@oculum/scanner 1.0.11 → 1.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1178) hide show
  1. package/dist/ai-context/index.d.ts +6 -0
  2. package/dist/ai-context/index.d.ts.map +1 -0
  3. package/dist/ai-context/index.js +13 -0
  4. package/dist/ai-context/index.js.map +1 -0
  5. package/dist/ai-context/manager.d.ts +67 -0
  6. package/dist/ai-context/manager.d.ts.map +1 -0
  7. package/dist/ai-context/manager.js +104 -0
  8. package/dist/ai-context/manager.js.map +1 -0
  9. package/dist/category-filter.d.ts +125 -0
  10. package/dist/category-filter.d.ts.map +1 -0
  11. package/dist/category-filter.js +360 -0
  12. package/dist/category-filter.js.map +1 -0
  13. package/dist/detect/ai-code/agent-tools.d.ts +22 -0
  14. package/dist/detect/ai-code/agent-tools.d.ts.map +1 -0
  15. package/dist/detect/ai-code/agent-tools.js +1509 -0
  16. package/dist/detect/ai-code/agent-tools.js.map +1 -0
  17. package/dist/detect/ai-code/byok-patterns.d.ts +15 -0
  18. package/dist/detect/ai-code/byok-patterns.d.ts.map +1 -0
  19. package/dist/detect/ai-code/byok-patterns.js +313 -0
  20. package/dist/detect/ai-code/byok-patterns.js.map +1 -0
  21. package/dist/detect/ai-code/endpoint-protection.d.ts +38 -0
  22. package/dist/detect/ai-code/endpoint-protection.d.ts.map +1 -0
  23. package/dist/detect/ai-code/endpoint-protection.js +349 -0
  24. package/dist/detect/ai-code/endpoint-protection.js.map +1 -0
  25. package/dist/detect/ai-code/execution-sinks.d.ts +21 -0
  26. package/dist/detect/ai-code/execution-sinks.d.ts.map +1 -0
  27. package/dist/detect/ai-code/execution-sinks.js +1158 -0
  28. package/dist/detect/ai-code/execution-sinks.js.map +1 -0
  29. package/dist/detect/ai-code/fingerprinting.d.ts +10 -0
  30. package/dist/detect/ai-code/fingerprinting.d.ts.map +1 -0
  31. package/dist/detect/ai-code/fingerprinting.js +665 -0
  32. package/dist/detect/ai-code/fingerprinting.js.map +1 -0
  33. package/dist/detect/ai-code/index.d.ts +12 -0
  34. package/dist/detect/ai-code/index.d.ts.map +1 -0
  35. package/dist/detect/ai-code/index.js +26 -0
  36. package/dist/detect/ai-code/index.js.map +1 -0
  37. package/dist/detect/ai-code/mcp-security.d.ts +20 -0
  38. package/dist/detect/ai-code/mcp-security.d.ts.map +1 -0
  39. package/dist/detect/ai-code/mcp-security.js +880 -0
  40. package/dist/detect/ai-code/mcp-security.js.map +1 -0
  41. package/dist/detect/ai-code/model-supply-chain.d.ts +23 -0
  42. package/dist/detect/ai-code/model-supply-chain.d.ts.map +1 -0
  43. package/dist/detect/ai-code/model-supply-chain.js +447 -0
  44. package/dist/detect/ai-code/model-supply-chain.js.map +1 -0
  45. package/dist/detect/ai-code/package-hallucination.d.ts +22 -0
  46. package/dist/detect/ai-code/package-hallucination.d.ts.map +1 -0
  47. package/dist/detect/ai-code/package-hallucination.js +841 -0
  48. package/dist/detect/ai-code/package-hallucination.js.map +1 -0
  49. package/dist/detect/ai-code/prompt-hygiene.d.ts +22 -0
  50. package/dist/detect/ai-code/prompt-hygiene.d.ts.map +1 -0
  51. package/dist/detect/ai-code/prompt-hygiene.js +1177 -0
  52. package/dist/detect/ai-code/prompt-hygiene.js.map +1 -0
  53. package/dist/detect/ai-code/rag-safety.d.ts +24 -0
  54. package/dist/detect/ai-code/rag-safety.d.ts.map +1 -0
  55. package/dist/detect/ai-code/rag-safety.js +913 -0
  56. package/dist/detect/ai-code/rag-safety.js.map +1 -0
  57. package/dist/detect/ai-code/schema-validation.d.ts +28 -0
  58. package/dist/detect/ai-code/schema-validation.d.ts.map +1 -0
  59. package/dist/detect/ai-code/schema-validation.js +378 -0
  60. package/dist/detect/ai-code/schema-validation.js.map +1 -0
  61. package/dist/detect/config/agent-skill-injection.d.ts +27 -0
  62. package/dist/detect/config/agent-skill-injection.d.ts.map +1 -0
  63. package/dist/detect/config/agent-skill-injection.js +472 -0
  64. package/dist/detect/config/agent-skill-injection.js.map +1 -0
  65. package/dist/detect/config/comments.d.ts +11 -0
  66. package/dist/detect/config/comments.d.ts.map +1 -0
  67. package/dist/detect/config/comments.js +206 -0
  68. package/dist/detect/config/comments.js.map +1 -0
  69. package/dist/detect/config/file-flags.d.ts +10 -0
  70. package/dist/detect/config/file-flags.d.ts.map +1 -0
  71. package/dist/detect/config/file-flags.js +124 -0
  72. package/dist/detect/config/file-flags.js.map +1 -0
  73. package/dist/detect/config/index.d.ts +7 -0
  74. package/dist/detect/config/index.d.ts.map +1 -0
  75. package/dist/detect/config/index.js +17 -0
  76. package/dist/detect/config/index.js.map +1 -0
  77. package/dist/detect/config/osv-check.d.ts +75 -0
  78. package/dist/detect/config/osv-check.d.ts.map +1 -0
  79. package/dist/detect/config/osv-check.js +309 -0
  80. package/dist/detect/config/osv-check.js.map +1 -0
  81. package/dist/detect/config/package-check.d.ts +63 -0
  82. package/dist/detect/config/package-check.d.ts.map +1 -0
  83. package/dist/detect/config/package-check.js +509 -0
  84. package/dist/detect/config/package-check.js.map +1 -0
  85. package/dist/detect/config/urls.d.ts +11 -0
  86. package/dist/detect/config/urls.d.ts.map +1 -0
  87. package/dist/detect/config/urls.js +450 -0
  88. package/dist/detect/config/urls.js.map +1 -0
  89. package/dist/detect/index.d.ts +37 -0
  90. package/dist/detect/index.d.ts.map +1 -0
  91. package/dist/detect/index.js +77 -0
  92. package/dist/detect/index.js.map +1 -0
  93. package/dist/detect/secrets/config-audit.d.ts +11 -0
  94. package/dist/detect/secrets/config-audit.d.ts.map +1 -0
  95. package/dist/detect/secrets/config-audit.js +315 -0
  96. package/dist/detect/secrets/config-audit.js.map +1 -0
  97. package/dist/detect/secrets/config-mcp-audit.d.ts +23 -0
  98. package/dist/detect/secrets/config-mcp-audit.d.ts.map +1 -0
  99. package/dist/detect/secrets/config-mcp-audit.js +243 -0
  100. package/dist/detect/secrets/config-mcp-audit.js.map +1 -0
  101. package/dist/detect/secrets/entropy.d.ts +11 -0
  102. package/dist/detect/secrets/entropy.d.ts.map +1 -0
  103. package/dist/detect/secrets/entropy.js +751 -0
  104. package/dist/detect/secrets/entropy.js.map +1 -0
  105. package/dist/detect/secrets/index.d.ts +36 -0
  106. package/dist/detect/secrets/index.d.ts.map +1 -0
  107. package/dist/detect/secrets/index.js +174 -0
  108. package/dist/detect/secrets/index.js.map +1 -0
  109. package/dist/detect/secrets/patterns.d.ts +11 -0
  110. package/dist/detect/secrets/patterns.d.ts.map +1 -0
  111. package/dist/detect/secrets/patterns.js +518 -0
  112. package/dist/detect/secrets/patterns.js.map +1 -0
  113. package/dist/detect/secrets/weak-crypto.d.ts +10 -0
  114. package/dist/detect/secrets/weak-crypto.d.ts.map +1 -0
  115. package/dist/detect/secrets/weak-crypto.js +432 -0
  116. package/dist/detect/secrets/weak-crypto.js.map +1 -0
  117. package/dist/detect/structural/auth-patterns.d.ts +22 -0
  118. package/dist/detect/structural/auth-patterns.d.ts.map +1 -0
  119. package/dist/detect/structural/auth-patterns.js +533 -0
  120. package/dist/detect/structural/auth-patterns.js.map +1 -0
  121. package/dist/detect/structural/dangerous-functions/child-process.d.ts +16 -0
  122. package/dist/detect/structural/dangerous-functions/child-process.d.ts.map +1 -0
  123. package/dist/detect/structural/dangerous-functions/child-process.js +74 -0
  124. package/dist/detect/structural/dangerous-functions/child-process.js.map +1 -0
  125. package/dist/detect/structural/dangerous-functions/dom-xss.d.ts +34 -0
  126. package/dist/detect/structural/dangerous-functions/dom-xss.d.ts.map +1 -0
  127. package/dist/detect/structural/dangerous-functions/dom-xss.js +230 -0
  128. package/dist/detect/structural/dangerous-functions/dom-xss.js.map +1 -0
  129. package/dist/detect/structural/dangerous-functions/index.d.ts +16 -0
  130. package/dist/detect/structural/dangerous-functions/index.d.ts.map +1 -0
  131. package/dist/detect/structural/dangerous-functions/index.js +1193 -0
  132. package/dist/detect/structural/dangerous-functions/index.js.map +1 -0
  133. package/dist/detect/structural/dangerous-functions/json-parse.d.ts +31 -0
  134. package/dist/detect/structural/dangerous-functions/json-parse.d.ts.map +1 -0
  135. package/dist/detect/structural/dangerous-functions/json-parse.js +326 -0
  136. package/dist/detect/structural/dangerous-functions/json-parse.js.map +1 -0
  137. package/dist/detect/structural/dangerous-functions/math-random.d.ts +111 -0
  138. package/dist/detect/structural/dangerous-functions/math-random.d.ts.map +1 -0
  139. package/dist/detect/structural/dangerous-functions/math-random.js +684 -0
  140. package/dist/detect/structural/dangerous-functions/math-random.js.map +1 -0
  141. package/dist/detect/structural/dangerous-functions/patterns.d.ts +21 -0
  142. package/dist/detect/structural/dangerous-functions/patterns.d.ts.map +1 -0
  143. package/dist/detect/structural/dangerous-functions/patterns.js +163 -0
  144. package/dist/detect/structural/dangerous-functions/patterns.js.map +1 -0
  145. package/dist/detect/structural/dangerous-functions/request-validation.d.ts +13 -0
  146. package/dist/detect/structural/dangerous-functions/request-validation.d.ts.map +1 -0
  147. package/dist/detect/structural/dangerous-functions/request-validation.js +126 -0
  148. package/dist/detect/structural/dangerous-functions/request-validation.js.map +1 -0
  149. package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts +24 -0
  150. package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts.map +1 -0
  151. package/dist/detect/structural/dangerous-functions/utils/control-flow.js +70 -0
  152. package/dist/detect/structural/dangerous-functions/utils/control-flow.js.map +1 -0
  153. package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts +31 -0
  154. package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts.map +1 -0
  155. package/dist/detect/structural/dangerous-functions/utils/helpers.js +147 -0
  156. package/dist/detect/structural/dangerous-functions/utils/helpers.js.map +1 -0
  157. package/dist/detect/structural/dangerous-functions/utils/index.d.ts +9 -0
  158. package/dist/detect/structural/dangerous-functions/utils/index.d.ts.map +1 -0
  159. package/dist/detect/structural/dangerous-functions/utils/index.js +23 -0
  160. package/dist/detect/structural/dangerous-functions/utils/index.js.map +1 -0
  161. package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts +22 -0
  162. package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts.map +1 -0
  163. package/dist/detect/structural/dangerous-functions/utils/schema-validation.js +102 -0
  164. package/dist/detect/structural/dangerous-functions/utils/schema-validation.js.map +1 -0
  165. package/dist/detect/structural/data-exposure.d.ts +19 -0
  166. package/dist/detect/structural/data-exposure.d.ts.map +1 -0
  167. package/dist/detect/structural/data-exposure.js +262 -0
  168. package/dist/detect/structural/data-exposure.js.map +1 -0
  169. package/dist/detect/structural/framework-checks.d.ts +10 -0
  170. package/dist/detect/structural/framework-checks.d.ts.map +1 -0
  171. package/dist/detect/structural/framework-checks.js +389 -0
  172. package/dist/detect/structural/framework-checks.js.map +1 -0
  173. package/dist/detect/structural/index.d.ts +71 -0
  174. package/dist/detect/structural/index.d.ts.map +1 -0
  175. package/dist/detect/structural/index.js +510 -0
  176. package/dist/detect/structural/index.js.map +1 -0
  177. package/dist/detect/structural/log-injection.d.ts +18 -0
  178. package/dist/detect/structural/log-injection.d.ts.map +1 -0
  179. package/dist/detect/structural/log-injection.js +217 -0
  180. package/dist/detect/structural/log-injection.js.map +1 -0
  181. package/dist/detect/structural/logic-gates.d.ts +10 -0
  182. package/dist/detect/structural/logic-gates.d.ts.map +1 -0
  183. package/dist/detect/structural/logic-gates.js +227 -0
  184. package/dist/detect/structural/logic-gates.js.map +1 -0
  185. package/dist/detect/structural/risky-imports.d.ts +10 -0
  186. package/dist/detect/structural/risky-imports.d.ts.map +1 -0
  187. package/dist/detect/structural/risky-imports.js +168 -0
  188. package/dist/detect/structural/risky-imports.js.map +1 -0
  189. package/dist/detect/structural/security-headers.d.ts +18 -0
  190. package/dist/detect/structural/security-headers.d.ts.map +1 -0
  191. package/dist/detect/structural/security-headers.js +196 -0
  192. package/dist/detect/structural/security-headers.js.map +1 -0
  193. package/dist/detect/structural/ssrf-detection.d.ts +18 -0
  194. package/dist/detect/structural/ssrf-detection.d.ts.map +1 -0
  195. package/dist/detect/structural/ssrf-detection.js +263 -0
  196. package/dist/detect/structural/ssrf-detection.js.map +1 -0
  197. package/dist/detect/structural/variables.d.ts +11 -0
  198. package/dist/detect/structural/variables.d.ts.map +1 -0
  199. package/dist/detect/structural/variables.js +159 -0
  200. package/dist/detect/structural/variables.js.map +1 -0
  201. package/dist/detect/structural/xxe-detection.d.ts +18 -0
  202. package/dist/detect/structural/xxe-detection.d.ts.map +1 -0
  203. package/dist/detect/structural/xxe-detection.js +245 -0
  204. package/dist/detect/structural/xxe-detection.js.map +1 -0
