@oculum/scanner 1.0.11 → 1.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/ai-context/index.d.ts +6 -0
- package/dist/ai-context/index.d.ts.map +1 -0
- package/dist/ai-context/index.js +13 -0
- package/dist/ai-context/index.js.map +1 -0
- package/dist/ai-context/manager.d.ts +67 -0
- package/dist/ai-context/manager.d.ts.map +1 -0
- package/dist/ai-context/manager.js +104 -0
- package/dist/ai-context/manager.js.map +1 -0
- package/dist/category-filter.d.ts +125 -0
- package/dist/category-filter.d.ts.map +1 -0
- package/dist/category-filter.js +360 -0
- package/dist/category-filter.js.map +1 -0
- package/dist/detect/ai-code/agent-tools.d.ts +22 -0
- package/dist/detect/ai-code/agent-tools.d.ts.map +1 -0
- package/dist/detect/ai-code/agent-tools.js +1509 -0
- package/dist/detect/ai-code/agent-tools.js.map +1 -0
- package/dist/detect/ai-code/byok-patterns.d.ts +15 -0
- package/dist/detect/ai-code/byok-patterns.d.ts.map +1 -0
- package/dist/detect/ai-code/byok-patterns.js +313 -0
- package/dist/detect/ai-code/byok-patterns.js.map +1 -0
- package/dist/detect/ai-code/endpoint-protection.d.ts +38 -0
- package/dist/detect/ai-code/endpoint-protection.d.ts.map +1 -0
- package/dist/detect/ai-code/endpoint-protection.js +349 -0
- package/dist/detect/ai-code/endpoint-protection.js.map +1 -0
- package/dist/detect/ai-code/execution-sinks.d.ts +21 -0
- package/dist/detect/ai-code/execution-sinks.d.ts.map +1 -0
- package/dist/detect/ai-code/execution-sinks.js +1158 -0
- package/dist/detect/ai-code/execution-sinks.js.map +1 -0
- package/dist/detect/ai-code/fingerprinting.d.ts +10 -0
- package/dist/detect/ai-code/fingerprinting.d.ts.map +1 -0
- package/dist/detect/ai-code/fingerprinting.js +665 -0
- package/dist/detect/ai-code/fingerprinting.js.map +1 -0
- package/dist/detect/ai-code/index.d.ts +12 -0
- package/dist/detect/ai-code/index.d.ts.map +1 -0
- package/dist/detect/ai-code/index.js +26 -0
- package/dist/detect/ai-code/index.js.map +1 -0
- package/dist/detect/ai-code/mcp-security.d.ts +20 -0
- package/dist/detect/ai-code/mcp-security.d.ts.map +1 -0
- package/dist/detect/ai-code/mcp-security.js +880 -0
- package/dist/detect/ai-code/mcp-security.js.map +1 -0
- package/dist/detect/ai-code/model-supply-chain.d.ts +23 -0
- package/dist/detect/ai-code/model-supply-chain.d.ts.map +1 -0
- package/dist/detect/ai-code/model-supply-chain.js +447 -0
- package/dist/detect/ai-code/model-supply-chain.js.map +1 -0
- package/dist/detect/ai-code/package-hallucination.d.ts +22 -0
- package/dist/detect/ai-code/package-hallucination.d.ts.map +1 -0
- package/dist/detect/ai-code/package-hallucination.js +841 -0
- package/dist/detect/ai-code/package-hallucination.js.map +1 -0
- package/dist/detect/ai-code/prompt-hygiene.d.ts +22 -0
- package/dist/detect/ai-code/prompt-hygiene.d.ts.map +1 -0
- package/dist/detect/ai-code/prompt-hygiene.js +1177 -0
- package/dist/detect/ai-code/prompt-hygiene.js.map +1 -0
- package/dist/detect/ai-code/rag-safety.d.ts +24 -0
- package/dist/detect/ai-code/rag-safety.d.ts.map +1 -0
- package/dist/detect/ai-code/rag-safety.js +913 -0
- package/dist/detect/ai-code/rag-safety.js.map +1 -0
- package/dist/detect/ai-code/schema-validation.d.ts +28 -0
- package/dist/detect/ai-code/schema-validation.d.ts.map +1 -0
- package/dist/detect/ai-code/schema-validation.js +378 -0
- package/dist/detect/ai-code/schema-validation.js.map +1 -0
- package/dist/detect/config/agent-skill-injection.d.ts +27 -0
- package/dist/detect/config/agent-skill-injection.d.ts.map +1 -0
- package/dist/detect/config/agent-skill-injection.js +472 -0
- package/dist/detect/config/agent-skill-injection.js.map +1 -0
- package/dist/detect/config/comments.d.ts +11 -0
- package/dist/detect/config/comments.d.ts.map +1 -0
- package/dist/detect/config/comments.js +206 -0
- package/dist/detect/config/comments.js.map +1 -0
- package/dist/detect/config/file-flags.d.ts +10 -0
- package/dist/detect/config/file-flags.d.ts.map +1 -0
- package/dist/detect/config/file-flags.js +124 -0
- package/dist/detect/config/file-flags.js.map +1 -0
- package/dist/detect/config/index.d.ts +7 -0
- package/dist/detect/config/index.d.ts.map +1 -0
- package/dist/detect/config/index.js +17 -0
- package/dist/detect/config/index.js.map +1 -0
- package/dist/detect/config/osv-check.d.ts +75 -0
- package/dist/detect/config/osv-check.d.ts.map +1 -0
- package/dist/detect/config/osv-check.js +309 -0
- package/dist/detect/config/osv-check.js.map +1 -0
- package/dist/detect/config/package-check.d.ts +63 -0
- package/dist/detect/config/package-check.d.ts.map +1 -0
- package/dist/detect/config/package-check.js +509 -0
- package/dist/detect/config/package-check.js.map +1 -0
- package/dist/detect/config/urls.d.ts +11 -0
- package/dist/detect/config/urls.d.ts.map +1 -0
- package/dist/detect/config/urls.js +450 -0
- package/dist/detect/config/urls.js.map +1 -0
- package/dist/detect/index.d.ts +37 -0
- package/dist/detect/index.d.ts.map +1 -0
- package/dist/detect/index.js +77 -0
- package/dist/detect/index.js.map +1 -0
- package/dist/detect/secrets/config-audit.d.ts +11 -0
- package/dist/detect/secrets/config-audit.d.ts.map +1 -0
- package/dist/detect/secrets/config-audit.js +315 -0
- package/dist/detect/secrets/config-audit.js.map +1 -0
- package/dist/detect/secrets/config-mcp-audit.d.ts +23 -0
- package/dist/detect/secrets/config-mcp-audit.d.ts.map +1 -0
- package/dist/detect/secrets/config-mcp-audit.js +243 -0
- package/dist/detect/secrets/config-mcp-audit.js.map +1 -0
- package/dist/detect/secrets/entropy.d.ts +11 -0
- package/dist/detect/secrets/entropy.d.ts.map +1 -0
- package/dist/detect/secrets/entropy.js +751 -0
- package/dist/detect/secrets/entropy.js.map +1 -0
- package/dist/detect/secrets/index.d.ts +36 -0
- package/dist/detect/secrets/index.d.ts.map +1 -0
- package/dist/detect/secrets/index.js +174 -0
- package/dist/detect/secrets/index.js.map +1 -0
- package/dist/detect/secrets/patterns.d.ts +11 -0
- package/dist/detect/secrets/patterns.d.ts.map +1 -0
- package/dist/detect/secrets/patterns.js +518 -0
- package/dist/detect/secrets/patterns.js.map +1 -0
- package/dist/detect/secrets/weak-crypto.d.ts +10 -0
- package/dist/detect/secrets/weak-crypto.d.ts.map +1 -0
- package/dist/detect/secrets/weak-crypto.js +432 -0
- package/dist/detect/secrets/weak-crypto.js.map +1 -0
- package/dist/detect/structural/auth-patterns.d.ts +22 -0
- package/dist/detect/structural/auth-patterns.d.ts.map +1 -0
- package/dist/detect/structural/auth-patterns.js +533 -0
- package/dist/detect/structural/auth-patterns.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/child-process.d.ts +16 -0
- package/dist/detect/structural/dangerous-functions/child-process.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/child-process.js +74 -0
- package/dist/detect/structural/dangerous-functions/child-process.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/dom-xss.d.ts +34 -0
- package/dist/detect/structural/dangerous-functions/dom-xss.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/dom-xss.js +230 -0
- package/dist/detect/structural/dangerous-functions/dom-xss.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/index.d.ts +16 -0
- package/dist/detect/structural/dangerous-functions/index.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/index.js +1193 -0
- package/dist/detect/structural/dangerous-functions/index.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/json-parse.d.ts +31 -0
- package/dist/detect/structural/dangerous-functions/json-parse.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/json-parse.js +326 -0
- package/dist/detect/structural/dangerous-functions/json-parse.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/math-random.d.ts +111 -0
- package/dist/detect/structural/dangerous-functions/math-random.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/math-random.js +684 -0
- package/dist/detect/structural/dangerous-functions/math-random.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/patterns.d.ts +21 -0
- package/dist/detect/structural/dangerous-functions/patterns.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/patterns.js +163 -0
- package/dist/detect/structural/dangerous-functions/patterns.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/request-validation.d.ts +13 -0
- package/dist/detect/structural/dangerous-functions/request-validation.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/request-validation.js +126 -0
- package/dist/detect/structural/dangerous-functions/request-validation.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts +24 -0
- package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/control-flow.js +70 -0
- package/dist/detect/structural/dangerous-functions/utils/control-flow.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts +31 -0
- package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/helpers.js +147 -0
- package/dist/detect/structural/dangerous-functions/utils/helpers.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/index.d.ts +9 -0
- package/dist/detect/structural/dangerous-functions/utils/index.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/index.js +23 -0
- package/dist/detect/structural/dangerous-functions/utils/index.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts +22 -0
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.js +102 -0
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.js.map +1 -0
- package/dist/detect/structural/data-exposure.d.ts +19 -0
- package/dist/detect/structural/data-exposure.d.ts.map +1 -0
- package/dist/detect/structural/data-exposure.js +262 -0
- package/dist/detect/structural/data-exposure.js.map +1 -0
- package/dist/detect/structural/framework-checks.d.ts +10 -0
- package/dist/detect/structural/framework-checks.d.ts.map +1 -0
- package/dist/detect/structural/framework-checks.js +389 -0
- package/dist/detect/structural/framework-checks.js.map +1 -0
- package/dist/detect/structural/index.d.ts +71 -0
- package/dist/detect/structural/index.d.ts.map +1 -0
- package/dist/detect/structural/index.js +510 -0
- package/dist/detect/structural/index.js.map +1 -0
- package/dist/detect/structural/log-injection.d.ts +18 -0
- package/dist/detect/structural/log-injection.d.ts.map +1 -0
- package/dist/detect/structural/log-injection.js +217 -0
- package/dist/detect/structural/log-injection.js.map +1 -0
- package/dist/detect/structural/logic-gates.d.ts +10 -0
- package/dist/detect/structural/logic-gates.d.ts.map +1 -0
- package/dist/detect/structural/logic-gates.js +227 -0
- package/dist/detect/structural/logic-gates.js.map +1 -0
- package/dist/detect/structural/risky-imports.d.ts +10 -0
- package/dist/detect/structural/risky-imports.d.ts.map +1 -0
- package/dist/detect/structural/risky-imports.js +168 -0
- package/dist/detect/structural/risky-imports.js.map +1 -0
- package/dist/detect/structural/security-headers.d.ts +18 -0
- package/dist/detect/structural/security-headers.d.ts.map +1 -0
- package/dist/detect/structural/security-headers.js +196 -0
- package/dist/detect/structural/security-headers.js.map +1 -0
- package/dist/detect/structural/ssrf-detection.d.ts +18 -0
- package/dist/detect/structural/ssrf-detection.d.ts.map +1 -0
- package/dist/detect/structural/ssrf-detection.js +263 -0
- package/dist/detect/structural/ssrf-detection.js.map +1 -0
- package/dist/detect/structural/variables.d.ts +11 -0
- package/dist/detect/structural/variables.d.ts.map +1 -0
- package/dist/detect/structural/variables.js +159 -0
- package/dist/detect/structural/variables.js.map +1 -0
- package/dist/detect/structural/xxe-detection.d.ts +18 -0
- package/dist/detect/structural/xxe-detection.d.ts.map +1 -0
- package/dist/detect/structural/xxe-detection.js +245 -0
- package/dist/detect/structural/xxe-detection.js.map +1 -0
- package/dist/filtering/context-adjustments.d.ts +23 -0
- package/dist/filtering/context-adjustments.d.ts.map +1 -0
- package/dist/filtering/context-adjustments.js +100 -0
- package/dist/filtering/context-adjustments.js.map +1 -0
- package/dist/filtering/index.d.ts +3 -0
- package/dist/filtering/index.d.ts.map +1 -0
- package/dist/filtering/index.js +8 -0
- package/dist/filtering/index.js.map +1 -0
- package/dist/filtering/pipeline.d.ts +48 -0
- package/dist/filtering/pipeline.d.ts.map +1 -0
- package/dist/filtering/pipeline.js +76 -0
- package/dist/filtering/pipeline.js.map +1 -0
- package/dist/formatters/ai-context.d.ts +23 -0
- package/dist/formatters/ai-context.d.ts.map +1 -0
- package/dist/formatters/ai-context.js +238 -0
- package/dist/formatters/ai-context.js.map +1 -0
- package/dist/formatters/github-comment.d.ts +1 -1
- package/dist/formatters/github-comment.d.ts.map +1 -1
- package/dist/formatters/github-comment.js +2 -2
- package/dist/formatters/github-comment.js.map +1 -1
- package/dist/formatters/ide/claude-code.d.ts +17 -0
- package/dist/formatters/ide/claude-code.d.ts.map +1 -0
- package/dist/formatters/ide/claude-code.js +94 -0
- package/dist/formatters/ide/claude-code.js.map +1 -0
- package/dist/formatters/ide/cursor.d.ts +13 -0
- package/dist/formatters/ide/cursor.d.ts.map +1 -0
- package/dist/formatters/ide/cursor.js +125 -0
- package/dist/formatters/ide/cursor.js.map +1 -0
- package/dist/formatters/ide/index.d.ts +62 -0
- package/dist/formatters/ide/index.d.ts.map +1 -0
- package/dist/formatters/ide/index.js +184 -0
- package/dist/formatters/ide/index.js.map +1 -0
- package/dist/formatters/ide/windsurf.d.ts +13 -0
- package/dist/formatters/ide/windsurf.d.ts.map +1 -0
- package/dist/formatters/ide/windsurf.js +117 -0
- package/dist/formatters/ide/windsurf.js.map +1 -0
- package/dist/formatters/index.d.ts +2 -0
- package/dist/formatters/index.d.ts.map +1 -1
- package/dist/formatters/index.js +17 -1
- package/dist/formatters/index.js.map +1 -1
- package/dist/index.d.ts +17 -60
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +67 -824
- package/dist/index.js.map +1 -1
- package/dist/layer1/comments.d.ts +4 -1
- package/dist/layer1/comments.d.ts.map +1 -1
- package/dist/layer1/comments.js +1 -1
