@kevinrabun/judges 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +174 -0
- package/dist/evaluators/accessibility.d.ts +3 -0
- package/dist/evaluators/accessibility.d.ts.map +1 -0
- package/dist/evaluators/accessibility.js +306 -0
- package/dist/evaluators/accessibility.js.map +1 -0
- package/dist/evaluators/api-design.d.ts +3 -0
- package/dist/evaluators/api-design.d.ts.map +1 -0
- package/dist/evaluators/api-design.js +224 -0
- package/dist/evaluators/api-design.js.map +1 -0
- package/dist/evaluators/cloud-readiness.d.ts +3 -0
- package/dist/evaluators/cloud-readiness.d.ts.map +1 -0
- package/dist/evaluators/cloud-readiness.js +181 -0
- package/dist/evaluators/cloud-readiness.js.map +1 -0
- package/dist/evaluators/compliance.d.ts +3 -0
- package/dist/evaluators/compliance.d.ts.map +1 -0
- package/dist/evaluators/compliance.js +213 -0
- package/dist/evaluators/compliance.js.map +1 -0
- package/dist/evaluators/concurrency.d.ts +3 -0
- package/dist/evaluators/concurrency.d.ts.map +1 -0
- package/dist/evaluators/concurrency.js +220 -0
- package/dist/evaluators/concurrency.js.map +1 -0
- package/dist/evaluators/cost-effectiveness.d.ts +3 -0
- package/dist/evaluators/cost-effectiveness.d.ts.map +1 -0
- package/dist/evaluators/cost-effectiveness.js +206 -0
- package/dist/evaluators/cost-effectiveness.js.map +1 -0
- package/dist/evaluators/cybersecurity.d.ts +3 -0
- package/dist/evaluators/cybersecurity.d.ts.map +1 -0
- package/dist/evaluators/cybersecurity.js +282 -0
- package/dist/evaluators/cybersecurity.js.map +1 -0
- package/dist/evaluators/data-security.d.ts +3 -0
- package/dist/evaluators/data-security.d.ts.map +1 -0
- package/dist/evaluators/data-security.js +286 -0
- package/dist/evaluators/data-security.js.map +1 -0
- package/dist/evaluators/dependency-health.d.ts +3 -0
- package/dist/evaluators/dependency-health.d.ts.map +1 -0
- package/dist/evaluators/dependency-health.js +197 -0
- package/dist/evaluators/dependency-health.js.map +1 -0
- package/dist/evaluators/documentation.d.ts +3 -0
- package/dist/evaluators/documentation.d.ts.map +1 -0
- package/dist/evaluators/documentation.js +216 -0
- package/dist/evaluators/documentation.js.map +1 -0
- package/dist/evaluators/ethics-bias.d.ts +3 -0
- package/dist/evaluators/ethics-bias.d.ts.map +1 -0
- package/dist/evaluators/ethics-bias.js +205 -0
- package/dist/evaluators/ethics-bias.js.map +1 -0
- package/dist/evaluators/index.d.ts +12 -0
- package/dist/evaluators/index.d.ts.map +1 -0
- package/dist/evaluators/index.js +127 -0
- package/dist/evaluators/index.js.map +1 -0
- package/dist/evaluators/internationalization.d.ts +3 -0
- package/dist/evaluators/internationalization.d.ts.map +1 -0
- package/dist/evaluators/internationalization.js +176 -0
- package/dist/evaluators/internationalization.js.map +1 -0
- package/dist/evaluators/observability.d.ts +3 -0
- package/dist/evaluators/observability.d.ts.map +1 -0
- package/dist/evaluators/observability.js +171 -0
- package/dist/evaluators/observability.js.map +1 -0
- package/dist/evaluators/performance.d.ts +3 -0
- package/dist/evaluators/performance.d.ts.map +1 -0
- package/dist/evaluators/performance.js +306 -0
- package/dist/evaluators/performance.js.map +1 -0
- package/dist/evaluators/reliability.d.ts +3 -0
- package/dist/evaluators/reliability.d.ts.map +1 -0
- package/dist/evaluators/reliability.js +215 -0
- package/dist/evaluators/reliability.js.map +1 -0
- package/dist/evaluators/scalability.d.ts +3 -0
- package/dist/evaluators/scalability.d.ts.map +1 -0
- package/dist/evaluators/scalability.js +171 -0
- package/dist/evaluators/scalability.js.map +1 -0
- package/dist/evaluators/shared.d.ts +18 -0
- package/dist/evaluators/shared.d.ts.map +1 -0
- package/dist/evaluators/shared.js +147 -0
- package/dist/evaluators/shared.js.map +1 -0
- package/dist/evaluators/software-practices.d.ts +3 -0
- package/dist/evaluators/software-practices.d.ts.map +1 -0
- package/dist/evaluators/software-practices.js +272 -0
- package/dist/evaluators/software-practices.js.map +1 -0
- package/dist/evaluators/testing.d.ts +3 -0
- package/dist/evaluators/testing.d.ts.map +1 -0
- package/dist/evaluators/testing.js +185 -0
- package/dist/evaluators/testing.js.map +1 -0
- package/dist/index.d.ts +16 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +238 -0
- package/dist/index.js.map +1 -0
- package/dist/judges/accessibility.d.ts +3 -0
- package/dist/judges/accessibility.d.ts.map +1 -0
- package/dist/judges/accessibility.js +28 -0
- package/dist/judges/accessibility.js.map +1 -0
- package/dist/judges/api-design.d.ts +3 -0
- package/dist/judges/api-design.d.ts.map +1 -0
- package/dist/judges/api-design.js +30 -0
- package/dist/judges/api-design.js.map +1 -0
- package/dist/judges/cloud-readiness.d.ts +3 -0
- package/dist/judges/cloud-readiness.d.ts.map +1 -0
- package/dist/judges/cloud-readiness.js +28 -0
- package/dist/judges/cloud-readiness.js.map +1 -0
- package/dist/judges/compliance.d.ts +3 -0
- package/dist/judges/compliance.d.ts.map +1 -0
- package/dist/judges/compliance.js +28 -0
- package/dist/judges/compliance.js.map +1 -0
- package/dist/judges/concurrency.d.ts +3 -0
- package/dist/judges/concurrency.d.ts.map +1 -0
- package/dist/judges/concurrency.js +30 -0
- package/dist/judges/concurrency.js.map +1 -0
- package/dist/judges/cost-effectiveness.d.ts +3 -0
- package/dist/judges/cost-effectiveness.d.ts.map +1 -0
- package/dist/judges/cost-effectiveness.js +27 -0
- package/dist/judges/cost-effectiveness.js.map +1 -0
- package/dist/judges/cybersecurity.d.ts +3 -0
- package/dist/judges/cybersecurity.d.ts.map +1 -0
- package/dist/judges/cybersecurity.js +27 -0
- package/dist/judges/cybersecurity.js.map +1 -0
- package/dist/judges/data-security.d.ts +3 -0
- package/dist/judges/data-security.d.ts.map +1 -0
- package/dist/judges/data-security.js +25 -0
- package/dist/judges/data-security.js.map +1 -0
- package/dist/judges/dependency-health.d.ts +3 -0
- package/dist/judges/dependency-health.d.ts.map +1 -0
- package/dist/judges/dependency-health.js +30 -0
- package/dist/judges/dependency-health.js.map +1 -0
- package/dist/judges/documentation.d.ts +3 -0
- package/dist/judges/documentation.d.ts.map +1 -0
- package/dist/judges/documentation.js +30 -0
- package/dist/judges/documentation.js.map +1 -0
- package/dist/judges/ethics-bias.d.ts +3 -0
- package/dist/judges/ethics-bias.d.ts.map +1 -0
- package/dist/judges/ethics-bias.js +30 -0
