@oculum/scanner 1.0.0

package/dist/layer2/ai-rag-safety.js

@@ -0,0 +1,459 @@
+"use strict";
+/**
+ * Layer 2: RAG Data Safety Detection
+ * Detects data exfiltration risks in Retrieval Augmented Generation systems
+ *
+ * Covers:
+ * - M5.1: RAG data exfiltration (cross-tenant retrieval, raw context exposure)
+ * - Unscoped vector store queries
+ * - Raw retrieved context in responses
+ * - Context logging risks
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectRAGSafetyIssues = detectRAGSafetyIssues;
+exports.isRAGContextFile = isRAGContextFile;
+const context_helpers_1 = require("../utils/context-helpers");
+// ============================================================================
+// Context Detection
+// ============================================================================
+/**
+ * Check if file uses client-side fuzzy search libraries (not vector stores)
+ * These are safe local search implementations, not cross-tenant data access risks
+ */
+function isClientSideFuzzySearch(content) {
+    const fuzzySearchPatterns = [
+        // Fuse.js - client-side fuzzy search
+        /import.*from\s+['"]fuse\.js['"]/i,
+        /require\s*\(\s*['"]fuse\.js['"]\s*\)/i,
+        /new\s+Fuse\s*\(/i,
+        // Other client-side search libraries
+        /import.*from\s+['"]flexsearch['"]/i,
+        /import.*from\s+['"]lunr['"]/i,
+        /import.*from\s+['"]minisearch['"]/i,
+        /import.*from\s+['"]fuzzysort['"]/i,
+        /import.*from\s+['"]match-sorter['"]/i,
+    ];
+    return fuzzySearchPatterns.some(p => p.test(content));
+}
+/**
+ * Check if a line contains a generic query pattern that is NOT a vector store query
+ * These are common web framework patterns that should not be flagged as RAG issues
+ */
+function isGenericQueryPattern(lineContent) {
+    const genericQueryPatterns = [
+        // Express/Hono/Koa query params
+        /req\.query\s*\(/i,
+        /c\.req\.query\s*\(/i,
+        /ctx\.query\s*\(/i,
+        /request\.query\s*\(/i,
+        // URL search params
+        /searchParams\.get\s*\(/i,
+        /url\.searchParams/i,
+        /URLSearchParams/i,
+        // Query string parsing
+        /querystring\.parse/i,
+        /qs\.parse/i,
+        // Database query builders (not vector stores)
+        /\.query\s*\(\s*['"`]SELECT/i,
+        /\.query\s*\(\s*['"`]INSERT/i,
+        /\.query\s*\(\s*['"`]UPDATE/i,
+        /\.query\s*\(\s*['"`]DELETE/i,
+        // GraphQL queries
+        /graphql.*query/i,
+        /useQuery\s*\(/i,
+        /useLazyQuery\s*\(/i,
+        // tRPC/React Query
+        /trpc\.\w+\.\w+\.query/i,
+        /\.useQuery\s*\(/i,
+        // Prisma/Drizzle queries
+        /prisma\.\w+\.findMany/i,
+        /db\.query\./i,
+        // Generic method chaining that isn't vector search
+        /\.query\s*\(\s*\)/i, // Empty query call
+    ];
+    return genericQueryPatterns.some(p => p.test(lineContent));
+}
+/**
+ * Check if file has vector store imports (required for RAG detection)
+ */
+function hasVectorStoreImport(content) {
+    const vectorStoreImports = [
+        /from\s+['"]pinecone/i,
+        /from\s+['"]@pinecone-database/i,
+        /from\s+['"]weaviate/i,
+        /from\s+['"]chromadb/i,
+        /from\s+['"]@qdrant/i,
+        /from\s+['"]qdrant/i,
+        /from\s+['"]@langchain\/vectorstores/i,
+        /from\s+['"]langchain\/vectorstores/i,
+        /from\s+['"]faiss/i,
+        /from\s+['"]milvus/i,
+        /from\s+['"]@supabase.*vector/i,
+        /pgvector/i,
+        /VectorStore/i,
+        /Embeddings/i,
+    ];
+    return vectorStoreImports.some(p => p.test(content));
+}
+/**
+ * Check if a file is in a RAG/retrieval context based on path and content
+ */
+function isRAGContextFile(filePath, content) {
+    // Skip client-side fuzzy search libraries - these are NOT vector stores
+    if (isClientSideFuzzySearch(content)) {
+        return false;
+    }
+    // Must have vector store imports to be considered RAG context
+    if (!hasVectorStoreImport(content)) {
+        return false;
+    }
+    // File path indicators of RAG code
+    const ragPathPatterns = [
+        /\/(rag|retrieval|retriever|embedding|vector|knowledge)\//i,
+        /\/(search|index|indexer|embeddings?)\//i,
+        /(rag|retriever|embedding|vector|knowledge).*\.(ts|js|tsx|jsx|py)$/i,
