@oculum/scanner 1.0.11 → 1.0.13

package/dist/layer2/logic-gates.js

@@ -6,6 +6,8 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.detectLogicGates = detectLogicGates;
 const context_helpers_1 = require("../utils/context-helpers");
+const comment_analyzer_1 = require("../utils/comment-analyzer");
+const intent_detector_1 = require("../utils/intent-detector");
 // Patterns for security bypass logic
 const LOGIC_PATTERNS = [
     // Development mode bypasses
@@ -31,13 +33,9 @@ const LOGIC_PATTERNS = [
         description: 'Hardcoded truthy condition may bypass authentication',
         suggestedFix: 'Remove hardcoded bypass and implement proper authentication check',
     },
-    {
-        name: 'Commented auth check',
-        pattern: /\/\/\s*(if|await|return).*auth|\/\/.*verify.*token|\/\/.*check.*permission/gi,
-        severity: 'high',
-        description: 'Commented out authentication/authorization code detected',
-        suggestedFix: 'Remove commented code or restore the security check',
-    },
+    // NOTE: 'Commented auth check' pattern has been replaced with smart comment analysis
+    // The isDisabledAuthComment() function distinguishes explanatory comments from disabled code
+    // This is handled specially in detectLogicGates() below
     // Skip validation patterns
     {
         name: 'Validation skip',
@@ -85,15 +83,20 @@ const LOGIC_PATTERNS = [
         description: 'SSL/TLS certificate verification disabled',
         suggestedFix: 'Enable SSL verification to prevent man-in-the-middle attacks',
     },
-    // Insecure comparisons
+    // Insecure comparisons - ONLY flag actual secret comparisons
+    // Timing attacks are only relevant when comparing cryptographic secrets
+    // Do NOT flag: error codes, UI state, null checks, empty strings, route IDs, type checks
     {
         name: 'Timing attack vulnerable comparison',
-        pattern: /===?\s*['"][^'"]{20,}['"]|password\s*===?\s*|token\s*===?\s*|secret\s*===?\s*/gi,
+        // Only match explicit secret-related variable names being compared with ===
+        // This avoids flagging general string comparisons which are not timing-sensitive
+        pattern: /\b(password|secret|token|apiKey|api_key|credential|hash|digest|signature|privateKey|private_key|secretKey|secret_key)\s*===?\s*['"][^'"]+['"]/gi,
         severity: 'medium',
-        description: 'Direct string comparison may be vulnerable to timing attacks',
+        description: 'Direct comparison of secret value may be vulnerable to timing attacks',
         suggestedFix: 'Use constant-time comparison for secrets (e.g., crypto.timingSafeEqual)',
     },
-    // Unsafe redirects
+    // Unsafe redirects - NOTE: Now uses intent detection to distinguish from React state setters
+    // The pattern is checked, but isReactStateSetter() is used to skip false positives
     {
         name: 'Open redirect vulnerability',
         pattern: /redirect\s*\(\s*(req\.(query|params|body)\.|request\.|url\.)/gi,
@@ -118,24 +121,32 @@ function isComment(line) {
         trimmed.startsWith('*') ||
         trimmed.startsWith('/*'));
 }
-function detectLogicGates(content, filePath) {
+function detectLogicGates(content, filePath, options) {
     const vulnerabilities = [];
     // Skip scanner/fixture files to avoid self-detection
     if ((0, context_helpers_1.isScannerOrFixtureFile)(filePath))
         return vulnerabilities;
-    const lines = content.split('\n');
+    const lines = options?.parsed?.lines ?? content.split('\n');
     // Check each line against patterns
     lines.forEach((line, index) => {
-        // Don't skip comments for the "commented auth check" pattern
-        const shouldSkipComments = !line.trim().startsWith('//');
+        // Skip comment lines (handled separately below for auth comments)
+        if (isComment(line)) {
+            return;
+        }
         for (const logicPattern of LOGIC_PATTERNS) {
-            // Skip comment lines for most patterns
-            if (shouldSkipComments && isComment(line) &&
-                logicPattern.name !== 'Commented auth check') {
-                continue;
-            }
             const regex = new RegExp(logicPattern.pattern.source, logicPattern.pattern.flags);
             if (regex.test(line)) {
+                // Special handling for redirect patterns - check if it's actually a React state setter
+                if (logicPattern.name === 'Open redirect vulnerability') {
+                    if ((0, intent_detector_1.isReactStateSetter)(line)) {
+                        // This is a React state setter like setState(), not a redirect
+                        continue;
+                    }
+                    if (!(0, intent_detector_1.isActualRedirect)(line)) {
+                        // This doesn't look like an actual redirect function
+                        continue;
+                    }
+                }
                 vulnerabilities.push({
                     id: `logic-${filePath}-${index + 1}-${logicPattern.name}`,
                     filePath,
@@ -153,6 +164,29 @@ function detectLogicGates(content, filePath) {
             }
         }
     });
+    // Smart comment analysis for disabled auth patterns
+    // Only flag comments that are genuinely disabled code, not explanatory comments
+    lines.forEach((line, index) => {
+        // Check if this is a comment line with auth-related content
+        if (isComment(line) && /auth|permission|verify|check|token/i.test(line)) {
+            // Use smart analysis to determine if this is disabled code
+            if ((0, comment_analyzer_1.isDisabledAuthComment)(lines, index)) {
+                vulnerabilities.push({
+                    id: `logic-${filePath}-${index + 1}-commented-auth-check`,
+                    filePath,
+                    lineNumber: index + 1,
+                    lineContent: line.trim(),
+                    severity: 'high',
+                    category: 'security_bypass',
+                    title: 'Commented auth check',
+                    description: 'Commented out authentication/authorization code detected. This may indicate disabled security controls.',
+                    suggestedFix: 'Remove commented code or restore the security check',
+                    confidence: 'medium',
+                    layer: 2,
+                });
+            }
+        }
+    });
     // Multi-line pattern detection (for more complex patterns)
     const multiLineFindings = detectMultiLinePatterns(content, filePath);
     vulnerabilities.push(...multiLineFindings);

