@nahisaho/musubix-security 2.0.1 → 2.1.1

package/dist/rules/engine/rule-engine.js

@@ -0,0 +1,379 @@
+/**
+ * @fileoverview Security Rule Engine
+ * @module @nahisaho/musubix-security/rules/engine/rule-engine
+ * @trace REQ-RULE-001, REQ-RULE-002, REQ-RULE-004
+ */
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { Project } from 'ts-morph';
+import { minimatch } from 'minimatch';
+import { meetsSeverityThreshold } from '../types.js';
+import { getGlobalRegistry } from './rule-registry.js';
+import { RuleContextBuilder } from './rule-context.js';
+/**
+ * Security Rule Engine
+ * Main orchestrator for running security rules against source files
+ */
+export class RuleEngine {
+    registry;
+    projectRoot;
+    concurrency;
+    onProgress;
+    onFileProcessed;
+    signal;
+    constructor(options = {}) {
+        this.registry = options.registry ?? getGlobalRegistry();
+        this.projectRoot = options.projectRoot ?? process.cwd();
+        this.concurrency = options.concurrency ?? 4;
+        this.onProgress = options.onProgress;
+        this.onFileProcessed = options.onFileProcessed;
+        this.signal = options.signal;
+    }
+    /**
+     * Run rules against files
+     */
+    async run(config) {
+        const startTime = Date.now();
+        const errors = [];
+        const allFindings = [];
+        const resultsByRule = new Map();
+        const resultsByFile = new Map();
+        // Initialize progress
+        this.emitProgress({
+            phase: 'init',
+            totalFiles: 0,
+            processedFiles: 0,
+            totalRules: 0,
+            findingsCount: 0,
+        });
+        // Get files to scan
+        const files = await this.getFilesToScan(config);
+        // Get rules to run
+        const rules = this.getRulesToRun(config);
+        // Create shared Project for better performance
+        const project = new Project({
+            useInMemoryFileSystem: false,
+            skipFileDependencyResolution: true,
+        });
+        // Process files
+        let processedFiles = 0;
+        const totalFiles = files.length;
+        const totalRules = rules.length;
+        // Initialize rule results
+        for (const rule of rules) {
+            resultsByRule.set(rule.id, {
+                ruleId: rule.id,
+                ruleName: rule.name,
+                findings: [],
+                executionTime: 0,
+                errors: [],
+                success: true,
+            });
+        }
+        // Process files in batches
+        for (let i = 0; i < files.length; i += this.concurrency) {
+            // Check for abort
+            if (this.signal?.aborted) {
+                errors.push({
+                    type: 'system',
+                    message: 'Execution aborted',
+                });
+                break;
+            }
+            const batch = files.slice(i, i + this.concurrency);
+            const batchResults = await Promise.all(batch.map(file => this.processFile(file, rules, config, project, errors)));
+            // Collect results
+            for (let j = 0; j < batch.length; j++) {
+                const filePath = batch[j];
+                const fileFindings = batchResults[j];
+                processedFiles++;
+                // Store file results
+                resultsByFile.set(filePath, fileFindings);
+                allFindings.push(...fileFindings);
+                // Update rule results
+                for (const finding of fileFindings) {
+                    const ruleResult = resultsByRule.get(finding.ruleId);
+                    if (ruleResult) {
+                        ruleResult.findings.push(finding);
+                    }
+                }
+                // Emit progress
+                this.emitProgress({
+                    phase: 'analyzing',
+                    totalFiles,
+                    processedFiles,
+                    totalRules,
+                    currentFile: filePath,
+                    findingsCount: allFindings.length,
+                });
+                // Emit file processed
+                this.onFileProcessed?.(filePath, fileFindings);
+            }
+        }
+        // Filter findings by severity threshold
+        const filteredFindings = allFindings.filter(f => meetsSeverityThreshold(f.severity, config.severityThreshold));
