@oculum/scanner 1.0.14 → 1.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/detect/ai-code/index.d.ts +6 -11
- package/dist/detect/ai-code/index.d.ts.map +1 -1
- package/dist/detect/ai-code/index.js +6 -24
- package/dist/detect/ai-code/index.js.map +1 -1
- package/dist/detect/ast-rules/agent-tools-ast.d.ts +14 -0
- package/dist/detect/ast-rules/agent-tools-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/agent-tools-ast.js +809 -0
- package/dist/detect/ast-rules/agent-tools-ast.js.map +1 -0
- package/dist/detect/ast-rules/ai-fingerprinting-ast.d.ts +14 -0
- package/dist/detect/ast-rules/ai-fingerprinting-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/ai-fingerprinting-ast.js +344 -0
- package/dist/detect/ast-rules/ai-fingerprinting-ast.js.map +1 -0
- package/dist/detect/ast-rules/auth-patterns-ast.d.ts +14 -0
- package/dist/detect/ast-rules/auth-patterns-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/auth-patterns-ast.js +280 -0
- package/dist/detect/ast-rules/auth-patterns-ast.js.map +1 -0
- package/dist/detect/ast-rules/byok-ast.d.ts +13 -0
- package/dist/detect/ast-rules/byok-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/byok-ast.js +180 -0
- package/dist/detect/ast-rules/byok-ast.js.map +1 -0
- package/dist/detect/ast-rules/child-process-ast.d.ts +13 -0
- package/dist/detect/ast-rules/child-process-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/child-process-ast.js +252 -0
- package/dist/detect/ast-rules/child-process-ast.js.map +1 -0
- package/dist/detect/ast-rules/dangerous-eval-ast.d.ts +13 -0
- package/dist/detect/ast-rules/dangerous-eval-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/dangerous-eval-ast.js +218 -0
- package/dist/detect/ast-rules/dangerous-eval-ast.js.map +1 -0
- package/dist/detect/ast-rules/data-exposure-ast.d.ts +13 -0
- package/dist/detect/ast-rules/data-exposure-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/data-exposure-ast.js +158 -0
- package/dist/detect/ast-rules/data-exposure-ast.js.map +1 -0
- package/dist/detect/ast-rules/dom-xss-ast.d.ts +14 -0
- package/dist/detect/ast-rules/dom-xss-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/dom-xss-ast.js +217 -0
- package/dist/detect/ast-rules/dom-xss-ast.js.map +1 -0
- package/dist/detect/ast-rules/endpoint-protection-ast.d.ts +13 -0
- package/dist/detect/ast-rules/endpoint-protection-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/endpoint-protection-ast.js +228 -0
- package/dist/detect/ast-rules/endpoint-protection-ast.js.map +1 -0
- package/dist/detect/ast-rules/entropy-ast.d.ts +17 -0
- package/dist/detect/ast-rules/entropy-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/entropy-ast.js +265 -0
- package/dist/detect/ast-rules/entropy-ast.js.map +1 -0
- package/dist/detect/ast-rules/flask-debug-ast.d.ts +10 -0
- package/dist/detect/ast-rules/flask-debug-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/flask-debug-ast.js +125 -0
- package/dist/detect/ast-rules/flask-debug-ast.js.map +1 -0
- package/dist/detect/ast-rules/framework-checks-ast.d.ts +13 -0
- package/dist/detect/ast-rules/framework-checks-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/framework-checks-ast.js +185 -0
- package/dist/detect/ast-rules/framework-checks-ast.js.map +1 -0
- package/dist/detect/ast-rules/helpers/call-analysis.d.ts +62 -0
- package/dist/detect/ast-rules/helpers/call-analysis.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/call-analysis.js +217 -0
