@nahisaho/musubix-security 2.0.1 → 2.1.1

package/dist/rules/owasp/a08-integrity-failures.js

@@ -0,0 +1,306 @@
+/**
+ * @fileoverview OWASP A08:2021 - Software and Data Integrity Failures
+ * @module @nahisaho/musubix-security/rules/owasp/a08
+ * @trace REQ-SEC-OWASP-008
+ */
+/**
+ * OWASP A08:2021 - Software and Data Integrity Failures
+ *
+ * Detects:
+ * - Insecure deserialization
+ * - Missing integrity verification
+ * - Untrusted CI/CD pipelines
+ * - Auto-update vulnerabilities
+ */
+export const owaspA08IntegrityFailures = {
+    id: 'owasp-a08-integrity-failures',
+    name: 'OWASP A08:2021 - Software and Data Integrity Failures',
+    description: 'Detects insecure deserialization and missing integrity verification',
+    defaultSeverity: 'critical',
+    category: 'integrity',
+    owasp: ['A08:2021'],
+    cwe: ['502', '829', '494', '915'],
+    references: [
+        {
+            title: 'OWASP A08:2021',
+            url: 'https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/',
+        },
+        {
+            title: 'CWE-502: Deserialization of Untrusted Data',
+            url: 'https://cwe.mitre.org/data/definitions/502.html',
+        },
+    ],
+    async analyze(context) {
+        const findings = [];
+        checkInsecureDeserialization(context, findings);
+        checkUnsafeJSONParse(context, findings);
+        checkMissingIntegrityChecks(context, findings);
+        checkUnsafeAutoUpdate(context, findings);
+        checkObjectInjection(context, findings);
+        return findings;
+    },
+};
+/**
+ * Check for insecure deserialization
+ */
+function checkInsecureDeserialization(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    const deserializationPatterns = [
+        // Node.js serialize
+        { pattern: /node-serialize.*unserialize|unserialize\s*\(/i, lib: 'node-serialize', issue: 'Known RCE vulnerability' },
+        { pattern: /serialize-javascript.*deserialize/i, lib: 'serialize-javascript', issue: 'Potential code execution' },
+        // YAML deserialization
+        { pattern: /yaml\.(?:load|parse)\s*\([^)]*(?:req\.|body\.|params\.)/i, lib: 'yaml', issue: 'Unsafe YAML deserialization with user input' },
+        { pattern: /js-yaml.*safeLoad.*false|yaml\.load\s*\([^,]+,\s*\{\s*schema/i, lib: 'js-yaml', issue: 'YAML deserialization with unsafe schema' },
+        // XML deserialization
+        { pattern: /xml2js.*parseString\s*\([^)]*(?:req\.|body\.)/i, lib: 'xml2js', issue: 'XML parsing of user input' },
+        // Pickle-like (if in Python-related code)
+        { pattern: /pickle\.loads?\s*\(/i, lib: 'pickle', issue: 'Unsafe pickle deserialization' },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, lib, issue } of deserializationPatterns) {
+            if (pattern.test(line)) {
+                findings.push({
+                    id: `owasp-a08-deserialize-${findings.length + 1}`,
+                    ruleId: 'owasp-a08-integrity-failures',
+                    severity: 'critical',
+                    message: `Insecure deserialization: ${lib} - ${issue}`,
+                    location: {
+                        file: context.filePath,
+                        startLine: lineNum + 1,
+                        endLine: lineNum + 1,
+                        startColumn: 0,
+                        endColumn: line.length,
+                    },
+                    cwe: ['502'],
+                    suggestion: {
+                        description: 'Use safe deserialization methods and validate input',
+                        example: `// For YAML, use safe loading:
