@nahisaho/musubix-security 2.0.1 → 2.1.1

package/dist/rules/cwe/cwe-787-oob-write.js

@@ -0,0 +1,321 @@
+/**
+ * @fileoverview CWE-787: Out-of-bounds Write
+ * @module @nahisaho/musubix-security/rules/cwe/cwe-787-oob-write
+ * @trace TSK-RULE-005
+ *
+ * Detects:
+ * - Buffer overflow patterns
+ * - Array index out of bounds
+ * - Unsafe array operations
+ * - TypedArray boundary violations
+ * - Unchecked array growth
+ *
+ * CWE-787 is #1 in CWE Top 25 2023.
+ */
+/**
+ * CWE-787 - Out-of-bounds Write
+ */
+export const cwe787OutOfBoundsWrite = {
+    id: 'cwe-787-oob-write',
+    name: 'CWE-787: Out-of-bounds Write',
+    description: 'Detects potential out-of-bounds write vulnerabilities including buffer overflows and unsafe array access',
+    defaultSeverity: 'high',
+    category: 'memory-safety',
+    tags: ['cwe', 'memory', 'buffer-overflow', 'array', 'security'],
+    cwe: ['787'],
+    references: [
+        {
+            title: 'CWE-787: Out-of-bounds Write',
+            url: 'https://cwe.mitre.org/data/definitions/787.html',
+        },
+        {
+            title: 'CWE Top 25 2023',
+            url: 'https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html',
+        },
+    ],
+    async analyze(context) {
+        const findings = [];
+        const sourceCode = context.sourceCode;
+        checkBufferOverflowPatterns(context, sourceCode, findings);
+        checkUnsafeArrayAccess(context, sourceCode, findings);
+        checkTypedArrayViolations(context, sourceCode, findings);
+        checkUncheckedArrayGrowth(context, sourceCode, findings);
+        return findings;
+    },
+};
+/**
+ * Check for buffer overflow patterns (Node.js Buffer operations)
+ */
+function checkBufferOverflowPatterns(context, sourceCode, findings) {
+    const lines = sourceCode.split('\n');
+    const bufferPatterns = [
+        {
+            pattern: /Buffer\.allocUnsafe\s*\(/gi,
+            type: 'Buffer.allocUnsafe usage',
+            message: 'Buffer.allocUnsafe creates uninitialized memory that may contain sensitive data',
+            severity: 'medium',
+        },
+        {
+            pattern: /Buffer\.allocUnsafeSlow\s*\(/gi,
+            type: 'Buffer.allocUnsafeSlow usage',
+            message: 'Buffer.allocUnsafeSlow creates uninitialized memory without pooling',
+            severity: 'medium',
+        },
+        {
+            pattern: /new\s+Buffer\s*\(/gi,
+            type: 'Deprecated Buffer constructor',
+            message: 'new Buffer() is deprecated and can cause security issues. Use Buffer.from() or Buffer.alloc()',
+            severity: 'high',
+        },
+        {
+            pattern: /\.copy\s*\([^)]*,\s*\d+\s*,\s*\d+\s*,\s*\d+\s*\)/gi,
+            type: 'Buffer.copy with manual offsets',
+            message: 'Manual buffer copy offsets may cause out-of-bounds writes',
+            severity: 'medium',
+        },
+        {
+            pattern: /\.write\s*\([^)]+,\s*(?:offset|index|\w+)\s*[,)]/gi,
+            type: 'Buffer.write with dynamic offset',
+            message: 'Buffer write with dynamic offset requires bounds checking',
+            severity: 'medium',
+        },
+        {
