@oculum/scanner 1.0.11 → 1.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/ai-context/index.d.ts +6 -0
- package/dist/ai-context/index.d.ts.map +1 -0
- package/dist/ai-context/index.js +13 -0
- package/dist/ai-context/index.js.map +1 -0
- package/dist/ai-context/manager.d.ts +67 -0
- package/dist/ai-context/manager.d.ts.map +1 -0
- package/dist/ai-context/manager.js +104 -0
- package/dist/ai-context/manager.js.map +1 -0
- package/dist/category-filter.d.ts +125 -0
- package/dist/category-filter.d.ts.map +1 -0
- package/dist/category-filter.js +360 -0
- package/dist/category-filter.js.map +1 -0
- package/dist/detect/ai-code/agent-tools.d.ts +22 -0
- package/dist/detect/ai-code/agent-tools.d.ts.map +1 -0
- package/dist/detect/ai-code/agent-tools.js +1509 -0
- package/dist/detect/ai-code/agent-tools.js.map +1 -0
- package/dist/detect/ai-code/byok-patterns.d.ts +15 -0
- package/dist/detect/ai-code/byok-patterns.d.ts.map +1 -0
- package/dist/detect/ai-code/byok-patterns.js +313 -0
- package/dist/detect/ai-code/byok-patterns.js.map +1 -0
- package/dist/detect/ai-code/endpoint-protection.d.ts +38 -0
- package/dist/detect/ai-code/endpoint-protection.d.ts.map +1 -0
- package/dist/detect/ai-code/endpoint-protection.js +349 -0
- package/dist/detect/ai-code/endpoint-protection.js.map +1 -0
- package/dist/detect/ai-code/execution-sinks.d.ts +21 -0
- package/dist/detect/ai-code/execution-sinks.d.ts.map +1 -0
- package/dist/detect/ai-code/execution-sinks.js +1158 -0
- package/dist/detect/ai-code/execution-sinks.js.map +1 -0
- package/dist/detect/ai-code/fingerprinting.d.ts +10 -0
- package/dist/detect/ai-code/fingerprinting.d.ts.map +1 -0
- package/dist/detect/ai-code/fingerprinting.js +665 -0
- package/dist/detect/ai-code/fingerprinting.js.map +1 -0
- package/dist/detect/ai-code/index.d.ts +12 -0
- package/dist/detect/ai-code/index.d.ts.map +1 -0
- package/dist/detect/ai-code/index.js +26 -0
- package/dist/detect/ai-code/index.js.map +1 -0
- package/dist/detect/ai-code/mcp-security.d.ts +20 -0
- package/dist/detect/ai-code/mcp-security.d.ts.map +1 -0
- package/dist/detect/ai-code/mcp-security.js +880 -0
- package/dist/detect/ai-code/mcp-security.js.map +1 -0
- package/dist/detect/ai-code/model-supply-chain.d.ts +23 -0
- package/dist/detect/ai-code/model-supply-chain.d.ts.map +1 -0
- package/dist/detect/ai-code/model-supply-chain.js +447 -0
- package/dist/detect/ai-code/model-supply-chain.js.map +1 -0
- package/dist/detect/ai-code/package-hallucination.d.ts +22 -0
- package/dist/detect/ai-code/package-hallucination.d.ts.map +1 -0
- package/dist/detect/ai-code/package-hallucination.js +841 -0
- package/dist/detect/ai-code/package-hallucination.js.map +1 -0
- package/dist/detect/ai-code/prompt-hygiene.d.ts +22 -0
- package/dist/detect/ai-code/prompt-hygiene.d.ts.map +1 -0
- package/dist/detect/ai-code/prompt-hygiene.js +1177 -0
- package/dist/detect/ai-code/prompt-hygiene.js.map +1 -0
- package/dist/detect/ai-code/rag-safety.d.ts +24 -0
- package/dist/detect/ai-code/rag-safety.d.ts.map +1 -0
- package/dist/detect/ai-code/rag-safety.js +913 -0
- package/dist/detect/ai-code/rag-safety.js.map +1 -0
- package/dist/detect/ai-code/schema-validation.d.ts +28 -0
- package/dist/detect/ai-code/schema-validation.d.ts.map +1 -0
- package/dist/detect/ai-code/schema-validation.js +378 -0
- package/dist/detect/ai-code/schema-validation.js.map +1 -0
- package/dist/detect/config/agent-skill-injection.d.ts +27 -0
- package/dist/detect/config/agent-skill-injection.d.ts.map +1 -0
- package/dist/detect/config/agent-skill-injection.js +472 -0
- package/dist/detect/config/agent-skill-injection.js.map +1 -0
- package/dist/detect/config/comments.d.ts +11 -0
- package/dist/detect/config/comments.d.ts.map +1 -0
- package/dist/detect/config/comments.js +206 -0
- package/dist/detect/config/comments.js.map +1 -0
- package/dist/detect/config/file-flags.d.ts +10 -0
- package/dist/detect/config/file-flags.d.ts.map +1 -0
- package/dist/detect/config/file-flags.js +124 -0
- package/dist/detect/config/file-flags.js.map +1 -0
- package/dist/detect/config/index.d.ts +7 -0
- package/dist/detect/config/index.d.ts.map +1 -0
- package/dist/detect/config/index.js +17 -0
- package/dist/detect/config/index.js.map +1 -0
- package/dist/detect/config/osv-check.d.ts +75 -0
- package/dist/detect/config/osv-check.d.ts.map +1 -0
- package/dist/detect/config/osv-check.js +309 -0
- package/dist/detect/config/osv-check.js.map +1 -0
- package/dist/detect/config/package-check.d.ts +63 -0
- package/dist/detect/config/package-check.d.ts.map +1 -0
- package/dist/detect/config/package-check.js +509 -0
- package/dist/detect/config/package-check.js.map +1 -0
- package/dist/detect/config/urls.d.ts +11 -0
- package/dist/detect/config/urls.d.ts.map +1 -0
- package/dist/detect/config/urls.js +450 -0
- package/dist/detect/config/urls.js.map +1 -0
- package/dist/detect/index.d.ts +37 -0
- package/dist/detect/index.d.ts.map +1 -0
- package/dist/detect/index.js +77 -0
- package/dist/detect/index.js.map +1 -0
- package/dist/detect/secrets/config-audit.d.ts +11 -0
- package/dist/detect/secrets/config-audit.d.ts.map +1 -0
- package/dist/detect/secrets/config-audit.js +315 -0
- package/dist/detect/secrets/config-audit.js.map +1 -0
- package/dist/detect/secrets/config-mcp-audit.d.ts +23 -0
- package/dist/detect/secrets/config-mcp-audit.d.ts.map +1 -0
- package/dist/detect/secrets/config-mcp-audit.js +243 -0
- package/dist/detect/secrets/config-mcp-audit.js.map +1 -0
- package/dist/detect/secrets/entropy.d.ts +11 -0
- package/dist/detect/secrets/entropy.d.ts.map +1 -0
- package/dist/detect/secrets/entropy.js +751 -0
- package/dist/detect/secrets/entropy.js.map +1 -0
- package/dist/detect/secrets/index.d.ts +36 -0
- package/dist/detect/secrets/index.d.ts.map +1 -0
- package/dist/detect/secrets/index.js +174 -0
- package/dist/detect/secrets/index.js.map +1 -0
- package/dist/detect/secrets/patterns.d.ts +11 -0
- package/dist/detect/secrets/patterns.d.ts.map +1 -0
- package/dist/detect/secrets/patterns.js +518 -0
- package/dist/detect/secrets/patterns.js.map +1 -0
- package/dist/detect/secrets/weak-crypto.d.ts +10 -0
- package/dist/detect/secrets/weak-crypto.d.ts.map +1 -0
- package/dist/detect/secrets/weak-crypto.js +432 -0
- package/dist/detect/secrets/weak-crypto.js.map +1 -0
- package/dist/detect/structural/auth-patterns.d.ts +22 -0
- package/dist/detect/structural/auth-patterns.d.ts.map +1 -0
- package/dist/detect/structural/auth-patterns.js +533 -0
- package/dist/detect/structural/auth-patterns.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/child-process.d.ts +16 -0
- package/dist/detect/structural/dangerous-functions/child-process.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/child-process.js +74 -0
- package/dist/detect/structural/dangerous-functions/child-process.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/dom-xss.d.ts +34 -0
- package/dist/detect/structural/dangerous-functions/dom-xss.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/dom-xss.js +230 -0
- package/dist/detect/structural/dangerous-functions/dom-xss.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/index.d.ts +16 -0
- package/dist/detect/structural/dangerous-functions/index.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/index.js +1193 -0
- package/dist/detect/structural/dangerous-functions/index.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/json-parse.d.ts +31 -0
- package/dist/detect/structural/dangerous-functions/json-parse.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/json-parse.js +326 -0
- package/dist/detect/structural/dangerous-functions/json-parse.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/math-random.d.ts +111 -0
- package/dist/detect/structural/dangerous-functions/math-random.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/math-random.js +684 -0
- package/dist/detect/structural/dangerous-functions/math-random.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/patterns.d.ts +21 -0
- package/dist/detect/structural/dangerous-functions/patterns.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/patterns.js +163 -0
- package/dist/detect/structural/dangerous-functions/patterns.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/request-validation.d.ts +13 -0
- package/dist/detect/structural/dangerous-functions/request-validation.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/request-validation.js +126 -0
- package/dist/detect/structural/dangerous-functions/request-validation.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts +24 -0
- package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/control-flow.js +70 -0
- package/dist/detect/structural/dangerous-functions/utils/control-flow.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts +31 -0
- package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/helpers.js +147 -0
- package/dist/detect/structural/dangerous-functions/utils/helpers.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/index.d.ts +9 -0
- package/dist/detect/structural/dangerous-functions/utils/index.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/index.js +23 -0
- package/dist/detect/structural/dangerous-functions/utils/index.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts +22 -0
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.js +102 -0
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.js.map +1 -0
- package/dist/detect/structural/data-exposure.d.ts +19 -0
- package/dist/detect/structural/data-exposure.d.ts.map +1 -0
- package/dist/detect/structural/data-exposure.js +262 -0
- package/dist/detect/structural/data-exposure.js.map +1 -0
- package/dist/detect/structural/framework-checks.d.ts +10 -0
- package/dist/detect/structural/framework-checks.d.ts.map +1 -0
- package/dist/detect/structural/framework-checks.js +389 -0
- package/dist/detect/structural/framework-checks.js.map +1 -0
- package/dist/detect/structural/index.d.ts +71 -0
- package/dist/detect/structural/index.d.ts.map +1 -0
- package/dist/detect/structural/index.js +510 -0
- package/dist/detect/structural/index.js.map +1 -0
- package/dist/detect/structural/log-injection.d.ts +18 -0
- package/dist/detect/structural/log-injection.d.ts.map +1 -0
- package/dist/detect/structural/log-injection.js +217 -0
- package/dist/detect/structural/log-injection.js.map +1 -0
- package/dist/detect/structural/logic-gates.d.ts +10 -0
- package/dist/detect/structural/logic-gates.d.ts.map +1 -0
- package/dist/detect/structural/logic-gates.js +227 -0
- package/dist/detect/structural/logic-gates.js.map +1 -0
- package/dist/detect/structural/risky-imports.d.ts +10 -0
- package/dist/detect/structural/risky-imports.d.ts.map +1 -0
- package/dist/detect/structural/risky-imports.js +168 -0
- package/dist/detect/structural/risky-imports.js.map +1 -0
- package/dist/detect/structural/security-headers.d.ts +18 -0
- package/dist/detect/structural/security-headers.d.ts.map +1 -0
- package/dist/detect/structural/security-headers.js +196 -0
- package/dist/detect/structural/security-headers.js.map +1 -0
- package/dist/detect/structural/ssrf-detection.d.ts +18 -0
- package/dist/detect/structural/ssrf-detection.d.ts.map +1 -0
- package/dist/detect/structural/ssrf-detection.js +263 -0
- package/dist/detect/structural/ssrf-detection.js.map +1 -0
- package/dist/detect/structural/variables.d.ts +11 -0
- package/dist/detect/structural/variables.d.ts.map +1 -0
- package/dist/detect/structural/variables.js +159 -0
- package/dist/detect/structural/variables.js.map +1 -0
- package/dist/detect/structural/xxe-detection.d.ts +18 -0
- package/dist/detect/structural/xxe-detection.d.ts.map +1 -0
- package/dist/detect/structural/xxe-detection.js +245 -0