+const yaml = require('js-yaml');
+const data = yaml.load(input, { schema: yaml.SAFE_SCHEMA });
+
+// For JSON, use JSON.parse with validation:
+const parsed = JSON.parse(input);
+if (!isValidSchema(parsed)) throw new Error('Invalid data');`,
+                    },
+                });
+                break;
+            }
+        }
+    }
+}
+/**
+ * Check for unsafe JSON.parse with user input
+ */
+function checkUnsafeJSONParse(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    const jsonPatterns = [
+        // JSON.parse of request body directly (without validation)
+        { pattern: /JSON\.parse\s*\(\s*req\.body\s*\)/i, issue: 'JSON.parse of raw request body' },
+        // JSON.parse of user-controlled string
+        { pattern: /JSON\.parse\s*\(\s*(?:userInput|input|data)\s*\)/i, issue: 'JSON.parse of potentially untrusted input' },
+        // eval-like JSON parsing
+        { pattern: /eval\s*\(\s*['"`]\s*\(\s*['"`]\s*\+/i, issue: 'eval-based parsing' },
+        // Function constructor for parsing
+        { pattern: /new\s+Function\s*\([^)]*(?:req\.|body\.|params\.)/i, issue: 'Function constructor with user input' },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, issue } of jsonPatterns) {
+            if (pattern.test(line)) {
+                // Check for validation in surrounding code
+                const surroundingCode = lines.slice(Math.max(0, lineNum - 3), lineNum + 4).join('\n');
+                const hasValidation = /(?:validate|schema|ajv|joi|zod|yup)/i.test(surroundingCode);
+                if (!hasValidation) {
+                    findings.push({
+                        id: `owasp-a08-json-${findings.length + 1}`,
+                        ruleId: 'owasp-a08-integrity-failures',
+                        severity: 'medium',
+                        message: `Unsafe JSON parsing: ${issue}`,
+                        location: {
+                            file: context.filePath,
+                            startLine: lineNum + 1,
+                            endLine: lineNum + 1,
+                            startColumn: 0,
+                            endColumn: line.length,
+                        },
+                        cwe: ['502', '20'],
+                        suggestion: {
+                            description: 'Validate JSON data after parsing',
+                            example: `// Use schema validation:
+import Ajv from 'ajv';
+const ajv = new Ajv();
+const validate = ajv.compile(schema);
+
+const data = JSON.parse(input);
+if (!validate(data)) {
+  throw new Error('Invalid data format');
+}`,
+                        },
+                    });
+                }
+                break;
+            }
+        }
+    }
+}
+/**
+ * Check for missing integrity checks
+ */
+function checkMissingIntegrityChecks(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    const integrityPatterns = [
+        // npm install without lock file check
+        { pattern: /npm\s+install(?!\s+--ignore-scripts)/i, cmdContext: true, issue: 'npm install without script safety' },
+        // curl piped to shell
+        { pattern: /curl\s+[^|]*\|\s*(?:bash|sh|zsh)/i, issue: 'curl piped to shell without verification' },
+        // wget with insecure option
+        { pattern: /wget\s+--no-check-certificate/i, issue: 'wget with certificate verification disabled' },
+        // Docker without digest
+        { pattern: /FROM\s+\S+(?!@sha256:)/i, fileContext: /dockerfile/i, issue: 'Docker image without digest verification' },
+        // Missing signature verification
