@nahisaho/musubix-security 2.0.0 → 2.1.0

package/dist/analysis/sinks/types.d.ts

@@ -0,0 +1,97 @@
+/**
+ * @fileoverview Sink definition types for taint analysis
+ * @module @nahisaho/musubix-security/analysis/sinks/types
+ * @trace REQ-SEC-001
+ */
+import type { TaintSinkCategory, Severity } from '../../types/index.js';
+/**
+ * AST pattern for sink matching
+ */
+export interface SinkASTPattern {
+    /** Object/receiver name (e.g., 'db', 'fs', 'child_process') */
+    receiver?: string | string[];
+    /** Method name to match */
+    method?: string | string[];
+    /** Property name to match (for property access patterns) */
+    property?: string | string[];
+    /** Argument index that should not receive tainted data (0-based) */
+    vulnerableArg?: number;
+    /** Whether multiple arguments are vulnerable */
+    vulnerableArgs?: number[];
+    /** Pattern for import detection */
+    importPattern?: {
+        module: string | RegExp;
+        named?: string[];
+        default?: boolean;
+    };
+}
+/**
+ * Sink definition for taint analysis
+ * @trace REQ-SEC-001
+ */
+export interface SinkDefinition {
+    /** Unique sink definition ID */
+    id: string;
+    /** Human-readable name */
+    name: string;
+    /** Sink category */
+    category: TaintSinkCategory;
+    /** Severity if tainted data reaches this sink */
+    severity: Severity;
+    /** Framework this sink is associated with */
+    framework?: string;
+    /** AST patterns to match this sink */
+    patterns: SinkASTPattern[];
+    /** Sanitizers that can protect this sink */
+    expectedSanitizers: string[];
+    /** Description of this sink */
+    description: string;
+    /** Whether this sink is enabled by default */
+    enabled: boolean;
+    /** Tags for filtering/grouping */
+    tags: string[];
+    /** CWE IDs associated with this sink */
+    relatedCWE: string[];
+    /** OWASP Top 10 category */
+    owaspCategory?: string;
+}
+/**
+ * Sink match result
+ */
+export interface SinkMatchResult {
+    /** Definition that matched */
+    definition: SinkDefinition;
+    /** Matched pattern */
+    pattern: SinkASTPattern;
+    /** Function/method name being called */
+    functionName: string;
+    /** Argument index receiving tainted data */
+    argumentIndex: number;
+    /** Expression at this sink */
+    expression: string;
+}
+/**
+ * Sink detector interface
+ */
+export interface ISinkDetector {
+    /** Detect sinks in an AST node */
+    detect(ast: unknown, options?: SinkDetectorOptions): Promise<SinkMatchResult[]>;
+    /** Register custom sink definition */
+    registerSink(definition: SinkDefinition): void;
+    /** Get all registered sinks */
+    getSinks(): readonly SinkDefinition[];
+}
+/**
+ * Sink detector options
+ */
+export interface SinkDetectorOptions {
+    /** Categories to include */
+    categories?: TaintSinkCategory[];
+    /** Severity threshold */
+    minSeverity?: Severity;
+    /** Custom sinks to add */
+    customSinks?: SinkDefinition[];
+    /** Frameworks to include */
+    frameworks?: string[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/analysis/sinks/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/analysis/sinks/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAExE;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC7B,2BAA2B;IAC3B,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC3B,4DAA4D;IAC5D,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC7B,oEAAoE;IACpE,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gDAAgD;IAChD,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,mCAAmC;IACnC,aAAa,CAAC,EAAE;QACd,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;QACxB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;QACjB,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,gCAAgC;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,oBAAoB;IACpB,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,iDAAiD;IACjD,QAAQ,EAAE,QAAQ,CAAC;IACnB,6CAA6C;IAC7C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,sCAAsC;IACtC,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,4CAA4C;IAC5C,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,+BAA+B;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,8CAA8C;IAC9C,OAAO,EAAE,OAAO,CAAC;IACjB,kCAAkC;IAClC,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,wCAAwC;IACxC,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,4BAA4B;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,8BAA8B;IAC9B,UAAU,EAAE,cAAc,CAAC;IAC3B,sBAAsB;IACtB,OAAO,EAAE,cAAc,CAAC;IACxB,wCAAwC;IACxC,YAAY,EAAE,MAAM,CAAC;IACrB,4CAA4C;IAC5C,aAAa,EAAE,MAAM,CAAC;IACtB,8BAA8B;IAC9B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,kCAAkC;IAClC,MAAM,CACJ,GAAG,EAAE,OAAO,EACZ,OAAO,CAAC,EAAE,mBAAmB,GAC5B,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC;IAE9B,sCAAsC;IACtC,YAAY,CAAC,UAAU,EAAE,cAAc,GAAG,IAAI,CAAC;IAE/C,+BAA+B;IAC/B,QAAQ,IAAI,SAAS,cAAc,EAAE,CAAC;CACvC;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,4BAA4B;IAC5B,UAAU,CAAC,EAAE,iBAAiB,EAAE,CAAC;IACjC,yBAAyB;IACzB,WAAW,CAAC,EAAE,QAAQ,CAAC;IACvB,0BAA0B;IAC1B,WAAW,CAAC,EAAE,cAAc,EAAE,CAAC;IAC/B,4BAA4B;IAC5B,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB"}

