@kevinrabun/judges 1.9.0 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +185 -2
- package/dist/evaluators/authentication.d.ts.map +1 -1
- package/dist/evaluators/authentication.js +114 -4
- package/dist/evaluators/authentication.js.map +1 -1
- package/dist/evaluators/compliance.d.ts.map +1 -1
- package/dist/evaluators/compliance.js +21 -3
- package/dist/evaluators/compliance.js.map +1 -1
- package/dist/evaluators/configuration-management.d.ts.map +1 -1
- package/dist/evaluators/configuration-management.js +23 -1
- package/dist/evaluators/configuration-management.js.map +1 -1
- package/dist/evaluators/cybersecurity.d.ts.map +1 -1
- package/dist/evaluators/cybersecurity.js +27 -5
- package/dist/evaluators/cybersecurity.js.map +1 -1
- package/dist/evaluators/data-security.d.ts.map +1 -1
- package/dist/evaluators/data-security.js +114 -2
- package/dist/evaluators/data-security.js.map +1 -1
- package/dist/evaluators/database.js +1 -1
- package/dist/evaluators/database.js.map +1 -1
- package/dist/evaluators/ethics-bias.d.ts.map +1 -1
- package/dist/evaluators/ethics-bias.js +13 -1
- package/dist/evaluators/ethics-bias.js.map +1 -1
- package/dist/evaluators/index.d.ts +10 -4
- package/dist/evaluators/index.d.ts.map +1 -1
- package/dist/evaluators/index.js +111 -17
- package/dist/evaluators/index.js.map +1 -1
- package/dist/evaluators/observability.d.ts.map +1 -1
- package/dist/evaluators/observability.js +2 -1
- package/dist/evaluators/observability.js.map +1 -1
- package/dist/evaluators/performance.js +1 -1
- package/dist/evaluators/performance.js.map +1 -1
- package/dist/evaluators/shared.d.ts.map +1 -1
- package/dist/evaluators/shared.js +6 -0
- package/dist/evaluators/shared.js.map +1 -1
- package/dist/evaluators/v2.d.ts +27 -0
- package/dist/evaluators/v2.d.ts.map +1 -0
- package/dist/evaluators/v2.js +367 -0
- package/dist/evaluators/v2.js.map +1 -0
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +359 -10
- package/dist/index.js.map +1 -1
- package/dist/language-patterns.js +2 -2
- package/dist/reports/public-repo-report.d.ts +41 -0
- package/dist/reports/public-repo-report.d.ts.map +1 -0
- package/dist/reports/public-repo-report.js +440 -0
- package/dist/reports/public-repo-report.js.map +1 -0
- package/dist/types.d.ts +100 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +2 -1
- package/server.json +2 -2
package/README.md
CHANGED
|
@@ -4,6 +4,8 @@ An MCP (Model Context Protocol) server that provides a panel of **33 specialized
|
|
|
4
4
|
|
|
5
5
|
**Highlights:**
|
|
6
6
|
- Includes an **App Builder Workflow (3-step)** demo for release decisions, plain-language risk summaries, and prioritized fixes — see [Try the Demo](#2-try-the-demo).
|
|
7
|
+
- Includes **V2 context-aware evaluation** with policy profiles, evidence calibration, specialty feedback, confidence scoring, and uncertainty reporting.
|
|
8
|
+
- Includes **public repository URL reporting** to clone a repo, run the full tribunal, and output a consolidated markdown report.
|
|
7
9
|
|
|
8
10
|
[](https://github.com/KevinRabun/judges/actions/workflows/ci.yml)
|
|
9
11
|
[](https://www.npmjs.com/package/@kevinrabun/judges)
|
|
@@ -157,6 +159,78 @@ npm install -g @kevinrabun/judges
|
|
|
157
159
|
|
|
158
160
|
Then use `judges` as the command in your MCP config (no `args` needed).
|
|
159
161
|
|
|
162
|
+
### 5. Use Judges in GitHub Copilot PR Reviews
|
|
163
|
+
|
|
164
|
+
Yes — users can include Judges as part of GitHub-based review workflows, with one important caveat:
|
|
165
|
+
|
|
166
|
+
- The hosted `copilot-pull-request-reviewer` on GitHub does not currently let you directly attach arbitrary local MCP servers the same way VS Code does.
|
|
167
|
+
- The practical pattern is to run Judges in CI on each PR, publish a report/check, and have Copilot + human reviewers use that output during review.
|
|
168
|
+
|
|
169
|
+
#### Option A (recommended): PR workflow check + report artifact
|
|
170
|
+
|
|
171
|
+
Create `.github/workflows/judges-pr-review.yml`:
|
|
172
|
+
|
|
173
|
+
```yaml
|
|
174
|
+
name: Judges PR Review
|
|
175
|
+
|
|
176
|
+
on:
|
|
177
|
+
pull_request:
|
|
178
|
+
types: [opened, synchronize, reopened]
|
|
179
|
+
|
|
180
|
+
jobs:
|
|
181
|
+
judges:
|
|
182
|
+
runs-on: ubuntu-latest
|
|
183
|
+
permissions:
|
|
184
|
+
contents: read
|
|
185
|
+
pull-requests: write
|
|
186
|
+
|
|
187
|
+
steps:
|
|
188
|
+
- name: Checkout
|
|
189
|
+
uses: actions/checkout@v4
|
|
190
|
+
|
|
191
|
+
- name: Setup Node
|
|
192
|
+
uses: actions/setup-node@v4
|
|
193
|
+
with:
|
|
194
|
+
node-version: 20
|
|
195
|
+
cache: npm
|
|
196
|
+
|
|
197
|
+
- name: Install
|
|
198
|
+
run: npm ci
|
|
199
|
+
|
|
200
|
+
- name: Generate Judges report
|
|
201
|
+
run: |
|
|
202
|
+
npx tsx -e "import { generateRepoReportFromLocalPath } from './src/reports/public-repo-report.ts';
|
|
203
|
+
const result = generateRepoReportFromLocalPath({
|
|
204
|
+
repoPath: process.cwd(),
|
|
205
|
+
outputPath: 'judges-pr-report.md',
|
|
206
|
+
maxFiles: 600,
|
|
207
|
+
maxFindingsInReport: 150,
|
|
208
|
+
});
|
|
209
|
+
console.log('Overall:', result.overallVerdict, result.averageScore);"
|
|
210
|
+
|
|
211
|
+
- name: Upload report artifact
|
|
212
|
+
uses: actions/upload-artifact@v4
|
|
213
|
+
with:
|
|
214
|
+
name: judges-pr-report
|
|
215
|
+
path: judges-pr-report.md
|
|
216
|
+
```
|
|
217
|
+
|
|
218
|
+
This gives every PR a reproducible Judges output your team (and Copilot) can reference.
|
|
219
|
+
|
|
220
|
+
#### Option B: Add Copilot custom instructions in-repo
|
|
221
|
+
|
|
222
|
+
Add `.github/instructions/judges.instructions.md` with guidance such as:
|
|
223
|
+
|
|
224
|
+
```markdown
|
|
225
|
+
When reviewing pull requests:
|
|
226
|
+
1. Read the latest Judges report artifact/check output first.
|
|
227
|
+
2. Prioritize CRITICAL and HIGH findings in remediation guidance.
|
|
228
|
+
3. If findings conflict, defer to security/compliance-related Judges.
|
|
229
|
+
4. Include rule IDs (e.g., DATA-001, CYBER-004) in suggested fixes.
|
|
230
|
+
```
|
|
231
|
+
|
|
232
|
+
This helps keep Copilot feedback aligned with Judges findings.
