@nahisaho/musubix-security 1.8.0 → 1.8.1

package/dist/analyzers/compliance/compliance-checker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"compliance-checker.js","sourceRoot":"","sources":["../../../src/analyzers/compliance/compliance-checker.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAwGH;;GAEG;AACH,MAAM,iBAAiB,GAA4B;IACjD,mBAAmB;IACnB;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,cAAc;QACxB,KAAK,EAAE,8BAA8B;QACrC,WAAW,EAAE,+DAA+D;QAC5E,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,MAAM,EAAE,uBAAuB,CAAC;KAC5C;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,cAAc;QACxB,KAAK,EAAE,iBAAiB;QACxB,WAAW,EAAE,sDAAsD;QACnE,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,cAAc,EAAE,eAAe,CAAC;KAC5C;IACD,qBAAqB;IACrB;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,gBAAgB;QAC1B,KAAK,EAAE,iBAAiB;QACxB,WAAW,EAAE,uDAAuD;QACpE,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,iBAAiB,EAAE,kBAAkB,CAAC;KAClD;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,gBAAgB;QAC1B,KAAK,EAAE,qBAAqB;QAC5B,WAAW,EAAE,uEAAuE;QACpF,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,iBAAiB,CAAC;KAC9B;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,gBAAgB;QAC1B,KAAK,EAAE,iBAAiB;QACxB,WAAW,EAAE,mDAAmD;QAChE,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,eAAe,EAAE,SAAS,CAAC;KACvC;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,gBAAgB;QAC1B,KAAK,EAAE,qBAAqB;QAC5B,WAAW,EAAE,kEAAkE;QAC/E,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,gBAAgB,EAAE,iBAAiB,CAAC;KAChD;IACD,yBAAyB;IACzB;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,oBAAoB;QAC9B,KAAK,EAAE,uBAAuB;QAC9B,WAAW,EAAE,qEAAqE;QAClF,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,oBAAoB,EAAE,kBAAkB,CAAC;KACrD;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,oBAAoB;QAC9B,KAAK,EAAE,iBAAiB;QACxB,WAAW,EAAE,kDAAkD;QAC/D,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,iBAAiB,EAAE,iBAAiB,CAAC;KACjD;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,oBAAoB;QAC9B,KAAK,EAAE,iBAAiB;QACxB,WAAW,EAAE,gDAAgD;QAC7D,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,iBAAiB,EAAE,cAAc,CAAC;KAC9C;IACD,qBAAqB;IACrB;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,gBAAgB;QAC1B,KAAK,EAAE,uBAAuB;QAC9B,WAAW,EAAE,4EAA4E;QACzF,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;KAC9C;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,gBAAgB;QAC1B,KAAK,EAAE,uBAAuB;QAC9B,WAAW,EAAE,mDAAmD;QAChE,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,iBAAiB,EAAE,cAAc,CAAC;KAC9C;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,gBAAgB;QAC1B,KAAK,EAAE,iCAAiC;QACxC,WAAW,EAAE,mDAAmD;QAChE,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,iBAAiB,EAAE,eAAe,CAAC;KAC/C;IACD,iBAAiB;IACjB;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,kBAAkB;QAC5B,KAAK,EAAE,kBAAkB;QACzB,WAAW,EAAE,wDAAwD;QACrE,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,kBAAkB,EAAE,cAAc,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,kBAAkB;QAC5B,KAAK,EAAE,cAAc;QACrB,WAAW,EAAE,uDAAuD;QACpE,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,kBAAkB;QAC5B,KAAK,EAAE,0BAA0B;QACjC,WAAW,EAAE,4CAA4C;QACzD,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,uBAAuB,EAAE,eAAe,CAAC;KACrD;IACD,mBAAmB;IACnB;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,cAAc;QACxB,KAAK,EAAE,qBAAqB;QAC5B,WAAW,EAAE,gDAAgD;QAC7D,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,oBAAoB,EAAE,qBAAqB,CAAC;KACxD;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,cAAc;QACxB,KAAK,EAAE,mBAAmB;QAC1B,WAAW,EAAE,6DAA6D;QAC1E,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,mBAAmB,EAAE,gBAAgB,CAAC;KAClD;IACD,qBAAqB;IACrB;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,gBAAgB;QAC1B,KAAK,EAAE,eAAe;QACtB,WAAW,EAAE,0CAA0C;QACvD,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,SAAS,EAAE,aAAa,CAAC;KACrC;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,gBAAgB;QAC1B,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE,8DAA8D;QAC3E,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,gBAAgB,EAAE,wBAAwB,CAAC;KACvD;IACD,sBAAsB;IACtB;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,iBAAiB;QAC3B,KAAK,EAAE,2BAA2B;QAClC,WAAW,EAAE,oDAAoD;QACjE,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,KAAK,EAAE,uBAAuB,CAAC;KAC3C;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,QAAQ,EAAE,eAAe;QACzB,QAAQ,EAAE,iBAAiB;QAC3B,KAAK,EAAE,6BAA6B;QACpC,WAAW,EAAE,oDAAoD;QACjE,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,eAAe,EAAE,gBAAgB,CAAC;KAC9C;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,oBAAoB,GAA4B;IACpD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,kBAAkB;QAC5B,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE,8CAA8C;QAC3D,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,UAAU,EAAE,sBAAsB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,sBAAsB;QAChC,KAAK,EAAE,qBAAqB;QAC5B,WAAW,EAAE,iCAAiC;QAC9C,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,uBAAuB,EAAE,eAAe,CAAC;KACrD;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,iBAAiB;QAC3B,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE,gCAAgC;QAC7C,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,YAAY,EAAE,cAAc,CAAC;KACzC;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,YAAY;QACtB,KAAK,EAAE,yBAAyB;QAChC,WAAW,EAAE,yCAAyC;QACtD,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,KAAK,EAAE,wBAAwB,CAAC;KAC5C;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,0BAA0B;QACpC,KAAK,EAAE,mBAAmB;QAC1B,WAAW,EAAE,mDAAmD;QAChE,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,kBAAkB,EAAE,wBAAwB,CAAC;KACzD;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,oBAAoB;QAC9B,KAAK,EAAE,eAAe;QACtB,WAAW,EAAE,wDAAwD;QACrE,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,aAAa,EAAE,aAAa,CAAC;KACzC;IACD;QACE,EAAE,EAAE,SAAS;QACb,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,gBAAgB;QAC1B,KAAK,EAAE,qBAAqB;QAC5B,WAAW,EAAE,8CAA8C;QAC3D,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,qBAAqB,EAAE,mBAAmB,CAAC;KACvD;IACD;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,SAAS;QACnB,KAAK,EAAE,eAAe;QACtB,WAAW,EAAE,8CAA8C;QAC3D,KAAK,EAAE,CAAC;QACR,QAAQ,EAAE,CAAC,eAAe,EAAE,gBAAgB,CAAC;KAC9C;CACF,CAAC;AAcF,MAAM,mBAAmB,GAAkB;IACzC,sBAAsB;IACtB;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EAAE,uCAAuC;QAChD,IAAI,EAAE,QAAQ;QACd,eAAe,EAAE,CAAC,iBAAiB,CAAC;QACpC,QAAQ,EAAE,MAAM;KACjB;IACD,gBAAgB;IAChB;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,0BAA0B;QAChC,OAAO,EAAE,4EAA4E;QACrF,IAAI,EAAE,QAAQ;QACd,eAAe,EAAE,CAAC,uBAAuB,EAAE,eAAe,CAAC;QAC3D,QAAQ,EAAE,UAAU;KACrB;IACD,gBAAgB;IAChB;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,qDAAqD;QAC9D,IAAI,EAAE,SAAS;QACf,eAAe,EAAE,CAAC,eAAe,CAAC;QAClC,QAAQ,EAAE,QAAQ;KACnB;IACD,qBAAqB;IACrB;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,sDAAsD;QAC/D,IAAI,EAAE,SAAS;QACf,eAAe,EAAE,CAAC,oBAAoB,EAAE,iBAAiB,CAAC;QAC1D,QAAQ,EAAE,MAAM;KACjB;IACD,YAAY;IACZ;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,6DAA6D;QACtE,IAAI,EAAE,SAAS;QACf,eAAe,EAAE,CAAC,KAAK,EAAE,uBAAuB,CAAC;QACjD,QAAQ,EAAE,MAAM;KACjB;IACD,SAAS;IACT;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,2DAA2D;QACpE,IAAI,EAAE,QAAQ;QACd,eAAe,EAAE,CAAC,mBAAmB,CAAC;QACtC,QAAQ,EAAE,MAAM;KACjB;IACD,mBAAmB;IACnB;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,qEAAqE;QAC9E,IAAI,EAAE,SAAS;QACf,eAAe,EAAE,CAAC,kBAAkB,CAAC;QACrC,QAAQ,EAAE,QAAQ;KACnB;IACD,kBAAkB;IAClB;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,4DAA4D;QACrE,IAAI,EAAE,SAAS;QACf,eAAe,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;QACtD,QAAQ,EAAE,MAAM;KACjB;IACD,UAAU;IACV;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,oEAAoE;QAC7E,IAAI,EAAE,SAAS;QACf,eAAe,EAAE,CAAC,SAAS,EAAE,aAAa,CAAC;QAC3C,QAAQ,EAAE,QAAQ;KACnB;IACD,iBAAiB;IACjB;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,sFAAsF;QAC/F,IAAI,EAAE,QAAQ;QACd,eAAe,EAAE,CAAC,gBAAgB,EAAE,wBAAwB,CAAC;QAC7D,QAAQ,EAAE,QAAQ;KACnB;IACD,iBAAiB;IACjB;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EAAE,yEAAyE;QAClF,IAAI,EAAE,SAAS;QACf,eAAe,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;QACpD,QAAQ,EAAE,MAAM;KACjB;IACD,kBAAkB;IAClB;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,sEAAsE;QAC/E,IAAI,EAAE,SAAS;QACf,eAAe,EAAE,CAAC,iBAAiB,CAAC;QACpC,QAAQ,EAAE,MAAM;KACjB;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,OAAO,iBAAiB;IACpB,OAAO,CAAqC;IAC5C,YAAY,CAAmD;IAEvE,YAAY,UAAoC,EAAE;QAChD,IAAI,CAAC,OAAO,GAAG;YACb,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,eAAe,CAAC;YACjD,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;YACzB,eAAe,EAAE,OAAO,CAAC,eAAe,IAAI,IAAI;YAChD,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,EAAE;SAC7C,CAAC;QAEF,mCAAmC;QACnC,IAAI,CAAC,YAAY,GAAG,IAAI,GAAG,EAAE,CAAC;QAC9B,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC;QACpF,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC;QACpF,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;QAC1D,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,oBAAoB,CAAC,CAAC;IACzD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,KAAK,CACT,IAAY,EACZ,QAAgB,EAChB,QAA6B;QAE7B,MAAM,cAAc,GAAG,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QAC7D,MAAM,YAAY,GAAG,IAAI,CAAC,uBAAuB,CAAC,cAAc,CAAC,CAAC;QAElE,MAAM,OAAO,GAA4B,EAAE,CAAC;QAC5C,IAAI,MAAM,GAAG,CAAC,CAAC;QACf,IAAI,MAAM,GAAG,CAAC,CAAC;QACf,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,IAAI,aAAa,GAAG,CAAC,CAAC;QAEtB,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;YACvC,2BAA2B;YAC3B,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC/D,aAAa,EAAE,CAAC;gBAChB,OAAO,CAAC,IAAI,CAAC;oBACX,WAAW;oBACX,MAAM,EAAE,gBAAgB;oBACxB,QAAQ,EAAE,EAAE;oBACZ,QAAQ,EAAE,CAAC,6BAA6B,CAAC;iBAC1C,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;YAED,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;YAClE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAErB,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;gBACtB,KAAK,MAAM;oBACT,MAAM,EAAE,CAAC;oBACT,MAAM;gBACR,KAAK,MAAM;oBACT,MAAM,EAAE,CAAC;oBACT,MAAM;gBACR,KAAK,SAAS;oBACZ,OAAO,EAAE,CAAC;oBACV,MAAM;gBACR,KAAK,gBAAgB;oBACnB,aAAa,EAAE,CAAC;oBAChB,MAAM;YACV,CAAC;QACH,CAAC;QAED,MAAM,KAAK,GAAG,YAAY,CAAC,MAAM,CAAC;QAClC,MAAM,UAAU,GAAG,KAAK,GAAG,aAAa,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QAE7E,OAAO;YACL,QAAQ,EAAE,cAAc;YACxB,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,aAAa,EAAE,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC;YAC/E,KAAK;YACL,iBAAiB,EAAE,KAAK;YACxB,kBAAkB,EAAE,MAAM;YAC1B,kBAAkB,EAAE,MAAM;YAC1B,mBAAmB,EAAE,OAAO;YAC5B,aAAa;YACb,OAAO;YACP,OAAO,