package/dist/analysis/sinks/types.js

@@ -0,0 +1,7 @@
+/**
+ * @fileoverview Sink definition types for taint analysis
+ * @module @nahisaho/musubix-security/analysis/sinks/types
+ * @trace REQ-SEC-001
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/analysis/sinks/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/analysis/sinks/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}

package/dist/analysis/sources/database.d.ts

@@ -0,0 +1,12 @@
+/**
+ * @fileoverview Database source definitions
+ * @module @nahisaho/musubix-security/analysis/sources/database
+ * @trace REQ-SEC-001
+ */
+import type { SourceDefinition } from './types.js';
+/**
+ * Database sources - query results that may contain user-controlled data
+ * @trace REQ-SEC-001
+ */
+export declare const DATABASE_SOURCES: readonly SourceDefinition[];
+//# sourceMappingURL=database.d.ts.map

package/dist/analysis/sources/database.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"database.d.ts","sourceRoot":"","sources":["../../../src/analysis/sources/database.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEnD;;;GAGG;AACH,eAAO,MAAM,gBAAgB,EAAE,SAAS,gBAAgB,EAiN9C,CAAC"}

package/dist/analysis/sources/database.js

@@ -0,0 +1,211 @@
+/**
+ * @fileoverview Database source definitions
+ * @module @nahisaho/musubix-security/analysis/sources/database
+ * @trace REQ-SEC-001
+ */
+/**
+ * Database sources - query results that may contain user-controlled data
+ * @trace REQ-SEC-001
+ */
+export const DATABASE_SOURCES = [
+    // Prisma ORM
+    {
+        id: 'SRC-DB-001',
+        name: 'Prisma Query Result',
+        category: 'database',
+        framework: 'prisma',
+        patterns: [
+            { receiver: 'prisma', method: 'findFirst', taintedReturn: true },
+            { receiver: 'prisma', method: 'findUnique', taintedReturn: true },
+            { receiver: 'prisma', method: 'findMany', taintedReturn: true },
+            { receiver: 'prisma', method: 'findFirstOrThrow', taintedReturn: true },
+            { receiver: 'prisma', method: 'findUniqueOrThrow', taintedReturn: true },
+            { receiver: 'prisma', method: 'create', taintedReturn: true },
+            { receiver: 'prisma', method: 'update', taintedReturn: true },
+            { receiver: 'prisma', method: 'upsert', taintedReturn: true },
+        ],
+        description: 'Prisma ORM query results',
+        confidence: 0.7,
+        enabled: true,
+        tags: ['database', 'prisma', 'orm'],
+        relatedCWE: ['CWE-20', 'CWE-79'],
+    },
+    // TypeORM
+    {
+        id: 'SRC-DB-010',
+        name: 'TypeORM Query Result',
+        category: 'database',
+        framework: 'typeorm',
+        patterns: [
+            { method: 'find', taintedReturn: true },
+            { method: 'findOne', taintedReturn: true },
+            { method: 'findOneBy', taintedReturn: true },
+            { method: 'findBy', taintedReturn: true },
+            { method: 'findAndCount', taintedReturn: true },
+            { method: 'findOneOrFail', taintedReturn: true },
+            { method: 'save', taintedReturn: true },
+        ],
+        description: 'TypeORM query results',
+        confidence: 0.7,
+        enabled: true,
+        tags: ['database', 'typeorm', 'orm'],
+        relatedCWE: ['CWE-20', 'CWE-79'],
+    },
+    // Sequelize
+    {
+        id: 'SRC-DB-020',
+        name: 'Sequelize Query Result',
+        category: 'database',
+        framework: 'sequelize',
+        patterns: [
+            { method: 'findAll', taintedReturn: true },
+            { method: 'findOne', taintedReturn: true },
+            { method: 'findByPk', taintedReturn: true },
+            { method: 'findOrCreate', taintedReturn: true },
+            { method: 'findAndCountAll', taintedReturn: true },
+            { method: 'create', taintedReturn: true },
+            { method: 'update', taintedReturn: true },
+        ],
+        description: 'Sequelize query results',
+        confidence: 0.7,
+        enabled: true,
+        tags: ['database', 'sequelize', 'orm'],
+        relatedCWE: ['CWE-20', 'CWE-79'],
+    },
+    // Drizzle ORM
+    {
+        id: 'SRC-DB-030',
+        name: 'Drizzle Query Result',
+        category: 'database',
+        framework: 'drizzle',
+        patterns: [
+            { receiver: 'db', method: 'select', taintedReturn: true },
+            { receiver: 'db', method: 'query', taintedReturn: true },
+        ],
+        description: 'Drizzle ORM query results',
+        confidence: 0.7,
+        enabled: true,
+        tags: ['database', 'drizzle', 'orm'],
+        relatedCWE: ['CWE-20', 'CWE-79'],
+    },
+    // Knex.js
+    {