  205. package/dist/filtering/context-adjustments.d.ts +23 -0
  206. package/dist/filtering/context-adjustments.d.ts.map +1 -0
  207. package/dist/filtering/context-adjustments.js +100 -0
  208. package/dist/filtering/context-adjustments.js.map +1 -0
  209. package/dist/filtering/index.d.ts +3 -0
  210. package/dist/filtering/index.d.ts.map +1 -0
  211. package/dist/filtering/index.js +8 -0
  212. package/dist/filtering/index.js.map +1 -0
  213. package/dist/filtering/pipeline.d.ts +48 -0
  214. package/dist/filtering/pipeline.d.ts.map +1 -0
  215. package/dist/filtering/pipeline.js +76 -0
  216. package/dist/filtering/pipeline.js.map +1 -0
  217. package/dist/formatters/ai-context.d.ts +23 -0
  218. package/dist/formatters/ai-context.d.ts.map +1 -0
  219. package/dist/formatters/ai-context.js +238 -0
  220. package/dist/formatters/ai-context.js.map +1 -0
  221. package/dist/formatters/github-comment.d.ts +1 -1
  222. package/dist/formatters/github-comment.d.ts.map +1 -1
  223. package/dist/formatters/github-comment.js +2 -2
  224. package/dist/formatters/github-comment.js.map +1 -1
  225. package/dist/formatters/ide/claude-code.d.ts +17 -0
  226. package/dist/formatters/ide/claude-code.d.ts.map +1 -0
  227. package/dist/formatters/ide/claude-code.js +94 -0
  228. package/dist/formatters/ide/claude-code.js.map +1 -0
  229. package/dist/formatters/ide/cursor.d.ts +13 -0
  230. package/dist/formatters/ide/cursor.d.ts.map +1 -0
  231. package/dist/formatters/ide/cursor.js +125 -0
  232. package/dist/formatters/ide/cursor.js.map +1 -0
  233. package/dist/formatters/ide/index.d.ts +62 -0
  234. package/dist/formatters/ide/index.d.ts.map +1 -0
  235. package/dist/formatters/ide/index.js +184 -0
  236. package/dist/formatters/ide/index.js.map +1 -0
  237. package/dist/formatters/ide/windsurf.d.ts +13 -0
  238. package/dist/formatters/ide/windsurf.d.ts.map +1 -0
  239. package/dist/formatters/ide/windsurf.js +117 -0
  240. package/dist/formatters/ide/windsurf.js.map +1 -0
  241. package/dist/formatters/index.d.ts +2 -0
  242. package/dist/formatters/index.d.ts.map +1 -1
  243. package/dist/formatters/index.js +17 -1
  244. package/dist/formatters/index.js.map +1 -1
  245. package/dist/index.d.ts +17 -60
  246. package/dist/index.d.ts.map +1 -1
  247. package/dist/index.js +67 -824
  248. package/dist/index.js.map +1 -1
  249. package/dist/layer1/comments.d.ts +4 -1
  250. package/dist/layer1/comments.d.ts.map +1 -1
  251. package/dist/layer1/comments.js +1 -1
  252. package/dist/layer1/comments.js.map +1 -1
  253. package/dist/layer1/config-audit.d.ts +4 -1
  254. package/dist/layer1/config-audit.d.ts.map +1 -1
  255. package/dist/layer1/config-audit.js +45 -11
  256. package/dist/layer1/config-audit.js.map +1 -1
  257. package/dist/layer1/config-mcp-audit.d.ts +4 -1
  258. package/dist/layer1/config-mcp-audit.d.ts.map +1 -1
  259. package/dist/layer1/config-mcp-audit.js +2 -2
  260. package/dist/layer1/config-mcp-audit.js.map +1 -1
  261. package/dist/layer1/entropy.d.ts +4 -1
  262. package/dist/layer1/entropy.d.ts.map +1 -1
  263. package/dist/layer1/entropy.js +212 -1
  264. package/dist/layer1/entropy.js.map +1 -1
  265. package/dist/layer1/file-flags.d.ts +4 -1
  266. package/dist/layer1/file-flags.d.ts.map +1 -1
  267. package/dist/layer1/file-flags.js +12 -5
  268. package/dist/layer1/file-flags.js.map +1 -1
  269. package/dist/layer1/index.d.ts.map +1 -1
  270. package/dist/layer1/index.js +14 -19
  271. package/dist/layer1/index.js.map +1 -1
  272. package/dist/layer1/patterns.d.ts +4 -1
  273. package/dist/layer1/patterns.d.ts.map +1 -1
  274. package/dist/layer1/patterns.js +34 -4
  275. package/dist/layer1/patterns.js.map +1 -1
  276. package/dist/layer1/urls.d.ts +4 -1
  277. package/dist/layer1/urls.d.ts.map +1 -1
  278. package/dist/layer1/urls.js +162 -14
  279. package/dist/layer1/urls.js.map +1 -1
  280. package/dist/layer1/weak-crypto.d.ts +4 -1
  281. package/dist/layer1/weak-crypto.d.ts.map +1 -1
  282. package/dist/layer1/weak-crypto.js +144 -7
  283. package/dist/layer1/weak-crypto.js.map +1 -1
  284. package/dist/layer2/ai-agent-tools.d.ts +4 -1
  285. package/dist/layer2/ai-agent-tools.d.ts.map +1 -1
  286. package/dist/layer2/ai-agent-tools.js +661 -2
  287. package/dist/layer2/ai-agent-tools.js.map +1 -1
  288. package/dist/layer2/ai-endpoint-protection.d.ts +2 -0
  289. package/dist/layer2/ai-endpoint-protection.d.ts.map +1 -1
  290. package/dist/layer2/ai-endpoint-protection.js +1 -1
  291. package/dist/layer2/ai-endpoint-protection.js.map +1 -1
  292. package/dist/layer2/ai-execution-sinks.d.ts +4 -1
  293. package/dist/layer2/ai-execution-sinks.d.ts.map +1 -1
  294. package/dist/layer2/ai-execution-sinks.js +252 -43
  295. package/dist/layer2/ai-execution-sinks.js.map +1 -1
  296. package/dist/layer2/ai-fingerprinting.d.ts +4 -1
  297. package/dist/layer2/ai-fingerprinting.d.ts.map +1 -1
  298. package/dist/layer2/ai-fingerprinting.js +25 -32
  299. package/dist/layer2/ai-fingerprinting.js.map +1 -1
  300. package/dist/layer2/ai-mcp-security.d.ts +4 -1
  301. package/dist/layer2/ai-mcp-security.d.ts.map +1 -1
  302. package/dist/layer2/ai-mcp-security.js +200 -2
  303. package/dist/layer2/ai-mcp-security.js.map +1 -1
  304. package/dist/layer2/ai-package-hallucination.d.ts +4 -1
  305. package/dist/layer2/ai-package-hallucination.d.ts.map +1 -1
  306. package/dist/layer2/ai-package-hallucination.js +136 -4
  307. package/dist/layer2/ai-package-hallucination.js.map +1 -1
  308. package/dist/layer2/ai-prompt-hygiene.d.ts +4 -1
  309. package/dist/layer2/ai-prompt-hygiene.d.ts.map +1 -1
  310. package/dist/layer2/ai-prompt-hygiene.js +342 -28
  311. package/dist/layer2/ai-prompt-hygiene.js.map +1 -1
  312. package/dist/layer2/ai-rag-safety.d.ts +4 -1
  313. package/dist/layer2/ai-rag-safety.d.ts.map +1 -1
  314. package/dist/layer2/ai-rag-safety.js +82 -2
  315. package/dist/layer2/ai-rag-safety.js.map +1 -1
  316. package/dist/layer2/ai-schema-validation.d.ts +4 -1
  317. package/dist/layer2/ai-schema-validation.d.ts.map +1 -1
  318. package/dist/layer2/ai-schema-validation.js +2 -2
  319. package/dist/layer2/ai-schema-validation.js.map +1 -1
  320. package/dist/layer2/auth-antipatterns.d.ts +2 -0
  321. package/dist/layer2/auth-antipatterns.d.ts.map +1 -1
  322. package/dist/layer2/auth-antipatterns.js +205 -20
  323. package/dist/layer2/auth-antipatterns.js.map +1 -1
  324. package/dist/layer2/byok-patterns.d.ts +4 -1
  325. package/dist/layer2/byok-patterns.d.ts.map +1 -1
  326. package/dist/layer2/byok-patterns.js +2 -2
  327. package/dist/layer2/byok-patterns.js.map +1 -1
  328. package/dist/layer2/dangerous-functions/dom-xss.d.ts +9 -4
  329. package/dist/layer2/dangerous-functions/dom-xss.d.ts.map +1 -1
  330. package/dist/layer2/dangerous-functions/dom-xss.js +73 -22
  331. package/dist/layer2/dangerous-functions/dom-xss.js.map +1 -1
  332. package/dist/layer2/dangerous-functions/index.d.ts +4 -1
  333. package/dist/layer2/dangerous-functions/index.d.ts.map +1 -1
  334. package/dist/layer2/dangerous-functions/index.js +551 -20
  335. package/dist/layer2/dangerous-functions/index.js.map +1 -1
  336. package/dist/layer2/dangerous-functions/math-random.d.ts +54 -4
  337. package/dist/layer2/dangerous-functions/math-random.d.ts.map +1 -1
  338. package/dist/layer2/dangerous-functions/math-random.js +241 -16
  339. package/dist/layer2/dangerous-functions/math-random.js.map +1 -1
  340. package/dist/layer2/dangerous-functions/patterns.d.ts.map +1 -1
  341. package/dist/layer2/dangerous-functions/patterns.js +3 -1
  342. package/dist/layer2/dangerous-functions/patterns.js.map +1 -1
  343. package/dist/layer2/dangerous-functions/utils/control-flow.d.ts +3 -2
  344. package/dist/layer2/dangerous-functions/utils/control-flow.d.ts.map +1 -1
  345. package/dist/layer2/dangerous-functions/utils/control-flow.js +41 -120
  346. package/dist/layer2/dangerous-functions/utils/control-flow.js.map +1 -1
  347. package/dist/layer2/dangerous-functions/utils/helpers.d.ts.map +1 -1
  348. package/dist/layer2/dangerous-functions/utils/helpers.js +26 -3
  349. package/dist/layer2/dangerous-functions/utils/helpers.js.map +1 -1
  350. package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts.map +1 -1
  351. package/dist/layer2/dangerous-functions/utils/schema-validation.js +14 -1
  352. package/dist/layer2/dangerous-functions/utils/schema-validation.js.map +1 -1
  353. package/dist/layer2/data-exposure.d.ts +4 -1
  354. package/dist/layer2/data-exposure.d.ts.map +1 -1
  355. package/dist/layer2/data-exposure.js +11 -38
  356. package/dist/layer2/data-exposure.js.map +1 -1
  357. package/dist/layer2/framework-checks.d.ts +4 -1
  358. package/dist/layer2/framework-checks.d.ts.map +1 -1
  359. package/dist/layer2/framework-checks.js +3 -10
  360. package/dist/layer2/framework-checks.js.map +1 -1
  361. package/dist/layer2/index.d.ts +13 -1
  362. package/dist/layer2/index.d.ts.map +1 -1
  363. package/dist/layer2/index.js +107 -52
  364. package/dist/layer2/index.js.map +1 -1
  365. package/dist/layer2/log-injection.d.ts +18 -0
  366. package/dist/layer2/log-injection.d.ts.map +1 -0
  367. package/dist/layer2/log-injection.js +214 -0
  368. package/dist/layer2/log-injection.js.map +1 -0
  369. package/dist/layer2/logic-gates.d.ts +4 -1
  370. package/dist/layer2/logic-gates.d.ts.map +1 -1
  371. package/dist/layer2/logic-gates.js +54 -20
  372. package/dist/layer2/logic-gates.js.map +1 -1
  373. package/dist/layer2/model-supply-chain.d.ts +4 -1
  374. package/dist/layer2/model-supply-chain.d.ts.map +1 -1
  375. package/dist/layer2/model-supply-chain.js +72 -4
  376. package/dist/layer2/model-supply-chain.js.map +1 -1
  377. package/dist/layer2/risky-imports.d.ts +4 -1
  378. package/dist/layer2/risky-imports.d.ts.map +1 -1
  379. package/dist/layer2/risky-imports.js +2 -2
  380. package/dist/layer2/risky-imports.js.map +1 -1
  381. package/dist/layer2/security-headers.d.ts +18 -0
  382. package/dist/layer2/security-headers.d.ts.map +1 -0
  383. package/dist/layer2/security-headers.js +187 -0
  384. package/dist/layer2/security-headers.js.map +1 -0
  385. package/dist/layer2/ssrf-detection.d.ts +18 -0
  386. package/dist/layer2/ssrf-detection.d.ts.map +1 -0
  387. package/dist/layer2/ssrf-detection.js +252 -0
  388. package/dist/layer2/ssrf-detection.js.map +1 -0
  389. package/dist/layer2/variables.d.ts +4 -1
  390. package/dist/layer2/variables.d.ts.map +1 -1
  391. package/dist/layer2/variables.js +2 -2
  392. package/dist/layer2/variables.js.map +1 -1
  393. package/dist/layer2/xxe-detection.d.ts +18 -0
  394. package/dist/layer2/xxe-detection.d.ts.map +1 -0
  395. package/dist/layer2/xxe-detection.js +242 -0
  396. package/dist/layer2/xxe-detection.js.map +1 -0
  397. package/dist/layer3/anthropic/auto-dismiss.d.ts.map +1 -1
  398. package/dist/layer3/anthropic/auto-dismiss.js +11 -0
  399. package/dist/layer3/anthropic/auto-dismiss.js.map +1 -1
  400. package/dist/layer3/anthropic/prompts/index.d.ts +1 -1
  401. package/dist/layer3/anthropic/prompts/index.d.ts.map +1 -1
  402. package/dist/layer3/anthropic/prompts/index.js +3 -1
  403. package/dist/layer3/anthropic/prompts/index.js.map +1 -1
  404. package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts +19 -0
  405. package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts.map +1 -0
  406. package/dist/layer3/anthropic/prompts/modules/ai-patterns.js +156 -0
  407. package/dist/layer3/anthropic/prompts/modules/ai-patterns.js.map +1 -0
  408. package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts +9 -0
  409. package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts.map +1 -0
  410. package/dist/layer3/anthropic/prompts/modules/auth-access.js +25 -0
  411. package/dist/layer3/anthropic/prompts/modules/auth-access.js.map +1 -0
  412. package/dist/layer3/anthropic/prompts/modules/common.d.ts +11 -0
  413. package/dist/layer3/anthropic/prompts/modules/common.d.ts.map +1 -0
  414. package/dist/layer3/anthropic/prompts/modules/common.js +152 -0
  415. package/dist/layer3/anthropic/prompts/modules/common.js.map +1 -0
  416. package/dist/layer3/anthropic/prompts/modules/index.d.ts +54 -0
  417. package/dist/layer3/anthropic/prompts/modules/index.d.ts.map +1 -0
  418. package/dist/layer3/anthropic/prompts/modules/index.js +185 -0
  419. package/dist/layer3/anthropic/prompts/modules/index.js.map +1 -0
  420. package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts +8 -0
  421. package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts.map +1 -0
  422. package/dist/layer3/anthropic/prompts/modules/owasp-classic.js +84 -0
  423. package/dist/layer3/anthropic/prompts/modules/owasp-classic.js.map +1 -0
  424. package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts +8 -0
  425. package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts.map +1 -0
  426. package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js +68 -0
  427. package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js.map +1 -0
  428. package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts +8 -0
  429. package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts.map +1 -0
  430. package/dist/layer3/anthropic/prompts/modules/xss-prompt.js +22 -0
