@nahisaho/musubix-security 2.0.1 → 2.1.1

package/dist/analysis/sinks/command-exec.js

@@ -0,0 +1,187 @@
+/**
+ * @fileoverview Command execution sink definitions
+ * @module @nahisaho/musubix-security/analysis/sinks/command-exec
+ * @trace REQ-SEC-001
+ */
+/**
+ * Command injection sinks
+ * @trace REQ-SEC-001
+ */
+export const COMMAND_EXEC_SINKS = [
+    // child_process exec
+    {
+        id: 'SNK-CMD-001',
+        name: 'OS Command Execution (exec)',
+        category: 'command-exec',
+        severity: 'critical',
+        framework: 'node',
+        patterns: [
+            { receiver: 'child_process', method: 'exec', vulnerableArg: 0 },
+            { method: 'exec', vulnerableArg: 0 },
+            { method: 'execSync', vulnerableArg: 0 },
+            {
+                importPattern: { module: 'child_process', named: ['exec', 'execSync'] },
+                method: ['exec', 'execSync'],
+                vulnerableArg: 0,
+            },
+        ],
+        expectedSanitizers: ['quote', 'escape', 'shell-quote'],
+        description: 'OS command execution via shell - highly vulnerable to injection',
+        enabled: true,
+        tags: ['command', 'injection', 'shell', 'os'],
+        relatedCWE: ['CWE-78', 'CWE-77'],
+        owaspCategory: 'A03:2021-Injection',
+    },
+    // child_process spawn (safer but still vulnerable)
+    {
+        id: 'SNK-CMD-010',
+        name: 'OS Command Execution (spawn)',
+        category: 'command-exec',
+        severity: 'high',
+        framework: 'node',
+        patterns: [
+            { receiver: 'child_process', method: 'spawn', vulnerableArg: 0 },
+            { receiver: 'child_process', method: 'spawn', vulnerableArgs: [0, 1] },
+            { method: 'spawn', vulnerableArg: 0 },
+            { method: 'spawnSync', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: ['validateCommand', 'whitelist'],
+        description: 'OS command execution via spawn - arguments passed directly',
+        enabled: true,
+        tags: ['command', 'injection', 'spawn', 'os'],
+        relatedCWE: ['CWE-78'],
+        owaspCategory: 'A03:2021-Injection',
+    },
+    // child_process execFile
+    {
+        id: 'SNK-CMD-020',
+        name: 'OS Command Execution (execFile)',
+        category: 'command-exec',
+        severity: 'high',
+        framework: 'node',
+        patterns: [
+            { receiver: 'child_process', method: 'execFile', vulnerableArg: 0 },
+            { receiver: 'child_process', method: 'execFile', vulnerableArgs: [0, 1] },
+            { method: 'execFile', vulnerableArg: 0 },
+            { method: 'execFileSync', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: ['validateCommand', 'whitelist'],
+        description: 'OS command execution via execFile',
+        enabled: true,
+        tags: ['command', 'injection', 'execFile', 'os'],
+        relatedCWE: ['CWE-78'],
+        owaspCategory: 'A03:2021-Injection',
+    },
+    // child_process fork
+    {
+        id: 'SNK-CMD-030',
+        name: 'Child Process Fork',
+        category: 'command-exec',
+        severity: 'high',
+        framework: 'node',
+        patterns: [
+            { receiver: 'child_process', method: 'fork', vulnerableArg: 0 },
+            { method: 'fork', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: ['validatePath', 'whitelist'],
+        description: 'Node.js child process fork - script path vulnerability',
+        enabled: true,
+        tags: ['command', 'injection', 'fork', 'os'],
+        relatedCWE: ['CWE-78'],
+        owaspCategory: 'A03:2021-Injection',
+    },
+    // execa (popular npm package)
+    {
+        id: 'SNK-CMD-040',
+        name: 'Execa Command Execution',
+        category: 'command-exec',
+        severity: 'critical',
+        framework: 'execa',
+        patterns: [
+            { method: 'execa', vulnerableArg: 0 },
+            { method: 'execaSync', vulnerableArg: 0 },
