@nahisaho/musubix-security 2.0.1 → 2.1.1

package/dist/analysis/sanitizers/validation-sanitizers.js

@@ -0,0 +1,268 @@
+/**
+ * @fileoverview Input validation sanitizer definitions
+ * @module @nahisaho/musubix-security/analysis/sanitizers/validation-sanitizers
+ * @trace REQ-SEC-001
+ */
+/**
+ * Input validation sanitizers
+ * @trace REQ-SEC-001
+ */
+export const VALIDATION_SANITIZERS = [
+    // validator.js - escape
+    {
+        id: 'SAN-VAL-001',
+        name: 'escape',
+        package: 'validator',
+        protects: ['html-output'],
+        completeness: 'complete',
+        returnsClean: true,
+        description: 'validator.escape - escapes HTML entities',
+        enabled: true,
+        tags: ['validator', 'escape', 'html-output'],
+    },
+    // validator.js - isEmail
+    {
+        id: 'SAN-VAL-010',
+        name: 'isEmail',
+        package: 'validator',
+        protects: ['sql-query', 'html-output', 'command-exec'],
+        completeness: 'complete',
+        returnsClean: false,
+        description: 'validator.isEmail - validates email format',
+        enabled: true,
+        tags: ['validator', 'email', 'format'],
+    },
+    // validator.js - isURL
+    {
+        id: 'SAN-VAL-020',
+        name: 'isURL',
+        package: 'validator',
+        protects: ['http-request', 'redirect'],
+        completeness: 'partial',
+        returnsClean: false,
+        description: 'validator.isURL - validates URL format',
+        caveats: 'Does not prevent SSRF to internal hosts',
+        enabled: true,
+        tags: ['validator', 'url', 'format'],
+    },
+    // validator.js - isInt/isNumeric
+    {
+        id: 'SAN-VAL-030',
+        name: 'isInt',
+        aliases: ['isNumeric', 'isFloat', 'isDecimal'],
+        package: 'validator',
+        protects: ['sql-query', 'command-exec'],
+        completeness: 'complete',
+        returnsClean: false,
+        description: 'validator numeric validation',
+        enabled: true,
+        tags: ['validator', 'numeric', 'format'],
+    },
+    // validator.js - isUUID
+    {
+        id: 'SAN-VAL-040',
+        name: 'isUUID',
+        package: 'validator',
+        protects: ['sql-query', 'command-exec'],
+        completeness: 'complete',
+        returnsClean: false,
+        description: 'validator.isUUID - validates UUID format',
+        enabled: true,
+        tags: ['validator', 'uuid', 'format'],
+    },
+    // validator.js - isAlphanumeric
+    {
+        id: 'SAN-VAL-050',
+        name: 'isAlphanumeric',
+        aliases: ['isAlpha', 'isAscii'],
+        package: 'validator',
+        protects: ['sql-query', 'html-output', 'command-exec'],
+        completeness: 'complete',
+        returnsClean: false,
+        description: 'validator alphanumeric validation',
+        enabled: true,
+        tags: ['validator', 'alphanumeric', 'format'],
+    },
+    // validator.js - whitelist
+    {
+        id: 'SAN-VAL-060',
+        name: 'whitelist',
+        package: 'validator',
+        protects: ['sql-query', 'html-output', 'command-exec'],
+        completeness: 'complete',
+        returnsClean: true,
+        description: 'validator.whitelist - removes non-whitelisted chars',
+        enabled: true,
+        tags: ['validator', 'whitelist', 'filter'],
+    },
+    // validator.js - blacklist
+    {
+        id: 'SAN-VAL-070',
+        name: 'blacklist',
+        package: 'validator',
+        protects: ['sql-query', 'html-output', 'command-exec'],
+        completeness: 'partial',
+        returnsClean: true,
+        description: 'validator.blacklist - removes blacklisted chars',
+        caveats: 'Blacklist approach may miss new attack vectors',
+        enabled: true,
+        tags: ['validator', 'blacklist', 'filter'],
+    },
+    // validator.js - trim/stripLow
+    {
+        id: 'SAN-VAL-080',
+        name: 'trim',
+        aliases: ['ltrim', 'rtrim', 'stripLow'],
+        package: 'validator',
+        protects: ['sql-query', 'command-exec'],
