@kevinrabun/judges 3.34.1 → 3.35.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +18 -0
- package/README.md +2 -2
- package/dist/dedup.d.ts.map +1 -1
- package/dist/dedup.js +37 -0
- package/dist/dedup.js.map +1 -1
- package/dist/evaluators/framework-safety.d.ts.map +1 -1
- package/dist/evaluators/framework-safety.js +268 -0
- package/dist/evaluators/framework-safety.js.map +1 -1
- package/dist/finding-lifecycle.d.ts +44 -0
- package/dist/finding-lifecycle.d.ts.map +1 -1
- package/dist/finding-lifecycle.js +125 -0
- package/dist/finding-lifecycle.js.map +1 -1
- package/dist/judges/framework-safety.d.ts.map +1 -1
- package/dist/judges/framework-safety.js +12 -6
- package/dist/judges/framework-safety.js.map +1 -1
- package/dist/patches/index.d.ts.map +1 -1
- package/dist/patches/index.js +227 -0
- package/dist/patches/index.js.map +1 -1
- package/dist/tools/register-review.d.ts +7 -0
- package/dist/tools/register-review.d.ts.map +1 -0
- package/dist/tools/register-review.js +372 -0
- package/dist/tools/register-review.js.map +1 -0
- package/dist/tools/register-workflow.d.ts.map +1 -1
- package/dist/tools/register-workflow.js +73 -1
- package/dist/tools/register-workflow.js.map +1 -1
- package/dist/tools/register.d.ts +1 -1
- package/dist/tools/register.d.ts.map +1 -1
- package/dist/tools/register.js +3 -1
- package/dist/tools/register.js.map +1 -1
- package/package.json +1 -1
- package/server.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,24 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to **@kevinrabun/judges** are documented here.
|
|
4
4
|
|
|
5
|
+
## [3.35.0] — 2026-03-10
|
|
6
|
+
|
|
7
|
+
### Added
|
|
8
|
+
- **Dedup: 12 new topic patterns** — timing-attack, ssrf, mass-assignment, insecure-deserialization, info-disclosure, denial-of-service, file-upload-security, missing-access-control, hardcoded-config, unsafe-html-render, a11y-violation — eliminates duplicate findings across judges
|
|
9
|
+
- **Auto-fix: 10 new multi-line patch rules** — timing-safe comparison (`crypto.timingSafeEqual`), path traversal prevention, hardcoded secrets → env vars, open redirect validation, SSRF URL allowlist, insecure cookies, Java SQL injection (→ `PreparedStatement`), Python f-string SQL (→ parameterized), CSP header insertion, C# SQL injection (→ `SqlParameter`)
|
|
10
|
+
- **Framework judges: 17 new patterns** — Django (5: SESSION_COOKIE_SECURE, SECURE_SSL_REDIRECT, mark_safe, FILE_UPLOAD_PERMISSIONS, locals/globals in render), Flask (2: send_file path traversal, session without SECRET_KEY), Spring Boot (5: @RequestBody without @Valid, permitAll on sensitive paths, Jackson default typing, hardcoded credentials, logging sensitive data), ASP.NET Core (5: missing UseHttpsRedirection, mass assignment model binding, string interpolation in ILogger, ProblemDetails with exception message, missing [Authorize] on [ApiController])
|
|
11
|
+
- **Suppression analytics** — `getSuppressionAnalytics()` and `formatSuppressionAnalytics()` functions for analyzing FP rates by rule, suppression rates by judge, auto-suppress candidates, and actionable tuning recommendations
|
|
12
|
+
- **5 new MCP tools for conversational review:**
|
|
13
|
+
- `explain_finding` — plain-language explanation with OWASP/CWE references and remediation guidance
|
|
14
|
+
- `triage_finding` — set triage status (accepted-risk, deferred, wont-fix, false-positive) with attribution
|
|
15
|
+
- `get_finding_stats` — lifecycle statistics: open, fixed, triaged counts with trends
|
|
16
|
+
- `get_suppression_analytics` — FP rates, auto-suppress candidates, per-judge analytics
|
|
17
|
+
- `list_triaged_findings` — browse triaged findings with optional status filter
|
|
18
|
+
- **Benchmark dashboard MCP tool** — `run_benchmark` returns full dashboard with per-judge, per-category, per-difficulty breakdowns in markdown, JSON, or summary format
|
|
19
|
+
|
|
20
|
+
### Tests
|
|
21
|
+
- 1,075 tests pass across 217 suites
|
|
22
|
+
|
|
5
23
|
## [3.34.1] — 2026-03-10
|
|
6
24
|
|
|
7
25
|
### Fixed
|
package/README.md
CHANGED
|
@@ -656,7 +656,7 @@ const svg2 = generateBadgeSvg(75, "quality"); // custom label
|
|
|
656
656
|
| **Code Structure** | Structural Analysis | `STRUCT-` | Cyclomatic complexity, nesting depth, function length, dead code, type safety |
|
|
657
657
|
| **Agent Instructions** | Agent Instruction Markdown Quality & Safety | `AGENT-` | Instruction hierarchy, conflict detection, unsafe overrides, scope, validation, policy guidance |
|
|
658
658
|
| **AI Code Safety** | AI-Generated Code Quality & Security | `AICS-` | Prompt injection, insecure LLM output handling, debug defaults, missing validation, unsafe deserialization of AI responses |
|
|
659
|
-
| **Framework Safety** | Framework-Specific Security & Best Practices | `FW-` | React hooks ordering, Express middleware chains, Next.js SSR/SSG pitfalls, Angular/Vue lifecycle patterns,
|
|
659
|
+
| **Framework Safety** | Framework-Specific Security & Best Practices | `FW-` | React hooks ordering, Express middleware chains, Next.js SSR/SSG pitfalls, Angular/Vue lifecycle patterns, Django/Flask/FastAPI safety, Spring Boot security, ASP.NET Core auth & CORS, Go Gin/Echo/Fiber patterns |
|
|
660
660
|
| **IaC Security** | Infrastructure as Code | `IAC-` | Terraform, Bicep, ARM template misconfigurations, hardcoded secrets, missing encryption, overly permissive network/IAM rules |
|
|
661
661
|
| **Security** | General Security Posture | `SEC-` | Holistic security assessment — insecure data flows, weak cryptography, unsafe deserialization |
|
|
662
662
|
| **Hallucination Detection** | AI-Hallucinated API & Import Validation | `HALLU-` | Detects hallucinated APIs, fabricated imports, and non-existent modules from AI code generators |
|
|
@@ -990,7 +990,7 @@ Each judge has a corresponding prompt for LLM-powered deep analysis:
|
|
|
990
990
|
| `judge-code-structure` | Deep AST-based structural analysis review |
|
|
991
991
|
| `judge-agent-instructions` | Deep review of agent instruction markdown quality and safety |
|
|
992
992
|
| `judge-ai-code-safety` | Deep review of AI-generated code risks: prompt injection, insecure LLM output handling, debug defaults, missing validation |
|
|
993
|
-
| `judge-framework-safety` | Deep review of framework-specific safety: React hooks, Express middleware, Next.js SSR/SSG, Angular/Vue
|
|
993
|
+
| `judge-framework-safety` | Deep review of framework-specific safety: React hooks, Express middleware, Next.js SSR/SSG, Angular/Vue, Django, Spring Boot, ASP.NET Core, Flask, FastAPI, Go frameworks |
|
|
994
994
|
| `judge-iac-security` | Deep review of infrastructure-as-code security: Terraform, Bicep, ARM template misconfigurations |
|
|
995
995
|
| `judge-security` | Deep holistic security posture review: insecure data flows, weak cryptography, unsafe deserialization |
|
|
996
996
|
| `judge-hallucination-detection` | Deep review of AI-hallucinated APIs, fabricated imports, non-existent modules |
|
package/dist/dedup.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dedup.d.ts","sourceRoot":"","sources":["../src/dedup.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAIpD,wBAAgB,YAAY,CAAC,QAAQ,EAAE,QAAQ,GAAG,MAAM,CAevD;