+            pattern: /\.writeUInt(?:8|16|32)(?:BE|LE)?\s*\([^)]+,\s*(?:\w+)\s*\)/gi,
+            type: 'Buffer typed write with variable offset',
+            message: 'Buffer typed write operations with variable offsets need bounds validation',
+            severity: 'medium',
+        },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, type, message, severity } of bufferPatterns) {
+            pattern.lastIndex = 0;
+            if (pattern.test(line)) {
+                findings.push({
+                    id: `cwe-787-buffer-${findings.length + 1}`,
+                    ruleId: 'cwe-787-oob-write',
+                    severity,
+                    message: `${type}: ${message}`,
+                    location: {
+                        file: context.filePath,
+                        startLine: lineNum + 1,
+                        endLine: lineNum + 1,
+                        startColumn: 0,
+                        endColumn: line.length,
+                    },
+                    cwe: ['787'],
+                    suggestion: {
+                        description: 'Use safe buffer allocation and validate offsets',
+                        example: `// Use Buffer.alloc() for zero-filled buffers
+const buf = Buffer.alloc(size);
+
+// Validate offsets before writing
+if (offset >= 0 && offset + dataLength <= buf.length) {
+  buf.write(data, offset);
+}`,
+                    },
+                });
+            }
+        }
+    }
+}
+/**
+ * Check for unsafe array access patterns
+ */
+function checkUnsafeArrayAccess(context, sourceCode, findings) {
+    const lines = sourceCode.split('\n');
+    const arrayPatterns = [
+        {
+            // arr[userInput] = value (assignment with user-controlled index)
+            pattern: /\w+\s*\[\s*(?:req\.|params\.|query\.|body\.|user\.|input\.)\w+\s*\]\s*=/gi,
+            type: 'Array write with user-controlled index',
+            message: 'Writing to array with user-controlled index can cause out-of-bounds access',
+            severity: 'high',
+        },
+        {
+            // arr[i] = value without bounds check in loop
+            pattern: /for\s*\([^)]*;\s*[^;]*;\s*\w+\+\+\s*\)[^{]*\{[^}]*\[\w+\]\s*=/gi,
+            type: 'Array write in loop without explicit bounds check',
+            message: 'Array writes in loops should have explicit bounds checking',
+            severity: 'low',
+        },
+        {
+            // Direct index assignment with arithmetic
+            pattern: /\[\s*\w+\s*[\+\-\*]\s*\d+\s*\]\s*=/gi,
+            type: 'Array write with index arithmetic',
+            message: 'Array index arithmetic may cause out-of-bounds writes',
+            severity: 'low',
+        },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, type, message, severity } of arrayPatterns) {
+            pattern.lastIndex = 0;
+            if (pattern.test(line)) {
+                findings.push({
+                    id: `cwe-787-array-${findings.length + 1}`,
+                    ruleId: 'cwe-787-oob-write',
+                    severity,
+                    message: `${type}: ${message}`,
+                    location: {
+                        file: context.filePath,
+                        startLine: lineNum + 1,
