@oculum/scanner 1.0.13 → 1.0.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/detect/secrets/config-audit.d.ts +5 -0
- package/dist/detect/secrets/config-audit.d.ts.map +1 -1
- package/dist/detect/secrets/config-audit.js +95 -0
- package/dist/detect/secrets/config-audit.js.map +1 -1
- package/dist/pipeline/config.d.ts +3 -1
- package/dist/pipeline/config.d.ts.map +1 -1
- package/dist/pipeline/config.js.map +1 -1
- package/dist/pipeline/index.d.ts.map +1 -1
- package/dist/pipeline/index.js +24 -3
- package/dist/pipeline/index.js.map +1 -1
- package/dist/shared/types.d.ts +1 -1
- package/dist/shared/types.d.ts.map +1 -1
- package/dist/tiers.d.ts +2 -2
- package/dist/tiers.js +1 -1
- package/package.json +2 -2
- package/src/__tests__/detect/postinstall-enrichment.test.ts +300 -0
- package/src/detect/secrets/config-audit.ts +111 -0
- package/src/pipeline/config.ts +3 -1
- package/src/pipeline/index.ts +26 -3
- package/src/shared/types.ts +1 -1
- package/src/tiers.ts +2 -2
|
@@ -8,4 +8,9 @@ export declare const CONFIG_RULES: ConfigRule[];
|
|
|
8
8
|
export declare function auditConfiguration(content: string, filePath: string, options?: {
|
|
9
9
|
parsed?: ParsedFile;
|
|
10
10
|
}): Vulnerability[];
|
|
11
|
+
/**
|
|
12
|
+
* Enrich postinstall findings with npm registry data.
|
|
13
|
+
* Auto-dismisses known safe packages, escalates unknown ones.
|
|
14
|
+
*/
|
|
15
|
+
export declare function enrichPostinstallFindings(findings: Vulnerability[]): Promise<Vulnerability[]>;
|
|
11
16
|
//# sourceMappingURL=config-audit.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config-audit.d.ts","sourceRoot":"","sources":["../../../src/detect/secrets/config-audit.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAmB,aAAa,EAAE,MAAM,oBAAoB,CAAA;AACpF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;
|
|
1
|
+
{"version":3,"file":"config-audit.d.ts","sourceRoot":"","sources":["../../../src/detect/secrets/config-audit.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAmB,aAAa,EAAE,MAAM,oBAAoB,CAAA;AACpF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;AAO1D,eAAO,MAAM,YAAY,EAAE,UAAU,EAgSpC,CAAA;AAkBD,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,UAAU,CAAA;CAAE,GAChC,aAAa,EAAE,CA4BjB;AAkDD;;;GAGG;AACH,wBAAsB,yBAAyB,CAC7C,QAAQ,EAAE,aAAa,EAAE,GACxB,OAAO,CAAC,aAAa,EAAE,CAAC,CAmE1B"}
|
|
@@ -6,6 +6,8 @@
|
|
|
6
6
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
7
|
exports.CONFIG_RULES = void 0;
|
|
8
8
|
exports.auditConfiguration = auditConfiguration;
|
|
9
|
+
exports.enrichPostinstallFindings = enrichPostinstallFindings;
|
|
10
|
+
const registry_clients_1 = require("../../shared/registry-clients");
|
|
9
11
|
// Base confidence for configuration audit findings
|
|
10
12
|
const BASE_CONFIDENCE = 0.50;
|
|
11
13
|
// Configuration audit rules
|
|
@@ -312,4 +314,97 @@ function getConfigFix(ruleName, violation) {
|
|
|
312
314
|
};
|
|
313
315
|
return fixes[ruleName] || 'Review and fix the security configuration';
|
|
314
316
|
}
|
|
317
|
+
// ===== Postinstall Enrichment via NPM Registry Lookup =====
|
|
318
|
+
/** Extract the command string from a postinstall line like: "postinstall": "patch-package" */
|
|
319
|
+
function extractPostinstallCommand(lineContent) {
|
|
320
|
+
const match = lineContent.match(/"(?:postinstall|preinstall)"\s*:\s*"([^"]+)"/);
|
|
321
|
+
return match?.[1] || null;
|
|
322
|
+
}
|
|
323
|
+
/** Extract the main binary/package from a script command */
|
|
324
|
+
function extractScriptBinary(command) {
|
|
325
|
+
const trimmed = command.trim();
|
|
326
|
+
// Skip npm/npx wrapper to get the actual tool
|
|
327
|
+
if (trimmed.startsWith('npx ')) {
|
|
328
|
+
const parts = trimmed.slice(4).trim().split(/\s+/);
|
|
329
|
+
return parts[0] || null;
|
|
330
|
+
}
|
|
331
|
+
if (trimmed.startsWith('npm run ') || trimmed.startsWith('npm exec ')) {
|
|
332
|
+
return null; // Can't determine — it's a local script
|
|
333
|
+
}
|
|
334
|
+
if (trimmed.startsWith('node ') || trimmed.startsWith('sh ') || trimmed.startsWith('bash ')) {
|
|
335
|
+
return null; // Local script execution
|
|
336
|
+
}
|
|
337
|
+
// Direct command: "patch-package", "husky install", "prisma generate"
|
|
338
|
+
const parts = trimmed.split(/\s+/);
|
|
339
|
+
return parts[0] || null;
|
|
340
|
+
}
|
|
341
|
+
function formatDownloads(n) {
|
|
342
|
+
if (n >= 1000000)
|
|
343
|
+
return `${(n / 1000000).toFixed(1)}M`;
|
|
344
|
+
if (n >= 1000)
|
|
345
|
+
return `${(n / 1000).toFixed(0)}k`;
|
|
346
|
+
return `${n}`;
|
|
347
|
+
}
|
|
348
|
+
/**
|
|
349
|
+
* Enrich postinstall findings with npm registry data.
|
|
350
|
+
* Auto-dismisses known safe packages, escalates unknown ones.
|
|
351
|
+
*/
|
|
352
|
+
async function enrichPostinstallFindings(findings) {
|
|
353
|
+
const result = [];
|
|
354
|
+
for (const finding of findings) {
|
|
355
|
+
// Only process postinstall-related config findings
|
|
356
|
+
if (finding.category !== 'insecure_config' ||
|
|
357
|
+
!finding.description.includes('install scripts')) {
|
|
358
|
+
result.push(finding);
|
|
359
|
+
continue;
|
|
360
|
+
}
|
|
361
|
+
// Extract the command from the postinstall script
|
|
362
|
+
const command = extractPostinstallCommand(finding.lineContent);
|
|
363
|
+
if (!command) {
|
|
364
|
+
result.push(finding);
|
|
365
|
+
continue;
|
|
366
|
+
}
|
|
367
|
+
// Get the package name that runs this command
|
|
368
|
+
const scriptBinary = extractScriptBinary(command);
|
|
369
|
+
if (scriptBinary) {
|
|
370
|
+
const metadata = await (0, registry_clients_1.fetchNPMMetadata)(scriptBinary);
|
|
371
|
+
if (metadata) {
|
|
372
|
+
const weeklyDownloads = metadata.downloads?.weekly || 0;
|
|
373
|
+
const ageDays = (0, registry_clients_1.calculatePackageAgeDays)(metadata.time?.created);
|
|
374
|
+
// Auto-dismiss: very popular and established
|
|
375
|
+
if (weeklyDownloads >= 1000000 && ageDays >= 365) {
|
|
376
|
+
continue; // Skip this finding entirely
|
|
377
|
+
}
|
|
378
|
+
// Trusted: popular and not brand new
|
|
379
|
+
if (weeklyDownloads >= 100000 && ageDays >= 180) {
|
|
380
|
+
finding.severity = 'info';
|
|
381
|
+
finding.description = `postinstall runs "${command}" (${scriptBinary}: ${formatDownloads(weeklyDownloads)}/week, ${Math.floor(ageDays / 365)}+ years old)`;
|
|
382
|
+
result.push(finding);
|
|
383
|
+
continue;
|
|
384
|
+
}
|
|
385
|
+
// Moderate: some usage
|
|
386
|
+
if (weeklyDownloads >= 10000 && ageDays >= 90) {
|
|
387
|
+
finding.severity = 'low';
|
|
388
|
+
result.push(finding);
|
|
389
|
+
continue;
|
|
390
|
+
}
|
|
391
|
+
// Suspicious: low downloads or very new
|
|
392
|
+
finding.severity = 'medium';
|
|
393
|
+
finding.description = `postinstall runs "${command}" — ${scriptBinary} has only ${formatDownloads(weeklyDownloads)} weekly downloads (${ageDays} days old). Review carefully.`;
|
|
394
|
+
result.push(finding);
|
|
395
|
+
continue;
|
|
396
|
+
}
|
|
397
|
+
else {
|
|
398
|
+
// Package not found on npm — escalate
|
|
399
|
+
finding.severity = 'high';
|
|
400
|
+
finding.description = `postinstall runs "${command}" — "${scriptBinary}" not found on npm registry. Possible supply chain risk.`;
|
|
401
|
+
result.push(finding);
|
|
402
|
+
continue;
|
|
403
|
+
}
|
|
404
|
+
}
|
|
405
|
+
// Couldn't extract binary, keep as-is
|
|
406
|
+
result.push(finding);
|
|
407
|
+
}
|
|
408
|
+
return result;
|
|
409
|
+
}
|
|
315
410
|
//# sourceMappingURL=config-audit.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config-audit.js","sourceRoot":"","sources":["../../../src/detect/secrets/config-audit.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AA2TH,gDAgCC;AAtVD,mDAAmD;AACnD,MAAM,eAAe,GAAG,IAAI,CAAA;AAE5B,4BAA4B;AACf,QAAA,YAAY,GAAiB;IACxC,mBAAmB;IACnB;QACE,IAAI,EAAE,wBAAwB;QAC9B,YAAY,EAAE,CAAC,YAAY,EAAE,cAAc,CAAC;QAC5C,KAAK,EAAE,CAAC,OAAe,EAAqB,EAAE;YAC5C,MAAM,UAAU,GAAsB,EAAE,CAAA;YACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;YAEjC,mCAAmC;YACnC,MAAM,kBAAkB,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC3C,IAAI,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAC9C,CAAA;YAED,+BAA+B;YAC/B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC5B,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,WAAW,EAAE,CAAC;oBAC9C,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,KAAK,GAAG,CAAC;wBACf,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;wBACxB,OAAO,EAAE,wCAAwC;wBACjD,QAAQ,EAAE,MAAM;qBACjB,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC,CAAC,CAAA;YAEF,yCAAyC;YACzC,IAAI,CAAC,kBAAkB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5C,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,CAAC;oBACP,WAAW,EAAE,YAAY;oBACzB,OAAO,EAAE,mEAAmE;oBAC5E,QAAQ,EAAE,QAAQ;iBACnB,CAAC,CAAA;YACJ,CAAC;YAED,OAAO,UAAU,CAAA;QACnB,CAAC;KACF;IACD;QACE,IAAI,EAAE,wCAAwC;QAC9C,YAAY,EAAE,CAAC,YAAY,EAAE,cAAc,EAAE,oBAAoB,EAAE,qBAAqB,CAAC;QACzF,KAAK,EAAE,CAAC,OAAe,EAAqB,EAAE;YAC5C,MAAM,UAAU,GAAsB,EAAE,CAAA;YACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;YAEjC,qFAAqF;YACrF,0FAA0F;YAC1F,MAAM,mBAAmB,GAAG,6EAA6E,CAAA;YACzG,MAAM,mBAAmB,GAAG,6EAA6E,CAAA;YACzG,MAAM,oBAAoB,GAAG,+DAA+D,CAAA;YAE5F,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC5B,uBAAuB;gBACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;gBAChD,IAAI,QAAQ,EAAE,CAAC;oBACb,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAA;oBACzB,iEAAiE;oBACjE,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,mCAAmC,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;wBAClF,UAAU,CAAC,IAAI,CAAC;4BACd,IAAI,EAAE,KAAK,GAAG,CAAC;4BACf,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;4BACxB,OAAO,EAAE,uGAAuG;4BAChH,QAAQ,EAAE,QAAQ,EAAG,0EAA0E;yBAChG,CAAC,CAAA;oBACJ,CAAC;oBACD,OAAM;gBACR,CAAC;gBAED,yEAAyE;gBACzE,IAAI,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAChD,OAAM;gBACR,CAAC;gBAED,oDAAoD;gBACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;gBAChD,IAAI,QAAQ,EAAE,CAAC;oBACb,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAA;oBACzB,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBAC9B,UAAU,CAAC,IAAI,CAAC;4BACd,IAAI,EAAE,KAAK,GAAG,CAAC;4BACf,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;4BACxB,OAAO,EAAE,mDAAmD;4BAC5D,QAAQ,EAAE,MAAM;yBACjB,CAAC,CAAA;oBACJ,CAAC;oBACD,OAAM;gBACR,CAAC;gBAED,gCAAgC;gBAChC,IAAI,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAA;oBAC9C,IAAI,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBAC7C,UAAU,CAAC,IAAI,CAAC;4BACd,IAAI,EAAE,KAAK,GAAG,CAAC;4BACf,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;4BACxB,OAAO,EAAE,2DAA2D;4BACpE,QAAQ,EAAE,MAAM;yBACjB,CAAC,CAAA;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC,CAAC,CAAA;YAEF,OAAO,UAAU,CAAA;QACnB,CAAC;KACF;IACD,qBAAqB;IACrB;QACE,IAAI,EAAE,+BAA+B;QACrC,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,QAAQ,EAAE,OAAO,CAAC;QACnG,KAAK,EAAE,CAAC,OAAe,EAAqB,EAAE;YAC5C,MAAM,UAAU,GAAsB,EAAE,CAAA;YACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;YAEjC,MAAM,YAAY,GAAG;gBACnB,0DAA0D;gBAC1D,2CAA2C;gBAC3C,0BAA0B;gBAC1B,2CAA2C;gBAC3C,oCAAoC;aACrC,CAAA;YAED,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC5B,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;oBACnC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,UAAU,CAAC,IAAI,CAAC;4BACd,IAAI,EAAE,KAAK,GAAG,CAAC;4BACf,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;4BACxB,OAAO,EAAE,4DAA4D;4BACrE,QAAQ,EAAE,QAAQ;yBACnB,CAAC,CAAA;wBACF,MAAK;oBACP,CAAC;gBACH,CAAC;YACH,CAAC,CAAC,CAAA;YAEF,OAAO,UAAU,CAAA;QACnB,CAAC;KACF;IACD,kCAAkC;IAClC;QACE,IAAI,EAAE,gCAAgC;QACtC,YAAY,EAAE,CAAC,yBAAyB,EAAE,0BAA0B,CAAC;QACrE,KAAK,EAAE,CAAC,OAAe,EAAqB,EAAE;YAC5C,MAAM,UAAU,GAAsB,EAAE,CAAA;YACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;YAEjC,8CAA8C;YAC9C,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAC,CAAA;YAC3D,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAA;YAExD,IAAI,WAAW,IAAI,WAAW,EAAE,CAAC;gBAC/B,MAAM,YAAY,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CAAA;gBACzE,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,YAAY,GAAG,CAAC;oBACtB,WAAW,EAAE,KAAK,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE;oBAC9C,OAAO,EAAE,sFAAsF;oBAC/F,QAAQ,EAAE,MAAM;iBACjB,CAAC,CAAA;YACJ,CAAC;YAED,8BAA8B;YAC9B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC5B,IAAI,2BAA2B,CAAC,IAAI,CAAC,IAAI,CAAC;oBACtC,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC9C,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,KAAK,GAAG,CAAC;wBACf,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;wBACxB,OAAO,EAAE,uDAAuD;wBAChE,QAAQ,EAAE,UAAU;qBACrB,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC,CAAC,CAAA;YAEF,OAAO,UAAU,CAAA;QACnB,CAAC;KACF;IACD,0BAA0B;IAC1B;QACE,IAAI,EAAE,gCAAgC;QACtC,YAAY,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,iBAAiB,CAAC;QACrE,KAAK,EAAE,CAAC,OAAe,EAAqB,EAAE;YAC5C,MAAM,UAAU,GAAsB,EAAE,CAAA;YACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;YAEjC,0EAA0E;YAC1E,IAAI,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAAE,CAAC;gBAC1F,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAA;gBACrE,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;oBACxC,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,uBAAuB;oBAChE,OAAO,EAAE,oFAAoF;oBAC7F,QAAQ,EAAE,KAAK;iBAChB,CAAC,CAAA;YACJ,CAAC;YAED,8CAA8C;YAC9C,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC5B,IAAI,wCAAwC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACxD,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,KAAK,GAAG,CAAC;wBACf,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;wBACxB,OAAO,EAAE,oEAAoE;wBAC7E,QAAQ,EAAE,QAAQ;qBACnB,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC,CAAC,CAAA;YAEF,OAAO,UAAU,CAAA;QACnB,CAAC;KACF;IACD,wBAAwB;IACxB;QACE,IAAI,EAAE,8BAA8B;QACpC,YAAY,EAAE,CAAC,cAAc,CAAC;QAC9B,KAAK,EAAE,CAAC,OAAe,EAAqB,EAAE;YAC5C,MAAM,UAAU,GAAsB,EAAE,CAAA;YAExC,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;gBAE/B,wDAAwD;gBACxD,IAAI,GAAG,CAAC,OAAO,EAAE,WAAW,IAAI,GAAG,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC;oBACxD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