- package/dist/judges/ethics-bias.js.map +1 -0
- package/dist/judges/index.d.ts +23 -0
- package/dist/judges/index.d.ts.map +1 -0
- package/dist/judges/index.js +63 -0
- package/dist/judges/index.js.map +1 -0
- package/dist/judges/internationalization.d.ts +3 -0
- package/dist/judges/internationalization.d.ts.map +1 -0
- package/dist/judges/internationalization.js +28 -0
- package/dist/judges/internationalization.js.map +1 -0
- package/dist/judges/observability.d.ts +3 -0
- package/dist/judges/observability.d.ts.map +1 -0
- package/dist/judges/observability.js +28 -0
- package/dist/judges/observability.js.map +1 -0
- package/dist/judges/performance.d.ts +3 -0
- package/dist/judges/performance.d.ts.map +1 -0
- package/dist/judges/performance.js +30 -0
- package/dist/judges/performance.js.map +1 -0
- package/dist/judges/reliability.d.ts +3 -0
- package/dist/judges/reliability.d.ts.map +1 -0
- package/dist/judges/reliability.js +30 -0
- package/dist/judges/reliability.js.map +1 -0
- package/dist/judges/scalability.d.ts +3 -0
- package/dist/judges/scalability.d.ts.map +1 -0
- package/dist/judges/scalability.js +28 -0
- package/dist/judges/scalability.js.map +1 -0
- package/dist/judges/software-practices.d.ts +3 -0
- package/dist/judges/software-practices.d.ts.map +1 -0
- package/dist/judges/software-practices.js +30 -0
- package/dist/judges/software-practices.js.map +1 -0
- package/dist/judges/testing.d.ts +3 -0
- package/dist/judges/testing.d.ts.map +1 -0
- package/dist/judges/testing.js +30 -0
- package/dist/judges/testing.js.map +1 -0
- package/dist/types.d.ts +80 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +2 -0
- package/dist/types.js.map +1 -0
- package/package.json +53 -0
- package/server.json +21 -0
|
@@ -0,0 +1,286 @@
|
|
|
1
|
+
import { getLineNumbers } from "./shared.js";
|
|
2
|
+
export function analyzeDataSecurity(code, language) {
|
|
3
|
+
const findings = [];
|
|
4
|
+
let ruleNum = 1;
|
|
5
|
+
const prefix = "DATA";
|
|
6
|
+
// Hardcoded secrets (multi-language)
|
|
7
|
+
const secretPatterns = [
|
|
8
|
+
{ pattern: /(?:password|passwd|pwd)\s*[:=]\s*["'][^"']+["']/gi, name: "password" },
|
|
9
|
+
{ pattern: /(?:api[_-]?key|apikey)\s*[:=]\s*["'][^"']+["']/gi, name: "API key" },
|
|
10
|
+
{ pattern: /(?:secret|token)\s*[:=]\s*["'][^"']+["']/gi, name: "secret/token" },
|
|
11
|
+
{ pattern: /(?:connection[_-]?string)\s*[:=]\s*["'][^"']+["']/gi, name: "connection string" },
|
|
12
|
+
{ pattern: /(?:private[_-]?key)\s*[:=]\s*["'][^"']+["']/gi, name: "private key" },
|
|
13
|
+
{ pattern: /-----BEGIN (?:RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/gi, name: "embedded private key" },
|
|
14
|
+
{ pattern: /(?:aws_access_key_id|aws_secret_access_key)\s*[:=]\s*["'][^"']+["']/gi, name: "AWS credential" },
|
|
15
|
+
{ pattern: /AKIA[0-9A-Z]{16}/g, name: "AWS access key ID" },
|
|
16
|
+
{ pattern: /(?:ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9_]{36,}/g, name: "GitHub token" },
|
|
17
|
+
{ pattern: /xox[bprs]-[0-9a-zA-Z-]{10,}/g, name: "Slack token" },
|
|
18
|
+
{ pattern: /sk-[a-zA-Z0-9]{20,}/g, name: "OpenAI/Stripe secret key" },
|
|
19
|
+
{ pattern: /(?:SG\.)[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9_-]{43}/g, name: "SendGrid API key" },
|
|
20
|
+
{ pattern: /(?:bearer|authorization)\s*[:=]\s*["'][^"']{20,}["']/gi, name: "hardcoded auth token" },
|
|
21
|
+
{ pattern: /(?:AZURE|MICROSOFT)_[A-Z_]*(?:KEY|SECRET|TOKEN|CONNECTION)\s*[:=]\s*["'][^"']+["']/gi, name: "Azure credential" },
|
|
22
|
+
{ pattern: /(?:DATABASE_URL|MONGO_URI|REDIS_URL)\s*[:=]\s*["'][^"']+["']/gi, name: "database connection URL" },
|
|
23
|
+
];
|
|
24
|
+
for (const sp of secretPatterns) {
|
|
25
|
+
const lines = getLineNumbers(code, sp.pattern);
|
|
26
|
+
if (lines.length > 0) {
|
|
27
|
+
findings.push({
|
|
28
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
29
|
+
severity: "critical",
|
|
30
|
+
title: `Hardcoded ${sp.name} detected`,
|
|
31
|
+
description: `A ${sp.name} appears to be hardcoded in the source code. This is a severe data security risk as it can be extracted from version control, build artifacts, or decompiled binaries.`,
|
|
32
|
+
lineNumbers: lines,
|
|
33
|
+
recommendation: `Move the ${sp.name} to a secrets manager (e.g., Azure Key Vault, AWS Secrets Manager, HashiCorp Vault) or at minimum to environment variables. Never commit secrets to source control.`,
|
|
34
|
+
reference: "OWASP: Hardcoded Credentials — CWE-798",
|
|
35
|
+
});
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
// Console/print logging of sensitive data (multi-language)
|
|
39
|
+
const logSensitivePatterns = /(?:console\.\w+|print|println|printf|log\.\w+|logger\.\w+|logging\.\w+|System\.out|System\.err|fmt\.Print|puts|echo)\s*\(.*(?:password|secret|token|key|credential|ssn|credit.?card|cvv|pin_code)/gi;
|
|
40
|
+
const logLines = getLineNumbers(code, logSensitivePatterns);
|
|
41
|
+
if (logLines.length > 0) {
|
|
42
|
+
findings.push({
|
|
43
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
44
|
+
severity: "high",
|
|
45
|
+
title: "Sensitive data may be logged",
|
|
46
|
+
description: "Log output appears to include sensitive data fields such as passwords, tokens, or PII. This can lead to credential exposure in log aggregation systems.",
|
|
47
|
+
lineNumbers: logLines,
|
|
48
|
+
recommendation: "Remove sensitive data from log statements. Use structured logging with redaction filters to automatically mask sensitive fields.",
|
|
49
|
+
reference: "OWASP Logging Cheat Sheet — CWE-532",
|
|
50
|
+
});
|
|
51
|
+
}
|
|
52
|
+
// Weak hashing (multi-language)
|
|
53
|
+
const weakHashPatterns = /(?:md5|sha1|MD5|SHA1)\s*\(|MessageDigest\.getInstance\s*\(\s*["'](?:MD5|SHA-?1)["']\)|hashlib\.(?:md5|sha1)|Digest::(?:MD5|SHA1)|crypto\.createHash\s*\(\s*["'](?:md5|sha1)["']\)|MD5\.Create|SHA1\.Create/gi;
|
|
54
|
+
const weakHashLines = getLineNumbers(code, weakHashPatterns);
|
|
55
|
+
if (weakHashLines.length > 0) {
|
|
56
|
+
findings.push({
|
|
57
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
58
|
+
severity: "high",
|
|
59
|
+
title: "Weak hashing algorithm used",
|
|
60
|
+
description: "MD5 or SHA1 is used, which are cryptographically broken for security purposes. They should not be used for password hashing, data integrity verification, or any security-sensitive context.",
|
|
61
|
+
lineNumbers: weakHashLines,
|
|
62
|
+
recommendation: "Use SHA-256/SHA-512 for integrity checks, or bcrypt/scrypt/argon2 for password hashing.",