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC;SACvC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CACd,KAA+C,EAC/C,QAA6B;QAE7B,MAAM,YAAY,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrF,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;IACxD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,eAAe,CAAC,QAA4B;QAiBhD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,kBAAkB,EAAE,QAAQ,CAAC,CAAC;QAElE,OAAO;YACL,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACjC,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC;aACjC,CAAC,CAAC;YACH,OAAO,EAAE;gBACP,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;gBAC3C,MAAM,EAAE,MAAM,CAAC,kBAAkB;gBACjC,MAAM,EAAE,MAAM,CAAC,kBAAkB;gBACjC,aAAa,EAAE,MAAM,CAAC,aAAa;gBACnC,oBAAoB,EAAE,MAAM,CAAC,KAAK;gBAClC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;oBAC/E,QAAQ;oBACR,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,MAAM,EAAE,IAAI,CAAC,MAAM;iBACpB,CAAC,CAAC;aACJ;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB;QAiBrB,MAAM,OAAO,GAAG,EAAE,CAAC;QACnB,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YAC9C,OAAO,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,qBAAqB;QACnB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,QAA4B;QAC1C,OAAO,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED;;OAEG;IACK,gBAAgB,CACtB,WAAkC,EAClC,IAAY,EACZ,QAAgB;QAEhB,MAAM,QAAQ,GAAwB,EAAE,CAAC;QACzC,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,SAAS,GAAG,CAAC,CAAC;QAElB,kDAAkD;QAClD,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;YAC1C,MAAM,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAClD,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CACjC,CAAC;YAEF,IAAI,CAAC,UAAU;gBAAE,SAAS;YAE1B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAE5C,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC/B,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAClC,SAAS,EAAE,CAAC;oBACZ,IAAI,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;wBACjC,QAAQ,CAAC,IAAI,CAAC,SAAS,OAAO,CAAC,IAAI,KAAK,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;oBAC5E,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,SAAS,EAAE,CAAC;oBACZ,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,GAAG,WAAW,CAAC,EAAE,IAAI,OAAO,CAAC,EAAE,EAAE;wBACrC,aAAa,EAAE,WAAW,CAAC,EAAE;wBAC7B,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBAC5B,WAAW,EAAE,WAAW,OAAO,CAAC,IAAI,EAAE;wBACtC,QAAQ,EAAE,2BAA2B;wBACrC,cAAc,EAAE,aAAa,OAAO,CAAC,IAAI,YAAY,WAAW,CAAC,KAAK,EAAE;qBACzE,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,oBAAoB;gBACpB,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAClC,SAAS,EAAE,CAAC;oBACZ,oBAAoB;oBACpB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;wBACtC,IAAI,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;4BACnC,QAAQ,CAAC,IAAI,CAAC;gCACZ,EAAE,EAAE,GAAG,WAAW,CAAC,EAAE,IAAI,OAAO,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE;gCAC/C,aAAa,EAAE,WAAW,CAAC,EAAE;gCAC7B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gCAC1B,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE;gCACzC,WAAW,EAAE,8BAA8B,OAAO,CAAC,IAAI,EAAE;gCACzD,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;gCAC3C,cAAc,EAAE,iBAAiB,OAAO,CAAC,IAAI,YAAY,WAAW,CAAC,KAAK,EAAE;6BAC7E,CAAC,CAAC;wBACL,CAAC;wBACD,wBAAwB;wBACxB,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;oBAChC,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,SAAS,EAAE,CAAC;oBACZ,IAAI,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;wBACjC,QAAQ,CAAC,IAAI,CAAC,MAAM,OAAO,CAAC,IAAI,eAAe,CAAC,CAAC;oBACnD,CAAC;gBACH,CAAC;YACH,CAAC;YACD,wBAAwB;YACxB,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAChC,CAAC;QAED,mBAAmB;QACnB,IAAI,MAAuC,CAAC;QAC5C,IAAI,SAAS,KAAK,CAAC,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;YACrC,MAAM,GAAG,MAAM,CAAC;QAClB,CAAC;aAAM,IAAI,SAAS,KAAK,CAAC,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;YAC5C,MAAM,GAAG,MAAM,CAAC;QAClB,CAAC;aAAM,IAAI,SAAS,GAAG,CAAC,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;YAC1C,MAAM,GAAG,SAAS,CAAC;QACrB,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,gBAAgB,CAAC;QAC5B,CAAC;QAED,OAAO;YACL,WAAW;YACX,MAAM;YACN,QAAQ;YACR,QAAQ;YACR,gBAAgB,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC;gBACnC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC;gBACrC,CAAC,CAAC,SAAS;SACd,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,uBAAuB,CAAC,QAA4B;QAC1D,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,4BAA4B;YAC5B,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;QACtD,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACzD,CAAC;IAED;;OAEG;IACK,sBAAsB,CAC5B,MAAc,EACd,MAAc,EACd,OAAe,EACf,UAAkB;QAElB,IAAI,UAAU,KAAK,CAAC;YAAE,OAAO,WAAW,CAAC;QACzC,IAAI,MAAM,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC;YAAE,OAAO,WAAW,CAAC;QACtD,IAAI,MAAM,KAAK,CAAC;YAAE,OAAO,eAAe,CAAC;QACzC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,OAAgC;QACtD,MAAM,UAAU,GAAoC,EAAE,CAAC;QACvD,MAAM,gBAAgB,GAAwB,EAAE,CAAC;QACjD,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;QAEvC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC;YAE7C,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1B,UAAU,CAAC,QAAQ,CAAC,GAAG;oBACrB,KAAK,EAAE,CAAC;oBACR,MAAM,EAAE,CAAC;oBACT,MAAM,EAAE,CAAC;oBACT,OAAO,EAAE,CAAC;oBACV,UAAU,EAAE,CAAC;iBACd,CAAC;YACJ,CAAC;YAED,UAAU,CAAC,QAAQ,CAAC,CAAC,KAAK,EAAE,CAAC;YAE7B,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;gBACtB,KAAK,MAAM;oBACT,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,CAAC;oBAC9B,MAAM;gBACR,KAAK,MAAM;oBACT,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,CAAC;oBAC9B,MAAM;gBACR,KAAK,SAAS;oBACZ,UAAU,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC;oBAC/B,MAAM;YACV,CAAC;YAED,4BAA4B;YAC5B,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACtC,IAAI,OAAO,CAAC,QAAQ,KAAK,UAAU,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;oBACnE,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACjC,CAAC;gBACD,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;QAED,wBAAwB;QACxB,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/C,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;YACjC,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACjD,CAAC,CAAC,WAAW,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,KAAK,gBAAgB,CACrE,CAAC,MAAM,CAAC,CAAC;YACV,GAAG,CAAC,UAAU,GAAG,UAAU,GAAG,CAAC;gBAC7B,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,MAAM,GAAG,UAAU,CAAC,GAAG,GAAG,CAAC;gBAC7C,CAAC,CAAC,GAAG,CAAC;QACV,CAAC;QAED,OAAO;YACL,UAAU;YACV,gBAAgB,EAAE,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAC/C,eAAe,EAAE,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;SACtD,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAC,MAAwB;QACxC,MAAM,eAAe,GAAoB,EAAE,CAAC;QAE5C,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACpC,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACtC,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,OAAO,CAAC,EAAE;oBACd,IAAI,EAAE,eAAe;oBACrB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,IAAI,EAAE,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,WAAW,CAAC;oBAClD,KAAK,EAAE,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,WAAW,CAAC;oBACrD,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO,CAAC,QAAQ,EAAE,IAAI,IAAI,SAAS;wBACzC,SAAS,EAAE,OAAO,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC;wBACtC,OAAO,EAAE,OAAO,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC;wBACpC,WAAW,EAAE,CAAC;wBACd,SAAS,EAAE,CAAC;qBACb;oBACD,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,cAAc,EAAE,OAAO,CAAC,cAAc;oBACtC,UAAU,EAAE,IAAI;oBAChB,MAAM,EAAE,MAAM,CAAC,WAAW,CAAC,EAAE;oBAC7B,WAAW,EAAE,OAAO,CAAC,QAAQ;oBAC7B,UAAU,EAAE,IAAI,IAAI,EAAE;iBACvB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,eAAe,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,WAAkC;QAC5D,MAAM,WAAW,GAA6B;YAC5C,iBAAiB,EAAE,CAAC,SAAS,CAAC;YAC9B,eAAe,EAAE,CAAC,QAAQ,CAAC;YAC3B,gBAAgB,EAAE,CAAC,QAAQ,CAAC;YAC5B,oBAAoB,EAAE,CAAC,SAAS,CAAC;YACjC,gBAAgB,EAAE,CAAC,SAAS,CAAC;YAC7B,mBAAmB,EAAE,CAAC,SAAS,CAAC;YAChC,SAAS,EAAE,CAAC,SAAS,CAAC;YACtB,gBAAgB,EAAE,CAAC,SAAS,CAAC;YAC7B,KAAK,EAAE,CAAC,SAAS,CAAC;SACnB,CAAC;QAEF,MAAM,IAAI,GAAa,EAAE,CAAC;QAC1B,KAAK,MAAM,OAAO,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC3C,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;gBACzB,IAAI,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QACD,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5B,CAAC;IAED;;OAEG;IACK,qBAAqB,CAAC,WAAkC;QAC9D,MAAM,aAAa,GAAoC;YACrD,gBAAgB,EAAE,CAAC,UAAU,CAAC;YAC9B,oBAAoB,EAAE,CAAC,UAAU,CAAC;YAClC,gBAAgB,EAAE,CAAC,UAAU,CAAC;YAC9B,kBAAkB,EAAE,CAAC,UAAU,CAAC;YAChC,cAAc,EAAE,CAAC,UAAU,CAAC;YAC5B,gBAAgB,EAAE,CAAC,UAAU,CAAC;YAC9B,iBAAiB,EAAE,CAAC,UAAU,CAAC;SAChC,CAAC;QAEF,OAAO,aAAa,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAChE,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAAkC;IACxE,OAAO,IAAI,iBAAiB,CAAC,OAAO,CAAC,CAAC;AACxC,CAAC"}

package/dist/analyzers/container/image-scanner.d.ts

@@ -0,0 +1,163 @@
+/**
+ * @fileoverview Container Image Scanner - scans container images for vulnerabilities
+ * @module @nahisaho/musubix-security/analyzers/container/image-scanner
+ * @trace DES-SEC2-CONTAINER-001, REQ-SEC2-CONTAINER-001
+ */
+import type { Vulnerability, Severity } from '../../types/vulnerability.js';
+/**
+ * Container image vulnerability
+ */
+export interface ContainerVulnerability {
+    id: string;
+    packageName: string;
+    installedVersion: string;
+    fixedVersion?: string;
+    severity: Severity;
+    cve?: string;
+    description: string;
+    layer?: string;
+}
+/**
+ * Image scan result
+ */
+export interface ImageScanResult {
+    image: string;
+    tag: string;
+    digest?: string;
+    vulnerabilities: ContainerVulnerability[];
+    metadata: ImageMetadata;
+    scanTime: Date;
+    scanner: 'trivy' | 'grype' | 'internal';
+}
+/**
+ * Image metadata
+ */
+export interface ImageMetadata {
+    os?: string;
+    osVersion?: string;
+    architecture?: string;
+    size?: number;
+    layers?: number;
+    created?: Date;
+}
+/**
+ * Image scan options
+ */
+export interface ImageScanOptions {
+    /** Scanner to use (default: trivy) */
+    scanner?: 'trivy' | 'grype';
+    /** Minimum severity to report */
+    minSeverity?: Severity;
+    /** Skip update of vulnerability database */
+    skipDbUpdate?: boolean;
+    /** Scan timeout in milliseconds */
+    timeout?: number;
+    /** Include unfixed vulnerabilities */
+    includeUnfixed?: boolean;
+    /** Rule IDs to skip (e.g., ['DKR-001', 'DKR-002']) */
+    skipRules?: string[];
+}
+/**
+ * Dockerfile analysis result