package/dist/layer2/logic-gates.js.map

@@ -1 +1 @@
-{"version":3,"file":"logic-gates.js","sourceRoot":"","sources":["../../src/layer2/logic-gates.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAiIH,4CAiDC;AA/KD,8DAAiE;AAUjE,qCAAqC;AACrC,MAAM,cAAc,GAAmB;IACrC,4BAA4B;IAC5B;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,oHAAoH;QAC7H,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,wDAAwD;QACrE,YAAY,EAAE,mFAAmF;KAClG;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,yEAAyE;QAClF,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,2EAA2E;QACxF,YAAY,EAAE,qEAAqE;KACpF;IACD,gBAAgB;IAChB;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,8DAA8D;QACvE,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,sDAAsD;QACnE,YAAY,EAAE,mEAAmE;KAClF;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,8EAA8E;QACvF,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,0DAA0D;QACvE,YAAY,EAAE,qDAAqD;KACpE;IACD,2BAA2B;IAC3B;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,iFAAiF;QAC1F,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sCAAsC;QACnD,YAAY,EAAE,gEAAgE;KAC/E;IACD,sBAAsB;IACtB;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,6DAA6D;QACtE,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,8CAA8C;QAC3D,YAAY,EAAE,sDAAsD;KACrE;IACD,kBAAkB;IAClB;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,oDAAoD;QAC7D,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,qDAAqD;QAClE,YAAY,EAAE,6DAA6D;KAC5E;IACD,qBAAqB;IACrB;QACE,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EAAE,sCAAsC;QAC/C,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,4CAA4C;QACzD,YAAY,EAAE,0CAA0C;KACzD;IACD,6BAA6B;IAC7B;QACE,IAAI,EAAE,0BAA0B;QAChC,OAAO,EAAE,iEAAiE;QAC1E,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,qCAAqC;QAClD,YAAY,EAAE,oDAAoD;KACnE;IACD;QACE,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,2GAA2G;QACpH,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,2CAA2C;QACxD,YAAY,EAAE,8DAA8D;KAC7E;IACD,uBAAuB;IACvB;QACE,IAAI,EAAE,qCAAqC;QAC3C,OAAO,EAAE,iFAAiF;QAC1F,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,8DAA8D;QAC3E,YAAY,EAAE,yEAAyE;KACxF;IACD,mBAAmB;IACnB;QACE,IAAI,EAAE,6BAA6B;QACnC,OAAO,EAAE,gEAAgE;QACzE,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,8DAA8D;QAC3E,YAAY,EAAE,gEAAgE;KAC/E;IACD,2BAA2B;IAC3B;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,qGAAqG;QAC9G,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,4CAA4C;QACzD,YAAY,EAAE,yDAAyD;KACxE;CACF,CAAA;AAED,6BAA6B;AAC7B,SAAS,SAAS,CAAC,IAAY;IAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;IAC3B,OAAO,CACL,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;QACxB,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QACvB,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QACvB,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CACzB,CAAA;AACH,CAAC;AAED,SAAgB,gBAAgB,CAC9B,OAAe,EACf,QAAgB;IAEhB,MAAM,eAAe,GAAoB,EAAE,CAAA;IAE3C,qDAAqD;IACrD,IAAI,IAAA,wCAAsB,EAAC,QAAQ,CAAC;QAAE,OAAO,eAAe,CAAA;IAE5D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAEjC,mCAAmC;IACnC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,6DAA6D;QAC7D,MAAM,kBAAkB,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;QAExD,KAAK,MAAM,YAAY,IAAI,cAAc,EAAE,CAAC;YAC1C,uCAAuC;YACvC,IAAI,kBAAkB,IAAI,SAAS,CAAC,IAAI,CAAC;gBACrC,YAAY,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;gBACjD,SAAQ;YACV,CAAC;YAED,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;YAEjF,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrB,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,SAAS,QAAQ,IAAI,KAAK,GAAG,CAAC,IAAI,YAAY,CAAC,IAAI,EAAE;oBACzD,QAAQ;oBACR,UAAU,EAAE,KAAK,GAAG,CAAC;oBACrB,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;oBACxB,QAAQ,EAAE,YAAY,CAAC,QAAQ;oBAC/B,QAAQ,EAAE,iBAAiB;oBAC3B,KAAK,EAAE,YAAY,CAAC,IAAI;oBACxB,WAAW,EAAE,YAAY,CAAC,WAAW;oBACrC,YAAY,EAAE,YAAY,CAAC,YAAY;oBACvC,UAAU,EAAE,QAAQ;oBACpB,KAAK,EAAE,CAAC;iBACT,CAAC,CAAA;gBACF,MAAK,CAAC,4BAA4B;YACpC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,2DAA2D;IAC3D,MAAM,iBAAiB,GAAG,uBAAuB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;IACpE,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,CAAA;IAE1C,OAAO,eAAe,CAAA;AACxB,CAAC;AAED,2CAA2C;AAC3C,SAAS,uBAAuB,CAAC,OAAe,EAAE,QAAgB;IAChE,MAAM,eAAe,GAAoB,EAAE,CAAA;IAC3C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAEjC,wDAAwD;IACxD,MAAM,eAAe,GAAG,uEAAuE,CAAA;IAC/F,IAAI,KAAK,CAAA;IAET,OAAO,CAAC,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACxD,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAA;QACvE,eAAe,CAAC,IAAI,CAAC;YACnB,EAAE,EAAE,mBAAmB,QAAQ,IAAI,UAAU,EAAE;YAC/C,QAAQ;YACR,UAAU;YACV,WAAW,EAAE,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,OAAO;YACrD,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,iBAAiB;YAC3B,KAAK,EAAE,uBAAuB;YAC9B,WAAW,EAAE,sEAAsE;YACnF,YAAY,EAAE,wDAAwD;YACtE,UAAU,EAAE,KAAK;YACjB,KAAK,EAAE,CAAC;SACT,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC"}
+{"version":3,"file":"logic-gates.js","sourceRoot":"","sources":["../../src/layer2/logic-gates.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAqIH,4CAkFC;AAnND,8DAAiE;AACjE,gEAAiE;AACjE,8DAA+E;AAU/E,qCAAqC;AACrC,MAAM,cAAc,GAAmB;IACrC,4BAA4B;IAC5B;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,oHAAoH;QAC7H,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,wDAAwD;QACrE,YAAY,EAAE,mFAAmF;KAClG;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,yEAAyE;QAClF,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,2EAA2E;QACxF,YAAY,EAAE,qEAAqE;KACpF;IACD,gBAAgB;IAChB;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,8DAA8D;QACvE,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,sDAAsD;QACnE,YAAY,EAAE,mEAAmE;KAClF;IACD,qFAAqF;IACrF,6FAA6F;IAC7F,wDAAwD;IACxD,2BAA2B;IAC3B;QACE,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,iFAAiF;QAC1F,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sCAAsC;QACnD,YAAY,EAAE,gEAAgE;KAC/E;IACD,sBAAsB;IACtB;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,6DAA6D;QACtE,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,8CAA8C;QAC3D,YAAY,EAAE,sDAAsD;KACrE;IACD,kBAAkB;IAClB;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,oDAAoD;QAC7D,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,qDAAqD;QAClE,YAAY,EAAE,6DAA6D;KAC5E;IACD,qBAAqB;IACrB;QACE,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EAAE,sCAAsC;QAC/C,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,4CAA4C;QACzD,YAAY,EAAE,0CAA0C;KACzD;IACD,6BAA6B;IAC7B;QACE,IAAI,EAAE,0BAA0B;QAChC,OAAO,EAAE,iEAAiE;QAC1E,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,qCAAqC;QAClD,YAAY,EAAE,oDAAoD;KACnE;IACD;QACE,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,2GAA2G;QACpH,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,2CAA2C;QACxD,YAAY,EAAE,8DAA8D;KAC7E;IACD,6DAA6D;IAC7D,wEAAwE;IACxE,yFAAyF;IACzF;QACE,IAAI,EAAE,qCAAqC;QAC3C,4EAA4E;QAC5E,iFAAiF;QACjF,OAAO,EAAE,iJAAiJ;QAC1J,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,uEAAuE;QACpF,YAAY,EAAE,yEAAyE;KACxF;IACD,6FAA6F;IAC7F,mFAAmF;IACnF;QACE,IAAI,EAAE,6BAA6B;QACnC,OAAO,EAAE,gEAAgE;QACzE,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,8DAA8D;QAC3E,YAAY,EAAE,gEAAgE;KAC/E;IACD,2BAA2B;IAC3B;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,qGAAqG;QAC9G,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,4CAA4C;QACzD,YAAY,EAAE,yDAAyD;KACxE;CACF,CAAA;AAED,6BAA6B;AAC7B,SAAS,SAAS,CAAC,IAAY;IAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;IAC3B,OAAO,CACL,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;QACxB,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QACvB,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QACvB,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CACzB,CAAA;AACH,CAAC;AAED,SAAgB,gBAAgB,CAC9B,OAAe,EACf,QAAgB,EAChB,OAAiC;IAEjC,MAAM,eAAe,GAAoB,EAAE,CAAA;IAE3C,qDAAqD;IACrD,IAAI,IAAA,wCAAsB,EAAC,QAAQ,CAAC;QAAE,OAAO,eAAe,CAAA;IAE5D,MAAM,KAAK,GAAG,OAAO,EAAE,MAAM,EAAE,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAE3D,mCAAmC;IACnC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,kEAAkE;QAClE,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;YACpB,OAAM;QACR,CAAC;QAED,KAAK,MAAM,YAAY,IAAI,cAAc,EAAE,CAAC;YAC1C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;YAEjF,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrB,uFAAuF;gBACvF,IAAI,YAAY,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;oBACxD,IAAI,IAAA,oCAAkB,EAAC,IAAI,CAAC,EAAE,CAAC;wBAC7B,+DAA+D;wBAC/D,SAAQ;oBACV,CAAC;oBACD,IAAI,CAAC,IAAA,kCAAgB,EAAC,IAAI,CAAC,EAAE,CAAC;wBAC5B,qDAAqD;wBACrD,SAAQ;oBACV,CAAC;gBACH,CAAC;gBAED,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,SAAS,QAAQ,IAAI,KAAK,GAAG,CAAC,IAAI,YAAY,CAAC,IAAI,EAAE;oBACzD,QAAQ;oBACR,UAAU,EAAE,KAAK,GAAG,CAAC;oBACrB,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;oBACxB,QAAQ,EAAE,YAAY,CAAC,QAAQ;oBAC/B,QAAQ,EAAE,iBAAiB;oBAC3B,KAAK,EAAE,YAAY,CAAC,IAAI;oBACxB,WAAW,EAAE,YAAY,CAAC,WAAW;oBACrC,YAAY,EAAE,YAAY,CAAC,YAAY;oBACvC,UAAU,EAAE,QAAQ;oBACpB,KAAK,EAAE,CAAC;iBACT,CAAC,CAAA;gBACF,MAAK,CAAC,4BAA4B;YACpC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,oDAAoD;IACpD,gFAAgF;IAChF,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,4DAA4D;QAC5D,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,qCAAqC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACxE,2DAA2D;YAC3D,IAAI,IAAA,wCAAqB,EAAC,KAAK,EAAE,KAAK,CAAC,EAAE,CAAC;gBACxC,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,SAAS,QAAQ,IAAI,KAAK,GAAG,CAAC,uBAAuB;oBACzD,QAAQ;oBACR,UAAU,EAAE,KAAK,GAAG,CAAC;oBACrB,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;oBACxB,QAAQ,EAAE,MAAM;oBAChB,QAAQ,EAAE,iBAAiB;oBAC3B,KAAK,EAAE,sBAAsB;oBAC7B,WAAW,EAAE,yGAAyG;oBACtH,YAAY,EAAE,qDAAqD;oBACnE,UAAU,EAAE,QAAQ;oBACpB,KAAK,EAAE,CAAC;iBACT,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,2DAA2D;IAC3D,MAAM,iBAAiB,GAAG,uBAAuB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;IACpE,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,CAAA;IAE1C,OAAO,eAAe,CAAA;AACxB,CAAC;AAED,2CAA2C;AAC3C,SAAS,uBAAuB,CAAC,OAAe,EAAE,QAAgB;IAChE,MAAM,eAAe,GAAoB,EAAE,CAAA;IAC3C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAEjC,wDAAwD;IACxD,MAAM,eAAe,GAAG,uEAAuE,CAAA;IAC/F,IAAI,KAAK,CAAA;IAET,OAAO,CAAC,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACxD,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAA;QACvE,eAAe,CAAC,IAAI,CAAC;YACnB,EAAE,EAAE,mBAAmB,QAAQ,IAAI,UAAU,EAAE;YAC/C,QAAQ;YACR,UAAU;YACV,WAAW,EAAE,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,OAAO;YACrD,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,iBAAiB;YAC3B,KAAK,EAAE,uBAAuB;YAC9B,WAAW,EAAE,sEAAsE;YACnF,YAAY,EAAE,wDAAwD;YACtE,UAAU,EAAE,KAAK;YACjB,KAAK,EAAE,CAAC;SACT,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC"}

package/dist/layer2/model-supply-chain.d.ts

@@ -13,8 +13,11 @@
  * - CWE-502: Deserialization of Untrusted Data
  */
 import type { Vulnerability } from '../types';
+import type { ParsedFile } from '../utils/parsed-file';
 /**
  * Main detection function for model supply chain security issues
  */
-export declare function detectModelSupplyChain(content: string, filePath: string): Vulnerability[];
+export declare function detectModelSupplyChain(content: string, filePath: string, options?: {
+    parsed?: ParsedFile;
+}): Vulnerability[];
 //# sourceMappingURL=model-supply-chain.d.ts.map

package/dist/layer2/model-supply-chain.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"model-supply-chain.d.ts","sourceRoot":"","sources":["../../src/layer2/model-supply-chain.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAgD,MAAM,UAAU,CAAA;AAuT3F;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,aAAa,EAAE,CA2HjB"}
+{"version":3,"file":"model-supply-chain.d.ts","sourceRoot":"","sources":["../../src/layer2/model-supply-chain.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAgD,MAAM,UAAU,CAAA;AAC3F,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AAgYtD;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,UAAU,CAAA;CAAE,GAChC,aAAa,EAAE,CA2HjB"}