+        completeness: 'partial',
+        returnsClean: true,
+        description: 'validator trim functions',
+        caveats: 'Only removes whitespace/control chars',
+        enabled: true,
+        tags: ['validator', 'trim', 'filter'],
+    },
+    // Zod schema validation
+    {
+        id: 'SAN-VAL-090',
+        name: 'parse',
+        aliases: ['safeParse', 'parseAsync', 'safeParseAsync'],
+        package: 'zod',
+        protects: ['sql-query', 'html-output', 'command-exec'],
+        completeness: 'complete',
+        returnsClean: true,
+        description: 'Zod schema validation',
+        enabled: true,
+        tags: ['zod', 'schema', 'validate'],
+    },
+    // Yup schema validation
+    {
+        id: 'SAN-VAL-100',
+        name: 'validate',
+        aliases: ['validateSync', 'isValid', 'isValidSync'],
+        package: 'yup',
+        protects: ['sql-query', 'html-output', 'command-exec'],
+        completeness: 'complete',
+        returnsClean: true,
+        description: 'Yup schema validation',
+        enabled: true,
+        tags: ['yup', 'schema', 'validate'],
+    },
+    // Joi schema validation
+    {
+        id: 'SAN-VAL-110',
+        name: 'validate',
+        aliases: ['validateAsync', 'attempt'],
+        package: 'joi',
+        protects: ['sql-query', 'html-output', 'command-exec'],
+        completeness: 'complete',
+        returnsClean: true,
+        description: 'Joi schema validation',
+        enabled: true,
+        tags: ['joi', 'schema', 'validate'],
+    },
+    // io-ts codec validation
+    {
+        id: 'SAN-VAL-120',
+        name: 'decode',
+        aliases: ['is'],
+        package: 'io-ts',
+        protects: ['sql-query', 'html-output', 'command-exec'],
+        completeness: 'complete',
+        returnsClean: true,
+        description: 'io-ts codec validation',
+        enabled: true,
+        tags: ['io-ts', 'codec', 'validate'],
+    },
+    // superstruct validation
+    {
+        id: 'SAN-VAL-130',
+        name: 'create',
+        aliases: ['validate', 'assert', 'is'],
+        package: 'superstruct',
+        protects: ['sql-query', 'html-output', 'command-exec'],
+        completeness: 'complete',
+        returnsClean: true,
+        description: 'superstruct validation',
+        enabled: true,
+        tags: ['superstruct', 'schema', 'validate'],
+    },
+    // class-validator
+    {
+        id: 'SAN-VAL-140',
+        name: 'validate',
+        aliases: ['validateSync', 'validateOrReject'],
+        package: 'class-validator',
+        protects: ['sql-query', 'html-output', 'command-exec'],
+        completeness: 'complete',
+        returnsClean: true,
+        description: 'class-validator validation',
+        enabled: true,
+        tags: ['class-validator', 'decorator', 'validate'],
+    },
+    // parseInt/parseFloat
+    {
+        id: 'SAN-VAL-150',
+        name: 'parseInt',
+        aliases: ['parseFloat', 'Number'],
+        protects: ['sql-query', 'command-exec'],
+        completeness: 'complete',
+        returnsClean: true,
+        description: 'JavaScript numeric parsing',
+        caveats: 'Check for NaN after parsing',
+        enabled: true,
+        tags: ['javascript', 'parse', 'number'],
+    },
+    // JSON.parse (structural validation)
+    {
+        id: 'SAN-VAL-160',
+        name: 'parse',
+        package: 'JSON',
+        protects: ['sql-query', 'command-exec'],
+        completeness: 'partial',
+        returnsClean: false,
+        description: 'JSON.parse structural validation',
+        caveats: 'Only validates JSON structure, not content',
+        enabled: true,
+        tags: ['json', 'parse', 'validate'],
+    },
+    // UUID generation (safe replacement)
+    {
+        id: 'SAN-VAL-170',
+        name: 'v4',
+        aliases: ['v1', 'v5', 'randomUUID'],
+        package: 'uuid',
+        protects: ['sql-query', 'command-exec'],
+        completeness: 'complete',
+        returnsClean: true,
