@nahisaho/musubix-security 2.0.1 → 2.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/analysis/enhanced-taint-analyzer.d.ts +120 -0
- package/dist/analysis/enhanced-taint-analyzer.d.ts.map +1 -0
- package/dist/analysis/enhanced-taint-analyzer.js +450 -0
- package/dist/analysis/enhanced-taint-analyzer.js.map +1 -0
- package/dist/analysis/index.d.ts +1 -0
- package/dist/analysis/index.d.ts.map +1 -1
- package/dist/analysis/index.js +1 -0
- package/dist/analysis/index.js.map +1 -1
- package/dist/analysis/interprocedural/call-graph-builder.d.ts +192 -0
- package/dist/analysis/interprocedural/call-graph-builder.d.ts.map +1 -0
- package/dist/analysis/interprocedural/call-graph-builder.js +510 -0
- package/dist/analysis/interprocedural/call-graph-builder.js.map +1 -0
- package/dist/analysis/interprocedural/dfg-adapter.d.ts +166 -0
- package/dist/analysis/interprocedural/dfg-adapter.d.ts.map +1 -0
- package/dist/analysis/interprocedural/dfg-adapter.js +455 -0
- package/dist/analysis/interprocedural/dfg-adapter.js.map +1 -0
- package/dist/analysis/interprocedural/index.d.ts +9 -0
- package/dist/analysis/interprocedural/index.d.ts.map +1 -0
- package/dist/analysis/interprocedural/index.js +9 -0
- package/dist/analysis/interprocedural/index.js.map +1 -0
- package/dist/analysis/interprocedural/taint-propagator.d.ts +250 -0
- package/dist/analysis/interprocedural/taint-propagator.d.ts.map +1 -0
- package/dist/analysis/interprocedural/taint-propagator.js +435 -0
- package/dist/analysis/interprocedural/taint-propagator.js.map +1 -0
- package/dist/analysis/sanitizers/command-sanitizers.d.ts +12 -0
- package/dist/analysis/sanitizers/command-sanitizers.d.ts.map +1 -0
- package/dist/analysis/sanitizers/command-sanitizers.js +123 -0
- package/dist/analysis/sanitizers/command-sanitizers.js.map +1 -0
- package/dist/analysis/sanitizers/html-sanitizers.d.ts +12 -0
- package/dist/analysis/sanitizers/html-sanitizers.d.ts.map +1 -0
- package/dist/analysis/sanitizers/html-sanitizers.js +213 -0
- package/dist/analysis/sanitizers/html-sanitizers.js.map +1 -0
- package/dist/analysis/sanitizers/index.d.ts +35 -0
- package/dist/analysis/sanitizers/index.d.ts.map +1 -0
- package/dist/analysis/sanitizers/index.js +59 -0
- package/dist/analysis/sanitizers/index.js.map +1 -0
- package/dist/analysis/sanitizers/path-sanitizers.d.ts +12 -0
- package/dist/analysis/sanitizers/path-sanitizers.d.ts.map +1 -0
- package/dist/analysis/sanitizers/path-sanitizers.js +163 -0
- package/dist/analysis/sanitizers/path-sanitizers.js.map +1 -0
- package/dist/analysis/sanitizers/sql-sanitizers.d.ts +12 -0
- package/dist/analysis/sanitizers/sql-sanitizers.d.ts.map +1 -0
- package/dist/analysis/sanitizers/sql-sanitizers.js +216 -0
- package/dist/analysis/sanitizers/sql-sanitizers.js.map +1 -0
- package/dist/analysis/sanitizers/types.d.ts +78 -0
- package/dist/analysis/sanitizers/types.d.ts.map +1 -0
- package/dist/analysis/sanitizers/types.js +7 -0
- package/dist/analysis/sanitizers/types.js.map +1 -0
- package/dist/analysis/sanitizers/validation-sanitizers.d.ts +12 -0
- package/dist/analysis/sanitizers/validation-sanitizers.d.ts.map +1 -0
- package/dist/analysis/sanitizers/validation-sanitizers.js +268 -0
- package/dist/analysis/sanitizers/validation-sanitizers.js.map +1 -0
- package/dist/analysis/sinks/code-eval.d.ts +12 -0
- package/dist/analysis/sinks/code-eval.d.ts.map +1 -0
- package/dist/analysis/sinks/code-eval.js +231 -0
- package/dist/analysis/sinks/code-eval.js.map +1 -0
- package/dist/analysis/sinks/command-exec.d.ts +12 -0
- package/dist/analysis/sinks/command-exec.d.ts.map +1 -0
- package/dist/analysis/sinks/command-exec.js +187 -0
- package/dist/analysis/sinks/command-exec.js.map +1 -0
- package/dist/analysis/sinks/file-operations.d.ts +12 -0
- package/dist/analysis/sinks/file-operations.d.ts.map +1 -0
- package/dist/analysis/sinks/file-operations.js +239 -0
- package/dist/analysis/sinks/file-operations.js.map +1 -0
- package/dist/analysis/sinks/html-output.d.ts +12 -0
- package/dist/analysis/sinks/html-output.d.ts.map +1 -0
- package/dist/analysis/sinks/html-output.js +256 -0
- package/dist/analysis/sinks/html-output.js.map +1 -0
- package/dist/analysis/sinks/index.d.ts +30 -0
- package/dist/analysis/sinks/index.d.ts.map +1 -0
- package/dist/analysis/sinks/index.js +46 -0
- package/dist/analysis/sinks/index.js.map +1 -0
- package/dist/analysis/sinks/sql-query.d.ts +12 -0
- package/dist/analysis/sinks/sql-query.d.ts.map +1 -0
- package/dist/analysis/sinks/sql-query.js +209 -0
- package/dist/analysis/sinks/sql-query.js.map +1 -0
- package/dist/analysis/sinks/types.d.ts +97 -0
- package/dist/analysis/sinks/types.d.ts.map +1 -0
- package/dist/analysis/sinks/types.js +7 -0
- package/dist/analysis/sinks/types.js.map +1 -0
- package/dist/analysis/sources/database.d.ts +12 -0
- package/dist/analysis/sources/database.d.ts.map +1 -0
- package/dist/analysis/sources/database.js +211 -0
- package/dist/analysis/sources/database.js.map +1 -0
- package/dist/analysis/sources/environment.d.ts +12 -0
- package/dist/analysis/sources/environment.d.ts.map +1 -0
- package/dist/analysis/sources/environment.js +158 -0
- package/dist/analysis/sources/environment.js.map +1 -0
- package/dist/analysis/sources/file-system.d.ts +12 -0
- package/dist/analysis/sources/file-system.d.ts.map +1 -0
- package/dist/analysis/sources/file-system.js +180 -0
- package/dist/analysis/sources/file-system.js.map +1 -0
- package/dist/analysis/sources/http-request.d.ts +12 -0
- package/dist/analysis/sources/http-request.d.ts.map +1 -0
- package/dist/analysis/sources/http-request.js +179 -0
- package/dist/analysis/sources/http-request.js.map +1 -0
- package/dist/analysis/sources/index.d.ts +26 -0
- package/dist/analysis/sources/index.d.ts.map +1 -0
- package/dist/analysis/sources/index.js +40 -0
- package/dist/analysis/sources/index.js.map +1 -0
- package/dist/analysis/sources/types.d.ts +93 -0
- package/dist/analysis/sources/types.d.ts.map +1 -0
- package/dist/analysis/sources/types.js +7 -0
- package/dist/analysis/sources/types.js.map +1 -0
- package/dist/analysis/sources/user-input.d.ts +12 -0
- package/dist/analysis/sources/user-input.d.ts.map +1 -0
- package/dist/analysis/sources/user-input.js +261 -0
- package/dist/analysis/sources/user-input.js.map +1 -0
- package/dist/cve/cpe-matcher.d.ts +183 -0
- package/dist/cve/cpe-matcher.d.ts.map +1 -0
- package/dist/cve/cpe-matcher.js +396 -0
- package/dist/cve/cpe-matcher.js.map +1 -0
- package/dist/cve/cve-cache.d.ts +225 -0
- package/dist/cve/cve-cache.d.ts.map +1 -0
- package/dist/cve/cve-cache.js +452 -0
- package/dist/cve/cve-cache.js.map +1 -0
- package/dist/cve/cve-cache.test.d.ts +6 -0
- package/dist/cve/cve-cache.test.d.ts.map +1 -0
- package/dist/cve/cve-cache.test.js +363 -0
- package/dist/cve/cve-cache.test.js.map +1 -0
- package/dist/cve/dependency-parser.d.ts +204 -0
- package/dist/cve/dependency-parser.d.ts.map +1 -0
- package/dist/cve/dependency-parser.js +338 -0
- package/dist/cve/dependency-parser.js.map +1 -0
- package/dist/cve/index.d.ts +20 -0
- package/dist/cve/index.d.ts.map +1 -0
- package/dist/cve/index.js +13 -0
- package/dist/cve/index.js.map +1 -0
- package/dist/cve/nvd-client.d.ts +137 -0
- package/dist/cve/nvd-client.d.ts.map +1 -0
- package/dist/cve/nvd-client.js +333 -0
- package/dist/cve/nvd-client.js.map +1 -0
- package/dist/cve/rate-limiter.d.ts +194 -0
- package/dist/cve/rate-limiter.d.ts.map +1 -0
- package/dist/cve/rate-limiter.js +276 -0
- package/dist/cve/rate-limiter.js.map +1 -0
- package/dist/cve/report-generator.d.ts +145 -0
- package/dist/cve/report-generator.d.ts.map +1 -0
- package/dist/cve/report-generator.js +377 -0
- package/dist/cve/report-generator.js.map +1 -0
- package/dist/cve/report-generator.test.d.ts +6 -0
- package/dist/cve/report-generator.test.d.ts.map +1 -0
- package/dist/cve/report-generator.test.js +275 -0
- package/dist/cve/report-generator.test.js.map +1 -0
- package/dist/cve/vulnerability-scanner.d.ts +198 -0
- package/dist/cve/vulnerability-scanner.d.ts.map +1 -0
- package/dist/cve/vulnerability-scanner.js +311 -0
- package/dist/cve/vulnerability-scanner.js.map +1 -0
- package/dist/cve/vulnerability-scanner.test.d.ts +6 -0
- package/dist/cve/vulnerability-scanner.test.d.ts.map +1 -0