|
|
233
|
+
|
|
160
234
|
---
|
|
161
235
|
|
|
162
236
|
## The Judge Panel
|
|
@@ -215,7 +289,7 @@ The tribunal operates in three layers:
|
|
|
215
289
|
|
|
216
290
|
Judges Panel covers **heuristic pattern detection** and **AST structural analysis** in a single server — fast, offline, and self-contained. It does not try to be a CVE scanner or a linter. Those capabilities belong in dedicated MCP servers that an AI agent can orchestrate alongside Judges.
|
|
217
291
|
|
|
218
|
-
### Built-in AST Analysis (
|
|
292
|
+
### Built-in AST Analysis (v2.0.0)
|
|
219
293
|
|
|
220
294
|
Unlike earlier versions that recommended a separate AST MCP server, Judges Panel now includes **real AST-based structural analysis** out of the box:
|
|
221
295
|
|
|
@@ -282,6 +356,31 @@ Each server returns structured findings. The AI synthesizes everything into a si
|
|
|
282
356
|
|
|
283
357
|
## MCP Tools
|
|
284
358
|
|
|
359
|
+
### `evaluate_v2`
|
|
360
|
+
Run a **V2 context-aware tribunal evaluation** designed to raise feedback quality toward lead engineer/architect-level review:
|
|
361
|
+
|
|
362
|
+
- Policy profile calibration (`default`, `startup`, `regulated`, `healthcare`, `fintech`, `public-sector`)
|
|
363
|
+
- Context ingestion (architecture notes, constraints, standards, known risks, data-boundary model)
|
|
364
|
+
- Runtime evidence hooks (tests, coverage, latency, error rate, vulnerability counts)
|
|
365
|
+
- Specialty feedback aggregation by judge/domain
|
|
366
|
+
- Confidence scoring and explicit uncertainty reporting
|
|
367
|
+
|
|
368
|
+
Supports:
|
|
369
|
+
- **Code mode**: `code` + `language`
|
|
370
|
+
- **Project mode**: `files[]`
|
|
371
|
+
|
|
372
|
+
| Parameter | Type | Required | Description |
|
|
373
|
+
|-----------|------|----------|-------------|
|
|
374
|
+
| `code` | string | conditional | Source code for single-file mode |
|
|
375
|
+
| `language` | string | conditional | Programming language for single-file mode |
|
|
376
|
+
| `files` | array | conditional | `{ path, content, language }[]` for project mode |
|
|
377
|
+
| `context` | string | no | High-level review context |
|
|
378
|
+
| `includeAstFindings` | boolean | no | Include AST/code-structure findings (default: true) |
|
|
379
|
+
| `minConfidence` | number | no | Minimum finding confidence to include (0-1, default: 0) |
|
|
380
|
+
| `policyProfile` | enum | no | `default`, `startup`, `regulated`, `healthcare`, `fintech`, `public-sector` |
|
|
381
|
+
| `evaluationContext` | object | no | Structured architecture/constraint context |
|
|
382
|
+
| `evidence` | object | no | Runtime/operational evidence for confidence calibration |
|
|
383
|
+
|
|
285
384
|
### `evaluate_app_builder_flow`
|
|
286
385
|
Run a **3-step app-builder workflow** for technical and non-technical stakeholders:
|
|
287
386
|
|
|
@@ -303,6 +402,78 @@ Supports:
|
|
|
303
402
|
| `context` | string | no | Optional business/technical context |
|
|
304
403
|
| `maxFindings` | number | no | Max translated top findings (default: 10) |
|
|
305
404
|
| `maxTasks` | number | no | Max generated tasks (default: 20) |
|
|
405
|
+
| `includeAstFindings` | boolean | no | Include AST/code-structure findings (default: true) |
|
|
406
|
+
| `minConfidence` | number | no | Minimum finding confidence to include (0-1, default: 0) |
|
|
407
|
+
|
|
408
|
+
### `evaluate_public_repo_report`
|
|
409
|
+
Clone a **public repository URL**, run the full judges panel across eligible source files, and generate a consolidated markdown report.
|
|
410
|
+
|
|
411
|
+
| Parameter | Type | Required | Description |
|
|
412
|
+
|-----------|------|----------|-------------|
|
|
413
|
+
| `repoUrl` | string | yes | Public repository URL (`https://...`) |
|
|
414
|
+
| `branch` | string | no | Optional branch name |
|
|
415
|
+
| `outputPath` | string | no | Optional path to write report markdown |
|
|
416
|
+
| `maxFiles` | number | no | Max files analyzed (default: 600) |
|
|
417
|
+
| `maxFileBytes` | number | no | Max file size in bytes (default: 300000) |
|
|
418
|
+
| `maxFindingsInReport` | number | no | Max detailed findings in output (default: 150) |
|
|
419
|
+
| `credentialMode` | string | no | Credential detection mode: `standard` (default) or `strict` |
|
|
420
|
+
| `includeAstFindings` | boolean | no | Include AST/code-structure findings (default: true) |
|
|
421
|
+
| `minConfidence` | number | no | Minimum finding confidence to include (0-1, default: 0) |
|
|
422
|
+
| `keepClone` | boolean | no | Keep cloned repo on disk for inspection |
|
|
423
|
+
|
|
424
|
+
**Quick examples**
|
|
425
|
+
|
|
426
|
+
Generate a report from CLI:
|
|
427
|
+
|
|
428
|
+
```bash
|
|
429
|
+
npm run report:public-repo -- --repoUrl https://github.com/microsoft/vscode --output reports/vscode-judges-report.md
|
|
430
|
+
|
|
431
|
+
# stricter credential-signal mode (optional)
|
|
432
|
+
npm run report:public-repo -- --repoUrl https://github.com/openclaw/openclaw --credentialMode strict --output reports/openclaw-judges-report-strict.md
|
|
433
|
+
|
|
434
|
+
# judge findings only (exclude AST/code-structure findings)
|
|
435
|
+
npm run report:public-repo -- --repoUrl https://github.com/openclaw/openclaw --includeAstFindings false --output reports/openclaw-judges-report-no-ast.md
|
|
436
|
+
|
|
437
|
+
# show only findings at 80%+ confidence
|
|
438
|
+
npm run report:public-repo -- --repoUrl https://github.com/openclaw/openclaw --minConfidence 0.8 --output reports/openclaw-judges-report-high-confidence.md
|
|
439
|
+
```
|
|
440
|
+
|
|
441
|
+
Call from MCP client:
|
|
442
|
+
|
|
443
|
+
```json
|
|
444
|
+
{
|
|
445
|
+
"tool": "evaluate_public_repo_report",
|
|
446
|
+
"arguments": {
|
|
447
|
+
"repoUrl": "https://github.com/microsoft/vscode",
|
|
448
|
+
"branch": "main",
|
|
449
|
+
"maxFiles": 400,
|
|
450
|
+
"maxFindingsInReport": 120,
|
|
451
|
+
"credentialMode": "strict",
|
|
452
|
+
"includeAstFindings": false,
|
|
453
|
+
"minConfidence": 0.8,
|
|
454
|
+
"outputPath": "reports/vscode-judges-report.md"
|
|
455
|
+
}
|
|
456
|
+
}
|
|
457
|
+
```
|
|
458
|
+
|
|
459
|
+
Typical response summary includes:
|
|
460
|
+
- overall verdict and average score
|
|
461
|
+
- analyzed file count and total findings
|
|
462
|
+
- per-judge score table
|
|
463
|
+
- highest-risk findings and lowest-scoring files
|
|
464
|
+
|
|
465
|
+
Sample report snippet:
|
|
466
|
+
|
|
467
|
+
```text
|
|
468
|
+
# Public Repository Full Judges Report
|
|
469
|
+
|
|
470
|
+
Generated from https://github.com/microsoft/vscode on 2026-02-21T12:00:00.000Z.