- package/dist/detect/ast-rules/helpers/call-analysis.js.map +1 -0
- package/dist/detect/ast-rules/helpers/context-detection.d.ts +33 -0
- package/dist/detect/ast-rules/helpers/context-detection.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/context-detection.js +256 -0
- package/dist/detect/ast-rules/helpers/context-detection.js.map +1 -0
- package/dist/detect/ast-rules/helpers/control-flow.d.ts +40 -0
- package/dist/detect/ast-rules/helpers/control-flow.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/control-flow.js +174 -0
- package/dist/detect/ast-rules/helpers/control-flow.js.map +1 -0
- package/dist/detect/ast-rules/helpers/import-analysis.d.ts +43 -0
- package/dist/detect/ast-rules/helpers/import-analysis.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/import-analysis.js +149 -0
- package/dist/detect/ast-rules/helpers/import-analysis.js.map +1 -0
- package/dist/detect/ast-rules/helpers/index.d.ts +16 -0
- package/dist/detect/ast-rules/helpers/index.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/index.js +112 -0
- package/dist/detect/ast-rules/helpers/index.js.map +1 -0
- package/dist/detect/ast-rules/helpers/python-helpers.d.ts +215 -0
- package/dist/detect/ast-rules/helpers/python-helpers.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/python-helpers.js +935 -0
- package/dist/detect/ast-rules/helpers/python-helpers.js.map +1 -0
- package/dist/detect/ast-rules/helpers/scope-analysis.d.ts +50 -0
- package/dist/detect/ast-rules/helpers/scope-analysis.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/scope-analysis.js +194 -0
- package/dist/detect/ast-rules/helpers/scope-analysis.js.map +1 -0
- package/dist/detect/ast-rules/helpers/string-analysis.d.ts +57 -0
- package/dist/detect/ast-rules/helpers/string-analysis.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/string-analysis.js +184 -0
- package/dist/detect/ast-rules/helpers/string-analysis.js.map +1 -0
- package/dist/detect/ast-rules/helpers/type-extraction.d.ts +44 -0
- package/dist/detect/ast-rules/helpers/type-extraction.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/type-extraction.js +125 -0
- package/dist/detect/ast-rules/helpers/type-extraction.js.map +1 -0
- package/dist/detect/ast-rules/helpers/user-input.d.ts +35 -0
- package/dist/detect/ast-rules/helpers/user-input.d.ts.map +1 -0
- package/dist/detect/ast-rules/helpers/user-input.js +243 -0
- package/dist/detect/ast-rules/helpers/user-input.js.map +1 -0
- package/dist/detect/ast-rules/index.d.ts +112 -0
- package/dist/detect/ast-rules/index.d.ts.map +1 -0
- package/dist/detect/ast-rules/index.js +232 -0
- package/dist/detect/ast-rules/index.js.map +1 -0
- package/dist/detect/ast-rules/json-parse-ast.d.ts +13 -0
- package/dist/detect/ast-rules/json-parse-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/json-parse-ast.js +143 -0
- package/dist/detect/ast-rules/json-parse-ast.js.map +1 -0
- package/dist/detect/ast-rules/log-injection-ast.d.ts +14 -0
- package/dist/detect/ast-rules/log-injection-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/log-injection-ast.js +235 -0
- package/dist/detect/ast-rules/log-injection-ast.js.map +1 -0
- package/dist/detect/ast-rules/logic-gates-ast.d.ts +14 -0
- package/dist/detect/ast-rules/logic-gates-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/logic-gates-ast.js +312 -0
- package/dist/detect/ast-rules/logic-gates-ast.js.map +1 -0
- package/dist/detect/ast-rules/mcp-security-ast.d.ts +14 -0
