@nahisaho/musubix-security 2.0.1 → 2.1.1

package/dist/rules/owasp/a01-broken-access-control.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"a01-broken-access-control.js","sourceRoot":"","sources":["../../../src/rules/owasp/a01-broken-access-control.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAiB;IACvD,EAAE,EAAE,iCAAiC;IACrC,IAAI,EAAE,wCAAwC;IAC9C,WAAW,EAAE,8GAA8G;IAC3H,eAAe,EAAE,UAAU;IAC3B,eAAe,EAAE,UAAU;IAC3B,IAAI,EAAE,CAAC,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,UAAU,CAAC;IAC9D,KAAK,EAAE,CAAC,UAAU,CAAC;IACnB,GAAG,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;IACxC,UAAU,EAAE;QACV,EAAE,KAAK,EAAE,wCAAwC,EAAE,GAAG,EAAE,yDAAyD,EAAE;QACnH,EAAE,KAAK,EAAE,kCAAkC,EAAE,GAAG,EAAE,iDAAiD,EAAE;KACtG;IAED,KAAK,CAAC,OAAO,CAAC,OAAoB;QAChC,MAAM,QAAQ,GAAkB,EAAE,CAAC;QACnC,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QACtC,IAAI,CAAC,UAAU;YAAE,OAAO,QAAQ,CAAC;QAEjC,mDAAmD;QACnD,0BAA0B,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE9C,qCAAqC;QACrC,2BAA2B,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE/C,mCAAmC;QACnC,0BAA0B,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE9C,oCAAoC;QACpC,kBAAkB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAEtC,uDAAuD;QACvD,yBAAyB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE7C,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,SAAS,0BAA0B,CAAC,OAAoB,EAAE,QAAuB;IAC/E,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IAEtC,wDAAwD;IACxD,MAAM,aAAa,GAAG;QACpB,gFAAgF;QAChF,mFAAmF;KACpF,CAAC;IAEF,8BAA8B;IAC9B,MAAM,kBAAkB,GAAG;QACzB,UAAU;QACV,eAAe;QACf,kBAAkB;QAClB,gBAAgB;QAChB,iBAAiB;QACjB,WAAW;QACX,SAAS;QACT,WAAW;KACZ,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;QACpC,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACnD,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAE1B,qCAAqC;YACrC,IAAI,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;gBACnD,MAAM,KAAK,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC/D,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC;gBAE1B,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,aAAa,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBACtC,MAAM,EAAE,iCAAiC;oBACzC,QAAQ,EAAE,MAAM;oBAChB,OAAO,EAAE,sBAAsB,QAAQ,qCAAqC;oBAC5E,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,SAAS,EAAE,IAAI;wBACf,OAAO,EAAE,IAAI;wBACb,WAAW,EAAE,CAAC;wBACd,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM;qBAC3B;oBACD,UAAU,EAAE;wBACV,WAAW,EAAE,wDAAwD;wBACrE,OAAO,EAAE,+BAA+B,KAAK,CAAC,CAAC,CAAC,IAAI,QAAQ,4BAA4B;qBACzF;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,2BAA2B,CAAC,OAAoB,EAAE,QAAuB;IAChF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,2CAA2C;IAC3C,MAAM,YAAY,GAAG;QACnB,yDAAyD;QACzD,qEAAqE;QACrE,0CAA0C;QAC1C,wDAAwD;QACxD,wDAAwD;KACzD,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;YACnC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,2DAA2D;gBAC3D,MAAM,eAAe,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEtF,IAAI,CAAC,qBAAqB,CAAC,eAAe,CAAC,EAAE,CAAC;oBAC5C,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,kBAAkB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;wBAC3C,MAAM,EAAE,iCAAiC;wBACzC,QAAQ,EAAE,MAAM;wBAChB,OAAO,EAAE,0GAA0G;wBACnH,QAAQ,EAAE;4BACR,IAAI,EAAE,OAAO,CAAC,QAAQ;4BACtB,SAAS,EAAE,OAAO,GAAG,CAAC;4BACtB,OAAO,EAAE,OAAO,GAAG,CAAC;4BACpB,WAAW,EAAE,CAAC;4BACd,SAAS,EAAE,IAAI,CAAC,MAAM;yBACvB;wBACD,UAAU,EAAE;4BACV,WAAW,EAAE,kDAAkD;4BAC/D,OAAO,EAAE,kHAAkH;yBAC5H;qBACF,CAAC,CAAC;gBACL,CAAC;gBACD,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,0BAA0B,CAAC,OAAoB,EAAE,QAAuB;IAC/E,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,YAAY,GAAG;QACnB,kBAAkB;QAClB,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,6BAA6B,EAAE;QACpE,uCAAuC;QACvC,EAAE,OAAO,EAAE,8CAA8C,EAAE,OAAO,EAAE,0BAA0B,EAAE;QAChG,4BAA4B;QAC5B,EAAE,OAAO,EAAE,qDAAqD,EAAE,OAAO,EAAE,8CAA8C,EAAE;KAC5H,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,YAAY,EAAE,CAAC;YAChD,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,kBAAkB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBAC3C,MAAM,EAAE,iCAAiC;oBACzC,QAAQ,EAAE,QAAQ;oBAClB,OAAO,EAAE,0BAA0B,OAAO,EAAE;oBAC5C,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,SAAS,EAAE,OAAO,GAAG,CAAC;wBACtB,OAAO,EAAE,OAAO,GAAG,CAAC;wBACpB,WAAW,EAAE,CAAC;wBACd,SAAS,EAAE,IAAI,CAAC,MAAM;qBACvB;oBACD,UAAU,EAAE;wBACV,WAAW,EAAE,2CAA2C;wBACxD,OAAO,EAAE,iEAAiE;qBAC3E;iBACF,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,OAAoB,EAAE,QAAuB;IACvE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,wCAAwC;IACxC,MAAM,YAAY,GAAG;QACnB,4DAA4D;QAC5D,sFAAsF;QACtF,qDAAqD;KACtD,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;YACnC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,sCAAsC;gBACtC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC5F,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,kBAAkB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;wBAC3C,MAAM,EAAE,iCAAiC;wBACzC,QAAQ,EAAE,MAAM;wBAChB,OAAO,EAAE,4FAA4F;wBACrG,QAAQ,EAAE;4BACR,IAAI,EAAE,OAAO,CAAC,QAAQ;4BACtB,SAAS,EAAE,OAAO,GAAG,CAAC;4BACtB,OAAO,EAAE,OAAO,GAAG,CAAC;4BACpB,WAAW,EAAE,CAAC;4BACd,SAAS,EAAE,IAAI,CAAC,MAAM;yBACvB;wBACD,UAAU,EAAE;4BACV,WAAW,EAAE,iEAAiE;4BAC9E,OAAO,EAAE;;oEAE6C;yBACvD;qBACF,CAAC,CAAC;gBACL,CAAC;gBACD,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,yBAAyB,CAAC,OAAoB,EAAE,QAAuB;IAC9E,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,gCAAgC;IAChC,MAAM,kBAAkB,GAAG;QACzB,EAAE,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,QAAQ,EAAE;QACpD,EAAE,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,QAAQ,EAAE;QACnD,EAAE,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,QAAQ,EAAE;QACnD,EAAE,OAAO,EAAE,iCAAiC,EAAE,SAAS,EAAE,iBAAiB,EAAE;QAC5E,EAAE,OAAO,EAAE,yBAAyB,EAAE,SAAS,EAAE,YAAY,EAAE;QAC/D,EAAE,OAAO,EAAE,qBAAqB,EAAE,SAAS,EAAE,mBAAmB,EAAE;QAClE,EAAE,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,iBAAiB,EAAE;KACzD,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,kBAAkB,EAAE,CAAC;YACxD,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,8CAA8C;gBAC9C,MAAM,eAAe,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,GAAG,EAAE,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEvF,IAAI,CAAC,qBAAqB,CAAC,eAAe,CAAC,EAAE,CAAC;oBAC5C,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,kBAAkB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;wBAC3C,MAAM,EAAE,iCAAiC;wBACzC,QAAQ,EAAE,MAAM;wBAChB,OAAO,EAAE,yBAAyB,SAAS,uCAAuC;wBAClF,QAAQ,EAAE;4BACR,IAAI,EAAE,OAAO,CAAC,QAAQ;4BACtB,SAAS,EAAE,OAAO,GAAG,CAAC;4BACtB,OAAO,EAAE,OAAO,GAAG,CAAC;4BACpB,WAAW,EAAE,CAAC;4BACd,SAAS,EAAE,IAAI,CAAC,MAAM;yBACvB;wBACD,UAAU,EAAE;4BACV,WAAW,EAAE,sDAAsD;4BACnE,OAAO,EAAE,uEAAuE;yBACjF;qBACF,CAAC,CAAC;gBACL,CAAC;gBACD,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,IAAY;IACzC,MAAM,YAAY,GAAG;QACnB,SAAS;QACT,UAAU;QACV,YAAY;QACZ,gBAAgB;QAChB,UAAU;QACV,YAAY;QACZ,cAAc;QACd,QAAQ;QACR,YAAY;QACZ,2BAA2B;QAC3B,yBAAyB;QACzB,0BAA0B;KAC3B,CAAC;IAEF,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED,eAAe,2BAA2B,CAAC"}

package/dist/rules/owasp/a02-cryptographic-failures.d.ts

@@ -0,0 +1,19 @@
+/**
+ * @fileoverview OWASP A02:2021 - Cryptographic Failures Rule
+ * @module @nahisaho/musubix-security/rules/owasp/a02-cryptographic-failures
+ * @trace TSK-RULE-003
+ *
+ * Detects:
+ * - Weak hash algorithms (MD5, SHA1)
+ * - Weak encryption algorithms (DES, RC4, ECB mode)
+ * - Hardcoded cryptographic keys
+ * - Insecure random number generation
+ * - Missing TLS/SSL or weak configuration
+ */
+import type { SecurityRule } from '../types.js';
+/**
+ * OWASP A02 - Cryptographic Failures
+ */
+export declare const owaspA02CryptographicFailures: SecurityRule;
