@oculum/scanner 1.0.12 → 1.0.13

package/dist/detect/structural/dangerous-functions/math-random.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"math-random.js","sourceRoot":"","sources":["../../../../src/detect/structural/dangerous-functions/math-random.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAuBH,4DAkCC;AAcD,8CAeC;AAOD,oDAmGC;AAMD,wDAiDC;AAMD,wDAgFC;AASD,sEAkBC;AASD,4DAqGC;AAMD,4DAiFC;AAMD,0CAcC;AAMD,gEAuDC;AAWD,wEAsBC;AAMD,oDA0GC;AA7wBD,oEAIuC;AAEvC,uDAA6D;AAE7D;;;;;;;;;;;;GAYG;AACH,SAAgB,wBAAwB,CACtC,OAAe,EACf,UAAkB,EAClB,KAAgB;IAEhB,MAAM,MAAM,GAAG,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;IACnD,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEnD,mDAAmD;IACnD,MAAM,cAAc,GAAG;QACrB,yBAAyB;QACzB,iDAAiD;QACjD,4BAA4B;QAC5B,2BAA2B;QAC3B,4BAA4B;QAC5B,sBAAsB;QACtB,6BAA6B;QAC7B,0BAA0B;QAC1B,6BAA6B;QAC7B,4BAA4B;QAC5B,qCAAqC;QACrC,+BAA+B;QAC/B,sEAAsE;QACtE,gCAAgC;QAChC,6DAA6D;QAC7D,8BAA8B;QAC9B,kDAAkD;QAClD,6CAA6C;QAC7C,8DAA8D;KAC/D,CAAA;IAED,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AAClD,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAgB,iBAAiB,CAAC,WAAmB,EAAE,QAAgB;IACrE,8BAA8B;IAC9B,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,qCAAqC;IACrC,WAAW;IACX,wBAAwB;IACxB,iCAAiC;IACjC,mCAAmC;IACnC,iCAAiC;IACjC,oCAAoC;IACpC,MAAM,UAAU,GAAG,mCAAmC,CAAA;IACtD,OAAO,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;AACrC,CAAC;AAED;;;;GAIG;AACH,SAAgB,oBAAoB,CAClC,WAAmB,EACnB,OAAe,EACf,UAAkB,EAClB,KAAgB;IAEhB,MAAM,MAAM,GAAG,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAE3C,gDAAgD;IAChD,MAAM,oBAAoB,GAAG;QAC3B,mBAAmB;QACnB,yCAAyC,EAAE,gCAAgC;QAC3E,mCAAmC,EAAE,2BAA2B;QAChE,iDAAiD,EAAE,iBAAiB;QACpE,8BAA8B,EAAE,mBAAmB;QACnD,+BAA+B,EAAE,gCAAgC;QACjE,gCAAgC,EAAE,iCAAiC;QACnE,kCAAkC,EAAE,yBAAyB;QAC7D,oCAAoC,EAAE,4BAA4B;QAClE,yBAAyB,EAAE,8BAA8B;QACzD,4BAA4B,EAAE,iCAAiC;QAC/D,wBAAwB,EAAE,2BAA2B;QACrD,yBAAyB;QACzB,wBAAwB,EAAE,gCAAgC;QAC1D,sBAAsB,EAAE,gCAAgC;QACxD,wBAAwB,EAAE,oCAAoC;QAC9D,wBAAwB,EAAE,mCAAmC;QAC7D,kCAAkC;QAClC,uCAAuC,EAAE,2CAA2C;QACpF,6BAA6B,EAAE,sCAAsC;QACrE,wBAAwB;QACxB,4CAA4C,EAAE,kCAAkC;QAChF,4CAA4C,EAAE,oCAAoC;QAClF,2CAA2C,EAAE,8BAA8B;QAC3E,4EAA4E;QAC5E,8EAA8E;QAC9E,yCAAyC;KAC1C,CAAA;IAED,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QACxD,OAAO,IAAI,CAAA;IACb,CAAC;IAED,uDAAuD;IACvD,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;IAChD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;IAC1D,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEjE,qCAAqC;IACrC,MAAM,uBAAuB,GAAG;QAC9B,yEAAyE;QACzE,oCAAoC;QACpC,sDAAsD;QACtD,kEAAkE;QAClE,oBAAoB;QACpB,yDAAyD;QACzD,gEAAgE;QAChE,mBAAmB;QACnB,2BAA2B;QAC3B,4BAA4B;QAC5B,sBAAsB;QACtB,yBAAyB;QACzB,sBAAsB;QACtB,kDAAkD;QAClD,iFAAiF;QACjF,+FAA+F;KAChG,CAAA;IAED,IAAI,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;QACvD,OAAO,IAAI,CAAA;IACb,CAAC;IAED,+DAA+D;IAC/D,MAAM,gBAAgB,GAAG;QACvB,qDAAqD;QACrD,uCAAuC;QACvC,2BAA2B;QAC3B,0BAA0B,EAAE,+CAA+C;KAC5E,CAAA;IAED,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;QACvE,OAAO,KAAK,CAAA,CAAC,4CAA4C;IAC3D,CAAC;IAED,kFAAkF;IAClF,sFAAsF;IACtF,MAAM,8BAA8B,GAClC,kCAAkC,CAAC,IAAI,CAAC,WAAW,CAAC;QACpD,CAAC,8BAA8B,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IAEnD,MAAM,8BAA8B,GAClC,kCAAkC,CAAC,IAAI,CAAC,WAAW,CAAC;QACpD,CAAC,8BAA8B,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IAEnD,IAAI,8BAA8B,IAAI,8BAA8B,EAAE,CAAC;QACrE,OAAO,KAAK,CAAA,CAAC,oEAAoE;IACnF,CAAC;IAED,OAAO,KAAK,CAAA,CAAC,iCAAiC;AAChD,CAAC;AAED;;;GAGG;AACH,SAAgB,sBAAsB,CACpC,YAA2B;IAE3B,IAAI,CAAC,YAAY;QAAE,OAAO,SAAS,CAAA;IAEnC,MAAM,KAAK,GAAG,YAAY,CAAC,WAAW,EAAE,CAAA;IAExC,oDAAoD