@nahisaho/musubix-security 2.0.0 → 2.1.0

package/dist/rules/owasp/a05-security-misconfiguration.js

@@ -0,0 +1,371 @@
+/**
+ * @fileoverview OWASP A05:2021 - Security Misconfiguration Rule
+ * @module @nahisaho/musubix-security/rules/owasp/a05-security-misconfiguration
+ * @trace TSK-RULE-003
+ *
+ * Detects:
+ * - Default credentials
+ * - Verbose error messages
+ * - Unnecessary features enabled
+ * - Missing security headers
+ * - Development settings in production
+ */
+/**
+ * OWASP A05 - Security Misconfiguration
+ */
+export const owaspA05SecurityMisconfiguration = {
+    id: 'owasp-a05-security-misconfiguration',
+    name: 'OWASP A05:2021 - Security Misconfiguration',
+    description: 'Detects security misconfigurations including default credentials, verbose errors, and insecure settings',
+    defaultSeverity: 'high',
+    detectionMethod: 'pattern-match',
+    tags: ['owasp', 'configuration', 'defaults', 'headers', 'security'],
+    owasp: ['A05:2021'],
+    cwe: ['2', '11', '13', '15', '16', '260', '315', '520', '526', '537'],
+    references: [
+        { title: 'OWASP A05:2021 - Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
+        { title: 'CWE-16: Configuration', url: 'https://cwe.mitre.org/data/definitions/16.html' },
+    ],
+    async analyze(context) {
+        const findings = [];
+        const sourceFile = context.sourceFile;
+        if (!sourceFile)
+            return findings;
+        // Check for default credentials
+        checkDefaultCredentials(context, findings);
+        // Check for verbose errors
+        checkVerboseErrors(context, findings);
+        // Check for unnecessary features
+        checkUnnecessaryFeatures(context, findings);
+        // Check for missing security headers
+        checkMissingHeaders(context, findings);
+        // Check for development settings
+        checkDevSettings(context, findings);
+        // Check for exposed environment
+        checkExposedEnvironment(context, findings);
+        return findings;
+    },
+};
+/**
+ * Check for default or hardcoded credentials
+ */
+function checkDefaultCredentials(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    const defaultCredPatterns = [
+        // Default passwords
+        { pattern: /password\s*[:=]\s*['"`](?:password|admin|123456|root|default|test|demo)['"`]/gi, type: 'default password' },
+        // Default usernames
+        { pattern: /(?:username|user)\s*[:=]\s*['"`](?:admin|root|test|user|demo)['"`]/gi, type: 'default username' },
+        // Default API keys (placeholder patterns)
+        { pattern: /(?:api[_-]?key|apikey)\s*[:=]\s*['"`](?:xxx|test|demo|your[_-]?api[_-]?key)['"`]/gi, type: 'placeholder API key' },
+        // Default tokens
+        { pattern: /(?:token|secret)\s*[:=]\s*['"`](?:changeme|secret|default|test)['"`]/gi, type: 'default token' },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        // Skip comments
+        if (line.trim().startsWith('//') || line.trim().startsWith('*'))
+            continue;
+        for (const { pattern, type } of defaultCredPatterns) {
+            pattern.lastIndex = 0;
+            if (pattern.test(line)) {
+                findings.push({
+                    id: `owasp-a05-cred-${findings.length + 1}`,
+                    ruleId: 'owasp-a05-security-misconfiguration',
+                    severity: 'critical',
+                    message: `Default or hardcoded ${type} detected`,
+                    location: {
+                        file: context.filePath,
+                        startLine: lineNum + 1,
+                        endLine: lineNum + 1,
+                        startColumn: 0,
+                        endColumn: line.length,
+                    },
+                    suggestion: {
+                        description: 'Use environment variables for credentials',
+                        example: `// Use environment variables:
+const password = process.env.DB_PASSWORD;
+const apiKey = process.env.API_KEY;`,
+                    },
+                });
+                break;
+            }
+        }
+    }
+}
+/**
+ * Check for verbose error messages
+ */
+function checkVerboseErrors(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    const verboseErrorPatterns = [
+        // Stack trace exposure