- package/dist/cve/vulnerability-scanner.test.js +329 -0
- package/dist/cve/vulnerability-scanner.test.js.map +1 -0
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -0
- package/dist/index.js.map +1 -1
- package/dist/rules/config/config-parser.d.ts +119 -0
- package/dist/rules/config/config-parser.d.ts.map +1 -0
- package/dist/rules/config/config-parser.js +376 -0
- package/dist/rules/config/config-parser.js.map +1 -0
- package/dist/rules/config/index.d.ts +8 -0
- package/dist/rules/config/index.d.ts.map +1 -0
- package/dist/rules/config/index.js +8 -0
- package/dist/rules/config/index.js.map +1 -0
- package/dist/rules/config/profiles.d.ts +85 -0
- package/dist/rules/config/profiles.d.ts.map +1 -0
- package/dist/rules/config/profiles.js +226 -0
- package/dist/rules/config/profiles.js.map +1 -0
- package/dist/rules/cwe/cwe-119-buffer-overflow.d.ts +9 -0
- package/dist/rules/cwe/cwe-119-buffer-overflow.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-119-buffer-overflow.js +54 -0
- package/dist/rules/cwe/cwe-119-buffer-overflow.js.map +1 -0
- package/dist/rules/cwe/cwe-125-oob-read.d.ts +20 -0
- package/dist/rules/cwe/cwe-125-oob-read.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-125-oob-read.js +247 -0
- package/dist/rules/cwe/cwe-125-oob-read.js.map +1 -0
- package/dist/rules/cwe/cwe-190-integer-overflow.d.ts +9 -0
- package/dist/rules/cwe/cwe-190-integer-overflow.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-190-integer-overflow.js +55 -0
- package/dist/rules/cwe/cwe-190-integer-overflow.js.map +1 -0
- package/dist/rules/cwe/cwe-20-input-validation.d.ts +21 -0
- package/dist/rules/cwe/cwe-20-input-validation.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-20-input-validation.js +342 -0
- package/dist/rules/cwe/cwe-20-input-validation.js.map +1 -0
- package/dist/rules/cwe/cwe-22-path-traversal.d.ts +20 -0
- package/dist/rules/cwe/cwe-22-path-traversal.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-22-path-traversal.js +306 -0
- package/dist/rules/cwe/cwe-22-path-traversal.js.map +1 -0
- package/dist/rules/cwe/cwe-269-improper-privilege.d.ts +9 -0
- package/dist/rules/cwe/cwe-269-improper-privilege.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-269-improper-privilege.js +58 -0
- package/dist/rules/cwe/cwe-269-improper-privilege.js.map +1 -0
- package/dist/rules/cwe/cwe-276-default-permissions.d.ts +9 -0
- package/dist/rules/cwe/cwe-276-default-permissions.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-276-default-permissions.js +54 -0
- package/dist/rules/cwe/cwe-276-default-permissions.js.map +1 -0
- package/dist/rules/cwe/cwe-287-improper-auth.d.ts +9 -0
- package/dist/rules/cwe/cwe-287-improper-auth.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-287-improper-auth.js +57 -0
- package/dist/rules/cwe/cwe-287-improper-auth.js.map +1 -0
- package/dist/rules/cwe/cwe-306-missing-auth-critical.d.ts +9 -0
- package/dist/rules/cwe/cwe-306-missing-auth-critical.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-306-missing-auth-critical.js +53 -0
- package/dist/rules/cwe/cwe-306-missing-auth-critical.js.map +1 -0
- package/dist/rules/cwe/cwe-352-csrf.d.ts +9 -0
- package/dist/rules/cwe/cwe-352-csrf.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-352-csrf.js +51 -0
- package/dist/rules/cwe/cwe-352-csrf.js.map +1 -0
- package/dist/rules/cwe/cwe-362-race-condition.d.ts +9 -0
- package/dist/rules/cwe/cwe-362-race-condition.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-362-race-condition.js +55 -0
- package/dist/rules/cwe/cwe-362-race-condition.js.map +1 -0
- package/dist/rules/cwe/cwe-416-use-after-free.d.ts +23 -0
- package/dist/rules/cwe/cwe-416-use-after-free.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-416-use-after-free.js +402 -0
- package/dist/rules/cwe/cwe-416-use-after-free.js.map +1 -0
- package/dist/rules/cwe/cwe-434-file-upload.d.ts +9 -0
- package/dist/rules/cwe/cwe-434-file-upload.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-434-file-upload.js +55 -0
- package/dist/rules/cwe/cwe-434-file-upload.js.map +1 -0
- package/dist/rules/cwe/cwe-476-null-deref.d.ts +9 -0
- package/dist/rules/cwe/cwe-476-null-deref.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-476-null-deref.js +55 -0
- package/dist/rules/cwe/cwe-476-null-deref.js.map +1 -0
- package/dist/rules/cwe/cwe-502-deserialization.d.ts +9 -0
- package/dist/rules/cwe/cwe-502-deserialization.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-502-deserialization.js +57 -0
- package/dist/rules/cwe/cwe-502-deserialization.js.map +1 -0
- package/dist/rules/cwe/cwe-77-command-injection.d.ts +9 -0
- package/dist/rules/cwe/cwe-77-command-injection.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-77-command-injection.js +55 -0
- package/dist/rules/cwe/cwe-77-command-injection.js.map +1 -0
- package/dist/rules/cwe/cwe-78-command-injection.d.ts +20 -0
- package/dist/rules/cwe/cwe-78-command-injection.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-78-command-injection.js +259 -0
- package/dist/rules/cwe/cwe-78-command-injection.js.map +1 -0
- package/dist/rules/cwe/cwe-787-oob-write.d.ts +21 -0
- package/dist/rules/cwe/cwe-787-oob-write.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-787-oob-write.js +321 -0
- package/dist/rules/cwe/cwe-787-oob-write.js.map +1 -0
- package/dist/rules/cwe/cwe-79-xss.d.ts +22 -0
- package/dist/rules/cwe/cwe-79-xss.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-79-xss.js +386 -0
- package/dist/rules/cwe/cwe-79-xss.js.map +1 -0
- package/dist/rules/cwe/cwe-798-hardcoded-credentials.d.ts +9 -0
- package/dist/rules/cwe/cwe-798-hardcoded-credentials.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-798-hardcoded-credentials.js +58 -0
- package/dist/rules/cwe/cwe-798-hardcoded-credentials.js.map +1 -0
- package/dist/rules/cwe/cwe-862-missing-auth.d.ts +9 -0
- package/dist/rules/cwe/cwe-862-missing-auth.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-862-missing-auth.js +55 -0
- package/dist/rules/cwe/cwe-862-missing-auth.js.map +1 -0
- package/dist/rules/cwe/cwe-863-incorrect-auth.d.ts +9 -0
- package/dist/rules/cwe/cwe-863-incorrect-auth.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-863-incorrect-auth.js +58 -0
- package/dist/rules/cwe/cwe-863-incorrect-auth.js.map +1 -0
- package/dist/rules/cwe/cwe-89-sql-injection.d.ts +21 -0
- package/dist/rules/cwe/cwe-89-sql-injection.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-89-sql-injection.js +456 -0
- package/dist/rules/cwe/cwe-89-sql-injection.js.map +1 -0
- package/dist/rules/cwe/cwe-918-ssrf.d.ts +9 -0
- package/dist/rules/cwe/cwe-918-ssrf.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-918-ssrf.js +59 -0
- package/dist/rules/cwe/cwe-918-ssrf.js.map +1 -0
- package/dist/rules/cwe/cwe-94-code-injection.d.ts +9 -0
- package/dist/rules/cwe/cwe-94-code-injection.d.ts.map +1 -0
- package/dist/rules/cwe/cwe-94-code-injection.js +59 -0
- package/dist/rules/cwe/cwe-94-code-injection.js.map +1 -0
- package/dist/rules/cwe/index.d.ts +43 -0
- package/dist/rules/cwe/index.d.ts.map +1 -0
- package/dist/rules/cwe/index.js +99 -0
- package/dist/rules/cwe/index.js.map +1 -0
- package/dist/rules/engine/index.d.ts +10 -0
- package/dist/rules/engine/index.d.ts.map +1 -0
- package/dist/rules/engine/index.js +9 -0
- package/dist/rules/engine/index.js.map +1 -0
- package/dist/rules/engine/rule-context.d.ts +99 -0
- package/dist/rules/engine/rule-context.d.ts.map +1 -0
- package/dist/rules/engine/rule-context.js +175 -0
- package/dist/rules/engine/rule-context.js.map +1 -0
- package/dist/rules/engine/rule-engine.d.ts +132 -0
- package/dist/rules/engine/rule-engine.d.ts.map +1 -0
- package/dist/rules/engine/rule-engine.js +379 -0
- package/dist/rules/engine/rule-engine.js.map +1 -0
- package/dist/rules/engine/rule-registry.d.ts +133 -0
- package/dist/rules/engine/rule-registry.d.ts.map +1 -0
- package/dist/rules/engine/rule-registry.js +281 -0
- package/dist/rules/engine/rule-registry.js.map +1 -0
- package/dist/rules/index.d.ts +14 -0
- package/dist/rules/index.d.ts.map +1 -0
- package/dist/rules/index.js +16 -0
- package/dist/rules/index.js.map +1 -0
- package/dist/rules/owasp/a01-broken-access-control.d.ts +19 -0
- package/dist/rules/owasp/a01-broken-access-control.d.ts.map +1 -0