+        { pattern: /download.*\{[^}]*(?!verify|signature|hash|checksum)/i, issue: 'Download without integrity verification' },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, issue, fileContext } of integrityPatterns) {
+            if (fileContext && !fileContext.test(context.filePath))
+                continue;
+            if (pattern.test(line)) {
+                findings.push({
+                    id: `owasp-a08-integrity-${findings.length + 1}`,
+                    ruleId: 'owasp-a08-integrity-failures',
+                    severity: 'high',
+                    message: `Missing integrity verification: ${issue}`,
+                    location: {
+                        file: context.filePath,
+                        startLine: lineNum + 1,
+                        endLine: lineNum + 1,
+                        startColumn: 0,
+                        endColumn: line.length,
+                    },
+                    cwe: ['494'],
+                    suggestion: {
+                        description: 'Always verify integrity of downloaded content',
+                        example: `// Verify downloads with checksums:
+const crypto = require('crypto');
+const hash = crypto.createHash('sha256');
+hash.update(downloadedContent);
+if (hash.digest('hex') !== expectedHash) {
+  throw new Error('Integrity check failed');
+}`,
+                    },
+                });
+                break;
+            }
+        }
+    }
+}
+/**
+ * Check for unsafe auto-update mechanisms
+ */
+function checkUnsafeAutoUpdate(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    const autoUpdatePatterns = [
+        // Electron auto-update without verification
+        { pattern: /autoUpdater\.(?:setFeedURL|checkForUpdates)\s*\(/i, lib: 'electron-updater', issue: 'Ensure update server uses HTTPS and signature verification' },
+        // Custom update mechanism
+        { pattern: /fetch\s*\([^)]*update|download\s*\([^)]*latest/i, issue: 'Custom update mechanism without signature verification' },
+        // Update from HTTP
+        { pattern: /['"`]http:\/\/[^'"`]*\/(?:update|download|latest)/i, issue: 'Update URL using HTTP instead of HTTPS' },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, lib, issue } of autoUpdatePatterns) {
+            if (pattern.test(line)) {
+                // Check for signature verification
+                const surroundingCode = lines.slice(Math.max(0, lineNum - 5), lineNum + 6).join('\n');
+                const hasVerification = /(?:verify|signature|checksum|hash|publicKey)/i.test(surroundingCode);
+                if (!hasVerification) {
+                    findings.push({
+                        id: `owasp-a08-update-${findings.length + 1}`,
+                        ruleId: 'owasp-a08-integrity-failures',
+                        severity: 'high',
+                        message: `Unsafe auto-update: ${lib ? `${lib} - ` : ''}${issue}`,
+                        location: {
+                            file: context.filePath,
+                            startLine: lineNum + 1,
+                            endLine: lineNum + 1,
+                            startColumn: 0,
+                            endColumn: line.length,
+                        },
+                        cwe: ['494'],
+                        suggestion: {
+                            description: 'Implement code signing and signature verification for updates',
+                            example: `// Verify update signatures:
+autoUpdater.autoInstallOnAppQuit = false;
+autoUpdater.on('update-downloaded', (info) => {