|
|
471
|
+
|
|
472
|
+
## Executive Summary
|
|
473
|
+
- Overall verdict: WARNING
|
|
474
|
+
- Average file score: 78/100
|
|
475
|
+
- Total findings: 412 (critical 3, high 29, medium 114, low 185, info 81)
|
|
476
|
+
```
|
|
306
477
|
|
|
307
478
|
### `get_judges`
|
|
308
479
|
List all available judges with their domains and descriptions.
|
|
@@ -315,6 +486,8 @@ Submit code to the **full judges panel**. All 33 judges evaluate independently a
|
|
|
315
486
|
| `code` | string | yes | The source code to evaluate |
|
|
316
487
|
| `language` | string | yes | Programming language (e.g., `typescript`, `python`) |
|
|
317
488
|
| `context` | string | no | Additional context about the code |
|
|
489
|
+
| `includeAstFindings` | boolean | no | Include AST/code-structure findings (default: true) |
|
|
490
|
+
| `minConfidence` | number | no | Minimum finding confidence to include (0-1, default: 0) |
|
|
318
491
|
|
|
319
492
|
### `evaluate_code_single_judge`
|
|
320
493
|
Submit code to a **specific judge** for targeted review.
|
|
@@ -325,6 +498,7 @@ Submit code to a **specific judge** for targeted review.
|
|
|
325
498
|
| `language` | string | yes | Programming language |
|
|
326
499
|
| `judgeId` | string | yes | See [judge IDs](#judge-ids) below |
|
|
327
500
|
| `context` | string | no | Additional context |
|
|
501
|
+
| `minConfidence` | number | no | Minimum finding confidence to include (0-1, default: 0) |
|
|
328
502
|
|
|
329
503
|
### `evaluate_project`
|
|
330
504
|
Submit multiple files for **project-level analysis**. All 33 judges evaluate each file, plus cross-file architectural analysis detects code duplication, inconsistent error handling, and dependency cycles.
|
|
@@ -333,6 +507,8 @@ Submit multiple files for **project-level analysis**. All 33 judges evaluate eac
|
|
|
333
507
|
|-----------|------|----------|-------------|
|
|
334
508
|
| `files` | array | yes | Array of `{ path, content, language }` objects |
|
|
335
509
|
| `context` | string | no | Optional project context |
|
|
510
|
+
| `includeAstFindings` | boolean | no | Include AST/code-structure findings (default: true) |
|
|
511
|
+
| `minConfidence` | number | no | Minimum finding confidence to include (0-1, default: 0) |
|
|
336
512
|
|
|
337
513
|
### `evaluate_diff`
|
|
338
514
|
Evaluate only the **changed lines** in a code diff. Runs all 33 judges on the full file but filters findings to lines you specify. Ideal for PR reviews and incremental analysis.
|
|
@@ -343,6 +519,8 @@ Evaluate only the **changed lines** in a code diff. Runs all 33 judges on the fu
|
|
|
343
519
|
| `language` | string | yes | Programming language |
|
|
344
520
|
| `changedLines` | number[] | yes | 1-based line numbers that were changed |
|
|
345
521
|
| `context` | string | no | Optional context about the change |
|
|
522
|
+
| `includeAstFindings` | boolean | no | Include AST/code-structure findings (default: true) |
|
|
523
|
+
| `minConfidence` | number | no | Minimum finding confidence to include (0-1, default: 0) |
|
|
346
524
|
|
|
347
525
|
### `analyze_dependencies`
|
|
348
526
|
Analyze a dependency manifest file for supply-chain risks, version pinning issues, typosquatting indicators, and dependency hygiene. Supports `package.json`, `requirements.txt`, `Cargo.toml`, `go.mod`, `pom.xml`, and `.csproj` files.
|
|
@@ -428,7 +606,7 @@ The **overall tribunal score** is the average of all 33 judges. The overall verd
|
|
|
428
606
|
```
|
|
429
607
|
judges/
|
|
430
608
|
├── src/
|
|
431
|
-
│ ├── index.ts # MCP server entry point —
|
|
609
|
+
│ ├── index.ts # MCP server entry point — tools, prompts, transport
|
|
432
610
|
│ ├── types.ts # TypeScript interfaces (Finding, JudgeEvaluation, etc.)
|
|
433
611
|
│ ├── ast/ # AST analysis engine (built-in, no external deps)
|
|
434
612
|
│ │ ├── index.ts # analyzeStructure() — routes to correct parser
|
|
@@ -439,9 +617,13 @@ judges/
|
|
|
439
617
|
│ │ ├── index.ts # evaluateWithJudge(), evaluateWithTribunal(), evaluateProject(), etc.