+        description: 'UUID generation as safe ID replacement',
+        enabled: true,
+        tags: ['uuid', 'generate', 'safe'],
+    },
+    // Regex test with safe pattern
+    {
+        id: 'SAN-VAL-180',
+        name: 'test',
+        protects: ['sql-query', 'html-output', 'command-exec'],
+        completeness: 'conditional',
+        returnsClean: false,
+        description: 'RegExp.test for input validation',
+        caveats: 'Depends on regex pattern quality',
+        enabled: true,
+        tags: ['regex', 'test', 'validate'],
+    },
+    // ajv JSON Schema validation
+    {
+        id: 'SAN-VAL-190',
+        name: 'validate',
+        aliases: ['compile'],
+        package: 'ajv',
+        protects: ['sql-query', 'html-output', 'command-exec'],
+        completeness: 'complete',
+        returnsClean: true,
+        description: 'AJV JSON Schema validation',
+        enabled: true,
+        tags: ['ajv', 'jsonschema', 'validate'],
+    },
+];
+//# sourceMappingURL=validation-sanitizers.js.map

package/dist/analysis/sanitizers/validation-sanitizers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation-sanitizers.js","sourceRoot":"","sources":["../../../src/analysis/sanitizers/validation-sanitizers.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;;GAGG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAmC;IACnE,wBAAwB;IACxB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,WAAW;QACpB,QAAQ,EAAE,CAAC,aAAa,CAAC;QACzB,YAAY,EAAE,UAAU;QACxB,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,0CAA0C;QACvD,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,aAAa,CAAC;KAC7C;IAED,yBAAyB;IACzB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,WAAW;QACpB,QAAQ,EAAE,CAAC,WAAW,EAAE,aAAa,EAAE,cAAc,CAAC;QACtD,YAAY,EAAE,UAAU;QACxB,YAAY,EAAE,KAAK;QACnB,WAAW,EAAE,4CAA4C;QACzD,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,WAAW,EAAE,OAAO,EAAE,QAAQ,CAAC;KACvC;IAED,uBAAuB;IACvB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,OAAO;QACb,OAAO,EAAE,WAAW;QACpB,QAAQ,EAAE,CAAC,cAAc,EAAE,UAAU,CAAC;QACtC,YAAY,EAAE,SAAS;QACvB,YAAY,EAAE,KAAK;QACnB,WAAW,EAAE,wCAAwC;QACrD,OAAO,EAAE,yCAAyC;QAClD,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,EAAE,QAAQ,CAAC;KACrC;IAED,iCAAiC;IACjC;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,OAAO;QACb,OAAO,EAAE,CAAC,WAAW,EAAE,SAAS,EAAE,WAAW,CAAC;QAC9C,OAAO,EAAE,WAAW;QACpB,QAAQ,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC;QACvC,YAAY,EAAE,UAAU;QACxB,YAAY,EAAE,KAAK;QACnB,WAAW,EAAE,8BAA8B;QAC3C,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC;KACzC;IAED,wBAAwB;IACxB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,WAAW;QACpB,QAAQ,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC;QACvC,YAAY,EAAE,UAAU;QACxB,YAAY,EAAE,KAAK;QACnB,WAAW,EAAE,0CAA0C;QACvD,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,CAAC;KACtC;IAED,gCAAgC;IAChC;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;QAC/B,OAAO,EAAE,WAAW;QACpB,QAAQ,EAAE,CAAC,WAAW,EAAE,aAAa,EAAE,cAAc,CAAC;QACtD,YAAY,EAAE,UAAU;QACxB,YAAY,EAAE,KAAK;QACnB,WAAW,EAAE,mCAAmC;QAChD,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,WAAW,EAAE,cAAc,EAAE,QAAQ,CAAC;KAC9C;IAED,2BAA2B;IAC3B;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,WAAW;QACpB,QAAQ,EAAE,CAAC,WAAW,EAAE,aAAa,EAAE,cAAc,CAAC;QACtD,YAAY,EAAE,UAAU;QACxB,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,qDAAqD;QAClE,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,QAAQ,CAAC;KAC3C;IAED,2BAA2B;IAC3B;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,WAAW;QACpB,QAAQ,EAAE,CAAC,WAAW,EAAE,aAAa,EAAE,cAAc,CAAC;QACtD,YAAY,EAAE,SAAS;QACvB,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,iDAAiD;QAC9D,OAAO,EAAE,gDAAgD;QACzD,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,QAAQ,CAAC;KAC3C;IAED,+BAA+B;IAC/B;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;QACvC,OAAO,EAAE,WAAW;QACpB,QAAQ,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC;QACvC,YAAY,EAAE,SAAS;QACvB,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