+            { method: 'execaCommand', vulnerableArg: 0 },
+            { method: 'execaCommandSync', vulnerableArg: 0 },
+            { method: '$', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: ['escape', 'validateCommand'],
+        description: 'Execa command execution',
+        enabled: true,
+        tags: ['command', 'injection', 'execa', 'os'],
+        relatedCWE: ['CWE-78'],
+        owaspCategory: 'A03:2021-Injection',
+    },
+    // shelljs
+    {
+        id: 'SNK-CMD-050',
+        name: 'ShellJS Command Execution',
+        category: 'command-exec',
+        severity: 'critical',
+        framework: 'shelljs',
+        patterns: [
+            { receiver: 'shell', method: 'exec', vulnerableArg: 0 },
+            { receiver: 'shelljs', method: 'exec', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: ['escape', 'quote'],
+        description: 'ShellJS command execution',
+        enabled: true,
+        tags: ['command', 'injection', 'shelljs', 'os'],
+        relatedCWE: ['CWE-78'],
+        owaspCategory: 'A03:2021-Injection',
+    },
+    // SSH command execution
+    {
+        id: 'SNK-CMD-060',
+        name: 'SSH Command Execution',
+        category: 'command-exec',
+        severity: 'critical',
+        framework: 'ssh',
+        patterns: [
+            { receiver: 'ssh', method: 'exec', vulnerableArg: 0 },
+            { receiver: 'conn', method: 'exec', vulnerableArg: 0 },
+            { receiver: 'client', method: 'exec', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: ['escape', 'quote', 'validateCommand'],
+        description: 'Remote SSH command execution',
+        enabled: true,
+        tags: ['command', 'injection', 'ssh', 'remote'],
+        relatedCWE: ['CWE-78'],
+        owaspCategory: 'A03:2021-Injection',
+    },
+    // Docker command execution
+    {
+        id: 'SNK-CMD-070',
+        name: 'Docker Command Execution',
+        category: 'command-exec',
+        severity: 'critical',
+        framework: 'docker',
+        patterns: [
+            { receiver: 'container', method: 'exec', vulnerableArg: 0 },
+            { receiver: 'docker', method: 'run', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: ['validateImage', 'validateCommand'],
+        description: 'Docker container command execution',
+        enabled: true,
+        tags: ['command', 'injection', 'docker', 'container'],
+        relatedCWE: ['CWE-78'],
+        owaspCategory: 'A03:2021-Injection',
+    },
+    // Template engine command execution
+    {
+        id: 'SNK-CMD-080',
+        name: 'Template Command Execution',
+        category: 'command-exec',
+        severity: 'high',
+        patterns: [
+            { method: 'compile', vulnerableArg: 0 },
+            { method: 'render', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: ['escapeHtml', 'sandbox'],
+        description: 'Template engine with potential command execution',
+        enabled: true,
+        tags: ['command', 'injection', 'template', 'ssti'],
+        relatedCWE: ['CWE-94', 'CWE-78'],
+        owaspCategory: 'A03:2021-Injection',
+    },
+];
+//# sourceMappingURL=command-exec.js.map

package/dist/analysis/sinks/command-exec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"command-exec.js","sourceRoot":"","sources":["../../../src/analysis/sinks/command-exec.