+        /(search|retrieval|indexer).*\.(ts|js|tsx|jsx|py)$/i,
+    ];
+    if (ragPathPatterns.some(p => p.test(filePath))) {
+        return true;
+    }
+    // Content patterns suggesting RAG usage - must be actual vector store clients
+    const ragContentPatterns = [
+        // Vector store patterns - specific to actual vector DBs
+        /VectorStore|Embeddings?|Retriever/i,
+        /similaritySearch|query_engine|retriever/i,
+        /vectorStore|embeddingModel|documentLoader/i,
+        // Framework imports - actual vector store SDKs
+        /from\s+['"](?:langchain|llama[-_]?index|@pinecone|@qdrant|chromadb|weaviate)/i,
+        /import.*(?:Pinecone|Chroma|Weaviate|Qdrant|Milvus|PGVector)/i,
+        // Vercel AI SDK RAG
+        /VercelKVVectorStore|SupabaseVectorStore|createEmbedding/i,
+        // Query patterns - but NOT generic .search() which could be Fuse.js
+        /\.retrieve\(|\.query\(/i,
+        /sourceDocuments|retrievedDocs|retrievedChunks/i,
+        // Supabase vector search
+        /\.rpc\s*\(\s*['"`]match_documents/i,
+        /pgvector|embedding.*vector/i,
+    ];
+    return ragContentPatterns.some(p => p.test(content));
+}
+/**
+ * Check if line/context has access control scoping
+ */
+function hasAccessControlScoping(context) {
+    const accessPatterns = [
+        // User/tenant scoping
+        /userId|user_id|user\.id|currentUser/i,
+        /tenantId|tenant_id|tenant\.id|orgId|org_id|workspaceId/i,
+        // Filter parameters
+        /filter\s*[:=]\s*\{[^}]*(?:user|tenant|org)/i,
+        /where\s*[:=].*(?:user|tenant|org)/i,
+        /metadata\s*[:=].*(?:user|tenant|org)/i,
+        /namespace\s*[:=]/i,
+        // Access check functions
+        /checkAccess|verifyPermission|canRead|canAccess|hasAccess/i,
+        /getAuthorized|filterByUser|filterByTenant/i,
+    ];
+    return accessPatterns.some(p => p.test(context));
+}
+/**
+ * Check if response is filtered/processed before return
+ */
+function hasResponseFiltering(context) {
+    const filterPatterns = [
+        // Content filtering
+        /\.map\s*\([^)]*\.(title|name|id|metadata)\)/i,
+        /\.filter\s*\(/i,
+        /sanitize|redact|mask|strip/i,
+        // Only returning specific fields
+        /return\s*\{[^}]*(?:id|title|summary)[^}]*\}(?![^}]*content)/i,
+    ];
+    return filterPatterns.some(p => p.test(context));
+}
+/**
+ * Check if there's authentication in the route/function
+ */
+function hasAuthenticationInContext(content) {
+    const authPatterns = [
+        /getSession|getCurrentUser|getServerSession/i,
+        /auth\(\)|requireAuth|verifyToken/i,
+        /req\.user|request\.user|context\.user/i,
+        /isAuthenticated|checkAuth|withAuth/i,
+        /Authorization.*Bearer/i,
+        /userId|user\.id|currentUserId/i,
+    ];
+    return authPatterns.some(p => p.test(content));
+}
+/**
+ * Get surrounding context lines
+ */
+function getSurroundingContext(content, lineIndex, windowSize = 25) {
+    const lines = content.split('\n');
+    const start = Math.max(0, lineIndex - windowSize);
+    const end = Math.min(lines.length, lineIndex + windowSize);
+    return lines.slice(start, end).join('\n');
+}
+/**
+ * Unscoped retrieval query patterns
+ * Detects vector store queries without user/tenant filtering
+ */
+const UNSCOPED_RETRIEVAL_PATTERNS = [
+    // Generic vector store queries
+    {
+        name: 'Unscoped vector store query',
+        pattern: /\.(?:query|search|similaritySearch|retrieve)\s*\(\s*(?:["'`][^"'`]+["'`]|[a-zA-Z_]\w*)\s*\)/gi,
+        riskType: 'unscoped_retrieval',
+        baseSeverity: 'high',
+        description: 'Vector store query without user/tenant scoping. Retrieved documents may belong to other users, enabling cross-tenant data access.',
+        suggestedFix: 'Add filter/metadata parameter to scope queries: .query(query, { filter: { userId: currentUser.id } })',
+    },
+    // LangChain retriever invoke
+    {
+        name: 'LangChain retriever without filter',
+        pattern: /retriever\.(?:invoke|getRelevantDocuments)\s*\(\s*(?:["'`][^"'`]+["'`]|[a-zA-Z_]\w*)\s*\)/gi,
+        riskType: 'unscoped_retrieval',
+        baseSeverity: 'high',
+        description: 'LangChain retriever invocation without metadata filter. Documents from all users may be retrieved.',
