@oculum/scanner 1.0.14 → 1.0.15

package/src/taint/source-classifier.ts

@@ -0,0 +1,859 @@
+/**
+ * AST-Based Source Classifier
+ *
+ * Identifies taint sources (user input, LLM output, etc.) using AST analysis.
+ * Replaces regex-based model/source-discovery.ts with structural understanding.
+ *
+ * Key improvements over regex:
+ * - Handles destructuring: `const { email } = await req.json()`
+ * - Type-aware: `function handler(req: NextRequest)` → req is a source
+ * - Deep property access: `req.body.user.email` → user input
+ * - AI sources: `response.choices[0].message.content` with appropriate taint kinds
+ */
+
+import type Parser from 'tree-sitter'
+import type { ParsedAST } from '../parse/ast'
+import { walkAST, findEnclosingFunction } from '../parse/ast'
+import { extractTypeRegistry } from '../parse/type-extractor'
+import type { TaintSource, TaintSourceType, TaintKind } from './types'
+import { ALL_TAINT_KINDS } from './types'
+import { isKnownLLMCall } from './llm-registry'
+import { collectImportBindings } from './helpers'
+import { collectPythonImportBindings } from '../detect/ast-rules/helpers/python-helpers'
+
+// ============================================================================
+// Source Type → Default Taint Kinds
+// ============================================================================
+
+const SOURCE_TAINT_MAP: Record<TaintSourceType, readonly TaintKind[]> = {
+  http_body:             ALL_TAINT_KINDS,
+  http_query:            ALL_TAINT_KINDS,
+  http_params:           ALL_TAINT_KINDS,
+  http_headers:          ['xss', 'command', 'ssrf'],
+  url_search_params:     ALL_TAINT_KINDS,
+  form_data:             ALL_TAINT_KINDS,
+  file_upload:           ['path', 'command', 'xss'],
+  websocket_message:     ALL_TAINT_KINDS,
+  cli_args:              ALL_TAINT_KINDS,
+  env_var:               ['command'],
+  database_result:       ['xss', 'command', 'prompt'],
+  external_api:          ALL_TAINT_KINDS,
+  llm_output:            ['command', 'sql', 'xss', 'path', 'prompt'],
+  tool_input:            ALL_TAINT_KINDS,
+  tool_output:           ALL_TAINT_KINDS,
+  rag_retrieval:         ['xss', 'prompt', 'command'],
+  conversation_history:  ['prompt', 'xss', 'command'],
+}
+
+// ============================================================================
+// AST User Input Patterns
+// ============================================================================
+
+interface MemberAccessPattern {
+  objectPattern: RegExp
+  property: string | RegExp
+  sourceType: TaintSourceType
+  framework: string
+  confidence: 'high' | 'medium' | 'low'
+}
+
+const MEMBER_ACCESS_PATTERNS: MemberAccessPattern[] = [
+  // ──────────── Express / generic ────────────
+  { objectPattern: /^req(uest)?$/, property: 'body', sourceType: 'http_body', framework: 'express', confidence: 'high' },
+  { objectPattern: /^req(uest)?$/, property: 'query', sourceType: 'http_query', framework: 'express', confidence: 'high' },
+  { objectPattern: /^req(uest)?$/, property: 'params', sourceType: 'http_params', framework: 'express', confidence: 'high' },
+  { objectPattern: /^req(uest)?$/, property: 'headers', sourceType: 'http_headers', framework: 'express', confidence: 'high' },
+  { objectPattern: /^req(uest)?$/, property: 'cookies', sourceType: 'http_headers', framework: 'express', confidence: 'high' },
+  { objectPattern: /^req(uest)?$/, property: /^(get|header)$/, sourceType: 'http_headers', framework: 'express', confidence: 'high' },
+  { objectPattern: /^req(uest)?$/, property: 'files', sourceType: 'file_upload', framework: 'express', confidence: 'high' },
+  { objectPattern: /^req(uest)?$/, property: 'file', sourceType: 'file_upload', framework: 'express', confidence: 'high' },
+  // ──────────── Koa ────────────
+  { objectPattern: /^ctx\.request$/, property: 'body', sourceType: 'http_body', framework: 'koa', confidence: 'high' },
+  { objectPattern: /^ctx\.request$/, property: 'query', sourceType: 'http_query', framework: 'koa', confidence: 'high' },
+  { objectPattern: /^ctx$/, property: 'query', sourceType: 'http_query', framework: 'koa', confidence: 'high' },
+  { objectPattern: /^ctx$/, property: 'params', sourceType: 'http_params', framework: 'koa', confidence: 'high' },
+  // ──────────── Next.js App Router ────────────
+  { objectPattern: /^(req|request)$/, property: 'json', sourceType: 'http_body', framework: 'nextjs', confidence: 'high' },
+  { objectPattern: /^(req|request)$/, property: 'text', sourceType: 'http_body', framework: 'nextjs', confidence: 'high' },
+  { objectPattern: /^(req|request)$/, property: 'formData', sourceType: 'form_data', framework: 'nextjs', confidence: 'high' },
+  // ──────────── Fastify ────────────
+  { objectPattern: /^(req|request)$/, property: 'body', sourceType: 'http_body', framework: 'fastify', confidence: 'high' },
+  { objectPattern: /^(req|request)$/, property: 'query', sourceType: 'http_query', framework: 'fastify', confidence: 'high' },
+  { objectPattern: /^(req|request)$/, property: 'params', sourceType: 'http_params', framework: 'fastify', confidence: 'high' },