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;;GAGG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAA8B;IAC3D,qBAAqB;IACrB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,cAAc;QACxB,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE;YAC/D,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE;YACpC,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,EAAE;YACxC;gBACE,aAAa,EAAE,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE;gBACvE,MAAM,EAAE,CAAC,MAAM,EAAE,UAAU,CAAC;gBAC5B,aAAa,EAAE,CAAC;aACjB;SACF;QACD,kBAAkB,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,aAAa,CAAC;QACtD,WAAW,EAAE,iEAAiE;QAC9E,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,SAAS,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;QAC7C,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAChC,aAAa,EAAE,oBAAoB;KACpC;IAED,mDAAmD;IACnD;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,cAAc;QACxB,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,EAAE;YAChE,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;YACtE,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,EAAE;YACrC,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC,EAAE;SAC1C;QACD,kBAAkB,EAAE,CAAC,iBAAiB,EAAE,WAAW,CAAC;QACpD,WAAW,EAAE,4DAA4D;QACzE,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,SAAS,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;QAC7C,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,aAAa,EAAE,oBAAoB;KACpC;IAED,yBAAyB;IACzB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,iCAAiC;QACvC,QAAQ,EAAE,cAAc;QACxB,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,EAAE;YACnE,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,cAAc,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;YACzE,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,EAAE;YACxC,EAAE,MAAM,EAAE,cAAc,EAAE,aAAa,EAAE,CAAC,EAAE;SAC7C;QACD,kBAAkB,EAAE,CAAC,iBAAiB,EAAE,WAAW,CAAC;QACpD,WAAW,EAAE,mCAAmC;QAChD,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,SAAS,EAAE,WAAW,EAAE,UAAU,EAAE,IAAI,CAAC;QAChD,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,aAAa,EAAE,oBAAoB;KACpC;IAED,qBAAqB;IACrB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,cAAc;QACxB,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE;YAC/D,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE;SACrC;QACD,kBAAkB,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC;QACjD,WAAW,EAAE,wDAAwD;QACrE,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,SAAS,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,CAAC;QAC5C,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,aAAa,EAAE,oBAAoB;KACpC;IAED,8BAA8B;IAC9B;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,cAAc;QACxB,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,OAAO;QAClB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,EAAE;YACrC,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC,EAAE;YACzC,EAAE,MAAM,EAAE,cAAc,EAAE,aAAa,EAAE,CAAC,EAAE;YAC5C,EAAE,MAAM,EAAE,kBAAkB,EAAE,aAAa,EAAE,CAAC,EAAE;YAChD,EAAE,MAAM,EAAE,GAAG,EAAE,aAAa,EAAE,CAAC,EAAE;SAClC;QACD,kBAAkB,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC;QACjD,WAAW,EAAE,yBAAyB;QACtC,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,SAAS,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC;QAC7C,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,aAAa,EAAE,oBAAoB;KACpC;IAED,UAAU;IACV;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,2BAA2B;QACjC,QAAQ,EAAE,cAAc;QACxB,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,SAAS;QACpB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE;YACvD,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE;SAC1D;QACD,kBAAkB,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC;QACvC,WAAW,EAAE,2BAA2B;QACxC,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,SAAS,EAAE,WAAW,EAAE,SAAS,EAAE,IAAI,CAAC;QAC/C,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,aAAa,EAAE,oBAAoB;KACpC;IAED,wBAAwB;IACxB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,cAAc;QACxB,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,KAAK;QAChB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE;YACrD,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE;YACtD,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE;SACzD;QACD,kBAAkB,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,iBAAiB,CAAC;QAC1D,WAAW,EAAE,8BAA8B;QAC3C,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,SAAS,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,CAAC;QAC/C,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,