- package/dist/layer1/comments.js.map +1 -1
- package/dist/layer1/config-audit.d.ts +4 -1
- package/dist/layer1/config-audit.d.ts.map +1 -1
- package/dist/layer1/config-audit.js +45 -11
- package/dist/layer1/config-audit.js.map +1 -1
- package/dist/layer1/config-mcp-audit.d.ts +4 -1
- package/dist/layer1/config-mcp-audit.d.ts.map +1 -1
- package/dist/layer1/config-mcp-audit.js +2 -2
- package/dist/layer1/config-mcp-audit.js.map +1 -1
- package/dist/layer1/entropy.d.ts +4 -1
- package/dist/layer1/entropy.d.ts.map +1 -1
- package/dist/layer1/entropy.js +212 -1
- package/dist/layer1/entropy.js.map +1 -1
- package/dist/layer1/file-flags.d.ts +4 -1
- package/dist/layer1/file-flags.d.ts.map +1 -1
- package/dist/layer1/file-flags.js +12 -5
- package/dist/layer1/file-flags.js.map +1 -1
- package/dist/layer1/index.d.ts.map +1 -1
- package/dist/layer1/index.js +14 -19
- package/dist/layer1/index.js.map +1 -1
- package/dist/layer1/patterns.d.ts +4 -1
- package/dist/layer1/patterns.d.ts.map +1 -1
- package/dist/layer1/patterns.js +34 -4
- package/dist/layer1/patterns.js.map +1 -1
- package/dist/layer1/urls.d.ts +4 -1
- package/dist/layer1/urls.d.ts.map +1 -1
- package/dist/layer1/urls.js +162 -14
- package/dist/layer1/urls.js.map +1 -1
- package/dist/layer1/weak-crypto.d.ts +4 -1
- package/dist/layer1/weak-crypto.d.ts.map +1 -1
- package/dist/layer1/weak-crypto.js +144 -7
- package/dist/layer1/weak-crypto.js.map +1 -1
- package/dist/layer2/ai-agent-tools.d.ts +4 -1
- package/dist/layer2/ai-agent-tools.d.ts.map +1 -1
- package/dist/layer2/ai-agent-tools.js +661 -2
- package/dist/layer2/ai-agent-tools.js.map +1 -1
- package/dist/layer2/ai-endpoint-protection.d.ts +2 -0
- package/dist/layer2/ai-endpoint-protection.d.ts.map +1 -1
- package/dist/layer2/ai-endpoint-protection.js +1 -1
- package/dist/layer2/ai-endpoint-protection.js.map +1 -1
- package/dist/layer2/ai-execution-sinks.d.ts +4 -1
- package/dist/layer2/ai-execution-sinks.d.ts.map +1 -1
- package/dist/layer2/ai-execution-sinks.js +252 -43
- package/dist/layer2/ai-execution-sinks.js.map +1 -1
- package/dist/layer2/ai-fingerprinting.d.ts +4 -1
- package/dist/layer2/ai-fingerprinting.d.ts.map +1 -1
- package/dist/layer2/ai-fingerprinting.js +25 -32
- package/dist/layer2/ai-fingerprinting.js.map +1 -1
- package/dist/layer2/ai-mcp-security.d.ts +4 -1
- package/dist/layer2/ai-mcp-security.d.ts.map +1 -1
- package/dist/layer2/ai-mcp-security.js +200 -2
- package/dist/layer2/ai-mcp-security.js.map +1 -1
- package/dist/layer2/ai-package-hallucination.d.ts +4 -1
- package/dist/layer2/ai-package-hallucination.d.ts.map +1 -1
- package/dist/layer2/ai-package-hallucination.js +136 -4
- package/dist/layer2/ai-package-hallucination.js.map +1 -1
- package/dist/layer2/ai-prompt-hygiene.d.ts +4 -1
- package/dist/layer2/ai-prompt-hygiene.d.ts.map +1 -1
- package/dist/layer2/ai-prompt-hygiene.js +342 -28
- package/dist/layer2/ai-prompt-hygiene.js.map +1 -1
- package/dist/layer2/ai-rag-safety.d.ts +4 -1
- package/dist/layer2/ai-rag-safety.d.ts.map +1 -1
- package/dist/layer2/ai-rag-safety.js +82 -2
- package/dist/layer2/ai-rag-safety.js.map +1 -1
- package/dist/layer2/ai-schema-validation.d.ts +4 -1
- package/dist/layer2/ai-schema-validation.d.ts.map +1 -1
- package/dist/layer2/ai-schema-validation.js +2 -2
- package/dist/layer2/ai-schema-validation.js.map +1 -1
- package/dist/layer2/auth-antipatterns.d.ts +2 -0
- package/dist/layer2/auth-antipatterns.d.ts.map +1 -1
- package/dist/layer2/auth-antipatterns.js +205 -20
- package/dist/layer2/auth-antipatterns.js.map +1 -1
- package/dist/layer2/byok-patterns.d.ts +4 -1
- package/dist/layer2/byok-patterns.d.ts.map +1 -1
- package/dist/layer2/byok-patterns.js +2 -2
- package/dist/layer2/byok-patterns.js.map +1 -1
- package/dist/layer2/dangerous-functions/dom-xss.d.ts +9 -4
- package/dist/layer2/dangerous-functions/dom-xss.d.ts.map +1 -1
- package/dist/layer2/dangerous-functions/dom-xss.js +73 -22
- package/dist/layer2/dangerous-functions/dom-xss.js.map +1 -1
- package/dist/layer2/dangerous-functions/index.d.ts +4 -1
- package/dist/layer2/dangerous-functions/index.d.ts.map +1 -1
- package/dist/layer2/dangerous-functions/index.js +551 -20
- package/dist/layer2/dangerous-functions/index.js.map +1 -1
- package/dist/layer2/dangerous-functions/math-random.d.ts +54 -4
- package/dist/layer2/dangerous-functions/math-random.d.ts.map +1 -1
- package/dist/layer2/dangerous-functions/math-random.js +241 -16
- package/dist/layer2/dangerous-functions/math-random.js.map +1 -1
- package/dist/layer2/dangerous-functions/patterns.d.ts.map +1 -1
- package/dist/layer2/dangerous-functions/patterns.js +3 -1
- package/dist/layer2/dangerous-functions/patterns.js.map +1 -1
- package/dist/layer2/dangerous-functions/utils/control-flow.d.ts +3 -2
- package/dist/layer2/dangerous-functions/utils/control-flow.d.ts.map +1 -1
- package/dist/layer2/dangerous-functions/utils/control-flow.js +41 -120
- package/dist/layer2/dangerous-functions/utils/control-flow.js.map +1 -1
- package/dist/layer2/dangerous-functions/utils/helpers.d.ts.map +1 -1
- package/dist/layer2/dangerous-functions/utils/helpers.js +26 -3
- package/dist/layer2/dangerous-functions/utils/helpers.js.map +1 -1
- package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts.map +1 -1
- package/dist/layer2/dangerous-functions/utils/schema-validation.js +14 -1
- package/dist/layer2/dangerous-functions/utils/schema-validation.js.map +1 -1
- package/dist/layer2/data-exposure.d.ts +4 -1
- package/dist/layer2/data-exposure.d.ts.map +1 -1
- package/dist/layer2/data-exposure.js +11 -38
- package/dist/layer2/data-exposure.js.map +1 -1
- package/dist/layer2/framework-checks.d.ts +4 -1
- package/dist/layer2/framework-checks.d.ts.map +1 -1
- package/dist/layer2/framework-checks.js +3 -10
- package/dist/layer2/framework-checks.js.map +1 -1
- package/dist/layer2/index.d.ts +13 -1
- package/dist/layer2/index.d.ts.map +1 -1
- package/dist/layer2/index.js +107 -52
- package/dist/layer2/index.js.map +1 -1
- package/dist/layer2/log-injection.d.ts +18 -0
- package/dist/layer2/log-injection.d.ts.map +1 -0
- package/dist/layer2/log-injection.js +214 -0
- package/dist/layer2/log-injection.js.map +1 -0
- package/dist/layer2/logic-gates.d.ts +4 -1
- package/dist/layer2/logic-gates.d.ts.map +1 -1
- package/dist/layer2/logic-gates.js +54 -20
- package/dist/layer2/logic-gates.js.map +1 -1
- package/dist/layer2/model-supply-chain.d.ts +4 -1
- package/dist/layer2/model-supply-chain.d.ts.map +1 -1
- package/dist/layer2/model-supply-chain.js +72 -4
- package/dist/layer2/model-supply-chain.js.map +1 -1
- package/dist/layer2/risky-imports.d.ts +4 -1
- package/dist/layer2/risky-imports.d.ts.map +1 -1
- package/dist/layer2/risky-imports.js +2 -2
- package/dist/layer2/risky-imports.js.map +1 -1
- package/dist/layer2/security-headers.d.ts +18 -0
- package/dist/layer2/security-headers.d.ts.map +1 -0
- package/dist/layer2/security-headers.js +187 -0
- package/dist/layer2/security-headers.js.map +1 -0
- package/dist/layer2/ssrf-detection.d.ts +18 -0
- package/dist/layer2/ssrf-detection.d.ts.map +1 -0
- package/dist/layer2/ssrf-detection.js +252 -0
- package/dist/layer2/ssrf-detection.js.map +1 -0
- package/dist/layer2/variables.d.ts +4 -1
- package/dist/layer2/variables.d.ts.map +1 -1
- package/dist/layer2/variables.js +2 -2
- package/dist/layer2/variables.js.map +1 -1
- package/dist/layer2/xxe-detection.d.ts +18 -0
- package/dist/layer2/xxe-detection.d.ts.map +1 -0
- package/dist/layer2/xxe-detection.js +242 -0
- package/dist/layer2/xxe-detection.js.map +1 -0
- package/dist/layer3/anthropic/auto-dismiss.d.ts.map +1 -1
- package/dist/layer3/anthropic/auto-dismiss.js +11 -0
- package/dist/layer3/anthropic/auto-dismiss.js.map +1 -1
- package/dist/layer3/anthropic/prompts/index.d.ts +1 -1
- package/dist/layer3/anthropic/prompts/index.d.ts.map +1 -1
- package/dist/layer3/anthropic/prompts/index.js +3 -1
- package/dist/layer3/anthropic/prompts/index.js.map +1 -1
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts +19 -0
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.js +156 -0
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.js.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts +9 -0
- package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/auth-access.js +25 -0
- package/dist/layer3/anthropic/prompts/modules/auth-access.js.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/common.d.ts +11 -0
- package/dist/layer3/anthropic/prompts/modules/common.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/common.js +152 -0
- package/dist/layer3/anthropic/prompts/modules/common.js.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/index.d.ts +54 -0
- package/dist/layer3/anthropic/prompts/modules/index.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/index.js +185 -0
- package/dist/layer3/anthropic/prompts/modules/index.js.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts +8 -0
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.js +84 -0
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.js.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts +8 -0
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js +68 -0
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts +8 -0
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.js +22 -0
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.js.map +1 -0
- package/dist/layer3/anthropic/prompts/validation.d.ts +9 -3
- package/dist/layer3/anthropic/prompts/validation.d.ts.map +1 -1
- package/dist/layer3/anthropic/prompts/validation.js +14 -410
- package/dist/layer3/anthropic/prompts/validation.js.map +1 -1
- package/dist/layer3/anthropic/providers/anthropic.d.ts.map +1 -1
- package/dist/layer3/anthropic/providers/anthropic.js +6 -3
- package/dist/layer3/anthropic/providers/anthropic.js.map +1 -1
- package/dist/layer3/anthropic/providers/openai.d.ts.map +1 -1
- package/dist/layer3/anthropic/providers/openai.js +6 -3
- package/dist/layer3/anthropic/providers/openai.js.map +1 -1
- package/dist/layer3/anthropic/request-builder.d.ts +11 -4
- package/dist/layer3/anthropic/request-builder.d.ts.map +1 -1
- package/dist/layer3/anthropic/request-builder.js +32 -16
- package/dist/layer3/anthropic/request-builder.js.map +1 -1
- package/dist/layer3/anthropic/utils/context-extractor.d.ts +55 -0
- package/dist/layer3/anthropic/utils/context-extractor.d.ts.map +1 -0
- package/dist/layer3/anthropic/utils/context-extractor.js +161 -0
- package/dist/layer3/anthropic/utils/context-extractor.js.map +1 -0
- package/dist/layer3/anthropic/utils/index.d.ts +2 -0
- package/dist/layer3/anthropic/utils/index.d.ts.map +1 -1
- package/dist/layer3/anthropic/utils/index.js +4 -1
- package/dist/layer3/anthropic/utils/index.js.map +1 -1
- package/dist/model/auth-helper-detector.d.ts +56 -0
- package/dist/model/auth-helper-detector.d.ts.map +1 -0
- package/dist/model/auth-helper-detector.js +360 -0
- package/dist/model/auth-helper-detector.js.map +1 -0
- package/dist/model/cross-file-taint.d.ts +40 -0
- package/dist/model/cross-file-taint.d.ts.map +1 -0
- package/dist/model/cross-file-taint.js +290 -0
- package/dist/model/cross-file-taint.js.map +1 -0
- package/dist/model/framework-models/django.d.ts +9 -0
- package/dist/model/framework-models/django.d.ts.map +1 -0
- package/dist/model/framework-models/django.js +82 -0
- package/dist/model/framework-models/django.js.map +1 -0
- package/dist/model/framework-models/express.d.ts +9 -0
- package/dist/model/framework-models/express.d.ts.map +1 -0
- package/dist/model/framework-models/express.js +52 -0
- package/dist/model/framework-models/express.js.map +1 -0
- package/dist/model/framework-models/index.d.ts +20 -0
- package/dist/model/framework-models/index.d.ts.map +1 -0
- package/dist/model/framework-models/index.js +102 -0
- package/dist/model/framework-models/index.js.map +1 -0
- package/dist/model/framework-models/nextjs.d.ts +9 -0
- package/dist/model/framework-models/nextjs.d.ts.map +1 -0
- package/dist/model/framework-models/nextjs.js +71 -0
- package/dist/model/framework-models/nextjs.js.map +1 -0
- package/dist/model/framework-models/prisma.d.ts +10 -0
- package/dist/model/framework-models/prisma.d.ts.map +1 -0
- package/dist/model/framework-models/prisma.js +54 -0
- package/dist/model/framework-models/prisma.js.map +1 -0
- package/dist/model/framework-models/react.d.ts +9 -0
- package/dist/model/framework-models/react.d.ts.map +1 -0
- package/dist/model/framework-models/react.js +67 -0
- package/dist/model/framework-models/react.js.map +1 -0
- package/dist/model/framework-models/sequelize.d.ts +9 -0
- package/dist/model/framework-models/sequelize.d.ts.map +1 -0
- package/dist/model/framework-models/sequelize.js +62 -0
- package/dist/model/framework-models/sequelize.js.map +1 -0
- package/dist/model/framework-models/types.d.ts +43 -0
- package/dist/model/framework-models/types.d.ts.map +1 -0
- package/dist/model/framework-models/types.js +10 -0
- package/dist/model/framework-models/types.js.map +1 -0
- package/dist/model/function-classifier.d.ts +32 -0
- package/dist/model/function-classifier.d.ts.map +1 -0
- package/dist/model/function-classifier.js +143 -0
- package/dist/model/function-classifier.js.map +1 -0
- package/dist/model/import-resolver.d.ts +45 -0
- package/dist/model/import-resolver.d.ts.map +1 -0
- package/dist/model/import-resolver.js +410 -0
- package/dist/model/import-resolver.js.map +1 -0
- package/dist/model/imported-auth-detector.d.ts +38 -0
- package/dist/model/imported-auth-detector.d.ts.map +1 -0
- package/dist/model/imported-auth-detector.js +199 -0
- package/dist/model/imported-auth-detector.js.map +1 -0
- package/dist/model/index.d.ts +63 -0
- package/dist/model/index.d.ts.map +1 -0
- package/dist/model/index.js +272 -0
- package/dist/model/index.js.map +1 -0
- package/dist/model/middleware-detector.d.ts +55 -0
- package/dist/model/middleware-detector.d.ts.map +1 -0
- package/dist/model/middleware-detector.js +382 -0
- package/dist/model/middleware-detector.js.map +1 -0
- package/dist/model/module-graph.d.ts +46 -0