|
|
1
|
+
{"version":3,"file":"dedup.d.ts","sourceRoot":"","sources":["../src/dedup.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAIpD,wBAAgB,YAAY,CAAC,QAAQ,EAAE,QAAQ,GAAG,MAAM,CAevD;AAqND;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,OAAO,EAAE,CAqHlE;AAID;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,cAAc,CAAC,YAAY,EAAE,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,OAAO,EAAE,CAAA;CAAE,CAAC,GAAG,OAAO,EAAE,CAyEpG;AAID;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,mEAAmE;IACnE,WAAW,EAAE,OAAO,EAAE,CAAC;IACvB,iEAAiE;IACjE,aAAa,EAAE,OAAO,EAAE,CAAC;IACzB,oCAAoC;IACpC,iBAAiB,EAAE,OAAO,EAAE,CAAC;IAC7B,yBAAyB;IACzB,KAAK,EAAE;QACL,aAAa,EAAE,MAAM,CAAC;QACtB,YAAY,EAAE,MAAM,CAAC;QACrB,QAAQ,EAAE,MAAM,CAAC;QACjB,UAAU,EAAE,MAAM,CAAC;QACnB,cAAc,EAAE,MAAM,CAAC;QACvB,qEAAqE;QACrE,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAYD;;;;;;;;GAQG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,WAAW,CA0CpG;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,WAAW,GAAG,MAAM,CAwC3D;AAID,MAAM,WAAW,oBAAoB;IACnC,6GAA6G;IAC7G,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,sGAAsG;IACtG,sBAAsB,CAAC,EAAE,OAAO,CAAC;CAClC;AAED,MAAM,WAAW,mBAAmB;IAClC,+DAA+D;IAC/D,MAAM,EAAE,OAAO,CAAC;IAChB,oFAAoF;IACpF,QAAQ,EAAE,MAAM,CAAC;IACjB,wCAAwC;IACxC,UAAU,EAAE,MAAM,CAAC;IACnB,2CAA2C;IAC3C,QAAQ,EAAE,MAAM,CAAC;IACjB,iFAAiF;IACjF,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;GAOG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,EAAE,oBAAoB,GAAG,mBAAmB,CAgC5G"}
|
package/dist/dedup.js
CHANGED
|
@@ -107,6 +107,43 @@ const DEDUP_TOPIC_PATTERNS = [
|
|
|
107
107
|
// Error handling
|
|
108
108
|
[/(?:unchecked|unhandled)\s*(?:error|exception|rejection|promise)/i, "unhandled-error"],
|
|
109
109
|
[/(?:generic|bare)\s*(?:catch|except)|catch.*(?:Exception|Error)\s*[^a-z]/i, "generic-catch"],
|
|
110
|
+
// ── Cross-judge dedup gaps (v3.35.0) ──────────────────────────────────────
|
|
111
|
+
// Timing & side-channel
|
|
112
|
+
[
|
|
113
|
+
/(?:non.?constant.?time|timing.?(?:attack|unsafe|side)).*(?:compar|secret|token|crypt)|constant.?time.*compar/i,
|
|
114
|
+
"timing-attack",
|
|
115
|
+
],
|
|
116
|
+
// Network & SSRF
|
|
117
|
+
[/ssrf|server.?side\s*request\s*forg|url.*(?:user|unvalidat|whitelist)/i, "ssrf"],
|
|
118
|
+
// Mass assignment / over-posting
|
|
119
|
+
[/mass\s*assign|over.?post|bulk\s*assign|whitelist.*(?:field|param|attr)/i, "mass-assignment"],
|
|
120
|
+
// Deserialization
|
|
121
|
+
[
|
|
122
|
+
/(?:insecure|unsafe)\s*deserialization|deserialization.*(?:attack|untrusted|remote)|pickle|ObjectInputStream/i,
|
|
123
|
+
"insecure-deserialization",
|
|
124
|
+
],
|
|
125
|
+
// Information disclosure
|
|
126
|
+
[
|
|
127
|
+
/(?:verbose|stack.?trace|detailed)\s*error.*(?:user|client|response)|information\s*(?:disclosure|leak)/i,
|
|
128
|
+
"info-disclosure",
|
|
129
|
+
],
|
|
130
|
+
// Denial of service
|
|
131
|
+
[
|
|
132
|
+
/(?:denial|dos)\s*(?:of\s*)?service|\bReDoS\b|catastrophic\s*backtrack|unbounded.*(?:loop|alloc)/i,
|
|
133
|
+
"denial-of-service",
|
|
134
|
+
],
|
|
135
|
+
// File upload
|
|
136
|
+
[
|
|
137
|
+
/file\s*upload.*(?:unvalidat|unchecked|size|type)|upload.*(?:without|no).*(?:valid|restrict|limit)/i,
|
|
138
|
+
"file-upload-security",
|
|
139
|
+
],
|
|
140
|
+
// Missing access control
|
|
141
|
+
[/(?:missing|no)\s*(?:access\s*control|authorization|authz)|broken\s*access\s*control/i, "missing-access-control"],
|
|
142
|
+
// Hardcoded port / IP / URL
|
|
143
|
+
[/hardcod.*(?:port|ip|host|url)|(?:port|ip|host).*hardcod/i, "hardcoded-config"],
|
|
144
|
+
// Frontend-specific overlaps
|
|
145
|
+
[/dangerouslySetInnerHTML|v-html|bypassSecurityTrust/i, "unsafe-html-render"],
|
|
146
|
+
[/(?:missing|no)\s*(?:alt|aria|label).*(?:accessib|a11y)|accessibility.*(?:missing|violat)/i, "a11y-violation"],
|
|
110
147
|
];
|
|
111
148
|
const TOPIC_STOP_WORDS = new Set([
|
|
112
149
|
"a",
|
package/dist/dedup.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dedup.js","sourceRoot":"","sources":["../src/dedup.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,gFAAgF;AAEhF,MAAM,UAAU,YAAY,CAAC,QAAkB;IAC7C,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU;YACb,OAAO,CAAC,CAAC;QACX,KAAK,MAAM;YACT,OAAO,CAAC,CAAC;QACX,KAAK,QAAQ;YACX,OAAO,CAAC,CAAC;QACX,KAAK,KAAK;YACR,OAAO,CAAC,CAAC;QACX,KAAK,MAAM;YACT,OAAO,CAAC,CAAC;QACX;YACE,OAAO,CAAC,CAAC;IACb,CAAC;AACH,CAAC;AAED,gFAAgF;AAEhF;;;;GAIG;AACH,MAAM,oBAAoB,GAA4B;IACpD,CAAC,mEAAmE,EAAE,eAAe,CAAC;IACtF,CAAC,6DAA6D,EAAE,KAAK,CAAC;IACtE,CAAC,4DAA4D,EAAE,eAAe,CAAC;IAC/E,CAAC,qCAAqC,EAAE,gBAAgB,CAAC;IACzD,CAAC,gFAAgF,EAAE,aAAa,CAAC;IACjG;QACE,uHAAuH;QACvH,kBAAkB;KACnB;IACD,CAAC,8CAA8C,EAAE,cAAc,CAAC;IAChE,CAAC,oGAAoG,EAAE,YAAY,CAAC;IACpH,CAAC,uBAAuB,EAAE,eAAe,CAAC;IAC1C,CAAC,qDAAqD,EAAE,kBAAkB,CAAC;IAC3E,CAAC,UAAU,EAAE,SAAS,CAAC;IACvB,CAAC,sEAAsE,EAAE,SAAS,CAAC;IACnF,CAAC,uDAAuD,EAAE,aAAa,CAAC;IACxE,CAAC,qBAAqB,EAAE,qBAAqB,CAAC;IAC9C,CAAC,kBAAkB,EAAE,eAAe,CAAC;IACrC,CAAC,oCAAoC,EAAE,MAAM,CAAC;IAC9C,CAAC,iCAAiC,EAAE,gBAAgB,CAAC;IAErD,6EAA6E;IAC7E,CAAC,6EAA6E,EAAE,cAAc,CAAC;IAC/F,CAAC,uDAAuD,EAAE,eAAe,CAAC;IAC1E,CAAC,mEAAmE,EAAE,aAAa,CAAC;IACpF,CAAC,yCAAyC,EAAE,qBAAqB,CAAC;IAClE,CAAC,+DAA+D,EAAE,iBAAiB,CAAC;IACpF,CAAC,2CAA2C,EAAE,sBAAsB,CAAC;IACrE,CAAC,yDAAyD,EAAE,uBAAuB,CAAC;IACpF,CAAC,kEAAkE,EAAE,wBAAwB,CAAC;IAE9F,6EAA6E;IAC7E,CAAC,8CAA8C,EAAE,gBAAgB,CAAC;IAClE,CAAC,8EAA8E,EAAE,YAAY,CAAC;IAC9F;QACE,0IAA0I;QAC1I,oBAAoB;KACrB;IAED,6EAA6E;IAC7E,2BAA2B;IAC3B,CAAC,6DAA6D,EAAE,uBAAuB,CAAC;IACxF,CAAC,4CAA4C,EAAE,aAAa,CAAC;IAC7D,CAAC,6DAA6D,EAAE,gBAAgB,CAAC;IACjF,CAAC,4EAA4E,EAAE,mBAAmB,CAAC;IAEnG,cAAc;IACd,CAAC,sDAAsD,EAAE,gBAAgB,CAAC;IAC1E,CAAC,+CAA+C,EAAE,UAAU,CAAC;IAC7D,CAAC,iFAAiF,EAAE,eAAe,CAAC;IAEpG,kBAAkB;IAClB,CAAC,6DAA6D,EAAE,oBAAoB,CAAC;IACrF,CAAC,uFAAuF,EAAE,qBAAqB,CAAC;IAChH,CAAC,wEAAwE,EAAE,eAAe,CAAC;IAC3F,CAAC,0EAA0E,EAAE,oBAAoB,CAAC;IAElG,oBAAoB;IACpB,CAAC,4EAA4E,EAAE,wBAAwB,CAAC;IACxG,CAAC,sEAAsE,EAAE,cAAc,CAAC;IAExF,iCAAiC;IACjC,CAAC,uEAAuE,EAAE,uBAAuB,CAAC;IAClG;QACE,+FAA+F;QAC/F,oBAAoB;KACrB;IACD,CAAC,gEAAgE,EAAE,qBAAqB,CAAC;IACzF,CAAC,4EAA4E,EAAE,iBAAiB,CAAC;IAEjG,4BAA4B;IAC5B,CAAC,qEAAqE,EAAE,uBAAuB,CAAC;IAChG,CAAC,6DAA6D,EAAE,qBAAqB,CAAC;IACtF,CAAC,mDAAmD,EAAE,mBAAmB,CAAC;IAE1E,sBAAsB;IACtB;QACE,0GAA0G;QAC1G,eAAe;KAChB;IACD,CAAC,qEAAqE,EAAE,aAAa,CAAC;IAEtF,iBAAiB;IACjB,CAAC,kEAAkE,EAAE,iBAAiB,CAAC;IACvF,CAAC,0EAA0E,EAAE,eAAe,CAAC;CAC9F,CAAC;AAEF,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,GAAG;IACH,IAAI;IACJ,KAAK;IACL,IAAI;IACJ,KAAK;IACL,KAAK;IACL,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,KAAK;IACL,IAAI;IACJ,MAAM;IACN,IAAI;IACJ,MAAM;IACN,IAAI;IACJ,IAAI;IACJ,KAAK;IACL,KAAK;IACL,IAAI;IACJ,KAAK;IACL,IAAI;IACJ,IAAI;IACJ,KAAK;IACL,KAAK;IACL,MAAM;IACN,KAAK;IACL,IAAI;IACJ,MAAM;IACN,KAAK;IACL,KAAK;IACL,OAAO;IACP,QAAQ;IACR,MAAM;IACN,KAAK;IACL,MAAM;IACN,OAAO;IACP,SAAS;IACT,SAAS;IACT,UAAU;IACV,OAAO;IACP,KAAK;IACL,MAAM;IACN,MAAM;CACP,CAAC,CAAC;AAEH;;;GAGG;AACH,SAAS,mBAAmB,CAAC,OAAgB;IAC3C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC5B,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