package/dist/layer2/model-supply-chain.js

@@ -34,13 +34,20 @@ function isMLContextFile(filePath, content) {
     }
     // Content patterns suggesting ML usage
     const mlContentPatterns = [
-        /import\s+(?:torch|tensorflow|keras|transformers|joblib|pickle)/i,
-        /from\s+(?:torch|tensorflow|keras|transformers|joblib|pickle)\s+import/i,
+        /import\s+(?:torch|tensorflow|keras|transformers|joblib|pickle|dill|cloudpickle|onnx)/i,
+        /from\s+(?:torch|tensorflow|keras|transformers|joblib|pickle|dill|cloudpickle|onnx)\s+import/i,
         /\.load_model\s*\(/i,
         /\.from_pretrained\s*\(/i,
         /torch\.load\s*\(/i,
+        /torch\.jit\.load\s*\(/i,
         /pickle\.load/i,
         /joblib\.load/i,
+        /dill\.load/i,
+        /cloudpickle\.load/i,
+        /onnx\.load/i,
+        /numpy\.load.*allow_pickle/i,
+        /np\.load.*allow_pickle/i,
+        /yaml\.(?:unsafe_load|full_load|load)/i,
         /Trainer|TrainingArguments/i,
         /model\.save|model\.load/i,
     ];
@@ -138,6 +145,67 @@ const MODEL_SUPPLY_CHAIN_PATTERNS = [
         description: 'joblib.load() uses pickle internally and can execute arbitrary code. This is commonly used for sklearn models but is unsafe for untrusted files.',
         suggestedFix: 'Use ONNX format for sklearn models. Alternatively, use skops.io which provides secure model persistence. Only load from verified sources.',
     },
+    // ========== Extended Pickle Variants (RCE) ==========
+    {
+        name: 'Dill deserialization',
+        pattern: /\bdill\.(load|loads|load_session)\s*\(/gi,
+        category: 'ai_unsafe_model_load',
+        baseSeverity: 'critical',
+        description: 'dill can execute arbitrary code during deserialization, similar to pickle but with extended capabilities including serializing lambdas and closures.',
+        suggestedFix: 'Use SafeTensors format or JSON serialization instead of dill. If dill is unavoidable, only load from trusted, verified sources.',
+    },
+    {
+        name: 'Cloudpickle deserialization',
+        pattern: /\bcloudpickle\.(load|loads)\s*\(/gi,
+        category: 'ai_unsafe_model_load',
+        baseSeverity: 'critical',
+        description: 'cloudpickle can serialize and execute arbitrary functions, enabling remote code execution during deserialization.',
+        suggestedFix: 'Use SafeTensors format or explicitly define functions instead of deserializing them. Avoid cloudpickle for untrusted data.',
+    },
+    // ========== YAML Unsafe Loading (RCE) ==========
+    {
+        name: 'YAML unsafe deserialization',
+        pattern: /\byaml\.(unsafe_load|full_load|UnsafeLoader)\s*\(/gi,
+        category: 'ai_unsafe_model_load',
+        baseSeverity: 'critical',
+        description: 'yaml.unsafe_load() and yaml.full_load() can instantiate arbitrary Python objects, enabling remote code execution.',
+        suggestedFix: 'Use yaml.safe_load() instead of yaml.unsafe_load() or yaml.full_load(). SafeLoader only loads basic Python types.',
+    },
+    {
+        name: 'YAML load without explicit Loader',
+        pattern: /\byaml\.load\s*\(\s*[^,)]+\s*\)(?!\s*,)/gi,
+        category: 'ai_unsafe_model_load',
+        baseSeverity: 'medium',
+        description: 'yaml.load() without explicit Loader argument may use unsafe loading in older PyYAML versions (< 5.1).',
+        suggestedFix: 'Use yaml.safe_load() or explicitly specify Loader=yaml.SafeLoader: yaml.load(file, Loader=yaml.SafeLoader)',
+    },
+    // ========== NumPy Pickle Loading (RCE) ==========
+    {
+        name: 'NumPy pickle loading',
+        pattern: /\b(?:np|numpy)\.load\s*\([^)]*allow_pickle\s*=\s*True/gi,
+        category: 'ai_unsafe_model_load',
+        baseSeverity: 'high',
+        description: 'numpy.load() with allow_pickle=True can execute arbitrary code embedded in .npy/.npz files via pickle.',
+        suggestedFix: 'Use allow_pickle=False (default in numpy >= 1.16.3) or use SafeTensors format. Only allow_pickle from verified sources.',
+    },
+    // ========== TorchScript Loading (RCE) ==========
+    {
+        name: 'TorchScript model loading',
+        pattern: /\btorch\.jit\.load\s*\(/gi,
+        category: 'ai_unsafe_model_load',
+        baseSeverity: 'high',
+        description: 'torch.jit.load() can execute arbitrary code embedded in TorchScript models. TorchScript files can contain custom operators with native code.',
+        suggestedFix: 'Use SafeTensors format or verify model source and integrity before loading. Pin to specific model revisions with checksums.',
+    },
+    // ========== ONNX Model Loading (Code Execution Risk) ==========
+    {
+        name: 'ONNX model loading',
+        pattern: /\bonnx\.load\s*\(/gi,
+        category: 'ai_unsafe_model_load',
+        baseSeverity: 'medium',
+        description: 'ONNX models with custom operators can execute arbitrary code. Custom ops are loaded as shared libraries.',
+        suggestedFix: 'Verify ONNX model source and check for custom operators before loading. Use onnx.checker.check_model() and inspect custom ops.',
+    },
     // ========== PyTorch Loading ==========
     {
         name: 'torch.load without weights_only',
@@ -270,7 +338,7 @@ function calculateSeverity(baseSeverity, isMitigated, isPartiallyMitigated, isTe
 /**
  * Main detection function for model supply chain security issues
  */
-function detectModelSupplyChain(content, filePath) {
+function detectModelSupplyChain(content, filePath, options) {
     const vulnerabilities = [];
     // Skip non-applicable files
     if ((0, context_helpers_1.isScannerOrFixtureFile)(filePath))
@@ -279,7 +347,7 @@ function detectModelSupplyChain(content, filePath) {
     if (!isMLContextFile(filePath, content)) {
         return vulnerabilities;
     }
-    const lines = content.split('\n');
+    const lines = options?.parsed?.lines ?? content.split('\n');
     const isTestFile = (0, context_helpers_1.isTestOrMockFile)(filePath);
     const isExample = (0, context_helpers_1.isExampleDirectory)(filePath);
     const isLibrary = (0, context_helpers_1.isLibraryCode)(filePath);