+        id: 'SRC-DB-040',
+        name: 'Knex Query Result',
+        category: 'database',
+        framework: 'knex',
+        patterns: [
+            { receiver: 'knex', method: 'select', taintedReturn: true },
+            { receiver: 'knex', method: 'where', taintedReturn: true },
+            { receiver: 'knex', method: 'first', taintedReturn: true },
+            { receiver: 'knex', method: 'raw', taintedReturn: true },
+            { receiver: 'db', method: 'select', taintedReturn: true },
+        ],
+        description: 'Knex.js query results',
+        confidence: 0.7,
+        enabled: true,
+        tags: ['database', 'knex', 'query-builder'],
+        relatedCWE: ['CWE-20', 'CWE-79', 'CWE-89'],
+    },
+    // MongoDB (Native Driver)
+    {
+        id: 'SRC-DB-050',
+        name: 'MongoDB Query Result',
+        category: 'database',
+        framework: 'mongodb',
+        patterns: [
+            { method: 'findOne', taintedReturn: true },
+            { method: 'find', taintedReturn: true },
+            { method: 'aggregate', taintedReturn: true },
+            { method: 'insertOne', taintedReturn: true },
+            { method: 'updateOne', taintedReturn: true },
+            { method: 'findOneAndUpdate', taintedReturn: true },
+            { method: 'findOneAndReplace', taintedReturn: true },
+        ],
+        description: 'MongoDB native driver query results',
+        confidence: 0.7,
+        enabled: true,
+        tags: ['database', 'mongodb', 'nosql'],
+        relatedCWE: ['CWE-20', 'CWE-79', 'CWE-943'],
+    },
+    // Mongoose
+    {
+        id: 'SRC-DB-060',
+        name: 'Mongoose Query Result',
+        category: 'database',
+        framework: 'mongoose',
+        patterns: [
+            { method: 'findById', taintedReturn: true },
+            { method: 'findOne', taintedReturn: true },
+            { method: 'find', taintedReturn: true },
+            { method: 'findByIdAndUpdate', taintedReturn: true },
+            { method: 'findOneAndUpdate', taintedReturn: true },
+            { method: 'exec', taintedReturn: true },
+            { method: 'lean', taintedReturn: true },
+        ],
+        description: 'Mongoose ODM query results',
+        confidence: 0.7,
+        enabled: true,
+        tags: ['database', 'mongoose', 'mongodb', 'odm'],
+        relatedCWE: ['CWE-20', 'CWE-79', 'CWE-943'],
+    },
+    // Redis
+    {
+        id: 'SRC-DB-070',
+        name: 'Redis Query Result',
+        category: 'database',
+        framework: 'redis',
+        patterns: [
+            { receiver: 'redis', method: 'get', taintedReturn: true },
+            { receiver: 'redis', method: 'mget', taintedReturn: true },
+            { receiver: 'redis', method: 'hget', taintedReturn: true },
+            { receiver: 'redis', method: 'hgetall', taintedReturn: true },
+            { receiver: 'redis', method: 'lrange', taintedReturn: true },
+            { receiver: 'redis', method: 'smembers', taintedReturn: true },
+            { receiver: 'client', method: 'get', taintedReturn: true },
+        ],
+        description: 'Redis cache/database results',
+        confidence: 0.7,
+        enabled: true,
+        tags: ['database', 'redis', 'cache'],
+        relatedCWE: ['CWE-20', 'CWE-79'],
+    },
+    // Raw SQL
+    {
+        id: 'SRC-DB-080',
+        name: 'Raw SQL Query Result',
+        category: 'database',
+        framework: 'sql',
+        patterns: [
+            { method: 'query', taintedReturn: true },
+            { method: 'execute', taintedReturn: true },
+            { receiver: 'db', method: 'query', taintedReturn: true },
+            { receiver: 'connection', method: 'query', taintedReturn: true },
+            { receiver: 'pool', method: 'query', taintedReturn: true },
+        ],
+        description: 'Raw SQL query results',
+        confidence: 0.7,
+        enabled: true,
+        tags: ['database', 'sql', 'raw'],
+        relatedCWE: ['CWE-20', 'CWE-79', 'CWE-89'],
+    },
+    // Better-SQLite3
+    {
+        id: 'SRC-DB-090',
+        name: 'Better-SQLite3 Query Result',
+        category: 'database',
+        framework: 'better-sqlite3',
+        patterns: [
+            { method: 'get', taintedReturn: true },
+            { method: 'all', taintedReturn: true },
+            { method: 'iterate', taintedReturn: true },
+            { method: 'pluck', taintedReturn: true },
+        ],
+        description: 'Better-SQLite3 query results',
+        confidence: 0.7,
+        enabled: true,
+        tags: ['database', 'sqlite', 'sql'],
+        relatedCWE: ['CWE-20', 'CWE-79', 'CWE-89'],
+    },
+];
+//# sourceMappingURL=database.js.map

