineNumbers(code, /\.include\s*\(|\.populate\s*\(|\.eager\s*\(|\.prefetch_related|\.select_related|Include\s*\(|ThenInclude/gi);
+    if (eagerLoadLines.length > 3) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Excessive eager loading / data over-fetching",
+            description: `Found ${eagerLoadLines.length} eager-loading directives. Loading too many relations eagerly wastes memory and bandwidth when the data isn't always needed.`,
+            lineNumbers: eagerLoadLines.slice(0, 5),
+            recommendation: "Use lazy loading for optional relations. Load only what's needed for each use case. Consider GraphQL or sparse fieldsets for flexible fetching.",
+            reference: "ORM Performance Optimization",
+        });
+    }
+    // Uncompressed responses
+    const hasCompression = /compression|gzip|deflate|brotli|Content-Encoding|Accept-Encoding|UseResponseCompression/gi.test(code);
+    const hasServer = /app\.(listen|use)|createServer|express\(\)|Flask|Django|WebApplication/gi.test(code);
+    if (hasServer && !hasCompression) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "low",
+            title: "No response compression configured",
+            description: "HTTP server code without compression middleware. Compressed responses can reduce bandwidth costs by 60-80% for text-based payloads.",
+            recommendation: "Enable gzip/brotli compression (compression middleware for Express, GzipMiddleware for Django, UseResponseCompression in ASP.NET).",
+            reference: "HTTP Compression Best Practices",
+        });
+    }
+    // Missing connection pooling
+    const hasDbConnection = /createConnection|new\s+Client\s*\(|MongoClient|DriverManager\.getConnection|SqlConnection|psycopg2\.connect|mysql\.connector/gi.test(code);
+    const hasPooling = /Pool|pool|createPool|connection_pool|pooling|DataSource|HikariCP/gi.test(code);
+    if (hasDbConnection && !hasPooling) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "Database connections without pooling",
+            description: "Creating individual database connections per request is expensive. Connection establishment overhead can dominate query time in cloud environments.",
+            recommendation: "Use connection pooling (pg Pool, HikariCP, SqlAlchemy pool, ADO.NET connection pooling). Set appropriate min/max pool sizes.",
+            reference: "Database Connection Pooling Best Practices",
+        });
+    }
+    // Redundant data transformations
+    const multiMapLines = [];
+    lines.forEach((line, i) => {
+        if (/\.map\s*\(/.test(line)) {
+            const nextLines = lines.slice(i + 1, Math.min(lines.length, i + 3)).join("\n");
+            if (/\.map\s*\(|\.filter\s*\(/.test(nextLines)) {
+                multiMapLines.push(i + 1);
+            }
+        }
+    });
+    if (multiMapLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "low",
+            title: "Chained array transformations",
+            description: "Multiple chained .map()/.filter() calls iterate the array multiple times. For large datasets, this wastes CPU and creates intermediate arrays.",
+            lineNumbers: multiMapLines,
+            recommendation: "Combine chained operations into a single reduce() or loop. Use lazy evaluation libraries (lodash/fp, RxJS) for large datasets.",
+            reference: "Functional Programming Performance",
+        });
+    }
+    // Serverless cold-start heavy imports
+    const heavyImportLines = getLineNumbers(code, /import\s+.*(?:aws-sdk|@aws-sdk|firebase-admin|googleapis|azure-storage|@azure\/storage)/gi);
+    if (heavyImportLines.length > 3) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Heavy SDK imports may increase cold-start costs",
+            description: `Found ${heavyImportLines.length} heavy SDK imports. In serverless environments, large imports increase cold-start duration and cost.`,
+            lineNumbers: heavyImportLines,
+            recommendation: "Import only specific modules (e.g., @aws-sdk/client-s3 instead of aws-sdk). Use tree-shakeable imports. Consider lazy loading for rarely-used SDKs.",
+            reference: "Serverless Performance Optimization",
+        });
+    }
+    return findings;
+}