|
|
440
618
|
│ │ ├── shared.ts # Scoring, verdict logic, markdown formatters
|
|
441
619
|
│ │ └── *.ts # One analyzer per judge (33 files)
|
|
620
|
+
│ ├── reports/
|
|
621
|
+
│ │ └── public-repo-report.ts # Public repo clone + full tribunal report generation
|
|
442
622
|
│ └── judges/ # Judge definitions (id, name, domain, system prompt)
|
|
443
623
|
│ ├── index.ts # JUDGES array, getJudge(), getJudgeSummaries()
|
|
444
624
|
│ └── *.ts # One definition per judge (33 files)
|
|
625
|
+
├── scripts/
|
|
626
|
+
│ └── generate-public-repo-report.ts # Run: npm run report:public-repo -- --repoUrl <url>
|
|
445
627
|
├── examples/
|
|
446
628
|
│ ├── sample-vulnerable-api.ts # Intentionally flawed code (triggers all judges)
|
|
447
629
|
│ └── demo.ts # Run: npm run demo
|
|
@@ -463,6 +645,7 @@ judges/
|
|
|
463
645
|
| `npm run dev` | Watch mode — recompile on save |
|
|
464
646
|
| `npm test` | Run the full test suite |
|
|
465
647
|
| `npm run demo` | Run the sample tribunal demo |
|
|
648
|
+
| `npm run report:public-repo -- --repoUrl <url>` | Generate a full tribunal report for a public repository URL |
|
|
466
649
|
| `npm start` | Start the MCP server |
|
|
467
650
|
| `npm run clean` | Remove `dist/` |
|
|
468
651
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authentication.d.ts","sourceRoot":"","sources":["../../src/evaluators/authentication.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"authentication.d.ts","sourceRoot":"","sources":["../../src/evaluators/authentication.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAgJtC,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CAmL/E"}
|
|
@@ -1,12 +1,123 @@
|
|
|
1
1
|
import { getLineNumbers, getLangFamily } from "./shared.js";
|
|
2
|
+
function isLikelyPlaceholderCredentialValue(value) {
|
|
3
|
+
const normalized = value.trim().toLowerCase();
|
|
4
|
+
const exactPlaceholders = new Set([
|
|
5
|
+
"test",
|
|
6
|
+
"testing",
|
|
7
|
+
"mock",
|
|
8
|
+
"dummy",
|
|
9
|
+
"example",
|
|
10
|
+
"sample",
|
|
11
|
+
"fake",
|
|
12
|
+
"na",
|
|
13
|
+
"n/a",
|
|
14
|
+
"none",
|
|
15
|
+
"null",
|
|
16
|
+
"undefined",
|
|
17
|
+
"changeme",
|
|
18
|
+
"change_me",
|
|
19
|
+
"replace_me",
|
|
20
|
+
"replace-me",
|
|
21
|
+
"your_token_here",
|
|
22
|
+
"your_api_key",
|
|
23
|
+
"unused",
|
|
24
|
+
"not_used",
|
|
25
|
+
"placeholder",
|
|
26
|
+
]);
|
|
27
|
+
if (exactPlaceholders.has(normalized)) {
|
|
28
|
+
return true;
|
|
29
|
+
}
|
|
30
|
+
if (/^(?:test|mock|dummy|sample|example|fake|placeholder|na|n\/a|unused|changeme|replace)[-_a-z0-9]*$/i.test(normalized)) {
|
|
31
|
+
return true;
|
|
32
|
+
}
|
|
33
|
+
return false;
|
|
34
|
+
}
|
|
35
|
+
function isStrictCredentialDetectionEnabled() {
|
|
36
|
+
return process.env.JUDGES_CREDENTIAL_MODE?.toLowerCase() === "strict";
|
|
37
|
+
}
|
|
38
|
+
function looksLikeRealCredentialValue(value) {
|
|
39
|
+
if (isLikelyPlaceholderCredentialValue(value)) {
|
|
40
|
+
return false;
|
|
41
|
+
}
|
|
42
|
+
if (!isStrictCredentialDetectionEnabled()) {
|
|
43
|
+
return true;
|
|
44
|
+
}
|
|
45
|
+
const normalized = value.trim();
|
|
46
|
+
if (normalized.length < 12) {
|
|
47
|
+
return false;
|
|
48
|
+
}
|
|
49
|
+
if (/(?:test|mock|dummy|sample|example|fake|placeholder|changeme|replace[_-]?me|unused|not[_-]?used|password|secret)/i.test(normalized)) {
|
|
50
|
+
return false;
|
|
51
|
+
}
|
|
52
|
+
const hasLower = /[a-z]/.test(normalized);
|
|
53
|
+
const hasUpper = /[A-Z]/.test(normalized);
|
|
54
|
+
const hasDigit = /\d/.test(normalized);
|
|
55
|
+
const hasSymbol = /[^A-Za-z0-9]/.test(normalized);
|
|
56
|
+
const classCount = [hasLower, hasUpper, hasDigit, hasSymbol].filter(Boolean).length;
|
|
57
|
+
if (normalized.length >= 20 && classCount >= 2) {
|
|
58
|
+
return true;
|
|
59
|
+
}
|
|
60
|
+
if (normalized.length >= 16 && classCount >= 3) {
|
|
61
|
+
return true;
|
|
62
|
+
}
|
|
63
|
+
return false;
|
|
64
|
+
}
|
|
65
|
+
function getHardcodedCredentialLinesWithoutPlaceholders(code) {
|
|
66
|
+
const lines = code.split("\n");
|
|
67
|
+
const flaggedLines = [];
|
|
68
|
+
const assignmentPattern = /\b(password|passwd|pwd|secret|api_?key|apikey|token|auth_?token)\b\s*[:=]\s*["'`]([^"'`]{3,})["'`]/gi;
|
|
69
|
+
const nonProductionContextPattern = /\b(?:test|tests|mock|mocks|fixture|fixtures|harness|e2e|example|sample|dummy)\b/i;
|
|
70
|
+
const productionContextPattern = /\b(?:prod|production|release|deploy|deployment)\b/i;
|
|
71
|
+
const isLikelyTestModule = /\b(?:describe|it|test)\s*\(/i.test(code);
|
|
72
|
+
if (isLikelyTestModule && !productionContextPattern.test(code)) {
|
|
73
|
+
return [];
|
|
74
|
+
}
|
|
75
|
+
for (let index = 0; index < lines.length; index += 1) {
|
|
76
|
+
const line = lines[index];
|
|
77
|
+
const matches = [...line.matchAll(assignmentPattern)];
|
|
78
|
+
if (matches.length === 0)
|
|
79
|
+
continue;
|
|
80
|
+
const contextStart = Math.max(0, index - 2);
|
|
81
|
+
const contextEnd = Math.min(lines.length, index + 3);
|
|
82
|
+
const context = lines.slice(contextStart, contextEnd).join("\n");
|
|
83
|
+
const isLikelyNonProductionContext = nonProductionContextPattern.test(context) &&
|
|
84
|
+
!productionContextPattern.test(context);
|
|
85
|
+
const hasRealCredential = matches.some((match) => {
|
|
86
|
+
const value = match[2] ?? "";
|
|
87
|
+
return looksLikeRealCredentialValue(value);
|
|
88
|
+
});
|
|
89
|
+
if (hasRealCredential && !isLikelyNonProductionContext) {
|
|
90
|
+
flaggedLines.push(index + 1);
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
return flaggedLines;
|
|
94
|
+
}
|
|
95
|
+
function getWeakCredentialHashLines(code) {
|
|
96
|
+
const lines = code.split("\n");
|
|
97
|
+
const weakHashPattern = /createHash\s*\(\s*["'`](?:md5|sha1|sha256)["'`]\)|(?:\bmd5\b|\bsha1\b)\s*\(/gi;
|
|
98
|
+
const authContextPattern = /password|passwd|pwd|credential|login|signin|signup|auth|token|session|user/i;
|
|
99
|
+
const flagged = [];
|
|
100
|
+
for (let index = 0; index < lines.length; index += 1) {
|
|
101
|
+
weakHashPattern.lastIndex = 0;
|
|
102
|
+
if (!weakHashPattern.test(lines[index])) {
|
|
103
|
+
continue;
|
|
104
|
+
}
|
|
105
|
+
const start = Math.max(0, index - 4);
|
|
106
|
+
const end = Math.min(lines.length - 1, index + 4);
|
|
107
|
+
const context = lines.slice(start, end + 1).join("\n");
|
|
108
|
+
if (authContextPattern.test(context)) {
|
|
109
|
+
flagged.push(index + 1);
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
return flagged;
|
|
113
|
+
}
|
|
2
114
|
export function analyzeAuthentication(code, language) {
|
|
3
115
|
const findings = [];