+export default owaspA02CryptographicFailures;
+//# sourceMappingURL=a02-cryptographic-failures.d.ts.map

package/dist/rules/owasp/a02-cryptographic-failures.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"a02-cryptographic-failures.d.ts","sourceRoot":"","sources":["../../../src/rules/owasp/a02-cryptographic-failures.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,YAAY,EAA4B,MAAM,aAAa,CAAC;AAE1E;;GAEG;AACH,eAAO,MAAM,6BAA6B,EAAE,YAuC3C,CAAC;AAiTF,eAAe,6BAA6B,CAAC"}

package/dist/rules/owasp/a02-cryptographic-failures.js

@@ -0,0 +1,327 @@
+/**
+ * @fileoverview OWASP A02:2021 - Cryptographic Failures Rule
+ * @module @nahisaho/musubix-security/rules/owasp/a02-cryptographic-failures
+ * @trace TSK-RULE-003
+ *
+ * Detects:
+ * - Weak hash algorithms (MD5, SHA1)
+ * - Weak encryption algorithms (DES, RC4, ECB mode)
+ * - Hardcoded cryptographic keys
+ * - Insecure random number generation
+ * - Missing TLS/SSL or weak configuration
+ */
+/**
+ * OWASP A02 - Cryptographic Failures
+ */
+export const owaspA02CryptographicFailures = {
+    id: 'owasp-a02-cryptographic-failures',
+    name: 'OWASP A02:2021 - Cryptographic Failures',
+    description: 'Detects weak cryptographic implementations, insecure algorithms, and improper key management',
+    defaultSeverity: 'critical',
+    detectionMethod: 'pattern-match',
+    tags: ['owasp', 'cryptography', 'encryption', 'hashing', 'security'],
+    owasp: ['A02:2021'],
+    cwe: ['261', '310', '326', '327', '328', '330', '338', '759', '760'],
+    references: [
+        { title: 'OWASP A02:2021 - Cryptographic Failures', url: 'https://owasp.org/Top10/A02_2021-Cryptographic_Failures/' },
+        { title: 'CWE-310: Cryptographic Issues', url: 'https://cwe.mitre.org/data/definitions/310.html' },
+    ],
+    async analyze(context) {
+        const findings = [];
+        const sourceFile = context.sourceFile;
+        if (!sourceFile)
+            return findings;
+        // Check for weak hash algorithms
+        checkWeakHashAlgorithms(context, findings);
+        // Check for weak encryption algorithms
+        checkWeakEncryption(context, findings);
+        // Check for hardcoded keys
+        checkHardcodedKeys(context, findings);
+        // Check for insecure random
+        checkInsecureRandom(context, findings);
+        // Check for insecure TLS configuration
+        checkInsecureTLS(context, findings);
+        // Check for sensitive data exposure
+        checkSensitiveDataExposure(context, findings);
+        return findings;
+    },
+};
+/**
+ * Check for weak hash algorithms
+ */
+function checkWeakHashAlgorithms(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    const weakHashPatterns = [
+        { pattern: /createHash\s*\(\s*['"`]md5['"`]\s*\)/gi, algo: 'MD5', severity: 'high' },
+        { pattern: /createHash\s*\(\s*['"`]sha1['"`]\s*\)/gi, algo: 'SHA1', severity: 'medium' },
+        { pattern: /md5\s*\(/gi, algo: 'MD5', severity: 'high' },
+        { pattern: /sha1\s*\(/gi, algo: 'SHA1', severity: 'medium' },
+        { pattern: /['"`]MD5['"`]/gi, algo: 'MD5', severity: 'high' },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, algo, severity } of weakHashPatterns) {
+            pattern.lastIndex = 0;
+            if (pattern.test(line)) {
+                findings.push({
+                    id: `owasp-a02-hash-${findings.length + 1}`,
+                    ruleId: 'owasp-a02-cryptographic-failures',
+                    severity,
+                    message: `Weak hash algorithm ${algo} detected - vulnerable to collision attacks`,
+                    location: {
+                        file: context.filePath,
+                        startLine: lineNum + 1,
+                        endLine: lineNum + 1,
+                        startColumn: 0,
