@nahisaho/musubix-security 2.0.0 → 2.1.0

package/dist/rules/types.d.ts

@@ -0,0 +1,277 @@
+/**
+ * @fileoverview Rule Engine Type Definitions
+ * @module @nahisaho/musubix-security/rules/types
+ * @trace REQ-RULE-001, REQ-RULE-002, REQ-RULE-003
+ */
+import type { SourceFile } from 'ts-morph';
+import type { TaintResult, TaintPath } from '../types/taint.js';
+/**
+ * Rule severity levels
+ */
+export type RuleSeverity = 'critical' | 'high' | 'medium' | 'low' | 'info';
+/**
+ * Detection method types
+ */
+export type DetectionMethod = 'taint-analysis' | 'pattern-match' | 'type-analysis' | 'config-check' | 'dependency-check' | 'combined';
+/**
+ * Source location in code
+ */
+export interface SourceLocation {
+    /** File path */
+    file: string;
+    /** Start line (1-based) */
+    startLine: number;
+    /** End line (1-based) */
+    endLine: number;
+    /** Start column (0-based) */
+    startColumn?: number;
+    /** End column (0-based) */
+    endColumn?: number;
+}
+/**
+ * Fix suggestion for a finding
+ */
+export interface FixSuggestion {
+    /** Description of the fix */
+    description: string;
+    /** Replacement text */
+    replacement?: string;
+    /** Location to apply the fix */
+    location: SourceLocation;
+    /** Is this an automated fix? */
+    isAutoFixable: boolean;
+}
+/**
+ * Individual finding from rule execution
+ */
+export interface RuleFinding {
+    /** Unique finding ID */
+    id: string;
+    /** Rule ID that generated this finding */
+    ruleId: string;
+    /** Finding severity */
+    severity: RuleSeverity;
+    /** Human-readable message */
+    message: string;
+    /** Source location */
+    location: SourceLocation;
+    /** Related CWE IDs */
+    cwe?: string[];
+    /** Related OWASP categories */
+    owasp?: string[];
+    /** Remediation guidance */
+    remediation?: string;
+    /** Is this finding suppressed? */
+    suppressed?: boolean;
+    /** Suppression reason if suppressed */
+    suppressionReason?: string;
+    /** Fix suggestion */
+    fix?: FixSuggestion;
+    /** Suggestion for remediation (alternative to fix) */
+    suggestion?: {
+        /** Description of suggested fix */
+        description: string;
+        /** Example code */
+        example?: string;
+    };
+    /** Additional metadata */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Result from executing a single rule
+ */
+export interface RuleResult {
+    /** Rule ID */
+    ruleId: string;
+    /** Rule name */
+    ruleName: string;
+    /** Findings generated */
+    findings: RuleFinding[];
+    /** Execution time in milliseconds */
+    executionTime: number;
+    /** Errors encountered */
+    errors: string[];
+    /** Was execution successful? */
+    success: boolean;
+}
+/**
+ * Rule configuration settings
+ */
+export interface RuleSettings {
+    /** Is rule enabled? */
+    enabled: boolean;
+    /** Override default severity */
+    severity?: RuleSeverity;
+    /** Rule-specific options */
+    options?: Record<string, unknown>;
+}
+/**
+ * Global rule configuration
+ */
+export interface RuleConfig {
+    /** Configuration profile */
+    profile?: string;
+    /** Rule-specific settings */
+    rules: Record<string, RuleSettings>;
+    /** File patterns to exclude */
+    exclude: string[];
+    /** File patterns to include */
+    include: string[];
+    /** Minimum severity to report */
+    severityThreshold: RuleSeverity;
+    /** Enable taint analysis */
+    enableTaintAnalysis: boolean;
+    /** Enable DFG analysis */
+    enableDFG: boolean;
+}
+/**
+ * Taint analysis results for rule context
+ */
+export interface RuleTaintResults {
+    /** Taint flows (alias for unsafePaths) */
+    flows: TaintPath[];
+    /** Full taint analysis result */
+    fullResult?: TaintResult;
+}
+/**
+ * Rule execution context
+ */
+export interface RuleContext {
+    /** File path being analyzed */
+    filePath: string;