+  // ──────────── Hono ────────────
+  { objectPattern: /^c$/, property: 'req', sourceType: 'http_body', framework: 'hono', confidence: 'medium' },
+  // ──────────── Nest.js ────────────
+  // @Body(), @Query(), @Param() decorators produce direct param access
+  // but also: req.body, req.query, req.params via @Req() — already covered by Express
+  // Nest.js pipes: context.switchToHttp().getRequest()
+  { objectPattern: /^context$/, property: 'switchToHttp', sourceType: 'http_body', framework: 'nestjs', confidence: 'medium' },
+  // ──────────── tRPC ────────────
+  // tRPC input is the validated input object in procedures
+  { objectPattern: /^(input|ctx\.input|opts\.input)$/, property: /.*/, sourceType: 'http_body', framework: 'trpc', confidence: 'medium' },
+  // ──────────── Remix / React Router ────────────
+  // action/loader: request.formData(), request.json()
+  // Also: new URL(request.url).searchParams
+  { objectPattern: /^(args|actionArgs|loaderArgs)$/, property: 'request', sourceType: 'http_body', framework: 'remix', confidence: 'medium' },
+  // ──────────── SvelteKit ────────────
+  // load({ params, url, request }) — all are sources
+  { objectPattern: /^(event|requestEvent)$/, property: 'request', sourceType: 'http_body', framework: 'sveltekit', confidence: 'medium' },
+  { objectPattern: /^(event|requestEvent)$/, property: 'params', sourceType: 'http_params', framework: 'sveltekit', confidence: 'medium' },
+  { objectPattern: /^(event|requestEvent)$/, property: 'url', sourceType: 'url_search_params', framework: 'sveltekit', confidence: 'medium' },
+  // ──────────── GraphQL resolvers ────────────
+  // resolver(parent, args, context) — args is user input
+  { objectPattern: /^args$/, property: /.*/, sourceType: 'http_body', framework: 'graphql', confidence: 'medium' },
+  { objectPattern: /^(input|variables)$/, property: /.*/, sourceType: 'http_body', framework: 'graphql', confidence: 'medium' },
+  // ──────────── URL search params ────────────
+  { objectPattern: /searchParams/, property: /^(get|getAll)$/, sourceType: 'url_search_params', framework: 'web', confidence: 'high' },
+  // ──────────── AWS Lambda ────────────
+  { objectPattern: /^event$/, property: 'body', sourceType: 'http_body', framework: 'aws-lambda', confidence: 'high' },
+  { objectPattern: /^event$/, property: 'queryStringParameters', sourceType: 'http_query', framework: 'aws-lambda', confidence: 'high' },
+  { objectPattern: /^event$/, property: 'pathParameters', sourceType: 'http_params', framework: 'aws-lambda', confidence: 'high' },
+  { objectPattern: /^event$/, property: 'headers', sourceType: 'http_headers', framework: 'aws-lambda', confidence: 'high' },
+  { objectPattern: /^event$/, property: 'multiValueQueryStringParameters', sourceType: 'http_query', framework: 'aws-lambda', confidence: 'high' },
+  // ──────────── Google Cloud Functions ────────────
+  { objectPattern: /^req$/, property: 'rawBody', sourceType: 'http_body', framework: 'gcloud', confidence: 'high' },
+  // ──────────── Azure Functions ────────────
+  { objectPattern: /^(context\.req|request)$/, property: 'body', sourceType: 'http_body', framework: 'azure', confidence: 'high' },
+  { objectPattern: /^(context\.req|request)$/, property: 'query', sourceType: 'http_query', framework: 'azure', confidence: 'high' },
+  // ──────────── Browser APIs ────────────
+  { objectPattern: /^(document|window)$/, property: 'location', sourceType: 'url_search_params', framework: 'browser', confidence: 'medium' },
+  { objectPattern: /^location$/, property: /^(search|hash|href|pathname)$/, sourceType: 'url_search_params', framework: 'browser', confidence: 'medium' },
+  { objectPattern: /^document$/, property: 'cookie', sourceType: 'http_headers', framework: 'browser', confidence: 'medium' },
+  { objectPattern: /^document$/, property: 'referrer', sourceType: 'http_headers', framework: 'browser', confidence: 'medium' },
+  { objectPattern: /^window$/, property: 'name', sourceType: 'url_search_params', framework: 'browser', confidence: 'medium' },
+  // ──────────── postMessage ────────────
+  { objectPattern: /^(event|e)$/, property: 'data', sourceType: 'websocket_message', framework: 'browser', confidence: 'medium' },
+  // ──────────── WebSocket ────────────
+  { objectPattern: /^(message|data|msg)$/, property: /^(data|payload)$/, sourceType: 'websocket_message', framework: 'websocket', confidence: 'medium' },
+  // ──────────── CLI ────────────
+  { objectPattern: /^process$/, property: 'argv', sourceType: 'cli_args', framework: 'node', confidence: 'low' },
+  { objectPattern: /^process$/, property: 'env', sourceType: 'env_var', framework: 'node', confidence: 'low' },
+  // ──────────── Flask (also matches flask_request, http_request aliases) ────────────
+  { objectPattern: /^(?:flask_|http_)?request$/, property: 'form', sourceType: 'http_body', framework: 'flask', confidence: 'high' },
+  { objectPattern: /^(?:flask_|http_)?request$/, property: 'args', sourceType: 'http_query', framework: 'flask', confidence: 'high' },
