@nahisaho/musubix-security 2.0.1 → 2.1.1

package/dist/analysis/sources/file-system.js

@@ -0,0 +1,180 @@
+/**
+ * @fileoverview File system source definitions
+ * @module @nahisaho/musubix-security/analysis/sources/file-system
+ * @trace REQ-SEC-001
+ */
+/**
+ * File system sources - file reads that may contain user-controlled data
+ * @trace REQ-SEC-001
+ */
+export const FILE_SYSTEM_SOURCES = [
+    // Node.js fs module
+    {
+        id: 'SRC-FS-001',
+        name: 'Node.js File Read',
+        category: 'file-system',
+        framework: 'node',
+        patterns: [
+            { receiver: 'fs', method: 'readFile', taintedReturn: true },
+            { receiver: 'fs', method: 'readFileSync', taintedReturn: true },
+            { receiver: 'fs', method: 'read', taintedReturn: true },
+            { receiver: 'fs', method: 'readSync', taintedReturn: true },
+            {
+                importPattern: { module: 'fs', named: ['readFile', 'readFileSync'] },
+                method: ['readFile', 'readFileSync'],
+                taintedReturn: true,
+            },
+        ],
+        description: 'Node.js fs module file read',
+        confidence: 0.75,
+        enabled: true,
+        tags: ['filesystem', 'node', 'read'],
+        relatedCWE: ['CWE-20', 'CWE-22'],
+    },
+    // Node.js fs/promises
+    {
+        id: 'SRC-FS-002',
+        name: 'Node.js Promise File Read',
+        category: 'file-system',
+        framework: 'node',
+        patterns: [
+            { receiver: 'fsPromises', method: 'readFile', taintedReturn: true },
+            { receiver: 'fs', method: 'readFile', taintedReturn: true },
+            {
+                importPattern: { module: 'fs/promises', named: ['readFile'] },
+                method: 'readFile',
+                taintedReturn: true,
+            },
+        ],
+        description: 'Node.js fs/promises file read',
+        confidence: 0.75,
+        enabled: true,
+        tags: ['filesystem', 'node', 'read', 'promise'],
+        relatedCWE: ['CWE-20', 'CWE-22'],
+    },
+    // Stream reads
+    {
+        id: 'SRC-FS-010',
+        name: 'Node.js Stream Read',
+        category: 'file-system',
+        framework: 'node',
+        patterns: [
+            { receiver: 'fs', method: 'createReadStream', taintedReturn: true },
+            { receiver: 'stream', method: 'on', taintedArg: 1 },
+            { receiver: 'readable', method: 'read', taintedReturn: true },
+        ],
+        description: 'Node.js stream file read',
+        confidence: 0.7,
+        enabled: true,
+        tags: ['filesystem', 'node', 'stream'],
+        relatedCWE: ['CWE-20', 'CWE-22'],
+    },
+    // Directory reads
+    {
+        id: 'SRC-FS-020',
+        name: 'Node.js Directory Read',
+        category: 'file-system',
+        framework: 'node',
+        patterns: [
+            { receiver: 'fs', method: 'readdir', taintedReturn: true },
+            { receiver: 'fs', method: 'readdirSync', taintedReturn: true },
+            { receiver: 'fs', method: 'opendir', taintedReturn: true },
+            { receiver: 'fs', method: 'opendirSync', taintedReturn: true },
+        ],
+        description: 'Node.js directory listing',
+        confidence: 0.6,
+        enabled: true,
+        tags: ['filesystem', 'node', 'directory'],
+        relatedCWE: ['CWE-20', 'CWE-22'],
+    },
+    // JSON file reads (common pattern)
+    {
+        id: 'SRC-FS-030',
+        name: 'JSON File Read',
+        category: 'file-system',
+        framework: 'node',
+        patterns: [
+            { receiver: 'JSON', method: 'parse', taintedArg: 0 },
+        ],
+        description: 'JSON.parse of file contents',
+        confidence: 0.7,
+        enabled: true,
+        tags: ['filesystem', 'json', 'parse'],
+        relatedCWE: ['CWE-20', 'CWE-502'],
+    },
+    // Config file reads
+    {
+        id: 'SRC-FS-040',
+        name: 'Config File Read',
+        category: 'config',
+        framework: 'node',
+        patterns: [
+            { method: 'require', taintedReturn: true },
+            {
+                importPattern: { module: /\.(json|ya?ml|toml)$/ },
+                taintedReturn: true,
+            },
+        ],
+        description: 'Configuration file imports',
+        confidence: 0.5,
+        enabled: true,
+        tags: ['filesystem', 'config', 'import'],
+        relatedCWE: ['CWE-20'],
+    },
+    // fs-extra
+    {
+        id: 'SRC-FS-050',
+        name: 'fs-extra File Read',
+        category: 'file-system',
+        framework: 'fs-extra',
+        patterns: [
+            { receiver: 'fs', method: 'readFile', taintedReturn: true },
+            { receiver: 'fs', method: 'readJson', taintedReturn: true },
+            { receiver: 'fs', method: 'readJSON', taintedReturn: true },
+            { receiver: 'fse', method: 'readFile', taintedReturn: true },
+            { receiver: 'fse', method: 'readJson', taintedReturn: true },
+        ],
+        description: 'fs-extra file read operations',
+        confidence: 0.75,
+        enabled: true,
+        tags: ['filesystem', 'fs-extra', 'read'],
+        relatedCWE: ['CWE-20', 'CWE-22'],
+    },
+    // glob file reads
+    {
+        id: 'SRC-FS-060',
+        name: 'Glob Pattern Result',
+        category: 'file-system',
+        framework: 'glob',
+        patterns: [
+            { method: 'glob', taintedReturn: true },
+            { method: 'globSync', taintedReturn: true },
+            { receiver: 'glob', method: 'sync', taintedReturn: true },
+        ],
+        description: 'Glob pattern file matching results',
+        confidence: 0.6,
+        enabled: true,
+        tags: ['filesystem', 'glob', 'pattern'],
+        relatedCWE: ['CWE-20', 'CWE-22'],
+    },
+    // File upload (multer, formidable)
+    {
+        id: 'SRC-FS-070',
+        name: 'File Upload Data',
+        category: 'file-system',
+        framework: 'express',
+        patterns: [
+            { receiver: 'req', property: 'file', taintedReturn: true },
+            { receiver: 'req', property: 'files', taintedReturn: true },
+            { property: 'originalname', taintedReturn: true },
+            { property: 'filename', taintedReturn: true },
+            { property: 'path', taintedReturn: true },
+        ],
+        description: 'Uploaded file data (multer/formidable)',
+        confidence: 0.95,
+        enabled: true,
+        tags: ['filesystem', 'upload', 'express'],
+        relatedCWE: ['CWE-20', 'CWE-22', 'CWE-434'],
+    },
+];
+//# sourceMappingURL=file-system.js.map