,oBAAoB,EAAE,CAAC;QACpD,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;IACxC,CAAC;IACD,iDAAiD;IACjD,OAAO,KAAK;SACT,WAAW,EAAE;SACb,OAAO,CAAC,cAAc,EAAE,GAAG,CAAC;SAC5B,KAAK,CAAC,KAAK,CAAC;SACZ,MAAM,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;SAC/D,IAAI,EAAE;SACN,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC;AAED,gFAAgF;AAEhF;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAmB;IACrD,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,QAAQ,CAAC;IAE1C,yCAAyC;IACzC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAoB,CAAC;IAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,KAAK,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC;QAErC,IAAI,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;YAC/B,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;gBACjC,MAAM,GAAG,GAAG,GAAG,KAAK,KAAK,IAAI,EAAE,CAAC;gBAChC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBACnB,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;oBACpC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBACd,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;oBACvB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAChB,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,GAAG,GAAG,KAAK,SAAS,CAAC;YAC9B,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACpC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACd,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IACpE,SAAS,IAAI,CAAC,CAAS;QACrB,OAAO,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9B,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IACD,SAAS,KAAK,CAAC,CAAS,EAAE,CAAS;QACjC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACnB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACnB,IAAI,EAAE,KAAK,EAAE;YAAE,MAAM,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC;IACjC,CAAC;IAED,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;QACtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,+DAA+D;IAC/D,mFAAmF;IACnF,0EAA0E;IAC1E,oDAAoD;IACpD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IACpE,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAoB,CAAC;IACtD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,IAAI,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,KAAK,GAAG,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACd,iBAAiB,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IACD,KAAK,MAAM,OAAO,IAAI,iBAAiB,CAAC,MAAM,EAAE,EAAE,CAAC;QACjD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,MAAM,UAAU,GAAG,IAAI,GAAG,EAAoB,CAAC;IAC/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACrB,MAAM,IAAI,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACb,UAAU,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC7B,CAAC;IAED,yEAAyE;IACzE,MAAM,MAAM,GAAc,EAAE,CAAC;IAC7B,KAAK,MAAM,OAAO,IAAI,UAAU,CAAC,MAAM,EAAE,EAAE,CAAC;QAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAClC,SAAS;QACX,CAAC;QAED,uEAAuE;QACvE,MAAM,MAAM,GAAG,OAAO;aACnB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;aACvB,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACb,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;YACpE,IAAI,OAAO,KAAK,CAAC;gBAAE,OAAO,OAAO,CAAC;YAClC,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACpE,IAAI,OAAO,KAAK,CAAC;gBAAE,OAAO,OAAO,CAAC;YAClC,MAAM,QAAQ,GAAG,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC;YAC3D,IAAI,QAAQ,KAAK,CAAC;gBAAE,OAAO,QAAQ,CAAC;YACpC,OAAO,CAAC,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC;QACrD,CAAC,CAAC,CAAC;QAEL,MAAM,IAAI,GAAG,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAE9B,sDAAsD;QACtD,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;QACnC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,IAAI,CAAC,CAAC,WAAW;gBAAE,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;QACrE,CAAC;QACD,IAAI,QAAQ,CAAC,IAAI,GAAG,CAAC;YAAE,IAAI,CAAC,WAAW,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAE9E,iCAAiC;QACjC,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,WAAW,IAAI,4BAA4B,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;QACzE,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,gFAAgF;AAEhF;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,cAAc,CAAC,YAA0D;IACvF,IAAI,YAAY,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC7B,OAAO,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAEpE,sDAAsD;IACtD,MAAM,eAAe,GAAG,IAAI,GAAG,EAAqD,CAAC;IACrF,MAAM,SAAS,GAAc,EAAE,CAAC;IAEhC,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;QAC9B,KAAK,MAAM,OAAO,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC;YAClC,MAAM,KAAK,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;YAE3C,2EAA2E;YAC3E,IAAI,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBAC7C,MAAM,GAAG,GAAG,GAAG,KAAK,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC;gBAC1C,MAAM,KAAK,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;gBAC7C,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;gBACvC,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAClC,CAAC;iBAAM,CAAC;gBACN,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAc,CAAC,GAAG,SAAS,CAAC,CAAC;IAEzC,KAAK,MAAM,OAAO,IAAI,eAAe,CAAC,MAAM,EAAE,EAAE,CAAC;QAC/C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,iCAAiC;YACjC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YAChC,SAAS;QACX,CAAC;QAED,4DAA4D;QAC5D,oEAAoE;QACpE,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACnC,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACpF,IAAI,OAAO,KAAK,CAAC;gBAAE,OAAO,OAAO,CAAC;YAClC,MAAM,QAAQ,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC;YAC3E,IAAI,QAAQ,KAAK,CAAC;gBAAE,OAAO,QAAQ,CAAC;YACpC,OAAO,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC;QACrE,CAAC,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QAEtC,yDAAyD;QACzD,MAAM,aAAa,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAErE,kEAAkE;QAClE,wDAAwD;QACxD,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;QACnC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,IAAI,EAAE;gBAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,QAAQ,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACtB,IAAI,CAAC,WAAW,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACzD,CAAC;QAED,mDAAmD;QACnD,IAAI,CAAC,WAAW,IAAI,4BAA4B,aAAa,CAAC,MAAM,aAAa,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;QAE7G,yEAAyE;QACzE,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YAClC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAClG,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AA0BD;;;GAGG;AACH,SAAS,cAAc,CAAC,CAAU,EAAE,QAAiB;IACnD,MAAM,IAAI,GAAG,QAAQ,IAAI,EAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACrC,OAAO,GAAG,CAAC,CAAC,MAAM,KAAK,IAAI,KAAK,IAAI,EAAE,CAAC;AACzC,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,YAAY,CAAC,QAAmB,EAAE,OAAkB,EAAE,QAAiB;IACrF,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAmB,CAAC;IAC5C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAmB,CAAC;IAC5C,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,WAAW,GAAc,EAAE,CAAC;IAClC,MAAM,iBAAiB,GAAc,EAAE,CAAC;IACxC,MAAM,aAAa,GAAc,EAAE,CAAC;IAEpC,KAAK,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,QAAQ,EAAE,CAAC;QAChC,IAAI,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,KAAK,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