+//# sourceMappingURL=cost-effectiveness.js.map

package/dist/evaluators/cost-effectiveness.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cost-effectiveness.js","sourceRoot":"","sources":["../../src/evaluators/cost-effectiveness.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,MAAM,UAAU,wBAAwB,CAAC,IAAY,EAAE,QAAgB;IACrE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,MAAM,GAAG,MAAM,CAAC;IAEtB,iCAAiC;IACjC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,sBAAsB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1C,SAAS,EAAE,CAAC;YACZ,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;gBACnB,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;YACzC,SAAS,EAAE,CAAC;QACd,CAAC;IACH,CAAC;IACD,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,oDAAoD;YAC3D,WAAW,EAAE,6IAA6I;YAC1J,WAAW,EAAE,eAAe;YAC5B,cAAc,EAAE,6KAA6K;YAC7L,SAAS,EAAE,qCAAqC;SACjD,CAAC,CAAC;IACL,CAAC;IAED,8CAA8C;IAC9C,MAAM,kBAAkB,GAAG,qDAAqD,CAAC;IACjF,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAClC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,6CAA6C;YACpD,WAAW,EAAE,iKAAiK;YAC9K,cAAc,EAAE,yIAAyI;YACzJ,SAAS,EAAE,oCAAoC;SAChD,CAAC,CAAC;IACL,CAAC;IAED,0BAA0B;IAC1B,MAAM,gBAAgB,GAAG,mIAAmI,CAAC;IAC7J,MAAM,cAAc,GAAG,cAAc,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;IAC9D,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,sBAAsB;YAC7B,WAAW,EAAE,6IAA6I;YAC1J,WAAW,EAAE,cAAc;YAC3B,cAAc,EAAE,0JAA0J;YAC1K,SAAS,EAAE,6BAA6B;SACzC,CAAC,CAAC;IACL,CAAC;IAED,gDAAgD;IAChD,MAAM,eAAe,GAAG,yJAAyJ,CAAC;IAClL,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;IAC5D,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,wCAAwC;YAC/C,WAAW,EAAE,6KAA6K;YAC1L,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,8HAA8H;YAC9I,SAAS,EAAE,gCAAgC;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,mBAAmB;IACnB,MAAM,UAAU,GAAG,0FAA0F,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzH,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAChD,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,8BAA8B;YACrC,WAAW,EAAE,mIAAmI;YAChJ,cAAc,EAAE,iIAAiI;YACjJ,SAAS,EAAE,wBAAwB;SACpC,CAAC,CAAC;IACL,CAAC;IAED,iDAAiD;IACjD,MAAM,kBAAkB,GAAa,EAAE,CAAC;IACxC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACzC,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/E,IAAI,oDAAoD,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACxE,kBAAkB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,kCAAkC;YACzC,WAAW,EAAE,4IAA4I;YACzJ,WAAW,EAAE,kBAAkB;YAC/B,cAAc,EAAE,sHAAsH;YACtI,SAAS,EAAE,iCAAiC;SAC7C,CAAC,CAAC;IACL,CAAC;IAED,mCAAmC;IACnC,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,EAAE,uGAAuG,CAAC,CAAC;IAC/I,IAAI,QAAQ,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,sCAAsC;YAC7C,WAAW,EAAE,SAAS,QAAQ,CAAC,MAAM,0IAA0I;YAC/K,WAAW,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;YACjC,cAAc,EAAE,yIAAyI;YACzJ,SAAS,EAAE,iCAAiC;SAC7C,CAAC,CAAC;IACL,CAAC;IAED,6CAA6C;IAC7C,MAAM,cAAc,GAAG,cAAc,CAAC,IAAI,EAAE,0FAA0F,CAAC,CAAC;IACxI,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,iCAAiC;YACxC,WAAW,EAAE,4JAA4J;YACzK,WAAW,EAAE,cAAc;YAC3B,cAAc,EAAE,kJAAkJ;YAClK,SAAS,EAAE,4BAA4B;SACxC,CAAC,CAAC;IACL,CAAC;IAED,gCAAgC;IAChC,MAAM,cAAc,GAAG,cAAc,CAAC,IAAI,EAAE,4GAA4G,CAAC,CAAC;IAC1J,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,8CAA8C;YACrD,WAAW,EAAE,SAAS,cAAc,CAAC,MAAM,8HAA8H;YACzK,WAAW,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;YACvC,cAAc,EAAE,iJAAiJ;YACjK,SAAS,EAAE,8BAA8B;SAC1C,CAAC,CAAC;IACL,CAAC;IAED,yBAAyB;IACzB,MAAM,cAAc,GAAG,2FAA2F,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9H,MAAM,SAAS,GAAG,0EAA0E,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxG,IAAI,SAAS,IAAI,CAAC,cAAc,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,oCAAoC;YAC3C,WAAW,EAAE,qIAAqI;YAClJ,cAAc,EAAE,oIAAoI;YACpJ,SAAS,EAAE,iCAAiC;SAC7C,CAAC,CAAC;IACL,CAAC;IAED,6BAA6B;IAC7B,MAAM,eAAe,GAAG,gIAAgI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpK,MAAM,UAAU,GAAG,oEAAoE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnG,IAAI,eAAe,IAAI,CAAC,UAAU,EAAE,CAAC;QACnC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,sCAAsC;YAC7C,WAAW,EAAE,qJAAqJ;YAClK,cAAc,EAAE,8HAA8H;YAC9I,SAAS,EAAE,4CAA4C;SACxD,CAAC,CAAC;IACL,CAAC;IAED,iCAAiC;IACjC,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/E,IAAI,0BAA0B,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/C,aAAa,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,+BAA+B;YACtC,WAAW,EAAE,gJAAgJ;YAC7J,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,gIAAgI;YAChJ,SAAS,EAAE,oCAAoC;SAChD,CAAC,CAAC;IACL,CAAC;IAED,sCAAsC;IACtC,MAAM,gBAAgB,GAAG,cAAc,CAAC,IAAI,EAAE,2FAA2F,CAAC,CAAC;IAC3I,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,iDAAiD;YACxD,WAAW,EAAE,SAAS,gBAAgB,CAAC,MAAM,sGAAsG;YACnJ,WAAW,EAAE,gBAAgB;YAC7B,cAAc,EAAE,qJAAqJ;YACrK,SAAS,EAAE,qCAAqC;SACjD,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/evaluators/cybersecurity.d.ts

