npm - @oculum/scanner - Versions diffs - 1.0.13 → 1.0.15 - Mend

@oculum/scanner 1.0.13 → 1.0.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1328) hide show

package/dist/detect/ai-code/index.d.ts +6 -11
package/dist/detect/ai-code/index.d.ts.map +1 -1
package/dist/detect/ai-code/index.js +6 -24
package/dist/detect/ai-code/index.js.map +1 -1
package/dist/detect/ast-rules/agent-tools-ast.d.ts +14 -0
package/dist/detect/ast-rules/agent-tools-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/agent-tools-ast.js +809 -0
package/dist/detect/ast-rules/agent-tools-ast.js.map +1 -0
package/dist/detect/ast-rules/ai-fingerprinting-ast.d.ts +14 -0
package/dist/detect/ast-rules/ai-fingerprinting-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/ai-fingerprinting-ast.js +344 -0
package/dist/detect/ast-rules/ai-fingerprinting-ast.js.map +1 -0
package/dist/detect/ast-rules/auth-patterns-ast.d.ts +14 -0
package/dist/detect/ast-rules/auth-patterns-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/auth-patterns-ast.js +280 -0
package/dist/detect/ast-rules/auth-patterns-ast.js.map +1 -0
package/dist/detect/ast-rules/byok-ast.d.ts +13 -0
package/dist/detect/ast-rules/byok-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/byok-ast.js +180 -0
package/dist/detect/ast-rules/byok-ast.js.map +1 -0
package/dist/detect/ast-rules/child-process-ast.d.ts +13 -0
package/dist/detect/ast-rules/child-process-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/child-process-ast.js +252 -0
package/dist/detect/ast-rules/child-process-ast.js.map +1 -0
package/dist/detect/ast-rules/dangerous-eval-ast.d.ts +13 -0
package/dist/detect/ast-rules/dangerous-eval-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/dangerous-eval-ast.js +218 -0
package/dist/detect/ast-rules/dangerous-eval-ast.js.map +1 -0
package/dist/detect/ast-rules/data-exposure-ast.d.ts +13 -0
package/dist/detect/ast-rules/data-exposure-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/data-exposure-ast.js +158 -0
package/dist/detect/ast-rules/data-exposure-ast.js.map +1 -0
package/dist/detect/ast-rules/dom-xss-ast.d.ts +14 -0
package/dist/detect/ast-rules/dom-xss-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/dom-xss-ast.js +217 -0
package/dist/detect/ast-rules/dom-xss-ast.js.map +1 -0
package/dist/detect/ast-rules/endpoint-protection-ast.d.ts +13 -0
package/dist/detect/ast-rules/endpoint-protection-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/endpoint-protection-ast.js +228 -0
package/dist/detect/ast-rules/endpoint-protection-ast.js.map +1 -0
package/dist/detect/ast-rules/entropy-ast.d.ts +17 -0
package/dist/detect/ast-rules/entropy-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/entropy-ast.js +265 -0
package/dist/detect/ast-rules/entropy-ast.js.map +1 -0
package/dist/detect/ast-rules/flask-debug-ast.d.ts +10 -0
package/dist/detect/ast-rules/flask-debug-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/flask-debug-ast.js +125 -0
package/dist/detect/ast-rules/flask-debug-ast.js.map +1 -0
package/dist/detect/ast-rules/framework-checks-ast.d.ts +13 -0
package/dist/detect/ast-rules/framework-checks-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/framework-checks-ast.js +185 -0
package/dist/detect/ast-rules/framework-checks-ast.js.map +1 -0
package/dist/detect/ast-rules/helpers/call-analysis.d.ts +62 -0
package/dist/detect/ast-rules/helpers/call-analysis.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/call-analysis.js +217 -0
package/dist/detect/ast-rules/helpers/call-analysis.js.map +1 -0
package/dist/detect/ast-rules/helpers/context-detection.d.ts +33 -0
package/dist/detect/ast-rules/helpers/context-detection.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/context-detection.js +256 -0
package/dist/detect/ast-rules/helpers/context-detection.js.map +1 -0
package/dist/detect/ast-rules/helpers/control-flow.d.ts +40 -0
package/dist/detect/ast-rules/helpers/control-flow.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/control-flow.js +174 -0
package/dist/detect/ast-rules/helpers/control-flow.js.map +1 -0
package/dist/detect/ast-rules/helpers/import-analysis.d.ts +43 -0
package/dist/detect/ast-rules/helpers/import-analysis.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/import-analysis.js +149 -0
package/dist/detect/ast-rules/helpers/import-analysis.js.map +1 -0
package/dist/detect/ast-rules/helpers/index.d.ts +16 -0
package/dist/detect/ast-rules/helpers/index.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/index.js +112 -0
package/dist/detect/ast-rules/helpers/index.js.map +1 -0
package/dist/detect/ast-rules/helpers/python-helpers.d.ts +215 -0
package/dist/detect/ast-rules/helpers/python-helpers.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/python-helpers.js +935 -0
package/dist/detect/ast-rules/helpers/python-helpers.js.map +1 -0
package/dist/detect/ast-rules/helpers/scope-analysis.d.ts +50 -0
package/dist/detect/ast-rules/helpers/scope-analysis.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/scope-analysis.js +194 -0
package/dist/detect/ast-rules/helpers/scope-analysis.js.map +1 -0
package/dist/detect/ast-rules/helpers/string-analysis.d.ts +57 -0
package/dist/detect/ast-rules/helpers/string-analysis.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/string-analysis.js +184 -0
package/dist/detect/ast-rules/helpers/string-analysis.js.map +1 -0
package/dist/detect/ast-rules/helpers/type-extraction.d.ts +44 -0
package/dist/detect/ast-rules/helpers/type-extraction.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/type-extraction.js +125 -0
package/dist/detect/ast-rules/helpers/type-extraction.js.map +1 -0
package/dist/detect/ast-rules/helpers/user-input.d.ts +35 -0
package/dist/detect/ast-rules/helpers/user-input.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/user-input.js +243 -0
package/dist/detect/ast-rules/helpers/user-input.js.map +1 -0
package/dist/detect/ast-rules/index.d.ts +112 -0
package/dist/detect/ast-rules/index.d.ts.map +1 -0
package/dist/detect/ast-rules/index.js +232 -0
package/dist/detect/ast-rules/index.js.map +1 -0
package/dist/detect/ast-rules/json-parse-ast.d.ts +13 -0
package/dist/detect/ast-rules/json-parse-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/json-parse-ast.js +143 -0
package/dist/detect/ast-rules/json-parse-ast.js.map +1 -0
package/dist/detect/ast-rules/log-injection-ast.d.ts +14 -0
package/dist/detect/ast-rules/log-injection-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/log-injection-ast.js +235 -0
package/dist/detect/ast-rules/log-injection-ast.js.map +1 -0
package/dist/detect/ast-rules/logic-gates-ast.d.ts +14 -0
package/dist/detect/ast-rules/logic-gates-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/logic-gates-ast.js +312 -0
package/dist/detect/ast-rules/logic-gates-ast.js.map +1 -0
package/dist/detect/ast-rules/mcp-security-ast.d.ts +14 -0
package/dist/detect/ast-rules/mcp-security-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/mcp-security-ast.js +755 -0
package/dist/detect/ast-rules/mcp-security-ast.js.map +1 -0
package/dist/detect/ast-rules/model-supply-chain-ast.d.ts +13 -0
package/dist/detect/ast-rules/model-supply-chain-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/model-supply-chain-ast.js +188 -0
package/dist/detect/ast-rules/model-supply-chain-ast.js.map +1 -0
package/dist/detect/ast-rules/package-hallucination-ast.d.ts +13 -0
package/dist/detect/ast-rules/package-hallucination-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/package-hallucination-ast.js +607 -0
package/dist/detect/ast-rules/package-hallucination-ast.js.map +1 -0
package/dist/detect/ast-rules/prompt-hygiene-ast.d.ts +15 -0
package/dist/detect/ast-rules/prompt-hygiene-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/prompt-hygiene-ast.js +332 -0
package/dist/detect/ast-rules/prompt-hygiene-ast.js.map +1 -0
package/dist/detect/ast-rules/rag-safety-ast.d.ts +18 -0
package/dist/detect/ast-rules/rag-safety-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/rag-safety-ast.js +640 -0
package/dist/detect/ast-rules/rag-safety-ast.js.map +1 -0
package/dist/detect/ast-rules/request-validation-ast.d.ts +13 -0
package/dist/detect/ast-rules/request-validation-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/request-validation-ast.js +116 -0
package/dist/detect/ast-rules/request-validation-ast.js.map +1 -0
package/dist/detect/ast-rules/risky-imports-ast.d.ts +14 -0
package/dist/detect/ast-rules/risky-imports-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/risky-imports-ast.js +114 -0
package/dist/detect/ast-rules/risky-imports-ast.js.map +1 -0
package/dist/detect/ast-rules/schema-validation-ast.d.ts +14 -0
package/dist/detect/ast-rules/schema-validation-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/schema-validation-ast.js +233 -0
package/dist/detect/ast-rules/schema-validation-ast.js.map +1 -0
package/dist/detect/ast-rules/secret-patterns-ast.d.ts +17 -0
package/dist/detect/ast-rules/secret-patterns-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/secret-patterns-ast.js +199 -0
package/dist/detect/ast-rules/secret-patterns-ast.js.map +1 -0
package/dist/detect/ast-rules/security-headers-ast.d.ts +14 -0
package/dist/detect/ast-rules/security-headers-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/security-headers-ast.js +187 -0
package/dist/detect/ast-rules/security-headers-ast.js.map +1 -0
package/dist/detect/ast-rules/sql-injection-ast.d.ts +17 -0
package/dist/detect/ast-rules/sql-injection-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/sql-injection-ast.js +497 -0
package/dist/detect/ast-rules/sql-injection-ast.js.map +1 -0
package/dist/detect/ast-rules/ssrf-ast.d.ts +14 -0
package/dist/detect/ast-rules/ssrf-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/ssrf-ast.js +573 -0
package/dist/detect/ast-rules/ssrf-ast.js.map +1 -0
package/dist/detect/ast-rules/taint-fix-templates.d.ts +18 -0
package/dist/detect/ast-rules/taint-fix-templates.d.ts.map +1 -0
package/dist/detect/ast-rules/taint-fix-templates.js +92 -0
package/dist/detect/ast-rules/taint-fix-templates.js.map +1 -0
package/dist/detect/ast-rules/taint-flow-ast.d.ts +24 -0
package/dist/detect/ast-rules/taint-flow-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/taint-flow-ast.js +340 -0
package/dist/detect/ast-rules/taint-flow-ast.js.map +1 -0
package/dist/detect/ast-rules/variables-ast.d.ts +24 -0
package/dist/detect/ast-rules/variables-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/variables-ast.js +362 -0
package/dist/detect/ast-rules/variables-ast.js.map +1 -0
package/dist/detect/ast-rules/weak-crypto-ast.d.ts +15 -0
package/dist/detect/ast-rules/weak-crypto-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/weak-crypto-ast.js +406 -0
package/dist/detect/ast-rules/weak-crypto-ast.js.map +1 -0
package/dist/detect/ast-rules/xxe-ast.d.ts +13 -0
package/dist/detect/ast-rules/xxe-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/xxe-ast.js +157 -0
package/dist/detect/ast-rules/xxe-ast.js.map +1 -0
package/dist/detect/config/agent-skill-injection.d.ts.map +1 -1
package/dist/detect/config/agent-skill-injection.js +2 -24
package/dist/detect/config/agent-skill-injection.js.map +1 -1
package/dist/detect/config/index.d.ts +1 -0
package/dist/detect/config/index.d.ts.map +1 -1
package/dist/detect/config/index.js +3 -1
package/dist/detect/config/index.js.map +1 -1
package/dist/detect/config/osv-check.d.ts.map +1 -1
package/dist/detect/config/osv-check.js +6 -1
package/dist/detect/config/osv-check.js.map +1 -1
package/dist/detect/config/package-check.d.ts.map +1 -1
package/dist/detect/config/package-check.js +6 -1
package/dist/detect/config/package-check.js.map +1 -1
package/dist/detect/config/rules-file-backdoor.d.ts +36 -0
package/dist/detect/config/rules-file-backdoor.d.ts.map +1 -0
package/dist/detect/config/rules-file-backdoor.js +379 -0
package/dist/detect/config/rules-file-backdoor.js.map +1 -0
package/dist/detect/index.d.ts +43 -6
package/dist/detect/index.d.ts.map +1 -1
package/dist/detect/index.js +70 -7
package/dist/detect/index.js.map +1 -1
package/dist/detect/secrets/config-audit.d.ts +5 -0
package/dist/detect/secrets/config-audit.d.ts.map +1 -1
package/dist/detect/secrets/config-audit.js +131 -3
package/dist/detect/secrets/config-audit.js.map +1 -1
package/dist/detect/secrets/entropy.d.ts.map +1 -1
package/dist/detect/secrets/entropy.js +180 -0
package/dist/detect/secrets/entropy.js.map +1 -1
package/dist/detect/secrets/index.d.ts +0 -2
package/dist/detect/secrets/index.d.ts.map +1 -1
package/dist/detect/secrets/index.js +7 -17
package/dist/detect/secrets/index.js.map +1 -1
package/dist/detect/structural/index.d.ts +15 -28
package/dist/detect/structural/index.d.ts.map +1 -1
package/dist/detect/structural/index.js +20 -497
package/dist/detect/structural/index.js.map +1 -1
package/dist/index.d.ts +3 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +9 -1
package/dist/index.js.map +1 -1
package/dist/model/auth-helper-detector.d.ts.map +1 -1
package/dist/model/auth-helper-detector.js +2 -7
package/dist/model/auth-helper-detector.js.map +1 -1
package/dist/model/import-resolver.d.ts.map +1 -1
package/dist/model/import-resolver.js +94 -0
package/dist/model/import-resolver.js.map +1 -1
package/dist/model/imported-auth-detector.js +8 -8
package/dist/model/imported-auth-detector.js.map +1 -1
package/dist/model/index.d.ts +8 -0
package/dist/model/index.d.ts.map +1 -1
package/dist/model/index.js +198 -73
package/dist/model/index.js.map +1 -1
package/dist/model/module-graph.d.ts.map +1 -1
package/dist/model/module-graph.js +22 -9
package/dist/model/module-graph.js.map +1 -1
package/dist/model/project-context.d.ts +1 -1
package/dist/model/project-context.d.ts.map +1 -1
package/dist/model/project-context.js +34 -0
package/dist/model/project-context.js.map +1 -1
package/dist/model/route-auth-resolver.d.ts.map +1 -1
package/dist/model/route-auth-resolver.js +17 -2
package/dist/model/route-auth-resolver.js.map +1 -1
package/dist/model/route-discovery/index.js +1 -1
package/dist/model/route-discovery/index.js.map +1 -1
package/dist/model/route-discovery/nextjs.js +1 -1
package/dist/model/route-discovery/nextjs.js.map +1 -1
package/dist/model/route-discovery/python.d.ts +6 -3
package/dist/model/route-discovery/python.d.ts.map +1 -1
package/dist/model/route-discovery/python.js +132 -9
package/dist/model/route-discovery/python.js.map +1 -1
package/dist/model/route-discovery/types.d.ts +1 -1
package/dist/model/route-discovery/types.d.ts.map +1 -1
package/dist/model/route-discovery/utils.d.ts +8 -0
package/dist/model/route-discovery/utils.d.ts.map +1 -1
package/dist/model/route-discovery/utils.js +70 -0
package/dist/model/route-discovery/utils.js.map +1 -1
package/dist/model/taint-types.d.ts +0 -4
package/dist/model/taint-types.d.ts.map +1 -1
package/dist/parse/ast.d.ts +58 -0
package/dist/parse/ast.d.ts.map +1 -0
package/dist/parse/ast.js +230 -0
package/dist/parse/ast.js.map +1 -0
package/dist/parse/call-graph.d.ts +41 -0
package/dist/parse/call-graph.d.ts.map +1 -0
package/dist/parse/call-graph.js +386 -0
package/dist/parse/call-graph.js.map +1 -0
package/dist/parse/file-classifier.d.ts +11 -0
package/dist/parse/file-classifier.d.ts.map +1 -1
package/dist/parse/file-classifier.js +63 -15
package/dist/parse/file-classifier.js.map +1 -1
package/dist/parse/node-index.d.ts +32 -0
package/dist/parse/node-index.d.ts.map +1 -0
package/dist/parse/node-index.js +103 -0
package/dist/parse/node-index.js.map +1 -0
package/dist/parse/type-extractor.d.ts +50 -0
package/dist/parse/type-extractor.d.ts.map +1 -0
package/dist/parse/type-extractor.js +243 -0
package/dist/parse/type-extractor.js.map +1 -0
package/dist/pipeline/config.d.ts +10 -2
package/dist/pipeline/config.d.ts.map +1 -1
package/dist/pipeline/config.js.map +1 -1
package/dist/pipeline/index.d.ts +3 -3
package/dist/pipeline/index.d.ts.map +1 -1
package/dist/pipeline/index.js +214 -65
package/dist/pipeline/index.js.map +1 -1
package/dist/pipeline/modes/incremental.d.ts.map +1 -1
package/dist/pipeline/modes/incremental.js +2 -7
package/dist/pipeline/modes/incremental.js.map +1 -1
package/dist/postprocess/dedup.d.ts +5 -2
package/dist/postprocess/dedup.d.ts.map +1 -1
package/dist/postprocess/dedup.js +47 -16
package/dist/postprocess/dedup.js.map +1 -1
package/dist/report/build-result.d.ts +9 -4
package/dist/report/build-result.d.ts.map +1 -1
package/dist/report/build-result.js +15 -4
package/dist/report/build-result.js.map +1 -1
package/dist/report/formatters/cli-terminal.d.ts +1 -1
package/dist/report/formatters/cli-terminal.d.ts.map +1 -1
package/dist/report/formatters/cli-terminal.js +434 -231
package/dist/report/formatters/cli-terminal.js.map +1 -1
package/dist/report/sanitize.d.ts +10 -0
package/dist/report/sanitize.d.ts.map +1 -0
package/dist/report/sanitize.js +19 -0
package/dist/report/sanitize.js.map +1 -0
package/dist/score/adjustments.d.ts +20 -2
package/dist/score/adjustments.d.ts.map +1 -1
package/dist/score/adjustments.js +108 -37
package/dist/score/adjustments.js.map +1 -1
package/dist/score/confidence.d.ts +6 -0
package/dist/score/confidence.d.ts.map +1 -1
package/dist/score/confidence.js +10 -4
package/dist/score/confidence.js.map +1 -1
package/dist/score/evidence.d.ts +25 -0
package/dist/score/evidence.d.ts.map +1 -0
package/dist/score/evidence.js +51 -0
package/dist/score/evidence.js.map +1 -0
package/dist/score/index.d.ts +3 -1
package/dist/score/index.d.ts.map +1 -1
package/dist/score/index.js +25 -50
package/dist/score/index.js.map +1 -1
package/dist/score/types.d.ts +5 -1
package/dist/score/types.d.ts.map +1 -1
package/dist/shared/category-filter.d.ts.map +1 -1
package/dist/shared/category-filter.js +12 -0
package/dist/shared/category-filter.js.map +1 -1
package/dist/shared/regex-utils.d.ts +3 -0
package/dist/shared/regex-utils.d.ts.map +1 -0
package/dist/shared/regex-utils.js +8 -0
package/dist/shared/regex-utils.js.map +1 -0
package/dist/shared/registry-clients.d.ts +7 -0
package/dist/shared/registry-clients.d.ts.map +1 -1
package/dist/shared/registry-clients.js +94 -17
package/dist/shared/registry-clients.js.map +1 -1
package/dist/shared/rules/metadata.d.ts.map +1 -1
package/dist/shared/rules/metadata.js +17 -0
package/dist/shared/rules/metadata.js.map +1 -1
package/dist/shared/types.d.ts +60 -16
package/dist/shared/types.d.ts.map +1 -1
package/dist/shared/types.js +38 -21
package/dist/shared/types.js.map +1 -1
package/dist/taint/async-flow.d.ts +44 -0
package/dist/taint/async-flow.d.ts.map +1 -0
package/dist/taint/async-flow.js +271 -0
package/dist/taint/async-flow.js.map +1 -0
package/dist/taint/cfg-builder.d.ts +35 -0
package/dist/taint/cfg-builder.d.ts.map +1 -0
package/dist/taint/cfg-builder.js +980 -0
package/dist/taint/cfg-builder.js.map +1 -0
package/dist/taint/cfg-types.d.ts +76 -0
package/dist/taint/cfg-types.d.ts.map +1 -0
package/dist/taint/cfg-types.js +13 -0
package/dist/taint/cfg-types.js.map +1 -0
package/dist/taint/constant-propagation.d.ts +34 -0
package/dist/taint/constant-propagation.d.ts.map +1 -0
package/dist/taint/constant-propagation.js +164 -0
package/dist/taint/constant-propagation.js.map +1 -0
package/dist/taint/cross-file-analyzer.d.ts +27 -0
package/dist/taint/cross-file-analyzer.d.ts.map +1 -0
package/dist/taint/cross-file-analyzer.js +99 -0
package/dist/taint/cross-file-analyzer.js.map +1 -0
package/dist/taint/cross-file-index.d.ts +59 -0
package/dist/taint/cross-file-index.d.ts.map +1 -0
package/dist/taint/cross-file-index.js +183 -0
package/dist/taint/cross-file-index.js.map +1 -0
package/dist/taint/def-use.d.ts +27 -0
package/dist/taint/def-use.d.ts.map +1 -0
package/dist/taint/def-use.js +519 -0
package/dist/taint/def-use.js.map +1 -0
package/dist/taint/file-analysis-cache.d.ts +47 -0
package/dist/taint/file-analysis-cache.d.ts.map +1 -0
package/dist/taint/file-analysis-cache.js +107 -0
package/dist/taint/file-analysis-cache.js.map +1 -0
package/dist/taint/framework-models.d.ts +77 -0
package/dist/taint/framework-models.d.ts.map +1 -0
package/dist/taint/framework-models.js +258 -0
package/dist/taint/framework-models.js.map +1 -0
package/dist/taint/helpers.d.ts +31 -0
package/dist/taint/helpers.d.ts.map +1 -0
package/dist/taint/helpers.js +130 -0
package/dist/taint/helpers.js.map +1 -0
package/dist/taint/index.d.ts +28 -0
package/dist/taint/index.d.ts.map +1 -0
package/dist/taint/index.js +77 -0
package/dist/taint/index.js.map +1 -0
package/dist/taint/llm-registry.d.ts +47 -0
package/dist/taint/llm-registry.d.ts.map +1 -0
package/dist/taint/llm-registry.js +152 -0
package/dist/taint/llm-registry.js.map +1 -0
package/dist/taint/llm-risk-scoring.d.ts +54 -0
package/dist/taint/llm-risk-scoring.d.ts.map +1 -0
package/dist/taint/llm-risk-scoring.js +376 -0
package/dist/taint/llm-risk-scoring.js.map +1 -0
package/dist/taint/propagation-types.d.ts +104 -0
package/dist/taint/propagation-types.d.ts.map +1 -0
package/dist/taint/propagation-types.js +98 -0
package/dist/taint/propagation-types.js.map +1 -0
package/dist/taint/propagation.d.ts +111 -0
package/dist/taint/propagation.d.ts.map +1 -0
package/dist/taint/propagation.js +1576 -0
package/dist/taint/propagation.js.map +1 -0
package/dist/taint/sanitizer-registry.d.ts +26 -0
package/dist/taint/sanitizer-registry.d.ts.map +1 -0
package/dist/taint/sanitizer-registry.js +422 -0
package/dist/taint/sanitizer-registry.js.map +1 -0
package/dist/taint/sink-classifier.d.ts +27 -0
package/dist/taint/sink-classifier.d.ts.map +1 -0
package/dist/taint/sink-classifier.js +1166 -0
package/dist/taint/sink-classifier.js.map +1 -0
package/dist/taint/source-classifier.d.ts +29 -0
package/dist/taint/source-classifier.d.ts.map +1 -0
package/dist/taint/source-classifier.js +814 -0
package/dist/taint/source-classifier.js.map +1 -0
package/dist/taint/taint-analyzer.d.ts +33 -0
package/dist/taint/taint-analyzer.d.ts.map +1 -0
package/dist/taint/taint-analyzer.js +88 -0
package/dist/taint/taint-analyzer.js.map +1 -0
package/dist/taint/taint-summary.d.ts +37 -0
package/dist/taint/taint-summary.d.ts.map +1 -0
package/dist/taint/taint-summary.js +293 -0
package/dist/taint/taint-summary.js.map +1 -0
package/dist/taint/types.d.ts +47 -0
package/dist/taint/types.d.ts.map +1 -0
package/dist/taint/types.js +19 -0
package/dist/taint/types.js.map +1 -0
package/dist/tiers.d.ts +2 -2
package/dist/tiers.js +1 -1
package/dist/validate/clients.d.ts +2 -1
package/dist/validate/clients.d.ts.map +1 -1
package/dist/validate/clients.js +3 -2
package/dist/validate/clients.js.map +1 -1
package/dist/validate/index.d.ts +5 -6
package/dist/validate/index.d.ts.map +1 -1
package/dist/validate/index.js +22 -21
package/dist/validate/index.js.map +1 -1
package/dist/validate/prompts/modules/ai-patterns.d.ts +1 -1
package/dist/validate/prompts/modules/ai-patterns.d.ts.map +1 -1
package/dist/validate/prompts/modules/ai-patterns.js +16 -0
package/dist/validate/prompts/modules/ai-patterns.js.map +1 -1
package/dist/validate/prompts/modules/common.d.ts +1 -1
package/dist/validate/prompts/modules/common.d.ts.map +1 -1
package/dist/validate/prompts/modules/common.js +12 -3
package/dist/validate/prompts/modules/common.js.map +1 -1
package/dist/validate/providers/anthropic.d.ts +4 -4
package/dist/validate/providers/anthropic.d.ts.map +1 -1
package/dist/validate/providers/anthropic.js +85 -58