+  { objectPattern: /^(?:flask_|http_)?request$/, property: 'json', sourceType: 'http_body', framework: 'flask', confidence: 'high' },
+  { objectPattern: /^(?:flask_|http_)?request$/, property: 'data', sourceType: 'http_body', framework: 'flask', confidence: 'high' },
+  { objectPattern: /^(?:flask_|http_)?request$/, property: 'files', sourceType: 'file_upload', framework: 'flask', confidence: 'high' },
+  { objectPattern: /^(?:flask_|http_)?request$/, property: 'values', sourceType: 'http_body', framework: 'flask', confidence: 'high' },
+  // ──────────── Django (also matches django_request alias) ────────────
+  { objectPattern: /^(?:django_|http_)?request$/, property: 'GET', sourceType: 'http_query', framework: 'django', confidence: 'high' },
+  { objectPattern: /^(?:django_|http_)?request$/, property: 'POST', sourceType: 'http_body', framework: 'django', confidence: 'high' },
+  { objectPattern: /^(?:django_|http_)?request$/, property: 'FILES', sourceType: 'file_upload', framework: 'django', confidence: 'high' },
+  { objectPattern: /^(?:django_|http_)?request$/, property: 'META', sourceType: 'http_headers', framework: 'django', confidence: 'high' },
+  { objectPattern: /^(?:django_|http_)?request$/, property: 'COOKIES', sourceType: 'http_headers', framework: 'django', confidence: 'high' },
+  // ──────────── FastAPI (Starlette Request object) ────────────
+  { objectPattern: /^(?:http_)?request$/, property: 'query_params', sourceType: 'http_query', framework: 'fastapi', confidence: 'high' },
+  { objectPattern: /^(?:http_)?request$/, property: 'path_params', sourceType: 'http_params', framework: 'fastapi', confidence: 'high' },
+  { objectPattern: /^(?:http_)?request$/, property: 'headers', sourceType: 'http_headers', framework: 'fastapi', confidence: 'high' },
+  { objectPattern: /^(?:http_)?request$/, property: 'cookies', sourceType: 'http_headers', framework: 'fastapi', confidence: 'high' },
+  // ──────────── Python General ────────────
+  { objectPattern: /^sys$/, property: 'argv', sourceType: 'cli_args', framework: 'python', confidence: 'low' },
+  { objectPattern: /^sys$/, property: 'stdin', sourceType: 'cli_args', framework: 'python', confidence: 'medium' },
+  { objectPattern: /^os$/, property: 'environ', sourceType: 'env_var', framework: 'python', confidence: 'low' },
+]
+
+// ============================================================================
+// LLM Output Patterns
+// ============================================================================
+
+const LLM_OUTPUT_PATTERNS: Array<{
+  pattern: RegExp
+  sourceType: TaintSourceType
+  framework: string
+}> = [
+  // OpenAI / standard chat completions
+  { pattern: /response\.choices\[?\d*\]?\.message\.content/, sourceType: 'llm_output', framework: 'openai' },
+  { pattern: /completion\.choices\[?\d*\]?\.message\.content/, sourceType: 'llm_output', framework: 'openai' },
+  { pattern: /result\.choices\[?\d*\]?\.message\.content/, sourceType: 'llm_output', framework: 'openai' },
+  { pattern: /response\.data\.choices/, sourceType: 'llm_output', framework: 'openai' },
+  // Anthropic SDK
+  { pattern: /response\.content\[?\d*\]?\.text/, sourceType: 'llm_output', framework: 'anthropic' },
+  { pattern: /message\.content\[?\d*\]?\.text/, sourceType: 'llm_output', framework: 'anthropic' },
+  // Generic LLM output
+  { pattern: /\.generated_text/, sourceType: 'llm_output', framework: 'generic' },
+  { pattern: /\.output_text/, sourceType: 'llm_output', framework: 'generic' },
+  // Tool call results
+  { pattern: /toolResult\.(?:output|content|data)/, sourceType: 'tool_output', framework: 'generic' },
+  { pattern: /tool_call\.(?:result|output)/, sourceType: 'tool_output', framework: 'generic' },
+  // RAG retrieval
+  { pattern: /(?:retriev|search|query)(?:Result|Response)s?\.(?:documents|results|hits|matches)/, sourceType: 'rag_retrieval', framework: 'generic' },
+  // Langchain-specific: `doc.pageContent`, `doc.page_content` — but NOT bare `.text` (too broad)
+  { pattern: /\.(?:pageContent|page_content)/, sourceType: 'rag_retrieval', framework: 'langchain' },
+  // Vector DB results
+  { pattern: /(?:pinecone|weaviate|qdrant|chroma|milvus).*\.(?:matches|results|documents)/, sourceType: 'rag_retrieval', framework: 'vectordb' },
+  // Google AI
+  { pattern: /response\.candidates\[?\d*\]?\.content/, sourceType: 'llm_output', framework: 'google-ai' },
+  // Cohere
+  { pattern: /response\.generations\[?\d*\]?\.text/, sourceType: 'llm_output', framework: 'cohere' },
+  // Ollama
+  { pattern: /response\.message\.content/, sourceType: 'llm_output', framework: 'ollama' },
+]
+
+// ============================================================================
+// Request Type Patterns (for type-based source detection)
+// ============================================================================
+
+const REQUEST_TYPE_PATTERNS = [
+  /Request/,
+  /NextRequest/,
+  /NextApiRequest/,
+  /IncomingMessage/,
+  /FastifyRequest/,
+  /HonoRequest/,
+  /KoaContext/,
+  /^(Context|KoaContext|HonoContext)$/, // Hono, Koa context types (anchored to avoid ThemeContext, AppContext, etc.)