+        suggestedFix: 'Use a filtered retriever or add metadata filter: retriever.invoke(query, { filter: { userId } })',
+    },
+    // LlamaIndex query engine
+    {
+        name: 'LlamaIndex query engine without filter',
+        pattern: /query_engine\.query\s*\(\s*["'`][^"'`]+["'`]\s*\)/gi,
+        riskType: 'unscoped_retrieval',
+        baseSeverity: 'high',
+        description: 'LlamaIndex query without node postprocessors or filters. All indexed documents are searchable.',
+        suggestedFix: 'Add node_postprocessors to filter by user/tenant metadata before retrieval.',
+    },
+    // Pinecone query
+    {
+        name: 'Pinecone query without metadata filter',
+        pattern: /\.query\s*\(\s*\{[^}]*(?:vector|topK)[^}]*\}\s*\)/gi,
+        riskType: 'unscoped_retrieval',
+        baseSeverity: 'medium',
+        description: 'Pinecone query may lack metadata filtering. Verify namespace or filter is set.',
+        suggestedFix: 'Add filter parameter: .query({ vector, topK, filter: { userId: { $eq: currentUserId } } })',
+    },
+    // Chroma query
+    {
+        name: 'Chroma collection query',
+        pattern: /collection\.query\s*\(\s*\{[^}]*query_texts[^}]*\}\s*\)/gi,
+        riskType: 'unscoped_retrieval',
+        baseSeverity: 'medium',
+        description: 'ChromaDB query without where filter. All documents in collection are searchable.',
+        suggestedFix: 'Add where parameter: collection.query({ query_texts, where: { userId: currentUserId } })',
+    },
+    // Weaviate search
+    {
+        name: 'Weaviate search without filter',
+        pattern: /\.nearText\s*\([^)]+\)\.(?:do|withLimit)/gi,
+        riskType: 'unscoped_retrieval',
+        baseSeverity: 'medium',
+        description: 'Weaviate nearText search without where filter. Results may include other users\' data.',
+        suggestedFix: 'Add .withWhere() to filter by user: .nearText({...}).withWhere({ path: ["userId"], operator: "Equal", valueString: userId })',
+    },
+    // Supabase vector search
+    {
+        name: 'Supabase vector search without RLS',
+        pattern: /\.rpc\s*\(\s*['"`]match_documents['"`]/gi,
+        riskType: 'unscoped_retrieval',
+        baseSeverity: 'medium',
+        description: 'Supabase vector search function called. Ensure RLS policies filter by user.',
+        suggestedFix: 'Verify Row Level Security (RLS) is enabled and filters documents by authenticated user.',
+    },
+];
+/**
+ * Raw context exposure patterns
+ * Detects retrieved documents being returned directly to clients
+ */
+const CONTEXT_EXPOSURE_PATTERNS = [
+    // Returning sourceDocuments in response
+    {
+        name: 'Source documents in API response',
+        pattern: /(?:res\.json|NextResponse\.json|return)\s*\([^)]*(?:sourceDocuments|retrievedDocs|documents|chunks)/gi,
+        riskType: 'context_exposure',
+        baseSeverity: 'medium',
+        description: 'Raw retrieved documents returned in API response. Source content may leak sensitive information from the knowledge base.',
+        suggestedFix: 'Return only synthesized response or document IDs/titles. If source attribution needed, filter to metadata only.',
+    },
+    // Spreading documents into response
+    {
+        name: 'Retrieved context spread in response',
+        pattern: /(?:res\.json|return)\s*\(\s*\{[^}]*\.\.\.(?:docs|documents|chunks|sourceDocuments|context)/gi,
+        riskType: 'context_exposure',
+        baseSeverity: 'medium',
+        description: 'Retrieved document objects spread into response. Full document content may be exposed.',
+        suggestedFix: 'Extract and return only safe fields: { sources: docs.map(d => ({ id: d.id, title: d.title })) }',
+    },
+    // Returning raw context in response object
+    {
+        name: 'Raw retrieval context in response',
+        pattern: /return\s*\{[^}]*(?:context|retrievedContext|ragContext)\s*:/gi,
+        riskType: 'context_exposure',
+        baseSeverity: 'low',
+        description: 'Retrieved context included in response object. Review what data is actually exposed.',
+        suggestedFix: 'Ensure context field contains only safe, summarized content - not raw document text.',
+    },
+    // WebSocket/stream context exposure
+    {
+        name: 'Context in streaming response',