;oBACjC,MAAM,UAAU,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CACrC,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC,CAC1D,CAAA;oBACD,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,UAAU,GAAG,CAAC;wBACpB,WAAW,EAAE,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE;wBAC5C,OAAO,EAAE,wEAAwE;wBACjF,QAAQ,EAAE,KAAK;qBAChB,CAAC,CAAA;gBACJ,CAAC;gBAED,kCAAkC;gBAClC,MAAM,OAAO,GAAG,EAAE,GAAG,GAAG,CAAC,YAAY,EAAE,GAAG,GAAG,CAAC,eAAe,EAAE,CAAA;gBAC/D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;gBAEjC,mEAAmE;gBACnE,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;gBAE1E,2FAA2F;gBAC3F,+EAA+E;gBAC/E,MAAM,WAAW,GAA2B,EAAE,CAAA;gBAC9C,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC3C,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC5B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;wBACnC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;oBACpD,CAAC;gBACH,CAAC;gBACD,+DAA+D;gBAC/D,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC;qBAC9C,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,kCAAkC;qBACpE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAA;gBAE9C,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtD,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;wBAC5C,mCAAmC;wBACnC,0CAA0C;wBAC1C,6EAA6E;wBAC7E,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;wBAEjE,uCAAuC;wBACvC,MAAM,kBAAkB,GACtB,CAAC,QAAQ,IAAI,QAAQ,KAAK,QAAQ,CAAC;4BACnC,CAAC,aAAa,IAAI,QAAQ,KAAK,aAAa,IAAI,OAAO,KAAK,GAAG,CAAC,CAAA;wBAElE,IAAI,kBAAkB,EAAE,CAAC;4BACvB,SAAQ;wBACV,CAAC;wBAED,MAAM,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAA;wBAC7D,UAAU,CAAC,IAAI,CAAC;4BACd,IAAI,EAAE,OAAO,GAAG,CAAC;4BACjB,WAAW,EAAE,KAAK,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE;4BACzC,OAAO,EAAE,eAAe,IAAI,0DAA0D;4BACtF,QAAQ,EAAE,QAAQ;yBACnB,CAAC,CAAA;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,qBAAqB;YACvB,CAAC;YAED,OAAO,UAAU,CAAA;QACnB,CAAC;KACF;CACF,CAAA;AAED,4CAA4C;AAC5C,SAAS,kBAAkB,CAAC,QAAgB,EAAE,QAAkB;IAC9D,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAA;IAEhD,OAAO,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QAC7B,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,IAAI,MAAM,CACtB,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,EAC9D,GAAG,CACJ,CAAA;YACD,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACrD,CAAC;QACD,OAAO,QAAQ,KAAK,OAAO,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;IAC3D,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,SAAgB,kBAAkB,CAChC,OAAe,EACf,QAAgB,EAChB,OAAiC;IAEjC,MAAM,eAAe,GAAoB,EAAE,CAAA;IAE3C,KAAK,MAAM,IAAI,IAAI,oBAAY,EAAE,CAAC;QAChC,IAAI,kBAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YACpD,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;YAEhD,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;gBACnC,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,UAAU,QAAQ,IAAI,SAAS,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE;oBACvD,QAAQ;oBACR,UAAU,EAAE,SAAS,CAAC,IAAI;oBAC1B,WAAW,EAAE,SAAS,CAAC,WAAW;oBAClC,QAAQ,EAAE,SAAS,CAAC,QAAQ;oBAC5B,QAAQ,EAAE,iBAAiB;oBAC3B,KAAK,EAAE,IAAI,CAAC,IAAI;oBAChB,WAAW,EAAE,SAAS,CAAC,OAAO;oBAC9B,YAAY,EAAE,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC;oBAChD,UAAU,EAAE,MAAM;oBAClB,cAAc,EAAE,eAAe;oBAC/B,KAAK,EAAE,CAAC;oBACV,MAAM,EAAE,SAAkB;iBACzB,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC;AAED,SAAS,YAAY,CAAC,QAAgB,EAAE,SAA0B;IAChE,MAAM,KAAK,GAA2B;QACpC,wBAAwB,EAAE,6DAA6D;QACvF,wCAAwC,EAAE,wEAAwE;QAClH,+BAA+B,EAAE,kEAAkE;QACnG,gCAAgC,EAAE,gEAAgE;QAClG,gCAAgC,EAAE,4EAA4E;QAC9G,8BAA8B,EAAE,kEAAkE;KACnG,CAAA;IAED,OAAO,KAAK,CAAC,QAAQ,CAAC,IAAI,2CAA2C,CAAA;AACvE,CAAC"}
|
|
1
|
+
{"version":3,"file":"config-audit.js","sourceRoot":"","sources":["../../../src/detect/secrets/config-audit.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AA4TH,gDAgCC;AAsDD,8DAqEC;AAndD,oEAAyF;AAEzF,mDAAmD;AACnD,MAAM,eAAe,GAAG,IAAI,CAAA;AAE5B,4BAA4B;AACf,QAAA,YAAY,GAAiB;IACxC,mBAAmB;IACnB;QACE,IAAI,EAAE,wBAAwB;QAC9B,YAAY,EAAE,CAAC,YAAY,EAAE,cAAc,CAAC;QAC5C,KAAK,EAAE,CAAC,OAAe,EAAqB,EAAE;YAC5C,MAAM,UAAU,GAAsB,EAAE,CAAA;YACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;YAEjC,mCAAmC;YACnC,MAAM,kBAAkB,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC3C,IAAI,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAC9C,CAAA;YAED,+BAA+B;YAC/B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC5B,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,WAAW,EAAE,CAAC;oBAC9C,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,KAAK,GAAG,CAAC;wBACf,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;wBACxB,OAAO,EAAE,wCAAwC;wBACjD,QAAQ,EAAE,MAAM;qBACjB,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC,CAAC,CAAA;YAEF,yCAAyC;YACzC,IAAI,CAAC,kBAAkB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5C,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,CAAC;oBACP,WAAW,EAAE,YAAY;oBACzB,OAAO,EAAE,mEAAmE;oBAC5E,QAAQ,EAAE,QAAQ;iBACnB,CAAC,CAAA;YACJ,CAAC;YAED,OAAO,UAAU,CAAA;QACnB,CAAC;KACF;IACD;QACE,IAAI,EAAE,wCAAwC;QAC9C,YAAY,EAAE,CAAC,YAAY,EAAE,cAAc,EAAE,oBAAoB,EAAE,qBAAqB,CAAC;QACzF,KAAK,EAAE,CAAC,OAAe,EAAqB,EAAE;YAC5C,MAAM,UAAU,GAAsB,EAAE,CAAA;YACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;YAEjC,qFAAqF;YACrF,0FAA0F;YAC1F,MAAM,mBAAmB,GAAG,6EAA6E,CAAA;YACzG,MAAM,mBAAmB,GAAG,6EAA6E,CAAA;YACzG,MAAM,oBAAoB,GAAG,+DAA+D,CAAA;YAE5F,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC5B,uBAAuB;gBACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;gBAChD,IAAI,QAAQ,EAAE,CAAC;oBACb,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAA;oBACzB,iEAAiE;oBACjE,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,mCAAmC,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;wBAClF,UAAU,CAAC,IAAI,CAAC;4BACd,IAAI,EAAE,KAAK,GAAG,CAAC;4BACf,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;4BACxB,OAAO,EAAE,uGAAuG;4BAChH,QAAQ,EAAE,QAAQ,EAAG,0EAA0E;yBAChG,CAAC,CAAA;oBACJ,CAAC;oBACD,OAAM;gBACR,CAAC;gBAED,yEAAyE;gBACzE,IAAI,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAChD,OAAM;gBACR,CAAC;gBAED,oDAAoD;gBACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;gBAChD,IAAI,QAAQ,EAAE,CAAC;oBACb,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAA;oBACzB,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBAC9B,UAAU,CAAC,IAAI,CAAC;4BACd,IAAI,EAAE,KAAK,GAAG,CAAC;4BACf,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;4BACxB,OAAO,EAAE,mDAAmD;4BAC5D,QAAQ,EAAE,MAAM;yBACjB,CAAC,CAAA;oBACJ,CAAC;oBACD,OAAM;gBACR,CAAC;gBAED,gCAAgC;gBAChC,IAAI,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAA;oBAC9C,IAAI,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBAC7C,UAAU,CAAC,IAAI,CAAC;4BACd,IAAI,EAAE,KAAK,GAAG,CAAC;4BACf,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;4BACxB,OAAO,EAAE,2DAA2D;4BACpE,QAAQ,EAAE,MAAM;yBACjB,CAAC,CAAA;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC,CAAC,CAAA;YAEF,OAAO,UAAU,CAAA;QACnB,CAAC;KACF;IACD,qBAAqB;IACrB;QACE,IAAI,EAAE,+BAA+B;QACrC,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,QAAQ,EAAE,OAAO,CAAC;QACnG,KAAK,EAAE,CAAC,OAAe,EAAqB,EAAE;YAC5C,MAAM,UAAU,GAAsB,EAAE,CAAA;YACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;YAEjC,MAAM,YAAY,GAAG;gBACnB,0DAA0D;gBAC1D,2CAA2C;gBAC3C,0BAA0B;gBAC1B,2CAA2C;gBAC3C,oCAAoC;aACrC,CAAA;YAED,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC5B,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;oBACnC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,UAAU,CAAC,IAAI,CAAC;4BACd,IAAI,EAAE,KAAK,GAAG,CAAC;4BACf,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;4BACxB,OAAO,EAAE,4DAA4D;4BACrE,QAAQ,EAAE,QAAQ;yBACnB,CAAC,CAAA;wBACF,MAAK;oBACP,CAAC;gBACH,CAAC;YACH,CAAC,CAAC,CAAA;YAEF,OAAO,UAAU,CAAA;QACnB,CAAC;KACF;IACD,kCAAkC;IAClC;QACE,IAAI,EAAE,gCAAgC;QACtC,YAAY,EAAE,CAAC,yBAAyB,EAAE,0BAA0B,CAAC;QACrE,KAAK,EAAE,CAAC,OAAe,EAAqB,EAAE;YAC5C,MAAM,UAAU,GAAsB,EAAE,CAAA;YACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;YAEjC,8CAA8C;YAC9C,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAC,CAAA;YAC3D,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAA;YAExD,IAAI,WAAW,IAAI,WAAW,EAAE,CAAC;gBAC/B,MAAM,YAAY,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CAAA;gBACzE,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,YAAY,GAAG,CAAC;oBACtB,WAAW,EAAE,KAAK,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE;oBAC9C,OAAO,EAAE,sFAAsF;oBAC/F,QAAQ,EAAE,MAAM;iBACjB,CAAC,CAAA;YACJ,CAAC;YAED,8BAA8B;YAC9B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC5B,IAAI,2BAA2B,CAAC,IAAI,CAAC,IAAI,CAAC;oBACtC,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC9C,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,KAAK,GAAG,CAAC;wBACf,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;wBACxB,OAAO,EAAE,uDAAuD;wBAChE,QAAQ,EAAE,UAAU;qBACrB,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC,CAAC,CAAA;YAEF,OAAO,UAAU,CAAA;QACnB,CAAC;KACF;IACD,0BAA0B;IAC1B;QACE,IAAI,EAAE,gCAAgC;QACtC,YAAY,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,iBAAiB,CAAC;QACrE,KAAK,EAAE,CAAC,OAAe,EAAqB,EAAE;YAC5C,MAAM,UAAU,GAAsB,EAAE,CAAA;YACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;YAEjC,0EAA0E;YAC1E,IAAI,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAAE,CAAC;gBAC1F,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAA;gBACrE,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;oBACxC,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,uBAAuB;oBAChE,OAAO,EAAE,oFAAoF;oBAC7F,QAAQ,EAAE,KAAK;iBAChB,CAAC,CAAA;YACJ,CAAC;YAED,8CAA8C;YAC9C,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC5B,IAAI,wCAAwC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACxD,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,KAAK,GAAG,CAAC;wBACf,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;wBACxB,OAAO,EAAE,oEAAoE;wBAC7E,QAAQ,EAAE,QAAQ;qBACnB,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC,CAAC,CAAA;YAEF,OAAO,UAAU,CAAA;QACnB,CAAC;KACF;IACD,wBAAwB;IACxB;QACE,IAAI,EAAE,8BAA8B;QACpC,YAAY,EAAE,CAAC,cAAc,CAAC;QAC9B,KAAK,EAAE,CAAC,OAAe,EAAqB,EAAE;YAC5C,MAAM,UAAU,GAAsB,EAAE,CAAA;YAExC,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;gBAE/B,wDAAwD;gBACxD,IAAI,GAAG,CAAC,OAAO,EAAE,WAAW,IAAI,GAAG,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC;oBACxD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;oBACjC,MAAM,UAAU,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CACrC,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC,CAC1D,CAAA;oBACD,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,UAAU,GAAG,CAAC;wBACpB,WAAW,EAAE,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE;wBAC5C,OAAO,EAAE,wEAAwE;wBACjF,QAAQ,EAAE,KAAK;qBAChB,CAAC,CAAA;gBACJ,CAAC;gBAED,kCAAkC;gBAClC,MAAM,OAAO,GAAG,EAAE,GAAG,GAAG,CAAC,YAAY,EAAE,GAAG,GAAG,CAAC,eAAe,EAAE,CAAA;gBAC/D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;gBAEjC,mEAAmE;gBACnE,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;gBAE1E,2FAA2F;gBAC3F,+EAA+E;gBAC/E,MAAM,WAAW,GAA2B,EAAE,CAAA;gBAC9C,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC3C,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC5B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;wBACnC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;oBACpD,CAAC;gBACH,CAAC;gBACD,+DAA+D;gBAC/D,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC;qBAC9C,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,kCAAkC;qBACpE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAA;gBAE9C,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtD,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;wBAC5C,mCAAmC;wBACnC,0CAA0C;wBAC1C,6EAA6E;wBAC7E,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;wBAEjE,uCAAuC;wBACvC,MAAM,kBAAkB,GACtB,CAAC,QAAQ,IAAI,QAAQ,KAAK,QAAQ,CAAC;4BACnC,CAAC,aAAa,IAAI,QAAQ,KAAK,aAAa,IAAI,OAAO,KAAK,GAAG,CAAC,CAAA;wBAElE,IAAI,kBAAkB,EAAE,CAAC;4BACvB,SAAQ;wBACV,CAAC;wBAED,MAAM,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAA;wBAC7D,UAAU,CAAC,IAAI,CAAC;4BACd,IAAI,EAAE,OAAO,GAAG,CAAC;4BACjB,WAAW,EAAE,KAAK,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE;4BACzC,OAAO,EAAE,eAAe,IAAI,0DAA0D;4BACtF,QAAQ,EAAE,QAAQ;yBACnB,CAAC,CAAA;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,qBAAqB;YACvB,CAAC;YAED,OAAO,UAAU,CAAA;QACnB,CAAC;KACF;CACF,CAAA;AAED,4CAA4C;AAC5C,SAAS,kBAAkB,CAAC,QAAgB,EAAE,QAAkB;IAC9D,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAA;IAEhD,OAAO,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QAC7B,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,IAAI,MAAM,CACtB,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,GAAG,EAC9D,GAAG,CACJ,CAAA;YACD,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACrD,CAAC;QACD,OAAO,QAAQ,KAAK,OAAO,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;IAC3D,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,SAAgB,kBAAkB,CAChC,OAAe,EACf,QAAgB,EAChB,OAAiC;IAEjC,MAAM,eAAe,GAAoB,EAAE,CAAA;IAE3C,KAAK,MAAM,IAAI,IAAI,oBAAY,EAAE,CAAC;QAChC,IAAI,kBAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YACpD,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;YAEhD,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;gBACnC,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,UAAU,QAAQ,IAAI,SAAS,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE;oBACvD,QAAQ;oBACR,UAAU,EAAE,SAAS,CAAC,IAAI;oBAC1B,WAAW,EAAE,SAAS,CAAC,WAAW;oBAClC,QAAQ,EAAE,SAAS,CAAC,QAAQ;oBAC5B,QAAQ,EAAE,iBAAiB;oBAC3B,KAAK,EAAE,IAAI,CAAC,IAAI;oBAChB,WAAW,EAAE,SAAS,CAAC,OAAO;oBAC9B,YAAY,EAAE,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC;oBAChD,UAAU,EAAE,MAAM;oBAClB,cAAc,EAAE,eAAe;oBAC/B,KAAK,EAAE,CAAC;oBACV,MAAM,EAAE,SAAkB;iBACzB,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC;AAED,SAAS,YAAY,CAAC,QAAgB,EAAE,SAA0B;IAChE,MAAM,KAAK,GAA2B;QACpC,wBAAwB,EAAE,6DAA6D;QACvF,wCAAwC,EAAE,wEAAwE;QAClH,+BAA+B,EAAE,kEAAkE;QACnG,gCAAgC,EAAE,gEAAgE;QAClG,gCAAgC,EAAE,4EAA4E;QAC9G,8BAA8B,EAAE,kEAAkE;KACnG,CAAA;IAED,OAAO,KAAK,CAAC,QAAQ,CAAC,IAAI,2CAA2C,CAAA;AACvE,CAAC;AAED,6DAA6D;AAE7D,8FAA8F;AAC9F,SAAS,yBAAyB,CAAC,WAAmB;IACpD,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAA;IAC/E,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAA;AAC3B,CAAC;AAED,4DAA4D;AAC5D,SAAS,mBAAmB,CAAC,OAAe;IAC1C,