- package/dist/rules/owasp/a01-broken-access-control.js +295 -0
- package/dist/rules/owasp/a01-broken-access-control.js.map +1 -0
- package/dist/rules/owasp/a02-cryptographic-failures.d.ts +19 -0
- package/dist/rules/owasp/a02-cryptographic-failures.d.ts.map +1 -0
- package/dist/rules/owasp/a02-cryptographic-failures.js +327 -0
- package/dist/rules/owasp/a02-cryptographic-failures.js.map +1 -0
- package/dist/rules/owasp/a03-injection.d.ts +21 -0
- package/dist/rules/owasp/a03-injection.d.ts.map +1 -0
- package/dist/rules/owasp/a03-injection.js +342 -0
- package/dist/rules/owasp/a03-injection.js.map +1 -0
- package/dist/rules/owasp/a04-insecure-design.d.ts +19 -0
- package/dist/rules/owasp/a04-insecure-design.d.ts.map +1 -0
- package/dist/rules/owasp/a04-insecure-design.js +403 -0
- package/dist/rules/owasp/a04-insecure-design.js.map +1 -0
- package/dist/rules/owasp/a05-security-misconfiguration.d.ts +19 -0
- package/dist/rules/owasp/a05-security-misconfiguration.d.ts.map +1 -0
- package/dist/rules/owasp/a05-security-misconfiguration.js +371 -0
- package/dist/rules/owasp/a05-security-misconfiguration.js.map +1 -0
- package/dist/rules/owasp/a06-vulnerable-components.d.ts +18 -0
- package/dist/rules/owasp/a06-vulnerable-components.d.ts.map +1 -0
- package/dist/rules/owasp/a06-vulnerable-components.js +243 -0
- package/dist/rules/owasp/a06-vulnerable-components.js.map +1 -0
- package/dist/rules/owasp/a07-auth-failures.d.ts +19 -0
- package/dist/rules/owasp/a07-auth-failures.d.ts.map +1 -0
- package/dist/rules/owasp/a07-auth-failures.js +300 -0
- package/dist/rules/owasp/a07-auth-failures.js.map +1 -0
- package/dist/rules/owasp/a08-integrity-failures.d.ts +18 -0
- package/dist/rules/owasp/a08-integrity-failures.d.ts.map +1 -0
- package/dist/rules/owasp/a08-integrity-failures.js +306 -0
- package/dist/rules/owasp/a08-integrity-failures.js.map +1 -0
- package/dist/rules/owasp/a09-logging-failures.d.ts +18 -0
- package/dist/rules/owasp/a09-logging-failures.d.ts.map +1 -0
- package/dist/rules/owasp/a09-logging-failures.js +339 -0
- package/dist/rules/owasp/a09-logging-failures.js.map +1 -0
- package/dist/rules/owasp/a10-ssrf.d.ts +18 -0
- package/dist/rules/owasp/a10-ssrf.d.ts.map +1 -0
- package/dist/rules/owasp/a10-ssrf.js +349 -0
- package/dist/rules/owasp/a10-ssrf.js.map +1 -0
- package/dist/rules/owasp/index.d.ts +20 -0
- package/dist/rules/owasp/index.d.ts.map +1 -0
- package/dist/rules/owasp/index.js +53 -0
- package/dist/rules/owasp/index.js.map +1 -0
- package/dist/rules/types.d.ts +277 -0
- package/dist/rules/types.d.ts.map +1 -0
- package/dist/rules/types.js +34 -0
- package/dist/rules/types.js.map +1 -0
- package/dist/tests/integration/epic-integration.test.d.ts +7 -0
- package/dist/tests/integration/epic-integration.test.d.ts.map +1 -0
- package/dist/tests/integration/epic-integration.test.js +390 -0
- package/dist/tests/integration/epic-integration.test.js.map +1 -0
- package/dist/tests/rules/cwe/cwe-top25-1-13.test.d.ts +2 -0
- package/dist/tests/rules/cwe/cwe-top25-1-13.test.d.ts.map +1 -0
- package/dist/tests/rules/cwe/cwe-top25-1-13.test.js +154 -0
- package/dist/tests/rules/cwe/cwe-top25-1-13.test.js.map +1 -0
- package/dist/tests/rules/cwe/cwe-top25-14-25.test.d.ts +2 -0
- package/dist/tests/rules/cwe/cwe-top25-14-25.test.d.ts.map +1 -0
- package/dist/tests/rules/cwe/cwe-top25-14-25.test.js +121 -0
- package/dist/tests/rules/cwe/cwe-top25-14-25.test.js.map +1 -0
- package/dist/types/cve.d.ts +278 -0
- package/dist/types/cve.d.ts.map +1 -0
- package/dist/types/cve.js +7 -0
- package/dist/types/cve.js.map +1 -0
- package/dist/types/index.d.ts +2 -0
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/rule.d.ts +245 -0
- package/dist/types/rule.d.ts.map +1 -0
- package/dist/types/rule.js +7 -0
- package/dist/types/rule.js.map +1 -0
- package/package.json +1 -1
|
@@ -0,0 +1,390 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview Integration tests for EPIC-1, EPIC-2, EPIC-4
|
|
3
|
+
* @module @nahisaho/musubix-security/tests/integration
|
|
4
|
+
* @trace TSK-SEC-001〜030
|
|
5
|
+
*/
|
|
6
|
+
import { describe, it, expect, beforeEach } from 'vitest';
|
|
7
|
+
// EPIC-1: Taint Analysis Imports
|
|
8
|
+
import { createEnhancedTaintAnalyzer, } from '../../analysis/enhanced-taint-analyzer.js';
|
|
9
|
+
import { ALL_BUILTIN_SOURCES, USER_INPUT_SOURCES, HTTP_REQUEST_SOURCES, ENVIRONMENT_SOURCES, getSourcesByCategory, } from '../../analysis/sources/index.js';
|
|
10
|
+
import { ALL_BUILTIN_SINKS, SQL_QUERY_SINKS, COMMAND_EXEC_SINKS, HTML_OUTPUT_SINKS, getSinksByCategory, } from '../../analysis/sinks/index.js';
|
|
11
|
+
import { ALL_BUILTIN_SANITIZERS, SQL_SANITIZERS, HTML_SANITIZERS, PATH_SANITIZERS, getSanitizersForSink, } from '../../analysis/sanitizers/index.js';
|
|
12
|
+
// EPIC-2: CVE Database Imports
|
|
13
|
+
import { NVDClient } from '../../cve/nvd-client.js';
|
|
14
|
+
import { CPEMatcher } from '../../cve/cpe-matcher.js';
|
|
15
|
+
import { DependencyParser } from '../../cve/dependency-parser.js';
|
|
16
|
+
import { RateLimiter } from '../../cve/rate-limiter.js';
|
|
17
|
+
import { CVECache, createMemoryCache } from '../../cve/cve-cache.js';
|
|
18
|
+
import { ReportGenerator } from '../../cve/report-generator.js';
|
|
19
|
+
// EPIC-4: Auto-Fix Imports
|
|
20
|
+
import { createAutoFixer } from '../../remediation/auto-fixer.js';
|
|
21
|
+
import { createFixValidator } from '../../remediation/fix-validator.js';
|
|
22
|
+
import { createPatchGenerator } from '../../remediation/patch-generator.js';
|
|
23
|
+
import { createRemediationPlanner } from '../../remediation/remediation-planner.js';
|
|
24
|
+
import { createSecureCodeTransformer } from '../../remediation/secure-code-transformer.js';
|
|
25
|
+
describe('EPIC Integration Tests', () => {
|
|
26
|
+
describe('EPIC-1: Taint Analysis Enhancement', () => {
|
|
27
|
+
describe('TSK-SEC-001: Type Definitions', () => {
|
|
28
|
+
it('should have proper TaintSource definitions', () => {
|
|
29
|
+
expect(ALL_BUILTIN_SOURCES).toBeDefined();
|
|
30
|
+
expect(ALL_BUILTIN_SOURCES.length).toBeGreaterThan(0);
|
|
31
|
+
const source = ALL_BUILTIN_SOURCES[0];
|
|
32
|
+
expect(source.id).toBeDefined();
|
|
33
|
+
expect(source.category).toBeDefined();
|
|
34
|
+
expect(source.patterns).toBeDefined();
|
|
35
|
+
});
|
|
36
|
+
it('should have proper TaintSink definitions', () => {
|
|
37
|
+
expect(ALL_BUILTIN_SINKS).toBeDefined();
|
|
38
|
+
expect(ALL_BUILTIN_SINKS.length).toBeGreaterThan(0);
|
|
39
|
+
const sink = ALL_BUILTIN_SINKS[0];
|
|
40
|
+
expect(sink.id).toBeDefined();
|
|
41
|
+
expect(sink.category).toBeDefined();
|
|
42
|
+
expect(sink.patterns).toBeDefined();
|
|
43
|
+
});
|
|
44
|
+
});
|
|
45
|
+
describe('TSK-SEC-002: Builtin Sources', () => {
|
|
46
|
+
it('should have HTTP request sources', () => {
|
|
47
|
+
expect(HTTP_REQUEST_SOURCES).toBeDefined();
|
|
48
|
+
expect(HTTP_REQUEST_SOURCES.length).toBeGreaterThan(0);
|
|
49
|
+
// HTTP sources have 'network' category
|
|
50
|
+
expect(['user-input', 'network']).toContain(HTTP_REQUEST_SOURCES[0].category);
|
|
51
|
+
});
|
|
52
|
+
it('should have user input sources', () => {
|
|
53
|
+
expect(USER_INPUT_SOURCES).toBeDefined();
|
|
54
|
+
expect(USER_INPUT_SOURCES.length).toBeGreaterThan(0);
|
|
55
|
+
});
|
|
56
|
+
it('should have environment sources', () => {
|
|
57
|
+
expect(ENVIRONMENT_SOURCES).toBeDefined();
|
|
58
|
+
expect(ENVIRONMENT_SOURCES.length).toBeGreaterThan(0);
|
|
59
|
+
});
|
|
60
|
+
it('should filter sources by category', () => {
|
|
61
|
+
const userInputSources = getSourcesByCategory('user-input');
|
|
62
|
+
expect(userInputSources.length).toBeGreaterThan(0);
|
|
63
|
+
userInputSources.forEach(s => {
|
|
64
|
+
expect(s.category).toBe('user-input');
|
|
65
|
+
});
|
|
66
|
+
});
|
|
67
|
+
});
|
|
68
|
+
describe('TSK-SEC-003: Builtin Sinks', () => {
|
|
69
|
+
it('should have SQL query sinks', () => {
|
|
70
|
+
expect(SQL_QUERY_SINKS).toBeDefined();
|
|
71
|
+
expect(SQL_QUERY_SINKS.length).toBeGreaterThan(0);
|
|
72
|
+
expect(SQL_QUERY_SINKS[0].category).toBe('sql-query');
|
|
73
|
+
});
|
|
74
|
+
it('should have command execution sinks', () => {
|
|
75
|
+
expect(COMMAND_EXEC_SINKS).toBeDefined();
|
|
76
|
+
expect(COMMAND_EXEC_SINKS.length).toBeGreaterThan(0);