;IACpD,uEAAuE;IACvE,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAA;IACvF,iEAAiE;IACjE,MAAM,oBAAoB,GAAG,sDAAsD,CAAA;IACnF,IACE,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACzC,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC,EAChC,CAAC;QACD,OAAO,MAAM,CAAA;IACf,CAAC;IAED,sDAAsD;IACtD,MAAM,eAAe,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAA;IAC5D,iEAAiE;IACjE,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAAE,OAAO,SAAS,CAAA;IAClE,IAAI,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,SAAS,CAAA;IAE5E,yBAAyB;IACzB,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAA;IAChE,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAAE,OAAO,MAAM,CAAA;IAE5D,+EAA+E;IAC/E,MAAM,gBAAgB,GAAG;QACvB,OAAO;QACP,QAAQ;QACR,KAAK;QACL,UAAU;QACV,YAAY;QACZ,WAAW;KACZ,CAAA;IACD,0DAA0D;IAC1D,MAAM,uBAAuB,GAC3B,wEAAwE,CAAA;IAC1E,IACE,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC7C,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,EACnC,CAAC;QACD,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;GAGG;AACH,SAAgB,sBAAsB,CAAC,WAAmB;IAOxD,MAAM,eAAe,GAAG,WAAW,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAA;IAC7E,MAAM,eAAe,GAAG,WAAW,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAA;IAE7E,IAAI,CAAC,eAAe,IAAI,CAAC,eAAe,EAAE,CAAC;QACzC,OAAO;YACL,WAAW,EAAE,KAAK;YAClB,IAAI,EAAE,IAAI;YACV,WAAW,EAAE,KAAK;YAClB,gBAAgB,EAAE,IAAI;YACtB,MAAM,EAAE,SAAS;SAClB,CAAA;IACH,CAAC;IAED,MAAM,IAAI,GAAG,eAAe,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;IAEtC,+BAA+B;IAC/B,MAAM,cAAc,GAAG,WAAW,CAAC,KAAK,CACtC,oCAAoC,CACrC,CAAA;IACD,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAA;IACtE,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAA;IAExE,MAAM,UAAU,GAAG,cAAc,IAAI,UAAU,IAAI,WAAW,CAAA;IAE9D,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;YACL,WAAW,EAAE,IAAI;YACjB,IAAI;YACJ,WAAW,EAAE,KAAK;YAClB,gBAAgB,EAAE,IAAI;YACtB,MAAM,EAAE,YAAY;SACrB,CAAA;IACH,CAAC;IAED,8BAA8B;IAC9B,MAAM,KAAK,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAA;IACrC,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAE1D,uFAAuF;IACvF,mEAAmE;IACnE,6DAA6D;IAC7D,yCAAyC;IACzC,MAAM,mBAAmB,GAAG,EAAE,CAAA;IAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,mBAAmB,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;IAEpF,4BAA4B;IAC5B,oDAAoD;IACpD,oDAAoD;IACpD,IAAI,MAAM,IAAI,MAAM,IAAI,CAAC,EAAE,CAAC;QAC1B,OAAO;YACL,WAAW,EAAE,IAAI;YACjB,IAAI;YACJ,WAAW,EAAE,IAAI;YACjB,gBAAgB,EAAE,MAAM;YACxB,MAAM,EAAE,aAAa;SACtB,CAAA;IACH,CAAC;SAAM,IAAI,MAAM,IAAI,MAAM,IAAI,EAAE,EAAE,CAAC;QAClC,OAAO;YACL,WAAW,EAAE,IAAI;YACjB,IAAI;YACJ,WAAW,EAAE,IAAI;YACjB,gBAAgB,EAAE,MAAM;YACxB,MAAM,EAAE,aAAa;SACtB,CAAA;IACH,CAAC;SAAM,CAAC;QACN,OAAO;YACL,WAAW,EAAE,IAAI;YACjB,IAAI;YACJ,WAAW,EAAE,IAAI;YACjB,gBAAgB,EAAE,MAAM;YACxB,MAAM,EAAE,aAAa;SACtB,CAAA;IACH,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,6BAA6B,CAC3C,WAAmB;IAEnB,8CAA8C;IAC9C,MAAM,eAAe,GAAG,WAAW,CAAC,KAAK,CACvC,6CAA6C,CAC9C,CAAA;IACD,IAAI,eAAe;QAAE,OAAO,eAAe,CAAC,CAAC,CAAC,CAAA;IAE9C,mCAAmC;IACnC,MAAM,aAAa,GAAG,WAAW,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAA;IACtE,IAAI,aAAa;QAAE,OAAO,aAAa,CAAC,CAAC,CAAC,CAAA;IAE1C,kEAAkE;IAClE,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;IAChE,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC,CAAC,CAAC,CAAA;IAEpC,OAAO,IAAI,CAAA,CAAC,yBAAyB;AACvC,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,wBAAwB,CACtC,OAAsB;IAEtB,IAAI,CAAC,OAAO;QAAE,OAAO,QAAQ,CAAA,CAAC,+BAA+B;IAE7D,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,EAAE,CAAA;IAEnC,+CAA+C;IAC/C,+EAA+E;IAC/E,mDAAmD;IACnD,MAAM,gBAAgB,GAAG;