|
|
4
116
|
let ruleNum = 1;
|
|
5
117
|
const prefix = "AUTH";
|
|
6
118
|
const lang = getLangFamily(language);
|
|
7
119
|
// Hardcoded credentials
|
|
8
|
-
const
|
|
9
|
-
const credentialLines = getLineNumbers(code, credentialPattern);
|
|
120
|
+
const credentialLines = getHardcodedCredentialLinesWithoutPlaceholders(code);
|
|
10
121
|
if (credentialLines.length > 0) {
|
|
11
122
|
findings.push({
|
|
12
123
|
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
@@ -46,8 +157,7 @@ export function analyzeAuthentication(code, language) {
|
|
|
46
157
|
});
|
|
47
158
|
}
|
|
48
159
|
// Weak password hashing
|
|
49
|
-
const
|
|
50
|
-
const weakHashLines = getLineNumbers(code, weakHashPattern);
|
|
160
|
+
const weakHashLines = getWeakCredentialHashLines(code);
|
|
51
161
|
if (weakHashLines.length > 0) {
|
|
52
162
|
findings.push({
|
|
53
163
|
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authentication.js","sourceRoot":"","sources":["../../src/evaluators/authentication.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAsB,aAAa,EAAE,MAAM,aAAa,CAAC;AAGhF,MAAM,UAAU,
|
|
1
|
+
{"version":3,"file":"authentication.js","sourceRoot":"","sources":["../../src/evaluators/authentication.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAsB,aAAa,EAAE,MAAM,aAAa,CAAC;AAGhF,SAAS,kCAAkC,CAAC,KAAa;IACvD,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAE9C,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;QAChC,MAAM;QACN,SAAS;QACT,MAAM;QACN,OAAO;QACP,SAAS;QACT,QAAQ;QACR,MAAM;QACN,IAAI;QACJ,KAAK;QACL,MAAM;QACN,MAAM;QACN,WAAW;QACX,UAAU;QACV,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,iBAAiB;QACjB,cAAc;QACd,QAAQ;QACR,UAAU;QACV,aAAa;KACd,CAAC,CAAC;IAEH,IAAI,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,mGAAmG,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QACzH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,kCAAkC;IACzC,OAAO,OAAO,CAAC,GAAG,CAAC,sBAAsB,EAAE,WAAW,EAAE,KAAK,QAAQ,CAAC;AACxE,CAAC;AAED,SAAS,4BAA4B,CAAC,KAAa;IACjD,IAAI,kCAAkC,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC,kCAAkC,EAAE,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAChC,IAAI,UAAU,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC3B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,kHAAkH,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QACxI,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAClD,MAAM,UAAU,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IAEpF,IAAI,UAAU,CAAC,MAAM,IAAI,EAAE,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,IAAI,EAAE,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,8CAA8C,CAAC,IAAY;IAClE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,MAAM,iBAAiB,GAAG,sGAAsG,CAAC;IAEjI,MAAM,2BAA2B,GAAG,kFAAkF,CAAC;IACvH,MAAM,wBAAwB,GAAG,oDAAoD,CAAC;IACtF,MAAM,kBAAkB,GAAG,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAErE,IAAI,kBAAkB,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/D,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,KAAK,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1B,MAAM,OAAO,GAAG,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC;QACtD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEnC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;QAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;QACrD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEjE,MAAM,4BAA4B,GAChC,2BAA2B,CAAC,IAAI,CAAC,OAAO,CAAC;YACzC,CAAC,wBAAwB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE1C,MAAM,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;YAC/C,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7B,OAAO,4BAA4B,CAAC,KAAK,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,IAAI,iBAAiB,IAAI,CAAC,4BAA4B,EAAE,CAAC;YACvD,YAAY,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,0BAA0B,CAAC,IAAY;IAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,eAAe,GAAG,+EAA+E,CAAC;IACxG,MAAM,kBAAkB,GAAG,6EAA6E,CAAC;IAEzG,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,KAAK,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QACrD,eAAe,CAAC,SAAS,GAAG,CAAC,CAAC;QAC9B,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACxC,SAAS;QACX,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;QAClD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEvD,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACrC,OAAO,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,IAAY,EAAE,QAAgB;IAClE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,MAAM,GAAG,MAAM,CAAC;IACtB,MAAM,IAAI,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAErC,wBAAwB;IACxB,MAAM,eAAe,GAAG,8CAA8C,CAAC,IAAI,CAAC,CAAC;IAC7E,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,sCAAsC;YAC7C,WAAW,EAAE,SAAS,eAAe,CAAC,MAAM,iKAAiK;YAC7M,WAAW,EAAE,eAAe;YAC5B,cAAc,EAAE,sJAAsJ;YACtK,SAAS,EAAE,wCAAwC;SACpD,CAAC,CAAC;IACL,CAAC;IAED,+BAA+B;IAC/B,MAAM,SAAS,GAAG,iDAAiD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/E,MAAM,iBAAiB,GAAG,wJAAwJ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9L,IAAI,SAAS,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACpE,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,8CAA8C;YACrD,WAAW,EAAE,gJAAgJ;YAC7J,cAAc,EAAE,gKAAgK;YAChL,SAAS,EAAE,yDAAyD;SACrE,CAAC,CAAC;IACL,CAAC;IAED,4BAA4B;IAC5B,MAAM,iBAAiB,GAAG,oEAAoE,CAAC;IAC/F,MAAM,eAAe,GAAG,cAAc,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;IAChE,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,6CAA6C;YACpD,WAAW,EAAE,0JAA0J;YACvK,WAAW,EAAE,eAAe;YAC5B,cAAc,EAAE,uIAAuI;YACvJ,SAAS,EAAE,4CAA4C;SACxD,CAAC,CAAC;IACL,CAAC;IAED,wBAAwB;IACxB,MAAM,aAAa,GAAG,0BAA0B,CAAC,IAAI,CAAC,CAAC;IACvD,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,wCAAwC;YAC/C,WAAW,EAAE,2IAA2I;YACxJ,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,0HAA0H;YAC1I,SAAS,EAAE,mDAAmD;SAC/D,CAAC,CAAC;IACL,CAAC;IAED,iCAAiC;IACjC,MAAM,YAAY,GAAG,kGAAkG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnI,IAAI,SAAS,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC/D,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,uDAAuD;YAC9D,WAAW,EAAE,yIAAyI;YACtJ,cAAc,EAAE,6IAA6I;YAC7J,SAAS,EAAE,uEAAuE;SACnF,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAC3B,MAAM,MAAM,GAAG,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpD,MAAM,YAAY,GAAG,qDAAqD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtF,MAAM,UAAU,GAAG,+BAA+B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9D,IAAI,MAAM,IAAI,UAAU,IAAI,CAAC,YAAY,EAAE,CAAC;QAC1C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,sCAAsC;YAC7C,WAAW,EAAE,6IAA6I;YAC1J,cAAc,EAAE,iHAAiH;YACjI,SAAS,EAAE,uCAAuC;SACnD,CAAC,CAAC;IACL,CAAC;IAED,wCAAwC;IACxC,MAAM,kBAAkB,GAAG,8HAA8H,CAAC;IAC1J,