- package/dist/detect/structural/xxe-detection.js.map +1 -0
- package/dist/filtering/context-adjustments.d.ts +23 -0
- package/dist/filtering/context-adjustments.d.ts.map +1 -0
- package/dist/filtering/context-adjustments.js +100 -0
- package/dist/filtering/context-adjustments.js.map +1 -0
- package/dist/filtering/index.d.ts +3 -0
- package/dist/filtering/index.d.ts.map +1 -0
- package/dist/filtering/index.js +8 -0
- package/dist/filtering/index.js.map +1 -0
- package/dist/filtering/pipeline.d.ts +48 -0
- package/dist/filtering/pipeline.d.ts.map +1 -0
- package/dist/filtering/pipeline.js +76 -0
- package/dist/filtering/pipeline.js.map +1 -0
- package/dist/formatters/ai-context.d.ts +23 -0
- package/dist/formatters/ai-context.d.ts.map +1 -0
- package/dist/formatters/ai-context.js +238 -0
- package/dist/formatters/ai-context.js.map +1 -0
- package/dist/formatters/github-comment.d.ts +1 -1
- package/dist/formatters/github-comment.d.ts.map +1 -1
- package/dist/formatters/github-comment.js +2 -2
- package/dist/formatters/github-comment.js.map +1 -1
- package/dist/formatters/ide/claude-code.d.ts +17 -0
- package/dist/formatters/ide/claude-code.d.ts.map +1 -0
- package/dist/formatters/ide/claude-code.js +94 -0
- package/dist/formatters/ide/claude-code.js.map +1 -0
- package/dist/formatters/ide/cursor.d.ts +13 -0
- package/dist/formatters/ide/cursor.d.ts.map +1 -0
- package/dist/formatters/ide/cursor.js +125 -0
- package/dist/formatters/ide/cursor.js.map +1 -0
- package/dist/formatters/ide/index.d.ts +62 -0
- package/dist/formatters/ide/index.d.ts.map +1 -0
- package/dist/formatters/ide/index.js +184 -0
- package/dist/formatters/ide/index.js.map +1 -0
- package/dist/formatters/ide/windsurf.d.ts +13 -0
- package/dist/formatters/ide/windsurf.d.ts.map +1 -0
- package/dist/formatters/ide/windsurf.js +117 -0
- package/dist/formatters/ide/windsurf.js.map +1 -0
- package/dist/formatters/index.d.ts +2 -0
- package/dist/formatters/index.d.ts.map +1 -1
- package/dist/formatters/index.js +17 -1
- package/dist/formatters/index.js.map +1 -1
- package/dist/index.d.ts +17 -60
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +67 -824
- package/dist/index.js.map +1 -1
- package/dist/layer1/comments.d.ts +4 -1
- package/dist/layer1/comments.d.ts.map +1 -1
- package/dist/layer1/comments.js +1 -1
- package/dist/layer1/comments.js.map +1 -1
- package/dist/layer1/config-audit.d.ts +4 -1
- package/dist/layer1/config-audit.d.ts.map +1 -1
- package/dist/layer1/config-audit.js +45 -11
- package/dist/layer1/config-audit.js.map +1 -1
- package/dist/layer1/config-mcp-audit.d.ts +4 -1
- package/dist/layer1/config-mcp-audit.d.ts.map +1 -1
- package/dist/layer1/config-mcp-audit.js +2 -2
- package/dist/layer1/config-mcp-audit.js.map +1 -1
- package/dist/layer1/entropy.d.ts +4 -1
- package/dist/layer1/entropy.d.ts.map +1 -1
- package/dist/layer1/entropy.js +212 -1
- package/dist/layer1/entropy.js.map +1 -1
- package/dist/layer1/file-flags.d.ts +4 -1
- package/dist/layer1/file-flags.d.ts.map +1 -1
- package/dist/layer1/file-flags.js +12 -5
- package/dist/layer1/file-flags.js.map +1 -1
- package/dist/layer1/index.d.ts.map +1 -1
- package/dist/layer1/index.js +14 -19
- package/dist/layer1/index.js.map +1 -1
- package/dist/layer1/patterns.d.ts +4 -1
- package/dist/layer1/patterns.d.ts.map +1 -1
- package/dist/layer1/patterns.js +34 -4
- package/dist/layer1/patterns.js.map +1 -1
- package/dist/layer1/urls.d.ts +4 -1
- package/dist/layer1/urls.d.ts.map +1 -1
- package/dist/layer1/urls.js +162 -14
- package/dist/layer1/urls.js.map +1 -1
- package/dist/layer1/weak-crypto.d.ts +4 -1
- package/dist/layer1/weak-crypto.d.ts.map +1 -1
- package/dist/layer1/weak-crypto.js +144 -7
- package/dist/layer1/weak-crypto.js.map +1 -1
- package/dist/layer2/ai-agent-tools.d.ts +4 -1
- package/dist/layer2/ai-agent-tools.d.ts.map +1 -1
- package/dist/layer2/ai-agent-tools.js +661 -2
- package/dist/layer2/ai-agent-tools.js.map +1 -1
- package/dist/layer2/ai-endpoint-protection.d.ts +2 -0
- package/dist/layer2/ai-endpoint-protection.d.ts.map +1 -1
- package/dist/layer2/ai-endpoint-protection.js +1 -1
- package/dist/layer2/ai-endpoint-protection.js.map +1 -1
- package/dist/layer2/ai-execution-sinks.d.ts +4 -1
- package/dist/layer2/ai-execution-sinks.d.ts.map +1 -1
- package/dist/layer2/ai-execution-sinks.js +252 -43
- package/dist/layer2/ai-execution-sinks.js.map +1 -1
- package/dist/layer2/ai-fingerprinting.d.ts +4 -1
- package/dist/layer2/ai-fingerprinting.d.ts.map +1 -1
- package/dist/layer2/ai-fingerprinting.js +25 -32
- package/dist/layer2/ai-fingerprinting.js.map +1 -1
- package/dist/layer2/ai-mcp-security.d.ts +4 -1
- package/dist/layer2/ai-mcp-security.d.ts.map +1 -1
- package/dist/layer2/ai-mcp-security.js +200 -2
- package/dist/layer2/ai-mcp-security.js.map +1 -1
- package/dist/layer2/ai-package-hallucination.d.ts +4 -1
- package/dist/layer2/ai-package-hallucination.d.ts.map +1 -1
- package/dist/layer2/ai-package-hallucination.js +136 -4
- package/dist/layer2/ai-package-hallucination.js.map +1 -1
- package/dist/layer2/ai-prompt-hygiene.d.ts +4 -1
- package/dist/layer2/ai-prompt-hygiene.d.ts.map +1 -1
- package/dist/layer2/ai-prompt-hygiene.js +342 -28
- package/dist/layer2/ai-prompt-hygiene.js.map +1 -1
- package/dist/layer2/ai-rag-safety.d.ts +4 -1
- package/dist/layer2/ai-rag-safety.d.ts.map +1 -1
- package/dist/layer2/ai-rag-safety.js +82 -2
- package/dist/layer2/ai-rag-safety.js.map +1 -1
- package/dist/layer2/ai-schema-validation.d.ts +4 -1
- package/dist/layer2/ai-schema-validation.d.ts.map +1 -1
- package/dist/layer2/ai-schema-validation.js +2 -2
- package/dist/layer2/ai-schema-validation.js.map +1 -1
- package/dist/layer2/auth-antipatterns.d.ts +2 -0
- package/dist/layer2/auth-antipatterns.d.ts.map +1 -1
- package/dist/layer2/auth-antipatterns.js +205 -20
- package/dist/layer2/auth-antipatterns.js.map +1 -1
- package/dist/layer2/byok-patterns.d.ts +4 -1
- package/dist/layer2/byok-patterns.d.ts.map +1 -1
- package/dist/layer2/byok-patterns.js +2 -2
- package/dist/layer2/byok-patterns.js.map +1 -1
- package/dist/layer2/dangerous-functions/dom-xss.d.ts +9 -4
- package/dist/layer2/dangerous-functions/dom-xss.d.ts.map +1 -1
- package/dist/layer2/dangerous-functions/dom-xss.js +73 -22
- package/dist/layer2/dangerous-functions/dom-xss.js.map +1 -1
- package/dist/layer2/dangerous-functions/index.d.ts +4 -1
- package/dist/layer2/dangerous-functions/index.d.ts.map +1 -1
- package/dist/layer2/dangerous-functions/index.js +551 -20
- package/dist/layer2/dangerous-functions/index.js.map +1 -1
- package/dist/layer2/dangerous-functions/math-random.d.ts +54 -4
- package/dist/layer2/dangerous-functions/math-random.d.ts.map +1 -1
- package/dist/layer2/dangerous-functions/math-random.js +241 -16
- package/dist/layer2/dangerous-functions/math-random.js.map +1 -1
- package/dist/layer2/dangerous-functions/patterns.d.ts.map +1 -1
- package/dist/layer2/dangerous-functions/patterns.js +3 -1
- package/dist/layer2/dangerous-functions/patterns.js.map +1 -1
- package/dist/layer2/dangerous-functions/utils/control-flow.d.ts +3 -2
- package/dist/layer2/dangerous-functions/utils/control-flow.d.ts.map +1 -1
- package/dist/layer2/dangerous-functions/utils/control-flow.js +41 -120
- package/dist/layer2/dangerous-functions/utils/control-flow.js.map +1 -1
- package/dist/layer2/dangerous-functions/utils/helpers.d.ts.map +1 -1
- package/dist/layer2/dangerous-functions/utils/helpers.js +26 -3
- package/dist/layer2/dangerous-functions/utils/helpers.js.map +1 -1
- package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts.map +1 -1
- package/dist/layer2/dangerous-functions/utils/schema-validation.js +14 -1
- package/dist/layer2/dangerous-functions/utils/schema-validation.js.map +1 -1
- package/dist/layer2/data-exposure.d.ts +4 -1
- package/dist/layer2/data-exposure.d.ts.map +1 -1
- package/dist/layer2/data-exposure.js +11 -38
- package/dist/layer2/data-exposure.js.map +1 -1
- package/dist/layer2/framework-checks.d.ts +4 -1
- package/dist/layer2/framework-checks.d.ts.map +1 -1
- package/dist/layer2/framework-checks.js +3 -10
- package/dist/layer2/framework-checks.js.map +1 -1
- package/dist/layer2/index.d.ts +13 -1
- package/dist/layer2/index.d.ts.map +1 -1
- package/dist/layer2/index.js +107 -52
- package/dist/layer2/index.js.map +1 -1
- package/dist/layer2/log-injection.d.ts +18 -0
- package/dist/layer2/log-injection.d.ts.map +1 -0
- package/dist/layer2/log-injection.js +214 -0
- package/dist/layer2/log-injection.js.map +1 -0
- package/dist/layer2/logic-gates.d.ts +4 -1
- package/dist/layer2/logic-gates.d.ts.map +1 -1
- package/dist/layer2/logic-gates.js +54 -20
- package/dist/layer2/logic-gates.js.map +1 -1
- package/dist/layer2/model-supply-chain.d.ts +4 -1
- package/dist/layer2/model-supply-chain.d.ts.map +1 -1
- package/dist/layer2/model-supply-chain.js +72 -4
- package/dist/layer2/model-supply-chain.js.map +1 -1
- package/dist/layer2/risky-imports.d.ts +4 -1
- package/dist/layer2/risky-imports.d.ts.map +1 -1
- package/dist/layer2/risky-imports.js +2 -2
- package/dist/layer2/risky-imports.js.map +1 -1
- package/dist/layer2/security-headers.d.ts +18 -0
- package/dist/layer2/security-headers.d.ts.map +1 -0
- package/dist/layer2/security-headers.js +187 -0
- package/dist/layer2/security-headers.js.map +1 -0
- package/dist/layer2/ssrf-detection.d.ts +18 -0
- package/dist/layer2/ssrf-detection.d.ts.map +1 -0
- package/dist/layer2/ssrf-detection.js +252 -0
- package/dist/layer2/ssrf-detection.js.map +1 -0
- package/dist/layer2/variables.d.ts +4 -1
- package/dist/layer2/variables.d.ts.map +1 -1
- package/dist/layer2/variables.js +2 -2
- package/dist/layer2/variables.js.map +1 -1
- package/dist/layer2/xxe-detection.d.ts +18 -0
- package/dist/layer2/xxe-detection.d.ts.map +1 -0
- package/dist/layer2/xxe-detection.js +242 -0
- package/dist/layer2/xxe-detection.js.map +1 -0
- package/dist/layer3/anthropic/auto-dismiss.d.ts.map +1 -1
- package/dist/layer3/anthropic/auto-dismiss.js +11 -0
- package/dist/layer3/anthropic/auto-dismiss.js.map +1 -1
- package/dist/layer3/anthropic/prompts/index.d.ts +1 -1
- package/dist/layer3/anthropic/prompts/index.d.ts.map +1 -1
- package/dist/layer3/anthropic/prompts/index.js +3 -1
- package/dist/layer3/anthropic/prompts/index.js.map +1 -1
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts +19 -0
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.js +156 -0
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.js.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts +9 -0
- package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/auth-access.js +25 -0
- package/dist/layer3/anthropic/prompts/modules/auth-access.js.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/common.d.ts +11 -0
- package/dist/layer3/anthropic/prompts/modules/common.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/common.js +152 -0
- package/dist/layer3/anthropic/prompts/modules/common.js.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/index.d.ts +54 -0
- package/dist/layer3/anthropic/prompts/modules/index.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/index.js +185 -0
- package/dist/layer3/anthropic/prompts/modules/index.js.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts +8 -0
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.js +84 -0
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.js.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts +8 -0
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js +68 -0
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts +8 -0
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.js +22 -0
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.js.map +1 -0
