@nahisaho/musubix-security 3.0.7 → 3.0.11

package/dist/analysis/index.d.ts

@@ -7,4 +7,7 @@ export { TaintAnalyzer, createTaintAnalyzer, resetTaintCounters, } from './taint
 export { EnhancedTaintAnalyzer, createEnhancedTaintAnalyzer, type EnhancedTaintOptions, type EnhancedTaintResult, } from './enhanced-taint-analyzer.js';
 export { SecretDetector, createSecretDetector, resetSecretCounter, } from './secret-detector.js';
 export { DependencyAuditor, createDependencyAuditor, } from './dependency-auditor.js';
+export { PythonScanner, createPythonScanner, resetPythonVulnCounter, } from './python-scanner.js';
+export { PhpScanner, createPhpScanner, resetPhpVulnCounter, } from './php-scanner.js';
+export { MultiLanguageScanner, createMultiLanguageScanner, type SupportedLanguage, type MultiLanguageScanOptions, type MultiLanguageScanResult, } from './multi-language-scanner.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/analysis/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/analysis/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,oBAAoB,EACpB,0BAA0B,EAC1B,gBAAgB,GACjB,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EACL,aAAa,EACb,mBAAmB,EACnB,kBAAkB,GACnB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,qBAAqB,EACrB,2BAA2B,EAC3B,KAAK,oBAAoB,EACzB,KAAK,mBAAmB,GACzB,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,iBAAiB,EACjB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/analysis/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,oBAAoB,EACpB,0BAA0B,EAC1B,gBAAgB,GACjB,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EACL,aAAa,EACb,mBAAmB,EACnB,kBAAkB,GACnB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,qBAAqB,EACrB,2BAA2B,EAC3B,KAAK,oBAAoB,EACzB,KAAK,mBAAmB,GACzB,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,iBAAiB,EACjB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,aAAa,EACb,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,UAAU,EACV,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,oBAAoB,EACpB,0BAA0B,EAC1B,KAAK,iBAAiB,EACtB,KAAK,wBAAwB,EAC7B,KAAK,uBAAuB,GAC7B,MAAM,6BAA6B,CAAC"}

package/dist/analysis/index.js

@@ -7,4 +7,7 @@ export { TaintAnalyzer, createTaintAnalyzer, resetTaintCounters, } from './taint
 export { EnhancedTaintAnalyzer, createEnhancedTaintAnalyzer, } from './enhanced-taint-analyzer.js';
 export { SecretDetector, createSecretDetector, resetSecretCounter, } from './secret-detector.js';
 export { DependencyAuditor, createDependencyAuditor, } from './dependency-auditor.js';
+export { PythonScanner, createPythonScanner, resetPythonVulnCounter, } from './python-scanner.js';
+export { PhpScanner, createPhpScanner, resetPhpVulnCounter, } from './php-scanner.js';
+export { MultiLanguageScanner, createMultiLanguageScanner, } from './multi-language-scanner.js';
 //# sourceMappingURL=index.js.map

package/dist/analysis/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/analysis/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,oBAAoB,EACpB,0BAA0B,EAC1B,gBAAgB,GACjB,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EACL,aAAa,EACb,mBAAmB,EACnB,kBAAkB,GACnB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,qBAAqB,EACrB,2BAA2B,GAG5B,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,iBAAiB,EACjB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/analysis/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,oBAAoB,EACpB,0BAA0B,EAC1B,gBAAgB,GACjB,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EACL,aAAa,EACb,mBAAmB,EACnB,kBAAkB,GACnB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,qBAAqB,EACrB,2BAA2B,GAG5B,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,iBAAiB,EACjB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,aAAa,EACb,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,UAAU,EACV,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,oBAAoB,EACpB,0BAA0B,GAI3B,MAAM,6BAA6B,CAAC"}