+        pattern: /(?:socket|ws|stream)\.(?:send|emit|write)\s*\([^)]*(?:sourceDocuments|context|chunks)/gi,
+        riskType: 'context_exposure',
+        baseSeverity: 'medium',
+        description: 'Retrieved context sent via streaming/WebSocket. Clients receive raw source data.',
+        suggestedFix: 'Stream only AI-generated text. Send source attribution separately with filtered metadata.',
+    },
+];
+/**
+ * Context logging patterns
+ * Detects logging of retrieved documents or prompts with context
+ */
+const CONTEXT_LOGGING_PATTERNS = [
+    // Logging retrieved documents
+    {
+        name: 'Retrieved documents logged',
+        pattern: /(?:console|logger)\.\w+\s*\([^)]*(?:retrievedDocs|sourceDocuments|documents|chunks)/gi,
+        riskType: 'context_logging',
+        baseSeverity: 'info',
+        description: 'Retrieved documents logged. If logs are accessible, sensitive document content may be exposed.',
+        suggestedFix: 'Log document IDs/titles only: console.log("Retrieved:", docs.map(d => d.id))',
+    },
+    // Logging full prompt with context
+    {
+        name: 'Full prompt with context logged',
+        pattern: /(?:console|logger)\.\w+\s*\([^)]*(?:fullPrompt|promptWithContext|augmentedPrompt)/gi,
+        riskType: 'context_logging',
+        baseSeverity: 'low',
+        description: 'Full prompt (including retrieved context) logged. May expose sensitive document content in logs.',
+        suggestedFix: 'Log prompt length/metadata only. Avoid logging full prompt content in production.',
+    },
+    // Debug logging of RAG context
+    {
+        name: 'RAG context debug logging',
+        pattern: /(?:console\.(?:debug|log)|logger\.debug)\s*\([^)]*(?:context|ragContext|retrievalContext)/gi,
+        riskType: 'context_logging',
+        baseSeverity: 'info',
+        description: 'RAG context logged for debugging. Ensure debug logging is disabled in production.',
+        suggestedFix: 'Use conditional logging: if (process.env.NODE_ENV !== "production") console.debug(...)',
+    },
+    // Storing prompts with context
+    {
+        name: 'Prompt with context persisted',
+        pattern: /(?:\.create|\.insert|\.save)\s*\([^)]*(?:fullPrompt|promptWithContext|augmentedPrompt)/gi,
+        riskType: 'context_logging',
+        baseSeverity: 'medium',
+        description: 'Full prompt with retrieved context being persisted. May store sensitive document content.',
+        suggestedFix: 'Store user query and response separately. Do not persist raw retrieved context.',
+    },
+];
+// ============================================================================
+// Main Detection Function
+// ============================================================================
+/**
+ * Main detection function for RAG data safety issues
+ */
+function detectRAGSafetyIssues(content, filePath) {
+    const vulnerabilities = [];
+    // Skip non-applicable files
+    if ((0, context_helpers_1.isScannerOrFixtureFile)(filePath))
+        return vulnerabilities;
+    if ((0, context_helpers_1.isDocumentationFile)(filePath))
+        return vulnerabilities;
+    // Only scan files in RAG context
+    if (!isRAGContextFile(filePath, content)) {
+        return vulnerabilities;
+    }
+    const lines = content.split('\n');
+    const isTestFile = (0, context_helpers_1.isTestOrMockFile)(filePath);
+    const isExample = (0, context_helpers_1.isExampleDirectory)(filePath);
+    const isLibrary = (0, context_helpers_1.isLibraryCode)(filePath);
+    const hasAuth = hasAuthenticationInContext(content);
+    // Process all pattern categories
+    const allPatterns = [
+        ...UNSCOPED_RETRIEVAL_PATTERNS,
+        ...CONTEXT_EXPOSURE_PATTERNS,
+        ...CONTEXT_LOGGING_PATTERNS,
+    ];
+    for (const pattern of allPatterns) {
+        const regex = new RegExp(pattern.pattern.source, pattern.pattern.flags);
+        let match;
+        while ((match = regex.exec(content)) !== null) {
+            const lineNumber = content.substring(0, match.index).split('\n').length;
+            const lineContent = lines[lineNumber - 1]?.trim() || '';
+            // Skip comments
+            if ((0, context_helpers_1.isComment)(lineContent))
+                continue;
+            // Skip generic query patterns (req.query, searchParams, etc.)