- package/dist/layer3/anthropic/prompts/validation.d.ts +9 -3
- package/dist/layer3/anthropic/prompts/validation.d.ts.map +1 -1
- package/dist/layer3/anthropic/prompts/validation.js +14 -410
- package/dist/layer3/anthropic/prompts/validation.js.map +1 -1
- package/dist/layer3/anthropic/providers/anthropic.d.ts.map +1 -1
- package/dist/layer3/anthropic/providers/anthropic.js +6 -3
- package/dist/layer3/anthropic/providers/anthropic.js.map +1 -1
- package/dist/layer3/anthropic/providers/openai.d.ts.map +1 -1
- package/dist/layer3/anthropic/providers/openai.js +6 -3
- package/dist/layer3/anthropic/providers/openai.js.map +1 -1
- package/dist/layer3/anthropic/request-builder.d.ts +11 -4
- package/dist/layer3/anthropic/request-builder.d.ts.map +1 -1
- package/dist/layer3/anthropic/request-builder.js +32 -16
- package/dist/layer3/anthropic/request-builder.js.map +1 -1
- package/dist/layer3/anthropic/utils/context-extractor.d.ts +55 -0
- package/dist/layer3/anthropic/utils/context-extractor.d.ts.map +1 -0
- package/dist/layer3/anthropic/utils/context-extractor.js +161 -0
- package/dist/layer3/anthropic/utils/context-extractor.js.map +1 -0
- package/dist/layer3/anthropic/utils/index.d.ts +2 -0
- package/dist/layer3/anthropic/utils/index.d.ts.map +1 -1
- package/dist/layer3/anthropic/utils/index.js +4 -1
- package/dist/layer3/anthropic/utils/index.js.map +1 -1
- package/dist/model/auth-helper-detector.d.ts +56 -0
- package/dist/model/auth-helper-detector.d.ts.map +1 -0
- package/dist/model/auth-helper-detector.js +360 -0
- package/dist/model/auth-helper-detector.js.map +1 -0
- package/dist/model/cross-file-taint.d.ts +40 -0
- package/dist/model/cross-file-taint.d.ts.map +1 -0
- package/dist/model/cross-file-taint.js +290 -0
- package/dist/model/cross-file-taint.js.map +1 -0
- package/dist/model/framework-models/django.d.ts +9 -0
- package/dist/model/framework-models/django.d.ts.map +1 -0
- package/dist/model/framework-models/django.js +82 -0
- package/dist/model/framework-models/django.js.map +1 -0
- package/dist/model/framework-models/express.d.ts +9 -0
- package/dist/model/framework-models/express.d.ts.map +1 -0
- package/dist/model/framework-models/express.js +52 -0
- package/dist/model/framework-models/express.js.map +1 -0
- package/dist/model/framework-models/index.d.ts +20 -0
- package/dist/model/framework-models/index.d.ts.map +1 -0
- package/dist/model/framework-models/index.js +102 -0
- package/dist/model/framework-models/index.js.map +1 -0
- package/dist/model/framework-models/nextjs.d.ts +9 -0
- package/dist/model/framework-models/nextjs.d.ts.map +1 -0
- package/dist/model/framework-models/nextjs.js +71 -0
- package/dist/model/framework-models/nextjs.js.map +1 -0
- package/dist/model/framework-models/prisma.d.ts +10 -0
- package/dist/model/framework-models/prisma.d.ts.map +1 -0
- package/dist/model/framework-models/prisma.js +54 -0
- package/dist/model/framework-models/prisma.js.map +1 -0
- package/dist/model/framework-models/react.d.ts +9 -0
- package/dist/model/framework-models/react.d.ts.map +1 -0
- package/dist/model/framework-models/react.js +67 -0
- package/dist/model/framework-models/react.js.map +1 -0
- package/dist/model/framework-models/sequelize.d.ts +9 -0
- package/dist/model/framework-models/sequelize.d.ts.map +1 -0
- package/dist/model/framework-models/sequelize.js +62 -0
- package/dist/model/framework-models/sequelize.js.map +1 -0
- package/dist/model/framework-models/types.d.ts +43 -0
- package/dist/model/framework-models/types.d.ts.map +1 -0
- package/dist/model/framework-models/types.js +10 -0
- package/dist/model/framework-models/types.js.map +1 -0
- package/dist/model/function-classifier.d.ts +32 -0
- package/dist/model/function-classifier.d.ts.map +1 -0
- package/dist/model/function-classifier.js +143 -0
- package/dist/model/function-classifier.js.map +1 -0
- package/dist/model/import-resolver.d.ts +45 -0
- package/dist/model/import-resolver.d.ts.map +1 -0
- package/dist/model/import-resolver.js +410 -0
- package/dist/model/import-resolver.js.map +1 -0
- package/dist/model/imported-auth-detector.d.ts +38 -0
- package/dist/model/imported-auth-detector.d.ts.map +1 -0
- package/dist/model/imported-auth-detector.js +199 -0
- package/dist/model/imported-auth-detector.js.map +1 -0
- package/dist/model/index.d.ts +63 -0
- package/dist/model/index.d.ts.map +1 -0
- package/dist/model/index.js +272 -0
- package/dist/model/index.js.map +1 -0
- package/dist/model/middleware-detector.d.ts +55 -0
- package/dist/model/middleware-detector.d.ts.map +1 -0
- package/dist/model/middleware-detector.js +382 -0
- package/dist/model/middleware-detector.js.map +1 -0
- package/dist/model/module-graph.d.ts +46 -0
- package/dist/model/module-graph.d.ts.map +1 -0
- package/dist/model/module-graph.js +187 -0
- package/dist/model/module-graph.js.map +1 -0
- package/dist/model/oauth-flow-detector.d.ts +41 -0
- package/dist/model/oauth-flow-detector.d.ts.map +1 -0
- package/dist/model/oauth-flow-detector.js +202 -0
- package/dist/model/oauth-flow-detector.js.map +1 -0
- package/dist/model/project-context.d.ts +119 -0
- package/dist/model/project-context.d.ts.map +1 -0
- package/dist/model/project-context.js +534 -0
- package/dist/model/project-context.js.map +1 -0
- package/dist/model/route-auth-resolver.d.ts +27 -0
- package/dist/model/route-auth-resolver.d.ts.map +1 -0
- package/dist/model/route-auth-resolver.js +182 -0
- package/dist/model/route-auth-resolver.js.map +1 -0
- package/dist/model/route-discovery/express.d.ts +25 -0
- package/dist/model/route-discovery/express.d.ts.map +1 -0
- package/dist/model/route-discovery/express.js +225 -0
- package/dist/model/route-discovery/express.js.map +1 -0
- package/dist/model/route-discovery/index.d.ts +21 -0
- package/dist/model/route-discovery/index.d.ts.map +1 -0
- package/dist/model/route-discovery/index.js +67 -0
- package/dist/model/route-discovery/index.js.map +1 -0
- package/dist/model/route-discovery/nextjs.d.ts +16 -0
- package/dist/model/route-discovery/nextjs.d.ts.map +1 -0
- package/dist/model/route-discovery/nextjs.js +179 -0
- package/dist/model/route-discovery/nextjs.js.map +1 -0
- package/dist/model/route-discovery/python.d.ts +16 -0
- package/dist/model/route-discovery/python.d.ts.map +1 -0
- package/dist/model/route-discovery/python.js +181 -0
- package/dist/model/route-discovery/python.js.map +1 -0
- package/dist/model/route-discovery/types.d.ts +36 -0
- package/dist/model/route-discovery/types.d.ts.map +1 -0
- package/dist/model/route-discovery/types.js +16 -0
- package/dist/model/route-discovery/types.js.map +1 -0
- package/dist/model/route-discovery/utils.d.ts +18 -0
- package/dist/model/route-discovery/utils.d.ts.map +1 -0
- package/dist/model/route-discovery/utils.js +55 -0
- package/dist/model/route-discovery/utils.js.map +1 -0
- package/dist/model/route-hierarchy.d.ts +50 -0
- package/dist/model/route-hierarchy.d.ts.map +1 -0
- package/dist/model/route-hierarchy.js +226 -0
- package/dist/model/route-hierarchy.js.map +1 -0
- package/dist/model/sanitiser-detection.d.ts +27 -0
- package/dist/model/sanitiser-detection.d.ts.map +1 -0
- package/dist/model/sanitiser-detection.js +224 -0
- package/dist/model/sanitiser-detection.js.map +1 -0
- package/dist/model/sink-matcher.d.ts +17 -0
- package/dist/model/sink-matcher.d.ts.map +1 -0
- package/dist/model/sink-matcher.js +141 -0
- package/dist/model/sink-matcher.js.map +1 -0
- package/dist/model/sink-patterns.d.ts +19 -0
- package/dist/model/sink-patterns.d.ts.map +1 -0
- package/dist/model/sink-patterns.js +88 -0
- package/dist/model/sink-patterns.js.map +1 -0
- package/dist/model/source-discovery.d.ts +15 -0
- package/dist/model/source-discovery.d.ts.map +1 -0
- package/dist/model/source-discovery.js +170 -0
- package/dist/model/source-discovery.js.map +1 -0
- package/dist/model/taint-tracker.d.ts +21 -0
- package/dist/model/taint-tracker.d.ts.map +1 -0
- package/dist/model/taint-tracker.js +281 -0
- package/dist/model/taint-tracker.js.map +1 -0
- package/dist/model/taint-types.d.ts +74 -0
- package/dist/model/taint-types.d.ts.map +1 -0
- package/dist/model/taint-types.js +9 -0
- package/dist/model/taint-types.js.map +1 -0
- package/dist/model/trpc-analyzer.d.ts +78 -0
- package/dist/model/trpc-analyzer.d.ts.map +1 -0
- package/dist/model/trpc-analyzer.js +297 -0
- package/dist/model/trpc-analyzer.js.map +1 -0
- package/dist/modes/incremental.js +1 -1
- package/dist/parse/file-classifier.d.ts +228 -0
- package/dist/parse/file-classifier.d.ts.map +1 -0
- package/dist/parse/file-classifier.js +933 -0
- package/dist/parse/file-classifier.js.map +1 -0
- package/dist/parse/path-exclusions.d.ts +55 -0
- package/dist/parse/path-exclusions.d.ts.map +1 -0
- package/dist/parse/path-exclusions.js +224 -0
- package/dist/parse/path-exclusions.js.map +1 -0
- package/dist/pipeline/config.d.ts +39 -0
- package/dist/pipeline/config.d.ts.map +1 -0
- package/dist/pipeline/config.js +46 -0
- package/dist/pipeline/config.js.map +1 -0
- package/dist/pipeline/index.d.ts +34 -0
- package/dist/pipeline/index.d.ts.map +1 -0
- package/dist/pipeline/index.js +377 -0
- package/dist/pipeline/index.js.map +1 -0
- package/dist/pipeline/modes/incremental.d.ts +66 -0
- package/dist/pipeline/modes/incremental.d.ts.map +1 -0
- package/dist/pipeline/modes/incremental.js +200 -0
- package/dist/pipeline/modes/incremental.js.map +1 -0
- package/dist/postprocess/aggregation.d.ts +14 -0
- package/dist/postprocess/aggregation.d.ts.map +1 -0
- package/dist/postprocess/aggregation.js +63 -0
- package/dist/postprocess/aggregation.js.map +1 -0
- package/dist/postprocess/contradictions.d.ts +18 -0
- package/dist/postprocess/contradictions.d.ts.map +1 -0
- package/dist/postprocess/contradictions.js +99 -0
- package/dist/postprocess/contradictions.js.map +1 -0
- package/dist/postprocess/dedup.d.ts +13 -0
- package/dist/postprocess/dedup.d.ts.map +1 -0
- package/dist/postprocess/dedup.js +58 -0
- package/dist/postprocess/dedup.js.map +1 -0
- package/dist/postprocess/filtering/context-adjustments.d.ts +23 -0
- package/dist/postprocess/filtering/context-adjustments.d.ts.map +1 -0
- package/dist/postprocess/filtering/context-adjustments.js +100 -0
- package/dist/postprocess/filtering/context-adjustments.js.map +1 -0
- package/dist/postprocess/filtering/index.d.ts +3 -0
- package/dist/postprocess/filtering/index.d.ts.map +1 -0
- package/dist/postprocess/filtering/index.js +8 -0
- package/dist/postprocess/filtering/index.js.map +1 -0
- package/dist/postprocess/filtering/pipeline.d.ts +48 -0
- package/dist/postprocess/filtering/pipeline.d.ts.map +1 -0
- package/dist/postprocess/filtering/pipeline.js +76 -0
- package/dist/postprocess/filtering/pipeline.js.map +1 -0
- package/dist/postprocess/index.d.ts +41 -0
- package/dist/postprocess/index.d.ts.map +1 -0
- package/dist/postprocess/index.js +85 -0
- package/dist/postprocess/index.js.map +1 -0
- package/dist/postprocess/suppression/config-loader.d.ts +74 -0
- package/dist/postprocess/suppression/config-loader.d.ts.map +1 -0
- package/dist/postprocess/suppression/config-loader.js +424 -0
- package/dist/postprocess/suppression/config-loader.js.map +1 -0
- package/dist/postprocess/suppression/hash.d.ts +48 -0
- package/dist/postprocess/suppression/hash.d.ts.map +1 -0
- package/dist/postprocess/suppression/hash.js +88 -0
- package/dist/postprocess/suppression/hash.js.map +1 -0
- package/dist/postprocess/suppression/index.d.ts +11 -0
- package/dist/postprocess/suppression/index.d.ts.map +1 -0
- package/dist/postprocess/suppression/index.js +39 -0
- package/dist/postprocess/suppression/index.js.map +1 -0
- package/dist/postprocess/suppression/inline-parser.d.ts +39 -0