+ */
+export interface DockerfileAnalysis {
+    filePath: string;
+    baseImage: string;
+    issues: DockerfileIssue[];
+    bestPractices: BestPracticeViolation[];
+}
+/**
+ * Dockerfile issue
+ */
+export interface DockerfileIssue {
+    id: string;
+    severity: Severity;
+    line: number;
+    instruction: string;
+    message: string;
+    recommendation: string;
+}
+/**
+ * Best practice violation
+ */
+export interface BestPracticeViolation {
+    rule: string;
+    description: string;
+    line?: number;
+    recommendation: string;
+}
+/**
+ * Container Image Scanner
+ * @trace DES-SEC2-CONTAINER-001
+ */
+export declare class ImageScanner {
+    private options;
+    constructor(options?: ImageScanOptions);
+    /**
+     * Scan a container image
+     * @trace REQ-SEC2-CONTAINER-001
+     */
+    scan(imageRef: string, options?: ImageScanOptions): Promise<ImageScanResult>;
+    /**
+     * Analyze a Dockerfile for security issues
+     * @trace REQ-SEC2-CONTAINER-002
+     */
+    analyzeDockerfile(dockerfilePath: string): Promise<DockerfileAnalysis>;
+    /**
+     * Convert container vulnerabilities to standard vulnerability format
+     */
+    toVulnerabilities(result: ImageScanResult): Vulnerability[];
+    /**
+     * Parse image reference into image name and tag
+     */
+    private parseImageRef;
+    /**
+     * Run external scanner (Trivy or Grype)
+     */
+    private runExternalScanner;
+    /**
+     * Check if a scanner is available
+     */
+    private isScannerAvailable;
+    /**
+     * Run Trivy scanner
+     */
+    private runTrivy;
+    /**
+     * Run Grype scanner
+     */
+    private runGrype;
+    /**
+     * Parse Trivy JSON output
+     */
+    private parseTrivyOutput;
+    /**
+     * Parse Grype JSON output
+     */
+    private parseGrypeOutput;
+    /**
+     * Get numeric severity level for comparison
+     */
+    private getSeverityLevel;
+    /**
+     * Extract base image from Dockerfile
+     */
+    private extractBaseImage;
+    /**
+     * Check Dockerfile for security issues
+     */
+    private checkDockerfileIssues;
+    /**
+     * Check best practices
+     */
+    private checkBestPractices;
+    /**
+     * Map CVE to CWE
+     */
+    private mapCVEToCWE;
+}
+/**
+ * Create image scanner instance
+ */
+export declare function createImageScanner(options?: ImageScanOptions): ImageScanner;
+//# sourceMappingURL=image-scanner.d.ts.map

package/dist/analyzers/container/image-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"image-scanner.d.ts","sourceRoot":"","sources":["../../../src/analyzers/container/image-scanner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAC;AAE5E;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,QAAQ,CAAC;IACnB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,sBAAsB,EAAE,CAAC;IAC1C,QAAQ,EAAE,aAAa,CAAC;IACxB,QAAQ,EAAE,IAAI,CAAC;IACf,OAAO,EAAE,OAAO,GAAG,OAAO,GAAG,UAAU,CAAC;CACzC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,IAAI,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,sCAAsC;IACtC,OAAO,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC;IAC5B,iCAAiC;IACjC,WAAW,CAAC,EAAE,QAAQ,CAAC;IACvB,4CAA4C;IAC5C,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,mCAAmC;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,sCAAsC;IACtC,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,sDAAsD;IACtD,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,eAAe,EAAE,CAAC;IAC1B,aAAa,EAAE,qBAAqB,EAAE,CAAC;CACxC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,QAAQ,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,MAAM,CAAC;CACxB;AAkFD;;;GAGG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,OAAO,CAAmB;gBAEtB,OAAO,GAAE,gBAAqB;IAW1C;;;OAGG;IACG,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAgClF;;;OAGG;IACG,iBAAiB,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IA2B5E;;OAEG;IACH,iBAAiB,CAAC,MAAM,EAAE,eAAe,GAAG,aAAa,EAAE;IAyB3D;;OAEG;IACH,OAAO,CAAC,aAAa;IAmBrB;;OAEG;YACW,kBAAkB;IAqBhC;;OAEG;YACW,kBAAkB;IAQhC;;OAEG;YACW,QAAQ;IA6CtB;;OAEG;YACW,QAAQ;IAmCtB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA8CxB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA2CxB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAWxB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAKxB;;OAEG;IACH,OAAO,CAAC,qBAAqB;IA6B7B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA6B1B;;OAEG;IACH,OAAO,CAAC,WAAW;CAKpB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,CAAC,EAAE,gBAAgB,GAAG,YAAY,CAE3E"}

package/dist/analyzers/container/image-scanner.js

@@ -0,0 +1,459 @@
+/**
+ * @fileoverview Container Image Scanner - scans container images for vulnerabilities
+ * @module @nahisaho/musubix-security/analyzers/container/image-scanner
+ * @trace DES-SEC2-CONTAINER-001, REQ-SEC2-CONTAINER-001
+ */
+import { spawn } from 'node:child_process';
+import { existsSync, readFileSync } from 'node:fs';
+/**
+ * Severity mapping from external scanners
+ */
+const SEVERITY_MAP = {
+    'CRITICAL': 'critical',
+    'HIGH': 'high',
+    'MEDIUM': 'medium',
+    'LOW': 'low',
+    'UNKNOWN': 'info',
+    'NEGLIGIBLE': 'info',
+};
+/**
+ * Dockerfile best practice rules
+ */
+const DOCKERFILE_RULES = [
+    {
+        id: 'DKR-001',
+        pattern: /^FROM\s+\S+:latest\s*$/im,