QACvB,OAAO;QACP,QAAQ;QACR,UAAU;QACV,YAAY;QACZ,WAAW;QACX,MAAM;QACN,OAAO;QACP,SAAS;QACT,MAAM;QACN,MAAM;QACN,QAAQ;QACR,WAAW;QACX,YAAY;QACZ,eAAe;QACf,aAAa;QACb,cAAc;QACd,KAAK;QACL,QAAQ;QACR,OAAO;QACP,WAAW;KACZ,CAAA;IACD,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAClD,OAAO,MAAM,CAAA;IACf,CAAC;IAED,0CAA0C;IAC1C,MAAM,eAAe,GAAG;QACtB,uBAAuB;QACvB,IAAI;QACJ,KAAK;QACL,MAAM;QACN,UAAU;QACV,OAAO;QACP,SAAS;QACT,UAAU;QACV,MAAM;QACN,SAAS;QACT,MAAM;QACN,aAAa;QACb,SAAS;QACT,WAAW;QACX,UAAU;QACV,cAAc;QACd,iBAAiB;QACjB,MAAM;QACN,MAAM;QACN,MAAM;QACN,QAAQ;QACR,SAAS;QACT,SAAS;QACT,QAAQ;QACR,MAAM;QACN,WAAW;QACX,WAAW;QACX,OAAO;QACP,4EAA4E;QAC5E,KAAK;QACL,OAAO;QACP,cAAc;QACd,SAAS;QACT,WAAW;QACX,QAAQ;QACR,OAAO;QACP,QAAQ;QACR,OAAO;QACP,QAAQ;QACR,OAAO;QACP,+DAA+D;QAC/D,QAAQ;QACR,OAAO;QACP,SAAS;QACT,OAAO;QACP,SAAS;QACT,SAAS;QACT,QAAQ;QACR,UAAU;QACV,aAAa;QACb,QAAQ;QACR,SAAS;QACT,YAAY;QACZ,QAAQ;QACR,QAAQ;QACR,QAAQ;QACR,SAAS;KACV,CAAA;IACD,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,QAAQ,CAAA,CAAC,iCAAiC;AACnD,CAAC;AAED;;;GAGG;AACH,SAAgB,wBAAwB,CACtC,OAAe,EACf,QAAgB,EAChB,UAAkB,EAClB,KAAgB;IAQhB,MAAM,MAAM,GAAG,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;IACnD,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEnD,6DAA6D;IAC7D,MAAM,gBAAgB,GAAG;QACvB,8EAA8E;QAC9E,8CAA8C;QAC9C,gDAAgD;QAChD,uDAAuD;QACvD,8DAA8D;QAC9D,8CAA8C;KAC/C,CAAA;IACD,MAAM,iBAAiB,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;IAErE,eAAe;IACf,MAAM,gBAAgB,GAAG,kCAAkC,CAAA;IAC3D,MAAM,mBAAmB,GAAG;QAC1B,4DAA4D;QAC5D,gDAAgD;QAChD,yBAAyB;KAC1B,CAAA;IACD,MAAM,aAAa,GACjB,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC;QAC/B,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;IAEhD,6CAA6C;IAC7C,MAAM,WAAW,GAAG,MAAM,CAAC,UAAU,CAAC,CAAA;IACtC,MAAM,WAAW,GAAG,oBAAoB,CAAC,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,CAAA;IAElF,sDAAsD;IACtD,kFAAkF;IAClF,MAAM,qBAAqB,GAAG;QAC5B,8DAA8D;QAC9D,8CAA8C;QAC9C,mDAAmD;QACnD,2FAA2F;QAC3F,wCAAwC;QACxC,+BAA+B,EAAM,oBAAoB;QACzD,iBAAiB,EAAqB,uBAAuB;QAC7D,wBAAwB,EAAc,gDAAgD;QACtF,uCAAuC,EAAG,sCAAsC;QAChF,UAAU,EAA4B,oBAAoB;QAC1D,aAAa,EAAyB,qBAAqB;QAC3D,gBAAgB,EAAsB,wBAAwB;KAC/D,CAAA;IACD,MAAM,sBAAsB,GAC1B,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAA;IAExE,gCAAgC;IAChC,IAAI,kBAAkB,GAAG,iBAAiB,CAAA;IAC1C,IAAI,iBAAiB,EAAE,CAAC;QACtB,kBAAkB,GAAG,6BAA6B,CAAA;IACpD,CAAC;SAAM,IAAI,aAAa,EAAE,CAAC;QACzB,kBAAkB,GAAG,2BAA2B,CAAA;IAClD,CAAC;SAAM,IAAI,WAAW,EAAE,CAAC;QACvB,kBAAkB,GAAG,mBAAmB,CAAA;IAC1C,CAAC;SAAM,IAAI,sBAAsB,EAAE,CAAC;QAClC,kBAAkB,GAAG,oBAAoB,CAAA;IAC3C,CAAC;IAED,OAAO;QACL,iBAAiB;QACjB,aAAa;QACb,WAAW;QACX,sBAAsB;QACtB,kBAAkB;KACnB,CAAA;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,eAAe,CAAC,QAAgB;IAC9C,MAAM,iBAAiB,GAAG;QACxB,eAAe,EAAY,gCAAgC;QAC3D,gBAAgB,EAAW,yBAAyB;QACpD,aAAa,EAAc,uBAAuB;QAClD,aAAa,EAAc,oBAAoB;QAC/C,iBAAiB,EAAU,2BAA2B;QACtD,WAAW,EAAgB,eAAe;QAC1C,aAAa,EAAc,mBAAmB;QAC9C,iBAAiB,EAAU,yBAAyB;QACpD,aAAa,EAAc,qBAAqB;QAChD,aAAa,EAAc,uBAAuB;KACnD,CAAA;IACD,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAA;AACtD,CAAC;AAED;;;GAGG;AACH,SAAgB,0BAA0B,CAAC,WAAmB,EAAE,OAAe;IAC7E,8CAA8C;IAC9C,MAAM,kBAAkB,GAAG;QACzB,sBAAsB,EAAY,mBAAmB;QACrD,sBAAsB,EAAY,mBAAmB;QACrD,sBAAsB,EAAY,mBAAmB;QACrD,2BAA2B,EAAO,sBAAsB;QACxD,0BAA0B,EAAQ,qBAAqB;QACvD,4BAA4B,EAAM,uBAAuB;QACzD,6BAA6B,EAAK,wBAAwB;QAC1D,+BAA+B,EAAG,0BAA0B;QAC5D,8BAA8B,EAAI,yBAAyB;QAC3D,8BAA8B,EAAI,yBAAyB;QAC3D,8BAA8B,EAAI,yBAAyB;QAC3D,8BAA8B,EAAI,8BAA8B;QAChE,6BAA6B,EAAK,wBAAwB;QAC1D,8BAA8B,EAAI,yBAAyB;QAC3D,+BAA+B,EAAG,0BAA0B;QAC5D,4BAA4B,EAAM,uBAAuB;QACzD,gCAAgC;QAChC,6BAA6B,EAAK,yBAAyB;QAC3D,6CAA6C,EAAG,mCAAmC;QACnF,+BAA+B,EAAG,gDAAgD;QAClF,+BAA+B,EAAG,uBAAuB;QACzD,+BAA+B,EAAG,uBAAuB;KAC1D,CAAA;IAED,IAAI,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QACtD,OAAO,IAAI,CAAA;IACb,CAAC;IAED,4CAA4C;IAC5C,MAAM,qBAAqB,GAAG;QAC5B,gBAAgB;QAChB,eAAe;QACf,eAAe;QACf,OAAO;QACP,UAAU;QACV,YAAY;QACZ,cAAc;QACd,YAAY;QACZ,eAAe;QACf,eAAe;QACf,YAAY;QACZ,0CAA0C;QAC1C,QAAQ;QACR,WAAW;QACX,eAAe;QACf,SAAS,EAAO,2BAA2B;QAC3C,OAAO,EAAS,gBAAgB;QAChC,WAAW,EAAK,oBAAoB;QACpC,WAAW,EAAK,oBAAoB;KACrC,CAAA;IAED,OAAO,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACzD,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,8BAA8B,CAC5C,IAAY,EACZ,OAAe,EACf,UAAkB,EAClB,KAAgB;IAEhB,MAAM,MAAM,GAAG,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC3C,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;IAC1D,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEjE,MAAM,gBAAgB,GAAG;QACvB,oBAAoB,EAAsB,mCAAmC;QAC7E,wCAAwC,EAAE,8BAA8B;QACxE,6BAA6B,EAAa,wBAAwB;QAClE,sBAAsB,EAAqB,sBAAsB;QACjE,yBAAyB,EAAiB,+BAA+B;QACzE,sBAAsB,EAAqB,+BAA+B;QAC1E,qBAAqB,EAAsB,gCAAgC;KAC5E,CAAA;IAED,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAA;AACpE,CAAC;AAED;;;GAGG;AACH,SAAgB,oBAAoB,CAClC,OAAe,EACf,QAAgB,EAChB,UAAkB,EAClB,OAAiC;IAEjC,6CAA6C;IAC7C,IAAI,IAAA,qCAAmB,EAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,OAAO,IAAI,CAAA;IACb,CAAC;IAED,mDAAmD;IACnD,yDAAyD;IACzD,IAAI,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAA;IACb,CAAC;IAED,8DAA8D;IAC9D,0EAA0E;IAC1E,IAAI,IAAA,gDAA8B,EAAC,QAAQ,CAAC,EAAE,CAAC;QAC7C,OAAO,IAAI,CAAA;IACb,CAAC;IAED,6EAA6E;IAC7E,iEAAiE;IACjE,MAAM,KAAK,GAAG,OAAO,EAAE,MAAM,EAAE,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC3D,MAAM,WAAW,GAAG,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAA;IAC3C,IAAI,iBAAiB,CAAC,WAAW,EAAE,QAAQ,CAAC,EAAE,CAAC;QAC7C,OAAO,IAAI,CAAA;IACb,CAAC;IAED,kDAAkD;IAClD,uEAAuE;IACvE,IAAI,8BAA8B,CAAC,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK,CAAC,EAAE,CAAC;QAC5E,OAAO,IAAI,CAAA;IACb,CAAC;IAED,4EAA4E;IAC5E,wEAAwE;IACxE,IAAI,wBAAwB,CAAC,OAAO,EAAE,UAAU,EAAE,KAAK,CAAC,EAAE,CAAC;QACzD,OAAO,IAAI,CAAA;IACb,CAAC;IAED,wCAAwC;IACxC,IAAI,IAAA,kCAAgB,EAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,CAAC,CAAA;QAC9B,mDAAmD;QACnD,IACE,iCAAiC,CAAC,IAAI,CAAC,IAAI,CAAC;YAC5C,2BAA2B,CAAC,IAAI,CAAC,IAAI,CAAC,EACtC,CAAC;YACD,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,IAAI,oBAAoB,CAAC,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK,CAAC,EAAE,CAAC;QAClE,+DAA+D;QAC/D,MAAM,iBAAiB,GAAG;YACxB,WAAW;YACX,YAAY;YACZ,YAAY;YACZ,UAAU;YACV,QAAQ;YACR,QAAQ;SACT,CAAA;QACD,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YACrD,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,oDAAoD;IACpD,0DAA0D;IAC1D,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;IACzD,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACpE,IAAI,0BAA0B,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,CAAC;QACzD,OAAO,IAAI,CAAA;IACb,CAAC;IAED,8DAA8D;IAC9D,MAAM,YAAY,GAAG,IAAA,qCAAsB,EAAC,OAAO,EAAE,UAAU,CAAC,CAAA;IAChE,MAAM,cAAc,GAAG,sBAAsB,CAAC,YAAY,CAAC,CAAA;IAE3D,8EAA8E;IAC9E,IAAI,cAAc,KAAK,MAAM,IAAI,cAAc,KAAK,SAAS,IAAI,cAAc,KAAK,MAAM,EAAE,CAAC;QAC3F,OAAO,IAAI,CAAA;IACb,CAAC;IAED,qEAAqE;IACrE,qEAAqE;IACrE,8EAA8E;IAC9E,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACpF,MAAM,yBAAyB,GAAG;QAChC,mDAAmD,EAAU,yBAAyB;QACtF,mDAAmD,EAAU,oCAAoC;QACjG,+CAA+C,EAAc,gCAAgC;QAC7F,2CAA2C,EAAkB,sBAAsB;QACnF,sCAAsC,EAAwB,2BAA2B;QACzF,oCAAoC,EAA0B,8BAA8B;KAC7F,CAAA;IACD,IAAI,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;QAC3D,OAAO,IAAI,CAAA,CAAE,+DAA+D;IAC9E,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC"}