package/dist/analysis/multi-language-scanner.d.ts

@@ -0,0 +1,78 @@
+/**
+ * @fileoverview Multi-language vulnerability scanner - unified scanner for TypeScript, JavaScript, Python, PHP
+ * @module @nahisaho/musubix-security/analysis/multi-language-scanner
+ * @trace REQ-SEC-MULTI-001
+ */
+import type { Vulnerability, ScanOptions, ScanResult } from '../types/index.js';
+/**
+ * Language type
+ */
+export type SupportedLanguage = 'typescript' | 'javascript' | 'python' | 'php';
+/**
+ * Multi-language scan options
+ */
+export interface MultiLanguageScanOptions extends ScanOptions {
+    /** Languages to scan (default: all) */
+    languages?: SupportedLanguage[];
+}
+/**
+ * Multi-language scan result
+ */
+export interface MultiLanguageScanResult extends ScanResult {
+    /** Results by language */
+    byLanguage: Record<SupportedLanguage, {
+        vulnerabilities: Vulnerability[];
+        scannedFiles: number;
+    }>;
+}
+/**
+ * Multi-language vulnerability scanner
+ */
+export declare class MultiLanguageScanner {
+    private tsScanner;
+    private pythonScanner;
+    private phpScanner;
+    constructor();
+    /**
+     * Detect language from file extension
+     */
+    detectLanguage(filePath: string): SupportedLanguage | null;
+    /**
+     * Get all supported languages
+     */
+    getSupportedLanguages(): SupportedLanguage[];
+    /**
+     * Get supported extensions
+     */
+    getSupportedExtensions(): string[];
+    /**
+     * Scan a single file
+     */
+    scanFile(filePath: string): Promise<Vulnerability[]>;
+    /**
+     * Scan content with specified language
+     * Note: TypeScript/JavaScript only supports file-based scanning via ts-morph
+     */
+    scanContent(content: string, language: SupportedLanguage, filePath?: string): Vulnerability[];
+    /**
+     * Scan a directory for all supported languages
+     */
+    scanDirectory(rootPath: string, options?: MultiLanguageScanOptions): Promise<MultiLanguageScanResult>;
+    /**
+     * Get rule count by language
+     */
+    getRuleCountByLanguage(): Record<SupportedLanguage, number>;
+    /**
+     * Get total rule count
+     */
+    getTotalRuleCount(): number;
+    /**
+     * Get CWE coverage
+     */
+    getCWECoverage(): string[];
+}
+/**
+ * Create multi-language scanner
+ */
+export declare function createMultiLanguageScanner(): MultiLanguageScanner;
+//# sourceMappingURL=multi-language-scanner.d.ts.map

package/dist/analysis/multi-language-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"multi-language-scanner.d.ts","sourceRoot":"","sources":["../../src/analysis/multi-language-scanner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EACV,aAAa,EACb,WAAW,EACX,UAAU,EACX,MAAM,mBAAmB,CAAC;AAK3B;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG,YAAY,GAAG,YAAY,GAAG,QAAQ,GAAG,KAAK,CAAC;AAE/E;;GAEG;AACH,MAAM,WAAW,wBAAyB,SAAQ,WAAW;IAC3D,uCAAuC;IACvC,SAAS,CAAC,EAAE,iBAAiB,EAAE,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,uBAAwB,SAAQ,UAAU;IACzD,0BAA0B;IAC1B,UAAU,EAAE,MAAM,CAAC,iBAAiB,EAAE;QACpC,eAAe,EAAE,aAAa,EAAE,CAAC;QACjC,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC,CAAC;CACJ;AAsBD;;GAEG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,UAAU,CAAa;;IAQ/B;;OAEG;IACH,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI;IAK1D;;OAEG;IACH,qBAAqB,IAAI,iBAAiB,EAAE;IAI5C;;OAEG;IACH,sBAAsB,IAAI,MAAM,EAAE;IAIlC;;OAEG;IACG,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAmB1D;;;OAGG;IACH,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,iBAAiB,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,aAAa,EAAE;IAiB7F;;OAEG;IACG,aAAa,CACjB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,wBAAwB,GACjC,OAAO,CAAC,uBAAuB,CAAC;IAsFnC;;OAEG;IACH,sBAAsB,IAAI,MAAM,CAAC,iBAAiB,EAAE,MAAM,CAAC;IAS3D;;OAEG;IACH,iBAAiB,IAAI,MAAM;IAM3B;;OAEG;IACH,cAAc,IAAI,MAAM,EAAE;CA6B3B;AAED;;GAEG;AACH,wBAAgB,0BAA0B,IAAI,oBAAoB,CAEjE"}