package/dist/validate/providers/anthropic.js.map +1 -1
package/dist/validate/providers/openai.d.ts +4 -4
package/dist/validate/providers/openai.d.ts.map +1 -1
package/dist/validate/providers/openai.js +149 -99
package/dist/validate/providers/openai.js.map +1 -1
package/dist/validate/request-builder.d.ts +2 -8
package/dist/validate/request-builder.d.ts.map +1 -1
package/dist/validate/request-builder.js +4 -34
package/dist/validate/request-builder.js.map +1 -1
package/dist/validate/types.d.ts +9 -0
package/dist/validate/types.d.ts.map +1 -1
package/dist/validate/types.js.map +1 -1
package/dist/validate/utils/path-helpers.js +2 -2
package/dist/validate/utils/path-helpers.js.map +1 -1
package/dist/validate/utils/response-parser.d.ts +10 -0
package/dist/validate/utils/response-parser.d.ts.map +1 -1
package/dist/validate/utils/response-parser.js +21 -2
package/dist/validate/utils/response-parser.js.map +1 -1
package/dist/validate/utils/retry.d.ts.map +1 -1
package/dist/validate/utils/retry.js +19 -4
package/dist/validate/utils/retry.js.map +1 -1
package/package.json +7 -4
package/src/__tests__/benchmark/fixtures/layer2/ai-execution-sinks.ts +1 -1
package/src/__tests__/benchmark/planted-benchmark.test.ts +337 -0
package/src/__tests__/benchmark/utils/test-runner.ts +38 -4
package/src/__tests__/category-filter.test.ts +5 -1
package/src/__tests__/context-engine/route-discovery/python.test.ts +726 -0
package/src/__tests__/detect/ast-rules.test.ts +1043 -0
package/src/__tests__/detect/offline-mode.test.ts +147 -0
package/src/__tests__/detect/postinstall-enrichment.test.ts +300 -0
package/src/__tests__/detect/python-ast-rules.test.ts +569 -0
package/src/__tests__/detect/python-helpers.test.ts +536 -0
package/src/__tests__/detect/python-sast-rules.test.ts +453 -0
package/src/__tests__/detect/rules-file-backdoor-decoders.test.ts +151 -0
package/src/__tests__/detect/rules-file-backdoor.test.ts +284 -0
package/src/__tests__/detect/taint-fix-templates.test.ts +150 -0
package/src/__tests__/detect/taint-path-serialization.test.ts +170 -0
package/src/__tests__/parse/call-graph.test.ts +300 -0
package/src/__tests__/parse/python-parser.test.ts +274 -0
package/src/__tests__/regression/known-false-positives.test.ts +491 -9
package/src/__tests__/regression/rules-file-backdoor.test.ts +137 -0
package/src/__tests__/score/adjustments.test.ts +34 -16
package/src/__tests__/score/confidence.test.ts +84 -57
package/src/__tests__/score/evidence-scoring.test.ts +249 -0
package/src/__tests__/score/evidence.test.ts +144 -0
package/src/__tests__/score/scoring-integration.test.ts +56 -34
package/src/__tests__/score/taint-adjustments.test.ts +14 -228
package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +65 -59
package/src/__tests__/snapshots/scan-depth.test.ts +39 -7
package/src/__tests__/taint/async-flow.test.ts +247 -0
package/src/__tests__/taint/cfg-builder.test.ts +835 -0
package/src/__tests__/taint/constant-propagation.test.ts +302 -0
package/src/__tests__/taint/cross-file-index.test.ts +683 -0
package/src/__tests__/taint/cross-file-integration.test.ts +275 -0
package/src/__tests__/taint/cross-file-propagation.test.ts +910 -0
package/src/__tests__/taint/def-use.test.ts +132 -0
package/src/__tests__/taint/field-sensitive-sinks.test.ts +179 -0
package/src/__tests__/taint/field-sensitivity.test.ts +342 -0
package/src/__tests__/taint/file-analysis-cache.test.ts +290 -0
package/src/__tests__/taint/framework-models.test.ts +227 -0
package/src/__tests__/taint/llm-flow-graph.test.ts +850 -0
package/src/__tests__/taint/llm-risk-scoring.test.ts +439 -0
package/src/__tests__/taint/performance-parity.test.ts +315 -0
package/src/__tests__/taint/propagation.test.ts +621 -0
package/src/__tests__/taint/python-cross-file.test.ts +494 -0
package/src/__tests__/taint/python-taint.test.ts +1344 -0
package/src/__tests__/taint/sanitizer-registry.test.ts +304 -0
package/src/__tests__/taint/sanitizer-regression.test.ts +111 -0
package/src/__tests__/taint/sink-classifier.test.ts +537 -0
package/src/__tests__/taint/source-classifier.test.ts +367 -0
package/src/__tests__/taint/taint-pipeline.test.ts +418 -0
package/src/__tests__/taint/taint-smoke.test.ts +400 -0
package/src/__tests__/taint/taint-summary.test.ts +472 -0
package/src/detect/ai-code/index.ts +6 -11
package/src/detect/ast-rules/agent-tools-ast.ts +861 -0
package/src/detect/ast-rules/ai-fingerprinting-ast.ts +451 -0
package/src/detect/ast-rules/auth-patterns-ast.ts +304 -0
package/src/detect/ast-rules/byok-ast.ts +195 -0
package/src/detect/ast-rules/child-process-ast.ts +276 -0
package/src/detect/ast-rules/dangerous-eval-ast.ts +227 -0
package/src/detect/ast-rules/data-exposure-ast.ts +162 -0
package/src/detect/ast-rules/dom-xss-ast.ts +260 -0
package/src/detect/ast-rules/endpoint-protection-ast.ts +231 -0
package/src/detect/ast-rules/entropy-ast.ts +268 -0
package/src/detect/ast-rules/flask-debug-ast.ts +148 -0
package/src/detect/ast-rules/framework-checks-ast.ts +200 -0
package/src/detect/ast-rules/helpers/call-analysis.ts +256 -0
package/src/detect/ast-rules/helpers/context-detection.ts +277 -0
package/src/detect/ast-rules/helpers/control-flow.ts +179 -0
package/src/detect/ast-rules/helpers/import-analysis.ts +185 -0
package/src/detect/ast-rules/helpers/index.ts +133 -0
package/src/detect/ast-rules/helpers/python-helpers.ts +1054 -0
package/src/detect/ast-rules/helpers/scope-analysis.ts +224 -0
package/src/detect/ast-rules/helpers/string-analysis.ts +215 -0
package/src/detect/ast-rules/helpers/type-extraction.ts +138 -0
package/src/detect/ast-rules/helpers/user-input.ts +256 -0
package/src/detect/ast-rules/index.ts +311 -0
package/src/detect/ast-rules/json-parse-ast.ts +162 -0
package/src/detect/ast-rules/log-injection-ast.ts +243 -0
package/src/detect/ast-rules/logic-gates-ast.ts +343 -0
package/src/detect/ast-rules/mcp-security-ast.ts +808 -0
package/src/detect/ast-rules/model-supply-chain-ast.ts +202 -0
package/src/detect/ast-rules/package-hallucination-ast.ts +664 -0
package/src/detect/ast-rules/prompt-hygiene-ast.ts +329 -0
package/src/detect/ast-rules/rag-safety-ast.ts +689 -0
package/src/detect/ast-rules/request-validation-ast.ts +122 -0
package/src/detect/ast-rules/risky-imports-ast.ts +133 -0
package/src/detect/ast-rules/schema-validation-ast.ts +244 -0
package/src/detect/ast-rules/secret-patterns-ast.ts +223 -0
package/src/detect/ast-rules/security-headers-ast.ts +206 -0
package/src/detect/ast-rules/sql-injection-ast.ts +614 -0
package/src/detect/ast-rules/ssrf-ast.ts +601 -0
package/src/detect/ast-rules/taint-fix-templates.ts +108 -0
package/src/detect/ast-rules/taint-flow-ast.ts +416 -0
package/src/detect/ast-rules/variables-ast.ts +446 -0
package/src/detect/ast-rules/weak-crypto-ast.ts +441 -0
package/src/detect/ast-rules/xxe-ast.ts +184 -0
package/src/detect/config/agent-skill-injection.ts +2 -24
package/src/detect/config/index.ts +1 -0
package/src/detect/config/osv-check.ts +6 -1
package/src/detect/config/package-check.ts +6 -1
package/src/detect/config/rules-file-backdoor.ts +438 -0
package/src/detect/index.ts +146 -52
package/src/detect/secrets/config-audit.ts +148 -3
package/src/detect/secrets/entropy.ts +195 -0
package/src/detect/secrets/index.ts +7 -16
package/src/detect/structural/index.ts +23 -566
package/src/index.ts +7 -0
package/src/model/auth-helper-detector.ts +1 -7
package/src/model/import-resolver.ts +104 -0
package/src/model/imported-auth-detector.ts +1 -1
package/src/model/index.ts +240 -80
package/src/model/module-graph.ts +17 -5
package/src/model/project-context.ts +28 -1
package/src/model/route-auth-resolver.ts +18 -3
package/src/model/route-discovery/index.ts +1 -1
package/src/model/route-discovery/nextjs.ts +1 -1
package/src/model/route-discovery/python.ts +156 -9
package/src/model/route-discovery/types.ts +1 -1
package/src/model/route-discovery/utils.ts +73 -0
package/src/model/taint-types.ts +1 -6
package/src/parse/ast.ts +271 -0
package/src/parse/call-graph.ts +419 -0
package/src/parse/file-classifier.ts +69 -15
package/src/parse/node-index.ts +118 -0
package/src/parse/type-extractor.ts +293 -0
package/src/pipeline/config.ts +10 -1
package/src/pipeline/index.ts +475 -187
package/src/pipeline/modes/incremental.ts +1 -7
package/src/postprocess/dedup.ts +48 -17
package/src/report/build-result.ts +57 -29
package/src/report/formatters/cli-terminal.ts +731 -415
package/src/report/sanitize.ts +27 -0
package/src/score/adjustments.ts +113 -40
package/src/score/confidence.ts +10 -5
package/src/score/evidence.ts +55 -0
package/src/score/index.ts +27 -55
package/src/score/types.ts +4 -0
package/src/shared/category-filter.ts +12 -0
package/src/shared/regex-utils.ts +4 -0
package/src/shared/registry-clients.ts +106 -18
package/src/shared/rules/__tests__/metadata.test.ts +5 -1
package/src/shared/rules/metadata.ts +19 -0
package/src/shared/types.ts +373 -254
package/src/taint/async-flow.ts +301 -0
package/src/taint/cfg-builder.ts +1127 -0
package/src/taint/cfg-types.ts +110 -0
package/src/taint/constant-propagation.ts +170 -0
package/src/taint/cross-file-analyzer.ts +118 -0
package/src/taint/cross-file-index.ts +275 -0
package/src/taint/def-use.ts +556 -0
package/src/taint/file-analysis-cache.ts +145 -0
package/src/taint/framework-models.ts +313 -0
package/src/taint/helpers.ts +138 -0
package/src/taint/index.ts +71 -0
package/src/taint/llm-registry.ts +174 -0
package/src/taint/llm-risk-scoring.ts +412 -0
package/src/taint/propagation-types.ts +188 -0
package/src/taint/propagation.ts +1750 -0
package/src/taint/sanitizer-registry.ts +490 -0
package/src/taint/sink-classifier.ts +1402 -0
package/src/taint/source-classifier.ts +859 -0
package/src/taint/taint-analyzer.ts +112 -0
package/src/taint/taint-summary.ts +341 -0
package/src/taint/types.ts +86 -0
package/src/tiers.ts +2 -2
package/src/validate/clients.ts +3 -2
package/src/validate/index.ts +89 -53
package/src/validate/prompts/modules/ai-patterns.ts +16 -0
package/src/validate/prompts/modules/common.ts +12 -3
package/src/validate/providers/anthropic.ts +254 -148
package/src/validate/providers/openai.ts +363 -218
package/src/validate/request-builder.ts +2 -45
package/src/validate/types.ts +9 -0
package/src/validate/utils/path-helpers.ts +2 -2
package/src/validate/utils/response-parser.ts +32 -3
package/src/validate/utils/retry.ts +19 -4
package/dist/ai-context/index.d.ts +0 -6
package/dist/ai-context/index.d.ts.map +0 -1
package/dist/ai-context/index.js +0 -13
package/dist/ai-context/index.js.map +0 -1
package/dist/ai-context/manager.d.ts +0 -67
package/dist/ai-context/manager.d.ts.map +0 -1
package/dist/ai-context/manager.js +0 -104
package/dist/ai-context/manager.js.map +0 -1
package/dist/baseline/diff.d.ts +0 -32
package/dist/baseline/diff.d.ts.map +0 -1
package/dist/baseline/diff.js +0 -119
package/dist/baseline/diff.js.map +0 -1
package/dist/baseline/index.d.ts +0 -9
package/dist/baseline/index.d.ts.map +0 -1
package/dist/baseline/index.js +0 -19
package/dist/baseline/index.js.map +0 -1
package/dist/baseline/manager.d.ts +0 -67
package/dist/baseline/manager.d.ts.map +0 -1
package/dist/baseline/manager.js +0 -180
package/dist/baseline/manager.js.map +0 -1
package/dist/baseline/types.d.ts +0 -91
package/dist/baseline/types.d.ts.map +0 -1
package/dist/baseline/types.js +0 -12
package/dist/baseline/types.js.map +0 -1
package/dist/category-filter.d.ts +0 -125
package/dist/category-filter.d.ts.map +0 -1
package/dist/category-filter.js +0 -360
package/dist/category-filter.js.map +0 -1
package/dist/detect/ai-code/agent-tools.d.ts +0 -22
package/dist/detect/ai-code/agent-tools.d.ts.map +0 -1
package/dist/detect/ai-code/agent-tools.js +0 -1509
package/dist/detect/ai-code/agent-tools.js.map +0 -1
package/dist/detect/ai-code/byok-patterns.d.ts +0 -15
package/dist/detect/ai-code/byok-patterns.d.ts.map +0 -1
package/dist/detect/ai-code/byok-patterns.js +0 -313
package/dist/detect/ai-code/byok-patterns.js.map +0 -1
package/dist/detect/ai-code/endpoint-protection.d.ts +0 -38
package/dist/detect/ai-code/endpoint-protection.d.ts.map +0 -1
package/dist/detect/ai-code/endpoint-protection.js +0 -349
package/dist/detect/ai-code/endpoint-protection.js.map +0 -1
package/dist/detect/ai-code/execution-sinks.d.ts +0 -21
package/dist/detect/ai-code/execution-sinks.d.ts.map +0 -1
package/dist/detect/ai-code/execution-sinks.js +0 -1158
package/dist/detect/ai-code/execution-sinks.js.map +0 -1
package/dist/detect/ai-code/fingerprinting.d.ts +0 -10
package/dist/detect/ai-code/fingerprinting.d.ts.map +0 -1
package/dist/detect/ai-code/fingerprinting.js +0 -665
package/dist/detect/ai-code/fingerprinting.js.map +0 -1
package/dist/detect/ai-code/mcp-security.d.ts +0 -20
package/dist/detect/ai-code/mcp-security.d.ts.map +0 -1
package/dist/detect/ai-code/mcp-security.js +0 -880
package/dist/detect/ai-code/mcp-security.js.map +0 -1
package/dist/detect/ai-code/model-supply-chain.d.ts +0 -23
package/dist/detect/ai-code/model-supply-chain.d.ts.map +0 -1
package/dist/detect/ai-code/model-supply-chain.js +0 -447
package/dist/detect/ai-code/model-supply-chain.js.map +0 -1
package/dist/detect/ai-code/package-hallucination.d.ts +0 -22
package/dist/detect/ai-code/package-hallucination.d.ts.map +0 -1
package/dist/detect/ai-code/package-hallucination.js +0 -841
package/dist/detect/ai-code/package-hallucination.js.map +0 -1
package/dist/detect/ai-code/prompt-hygiene.d.ts +0 -22
package/dist/detect/ai-code/prompt-hygiene.d.ts.map +0 -1
package/dist/detect/ai-code/prompt-hygiene.js +0 -1177
package/dist/detect/ai-code/prompt-hygiene.js.map +0 -1
package/dist/detect/ai-code/rag-safety.d.ts +0 -24
package/dist/detect/ai-code/rag-safety.d.ts.map +0 -1
package/dist/detect/ai-code/rag-safety.js +0 -913
package/dist/detect/ai-code/rag-safety.js.map +0 -1
package/dist/detect/ai-code/schema-validation.d.ts +0 -28
package/dist/detect/ai-code/schema-validation.d.ts.map +0 -1
package/dist/detect/ai-code/schema-validation.js +0 -378
package/dist/detect/ai-code/schema-validation.js.map +0 -1
package/dist/detect/secrets/patterns.d.ts +0 -11
package/dist/detect/secrets/patterns.d.ts.map +0 -1
package/dist/detect/secrets/patterns.js +0 -518
package/dist/detect/secrets/patterns.js.map +0 -1
package/dist/detect/secrets/weak-crypto.d.ts +0 -10
package/dist/detect/secrets/weak-crypto.d.ts.map +0 -1
package/dist/detect/secrets/weak-crypto.js +0 -432
package/dist/detect/secrets/weak-crypto.js.map +0 -1
package/dist/detect/structural/auth-patterns.d.ts +0 -22
package/dist/detect/structural/auth-patterns.d.ts.map +0 -1
package/dist/detect/structural/auth-patterns.js +0 -533
package/dist/detect/structural/auth-patterns.js.map +0 -1
package/dist/detect/structural/dangerous-functions/child-process.d.ts +0 -16
package/dist/detect/structural/dangerous-functions/child-process.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/child-process.js +0 -74
package/dist/detect/structural/dangerous-functions/child-process.js.map +0 -1
package/dist/detect/structural/dangerous-functions/dom-xss.d.ts +0 -34
package/dist/detect/structural/dangerous-functions/dom-xss.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/dom-xss.js +0 -230
package/dist/detect/structural/dangerous-functions/dom-xss.js.map +0 -1
package/dist/detect/structural/dangerous-functions/index.d.ts +0 -16
package/dist/detect/structural/dangerous-functions/index.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/index.js +0 -1193
package/dist/detect/structural/dangerous-functions/index.js.map +0 -1
package/dist/detect/structural/dangerous-functions/json-parse.d.ts +0 -31
package/dist/detect/structural/dangerous-functions/json-parse.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/json-parse.js +0 -326
package/dist/detect/structural/dangerous-functions/json-parse.js.map +0 -1
package/dist/detect/structural/dangerous-functions/math-random.d.ts +0 -111
package/dist/detect/structural/dangerous-functions/math-random.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/math-random.js +0 -684
package/dist/detect/structural/dangerous-functions/math-random.js.map +0 -1
package/dist/detect/structural/dangerous-functions/patterns.d.ts +0 -21
package/dist/detect/structural/dangerous-functions/patterns.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/patterns.js +0 -163
package/dist/detect/structural/dangerous-functions/patterns.js.map +0 -1
package/dist/detect/structural/dangerous-functions/request-validation.d.ts +0 -13
package/dist/detect/structural/dangerous-functions/request-validation.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/request-validation.js +0 -126
package/dist/detect/structural/dangerous-functions/request-validation.js.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts +0 -24
package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/control-flow.js +0 -70
package/dist/detect/structural/dangerous-functions/utils/control-flow.js.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts +0 -31
package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/helpers.js +0 -147
package/dist/detect/structural/dangerous-functions/utils/helpers.js.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/index.d.ts +0 -9
package/dist/detect/structural/dangerous-functions/utils/index.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/index.js +0 -23
package/dist/detect/structural/dangerous-functions/utils/index.js.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts +0 -22
package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/schema-validation.js +0 -102
package/dist/detect/structural/dangerous-functions/utils/schema-validation.js.map +0 -1
package/dist/detect/structural/data-exposure.d.ts +0 -19
package/dist/detect/structural/data-exposure.d.ts.map +0 -1
package/dist/detect/structural/data-exposure.js +0 -262
package/dist/detect/structural/data-exposure.js.map +0 -1
package/dist/detect/structural/framework-checks.d.ts +0 -10
package/dist/detect/structural/framework-checks.d.ts.map +0 -1
package/dist/detect/structural/framework-checks.js +0 -389
package/dist/detect/structural/framework-checks.js.map +0 -1
package/dist/detect/structural/log-injection.d.ts +0 -18
package/dist/detect/structural/log-injection.d.ts.map +0 -1
package/dist/detect/structural/log-injection.js +0 -217
package/dist/detect/structural/log-injection.js.map +0 -1
package/dist/detect/structural/logic-gates.d.ts +0 -10
package/dist/detect/structural/logic-gates.d.ts.map +0 -1
package/dist/detect/structural/logic-gates.js +0 -227
package/dist/detect/structural/logic-gates.js.map +0 -1
package/dist/detect/structural/risky-imports.d.ts +0 -10
package/dist/detect/structural/risky-imports.d.ts.map +0 -1
package/dist/detect/structural/risky-imports.js +0 -168
package/dist/detect/structural/risky-imports.js.map +0 -1
package/dist/detect/structural/security-headers.d.ts +0 -18
package/dist/detect/structural/security-headers.d.ts.map +0 -1
package/dist/detect/structural/security-headers.js +0 -196
package/dist/detect/structural/security-headers.js.map +0 -1
package/dist/detect/structural/ssrf-detection.d.ts +0 -18
package/dist/detect/structural/ssrf-detection.d.ts.map +0 -1
package/dist/detect/structural/ssrf-detection.js +0 -263
package/dist/detect/structural/ssrf-detection.js.map +0 -1
package/dist/detect/structural/variables.d.ts +0 -11
package/dist/detect/structural/variables.d.ts.map +0 -1
package/dist/detect/structural/variables.js +0 -159
package/dist/detect/structural/variables.js.map +0 -1
package/dist/detect/structural/xxe-detection.d.ts +0 -18
package/dist/detect/structural/xxe-detection.d.ts.map +0 -1
package/dist/detect/structural/xxe-detection.js +0 -245
package/dist/detect/structural/xxe-detection.js.map +0 -1
package/dist/filtering/context-adjustments.d.ts +0 -23
package/dist/filtering/context-adjustments.d.ts.map +0 -1
package/dist/filtering/context-adjustments.js +0 -100
package/dist/filtering/context-adjustments.js.map +0 -1
package/dist/filtering/index.d.ts +0 -3
package/dist/filtering/index.d.ts.map +0 -1
package/dist/filtering/index.js +0 -8
package/dist/filtering/index.js.map +0 -1
package/dist/filtering/pipeline.d.ts +0 -48
package/dist/filtering/pipeline.d.ts.map +0 -1
package/dist/filtering/pipeline.js +0 -76
package/dist/filtering/pipeline.js.map +0 -1
package/dist/formatters/ai-context.d.ts +0 -23
package/dist/formatters/ai-context.d.ts.map +0 -1
package/dist/formatters/ai-context.js +0 -238
package/dist/formatters/ai-context.js.map +0 -1
package/dist/formatters/cli-terminal.d.ts +0 -65
package/dist/formatters/cli-terminal.d.ts.map +0 -1
package/dist/formatters/cli-terminal.js +0 -735
package/dist/formatters/cli-terminal.js.map +0 -1
package/dist/formatters/github-comment.d.ts +0 -41
package/dist/formatters/github-comment.d.ts.map +0 -1
package/dist/formatters/github-comment.js +0 -370
package/dist/formatters/github-comment.js.map +0 -1
package/dist/formatters/grouping.d.ts +0 -52
package/dist/formatters/grouping.d.ts.map +0 -1
package/dist/formatters/grouping.js +0 -152
package/dist/formatters/grouping.js.map +0 -1
package/dist/formatters/ide/claude-code.d.ts +0 -17
package/dist/formatters/ide/claude-code.d.ts.map +0 -1
package/dist/formatters/ide/claude-code.js +0 -94
package/dist/formatters/ide/claude-code.js.map +0 -1
package/dist/formatters/ide/cursor.d.ts +0 -13
package/dist/formatters/ide/cursor.d.ts.map +0 -1
package/dist/formatters/ide/cursor.js +0 -125
package/dist/formatters/ide/cursor.js.map +0 -1
package/dist/formatters/ide/index.d.ts +0 -62
package/dist/formatters/ide/index.d.ts.map +0 -1
package/dist/formatters/ide/index.js +0 -184
package/dist/formatters/ide/index.js.map +0 -1
package/dist/formatters/ide/windsurf.d.ts +0 -13
package/dist/formatters/ide/windsurf.d.ts.map +0 -1
package/dist/formatters/ide/windsurf.js +0 -117
package/dist/formatters/ide/windsurf.js.map +0 -1
package/dist/formatters/index.d.ts +0 -11
package/dist/formatters/index.d.ts.map +0 -1
package/dist/formatters/index.js +0 -54
package/dist/formatters/index.js.map +0 -1
package/dist/formatters/vscode-diagnostic.d.ts +0 -103
package/dist/formatters/vscode-diagnostic.d.ts.map +0 -1
package/dist/formatters/vscode-diagnostic.js +0 -151
package/dist/formatters/vscode-diagnostic.js.map +0 -1
package/dist/layer1/comments.d.ts +0 -11
package/dist/layer1/comments.d.ts.map +0 -1
package/dist/layer1/comments.js +0 -203
package/dist/layer1/comments.js.map +0 -1
package/dist/layer1/config-audit.d.ts +0 -11
package/dist/layer1/config-audit.d.ts.map +0 -1
package/dist/layer1/config-audit.js +0 -311
package/dist/layer1/config-audit.js.map +0 -1
package/dist/layer1/config-mcp-audit.d.ts +0 -23
package/dist/layer1/config-mcp-audit.d.ts.map +0 -1
package/dist/layer1/config-mcp-audit.js +0 -239
package/dist/layer1/config-mcp-audit.js.map +0 -1
package/dist/layer1/entropy.d.ts +0 -11
package/dist/layer1/entropy.d.ts.map +0 -1
package/dist/layer1/entropy.js +0 -741
package/dist/layer1/entropy.js.map +0 -1
package/dist/layer1/file-flags.d.ts +0 -10
package/dist/layer1/file-flags.d.ts.map +0 -1
package/dist/layer1/file-flags.js +0 -119
package/dist/layer1/file-flags.js.map +0 -1
package/dist/layer1/index.d.ts +0 -38
package/dist/layer1/index.d.ts.map +0 -1
package/dist/layer1/index.js +0 -170
package/dist/layer1/index.js.map +0 -1
package/dist/layer1/patterns.d.ts +0 -11
package/dist/layer1/patterns.d.ts.map +0 -1
package/dist/layer1/patterns.js +0 -512
