@nahisaho/musubix-security 2.0.1 → 2.1.1

package/dist/types/rule.d.ts

@@ -0,0 +1,245 @@
+/**
+ * @fileoverview Security rule type definitions
+ * @module @nahisaho/musubix-security/types/rule
+ * @trace REQ-SEC-RULES-001, REQ-SEC-RULES-002, REQ-SEC-RULES-003, REQ-SEC-RULES-004
+ */
+import type { Severity } from './vulnerability.js';
+import type { TaintSinkCategory } from './taint.js';
+/**
+ * OWASP Top 10 (2021) category identifiers
+ */
+export type OWASPTopTenCategory = 'A01' | 'A02' | 'A03' | 'A04' | 'A05' | 'A06' | 'A07' | 'A08' | 'A09' | 'A10';
+/**
+ * Rule category for organization
+ */
+export type RuleCategory = 'injection' | 'authentication' | 'authorization' | 'cryptography' | 'configuration' | 'data-exposure' | 'logging' | 'ssrf' | 'deserialization' | 'path-traversal' | 'code-execution';
+/**
+ * AST pattern for rule matching
+ * @trace DES-SEC-RULES-001
+ */
+export interface ASTPattern {
+    /** Node type to match (e.g., "CallExpression", "MemberExpression") */
+    type: string;
+    /** Property matchers */
+    properties?: Record<string, ASTPatternMatcher>;
+    /** Child pattern constraints */
+    children?: ASTPattern[];
+    /** Pattern constraints */
+    constraints?: PatternConstraint[];
+}
+/**
+ * AST pattern matcher options
+ */
+export type ASTPatternMatcher = string | RegExp | ASTPattern | ASTPatternAnyOf | ASTPatternAllOf;
+/**
+ * Any of pattern matcher
+ */
+export interface ASTPatternAnyOf {
+    anyOf: ASTPatternMatcher[];
+}
+/**
+ * All of pattern matcher
+ */
+export interface ASTPatternAllOf {
+    allOf: ASTPatternMatcher[];
+}
+/**
+ * Pattern constraint for additional checks
+ */
+export interface PatternConstraint {
+    /** Constraint type */
+    type: 'tainted' | 'literal' | 'regex' | 'not' | 'contains' | 'startsWith' | 'endsWith';
+    /** JSON path to the value to check */
+    path: string;
+    /** Value for comparison (for literal, regex, contains, startsWith, endsWith) */
+    value?: string | RegExp;
+    /** Nested constraint (for 'not' type) */
+    constraint?: PatternConstraint;
+}
+/**
+ * Fix template for automatic remediation
+ * @trace DES-SEC-FIX-001
+ */
+export interface RuleFixTemplate {
+    /** Fix type */
+    type: 'replace' | 'wrap' | 'parameterize' | 'insert' | 'delete' | 'custom';
+    /** Template string with placeholders */
+    template: string;
+    /** Required imports to add */
+    imports?: RuleFixImport[];
+    /** Description of the fix */
+    description?: string;
+}
+/**
+ * Import specification for fix
+ */
+export interface RuleFixImport {
+    /** Module to import from */
+    module: string;
+    /** Named imports */
+    namedImports?: string[];
+    /** Default import name */
+    defaultImport?: string;
+    /** Type-only import */
+    isTypeOnly?: boolean;
+}
+/**
+ * Security rule definition
+ * @trace REQ-SEC-RULES-001, REQ-SEC-RULES-002, DES-SEC-RULES-001
+ */
+export interface SecurityRuleDefinition {
+    /** Unique rule ID (e.g., "sql-injection-template-literal") */
+    id: string;
+    /** Human-readable rule name */
+    name: string;
+    /** Severity level */
+    severity: Severity;
+    /** Related CWE identifier */
+    cwe: string;
+    /** OWASP Top 10 category */
+    owasp?: OWASPTopTenCategory;
+    /** Rule category */
+    category: RuleCategory;
+    /** Short message for display */
+    message: string;
+    /** Detailed description */
+    description: string;
+    /** AST pattern to match */
+    pattern: ASTPattern;
+    /** Automatic fix template */