,0BAA0B;QACvC,OAAO,EAAE,uCAAuC;QAChD,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,CAAC;KACtC;IAED,wBAAwB;IACxB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,OAAO;QACb,OAAO,EAAE,CAAC,WAAW,EAAE,YAAY,EAAE,gBAAgB,CAAC;QACtD,OAAO,EAAE,KAAK;QACd,QAAQ,EAAE,CAAC,WAAW,EAAE,aAAa,EAAE,cAAc,CAAC;QACtD,YAAY,EAAE,UAAU;QACxB,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,uBAAuB;QACpC,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,KAAK,EAAE,QAAQ,EAAE,UAAU,CAAC;KACpC;IAED,wBAAwB;IACxB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,CAAC,cAAc,EAAE,SAAS,EAAE,aAAa,CAAC;QACnD,OAAO,EAAE,KAAK;QACd,QAAQ,EAAE,CAAC,WAAW,EAAE,aAAa,EAAE,cAAc,CAAC;QACtD,YAAY,EAAE,UAAU;QACxB,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,uBAAuB;QACpC,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,KAAK,EAAE,QAAQ,EAAE,UAAU,CAAC;KACpC;IAED,wBAAwB;IACxB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,CAAC,eAAe,EAAE,SAAS,CAAC;QACrC,OAAO,EAAE,KAAK;QACd,QAAQ,EAAE,CAAC,WAAW,EAAE,aAAa,EAAE,cAAc,CAAC;QACtD,YAAY,EAAE,UAAU;QACxB,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,uBAAuB;QACpC,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,KAAK,EAAE,QAAQ,EAAE,UAAU,CAAC;KACpC;IAED,yBAAyB;IACzB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,CAAC,IAAI,CAAC;QACf,OAAO,EAAE,OAAO;QAChB,QAAQ,EAAE,CAAC,WAAW,EAAE,aAAa,EAAE,cAAc,CAAC;QACtD,YAAY,EAAE,UAAU;QACxB,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,wBAAwB;QACrC,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;KACrC;IAED,yBAAyB;IACzB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,CAAC,UAAU,EAAE,QAAQ,EAAE,IAAI,CAAC;QACrC,OAAO,EAAE,aAAa;QACtB,QAAQ,EAAE,CAAC,WAAW,EAAE,aAAa,EAAE,cAAc,CAAC;QACtD,YAAY,EAAE,UAAU;QACxB,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,wBAAwB;QACrC,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,UAAU,CAAC;KAC5C;IAED,kBAAkB;IAClB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,CAAC,cAAc,EAAE,kBAAkB,CAAC;QAC7C,OAAO,EAAE,iBAAiB;QAC1B,QAAQ,EAAE,CAAC,WAAW,EAAE,aAAa,EAAE,cAAc,CAAC;QACtD,YAAY,EAAE,UAAU;QACxB,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,4BAA4B;QACzC,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,iBAAiB,EAAE,WAAW,EAAE,UAAU,CAAC;KACnD;IAED,sBAAsB;IACtB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,CAAC,YAAY,EAAE,QAAQ,CAAC;QACjC,QAAQ,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC;QACvC,YAAY,EAAE,UAAU;QACxB,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,4BAA4B;QACzC,OAAO,EAAE,6BAA6B;QACtC,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,YAAY,EAAE,OAAO,EAAE,QAAQ,CAAC;KACxC;IAED,qCAAqC;IACrC;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,OAAO;QACb,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC;QACvC,YAAY,EAAE,SAAS;QACvB,YAAY,EAAE,KAAK;QACnB,WAAW,EAAE,kCAAkC;QAC/C,OAAO,EAAE,4CAA4C;QACrD,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC;KACpC;IAED,qCAAqC;IACrC;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,IAAI;QACV,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,YAAY,CAAC;QACnC,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC;QACvC,YAAY,EAAE,UAAU;QACxB,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,wCAAwC;QACrD,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;KACnC;IAED,+BAA+B;IAC/B;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,MAAM;QACZ,QAAQ,EAAE,CAAC,WAAW,EAAE,aAAa,EAAE,cAAc,CAAC;QACtD,YAAY,EAAE,aAAa;QAC3B,YAAY,EAAE,KAAK;QACnB,WAAW,EAAE,kCAAkC;QAC/C,OAAO,EAAE,kCAAkC;QAC3C,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC;KACpC;IAED,6BAA6B;IAC7B;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,CAAC,SAAS,CAAC;QACpB,OAAO,EAAE,KAAK;QACd,QAAQ,EAAE,CAAC,WAAW,EAAE,aAAa,EAAE,cAAc,CAAC;QACtD,YAAY,EAAE,UAAU;QACxB,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,4BAA4B;QACzC,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,KAAK,EAAE,YAAY,EAAE,UAAU,CAAC;KACxC;CACO,CAAC"}

package/dist/analysis/sinks/code-eval.d.ts

@@ -0,0 +1,12 @@
+/**
+ * @fileoverview Code evaluation sink definitions