- package/dist/model/module-graph.d.ts.map +1 -0
- package/dist/model/module-graph.js +187 -0
- package/dist/model/module-graph.js.map +1 -0
- package/dist/model/oauth-flow-detector.d.ts +41 -0
- package/dist/model/oauth-flow-detector.d.ts.map +1 -0
- package/dist/model/oauth-flow-detector.js +202 -0
- package/dist/model/oauth-flow-detector.js.map +1 -0
- package/dist/model/project-context.d.ts +119 -0
- package/dist/model/project-context.d.ts.map +1 -0
- package/dist/model/project-context.js +534 -0
- package/dist/model/project-context.js.map +1 -0
- package/dist/model/route-auth-resolver.d.ts +27 -0
- package/dist/model/route-auth-resolver.d.ts.map +1 -0
- package/dist/model/route-auth-resolver.js +182 -0
- package/dist/model/route-auth-resolver.js.map +1 -0
- package/dist/model/route-discovery/express.d.ts +25 -0
- package/dist/model/route-discovery/express.d.ts.map +1 -0
- package/dist/model/route-discovery/express.js +225 -0
- package/dist/model/route-discovery/express.js.map +1 -0
- package/dist/model/route-discovery/index.d.ts +21 -0
- package/dist/model/route-discovery/index.d.ts.map +1 -0
- package/dist/model/route-discovery/index.js +67 -0
- package/dist/model/route-discovery/index.js.map +1 -0
- package/dist/model/route-discovery/nextjs.d.ts +16 -0
- package/dist/model/route-discovery/nextjs.d.ts.map +1 -0
- package/dist/model/route-discovery/nextjs.js +179 -0
- package/dist/model/route-discovery/nextjs.js.map +1 -0
- package/dist/model/route-discovery/python.d.ts +16 -0
- package/dist/model/route-discovery/python.d.ts.map +1 -0
- package/dist/model/route-discovery/python.js +181 -0
- package/dist/model/route-discovery/python.js.map +1 -0
- package/dist/model/route-discovery/types.d.ts +36 -0
- package/dist/model/route-discovery/types.d.ts.map +1 -0
- package/dist/model/route-discovery/types.js +16 -0
- package/dist/model/route-discovery/types.js.map +1 -0
- package/dist/model/route-discovery/utils.d.ts +18 -0
- package/dist/model/route-discovery/utils.d.ts.map +1 -0
- package/dist/model/route-discovery/utils.js +55 -0
- package/dist/model/route-discovery/utils.js.map +1 -0
- package/dist/model/route-hierarchy.d.ts +50 -0
- package/dist/model/route-hierarchy.d.ts.map +1 -0
- package/dist/model/route-hierarchy.js +226 -0
- package/dist/model/route-hierarchy.js.map +1 -0
- package/dist/model/sanitiser-detection.d.ts +27 -0
- package/dist/model/sanitiser-detection.d.ts.map +1 -0
- package/dist/model/sanitiser-detection.js +224 -0
- package/dist/model/sanitiser-detection.js.map +1 -0
- package/dist/model/sink-matcher.d.ts +17 -0
- package/dist/model/sink-matcher.d.ts.map +1 -0
- package/dist/model/sink-matcher.js +141 -0
- package/dist/model/sink-matcher.js.map +1 -0
- package/dist/model/sink-patterns.d.ts +19 -0
- package/dist/model/sink-patterns.d.ts.map +1 -0
- package/dist/model/sink-patterns.js +88 -0
- package/dist/model/sink-patterns.js.map +1 -0
- package/dist/model/source-discovery.d.ts +15 -0
- package/dist/model/source-discovery.d.ts.map +1 -0
- package/dist/model/source-discovery.js +170 -0
- package/dist/model/source-discovery.js.map +1 -0
- package/dist/model/taint-tracker.d.ts +21 -0
- package/dist/model/taint-tracker.d.ts.map +1 -0
- package/dist/model/taint-tracker.js +281 -0
- package/dist/model/taint-tracker.js.map +1 -0
- package/dist/model/taint-types.d.ts +74 -0
- package/dist/model/taint-types.d.ts.map +1 -0
- package/dist/model/taint-types.js +9 -0
- package/dist/model/taint-types.js.map +1 -0
- package/dist/model/trpc-analyzer.d.ts +78 -0
- package/dist/model/trpc-analyzer.d.ts.map +1 -0
- package/dist/model/trpc-analyzer.js +297 -0
- package/dist/model/trpc-analyzer.js.map +1 -0
- package/dist/modes/incremental.js +1 -1
- package/dist/parse/file-classifier.d.ts +228 -0
- package/dist/parse/file-classifier.d.ts.map +1 -0
- package/dist/parse/file-classifier.js +933 -0
- package/dist/parse/file-classifier.js.map +1 -0
- package/dist/parse/path-exclusions.d.ts +55 -0
- package/dist/parse/path-exclusions.d.ts.map +1 -0
- package/dist/parse/path-exclusions.js +224 -0
- package/dist/parse/path-exclusions.js.map +1 -0
- package/dist/pipeline/config.d.ts +39 -0
- package/dist/pipeline/config.d.ts.map +1 -0
- package/dist/pipeline/config.js +46 -0
- package/dist/pipeline/config.js.map +1 -0
- package/dist/pipeline/index.d.ts +34 -0
- package/dist/pipeline/index.d.ts.map +1 -0
- package/dist/pipeline/index.js +377 -0
- package/dist/pipeline/index.js.map +1 -0
- package/dist/pipeline/modes/incremental.d.ts +66 -0
- package/dist/pipeline/modes/incremental.d.ts.map +1 -0
- package/dist/pipeline/modes/incremental.js +200 -0
- package/dist/pipeline/modes/incremental.js.map +1 -0
- package/dist/postprocess/aggregation.d.ts +14 -0
- package/dist/postprocess/aggregation.d.ts.map +1 -0
- package/dist/postprocess/aggregation.js +63 -0
- package/dist/postprocess/aggregation.js.map +1 -0
- package/dist/postprocess/contradictions.d.ts +18 -0
- package/dist/postprocess/contradictions.d.ts.map +1 -0
- package/dist/postprocess/contradictions.js +99 -0
- package/dist/postprocess/contradictions.js.map +1 -0
- package/dist/postprocess/dedup.d.ts +13 -0
- package/dist/postprocess/dedup.d.ts.map +1 -0
- package/dist/postprocess/dedup.js +58 -0
- package/dist/postprocess/dedup.js.map +1 -0
- package/dist/postprocess/filtering/context-adjustments.d.ts +23 -0
- package/dist/postprocess/filtering/context-adjustments.d.ts.map +1 -0
- package/dist/postprocess/filtering/context-adjustments.js +100 -0
- package/dist/postprocess/filtering/context-adjustments.js.map +1 -0
- package/dist/postprocess/filtering/index.d.ts +3 -0
- package/dist/postprocess/filtering/index.d.ts.map +1 -0
- package/dist/postprocess/filtering/index.js +8 -0
- package/dist/postprocess/filtering/index.js.map +1 -0
- package/dist/postprocess/filtering/pipeline.d.ts +48 -0
- package/dist/postprocess/filtering/pipeline.d.ts.map +1 -0
- package/dist/postprocess/filtering/pipeline.js +76 -0
- package/dist/postprocess/filtering/pipeline.js.map +1 -0
- package/dist/postprocess/index.d.ts +41 -0
- package/dist/postprocess/index.d.ts.map +1 -0
- package/dist/postprocess/index.js +85 -0
- package/dist/postprocess/index.js.map +1 -0
- package/dist/postprocess/suppression/config-loader.d.ts +74 -0
- package/dist/postprocess/suppression/config-loader.d.ts.map +1 -0
- package/dist/postprocess/suppression/config-loader.js +424 -0
- package/dist/postprocess/suppression/config-loader.js.map +1 -0
- package/dist/postprocess/suppression/hash.d.ts +48 -0
- package/dist/postprocess/suppression/hash.d.ts.map +1 -0
- package/dist/postprocess/suppression/hash.js +88 -0
- package/dist/postprocess/suppression/hash.js.map +1 -0
- package/dist/postprocess/suppression/index.d.ts +11 -0
- package/dist/postprocess/suppression/index.d.ts.map +1 -0
- package/dist/postprocess/suppression/index.js +39 -0
- package/dist/postprocess/suppression/index.js.map +1 -0
- package/dist/postprocess/suppression/inline-parser.d.ts +39 -0
- package/dist/postprocess/suppression/inline-parser.d.ts.map +1 -0
- package/dist/postprocess/suppression/inline-parser.js +218 -0
- package/dist/postprocess/suppression/inline-parser.js.map +1 -0
- package/dist/postprocess/suppression/manager.d.ts +94 -0
- package/dist/postprocess/suppression/manager.d.ts.map +1 -0
- package/dist/postprocess/suppression/manager.js +292 -0
- package/dist/postprocess/suppression/manager.js.map +1 -0
- package/dist/postprocess/suppression/types.d.ts +151 -0
- package/dist/postprocess/suppression/types.d.ts.map +1 -0
- package/dist/postprocess/suppression/types.js +28 -0
- package/dist/postprocess/suppression/types.js.map +1 -0
- package/dist/postprocess/validation-cap.d.ts +17 -0
- package/dist/postprocess/validation-cap.d.ts.map +1 -0
- package/dist/postprocess/validation-cap.js +64 -0
- package/dist/postprocess/validation-cap.js.map +1 -0
- package/dist/report/build-result.d.ts +33 -0
- package/dist/report/build-result.d.ts.map +1 -0
- package/dist/report/build-result.js +59 -0
- package/dist/report/build-result.js.map +1 -0
- package/dist/report/enrichment.d.ts +19 -0
- package/dist/report/enrichment.d.ts.map +1 -0
- package/dist/report/enrichment.js +44 -0
- package/dist/report/enrichment.js.map +1 -0
- package/dist/report/formatters/ai-context.d.ts +23 -0
- package/dist/report/formatters/ai-context.d.ts.map +1 -0
- package/dist/report/formatters/ai-context.js +238 -0
- package/dist/report/formatters/ai-context.js.map +1 -0
- package/dist/report/formatters/cli-terminal.d.ts +65 -0
- package/dist/report/formatters/cli-terminal.d.ts.map +1 -0
- package/dist/report/formatters/cli-terminal.js +735 -0
- package/dist/report/formatters/cli-terminal.js.map +1 -0
- package/dist/report/formatters/github-comment.d.ts +41 -0
- package/dist/report/formatters/github-comment.d.ts.map +1 -0
- package/dist/report/formatters/github-comment.js +370 -0
- package/dist/report/formatters/github-comment.js.map +1 -0
- package/dist/report/formatters/grouping.d.ts +52 -0
- package/dist/report/formatters/grouping.d.ts.map +1 -0
- package/dist/report/formatters/grouping.js +152 -0
- package/dist/report/formatters/grouping.js.map +1 -0
- package/dist/report/formatters/ide/claude-code.d.ts +17 -0
- package/dist/report/formatters/ide/claude-code.d.ts.map +1 -0
- package/dist/report/formatters/ide/claude-code.js +94 -0
- package/dist/report/formatters/ide/claude-code.js.map +1 -0
- package/dist/report/formatters/ide/cursor.d.ts +13 -0
- package/dist/report/formatters/ide/cursor.d.ts.map +1 -0
- package/dist/report/formatters/ide/cursor.js +125 -0
- package/dist/report/formatters/ide/cursor.js.map +1 -0
- package/dist/report/formatters/ide/index.d.ts +62 -0
- package/dist/report/formatters/ide/index.d.ts.map +1 -0
- package/dist/report/formatters/ide/index.js +184 -0
- package/dist/report/formatters/ide/index.js.map +1 -0
- package/dist/report/formatters/ide/windsurf.d.ts +13 -0
- package/dist/report/formatters/ide/windsurf.d.ts.map +1 -0
- package/dist/report/formatters/ide/windsurf.js +117 -0
- package/dist/report/formatters/ide/windsurf.js.map +1 -0
- package/dist/report/formatters/index.d.ts +11 -0
- package/dist/report/formatters/index.d.ts.map +1 -0
- package/dist/report/formatters/index.js +54 -0
- package/dist/report/formatters/index.js.map +1 -0
- package/dist/report/formatters/vscode-diagnostic.d.ts +103 -0
- package/dist/report/formatters/vscode-diagnostic.d.ts.map +1 -0
- package/dist/report/formatters/vscode-diagnostic.js +151 -0
- package/dist/report/formatters/vscode-diagnostic.js.map +1 -0
- package/dist/report/summary.d.ts +27 -0
- package/dist/report/summary.d.ts.map +1 -0
- package/dist/report/summary.js +57 -0
- package/dist/report/summary.js.map +1 -0
- package/dist/rules/metadata.d.ts.map +1 -1
- package/dist/rules/metadata.js +66 -0
- package/dist/rules/metadata.js.map +1 -1
- package/dist/score/adjustments.d.ts +22 -0
- package/dist/score/adjustments.d.ts.map +1 -0
- package/dist/score/adjustments.js +373 -0
- package/dist/score/adjustments.js.map +1 -0
- package/dist/score/auto-dismiss.d.ts +28 -0
- package/dist/score/auto-dismiss.d.ts.map +1 -0
- package/dist/score/auto-dismiss.js +200 -0
- package/dist/score/auto-dismiss.js.map +1 -0
- package/dist/score/confidence.d.ts +19 -0
- package/dist/score/confidence.d.ts.map +1 -0
- package/dist/score/confidence.js +52 -0
- package/dist/score/confidence.js.map +1 -0
- package/dist/score/index.d.ts +61 -0
- package/dist/score/index.d.ts.map +1 -0
- package/dist/score/index.js +250 -0
- package/dist/score/index.js.map +1 -0
- package/dist/score/types.d.ts +160 -0
- package/dist/score/types.d.ts.map +1 -0
- package/dist/score/types.js +14 -0
- package/dist/score/types.js.map +1 -0
- package/dist/shared/ai-context/index.d.ts +6 -0
- package/dist/shared/ai-context/index.d.ts.map +1 -0
- package/dist/shared/ai-context/index.js +13 -0
- package/dist/shared/ai-context/index.js.map +1 -0
- package/dist/shared/ai-context/manager.d.ts +67 -0
- package/dist/shared/ai-context/manager.d.ts.map +1 -0
- package/dist/shared/ai-context/manager.js +104 -0
- package/dist/shared/ai-context/manager.js.map +1 -0
- package/dist/shared/baseline/diff.d.ts +32 -0
- package/dist/shared/baseline/diff.d.ts.map +1 -0
- package/dist/shared/baseline/diff.js +119 -0
- package/dist/shared/baseline/diff.js.map +1 -0
- package/dist/shared/baseline/index.d.ts +9 -0
- package/dist/shared/baseline/index.d.ts.map +1 -0
- package/dist/shared/baseline/index.js +19 -0
- package/dist/shared/baseline/index.js.map +1 -0
- package/dist/shared/baseline/manager.d.ts +67 -0
- package/dist/shared/baseline/manager.d.ts.map +1 -0
- package/dist/shared/baseline/manager.js +180 -0
- package/dist/shared/baseline/manager.js.map +1 -0
- package/dist/shared/baseline/types.d.ts +91 -0
- package/dist/shared/baseline/types.d.ts.map +1 -0
- package/dist/shared/baseline/types.js +12 -0
- package/dist/shared/baseline/types.js.map +1 -0
- package/dist/shared/category-filter.d.ts +125 -0
- package/dist/shared/category-filter.d.ts.map +1 -0
- package/dist/shared/category-filter.js +360 -0
- package/dist/shared/category-filter.js.map +1 -0
- package/dist/shared/code-analysis.d.ts +39 -0
- package/dist/shared/code-analysis.d.ts.map +1 -0
- package/dist/shared/code-analysis.js +159 -0
- package/dist/shared/code-analysis.js.map +1 -0
- package/dist/shared/comment-analyzer.d.ts +38 -0
- package/dist/shared/comment-analyzer.d.ts.map +1 -0
- package/dist/shared/comment-analyzer.js +218 -0
- package/dist/shared/comment-analyzer.js.map +1 -0
- package/dist/shared/diff-detector.d.ts +53 -0
- package/dist/shared/diff-detector.d.ts.map +1 -0
- package/dist/shared/diff-detector.js +104 -0
- package/dist/shared/diff-detector.js.map +1 -0
- package/dist/shared/diff-parser.d.ts +80 -0
- package/dist/shared/diff-parser.d.ts.map +1 -0
- package/dist/shared/diff-parser.js +202 -0
- package/dist/shared/diff-parser.js.map +1 -0
- package/dist/shared/environment-context.d.ts +76 -0
- package/dist/shared/environment-context.d.ts.map +1 -0