|
|
77
|
+
expect(COMMAND_EXEC_SINKS[0].category).toBe('command-exec');
|
|
78
|
+
});
|
|
79
|
+
it('should have HTML output sinks', () => {
|
|
80
|
+
expect(HTML_OUTPUT_SINKS).toBeDefined();
|
|
81
|
+
expect(HTML_OUTPUT_SINKS.length).toBeGreaterThan(0);
|
|
82
|
+
});
|
|
83
|
+
it('should filter sinks by category', () => {
|
|
84
|
+
const sqlSinks = getSinksByCategory('sql-query');
|
|
85
|
+
expect(sqlSinks.length).toBeGreaterThan(0);
|
|
86
|
+
sqlSinks.forEach(s => {
|
|
87
|
+
expect(s.category).toBe('sql-query');
|
|
88
|
+
});
|
|
89
|
+
});
|
|
90
|
+
});
|
|
91
|
+
describe('TSK-SEC-004: Sanitizer Recognition', () => {
|
|
92
|
+
it('should have SQL sanitizers', () => {
|
|
93
|
+
expect(SQL_SANITIZERS).toBeDefined();
|
|
94
|
+
expect(SQL_SANITIZERS.length).toBeGreaterThan(0);
|
|
95
|
+
});
|
|
96
|
+
it('should have HTML sanitizers', () => {
|
|
97
|
+
expect(HTML_SANITIZERS).toBeDefined();
|
|
98
|
+
expect(HTML_SANITIZERS.length).toBeGreaterThan(0);
|
|
99
|
+
});
|
|
100
|
+
it('should have path sanitizers', () => {
|
|
101
|
+
expect(PATH_SANITIZERS).toBeDefined();
|
|
102
|
+
expect(PATH_SANITIZERS.length).toBeGreaterThan(0);
|
|
103
|
+
});
|
|
104
|
+
it('should get sanitizers for specific sink type', () => {
|
|
105
|
+
const sqlSanitizers = getSanitizersForSink('sql-query');
|
|
106
|
+
expect(sqlSanitizers.length).toBeGreaterThan(0);
|
|
107
|
+
sqlSanitizers.forEach(s => {
|
|
108
|
+
expect(s.protects).toContain('sql-query');
|
|
109
|
+
});
|
|
110
|
+
});
|
|
111
|
+
it('should have all builtin sanitizers aggregated', () => {
|
|
112
|
+
expect(ALL_BUILTIN_SANITIZERS).toBeDefined();
|
|
113
|
+
expect(ALL_BUILTIN_SANITIZERS.length).toBeGreaterThan(0);
|
|
114
|
+
expect(ALL_BUILTIN_SANITIZERS.length).toBeGreaterThanOrEqual(SQL_SANITIZERS.length + HTML_SANITIZERS.length + PATH_SANITIZERS.length);
|
|
115
|
+
});
|
|
116
|
+
});
|
|
117
|
+
describe('TSK-SEC-005-008: Enhanced Taint Analyzer', () => {
|
|
118
|
+
let analyzer;
|
|
119
|
+
beforeEach(() => {
|
|
120
|
+
analyzer = createEnhancedTaintAnalyzer({
|
|
121
|
+
maxDepth: 5,
|
|
122
|
+
buildCallGraph: false,
|
|
123
|
+
});
|
|
124
|
+
});
|
|
125
|
+
it('should create enhanced taint analyzer', () => {
|
|
126
|
+
expect(analyzer).toBeDefined();
|
|
127
|
+
expect(analyzer.analyze).toBeDefined();
|
|
128
|
+
});
|
|
129
|
+
it('should analyze code and return results', async () => {
|
|
130
|
+
const code = `
|
|
131
|
+
const data = req.body.username;
|
|
132
|
+
const query = \`SELECT * FROM users WHERE name = '\${data}'\`;
|
|
133
|
+
db.query(query);
|
|
134
|
+
`;
|
|
135
|
+
const result = await analyzer.analyze(code, 'test.ts');
|
|
136
|
+
expect(result).toBeDefined();
|
|
137
|
+
expect(result.sources).toBeDefined();
|
|
138
|
+
expect(result.sinks).toBeDefined();
|
|
139
|
+
});
|
|
140
|
+
});
|
|
141
|
+
});
|
|
142
|
+
describe('EPIC-2: CVE Database Integration', () => {
|
|
143
|
+
describe('TSK-SEC-009: CVE Type Definitions', () => {
|
|
144
|
+
it('should have CVE interface with required fields', () => {
|
|
145
|
+
const cve = {
|
|
146
|
+
id: 'CVE-2021-44228',
|
|
147
|
+
description: 'Log4j RCE',
|
|
148
|
+
published: new Date(),
|
|
149
|
+
lastModified: new Date(),
|
|
150
|
+
cwes: ['CWE-502'],
|
|
151
|
+
references: [],
|
|
152
|
+
affectedProducts: [],
|
|
153
|
+
status: 'Analyzed',
|
|
154
|
+
};
|
|
155
|
+
expect(cve.id).toMatch(/^CVE-\d{4}-\d+$/);
|
|
156
|
+
expect(cve.description).toBeDefined();
|
|
157
|
+
});
|
|
158
|
+
it('should have CVSSScore interface', () => {
|
|
159
|
+
const cvss = {
|
|
160
|
+
version: '3.1',
|
|
161
|
+
baseScore: 10.0,
|
|
162
|
+
severity: 'CRITICAL',
|
|
163
|
+
vectorString: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H',
|
|
164
|
+
attackVector: 'NETWORK',
|
|
165
|
+
attackComplexity: 'LOW',
|
|
166
|
+
privilegesRequired: 'NONE',
|
|
167
|
+
userInteraction: 'NONE',
|
|
168
|
+
scope: 'CHANGED',
|
|
169
|
+
confidentialityImpact: 'HIGH',
|
|
170
|
+
integrityImpact: 'HIGH',
|
|
171
|
+
availabilityImpact: 'HIGH',
|
|
172
|
+
};
|
|
173
|
+
expect(cvss.baseScore).toBe(10.0);
|
|
174
|
+
expect(cvss.severity).toBe('CRITICAL');
|
|
175
|
+
});
|
|
176
|
+
});
|
|
177
|
+
describe('TSK-SEC-010: NVD API Client', () => {
|
|
178
|
+
it('should create NVD client with options', () => {
|
|
179
|
+
const client = new NVDClient({
|
|
180
|
+
apiKey: 'test-key',
|
|
181
|
+
baseUrl: 'https://test.nvd.nist.gov',
|
|
182
|
+
});
|
|
183
|
+
expect(client).toBeDefined();
|
|
184
|
+
});
|
|
185
|
+
it('should create NVD client with default options', () => {
|
|
186
|
+
const client = new NVDClient();
|
|
187
|
+
expect(client).toBeDefined();
|
|
188
|
+
});
|
|
189
|
+
});
|
|
190
|
+
describe('TSK-SEC-011: Memory Cache', () => {
|
|
191
|
+
it('should create memory cache', () => {
|
|
192
|
+
const cache = createMemoryCache();
|
|
193
|
+
expect(cache).toBeDefined();
|
|
194
|
+
});
|
|
195
|
+
it('should support CVECache class', () => {
|
|
196
|
+
const cache = new CVECache({ inMemory: true });
|
|
197
|
+
expect(cache).toBeDefined();
|
|
198
|
+
});
|
|
199
|
+
});
|
|
200
|
+
describe('TSK-SEC-012: CPE Matcher', () => {
|
|
201
|
+
it('should generate CPE for package', () => {
|
|
202
|
+
const matcher = new CPEMatcher();
|
|
203
|
+
const cpe = matcher.generateCPE('lodash', '4.17.20');
|
|
204
|
+
expect(cpe).toContain('lodash');
|
|
205
|
+
expect(cpe).toContain('4.17.20');
|
|
206
|
+
});
|
|
207
|
+
it('should compare versions correctly - vulnerable', () => {
|
|
208
|
+
const matcher = new CPEMatcher();
|
|
209
|
+
// 4.17.20 is within range [4.0.0, 4.17.21)
|
|
210
|
+
const isVuln = matcher.isVersionVulnerable('4.17.20', {
|
|
211
|
+
versionStart: '4.0.0',
|
|
212
|
+
versionEnd: '4.17.21',
|
|
213
|
+
versionEndExcluding: true,
|
|
214
|
+
});
|
|
215
|
+
expect(isVuln).toBe(true);
|
|
216
|
+
});
|
|
217
|
+
it('should compare versions correctly - not vulnerable', () => {
|
|
218
|
+
const matcher = new CPEMatcher();
|
|
219
|
+
// Version 4.17.21 equals end bound with exclusive flag
|
|
220
|
+
const isNotVuln = matcher.isVersionVulnerable('4.17.21', {
|
|
221
|
+
versionStart: '4.0.0',
|
|
222
|
+
versionEnd: '4.17.21',
|
|
223
|
+
versionEndExcluding: true,
|
|
224
|
+
});
|
|
225
|
+
expect(isNotVuln).toBe(false);
|
|
226
|
+
});
|
|
227
|
+
it('should parse CPE URI', () => {
|
|
228
|
+
const matcher = new CPEMatcher();
|
|
229
|
+
const components = matcher.parseURI('cpe:2.3:a:lodash:lodash:4.17.20:*:*:*:*:*:*:*');
|
|
230
|
+
expect(components).toBeDefined();
|
|
231
|
+
expect(components?.product).toBe('lodash');
|
|
232
|
+
});
|
|
233
|
+
});
|
|
234
|
+
describe('TSK-SEC-013: Dependency Parser', () => {
|
|
235
|
+
it('should parse package.json content', () => {
|
|
236
|
+
const parser = new DependencyParser();
|
|
237
|
+
const packageJsonContent = JSON.stringify({
|
|
238
|
+
name: 'test-app',
|
|
239
|
+
version: '1.0.0',
|
|
240
|
+
dependencies: {
|
|
241
|
+
'lodash': '^4.17.21',
|
|
242
|
+
'express': '~4.18.0',
|
|
243
|
+
},
|
|
244
|
+
devDependencies: {
|
|
245
|
+
'vitest': '^1.0.0',
|
|
246
|
+
},
|
|
247
|
+
});
|
|
248
|
+
const result = parser.parsePackageJson(packageJsonContent);
|
|
249
|
+
expect(result.length).toBeGreaterThanOrEqual(2);
|
|
250
|
+
});
|
|
251
|
+
});
|
|
252
|
+
describe('TSK-SEC-014: Rate Limiter', () => {
|
|
253
|
+
it('should create rate limiter with NVD defaults (without API key)', () => {
|
|
254
|
+
const limiter = RateLimiter.forNVD(false);
|
|
255
|
+
expect(limiter).toBeDefined();
|
|
256
|
+
expect(limiter.canProceed()).toBe(true);
|
|
257
|
+
});
|
|
258
|
+
it('should create rate limiter with API key config', () => {
|
|
259
|
+
const limiter = RateLimiter.forNVD(true);
|
|
260
|
+
expect(limiter).toBeDefined();
|
|
261
|
+
});
|
|
262
|
+
it('should track request count', () => {
|
|
263
|
+
const limiter = new RateLimiter({
|
|
264
|
+
maxTokens: 5,
|
|
265
|
+
windowMs: 30000,
|
|
266
|
+
});
|
|
267
|
+
const status1 = limiter.getStatus();
|
|
268
|
+
expect(status1.availableTokens).toBe(5);
|
|
269
|
+
limiter.consume();
|
|
270
|
+
const status2 = limiter.getStatus();
|
|
271
|
+
expect(status2.availableTokens).toBe(4);
|
|
272
|
+
});
|
|
273
|
+
});
|
|
274
|
+