+ * @module @nahisaho/musubix-security/analysis/sinks/code-eval
+ * @trace REQ-SEC-001
+ */
+import type { SinkDefinition } from './types.js';
+/**
+ * Code evaluation sinks (RCE vulnerabilities)
+ * @trace REQ-SEC-001
+ */
+export declare const CODE_EVAL_SINKS: readonly SinkDefinition[];
+//# sourceMappingURL=code-eval.d.ts.map

package/dist/analysis/sinks/code-eval.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"code-eval.d.ts","sourceRoot":"","sources":["../../../src/analysis/sinks/code-eval.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEjD;;;GAGG;AACH,eAAO,MAAM,eAAe,EAAE,SAAS,cAAc,EAuO3C,CAAC"}

package/dist/analysis/sinks/code-eval.js

@@ -0,0 +1,231 @@
+/**
+ * @fileoverview Code evaluation sink definitions
+ * @module @nahisaho/musubix-security/analysis/sinks/code-eval
+ * @trace REQ-SEC-001
+ */
+/**
+ * Code evaluation sinks (RCE vulnerabilities)
+ * @trace REQ-SEC-001
+ */
+export const CODE_EVAL_SINKS = [
+    // JavaScript eval
+    {
+        id: 'SNK-EVAL-001',
+        name: 'JavaScript eval',
+        category: 'eval',
+        severity: 'critical',
+        patterns: [
+            { method: 'eval', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: [],
+        description: 'JavaScript eval() - direct code execution',
+        enabled: true,
+        tags: ['eval', 'rce', 'code-injection'],
+        relatedCWE: ['CWE-94', 'CWE-95'],
+        owaspCategory: 'A03:2021-Injection',
+    },
+    // Function constructor
+    {
+        id: 'SNK-EVAL-010',
+        name: 'Function Constructor',
+        category: 'eval',
+        severity: 'critical',
+        patterns: [
+            { method: 'Function', vulnerableArg: 0 },
+            { receiver: 'Function', method: 'constructor', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: [],
+        description: 'Function constructor - dynamic code creation',
+        enabled: true,
+        tags: ['eval', 'rce', 'code-injection'],
+        relatedCWE: ['CWE-94'],
+        owaspCategory: 'A03:2021-Injection',
+    },
+    // setTimeout/setInterval with string
+    {
+        id: 'SNK-EVAL-020',
+        name: 'Timer String Evaluation',
+        category: 'eval',
+        severity: 'high',
+        framework: 'browser',
+        patterns: [
+            { method: 'setTimeout', vulnerableArg: 0 },
+            { method: 'setInterval', vulnerableArg: 0 },
+            { receiver: 'window', method: 'setTimeout', vulnerableArg: 0 },
+            { receiver: 'window', method: 'setInterval', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: [],
+        description: 'Timer functions with string argument - code execution',
+        enabled: true,
+        tags: ['eval', 'timer', 'code-injection'],
+        relatedCWE: ['CWE-94'],
+        owaspCategory: 'A03:2021-Injection',
+    },
+    // vm.runInContext (Node.js)
+    {
+        id: 'SNK-EVAL-030',
+        name: 'Node.js VM Execution',
+        category: 'eval',
+        severity: 'critical',
+        framework: 'node',
+        patterns: [
+            { receiver: 'vm', method: 'runInContext', vulnerableArg: 0 },
+            { receiver: 'vm', method: 'runInNewContext', vulnerableArg: 0 },
+            { receiver: 'vm', method: 'runInThisContext', vulnerableArg: 0 },
+            { receiver: 'vm', method: 'compileFunction', vulnerableArg: 0 },
+            { method: 'Script', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: [],
+        description: 'Node.js vm module - sandbox escape possible',
+        enabled: true,
+        tags: ['eval', 'vm', 'node', 'sandbox'],
+        relatedCWE: ['CWE-94'],
+        owaspCategory: 'A03:2021-Injection',
+    },
+    // Deserialization
+    {
+        id: 'SNK-EVAL-040',
+        name: 'Unsafe Deserialization',
+        category: 'deserialization',
+        severity: 'critical',
+        patterns: [
+            { method: 'deserialize', vulnerableArg: 0 },
+            { method: 'unserialize', vulnerableArg: 0 },