- package/dist/detect/ast-rules/mcp-security-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/mcp-security-ast.js +755 -0
- package/dist/detect/ast-rules/mcp-security-ast.js.map +1 -0
- package/dist/detect/ast-rules/model-supply-chain-ast.d.ts +13 -0
- package/dist/detect/ast-rules/model-supply-chain-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/model-supply-chain-ast.js +188 -0
- package/dist/detect/ast-rules/model-supply-chain-ast.js.map +1 -0
- package/dist/detect/ast-rules/package-hallucination-ast.d.ts +13 -0
- package/dist/detect/ast-rules/package-hallucination-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/package-hallucination-ast.js +607 -0
- package/dist/detect/ast-rules/package-hallucination-ast.js.map +1 -0
- package/dist/detect/ast-rules/prompt-hygiene-ast.d.ts +15 -0
- package/dist/detect/ast-rules/prompt-hygiene-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/prompt-hygiene-ast.js +332 -0
- package/dist/detect/ast-rules/prompt-hygiene-ast.js.map +1 -0
- package/dist/detect/ast-rules/rag-safety-ast.d.ts +18 -0
- package/dist/detect/ast-rules/rag-safety-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/rag-safety-ast.js +640 -0
- package/dist/detect/ast-rules/rag-safety-ast.js.map +1 -0
- package/dist/detect/ast-rules/request-validation-ast.d.ts +13 -0
- package/dist/detect/ast-rules/request-validation-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/request-validation-ast.js +116 -0
- package/dist/detect/ast-rules/request-validation-ast.js.map +1 -0
- package/dist/detect/ast-rules/risky-imports-ast.d.ts +14 -0
- package/dist/detect/ast-rules/risky-imports-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/risky-imports-ast.js +114 -0
- package/dist/detect/ast-rules/risky-imports-ast.js.map +1 -0
- package/dist/detect/ast-rules/schema-validation-ast.d.ts +14 -0
- package/dist/detect/ast-rules/schema-validation-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/schema-validation-ast.js +233 -0
- package/dist/detect/ast-rules/schema-validation-ast.js.map +1 -0
- package/dist/detect/ast-rules/secret-patterns-ast.d.ts +17 -0
- package/dist/detect/ast-rules/secret-patterns-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/secret-patterns-ast.js +199 -0
- package/dist/detect/ast-rules/secret-patterns-ast.js.map +1 -0
- package/dist/detect/ast-rules/security-headers-ast.d.ts +14 -0
- package/dist/detect/ast-rules/security-headers-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/security-headers-ast.js +187 -0
- package/dist/detect/ast-rules/security-headers-ast.js.map +1 -0
- package/dist/detect/ast-rules/sql-injection-ast.d.ts +17 -0
- package/dist/detect/ast-rules/sql-injection-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/sql-injection-ast.js +497 -0
- package/dist/detect/ast-rules/sql-injection-ast.js.map +1 -0
- package/dist/detect/ast-rules/ssrf-ast.d.ts +14 -0
- package/dist/detect/ast-rules/ssrf-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/ssrf-ast.js +573 -0
- package/dist/detect/ast-rules/ssrf-ast.js.map +1 -0
- package/dist/detect/ast-rules/taint-fix-templates.d.ts +18 -0
- package/dist/detect/ast-rules/taint-fix-templates.d.ts.map +1 -0
- package/dist/detect/ast-rules/taint-fix-templates.js +92 -0
- package/dist/detect/ast-rules/taint-fix-templates.js.map +1 -0
- package/dist/detect/ast-rules/taint-flow-ast.d.ts +24 -0
- package/dist/detect/ast-rules/taint-flow-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/taint-flow-ast.js +340 -0