+  /APIGatewayProxyEvent/, // AWS Lambda
+  /APIGatewayEvent/,      // AWS Lambda
+  /HttpRequest/,          // Azure Functions, generic
+]
+
+// ============================================================================
+// Internal helpers
+// ============================================================================
+
+function matchesMemberPattern(
+  objText: string,
+  propText: string,
+  pattern: MemberAccessPattern
+): boolean {
+  const objMatch = pattern.objectPattern.test(objText)
+  if (!objMatch) return false
+  if (typeof pattern.property === 'string') {
+    return propText === pattern.property
+  }
+  return pattern.property.test(propText)
+}
+
+/**
+ * Try to extract the variable name that receives tainted data.
+ * Walks up the AST to find variable declarations or destructuring patterns.
+ */
+/**
+ * Expression types we walk through when searching for a receiving variable.
+ * Source member accesses like `req.query` can be nested deep inside
+ * ternaries, binary ops, template literals, etc. We walk up through all
+ * of these until we find a variable_declarator or assignment, or hit a
+ * statement boundary.
+ */
+const EXPRESSION_WALK_TYPES = new Set([
+  'member_expression',
+  'subscript_expression',
+  'call_expression',
+  'await_expression',
+  'binary_expression',
+  'ternary_expression',
+  'parenthesized_expression',
+  'template_string',
+  'template_substitution',
+  'arguments',
+  'as_expression',
+  'type_assertion',
+  'non_null_expression',
+  'satisfies_expression',
+  'unary_expression',
+  'update_expression',
+  'new_expression',
+  'spread_element',
+  'pair',         // { key: req.body } in object literals
+  'object',       // object literal containing source
+  'array',        // array literal containing source
+  // Python equivalents
+  'attribute',              // Python member access
+  'subscript',              // Python subscript
+  'call',                   // Python call
+  'await',                  // Python await
+  'conditional_expression', // Python ternary
+  'keyword_argument',       // Python keyword arg
+  'argument_list',          // Python args
+  'tuple',                  // Python tuple
+  'list',                   // Python list
+  'dictionary',             // Python dict
+  'binary_operator',        // Python binary op
+  'boolean_operator',       // Python boolean op
+])
+
+function extractReceivingVariable(node: Parser.SyntaxNode): string | null {
+  let current: Parser.SyntaxNode | null = node.parent
+
+  while (current) {
+    // variable_declarator: const data = <source>
+    if (current.type === 'variable_declarator') {
+      const nameNode = current.childForFieldName('name')
+      if (nameNode?.type === 'identifier') return nameNode.text
+      // Destructuring: const { a, b } = <source>
+      // Return the whole pattern text as a hint (individual vars tracked separately)
+      if (nameNode?.type === 'object_pattern' || nameNode?.type === 'array_pattern') {
+        return nameNode.text
+      }
+      break
+    }
+
+    // assignment_expression: data = <source> (JS)
+    // assignment: data = <source> (Python)
+    if (current.type === 'assignment_expression' || current.type === 'assignment') {
+      const left = current.childForFieldName('left')
+      if (left?.type === 'identifier') return left.text
+      break
+    }
+
+    // Walk through expression types (ternary, binary, template, member, etc.)
+    if (EXPRESSION_WALK_TYPES.has(current.type)) {
+      current = current.parent
+      continue
+    }
+
+    break
+  }
+
+  return null
+}
+
+/**
+ * Extract destructured variable names from an object_pattern or array_pattern.