package/dist/detect/structural/dangerous-functions/patterns.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Dangerous Function Pattern Definitions
+ *
+ * This module defines the patterns for detecting dangerous function calls.
+ * These patterns are used by the main detection engine.
+ */
+import type { VulnerabilitySeverity } from '../../../shared/types';
+export interface DangerousFunctionPattern {
+    name: string;
+    pattern: RegExp;
+    severity: VulnerabilitySeverity;
+    description: string;
+    suggestedFix: string;
+    languages?: string[];
+}
+export declare const DANGEROUS_FUNCTIONS: DangerousFunctionPattern[];
+/**
+ * Check if file matches language filter
+ */
+export declare function matchesLanguage(filePath: string, languages?: string[]): boolean;
+//# sourceMappingURL=patterns.d.ts.map

package/dist/detect/structural/dangerous-functions/patterns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../../../src/detect/structural/dangerous-functions/patterns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAElE,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAA;CACrB;AAED,eAAO,MAAM,mBAAmB,EAAE,wBAAwB,EA8IzD,CAAA;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAU/E"}

package/dist/detect/structural/dangerous-functions/patterns.js

@@ -0,0 +1,163 @@
+"use strict";
+/**
+ * Dangerous Function Pattern Definitions
+ *
+ * This module defines the patterns for detecting dangerous function calls.
+ * These patterns are used by the main detection engine.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DANGEROUS_FUNCTIONS = void 0;
+exports.matchesLanguage = matchesLanguage;
+exports.DANGEROUS_FUNCTIONS = [
+    // Code execution
+    {
+        name: 'eval() usage',
+        pattern: /\beval\s*\(/gi,
+        severity: 'critical',
+        description: 'eval() executes arbitrary code and is a major security risk',
+        suggestedFix: 'Use JSON.parse() for JSON data, or refactor to avoid dynamic code execution',
+    },
+    {
+        name: 'Function constructor',
+        pattern: /new\s+Function\s*\(/gi,
+        severity: 'critical',
+        description: 'Function constructor can execute arbitrary code like eval()',
+        suggestedFix: 'Refactor to use static functions or safe alternatives',
+    },
+    {
+        name: 'setTimeout/setInterval with string',
+        pattern: /set(Timeout|Interval)\s*\(\s*['"`]/gi,
+        severity: 'high',
+        description: 'setTimeout/setInterval with string argument acts like eval()',
+        suggestedFix: 'Pass a function reference instead of a string',
+    },
+    // Command injection
+    {
+        name: 'child_process exec',
+        pattern: /\b(exec|execSync|spawn|spawnSync|execFile)\s*\(/gi,
+        severity: 'high',
+        description: 'Shell command execution can lead to command injection',
+        suggestedFix: 'Validate and sanitize all inputs, prefer execFile over exec',
+    },
+    {
+        name: 'os.system/subprocess (Python)',
+        pattern: /\b(os\.system|subprocess\.(call|run|Popen|check_output))\s*\(/gi,
+        severity: 'high',
+        description: 'Shell command execution can lead to command injection',
+        suggestedFix: 'Use subprocess with shell=False and pass arguments as a list',
+        languages: ['py'],
+    },
+    // SQL injection risks
+    // Note: .execute is too generic (used by axios, tRPC, request utilities)
+    // Focus on .query and .raw which are more SQL-specific
+    {
+        name: 'Raw SQL query construction',
+        pattern: /\.(query|raw)\s*\(\s*[`'"].*\$\{|\.query\s*\(\s*['"].*\+/gi,
+        severity: 'critical',
+        description: 'String concatenation in SQL queries can lead to SQL injection',
+        suggestedFix: 'Use parameterized queries or prepared statements',
+    },
+    {
+        name: 'SQL template literal',
+        pattern: /`SELECT.*FROM.*WHERE.*\$\{|`INSERT.*INTO.*VALUES.*\$\{|`UPDATE.*SET.*\$\{|`DELETE.*FROM.*WHERE.*\$\{/gi,
+        severity: 'critical',
+        description: 'Template literals in SQL queries can lead to SQL injection',
+        suggestedFix: 'Use parameterized queries with placeholders (?, $1, etc.)',
+    },
+    // XSS risks
+    {
+        name: 'innerHTML assignment',
+        pattern: /\.innerHTML\s*=|\.outerHTML\s*=/gi,
+        severity: 'high',
+        description: 'Direct innerHTML assignment can lead to XSS vulnerabilities',
+        suggestedFix: 'Use textContent for text, or sanitize HTML with DOMPurify',
+    },
+    {
+        name: 'document.write',
+        pattern: /document\.write\s*\(/gi,
+        severity: 'high',
+        description: 'document.write can introduce XSS vulnerabilities',
+        suggestedFix: 'Use DOM manipulation methods instead',
+    },
+    {
+        name: 'dangerouslySetInnerHTML',
+        pattern: /dangerouslySetInnerHTML\s*=\s*\{\s*\{\s*__html\s*:/gi,
+        severity: 'high',
+        description: 'dangerouslySetInnerHTML can lead to XSS if content is not sanitized',
+        suggestedFix: 'Sanitize HTML content with DOMPurify before rendering',
+    },
+    // Deserialization
+    {
+        name: 'Unsafe deserialization',
+        pattern: /\b(pickle\.loads?|yaml\.load\s*\((?!.*Loader)|unserialize|Marshal\.load)\s*\(/gi,
+        severity: 'critical',
+        description: 'Unsafe deserialization can lead to remote code execution',
+        suggestedFix: 'Use safe loaders (yaml.safe_load) or validate input before deserializing',
+    },
+    // Note: JSON.parse is handled specially with source-aware severity - see json-parse.ts
+    // Note: request.json() is NOT a dangerous function - see request-validation.ts
+    // File system risks
+    {
+        name: 'Dynamic file path',
+        pattern: /\b(readFile|writeFile|readFileSync|writeFileSync|createReadStream|createWriteStream)\s*\(\s*[^'"]/gi,
+        severity: 'medium',
+        description: 'Dynamic file paths can lead to path traversal attacks',
+        suggestedFix: 'Validate and sanitize file paths, use path.resolve with a base directory',
+    },
+    {
+        name: 'Path traversal risk',
+        pattern: /path\.(join|resolve)\s*\([^)]*req\.(params|query|body)/gi,
+        severity: 'high',
+        description: 'User input in file paths can lead to path traversal attacks',
+        suggestedFix: 'Validate paths and ensure they stay within allowed directories',
+    },
+    // Crypto weaknesses
+    {
+        name: 'Math.random for security',
+        pattern: /Math\.random\s*\(\s*\)/gi,
+        severity: 'medium',
+        description: 'Math.random() is not cryptographically secure',
+        suggestedFix: 'Use crypto.randomBytes() or crypto.getRandomValues() for security-sensitive operations',
+    },
+    // Regex DoS
+    {
+        name: 'Potentially unsafe regex',
+        pattern: /new\s+RegExp\s*\(\s*[^'"]/gi,
+        severity: 'medium',
+        description: 'Dynamic regex construction can lead to ReDoS attacks',
+        suggestedFix: 'Validate regex patterns and consider using safe-regex library',
+    },
+    // Prototype pollution
+    {
+        name: 'Object.assign with user input',
+        pattern: /Object\.assign\s*\(\s*\{\s*\}\s*,\s*(req\.|request\.|body|params|query)/gi,
+        severity: 'high',
+        description: 'Object.assign with user input can lead to prototype pollution',
+        suggestedFix: 'Validate and sanitize input, or use a safe merge function',
+    },
+    {
+        name: 'Spread operator with user input',
+        pattern: /\{\s*\.\.\.req\.(body|params|query)|\.\.\.request\.(body|params|query)/gi,
+        severity: 'medium',
+        description: 'Spreading user input can lead to mass assignment vulnerabilities',
+        suggestedFix: 'Explicitly pick allowed properties instead of spreading all input',
+    },
+];
+/**
+ * Check if file matches language filter
+ */
+function matchesLanguage(filePath, languages) {
+    if (!languages || languages.length === 0)
+        return true;
+    const ext = filePath.split('.').pop()?.toLowerCase() || '';
+    return languages.some(lang => {
+        if (lang === 'py')
+            return ext === 'py';
+        if (lang === 'js')
+            return ['js', 'jsx', 'mjs', 'cjs'].includes(ext);
+        if (lang === 'ts')
+            return ['ts', 'tsx'].includes(ext);
+        return ext === lang;
+    });
+}
+//# sourceMappingURL=patterns.js.map