+                        endLine: lineNum + 1,
+                        startColumn: 0,
+                        endColumn: line.length,
+                    },
+                    cwe: ['787'],
+                    suggestion: {
+                        description: 'Validate array indices before writing',
+                        example: `// Always validate index before array write
+if (index >= 0 && index < arr.length) {
+  arr[index] = value;
+}
+
+// Or use safe array methods
+arr.splice(index, 0, value); // Will handle bounds automatically`,
+                    },
+                });
+            }
+        }
+    }
+}
+/**
+ * Check for TypedArray boundary violations
+ */
+function checkTypedArrayViolations(context, sourceCode, findings) {
+    const lines = sourceCode.split('\n');
+    const typedArrayPatterns = [
+        {
+            pattern: /new\s+(?:Int8Array|Uint8Array|Int16Array|Uint16Array|Int32Array|Uint32Array|Float32Array|Float64Array|BigInt64Array|BigUint64Array)\s*\(\s*(?:\w+|[^)]+)\s*\)/gi,
+            type: 'TypedArray with dynamic size',
+            message: 'TypedArray creation with dynamic size should validate the size parameter',
+            severity: 'low',
+        },
+        {
+            pattern: /(?:Int8Array|Uint8Array|Int16Array|Uint16Array|Int32Array|Uint32Array|Float32Array|Float64Array)\s*\.\s*from\s*\(/gi,
+            type: 'TypedArray.from usage',
+            message: 'TypedArray.from may cause issues if source is larger than expected',
+            severity: 'info',
+        },
+        {
+            pattern: /\.set\s*\(\s*\w+\s*,\s*\w+\s*\)/gi,
+            type: 'TypedArray.set with offset',
+            message: 'TypedArray.set with offset requires bounds validation to prevent overflow',
+            severity: 'medium',
+        },
+        {
+            pattern: /new\s+DataView\s*\([^)]+\)/gi,
+            type: 'DataView creation',
+            message: 'DataView operations require careful bounds management',
+            severity: 'low',
+        },
+        {
+            pattern: /\.setInt(?:8|16|32)\s*\([^)]+\)|\.setUint(?:8|16|32)\s*\([^)]+\)|\.setFloat(?:32|64)\s*\([^)]+\)/gi,
+            type: 'DataView typed write',
+            message: 'DataView typed writes can cause out-of-bounds access if offset is not validated',
+            severity: 'medium',
+        },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, type, message, severity } of typedArrayPatterns) {
+            pattern.lastIndex = 0;
+            if (pattern.test(line)) {
+                findings.push({
+                    id: `cwe-787-typed-${findings.length + 1}`,
+                    ruleId: 'cwe-787-oob-write',
+                    severity,
+                    message: `${type}: ${message}`,
+                    location: {
+                        file: context.filePath,
+                        startLine: lineNum + 1,
+                        endLine: lineNum + 1,
+                        startColumn: 0,
+                        endColumn: line.length,
+                    },
+                    cwe: ['787'],
+                    suggestion: {
+                        description: 'Validate bounds before TypedArray operations',