package/dist/layer1/patterns.js.map +0 -1
package/dist/layer1/urls.d.ts +0 -11
package/dist/layer1/urls.d.ts.map +0 -1
package/dist/layer1/urls.js +0 -444
package/dist/layer1/urls.js.map +0 -1
package/dist/layer1/weak-crypto.d.ts +0 -10
package/dist/layer1/weak-crypto.d.ts.map +0 -1
package/dist/layer1/weak-crypto.js +0 -428
package/dist/layer1/weak-crypto.js.map +0 -1
package/dist/layer2/ai-agent-tools.d.ts +0 -22
package/dist/layer2/ai-agent-tools.d.ts.map +0 -1
package/dist/layer2/ai-agent-tools.js +0 -1490
package/dist/layer2/ai-agent-tools.js.map +0 -1
package/dist/layer2/ai-endpoint-protection.d.ts +0 -38
package/dist/layer2/ai-endpoint-protection.d.ts.map +0 -1
package/dist/layer2/ai-endpoint-protection.js +0 -346
package/dist/layer2/ai-endpoint-protection.js.map +0 -1
package/dist/layer2/ai-execution-sinks.d.ts +0 -21
package/dist/layer2/ai-execution-sinks.d.ts.map +0 -1
package/dist/layer2/ai-execution-sinks.js +0 -1155
package/dist/layer2/ai-execution-sinks.js.map +0 -1
package/dist/layer2/ai-fingerprinting.d.ts +0 -10
package/dist/layer2/ai-fingerprinting.d.ts.map +0 -1
package/dist/layer2/ai-fingerprinting.js +0 -650
package/dist/layer2/ai-fingerprinting.js.map +0 -1
package/dist/layer2/ai-mcp-security.d.ts +0 -20
package/dist/layer2/ai-mcp-security.d.ts.map +0 -1
package/dist/layer2/ai-mcp-security.js +0 -877
package/dist/layer2/ai-mcp-security.js.map +0 -1
package/dist/layer2/ai-package-hallucination.d.ts +0 -22
package/dist/layer2/ai-package-hallucination.d.ts.map +0 -1
package/dist/layer2/ai-package-hallucination.js +0 -828
package/dist/layer2/ai-package-hallucination.js.map +0 -1
package/dist/layer2/ai-prompt-hygiene.d.ts +0 -22
package/dist/layer2/ai-prompt-hygiene.d.ts.map +0 -1
package/dist/layer2/ai-prompt-hygiene.js +0 -1156
package/dist/layer2/ai-prompt-hygiene.js.map +0 -1
package/dist/layer2/ai-rag-safety.d.ts +0 -24
package/dist/layer2/ai-rag-safety.d.ts.map +0 -1
package/dist/layer2/ai-rag-safety.js +0 -910
package/dist/layer2/ai-rag-safety.js.map +0 -1
package/dist/layer2/ai-schema-validation.d.ts +0 -28
package/dist/layer2/ai-schema-validation.d.ts.map +0 -1
package/dist/layer2/ai-schema-validation.js +0 -375
package/dist/layer2/ai-schema-validation.js.map +0 -1
package/dist/layer2/auth-antipatterns.d.ts +0 -22
package/dist/layer2/auth-antipatterns.d.ts.map +0 -1
package/dist/layer2/auth-antipatterns.js +0 -522
package/dist/layer2/auth-antipatterns.js.map +0 -1
package/dist/layer2/byok-patterns.d.ts +0 -15
package/dist/layer2/byok-patterns.d.ts.map +0 -1
package/dist/layer2/byok-patterns.js +0 -302
package/dist/layer2/byok-patterns.js.map +0 -1
package/dist/layer2/dangerous-functions/child-process.d.ts +0 -16
package/dist/layer2/dangerous-functions/child-process.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/child-process.js +0 -74
package/dist/layer2/dangerous-functions/child-process.js.map +0 -1
package/dist/layer2/dangerous-functions/dom-xss.d.ts +0 -34
package/dist/layer2/dangerous-functions/dom-xss.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/dom-xss.js +0 -230
package/dist/layer2/dangerous-functions/dom-xss.js.map +0 -1
package/dist/layer2/dangerous-functions/index.d.ts +0 -16
package/dist/layer2/dangerous-functions/index.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/index.js +0 -1152
package/dist/layer2/dangerous-functions/index.js.map +0 -1
package/dist/layer2/dangerous-functions/json-parse.d.ts +0 -31
package/dist/layer2/dangerous-functions/json-parse.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/json-parse.js +0 -319
package/dist/layer2/dangerous-functions/json-parse.js.map +0 -1
package/dist/layer2/dangerous-functions/math-random.d.ts +0 -111
package/dist/layer2/dangerous-functions/math-random.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/math-random.js +0 -684
package/dist/layer2/dangerous-functions/math-random.js.map +0 -1
package/dist/layer2/dangerous-functions/patterns.d.ts +0 -21
package/dist/layer2/dangerous-functions/patterns.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/patterns.js +0 -163
package/dist/layer2/dangerous-functions/patterns.js.map +0 -1
package/dist/layer2/dangerous-functions/request-validation.d.ts +0 -13
package/dist/layer2/dangerous-functions/request-validation.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/request-validation.js +0 -119
package/dist/layer2/dangerous-functions/request-validation.js.map +0 -1
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts +0 -24
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/utils/control-flow.js +0 -70
package/dist/layer2/dangerous-functions/utils/control-flow.js.map +0 -1
package/dist/layer2/dangerous-functions/utils/helpers.d.ts +0 -31
package/dist/layer2/dangerous-functions/utils/helpers.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/utils/helpers.js +0 -147
package/dist/layer2/dangerous-functions/utils/helpers.js.map +0 -1
package/dist/layer2/dangerous-functions/utils/index.d.ts +0 -9
package/dist/layer2/dangerous-functions/utils/index.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/utils/index.js +0 -23
package/dist/layer2/dangerous-functions/utils/index.js.map +0 -1
package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts +0 -22
package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/utils/schema-validation.js +0 -102
package/dist/layer2/dangerous-functions/utils/schema-validation.js.map +0 -1
package/dist/layer2/data-exposure.d.ts +0 -19
package/dist/layer2/data-exposure.d.ts.map +0 -1
package/dist/layer2/data-exposure.js +0 -255
package/dist/layer2/data-exposure.js.map +0 -1
package/dist/layer2/framework-checks.d.ts +0 -10
package/dist/layer2/framework-checks.d.ts.map +0 -1
package/dist/layer2/framework-checks.js +0 -384
package/dist/layer2/framework-checks.js.map +0 -1
package/dist/layer2/index.d.ts +0 -74
package/dist/layer2/index.d.ts.map +0 -1
package/dist/layer2/index.js +0 -544
package/dist/layer2/index.js.map +0 -1
package/dist/layer2/log-injection.d.ts +0 -18
package/dist/layer2/log-injection.d.ts.map +0 -1
package/dist/layer2/log-injection.js +0 -214
package/dist/layer2/log-injection.js.map +0 -1
package/dist/layer2/logic-gates.d.ts +0 -10
package/dist/layer2/logic-gates.d.ts.map +0 -1
package/dist/layer2/logic-gates.js +0 -220
package/dist/layer2/logic-gates.js.map +0 -1
package/dist/layer2/model-supply-chain.d.ts +0 -23
package/dist/layer2/model-supply-chain.d.ts.map +0 -1
package/dist/layer2/model-supply-chain.js +0 -444
package/dist/layer2/model-supply-chain.js.map +0 -1
package/dist/layer2/risky-imports.d.ts +0 -10
package/dist/layer2/risky-imports.d.ts.map +0 -1
package/dist/layer2/risky-imports.js +0 -165
package/dist/layer2/risky-imports.js.map +0 -1
package/dist/layer2/security-headers.d.ts +0 -18
package/dist/layer2/security-headers.d.ts.map +0 -1
package/dist/layer2/security-headers.js +0 -187
package/dist/layer2/security-headers.js.map +0 -1
package/dist/layer2/ssrf-detection.d.ts +0 -18
package/dist/layer2/ssrf-detection.d.ts.map +0 -1
package/dist/layer2/ssrf-detection.js +0 -252
package/dist/layer2/ssrf-detection.js.map +0 -1
package/dist/layer2/variables.d.ts +0 -11
package/dist/layer2/variables.d.ts.map +0 -1
package/dist/layer2/variables.js +0 -156
package/dist/layer2/variables.js.map +0 -1
package/dist/layer2/xxe-detection.d.ts +0 -18
package/dist/layer2/xxe-detection.d.ts.map +0 -1
package/dist/layer2/xxe-detection.js +0 -242
package/dist/layer2/xxe-detection.js.map +0 -1
package/dist/layer3/anthropic/auto-dismiss.d.ts +0 -24
package/dist/layer3/anthropic/auto-dismiss.d.ts.map +0 -1
package/dist/layer3/anthropic/auto-dismiss.js +0 -199
package/dist/layer3/anthropic/auto-dismiss.js.map +0 -1
package/dist/layer3/anthropic/clients.d.ts +0 -44
package/dist/layer3/anthropic/clients.d.ts.map +0 -1
package/dist/layer3/anthropic/clients.js +0 -81
package/dist/layer3/anthropic/clients.js.map +0 -1
package/dist/layer3/anthropic/index.d.ts +0 -41
package/dist/layer3/anthropic/index.d.ts.map +0 -1
package/dist/layer3/anthropic/index.js +0 -141
package/dist/layer3/anthropic/index.js.map +0 -1
package/dist/layer3/anthropic/prompts/index.d.ts +0 -8
package/dist/layer3/anthropic/prompts/index.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/index.js +0 -16
package/dist/layer3/anthropic/prompts/index.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts +0 -19
package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/ai-patterns.js +0 -156
package/dist/layer3/anthropic/prompts/modules/ai-patterns.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts +0 -9
package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/auth-access.js +0 -25
package/dist/layer3/anthropic/prompts/modules/auth-access.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/common.d.ts +0 -11
package/dist/layer3/anthropic/prompts/modules/common.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/common.js +0 -152
package/dist/layer3/anthropic/prompts/modules/common.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/index.d.ts +0 -54
package/dist/layer3/anthropic/prompts/modules/index.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/index.js +0 -185
package/dist/layer3/anthropic/prompts/modules/index.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts +0 -8
package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/owasp-classic.js +0 -84
package/dist/layer3/anthropic/prompts/modules/owasp-classic.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts +0 -8
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js +0 -68
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts +0 -8
package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/xss-prompt.js +0 -22
package/dist/layer3/anthropic/prompts/modules/xss-prompt.js.map +0 -1
package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts +0 -15
package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/semantic-analysis.js +0 -169
package/dist/layer3/anthropic/prompts/semantic-analysis.js.map +0 -1
package/dist/layer3/anthropic/prompts/validation.d.ts +0 -18
package/dist/layer3/anthropic/prompts/validation.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/validation.js +0 -25
package/dist/layer3/anthropic/prompts/validation.js.map +0 -1
package/dist/layer3/anthropic/providers/anthropic.d.ts +0 -21
package/dist/layer3/anthropic/providers/anthropic.d.ts.map +0 -1
package/dist/layer3/anthropic/providers/anthropic.js +0 -269
package/dist/layer3/anthropic/providers/anthropic.js.map +0 -1
package/dist/layer3/anthropic/providers/index.d.ts +0 -8
package/dist/layer3/anthropic/providers/index.d.ts.map +0 -1
package/dist/layer3/anthropic/providers/index.js +0 -15
package/dist/layer3/anthropic/providers/index.js.map +0 -1
package/dist/layer3/anthropic/providers/openai.d.ts +0 -18
package/dist/layer3/anthropic/providers/openai.d.ts.map +0 -1
package/dist/layer3/anthropic/providers/openai.js +0 -343
package/dist/layer3/anthropic/providers/openai.js.map +0 -1
package/dist/layer3/anthropic/request-builder.d.ts +0 -27
package/dist/layer3/anthropic/request-builder.d.ts.map +0 -1
package/dist/layer3/anthropic/request-builder.js +0 -150
package/dist/layer3/anthropic/request-builder.js.map +0 -1
package/dist/layer3/anthropic/types.d.ts +0 -88
package/dist/layer3/anthropic/types.d.ts.map +0 -1
package/dist/layer3/anthropic/types.js +0 -38
package/dist/layer3/anthropic/types.js.map +0 -1
package/dist/layer3/anthropic/utils/context-extractor.d.ts +0 -55
package/dist/layer3/anthropic/utils/context-extractor.d.ts.map +0 -1
package/dist/layer3/anthropic/utils/context-extractor.js +0 -161
package/dist/layer3/anthropic/utils/context-extractor.js.map +0 -1
package/dist/layer3/anthropic/utils/index.d.ts +0 -11
package/dist/layer3/anthropic/utils/index.d.ts.map +0 -1
package/dist/layer3/anthropic/utils/index.js +0 -27
package/dist/layer3/anthropic/utils/index.js.map +0 -1
package/dist/layer3/anthropic/utils/path-helpers.d.ts +0 -21
package/dist/layer3/anthropic/utils/path-helpers.d.ts.map +0 -1
package/dist/layer3/anthropic/utils/path-helpers.js +0 -69
package/dist/layer3/anthropic/utils/path-helpers.js.map +0 -1
package/dist/layer3/anthropic/utils/response-parser.d.ts +0 -40
package/dist/layer3/anthropic/utils/response-parser.d.ts.map +0 -1
package/dist/layer3/anthropic/utils/response-parser.js +0 -285
package/dist/layer3/anthropic/utils/response-parser.js.map +0 -1
package/dist/layer3/anthropic/utils/retry.d.ts +0 -15
package/dist/layer3/anthropic/utils/retry.d.ts.map +0 -1
package/dist/layer3/anthropic/utils/retry.js +0 -62
package/dist/layer3/anthropic/utils/retry.js.map +0 -1
package/dist/layer3/index.d.ts +0 -27
package/dist/layer3/index.d.ts.map +0 -1
package/dist/layer3/index.js +0 -150
package/dist/layer3/index.js.map +0 -1
package/dist/layer3/osv-check.d.ts +0 -75
package/dist/layer3/osv-check.d.ts.map +0 -1
package/dist/layer3/osv-check.js +0 -308
package/dist/layer3/osv-check.js.map +0 -1
package/dist/layer3/package-check.d.ts +0 -63
package/dist/layer3/package-check.d.ts.map +0 -1
package/dist/layer3/package-check.js +0 -508
package/dist/layer3/package-check.js.map +0 -1
package/dist/model/cross-file-taint.d.ts +0 -40
package/dist/model/cross-file-taint.d.ts.map +0 -1
package/dist/model/cross-file-taint.js +0 -290
package/dist/model/cross-file-taint.js.map +0 -1
package/dist/model/function-classifier.d.ts +0 -32
package/dist/model/function-classifier.d.ts.map +0 -1
package/dist/model/function-classifier.js +0 -143
package/dist/model/function-classifier.js.map +0 -1
package/dist/model/sanitiser-detection.d.ts +0 -27
package/dist/model/sanitiser-detection.d.ts.map +0 -1
package/dist/model/sanitiser-detection.js +0 -224
package/dist/model/sanitiser-detection.js.map +0 -1
package/dist/model/sink-matcher.d.ts +0 -17
package/dist/model/sink-matcher.d.ts.map +0 -1
package/dist/model/sink-matcher.js +0 -141
package/dist/model/sink-matcher.js.map +0 -1
package/dist/model/sink-patterns.d.ts +0 -19
package/dist/model/sink-patterns.d.ts.map +0 -1
package/dist/model/sink-patterns.js +0 -88
package/dist/model/sink-patterns.js.map +0 -1
package/dist/model/source-discovery.d.ts +0 -15
package/dist/model/source-discovery.d.ts.map +0 -1
package/dist/model/source-discovery.js +0 -170
package/dist/model/source-discovery.js.map +0 -1
package/dist/model/taint-tracker.d.ts +0 -21
package/dist/model/taint-tracker.d.ts.map +0 -1
package/dist/model/taint-tracker.js +0 -281
package/dist/model/taint-tracker.js.map +0 -1
package/dist/modes/incremental.d.ts +0 -66
package/dist/modes/incremental.d.ts.map +0 -1
package/dist/modes/incremental.js +0 -200
package/dist/modes/incremental.js.map +0 -1
package/dist/rules/framework-fixes.d.ts +0 -48
package/dist/rules/framework-fixes.d.ts.map +0 -1
package/dist/rules/framework-fixes.js +0 -439
package/dist/rules/framework-fixes.js.map +0 -1
package/dist/rules/index.d.ts +0 -8
package/dist/rules/index.d.ts.map +0 -1
package/dist/rules/index.js +0 -18
package/dist/rules/index.js.map +0 -1
package/dist/rules/metadata.d.ts +0 -43
package/dist/rules/metadata.d.ts.map +0 -1
package/dist/rules/metadata.js +0 -800
package/dist/rules/metadata.js.map +0 -1
package/dist/score/auto-dismiss.d.ts +0 -28
package/dist/score/auto-dismiss.d.ts.map +0 -1
package/dist/score/auto-dismiss.js +0 -200
package/dist/score/auto-dismiss.js.map +0 -1
package/dist/suppression/config-loader.d.ts +0 -74
package/dist/suppression/config-loader.d.ts.map +0 -1
package/dist/suppression/config-loader.js +0 -424
package/dist/suppression/config-loader.js.map +0 -1
package/dist/suppression/hash.d.ts +0 -48
package/dist/suppression/hash.d.ts.map +0 -1
package/dist/suppression/hash.js +0 -88
package/dist/suppression/hash.js.map +0 -1
package/dist/suppression/index.d.ts +0 -11
package/dist/suppression/index.d.ts.map +0 -1
package/dist/suppression/index.js +0 -39
package/dist/suppression/index.js.map +0 -1
package/dist/suppression/inline-parser.d.ts +0 -39
package/dist/suppression/inline-parser.d.ts.map +0 -1
package/dist/suppression/inline-parser.js +0 -218
package/dist/suppression/inline-parser.js.map +0 -1
package/dist/suppression/manager.d.ts +0 -94
package/dist/suppression/manager.d.ts.map +0 -1
package/dist/suppression/manager.js +0 -292
package/dist/suppression/manager.js.map +0 -1
package/dist/suppression/types.d.ts +0 -151
package/dist/suppression/types.d.ts.map +0 -1
package/dist/suppression/types.js +0 -28
package/dist/suppression/types.js.map +0 -1
package/dist/types.d.ts +0 -331
package/dist/types.d.ts.map +0 -1
package/dist/types.js +0 -124
package/dist/types.js.map +0 -1
package/dist/utils/auth-helper-detector.d.ts +0 -56
package/dist/utils/auth-helper-detector.d.ts.map +0 -1
package/dist/utils/auth-helper-detector.js +0 -360
package/dist/utils/auth-helper-detector.js.map +0 -1
package/dist/utils/code-analysis.d.ts +0 -39
package/dist/utils/code-analysis.d.ts.map +0 -1
package/dist/utils/code-analysis.js +0 -159
package/dist/utils/code-analysis.js.map +0 -1
package/dist/utils/comment-analyzer.d.ts +0 -38
package/dist/utils/comment-analyzer.d.ts.map +0 -1
package/dist/utils/comment-analyzer.js +0 -218
package/dist/utils/comment-analyzer.js.map +0 -1
package/dist/utils/context-helpers.d.ts +0 -219
package/dist/utils/context-helpers.d.ts.map +0 -1
package/dist/utils/context-helpers.js +0 -886
package/dist/utils/context-helpers.js.map +0 -1
package/dist/utils/diff-detector.d.ts +0 -53
package/dist/utils/diff-detector.d.ts.map +0 -1
package/dist/utils/diff-detector.js +0 -104
package/dist/utils/diff-detector.js.map +0 -1
package/dist/utils/diff-parser.d.ts +0 -80
package/dist/utils/diff-parser.d.ts.map +0 -1
package/dist/utils/diff-parser.js +0 -202
package/dist/utils/diff-parser.js.map +0 -1
package/dist/utils/environment-context.d.ts +0 -76
package/dist/utils/environment-context.d.ts.map +0 -1
package/dist/utils/environment-context.js +0 -271
package/dist/utils/environment-context.js.map +0 -1
package/dist/utils/imported-auth-detector.d.ts +0 -37
package/dist/utils/imported-auth-detector.d.ts.map +0 -1
package/dist/utils/imported-auth-detector.js +0 -251
package/dist/utils/imported-auth-detector.js.map +0 -1
package/dist/utils/intent-detector.d.ts +0 -66
package/dist/utils/intent-detector.d.ts.map +0 -1
package/dist/utils/intent-detector.js +0 -282
package/dist/utils/intent-detector.js.map +0 -1
package/dist/utils/middleware-detector.d.ts +0 -55
package/dist/utils/middleware-detector.d.ts.map +0 -1
package/dist/utils/middleware-detector.js +0 -260
package/dist/utils/middleware-detector.js.map +0 -1
package/dist/utils/oauth-flow-detector.d.ts +0 -41
package/dist/utils/oauth-flow-detector.d.ts.map +0 -1
package/dist/utils/oauth-flow-detector.js +0 -202
package/dist/utils/oauth-flow-detector.js.map +0 -1
package/dist/utils/parsed-file.d.ts +0 -51
package/dist/utils/parsed-file.d.ts.map +0 -1
package/dist/utils/parsed-file.js +0 -95
package/dist/utils/parsed-file.js.map +0 -1
package/dist/utils/path-exclusions.d.ts +0 -55
package/dist/utils/path-exclusions.d.ts.map +0 -1
package/dist/utils/path-exclusions.js +0 -224
package/dist/utils/path-exclusions.js.map +0 -1
package/dist/utils/project-context-builder.d.ts +0 -119
package/dist/utils/project-context-builder.d.ts.map +0 -1
package/dist/utils/project-context-builder.js +0 -534
package/dist/utils/project-context-builder.js.map +0 -1
package/dist/utils/registry-clients.d.ts +0 -93
package/dist/utils/registry-clients.d.ts.map +0 -1
package/dist/utils/registry-clients.js +0 -273
package/dist/utils/registry-clients.js.map +0 -1
package/dist/utils/route-hierarchy.d.ts +0 -50
package/dist/utils/route-hierarchy.d.ts.map +0 -1
package/dist/utils/route-hierarchy.js +0 -226
package/dist/utils/route-hierarchy.js.map +0 -1
package/dist/utils/schema-semantics.d.ts +0 -45
package/dist/utils/schema-semantics.d.ts.map +0 -1
package/dist/utils/schema-semantics.js +0 -193
package/dist/utils/schema-semantics.js.map +0 -1
package/dist/utils/trpc-analyzer.d.ts +0 -78
package/dist/utils/trpc-analyzer.d.ts.map +0 -1
package/dist/utils/trpc-analyzer.js +0 -297
package/dist/utils/trpc-analyzer.js.map +0 -1
package/src/__tests__/context-engine/cross-file-taint.test.ts +0 -284
package/src/__tests__/context-engine/function-classifier.test.ts +0 -146
package/src/__tests__/context-engine/integration.test.ts +0 -320
package/src/__tests__/context-engine/sanitiser-detection.test.ts +0 -187
package/src/__tests__/context-engine/sink-matcher.test.ts +0 -251
package/src/__tests__/context-engine/source-discovery.test.ts +0 -186
package/src/__tests__/context-engine/taint-tracker.test.ts +0 -182
package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +0 -750
package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +0 -555
package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +0 -321
package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +0 -439
package/src/detect/ai-code/agent-tools.ts +0 -1662
package/src/detect/ai-code/byok-patterns.ts +0 -354
package/src/detect/ai-code/endpoint-protection.ts +0 -406
package/src/detect/ai-code/execution-sinks.ts +0 -1310
package/src/detect/ai-code/fingerprinting.ts +0 -774
package/src/detect/ai-code/mcp-security.ts +0 -937
package/src/detect/ai-code/model-supply-chain.ts +0 -535
package/src/detect/ai-code/package-hallucination.ts +0 -955
package/src/detect/ai-code/prompt-hygiene.ts +0 -1314
package/src/detect/ai-code/rag-safety.ts +0 -977
package/src/detect/ai-code/schema-validation.ts +0 -427
package/src/detect/secrets/patterns.ts +0 -561
package/src/detect/secrets/weak-crypto.ts +0 -485
package/src/detect/structural/__tests__/math-random-enhanced.test.ts +0 -405
package/src/detect/structural/auth-patterns.ts +0 -621
package/src/detect/structural/dangerous-functions/child-process.ts +0 -98
package/src/detect/structural/dangerous-functions/dom-xss.ts +0 -292
package/src/detect/structural/dangerous-functions/index.ts +0 -1556
package/src/detect/structural/dangerous-functions/json-parse.ts +0 -393
package/src/detect/structural/dangerous-functions/math-random.ts +0 -789
package/src/detect/structural/dangerous-functions/patterns.ts +0 -176
package/src/detect/structural/dangerous-functions/request-validation.ts +0 -153
package/src/detect/structural/dangerous-functions/utils/control-flow.ts +0 -35
package/src/detect/structural/dangerous-functions/utils/helpers.ts +0 -170
package/src/detect/structural/dangerous-functions/utils/index.ts +0 -25
package/src/detect/structural/dangerous-functions/utils/schema-validation.ts +0 -106
package/src/detect/structural/data-exposure.ts +0 -302
package/src/detect/structural/framework-checks.ts +0 -439
package/src/detect/structural/log-injection.ts +0 -254
package/src/detect/structural/logic-gates.ts +0 -256
package/src/detect/structural/risky-imports.ts +0 -197
package/src/detect/structural/security-headers.ts +0 -231
package/src/detect/structural/ssrf-detection.ts +0 -300
package/src/detect/structural/variables.ts +0 -177
package/src/detect/structural/xxe-detection.ts +0 -295
package/src/model/cross-file-taint.ts +0 -374
package/src/model/function-classifier.ts +0 -184
package/src/model/sanitiser-detection.ts +0 -268
package/src/model/sink-matcher.ts +0 -178
package/src/model/sink-patterns.ts +0 -109
package/src/model/source-discovery.ts +0 -209
package/src/model/taint-tracker.ts +0 -333
package/src/score/auto-dismiss.ts +0 -224