package/dist/detect/structural/dangerous-functions/patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../../../src/detect/structural/dangerous-functions/patterns.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAgKH,0CAUC;AA7JY,QAAA,mBAAmB,GAA+B;IAC7D,iBAAiB;IACjB;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,eAAe;QACxB,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,6DAA6D;QAC1E,YAAY,EAAE,6EAA6E;KAC5F;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,uBAAuB;QAChC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,6DAA6D;QAC1E,YAAY,EAAE,uDAAuD;KACtE;IACD;QACE,IAAI,EAAE,oCAAoC;QAC1C,OAAO,EAAE,sCAAsC;QAC/C,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,8DAA8D;QAC3E,YAAY,EAAE,+CAA+C;KAC9D;IAED,oBAAoB;IACpB;QACE,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,mDAAmD;QAC5D,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,uDAAuD;QACpE,YAAY,EAAE,6DAA6D;KAC5E;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,iEAAiE;QAC1E,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,uDAAuD;QACpE,YAAY,EAAE,8DAA8D;QAC5E,SAAS,EAAE,CAAC,IAAI,CAAC;KAClB;IAED,sBAAsB;IACtB,yEAAyE;IACzE,uDAAuD;IACvD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,4DAA4D;QACrE,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,+DAA+D;QAC5E,YAAY,EAAE,kDAAkD;KACjE;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,wGAAwG;QACjH,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,4DAA4D;QACzE,YAAY,EAAE,2DAA2D;KAC1E;IAED,YAAY;IACZ;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,mCAAmC;QAC5C,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,6DAA6D;QAC1E,YAAY,EAAE,2DAA2D;KAC1E;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,kDAAkD;QAC/D,YAAY,EAAE,sCAAsC;KACrD;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,sDAAsD;QAC/D,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,qEAAqE;QAClF,YAAY,EAAE,uDAAuD;KACtE;IAED,kBAAkB;IAClB;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,iFAAiF;QAC1F,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,0DAA0D;QACvE,YAAY,EAAE,0EAA0E;KACzF;IACD,uFAAuF;IACvF,+EAA+E;IAE/E,oBAAoB;IACpB;QACE,IAAI,EAAE,mBAAmB;QACzB,OAAO,EAAE,qGAAqG;QAC9G,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,uDAAuD;QACpE,YAAY,EAAE,0EAA0E;KACzF;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EAAE,0DAA0D;QACnE,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,6DAA6D;QAC1E,YAAY,EAAE,gEAAgE;KAC/E;IAED,oBAAoB;IACpB;QACE,IAAI,EAAE,0BAA0B;QAChC,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,+CAA+C;QAC5D,YAAY,EAAE,wFAAwF;KACvG;IAED,YAAY;IACZ;QACE,IAAI,EAAE,0BAA0B;QAChC,OAAO,EAAE,6BAA6B;QACtC,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,sDAAsD;QACnE,YAAY,EAAE,+DAA+D;KAC9E;IAED,sBAAsB;IACtB;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,2EAA2E;QACpF,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,+DAA+D;QAC5E,YAAY,EAAE,2DAA2D;KAC1E;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,0EAA0E;QACnF,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,kEAAkE;QAC/E,YAAY,EAAE,mEAAmE;KAClF;CACF,CAAA;AAED;;GAEG;AACH,SAAgB,eAAe,CAAC,QAAgB,EAAE,SAAoB;IACpE,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAErD,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAA;IAC1D,OAAO,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QAC3B,IAAI,IAAI,KAAK,IAAI;YAAE,OAAO,GAAG,KAAK,IAAI,CAAA;QACtC,IAAI,IAAI,KAAK,IAAI;YAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;QACnE,IAAI,IAAI,KAAK,IAAI;YAAE,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;QACrD,OAAO,GAAG,KAAK,IAAI,CAAA;IACrB,CAAC,CAAC,CAAA;AACJ,CAAC"}

package/dist/detect/structural/dangerous-functions/request-validation.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Request Body Validation Detection
+ *
+ * Detection logic for request.json() / req.json() usage without
+ * proper schema validation.
+ */
+import type { Vulnerability } from '../../../shared/types';
+/**
+ * Detect request.json() / req.json() and suggest schema validation
+ * This is NOT a dangerous function - it's a prompt for best practices
+ */
+export declare function detectRequestJsonValidation(content: string, filePath: string, isTestFile: boolean, vulnerabilities: Vulnerability[]): void;
+//# sourceMappingURL=request-validation.d.ts.map

package/dist/detect/structural/dangerous-functions/request-validation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-validation.d.ts","sourceRoot":"","sources":["../../../../src/detect/structural/dangerous-functions/request-validation.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAA;AAO1D;;;GAGG;AACH,wBAAgB,2BAA2B,CACzC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,OAAO,EACnB,eAAe,EAAE,aAAa,EAAE,GAC/B,IAAI,CAiIN"}

package/dist/detect/structural/dangerous-functions/request-validation.js

@@ -0,0 +1,126 @@
+"use strict";
+/**
+ * Request Body Validation Detection
+ *
+ * Detection logic for request.json() / req.json() usage without
+ * proper schema validation.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectRequestJsonValidation = detectRequestJsonValidation;
+const file_classifier_1 = require("../../../parse/file-classifier");
+const schema_validation_1 = require("./utils/schema-validation");
+const helpers_1 = require("./utils/helpers");
+const BASE_CONFIDENCE = 0.35;
+/**
+ * Detect request.json() / req.json() and suggest schema validation
+ * This is NOT a dangerous function - it's a prompt for best practices
+ */
+function detectRequestJsonValidation(content, filePath, isTestFile, vulnerabilities) {
+    // Only check API route files
+    if (!/\/(api|routes?|handlers?|controllers?)\//i.test(filePath) &&
+        !/route\.(ts|js)$/i.test(filePath)) {
+        return;
+    }
+    // Skip if route has throwing auth helper - these are already protected routes
+    // and the schema validation suggestion is lower priority
+    if ((0, helpers_1.hasThrowingAuthHelper)(content)) {
+        return;
+    }
+    const lines = content.split('\n');
+    // Matches: request.json(), req.json(), await request.json(), etc.
+    const requestJsonPattern = /\b(request|req)\.json\s*\(\s*\)/gi;
+    // Check if file has schema validation (library-based)
+    const hasSchemaLibrary = /\b(zod|yup|joi|ajv|superstruct|valibot|typebox)\b/i.test(content) ||
+        /\.parse\s*\(|\.validate\s*\(|\.safeParse\s*\(/i.test(content);
+    // If file has schema library validation, don't report
+    if (hasSchemaLibrary)
+        return;
+    // Check for manual validation patterns (less robust but still indicates intent)
+    const hasManualCheck = (0, schema_validation_1.hasManualValidation)(content);
+    // Track instances for potential aggregation
+    const instances = [];
+    lines.forEach((line, index) => {
+        if ((0, file_classifier_1.isComment)(line))
+            return;
+        requestJsonPattern.lastIndex = 0;
+        if (!requestJsonPattern.test(line))
+            return;
+        // Check if there's validation nearby (within 10 lines after)
+        const startCheck = index;
+        const endCheck = Math.min(lines.length, index + 10);
+        const nearbyContent = lines.slice(startCheck, endCheck).join('\n');
+        // If there's validation in the nearby lines, skip
+        if (/\.parse\s*\(|\.validate\s*\(|\.safeParse\s*\(|schema\./i.test(nearbyContent)) {
+            return;
+        }
+        // If manual validation is present, skip individual reporting but track for aggregate
+        if (hasManualCheck) {
+            instances.push({ lineNumber: index + 1, lineContent: line.trim() });
+            return;
+        }
+        if (isTestFile) {
+            return; // Don't report in test files
+        }
+        instances.push({ lineNumber: index + 1, lineContent: line.trim() });
+    });
+    // Don't report if no instances found
+    if (instances.length === 0)
+        return;
+    // If manual validation exists, create a single info-level note
+    if (hasManualCheck && instances.length > 0) {
+        vulnerabilities.push({
+            id: `request-json-manual-${filePath}`,
+            filePath,
+            lineNumber: instances[0].lineNumber,
+            lineContent: instances[0].lineContent,
+            severity: 'info',
+            category: 'dangerous_function',
+            title: 'Request body with manual validation',
+            description: `API endpoint parses request body with manual validation patterns detected. Consider using a schema library (zod, yup) for more robust type-safe validation.`,
+            suggestedFix: 'While manual validation works, schema libraries provide better TypeScript integration and error messages.',
+            confidence: 'low',
+            baseConfidence: BASE_CONFIDENCE,
+            layer: 2,
+            source: 'structural',
+        });
+        return;
+    }
+    // Aggregate if multiple instances without validation
+    if (instances.length >= 2) {
+        const lineNumbers = instances.map(i => i.lineNumber).slice(0, 5);
+        vulnerabilities.push({
+            id: `request-json-aggregated-${filePath}`,
+            filePath,
+            lineNumber: instances[0].lineNumber,
+            lineContent: `${instances.length} instances`,
+            severity: 'info',
+            category: 'dangerous_function',
+            title: `Request body without schema validation (${instances.length} instances)`,
+            description: `API endpoint parses request body without visible schema validation at lines: ${lineNumbers.join(', ')}. Consider validating the shape of incoming data.`,
+            suggestedFix: 'Add schema validation (e.g., zod): const body = await request.json(); const data = schema.parse(body);',
+            confidence: 'low',
+            baseConfidence: BASE_CONFIDENCE,
+            layer: 2,
+            source: 'structural',
+        });
+    }
+    else {
+        // Single instance
+        vulnerabilities.push({
+            id: `request-json-${filePath}-${instances[0].lineNumber}`,
+            filePath,
+            lineNumber: instances[0].lineNumber,
+            lineContent: instances[0].lineContent,
+            severity: 'info',
+            category: 'dangerous_function',
+            title: 'Request body without schema validation',
+            description: 'API endpoint parses request body without visible schema validation. Consider validating the shape of incoming data.',
+            suggestedFix: 'Add schema validation (e.g., zod): const body = await request.json(); const data = schema.parse(body);',
+            confidence: 'low',
+            baseConfidence: BASE_CONFIDENCE,
+            layer: 2,
+            source: 'structural',
+        });
+    }
+}
+//# sourceMappingURL=request-validation.js.map