+                        endColumn: line.length,
+                    },
+                    suggestion: {
+                        description: 'Use a strong hash algorithm',
+                        example: `// For passwords: use bcrypt, scrypt, or Argon2
+// For integrity: use SHA-256 or SHA-3
+const hash = crypto.createHash('sha256').update(data).digest('hex');`,
+                    },
+                });
+                break;
+            }
+        }
+    }
+}
+/**
+ * Check for weak encryption algorithms
+ */
+function checkWeakEncryption(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    const weakCryptoPatterns = [
+        { pattern: /['"`]des['"`]/gi, algo: 'DES', severity: 'critical' },
+        { pattern: /['"`]3des['"`]/gi, algo: '3DES', severity: 'high' },
+        { pattern: /['"`]rc4['"`]/gi, algo: 'RC4', severity: 'critical' },
+        { pattern: /['"`]aes-\d+-ecb['"`]/gi, algo: 'AES-ECB', severity: 'high' },
+        { pattern: /['"`]blowfish['"`]/gi, algo: 'Blowfish', severity: 'medium' },
+        { pattern: /createCipher\s*\(/gi, algo: 'deprecated createCipher', severity: 'high' },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, algo, severity } of weakCryptoPatterns) {
+            pattern.lastIndex = 0;
+            if (pattern.test(line)) {
+                findings.push({
+                    id: `owasp-a02-crypto-${findings.length + 1}`,
+                    ruleId: 'owasp-a02-cryptographic-failures',
+                    severity,
+                    message: `Weak or deprecated encryption algorithm ${algo} detected`,
+                    location: {
+                        file: context.filePath,
+                        startLine: lineNum + 1,
+                        endLine: lineNum + 1,
+                        startColumn: 0,
+                        endColumn: line.length,
+                    },
+                    suggestion: {
+                        description: 'Use strong encryption algorithms',
+                        example: `// Use AES-256-GCM for authenticated encryption
+const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);`,
+                    },
+                });
+                break;
+            }
+        }
+    }
+}
+/**
+ * Check for hardcoded cryptographic keys
+ */
+function checkHardcodedKeys(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    const keyPatterns = [
+        // Hardcoded key assignments
+        { pattern: /(?:const|let|var)\s+(?:secret|key|password|apiKey|api_key|privateKey|private_key)\s*=\s*['"`][^'"`]+['"`]/gi, type: 'hardcoded key' },
+        // Key in crypto operations
+        { pattern: /(?:createCipheriv|createDecipheriv|createHmac)\s*\([^,]+,\s*['"`][^'"`]+['"`]/gi, type: 'hardcoded crypto key' },
+        // JWT secret
+        { pattern: /jwt\.sign\s*\([^,]+,\s*['"`][^'"`]+['"`]/gi, type: 'hardcoded JWT secret' },
+        // Base64 encoded key (typical pattern)
+        { pattern: /['"`][A-Za-z0-9+/=]{32,}['"`]/g, type: 'potential base64 key' },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        // Skip comments and string-heavy lines that are likely not keys
+        if (line.trim().startsWith('//') || line.trim().startsWith('*'))
+            continue;
+        for (const { pattern, type } of keyPatterns) {
+            pattern.lastIndex = 0;
+            if (pattern.test(line)) {
+                findings.push({
+                    id: `owasp-a02-key-${findings.length + 1}`,
+                    ruleId: 'owasp-a02-cryptographic-failures',
+                    severity: 'critical',
+                    message: `Potential ${type} detected - never hardcode cryptographic keys`,
+                    location: {
+                        file: context.filePath,
+                        startLine: lineNum + 1,