+            { receiver: 'serialize', method: 'unserialize', vulnerableArg: 0 },
+            { receiver: 'node-serialize', method: 'unserialize', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: [],
+        description: 'Unsafe deserialization - RCE via prototype pollution',
+        enabled: true,
+        tags: ['deserialization', 'rce', 'prototype-pollution'],
+        relatedCWE: ['CWE-502'],
+        owaspCategory: 'A08:2021-Software and Data Integrity Failures',
+    },
+    // YAML parsing (unsafe)
+    {
+        id: 'SNK-EVAL-050',
+        name: 'Unsafe YAML Parsing',
+        category: 'deserialization',
+        severity: 'critical',
+        framework: 'js-yaml',
+        patterns: [
+            { receiver: 'yaml', method: 'load', vulnerableArg: 0 },
+            { receiver: 'YAML', method: 'parse', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: ['safeLoad', 'JSON_SCHEMA'],
+        description: 'Unsafe YAML parsing - code execution via custom tags',
+        enabled: true,
+        tags: ['yaml', 'deserialization', 'rce'],
+        relatedCWE: ['CWE-502'],
+        owaspCategory: 'A08:2021-Software and Data Integrity Failures',
+    },
+    // Regular expression DoS (ReDoS)
+    {
+        id: 'SNK-EVAL-060',
+        name: 'Dynamic Regular Expression',
+        category: 'eval',
+        severity: 'medium',
+        patterns: [
+            { method: 'RegExp', vulnerableArg: 0 },
+            { receiver: 'RegExp', method: 'constructor', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: ['escapeRegExp', 'validateRegex'],
+        description: 'Dynamic RegExp construction - ReDoS vulnerability',
+        enabled: true,
+        tags: ['regex', 'redos', 'dos'],
+        relatedCWE: ['CWE-1333', 'CWE-400'],
+        owaspCategory: 'A03:2021-Injection',
+    },
+    // LDAP injection
+    {
+        id: 'SNK-EVAL-070',
+        name: 'LDAP Query',
+        category: 'ldap-query',
+        severity: 'high',
+        patterns: [
+            { method: 'search', vulnerableArg: 0 },
+            { receiver: 'ldap', method: 'search', vulnerableArg: 0 },
+            { receiver: 'client', method: 'search', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: ['escapeLDAP', 'sanitize'],
+        description: 'LDAP query with user input - LDAP injection',
+        enabled: true,
+        tags: ['ldap', 'injection'],
+        relatedCWE: ['CWE-90'],
+        owaspCategory: 'A03:2021-Injection',
+    },
+    // XPath injection
+    {
+        id: 'SNK-EVAL-080',
+        name: 'XPath Query',
+        category: 'xpath-query',
+        severity: 'high',
+        patterns: [
+            { method: 'select', vulnerableArg: 0 },
+            { method: 'evaluate', vulnerableArg: 0 },
+            { receiver: 'xpath', method: 'select', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: ['escapeXPath', 'parameterize'],
+        description: 'XPath query with user input - XPath injection',
+        enabled: true,
+        tags: ['xpath', 'injection', 'xml'],
+        relatedCWE: ['CWE-643'],
+        owaspCategory: 'A03:2021-Injection',
+    },
+    // Server-Side Request Forgery (SSRF)
+    {
+        id: 'SNK-EVAL-090',
+        name: 'SSRF via HTTP Request',
+        category: 'http-request',
+        severity: 'high',
+        patterns: [
+            { method: 'fetch', vulnerableArg: 0 },
+            { receiver: 'axios', method: 'get', vulnerableArg: 0 },
+            { receiver: 'axios', method: 'post', vulnerableArg: 0 },
+            { receiver: 'http', method: 'get', vulnerableArg: 0 },
+            { receiver: 'https', method: 'get', vulnerableArg: 0 },
+            { receiver: 'got', method: 'get', vulnerableArg: 0 },
+            { receiver: 'request', method: 'get', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: ['validateUrl', 'isAllowedDomain', 'whitelist'],
+        description: 'HTTP request with user-controlled URL - SSRF',
+        enabled: true,
+        tags: ['ssrf', 'http', 'network'],