package/dist/analysis/sources/database.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"database.js","sourceRoot":"","sources":["../../../src/analysis/sources/database.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAgC;IAC3D,aAAa;IACb;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,QAAQ;QACnB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,IAAI,EAAE;YAChE,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,IAAI,EAAE;YACjE,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;YAC/D,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,kBAAkB,EAAE,aAAa,EAAE,IAAI,EAAE;YACvE,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,mBAAmB,EAAE,aAAa,EAAE,IAAI,EAAE;YACxE,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE;YAC7D,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE;YAC7D,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE;SAC9D;QACD,WAAW,EAAE,0BAA0B;QACvC,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,UAAU,EAAE,QAAQ,EAAE,KAAK,CAAC;QACnC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;KACjC;IAED,UAAU;IACV;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,SAAS;QACpB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;YACvC,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE;YAC1C,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,IAAI,EAAE;YAC5C,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE;YACzC,EAAE,MAAM,EAAE,cAAc,EAAE,aAAa,EAAE,IAAI,EAAE;YAC/C,EAAE,MAAM,EAAE,eAAe,EAAE,aAAa,EAAE,IAAI,EAAE;YAChD,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;SACxC;QACD,WAAW,EAAE,uBAAuB;QACpC,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,UAAU,EAAE,SAAS,EAAE,KAAK,CAAC;QACpC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;KACjC;IAED,YAAY;IACZ;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,WAAW;QACtB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE;YAC1C,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE;YAC1C,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;YAC3C,EAAE,MAAM,EAAE,cAAc,EAAE,aAAa,EAAE,IAAI,EAAE;YAC/C,EAAE,MAAM,EAAE,iBAAiB,EAAE,aAAa,EAAE,IAAI,EAAE;YAClD,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE;YACzC,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE;SAC1C;QACD,WAAW,EAAE,yBAAyB;QACtC,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,UAAU,EAAE,WAAW,EAAE,KAAK,CAAC;QACtC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;KACjC;IAED,cAAc;IACd;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,SAAS;QACpB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE;YACzD,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE;SACzD;QACD,WAAW,EAAE,2BAA2B;QACxC,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,UAAU,EAAE,SAAS,EAAE,KAAK,CAAC;QACpC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;KACjC;IAED,UAAU;IACV;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE;YAC3D,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE;YAC1D,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE;YAC1D,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE;YACxD,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE;SAC1D;QACD,WAAW,EAAE,uBAAuB;QACpC,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,eAAe,CAAC;QAC3C,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;KAC3C;IAED,0BAA0B;IAC1B;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,SAAS;QACpB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE;YAC1C,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;YACvC,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,IAAI,EAAE;YAC5C,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,IAAI,EAAE;YAC5C,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,IAAI,EAAE;YAC5C,EAAE,MAAM,EAAE,kBAAkB,EAAE,aAAa,EAAE,IAAI,EAAE;YACnD,EAAE,MAAM,EAAE,mBAAmB,EAAE,aAAa,EAAE,IAAI,EAAE;SACrD;QACD,WAAW,EAAE,qCAAqC;QAClD,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,UAAU,EAAE,SAAS,EAAE,OAAO,CAAC;QACtC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC;KAC5C;IAED,WAAW;IACX;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,UAAU;QACrB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;YAC3C,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE;YAC1C,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;YACvC,EAAE,MAAM,EAAE,mBAAmB,EAAE,aAAa,EAAE,IAAI,EAAE;YACpD,EAAE,MAAM,EAAE,kBAAkB,EAAE,aAAa,EAAE,IAAI,EAAE;YACnD,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;YACvC,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;SACxC;QACD,WAAW,EAAE,4BAA4B;QACzC,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,CAAC;QAChD,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC;KAC5C;IAED,QAAQ;IACR;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE;YACzD,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;YAC1D,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;YAC1D,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE;YAC7D,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE;YAC5D,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;YAC9D,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE;SAC3D;QACD,WAAW,EAAE,8BAA8B;QAC3C,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC;QACpC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;KACjC;IAED,UAAU;IACV;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,KAAK;QAChB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE;YACxC,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE;YAC1C,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE;YACxD,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE;YAChE,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE;SAC3D;QACD,WAAW,EAAE,uBAAuB;QACpC,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,KAAK,CAAC;QAChC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;KAC3C;IAED,iBAAiB;IACjB;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,gBAAgB;QAC3B,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE;YACtC,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE;YACtC,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE;YAC1C,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE;SACzC;QACD,WAAW,EAAE,8BAA8B;QAC3C,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,UAAU,EAAE,QAAQ,EAAE,KAAK,CAAC;QACnC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;KAC3C;CACO,CAAC"}

