@kevinrabun/judges 3.11.3 → 3.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +136 -0
- package/README.md +3 -3
- package/dist/evaluators/data-sovereignty.d.ts.map +1 -1
- package/dist/evaluators/data-sovereignty.js +157 -0
- package/dist/evaluators/data-sovereignty.js.map +1 -1
- package/dist/evaluators/iac-security.js +1 -1
- package/dist/evaluators/iac-security.js.map +1 -1
- package/dist/judges/data-sovereignty.d.ts.map +1 -1
- package/dist/judges/data-sovereignty.js +25 -9
- package/dist/judges/data-sovereignty.js.map +1 -1
- package/package.json +1 -1
- package/server.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,120 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to **@kevinrabun/judges** are documented here.
|
|
4
4
|
|
|
5
|
+
## [3.12.0] — 2026-03-01
|
|
6
|
+
|
|
7
|
+
### Added
|
|
8
|
+
- **Technological sovereignty rules** — 3 new evaluator rules:
|
|
9
|
+
- **SOV-011**: Vendor-managed encryption without key sovereignty (BYOK/CMK/HSM).
|
|
10
|
+
- **SOV-012**: Proprietary AI/ML model dependency without abstraction layer.
|
|
11
|
+
- **SOV-013**: Single identity provider coupling without OIDC/SAML federation.
|
|
12
|
+
- **Operational sovereignty rules** — 3 new evaluator rules:
|
|
13
|
+
- **SOV-014**: External API calls without circuit breaker / resilience patterns.
|
|
14
|
+
- **SOV-015**: Administrative operations without structured audit trail.
|
|
15
|
+
- **SOV-016**: Data storage without export / portability mechanism.
|
|
16
|
+
- **3-pillar sovereignty systemPrompt** — judge definition expanded with 20 evaluation criteria across Data, Technological & Operational sovereignty pillars.
|
|
17
|
+
- **13 new tests** for technological and operational sovereignty rules including comment-skipping regression (925 total tests, 190 suites).
|
|
18
|
+
|
|
19
|
+
### Changed
|
|
20
|
+
- **Judge name** — "Judge Data Sovereignty" → "Judge Sovereignty".
|
|
21
|
+
- **Judge domain** — "Data Sovereignty & Jurisdictional Controls" → "Data, Technological & Operational Sovereignty".
|
|
22
|
+
- **README** — test badge 912 → 925; Data Sovereignty row and MCP prompt expanded.
|
|
23
|
+
|
|
24
|
+
## [3.11.4] — 2026-03-01
|
|
25
|
+
|
|
26
|
+
### Fixed
|
|
27
|
+
- **Zero lint errors** — resolved all remaining PROBLEMS across `daily-popular-repo-autofix.ts` (unused `RepoTimeoutError` class), `judges.test.ts` (9 unused imports), and `iac-security.ts` (unused post-increment value).
|
|
28
|
+
- **9 new comment-skipping regression tests** — authentication, API design, dependency health, compliance, observability, testing, internationalization, documentation, and ethics-bias evaluators now have dedicated false-positive regression tests (912 total tests, 188 suites).
|
|
29
|
+
|
|
30
|
+
### Changed
|
|
31
|
+
- **CHANGELOG** — added missing entries for v3.8.5 through v3.11.3 with link references.
|
|
32
|
+
- **README** — test badge updated from 842 to 912.
|
|
33
|
+
- **CONTRIBUTING** — test count updated from 700+ to 900+.
|
|
34
|
+
- **SECURITY** — supported versions table updated to reflect 3.11.x as current.
|
|
35
|
+
|
|
36
|
+
## [3.11.3] — 2026-03-01
|
|
37
|
+
|
|
38
|
+
### Fixed
|
|
39
|
+
- **Systemic comment-skipping across all evaluators** — added `isCommentLine()` helper to `shared.ts` with `COMMENT_LINE_RE` regex. `getLineNumbers()` and `getLangLineNumbers()` now skip comment lines by default. Added 123 individual `isCommentLine` guards to `forEach`/`for` loops across 20 evaluators. 9 intentional comment checks (TODO/FIXME, linter-disable, etc.) opted out with `{ skipComments: false }`.
|
|
40
|
+
- Added 10 regression tests for comment-skipping false positives (903 total tests, 188 suites).
|
|
41
|
+
|
|
42
|
+
## [3.11.2] — 2026-03-01
|
|
43
|
+
|
|
44
|
+
### Fixed
|
|
45
|
+
- **Recursion detector** limited body scan to actual function boundaries — previously could false-positive on identically named functions elsewhere in the file.
|
|
46
|
+
- **`var` in comments** no longer triggers maintainability or software-practices findings (`var oldConfig = {}` in a comment is not a code issue).
|
|
47
|
+
|
|
48
|
+
## [3.11.1] — 2026-03-01
|
|
49
|
+
|
|
50
|
+
### Fixed
|
|
51
|
+
- **Testing evaluator** — `describe`/`it` labels and word boundaries for `HttpClient` no longer produce false positives.
|
|
52
|
+
- **Data-sovereignty evaluator** — `export` embedded in identifiers and env vars no longer triggers; added word boundaries to `dr` and `replica` checks.
|
|
53
|
+
- **Documentation evaluator** — walks backwards through comment body for long JSDoc blocks to avoid false-positive "missing documentation" findings.
|
|
54
|
+
|
|
55
|
+
## [3.11.0] — 2026-03-01
|
|
56
|
+
|
|
57
|
+
### Fixed
|
|
58
|
+
- **N+1 query check** now scans actual loop bodies instead of the entire file — eliminates false positives when queries exist outside loops.
|
|
59
|
+
- **Retry detection** recognizes `p-retry` and `backoff` libraries.
|
|
60
|
+
- **Cost-effectiveness** skips comment lines in loop detection.
|
|
61
|
+
- **Accessibility** skips comment and declaration lines.
|
|
62
|
+
- **Data-sovereignty** skips comment lines.
|
|
63
|
+
- **External dependency** detection skips comment lines.
|
|
64
|
+
- **API doc check** no longer false-positives on large JSDoc blocks.
|
|
65
|
+
|
|
66
|
+
## [3.10.1] — 2026-03-01
|
|
67
|
+
|
|
68
|
+
### Fixed
|
|
69
|
+
- **Auto-fix button** no longer falsely reports code changed when no patches were applied.
|
|
70
|
+
|
|
71
|
+
## [3.10.0] — 2026-03-01
|
|
72
|
+
|
|
73
|
+
### Added
|
|
74
|
+
- **IaC Security judge** (`IAC-*` rules) — Infrastructure-as-Code analysis for Terraform (`.tf`), Bicep (`.bicep`), and ARM templates (`.json`). Checks for overly permissive network rules, missing encryption, public access, hardcoded secrets in IaC definitions, and 15 other IaC-specific anti-patterns.
|
|
75
|
+
|
|
76
|
+
## [3.9.3] — 2026-03-01
|
|
77
|
+
|
|
78
|
+
### Improved
|
|
79
|
+
- **VS Code extension** — "Re-Evaluate" is now a chat followup that streams updated findings into chat (previously showed only a toast). Context-aware followups for `/security` and workspace reviews. Post-fix followup after `/fix`.
|
|
80
|
+
- **Auto-fix clarity** — each finding tagged with 🔧 (auto-fixable) or 📝 (manual review). Fixability summary in header. Dynamic button label ("Auto-Fix N of M Findings"). Button hidden when no findings are auto-fixable.
|
|
81
|
+
|
|
82
|
+
## [3.9.2] — 2026-03-01
|
|
83
|
+
|
|
84
|
+
### Fixed
|
|
85
|
+
- **VS Code extension** — populated findings cache directly from chat review results; fixed Auto-Fix All and Re-Evaluate buttons not working after chat review.
|
|
86
|
+
|
|
87
|
+
## [3.9.1] — 2026-03-01
|
|
88
|
+
|
|
89
|
+
### Added
|
|
90
|
+
- **Workspace-wide review** — `@judges /review` in Copilot Chat can now evaluate all supported files in the workspace with progress reporting.
|
|
91
|
+
|
|
92
|
+
### Fixed
|
|
93
|
+
- **Tree-sitter AST** — made `tree-sitter-ast.ts` work in both ESM and CJS bundles.
|
|
94
|
+
- Added missing `toolReferenceName` to `languageModelTools` manifest.
|
|
95
|
+
|
|
96
|
+
## [3.9.0] — 2026-03-01
|
|
97
|
+
|
|
98
|
+
### Added
|
|
99
|
+
- **`@judges` chat participant** — type `@judges` in Copilot Chat to review, security-check, or auto-fix files. Slash commands: `/review`, `/security`, `/fix`, `/help`.
|
|
100
|
+
- **`judges_evaluate` Language Model tool** — registered via `vscode.lm.registerTool` so Copilot auto-discovers and invokes Judges evaluation.
|
|
101
|
+
- Disambiguation routing: Copilot auto-routes "judges panel review", "judges evaluation" queries.
|
|
102
|
+
- Domain-focused reviews and action buttons in chat responses.
|
|
103
|
+
|
|
104
|
+
## [3.8.7] — 2026-03-01
|
|
105
|
+
|
|
106
|
+
### Fixed
|
|
107
|
+
- Daily popular-repo autofix timeout and performance improvements.
|
|
108
|
+
|
|
109
|
+
## [3.8.6] — 2026-03-01
|
|
110
|
+
|
|
111
|
+
### Fixed
|
|
112
|
+
- Added `onChatParticipant` activation event for `@judges` in VS Code extension.