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAA;IAE9B,8CAA8C;IAC9C,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;QAClD,OAAO,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAA;IACzB,CAAC;IACD,IAAI,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QACtE,OAAO,IAAI,CAAA,CAAC,wCAAwC;IACtD,CAAC;IACD,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5F,OAAO,IAAI,CAAA,CAAC,yBAAyB;IACvC,CAAC;IAED,sEAAsE;IACtE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;IAClC,OAAO,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAA;AACzB,CAAC;AAED,SAAS,eAAe,CAAC,CAAS;IAChC,IAAI,CAAC,IAAI,OAAS;QAAE,OAAO,GAAG,CAAC,CAAC,GAAG,OAAS,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAA;IAC3D,IAAI,CAAC,IAAI,IAAK;QAAE,OAAO,GAAG,CAAC,CAAC,GAAG,IAAK,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAA;IACnD,OAAO,GAAG,CAAC,EAAE,CAAA;AACf,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,yBAAyB,CAC7C,QAAyB;IAEzB,MAAM,MAAM,GAAoB,EAAE,CAAA;IAElC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,mDAAmD;QACnD,IAAI,OAAO,CAAC,QAAQ,KAAK,iBAAiB;YACtC,CAAC,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;YACrD,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;YACpB,SAAQ;QACV,CAAC;QAED,kDAAkD;QAClD,MAAM,OAAO,GAAG,yBAAyB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAA;QAC9D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;YACpB,SAAQ;QACV,CAAC;QAED,8CAA8C;QAC9C,MAAM,YAAY,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAA;QAEjD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,QAAQ,GAAG,MAAM,IAAA,mCAAgB,EAAC,YAAY,CAAC,CAAA;YAErD,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,eAAe,GAAG,QAAQ,CAAC,SAAS,EAAE,MAAM,IAAI,CAAC,CAAA;gBACvD,MAAM,OAAO,GAAG,IAAA,0CAAuB,EAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;gBAE/D,6CAA6C;gBAC7C,IAAI,eAAe,IAAI,OAAS,IAAI,OAAO,IAAI,GAAG,EAAE,CAAC;oBACnD,SAAQ,CAAC,6BAA6B;gBACxC,CAAC;gBAED,qCAAqC;gBACrC,IAAI,eAAe,IAAI,MAAO,IAAI,OAAO,IAAI,GAAG,EAAE,CAAC;oBACjD,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAA;oBACzB,OAAO,CAAC,WAAW,GAAG,qBAAqB,OAAO,MAAM,YAAY,KAAK,eAAe,CAAC,eAAe,CAAC,UAAU,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,GAAG,CAAC,cAAc,CAAA;oBAC1J,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;oBACpB,SAAQ;gBACV,CAAC;gBAED,uBAAuB;gBACvB,IAAI,eAAe,IAAI,KAAM,IAAI,OAAO,IAAI,EAAE,EAAE,CAAC;oBAC/C,OAAO,CAAC,QAAQ,GAAG,KAAK,CAAA;oBACxB,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;oBACpB,SAAQ;gBACV,CAAC;gBAED,wCAAwC;gBACxC,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAA;gBAC3B,OAAO,CAAC,WAAW,GAAG,qBAAqB,OAAO,OAAO,YAAY,aAAa,eAAe,CAAC,eAAe,CAAC,sBAAsB,OAAO,+BAA+B,CAAA;gBAC9K,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;gBACpB,SAAQ;YACV,CAAC;iBAAM,CAAC;gBACN,sCAAsC;gBACtC,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAA;gBACzB,OAAO,CAAC,WAAW,GAAG,qBAAqB,OAAO,QAAQ,YAAY,0DAA0D,CAAA;gBAChI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;gBACpB,SAAQ;YACV,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACtB,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC"}
|
|
@@ -13,7 +13,7 @@ export interface ScanOptions {
|
|
|
13
13
|
branch?: string;
|
|
14
14
|
/** Scan mode configuration (full vs incremental) */
|
|
15
15
|
scanMode?: ScanMode | ScanModeConfig;
|
|
16
|
-
/** Scan depth (
|
|
16
|
+
/** Scan depth (local/verified/deep) - controls AI usage */
|
|
17
17
|
scanDepth?: ScanDepth;
|
|
18
18
|
/** Suppress console.log output (for interactive CLI mode) */
|
|
19
19
|
quiet?: boolean;
|
|
@@ -25,6 +25,8 @@ export interface ScanOptions {
|
|
|
25
25
|
showSuppressed?: boolean;
|
|
26
26
|
/** Include filter audit trail in output (for debugging/explaining dismissals) */
|
|
27
27
|
includeFilterAudit?: boolean;
|
|
28
|
+
/** Enable live dependency auditing (OSV advisories, package checks, postinstall enrichment). Pro/Max only. */
|
|
29
|
+
enableDependencyChecks?: boolean;
|
|
28
30
|
}
|
|
29
31
|
/**
|
|
30
32
|
* Resolve scan mode configuration from options
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/pipeline/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EACV,QAAQ,EACR,cAAc,EACd,SAAS,EACT,iBAAiB,EAElB,MAAM,iBAAiB,CAAA;AAGxB,MAAM,WAAW,WAAW;IAC1B,gDAAgD;IAChD,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,4BAA4B;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,2BAA2B;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,oDAAoD;IACpD,QAAQ,CAAC,EAAE,QAAQ,GAAG,cAAc,CAAA;IACpC,
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/pipeline/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EACV,QAAQ,EACR,cAAc,EACd,SAAS,EACT,iBAAiB,EAElB,MAAM,iBAAiB,CAAA;AAGxB,MAAM,WAAW,WAAW;IAC1B,gDAAgD;IAChD,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,4BAA4B;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,2BAA2B;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,oDAAoD;IACpD,QAAQ,CAAC,EAAE,QAAQ,GAAG,cAAc,CAAA;IACpC,2DAA2D;IAC3D,SAAS,CAAC,EAAE,SAAS,CAAA;IACrB,6DAA6D;IAC7D,KAAK,CAAC,EAAE,OAAO,CAAA;IACf,uDAAuD;IACvD,iBAAiB,CAAC,EAAE,iBAAiB,CAAA;IACrC,oEAAoE;IACpE,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,oEAAoE;IACpE,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,iFAAiF;IACjF,kBAAkB,CAAC,EAAE,OAAO,CAAA;IAC5B,8GAA8G;IAC9G,sBAAsB,CAAC,EAAE,OAAO,CAAA;CACjC;AAED;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,WAAW,GAAG,cAAc,CAiC1E"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/pipeline/config.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/pipeline/config.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AA6CH,sDAiCC;AArED,2CAAoD;AA2BpD;;;;;;;;GAQG;AACH,SAAgB,qBAAqB,CAAC,OAAoB;IACxD,MAAM,cAAc,GAAG,OAAO,CAAC,QAAQ,CAAA;IAEvC,sBAAsB;IACtB,MAAM,IAAI,GAAa,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM;QAC7C,CAAC,CAAC,OAAO,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc;YACrD,CAAC,CAAC,cAAc,CAAC,IAAI,CAAA;IAEvB,MAAM,QAAQ,GAAG,0BAAkB,CAAC,IAAI,CAAC,CAAA;IAEzC,kDAAkD;IAClD,IAAI,MAAM,GAAmB;QAC3B,GAAG,QAAQ;QACX,IAAI;QACJ,GAAG,CAAC,OAAO,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9D,CAAA;IAED,sCAAsC;IACtC,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAA;IAC1C,MAAM,CAAC,SAAS,GAAG,KAAK,CAAA;IAExB,wEAAwE;IACxE,MAAM,iBAAiB,GAAG,OAAO,cAAc,KAAK,QAAQ,IAAI,cAAc,CAAC,gBAAgB,KAAK,SAAS,CAAA;IAC7G,MAAM,iBAAiB,GAAG,OAAO,cAAc,KAAK,QAAQ,IAAI,cAAc,CAAC,UAAU,KAAK,SAAS,CAAA;IAEvG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,MAAM,CAAC,gBAAgB,GAAG,KAAK,KAAK,OAAO,CAAA;IAC7C,CAAC;IACD,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,MAAM,CAAC,UAAU,GAAG,KAAK,KAAK,MAAM,CAAA;IACtC,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/pipeline/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,KAAK,EACV,QAAQ,EACR,UAAU,EAGV,gBAAgB,EACjB,MAAM,iBAAiB,CAAA;AACxB,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/pipeline/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,KAAK,EACV,QAAQ,EACR,UAAU,EAGV,gBAAgB,EACjB,MAAM,iBAAiB,CAAA;AACxB,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAA;AAuB3C,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,UAAU,CAAA;AAE3C;;;;;;GAMG;AACH,wBAAsB,OAAO,CAC3B,KAAK,EAAE,QAAQ,EAAE,EACjB,QAAQ,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,EACvD,OAAO,GAAE,WAAgB,EACzB,UAAU,CAAC,EAAE,gBAAgB,GAC5B,OAAO,CAAC,UAAU,CAAC,CA4YrB"}
|
package/dist/pipeline/index.js
CHANGED
|
@@ -34,6 +34,9 @@ const pipeline_1 = require("../postprocess/filtering/pipeline");
|
|
|
34
34
|
const summary_1 = require("../report/summary");
|
|
35
35
|
const dedup_1 = require("../postprocess/dedup");
|
|
36
36
|
const contradictions_1 = require("../postprocess/contradictions");
|
|
37
|
+
const config_audit_1 = require("../detect/secrets/config-audit");
|
|
38
|
+
const osv_check_1 = require("../detect/config/osv-check");
|
|
39
|
+
const package_check_1 = require("../detect/config/package-check");
|
|
37
40
|
/**
|
|
38
41
|
* Run a complete security scan on the provided files
|
|
39
42
|
*
|
|
@@ -142,12 +145,30 @@ async function runScan(files, repoInfo, options = {}, onProgress) {
|
|
|
142
145
|
const phaseTiming = {
|
|
143
146
|
...detectorOutput.phaseTiming,
|
|
144
147
|
};
|
|
148
|
+
// ===== Dependency Auditing (Pro/Max only) =====
|
|
149
|
+
const enableDepChecks = (options.enableDependencyChecks ?? false) && depth !== 'local';
|
|
150
|
+
let enrichedPostinstallFindings = detectorOutput.findings;
|
|
151
|
+
if (enableDepChecks) {
|
|
152
|
+
// 1. Check for known vulnerabilities via OSV.dev
|
|
153
|
+
// 2. Check for hallucinated/typosquatted packages
|
|
154
|
+
for (const file of files) {
|
|
155
|
+
const osvFindings = await (0, osv_check_1.checkPackageAdvisories)(file.content, file.path);
|
|
156
|
+
const pkgFindings = await (0, package_check_1.checkPackages)(file.content, file.path);
|
|
157
|
+
enrichedPostinstallFindings.push(...osvFindings, ...pkgFindings);
|
|
158
|
+
}
|
|
159
|
+
// 3. Enrich postinstall findings with npm registry data
|
|
160
|
+
enrichedPostinstallFindings = await (0, config_audit_1.enrichPostinstallFindings)(enrichedPostinstallFindings);
|
|
161
|
+
log(`[DepAudit] repo=${repoInfo.name} osv+pkg checks completed`);
|
|
162
|
+
}
|
|
163
|
+
else if (depth !== 'local') {
|
|
164
|
+
log(`[DepAudit] repo=${repoInfo.name} skipped=true reason=tier_gated`);
|
|
165
|
+
}
|
|
145
166
|
// ===== Aggregate Noisy Findings =====
|
|
146
|
-
const beforeAggregationCount =
|
|
147
|
-
const aggregatedFindings = (0, aggregation_1.aggregateNoisyFindings)(
|
|
167
|
+
const beforeAggregationCount = enrichedPostinstallFindings.length;
|
|
168
|
+
const aggregatedFindings = (0, aggregation_1.aggregateNoisyFindings)(enrichedPostinstallFindings);
|
|
148
169
|
if (filterPipeline.isEnabled) {
|
|
149
170
|
const afterIds = new Set(aggregatedFindings.map(fid));
|
|
150
|
-
for (const v of
|
|
171
|
+
for (const v of enrichedPostinstallFindings) {
|
|
151
172
|
if (!afterIds.has(fid(v))) {
|
|
152
173
|
filterPipeline.record(fid(v), { stage: 'noisy_aggregation', action: 'aggregated', reason: 'Aggregated noisy finding (3+ similar per file)' });
|
|
153
174
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/pipeline/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;GAiBG;;AAsCH,0BA6XC;AAzZD,qCAAgD;AAChD,8DAAuD;AACvD,oCAA4C;AAC5C,sCAAwC;AACxC,4DAAmE;AACnE,qDAAyD;AACzD,oCAAiE;AAGjE,kEAA8E;AAC9E,0CAA0E;AAC1E,gDAAoD;AACpD,yDAAwD;AACxD,gEAAkE;AAClE,+CAAgG;AAChG,gDAAiE;AACjE,kEAAqE;AAKrE;;;;;;GAMG;AACI,KAAK,UAAU,OAAO,CAC3B,KAAiB,EACjB,QAAuD,EACvD,UAAuB,EAAE,EACzB,UAA6B;IAE7B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IAC5B,MAAM,kBAAkB,GAAoB,EAAE,CAAA;IAE9C,sDAAsD;IACtD,MAAM,cAAc,GAAG,IAAI,yBAAc,CAAC,OAAO,CAAC,kBAAkB,IAAI,KAAK,CAAC,CAAA;IAC9E,MAAM,GAAG,GAAG,CAAC,CAA8D,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAA;IAE7H,kCAAkC;IAClC,MAAM,cAAc,GAAG,IAAA,8BAAqB,EAAC,OAAO,CAAC,CAAA;IACrD,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,KAAK,aAAa,CAAA;IAC3D,MAAM,KAAK,GAAG,cAAc,CAAC,SAAS,IAAI,OAAO,CAAA;IACjD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,KAAK,CAAA;IACpC,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAA;IAEnD,iFAAiF;IACjF,MAAM,GAAG,GAAG,CAAC,OAAe,EAAE,EAAE;QAC9B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACtB,CAAC;IACH,CAAC,CAAA;IAED,sDAAsD;IACtD,MAAM,cAAc,GAAG,GAAG,EAAE;QAC1B,IAAI,iBAAiB,EAAE,SAAS,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,mBAAmB,iBAAiB,CAAC,MAAM,IAAI,gBAAgB,EAAE,CAAC,CAAA;QACpF,CAAC;IACH,CAAC,CAAA;IAED,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,SAAS,cAAc,CAAC,IAAI,UAAU,KAAK,UAAU,KAAK,CAAC,MAAM,EAAE,CAAC,CAAA;IACvG,IAAI,aAAa,IAAI,cAAc,CAAC,YAAY,EAAE,CAAC;QACjD,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,sBAAsB,cAAc,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAA;IAChG,CAAC;IAED,qEAAqE;IACrE,MAAM,eAAe,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,IAAA,8BAAY,EAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAA;IACtE,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;QACxB,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAA,8BAAY,EAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;QAChD,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,yBAAyB,eAAe,oBAAoB,KAAK,CAAC,MAAM,EAAE,CAAC,CAAA;IAChH,CAAC;IAED,yBAAyB;IACzB,MAAM,cAAc,GAAG,CACrB,MAA8B,EAC9B,OAAe,EACf,uBAA+B,kBAAkB,CAAC,MAAM,EACxD,EAAE;QACF,IAAI,UAAU,EAAE,CAAC;YACf,UAAU,CAAC;gBACT,MAAM;gBACN,OAAO;gBACP,cAAc,EAAE,KAAK,CAAC,MAAM;gBAC5B,UAAU,EAAE,KAAK,CAAC,MAAM;gBACxB,oBAAoB;aACrB,CAAC,CAAA;QACJ,CAAC;IACH,CAAC,CAAA;IAED,8EAA8E;IAC9E,MAAM,UAAU,GAAG,aAAa,IAAI,cAAc,CAAC,YAAY;QAC7D,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,YAAa,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;QACxG,CAAC,CAAC,KAAK,CAAA;IAET,8DAA8D;IAC9D,IAAI,gBAAsF,CAAA;IAC1F,IAAI,uBAAoD,CAAA;IAExD,IAAI,CAAC;QACH,cAAc,EAAE,CAAA;QAEhB,kCAAkC;QAClC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAC7B,MAAM,KAAK,GAAG,IAAA,yBAAiB,EAAC,KAAK,CAAC,CAAA;QACtC,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAA;QAC7C,gBAAgB,GAAG,KAAK,CAAC,gBAAgB,CAAA;QAEzC,GAAG,CAAC,gBAAgB,QAAQ,CAAC,IAAI,mBAAmB,aAAa,qBAAqB,KAAK,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,CAAA;QAEpH,IAAI,KAAK,CAAC,gBAAgB,CAAC,iBAAiB,EAAE,CAAC;YAC7C,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,oBAAoB,KAAK,CAAC,gBAAgB,CAAC,QAAQ,IAAI,SAAS,SAAS,KAAK,CAAC,gBAAgB,CAAC,cAAc,EAAE,CAAC,CAAA;QACtJ,CAAC;QAED,MAAM,qBAAqB,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAA;QAC/G,IAAI,qBAAqB,GAAG,CAAC,EAAE,CAAC;YAC9B,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,6BAA6B,qBAAqB,EAAE,CAAC,CAAA;QAC1F,CAAC;QAED,4BAA4B;QAC5B,MAAM,EAAE,GAAG,KAAK,CAAC,UAAU,CAAA;QAC3B,IAAI,EAAE,CAAC,WAAW,GAAG,CAAC,EAAE,CAAC;YACvB,GAAG,CAAC,iBAAiB,QAAQ,CAAC,IAAI,UAAU,EAAE,CAAC,WAAW,WAAW,EAAE,CAAC,YAAY,WAAW,EAAE,CAAC,YAAY,gBAAgB,EAAE,CAAC,iBAAiB,eAAe,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,QAAQ,IAAI,CAAC,CAAA;QAC/N,CAAC;QAED,2BAA2B;QAC3B,MAAM,EAAE,GAAG,KAAK,CAAC,UAAU,CAAA;QAC3B,GAAG,CAAC,gBAAgB,QAAQ,CAAC,IAAI,mBAAmB,EAAE,CAAC,aAAa,uBAAuB,EAAE,CAAC,gBAAgB,2BAA2B,EAAE,CAAC,mBAAmB,aAAa,EAAE,CAAC,QAAQ,IAAI,CAAC,CAAA;QAC5L,IAAI,EAAE,