- package/dist/shared/environment-context.js +271 -0
- package/dist/shared/environment-context.js.map +1 -0
- package/dist/shared/intent-detector.d.ts +66 -0
- package/dist/shared/intent-detector.d.ts.map +1 -0
- package/dist/shared/intent-detector.js +282 -0
- package/dist/shared/intent-detector.js.map +1 -0
- package/dist/shared/parsed-file.d.ts +51 -0
- package/dist/shared/parsed-file.d.ts.map +1 -0
- package/dist/shared/parsed-file.js +95 -0
- package/dist/shared/parsed-file.js.map +1 -0
- package/dist/shared/registry-clients.d.ts +93 -0
- package/dist/shared/registry-clients.d.ts.map +1 -0
- package/dist/shared/registry-clients.js +273 -0
- package/dist/shared/registry-clients.js.map +1 -0
- package/dist/shared/rules/framework-fixes.d.ts +48 -0
- package/dist/shared/rules/framework-fixes.d.ts.map +1 -0
- package/dist/shared/rules/framework-fixes.js +439 -0
- package/dist/shared/rules/framework-fixes.js.map +1 -0
- package/dist/shared/rules/index.d.ts +8 -0
- package/dist/shared/rules/index.d.ts.map +1 -0
- package/dist/shared/rules/index.js +18 -0
- package/dist/shared/rules/index.js.map +1 -0
- package/dist/shared/rules/metadata.d.ts +43 -0
- package/dist/shared/rules/metadata.d.ts.map +1 -0
- package/dist/shared/rules/metadata.js +819 -0
- package/dist/shared/rules/metadata.js.map +1 -0
- package/dist/shared/schema-semantics.d.ts +45 -0
- package/dist/shared/schema-semantics.d.ts.map +1 -0
- package/dist/shared/schema-semantics.js +193 -0
- package/dist/shared/schema-semantics.js.map +1 -0
- package/dist/shared/types.d.ts +337 -0
- package/dist/shared/types.d.ts.map +1 -0
- package/dist/shared/types.js +126 -0
- package/dist/shared/types.js.map +1 -0
- package/dist/tiers.d.ts +4 -4
- package/dist/tiers.d.ts.map +1 -1
- package/dist/tiers.js +17 -7
- package/dist/tiers.js.map +1 -1
- package/dist/types.d.ts +79 -9
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +34 -0
- package/dist/types.js.map +1 -1
- package/dist/utils/code-analysis.d.ts +39 -0
- package/dist/utils/code-analysis.d.ts.map +1 -0
- package/dist/utils/code-analysis.js +159 -0
- package/dist/utils/code-analysis.js.map +1 -0
- package/dist/utils/comment-analyzer.d.ts +38 -0
- package/dist/utils/comment-analyzer.d.ts.map +1 -0
- package/dist/utils/comment-analyzer.js +218 -0
- package/dist/utils/comment-analyzer.js.map +1 -0
- package/dist/utils/context-helpers.d.ts +108 -1
- package/dist/utils/context-helpers.d.ts.map +1 -1
- package/dist/utils/context-helpers.js +351 -2
- package/dist/utils/context-helpers.js.map +1 -1
- package/dist/utils/environment-context.d.ts +76 -0
- package/dist/utils/environment-context.d.ts.map +1 -0
- package/dist/utils/environment-context.js +271 -0
- package/dist/utils/environment-context.js.map +1 -0
- package/dist/utils/intent-detector.d.ts +66 -0
- package/dist/utils/intent-detector.d.ts.map +1 -0
- package/dist/utils/intent-detector.js +282 -0
- package/dist/utils/intent-detector.js.map +1 -0
- package/dist/utils/parsed-file.d.ts +51 -0
- package/dist/utils/parsed-file.d.ts.map +1 -0
- package/dist/utils/parsed-file.js +95 -0
- package/dist/utils/parsed-file.js.map +1 -0
- package/dist/utils/route-hierarchy.d.ts +50 -0
- package/dist/utils/route-hierarchy.d.ts.map +1 -0
- package/dist/utils/route-hierarchy.js +226 -0
- package/dist/utils/route-hierarchy.js.map +1 -0
- package/dist/utils/schema-semantics.d.ts +45 -0
- package/dist/utils/schema-semantics.d.ts.map +1 -0
- package/dist/utils/schema-semantics.js +193 -0
- package/dist/utils/schema-semantics.js.map +1 -0
- package/dist/validate/clients.d.ts +44 -0
- package/dist/validate/clients.d.ts.map +1 -0
- package/dist/validate/clients.js +81 -0
- package/dist/validate/clients.js.map +1 -0
- package/dist/validate/index.d.ts +41 -0
- package/dist/validate/index.d.ts.map +1 -0
- package/dist/validate/index.js +141 -0
- package/dist/validate/index.js.map +1 -0
- package/dist/validate/prompts/index.d.ts +8 -0
- package/dist/validate/prompts/index.d.ts.map +1 -0
- package/dist/validate/prompts/index.js +16 -0
- package/dist/validate/prompts/index.js.map +1 -0
- package/dist/validate/prompts/modules/ai-patterns.d.ts +19 -0
- package/dist/validate/prompts/modules/ai-patterns.d.ts.map +1 -0
- package/dist/validate/prompts/modules/ai-patterns.js +156 -0
- package/dist/validate/prompts/modules/ai-patterns.js.map +1 -0
- package/dist/validate/prompts/modules/auth-access.d.ts +9 -0
- package/dist/validate/prompts/modules/auth-access.d.ts.map +1 -0
- package/dist/validate/prompts/modules/auth-access.js +25 -0
- package/dist/validate/prompts/modules/auth-access.js.map +1 -0
- package/dist/validate/prompts/modules/common.d.ts +11 -0
- package/dist/validate/prompts/modules/common.d.ts.map +1 -0
- package/dist/validate/prompts/modules/common.js +186 -0
- package/dist/validate/prompts/modules/common.js.map +1 -0
- package/dist/validate/prompts/modules/index.d.ts +54 -0
- package/dist/validate/prompts/modules/index.d.ts.map +1 -0
- package/dist/validate/prompts/modules/index.js +186 -0
- package/dist/validate/prompts/modules/index.js.map +1 -0
- package/dist/validate/prompts/modules/owasp-classic.d.ts +8 -0
- package/dist/validate/prompts/modules/owasp-classic.d.ts.map +1 -0
- package/dist/validate/prompts/modules/owasp-classic.js +84 -0
- package/dist/validate/prompts/modules/owasp-classic.js.map +1 -0
- package/dist/validate/prompts/modules/secrets-crypto.d.ts +8 -0
- package/dist/validate/prompts/modules/secrets-crypto.d.ts.map +1 -0
- package/dist/validate/prompts/modules/secrets-crypto.js +68 -0
- package/dist/validate/prompts/modules/secrets-crypto.js.map +1 -0
- package/dist/validate/prompts/modules/xss-prompt.d.ts +8 -0
- package/dist/validate/prompts/modules/xss-prompt.d.ts.map +1 -0
- package/dist/validate/prompts/modules/xss-prompt.js +22 -0
- package/dist/validate/prompts/modules/xss-prompt.js.map +1 -0
- package/dist/validate/prompts/semantic-analysis.d.ts +15 -0
- package/dist/validate/prompts/semantic-analysis.d.ts.map +1 -0
- package/dist/validate/prompts/semantic-analysis.js +169 -0
- package/dist/validate/prompts/semantic-analysis.js.map +1 -0
- package/dist/validate/prompts/validation.d.ts +18 -0
- package/dist/validate/prompts/validation.d.ts.map +1 -0
- package/dist/validate/prompts/validation.js +25 -0
- package/dist/validate/prompts/validation.js.map +1 -0
- package/dist/validate/providers/anthropic.d.ts +17 -0
- package/dist/validate/providers/anthropic.d.ts.map +1 -0
- package/dist/validate/providers/anthropic.js +260 -0
- package/dist/validate/providers/anthropic.js.map +1 -0
- package/dist/validate/providers/index.d.ts +8 -0
- package/dist/validate/providers/index.d.ts.map +1 -0
- package/dist/validate/providers/index.js +13 -0
- package/dist/validate/providers/index.js.map +1 -0
- package/dist/validate/providers/openai.d.ts +14 -0
- package/dist/validate/providers/openai.d.ts.map +1 -0
- package/dist/validate/providers/openai.js +336 -0
- package/dist/validate/providers/openai.js.map +1 -0
- package/dist/validate/request-builder.d.ts +61 -0
- package/dist/validate/request-builder.d.ts.map +1 -0
- package/dist/validate/request-builder.js +346 -0
- package/dist/validate/request-builder.js.map +1 -0
- package/dist/validate/types.d.ts +88 -0
- package/dist/validate/types.d.ts.map +1 -0
- package/dist/validate/types.js +38 -0
- package/dist/validate/types.js.map +1 -0
- package/dist/validate/utils/context-extractor.d.ts +55 -0
- package/dist/validate/utils/context-extractor.d.ts.map +1 -0
- package/dist/validate/utils/context-extractor.js +161 -0
- package/dist/validate/utils/context-extractor.js.map +1 -0
- package/dist/validate/utils/index.d.ts +11 -0
- package/dist/validate/utils/index.d.ts.map +1 -0
- package/dist/validate/utils/index.js +27 -0
- package/dist/validate/utils/index.js.map +1 -0
- package/dist/validate/utils/path-helpers.d.ts +21 -0
- package/dist/validate/utils/path-helpers.d.ts.map +1 -0
- package/dist/validate/utils/path-helpers.js +69 -0
- package/dist/validate/utils/path-helpers.js.map +1 -0
- package/dist/validate/utils/response-parser.d.ts +40 -0
- package/dist/validate/utils/response-parser.d.ts.map +1 -0
- package/dist/validate/utils/response-parser.js +286 -0
- package/dist/validate/utils/response-parser.js.map +1 -0
- package/dist/validate/utils/retry.d.ts +15 -0
- package/dist/validate/utils/retry.d.ts.map +1 -0
- package/dist/validate/utils/retry.js +62 -0
- package/dist/validate/utils/retry.js.map +1 -0
- package/package.json +8 -7
- package/src/__tests__/benchmark/fixtures/layer1/agent-skill-injection.ts +204 -0
- package/src/__tests__/benchmark/fixtures/layer1/index.ts +3 -0
- package/src/__tests__/benchmark/fixtures/layer2/index.ts +27 -0
- package/src/__tests__/benchmark/fixtures/layer2/log-injection.ts +147 -0
- package/src/__tests__/benchmark/fixtures/layer2/phase5-excessive-agency.ts +580 -0
- package/src/__tests__/benchmark/fixtures/layer2/security-headers.ts +197 -0
- package/src/__tests__/benchmark/fixtures/layer2/sprint6-ai-enhancements.ts +515 -0
- package/src/__tests__/benchmark/fixtures/layer2/ssrf-detection.ts +210 -0
- package/src/__tests__/benchmark/fixtures/layer2/xxe-detection.ts +195 -0
- package/src/__tests__/benchmark/run-depth-validation.ts +12 -12
- package/src/__tests__/benchmark/run-real-world-test.ts +4 -4
- package/src/__tests__/benchmark/types.ts +1 -1
- package/src/__tests__/benchmark/utils/test-runner.ts +3 -3
- package/src/__tests__/category-filter.test.ts +478 -0
- package/src/__tests__/context-engine/cross-file-taint.test.ts +284 -0
- package/src/__tests__/context-engine/framework-models.test.ts +457 -0
- package/src/__tests__/context-engine/function-classifier.test.ts +146 -0
- package/src/__tests__/context-engine/import-resolver.test.ts +328 -0
- package/src/__tests__/context-engine/integration.test.ts +320 -0
- package/src/__tests__/context-engine/module-graph.test.ts +159 -0
- package/src/__tests__/context-engine/route-discovery/auth-resolver.test.ts +353 -0
- package/src/__tests__/context-engine/route-discovery/express.test.ts +150 -0
- package/src/__tests__/context-engine/route-discovery/nextjs.test.ts +138 -0
- package/src/__tests__/context-engine/route-discovery/python.test.ts +95 -0
- package/src/__tests__/context-engine/sanitiser-detection.test.ts +187 -0
- package/src/__tests__/context-engine/sink-matcher.test.ts +251 -0
- package/src/__tests__/context-engine/source-discovery.test.ts +186 -0
- package/src/__tests__/context-engine/taint-tracker.test.ts +182 -0
- package/src/__tests__/regression/agent-skill-benign.test.ts +174 -0
- package/src/__tests__/regression/known-false-positives.test.ts +801 -3
- package/src/__tests__/score/adjustments.test.ts +385 -0
- package/src/__tests__/score/confidence.test.ts +283 -0
- package/src/__tests__/score/framework-scoring.test.ts +275 -0
- package/src/__tests__/score/route-scoring.test.ts +156 -0
- package/src/__tests__/score/scoring-integration.test.ts +165 -0
- package/src/__tests__/score/taint-adjustments.test.ts +244 -0
- package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +50 -58
- package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +52 -0
- package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +3 -12
- package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +3 -3
- package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +1 -1
- package/src/__tests__/snapshots/scan-depth.test.ts +3 -3
- package/src/__tests__/validate/route-annotations.test.ts +138 -0
- package/src/__tests__/validation/analyze-results.ts +1 -1
- package/src/__tests__/validation/extract-for-triage.ts +1 -1
- package/src/__tests__/validation/fp-deep-analysis.ts +1 -1
- package/src/__tests__/validation/run-validation.ts +7 -7
- package/src/{layer2/ai-agent-tools.ts → detect/ai-code/agent-tools.ts} +729 -4
- package/src/{layer2 → detect/ai-code}/byok-patterns.ts +20 -6
- package/src/{layer2/ai-endpoint-protection.ts → detect/ai-code/endpoint-protection.ts} +10 -4
- package/src/{layer2/ai-execution-sinks.ts → detect/ai-code/execution-sinks.ts} +272 -46
- package/src/{layer2/ai-fingerprinting.ts → detect/ai-code/fingerprinting.ts} +46 -34
- package/src/detect/ai-code/index.ts +11 -0
- package/src/{layer2/ai-mcp-security.ts → detect/ai-code/mcp-security.ts} +212 -5
- package/src/{layer2 → detect/ai-code}/model-supply-chain.ts +85 -6
- package/src/{layer2/ai-package-hallucination.ts → detect/ai-code/package-hallucination.ts} +170 -6
- package/src/{layer2/ai-prompt-hygiene.ts → detect/ai-code/prompt-hygiene.ts} +393 -28
- package/src/{layer2/ai-rag-safety.ts → detect/ai-code/rag-safety.ts} +91 -4
- package/src/{layer2/ai-schema-validation.ts → detect/ai-code/schema-validation.ts} +10 -4
- package/src/detect/config/agent-skill-injection.ts +551 -0
- package/src/{layer1 → detect/config}/comments.ts +8 -2
- package/src/{layer1 → detect/config}/file-flags.ts +23 -6
- package/src/detect/config/index.ts +6 -0
- package/src/{layer3 → detect/config}/osv-check.ts +3 -2
- package/src/{layer3 → detect/config}/package-check.ts +3 -2
- package/src/{layer1 → detect/config}/urls.ts +196 -15
- package/src/detect/index.ts +131 -0
- package/src/{layer1 → detect/secrets}/config-audit.ts +56 -12
- package/src/{layer1 → detect/secrets}/config-mcp-audit.ts +11 -4
- package/src/{layer1 → detect/secrets}/entropy.ts +256 -11
- package/src/{layer1 → detect/secrets}/index.ts +43 -46
- package/src/{layer1 → detect/secrets}/patterns.ts +51 -6
- package/src/{layer1 → detect/secrets}/weak-crypto.ts +174 -17
- package/src/{layer2/auth-antipatterns.ts → detect/structural/auth-patterns.ts} +249 -27
- package/src/{layer2 → detect/structural}/dangerous-functions/dom-xss.ts +94 -22
- package/src/{layer2 → detect/structural}/dangerous-functions/index.ts +672 -65
- package/src/{layer2 → detect/structural}/dangerous-functions/json-parse.ts +10 -2
- package/src/{layer2 → detect/structural}/dangerous-functions/math-random.ts +269 -17
- package/src/{layer2 → detect/structural}/dangerous-functions/patterns.ts +4 -2