package/dist/analysis/sources/environment.d.ts

@@ -0,0 +1,12 @@
+/**
+ * @fileoverview Environment source definitions
+ * @module @nahisaho/musubix-security/analysis/sources/environment
+ * @trace REQ-SEC-001
+ */
+import type { SourceDefinition } from './types.js';
+/**
+ * Environment sources - environment variables, CLI args
+ * @trace REQ-SEC-001
+ */
+export declare const ENVIRONMENT_SOURCES: readonly SourceDefinition[];
+//# sourceMappingURL=environment.d.ts.map

package/dist/analysis/sources/environment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"environment.d.ts","sourceRoot":"","sources":["../../../src/analysis/sources/environment.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEnD;;;GAGG;AACH,eAAO,MAAM,mBAAmB,EAAE,SAAS,gBAAgB,EA2JjD,CAAC"}

package/dist/analysis/sources/environment.js

@@ -0,0 +1,158 @@
+/**
+ * @fileoverview Environment source definitions
+ * @module @nahisaho/musubix-security/analysis/sources/environment
+ * @trace REQ-SEC-001
+ */
+/**
+ * Environment sources - environment variables, CLI args
+ * @trace REQ-SEC-001
+ */
+export const ENVIRONMENT_SOURCES = [
+    // Process environment
+    {
+        id: 'SRC-ENV-001',
+        name: 'Environment Variables',
+        category: 'environment',
+        framework: 'node',
+        patterns: [
+            { receiver: 'process', property: 'env', taintedReturn: true },
+        ],
+        description: 'Node.js process.env environment variables',
+        confidence: 0.6,
+        enabled: true,
+        tags: ['environment', 'node', 'env'],
+        relatedCWE: ['CWE-20', 'CWE-78'],
+    },
+    // CLI arguments
+    {
+        id: 'SRC-ENV-010',
+        name: 'CLI Arguments',
+        category: 'cli-args',
+        framework: 'node',
+        patterns: [
+            { receiver: 'process', property: 'argv', taintedReturn: true },
+        ],
+        description: 'Command line arguments',
+        confidence: 0.8,
+        enabled: true,
+        tags: ['environment', 'node', 'argv', 'cli'],
+        relatedCWE: ['CWE-20', 'CWE-78', 'CWE-88'],
+    },
+    // yargs
+    {
+        id: 'SRC-ENV-020',
+        name: 'Yargs Arguments',
+        category: 'cli-args',
+        framework: 'yargs',
+        patterns: [
+            { receiver: 'yargs', method: 'parse', taintedReturn: true },
+            { receiver: 'yargs', method: 'argv', taintedReturn: true },
+            { property: 'argv', taintedReturn: true },
+        ],
+        description: 'Yargs parsed arguments',
+        confidence: 0.8,
+        enabled: true,
+        tags: ['environment', 'yargs', 'cli'],
+        relatedCWE: ['CWE-20', 'CWE-78', 'CWE-88'],
+    },
+    // commander
+    {
+        id: 'SRC-ENV-030',
+        name: 'Commander Arguments',
+        category: 'cli-args',
+        framework: 'commander',
+        patterns: [
+            { receiver: 'program', method: 'opts', taintedReturn: true },
+            { receiver: 'program', property: 'args', taintedReturn: true },
+            { receiver: 'command', method: 'opts', taintedReturn: true },