+        { pattern: /(?:res\.send|res\.json)\s*\([^)]*(?:err\.stack|error\.stack)/gi, type: 'Stack trace in response' },
+        // Full error object
+        { pattern: /(?:res\.send|res\.json)\s*\(\s*(?:err|error)\s*\)/gi, type: 'Full error object in response' },
+        // Internal error details
+        { pattern: /(?:res\.send|res\.json)\s*\([^)]*(?:sql|query|database)/gi, type: 'Database details in response' },
+        // Debug info in production
+        { pattern: /console\.(?:log|error)\s*\([^)]*(?:password|secret|key|token)/gi, type: 'Sensitive data in console' },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, type } of verboseErrorPatterns) {
+            pattern.lastIndex = 0;
+            if (pattern.test(line)) {
+                // Check if there's environment check
+                const surroundingCode = lines.slice(Math.max(0, lineNum - 5), lineNum + 1).join('\n');
+                if (!hasProductionCheck(surroundingCode)) {
+                    findings.push({
+                        id: `owasp-a05-error-${findings.length + 1}`,
+                        ruleId: 'owasp-a05-security-misconfiguration',
+                        severity: 'medium',
+                        message: `Verbose error information: ${type}`,
+                        location: {
+                            file: context.filePath,
+                            startLine: lineNum + 1,
+                            endLine: lineNum + 1,
+                            startColumn: 0,
+                            endColumn: line.length,
+                        },
+                        suggestion: {
+                            description: 'Send generic errors in production',
+                            example: `// Send generic errors in production:
+app.use((err, req, res, next) => {
+  console.error(err); // Log internally
+  const message = process.env.NODE_ENV === 'production'
+    ? 'Internal Server Error'
+    : err.message;
+  res.status(500).json({ error: message });
+});`,
+                        },
+                    });
+                }
+                break;
+            }
+        }
+    }
+}
+/**
+ * Check for unnecessary features enabled
+ */
+function checkUnnecessaryFeatures(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    const unnecessaryFeaturePatterns = [
+        // X-Powered-By header (should be disabled)
+        { pattern: /x-powered-by/gi, issue: 'X-Powered-By header exposed' },
+        // Directory listing
+        { pattern: /serveIndex|directory\s*listing|autoindex/gi, issue: 'Directory listing may be enabled' },
+        // TRACE method (rarely needed)
+        { pattern: /app\.trace\s*\(/gi, issue: 'TRACE HTTP method enabled' },
+        // Debug endpoints
+        { pattern: /(?:\/debug|\/trace|\/dump|\/phpinfo)/gi, issue: 'Debug endpoint detected' },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, issue } of unnecessaryFeaturePatterns) {
+            pattern.lastIndex = 0;
+            if (pattern.test(line)) {
+                findings.push({
+                    id: `owasp-a05-feature-${findings.length + 1}`,
+                    ruleId: 'owasp-a05-security-misconfiguration',
+                    severity: 'low',
+                    message: `Unnecessary feature: ${issue}`,
+                    location: {
+                        file: context.filePath,
+                        startLine: lineNum + 1,
+                        endLine: lineNum + 1,
+                        startColumn: 0,
+                        endColumn: line.length,
+                    },
+                    suggestion: {
+                        description: 'Disable unnecessary features',
+                        example: `// Disable X-Powered-By:
+app.disable('x-powered-by');
+// Or use Helmet which does this automatically`,
+                    },
+                });
+                break;
+            }
+        }
+    }
+}
+/**
+ * Check for missing security headers
+ */
+function checkMissingHeaders(context, findings) {
+    const sourceCode = context.sourceCode;
+    // List of important security headers
+    const securityHeaders = [
+        'Content-Security-Policy',
+        'X-Content-Type-Options',
+        'X-Frame-Options',
+        'Strict-Transport-Security',
+        'X-XSS-Protection',
+    ];
+    // Check if helmet is used (sets all headers)
+    if (sourceCode.includes('helmet'))