|
|
63
|
+
reference: "NIST SP 800-131A — CWE-328",
|
|
64
|
+
});
|
|
65
|
+
}
|
|
66
|
+
// SQL injection risk (multi-language)
|
|
67
|
+
const sqlInjectionPatterns = /(?:query|execute|exec|cursor\.execute|raw|rawQuery|createQuery)\s*\(\s*[`"'].*\$\{|(?:query|execute|exec|cursor\.execute)\s*\(\s*.*\+\s*(?:req\.|request\.|params\.|query\.|body\.|args\.|kwargs)|(?:query|execute|exec)\s*\(\s*f["']|\.format\s*\(.*(?:req\.|request\.|input)|String\.format\s*\(\s*["'](?:SELECT|INSERT|UPDATE|DELETE)/gi;
|
|
68
|
+
const sqlLines = getLineNumbers(code, sqlInjectionPatterns);
|
|
69
|
+
if (sqlLines.length > 0) {
|
|
70
|
+
findings.push({
|
|
71
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
72
|
+
severity: "critical",
|
|
73
|
+
title: "Potential SQL injection via string concatenation",
|
|
74
|
+
description: "SQL queries appear to be constructed using string interpolation or concatenation with user input, which can lead to SQL injection attacks and data breaches.",
|
|
75
|
+
lineNumbers: sqlLines,
|
|
76
|
+
recommendation: "Use parameterized queries or prepared statements. Never concatenate user input into SQL strings directly.",
|
|
77
|
+
reference: "OWASP SQL Injection — CWE-89",
|
|
78
|
+
});
|
|
79
|
+
}
|
|
80
|
+
// No encryption in HTTP calls
|
|
81
|
+
const httpPatterns = /['"]http:\/\/(?!localhost|127\.0\.0\.1|0\.0\.0\.0)/gi;
|
|
82
|
+
const httpLines = getLineNumbers(code, httpPatterns);
|
|
83
|
+
if (httpLines.length > 0) {
|
|
84
|
+
findings.push({
|
|
85
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
86
|
+
severity: "medium",
|
|
87
|
+
title: "Unencrypted HTTP connection",
|
|
88
|
+
description: "Non-localhost HTTP URLs are used instead of HTTPS, meaning data is transmitted in plaintext and vulnerable to interception.",
|
|
89
|
+
lineNumbers: httpLines,
|
|
90
|
+
recommendation: "Use HTTPS for all non-local connections to ensure data in transit is encrypted with TLS.",
|
|
91
|
+
reference: "OWASP Transport Layer Protection — CWE-319",
|
|
92
|
+
});
|
|
93
|
+
}
|
|
94
|
+
// Unsafe deserialization (multi-language)
|
|
95
|
+
const deserializationPatterns = /pickle\.loads?|yaml\.load\s*\([^)]*(?!\s*Loader)|Marshal\.load|JSON\.parse\s*\(\s*(?:req|request|body|input)|ObjectInputStream|readObject\s*\(|BinaryFormatter\.Deserialize|unserialize\s*\(/gi;
|
|
96
|
+
const deserLines = getLineNumbers(code, deserializationPatterns);
|
|
97
|
+
if (deserLines.length > 0) {
|
|
98
|
+
findings.push({
|
|
99
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
100
|
+
severity: "critical",
|
|
101
|
+
title: "Unsafe deserialization detected",
|
|
102
|
+
description: "Deserializing untrusted data (pickle, YAML, Java ObjectInputStream, PHP unserialize, .NET BinaryFormatter) can lead to remote code execution.",
|
|
103
|
+
lineNumbers: deserLines,
|
|
104
|
+
recommendation: "Never deserialize untrusted data. Use safe alternatives: yaml.safe_load(), JSON instead of pickle, whitelist-based deserialization. Validate and sanitize all input before deserialization.",
|
|
105
|
+
reference: "OWASP Deserialization — CWE-502",
|
|
106
|
+
});
|
|
107
|
+
}
|
|
108
|
+
// Cookie without security flags
|
|
109
|
+
const cookieNoFlagLines = getLineNumbers(code, /(?:res\.cookie|setCookie|set_cookie|SetCookie)\s*\(/gi);
|
|
110
|
+
if (cookieNoFlagLines.length > 0) {
|
|
111
|
+
const hasSecure = /secure\s*:\s*true|Secure/gi.test(code);
|
|
112
|
+
const hasHttpOnly = /httpOnly\s*:\s*true|HttpOnly/gi.test(code);
|
|
113
|
+
if (!hasSecure || !hasHttpOnly) {
|
|
114
|
+
findings.push({
|
|
115
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
116
|
+
severity: "high",
|
|
117
|
+
title: "Cookie may lack security flags",
|
|
118
|
+
description: "Cookies are set without explicit Secure, HttpOnly, or SameSite flags, making them vulnerable to interception and XSS-based theft.",
|
|
119
|
+
lineNumbers: cookieNoFlagLines,
|
|
120
|
+
recommendation: "Set Secure, HttpOnly, and SameSite=Strict (or Lax) flags on all cookies. Use __Host- prefix for sensitive cookies.",
|
|
121
|
+
reference: "OWASP Session Management — CWE-614",
|
|
122
|
+
});
|
|
123
|
+
}
|
|
124
|
+
}
|
|
125
|
+
// JWT without verification
|
|
126
|
+
const jwtNoVerifyPatterns = /jwt\.decode\s*\(|jose\.decode\s*\(|JWT\.decode\s*\(/gi;
|
|
127
|
+
const jwtNoVerifyLines = getLineNumbers(code, jwtNoVerifyPatterns);
|
|
128
|
+
if (jwtNoVerifyLines.length > 0) {
|
|
129
|
+
findings.push({
|
|
130
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
131
|
+
severity: "critical",
|
|
132
|
+
title: "JWT decoded without signature verification",
|
|
133
|
+
description: "JWT tokens are decoded without verifying the signature, allowing attackers to forge tokens with arbitrary claims.",
|
|
134
|
+
lineNumbers: jwtNoVerifyLines,
|
|
135
|
+
recommendation: "Always use jwt.verify() instead of jwt.decode(). Validate the signature, issuer, audience, and expiration claims.",
|
|
136
|
+
reference: "OWASP JWT Security — CWE-345",
|
|
137
|
+
});
|
|
138
|
+
}
|
|
139
|
+
// File upload without validation
|
|
140
|
+
const fileUploadPatterns = /multer|upload|formidable|busboy|multipart|FileUpload|MultipartFile/gi;
|
|
141
|
+
const fileUploadLines = getLineNumbers(code, fileUploadPatterns);
|
|
142
|
+
if (fileUploadLines.length > 0) {
|
|
143
|
+
const hasValidation = /mime|mimetype|content-type|extension|allowedTypes|fileFilter|accept|maxSize|fileSizeLimit/gi.test(code);
|
|
144
|
+
if (!hasValidation) {
|
|
145
|
+
findings.push({
|
|
146
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
147
|
+
severity: "high",
|
|
148
|
+
title: "File upload without type/size validation",
|
|
149
|
+
description: "File uploads are accepted without visible MIME type, extension, or size validation, allowing malicious file uploads.",
|
|
150
|
+
lineNumbers: fileUploadLines,
|
|
151
|
+
recommendation: "Validate file type (MIME + extension + magic bytes), enforce size limits, scan for malware, and store uploads outside the webroot.",
|
|
152
|
+
reference: "OWASP Unrestricted File Upload — CWE-434",
|
|
153
|
+
});
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
// Cleartext password storage
|
|
157
|
+
const cleartextPwPatterns = /password\s*[:=]\s*(?:req\.|request\.|body\.|input\.|params\.).*(?:save|insert|create|update|store|set)/gi;
|
|
158
|
+
const cleartextLines = getLineNumbers(code, cleartextPwPatterns);
|
|