+            if (isGenericQueryPattern(lineContent))
+                continue;
+            // Get surrounding context for analysis
+            const context = getSurroundingContext(content, lineNumber - 1, 25);
+            // Calculate severity based on context
+            let severity = pattern.baseSeverity;
+            let description = pattern.description;
+            const notes = [];
+            // Apply context-aware severity adjustments
+            if (pattern.riskType === 'unscoped_retrieval') {
+                // Check for access control in surrounding context
+                if (hasAccessControlScoping(context)) {
+                    severity = 'info';
+                    notes.push('Access control scoping detected nearby');
+                }
+                else if (!hasAuth) {
+                    // No auth at all - higher risk
+                    if (severity === 'medium')
+                        severity = 'high';
+                    notes.push('No authentication detected in this file');
+                }
+            }
+            if (pattern.riskType === 'context_exposure') {
+                // Check if response is filtered
+                if (hasResponseFiltering(context)) {
+                    severity = 'info';
+                    notes.push('Response filtering detected');
+                }
+                else if (!hasAuth) {
+                    // Unauthenticated endpoint exposing context - higher risk
+                    if (severity === 'medium')
+                        severity = 'high';
+                    notes.push('Endpoint may be unauthenticated');
+                }
+            }
+            // Downgrade test files
+            if (isTestFile) {
+                severity = 'info';
+                notes.push('in test file');
+            }
+            // Downgrade example/demo directories
+            if (isExample && severity !== 'info') {
+                severity = 'info';
+                notes.push('in example/demo directory');
+            }
+            // Downgrade library code - base classes are intentionally generic
+            if (isLibrary && severity !== 'info') {
+                severity = 'info';
+                notes.push('library code - consumers add access controls');
+            }
+            // Build final description
+            if (notes.length > 0) {
+                description += ` (${notes.join('; ')})`;
+            }
+            vulnerabilities.push({
+                id: `ai-rag-${filePath}-${lineNumber}-${pattern.name.replace(/\s+/g, '-')}`,
+                filePath,
+                lineNumber,
+                lineContent,
+                severity,
+                category: 'ai_rag_exfiltration',
+                title: pattern.name,
+                description,
+                suggestedFix: pattern.suggestedFix,
+                confidence: severity === 'info' ? 'low' : 'medium',
+                layer: 2,
+                requiresAIValidation: severity !== 'info' && pattern.riskType !== 'context_logging',
+            });
+        }
+    }
+    return vulnerabilities;
+}
+//# sourceMappingURL=ai-rag-safety.js.map