+    /** Source code content */
+    sourceCode: string;
+    /** ts-morph SourceFile AST */
+    sourceFile: SourceFile;
+    /** Project root directory */
+    projectRoot: string;
+    /** Rule configuration */
+    config: RuleConfig;
+    /** Results from previously executed rules */
+    previousResults: Map<string, RuleResult>;
+    /** Taint analysis results (if available) */
+    taintResults?: RuleTaintResults;
+    /** Report a finding */
+    report(finding: Omit<RuleFinding, 'id' | 'ruleId'>): void;
+    /** Get option value for current rule */
+    getOption<T>(key: string, defaultValue: T): T;
+}
+/**
+ * Rule reference link
+ */
+export interface RuleReference {
+    /** Reference title */
+    title: string;
+    /** Reference URL */
+    url: string;
+}
+/**
+ * Security rule interface
+ */
+export interface SecurityRule {
+    /** Unique rule ID (e.g., "CWE-079", "OWASP-A03") */
+    id: string;
+    /** Human-readable name */
+    name: string;
+    /** Detailed description */
+    description: string;
+    /** Default severity */
+    defaultSeverity: RuleSeverity;
+    /** Rule category for grouping */
+    category?: string;
+    /** Related CWE IDs */
+    cwe?: string[];
+    /** Related OWASP categories */
+    owasp?: string[];
+    /** Detection method used */
+    detectionMethod?: DetectionMethod;
+    /** Tags for categorization */
+    tags?: string[];
+    /** Reference links */
+    references?: RuleReference[];
+    /** Execute the rule */
+    analyze(context: RuleContext): Promise<RuleFinding[]>;
+    /** Generate fix suggestion for a finding */
+    getSuggestion?(finding: RuleFinding): FixSuggestion | null;
+}
+/**
+ * Rule engine options
+ */
+export interface RuleEngineOptions {
+    /** Configuration */
+    config?: Partial<RuleConfig>;
+    /** Enable parallel execution */
+    parallel?: boolean;
+    /** Maximum concurrent rules */
+    maxConcurrent?: number;
+    /** Progress callback */
+    onProgress?: (progress: AnalysisProgress) => void;
+}
+/**
+ * Analysis progress information
+ */
+export interface AnalysisProgress {
+    /** Current phase */
+    phase: 'initializing' | 'parsing' | 'analyzing' | 'reporting' | 'complete';
+    /** Total files to analyze */
+    totalFiles: number;
+    /** Files analyzed so far */
+    analyzedFiles: number;
+    /** Current file being analyzed */
+    currentFile?: string;
+    /** Total rules enabled */
+    totalRules: number;
+    /** Findings so far */
+    findingsCount: number;
+}
+/**
+ * Complete analysis report
+ */
+export interface AnalysisReport {
+    /** Report timestamp */
+    timestamp: string;
+    /** Project root */
+    projectRoot: string;
+    /** Configuration used */
+    config: RuleConfig;
+    /** Files analyzed */
+    filesAnalyzed: string[];
+    /** Total execution time in ms */
+    totalTime: number;
+    /** Results by rule */
+    ruleResults: RuleResult[];
+    /** All findings (aggregated) */
+    findings: RuleFinding[];
+    /** Summary statistics */
+    summary: AnalysisSummary;
+}
+/**
+ * Analysis summary statistics
+ */
+export interface AnalysisSummary {
+    /** Total findings */
+    total: number;
+    /** Findings by severity */
+    bySeverity: Record<RuleSeverity, number>;
+    /** Findings by rule */
+    byRule: Record<string, number>;
+    /** Suppressed count */
+    suppressed: number;
+    /** Files with findings */
+    filesWithFindings: number;
+    /** Rules that found issues */
+    rulesTriggered: number;
+}
+/**
+ * Default rule configuration
+ */
+export declare const DEFAULT_RULE_CONFIG: RuleConfig;
+/**
+ * Severity ordering for comparison
+ */
+export declare const SEVERITY_ORDER: Record<RuleSeverity, number>;
+/**
+ * Check if severity meets threshold
+ */
+export declare function meetsSeverityThreshold(severity: RuleSeverity, threshold: RuleSeverity): boolean;
+//# sourceMappingURL=types.d.ts.map

