@nahisaho/musubix-security 1.8.0 → 1.8.1

package/README.md

@@ -13,6 +13,8 @@ MUSUBIXシステムにセキュリティ特化機能を提供するパッケー
 - **自動修正**: LLM（VS Code LM API）+ Z3形式検証による安全な修正
 - **シークレット検出**: APIキー、トークン、パスワードの検出
 - **依存関係監査**: npm依存関係の脆弱性チェック
+- **セキュリティインテリジェンス**: 脅威フィード統合、MITRE ATT&CK対応
+- **リスク分析**: CVSS計算、予測分析、異常検出
 
 ## インストール
 
@@ -64,6 +66,31 @@ const taintResult = await taintAnalyzer.analyze(code, 'file.ts');
 const fixPipeline = new FixPipeline();
 const fixes = await fixPipeline.generateFix(vulnerability);
 const verified = await fixPipeline.verifyFix(fixes[0]);
+
+// セキュリティインテリジェンス (Phase 6)
+import {
+  ThreatIntelligence,
+  AttackPatternMatcher,
+  RiskScorer,
+  SecurityAnalytics,
+  PredictiveAnalyzer
+} from '@nahisaho/musubix-security';
+
+// 脅威インテリジェンス
+const threatIntel = new ThreatIntelligence();
+await threatIntel.addFeed({ id: 'feed-1', name: 'My Feed', url: 'https://...' });
+const matches = threatIntel.matchCode(code);
+
+// リスクスコアリング
+const riskScorer = new RiskScorer();
+const cvss = riskScorer.calculateCVSS(vulnerability);
+const businessImpact = riskScorer.assessBusinessImpact(vulnerability);
+
+// 予測分析
+const predictor = new PredictiveAnalyzer();
+predictor.addDataPoints([...historicalData]);
+const forecast = predictor.projectRisk(30); // 30日先の予測
+const anomalies = predictor.detectAnomalies();
 ```
 
 ## 設定

package/dist/analyzers/ai/index.d.ts

@@ -0,0 +1,6 @@
+/**
+ * @fileoverview AI Security Analyzers exports
+ * @module @nahisaho/musubix-security/analyzers/ai
+ */
+export { PromptInjectionDetector, createPromptInjectionDetector, type PromptInjectionResult, type PromptInjectionVulnerability, type DetectedPattern, type LLMCallSite, type LLMApiType, type PromptInjectionOptions, type InjectionPattern, } from './prompt-injection-detector.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/analyzers/ai/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analyzers/ai/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,uBAAuB,EACvB,6BAA6B,EAC7B,KAAK,qBAAqB,EAC1B,KAAK,4BAA4B,EACjC,KAAK,eAAe,EACpB,KAAK,WAAW,EAChB,KAAK,UAAU,EACf,KAAK,sBAAsB,EAC3B,KAAK,gBAAgB,GACtB,MAAM,gCAAgC,CAAC"}

package/dist/analyzers/ai/index.js

@@ -0,0 +1,6 @@
+/**
+ * @fileoverview AI Security Analyzers exports
+ * @module @nahisaho/musubix-security/analyzers/ai
+ */
+export { PromptInjectionDetector, createPromptInjectionDetector, } from './prompt-injection-detector.js';
+//# sourceMappingURL=index.js.map

package/dist/analyzers/ai/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analyzers/ai/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,uBAAuB,EACvB,6BAA6B,GAQ9B,MAAM,gCAAgC,CAAC"}

package/dist/analyzers/ai/prompt-injection-detector.d.ts

@@ -0,0 +1,152 @@
+/**
+ * @fileoverview Prompt Injection Detector for LLM APIs
+ * @module @nahisaho/musubix-security/analyzers/ai/prompt-injection-detector
+ * @trace DES-SEC2-AI-001, REQ-SEC2-AI-001
+ */
+import type { Vulnerability, Severity, SourceLocation } from '../../types/vulnerability.js';
+/**
+ * Prompt injection detection result
+ */
+export interface PromptInjectionResult {
+    vulnerability: PromptInjectionVulnerability;
+    confidence: number;
+    patterns: DetectedPattern[];
+    llmCallSite: LLMCallSite;
+}
+/**
+ * Prompt injection vulnerability
+ */
+export interface PromptInjectionVulnerability {
+    id: string;
+    type: 'direct' | 'indirect' | 'jailbreak' | 'data-exfiltration' | 'prompt-leaking';
+    severity: Severity;
+    location: SourceLocation;
+    description: string;
+    recommendation: string;
+    codeSnippet: string;
+}
+/**
+ * Detected injection pattern
+ */
+export interface DetectedPattern {
+    patternId: string;
+    patternName: string;
+    matchedText: string;
+    position: {
+        start: number;
+        end: number;
+    };
+    category: 'injection' | 'jailbreak' | 'obfuscation' | 'encoding';
+}
+/**
+ * LLM API call site information
+ */
+export interface LLMCallSite {
+    apiType: LLMApiType;
+    location: SourceLocation;