|
|
113
|
+
|
|
114
|
+
## [3.8.5] — 2026-03-01
|
|
115
|
+
|
|
116
|
+
### Security
|
|
117
|
+
- Replaced ReDoS-prone regex with `indexOf` in `project.ts` (CodeQL alert 35).
|
|
118
|
+
|
|
5
119
|
## [3.8.4] — 2026-03-01
|
|
6
120
|
|
|
7
121
|
### Security
|
|
@@ -266,6 +380,28 @@ All notable changes to **@kevinrabun/judges** are documented here.
|
|
|
266
380
|
|
|
267
381
|
---
|
|
268
382
|
|
|
383
|
+
[3.11.4]: https://github.com/KevinRabun/judges/compare/v3.11.3...v3.11.4
|
|
384
|
+
[3.11.3]: https://github.com/KevinRabun/judges/compare/v3.11.2...v3.11.3
|
|
385
|
+
[3.11.2]: https://github.com/KevinRabun/judges/compare/v3.11.1...v3.11.2
|
|
386
|
+
[3.11.1]: https://github.com/KevinRabun/judges/compare/v3.11.0...v3.11.1
|
|
387
|
+
[3.11.0]: https://github.com/KevinRabun/judges/compare/v3.10.1...v3.11.0
|
|
388
|
+
[3.10.1]: https://github.com/KevinRabun/judges/compare/v3.10.0...v3.10.1
|
|
389
|
+
[3.10.0]: https://github.com/KevinRabun/judges/compare/v3.9.3...v3.10.0
|
|
390
|
+
[3.9.3]: https://github.com/KevinRabun/judges/compare/v3.9.2...v3.9.3
|
|
391
|
+
[3.9.2]: https://github.com/KevinRabun/judges/compare/v3.9.1...v3.9.2
|
|
392
|
+
[3.9.1]: https://github.com/KevinRabun/judges/compare/v3.9.0...v3.9.1
|
|
393
|
+
[3.9.0]: https://github.com/KevinRabun/judges/compare/v3.8.7...v3.9.0
|
|
394
|
+
[3.8.7]: https://github.com/KevinRabun/judges/compare/v3.8.6...v3.8.7
|
|
395
|
+
[3.8.6]: https://github.com/KevinRabun/judges/compare/v3.8.5...v3.8.6
|
|
396
|
+
[3.8.5]: https://github.com/KevinRabun/judges/compare/v3.8.4...v3.8.5
|
|
397
|
+
[3.8.4]: https://github.com/KevinRabun/judges/compare/v3.8.3...v3.8.4
|
|
398
|
+
[3.8.3]: https://github.com/KevinRabun/judges/compare/v3.8.2...v3.8.3
|
|
399
|
+
[3.8.2]: https://github.com/KevinRabun/judges/compare/v3.8.1...v3.8.2
|
|
400
|
+
[3.8.1]: https://github.com/KevinRabun/judges/compare/v3.8.0...v3.8.1
|
|
401
|
+
[3.8.0]: https://github.com/KevinRabun/judges/compare/v3.7.3...v3.8.0
|
|
402
|
+
[3.7.3]: https://github.com/KevinRabun/judges/compare/v3.7.2...v3.7.3
|
|
403
|
+
[3.7.2]: https://github.com/KevinRabun/judges/compare/v3.7.1...v3.7.2
|
|
404
|
+
[3.7.1]: https://github.com/KevinRabun/judges/compare/v3.7.0...v3.7.1
|
|
269
405
|
[3.7.0]: https://github.com/KevinRabun/judges/compare/v3.6.0...v3.7.0
|
|
270
406
|
[3.6.0]: https://github.com/KevinRabun/judges/compare/v3.5.0...v3.6.0
|
|
271
407
|
[3.5.0]: https://github.com/KevinRabun/judges/compare/v3.4.0...v3.5.0
|
package/README.md
CHANGED
|
@@ -11,7 +11,7 @@ An MCP (Model Context Protocol) server that provides a panel of **35 specialized
|
|
|
11
11
|
[](https://www.npmjs.com/package/@kevinrabun/judges)
|
|
12
12
|
[](https://www.npmjs.com/package/@kevinrabun/judges)
|
|
13
13
|
[](https://opensource.org/licenses/MIT)
|
|
14
|
-
[](https://github.com/KevinRabun/judges/actions)
|
|
15
15
|
|
|
16
16
|
---
|
|
17
17
|
|
|
@@ -633,7 +633,7 @@ const svg2 = generateBadgeSvg(75, "quality"); // custom label
|
|
|
633
633
|
| **Observability** | Observability & Monitoring | `OBS-` | Structured logging, health checks, metrics, tracing |
|
|
634
634
|
| **Performance** | Performance & Efficiency | `PERF-` | N+1 queries, sync I/O, caching, memory leaks |
|
|
635
635
|
| **Compliance** | Regulatory Compliance | `COMP-` | GDPR/CCPA, PII protection, consent, data retention, audit trails |
|
|
636
|
-
| **Data Sovereignty** | Data
|
|
636
|
+
| **Data Sovereignty** | Data, Technological & Operational Sovereignty | `SOV-` | Data residency, cross-border transfers, vendor key management, AI model portability, identity federation, circuit breakers, audit trails, data export |
|
|
637
637
|
| **Testing** | Testing & Quality Assurance | `TEST-` | Test coverage, assertions, test isolation, naming |
|
|
638
638
|
| **Documentation** | Documentation & Readability | `DOC-` | JSDoc/docstrings, magic numbers, TODOs, code comments |
|
|
639
639
|
| **Internationalization** | Internationalization (i18n) | `I18N-` | Hardcoded strings, locale handling, currency formatting |
|
|
@@ -956,7 +956,7 @@ Each judge has a corresponding prompt for LLM-powered deep analysis:
|
|
|
956
956
|
| `judge-observability` | Deep observability & monitoring review |
|
|
957
957
|
| `judge-performance` | Deep performance optimization review |
|
|
958
958
|
| `judge-compliance` | Deep regulatory compliance review |
|
|
959
|
-
| `judge-data-sovereignty` | Deep data
|
|
959
|
+
| `judge-data-sovereignty` | Deep data, technological & operational sovereignty review |
|
|
960
960
|
| `judge-testing` | Deep testing quality review |
|
|
961
961
|
| `judge-documentation` | Deep documentation quality review |
|
|
962
962
|
| `judge-internationalization` | Deep i18n review |
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"data-sovereignty.d.ts","sourceRoot":"","sources":["../../src/evaluators/data-sovereignty.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"data-sovereignty.d.ts","sourceRoot":"","sources":["../../src/evaluators/data-sovereignty.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAG3C,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,EAAE,CA4gBjF"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { isCommentLine } from "./shared.js";
|
|
1
2
|
export function analyzeDataSovereignty(code, _language) {
|
|
2
3
|
const findings = [];
|
|
3
4
|
const lines = code.split("\n");
|
|
@@ -205,6 +206,162 @@ export function analyzeDataSovereignty(code, _language) {
|
|
|
205
206
|
confidence: 0.8,
|
|
206
207
|
});
|
|
207
208
|
}
|
|
209
|
+
// ═══════════════════════════════════════════════════════════════════════════
|
|
210
|
+
// TECHNOLOGICAL SOVEREIGNTY
|
|
211
|
+
// Detect vendor lock-in, proprietary dependency risk, and lack of
|
|
212
|
+
// technology-stack independence that undermines sovereign control.