package/dist/detect/structural/dangerous-functions/request-validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-validation.js","sourceRoot":"","sources":["../../../../src/detect/structural/dangerous-functions/request-validation.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAaH,kEAsIC;AAhJD,oEAA0D;AAC1D,iEAA+D;AAC/D,6CAAuD;AAEvD,MAAM,eAAe,GAAG,IAAI,CAAA;AAE5B;;;GAGG;AACH,SAAgB,2BAA2B,CACzC,OAAe,EACf,QAAgB,EAChB,UAAmB,EACnB,eAAgC;IAEhC,6BAA6B;IAC7B,IACE,CAAC,2CAA2C,CAAC,IAAI,CAAC,QAAQ,CAAC;QAC3D,CAAC,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAClC,CAAC;QACD,OAAM;IACR,CAAC;IAED,8EAA8E;IAC9E,yDAAyD;IACzD,IAAI,IAAA,+BAAqB,EAAC,OAAO,CAAC,EAAE,CAAC;QACnC,OAAM;IACR,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,kEAAkE;IAClE,MAAM,kBAAkB,GAAG,mCAAmC,CAAA;IAE9D,sDAAsD;IACtD,MAAM,gBAAgB,GACpB,oDAAoD,CAAC,IAAI,CAAC,OAAO,CAAC;QAClE,gDAAgD,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAEhE,sDAAsD;IACtD,IAAI,gBAAgB;QAAE,OAAM;IAE5B,gFAAgF;IAChF,MAAM,cAAc,GAAG,IAAA,uCAAmB,EAAC,OAAO,CAAC,CAAA;IAEnD,4CAA4C;IAC5C,MAAM,SAAS,GAAkD,EAAE,CAAA;IAEnE,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,IAAI,IAAA,2BAAS,EAAC,IAAI,CAAC;YAAE,OAAM;QAE3B,kBAAkB,CAAC,SAAS,GAAG,CAAC,CAAA;QAChC,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAM;QAE1C,6DAA6D;QAC7D,MAAM,UAAU,GAAG,KAAK,CAAA;QACxB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,GAAG,EAAE,CAAC,CAAA;QACnD,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAElE,kDAAkD;QAClD,IACE,yDAAyD,CAAC,IAAI,CAC5D,aAAa,CACd,EACD,CAAC;YACD,OAAM;QACR,CAAC;QAED,qFAAqF;QACrF,IAAI,cAAc,EAAE,CAAC;YACnB,SAAS,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,KAAK,GAAG,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;YACnE,OAAM;QACR,CAAC;QAED,IAAI,UAAU,EAAE,CAAC;YACf,OAAM,CAAC,6BAA6B;QACtC,CAAC;QAED,SAAS,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,KAAK,GAAG,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;IACrE,CAAC,CAAC,CAAA;IAEF,qCAAqC;IACrC,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAM;IAElC,+DAA+D;IAC/D,IAAI,cAAc,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,eAAe,CAAC,IAAI,CAAC;YACnB,EAAE,EAAE,uBAAuB,QAAQ,EAAE;YACrC,QAAQ;YACR,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU;YACnC,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW;YACrC,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,oBAAoB;YAC9B,KAAK,EAAE,qCAAqC;YAC5C,WAAW,EAAE,6JAA6J;YAC1K,YAAY,EACV,2GAA2G;YAC7G,UAAU,EAAE,KAAK;YACjB,cAAc,EAAE,eAAe;YAC/B,KAAK,EAAE,CAAC;YACN,MAAM,EAAE,YAAqB;SAChC,CAAC,CAAA;QACF,OAAM;IACR,CAAC;IAED,qDAAqD;IACrD,IAAI,SAAS,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC1B,MAAM,WAAW,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;QAChE,eAAe,CAAC,IAAI,CAAC;YACnB,EAAE,EAAE,2BAA2B,QAAQ,EAAE;YACzC,QAAQ;YACR,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU;YACnC,WAAW,EAAE,GAAG,SAAS,CAAC,MAAM,YAAY;YAC5C,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,oBAAoB;YAC9B,KAAK,EAAE,2CAA2C,SAAS,CAAC,MAAM,aAAa;YAC/E,WAAW,EAAE,gFAAgF,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,mDAAmD;YACtK,YAAY,EACV,wGAAwG;YAC1G,UAAU,EAAE,KAAK;YACjB,cAAc,EAAE,eAAe;YAC/B,KAAK,EAAE,CAAC;YACN,MAAM,EAAE,YAAqB;SAChC,CAAC,CAAA;IACJ,CAAC;SAAM,CAAC;QACN,kBAAkB;QAClB,eAAe,CAAC,IAAI,CAAC;YACnB,EAAE,EAAE,gBAAgB,QAAQ,IAAI,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE;YACzD,QAAQ;YACR,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU;YACnC,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW;YACrC,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,oBAAoB;YAC9B,KAAK,EAAE,wCAAwC;YAC/C,WAAW,EACT,qHAAqH;YACvH,YAAY,EACV,wGAAwG;YAC1G,UAAU,EAAE,KAAK;YACjB,cAAc,EAAE,eAAe;YAC/B,KAAK,EAAE,CAAC;YACN,MAAM,EAAE,YAAqB;SAChC,CAAC,CAAA;IACJ,CAAC;AACH,CAAC"}