+        return;
+    // Check if it's a server file
+    const isServerFile = /express|createServer|fastify|koa/i.test(sourceCode);
+    if (isServerFile) {
+        const missingHeaders = securityHeaders.filter(header => !new RegExp(header, 'i').test(sourceCode));
+        if (missingHeaders.length > 0) {
+            findings.push({
+                id: `owasp-a05-header-${findings.length + 1}`,
+                ruleId: 'owasp-a05-security-misconfiguration',
+                severity: 'medium',
+                message: `Missing security headers: ${missingHeaders.join(', ')}`,
+                location: {
+                    file: context.filePath,
+                    startLine: 1,
+                    endLine: 1,
+                    startColumn: 0,
+                    endColumn: 0,
+                },
+                suggestion: {
+                    description: 'Use Helmet for comprehensive security headers',
+                    example: `// Use Helmet for comprehensive security headers:
+const helmet = require('helmet');
+app.use(helmet());
+// Or set individual headers:
+app.use((req, res, next) => {
+  res.setHeader('X-Content-Type-Options', 'nosniff');
+  res.setHeader('X-Frame-Options', 'DENY');
+  next();
+});`,
+                },
+            });
+        }
+    }
+}
+/**
+ * Check for development settings in production code
+ */
+function checkDevSettings(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    const devSettingsPatterns = [
+        // localhost in production
+        { pattern: /['"`](?:https?:\/\/)?localhost(?::\d+)?(?:\/[^'"`]*)?['"`]/gi, issue: 'localhost URL' },
+        { pattern: /['"`](?:https?:\/\/)?127\.0\.0\.1(?::\d+)?(?:\/[^'"`]*)?['"`]/gi, issue: '127.0.0.1 URL' },
+        // Development databases
+        { pattern: /mongodb:\/\/localhost/gi, issue: 'localhost MongoDB' },
+        { pattern: /redis:\/\/localhost/gi, issue: 'localhost Redis' },
+        // Debug flags
+        { pattern: /(?:DEBUG|VERBOSE|DEV_MODE)\s*[:=]\s*(?:true|1|['"`]1['"`])/gi, issue: 'Debug flag enabled' },
+        // TODO/FIXME for security
+        { pattern: /(?:TODO|FIXME)[^*\n]*(?:security|auth|password|token)/gi, issue: 'Security TODO/FIXME' },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, issue } of devSettingsPatterns) {
+            pattern.lastIndex = 0;
+            if (pattern.test(line)) {
+                // Check if it's conditional
+                const surroundingCode = lines.slice(Math.max(0, lineNum - 2), lineNum + 2).join('\n');
+                if (!isConditionalDevCode(surroundingCode)) {
+                    findings.push({
+                        id: `owasp-a05-dev-${findings.length + 1}`,
+                        ruleId: 'owasp-a05-security-misconfiguration',
+                        severity: 'medium',
+                        message: `Development setting in code: ${issue}`,
+                        location: {
+                            file: context.filePath,
+                            startLine: lineNum + 1,
+                            endLine: lineNum + 1,
+                            startColumn: 0,
+                            endColumn: line.length,
+                        },
+                        suggestion: {
+                            description: 'Use environment variables',
+                            example: `// Use environment variables:
+const dbUrl = process.env.DATABASE_URL || 'mongodb://localhost/dev';
+// Or use conditional logic:
+const apiUrl = process.env.NODE_ENV === 'production'
+  ? 'https://api.production.com'
+  : 'http://localhost:3000';`,
+                        },
+                    });
+                }
+                break;
+            }
+        }
+    }
+}
+/**
+ * Check for exposed environment variables
+ */
+function checkExposedEnvironment(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    const exposedEnvPatterns = [
+        // Sending all environment variables
+        { pattern: /res\.(?:send|json)\s*\([^)]*process\.env\s*\)/gi, issue: 'Full process.env in response' },
+        // Logging all environment
+        { pattern: /console\.log\s*\([^)]*process\.env\s*\)/gi, issue: 'Full process.env in console' },
+        // Config dump
+        { pattern: /JSON\.stringify\s*\([^)]*process\.env/gi, issue: 'process.env stringified' },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, issue } of exposedEnvPatterns) {