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;IAC1D,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,qCAAqC;YAC5C,WAAW,EAAE,wJAAwJ;YACrK,WAAW,EAAE,QAAQ;YACrB,cAAc,EAAE,0IAA0I;YAC1J,SAAS,EAAE,0CAA0C;SACtD,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,MAAM,UAAU,GAAG,4DAA4D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC3F,MAAM,SAAS,GAAG,kEAAkE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChG,IAAI,UAAU,IAAI,CAAC,SAAS,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,wCAAwC;YAC/C,WAAW,EAAE,iJAAiJ;YAC9J,cAAc,EAAE,qIAAqI;YACrJ,SAAS,EAAE,sCAAsC;SAClD,CAAC,CAAC;IACL,CAAC;IAED,mDAAmD;IACnD,MAAM,mBAAmB,GAAG,8DAA8D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtG,MAAM,iBAAiB,GAAG,kHAAkH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxJ,IAAI,mBAAmB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC9C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,oCAAoC;YAC3C,WAAW,EAAE,mJAAmJ;YAChK,cAAc,EAAE,qJAAqJ;YACrK,SAAS,EAAE,0CAA0C;SACtD,CAAC,CAAC;IACL,CAAC;IAED,2CAA2C;IAC3C,MAAM,QAAQ,GAAG,mEAAmE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChG,MAAM,UAAU,GAAG,gGAAgG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/H,IAAI,QAAQ,IAAI,CAAC,UAAU,EAAE,CAAC;QAC5B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,gDAAgD;YACvD,WAAW,EAAE,+HAA+H;YAC5I,cAAc,EAAE,6JAA6J;YAC7K,SAAS,EAAE,wCAAwC;SACpD,CAAC,CAAC;IACL,CAAC;IAED,2CAA2C;IAC3C,MAAM,aAAa,GAAG,2DAA2D,CAAC;IAClF,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;IACxD,MAAM,cAAc,GAAG,wDAAwD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC3F,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;QAC9C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,2CAA2C;YAClD,WAAW,EAAE,yIAAyI;YACtJ,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE,8IAA8I;YAC9J,SAAS,EAAE,8CAA8C;SAC1D,CAAC,CAAC;IACL,CAAC;IAED,qBAAqB;IACrB,MAAM,WAAW,GAAG,wCAAwC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxE,MAAM,OAAO,GAAG,8DAA8D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1F,IAAI,WAAW,IAAI,CAAC,OAAO,IAAI,UAAU,EAAE,CAAC;QAC1C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,wCAAwC;YAC/C,WAAW,EAAE,0IAA0I;YACvJ,cAAc,EAAE,8IAA8I;YAC9J,SAAS,EAAE,6CAA6C;SACzD,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"compliance.d.ts","sourceRoot":"","sources":["../../src/evaluators/compliance.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAItC,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"compliance.d.ts","sourceRoot":"","sources":["../../src/evaluators/compliance.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAItC,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CAsP3E"}
|
|
@@ -5,11 +5,24 @@ export function analyzeCompliance(code, language) {
|
|
|
5
5
|
const prefix = "COMP";
|
|
6
6
|
let ruleNum = 1;
|
|
7
7
|
const lang = getLangFamily(language);
|
|
8
|
+
const isCommentLikeLine = (line) => {
|
|
9
|
+
const trimmed = line.trim();
|
|
10
|
+
return (trimmed.startsWith("//") ||
|
|
11
|
+
trimmed.startsWith("/*") ||
|
|
12
|
+
trimmed.startsWith("*") ||
|
|
13
|
+
trimmed.startsWith("#") ||
|
|
14
|
+
trimmed.startsWith("--"));
|
|
15
|
+
};
|
|
8
16
|
// Detect PII handling without encryption
|
|
9
17
|
const piiFieldLines = [];
|
|
10
18
|
lines.forEach((line, i) => {
|
|
19
|
+
if (isCommentLikeLine(line))
|
|
20
|
+
return;
|
|
11
21
|
if (/(?:ssn|social_security|tax_id|passport|national_id|driver_license)/i.test(line) && !/encrypt|hash|mask|redact/i.test(line)) {
|
|
12
|
-
|
|
22
|
+
const context = lines.slice(Math.max(0, i - 4), Math.min(lines.length, i + 5)).join("\n");
|
|
23
|
+
if (/(?:save|store|insert|persist|write|log|send|post|request|payload|body|db\.)/i.test(context)) {
|
|
24
|
+
piiFieldLines.push(i + 1);
|
|
25
|
+
}
|
|
13
26
|
}
|
|
14
27
|
});
|
|
15
28
|
if (piiFieldLines.length > 0) {
|
|
@@ -105,10 +118,15 @@ export function analyzeCompliance(code, language) {
|
|
|
105
118
|
// Detect credit card number patterns (PCI DSS)
|
|
106
119
|
const cardNumberLines = [];
|
|
107
120
|
lines.forEach((line, i) => {
|
|
108
|
-
if (
|
|
121
|
+
if (isCommentLikeLine(line))
|
|
122
|
+
return;
|
|
123
|
+
const context = lines.slice(Math.max(0, i - 4), Math.min(lines.length, i + 5)).join("\n");
|
|
124
|
+
const hasPaymentContext = /(?:payment|billing|checkout|charge|\bcard(?:Number)?\b|\bpan\b|stripe|braintree|authorize|capture|transaction)/i.test(context);
|
|
125
|
+
const hasOperationalFlow = /(?:store|save|log|send|post|request|payload|body|db\.)/i.test(context);
|
|
126
|
+
if (/\b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|6(?:011|5[0-9]{2})[0-9]{12})\b/.test(line) && hasPaymentContext && hasOperationalFlow) {
|
|
109
127
|
cardNumberLines.push(i + 1);
|
|
110
128
|
}
|
|
111
|
-
if (/credit.?card|card.?number|ccn|pan\b|cardNumber/i.test(line) && !/mask|redact|encrypt|hash|tokenize|\*{4}/i.test(line)) {
|
|
129
|
+
if (/credit.?card|card.?number|ccn|pan\b|cardNumber/i.test(line) && !/mask|redact|encrypt|hash|tokenize|\*{4}/i.test(line) && hasPaymentContext && hasOperationalFlow) {
|
|
112
130
|
cardNumberLines.push(i + 1);
|
|
113
131
|
}
|
|
114
132
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"compliance.js","sourceRoot":"","sources":["../../src/evaluators/compliance.ts"],"names":[],"mappings":"AACA,OAAO,EAAsC,aAAa,EAAE,MAAM,aAAa,CAAC;AAGhF,MAAM,UAAU,iBAAiB,CAAC,IAAY,EAAE,QAAgB;IAC9D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,MAAM,CAAC;IACtB,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,IAAI,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAErC,yCAAyC;IACzC,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,qEAAqE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAChI,aAAa,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"compliance.js","sourceRoot":"","sources":["../../src/evaluators/compliance.ts"],"names":[],"mappings":"AACA,OAAO,EAAsC,aAAa,EAAE,MAAM,aAAa,CAAC;AAGhF,MAAM,UAAU,iBAAiB,CAAC,IAAY,EAAE,QAAgB;IAC9D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,MAAM,CAAC;IACtB,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,IAAI,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAErC,MAAM,iBAAiB,GAAG,CAAC,IAAY,EAAW,EAAE;QAClD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,OAAO,CACL,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;YACxB,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;YACxB,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YACvB,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YACvB,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CACzB,CAAC;IACJ,CAAC,CAAC;IAEF,yCAAyC;IACzC,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,iBAAiB,CAAC,IAAI,CAAC;YAAE,OAAO;QAEpC,IAAI,qEAAqE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAChI,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1F,IAAI,8EAA8E,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjG,aAAa,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,sCAAsC;YAC7C,WAAW,EAAE,2HAA2H;YACxI,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,iHAAiH;YACjI,SAAS,EAAE,gCAAgC;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,uCAAuC;IACvC,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,sDAAsD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACtE,aAAa,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,UAAU,GAAG,qDAAqD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpF,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;QAC5C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,0CAA0C;YACjD,WAAW,EAAE,mIAAmI;YAChJ,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,0GAA0G;YAC1H,SAAS,EAAE,qCAAqC;SACjD,CAAC,CAAC;IACL,CAAC;IAED,+BAA+B;IAC/B,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,2CAA2C,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,iDAAiD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3H,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1F,IAAI,CAAC,kDAAkD,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACtE,iBAAiB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,+CAA+C;YACtD,WAAW,EAAE,0GAA0G;YACvH,WAAW,EAAE,iBAAiB;YAC9B,cAAc,EAAE,wHAAwH;YACxI,SAAS,EAAE,yCAAyC;SACrD,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,kCAAkC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,2DAA2D,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5H,iBAAiB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAChC,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,kCAAkC;YACzC,WAAW,EAAE,yHAAyH;YACtI,WAAW,EAAE,iBAAiB;YAC9B,cAAc,EAAE,6GAA6G;YAC7H,SAAS,EAAE,mDAAmD;SAC/D,CAAC,CAAC;IACL,CAAC;IAED,6CAA6C;IAC7C,MAAM,cAAc,GAAa,EAAE,CAAC;IACpC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,uFAAuF,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvG,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1E,IAAI,CAAC,gEAAgE,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACpF,cAAc,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,yCAAyC;YAChD,WAAW,EAAE,qHAAqH;YAClI,WAAW,EAAE,cAAc;YAC3B,cAAc,EAAE,kHAAkH;YAClI,SAAS,EAAE,oCAAoC;SAChD,CAAC,CAAC;IACL,CAAC;IAED,+CAA+C;IAC/C,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,iBAAiB,CAAC,IAAI,CAAC;YAAE,OAAO;QAEpC,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1F,MAAM,iBAAiB,GAAG,iHAAiH,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC1J,MAAM,kBAAkB,GAAG,yDAAyD,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEnG,IAAI,4FAA4F,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,iBAAiB,IAAI,kBAAkB,EAAE,CAAC;YACvJ,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9B,CAAC;QACD,IAAI,iDAAiD,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,0CAA0C,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,iBAAiB,IAAI,kBAAkB,EAAE,CAAC;YACtK,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,oCAAoC;YAC3C,WAAW,EAAE,mIAAmI;YAChJ,WAAW,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,CAAC;YAC1C,cAAc,EAAE,kIAAkI;YAClJ,SAAS,EAAE,uDAAuD;SACnE,CAAC,CAAC;IACL,CAAC;IAED,oCAAoC;IACpC,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,6GAA6G,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7K,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,uDAAuD;YAC9D,WAAW,EAAE,gIAAgI;YAC7I,WAAW,EAAE,eAAe;YAC5B,cAAc,EAAE,oHAAoH;YACpI,SAAS,EAAE,uCAAuC;SACnD,CAAC,CAAC;IACL,CAAC;IAED,6CAA6C;IAC7C,MAAM,oBAAoB,GAAG,wFAAwF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjI,MAAM,cAAc,GAAG,iEAAiE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpG,IAAI,cAAc,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC5C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,8CAA8C;YACrD,WAAW,EAAE,6HAA6H;YAC1I,cAAc,EAAE,uHAAuH;YACvI,SAAS,EAAE,0DAA0D;SACtE,CAAC,CAAC;IACL,CAAC;IAED,uDAAuD;IACvD,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,mCAAmC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9F,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,oCAAoC;YAC3C,WAAW,EAAE,+GAA+G;YAC5H,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE,sHAAsH;YACtI,SAAS,EAAE,4CAA4C;SACxD,CAAC,CAAC;IACL,CAAC;IAED,+BAA+B;IAC/B,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,yFAAyF,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACzG,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,kBAAkB,GAAG,mEAAmE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1G,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACtD,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,iDAAiD;YACxD,WAAW,EAAE,yJAAyJ;YACtK,WAAW,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;YACxC,cAAc,EAAE,qGAAqG;YACrH,SAAS,EAAE,sDAAsD;SAClE,CAAC,CAAC;IACL,CAAC;IAED,mDAAmD;IACnD,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,+EAA+E,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/F,gBAAgB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,aAAa,GAAG,sDAAsD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxF,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;QAClD,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,0CAA0C;YACjD,WAAW,EAAE,sIAAsI;YACnJ,WAAW,EAAE,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;YACzC,cAAc,EAAE,uGAAuG;YACvH,SAAS,EAAE,sCAAsC;SAClD,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"configuration-management.d.ts","sourceRoot":"","sources":["../../src/evaluators/configuration-management.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAItC,wBAAgB,8BAA8B,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"configuration-management.d.ts","sourceRoot":"","sources":["../../src/evaluators/configuration-management.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAItC,wBAAgB,8BAA8B,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CAsLxF"}
|
|
@@ -6,7 +6,29 @@ export function analyzeConfigurationManagement(code, language) {
|
|
|
6
6
|
const lang = getLangFamily(language);
|
|
7
7
|
// Hardcoded secrets / credentials
|
|
8
8
|
const secretPattern = /(?:password|passwd|secret|api_?key|token|private_?key)\s*[:=]\s*["'`][^"'`]{3,}/gi;
|
|
9
|
-
const
|
|
9
|
+
const nonProductionContextPattern = /\b(?:test|tests|mock|mocks|fixture|fixtures|harness|e2e|example|sample|dummy)\b/i;
|
|
10
|
+
const productionContextPattern = /\b(?:prod|production|release|deploy|deployment)\b/i;
|
|
11
|
+
const secretLines = [];
|
|
12
|
+
if (/\b(?:describe|it|test)\s*\(/i.test(code) && !productionContextPattern.test(code)) {
|
|
13
|
+
// Skip hardcoded secret findings in explicit test modules.