+        // Calculate summary
+        const summary = this.calculateSummary(filteredFindings, rules);
+        // Final progress
+        this.emitProgress({
+            phase: 'complete',
+            totalFiles,
+            processedFiles,
+            totalRules,
+            findingsCount: filteredFindings.length,
+        });
+        return {
+            findings: filteredFindings,
+            resultsByRule,
+            resultsByFile,
+            filesProcessed: processedFiles,
+            executionTimeMs: Date.now() - startTime,
+            errors,
+            summary,
+        };
+    }
+    /**
+     * Run rules against a single file
+     */
+    async runOnFile(filePath, config) {
+        const rules = this.getRulesToRun(config);
+        const errors = [];
+        const project = new Project({
+            useInMemoryFileSystem: false,
+            skipFileDependencyResolution: true,
+        });
+        return this.processFile(filePath, rules, config, project, errors);
+    }
+    /**
+     * Run rules against source code string
+     */
+    async runOnSource(sourceCode, config, fileName = 'anonymous.ts') {
+        const rules = this.getRulesToRun(config);
+        const contextBuilder = new RuleContextBuilder()
+            .withProjectRoot(this.projectRoot)
+            .withConfig(config);
+        const context = contextBuilder.buildFromSource(fileName, sourceCode);
+        const findings = [];
+        for (const rule of rules) {
+            try {
+                // Check if rule is enabled
+                const ruleConfig = config.rules[rule.id];
+                if (ruleConfig?.enabled === false)
+                    continue;
+                // Set current rule in context
+                context.setCurrentRule(rule.id);
+                // Run rule
+                const ruleFindings = await rule.analyze(context);
+                findings.push(...ruleFindings);
+            }
+            catch (error) {
+                // Log error but continue
+                console.error(`Error running rule ${rule.id}:`, error);
+            }
+        }
+        return findings;
+    }
+    /**
+     * Process a single file
+     */
+    async processFile(filePath, rules, config, project, errors) {
+        const findings = [];
+        try {
+            // Build context
+            const contextBuilder = new RuleContextBuilder()
+                .withProjectRoot(this.projectRoot)
+                .withConfig(config)
+                .withProject(project)
+                .withTaintAnalysis(config.enableTaintAnalysis)
+                .withDFG(config.enableDFG);
+            const context = await contextBuilder.build(filePath);
+            // Run each rule
+            for (const rule of rules) {
+                try {
+                    // Check if rule is enabled
+                    const ruleConfig = config.rules[rule.id];
+                    if (ruleConfig?.enabled === false)
+                        continue;
+                    // Check severity threshold
+                    const ruleSeverity = ruleConfig?.severity ?? rule.defaultSeverity;
+                    if (!meetsSeverityThreshold(ruleSeverity, config.severityThreshold)) {
+                        continue;
+                    }
+                    // Set current rule in context
+                    context.setCurrentRule(rule.id);
+                    // Run rule
+                    const ruleFindings = await rule.analyze(context);
+                    // Override severity if configured
+                    if (ruleConfig?.severity) {
+                        for (const f of ruleFindings) {
+                            f.severity = ruleConfig.severity;
+                        }
+                    }
+                    findings.push(...ruleFindings);
+                }
+                catch (error) {
+                    errors.push({
+                        type: 'rule',
+                        filePath,
+                        ruleId: rule.id,
+                        message: error instanceof Error ? error.message : String(error),
+                        stack: error instanceof Error ? error.stack : undefined,
+                    });
+                }
+            }
+        }
+        catch (error) {
+            errors.push({
+                type: 'file',