  431. package/dist/layer3/anthropic/prompts/modules/xss-prompt.js.map +1 -0
  432. package/dist/layer3/anthropic/prompts/validation.d.ts +9 -3
  433. package/dist/layer3/anthropic/prompts/validation.d.ts.map +1 -1
  434. package/dist/layer3/anthropic/prompts/validation.js +14 -410
  435. package/dist/layer3/anthropic/prompts/validation.js.map +1 -1
  436. package/dist/layer3/anthropic/providers/anthropic.d.ts.map +1 -1
  437. package/dist/layer3/anthropic/providers/anthropic.js +6 -3
  438. package/dist/layer3/anthropic/providers/anthropic.js.map +1 -1
  439. package/dist/layer3/anthropic/providers/openai.d.ts.map +1 -1
  440. package/dist/layer3/anthropic/providers/openai.js +6 -3
  441. package/dist/layer3/anthropic/providers/openai.js.map +1 -1
  442. package/dist/layer3/anthropic/request-builder.d.ts +11 -4
  443. package/dist/layer3/anthropic/request-builder.d.ts.map +1 -1
  444. package/dist/layer3/anthropic/request-builder.js +32 -16
  445. package/dist/layer3/anthropic/request-builder.js.map +1 -1
  446. package/dist/layer3/anthropic/utils/context-extractor.d.ts +55 -0
  447. package/dist/layer3/anthropic/utils/context-extractor.d.ts.map +1 -0
  448. package/dist/layer3/anthropic/utils/context-extractor.js +161 -0
  449. package/dist/layer3/anthropic/utils/context-extractor.js.map +1 -0
  450. package/dist/layer3/anthropic/utils/index.d.ts +2 -0
  451. package/dist/layer3/anthropic/utils/index.d.ts.map +1 -1
  452. package/dist/layer3/anthropic/utils/index.js +4 -1
  453. package/dist/layer3/anthropic/utils/index.js.map +1 -1
  454. package/dist/model/auth-helper-detector.d.ts +56 -0
  455. package/dist/model/auth-helper-detector.d.ts.map +1 -0
  456. package/dist/model/auth-helper-detector.js +360 -0
  457. package/dist/model/auth-helper-detector.js.map +1 -0
  458. package/dist/model/cross-file-taint.d.ts +40 -0
  459. package/dist/model/cross-file-taint.d.ts.map +1 -0
  460. package/dist/model/cross-file-taint.js +290 -0
  461. package/dist/model/cross-file-taint.js.map +1 -0
  462. package/dist/model/framework-models/django.d.ts +9 -0
  463. package/dist/model/framework-models/django.d.ts.map +1 -0
  464. package/dist/model/framework-models/django.js +82 -0
  465. package/dist/model/framework-models/django.js.map +1 -0
  466. package/dist/model/framework-models/express.d.ts +9 -0
  467. package/dist/model/framework-models/express.d.ts.map +1 -0
  468. package/dist/model/framework-models/express.js +52 -0
  469. package/dist/model/framework-models/express.js.map +1 -0
  470. package/dist/model/framework-models/index.d.ts +20 -0
  471. package/dist/model/framework-models/index.d.ts.map +1 -0
  472. package/dist/model/framework-models/index.js +102 -0
  473. package/dist/model/framework-models/index.js.map +1 -0
  474. package/dist/model/framework-models/nextjs.d.ts +9 -0
  475. package/dist/model/framework-models/nextjs.d.ts.map +1 -0
  476. package/dist/model/framework-models/nextjs.js +71 -0
  477. package/dist/model/framework-models/nextjs.js.map +1 -0
  478. package/dist/model/framework-models/prisma.d.ts +10 -0
  479. package/dist/model/framework-models/prisma.d.ts.map +1 -0
  480. package/dist/model/framework-models/prisma.js +54 -0
  481. package/dist/model/framework-models/prisma.js.map +1 -0
  482. package/dist/model/framework-models/react.d.ts +9 -0
  483. package/dist/model/framework-models/react.d.ts.map +1 -0
  484. package/dist/model/framework-models/react.js +67 -0
  485. package/dist/model/framework-models/react.js.map +1 -0
  486. package/dist/model/framework-models/sequelize.d.ts +9 -0
  487. package/dist/model/framework-models/sequelize.d.ts.map +1 -0
  488. package/dist/model/framework-models/sequelize.js +62 -0
  489. package/dist/model/framework-models/sequelize.js.map +1 -0
  490. package/dist/model/framework-models/types.d.ts +43 -0
  491. package/dist/model/framework-models/types.d.ts.map +1 -0
  492. package/dist/model/framework-models/types.js +10 -0
  493. package/dist/model/framework-models/types.js.map +1 -0
  494. package/dist/model/function-classifier.d.ts +32 -0
  495. package/dist/model/function-classifier.d.ts.map +1 -0
  496. package/dist/model/function-classifier.js +143 -0
  497. package/dist/model/function-classifier.js.map +1 -0
  498. package/dist/model/import-resolver.d.ts +45 -0
  499. package/dist/model/import-resolver.d.ts.map +1 -0
  500. package/dist/model/import-resolver.js +410 -0
  501. package/dist/model/import-resolver.js.map +1 -0
  502. package/dist/model/imported-auth-detector.d.ts +38 -0
  503. package/dist/model/imported-auth-detector.d.ts.map +1 -0
  504. package/dist/model/imported-auth-detector.js +199 -0
  505. package/dist/model/imported-auth-detector.js.map +1 -0
  506. package/dist/model/index.d.ts +63 -0
  507. package/dist/model/index.d.ts.map +1 -0
  508. package/dist/model/index.js +272 -0
  509. package/dist/model/index.js.map +1 -0
  510. package/dist/model/middleware-detector.d.ts +55 -0
  511. package/dist/model/middleware-detector.d.ts.map +1 -0
  512. package/dist/model/middleware-detector.js +382 -0
  513. package/dist/model/middleware-detector.js.map +1 -0
  514. package/dist/model/module-graph.d.ts +46 -0
  515. package/dist/model/module-graph.d.ts.map +1 -0
  516. package/dist/model/module-graph.js +187 -0
  517. package/dist/model/module-graph.js.map +1 -0
  518. package/dist/model/oauth-flow-detector.d.ts +41 -0
  519. package/dist/model/oauth-flow-detector.d.ts.map +1 -0
  520. package/dist/model/oauth-flow-detector.js +202 -0
  521. package/dist/model/oauth-flow-detector.js.map +1 -0
  522. package/dist/model/project-context.d.ts +119 -0
  523. package/dist/model/project-context.d.ts.map +1 -0
  524. package/dist/model/project-context.js +534 -0
  525. package/dist/model/project-context.js.map +1 -0
  526. package/dist/model/route-auth-resolver.d.ts +27 -0
  527. package/dist/model/route-auth-resolver.d.ts.map +1 -0
  528. package/dist/model/route-auth-resolver.js +182 -0
  529. package/dist/model/route-auth-resolver.js.map +1 -0
  530. package/dist/model/route-discovery/express.d.ts +25 -0
  531. package/dist/model/route-discovery/express.d.ts.map +1 -0
  532. package/dist/model/route-discovery/express.js +225 -0
  533. package/dist/model/route-discovery/express.js.map +1 -0
  534. package/dist/model/route-discovery/index.d.ts +21 -0
  535. package/dist/model/route-discovery/index.d.ts.map +1 -0
  536. package/dist/model/route-discovery/index.js +67 -0
  537. package/dist/model/route-discovery/index.js.map +1 -0
  538. package/dist/model/route-discovery/nextjs.d.ts +16 -0
  539. package/dist/model/route-discovery/nextjs.d.ts.map +1 -0
  540. package/dist/model/route-discovery/nextjs.js +179 -0
  541. package/dist/model/route-discovery/nextjs.js.map +1 -0
  542. package/dist/model/route-discovery/python.d.ts +16 -0
  543. package/dist/model/route-discovery/python.d.ts.map +1 -0
  544. package/dist/model/route-discovery/python.js +181 -0
  545. package/dist/model/route-discovery/python.js.map +1 -0
  546. package/dist/model/route-discovery/types.d.ts +36 -0
  547. package/dist/model/route-discovery/types.d.ts.map +1 -0
  548. package/dist/model/route-discovery/types.js +16 -0
  549. package/dist/model/route-discovery/types.js.map +1 -0
  550. package/dist/model/route-discovery/utils.d.ts +18 -0
  551. package/dist/model/route-discovery/utils.d.ts.map +1 -0
  552. package/dist/model/route-discovery/utils.js +55 -0
  553. package/dist/model/route-discovery/utils.js.map +1 -0
  554. package/dist/model/route-hierarchy.d.ts +50 -0
  555. package/dist/model/route-hierarchy.d.ts.map +1 -0
  556. package/dist/model/route-hierarchy.js +226 -0
  557. package/dist/model/route-hierarchy.js.map +1 -0
  558. package/dist/model/sanitiser-detection.d.ts +27 -0
  559. package/dist/model/sanitiser-detection.d.ts.map +1 -0
  560. package/dist/model/sanitiser-detection.js +224 -0
  561. package/dist/model/sanitiser-detection.js.map +1 -0
  562. package/dist/model/sink-matcher.d.ts +17 -0
  563. package/dist/model/sink-matcher.d.ts.map +1 -0
  564. package/dist/model/sink-matcher.js +141 -0
  565. package/dist/model/sink-matcher.js.map +1 -0
  566. package/dist/model/sink-patterns.d.ts +19 -0
  567. package/dist/model/sink-patterns.d.ts.map +1 -0
  568. package/dist/model/sink-patterns.js +88 -0
  569. package/dist/model/sink-patterns.js.map +1 -0
  570. package/dist/model/source-discovery.d.ts +15 -0
  571. package/dist/model/source-discovery.d.ts.map +1 -0
  572. package/dist/model/source-discovery.js +170 -0
  573. package/dist/model/source-discovery.js.map +1 -0
  574. package/dist/model/taint-tracker.d.ts +21 -0
  575. package/dist/model/taint-tracker.d.ts.map +1 -0
  576. package/dist/model/taint-tracker.js +281 -0
  577. package/dist/model/taint-tracker.js.map +1 -0
  578. package/dist/model/taint-types.d.ts +74 -0
  579. package/dist/model/taint-types.d.ts.map +1 -0
  580. package/dist/model/taint-types.js +9 -0
  581. package/dist/model/taint-types.js.map +1 -0
  582. package/dist/model/trpc-analyzer.d.ts +78 -0
  583. package/dist/model/trpc-analyzer.d.ts.map +1 -0
  584. package/dist/model/trpc-analyzer.js +297 -0
  585. package/dist/model/trpc-analyzer.js.map +1 -0
  586. package/dist/modes/incremental.js +1 -1
  587. package/dist/parse/file-classifier.d.ts +228 -0
  588. package/dist/parse/file-classifier.d.ts.map +1 -0
  589. package/dist/parse/file-classifier.js +933 -0
  590. package/dist/parse/file-classifier.js.map +1 -0
  591. package/dist/parse/path-exclusions.d.ts +55 -0
  592. package/dist/parse/path-exclusions.d.ts.map +1 -0
  593. package/dist/parse/path-exclusions.js +224 -0
  594. package/dist/parse/path-exclusions.js.map +1 -0
  595. package/dist/pipeline/config.d.ts +39 -0
  596. package/dist/pipeline/config.d.ts.map +1 -0
  597. package/dist/pipeline/config.js +46 -0
  598. package/dist/pipeline/config.js.map +1 -0
  599. package/dist/pipeline/index.d.ts +34 -0
  600. package/dist/pipeline/index.d.ts.map +1 -0
  601. package/dist/pipeline/index.js +377 -0
  602. package/dist/pipeline/index.js.map +1 -0
  603. package/dist/pipeline/modes/incremental.d.ts +66 -0
  604. package/dist/pipeline/modes/incremental.d.ts.map +1 -0
  605. package/dist/pipeline/modes/incremental.js +200 -0
  606. package/dist/pipeline/modes/incremental.js.map +1 -0
  607. package/dist/postprocess/aggregation.d.ts +14 -0
  608. package/dist/postprocess/aggregation.d.ts.map +1 -0
  609. package/dist/postprocess/aggregation.js +63 -0
  610. package/dist/postprocess/aggregation.js.map +1 -0
  611. package/dist/postprocess/contradictions.d.ts +18 -0
  612. package/dist/postprocess/contradictions.d.ts.map +1 -0
  613. package/dist/postprocess/contradictions.js +99 -0
  614. package/dist/postprocess/contradictions.js.map +1 -0
  615. package/dist/postprocess/dedup.d.ts +13 -0
  616. package/dist/postprocess/dedup.d.ts.map +1 -0
  617. package/dist/postprocess/dedup.js +58 -0
  618. package/dist/postprocess/dedup.js.map +1 -0
  619. package/dist/postprocess/filtering/context-adjustments.d.ts +23 -0
  620. package/dist/postprocess/filtering/context-adjustments.d.ts.map +1 -0
  621. package/dist/postprocess/filtering/context-adjustments.js +100 -0
  622. package/dist/postprocess/filtering/context-adjustments.js.map +1 -0
  623. package/dist/postprocess/filtering/index.d.ts +3 -0
  624. package/dist/postprocess/filtering/index.d.ts.map +1 -0
  625. package/dist/postprocess/filtering/index.js +8 -0
  626. package/dist/postprocess/filtering/index.js.map +1 -0
  627. package/dist/postprocess/filtering/pipeline.d.ts +48 -0
  628. package/dist/postprocess/filtering/pipeline.d.ts.map +1 -0
  629. package/dist/postprocess/filtering/pipeline.js +76 -0
  630. package/dist/postprocess/filtering/pipeline.js.map +1 -0
  631. package/dist/postprocess/index.d.ts +41 -0
  632. package/dist/postprocess/index.d.ts.map +1 -0
  633. package/dist/postprocess/index.js +85 -0
  634. package/dist/postprocess/index.js.map +1 -0
  635. package/dist/postprocess/suppression/config-loader.d.ts +74 -0
  636. package/dist/postprocess/suppression/config-loader.d.ts.map +1 -0
  637. package/dist/postprocess/suppression/config-loader.js +424 -0
  638. package/dist/postprocess/suppression/config-loader.js.map +1 -0
  639. package/dist/postprocess/suppression/hash.d.ts +48 -0
  640. package/dist/postprocess/suppression/hash.d.ts.map +1 -0
  641. package/dist/postprocess/suppression/hash.js +88 -0
  642. package/dist/postprocess/suppression/hash.js.map +1 -0
  643. package/dist/postprocess/suppression/index.d.ts +11 -0
  644. package/dist/postprocess/suppression/index.d.ts.map +1 -0
  645. package/dist/postprocess/suppression/index.js +39 -0
  646. package/dist/postprocess/suppression/index.js.map +1 -0
  647. package/dist/postprocess/suppression/inline-parser.d.ts +39 -0
  648. package/dist/postprocess/suppression/inline-parser.d.ts.map +1 -0
  649. package/dist/postprocess/suppression/inline-parser.js +218 -0
  650. package/dist/postprocess/suppression/inline-parser.js.map +1 -0
  651. package/dist/postprocess/suppression/manager.d.ts +94 -0
  652. package/dist/postprocess/suppression/manager.d.ts.map +1 -0
  653. package/dist/postprocess/suppression/manager.js +292 -0
  654. package/dist/postprocess/suppression/manager.js.map +1 -0