+            pattern.lastIndex = 0;
+            if (pattern.test(line)) {
+                findings.push({
+                    id: `owasp-a05-env-${findings.length + 1}`,
+                    ruleId: 'owasp-a05-security-misconfiguration',
+                    severity: 'critical',
+                    message: `Exposed environment: ${issue}`,
+                    location: {
+                        file: context.filePath,
+                        startLine: lineNum + 1,
+                        endLine: lineNum + 1,
+                        startColumn: 0,
+                        endColumn: line.length,
+                    },
+                    suggestion: {
+                        description: 'Never expose full environment',
+                        example: `// Never expose full environment:
+// Instead, expose only safe values
+const safeConfig = {
+  nodeEnv: process.env.NODE_ENV,
+  appVersion: process.env.APP_VERSION
+};
+res.json({ config: safeConfig });`,
+                    },
+                });
+                break;
+            }
+        }
+    }
+}
+/**
+ * Check if code has production environment check
+ */
+function hasProductionCheck(code) {
+    const prodCheckPatterns = [
+        /process\.env\.NODE_ENV/i,
+        /production/i,
+        /development/i,
+        /isProduction/i,
+        /isProd/i,
+    ];
+    return prodCheckPatterns.some(p => p.test(code));
+}
+/**
+ * Check if code is conditional development code
+ */
+function isConditionalDevCode(code) {
+    const conditionalPatterns = [
+        /if\s*\([^)]*(?:NODE_ENV|development|production)/i,
+        /process\.env\.\w+\s*\|\|/i,
+        /\?\s*['"`]http/i,
+    ];
+    return conditionalPatterns.some(p => p.test(code));
+}
+export default owaspA05SecurityMisconfiguration;
+//# sourceMappingURL=a05-security-misconfiguration.js.map

package/dist/rules/owasp/a05-security-misconfiguration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"a05-security-misconfiguration.js","sourceRoot":"","sources":["../../../src/rules/owasp/a05-security-misconfiguration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAiB;IAC5D,EAAE,EAAE,qCAAqC;IACzC,IAAI,EAAE,4CAA4C;IAClD,WAAW,EAAE,yGAAyG;IACtH,eAAe,EAAE,MAAM;IACvB,eAAe,EAAE,eAAe;IAChC,IAAI,EAAE,CAAC,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,CAAC;IACnE,KAAK,EAAE,CAAC,UAAU,CAAC;IACnB,GAAG,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;IACrE,UAAU,EAAE;QACV,EAAE,KAAK,EAAE,4CAA4C,EAAE,GAAG,EAAE,6DAA6D,EAAE;QAC3H,EAAE,KAAK,EAAE,uBAAuB,EAAE,GAAG,EAAE,gDAAgD,EAAE;KAC1F;IAED,KAAK,CAAC,OAAO,CAAC,OAAoB;QAChC,MAAM,QAAQ,GAAkB,EAAE,CAAC;QACnC,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QACtC,IAAI,CAAC,UAAU;YAAE,OAAO,QAAQ,CAAC;QAEjC,gCAAgC;QAChC,uBAAuB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE3C,2BAA2B;QAC3B,kBAAkB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAEtC,iCAAiC;QACjC,wBAAwB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE5C,qCAAqC;QACrC,mBAAmB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAEvC,iCAAiC;QACjC,gBAAgB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAEpC,gCAAgC;QAChC,uBAAuB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE3C,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,SAAS,uBAAuB,CAAC,OAAoB,EAAE,QAAuB;IAC5E,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,mBAAmB,GAAG;QAC1B,oBAAoB;QACpB,EAAE,OAAO,EAAE,gFAAgF,EAAE,IAAI,EAAE,kBAAkB,EAAE;QACvH,oBAAoB;QACpB,EAAE,OAAO,EAAE,sEAAsE,EAAE,IAAI,EAAE,kBAAkB,EAAE;QAC7G,0CAA0C;QAC1C,EAAE,OAAO,EAAE,oFAAoF,EAAE,IAAI,EAAE,qBAAqB,EAAE;QAC9H,iBAAiB;QACjB,EAAE,OAAO,EAAE,wEAAwE,EAAE,IAAI,EAAE,eAAe,EAAE;KAC7G,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,gBAAgB;QAChB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAE1E,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,mBAAmB,EAAE,CAAC;YACpD,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,kBAAkB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBAC3C,MAAM,EAAE,qCAAqC;oBAC7C,QAAQ,EAAE,UAAU;oBACpB,OAAO,EAAE,wBAAwB,IAAI,WAAW;oBAChD,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,SAAS,EAAE,OAAO,GAAG,CAAC;wBACtB,OAAO,EAAE,OAAO,GAAG,CAAC;wBACpB,WAAW,EAAE,CAAC;wBACd,SAAS,EAAE,IAAI,CAAC,MAAM;qBACvB;oBACD,UAAU,EAAE;wBACV,WAAW,EAAE,2CAA2C;wBACxD,OAAO,EAAE;;oCAEe;qBACzB;iBACF,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,OAAoB,EAAE,QAAuB;IACvE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,oBAAoB,GAAG;QAC3B,uBAAuB;QACvB,EAAE,OAAO,EAAE,gEAAgE,EAAE,IAAI,EAAE,yBAAyB,EAAE;QAC9G,oBAAoB;QACpB,EAAE,OAAO,EAAE,qDAAqD,EAAE,IAAI,EAAE,+BAA+B,EAAE;QACzG,yBAAyB;QACzB,EAAE,OAAO,EAAE,2DAA2D,EAAE,IAAI,EAAE,8BAA8B,EAAE;QAC9G,2BAA2B;QAC3B,EAAE,OAAO,EAAE,iEAAiE,EAAE,IAAI,EAAE,2BAA2B,EAAE;KAClH,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,oBAAoB,EAAE,CAAC;YACrD,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,qCAAqC;gBACrC,MAAM,eAAe,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEtF,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,EAAE,CAAC;oBACzC,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,mBAAmB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;wBAC5C,MAAM,EAAE,qCAAqC;wBAC7C,QAAQ,EAAE,QAAQ;wBAClB,OAAO,EAAE,8BAA8B,IAAI,EAAE;wBAC7C,QAAQ,EAAE;4BACR,IAAI,EAAE,OAAO,CAAC,QAAQ;4BACtB,SAAS,EAAE,OAAO,GAAG,CAAC;4BACtB,OAAO,EAAE,OAAO,GAAG,CAAC;4BACpB,WAAW,EAAE,CAAC;4BACd,SAAS,EAAE,IAAI,CAAC,MAAM;yBACvB;wBACD,UAAU,EAAE;4BACV,WAAW,EAAE,mCAAmC;4BAChD,OAAO,EAAE;;;;;;;IAOnB;yBACS;qBACF,CAAC,CAAC;gBACL,CAAC;gBACD,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,OAAoB,EAAE,QAAuB;IAC7E,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,0BAA0B,GAAG;QACjC,2CAA2C;QAC3C,EAAE,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,6BAA6B,EAAE;QACnE,oBAAoB;QACpB,EAAE,OAAO,EAAE,4CAA4C,EAAE,KAAK,EAAE,kCAAkC,EAAE;QACpG,+BAA+B;QAC/B,EAAE,OAAO,EAAE,mBAAmB,EAAE,KAAK,EAAE,2BAA2B,EAAE;QACpE,kBAAkB;QAClB,EAAE,OAAO,EAAE,wCAAwC,EAAE,KAAK,EAAE,yBAAyB,EAAE;KACxF,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,0BAA0B,EAAE,CAAC;YAC5D,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,qBAAqB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBAC9C,MAAM,EAAE,qCAAqC;oBAC7C,QAAQ,EAAE,KAAK;oBACf,OAAO,EAAE,wBAAwB,KAAK,EAAE;oBACxC,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,SAAS,EAAE,OAAO,GAAG,CAAC;wBACtB,OAAO,EAAE,OAAO,GAAG,CAAC;wBACpB,WAAW,EAAE,CAAC;wBACd,SAAS,EAAE,IAAI,CAAC,MAAM;qBACvB;oBACD,UAAU,EAAE;wBACV,WAAW,EAAE,8BAA8B;wBAC3C,OAAO,EAAE;;+CAE0B;qBACpC;iBACF,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,OAAoB,EAAE,QAAuB;IACxE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IAEtC,qCAAqC;IACrC,MAAM,eAAe,GAAG;QACtB,yBAAyB;QACzB,wBAAwB;QACxB,iBAAiB;QACjB,2BAA2B;QAC3B,kBAAkB;KACnB,CAAC;IAEF,6CAA6C;IAC7C,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO;IAE1C,8BAA8B;IAC9B,MAAM,YAAY,GAAG,mCAAmC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAE1E,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,cAAc,GAAG,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CACrD,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAC1C,CAAC;QAEF,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,oBAAoB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;gBAC7C,MAAM,EAAE,qCAAqC;gBAC7C,QAAQ,EAAE,QAAQ;gBAClB,OAAO,EAAE,6BAA6B,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBACjE,QAAQ,EAAE;oBACR,IAAI,EAAE,OAAO,CAAC,QAAQ;oBACtB,SAAS,EAAE,CAAC;oBACZ,OAAO,EAAE,CAAC;oBACV,WAAW,EAAE,CAAC;oBACd,SAAS,EAAE,CAAC;iBACb;gBACD,UAAU,EAAE;oBACV,WAAW,EAAE,+CAA+C;oBAC5D,OAAO,EAAE;;;;;;;;IAQf;iBACK;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,OAAoB,EAAE,QAAuB;IACrE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,mBAAmB,GAAG;QAC1B,0BAA0B;QAC1B,EAAE,OAAO,EAAE,8DAA8D,EAAE,KAAK,EAAE,eAAe,EAAE;QACnG,EAAE,OAAO,EAAE,iEAAiE,EAAE,KAAK,EAAE,eAAe,EAAE;QACtG,wBAAwB;QACxB,EAAE,OAAO,EAAE,yBAAyB,EAAE,KAAK,EAAE,mBAAmB,EAAE;QAClE,EAAE,OAAO,EAAE,uBAAuB,EAAE,KAAK,EAAE,iBAAiB,EAAE;QAC9D,cAAc;QACd,EAAE,OAAO,EAAE,8DAA8D,EAAE,KAAK,EAAE,oBAAoB,EAAE;QACxG,0BAA0B;QAC1B,EAAE,OAAO,EAAE,yDAAyD,EAAE,KAAK,EAAE,qBAAqB,EAAE;KACrG,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,mBAAmB,EAAE,CAAC;YACrD,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,4BAA4B;gBAC5B,MAAM,eAAe,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEtF,IAAI,CAAC,oBAAoB,CAAC,eAAe,CAAC,EAAE,CAAC;oBAC3C,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,iBAAiB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;wBAC1C,MAAM,EAAE,qCAAqC;wBAC7C,QAAQ,EAAE,QAAQ;wBAClB,OAAO,EAAE,gCAAgC,KAAK,EAAE;wBAChD,QAAQ,EAAE;4BACR,IAAI,EAAE,OAAO,CAAC,QAAQ;4BACtB,SAAS,EAAE,OAAO,GAAG,CAAC;4BACtB,OAAO,EAAE,OAAO,GAAG,CAAC;4BACpB,WAAW,EAAE,CAAC;4BACd,SAAS,EAAE,IAAI,CAAC,MAAM;yBACvB;wBACD,UAAU,EAAE;4BACV,WAAW,EAAE,2BAA2B;4BACxC,OAAO,EAAE;;;;;6BAKM;yBAChB;qBACF,CAAC,CAAC;gBACL,CAAC;gBACD,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAAC,OAAoB,EAAE,QAAuB;IAC5E,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,kBAAkB,GAAG;QACzB,oCAAoC;QACpC,EAAE,OAAO,EAAE,iDAAiD,EAAE,KAAK,EAAE,8BAA8B,EAAE;QACrG,0BAA0B;QAC1B,EAAE,OAAO,EAAE,2CAA2C,EAAE,KAAK,EAAE,6BAA6B,EAAE;QAC9F,cAAc;QACd,EAAE,OAAO,EAAE,yCAAyC,EAAE,KAAK,EAAE,yBAAyB,EAAE;KACzF,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,kBAAkB,EAAE,CAAC;YACpD,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,iBAAiB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBAC1C,MAAM,EAAE,qCAAqC;oBAC7C,QAAQ,EAAE,UAAU;oBACpB,OAAO,EAAE,wBAAwB,KAAK,EAAE;oBACxC,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,SAAS,EAAE,OAAO,GAAG,CAAC;wBACtB,OAAO,EAAE,OAAO,GAAG,CAAC;wBACpB,WAAW,EAAE,CAAC;wBACd,SAAS,EAAE,IAAI,CAAC,MAAM;qBACvB;oBACD,UAAU,EAAE;wBACV,WAAW,EAAE,+BAA+B;wBAC5C,OAAO,EAAE;;;;;;kCAMa;qBACvB;iBACF,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,IAAY;IACtC,MAAM,iBAAiB,GAAG;QACxB,yBAAyB;QACzB,aAAa;QACb,cAAc;QACd,eAAe;QACf,SAAS;KACV,CAAC;IAEF,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AACnD,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,IAAY;IACxC,MAAM,mBAAmB,GAAG;QAC1B,kDAAkD;QAClD,2BAA2B;QAC3B,iBAAiB;KAClB,CAAC;IAEF,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AACrD,CAAC;AAED,eAAe,gCAAgC,CAAC"}

package/dist/rules/owasp/a06-vulnerable-components.d.ts

@@ -0,0 +1,18 @@
+/**
+ * @fileoverview OWASP A06:2021 - Vulnerable and Outdated Components
+ * @module @nahisaho/musubix-security/rules/owasp/a06
+ * @trace REQ-SEC-OWASP-006
+ */
+import type { SecurityRule } from '../types.js';
+/**
+ * OWASP A06:2021 - Vulnerable and Outdated Components
+ *
+ * Detects:
+ * - Known vulnerable package versions
+ * - Outdated dependencies
+ * - Using unmaintained packages
+ * - Missing integrity checks
+ */
+export declare const owaspA06VulnerableComponents: SecurityRule;
+export default owaspA06VulnerableComponents;
+//# sourceMappingURL=a06-vulnerable-components.d.ts.map

package/dist/rules/owasp/a06-vulnerable-components.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"a06-vulnerable-components.d.ts","sourceRoot":"","sources":["../../../src/rules/owasp/a06-vulnerable-components.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,YAAY,EAA2C,MAAM,aAAa,CAAC;AAEzF;;;;;;;;GAQG;AACH,eAAO,MAAM,4BAA4B,EAAE,YAsC1C,CAAC;AAoNF,eAAe,4BAA4B,CAAC"}

package/dist/rules/owasp/a06-vulnerable-components.js

@@ -0,0 +1,243 @@
+/**
+ * @fileoverview OWASP A06:2021 - Vulnerable and Outdated Components
+ * @module @nahisaho/musubix-security/rules/owasp/a06
+ * @trace REQ-SEC-OWASP-006
+ */
+/**
+ * OWASP A06:2021 - Vulnerable and Outdated Components
+ *
+ * Detects:
+ * - Known vulnerable package versions
+ * - Outdated dependencies
+ * - Using unmaintained packages
+ * - Missing integrity checks
+ */
+export const owaspA06VulnerableComponents = {
+    id: 'owasp-a06-vulnerable-components',
+    name: 'OWASP A06:2021 - Vulnerable and Outdated Components',
+    description: 'Detects use of components with known vulnerabilities or outdated dependencies',
+    defaultSeverity: 'high',
+    category: 'dependency',
+    owasp: ['A06:2021'],
+    cwe: ['1035', '1104', '937'],
+    references: [
+        {
+            title: 'OWASP A06:2021',
+            url: 'https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/',
+        },
+        {
+            title: 'CWE-1104: Use of Unmaintained Third Party Components',
+            url: 'https://cwe.mitre.org/data/definitions/1104.html',
+        },
+    ],
+    async analyze(context) {
+        const findings = [];
+        // Check for vulnerable patterns
+        checkVulnerablePatterns(context, findings);
+        // Check package.json if it's the target file
+        if (context.filePath.endsWith('package.json')) {
+            checkPackageJson(context, findings);
+        }
+        // Check for missing SRI in HTML/templates
+        checkMissingSRI(context, findings);
+        // Check for outdated CDN usage
+        checkOutdatedCDN(context, findings);
+        return findings;
+    },
+};
+/**
+ * Known vulnerable package patterns (simplified version)
+ */
+const VULNERABLE_PATTERNS = [
+    // Lodash < 4.17.21