package/dist/rules/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/rules/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAC3C,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAEhE;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAE3E;;GAEG;AACH,MAAM,MAAM,eAAe,GACvB,gBAAgB,GAChB,eAAe,GACf,eAAe,GACf,cAAc,GACd,kBAAkB,GAClB,UAAU,CAAC;AAEf;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,gBAAgB;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,2BAA2B;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,6BAA6B;IAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,2BAA2B;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,6BAA6B;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,uBAAuB;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gCAAgC;IAChC,QAAQ,EAAE,cAAc,CAAC;IACzB,gCAAgC;IAChC,aAAa,EAAE,OAAO,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,0CAA0C;IAC1C,MAAM,EAAE,MAAM,CAAC;IACf,uBAAuB;IACvB,QAAQ,EAAE,YAAY,CAAC;IACvB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,sBAAsB;IACtB,QAAQ,EAAE,cAAc,CAAC;IACzB,sBAAsB;IACtB,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,+BAA+B;IAC/B,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,2BAA2B;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,kCAAkC;IAClC,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,uCAAuC;IACvC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,qBAAqB;IACrB,GAAG,CAAC,EAAE,aAAa,CAAC;IACpB,sDAAsD;IACtD,UAAU,CAAC,EAAE;QACX,mCAAmC;QACnC,WAAW,EAAE,MAAM,CAAC;QACpB,mBAAmB;QACnB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,cAAc;IACd,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,yBAAyB;IACzB,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,qCAAqC;IACrC,aAAa,EAAE,MAAM,CAAC;IACtB,yBAAyB;IACzB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,gCAAgC;IAChC,OAAO,EAAE,OAAO,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,uBAAuB;IACvB,OAAO,EAAE,OAAO,CAAC;IACjB,gCAAgC;IAChC,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,4BAA4B;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,4BAA4B;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,6BAA6B;IAC7B,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IACpC,+BAA+B;IAC/B,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,+BAA+B;IAC/B,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,iCAAiC;IACjC,iBAAiB,EAAE,YAAY,CAAC;IAChC,4BAA4B;IAC5B,mBAAmB,EAAE,OAAO,CAAC;IAC7B,0BAA0B;IAC1B,SAAS,EAAE,OAAO,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,0CAA0C;IAC1C,KAAK,EAAE,SAAS,EAAE,CAAC;IACnB,iCAAiC;IACjC,UAAU,CAAC,EAAE,WAAW,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,0BAA0B;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,8BAA8B;IAC9B,UAAU,EAAE,UAAU,CAAC;IACvB,6BAA6B;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,yBAAyB;IACzB,MAAM,EAAE,UAAU,CAAC;IACnB,6CAA6C;IAC7C,eAAe,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACzC,4CAA4C;IAC5C,YAAY,CAAC,EAAE,gBAAgB,CAAC;IAChC,uBAAuB;IACvB,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,GAAG,QAAQ,CAAC,GAAG,IAAI,CAAC;IAC1D,wCAAwC;IACxC,SAAS,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,GAAG,CAAC,CAAC;CAC/C;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,sBAAsB;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,oBAAoB;IACpB,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,oDAAoD;IACpD,EAAE,EAAE,MAAM,CAAC;IACX,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,2BAA2B;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,uBAAuB;IACvB,eAAe,EAAE,YAAY,CAAC;IAC9B,iCAAiC;IACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,sBAAsB;IACtB,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,+BAA+B;IAC/B,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,4BAA4B;IAC5B,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,8BAA8B;IAC9B,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,sBAAsB;IACtB,UAAU,CAAC,EAAE,aAAa,EAAE,CAAC;IAC7B,uBAAuB;IACvB,OAAO,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IACtD,4CAA4C;IAC5C,aAAa,CAAC,CAAC,OAAO,EAAE,WAAW,GAAG,aAAa,GAAG,IAAI,CAAC;CAC5D;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,oBAAoB;IACpB,MAAM,CAAC,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IAC7B,gCAAgC;IAChC,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,+BAA+B;IAC/B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,wBAAwB;IACxB,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,gBAAgB,KAAK,IAAI,CAAC;CACnD;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB;IACpB,KAAK,EAAE,cAAc,GAAG,SAAS,GAAG,WAAW,GAAG,WAAW,GAAG,UAAU,CAAC;IAC3E,6BAA6B;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,4BAA4B;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,kCAAkC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,0BAA0B;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,sBAAsB;IACtB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,uBAAuB;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,mBAAmB;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,yBAAyB;IACzB,MAAM,EAAE,UAAU,CAAC;IACnB,qBAAqB;IACrB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,sBAAsB;IACtB,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,gCAAgC;IAChC,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,yBAAyB;IACzB,OAAO,EAAE,eAAe,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,qBAAqB;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,2BAA2B;IAC3B,UAAU,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IACzC,uBAAuB;IACvB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,0BAA0B;IAC1B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,8BAA8B;IAC9B,cAAc,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB,EAAE,UAQjC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAMvD,CAAC;AAEF;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,YAAY,EACtB,SAAS,EAAE,YAAY,GACtB,OAAO,CAET"}