+    hasInputValidation: boolean;
+    hasOutputSanitization: boolean;
+    promptSource: 'static' | 'user-input' | 'mixed' | 'unknown';
+    modelName?: string;
+}
+/**
+ * Supported LLM API types
+ */
+export type LLMApiType = 'openai' | 'anthropic' | 'azure-openai' | 'google-ai' | 'huggingface' | 'langchain' | 'llamaindex' | 'custom';
+/**
+ * Detection options
+ */
+export interface PromptInjectionOptions {
+    /** Enable heuristic detection */
+    enableHeuristics?: boolean;
+    /** Enable pattern matching */
+    enablePatterns?: boolean;
+    /** Minimum confidence threshold */
+    minConfidence?: number;
+    /** Custom patterns */
+    customPatterns?: InjectionPattern[];
+    /** Skip specific patterns */
+    skipPatterns?: string[];
+}
+/**
+ * Injection pattern definition
+ */
+export interface InjectionPattern {
+    id: string;
+    name: string;
+    regex: RegExp;
+    severity: Severity;
+    category: 'injection' | 'jailbreak' | 'obfuscation' | 'encoding';
+    description: string;
+}
+/**
+ * Prompt Injection Detector
+ * @trace DES-SEC2-AI-001
+ */
+export declare class PromptInjectionDetector {
+    private options;
+    private patterns;
+    constructor(options?: PromptInjectionOptions);
+    /**
+     * Detect prompt injection vulnerabilities in code
+     * @trace REQ-SEC2-AI-001
+     */
+    detect(code: string, filePath: string): Promise<PromptInjectionResult[]>;
+    /**
+     * Identify LLM API calls in code
+     */
+    identifyLLMCalls(code: string, filePath: string): LLMCallSite[];
+    /**
+     * Check if input validation exists before LLM call
+     */
+    checkInputValidation(code: string, callIndex: number, _lines: string[]): boolean;
+    /**
+     * Check if output sanitization exists after LLM call
+     */
+    checkOutputSanitization(code: string, callIndex: number, _lines: string[]): boolean;
+    /**
+     * Determine prompt source type
+     */
+    determinePromptSource(code: string, callIndex: number, _lines: string[]): 'static' | 'user-input' | 'mixed' | 'unknown';
+    /**
+     * Extract model name from code
+     */
+    extractModelName(code: string, callIndex: number): string | undefined;
+    /**
+     * Extract prompt context around LLM call
+     */
+    private extractPromptContext;
+    /**
+     * Calculate detection confidence
+     */
+    private calculateConfidence;
+    /**
+     * Determine vulnerability type
+     */
+    private determineVulnerabilityType;
+    /**
+     * Determine severity based on context
+     */
+    private determineSeverity;
+    /**
+     * Generate vulnerability description
+     */
+    private generateDescription;
+    /**
+     * Generate recommendation
+     */
+    private generateRecommendation;
+    /**
+     * Extract code snippet around location
+     */
+    private extractCodeSnippet;
+    /**
+     * Convert results to standard vulnerability format
+     */
+    toVulnerabilities(results: PromptInjectionResult[]): Vulnerability[];
+}
+/**
+ * Create prompt injection detector instance
+ */
+export declare function createPromptInjectionDetector(options?: PromptInjectionOptions): PromptInjectionDetector;
+//# sourceMappingURL=prompt-injection-detector.d.ts.map

package/dist/analyzers/ai/prompt-injection-detector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompt-injection-detector.d.ts","sourceRoot":"","sources":["../../../src/analyzers/ai/prompt-injection-detector.