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC;YACxB,GAAG,CAAC,gBAAgB,QAAQ,CAAC,IAAI,YAAY,EAAE,CAAC,YAAY,iBAAiB,EAAE,CAAC,gBAAgB,gBAAgB,EAAE,CAAC,eAAe,iBAAiB,EAAE,CAAC,gBAAgB,cAAc,EAAE,CAAC,cAAc,gBAAgB,EAAE,CAAC,eAAe,EAAE,CAAC,CAAA;YAC1O,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,mBAAmB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YACrG,IAAI,eAAe;gBAAE,GAAG,CAAC,gBAAgB,QAAQ,CAAC,IAAI,kBAAkB,eAAe,GAAG,CAAC,CAAA;YAC3F,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,iBAAiB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YACjG,IAAI,aAAa;gBAAE,GAAG,CAAC,gBAAgB,QAAQ,CAAC,IAAI,gBAAgB,aAAa,GAAG,CAAC,CAAA;QACvF,CAAC;QAED,cAAc,EAAE,CAAA;QAEhB,gDAAgD;QAChD,MAAM,cAAc,GAAG,MAAM,IAAA,qBAAY,EAAC;YACxC,KAAK;YACL,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;YACxC,eAAe,EAAE,KAAK,CAAC,eAAe;YACtC,eAAe,EAAE,KAAK,CAAC,eAAe;YACtC,UAAU;YACV,iBAAiB;YACjB,cAAc;YACd,QAAQ,EAAE,QAAQ,CAAC,IAAI;YACvB,KAAK;SACN,CAAC,CAAA;QAEF,MAAM,WAAW,GAAiF;YAChG,GAAG,cAAc,CAAC,WAAW;SAC9B,CAAA;QAED,uCAAuC;QACvC,MAAM,sBAAsB,GAAG,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAA;QAC7D,MAAM,kBAAkB,GAAG,IAAA,oCAAsB,EAAC,cAAc,CAAC,QAAQ,CAAC,CAAA;QAC1E,IAAI,cAAc,CAAC,SAAS,EAAE,CAAC;YAC7B,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAA;YACrD,KAAK,MAAM,CAAC,IAAI,cAAc,CAAC,QAAQ,EAAE,CAAC;gBACxC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC1B,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,gDAAgD,EAAE,CAAC,CAAA;gBAC/I,CAAC;YACH,CAAC;QACH,CAAC;QAED,mCAAmC;QACnC,MAAM,gBAAgB,GAAG,IAAA,+BAAkB,EAAC,kBAAkB,EAAE,KAAK,CAAC,aAAa,CAAC,cAAc,CAAC,CAAA;QAEnG,iCAAiC;QACjC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,kBAAkB,EAAE,GAAG,IAAA,qBAAa,EAAC,gBAAgB,EAAE,KAAK,EAAE,KAAK,CAAC,aAAa,CAAC,CAAA;QAE/H,uCAAuC;QACvC,MAAM,SAAS,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,OAAO,KAAK,SAAS,CAAC,CAAA;QACtF,MAAM,UAAU,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,OAAO,KAAK,UAAU,CAAC,CAAA;QACxF,MAAM,UAAU,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,OAAO,KAAK,UAAU,CAAC,CAAA;QAExF,GAAG,CAAC,qBAAqB,QAAQ,CAAC,IAAI,UAAU,KAAK,qBAAqB,SAAS,CAAC,MAAM,aAAa,UAAU,CAAC,MAAM,aAAa,UAAU,CAAC,MAAM,EAAE,CAAC,CAAA;QAEzJ,0BAA0B;QAC1B,MAAM,IAAI,GAAG,kBAAkB,CAAC,iBAAiB,CAAA;QACjD,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,gCAAgC,IAAI,CAAC,SAAS,CAAC,cAAc,IAAI,CAAC,SAAS,CAAC,cAAc,IAAI,CAAC,SAAS,CAAC,cAAc,IAAI,CAAC,SAAS,CAAC,cAAc,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;QACzM,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,aAAa,CAAC;aAC9D,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC;aAC7B,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC;aAC1C,IAAI,CAAC,GAAG,CAAC,CAAA;QACZ,IAAI,QAAQ;YAAE,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,eAAe,QAAQ,GAAG,CAAC,CAAA;QAC5E,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,aAAa,CAAC;aAC/D,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC;aAC1C,IAAI,CAAC,GAAG,CAAC,CAAA;QACZ,IAAI,SAAS;YAAE,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,qBAAqB,SAAS,GAAG,CAAC,CAAA;QACpF,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,iBAAiB,CAAC;aACnE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC;aACrC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,GAAG,CAAC;aAC7D,IAAI,CAAC,GAAG,CAAC,CAAA;QACZ,IAAI,SAAS;YAAE,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,yBAAyB,SAAS,GAAG,CAAC,CAAA;QAExF,gDAAgD;QAChD,IAAI,cAAc,CAAC,SAAS,EAAE,CAAC;YAC7B,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;gBAC3B,MAAM,iBAAiB,GAAG,CAAC,CAAC,gBAAgB,CAAC,WAAW;qBACrD,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;qBACvE,IAAI,CAAC,IAAI,CAAC,CAAA;gBACb,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;oBAC5B,KAAK,EAAE,oBAAoB;oBAC3B,MAAM,EAAE,WAAW;oBACnB,MAAM,EAAE,mCAAmC,CAAC,CAAC,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,iBAAiB,IAAI,cAAc,EAAE;iBAC1H,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,MAAM,kBAAkB,GAAG,cAAc,CAAC,oBAAoB,IAAI,EAAE,CAAA;QACpE,MAAM,gBAAgB,GAAG,IAAA,+CAA8B,EAAC,UAAU,EAAE,kBAAkB,CAAC,CAAA;QAEvF,cAAc,EAAE,CAAA;QAEhB,4BAA4B;QAC5B,IAAI,iBAAiB,GAAoB,gBAAgB,CAAA;QACzD,MAAM,cAAc,GAAG,OAAO,CAAC,QAAQ,KAAK,KAAK,IAAI,CAAC,cAAc,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAA;QAEpH,IAAI,cAAc,EAAE,CAAC;YACnB,cAAc,EAAE,CAAA;YAChB,MAAM,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;YACpC,cAAc,CAAC,YAAY,EAAE,2DAA2D,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAA;YAElH,iEAAiE;YACjE,MAAM,kBAAkB,GAAG,aAAa,IAAI,cAAc,CAAC,YAAY;gBACrE,CAAC,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,YAAa,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC3H,CAAC,CAAC,gBAAgB,CAAA;YAEpB,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClC,MAAM,gBAAgB,GAAG,MAAM,IAAA,iCAAsB,EACnD,kBAAkB,EAClB,UAAU,EACV,KAAK,CAAC,aAAa,EACnB,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACxB,UAAU,CAAC;wBACT,MAAM,EAAE,YAAY;wBACpB,OAAO,EAAE,QAAQ,CAAC,MAAM;wBACxB,cAAc,EAAE,QAAQ,CAAC,cAAc;wBACvC,UAAU,EAAE,QAAQ,CAAC,UAAU;wBAC/B,oBAAoB,EAAE,kBAAkB,CAAC,MAAM;qBAChD,CAAC,CAAA;gBACJ,CAAC,CAAC,CAAC,CAAC,SAAS,CACd,CAAA;gBACD,iBAAiB,GAAG,gBAAgB,CAAC,eAAe,CAAA;gBACpD,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,GAAG,gBAAgB,CAAA;gBACnD,uBAAuB,GAAG,eAAe,CAAA;gBACzC,WAAW,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,iBAAiB,CAAA;gBAEzD,IAAI,cAAc,CAAC,SAAS,EAAE,CAAC;oBAC7B,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAA;oBACxD,KAAK,MAAM,CAAC,IAAI,kBAAkB,EAAE,CAAC;wBACnC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;4BAC9B,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,4BAA4B,EAAE,CAAC,CAAA;wBACtH,CAAC;oBACH,CAAC;oBACD,KAAK,MAAM,CAAC,IAAI,iBAAiB,EAAE,CAAC;wBAClC,IAAI,CAAC,CAAC,eAAe,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;4BAC1D,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC,CAAC,eAAe,IAAI,6BAA6B,EAAE,gBAAgB,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;wBACnM,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,GAAG,CAAC,wBAAwB,QAAQ,CAAC,IAAI,UAAU,KAAK,aAAa,WAAW,CAAC,YAAY,iBAAiB,kBAAkB,CAAC,MAAM,SAAS,eAAe,CAAC,iBAAiB,aAAa,eAAe,CAAC,iBAAiB,eAAe,eAAe,CAAC,kBAAkB,EAAE,CAAC,CAAA;gBACnR,GAAG,CAAC,+CAA+C,eAAe,CAAC,oBAAoB,kBAAkB,eAAe,CAAC,qBAAqB,UAAU,eAAe,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,eAAe,CAAC,QAAQ,EAAE,CAAC,CAAA;gBAEzO,uCAAuC;gBACvC,MAAM,iBAAiB,GAA2B,EAAE,CAAA;gBACpD,MAAM,YAAY,GAA2B,EAAE,CAAA;gBAC/C,MAAM,gBAAgB,GAA2B,EAAE,CAAA;gBACnD,MAAM,kBAAkB,GAA2B,EAAE,CAAA;gBACrD,KAAK,MAAM,CAAC,IAAI,kBAAkB,EAAE,CAAC;oBACnC,iBAAiB,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;gBAC1E,CAAC;gBACD,KAAK,MAAM,CAAC,IAAI,iBAAiB,EAAE,CAAC;oBAClC,IAAI,CAAC,CAAC,gBAAgB,KAAK,WAAW,EAAE,CAAC;wBACvC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;oBAChE,CAAC;yBAAM,IAAI,CAAC,CAAC,gBAAgB,KAAK,YAAY,EAAE,CAAC;wBAC/C,kBAAkB,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;oBAC5E,CAAC;gBACH,CAAC;gBACD,KAAK,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBACjE,MAAM,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAA;oBACtE,gBAAgB,CAAC,GAAG,CAAC,GAAG,SAAS,GAAG,IAAI,CAAA;gBAC1C,CAAC;gBACD,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBACnJ,IAAI,YAAY;oBAAE,GAAG,CAAC,wBAAwB,QAAQ,CAAC,IAAI,0BAA0B,YAAY,GAAG,CAAC,CAAA;gBACrG,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBAChJ,IAAI,aAAa;oBAAE,GAAG,CAAC,wBAAwB,QAAQ,CAAC,IAAI,2BAA2B,aAAa,GAAG,CAAC,CAAA;gBACxG,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBACpJ,IAAI,WAAW;oBAAE,GAAG,CAAC,wBAAwB,QAAQ,CAAC,IAAI,4BAA4B,WAAW,GAAG,CAAC,CAAA;gBAErG,kEAAkE;gBAClE,MAAM,YAAY,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBAC3F,GAAG,CAAC;oBACJ,aAAa,EAAE,KAAK;oBACpB,gBAAgB,EAAE,eAAwB;oBAC1C,eAAe,EAAE,gEAAgE;iBAClF,CAAC,CAAC,CAAA;gBACH,iBAAiB,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAA;YACzC,CAAC;QACH,CAAC;aAAM,IAAI,cAAc,CAAC,gBAAgB,EAAE,CAAC;YAC3C,GAAG,CAAC,wBAAwB,QAAQ,CAAC,IAAI,UAAU,KAAK,uEAAuE,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAA;YACzJ,iBAAiB,GAAG,EAAE,CAAA;QACxB,CAAC;QAED,2CAA2C;QAC3C,kBAAkB,CAAC,IAAI,CAAC,GAAG,iBAAiB,EAAE,GAAG,SAAS,CAAC,CAAA;QAE3D,2EAA2E;QAC3E,IAAI,cAAc,CAAC,UAAU,EAAE,CAAC;YAC9B,GAAG,CAAC,iBAAiB,QAAQ,CAAC,IAAI,UAAU,KAAK,uCAAuC,CAAC,CAAA;QAC3F,CAAC;QAED,2BAA2B;QAC3B,MAAM,UAAU,GAAuC;YACrD,KAAK,EAAE,aAAa;YACpB,GAAG,WAAW;SACf,CAAA;QACD,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;aAC9C,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,KAAK,SAAS,CAAC;aACpC,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,IAAI,EAAE,IAAI,CAAC;aACxC,IAAI,CAAC,GAAG,CAAC,CAAA;QACZ,IAAI,cAAc,EAAE,CAAC;YACnB,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,kBAAkB,cAAc,EAAE,CAAC,CAAA;QACxE,CAAC;QAED,mCAAmC;QACnC,MAAM,aAAa,GAAG,IAAA,iCAAmB,EAAC;YACxC,QAAQ,EAAE,kBAAkB;YAC5B,KAAK;YACL,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;YACxC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,cAAc;YACd,cAAc,EAAE,OAAO,CAAC,cAAc;SACvC,CAAC,CAAA;QAEF,+CAA+C;QAC/C,IAAI,aAAa,CAAC,iBAAiB,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,aAAa,CAAC,iBAAiB,CAAC,mBAAmB,GAAG,CAAC,EAAE,CAAC;YACrH,GAAG,CAAC,sBAAsB,QAAQ,CAAC,IAAI,eAAe,aAAa,CAAC,iBAAiB,CAAC,UAAU,CAAC,MAAM,YAAY,aAAa,CAAC,iBAAiB,CAAC,KAAK,CAAC,gBAAgB,mBAAmB,aAAa,CAAC,iBAAiB,CAAC,KAAK,CAAC,uBAAuB,gBAAgB,aAAa,CAAC,iBAAiB,CAAC,KAAK,CAAC,oBAAoB,aAAa,aAAa,CAAC,iBAAiB,CAAC,mBAAmB,EAAE,CAAC,CAAA;QACxY,CAAC;QAED,cAAc,CAAC,UAAU,EAAE,gBAAgB,EAAE,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QAE3E,sCAAsC;QACtC,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAA;QAC5C,MAAM,WAAW,GAAG;YAClB,OAAO,sBAAsB,EAAE;YAC/B,cAAc,kBAAkB,CAAC,MAAM,EAAE;YACzC,UAAU,cAAc,CAAC,MAAM,EAAE;YACjC,WAAW,SAAS,CAAC,MAAM,EAAE;YAC7B,YAAY,UAAU,CAAC,MAAM,EAAE;YAC/B,YAAY,UAAU,CAAC,MAAM,EAAE;SAChC,CAAA;QACD,IAAI,cAAc,IAAI,uBAAuB,EAAE,CAAC;YAC9C,WAAW,CAAC,IAAI,CAAC,WAAW,uBAAuB,CAAC,iBAAiB,GAAG,uBAAuB,CAAC,kBAAkB,EAAE,CAAC,CAAA;YACrH,WAAW,CAAC,IAAI,CAAC,eAAe,uBAAuB,CAAC,iBAAiB,EAAE,CAAC,CAAA;QAC9E,CAAC;QACD,WAAW,CAAC,IAAI,CAAC,iBAAiB,aAAa,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;QAClE,GAAG,CAAC,iBAAiB,QAAQ,CAAC,IAAI,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;QAChE,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,mBAAmB,aAAa,YAAY,KAAK,CAAC,MAAM,mBAAmB,aAAa,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;QAE9I,iCAAiC;QACjC,OAAO,IAAA,8BAAe,EAAC;YACrB,QAAQ;YACR,KAAK;YACL,QAAQ,EAAE,aAAa,CAAC,QAAQ;YAChC,iBAAiB,EAAE,aAAa,CAAC,iBAAiB;YAClD,SAAS;YACT,eAAe,EAAE,uBAAuB;YACxC,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,cAAc;SACf,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,iBAAiB,EAAE,SAAS,EAAE,CAAC;YACjC,yCAAyC;YACzC,cAAc,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAA;YAE1C,0BAA0B;YAC1B,MAAM,qBAAqB,GAAG,IAAA,kCAA0B,EAAC,kBAAkB,CAAC,CAAA;YAC5E,MAAM,uBAAuB,GAAG,IAAA,sCAAqB,EAAC,qBAAqB,EAAE,gBAAgB,CAAC,CAAA;YAC9F,MAAM,qBAAqB,GAAG,IAAA,wBAAc,EAAC,uBAAuB,CAAC,CAAA;YACrE,MAAM,cAAc,GAAG,IAAA,+BAAqB,EAAC,qBAAqB,CAAC,CAAA;YACnE,MAAM,cAAc,GAAG,IAAA,+BAAqB,EAAC,qBAAqB,CAAC,CAAA;YAEnE,OAAO;gBACL,QAAQ,EAAE,QAAQ,CAAC,IAAI;gBACvB,OAAO,EAAE,QAAQ,CAAC,GAAG;gBACrB,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,YAAY,EAAE,KAAK,CAAC,MAAM;gBAC1B,YAAY,EAAE,CAAC;gBACf,eAAe,EAAE,qBAAqB;gBACtC,cAAc;gBACd,cAAc;gBACd,iBAAiB,EAAE,KAAK,EAAE,iCAAiC;gBAC3D,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBACpC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,eAAe,EAAE,uBAAuB;gBACxC,SAAS,EAAE,IAAI;gBACf,YAAY,EAAE,iBAAiB,CAAC,MAAM;aACvC,CAAA;QACH,CAAC;QAED,cAAc,CAAC,QAAQ,EAAE,gBAAgB,KAAK,EAAE,CAAC,CAAA;QACjD,MAAM,KAAK,CAAA;IACb,CAAC;AACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/pipeline/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;GAiBG;;AAyCH,0BAiZC;AAhbD,qCAAgD;AAChD,8DAAuD;AACvD,oCAA4C;AAC5C,sCAAwC;AACxC,4DAAmE;AACnE,qDAAyD;AACzD,oCAAiE;AAGjE,kEAA8E;AAC9E,0CAA0E;AAC1E,gDAAoD;AACpD,yDAAwD;AACxD,gEAAkE;AAClE,+CAAgG;AAChG,gDAAiE;AACjE,kEAAqE;AACrE,iEAA0E;AAC1E,0DAAmE;AACnE,kEAA8D;AAK9D;;;;;;GAMG;AACI,KAAK,UAAU,OAAO,CAC3B,KAAiB,EACjB,QAAuD,EACvD,UAAuB,EAAE,EACzB,UAA6B;IAE7B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IAC5B,MAAM,kBAAkB,GAAoB,EAAE,CAAA;IAE9C,sDAAsD;IACtD,MAAM,cAAc,GAAG,IAAI,yBAAc,CAAC,OAAO,CAAC,kBAAkB,IAAI,KAAK,CAAC,CAAA;IAC9E,MAAM,GAAG,GAAG,CAAC,CAA8D,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAA;IAE7H,kCAAkC;IAClC,MAAM,cAAc,GAAG,IAAA,8BAAqB,EAAC,OAAO,CAAC,CAAA;IACrD,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,KAAK,aAAa,CAAA;IAC3D,MAAM,KAAK,GAAG,cAAc,CAAC,SAAS,IAAI,OAAO,CAAA;IACjD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,KAAK,CAAA;IACpC,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAA;IAEnD,iFAAiF;IACjF,MAAM,GAAG,GAAG,CAAC,OAAe,EAAE,EAAE;QAC9B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACtB,CAAC;IACH,CAAC,CAAA;IAED,sDAAsD;IACtD,MAAM,cAAc,GAAG,GAAG,EAAE;QAC1B,IAAI,iBAAiB,EAAE,SAAS,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,mBAAmB,iBAAiB,CAAC,MAAM,IAAI,gBAAgB,EAAE,CAAC,CAAA;QACpF,CAAC;IACH,CAAC,CAAA;IAED,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,SAAS,cAAc,CAAC,IAAI,UAAU,KAAK,UAAU,KAAK,CAAC,MAAM,EAAE,CAAC,CAAA;IACvG,IAAI,aAAa,IAAI,cAAc,CAAC,YAAY,EAAE,CAAC;QACjD,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,sBAAsB,cAAc,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAA;IAChG,CAAC;IAED,qEAAqE;IACrE,MAAM,eAAe,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,IAAA,8BAAY,EAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAA;IACtE,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;QACxB,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAA,8BAAY,EAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;QAChD,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,yBAAyB,eAAe,oBAAoB,KAAK,CAAC,MAAM,EAAE,CAAC,CAAA;IAChH,CAAC;IAED,yBAAyB;IACzB,MAAM,cAAc,GAAG,CACrB,MAA8B,EAC9B,OAAe,EACf,uBAA+B,kBAAkB,CAAC,MAAM,EACxD,EAAE;QACF,IAAI,UAAU,EAAE,CAAC;YACf,UAAU,CAAC;gBACT,MAAM;gBACN,OAAO;gBACP,cAAc,EAAE,KAAK,CAAC,MAAM;gBAC5B,UAAU,EAAE,KAAK,CAAC,MAAM;gBACxB,oBAAoB;aACrB,CAAC,CAAA;QACJ,CAAC;IACH,CAAC,CAAA;IAED,8EAA8E;IAC9E,MAAM,UAAU,GAAG,aAAa,IAAI,cAAc,CAAC,YAAY;QAC7D,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,YAAa,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;QACxG,CAAC,CAAC,KAAK,CAAA;IAET,8DAA8D;IAC9D,IAAI,gBAAsF,CAAA;IAC1F,IAAI,uBAAoD,CAAA;IAExD,IAAI,CAAC;QACH,cAAc,EAAE,CAAA;QAEhB,kCAAkC;QAClC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAC7B,MAAM,KAAK,GAAG,IAAA,yBAAiB,EAAC,KAAK,CAAC,CAAA;QACtC,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAA;QAC7C,gBAAgB,GAAG,KAAK,CAAC,gBAAgB,CAAA;QAEzC,GAAG,CAAC,gBAAgB,QAAQ,CAAC,IAAI,mBAAmB,aAAa,qBAAqB,KAAK,CAAC,UAAU,CAAC,QAAQ,IAAI,CAAC,CAAA;QAEpH,IAAI,KAAK,CAAC,gBAAgB,CAAC,iBAAiB,EAAE,CAAC;YAC7C,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,oBAAoB,KAAK,CAAC,gBAAgB,CAAC,QAAQ,IAAI,SAAS,SAAS,KAAK,CAAC,gBAAgB,CAAC,cAAc,EAAE,CAAC,CAAA;QACtJ,CAAC;QAED,MAAM,qBAAqB,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAA;QAC/G,IAAI,qBAAqB,GAAG,CAAC,EAAE,CAAC;YAC9B,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,6BAA6B,qBAAqB,EAAE,CAAC,CAAA;QAC1F,CAAC;QAED,4BAA4B;QAC5B,MAAM,EAAE,GAAG,KAAK,CAAC,UAAU,CAAA;QAC3B,IAAI,EAAE,CAAC,WAAW,GAAG,CAAC,EAAE,CAAC;YACvB,GAAG,CAAC,iBAAiB,QAAQ,CAAC,IAAI,UAAU,EAAE,CAAC,WAAW,WAAW,EAAE,CAAC,YAAY,WAAW,EAAE,CAAC,YAAY,gBAAgB,EAAE,CAAC,iBAAiB,eAAe,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,QAAQ,IAAI,CAAC,CAAA;QAC/N,CAAC;QAED,2BAA2B;QAC3B,MAAM,EAAE,GAAG,KAAK,CAAC,UAAU,CAAA;QAC3B,GAAG,CAAC,gBAAgB,QAAQ,CAAC,IAAI,mBAAmB,EAAE,CAAC,aAAa,uBAAuB,EAAE,CAAC,gBAAgB,2BAA2B,EAAE,CAAC,mBAAmB,aAAa,EAAE,CAAC,QAAQ,IAAI,CAAC,CAAA;QAC5L,IAAI,EAAE,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC;YACxB,GAAG,CAAC,gBAAgB,QAAQ,CAAC,IAAI,YAAY,EAAE,CAAC,YAAY,iBAAiB,EAAE,CAAC,gBAAgB,gBAAgB,EAAE,CAAC,eAAe,iBAAiB,EAAE,CAAC,gBAAgB,cAAc,EAAE,CAAC,cAAc,gBAAgB,EAAE,CAAC,eAAe,EAAE,CAAC,CAAA;YAC1O,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,mBAAmB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YACrG,IAAI,eAAe;gBAAE,GAAG,CAAC,gBAAgB,QAAQ,CAAC,IAAI,kBAAkB,eAAe,GAAG,CAAC,CAAA;YAC3F,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,iBAAiB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YACjG,IAAI,aAAa;gBAAE,GAAG,CAAC,gBAAgB,QAAQ,CAAC,IAAI,gBAAgB,aAAa,GAAG,CAAC,CAAA;QACvF,CAAC;QAED,cAAc,EAAE,CAAA;QAEhB,gDAAgD;QAChD,MAAM,cAAc,GAAG,MAAM,IAAA,qBAAY,EAAC;YACxC,KAAK;YACL,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;YACxC,eAAe,EAAE,KAAK,CAAC,eAAe;YACtC,eAAe,EAAE,KAAK,CAAC,eAAe;YACtC,UAAU;YACV,iBAAiB;YACjB,cAAc;YACd,QAAQ,EAAE,QAAQ,CAAC,IAAI;YACvB,KAAK;SACN,CAAC,CAAA;QAEF,MAAM,WAAW,GAAiF;YAChG,GAAG,cAAc,CAAC,WAAW;SAC9B,CAAA;QAED,iDAAiD;QACjD,MAAM,eAAe,GAAG,CAAC,OAAO,CAAC,sBAAsB,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK,OAAO,CAAA;QACtF,IAAI,2BAA2B,GAAG,cAAc,CAAC,QAAQ,CAAA;QAEzD,IAAI,eAAe,EAAE,CAAC;YACpB,iDAAiD;YACjD,kDAAkD;YAClD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,WAAW,GAAG,MAAM,IAAA,kCAAsB,EAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;gBACzE,MAAM,WAAW,GAAG,MAAM,IAAA,6BAAa,EAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;gBAChE,2BAA2B,CAAC,IAAI,CAAC,GAAG,WAAW,EAAE,GAAG,WAAW,CAAC,CAAA;YAClE,CAAC;YACD,wDAAwD;YACxD,2BAA2B,GAAG,MAAM,IAAA,wCAAyB,EAAC,2BAA2B,CAAC,CAAA;YAE1F,GAAG,CAAC,mBAAmB,QAAQ,CAAC,IAAI,2BAA2B,CAAC,CAAA;QAClE,CAAC;aAAM,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;YAC7B,GAAG,CAAC,mBAAmB,QAAQ,CAAC,IAAI,iCAAiC,CAAC,CAAA;QACxE,CAAC;QAED,uCAAuC;QACvC,MAAM,sBAAsB,GAAG,2BAA2B,CAAC,MAAM,CAAA;QACjE,MAAM,kBAAkB,GAAG,IAAA,oCAAsB,EAAC,2BAA2B,CAAC,CAAA;QAC9E,IAAI,cAAc,CAAC,SAAS,EAAE,CAAC;YAC7B,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAA;YACrD,KAAK,MAAM,CAAC,IAAI,2BAA2B,EAAE,CAAC;gBAC5C,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC1B,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,gDAAgD,EAAE,CAAC,CAAA;gBAC/I,CAAC;YACH,CAAC;QACH,CAAC;QAED,mCAAmC;QACnC,MAAM,gBAAgB,GAAG,IAAA,+BAAkB,EAAC,kBAAkB,EAAE,KAAK,CAAC,aAAa,CAAC,cAAc,CAAC,CAAA;QAEnG,iCAAiC;QACjC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,kBAAkB,EAAE,GAAG,IAAA,qBAAa,EAAC,gBAAgB,EAAE,KAAK,EAAE,KAAK,CAAC,aAAa,CAAC,CAAA;QAE/H,uCAAuC;QACvC,MAAM,SAAS,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,OAAO,KAAK,SAAS,CAAC,CAAA;QACtF,MAAM,UAAU,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,OAAO,KAAK,UAAU,CAAC,CAAA;QACxF,MAAM,UAAU,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,OAAO,KAAK,UAAU,CAAC,CAAA;QAExF,GAAG,CAAC,qBAAqB,QAAQ,CAAC,IAAI,UAAU,KAAK,qBAAqB,SAAS,CAAC,MAAM,aAAa,UAAU,CAAC,MAAM,aAAa,UAAU,CAAC,MAAM,EAAE,CAAC,CAAA;QAEzJ,0BAA0B;QAC1B,MAAM,IAAI,GAAG,kBAAkB,CAAC,iBAAiB,CAAA;QACjD,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,gCAAgC,IAAI,CAAC,SAAS,CAAC,cAAc,IAAI,CAAC,SAAS,CAAC,cAAc,IAAI,CAAC,SAAS,CAAC,cAAc,IAAI,CAAC,SAAS,CAAC,cAAc,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;QACzM,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,aAAa,CAAC;aAC9D,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC;aAC7B,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC;aAC1C,IAAI,CAAC,GAAG,CAAC,CAAA;QACZ,IAAI,QAAQ;YAAE,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,eAAe,QAAQ,GAAG,CAAC,CAAA;QAC5E,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,aAAa,CAAC;aAC/D,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC;aAC1C,IAAI,CAAC,GAAG,CAAC,CAAA;QACZ,IAAI,SAAS;YAAE,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,qBAAqB,SAAS,GAAG,CAAC,CAAA;QACpF,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,iBAAiB,CAAC;aACnE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC;aACrC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,GAAG,CAAC;aAC7D,IAAI,CAAC,GAAG,CAAC,CAAA;QACZ,IAAI,SAAS;YAAE,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,yBAAyB,SAAS,GAAG,CAAC,CAAA;QAExF,gDAAgD;QAChD,IAAI,cAAc,CAAC,SAAS,EAAE,CAAC;YAC7B,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;gBAC3B,MAAM,iBAAiB,GAAG,CAAC,CAAC,gBAAgB,CAAC,WAAW;qBACrD,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;qBACvE,IAAI,CAAC,IAAI,CAAC,CAAA;gBACb,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;oBAC5B,KAAK,EAAE,oBAAoB;oBAC3B,MAAM,EAAE,WAAW;oBACnB,MAAM,EAAE,mCAAmC,CAAC,CAAC,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,iBAAiB,IAAI,cAAc,EAAE;iBAC1H,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,MAAM,kBAAkB,GAAG,cAAc,CAAC,oBAAoB,IAAI,EAAE,CAAA;QACpE,MAAM,gBAAgB,GAAG,IAAA,+CAA8B,EAAC,UAAU,EAAE,kBAAkB,CAAC,CAAA;QAEvF,cAAc,EAAE,CAAA;QAEhB,4BAA4B;QAC5B,IAAI,iBAAiB,GAAoB,gBAAgB,CAAA;QACzD,MAAM,cAAc,GAAG,OAAO,CAAC,QAAQ,KAAK,KAAK,IAAI,CAAC,cAAc,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAA;QAEpH,IAAI,cAAc,EAAE,CAAC;YACnB,cAAc,EAAE,CAAA;YAChB,MAAM,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;YACpC,cAAc,CAAC,YAAY,EAAE,2DAA2D,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAA;YAElH,iEAAiE;YACjE,MAAM,kBAAkB,GAAG,aAAa,IAAI,cAAc,CAAC,YAAY;gBACrE,CAAC,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,YAAa,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC3H,CAAC,CAAC,gBAAgB,CAAA;YAEpB,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClC,MAAM,gBAAgB,GAAG,MAAM,IAAA,iCAAsB,EACnD,kBAAkB,EAClB,UAAU,EACV,KAAK,CAAC,aAAa,EACnB,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACxB,UAAU,CAAC;wBACT,MAAM,EAAE,YAAY;wBACpB,OAAO,EAAE,QAAQ,CAAC,MAAM;wBACxB,cAAc,EAAE,QAAQ,CAAC,cAAc;wBACvC,UAAU,EAAE,QAAQ,CAAC,UAAU;wBAC/B,oBAAoB,EAAE,kBAAkB,CAAC,MAAM;qBAChD,CAAC,CAAA;gBACJ,CAAC,CAAC,CAAC,CAAC,SAAS,CACd,CAAA;gBACD,iBAAiB,GAAG,gBAAgB,CAAC,eAAe,CAAA;gBACpD,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,GAAG,gBAAgB,CAAA;gBACnD,uBAAuB,GAAG,eAAe,CAAA;gBACzC,WAAW,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,iBAAiB,CAAA;gBAEzD,IAAI,cAAc,CAAC,SAAS,EAAE,CAAC;oBAC7B,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAA;oBACxD,KAAK,MAAM,CAAC,IAAI,kBAAkB,EAAE,CAAC;wBACnC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;4BAC9B,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,4BAA4B,EAAE,CAAC,CAAA;wBACtH,CAAC;oBACH,CAAC;oBACD,KAAK,MAAM,CAAC,IAAI,iBAAiB,EAAE,CAAC;wBAClC,IAAI,CAAC,CAAC,eAAe,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;4BAC1D,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC,CAAC,eAAe,IAAI,6BAA6B,EAAE,gBAAgB,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;wBACnM,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,GAAG,CAAC,wBAAwB,QAAQ,CAAC,IAAI,UAAU,KAAK,aAAa,WAAW,CAAC,YAAY,iBAAiB,kBAAkB,CAAC,MAAM,SAAS,eAAe,CAAC,iBAAiB,aAAa,eAAe,CAAC,iBAAiB,eAAe,eAAe,CAAC,kBAAkB,EAAE,CAAC,CAAA;gBACnR,GAAG,CAAC,+CAA+C,eAAe,CAAC,oBAAoB,kBAAkB,eAAe,CAAC,qBAAqB,UAAU,eAAe,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,eAAe,CAAC,QAAQ,EAAE,CAAC,CAAA;gBAEzO,uCAAuC;gBACvC,MAAM,iBAAiB,GAA2B,EAAE,CAAA;gBACpD,MAAM,YAAY,GAA2B,EAAE,CAAA;gBAC/C,MAAM,gBAAgB,GAA2B,EAAE,CAAA;gBACnD,MAAM,kBAAkB,GAA2B,EAAE,CAAA;gBACrD,KAAK,MAAM,CAAC,IAAI,kBAAkB,EAAE,CAAC;oBACnC,iBAAiB,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;gBAC1E,CAAC;gBACD,KAAK,MAAM,CAAC,IAAI,iBAAiB,EAAE,CAAC;oBAClC,IAAI,CAAC,CAAC,gBAAgB,KAAK,WAAW,EAAE,CAAC;wBACvC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;oBAChE,CAAC;yBAAM,IAAI,CAAC,CAAC,gBAAgB,KAAK,YAAY,EAAE,CAAC;wBAC/C,kBAAkB,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;oBAC5E,CAAC;gBACH,CAAC;gBACD,KAAK,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBACjE,MAAM,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAA;oBACtE,gBAAgB,CAAC,GAAG,CAAC,GAAG,SAAS,GAAG,IAAI,CAAA;gBAC1C,CAAC;gBACD,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBACnJ,IAAI,YAAY;oBAAE,GAAG,CAAC,wBAAwB,QAAQ,CAAC,IAAI,0BAA0B,YAAY,GAAG,CAAC,CAAA;gBACrG,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBAChJ,IAAI,aAAa;oBAAE,GAAG,CAAC,wBAAwB,QAAQ,CAAC,IAAI,2BAA2B,aAAa,GAAG,CAAC,CAAA;gBACxG,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBACpJ,IAAI,WAAW;oBAAE,GAAG,CAAC,wBAAwB,QAAQ,CAAC,IAAI,4BAA4B,WAAW,GAAG,CAAC,CAAA;gBAErG,kEAAkE;gBAClE,MAAM,YAAY,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBAC3F,GAAG,CAAC;oBACJ,aAAa,EAAE,KAAK;oBACpB,gBAAgB,EAAE,eAAwB;oBAC1C,eAAe,EAAE,gEAAgE;iBAClF,CAAC,CAAC,CAAA;gBACH,iBAAiB,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAA;YACzC,CAAC;QACH,CAAC;aAAM,IAAI,cAAc,CAAC,gBAAgB,EAAE,CAAC;YAC3C,GAAG,CAAC,wBAAwB,QAAQ,CAAC,IAAI,UAAU,KAAK,uEAAuE,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAA;YACzJ,iBAAiB,GAAG,EAAE,CAAA;QACxB,CAAC;QAED,2CAA2C;QAC3C,kBAAkB,CAAC,IAAI,CAAC,GAAG,iBAAiB,EAAE,GAAG,SAAS,CAAC,CAAA;QAE3D,2EAA2E;QAC3E,IAAI,cAAc,CAAC,UAAU,EAAE,CAAC;YAC9B,GAAG,CAAC,iBAAiB,QAAQ,CAAC,IAAI,UAAU,KAAK,uCAAuC,CAAC,CAAA;QAC3F,CAAC;QAED,2BAA2B;QAC3B,MAAM,UAAU,GAAuC;YACrD,KAAK,EAAE,aAAa;YACpB,GAAG,WAAW;SACf,CAAA;QACD,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;aAC9C,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,KAAK,SAAS,CAAC;aACpC,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,IAAI,EAAE,IAAI,CAAC;aACxC,IAAI,CAAC,GAAG,CAAC,CAAA;QACZ,IAAI,cAAc,EAAE,CAAC;YACnB,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,kBAAkB,cAAc,EAAE,CAAC,CAAA;QACxE,CAAC;QAED,mCAAmC;QACnC,MAAM,aAAa,GAAG,IAAA,iCAAmB,EAAC;YACxC,QAAQ,EAAE,kBAAkB;YAC5B,KAAK;YACL,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;YACxC,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,cAAc;YACd,cAAc,EAAE,OAAO,CAAC,cAAc;SACvC,CAAC,CAAA;QAEF,+CAA+C;QAC/C,IAAI,aAAa,CAAC,iBAAiB,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,aAAa,CAAC,iBAAiB,CAAC,mBAAmB,GAAG,CAAC,EAAE,CAAC;YACrH,GAAG,CAAC,sBAAsB,QAAQ,CAAC,IAAI,eAAe,aAAa,CAAC,iBAAiB,CAAC,UAAU,CAAC,MAAM,YAAY,aAAa,CAAC,iBAAiB,CAAC,KAAK,CAAC,gBAAgB,mBAAmB,aAAa,CAAC,iBAAiB,CAAC,KAAK,CAAC,uBAAuB,gBAAgB,aAAa,CAAC,iBAAiB,CAAC,KAAK,CAAC,oBAAoB,aAAa,aAAa,CAAC,iBAAiB,CAAC,mBAAmB,EAAE,CAAC,CAAA;QACxY,CAAC;QAED,cAAc,CAAC,UAAU,EAAE,gBAAgB,EAAE,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QAE3E,sCAAsC;QACtC,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAA;QAC5C,MAAM,WAAW,GAAG;YAClB,OAAO,sBAAsB,EAAE;YAC/B,cAAc,kBAAkB,CAAC,MAAM,EAAE;YACzC,UAAU,cAAc,CAAC,MAAM,EAAE;YACjC,WAAW,SAAS,CAAC,MAAM,EAAE;YAC7B,YAAY,UAAU,CAAC,MAAM,EAAE;YAC/B,YAAY,UAAU,CAAC,MAAM,EAAE;SAChC,CAAA;QACD,IAAI,cAAc,IAAI,uBAAuB,EAAE,CAAC;YAC9C,WAAW,CAAC,IAAI,CAAC,WAAW,uBAAuB,CAAC,iBAAiB,GAAG,uBAAuB,CAAC,kBAAkB,EAAE,CAAC,CAAA;YACrH,WAAW,CAAC,IAAI,CAAC,eAAe,uBAAuB,CAAC,iBAAiB,EAAE,CAAC,CAAA;QAC9E,CAAC;QACD,WAAW,CAAC,IAAI,CAAC,iBAAiB,aAAa,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;QAClE,GAAG,CAAC,iBAAiB,QAAQ,CAAC,IAAI,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;QAChE,GAAG,CAAC,kBAAkB,QAAQ,CAAC,IAAI,mBAAmB,aAAa,YAAY,KAAK,CAAC,MAAM,mBAAmB,aAAa,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;QAE9I,iCAAiC;QACjC,OAAO,IAAA,8BAAe,EAAC;YACrB,QAAQ;YACR,KAAK;YACL,QAAQ,EAAE,aAAa,CAAC,QAAQ;YAChC,iBAAiB,EAAE,aAAa,CAAC,iBAAiB;YAClD,SAAS;YACT,eAAe,EAAE,uBAAuB;YACxC,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,cAAc;SACf,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,iBAAiB,EAAE,SAAS,EAAE,CAAC;YACjC,yCAAyC;YACzC,cAAc,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAA;YAE1C,0BAA0B;YAC1B,MAAM,qBAAqB,GAAG,IAAA,kCAA0B,EAAC,kBAAkB,CAAC,CAAA;YAC5E,MAAM,uBAAuB,GAAG,IAAA,sCAAqB,EAAC,qBAAqB,EAAE,gBAAgB,CAAC,CAAA;YAC9F,MAAM,qBAAqB,GAAG,IAAA,wBAAc,EAAC,uBAAuB,CAAC,CAAA;YACrE,MAAM,cAAc,GAAG,IAAA,+BAAqB,EAAC,qBAAqB,CAAC,CAAA;YACnE,MAAM,cAAc,GAAG,IAAA,+BAAqB,EAAC,qBAAqB,CAAC,CAAA;YAEnE,OAAO;gBACL,QAAQ,EAAE,QAAQ,CAAC,IAAI;gBACvB,OAAO,EAAE,QAAQ,CAAC,GAAG;gBACrB,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,YAAY,EAAE,KAAK,CAAC,MAAM;gBAC1B,YAAY,EAAE,CAAC;gBACf,eAAe,EAAE,qBAAqB;gBACtC,cAAc;gBACd,cAAc;gBACd,iBAAiB,EAAE,KAAK,EAAE,iCAAiC;gBAC3D,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBACpC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,eAAe,EAAE,uBAAuB;gBACxC,SAAS,EAAE,IAAI;gBACf,YAAY,EAAE,iBAAiB,CAAC,MAAM;aACvC,CAAA;QACH,CAAC;QAED,cAAc,CAAC,QAAQ,EAAE,gBAAgB,KAAK,EAAE,CAAC,CAAA;QACjD,MAAM,KAAK,CAAA;IACb,CAAC;AACH,CAAC"}
|
package/dist/shared/types.d.ts
CHANGED
|
@@ -321,7 +321,7 @@ export interface ScanModeConfig {
|
|
|
321
321
|
maxAIValidationFiles?: number;
|
|
322
322
|
/** Maximum files for Layer 3 analysis (cost control) */
|
|
323
323
|
maxLayer3Files?: number;
|
|
324
|
-
/** Scan depth mode (
|
|
324
|
+
/** Scan depth mode (local/verified/deep) - controls AI usage */
|
|
325
325
|
scanDepth?: ScanDepth;
|
|
326
326
|
/** Whether to exclude test files from scanning (default: true) */
|
|
327
327
|