package/dist/analysis/sources/file-system.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"file-system.js","sourceRoot":"","sources":["../../../src/analysis/sources/file-system.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;;GAGG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAgC;IAC9D,oBAAoB;IACpB;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,aAAa;QACvB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;YAC3D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,aAAa,EAAE,IAAI,EAAE;YAC/D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;YACvD,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;YAC3D;gBACE,aAAa,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,UAAU,EAAE,cAAc,CAAC,EAAE;gBACpE,MAAM,EAAE,CAAC,UAAU,EAAE,cAAc,CAAC;gBACpC,aAAa,EAAE,IAAI;aACpB;SACF;QACD,WAAW,EAAE,6BAA6B;QAC1C,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,CAAC;QACpC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;KACjC;IAED,sBAAsB;IACtB;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,2BAA2B;QACjC,QAAQ,EAAE,aAAa;QACvB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;YACnE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;YAC3D;gBACE,aAAa,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,UAAU,CAAC,EAAE;gBAC7D,MAAM,EAAE,UAAU;gBAClB,aAAa,EAAE,IAAI;aACpB;SACF;QACD,WAAW,EAAE,+BAA+B;QAC5C,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC;QAC/C,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;KACjC;IAED,eAAe;IACf;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,aAAa;QACvB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,EAAE,aAAa,EAAE,IAAI,EAAE;YACnE,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,EAAE;YACnD,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;SAC9D;QACD,WAAW,EAAE,0BAA0B;QACvC,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,YAAY,EAAE,MAAM,EAAE,QAAQ,CAAC;QACtC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;KACjC;IAED,kBAAkB;IAClB;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,aAAa;QACvB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE;YAC1D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,aAAa,EAAE,aAAa,EAAE,IAAI,EAAE;YAC9D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE;YAC1D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,aAAa,EAAE,aAAa,EAAE,IAAI,EAAE;SAC/D;QACD,WAAW,EAAE,2BAA2B;QACxC,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,YAAY,EAAE,MAAM,EAAE,WAAW,CAAC;QACzC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;KACjC;IAED,mCAAmC;IACnC;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,aAAa;QACvB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC,EAAE;SACrD;QACD,WAAW,EAAE,6BAA6B;QAC1C,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,YAAY,EAAE,MAAM,EAAE,OAAO,CAAC;QACrC,UAAU,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;KAClC;IAED,oBAAoB;IACpB;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE;YAC1C;gBACE,aAAa,EAAE,EAAE,MAAM,EAAE,sBAAsB,EAAE;gBACjD,aAAa,EAAE,IAAI;aACpB;SACF;QACD,WAAW,EAAE,4BAA4B;QACzC,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,YAAY,EAAE,QAAQ,EAAE,QAAQ,CAAC;QACxC,UAAU,EAAE,CAAC,QAAQ,CAAC;KACvB;IAED,WAAW;IACX;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,aAAa;QACvB,SAAS,EAAE,UAAU;QACrB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;YAC3D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;YAC3D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;YAC3D,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;YAC5D,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;SAC7D;QACD,WAAW,EAAE,+BAA+B;QAC5C,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,YAAY,EAAE,UAAU,EAAE,MAAM,CAAC;QACxC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;KACjC;IAED,kBAAkB;IAClB;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,aAAa;QACvB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;YACvC,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;YAC3C,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;SAC1D;QACD,WAAW,EAAE,oCAAoC;QACjD,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,YAAY,EAAE,MAAM,EAAE,SAAS,CAAC;QACvC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;KACjC;IAED,mCAAmC;IACnC;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,aAAa;QACvB,SAAS,EAAE,SAAS;QACpB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;YAC1D,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE;YAC3D,EAAE,QAAQ,EAAE,cAAc,EAAE,aAAa,EAAE,IAAI,EAAE;YACjD,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;YAC7C,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;SAC1C;QACD,WAAW,EAAE,wCAAwC;QACrD,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,YAAY,EAAE,QAAQ,EAAE,SAAS,CAAC;QACzC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC;KAC5C;CACO,CAAC"}