describe('TSK-SEC-015: Report Generator', () => {
|
|
275
|
+
it('should create report generator', () => {
|
|
276
|
+
const generator = new ReportGenerator();
|
|
277
|
+
expect(generator).toBeDefined();
|
|
278
|
+
});
|
|
279
|
+
it('should support multiple formats', () => {
|
|
280
|
+
const generator = new ReportGenerator({ format: 'markdown' });
|
|
281
|
+
expect(generator).toBeDefined();
|
|
282
|
+
const jsonGenerator = new ReportGenerator({ format: 'json' });
|
|
283
|
+
expect(jsonGenerator).toBeDefined();
|
|
284
|
+
});
|
|
285
|
+
});
|
|
286
|
+
});
|
|
287
|
+
describe('EPIC-4: Auto-Fix Pipeline', () => {
|
|
288
|
+
describe('TSK-SEC-022: Fix Type Definitions', () => {
|
|
289
|
+
it('should have Fix interface with required fields', () => {
|
|
290
|
+
const fix = {
|
|
291
|
+
id: 'FIX-2026-001',
|
|
292
|
+
vulnerabilityId: 'VULN-001',
|
|
293
|
+
strategy: 'parameterized-query',
|
|
294
|
+
title: 'Use parameterized query',
|
|
295
|
+
description: 'Replace string concatenation with parameterized query',
|
|
296
|
+
edits: [],
|
|
297
|
+
imports: [],
|
|
298
|
+
confidence: 0.95,
|
|
299
|
+
breakingChange: false,
|
|
300
|
+
rationale: 'Prevents SQL injection',
|
|
301
|
+
};
|
|
302
|
+
expect(fix.id).toBeDefined();
|
|
303
|
+
expect(fix.confidence).toBeGreaterThan(0);
|
|
304
|
+
expect(fix.strategy).toBe('parameterized-query');
|
|
305
|
+
});
|
|
306
|
+
});
|
|
307
|
+
describe('TSK-SEC-023-026: Auto Fixer', () => {
|
|
308
|
+
it('should create auto-fixer', () => {
|
|
309
|
+
const fixer = createAutoFixer();
|
|
310
|
+
expect(fixer).toBeDefined();
|
|
311
|
+
});
|
|
312
|
+
it('should create auto-fixer with options', () => {
|
|
313
|
+
const fixer = createAutoFixer({
|
|
314
|
+
maxSuggestions: 5,
|
|
315
|
+
});
|
|
316
|
+
expect(fixer).toBeDefined();
|
|
317
|
+
});
|
|
318
|
+
});
|
|
319
|
+
describe('TSK-SEC-027: Fix Validator', () => {
|
|
320
|
+
it('should create fix validator', () => {
|
|
321
|
+
const validator = createFixValidator();
|
|
322
|
+
expect(validator).toBeDefined();
|
|
323
|
+
});
|
|
324
|
+
it('should have validate method', () => {
|
|
325
|
+
const validator = createFixValidator();
|
|
326
|
+
expect(validator.validate).toBeDefined();
|
|
327
|
+
});
|
|
328
|
+
});
|
|
329
|
+
describe('TSK-SEC-028: Patch Generator', () => {
|
|
330
|
+
it('should create patch generator', () => {
|
|
331
|
+
const generator = createPatchGenerator();
|
|
332
|
+
expect(generator).toBeDefined();
|
|
333
|
+
});
|
|
334
|
+
it('should have generatePatch method', () => {
|
|
335
|
+
const generator = createPatchGenerator();
|
|
336
|
+
expect(generator.generatePatch).toBeDefined();
|
|
337
|
+
});
|
|
338
|
+
});
|
|
339
|
+
describe('TSK-SEC-029: Remediation Planner', () => {
|
|
340
|
+
it('should create remediation planner', () => {
|
|
341
|
+
const planner = createRemediationPlanner();
|
|
342
|
+
expect(planner).toBeDefined();
|
|
343
|
+
});
|
|
344
|
+
it('should create planner with options', () => {
|
|
345
|
+
const planner = createRemediationPlanner({
|
|
346
|
+
prioritization: 'severity',
|
|
347
|
+
});
|
|
348
|
+
expect(planner).toBeDefined();
|
|
349
|
+
});
|
|
350
|
+
it('should have createPlan method', () => {
|
|
351
|
+
const planner = createRemediationPlanner();
|
|
352
|
+
expect(planner.createPlan).toBeDefined();
|
|
353
|
+
});
|
|
354
|
+
});
|
|
355
|
+
describe('TSK-SEC-030: Secure Code Transformer', () => {
|
|
356
|
+
it('should create secure code transformer', () => {
|
|
357
|
+
const transformer = createSecureCodeTransformer();
|
|
358
|
+
expect(transformer).toBeDefined();
|
|
359
|
+
});
|
|
360
|
+
it('should have transform method', () => {
|
|
361
|
+
const transformer = createSecureCodeTransformer();
|
|
362
|
+
expect(transformer.transform).toBeDefined();
|
|
363
|
+
});
|
|
364
|
+
});
|
|
365
|
+
});
|
|
366
|
+
describe('Integration Verification', () => {
|
|
367
|
+
it('should have all EPIC-1 components available', () => {
|
|
368
|
+
expect(ALL_BUILTIN_SOURCES.length).toBeGreaterThan(0);
|
|
369
|
+
expect(ALL_BUILTIN_SINKS.length).toBeGreaterThan(0);
|
|
370
|
+
expect(ALL_BUILTIN_SANITIZERS.length).toBeGreaterThan(0);
|
|
371
|
+
expect(createEnhancedTaintAnalyzer).toBeDefined();
|
|
372
|
+
});
|
|
373
|
+
it('should have all EPIC-2 components available', () => {
|
|
374
|
+
expect(NVDClient).toBeDefined();
|
|
375
|
+
expect(CPEMatcher).toBeDefined();
|
|
376
|
+
expect(DependencyParser).toBeDefined();
|
|
377
|
+
expect(RateLimiter).toBeDefined();
|
|
378
|
+
expect(CVECache).toBeDefined();
|
|
379
|
+
expect(ReportGenerator).toBeDefined();
|
|
380
|
+
});
|
|
381
|
+
it('should have all EPIC-4 components available', () => {
|
|
382
|
+
expect(createAutoFixer).toBeDefined();
|
|
383
|
+
expect(createFixValidator).toBeDefined();
|
|
384
|
+
expect(createPatchGenerator).toBeDefined();
|
|
385
|
+
expect(createRemediationPlanner).toBeDefined();
|
|
386
|
+
expect(createSecureCodeTransformer).toBeDefined();
|
|
387
|
+
});
|
|
388
|
+
});
|
|
389
|
+
});
|
|
390
|
+
//# sourceMappingURL=epic-integration.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"epic-integration.test.js","sourceRoot":"","sources":["../../../src/tests/integration/epic-integration.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAE1D,iCAAiC;AACjC,OAAO,EAEL,2BAA2B,GAC5B,MAAM,2CAA2C,CAAC;AAEnD,OAAO,EACL,mBAAmB,EACnB,kBAAkB,EAClB,oBAAoB,EACpB,mBAAmB,EACnB,oBAAoB,GACrB,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,kBAAkB,EAClB,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EACL,sBAAsB,EACtB,cAAc,EACd,eAAe,EACf,eAAe,EACf,oBAAoB,GACrB,MAAM,oCAAoC,CAAC;AAE5C,+BAA+B;AAC/B,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AAClE,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AACrE,OAAO,EAAE,eAAe,EAAkB,MAAM,+BAA+B,CAAC;AAEhF,2BAA2B;AAC3B,OAAO,EAAa,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAgB,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACtF,OAAO,EAAkB,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAC5F,OAAO,EAAsB,wBAAwB,EAAE,MAAM,0CAA0C,CAAC;AACxG,OAAO,EAAyB,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAElH,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;IACtC,QAAQ,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAClD,QAAQ,CAAC,+BAA+B,EAAE,GAAG,EAAE;YAC7C,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;gBACpD,MAAM,CAAC,mBAAmB,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC1C,MAAM,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;gBAEtD,MAAM,MAAM,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC;gBACtC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;gBAChC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;gBACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;YACxC,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;gBAClD,MAAM,CAAC,iBAAiB,CAAC,CAAC,WAAW,EAAE,CAAC;gBACxC,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;gBAEpD,MAAM,IAAI,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC;gBAClC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC9B,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;gBACpC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;YACtC,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;YAC5C,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;gBAC1C,MAAM,CAAC,oBAAoB,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC3C,MAAM,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;gBACvD,uCAAuC;gBACvC,MAAM,CAAC,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;YAChF,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;gBACxC,MAAM,CAAC,kBAAkB,CAAC,CAAC,WAAW,EAAE,CAAC;gBACzC,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACvD,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;gBACzC,MAAM,CAAC,mBAAmB,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC1C,MAAM,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACxD,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;gBAC3C,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAC;gBAC5D,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;gBACnD,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;oBAC3B,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;gBACxC,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;YAC1C,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