+ */
+function extractDestructuredNames(patternNode: Parser.SyntaxNode): string[] {
+  const names: string[] = []
+
+  if (patternNode.type === 'object_pattern') {
+    for (const child of patternNode.namedChildren) {
+      if (child.type === 'shorthand_property_identifier_pattern') {
+        names.push(child.text)
+      } else if (child.type === 'pair_pattern') {
+        const value = child.childForFieldName('value')
+        if (value?.type === 'identifier') {
+          names.push(value.text)
+        } else if (value?.type === 'object_pattern' || value?.type === 'array_pattern') {
+          names.push(...extractDestructuredNames(value))
+        }
+      } else if (child.type === 'rest_pattern') {
+        const arg = child.namedChildren[0]
+        if (arg?.type === 'identifier') names.push(arg.text)
+      }
+    }
+  } else if (patternNode.type === 'array_pattern') {
+    for (const child of patternNode.namedChildren) {
+      if (child.type === 'identifier') {
+        names.push(child.text)
+      } else if (child.type === 'object_pattern' || child.type === 'array_pattern') {
+        names.push(...extractDestructuredNames(child))
+      }
+    }
+  }
+
+  return names
+}
+
+/**
+ * Check if a variable_declarator's name is a destructuring pattern and the
+ * init references a known source. Returns destructured variable names.
+ */
+function getDestructuredSourceVars(declarator: Parser.SyntaxNode): string[] {
+  const nameNode = declarator.childForFieldName('name')
+  if (!nameNode) return []
+  if (nameNode.type !== 'object_pattern' && nameNode.type !== 'array_pattern') return []
+  return extractDestructuredNames(nameNode)
+}
+
+// ============================================================================
+// Quick Pre-Filter (conservative over-approximation)
+// ============================================================================
+
+/**
+ * Fast regex check to determine if file content could possibly contain taint sources.
+ * Conservative: returns true for any file that MIGHT have sources (false positives OK).
+ * Used to skip full AST source classification for the ~82% of files with no sources.
+ */
+const SOURCE_QUICK_CHECK = new RegExp(
+  // HTTP request patterns (Express, Koa, Next.js, Fastify, Hono, NestJS, etc.)
+  'req(?:uest)?\\.(?:body|query|params|headers|cookies|files?|rawBody|json|text|formData|get|header)' +
+  '|ctx\\.(?:request|query|params)' +
+  '|c\\.req\\b' +
+  '|context\\.switchToHttp' +
+  // SvelteKit / Remix
+  '|(?:event|requestEvent)\\.(?:request|params|url)' +
+  '|(?:actionArgs|loaderArgs)\\.request' +
+  // AWS Lambda / Azure
+  '|event\\.(?:body|queryStringParameters|pathParameters|headers|multiValueQueryStringParameters)' +
+  '|context\\.req\\b' +
+  // URL search params
+  '|searchParams\\.(?:get|getAll)' +
+  // Browser APIs
+  '|(?:document|window)\\.(?:location|cookie|referrer|name)' +
+  '|location\\.(?:search|hash|href|pathname)' +
+  // Node
+  '|process\\.(?:argv|env)' +
+  // LLM output patterns
+  '|\\.choices\\[' +
+  '|\\.candidates\\[' +
+  '|\\.generations\\[' +
+  '|\\.generated_text' +
+  '|\\.output_text' +
+  '|\\.pageContent' +
+  '|\\.page_content' +
+  '|toolResult\\.' +
+  '|tool_call\\.' +
+  // LLM SDK imports (for import-aware return value detection)
+  '|from\\s+[\'"](?:openai|@anthropic-ai\\/sdk|anthropic|ai|@ai-sdk\\/|@langchain\\/|langchain|@google\\/generative-ai|cohere|ollama)' +
+  '|require\\([\'"](?:openai|@anthropic-ai\\/sdk|anthropic|ai|@ai-sdk\\/|@langchain\\/|langchain|@google\\/generative-ai|cohere|ollama)' +
+  // Request type annotations
+  '|:\\s*(?:Request|NextRequest|NextApiRequest|IncomingMessage|FastifyRequest|HonoRequest|KoaContext|HonoContext|APIGatewayProxyEvent|APIGatewayEvent|HttpRequest)\\b' +
+  // WebSocket / postMessage
+  '|(?:message|msg)\\.(?:data|payload)' +
+  // Vector DB patterns
+  '|(?:pinecone|weaviate|qdrant|chroma|milvus)' +
+  // Python Flask/Django (including common aliases)
+  '|(?:flask_|http_)?request\\.(?:form|args|values|data|GET|POST|FILES|META|COOKIES)' +
+  // Python general
+  '|sys\\.(?:argv|stdin)' +
+  '|os\\.environ' +
+  '|\\binput\\s*\\(' +
+  // Python framework imports
+  '|from\\s+(?:flask|django|fastapi)\\s+import' +
+  // Python LLM SDK imports (for import-aware return value detection)
+  '|from\\s+(?:openai|anthropic|langchain|langchain_openai|langchain_anthropic|langchain_core|litellm|llama_index|transformers|google\\.generativeai)\\s+import' +
+  // FastAPI dependency injection
+  '|(?:Query|Body|Form|File|Header|Cookie|Path)\\s*\\('
+)
+
+export function hasLikelySources(content: string): boolean {
+  return SOURCE_QUICK_CHECK.test(content)
+}
+
+// ============================================================================
+// Main Classifier
+// ============================================================================
+
+/**
+ * Classify all taint sources in a parsed AST.
+ *
+ * Walks the AST looking for:
+ * 1. Member access patterns (req.body, req.query, etc.)
+ * 2. LLM output patterns (response.choices[0].message.content, etc.)
+ * 3. Type-based sources (parameters typed as Request, NextRequest, etc.)