- package/dist/postprocess/suppression/inline-parser.d.ts.map +1 -0
- package/dist/postprocess/suppression/inline-parser.js +218 -0
- package/dist/postprocess/suppression/inline-parser.js.map +1 -0
- package/dist/postprocess/suppression/manager.d.ts +94 -0
- package/dist/postprocess/suppression/manager.d.ts.map +1 -0
- package/dist/postprocess/suppression/manager.js +292 -0
- package/dist/postprocess/suppression/manager.js.map +1 -0
- package/dist/postprocess/suppression/types.d.ts +151 -0
- package/dist/postprocess/suppression/types.d.ts.map +1 -0
- package/dist/postprocess/suppression/types.js +28 -0
- package/dist/postprocess/suppression/types.js.map +1 -0
- package/dist/postprocess/validation-cap.d.ts +17 -0
- package/dist/postprocess/validation-cap.d.ts.map +1 -0
- package/dist/postprocess/validation-cap.js +64 -0
- package/dist/postprocess/validation-cap.js.map +1 -0
- package/dist/report/build-result.d.ts +33 -0
- package/dist/report/build-result.d.ts.map +1 -0
- package/dist/report/build-result.js +59 -0
- package/dist/report/build-result.js.map +1 -0
- package/dist/report/enrichment.d.ts +19 -0
- package/dist/report/enrichment.d.ts.map +1 -0
- package/dist/report/enrichment.js +44 -0
- package/dist/report/enrichment.js.map +1 -0
- package/dist/report/formatters/ai-context.d.ts +23 -0
- package/dist/report/formatters/ai-context.d.ts.map +1 -0
- package/dist/report/formatters/ai-context.js +238 -0
- package/dist/report/formatters/ai-context.js.map +1 -0
- package/dist/report/formatters/cli-terminal.d.ts +65 -0
- package/dist/report/formatters/cli-terminal.d.ts.map +1 -0
- package/dist/report/formatters/cli-terminal.js +735 -0
- package/dist/report/formatters/cli-terminal.js.map +1 -0
- package/dist/report/formatters/github-comment.d.ts +41 -0
- package/dist/report/formatters/github-comment.d.ts.map +1 -0
- package/dist/report/formatters/github-comment.js +370 -0
- package/dist/report/formatters/github-comment.js.map +1 -0
- package/dist/report/formatters/grouping.d.ts +52 -0
- package/dist/report/formatters/grouping.d.ts.map +1 -0
- package/dist/report/formatters/grouping.js +152 -0
- package/dist/report/formatters/grouping.js.map +1 -0
- package/dist/report/formatters/ide/claude-code.d.ts +17 -0
- package/dist/report/formatters/ide/claude-code.d.ts.map +1 -0
- package/dist/report/formatters/ide/claude-code.js +94 -0
- package/dist/report/formatters/ide/claude-code.js.map +1 -0
- package/dist/report/formatters/ide/cursor.d.ts +13 -0
- package/dist/report/formatters/ide/cursor.d.ts.map +1 -0
- package/dist/report/formatters/ide/cursor.js +125 -0
- package/dist/report/formatters/ide/cursor.js.map +1 -0
- package/dist/report/formatters/ide/index.d.ts +62 -0
- package/dist/report/formatters/ide/index.d.ts.map +1 -0
- package/dist/report/formatters/ide/index.js +184 -0
- package/dist/report/formatters/ide/index.js.map +1 -0
- package/dist/report/formatters/ide/windsurf.d.ts +13 -0
- package/dist/report/formatters/ide/windsurf.d.ts.map +1 -0
- package/dist/report/formatters/ide/windsurf.js +117 -0
- package/dist/report/formatters/ide/windsurf.js.map +1 -0
- package/dist/report/formatters/index.d.ts +11 -0
- package/dist/report/formatters/index.d.ts.map +1 -0
- package/dist/report/formatters/index.js +54 -0
- package/dist/report/formatters/index.js.map +1 -0
- package/dist/report/formatters/vscode-diagnostic.d.ts +103 -0
- package/dist/report/formatters/vscode-diagnostic.d.ts.map +1 -0
- package/dist/report/formatters/vscode-diagnostic.js +151 -0
- package/dist/report/formatters/vscode-diagnostic.js.map +1 -0
- package/dist/report/summary.d.ts +27 -0
- package/dist/report/summary.d.ts.map +1 -0
- package/dist/report/summary.js +57 -0
- package/dist/report/summary.js.map +1 -0
- package/dist/rules/metadata.d.ts.map +1 -1
- package/dist/rules/metadata.js +66 -0
- package/dist/rules/metadata.js.map +1 -1
- package/dist/score/adjustments.d.ts +22 -0
- package/dist/score/adjustments.d.ts.map +1 -0
- package/dist/score/adjustments.js +373 -0
- package/dist/score/adjustments.js.map +1 -0
- package/dist/score/auto-dismiss.d.ts +28 -0
- package/dist/score/auto-dismiss.d.ts.map +1 -0
- package/dist/score/auto-dismiss.js +200 -0
- package/dist/score/auto-dismiss.js.map +1 -0
- package/dist/score/confidence.d.ts +19 -0
- package/dist/score/confidence.d.ts.map +1 -0
- package/dist/score/confidence.js +52 -0
- package/dist/score/confidence.js.map +1 -0
- package/dist/score/index.d.ts +61 -0
- package/dist/score/index.d.ts.map +1 -0
- package/dist/score/index.js +250 -0
- package/dist/score/index.js.map +1 -0
- package/dist/score/types.d.ts +160 -0
- package/dist/score/types.d.ts.map +1 -0
- package/dist/score/types.js +14 -0
- package/dist/score/types.js.map +1 -0
- package/dist/shared/ai-context/index.d.ts +6 -0
- package/dist/shared/ai-context/index.d.ts.map +1 -0
- package/dist/shared/ai-context/index.js +13 -0
- package/dist/shared/ai-context/index.js.map +1 -0
- package/dist/shared/ai-context/manager.d.ts +67 -0
- package/dist/shared/ai-context/manager.d.ts.map +1 -0
- package/dist/shared/ai-context/manager.js +104 -0
- package/dist/shared/ai-context/manager.js.map +1 -0
- package/dist/shared/baseline/diff.d.ts +32 -0
- package/dist/shared/baseline/diff.d.ts.map +1 -0
- package/dist/shared/baseline/diff.js +119 -0
- package/dist/shared/baseline/diff.js.map +1 -0
- package/dist/shared/baseline/index.d.ts +9 -0
- package/dist/shared/baseline/index.d.ts.map +1 -0
- package/dist/shared/baseline/index.js +19 -0
- package/dist/shared/baseline/index.js.map +1 -0
- package/dist/shared/baseline/manager.d.ts +67 -0
- package/dist/shared/baseline/manager.d.ts.map +1 -0
- package/dist/shared/baseline/manager.js +180 -0
- package/dist/shared/baseline/manager.js.map +1 -0
- package/dist/shared/baseline/types.d.ts +91 -0
- package/dist/shared/baseline/types.d.ts.map +1 -0
- package/dist/shared/baseline/types.js +12 -0
- package/dist/shared/baseline/types.js.map +1 -0
- package/dist/shared/category-filter.d.ts +125 -0
- package/dist/shared/category-filter.d.ts.map +1 -0
- package/dist/shared/category-filter.js +360 -0
- package/dist/shared/category-filter.js.map +1 -0
- package/dist/shared/code-analysis.d.ts +39 -0
- package/dist/shared/code-analysis.d.ts.map +1 -0
- package/dist/shared/code-analysis.js +159 -0
- package/dist/shared/code-analysis.js.map +1 -0
- package/dist/shared/comment-analyzer.d.ts +38 -0
- package/dist/shared/comment-analyzer.d.ts.map +1 -0
- package/dist/shared/comment-analyzer.js +218 -0
- package/dist/shared/comment-analyzer.js.map +1 -0
- package/dist/shared/diff-detector.d.ts +53 -0
- package/dist/shared/diff-detector.d.ts.map +1 -0
- package/dist/shared/diff-detector.js +104 -0
- package/dist/shared/diff-detector.js.map +1 -0
- package/dist/shared/diff-parser.d.ts +80 -0
- package/dist/shared/diff-parser.d.ts.map +1 -0
- package/dist/shared/diff-parser.js +202 -0
- package/dist/shared/diff-parser.js.map +1 -0
- package/dist/shared/environment-context.d.ts +76 -0
- package/dist/shared/environment-context.d.ts.map +1 -0
- package/dist/shared/environment-context.js +271 -0
- package/dist/shared/environment-context.js.map +1 -0
- package/dist/shared/intent-detector.d.ts +66 -0
- package/dist/shared/intent-detector.d.ts.map +1 -0
- package/dist/shared/intent-detector.js +282 -0
- package/dist/shared/intent-detector.js.map +1 -0
- package/dist/shared/parsed-file.d.ts +51 -0
- package/dist/shared/parsed-file.d.ts.map +1 -0
- package/dist/shared/parsed-file.js +95 -0
- package/dist/shared/parsed-file.js.map +1 -0
- package/dist/shared/registry-clients.d.ts +93 -0
- package/dist/shared/registry-clients.d.ts.map +1 -0
- package/dist/shared/registry-clients.js +273 -0
- package/dist/shared/registry-clients.js.map +1 -0
- package/dist/shared/rules/framework-fixes.d.ts +48 -0
- package/dist/shared/rules/framework-fixes.d.ts.map +1 -0
- package/dist/shared/rules/framework-fixes.js +439 -0
- package/dist/shared/rules/framework-fixes.js.map +1 -0
- package/dist/shared/rules/index.d.ts +8 -0
- package/dist/shared/rules/index.d.ts.map +1 -0
- package/dist/shared/rules/index.js +18 -0
- package/dist/shared/rules/index.js.map +1 -0
- package/dist/shared/rules/metadata.d.ts +43 -0
- package/dist/shared/rules/metadata.d.ts.map +1 -0
- package/dist/shared/rules/metadata.js +819 -0
- package/dist/shared/rules/metadata.js.map +1 -0
- package/dist/shared/schema-semantics.d.ts +45 -0
- package/dist/shared/schema-semantics.d.ts.map +1 -0
- package/dist/shared/schema-semantics.js +193 -0
- package/dist/shared/schema-semantics.js.map +1 -0
- package/dist/shared/types.d.ts +337 -0
- package/dist/shared/types.d.ts.map +1 -0
- package/dist/shared/types.js +126 -0
- package/dist/shared/types.js.map +1 -0
- package/dist/tiers.d.ts +4 -4
- package/dist/tiers.d.ts.map +1 -1
- package/dist/tiers.js +17 -7
- package/dist/tiers.js.map +1 -1
- package/dist/types.d.ts +79 -9
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +34 -0
- package/dist/types.js.map +1 -1
- package/dist/utils/code-analysis.d.ts +39 -0
- package/dist/utils/code-analysis.d.ts.map +1 -0
- package/dist/utils/code-analysis.js +159 -0
- package/dist/utils/code-analysis.js.map +1 -0
- package/dist/utils/comment-analyzer.d.ts +38 -0
- package/dist/utils/comment-analyzer.d.ts.map +1 -0
- package/dist/utils/comment-analyzer.js +218 -0
- package/dist/utils/comment-analyzer.js.map +1 -0
- package/dist/utils/context-helpers.d.ts +108 -1
- package/dist/utils/context-helpers.d.ts.map +1 -1
- package/dist/utils/context-helpers.js +351 -2
- package/dist/utils/context-helpers.js.map +1 -1
- package/dist/utils/environment-context.d.ts +76 -0
- package/dist/utils/environment-context.d.ts.map +1 -0
- package/dist/utils/environment-context.js +271 -0
- package/dist/utils/environment-context.js.map +1 -0
- package/dist/utils/intent-detector.d.ts +66 -0
- package/dist/utils/intent-detector.d.ts.map +1 -0
- package/dist/utils/intent-detector.js +282 -0
- package/dist/utils/intent-detector.js.map +1 -0
- package/dist/utils/parsed-file.d.ts +51 -0
- package/dist/utils/parsed-file.d.ts.map +1 -0
- package/dist/utils/parsed-file.js +95 -0
- package/dist/utils/parsed-file.js.map +1 -0
- package/dist/utils/route-hierarchy.d.ts +50 -0
- package/dist/utils/route-hierarchy.d.ts.map +1 -0
- package/dist/utils/route-hierarchy.js +226 -0
- package/dist/utils/route-hierarchy.js.map +1 -0
- package/dist/utils/schema-semantics.d.ts +45 -0
- package/dist/utils/schema-semantics.d.ts.map +1 -0
- package/dist/utils/schema-semantics.js +193 -0
- package/dist/utils/schema-semantics.js.map +1 -0
- package/dist/validate/clients.d.ts +44 -0
- package/dist/validate/clients.d.ts.map +1 -0
- package/dist/validate/clients.js +81 -0
- package/dist/validate/clients.js.map +1 -0
- package/dist/validate/index.d.ts +41 -0
- package/dist/validate/index.d.ts.map +1 -0
- package/dist/validate/index.js +141 -0
- package/dist/validate/index.js.map +1 -0
- package/dist/validate/prompts/index.d.ts +8 -0
- package/dist/validate/prompts/index.d.ts.map +1 -0
- package/dist/validate/prompts/index.js +16 -0
- package/dist/validate/prompts/index.js.map +1 -0
- package/dist/validate/prompts/modules/ai-patterns.d.ts +19 -0
- package/dist/validate/prompts/modules/ai-patterns.d.ts.map +1 -0
- package/dist/validate/prompts/modules/ai-patterns.js +156 -0
- package/dist/validate/prompts/modules/ai-patterns.js.map +1 -0
- package/dist/validate/prompts/modules/auth-access.d.ts +9 -0
- package/dist/validate/prompts/modules/auth-access.d.ts.map +1 -0
- package/dist/validate/prompts/modules/auth-access.js +25 -0
- package/dist/validate/prompts/modules/auth-access.js.map +1 -0