;gBACrC,MAAM,CAAC,eAAe,CAAC,CAAC,WAAW,EAAE,CAAC;gBACtC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;gBAClD,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACxD,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;gBAC7C,MAAM,CAAC,kBAAkB,CAAC,CAAC,WAAW,EAAE,CAAC;gBACzC,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;gBACrD,MAAM,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC9D,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;gBACvC,MAAM,CAAC,iBAAiB,CAAC,CAAC,WAAW,EAAE,CAAC;gBACxC,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACtD,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;gBACzC,MAAM,QAAQ,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;gBACjD,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;gBAC3C,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;oBACnB,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBACvC,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAClD,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;gBACpC,MAAM,CAAC,cAAc,CAAC,CAAC,WAAW,EAAE,CAAC;gBACrC,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACnD,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;gBACrC,MAAM,CAAC,eAAe,CAAC,CAAC,WAAW,EAAE,CAAC;gBACtC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACpD,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;gBACrC,MAAM,CAAC,eAAe,CAAC,CAAC,WAAW,EAAE,CAAC;gBACtC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACpD,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;gBACtD,MAAM,aAAa,GAAG,oBAAoB,CAAC,WAAW,CAAC,CAAC;gBACxD,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;gBAChD,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;oBACxB,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;gBAC5C,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;gBACvD,MAAM,CAAC,sBAAsB,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC7C,MAAM,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;gBACzD,MAAM,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,sBAAsB,CAC1D,cAAc,CAAC,MAAM,GAAG,eAAe,CAAC,MAAM,GAAG,eAAe,CAAC,MAAM,CACxE,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,0CAA0C,EAAE,GAAG,EAAE;YACxD,IAAI,QAA+B,CAAC;YAEpC,UAAU,CAAC,GAAG,EAAE;gBACd,QAAQ,GAAG,2BAA2B,CAAC;oBACrC,QAAQ,EAAE,CAAC;oBACX,cAAc,EAAE,KAAK;iBACtB,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;gBAC/C,MAAM,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC/B,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;YACzC,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;gBACtD,MAAM,IAAI,GAAG;;;;CAIpB,CAAC;gBACM,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;gBACvD,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC7B,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;gBACrC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;YACrC,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAChD,QAAQ,CAAC,mCAAmC,EAAE,GAAG,EAAE;YACjD,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;gBACxD,MAAM,GAAG,GAAG;oBACV,EAAE,EAAE,gBAAgB;oBACpB,WAAW,EAAE,WAAW;oBACxB,SAAS,EAAE,IAAI,IAAI,EAAE;oBACrB,YAAY,EAAE,IAAI,IAAI,EAAE;oBACxB,IAAI,EAAE,CAAC,SAAS,CAAC;oBACjB,UAAU,EAAE,EAAE;oBACd,gBAAgB,EAAE,EAAE;oBACpB,MAAM,EAAE,UAAmB;iBAC5B,CAAC;gBACF,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;gBAC1C,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;YACxC,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;gBACzC,MAAM,IAAI,GAAG;oBACX,OAAO,EAAE,KAAc;oBACvB,SAAS,EAAE,IAAI;oBACf,QAAQ,EAAE,UAAmB;oBAC7B,YAAY,EAAE,8CAA8C;oBAC5D,YAAY,EAAE,SAAkB;oBAChC,gBAAgB,EAAE,KAAc;oBAChC,kBAAkB,EAAE,MAAe;oBACnC,eAAe,EAAE,MAAe;oBAChC,KAAK,EAAE,SAAkB;oBACzB,qBAAqB,EAAE,MAAe;oBACtC,eAAe,EAAE,MAAe;oBAChC,kBAAkB,EAAE,MAAe;iBACpC,CAAC;gBACF,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAClC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACzC,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;YAC3C,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;gBAC/C,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;oBAC3B,MAAM,EAAE,UAAU;oBAClB,OAAO,EAAE,2BAA2B;iBACrC,CAAC,CAAC;gBACH,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;YAC/B,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;gBACvD,MAAM,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;gBAC/B,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;YAC/B,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;YACzC,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;gBACpC,MAAM,KAAK,GAAG,iBAAiB,EAAE,CAAC;gBAClC,MAAM,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9B,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;gBACvC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC/C,MAAM,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9B,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;YACxC,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;gBACzC,MAAM,OAAO,GAAG,IAAI,UAAU,EAAE,CAAC;gBACjC,MAAM,GAAG,GAAG,OAAO,CAAC,WAAW,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;gBACrD,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;gBAChC,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;gBACxD,MAAM,OAAO,GAAG,IAAI,UAAU,EAAE,CAAC;gBACjC,2CAA2C;gBAC3C,MAAM,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC,SAAS,EAAE;oBACpD,YAAY,EAAE,OAAO;oBACrB,UAAU,EAAE,SAAS;oBACrB,mBAAmB,EAAE,IAAI;iBAC1B,CAAC,CAAC;gBACH,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;gBAC5D,MAAM,OAAO,GAAG,IAAI,UAAU,EAAE,CAAC;gBACjC,uDAAuD;gBACvD,MAAM,SAAS,GAAG,OAAO,CAAC,mBAAmB,CAAC,SAAS,EAAE;oBACvD,YAAY,EAAE,OAAO;oBACrB,UAAU,EAAE,SAAS;oBACrB,mBAAmB,EAAE,IAAI;iBAC1B,CAAC,CAAC;gBACH,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAChC,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;gBAC9B,MAAM,OAAO,GAAG,IAAI,UAAU,EAAE,CAAC;gBACjC,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC,+CAA+C,CAAC,CAAC;gBACrF,MAAM,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;gBACjC,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC7C,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,gCAAgC,EAAE,GAAG,EAAE;YAC9C,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;gBAC3C,MAAM,MAAM,GAAG,IAAI,gBAAgB,EAAE,CAAC;gBACtC,MAAM,kBAAkB,GAAG,IAAI,CAAC,SAAS,CAAC;oBACxC,IAAI,EAAE,UAAU;oBAChB,OAAO,EAAE,OAAO;oBAChB,YAAY,EAAE;wBACZ,QAAQ,EAAE,UAAU;wBACpB,SAAS,EAAE,SAAS;qBACrB;oBACD,eAAe,EAAE;wBACf,QAAQ,EAAE,QAAQ;qBACnB;iBACF,CAAC,CAAC;gBAEH,MAAM,MAAM,GAAG,MAAM,CAAC,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;gBAC3D,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;YAClD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;YACzC,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;gBACxE,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC1C,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC9B,MAAM,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1C,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;gBACxD,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBACzC,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;YAChC,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;gBACpC,MAAM,OAAO,GAAG,IAAI,WAAW,CAAC;oBAC9B,SAAS,EAAE,CAAC;oBACZ,QAAQ,EAAE,KAAK;iBAChB,CAAC,CAAC;gBAEH,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;gBACpC,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAExC,OAAO,CAAC,OAAO,EAAE,CAAC;gBAClB,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;gBACpC,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC1C,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,+BAA+B,EAAE,GAAG,EAAE;YAC7C,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;gBACxC,MAAM,SAAS,GAAG,IAAI,eAAe,EAAE,CAAC;gBACxC,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;YAClC,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;gBACzC,MAAM,SAAS,GAAG,IAAI,eAAe,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC;gBAC9D,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;gBAEhC,MAAM,aAAa,GAAG,IAAI,eAAe,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;gBAC9D,MAAM,CAAC,aAAa,CAAC,CAAC,WAAW,EAAE,CAAC;YACtC,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACzC,QAAQ,CAAC,mCAAmC,EAAE,GAAG,EAAE;YACjD,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;gBACxD,MAAM,GAAG,GAAG;oBACV,EAAE,EAAE,cAAc;oBAClB,eAAe,EAAE,UAAU;oBAC3B,QAAQ,EAAE,qBAA8B;oBACxC,KAAK,EAAE,yBAAyB;oBAChC,WAAW,EAAE,uDAAuD;oBACpE,KAAK,EAAE,EAAE;oBACT,OAAO,EAAE,EAAE;oBACX,UAAU,