+                        example: `// Validate before TypedArray.set
+const targetOffset = 10;
+if (targetOffset + sourceArray.length <= targetArray.length) {
+  targetArray.set(sourceArray, targetOffset);
+}
+
+// DataView with bounds check
+const view = new DataView(buffer);
+if (offset + 4 <= buffer.byteLength) {
+  view.setInt32(offset, value);
+}`,
+                    },
+                });
+            }
+        }
+    }
+}
+/**
+ * Check for unchecked array growth patterns
+ */
+function checkUncheckedArrayGrowth(context, sourceCode, findings) {
+    const lines = sourceCode.split('\n');
+    const growthPatterns = [
+        {
+            // arr.length = newLength (direct length manipulation)
+            pattern: /\.length\s*=\s*(?:\w+|[^;]+)/gi,
+            type: 'Direct array length manipulation',
+            message: 'Direct array length manipulation can truncate data or create sparse arrays',
+            severity: 'medium',
+        },
+        {
+            // Unbounded push in loop
+            pattern: /while\s*\([^)]*\)[^{]*\{[^}]*\.push\s*\(/gi,
+            type: 'Unbounded array growth in while loop',
+            message: 'Array growth in while loop without size limit may cause memory exhaustion',
+            severity: 'medium',
+        },
+        {
+            // Array spread with unknown size
+            pattern: /\[\s*\.\.\.\w+\s*,\s*\.\.\.\w+\s*\]/gi,
+            type: 'Multiple array spreads',
+            message: 'Spreading multiple arrays without size validation may cause memory issues',
+            severity: 'low',
+        },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, type, message, severity } of growthPatterns) {
+            pattern.lastIndex = 0;
+            if (pattern.test(line)) {
+                findings.push({
+                    id: `cwe-787-growth-${findings.length + 1}`,
+                    ruleId: 'cwe-787-oob-write',
+                    severity,
+                    message: `${type}: ${message}`,
+                    location: {
+                        file: context.filePath,
+                        startLine: lineNum + 1,
+                        endLine: lineNum + 1,
+                        startColumn: 0,
+                        endColumn: line.length,
+                    },
+                    cwe: ['787'],
+                    suggestion: {
+                        description: 'Limit array size and validate before modification',
+                        example: `// Limit array size
+const MAX_SIZE = 10000;
+if (arr.length < MAX_SIZE) {
+  arr.push(item);
+}
+
+// Safe length modification
+const newLength = Math.min(desiredLength, MAX_ALLOWED_LENGTH);
+arr.length = newLength;`,
+                    },
+                });
+            }
+        }
+    }
+}
+export default cwe787OutOfBoundsWrite;
+//# sourceMappingURL=cwe-787-oob-write.js.map