  655. package/dist/postprocess/suppression/types.d.ts +151 -0
  656. package/dist/postprocess/suppression/types.d.ts.map +1 -0
  657. package/dist/postprocess/suppression/types.js +28 -0
  658. package/dist/postprocess/suppression/types.js.map +1 -0
  659. package/dist/postprocess/validation-cap.d.ts +17 -0
  660. package/dist/postprocess/validation-cap.d.ts.map +1 -0
  661. package/dist/postprocess/validation-cap.js +64 -0
  662. package/dist/postprocess/validation-cap.js.map +1 -0
  663. package/dist/report/build-result.d.ts +33 -0
  664. package/dist/report/build-result.d.ts.map +1 -0
  665. package/dist/report/build-result.js +59 -0
  666. package/dist/report/build-result.js.map +1 -0
  667. package/dist/report/enrichment.d.ts +19 -0
  668. package/dist/report/enrichment.d.ts.map +1 -0
  669. package/dist/report/enrichment.js +44 -0
  670. package/dist/report/enrichment.js.map +1 -0
  671. package/dist/report/formatters/ai-context.d.ts +23 -0
  672. package/dist/report/formatters/ai-context.d.ts.map +1 -0
  673. package/dist/report/formatters/ai-context.js +238 -0
  674. package/dist/report/formatters/ai-context.js.map +1 -0
  675. package/dist/report/formatters/cli-terminal.d.ts +65 -0
  676. package/dist/report/formatters/cli-terminal.d.ts.map +1 -0
  677. package/dist/report/formatters/cli-terminal.js +735 -0
  678. package/dist/report/formatters/cli-terminal.js.map +1 -0
  679. package/dist/report/formatters/github-comment.d.ts +41 -0
  680. package/dist/report/formatters/github-comment.d.ts.map +1 -0
  681. package/dist/report/formatters/github-comment.js +370 -0
  682. package/dist/report/formatters/github-comment.js.map +1 -0
  683. package/dist/report/formatters/grouping.d.ts +52 -0
  684. package/dist/report/formatters/grouping.d.ts.map +1 -0
  685. package/dist/report/formatters/grouping.js +152 -0
  686. package/dist/report/formatters/grouping.js.map +1 -0
  687. package/dist/report/formatters/ide/claude-code.d.ts +17 -0
  688. package/dist/report/formatters/ide/claude-code.d.ts.map +1 -0
  689. package/dist/report/formatters/ide/claude-code.js +94 -0
  690. package/dist/report/formatters/ide/claude-code.js.map +1 -0
  691. package/dist/report/formatters/ide/cursor.d.ts +13 -0
  692. package/dist/report/formatters/ide/cursor.d.ts.map +1 -0
  693. package/dist/report/formatters/ide/cursor.js +125 -0
  694. package/dist/report/formatters/ide/cursor.js.map +1 -0
  695. package/dist/report/formatters/ide/index.d.ts +62 -0
  696. package/dist/report/formatters/ide/index.d.ts.map +1 -0
  697. package/dist/report/formatters/ide/index.js +184 -0
  698. package/dist/report/formatters/ide/index.js.map +1 -0
  699. package/dist/report/formatters/ide/windsurf.d.ts +13 -0
  700. package/dist/report/formatters/ide/windsurf.d.ts.map +1 -0
  701. package/dist/report/formatters/ide/windsurf.js +117 -0
  702. package/dist/report/formatters/ide/windsurf.js.map +1 -0
  703. package/dist/report/formatters/index.d.ts +11 -0
  704. package/dist/report/formatters/index.d.ts.map +1 -0
  705. package/dist/report/formatters/index.js +54 -0
  706. package/dist/report/formatters/index.js.map +1 -0
  707. package/dist/report/formatters/vscode-diagnostic.d.ts +103 -0
  708. package/dist/report/formatters/vscode-diagnostic.d.ts.map +1 -0
  709. package/dist/report/formatters/vscode-diagnostic.js +151 -0
  710. package/dist/report/formatters/vscode-diagnostic.js.map +1 -0
  711. package/dist/report/summary.d.ts +27 -0
  712. package/dist/report/summary.d.ts.map +1 -0
  713. package/dist/report/summary.js +57 -0
  714. package/dist/report/summary.js.map +1 -0
  715. package/dist/rules/metadata.d.ts.map +1 -1
  716. package/dist/rules/metadata.js +66 -0
  717. package/dist/rules/metadata.js.map +1 -1
  718. package/dist/score/adjustments.d.ts +22 -0
  719. package/dist/score/adjustments.d.ts.map +1 -0
  720. package/dist/score/adjustments.js +373 -0
  721. package/dist/score/adjustments.js.map +1 -0
  722. package/dist/score/auto-dismiss.d.ts +28 -0
  723. package/dist/score/auto-dismiss.d.ts.map +1 -0
  724. package/dist/score/auto-dismiss.js +200 -0
  725. package/dist/score/auto-dismiss.js.map +1 -0
  726. package/dist/score/confidence.d.ts +19 -0
  727. package/dist/score/confidence.d.ts.map +1 -0
  728. package/dist/score/confidence.js +52 -0
  729. package/dist/score/confidence.js.map +1 -0
  730. package/dist/score/index.d.ts +61 -0
  731. package/dist/score/index.d.ts.map +1 -0
  732. package/dist/score/index.js +250 -0
  733. package/dist/score/index.js.map +1 -0
  734. package/dist/score/types.d.ts +160 -0
  735. package/dist/score/types.d.ts.map +1 -0
  736. package/dist/score/types.js +14 -0
  737. package/dist/score/types.js.map +1 -0
  738. package/dist/shared/ai-context/index.d.ts +6 -0
  739. package/dist/shared/ai-context/index.d.ts.map +1 -0
  740. package/dist/shared/ai-context/index.js +13 -0
  741. package/dist/shared/ai-context/index.js.map +1 -0
  742. package/dist/shared/ai-context/manager.d.ts +67 -0
  743. package/dist/shared/ai-context/manager.d.ts.map +1 -0
  744. package/dist/shared/ai-context/manager.js +104 -0
  745. package/dist/shared/ai-context/manager.js.map +1 -0
  746. package/dist/shared/baseline/diff.d.ts +32 -0
  747. package/dist/shared/baseline/diff.d.ts.map +1 -0
  748. package/dist/shared/baseline/diff.js +119 -0
  749. package/dist/shared/baseline/diff.js.map +1 -0
  750. package/dist/shared/baseline/index.d.ts +9 -0
  751. package/dist/shared/baseline/index.d.ts.map +1 -0
  752. package/dist/shared/baseline/index.js +19 -0
  753. package/dist/shared/baseline/index.js.map +1 -0
  754. package/dist/shared/baseline/manager.d.ts +67 -0
  755. package/dist/shared/baseline/manager.d.ts.map +1 -0
  756. package/dist/shared/baseline/manager.js +180 -0
  757. package/dist/shared/baseline/manager.js.map +1 -0
  758. package/dist/shared/baseline/types.d.ts +91 -0
  759. package/dist/shared/baseline/types.d.ts.map +1 -0
  760. package/dist/shared/baseline/types.js +12 -0
  761. package/dist/shared/baseline/types.js.map +1 -0
  762. package/dist/shared/category-filter.d.ts +125 -0
  763. package/dist/shared/category-filter.d.ts.map +1 -0
  764. package/dist/shared/category-filter.js +360 -0
  765. package/dist/shared/category-filter.js.map +1 -0
  766. package/dist/shared/code-analysis.d.ts +39 -0
  767. package/dist/shared/code-analysis.d.ts.map +1 -0
  768. package/dist/shared/code-analysis.js +159 -0
  769. package/dist/shared/code-analysis.js.map +1 -0
  770. package/dist/shared/comment-analyzer.d.ts +38 -0
  771. package/dist/shared/comment-analyzer.d.ts.map +1 -0
  772. package/dist/shared/comment-analyzer.js +218 -0
  773. package/dist/shared/comment-analyzer.js.map +1 -0
  774. package/dist/shared/diff-detector.d.ts +53 -0
  775. package/dist/shared/diff-detector.d.ts.map +1 -0
  776. package/dist/shared/diff-detector.js +104 -0
  777. package/dist/shared/diff-detector.js.map +1 -0
  778. package/dist/shared/diff-parser.d.ts +80 -0
  779. package/dist/shared/diff-parser.d.ts.map +1 -0
  780. package/dist/shared/diff-parser.js +202 -0
  781. package/dist/shared/diff-parser.js.map +1 -0
  782. package/dist/shared/environment-context.d.ts +76 -0
  783. package/dist/shared/environment-context.d.ts.map +1 -0
  784. package/dist/shared/environment-context.js +271 -0
  785. package/dist/shared/environment-context.js.map +1 -0
  786. package/dist/shared/intent-detector.d.ts +66 -0
  787. package/dist/shared/intent-detector.d.ts.map +1 -0
  788. package/dist/shared/intent-detector.js +282 -0
  789. package/dist/shared/intent-detector.js.map +1 -0
  790. package/dist/shared/parsed-file.d.ts +51 -0
  791. package/dist/shared/parsed-file.d.ts.map +1 -0
  792. package/dist/shared/parsed-file.js +95 -0
  793. package/dist/shared/parsed-file.js.map +1 -0
  794. package/dist/shared/registry-clients.d.ts +93 -0
  795. package/dist/shared/registry-clients.d.ts.map +1 -0
  796. package/dist/shared/registry-clients.js +273 -0
  797. package/dist/shared/registry-clients.js.map +1 -0
  798. package/dist/shared/rules/framework-fixes.d.ts +48 -0
  799. package/dist/shared/rules/framework-fixes.d.ts.map +1 -0
  800. package/dist/shared/rules/framework-fixes.js +439 -0
  801. package/dist/shared/rules/framework-fixes.js.map +1 -0
  802. package/dist/shared/rules/index.d.ts +8 -0
  803. package/dist/shared/rules/index.d.ts.map +1 -0
  804. package/dist/shared/rules/index.js +18 -0
  805. package/dist/shared/rules/index.js.map +1 -0
  806. package/dist/shared/rules/metadata.d.ts +43 -0
  807. package/dist/shared/rules/metadata.d.ts.map +1 -0
  808. package/dist/shared/rules/metadata.js +819 -0
  809. package/dist/shared/rules/metadata.js.map +1 -0
  810. package/dist/shared/schema-semantics.d.ts +45 -0
  811. package/dist/shared/schema-semantics.d.ts.map +1 -0
  812. package/dist/shared/schema-semantics.js +193 -0
  813. package/dist/shared/schema-semantics.js.map +1 -0
  814. package/dist/shared/types.d.ts +337 -0
  815. package/dist/shared/types.d.ts.map +1 -0
  816. package/dist/shared/types.js +126 -0
  817. package/dist/shared/types.js.map +1 -0
  818. package/dist/tiers.d.ts +4 -4
  819. package/dist/tiers.d.ts.map +1 -1
  820. package/dist/tiers.js +17 -7
  821. package/dist/tiers.js.map +1 -1
  822. package/dist/types.d.ts +79 -9
  823. package/dist/types.d.ts.map +1 -1
  824. package/dist/types.js +34 -0
  825. package/dist/types.js.map +1 -1
  826. package/dist/utils/code-analysis.d.ts +39 -0
  827. package/dist/utils/code-analysis.d.ts.map +1 -0
  828. package/dist/utils/code-analysis.js +159 -0
  829. package/dist/utils/code-analysis.js.map +1 -0
  830. package/dist/utils/comment-analyzer.d.ts +38 -0
  831. package/dist/utils/comment-analyzer.d.ts.map +1 -0
  832. package/dist/utils/comment-analyzer.js +218 -0
  833. package/dist/utils/comment-analyzer.js.map +1 -0
  834. package/dist/utils/context-helpers.d.ts +108 -1
  835. package/dist/utils/context-helpers.d.ts.map +1 -1
  836. package/dist/utils/context-helpers.js +351 -2
  837. package/dist/utils/context-helpers.js.map +1 -1
  838. package/dist/utils/environment-context.d.ts +76 -0
  839. package/dist/utils/environment-context.d.ts.map +1 -0
  840. package/dist/utils/environment-context.js +271 -0
  841. package/dist/utils/environment-context.js.map +1 -0
  842. package/dist/utils/intent-detector.d.ts +66 -0
  843. package/dist/utils/intent-detector.d.ts.map +1 -0
  844. package/dist/utils/intent-detector.js +282 -0
  845. package/dist/utils/intent-detector.js.map +1 -0
  846. package/dist/utils/parsed-file.d.ts +51 -0
  847. package/dist/utils/parsed-file.d.ts.map +1 -0
  848. package/dist/utils/parsed-file.js +95 -0
  849. package/dist/utils/parsed-file.js.map +1 -0
  850. package/dist/utils/route-hierarchy.d.ts +50 -0
  851. package/dist/utils/route-hierarchy.d.ts.map +1 -0
  852. package/dist/utils/route-hierarchy.js +226 -0
  853. package/dist/utils/route-hierarchy.js.map +1 -0
  854. package/dist/utils/schema-semantics.d.ts +45 -0
  855. package/dist/utils/schema-semantics.d.ts.map +1 -0
  856. package/dist/utils/schema-semantics.js +193 -0
  857. package/dist/utils/schema-semantics.js.map +1 -0
  858. package/dist/validate/clients.d.ts +44 -0
  859. package/dist/validate/clients.d.ts.map +1 -0
  860. package/dist/validate/clients.js +81 -0
  861. package/dist/validate/clients.js.map +1 -0
  862. package/dist/validate/index.d.ts +41 -0
  863. package/dist/validate/index.d.ts.map +1 -0
  864. package/dist/validate/index.js +141 -0
  865. package/dist/validate/index.js.map +1 -0
  866. package/dist/validate/prompts/index.d.ts +8 -0
  867. package/dist/validate/prompts/index.d.ts.map +1 -0
  868. package/dist/validate/prompts/index.js +16 -0
  869. package/dist/validate/prompts/index.js.map +1 -0
  870. package/dist/validate/prompts/modules/ai-patterns.d.ts +19 -0
  871. package/dist/validate/prompts/modules/ai-patterns.d.ts.map +1 -0
  872. package/dist/validate/prompts/modules/ai-patterns.js +156 -0
  873. package/dist/validate/prompts/modules/ai-patterns.js.map +1 -0
  874. package/dist/validate/prompts/modules/auth-access.d.ts +9 -0
  875. package/dist/validate/prompts/modules/auth-access.d.ts.map +1 -0
  876. package/dist/validate/prompts/modules/auth-access.js +25 -0
  877. package/dist/validate/prompts/modules/auth-access.js.map +1 -0
  878. package/dist/validate/prompts/modules/common.d.ts +11 -0
  879. package/dist/validate/prompts/modules/common.d.ts.map +1 -0
  880. package/dist/validate/prompts/modules/common.js +186 -0
  881. package/dist/validate/prompts/modules/common.js.map +1 -0
  882. package/dist/validate/prompts/modules/index.d.ts +54 -0
  883. package/dist/validate/prompts/modules/index.d.ts.map +1 -0
  884. package/dist/validate/prompts/modules/index.js +186 -0
  885. package/dist/validate/prompts/modules/index.js.map +1 -0
  886. package/dist/validate/prompts/modules/owasp-classic.d.ts +8 -0
  887. package/dist/validate/prompts/modules/owasp-classic.d.ts.map +1 -0
  888. package/dist/validate/prompts/modules/owasp-classic.js +84 -0
  889. package/dist/validate/prompts/modules/owasp-classic.js.map +1 -0
  890. package/dist/validate/prompts/modules/secrets-crypto.d.ts +8 -0
  891. package/dist/validate/prompts/modules/secrets-crypto.d.ts.map +1 -0