+ * 4. Destructuring from source objects
+ */
+export function classifySources(
+  ast: ParsedAST,
+  imports?: Map<string, { module: string; originalName: string }>,
+): TaintSource[] {
+  const sources: TaintSource[] = []
+  const seen = new Set<string>()
+  const root = ast.tree.rootNode
+
+  // Phase 1: Walk AST for member access and LLM output patterns
+  walkAST(root, (node) => {
+    // --- Member expression sources (JS: member_expression, Python: attribute) ---
+    if (node.type === 'member_expression' || node.type === 'attribute') {
+      const obj = node.childForFieldName('object')
+      const prop = node.type === 'attribute'
+        ? node.childForFieldName('attribute')
+        : node.childForFieldName('property')
+      if (!obj || !prop) return false
+
+      for (const pattern of MEMBER_ACCESS_PATTERNS) {
+        if (matchesMemberPattern(obj.text, prop.text, pattern)) {
+          const variable = extractReceivingVariable(node) ?? node.text
+          const key = `${node.startPosition.row}:${node.startPosition.column}:${pattern.sourceType}`
+          if (seen.has(key)) break
+          seen.add(key)
+
+          const taintKinds = new Set(SOURCE_TAINT_MAP[pattern.sourceType])
+
+          sources.push({
+            node,
+            line: node.startPosition.row + 1,
+            variable,
+            expression: node.text,
+            sourceType: pattern.sourceType,
+            taintKinds,
+            confidence: pattern.confidence,
+            framework: pattern.framework,
+          })
+
+          return true // skip children — don't double-count nested access
+        }
+      }
+
+      // Check for LLM output patterns
+      const fullText = node.text
+      for (const llmPattern of LLM_OUTPUT_PATTERNS) {
+        if (llmPattern.pattern.test(fullText)) {
+          const variable = extractReceivingVariable(node) ?? node.text
+          const key = `${node.startPosition.row}:${node.startPosition.column}:${llmPattern.sourceType}`
+          if (seen.has(key)) break
+          seen.add(key)
+
+          const taintKinds = new Set(SOURCE_TAINT_MAP[llmPattern.sourceType])
+
+          sources.push({
+            node,
+            line: node.startPosition.row + 1,
+            variable,
+            expression: node.text,
+            sourceType: llmPattern.sourceType,
+            taintKinds,
+            confidence: 'medium',
+            framework: llmPattern.framework,
+          })
+
+          return true
+        }
+      }
+    }
+
+    // Also check subscript_expression / subscript for LLM patterns like response.choices[0].message.content
+    if (node.type === 'subscript_expression' || node.type === 'subscript') {
+      const fullText = node.text
+      for (const llmPattern of LLM_OUTPUT_PATTERNS) {
+        if (llmPattern.pattern.test(fullText)) {
+          const variable = extractReceivingVariable(node) ?? node.text
+          const key = `${node.startPosition.row}:${node.startPosition.column}:${llmPattern.sourceType}`
+          if (seen.has(key)) break
+          seen.add(key)
+
+          const taintKinds = new Set(SOURCE_TAINT_MAP[llmPattern.sourceType])
+
+          sources.push({
+            node,
+            line: node.startPosition.row + 1,
+            variable,
+            expression: node.text,
+            sourceType: llmPattern.sourceType,
+            taintKinds,
+            confidence: 'medium',
+            framework: llmPattern.framework,
+          })
+
+          return true
+        }
+      }
+    }
+
+    // --- Python input() builtin as direct call source ---
+    if (node.type === 'call') {
+      const fn = node.childForFieldName('function')
+      if (fn?.type === 'identifier' && fn.text === 'input') {
+        const variable = extractReceivingVariable(node) ?? 'input()'
+        const key = `${node.startPosition.row}:${node.startPosition.column}:cli_args`
+        if (!seen.has(key)) {
+          seen.add(key)
+          sources.push({
+            node,
+            line: node.startPosition.row + 1,
+            variable,
+            expression: node.text,
+            sourceType: 'cli_args',
+            taintKinds: new Set(SOURCE_TAINT_MAP.cli_args),
+            confidence: 'high',
+            framework: 'python',
+          })
+        }
+        return true
+      }
+    }
+
+    return false
+  })
+
+  // Phase 2a: FastAPI dependency injection parameter sources
+  // FastAPI: def search(q: str = Query(...), body: SearchModel = Body(...))