EAAE,IAAI;oBAChB,cAAc,EAAE,KAAK;oBACrB,SAAS,EAAE,wBAAwB;iBACpC,CAAC;gBACF,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC7B,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;gBAC1C,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;YACnD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;YAC3C,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;gBAClC,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;gBAChC,MAAM,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9B,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;gBAC/C,MAAM,KAAK,GAAG,eAAe,CAAC;oBAC5B,cAAc,EAAE,CAAC;iBAClB,CAAC,CAAC;gBACH,MAAM,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9B,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;YAC1C,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;gBACrC,MAAM,SAAS,GAAG,kBAAkB,EAAE,CAAC;gBACvC,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;YAClC,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;gBACrC,MAAM,SAAS,GAAG,kBAAkB,EAAE,CAAC;gBACvC,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;YAC3C,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;YAC5C,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;gBACvC,MAAM,SAAS,GAAG,oBAAoB,EAAE,CAAC;gBACzC,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;YAClC,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;gBAC1C,MAAM,SAAS,GAAG,oBAAoB,EAAE,CAAC;gBACzC,MAAM,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,WAAW,EAAE,CAAC;YAChD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAChD,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;gBAC3C,MAAM,OAAO,GAAG,wBAAwB,EAAE,CAAC;gBAC3C,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;YAChC,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;gBAC5C,MAAM,OAAO,GAAG,wBAAwB,CAAC;oBACvC,cAAc,EAAE,UAAU;iBAC3B,CAAC,CAAC;gBACH,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;YAChC,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;gBACvC,MAAM,OAAO,GAAG,wBAAwB,EAAE,CAAC;gBAC3C,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;YAC3C,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,sCAAsC,EAAE,GAAG,EAAE;YACpD,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;gBAC/C,MAAM,WAAW,GAAG,2BAA2B,EAAE,CAAC;gBAClD,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;YACpC,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;gBACtC,MAAM,WAAW,GAAG,2BAA2B,EAAE,CAAC;gBAClD,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9C,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;QACxC,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACtD,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACpD,MAAM,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACzD,MAAM,CAAC,2BAA2B,CAAC,CAAC,WAAW,EAAE,CAAC;QACpD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;YAChC,MAAM,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;YACjC,MAAM,CAAC,gBAAgB,CAAC,CAAC,WAAW,EAAE,CAAC;YACvC,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;YAClC,MAAM,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;YAC/B,MAAM,CAAC,eAAe,CAAC,CAAC,WAAW,EAAE,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,CAAC,eAAe,CAAC,CAAC,WAAW,EAAE,CAAC;YACtC,MAAM,CAAC,kBAAkB,CAAC,CAAC,WAAW,EAAE,CAAC;YACzC,MAAM,CAAC,oBAAoB,CAAC,CAAC,WAAW,EAAE,CAAC;YAC3C,MAAM,CAAC,wBAAwB,CAAC,CAAC,WAAW,EAAE,CAAC;YAC/C,MAAM,CAAC,2BAA2B,CAAC,CAAC,WAAW,EAAE,CAAC;QACpD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cwe-top25-1-13.test.d.ts","sourceRoot":"","sources":["../../../../src/tests/rules/cwe/cwe-top25-1-13.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,154 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* CWE Top 25 (1-13) テスト
|
|
3
|
+
* TSK-RULE-005: CWE Top 25 Most Dangerous Software Weaknesses
|
|
4
|
+
*/
|
|
5
|
+
import { describe, it, expect } from 'vitest';
|
|
6
|
+
import { cwe787OutOfBoundsWrite, cwe79XSS, cwe89SQLInjection, cwe416UseAfterFree, cwe78CommandInjection, cwe20InputValidation, cwe125OutOfBoundsRead, cwe22PathTraversal, cwe352CSRF, cwe434FileUpload, cwe862MissingAuth, cwe476NullDeref, cwe287ImproperAuth, cweTop25Rules1to13, } from '../../../rules/cwe/index.js';
|
|
7
|
+
// Helper to create RuleContext for testing
|
|
8
|
+
function createContext(code, filePath = 'test.ts') {
|
|
9
|
+
return {
|
|
10
|
+
sourceCode: code,
|
|
11
|
+
filePath,
|
|
12
|
+
options: {},
|
|
13
|
+
report: () => { },
|
|
14
|
+
};
|
|
15
|
+
}
|
|
16
|
+
describe('CWE Top 25 (1-13) Rules', () => {
|
|
17
|
+
describe('CWE-787: Out-of-bounds Write', () => {
|
|
18
|
+
it('should detect Buffer.allocUnsafe', async () => {
|
|
19
|
+
const code = `const buf = Buffer.allocUnsafe(userSize);`;
|
|
20
|
+
const result = await cwe787OutOfBoundsWrite.analyze(createContext(code));
|
|
21
|
+
expect(result.length).toBeGreaterThan(0);
|
|
22
|
+
expect(result[0].ruleId).toBe('cwe-787-oob-write');
|
|
23
|
+
});
|
|
24
|
+
it('should have required properties', () => {
|
|
25
|
+
expect(cwe787OutOfBoundsWrite).toHaveProperty('id', 'cwe-787-oob-write');
|
|
26
|
+
expect(cwe787OutOfBoundsWrite).toHaveProperty('name');
|
|
27
|
+
expect(cwe787OutOfBoundsWrite).toHaveProperty('description');
|
|
28
|
+
expect(cwe787OutOfBoundsWrite).toHaveProperty('analyze');
|
|
29
|
+
});
|
|
30
|
+
});
|
|
31
|
+
describe('CWE-79: XSS', () => {
|
|
32
|
+
it('should detect innerHTML assignment', async () => {
|
|
33
|
+
const code = `element.innerHTML = userInput;`;
|
|
34
|
+
const result = await cwe79XSS.analyze(createContext(code));
|
|
35
|
+
expect(result.length).toBeGreaterThan(0);
|
|
36
|
+
expect(result[0].ruleId).toBe('cwe-79-xss');
|
|
37
|
+
});
|
|
38
|
+
it('should detect document.write', async () => {
|
|
39
|
+
const code = `document.write(data);`;
|
|
40
|
+
const result = await cwe79XSS.analyze(createContext(code));
|
|
41
|
+
expect(result.length).toBeGreaterThan(0);
|
|
42
|
+
});
|
|
43
|
+
});
|
|
44
|
+
describe('CWE-89: SQL Injection', () => {
|
|
45
|
+
it('should detect string concatenation in SQL', async () => {
|
|
46
|
+
const code = `const query = "SELECT * FROM users WHERE id = " + userId;`;
|
|
47
|
+
const result = await cwe89SQLInjection.analyze(createContext(code));
|
|
48
|
+
expect(result.length).toBeGreaterThan(0);
|
|
49
|
+
expect(result[0].ruleId).toBe('cwe-89-sql-injection');
|
|
50
|
+
});
|
|
51
|
+
});
|
|
52
|
+
describe('CWE-416: Use After Free', () => {
|
|
53
|
+
it('should detect stream usage after end', async () => {
|
|
54
|
+
const code = `stream.end(); stream.write(data);`;
|
|
55
|
+
const result = await cwe416UseAfterFree.analyze(createContext(code));
|
|
56
|
+
expect(result.length).toBeGreaterThan(0);
|
|
57
|
+
expect(result[0].ruleId).toBe('cwe-416-use-after-free');
|
|
58
|
+
});
|
|
59
|
+
});
|
|
60
|
+
describe('CWE-78: Command Injection', () => {
|
|
61
|
+
it('should detect exec with user input', async () => {
|
|
62
|
+
const code = `exec("ls " + userInput);`;
|
|
63
|
+
const result = await cwe78CommandInjection.analyze(createContext(code));
|
|
64
|
+
expect(result.length).toBeGreaterThan(0);
|
|
65
|
+
expect(result[0].ruleId).toBe('cwe-78-command-injection');
|
|
66
|
+
});
|
|
67
|
+
});
|
|
68
|
+
describe('CWE-20: Input Validation', () => {
|
|
69
|
+
it('should detect direct body access', async () => {
|
|
70
|
+
const code = `const name = req.body.name;`;
|
|
71
|
+
const result = await cwe20InputValidation.analyze(createContext(code));
|
|
72
|
+
expect(result.length).toBeGreaterThan(0);
|
|
73
|
+
expect(result[0].ruleId).toBe('cwe-20-input-validation');
|
|
74
|
+
});
|
|
75
|
+
});
|
|
76
|
+
describe('CWE-125: Out-of-bounds Read', () => {
|
|
77
|
+
it('should detect array access patterns', async () => {
|
|
78
|
+
const code = `const val = buffer.readUInt32LE(offset);`;
|
|
79
|
+
const result = await cwe125OutOfBoundsRead.analyze(createContext(code));
|
|
80
|
+
expect(result.length).toBeGreaterThan(0);
|
|
81
|
+
expect(result[0].ruleId).toBe('cwe-125-oob-read');
|
|
82
|
+
});
|
|
83
|
+
});
|
|
84
|
+
describe('CWE-22: Path Traversal', () => {
|
|
85
|
+
it('should detect path.join with user input', async () => {
|
|
86
|
+
const code = `const filePath = path.join(uploadDir, req.params.filename);`;
|
|
87
|
+
const result = await cwe22PathTraversal.analyze(createContext(code));
|
|
88
|
+
expect(result.length).toBeGreaterThan(0);
|