- package/dist/validate/prompts/modules/common.d.ts +11 -0
- package/dist/validate/prompts/modules/common.d.ts.map +1 -0
- package/dist/validate/prompts/modules/common.js +186 -0
- package/dist/validate/prompts/modules/common.js.map +1 -0
- package/dist/validate/prompts/modules/index.d.ts +54 -0
- package/dist/validate/prompts/modules/index.d.ts.map +1 -0
- package/dist/validate/prompts/modules/index.js +186 -0
- package/dist/validate/prompts/modules/index.js.map +1 -0
- package/dist/validate/prompts/modules/owasp-classic.d.ts +8 -0
- package/dist/validate/prompts/modules/owasp-classic.d.ts.map +1 -0
- package/dist/validate/prompts/modules/owasp-classic.js +84 -0
- package/dist/validate/prompts/modules/owasp-classic.js.map +1 -0
- package/dist/validate/prompts/modules/secrets-crypto.d.ts +8 -0
- package/dist/validate/prompts/modules/secrets-crypto.d.ts.map +1 -0
- package/dist/validate/prompts/modules/secrets-crypto.js +68 -0
- package/dist/validate/prompts/modules/secrets-crypto.js.map +1 -0
- package/dist/validate/prompts/modules/xss-prompt.d.ts +8 -0
- package/dist/validate/prompts/modules/xss-prompt.d.ts.map +1 -0
- package/dist/validate/prompts/modules/xss-prompt.js +22 -0
- package/dist/validate/prompts/modules/xss-prompt.js.map +1 -0
- package/dist/validate/prompts/semantic-analysis.d.ts +15 -0
- package/dist/validate/prompts/semantic-analysis.d.ts.map +1 -0
- package/dist/validate/prompts/semantic-analysis.js +169 -0
- package/dist/validate/prompts/semantic-analysis.js.map +1 -0
- package/dist/validate/prompts/validation.d.ts +18 -0
- package/dist/validate/prompts/validation.d.ts.map +1 -0
- package/dist/validate/prompts/validation.js +25 -0
- package/dist/validate/prompts/validation.js.map +1 -0
- package/dist/validate/providers/anthropic.d.ts +17 -0
- package/dist/validate/providers/anthropic.d.ts.map +1 -0
- package/dist/validate/providers/anthropic.js +260 -0
- package/dist/validate/providers/anthropic.js.map +1 -0
- package/dist/validate/providers/index.d.ts +8 -0
- package/dist/validate/providers/index.d.ts.map +1 -0
- package/dist/validate/providers/index.js +13 -0
- package/dist/validate/providers/index.js.map +1 -0
- package/dist/validate/providers/openai.d.ts +14 -0
- package/dist/validate/providers/openai.d.ts.map +1 -0
- package/dist/validate/providers/openai.js +336 -0
- package/dist/validate/providers/openai.js.map +1 -0
- package/dist/validate/request-builder.d.ts +61 -0
- package/dist/validate/request-builder.d.ts.map +1 -0
- package/dist/validate/request-builder.js +346 -0
- package/dist/validate/request-builder.js.map +1 -0
- package/dist/validate/types.d.ts +88 -0
- package/dist/validate/types.d.ts.map +1 -0
- package/dist/validate/types.js +38 -0
- package/dist/validate/types.js.map +1 -0
- package/dist/validate/utils/context-extractor.d.ts +55 -0
- package/dist/validate/utils/context-extractor.d.ts.map +1 -0
- package/dist/validate/utils/context-extractor.js +161 -0
- package/dist/validate/utils/context-extractor.js.map +1 -0
- package/dist/validate/utils/index.d.ts +11 -0
- package/dist/validate/utils/index.d.ts.map +1 -0
- package/dist/validate/utils/index.js +27 -0
- package/dist/validate/utils/index.js.map +1 -0
- package/dist/validate/utils/path-helpers.d.ts +21 -0
- package/dist/validate/utils/path-helpers.d.ts.map +1 -0
- package/dist/validate/utils/path-helpers.js +69 -0
- package/dist/validate/utils/path-helpers.js.map +1 -0
- package/dist/validate/utils/response-parser.d.ts +40 -0
- package/dist/validate/utils/response-parser.d.ts.map +1 -0
- package/dist/validate/utils/response-parser.js +286 -0
- package/dist/validate/utils/response-parser.js.map +1 -0
- package/dist/validate/utils/retry.d.ts +15 -0
- package/dist/validate/utils/retry.d.ts.map +1 -0
- package/dist/validate/utils/retry.js +62 -0
- package/dist/validate/utils/retry.js.map +1 -0
- package/package.json +8 -7
- package/src/__tests__/benchmark/fixtures/layer1/agent-skill-injection.ts +204 -0
- package/src/__tests__/benchmark/fixtures/layer1/index.ts +3 -0
- package/src/__tests__/benchmark/fixtures/layer2/index.ts +27 -0
- package/src/__tests__/benchmark/fixtures/layer2/log-injection.ts +147 -0
- package/src/__tests__/benchmark/fixtures/layer2/phase5-excessive-agency.ts +580 -0
- package/src/__tests__/benchmark/fixtures/layer2/security-headers.ts +197 -0
- package/src/__tests__/benchmark/fixtures/layer2/sprint6-ai-enhancements.ts +515 -0
- package/src/__tests__/benchmark/fixtures/layer2/ssrf-detection.ts +210 -0
- package/src/__tests__/benchmark/fixtures/layer2/xxe-detection.ts +195 -0
- package/src/__tests__/benchmark/run-depth-validation.ts +12 -12
- package/src/__tests__/benchmark/run-real-world-test.ts +4 -4
- package/src/__tests__/benchmark/types.ts +1 -1
- package/src/__tests__/benchmark/utils/test-runner.ts +3 -3
- package/src/__tests__/category-filter.test.ts +478 -0
- package/src/__tests__/context-engine/cross-file-taint.test.ts +284 -0
- package/src/__tests__/context-engine/framework-models.test.ts +457 -0
- package/src/__tests__/context-engine/function-classifier.test.ts +146 -0
- package/src/__tests__/context-engine/import-resolver.test.ts +328 -0
- package/src/__tests__/context-engine/integration.test.ts +320 -0
- package/src/__tests__/context-engine/module-graph.test.ts +159 -0
- package/src/__tests__/context-engine/route-discovery/auth-resolver.test.ts +353 -0
- package/src/__tests__/context-engine/route-discovery/express.test.ts +150 -0
- package/src/__tests__/context-engine/route-discovery/nextjs.test.ts +138 -0
- package/src/__tests__/context-engine/route-discovery/python.test.ts +95 -0
- package/src/__tests__/context-engine/sanitiser-detection.test.ts +187 -0
- package/src/__tests__/context-engine/sink-matcher.test.ts +251 -0
- package/src/__tests__/context-engine/source-discovery.test.ts +186 -0
- package/src/__tests__/context-engine/taint-tracker.test.ts +182 -0
- package/src/__tests__/regression/agent-skill-benign.test.ts +174 -0
- package/src/__tests__/regression/known-false-positives.test.ts +801 -3
- package/src/__tests__/score/adjustments.test.ts +385 -0
- package/src/__tests__/score/confidence.test.ts +283 -0
- package/src/__tests__/score/framework-scoring.test.ts +275 -0
- package/src/__tests__/score/route-scoring.test.ts +156 -0
- package/src/__tests__/score/scoring-integration.test.ts +165 -0
- package/src/__tests__/score/taint-adjustments.test.ts +244 -0
- package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +50 -58
- package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +52 -0
- package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +3 -12
- package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +3 -3
- package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +1 -1
- package/src/__tests__/snapshots/scan-depth.test.ts +3 -3
- package/src/__tests__/validate/route-annotations.test.ts +138 -0
- package/src/__tests__/validation/analyze-results.ts +1 -1
- package/src/__tests__/validation/extract-for-triage.ts +1 -1
- package/src/__tests__/validation/fp-deep-analysis.ts +1 -1
- package/src/__tests__/validation/run-validation.ts +7 -7
- package/src/{layer2/ai-agent-tools.ts → detect/ai-code/agent-tools.ts} +729 -4
- package/src/{layer2 → detect/ai-code}/byok-patterns.ts +20 -6
- package/src/{layer2/ai-endpoint-protection.ts → detect/ai-code/endpoint-protection.ts} +10 -4
- package/src/{layer2/ai-execution-sinks.ts → detect/ai-code/execution-sinks.ts} +272 -46
- package/src/{layer2/ai-fingerprinting.ts → detect/ai-code/fingerprinting.ts} +46 -34
- package/src/detect/ai-code/index.ts +11 -0
- package/src/{layer2/ai-mcp-security.ts → detect/ai-code/mcp-security.ts} +212 -5
- package/src/{layer2 → detect/ai-code}/model-supply-chain.ts +85 -6
- package/src/{layer2/ai-package-hallucination.ts → detect/ai-code/package-hallucination.ts} +170 -6
- package/src/{layer2/ai-prompt-hygiene.ts → detect/ai-code/prompt-hygiene.ts} +393 -28
- package/src/{layer2/ai-rag-safety.ts → detect/ai-code/rag-safety.ts} +91 -4
- package/src/{layer2/ai-schema-validation.ts → detect/ai-code/schema-validation.ts} +10 -4
- package/src/detect/config/agent-skill-injection.ts +551 -0
- package/src/{layer1 → detect/config}/comments.ts +8 -2
- package/src/{layer1 → detect/config}/file-flags.ts +23 -6
- package/src/detect/config/index.ts +6 -0
- package/src/{layer3 → detect/config}/osv-check.ts +3 -2
- package/src/{layer3 → detect/config}/package-check.ts +3 -2
- package/src/{layer1 → detect/config}/urls.ts +196 -15
- package/src/detect/index.ts +131 -0
- package/src/{layer1 → detect/secrets}/config-audit.ts +56 -12
- package/src/{layer1 → detect/secrets}/config-mcp-audit.ts +11 -4
- package/src/{layer1 → detect/secrets}/entropy.ts +256 -11
- package/src/{layer1 → detect/secrets}/index.ts +43 -46
- package/src/{layer1 → detect/secrets}/patterns.ts +51 -6
- package/src/{layer1 → detect/secrets}/weak-crypto.ts +174 -17
- package/src/{layer2/auth-antipatterns.ts → detect/structural/auth-patterns.ts} +249 -27
- package/src/{layer2 → detect/structural}/dangerous-functions/dom-xss.ts +94 -22
- package/src/{layer2 → detect/structural}/dangerous-functions/index.ts +672 -65
- package/src/{layer2 → detect/structural}/dangerous-functions/json-parse.ts +10 -2
- package/src/{layer2 → detect/structural}/dangerous-functions/math-random.ts +269 -17
- package/src/{layer2 → detect/structural}/dangerous-functions/patterns.ts +4 -2
- package/src/{layer2 → detect/structural}/dangerous-functions/request-validation.ts +10 -2
- package/src/detect/structural/dangerous-functions/utils/control-flow.ts +35 -0
- package/src/{layer2 → detect/structural}/dangerous-functions/utils/schema-validation.ts +16 -1
- package/src/{layer2 → detect/structural}/data-exposure.ts +23 -40
- package/src/{layer2 → detect/structural}/framework-checks.ts +13 -12
- package/src/{layer2 → detect/structural}/index.ts +144 -122
- package/src/detect/structural/log-injection.ts +254 -0
- package/src/{layer2 → detect/structural}/logic-gates.ts +69 -24
- package/src/{layer2 → detect/structural}/risky-imports.ts +10 -4
- package/src/detect/structural/security-headers.ts +231 -0
- package/src/detect/structural/ssrf-detection.ts +300 -0
- package/src/{layer2 → detect/structural}/variables.ts +10 -4
- package/src/detect/structural/xxe-detection.ts +295 -0
- package/src/index.ts +64 -1038
- package/src/{utils → model}/auth-helper-detector.ts +1 -1
- package/src/model/cross-file-taint.ts +374 -0
- package/src/model/framework-models/django.ts +82 -0
- package/src/model/framework-models/express.ts +54 -0
- package/src/model/framework-models/index.ts +116 -0
- package/src/model/framework-models/nextjs.ts +69 -0
- package/src/model/framework-models/prisma.ts +57 -0
- package/src/model/framework-models/react.ts +63 -0
- package/src/model/framework-models/sequelize.ts +63 -0
- package/src/model/framework-models/types.ts +46 -0
- package/src/model/function-classifier.ts +184 -0
- package/src/model/import-resolver.ts +453 -0
- package/src/{utils → model}/imported-auth-detector.ts +21 -85
- package/src/model/index.ts +353 -0
- package/src/{utils → model}/middleware-detector.ts +156 -17
- package/src/model/module-graph.ts +254 -0
- package/src/{utils → model}/oauth-flow-detector.ts +1 -1
- package/src/{utils/project-context-builder.ts → model/project-context.ts} +1 -1
- package/src/model/route-auth-resolver.ts +216 -0
- package/src/model/route-discovery/express.ts +251 -0
- package/src/model/route-discovery/index.ts +83 -0
- package/src/model/route-discovery/nextjs.ts +216 -0
- package/src/model/route-discovery/python.ts +214 -0
- package/src/model/route-discovery/types.ts +48 -0
- package/src/model/route-discovery/utils.ts +54 -0