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAE5F;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,aAAa,EAAE,4BAA4B,CAAC;IAC5C,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,WAAW,EAAE,WAAW,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC3C,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,QAAQ,GAAG,UAAU,GAAG,WAAW,GAAG,mBAAmB,GAAG,gBAAgB,CAAC;IACnF,QAAQ,EAAE,QAAQ,CAAC;IACnB,QAAQ,EAAE,cAAc,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IACzC,QAAQ,EAAE,WAAW,GAAG,WAAW,GAAG,aAAa,GAAG,UAAU,CAAC;CAClE;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,UAAU,CAAC;IACpB,QAAQ,EAAE,cAAc,CAAC;IACzB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,YAAY,EAAE,QAAQ,GAAG,YAAY,GAAG,OAAO,GAAG,SAAS,CAAC;IAC5D,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,MAAM,UAAU,GAClB,QAAQ,GACR,WAAW,GACX,cAAc,GACd,WAAW,GACX,aAAa,GACb,WAAW,GACX,YAAY,GACZ,QAAQ,CAAC;AAEb;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,iCAAiC;IACjC,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,8BAA8B;IAC9B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,mCAAmC;IACnC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,sBAAsB;IACtB,cAAc,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACpC,6BAA6B;IAC7B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,QAAQ,CAAC;IACnB,QAAQ,EAAE,WAAW,GAAG,WAAW,GAAG,aAAa,GAAG,UAAU,CAAC;IACjE,WAAW,EAAE,MAAM,CAAC;CACrB;AA4JD;;;GAGG;AACH,qBAAa,uBAAuB;IAClC,OAAO,CAAC,OAAO,CAAyB;IACxC,OAAO,CAAC,QAAQ,CAAqB;gBAEzB,OAAO,GAAE,sBAA2B;IAchD;;;OAGG;IACG,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,EAAE,CAAC;IA4D9E;;OAEG;IACH,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,WAAW,EAAE;IAkC/D;;OAEG;IACH,oBAAoB,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO;IAiBhF;;OAEG;IACH,uBAAuB,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO;IAanF;;OAEG;IACH,qBAAqB,CACnB,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EAAE,GACf,QAAQ,GAAG,YAAY,GAAG,OAAO,GAAG,SAAS;IAyBhD;;OAEG;IACH,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAqBrE;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAM5B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAqB3B;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAYlC;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAqBzB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAoB3B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAqB9B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAM1B;;OAEG;IACH,iBAAiB,CAAC,OAAO,EAAE,qBAAqB,EAAE,GAAG,aAAa,EAAE;CAgBrE;AAED;;GAEG;AACH,wBAAgB,6BAA6B,CAC3C,OAAO,CAAC,EAAE,sBAAsB,GAC/B,uBAAuB,CAEzB"}

package/dist/analyzers/ai/prompt-injection-detector.js

@@ -0,0 +1,468 @@
+/**
+ * @fileoverview Prompt Injection Detector for LLM APIs
+ * @module @nahisaho/musubix-security/analyzers/ai/prompt-injection-detector
+ * @trace DES-SEC2-AI-001, REQ-SEC2-AI-001
+ */
+/**
+ * Built-in injection patterns
+ */
+const INJECTION_PATTERNS = [
+    // Direct injection patterns
+    {
+        id: 'PINJ-001',
+        name: 'Ignore Instructions',
+        regex: /ignore\s+(all\s+)?(previous|above|prior)\s+(instructions?|prompts?|rules?)/i,
+        severity: 'high',
+        category: 'injection',
+        description: 'Attempts to make the LLM ignore previous instructions',
+    },
+    {
+        id: 'PINJ-002',
+        name: 'New Instructions Override',
+        regex: /(new|updated|real)\s+instructions?:/i,
+        severity: 'high',
+        category: 'injection',
+        description: 'Attempts to inject new instructions',
+    },
+    {
+        id: 'PINJ-003',
+        name: 'System Prompt Override',
+        regex: /system\s*[:=]\s*["']|<\|system\|>|<<SYS>>|<system>/i,
+        severity: 'critical',
+        category: 'injection',
+        description: 'Attempts to override system prompt',
+    },
+    {
+        id: 'PINJ-004',
+        name: 'Role Manipulation',
+        regex: /you\s+are\s+(now\s+)?(a|an|the)\s+\w+|act\s+as\s+(a|an|the)|pretend\s+(to\s+be|you're)/i,
+        severity: 'medium',
+        category: 'injection',
+        description: 'Attempts to manipulate the LLM role',
+    },
+    // Jailbreak patterns
+    {
+        id: 'PINJ-005',
+        name: 'DAN Jailbreak',
+        regex: /\bDAN\b|do\s+anything\s+now|jailbreak|bypass\s+(restrictions?|filters?|safety)/i,
+        severity: 'critical',
+        category: 'jailbreak',
+        description: 'Known jailbreak technique (DAN)',
+    },
+    {
+        id: 'PINJ-006',
+        name: 'Developer Mode',