+                filePath,
+                message: error instanceof Error ? error.message : String(error),
+                stack: error instanceof Error ? error.stack : undefined,
+            });
+        }
+        return findings;
+    }
+    /**
+     * Get files to scan
+     */
+    async getFilesToScan(config) {
+        const includePatterns = config.include ?? ['**/*.ts', '**/*.tsx', '**/*.js', '**/*.jsx'];
+        const excludePatterns = config.exclude ?? ['**/node_modules/**', '**/dist/**'];
+        const files = [];
+        await this.walkDirectory(this.projectRoot, (filePath) => {
+            const relativePath = path.relative(this.projectRoot, filePath);
+            // Check if matches include patterns
+            const matchesInclude = includePatterns.some(pattern => minimatch(relativePath, pattern, { dot: true }));
+            // Check if matches exclude patterns
+            const matchesExclude = excludePatterns.some(pattern => minimatch(relativePath, pattern, { dot: true }));
+            if (matchesInclude && !matchesExclude) {
+                files.push(filePath);
+            }
+        });
+        return files;
+    }
+    /**
+     * Walk directory recursively
+     */
+    async walkDirectory(dir, callback) {
+        try {
+            const entries = await fs.promises.readdir(dir, { withFileTypes: true });
+            for (const entry of entries) {
+                const fullPath = path.join(dir, entry.name);
+                if (entry.isDirectory()) {
+                    // Skip node_modules and hidden directories
+                    if (entry.name === 'node_modules' || entry.name.startsWith('.')) {
+                        continue;
+                    }
+                    await this.walkDirectory(fullPath, callback);
+                }
+                else if (entry.isFile()) {
+                    callback(fullPath);
+                }
+            }
+        }
+        catch (error) {
+            // Ignore errors (e.g., permission denied)
+        }
+    }
+    /**
+     * Get rules to run based on config
+     */
+    getRulesToRun(config) {
+        // Get all rules
+        let rules = this.registry.getAll();
+        // Filter by profile if specified
+        if (config.profile) {
+            const profileRules = this.getProfileRules(config.profile);
+            if (profileRules) {
+                rules = rules.filter(r => profileRules.includes(r.id));
+            }
+        }
+        // Apply explicit enables/disables
+        return rules.filter(rule => {
+            const ruleConfig = config.rules[rule.id];
+            // If explicitly disabled, skip
+            if (ruleConfig?.enabled === false)
+                return false;
+            // If explicitly enabled, include
+            if (ruleConfig?.enabled === true)
+                return true;
+            // Otherwise include (profile or default)
+            return true;
+        });
+    }
+    /**
+     * Get rules for a profile
+     */
+    getProfileRules(profile) {
+        const profiles = {
+            minimal: [
+                'owasp-a01', 'owasp-a03', 'owasp-a07',
+                'cwe-79', 'cwe-89', 'cwe-287',
+            ],
+            standard: [
+                'owasp-a01', 'owasp-a02', 'owasp-a03', 'owasp-a04', 'owasp-a05',
+                'owasp-a06', 'owasp-a07', 'owasp-a08', 'owasp-a09', 'owasp-a10',
+                'cwe-20', 'cwe-22', 'cwe-77', 'cwe-78', 'cwe-79', 'cwe-89',
+                'cwe-94', 'cwe-119', 'cwe-125', 'cwe-190', 'cwe-200',
+                'cwe-287', 'cwe-306', 'cwe-352', 'cwe-434', 'cwe-476',
+                'cwe-502', 'cwe-522', 'cwe-611', 'cwe-787', 'cwe-798',
+                'cwe-862', 'cwe-863', 'cwe-918', 'cwe-1321',
+            ],
+            strict: [
+            // All rules
+            ],
+        };
+        return profiles[profile] ?? null;
+    }
+    /**
+     * Calculate summary statistics
+     */
+    calculateSummary(findings, rules) {
+        const bySeverity = {
+            critical: 0,
+            high: 0,
+            medium: 0,
+            low: 0,
+            info: 0,
+        };
+        const byRule = {};
+        const byCategory = {};
+        for (const finding of findings) {
+            // By severity
+            bySeverity[finding.severity]++;