excludeTestFiles?: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/shared/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,qBAAqB,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAA;AAEnF,MAAM,MAAM,qBAAqB,GAC7B,kBAAkB,GAClB,qBAAqB,GACrB,oBAAoB,GACpB,iBAAiB,GACjB,oBAAoB,GACpB,eAAe,GACf,KAAK,GACL,mBAAmB,GACnB,iBAAiB,GACjB,cAAc,GACd,oBAAoB,GACpB,uBAAuB,GACvB,gBAAgB,GAChB,gBAAgB,GAChB,YAAY,GACZ,eAAe,GACf,aAAa,GACb,eAAe,GAEf,qBAAqB,GACrB,qBAAqB,GACrB,wBAAwB,GAExB,qBAAqB,GACrB,yBAAyB,GACzB,oBAAoB,GAEpB,0BAA0B,GAC1B,yBAAyB,GACzB,oBAAoB,GACpB,uBAAuB,GACvB,yBAAyB,GACzB,wBAAwB,GAExB,8BAA8B,GAC9B,yBAAyB,GACzB,uBAAuB,GACvB,2BAA2B,GAC3B,wBAAwB,GACxB,4BAA4B,GAC5B,wBAAwB,GACxB,sBAAsB,GACtB,sBAAsB,GAEtB,sBAAsB,GACtB,qBAAqB,GACrB,sBAAsB,GACtB,qBAAqB,GAErB,oBAAoB,GAEpB,0BAA0B,GAC1B,MAAM,GACN,eAAe,GACf,KAAK,CAAA;AAET,MAAM,MAAM,gBAAgB,GAAG,WAAW,GAAG,YAAY,GAAG,WAAW,GAAG,eAAe,CAAA;AAEzF,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAA;IACV,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,EAAE,MAAM,CAAA;IAClB,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,KAAK,EAAE,MAAM,CAAA;IACb,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAA;IACrC,yEAAyE;IACzE,KAAK,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAChB,iDAAiD;IACjD,MAAM,CAAC,EAAE,SAAS,GAAG,YAAY,GAAG,SAAS,GAAG,QAAQ,GAAG,YAAY,CAAA;IACvE,oBAAoB,CAAC,EAAE,OAAO,CAAA;IAG9B,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,gBAAgB,CAAC,EAAE,gBAAgB,CAAA;IACnC,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,gBAAgB,CAAC,EAAE,qBAAqB,CAAA;IAGxC,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;IACnB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAA;IACrB,UAAU,CAAC,EAAE,OAAO,CAAA;IAEpB,kFAAkF;IAClF,cAAc,CAAC,EAAE,MAAM,CAAA;CACxB;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,8CAA8C;IAC9C,SAAS,EAAE,OAAO,CAAA;IAClB,4DAA4D;IAC5D,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,2BAA2B;IAC3B,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,sDAAsD;IACtD,QAAQ,CAAC,QAAQ,EAAE,MAAM,IAAI,GAAG,IAAI,CAAA;CACrC;AAED;;;;;;;GAOG;AACH,wBAAgB,uBAAuB,IAAI,iBAAiB,CA8B3D;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,MAAM,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;CACb;AAGD,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,MAAM,CAAA;IACd,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,MAAM,CAAA;CACb;AAGD,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC,CAAA;AAE3E,2EAA2E;AAC3E,MAAM,WAAW,8BAA8B;IAC7C,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAA;IACZ,gBAAgB;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAA;IAClB,6BAA6B;IAC7B,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,eAAe;IACf,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,YAAY;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,4BAA4B;IAC5B,eAAe,EAAE,QAAQ,GAAG,gBAAgB,GAAG,aAAa,CAAA;IAC5D,6BAA6B;IAC7B,iBAAiB,EAAE,MAAM,CAAA;IACzB,+BAA+B;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;IACd,YAAY,EAAE,MAAM,CAAA;IACpB,YAAY,EAAE,MAAM,CAAA;IACpB,eAAe,EAAE,aAAa,EAAE,CAAA;IAGhC,cAAc,EAAE,cAAc,CAAA;IAC9B,cAAc,EAAE,cAAc,CAAA;IAC9B,iBAAiB,EAAE,OAAO,CAAA;IAE1B,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,EAAE,MAAM,CAAA;IAGjB,eAAe,CAAC,EAAE;QAChB,aAAa,EAAE,MAAM,CAAA;QACrB,iBAAiB,EAAE,MAAM,CAAA;QACzB,iBAAiB,EAAE,MAAM,CAAA;QACzB,iBAAiB,EAAE,MAAM,CAAA;QACzB,kBAAkB,EAAE,MAAM,CAAA;QAC1B,qBAAqB,EAAE,MAAM,CAAA;QAC7B,oBAAoB,EAAE,MAAM,CAAA;QAC5B,qBAAqB,EAAE,MAAM,CAAA;QAC7B,aAAa,EAAE,MAAM,CAAA;QACrB,QAAQ,EAAE,MAAM,CAAA;QAChB,mBAAmB,EAAE,MAAM,CAAA;QAC3B,eAAe,EAAE,MAAM,CAAA;QACvB,YAAY,EAAE,MAAM,CAAA;KACrB,CAAA;IAGD,SAAS,CAAC,EAAE,OAAO,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;IAGrB,gBAAgB,CAAC,EAAE;QACjB,wCAAwC;QACxC,KAAK,EAAE,MAAM,CAAA;QACb,6CAA6C;QAC7C,gBAAgB,EAAE,MAAM,CAAA;QACxB,mDAAmD;QACnD,uBAAuB,EAAE,MAAM,CAAA;QAC/B,2CAA2C;QAC3C,oBAAoB,EAAE,MAAM,CAAA;QAC5B,uEAAuE;QACvE,OAAO,EAAE,MAAM,CAAA;KAChB,CAAA;IACD,kEAAkE;IAClE,yBAAyB,CAAC,EAAE,8BAA8B,EAAE,CAAA;IAG5D,YAAY,CAAC,EAAE;QACb,oCAAoC;QACpC,iBAAiB,EAAE,MAAM,CAAA;QACzB,gDAAgD;QAChD,cAAc,CAAC,EAAE,MAAM,CAAA;QACvB,+CAA+C;QAC/C,QAAQ,EAAE,MAAM,CAAA;QAChB,6DAA6D;QAC7D,UAAU,EAAE,MAAM,CAAA;QAClB,4CAA4C;QAC5C,aAAa,EAAE,MAAM,CAAA;QACrB,4CAA4C;QAC5C,aAAa,EAAE,KAAK,CAAC;YACnB,IAAI,EAAE,MAAM,CAAA;YACZ,QAAQ,EAAE,MAAM,CAAA;YAChB,UAAU,EAAE,MAAM,CAAA;YAClB,QAAQ,EAAE,MAAM,CAAA;YAChB,QAAQ,EAAE,MAAM,CAAA;YAChB,KAAK,EAAE,MAAM,CAAA;SACd,CAAC,CAAA;KACH,CAAA;IAED,qEAAqE;IACrE,gBAAgB,CAAC,EAAE,OAAO,mCAAmC,EAAE,gBAAgB,EAAE,CAAA;CAClF;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,UAAU,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,YAAY,GAAG,UAAU,GAAG,QAAQ,CAAA;IAC1F,OAAO,EAAE,MAAM,CAAA;IACf,cAAc,EAAE,MAAM,CAAA;IACtB,UAAU,EAAE,MAAM,CAAA;IAClB,oBAAoB,EAAE,MAAM,CAAA;CAC7B;AAED,MAAM,MAAM,gBAAgB,GAAG,CAAC,QAAQ,EAAE,YAAY,KAAK,IAAI,CAAA;AAG/D,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,WAAW,EAAE,MAAM,CAAA;CACpB;AAGD,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAA;IACZ,YAAY,EAAE,MAAM,EAAE,CAAA;IACtB,KAAK,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,eAAe,EAAE,CAAA;CAChE;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,EAAE,MAAM,CAAA;IACnB,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,qBAAqB,CAAA;CAChC;AAGD,MAAM,WAAW,wBAAwB;IACvC,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,WAAW,EAAE,MAAM,CAAA;CACpB;AAGD,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,SAAS;IACxB,UAAU,EAAE,MAAM,CAAA;IAClB,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,KAAK,EAAE,MAAM,CAAA;IACb,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;CACrB;AAMD;;;;;;GAMG;AACH,MAAM,WAAW,eAAe;IAE9B,IAAI,EAAE;QACJ,6CAA6C;QAC7C,UAAU,EAAE,4BAA4B,GAAG,IAAI,CAAA;QAC/C,2CAA2C;QAC3C,WAAW,EAAE,wBAAwB,CAAA;QACrC,uDAAuD;QACvD,eAAe,EAAE,MAAM,EAAE,CAAA;KAC1B,CAAA;IAGD,SAAS,EAAE;QACT,yCAAyC;QACzC,OAAO,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,GAAG,KAAK,GAAG,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,OAAO,GAAG,OAAO,GAAG,SAAS,GAAG,IAAI,CAAA;QACvH,kCAAkC;QAClC,QAAQ,EAAE,OAAO,GAAG,KAAK,GAAG,QAAQ,GAAG,SAAS,GAAG,SAAS,GAAG,IAAI,CAAA;QACnE,0CAA0C;QAC1C,aAAa,EAAE,OAAO,CAAA;KACvB,CAAA;IAGD,UAAU,EAAE;QACV,iCAAiC;QACjC,GAAG,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,GAAG,WAAW,GAAG,MAAM,GAAG,IAAI,CAAA;QACnE,mDAAmD;QACnD,MAAM,EAAE,OAAO,CAAA;QACf,kCAAkC;QAClC,aAAa,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,GAAG,SAAS,GAAG,IAAI,CAAA;KACxD,CAAA;IAGD,IAAI,EAAE;QACJ,+DAA+D;QAC/D,YAAY,EAAE,OAAO,CAAA;QACrB,+DAA+D;QAC/D,eAAe,EAAE,OAAO,CAAA;QACxB,oDAAoD;QACpD,UAAU,EAAE,OAAO,CAAA;QACnB,yCAAyC;QACzC,YAAY,EAAE,OAAO,CAAA;QACrB,kDAAkD;QAClD,YAAY,EAAE,OAAO,CAAA;KACtB,CAAA;CACF;AAED,4DAA4D;AAC5D,MAAM,WAAW,4BAA4B;IAC3C,2CAA2C;IAC3C,iBAAiB,EAAE,OAAO,CAAA;IAC1B,gCAAgC;IAChC,QAAQ,EAAE,OAAO,GAAG,UAAU,GAAG,OAAO,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,GAAG,IAAI,CAAA;IACnF,8BAA8B;IAC9B,cAAc,EAAE,MAAM,EAAE,CAAA;IACxB,oCAAoC;IACpC,WAAW,EAAE,MAAM,EAAE,CAAA;CACtB;AAED,yDAAyD;AACzD,MAAM,WAAW,wBAAwB;IACvC,oDAAoD;IACpD,kBAAkB,EAAE,OAAO,CAAA;IAC3B,qCAAqC;IACrC,mBAAmB,EAAE,MAAM,EAAE,CAAA;CAC9B;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,IAAI,eAAe,CA4B5D;AAGD,eAAO,MAAM,oBAAoB,UAMhC,CAAA;AAGD,eAAO,MAAM,aAAa,UAazB,CAAA;AAGD,eAAO,MAAM,aAAa,QAAY,CAAA;AAMtC;;;;;GAKG;AACH,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG,aAAa,CAAA;AAE7C;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,MAAM,SAAS,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,CAAA;AAErD,MAAM,WAAW,cAAc;IAC7B,oBAAoB;IACpB,IAAI,EAAE,QAAQ,CAAA;IAEd,oDAAoD;IACpD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;IAEvB,gEAAgE;IAChE,UAAU,CAAC,EAAE,MAAM,CAAA;IAEnB,mEAAmE;IACnE,gBAAgB,CAAC,EAAE,OAAO,CAAA;IAE1B,2DAA2D;IAC3D,UAAU,CAAC,EAAE,OAAO,CAAA;IAEpB,4DAA4D;IAC5D,oBAAoB,CAAC,EAAE,MAAM,CAAA;IAE7B,wDAAwD;IACxD,cAAc,CAAC,EAAE,MAAM,CAAA;IAEvB,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/shared/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,qBAAqB,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAA;AAEnF,MAAM,MAAM,qBAAqB,GAC7B,kBAAkB,GAClB,qBAAqB,GACrB,oBAAoB,GACpB,iBAAiB,GACjB,oBAAoB,GACpB,eAAe,GACf,KAAK,GACL,mBAAmB,GACnB,iBAAiB,GACjB,cAAc,GACd,oBAAoB,GACpB,uBAAuB,GACvB,gBAAgB,GAChB,gBAAgB,GAChB,YAAY,GACZ,eAAe,GACf,aAAa,GACb,eAAe,GAEf,qBAAqB,GACrB,qBAAqB,GACrB,wBAAwB,GAExB,qBAAqB,GACrB,yBAAyB,GACzB,oBAAoB,GAEpB,0BAA0B,GAC1B,yBAAyB,GACzB,oBAAoB,GACpB,uBAAuB,GACvB,yBAAyB,GACzB,wBAAwB,GAExB,8BAA8B,GAC9B,yBAAyB,GACzB,uBAAuB,GACvB,2BAA2B,GAC3B,wBAAwB,GACxB,4BAA4B,GAC5B,wBAAwB,GACxB,sBAAsB,GACtB,sBAAsB,GAEtB,sBAAsB,GACtB,qBAAqB,GACrB,sBAAsB,GACtB,qBAAqB,GAErB,oBAAoB,GAEpB,0BAA0B,GAC1B,MAAM,GACN,eAAe,GACf,KAAK,CAAA;AAET,MAAM,MAAM,gBAAgB,GAAG,WAAW,GAAG,YAAY,GAAG,WAAW,GAAG,eAAe,CAAA;AAEzF,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAA;IACV,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,EAAE,MAAM,CAAA;IAClB,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,KAAK,EAAE,MAAM,CAAA;IACb,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAA;IACrC,yEAAyE;IACzE,KAAK,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAChB,iDAAiD;IACjD,MAAM,CAAC,EAAE,SAAS,GAAG,YAAY,GAAG,SAAS,GAAG,QAAQ,GAAG,YAAY,CAAA;IACvE,oBAAoB,CAAC,EAAE,OAAO,CAAA;IAG9B,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,gBAAgB,CAAC,EAAE,gBAAgB,CAAA;IACnC,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,gBAAgB,CAAC,EAAE,qBAAqB,CAAA;IAGxC,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;IACnB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAA;IACrB,UAAU,CAAC,EAAE,OAAO,CAAA;IAEpB,kFAAkF;IAClF,cAAc,CAAC,EAAE,MAAM,CAAA;CACxB;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,8CAA8C;IAC9C,SAAS,EAAE,OAAO,CAAA;IAClB,4DAA4D;IAC5D,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,2BAA2B;IAC3B,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,sDAAsD;IACtD,QAAQ,CAAC,QAAQ,EAAE,MAAM,IAAI,GAAG,IAAI,CAAA;CACrC;AAED;;;;;;;GAOG;AACH,wBAAgB,uBAAuB,IAAI,iBAAiB,CA8B3D;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,MAAM,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;CACb;AAGD,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,MAAM,CAAA;IACd,GAAG,EAAE,MAAM,CAAA;IACX,IAAI,EAAE,MAAM,CAAA;CACb;AAGD,MAAM,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC,CAAA;AAE3E,2EAA2E;AAC3E,MAAM,WAAW,8BAA8B;IAC7C,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAA;IACZ,gBAAgB;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAA;IAClB,6BAA6B;IAC7B,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,eAAe;IACf,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,YAAY;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,4BAA4B;IAC5B,eAAe,EAAE,QAAQ,GAAG,gBAAgB,GAAG,aAAa,CAAA;IAC5D,6BAA6B;IAC7B,iBAAiB,EAAE,MAAM,CAAA;IACzB,+BAA+B;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;IACd,YAAY,EAAE,MAAM,CAAA;IACpB,YAAY,EAAE,MAAM,CAAA;IACpB,eAAe,EAAE,aAAa,EAAE,CAAA;IAGhC,cAAc,EAAE,cAAc,CAAA;IAC9B,cAAc,EAAE,cAAc,CAAA;IAC9B,iBAAiB,EAAE,OAAO,CAAA;IAE1B,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,EAAE,MAAM,CAAA;IAGjB,eAAe,CAAC,EAAE;QAChB,aAAa,EAAE,MAAM,CAAA;QACrB,iBAAiB,EAAE,MAAM,CAAA;QACzB,iBAAiB,EAAE,MAAM,CAAA;QACzB,iBAAiB,EAAE,MAAM,CAAA;QACzB,kBAAkB,EAAE,MAAM,CAAA;QAC1B,qBAAqB,EAAE,MAAM,CAAA;QAC7B,oBAAoB,EAAE,MAAM,CAAA;QAC5B,qBAAqB,EAAE,MAAM,CAAA;QAC7B,aAAa,EAAE,MAAM,CAAA;QACrB,QAAQ,EAAE,MAAM,CAAA;QAChB,mBAAmB,EAAE,MAAM,CAAA;QAC3B,eAAe,EAAE,MAAM,CAAA;QACvB,YAAY,EAAE,MAAM,CAAA;KACrB,CAAA;IAGD,SAAS,CAAC,EAAE,OAAO,CAAA;IACnB,YAAY,CAAC,EAAE,MAAM,CAAA;IAGrB,gBAAgB,CAAC,EAAE;QACjB,wCAAwC;QACxC,KAAK,EAAE,MAAM,CAAA;QACb,6CAA6C;QAC7C,gBAAgB,EAAE,MAAM,CAAA;QACxB,mDAAmD;QACnD,uBAAuB,EAAE,MAAM,CAAA;QAC/B,2CAA2C;QAC3C,oBAAoB,EAAE,MAAM,CAAA;QAC5B,uEAAuE;QACvE,OAAO,EAAE,MAAM,CAAA;KAChB,CAAA;IACD,kEAAkE;IAClE,yBAAyB,CAAC,EAAE,8BAA8B,EAAE,CAAA;IAG5D,YAAY,CAAC,EAAE;QACb,oCAAoC;QACpC,iBAAiB,EAAE,MAAM,CAAA;QACzB,gDAAgD;QAChD,cAAc,CAAC,EAAE,MAAM,CAAA;QACvB,+CAA+C;QAC/C,QAAQ,EAAE,MAAM,CAAA;QAChB,6DAA6D;QAC7D,UAAU,EAAE,MAAM,CAAA;QAClB,4CAA4C;QAC5C,aAAa,EAAE,MAAM,CAAA;QACrB,4CAA4C;QAC5C,aAAa,EAAE,KAAK,CAAC;YACnB,IAAI,EAAE,MAAM,CAAA;YACZ,QAAQ,EAAE,MAAM,CAAA;YAChB,UAAU,EAAE,MAAM,CAAA;YAClB,QAAQ,EAAE,MAAM,CAAA;YAChB,QAAQ,EAAE,MAAM,CAAA;YAChB,KAAK,EAAE,MAAM,CAAA;SACd,CAAC,CAAA;KACH,CAAA;IAED,qEAAqE;IACrE,gBAAgB,CAAC,EAAE,OAAO,mCAAmC,EAAE,gBAAgB,EAAE,CAAA;CAClF;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,UAAU,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,YAAY,GAAG,UAAU,GAAG,QAAQ,CAAA;IAC1F,OAAO,EAAE,MAAM,CAAA;IACf,cAAc,EAAE,MAAM,CAAA;IACtB,UAAU,EAAE,MAAM,CAAA;IAClB,oBAAoB,EAAE,MAAM,CAAA;CAC7B;AAED,MAAM,MAAM,gBAAgB,GAAG,CAAC,QAAQ,EAAE,YAAY,KAAK,IAAI,CAAA;AAG/D,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,WAAW,EAAE,MAAM,CAAA;CACpB;AAGD,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAA;IACZ,YAAY,EAAE,MAAM,EAAE,CAAA;IACtB,KAAK,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,eAAe,EAAE,CAAA;CAChE;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,EAAE,MAAM,CAAA;IACnB,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,qBAAqB,CAAA;CAChC;AAGD,MAAM,WAAW,wBAAwB;IACvC,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,WAAW,EAAE,MAAM,CAAA;CACpB;AAGD,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,SAAS;IACxB,UAAU,EAAE,MAAM,CAAA;IAClB,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,KAAK,EAAE,MAAM,CAAA;IACb,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;CACrB;AAMD;;;;;;GAMG;AACH,MAAM,WAAW,eAAe;IAE9B,IAAI,EAAE;QACJ,6CAA6C;QAC7C,UAAU,EAAE,4BAA4B,GAAG,IAAI,CAAA;QAC/C,2CAA2C;QAC3C,WAAW,EAAE,wBAAwB,CAAA;QACrC,uDAAuD;QACvD,eAAe,EAAE,MAAM,EAAE,CAAA;KAC1B,CAAA;IAGD,SAAS,EAAE;QACT,yCAAyC;QACzC,OAAO,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,GAAG,KAAK,GAAG,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,OAAO,GAAG,OAAO,GAAG,SAAS,GAAG,IAAI,CAAA;QACvH,kCAAkC;QAClC,QAAQ,EAAE,OAAO,GAAG,KAAK,GAAG,QAAQ,GAAG,SAAS,GAAG,SAAS,GAAG,IAAI,CAAA;QACnE,0CAA0C;QAC1C,aAAa,EAAE,OAAO,CAAA;KACvB,CAAA;IAGD,UAAU,EAAE;QACV,iCAAiC;QACjC,GAAG,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,GAAG,WAAW,GAAG,MAAM,GAAG,IAAI,CAAA;QACnE,mDAAmD;QACnD,MAAM,EAAE,OAAO,CAAA;QACf,kCAAkC;QAClC,aAAa,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,GAAG,SAAS,GAAG,IAAI,CAAA;KACxD,CAAA;IAGD,IAAI,EAAE;QACJ,+DAA+D;QAC/D,YAAY,EAAE,OAAO,CAAA;QACrB,+DAA+D;QAC/D,eAAe,EAAE,OAAO,CAAA;QACxB,oDAAoD;QACpD,UAAU,EAAE,OAAO,CAAA;QACnB,yCAAyC;QACzC,YAAY,EAAE,OAAO,CAAA;QACrB,kDAAkD;QAClD,YAAY,EAAE,OAAO,CAAA;KACtB,CAAA;CACF;AAED,4DAA4D;AAC5D,MAAM,WAAW,4BAA4B;IAC3C,2CAA2C;IAC3C,iBAAiB,EAAE,OAAO,CAAA;IAC1B,gCAAgC;IAChC,QAAQ,EAAE,OAAO,GAAG,UAAU,GAAG,OAAO,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,GAAG,IAAI,CAAA;IACnF,8BAA8B;IAC9B,cAAc,EAAE,MAAM,EAAE,CAAA;IACxB,oCAAoC;IACpC,WAAW,EAAE,MAAM,EAAE,CAAA;CACtB;AAED,yDAAyD;AACzD,MAAM,WAAW,wBAAwB;IACvC,oDAAoD;IACpD,kBAAkB,EAAE,OAAO,CAAA;IAC3B,qCAAqC;IACrC,mBAAmB,EAAE,MAAM,EAAE,CAAA;CAC9B;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,IAAI,eAAe,CA4B5D;AAGD,eAAO,MAAM,oBAAoB,UAMhC,CAAA;AAGD,eAAO,MAAM,aAAa,UAazB,CAAA;AAGD,eAAO,MAAM,aAAa,QAAY,CAAA;AAMtC;;;;;GAKG;AACH,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG,aAAa,CAAA;AAE7C;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,MAAM,SAAS,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,CAAA;AAErD,MAAM,WAAW,cAAc;IAC7B,oBAAoB;IACpB,IAAI,EAAE,QAAQ,CAAA;IAEd,oDAAoD;IACpD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;IAEvB,gEAAgE;IAChE,UAAU,CAAC,EAAE,MAAM,CAAA;IAEnB,mEAAmE;IACnE,gBAAgB,CAAC,EAAE,OAAO,CAAA;IAE1B,2DAA2D;IAC3D,UAAU,CAAC,EAAE,OAAO,CAAA;IAEpB,4DAA4D;IAC5D,oBAAoB,CAAC,EAAE,MAAM,CAAA;IAE7B,wDAAwD;IACxD,cAAc,CAAC,EAAE,MAAM,CAAA;IAEvB,gEAAgE;IAChE,SAAS,CAAC,EAAE,SAAS,CAAA;IAErB,kEAAkE;IAClE,gBAAgB,CAAC,EAAE,OAAO,CAAA;IAE1B,kEAAkE;IAClE,gBAAgB,CAAC,EAAE,OAAO,CAAA;IAE1B,yDAAyD;IACzD,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAA;CAC5B;AAED;;GAEG;AACH,eAAO,MAAM,kBAAkB,EAAE,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,cAAc,CAAC,CAexE,CAAA"}