|
|
213
|
+
// ═══════════════════════════════════════════════════════════════════════════
|
|
214
|
+
// ── SOV-011: Vendor-managed encryption without key sovereignty ──────────
|
|
215
|
+
const kmsLines = [];
|
|
216
|
+
lines.forEach((line, index) => {
|
|
217
|
+
const trimmed = line.trim();
|
|
218
|
+
if (isCommentLine(trimmed))
|
|
219
|
+
return;
|
|
220
|
+
if (/(?:aws\.?kms|kms\.encrypt|kms\.decrypt|kms\.generateDataKey|@aws-sdk\/client-kms|Azure\.KeyVault|CryptographyClient|keyVaultClient|google\.cloud\.kms|CloudKMS|KmsKeyRing)/i.test(line) &&
|
|
221
|
+
!/byok|bring.?your.?own.?key|hsm|import.?key|customer.?managed|cmk|external.?key|key.?wrap|key.?import/i.test(line)) {
|
|
222
|
+
kmsLines.push(index + 1);
|
|
223
|
+
}
|
|
224
|
+
});
|
|
225
|
+
if (kmsLines.length > 0) {
|
|
226
|
+
findings.push({
|
|
227
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
228
|
+
severity: "medium",
|
|
229
|
+
title: "Vendor-managed encryption without key sovereignty",
|
|
230
|
+
description: "Code uses cloud-provider key management services (KMS) without visible BYOK (Bring Your Own Key), customer-managed key (CMK), or HSM key-import patterns. Provider-managed keys mean the cloud vendor retains ultimate control over cryptographic material, undermining technological sovereignty.",
|
|
231
|
+
lineNumbers: kmsLines.slice(0, 10),
|
|
232
|
+
recommendation: "Use customer-managed keys (CMK) or import keys via BYOK/HSM to retain cryptographic sovereignty. Document key lifecycle ownership and ensure keys can be rotated independently of the cloud provider.",
|
|
233
|
+
reference: "Cloud Key Sovereignty / BYOK Best Practices",
|
|
234
|
+
suggestedFix: "Import your own key material: const key = await kmsClient.importKey({ keyMaterial: localHsmKey, wrappingAlgorithm: 'RSA_AES_KEY_WRAP_SHA_256' }); — or configure customer-managed keys (CMK) for all encryption-at-rest resources.",
|
|
235
|
+
confidence: 0.8,
|
|
236
|
+
});
|
|
237
|
+
}
|
|
238
|
+
// ── SOV-012: Proprietary AI/ML model dependency without abstraction ─────
|
|
239
|
+
const aiVendorLines = [];
|
|
240
|
+
lines.forEach((line, index) => {
|
|
241
|
+
const trimmed = line.trim();
|
|
242
|
+
if (isCommentLine(trimmed))
|
|
243
|
+
return;
|
|
244
|
+
if (/(?:@aws-sdk\/client-bedrock|BedrockRuntimeClient|InvokeModelCommand|@azure\/openai|AzureOpenAI|OpenAIClient|@google-cloud\/aiplatform|PredictionServiceClient|@google-cloud\/vertexai|VertexAI|@aws-sdk\/client-rekognition|@aws-sdk\/client-textract|@aws-sdk\/client-comprehend|CognitiveServicesCredentials|TextAnalyticsClient|ComputerVisionClient|google\.cloud\.vision|google\.cloud\.language|google\.cloud\.speech)/i.test(line) &&
|
|
245
|
+
!/interface\s+\w*(?:AI|Model|LLM|Inference|Predict)\w*|abstract\s+class|implements\s+\w*(?:AI|Model|LLM)\w*|adapter|provider.?pattern|strategy.?pattern/i.test(line)) {
|
|
246
|
+
aiVendorLines.push(index + 1);
|
|
247
|
+
}
|
|
248
|
+
});
|
|
249
|
+
const hasAiAbstraction = /interface\s+\w*(?:AI|Model|LLM|Inference|Predict|Embedding|Completion)\w*/i.test(code) ||
|
|
250
|
+
/(?:adapter|provider|strategy).*(?:AI|Model|LLM)/i.test(code) ||
|
|
251
|
+
/(?:openai|ollama|huggingface|transformers|vllm|litellm|langchain)/i.test(code);
|
|
252
|
+
if (aiVendorLines.length > 0 && !hasAiAbstraction) {
|
|
253
|
+
findings.push({
|
|
254
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
255
|
+
severity: "medium",
|
|
256
|
+
title: "Proprietary AI/ML service dependency without model portability",
|
|
257
|
+
description: "Code directly imports vendor-specific AI/ML SDKs (AWS Bedrock, Azure OpenAI, Google Vertex AI, or vendor cognitive services) without an abstraction layer. This creates tight coupling to a single vendor's AI platform, limiting model portability and technological sovereignty.",
|
|
258
|
+
lineNumbers: aiVendorLines.slice(0, 10),
|
|
259
|
+
recommendation: "Introduce an AI provider abstraction (interface/adapter) that decouples business logic from the specific vendor SDK. Consider open-source model runners (Ollama, vLLM, HuggingFace Transformers) or multi-provider libraries (LiteLLM, LangChain) for model portability.",
|
|
260
|
+
reference: "Technological Sovereignty / AI Model Portability",
|
|
261
|
+
suggestedFix: "Define a provider-agnostic interface: interface IModelProvider { complete(prompt: string): Promise<string>; } — and wrap each vendor SDK in an adapter implementing this interface.",
|
|
262
|
+
confidence: 0.75,
|
|
263
|
+
});
|
|
264
|
+
}
|
|
265
|
+
// ── SOV-013: Single identity provider coupling ──────────────────────────
|
|
266
|
+
const idpLines = [];
|
|
267
|
+
lines.forEach((line, index) => {
|
|
268
|
+
const trimmed = line.trim();
|
|
269
|
+
if (isCommentLine(trimmed))
|
|
270
|
+
return;
|
|
271
|
+
if (/(?:@aws-sdk\/client-cognito|CognitoIdentityProviderClient|CognitoUserPool|@azure\/msal|ConfidentialClientApplication|PublicClientApplication|@azure\/identity|google-auth-library|GoogleAuth|firebase\/auth|signInWithGoogle|Auth0Client|@auth0\/auth0-react)/i.test(line) &&
|
|
272
|
+
!/oidc|openid|saml|federation|multi.?provider|identity.?broker|passport|next-?auth|keycloak|casdoor/i.test(line)) {
|
|
273
|
+
idpLines.push(index + 1);
|
|
274
|
+
}
|
|
275
|
+
});
|
|
276
|
+
const hasIdpAbstraction = /(?:oidc|openid.?connect|saml|federation|identity.?broker|passport\.use|NextAuth|next-?auth|keycloak|multi.?provider)/i.test(code);
|
|
277
|
+
if (idpLines.length > 0 && !hasIdpAbstraction) {
|
|
278
|
+
findings.push({
|
|
279
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
280
|
+
severity: "medium",
|
|
281
|
+
title: "Single identity provider coupling without federation",
|
|
282
|
+
description: "Authentication is tightly coupled to a single vendor-specific identity provider (Cognito, MSAL/Entra ID, Google Auth, Auth0, Firebase Auth) without visible OIDC/SAML federation or multi-provider abstraction. Single-vendor identity dependency creates operational risk and limits sovereignty over user authentication flows.",
|
|
283
|
+
lineNumbers: idpLines.slice(0, 10),
|
|
284
|
+
recommendation: "Implement identity federation using standard protocols (OpenID Connect, SAML 2.0). Use an identity broker (Keycloak, NextAuth, Passport.js with multiple strategies) that supports multiple upstream providers. This ensures authentication sovereignty and provider portability.",
|
|
285
|
+
reference: "Technological Sovereignty / Identity Federation",
|
|
286
|
+
suggestedFix: "Use an identity abstraction layer: configure Passport.js with multiple strategies (passport.use('oidc', new OidcStrategy(...))), or use NextAuth with pluggable providers to avoid single-vendor lock-in.",
|
|
287
|
+
confidence: 0.75,
|
|
288
|
+
});
|
|
289
|
+
}
|
|
290
|
+
// ═══════════════════════════════════════════════════════════════════════════
|
|
291
|
+
// OPERATIONAL SOVEREIGNTY
|
|
292
|
+
// Detect patterns that undermine an organization's ability to operate
|
|
293
|
+
// independently — missing resilience, audit trails, and data portability.
|
|
294
|
+
// ═══════════════════════════════════════════════════════════════════════════
|
|
295
|
+
// ── SOV-014: External API calls without circuit breaker / resilience ────
|
|
296
|
+
const externalCallLines = [];
|
|
297
|
+
lines.forEach((line, index) => {
|
|
298
|
+
const trimmed = line.trim();
|
|
299
|
+
if (isCommentLine(trimmed))
|
|
300
|
+
return;
|
|
301
|
+
if (/(?:fetch\(|axios\.|got\(|superagent|request\(|httpClient|HttpClient|http\.(?:get|post|put|delete)|urllib|requests\.(?:get|post|put|delete)|reqwest|hyper::Client)/i.test(line) &&
|
|
302
|
+
!/circuit.?breaker|fallback|retry|timeout|AbortController|signal|AbortSignal|deadline|backoff|resilience|polly|cockatiel|opossum/i.test(line)) {
|
|
303
|
+
externalCallLines.push(index + 1);
|
|
304
|
+
}
|
|
305
|
+
});
|
|
306
|
+
const hasResiliencePattern = /(?:circuit.?breaker|CircuitBreaker|opossum|cockatiel|polly|resilience4j|Hystrix|retry.?policy|exponential.?backoff|fallback.?handler|AbortController|timeout.*fetch|fetch.*timeout)/i.test(code);
|
|
307
|
+
if (externalCallLines.length > 2 && !hasResiliencePattern && code.split("\n").length > 20) {
|
|
308
|
+
findings.push({
|
|
309
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
310
|
+
severity: "medium",
|
|
311
|
+
title: "External API calls without circuit breaker or resilience pattern",
|
|
312
|
+
description: "Multiple external HTTP calls are made without visible circuit breaker, retry/backoff, or timeout patterns. This creates operational dependency on external services — if they degrade or become unavailable, your system has no autonomy to gracefully degrade or fail fast.",
|
|
313
|
+
lineNumbers: externalCallLines.slice(0, 10),
|
|
314
|
+