  892. package/dist/validate/prompts/modules/secrets-crypto.js +68 -0
  893. package/dist/validate/prompts/modules/secrets-crypto.js.map +1 -0
  894. package/dist/validate/prompts/modules/xss-prompt.d.ts +8 -0
  895. package/dist/validate/prompts/modules/xss-prompt.d.ts.map +1 -0
  896. package/dist/validate/prompts/modules/xss-prompt.js +22 -0
  897. package/dist/validate/prompts/modules/xss-prompt.js.map +1 -0
  898. package/dist/validate/prompts/semantic-analysis.d.ts +15 -0
  899. package/dist/validate/prompts/semantic-analysis.d.ts.map +1 -0
  900. package/dist/validate/prompts/semantic-analysis.js +169 -0
  901. package/dist/validate/prompts/semantic-analysis.js.map +1 -0
  902. package/dist/validate/prompts/validation.d.ts +18 -0
  903. package/dist/validate/prompts/validation.d.ts.map +1 -0
  904. package/dist/validate/prompts/validation.js +25 -0
  905. package/dist/validate/prompts/validation.js.map +1 -0
  906. package/dist/validate/providers/anthropic.d.ts +17 -0
  907. package/dist/validate/providers/anthropic.d.ts.map +1 -0
  908. package/dist/validate/providers/anthropic.js +260 -0
  909. package/dist/validate/providers/anthropic.js.map +1 -0
  910. package/dist/validate/providers/index.d.ts +8 -0
  911. package/dist/validate/providers/index.d.ts.map +1 -0
  912. package/dist/validate/providers/index.js +13 -0
  913. package/dist/validate/providers/index.js.map +1 -0
  914. package/dist/validate/providers/openai.d.ts +14 -0
  915. package/dist/validate/providers/openai.d.ts.map +1 -0
  916. package/dist/validate/providers/openai.js +336 -0
  917. package/dist/validate/providers/openai.js.map +1 -0
  918. package/dist/validate/request-builder.d.ts +61 -0
  919. package/dist/validate/request-builder.d.ts.map +1 -0
  920. package/dist/validate/request-builder.js +346 -0
  921. package/dist/validate/request-builder.js.map +1 -0
  922. package/dist/validate/types.d.ts +88 -0
  923. package/dist/validate/types.d.ts.map +1 -0
  924. package/dist/validate/types.js +38 -0
  925. package/dist/validate/types.js.map +1 -0
  926. package/dist/validate/utils/context-extractor.d.ts +55 -0
  927. package/dist/validate/utils/context-extractor.d.ts.map +1 -0
  928. package/dist/validate/utils/context-extractor.js +161 -0
  929. package/dist/validate/utils/context-extractor.js.map +1 -0
  930. package/dist/validate/utils/index.d.ts +11 -0
  931. package/dist/validate/utils/index.d.ts.map +1 -0
  932. package/dist/validate/utils/index.js +27 -0
  933. package/dist/validate/utils/index.js.map +1 -0
  934. package/dist/validate/utils/path-helpers.d.ts +21 -0
  935. package/dist/validate/utils/path-helpers.d.ts.map +1 -0
  936. package/dist/validate/utils/path-helpers.js +69 -0
  937. package/dist/validate/utils/path-helpers.js.map +1 -0
  938. package/dist/validate/utils/response-parser.d.ts +40 -0
  939. package/dist/validate/utils/response-parser.d.ts.map +1 -0
  940. package/dist/validate/utils/response-parser.js +286 -0
  941. package/dist/validate/utils/response-parser.js.map +1 -0
  942. package/dist/validate/utils/retry.d.ts +15 -0
  943. package/dist/validate/utils/retry.d.ts.map +1 -0
  944. package/dist/validate/utils/retry.js +62 -0
  945. package/dist/validate/utils/retry.js.map +1 -0
  946. package/package.json +8 -7
  947. package/src/__tests__/benchmark/fixtures/layer1/agent-skill-injection.ts +204 -0
  948. package/src/__tests__/benchmark/fixtures/layer1/index.ts +3 -0
  949. package/src/__tests__/benchmark/fixtures/layer2/index.ts +27 -0
  950. package/src/__tests__/benchmark/fixtures/layer2/log-injection.ts +147 -0
  951. package/src/__tests__/benchmark/fixtures/layer2/phase5-excessive-agency.ts +580 -0
  952. package/src/__tests__/benchmark/fixtures/layer2/security-headers.ts +197 -0
  953. package/src/__tests__/benchmark/fixtures/layer2/sprint6-ai-enhancements.ts +515 -0
  954. package/src/__tests__/benchmark/fixtures/layer2/ssrf-detection.ts +210 -0
  955. package/src/__tests__/benchmark/fixtures/layer2/xxe-detection.ts +195 -0
  956. package/src/__tests__/benchmark/run-depth-validation.ts +12 -12
  957. package/src/__tests__/benchmark/run-real-world-test.ts +4 -4
  958. package/src/__tests__/benchmark/types.ts +1 -1
  959. package/src/__tests__/benchmark/utils/test-runner.ts +3 -3
  960. package/src/__tests__/category-filter.test.ts +478 -0
  961. package/src/__tests__/context-engine/cross-file-taint.test.ts +284 -0
  962. package/src/__tests__/context-engine/framework-models.test.ts +457 -0
  963. package/src/__tests__/context-engine/function-classifier.test.ts +146 -0
  964. package/src/__tests__/context-engine/import-resolver.test.ts +328 -0
  965. package/src/__tests__/context-engine/integration.test.ts +320 -0
  966. package/src/__tests__/context-engine/module-graph.test.ts +159 -0
  967. package/src/__tests__/context-engine/route-discovery/auth-resolver.test.ts +353 -0
  968. package/src/__tests__/context-engine/route-discovery/express.test.ts +150 -0
  969. package/src/__tests__/context-engine/route-discovery/nextjs.test.ts +138 -0
  970. package/src/__tests__/context-engine/route-discovery/python.test.ts +95 -0
  971. package/src/__tests__/context-engine/sanitiser-detection.test.ts +187 -0
  972. package/src/__tests__/context-engine/sink-matcher.test.ts +251 -0
  973. package/src/__tests__/context-engine/source-discovery.test.ts +186 -0
  974. package/src/__tests__/context-engine/taint-tracker.test.ts +182 -0
  975. package/src/__tests__/regression/agent-skill-benign.test.ts +174 -0
  976. package/src/__tests__/regression/known-false-positives.test.ts +801 -3
  977. package/src/__tests__/score/adjustments.test.ts +385 -0
  978. package/src/__tests__/score/confidence.test.ts +283 -0
  979. package/src/__tests__/score/framework-scoring.test.ts +275 -0
  980. package/src/__tests__/score/route-scoring.test.ts +156 -0
  981. package/src/__tests__/score/scoring-integration.test.ts +165 -0
  982. package/src/__tests__/score/taint-adjustments.test.ts +244 -0
  983. package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +50 -58
  984. package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +52 -0
  985. package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +3 -12
  986. package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +3 -3
  987. package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +1 -1
  988. package/src/__tests__/snapshots/scan-depth.test.ts +3 -3
  989. package/src/__tests__/validate/route-annotations.test.ts +138 -0
  990. package/src/__tests__/validation/analyze-results.ts +1 -1
  991. package/src/__tests__/validation/extract-for-triage.ts +1 -1
  992. package/src/__tests__/validation/fp-deep-analysis.ts +1 -1
  993. package/src/__tests__/validation/run-validation.ts +7 -7
  994. package/src/{layer2/ai-agent-tools.ts → detect/ai-code/agent-tools.ts} +729 -4
  995. package/src/{layer2 → detect/ai-code}/byok-patterns.ts +20 -6
  996. package/src/{layer2/ai-endpoint-protection.ts → detect/ai-code/endpoint-protection.ts} +10 -4
  997. package/src/{layer2/ai-execution-sinks.ts → detect/ai-code/execution-sinks.ts} +272 -46
  998. package/src/{layer2/ai-fingerprinting.ts → detect/ai-code/fingerprinting.ts} +46 -34
  999. package/src/detect/ai-code/index.ts +11 -0
  1000. package/src/{layer2/ai-mcp-security.ts → detect/ai-code/mcp-security.ts} +212 -5
  1001. package/src/{layer2 → detect/ai-code}/model-supply-chain.ts +85 -6
  1002. package/src/{layer2/ai-package-hallucination.ts → detect/ai-code/package-hallucination.ts} +170 -6
  1003. package/src/{layer2/ai-prompt-hygiene.ts → detect/ai-code/prompt-hygiene.ts} +393 -28
  1004. package/src/{layer2/ai-rag-safety.ts → detect/ai-code/rag-safety.ts} +91 -4
  1005. package/src/{layer2/ai-schema-validation.ts → detect/ai-code/schema-validation.ts} +10 -4
  1006. package/src/detect/config/agent-skill-injection.ts +551 -0
  1007. package/src/{layer1 → detect/config}/comments.ts +8 -2
  1008. package/src/{layer1 → detect/config}/file-flags.ts +23 -6
  1009. package/src/detect/config/index.ts +6 -0
  1010. package/src/{layer3 → detect/config}/osv-check.ts +3 -2
  1011. package/src/{layer3 → detect/config}/package-check.ts +3 -2
  1012. package/src/{layer1 → detect/config}/urls.ts +196 -15
  1013. package/src/detect/index.ts +131 -0
  1014. package/src/{layer1 → detect/secrets}/config-audit.ts +56 -12
  1015. package/src/{layer1 → detect/secrets}/config-mcp-audit.ts +11 -4
  1016. package/src/{layer1 → detect/secrets}/entropy.ts +256 -11
  1017. package/src/{layer1 → detect/secrets}/index.ts +43 -46
  1018. package/src/{layer1 → detect/secrets}/patterns.ts +51 -6
  1019. package/src/{layer1 → detect/secrets}/weak-crypto.ts +174 -17
  1020. package/src/{layer2/auth-antipatterns.ts → detect/structural/auth-patterns.ts} +249 -27
  1021. package/src/{layer2 → detect/structural}/dangerous-functions/dom-xss.ts +94 -22
  1022. package/src/{layer2 → detect/structural}/dangerous-functions/index.ts +672 -65
  1023. package/src/{layer2 → detect/structural}/dangerous-functions/json-parse.ts +10 -2
  1024. package/src/{layer2 → detect/structural}/dangerous-functions/math-random.ts +269 -17
  1025. package/src/{layer2 → detect/structural}/dangerous-functions/patterns.ts +4 -2
  1026. package/src/{layer2 → detect/structural}/dangerous-functions/request-validation.ts +10 -2
  1027. package/src/detect/structural/dangerous-functions/utils/control-flow.ts +35 -0
  1028. package/src/{layer2 → detect/structural}/dangerous-functions/utils/schema-validation.ts +16 -1
  1029. package/src/{layer2 → detect/structural}/data-exposure.ts +23 -40
  1030. package/src/{layer2 → detect/structural}/framework-checks.ts +13 -12
  1031. package/src/{layer2 → detect/structural}/index.ts +144 -122
  1032. package/src/detect/structural/log-injection.ts +254 -0
  1033. package/src/{layer2 → detect/structural}/logic-gates.ts +69 -24
  1034. package/src/{layer2 → detect/structural}/risky-imports.ts +10 -4
  1035. package/src/detect/structural/security-headers.ts +231 -0
  1036. package/src/detect/structural/ssrf-detection.ts +300 -0
  1037. package/src/{layer2 → detect/structural}/variables.ts +10 -4
  1038. package/src/detect/structural/xxe-detection.ts +295 -0
  1039. package/src/index.ts +64 -1038
  1040. package/src/{utils → model}/auth-helper-detector.ts +1 -1
  1041. package/src/model/cross-file-taint.ts +374 -0
  1042. package/src/model/framework-models/django.ts +82 -0
  1043. package/src/model/framework-models/express.ts +54 -0
  1044. package/src/model/framework-models/index.ts +116 -0
  1045. package/src/model/framework-models/nextjs.ts +69 -0
  1046. package/src/model/framework-models/prisma.ts +57 -0
  1047. package/src/model/framework-models/react.ts +63 -0
  1048. package/src/model/framework-models/sequelize.ts +63 -0
  1049. package/src/model/framework-models/types.ts +46 -0
  1050. package/src/model/function-classifier.ts +184 -0
  1051. package/src/model/import-resolver.ts +453 -0
  1052. package/src/{utils → model}/imported-auth-detector.ts +21 -85
  1053. package/src/model/index.ts +353 -0
  1054. package/src/{utils → model}/middleware-detector.ts +156 -17
  1055. package/src/model/module-graph.ts +254 -0
  1056. package/src/{utils → model}/oauth-flow-detector.ts +1 -1
  1057. package/src/{utils/project-context-builder.ts → model/project-context.ts} +1 -1
  1058. package/src/model/route-auth-resolver.ts +216 -0
  1059. package/src/model/route-discovery/express.ts +251 -0
  1060. package/src/model/route-discovery/index.ts +83 -0
  1061. package/src/model/route-discovery/nextjs.ts +216 -0
  1062. package/src/model/route-discovery/python.ts +214 -0
  1063. package/src/model/route-discovery/types.ts +48 -0
  1064. package/src/model/route-discovery/utils.ts +54 -0
  1065. package/src/model/route-hierarchy.ts +250 -0
  1066. package/src/model/sanitiser-detection.ts +268 -0
  1067. package/src/model/sink-matcher.ts +178 -0
  1068. package/src/model/sink-patterns.ts +109 -0
  1069. package/src/model/source-discovery.ts +209 -0
  1070. package/src/model/taint-tracker.ts +333 -0
  1071. package/src/model/taint-types.ts +149 -0
  1072. package/src/{utils → model}/trpc-analyzer.ts +1 -1
  1073. package/src/{utils/context-helpers.ts → parse/file-classifier.ts} +462 -2
  1074. package/src/{utils → parse}/path-exclusions.ts +1 -1
  1075. package/src/pipeline/config.ts +81 -0
  1076. package/src/pipeline/index.ts +437 -0
  1077. package/src/{modes → pipeline/modes}/incremental.ts +6 -6
  1078. package/src/postprocess/aggregation.ts +74 -0
  1079. package/src/postprocess/contradictions.ts +128 -0
  1080. package/src/postprocess/dedup.ts +62 -0
  1081. package/src/postprocess/filtering/__tests__/pipeline.test.ts +134 -0
  1082. package/src/postprocess/filtering/context-adjustments.ts +111 -0
  1083. package/src/postprocess/filtering/index.ts +10 -0
  1084. package/src/postprocess/filtering/pipeline.ts +130 -0
  1085. package/src/postprocess/index.ts +118 -0
  1086. package/src/{suppression → postprocess/suppression}/config-loader.ts +1 -1
  1087. package/src/{suppression → postprocess/suppression}/hash.ts +1 -1
  1088. package/src/{suppression → postprocess/suppression}/inline-parser.ts +1 -1
  1089. package/src/{suppression → postprocess/suppression}/manager.ts +1 -1