+        severity: 'medium',
+        message: 'Using `:latest` tag is not recommended',
+        recommendation: 'Use a specific version tag for reproducible builds',
+    },
+    {
+        id: 'DKR-002',
+        pattern: /^USER\s+root\s*$/im,
+        severity: 'high',
+        message: 'Running as root user',
+        recommendation: 'Create and use a non-root user',
+    },
+    {
+        id: 'DKR-003',
+        pattern: /^RUN\s+.*apt-get\s+install.*-y(?!.*--no-install-recommends)/im,
+        severity: 'low',
+        message: 'Installing packages without --no-install-recommends',
+        recommendation: 'Add --no-install-recommends to reduce image size',
+    },
+    {
+        id: 'DKR-004',
+        pattern: /^RUN\s+.*curl.*\|\s*(bash|sh)/im,
+        severity: 'critical',
+        message: 'Piping curl to shell is dangerous',
+        recommendation: 'Download and verify script before execution',
+    },
+    {
+        id: 'DKR-005',
+        pattern: /^ADD\s+https?:\/\//im,
+        severity: 'medium',
+        message: 'Using ADD with URL is discouraged',
+        recommendation: 'Use RUN with curl/wget for better caching',
+    },
+    {
+        id: 'DKR-006',
+        pattern: /^EXPOSE\s+22\s*$/im,
+        severity: 'high',
+        message: 'Exposing SSH port',
+        recommendation: 'Avoid SSH in containers; use kubectl exec or docker exec',
+    },
+    {
+        id: 'DKR-007',
+        pattern: /ENV\s+.*PASSWORD|SECRET|KEY|TOKEN.*=/i,
+        severity: 'critical',
+        message: 'Hardcoded secrets in ENV',
+        recommendation: 'Use Docker secrets or environment variables at runtime',
+    },
+    {
+        id: 'DKR-008',
+        pattern: /^COPY\s+\.\s+/im,
+        severity: 'medium',
+        message: 'Copying entire context',
+        recommendation: 'Use specific paths or .dockerignore',
+    },
+];
+/**
+ * Container Image Scanner
+ * @trace DES-SEC2-CONTAINER-001
+ */
+export class ImageScanner {
+    options;
+    constructor(options = {}) {
+        this.options = {
+            scanner: options.scanner ?? 'trivy',
+            minSeverity: options.minSeverity ?? 'low',
+            skipDbUpdate: options.skipDbUpdate ?? false,
+            timeout: options.timeout ?? 300000, // 5 minutes
+            includeUnfixed: options.includeUnfixed ?? true,
+            skipRules: options.skipRules ?? [],
+        };
+    }
+    /**
+     * Scan a container image
+     * @trace REQ-SEC2-CONTAINER-001
+     */
+    async scan(imageRef, options) {
+        const mergedOptions = { ...this.options, ...options };
+        // Parse image reference
+        const { image, tag } = this.parseImageRef(imageRef);
+        try {
+            // Try external scanner first
+            const externalResult = await this.runExternalScanner(imageRef, mergedOptions);
+            if (externalResult) {
+                return {
+                    ...externalResult,
+                    image,
+                    tag,
+                    scanTime: new Date(),
+                };
+            }
+        }
+        catch {
+            // Fall back to internal scanning
+        }
+        // Internal scanning (Dockerfile analysis only without external scanner)
+        return {
+            image,
+            tag,
+            vulnerabilities: [],
+            metadata: {},
+            scanTime: new Date(),
+            scanner: 'internal',
+        };
+    }
+    /**
+     * Analyze a Dockerfile for security issues
+     * @trace REQ-SEC2-CONTAINER-002
+     */
+    async analyzeDockerfile(dockerfilePath) {
+        if (!existsSync(dockerfilePath)) {
+            throw new Error(`Dockerfile not found: ${dockerfilePath}`);
+        }
+        const content = readFileSync(dockerfilePath, 'utf-8');
+        const lines = content.split('\n');
+        // Extract base image
+        const baseImage = this.extractBaseImage(content);
+        // Check for issues and filter by skipRules
+        const allIssues = this.checkDockerfileIssues(content, lines);
+        const skipRules = this.options.skipRules ?? [];
+        const issues = allIssues.filter(issue => !skipRules.includes(issue.id));
+        // Check best practices
+        const bestPractices = this.checkBestPractices(content, lines);
+        return {
+            filePath: dockerfilePath,
+            baseImage,
+            issues,
+            bestPractices,
+        };
+    }
+    /**
+     * Convert container vulnerabilities to standard vulnerability format
+     */
+    toVulnerabilities(result) {
+        return result.vulnerabilities.map((cv, index) => ({
+            id: `CONTAINER-${result.image.replace(/[^a-zA-Z0-9]/g, '-')}-${index}`,
+            type: 'dependency',
+            severity: cv.severity,
+            cwes: this.mapCVEToCWE(cv.cve),
+            owasp: ['A06:2021'], // Vulnerable and Outdated Components
+            location: {
+                file: result.image,
+                startLine: 1,
+                endLine: 1,
+                startColumn: 0,
+                endColumn: 0,
+            },
+            description: `${cv.packageName}@${cv.installedVersion}: ${cv.description}`,
+            recommendation: cv.fixedVersion