recommendation: "Wrap external API calls with circuit breaker patterns (opossum, cockatiel, Polly, resilience4j). Add timeouts via AbortController/AbortSignal. Implement fallback responses for degraded-mode operation to maintain operational sovereignty.",
|
|
315
|
+
reference: "Operational Sovereignty / Resilience Patterns",
|
|
316
|
+
suggestedFix: "Add a circuit breaker: const breaker = new CircuitBreaker(fetchExternal, { timeout: 5000, errorThresholdPercentage: 50 }); breaker.fallback(() => cachedResponse); — and use AbortController for request-level timeouts.",
|
|
317
|
+
confidence: 0.75,
|
|
318
|
+
});
|
|
319
|
+
}
|
|
320
|
+
// ── SOV-015: Administrative operations without audit trail ──────────────
|
|
321
|
+
const adminOpLines = [];
|
|
322
|
+
lines.forEach((line, index) => {
|
|
323
|
+
const trimmed = line.trim();
|
|
324
|
+
if (isCommentLine(trimmed))
|
|
325
|
+
return;
|
|
326
|
+
if (/(?:\.delete\(|\.destroy\(|\.drop\(|\.truncate\(|\.revoke\(|\.disable\(|\.suspend\(|\.terminate\(|\.purge\(|\.wipe\(|\.removeAll\(|\.deleteMany\(|\.dropTable|\.dropDatabase|\.dropCollection|admin\.(?:create|delete|update|grant|revoke)|setRole|assignRole|revokeRole|changePassword|resetPassword)/i.test(line) &&
|
|
327
|
+
!/audit|log\.|logger\.|console\.|track|record|emit.*event|chronicle|journal/i.test(line)) {
|
|
328
|
+
adminOpLines.push(index + 1);
|
|
329
|
+
}
|
|
330
|
+
});
|
|
331
|
+
const hasAuditPattern = /(?:audit.?log|audit.?trail|audit.?event|audit.?record|AuditLogger|createAuditEntry|logAuditEvent|emitAuditEvent|chronicle|compliance.?log)/i.test(code);
|
|
332
|
+
if (adminOpLines.length > 0 && !hasAuditPattern && code.split("\n").length > 15) {
|
|
333
|
+
findings.push({
|
|
334
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
335
|
+
severity: "high",
|
|
336
|
+
title: "Administrative operations without audit trail",
|
|
337
|
+
description: "Destructive or privileged operations (delete, destroy, drop, revoke, role changes, password resets) are performed without visible audit logging. Without audit trails, the organization loses operational sovereignty — the ability to independently verify who did what, when, and why.",
|
|
338
|
+
lineNumbers: adminOpLines.slice(0, 10),
|
|
339
|
+
recommendation: "Log all administrative and destructive operations to a tamper-evident audit trail. Include actor identity, timestamp, operation type, affected resource, and outcome. Store audit logs in a separate, append-only store with retention policies.",
|
|
340
|
+
reference: "Operational Sovereignty / Audit Trail Requirements",
|
|
341
|
+
suggestedFix: "Add audit logging before each destructive operation: auditLogger.log({ actor: ctx.userId, action: 'DELETE', resource: resourceId, timestamp: new Date().toISOString(), outcome: 'success' });",
|
|
342
|
+
confidence: 0.8,
|
|
343
|
+
});
|
|
344
|
+
}
|
|
345
|
+
// ── SOV-016: No data export or portability mechanism ────────────────────
|
|
346
|
+
const hasDataStorage = /(?:\.save\(|\.insert\(|\.create\(|\.put\(|\.store\(|\.persist\(|\.upsert\(|\.bulkWrite\(|Model\.create|Repository\.save|database|collection\(|table\()/i.test(code);
|
|
347
|
+
const hasDataExport = /(?:export.*data|data.*export|download|dump|backup|migrate|portability|transfer.*out|extract|bulk.*read|getAll|findAll|cursor|stream.*all|paginate.*all|data.?portability|right.?to.?data)/i.test(code);
|
|
348
|
+
const hasExportApi = /(?:\/export|\/download|\/dump|\/backup|\/migrate|\/extract|\/portability|api.*export|export.*endpoint|bulk.*export)/i.test(code);
|
|
349
|
+
if (hasDataStorage && !hasDataExport && !hasExportApi && code.split("\n").length > 30) {
|
|
350
|
+
findings.push({
|
|
351
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
352
|
+
severity: "low",
|
|
353
|
+
title: "Data storage without export or portability mechanism",
|
|
354
|
+
description: "Code stores data but has no visible data export, bulk extraction, or portability mechanism. Without data portability, the organization risks vendor lock-in at the data layer — inability to migrate, audit, or exercise sovereignty over stored data.",
|
|
355
|
+
recommendation: "Implement data export APIs (bulk read, streaming export, backup endpoints). Support standard portable formats (JSON, CSV, Parquet). This satisfies both GDPR Article 20 (right to data portability) and operational sovereignty — the ability to migrate data between systems independently.",
|
|
356
|
+
reference: "Operational Sovereignty / Data Portability / GDPR Art. 20",
|
|
357
|
+
suggestedFix: "Add a data export endpoint: app.get('/api/export/:entity', async (req, res) => { const data = await repository.findAll(); res.json(data); }); — and support CSV/JSON format options.",
|
|
358
|
+
confidence: 0.7,
|
|
359
|
+
isAbsenceBased: true,
|
|
360
|
+
});
|
|
361
|
+
}
|
|
362
|
+
// ═══════════════════════════════════════════════════════════════════════════
|
|
363
|
+
// CATCH-ALL: Sovereignty evidence not explicit
|
|
364
|
+
// ═══════════════════════════════════════════════════════════════════════════
|
|
208
365
|
if (findings.length === 0 && code.length > 0) {
|
|
209
366
|
const hasDataHandling = /(user|customer|personal|profile|account|email|phone|pii|data)/i.test(code);
|
|
210
367
|
if (hasDataHandling) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"data-sovereignty.js","sourceRoot":"","sources":["../../src/evaluators/data-sovereignty.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,sBAAsB,CAAC,IAAY,EAAE,SAAiB;IACpE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,KAAK,CAAC;IACrB,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,MAAM,kBAAkB,GAAa,EAAE,CAAC;IACxC,MAAM,6BAA6B,GAAa,EAAE,CAAC;IACnD,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,qFAAqF;QACrF,IAAI,oCAAoC,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO;QAE/D,IAAI,iDAAiD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACjE,kBAAkB,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACrC,CAAC;QAED,IACE,2EAA2E,CAAC,IAAI,CAAC,IAAI,CAAC;YACtF,CAAC,sDAAsD,CAAC,IAAI,CAAC,IAAI,CAAC,EAClE,CAAC;YACD,6BAA6B,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAChD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,eAAe,GAAG,iFAAiF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAErH,IAAI,6BAA6B,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;QACjE,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,kDAAkD;YACzD,WAAW,EACT,iKAAiK;YACnK,WAAW,EAAE,6BAA6B,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YACvD,cAAc,EACZ,6GAA6G;YAC/G,SAAS,EAAE,4CAA4C;YACvD,YAAY,EACV,0IAA0I;YAC5I,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,sBAAsB,GAAa,EAAE,CAAC;IAC5C,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,oCAAoC,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO;QAC/D,IACE,sFAAsF,CAAC,IAAI,CAAC,IAAI,CAAC;YACjG,CAAC,iEAAiE,CAAC,IAAI,CAAC,IAAI,CAAC,EAC7E,CAAC;YACD,sBAAsB,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACzC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,sBAAsB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,gEAAgE;YACvE,WAAW,EACT,yIAAyI;YAC3I,WAAW,EAAE,sBAAsB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAChD,cAAc,EACZ,sIAAsI;YACxI,SAAS,EAAE,sDAAsD;YACjE,YAAY,EACV,qJAAqJ;YACvJ,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,oCAAoC,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO;QAC/D,IACE,0FAA0F,CAAC,IAAI,CAAC,IAAI,CAAC;YACrG,CAAC,oDAAoD,CAAC,IAAI,CAAC,IAAI,CAAC,EAChE,CAAC;YACD,gBAAgB,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACnC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,wEAAwE;YAC/E,WAAW,EACT,kJAAkJ;YACpJ,WAAW,EAAE,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAC1C,cAAc,EACZ,qGAAqG;YACvG,SAAS,EAAE,qDAAqD;YAChE,YAAY,EACV,gIAAgI;YAClI,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,qFAAqF;QACrF,IAAI,oCAAoC,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO;QAC/D,+EAA+E;QAC/E,IAAI,gGAAgG,CAAC,IAAI,CAAC,IAAI,CAAC;YAC7G,OAAO;QACT,wEAAwE;QACxE,IAAI,0DAA0D,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO;QAClF,2GAA2G;QAC3G,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,0CAA0C,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO;QAC3F,IACE,oEAAoE,CAAC,IAAI,CAAC,IAAI,CAAC;YAC/E,CAAC,mFAAmF,CAAC,IAAI,CAAC,IAAI,CAAC,EAC/F,CAAC;YACD,WAAW,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,qDAAqD;YAC5D,WAAW,EACT,oJAAoJ;YACtJ,WAAW,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YACrC,cAAc,EACZ,qHAAqH;YACvH,SAAS,EAAE,4CAA4C;YACvD,YAAY,EACV,sJAAsJ;YACxJ,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,iBAAiB,GAAG,iEAAiE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvG,MAAM,oBAAoB,GAAG,mEAAmE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE5G,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,IAAI,iBAAiB,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAChF,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,kEAAkE;YACzE,WAAW,EACT,uHAAuH;YACzH,WAAW,EAAE