package/dist/detect/structural/dangerous-functions/utils/helpers.js DELETED Viewed

@@ -1,147 +0,0 @@
-"use strict";
-/**
- * General Helper Utilities
- *
- * Small utility functions used across the dangerous functions detection module.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getLineContent = getLineContent;
-exports.getLineRange = getLineRange;
-exports.hasOnlyStaticInputs = hasOnlyStaticInputs;
-exports.hasPathTraversalProtection = hasPathTraversalProtection;
-exports.hasThrowingAuthHelper = hasThrowingAuthHelper;
-/**
- * Get a specific line from content by line number (0-indexed)
- */
-function getLineContent(content, lineNumber) {
-    const lines = content.split('\n');
-    return lines[lineNumber] || '';
-}
-/**
- * Get a range of lines from content
- */
-function getLineRange(content, startLine, endLine) {
-    const lines = content.split('\n');
-    const start = Math.max(0, startLine);
-    const end = Math.min(lines.length, endLine);
-    return lines.slice(start, end).join('\n');
-}
-/**
- * Check if eval/exec/Function has only static literal inputs (no user data)
- * Static inputs like eval('({ mode: "production" })') are low risk
- *
- * Returns true ONLY if the argument is a string literal (not a variable)
- */
-function hasOnlyStaticInputs(lineContent, content, lineNumber) {
-    // Check if the argument to eval/exec/Function is a string literal ONLY
-    // If it's a variable, it's NOT static (could come from anywhere)
-    //
-    // String literal patterns:
-    // - Single quotes: 'content with "double quotes" inside' (no $ interpolation)
-    // - Double quotes: "content" (no $ interpolation)
-    // - Backticks without ${}: `content` (template literal but no interpolation)
-    //
-    // Note: We allow quotes INSIDE the string (e.g., 'text "with" quotes')
-    // but NOT $ (which would indicate interpolation)
-    const staticPatterns = [
-        // Single-quoted string: eval('...') - can contain anything except single quotes and $
-        /eval\s*\(\s*'[^'$]*'\s*\)/,
-        // Double-quoted string: eval("...") - can contain anything except double quotes and $
-        /eval\s*\(\s*"[^"$]*"\s*\)/,
-        // Backtick without interpolation: eval(`...`) - must not have ${ inside
-        /eval\s*\(\s*`[^`$]*`\s*\)/,
-        // Function constructor with string literal
-        /new\s+Function\s*\(\s*'[^'$]*'\s*\)/,
-        /new\s+Function\s*\(\s*"[^"$]*"\s*\)/,
-        // execSync with string literal
-        /execSync\s*\(\s*'[^'$]*'\s*\)/,
-        /execSync\s*\(\s*"[^"$]*"\s*\)/,
-        // exec with string literal
-        /exec\s*\(\s*'[^'$]*'/,
-        /exec\s*\(\s*"[^"$]*"/,
-    ];
-    // Only return true if it matches a static pattern (string literal)
-    // If it's a variable like eval(code), we can't assume it's static
-    return staticPatterns.some(p => p.test(lineContent));
-}
-/**
- * Check if path traversal protection is in place
- * Looks for common sanitization patterns that prevent directory traversal attacks
- */
-function hasPathTraversalProtection(context, lineContent) {
-    const protectionPatterns = [
-        // Path normalization with base directory check (same line)
-        /path\.resolve\s*\([^)]+\).*\.startsWith\s*\(/i,
-        // startsWith check with common safe directory variable names
-        /\.startsWith\s*\([^)]*(?:baseDir|basePath|rootDir|uploadDir|allowedDir|safeDir|SAFE_)/i,
-        // MULTI-LINE PATTERN: path.resolve followed by startsWith check in context
-        // This handles the common case where resolve and startsWith are on separate lines:
-        //   const resolved = path.resolve(baseDir, userPath)
-        //   if (!resolved.startsWith(baseDir)) throw new Error()
-        // We check for BOTH patterns being present in the context
-        // (handled below as combined check)
-        // Explicit ".." rejection
-        /\.includes\s*\(\s*['"`]\.\.['"`]\s*\)/i,
-        /\.indexOf\s*\(\s*['"`]\.\.['"`]\s*\)/i,
-        /['"`]\.\.['"`].*(?:throw|reject|return|error)/i,
-        // Replace ".." pattern (sanitization)
-        /\.replace\s*\([^)]*\\?\.\\?\.\s*[^)]*,\s*['"`]['"`]\s*\)/i,
-        // Path sanitization libraries
-        /sanitizePath|sanitizeFilename|sanitize-filename/i,
-        /path-sanitizer|secure-path/i,
-        // Explicit path validation
-        /validatePath|isValidPath|checkPath|verifyPath/i,
-        /isPathAllowed|isAllowedPath|pathIsAllowed/i,
-        // Normalize and check pattern
-        /path\.normalize\s*\([^)]+\).*(?:startsWith|includes|indexOf)/i,
-        // Regex validation for safe characters only
-        /\/\^?\[a-zA-Z0-9_\-\.\\\/\]\+\$?\//, // Only alphanumeric, dash, underscore, dot
-        // Allowlist/whitelist patterns
-        /allowedExtensions|allowedTypes|whitelist/i,
-        /\.endsWith\s*\(\s*['"`]\.\w+['"`]\s*\)/i, // Extension check
-        // Path.basename to strip directory
-        /path\.basename\s*\(/i,
-        // Zod/validation for filename patterns
-        /z\.string\s*\(\s*\)\.regex\s*\(/i,
-    ];
-    // Check single-line patterns
-    if (protectionPatterns.some(p => p.test(context) || p.test(lineContent))) {
-        return true;
-    }
-    // Multi-line pattern: path.resolve + startsWith check on separate lines
-    // This is a very common secure pattern:
-    //   const resolved = path.resolve(safeBaseDir, userInput)
-    //   if (!resolved.startsWith(safeBaseDir)) { throw ... }
-    const hasPathResolve = /path\.resolve\s*\(/i.test(context);
-    const hasStartsWithCheck = /\.startsWith\s*\(/i.test(context);
-    const hasThrowOnFailure = /(throw|return|reject)\s+.*(error|invalid|denied)/i.test(context);
-    if (hasPathResolve && hasStartsWithCheck && hasThrowOnFailure) {
-        return true;
-    }
-    return false;
-}
-/**
- * Check if route has throwing auth helper (getCurrentUserId, requireAuth, etc.)
- * Routes with throwing auth helpers are already protected
- */
-function hasThrowingAuthHelper(content) {
-    const throwingAuthPatterns = [
-        /\bgetCurrentUserId\s*\(/i,
-        /\brequireAuth\s*\(/i,
-        /\bensureAuth\s*\(/i,
-        /\bauth\s*\(\s*\)\s*\.protect\s*\(/i, // Clerk: auth().protect()
-        /\bcurrentUser\s*\(\s*\)/i, // Clerk: currentUser()
-        /\bgetServerSession\s*\([^)]*\)/i, // NextAuth
-        /\bauth\s*\(\s*\)/i, // Generic auth() call
-        /\bcheckAuth\s*\(/i,
-        /\bverifyAuth\s*\(/i,
-        /\bvalidateAuth\s*\(/i,
-        /\bassertAuth\s*\(/i,
-        /\bgetAuth\s*\(/i,
-        /\brequireUser\s*\(/i,
-        /\bgetUser\s*\(\s*\)/i, // supabase.auth.getUser()
-        /const\s+\{\s*user\s*\}\s*=\s*await/i, // Destructuring pattern
-    ];
-    return throwingAuthPatterns.some(p => p.test(content));
-}
-//# sourceMappingURL=helpers.js.map