package/dist/analysis/multi-language-scanner.js

@@ -0,0 +1,236 @@
+/**
+ * @fileoverview Multi-language vulnerability scanner - unified scanner for TypeScript, JavaScript, Python, PHP
+ * @module @nahisaho/musubix-security/analysis/multi-language-scanner
+ * @trace REQ-SEC-MULTI-001
+ */
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import { createVulnerabilityScanner } from './vulnerability-scanner.js';
+import { createPythonScanner } from './python-scanner.js';
+import { createPhpScanner } from './php-scanner.js';
+/**
+ * File extension to language mapping
+ */
+const EXTENSION_TO_LANGUAGE = {
+    '.ts': 'typescript',
+    '.tsx': 'typescript',
+    '.mts': 'typescript',
+    '.cts': 'typescript',
+    '.js': 'javascript',
+    '.jsx': 'javascript',
+    '.mjs': 'javascript',
+    '.cjs': 'javascript',
+    '.py': 'python',
+    '.pyw': 'python',
+    '.php': 'php',
+    '.phtml': 'php',
+    '.php5': 'php',
+    '.php7': 'php',
+};
+/**
+ * Multi-language vulnerability scanner
+ */
+export class MultiLanguageScanner {
+    tsScanner;
+    pythonScanner;
+    phpScanner;
+    constructor() {
+        this.tsScanner = createVulnerabilityScanner();
+        this.pythonScanner = createPythonScanner();
+        this.phpScanner = createPhpScanner();
+    }
+    /**
+     * Detect language from file extension
+     */
+    detectLanguage(filePath) {
+        const ext = path.extname(filePath).toLowerCase();
+        return EXTENSION_TO_LANGUAGE[ext] ?? null;
+    }
+    /**
+     * Get all supported languages
+     */
+    getSupportedLanguages() {
+        return ['typescript', 'javascript', 'python', 'php'];
+    }
+    /**
+     * Get supported extensions
+     */
+    getSupportedExtensions() {
+        return Object.keys(EXTENSION_TO_LANGUAGE);
+    }
+    /**
+     * Scan a single file
+     */
+    async scanFile(filePath) {
+        const language = this.detectLanguage(filePath);
+        if (!language) {
+            return [];
+        }
+        switch (language) {
+            case 'typescript':
+            case 'javascript':
+                return this.tsScanner.scanFile(filePath);
+            case 'python':
+                return this.pythonScanner.scanFile(filePath);
+            case 'php':
+                return this.phpScanner.scanFile(filePath);
+            default:
+                return [];
+        }
+    }
+    /**
+     * Scan content with specified language
+     * Note: TypeScript/JavaScript only supports file-based scanning via ts-morph
+     */
+    scanContent(content, language, filePath) {
+        switch (language) {
+            case 'typescript':
+            case 'javascript':
+                // TypeScript scanner requires file-based scanning (ts-morph)
+                // For content scanning, use Python or PHP
+                console.warn('TypeScript/JavaScript content scanning not supported. Use scanFile() instead.');
+                return [];
+            case 'python':
+                return this.pythonScanner.scanContent(content, filePath ?? 'unknown.py');
+            case 'php':
+                return this.phpScanner.scanContent(content, filePath ?? 'unknown.php');
+            default:
+                return [];
+        }
+    }
+    /**
+     * Scan a directory for all supported languages
+     */
+    async scanDirectory(rootPath, options) {
+        const startTime = Date.now();
+        const allVulnerabilities = [];
+        let totalScannedFiles = 0;
+        let totalSkippedFiles = 0;
+        const byLanguage = {
+            typescript: { vulnerabilities: [], scannedFiles: 0 },
+            javascript: { vulnerabilities: [], scannedFiles: 0 },
+            python: { vulnerabilities: [], scannedFiles: 0 },
+            php: { vulnerabilities: [], scannedFiles: 0 },
+        };
+        const enabledLanguages = options?.languages ?? this.getSupportedLanguages();
+        const scanDir = async (dirPath) => {
+            let entries;
+            try {
+                entries = await fs.readdir(dirPath, { withFileTypes: true });
+            }
+            catch {
+                return;
+            }
+            for (const entry of entries) {
+                const fullPath = path.join(dirPath, entry.name);
+                if (entry.isDirectory()) {
+                    // Skip common non-source directories
+                    const skipDirs = [