,kBAAkB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAC5C,cAAc,EACZ,uGAAuG;YACzG,SAAS,EAAE,2CAA2C;YACtD,YAAY,EACV,iJAAiJ;YACnJ,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,yDAAyD;IACzD,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,oCAAoC,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO;QAC/D,IACE,uGAAuG,CAAC,IAAI,CAC1G,IAAI,CACL;YACD,CAAC,uCAAuC,CAAC,IAAI,CAAC,IAAI,CAAC,EACnD,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;QAC5C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,iEAAiE;YACxE,WAAW,EACT,oQAAoQ;YACtQ,WAAW,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAClC,cAAc,EACZ,+KAA+K;YACjL,SAAS,EAAE,+DAA+D;YAC1E,YAAY,EACV,oJAAoJ;YACtJ,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,6CAA6C;IAC7C,MAAM,cAAc,GAAa,EAAE,CAAC;IACpC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,oCAAoC,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO;QAC/D,IACE,wKAAwK,CAAC,IAAI,CAC3K,IAAI,CACL;YACD,CAAC,gEAAgE,CAAC,IAAI,CAAC,IAAI,CAAC,EAC5E,CAAC;YACD,cAAc,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACjC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,mDAAmD;YAC1D,WAAW,EACT,oMAAoM;YACtM,WAAW,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YACxC,cAAc,EACZ,qPAAqP;YACvP,SAAS,EAAE,kDAAkD;YAC7D,YAAY,EACV,8JAA8J;YAChK,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,6CAA6C;IAC7C,MAAM,YAAY,GAChB,4HAA4H,CAAC,IAAI,CAC/H,IAAI,CACL,CAAC;IACJ,MAAM,kBAAkB,GACtB,qGAAqG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnH,MAAM,QAAQ,GAAG,+DAA+D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE5F,IAAI,YAAY,IAAI,QAAQ,IAAI,CAAC,kBAAkB,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACpF,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,sDAAsD;YAC7D,WAAW,EACT,gQAAgQ;YAClQ,cAAc,EACZ,0LAA0L;YAC5L,SAAS,EAAE,wDAAwD;YACnE,YAAY,EACV,kHAAkH;YACpH,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,uDAAuD;IACvD,MAAM,qBAAqB,GAAG,sDAAsD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChG,MAAM,mBAAmB,GACvB,2GAA2G,CAAC,IAAI,CAC9G,IAAI,CACL,CAAC;IAEJ,IAAI,qBAAqB,IAAI,CAAC,mBAAmB,IAAI,CAAC,oBAAoB,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC3G,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,sDAAsD;YAC7D,WAAW,EACT,yNAAyN;YAC3N,cAAc,EACZ,kNAAkN;YACpN,SAAS,EAAE,sDAAsD;YACjE,YAAY,EACV,+JAA+J;YACjK,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7C,MAAM,eAAe,GAAG,gEAAgE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpG,IAAI,eAAe,EAAE,CAAC;YACpB,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACvD,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,2CAA2C;gBAClD,WAAW,EACT,mKAAmK;gBACrK,cAAc,EACZ,qGAAqG;gBACvG,SAAS,EAAE,qCAAqC;gBAChD,YAAY,EACV,+IAA+I;gBACjJ,UAAU,EAAE,GAAG;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
1
|
+
{"version":3,"file":"data-sovereignty.js","sourceRoot":"","sources":["../../src/evaluators/data-sovereignty.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,MAAM,UAAU,sBAAsB,CAAC,IAAY,EAAE,SAAiB;IACpE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,KAAK,CAAC;IACrB,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,MAAM,kBAAkB,GAAa,EAAE,CAAC;IACxC,MAAM,6BAA6B,GAAa,EAAE,CAAC;IACnD,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,qFAAqF;QACrF,IAAI,oCAAoC,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO;QAE/D,IAAI,iDAAiD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACjE,kBAAkB,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACrC,CAAC;QAED,IACE,2EAA2E,CAAC,IAAI,CAAC,IAAI,CAAC;YACtF,CAAC,sDAAsD,CAAC,IAAI,CAAC,IAAI,CAAC,EAClE,CAAC;YACD,6BAA6B,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAChD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,eAAe,GAAG,iFAAiF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAErH,IAAI,6BAA6B,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;QACjE,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,kDAAkD;YACzD,WAAW,EACT,iKAAiK;YACnK,WAAW,EAAE,6BAA6B,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YACvD,cAAc,EACZ,6GAA6G;YAC/G,SAAS,EAAE,4CAA4C;YACvD,YAAY,EACV,0IAA0I;YAC5I,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,sBAAsB,GAAa,EAAE,CAAC;IAC5C,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,oCAAoC,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO;QAC/D,IACE,sFAAsF,CAAC,IAAI,CAAC,IAAI,CAAC;YACjG,CAAC,iEAAiE,CAAC,IAAI,CAAC,IAAI,CAAC,EAC7E,CAAC;YACD,sBAAsB,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACzC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,sBAAsB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,gEAAgE;YACvE,WAAW,EACT,yIAAyI;YAC3I,WAAW,EAAE,sBAAsB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAChD,cAAc,EACZ,sIAAsI;YACxI,SAAS,EAAE,sDAAsD;YACjE,YAAY,EACV,qJAAqJ;YACvJ,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,oCAAoC,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO;QAC/D,IACE,0FAA0F,CAAC,IAAI,CAAC,IAAI,CAAC;YACrG,CAAC,oDAAoD,CAAC,IAAI,CAAC,IAAI,CAAC,EAChE,CAAC;YACD,gBAAgB,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACnC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,wEAAwE;YAC/E,WAAW,EACT,kJAAkJ;YACpJ,WAAW,EAAE,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAC1C,cAAc,EACZ,qGAAqG;YACvG,SAAS,EAAE,qDAAqD;YAChE,YAAY,EACV,gIAAgI;YAClI,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,qFAAqF;QACrF,IAAI,oCAAoC,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO;QAC/D,+EAA+E;QAC/E,IAAI,gGAAgG,CAAC,IAAI,CAAC,IAAI,CAAC;YAC7G,OAAO;QACT,wEAAwE;QACxE,IAAI,0DAA0D,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO;QAClF,2GAA2G;QAC3G,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,0CAA0C,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO;QAC3F,IACE,oEAAoE,CAAC,IAAI,CAAC,IAAI,CAAC;YAC/E,CAAC,mFAAmF,CAAC,IAAI,CAAC,IAAI,CAAC,EAC/F,CAAC;YACD,WAAW,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,qDAAqD;YAC5D,WAAW,EACT,oJAAoJ;YACtJ,WAAW,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YACrC,cAAc,EACZ,qHAAqH;YACvH,SAAS,EAAE,4CAA4C;YACvD,YAAY,EACV,sJAAsJ;YACxJ,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,iBAAiB,GAAG,iEAAiE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvG,MAAM,oBAAoB,GAAG,mEAAmE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE5G,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,IAAI,iBAAiB,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAChF,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,kEAAkE;YACzE,WAAW,EACT,uHAAuH;YACzH,WAAW,EAAE,kBAAkB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAC5C,cAAc,EACZ,uGAAuG;YACzG,SAAS,EAAE,2CAA2C;YACtD,YAAY,EACV,iJAAiJ;YACnJ,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,yDAAyD;IACzD,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,oCAAoC,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO;QAC/D,IACE,uGAAuG,CAAC,IAAI,CAC1G,IAAI,CACL;YACD,CAAC,uCAAuC,CAAC,IAAI,CAAC,IAAI,CAAC,EACnD,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;QAC5C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,iEAAiE;YACxE,WAAW,EACT,oQAAoQ;YACtQ,WAAW,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAClC,cAAc,EACZ,+KAA+K;YACjL,SAAS,EAAE,+DAA+D;YAC1E,YAAY,EACV,oJAAoJ;YACtJ,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,6CAA6C;IAC7C,MAAM,cAAc,GAAa,EAAE,CAAC;IACpC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,oCAAoC,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO;QAC/D,IACE,wKAAwK,CAAC,IAAI,CAC3K,IAAI,CACL;YACD,CAAC,gEAAgE,CAAC,IAAI,CAAC,IAAI,CAAC,EAC5E,CAAC;YACD,cAAc,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACjC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,mDAAmD;YAC1D,WAAW,EACT,oMAAoM;YACtM,WAAW,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YACxC,cAAc,EACZ,qPAAqP;YACvP,SAAS,EAAE,kDAAkD;YAC7D,YAAY,EACV,8JAA8J;YAChK,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,6CAA6C;IAC7C,MAAM,YAAY,GAChB,4HAA4H,CAAC,IAAI,CAC/H,IAAI,CACL,CAAC;IACJ,MAAM,kBAAkB,GACtB,qGAAqG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnH,MAAM,QAAQ,GAAG,+DAA+D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE5F,IAAI,YAAY,IAAI,QAAQ,IAAI,CAAC,kBAAkB,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACpF,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,sDAAsD;YAC7D,WAAW,EACT,gQAAgQ;YAClQ,cAAc,EACZ,0LAA0L;YAC5L,SAAS,EAAE,wDAAwD;YACnE,YAAY,EACV,kHAAkH;YACpH,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,uDAAuD;IACvD,MAAM,qBAAqB,GAAG,sDAAsD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChG,MAAM,mBAAmB,GACvB,2GAA2G,CAAC,IAAI,CAC9G,IAAI,CACL,CAAC;IAEJ,IAAI,qBAAqB,IAAI,CAAC,mBAAmB,IAAI,CAAC,oBAAoB,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC3G,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,sDAAsD;YAC7D,WAAW,EACT,yNAAyN;YAC3N,cAAc,EACZ,kNAAkN;YACpN,SAAS,EAAE,sDAAsD;YACjE,YAAY,EACV,+JAA+J;YACjK,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,8EAA8E;IAC9E,4BAA4B;IAC5B,kEAAkE;IAClE,mEAAmE;IACnE,8EAA8E;IAE9E,2EAA2E;IAC3E,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