package/dist/detect/structural/dangerous-functions/utils/helpers.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"helpers.js","sourceRoot":"","sources":["../../../../../src/detect/structural/dangerous-functions/utils/helpers.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAKH,wCAGC;AAKD,oCASC;AAQD,kDAoCC;AAMD,gEAoEC;AAMD,sDAmBC;AAnKD;;GAEG;AACH,SAAgB,cAAc,CAAC,OAAe,EAAE,UAAkB;IAChE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,OAAO,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAA;AAChC,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY,CAC1B,OAAe,EACf,SAAiB,EACjB,OAAe;IAEf,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,CAAC,CAAA;IACpC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC3C,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AAC3C,CAAC;AAED;;;;;GAKG;AACH,SAAgB,mBAAmB,CACjC,WAAmB,EACnB,OAAe,EACf,UAAkB;IAElB,uEAAuE;IACvE,iEAAiE;IACjE,EAAE;IACF,2BAA2B;IAC3B,8EAA8E;IAC9E,kDAAkD;IAClD,6EAA6E;IAC7E,EAAE;IACF,uEAAuE;IACvE,iDAAiD;IACjD,MAAM,cAAc,GAAG;QACrB,sFAAsF;QACtF,2BAA2B;QAC3B,sFAAsF;QACtF,2BAA2B;QAC3B,wEAAwE;QACxE,2BAA2B;QAC3B,2CAA2C;QAC3C,qCAAqC;QACrC,qCAAqC;QACrC,+BAA+B;QAC/B,+BAA+B;QAC/B,+BAA+B;QAC/B,2BAA2B;QAC3B,sBAAsB;QACtB,sBAAsB;KACvB,CAAA;IAED,mEAAmE;IACnE,kEAAkE;IAClE,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;AACtD,CAAC;AAED;;;GAGG;AACH,SAAgB,0BAA0B,CACxC,OAAe,EACf,WAAmB;IAEnB,MAAM,kBAAkB,GAAG;QACzB,2DAA2D;QAC3D,+CAA+C;QAE/C,6DAA6D;QAC7D,wFAAwF;QAExF,2EAA2E;QAC3E,mFAAmF;QACnF,qDAAqD;QACrD,yDAAyD;QACzD,0DAA0D;QAC1D,oCAAoC;QAEpC,0BAA0B;QAC1B,wCAAwC;QACxC,uCAAuC;QACvC,gDAAgD;QAChD,sCAAsC;QACtC,2DAA2D;QAE3D,8BAA8B;QAC9B,kDAAkD;QAClD,6BAA6B;QAE7B,2BAA2B;QAC3B,gDAAgD;QAChD,4CAA4C;QAE5C,8BAA8B;QAC9B,+DAA+D;QAE/D,4CAA4C;QAC5C,oCAAoC,EAAE,2CAA2C;QAEjF,+BAA+B;QAC/B,2CAA2C;QAC3C,yCAAyC,EAAE,kBAAkB;QAE7D,mCAAmC;QACnC,sBAAsB;QAEtB,uCAAuC;QACvC,kCAAkC;KACnC,CAAA;IAED,6BAA6B;IAC7B,IAAI,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QACzE,OAAO,IAAI,CAAA;IACb,CAAC;IAED,wEAAwE;IACxE,wCAAwC;IACxC,0DAA0D;IAC1D,yDAAyD;IACzD,MAAM,cAAc,GAAG,qBAAqB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAC1D,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAC7D,MAAM,iBAAiB,GAAG,mDAAmD,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAE3F,IAAI,cAAc,IAAI,kBAAkB,IAAI,iBAAiB,EAAE,CAAC;QAC9D,OAAO,IAAI,CAAA;IACb,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;GAGG;AACH,SAAgB,qBAAqB,CAAC,OAAe;IACnD,MAAM,oBAAoB,GAAG;QAC3B,0BAA0B;QAC1B,qBAAqB;QACrB,oBAAoB;QACpB,oCAAoC,EAAE,0BAA0B;QAChE,0BAA0B,EAAE,uBAAuB;QACnD,iCAAiC,EAAE,WAAW;QAC9C,mBAAmB,EAAE,sBAAsB;QAC3C,mBAAmB;QACnB,oBAAoB;QACpB,sBAAsB;QACtB,oBAAoB;QACpB,iBAAiB;QACjB,qBAAqB;QACrB,sBAAsB,EAAE,0BAA0B;QAClD,qCAAqC,EAAE,wBAAwB;KAChE,CAAA;IACD,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACxD,CAAC"}