+                        '.git', 'node_modules', '__pycache__', 'venv', '.venv',
+                        'env', '.env', 'vendor', 'cache', 'tmp', 'dist', 'build',
+                        '.next', '.nuxt', 'coverage', '.nyc_output'
+                    ];
+                    if (skipDirs.includes(entry.name)) {
+                        continue;
+                    }
+                    await scanDir(fullPath);
+                }
+                else if (entry.isFile()) {
+                    const language = this.detectLanguage(fullPath);
+                    if (!language || !enabledLanguages.includes(language)) {
+                        continue;
+                    }
+                    // Apply exclude patterns
+                    if (options?.excludePatterns?.some(p => fullPath.includes(p))) {
+                        totalSkippedFiles++;
+                        continue;
+                    }
+                    try {
+                        const vulns = await this.scanFile(fullPath);
+                        allVulnerabilities.push(...vulns);
+                        byLanguage[language].vulnerabilities.push(...vulns);
+                        byLanguage[language].scannedFiles++;
+                        totalScannedFiles++;
+                    }
+                    catch (error) {
+                        console.warn(`Warning: Failed to scan ${fullPath}: ${error}`);
+                        totalSkippedFiles++;
+                    }
+                }
+            }
+        };
+        await scanDir(rootPath);
+        const duration = Date.now() - startTime;
+        return {
+            vulnerabilities: allVulnerabilities,
+            scannedFiles: totalScannedFiles,
+            skippedFiles: totalSkippedFiles,
+            duration,
+            timestamp: new Date(),
+            options: options ?? {},
+            summary: {
+                critical: allVulnerabilities.filter(v => v.severity === 'critical').length,
+                high: allVulnerabilities.filter(v => v.severity === 'high').length,
+                medium: allVulnerabilities.filter(v => v.severity === 'medium').length,
+                low: allVulnerabilities.filter(v => v.severity === 'low').length,
+                info: allVulnerabilities.filter(v => v.severity === 'info').length,
+                total: allVulnerabilities.length,
+            },
+            byLanguage,
+        };
+    }
+    /**
+     * Get rule count by language
+     */
+    getRuleCountByLanguage() {
+        return {
+            typescript: this.tsScanner.getRuleCount(),
+            javascript: this.tsScanner.getRuleCount(), // Same as TypeScript
+            python: this.pythonScanner.getRuleCount(),
+            php: this.phpScanner.getRuleCount(),
+        };
+    }
+    /**
+     * Get total rule count
+     */
+    getTotalRuleCount() {
+        const counts = this.getRuleCountByLanguage();
+        // TypeScript and JavaScript share rules, so count only once
+        return counts.typescript + counts.python + counts.php;
+    }
+    /**
+     * Get CWE coverage
+     */
+    getCWECoverage() {
+        const cwes = new Set();
+        // TypeScript/JavaScript CWEs
+        const tsRules = [
+            'CWE-89', 'CWE-79', 'CWE-78', 'CWE-22', 'CWE-327', 'CWE-798',
+            'CWE-918', 'CWE-502', 'CWE-611', 'CWE-90', 'CWE-1333', 'CWE-362'
+        ];
+        tsRules.forEach(cwe => cwes.add(cwe));
+        // Python CWEs
+        const pythonRules = [
+            'CWE-89', 'CWE-78', 'CWE-94', 'CWE-95', 'CWE-22', 'CWE-502',
+            'CWE-611', 'CWE-918', 'CWE-90', 'CWE-798', 'CWE-327', 'CWE-328',
+            'CWE-489', 'CWE-1333', 'CWE-1336', 'CWE-617'
+        ];
+        pythonRules.forEach(cwe => cwes.add(cwe));
+        // PHP CWEs
+        const phpRules = [
+            'CWE-89', 'CWE-79', 'CWE-78', 'CWE-94', 'CWE-95', 'CWE-98',
+            'CWE-22', 'CWE-502', 'CWE-918', 'CWE-611', 'CWE-90', 'CWE-798',
+            'CWE-327', 'CWE-328', 'CWE-384', 'CWE-601', 'CWE-209', 'CWE-614',
+            'CWE-1004'
+        ];
+        phpRules.forEach(cwe => cwes.add(cwe));
+        return Array.from(cwes).sort();
+    }
+}
+/**
+ * Create multi-language scanner
+ */
+export function createMultiLanguageScanner() {
+    return new MultiLanguageScanner();
+}
+//# sourceMappingURL=multi-language-scanner.js.map