+  if (ast.language === 'python') {
+    const pyImports = collectPythonImportBindings(root)
+    const FASTAPI_DI_MAP: Record<string, TaintSourceType> = {
+      Query: 'http_query',
+      Body: 'http_body',
+      Form: 'form_data',
+      File: 'file_upload',
+      Header: 'http_headers',
+      Cookie: 'http_headers',
+      Path: 'http_params',
+    }
+
+    walkAST(root, (node) => {
+      if (node.type !== 'default_parameter' && node.type !== 'typed_default_parameter') return false
+      // Check if the default value is a call to a FastAPI DI function
+      const defaultValue = node.childForFieldName('value')
+      if (!defaultValue || defaultValue.type !== 'call') return false
+
+      const fn = defaultValue.childForFieldName('function')
+      if (!fn || fn.type !== 'identifier') return false
+
+      const sourceType = FASTAPI_DI_MAP[fn.text]
+      if (!sourceType) return false
+
+      // Verify it's imported from fastapi
+      const binding = pyImports.get(fn.text)
+      if (!binding || !/^fastapi$/.test(binding.module)) return false
+
+      // The parameter name is the first identifier child
+      const paramName = node.namedChildren.find(c => c.type === 'identifier')
+      if (!paramName) return false
+
+      const key = `fastapi_di:${node.startPosition.row}:${paramName.text}`
+      if (seen.has(key)) return false
+      seen.add(key)
+
+      sources.push({
+        node,
+        line: node.startPosition.row + 1,
+        variable: paramName.text,
+        expression: node.text,
+        sourceType,
+        taintKinds: new Set(SOURCE_TAINT_MAP[sourceType]),
+        confidence: 'high',
+        framework: 'fastapi',
+      })
+
+      return false
+    })
+  }
+
+  // Phase 2b: Import-aware LLM call return value detection
+  // When a known LLM API call result is assigned to a variable, tag it as llm_output
+  if (!imports) imports = collectImportBindings(root)
+  walkAST(root, (node) => {
+    // Look for call_expression/call and await_expression/await nodes
+    let callNode: Parser.SyntaxNode | null = null
+    if (node.type === 'call_expression' || node.type === 'call') {
+      callNode = node
+    } else if (node.type === 'await_expression' || node.type === 'await') {
+      const operand = node.namedChildren[0]
+      if (operand?.type === 'call_expression' || operand?.type === 'call') {
+        callNode = operand
+      }
+    }
+
+    if (!callNode) return false
+
+    // Check if this is a known LLM API call
+    const fn = callNode.childForFieldName('function')
+    if (!fn) return false
+
+    let targetName: string
+    let targetObject: string | undefined
+
+    if (fn.type === 'identifier') {
+      targetName = fn.text
+      targetObject = undefined
+    } else if (fn.type === 'member_expression') {
+      const prop = fn.childForFieldName('property')
+      const obj = fn.childForFieldName('object')
+      if (!prop) return false
+      targetName = prop.text
+      targetObject = obj?.text
+    } else if (fn.type === 'attribute') {
+      // Python attribute access: obj.method
+      const attr = fn.childForFieldName('attribute')
+      const obj = fn.childForFieldName('object')
+      if (!attr) return false
+      targetName = attr.text
+      targetObject = obj?.text
+    } else {
+      return false
+    }
+
+    if (!isKnownLLMCall(targetName, targetObject, imports)) return false
+
+    // Find the receiving variable
+    const variable = extractReceivingVariable(node)
+    if (!variable) return false
+
+    const key = `llm_call:${node.startPosition.row}:${node.startPosition.column}`
+    if (seen.has(key)) return false
+    seen.add(key)
+
+    const taintKinds = new Set(SOURCE_TAINT_MAP.llm_output)
+
+    // Check if it's destructured — each destructured var gets its own source
+    const declarator = findParentDeclarator(node)
+    if (declarator) {
+      const nameNode = declarator.childForFieldName('name')
+      if (nameNode && (nameNode.type === 'object_pattern' || nameNode.type === 'array_pattern')) {
+        const destructuredNames = extractDestructuredNames(nameNode)
+        for (const name of destructuredNames) {
+          const dKey = `llm_call_d:${node.startPosition.row}:${name}`
+          if (seen.has(dKey)) continue
+          seen.add(dKey)
+          sources.push({
+            node: nameNode,
+            line: node.startPosition.row + 1,
+            variable: name,
+            expression: node.text.slice(0, 200),
+            sourceType: 'llm_output',
+            taintKinds: new Set(taintKinds),
+            confidence: 'high',
+            framework: inferLLMFramework(targetName, targetObject, imports),
+          })
+        }
+        return false
+      }
+    }
+
+    sources.push({
+      node,
+      line: node.startPosition.row + 1,
+      variable,
+      expression: node.text.slice(0, 200),
+      sourceType: 'llm_output',
+      taintKinds: new Set(taintKinds),
+      confidence: 'high',
+      framework: inferLLMFramework(targetName, targetObject, imports),
+    })
+
+    return false
+  })
+
+  // Phase 3: Type-based source detection
+  // Parameters typed as Request/NextRequest/etc. make the parameter a taint source
+  const typeRegistry = extractTypeRegistry(ast)
+  for (const [funcName, paramTypes] of typeRegistry.parameterTypes) {
+    for (const paramType of paramTypes) {
+      for (const requestPattern of REQUEST_TYPE_PATTERNS) {
+        if (requestPattern.test(paramType.text)) {
+          // Find the function node to get the parameter name
+          const paramSources = findRequestParamSources(root, funcName, paramType.text)
+          for (const ps of paramSources) {
+            const key = `type:${ps.line}:${ps.variable}`
+            if (seen.has(key)) continue
+            seen.add(key)
+            sources.push(ps)
+          }
+        }
+      }
+    }
+  }
+
+  return sources
+}
+
+/**
+ * Find function parameters typed as a request type and create TaintSources for them.