,aAAa,CAAC,OAAO,CAAC;YAAE,OAAO;QACnC,IACE,6KAA6K,CAAC,IAAI,CAChL,IAAI,CACL;YACD,CAAC,uGAAuG,CAAC,IAAI,CAC3G,IAAI,CACL,EACD,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,mDAAmD;YAC1D,WAAW,EACT,oSAAoS;YACtS,WAAW,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAClC,cAAc,EACZ,uMAAuM;YACzM,SAAS,EAAE,6CAA6C;YACxD,YAAY,EACV,oOAAoO;YACtO,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,2EAA2E;IAC3E,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,aAAa,CAAC,OAAO,CAAC;YAAE,OAAO;QACnC,IACE,+ZAA+Z,CAAC,IAAI,CACla,IAAI,CACL;YACD,CAAC,wJAAwJ,CAAC,IAAI,CAC5J,IAAI,CACL,EACD,CAAC;YACD,aAAa,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAChC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,gBAAgB,GACpB,4EAA4E,CAAC,IAAI,CAAC,IAAI,CAAC;QACvF,kDAAkD,CAAC,IAAI,CAAC,IAAI,CAAC;QAC7D,oEAAoE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAElF,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAClD,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,gEAAgE;YACvE,WAAW,EACT,oRAAoR;YACtR,WAAW,EAAE,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YACvC,cAAc,EACZ,0QAA0Q;YAC5Q,SAAS,EAAE,kDAAkD;YAC7D,YAAY,EACV,qLAAqL;YACvL,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,2EAA2E;IAC3E,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,aAAa,CAAC,OAAO,CAAC;YAAE,OAAO;QACnC,IACE,gQAAgQ,CAAC,IAAI,CACnQ,IAAI,CACL;YACD,CAAC,oGAAoG,CAAC,IAAI,CAAC,IAAI,CAAC,EAChH,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,iBAAiB,GACrB,uHAAuH,CAAC,IAAI,CAC1H,IAAI,CACL,CAAC;IAEJ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC9C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,sDAAsD;YAC7D,WAAW,EACT,mUAAmU;YACrU,WAAW,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAClC,cAAc,EACZ,mRAAmR;YACrR,SAAS,EAAE,iDAAiD;YAC5D,YAAY,EACV,2MAA2M;YAC7M,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,8EAA8E;IAC9E,0BAA0B;IAC1B,sEAAsE;IACtE,0EAA0E;IAC1E,8EAA8E;IAE9E,2EAA2E;IAC3E,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,aAAa,CAAC,OAAO,CAAC;YAAE,OAAO;QACnC,IACE,oKAAoK,CAAC,IAAI,CACvK,IAAI,CACL;YACD,CAAC,iIAAiI,CAAC,IAAI,CACrI,IAAI,CACL,EACD,CAAC;YACD,iBAAiB,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACpC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,oBAAoB,GACxB,sLAAsL,CAAC,IAAI,CACzL,IAAI,CACL,CAAC;IAEJ,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,oBAAoB,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC1F,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,kEAAkE;YACzE,WAAW,EACT,8QAA8Q;YAChR,WAAW,EAAE,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAC3C,cAAc,EACZ,8OAA8O;YAChP,SAAS,EAAE,+CAA+C;YAC1D,YAAY,EACV,0NAA0N;YAC5N,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,2EAA2E;IAC3E,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,aAAa,CAAC,OAAO,CAAC;YAAE,OAAO;QACnC,IACE,wSAAwS,CAAC,IAAI,CAC3S,IAAI,CACL;YACD,CAAC,4EAA4E,CAAC,IAAI,CAAC,IAAI,CAAC,EACxF,CAAC;YACD,YAAY,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,eAAe,GACnB,6IAA6I,CAAC,IAAI,CAChJ,IAAI,CACL,CAAC;IAEJ,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAChF,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,+CAA+C;YACtD,WAAW,EACT,0RAA0R;YAC5R,WAAW,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YACtC,cAAc,EACZ,kPAAkP;YACpP,SAAS,EAAE,oDAAoD;YAC/D,YAAY,EACV,+LAA+L;YACjM,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,2EAA2E;IAC3E,MAAM,cAAc,GAClB,yJAAyJ,CAAC,IAAI,CAC5J,IAAI,CACL,CAAC;IACJ,MAAM,aAAa,GACjB,4LAA4L,CAAC,IAAI,CAC/L,IAAI,CACL,CAAC;IACJ,MAAM,YAAY,GAChB,sHAAsH,CAAC,IAAI,CACzH,IAAI,CACL,CAAC;IAEJ,IAAI,cAAc,IAAI,CAAC,aAAa,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACtF,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,sDAAsD;YAC7D,WAAW,EACT,wPAAwP;YAC1P,cAAc,EACZ,8RAA8R;YAChS,SAAS,EAAE,2DAA2D;YACtE,YAAY,EACV,sLAAsL;YACxL,UAAU,EAAE,GAAG;YACf,cAAc,EAAE,IAAI;SACrB,CAAC,CAAC;IACL,CAAC;IAED,8EAA8E;IAC9E,+CAA+C;IAC/C,8EAA8E;IAE9E,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7C,MAAM,eAAe,GAAG,gEAAgE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpG,IAAI,eAAe,EAAE,CAAC;YACpB,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACvD,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,2CAA2C;gBAClD,WAAW,EACT,mKAAmK;gBACrK,cAAc,EACZ,qGAAqG;gBACvG,SAAS,EAAE,qCAAqC;gBAChD,YAAY,EACV,+IAA+I;gBACjJ,UAAU,EAAE,GAAG;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -295,7 +295,7 @@ export function analyzeIacSecurity(code, language) {
|
|
|
295
295
|
return code.slice(0, idx).split("\n").length;
|
|
296
296
|
});
|
|
297
297
|
findings.push({
|
|
298
|
-
ruleId: `${prefix}-${String(ruleNum
|
|
298
|
+
ruleId: `${prefix}-${String(ruleNum).padStart(3, "0")}`,
|
|
299
299
|
severity: "critical",
|
|
300
300
|
title: "ARM template secret parameter has default value",
|
|
301
301
|
description: "Sensitive parameters (passwords, keys) have hardcoded default values in the ARM template. Default values are stored in the template file and visible in version control.",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iac-security.js","sourceRoot":"","sources":["../../src/evaluators/iac-security.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAChF,OAAO,KAAK,EAAE,MAAM,yBAAyB,CAAC;AAE9C;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAY,EAAE,QAAgB;IAC/D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,MAAM,GAAG,KAAK,CAAC;IACrB,MAAM,IAAI,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAErC,kCAAkC;IAClC,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC;QAAE,OAAO,QAAQ,CAAC;IAErC,yEAAyE;IACzE,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,oBAAoB,CAAC,CAAC;IAChF,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,0CAA0C;YACjD,WAAW,EACT,qKAAqK;YACvK,WAAW,EAAE,WAAW;YACxB,cAAc,EACZ,mMAAmM;YACrM,SAAS,EAAE,mCAAmC;YAC9C,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,6GAA6G;gBAC/G,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,iHAAiH;oBACnH,CAAC,CAAC,mHAAmH;YAC3H,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,MAAM,eAAe,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,sBAAsB,CAAC,CAAC;IACtF,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,6BAA6B;YACpC,WAAW,EACT,yKAAyK;YAC3K,WAAW,EAAE,eAAe;YAC5B,cAAc,EACZ,qKAAqK;YACvK,SAAS,EAAE,6CAA6C;YACxD,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,2FAA2F;gBAC7F,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,uEAAuE;oBACzE,CAAC,CAAC,yEAAyE;YACjF,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,MAAM,UAAU,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC;IAC5E,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,wBAAwB;YAC/B,WAAW,EACT,oLAAoL;YACtL,WAAW,EAAE,UAAU;YACvB,cAAc,EACZ,kHAAkH;YACpH,SAAS,EAAE,oDAAoD;YAC/D,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,2DAA2D;gBAC7D,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,mDAAmD;oBACrD,CAAC,CAAC,qEAAqE;YAC7E,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,MAAM,iBAAiB,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC;IACnF,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,mCAAmC;YAC1C,WAAW,EACT,sJAAsJ;YACxJ,WAAW,EAAE,iBAAiB;YAC9B,cAAc,EACZ,sJAAsJ;YACxJ,SAAS,EAAE,qDAAqD;YAChE,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,+EAA+E;gBACjF,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,4EAA4E;oBAC9E,CAAC,CAAC,iFAAiF;YACzF,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,MAAM,YAAY,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC;IAC7E,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,yDAAyD;YAChE,WAAW,EACT,2LAA2L;YAC7L,WAAW,EAAE,YAAY;YACzB,cAAc,EACZ,iKAAiK;YACnK,SAAS,EAAE,wCAAwC;YACnD,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,2FAA2F;gBAC7F,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,sFAAsF;oBACxF,CAAC,CAAC,+DAA+D;YACvE,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,sBAAsB,CAAC,CAAC;IAC/E,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,uCAAuC;YAC9C,WAAW,EACT,oLAAoL;YACtL,WAAW,EAAE,QAAQ;YACrB,cAAc,EACZ,yKAAyK;YAC3K,SAAS,EAAE,6CAA6C;YACxD,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,wGAAwG;gBAC1G,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,mFAAmF;oBACrF,CAAC,CAAC,4DAA4D;YACpE,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,MAAM,YAAY,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,mBAAmB,CAAC,CAAC;IAChF,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,gCAAgC;YACvC,WAAW,EACT,gLAAgL;YAClL,WAAW,EAAE,YAAY;YACzB,cAAc,EACZ,6JAA6J;YAC/J,SAAS,EAAE,qCAAqC;YAChD,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,uFAAuF;gBACzF,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,uGAAuG;oBACzG,CAAC,CAAC,+FAA+F;YACvG,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,0EAA0E;IAC1E,MAAM,aAAa,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,sBAAsB,CAAC,CAAC;IACpF,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,6BAA6B;YACpC,WAAW,EACT,kLAAkL;YACpL,WAAW,EAAE,aAAa;YAC1B,cAAc,EACZ,2LAA2L;YAC7L,SAAS,EAAE,sCAAsC;YACjD,