package/dist/analysis/multi-language-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"multi-language-scanner.js","sourceRoot":"","sources":["../../src/analysis/multi-language-scanner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAOlC,OAAO,EAAwB,0BAA0B,EAAE,MAAM,4BAA4B,CAAC;AAC9F,OAAO,EAAiB,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AACzE,OAAO,EAAc,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AA0BhE;;GAEG;AACH,MAAM,qBAAqB,GAAsC;IAC/D,KAAK,EAAE,YAAY;IACnB,MAAM,EAAE,YAAY;IACpB,MAAM,EAAE,YAAY;IACpB,MAAM,EAAE,YAAY;IACpB,KAAK,EAAE,YAAY;IACnB,MAAM,EAAE,YAAY;IACpB,MAAM,EAAE,YAAY;IACpB,MAAM,EAAE,YAAY;IACpB,KAAK,EAAE,QAAQ;IACf,MAAM,EAAE,QAAQ;IAChB,MAAM,EAAE,KAAK;IACb,QAAQ,EAAE,KAAK;IACf,OAAO,EAAE,KAAK;IACd,OAAO,EAAE,KAAK;CACf,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,oBAAoB;IACvB,SAAS,CAAuB;IAChC,aAAa,CAAgB;IAC7B,UAAU,CAAa;IAE/B;QACE,IAAI,CAAC,SAAS,GAAG,0BAA0B,EAAE,CAAC;QAC9C,IAAI,CAAC,aAAa,GAAG,mBAAmB,EAAE,CAAC;QAC3C,IAAI,CAAC,UAAU,GAAG,gBAAgB,EAAE,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,QAAgB;QAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;QACjD,OAAO,qBAAqB,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,qBAAqB;QACnB,OAAO,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;IACvD,CAAC;IAED;;OAEG;IACH,sBAAsB;QACpB,OAAO,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,QAAgB;QAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC/C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,YAAY,CAAC;YAClB,KAAK,YAAY;gBACf,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC3C,KAAK,QAAQ;gBACX,OAAO,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC/C,KAAK,KAAK;gBACR,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC5C;gBACE,OAAO,EAAE,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,WAAW,CAAC,OAAe,EAAE,QAA2B,EAAE,QAAiB;QACzE,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,YAAY,CAAC;YAClB,KAAK,YAAY;gBACf,6DAA6D;gBAC7D,0CAA0C;gBAC1C,OAAO,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAC;gBAC9F,OAAO,EAAE,CAAC;YACZ,KAAK,QAAQ;gBACX,OAAO,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,OAAO,EAAE,QAAQ,IAAI,YAAY,CAAC,CAAC;YAC3E,KAAK,KAAK;gBACR,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,OAAO,EAAE,QAAQ,IAAI,aAAa,CAAC,CAAC;YACzE;gBACE,OAAO,EAAE,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CACjB,QAAgB,EAChB,OAAkC;QAElC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,kBAAkB,GAAoB,EAAE,CAAC;QAC/C,IAAI,iBAAiB,GAAG,CAAC,CAAC;QAC1B,IAAI,iBAAiB,GAAG,CAAC,CAAC;QAE1B,MAAM,UAAU,GAA0F;YACxG,UAAU,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,YAAY,EAAE,CAAC,EAAE;YACpD,UAAU,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,YAAY,EAAE,CAAC,EAAE;YACpD,MAAM,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,YAAY,EAAE,CAAC,EAAE;YAChD,GAAG,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,YAAY,EAAE,CAAC,EAAE;SAC9C,CAAC;QAEF,MAAM,gBAAgB,GAAG,OAAO,EAAE,SAAS,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAE5E,MAAM,OAAO,GAAG,KAAK,EAAE,OAAe,EAAE,EAAE;YACxC,IAAI,OAAiB,CAAC;YACtB,IAAI,CAAC;gBACH,OAAO,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;YAC/D,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO;YACT,CAAC;YAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;gBAEhD,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;oBACxB,qCAAqC;oBACrC,MAAM,QAAQ,GAAG;wBACf,MAAM,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,EAAE,OAAO;wBACtD,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO;wBACxD,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,aAAa;qBAC5C,CAAC;oBACF,IAAI,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;wBAClC,SAAS;oBACX,CAAC;oBACD,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAC;gBAC1B,CAAC;qBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;oBAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;oBAC/C,IAAI,CAAC,QAAQ,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACtD,SAAS;oBACX,CAAC;oBAED,yBAAyB;oBACzB,IAAI,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;wBAC9D,iBAAiB,EAAE,CAAC;wBACpB,SAAS;oBACX,CAAC;oBAED,IAAI,CAAC;wBACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;wBAC5C,kBAAkB,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;wBAClC,UAAU,CAAC,QAAQ,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;wBACpD,UAAU,CAAC,QAAQ,CAAC,CAAC,YAAY,EAAE,CAAC;wBACpC,iBAAiB,EAAE,CAAC;oBACtB,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,OAAO,CAAC,IAAI,CAAC,2BAA2B,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;wBAC9D,iBAAiB,EAAE,CAAC;oBACtB,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAC;QAExB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAExC,OAAO;YACL,eAAe,EAAE,kBAAkB;YACnC,YAAY,EAAE,iBAAiB;YAC/B,YAAY,EAAE,iBAAiB;YAC/B,QAAQ;YACR,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,OAAO,EAAE,OAAO,IAAI,EAAE;YACtB,OAAO,EAAE;gBACP,QAAQ,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;gBAC1E,IAAI,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;gBAClE,MAAM,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;gBACtE,GAAG,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;gBAChE,IAAI,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;gBAClE,KAAK,EAAE,kBAAkB,CAAC,MAAM;aACjC;YACD,UAAU;SACX,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,sBAAsB;QACpB,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE;YACzC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,EAAE,qBAAqB;YAChE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE;YACzC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE;SACpC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,MAAM,MAAM,GAAG,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC7C,4DAA4D;QAC5D,OAAO,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC;IACxD,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAE/B,6BAA6B;QAC7B,MAAM,OAAO,GAAG;YACd,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;YAC5D,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,SAAS;SACjE,CAAC;QACF,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QAEtC,cAAc;QACd,MAAM,WAAW,GAAG;YAClB,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS;YAC3D,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS;YAC/D,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS;SAC7C,CAAC;QACF,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QAE1C,WAAW;QACX,MAAM,QAAQ,GAAG;YACf,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ;YAC1D,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS;YAC9D,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS;YAChE,UAAU;SACX,CAAC;QACF,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QAEvC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;IACjC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B;IACxC,OAAO,IAAI,oBAAoB,EAAE,CAAC;AACpC,CAAC"}