159
|
+
if (cleartextLines.length > 0) {
|
|
160
|
+
const hasHashing = /bcrypt|argon2|scrypt|pbkdf2|hashPassword|hash_password|PasswordHasher/gi.test(code);
|
|
161
|
+
if (!hasHashing) {
|
|
162
|
+
findings.push({
|
|
163
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
164
|
+
severity: "critical",
|
|
165
|
+
title: "Password may be stored in cleartext",
|
|
166
|
+
description: "User passwords appear to be stored without hashing. If the database is compromised, all passwords are exposed.",
|
|
167
|
+
lineNumbers: cleartextLines,
|
|
168
|
+
recommendation: "Hash passwords using bcrypt, argon2, or scrypt with a unique salt per password. Never store passwords in plaintext or with reversible encryption.",
|
|
169
|
+
reference: "OWASP Password Storage — CWE-256",
|
|
170
|
+
});
|
|
171
|
+
}
|
|
172
|
+
}
|
|
173
|
+
// CORS with credentials and wildcard
|
|
174
|
+
const corsCredLines = getLineNumbers(code, /credentials\s*:\s*true|Access-Control-Allow-Credentials/gi);
|
|
175
|
+
const corsWildcard = /Access-Control-Allow-Origin.*\*|origin\s*:\s*['"]?\*/gi.test(code);
|
|
176
|
+
if (corsCredLines.length > 0 && corsWildcard) {
|
|
177
|
+
findings.push({
|
|
178
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
179
|
+
severity: "critical",
|
|
180
|
+
title: "CORS with credentials and wildcard origin",
|
|
181
|
+
description: "Using Access-Control-Allow-Credentials with a wildcard origin allows any website to make authenticated requests to your API.",
|
|
182
|
+
lineNumbers: corsCredLines,
|
|
183
|
+
recommendation: "Never combine credentials: true with origin: '*'. Whitelist specific trusted origins.",
|
|
184
|
+
reference: "OWASP CORS — CWE-942",
|
|
185
|
+
});
|
|
186
|
+
}
|
|
187
|
+
// Missing CSRF protection
|
|
188
|
+
const formPostLines = getLineNumbers(code, /app\.post\s*\(|router\.post\s*\(|@PostMapping|@RequestMapping.*POST|\.post\s*\(/gi);
|
|
189
|
+
const hasCsrf = /csrf|xsrf|_token|csrfToken|antiforgery|AntiForgery|@csrf/gi.test(code);
|
|
190
|
+
if (formPostLines.length > 2 && !hasCsrf) {
|
|
191
|
+
findings.push({
|
|
192
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
193
|
+
severity: "high",
|
|
194
|
+
title: "No CSRF protection detected",
|
|
195
|
+
description: "POST endpoints exist but no CSRF tokens or protection middleware is visible, making the application vulnerable to cross-site request forgery.",
|
|
196
|
+
lineNumbers: formPostLines.slice(0, 5),
|
|
197
|
+
recommendation: "Implement CSRF protection using tokens (csurf, django.middleware.csrf, @csrf_exempt annotations) or SameSite cookies.",
|
|
198
|
+
reference: "OWASP CSRF — CWE-352",
|
|
199
|
+
});
|
|
200
|
+
}
|
|
201
|
+
// Exposing stack traces to clients
|
|
202
|
+
const stackTracePatterns = /(?:res\.(?:json|send)|response\.(?:json|send))\s*\(.*(?:stack|stackTrace|err\.message|error\.message)|traceback\.format_exc/gi;
|
|
203
|
+
const stackLines = getLineNumbers(code, stackTracePatterns);
|
|
204
|
+
if (stackLines.length > 0) {
|
|
205
|
+
findings.push({
|
|
206
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
207
|
+
severity: "medium",
|
|
208
|
+
title: "Stack traces exposed to clients",
|
|
209
|
+
description: "Error stack traces sent in API responses reveal internal implementation details, file paths, and library versions to attackers.",
|
|
210
|
+
lineNumbers: stackLines,
|
|
211
|
+
recommendation: "Return generic error messages to clients. Log detailed errors server-side only. Use different error handlers for development vs production.",
|
|
212
|
+
reference: "OWASP Error Handling — CWE-209",
|
|
213
|
+
});
|
|
214
|
+
}
|
|
215
|
+
// Hardcoded encryption keys / IVs
|
|
216
|
+
const encKeyPatterns = /(?:encryption[_-]?key|aes[_-]?key|iv|initialization[_-]?vector|nonce)\s*[:=]\s*["'][^"']+["']|(?:Buffer\.from|new\s+Uint8Array)\s*\(.*(?:key|iv)/gi;
|
|
217
|
+
const encKeyLines = getLineNumbers(code, encKeyPatterns);
|
|
218
|
+
if (encKeyLines.length > 0) {
|
|
219
|
+
findings.push({
|
|
220
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
221
|
+
severity: "critical",
|
|
222
|
+
title: "Hardcoded encryption key or IV",
|
|
223
|
+
description: "Encryption keys and initialization vectors are hardcoded, making encrypted data trivially decryptable by anyone with access to the code.",
|
|
224
|
+
lineNumbers: encKeyLines,
|
|
225
|
+
recommendation: "Generate encryption keys securely at runtime or load from a key management service. IVs/nonces must be random and unique per encryption operation.",
|
|
226
|
+
reference: "CWE-321: Use of Hard-coded Cryptographic Key",
|
|
227
|
+
});
|
|
228
|
+
}
|
|
229
|
+
// Insecure random number generation for security
|
|
230
|
+
const insecureRandPatterns = /Math\.random\s*\(\)|random\.random\s*\(|rand\s*\(|Random\(\)|new\s+Random\b/gi;
|
|
231
|
+
const insecureRandLines = getLineNumbers(code, insecureRandPatterns);
|
|
232
|
+
if (insecureRandLines.length > 0) {
|
|
233
|
+
const nearSecurity = code.split("\n").some((line, i) => {
|
|
234
|
+
if (insecureRandPatterns.test(line)) {
|
|
235
|
+
const context = code.split("\n").slice(Math.max(0, i - 3), i + 3).join("\n");
|
|
236
|
+
return /token|secret|password|key|nonce|salt|session|csrf|otp|verification/i.test(context);
|
|
237
|
+
}
|
|
238
|
+
return false;
|
|
239
|
+
});
|
|
240
|
+
if (nearSecurity) {
|
|
241
|
+
findings.push({
|
|
242
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
243
|
+
severity: "high",
|
|
244
|
+
title: "Insecure random for security context",
|
|
245
|
+
description: "Math.random() or similar non-cryptographic PRNGs are used in a security-sensitive context (token generation, etc.). These are predictable.",
|
|
246
|
+
lineNumbers: insecureRandLines,
|
|
247
|
+
recommendation: "Use crypto.randomBytes() (Node.js), secrets.token_hex() (Python), SecureRandom (Java/Ruby), or crypto.getRandomValues() (browser).",
|
|
248
|
+
reference: "CWE-330: Use of Insufficiently Random Values",
|
|
249
|
+
});
|
|
250
|
+
}
|
|
251
|
+
}
|
|
252
|
+
// Path traversal risk
|
|
253
|
+
const pathTraversalPatterns = /(?:readFile|writeFile|readdir|open|fopen|file_get_contents|include|require)\s*\(.*(?:req\.|request\.|params\.|query\.|body\.|input\.|args)/gi;
|
|
254
|
+
const pathTravLines = getLineNumbers(code, pathTraversalPatterns);
|
|
255
|
+
if (pathTravLines.length > 0) {
|
|
256
|
+
findings.push({
|
|
257
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