- package/dist/detect/ast-rules/taint-flow-ast.js.map +1 -0
- package/dist/detect/ast-rules/variables-ast.d.ts +24 -0
- package/dist/detect/ast-rules/variables-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/variables-ast.js +362 -0
- package/dist/detect/ast-rules/variables-ast.js.map +1 -0
- package/dist/detect/ast-rules/weak-crypto-ast.d.ts +15 -0
- package/dist/detect/ast-rules/weak-crypto-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/weak-crypto-ast.js +406 -0
- package/dist/detect/ast-rules/weak-crypto-ast.js.map +1 -0
- package/dist/detect/ast-rules/xxe-ast.d.ts +13 -0
- package/dist/detect/ast-rules/xxe-ast.d.ts.map +1 -0
- package/dist/detect/ast-rules/xxe-ast.js +157 -0
- package/dist/detect/ast-rules/xxe-ast.js.map +1 -0
- package/dist/detect/config/agent-skill-injection.d.ts.map +1 -1
- package/dist/detect/config/agent-skill-injection.js +2 -24
- package/dist/detect/config/agent-skill-injection.js.map +1 -1
- package/dist/detect/config/index.d.ts +1 -0
- package/dist/detect/config/index.d.ts.map +1 -1
- package/dist/detect/config/index.js +3 -1
- package/dist/detect/config/index.js.map +1 -1
- package/dist/detect/config/osv-check.d.ts.map +1 -1
- package/dist/detect/config/osv-check.js +6 -1
- package/dist/detect/config/osv-check.js.map +1 -1
- package/dist/detect/config/package-check.d.ts.map +1 -1
- package/dist/detect/config/package-check.js +6 -1
- package/dist/detect/config/package-check.js.map +1 -1
- package/dist/detect/config/rules-file-backdoor.d.ts +36 -0
- package/dist/detect/config/rules-file-backdoor.d.ts.map +1 -0
- package/dist/detect/config/rules-file-backdoor.js +379 -0
- package/dist/detect/config/rules-file-backdoor.js.map +1 -0
- package/dist/detect/index.d.ts +43 -6
- package/dist/detect/index.d.ts.map +1 -1
- package/dist/detect/index.js +70 -7
- package/dist/detect/index.js.map +1 -1
- package/dist/detect/secrets/config-audit.d.ts.map +1 -1
- package/dist/detect/secrets/config-audit.js +36 -3
- package/dist/detect/secrets/config-audit.js.map +1 -1
- package/dist/detect/secrets/entropy.d.ts.map +1 -1
- package/dist/detect/secrets/entropy.js +180 -0
- package/dist/detect/secrets/entropy.js.map +1 -1
- package/dist/detect/secrets/index.d.ts +0 -2
- package/dist/detect/secrets/index.d.ts.map +1 -1
- package/dist/detect/secrets/index.js +7 -17
- package/dist/detect/secrets/index.js.map +1 -1
- package/dist/detect/structural/index.d.ts +15 -28
- package/dist/detect/structural/index.d.ts.map +1 -1
- package/dist/detect/structural/index.js +20 -497
- package/dist/detect/structural/index.js.map +1 -1
- package/dist/index.d.ts +3 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +9 -1
- package/dist/index.js.map +1 -1
- package/dist/model/auth-helper-detector.d.ts.map +1 -1
- package/dist/model/auth-helper-detector.js +2 -7
- package/dist/model/auth-helper-detector.js.map +1 -1
- package/dist/model/import-resolver.d.ts.map +1 -1
- package/dist/model/import-resolver.js +94 -0
- package/dist/model/import-resolver.js.map +1 -1
- package/dist/model/imported-auth-detector.js +8 -8
- package/dist/model/imported-auth-detector.js.map +1 -1
- package/dist/model/index.d.ts +8 -0
- package/dist/model/index.d.ts.map +1 -1
- package/dist/model/index.js +198 -73
- package/dist/model/index.js.map +1 -1
- package/dist/model/module-graph.d.ts.map +1 -1
- package/dist/model/module-graph.js +22 -9
- package/dist/model/module-graph.js.map +1 -1
- package/dist/model/project-context.d.ts +1 -1