package/dist/rules/cwe/cwe-787-oob-write.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cwe-787-oob-write.js","sourceRoot":"","sources":["../../../src/rules/cwe/cwe-787-oob-write.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAiB;IAClD,EAAE,EAAE,mBAAmB;IACvB,IAAI,EAAE,8BAA8B;IACpC,WAAW,EACT,0GAA0G;IAC5G,eAAe,EAAE,MAAM;IACvB,QAAQ,EAAE,eAAe;IACzB,IAAI,EAAE,CAAC,KAAK,EAAE,QAAQ,EAAE,iBAAiB,EAAE,OAAO,EAAE,UAAU,CAAC;IAC/D,GAAG,EAAE,CAAC,KAAK,CAAC;IACZ,UAAU,EAAE;QACV;YACE,KAAK,EAAE,8BAA8B;YACrC,GAAG,EAAE,iDAAiD;SACvD;QACD;YACE,KAAK,EAAE,iBAAiB;YACxB,GAAG,EAAE,+DAA+D;SACrE;KACF;IAED,KAAK,CAAC,OAAO,CAAC,OAAoB;QAChC,MAAM,QAAQ,GAAkB,EAAE,CAAC;QACnC,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QAEtC,2BAA2B,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;QAC3D,sBAAsB,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;QACtD,yBAAyB,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;QACzD,yBAAyB,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;QAEzD,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,SAAS,2BAA2B,CAClC,OAAoB,EACpB,UAAkB,EAClB,QAAuB;IAEvB,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,cAAc,GAAG;QACrB;YACE,OAAO,EAAE,4BAA4B;YACrC,IAAI,EAAE,0BAA0B;YAChC,OAAO,EACL,iFAAiF;YACnF,QAAQ,EAAE,QAAiB;SAC5B;QACD;YACE,OAAO,EAAE,gCAAgC;YACzC,IAAI,EAAE,8BAA8B;YACpC,OAAO,EACL,qEAAqE;YACvE,QAAQ,EAAE,QAAiB;SAC5B;QACD;YACE,OAAO,EAAE,qBAAqB;YAC9B,IAAI,EAAE,+BAA+B;YACrC,OAAO,EACL,+FAA+F;YACjG,QAAQ,EAAE,MAAe;SAC1B;QACD;YACE,OAAO,EAAE,oDAAoD;YAC7D,IAAI,EAAE,iCAAiC;YACvC,OAAO,EAAE,2DAA2D;YACpE,QAAQ,EAAE,QAAiB;SAC5B;QACD;YACE,OAAO,EAAE,oDAAoD;YAC7D,IAAI,EAAE,kCAAkC;YACxC,OAAO,EAAE,2DAA2D;YACpE,QAAQ,EAAE,QAAiB;SAC5B;QACD;YACE,OAAO,EAAE,8DAA8D;YACvE,IAAI,EAAE,yCAAyC;YAC/C,OAAO,EACL,4EAA4E;YAC9E,QAAQ,EAAE,QAAiB;SAC5B;KACF,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,cAAc,EAAE,CAAC;YAClE,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,kBAAkB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBAC3C,MAAM,EAAE,mBAAmB;oBAC3B,QAAQ;oBACR,OAAO,EAAE,GAAG,IAAI,KAAK,OAAO,EAAE;oBAC9B,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,SAAS,EAAE,OAAO,GAAG,CAAC;wBACtB,OAAO,EAAE,OAAO,GAAG,CAAC;wBACpB,WAAW,EAAE,CAAC;wBACd,SAAS,EAAE,IAAI,CAAC,MAAM;qBACvB;oBACD,GAAG,EAAE,CAAC,KAAK,CAAC;oBACZ,UAAU,EAAE;wBACV,WAAW,EAAE,iDAAiD;wBAC9D,OAAO,EAAE;;;;;;EAMnB;qBACS;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAC7B,OAAoB,EACpB,UAAkB,EAClB,QAAuB;IAEvB,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,aAAa,GAAG;QACpB;YACE,iEAAiE;YACjE,OAAO,EACL,2EAA2E;YAC7E,IAAI,EAAE,wCAAwC;YAC9C,OAAO,EACL,4EAA4E;YAC9E,QAAQ,EAAE,MAAe;SAC1B;QACD;YACE,8CAA8C;YAC9C,OAAO,EAAE,iEAAiE;YAC1E,IAAI,EAAE,mDAAmD;YACzD,OAAO,EACL,4DAA4D;YAC9D,QAAQ,EAAE,KAAc;SACzB;QACD;YACE,0CAA0C;YAC1C,OAAO,EAAE,sCAAsC;YAC/C,IAAI,EAAE,mCAAmC;YACzC,OAAO,EAAE,uDAAuD;YAChE,QAAQ,EAAE,KAAc;SACzB;KACF,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,aAAa,EAAE,CAAC;YACjE,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,iBAAiB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBAC1C,MAAM,EAAE,mBAAmB;oBAC3B,QAAQ;oBACR,OAAO,EAAE,GAAG,IAAI,KAAK,OAAO,EAAE;oBAC9B,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,SAAS,EAAE,OAAO,GAAG,CAAC;wBACtB,OAAO,EAAE,OAAO,GAAG,CAAC;wBACpB,WAAW,EAAE,CAAC;wBACd,SAAS,EAAE,IAAI,CAAC,MAAM;qBACvB;oBACD,GAAG,EAAE,CAAC,KAAK,CAAC;oBACZ,UAAU,EAAE;wBACV,WAAW,EAAE,uCAAuC;wBACpD,OAAO,EAAE;;;;;;iEAM4C;qBACtD;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,yBAAyB,CAChC,OAAoB,EACpB,UAAkB,EAClB,QAAuB;IAEvB,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,kBAAkB,GAAG;QACzB;YACE,OAAO,EACL,iKAAiK;YACnK,IAAI,EAAE,8BAA8B;YACpC,OAAO,EACL,0EAA0E;YAC5E,QAAQ,EAAE,KAAc;SACzB;QACD;YACE,OAAO,EACL,qHAAqH;YACvH,IAAI,EAAE,uBAAuB;YAC7B,OAAO,EACL,oEAAoE;YACtE,QAAQ,EAAE,MAAe;SAC1B;QACD;YACE,OAAO,EAAE,mCAAmC;YAC5C,IAAI,EAAE,4BAA4B;YAClC,OAAO,EACL,2EAA2E;YAC7E,QAAQ,EAAE,QAAiB;SAC5B;QACD;YACE,OAAO,EAAE,8BAA8B;YACvC,IAAI,EAAE,mBAAmB;YACzB,OAAO,EAAE,uDAAuD;YAChE,QAAQ,EAAE,KAAc;SACzB;QACD;YACE,OAAO,EAAE,oGAAoG;YAC7G,IAAI,EAAE,sBAAsB;YAC5B,OAAO,EACL,iFAAiF;YACnF,QAAQ,EAAE,QAAiB;SAC5B;KACF,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,kBAAkB,EAAE,CAAC;YACtE,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,iBAAiB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBAC1C,MAAM,EAAE,mBAAmB;oBAC3B,QAAQ;oBACR,OAAO,EAAE,GAAG,IAAI,KAAK,OAAO,EAAE;oBAC9B,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,SAAS,EAAE,OAAO,GAAG,CAAC;wBACtB,OAAO,EAAE,OAAO,GAAG,CAAC;wBACpB,WAAW,EAAE,CAAC;wBACd,SAAS,EAAE,IAAI,CAAC,MAAM;qBACvB;oBACD,GAAG,EAAE,CAAC,KAAK,CAAC;oBACZ,UAAU,EAAE;wBACV,WAAW,EAAE,8CAA8C;wBAC3D,OAAO,EAAE;;;;;;;;;;EAUnB;qBACS;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,yBAAyB,CAChC,OAAoB,EACpB,UAAkB,EAClB,QAAuB;IAEvB,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,cAAc,GAAG;QACrB;YACE,sDAAsD;YACtD,OAAO,EAAE,gCAAgC;YACzC,IAAI,EAAE,kCAAkC;YACxC,OAAO,EACL,4EAA4E;YAC9E,QAAQ,EAAE,QAAiB;SAC5B;QACD;YACE,yBAAyB;YACzB,OAAO,EAAE,4CAA4C;YACrD,IAAI,EAAE,sCAAsC;YAC5C,OAAO,EACL,2EAA2E;YAC7E,QAAQ,EAAE,QAAiB;SAC5B;QACD;YACE,iCAAiC;YACjC,OAAO,EAAE,uCAAuC;YAChD,IAAI,EAAE,wBAAwB;YAC9B,OAAO,EACL,2EAA2E;YAC7E,QAAQ,EAAE,KAAc;SACzB;KACF,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,cAAc,EAAE,CAAC;YAClE,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,kBAAkB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBAC3C,MAAM,EAAE,mBAAmB;oBAC3B,QAAQ;oBACR,OAAO,EAAE,GAAG,IAAI,KAAK,OAAO,EAAE;oBAC9B,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,SAAS,EAAE,OAAO,GAAG,CAAC;wBACtB,OAAO,EAAE,OAAO,GAAG,CAAC;wBACpB,WAAW,EAAE,CAAC;wBACd,SAAS,EAAE,IAAI,CAAC,MAAM;qBACvB;oBACD,GAAG,EAAE,CAAC,KAAK,CAAC;oBACZ,UAAU,EAAE;wBACV,WAAW,EAAE,mDAAmD;wBAChE,OAAO,EAAE;;;;;;;;wBAQG;qBACb;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,eAAe,sBAAsB,CAAC"}

package/dist/rules/cwe/cwe-79-xss.d.ts

@@ -0,0 +1,22 @@
+/**
+ * @fileoverview CWE-79: Improper Neutralization of Input During Web Page Generation (XSS)
+ * @module @nahisaho/musubix-security/rules/cwe/cwe-79-xss
+ * @trace TSK-RULE-005
+ *
+ * Detects:
+ * - Reflected XSS (user input in response)
+ * - Stored XSS (database content in output)
+ * - DOM-based XSS (client-side manipulation)
+ * - innerHTML/outerHTML usage
+ * - document.write usage
+ * - Unsafe template rendering
+ *
+ * CWE-79 is #2 in CWE Top 25 2023.
+ */
+import type { SecurityRule } from '../types.js';
+/**
+ * CWE-79 - Cross-site Scripting (XSS)
+ */
+export declare const cwe79XSS: SecurityRule;
+export default cwe79XSS;
+//# sourceMappingURL=cwe-79-xss.d.ts.map

package/dist/rules/cwe/cwe-79-xss.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cwe-79-xss.d.ts","sourceRoot":"","sources":["../../../src/rules/cwe/cwe-79-xss.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,YAAY,EAA4B,MAAM,aAAa,CAAC;AAE1E;;GAEG;AACH,eAAO,MAAM,QAAQ,EAAE,YAgCtB,CAAC;AA4YF,eAAe,QAAQ,CAAC"}