aAAa,EAAE,oBAAoB;KACpC;IAED,2BAA2B;IAC3B;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,cAAc;QACxB,QAAQ,EAAE,UAAU;QACpB,SAAS,EAAE,QAAQ;QACnB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE;YAC3D,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC,EAAE;SACxD;QACD,kBAAkB,EAAE,CAAC,eAAe,EAAE,iBAAiB,CAAC;QACxD,WAAW,EAAE,oCAAoC;QACjD,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,SAAS,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,CAAC;QACrD,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,aAAa,EAAE,oBAAoB;KACpC;IAED,oCAAoC;IACpC;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,4BAA4B;QAClC,QAAQ,EAAE,cAAc;QACxB,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,EAAE;YACvC,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,EAAE;SACvC;QACD,kBAAkB,EAAE,CAAC,YAAY,EAAE,SAAS,CAAC;QAC7C,WAAW,EAAE,kDAAkD;QAC/D,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,SAAS,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,CAAC;QAClD,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAChC,aAAa,EAAE,oBAAoB;KACpC;CACO,CAAC"}

package/dist/analysis/sinks/file-operations.d.ts

@@ -0,0 +1,12 @@
+/**
+ * @fileoverview File operation sink definitions
+ * @module @nahisaho/musubix-security/analysis/sinks/file-operations
+ * @trace REQ-SEC-001
+ */
+import type { SinkDefinition } from './types.js';
+/**
+ * File operation sinks (path traversal, arbitrary file write)
+ * @trace REQ-SEC-001
+ */
+export declare const FILE_OPERATION_SINKS: readonly SinkDefinition[];
+//# sourceMappingURL=file-operations.d.ts.map

package/dist/analysis/sinks/file-operations.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"file-operations.d.ts","sourceRoot":"","sources":["../../../src/analysis/sinks/file-operations.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEjD;;;GAGG;AACH,eAAO,MAAM,oBAAoB,EAAE,SAAS,cAAc,EA8OhD,CAAC"}

package/dist/analysis/sinks/file-operations.js

@@ -0,0 +1,239 @@
+/**
+ * @fileoverview File operation sink definitions
+ * @module @nahisaho/musubix-security/analysis/sinks/file-operations
+ * @trace REQ-SEC-001
+ */
+/**
+ * File operation sinks (path traversal, arbitrary file write)
+ * @trace REQ-SEC-001
+ */
+export const FILE_OPERATION_SINKS = [
+    // File read (path traversal)
+    {
+        id: 'SNK-FILE-001',
+        name: 'File Read (Path Traversal)',
+        category: 'file-read',
+        severity: 'high',
+        framework: 'node',
+        patterns: [
+            { receiver: 'fs', method: 'readFile', vulnerableArg: 0 },
+            { receiver: 'fs', method: 'readFileSync', vulnerableArg: 0 },
+            { receiver: 'fs', method: 'createReadStream', vulnerableArg: 0 },
+            { method: 'readFile', vulnerableArg: 0 },
+            { method: 'readFileSync', vulnerableArg: 0 },
+            {
+                importPattern: { module: 'fs', named: ['readFile', 'readFileSync'] },
+                method: ['readFile', 'readFileSync'],
+                vulnerableArg: 0,
+            },
+        ],
+        expectedSanitizers: ['basename', 'resolve', 'validatePath', 'normalize'],
+        description: 'File read with user-controlled path - path traversal risk',
+        enabled: true,
+        tags: ['file', 'read', 'path-traversal'],
+        relatedCWE: ['CWE-22', 'CWE-23'],
+        owaspCategory: 'A01:2021-Broken Access Control',
+    },
+    // File write (arbitrary file write)
+    {
+        id: 'SNK-FILE-010',
+        name: 'File Write (Arbitrary Write)',
+        category: 'file-write',
+        severity: 'high',
+        framework: 'node',
+        patterns: [
+            { receiver: 'fs', method: 'writeFile', vulnerableArg: 0 },
+            { receiver: 'fs', method: 'writeFileSync', vulnerableArg: 0 },
+            { receiver: 'fs', method: 'createWriteStream', vulnerableArg: 0 },
+            { receiver: 'fs', method: 'appendFile', vulnerableArg: 0 },