package/dist/layer2/ai-rag-safety.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai-rag-safety.js","sourceRoot":"","sources":["../../src/layer2/ai-rag-safety.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;AA8XH,sDAoHC;AAGQ,4CAAgB;AAlfzB,8DAOiC;AAEjC,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;;GAGG;AACH,SAAS,uBAAuB,CAAC,OAAe;IAC9C,MAAM,mBAAmB,GAAG;QAC1B,qCAAqC;QACrC,kCAAkC;QAClC,uCAAuC;QACvC,kBAAkB;QAClB,qCAAqC;QACrC,oCAAoC;QACpC,8BAA8B;QAC9B,oCAAoC;QACpC,mCAAmC;QACnC,sCAAsC;KACvC,CAAA;IACD,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACvD,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAAC,WAAmB;IAChD,MAAM,oBAAoB,GAAG;QAC3B,gCAAgC;QAChC,kBAAkB;QAClB,qBAAqB;QACrB,kBAAkB;QAClB,sBAAsB;QACtB,oBAAoB;QACpB,yBAAyB;QACzB,oBAAoB;QACpB,kBAAkB;QAClB,uBAAuB;QACvB,qBAAqB;QACrB,YAAY;QACZ,8CAA8C;QAC9C,6BAA6B;QAC7B,6BAA6B;QAC7B,6BAA6B;QAC7B,6BAA6B;QAC7B,kBAAkB;QAClB,iBAAiB;QACjB,gBAAgB;QAChB,oBAAoB;QACpB,mBAAmB;QACnB,wBAAwB;QACxB,kBAAkB;QAClB,yBAAyB;QACzB,wBAAwB;QACxB,cAAc;QACd,mDAAmD;QACnD,oBAAoB,EAAG,mBAAmB;KAC3C,CAAA;IACD,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;AAC5D,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,OAAe;IAC3C,MAAM,kBAAkB,GAAG;QACzB,sBAAsB;QACtB,gCAAgC;QAChC,sBAAsB;QACtB,sBAAsB;QACtB,qBAAqB;QACrB,oBAAoB;QACpB,sCAAsC;QACtC,qCAAqC;QACrC,mBAAmB;QACnB,oBAAoB;QACpB,+BAA+B;QAC/B,WAAW;QACX,cAAc;QACd,aAAa;KACd,CAAA;IACD,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACtD,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,QAAgB,EAAE,OAAe;IACzD,wEAAwE;IACxE,IAAI,uBAAuB,CAAC,OAAO,CAAC,EAAE,CAAC;QACrC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,8DAA8D;IAC9D,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;QACnC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,mCAAmC;IACnC,MAAM,eAAe,GAAG;QACtB,2DAA2D;QAC3D,yCAAyC;QACzC,oEAAoE;QACpE,oDAAoD;KACrD,CAAA;IAED,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QAChD,OAAO,IAAI,CAAA;IACb,CAAC;IAED,8EAA8E;IAC9E,MAAM,kBAAkB,GAAG;QACzB,wDAAwD;QACxD,oCAAoC;QACpC,0CAA0C;QAC1C,4CAA4C;QAC5C,+CAA+C;QAC/C,+EAA+E;QAC/E,8DAA8D;QAC9D,oBAAoB;QACpB,0DAA0D;QAC1D,oEAAoE;QACpE,yBAAyB;QACzB,gDAAgD;QAChD,yBAAyB;QACzB,oCAAoC;QACpC,6BAA6B;KAC9B,CAAA;IAED,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACtD,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAAC,OAAe;IAC9C,MAAM,cAAc,GAAG;QACrB,sBAAsB;QACtB,sCAAsC;QACtC,yDAAyD;QACzD,oBAAoB;QACpB,6CAA6C;QAC7C,oCAAoC;QACpC,uCAAuC;QACvC,mBAAmB;QACnB,yBAAyB;QACzB,2DAA2D;QAC3D,4CAA4C;KAC7C,CAAA;IACD,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AAClD,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,OAAe;IAC3C,MAAM,cAAc,GAAG;QACrB,oBAAoB;QACpB,8CAA8C;QAC9C,gBAAgB;QAChB,6BAA6B;QAC7B,iCAAiC;QACjC,8DAA8D;KAC/D,CAAA;IACD,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AAClD,CAAC;AAED;;GAEG;AACH,SAAS,0BAA0B,CAAC,OAAe;IACjD,MAAM,YAAY,GAAG;QACnB,6CAA6C;QAC7C,mCAAmC;QACnC,wCAAwC;QACxC,qCAAqC;QACrC,wBAAwB;QACxB,gCAAgC;KACjC,CAAA;IACD,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AAChD,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,OAAe,EAAE,SAAiB,EAAE,aAAqB,EAAE;IACxF,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC,CAAA;IACjD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,GAAG,UAAU,CAAC,CAAA;IAC1D,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AAC3C,CAAC;AAeD;;;GAGG;AACH,MAAM,2BAA2B,GAAuB;IACtD,+BAA+B;IAC/B;QACE,IAAI,EAAE,6BAA6B;QACnC,OAAO,EAAE,+FAA+F;QACxG,QAAQ,EAAE,oBAAoB;QAC9B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,mIAAmI;QAChJ,YAAY,EAAE,uGAAuG;KACtH;IACD,6BAA6B;IAC7B;QACE,IAAI,EAAE,oCAAoC;QAC1C,OAAO,EAAE,6FAA6F;QACtG,QAAQ,EAAE,oBAAoB;QAC9B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,oGAAoG;QACjH,YAAY,EAAE,kGAAkG;KACjH;IACD,0BAA0B;IAC1B;QACE,IAAI,EAAE,wCAAwC;QAC9C,OAAO,EAAE,qDAAqD;QAC9D,QAAQ,EAAE,oBAAoB;QAC9B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,gGAAgG;QAC7G,YAAY,EAAE,6EAA6E;KAC