  1090. package/src/{suppression → postprocess/suppression}/types.ts +2 -2
  1091. package/src/postprocess/validation-cap.ts +66 -0
  1092. package/src/report/build-result.ts +94 -0
  1093. package/src/report/enrichment.ts +52 -0
  1094. package/src/report/formatters/__tests__/ai-context.test.ts +254 -0
  1095. package/src/report/formatters/ai-context.ts +302 -0
  1096. package/src/{formatters → report/formatters}/cli-terminal.ts +11 -11
  1097. package/src/{formatters → report/formatters}/github-comment.ts +4 -4
  1098. package/src/{formatters → report/formatters}/grouping.ts +8 -8
  1099. package/src/report/formatters/ide/__tests__/ide.test.ts +319 -0
  1100. package/src/report/formatters/ide/claude-code.ts +110 -0
  1101. package/src/report/formatters/ide/cursor.ts +147 -0
  1102. package/src/report/formatters/ide/index.ts +216 -0
  1103. package/src/report/formatters/ide/windsurf.ts +135 -0
  1104. package/src/{formatters → report/formatters}/index.ts +24 -0
  1105. package/src/{formatters → report/formatters}/vscode-diagnostic.ts +1 -1
  1106. package/src/report/summary.ts +70 -0
  1107. package/src/score/adjustments.ts +387 -0
  1108. package/src/{layer3/anthropic → score}/auto-dismiss.ts +26 -14
  1109. package/src/score/confidence.ts +66 -0
  1110. package/src/score/index.ts +316 -0
  1111. package/src/score/types.ts +187 -0
  1112. package/src/shared/__tests__/code-analysis.test.ts +165 -0
  1113. package/src/shared/__tests__/parsed-file.test.ts +124 -0
  1114. package/src/shared/ai-context/__tests__/manager.test.ts +193 -0
  1115. package/src/shared/ai-context/index.ts +15 -0
  1116. package/src/shared/ai-context/manager.ts +145 -0
  1117. package/src/{baseline → shared/baseline}/__tests__/diff.test.ts +2 -2
  1118. package/src/{baseline → shared/baseline}/__tests__/manager.test.ts +2 -2
  1119. package/src/{baseline → shared/baseline}/diff.ts +1 -1
  1120. package/src/{baseline → shared/baseline}/manager.ts +1 -1
  1121. package/src/shared/category-filter.ts +400 -0
  1122. package/src/{layer2/dangerous-functions/utils/control-flow.ts → shared/code-analysis.ts} +56 -39
  1123. package/src/shared/comment-analyzer.ts +249 -0
  1124. package/src/shared/environment-context.ts +304 -0
  1125. package/src/shared/intent-detector.ts +318 -0
  1126. package/src/shared/parsed-file.ts +103 -0
  1127. package/src/{rules → shared/rules}/__tests__/metadata.test.ts +7 -0
  1128. package/src/{rules → shared/rules}/framework-fixes.ts +1 -1
  1129. package/src/{rules → shared/rules}/metadata.ts +94 -0
  1130. package/src/shared/schema-semantics.ts +233 -0
  1131. package/src/{types.ts → shared/types.ts} +142 -11
  1132. package/src/tiers.ts +27 -10
  1133. package/src/validate/__tests__/context-extractor.test.ts +191 -0
  1134. package/src/validate/__tests__/prompt-assembly.test.ts +233 -0
  1135. package/src/validate/__tests__/request-builder.test.ts +347 -0
  1136. package/src/{layer3/anthropic → validate}/index.ts +8 -7
  1137. package/src/{layer3/anthropic → validate}/prompts/index.ts +2 -0
  1138. package/src/validate/prompts/modules/ai-patterns.ts +153 -0
  1139. package/src/validate/prompts/modules/auth-access.ts +22 -0
  1140. package/src/validate/prompts/modules/common.ts +183 -0
  1141. package/src/validate/prompts/modules/index.ts +204 -0
  1142. package/src/validate/prompts/modules/owasp-classic.ts +81 -0
  1143. package/src/validate/prompts/modules/secrets-crypto.ts +65 -0
  1144. package/src/validate/prompts/modules/xss-prompt.ts +19 -0
  1145. package/src/validate/prompts/validation.ts +20 -0
  1146. package/src/{layer3/anthropic → validate}/providers/anthropic.ts +28 -27
  1147. package/src/validate/providers/index.ts +8 -0
  1148. package/src/{layer3/anthropic → validate}/providers/openai.ts +30 -25
  1149. package/src/validate/request-builder.ts +448 -0
  1150. package/src/{layer3/anthropic → validate}/types.ts +1 -1
  1151. package/src/validate/utils/context-extractor.ts +220 -0
  1152. package/src/{layer3/anthropic → validate}/utils/index.ts +10 -0
  1153. package/src/{layer3/anthropic → validate}/utils/response-parser.ts +2 -1
  1154. package/src/layer3/anthropic/prompts/validation.ts +0 -419
  1155. package/src/layer3/anthropic/providers/index.ts +0 -8
  1156. package/src/layer3/anthropic/request-builder.ts +0 -150
  1157. package/src/layer3/index.ts +0 -168
  1158. /package/src/{layer3 → detect/config}/__tests__/osv-check.test.ts +0 -0
  1159. /package/src/{layer2 → detect/structural}/__tests__/math-random-enhanced.test.ts +0 -0
  1160. /package/src/{layer2 → detect/structural}/dangerous-functions/child-process.ts +0 -0
  1161. /package/src/{layer2 → detect/structural}/dangerous-functions/utils/helpers.ts +0 -0
  1162. /package/src/{layer2 → detect/structural}/dangerous-functions/utils/index.ts +0 -0
  1163. /package/src/{suppression → postprocess/suppression}/__tests__/config-loader.test.ts +0 -0
  1164. /package/src/{suppression → postprocess/suppression}/__tests__/hash.test.ts +0 -0
  1165. /package/src/{suppression → postprocess/suppression}/__tests__/inline-parser.test.ts +0 -0
  1166. /package/src/{suppression → postprocess/suppression}/__tests__/manager.test.ts +0 -0
  1167. /package/src/{suppression → postprocess/suppression}/index.ts +0 -0
  1168. /package/src/{baseline → shared/baseline}/index.ts +0 -0
  1169. /package/src/{baseline → shared/baseline}/types.ts +0 -0
  1170. /package/src/{utils → shared}/diff-detector.ts +0 -0
  1171. /package/src/{utils → shared}/diff-parser.ts +0 -0
  1172. /package/src/{utils → shared}/registry-clients.ts +0 -0
  1173. /package/src/{rules → shared/rules}/__tests__/framework-fixes.test.ts +0 -0
  1174. /package/src/{rules → shared/rules}/index.ts +0 -0
  1175. /package/src/{layer3/anthropic → validate}/clients.ts +0 -0
  1176. /package/src/{layer3/anthropic → validate}/prompts/semantic-analysis.ts +0 -0
  1177. /package/src/{layer3/anthropic → validate}/utils/path-helpers.ts +0 -0
  1178. /package/src/{layer3/anthropic → validate}/utils/retry.ts +0 -0
package/dist/detect/secrets/entropy.js ADDED
@@ -0,0 +1,751 @@
1
+ "use strict";
2
+ /**
3
+ * Layer 1: High-Entropy String Detection
4
+ * Uses Shannon entropy to detect potential secrets that don't match known patterns
5
+ */
6
+ Object.defineProperty(exports, "__esModule", { value: true });
7
+ exports.calculateEntropy = calculateEntropy;
8
+ exports.detectHighEntropyStrings = detectHighEntropyStrings;
9
+ const file_classifier_1 = require("../../parse/file-classifier");
10
+ // Base confidence for entropy-based findings (statistical, requires AI validation)
11
+ const BASE_CONFIDENCE = 0.30;
12
+ // Shannon entropy calculation
13
+ function calculateEntropy(str) {
14
+ if (str.length === 0)
15
+ return 0;
16
+ const freq = {};
17
+ for (const char of str) {
18
+ freq[char] = (freq[char] || 0) + 1;
19
+ }
20
+ let entropy = 0;
21
+ const len = str.length;
22
+ for (const char in freq) {
23
+ const p = freq[char] / len;
24
+ entropy -= p * Math.log2(p);
25
+ }
26
+ return entropy;
27
+ }
28
+ // Extract string literals from code
29
+ function extractStringLiterals(content) {
30
+ const strings = [];
31
+ const lines = content.split('\n');
32
+ // Patterns for string literals using unrolled loop pattern to prevent catastrophic backtracking
33
+ // Pattern explanation: "start [non-special-chars]* (escape-sequence [non-special-chars]*)* end"
34
+ // This avoids nested quantifiers that cause exponential backtracking
35
+ const patterns = [
36
+ /"[^"\\]{20,}(?:\\.[^"\\]*)*"/g, // Double-quoted strings 20+ chars (unrolled loop)
37
+ /'[^'\\]{20,}(?:\\.[^'\\]*)*'/g, // Single-quoted strings 20+ chars (unrolled loop)
38
+ /`[^`\\]{20,}(?:\\.[^`\\]*)*`/g, // Template literals 20+ chars (unrolled loop)
39
+ ];
40
+ lines.forEach((line, index) => {
41
+ for (const pattern of patterns) {
42
+ let match;
43
+ const regex = new RegExp(pattern.source, pattern.flags);
44
+ while ((match = regex.exec(line)) !== null) {
45
+ // Remove quotes and get the actual string value
46
+ const value = match[0].slice(1, -1);
47
+ strings.push({
48
+ value,
49
+ line: index + 1,
50
+ lineContent: line.trim(),
51
+ });
52
+ }
53
+ }
54
+ });
55
+ return strings;
56
+ }
57
+ // Check if string looks like a known safe pattern (URLs, paths, etc.)
58
+ function isSafePattern(str) {
59
+ const safePatterns = [
60
+ /^https?:\/\//i, // URLs
61
+ /^\/[a-z0-9_/-]+$/i, // File paths
62
+ /^\d{4}-\d{2}-\d{2}/, // Dates
63
+ /^[a-f0-9]{32}$/i, // MD5 hashes (often used as IDs)
64
+ /^[a-f0-9]{40}$/i, // SHA1 hashes
65
+ /^[a-f0-9]{64}$/i, // SHA256 hashes
66
+ /^data:[a-z]+\/[a-z]+;base64,/i, // Data URLs
67
+ /^[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,}$/i, // Emails
68
+ /^\s*$/, // Whitespace only
69
+ /^[a-z\s]+$/i, // Only letters and spaces (likely text)
70
+ /^\/?[\(\)\[\]\{\}\|\?\*\+\.\^\$\\:!_a-z0-9/-]+$/i, // Regex patterns (route matchers, etc.)
71
+ ];
72
+ return safePatterns.some(pattern => pattern.test(str));
73
+ }
74
+ // Check if string is a PEM header/footer (not an actual secret)
75
+ function isPEMHeader(str) {
76
+ const pemPatterns = [
77
+ /^-{3,}BEGIN\s+(PRIVATE|PUBLIC|RSA|DSA|EC|ENCRYPTED|CERTIFICATE)/i,
78
+ /^-{3,}END\s+(PRIVATE|PUBLIC|RSA|DSA|EC|ENCRYPTED|CERTIFICATE)/i,
79
+ /-----BEGIN\s+\w+\s+KEY-----/i,
80
+ /-----END\s+\w+\s+KEY-----/i,
81
+ ];
82
+ return pemPatterns.some(p => p.test(str));
83
+ }
84
+ // Check if string looks like encrypted/encoded content (not the key itself)
85
+ function isEncryptedContent(str, lineContent) {
86
+ // Patterns for encrypted content blocks (not the key)
87
+ const encryptedPatterns = [
88
+ /encrypted_content/i,
89
+ /ciphertext/i,
90
+ /encrypted_data/i,
91
+ /encrypted_value/i,
92
+ // Base64 encoded binary data (very long, uniform character set)
93
+ /^[A-Za-z0-9+/]{100,}={0,2}$/, // Long base64 strings are often encrypted payloads
94
+ ];
95
+ // Check line context for encrypted content indicators
96
+ const contextIndicators = [
97
+ /["']encrypted_content["']\s*:/i,
98
+ /["']ciphertext["']\s*:/i,
99
+ /gAAAA/, // Fernet encryption prefix
100
+ ];
101
+ return (encryptedPatterns.some(p => p.test(str)) ||
102
+ contextIndicators.some(p => p.test(lineContent)));
103
+ }
104
+ // Check if string looks like a JWT segment (base64url encoded, starts with eyJ)
105
+ function isJWTSegment(str) {
106
+ // JWT segments typically start with 'eyJ' (base64 for '{"')
107
+ // Full JWT format: header.payload.signature (all base64url)
108
+ if (str.startsWith('eyJ') && /^[A-Za-z0-9_-]+$/.test(str)) {
109
+ return true;
110
+ }
111
+ // Check for full JWT pattern (3 dot-separated base64url segments)
112
+ if (/^eyJ[A-Za-z0-9_-]+\.eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/.test(str)) {
113
+ return true;
114
+ }
115
+ return false;
116
+ }
117
+ // Check if string looks like a regex/route matcher pattern
118
+ function isRegexPattern(str) {
119
+ // Common regex metacharacters and patterns
120
+ const regexIndicators = ['(?', '(?!', '(?:', '(?=', '\\.', '\\.', '.*', '.+', '[^', '|', '$)', '^', '$'];
121
+ const indicatorCount = regexIndicators.filter(ind => str.includes(ind)).length;
122
+ // If it has multiple regex indicators, it's likely a regex pattern
123
+ return indicatorCount >= 2;
124
+ }
125
+ // Check if string is a template literal with code expressions
126
+ function isTemplateWithCode(str, lineContent) {
127
+ // Check if the line contains template literal syntax with expressions
128
+ if (!lineContent.includes('`') && !lineContent.includes('${')) {
129
+ return false;
130
+ }
131
+ // Multiple interpolations (3+) = formatting string, not a secret
132
+ const interpolationCount = (lineContent.match(/\$\{/g) || []).length;
133
+ if (interpolationCount >= 3) {
134
+ return true;
135
+ }
136
+ // Common code patterns inside template literals that create high entropy
137
+ const codePatterns = [
138
+ /\$\{[^}]*\.\w+\s*\(/, // Method call inside interpolation: ${x.foo()}
139
+ /\$\{\w+\s*\(/, // Function call inside interpolation: ${funcName(...)}
140
+ /\$\{[^}]*\?\.[^}]*\}/, // Optional chaining
141
+ /\$\{[^}]*\s*\?\s*[^:]+\s*:\s*[^}]+\}/, // Ternary operators
142
+ /var\s*\(\s*\$\{/, // CSS var() with template
143
+ /\$\{new\s+\w+\(/i, // Constructor calls: ${new Date()}
144
+ ];
145
+ return codePatterns.some(pattern => pattern.test(lineContent));
146
+ }
147
+ // Check if string is human-readable text/markdown content
148
+ function isHumanReadableContent(str) {
149
+ // Skip short strings
150
+ if (str.length < 30)
151
+ return false;
152
+ // Check for markdown indicators
153
+ const markdownIndicators = ['## ', '# ', '**', '- [ ]', '- ', '\n\n', '\\n'];
154
+ const hasMarkdown = markdownIndicators.some(ind => str.includes(ind));
155
+ // Check word-like pattern ratio (spaces between word-like tokens)
156
+ const words = str.split(/\s+/).filter(w => w.length > 0);
157
+ const wordLikeTokens = words.filter(w => /^[a-zA-Z][a-zA-Z0-9'-]*[:.!?,]?$/.test(w));
158
+ // If more than 50% of tokens look like words, it's probably text
159
+ const wordRatio = words.length > 0 ? wordLikeTokens.length / words.length : 0;
160
+ return hasMarkdown || wordRatio > 0.5;
161
+ }
162
+ // Check if string looks like a UI/display string (model names, descriptions, etc.)