@@ -0,0 +1,3 @@
+import { Finding } from "../types.js";
+export declare function analyzeCybersecurity(code: string, language: string): Finding[];
+//# sourceMappingURL=cybersecurity.d.ts.map

package/dist/evaluators/cybersecurity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cybersecurity.d.ts","sourceRoot":"","sources":["../../src/evaluators/cybersecurity.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAGtC,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CA2S9E"}

package/dist/evaluators/cybersecurity.js

@@ -0,0 +1,282 @@
+import { getLineNumbers } from "./shared.js";
+export function analyzeCybersecurity(code, language) {
+    const findings = [];
+    let ruleNum = 1;
+    const prefix = "CYBER";
+    // eval() / exec() usage (multi-language)
+    const evalPattern = /\beval\s*\(|exec\s*\(.*(?:req\.|request\.|input|user)|Function\s*\(\s*["'`]|compile\s*\(\s*(?:req|input|user)/gi;
+    const evalLines = getLineNumbers(code, evalPattern);
+    if (evalLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "critical",
+            title: "Dangerous eval()/exec() usage",
+            description: "eval(), exec(), or dynamic code compilation executes arbitrary code and is a primary vector for code injection attacks.",
+            lineNumbers: evalLines,
+            recommendation: "Remove eval() entirely. Use JSON.parse() for data parsing, or a proper expression parser if dynamic evaluation is truly needed.",
+            reference: "OWASP Code Injection — CWE-94",
+        });
+    }
+    // innerHTML / dangerouslySetInnerHTML / v-html / [innerHTML]
+    const innerHTMLPattern = /\.innerHTML\s*=|dangerouslySetInnerHTML|v-html\s*=|\[innerHTML\]\s*=/gi;
+    const innerHTMLLines = getLineNumbers(code, innerHTMLPattern);
+    if (innerHTMLLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "Potential XSS via innerHTML",
+            description: "Setting innerHTML, dangerouslySetInnerHTML, v-html, or [innerHTML] can lead to Cross-Site Scripting (XSS) if the content includes unsanitized user input.",
+            lineNumbers: innerHTMLLines,
+            recommendation: "Use textContent for plain text, or use a sanitization library (DOMPurify) before inserting HTML. In React, avoid dangerouslySetInnerHTML unless content is sanitized.",
+            reference: "OWASP XSS Prevention — CWE-79",
+        });
+    }
+    // Command injection risk (multi-language)
+    const cmdPattern = /(?:exec|spawn|execSync|spawnSync|execFile|child_process|subprocess|os\.system|os\.popen|Runtime\.exec|ProcessBuilder|Process\.Start|system\s*\(|popen\s*\(|shell_exec|passthru|proc_open)\s*\(.*(?:\+|`|\$\{|%s|\.format)/gi;
+    const cmdLines = getLineNumbers(code, cmdPattern);
+    if (cmdLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "critical",
+            title: "Potential command injection",
+            description: "Shell commands are constructed with string concatenation/interpolation, allowing an attacker to inject arbitrary OS commands if user input is included.",
+            lineNumbers: cmdLines,
+            recommendation: "Use execFile() with an argument array instead of exec(). Never concatenate user input into shell commands. Validate and sanitize all inputs.",
+            reference: "OWASP Command Injection — CWE-78",
+        });
+    }
+    // Disabled TLS / certificate validation
+    const tlsRejectPattern = /NODE_TLS_REJECT_UNAUTHORIZED\s*=\s*['"]?0|rejectUnauthorized\s*:\s*false|verify\s*=\s*False|InsecureSkipVerify\s*:\s*true|ssl_verify\s*=\s*false|ServerCertificateValidationCallback\s*=.*true|CURLOPT_SSL_VERIFYPEER.*false|verify_ssl\s*=\s*false/gi;