5F;IACD,iBAAiB;IACjB;QACE,IAAI,EAAE,wCAAwC;QAC9C,OAAO,EAAE,qDAAqD;QAC9D,QAAQ,EAAE,oBAAoB;QAC9B,YAAY,EAAE,QAAQ;QACtB,WAAW,EAAE,gFAAgF;QAC7F,YAAY,EAAE,4FAA4F;KAC3G;IACD,eAAe;IACf;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,2DAA2D;QACpE,QAAQ,EAAE,oBAAoB;QAC9B,YAAY,EAAE,QAAQ;QACtB,WAAW,EAAE,kFAAkF;QAC/F,YAAY,EAAE,0FAA0F;KACzG;IACD,kBAAkB;IAClB;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,4CAA4C;QACrD,QAAQ,EAAE,oBAAoB;QAC9B,YAAY,EAAE,QAAQ;QACtB,WAAW,EAAE,wFAAwF;QACrG,YAAY,EAAE,8HAA8H;KAC7I;IACD,yBAAyB;IACzB;QACE,IAAI,EAAE,oCAAoC;QAC1C,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,oBAAoB;QAC9B,YAAY,EAAE,QAAQ;QACtB,WAAW,EAAE,6EAA6E;QAC1F,YAAY,EAAE,yFAAyF;KACxG;CACF,CAAA;AAED;;;GAGG;AACH,MAAM,yBAAyB,GAAuB;IACpD,wCAAwC;IACxC;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,uGAAuG;QAChH,QAAQ,EAAE,kBAAkB;QAC5B,YAAY,EAAE,QAAQ;QACtB,WAAW,EAAE,0HAA0H;QACvI,YAAY,EAAE,iHAAiH;KAChI;IACD,oCAAoC;IACpC;QACE,IAAI,EAAE,sCAAsC;QAC5C,OAAO,EAAE,8FAA8F;QACvG,QAAQ,EAAE,kBAAkB;QAC5B,YAAY,EAAE,QAAQ;QACtB,WAAW,EAAE,wFAAwF;QACrG,YAAY,EAAE,iGAAiG;KAChH;IACD,2CAA2C;IAC3C;QACE,IAAI,EAAE,mCAAmC;QACzC,OAAO,EAAE,+DAA+D;QACxE,QAAQ,EAAE,kBAAkB;QAC5B,YAAY,EAAE,KAAK;QACnB,WAAW,EAAE,sFAAsF;QACnG,YAAY,EAAE,sFAAsF;KACrG;IACD,oCAAoC;IACpC;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,yFAAyF;QAClG,QAAQ,EAAE,kBAAkB;QAC5B,YAAY,EAAE,QAAQ;QACtB,WAAW,EAAE,kFAAkF;QAC/F,YAAY,EAAE,2FAA2F;KAC1G;CACF,CAAA;AAED;;;GAGG;AACH,MAAM,wBAAwB,GAAuB;IACnD,8BAA8B;IAC9B;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,uFAAuF;QAChG,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,gGAAgG;QAC7G,YAAY,EAAE,8EAA8E;KAC7F;IACD,mCAAmC;IACnC;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,qFAAqF;QAC9F,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,KAAK;QACnB,WAAW,EAAE,kGAAkG;QAC/G,YAAY,EAAE,mFAAmF;KAClG;IACD,+BAA+B;IAC/B;QACE,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,6FAA6F;QACtG,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,mFAAmF;QAChG,YAAY,EAAE,wFAAwF;KACvG;IACD,+BAA+B;IAC/B;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,0FAA0F;QACnG,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,QAAQ;QACtB,WAAW,EAAE,2FAA2F;QACxG,YAAY,EAAE,iFAAiF;KAChG;CACF,CAAA;AAED,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAE/E;;GAEG;AACH,SAAgB,qBAAqB,CACnC,OAAe,EACf,QAAgB;IAEhB,MAAM,eAAe,GAAoB,EAAE,CAAA;IAE3C,4BAA4B;IAC5B,IAAI,IAAA,wCAAsB,EAAC,QAAQ,CAAC;QAAE,OAAO,eAAe,CAAA;IAC5D,IAAI,IAAA,qCAAmB,EAAC,QAAQ,CAAC;QAAE,OAAO,eAAe,CAAA;IAEzD,iCAAiC;IACjC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;QACzC,OAAO,eAAe,CAAA;IACxB,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,UAAU,GAAG,IAAA,kCAAgB,EAAC,QAAQ,CAAC,CAAA;IAC7C,MAAM,SAAS,GAAG,IAAA,oCAAkB,EAAC,QAAQ,CAAC,CAAA;IAC9C,MAAM,SAAS,GAAG,IAAA,+BAAa,EAAC,QAAQ,CAAC,CAAA;IACzC,MAAM,OAAO,GAAG,0BAA0B,CAAC,OAAO,CAAC,CAAA;IAEnD,iCAAiC;IACjC,MAAM,WAAW,GAAuB;QACtC,GAAG,2BAA2B;QAC9B,GAAG,yBAAyB;QAC5B,GAAG,wBAAwB;KAC5B,CAAA;IAED,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;QACvE,IAAI,KAAK,CAAA;QAET,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAA;YACvE,MAAM,WAAW,GAAG,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;YAEvD,gBAAgB;YAChB,IAAI,IAAA,2BAAS,EAAC,WAAW,CAAC;gBAAE,SAAQ;YAEpC,8DAA8D;YAC9D,IAAI,qBAAqB,CAAC,WAAW,CAAC;gBAAE,SAAQ;YAEhD,uCAAuC;YACvC,MAAM,OAAO,GAAG,qBAAqB,CAAC,OAAO,EAAE,UAAU,GAAG,CAAC,EAAE,EAAE,CAAC,CAAA;YAElE,sCAAsC;YACtC,IAAI,QAAQ,GAAG,OAAO,CAAC,YAAY,CAAA;YACnC,IAAI,WAAW,GAAG,OAAO,CAAC,WAAW,CAAA;YACrC,MAAM,KAAK,GAAa,EAAE,CAAA;YAE1B,2CAA2C;YAC3C,IAAI,OAAO,CAAC,QAAQ,KAAK,oBAAoB,