|
package/dist/tiers.d.ts
CHANGED
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
* - Route AI validation budget toward Tier B
|
|
8
8
|
*
|
|
9
9
|
* Security reasoning:
|
|
10
|
-
* - Makes it explicit which detectors are safe to expose in
|
|
10
|
+
* - Makes it explicit which detectors are safe to expose in local scans
|
|
11
11
|
* - Avoids "accidental promotion" of an experimental heuristic to production output
|
|
12
12
|
*/
|
|
13
13
|
import type { VulnerabilityCategory } from './shared/types';
|
|
@@ -15,7 +15,7 @@ import type { VulnerabilityCategory } from './shared/types';
|
|
|
15
15
|
* Detector tiers control visibility and trust level:
|
|
16
16
|
*
|
|
17
17
|
* - core: High-precision SAST + core AI-safety detectors. Visible in all scan depths.
|
|
18
|
-
* - ai_assisted: Context-heavy heuristics that need AI validation. Shown in
|
|
18
|
+
* - ai_assisted: Context-heavy heuristics that need AI validation. Shown in verified/deep.
|
|
19
19
|
* - experimental: High-noise signals used only for internal scoring/AI hints. Hidden from users.
|
|
20
20
|
*/
|
|
21
21
|
export type DetectorTier = 'core' | 'ai_assisted' | 'experimental';
|
package/dist/tiers.js
CHANGED
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
* - Route AI validation budget toward Tier B
|
|
9
9
|
*
|
|
10
10
|
* Security reasoning:
|
|
11
|
-
* - Makes it explicit which detectors are safe to expose in
|
|
11
|
+
* - Makes it explicit which detectors are safe to expose in local scans
|
|
12
12
|
* - Avoids "accidental promotion" of an experimental heuristic to production output
|
|
13
13
|
*/
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@oculum/scanner",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.14",
|
|
4
4
|
"description": "AI-native security scanner for detecting vulnerabilities in LLM-generated code",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -31,7 +31,7 @@
|
|
|
31
31
|
},
|
|
32
32
|
"dependencies": {
|
|
33
33
|
"@anthropic-ai/sdk": "^0.71.2",
|
|
34
|
-
"@oculum/cli": "^1.0.
|
|
34
|
+
"@oculum/cli": "^1.0.20",
|
|
35
35
|
"js-yaml": "^4.1.0",
|
|
36
36
|
"minimatch": "^9.0.0",
|
|
37
37
|
"openai": "^6.16.0",
|
|
@@ -0,0 +1,300 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Unit tests for enrichPostinstallFindings()
|
|
3
|
+
*
|
|
4
|
+
* Tests the NPM registry-based severity tiering for postinstall/preinstall
|
|
5
|
+
* script findings. This enrichment only runs on verified scans (non-local depth).
|
|
6
|
+
*
|
|
7
|
+
* Run: npx jest src/__tests__/detect/postinstall-enrichment.test.ts
|
|
8
|
+
*/
|
|
9
|
+
|
|
10
|
+
import { enrichPostinstallFindings } from '../../detect/secrets/config-audit'
|
|
11
|
+
import type { Vulnerability } from '../../shared/types'
|
|
12
|
+
import type { NPMPackageMetadata } from '../../shared/registry-clients'
|
|
13
|
+
|
|
14
|
+
// Mock the registry client — no real network calls in tests
|
|
15
|
+
jest.mock('../../shared/registry-clients', () => {
|
|
16
|
+
const actual = jest.requireActual('../../shared/registry-clients')
|
|
17
|
+
return {
|
|
18
|
+
...actual,
|
|
19
|
+
fetchNPMMetadata: jest.fn(),
|
|
20
|
+
}
|
|
21
|
+
})
|
|
22
|
+
|
|
23
|
+
import { fetchNPMMetadata } from '../../shared/registry-clients'
|
|
24
|
+
const mockFetchNPM = fetchNPMMetadata as jest.MockedFunction<typeof fetchNPMMetadata>
|
|
25
|
+
|
|
26
|
+
/** Create a postinstall finding like config-audit produces */
|
|
27
|
+
function makePostinstallFinding(
|
|
28
|
+
scriptName: string,
|
|
29
|
+
command: string,
|
|
30
|
+
overrides: Partial<Vulnerability> = {}
|
|
31
|
+
): Vulnerability {
|
|
32
|
+
return {
|
|
33
|
+
id: `config-package.json-5-Package.json security issues`,
|
|
34
|
+
filePath: 'package.json',
|
|
35
|
+
lineNumber: 5,
|
|
36
|
+
lineContent: ` "${scriptName}": "${command}"`,
|
|
37
|
+
severity: 'low',
|
|
38
|
+
category: 'insecure_config',
|
|
39
|
+
title: 'Package.json security issues',
|
|
40
|
+
description: 'Pre/post install scripts can execute arbitrary code - review carefully',
|
|
41
|
+
confidence: 'high',
|
|
42
|
+
baseConfidence: 0.5,
|
|
43
|
+
layer: 1,
|
|
44
|
+
source: 'secrets' as const,
|
|
45
|
+
...overrides,
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
/** Create a non-postinstall finding (should pass through unchanged) */
|
|
50
|
+
function makeOtherFinding(overrides: Partial<Vulnerability> = {}): Vulnerability {
|
|
51
|
+
return {
|
|
52
|
+
id: 'config-Dockerfile-1-Docker running as root',
|
|
53
|
+
filePath: 'Dockerfile',
|
|
54
|
+
lineNumber: 1,
|
|
55
|
+
lineContent: 'FROM node:18',
|
|
56
|
+
severity: 'medium',
|
|
57
|
+
category: 'insecure_config',
|
|
58
|
+
title: 'Docker running as root',
|
|
59
|
+
description: 'No USER instruction found - container will run as root by default',
|
|
60
|
+
confidence: 'high',
|
|
61
|
+
baseConfidence: 0.5,
|
|
62
|
+
layer: 1,
|
|
63
|
+
source: 'secrets' as const,
|
|
64
|
+
...overrides,
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
/** Build fake NPM metadata */
|
|
69
|
+
function makeNPMMetadata(
|
|
70
|
+
name: string,
|
|
71
|
+
weeklyDownloads: number,
|
|
72
|
+
createdDaysAgo: number
|
|
73
|
+
): NPMPackageMetadata {
|
|
74
|
+
const created = new Date()
|
|
75
|
+
created.setDate(created.getDate() - createdDaysAgo)
|
|
76
|
+
return {
|
|
77
|
+
name,
|
|
78
|
+
version: '1.0.0',
|
|
79
|
+
maintainers: [{ name: 'author' }],
|
|
80
|
+
time: { created: created.toISOString(), modified: created.toISOString() },
|
|
81
|
+
downloads: { weekly: weeklyDownloads },
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
beforeEach(() => {
|
|
86
|
+
mockFetchNPM.mockReset()
|
|
87
|
+
})
|
|
88
|
+
|
|
89
|
+
describe('enrichPostinstallFindings', () => {
|
|
90
|
+
describe('severity tiering', () => {
|
|
91
|
+
it('auto-dismisses packages with 1M+ weekly downloads and 1+ year old', async () => {
|
|
92
|
+
mockFetchNPM.mockResolvedValue(makeNPMMetadata('patch-package', 2_500_000, 400))
|
|
93
|
+
|
|
94
|
+
const findings = [makePostinstallFinding('postinstall', 'patch-package')]
|
|
95
|
+
const result = await enrichPostinstallFindings(findings)
|
|
96
|
+
|
|
97
|
+
expect(result).toHaveLength(0)
|
|
98
|
+
expect(mockFetchNPM).toHaveBeenCalledWith('patch-package')
|
|
99
|
+
})
|
|
100
|
+
|
|
101
|
+
it('downgrades to info for 100k+/week and 6+ months old', async () => {
|
|
102
|
+
mockFetchNPM.mockResolvedValue(makeNPMMetadata('some-tool', 250_000, 200))
|
|
103
|
+
|
|
104
|
+
const findings = [makePostinstallFinding('postinstall', 'some-tool')]
|
|
105
|
+
const result = await enrichPostinstallFindings(findings)
|
|
106
|
+
|
|
107
|
+
expect(result).toHaveLength(1)
|
|
108
|
+
expect(result[0].severity).toBe('info')
|
|
109
|
+
expect(result[0].description).toContain('some-tool')
|
|
110
|
+
expect(result[0].description).toContain('250k/week')
|
|
111
|
+
})
|
|
112
|
+
|
|
113
|
+
it('keeps as low for 10k+/week and 3+ months old', async () => {
|
|
114
|
+
mockFetchNPM.mockResolvedValue(makeNPMMetadata('moderate-pkg', 50_000, 120))
|
|
115
|
+
|
|
116
|
+
const findings = [makePostinstallFinding('postinstall', 'moderate-pkg')]
|
|
117
|
+
const result = await enrichPostinstallFindings(findings)
|
|
118
|
+
|
|
119
|
+
expect(result).toHaveLength(1)
|
|
120
|
+
expect(result[0].severity).toBe('low')
|
|
121
|
+
})
|
|
122
|
+
|
|
123
|
+
it('escalates to medium for low-download packages', async () => {
|
|
124
|
+
mockFetchNPM.mockResolvedValue(makeNPMMetadata('sketchy-pkg', 500, 60))
|
|
125
|
+
|
|
126
|
+
const findings = [makePostinstallFinding('postinstall', 'sketchy-pkg')]
|
|
127
|
+
const result = await enrichPostinstallFindings(findings)
|
|
128
|
+
|
|
129
|
+
expect(result).toHaveLength(1)
|
|
130
|
+
expect(result[0].severity).toBe('medium')
|
|
131
|
+
expect(result[0].description).toContain('500 weekly downloads')
|
|
132
|
+
expect(result[0].description).toContain('Review carefully')
|
|
133
|
+
})
|
|
134
|
+
|
|
135
|
+
it('escalates to medium for very new packages even with decent downloads', async () => {
|
|
136
|
+
mockFetchNPM.mockResolvedValue(makeNPMMetadata('new-popular', 50_000, 15))
|
|
137
|
+
|
|
138
|
+
const findings = [makePostinstallFinding('postinstall', 'new-popular')]
|
|
139
|
+
const result = await enrichPostinstallFindings(findings)
|
|
140
|
+
|
|
141
|
+
expect(result).toHaveLength(1)
|
|
142
|
+
expect(result[0].severity).toBe('medium')
|
|
143
|
+
})
|
|
144
|
+
|
|
145
|
+
it('escalates to high when package not found on npm', async () => {
|
|
146
|
+
mockFetchNPM.mockResolvedValue(null)
|
|
147
|
+
|
|
148
|
+
const findings = [makePostinstallFinding('postinstall', 'not-a-real-package-xyz')]
|
|
149
|
+
const result = await enrichPostinstallFindings(findings)
|
|
150
|
+
|
|
151
|
+
expect(result).toHaveLength(1)
|
|
152
|
+
expect(result[0].severity).toBe('high')
|
|
153
|
+
expect(result[0].description).toContain('not found on npm registry')
|
|
154
|
+
expect(result[0].description).toContain('supply chain risk')
|
|
155
|
+
})
|
|
156
|
+
})
|
|
157
|
+
|
|
158
|
+
describe('script command parsing', () => {
|
|
159
|
+
it('handles direct binary commands like "husky install"', async () => {
|
|
160
|
+
mockFetchNPM.mockResolvedValue(makeNPMMetadata('husky', 5_000_000, 2000))
|
|
161
|
+
|
|
162
|
+
const findings = [makePostinstallFinding('postinstall', 'husky install')]
|
|
163
|
+
const result = await enrichPostinstallFindings(findings)
|
|
164
|
+
|
|
165
|
+
expect(result).toHaveLength(0) // auto-dismissed
|
|
166
|
+
expect(mockFetchNPM).toHaveBeenCalledWith('husky')
|
|
167
|
+
})
|
|
168
|
+
|
|
169
|
+
it('handles npx commands by looking up the tool', async () => {
|
|
170
|
+
mockFetchNPM.mockResolvedValue(makeNPMMetadata('prisma', 3_000_000, 1500))
|
|
171
|
+
|
|
172
|
+
const findings = [makePostinstallFinding('postinstall', 'npx prisma generate')]
|
|
173
|
+
const result = await enrichPostinstallFindings(findings)
|
|
174
|
+
|
|
175
|
+
expect(result).toHaveLength(0) // auto-dismissed
|
|
176
|
+
expect(mockFetchNPM).toHaveBeenCalledWith('prisma')
|
|
177
|
+
})
|
|
178
|
+
|
|
179
|
+
it('skips "npm run" commands (local scripts, cannot determine package)', async () => {
|
|
180
|
+
const findings = [makePostinstallFinding('postinstall', 'npm run setup')]
|
|
181
|
+
const result = await enrichPostinstallFindings(findings)
|
|
182
|
+
|
|
183
|
+
expect(result).toHaveLength(1)
|
|
184
|
+
expect(result[0].severity).toBe('low') // unchanged
|
|
185
|
+
expect(mockFetchNPM).not.toHaveBeenCalled()
|
|
186
|
+
})
|
|
187
|
+
|
|
188
|
+
it('skips "node" commands (local script execution)', async () => {
|
|
189
|
+
const findings = [makePostinstallFinding('postinstall', 'node scripts/setup.js')]
|
|
190
|
+
const result = await enrichPostinstallFindings(findings)
|
|
191
|
+
|
|
192
|
+
expect(result).toHaveLength(1)
|
|
193
|
+
expect(result[0].severity).toBe('low') // unchanged
|
|
194
|
+
expect(mockFetchNPM).not.toHaveBeenCalled()
|
|
195
|
+
})
|
|
196
|
+
|
|
197
|
+
it('skips "sh" and "bash" commands (local script execution)', async () => {
|
|
198
|
+
const findings = [makePostinstallFinding('postinstall', 'sh ./setup.sh')]
|
|
199
|
+
const result = await enrichPostinstallFindings(findings)
|
|
200
|
+
|
|
201
|
+
expect(result).toHaveLength(1)
|
|
202
|
+
expect(result[0].severity).toBe('low')
|
|
203
|
+
expect(mockFetchNPM).not.toHaveBeenCalled()
|
|
204
|
+
})
|
|
205
|
+
|
|
206
|
+
it('handles preinstall scripts the same as postinstall', async () => {
|
|
207
|
+
mockFetchNPM.mockResolvedValue(null)
|
|
208
|
+
|
|
209
|
+
const findings = [makePostinstallFinding('preinstall', 'malicious-tool')]
|
|
210
|
+
const result = await enrichPostinstallFindings(findings)
|
|
211
|
+
|
|
212
|
+
expect(result).toHaveLength(1)
|
|
213
|
+
expect(result[0].severity).toBe('high')
|
|
214
|
+
})
|
|
215
|
+
})
|
|
216
|
+
|
|
217
|
+
describe('passthrough behavior', () => {
|
|
218
|
+
it('passes through non-insecure_config findings unchanged', async () => {
|
|
219
|
+
const finding: Vulnerability = {
|
|
220
|
+
...makePostinstallFinding('postinstall', 'patch-package'),
|
|
221
|
+
category: 'hardcoded_secret',
|
|
222
|
+
}
|
|
223
|
+
const result = await enrichPostinstallFindings([finding])
|
|
224
|