package/dist/analysis/sources/http-request.d.ts

@@ -0,0 +1,12 @@
+/**
+ * @fileoverview HTTP request source definitions
+ * @module @nahisaho/musubix-security/analysis/sources/http-request
+ * @trace REQ-SEC-001
+ */
+import type { SourceDefinition } from './types.js';
+/**
+ * HTTP request sources - external API responses, network data
+ * @trace REQ-SEC-001
+ */
+export declare const HTTP_REQUEST_SOURCES: readonly SourceDefinition[];
+//# sourceMappingURL=http-request.d.ts.map

package/dist/analysis/sources/http-request.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-request.d.ts","sourceRoot":"","sources":["../../../src/analysis/sources/http-request.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEnD;;;GAGG;AACH,eAAO,MAAM,oBAAoB,EAAE,SAAS,gBAAgB,EAgLlD,CAAC"}

package/dist/analysis/sources/http-request.js

@@ -0,0 +1,179 @@
+/**
+ * @fileoverview HTTP request source definitions
+ * @module @nahisaho/musubix-security/analysis/sources/http-request
+ * @trace REQ-SEC-001
+ */
+/**
+ * HTTP request sources - external API responses, network data
+ * @trace REQ-SEC-001
+ */
+export const HTTP_REQUEST_SOURCES = [
+    // Fetch API
+    {
+        id: 'SRC-HTTP-001',
+        name: 'Fetch Response',
+        category: 'network',
+        framework: 'browser',
+        patterns: [
+            { method: 'fetch', taintedReturn: true },
+            { receiver: ['Response'], method: 'json', taintedReturn: true },
+            { receiver: ['Response'], method: 'text', taintedReturn: true },
+            { receiver: ['response'], method: 'json', taintedReturn: true },
+            { receiver: ['response'], method: 'text', taintedReturn: true },
+        ],
+        description: 'HTTP fetch API response data',
+        confidence: 0.85,
+        enabled: true,
+        tags: ['http', 'fetch', 'external'],
+        relatedCWE: ['CWE-20', 'CWE-918'],
+    },
+    // Axios
+    {
+        id: 'SRC-HTTP-010',
+        name: 'Axios Response',
+        category: 'network',
+        framework: 'axios',
+        patterns: [
+            { receiver: 'axios', method: 'get', taintedReturn: true },
+            { receiver: 'axios', method: 'post', taintedReturn: true },
+            { receiver: 'axios', method: 'put', taintedReturn: true },
+            { receiver: 'axios', method: 'delete', taintedReturn: true },
+            { receiver: 'axios', method: 'patch', taintedReturn: true },
+            { receiver: 'axios', method: 'request', taintedReturn: true },
+            { property: 'data', taintedReturn: true },
+        ],
+        description: 'Axios HTTP client response data',
+        confidence: 0.85,
+        enabled: true,
+        tags: ['http', 'axios', 'external'],
+        relatedCWE: ['CWE-20', 'CWE-918'],
+    },
+    // Node.js HTTP
+    {
+        id: 'SRC-HTTP-020',
+        name: 'Node HTTP Response',
+        category: 'network',
+        framework: 'node',
+        patterns: [
+            { receiver: 'http', method: 'get', taintedReturn: true },
+            { receiver: 'http', method: 'request', taintedReturn: true },
+            { receiver: 'https', method: 'get', taintedReturn: true },
+            { receiver: 'https', method: 'request', taintedReturn: true },
+            {
+                importPattern: { module: 'http', named: ['get', 'request'] },
+                method: ['get', 'request'],
+                taintedReturn: true,
+            },
+        ],
+        description: 'Node.js http/https module response',
+        confidence: 0.85,
+        enabled: true,
+        tags: ['http', 'node', 'external'],
+        relatedCWE: ['CWE-20', 'CWE-918'],
+    },
+    // Got
+    {
+        id: 'SRC-HTTP-030',