,QAAQ,EAAE,CAAC;QAChC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,OAAO;QACL,WAAW;QACX,aAAa;QACb,iBAAiB;QACjB,KAAK,EAAE;YACL,aAAa,EAAE,QAAQ,CAAC,MAAM;YAC9B,YAAY,EAAE,OAAO,CAAC,MAAM;YAC5B,QAAQ,EAAE,WAAW,CAAC,MAAM;YAC5B,UAAU,EAAE,aAAa,CAAC,MAAM;YAChC,cAAc,EAAE,iBAAiB,CAAC,MAAM;YACxC,KAAK,EAAE,OAAO,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM;SACxC;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAiB;IACjD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;IAC/E,KAAK,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;IAC9E,KAAK,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;IAC/E,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,qBAAqB,IAAI,CAAC,KAAK,CAAC,aAAa,aAAa,CAAC,CAAC;IACvE,KAAK,CAAC,IAAI,CAAC,qBAAqB,IAAI,CAAC,KAAK,CAAC,YAAY,aAAa,CAAC,CAAC;IACtE,KAAK,CAAC,IAAI,CAAC,qBAAqB,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;IACvF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,sBAAsB,IAAI,CAAC,KAAK,CAAC,QAAQ,IAAI,CAAC,CAAC;QAC1D,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,KAAK,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC;QAC1G,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,IAAI,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,uBAAuB,IAAI,CAAC,KAAK,CAAC,UAAU,IAAI,CAAC,CAAC;QAC7D,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,KAAK,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC;QAC1G,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,IAAI,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtC,KAAK,CAAC,IAAI,CAAC,4BAA4B,IAAI,CAAC,KAAK,CAAC,cAAc,IAAI,CAAC,CAAC;QACtE,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,KAAK,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC;QAC1G,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AA0BD;;;;;;;GAOG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAAiB,EAAE,OAA8B;IACrF,MAAM,WAAW,GAAG,OAAO,EAAE,WAAW,IAAI,CAAC,CAAC;IAC9C,MAAM,cAAc,GAAG,OAAO,EAAE,sBAAsB,IAAI,IAAI,CAAC;IAE/D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;IAE7D,uCAAuC;IACvC,MAAM,QAAQ,GAAG,cAAc;QAC7B,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;QACpF,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,IAAI,WAAW,CAAC;IAEhE,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CACR,eAAe,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,QAAQ,KAAK,IAAI,CAAC,KAAK,CAAC,UAAU,WAAW,IAAI,CAAC,KAAK,CAAC,QAAQ,cAAc,CACzH,CAAC;IACF,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CACR,cAAc,QAAQ,CAAC,MAAM,kCAAkC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC1G,CAAC;IACJ,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;IAEpD,OAAO;QACL,MAAM;QACN,QAAQ;QACR,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ;QAC/B,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,UAAU;QAC/B,QAAQ;QACR,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;KAC1B,CAAC;AACJ,CAAC"}
|
|
1
|
+
{"version":3,"file":"dedup.js","sourceRoot":"","sources":["../src/dedup.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,gFAAgF;AAEhF,MAAM,UAAU,YAAY,CAAC,QAAkB;IAC7C,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU;YACb,OAAO,CAAC,CAAC;QACX,KAAK,MAAM;YACT,OAAO,CAAC,CAAC;QACX,KAAK,QAAQ;YACX,OAAO,CAAC,CAAC;QACX,KAAK,KAAK;YACR,OAAO,CAAC,CAAC;QACX,KAAK,MAAM;YACT,OAAO,CAAC,CAAC;QACX;YACE,OAAO,CAAC,CAAC;IACb,CAAC;AACH,CAAC;AAED,gFAAgF;AAEhF;;;;GAIG;AACH,MAAM,oBAAoB,GAA4B;IACpD,CAAC,mEAAmE,EAAE,eAAe,CAAC;IACtF,CAAC,6DAA6D,EAAE,KAAK,CAAC;IACtE,CAAC,4DAA4D,EAAE,eAAe,CAAC;IAC/E,CAAC,qCAAqC,EAAE,gBAAgB,CAAC;IACzD,CAAC,gFAAgF,EAAE,aAAa,CAAC;IACjG;QACE,uHAAuH;QACvH,kBAAkB;KACnB;IACD,CAAC,8CAA8C,EAAE,cAAc,CAAC;IAChE,CAAC,oGAAoG,EAAE,YAAY,CAAC;IACpH,CAAC,uBAAuB,EAAE,eAAe,CAAC;IAC1C,CAAC,qDAAqD,EAAE,kBAAkB,CAAC;IAC3E,CAAC,UAAU,EAAE,SAAS,CAAC;IACvB,CAAC,sEAAsE,EAAE,SAAS,CAAC;IACnF,CAAC,uDAAuD,EAAE,aAAa,CAAC;IACxE,CAAC,qBAAqB,EAAE,qBAAqB,CAAC;IAC9C,CAAC,kBAAkB,EAAE,eAAe,CAAC;IACrC,CAAC,oCAAoC,EAAE,MAAM,CAAC;IAC9C,CAAC,iCAAiC,EAAE,gBAAgB,CAAC;IAErD,6EAA6E;IAC7E,CAAC,6EAA6E,EAAE,cAAc,CAAC;IAC/F,CAAC,uDAAuD,EAAE,eAAe,CAAC;IAC1E,CAAC,mEAAmE,EAAE,aAAa,CAAC;IACpF,CAAC,yCAAyC,EAAE,qBAAqB,CAAC;IAClE,CAAC,+DAA+D,EAAE,iBAAiB,CAAC;IACpF,CAAC,2CAA2C,EAAE,sBAAsB,CAAC;IACrE,CAAC,yDAAyD,EAAE,uBAAuB,CAAC;IACpF,CAAC,kEAAkE,EAAE,wBAAwB,CAAC;IAE9F,6EAA6E;IAC7E,CAAC,8CAA8C,EAAE,gBAAgB,CAAC;IAClE,CAAC,8EAA8E,EAAE,YAAY,CAAC;IAC9F;QACE,0IAA0I;QAC1I,oBAAoB;KACrB;IAED,6EAA6E;IAC7E,2BAA2B;IAC3B,CAAC,6DAA6D,EAAE,uBAAuB,CAAC;IACxF,CAAC,4CAA4C,EAAE,aAAa,CAAC;IAC7D,CAAC,6DAA6D,EAAE,gBAAgB,CAAC;IACjF,CAAC,4EAA4E,EAAE,mBAAmB,CAAC;IAEnG,cAAc;IACd,CAAC,sDAAsD,EAAE,gBAAgB,CAAC;IAC1E,CAAC,+CAA+C,EAAE,UAAU,CAAC;IAC7D,CAAC,iFAAiF,EAAE,eAAe,CAAC;IAEpG,kBAAkB;IAClB,CAAC,6DAA6D,EAAE,oBAAoB,CAAC;IACrF,CAAC,uFAAuF,EAAE,qBAAqB,CAAC;IAChH,CAAC,wEAAwE,EAAE,eAAe,CAAC;IAC3F,CAAC,0EAA0E,EAAE,oBAAoB,CAAC;IAElG,oBAAoB;IACpB,CAAC,4EAA4E,EAAE,wBAAwB,CAAC;IACxG,CAAC,sEAAsE,EAAE,cAAc,CAAC;IAExF,iCAAiC;IACjC,CAAC,uEAAuE,EAAE,uBAAuB,CAAC;IAClG;QACE,+FAA+F;QAC/F,oBAAoB;KACrB;IACD,CAAC,gEAAgE,EAAE,qBAAqB,CAAC;IACzF,CAAC,4EAA4E,EAAE,iBAAiB,CAAC;IAEjG,4BAA4B;IAC5B,CAAC,qEAAqE,EAAE,uBAAuB,CAAC;IAChG,CAAC,6DAA6D,EAAE,qBAAqB,CAAC;IACtF,CAAC,mDAAmD,EAAE,mBAAmB,CAAC;IAE1E,sBAAsB;IACtB;QACE,0GAA0G;QAC1G,eAAe;KAChB;IACD,CAAC,qEAAqE,EAAE,aAAa,CAAC;IAEtF,iBAAiB;IACjB,CAAC,kEAAkE,EAAE,iBAAiB,CAAC;IACvF,CAAC,0EAA0E,EAAE,eAAe,CAAC;IAE7F,6EAA6E;IAC7E,wBAAwB;IACxB;QACE,+GAA+G;QAC/G,eAAe;KAChB;IAED,iBAAiB;IACjB,CAAC,uEAAuE,EAAE,MAAM,CAAC;IAEjF,iCAAiC;IACjC,CAAC,yEAAyE,EAAE,iBAAiB,CAAC;IAE9F,kBAAkB;IAClB;QACE,8GAA8G;QAC9G,0BAA0B;KAC3B;IAED,yBAAyB;IACzB;QACE,wGAAwG;QACxG,iBAAiB;KAClB;IAED,oBAAoB;IACpB;QACE,kGAAkG;QAClG,mBAAmB;KACpB;IAED,cAAc;IACd;QACE,oGAAoG;QACpG,sBAAsB;KACvB;IAED,yBAAyB;IACzB,CAAC,sFAAsF,EAAE,wBAAwB,CAAC;IAElH,4BAA4B;IAC5B,CAAC,0DAA0D,EAAE,kBAAkB,CAAC;IAEhF,6BAA6B;IAC7B,CAAC,qDAAqD,EAAE,oBAAoB,CAAC;IAC7E,CAAC,2FAA2F,EAAE,gBAAgB,CAAC;CAChH,CAAC;AAEF,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,GAAG;IACH,IAAI;IACJ,KAAK;IACL,IAAI;IACJ,KAAK;IACL,KAAK;IACL,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,KAAK;IACL,IAAI;IACJ,MAAM;IACN,IAAI;IACJ,MAAM;IACN,IAAI;IACJ,IAAI;IACJ,KAAK;IACL,KAAK;IACL,IAAI;IACJ,KAAK;IACL,IAAI;IACJ,IAAI;IACJ,KAAK;IACL,KAAK;IACL,MAAM;IACN,KAAK;IACL,IAAI;IACJ,MAAM;IACN,KAAK;IACL,KAAK;IACL,OAAO;IACP,QAAQ;IACR,MAAM;IACN,KAAK;IACL,MAAM;IACN,OAAO;IACP,SAAS;IACT,SAAS;IACT,UAAU;IACV,OAAO;IACP,KAAK;IACL,MAAM;IACN,MAAM;CACP,CAAC,CAAC;AAEH;;;GAGG;AACH,SAAS,mBAAmB,CAAC,OAAgB;IAC3C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC5B,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,oBAAoB,EAAE,CAAC;QACpD,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;IACxC,CAAC;IACD,iDAAiD;IACjD,OAAO,KAAK;SACT,WAAW,EAAE;SACb,OAAO,CAAC,cAAc,EAAE,GAAG,CAAC;SAC5B,KAAK,CAAC,KAAK,CAAC;SACZ,MAAM,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;SAC/D,IAAI,EAAE;SACN,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC;AAED,gFAAgF;AAEhF;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAmB;IACrD,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,QAAQ,CAAC;IAE1C,yCAAyC;IACzC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAoB,CAAC;IAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,KAAK,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC;QAErC,IAAI,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;YAC/B,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;gBACjC,MAAM,GAAG,GAAG,GAAG,KAAK,KAAK,IAAI,EAAE,CAAC;gBAChC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBACnB,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;oBACpC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBACd,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;oBACvB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAChB,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,GAAG,GAAG,KAAK,SAAS,CAAC;YAC9B,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACpC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACd,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IACpE,SAAS,IAAI,CAAC,CAAS;QACrB,OAAO,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9B,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IACD,SAAS,KAAK,CAAC,CAAS,EAAE,CAAS;QACjC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACnB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACnB,IAAI,EAAE,KAAK,EAAE;YAAE,MAAM,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC;IACjC,CAAC;IAED,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;QACtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,+DAA+D;IAC/D,mFAAmF;IACnF,0EAA0E;IAC1E,oDAAoD;IACpD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IACpE,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAoB,CAAC;IACtD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,IAAI,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,KAAK,GAAG,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACd,iBAAiB,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IACD,KAAK,MAAM,OAAO,IAAI,iBAAiB,CAAC,MAAM,EAAE,EAAE,CAAC;QACjD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,MAAM,UAAU,GAAG,IAAI,GAAG,EAAoB,CAAC;IAC/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACrB,MAAM,IAAI,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACb,UAAU,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC7B,CAAC;IAED,yEAAyE;IACzE,MAAM,MAAM,GAAc,EAAE,CAAC;IAC7B,KAAK,MAAM,OAAO,IAAI,UAAU,CAAC,MAAM,EAAE,EAAE,CAAC;QAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAClC,SAAS;QACX,CAAC;QAED,uEAAuE;QACvE,MAAM,MAAM,GAAG,OAAO;aACnB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;aACvB,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACb,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;YACpE,IAAI,OAAO,KAAK,CAAC;gBAAE,OAAO,OAAO,CAAC;YAClC,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACpE,IAAI,OAAO,KAAK,CAAC;gBAAE,OAAO,OAAO,CAAC;YAClC,MAAM,QAAQ,GAAG,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC;YAC3D,IAAI,QAAQ,KAAK,CAAC;gBAAE,OAAO,QAAQ,CAAC;YACpC,OAAO,CAAC,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC;QACrD,CAAC,CAAC,CAAC;QAEL,MAAM,IAAI,GAAG,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAE9B,sDAAsD;QACtD,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;QACnC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,IAAI,CAAC,CAAC,WAAW;gBAAE,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;QACrE,CAAC;QACD,IAAI,QAAQ,CAAC,IAAI,GAAG,CAAC;YAAE,IAAI,CAAC,WAAW,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAE9E,iCAAiC;QACjC,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,WAAW,IAAI,4BAA4B,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;QACzE,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,gFAAgF;AAEhF;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,cAAc,CAAC,YAA0D;IACvF,IAAI,YAAY,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC7B,OAAO,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAEpE,sDAAsD;IACtD,MAAM,eAAe,GAAG,IAAI,GAAG,EAAqD,CAAC;IACrF,MAAM,SAAS,GAAc,EAAE,CAAC;IAEhC,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;QAC9B,KAAK,MAAM,OAAO,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC;YAClC,MAAM,KAAK,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;YAE3C,2EAA2E;YAC3E,IAAI,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBAC7C,MAAM,GAAG,GAAG,GAAG,KAAK,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC;gBAC1C,MAAM,KAAK,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;gBAC7C,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;gBACvC,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAClC,CAAC;iBAAM,CAAC;gBACN,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAc,CAAC,GAAG,SAAS,CAAC,CAAC;IAEzC,KAAK,MAAM,OAAO,IAAI,eAAe,CAAC,MAAM,EAAE,EAAE,CAAC;QAC/C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,iCAAiC;YACjC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YAChC,SAAS;QACX,CAAC;QAED,4DAA4D;QAC5D,oEAAoE;QACpE,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACnC,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACpF,IAAI,OAAO,KAAK,CAAC;gBAAE,OAAO,OAAO,CAAC;YAClC,MAAM,QAAQ,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC;YAC3E,IAAI,QAAQ,KAAK,CAAC;gBAAE,OAAO,QAAQ,CAAC;YACpC,OAAO,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC;QACrE,CAAC,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QAEtC,yDAAyD;QACzD,MAAM,aAAa,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAErE,kEAAkE;QAClE,wDAAwD;QACxD,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;QACnC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,IAAI,EAAE;gBAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,QAAQ,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACtB,IAAI,CAAC,WAAW,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACzD,CAAC;QAED,mDAAmD;QACnD,IAAI,CAAC,WAAW,IAAI,4BAA4B,aAAa,CAAC,MAAM,aAAa,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;QAE7G,yEAAyE;QACzE,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YAClC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAClG,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AA0BD;;;GAGG;AACH,SAAS,cAAc,CAAC,CAAU,EAAE,QAAiB;IACnD,MAAM,IAAI,GAAG,QAAQ,IAAI,EAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACrC,OAAO,GAAG,CAAC,CAAC,MAAM,KAAK,IAAI,KAAK,IAAI,EAAE,CAAC;AACzC,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,YAAY,CAAC,QAAmB,EAAE,OAAkB,EAAE,QAAiB;IACrF,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAmB,CAAC;IAC5C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAmB,CAAC;IAC5C,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,WAAW,GAAc,EAAE,CAAC;IAClC,MAAM,iBAAiB,GAAc,EAAE,CAAC;IACxC,MAAM,aAAa,GAAc,EAAE,CAAC;IAEpC,KAAK,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,QAAQ,EAAE,CAAC;QAChC,IAAI,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,KAAK,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,QAAQ,EAAE,CAAC;QAChC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,OAAO;QACL,WAAW;QACX,aAAa;QACb,iBAAiB;QACjB,KAAK,EAAE;YACL,aAAa,EAAE,QAAQ,CAAC,MAAM;YAC9B,YAAY,EAAE,OAAO,CAAC,MAAM;YAC5B,QAAQ,EAAE,WAAW,CAAC,MAAM;YAC5B,UAAU,EAAE,aAAa,CAAC,MAAM;YAChC,cAAc,EAAE,iBAAiB,CAAC,MAAM;YACxC,KAAK,EAAE,OAAO,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM;SACxC;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAiB;IACjD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;IAC/E,KAAK,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;IAC9E,KAAK,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;IAC/E,