+        regex: /developer\s+mode|god\s+mode|admin\s+mode|maintenance\s+mode|debug\s+mode/i,
+        severity: 'high',
+        category: 'jailbreak',
+        description: 'Attempts to enable special modes',
+    },
+    {
+        id: 'PINJ-007',
+        name: 'Fictional Context',
+        regex: /let's\s+play\s+a\s+game|imagine\s+you|in\s+this\s+(story|scenario|fiction)/i,
+        severity: 'medium',
+        category: 'jailbreak',
+        description: 'Uses fictional context to bypass restrictions',
+    },
+    // Obfuscation patterns
+    {
+        id: 'PINJ-008',
+        name: 'Base64 Encoded Payload',
+        regex: /(?:[A-Za-z0-9+/]{4}){10,}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?/,
+        severity: 'medium',
+        category: 'obfuscation',
+        description: 'Potentially base64 encoded malicious payload',
+    },
+    {
+        id: 'PINJ-009',
+        name: 'Unicode Obfuscation',
+        regex: /[\u200B-\u200F\u2028-\u202F\uFEFF]|&#x?[0-9a-fA-F]+;/,
+        severity: 'medium',
+        category: 'obfuscation',
+        description: 'Unicode characters used for obfuscation',
+    },
+    {
+        id: 'PINJ-010',
+        name: 'Leetspeak Obfuscation',
+        regex: /1gn0r3|pr0mpt|1nstruct10n|syst3m|byp4ss|h4ck/i,
+        severity: 'low',
+        category: 'obfuscation',
+        description: 'Leetspeak obfuscation attempt',
+    },
+    // Data exfiltration
+    {
+        id: 'PINJ-011',
+        name: 'Data Exfiltration Prompt',
+        regex: /repeat\s+(back|all|the|previous)|echo\s+(back|all|everything)|show\s+(me\s+)?(the\s+)?(system\s+)?prompt/i,
+        severity: 'high',
+        category: 'injection',
+        description: 'Attempts to extract system prompt or data',
+    },
+    {
+        id: 'PINJ-012',
+        name: 'Instruction Leaking',
+        regex: /what\s+(are|were)\s+your\s+(instructions?|rules?|constraints?)|reveal\s+(your\s+)?(instructions?|prompt)/i,
+        severity: 'high',
+        category: 'injection',
+        description: 'Attempts to leak instructions',
+    },
+];
+/**
+ * LLM API detection patterns
+ */
+const LLM_API_PATTERNS = {
+    openai: [
+        /openai\.chat\.completions\.create/,
+        /openai\.Completion\.create/,
+        /new\s+OpenAI\(/,
+        /ChatOpenAI\(/,
+        /import\s+.*\s+from\s+['"]openai['"]/,
+    ],
+    anthropic: [
+        /anthropic\.messages\.create/,
+        /Anthropic\(/,
+        /ChatAnthropic\(/,
+        /import\s+.*\s+from\s+['"]@anthropic-ai\/sdk['"]/,
+    ],
+    'azure-openai': [
+        /AzureOpenAI\(/,
+        /azure\.openai/i,
+        /azure-openai/i,
+    ],
+    'google-ai': [
+        /google\.generativeai/,
+        /GenerativeModel\(/,
+        /ChatGoogleGenerativeAI\(/,
+    ],
+    huggingface: [
+        /HuggingFaceHub\(/,
+        /pipeline\s*\(\s*['"]text-generation['"]/,
+        /transformers/,
+    ],
+    langchain: [
+        /from\s+langchain/,
+        /ChatPromptTemplate/,
+        /LLMChain\(/,
+        /ConversationChain\(/,
+    ],
+    llamaindex: [
+        /from\s+llama_index/,
+        /LlamaIndex\(/,
+        /VectorStoreIndex/,
+    ],
+};
+/**
+ * Prompt Injection Detector
+ * @trace DES-SEC2-AI-001
+ */
+export class PromptInjectionDetector {
+    options;
+    patterns;
+    constructor(options = {}) {
+        this.options = {
+            enableHeuristics: options.enableHeuristics ?? true,
+            enablePatterns: options.enablePatterns ?? true,
+            minConfidence: options.minConfidence ?? 0.5,
+            skipPatterns: options.skipPatterns ?? [],
+        };
+        this.patterns = [
+            ...INJECTION_PATTERNS.filter(p => !this.options.skipPatterns?.includes(p.id)),
+            ...(options.customPatterns ?? []),
+        ];
+    }
+    /**
+     * Detect prompt injection vulnerabilities in code
+     * @trace REQ-SEC2-AI-001
+     */
+    async detect(code, filePath) {
+        const results = [];
+        const lines = code.split('\n');