|
|
14
|
+
}
|
|
15
|
+
else {
|
|
16
|
+
const lines = code.split("\n");
|
|
17
|
+
for (let index = 0; index < lines.length; index += 1) {
|
|
18
|
+
secretPattern.lastIndex = 0;
|
|
19
|
+
if (!secretPattern.test(lines[index])) {
|
|
20
|
+
continue;
|
|
21
|
+
}
|
|
22
|
+
const contextStart = Math.max(0, index - 2);
|
|
23
|
+
const contextEnd = Math.min(lines.length, index + 3);
|
|
24
|
+
const context = lines.slice(contextStart, contextEnd).join("\n");
|
|
25
|
+
const isLikelyNonProductionContext = nonProductionContextPattern.test(context) &&
|
|
26
|
+
!productionContextPattern.test(context);
|
|
27
|
+
if (!isLikelyNonProductionContext) {
|
|
28
|
+
secretLines.push(index + 1);
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
}
|
|
10
32
|
if (secretLines.length > 0) {
|
|
11
33
|
findings.push({
|
|
12
34
|
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"configuration-management.js","sourceRoot":"","sources":["../../src/evaluators/configuration-management.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAsB,aAAa,EAAE,MAAM,aAAa,CAAC;AAGhF,MAAM,UAAU,8BAA8B,CAAC,IAAY,EAAE,QAAgB;IAC3E,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,MAAM,GAAG,KAAK,CAAC;IACrB,MAAM,IAAI,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAErC,kCAAkC;IAClC,MAAM,aAAa,GAAG,mFAAmF,CAAC;IAC1G,MAAM,WAAW,GAAG,
|
|
1
|
+
{"version":3,"file":"configuration-management.js","sourceRoot":"","sources":["../../src/evaluators/configuration-management.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAsB,aAAa,EAAE,MAAM,aAAa,CAAC;AAGhF,MAAM,UAAU,8BAA8B,CAAC,IAAY,EAAE,QAAgB;IAC3E,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,MAAM,GAAG,KAAK,CAAC;IACrB,MAAM,IAAI,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAErC,kCAAkC;IAClC,MAAM,aAAa,GAAG,mFAAmF,CAAC;IAC1G,MAAM,2BAA2B,GAAG,kFAAkF,CAAC;IACvH,MAAM,wBAAwB,GAAG,oDAAoD,CAAC;IACtF,MAAM,WAAW,GAAa,EAAE,CAAC;IAEjC,IAAI,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACtF,2DAA2D;IAC7D,CAAC;SAAM,CAAC;QAEN,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC/B,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,KAAK,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;YACrD,aAAa,CAAC,SAAS,GAAG,CAAC,CAAC;YAC5B,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;gBACtC,SAAS;YACX,CAAC;YAED,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YACrD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjE,MAAM,4BAA4B,GAChC,2BAA2B,CAAC,IAAI,CAAC,OAAO,CAAC;gBACzC,CAAC,wBAAwB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAE1C,IAAI,CAAC,4BAA4B,EAAE,CAAC;gBAClC,WAAW,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,kCAAkC;YACzC,WAAW,EAAE,SAAS,WAAW,CAAC,MAAM,4JAA4J;YACpM,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE,gKAAgK;YAChL,SAAS,EAAE,mDAAmD;SAC/D,CAAC,CAAC;IACL,CAAC;IAED,iCAAiC;IACjC,MAAM,sBAAsB,GAAG,oHAAoH,CAAC;IACpJ,MAAM,oBAAoB,GAAG,cAAc,CAAC,IAAI,EAAE,sBAAsB,CAAC,CAAC;IAC1E,IAAI,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,wDAAwD;YAC/D,WAAW,EAAE,SAAS,oBAAoB,CAAC,MAAM,sIAAsI;YACvL,WAAW,EAAE,oBAAoB;YACjC,cAAc,EAAE,4JAA4J;YAC5K,SAAS,EAAE,oCAAoC;SAChD,CAAC,CAAC;IACL,CAAC;IAED,gCAAgC;IAChC,MAAM,UAAU,GAAG,gGAAgG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/H,MAAM,SAAS,GAAG,iEAAiE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/F,IAAI,CAAC,UAAU,IAAI,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC7D,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,wCAAwC;YAC/C,WAAW,EAAE,wKAAwK;YACrL,cAAc,EAAE,6JAA6J;YAC7K,SAAS,EAAE,oCAAoC;SAChD,CAAC,CAAC;IACL,CAAC;IAED,+BAA+B;IAC/B,MAAM,mBAAmB,GAAG,+FAA+F,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvI,IAAI,SAAS,IAAI,CAAC,mBAAmB,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACtE,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,wCAAwC;YAC/C,WAAW,EAAE,6JAA6J;YAC1K,cAAc,EAAE,8IAA8I;YAC9J,SAAS,EAAE,qCAAqC;SACjD,CAAC,CAAC;IACL,CAAC;IAED,yDAAyD;IACzD,MAAM,mBAAmB,GAAG,qDAAqD,CAAC;IAClF,MAAM,YAAY,GAAG,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,UAAU,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjD,qEAAqE;IACrE,IAAI,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC/C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,kDAAkD;YACzD,WAAW,EAAE,sKAAsK;YACnL,cAAc,EAAE,uJAAuJ;YACvK,SAAS,EAAE,+CAA+C;SAC3D,CAAC,CAAC;IACL,CAAC;IAED,wCAAwC;IACxC,MAAM,mBAAmB,GAAG,iEAAiE,CAAC;IAC9F,MAAM,iBAAiB,GAAG,cAAc,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;IACpE,MAAM,qBAAqB,GAAG,uCAAuC,CAAC;IACtE,MAAM,eAAe,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;IACzE,MAAM,QAAQ,GAAG,iBAAiB,CAAC,MAAM,CAAC;IAC1C,IAAI,QAAQ,GAAG,CAAC,IAAI,eAAe,KAAK,CAAC,EAAE,CAAC;QAC1C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,6CAA6C;YACpD,WAAW,EAAE,SAAS,QAAQ,qIAAqI;YACnK,WAAW,EAAE,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;YAC1C,cAAc,EAAE,sJAAsJ;YACtK,SAAS,EAAE,sCAAsC;SAClD,CAAC,CAAC;IACL,CAAC;IAED,0BAA0B;IAC1B,MAAM,kBAAkB,GAAG,iGAAiG,CAAC;IAC7H,MAAM,gBAAgB,GAAG,cAAc,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;IAClE,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,sCAAsC;YAC7C,WAAW,EAAE,SAAS,gBAAgB,CAAC,MAAM,uGAAuG;YACpJ,WAAW,EAAE,gBAAgB;YAC7B,cAAc,EAAE,8IAA8I;YAC9J,SAAS,EAAE,8DAA8D;SAC1E,CAAC,CAAC;IACL,CAAC;IAED,+BAA+B;IAC/B,MAAM,UAAU,GAAG,0DAA0D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzF,MAAM,WAAW,GAAG,8DAA8D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9F,IAAI,UAAU,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC/D,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,uCAAuC;YAC9C,WAAW,EAAE,iKAAiK;YAC9K,cAAc,EAAE,6KAA6K;YAC7L,SAAS,EAAE,sDAAsD;SAClE,CAAC,CAAC;IACL,CAAC;IAED,wCAAwC;IACxC,MAAM,eAAe,GAAG,kFAAkF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtH,IAAI,UAAU,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACnE,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,0CAA0C;YACjD,WAAW,EAAE,8KAA8K;YAC3L,cAAc,EAAE,4JAA4J;YAC5K,SAAS,EAAE,iDAAiD;SAC7D,CAAC,CAAC;IACL,CAAC;IAED,4BAA4B;IAC5B,MAAM,kBAAkB,GAAG,yHAAyH,CAAC;IACrJ,MAAM,gBAAgB,GAAG,cAAc,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;IAClE,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,kDAAkD;YACzD,WAAW,EAAE,SAAS,gBAAgB,CAAC,MAAM,yIAAyI;YACtL,WAAW,EAAE,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;YACzC,cAAc,EAAE,+JAA+J;YAC/K,SAAS,EAAE,4CAA4C;SACxD,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cybersecurity.d.ts","sourceRoot":"","sources":["../../src/evaluators/cybersecurity.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAItC,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"cybersecurity.d.ts","sourceRoot":"","sources":["../../src/evaluators/cybersecurity.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAItC,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CAoU9E"}
|