+                        endLine: lineNum + 1,
+                        startColumn: 0,
+                        endColumn: line.length,
+                    },
+                    suggestion: {
+                        description: 'Use environment variables or a secrets manager',
+                        example: `// Use environment variables:
+const secret = process.env.JWT_SECRET;
+// Or use a secrets manager like AWS Secrets Manager, HashiCorp Vault`,
+                    },
+                });
+                break;
+            }
+        }
+    }
+}
+/**
+ * Check for insecure random number generation
+ */
+function checkInsecureRandom(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    const insecureRandomPatterns = [
+        { pattern: /Math\.random\s*\(\s*\)/gi, type: 'Math.random()' },
+        { pattern: /Date\.now\s*\(\s*\)/gi, type: 'Date.now() as seed' },
+        { pattern: /new\s+Date\s*\(\s*\)\.getTime\s*\(\s*\)/gi, type: 'timestamp as seed' },
+    ];
+    // Check if used in security context
+    const securityContextPatterns = [
+        /token/i,
+        /secret/i,
+        /password/i,
+        /key/i,
+        /salt/i,
+        /nonce/i,
+        /iv/i,
+        /session/i,
+        /auth/i,
+        /csrf/i,
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, type } of insecureRandomPatterns) {
+            pattern.lastIndex = 0;
+            if (pattern.test(line)) {
+                // Check if it's in a security context
+                const surroundingCode = lines.slice(Math.max(0, lineNum - 3), lineNum + 3).join('\n');
+                if (securityContextPatterns.some(p => p.test(surroundingCode))) {
+                    findings.push({
+                        id: `owasp-a02-random-${findings.length + 1}`,
+                        ruleId: 'owasp-a02-cryptographic-failures',
+                        severity: 'high',
+                        message: `Insecure random generator ${type} used in security context`,
+                        location: {
+                            file: context.filePath,
+                            startLine: lineNum + 1,
+                            endLine: lineNum + 1,
+                            startColumn: 0,
+                            endColumn: line.length,
+                        },
+                        suggestion: {
+                            description: 'Use cryptographically secure random',
+                            example: `// Use crypto.randomBytes() or crypto.randomUUID()
+const token = crypto.randomBytes(32).toString('hex');
+const uuid = crypto.randomUUID();`,
+                        },
+                    });
+                }
+                break;
+            }
+        }
+    }
+}
+/**
+ * Check for insecure TLS/SSL configuration
+ */
+function checkInsecureTLS(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    const insecureTLSPatterns = [
+        { pattern: /rejectUnauthorized\s*:\s*false/gi, issue: 'TLS certificate validation disabled' },
+        { pattern: /secureProtocol\s*:\s*['"`]SSLv3['"`]/gi, issue: 'SSLv3 protocol (vulnerable)' },
+        { pattern: /secureProtocol\s*:\s*['"`]TLSv1_method['"`]/gi, issue: 'TLS 1.0 protocol (deprecated)' },
+        { pattern: /minVersion\s*:\s*['"`]TLSv1['"`]/gi, issue: 'TLS 1.0 minimum (deprecated)' },
+        { pattern: /NODE_TLS_REJECT_UNAUTHORIZED\s*=\s*['"`]0['"`]/gi, issue: 'Global TLS rejection disabled' },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, issue } of insecureTLSPatterns) {
+            pattern.lastIndex = 0;
+            if (pattern.test(line)) {
+                findings.push({
+                    id: `owasp-a02-tls-${findings.length + 1}`,
+                    ruleId: 'owasp-a02-cryptographic-failures',