+    const tlsLines = getLineNumbers(code, tlsRejectPattern);
+    if (tlsLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "critical",
+            title: "TLS certificate validation disabled",
+            description: "TLS certificate verification is explicitly disabled, making the application vulnerable to man-in-the-middle (MITM) attacks.",
+            lineNumbers: tlsLines,
+            recommendation: "Never disable TLS certificate validation in production. Use proper CA certificates. If using self-signed certs in development, use a CA bundle instead.",
+            reference: "CWE-295: Improper Certificate Validation",
+        });
+    }
+    // Insecure CORS
+    const corsPattern = /(?:Access-Control-Allow-Origin|cors)\s*[:({]\s*['"]\*/gi;
+    const corsLines = getLineNumbers(code, corsPattern);
+    if (corsLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Overly permissive CORS configuration",
+            description: "CORS is configured to allow all origins ('*'), which may allow malicious websites to make cross-origin requests to your API.",
+            lineNumbers: corsLines,
+            recommendation: "Restrict CORS to specific trusted origins. If credentials are used, '*' is not allowed by browsers anyway — be explicit about allowed origins.",
+            reference: "OWASP CORS Misconfiguration — CWE-942",
+        });
+    }
+    // Prototype pollution risk
+    const protoPattern = /\.__proto__|Object\.assign\s*\(\s*\{\}|lodash\.merge|_\.merge|deepmerge|Object\.keys.*forEach.*\[/gi;
+    const protoLines = getLineNumbers(code, protoPattern);
+    if (protoLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Potential prototype pollution risk",
+            description: "Direct __proto__ access or unchecked Object.assign/deep merge with user-controlled data can lead to prototype pollution attacks.",
+            lineNumbers: protoLines,
+            recommendation: "Use Object.create(null) for map-like objects, validate keys against a whitelist, and use Map instead of plain objects for dynamic keys.",
+            reference: "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes",
+        });
+    }
+    // Disabled linter/type-checker rules
+    const disablePattern = /(?:eslint-disable|tslint:disable|@ts-ignore|@ts-nocheck|nosec|noinspection|noqa|type:\s*ignore|#\s*pragma\s+no\s+cover)/gi;
+    const disableLines = getLineNumbers(code, disablePattern);
+    if (disableLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "low",
+            title: "Linter/type-checker suppression directives found",
+            description: "Code contains directives to suppress linter or type-checker warnings. While sometimes necessary, these can mask real security or quality issues.",
+            lineNumbers: disableLines,
+            recommendation: "Review each suppression directive to ensure it's justified. Add a comment explaining why the suppression is necessary. Remove any that were added simply to silence warnings.",
+            reference: "Secure Coding Best Practices",
+        });
+    }
+    // XML External Entity (XXE) injection
+    const xxePatterns = /DocumentBuilder|SAXParser|XMLReader|DOMParser|etree\.parse|xml\.sax|parseXML|lxml\.etree|XmlReader|XmlDocument|LIBXML_NOENT/gi;
+    const xxeLines = getLineNumbers(code, xxePatterns);
+    if (xxeLines.length > 0) {
+        const hasProtection = /disallow-doctype-decl|FEATURE_SECURE_PROCESSING|resolve_entities\s*=\s*False|DtdProcessing\.Prohibit|LIBXML_NONET/gi.test(code);
+        if (!hasProtection) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "high",
+                title: "XML parsing without XXE protection",
+                description: "XML is parsed without visible protection against XML External Entity (XXE) injection, which can lead to file disclosure, SSRF, or denial of service.",
+                lineNumbers: xxeLines,
+                recommendation: "Disable external entity resolution and DTD processing in your XML parser. Use defusedxml in Python. Set FEATURE_SECURE_PROCESSING in Java.",
+                reference: "OWASP XXE — CWE-611",
+            });
+        }
+    }
+    // LDAP injection
+    const ldapPatterns = /ldap\.search|ldap_search|DirectorySearcher|LdapTemplate|ldap\.bind/gi;