package/dist/layer2/model-supply-chain.js.map

@@ -1 +1 @@
-{"version":3,"file":"model-supply-chain.js","sourceRoot":"","sources":["../../src/layer2/model-supply-chain.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;AA4TH,wDA8HC;AAvbD,8DAMiC;AAEjC,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,eAAe,CAAC,QAAgB,EAAE,OAAe;IACxD,uBAAuB;IACvB,MAAM,cAAc,GAAG;QACrB,0DAA0D;QAC1D,0DAA0D;QAC1D,uDAAuD;KACxD,CAAA;IAED,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QAC/C,OAAO,IAAI,CAAA;IACb,CAAC;IAED,uCAAuC;IACvC,MAAM,iBAAiB,GAAG;QACxB,iEAAiE;QACjE,wEAAwE;QACxE,oBAAoB;QACpB,yBAAyB;QACzB,mBAAmB;QACnB,eAAe;QACf,eAAe;QACf,4BAA4B;QAC5B,0BAA0B;KAC3B,CAAA;IAED,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACrD,CAAC;AAED,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,mBAAmB,CAAC,WAAmB,EAAE,kBAA0B;IAC1E,MAAM,WAAW,GAAG,WAAW,GAAG,IAAI,GAAG,kBAAkB,CAAA;IAC3D,OAAO,0BAA0B,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;AACrD,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,WAAmB,EAAE,kBAA0B;IACvE,MAAM,WAAW,GAAG,WAAW,GAAG,IAAI,GAAG,kBAAkB,CAAA;IAC3D,OAAO,uBAAuB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;AAClD,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,WAAmB;IAC/C,MAAM,eAAe,GAAG;QACtB,8BAA8B;QAC9B,sFAAsF;QACtF,8CAA8C;QAC9C,iEAAiE;QACjE,8BAA8B;QAC9B,+BAA+B;QAC/B,kCAAkC;QAClC,2BAA2B;KAC5B,CAAA;IAED,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;AACvD,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,OAAe,EAAE,UAAkB;IAC5D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IAC1D,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEhE,MAAM,iBAAiB,GAAG;QACxB,oDAAoD;QACpD,sCAAsC;QACtC,mCAAmC,EAAE,kBAAkB;QACvD,cAAc,EAAE,sCAAsC;QACtD,+BAA+B,EAAE,aAAa;KAC/C,CAAA;IAED,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACrD,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,WAAmB,EAAE,kBAA0B;IACtE,MAAM,WAAW,GAAG,WAAW,GAAG,IAAI,GAAG,kBAAkB,CAAA;IAC3D,OAAO,8DAA8D,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;AACzF,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,OAAe,EAAE,UAAkB;IAC5D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IAC1D,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEhE,MAAM,kBAAkB,GAAG;QACzB,iCAAiC;QACjC,2BAA2B;QAC3B,sCAAsC;QACtC,4BAA4B;QAC5B,kCAAkC;KACnC,CAAA;IAED,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACtD,CAAC;AAmBD,MAAM,2BAA2B,GAA8B;IAC7D,qDAAqD;IACrD;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,wCAAwC;QACjD,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,kJAAkJ;QAC/J,YAAY,EAAE,oKAAoK;KACnL;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,qBAAqB;QAC9B,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,kJAAkJ;QAC/J,YAAY,EAAE,2IAA2I;KAC1J;IAED,wCAAwC;IACxC;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,uGAAuG;QACpH,YAAY,EAAE,6IAA6I;QAC3J,aAAa,EAAE,OAAO;KACvB;IAED,iDAAiD;IACjD;QACE,IAAI,EAAE,oCAAoC;QAC1C,OAAO,EAAE,8CAA8C;QACvD,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,oGAAoG;QACjH,YAAY,EAAE,2JAA2J;QACzK,aAAa,EAAE,OAAO;KACvB;IAED,iDAAiD;IACjD;QACE,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EAAE,wDAAwD;QACjE,QAAQ,EAAE,qBAAqB;QAC/B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,gJAAgJ;QAC7J,YAAY,EAAE,yIAAyI;QACvJ,kBAAkB,EAAE,IAAI;KACzB;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,gCAAgC;QACzC,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,0IAA0I;QACvJ,YAAY,EAAE,oIAAoI;KACnJ;IACD;QACE,IAAI,EAAE,qCAAqC;QAC3C,OAAO,EAAE,iFAAiF;QAC1F,QAAQ,EAAE,qBAAqB;QAC/B,YAAY,EAAE,QAAQ;QACtB,WAAW,EAAE,+HAA+H;QAC5I,YAAY,EAAE,uJAAuJ;QACrK,cAAc,EAAE,IAAI;KACrB;IAED,2CAA2C;IAC3C;QACE,IAAI,EAAE,0BAA0B;QAChC,OAAO,EAAE,sGAAsG;QAC/G,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,wGAAwG;QACrH,YAAY,EAAE,wIAAwI;QACtJ,mBAAmB,EAAE,IAAI;KAC1B;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,kHAAkH;QAC3H,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,uHAAuH;QACpI,YAAY,EAAE,uHAAuH;QACrI,mBAAmB,EAAE,IAAI;KAC1B;IACD;QACE,IAAI,EAAE,mCAAmC;QACzC,OAAO,EAAE,8DAA8D;QACvE,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,QAAQ;QACtB,WAAW,EAAE,+FAA+F;QAC5G,YAAY,EAAE,oHAAoH;QAClI,mBAAmB,EAAE,IAAI;KAC1B;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,4DAA4D;QACrE,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,QAAQ;QACtB,WAAW,EAAE,+HAA+H;QAC5I,YAAY,EAAE,qIAAqI;KACpJ;IAED,4CAA4C;IAC5C;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,2DAA2D;QACpE,QAAQ,EAAE,qBAAqB;QAC/B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,6GAA6G;QAC1H,YAAY,EAAE,8GAA8G;QAC5H,kBAAkB,EAAE,IAAI;KACzB;CACF,CAAA;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,qBAAqB,CAAC,OAAe,EAAE,SAAiB,EAAE,aAAqB,EAAE;IACxF,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC,CAAA;IACjD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,GAAG,UAAU,CAAC,CAAA;IAC1D,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AAC3C,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CACxB,YAAmC,EACnC,WAAoB,EACpB,oBAA6B,EAC7B,UAAmB,EACnB,SAAkB,EAClB,SAAkB;IAElB,IAAI,UAAU,IAAI,SAAS,IAAI,SAAS,EAAE,CAAC;QACzC,OAAO,MAAM,CAAA;IACf,CAAC;IAED,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,MAAM,CAAA;IACf,CAAC;IAED,IAAI,oBAAoB,EAAE,CAAC;QACzB,IAAI,YAAY,KAAK,UAAU;YAAE,OAAO,MAAM,CAAA;QAC9C,IAAI,YAAY,KAAK,MAAM;YAAE,OAAO,QAAQ,CAAA;QAC5C,IAAI,YAAY,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAA;IAC7C,CAAC;IAED,OAAO,YAAY,CAAA;AACrB,CAAC;AAED,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAE/E;;GAEG;AACH,SAAgB,sBAAsB,CACpC,OAAe,EACf,QAAgB;IAEhB,MAAM,eAAe,GAAoB,EAAE,CAAA;IAE3C,4BAA4B;IAC5B,IAAI,IAAA,wCAAsB,EAAC,QAAQ,CAAC;QAAE,OAAO,eAAe,CAAA;IAE5D,kDAAkD;IAClD,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;QACxC,OAAO,eAAe,CAAA;IACxB,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,UAAU,GAAG,IAAA,kCAAgB,EAAC,QAAQ,CAAC,CAAA;IAC7C,MAAM,SAAS,GAAG,IAAA,oCAAkB,EAAC,QAAQ,CAAC,CAAA;IAC9C,MAAM,SAAS,GAAG,IAAA,+BAAa,EAAC,QAAQ,CAAC,CAAA;IAEzC,KAAK,MAAM,OAAO,IAAI,2BAA2B,EAAE,CAAC;QAClD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;QACvE,IAAI,KAAK,CAAA;QAET,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAA;YACvE,MAAM,WAAW,GAAG,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;YAEvD,gBAAgB;YAChB,IAAI,IAAA,2BAAS,EAAC,WAAW,CAAC;gBAAE,SAAQ;YAEpC,MAAM,kBAAkB,GAAG,qBAAqB,CAAC,OAAO,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;YAEzE,wBAAwB;YACxB,IAAI,WAAW,GAAG,KAAK,CAAA;YACvB,IAAI,oBAAoB,GAAG,KAAK,CAAA;YAChC,IAAI,WAAW,GAAG,OAAO,CAAC,WAAW,CAAA;YAErC,+DAA+D;YAC/D,IAAI,eAAe,CAAC,WAAW,EAAE,kBAAkB,CAAC,EAAE,CAAC;gBACrD,WAAW,GAAG,IAAI,CAAA;gBAClB,WAAW,IAAI,wCAAwC,CAAA;YACzD,CAAC;YAED,2BAA2B;YAC3B,IAAI,OAAO,CAAC,aAAa,KAAK,OAAO,EAAE,CAAC;gBACtC,IAAI,mBAAmB,CAAC,WAAW,EAAE,kBAAkB,CAAC,EAAE,CAAC;oBACzD,WAAW,GAAG,IAAI,CAAA;oBAClB,WAAW,IAAI,uCAAuC,CAAA;gBACxD,CAAC;YACH,CAAC;YAED,wBAAwB;YACxB,IAAI,OAAO,CAAC,aAAa,KAAK,OAAO,EAAE,CAAC;gBACtC,IAAI,gBAAgB,CAAC,WAAW,EAAE,kBAAkB,CAAC,EAAE,CAAC;oBACtD,WAAW,GAAG,IAAI,CAAA;oBAClB,WAAW,IAAI,oCAAoC,CAAA;gBACrD,CAAC;YACH,CAAC;YAED,uBAAuB;YACvB,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC;gBAC/B,IAAI,oBAAoB,CAAC,WAAW,CAAC,EAAE,CAAC;oBACtC,oBAAoB,GAAG,IAAI,CAAA;oBAC3B,WAAW,IAAI,6BAA6B,CAAA;gBAC9C,CAAC;YACH,CAAC;YAED,+BAA+B;YAC/B,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;gBAC3B,IAAI,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE,CAAC;oBAC3C,WAAW,GAAG,IAAI,CAAA;oBAClB,WAAW,IAAI,qCAAqC,CAAA;gBACtD,CAAC;YACH,CAAC;YAED,qCAAqC;YACrC,IAAI,OAAO,CAAC,mBAAmB,EAAE,CAAC;gBAChC,IAAI,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE,CAAC;oBAC3C,oBAAoB,GAAG,IAAI,CAAA;oBAC3B,WAAW,IAAI,qCAAqC,CAAA;gBACtD,CAAC;YACH,CAAC;YAED,0BAA0B;YAC1B,IAAI,WAAW;gBAAE,SAAQ;YAEzB,2BAA2B;YAC3B,MAAM,QAAQ,GAAG,iBAAiB,CAChC,OAAO,CAAC,YAAY,EACpB,WAAW,EACX,oBAAoB,EACpB,UAAU,EACV,SAAS,EACT,SAAS,CACV,CAAA;YAED,oBAAoB;YACpB,IAAI,UAAU,EAAE,CAAC;gBACf,WAAW,IAAI,kBAAkB,CAAA;YACnC,CAAC;iBAAM,IAAI,SAAS,EAAE,CAAC;gBACrB,WAAW,IAAI,+BAA+B,CAAA;YAChD,CAAC;iBAAM,IAAI,SAAS,EAAE,CAAC;gBACrB,WAAW,IAAI,kBAAkB,CAAA;YACnC,CAAC;YAED,0DAA0D;YAC1D,IAAI,QAAQ,KAAK,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC;gBAAE,SAAQ;YAExE,eAAe,CAAC,IAAI,CAAC;gBACnB,EAAE,EAAE,gBAAgB,QAAQ,IAAI,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE;gBACjF,QAAQ;gBACR,UAAU;gBACV,WAAW;gBACX,QAAQ;gBACR,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,KAAK,EAAE,OAAO,CAAC,IAAI;gBACnB,WAAW;gBACX,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,UAAU,EAAE,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;gBAChD,KAAK,EAAE,CAAC;gBACR,oBAAoB,EAAE,QAAQ,KAAK,MAAM,IAAI,QAAQ,KAAK,KAAK;aAChE,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC"}