+        ],
+        description: 'Commander parsed arguments',
+        confidence: 0.8,
+        enabled: true,
+        tags: ['environment', 'commander', 'cli'],
+        relatedCWE: ['CWE-20', 'CWE-78', 'CWE-88'],
+    },
+    // minimist
+    {
+        id: 'SRC-ENV-040',
+        name: 'Minimist Arguments',
+        category: 'cli-args',
+        framework: 'minimist',
+        patterns: [
+            { method: 'minimist', taintedReturn: true },
+        ],
+        description: 'Minimist parsed arguments',
+        confidence: 0.8,
+        enabled: true,
+        tags: ['environment', 'minimist', 'cli'],
+        relatedCWE: ['CWE-20', 'CWE-78', 'CWE-88'],
+    },
+    // dotenv
+    {
+        id: 'SRC-ENV-050',
+        name: 'Dotenv Variables',
+        category: 'environment',
+        framework: 'dotenv',
+        patterns: [
+            { receiver: 'dotenv', method: 'config', taintedReturn: true },
+            { receiver: 'dotenv', method: 'parse', taintedReturn: true },
+        ],
+        description: 'Dotenv parsed environment variables',
+        confidence: 0.6,
+        enabled: true,
+        tags: ['environment', 'dotenv'],
+        relatedCWE: ['CWE-20'],
+    },
+    // Stdin
+    {
+        id: 'SRC-ENV-060',
+        name: 'Standard Input',
+        category: 'cli-args',
+        framework: 'node',
+        patterns: [
+            { receiver: 'process', property: 'stdin', taintedReturn: true },
+            { receiver: 'stdin', method: 'on', taintedArg: 1 },
+            { receiver: 'readline', method: 'question', taintedArg: 1 },
+        ],
+        description: 'Standard input data',
+        confidence: 0.9,
+        enabled: true,
+        tags: ['environment', 'stdin', 'cli'],
+        relatedCWE: ['CWE-20', 'CWE-78'],
+    },
+    // Electron
+    {
+        id: 'SRC-ENV-070',
+        name: 'Electron App Path',
+        category: 'environment',
+        framework: 'electron',
+        patterns: [
+            { receiver: 'app', method: 'getPath', taintedReturn: true },
+            { receiver: 'app', method: 'getAppPath', taintedReturn: true },
+        ],
+        description: 'Electron app path functions',
+        confidence: 0.5,
+        enabled: true,
+        tags: ['environment', 'electron'],
+        relatedCWE: ['CWE-20', 'CWE-22'],
+    },
+    // OS module
+    {
+        id: 'SRC-ENV-080',
+        name: 'OS Information',
+        category: 'environment',
+        framework: 'node',
+        patterns: [
+            { receiver: 'os', method: 'hostname', taintedReturn: true },
+            { receiver: 'os', method: 'userInfo', taintedReturn: true },
+            { receiver: 'os', method: 'homedir', taintedReturn: true },
+            { receiver: 'os', method: 'tmpdir', taintedReturn: true },
+        ],
+        description: 'OS module information',
+        confidence: 0.4,
+        enabled: true,
+        tags: ['environment', 'os', 'node'],
+        relatedCWE: ['CWE-200'],
+    },
+];
+//# sourceMappingURL=environment.js.map