258
|
+
severity: "critical",
|
|
259
|
+
title: "Potential path traversal via user input",
|
|
260
|
+
description: "File operations use user-controlled input without apparent sanitization, allowing attackers to read/write arbitrary files using ../ sequences.",
|
|
261
|
+
lineNumbers: pathTravLines,
|
|
262
|
+
recommendation: "Validate and sanitize file paths. Use path.resolve() + startsWith() checks, or a whitelist of allowed paths. Never pass user input directly to file operations.",
|
|
263
|
+
reference: "OWASP Path Traversal — CWE-22",
|
|
264
|
+
});
|
|
265
|
+
}
|
|
266
|
+
// Missing encryption at rest
|
|
267
|
+
const dbWritePatterns = /\.(?:save|create|insert|insertMany|insertOne|put|store)\s*\(/gi;
|
|
268
|
+
const dbWriteLines = getLineNumbers(code, dbWritePatterns);
|
|
269
|
+
const hasEncryption = /encrypt|cipher|aes|AES|crypto\.createCipher|DataProtect|ProtectedData/gi.test(code);
|
|
270
|
+
if (dbWriteLines.length > 3 && !hasEncryption) {
|
|
271
|
+
const hasSensitiveData = /(?:ssn|social_security|credit.?card|password|health|medical|financial|bank)/gi.test(code);
|
|
272
|
+
if (hasSensitiveData) {
|
|
273
|
+
findings.push({
|
|
274
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
275
|
+
severity: "high",
|
|
276
|
+
title: "Sensitive data stored without encryption",
|
|
277
|
+
description: "Code stores sensitive data (medical, financial, SSN) without visible encryption-at-rest. If the database is compromised, data is exposed in plaintext.",
|
|
278
|
+
lineNumbers: dbWriteLines.slice(0, 5),
|
|
279
|
+
recommendation: "Use field-level encryption for sensitive data, database-level TDE (Transparent Data Encryption), or application-level encryption before storage.",
|
|
280
|
+
reference: "OWASP Cryptographic Storage — CWE-311",
|
|
281
|
+
});
|
|
282
|
+
}
|
|
283
|
+
}
|
|
284
|
+
return findings;
|
|
285
|
+
}
|
|
286
|
+
//# sourceMappingURL=data-security.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"data-security.js","sourceRoot":"","sources":["../../src/evaluators/data-security.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,MAAM,UAAU,mBAAmB,CAAC,IAAY,EAAE,QAAgB;IAChE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,MAAM,GAAG,MAAM,CAAC;IAEtB,qCAAqC;IACrC,MAAM,cAAc,GAAG;QACrB,EAAE,OAAO,EAAE,mDAAmD,EAAE,IAAI,EAAE,UAAU,EAAE;QAClF,EAAE,OAAO,EAAE,kDAAkD,EAAE,IAAI,EAAE,SAAS,EAAE;QAChF,EAAE,OAAO,EAAE,4CAA4C,EAAE,IAAI,EAAE,cAAc,EAAE;QAC/E,EAAE,OAAO,EAAE,qDAAqD,EAAE,IAAI,EAAE,mBAAmB,EAAE;QAC7F,EAAE,OAAO,EAAE,+CAA+C,EAAE,IAAI,EAAE,aAAa,EAAE;QACjF,EAAE,OAAO,EAAE,0DAA0D,EAAE,IAAI,EAAE,sBAAsB,EAAE;QACrG,EAAE,OAAO,EAAE,uEAAuE,EAAE,IAAI,EAAE,gBAAgB,EAAE;QAC5G,EAAE,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,mBAAmB,EAAE;QAC3D,EAAE,OAAO,EAAE,4CAA4C,EAAE,IAAI,EAAE,cAAc,EAAE;QAC/E,EAAE,OAAO,EAAE,8BAA8B,EAAE,IAAI,EAAE,aAAa,EAAE;QAChE,EAAE,OAAO,EAAE,sBAAsB,EAAE,IAAI,EAAE,0BAA0B,EAAE;QACrE,EAAE,OAAO,EAAE,+CAA+C,EAAE,IAAI,EAAE,kBAAkB,EAAE;QACtF,EAAE,OAAO,EAAE,wDAAwD,EAAE,IAAI,EAAE,sBAAsB,EAAE;QACnG,EAAE,OAAO,EAAE,sFAAsF,EAAE,IAAI,EAAE,kBAAkB,EAAE;QAC7H,EAAE,OAAO,EAAE,gEAAgE,EAAE,IAAI,EAAE,yBAAyB,EAAE;KAC/G,CAAC;IAEF,KAAK,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;QAChC,MAAM,KAAK,GAAG,cAAc,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC;QAC/C,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACzD,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,aAAa,EAAE,CAAC,IAAI,WAAW;gBACtC,WAAW,EAAE,KAAK,EAAE,CAAC,IAAI,wKAAwK;gBACjM,WAAW,EAAE,KAAK;gBAClB,cAAc,EAAE,YAAY,EAAE,CAAC,IAAI,qKAAqK;gBACxM,SAAS,EAAE,wCAAwC;aACpD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,2DAA2D;IAC3D,MAAM,oBAAoB,GAAG,qMAAqM,CAAC;IACnO,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;IAC5D,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,8BAA8B;YACrC,WAAW,EAAE,yJAAyJ;YACtK,WAAW,EAAE,QAAQ;YACrB,cAAc,EAAE,kIAAkI;YAClJ,SAAS,EAAE,qCAAqC;SACjD,CAAC,CAAC;IACL,CAAC;IAED,gCAAgC;IAChC,MAAM,gBAAgB,GAAG,8MAA8M,CAAC;IACxO,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;IAC7D,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,6BAA6B;YACpC,WAAW,EAAE,8LAA8L;YAC3M,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,yFAAyF;YACzG,SAAS,EAAE,4BAA4B;SACxC,CAAC,CAAC;IACL,CAAC;IAED,sCAAsC;IACtC,MAAM,oBAAoB,GAAG,4UAA4U,CAAC;IAC1W,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;IAC5D,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,kDAAkD;YACzD,WAAW,EAAE,8JAA8J;YAC3K,WAAW,EAAE,QAAQ;YACrB,cAAc,EAAE,2GAA2G;YAC3H,SAAS,EAAE,8BAA8B;SAC1C,CAAC,CAAC;IACL,CAAC;IAED,8BAA8B;IAC9B,MAAM,YAAY,GAAG,sDAAsD,CAAC;IAC5E,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IACrD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,6BAA6B;YACpC,WAAW,EAAE,6HAA6H;YAC1I,WAAW,EAAE,SAAS;YACtB,cAAc,EAAE,0FAA0F;YAC1G,SAAS,EAAE,4CAA4C;SACxD,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,MAAM,uBAAuB,GAAG,gMAAgM,CAAC;IACjO,MAAM,UAAU,GAAG,cAAc,CAAC,IAAI,EAAE,uBAAuB,CAAC,CAAC;IACjE,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,iCAAiC;YACxC,WAAW,EAAE,+IAA+I;YAC5J,WAAW,EAAE,UAAU;YACvB,cAAc,EAAE,6LAA6L;YAC7M,SAAS,EAAE,iCAAiC;SAC7C,CAAC,CAAC;IACL,CAAC;IAED,gCAAgC;IAChC,MAAM,iBAAiB,GAAG,cAAc,CAAC,IAAI,EAAE,uDAAuD,CAAC,CAAC;IACxG,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,SAAS,GAAG,4BAA4B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,MAAM,WAAW,GAAG,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;YAC/B,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACzD,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,gCAAgC;gBACvC,WAAW,EAAE,mIAAmI;gBAChJ,WAAW,EAAE,iBAAiB;gBAC9B,cAAc,EAAE,oHAAoH;gBACpI,SAAS,EAAE,oCAAoC;aAChD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,MAAM,mBAAmB,GAAG,uDAAuD,CAAC;IACpF,MAAM,gBAAgB,GAAG,cAAc,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;IACnE,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,4CAA4C;YACnD,WAAW,EAAE,mHAAmH;YAChI,WAAW,EAAE,gBAAgB;YAC7B,cAAc,EAAE,mHAAmH;YACnI,SAAS,EAAE,8BAA8B;SAC1C,CAAC,CAAC;IACL,CAAC;IAED,iCAAiC;IACjC,MAAM,kBAAkB,GAAG,sEAAsE,CAAC;IAClG,MAAM,eAAe,GAAG,cAAc,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;IACjE,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,aAAa,GAAG,6FAA6F,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/H,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACzD,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,0CAA0C;gBACjD,WAAW,EAAE,sHAAsH;gBACnI,WAAW,EAAE,eAAe;gBAC5B,cAAc,EAAE,oIAAoI;gBACpJ,SAAS,EAAE,0CAA0C;aACtD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