+{"version":3,"file":"model-supply-chain.js","sourceRoot":"","sources":["../../src/layer2/model-supply-chain.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;AAsYH,wDA+HC;AAjgBD,8DAMiC;AAEjC,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,eAAe,CAAC,QAAgB,EAAE,OAAe;IACxD,uBAAuB;IACvB,MAAM,cAAc,GAAG;QACrB,0DAA0D;QAC1D,0DAA0D;QAC1D,uDAAuD;KACxD,CAAA;IAED,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QAC/C,OAAO,IAAI,CAAA;IACb,CAAC;IAED,uCAAuC;IACvC,MAAM,iBAAiB,GAAG;QACxB,uFAAuF;QACvF,8FAA8F;QAC9F,oBAAoB;QACpB,yBAAyB;QACzB,mBAAmB;QACnB,wBAAwB;QACxB,eAAe;QACf,eAAe;QACf,aAAa;QACb,oBAAoB;QACpB,aAAa;QACb,4BAA4B;QAC5B,yBAAyB;QACzB,uCAAuC;QACvC,4BAA4B;QAC5B,0BAA0B;KAC3B,CAAA;IAED,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACrD,CAAC;AAED,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,mBAAmB,CAAC,WAAmB,EAAE,kBAA0B;IAC1E,MAAM,WAAW,GAAG,WAAW,GAAG,IAAI,GAAG,kBAAkB,CAAA;IAC3D,OAAO,0BAA0B,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;AACrD,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,WAAmB,EAAE,kBAA0B;IACvE,MAAM,WAAW,GAAG,WAAW,GAAG,IAAI,GAAG,kBAAkB,CAAA;IAC3D,OAAO,uBAAuB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;AAClD,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,WAAmB;IAC/C,MAAM,eAAe,GAAG;QACtB,8BAA8B;QAC9B,sFAAsF;QACtF,8CAA8C;QAC9C,iEAAiE;QACjE,8BAA8B;QAC9B,+BAA+B;QAC/B,kCAAkC;QAClC,2BAA2B;KAC5B,CAAA;IAED,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;AACvD,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,OAAe,EAAE,UAAkB;IAC5D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IAC1D,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEhE,MAAM,iBAAiB,GAAG;QACxB,oDAAoD;QACpD,sCAAsC;QACtC,mCAAmC,EAAE,kBAAkB;QACvD,cAAc,EAAE,sCAAsC;QACtD,+BAA+B,EAAE,aAAa;KAC/C,CAAA;IAED,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACrD,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,WAAmB,EAAE,kBAA0B;IACtE,MAAM,WAAW,GAAG,WAAW,GAAG,IAAI,GAAG,kBAAkB,CAAA;IAC3D,OAAO,8DAA8D,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;AACzF,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,OAAe,EAAE,UAAkB;IAC5D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IAC1D,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEhE,MAAM,kBAAkB,GAAG;QACzB,iCAAiC;QACjC,2BAA2B;QAC3B,sCAAsC;QACtC,4BAA4B;QAC5B,kCAAkC;KACnC,CAAA;IAED,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACtD,CAAC;AAmBD,MAAM,2BAA2B,GAA8B;IAC7D,qDAAqD;IACrD;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,wCAAwC;QACjD,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,kJAAkJ;QAC/J,YAAY,EAAE,oKAAoK;KACnL;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,qBAAqB;QAC9B,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,kJAAkJ;QAC/J,YAAY,EAAE,2IAA2I;KAC1J;IAED,uDAAuD;IACvD;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,sJAAsJ;QACnK,YAAY,EAAE,iIAAiI;KAChJ;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,OAAO,EAAE,oCAAoC;QAC7C,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,mHAAmH;QAChI,YAAY,EAAE,4HAA4H;KAC3I;IAED,kDAAkD;IAClD;QACE,IAAI,EAAE,6BAA6B;QACnC,OAAO,EAAE,qDAAqD;QAC9D,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,UAAU;QACxB,WAAW,EAAE,mHAAmH;QAChI,YAAY,EAAE,mHAAmH;KAClI;IACD;QACE,IAAI,EAAE,mCAAmC;QACzC,OAAO,EAAE,2CAA2C;QACpD,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,QAAQ;QACtB,WAAW,EAAE,uGAAuG;QACpH,YAAY,EAAE,4GAA4G;KAC3H;IAED,mDAAmD;IACnD;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,yDAAyD;QAClE,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,wGAAwG;QACrH,YAAY,EAAE,yHAAyH;KACxI;IAED,kDAAkD;IAClD;QACE,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,8IAA8I;QAC3J,YAAY,EAAE,6HAA6H;KAC5I;IAED,iEAAiE;IACjE;QACE,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,qBAAqB;QAC9B,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,QAAQ;QACtB,WAAW,EAAE,0GAA0G;QACvH,YAAY,EAAE,gIAAgI;KAC/I;IAED,wCAAwC;IACxC;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,uGAAuG;QACpH,YAAY,EAAE,6IAA6I;QAC3J,aAAa,EAAE,OAAO;KACvB;IAED,iDAAiD;IACjD;QACE,IAAI,EAAE,oCAAoC;QAC1C,OAAO,EAAE,8CAA8C;QACvD,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,oGAAoG;QACjH,YAAY,EAAE,2JAA2J;QACzK,aAAa,EAAE,OAAO;KACvB;IAED,iDAAiD;IACjD;QACE,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EAAE,wDAAwD;QACjE,QAAQ,EAAE,qBAAqB;QAC/B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,gJAAgJ;QAC7J,YAAY,EAAE,yIAAyI;QACvJ,kBAAkB,EAAE,IAAI;KACzB;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,gCAAgC;QACzC,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,0IAA0I;QACvJ,YAAY,EAAE,oIAAoI;KACnJ;IACD;QACE,IAAI,EAAE,qCAAqC;QAC3C,OAAO,EAAE,iFAAiF;QAC1F,QAAQ,EAAE,qBAAqB;QAC/B,YAAY,EAAE,QAAQ;QACtB,WAAW,EAAE,+HAA+H;QAC5I,YAAY,EAAE,uJAAuJ;QACrK,cAAc,EAAE,IAAI;KACrB;IAED,2CAA2C;IAC3C;QACE,IAAI,EAAE,0BAA0B;QAChC,OAAO,EAAE,sGAAsG;QAC/G,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,wGAAwG;QACrH,YAAY,EAAE,wIAAwI;QACtJ,mBAAmB,EAAE,IAAI;KAC1B;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,kHAAkH;QAC3H,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,uHAAuH;QACpI,YAAY,EAAE,uHAAuH;QACrI,mBAAmB,EAAE,IAAI;KAC1B;IACD;QACE,IAAI,EAAE,mCAAmC;QACzC,OAAO,EAAE,8DAA8D;QACvE,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,QAAQ;QACtB,WAAW,EAAE,+FAA+F;QAC5G,YAAY,EAAE,oHAAoH;QAClI,mBAAmB,EAAE,IAAI;KAC1B;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,4DAA4D;QACrE,QAAQ,EAAE,sBAAsB;QAChC,YAAY,EAAE,QAAQ;QACtB,WAAW,EAAE,+HAA+H;QAC5I,YAAY,EAAE,qIAAqI;KACpJ;IAED,4CAA4C;IAC5C;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,2DAA2D;QACpE,QAAQ,EAAE,qBAAqB;QAC/B,YAAY,EAAE,MAAM;QACpB,WAAW,EAAE,6GAA6G;QAC1H,YAAY,EAAE,8GAA8G;QAC5H,kBAAkB,EAAE,IAAI;KACzB;CACF,CAAA;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,qBAAqB,CAAC,OAAe,EAAE,SAAiB,EAAE,aAAqB,EAAE;IACxF,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC,CAAA;IACjD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,GAAG,UAAU,CAAC,CAAA;IAC1D,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AAC3C,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CACxB,YAAmC,EACnC,WAAoB,EACpB,oBAA6B,EAC7B,UAAmB,EACnB,SAAkB,EAClB,SAAkB;IAElB,IAAI,UAAU,IAAI,SAAS,IAAI,SAAS,EAAE,CAAC;QACzC,OAAO,MAAM,CAAA;IACf,CAAC;IAED,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,MAAM,CAAA;IACf,CAAC;IAED,IAAI,oBAAoB,EAAE,CAAC;QACzB,IAAI,YAAY,KAAK,UAAU;YAAE,OAAO,MAAM,CAAA;QAC9C,IAAI,YAAY,KAAK,MAAM;YAAE,OAAO,QAAQ,CAAA;QAC5C,IAAI,YAAY,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAA;IAC7C,CAAC;IAED,OAAO,YAAY,CAAA;AACrB,CAAC;AAED,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAE/E;;GAEG;AACH,SAAgB,sBAAsB,CACpC,OAAe,EACf,QAAgB,EAChB,OAAiC;IAEjC,MAAM,eAAe,GAAoB,EAAE,CAAA;IAE3C,4BAA4B;IAC5B,IAAI,IAAA,wCAAsB,EAAC,QAAQ,CAAC;QAAE,OAAO,eAAe,CAAA;IAE5D,kDAAkD;IAClD,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;QACxC,OAAO,eAAe,CAAA;IACxB,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,EAAE,MAAM,EAAE,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC3D,MAAM,UAAU,GAAG,IAAA,kCAAgB,EAAC,QAAQ,CAAC,CAAA;IAC7C,MAAM,SAAS,GAAG,IAAA,oCAAkB,EAAC,QAAQ,CAAC,CAAA;IAC9C,MAAM,SAAS,GAAG,IAAA,+BAAa,EAAC,QAAQ,CAAC,CAAA;IAEzC,KAAK,MAAM,OAAO,IAAI,2BAA2B,EAAE,CAAC;QAClD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;QACvE,IAAI,KAAK,CAAA;QAET,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC9C,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAA;YACvE,MAAM,WAAW,GAAG,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;YAEvD,gBAAgB;YAChB,IAAI,IAAA,2BAAS,EAAC,WAAW,CAAC;gBAAE,SAAQ;YAEpC,MAAM,kBAAkB,GAAG,qBAAqB,CAAC,OAAO,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;YAEzE,wBAAwB;YACxB,IAAI,WAAW,GAAG,KAAK,CAAA;YACvB,IAAI,oBAAoB,GAAG,KAAK,CAAA;YAChC,IAAI,WAAW,GAAG,OAAO,CAAC,WAAW,CAAA;YAErC,+DAA+D;YAC/D,IAAI,eAAe,CAAC,WAAW,EAAE,kBAAkB,CAAC,EAAE,CAAC;gBACrD,WAAW,GAAG,IAAI,CAAA;gBAClB,WAAW,IAAI,wCAAwC,CAAA;YACzD,CAAC;YAED,2BAA2B;YAC3B,IAAI,OAAO,CAAC,aAAa,KAAK,OAAO,EAAE,CAAC;gBACtC,IAAI,mBAAmB,CAAC,WAAW,EAAE,kBAAkB,CAAC,EAAE,CAAC;oBACzD,WAAW,GAAG,IAAI,CAAA;oBAClB,WAAW,IAAI,uCAAuC,CAAA;gBACxD,CAAC;YACH,CAAC;YAED,wBAAwB;YACxB,IAAI,OAAO,CAAC,aAAa,KAAK,OAAO,EAAE,CAAC;gBACtC,IAAI,gBAAgB,CAAC,WAAW,EAAE,kBAAkB,CAAC,EAAE,CAAC;oBACtD,WAAW,GAAG,IAAI,CAAA;oBAClB,WAAW,IAAI,oCAAoC,CAAA;gBACrD,CAAC;YACH,CAAC;YAED,uBAAuB;YACvB,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC;gBAC/B,IAAI,oBAAoB,CAAC,WAAW,CAAC,EAAE,CAAC;oBACtC,oBAAoB,GAAG,IAAI,CAAA;oBAC3B,WAAW,IAAI,6BAA6B,CAAA;gBAC9C,CAAC;YACH,CAAC;YAED,+BAA+B;YAC/B,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;gBAC3B,IAAI,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE,CAAC;oBAC3C,WAAW,GAAG,IAAI,CAAA;oBAClB,WAAW,IAAI,qCAAqC,CAAA;gBACtD,CAAC;YACH,CAAC;YAED,qCAAqC;YACrC,IAAI,OAAO,CAAC,mBAAmB,EAAE,CAAC;gBAChC,IAAI,iBAAiB,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE,CAAC;oBAC3C,oBAAoB,GAAG,IAAI,CAAA;oBAC3B,WAAW,IAAI,qCAAqC,CAAA;gBACtD,CAAC;YACH,CAAC;YAED,0BAA0B;YAC1B,IAAI,WAAW;gBAAE,SAAQ;YAEzB,2BAA2B;YAC3B,MAAM,QAAQ,GAAG,iBAAiB,CAChC,OAAO,CAAC,YAAY,EACpB,WAAW,EACX,oBAAoB,EACpB,UAAU,EACV,SAAS,EACT,SAAS,CACV,CAAA;YAED,oBAAoB;YACpB,IAAI,UAAU,EAAE,CAAC;gBACf,WAAW,IAAI,kBAAkB,CAAA;YACnC,CAAC;iBAAM,IAAI,SAAS,EAAE,CAAC;gBACrB,WAAW,IAAI,+BAA+B,CAAA;YAChD,CAAC;iBAAM,IAAI,SAAS,EAAE,CAAC;gBACrB,WAAW,IAAI,kBAAkB,CAAA;YACnC,CAAC;YAED,0DAA0D;YAC1D,IAAI,QAAQ,KAAK,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC;gBAAE,SAAQ;YAExE,eAAe,CAAC,IAAI,CAAC;gBACnB,EAAE,EAAE,gBAAgB,QAAQ,IAAI,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE;gBACjF,QAAQ;gBACR,UAAU;gBACV,WAAW;gBACX,QAAQ;gBACR,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,KAAK,EAAE,OAAO,CAAC,IAAI;gBACnB,WAAW;gBACX,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,UAAU,EAAE,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;gBAChD,KAAK,EAAE,CAAC;gBACR,oBAAoB,EAAE,QAAQ,KAAK,MAAM,IAAI,QAAQ,KAAK,KAAK;aAChE,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC"}