package/dist/analysis/sources/environment.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"environment.js","sourceRoot":"","sources":["../../../src/analysis/sources/environment.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;;GAGG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAgC;IAC9D,sBAAsB;IACtB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,aAAa;QACvB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE;SAC9D;QACD,WAAW,EAAE,2CAA2C;QACxD,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,aAAa,EAAE,MAAM,EAAE,KAAK,CAAC;QACpC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;KACjC;IAED,gBAAgB;IAChB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;SAC/D;QACD,WAAW,EAAE,wBAAwB;QACrC,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,aAAa,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC;QAC5C,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;KAC3C;IAED,QAAQ;IACR;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE;YAC3D,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;YAC1D,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;SAC1C;QACD,WAAW,EAAE,wBAAwB;QACrC,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,aAAa,EAAE,OAAO,EAAE,KAAK,CAAC;QACrC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;KAC3C;IAED,YAAY;IACZ;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,WAAW;QACtB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;YAC5D,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;YAC9D,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;SAC7D;QACD,WAAW,EAAE,4BAA4B;QACzC,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,aAAa,EAAE,WAAW,EAAE,KAAK,CAAC;QACzC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;KAC3C;IAED,WAAW;IACX;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,UAAU;QACrB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;SAC5C;QACD,WAAW,EAAE,2BAA2B;QACxC,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,aAAa,EAAE,UAAU,EAAE,KAAK,CAAC;QACxC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;KAC3C;IAED,SAAS;IACT;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,aAAa;QACvB,SAAS,EAAE,QAAQ;QACnB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE;YAC7D,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE;SAC7D;QACD,WAAW,EAAE,qCAAqC;QAClD,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,aAAa,EAAE,QAAQ,CAAC;QAC/B,UAAU,EAAE,CAAC,QAAQ,CAAC;KACvB;IAED,QAAQ;IACR;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE;YAC/D,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,EAAE;YAClD,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC,EAAE;SAC5D;QACD,WAAW,EAAE,qBAAqB;QAClC,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,aAAa,EAAE,OAAO,EAAE,KAAK,CAAC;QACrC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;KACjC;IAED,WAAW;IACX;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,aAAa;QACvB,SAAS,EAAE,UAAU;QACrB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE;YAC3D,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,IAAI,EAAE;SAC/D;QACD,WAAW,EAAE,6BAA6B;QAC1C,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,aAAa,EAAE,UAAU,CAAC;QACjC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;KACjC;IAED,YAAY;IACZ;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,aAAa;QACvB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;YAC3D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;YAC3D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE;YAC1D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE;SAC1D;QACD,WAAW,EAAE,uBAAuB;QACpC,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,aAAa,EAAE,IAAI,EAAE,MAAM,CAAC;QACnC,UAAU,EAAE,CAAC,SAAS,CAAC;KACxB;CACO,CAAC"}

package/dist/analysis/sources/file-system.d.ts

@@ -0,0 +1,12 @@
+/**
+ * @fileoverview File system source definitions
+ * @module @nahisaho/musubix-security/analysis/sources/file-system
+ * @trace REQ-SEC-001
+ */
+import type { SourceDefinition } from './types.js';
+/**
+ * File system sources - file reads that may contain user-controlled data
+ * @trace REQ-SEC-001
+ */
+export declare const FILE_SYSTEM_SOURCES: readonly SourceDefinition[];
+//# sourceMappingURL=file-system.d.ts.map

package/dist/analysis/sources/file-system.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"file-system.d.ts","sourceRoot":"","sources":["../../../src/analysis/sources/file-system.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEnD;;;GAGG;AACH,eAAO,MAAM,mBAAmB,EAAE,SAAS,gBAAgB,EAiLjD,CAAC"}