+
|
|
225
|
+
expect(result).toHaveLength(1)
|
|
226
|
+
expect(result[0]).toBe(finding)
|
|
227
|
+
expect(mockFetchNPM).not.toHaveBeenCalled()
|
|
228
|
+
})
|
|
229
|
+
|
|
230
|
+
it('passes through insecure_config findings that are not about install scripts', async () => {
|
|
231
|
+
const finding = makeOtherFinding()
|
|
232
|
+
const result = await enrichPostinstallFindings([finding])
|
|
233
|
+
|
|
234
|
+
expect(result).toHaveLength(1)
|
|
235
|
+
expect(result[0]).toBe(finding)
|
|
236
|
+
expect(mockFetchNPM).not.toHaveBeenCalled()
|
|
237
|
+
})
|
|
238
|
+
|
|
239
|
+
it('preserves non-postinstall findings in a mixed array', async () => {
|
|
240
|
+
mockFetchNPM.mockResolvedValue(makeNPMMetadata('patch-package', 2_500_000, 400))
|
|
241
|
+
|
|
242
|
+
const dockerFinding = makeOtherFinding()
|
|
243
|
+
const postinstallFinding = makePostinstallFinding('postinstall', 'patch-package')
|
|
244
|
+
|
|
245
|
+
const result = await enrichPostinstallFindings([dockerFinding, postinstallFinding])
|
|
246
|
+
|
|
247
|
+
// Docker finding kept, patch-package auto-dismissed
|
|
248
|
+
expect(result).toHaveLength(1)
|
|
249
|
+
expect(result[0]).toBe(dockerFinding)
|
|
250
|
+
})
|
|
251
|
+
|
|
252
|
+
it('returns empty array when all findings are auto-dismissed', async () => {
|
|
253
|
+
mockFetchNPM.mockResolvedValue(makeNPMMetadata('husky', 5_000_000, 2000))
|
|
254
|
+
|
|
255
|
+
const findings = [makePostinstallFinding('postinstall', 'husky install')]
|
|
256
|
+
const result = await enrichPostinstallFindings(findings)
|
|
257
|
+
|
|
258
|
+
expect(result).toHaveLength(0)
|
|
259
|
+
})
|
|
260
|
+
|
|
261
|
+
it('handles empty findings array', async () => {
|
|
262
|
+
const result = await enrichPostinstallFindings([])
|
|
263
|
+
expect(result).toHaveLength(0)
|
|
264
|
+
expect(mockFetchNPM).not.toHaveBeenCalled()
|
|
265
|
+
})
|
|
266
|
+
})
|
|
267
|
+
|
|
268
|
+
describe('threshold boundary cases', () => {
|
|
269
|
+
it('does NOT auto-dismiss at exactly 999,999 downloads even if old', async () => {
|
|
270
|
+
mockFetchNPM.mockResolvedValue(makeNPMMetadata('almost-popular', 999_999, 400))
|
|
271
|
+
|
|
272
|
+
const findings = [makePostinstallFinding('postinstall', 'almost-popular')]
|
|
273
|
+
const result = await enrichPostinstallFindings(findings)
|
|
274
|
+
|
|
275
|
+
expect(result).toHaveLength(1)
|
|
276
|
+
// 999k > 100k and 400 days > 180 → info tier
|
|
277
|
+
expect(result[0].severity).toBe('info')
|
|
278
|
+
})
|
|
279
|
+
|
|
280
|
+
it('does NOT auto-dismiss 1M+ downloads if less than 365 days old', async () => {
|
|
281
|
+
mockFetchNPM.mockResolvedValue(makeNPMMetadata('viral-new', 2_000_000, 300))
|
|
282
|
+
|
|
283
|
+
const findings = [makePostinstallFinding('postinstall', 'viral-new')]
|
|
284
|
+
const result = await enrichPostinstallFindings(findings)
|
|
285
|
+
|
|
286
|
+
expect(result).toHaveLength(1)
|
|
287
|
+
// 2M > 100k and 300 > 180 → info tier
|
|
288
|
+
expect(result[0].severity).toBe('info')
|
|
289
|
+
})
|
|
290
|
+
|
|
291
|
+
it('auto-dismisses at exactly 1M downloads and 365 days', async () => {
|
|
292
|
+
mockFetchNPM.mockResolvedValue(makeNPMMetadata('boundary', 1_000_000, 365))
|
|
293
|
+
|
|
294
|
+
const findings = [makePostinstallFinding('postinstall', 'boundary')]
|
|
295
|
+
const result = await enrichPostinstallFindings(findings)
|
|
296
|
+
|
|
297
|
+
expect(result).toHaveLength(0)
|
|
298
|
+
})
|
|
299
|
+
})
|
|
300
|
+
})
|
|
@@ -5,6 +5,7 @@
|
|
|
5
5
|
|
|
6
6
|
import type { ConfigRule, ConfigViolation, Vulnerability } from '../../shared/types'
|
|
7
7
|
import type { ParsedFile } from '../../shared/parsed-file'
|
|
8
|
+
import { fetchNPMMetadata, calculatePackageAgeDays } from '../../shared/registry-clients'
|
|
8
9
|
|
|
9
10
|
// Base confidence for configuration audit findings
|
|
10
11
|
const BASE_CONFIDENCE = 0.50
|
|
@@ -362,3 +363,113 @@ function getConfigFix(ruleName: string, violation: ConfigViolation): string {
|
|
|
362
363
|
|
|
363
364
|
return fixes[ruleName] || 'Review and fix the security configuration'
|
|
364
365
|
}
|
|
366
|
+
|
|
367
|
+
// ===== Postinstall Enrichment via NPM Registry Lookup =====
|
|
368
|
+
|
|
369
|
+
/** Extract the command string from a postinstall line like: "postinstall": "patch-package" */
|
|
370
|
+
function extractPostinstallCommand(lineContent: string): string | null {
|
|
371
|
+
const match = lineContent.match(/"(?:postinstall|preinstall)"\s*:\s*"([^"]+)"/)
|
|
372
|
+
return match?.[1] || null
|
|
373
|
+
}
|
|
374
|
+
|
|
375
|
+
/** Extract the main binary/package from a script command */
|
|
376
|
+
function extractScriptBinary(command: string): string | null {
|
|
377
|
+
const trimmed = command.trim()
|
|
378
|
+
|
|
379
|
+
// Skip npm/npx wrapper to get the actual tool
|
|
380
|
+
if (trimmed.startsWith('npx ')) {
|
|
381
|
+
const parts = trimmed.slice(4).trim().split(/\s+/)
|
|
382
|
+
return parts[0] || null
|
|
383
|
+
}
|
|
384
|
+
if (trimmed.startsWith('npm run ') || trimmed.startsWith('npm exec ')) {
|
|
385
|
+
return null // Can't determine — it's a local script
|
|
386
|
+
}
|
|
387
|
+
if (trimmed.startsWith('node ') || trimmed.startsWith('sh ') || trimmed.startsWith('bash ')) {
|
|
388
|
+
return null // Local script execution
|
|
389
|
+
}
|
|
390
|
+
|
|
391
|
+
// Direct command: "patch-package", "husky install", "prisma generate"
|
|
392
|
+
const parts = trimmed.split(/\s+/)
|
|
393
|
+
return parts[0] || null
|
|
394
|
+
}
|
|
395
|
+
|
|
396
|
+
function formatDownloads(n: number): string {
|
|
397
|
+
if (n >= 1_000_000) return `${(n / 1_000_000).toFixed(1)}M`
|
|
398
|
+
if (n >= 1_000) return `${(n / 1_000).toFixed(0)}k`
|
|
399
|
+
return `${n}`
|
|
400
|
+
}
|
|
401
|
+
|
|
402
|
+
/**
|
|
403
|
+
* Enrich postinstall findings with npm registry data.
|
|
404
|
+
* Auto-dismisses known safe packages, escalates unknown ones.
|
|
405
|
+
*/
|
|
406
|
+
export async function enrichPostinstallFindings(
|
|
407
|
+
findings: Vulnerability[]
|
|
408
|
+
): Promise<Vulnerability[]> {
|
|
409
|
+
const result: Vulnerability[] = []
|
|
410
|
+
|
|
411
|
+
for (const finding of findings) {
|
|
412
|
+
// Only process postinstall-related config findings
|
|
413
|
+
if (finding.category !== 'insecure_config' ||
|
|
414
|
+
!finding.description.includes('install scripts')) {
|
|
415
|
+
result.push(finding)
|
|
416
|
+
continue
|
|
417
|
+
}
|
|
418
|
+
|
|
419
|
+
// Extract the command from the postinstall script
|
|
420
|
+
const command = extractPostinstallCommand(finding.lineContent)
|
|
421
|
+
if (!command) {
|
|
422
|
+
result.push(finding)
|
|
423
|
+
continue
|
|
424
|
+
}
|
|
425
|
+
|
|
426
|
+
// Get the package name that runs this command
|
|
427
|
+
const scriptBinary = extractScriptBinary(command)
|
|
428
|
+
|
|
429
|
+
if (scriptBinary) {
|
|
430
|
+
const metadata = await fetchNPMMetadata(scriptBinary)
|
|
431
|
+
|
|
432
|
+
if (metadata) {
|
|
433
|
+
const weeklyDownloads = metadata.downloads?.weekly || 0
|
|
434
|
+
const ageDays = calculatePackageAgeDays(metadata.time?.created)
|
|
435
|
+
|
|
436
|
+
// Auto-dismiss: very popular and established
|
|
437
|
+
if (weeklyDownloads >= 1_000_000 && ageDays >= 365) {
|
|
438
|
+
continue // Skip this finding entirely
|
|
439
|
+
}
|
|
440
|
+
|
|
441
|
+
// Trusted: popular and not brand new
|
|
442
|
+
if (weeklyDownloads >= 100_000 && ageDays >= 180) {
|
|
443
|
+
finding.severity = 'info'
|
|
444
|
+
finding.description = `postinstall runs "${command}" (${scriptBinary}: ${formatDownloads(weeklyDownloads)}/week, ${Math.floor(ageDays / 365)}+ years old)`
|
|
445
|
+
result.push(finding)
|
|
446
|
+
continue
|
|
447
|
+
}
|
|
448
|
+
|
|
449
|
+
// Moderate: some usage
|
|
450
|
+
if (weeklyDownloads >= 10_000 && ageDays >= 90) {
|
|
451
|
+
finding.severity = 'low'
|
|
452
|
+
result.push(finding)
|
|
453
|
+
continue
|
|
454
|
+
}
|
|
455
|
+
|
|
456
|
+
// Suspicious: low downloads or very new
|
|
457
|
+
finding.severity = 'medium'
|
|
458
|
+
finding.description = `postinstall runs "${command}" — ${scriptBinary} has only ${formatDownloads(weeklyDownloads)} weekly downloads (${ageDays} days old). Review carefully.`
|
|
459
|
+
result.push(finding)
|
|
460
|
+
continue
|
|
461
|
+
} else {
|
|
462
|
+
// Package not found on npm — escalate
|
|
463
|
+
finding.severity = 'high'
|
|
464
|
+
finding.description = `postinstall runs "${command}" — "${scriptBinary}" not found on npm registry. Possible supply chain risk.`
|
|
465
|
+
result.push(finding)
|
|
466
|
+
continue
|
|
467
|
+
}
|
|
468
|
+
}
|
|
469
|
+
|
|
470
|
+
// Couldn't extract binary, keep as-is
|
|
471
|
+
result.push(finding)
|
|
472
|
+
}
|
|
473
|
+
|
|
474
|
+
return result
|
|
475
|
+
}
|
package/src/pipeline/config.ts
CHANGED
|
@@ -22,7 +22,7 @@ export interface ScanOptions {
|
|
|
22
22
|
branch?: string
|
|
23
23
|
/** Scan mode configuration (full vs incremental) */
|
|
24
24
|
scanMode?: ScanMode | ScanModeConfig
|
|
25
|
-
/** Scan depth (
|
|
25
|
+
/** Scan depth (local/verified/deep) - controls AI usage */
|
|
26
26
|
scanDepth?: ScanDepth
|
|
27
27
|
/** Suppress console.log output (for interactive CLI mode) */
|
|
28
28
|
quiet?: boolean
|
|
@@ -34,6 +34,8 @@ export interface ScanOptions {
|
|
|
34
34
|
showSuppressed?: boolean
|
|
35
35
|
/** Include filter audit trail in output (for debugging/explaining dismissals) */
|
|
36
36
|
includeFilterAudit?: boolean
|
|
37
|
+
/** Enable live dependency auditing (OSV advisories, package checks, postinstall enrichment). Pro/Max only. */
|
|
38
|
+
enableDependencyChecks?: boolean
|
|
37
39
|
}
|
|
38
40
|
|
|
39
41
|
/**
|
package/src/pipeline/index.ts
CHANGED
|
@@ -42,6 +42,9 @@ import { FilterPipeline } from '../postprocess/filtering/pipeline'
|
|
|
42
42
|
import { sortBySeverity, computeSeverityCounts, computeCategoryCounts } from '../report/summary'
|
|
43
43
|
import { deduplicateVulnerabilities } from '../postprocess/dedup'
|
|
44
44
|
import { resolveContradictions } from '../postprocess/contradictions'
|
|
45
|
+
import { enrichPostinstallFindings } from '../detect/secrets/config-audit'
|
|
46
|
+
import { checkPackageAdvisories } from '../detect/config/osv-check'
|
|
47
|
+
import { checkPackages } from '../detect/config/package-check'
|
|
45
48
|
|
|
46
49
|
// Re-export ScanOptions for external consumers
|
|
47
50
|
export { type ScanOptions } from './config'
|
|
@@ -181,12 +184,32 @@ export async function runScan(
|
|
|
181
184
|
...detectorOutput.phaseTiming,
|
|
182
185
|
}
|
|
183
186
|
|
|
187
|
+
// ===== Dependency Auditing (Pro/Max only) =====
|
|
188
|
+
const enableDepChecks = (options.enableDependencyChecks ?? false) && depth !== 'local'
|
|
189
|
+
let enrichedPostinstallFindings = detectorOutput.findings
|
|
190
|
+
|
|
191
|
+
if (enableDepChecks) {
|
|
192
|
+
// 1. Check for known vulnerabilities via OSV.dev
|
|
193
|
+
// 2. Check for hallucinated/typosquatted packages
|
|
194
|
+
for (const file of files) {
|
|
195
|
+
const osvFindings = await checkPackageAdvisories(file.content, file.path)
|
|
196
|
+
const pkgFindings = await checkPackages(file.content, file.path)
|
|
197
|
+
enrichedPostinstallFindings.push(...osvFindings, ...pkgFindings)
|
|
198
|
+
}
|
|
199
|
+
// 3. Enrich postinstall findings with npm registry data
|
|
200
|
+
enrichedPostinstallFindings = await enrichPostinstallFindings(enrichedPostinstallFindings)
|
|
201
|
+
|
|
202
|
+
log(`[DepAudit] repo=${repoInfo.name} osv+pkg checks completed`)
|
|
203
|
+
} else if (depth !== 'local') {
|
|
204
|
+
log(`[DepAudit] repo=${repoInfo.name} skipped=true reason=tier_gated`)
|
|
205
|
+
}
|
|
206
|
+
|
|
184
207
|
// ===== Aggregate Noisy Findings =====
|
|
185
|
-
const beforeAggregationCount =
|
|
186
|
-
const aggregatedFindings = aggregateNoisyFindings(
|
|
208
|
+
const beforeAggregationCount = enrichedPostinstallFindings.length
|
|
209
|
+
const aggregatedFindings = aggregateNoisyFindings(enrichedPostinstallFindings)
|
|
187
210
|
if (filterPipeline.isEnabled) {
|
|
188
211
|
const afterIds = new Set(aggregatedFindings.map(fid))
|
|
189
|
-
for (const v of
|
|
212
|
+
for (const v of enrichedPostinstallFindings) {
|
|
190
213
|
if (!afterIds.has(fid(v))) {
|
|
191
214
|
filterPipeline.record(fid(v), { stage: 'noisy_aggregation', action: 'aggregated', reason: 'Aggregated noisy finding (3+ similar per file)' })
|
|
192
215
|
}
|
package/src/shared/types.ts
CHANGED
|
@@ -530,7 +530,7 @@ export interface ScanModeConfig {
|
|
|
530
530
|
/** Maximum files for Layer 3 analysis (cost control) */
|
|
531
531
|
maxLayer3Files?: number
|
|
532
532
|
|
|
533
|
-
/** Scan depth mode (
|
|
533
|
+
/** Scan depth mode (local/verified/deep) - controls AI usage */
|
|
534
534
|
scanDepth?: ScanDepth
|
|
535
535
|
|
|
536
536
|
/** Whether to exclude test files from scanning (default: true) */
|
package/src/tiers.ts
CHANGED
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
* - Route AI validation budget toward Tier B
|
|
8
8
|
*
|
|
9
9
|
* Security reasoning:
|
|
10
|
-
* - Makes it explicit which detectors are safe to expose in
|
|
10
|
+
* - Makes it explicit which detectors are safe to expose in local scans
|
|
11
11
|
* - Avoids "accidental promotion" of an experimental heuristic to production output
|
|
12
12
|
*/
|
|
13
13
|
|
|
@@ -17,7 +17,7 @@ import type { VulnerabilityCategory } from './shared/types'
|
|
|
17
17
|
* Detector tiers control visibility and trust level:
|
|
18
18
|
*
|
|
19
19
|
* - core: High-precision SAST + core AI-safety detectors. Visible in all scan depths.
|
|
20
|
-
* - ai_assisted: Context-heavy heuristics that need AI validation. Shown in
|
|
20
|
+
* - ai_assisted: Context-heavy heuristics that need AI validation. Shown in verified/deep.
|
|
21
21
|
* - experimental: High-noise signals used only for internal scoring/AI hints. Hidden from users.
|
|
22
22
|
*/
|
|
23
23
|
export type DetectorTier = 'core' | 'ai_assisted' | 'experimental'
|