package/dist/detect/structural/dangerous-functions/utils/index.d.ts DELETED Viewed

@@ -1,9 +0,0 @@
-/**
- * Utility Functions Index
- *
- * Re-exports all utility functions from the dangerous-functions module.
- */
-export { isInsideTryCatch, hasTryCatchNearby, extractFunctionContext, } from './control-flow';
-export { hasSchemaValidationNearby, hasManualValidation, hasSQLWhitelistValidation, } from './schema-validation';
-export { getLineContent, getLineRange, hasOnlyStaticInputs, hasPathTraversalProtection, hasThrowingAuthHelper, } from './helpers';
-//# sourceMappingURL=index.d.ts.map

package/dist/detect/structural/dangerous-functions/utils/index.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/detect/structural/dangerous-functions/utils/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,sBAAsB,GACvB,MAAM,gBAAgB,CAAA;AAEvB,OAAO,EACL,yBAAyB,EACzB,mBAAmB,EACnB,yBAAyB,GAC1B,MAAM,qBAAqB,CAAA;AAE5B,OAAO,EACL,cAAc,EACd,YAAY,EACZ,mBAAmB,EACnB,0BAA0B,EAC1B,qBAAqB,GACtB,MAAM,WAAW,CAAA"}

package/dist/detect/structural/dangerous-functions/utils/index.js DELETED Viewed

@@ -1,23 +0,0 @@
-"use strict";
-/**
- * Utility Functions Index
- *
- * Re-exports all utility functions from the dangerous-functions module.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.hasThrowingAuthHelper = exports.hasPathTraversalProtection = exports.hasOnlyStaticInputs = exports.getLineRange = exports.getLineContent = exports.hasSQLWhitelistValidation = exports.hasManualValidation = exports.hasSchemaValidationNearby = exports.extractFunctionContext = exports.hasTryCatchNearby = exports.isInsideTryCatch = void 0;
-var control_flow_1 = require("./control-flow");
-Object.defineProperty(exports, "isInsideTryCatch", { enumerable: true, get: function () { return control_flow_1.isInsideTryCatch; } });
-Object.defineProperty(exports, "hasTryCatchNearby", { enumerable: true, get: function () { return control_flow_1.hasTryCatchNearby; } });
-Object.defineProperty(exports, "extractFunctionContext", { enumerable: true, get: function () { return control_flow_1.extractFunctionContext; } });
-var schema_validation_1 = require("./schema-validation");
-Object.defineProperty(exports, "hasSchemaValidationNearby", { enumerable: true, get: function () { return schema_validation_1.hasSchemaValidationNearby; } });
-Object.defineProperty(exports, "hasManualValidation", { enumerable: true, get: function () { return schema_validation_1.hasManualValidation; } });
-Object.defineProperty(exports, "hasSQLWhitelistValidation", { enumerable: true, get: function () { return schema_validation_1.hasSQLWhitelistValidation; } });
-var helpers_1 = require("./helpers");
-Object.defineProperty(exports, "getLineContent", { enumerable: true, get: function () { return helpers_1.getLineContent; } });
-Object.defineProperty(exports, "getLineRange", { enumerable: true, get: function () { return helpers_1.getLineRange; } });
-Object.defineProperty(exports, "hasOnlyStaticInputs", { enumerable: true, get: function () { return helpers_1.hasOnlyStaticInputs; } });
-Object.defineProperty(exports, "hasPathTraversalProtection", { enumerable: true, get: function () { return helpers_1.hasPathTraversalProtection; } });
-Object.defineProperty(exports, "hasThrowingAuthHelper", { enumerable: true, get: function () { return helpers_1.hasThrowingAuthHelper; } });
-//# sourceMappingURL=index.js.map

package/dist/detect/structural/dangerous-functions/utils/index.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/detect/structural/dangerous-functions/utils/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,+CAIuB;AAHrB,gHAAA,gBAAgB,OAAA;AAChB,iHAAA,iBAAiB,OAAA;AACjB,sHAAA,sBAAsB,OAAA;AAGxB,yDAI4B;AAH1B,8HAAA,yBAAyB,OAAA;AACzB,wHAAA,mBAAmB,OAAA;AACnB,8HAAA,yBAAyB,OAAA;AAG3B,qCAMkB;AALhB,yGAAA,cAAc,OAAA;AACd,uGAAA,YAAY,OAAA;AACZ,8GAAA,mBAAmB,OAAA;AACnB,qHAAA,0BAA0B,OAAA;AAC1B,gHAAA,qBAAqB,OAAA"}

package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts DELETED Viewed

@@ -1,22 +0,0 @@
-/**
- * Schema Validation Detection Utilities
- *
- * Functions for detecting schema validation patterns (zod, yup, joi, etc.)
- * and manual validation patterns.
- */
-/**
- * Check if schema validation is applied near a JSON.parse call
- * Looks for zod, yup, joi, or similar validation patterns
- */
-export declare function hasSchemaValidationNearby(content: string, lineNumber: number): boolean;
-/**
- * Check if this file appears to have form/input validation elsewhere
- * (manual checks on body fields, type guards, etc.)
- */
-export declare function hasManualValidation(content: string): boolean;
-/**
- * Check if SQL query uses whitelist validation pattern
- * e.g., columns validated against allowedColumns array before use
- */
-export declare function hasSQLWhitelistValidation(content: string, lineNumber: number): boolean;
-//# sourceMappingURL=schema-validation.d.ts.map

package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"schema-validation.d.ts","sourceRoot":"","sources":["../../../../../src/detect/structural/dangerous-functions/utils/schema-validation.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;GAGG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAkCtF;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAe5D;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAiCtF"}

package/dist/detect/structural/dangerous-functions/utils/schema-validation.js DELETED Viewed