+        relatedCWE: ['CWE-918'],
+        owaspCategory: 'A10:2021-Server-Side Request Forgery',
+    },
+    // Object property access (prototype pollution)
+    {
+        id: 'SNK-EVAL-100',
+        name: 'Dynamic Property Access',
+        category: 'eval',
+        severity: 'medium',
+        patterns: [
+            { method: 'assign', vulnerableArg: 1 },
+            { receiver: 'Object', method: 'assign', vulnerableArg: 1 },
+        ],
+        expectedSanitizers: ['sanitizeKeys', 'Object.freeze'],
+        description: 'Dynamic property assignment - prototype pollution',
+        enabled: true,
+        tags: ['prototype-pollution', 'object'],
+        relatedCWE: ['CWE-1321'],
+        owaspCategory: 'A03:2021-Injection',
+    },
+    // crypto weak random
+    {
+        id: 'SNK-EVAL-110',
+        name: 'Weak Random Number',
+        category: 'eval',
+        severity: 'medium',
+        patterns: [
+            { receiver: 'Math', method: 'random', vulnerableArg: -1 },
+        ],
+        expectedSanitizers: ['crypto.randomBytes', 'crypto.randomUUID'],
+        description: 'Math.random() used for security - weak randomness',
+        enabled: true,
+        tags: ['crypto', 'random', 'weak'],
+        relatedCWE: ['CWE-330', 'CWE-338'],
+        owaspCategory: 'A02:2021-Cryptographic Failures',
+    },
+];
+//# sourceMappingURL=code-eval.js.map

package/dist/analysis/sinks/code-eval.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"code-eval.js","sourceRoot":"","sources":["../../../src/analysis/sinks/code-eval.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAA8B;IACxD,kBAAkB;IAClB;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE;SACrC;QACD,kBAAkB,EAAE,EAAE;QACtB,WAAW,EAAE,2CAA2C;QACxD,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,gBAAgB,CAAC;QACvC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAChC,aAAa,EAAE,oBAAoB;KACpC;IAED,uBAAuB;IACvB;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,EAAE;YACxC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,EAAE;SAClE;QACD,kBAAkB,EAAE,EAAE;QACtB,WAAW,EAAE,8CAA8C;QAC3D,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,gBAAgB,CAAC;QACvC,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,aAAa,EAAE,oBAAoB;KACpC;IAED,qCAAqC;IACrC;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,SAAS;QACpB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC,EAAE;YAC1C,EAAE,MAAM,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,EAAE;YAC3C,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC,EAAE;YAC9D,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,EAAE;SAChE;QACD,kBAAkB,EAAE,EAAE;QACtB,WAAW,EAAE,uDAAuD;QACpE,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,gBAAgB,CAAC;QACzC,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,aAAa,EAAE,oBAAoB;KACpC;IAED,4BAA4B;IAC5B;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,aAAa,EAAE,CAAC,EAAE;YAC5D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,iBAAiB,EAAE,aAAa,EAAE,CAAC,EAAE;YAC/D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,EAAE,aAAa,EAAE,CAAC,EAAE;YAChE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,iBAAiB,EAAE,aAAa,EAAE,CAAC,EAAE;YAC/D,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,EAAE;SACvC;QACD,kBAAkB,EAAE,EAAE;QACtB,WAAW,EAAE,6CAA6C;QAC1D,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,CAAC;QACvC,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,aAAa,EAAE,oBAAoB;KACpC;IAED,kBAAkB;IAClB;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,iBAAiB;QAC3B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,EAAE;YAC3C,EAAE,MAAM,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,EAAE;YAC3C,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,EAAE;YAClE,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,EAAE;SACxE;QACD,kBAAkB,EAAE,EAAE;QACtB,WAAW,EAAE,sDAAsD;QACnE,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,iBAAiB,EAAE,KAAK,EAAE,qBAAqB,CAAC;QACvD,UAAU,EAAE,CAAC,SAAS,CAAC;QACvB,aAAa,EAAE,+CAA+C;KAC/D;IAED,wBAAwB;IACxB;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,iBAAiB;QAC3B,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,SAAS;QACpB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE;YACtD,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,EAAE;SACxD;QACD,kBAAkB,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC;QAC/C,WAAW,EAAE,sDAAsD;QACnE,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,iBAAiB,EAAE,KAAK,CAAC;QACxC,UAAU,EAAE,CAAC,SAAS,CAAC;QACvB,aAAa,EAAE,+CAA+C;KAC/D;IAED,iCAAiC;IACjC;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,4BAA4B;QAClC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,EAAE;YACtC,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,EAAE;SAChE;QACD,kBAAkB,EAAE,CAAC,cAAc,EAAE,eAAe,CAAC;QACrD,WAAW,EAAE,mDAAmD;QAChE,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC;QAC/B,UAAU,EAAE,CAAC,UAAU,EAAE,SAAS,CAAC;QACnC,aAAa,EAAE,oBAAoB;KACpC;IAED,iBAAiB;IACjB;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,EAAE;YACtC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,EAAE;YACxD,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,EAAE;SAC3D;QACD,kBAAkB,EAAE,CAAC,YAAY,EAAE,UAAU,CAAC;QAC9C,WAAW,EAAE,6CAA6C;QAC1D,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,WAAW,CAAC;QAC3B,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,aAAa,EAAE,oBAAoB;KACpC;IAED,kBAAkB;IAClB;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,aAAa;QACvB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,EAAE;YACtC,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,EAAE;YACxC,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,EAAE;SAC1D;QACD,kBAAkB,EAAE,CAAC,aAAa,EAAE,cAAc,CAAC;QACnD,WAAW,EAAE,+CAA+C;QAC5D,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,OAAO,EAAE,WAAW,EAAE,KAAK,CAAC;QACnC,UAAU,EAAE,CAAC,SAAS,CAAC;QACvB,aAAa,EAAE,oBAAoB;KACpC;IAED,qCAAqC;IACrC;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,cAAc;QACxB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,EAAE;YACrC,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC,EAAE;YACtD,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE;YACvD,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC,EAAE;YACrD,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC,EAAE;YACtD,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC,EAAE;YACpD,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC,EAAE;SACzD;QACD,kBAAkB,EAAE,CAAC,aAAa,EAAE,iBAAiB,EAAE,WAAW,CAAC;QACnE,WAAW,EAAE,8CAA8C;QAC3D,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC;QACjC,UAAU,EAAE,CAAC,SAAS,CAAC;QACvB,aAAa,EAAE,sCAAsC;KACtD;IAED,+CAA+C;IAC/C;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,EAAE;YACtC,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,EAAE;SAC3D;QACD,kBAAkB,EAAE,CAAC,cAAc,EAAE,eAAe,CAAC;QACrD,WAAW,EAAE,mDAAmD;QAChE,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,qBAAqB,EAAE,QAAQ,CAAC;QACvC,UAAU,EAAE,CAAC,UAAU,CAAC;QACxB,aAAa,EAAE,oBAAoB;KACpC;IAED,qBAAqB;IACrB;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC,EAAE;SAC1D;QACD,kBAAkB,EAAE,CAAC,oBAAoB,EAAE,mBAAmB,CAAC;QAC/D,WAAW,EAAE,mDAAmD;QAChE,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC;QAClC,UAAU,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;QAClC,aAAa,EAAE,iCAAiC;KACjD;CACO,CAAC"}

package/dist/analysis/sinks/command-exec.d.ts

@@ -0,0 +1,12 @@
+/**
+ * @fileoverview Command execution sink definitions
+ * @module @nahisaho/musubix-security/analysis/sinks/command-exec
+ * @trace REQ-SEC-001
+ */
+import type { SinkDefinition } from './types.js';
+/**
+ * Command injection sinks
+ * @trace REQ-SEC-001
+ */
+export declare const COMMAND_EXEC_SINKS: readonly SinkDefinition[];
+//# sourceMappingURL=command-exec.d.ts.map

package/dist/analysis/sinks/command-exec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"command-exec.d.ts","sourceRoot":"","sources":["../../../src/analysis/sinks/command-exec.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEjD;;;GAGG;AACH,eAAO,MAAM,kBAAkB,EAAE,SAAS,cAAc,EAwL9C,CAAC"}