+            { receiver: 'fs', method: 'appendFileSync', vulnerableArg: 0 },
+            { method: 'writeFile', vulnerableArg: 0 },
+            { method: 'writeFileSync', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: ['basename', 'resolve', 'validatePath', 'normalize'],
+        description: 'File write with user-controlled path - arbitrary file write risk',
+        enabled: true,
+        tags: ['file', 'write', 'arbitrary-write'],
+        relatedCWE: ['CWE-22', 'CWE-23', 'CWE-73'],
+        owaspCategory: 'A01:2021-Broken Access Control',
+    },
+    // fs-extra operations
+    {
+        id: 'SNK-FILE-020',
+        name: 'fs-extra File Operations',
+        category: 'file-write',
+        severity: 'high',
+        framework: 'fs-extra',
+        patterns: [
+            { receiver: 'fse', method: 'copy', vulnerableArgs: [0, 1] },
+            { receiver: 'fse', method: 'move', vulnerableArgs: [0, 1] },
+            { receiver: 'fse', method: 'outputFile', vulnerableArg: 0 },
+            { receiver: 'fse', method: 'outputJson', vulnerableArg: 0 },
+            { receiver: 'fs', method: 'copy', vulnerableArgs: [0, 1] },
+            { receiver: 'fs', method: 'move', vulnerableArgs: [0, 1] },
+        ],
+        expectedSanitizers: ['validatePath', 'normalize', 'basename'],
+        description: 'fs-extra file operations with user-controlled paths',
+        enabled: true,
+        tags: ['file', 'fs-extra', 'path-traversal'],
+        relatedCWE: ['CWE-22', 'CWE-73'],
+        owaspCategory: 'A01:2021-Broken Access Control',
+    },
+    // Directory operations
+    {
+        id: 'SNK-FILE-030',
+        name: 'Directory Creation/Removal',
+        category: 'file-write',
+        severity: 'medium',
+        framework: 'node',
+        patterns: [
+            { receiver: 'fs', method: 'mkdir', vulnerableArg: 0 },
+            { receiver: 'fs', method: 'mkdirSync', vulnerableArg: 0 },
+            { receiver: 'fs', method: 'rmdir', vulnerableArg: 0 },
+            { receiver: 'fs', method: 'rmdirSync', vulnerableArg: 0 },
+            { receiver: 'fs', method: 'rm', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: ['validatePath', 'normalize'],
+        description: 'Directory operations with user-controlled paths',
+        enabled: true,
+        tags: ['file', 'directory', 'path-traversal'],
+        relatedCWE: ['CWE-22'],
+        owaspCategory: 'A01:2021-Broken Access Control',
+    },
+    // File deletion
+    {
+        id: 'SNK-FILE-040',
+        name: 'File Deletion',
+        category: 'file-write',
+        severity: 'high',
+        framework: 'node',
+        patterns: [
+            { receiver: 'fs', method: 'unlink', vulnerableArg: 0 },
+            { receiver: 'fs', method: 'unlinkSync', vulnerableArg: 0 },
+            { method: 'unlink', vulnerableArg: 0 },
+            { method: 'unlinkSync', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: ['validatePath', 'normalize', 'basename'],
+        description: 'File deletion with user-controlled path',
+        enabled: true,
+        tags: ['file', 'delete', 'path-traversal'],
+        relatedCWE: ['CWE-22', 'CWE-73'],
+        owaspCategory: 'A01:2021-Broken Access Control',
+    },
+    // File access check (information disclosure)
+    {
+        id: 'SNK-FILE-050',
+        name: 'File Access Check',
+        category: 'file-read',
+        severity: 'medium',
+        framework: 'node',
+        patterns: [
+            { receiver: 'fs', method: 'access', vulnerableArg: 0 },
+            { receiver: 'fs', method: 'accessSync', vulnerableArg: 0 },
+            { receiver: 'fs', method: 'stat', vulnerableArg: 0 },
+            { receiver: 'fs', method: 'statSync', vulnerableArg: 0 },
+            { receiver: 'fs', method: 'lstat', vulnerableArg: 0 },
+            { receiver: 'fs', method: 'exists', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: ['validatePath', 'normalize'],