- package/src/model/route-hierarchy.ts +250 -0
- package/src/model/sanitiser-detection.ts +268 -0
- package/src/model/sink-matcher.ts +178 -0
- package/src/model/sink-patterns.ts +109 -0
- package/src/model/source-discovery.ts +209 -0
- package/src/model/taint-tracker.ts +333 -0
- package/src/model/taint-types.ts +149 -0
- package/src/{utils → model}/trpc-analyzer.ts +1 -1
- package/src/{utils/context-helpers.ts → parse/file-classifier.ts} +462 -2
- package/src/{utils → parse}/path-exclusions.ts +1 -1
- package/src/pipeline/config.ts +81 -0
- package/src/pipeline/index.ts +437 -0
- package/src/{modes → pipeline/modes}/incremental.ts +6 -6
- package/src/postprocess/aggregation.ts +74 -0
- package/src/postprocess/contradictions.ts +128 -0
- package/src/postprocess/dedup.ts +62 -0
- package/src/postprocess/filtering/__tests__/pipeline.test.ts +134 -0
- package/src/postprocess/filtering/context-adjustments.ts +111 -0
- package/src/postprocess/filtering/index.ts +10 -0
- package/src/postprocess/filtering/pipeline.ts +130 -0
- package/src/postprocess/index.ts +118 -0
- package/src/{suppression → postprocess/suppression}/config-loader.ts +1 -1
- package/src/{suppression → postprocess/suppression}/hash.ts +1 -1
- package/src/{suppression → postprocess/suppression}/inline-parser.ts +1 -1
- package/src/{suppression → postprocess/suppression}/manager.ts +1 -1
- package/src/{suppression → postprocess/suppression}/types.ts +2 -2
- package/src/postprocess/validation-cap.ts +66 -0
- package/src/report/build-result.ts +94 -0
- package/src/report/enrichment.ts +52 -0
- package/src/report/formatters/__tests__/ai-context.test.ts +254 -0
- package/src/report/formatters/ai-context.ts +302 -0
- package/src/{formatters → report/formatters}/cli-terminal.ts +11 -11
- package/src/{formatters → report/formatters}/github-comment.ts +4 -4
- package/src/{formatters → report/formatters}/grouping.ts +8 -8
- package/src/report/formatters/ide/__tests__/ide.test.ts +319 -0
- package/src/report/formatters/ide/claude-code.ts +110 -0
- package/src/report/formatters/ide/cursor.ts +147 -0
- package/src/report/formatters/ide/index.ts +216 -0
- package/src/report/formatters/ide/windsurf.ts +135 -0
- package/src/{formatters → report/formatters}/index.ts +24 -0
- package/src/{formatters → report/formatters}/vscode-diagnostic.ts +1 -1
- package/src/report/summary.ts +70 -0
- package/src/score/adjustments.ts +387 -0
- package/src/{layer3/anthropic → score}/auto-dismiss.ts +26 -14
- package/src/score/confidence.ts +66 -0
- package/src/score/index.ts +316 -0
- package/src/score/types.ts +187 -0
- package/src/shared/__tests__/code-analysis.test.ts +165 -0
- package/src/shared/__tests__/parsed-file.test.ts +124 -0
- package/src/shared/ai-context/__tests__/manager.test.ts +193 -0
- package/src/shared/ai-context/index.ts +15 -0
- package/src/shared/ai-context/manager.ts +145 -0
- package/src/{baseline → shared/baseline}/__tests__/diff.test.ts +2 -2
- package/src/{baseline → shared/baseline}/__tests__/manager.test.ts +2 -2
- package/src/{baseline → shared/baseline}/diff.ts +1 -1
- package/src/{baseline → shared/baseline}/manager.ts +1 -1
- package/src/shared/category-filter.ts +400 -0
- package/src/{layer2/dangerous-functions/utils/control-flow.ts → shared/code-analysis.ts} +56 -39
- package/src/shared/comment-analyzer.ts +249 -0
- package/src/shared/environment-context.ts +304 -0
- package/src/shared/intent-detector.ts +318 -0
- package/src/shared/parsed-file.ts +103 -0
- package/src/{rules → shared/rules}/__tests__/metadata.test.ts +7 -0
- package/src/{rules → shared/rules}/framework-fixes.ts +1 -1
- package/src/{rules → shared/rules}/metadata.ts +94 -0
- package/src/shared/schema-semantics.ts +233 -0
- package/src/{types.ts → shared/types.ts} +142 -11
- package/src/tiers.ts +27 -10
- package/src/validate/__tests__/context-extractor.test.ts +191 -0
- package/src/validate/__tests__/prompt-assembly.test.ts +233 -0
- package/src/validate/__tests__/request-builder.test.ts +347 -0
- package/src/{layer3/anthropic → validate}/index.ts +8 -7
- package/src/{layer3/anthropic → validate}/prompts/index.ts +2 -0
- package/src/validate/prompts/modules/ai-patterns.ts +153 -0
- package/src/validate/prompts/modules/auth-access.ts +22 -0
- package/src/validate/prompts/modules/common.ts +183 -0
- package/src/validate/prompts/modules/index.ts +204 -0
- package/src/validate/prompts/modules/owasp-classic.ts +81 -0
- package/src/validate/prompts/modules/secrets-crypto.ts +65 -0
- package/src/validate/prompts/modules/xss-prompt.ts +19 -0
- package/src/validate/prompts/validation.ts +20 -0
- package/src/{layer3/anthropic → validate}/providers/anthropic.ts +28 -27
- package/src/validate/providers/index.ts +8 -0
- package/src/{layer3/anthropic → validate}/providers/openai.ts +30 -25
- package/src/validate/request-builder.ts +448 -0
- package/src/{layer3/anthropic → validate}/types.ts +1 -1
- package/src/validate/utils/context-extractor.ts +220 -0
- package/src/{layer3/anthropic → validate}/utils/index.ts +10 -0
- package/src/{layer3/anthropic → validate}/utils/response-parser.ts +2 -1
- package/src/layer3/anthropic/prompts/validation.ts +0 -419
- package/src/layer3/anthropic/providers/index.ts +0 -8
- package/src/layer3/anthropic/request-builder.ts +0 -150
- package/src/layer3/index.ts +0 -168
- /package/src/{layer3 → detect/config}/__tests__/osv-check.test.ts +0 -0
- /package/src/{layer2 → detect/structural}/__tests__/math-random-enhanced.test.ts +0 -0
- /package/src/{layer2 → detect/structural}/dangerous-functions/child-process.ts +0 -0
- /package/src/{layer2 → detect/structural}/dangerous-functions/utils/helpers.ts +0 -0
- /package/src/{layer2 → detect/structural}/dangerous-functions/utils/index.ts +0 -0
- /package/src/{suppression → postprocess/suppression}/__tests__/config-loader.test.ts +0 -0
- /package/src/{suppression → postprocess/suppression}/__tests__/hash.test.ts +0 -0
- /package/src/{suppression → postprocess/suppression}/__tests__/inline-parser.test.ts +0 -0
- /package/src/{suppression → postprocess/suppression}/__tests__/manager.test.ts +0 -0
- /package/src/{suppression → postprocess/suppression}/index.ts +0 -0
- /package/src/{baseline → shared/baseline}/index.ts +0 -0
- /package/src/{baseline → shared/baseline}/types.ts +0 -0
- /package/src/{utils → shared}/diff-detector.ts +0 -0
- /package/src/{utils → shared}/diff-parser.ts +0 -0
- /package/src/{utils → shared}/registry-clients.ts +0 -0
- /package/src/{rules → shared/rules}/__tests__/framework-fixes.test.ts +0 -0
- /package/src/{rules → shared/rules}/index.ts +0 -0
- /package/src/{layer3/anthropic → validate}/clients.ts +0 -0
- /package/src/{layer3/anthropic → validate}/prompts/semantic-analysis.ts +0 -0
- /package/src/{layer3/anthropic → validate}/utils/path-helpers.ts +0 -0
- /package/src/{layer3/anthropic → validate}/utils/retry.ts +0 -0
|
@@ -5,11 +5,13 @@
|
|
|
5
5
|
* based on the data source and error handling context.
|
|
6
6
|
*/
|
|
7
7
|
|
|
8
|
-
import type { Vulnerability, VulnerabilitySeverity } from '
|
|
9
|
-
import { isComment, isTestOrMockFile } from '
|
|
8
|
+
import type { Vulnerability, VulnerabilitySeverity } from '../../../shared/types'
|
|
9
|
+
import { isComment, isTestOrMockFile } from '../../../parse/file-classifier'
|
|
10
10
|
import { isInsideTryCatch, hasTryCatchNearby } from './utils/control-flow'
|
|
11
11
|
import { hasSchemaValidationNearby } from './utils/schema-validation'
|
|
12
12
|
|
|
13
|
+
const BASE_CONFIDENCE = 0.35
|
|
14
|
+
|
|
13
15
|
/**
|
|
14
16
|
* JSON.parse source classification
|
|
15
17
|
* Determines if the input is user-controlled or internal data
|
|
@@ -339,7 +341,9 @@ export function detectJSONParseSafe(
|
|
|
339
341
|
description,
|
|
340
342
|
suggestedFix,
|
|
341
343
|
confidence,
|
|
344
|
+
baseConfidence: BASE_CONFIDENCE,
|
|
342
345
|
layer: 2,
|
|
346
|
+
source: 'structural' as const,
|
|
343
347
|
})
|
|
344
348
|
})
|
|
345
349
|
|
|
@@ -362,7 +366,9 @@ export function detectJSONParseSafe(
|
|
|
362
366
|
suggestedFix:
|
|
363
367
|
'Add try-catch for error handling. If parsing user input, add schema validation.',
|
|
364
368
|
confidence: 'low',
|
|
369
|
+
baseConfidence: BASE_CONFIDENCE,
|
|
365
370
|
layer: 2,
|
|
371
|
+
source: 'structural' as const,
|
|
366
372
|
})
|
|
367
373
|
} else if (instances.length > 0 && instances.length < 3) {
|
|
368
374
|
// Report individually for small counts
|
|
@@ -378,7 +384,9 @@ export function detectJSONParseSafe(
|
|
|
378
384
|
description: `JSON.parse on ${instance.source.replace('_', ' ')} data without error handling. Low risk but consider defensive coding.${isTestFile ? ' (in test file)' : ''}`,
|
|
379
385
|
suggestedFix: 'Consider adding try-catch for robustness.',
|
|
380
386
|
confidence: 'low',
|
|
387
|
+
baseConfidence: BASE_CONFIDENCE,
|
|
381
388
|
layer: 2,
|
|
389
|
+
source: 'structural' as const,
|
|
382
390
|
})
|
|
383
391
|
}
|
|
384
392
|
}
|
|
@@ -9,9 +9,88 @@ import {
|
|
|
9
9
|
isTestOrMockFile,
|
|
10
10
|
isSeedOrDataGenFile,
|
|
11
11
|
isEducationalVulnerabilityFile,
|
|
12
|
-
} from '
|
|
12
|
+
} from '../../../parse/file-classifier'
|
|
13
|
+
import type { ParsedFile } from '../../../shared/parsed-file'
|
|
13
14
|
import { extractFunctionContext } from './utils/control-flow'
|
|
14
15
|
|
|
16
|
+
/**
|
|
17
|
+
* Check if Math.random() is used in a jitter/backoff/retry context
|
|
18
|
+
* These are legitimate uses of Math.random() for network resilience,
|
|
19
|
+
* not security-sensitive randomness.
|
|
20
|
+
*
|
|
21
|
+
* Examples:
|
|
22
|
+
* const delay = baseDelay + Math.random() * jitter
|
|
23
|
+
* setTimeout(retry, delay * Math.random())
|
|
24
|
+
* await sleep(backoff * (1 + Math.random() * 0.1))
|
|
25
|
+
*
|
|
26
|
+
* @param content - Full file content
|
|
27
|
+
* @param lineNumber - The 0-indexed line number where Math.random() was found
|
|
28
|
+
*/
|
|
29
|
+
export function isJitterOrBackoffContext(
|
|
30
|
+
content: string,
|
|
31
|
+
lineNumber: number,
|
|
32
|
+
lines?: string[]
|
|
33
|
+
): boolean {
|
|
34
|
+
const _lines = lines ?? content.split('\n')
|
|
35
|
+
const start = Math.max(0, lineNumber - 10)
|
|
36
|
+
const end = Math.min(_lines.length, lineNumber + 5)
|
|
37
|
+
const context = _lines.slice(start, end).join('\n')
|
|
38
|
+
|
|
39
|
+
// Patterns indicating jitter/backoff/retry context
|
|
40
|
+
const jitterPatterns = [
|
|
41
|
+
// Direct keyword matches
|
|
42
|
+
/\b(jitter|backoff|retry|retries|exponential)\b/i,
|
|
43
|
+
// Delay/timeout with random
|
|
44
|
+
/setTimeout.*Math\.random/i,
|
|
45
|
+
/setInterval.*Math\.random/i,
|
|
46
|
+
/sleep.*Math\.random/i,
|
|
47
|
+
/await.*delay.*Math\.random/i,
|
|
48
|
+
// Common backoff patterns
|
|
49
|
+
/\* Math\.random\(\).*delay/i,
|
|
50
|
+
/delay\s*\*\s*Math\.random/i,
|
|
51
|
+
/Math\.random\(\)\s*\*\s*\d+.*delay/i,
|
|
52
|
+
// Retry-related function names
|
|
53
|
+
/function\s+(retry|withRetry|backoff|withBackoff|exponentialBackoff)/i,
|
|
54
|
+
// Common retry library patterns
|
|
55
|
+
/retryPolicy|retryConfig|retryOptions|maxRetries|retryCount/i,
|
|
56
|
+
// Network resilience patterns
|
|
57
|
+
/\b(throttle|debounce|rateLimit)\b.*Math\.random/i,
|
|
58
|
+
// Sampling/probability for non-security uses
|
|
59
|
+
/sampleRate|samplingRate|probability\s*[<>]=?\s*Math\.random/i,
|
|
60
|
+
]
|
|
61
|
+
|
|
62
|
+
return jitterPatterns.some(p => p.test(context))
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
/**
|
|
66
|
+
* Check if Math.random() is used in a React key prop context
|
|
67
|
+
* This is a common pattern to force re-renders, not a security issue.