+  if (verifySignature(info.downloadedFile, publicKey)) {
+    autoUpdater.quitAndInstall();
+  }
+});`,
+                        },
+                    });
+                }
+                break;
+            }
+        }
+    }
+}
+/**
+ * Check for object injection vulnerabilities
+ */
+function checkObjectInjection(context, findings) {
+    const sourceCode = context.sourceCode;
+    const lines = sourceCode.split('\n');
+    const objectInjectionPatterns = [
+        // Object spread with user input
+        { pattern: /\{\s*\.\.\.(?:req\.body|req\.params|req\.query)\s*\}/i, issue: 'Object spread with unvalidated user input' },
+        // Object.assign with user input
+        { pattern: /Object\.assign\s*\([^)]*(?:req\.body|req\.params|req\.query)/i, issue: 'Object.assign with user input' },
+        // Dynamic property access
+        { pattern: /\[\s*req\.(?:body|params|query)\.\w+\s*\]/i, issue: 'Dynamic property access with user input' },
+        // __proto__ manipulation risk
+        { pattern: /\[['"`]?__proto__|prototype\[/i, issue: 'Prototype pollution risk' },
+    ];
+    for (let lineNum = 0; lineNum < lines.length; lineNum++) {
+        const line = lines[lineNum];
+        for (const { pattern, issue } of objectInjectionPatterns) {
+            if (pattern.test(line)) {
+                findings.push({
+                    id: `owasp-a08-object-${findings.length + 1}`,
+                    ruleId: 'owasp-a08-integrity-failures',
+                    severity: 'high',
+                    message: `Object injection vulnerability: ${issue}`,
+                    location: {
+                        file: context.filePath,
+                        startLine: lineNum + 1,
+                        endLine: lineNum + 1,
+                        startColumn: 0,
+                        endColumn: line.length,
+                    },
+                    cwe: ['915', '1321'],
+                    suggestion: {
+                        description: 'Use allowlists and explicit property access',
+                        example: `// Use explicit property access with allowlist:
+const allowedFields = ['name', 'email', 'age'];
+const sanitized = {};
+for (const key of allowedFields) {
+  if (req.body[key] !== undefined) {
+    sanitized[key] = req.body[key];
+  }
+}`,
+                    },
+                });
+                break;
+            }
+        }
+    }
+}
+export default owaspA08IntegrityFailures;
+//# sourceMappingURL=a08-integrity-failures.js.map

package/dist/rules/owasp/a08-integrity-failures.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"a08-integrity-failures.js","sourceRoot":"","sources":["../../../src/rules/owasp/a08-integrity-failures.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAiB;IACrD,EAAE,EAAE,8BAA8B;IAClC,IAAI,EAAE,uDAAuD;IAC7D,WAAW,EAAE,qEAAqE;IAClF,eAAe,EAAE,UAAU;IAC3B,QAAQ,EAAE,WAAW;IACrB,KAAK,EAAE,CAAC,UAAU,CAAC;IACnB,GAAG,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;IACjC,UAAU,EAAE;QACV;YACE,KAAK,EAAE,gBAAgB;YACvB,GAAG,EAAE,wEAAwE;SAC9E;QACD;YACE,KAAK,EAAE,4CAA4C;YACnD,GAAG,EAAE,iDAAiD;SACvD;KACiB;IAEpB,KAAK,CAAC,OAAO,CAAC,OAAoB;QAChC,MAAM,QAAQ,GAAkB,EAAE,CAAC;QAEnC,4BAA4B,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAChD,oBAAoB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACxC,2BAA2B,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC/C,qBAAqB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACzC,oBAAoB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAExC,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,SAAS,4BAA4B,CAAC