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,qBAAqB,IAAI,CAAC,KAAK,CAAC,aAAa,aAAa,CAAC,CAAC;IACvE,KAAK,CAAC,IAAI,CAAC,qBAAqB,IAAI,CAAC,KAAK,CAAC,YAAY,aAAa,CAAC,CAAC;IACtE,KAAK,CAAC,IAAI,CAAC,qBAAqB,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;IACvF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,sBAAsB,IAAI,CAAC,KAAK,CAAC,QAAQ,IAAI,CAAC,CAAC;QAC1D,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,KAAK,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC;QAC1G,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,IAAI,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,uBAAuB,IAAI,CAAC,KAAK,CAAC,UAAU,IAAI,CAAC,CAAC;QAC7D,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,KAAK,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC;QAC1G,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,IAAI,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtC,KAAK,CAAC,IAAI,CAAC,4BAA4B,IAAI,CAAC,KAAK,CAAC,cAAc,IAAI,CAAC,CAAC;QACtE,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,KAAK,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC;QAC1G,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AA0BD;;;;;;;GAOG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAAiB,EAAE,OAA8B;IACrF,MAAM,WAAW,GAAG,OAAO,EAAE,WAAW,IAAI,CAAC,CAAC;IAC9C,MAAM,cAAc,GAAG,OAAO,EAAE,sBAAsB,IAAI,IAAI,CAAC;IAE/D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;IAE7D,uCAAuC;IACvC,MAAM,QAAQ,GAAG,cAAc;QAC7B,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;QACpF,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,IAAI,WAAW,CAAC;IAEhE,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CACR,eAAe,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,QAAQ,KAAK,IAAI,CAAC,KAAK,CAAC,UAAU,WAAW,IAAI,CAAC,KAAK,CAAC,QAAQ,cAAc,CACzH,CAAC;IACF,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CACR,cAAc,QAAQ,CAAC,MAAM,kCAAkC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC1G,CAAC;IACJ,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;IAEpD,OAAO;QACL,MAAM;QACN,QAAQ;QACR,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ;QAC/B,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,UAAU;QAC/B,QAAQ;QACR,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;KAC1B,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"framework-safety.d.ts","sourceRoot":"","sources":["../../src/evaluators/framework-safety.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAG3C;;;;;;;;;GASG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"framework-safety.d.ts","sourceRoot":"","sources":["../../src/evaluators/framework-safety.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAG3C;;;;;;;;;GASG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CAg8ChF"}
|
|
@@ -629,6 +629,115 @@ export function analyzeFrameworkSafety(code, language) {
|
|
|
629
629
|
});
|
|
630
630
|
}
|
|
631
631
|
}
|
|
632
|
+
// ── v3.35.0 — Additional Django patterns ──
|
|
633
|
+
if (hasDjango) {
|
|
634
|
+
// Django: SESSION_COOKIE_SECURE = False
|
|
635
|
+
const insecureSessionLines = getLineNumbers(code, /^\s*SESSION_COOKIE_SECURE\s*=\s*False\b/gm);
|
|
636
|
+
if (insecureSessionLines.length > 0) {
|
|
637
|
+
findings.push({
|
|
638
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
639
|
+
severity: "high",
|
|
640
|
+
title: "Django SESSION_COOKIE_SECURE=False — session hijacking over HTTP",
|
|
641
|
+
description: "Session cookies are sent over unencrypted HTTP connections. Attackers on the same network can intercept session cookies via passive sniffing.",
|
|
642
|
+
lineNumbers: insecureSessionLines,
|
|
643
|
+
recommendation: "Set SESSION_COOKIE_SECURE = True. Also set CSRF_COOKIE_SECURE = True and SECURE_SSL_REDIRECT = True.",
|
|
644
|
+
reference: "Django Security — https://docs.djangoproject.com/en/5.0/ref/settings/#session-cookie-secure",
|
|
645
|
+
confidence: 0.9,
|
|
646
|
+
});
|
|
647
|
+
}
|
|
648
|
+
// Django: SECURE_SSL_REDIRECT = False
|
|
649
|
+
const noSslRedirectLines = getLineNumbers(code, /^\s*SECURE_SSL_REDIRECT\s*=\s*False\b/gm);
|
|
650
|
+
if (noSslRedirectLines.length > 0) {
|
|
651
|
+
findings.push({
|
|
652
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
653
|
+
severity: "medium",
|
|
654
|
+
title: "Django SECURE_SSL_REDIRECT=False — no HTTPS enforcement",
|
|
655
|
+
description: "HTTP requests are not redirected to HTTPS. Sensitive data including credentials and session tokens may be transmitted in cleartext.",
|
|
656
|
+
lineNumbers: noSslRedirectLines,
|
|
657
|
+
recommendation: "Set SECURE_SSL_REDIRECT = True in production settings.",
|
|
658
|
+
reference: "Django SSL — https://docs.djangoproject.com/en/5.0/ref/settings/#secure-ssl-redirect",
|
|
659
|
+
confidence: 0.85,
|
|
660
|
+
});
|
|
661
|
+
}
|
|
662
|
+
// Django: mark_safe() with variable input
|
|
663
|
+
const markSafeLines = getLineNumbers(code, /mark_safe\s*\(\s*(?:f["']|.*\+|\w+(?:\.\w+)*\s*\))/gm);
|
|
664
|
+
if (markSafeLines.length > 0) {
|
|
665
|
+
findings.push({
|
|
666
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
667
|
+
severity: "high",
|
|
668
|
+
title: "Django mark_safe() with dynamic content — XSS vulnerability",
|
|
669
|
+
description: "mark_safe() is called with f-strings, concatenation, or variable input. This bypasses Django's auto-escaping and can introduce XSS when user-controlled data is included.",
|
|
670
|
+
lineNumbers: markSafeLines,
|
|
671
|
+
recommendation: "Use format_html() instead of mark_safe() for dynamic content: format_html('<b>{}</b>', user_input).",
|
|
672
|
+
reference: "Django mark_safe — https://docs.djangoproject.com/en/5.0/ref/utils/#django.utils.safestring.mark_safe",
|
|
673
|
+
confidence: 0.85,
|
|
674
|
+
});
|
|
675
|
+
}
|
|
676
|
+
// Django: FILE_UPLOAD_PERMISSIONS too permissive
|
|
677
|
+
const uploadPermLines = getLineNumbers(code, /FILE_UPLOAD_PERMISSIONS\s*=\s*0o?7[0-7]{2}/gm);
|
|
678
|
+
if (uploadPermLines.length > 0) {
|
|
679
|
+
findings.push({
|
|
680
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
681
|
+
severity: "medium",
|
|
682
|
+
title: "Django FILE_UPLOAD_PERMISSIONS too permissive",
|
|
683
|
+
description: "Uploaded files are created with world-readable or world-writable permissions. This may allow other system users to read or modify uploaded files.",
|
|
684
|
+
lineNumbers: uploadPermLines,
|
|
685
|
+
recommendation: "Set FILE_UPLOAD_PERMISSIONS = 0o644 to restrict access to owner-writable, group/world-readable.",
|
|
686
|
+
reference: "Django File Uploads — https://docs.djangoproject.com/en/5.0/ref/settings/#file-upload-permissions",
|
|
687
|
+
confidence: 0.8,
|
|
688
|
+
});
|
|
689
|
+
}
|
|
690
|
+
// Django: using globals() or locals() in render context
|
|
691
|
+
const localsRenderLines = getLineNumbers(code, /render\s*\([^)]*(?:locals|globals)\s*\(\s*\)/gm);
|
|
692
|
+
if (localsRenderLines.length > 0) {
|
|
693
|
+
findings.push({
|
|
694
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
695
|
+
severity: "medium",
|
|
696
|
+
title: "Django render() with locals()/globals() — data exposure",
|
|
697
|
+
description: "Passing locals() or globals() as template context exposes all local/global variables to the template, potentially leaking sensitive data like database connections, secrets, or internal state.",