- package/src/{layer2 → detect/structural}/dangerous-functions/request-validation.ts +10 -2
- package/src/detect/structural/dangerous-functions/utils/control-flow.ts +35 -0
- package/src/{layer2 → detect/structural}/dangerous-functions/utils/schema-validation.ts +16 -1
- package/src/{layer2 → detect/structural}/data-exposure.ts +23 -40
- package/src/{layer2 → detect/structural}/framework-checks.ts +13 -12
- package/src/{layer2 → detect/structural}/index.ts +144 -122
- package/src/detect/structural/log-injection.ts +254 -0
- package/src/{layer2 → detect/structural}/logic-gates.ts +69 -24
- package/src/{layer2 → detect/structural}/risky-imports.ts +10 -4
- package/src/detect/structural/security-headers.ts +231 -0
- package/src/detect/structural/ssrf-detection.ts +300 -0
- package/src/{layer2 → detect/structural}/variables.ts +10 -4
- package/src/detect/structural/xxe-detection.ts +295 -0
- package/src/index.ts +64 -1038
- package/src/{utils → model}/auth-helper-detector.ts +1 -1
- package/src/model/cross-file-taint.ts +374 -0
- package/src/model/framework-models/django.ts +82 -0
- package/src/model/framework-models/express.ts +54 -0
- package/src/model/framework-models/index.ts +116 -0
- package/src/model/framework-models/nextjs.ts +69 -0
- package/src/model/framework-models/prisma.ts +57 -0
- package/src/model/framework-models/react.ts +63 -0
- package/src/model/framework-models/sequelize.ts +63 -0
- package/src/model/framework-models/types.ts +46 -0
- package/src/model/function-classifier.ts +184 -0
- package/src/model/import-resolver.ts +453 -0
- package/src/{utils → model}/imported-auth-detector.ts +21 -85
- package/src/model/index.ts +353 -0
- package/src/{utils → model}/middleware-detector.ts +156 -17
- package/src/model/module-graph.ts +254 -0
- package/src/{utils → model}/oauth-flow-detector.ts +1 -1
- package/src/{utils/project-context-builder.ts → model/project-context.ts} +1 -1
- package/src/model/route-auth-resolver.ts +216 -0
- package/src/model/route-discovery/express.ts +251 -0
- package/src/model/route-discovery/index.ts +83 -0
- package/src/model/route-discovery/nextjs.ts +216 -0
- package/src/model/route-discovery/python.ts +214 -0
- package/src/model/route-discovery/types.ts +48 -0
- package/src/model/route-discovery/utils.ts +54 -0
- package/src/model/route-hierarchy.ts +250 -0
- package/src/model/sanitiser-detection.ts +268 -0
- package/src/model/sink-matcher.ts +178 -0
- package/src/model/sink-patterns.ts +109 -0
- package/src/model/source-discovery.ts +209 -0
- package/src/model/taint-tracker.ts +333 -0
- package/src/model/taint-types.ts +149 -0
- package/src/{utils → model}/trpc-analyzer.ts +1 -1
- package/src/{utils/context-helpers.ts → parse/file-classifier.ts} +462 -2
- package/src/{utils → parse}/path-exclusions.ts +1 -1
- package/src/pipeline/config.ts +81 -0
- package/src/pipeline/index.ts +437 -0
- package/src/{modes → pipeline/modes}/incremental.ts +6 -6
- package/src/postprocess/aggregation.ts +74 -0
- package/src/postprocess/contradictions.ts +128 -0
- package/src/postprocess/dedup.ts +62 -0
- package/src/postprocess/filtering/__tests__/pipeline.test.ts +134 -0
- package/src/postprocess/filtering/context-adjustments.ts +111 -0
- package/src/postprocess/filtering/index.ts +10 -0
- package/src/postprocess/filtering/pipeline.ts +130 -0
- package/src/postprocess/index.ts +118 -0
- package/src/{suppression → postprocess/suppression}/config-loader.ts +1 -1
- package/src/{suppression → postprocess/suppression}/hash.ts +1 -1
- package/src/{suppression → postprocess/suppression}/inline-parser.ts +1 -1
- package/src/{suppression → postprocess/suppression}/manager.ts +1 -1
- package/src/{suppression → postprocess/suppression}/types.ts +2 -2
- package/src/postprocess/validation-cap.ts +66 -0
- package/src/report/build-result.ts +94 -0
- package/src/report/enrichment.ts +52 -0
- package/src/report/formatters/__tests__/ai-context.test.ts +254 -0
- package/src/report/formatters/ai-context.ts +302 -0
- package/src/{formatters → report/formatters}/cli-terminal.ts +11 -11
- package/src/{formatters → report/formatters}/github-comment.ts +4 -4
- package/src/{formatters → report/formatters}/grouping.ts +8 -8
- package/src/report/formatters/ide/__tests__/ide.test.ts +319 -0
- package/src/report/formatters/ide/claude-code.ts +110 -0
- package/src/report/formatters/ide/cursor.ts +147 -0
- package/src/report/formatters/ide/index.ts +216 -0
- package/src/report/formatters/ide/windsurf.ts +135 -0
- package/src/{formatters → report/formatters}/index.ts +24 -0
- package/src/{formatters → report/formatters}/vscode-diagnostic.ts +1 -1
- package/src/report/summary.ts +70 -0
- package/src/score/adjustments.ts +387 -0
- package/src/{layer3/anthropic → score}/auto-dismiss.ts +26 -14
- package/src/score/confidence.ts +66 -0
- package/src/score/index.ts +316 -0
- package/src/score/types.ts +187 -0
- package/src/shared/__tests__/code-analysis.test.ts +165 -0
- package/src/shared/__tests__/parsed-file.test.ts +124 -0
- package/src/shared/ai-context/__tests__/manager.test.ts +193 -0
- package/src/shared/ai-context/index.ts +15 -0
- package/src/shared/ai-context/manager.ts +145 -0
- package/src/{baseline → shared/baseline}/__tests__/diff.test.ts +2 -2
- package/src/{baseline → shared/baseline}/__tests__/manager.test.ts +2 -2
- package/src/{baseline → shared/baseline}/diff.ts +1 -1
- package/src/{baseline → shared/baseline}/manager.ts +1 -1
- package/src/shared/category-filter.ts +400 -0
- package/src/{layer2/dangerous-functions/utils/control-flow.ts → shared/code-analysis.ts} +56 -39
- package/src/shared/comment-analyzer.ts +249 -0
- package/src/shared/environment-context.ts +304 -0
- package/src/shared/intent-detector.ts +318 -0
- package/src/shared/parsed-file.ts +103 -0
- package/src/{rules → shared/rules}/__tests__/metadata.test.ts +7 -0
- package/src/{rules → shared/rules}/framework-fixes.ts +1 -1
- package/src/{rules → shared/rules}/metadata.ts +94 -0
- package/src/shared/schema-semantics.ts +233 -0
- package/src/{types.ts → shared/types.ts} +142 -11
- package/src/tiers.ts +27 -10
- package/src/validate/__tests__/context-extractor.test.ts +191 -0
- package/src/validate/__tests__/prompt-assembly.test.ts +233 -0
- package/src/validate/__tests__/request-builder.test.ts +347 -0
- package/src/{layer3/anthropic → validate}/index.ts +8 -7
- package/src/{layer3/anthropic → validate}/prompts/index.ts +2 -0
- package/src/validate/prompts/modules/ai-patterns.ts +153 -0
- package/src/validate/prompts/modules/auth-access.ts +22 -0
- package/src/validate/prompts/modules/common.ts +183 -0
- package/src/validate/prompts/modules/index.ts +204 -0
- package/src/validate/prompts/modules/owasp-classic.ts +81 -0
- package/src/validate/prompts/modules/secrets-crypto.ts +65 -0
- package/src/validate/prompts/modules/xss-prompt.ts +19 -0
- package/src/validate/prompts/validation.ts +20 -0
- package/src/{layer3/anthropic → validate}/providers/anthropic.ts +28 -27
- package/src/validate/providers/index.ts +8 -0
- package/src/{layer3/anthropic → validate}/providers/openai.ts +30 -25
- package/src/validate/request-builder.ts +448 -0
- package/src/{layer3/anthropic → validate}/types.ts +1 -1
- package/src/validate/utils/context-extractor.ts +220 -0
- package/src/{layer3/anthropic → validate}/utils/index.ts +10 -0
- package/src/{layer3/anthropic → validate}/utils/response-parser.ts +2 -1
- package/src/layer3/anthropic/prompts/validation.ts +0 -419
- package/src/layer3/anthropic/providers/index.ts +0 -8
- package/src/layer3/anthropic/request-builder.ts +0 -150
- package/src/layer3/index.ts +0 -168
- /package/src/{layer3 → detect/config}/__tests__/osv-check.test.ts +0 -0
- /package/src/{layer2 → detect/structural}/__tests__/math-random-enhanced.test.ts +0 -0
- /package/src/{layer2 → detect/structural}/dangerous-functions/child-process.ts +0 -0
- /package/src/{layer2 → detect/structural}/dangerous-functions/utils/helpers.ts +0 -0
- /package/src/{layer2 → detect/structural}/dangerous-functions/utils/index.ts +0 -0
- /package/src/{suppression → postprocess/suppression}/__tests__/config-loader.test.ts +0 -0
- /package/src/{suppression → postprocess/suppression}/__tests__/hash.test.ts +0 -0
- /package/src/{suppression → postprocess/suppression}/__tests__/inline-parser.test.ts +0 -0
- /package/src/{suppression → postprocess/suppression}/__tests__/manager.test.ts +0 -0
- /package/src/{suppression → postprocess/suppression}/index.ts +0 -0
- /package/src/{baseline → shared/baseline}/index.ts +0 -0
- /package/src/{baseline → shared/baseline}/types.ts +0 -0
- /package/src/{utils → shared}/diff-detector.ts +0 -0
- /package/src/{utils → shared}/diff-parser.ts +0 -0
- /package/src/{utils → shared}/registry-clients.ts +0 -0
- /package/src/{rules → shared/rules}/__tests__/framework-fixes.test.ts +0 -0
- /package/src/{rules → shared/rules}/index.ts +0 -0
- /package/src/{layer3/anthropic → validate}/clients.ts +0 -0
- /package/src/{layer3/anthropic → validate}/prompts/semantic-analysis.ts +0 -0
- /package/src/{layer3/anthropic → validate}/utils/path-helpers.ts +0 -0
- /package/src/{layer3/anthropic → validate}/utils/retry.ts +0 -0
|
@@ -0,0 +1,450 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Layer 1: URL Pattern Matching
|
|
4
|
+
* Detects hardcoded sensitive URLs that may indicate security issues
|
|
5
|
+
*/
|
|
6
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
|
+
exports.aggregateLocalhostFindings = aggregateLocalhostFindings;
|
|
8
|
+
exports.detectSensitiveURLs = detectSensitiveURLs;
|
|
9
|
+
const file_classifier_1 = require("../../parse/file-classifier");
|
|
10
|
+
const environment_context_1 = require("../../shared/environment-context");
|
|
11
|
+
const route_hierarchy_1 = require("../../model/route-hierarchy");
|
|
12
|
+
const BASE_CONFIDENCE_WEBHOOK = 0.55;
|
|
13
|
+
const BASE_CONFIDENCE_LOCALHOST = 0.30;
|
|
14
|
+
// Check if file is documentation/README/example
|
|
15
|
+
function isDocumentationFile(filePath) {
|
|
16
|
+
const docPatterns = [
|
|
17
|
+
/README/i,
|
|
18
|
+
/CHANGELOG/i,
|
|
19
|
+
/CONTRIBUTING/i,
|
|
20
|
+
/LICENSE/i,
|
|
21
|
+
/\.md$/i,
|
|
22
|
+
/\.mdx$/i,
|
|
23
|
+
/\.rst$/i,
|
|
24
|
+
/\.adoc$/i,
|
|
25
|
+
/\/docs\//i,
|
|
26
|
+
/\/documentation\//i,
|
|
27
|
+
/\/wiki\//i,
|
|
28
|
+
/\/guides?\//i,
|
|
29
|
+
/\/tutorials?\//i,
|
|
30
|
+
/\/examples?\//i,
|
|
31
|
+
];
|
|
32
|
+
return docPatterns.some(p => p.test(filePath));
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* Check if file path indicates it's inside an authenticated route group
|
|
36
|
+
* Modern frameworks use route groups/layouts that handle auth at the layout level
|
|
37
|
+
*
|
|
38
|
+
* Examples:
|
|
39
|
+
* - Next.js: (authenticated)/dashboard/page.tsx, (admin)/users/page.tsx
|
|
40
|
+
* - Remix: _authenticated+/dashboard.tsx
|
|
41
|
+
* - SvelteKit: (protected)/+page.svelte
|
|
42
|
+
*/
|
|
43
|
+
function isInsideAuthenticatedRouteGroup(filePath) {
|
|
44
|
+
const authRoutePatterns = [
|
|
45
|
+
// Next.js App Router - route groups with auth-related names
|
|
46
|
+
/\/\(authenticated\)\//i,
|
|
47
|
+
/\/\(protected\)\//i,
|
|
48
|
+
/\/\(auth\)\//i,
|
|
49
|
+
/\/\(admin\)\//i,
|
|
50
|
+
/\/\(dashboard\)\//i,
|
|
51
|
+
/\/\(private\)\//i,
|
|
52
|
+
/\/\(secure\)\//i,
|
|
53
|
+
/\/\(user\)\//i,
|
|
54
|
+
/\/\(account\)\//i,
|
|
55
|
+
/\/\(settings\)\//i,
|
|
56
|
+
/\/\(app\)\//i, // Common pattern for authenticated app routes
|
|
57
|
+
// Remix - authenticated route conventions
|
|
58
|
+
/\/_authenticated\+\//i,
|
|
59
|
+
/\/_protected\+\//i,
|
|
60
|
+
/\/_auth\+\//i,
|
|
61
|
+
/\/__authenticated\//i,
|
|
62
|
+
// Generic patterns that indicate auth-protected sections
|
|
63
|
+
/\/dashboard\//i,
|
|
64
|
+
/\/admin\//i,
|
|
65
|
+
/\/account\//i,
|
|
66
|
+
/\/settings\//i,
|
|
67
|
+
/\/profile\//i,
|
|
68
|
+
/\/my-/i, // /my-account/, /my-orders/
|
|
69
|
+
/\/user\//i,
|
|
70
|
+
/\/users\/\[/i, // /users/[userId]/ - user-specific routes
|
|
71
|
+
];
|
|
72
|
+
return authRoutePatterns.some(p => p.test(filePath));
|
|
73
|
+
}
|
|
74
|
+
// Check if file is a config/constants file where localhost is expected
|
|
75
|
+
function isDevConfigFile(filePath) {
|
|
76
|
+
const devConfigPatterns = [
|
|
77
|
+
/\.env\.local$/i,
|
|
78
|
+
/\.env\.development$/i,
|
|
79
|
+
/\.env\.dev$/i,
|
|
80
|
+
/\.env\.example$/i,
|
|
81
|
+
/\.env\.sample$/i,
|
|
82
|
+
/config\.dev\./i,
|
|
83
|
+
/config\.development\./i,
|
|
84
|
+
/config\.local\./i,
|
|
85
|
+
/\/config\/development\//i,
|
|
86
|
+
/\/config\/local\//i,
|
|
87
|
+
/constants\.dev\./i,
|
|
88
|
+
];
|
|
89
|
+
return devConfigPatterns.some(p => p.test(filePath));
|
|
90
|
+
}
|
|
91
|
+
// Check if file is a locale/i18n file where URLs are example placeholders
|
|
92
|
+
function isLocaleFile(filePath) {
|
|
93
|
+
const localePatterns = [
|
|
94
|
+
/\/locales?\//i, // /locale/ or /locales/
|
|
95
|
+
/\/i18n\//i, // /i18n/
|
|
96
|
+
/\/translations?\//i, // /translation/ or /translations/
|
|
97
|
+
/\/lang\//i, // /lang/
|
|
98
|
+
/\/languages?\//i, // /language/ or /languages/
|
|
99
|
+
/\.\w{2}(-\w{2})?\.json$/i, // .en.json, .zh-CN.json, etc.
|
|
100
|
+
];
|
|
101
|
+
return localePatterns.some(p => p.test(filePath));
|
|
102
|
+
}
|
|
103
|
+
// Check if line contains URL placeholder/example text
|
|
104
|
+
function isUrlPlaceholderText(line) {
|
|
105
|
+
const placeholderPatterns = [
|
|
106
|
+
/placeholder['"]\s*:/i, // "placeholder": "http://..."
|
|
107
|
+
/example['"]\s*:/i, // "example": "http://..."
|
|
108
|
+
/e\.g\./i, // e.g. http://localhost
|
|
109
|
+
/for\s+example/i, // for example http://...
|
|
110
|
+
/such\s+as/i, // such as http://localhost
|
|
111
|
+
/like\s+http/i, // like http://localhost
|
|
112
|
+
/格式.*http/i, // Chinese: format http://...
|
|
113
|
+
/例如.*http/i, // Chinese: for example http://...
|
|
114
|
+
/beispiel.*http/i, // German: example http://...
|
|
115
|
+
/ejemplo.*http/i, // Spanish: example http://...
|
|
116
|
+
/exemple.*http/i, // French: example http://...