163
+ function isUIString(str, lineContent) {
164
+ // Common UI string patterns
165
+ const uiPatterns = [
166
+ /['"`].*Claude.*['"`]/i,
167
+ /['"`].*GPT.*['"`]/i,
168
+ /['"`].*Sonnet.*['"`]/i,
169
+ /['"`].*for\s+(chat|embeddings|completion).*['"`]/i,
170
+ /['"`]Uses\s+/i,
171
+ /['"`]Note:\s*/i,
172
+ /placeholder['"`:]/i,
173
+ /description['"`:]/i,
174
+ /label['"`:]/i,
175
+ /title['"`:]/i,
176
+ /message['"`:]/i,
177
+ /tooltip['"`:]/i,
178
+ ];
179
+ return uiPatterns.some(pattern => pattern.test(lineContent));
180
+ }
181
+ // Check if string is in a React/JSX UI context (component props, JSX text)
182
+ function isJSXUIContext(lineContent) {
183
+ // JSX patterns that indicate UI context
184
+ const jsxUIPatterns = [
185
+ // Component props (common UI props)
186
+ /\b(placeholder|title|label|message|description|tooltip|alt|aria-label|name|id|className|testId|data-testid)\s*=\s*['"`]/i,
187
+ // JSX text children (text between tags)
188
+ />\s*['"`][^<]*['"`]\s*</,
189
+ // Common UI component names
190
+ /<(Button|Text|Label|Title|Heading|Paragraph|Span|Input|Tooltip|Badge|Alert|Toast)/i,
191
+ // Return statement with JSX template literal
192
+ /return\s+`[^`]*\$\{/,
193
+ // Template literals used for display
194
+ /['"`]Synced\s+/i,
195
+ /['"`]\d+\s*(h|hr|hour|m|min|minute|s|sec|second)s?\s+ago['"`]/i,
196
+ // Display formatting patterns
197
+ /\.toLocaleString\s*\(|\.toFixed\s*\(|\.padStart\s*\(/,
198
+ ];
199
+ return jsxUIPatterns.some(pattern => pattern.test(lineContent));
200
+ }
201
+ // Check if string is natural language (high ratio of common English words)
202
+ function isNaturalLanguage(str) {
203
+ // Skip short strings
204
+ if (str.length < 25)
205
+ return false;
206
+ // Common English words that appear in natural language
207
+ const commonWords = new Set([
208
+ 'the', 'a', 'an', 'is', 'are', 'was', 'were', 'be', 'been', 'being',
209
+ 'have', 'has', 'had', 'do', 'does', 'did', 'will', 'would', 'could',
210
+ 'should', 'may', 'might', 'must', 'shall', 'can', 'need', 'to', 'of',
211
+ 'in', 'for', 'on', 'with', 'at', 'by', 'from', 'up', 'about', 'into',
212
+ 'through', 'during', 'before', 'after', 'above', 'below', 'between',
213
+ 'under', 'again', 'further', 'then', 'once', 'here', 'there', 'when',
214
+ 'where', 'why', 'how', 'all', 'each', 'few', 'more', 'most', 'other',
215
+ 'some', 'such', 'no', 'nor', 'not', 'only', 'own', 'same', 'so', 'than',
216
+ 'too', 'very', 'just', 'also', 'now', 'and', 'but', 'or', 'if', 'as',
217
+ 'your', 'you', 'this', 'that', 'it', 'they', 'we', 'he', 'she', 'my',
218
+ 'their', 'our', 'his', 'her', 'its', 'ago', 'synced', 'updated', 'created',
219
+ ]);
220
+ // Split into words and count common ones
221
+ const words = str.toLowerCase().split(/\s+/).filter(w => w.length > 1);
222
+ if (words.length < 3)
223
+ return false;
224
+ const commonWordCount = words.filter(w => commonWords.has(w.replace(/[^a-z]/g, ''))).length;
225
+ const commonWordRatio = commonWordCount / words.length;
226
+ // If more than 30% of words are common English words, it's likely natural language
227
+ return commonWordRatio > 0.3;
228
+ }
229
+ // Check if string looks like CSS/Tailwind classes
230
+ function isCSSClasses(str) {
231
+ // Tailwind/CSS class patterns
232
+ const cssIndicators = [
233
+ 'flex', 'grid', 'block', 'inline', 'hidden',
234
+ 'items-', 'justify-', 'gap-', 'space-',
235
+ 'text-', 'font-', 'bg-', 'border-', 'rounded',
236
+ 'px-', 'py-', 'pt-', 'pb-', 'pl-', 'pr-', 'p-',
237
+ 'mx-', 'my-', 'mt-', 'mb-', 'ml-', 'mr-', 'm-',
238
+ 'w-', 'h-', 'min-', 'max-',
239
+ 'hover:', 'focus:', 'active:', 'disabled:',
240
+ 'sm:', 'md:', 'lg:', 'xl:', '2xl:',
241
+ 'dark:', 'light:',
242
+ 'transition', 'duration-', 'ease-',
243
+ 'absolute', 'relative', 'fixed', 'sticky',
244
+ 'top-', 'bottom-', 'left-', 'right-',
245
+ 'z-', 'overflow-', 'opacity-',
246
+ 'ring-', 'shadow-', 'outline-',
247
+ ];
248
+ // Count how many CSS-like tokens are in the string
249
+ const tokens = str.toLowerCase().split(/\s+/);
250
+ const cssTokenCount = tokens.filter(token => cssIndicators.some(indicator => token.includes(indicator))).length;
251
+ // If more than 30% of tokens look like CSS classes, it's probably CSS
252
+ return cssTokenCount > 0 && (cssTokenCount / tokens.length) > 0.3;
253
+ }
254
+ // Check if string looks like CSS-in-JS (styled-components, emotion, etc.)
255
+ function isCSSInJS(lineContent) {
256
+ const cssInJSPatterns = [
257
+ /styled\./, // styled.div, styled.button
258
+ /styled\(/, // styled(Component)
259
+ /css`/, // css`` template literal
260
+ /keyframes`/, // keyframes`` template literal
261
+ /@emotion/, // @emotion imports
262
+ /createGlobalStyle/, // styled-components global
263
+ /\$\{\s*props\s*=>/, // ${props => ...} in styled
264
+ /\$\{\s*\(\s*\{/, // ${({ theme }) => ...}
265
+ ];
266
+ return cssInJSPatterns.some(p => p.test(lineContent));
267
+ }
268
+ // Check if file is documentation/README
269
+ function isDocumentationFile(filePath) {
270
+ const docPatterns = [
271
+ /README/i,
272
+ /CHANGELOG/i,
273
+ /CONTRIBUTING/i,
274
+ /LICENSE/i,
275
+ /CODE_OF_CONDUCT/i,
276
+ /SECURITY/i,
277
+ /AUTHORS/i,
278
+ /HISTORY/i,
279
+ /\.md$/i,
280
+ /\.mdx$/i,
281
+ /\.rst$/i, // reStructuredText
282
+ /\.adoc$/i, // AsciiDoc
283
+ /\.txt$/i, // Plain text docs
284
+ /\/docs\//i,
285
+ /\/documentation\//i,
286
+ /\/wiki\//i,
287
+ /\/guides?\//i,
288
+ /\/tutorials?\//i,
289
+ /\/examples?\//i, // Example directories often have sample configs
290
+ ];
291
+ return docPatterns.some(p => p.test(filePath));
292
+ }
293
+ // Check if string is a logging/output statement content
294
+ function isDebugLogContent(lineContent) {
295
+ const debugPatterns = [
296
+ /console\.(log|debug|info|warn|error)\s*\(/i,
297
+ /logger\.(log|debug|info|warn|error)\s*\(/i,
298
+ /\bthis\.log\s*\(/i, // Instance method logging
299
+ /\bcore\.(info|debug|warning|error|notice)\s*\(/i, // GitHub Actions core
300
+ /\bvscode\.window\.show(Information|Warning|Error)Message\s*\(/i, // VS Code API
301
+ /\[.*Debug.*\]/i,
302
+ /\[.*Log.*\]/i,
303
+ ];
304
+ return debugPatterns.some(pattern => pattern.test(lineContent));
305
+ }
306
+ // Check if string looks like a CLI command or usage snippet (not a secret)
307
+ function isCommandLineSnippet(value, lineContent) {
308
+ // Common places where commands appear (help text, docs, quick fixes)
309
+ const commandContextPatterns = [
310
+ /\b(quickFix|command|example|usage|cli|help|hint)\b/i,
311
+ /\b(run|exec|execute|install)\b\s*:/i,
312
+ ];
313
+ // Shell/env assignment patterns
314
+ const envAssignmentPatterns = [
315
+ /^\s*(export\s+)?[A-Z_][A-Z0-9_]*=/, // export VAR=... or VAR=...
316
+ /\bNODE_OPTIONS=/i,
317
+ ];
318
+ // Command-like patterns (flags + known commands)
319
+ const commandPatterns = [
320
+ /^\s*\$\s+/, // shell prompt
321
+ /\s--[a-z0-9][a-z0-9-]*/i, // CLI flags
322
+ /\b(npm|pnpm|yarn|npx|node|bun|deno|git|curl|wget|oculum|python|pip|brew)\b/i,
323
+ ];
324
+ const hasCommandContext = commandContextPatterns.some(p => p.test(lineContent));
325
+ const looksLikeEnvAssignment = envAssignmentPatterns.some(p => p.test(value));
326
+ const looksLikeCommand = commandPatterns.some(p => p.test(value));
327
+ // Commands are usually multi-token and contain spaces
328
+ const hasMultipleTokens = value.trim().split(/\s+/).length >= 2;
329
+ return (hasCommandContext || looksLikeEnvAssignment || looksLikeCommand) && hasMultipleTokens;
330
+ }
331
+ /**
332
+ * Check if string is a SQL query (not a secret)
333
+ * SQL queries have high entropy due to mixed case keywords and table names
334
+ */
335
+ function isSQLQuery(value, lineContent) {
336
+ const sqlPatterns = [
337
+ /\bSELECT\s+/i,
338
+ /\bINSERT\s+INTO\b/i,
339
+ /\bUPDATE\s+.*\bSET\b/i,
340
+ /\bDELETE\s+FROM\b/i,
341
+ /\bCREATE\s+(TABLE|INDEX|DATABASE)\b/i,
342
+ /\bALTER\s+TABLE\b/i,
343
+ /\bDROP\s+(TABLE|INDEX|DATABASE)\b/i,
344
+ /\bJOIN\s+.*\bON\b/i,
345
+ /\bWHERE\s+/i,
346
+ /\bGROUP\s+BY\b/i,
347
+ /\bORDER\s+BY\b/i,
348
+ /\bHAVING\s+/i,
349
+ /\bUNION\s+/i,
350
+ ];
351
+ // Tagged template literal SQL context
352
+ const sqlContextPatterns = [
353
+ /\bsql`/i, // Drizzle, Kysely, etc.
354
+ /\bprisma\.\$queryRaw/i,
355
+ /\.query\s*\(/i,
356
+ /\.execute\s*\(/i,
357
+ /\.raw\s*\(/i,
358
+ ];
359
+ return (sqlPatterns.some(p => p.test(value)) ||
360
+ sqlContextPatterns.some(p => p.test(lineContent)));
361
+ }
362
+ /**
363
+ * Check if string is an i18n/translation string (not a secret)
364
+ * Internationalization strings can have high entropy
365
+ */
366
+ function isI18nString(value, lineContent) {
367
+ const i18nPatterns = [
368
+ /defaultMessage\s*:/i,
369
+ /\bt\s*\(/i, // t('key')
370
+ /\bi18n\./i,
371
+ /\buseTranslation/i,
372
+ /\bformatMessage\s*\(/i,
373
+ /\bintl\./i,
374
+ /\bmsg`/i, // Lingui msg tagged template
375
+ /\btrans\s*\(/i,
376
+ /\b_\s*\(/i, // Common i18n alias
377
+ /description\s*:/i, // Often i18n context
378
+ /\bLocale/i,
379
+ ];
380
+ // Check if file is in i18n/locales directory
381
+ const isI18nFile = /\/(i18n|locales?|translations?|messages?)\//i.test(value);
382
+ return i18nPatterns.some(p => p.test(lineContent)) || isI18nFile;
383
+ }
384
+ /**
385
+ * Check if string is a CSS transform or animation value (not a secret)
386
+ */
387
+ function isCSSTransformOrAnimation(value) {
388
+ const transformPatterns = [
389
+ /\btranslate(?:3d|X|Y|Z)?\s*\(/i,
390
+ /\brotate(?:3d|X|Y|Z)?\s*\(/i,
391
+ /\bscale(?:3d|X|Y|Z)?\s*\(/i,
392
+ /\bskew(?:X|Y)?\s*\(/i,
393
+ /\bmatrix(?:3d)?\s*\(/i,
394
+ /\bperspective\s*\(/i,
395
+ /\bcubic-bezier\s*\(/i,
396
+ /\bsteps\s*\(/i,
397
+ /\b(ease|linear|ease-in|ease-out|ease-in-out)\b/i,
398
+ /\btransform:\s*/i,
399
+ /\banimation:\s*/i,
400
+ /\btransition:\s*/i,
401
+ /\b@keyframes\b/i,
402
+ ];
403
+ return transformPatterns.some(p => p.test(value));
404
+ }
405
+ /**
406
+ * Check if string is a URL template/path pattern (not a secret)
407
+ * API routes and URL patterns can have high entropy
408
+ */
409
+ function isURLTemplate(value) {
410
+ // URL path with template variables
411
+ const urlTemplatePatterns = [
412
+ /^\/[a-zA-Z0-9_-]+(?:\/[a-zA-Z0-9_-]+)*(?:\/\$\{[^}]+\}|\/:[\w]+)+/, // /api/users/${id} or /api/users/:id
413
+ /^https?:\/\/[^/]+\/.*\$\{/, // Full URL with template
414
+ /\/\[[\w]+\]\//, // Next.js dynamic routes: /[slug]/
415
+ /\/\[\.\.\.[^\]]+\]/, // Next.js catch-all: /[...slug]
416
+ /\/:[\w]+\//, // Express-style params: /:id/
417
+ /\{[\w]+\}/, // OpenAPI-style params: {userId}
418
+ ];
419
+ return urlTemplatePatterns.some(p => p.test(value));
420
+ }
421
+ /**
422
+ * Check if string is a blockchain address (not a secret)
423
+ * Public blockchain addresses have high entropy but are meant to be public
424
+ */
425
+ function isBlockchainAddress(value) {
426
+ const blockchainPatterns = [
427
+ // Ethereum addresses (0x followed by 40 hex chars)
428
+ /^0x[a-fA-F0-9]{40}$/,
429
+ // Bitcoin addresses (various formats)
430
+ /^[13][a-km-zA-HJ-NP-Z1-9]{25,34}$/, // Legacy P2PKH
431
+ /^3[a-km-zA-HJ-NP-Z1-9]{25,34}$/, // P2SH
432
+ /^bc1[a-z0-9]{39,59}$/, // Bech32
433
+ // Solana addresses (base58, 32-44 chars)
434
+ /^[1-9A-HJ-NP-Za-km-z]{32,44}$/,
435
+ ];
436
+ return blockchainPatterns.some(p => p.test(value));
437
+ }
438
+ /**
439
+ * Check if string is shader/WebGL code (not a secret)
440
+ * Shader code has high entropy due to mathematical notation
441
+ */
442
+ function isShaderCode(value, lineContent) {
443
+ const shaderPatterns = [
444
+ // GLSL keywords and functions
445
+ /\bgl_\w+\b/, // gl_Position, gl_FragColor, etc.