+        name: 'Got Response',
+        category: 'network',
+        framework: 'got',
+        patterns: [
+            { method: 'got', taintedReturn: true },
+            { receiver: 'got', method: 'get', taintedReturn: true },
+            { receiver: 'got', method: 'post', taintedReturn: true },
+        ],
+        description: 'Got HTTP client response data',
+        confidence: 0.85,
+        enabled: true,
+        tags: ['http', 'got', 'external'],
+        relatedCWE: ['CWE-20', 'CWE-918'],
+    },
+    // Superagent
+    {
+        id: 'SRC-HTTP-040',
+        name: 'Superagent Response',
+        category: 'network',
+        framework: 'superagent',
+        patterns: [
+            { receiver: 'superagent', method: 'get', taintedReturn: true },
+            { receiver: 'superagent', method: 'post', taintedReturn: true },
+            { receiver: 'request', method: 'get', taintedReturn: true },
+            { receiver: 'request', method: 'post', taintedReturn: true },
+        ],
+        description: 'Superagent HTTP client response data',
+        confidence: 0.85,
+        enabled: true,
+        tags: ['http', 'superagent', 'external'],
+        relatedCWE: ['CWE-20', 'CWE-918'],
+    },
+    // XMLHttpRequest (legacy)
+    {
+        id: 'SRC-HTTP-050',
+        name: 'XMLHttpRequest Response',
+        category: 'network',
+        framework: 'browser',
+        patterns: [
+            { receiver: 'XMLHttpRequest', property: 'response', taintedReturn: true },
+            { receiver: 'XMLHttpRequest', property: 'responseText', taintedReturn: true },
+            { receiver: 'xhr', property: 'response', taintedReturn: true },
+            { receiver: 'xhr', property: 'responseText', taintedReturn: true },
+        ],
+        description: 'XMLHttpRequest response data',
+        confidence: 0.85,
+        enabled: true,
+        tags: ['http', 'xhr', 'external', 'legacy'],
+        relatedCWE: ['CWE-20', 'CWE-918'],
+    },
+    // WebSocket
+    {
+        id: 'SRC-HTTP-060',
+        name: 'WebSocket Message',
+        category: 'network',
+        framework: 'browser',
+        patterns: [
+            { receiver: 'WebSocket', method: 'onmessage', taintedArg: 0 },
+            { receiver: 'ws', method: 'on', taintedArg: 1 },
+            { receiver: 'socket', method: 'on', taintedArg: 1 },
+        ],
+        description: 'WebSocket message data',
+        confidence: 0.9,
+        enabled: true,
+        tags: ['websocket', 'external'],
+        relatedCWE: ['CWE-20', 'CWE-79'],
+    },
+    // GraphQL
+    {
+        id: 'SRC-HTTP-070',
+        name: 'GraphQL Response',
+        category: 'network',
+        framework: 'graphql',
+        patterns: [
+            { property: 'data', taintedReturn: true },
+            { method: 'query', taintedReturn: true },
+            { method: 'mutate', taintedReturn: true },
+        ],
+        description: 'GraphQL query/mutation response',
+        confidence: 0.8,
+        enabled: true,
+        tags: ['graphql', 'external'],
+        relatedCWE: ['CWE-20'],
+    },
+    // tRPC
+    {
+        id: 'SRC-HTTP-080',
+        name: 'tRPC Response',
+        category: 'network',
+        framework: 'trpc',
+        patterns: [
+            { receiver: 'trpc', method: 'query', taintedReturn: true },
+            { receiver: 'trpc', method: 'mutation', taintedReturn: true },
+            { receiver: 'api', method: 'query', taintedReturn: true },
+        ],
+        description: 'tRPC procedure response',
+        confidence: 0.8,
+        enabled: true,
+        tags: ['trpc', 'external'],
+        relatedCWE: ['CWE-20'],
+    },
+];
+//# sourceMappingURL=http-request.js.map