|
|
117
|
+
];
|
|
118
|
+
return placeholderPatterns.some(p => p.test(line));
|
|
119
|
+
}
|
|
120
|
+
// URL patterns that may indicate security issues
|
|
121
|
+
const URL_PATTERNS = [
|
|
122
|
+
// Internal/staging endpoints in production code
|
|
123
|
+
{
|
|
124
|
+
pattern: /https?:\/\/localhost[:\d]*/gi,
|
|
125
|
+
name: 'Localhost URL',
|
|
126
|
+
severity: 'medium',
|
|
127
|
+
description: 'Hardcoded localhost URL found - may cause issues in production',
|
|
128
|
+
},
|
|
129
|
+
{
|
|
130
|
+
pattern: /https?:\/\/127\.0\.0\.1[:\d]*/gi,
|
|
131
|
+
name: 'Loopback URL',
|
|
132
|
+
severity: 'medium',
|
|
133
|
+
description: 'Hardcoded loopback IP address found',
|
|
134
|
+
},
|
|
135
|
+
{
|
|
136
|
+
pattern: /https?:\/\/[^\/]*staging[^\/]*\.[a-z]+/gi,
|
|
137
|
+
name: 'Staging URL',
|
|
138
|
+
severity: 'medium',
|
|
139
|
+
description: 'Hardcoded staging environment URL found',
|
|
140
|
+
},
|
|
141
|
+
{
|
|
142
|
+
pattern: /https?:\/\/[^\/]*\bdev\b[^\/]*\.[a-z]+/gi,
|
|
143
|
+
name: 'Development URL',
|
|
144
|
+
severity: 'low',
|
|
145
|
+
description: 'Hardcoded development environment URL found',
|
|
146
|
+
},
|
|
147
|
+
{
|
|
148
|
+
pattern: /https?:\/\/[^\/]*internal[^\/]*\.[a-z]+/gi,
|
|
149
|
+
name: 'Internal URL',
|
|
150
|
+
severity: 'high',
|
|
151
|
+
description: 'Hardcoded internal URL found - may expose internal infrastructure',
|
|
152
|
+
},
|
|
153
|
+
{
|
|
154
|
+
pattern: /https?:\/\/[^\/]*\btest\b[^\/]*\.[a-z]+/gi,
|
|
155
|
+
name: 'Test Environment URL',
|
|
156
|
+
severity: 'low',
|
|
157
|
+
description: 'Hardcoded test environment URL found',
|
|
158
|
+
},
|
|
159
|
+
// Admin/sensitive endpoints - heavily downgraded
|
|
160
|
+
// In most modern frameworks, these are protected by middleware or layout auth
|
|
161
|
+
// Flagging them creates noise when they're inside authenticated route groups
|
|
162
|
+
{
|
|
163
|
+
pattern: /['"`]\/admin(?:\/|['"`])/gi,
|
|
164
|
+
name: 'Admin Endpoint',
|
|
165
|
+
severity: 'info',
|
|
166
|
+
description: 'Admin endpoint path found - typically protected by auth middleware',
|
|
167
|
+
},
|
|
168
|
+
{
|
|
169
|
+
pattern: /['"`]\/api\/admin/gi,
|
|
170
|
+
name: 'Admin API Endpoint',
|
|
171
|
+
severity: 'info', // Downgraded from low - usually behind middleware
|
|
172
|
+
description: 'Admin API endpoint found - typically protected by auth middleware',
|
|
173
|
+
},
|
|
174
|
+
// API keys in URLs
|
|
175
|
+
{
|
|
176
|
+
pattern: /\?api[_-]?key=[a-zA-Z0-9_-]{10,}/gi,
|
|
177
|
+
name: 'API Key in URL Query',
|
|
178
|
+
severity: 'high',
|
|
179
|
+
description: 'API key exposed in URL query parameter',
|
|
180
|
+
},
|
|
181
|
+
{
|
|
182
|
+
pattern: /&api[_-]?key=[a-zA-Z0-9_-]{10,}/gi,
|
|
183
|
+
name: 'API Key in URL Query',
|
|
184
|
+
severity: 'high',
|
|
185
|
+
description: 'API key exposed in URL query parameter',
|
|
186
|
+
},
|
|
187
|
+
{
|
|
188
|
+
pattern: /\?token=[a-zA-Z0-9_-]{10,}/gi,
|
|
189
|
+
name: 'Token in URL Query',
|
|
190
|
+
severity: 'high',
|
|
191
|
+
description: 'Token exposed in URL query parameter',
|
|
192
|
+
},
|
|
193
|
+
{
|
|
194
|
+
pattern: /\?secret=[a-zA-Z0-9_-]{10,}/gi,
|
|
195
|
+
name: 'Secret in URL Query',
|
|
196
|
+
severity: 'critical',
|
|
197
|
+
description: 'Secret exposed in URL query parameter',
|
|
198
|
+
},
|
|
199
|
+
// Webhook URLs (may contain secrets)
|
|
200
|
+
{
|
|
201
|
+
pattern: /https:\/\/hooks\.slack\.com\/services\/[a-zA-Z0-9\/]+/gi,
|
|
202
|
+
name: 'Slack Webhook URL',
|
|
203
|
+
severity: 'high',
|
|
204
|
+
description: 'Slack webhook URL found - should be stored as environment variable',
|
|
205
|
+
},
|
|
206
|
+
{
|
|
207
|
+
pattern: /https:\/\/discord(?:app)?\.com\/api\/webhooks\/[0-9]+\/[a-zA-Z0-9_-]+/gi,
|
|
208
|
+
name: 'Discord Webhook URL',
|
|
209
|
+
severity: 'high',
|
|
210
|
+
description: 'Discord webhook URL found - should be stored as environment variable',
|
|
211
|
+
},
|
|
212
|
+
// Debug/test endpoints - downgraded (often in test files or intentional)
|
|
213
|
+
{
|
|
214
|
+
pattern: /['"`]\/debug(?:\/|['"`])/gi,
|
|
215
|
+
name: 'Debug Endpoint',
|
|
216
|
+
severity: 'low', // Downgraded from medium
|
|
217
|
+
description: 'Debug endpoint found - verify not accessible in production',
|
|
218
|
+
},
|
|
219
|
+
{
|
|
220
|
+
pattern: /['"`]\/test(?:\/|['"`])/gi,
|
|
221
|
+
name: 'Test Endpoint',
|
|
222
|
+
severity: 'info', // Downgraded from low
|
|
223
|
+
description: 'Test endpoint found - typically safe in test context',
|
|
224
|
+
},
|
|
225
|
+
];
|
|
226
|
+
// Check if line is a comment
|
|
227
|
+
function isComment(lineContent) {
|
|
228
|
+
const trimmed = lineContent.trim();
|
|
229
|
+
return (trimmed.startsWith('//') ||
|
|
230
|
+
trimmed.startsWith('#') ||
|
|
231
|
+
trimmed.startsWith('*') ||
|
|
232
|
+
trimmed.startsWith('/*'));
|
|
233
|
+
}
|
|
234
|
+
// Check if it's in a test file
|
|
235
|
+
function isTestFile(filePath) {
|
|
236
|
+
return /\.(test|spec)\.(ts|tsx|js|jsx)$/i.test(filePath) ||
|
|
237
|
+
/\/__tests__\//i.test(filePath) ||
|
|
238
|
+
/\/test\//i.test(filePath);
|
|
239
|
+
}
|
|
240
|
+
// Check if URL is in an environment variable reference
|
|
241
|
+
function isEnvVarReference(lineContent) {
|
|
242
|
+
return lineContent.includes('process.env') ||
|
|
243
|
+
lineContent.includes('${') ||
|
|
244
|
+
lineContent.includes('import.meta.env');
|
|
245
|
+
}
|
|
246
|
+
/**
|
|
247
|
+
* Check if localhost URL is used as a fallback default value
|
|
248
|
+
* This is a common safe pattern in development:
|
|
249
|
+
* - process.env.API_URL || 'http://localhost:3000'
|
|
250
|
+
* - baseUrl ?? 'http://localhost:3000'
|
|
251
|
+
* - config.url || 'http://localhost'
|
|
252
|
+
* - config?.url ?? 'http://localhost'
|
|
253
|
+
*/
|
|
254
|
+
function isLocalhostFallback(lineContent) {
|
|
255
|
+
const fallbackPatterns = [
|
|
256
|
+
// Logical OR fallback: something || 'http://localhost...'
|
|
257
|
+
/\|\|\s*['"`]https?:\/\/(localhost|127\.0\.0\.1)/i,
|
|
258
|
+
// Nullish coalescing fallback: something ?? 'http://localhost...'
|
|
259
|
+
/\?\?\s*['"`]https?:\/\/(localhost|127\.0\.0\.1)/i,
|
|
260
|
+
// Default parameter: = 'http://localhost...'
|
|
261
|
+
/=\s*['"`]https?:\/\/(localhost|127\.0\.0\.1)[^'"]*['"`]\s*(,|\)|$)/i,
|
|
262
|
+
// Ternary with env check: process.env.X ? ... : 'http://localhost'
|
|
263
|
+
/process\.env\.\w+\s*\?\s*[^:]+\s*:\s*['"`]https?:\/\/(localhost|127\.0\.0\.1)/i,
|
|
264
|
+
// Object property default: url: process.env.X || 'http://localhost'
|
|
265
|
+
/:\s*process\.env\.\w+\s*\|\|\s*['"`]https?:\/\/(localhost|127\.0\.0\.1)/i,
|
|
266
|
+
// Import.meta.env fallback
|
|
267
|
+
/import\.meta\.env\.\w+\s*\|\|\s*['"`]https?:\/\/(localhost|127\.0\.0\.1)/i,
|
|
268
|
+
/import\.meta\.env\.\w+\s*\?\?\s*['"`]https?:\/\/(localhost|127\.0\.0\.1)/i,
|
|
269
|
+
];
|
|
270
|
+
return fallbackPatterns.some(p => p.test(lineContent));
|
|
271
|
+
}
|
|
272
|
+
// Get URL context for smarter detection
|
|
273
|
+
function getURLContext(lineContent, filePath) {
|
|
274
|
+
return {
|
|
275
|
+
isDevOnly: /['"]?BASE_URL['"]?|['"]?API_URL['"]?|['"]?NEXT_PUBLIC_/.test(lineContent),
|
|
276
|
+
isConfigFile: /config|settings|constants/.test(filePath.toLowerCase()),
|
|
277
|
+
isTestFile: isTestFile(filePath),
|
|
278
|
+
isEnvRef: isEnvVarReference(lineContent)
|
|
279
|
+
};
|
|
280
|
+
}
|
|
281
|
+
// Aggregate repeated localhost findings per file
|
|
282
|
+
function aggregateLocalhostFindings(vulnerabilities) {
|
|
283
|
+
const localhostByFile = new Map();
|
|
284
|
+
const result = [];
|
|
285
|
+
for (const vuln of vulnerabilities) {
|
|
286
|
+
// Check if this is a localhost/127.0.0.1 URL
|
|
287
|
+
if (vuln.category === 'sensitive_url' &&
|
|
288
|
+
/localhost|127\.0\.0\.1/i.test(vuln.lineContent)) {
|
|
289
|
+
const key = vuln.filePath;
|
|
290
|
+
if (!localhostByFile.has(key)) {
|
|
291
|
+
localhostByFile.set(key, { lines: [], urls: [], original: vuln });
|
|
292
|
+
}
|
|
293
|
+
const entry = localhostByFile.get(key);
|
|
294
|
+
entry.lines.push(vuln.lineNumber);
|
|
295
|
+
entry.urls.push(vuln.lineContent);
|
|
296
|
+
}
|
|
297
|
+
else {
|
|
298
|
+
result.push(vuln);
|
|
299
|
+
}
|
|
300
|
+
}
|
|
301
|
+
// Create aggregated findings for localhost URLs
|
|
302
|
+
for (const [filePath, data] of localhostByFile) {
|
|
303
|
+
const aggregated = {
|
|
304
|
+
...data.original,
|
|
305
|
+
title: `Localhost URLs in development code (${data.lines.length} instances)`,
|
|
306
|
+
description: `Found ${data.lines.length} localhost references on lines ${data.lines.join(', ')}. ` +
|
|
307
|
+
`This is typically safe in development but should use environment variables.`,
|
|
308
|
+
lineNumber: data.lines[0],
|
|
309
|
+
severity: 'info', // Downgraded to info
|
|
310
|
+
};
|
|
311
|
+
result.push(aggregated);
|
|
312
|
+
}
|
|
313
|
+
return result;
|
|
314
|
+
}
|
|
315
|
+
function detectSensitiveURLs(content, filePath, options) {
|
|
316
|
+
const vulnerabilities = [];
|
|
317
|
+
// Skip documentation files entirely - they often contain example URLs
|
|
318
|
+
if (isDocumentationFile(filePath)) {
|
|
319
|
+
return vulnerabilities;
|
|
320
|
+
}
|
|
321
|
+
// Get environment context for smart handling
|
|
322
|
+
const envContext = (0, environment_context_1.getEnvironmentContext)(filePath);
|
|
323
|
+
// Get route protection context
|
|
324
|
+
const routeHierarchy = (0, route_hierarchy_1.getRouteProtectionContext)(filePath);
|
|
325
|
+
const lines = options?.parsed?.lines ?? content.split('\n');
|
|
326
|
+
const inTestFile = isTestFile(filePath);
|
|
327
|
+
const inDevConfig = isDevConfigFile(filePath);
|
|
328
|
+
const inTestConfig = (0, file_classifier_1.isTestConfigFile)(filePath);
|
|
329
|
+
const isPython = (0, file_classifier_1.isPythonFile)(filePath);
|
|
330
|
+
const inAuthRoute = isInsideAuthenticatedRouteGroup(filePath) || routeHierarchy.isInProtectedHierarchy;
|
|
331
|
+
for (let i = 0; i < lines.length; i++) {
|
|
332
|
+
const line = lines[i];
|
|
333
|
+
// Skip comments
|
|
334
|
+
if (isComment(line))
|
|
335
|
+
continue;
|
|
336
|
+
// Skip Python docstrings - they often contain example URLs
|
|
337
|
+
if (isPython && (0, file_classifier_1.isInsidePythonDocstring)(lines, i)) {
|
|
338
|
+
continue;
|
|
339
|
+
}
|
|
340
|
+
// Get context for this line
|
|
341
|
+
const context = getURLContext(line, filePath);
|
|
342
|
+
// Skip environment variable references entirely
|
|
343
|
+
if (context.isEnvRef)
|
|
344
|
+
continue;
|
|
345
|
+
for (const { pattern, name, severity, description } of URL_PATTERNS) {
|
|
346
|
+
// Reset regex state
|
|
347
|
+
const regex = new RegExp(pattern.source, pattern.flags);
|
|
348
|
+
const match = regex.exec(line);
|
|
349
|
+
if (match) {
|
|
350
|
+
const url = match[0];
|
|
351
|
+
// Special handling for localhost URLs
|
|
352
|
+
if (/localhost|127\.0\.0\.1/i.test(url)) {
|
|
353
|
+
// Skip localhost as fallback/default values - this is standard practice
|
|
354
|
+
// e.g., process.env.API_URL || 'http://localhost:3000'
|
|
355
|
+
if (isLocalhostFallback(line)) {
|
|
356
|
+
continue;
|
|
357
|
+
}
|
|
358
|
+
// Use environment context for smarter handling
|
|
359
|
+
// Skip localhost in environments where it's expected (templates, tests, tooling)
|
|
360
|
+
if (envContext.allowsLocalhostDefaults) {
|
|
361
|
+
continue;
|
|
362
|
+
}
|
|
363
|
+
// Skip localhost in test files, dev-only contexts, test config files, or dev config files
|
|
364
|
+
if (context.isTestFile || context.isDevOnly || inDevConfig || inTestConfig) {
|
|
365
|
+
continue;
|
|
366
|
+
}
|
|
367
|
+
// Skip localhost in placeholder attributes (placeholder="https://localhost...")