+ */
+function findRequestParamSources(
+  root: Parser.SyntaxNode,
+  funcName: string,
+  typeText: string
+): TaintSource[] {
+  const results: TaintSource[] = []
+
+  const functionTypes = [
+    'function_declaration', 'function_expression', 'arrow_function',
+    'method_definition', 'generator_function_declaration',
+  ]
+
+  walkAST(root, (node) => {
+    if (!functionTypes.includes(node.type)) return false
+
+    // Match by function name
+    const name = getFunctionNameForNode(node)
+    if (name !== funcName) return false
+
+    const params = node.childForFieldName('parameters')
+    if (!params) return false
+
+    for (const param of params.namedChildren) {
+      if (param.type !== 'required_parameter' && param.type !== 'optional_parameter') continue
+
+      const typeAnnotation = param.childForFieldName('type')
+      if (!typeAnnotation) continue
+
+      const annotationText = typeAnnotation.text.replace(/^:\s*/, '')
+      if (annotationText !== typeText && !annotationText.includes(typeText)) continue
+
+      const pattern = param.childForFieldName('pattern')
+      const paramName = pattern?.text ?? param.text
+
+      results.push({
+        node: param,
+        line: param.startPosition.row + 1,
+        variable: paramName,
+        expression: `${paramName}: ${annotationText}`,
+        sourceType: 'http_body',
+        taintKinds: new Set(ALL_TAINT_KINDS),
+        confidence: 'high',
+        framework: inferFrameworkFromType(annotationText),
+      })
+    }
+
+    return true // found the function, skip its children
+  })
+
+  return results
+}
+
+function getFunctionNameForNode(node: Parser.SyntaxNode): string | null {
+  if (node.type === 'function_declaration' || node.type === 'generator_function_declaration' || node.type === 'method_definition') {
+    return node.childForFieldName('name')?.text ?? null
+  }
+  if (node.type === 'arrow_function' || node.type === 'function_expression') {
+    const parent = node.parent
+    if (parent?.type === 'variable_declarator') {
+      return parent.childForFieldName('name')?.text ?? null
+    }
+    if (parent?.type === 'pair') {
+      return parent.childForFieldName('key')?.text ?? null
+    }
+  }
+  return null
+}
+
+/**
+ * Walk up to find a parent variable_declarator node.
+ */
+function findParentDeclarator(node: Parser.SyntaxNode): Parser.SyntaxNode | null {
+  let current: Parser.SyntaxNode | null = node.parent
+  while (current) {
+    if (current.type === 'variable_declarator') return current
+    if (current.type === 'expression_statement' || current.type === 'return_statement') return null
+    current = current.parent
+  }
+  return null
+}
+
+/**
+ * Infer LLM framework from call target info.
+ */
+function inferLLMFramework(
+  targetName: string,
+  targetObject: string | undefined,
+  imports: Map<string, { module: string; originalName: string }>
+): string {
+  // Check direct function imports
+  const binding = imports.get(targetName)
+  if (binding) {
+    if (/^ai$|^@ai-sdk\//.test(binding.module)) return 'vercel-ai'
+    if (/^openai$/.test(binding.module)) return 'openai'
+    if (/^@anthropic-ai\/sdk$|^anthropic$/.test(binding.module)) return 'anthropic'
+    if (/^@langchain\/|^langchain/.test(binding.module)) return 'langchain'
+    if (/^langchain_openai$|^langchain_anthropic$|^langchain_core|^langchain_community/.test(binding.module)) return 'langchain'
+    if (/^@google\/generative-ai$|^google\.generativeai$/.test(binding.module)) return 'google-ai'
+    if (/^cohere/.test(binding.module)) return 'cohere'
+    if (/^ollama$/.test(binding.module)) return 'ollama'
+    if (/^litellm$/.test(binding.module)) return 'litellm'
+    if (/^llama_index/.test(binding.module)) return 'llamaindex'
+    if (/^transformers$/.test(binding.module)) return 'huggingface'
+  }
+  // Check object import
+  if (targetObject) {
+    const rootObj = targetObject.split('.')[0]
+    const objBinding = imports.get(rootObj)
+    if (objBinding) {
+      if (/^openai$/.test(objBinding.module)) return 'openai'
+      if (/^@anthropic-ai\/sdk$|^anthropic$/.test(objBinding.module)) return 'anthropic'
+      if (/^@google\/generative-ai$|^google\.generativeai$/.test(objBinding.module)) return 'google-ai'
+      if (/^@langchain\/|^langchain/.test(objBinding.module)) return 'langchain'
+      if (/^langchain_openai$|^langchain_anthropic$|^langchain_core|^langchain_community/.test(objBinding.module)) return 'langchain'
+      if (/^litellm$/.test(objBinding.module)) return 'litellm'
+      if (/^llama_index/.test(objBinding.module)) return 'llamaindex'
+    }
+  }
+  return 'generic'
+}
+
+function inferFrameworkFromType(typeText: string): string {
+  if (/NextRequest|NextApiRequest|NextApiResponse/.test(typeText)) return 'nextjs'
+  if (/FastifyRequest/.test(typeText)) return 'fastify'
+  if (/IncomingMessage/.test(typeText)) return 'node'
+  return 'generic'
+}