446
+ /\bvec[234]\s*\(/, // vec2(), vec3(), vec4()
447
+ /\bmat[234]\s*\(/, // mat2(), mat3(), mat4()
448
+ /\buniform\s+\w+/, // uniform declarations
449
+ /\bvarying\s+\w+/, // varying declarations
450
+ /\battribute\s+\w+/, // attribute declarations
451
+ /\bprecision\s+(highp|mediump|lowp)/,
452
+ /\bfloat\s+\w+\s*=/, // float variable declarations
453
+ /\bsampler2D\b/,
454
+ /\btexture2D\s*\(/,
455
+ /\bnormalize\s*\(/,
456
+ /\bdot\s*\(/,
457
+ /\bcross\s*\(/,
458
+ /\bmix\s*\(/,
459
+ /\bclamp\s*\(/,
460
+ /\bstep\s*\(/,
461
+ /\bsmoothstep\s*\(/,
462
+ // WebGL context indicators
463
+ /\bWebGLRenderingContext\b/,
464
+ /\.createShader\s*\(/,
465
+ /\.shaderSource\s*\(/,
466
+ /\.compileShader\s*\(/,
467
+ ];
468
+ return shaderPatterns.some(p => p.test(value) || p.test(lineContent));
469
+ }
470
+ // Check if string is inline style (JSX or HTML)
471
+ function isInlineStyle(lineContent) {
472
+ // JSX inline styles
473
+ const jsxStylePatterns = [
474
+ /style\s*=\s*\{\{/, // style={{...}}
475
+ /style\s*=\s*\{[^}]*:/, // style={{ color: ... }}
476
+ /className\s*=\s*["`'][^"`']*gradient/i, // gradient classes
477
+ /className\s*=\s*["`'][^"`']*bg-/i, // bg- classes
478
+ ];
479
+ // HTML inline styles
480
+ const htmlStylePatterns = [
481
+ /style\s*=\s*["'][^"']*:/, // style="color: ..."
482
+ /<style[^>]*>/i, // <style> tags
483
+ /background:\s*linear-gradient/i, // CSS gradients
484
+ /background:\s*radial-gradient/i, // Radial gradients
485
+ ];
486
+ return [...jsxStylePatterns, ...htmlStylePatterns].some(p => p.test(lineContent));
487
+ }
488
+ // Check if string contains CSS tokens (colors, units, functions)
489
+ function hasCSSTokens(str) {
490
+ const cssTokens = [
491
+ // CSS units
492
+ /\d+px\b/, /\d+%\b/, /\d+em\b/, /\d+rem\b/, /\d+deg\b/, /\d+vh\b/, /\d+vw\b/,
493
+ // Hex colors (standalone or in context)
494
+ /#[0-9a-f]{3,8}\b/i,
495
+ // CSS color functions
496
+ /rgb\s*\(/, /rgba\s*\(/, /hsl\s*\(/, /hsla\s*\(/,
497
+ /oklab\s*\(/, /oklch\s*\(/, /lab\s*\(/, /lch\s*\(/, // Modern color functions
498
+ // CSS gradients (all types)
499
+ /linear-gradient/, /radial-gradient/, /conic-gradient/,
500
+ /repeating-linear-gradient/, /repeating-radial-gradient/,
501
+ // Gradient direction keywords (Tailwind-style)
502
+ /\bfrom-/, /\bto-/, /\bvia-/,
503
+ // CSS custom properties
504
+ /var\s*\(--/,
505
+ // Common CSS properties
506
+ /\bopacity\s*:\s*[\d.]+/,
507
+ /\btransform\s*:/,
508
+ /\btransition\s*:/,
509
+ /\banimation\s*:/,
510
+ // Box shadow patterns
511
+ /\bshadow-/, /box-shadow/,
512
+ /\d+px\s+\d+px\s+\d+px/, // Shadow offset pattern
513
+ // Color stops in gradients
514
+ /\b\d+%\s*(,|$)/, // Percentage color stops
515
+ ];
516
+ // Single strong indicators (only need 1 match)
517
+ const strongIndicators = [
518
+ /^#[0-9a-f]{6}$/i, // Standalone 6-digit hex color
519
+ /^#[0-9a-f]{8}$/i, // Standalone 8-digit hex color with alpha
520
+ /linear-gradient\s*\(/, // Gradient function
521
+ /radial-gradient\s*\(/,
522
+ /conic-gradient\s*\(/,
523
+ /rgba?\s*\(\s*\d/, // rgb/rgba with numbers
524
+ /hsla?\s*\(\s*\d/, // hsl/hsla with numbers
525
+ ];
526
+ // If any strong indicator matches, it's definitely CSS
527
+ if (strongIndicators.some(pattern => pattern.test(str))) {
528
+ return true;
529
+ }
530
+ // Must match at least 2 CSS indicators to be confident it's CSS
531
+ const tokenCount = cssTokens.filter(pattern => pattern.test(str)).length;
532
+ return tokenCount >= 2;
533
+ }
534
+ // Check if value/line contains environment variable placeholders (shell scripts, test files)
535
+ function isEnvVarPlaceholder(lineContent, value) {
536
+ // Shell script patterns
537
+ const shellEnvPatterns = [
538
+ /\$[A-Z_][A-Z0-9_]*/, // $VAR_NAME
539
+ /\$\{[A-Z_][A-Z0-9_]*\}/, // ${VAR_NAME}
540
+ /\bexport\s+[A-Z_][A-Z0-9_]*=["']?\$/, // export VAR=$OTHER
541
+ /:\s*\$\{[A-Z_][A-Z0-9_]*:-/, // ${VAR:-default}
542
+ ];
543
+ // Test file env var patterns (common placeholder names)
544
+ const testEnvPatterns = [
545
+ /FREE_KEY|PRO_KEY|ULTRA_KEY|TEST_KEY/i,
546
+ /BASE_URL|API_URL|ENDPOINT_URL/i,
547
+ /YOUR_[A-Z_]*KEY|REPLACE_[A-Z_]*KEY/i,
548
+ /\$\{?\w+\}?_KEY|\$\{?\w+\}?_TOKEN/i, // $SOME_KEY, ${SOME_TOKEN}
549
+ ];
550
+ return (shellEnvPatterns.some(p => p.test(lineContent)) ||
551
+ testEnvPatterns.some(p => p.test(value)) ||
552
+ testEnvPatterns.some(p => p.test(lineContent)));
553
+ }
554
+ /**
555
+ * Check if string is a CSS calc pattern or similar dynamic expression
556
+ * These can have high entropy but are not secrets
557
+ */
558
+ function isCSSCalcOrExpression(value, lineContent) {
559
+ const calcPatterns = [
560
+ // CSS calc with template literal: `${(100 / steps.length) * order}%`
561
+ /\$\{[^}]*\/[^}]*\}.*%/,
562
+ // CSS calc function
563
+ /calc\s*\(/i,
564
+ // Window env injection: `window.__ENV__ = ${JSON.stringify(env)}`
565
+ /window\.__[A-Z_]+__\s*=/,
566
+ // Boolean expressions with process.env
567
+ /&&.*process\.env\.|process\.env\.\w+\s*&&/,
568
+ // Path construction patterns: `/path/${var}/endpoint`
569
+ /\/[^/]+\/\$\{[^}]+\}\/[^/]+/,
570
+ // Array/object destructuring patterns
571
+ /\[\s*\d+\s*\]\s*=/,
572
+ // Numeric calculations in template literals
573
+ /\$\{\s*\d+\s*[\/*+-]\s*\d+/,
574
+ // JSON.stringify in template
575
+ /JSON\.stringify\s*\(/,
576
+ // Object spread/spread operator patterns
577
+ /\.\.\.\w+/,
578
+ ];
579
+ return calcPatterns.some(p => p.test(value) || p.test(lineContent));
580
+ }
581
+ /**
582
+ * Check if file is minified JavaScript
583
+ * Minified files have high entropy strings that are NOT secrets
584
+ */
585
+ function isMinifiedFile(filePath) {
586
+ const minifiedPatterns = [
587
+ /\.min\.js$/i,
588
+ /\.min\.mjs$/i,
589
+ /\.min\.cjs$/i,
590
+ /\.bundle\.js$/i,
591
+ /-min\.js$/i,
592
+ /\.packed\.js$/i,
593
+ /\.compressed\.js$/i,
594
+ /\/dist\/.*\.js$/i, // dist/ typically contains bundled/minified output
595
+ /\/build\/.*\.js$/i, // build/ output directories
596
+ /\/vendor\//i, // vendor directories
597
+ /\/node_modules\//i, // node_modules should never be scanned anyway
598
+ ];
599
+ return minifiedPatterns.some(p => p.test(filePath));
600
+ }
601
+ function detectHighEntropyStrings(content, filePath, options) {
602
+ const vulnerabilities = [];
603
+ // Skip minified files - they have high entropy but no actual secrets
604
+ if (isMinifiedFile(filePath)) {
605
+ return vulnerabilities;
606
+ }
607
+ // Skip scanner/fixture files to avoid self-detection
608
+ if ((0, file_classifier_1.isScannerOrFixtureFile)(filePath)) {
609
+ return vulnerabilities;
610
+ }
611
+ // Skip fixture files (__fixtures__, .fixture., mock-data, etc.)
612
+ if ((0, file_classifier_1.isFixtureFile)(filePath)) {
613
+ return vulnerabilities;
614
+ }
615
+ // Skip example files
616
+ if ((0, file_classifier_1.isExampleFile)(filePath)) {
617
+ return vulnerabilities;
618
+ }
619
+ // Skip example directories (/examples/, /demos/, /tutorials/, etc.)
620
+ if ((0, file_classifier_1.isExampleDirectory)(filePath)) {
621
+ return vulnerabilities;
622
+ }
623
+ // Skip documentation/README files
624
+ if (isDocumentationFile(filePath)) {
625
+ return vulnerabilities;
626
+ }
627
+ const strings = extractStringLiterals(content);
628
+ for (const { value, line, lineContent } of strings) {
629
+ // Skip comments
630
+ if ((0, file_classifier_1.isComment)(lineContent))
631
+ continue;
632
+ // Skip PEM headers/footers (they look high-entropy but aren't secrets)
633
+ if (isPEMHeader(value))
634
+ continue;
635
+ // Skip encrypted content blocks (the payload, not the key)
636
+ if (isEncryptedContent(value, lineContent))
637
+ continue;
638
+ // Skip JWT segments (handled by patterns.ts for specific detection)
639
+ if (isJWTSegment(value))
640
+ continue;
641
+ // Skip inline styles (CSS/JSX style={{...}} or style="...")
642
+ if (isInlineStyle(lineContent))
643
+ continue;
644
+ // Skip strings with CSS tokens (colors, gradients, units)
645
+ if (hasCSSTokens(value))
646
+ continue;
647
+ // Skip environment variable placeholders (shell scripts, test files)
648
+ if (isEnvVarPlaceholder(lineContent, value))
649
+ continue;
650
+ // Skip CSS calc patterns and dynamic expressions
651
+ if (isCSSCalcOrExpression(value, lineContent))
652
+ continue;
653
+ // Skip safe patterns
654
+ if (isSafePattern(value))
655
+ continue;
656
+ // Skip CSS/Tailwind class strings
657
+ if (isCSSClasses(value))
658
+ continue;
659
+ // Skip CSS-in-JS patterns (styled-components, emotion)
660
+ if (isCSSInJS(lineContent))
661
+ continue;
662
+ // Skip debug log statements (they often contain env var names which look high-entropy)
663
+ if (isDebugLogContent(lineContent))
664
+ continue;
665
+ // Skip CLI command/usage snippets (flags/commands can look high-entropy)
666
+ if (isCommandLineSnippet(value, lineContent))
667
+ continue;
668
+ // Skip SQL queries (SELECT, INSERT, etc. have high entropy but aren't secrets)
669
+ if (isSQLQuery(value, lineContent))
670
+ continue;
671
+ // Skip i18n/translation strings
672
+ if (isI18nString(value, lineContent))
673
+ continue;
674
+ // Skip CSS transforms/animations
675
+ if (isCSSTransformOrAnimation(value))
676
+ continue;
677
+ // Skip URL templates and path patterns
678
+ if (isURLTemplate(value))
679
+ continue;
680
+ // Skip blockchain addresses (public, not secrets)
681
+ if (isBlockchainAddress(value))
682
+ continue;
683
+ // Skip shader/WebGL code (high entropy but not secrets)
684
+ if (isShaderCode(value, lineContent))
685
+ continue;
686
+ // Skip regex/route matcher patterns
687
+ if (isRegexPattern(value))
688
+ continue;
689
+ // Skip template literals with code expressions (they look high-entropy but aren't secrets)
690
+ if (isTemplateWithCode(value, lineContent))
691
+ continue;
692
+ // Skip human-readable text/markdown content
693
+ if (isHumanReadableContent(value))
694
+ continue;
695
+ // Skip UI strings (model names, descriptions, etc.)
696
+ if (isUIString(value, lineContent))
697
+ continue;
698
+ // Skip JSX UI context (component props, JSX text - like "Synced ${hours}h ago")
699
+ if (isJSXUIContext(lineContent))
700
+ continue;
701
+ // Skip natural language strings (high ratio of common English words)
702
+ if (isNaturalLanguage(value))
703
+ continue;
704
+ // Calculate entropy
705
+ const entropy = calculateEntropy(value);
706
+ // Determine if this is a test file (lower severity)
707
+ const inTestFile = (0, file_classifier_1.isTestOrMockFile)(filePath);
708
+ // Two thresholds:
709
+ // - entropy > 4.5 for strings > 20 chars (standard)
710
+ // - entropy > 4.2 for strings 16-20 chars (slightly stricter to reduce FPs)
711
+ const meetsThreshold = (entropy > 4.5 && value.length > 20) ||
712
+ (entropy > 4.2 && value.length >= 16 && value.length <= 20);
713
+ if (meetsThreshold) {
714
+ // Additional check: should have mix of character types
715
+ const hasLower = /[a-z]/.test(value);
716
+ const hasUpper = /[A-Z]/.test(value);
717
+ const hasDigit = /[0-9]/.test(value);
718
+ const hasSpecial = /[^a-zA-Z0-9]/.test(value);
719
+ const charTypes = [hasLower, hasUpper, hasDigit, hasSpecial].filter(Boolean).length;
720
+ // Only flag if it has at least 2 character types (looks like a secret)
721
+ if (charTypes >= 2) {
722
+ // Final check: skip CSS-like strings that passed earlier filters
723
+ const looksLikeCSS = /gradient|rgba?|hsla?|#[0-9a-f]{3,8}/i.test(value);
724
+ if (looksLikeCSS)
725
+ continue;
726
+ // Lower severity for test files
727
+ const baseSeverity = entropy > 5.0 ? 'high' : 'medium';
728
+ const severity = inTestFile ? 'low' : baseSeverity;
729
+ const confidence = inTestFile ? 'low' : (entropy > 5.0 ? 'high' : 'medium');
730
+ vulnerabilities.push({
731
+ id: `entropy-${filePath}-${line}`,
732
+ filePath,
733
+ lineNumber: line,
734
+ lineContent,
735
+ severity,
736
+ category: 'high_entropy_string',
737
+ title: 'Potential hardcoded secret detected',
738
+ description: `High-entropy string found (entropy: ${entropy.toFixed(2)}). This may be a hardcoded secret, API key, or password.${inTestFile ? ' (in test file)' : ''}`,
739
+ suggestedFix: 'Move this value to an environment variable and access it via process.env',
740
+ confidence,
741
+ baseConfidence: BASE_CONFIDENCE,
742
+ layer: 1,
743
+ source: 'secrets',
744
+ requiresAIValidation: true, // Entropy findings must be validated by AI
745
+ });
746
+ }
747
+ }
748
+ }
749
+ return vulnerabilities;
750
+ }
751
+ //# sourceMappingURL=entropy.js.map