,OAAoB,EAAE,QAAuB;IACjF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,uBAAuB,GAAG;QAC9B,oBAAoB;QACpB,EAAE,OAAO,EAAE,+CAA+C,EAAE,GAAG,EAAE,gBAAgB,EAAE,KAAK,EAAE,yBAAyB,EAAE;QACrH,EAAE,OAAO,EAAE,oCAAoC,EAAE,GAAG,EAAE,sBAAsB,EAAE,KAAK,EAAE,0BAA0B,EAAE;QACjH,uBAAuB;QACvB,EAAE,OAAO,EAAE,0DAA0D,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,6CAA6C,EAAE;QAC1I,EAAE,OAAO,EAAE,+DAA+D,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,yCAAyC,EAAE;QAC9I,sBAAsB;QACtB,EAAE,OAAO,EAAE,gDAAgD,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,2BAA2B,EAAE;QAChH,0CAA0C;QAC1C,EAAE,OAAO,EAAE,sBAAsB,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,+BAA+B,EAAE;KAC3F,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,uBAAuB,EAAE,CAAC;YAC9D,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,yBAAyB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBAClD,MAAM,EAAE,8BAA8B;oBACtC,QAAQ,EAAE,UAAU;oBACpB,OAAO,EAAE,6BAA6B,GAAG,MAAM,KAAK,EAAE;oBACtD,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,SAAS,EAAE,OAAO,GAAG,CAAC;wBACtB,OAAO,EAAE,OAAO,GAAG,CAAC;wBACpB,WAAW,EAAE,CAAC;wBACd,SAAS,EAAE,IAAI,CAAC,MAAM;qBACvB;oBACD,GAAG,EAAE,CAAC,KAAK,CAAC;oBACZ,UAAU,EAAE;wBACV,WAAW,EAAE,qDAAqD;wBAClE,OAAO,EAAE;;;;;;6DAMwC;qBAClD;iBACF,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,OAAoB,EAAE,QAAuB;IACzE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,YAAY,GAAG;QACnB,2DAA2D;QAC3D,EAAE,OAAO,EAAE,oCAAoC,EAAE,KAAK,EAAE,gCAAgC,EAAE;QAC1F,uCAAuC;QACvC,EAAE,OAAO,EAAE,mDAAmD,EAAE,KAAK,EAAE,2CAA2C,EAAE;QACpH,yBAAyB;QACzB,EAAE,OAAO,EAAE,sCAAsC,EAAE,KAAK,EAAE,oBAAoB,EAAE;QAChF,mCAAmC;QACnC,EAAE,OAAO,EAAE,oDAAoD,EAAE,KAAK,EAAE,sCAAsC,EAAE;KACjH,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,YAAY,EAAE,CAAC;YAC9C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,2CAA2C;gBAC3C,MAAM,eAAe,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACtF,MAAM,aAAa,GAAG,sCAAsC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;gBAEnF,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnB,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,kBAAkB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;wBAC3C,MAAM,EAAE,8BAA8B;wBACtC,QAAQ,EAAE,QAAQ;wBAClB,OAAO,EAAE,wBAAwB,KAAK,EAAE;wBACxC,QAAQ,EAAE;4BACR,IAAI,EAAE,OAAO,CAAC,QAAQ;4BACtB,SAAS,EAAE,OAAO,GAAG,CAAC;4BACtB,OAAO,EAAE,OAAO,GAAG,CAAC;4BACpB,WAAW,EAAE,CAAC;4BACd,SAAS,EAAE,IAAI,CAAC,MAAM;yBACvB;wBACD,GAAG,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC;wBAClB,UAAU,EAAE;4BACV,WAAW,EAAE,kCAAkC;4BAC/C,OAAO,EAAE;;;;;;;;EAQrB;yBACW;qBACF,CAAC,CAAC;gBACL,CAAC;gBACD,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,2BAA2B,CAAC,OAAoB,EAAE,QAAuB;IAChF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,iBAAiB,GAAG;QACxB,sCAAsC;QACtC,EAAE,OAAO,EAAE,uCAAuC,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,mCAAmC,EAAE;QAClH,sBAAsB;QACtB,EAAE,OAAO,EAAE,mCAAmC,EAAE,KAAK,EAAE,0CAA0C,EAAE;QACnG,4BAA4B;QAC5B,EAAE,OAAO,EAAE,gCAAgC,EAAE,KAAK,EAAE,6CAA6C,EAAE;QACnG,wBAAwB;QACxB,EAAE,OAAO,EAAE,yBAAyB,EAAE,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,0CAA0C,EAAE;QACrH,iCAAiC;QACjC,EAAE,OAAO,EAAE,sDAAsD,EAAE,KAAK,EAAE,yCAAyC,EAAE;KACtH,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,iBAAiB,EAAE,CAAC;YAChE,IAAI,WAAW,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAEjE,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,uBAAuB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBAChD,MAAM,EAAE,8BAA8B;oBACtC,QAAQ,EAAE,MAAM;oBAChB,OAAO,EAAE,mCAAmC,KAAK,EAAE;oBACnD,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,SAAS,EAAE,OAAO,GAAG,CAAC;wBACtB,OAAO,EAAE,OAAO,GAAG,CAAC;wBACpB,WAAW,EAAE,CAAC;wBACd,SAAS,EAAE,IAAI,CAAC,MAAM;qBACvB;oBACD,GAAG,EAAE,CAAC,KAAK,CAAC;oBACZ,UAAU,EAAE;wBACV,WAAW,EAAE,+CAA+C;wBAC5D,OAAO,EAAE;;;;;;EAMnB;qBACS;iBACF,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,OAAoB,EAAE,QAAuB;IAC1E,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,kBAAkB,GAAG;QACzB,4CAA4C;QAC5C,EAAE,OAAO,EAAE,mDAAmD,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,4DAA4D,EAAE;QAC9J,0BAA0B;QAC1B,EAAE,OAAO,EAAE,iDAAiD,EAAE,KAAK,EAAE,wDAAwD,EAAE;QAC/H,mBAAmB;QACnB,EAAE,OAAO,EAAE,oDAAoD,EAAE,KAAK,EAAE,wCAAwC,EAAE;KACnH,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,kBAAkB,EAAE,CAAC;YACzD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,mCAAmC;gBACnC,MAAM,eAAe,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACtF,MAAM,eAAe,GAAG,+CAA+C,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;gBAE9F,IAAI,CAAC,eAAe,EAAE,CAAC;oBACrB,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,oBAAoB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;wBAC7C,MAAM,EAAE,8BAA8B;wBACtC,QAAQ,EAAE,MAAM;wBAChB,OAAO,EAAE,uBAAuB,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,KAAK,EAAE;wBAChE,QAAQ,EAAE;4BACR,IAAI,EAAE,OAAO,CAAC,QAAQ;4BACtB,SAAS,EAAE,OAAO,GAAG,CAAC;4BACtB,OAAO,EAAE,OAAO,GAAG,CAAC;4BACpB,WAAW,EAAE,CAAC;4BACd,SAAS,EAAE,IAAI,CAAC,MAAM;yBACvB;wBACD,GAAG,EAAE,CAAC,KAAK,CAAC;wBACZ,UAAU,EAAE;4BACV,WAAW,EAAE,+DAA+D;4BAC5E,OAAO,EAAE;;;;;;IAMnB;yBACS;qBACF,CAAC,CAAC;gBACL,CAAC;gBACD,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,OAAoB,EAAE,QAAuB;IACzE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,MAAM,uBAAuB,GAAG;QAC9B,gCAAgC;QAChC,EAAE,OAAO,EAAE,uDAAuD,EAAE,KAAK,EAAE,2CAA2C,EAAE;QACxH,gCAAgC;QAChC,EAAE,OAAO,EAAE,+DAA+D,EAAE,KAAK,EAAE,+BAA+B,EAAE;QACpH,0BAA0B;QAC1B,EAAE,OAAO,EAAE,4CAA4C,EAAE,KAAK,EAAE,yCAAyC,EAAE;QAC3G,8BAA8B;QAC9B,EAAE,OAAO,EAAE,gCAAgC,EAAE,KAAK,EAAE,0BAA0B,EAAE;KACjF,CAAC;IAEF,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,uBAAuB,EAAE,CAAC;YACzD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,oBAAoB,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;oBAC7C,MAAM,EAAE,8BAA8B;oBACtC,QAAQ,EAAE,MAAM;oBAChB,OAAO,EAAE,mCAAmC,KAAK,EAAE;oBACnD,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO,CAAC,QAAQ;wBACtB,SAAS,EAAE,OAAO,GAAG,CAAC;wBACtB,OAAO,EAAE,OAAO,GAAG,CAAC;wBACpB,WAAW,EAAE,CAAC;wBACd,SAAS,EAAE,IAAI,CAAC,MAAM;qBACvB;oBACD,GAAG,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC;oBACpB,UAAU,EAAE;wBACV,WAAW,EAAE,6CAA6C;wBAC1D,OAAO,EAAE;;;;;;;EAOnB;qBACS;iBACF,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,eAAe,yBAAyB,CAAC"}

package/dist/rules/owasp/a09-logging-failures.d.ts

@@ -0,0 +1,18 @@
+/**
+ * @fileoverview OWASP A09:2021 - Security Logging and Monitoring Failures
+ * @module @nahisaho/musubix-security/rules/owasp/a09
+ * @trace REQ-SEC-OWASP-009
+ */
+import type { SecurityRule } from '../types.js';
+/**
+ * OWASP A09:2021 - Security Logging and Monitoring Failures
+ *
+ * Detects:
+ * - Missing security event logging
+ * - Sensitive data in logs
+ * - Insufficient log detail
+ * - Missing log integrity protection
+ */
+export declare const owaspA09LoggingFailures: SecurityRule;
+export default owaspA09LoggingFailures;
+//# sourceMappingURL=a09-logging-failures.d.ts.map

package/dist/rules/owasp/a09-logging-failures.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"a09-logging-failures.d.ts","sourceRoot":"","sources":["../../../src/rules/owasp/a09-logging-failures.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,YAAY,EAA2C,MAAM,aAAa,CAAC;AAEzF;;;;;;;;GAQG;AACH,eAAO,MAAM,uBAAuB,EAAE,YA8BrC,CAAC;AA8UF,eAAe,uBAAuB,CAAC"}