package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Control Flow Analysis Utilities
+ *
+ * Backward-compatible wrappers around shared code-analysis utilities.
+ * Existing callers pass (content: string, lineNumber: number) — these
+ * wrappers create a temporary ParsedFile to delegate to the shared implementation.
+ */
+/**
+ * Check if a line is inside a try-catch block
+ * Looks for enclosing try { ... } catch pattern
+ */
+export declare function isInsideTryCatch(content: string, lineNumber: number): boolean;
+/**
+ * Simpler heuristic: check if there's a try-catch in the same function scope
+ * Looks for try { before the line and } catch after, within reasonable bounds
+ */
+export declare function hasTryCatchNearby(content: string, lineNumber: number, windowSize?: number): boolean;
+/**
+ * Extract function context where a call is being made
+ * Looks backwards from the current line to find enclosing function name
+ * Returns lowercase function name or null if not found
+ */
+export declare function extractFunctionContext(content: string, lineNumber: number): string | null;
+//# sourceMappingURL=control-flow.d.ts.map

package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"control-flow.d.ts","sourceRoot":"","sources":["../../../../../src/detect/structural/dangerous-functions/utils/control-flow.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAE7E;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,GAAE,MAAW,GAAG,OAAO,CAEvG;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAEzF"}

package/dist/detect/structural/dangerous-functions/utils/control-flow.js

@@ -0,0 +1,70 @@
+"use strict";
+/**
+ * Control Flow Analysis Utilities
+ *
+ * Backward-compatible wrappers around shared code-analysis utilities.
+ * Existing callers pass (content: string, lineNumber: number) — these
+ * wrappers create a temporary ParsedFile to delegate to the shared implementation.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isInsideTryCatch = isInsideTryCatch;
+exports.hasTryCatchNearby = hasTryCatchNearby;
+exports.extractFunctionContext = extractFunctionContext;
+const parsed_file_1 = require("../../../../shared/parsed-file");
+const codeAnalysis = __importStar(require("../../../../shared/code-analysis"));
+/**
+ * Check if a line is inside a try-catch block
+ * Looks for enclosing try { ... } catch pattern
+ */
+function isInsideTryCatch(content, lineNumber) {
+    return codeAnalysis.isInsideTryCatch(new parsed_file_1.ParsedFile(content, ''), lineNumber);
+}
+/**
+ * Simpler heuristic: check if there's a try-catch in the same function scope
+ * Looks for try { before the line and } catch after, within reasonable bounds
+ */
+function hasTryCatchNearby(content, lineNumber, windowSize = 20) {
+    return codeAnalysis.hasTryCatchNearby(new parsed_file_1.ParsedFile(content, ''), lineNumber, windowSize);
+}
+/**
+ * Extract function context where a call is being made
+ * Looks backwards from the current line to find enclosing function name
+ * Returns lowercase function name or null if not found
+ */
+function extractFunctionContext(content, lineNumber) {
+    return codeAnalysis.extractFunctionContext(new parsed_file_1.ParsedFile(content, ''), lineNumber);
+}
+//# sourceMappingURL=control-flow.js.map

package/dist/detect/structural/dangerous-functions/utils/control-flow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"control-flow.js","sourceRoot":"","sources":["../../../../../src/detect/structural/dangerous-functions/utils/control-flow.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AASH,4CAEC;AAMD,8CAEC;AAOD,wDAEC;AA1BD,gEAA2D;AAC3D,+EAAgE;AAEhE;;;GAGG;AACH,SAAgB,gBAAgB,CAAC,OAAe,EAAE,UAAkB;IAClE,OAAO,YAAY,CAAC,gBAAgB,CAAC,IAAI,wBAAU,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,UAAU,CAAC,CAAA;AAC/E,CAAC;AAED;;;GAGG;AACH,SAAgB,iBAAiB,CAAC,OAAe,EAAE,UAAkB,EAAE,aAAqB,EAAE;IAC5F,OAAO,YAAY,CAAC,iBAAiB,CAAC,IAAI,wBAAU,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,UAAU,EAAE,UAAU,CAAC,CAAA;AAC5F,CAAC;AAED;;;;GAIG;AACH,SAAgB,sBAAsB,CAAC,OAAe,EAAE,UAAkB;IACxE,OAAO,YAAY,CAAC,sBAAsB,CAAC,IAAI,wBAAU,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,UAAU,CAAC,CAAA;AACrF,CAAC"}

package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts

@@ -0,0 +1,31 @@
+/**
+ * General Helper Utilities
+ *
+ * Small utility functions used across the dangerous functions detection module.
+ */
+/**
+ * Get a specific line from content by line number (0-indexed)
+ */
+export declare function getLineContent(content: string, lineNumber: number): string;
+/**
+ * Get a range of lines from content
+ */
+export declare function getLineRange(content: string, startLine: number, endLine: number): string;
+/**
+ * Check if eval/exec/Function has only static literal inputs (no user data)
+ * Static inputs like eval('({ mode: "production" })') are low risk
+ *
+ * Returns true ONLY if the argument is a string literal (not a variable)
+ */
+export declare function hasOnlyStaticInputs(lineContent: string, content: string, lineNumber: number): boolean;
+/**
+ * Check if path traversal protection is in place
+ * Looks for common sanitization patterns that prevent directory traversal attacks
+ */
+export declare function hasPathTraversalProtection(context: string, lineContent: string): boolean;
+/**
+ * Check if route has throwing auth helper (getCurrentUserId, requireAuth, etc.)
+ * Routes with throwing auth helpers are already protected
+ */
+export declare function hasThrowingAuthHelper(content: string): boolean;
+//# sourceMappingURL=helpers.d.ts.map

package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.d.ts","sourceRoot":"","sources":["../../../../../src/detect/structural/dangerous-functions/utils/helpers.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,CAG1E;AAED;;GAEG;AACH,wBAAgB,YAAY,CAC1B,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,GACd,MAAM,CAKR;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,GACjB,OAAO,CAgCT;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,MAAM,GAClB,OAAO,CAiET;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAmB9D"}