- package/dist/model/project-context.d.ts.map +1 -1
- package/dist/model/project-context.js +34 -0
- package/dist/model/project-context.js.map +1 -1
- package/dist/model/route-auth-resolver.d.ts.map +1 -1
- package/dist/model/route-auth-resolver.js +17 -2
- package/dist/model/route-auth-resolver.js.map +1 -1
- package/dist/model/route-discovery/index.js +1 -1
- package/dist/model/route-discovery/index.js.map +1 -1
- package/dist/model/route-discovery/nextjs.js +1 -1
- package/dist/model/route-discovery/nextjs.js.map +1 -1
- package/dist/model/route-discovery/python.d.ts +6 -3
- package/dist/model/route-discovery/python.d.ts.map +1 -1
- package/dist/model/route-discovery/python.js +132 -9
- package/dist/model/route-discovery/python.js.map +1 -1
- package/dist/model/route-discovery/types.d.ts +1 -1
- package/dist/model/route-discovery/types.d.ts.map +1 -1
- package/dist/model/route-discovery/utils.d.ts +8 -0
- package/dist/model/route-discovery/utils.d.ts.map +1 -1
- package/dist/model/route-discovery/utils.js +70 -0
- package/dist/model/route-discovery/utils.js.map +1 -1
- package/dist/model/taint-types.d.ts +0 -4
- package/dist/model/taint-types.d.ts.map +1 -1
- package/dist/parse/ast.d.ts +58 -0
- package/dist/parse/ast.d.ts.map +1 -0
- package/dist/parse/ast.js +230 -0
- package/dist/parse/ast.js.map +1 -0
- package/dist/parse/call-graph.d.ts +41 -0
- package/dist/parse/call-graph.d.ts.map +1 -0
- package/dist/parse/call-graph.js +386 -0
- package/dist/parse/call-graph.js.map +1 -0
- package/dist/parse/file-classifier.d.ts +11 -0
- package/dist/parse/file-classifier.d.ts.map +1 -1
- package/dist/parse/file-classifier.js +63 -15
- package/dist/parse/file-classifier.js.map +1 -1
- package/dist/parse/node-index.d.ts +32 -0
- package/dist/parse/node-index.d.ts.map +1 -0
- package/dist/parse/node-index.js +103 -0
- package/dist/parse/node-index.js.map +1 -0
- package/dist/parse/type-extractor.d.ts +50 -0
- package/dist/parse/type-extractor.d.ts.map +1 -0
- package/dist/parse/type-extractor.js +243 -0
- package/dist/parse/type-extractor.js.map +1 -0
- package/dist/pipeline/config.d.ts +7 -1
- package/dist/pipeline/config.d.ts.map +1 -1
- package/dist/pipeline/config.js.map +1 -1
- package/dist/pipeline/index.d.ts +3 -3
- package/dist/pipeline/index.d.ts.map +1 -1
- package/dist/pipeline/index.js +192 -64
- package/dist/pipeline/index.js.map +1 -1
- package/dist/pipeline/modes/incremental.d.ts.map +1 -1
- package/dist/pipeline/modes/incremental.js +2 -7
- package/dist/pipeline/modes/incremental.js.map +1 -1
- package/dist/postprocess/dedup.d.ts +5 -2
- package/dist/postprocess/dedup.d.ts.map +1 -1
- package/dist/postprocess/dedup.js +47 -16
- package/dist/postprocess/dedup.js.map +1 -1
- package/dist/report/build-result.d.ts +9 -4
- package/dist/report/build-result.d.ts.map +1 -1
- package/dist/report/build-result.js +15 -4
- package/dist/report/build-result.js.map +1 -1
- package/dist/report/formatters/cli-terminal.d.ts +1 -1
- package/dist/report/formatters/cli-terminal.d.ts.map +1 -1
- package/dist/report/formatters/cli-terminal.js +434 -231
- package/dist/report/formatters/cli-terminal.js.map +1 -1
- package/dist/report/sanitize.d.ts +10 -0
- package/dist/report/sanitize.d.ts.map +1 -0
- package/dist/report/sanitize.js +19 -0
- package/dist/report/sanitize.js.map +1 -0
- package/dist/score/adjustments.d.ts +20 -2
- package/dist/score/adjustments.d.ts.map +1 -1
- package/dist/score/adjustments.js +108 -37