+        description: 'File access check - can reveal file existence',
+        enabled: true,
+        tags: ['file', 'info-disclosure', 'path-traversal'],
+        relatedCWE: ['CWE-22', 'CWE-200'],
+        owaspCategory: 'A01:2021-Broken Access Control',
+    },
+    // Path join (common anti-pattern)
+    {
+        id: 'SNK-FILE-060',
+        name: 'Unsafe Path Join',
+        category: 'file-read',
+        severity: 'medium',
+        framework: 'node',
+        patterns: [
+            { receiver: 'path', method: 'join', vulnerableArg: 1 },
+            { receiver: 'path', method: 'resolve', vulnerableArg: 1 },
+        ],
+        expectedSanitizers: ['basename', 'validatePath'],
+        description: 'Path join with user-controlled segment - does not prevent traversal',
+        enabled: true,
+        tags: ['file', 'path', 'path-traversal'],
+        relatedCWE: ['CWE-22'],
+        owaspCategory: 'A01:2021-Broken Access Control',
+    },
+    // Symlink operations
+    {
+        id: 'SNK-FILE-070',
+        name: 'Symlink Creation',
+        category: 'file-write',
+        severity: 'high',
+        framework: 'node',
+        patterns: [
+            { receiver: 'fs', method: 'symlink', vulnerableArgs: [0, 1] },
+            { receiver: 'fs', method: 'symlinkSync', vulnerableArgs: [0, 1] },
+            { receiver: 'fs', method: 'link', vulnerableArgs: [0, 1] },
+            { receiver: 'fs', method: 'linkSync', vulnerableArgs: [0, 1] },
+        ],
+        expectedSanitizers: ['validatePath', 'normalize'],
+        description: 'Symlink creation - can be used for path traversal attacks',
+        enabled: true,
+        tags: ['file', 'symlink', 'path-traversal'],
+        relatedCWE: ['CWE-59', 'CWE-22'],
+        owaspCategory: 'A01:2021-Broken Access Control',
+    },
+    // File rename/move
+    {
+        id: 'SNK-FILE-080',
+        name: 'File Rename/Move',
+        category: 'file-write',
+        severity: 'high',
+        framework: 'node',
+        patterns: [
+            { receiver: 'fs', method: 'rename', vulnerableArgs: [0, 1] },
+            { receiver: 'fs', method: 'renameSync', vulnerableArgs: [0, 1] },
+        ],
+        expectedSanitizers: ['validatePath', 'normalize', 'basename'],
+        description: 'File rename with user-controlled paths',
+        enabled: true,
+        tags: ['file', 'rename', 'path-traversal'],
+        relatedCWE: ['CWE-22', 'CWE-73'],
+        owaspCategory: 'A01:2021-Broken Access Control',
+    },
+    // Multer/File upload destination
+    {
+        id: 'SNK-FILE-090',
+        name: 'File Upload Destination',
+        category: 'file-write',
+        severity: 'high',
+        framework: 'express',
+        patterns: [
+            { property: 'destination', vulnerableArg: 0 },
+            { property: 'filename', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: ['sanitizeFilename', 'basename', 'validateExtension'],
+        description: 'File upload destination/filename from user input',
+        enabled: true,
+        tags: ['file', 'upload', 'path-traversal'],
+        relatedCWE: ['CWE-22', 'CWE-434'],
+        owaspCategory: 'A01:2021-Broken Access Control',
+    },
+    // Archiver/Zip extraction (Zip Slip)
+    {
+        id: 'SNK-FILE-100',
+        name: 'Archive Extraction (Zip Slip)',
+        category: 'file-write',
+        severity: 'critical',
+        patterns: [
+            { method: 'extract', vulnerableArg: 0 },
+            { method: 'extractAll', vulnerableArg: 0 },
+            { receiver: 'unzipper', method: 'Extract', vulnerableArg: 0 },
+            { receiver: 'archiver', method: 'directory', vulnerableArg: 0 },
+        ],
+        expectedSanitizers: ['validatePath', 'checkZipSlip'],
+        description: 'Archive extraction - Zip Slip vulnerability',
+        enabled: true,
+        tags: ['file', 'archive', 'zip-slip'],
+        relatedCWE: ['CWE-22'],