+            // By rule
+            byRule[finding.ruleId] = (byRule[finding.ruleId] ?? 0) + 1;
+            // By category
+            const rule = rules.find(r => r.id === finding.ruleId);
+            if (rule?.owasp) {
+                for (const owasp of rule.owasp) {
+                    byCategory[owasp] = (byCategory[owasp] ?? 0) + 1;
+                }
+            }
+            if (rule?.cwe) {
+                for (const cwe of rule.cwe) {
+                    byCategory[`CWE-${cwe}`] = (byCategory[`CWE-${cwe}`] ?? 0) + 1;
+                }
+            }
+        }
+        return {
+            totalFindings: findings.length,
+            bySeverity,
+            byRule,
+            byCategory,
+        };
+    }
+    /**
+     * Emit progress
+     */
+    emitProgress(progress) {
+        this.onProgress?.(progress);
+    }
+}
+/**
+ * Create a rule engine
+ */
+export function createRuleEngine(options = {}) {
+    return new RuleEngine(options);
+}
+//# sourceMappingURL=rule-engine.js.map

package/dist/rules/engine/rule-engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rule-engine.js","sourceRoot":"","sources":["../../../src/rules/engine/rule-engine.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,UAAU,CAAC;AACnC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAQtC,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAgB,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AA0EvD;;;GAGG;AACH,MAAM,OAAO,UAAU;IACb,QAAQ,CAAe;IACvB,WAAW,CAAS;IACpB,WAAW,CAAS;IACpB,UAAU,CAA0C;IACpD,eAAe,CAAuD;IACtE,MAAM,CAAe;IAE7B,YAAY,UAA6B,EAAE;QACzC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,iBAAiB,EAAE,CAAC;QACxD,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QACxD,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,CAAC,CAAC;QAC5C,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QACrC,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,GAAG,CAAC,MAAkB;QAC1B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAsB,EAAE,CAAC;QACrC,MAAM,WAAW,GAAkB,EAAE,CAAC;QACtC,MAAM,aAAa,GAAG,IAAI,GAAG,EAAsB,CAAC;QACpD,MAAM,aAAa,GAAG,IAAI,GAAG,EAAyB,CAAC;QAEvD,sBAAsB;QACtB,IAAI,CAAC,YAAY,CAAC;YAChB,KAAK,EAAE,MAAM;YACb,UAAU,EAAE,CAAC;YACb,cAAc,EAAE,CAAC;YACjB,UAAU,EAAE,CAAC;YACb,aAAa,EAAE,CAAC;SACjB,CAAC,CAAC;QAEH,oBAAoB;QACpB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAEhD,mBAAmB;QACnB,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QAEzC,+CAA+C;QAC/C,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC;YAC1B,qBAAqB,EAAE,KAAK;YAC5B,4BAA4B,EAAE,IAAI;SACnC,CAAC,CAAC;QAEH,gBAAgB;QAChB,IAAI,cAAc,GAAG,CAAC,CAAC;QACvB,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC;QAChC,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC;QAEhC,0BAA0B;QAC1B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE;gBACzB,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,QAAQ,EAAE,IAAI,CAAC,IAAI;gBACnB,QAAQ,EAAE,EAAE;gBACZ,aAAa,EAAE,CAAC;gBAChB,MAAM,EAAE,EAAE;gBACV,OAAO,EAAE,IAAI;aACd,CAAC,CAAC;QACL,CAAC;QAED,2BAA2B;QAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACxD,kBAAkB;YAClB,IAAI,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;gBACzB,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,OAAO,EAAE,mBAAmB;iBAC7B,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;YAED,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC;YACnD,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CACpC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,CAC1E,CAAC;YAEF,kBAAkB;YAClB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC1B,MAAM,YAAY,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;gBAErC,cAAc,EAAE,CAAC;gBAEjB,qBAAqB;gBACrB,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;gBAC1C,WAAW,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;gBAElC,sBAAsB;gBACtB,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;oBACnC,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;oBACrD,IAAI,UAAU,EAAE,CAAC;wBACf,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBACpC,CAAC;gBACH,CAAC;gBAED,gBAAgB;gBAChB,IAAI,CAAC,YAAY,CAAC;oBAChB,KAAK,EAAE,WAAW;oBAClB,UAAU;oBACV,cAAc;oBACd,UAAU;oBACV,WAAW,EAAE,QAAQ;oBACrB,aAAa,EAAE,WAAW,CAAC,MAAM;iBAClC,CAAC,CAAC;gBAEH,sBAAsB;gBACtB,IAAI,CAAC,eAAe,EAAE,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;QAED,wCAAwC;QACxC,MAAM,gBAAgB,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAC9C,sBAAsB,CAAC,CAAC,CAAC,QAAQ,EAAE,MAAM,CAAC,iBAAiB,CAAC,CAC7D,CAAC;QAEF,oBAAoB;QACpB,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;QAE/D,iBAAiB;QACjB,IAAI,CAAC,YAAY,CAAC;YAChB,KAAK,EAAE,UAAU;YACjB,UAAU;YACV,cAAc;YACd,UAAU;YACV,aAAa,EAAE,gBAAgB,CAAC,MAAM;SACvC,CAAC,CAAC;QAEH,OAAO;YACL,QAAQ,EAAE,gBAAgB;YAC1B,aAAa;YACb,aAAa;YACb,cAAc,EAAE,cAAc;YAC9B,eAAe,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YACvC,MAAM;YACN,OAAO;SACR,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CACb,QAAgB,EAChB,MAAkB;QAElB,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,MAAM,GAAsB,EAAE,CAAC;QACrC,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC;YAC1B,qBAAqB,EAAE,KAAK;YAC5B,4BAA4B,EAAE,IAAI;SACnC,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CACf,UAAkB,EAClB,MAAkB,EAClB,WAAmB,cAAc;QAEjC,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,cAAc,GAAG,IAAI,kBAAkB,EAAE;aAC5C,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC;aACjC,UAAU,CAAC,MAAM,CAAC,CAAC;QAEtB,MAAM,OAAO,GAAG,cAAc,CAAC,eAAe,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACrE,MAAM,QAAQ,GAAkB,EAAE,CAAC;QAEnC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,2BAA2B;gBAC3B,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACzC,IAAI,UAAU,EAAE,OAAO,KAAK,KAAK;oBAAE,SAAS;gBAE5C,8BAA8B;gBAC7B,OAAe,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAEzC,WAAW;gBACX,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;gBACjD,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;YACjC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,yBAAyB;gBACzB,OAAO,CAAC,KAAK,CAAC,sBAAsB,IAAI,CAAC,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,WAAW,CACvB,QAAgB,EAChB,KAAqB,EACrB,MAAkB,EAClB,OAAgB,EAChB,MAAyB;QAEzB,MAAM,QAAQ,GAAkB,EAAE,CAAC;QAEnC,IAAI,CAAC;YACH,gBAAgB;YAChB,MAAM,cAAc,GAAG,IAAI,kBAAkB,EAAE;iBAC5C,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC;iBACjC,UAAU,CAAC,MAAM,CAAC;iBAClB,WAAW,CAAC,OAAO,CAAC;iBACpB,iBAAiB,CAAC,MAAM,CAAC,mBAAmB,CAAC;iBAC7C,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAE7B,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YAErD,gBAAgB;YAChB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC;oBACH,2BAA2B;oBAC3B,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;oBACzC,IAAI,UAAU,EAAE,OAAO,KAAK,KAAK;wBAAE,SAAS;oBAE5C,2BAA2B;oBAC3B,MAAM,YAAY,GAAG,UAAU,EAAE,QAAQ,IAAI,IAAI,CAAC,eAAe,CAAC;oBAClE,IAAI,CAAC,sBAAsB,CAAC,YAAY,EAAE,MAAM,CAAC,iBAAiB,CAAC,EAAE,CAAC;wBACpE,SAAS;oBACX,CAAC;oBAED,8BAA8B;oBAC7B,OAAe,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;oBAEzC,WAAW;oBACX,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;oBAEjD,kCAAkC;oBAClC,IAAI,UAAU,EAAE,QAAQ,EAAE,CAAC;wBACzB,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;4BAC7B,CAAC,CAAC,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC;wBACnC,CAAC;oBACH,CAAC;oBAED,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;gBACjC,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,MAAM;wBACZ,QAAQ;wBACR,MAAM,EAAE,IAAI,CAAC,EAAE;wBACf,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;wBAC/D,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;qBACxD,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,MAAM;gBACZ,QAAQ;gBACR,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;gBAC/D,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;aACxD,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,cAAc,CAAC,MAAkB;QAC7C,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QACzF,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,IAAI,CAAC,oBAAoB,EAAE,YAAY,CAAC,CAAC;QAE/E,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE,EAAE;YACtD,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;YAE/D,oCAAoC;YACpC,MAAM,cAAc,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CACpD,SAAS,CAAC,YAAY,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAChD,CAAC;YAEF,oCAAoC;YACpC,MAAM,cAAc,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CACpD,SAAS,CAAC,YAAY,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAChD,CAAC;YAEF,IAAI,cAAc,IAAI,CAAC,cAAc,EAAE,CAAC;gBACtC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa,CACzB,GAAW,EACX,QAAoC;QAEpC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;YAExE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;gBAE5C,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;oBACxB,2CAA2C;oBAC3C,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;wBAChE,SAAS;oBACX,CAAC;oBACD,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBAC/C,CAAC;qBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;oBAC1B,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACrB,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,0CAA0C;QAC5C,CAAC;IACH,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,MAAkB;QACtC,gBAAgB;QAChB,IAAI,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;QAEnC,iCAAiC;QACjC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC1D,IAAI,YAAY,EAAE,CAAC;gBACjB,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;QAED,kCAAkC;QAClC,OAAO,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;YACzB,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAEzC,+BAA+B;YAC/B,IAAI,UAAU,EAAE,OAAO,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAC;YAEhD,iCAAiC;YACjC,IAAI,UAAU,EAAE,OAAO,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAC;YAE9C,yCAAyC;YACzC,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,OAAe;QACrC,MAAM,QAAQ,GAA6B;YACzC,OAAO,EAAE;gBACP,WAAW,EAAE,WAAW,EAAE,WAAW;gBACrC,QAAQ,EAAE,QAAQ,EAAE,SAAS;aAC9B;YACD,QAAQ,EAAE;gBACR,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW;gBAC/D,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW;gBAC/D,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ;gBAC1D,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS;gBACpD,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS;gBACrD,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS;gBACrD,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU;aAC5C;YACD,MAAM,EAAE;YACN,YAAY;aACb;SACF,CAAC;QAEF,OAAO,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC;IACnC,CAAC;IAED;;OAEG;IACK,gBAAgB,CACtB,QAAuB,EACvB,KAAqB;QAErB,MAAM,UAAU,GAAiC;YAC/C,QAAQ,EAAE,CAAC;YACX,IAAI,EAAE,CAAC;YACP,MAAM,EAAE,CAAC;YACT,GAAG,EAAE,CAAC;YACN,IAAI,EAAE,CAAC;SACR,CAAC;QACF,MAAM,MAAM,GAA2B,EAAE,CAAC;QAC1C,MAAM,UAAU,GAA2B,EAAE,CAAC;QAE9C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,cAAc;YACd,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAE/B,UAAU;YACV,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YAE3D,cAAc;YACd,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;YACtD,IAAI,IAAI,EAAE,KAAK,EAAE,CAAC;gBAChB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBAC/B,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;gBACnD,CAAC;YACH,CAAC;YACD,IAAI,IAAI,EAAE,GAAG,EAAE,CAAC;gBACd,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;oBAC3B,UAAU,CAAC,OAAO,GAAG,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;gBACjE,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,aAAa,EAAE,QAAQ,CAAC,MAAM;YAC9B,UAAU;YACV,MAAM;YACN,UAAU;SACX,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,QAA4B;QAC/C,IAAI,CAAC,UAAU,EAAE,CAAC,QAAQ,CAAC,CAAC;IAC9B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,UAA6B,EAAE;IAC9D,OAAO,IAAI,UAAU,CAAC,OAAO,CAAC,CAAC;AACjC,CAAC"}

package/dist/rules/engine/rule-registry.d.ts

@@ -0,0 +1,133 @@
+/**
+ * @fileoverview Rule Registry - Manages rule registration and retrieval
+ * @module @nahisaho/musubix-security/rules/engine/rule-registry
+ * @trace REQ-RULE-003
+ */
+import type { SecurityRule, RuleConfig, RuleSettings } from '../types.js';
+/**
+ * Rule category for organization
+ */
+export type RuleCategory = 'owasp' | 'cwe' | 'custom' | 'all';
+/**
+ * Rule filter options
+ */
+export interface RuleFilter {
+    /** Filter by category */
+    category?: RuleCategory;
+    /** Filter by IDs */
+    ids?: string[];
+    /** Filter by tags */
+    tags?: string[];
+    /** Filter by detection method */
+    detectionMethod?: string;
+    /** Only enabled rules */
+    enabledOnly?: boolean;
+}
+/**
+ * Rule Registry
+ * Manages registration and retrieval of security rules
+ */
+export declare class RuleRegistry {
+    private rules;
+    private rulesByCategory;
+    private rulesByTag;
+    /**
+     * Register a rule
+     * @param rule The rule to register
+     * @param overwrite Whether to overwrite existing rule with same ID
+     */
+    register(rule: SecurityRule, overwrite?: boolean): void;
+    /**
+     * Register multiple rules
+     */
+    registerAll(rules: SecurityRule[]): void;
+    /**
+     * Unregister a rule
+     */
+    unregister(ruleId: string): boolean;
+    /**
+     * Get a rule by ID
+     */
+    get(ruleId: string): SecurityRule | undefined;
+    /**