+    { pattern: /['"`]lodash['"`]\s*:\s*['"`](?:[0-3]\.|4\.(?:[0-9]|1[0-6])\.|4\.17\.(?:[0-9]|1[0-9]|20))['"`]/i, pkg: 'lodash', issue: 'Prototype pollution vulnerability' },
+    // jquery < 3.5.0
+    { pattern: /['"`]jquery['"`]\s*:\s*['"`](?:[0-2]\.|3\.[0-4]\.)['"`]/i, pkg: 'jquery', issue: 'XSS vulnerability in htmlPrefilter' },
+    // axios < 0.21.1
+    { pattern: /['"`]axios['"`]\s*:\s*['"`]0\.(?:[0-9]|1[0-9]|20)\./i, pkg: 'axios', issue: 'SSRF vulnerability' },
+    // minimist < 1.2.6
+    { pattern: /['"`]minimist['"`]\s*:\s*['"`](?:0\.|1\.[0-2]\.[0-5])['"`]/i, pkg: 'minimist', issue: 'Prototype pollution vulnerability' },
+    // serialize-javascript < 3.1.0
+    { pattern: /['"`]serialize-javascript['"`]\s*:\s*['"`][0-2]\.['"`]/i, pkg: 'serialize-javascript', issue: 'RCE vulnerability' },
+    // node-forge < 1.0.0
+    { pattern: /['"`]node-forge['"`]\s*:\s*['"`]0\.['"`]/i, pkg: 'node-forge', issue: 'Improper verification of cryptographic signature' },
+    // moment (unmaintained)
+    { pattern: /['"`]moment['"`]\s*:/i, pkg: 'moment', issue: 'Unmaintained - consider using date-fns or luxon' },
+    // request (deprecated)
+    { pattern: /['"`]request['"`]\s*:/i, pkg: 'request', issue: 'Deprecated - use axios, got, or node-fetch' },
+    // express-jwt < 6.0.0
+    { pattern: /['"`]express-jwt['"`]\s*:\s*['"`][0-5]\.['"`]/i, pkg: 'express-jwt', issue: 'Algorithm confusion vulnerability' },
+];
+/**
+ * Check for vulnerable patterns in source code
+ */
+function checkVulnerablePatterns(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    // Check for importing known vulnerable packages
+    const importPatterns = [
+        // CommonJS require of vulnerable packages
+        { pattern: /require\s*\(\s*['"`]moment['"`]\s*\)/i, pkg: 'moment', issue: 'Unmaintained - consider using date-fns' },
+        { pattern: /require\s*\(\s*['"`]request['"`]\s*\)/i, pkg: 'request', issue: 'Deprecated package' },
+        // ES imports
+        { pattern: /import\s+.*\s+from\s+['"`]moment['"`]/i, pkg: 'moment', issue: 'Unmaintained - consider using date-fns' },
+        { pattern: /import\s+.*\s+from\s+['"`]request['"`]/i, pkg: 'request', issue: 'Deprecated package' },
+        // Using vulnerable crypto in Node.js
+        { pattern: /crypto\.createCipher\s*\(/i, pkg: 'crypto.createCipher', issue: 'Deprecated - use createCipheriv' },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, pkg, issue } of importPatterns) {
+            if (pattern.test(line)) {
+                findings.push({
+                    id: `owasp-a06-import-${findings.length + 1}`,
+                    ruleId: 'owasp-a06-vulnerable-components',
+                    severity: 'medium',
+                    message: `Potentially vulnerable or deprecated component: ${pkg} - ${issue}`,
+                    location: {
+                        file: context.filePath,
+                        startLine: lineNum + 1,
+                        endLine: lineNum + 1,
+                        startColumn: 0,
+                        endColumn: line.length,
+                    },
+                    suggestion: {
+                        description: 'Consider using a maintained alternative',
+                        example: pkg === 'moment'
+                            ? `// Use date-fns instead:\nimport { format, parseISO } from 'date-fns';`
+                            : pkg === 'request'
+                                ? `// Use axios or got instead:\nimport axios from 'axios';`
+                                : `// Use the recommended secure alternative`,
+                    },
+                });
+                break;
+            }
+        }
+    }
+}
+/**
+ * Check package.json for vulnerable dependencies
+ */
+function checkPackageJson(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, pkg, issue } of VULNERABLE_PATTERNS) {
+            if (pattern.test(line)) {
+                findings.push({
+                    id: `owasp-a06-pkg-${findings.length + 1}`,
+                    ruleId: 'owasp-a06-vulnerable-components',
+                    severity: 'high',
+                    message: `Vulnerable package version: ${pkg} - ${issue}`,
+                    location: {
+                        file: context.filePath,
+                        startLine: lineNum + 1,
+                        endLine: lineNum + 1,