+        owaspCategory: 'A01:2021-Broken Access Control',
+    },
+];
+//# sourceMappingURL=file-operations.js.map

package/dist/analysis/sinks/file-operations.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"file-operations.js","sourceRoot":"","sources":["../../../src/analysis/sinks/file-operations.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAA8B;IAC7D,6BAA6B;IAC7B;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,4BAA4B;QAClC,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,EAAE;YACxD,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,aAAa,EAAE,CAAC,EAAE;YAC5D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,EAAE,aAAa,EAAE,CAAC,EAAE;YAChE,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,EAAE;YACxC,EAAE,MAAM,EAAE,cAAc,EAAE,aAAa,EAAE,CAAC,EAAE;YAC5C;gBACE,aAAa,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,UAAU,EAAE,cAAc,CAAC,EAAE;gBACpE,MAAM,EAAE,CAAC,UAAU,EAAE,cAAc,CAAC;gBACpC,aAAa,EAAE,CAAC;aACjB;SACF;QACD,kBAAkB,EAAE,CAAC,UAAU,EAAE,SAAS,EAAE,cAAc,EAAE,WAAW,CAAC;QACxE,WAAW,EAAE,2DAA2D;QACxE,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,gBAAgB,CAAC;QACxC,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAChC,aAAa,EAAE,gCAAgC;KAChD;IAED,oCAAoC;IACpC;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC,EAAE;YACzD,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,eAAe,EAAE,aAAa,EAAE,CAAC,EAAE;YAC7D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,mBAAmB,EAAE,aAAa,EAAE,CAAC,EAAE;YACjE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC,EAAE;YAC1D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,gBAAgB,EAAE,aAAa,EAAE,CAAC,EAAE;YAC9D,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC,EAAE;YACzC,EAAE,MAAM,EAAE,eAAe,EAAE,aAAa,EAAE,CAAC,EAAE;SAC9C;QACD,kBAAkB,EAAE,CAAC,UAAU,EAAE,SAAS,EAAE,cAAc,EAAE,WAAW,CAAC;QACxE,WAAW,EAAE,kEAAkE;QAC/E,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,iBAAiB,CAAC;QAC1C,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;QAC1C,aAAa,EAAE,gCAAgC;KAChD;IAED,sBAAsB;IACtB;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,UAAU;QACrB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;YAC3D,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;YAC3D,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC,EAAE;YAC3D,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC,EAAE;YAC3D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;YAC1D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;SAC3D;QACD,kBAAkB,EAAE,CAAC,cAAc,EAAE,WAAW,EAAE,UAAU,CAAC;QAC7D,WAAW,EAAE,qDAAqD;QAClE,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,gBAAgB,CAAC;QAC5C,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAChC,aAAa,EAAE,gCAAgC;KAChD;IAED,uBAAuB;IACvB;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,4BAA4B;QAClC,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,EAAE;YACrD,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC,EAAE;YACzD,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,EAAE;YACrD,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC,EAAE;YACzD,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC,EAAE;SACnD;QACD,kBAAkB,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC;QACjD,WAAW,EAAE,iDAAiD;QAC9D,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,WAAW,EAAE,gBAAgB,CAAC;QAC7C,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,aAAa,EAAE,gCAAgC;KAChD;IAED,gBAAgB;IAChB;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,EAAE;YACtD,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC,EAAE;YAC1D,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,EAAE;YACtC,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC,EAAE;SAC3C;QACD,kBAAkB,EAAE,CAAC,cAAc,EAAE,WAAW,EAAE,UAAU,CAAC;QAC7D,WAAW,EAAE,yCAAyC;QACtD,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,gBAAgB,CAAC;QAC1C,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAChC,aAAa,EAAE,gCAAgC;KAChD;IAED,6CAA6C;IAC7C;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,EAAE;YACtD,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC,EAAE;YAC1D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE;YACpD,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,EAAE;YACxD,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,EAAE;YACrD,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,EAAE;SACvD;QACD,kBAAkB,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC;QACjD,WAAW,EAAE,+CAA+C;QAC5D,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,iBAAiB,EAAE,gBAAgB,CAAC;QACnD,UAAU,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;QACjC,aAAa,EAAE,gCAAgC;KAChD;IAED,kCAAkC;IAClC;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE;YACtD,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,EAAE;SAC1D;QACD,kBAAkB,EAAE,CAAC,UAAU,EAAE,cAAc,CAAC;QAChD,WAAW,EAAE,qEAAqE;QAClF,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,gBAAgB,CAAC;QACxC,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,aAAa,EAAE,gCAAgC;KAChD;IAED,qBAAqB;IACrB;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,cAAc,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;YAC7D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,aAAa,EAAE,cAAc,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;YACjE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;YAC1D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,cAAc,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;SAC/D;QACD,kBAAkB,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC;QACjD,WAAW,EAAE,2DAA2D;QACxE,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,gBAAgB,CAAC;QAC3C,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAChC,aAAa,EAAE,gCAAgC;KAChD;IAED,mBAAmB;IACnB;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,MAAM;QACjB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;YAC5D,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,cAAc,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;SACjE;QACD,kBAAkB,EAAE,CAAC,cAAc,EAAE,WAAW,EAAE,UAAU,CAAC;QAC7D,WAAW,EAAE,wCAAwC;QACrD,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,gBAAgB,CAAC;QAC1C,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAChC,aAAa,EAAE,gCAAgC;KAChD;IAED,iCAAiC;IACjC;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,SAAS;QACpB,QAAQ,EAAE;YACR,EAAE,QAAQ,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,EAAE;YAC7C,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,EAAE;SAC3C;QACD,kBAAkB,EAAE,CAAC,kBAAkB,EAAE,UAAU,EAAE,mBAAmB,CAAC;QACzE,WAAW,EAAE,kDAAkD;QAC/D,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,gBAAgB,CAAC;QAC1C,UAAU,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;QACjC,aAAa,EAAE,gCAAgC;KAChD;IAED,qCAAqC;IACrC;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE;YACR,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,EAAE;YACvC,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC,EAAE;YAC1C,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,EAAE;YAC7D,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC,EAAE;SAChE;QACD,kBAAkB,EAAE,CAAC,cAAc,EAAE,cAAc,CAAC;QACpD,WAAW,EAAE,6CAA6C;QAC1D,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC;QACrC,UAAU,EAAE,CAAC,QAAQ,CAAC;QACtB,aAAa,EAAE,gCAAgC;KAChD;CACO,CAAC"}

package/dist/analysis/sinks/html-output.d.ts

@@ -0,0 +1,12 @@
+/**
+ * @fileoverview HTML output sink definitions (XSS vulnerabilities)
+ * @module @nahisaho/musubix-security/analysis/sinks/html-output
+ * @trace REQ-SEC-001
+ */
+import type { SinkDefinition } from './types.js';
+/**
+ * HTML output sinks (XSS vulnerabilities)
+ * @trace REQ-SEC-001
+ */
+export declare const HTML_OUTPUT_SINKS: readonly SinkDefinition[];
+//# sourceMappingURL=html-output.d.ts.map

package/dist/analysis/sinks/html-output.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"html-output.d.ts","sourceRoot":"","sources":["../../../src/analysis/sinks/html-output.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEjD;;;GAGG;AACH,eAAO,MAAM,iBAAiB,EAAE,SAAS,cAAc,EAiQ7C,CAAC"}