- package/dist/score/adjustments.js.map +1 -1
- package/dist/score/confidence.d.ts +6 -0
- package/dist/score/confidence.d.ts.map +1 -1
- package/dist/score/confidence.js +10 -4
- package/dist/score/confidence.js.map +1 -1
- package/dist/score/evidence.d.ts +25 -0
- package/dist/score/evidence.d.ts.map +1 -0
- package/dist/score/evidence.js +51 -0
- package/dist/score/evidence.js.map +1 -0
- package/dist/score/index.d.ts +3 -1
- package/dist/score/index.d.ts.map +1 -1
- package/dist/score/index.js +25 -50
- package/dist/score/index.js.map +1 -1
- package/dist/score/types.d.ts +5 -1
- package/dist/score/types.d.ts.map +1 -1
- package/dist/shared/category-filter.d.ts.map +1 -1
- package/dist/shared/category-filter.js +12 -0
- package/dist/shared/category-filter.js.map +1 -1
- package/dist/shared/regex-utils.d.ts +3 -0
- package/dist/shared/regex-utils.d.ts.map +1 -0
- package/dist/shared/regex-utils.js +8 -0
- package/dist/shared/regex-utils.js.map +1 -0
- package/dist/shared/registry-clients.d.ts +7 -0
- package/dist/shared/registry-clients.d.ts.map +1 -1
- package/dist/shared/registry-clients.js +94 -17
- package/dist/shared/registry-clients.js.map +1 -1
- package/dist/shared/rules/metadata.d.ts.map +1 -1
- package/dist/shared/rules/metadata.js +17 -0
- package/dist/shared/rules/metadata.js.map +1 -1
- package/dist/shared/types.d.ts +59 -15
- package/dist/shared/types.d.ts.map +1 -1
- package/dist/shared/types.js +38 -21
- package/dist/shared/types.js.map +1 -1
- package/dist/taint/async-flow.d.ts +44 -0
- package/dist/taint/async-flow.d.ts.map +1 -0
- package/dist/taint/async-flow.js +271 -0
- package/dist/taint/async-flow.js.map +1 -0
- package/dist/taint/cfg-builder.d.ts +35 -0
- package/dist/taint/cfg-builder.d.ts.map +1 -0
- package/dist/taint/cfg-builder.js +980 -0
- package/dist/taint/cfg-builder.js.map +1 -0
- package/dist/taint/cfg-types.d.ts +76 -0
- package/dist/taint/cfg-types.d.ts.map +1 -0
- package/dist/taint/cfg-types.js +13 -0
- package/dist/taint/cfg-types.js.map +1 -0
- package/dist/taint/constant-propagation.d.ts +34 -0
- package/dist/taint/constant-propagation.d.ts.map +1 -0
- package/dist/taint/constant-propagation.js +164 -0
- package/dist/taint/constant-propagation.js.map +1 -0
- package/dist/taint/cross-file-analyzer.d.ts +27 -0
- package/dist/taint/cross-file-analyzer.d.ts.map +1 -0
- package/dist/taint/cross-file-analyzer.js +99 -0
- package/dist/taint/cross-file-analyzer.js.map +1 -0
- package/dist/taint/cross-file-index.d.ts +59 -0
- package/dist/taint/cross-file-index.d.ts.map +1 -0
- package/dist/taint/cross-file-index.js +183 -0
- package/dist/taint/cross-file-index.js.map +1 -0
- package/dist/taint/def-use.d.ts +27 -0
- package/dist/taint/def-use.d.ts.map +1 -0
- package/dist/taint/def-use.js +519 -0
- package/dist/taint/def-use.js.map +1 -0
- package/dist/taint/file-analysis-cache.d.ts +47 -0
- package/dist/taint/file-analysis-cache.d.ts.map +1 -0
- package/dist/taint/file-analysis-cache.js +107 -0
- package/dist/taint/file-analysis-cache.js.map +1 -0
- package/dist/taint/framework-models.d.ts +77 -0
- package/dist/taint/framework-models.d.ts.map +1 -0
- package/dist/taint/framework-models.js +258 -0
- package/dist/taint/framework-models.js.map +1 -0
- package/dist/taint/helpers.d.ts +31 -0
- package/dist/taint/helpers.d.ts.map +1 -0
- package/dist/taint/helpers.js +130 -0
- package/dist/taint/helpers.js.map +1 -0
- package/dist/taint/index.d.ts +28 -0