|
|
368
|
+
if ((0, environment_context_1.isInPlaceholderAttribute)(line)) {
|
|
369
|
+
continue;
|
|
370
|
+
}
|
|
371
|
+
// Skip localhost when used as default parameter value
|
|
372
|
+
if ((0, environment_context_1.isDefaultParameterValue)(line)) {
|
|
373
|
+
continue;
|
|
374
|
+
}
|
|
375
|
+
// Skip localhost in locale/i18n files - these are example placeholders for users
|
|
376
|
+
if (isLocaleFile(filePath)) {
|
|
377
|
+
continue;
|
|
378
|
+
}
|
|
379
|
+
// Skip localhost in placeholder/example text (e.g., "e.g. http://localhost")
|
|
380
|
+
if (isUrlPlaceholderText(line)) {
|
|
381
|
+
continue;
|
|
382
|
+
}
|
|
383
|
+
// Use smart severity determination based on context
|
|
384
|
+
const adjustedSeverity = (0, environment_context_1.getLocalhostSeverity)(filePath, line);
|
|
385
|
+
// Skip info-level findings in non-production contexts
|
|
386
|
+
if (adjustedSeverity === 'info' && !filePath.includes('.env.production')) {
|
|
387
|
+
continue;
|
|
388
|
+
}
|
|
389
|
+
vulnerabilities.push({
|
|
390
|
+
id: `url-${filePath}-${i + 1}-${name}`,
|
|
391
|
+
filePath,
|
|
392
|
+
lineNumber: i + 1,
|
|
393
|
+
lineContent: line.trim(),
|
|
394
|
+
severity: adjustedSeverity,
|
|
395
|
+
category: 'sensitive_url',
|
|
396
|
+
title: name,
|
|
397
|
+
description: description + (adjustedSeverity === 'high' ? ' (in production config!)' : ' (in dev/config file)'),
|
|
398
|
+
suggestedFix: 'Move URLs to environment variables or configuration files. Use process.env.API_URL pattern.',
|
|
399
|
+
confidence: adjustedSeverity === 'high' ? 'high' : 'low',
|
|
400
|
+
baseConfidence: BASE_CONFIDENCE_LOCALHOST,
|
|
401
|
+
layer: 1,
|
|
402
|
+
source: 'config',
|
|
403
|
+
});
|
|
404
|
+
}
|
|
405
|
+
else {
|
|
406
|
+
// Normal URL handling (non-localhost)
|
|
407
|
+
// Lower severity for test files - downgrade more aggressively
|
|
408
|
+
let adjustedSeverity = severity;
|
|
409
|
+
let contextNote = '';
|
|
410
|
+
if (inTestFile) {
|
|
411
|
+
if (severity === 'critical')
|
|
412
|
+
adjustedSeverity = 'high';
|
|
413
|
+
else if (severity === 'high')
|
|
414
|
+
adjustedSeverity = 'low';
|
|
415
|
+
else
|
|
416
|
+
adjustedSeverity = 'info';
|
|
417
|
+
contextNote = ' (in test file)';
|
|
418
|
+
}
|
|
419
|
+
// Downgrade admin/sensitive endpoint findings inside authenticated route groups
|
|
420
|
+
// These routes are already protected by layout/middleware auth
|
|
421
|
+
if (inAuthRoute && (name === 'Admin Endpoint' || name === 'Admin API Endpoint')) {
|
|
422
|
+
adjustedSeverity = 'info';
|
|
423
|
+
contextNote = ' (inside authenticated route group)';
|
|
424
|
+
}
|
|
425
|
+
// Non-critical URL findings require AI validation
|
|
426
|
+
const requiresAIValidation = severity !== 'critical';
|
|
427
|
+
vulnerabilities.push({
|
|
428
|
+
id: `url-${filePath}-${i + 1}-${name}`,
|
|
429
|
+
filePath,
|
|
430
|
+
lineNumber: i + 1,
|
|
431
|
+
lineContent: line.trim(),
|
|
432
|
+
severity: adjustedSeverity,
|
|
433
|
+
category: 'sensitive_url',
|
|
434
|
+
title: name,
|
|
435
|
+
description: description + contextNote,
|
|
436
|
+
suggestedFix: 'Move URLs to environment variables or configuration files. Use process.env.API_URL pattern.',
|
|
437
|
+
confidence: inTestFile ? 'low' : 'medium',
|
|
438
|
+
baseConfidence: BASE_CONFIDENCE_WEBHOOK,
|
|
439
|
+
layer: 1,
|
|
440
|
+
source: 'config',
|
|
441
|
+
requiresAIValidation,
|
|
442
|
+
});
|
|
443
|
+
}
|
|
444
|
+
break; // Only report one URL issue per line
|
|
445
|
+
}
|
|
446
|
+
}
|
|
447
|
+
}
|
|
448
|
+
return vulnerabilities;
|
|
449
|
+
}
|
|
450
|
+
//# sourceMappingURL=urls.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"urls.js","sourceRoot":"","sources":["../../../src/detect/config/urls.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAqTH,gEA0CC;AAED,kDA8JC;AA3fD,iEAAqG;AACrG,0EAKyC;AACzC,iEAAuE;AAEvE,MAAM,uBAAuB,GAAG,IAAI,CAAA;AACpC,MAAM,yBAAyB,GAAG,IAAI,CAAA;AAEtC,gDAAgD;AAChD,SAAS,mBAAmB,CAAC,QAAgB;IAC3C,MAAM,WAAW,GAAG;QAClB,SAAS;QACT,YAAY;QACZ,eAAe;QACf,UAAU;QACV,QAAQ;QACR,SAAS;QACT,SAAS;QACT,UAAU;QACV,WAAW;QACX,oBAAoB;QACpB,WAAW;QACX,cAAc;QACd,iBAAiB;QACjB,gBAAgB;KACjB,CAAA;IACD,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAA;AAChD,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,+BAA+B,CAAC,QAAgB;IACvD,MAAM,iBAAiB,GAAG;QACxB,4DAA4D;QAC5D,wBAAwB;QACxB,oBAAoB;QACpB,eAAe;QACf,gBAAgB;QAChB,oBAAoB;QACpB,kBAAkB;QAClB,iBAAiB;QACjB,eAAe;QACf,kBAAkB;QAClB,mBAAmB;QACnB,cAAc,EAAY,8CAA8C;QAExE,0CAA0C;QAC1C,uBAAuB;QACvB,mBAAmB;QACnB,cAAc;QACd,sBAAsB;QAEtB,yDAAyD;QACzD,gBAAgB;QAChB,YAAY;QACZ,cAAc;QACd,eAAe;QACf,cAAc;QACd,QAAQ,EAAkB,4BAA4B;QACtD,WAAW;QACX,cAAc,EAAY,0CAA0C;KACrE,CAAA;IAED,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAA;AACtD,CAAC;AAED,uEAAuE;AACvE,SAAS,eAAe,CAAC,QAAgB;IACvC,MAAM,iBAAiB,GAAG;QACxB,gBAAgB;QAChB,sBAAsB;QACtB,cAAc;QACd,kBAAkB;QAClB,iBAAiB;QACjB,gBAAgB;QAChB,wBAAwB;QACxB,kBAAkB;QAClB,0BAA0B;QAC1B,oBAAoB;QACpB,mBAAmB;KACpB,CAAA;IACD,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAA;AACtD,CAAC;AAED,0EAA0E;AAC1E,SAAS,YAAY,CAAC,QAAgB;IACpC,MAAM,cAAc,GAAG;QACrB,eAAe,EAAY,wBAAwB;QACnD,WAAW,EAAgB,SAAS;QACpC,oBAAoB,EAAO,kCAAkC;QAC7D,WAAW,EAAgB,SAAS;QACpC,iBAAiB,EAAU,4BAA4B;QACvD,0BAA0B,EAAE,8BAA8B;KAC3D,CAAA;IACD,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAA;AACnD,CAAC;AAED,sDAAsD;AACtD,SAAS,oBAAoB,CAAC,IAAY;IACxC,MAAM,mBAAmB,GAAG;QAC1B,sBAAsB,EAAO,8BAA8B;QAC3D,kBAAkB,EAAW,0BAA0B;QACvD,SAAS,EAAoB,wBAAwB;QACrD,gBAAgB,EAAa,yBAAyB;QACtD,YAAY,EAAiB,2BAA2B;QACxD,cAAc,EAAe,wBAAwB;QACrD,WAAW,EAAgB,6BAA6B;QACxD,WAAW,EAAgB,kCAAkC;QAC7D,iBAAiB,EAAY,6BAA6B;QAC1D,gBAAgB,EAAa,8BAA8B;QAC3D,gBAAgB,EAAa,6BAA6B;KAC3D,CAAA;IACD,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAA;AACpD,CAAC;AAED,iDAAiD;AACjD,MAAM,YAAY,GAAG;IACnB,gDAAgD;IAChD;QACE,OAAO,EAAE,8BAA8B;QACvC,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,QAAiB;QAC3B,WAAW,EAAE,gEAAgE;KAC9E;IACD;QACE,OAAO,EAAE,iCAAiC;QAC1C,IAAI,EAAE,cAAc;QACpB,QAAQ,EAAE,QAAiB;QAC3B,WAAW,EAAE,qCAAqC;KACnD;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,QAAiB;QAC3B,WAAW,EAAE,yCAAyC;KACvD;IACD;QACE,OAAO,EAAE,0CAA0C;QACnD,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,KAAc;QACxB,WAAW,EAAE,6CAA6C;KAC3D;IACD;QACE,OAAO,EAAE,2CAA2C;QACpD,IAAI,EAAE,cAAc;QACpB,QAAQ,EAAE,MAAe;QACzB,WAAW,EAAE,mEAAmE;KACjF;IACD;QACE,OAAO,EAAE,2CAA2C;QACpD,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,KAAc;QACxB,WAAW,EAAE,sCAAsC;KACpD;IAED,iDAAiD;IACjD,8EAA8E;IAC9E,6EAA6E;IAC7E;QACE,OAAO,EAAE,4BAA4B;QACrC,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,MAAe;QACzB,WAAW,EAAE,oEAAoE;KAClF;IACD;QACE,OAAO,EAAE,qBAAqB;QAC9B,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,MAAe,EAAG,kDAAkD;QAC9E,WAAW,EAAE,mEAAmE;KACjF;IAED,mBAAmB;IACnB;QACE,OAAO,EAAE,oCAAoC;QAC7C,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,MAAe;QACzB,WAAW,EAAE,wCAAwC;KACtD;IACD;QACE,OAAO,EAAE,mCAAmC;QAC5C,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,MAAe;QACzB,WAAW,EAAE,wCAAwC;KACtD;IACD;QACE,OAAO,EAAE,8BAA8B;QACvC,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,MAAe;QACzB,WAAW,EAAE,sCAAsC;KACpD;IACD;QACE,OAAO,EAAE,+BAA+B;QACxC,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,UAAmB;QAC7B,WAAW,EAAE,uCAAuC;KACrD;IAED,qCAAqC;IACrC;QACE,OAAO,EAAE,yDAAyD;QAClE,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,MAAe;QACzB,WAAW,EAAE,oEAAoE;KAClF;IACD;QACE,OAAO,EAAE,yEAAyE;QAClF,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,MAAe;QACzB,WAAW,EAAE,sEAAsE;KACpF;IAED,yEAAyE;IACzE;QACE,OAAO,EAAE,4BAA4B;QACrC,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,KAAc,EAAG,yBAAyB;QACpD,WAAW,EAAE,4DAA4D;KAC1E;IACD;QACE,OAAO,EAAE,2BAA2B;QACpC,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,MAAe,EAAG,sBAAsB;QAClD,WAAW,EAAE,sDAAsD;KACpE;CACF,CAAA;AAED,6BAA6B;AAC7B,SAAS,SAAS,CAAC,WAAmB;IACpC,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,EAAE,CAAA;IAClC,OAAO,CACL,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;QACxB,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QACvB,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QACvB,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CACzB,CAAA;AACH,CAAC;AAED,+BAA+B;AAC/B,SAAS,UAAU,CAAC,QAAgB;IAClC,OAAO,kCAAkC,CAAC,IAAI,CAAC,QAAQ,CAAC;QACjD,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC;QAC/B,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;AACnC,CAAC;AAED,uDAAuD;AACvD,SAAS,iBAAiB,CAAC,WAAmB;IAC5C,OAAO,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC;QACnC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC;QAC1B,WAAW,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAA;AAChD,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,mBAAmB,CAAC,WAAmB;IAC9C,MAAM,gBAAgB,GAAG;QACvB,0DAA0D;QAC1D,kDAAkD;QAClD,kEAAkE;QAClE,kDAAkD;QAClD,6CAA6C;QAC7C,qEAAqE;QACrE,mEAAmE;QACnE,gFAAgF;QAChF,oEAAoE;QACpE,0EAA0E;QAC1E,2BAA2B;QAC3B,2EAA2E;QAC3E,2EAA2E;KAC5E,CAAA;IACD,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;AACxD,CAAC;AAED,wCAAwC;AACxC,SAAS,aAAa,CAAC,WAAmB,EAAE,QAAgB;IAM1D,OAAO;QACL,SAAS,EAAE,wDAAwD,CAAC,IAAI,CAAC,WAAW,CAAC;QACrF,YAAY,EAAE,2BAA2B,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QACtE,UAAU,EAAE,UAAU,CAAC,QAAQ,CAAC;QAChC,QAAQ,EAAE,iBAAiB,CAAC,WAAW,CAAC;KACzC,CAAA;AACH,CAAC;AAED,iDAAiD;AACjD,SAAgB,0BAA0B,CACxC,eAAgC;IAEhC,MAAM,eAAe,GAAG,IAAI,GAAG,EAI3B,CAAA;IAEJ,MAAM,MAAM,GAAoB,EAAE,CAAA;IAElC,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;QACnC,6CAA6C;QAC7C,IAAI,IAAI,CAAC,QAAQ,KAAK,eAAe;YACjC,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAErD,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAA;YACzB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC9B,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;YACnE,CAAC;YACD,MAAM,KAAK,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAE,CAAA;YACvC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;YACjC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QACnC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACnB,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,KAAK,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,eAAe,EAAE,CAAC;QAC/C,MAAM,UAAU,GAAkB;YAChC,GAAG,IAAI,CAAC,QAAQ;YAChB,KAAK,EAAE,uCAAuC,IAAI,CAAC,KAAK,CAAC,MAAM,aAAa;YAC5E,WAAW,EAAE,SAAS,IAAI,CAAC,KAAK,CAAC,MAAM,kCAAkC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;gBAChG,6EAA6E;YAC/E,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YACzB,QAAQ,EAAE,MAAM,EAAG,qBAAqB;SACzC,CAAA;QACD,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACzB,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAgB,mBAAmB,CACjC,OAAe,EACf,QAAgB,EAChB,OAAiC;IAEjC,MAAM,eAAe,GAAoB,EAAE,CAAA;IAE3C,sEAAsE;IACtE,IAAI,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,OAAO,eAAe,CAAA;IACxB,CAAC;IAED,6CAA6C;IAC7C,MAAM,UAAU,GAAG,IAAA,2CAAqB,EAAC,QAAQ,CAAC,CAAA;IAElD,+BAA+B;IAC/B,MAAM,cAAc,GAAG,IAAA,2CAAyB,EAAC,QAAQ,CAAC,CAAA;IAE1D,MAAM,KAAK,GAAG,OAAO,EAAE,MAAM,EAAE,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC3D,MAAM,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAA;IACvC,MAAM,WAAW,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAA;IAC7C,MAAM,YAAY,GAAG,IAAA,kCAAgB,EAAC,QAAQ,CAAC,CAAA;IAC/C,MAAM,QAAQ,GAAG,IAAA,8BAAY,EAAC,QAAQ,CAAC,CAAA;IACvC,MAAM,WAAW,GAAG,+BAA+B,CAAC,QAAQ,CAAC,IAAI,cAAc,CAAC,sBAAsB,CAAA;IAEtG,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QAErB,gBAAgB;QAChB,IAAI,SAAS,CAAC,IAAI,CAAC;YAAE,SAAQ;QAE7B,2DAA2D;QAC3D,IAAI,QAAQ,IAAI,IAAA,yCAAuB,EAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC;YAClD,SAAQ;QACV,CAAC;QAED,4BAA4B;QAC5B,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;QAE7C,gDAAgD;QAChD,IAAI,OAAO,CAAC,QAAQ;YAAE,SAAQ;QAE9B,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,YAAY,EAAE,CAAC;YACpE,oBAAoB;YACpB,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAA;YAEvD,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAC9B,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;gBAEpB,sCAAsC;gBACtC,IAAI,yBAAyB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;oBACxC,wEAAwE;oBACxE,uDAAuD;oBACvD,IAAI,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC9B,SAAQ;oBACV,CAAC;oBAED,+CAA+C;oBAC/C,iFAAiF;oBACjF,IAAI,UAAU,CAAC,uBAAuB,EAAE,CAAC;wBACvC,SAAQ;oBACV,CAAC;oBAED,0FAA0F;oBAC1F,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,SAAS,IAAI,WAAW,IAAI,YAAY,EAAE,CAAC;wBAC3E,SAAQ;oBACV,CAAC;oBAED,gFAAgF;oBAChF,IAAI,IAAA,8CAAwB,EAAC,IAAI,CAAC,EAAE,CAAC;wBACnC,SAAQ;oBACV,CAAC;oBAED,sDAAsD;oBACtD,IAAI,IAAA,6CAAuB,EAAC,IAAI,CAAC,EAAE,CAAC;wBAClC,SAAQ;oBACV,CAAC;oBAED,iFAAiF;oBACjF,IAAI,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAC3B,SAAQ;oBACV,CAAC;oBAED,6EAA6E;oBAC7E,IAAI,oBAAoB,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC/B,SAAQ;oBACV,CAAC;oBAED,oDAAoD;oBACpD,MAAM,gBAAgB,GAAG,IAAA,0CAAoB,EAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;oBAE7D,sDAAsD;oBACtD,IAAI,gBAAgB,KAAK,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;wBACzE,SAAQ;oBACV,CAAC;oBAED,eAAe,CAAC,IAAI,CAAC;wBACnB,EAAE,EAAE,OAAO,QAAQ,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE;wBACtC,QAAQ;wBACR,UAAU,EAAE,CAAC,GAAG,CAAC;wBACjB,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;wBACxB,QAAQ,EAAE,gBAAgB;wBAC1B,QAAQ,EAAE,eAAe;wBACzB,KAAK,EAAE,IAAI;wBACX,WAAW,EAAE,WAAW,GAAG,CAAC,gBAAgB,KAAK,MAAM,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAC,uBAAuB,CAAC;wBAC/G,YAAY,EAAE,6FAA6F;wBAC3G,UAAU,EAAE,gBAAgB,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK;wBACxD,cAAc,EAAE,yBAAyB;wBACzC,KAAK,EAAE,CAAC;wBACZ,MAAM,EAAE,QAAiB;qBACtB,CAAC,CAAA;gBACJ,CAAC;qBAAM,CAAC;oBACN,sCAAsC;oBACtC,8DAA8D;oBAC9D,IAAI,gBAAgB,GAAG,QAAQ,CAAA;oBAC/B,IAAI,WAAW,GAAG,EAAE,CAAA;oBAEpB,IAAI,UAAU,EAAE,CAAC;wBACf,IAAI,QAAQ,KAAK,UAAU;4BAAE,gBAAgB,GAAG,MAAM,CAAA;6BACjD,IAAI,QAAQ,KAAK,MAAM;4BAAE,gBAAgB,GAAG,KAAK,CAAA;;4BACjD,gBAAgB,GAAG,MAAM,CAAA;wBAC9B,WAAW,GAAG,iBAAiB,CAAA;oBACjC,CAAC;oBAED,gFAAgF;oBAChF,+DAA+D;oBAC/D,IAAI,WAAW,IAAI,CAAC,IAAI,KAAK,gBAAgB,IAAI,IAAI,KAAK,oBAAoB,CAAC,EAAE,CAAC;wBAChF,gBAAgB,GAAG,MAAM,CAAA;wBACzB,WAAW,GAAG,qCAAqC,CAAA;oBACrD,CAAC;oBAED,kDAAkD;oBAClD,MAAM,oBAAoB,GAAG,QAAQ,KAAK,UAAU,CAAA;oBAEpD,eAAe,CAAC,IAAI,CAAC;wBACnB,EAAE,EAAE,OAAO,QAAQ,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE;wBACtC,QAAQ;wBACR,UAAU,EAAE,CAAC,GAAG,CAAC;wBACjB,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;wBACxB,QAAQ,EAAE,gBAAgB;wBAC1B,QAAQ,EAAE,eAAe;wBACzB,KAAK,EAAE,IAAI;wBACX,WAAW,EAAE,WAAW,GAAG,WAAW;wBACtC,YAAY,EAAE,6FAA6F;wBAC3G,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ;wBACzC,cAAc,EAAE,uBAAuB;wBACvC,KAAK,EAAE,CAAC;wBACZ,MAAM,EAAE,QAAiB;wBACrB,oBAAoB;qBACrB,CAAC,CAAA;gBACJ,CAAC;gBACD,MAAK,CAAC,qCAAqC;YAC7C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Detection Stage — Runs Layer 1 + Layer 2 detectors and handles localhost aggregation.