|
|
698
|
+
lineNumbers: localsRenderLines,
|
|
699
|
+
recommendation: "Pass an explicit context dictionary: render(request, 'template.html', {'user': user, 'items': items}).",
|
|
700
|
+
reference: "Django Views — https://docs.djangoproject.com/en/5.0/topics/http/shortcuts/#render",
|
|
701
|
+
confidence: 0.8,
|
|
702
|
+
});
|
|
703
|
+
}
|
|
704
|
+
}
|
|
705
|
+
// ── v3.35.0 — Additional Flask patterns ──
|
|
706
|
+
if (hasFlask) {
|
|
707
|
+
// Flask: send_file with user-controlled path (path traversal)
|
|
708
|
+
const sendFilePaths = getLineNumbers(code, /send_file\s*\(\s*(?:request\.|f["']|os\.path\.join\s*\([^)]*request\.)/gm);
|
|
709
|
+
if (sendFilePaths.length > 0) {
|
|
710
|
+
findings.push({
|
|
711
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
712
|
+
severity: "critical",
|
|
713
|
+
title: "Flask send_file with user input — path traversal",
|
|
714
|
+
description: "send_file() uses user-controlled input to determine the file path. Attackers can use ../ sequences to read arbitrary files from the server.",
|
|
715
|
+
lineNumbers: sendFilePaths,
|
|
716
|
+
recommendation: "Use send_from_directory() with a fixed base directory, or validate the filename with secure_filename().",
|
|
717
|
+
reference: "Flask send_file — https://flask.palletsprojects.com/en/3.0.x/api/#flask.send_file",
|
|
718
|
+
confidence: 0.9,
|
|
719
|
+
});
|
|
720
|
+
}
|
|
721
|
+
// Flask: session without SECRET_KEY
|
|
722
|
+
const sessionNoKeyLines = [];
|
|
723
|
+
if (/session\[/.test(code) && !/secret_key|SECRET_KEY/.test(code)) {
|
|
724
|
+
const sessionUseLines = getLineNumbers(code, /session\[/gm);
|
|
725
|
+
sessionNoKeyLines.push(...sessionUseLines);
|
|
726
|
+
}
|
|
727
|
+
if (sessionNoKeyLines.length > 0) {
|
|
728
|
+
findings.push({
|
|
729
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
730
|
+
severity: "high",
|
|
731
|
+
title: "Flask session used without SECRET_KEY in file",
|
|
732
|
+
description: "Flask sessions are used but no SECRET_KEY is configured in this file. Without a strong secret key, session cookies can be tampered with or forged.",
|
|
733
|
+
lineNumbers: sessionNoKeyLines,
|
|
734
|
+
recommendation: "Set app.secret_key = os.environ['SECRET_KEY'] before using sessions. Ensure the key is cryptographically random.",
|
|
735
|
+
reference: "Flask Sessions — https://flask.palletsprojects.com/en/3.0.x/quickstart/#sessions",
|
|
736
|
+
confidence: 0.65,
|
|
737
|
+
isAbsenceBased: true,
|
|
738
|
+
});
|
|
739
|
+
}
|
|
740
|
+
}
|
|
632
741
|
}
|
|
633
742
|
// ── Spring Boot (Java) ────────────────────────────────────────────────────
|
|
634
743
|
if (lang === "java") {
|
|
@@ -735,6 +844,85 @@ export function analyzeFrameworkSafety(code, language) {
|
|
|
735
844
|
confidence: 0.95,
|
|
736
845
|
});
|
|
737
846
|
}
|
|
847
|
+
// ── v3.35.0 — Additional Spring Boot patterns ──
|
|
848
|
+
// Spring: @RequestBody without @Valid/@Validated
|
|
849
|
+
const noValidationLines = [];
|
|
850
|
+
for (let i = 0; i < lines.length; i++) {
|
|
851
|
+
if (isCommentLine(lines[i]))
|
|
852
|
+
continue;
|
|
853
|
+
if (/@RequestBody\b/.test(lines[i]) && !/@Valid\b|@Validated\b/.test(lines[i])) {
|
|
854
|
+
noValidationLines.push(i + 1);
|
|
855
|
+
}
|
|
856
|
+
}
|
|
857
|
+
if (noValidationLines.length >= 2) {
|
|
858
|
+
findings.push({
|
|
859
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
860
|
+
severity: "medium",
|
|
861
|
+
title: "Spring @RequestBody without @Valid — no input validation",
|
|
862
|
+
description: "Request bodies are deserialized without Bean Validation. Invalid or malicious data passes directly to business logic without constraint checks.",
|
|
863
|
+
lineNumbers: noValidationLines,
|
|
864
|
+
recommendation: "Add @Valid annotation: public ResponseEntity<?> create(@Valid @RequestBody UserDto dto). Define constraints on the DTO with @NotNull, @Size, @Email, etc.",
|
|
865
|
+
reference: "Spring Validation — https://docs.spring.io/spring-framework/reference/core/validation.html",
|
|
866
|
+
confidence: 0.75,
|
|
867
|
+
isAbsenceBased: true,
|
|
868
|
+
});
|
|
869
|
+
}
|
|
870
|
+
// Spring: permitAll on sensitive paths
|
|
871
|
+
const permitAllLines = getLineNumbers(code, /\.requestMatchers\s*\([^)]*(?:admin|user|account|api\/v|manage|config)[^)]*\)\s*\.permitAll\s*\(\s*\)/gim);
|
|
872
|
+
if (permitAllLines.length > 0) {
|
|
873
|
+
findings.push({
|
|
874
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
875
|
+
severity: "high",
|
|
876
|
+
title: "Spring Security permitAll() on sensitive path",
|
|
877
|
+
description: "Paths containing admin, user, account, or management keywords are configured with permitAll(), allowing unauthenticated access to likely sensitive endpoints.",
|
|
878
|
+
lineNumbers: permitAllLines,
|
|
879
|
+
recommendation: 'Use authenticated() or hasRole(): .requestMatchers("/admin/**").hasRole("ADMIN").',
|
|
880
|
+
reference: "Spring Security Authorization — https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html",
|
|
881
|
+
confidence: 0.8,
|
|
882
|
+
});
|
|
883
|
+
}
|
|
884
|
+
// Spring: ObjectMapper with default typing enabled (deserialization attack)
|
|
885
|
+
const defaultTypingLines = getLineNumbers(code, /enableDefaultTyping|activateDefaultTyping|DefaultTyping\.NON_FINAL/gm);
|
|
886
|
+
if (defaultTypingLines.length > 0) {
|
|
887
|
+
findings.push({
|
|
888
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
889
|
+
severity: "critical",
|
|
890
|
+
title: "Jackson default typing enabled — deserialization vulnerability",
|
|
891
|
+
description: "Jackson ObjectMapper has default typing enabled, which allows attackers to specify arbitrary classes during deserialization. This can lead to remote code execution via gadget chains.",
|
|
892
|
+
lineNumbers: defaultTypingLines,
|
|
893
|
+
recommendation: "Remove enableDefaultTyping(). Use @JsonTypeInfo on specific classes instead. Configure PolymorphicTypeValidator to restrict allowed types.",
|
|
894
|
+
reference: "Jackson Deserialization — https://github.com/FasterXML/jackson-databind/issues/2326",
|
|
895
|
+
confidence: 0.95,
|
|
896
|
+
});
|
|
897
|
+
}
|
|
898
|
+
// Spring: Hardcoded credentials in application.properties/YAML
|
|
899
|
+
const springCredLines = getLineNumbers(code, /(?:spring\.datasource\.password|spring\.mail\.password|spring\.security\.user\.password)\s*=\s*[^\s$\{]+/gm);
|
|
900
|
+
if (springCredLines.length > 0) {
|
|
901
|
+
findings.push({
|
|
902
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
903
|
+
severity: "critical",
|
|
904
|
+
title: "Spring Boot hardcoded credentials in configuration",
|
|
905
|
+
description: "Database, mail, or security passwords are hardcoded in configuration files. These credentials will be committed to version control and exposed to anyone with repository access.",
|
|
906
|
+
lineNumbers: springCredLines,
|
|
907
|
+
recommendation: "Use environment variables: spring.datasource.password=${DB_PASSWORD}. Use Spring Cloud Config or Vault for secrets management.",