+    fix?: RuleFixTemplate;
+    /** Reference URLs */
+    references: string[];
+    /** Tags for filtering */
+    tags: string[];
+    /** Languages this rule applies to */
+    languages: ('typescript' | 'javascript')[];
+    /** Whether rule is enabled by default */
+    defaultEnabled: boolean;
+    /** Related taint sink category (if applicable) */
+    taintSink?: TaintSinkCategory;
+}
+/**
+ * Rule match result
+ * @trace DES-SEC-RULES-001
+ */
+export interface RuleMatch {
+    /** Matched rule */
+    rule: SecurityRuleDefinition;
+    /** Match location in source */
+    location: {
+        file: string;
+        startLine: number;
+        endLine: number;
+        startColumn: number;
+        endColumn: number;
+    };
+    /** Matched source code */
+    matchedCode: string;
+    /** Match context for fix generation */
+    context: RuleMatchContext;
+    /** Taint information (if applicable) */
+    taintInfo?: {
+        isTainted: boolean;
+        sourceCategory?: string;
+    };
+}
+/**
+ * Rule match context for fix generation
+ */
+export interface RuleMatchContext {
+    /** Captured groups from pattern matching */
+    captures: Record<string, string>;
+    /** Surrounding code context */
+    surroundingCode: string;
+    /** Function/method context */
+    functionContext?: string;
+    /** Class context */
+    classContext?: string;
+    /** Module imports */
+    imports: string[];
+}
+/**
+ * Rule filter options
+ */
+export interface RuleFilter {
+    /** Filter by severity */
+    severity?: Severity[];
+    /** Filter by OWASP category */
+    owasp?: OWASPTopTenCategory[];
+    /** Filter by CWE */
+    cwe?: string[];
+    /** Filter by category */
+    category?: RuleCategory[];
+    /** Filter by tags */
+    tags?: string[];
+    /** Filter by language */
+    language?: 'typescript' | 'javascript';
+    /** Include only enabled rules */
+    enabledOnly?: boolean;
+}
+/**
+ * Rule set configuration
+ * @trace REQ-SEC-RULES-003
+ */
+export interface RuleSetConfig {
+    /** Rule set name */
+    name: string;
+    /** Rule set description */
+    description: string;
+    /** Rule IDs to include */
+    includes: string[];
+    /** Rule IDs to exclude */
+    excludes?: string[];
+    /** Severity overrides */
+    severityOverrides?: Record<string, Severity>;
+    /** Enable/disable overrides */
+    enableOverrides?: Record<string, boolean>;
+}
+/**
+ * Built-in rule sets
+ */
+export type BuiltinRuleSet = 'owasp-top-10' | 'cwe-top-25' | 'injection' | 'authentication' | 'cryptography' | 'all';
+/**
+ * Rule match options
+ */
+export interface RuleMatchOptions {
+    /** Maximum matches per file */
+    maxMatchesPerFile?: number;
+    /** Include taint analysis */
+    includeTaintAnalysis?: boolean;
+    /** Timeout per file in ms */
+    timeout?: number;
+}
+/**
+ * Rule YAML file structure
+ * @trace DES-SEC-RULES-FORMAT-001
+ */
+export interface RuleYAMLFile {
+    /** Metadata section */
+    metadata: {
+        id: string;
+        name: string;
+        version: string;
+        description: string;
+    };
+    /** Rules array */
+    rules: RuleYAMLEntry[];
+}
+/**
+ * Rule entry in YAML format
+ */
+export interface RuleYAMLEntry {
+    id: string;
+    name: string;
+    severity: Severity;
+    cwe: string;
+    owasp?: OWASPTopTenCategory;
+    message: string;
+    description: string;
+    pattern: ASTPattern;
+    fix?: RuleFixTemplate;
+    references: string[];
+    tags: string[];
+}
+//# sourceMappingURL=rule.d.ts.map