- package/dist/taint/index.d.ts.map +1 -0
- package/dist/taint/index.js +77 -0
- package/dist/taint/index.js.map +1 -0
- package/dist/taint/llm-registry.d.ts +47 -0
- package/dist/taint/llm-registry.d.ts.map +1 -0
- package/dist/taint/llm-registry.js +152 -0
- package/dist/taint/llm-registry.js.map +1 -0
- package/dist/taint/llm-risk-scoring.d.ts +54 -0
- package/dist/taint/llm-risk-scoring.d.ts.map +1 -0
- package/dist/taint/llm-risk-scoring.js +376 -0
- package/dist/taint/llm-risk-scoring.js.map +1 -0
- package/dist/taint/propagation-types.d.ts +104 -0
- package/dist/taint/propagation-types.d.ts.map +1 -0
- package/dist/taint/propagation-types.js +98 -0
- package/dist/taint/propagation-types.js.map +1 -0
- package/dist/taint/propagation.d.ts +111 -0
- package/dist/taint/propagation.d.ts.map +1 -0
- package/dist/taint/propagation.js +1576 -0
- package/dist/taint/propagation.js.map +1 -0
- package/dist/taint/sanitizer-registry.d.ts +26 -0
- package/dist/taint/sanitizer-registry.d.ts.map +1 -0
- package/dist/taint/sanitizer-registry.js +422 -0
- package/dist/taint/sanitizer-registry.js.map +1 -0
- package/dist/taint/sink-classifier.d.ts +27 -0
- package/dist/taint/sink-classifier.d.ts.map +1 -0
- package/dist/taint/sink-classifier.js +1166 -0
- package/dist/taint/sink-classifier.js.map +1 -0
- package/dist/taint/source-classifier.d.ts +29 -0
- package/dist/taint/source-classifier.d.ts.map +1 -0
- package/dist/taint/source-classifier.js +814 -0
- package/dist/taint/source-classifier.js.map +1 -0
- package/dist/taint/taint-analyzer.d.ts +33 -0
- package/dist/taint/taint-analyzer.d.ts.map +1 -0
- package/dist/taint/taint-analyzer.js +88 -0
- package/dist/taint/taint-analyzer.js.map +1 -0
- package/dist/taint/taint-summary.d.ts +37 -0
- package/dist/taint/taint-summary.d.ts.map +1 -0
- package/dist/taint/taint-summary.js +293 -0
- package/dist/taint/taint-summary.js.map +1 -0
- package/dist/taint/types.d.ts +47 -0
- package/dist/taint/types.d.ts.map +1 -0
- package/dist/taint/types.js +19 -0
- package/dist/taint/types.js.map +1 -0
- package/dist/validate/clients.d.ts +2 -1
- package/dist/validate/clients.d.ts.map +1 -1
- package/dist/validate/clients.js +3 -2
- package/dist/validate/clients.js.map +1 -1
- package/dist/validate/index.d.ts +5 -6
- package/dist/validate/index.d.ts.map +1 -1
- package/dist/validate/index.js +22 -21
- package/dist/validate/index.js.map +1 -1
- package/dist/validate/prompts/modules/ai-patterns.d.ts +1 -1
- package/dist/validate/prompts/modules/ai-patterns.d.ts.map +1 -1
- package/dist/validate/prompts/modules/ai-patterns.js +16 -0
- package/dist/validate/prompts/modules/ai-patterns.js.map +1 -1
- package/dist/validate/prompts/modules/common.d.ts +1 -1
- package/dist/validate/prompts/modules/common.d.ts.map +1 -1
- package/dist/validate/prompts/modules/common.js +12 -3
- package/dist/validate/prompts/modules/common.js.map +1 -1
- package/dist/validate/providers/anthropic.d.ts +4 -4
- package/dist/validate/providers/anthropic.d.ts.map +1 -1
- package/dist/validate/providers/anthropic.js +85 -58
- package/dist/validate/providers/anthropic.js.map +1 -1
- package/dist/validate/providers/openai.d.ts +4 -4
- package/dist/validate/providers/openai.d.ts.map +1 -1
- package/dist/validate/providers/openai.js +149 -99
- package/dist/validate/providers/openai.js.map +1 -1
- package/dist/validate/request-builder.d.ts +2 -8
- package/dist/validate/request-builder.d.ts.map +1 -1
- package/dist/validate/request-builder.js +4 -34