+        // Find LLM API call sites
+        const callSites = this.identifyLLMCalls(code, filePath);
+        for (const callSite of callSites) {
+            // Extract prompt content around the call site
+            const promptContext = this.extractPromptContext(code, lines, callSite);
+            // Check for injection patterns
+            const detectedPatterns = [];
+            if (this.options.enablePatterns) {
+                for (const pattern of this.patterns) {
+                    const matches = promptContext.matchAll(new RegExp(pattern.regex, 'gi'));
+                    for (const match of matches) {
+                        detectedPatterns.push({
+                            patternId: pattern.id,
+                            patternName: pattern.name,
+                            matchedText: match[0],
+                            position: {
+                                start: match.index ?? 0,
+                                end: (match.index ?? 0) + match[0].length,
+                            },
+                            category: pattern.category,
+                        });
+                    }
+                }
+            }
+            // Check for lack of input validation
+            if (!callSite.hasInputValidation) {
+                const confidence = this.calculateConfidence(callSite, detectedPatterns);
+                if (confidence >= (this.options.minConfidence ?? 0.5)) {
+                    const vulnerability = {
+                        id: `PINJ-${Date.now()}-${Math.random().toString(36).substr(2, 9)}`,
+                        type: this.determineVulnerabilityType(detectedPatterns),
+                        severity: this.determineSeverity(callSite, detectedPatterns),
+                        location: callSite.location,
+                        description: this.generateDescription(callSite, detectedPatterns),
+                        recommendation: this.generateRecommendation(callSite, detectedPatterns),
+                        codeSnippet: this.extractCodeSnippet(lines, callSite.location),
+                    };
+                    results.push({
+                        vulnerability,
+                        confidence,
+                        patterns: detectedPatterns,
+                        llmCallSite: callSite,
+                    });
+                }
+            }
+        }
+        return results;
+    }
+    /**
+     * Identify LLM API calls in code
+     */
+    identifyLLMCalls(code, filePath) {
+        const callSites = [];
+        const lines = code.split('\n');
+        for (const [apiType, patterns] of Object.entries(LLM_API_PATTERNS)) {
+            for (const pattern of patterns) {
+                let match;
+                const globalPattern = new RegExp(pattern.source, 'gm');
+                while ((match = globalPattern.exec(code)) !== null) {
+                    const lineNumber = code.substring(0, match.index).split('\n').length;
+                    const lineContent = lines[lineNumber - 1] ?? '';
+                    callSites.push({
+                        apiType,
+                        location: {
+                            file: filePath,
+                            startLine: lineNumber,
+                            endLine: lineNumber,
+                            startColumn: 0,
+                            endColumn: lineContent.length,
+                        },
+                        hasInputValidation: this.checkInputValidation(code, match.index, lines),
+                        hasOutputSanitization: this.checkOutputSanitization(code, match.index, lines),
+                        promptSource: this.determinePromptSource(code, match.index, lines),
+                        modelName: this.extractModelName(code, match.index),
+                    });
+                }
+            }
+        }
+        return callSites;
+    }
+    /**
+     * Check if input validation exists before LLM call