|
89
|
+
expect(result[0].ruleId).toBe('cwe-22-path-traversal');
|
|
90
|
+
});
|
|
91
|
+
});
|
|
92
|
+
describe('CWE-352: CSRF', () => {
|
|
93
|
+
it('should detect POST endpoint without CSRF', async () => {
|
|
94
|
+
const code = `app.post('/transfer', (req, res) => { transfer(req.body); });`;
|
|
95
|
+
const result = await cwe352CSRF.analyze(createContext(code));
|
|
96
|
+
expect(result.length).toBeGreaterThan(0);
|
|
97
|
+
expect(result[0].ruleId).toBe('cwe-352-csrf');
|
|
98
|
+
});
|
|
99
|
+
});
|
|
100
|
+
describe('CWE-434: Unrestricted File Upload', () => {
|
|
101
|
+
it('should detect missing file type validation', async () => {
|
|
102
|
+
const code = `const filename = req.file.originalname; fs.writeFileSync(filename, data);`;
|
|
103
|
+
const result = await cwe434FileUpload.analyze(createContext(code));
|
|
104
|
+
expect(result.length).toBeGreaterThan(0);
|
|
105
|
+
expect(result[0].ruleId).toBe('cwe-434-file-upload');
|
|
106
|
+
});
|
|
107
|
+
});
|
|
108
|
+
describe('CWE-862: Missing Authorization', () => {
|
|
109
|
+
it('should detect missing auth middleware', async () => {
|
|
110
|
+
const code = `app.delete('/admin/user/:id', (req, res) => { deleteUser(req.params.id); });`;
|
|
111
|
+
const result = await cwe862MissingAuth.analyze(createContext(code));
|
|
112
|
+
expect(result.length).toBeGreaterThan(0);
|
|
113
|
+
expect(result[0].ruleId).toBe('cwe-862-missing-auth');
|
|
114
|
+
});
|
|
115
|
+
});
|
|
116
|
+
describe('CWE-476: NULL Pointer Dereference', () => {
|
|
117
|
+
it('should detect chained call after find', async () => {
|
|
118
|
+
const code = `const name = db.findOne(query).name;`;
|
|
119
|
+
const result = await cwe476NullDeref.analyze(createContext(code));
|
|
120
|
+
expect(result.length).toBeGreaterThan(0);
|
|
121
|
+
expect(result[0].ruleId).toBe('cwe-476-null-deref');
|
|
122
|
+
});
|
|
123
|
+
});
|
|
124
|
+
describe('CWE-287: Improper Authentication', () => {
|
|
125
|
+
it('should detect hardcoded password check', async () => {
|
|
126
|
+
const code = `if (password === 'admin123') { login(); }`;
|
|
127
|
+
const result = await cwe287ImproperAuth.analyze(createContext(code));
|
|
128
|
+
expect(result.length).toBeGreaterThan(0);
|
|
129
|
+
expect(result[0].ruleId).toBe('cwe-287-improper-auth');
|
|
130
|
+
});
|
|
131
|
+
});
|
|
132
|
+
describe('cweTop25Rules1to13 array', () => {
|
|
133
|
+
it('should contain exactly 13 rules', () => {
|
|
134
|
+
expect(cweTop25Rules1to13).toHaveLength(13);
|
|
135
|
+
});
|
|
136
|
+
it('should have all rules with valid structure', () => {
|
|
137
|
+
for (const rule of cweTop25Rules1to13) {
|
|
138
|
+
expect(rule).toHaveProperty('id');
|
|
139
|
+
expect(rule).toHaveProperty('name');
|
|
140
|
+
expect(rule).toHaveProperty('description');
|
|
141
|
+
expect(rule).toHaveProperty('defaultSeverity');
|
|
142
|
+
expect(rule).toHaveProperty('category');
|
|
143
|
+
expect(rule).toHaveProperty('analyze');
|
|
144
|
+
expect(typeof rule.analyze).toBe('function');
|
|
145
|
+
}
|
|
146
|
+
});
|
|
147
|
+
it('should have CWE in tags for all rules', () => {
|
|
148
|
+
for (const rule of cweTop25Rules1to13) {
|
|
149
|
+
expect(rule.tags).toContain('cwe');
|
|
150
|
+
}
|
|
151
|
+
});
|
|
152
|
+
});
|
|
153
|
+
});
|
|
154
|
+
//# sourceMappingURL=cwe-top25-1-13.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cwe-top25-1-13.test.js","sourceRoot":"","sources":["../../../../src/tests/rules/cwe/cwe-top25-1-13.test.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EACL,sBAAsB,EACtB,QAAQ,EACR,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,EACrB,oBAAoB,EACpB,qBAAqB,EACrB,kBAAkB,EAClB,UAAU,EACV,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,6BAA6B,CAAC;AAGrC,2CAA2C;AAC3C,SAAS,aAAa,CAAC,IAAY,EAAE,QAAQ,GAAG,SAAS;IACvD,OAAO;QACL,UAAU,EAAE,IAAI;QAChB,QAAQ;QACR,OAAO,EAAE,EAAE;QACX,MAAM,EAAE,GAAG,EAAE,GAAE,CAAC;KACjB,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;IACvC,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;QAC5C,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;YAChD,MAAM,IAAI,GAAG,2CAA2C,CAAC;YACzD,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;YACzE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,MAAM,CAAC,sBAAsB,CAAC,CAAC,cAAc,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;YACzE,MAAM,CAAC,sBAAsB,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;YACtD,MAAM,CAAC,sBAAsB,CAAC,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;YAC7D,MAAM,CAAC,sBAAsB,CAAC,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;QAC3B,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;YAClD,MAAM,IAAI,GAAG,gCAAgC,CAAC;YAC9C,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;YAC3D,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC5C,MAAM,IAAI,GAAG,uBAAuB,CAAC;YACrC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;YAC3D,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;QACrC,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;YACzD,MAAM,IAAI,GAAG,2DAA2D,CAAC;YACzE,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;YACpE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACvC,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;YACpD,MAAM,IAAI,GAAG,mCAAmC,CAAC;YACjD,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;YACrE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACzC,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;YAClD,MAAM,IAAI,GAAG,0BAA0B,CAAC;YACxC,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;YACxE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAC5D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;QACxC,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;YAChD,MAAM,IAAI,GAAG,6BAA6B,CAAC;YAC3C,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;YACvE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;QAC3C,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;YACnD,MAAM,IAAI,GAAG,0CAA0C,CAAC;YACxD,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;YACxE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;QACtC,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;YACvD,MAAM,IAAI,GAAG,6DAA6D,CAAC;YAC3E,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;YACrE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;QAC7B,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;YACxD,MAAM,IAAI,GAAG,+DAA+D,CAAC;YAC7E,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;YAC7D,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,mCAAmC,EAAE,GAAG,EAAE;QACjD,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;YAC1D,MAAM,IAAI,GAAG,2EAA2E,CAAC;YACzF,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;YACnE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gCAAgC,EAAE,GAAG,EAAE;QAC9C,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;YACrD,MAAM,IAAI,GAAG,8EAA8E,CAAC;YAC5F,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;YACpE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,mCAAmC,EAAE,GAAG,EAAE;QACjD,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;YACrD,MAAM,IAAI,GAAG,sCAAsC,CAAC;YACpD,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;YAClE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAChD,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;YACtD,MAAM,IAAI,GAAG,2CAA2C,CAAC;YACzD,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;YACrE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;QACxC,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,MAAM,CAAC,kBAAkB,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,CAAC;gBACtC,MAAM,CAAC,IAAI,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;gBAClC,MAAM,CAAC,IAAI,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;gBACpC,MAAM,CAAC,IAAI,CAAC,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;gBAC3C,MAAM,CAAC,IAAI,CAAC,CAAC,cAAc,CAAC,iBAAiB,CAAC,CAAC;gBAC/C,MAAM,CAAC,IAAI,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;gBACxC,MAAM,CAAC,IAAI,CAAC,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;gBACvC,MAAM,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,CAAC;gBACtC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YACrC,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cwe-top25-14-25.test.d.ts","sourceRoot":"","sources":["../../../../src/tests/rules/cwe/cwe-top25-14-25.test.ts"],"names":[],"mappings":""}
|