+                        startColumn: 0,
+                        endColumn: line.length,
+                    },
+                    cwe: ['1104'],
+                    suggestion: {
+                        description: 'Update to the latest secure version',
+                        example: `Run: npm audit fix\nOr: npm update ${pkg}`,
+                    },
+                });
+                break;
+            }
+        }
+    }
+}
+/**
+ * Check for missing Subresource Integrity (SRI)
+ */
+function checkMissingSRI(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    // Only check HTML-like files or templates
+    const isRelevantFile = /\.(html?|ejs|hbs|pug|vue|svelte|tsx?|jsx?)$/i.test(context.filePath);
+    if (!isRelevantFile)
+        return;
+    const sriPatterns = [
+        // Script tags from CDN without integrity
+        { pattern: /<script[^>]+src\s*=\s*['"`]https?:\/\/(?:cdn|unpkg|jsdelivr|cdnjs)[^'"`]+['"`][^>]*>/i, type: 'script' },
+        // Link tags from CDN without integrity
+        { pattern: /<link[^>]+href\s*=\s*['"`]https?:\/\/(?:cdn|unpkg|jsdelivr|cdnjs)[^'"`]+['"`][^>]*>/i, type: 'stylesheet' },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, type } of sriPatterns) {
+            if (pattern.test(line)) {
+                // Check if integrity attribute is present
+                if (!/integrity\s*=/i.test(line)) {
+                    findings.push({
+                        id: `owasp-a06-sri-${findings.length + 1}`,
+                        ruleId: 'owasp-a06-vulnerable-components',
+                        severity: 'medium',
+                        message: `Missing Subresource Integrity (SRI) for external ${type}`,
+                        location: {
+                            file: context.filePath,
+                            startLine: lineNum + 1,
+                            endLine: lineNum + 1,
+                            startColumn: 0,
+                            endColumn: line.length,
+                        },
+                        cwe: ['353'],
+                        suggestion: {
+                            description: 'Add integrity and crossorigin attributes',
+                            example: `<script src="https://cdn.example.com/lib.js" 
+  integrity="sha384-..." 
+  crossorigin="anonymous"></script>`,
+                        },
+                    });
+                }
+                break;
+            }
+        }
+    }
+}
+/**
+ * Check for outdated CDN URLs
+ */
+function checkOutdatedCDN(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    const outdatedCDNPatterns = [
+        // Old jQuery versions
+        { pattern: /jquery[\/\-]([0-2]\.[0-9]+|3\.[0-4]\.[0-9]+)/i, lib: 'jQuery', issue: 'outdated version' },
+        // Old Bootstrap versions
+        { pattern: /bootstrap[\/\-]([0-3]\.[0-9]+|4\.[0-5]\.[0-9]+)/i, lib: 'Bootstrap', issue: 'outdated version' },
+        // Old Angular versions
+        { pattern: /angular[\/\-](1\.[0-7]\.[0-9]+)/i, lib: 'AngularJS', issue: 'legacy version' },
+        // HTTP instead of HTTPS for CDN
+        { pattern: /['"`]http:\/\/(?:cdn|unpkg|jsdelivr|cdnjs)/i, lib: 'CDN', issue: 'using HTTP instead of HTTPS' },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, lib, issue } of outdatedCDNPatterns) {
+            if (pattern.test(line)) {
+                findings.push({
+                    id: `owasp-a06-cdn-${findings.length + 1}`,
+                    ruleId: 'owasp-a06-vulnerable-components',
+                    severity: lib === 'CDN' ? 'high' : 'medium',
+                    message: `Potentially ${issue}: ${lib}`,
+                    location: {
+                        file: context.filePath,
+                        startLine: lineNum + 1,
+                        endLine: lineNum + 1,
+                        startColumn: 0,
+                        endColumn: line.length,
+                    },
+                    suggestion: {
+                        description: lib === 'CDN'
+                            ? 'Always use HTTPS for external resources'
+                            : `Update ${lib} to the latest version`,
+                    },
+                });
+                break;
+            }
+        }
+    }
+}
+export default owaspA06VulnerableComponents;
+//# sourceMappingURL=a06-vulnerable-components.js.map