+                ? `Upgrade to ${cv.packageName}@${cv.fixedVersion}`
+                : 'No fix available; consider using an alternative package',
+            confidence: 0.95,
+            ruleId: cv.cve ?? cv.id,
+            codeSnippet: `Package: ${cv.packageName}\nVersion: ${cv.installedVersion}${cv.layer ? `\nLayer: ${cv.layer}` : ''}`,
+            detectedAt: new Date(),
+        }));
+    }
+    /**
+     * Parse image reference into image name and tag
+     */
+    parseImageRef(imageRef) {
+        // Handle digest format
+        if (imageRef.includes('@sha256:')) {
+            const [image, digest] = imageRef.split('@');
+            return { image, tag: 'latest', digest };
+        }
+        // Handle tag format
+        const lastColon = imageRef.lastIndexOf(':');
+        if (lastColon > 0 && !imageRef.substring(lastColon).includes('/')) {
+            return {
+                image: imageRef.substring(0, lastColon),
+                tag: imageRef.substring(lastColon + 1),
+            };
+        }
+        return { image: imageRef, tag: 'latest' };
+    }
+    /**
+     * Run external scanner (Trivy or Grype)
+     */
+    async runExternalScanner(imageRef, options) {
+        const scanner = options.scanner ?? 'trivy';
+        // Check if scanner is available
+        const isAvailable = await this.isScannerAvailable(scanner);
+        if (!isAvailable) {
+            return null;
+        }
+        if (scanner === 'trivy') {
+            return this.runTrivy(imageRef, options);
+        }
+        else if (scanner === 'grype') {
+            return this.runGrype(imageRef, options);
+        }
+        return null;
+    }
+    /**
+     * Check if a scanner is available
+     */
+    async isScannerAvailable(scanner) {
+        return new Promise((resolve) => {
+            const proc = spawn(scanner, ['--version'], { stdio: 'ignore' });
+            proc.on('close', (code) => resolve(code === 0));
+            proc.on('error', () => resolve(false));
+        });
+    }
+    /**
+     * Run Trivy scanner
+     */
+    async runTrivy(imageRef, options) {
+        const args = ['image', '--format', 'json'];
+        if (options.skipDbUpdate) {
+            args.push('--skip-db-update');
+        }
+        if (!options.includeUnfixed) {
+            args.push('--ignore-unfixed');
+        }
+        args.push(imageRef);
+        return new Promise((resolve, reject) => {
+            let stdout = '';
+            let stderr = '';
+            const proc = spawn('trivy', args, {
+                timeout: options.timeout,
+            });
+            proc.stdout.on('data', (data) => { stdout += data; });
+            proc.stderr.on('data', (data) => { stderr += data; });
+            proc.on('close', (code) => {
+                if (code !== 0) {
+                    reject(new Error(`Trivy failed: ${stderr}`));
+                    return;
+                }
+                try {
+                    const result = JSON.parse(stdout);
+                    resolve(this.parseTrivyOutput(result, options));
+                }
+                catch (e) {
+                    reject(new Error(`Failed to parse Trivy output: ${e}`));
+                }
+            });
+            proc.on('error', (err) => reject(err));
+        });
+    }
+    /**
+     * Run Grype scanner
+     */
+    async runGrype(imageRef, options) {
+        const args = ['-o', 'json', imageRef];
+        return new Promise((resolve, reject) => {
+            let stdout = '';
+            let stderr = '';
+            const proc = spawn('grype', args, {
+                timeout: options.timeout,
+            });
+            proc.stdout.on('data', (data) => { stdout += data; });
+            proc.stderr.on('data', (data) => { stderr += data; });
+            proc.on('close', (code) => {
+                if (code !== 0) {
+                    reject(new Error(`Grype failed: ${stderr}`));
+                    return;
+                }
+                try {
+                    const result = JSON.parse(stdout);
+                    resolve(this.parseGrypeOutput(result, options));
+                }
+                catch (e) {
+                    reject(new Error(`Failed to parse Grype output: ${e}`));
+                }
+            });
+            proc.on('error', (err) => reject(err));
+        });
+    }
+    /**
+     * Parse Trivy JSON output
+     */
+    parseTrivyOutput(output, options) {
+        const vulnerabilities = [];
+        const minSeverityLevel = this.getSeverityLevel(options.minSeverity ?? 'low');
+        // Handle Results array
+        const results = output.Results ?? [];
+        for (const result of results) {
+            const vulns = result.Vulnerabilities ?? [];
+            for (const vuln of vulns) {
+                const severity = SEVERITY_MAP[vuln.Severity?.toUpperCase()] ?? 'info';
+                if (this.getSeverityLevel(severity) < minSeverityLevel) {
+                    continue;
+                }
+                vulnerabilities.push({
+                    id: vuln.VulnerabilityID,
+                    packageName: vuln.PkgName,
+                    installedVersion: vuln.InstalledVersion,
+                    fixedVersion: vuln.FixedVersion,