package/dist/analysis/sources/http-request.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-request.js","sourceRoot":"","sources":["../../../src/analysis/sources/http-request.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAgC;IAC/D,YAAY;IACZ;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,SAAS;QACnB,SAAS,EAAE,SAAS;QACpB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE;YACxC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;YAC/D,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;YAC/D,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;YAC/D,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;SAChE;QACD,WAAW,EAAE,8BAA8B;QAC3C,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC;QACnC,UAAU,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;KAClC;IAED,QAAQ;IACR;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,SAAS;QACnB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE;YACzD,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;YAC1D,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE;YACzD,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE;YAC5D,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE;YAC3D,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE;YAC7D,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;SAC1C;QACD,WAAW,EAAE,iCAAiC;QAC9C,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC;QACnC,UAAU,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;KAClC;IAED,eAAe;IACf;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,SAAS;QACnB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE;YACxD,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE;YAC5D,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE;YACzD,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE;YAC7D;gBACE,aAAa,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,KAAK,EAAE,SAAS,CAAC,EAAE;gBAC5D,MAAM,EAAE,CAAC,KAAK,EAAE,SAAS,CAAC;gBAC1B,aAAa,EAAE,IAAI;aACpB;SACF;QACD,WAAW,EAAE,oCAAoC;QACjD,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC;QAClC,UAAU,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;KAClC;IAED,MAAM;IACN;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,cAAc;QACpB,QAAQ,EAAE,SAAS;QACnB,SAAS,EAAE,KAAK;QAChB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE;YACtC,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE;YACvD,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;SACzD;QACD,WAAW,EAAE,+BAA+B;QAC5C,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC;QACjC,UAAU,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;KAClC;IAED,aAAa;IACb;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,SAAS;QACnB,SAAS,EAAE,YAAY;QACvB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE;YAC9D,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;YAC/D,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE;YAC3D,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;SAC7D;QACD,WAAW,EAAE,sCAAsC;QACnD,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,YAAY,EAAE,UAAU,CAAC;QACxC,UAAU,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;KAClC;IAED,0BAA0B;IAC1B;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,SAAS;QACnB,SAAS,EAAE,SAAS;QACpB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,gBAAgB,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;YACzE,EAAE,QAAQ,EAAE,gBAAgB,EAAE,QAAQ,EAAE,cAAc,EAAE,aAAa,EAAE,IAAI,EAAE;YAC7E,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;YAC9D,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,cAAc,EAAE,aAAa,EAAE,IAAI,EAAE;SACnE;QACD,WAAW,EAAE,8BAA8B;QAC3C,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,CAAC;QAC3C,UAAU,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;KAClC;IAED,YAAY;IACZ;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,SAAS;QACnB,SAAS,EAAE,SAAS;QACpB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC,EAAE;YAC7D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,EAAE;YAC/C,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,EAAE;SACpD;QACD,WAAW,EAAE,wBAAwB;QACrC,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,WAAW,EAAE,UAAU,CAAC;QAC/B,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;KACjC;IAED,UAAU;IACV;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,SAAS;QACnB,SAAS,EAAE,SAAS;QACpB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE;YACzC,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE;YACxC,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE;SAC1C;QACD,WAAW,EAAE,iCAAiC;QAC9C,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;QAC7B,UAAU,EAAE,CAAC,QAAQ,CAAC;KACvB;IAED,OAAO;IACP;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,SAAS;QACnB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE;YAC1D,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE;YAC7D,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE;SAC1D;QACD,WAAW,EAAE,yBAAyB;QACtC,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,UAAU,CAAC;QAC1B,UAAU,EAAE,CAAC,QAAQ,CAAC;KACvB;CACO,CAAC"}