package/dist/rules/types.js

@@ -0,0 +1,34 @@
+/**
+ * @fileoverview Rule Engine Type Definitions
+ * @module @nahisaho/musubix-security/rules/types
+ * @trace REQ-RULE-001, REQ-RULE-002, REQ-RULE-003
+ */
+/**
+ * Default rule configuration
+ */
+export const DEFAULT_RULE_CONFIG = {
+    profile: 'standard',
+    rules: {},
+    exclude: ['**/node_modules/**', '**/dist/**', '**/*.test.ts', '**/*.spec.ts'],
+    include: ['**/*.ts', '**/*.tsx', '**/*.js', '**/*.jsx'],
+    severityThreshold: 'info',
+    enableTaintAnalysis: true,
+    enableDFG: false,
+};
+/**
+ * Severity ordering for comparison
+ */
+export const SEVERITY_ORDER = {
+    critical: 0,
+    high: 1,
+    medium: 2,
+    low: 3,
+    info: 4,
+};
+/**
+ * Check if severity meets threshold
+ */
+export function meetsSeverityThreshold(severity, threshold) {
+    return SEVERITY_ORDER[severity] <= SEVERITY_ORDER[threshold];
+}
+//# sourceMappingURL=types.js.map

package/dist/rules/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/rules/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AA4RH;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAe;IAC7C,OAAO,EAAE,UAAU;IACnB,KAAK,EAAE,EAAE;IACT,OAAO,EAAE,CAAC,oBAAoB,EAAE,YAAY,EAAE,cAAc,EAAE,cAAc,CAAC;IAC7E,OAAO,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,CAAC;IACvD,iBAAiB,EAAE,MAAM;IACzB,mBAAmB,EAAE,IAAI;IACzB,SAAS,EAAE,KAAK;CACjB,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAiC;IAC1D,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;IACN,IAAI,EAAE,CAAC;CACR,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,sBAAsB,CACpC,QAAsB,EACtB,SAAuB;IAEvB,OAAO,cAAc,CAAC,QAAQ,CAAC,IAAI,cAAc,CAAC,SAAS,CAAC,CAAC;AAC/D,CAAC"}

package/dist/tests/integration/epic-integration.test.d.ts

@@ -0,0 +1,7 @@
+/**
+ * @fileoverview Integration tests for EPIC-1, EPIC-2, EPIC-4
+ * @module @nahisaho/musubix-security/tests/integration
+ * @trace TSK-SEC-001〜030
+ */
+export {};
+//# sourceMappingURL=epic-integration.test.d.ts.map

package/dist/tests/integration/epic-integration.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"epic-integration.test.d.ts","sourceRoot":"","sources":["../../../src/tests/integration/epic-integration.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}