,MAAM,mBAAmB,GAAG,0GAA0G,CAAC;IACvI,MAAM,cAAc,GAAG,cAAc,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;IACjE,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,UAAU,GAAG,yEAAyE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxG,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACzD,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,qCAAqC;gBAC5C,WAAW,EAAE,gHAAgH;gBAC7H,WAAW,EAAE,cAAc;gBAC3B,cAAc,EAAE,mJAAmJ;gBACnK,SAAS,EAAE,kCAAkC;aAC9C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,EAAE,2DAA2D,CAAC,CAAC;IACxG,MAAM,YAAY,GAAG,wDAAwD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzF,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,IAAI,YAAY,EAAE,CAAC;QAC7C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,2CAA2C;YAClD,WAAW,EAAE,8HAA8H;YAC3I,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,uFAAuF;YACvG,SAAS,EAAE,sBAAsB;SAClC,CAAC,CAAC;IACL,CAAC;IAED,0BAA0B;IAC1B,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,EAAE,mFAAmF,CAAC,CAAC;IAChI,MAAM,OAAO,GAAG,4DAA4D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxF,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QACzC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,6BAA6B;YACpC,WAAW,EAAE,+IAA+I;YAC5J,WAAW,EAAE,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;YACtC,cAAc,EAAE,uHAAuH;YACvI,SAAS,EAAE,sBAAsB;SAClC,CAAC,CAAC;IACL,CAAC;IAED,mCAAmC;IACnC,MAAM,kBAAkB,GAAG,+HAA+H,CAAC;IAC3J,MAAM,UAAU,GAAG,cAAc,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;IAC5D,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,iCAAiC;YACxC,WAAW,EAAE,iIAAiI;YAC9I,WAAW,EAAE,UAAU;YACvB,cAAc,EAAE,6IAA6I;YAC7J,SAAS,EAAE,gCAAgC;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,kCAAkC;IAClC,MAAM,cAAc,GAAG,oJAAoJ,CAAC;IAC5K,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IACzD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,gCAAgC;YACvC,WAAW,EAAE,0IAA0I;YACvJ,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE,oJAAoJ;YACpK,SAAS,EAAE,8CAA8C;SAC1D,CAAC,CAAC;IACL,CAAC;IAED,iDAAiD;IACjD,MAAM,oBAAoB,GAAG,+EAA+E,CAAC;IAC7G,MAAM,iBAAiB,GAAG,cAAc,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;IACrE,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;YACrD,IAAI,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACpC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC7E,OAAO,qEAAqE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC7F,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC,CAAC;QACH,IAAI,YAAY,EAAE,CAAC;YACjB,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACzD,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,sCAAsC;gBAC7C,WAAW,EAAE,4IAA4I;gBACzJ,WAAW,EAAE,iBAAiB;gBAC9B,cAAc,EAAE,oIAAoI;gBACpJ,SAAS,EAAE,8CAA8C;aAC1D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,MAAM,qBAAqB,GAAG,8IAA8I,CAAC;IAC7K,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC;IAClE,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,yCAAyC;YAChD,WAAW,EAAE,gJAAgJ;YAC7J,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,iKAAiK;YACjL,SAAS,EAAE,+BAA+B;SAC3C,CAAC,CAAC;IACL,CAAC;IAED,6BAA6B;IAC7B,MAAM,eAAe,GAAG,gEAAgE,CAAC;IACzF,MAAM,YAAY,GAAG,cAAc,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;IAC3D,MAAM,aAAa,GAAG,yEAAyE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC3G,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;QAC9C,MAAM,gBAAgB,GAAG,+EAA+E,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpH,IAAI,gBAAgB,EAAE,CAAC;YACrB,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACzD,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,0CAA0C;gBACjD,WAAW,EAAE,wJAAwJ;gBACrK,WAAW,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;gBACrC,cAAc,EAAE,kJAAkJ;gBAClK,SAAS,EAAE,uCAAuC;aACnD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dependency-health.d.ts","sourceRoot":"","sources":["../../src/evaluators/dependency-health.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAGtC,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CA8MjF"}
|
|
@@ -0,0 +1,197 @@
|
|
|
1
|
+
export function analyzeDependencyHealth(code, language) {
|
|
2
|
+
const findings = [];
|
|
3
|
+
const lines = code.split("\n");
|
|
4
|
+
const prefix = "DEPS";
|
|
5
|
+
let ruleNum = 1;
|
|
6
|
+
// Detect wildcard version ranges
|
|
7
|
+
const wildcardLines = [];
|
|
8
|
+
lines.forEach((line, i) => {
|
|
9
|
+
if (/["']\s*\*\s*["']|["']\s*latest\s*["']/i.test(line) && /["']\w+["']\s*:/i.test(line)) {
|
|
10
|
+
wildcardLines.push(i + 1);
|
|
11
|
+
}
|
|
12
|
+
});
|
|
13
|
+
if (wildcardLines.length > 0) {
|
|
14
|
+
findings.push({
|
|
15
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
16
|
+
severity: "critical",
|
|
17
|
+
title: "Wildcard or 'latest' dependency version",
|
|
18
|
+
description: "Using '*' or 'latest' for dependency versions means any version can be installed, including ones with breaking changes or vulnerabilities.",
|
|
19
|
+
lineNumbers: wildcardLines,
|
|
20
|
+
recommendation: "Pin dependencies to specific versions or use caret (^) ranges at minimum. Use a lockfile (package-lock.json, yarn.lock).",
|
|
21
|
+
reference: "Dependency Management Best Practices",
|
|
22
|
+
});
|
|
23
|
+
}
|
|
24
|
+
// Detect importing from deprecated or risky packages
|
|
25
|
+
const riskyPkgLines = [];
|
|
26
|
+
const riskyPackages = /require\s*\(\s*["'](request|moment|underscore|bower|left-pad|event-stream)["']\)|from\s+["'](request|moment|underscore|bower|left-pad|event-stream)["']/i;
|
|
27
|
+
lines.forEach((line, i) => {
|
|
28
|
+
if (riskyPkgLines.length < 10 && riskyPackages.test(line)) {
|
|
29
|
+
riskyPkgLines.push(i + 1);
|
|
30
|
+
}
|
|
31
|
+
});
|
|
32
|
+
if (riskyPkgLines.length > 0) {
|
|
33
|
+
findings.push({
|
|
34
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
35
|
+
severity: "medium",
|
|
36
|
+
title: "Deprecated or unmaintained package import",
|
|
37
|
+
description: "Importing from packages that are deprecated, unmaintained, or have known supply chain issues.",
|
|
38
|
+
lineNumbers: riskyPkgLines,
|
|
39
|
+
recommendation: "Replace deprecated packages: moment->date-fns/luxon, request->node-fetch/axios, underscore->lodash-es or native methods.",
|
|
40
|
+
reference: "npm deprecation notices / package health scores",
|
|
41
|
+
});
|
|
42
|
+
}
|
|
43
|
+
// Detect excessive dependencies for simple tasks
|
|
44
|
+
const importLines = [];
|
|
45
|
+
lines.forEach((line, i) => {
|
|
46
|
+
if (/^import\s|^const\s.*=\s*require\s*\(/i.test(line.trim())) {
|