+                    severity: 'critical',
+                    message: `Insecure TLS configuration: ${issue}`,
+                    location: {
+                        file: context.filePath,
+                        startLine: lineNum + 1,
+                        endLine: lineNum + 1,
+                        startColumn: 0,
+                        endColumn: line.length,
+                    },
+                    suggestion: {
+                        description: 'Use secure TLS configuration',
+                        example: `// Use TLS 1.2+ with certificate validation
+const options = {
+  minVersion: 'TLSv1.2',
+  rejectUnauthorized: true
+};`,
+                    },
+                });
+                break;
+            }
+        }
+    }
+}
+/**
+ * Check for sensitive data exposure
+ */
+function checkSensitiveDataExposure(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    const sensitiveDataPatterns = [
+        // Logging sensitive data
+        { pattern: /console\.log\s*\([^)]*(?:password|secret|token|key|credential)/gi, issue: 'Logging sensitive data' },
+        // Storing password in plain text
+        { pattern: /password\s*[:=]\s*(?:req\.body|req\.query)\.password(?!\s*&&|\s*\?)/gi, issue: 'Password not hashed before storage' },
+        // Sensitive data in URL
+        { pattern: /['"`][^'"`]*\?[^'"`]*(?:password|token|key)=/gi, issue: 'Sensitive data in URL query string' },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, issue } of sensitiveDataPatterns) {
+            pattern.lastIndex = 0;
+            if (pattern.test(line)) {
+                findings.push({
+                    id: `owasp-a02-exposure-${findings.length + 1}`,
+                    ruleId: 'owasp-a02-cryptographic-failures',
+                    severity: 'high',
+                    message: `Potential sensitive data exposure: ${issue}`,
+                    location: {
+                        file: context.filePath,
+                        startLine: lineNum + 1,
+                        endLine: lineNum + 1,
+                        startColumn: 0,
+                        endColumn: line.length,
+                    },
+                    suggestion: {
+                        description: 'Protect sensitive data',
+                        example: `// Encrypt sensitive data:
+const encrypted = await encrypt(sensitiveData);
+// Never log passwords or tokens
+// Use POST body instead of URL for sensitive data`,
+                    },
+                });
+                break;
+            }
+        }
+    }
+}
+export default owaspA02CryptographicFailures;
+//# sourceMappingURL=a02-cryptographic-failures.js.map

package/dist/rules/owasp/a02-cryptographic-failures.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"a02-cryptographic-failures.js","sourceRoot":"","sources":["../../../src/rules/owasp/a02-cryptographic-failures.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAiB;IACzD,EAAE,EAAE,kCAAkC;IACtC,IAAI,EAAE,yCAAyC;IAC/C,WAAW,EAAE,8FAA8F;IAC3G,eAAe,EAAE,UAAU;IAC3B,eAAe,EAAE,eAAe;IAChC,IAAI,EAAE,CAAC,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,SAAS,EAAE,UAAU,CAAC;IACpE,KAAK,EAAE,CAAC,UAAU,CAAC;IACnB,GAAG,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;IACpE,UAAU,EAAE;QACV,EAAE,KAAK,EAAE,yCAAyC,EAAE,GAAG,EAAE,0DAA0D,EAAE;QACrH,EAAE,KAAK,EAAE,+BAA+B,EAAE,GAAG,EAAE,iDAAiD,EAAE;KACnG;IAED,KAAK,CAAC,OAAO,CAAC,OAAoB;QAChC,MAAM,QAAQ,GAAkB,EAAE,CAAC;QACnC,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QACtC,IAAI,CAAC,UAAU;YAAE,OAAO,QAAQ,CAAC;QAEjC,iCAAiC;QACjC,uBAAuB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE3C,uCAAuC;QACvC,mBAAmB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAEvC,2BAA2B;QAC3B,kBAAkB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAEtC,4BAA4B;QAC5B,mBAAmB