package/dist/types/rule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rule.d.ts","sourceRoot":"","sources":["../../src/types/rule.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEpD;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAC3B,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,YAAY,GACpB,WAAW,GACX,gBAAgB,GAChB,eAAe,GACf,cAAc,GACd,eAAe,GACf,eAAe,GACf,SAAS,GACT,MAAM,GACN,iBAAiB,GACjB,gBAAgB,GAChB,gBAAgB,CAAC;AAErB;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB,sEAAsE;IACtE,IAAI,EAAE,MAAM,CAAC;IACb,wBAAwB;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;IAC/C,gCAAgC;IAChC,QAAQ,CAAC,EAAE,UAAU,EAAE,CAAC;IACxB,0BAA0B;IAC1B,WAAW,CAAC,EAAE,iBAAiB,EAAE,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,MAAM,iBAAiB,GACzB,MAAM,GACN,MAAM,GACN,UAAU,GACV,eAAe,GACf,eAAe,CAAC;AAEpB;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,iBAAiB,EAAE,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,iBAAiB,EAAE,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,sBAAsB;IACtB,IAAI,EAAE,SAAS,GAAG,SAAS,GAAG,OAAO,GAAG,KAAK,GAAG,UAAU,GAAG,YAAY,GAAG,UAAU,CAAC;IACvF,sCAAsC;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,gFAAgF;IAChF,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACxB,yCAAyC;IACzC,UAAU,CAAC,EAAE,iBAAiB,CAAC;CAChC;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,eAAe;IACf,IAAI,EAAE,SAAS,GAAG,MAAM,GAAG,cAAc,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC3E,wCAAwC;IACxC,QAAQ,EAAE,MAAM,CAAC;IACjB,8BAA8B;IAC9B,OAAO,CAAC,EAAE,aAAa,EAAE,CAAC;IAC1B,6BAA6B;IAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,4BAA4B;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,oBAAoB;IACpB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,0BAA0B;IAC1B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,uBAAuB;IACvB,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC,8DAA8D;IAC9D,EAAE,EAAE,MAAM,CAAC;IACX,+BAA+B;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,qBAAqB;IACrB,QAAQ,EAAE,QAAQ,CAAC;IACnB,6BAA6B;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,4BAA4B;IAC5B,KAAK,CAAC,EAAE,mBAAmB,CAAC;IAC5B,oBAAoB;IACpB,QAAQ,EAAE,YAAY,CAAC;IACvB,gCAAgC;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,2BAA2B;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,2BAA2B;IAC3B,OAAO,EAAE,UAAU,CAAC;IACpB,6BAA6B;IAC7B,GAAG,CAAC,EAAE,eAAe,CAAC;IACtB,qBAAqB;IACrB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,yBAAyB;IACzB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,qCAAqC;IACrC,SAAS,EAAE,CAAC,YAAY,GAAG,YAAY,CAAC,EAAE,CAAC;IAC3C,yCAAyC;IACzC,cAAc,EAAE,OAAO,CAAC;IACxB,kDAAkD;IAClD,SAAS,CAAC,EAAE,iBAAiB,CAAC;CAC/B;AAED;;;GAGG;AACH,MAAM,WAAW,SAAS;IACxB,mBAAmB;IACnB,IAAI,EAAE,sBAAsB,CAAC;IAC7B,+BAA+B;IAC/B,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,SAAS,EAAE,MAAM,CAAC;QAClB,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,EAAE,MAAM,CAAC;QACpB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,0BAA0B;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,OAAO,EAAE,gBAAgB,CAAC;IAC1B,wCAAwC;IACxC,SAAS,CAAC,EAAE;QACV,SAAS,EAAE,OAAO,CAAC;QACnB,cAAc,CAAC,EAAE,MAAM,CAAC;KACzB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,4CAA4C;IAC5C,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,+BAA+B;IAC/B,eAAe,EAAE,MAAM,CAAC;IACxB,8BAA8B;IAC9B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,oBAAoB;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB;IACrB,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,yBAAyB;IACzB,QAAQ,CAAC,EAAE,QAAQ,EAAE,CAAC;IACtB,+BAA+B;IAC/B,KAAK,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC9B,oBAAoB;IACpB,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,yBAAyB;IACzB,QAAQ,CAAC,EAAE,YAAY,EAAE,CAAC;IAC1B,qBAAqB;IACrB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,yBAAyB;IACzB,QAAQ,CAAC,EAAE,YAAY,GAAG,YAAY,CAAC;IACvC,iCAAiC;IACjC,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,oBAAoB;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,2BAA2B;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,0BAA0B;IAC1B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,yBAAyB;IACzB,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7C,+BAA+B;IAC/B,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC3C;AAED;;GAEG;AACH,MAAM,MAAM,cAAc,GACtB,cAAc,GACd,YAAY,GACZ,WAAW,GACX,gBAAgB,GAChB,cAAc,GACd,KAAK,CAAC;AAEV;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,+BAA+B;IAC/B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,6BAA6B;IAC7B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,6BAA6B;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,uBAAuB;IACvB,QAAQ,EAAE;QACR,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,kBAAkB;IAClB,KAAK,EAAE,aAAa,EAAE,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,QAAQ,CAAC;IACnB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,mBAAmB,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,UAAU,CAAC;IACpB,GAAG,CAAC,EAAE,eAAe,CAAC;IACtB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB"}

package/dist/types/rule.js

@@ -0,0 +1,7 @@
+/**
+ * @fileoverview Security rule type definitions
+ * @module @nahisaho/musubix-security/types/rule
+ * @trace REQ-SEC-RULES-001, REQ-SEC-RULES-002, REQ-SEC-RULES-003, REQ-SEC-RULES-004
+ */
+export {};
+//# sourceMappingURL=rule.js.map

package/dist/types/rule.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rule.js","sourceRoot":"","sources":["../../src/types/rule.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nahisaho/musubix-security",
-  "version": "2.0.1",
+  "version": "2.1.1",
   "description": "Security analysis and vulnerability detection for MUSUBIX - Neuro-Symbolic AI Integration",
   "type": "module",
   "main": "./dist/index.js",