package/dist/layer2/risky-imports.d.ts

@@ -3,5 +3,8 @@
  * Detects imports of packages known to have security concerns or deprecated
  */
 import type { Vulnerability } from '../types';
-export declare function detectRiskyImports(content: string, filePath: string): Vulnerability[];
+import type { ParsedFile } from '../utils/parsed-file';
+export declare function detectRiskyImports(content: string, filePath: string, options?: {
+    parsed?: ParsedFile;
+}): Vulnerability[];
 //# sourceMappingURL=risky-imports.d.ts.map

package/dist/layer2/risky-imports.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"risky-imports.d.ts","sourceRoot":"","sources":["../../src/layer2/risky-imports.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAyB,MAAM,UAAU,CAAA;AAmJpE,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,aAAa,EAAE,CAmCjB"}
+{"version":3,"file":"risky-imports.d.ts","sourceRoot":"","sources":["../../src/layer2/risky-imports.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAyB,MAAM,UAAU,CAAA;AACpE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AAmJtD,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,UAAU,CAAA;CAAE,GAChC,aAAa,EAAE,CAmCjB"}

package/dist/layer2/risky-imports.js

@@ -130,12 +130,12 @@ function isComment(line) {
         trimmed.startsWith('*') ||
         trimmed.startsWith('/*'));
 }
-function detectRiskyImports(content, filePath) {
+function detectRiskyImports(content, filePath, options) {
     const vulnerabilities = [];
     // Skip scanner/fixture files to avoid self-detection
     if ((0, context_helpers_1.isScannerOrFixtureFile)(filePath))
         return vulnerabilities;
-    const lines = content.split('\n');
+    const lines = options?.parsed?.lines ?? content.split('\n');
     lines.forEach((line, index) => {
         // Skip comment lines
         if (isComment(line))

package/dist/layer2/risky-imports.js.map

@@ -1 +1 @@
-{"version":3,"file":"risky-imports.js","sourceRoot":"","sources":["../../src/layer2/risky-imports.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAqJH,gDAsCC;AAxLD,8DAAiE;AAUjE,MAAM,cAAc,GAAmB;IACrC,0CAA0C;IAC1C;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,8DAA8D;QACvE,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,8DAA8D;QAC3E,YAAY,EAAE,wCAAwC;KACvD;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,kEAAkE;QAC3E,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,kDAAkD;QAC/D,YAAY,EAAE,gCAAgC;KAC/C;IAED,sCAAsC;IACtC;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,2FAA2F;QACpG,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,6DAA6D;QAC1E,YAAY,EAAE,yDAAyD;KACxE;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,4DAA4D;QACrE,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,yDAAyD;QACtE,YAAY,EAAE,0CAA0C;KACzD;IAED,yFAAyF;IACzF;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,sDAAsD;QAC/D,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,gLAAgL;QAC7L,YAAY,EAAE,uHAAuH;KACtI;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,wFAAwF;QACjG,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,yEAAyE;QACtF,YAAY,EAAE,yEAAyE;KACxF;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,kEAAkE;QAC3E,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,4CAA4C;QACzD,YAAY,EAAE,yDAAyD;KACxE;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,0EAA0E;QACnF,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,8CAA8C;QAC3D,YAAY,EAAE,gCAAgC;KAC/C;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,0DAA0D;QACnE,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,8CAA8C;QAC3D,YAAY,EAAE,2DAA2D;KAC1E;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,6CAA6C;QACtD,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,0DAA0D;QACvE,YAAY,EAAE,iEAAiE;KAChF;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,sCAAsC;QAC/C,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,+DAA+D;QAC5E,YAAY,EAAE,wDAAwD;KACvE;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,uEAAuE;QAChF,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,6DAA6D;QAC1E,YAAY,EAAE,8CAA8C;KAC7D;IAED,gDAAgD;IAChD;QACE,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,4HAA4H;QACrI,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,8DAA8D;QAC3E,YAAY,EAAE,uDAAuD;KACtE;IAED,qCAAqC;IACrC;QACE,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,sEAAsE;QAC/E,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,sEAAsE;QACnF,YAAY,EAAE,qEAAqE;KACpF;IAED,2BAA2B;IAC3B;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,gEAAgE;QACzE,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,gEAAgE;QAC7E,YAAY,EAAE,iDAAiD;KAChE;CACF,CAAA;AAED,6BAA6B;AAC7B,SAAS,SAAS,CAAC,IAAY;IAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;IAC3B,OAAO,CACL,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;QACxB,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QACvB,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QACvB,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CACzB,CAAA;AACH,CAAC;AAED,SAAgB,kBAAkB,CAChC,OAAe,EACf,QAAgB;IAEhB,MAAM,eAAe,GAAoB,EAAE,CAAA;IAE3C,qDAAqD;IACrD,IAAI,IAAA,wCAAsB,EAAC,QAAQ,CAAC;QAAE,OAAO,eAAe,CAAA;IAE5D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAEjC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,qBAAqB;QACrB,IAAI,SAAS,CAAC,IAAI,CAAC;YAAE,OAAM;QAE3B,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;YACjC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;YAE/D,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrB,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,gBAAgB,QAAQ,IAAI,KAAK,GAAG,CAAC,IAAI,GAAG,CAAC,IAAI,EAAE;oBACvD,QAAQ;oBACR,UAAU,EAAE,KAAK,GAAG,CAAC;oBACrB,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;oBACxB,QAAQ,EAAE,GAAG,CAAC,QAAQ;oBACtB,QAAQ,EAAE,oBAAoB;oBAC9B,KAAK,EAAE,kBAAkB,GAAG,CAAC,IAAI,EAAE;oBACnC,WAAW,EAAE,GAAG,CAAC,WAAW;oBAC5B,YAAY,EAAE,GAAG,CAAC,YAAY;oBAC9B,UAAU,EAAE,MAAM;oBAClB,KAAK,EAAE,CAAC;iBACT,CAAC,CAAA;gBACF,MAAK,CAAC,4BAA4B;YACpC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,OAAO,eAAe,CAAA;AACxB,CAAC"}
+{"version":3,"file":"risky-imports.js","sourceRoot":"","sources":["../../src/layer2/risky-imports.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAsJH,gDAuCC;AAzLD,8DAAiE;AAUjE,MAAM,cAAc,GAAmB;IACrC,0CAA0C;IAC1C;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,8DAA8D;QACvE,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,8DAA8D;QAC3E,YAAY,EAAE,wCAAwC;KACvD;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,kEAAkE;QAC3E,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,kDAAkD;QAC/D,YAAY,EAAE,gCAAgC;KAC/C;IAED,sCAAsC;IACtC;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,2FAA2F;QACpG,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,6DAA6D;QAC1E,YAAY,EAAE,yDAAyD;KACxE;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,4DAA4D;QACrE,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,yDAAyD;QACtE,YAAY,EAAE,0CAA0C;KACzD;IAED,yFAAyF;IACzF;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,sDAAsD;QAC/D,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,gLAAgL;QAC7L,YAAY,EAAE,uHAAuH;KACtI;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,wFAAwF;QACjG,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,yEAAyE;QACtF,YAAY,EAAE,yEAAyE;KACxF;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,kEAAkE;QAC3E,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,4CAA4C;QACzD,YAAY,EAAE,yDAAyD;KACxE;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,0EAA0E;QACnF,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,8CAA8C;QAC3D,YAAY,EAAE,gCAAgC;KAC/C;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,0DAA0D;QACnE,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,8CAA8C;QAC3D,YAAY,EAAE,2DAA2D;KAC1E;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,6CAA6C;QACtD,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,0DAA0D;QACvE,YAAY,EAAE,iEAAiE;KAChF;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,sCAAsC;QAC/C,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,+DAA+D;QAC5E,YAAY,EAAE,wDAAwD;KACvE;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,uEAAuE;QAChF,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,6DAA6D;QAC1E,YAAY,EAAE,8CAA8C;KAC7D;IAED,gDAAgD;IAChD;QACE,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,4HAA4H;QACrI,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,8DAA8D;QAC3E,YAAY,EAAE,uDAAuD;KACtE;IAED,qCAAqC;IACrC;QACE,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,sEAAsE;QAC/E,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,sEAAsE;QACnF,YAAY,EAAE,qEAAqE;KACpF;IAED,2BAA2B;IAC3B;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,gEAAgE;QACzE,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,gEAAgE;QAC7E,YAAY,EAAE,iDAAiD;KAChE;CACF,CAAA;AAED,6BAA6B;AAC7B,SAAS,SAAS,CAAC,IAAY;IAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;IAC3B,OAAO,CACL,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;QACxB,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QACvB,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QACvB,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CACzB,CAAA;AACH,CAAC;AAED,SAAgB,kBAAkB,CAChC,OAAe,EACf,QAAgB,EAChB,OAAiC;IAEjC,MAAM,eAAe,GAAoB,EAAE,CAAA;IAE3C,qDAAqD;IACrD,IAAI,IAAA,wCAAsB,EAAC,QAAQ,CAAC;QAAE,OAAO,eAAe,CAAA;IAE5D,MAAM,KAAK,GAAG,OAAO,EAAE,MAAM,EAAE,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAE3D,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,qBAAqB;QACrB,IAAI,SAAS,CAAC,IAAI,CAAC;YAAE,OAAM;QAE3B,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;YACjC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;YAE/D,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrB,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,gBAAgB,QAAQ,IAAI,KAAK,GAAG,CAAC,IAAI,GAAG,CAAC,IAAI,EAAE;oBACvD,QAAQ;oBACR,UAAU,EAAE,KAAK,GAAG,CAAC;oBACrB,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;oBACxB,QAAQ,EAAE,GAAG,CAAC,QAAQ;oBACtB,QAAQ,EAAE,oBAAoB;oBAC9B,KAAK,EAAE,kBAAkB,GAAG,CAAC,IAAI,EAAE;oBACnC,WAAW,EAAE,GAAG,CAAC,WAAW;oBAC5B,YAAY,EAAE,GAAG,CAAC,YAAY;oBAC9B,UAAU,EAAE,MAAM;oBAClB,KAAK,EAAE,CAAC;iBACT,CAAC,CAAA;gBACF,MAAK,CAAC,4BAA4B;YACpC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,OAAO,eAAe,CAAA;AACxB,CAAC"}