|
|
68
|
+
*
|
|
69
|
+
* Examples:
|
|
70
|
+
* key={Math.random()}
|
|
71
|
+
* key={`prefix-${Math.random()}`}
|
|
72
|
+
* key={Math.random().toString()}
|
|
73
|
+
*
|
|
74
|
+
* @param lineContent - The line of code to check
|
|
75
|
+
* @param filePath - The file path (only check JSX/TSX files)
|
|
76
|
+
*/
|
|
77
|
+
export function isReactKeyPattern(lineContent: string, filePath: string): boolean {
|
|
78
|
+
// Only check in JSX/TSX files
|
|
79
|
+
if (!/\.[jt]sx$/.test(filePath)) {
|
|
80
|
+
return false
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
// Pattern: key={...Math.random()...}
|
|
84
|
+
// Matches:
|
|
85
|
+
// key={Math.random()}
|
|
86
|
+
// key={`foo-${Math.random()}`}
|
|
87
|
+
// key={Math.random().toString()}
|
|
88
|
+
// key={`${Math.random()}-bar`}
|
|
89
|
+
// key={something + Math.random()}
|
|
90
|
+
const keyPattern = /key\s*=\s*\{[^}]*Math\.random\(\)/
|
|
91
|
+
return keyPattern.test(lineContent)
|
|
92
|
+
}
|
|
93
|
+
|
|
15
94
|
/**
|
|
16
95
|
* Check if Math.random() is used for cosmetic/UI purposes (not security)
|
|
17
96
|
* Cosmetic uses: CSS values, animations, UI variations, demo data
|
|
@@ -20,9 +99,10 @@ import { extractFunctionContext } from './utils/control-flow'
|
|
|
20
99
|
export function isCosmeticMathRandom(
|
|
21
100
|
lineContent: string,
|
|
22
101
|
content: string,
|
|
23
|
-
lineNumber: number
|
|
102
|
+
lineNumber: number,
|
|
103
|
+
lines?: string[]
|
|
24
104
|
): boolean {
|
|
25
|
-
const
|
|
105
|
+
const _lines = lines ?? content.split('\n')
|
|
26
106
|
|
|
27
107
|
// Check the line itself for cosmetic indicators
|
|
28
108
|
const cosmeticLinePatterns = [
|
|
@@ -61,8 +141,8 @@ export function isCosmeticMathRandom(
|
|
|
61
141
|
|
|
62
142
|
// Check surrounding context (5 lines before and after)
|
|
63
143
|
const contextStart = Math.max(0, lineNumber - 5)
|
|
64
|
-
const contextEnd = Math.min(
|
|
65
|
-
const context =
|
|
144
|
+
const contextEnd = Math.min(_lines.length, lineNumber + 5)
|
|
145
|
+
const context = _lines.slice(contextStart, contextEnd).join('\n')
|
|
66
146
|
|
|
67
147
|
// Context indicators of cosmetic use
|
|
68
148
|
const cosmeticContextPatterns = [
|
|
@@ -402,7 +482,8 @@ export function classifyVariableNameRisk(
|
|
|
402
482
|
export function analyzeMathRandomContext(
|
|
403
483
|
content: string,
|
|
404
484
|
filePath: string,
|
|
405
|
-
lineNumber: number
|
|
485
|
+
lineNumber: number,
|
|
486
|
+
lines?: string[]
|
|
406
487
|
): {
|
|
407
488
|
inSecurityContext: boolean
|
|
408
489
|
inTestContext: boolean
|
|
@@ -410,10 +491,10 @@ export function analyzeMathRandomContext(
|
|
|
410
491
|
inBusinessLogicContext: boolean
|
|
411
492
|
contextDescription: string
|
|
412
493
|
} {
|
|
413
|
-
const
|
|
494
|
+
const _lines = lines ?? content.split('\n')
|
|
414
495
|
const start = Math.max(0, lineNumber - 10)
|
|
415
|
-
const end = Math.min(
|
|
416
|
-
const context =
|
|
496
|
+
const end = Math.min(_lines.length, lineNumber + 5)
|
|
497
|
+
const context = _lines.slice(start, end).join('\n')
|
|
417
498
|
|
|
418
499
|
// Security context indicators (functions, imports, comments)
|
|
419
500
|
const securityPatterns = [
|
|
@@ -438,8 +519,8 @@ export function analyzeMathRandomContext(
|
|
|
438
519
|
testContextPatterns.some(p => p.test(context))
|
|
439
520
|
|
|
440
521
|
// UI/cosmetic context (reuse existing logic)
|
|
441
|
-
const lineContent =
|
|
442
|
-
const inUIContext = isCosmeticMathRandom(lineContent, content, lineNumber)
|
|
522
|
+
const lineContent = _lines[lineNumber]
|
|
523
|
+
const inUIContext = isCosmeticMathRandom(lineContent, content, lineNumber, _lines)
|
|
443
524
|
|
|
444
525
|
// Business logic context (non-security ID generation)
|
|
445
526
|
// Note: UUID/CAPTCHA patterns excluded - handled by functionIntent classification
|
|
@@ -448,6 +529,14 @@ export function analyzeMathRandomContext(
|
|
|
448
529
|
/\b(reference|tracking|confirmation)Number\b/i,
|
|
449
530
|
/\b(backoff|retry|jitter|delay|timeout|latency)\b/i,
|
|
450
531
|
/\b(sample|sampling|probability|chance|rollout|experiment|abtest|cohort|bucket|variant)\b/i,
|
|
532
|
+
// Load balancing and selection patterns
|
|
533
|
+
/mode\s*===?\s*['"]random['"]/i, // mode === 'random'
|
|
534
|
+
/\.\w*index\s*%/i, // round-robin patterns
|
|
535
|
+
/keys?\[.*Math\.random/i, // keys[Math.floor(Math.random() * keys.length)]
|
|
536
|
+
/\[\s*Math\.floor\s*\(\s*Math\.random/i, // array[Math.floor(Math.random()...)]
|
|
537
|
+
/shuffle/i, // shuffle functions
|
|
538
|
+
/pickRandom/i, // pickRandom helpers
|
|
539
|
+
/randomElement/i, // randomElement helpers
|
|
451
540
|
]
|
|
452
541
|
const inBusinessLogicContext =
|
|
453
542
|
businessLogicPatterns.some(p => p.test(context)) && !inSecurityContext
|
|
@@ -473,29 +562,169 @@ export function analyzeMathRandomContext(
|
|
|
473
562
|
}
|
|
474
563
|
}
|
|
475
564
|
|
|
565
|
+
/**
|
|
566
|
+
* Check if file is an animation/motion component based on file name
|
|
567
|
+
* Files with animation-related names typically use Math.random for visual effects
|
|
568
|
+
*/
|
|
569
|
+
export function isAnimationFile(filePath: string): boolean {
|
|
570
|
+
const animationPatterns = [
|
|
571
|
+
/animated[-_]/i, // animated-document-scanner.tsx
|
|
572
|
+
/[-_]animation/i, // document-animation.tsx
|
|
573
|
+
/motion[-_]/i, // motion-component.tsx
|
|
574
|
+
/[-_]motion/i, // scroll-motion.tsx
|
|
575
|
+
/particles?[-_]/i, // particles-background.tsx
|
|
576
|
+
/confetti/i, // confetti.tsx
|
|
577
|
+
/[-_]effect/i, // hover-effect.tsx
|
|
578
|
+
/transition[-_]/i, // transition-wrapper.tsx
|
|
579
|
+
/visual[-_]/i, // visual-effects.tsx
|
|
580
|
+
/canvas[-_]/i, // canvas-animation.tsx
|
|
581
|
+
]
|
|
582
|
+
return animationPatterns.some(p => p.test(filePath))
|
|
583
|
+
}
|
|
584
|
+
|
|
585
|
+
/**
|
|
586
|
+
* Check if Math.random() is used for animation/motion coordinates
|
|
587
|
+
* Common in animation libraries like framer-motion, react-spring, Three.js, etc.
|
|
588
|
+
*/
|
|
589
|
+
export function isAnimationCoordinateUsage(lineContent: string, context: string): boolean {
|
|
590
|
+
// Object property assignments for coordinates
|
|
591
|
+
const coordinatePatterns = [
|
|
592
|
+
/\bx:\s*Math\.random/i, // x: Math.random()
|
|
593
|
+
/\by:\s*Math\.random/i, // y: Math.random()
|
|
594
|
+
/\bz:\s*Math\.random/i, // z: Math.random()
|
|
595
|
+
/\bleft:\s*.*Math\.random/i, // left: Math.random()
|
|
596
|
+
/\btop:\s*.*Math\.random/i, // top: Math.random()
|
|
597
|
+
/\bright:\s*.*Math\.random/i, // right: Math.random()
|
|
598
|
+
/\bbottom:\s*.*Math\.random/i, // bottom: Math.random()
|
|
599
|
+
/\brotation:\s*.*Math\.random/i, // rotation: Math.random()
|
|
600
|
+
/\brotateX:\s*.*Math\.random/i, // rotateX: Math.random()
|
|
601
|
+
/\brotateY:\s*.*Math\.random/i, // rotateY: Math.random()
|
|
602
|
+
/\brotateZ:\s*.*Math\.random/i, // rotateZ: Math.random()
|
|
603
|
+
/\bscaleX?:\s*.*Math\.random/i, // scale/scaleX: Math.random()
|
|
604
|
+
/\bscaleY:\s*.*Math\.random/i, // scaleY: Math.random()
|
|
605
|
+
/\bopacity:\s*.*Math\.random/i, // opacity: Math.random()
|
|
606
|
+
/\bduration:\s*.*Math\.random/i, // duration: Math.random()
|
|
607
|
+
/\bdelay:\s*.*Math\.random/i, // delay: Math.random()
|
|
608
|
+
// 3D/Three.js specific patterns
|
|
609
|
+
/\boffset\s*=.*Math\.random/i, // offset = Math.random()
|
|
610
|
+
/useMemo\s*\(\s*\(\s*\)\s*=>\s*Math\.random/i, // useMemo(() => Math.random(), [])
|
|
611
|
+
/\bphase\s*[:=].*Math\.random/i, // phase: Math.random() or phase = Math.random()
|
|
612
|
+
/\bspeed\s*[:=].*Math\.random/i, // speed: Math.random()
|
|
613
|
+
/\bangle\s*[:=].*Math\.random/i, // angle: Math.random()
|
|
614
|
+
]
|
|
615
|
+
|
|
616
|
+
if (coordinatePatterns.some(p => p.test(lineContent))) {
|
|
617
|
+
return true
|
|
618
|
+
}
|
|
619
|
+
|
|
620
|
+
// Motion/animation library context patterns
|
|
621
|
+
const motionLibraryPatterns = [
|
|
622
|
+
/framer-motion/i,
|
|
623
|
+
/react-spring/i,
|
|
624
|
+
/react-motion/i,
|
|
625
|
+
/gsap/i,
|
|
626
|
+
/animejs/i,
|
|
627
|
+
/popmotion/i,
|
|
628
|
+
/motion\.div/i,
|
|
629
|
+
/useSpring/i,
|
|
630
|
+
/useAnimation/i,
|
|
631
|
+
/animate\s*\(/i,
|
|
632
|
+
/keyframes/i,
|
|
633
|
+
// Three.js and React Three Fiber patterns
|
|
634
|
+
/three/i,
|
|
635
|
+
/useFrame/i,
|
|
636
|
+
/@react-three/i,
|
|
637
|
+
/Canvas/i, // React Three Fiber Canvas
|
|
638
|
+
/mesh/i, // Three.js mesh
|
|
639
|
+
/geometry/i, // Three.js geometry
|
|
640
|
+
/material/i, // Three.js material
|
|
641
|
+
]
|
|
642
|
+
|
|
643
|
+
return motionLibraryPatterns.some(p => p.test(context))
|
|
644
|
+
}
|
|
645
|
+
|
|
646
|
+
/**
|
|
647
|
+
* Check if Math.random() is used in a template placeholder generator context
|
|
648
|
+
* Template systems often use random generators for placeholder values
|
|
649
|
+
*
|
|
650
|
+
* Examples:
|
|
651
|
+
* const templates = { random: () => Math.random().toString() }
|
|
652
|
+
* random_hex: () => Math.random().toString(16)
|
|
653
|
+
* {{random}} placeholder generation
|
|
654
|
+
*/
|
|
655
|
+
export function isTemplatePlaceholderGenerator(
|
|
656
|
+
line: string,
|
|
657
|
+
content: string,
|
|
658
|
+
lineNumber: number,
|
|
659
|
+
lines?: string[]
|
|
660
|
+
): boolean {
|
|
661
|
+
const _lines = lines ?? content.split('\n')
|
|
662
|
+
const contextStart = Math.max(0, lineNumber - 10)
|
|
663
|
+
const contextEnd = Math.min(_lines.length, lineNumber + 5)
|
|
664
|
+
const context = _lines.slice(contextStart, contextEnd).join('\n')
|
|
665
|
+
|
|
666
|
+
const templatePatterns = [
|
|
667
|
+
/\{\{random\w*\}\}/i, // {{random}}, {{random_hex}}, etc.
|
|
668
|
+
/random:\s*\(\s*\)\s*=>\s*Math\.random/i, // random: () => Math.random()
|
|
669
|
+
/random_\w+:\s*\(\s*\)\s*=>/i, // random_int: () => ...
|
|
670
|
+
/placeholder.*random/i, // placeholder context
|
|
671
|
+
/templates?\s*[=:]\s*\{/i, // templates = { or template: {
|
|
672
|
+
/generatePlaceholder/i, // generatePlaceholder function
|
|
673
|
+
/placeholder\s*[:=]/i, // placeholder: or placeholder =
|
|
674
|
+
]
|
|
675
|
+
|
|
676
|
+
return templatePatterns.some(p => p.test(context) || p.test(line))
|
|
677
|
+
}
|
|
678
|
+
|
|
476
679
|
/**
|
|
477
680
|
* Check if Math.random() should be skipped entirely
|
|
478
|
-
* Returns true for seed files, test fixtures, captcha/puzzle, uuid, and pure cosmetic uses
|
|
681
|
+
* Returns true for seed files, test fixtures, captcha/puzzle, uuid, React keys, jitter/backoff, and pure cosmetic uses
|
|
479
682
|
*/
|
|
480
683
|
export function shouldSkipMathRandom(
|
|
481
684
|
content: string,
|
|
482
685
|
filePath: string,
|
|
483
|
-
lineNumber: number
|
|
686
|
+
lineNumber: number,
|
|
687
|
+
options?: { parsed?: ParsedFile }
|
|
484
688
|
): boolean {
|
|
485
689
|
// Seed/data generation files - skip entirely
|
|
486
690
|
if (isSeedOrDataGenFile(filePath)) {
|
|
487
691
|
return true
|
|
488
692
|
}
|
|
489
693
|
|
|
694
|
+
// Animation/motion component files - skip entirely
|
|
695
|
+
// These use Math.random for visual effects, not security
|
|
696
|
+
if (isAnimationFile(filePath)) {
|
|
697
|
+
return true
|
|
698
|
+
}
|
|
699
|
+
|
|
490
700
|
// Educational/intentional vulnerability files - skip entirely
|
|
491
701
|
// These include OWASP Juice Shop, intentionally-vulnerable examples, etc.