+    const ldapLines = getLineNumbers(code, ldapPatterns);
+    if (ldapLines.length > 0) {
+        const hasLdapSanitation = /escape|sanitize|ldap_escape|filter_format/gi.test(code);
+        if (!hasLdapSanitation) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "high",
+                title: "Potential LDAP injection",
+                description: "LDAP queries are constructed without visible input sanitization, potentially allowing LDAP injection attacks.",
+                lineNumbers: ldapLines,
+                recommendation: "Escape special LDAP characters in user input. Use parameterized LDAP queries or the ldap_escape function.",
+                reference: "OWASP LDAP Injection — CWE-90",
+            });
+        }
+    }
+    // Server-Side Request Forgery (SSRF)
+    const ssrfPatterns = /(?:fetch|axios|http\.get|requests\.get|urllib|HttpClient|WebClient|curl)\s*\(.*(?:req\.|request\.|params\.|query\.|body\.|input|url\s*=)/gi;
+    const ssrfLines = getLineNumbers(code, ssrfPatterns);
+    if (ssrfLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "Potential Server-Side Request Forgery (SSRF)",
+            description: "User input is used to construct a URL for server-side requests, allowing attackers to access internal services, cloud metadata endpoints, or arbitrary external resources.",
+            lineNumbers: ssrfLines,
+            recommendation: "Validate and whitelist allowed URLs/domains. Block access to internal IP ranges (10.x, 172.16-31.x, 192.168.x, 169.254.169.254). Use a URL parser to verify the host.",
+            reference: "OWASP SSRF — CWE-918",
+        });
+    }
+    // Open redirect
+    const redirectPatterns = /(?:res\.redirect|Response\.Redirect|redirect|HttpResponseRedirect|header\s*\(\s*["']Location)\s*\(.*(?:req\.|request\.|params\.|query\.|body\.|input|url\s*=)/gi;
+    const redirectLines = getLineNumbers(code, redirectPatterns);
+    if (redirectLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Potential open redirect",
+            description: "User-controlled input is used in a redirect URL, which can be exploited for phishing attacks by redirecting users to malicious sites.",
+            lineNumbers: redirectLines,
+            recommendation: "Validate redirect URLs against a whitelist of allowed domains. Use relative paths or map redirect targets to predefined safe URLs.",
+            reference: "OWASP Open Redirect — CWE-601",
+        });
+    }
+    // ReDoS (Regular Expression Denial of Service)
+    const regexPatterns = /new\s+RegExp\s*\(.*(?:req\.|request\.|params\.|query\.|body\.|input|user)/gi;
+    const regexLines = getLineNumbers(code, regexPatterns);
+    if (regexLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "User input in RegExp — ReDoS risk",
+            description: "User input is used to construct a regular expression, which can cause catastrophic backtracking (ReDoS) with crafted input, hanging the server.",
+            lineNumbers: regexLines,
+            recommendation: "Never use user input in RegExp without escaping. Use safe-regex or re2 for untrusted patterns. Set timeouts on regex operations.",
+            reference: "CWE-1333: Inefficient Regular Expression Complexity",
+        });
+    }
+    // Template injection (SSTI)
+    const templatePatterns = /render_template_string|Template\(.*(?:req|request|input|user)|Jinja2|nunjucks\.renderString|Handlebars\.compile\s*\(.*(?:req|input)|ERB\.new\s*\(.*(?:params|request)/gi;
+    const templateLines = getLineNumbers(code, templatePatterns);
+    if (templateLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "critical",
+            title: "Potential Server-Side Template Injection (SSTI)",
+            description: "User input appears to be passed directly to template rendering, allowing attackers to execute arbitrary code via template syntax.",
+            lineNumbers: templateLines,
+            recommendation: "Never pass user input as template source. Use templates only from trusted files with parameterized data. Enable sandboxing if available.",
+            reference: "OWASP SSTI — CWE-1336",
+        });
+    }
+    // CRLF injection / HTTP header injection