package/dist/layer2/security-headers.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Layer 2: Security Headers Detector
+ * Detects missing HTTP security headers in server configurations
+ *
+ * OWASP A02:2021 - Cryptographic Failures / Security Misconfiguration
+ * CWE-693: Protection Mechanism Failure
+ */
+import type { Vulnerability } from '../types';
+import type { ParsedFile } from '../utils/parsed-file';
+interface SecurityHeadersOptions {
+    parsed?: ParsedFile;
+}
+/**
+ * Detect missing security headers in server configurations
+ */
+export declare function detectSecurityHeaders(content: string, filePath: string, options?: SecurityHeadersOptions): Vulnerability[];
+export {};
+//# sourceMappingURL=security-headers.d.ts.map

package/dist/layer2/security-headers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-headers.d.ts","sourceRoot":"","sources":["../../src/layer2/security-headers.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAC7C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AAMtD,UAAU,sBAAsB;IAC9B,MAAM,CAAC,EAAE,UAAU,CAAA;CACpB;AAwCD;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,sBAAsB,GAC/B,aAAa,EAAE,CA4JjB"}

package/dist/layer2/security-headers.js

@@ -0,0 +1,187 @@
+"use strict";
+/**
+ * Layer 2: Security Headers Detector
+ * Detects missing HTTP security headers in server configurations
+ *
+ * OWASP A02:2021 - Cryptographic Failures / Security Misconfiguration
+ * CWE-693: Protection Mechanism Failure
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectSecurityHeaders = detectSecurityHeaders;
+const context_helpers_1 = require("../utils/context-helpers");
+/**
+ * Check if a file is client-side (not a server file)
+ */
+function isClientSideFile(content, filePath) {
+    // Explicit 'use client' directive
+    if (/['"]use client['"]/.test(content))
+        return true;
+    // Client-side file paths
+    const clientPatterns = [
+        /\/components\//i,
+        /\/hooks\//i,
+        /\/pages\/(?!api\/)/i, // pages/ but not pages/api/
+        /\.client\.(ts|js|tsx|jsx)$/i,
+    ];
+    // Only apply path heuristics if no server indicators
+    if (clientPatterns.some(p => p.test(filePath))) {
+        // Check for server indicators that override
+        const hasServerIndicators = content.includes('express()') ||
+            content.includes("require('express')") ||
+            content.includes('from \'express\'') ||
+            content.includes('from "express"') ||
+            content.includes('createServer') ||
+            /['"]use server['"]/.test(content);
+        if (!hasServerIndicators)
+            return true;
+    }
+    return false;
+}
+/**
+ * Check if a file is a Next.js config file
+ */
+function isNextConfig(filePath) {
+    return /next\.config\.(m?js|ts)$/.test(filePath);
+}
+/**
+ * Detect missing security headers in server configurations
+ */
+function detectSecurityHeaders(content, filePath, options) {
+    const vulnerabilities = [];
+    if ((0, context_helpers_1.isScannerOrFixtureFile)(filePath))
+        return vulnerabilities;
+    if ((0, context_helpers_1.isTestOrMockFile)(filePath))
+        return vulnerabilities;
+    if (isClientSideFile(content, filePath))
+        return vulnerabilities;
+    const lines = options?.parsed?.lines ?? content.split('\n');
+    // --- Check 1: Express without helmet ---
+    const hasExpress = content.includes('express()') ||
+        /require\s*\(\s*['"]express['"]\s*\)/.test(content) ||
+        /from\s+['"]express['"]/.test(content);
+    if (hasExpress) {
+        const hasHelmet = /require\s*\(\s*['"]helmet['"]\s*\)/.test(content) ||
+            /from\s+['"]helmet['"]/.test(content) ||
+            /require\s*\(\s*['"]@fastify\/helmet['"]\s*\)/.test(content) ||
+            /from\s+['"]@fastify\/helmet['"]/.test(content);
+        if (!hasHelmet) {
+            // Find the line where express() is called
+            let expressLine = 0;
+            let expressContent = '';
+            for (let i = 0; i < lines.length; i++) {
+                if (/express\s*\(\s*\)/.test(lines[i])) {
+                    expressLine = i + 1;
+                    expressContent = lines[i].trim();
+                    break;
+                }
+            }
+            if (expressLine > 0) {
+                vulnerabilities.push({
+                    id: `secheader-${filePath}-express-no-helmet`,
+                    filePath,
+                    lineNumber: expressLine,
+                    lineContent: expressContent,
+                    severity: 'medium',
+                    category: 'missing_security_headers',
+                    title: 'Express app without helmet security headers',
+                    description: 'Express application does not use helmet middleware. This leaves the app without critical HTTP security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options).',
+                    suggestedFix: 'Install and add helmet middleware: npm install helmet && app.use(helmet())',
+                    confidence: 'high',
+                    layer: 2,
+                    requiresAIValidation: true,
+                });
+            }
+        }
+        else {
+            // --- Check 2: Helmet with CSP disabled ---
+            for (let i = 0; i < lines.length; i++) {
+                const line = lines[i];
+                if (/contentSecurityPolicy\s*:\s*false/.test(line)) {
+                    vulnerabilities.push({
+                        id: `secheader-${filePath}-${i + 1}-csp-disabled`,
+                        filePath,
+                        lineNumber: i + 1,
+                        lineContent: line.trim(),
+                        severity: 'low',
+                        category: 'missing_security_headers',
+                        title: 'Helmet CSP disabled',
+                        description: 'Content Security Policy is explicitly disabled in helmet configuration. CSP is a critical defense against XSS attacks.',
+                        suggestedFix: 'Configure a Content Security Policy instead of disabling it: helmet({ contentSecurityPolicy: { directives: { ... } } })',
+                        confidence: 'high',
+                        layer: 2,
+                    });
+                }
+            }
+        }
+    }
+    // --- Check 3: Next.js config missing headers ---
+    if (isNextConfig(filePath)) {
+        const hasHeadersExport = /headers\s*\(\s*\)/.test(content) ||
+            /headers\s*:\s*(?:async\s*)?\(?\s*\)?\s*=>/.test(content) ||
+            /async\s+headers\s*\(\s*\)/.test(content);
+        if (!hasHeadersExport) {
+            vulnerabilities.push({
+                id: `secheader-${filePath}-nextjs-no-headers`,
+                filePath,
+                lineNumber: 1,
+                lineContent: lines[0]?.trim() || '',
+                severity: 'medium',
+                category: 'missing_security_headers',
+                title: 'Next.js config missing security headers',
+                description: 'next.config does not export a headers() function. Security headers (CSP, HSTS, X-Frame-Options) should be configured in Next.js config or middleware.',
+                suggestedFix: 'Add a headers() function to next.config.js that returns security headers array',
+                confidence: 'medium',
+                layer: 2,
+                requiresAIValidation: true,
+            });
+        }
+    }
+    // --- Check 4: Server setting some headers but missing critical ones ---
+    // Only check files that explicitly set response headers
+    const setsHeaders = /res\.setHeader\s*\(/.test(content) ||
+        /response\.setHeader\s*\(/.test(content) ||
+        /res\.set\s*\(/.test(content) ||
+        /response\.headers\.set\s*\(/.test(content);
+    if (setsHeaders && !hasExpress) {
+        const criticalHeaders = [
+            { name: 'Content-Security-Policy', pattern: /content-security-policy/i },
+            { name: 'Strict-Transport-Security', pattern: /strict-transport-security/i },
+            { name: 'X-Content-Type-Options', pattern: /x-content-type-options/i },
+            { name: 'X-Frame-Options', pattern: /x-frame-options/i },
+        ];
+        const missingHeaders = criticalHeaders.filter(h => !h.pattern.test(content));
+        // Only flag if file sets SOME headers but omits critical ones
+        const presentHeaders = criticalHeaders.filter(h => h.pattern.test(content));
+        if (presentHeaders.length > 0 && missingHeaders.length > 0) {
+            // Find a line where headers are being set for reporting
+            let headerLine = 0;
+            let headerContent = '';
+            for (let i = 0; i < lines.length; i++) {
+                if (/(?:res|response)\.(?:setHeader|set|headers\.set)\s*\(/.test(lines[i])) {
+                    headerLine = i + 1;
+                    headerContent = lines[i].trim();
+                    break;
+                }
+            }
+            if (headerLine > 0) {
+                const missing = missingHeaders.map(h => h.name).join(', ');
+                vulnerabilities.push({
+                    id: `secheader-${filePath}-${headerLine}-missing-headers`,
+                    filePath,
+                    lineNumber: headerLine,
+                    lineContent: headerContent,
+                    severity: 'low',
+                    category: 'missing_security_headers',
+                    title: 'Incomplete security headers',
+                    description: `Server sets some response headers but is missing: ${missing}. Consider adding these critical security headers.`,
+                    suggestedFix: `Add missing security headers: ${missing}`,
+                    confidence: 'medium',
+                    layer: 2,
+                    requiresAIValidation: true,
+                });
+            }
+        }
+    }
+    return vulnerabilities;
+}
+//# sourceMappingURL=security-headers.js.map