@@ -1,102 +0,0 @@
-"use strict";
-/**
- * Schema Validation Detection Utilities
- *
- * Functions for detecting schema validation patterns (zod, yup, joi, etc.)
- * and manual validation patterns.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.hasSchemaValidationNearby = hasSchemaValidationNearby;
-exports.hasManualValidation = hasManualValidation;
-exports.hasSQLWhitelistValidation = hasSQLWhitelistValidation;
-/**
- * Check if schema validation is applied near a JSON.parse call
- * Looks for zod, yup, joi, or similar validation patterns
- */
-function hasSchemaValidationNearby(content, lineNumber) {
-    const lines = content.split('\n');
-    const start = Math.max(0, lineNumber - 5);
-    const end = Math.min(lines.length, lineNumber + 10);
-    const context = lines.slice(start, end).join('\n');
-    const schemaValidationPatterns = [
-        // Zod patterns
-        /z\.(object|string|number|array|boolean)\s*\(/i,
-        /\.parse\s*\(/i,
-        /\.safeParse\s*\(/i,
-        /schema\.parse/i,
-        /Schema\.parse/i,
-        // Yup patterns
-        /yup\.(object|string|number|array|boolean)\s*\(/i,
-        /\.validate\s*\(/i,
-        /\.validateSync\s*\(/i,
-        // Joi patterns
-        /Joi\.(object|string|number|array|boolean)\s*\(/i,
-        /\.validateAsync\s*\(/i,
-        // Valibot patterns
-        /v\.(object|string|number|array|boolean)\s*\(/i,
-        // AJV patterns
-        /ajv\.compile/i,
-        /validate\s*\(\s*schema/i,
-        // TypeBox patterns
-        /Type\.(Object|String|Number|Array|Boolean)\s*\(/i,
-        // Generic validation patterns
-        /validateSchema/i,
-        /schemaValidator/i,
-        /parseAndValidate/i,
-    ];
-    return schemaValidationPatterns.some(p => p.test(context));
-}
-/**
- * Check if this file appears to have form/input validation elsewhere
- * (manual checks on body fields, type guards, etc.)
- */
-function hasManualValidation(content) {
-    const manualValidationPatterns = [
-        // Type checking / type guards
-        /typeof\s+\w+\s*[!=]==?\s*['"](?:string|number|boolean|object)['"]|Array\.isArray\s*\(/i,
-        // Field existence checks followed by throws/returns
-        /if\s*\(\s*!(?:body|data|input)\.\w+\s*\)\s*\{?\s*(throw|return)/i,
-        // Property access with type assertion comments or inline validation
-        /\b(body|data|input)\s*as\s+\w+/i, // Type assertion
-        // Manual validation with error handling
-        /if\s*\(\s*![\w.]+\s*\|\|\s*typeof\s+[\w.]+/i,
-        // Using type predicates
-        /is\w+\s*\([\w.]+\)/i, // isFoo(bar) pattern
-    ];
-    return manualValidationPatterns.some(p => p.test(content));
-}
-/**
- * Check if SQL query uses whitelist validation pattern
- * e.g., columns validated against allowedColumns array before use
- */
-function hasSQLWhitelistValidation(content, lineNumber) {
-    const lines = content.split('\n');
-    const contextStart = Math.max(0, lineNumber - 20);
-    const contextEnd = Math.min(lines.length, lineNumber + 5);
-    const context = lines.slice(contextStart, contextEnd).join('\n');
-    // Whitelist/allowlist validation patterns
-    const whitelistPatterns = [
-        // Array-based whitelists
-        /allowed\w*\s*=\s*\[/i, // allowedColumns = [...]
-        /whitelist\w*\s*=\s*\[/i, // whitelistFields = [...]
-        /valid\w*\s*=\s*\[/i, // validColumns = [...]
-        /\.filter\s*\([^)]*\.includes\s*\(/i, // .filter(c => allowed.includes(c))
-        /\.includes\s*\([^)]*\)/i, // allowedColumns.includes(col)
-        /\.every\s*\([^)]*\.includes/i, // columns.every(c => allowed.includes(c))
-        /if\s*\(\s*!.*\.includes/i, // if (!allowed.includes(...))
-        // Object-based whitelists (Record<string, string>)
-        /\w+\s+in\s+\w*(?:sortable|allowed|valid|whitelist)\w*/i, // sorter in sortableFields
-        /\w+\s+in\s+\w+Fields/i, // key in someFields
-        /:\s*Record<string,\s*string>/i, // Type annotation: Record<string, string>
-        /const\s+\w+Fields\s*:\s*\{[^}]*\}\s*=/i, // const xyzFields: {...} = (inline type)
-        /const\s+\w+Fields\s*=\s*\{[^}]*\}/i, // const xyzFields = { ... }
-        /if\s*\([^)]*\s+in\s+\w+Fields\s*\)/i, // if (x in yFields)
-        /&&\s*\w+\s+in\s+\w+/i, // && sorter in sortableFields
-        // Enum-based validation (ASC/DESC, etc.)
-        /===?\s*['"](?:ASC|DESC)['"]/i, // === 'ASC' or === 'DESC'
-        /===?\s*\w+\.(?:Asc|Desc|ASC|DESC)/i, // === SortType.Asc
-        /toLowerCase\s*\(\s*\)\s*===?\s*\w+\.(?:asc|desc)/i, // .toLowerCase() === SortType.asc
-    ];
-    return whitelistPatterns.some(p => p.test(context));
-}
-//# sourceMappingURL=schema-validation.js.map

package/dist/detect/structural/dangerous-functions/utils/schema-validation.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"schema-validation.js","sourceRoot":"","sources":["../../../../../src/detect/structural/dangerous-functions/utils/schema-validation.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAMH,8DAkCC;AAMD,kDAeC;AAMD,8DAiCC;AAlGD;;;GAGG;AACH,SAAgB,yBAAyB,CAAC,OAAe,EAAE,UAAkB;IAC3E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;IACzC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACnD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAElD,MAAM,wBAAwB,GAAG;QAC/B,eAAe;QACf,+CAA+C;QAC/C,eAAe;QACf,mBAAmB;QACnB,gBAAgB;QAChB,gBAAgB;QAChB,eAAe;QACf,iDAAiD;QACjD,kBAAkB;QAClB,sBAAsB;QACtB,eAAe;QACf,iDAAiD;QACjD,uBAAuB;QACvB,mBAAmB;QACnB,+CAA+C;QAC/C,eAAe;QACf,eAAe;QACf,yBAAyB;QACzB,mBAAmB;QACnB,kDAAkD;QAClD,8BAA8B;QAC9B,iBAAiB;QACjB,kBAAkB;QAClB,mBAAmB;KACpB,CAAA;IAED,OAAO,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AAC5D,CAAC;AAED;;;GAGG;AACH,SAAgB,mBAAmB,CAAC,OAAe;IACjD,MAAM,wBAAwB,GAAG;QAC/B,8BAA8B;QAC9B,wFAAwF;QACxF,oDAAoD;QACpD,kEAAkE;QAClE,oEAAoE;QACpE,iCAAiC,EAAE,iBAAiB;QACpD,wCAAwC;QACxC,6CAA6C;QAC7C,wBAAwB;QACxB,qBAAqB,EAAE,qBAAqB;KAC7C,CAAA;IAED,OAAO,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AAC5D,CAAC;AAED;;;GAGG;AACH,SAAgB,yBAAyB,CAAC,OAAe,EAAE,UAAkB;IAC3E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;IACzD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEhE,0CAA0C;IAC1C,MAAM,iBAAiB,GAAG;QACxB,yBAAyB;QACzB,sBAAsB,EAAE,yBAAyB;QACjD,wBAAwB,EAAE,0BAA0B;QACpD,oBAAoB,EAAE,uBAAuB;QAC7C,oCAAoC,EAAE,oCAAoC;QAC1E,yBAAyB,EAAE,+BAA+B;QAC1D,8BAA8B,EAAE,0CAA0C;QAC1E,0BAA0B,EAAE,8BAA8B;QAE1D,mDAAmD;QACnD,wDAAwD,EAAE,2BAA2B;QACrF,uBAAuB,EAAE,oBAAoB;QAC7C,+BAA+B,EAAE,0CAA0C;QAC3E,wCAAwC,EAAE,yCAAyC;QACnF,oCAAoC,EAAE,4BAA4B;QAClE,qCAAqC,EAAE,oBAAoB;QAC3D,sBAAsB,EAAE,8BAA8B;QAEtD,yCAAyC;QACzC,8BAA8B,EAAE,0BAA0B;QAC1D,oCAAoC,EAAE,mBAAmB;QACzD,mDAAmD,EAAE,kCAAkC;KACxF,CAAA;IAED,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACrD,CAAC"}

package/dist/detect/structural/data-exposure.d.ts DELETED Viewed

@@ -1,19 +0,0 @@
-/**
- * Layer 2: Data Exposure Detection
- * Identifies sensitive data in logs vs API responses with appropriate severity
- * Separates "logging concerns" from "response exposure" which have different risk profiles
- */
-import type { Vulnerability } from '../../shared/types';
-import type { ParsedFile } from '../../shared/parsed-file';
-/**
- * Detect sensitive data exposure in logs and API responses
- */
-export declare function detectDataExposure(content: string, filePath: string, options?: {
-    parsed?: ParsedFile;
-}): Vulnerability[];
-/**
- * Check if error handling follows safe patterns
- * Returns true if the error handling appears safe
- */
-export declare function isSafeErrorHandling(lineContent: string, surroundingLines: string[]): boolean;
-//# sourceMappingURL=data-exposure.d.ts.map

package/dist/detect/structural/data-exposure.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"data-exposure.d.ts","sourceRoot":"","sources":["../../../src/detect/structural/data-exposure.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAyB,MAAM,oBAAoB,CAAA;AAC9E,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;AAyI1D;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,UAAU,CAAA;CAAE,GAChC,aAAa,EAAE,CAqIjB;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,WAAW,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,OAAO,CAW5F"}