|
|
908
|
+
reference: "Spring Externalized Config — https://docs.spring.io/spring-boot/reference/features/external-config.html",
|
|
909
|
+
confidence: 0.9,
|
|
910
|
+
});
|
|
911
|
+
}
|
|
912
|
+
// Spring: Logging sensitive data
|
|
913
|
+
const logSensitiveLines = getLineNumbers(code, /(?:log|logger|LOG)\.\w+\s*\([^)]*(?:password|secret|token|apiKey|credentials|ssn|creditCard)/gim);
|
|
914
|
+
if (logSensitiveLines.length > 0) {
|
|
915
|
+
findings.push({
|
|
916
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
917
|
+
severity: "high",
|
|
918
|
+
title: "Spring logging sensitive data — credential exposure",
|
|
919
|
+
description: "Sensitive data such as passwords, secrets, or tokens appears in log statements. Log files are often stored with weaker access controls and retained for extended periods.",
|
|
920
|
+
lineNumbers: logSensitiveLines,
|
|
921
|
+
recommendation: "Remove sensitive data from log statements. Use structured logging with field masking. Never log raw passwords or tokens.",
|
|
922
|
+
reference: "OWASP Logging — https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html",
|
|
923
|
+
confidence: 0.8,
|
|
924
|
+
});
|
|
925
|
+
}
|
|
738
926
|
}
|
|
739
927
|
}
|
|
740
928
|
// ── ASP.NET Core (C#) ─────────────────────────────────────────────────────
|
|
@@ -837,6 +1025,86 @@ export function analyzeFrameworkSafety(code, language) {
|
|
|
837
1025
|
confidence: 0.8,
|
|
838
1026
|
});
|
|
839
1027
|
}
|
|
1028
|
+
// ── v3.35.0 — Additional ASP.NET Core patterns ──
|
|
1029
|
+
// ASP.NET: Missing HTTPS redirection
|
|
1030
|
+
if (/WebApplication\.Create|builder\.Build\(\)/.test(code) && !/UseHttpsRedirection/.test(code)) {
|
|
1031
|
+
findings.push({
|
|
1032
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
1033
|
+
severity: "medium",
|
|
1034
|
+
title: "ASP.NET missing UseHttpsRedirection — no HTTPS enforcement",
|
|
1035
|
+
description: "The application does not call app.UseHttpsRedirection(). HTTP requests are not automatically redirected to HTTPS, allowing sensitive data to be transmitted in cleartext.",
|
|
1036
|
+
lineNumbers: [1],
|
|
1037
|
+
recommendation: "Add app.UseHttpsRedirection() in the middleware pipeline before app.UseAuthorization().",
|
|
1038
|
+
reference: "ASP.NET HTTPS — https://learn.microsoft.com/aspnet/core/security/enforcing-ssl",
|
|
1039
|
+
confidence: 0.7,
|
|
1040
|
+
isAbsenceBased: true,
|
|
1041
|
+
});
|
|
1042
|
+
}
|
|
1043
|
+
// ASP.NET: Unsafe model binding (OverpostTo/Bind with too many properties)
|
|
1044
|
+
const bindAllLines = getLineNumbers(code, /\[Bind\s*\(\s*\)\s*\]|\.Entry\s*\(\s*\w+\s*\)\.CurrentValues\.SetValues/gm);
|
|
1045
|
+
if (bindAllLines.length > 0) {
|
|
1046
|
+
findings.push({
|
|
1047
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
1048
|
+
severity: "high",
|
|
1049
|
+
title: "ASP.NET mass assignment — unsafe model binding",
|
|
1050
|
+
description: "Models are bound without specifying which properties to include. Attackers can set properties they shouldn't have access to (e.g., IsAdmin, Role, Price) via extra form fields.",
|
|
1051
|
+
lineNumbers: bindAllLines,
|
|
1052
|
+
recommendation: 'Use DTOs or [Bind(Include = "Name,Email")] to explicitly whitelist bindable properties. Never bind entity models directly from user input.',
|
|
1053
|
+
reference: "ASP.NET Model Binding — https://learn.microsoft.com/aspnet/core/mvc/models/model-binding",
|
|
1054
|
+
confidence: 0.75,
|
|
1055
|
+
});
|
|
1056
|
+
}
|
|
1057
|
+
// ASP.NET: Logging with string interpolation (structured logging bypass)
|
|
1058
|
+
const logInterpolationLines = getLineNumbers(code, /_?(?:logger|log|Logger|Log)\.\w+\s*\(\s*\$/gm);
|
|
1059
|
+
if (logInterpolationLines.length > 0) {
|
|
1060
|
+
findings.push({
|
|
1061
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
1062
|
+
severity: "low",
|
|
1063
|
+
title: "ASP.NET string interpolation in logging — structured logging bypass",
|
|
1064
|
+
description: 'Using $"..." in ILogger calls bypasses structured logging. Log aggregation tools cannot parse or filter by parameters when they are pre-interpolated into the message string.',
|
|
1065
|
+
lineNumbers: logInterpolationLines,
|
|
1066
|
+
recommendation: 'Use message templates: _logger.LogInformation("User {UserId} logged in", userId) instead of $"User {userId} logged in".',
|
|
1067
|
+
reference: "ASP.NET Logging — https://learn.microsoft.com/aspnet/core/fundamentals/logging",
|
|
1068
|
+
confidence: 0.8,
|
|
1069
|
+
});
|
|
1070
|
+
}
|
|
1071
|
+
// ASP.NET: Returning ProblemDetails with sensitive info
|
|
1072
|
+
const problemDetailsLines = getLineNumbers(code, /Problem\s*\(\s*(?:detail|title)\s*:\s*(?:ex\.Message|exception\.Message|e\.Message|err\.Message)/gm);
|
|
1073
|
+
if (problemDetailsLines.length > 0) {
|
|
1074
|
+
findings.push({
|
|
1075
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
1076
|
+
severity: "medium",
|
|
1077
|
+
title: "ASP.NET ProblemDetails with exception message — information disclosure",
|
|
1078
|
+
description: "Exception messages are passed directly to ProblemDetails responses. In production, this leaks internal error details, stack traces, and potentially sensitive data to API consumers.",
|
|
1079
|
+
lineNumbers: problemDetailsLines,
|
|
1080
|
+
recommendation: 'Return generic messages: Problem(detail: "An error occurred"). Log the full exception server-side. Use exception filters for centralized error handling.',
|
|
1081
|
+
reference: "ASP.NET Error Handling — https://learn.microsoft.com/aspnet/core/web-api/handle-errors",
|
|
1082
|
+
confidence: 0.8,
|
|
1083
|
+
});
|
|
1084
|
+
}
|
|
1085
|
+
// ASP.NET: Missing authorization on controller
|
|
1086
|
+
const controllerNoAuthLines = [];
|
|
1087
|
+
for (let i = 0; i < lines.length; i++) {
|
|
1088
|
+
if (/\[ApiController\]/.test(lines[i])) {
|
|
1089
|
+
const chunk = lines.slice(Math.max(0, i - 3), i + 1).join(" ");
|
|
1090
|
+
if (!/\[Authorize|AllowAnonymous/.test(chunk)) {
|
|
1091
|
+
controllerNoAuthLines.push(i + 1);
|
|
1092
|
+
}
|
|
1093
|
+
}
|
|
1094
|
+
}
|
|
1095
|
+
if (controllerNoAuthLines.length > 0) {
|
|
1096
|
+
findings.push({
|
|
1097
|
+
ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
|
|
1098
|
+
severity: "medium",
|
|
1099
|
+
title: "ASP.NET [ApiController] without [Authorize] — no default auth",
|
|
1100
|
+
description: "API controller does not have [Authorize] attribute. All endpoints on this controller are accessible without authentication unless individually decorated.",
|
|
1101
|
+
lineNumbers: controllerNoAuthLines,
|
|
1102
|
+
recommendation: "Add [Authorize] at the controller level and use [AllowAnonymous] for specific public endpoints: [Authorize] [ApiController] public class UsersController.",
|
|
1103
|
+
reference: "ASP.NET Authorization — https://learn.microsoft.com/aspnet/core/security/authorization/simple",
|
|
1104
|
+
confidence: 0.65,
|
|
1105
|
+
isAbsenceBased: true,
|
|
1106
|
+
});
|
|
1107
|
+
}
|
|
840
1108
|
}
|
|
841
1109
|
}
|
|
842
1110
|
// ── Gin / Echo / Fiber (Go) ───────────────────────────────────────────────
|