package/dist/layer2/security-headers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-headers.js","sourceRoot":"","sources":["../../src/layer2/security-headers.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAsDH,sDAgKC;AAlND,8DAGiC;AAMjC;;GAEG;AACH,SAAS,gBAAgB,CAAC,OAAe,EAAE,QAAgB;IACzD,kCAAkC;IAClC,IAAI,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAA;IAEnD,yBAAyB;IACzB,MAAM,cAAc,GAAG;QACrB,iBAAiB;QACjB,YAAY;QACZ,qBAAqB,EAAE,4BAA4B;QACnD,6BAA6B;KAC9B,CAAA;IAED,qDAAqD;IACrD,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QAC/C,4CAA4C;QAC5C,MAAM,mBAAmB,GACvB,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;YAC7B,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;YACtC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YACpC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC;YAClC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC;YAChC,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QACpC,IAAI,CAAC,mBAAmB;YAAE,OAAO,IAAI,CAAA;IACvC,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,QAAgB;IACpC,OAAO,0BAA0B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;AAClD,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CACnC,OAAe,EACf,QAAgB,EAChB,OAAgC;IAEhC,MAAM,eAAe,GAAoB,EAAE,CAAA;IAE3C,IAAI,IAAA,wCAAsB,EAAC,QAAQ,CAAC;QAAE,OAAO,eAAe,CAAA;IAC5D,IAAI,IAAA,kCAAgB,EAAC,QAAQ,CAAC;QAAE,OAAO,eAAe,CAAA;IACtD,IAAI,gBAAgB,CAAC,OAAO,EAAE,QAAQ,CAAC;QAAE,OAAO,eAAe,CAAA;IAE/D,MAAM,KAAK,GAAG,OAAO,EAAE,MAAM,EAAE,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAE3D,0CAA0C;IAC1C,MAAM,UAAU,GACd,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;QAC7B,qCAAqC,CAAC,IAAI,CAAC,OAAO,CAAC;QACnD,wBAAwB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAExC,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,SAAS,GACb,oCAAoC,CAAC,IAAI,CAAC,OAAO,CAAC;YAClD,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC;YACrC,8CAA8C,CAAC,IAAI,CAAC,OAAO,CAAC;YAC5D,iCAAiC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAEjD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,0CAA0C;YAC1C,IAAI,WAAW,GAAG,CAAC,CAAA;YACnB,IAAI,cAAc,GAAG,EAAE,CAAA;YACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,IAAI,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBACvC,WAAW,GAAG,CAAC,GAAG,CAAC,CAAA;oBACnB,cAAc,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;oBAChC,MAAK;gBACP,CAAC;YACH,CAAC;YAED,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;gBACpB,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,aAAa,QAAQ,oBAAoB;oBAC7C,QAAQ;oBACR,UAAU,EAAE,WAAW;oBACvB,WAAW,EAAE,cAAc;oBAC3B,QAAQ,EAAE,QAAQ;oBAClB,QAAQ,EAAE,0BAA0B;oBACpC,KAAK,EAAE,6CAA6C;oBACpD,WAAW,EACT,sKAAsK;oBACxK,YAAY,EAAE,4EAA4E;oBAC1F,UAAU,EAAE,MAAM;oBAClB,KAAK,EAAE,CAAC;oBACR,oBAAoB,EAAE,IAAI;iBAC3B,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,4CAA4C;YAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;gBACrB,IAAI,mCAAmC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACnD,eAAe,CAAC,IAAI,CAAC;wBACnB,EAAE,EAAE,aAAa,QAAQ,IAAI,CAAC,GAAG,CAAC,eAAe;wBACjD,QAAQ;wBACR,UAAU,EAAE,CAAC,GAAG,CAAC;wBACjB,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;wBACxB,QAAQ,EAAE,KAAK;wBACf,QAAQ,EAAE,0BAA0B;wBACpC,KAAK,EAAE,qBAAqB;wBAC5B,WAAW,EACT,wHAAwH;wBAC1H,YAAY,EACV,yHAAyH;wBAC3H,UAAU,EAAE,MAAM;wBAClB,KAAK,EAAE,CAAC;qBACT,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,IAAI,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3B,MAAM,gBAAgB,GACpB,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC;YACjC,2CAA2C,CAAC,IAAI,CAAC,OAAO,CAAC;YACzD,2BAA2B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAE3C,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,eAAe,CAAC,IAAI,CAAC;gBACnB,EAAE,EAAE,aAAa,QAAQ,oBAAoB;gBAC7C,QAAQ;gBACR,UAAU,EAAE,CAAC;gBACb,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE;gBACnC,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,0BAA0B;gBACpC,KAAK,EAAE,yCAAyC;gBAChD,WAAW,EACT,uJAAuJ;gBACzJ,YAAY,EACV,gFAAgF;gBAClF,UAAU,EAAE,QAAQ;gBACpB,KAAK,EAAE,CAAC;gBACR,oBAAoB,EAAE,IAAI;aAC3B,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,wDAAwD;IACxD,MAAM,WAAW,GACf,qBAAqB,CAAC,IAAI,CAAC,OAAO,CAAC;QACnC,0BAA0B,CAAC,IAAI,CAAC,OAAO,CAAC;QACxC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC;QAC7B,6BAA6B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAE7C,IAAI,WAAW,IAAI,CAAC,UAAU,EAAE,CAAC;QAC/B,MAAM,eAAe,GAAG;YACtB,EAAE,IAAI,EAAE,yBAAyB,EAAE,OAAO,EAAE,0BAA0B,EAAE;YACxE,EAAE,IAAI,EAAE,2BAA2B,EAAE,OAAO,EAAE,4BAA4B,EAAE;YAC5E,EAAE,IAAI,EAAE,wBAAwB,EAAE,OAAO,EAAE,yBAAyB,EAAE;YACtE,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,kBAAkB,EAAE;SACzD,CAAA;QAED,MAAM,cAAc,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;QAE5E,8DAA8D;QAC9D,MAAM,cAAc,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;QAC3E,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3D,wDAAwD;YACxD,IAAI,UAAU,GAAG,CAAC,CAAA;YAClB,IAAI,aAAa,GAAG,EAAE,CAAA;YACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,IAAI,uDAAuD,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC3E,UAAU,GAAG,CAAC,GAAG,CAAC,CAAA;oBAClB,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;oBAC/B,MAAK;gBACP,CAAC;YACH,CAAC;YAED,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;gBACnB,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;gBAC1D,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,aAAa,QAAQ,IAAI,UAAU,kBAAkB;oBACzD,QAAQ;oBACR,UAAU,EAAE,UAAU;oBACtB,WAAW,EAAE,aAAa;oBAC1B,QAAQ,EAAE,KAAK;oBACf,QAAQ,EAAE,0BAA0B;oBACpC,KAAK,EAAE,6BAA6B;oBACpC,WAAW,EAAE,qDAAqD,OAAO,oDAAoD;oBAC7H,YAAY,EAAE,iCAAiC,OAAO,EAAE;oBACxD,UAAU,EAAE,QAAQ;oBACpB,KAAK,EAAE,CAAC;oBACR,oBAAoB,EAAE,IAAI;iBAC3B,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC"}

package/dist/layer2/ssrf-detection.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Layer 2: SSRF (Server-Side Request Forgery) Detector
+ * Detects user input flowing to server-side HTTP request sinks
+ *
+ * OWASP A01:2021 - Broken Access Control / A10:2021 - SSRF
+ * CWE-918: Server-Side Request Forgery
+ */
+import type { Vulnerability } from '../types';
+import type { ParsedFile } from '../utils/parsed-file';
+interface SSRFOptions {
+    parsed?: ParsedFile;
+}
+/**
+ * Detect SSRF patterns in server-side code
+ */
+export declare function detectSSRFPatterns(content: string, filePath: string, options?: SSRFOptions): Vulnerability[];
+export {};
+//# sourceMappingURL=ssrf-detection.d.ts.map

package/dist/layer2/ssrf-detection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssrf-detection.d.ts","sourceRoot":"","sources":["../../src/layer2/ssrf-detection.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAC7C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AAOtD,UAAU,WAAW;IACnB,MAAM,CAAC,EAAE,UAAU,CAAA;CACpB;AA6CD;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,WAAW,GACpB,aAAa,EAAE,CAyNjB"}