+    const crlfPatterns = /(?:setHeader|writeHead|res\.set|response\.header|header\s*\()\s*\(.*(?:req\.|request\.|params\.|query\.|body\.|input)/gi;
+    const crlfLines = getLineNumbers(code, crlfPatterns);
+    if (crlfLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Potential HTTP header injection",
+            description: "User input may be used in HTTP response headers, allowing CRLF injection to set arbitrary headers or split responses.",
+            lineNumbers: crlfLines,
+            recommendation: "Strip \\r\\n characters from any user input used in headers. Validate and encode header values.",
+            reference: "CWE-113: Improper Neutralization of CRLF Sequences",
+        });
+    }
+    // Missing security headers
+    const hasHelmet = /helmet|X-Content-Type-Options|Content-Security-Policy|X-Frame-Options|Strict-Transport-Security|X-XSS-Protection/gi.test(code);
+    const hasServer = /app\.(listen|use)|createServer|express\(\)|Flask\(|Django|WebApplication|Startup/gi.test(code);
+    if (hasServer && !hasHelmet) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "No security headers configured",
+            description: "HTTP server code does not configure security headers (CSP, X-Frame-Options, HSTS, etc.), leaving it vulnerable to clickjacking, XSS, and other attacks.",
+            recommendation: "Use helmet (Express), django-security middleware, or manually set: Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Strict-Transport-Security.",
+            reference: "OWASP Security Headers — CWE-693",
+        });
+    }
+    // Insecure session configuration
+    const sessionPatterns = /session\s*\(\s*\{|express-session|SessionMiddleware|session_config/gi;
+    const sessionLines = getLineNumbers(code, sessionPatterns);
+    if (sessionLines.length > 0) {
+        const hasSecureSession = /secure\s*:\s*true|HttpOnly|sameSite/gi.test(code);
+        if (!hasSecureSession) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "high",
+                title: "Insecure session configuration",
+                description: "Session middleware is configured without secure cookie settings, making sessions vulnerable to hijacking.",
+                lineNumbers: sessionLines,
+                recommendation: "Configure sessions with secure: true, httpOnly: true, sameSite: 'strict', and a reasonable maxAge. Use a server-side session store.",
+                reference: "OWASP Session Management — CWE-614",
+            });
+        }
+    }
+    // Weak password requirements
+    const passwordValidation = /password.*(?:length|min|max|regex|pattern|require)/gi;
+    const hasPasswordInput = /password|passwd|pwd/gi.test(code);
+    const hasAuthRoutes = /(?:register|signup|sign-up|createUser|changePassword|resetPassword)/gi.test(code);
+    if (hasAuthRoutes && hasPasswordInput && !passwordValidation.test(code)) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "No password complexity validation",
+            description: "Authentication endpoints handle passwords but no password complexity rules (minimum length, character requirements) are visible.",
+            recommendation: "Enforce minimum 8-character passwords with complexity requirements. Use NIST SP 800-63B guidelines. Check against breached password databases (Have I Been Pwned).",
+            reference: "NIST SP 800-63B — CWE-521",
+        });
+    }
+    // Hardcoded admin/backdoor accounts
+    const backdoorPatterns = /(?:admin|root|superuser|backdoor)\s*[:=]\s*["'][^"']+["'].*(?:password|passwd|pwd)|(?:password|passwd|pwd)\s*[:=]\s*["'][^"']+["'].*(?:admin|root|superuser)/gi;
+    const backdoorLines = getLineNumbers(code, backdoorPatterns);
+    if (backdoorLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "critical",
+            title: "Hardcoded admin/backdoor credentials",
+            description: "Hardcoded admin or superuser credentials create a permanent backdoor. These are trivially discovered by examining the source code.",
+            lineNumbers: backdoorLines,
+            recommendation: "Remove hardcoded credentials. Use environment-based configuration and initial setup scripts for admin accounts.",
+            reference: "CWE-798: Use of Hard-coded Credentials",
+        });
+    }
+    // Missing rate limiting on auth endpoints