+     */
+    checkInputValidation(code, callIndex, _lines) {
+        // Look for validation patterns before the call
+        const beforeCall = code.substring(Math.max(0, callIndex - 500), callIndex);
+        const validationPatterns = [
+            /sanitize|validate|escape|filter|clean/i,
+            /input\s*\.\s*(trim|strip|replace)/i,
+            /zod\s*\.\s*(string|object)/i,
+            /joi\s*\.\s*(string|object)/i,
+            /yup\s*\.\s*(string|object)/i,
+            /DOMPurify|xss|bleach/i,
+            /if\s*\([^)]*\.length|if\s*\([^)]*\.match/i,
+        ];
+        return validationPatterns.some(p => p.test(beforeCall));
+    }
+    /**
+     * Check if output sanitization exists after LLM call
+     */
+    checkOutputSanitization(code, callIndex, _lines) {
+        const afterCall = code.substring(callIndex, Math.min(code.length, callIndex + 500));
+        const sanitizationPatterns = [
+            /sanitize|escape|filter|clean|encode/i,
+            /JSON\.parse|JSON\.stringify/i,
+            /\.trim\(\)|\.replace\(/i,
+            /validate.*response|check.*output/i,
+        ];
+        return sanitizationPatterns.some(p => p.test(afterCall));
+    }
+    /**
+     * Determine prompt source type
+     */
+    determinePromptSource(code, callIndex, _lines) {
+        const contextRange = code.substring(Math.max(0, callIndex - 300), callIndex + 200);
+        const userInputPatterns = [
+            /req\.body|req\.query|req\.params/,
+            /request\.json|request\.form/,
+            /user_input|userInput|user_message/,
+            /\$\{.*input.*\}|f['"].*\{.*input.*\}/,
+            /\.get\(['"].*input.*['"]\)/,
+        ];
+        const staticPatterns = [
+            /const\s+prompt\s*=\s*['"`]/,
+            /prompt\s*=\s*['"`][^${}]+['"`]/,
+        ];
+        const hasUserInput = userInputPatterns.some(p => p.test(contextRange));
+        const hasStatic = staticPatterns.some(p => p.test(contextRange));
+        if (hasUserInput && hasStatic)
+            return 'mixed';
+        if (hasUserInput)
+            return 'user-input';
+        if (hasStatic)
+            return 'static';
+        return 'unknown';
+    }
+    /**
+     * Extract model name from code
+     */
+    extractModelName(code, callIndex) {
+        const contextRange = code.substring(Math.max(0, callIndex - 100), callIndex + 200);
+        const modelPatterns = [
+            /model\s*[=:]\s*['"]([^'"]+)['"]/,
+            /model_name\s*[=:]\s*['"]([^'"]+)['"]/,
+            /gpt-[34][-\w]*/,
+            /claude-[23][-\w]*/,
+            /gemini[-\w]*/,
+        ];
+        for (const pattern of modelPatterns) {
+            const match = contextRange.match(pattern);
+            if (match) {
+                return match[1] ?? match[0];
+            }
+        }
+        return undefined;
+    }
+    /**
+     * Extract prompt context around LLM call
+     */
+    extractPromptContext(_code, lines, callSite) {
+        const startIdx = Math.max(0, callSite.location.startLine - 20);
+        const endIdx = Math.min(lines.length, callSite.location.endLine + 10);
+        return lines.slice(startIdx, endIdx).join('\n');
+    }
+    /**
+     * Calculate detection confidence
+     */
+    calculateConfidence(callSite, patterns) {
+        let confidence = 0.3; // Base confidence for unvalidated LLM call
+        // Increase for user input source
+        if (callSite.promptSource === 'user-input') {
+            confidence += 0.4;
+        }
+        else if (callSite.promptSource === 'mixed') {
+            confidence += 0.2;
+        }
+        // Increase for detected patterns
+        confidence += Math.min(patterns.length * 0.1, 0.3);
+        // Decrease if output is sanitized
+        if (callSite.hasOutputSanitization) {
+            confidence -= 0.1;
+        }
+        return Math.min(Math.max(confidence, 0), 1);
+    }
+    /**
+     * Determine vulnerability type
+     */