|
|
492
702
|
if (isEducationalVulnerabilityFile(filePath)) {
|
|
493
703
|
return true
|
|
494
704
|
}
|
|
495
705
|
|
|
706
|
+
// Check for React key pattern - this is a common pattern to force re-renders
|
|
707
|
+
// It's not a security issue, just a way to reset component state
|
|
708
|
+
const lines = options?.parsed?.lines ?? content.split('\n')
|
|
709
|
+
const lineContent = lines[lineNumber] || ''
|
|
710
|
+
if (isReactKeyPattern(lineContent, filePath)) {
|
|
711
|
+
return true
|
|
712
|
+
}
|
|
713
|
+
|
|
714
|
+
// Template placeholder generators - skip entirely
|
|
715
|
+
// These generate placeholder values for templates, not security tokens
|
|
716
|
+
if (isTemplatePlaceholderGenerator(lineContent, content, lineNumber, lines)) {
|
|
717
|
+
return true
|
|
718
|
+
}
|
|
719
|
+
|
|
720
|
+
// Jitter/backoff/retry patterns - legitimate non-security use of randomness
|
|
721
|
+
// Used for network resilience, rate limiting, exponential backoff, etc.
|
|
722
|
+
if (isJitterOrBackoffContext(content, lineNumber, lines)) {
|
|
723
|
+
return true
|
|
724
|
+
}
|
|
725
|
+
|
|
496
726
|
// Test files with test fixture patterns
|
|
497
727
|
if (isTestOrMockFile(filePath)) {
|
|
498
|
-
const lines = content.split('\n')
|
|
499
728
|
const line = lines[lineNumber]
|
|
500
729
|
// If in a test file and generating test data, skip
|
|
501
730
|
if (
|
|
@@ -507,9 +736,7 @@ export function shouldSkipMathRandom(
|
|
|
507
736
|
}
|
|
508
737
|
|
|
509
738
|
// Pure cosmetic usage (CSS values, animations)
|
|
510
|
-
|
|
511
|
-
const lineContent = lines[lineNumber] || ''
|
|
512
|
-
if (isCosmeticMathRandom(lineContent, content, lineNumber)) {
|
|
739
|
+
if (isCosmeticMathRandom(lineContent, content, lineNumber, lines)) {
|
|
513
740
|
// Additional check: if this is for animation/style, truly skip
|
|
514
741
|
const pureStylePatterns = [
|
|
515
742
|
/\.style\./,
|
|
@@ -524,6 +751,15 @@ export function shouldSkipMathRandom(
|
|
|
524
751
|
}
|
|
525
752
|
}
|
|
526
753
|
|
|
754
|
+
// Animation coordinate usage (x, y, rotation, etc.)
|
|
755
|
+
// Get surrounding context for animation library detection
|
|
756
|
+
const contextStart = Math.max(0, lineNumber - 15)
|
|
757
|
+
const contextEnd = Math.min(lines.length, lineNumber + 5)
|
|
758
|
+
const animContext = lines.slice(contextStart, contextEnd).join('\n')
|
|
759
|
+
if (isAnimationCoordinateUsage(lineContent, animContext)) {
|
|
760
|
+
return true
|
|
761
|
+
}
|
|
762
|
+
|
|
527
763
|
// Check function context for demo/seed/captcha/uuid functions
|
|
528
764
|
const functionName = extractFunctionContext(content, lineNumber)
|
|
529
765
|
const functionIntent = classifyFunctionIntent(functionName)
|
|
@@ -533,5 +769,21 @@ export function shouldSkipMathRandom(
|
|
|
533
769
|
return true
|
|
534
770
|
}
|
|
535
771
|
|
|
772
|
+
// Check for fallback pattern: crypto.randomUUID?.() ?? Math.random()
|
|
773
|
+
// When a secure primary method is used with Math.random as fallback,
|
|
774
|
+
// the code is safe (Math.random only runs in environments without crypto API)
|
|
775
|
+
const prevLines = lines.slice(Math.max(0, lineNumber - 2), lineNumber + 1).join(' ')
|
|
776
|
+
const multiLineFallbackPatterns = [
|
|
777
|
+
/crypto\??\.?\s*randomUUID\??\.?\s*\(\s*\)\s*\?\?/i, // crypto.randomUUID() ??
|
|
778
|
+
/globalThis\.crypto\??\.?\s*randomUUID\??\.?\s*\(/i, // globalThis.crypto?.randomUUID?.()
|
|
779
|
+
/window\.crypto\??\.?\s*randomUUID\??\.?\s*\(/i, // window.crypto?.randomUUID?.()
|
|
780
|
+
/\?\.\s*randomUUID\??\.?\s*\(\s*\)\s*\?\?/i, // ?.randomUUID?.() ??
|
|
781
|
+
/crypto\??\.?\s*getRandomValues\s*\(/i, // crypto.getRandomValues()
|
|
782
|
+
/randomUUID\??\.?\s*\(\s*\)\s*\?\?/i, // randomUUID?.() ?? (generic)
|
|
783
|
+
]
|
|
784
|
+
if (multiLineFallbackPatterns.some(p => p.test(prevLines))) {
|
|
785
|
+
return true // Skip - Math.random is only a fallback for missing crypto API
|
|
786
|
+
}
|
|
787
|
+
|
|
536
788
|
return false
|
|
537
789
|
}
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
* These patterns are used by the main detection engine.
|
|
6
6
|
*/
|
|
7
7
|
|
|
8
|
-
import type { VulnerabilitySeverity } from '
|
|
8
|
+
import type { VulnerabilitySeverity } from '../../../shared/types'
|
|
9
9
|
|
|
10
10
|
export interface DangerousFunctionPattern {
|
|
11
11
|
name: string
|
|
@@ -58,9 +58,11 @@ export const DANGEROUS_FUNCTIONS: DangerousFunctionPattern[] = [
|
|
|
58
58
|
},
|
|
59
59
|
|
|
60
60
|
// SQL injection risks
|
|
61
|
+
// Note: .execute is too generic (used by axios, tRPC, request utilities)
|
|
62
|
+
// Focus on .query and .raw which are more SQL-specific
|
|
61
63
|
{
|
|
62
64
|
name: 'Raw SQL query construction',
|
|
63
|
-
pattern: /\.(query|
|
|
65
|
+
pattern: /\.(query|raw)\s*\(\s*[`'"].*\$\{|\.query\s*\(\s*['"].*\+/gi,
|
|
64
66
|
severity: 'critical',
|
|
65
67
|
description: 'String concatenation in SQL queries can lead to SQL injection',
|
|
66
68
|
suggestedFix: 'Use parameterized queries or prepared statements',
|
|
@@ -5,11 +5,13 @@
|
|
|
5
5
|
* proper schema validation.
|
|
6
6
|
*/
|
|
7
7
|
|
|
8
|
-
import type { Vulnerability } from '
|
|
9
|
-
import { isComment } from '
|
|
8
|
+
import type { Vulnerability } from '../../../shared/types'
|
|
9
|
+
import { isComment } from '../../../parse/file-classifier'
|
|
10
10
|
import { hasManualValidation } from './utils/schema-validation'
|
|
11
11
|
import { hasThrowingAuthHelper } from './utils/helpers'
|
|
12
12
|
|
|
13
|
+
const BASE_CONFIDENCE = 0.35
|
|
14
|
+
|
|
13
15
|
/**
|
|
14
16
|
* Detect request.json() / req.json() and suggest schema validation
|
|
15
17
|
* This is NOT a dangerous function - it's a prompt for best practices
|
|
@@ -102,7 +104,9 @@ export function detectRequestJsonValidation(
|
|
|
102
104
|
suggestedFix:
|
|
103
105
|
'While manual validation works, schema libraries provide better TypeScript integration and error messages.',
|
|
104
106
|
confidence: 'low',
|
|
107
|
+
baseConfidence: BASE_CONFIDENCE,
|
|
105
108
|
layer: 2,
|
|
109
|
+
source: 'structural' as const,
|
|
106
110
|
})
|
|
107
111
|
return
|
|
108
112
|
}
|
|
@@ -122,7 +126,9 @@ export function detectRequestJsonValidation(
|
|
|
122
126
|
suggestedFix:
|
|
123
127
|
'Add schema validation (e.g., zod): const body = await request.json(); const data = schema.parse(body);',
|
|
124
128
|
confidence: 'low',
|
|
129
|
+
baseConfidence: BASE_CONFIDENCE,
|
|
125
130
|
layer: 2,
|
|
131
|
+
source: 'structural' as const,
|
|
126
132
|
})
|
|
127
133
|
} else {
|
|
128
134
|
// Single instance
|
|
@@ -139,7 +145,9 @@ export function detectRequestJsonValidation(
|
|
|
139
145
|
suggestedFix:
|
|
140
146
|
'Add schema validation (e.g., zod): const body = await request.json(); const data = schema.parse(body);',
|
|
141
147
|
confidence: 'low',
|
|
148
|
+
baseConfidence: BASE_CONFIDENCE,
|
|
142
149
|
layer: 2,
|
|
150
|
+
source: 'structural' as const,
|
|
143
151
|
})
|
|
144
152
|
}
|
|
145
153
|
}
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Control Flow Analysis Utilities
|
|
3
|
+
*
|
|
4
|
+
* Backward-compatible wrappers around shared code-analysis utilities.
|
|
5
|
+
* Existing callers pass (content: string, lineNumber: number) — these
|
|
6
|
+
* wrappers create a temporary ParsedFile to delegate to the shared implementation.
|
|
7
|
+
*/
|
|
8
|
+
|
|
9
|
+
import { ParsedFile } from '../../../../shared/parsed-file'
|
|
10
|
+
import * as codeAnalysis from '../../../../shared/code-analysis'
|
|
11
|
+
|
|
12
|
+
/**
|
|
13
|
+
* Check if a line is inside a try-catch block
|
|
14
|
+
* Looks for enclosing try { ... } catch pattern
|
|
15
|
+
*/
|
|
16
|
+
export function isInsideTryCatch(content: string, lineNumber: number): boolean {
|
|
17
|
+
return codeAnalysis.isInsideTryCatch(new ParsedFile(content, ''), lineNumber)
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
/**
|
|
21
|
+
* Simpler heuristic: check if there's a try-catch in the same function scope
|
|
22
|
+
* Looks for try { before the line and } catch after, within reasonable bounds
|
|
23
|
+
*/
|
|
24
|
+
export function hasTryCatchNearby(content: string, lineNumber: number, windowSize: number = 20): boolean {
|
|
25
|
+
return codeAnalysis.hasTryCatchNearby(new ParsedFile(content, ''), lineNumber, windowSize)
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
/**
|
|
29
|
+
* Extract function context where a call is being made
|
|
30
|
+
* Looks backwards from the current line to find enclosing function name
|
|
31
|
+
* Returns lowercase function name or null if not found
|
|
32
|
+
*/
|
|
33
|
+
export function extractFunctionContext(content: string, lineNumber: number): string | null {
|
|
34
|
+
return codeAnalysis.extractFunctionContext(new ParsedFile(content, ''), lineNumber)
|
|
35
|
+
}
|
|
@@ -72,12 +72,13 @@ export function hasManualValidation(content: string): boolean {
|
|
|
72
72
|
*/
|
|
73
73
|
export function hasSQLWhitelistValidation(content: string, lineNumber: number): boolean {
|
|
74
74
|
const lines = content.split('\n')
|
|
75
|
-
const contextStart = Math.max(0, lineNumber -
|
|
75
|
+
const contextStart = Math.max(0, lineNumber - 20)
|
|
76
76
|
const contextEnd = Math.min(lines.length, lineNumber + 5)
|
|
77
77
|
const context = lines.slice(contextStart, contextEnd).join('\n')
|
|
78
78
|
|
|
79
79
|
// Whitelist/allowlist validation patterns
|
|
80
80
|
const whitelistPatterns = [
|
|
81
|
+
// Array-based whitelists
|
|
81
82
|
/allowed\w*\s*=\s*\[/i, // allowedColumns = [...]
|
|
82
83
|
/whitelist\w*\s*=\s*\[/i, // whitelistFields = [...]
|
|
83
84
|
/valid\w*\s*=\s*\[/i, // validColumns = [...]
|
|
@@ -85,6 +86,20 @@ export function hasSQLWhitelistValidation(content: string, lineNumber: number):
|
|
|
85
86
|
/\.includes\s*\([^)]*\)/i, // allowedColumns.includes(col)
|
|
86
87
|
/\.every\s*\([^)]*\.includes/i, // columns.every(c => allowed.includes(c))
|
|
87
88
|
/if\s*\(\s*!.*\.includes/i, // if (!allowed.includes(...))
|
|
89
|
+
|
|
90
|
+
// Object-based whitelists (Record<string, string>)
|
|
91
|
+
/\w+\s+in\s+\w*(?:sortable|allowed|valid|whitelist)\w*/i, // sorter in sortableFields
|
|
92
|
+
/\w+\s+in\s+\w+Fields/i, // key in someFields
|
|
93
|
+
/:\s*Record<string,\s*string>/i, // Type annotation: Record<string, string>
|
|
94
|
+
/const\s+\w+Fields\s*:\s*\{[^}]*\}\s*=/i, // const xyzFields: {...} = (inline type)
|
|
95
|
+
/const\s+\w+Fields\s*=\s*\{[^}]*\}/i, // const xyzFields = { ... }
|
|
96
|
+
/if\s*\([^)]*\s+in\s+\w+Fields\s*\)/i, // if (x in yFields)
|
|
97
|
+
/&&\s*\w+\s+in\s+\w+/i, // && sorter in sortableFields
|
|
98
|
+
|
|
99
|
+
// Enum-based validation (ASC/DESC, etc.)
|
|
100
|
+
/===?\s*['"](?:ASC|DESC)['"]/i, // === 'ASC' or === 'DESC'
|
|
101
|
+
/===?\s*\w+\.(?:Asc|Desc|ASC|DESC)/i, // === SortType.Asc
|
|
102
|
+
/toLowerCase\s*\(\s*\)\s*===?\s*\w+\.(?:asc|desc)/i, // .toLowerCase() === SortType.asc
|
|
88
103
|
]
|
|
89
104
|
|
|
90
105
|
return whitelistPatterns.some(p => p.test(context))
|