+    const authEndpoints = getLineNumbers(code, /(?:login|signin|sign-in|authenticate|auth|password|token)\s*['",:]/gi);
+    const hasRateLimit = /rate.?limit|throttle|limiter|brute/gi.test(code);
+    if (authEndpoints.length > 0 && !hasRateLimit) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "Authentication endpoints without rate limiting",
+            description: "Authentication-related code exists without visible rate limiting, making it vulnerable to brute-force and credential stuffing attacks.",
+            lineNumbers: authEndpoints.slice(0, 5),
+            recommendation: "Implement rate limiting on login/auth endpoints. Use progressive delays, account lockouts, or CAPTCHA after failed attempts.",
+            reference: "OWASP Brute Force — CWE-307",
+        });
+    }
+    return findings;
+}
+//# sourceMappingURL=cybersecurity.js.map

package/dist/evaluators/cybersecurity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cybersecurity.js","sourceRoot":"","sources":["../../src/evaluators/cybersecurity.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,MAAM,UAAU,oBAAoB,CAAC,IAAY,EAAE,QAAgB;IACjE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,MAAM,GAAG,OAAO,CAAC;IAEvB,yCAAyC;IACzC,MAAM,WAAW,GAAG,iHAAiH,CAAC;IACtI,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACpD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,+BAA+B;YACtC,WAAW,EAAE,yHAAyH;YACtI,WAAW,EAAE,SAAS;YACtB,cAAc,EAAE,iIAAiI;YACjJ,SAAS,EAAE,+BAA+B;SAC3C,CAAC,CAAC;IACL,CAAC;IAED,6DAA6D;IAC7D,MAAM,gBAAgB,GAAG,wEAAwE,CAAC;IAClG,MAAM,cAAc,GAAG,cAAc,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;IAC9D,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,6BAA6B;YACpC,WAAW,EAAE,2JAA2J;YACxK,WAAW,EAAE,cAAc;YAC3B,cAAc,EAAE,uKAAuK;YACvL,SAAS,EAAE,+BAA+B;SAC3C,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,MAAM,UAAU,GAAG,6NAA6N,CAAC;IACjP,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IAClD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,6BAA6B;YACpC,WAAW,EAAE,yJAAyJ;YACtK,WAAW,EAAE,QAAQ;YACrB,cAAc,EAAE,8IAA8I;YAC9J,SAAS,EAAE,kCAAkC;SAC9C,CAAC,CAAC;IACL,CAAC;IAED,wCAAwC;IACxC,MAAM,gBAAgB,GAAG,uPAAuP,CAAC;IACjR,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;IACxD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,qCAAqC;YAC5C,WAAW,EAAE,6HAA6H;YAC1I,WAAW,EAAE,QAAQ;YACrB,cAAc,EAAE,yJAAyJ;YACzK,SAAS,EAAE,0CAA0C;SACtD,CAAC,CAAC;IACL,CAAC;IAED,gBAAgB;IAChB,MAAM,WAAW,GAAG,yDAAyD,CAAC;IAC9E,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACpD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,sCAAsC;YAC7C,WAAW,EAAE,8HAA8H;YAC3I,WAAW,EAAE,SAAS;YACtB,cAAc,EAAE,gJAAgJ;YAChK,SAAS,EAAE,uCAAuC;SACnD,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAC3B,MAAM,YAAY,GAAG,qGAAqG,CAAC;IAC3H,MAAM,UAAU,GAAG,cAAc,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IACtD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,oCAAoC;YAC3C,WAAW,EAAE,kIAAkI;YAC/I,WAAW,EAAE,UAAU;YACvB,cAAc,EAAE,yIAAyI;YACzJ,SAAS,EAAE,6EAA6E;SACzF,CAAC,CAAC;IACL,CAAC;IAED,qCAAqC;IACrC,MAAM,cAAc,GAAG,2HAA2H,CAAC;IACnJ,MAAM,YAAY,GAAG,cAAc,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IAC1D,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,kDAAkD;YACzD,WAAW,EAAE,kJAAkJ;YAC/J,WAAW,EAAE,YAAY;YACzB,cAAc,EAAE,+KAA+K;YAC/L,SAAS,EAAE,8BAA8B;SAC1C,CAAC,CAAC;IACL,CAAC;IAED,sCAAsC;IACtC,MAAM,WAAW,GAAG,+HAA+H,CAAC;IACpJ,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACnD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,aAAa,GAAG,qHAAqH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvJ,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACzD,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,oCAAoC;gBAC3C,WAAW,EAAE,sJAAsJ;gBACnK,WAAW,EAAE,QAAQ;gBACrB,cAAc,EAAE,4IAA4I;gBAC5J,SAAS,EAAE,qBAAqB;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,iBAAiB;IACjB,MAAM,YAAY,GAAG,sEAAsE,CAAC;IAC5F,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IACrD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,iBAAiB,GAAG,6CAA6C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnF,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvB,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACzD,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,0BAA0B;gBACjC,WAAW,EAAE