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,wGAAwG;gBAC1G,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,+GAA+G;oBACjH,CAAC,CAAC,gGAAgG;YACxG,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,MAAM,oBAAoB,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,oBAAoB,CAAC,CAAC;IACzF,IAAI,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,iCAAiC;YACxC,WAAW,EACT,uJAAuJ;YACzJ,WAAW,EAAE,oBAAoB;YACjC,cAAc,EACZ,qHAAqH;YACvH,SAAS,EAAE,6CAA6C;YACxD,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,gEAAgE;gBAClE,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,6BAA6B;oBAC/B,CAAC,CAAC,+BAA+B;YACvC,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC;IAC9E,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,sCAAsC;YAC7C,WAAW,EACT,yJAAyJ;YAC3J,WAAW,EAAE,WAAW;YACxB,cAAc,EACZ,uJAAuJ;YACzJ,SAAS,EAAE,kCAAkC;YAC7C,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,2EAA2E;gBAC7E,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,8EAA8E;oBAChF,CAAC,CAAC,mEAAmE;YAC3E,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,MAAM,aAAa,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC;IAC9E,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9D,sFAAsF;QACtF,uEAAuE;QACvE,MAAM,mBAAmB,GAAG,sEAAsE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9G,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACzD,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,sCAAsC;gBAC7C,WAAW,EACT,mIAAmI;gBACrI,cAAc,EACZ,4KAA4K;gBAC9K,SAAS,EAAE,uCAAuC;gBAClD,UAAU,EAAE,GAAG;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;QACzB,MAAM,oBAAoB,GAAG,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnE,MAAM,WAAW,GAAG,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,IAAI,WAAW,IAAI,CAAC,oBAAoB,EAAE,CAAC;YACzC,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,EAAE,0BAA0B,CAAC,CAAC;YACvE,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACzD,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,kCAAkC;gBACzC,WAAW,EACT,yJAAyJ;gBAC3J,WAAW,EAAE,aAAa;gBAC1B,cAAc,EACZ,8GAA8G;gBAChH,SAAS,EAAE,wDAAwD;gBACnE,YAAY,EACV,2GAA2G;gBAC7G,UAAU,EAAE,GAAG;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;QACzB,MAAM,UAAU,GAAG,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxD,MAAM,iBAAiB,GAAG,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,IAAI,iBAAiB,IAAI,CAAC,UAAU,EAAE,CAAC;YACrC,MAAM,cAAc,GAAG,cAAc,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;YAC/D,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACzD,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,8BAA8B;gBACrC,WAAW,EACT,6HAA6H;gBAC/H,WAAW,EAAE,cAAc;gBAC3B,cAAc,EACZ,uHAAuH;gBACzH,SAAS,EAAE,wCAAwC;gBACnD,YAAY,EACV,4IAA4I;gBAC9I,UAAU,EAAE,GAAG;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3C,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YAC3B,IAAI,wEAAwE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxF,4CAA4C;gBAC5C,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChD,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAClC,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;wBACzD,QAAQ,EAAE,MAAM;wBAChB,KAAK,EAAE,iDAAiD;wBACxD,WAAW,EAAE,qBAAqB,CAAC,GAAG,CAAC,2KAA2K;wBAClN,WAAW,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC;wBACpB,cAAc,EAAE,4EAA4E;wBAC5F,SAAS,EAAE,yCAAyC;wBACpD,YAAY,EAAE,2EAA2E,IAAI,CAAC,IAAI,EAAE,KAAK;wBACzG,UAAU,EAAE,GAAG;qBAChB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;QACnB,oFAAoF;QACpF,MAAM,kBAAkB,GACtB,uGAAuG,CAAC;QAC1G,MAAM,OAAO,GAAG,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CAAC;QACvD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;gBACjC,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;gBACzB,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAC/C,CAAC,CAAC,CAAC;YACH,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,
|
|
1
|
+
{"version":3,"file":"iac-security.js","sourceRoot":"","sources":["../../src/evaluators/iac-security.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAChF,OAAO,KAAK,EAAE,MAAM,yBAAyB,CAAC;AAE9C;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAY,EAAE,QAAgB;IAC/D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,MAAM,GAAG,KAAK,CAAC;IACrB,MAAM,IAAI,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAErC,kCAAkC;IAClC,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC;QAAE,OAAO,QAAQ,CAAC;IAErC,yEAAyE;IACzE,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,oBAAoB,CAAC,CAAC;IAChF,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,0CAA0C;YACjD,WAAW,EACT,qKAAqK;YACvK,WAAW,EAAE,WAAW;YACxB,cAAc,EACZ,mMAAmM;YACrM,SAAS,EAAE,mCAAmC;YAC9C,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,6GAA6G;gBAC/G,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,iHAAiH;oBACnH,CAAC,CAAC,mHAAmH;YAC3H,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,MAAM,eAAe,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,sBAAsB,CAAC,CAAC;IACtF,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,6BAA6B;YACpC,WAAW,EACT,yKAAyK;YAC3K,WAAW,EAAE,eAAe;YAC5B,cAAc,EACZ,qKAAqK;YACvK,SAAS,EAAE,6CAA6C;YACxD,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,2FAA2F;gBAC7F,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,uEAAuE;oBACzE,CAAC,CAAC,yEAAyE;YACjF,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,MAAM,UAAU,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC;IAC5E,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,wBAAwB;YAC/B,WAAW,EACT,oLAAoL;YACtL,WAAW,EAAE,UAAU;YACvB,cAAc,EACZ,kHAAkH;YACpH,SAAS,EAAE,oDAAoD;YAC/D,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,2DAA2D;gBAC7D,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,mDAAmD;oBACrD,CAAC,CAAC,qEAAqE;YAC7E,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,MAAM,iBAAiB,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC;IACnF,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,mCAAmC;YAC1C,WAAW,EACT,sJAAsJ;YACxJ,WAAW,EAAE,iBAAiB;YAC9B,cAAc,EACZ,sJAAsJ;YACxJ,SAAS,EAAE,qDAAqD;YAChE,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,+EAA+E;gBACjF,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,4EAA4E;oBAC9E,CAAC,CAAC,iFAAiF;YACzF,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,MAAM,YAAY,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC;IAC7E,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,yDAAyD;YAChE,WAAW,EACT,2LAA2L;YAC7L,WAAW,EAAE,YAAY;YACzB,cAAc,EACZ,iKAAiK;YACnK,SAAS,EAAE,wCAAwC;YACnD,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,2FAA2F;gBAC7F,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,sFAAsF;oBACxF,CAAC,CAAC,+DAA+D;YACvE,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,sBAAsB,CAAC,CAAC;IAC/E,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,uCAAuC;YAC9C,WAAW,EACT,oLAAoL;YACtL,WAAW,EAAE,QAAQ;YACrB,cAAc,EACZ,yKAAyK;YAC3K,SAAS,EAAE,6CAA6C;YACxD,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,wGAAwG;gBAC1G,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,mFAAmF;oBACrF,CAAC,CAAC,4DAA4D;YACpE,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,MAAM,YAAY,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,mBAAmB,CAAC,CAAC;IAChF,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,gCAAgC;YACvC,WAAW,EACT,gLAAgL;YAClL,WAAW,EAAE,YAAY;YACzB,cAAc,EACZ,6JAA6J;YAC/J,SAAS,EAAE,qCAAqC;YAChD,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,uFAAuF;gBACzF,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,uGAAuG;oBACzG,CAAC,CAAC,+FAA+F;YACvG,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,0EAA0E;IAC1E,MAAM,aAAa,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,sBAAsB,CAAC,CAAC;IACpF,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,6BAA6B;YACpC,WAAW,EACT,kLAAkL;YACpL,WAAW,EAAE,aAAa;YAC1B,cAAc,EACZ,2LAA2L;YAC7L,SAAS,EAAE,sCAAsC;YACjD,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,wGAAwG;gBAC1G,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,+GAA+G;oBACjH,CAAC,CAAC,gGAAgG;YACxG,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,MAAM,oBAAoB,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,oBAAoB,CAAC,CAAC;IACzF,IAAI,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,iCAAiC;YACxC,WAAW,EACT,uJAAuJ;YACzJ,WAAW,EAAE,oBAAoB;YACjC,cAAc,EACZ,qHAAqH;YACvH,SAAS,EAAE,6CAA6C;YACxD,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,gEAAgE;gBAClE,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,6BAA6B;oBAC/B,CAAC,CAAC,+BAA+B;YACvC,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,kBAAkB,CAAC,CAAC;IAC9E,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,sCAAsC;YAC7C,WAAW,EACT,yJAAyJ;YAC3J,WAAW,EAAE,WAAW;YACxB,cAAc,EACZ,uJAAuJ;YACzJ,SAAS,EAAE,kCAAkC;YAC7C,YAAY,EACV,IAAI,KAAK,WAAW;gBAClB,CAAC,CAAC,2EAA2E;gBAC7E,CAAC,CAAC,IAAI,KAAK,OAAO;oBAChB,CAAC,CAAC,8EAA8E;oBAChF,CAAC,CAAC,mEAAmE;YAC3E,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;IACL,CAAC;IAED,yEAAyE;IACzE,MAAM,aAAa,GAAG,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC;IAC9E,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9D,sFAAsF;QACtF,uEAAuE;QACvE,MAAM,mBAAmB,GAAG,sEAAsE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9G,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACzD,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,sCAAsC;gBAC7C,WAAW,EACT,mIAAmI;gBACrI,cAAc,EACZ,4KAA4K;gBAC9K,SAAS,EAAE,uCAAuC;gBAClD,UAAU,EAAE,GAAG;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;QACzB,MAAM,oBAAoB,GAAG,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnE,MAAM,WAAW,GAAG,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,IAAI,WAAW,IAAI,CAAC,oBAAoB,EAAE,CAAC;YACzC,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,EAAE,0BAA0B,CAAC,CAAC;YACvE,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACzD,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,kCAAkC;gBACzC,WAAW,EACT,yJAAyJ;gBAC3J,WAAW,EAAE,aAAa;gBAC1B,cAAc,EACZ,8GAA8G;gBAChH,SAAS,EAAE,wDAAwD;gBACnE,YAAY,EACV,2GAA2G;gBAC7G,UAAU,EAAE,GAAG;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;QACzB,MAAM,UAAU,GAAG,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxD,MAAM,iBAAiB,GAAG,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,IAAI,iBAAiB,IAAI,CAAC,UAAU,EAAE,CAAC;YACrC,MAAM,cAAc,GAAG,cAAc,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;YAC/D,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACzD,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,8BAA8B;gBACrC,WAAW,EACT,6HAA6H;gBAC/H,WAAW,EAAE,cAAc;gBAC3B,cAAc,EACZ,uHAAuH;gBACzH,SAAS,EAAE,wCAAwC;gBACnD,YAAY,EACV,4IAA4I;gBAC9I,UAAU,EAAE,GAAG;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3C,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YAC3B,IAAI,wEAAwE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxF,4CAA4C;gBAC5C,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChD,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAClC,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;wBACzD,QAAQ,EAAE,MAAM;wBAChB,KAAK,EAAE,iDAAiD;wBACxD,WAAW,EAAE,qBAAqB,CAAC,GAAG,CAAC,2KAA2K;wBAClN,WAAW,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC;wBACpB,cAAc,EAAE,4EAA4E;wBAC5F,SAAS,EAAE,yCAAyC;wBACpD,YAAY,EAAE,2EAA2E,IAAI,CAAC,IAAI,EAAE,KAAK;wBACzG,UAAU,EAAE,GAAG;qBAChB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;QACnB,oFAAoF;QACpF,MAAM,kBAAkB,GACtB,uGAAuG,CAAC;QAC1G,MAAM,OAAO,GAAG,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CAAC;QACvD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;gBACjC,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;gBACzB,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAC/C,CAAC,CAAC,CAAC;YACH,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACvD,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,iDAAiD;gBACxD,WAAW,EACT,0KAA0K;gBAC5K,WAAW,EAAE,QAAQ;gBACrB,cAAc,EACZ,+IAA+I;gBACjJ,SAAS,EAAE,gDAAgD;gBAC3D,YAAY,EACV,8IAA8I;gBAChJ,UAAU,EAAE,IAAI;aACjB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"data-sovereignty.d.ts","sourceRoot":"","sources":["../../src/judges/data-sovereignty.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,oBAAoB,EAAE,
|
|
1
|
+
{"version":3,"file":"data-sovereignty.d.ts","sourceRoot":"","sources":["../../src/judges/data-sovereignty.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,oBAAoB,EAAE,eAiDlC,CAAC"}
|
|
@@ -1,12 +1,14 @@
|
|
|
1
1
|
export const dataSovereigntyJudge = {
|
|
2
2
|
id: "data-sovereignty",
|
|
3
|
-
name: "Judge
|
|
4
|
-
domain: "Data
|
|
5
|
-
description: "Evaluates code for data residency enforcement, cross-border transfer controls,
|
|
3
|
+
name: "Judge Sovereignty",
|
|
4
|
+
domain: "Data, Technological & Operational Sovereignty",
|
|
5
|
+
description: "Evaluates code for data residency enforcement, cross-border transfer controls, jurisdiction-aware data handling, vendor independence (technological sovereignty), and operational self-governance (audit trails, resilience, data portability).",
|
|
6
6
|
rulePrefix: "SOV",
|
|
7
|
-
systemPrompt: `You are Judge
|
|
7
|
+
systemPrompt: `You are Judge Sovereignty — a specialist in data residency, cross-border data transfer controls, jurisdictional compliance, cloud architecture governance, technological independence, and operational self-governance.
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
You evaluate code across THREE sovereignty pillars:
|
|
10
|
+
|
|
11
|
+
═══ PILLAR 1: DATA SOVEREIGNTY ═══
|
|
10
12
|
1. **Data Residency Enforcement**: Are region choices explicit and constrained? Is storage pinned to approved jurisdictions (e.g., EU-only, US-only)?
|
|
11
13
|
2. **Cross-Border Transfer Controls**: Are outbound data flows to third-party APIs/services controlled and restricted by jurisdiction?
|
|
12
14
|
3. **Transfer Mechanisms**: Where cross-border transfer is required, are lawful mechanisms and safeguards represented (SCCs, adequacy assumptions, contractual controls)?
|
|
@@ -18,17 +20,31 @@ YOUR EVALUATION CRITERIA:
|
|
|
18
20
|
9. **Data Egress Guardrails**: Are there controls that prevent accidental export (logs, telemetry, exports, support tooling)?
|
|
19
21
|
10. **Evidence and Auditability**: Are controls observable and auditable (region tags, policy checks, alerts, deployment guardrails)?
|
|
20
22
|
|
|
23
|
+
═══ PILLAR 2: TECHNOLOGICAL SOVEREIGNTY ═══
|
|
24
|
+
11. **Cryptographic Key Sovereignty**: Are encryption keys controlled by the organization (BYOK, CMK, HSM import) rather than solely vendor-managed?
|
|
25
|
+
12. **AI/ML Model Portability**: Are AI/ML integrations abstracted to allow model swapping, or tightly coupled to a single vendor's platform?
|
|
26
|
+
13. **Identity Provider Independence**: Is authentication federated via open standards (OIDC, SAML) or locked to a single vendor's identity service?
|
|
27
|
+
14. **Open Standards Adoption**: Does code favor open protocols (AMQP, MQTT, gRPC, OpenTelemetry) over proprietary alternatives?
|
|
28
|
+
15. **Supply Chain Sovereignty**: Are dependencies sourced from trusted, auditable registries with mirroring capability?
|
|
29
|
+
|
|
30
|
+
═══ PILLAR 3: OPERATIONAL SOVEREIGNTY ═══
|
|
31
|
+
16. **Resilience and Autonomous Operation**: Are external dependencies wrapped with circuit breakers, timeouts, and fallback strategies for autonomous operation during outages?
|
|
32
|
+
17. **Audit Trail Completeness**: Are administrative and destructive operations logged to a tamper-evident audit trail with actor, action, resource, and timestamp?
|
|
33
|
+
18. **Data Portability and Exit Strategy**: Can stored data be exported, migrated, or transferred in standard portable formats?
|
|
34
|
+
19. **Incident Response Capability**: Does code include structured error classification, alerting hooks, and incident metadata for independent incident management?
|
|
35
|
+
20. **Operational Observability Ownership**: Are logs, metrics, and traces under organizational control (self-hosted or sovereign cloud) rather than exclusively routed to foreign SaaS?
|
|
36
|
+
|
|
21
37
|
RULES FOR YOUR EVALUATION:
|
|
22
38
|
- Assign rule IDs with prefix "SOV-" (e.g. SOV-001).
|
|
23
|
-
- Flag both code-level and architecture-level sovereignty risks.
|
|
39
|
+
- Flag both code-level and architecture-level sovereignty risks across all three pillars.
|
|
24
40
|
- Distinguish between hard violations (critical/high) and weak governance posture (medium/low).
|
|
25
|
-
- Recommend concrete remediations: region pinning,
|
|
26
|
-
- Score from 0-100 where 100 means strong sovereignty posture.
|
|
41
|
+
- Recommend concrete remediations: region pinning, BYOK, provider abstraction, circuit breakers, audit logging, and data export APIs.
|
|
42
|
+
- Score from 0-100 where 100 means strong sovereignty posture across data, technology, and operations.
|
|
27
43
|
|
|
28
44
|
ADVERSARIAL MANDATE:
|
|
29
45
|
- Your role is adversarial: assume sovereignty controls are missing unless explicitly shown.
|
|
30
46
|
- Never praise or compliment the code. Report only gaps, risks, and deficiencies.
|
|
31
|
-
- If uncertain, flag potential
|
|
47
|
+
- If uncertain, flag potential sovereignty exposure and explain the assumption.
|
|
32
48
|
- Absence of findings does not prove sovereignty compliance. State this explicitly.`,
|
|
33
49
|
};
|
|
34
50
|
//# sourceMappingURL=data-sovereignty.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"data-sovereignty.js","sourceRoot":"","sources":["../../src/judges/data-sovereignty.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,oBAAoB,GAAoB;IACnD,EAAE,EAAE,kBAAkB;IACtB,IAAI,EAAE,
|
|
1
|
+
{"version":3,"file":"data-sovereignty.js","sourceRoot":"","sources":["../../src/judges/data-sovereignty.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,oBAAoB,GAAoB;IACnD,EAAE,EAAE,kBAAkB;IACtB,IAAI,EAAE,mBAAmB;IACzB,MAAM,EAAE,+CAA+C;IACvD,WAAW,EACT,iPAAiP;IACnP,UAAU,EAAE,KAAK;IACjB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oFAyCoE;CACnF,CAAC"}
|
package/package.json
CHANGED