package/dist/detect/structural/data-exposure.js DELETED Viewed

@@ -1,262 +0,0 @@
-"use strict";
-/**
- * Layer 2: Data Exposure Detection
- * Identifies sensitive data in logs vs API responses with appropriate severity
- * Separates "logging concerns" from "response exposure" which have different risk profiles
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.detectDataExposure = detectDataExposure;
-exports.isSafeErrorHandling = isSafeErrorHandling;
-const file_classifier_1 = require("../../parse/file-classifier");
-const BASE_CONFIDENCE = 0.40;
-const DATA_EXPOSURE_PATTERNS = [
-    // ============================================================================
-    // LOG SINKS - DISABLED
-    // Server logs are never exposed to users. After analysis of real codebases,
-    // 100% of console.error/warn findings were false positives.
-    // Logging is a standard debugging practice, not a security vulnerability.
-    // ============================================================================
-    // NOTE: The following patterns have been REMOVED to eliminate false positives:
-    // - 'Logging user ID' - user IDs in logs are standard practice
-    // - 'Logging error objects' - console.error(err) is correct error handling
-    // - 'Logging request body' - server logs are not exposed to clients
-    // - 'JSON.stringify error to log' - serializing errors for logs is fine
-    // ============================================================================
-    // RESPONSE SINKS (higher severity - exposed to clients)
-    // These are actual information disclosure risks
-    // ============================================================================
-    // Error stack traces in responses - CRITICAL
-    {
-        name: 'Stack trace in response',
-        pattern: /res\.(json|send|status\(\d+\)\.json)\s*\([^)]*\.stack|NextResponse\.json\s*\([^)]*\.stack/gi,
-        sink: 'response',
-        severity: 'high',
-        description: 'Stack trace exposed in API response. Reveals internal code paths and file structure to clients.',
-        suggestedFix: 'Never return stack traces to clients. Log server-side, return generic error message.',
-    },
-    {
-        name: 'Full error object in response',
-        pattern: /res\.(json|send)\s*\(\s*(err|error|e)\s*\)|NextResponse\.json\s*\(\s*(err|error|e)\s*\)/gi,
-        sink: 'response',
-        severity: 'high',
-        description: 'Entire error object returned to client. May expose stack traces, internal paths, and sensitive details.',
-        suggestedFix: 'Return only { error: message } or a structured error response. Never return raw error objects.',
-    },
-    {
-        name: 'Error object spread in response',
-        pattern: /res\.(json|send)\s*\(\s*\{[^}]*\.\.\.\s*(err|error|e)[^}]*\}|NextResponse\.json\s*\(\s*\{[^}]*\.\.\.\s*(err|error|e)/gi,
-        sink: 'response',
-        severity: 'high',
-        description: 'Error object spread into response. May expose stack traces and internal details.',
-        suggestedFix: 'Pick only safe properties: { error: err.message, code: err.code }',
-    },
-    {
-        name: 'Detailed error in response',
-        pattern: /res\.(json|send|status\(\d+\)\.json)\s*\(\s*\{[^}]*(details|internal|debug|trace|stack)/gi,
-        sink: 'response',
-        severity: 'medium',
-        description: 'Detailed/internal error information in response may leak implementation details.',
-        suggestedFix: 'Remove detailed/internal/debug/trace information from client-facing error responses.',
-    },
-    // Error message in response - SAFE PATTERN (info only)
-    {
-        name: 'Error message in response (safe pattern)',
-        pattern: /res\.(json|send)\s*\([^)]*error:\s*(error|err|e)\.message|NextResponse\.json\s*\([^)]*error:\s*(error|err|e)\.message/gi,
-        sink: 'response',
-        severity: 'info',
-        description: 'Error message returned to client. Generally safe - this is the recommended error response pattern.',
-        suggestedFix: 'Verify error messages don\'t contain sensitive data. Consider using generic messages for auth errors.',
-    },
-    {
-        name: 'Error message with toString',
-        pattern: /res\.(json|send)\s*\([^)]*error:\s*(error|err|e)\.toString|NextResponse\.json\s*\([^)]*error:\s*(error|err|e)\.toString/gi,
-        sink: 'response',
-        severity: 'low',
-        description: 'Error.toString() returned to client. May include error name and message - verify no sensitive data.',
-        suggestedFix: 'Prefer error.message over error.toString() for cleaner output.',
-    },
-    {
-        name: 'String error message in response',
-        pattern: /res\.(json|send|status\(\d+\)\.json)\s*\(\s*\{\s*(error|message):\s*['"`][^'"`]+['"`]\s*\}/gi,
-        sink: 'response',
-        severity: 'info',
-        description: 'Static/string error message returned to client. This is the safest error response pattern.',
-        suggestedFix: 'No action needed - static error messages are safe.',
-    },
-    // ============================================================================
-    // BOTH SINKS (depends on context)
-    // ============================================================================
-    // Sensitive data exposure patterns
-    {
-        name: 'Exposing user object',
-        pattern: /res\.(json|send)\s*\([^)]*user\s*\)|NextResponse\.json\s*\([^)]*user\s*\)/gi,
-        sink: 'response',
-        severity: 'low',
-        description: 'User object returned in response. Ensure password hashes and sensitive fields are excluded.',
-        suggestedFix: 'Select only necessary user fields. Never expose password hashes, tokens, or internal IDs.',
-    },
-];
-/**
- * Check if file path indicates low-risk logging context
- */
-function isLowRiskLoggingFile(filePath) {
-    // Test files
-    if ((0, file_classifier_1.isTestOrMockFile)(filePath)) {
-        return true;
-    }
-    // Scripts, tools, CLI utilities
-    if (/\/(scripts?|tools?|cli|bin)\//i.test(filePath)) {
-        return true;
-    }
-    // Internal services/utilities (not API-facing)
-    if (/\/(services?|lib|utils?|helpers?)\//i.test(filePath) &&
-        !/\/(api|routes?)\//i.test(filePath)) {
-        return true;
-    }
-    // Component files (client-side, not API)
-    if (/\/(components?|pages?|views?)\//i.test(filePath) &&
-        !/route\.(ts|js)$/i.test(filePath)) {
-        return true;
-    }
-    return false;
-}
-/**
- * Detect sensitive data exposure in logs and API responses
- */
-function detectDataExposure(content, filePath, options) {
-    const vulnerabilities = [];
-    // Skip scanner/fixture files to avoid self-detection
-    if ((0, file_classifier_1.isScannerOrFixtureFile)(filePath))
-        return vulnerabilities;
-    const lines = options?.parsed?.lines ?? content.split('\n');
-    const isTestFile = (0, file_classifier_1.isTestOrMockFile)(filePath);
-    const isLowRiskFile = isLowRiskLoggingFile(filePath);
-    // Determine if this is likely an API route file
-    const isApiFile = /\/(api|routes?|handlers?|controllers?)\//i.test(filePath) ||
-        /route\.(ts|js)$/i.test(filePath);
-    // Track log findings for aggregation
-    const logFindings = [];
-    lines.forEach((line, index) => {
-        // Skip comments
-        if ((0, file_classifier_1.isComment)(line))
-            return;
-        for (const pattern of DATA_EXPOSURE_PATTERNS) {
-            const regex = new RegExp(pattern.pattern.source, pattern.pattern.flags);
-            if (regex.test(line)) {
-                let severity = pattern.severity;
-                let description = pattern.description;
-                // Adjust severity based on context
-                if (isTestFile) {
-                    severity = 'info';
-                    description = `${description} (in test file)`;
-                }
-                // Log sinks get special handling for aggregation
-                if (pattern.sink === 'log') {
-                    // In low-risk files, just aggregate without reporting individual findings
-                    if (isLowRiskFile && severity === 'info') {
-                        logFindings.push({ lineNumber: index + 1, lineContent: line.trim(), name: pattern.name });
-                        break;
-                    }
-                    // Log sinks in non-API files are lower priority
-                    if (!isApiFile) {
-                        if (severity === 'low')
-                            severity = 'info';
-                    }
-                    // Track for aggregation if info severity
-                    if (severity === 'info') {
-                        logFindings.push({ lineNumber: index + 1, lineContent: line.trim(), name: pattern.name });
-                        break;
-                    }
-                }
-                // Response sinks in API files are higher priority
-                if (pattern.sink === 'response' && isApiFile) {
-                    // Keep original severity - these are more critical in API routes
-                }
-                vulnerabilities.push({
-                    id: `data-exposure-${filePath}-${index + 1}-${pattern.name}`,
-                    filePath,
-                    lineNumber: index + 1,
-                    lineContent: line.trim(),
-                    severity,
-                    category: 'data_exposure',
-                    title: pattern.name,
-                    description,
-                    suggestedFix: pattern.suggestedFix,
-                    confidence: isTestFile ? 'low' : 'medium',
-                    baseConfidence: BASE_CONFIDENCE,
-                    layer: 2,
-                    source: 'structural',
-                });
-                break; // Only one finding per line
-            }
-        }
-    });
-    // Aggregate info-level log findings if there are many
-    if (logFindings.length >= 3) {
-        const lineNumbers = logFindings.map(f => f.lineNumber).slice(0, 5);
-        const moreText = logFindings.length > 5 ? `... (${logFindings.length} total)` : '';
-        // Group by pattern name
-        const patternCounts = new Map();
-        for (const finding of logFindings) {
-            patternCounts.set(finding.name, (patternCounts.get(finding.name) || 0) + 1);
-        }
-        const patternSummary = Array.from(patternCounts.entries())
-            .map(([name, count]) => `${count}x ${name}`)
-            .join(', ');
-        vulnerabilities.push({
-            id: `data-exposure-aggregated-${filePath}`,
-            filePath,
-            lineNumber: logFindings[0].lineNumber,
-            lineContent: `${logFindings.length} instances across this file`,
-            severity: 'info',
-            category: 'data_exposure',
-            title: `Logging patterns (${logFindings.length} instances)`,
-            description: `${patternSummary}. Review for sensitive data exposure.\n\nFound ${logFindings.length} occurrences at lines: ${lineNumbers.join(', ')}${moreText}`,
-            suggestedFix: 'Ensure logs have appropriate access controls and do not contain sensitive user data.',
-            confidence: 'low',
-            baseConfidence: BASE_CONFIDENCE,
-            layer: 2,
-            source: 'structural',
-        });
-    }
-    else if (logFindings.length > 0) {
-        // Report individually for small counts
-        for (const finding of logFindings) {
-            const pattern = DATA_EXPOSURE_PATTERNS.find(p => p.name === finding.name);
-            if (pattern) {
-                vulnerabilities.push({
-                    id: `data-exposure-${filePath}-${finding.lineNumber}-${finding.name}`,
-                    filePath,
-                    lineNumber: finding.lineNumber,
-                    lineContent: finding.lineContent,
-                    severity: 'info',
-                    category: 'data_exposure',
-                    title: pattern.name,
-                    description: pattern.description,
-                    suggestedFix: pattern.suggestedFix,
-                    confidence: 'low',
-                    baseConfidence: BASE_CONFIDENCE,
-                    layer: 2,
-                    source: 'structural',
-                });
-            }
-        }
-    }
-    return vulnerabilities;
-}
-/**
- * Check if error handling follows safe patterns
- * Returns true if the error handling appears safe
- */
-function isSafeErrorHandling(lineContent, surroundingLines) {
-    // Safe patterns: only returning error.message, using generic messages
-    const safePatterns = [
-        /error:\s*['"`].*['"`]/, // Generic string message
-        /error:\s*error\.message/, // Only message property
-        /error:\s*err\.message/,
-        /message:\s*(error|err)\.message/,
-        /status\(\d+\)\.json\(\s*\{\s*error:/, // Status code + error object (common pattern)
-    ];
-    return safePatterns.some(p => p.test(lineContent));
-}
-//# sourceMappingURL=data-exposure.js.map

package/dist/detect/structural/data-exposure.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"data-exposure.js","sourceRoot":"","sources":["../../../src/detect/structural/data-exposure.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AA+IH,gDAyIC;AAMD,kDAWC;AArSD,iEAAiG;AAEjG,MAAM,eAAe,GAAG,IAAI,CAAA;AAW5B,MAAM,sBAAsB,GAA0B;IACpD,+EAA+E;IAC/E,uBAAuB;IACvB,4EAA4E;IAC5E,4DAA4D;IAC5D,0EAA0E;IAC1E,+EAA+E;IAE/E,+EAA+E;IAC/E,+DAA+D;IAC/D,2EAA2E;IAC3E,oEAAoE;IACpE,wEAAwE;IAExE,+EAA+E;IAC/E,wDAAwD;IACxD,gDAAgD;IAChD,+EAA+E;IAE/E,6CAA6C;IAC7C;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,6FAA6F;QACtG,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,iGAAiG;QAC9G,YAAY,EAAE,sFAAsF;KACrG;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,2FAA2F;QACpG,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yGAAyG;QACtH,YAAY,EAAE,gGAAgG;KAC/G;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,wHAAwH;QACjI,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,kFAAkF;QAC/F,YAAY,EAAE,mEAAmE;KAClF;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,2FAA2F;QACpG,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,kFAAkF;QAC/F,YAAY,EAAE,sFAAsF;KACrG;IAED,uDAAuD;IACvD;QACE,IAAI,EAAE,0CAA0C;QAChD,OAAO,EAAE,yHAAyH;QAClI,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,oGAAoG;QACjH,YAAY,EAAE,uGAAuG;KACtH;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,OAAO,EAAE,2HAA2H;QACpI,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,qGAAqG;QAClH,YAAY,EAAE,gEAAgE;KAC/E;IACD;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,8FAA8F;QACvG,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,4FAA4F;QACzG,YAAY,EAAE,oDAAoD;KACnE;IAED,+EAA+E;IAC/E,kCAAkC;IAClC,+EAA+E;IAE/E,mCAAmC;IACnC;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,6EAA6E;QACtF,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,6FAA6F;QAC1G,YAAY,EAAE,2FAA2F;KAC1G;CACF,CAAA;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,QAAgB;IAC5C,aAAa;IACb,IAAI,IAAA,kCAAgB,EAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAA;IACb,CAAC;IAED,gCAAgC;IAChC,IAAI,gCAAgC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,OAAO,IAAI,CAAA;IACb,CAAC;IAED,+CAA+C;IAC/C,IAAI,sCAAsC,CAAC,IAAI,CAAC,QAAQ,CAAC;QACrD,CAAC,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzC,OAAO,IAAI,CAAA;IACb,CAAC;IAED,yCAAyC;IACzC,IAAI,kCAAkC,CAAC,IAAI,CAAC,QAAQ,CAAC;QACjD,CAAC,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvC,OAAO,IAAI,CAAA;IACb,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAChC,OAAe,EACf,QAAgB,EAChB,OAAiC;IAEjC,MAAM,eAAe,GAAoB,EAAE,CAAA;IAE3C,qDAAqD;IACrD,IAAI,IAAA,wCAAsB,EAAC,QAAQ,CAAC;QAAE,OAAO,eAAe,CAAA;IAE5D,MAAM,KAAK,GAAG,OAAO,EAAE,MAAM,EAAE,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC3D,MAAM,UAAU,GAAG,IAAA,kCAAgB,EAAC,QAAQ,CAAC,CAAA;IAC7C,MAAM,aAAa,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAA;IAEpD,gDAAgD;IAChD,MAAM,SAAS,GAAG,2CAA2C,CAAC,IAAI,CAAC,QAAQ,CAAC;QAC1D,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IAEnD,qCAAqC;IACrC,MAAM,WAAW,GAAgE,EAAE,CAAA;IAEnF,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,gBAAgB;QAChB,IAAI,IAAA,2BAAS,EAAC,IAAI,CAAC;YAAE,OAAM;QAE3B,KAAK,MAAM,OAAO,IAAI,sBAAsB,EAAE,CAAC;YAC7C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;YAEvE,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrB,IAAI,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAA;gBAC/B,IAAI,WAAW,GAAG,OAAO,CAAC,WAAW,CAAA;gBAErC,mCAAmC;gBACnC,IAAI,UAAU,EAAE,CAAC;oBACf,QAAQ,GAAG,MAAM,CAAA;oBACjB,WAAW,GAAG,GAAG,WAAW,iBAAiB,CAAA;gBAC/C,CAAC;gBAED,iDAAiD;gBACjD,IAAI,OAAO,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;oBAC3B,0EAA0E;oBAC1E,IAAI,aAAa,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;wBACzC,WAAW,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,KAAK,GAAG,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAA;wBACzF,MAAK;oBACP,CAAC;oBAED,gDAAgD;oBAChD,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,IAAI,QAAQ,KAAK,KAAK;4BAAE,QAAQ,GAAG,MAAM,CAAA;oBAC3C,CAAC;oBAED,yCAAyC;oBACzC,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;wBACxB,WAAW,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,KAAK,GAAG,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAA;wBACzF,MAAK;oBACP,CAAC;gBACH,CAAC;gBAED,kDAAkD;gBAClD,IAAI,OAAO,CAAC,IAAI,KAAK,UAAU,IAAI,SAAS,EAAE,CAAC;oBAC7C,iEAAiE;gBACnE,CAAC;gBAED,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,iBAAiB,QAAQ,IAAI,KAAK,GAAG,CAAC,IAAI,OAAO,CAAC,IAAI,EAAE;oBAC5D,QAAQ;oBACR,UAAU,EAAE,KAAK,GAAG,CAAC;oBACrB,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;oBACxB,QAAQ;oBACR,QAAQ,EAAE,eAAe;oBACzB,KAAK,EAAE,OAAO,CAAC,IAAI;oBACnB,WAAW;oBACX,YAAY,EAAE,OAAO,CAAC,YAAY;oBAClC,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ;oBACzC,cAAc,EAAE,eAAe;oBAC/B,KAAK,EAAE,CAAC;oBACV,MAAM,EAAE,YAAqB;iBAC5B,CAAC,CAAA;gBACF,MAAK,CAAC,4BAA4B;YACpC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,sDAAsD;IACtD,IAAI,WAAW,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC5B,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;QAClE,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,WAAW,CAAC,MAAM,SAAS,CAAC,CAAC,CAAC,EAAE,CAAA;QAElF,wBAAwB;QACxB,MAAM,aAAa,GAAG,IAAI,GAAG,EAAkB,CAAA;QAC/C,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;YAClC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;QAC7E,CAAC;QACD,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;aACvD,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,KAAK,IAAI,EAAE,CAAC;aAC3C,IAAI,CAAC,IAAI,CAAC,CAAA;QAEb,eAAe,CAAC,IAAI,CAAC;YACnB,EAAE,EAAE,4BAA4B,QAAQ,EAAE;YAC1C,QAAQ;YACR,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,UAAU;YACrC,WAAW,EAAE,GAAG,WAAW,CAAC,MAAM,6BAA6B;YAC/D,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,eAAe;YACzB,KAAK,EAAE,qBAAqB,WAAW,CAAC,MAAM,aAAa;YAC3D,WAAW,EAAE,GAAG,cAAc,kDAAkD,WAAW,CAAC,MAAM,0BAA0B,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,QAAQ,EAAE;YAC/J,YAAY,EAAE,sFAAsF;YACpG,UAAU,EAAE,KAAK;YACjB,cAAc,EAAE,eAAe;YAC/B,KAAK,EAAE,CAAC;YACN,MAAM,EAAE,YAAqB;SAChC,CAAC,CAAA;IACJ,CAAC;SAAM,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClC,uCAAuC;QACvC,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;YACzE,IAAI,OAAO,EAAE,CAAC;gBACZ,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,iBAAiB,QAAQ,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,IAAI,EAAE;oBACrE,QAAQ;oBACR,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,QAAQ,EAAE,MAAM;oBAChB,QAAQ,EAAE,eAAe;oBACzB,KAAK,EAAE,OAAO,CAAC,IAAI;oBACnB,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,YAAY,EAAE,OAAO,CAAC,YAAY;oBAClC,UAAU,EAAE,KAAK;oBACjB,cAAc,EAAE,eAAe;oBAC/B,KAAK,EAAE,CAAC;oBACV,MAAM,EAAE,YAAqB;iBAC5B,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC;AAED;;;GAGG;AACH,SAAgB,mBAAmB,CAAC,WAAmB,EAAE,gBAA0B;IACjF,sEAAsE;IACtE,MAAM,YAAY,GAAG;QACnB,uBAAuB,EAAG,yBAAyB;QACnD,yBAAyB,EAAG,wBAAwB;QACpD,uBAAuB;QACvB,iCAAiC;QACjC,qCAAqC,EAAG,8CAA8C;KACvF,CAAA;IAED,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAA;AACpD,CAAC"}

package/dist/detect/structural/framework-checks.d.ts DELETED Viewed

@@ -1,10 +0,0 @@
-/**
- * Layer 2: Framework-Specific Security Checks
- * Detects security issues specific to popular frameworks (Next.js, Express, React, etc.)
- */
-import type { Vulnerability } from '../../shared/types';
-import type { ParsedFile } from '../../shared/parsed-file';
-export declare function detectFrameworkIssues(content: string, filePath: string, options?: {
-    parsed?: ParsedFile;
-}): Vulnerability[];
-//# sourceMappingURL=framework-checks.d.ts.map