EAAE,CAAC;gBAC9C,kDAAkD;gBAClD,IAAI,uBAAuB,CAAC,OAAO,CAAC,EAAE,CAAC;oBACrC,QAAQ,GAAG,MAAM,CAAA;oBACjB,KAAK,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAA;gBACtD,CAAC;qBAAM,IAAI,CAAC,OAAO,EAAE,CAAC;oBACpB,+BAA+B;oBAC/B,IAAI,QAAQ,KAAK,QAAQ;wBAAE,QAAQ,GAAG,MAAM,CAAA;oBAC5C,KAAK,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAA;gBACvD,CAAC;YACH,CAAC;YAED,IAAI,OAAO,CAAC,QAAQ,KAAK,kBAAkB,EAAE,CAAC;gBAC5C,gCAAgC;gBAChC,IAAI,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;oBAClC,QAAQ,GAAG,MAAM,CAAA;oBACjB,KAAK,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAA;gBAC3C,CAAC;qBAAM,IAAI,CAAC,OAAO,EAAE,CAAC;oBACpB,0DAA0D;oBAC1D,IAAI,QAAQ,KAAK,QAAQ;wBAAE,QAAQ,GAAG,MAAM,CAAA;oBAC5C,KAAK,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAA;gBAC/C,CAAC;YACH,CAAC;YAED,uBAAuB;YACvB,IAAI,UAAU,EAAE,CAAC;gBACf,QAAQ,GAAG,MAAM,CAAA;gBACjB,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;YAC5B,CAAC;YAED,qCAAqC;YACrC,IAAI,SAAS,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;gBACrC,QAAQ,GAAG,MAAM,CAAA;gBACjB,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAA;YACzC,CAAC;YAED,kEAAkE;YAClE,IAAI,SAAS,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;gBACrC,QAAQ,GAAG,MAAM,CAAA;gBACjB,KAAK,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAA;YAC5D,CAAC;YAED,0BAA0B;YAC1B,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrB,WAAW,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAA;YACzC,CAAC;YAED,eAAe,CAAC,IAAI,CAAC;gBACnB,EAAE,EAAE,UAAU,QAAQ,IAAI,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE;gBAC3E,QAAQ;gBACR,UAAU;gBACV,WAAW;gBACX,QAAQ;gBACR,QAAQ,EAAE,qBAAqB;gBAC/B,KAAK,EAAE,OAAO,CAAC,IAAI;gBACnB,WAAW;gBACX,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,UAAU,EAAE,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ;gBAClD,KAAK,EAAE,CAAC;gBACR,oBAAoB,EAAE,QAAQ,KAAK,MAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,iBAAiB;aACpF,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC"}

package/dist/layer2/ai-schema-validation.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Layer 2: AI Schema/Tooling Validation Detection
+ * Detects missing or weak validation of AI-generated structured outputs
+ *
+ * Covers:
+ * - M5.3: Schema/tooling mismatch
+ * - Unvalidated JSON parsing of AI outputs
+ * - Weak schema patterns (any, permissive)
+ * - Tool invocation parameters not validated
+ */
+import type { Vulnerability } from '../types';
+/**
+ * Check if file is in an AI/LLM context
+ */
+declare function isAIContextFile(filePath: string, content: string): boolean;
+/**
+ * Check if there's schema validation in the context
+ */
+declare function hasSchemaValidation(context: string): boolean;
+/**
+ * Main detection function for AI schema/tooling validation issues
+ */
+export declare function detectAISchemaValidation(content: string, filePath: string): Vulnerability[];
+export { isAIContextFile, hasSchemaValidation };
+//# sourceMappingURL=ai-schema-validation.d.ts.map

package/dist/layer2/ai-schema-validation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai-schema-validation.d.ts","sourceRoot":"","sources":["../../src/layer2/ai-schema-validation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAyB,MAAM,UAAU,CAAA;AAYpE;;GAEG;AACH,iBAAS,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAsBnE;AAED;;GAEG;AACH,iBAAS,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAyBrD;AA+ND;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,aAAa,EAAE,CA8GjB;AAGD,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,CAAA"}