package/dist/analysis/php-scanner.d.ts

@@ -0,0 +1,61 @@
+/**
+ * @fileoverview PHP vulnerability scanner - static analysis for PHP security vulnerabilities
+ * @module @nahisaho/musubix-security/analysis/php-scanner
+ * @trace REQ-SEC-PHP-001
+ */
+import type { Vulnerability, ScanOptions, ScanResult, Severity, OWASPCategory } from '../types/index.js';
+/**
+ * Reset PHP vulnerability counter (for testing)
+ */
+export declare function resetPhpVulnCounter(): void;
+/**
+ * PHP vulnerability pattern
+ */
+interface PhpPattern {
+    ruleId: string;
+    pattern: RegExp;
+    type: string;
+    severity: Severity;
+    cwes: string[];
+    owasp: OWASPCategory[];
+    description: string;
+    recommendation: string;
+    confidence: number;
+}
+/**
+ * PHP vulnerability scanner
+ */
+export declare class PhpScanner {
+    private patterns;
+    constructor();
+    /**
+     * Scan a single PHP file
+     */
+    scanFile(filePath: string): Promise<Vulnerability[]>;
+    /**
+     * Scan PHP content
+     */
+    scanContent(content: string, filePath?: string): Vulnerability[];
+    /**
+     * Scan a directory for PHP files
+     */
+    scanDirectory(rootPath: string, options?: ScanOptions): Promise<ScanResult>;
+    /**
+     * Add custom pattern
+     */
+    addPattern(pattern: PhpPattern): void;
+    /**
+     * Get rule IDs
+     */
+    getRuleIds(): string[];
+    /**
+     * Get rule count
+     */
+    getRuleCount(): number;
+}
+/**
+ * Create PHP scanner
+ */
+export declare function createPhpScanner(): PhpScanner;
+export {};
+//# sourceMappingURL=php-scanner.d.ts.map

package/dist/analysis/php-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"php-scanner.d.ts","sourceRoot":"","sources":["../../src/analysis/php-scanner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EACV,aAAa,EACb,WAAW,EACX,UAAU,EAEV,QAAQ,EACR,aAAa,EACd,MAAM,mBAAmB,CAAC;AAY3B;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,IAAI,CAE1C;AAED;;GAEG;AACH,UAAU,UAAU;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,QAAQ,CAAC;IACnB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,KAAK,EAAE,aAAa,EAAE,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;CACpB;AA0ZD;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,QAAQ,CAAe;;IAM/B;;OAEG;IACG,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAK1D;;OAEG;IACH,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,GAAE,MAAsB,GAAG,aAAa,EAAE;IA6B/E;;OAEG;IACG,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;IA2DjF;;OAEG;IACH,UAAU,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI;IAIrC;;OAEG;IACH,UAAU,IAAI,MAAM,EAAE;IAItB;;OAEG;IACH,YAAY,IAAI,MAAM;CAGvB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,UAAU,CAE7C"}