+    determineVulnerabilityType(patterns) {
+        const categories = patterns.map(p => p.category);
+        if (categories.includes('jailbreak'))
+            return 'jailbreak';
+        if (patterns.some(p => p.patternId.includes('011') || p.patternId.includes('012'))) {
+            return 'prompt-leaking';
+        }
+        return 'direct';
+    }
+    /**
+     * Determine severity based on context
+     */
+    determineSeverity(callSite, patterns) {
+        // Critical if direct user input without validation
+        if (callSite.promptSource === 'user-input' && !callSite.hasInputValidation) {
+            return 'critical';
+        }
+        // High if patterns detected
+        const patternSeverities = patterns.map(p => {
+            const patternDef = this.patterns.find(pd => pd.id === p.patternId);
+            return patternDef?.severity ?? 'medium';
+        });
+        if (patternSeverities.includes('critical'))
+            return 'critical';
+        if (patternSeverities.includes('high'))
+            return 'high';
+        // Medium for mixed sources
+        if (callSite.promptSource === 'mixed')
+            return 'medium';
+        return 'low';
+    }
+    /**
+     * Generate vulnerability description
+     */
+    generateDescription(callSite, patterns) {
+        const parts = [];
+        parts.push(`LLM API call (${callSite.apiType}) detected`);
+        if (callSite.promptSource === 'user-input') {
+            parts.push('with user-controlled input');
+        }
+        if (!callSite.hasInputValidation) {
+            parts.push('without input validation');
+        }
+        if (patterns.length > 0) {
+            parts.push(`- ${patterns.length} potential injection pattern(s) found`);
+        }
+        return parts.join(' ');
+    }
+    /**
+     * Generate recommendation
+     */
+    generateRecommendation(callSite, _patterns) {
+        const recommendations = [];
+        if (!callSite.hasInputValidation) {
+            recommendations.push('Implement input validation and sanitization before passing to LLM');
+        }
+        if (callSite.promptSource === 'user-input') {
+            recommendations.push('Use parameterized prompts with strict input boundaries');
+            recommendations.push('Implement rate limiting and monitoring for suspicious patterns');
+        }
+        if (!callSite.hasOutputSanitization) {
+            recommendations.push('Validate and sanitize LLM output before using in application');
+        }
+        recommendations.push('Consider using guardrails or content filtering');
+        return recommendations.join('. ');
+    }
+    /**
+     * Extract code snippet around location
+     */
+    extractCodeSnippet(lines, location) {
+        const startLine = Math.max(0, location.startLine - 3);
+        const endLine = Math.min(lines.length, location.endLine + 3);
+        return lines.slice(startLine, endLine).join('\n');
+    }
+    /**
+     * Convert results to standard vulnerability format
+     */
+    toVulnerabilities(results) {
+        return results.map(result => ({
+            id: result.vulnerability.id,
+            type: 'prompt-injection',
+            severity: result.vulnerability.severity,
+            cwes: ['CWE-74', 'CWE-79'], // Injection, XSS
+            owasp: ['A03:2021'], // Injection
+            location: result.vulnerability.location,
+            description: result.vulnerability.description,
+            recommendation: result.vulnerability.recommendation,
+            confidence: result.confidence,
+            ruleId: result.patterns[0]?.patternId ?? 'PINJ-HEURISTIC',
+            codeSnippet: result.vulnerability.codeSnippet,
+            detectedAt: new Date(),
+        }));
+    }
+}
+/**
+ * Create prompt injection detector instance
+ */
+export function createPromptInjectionDetector(options) {
+    return new PromptInjectionDetector(options);
+}
+//# sourceMappingURL=prompt-injection-detector.js.map