,+GAA+G;gBAC5H,WAAW,EAAE,SAAS;gBACtB,cAAc,EAAE,2GAA2G;gBAC3H,SAAS,EAAE,+BAA+B;aAC3C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,MAAM,YAAY,GAAG,4IAA4I,CAAC;IAClK,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IACrD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,8CAA8C;YACrD,WAAW,EAAE,4KAA4K;YACzL,WAAW,EAAE,SAAS;YACtB,cAAc,EAAE,uKAAuK;YACvL,SAAS,EAAE,sBAAsB;SAClC,CAAC,CAAC;IACL,CAAC;IAED,gBAAgB;IAChB,MAAM,gBAAgB,GAAG,iKAAiK,CAAC;IAC3L,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;IAC7D,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,yBAAyB;YAChC,WAAW,EAAE,uIAAuI;YACpJ,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,oIAAoI;YACpJ,SAAS,EAAE,+BAA+B;SAC3C,CAAC,CAAC;IACL,CAAC;IAED,+CAA+C;IAC/C,MAAM,aAAa,GAAG,6EAA6E,CAAC;IACpG,MAAM,UAAU,GAAG,cAAc,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;IACvD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,mCAAmC;YAC1C,WAAW,EAAE,iJAAiJ;YAC9J,WAAW,EAAE,UAAU;YACvB,cAAc,EAAE,kIAAkI;YAClJ,SAAS,EAAE,qDAAqD;SACjE,CAAC,CAAC;IACL,CAAC;IAED,4BAA4B;IAC5B,MAAM,gBAAgB,GAAG,yKAAyK,CAAC;IACnM,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;IAC7D,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,iDAAiD;YACxD,WAAW,EAAE,mIAAmI;YAChJ,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,0IAA0I;YAC1J,SAAS,EAAE,uBAAuB;SACnC,CAAC,CAAC;IACL,CAAC;IAED,yCAAyC;IACzC,MAAM,YAAY,GAAG,yHAAyH,CAAC;IAC/I,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IACrD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,iCAAiC;YACxC,WAAW,EAAE,uHAAuH;YACpI,WAAW,EAAE,SAAS;YACtB,cAAc,EAAE,iGAAiG;YACjH,SAAS,EAAE,oDAAoD;SAChE,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAC3B,MAAM,SAAS,GAAG,oHAAoH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClJ,MAAM,SAAS,GAAG,oFAAoF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClH,IAAI,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;QAC5B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,gCAAgC;YACvC,WAAW,EAAE,yJAAyJ;YACtK,cAAc,EAAE,iKAAiK;YACjL,SAAS,EAAE,kCAAkC;SAC9C,CAAC,CAAC;IACL,CAAC;IAED,iCAAiC;IACjC,MAAM,eAAe,GAAG,sEAAsE,CAAC;IAC/F,MAAM,YAAY,GAAG,cAAc,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;IAC3D,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,gBAAgB,GAAG,uCAAuC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5E,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACzD,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,gCAAgC;gBACvC,WAAW,EAAE,2GAA2G;gBACxH,WAAW,EAAE,YAAY;gBACzB,cAAc,EAAE,qIAAqI;gBACrJ,SAAS,EAAE,oCAAoC;aAChD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,MAAM,kBAAkB,GAAG,sDAAsD,CAAC;IAClF,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5D,MAAM,aAAa,GAAG,uEAAuE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzG,IAAI,aAAa,IAAI,gBAAgB,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACxE,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,mCAAmC;YAC1C,WAAW,EAAE,kIAAkI;YAC/I,cAAc,EAAE,oKAAoK;YACpL,SAAS,EAAE,2BAA2B;SACvC,CAAC,CAAC;IACL,CAAC;IAED,oCAAoC;IACpC,MAAM,gBAAgB,GAAG,gKAAgK,CAAC;IAC1L,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;IAC7D,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,sCAAsC;YAC7C,WAAW,EAAE,oIAAoI;YACjJ,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,iHAAiH;YACjI,SAAS,EAAE,wCAAwC;SACpD,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,EAAE,sEAAsE,CAAC,CAAC;IACnH,MAAM,YAAY,GAAG,sCAAsC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvE,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;QAC9C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,gDAAgD;YACvD,WAAW,EAAE,wIAAwI;YACrJ,WAAW,EAAE,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;YACtC,cAAc,EAAE,8HAA8H;YAC9I,SAAS,EAAE,6BAA6B;SACzC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/evaluators/data-security.d.ts

@@ -0,0 +1,3 @@
+import { Finding } from "../types.js";
+export declare function analyzeDataSecurity(code: string, language: string): Finding[];
+//# sourceMappingURL=data-security.d.ts.map

package/dist/evaluators/data-security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"data-security.d.ts","sourceRoot":"","sources":["../../src/evaluators/data-security.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAGtC,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CA8S7E"}