package/dist/analysis/sources/index.d.ts

@@ -0,0 +1,26 @@
+/**
+ * @fileoverview Taint source definitions - Builtin sources for interprocedural taint analysis
+ * @module @nahisaho/musubix-security/analysis/sources
+ * @trace REQ-SEC-001 (EARS: テイント分析の高度化)
+ */
+export * from './user-input.js';
+export * from './http-request.js';
+export * from './database.js';
+export * from './file-system.js';
+export * from './environment.js';
+export * from './types.js';
+import type { SourceDefinition } from './types.js';
+/**
+ * All built-in taint sources aggregated
+ * @trace REQ-SEC-001
+ */
+export declare const ALL_BUILTIN_SOURCES: readonly SourceDefinition[];
+/**
+ * Get sources by category
+ */
+export declare function getSourcesByCategory(category: SourceDefinition['category']): readonly SourceDefinition[];
+/**
+ * Get sources by framework
+ */
+export declare function getSourcesByFramework(framework: string): readonly SourceDefinition[];
+//# sourceMappingURL=index.d.ts.map

package/dist/analysis/sources/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analysis/sources/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,cAAc,iBAAiB,CAAC;AAChC,cAAc,mBAAmB,CAAC;AAClC,cAAc,eAAe,CAAC;AAC9B,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,YAAY,CAAC;AAO3B,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEnD;;;GAGG;AACH,eAAO,MAAM,mBAAmB,EAAE,SAAS,gBAAgB,EAMjD,CAAC;AAEX;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,QAAQ,EAAE,gBAAgB,CAAC,UAAU,CAAC,GACrC,SAAS,gBAAgB,EAAE,CAE7B;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,SAAS,EAAE,MAAM,GAChB,SAAS,gBAAgB,EAAE,CAE7B"}