+                    severity,
+                    cve: vuln.VulnerabilityID?.startsWith('CVE-') ? vuln.VulnerabilityID : undefined,
+                    description: vuln.Description ?? vuln.Title ?? 'No description',
+                    layer: result.Target,
+                });
+            }
+        }
+        // Extract metadata
+        const metadata = {};
+        if (output.Metadata) {
+            metadata.os = output.Metadata.OS?.Family;
+            metadata.osVersion = output.Metadata.OS?.Name;
+            metadata.architecture = output.Metadata.ImageConfig?.architecture;
+        }
+        return {
+            vulnerabilities,
+            metadata,
+            scanner: 'trivy',
+        };
+    }
+    /**
+     * Parse Grype JSON output
+     */
+    parseGrypeOutput(output, options) {
+        const vulnerabilities = [];
+        const minSeverityLevel = this.getSeverityLevel(options.minSeverity ?? 'low');
+        const matches = output.matches ?? [];
+        for (const match of matches) {
+            const vuln = match.vulnerability;
+            const artifact = match.artifact;
+            const severity = SEVERITY_MAP[vuln?.severity?.toUpperCase()] ?? 'info';
+            if (this.getSeverityLevel(severity) < minSeverityLevel) {
+                continue;
+            }
+            vulnerabilities.push({
+                id: vuln?.id ?? 'UNKNOWN',
+                packageName: artifact?.name ?? 'unknown',
+                installedVersion: artifact?.version ?? 'unknown',
+                fixedVersion: match.vulnerability?.fix?.versions?.[0],
+                severity,
+                cve: vuln?.id?.startsWith('CVE-') ? vuln.id : undefined,
+                description: vuln?.description ?? 'No description',
+            });
+        }
+        // Extract metadata
+        const metadata = {};
+        if (output.source?.target?.imageID) {
+            metadata.os = output.distro?.name;
+            metadata.osVersion = output.distro?.version;
+        }
+        return {
+            vulnerabilities,
+            metadata,
+            scanner: 'grype',
+        };
+    }
+    /**
+     * Get numeric severity level for comparison
+     */
+    getSeverityLevel(severity) {
+        const levels = {
+            critical: 4,
+            high: 3,
+            medium: 2,
+            low: 1,
+            info: 0,
+        };
+        return levels[severity] ?? 0;
+    }
+    /**
+     * Extract base image from Dockerfile
+     */
+    extractBaseImage(content) {
+        const match = content.match(/^FROM\s+(\S+)/im);
+        return match?.[1] ?? 'unknown';
+    }
+    /**
+     * Check Dockerfile for security issues
+     */
+    checkDockerfileIssues(content, lines) {
+        const issues = [];
+        for (const rule of DOCKERFILE_RULES) {
+            const match = content.match(rule.pattern);
+            if (match) {
+                // Find line number
+                let lineNumber = 1;
+                for (let i = 0; i < lines.length; i++) {
+                    if (lines[i].match(rule.pattern)) {
+                        lineNumber = i + 1;
+                        break;
+                    }
+                }
+                issues.push({
+                    id: rule.id,
+                    severity: rule.severity,
+                    line: lineNumber,
+                    instruction: match[0].trim(),
+                    message: rule.message,
+                    recommendation: rule.recommendation,
+                });
+            }
+        }
+        return issues;
+    }
+    /**
+     * Check best practices
+     */
+    checkBestPractices(content, _lines) {
+        const violations = [];
+        // Check for HEALTHCHECK
+        if (!content.includes('HEALTHCHECK')) {
+            violations.push({
+                rule: 'HEALTHCHECK',
+                description: 'No HEALTHCHECK instruction found',
+                recommendation: 'Add HEALTHCHECK to enable container health monitoring',
+            });
+        }
+        // Check for multi-stage builds when large packages are installed
+        const hasInstallCommands = /apt-get install|npm install|pip install|yarn add/i.test(content);
+        const isMultiStage = (content.match(/^FROM\s+/gim) ?? []).length > 1;
+        if (hasInstallCommands && !isMultiStage) {
+            violations.push({
+                rule: 'MULTI_STAGE_BUILD',
+                description: 'Consider using multi-stage builds',
+                recommendation: 'Use multi-stage builds to reduce final image size',
+            });
+        }
+        // Check for .dockerignore mention
+        // This is a reminder, not detectable from Dockerfile alone
+        return violations;
+    }
+    /**
+     * Map CVE to CWE
+     */
+    mapCVEToCWE(cve) {
+        // In a real implementation, this would query a CVE database
+        // For now, return a generic CWE for supply chain vulnerability
+        return cve ? ['CWE-1035'] : ['CWE-1035']; // Using Components from Untrusted Source
+    }
+}
+/**
+ * Create image scanner instance
+ */
+export function createImageScanner(options) {
+    return new ImageScanner(options);
+}
+//# sourceMappingURL=image-scanner.js.map