|
|
3
|
+
*
|
|
4
|
+
* Returns raw findings before noisy aggregation/enrichment (those are called
|
|
5
|
+
* by the orchestrator to keep stage boundaries clean).
|
|
6
|
+
*/
|
|
7
|
+
import type { ScanFile, Vulnerability, CancellationToken, DetectorContext, ProgressCallback } from '../shared/types';
|
|
8
|
+
import type { MiddlewareAuthConfig } from '../model/middleware-detector';
|
|
9
|
+
import type { FileAuthImports } from '../model/imported-auth-detector';
|
|
10
|
+
import type { FilterPipeline } from '../postprocess/filtering/pipeline';
|
|
11
|
+
export interface DetectorInput {
|
|
12
|
+
files: ScanFile[];
|
|
13
|
+
middlewareConfig?: MiddlewareAuthConfig;
|
|
14
|
+
fileAuthImports?: Map<string, FileAuthImports>;
|
|
15
|
+
detectorContext: DetectorContext;
|
|
16
|
+
onProgress?: ProgressCallback;
|
|
17
|
+
cancellationToken?: CancellationToken;
|
|
18
|
+
filterPipeline: FilterPipeline;
|
|
19
|
+
repoName: string;
|
|
20
|
+
quiet: boolean;
|
|
21
|
+
}
|
|
22
|
+
export interface DetectorOutput {
|
|
23
|
+
/** Combined Layer 1 + Layer 2 findings (after localhost aggregation) */
|
|
24
|
+
findings: Vulnerability[];
|
|
25
|
+
/** Phase timing */
|
|
26
|
+
phaseTiming: {
|
|
27
|
+
layer1?: number;
|
|
28
|
+
layer2?: number;
|
|
29
|
+
};
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* Run all detectors (Layer 1 + Layer 2) and return combined raw findings.
|
|
33
|
+
*/
|
|
34
|
+
export declare function runDetectors(input: DetectorInput): Promise<DetectorOutput>;
|
|
35
|
+
export { runLayer1Scan, type Layer1Result } from './secrets';
|
|
36
|
+
export { runLayer2Scan, type Layer2Result } from './structural';
|
|
37
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/detect/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,QAAQ,EACR,aAAa,EACb,iBAAiB,EACjB,eAAe,EACf,gBAAgB,EACjB,MAAM,iBAAiB,CAAA;AAIxB,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAA;AACxE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAA;AACtE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAA;AAEvE,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,QAAQ,EAAE,CAAA;IACjB,gBAAgB,CAAC,EAAE,oBAAoB,CAAA;IACvC,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IAC9C,eAAe,EAAE,eAAe,CAAA;IAChC,UAAU,CAAC,EAAE,gBAAgB,CAAA;IAC7B,iBAAiB,CAAC,EAAE,iBAAiB,CAAA;IACrC,cAAc,EAAE,cAAc,CAAA;IAC9B,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,EAAE,OAAO,CAAA;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,wEAAwE;IACxE,QAAQ,EAAE,aAAa,EAAE,CAAA;IACzB,mBAAmB;IACnB,WAAW,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAA;CAClD;AAKD;;GAEG;AACH,wBAAsB,YAAY,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC,CAgFhF;AAGD,OAAO,EAAE,aAAa,EAAE,KAAK,YAAY,EAAE,MAAM,WAAW,CAAA;AAC5D,OAAO,EAAE,aAAa,EAAE,KAAK,YAAY,EAAE,MAAM,cAAc,CAAA"}
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Detection Stage — Runs Layer 1 + Layer 2 detectors and handles localhost aggregation.
|
|
4
|
+
*
|
|
5
|
+
* Returns raw findings before noisy aggregation/enrichment (those are called
|
|
6
|
+
* by the orchestrator to keep stage boundaries clean).
|
|
7
|
+
*/
|
|
8
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
+
exports.runLayer2Scan = exports.runLayer1Scan = void 0;
|
|
10
|
+
exports.runDetectors = runDetectors;
|
|
11
|
+
const secrets_1 = require("./secrets");
|
|
12
|
+
const structural_1 = require("./structural");
|
|
13
|
+
const urls_1 = require("./config/urls");
|
|
14
|
+
const fid = (v) => `${v.filePath}:${v.lineNumber}:${v.category}`;
|
|
15
|
+
/**
|
|
16
|
+
* Run all detectors (Layer 1 + Layer 2) and return combined raw findings.
|
|
17
|
+
*/
|
|
18
|
+
async function runDetectors(input) {
|
|
19
|
+
const { files, middlewareConfig, fileAuthImports, detectorContext, onProgress, cancellationToken, filterPipeline, repoName, quiet, } = input;
|
|
20
|
+
const log = (message) => {
|
|
21
|
+
if (!quiet)
|
|
22
|
+
console.log(message);
|
|
23
|
+
};
|
|
24
|
+
const reportProgress = (status, message, vulnerabilitiesFound = 0) => {
|
|
25
|
+
if (onProgress) {
|
|
26
|
+
onProgress({
|
|
27
|
+
status,
|
|
28
|
+
message,
|
|
29
|
+
filesProcessed: files.length,
|
|
30
|
+
totalFiles: files.length,
|
|
31
|
+
vulnerabilitiesFound,
|
|
32
|
+
});
|
|
33
|
+
}
|
|
34
|
+
};
|
|
35
|
+
const phaseTiming = {};
|
|
36
|
+
// Layer 1: Surface Scan
|
|
37
|
+
const layer1Start = Date.now();
|
|
38
|
+
reportProgress('layer1', 'Running surface scan (patterns, entropy, config)...');
|
|
39
|
+
let layer1Result = await (0, secrets_1.runLayer1Scan)(files, onProgress, cancellationToken);
|
|
40
|
+
// Aggregate repeated localhost findings
|
|
41
|
+
const layer1RawCount = layer1Result.vulnerabilities.length;
|
|
42
|
+
const layer1BeforeAggregation = layer1Result.vulnerabilities;
|
|
43
|
+
layer1Result = {
|
|
44
|
+
...layer1Result,
|
|
45
|
+
vulnerabilities: (0, urls_1.aggregateLocalhostFindings)(layer1Result.vulnerabilities)
|
|
46
|
+
};
|
|
47
|
+
if (filterPipeline.isEnabled) {
|
|
48
|
+
const afterIds = new Set(layer1Result.vulnerabilities.map(fid));
|
|
49
|
+
for (const v of layer1BeforeAggregation) {
|
|
50
|
+
if (!afterIds.has(fid(v))) {
|
|
51
|
+
filterPipeline.record(fid(v), { stage: 'localhost_aggregation', action: 'aggregated', reason: 'Aggregated repeated localhost finding' });
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
phaseTiming.layer1 = Date.now() - layer1Start;
|
|
56
|
+
log(`[Layer1] repo=${repoName} findings_raw=${layer1RawCount} findings_deduped=${layer1Result.vulnerabilities.length} duration=${phaseTiming.layer1}ms`);
|
|
57
|
+
// Layer 2: Structural Scan
|
|
58
|
+
const layer2Start = Date.now();
|
|
59
|
+
reportProgress('layer2', 'Running structural scan (variables, logic gates)...', layer1Result.vulnerabilities.length);
|
|
60
|
+
const layer2Result = await (0, structural_1.runLayer2Scan)(files, { middlewareConfig, fileAuthImports, detectorContext }, onProgress, cancellationToken);
|
|
61
|
+
// Format heuristic breakdown for logging
|
|
62
|
+
const heuristicBreakdown = Object.entries(layer2Result.stats.raw)
|
|
63
|
+
.filter(([, count]) => count > 0)
|
|
64
|
+
.map(([name, count]) => `${name}:${count}`)
|
|
65
|
+
.join(',');
|
|
66
|
+
phaseTiming.layer2 = Date.now() - layer2Start;
|
|
67
|
+
log(`[Layer2] repo=${repoName} findings_raw=${Object.values(layer2Result.stats.raw).reduce((a, b) => a + b, 0)} findings_deduped=${layer2Result.vulnerabilities.length} duration=${phaseTiming.layer2}ms heuristic_breakdown={${heuristicBreakdown}}`);
|
|
68
|
+
// Combine Layer 1 and Layer 2 findings
|
|
69
|
+
const findings = [...layer1Result.vulnerabilities, ...layer2Result.vulnerabilities];
|
|
70
|
+
return { findings, phaseTiming };
|
|
71
|
+
}
|
|
72
|
+
// Re-export layer results for external consumers
|
|
73
|
+
var secrets_2 = require("./secrets");
|
|
74
|
+
Object.defineProperty(exports, "runLayer1Scan", { enumerable: true, get: function () { return secrets_2.runLayer1Scan; } });
|
|
75
|
+
var structural_2 = require("./structural");
|
|
76
|
+
Object.defineProperty(exports, "runLayer2Scan", { enumerable: true, get: function () { return structural_2.runLayer2Scan; } });
|
|
77
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/detect/index.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAyCH,oCAgFC;AAhHD,uCAA4D;AAC5D,6CAA+D;AAC/D,wCAA0D;AAwB1D,MAAM,GAAG,GAAG,CAAC,CAA8D,EAAE,EAAE,CAC7E,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAA;AAE/C;;GAEG;AACI,KAAK,UAAU,YAAY,CAAC,KAAoB;IACrD,MAAM,EACJ,KAAK,EACL,gBAAgB,EAChB,eAAe,EACf,eAAe,EACf,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,QAAQ,EACR,KAAK,GACN,GAAG,KAAK,CAAA;IAET,MAAM,GAAG,GAAG,CAAC,OAAe,EAAE,EAAE;QAC9B,IAAI,CAAC,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IAClC,CAAC,CAAA;IAED,MAAM,cAAc,GAAG,CACrB,MAA2B,EAC3B,OAAe,EACf,uBAA+B,CAAC,EAChC,EAAE;QACF,IAAI,UAAU,EAAE,CAAC;YACf,UAAU,CAAC;gBACT,MAAM;gBACN,OAAO;gBACP,cAAc,EAAE,KAAK,CAAC,MAAM;gBAC5B,UAAU,EAAE,KAAK,CAAC,MAAM;gBACxB,oBAAoB;aACrB,CAAC,CAAA;QACJ,CAAC;IACH,CAAC,CAAA;IAED,MAAM,WAAW,GAAyC,EAAE,CAAA;IAE5D,wBAAwB;IACxB,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IAC9B,cAAc,CAAC,QAAQ,EAAE,qDAAqD,CAAC,CAAA;IAC/E,IAAI,YAAY,GAAG,MAAM,IAAA,uBAAa,EAAC,KAAK,EAAE,UAAU,EAAE,iBAAiB,CAAC,CAAA;IAE5E,wCAAwC;IACxC,MAAM,cAAc,GAAG,YAAY,CAAC,eAAe,CAAC,MAAM,CAAA;IAC1D,MAAM,uBAAuB,GAAG,YAAY,CAAC,eAAe,CAAA;IAC5D,YAAY,GAAG;QACb,GAAG,YAAY;QACf,eAAe,EAAE,IAAA,iCAA0B,EAAC,YAAY,CAAC,eAAe,CAAC;KAC1E,CAAA;IACD,IAAI,cAAc,CAAC,SAAS,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAA;QAC/D,KAAK,MAAM,CAAC,IAAI,uBAAuB,EAAE,CAAC;YACxC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1B,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,uCAAuC,EAAE,CAAC,CAAA;YAC1I,CAAC;QACH,CAAC;IACH,CAAC;IACD,WAAW,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAA;IAC7C,GAAG,CAAC,iBAAiB,QAAQ,iBAAiB,cAAc,qBAAqB,YAAY,CAAC,eAAe,CAAC,MAAM,aAAa,WAAW,CAAC,MAAM,IAAI,CAAC,CAAA;IAExJ,2BAA2B;IAC3B,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IAC9B,cAAc,CAAC,QAAQ,EAAE,qDAAqD,EAAE,YAAY,CAAC,eAAe,CAAC,MAAM,CAAC,CAAA;IACpH,MAAM,YAAY,GAAG,MAAM,IAAA,0BAAa,EACtC,KAAK,EACL,EAAE,gBAAgB,EAAE,eAAe,EAAE,eAAe,EAAE,EACtD,UAAU,EACV,iBAAiB,CAClB,CAAA;IAED,yCAAyC;IACzC,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC;SAC9D,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,GAAG,CAAC,CAAC;SAChC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC;SAC1C,IAAI,CAAC,GAAG,CAAC,CAAA;IACZ,WAAW,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAA;IAC7C,GAAG,CAAC,iBAAiB,QAAQ,iBAAiB,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,qBAAqB,YAAY,CAAC,eAAe,CAAC,MAAM,aAAa,WAAW,CAAC,MAAM,2BAA2B,kBAAkB,GAAG,CAAC,CAAA;IAEtP,uCAAuC;IACvC,MAAM,QAAQ,GAAG,CAAC,GAAG,YAAY,CAAC,eAAe,EAAE,GAAG,YAAY,CAAC,eAAe,CAAC,CAAA;IAEnF,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAA;AAClC,CAAC;AAED,iDAAiD;AACjD,qCAA4D;AAAnD,wGAAA,aAAa,OAAA;AACtB,2CAA+D;AAAtD,2GAAA,aAAa,OAAA"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Layer 1: Configuration Auditing
|
|
3
|
+
* Scans configuration files for security misconfigurations
|
|
4
|
+
*/
|
|
5
|
+
import type { ConfigRule, Vulnerability } from '../../shared/types';
|
|
6
|
+
import type { ParsedFile } from '../../shared/parsed-file';
|
|
7
|
+
export declare const CONFIG_RULES: ConfigRule[];
|
|
8
|
+
export declare function auditConfiguration(content: string, filePath: string, options?: {
|
|
9
|
+
parsed?: ParsedFile;
|
|
10
|
+
}): Vulnerability[];
|
|
11
|
+
//# sourceMappingURL=config-audit.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"config-audit.d.ts","sourceRoot":"","sources":["../../../src/detect/secrets/config-audit.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAmB,aAAa,EAAE,MAAM,oBAAoB,CAAA;AACpF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;AAM1D,eAAO,MAAM,YAAY,EAAE,UAAU,EAgSpC,CAAA;AAkBD,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,UAAU,CAAA;CAAE,GAChC,aAAa,EAAE,CA4BjB"}
|