package/dist/analysis/sources/index.js

@@ -0,0 +1,40 @@
+/**
+ * @fileoverview Taint source definitions - Builtin sources for interprocedural taint analysis
+ * @module @nahisaho/musubix-security/analysis/sources
+ * @trace REQ-SEC-001 (EARS: テイント分析の高度化)
+ */
+export * from './user-input.js';
+export * from './http-request.js';
+export * from './database.js';
+export * from './file-system.js';
+export * from './environment.js';
+export * from './types.js';
+import { USER_INPUT_SOURCES } from './user-input.js';
+import { HTTP_REQUEST_SOURCES } from './http-request.js';
+import { DATABASE_SOURCES } from './database.js';
+import { FILE_SYSTEM_SOURCES } from './file-system.js';
+import { ENVIRONMENT_SOURCES } from './environment.js';
+/**
+ * All built-in taint sources aggregated
+ * @trace REQ-SEC-001
+ */
+export const ALL_BUILTIN_SOURCES = [
+    ...USER_INPUT_SOURCES,
+    ...HTTP_REQUEST_SOURCES,
+    ...DATABASE_SOURCES,
+    ...FILE_SYSTEM_SOURCES,
+    ...ENVIRONMENT_SOURCES,
+];
+/**
+ * Get sources by category
+ */
+export function getSourcesByCategory(category) {
+    return ALL_BUILTIN_SOURCES.filter((s) => s.category === category);
+}
+/**
+ * Get sources by framework
+ */
+export function getSourcesByFramework(framework) {
+    return ALL_BUILTIN_SOURCES.filter((s) => s.framework === framework);
+}
+//# sourceMappingURL=index.js.map

package/dist/analysis/sources/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analysis/sources/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,cAAc,iBAAiB,CAAC;AAChC,cAAc,mBAAmB,CAAC;AAClC,cAAc,eAAe,CAAC;AAC9B,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,YAAY,CAAC;AAE3B,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAGvD;;;GAGG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAgC;IAC9D,GAAG,kBAAkB;IACrB,GAAG,oBAAoB;IACvB,GAAG,gBAAgB;IACnB,GAAG,mBAAmB;IACtB,GAAG,mBAAmB;CACd,CAAC;AAEX;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAClC,QAAsC;IAEtC,OAAO,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AACpE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,SAAiB;IAEjB,OAAO,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC;AACtE,CAAC"}