+     * Check if a rule exists
+     */
+    has(ruleId: string): boolean;
+    /**
+     * Get all registered rules
+     */
+    getAll(): SecurityRule[];
+    /**
+     * Get rules by filter
+     */
+    getFiltered(filter: RuleFilter, config?: RuleConfig): SecurityRule[];
+    /**
+     * Get rules by category
+     */
+    getByCategory(category: RuleCategory): SecurityRule[];
+    /**
+     * Get rules by tag
+     */
+    getByTag(tag: string): SecurityRule[];
+    /**
+     * Get enabled rules based on config
+     */
+    getEnabled(config: RuleConfig): SecurityRule[];
+    /**
+     * Check if a rule is enabled
+     */
+    isRuleEnabled(ruleId: string, config: RuleConfig): boolean;
+    /**
+     * Get rule settings with defaults
+     */
+    getRuleSettings(ruleId: string, config: RuleConfig): RuleSettings;
+    /**
+     * Get rule count
+     */
+    get size(): number;
+    /**
+     * Get rule count (alias for size)
+     */
+    count(): number;
+    /**
+     * Get all rule IDs
+     */
+    getIds(): string[];
+    /**
+     * Get all tags
+     */
+    getTags(): string[];
+    /**
+     * Get rules by severity
+     */
+    getBySeverity(severity: string): SecurityRule[];
+    /**
+     * Get rules by detection method
+     */
+    getByDetectionMethod(method: string): SecurityRule[];
+    /**
+     * Filter rules by predicate
+     */
+    filter(predicate: (rule: SecurityRule) => boolean): SecurityRule[];
+    /**
+     * Clear all rules
+     */
+    clear(): void;
+    /**
+     * Categorize rule by ID prefix
+     */
+    private categorizeRule;
+}
+/**
+ * Get or create global registry
+ */
+export declare function getGlobalRegistry(): RuleRegistry;
+/**
+ * Create a new registry (for isolated use)
+ */
+export declare function createRegistry(): RuleRegistry;
+/**
+ * Reset global registry (for testing)
+ */
+export declare function resetGlobalRegistry(): void;
+//# sourceMappingURL=rule-registry.d.ts.map

package/dist/rules/engine/rule-registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rule-registry.d.ts","sourceRoot":"","sources":["../../../src/rules/engine/rule-registry.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EACV,YAAY,EACZ,UAAU,EACV,YAAY,EACb,MAAM,aAAa,CAAC;AAErB;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,KAAK,GAAG,QAAQ,GAAG,KAAK,CAAC;AAE9D;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,yBAAyB;IACzB,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,oBAAoB;IACpB,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,qBAAqB;IACrB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,iCAAiC;IACjC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,yBAAyB;IACzB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED;;;GAGG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,KAAK,CAAwC;IACrD,OAAO,CAAC,eAAe,CAIpB;IACH,OAAO,CAAC,UAAU,CAAuC;IAEzD;;;;OAIG;IACH,QAAQ,CAAC,IAAI,EAAE,YAAY,EAAE,SAAS,GAAE,OAAe,GAAG,IAAI;IA2B9D;;OAEG;IACH,WAAW,CAAC,KAAK,EAAE,YAAY,EAAE,GAAG,IAAI;IAMxC;;OAEG;IACH,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAoBnC;;OAEG;IACH,GAAG,CAAC,MAAM,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS;IAI7C;;OAEG;IACH,GAAG,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAI5B;;OAEG;IACH,MAAM,IAAI,YAAY,EAAE;IAIxB;;OAEG;IACH,WAAW,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,EAAE,UAAU,GAAG,YAAY,EAAE;IAoDpE;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,YAAY,GAAG,YAAY,EAAE;IAQrD;;OAEG;IACH,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,YAAY,EAAE;IAKrC;;OAEG;IACH,UAAU,CAAC,MAAM,EAAE,UAAU,GAAG,YAAY,EAAE;IAI9C;;OAEG;IACH,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO;IAsB1D;;OAEG;IACH,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,YAAY;IAWjE;;OAEG;IACH,IAAI,IAAI,IAAI,MAAM,CAEjB;IAED;;OAEG;IACH,KAAK,IAAI,MAAM;IAIf;;OAEG;IACH,MAAM,IAAI,MAAM,EAAE;IAIlB;;OAEG;IACH,OAAO,IAAI,MAAM,EAAE;IAInB;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,YAAY,EAAE;IAI/C;;OAEG;IACH,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,YAAY,EAAE;IAIpD;;OAEG;IACH,MAAM,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,OAAO,GAAG,YAAY,EAAE;IAIlE;;OAEG;IACH,KAAK,IAAI,IAAI;IAMb;;OAEG;IACH,OAAO,CAAC,cAAc;CAUvB;AAOD;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,YAAY,CAKhD;AAED;;GAEG;AACH,wBAAgB,cAAc,IAAI,YAAY,CAE7C;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,IAAI,CAE1C"}