|
47
|
+
importLines.push(i + 1);
|
|
48
|
+
}
|
|
49
|
+
});
|
|
50
|
+
if (importLines.length > 20 && lines.length < 100) {
|
|
51
|
+
findings.push({
|
|
52
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
53
|
+
severity: "medium",
|
|
54
|
+
title: "High import-to-code ratio",
|
|
55
|
+
description: `File has ${importLines.length} imports but only ${lines.length} lines. This suggests over-reliance on external packages for simple tasks.`,
|
|
56
|
+
lineNumbers: importLines.slice(0, 5),
|
|
57
|
+
recommendation: "Evaluate whether all dependencies are necessary. Consider implementing simple utilities natively to reduce the dependency tree.",
|
|
58
|
+
reference: "Dependency Minimization / Supply Chain Security",
|
|
59
|
+
});
|
|
60
|
+
}
|
|
61
|
+
// Detect relative import depth issues
|
|
62
|
+
const deepImportLines = [];
|
|
63
|
+
lines.forEach((line, i) => {
|
|
64
|
+
if (/from\s+["']\.\.\/.+\.\.\/.+\.\.\//i.test(line) || /require\s*\(\s*["']\.\.\/.+\.\.\/.+\.\.\//i.test(line)) {
|
|
65
|
+
deepImportLines.push(i + 1);
|
|
66
|
+
}
|
|
67
|
+
});
|
|
68
|
+
if (deepImportLines.length > 0) {
|
|
69
|
+
findings.push({
|
|
70
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
71
|
+
severity: "low",
|
|
72
|
+
title: "Deeply nested relative imports",
|
|
73
|
+
description: "Imports with many '../' levels are fragile and hard to read. They break easily when files are moved.",
|
|
74
|
+
lineNumbers: deepImportLines,
|
|
75
|
+
recommendation: "Configure path aliases (tsconfig paths, webpack aliases, babel module resolver) for cleaner imports.",
|
|
76
|
+
reference: "TypeScript Path Mapping / Module Resolution",
|
|
77
|
+
});
|
|
78
|
+
}
|
|
79
|
+
// Detect multiple packages for same purpose (e.g., multiple HTTP clients)
|
|
80
|
+
const httpClients = new Set();
|
|
81
|
+
const httpClientLines = [];
|
|
82
|
+
lines.forEach((line, i) => {
|
|
83
|
+
const clients = ["axios", "node-fetch", "got", "request", "superagent", "undici"];
|
|
84
|
+
for (const client of clients) {
|
|
85
|
+
if (new RegExp(`["']${client}["']`).test(line)) {
|
|
86
|
+
httpClients.add(client);
|
|
87
|
+
httpClientLines.push(i + 1);
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
});
|
|
91
|
+
if (httpClients.size > 1) {
|
|
92
|
+
findings.push({
|
|
93
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
94
|
+
severity: "medium",
|
|
95
|
+
title: "Multiple HTTP client libraries detected",
|
|
96
|
+
description: `Found ${httpClients.size} different HTTP client libraries (${[...httpClients].join(", ")}). This inflates bundle size and creates inconsistency.`,
|
|
97
|
+
lineNumbers: httpClientLines,
|
|
98
|
+
recommendation: "Standardize on a single HTTP client library across the project. Wrap it in an abstraction if needed.",
|
|
99
|
+
reference: "Dependency Consolidation",
|
|
100
|
+
});
|
|
101
|
+
}
|
|
102
|
+
// Detect too-broad version ranges
|
|
103
|
+
const broadVersionLines = [];
|
|
104
|
+
lines.forEach((line, i) => {
|
|
105
|
+
if (/["']\s*>=?\s*\d/i.test(line) && /["']\w+["']\s*:/i.test(line)) {
|
|
106
|
+
broadVersionLines.push(i + 1);
|
|
107
|
+
}
|
|
108
|
+
});
|
|
109
|
+
if (broadVersionLines.length > 0) {
|
|
110
|
+
findings.push({
|
|
111
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
112
|
+
severity: "medium",
|
|
113
|
+
title: "Overly broad dependency version range",
|
|
114
|
+
description: "Using >= version ranges allows major version upgrades that may include breaking changes.",
|
|
115
|
+
lineNumbers: broadVersionLines,
|
|
116
|
+
recommendation: "Use caret (^) for minor updates or tilde (~) for patch updates. Avoid >= ranges in production dependencies.",
|
|
117
|
+
reference: "Semantic Versioning / npm Version Ranges",
|
|
118
|
+
});
|
|
119
|
+
}
|
|
120
|
+
// Detect missing lockfile indicators
|
|
121
|
+
const isPackageJson = /["']name["']\s*:\s*["']|["']version["']\s*:\s*["']\d/i.test(code);
|
|
122
|
+
if (isPackageJson) {
|
|
123
|
+
const hasEngines = /["']engines["']\s*:/i.test(code);
|
|
124
|
+
if (!hasEngines) {
|
|
125
|
+
findings.push({
|
|
126
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
127
|
+
severity: "low",
|
|
128
|
+
title: "Missing engines field in package.json",
|
|
129
|
+
description: "No engines field specifying required Node.js version. Different Node versions may have incompatible behavior.",
|
|
130
|
+
recommendation: "Add an 'engines' field to specify minimum Node.js and npm versions: \"engines\": { \"node\": \">=18.0.0\" }.",
|
|
131
|
+
reference: "package.json engines field",
|
|
132
|
+
});
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
// Detect importing specific vs barrel imports
|
|
136
|
+
const barrelImportLines = [];
|
|
137
|
+
lines.forEach((line, i) => {
|
|
138
|
+
if (/import\s+\{[^}]{100,}\}\s+from/i.test(line)) {
|
|
139
|
+
barrelImportLines.push(i + 1);
|
|
140
|
+
}
|
|
141
|
+
if (/import\s+\*\s+as\s+\w+\s+from\s+["'](?!.*node_modules)/i.test(line)) {
|
|
142
|
+
barrelImportLines.push(i + 1);
|
|
143
|
+
}
|
|
144
|
+
});
|
|
145
|
+
if (barrelImportLines.length > 0) {
|
|
146
|
+
findings.push({
|
|
147
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
148
|
+
severity: "low",
|
|
149
|
+
title: "Barrel imports may prevent tree-shaking",
|
|
150
|
+
description: "Importing everything from a barrel file or using 'import *' can prevent tree-shaking and increase bundle size.",
|
|
151
|
+
lineNumbers: barrelImportLines,
|
|
152
|
+
recommendation: "Import directly from specific module files instead of barrel/index files for better tree-shaking.",
|
|
153
|
+
reference: "Tree Shaking / Module Bundling",
|
|
154
|
+
});
|
|
155
|
+
}
|
|
156
|
+
// Detect dev dependencies in production code paths
|
|
157
|
+
const devDepLines = [];
|
|
158
|
+
lines.forEach((line, i) => {
|
|
159
|
+
if (/require\s*\(\s*["'](?:jest|mocha|chai|sinon|enzyme|@testing-library|nyc|istanbul|prettier|eslint)["']\)/i.test(line)) {
|
|
160
|
+
// Check if this is not a test file
|
|
161
|
+
if (!/\.test\.|\.spec\.|__tests__|__mocks__/i.test(code.slice(0, 50))) {
|
|
162
|
+
devDepLines.push(i + 1);
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
});
|
|
166
|
+
if (devDepLines.length > 0) {
|
|
167
|
+
findings.push({
|
|
168
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
169
|
+
severity: "medium",
|
|
170
|
+
title: "Dev dependency imported in production code",
|
|
171
|
+