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAEvC,uCAAuC;QACvC,gBAAgB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAEpC,oCAAoC;QACpC,0BAA0B,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE9C,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,SAAS,uBAAuB,CAAC,OAAoB,EAAE,QAAuB;IAC5E,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,gBAAgB,GAAG;QACvB,EAAE,OAAO,EAAE,wCAAwC,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAe,EAAE;QAC7F,EAAE,OAAO,EAAE,yCAAyC,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAiB,EAAE;QACjG,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAe,EAAE;QACjE,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAiB,EAAE;QACrE,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAe,EAAE;KACvE,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,gBAAgB,EAAE,CAAC;YAC3D,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,kBAAkB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBAC3C,MAAM,EAAE,kCAAkC;oBAC1C,QAAQ;oBACR,OAAO,EAAE,uBAAuB,IAAI,6CAA6C;oBACjF,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,SAAS,EAAE,OAAO,GAAG,CAAC;wBACtB,OAAO,EAAE,OAAO,GAAG,CAAC;wBACpB,WAAW,EAAE,CAAC;wBACd,SAAS,EAAE,IAAI,CAAC,MAAM;qBACvB;oBACD,UAAU,EAAE;wBACV,WAAW,EAAE,6BAA6B;wBAC1C,OAAO,EAAE;;qEAEgD;qBAC1D;iBACF,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,OAAoB,EAAE,QAAuB;IACxE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,kBAAkB,GAAG;QACzB,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,UAAmB,EAAE;QAC1E,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAe,EAAE;QACxE,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,UAAmB,EAAE;QAC1E,EAAE,OAAO,EAAE,yBAAyB,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAe,EAAE;QAClF,EAAE,OAAO,EAAE,sBAAsB,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAiB,EAAE;QAClF,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,yBAAyB,EAAE,QAAQ,EAAE,MAAe,EAAE;KAC/F,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,kBAAkB,EAAE,CAAC;YAC7D,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,oBAAoB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBAC7C,MAAM,EAAE,kCAAkC;oBAC1C,QAAQ;oBACR,OAAO,EAAE,2CAA2C,IAAI,WAAW;oBACnE,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,SAAS,EAAE,OAAO,GAAG,CAAC;wBACtB,OAAO,EAAE,OAAO,GAAG,CAAC;wBACpB,WAAW,EAAE,CAAC;wBACd,SAAS,EAAE,IAAI,CAAC,MAAM;qBACvB;oBACD,UAAU,EAAE;wBACV,WAAW,EAAE,kCAAkC;wBAC/C,OAAO,EAAE;8DACyC;qBACnD;iBACF,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,OAAoB,EAAE,QAAuB;IACvE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,WAAW,GAAG;QAClB,4BAA4B;QAC5B,EAAE,OAAO,EAAE,6GAA6G,EAAE,IAAI,EAAE,eAAe,EAAE;QACjJ,2BAA2B;QAC3B,EAAE,OAAO,EAAE,iFAAiF,EAAE,IAAI,EAAE,sBAAsB,EAAE;QAC5H,aAAa;QACb,EAAE,OAAO,EAAE,4CAA4C,EAAE,IAAI,EAAE,sBAAsB,EAAE;QACvF,uCAAuC;QACvC,EAAE,OAAO,EAAE,gCAAgC,EAAE,IAAI,EAAE,sBAAsB,EAAE;KAC5E,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,gEAAgE;QAChE,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAE1E,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,WAAW,EAAE,CAAC;YAC5C,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,iBAAiB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBAC1C,MAAM,EAAE,kCAAkC;oBAC1C,QAAQ,EAAE,UAAU;oBACpB,OAAO,EAAE,aAAa,IAAI,+CAA+C;oBACzE,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,SAAS,EAAE,OAAO,GAAG,CAAC;wBACtB,OAAO,EAAE,OAAO,GAAG,CAAC;wBACpB,WAAW,EAAE,CAAC;wBACd,SAAS,EAAE,IAAI,CAAC,MAAM;qBACvB;oBACD,UAAU,EAAE;wBACV,WAAW,EAAE,gDAAgD;wBAC7D,OAAO,EAAE;;sEAEiD;qBAC3D;iBACF,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,OAAoB,EAAE,QAAuB;IACxE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,sBAAsB,GAAG;QAC7B,EAAE,OAAO,EAAE,0BAA0B,EAAE,IAAI,EAAE,eAAe,EAAE;QAC9D,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,oBAAoB,EAAE;QAChE,EAAE,OAAO,EAAE,2CAA2C,EAAE,IAAI,EAAE,mBAAmB,EAAE;KACpF,CAAC;IAEF,oCAAoC;IACpC,MAAM,uBAAuB,GAAG;QAC9B,QAAQ;QACR,SAAS;QACT,WAAW;QACX,MAAM;QACN,OAAO;QACP,QAAQ;QACR,KAAK;QACL,UAAU;QACV,OAAO;QACP,OAAO;KACR,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,sBAAsB,EAAE,CAAC;YACvD,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,sCAAsC;gBACtC,MAAM,eAAe,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEtF,IAAI,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC;oBAC/D,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,oBAAoB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;wBAC7C,MAAM,EAAE,kCAAkC;wBAC1C,QAAQ,EAAE,MAAM;wBAChB,OAAO,EAAE,6BAA6B,IAAI,2BAA2B;wBACrE,QAAQ,EAAE;4BACR,IAAI,EAAE,OAAO,CAAC,QAAQ;4BACtB,SAAS,EAAE,OAAO,GAAG,CAAC;4BACtB,OAAO,EAAE,OAAO,GAAG,CAAC;4BACpB,WAAW,EAAE,CAAC;4BACd,SAAS,EAAE,IAAI,CAAC,MAAM;yBACvB;wBACD,UAAU,EAAE;4BACV,WAAW,EAAE,qCAAqC;4BAClD,OAAO,EAAE;;kCAEW;yBACrB;qBACF,CAAC,CAAC;gBACL,CAAC;gBACD,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,OAAoB,EAAE,QAAuB;IACrE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,mBAAmB,GAAG;QAC1B,EAAE,OAAO,EAAE,kCAAkC,EAAE,KAAK,EAAE,qCAAqC,EAAE;QAC7F,EAAE,OAAO,EAAE,wCAAwC,EAAE,KAAK,EAAE,6BAA6B,EAAE;QAC3F,EAAE,OAAO,EAAE,+CAA+C,EAAE,KAAK,EAAE,+BAA+B,EAAE;QACpG,EAAE,OAAO,EAAE,oCAAoC,EAAE,KAAK,EAAE,8BAA8B,EAAE;QACxF,EAAE,OAAO,EAAE,kDAAkD,EAAE,KAAK,EAAE,+BAA+B,EAAE;KACxG,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,mBAAmB,EAAE,CAAC;YACrD,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,iBAAiB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBAC1C,MAAM,EAAE,kCAAkC;oBAC1C,QAAQ,EAAE,UAAU;oBACpB,OAAO,EAAE,+BAA+B,KAAK,EAAE;oBAC/C,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,SAAS,EAAE,OAAO,GAAG,CAAC;wBACtB,OAAO,EAAE,OAAO,GAAG,CAAC;wBACpB,WAAW,EAAE,CAAC;wBACd,SAAS,EAAE,IAAI,CAAC,MAAM;qBACvB;oBACD,UAAU,EAAE;wBACV,WAAW,EAAE,8BAA8B;wBAC3C,OAAO,EAAE;;;;GAIlB;qBACQ;iBACF,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,0BAA0B,CAAC,OAAoB,EAAE,QAAuB;IAC/E,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,qBAAqB,GAAG;QAC5B,yBAAyB;QACzB,EAAE,OAAO,EAAE,kEAAkE,EAAE,KAAK,EAAE,wBAAwB,EAAE;QAChH,iCAAiC;QACjC,EAAE,OAAO,EAAE,uEAAuE,EAAE,KAAK,EAAE,oCAAoC,EAAE;QACjI,wBAAwB;QACxB,EAAE,OAAO,EAAE,gDAAgD,EAAE,KAAK,EAAE,oCAAoC,EAAE;KAC3G,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,qBAAqB,EAAE,CAAC;YACvD,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,sBAAsB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBAC/C,MAAM,EAAE,kCAAkC;oBAC1C,QAAQ,EAAE,MAAM;oBAChB,OAAO,EAAE,sCAAsC,KAAK,EAAE;oBACtD,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,SAAS,EAAE,OAAO,GAAG,CAAC;wBACtB,OAAO,EAAE,OAAO,GAAG,CAAC;wBACpB,WAAW,EAAE,CAAC;wBACd,SAAS,EAAE,IAAI,CAAC,MAAM;qBACvB;oBACD,UAAU,EAAE;wBACV,WAAW,EAAE,wBAAwB;wBACrC,OAAO,EAAE;;;mDAG8B;qBACxC;iBACF,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,eAAe,6BAA6B,CAAC"}

package/dist/rules/owasp/a03-injection.d.ts

@@ -0,0 +1,21 @@
+/**
+ * @fileoverview OWASP A03:2021 - Injection Rule
+ * @module @nahisaho/musubix-security/rules/owasp/a03-injection
+ * @trace TSK-RULE-003
+ *
+ * Detects:
+ * - SQL Injection
+ * - NoSQL Injection
+ * - Command Injection
+ * - Code Injection (eval)
+ * - Template Injection
+ *
+ * Uses taint analysis when available for improved accuracy.
+ */
+import type { SecurityRule } from '../types.js';
+/**
+ * OWASP A03 - Injection
+ */
+export declare const owaspA03Injection: SecurityRule;
+export default owaspA03Injection;
+//# sourceMappingURL=a03-injection.d.ts.map

package/dist/rules/owasp/a03-injection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"a03-injection.d.ts","sourceRoot":"","sources":["../../../src/rules/owasp/a03-injection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,YAAY,EAA4B,MAAM,aAAa,CAAC;AAE1E;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,YAiC/B,CAAC;AAgUF,eAAe,iBAAiB,CAAC"}