package/dist/analysis/sources/types.d.ts

@@ -0,0 +1,93 @@
+/**
+ * @fileoverview Source definition types for taint analysis
+ * @module @nahisaho/musubix-security/analysis/sources/types
+ * @trace REQ-SEC-001
+ */
+import type { TaintSourceCategory } from '../../types/taint.js';
+/**
+ * AST pattern for source matching
+ */
+export interface SourceASTPattern {
+    /** Object/receiver name (e.g., 'req', 'ctx', 'process') */
+    receiver?: string | string[];
+    /** Method name to match */
+    method?: string | string[];
+    /** Property name to match */
+    property?: string | string[];
+    /** Specific argument that is tainted (for return values, use -1) */
+    taintedArg?: number;
+    /** Whether the whole return value is tainted */
+    taintedReturn?: boolean;
+    /** Pattern for import detection */
+    importPattern?: {
+        module: string | RegExp;
+        named?: string[];
+        default?: boolean;
+    };
+}
+/**
+ * Source definition for taint analysis
+ * @trace REQ-SEC-001
+ */
+export interface SourceDefinition {
+    /** Unique source definition ID */
+    id: string;
+    /** Human-readable name */
+    name: string;
+    /** Source category */
+    category: TaintSourceCategory;
+    /** Framework this source is associated with (e.g., 'express', 'koa', 'next') */
+    framework?: string;
+    /** AST patterns to match this source */
+    patterns: SourceASTPattern[];
+    /** Description of this source */
+    description: string;
+    /** Default confidence level (0-1) */
+    confidence: number;
+    /** Whether this source is enabled by default */
+    enabled: boolean;
+    /** Tags for filtering/grouping */
+    tags: string[];
+    /** CWE IDs this source can lead to if not sanitized */
+    relatedCWE?: string[];
+}
+/**
+ * Source match result
+ */
+export interface SourceMatchResult {
+    /** Definition that matched */
+    definition: SourceDefinition;
+    /** Matched pattern */
+    pattern: SourceASTPattern;
+    /** Variable name holding tainted data */
+    variableName: string;
+    /** Expression that produces tainted data */
+    expression: string;
+    /** Match confidence */
+    confidence: number;
+}
+/**
+ * Source detector interface
+ */
+export interface ISourceDetector {
+    /** Detect sources in an AST node */
+    detect(ast: unknown, options?: SourceDetectorOptions): Promise<SourceMatchResult[]>;
+    /** Register custom source definition */
+    registerSource(definition: SourceDefinition): void;
+    /** Get all registered sources */
+    getSources(): readonly SourceDefinition[];
+}
+/**
+ * Source detector options
+ */
+export interface SourceDetectorOptions {
+    /** Categories to include */
+    categories?: TaintSourceCategory[];
+    /** Frameworks to include */
+    frameworks?: string[];
+    /** Custom sources to add */
+    customSources?: SourceDefinition[];
+    /** Minimum confidence threshold */
+    minConfidence?: number;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/analysis/sources/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/analysis/sources/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAEhE;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,2DAA2D;IAC3D,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC7B,2BAA2B;IAC3B,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC3B,6BAA6B;IAC7B,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC7B,oEAAoE;IACpE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gDAAgD;IAChD,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,mCAAmC;IACnC,aAAa,CAAC,EAAE;QACd,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;QACxB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;QACjB,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,kCAAkC;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,sBAAsB;IACtB,QAAQ,EAAE,mBAAmB,CAAC;IAC9B,gFAAgF;IAChF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,wCAAwC;IACxC,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAC7B,iCAAiC;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,qCAAqC;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,gDAAgD;IAChD,OAAO,EAAE,OAAO,CAAC;IACjB,kCAAkC;IAClC,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,uDAAuD;IACvD,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,8BAA8B;IAC9B,UAAU,EAAE,gBAAgB,CAAC;IAC7B,sBAAsB;IACtB,OAAO,EAAE,gBAAgB,CAAC;IAC1B,yCAAyC;IACzC,YAAY,EAAE,MAAM,CAAC;IACrB,4CAA4C;IAC5C,UAAU,EAAE,MAAM,CAAC;IACnB,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,oCAAoC;IACpC,MAAM,CACJ,GAAG,EAAE,OAAO,EACZ,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAEhC,wCAAwC;IACxC,cAAc,CAAC,UAAU,EAAE,gBAAgB,GAAG,IAAI,CAAC;IAEnD,iCAAiC;IACjC,UAAU,IAAI,SAAS,gBAAgB,EAAE,CAAC;CAC3C;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,4BAA4B;IAC5B,UAAU,CAAC,EAAE,mBAAmB,EAAE,CAAC;IACnC,4BAA4B;IAC5B,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,4BAA4B;IAC5B,aAAa,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACnC,mCAAmC;IACnC,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB"}

package/dist/analysis/sources/types.js

@@ -0,0 +1,7 @@
+/**
+ * @fileoverview Source definition types for taint analysis
+ * @module @nahisaho/musubix-security/analysis/sources/types
+ * @trace REQ-SEC-001
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/analysis/sources/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/analysis/sources/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}

package/dist/analysis/sources/user-input.d.ts

@@ -0,0 +1,12 @@
+/**
+ * @fileoverview User input source definitions
+ * @module @nahisaho/musubix-security/analysis/sources/user-input
+ * @trace REQ-SEC-001
+ */
+import type { SourceDefinition } from './types.js';
+/**
+ * User input sources - form data, query params, request body
+ * @trace REQ-SEC-001
+ */
+export declare const USER_INPUT_SOURCES: readonly SourceDefinition[];
+//# sourceMappingURL=user-input.d.ts.map

package/dist/analysis/sources/user-input.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-input.d.ts","sourceRoot":"","sources":["../../../src/analysis/sources/user-input.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEnD;;;GAGG;AACH,eAAO,MAAM,kBAAkB,EAAE,SAAS,gBAAgB,EA+PhD,CAAC"}