description: "Test/dev dependencies are imported in what appears to be production code, which will fail if devDependencies aren't installed.",
|
|
172
|
+
lineNumbers: devDepLines,
|
|
173
|
+
recommendation: "Move test imports to test files. Ensure devDependencies are only used in test/config files.",
|
|
174
|
+
reference: "npm devDependencies vs dependencies",
|
|
175
|
+
});
|
|
176
|
+
}
|
|
177
|
+
// Detect packages with known supply chain risks
|
|
178
|
+
const supplyChainLines = [];
|
|
179
|
+
lines.forEach((line, i) => {
|
|
180
|
+
if (/postinstall|preinstall|install.*script/i.test(line) && /["']scripts["']/i.test(lines.slice(Math.max(0, i - 5), i).join("\n"))) {
|
|
181
|
+
supplyChainLines.push(i + 1);
|
|
182
|
+
}
|
|
183
|
+
});
|
|
184
|
+
if (supplyChainLines.length > 0) {
|
|
185
|
+
findings.push({
|
|
186
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
187
|
+
severity: "high",
|
|
188
|
+
title: "Install lifecycle scripts detected",
|
|
189
|
+
description: "postinstall/preinstall scripts can execute arbitrary code and are a common supply chain attack vector.",
|
|
190
|
+
lineNumbers: supplyChainLines,
|
|
191
|
+
recommendation: "Audit install scripts carefully. Use --ignore-scripts flag and allowlists. Consider using npm audit signatures.",
|
|
192
|
+
reference: "Supply Chain Security / npm install scripts",
|
|
193
|
+
});
|
|
194
|
+
}
|
|
195
|
+
return findings;
|
|
196
|
+
}
|
|
197
|
+
//# sourceMappingURL=dependency-health.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dependency-health.js","sourceRoot":"","sources":["../../src/evaluators/dependency-health.ts"],"names":[],"mappings":"AAGA,MAAM,UAAU,uBAAuB,CAAC,IAAY,EAAE,QAAgB;IACpE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,MAAM,CAAC;IACtB,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,iCAAiC;IACjC,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,wCAAwC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACzF,aAAa,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,yCAAyC;YAChD,WAAW,EAAE,4IAA4I;YACzJ,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,0HAA0H;YAC1I,SAAS,EAAE,sCAAsC;SAClD,CAAC,CAAC;IACL,CAAC;IAED,qDAAqD;IACrD,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,MAAM,aAAa,GAAG,0JAA0J,CAAC;IACjL,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,aAAa,CAAC,MAAM,GAAG,EAAE,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1D,aAAa,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,2CAA2C;YAClD,WAAW,EAAE,+FAA+F;YAC5G,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,0HAA0H;YAC1I,SAAS,EAAE,iDAAiD;SAC7D,CAAC,CAAC;IACL,CAAC;IAED,iDAAiD;IACjD,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,uCAAuC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC9D,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,WAAW,CAAC,MAAM,GAAG,EAAE,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QAClD,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,2BAA2B;YAClC,WAAW,EAAE,YAAY,WAAW,CAAC,MAAM,qBAAqB,KAAK,CAAC,MAAM,4EAA4E;YACxJ,WAAW,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;YACpC,cAAc,EAAE,iIAAiI;YACjJ,SAAS,EAAE,iDAAiD;SAC7D,CAAC,CAAC;IACL,CAAC;IAED,sCAAsC;IACtC,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,oCAAoC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,4CAA4C,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/G,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,gCAAgC;YACvC,WAAW,EAAE,sGAAsG;YACnH,WAAW,EAAE,eAAe;YAC5B,cAAc,EAAE,sGAAsG;YACtH,SAAS,EAAE,6CAA6C;SACzD,CAAC,CAAC;IACL,CAAC;IAED,0EAA0E;IAC1E,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,MAAM,OAAO,GAAG,CAAC,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,SAAS,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;QAClF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,IAAI,MAAM,CAAC,OAAO,MAAM,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/C,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBACxB,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,WAAW,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,yCAAyC;YAChD,WAAW,EAAE,SAAS,WAAW,CAAC,IAAI,qCAAqC,CAAC,GAAG,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,yDAAyD;YAC/J,WAAW,EAAE,eAAe;YAC5B,cAAc,EAAE,sGAAsG;YACtH,SAAS,EAAE,0BAA0B;SACtC,CAAC,CAAC;IACL,CAAC;IAED,kCAAkC;IAClC,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnE,iBAAiB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAChC,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,uCAAuC;YAC9C,WAAW,EAAE,0FAA0F;YACvG,WAAW,EAAE,iBAAiB;YAC9B,cAAc,EAAE,6GAA6G;YAC7H,SAAS,EAAE,0CAA0C;SACtD,CAAC,CAAC;IACL,CAAC;IAED,qCAAqC;IACrC,MAAM,aAAa,GAAG,uDAAuD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzF,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,UAAU,GAAG,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACzD,QAAQ,EAAE,KAAK;gBACf,KAAK,EAAE,uCAAuC;gBAC9C,WAAW,EAAE,+GAA+G;gBAC5H,cAAc,EAAE,8GAA8G;gBAC9H,SAAS,EAAE,4BAA4B;aACxC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,8CAA8C;IAC9C,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,iCAAiC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACjD,iBAAiB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAChC,CAAC;QACD,IAAI,yDAAyD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACzE,iBAAiB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAChC,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,yCAAyC;YAChD,WAAW,EAAE,gHAAgH;YAC7H,WAAW,EAAE,iBAAiB;YAC9B,cAAc,EAAE,mGAAmG;YACnH,SAAS,EAAE,gCAAgC;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,mDAAmD;IACnD,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,0GAA0G,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1H,mCAAmC;YACnC,IAAI,CAAC,wCAAwC,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;gBACtE,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,4CAA4C;YACnD,WAAW,EAAE,gIAAgI;YAC7I,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE,6FAA6F;YAC7G,SAAS,EAAE,qCAAqC;SACjD,CAAC,CAAC;IACL,CAAC;IAED,gDAAgD;IAChD,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,yCAAyC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YACnI,gBAAgB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,oCAAoC;YAC3C,WAAW,EAAE,wGAAwG;YACrH,WAAW,EAAE,gBAAgB;YAC7B,cAAc,EAAE,iHAAiH;YACjI,SAAS,EAAE,6CAA6C;SACzD,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"documentation.d.ts","sourceRoot":"","sources":["../../src/evaluators/documentation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAGtC,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CAgO9E"}
|