- package/dist/validate/request-builder.js.map +1 -1
- package/dist/validate/types.d.ts +9 -0
- package/dist/validate/types.d.ts.map +1 -1
- package/dist/validate/types.js.map +1 -1
- package/dist/validate/utils/path-helpers.js +2 -2
- package/dist/validate/utils/path-helpers.js.map +1 -1
- package/dist/validate/utils/response-parser.d.ts +10 -0
- package/dist/validate/utils/response-parser.d.ts.map +1 -1
- package/dist/validate/utils/response-parser.js +21 -2
- package/dist/validate/utils/response-parser.js.map +1 -1
- package/dist/validate/utils/retry.d.ts.map +1 -1
- package/dist/validate/utils/retry.js +19 -4
- package/dist/validate/utils/retry.js.map +1 -1
- package/package.json +7 -4
- package/src/__tests__/benchmark/fixtures/layer2/ai-execution-sinks.ts +1 -1
- package/src/__tests__/benchmark/planted-benchmark.test.ts +337 -0
- package/src/__tests__/benchmark/utils/test-runner.ts +38 -4
- package/src/__tests__/category-filter.test.ts +5 -1
- package/src/__tests__/context-engine/route-discovery/python.test.ts +726 -0
- package/src/__tests__/detect/ast-rules.test.ts +1043 -0
- package/src/__tests__/detect/offline-mode.test.ts +147 -0
- package/src/__tests__/detect/python-ast-rules.test.ts +569 -0
- package/src/__tests__/detect/python-helpers.test.ts +536 -0
- package/src/__tests__/detect/python-sast-rules.test.ts +453 -0
- package/src/__tests__/detect/rules-file-backdoor-decoders.test.ts +151 -0
- package/src/__tests__/detect/rules-file-backdoor.test.ts +284 -0
- package/src/__tests__/detect/taint-fix-templates.test.ts +150 -0
- package/src/__tests__/detect/taint-path-serialization.test.ts +170 -0
- package/src/__tests__/parse/call-graph.test.ts +300 -0
- package/src/__tests__/parse/python-parser.test.ts +274 -0
- package/src/__tests__/regression/known-false-positives.test.ts +491 -9
- package/src/__tests__/regression/rules-file-backdoor.test.ts +137 -0
- package/src/__tests__/score/adjustments.test.ts +34 -16
- package/src/__tests__/score/confidence.test.ts +84 -57
- package/src/__tests__/score/evidence-scoring.test.ts +249 -0
- package/src/__tests__/score/evidence.test.ts +144 -0
- package/src/__tests__/score/scoring-integration.test.ts +56 -34
- package/src/__tests__/score/taint-adjustments.test.ts +14 -228
- package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +65 -59
- package/src/__tests__/snapshots/scan-depth.test.ts +39 -7
- package/src/__tests__/taint/async-flow.test.ts +247 -0
- package/src/__tests__/taint/cfg-builder.test.ts +835 -0
- package/src/__tests__/taint/constant-propagation.test.ts +302 -0
- package/src/__tests__/taint/cross-file-index.test.ts +683 -0
- package/src/__tests__/taint/cross-file-integration.test.ts +275 -0
- package/src/__tests__/taint/cross-file-propagation.test.ts +910 -0
- package/src/__tests__/taint/def-use.test.ts +132 -0
- package/src/__tests__/taint/field-sensitive-sinks.test.ts +179 -0
- package/src/__tests__/taint/field-sensitivity.test.ts +342 -0
- package/src/__tests__/taint/file-analysis-cache.test.ts +290 -0
- package/src/__tests__/taint/framework-models.test.ts +227 -0
- package/src/__tests__/taint/llm-flow-graph.test.ts +850 -0
- package/src/__tests__/taint/llm-risk-scoring.test.ts +439 -0
- package/src/__tests__/taint/performance-parity.test.ts +315 -0
- package/src/__tests__/taint/propagation.test.ts +621 -0
- package/src/__tests__/taint/python-cross-file.test.ts +494 -0
- package/src/__tests__/taint/python-taint.test.ts +1344 -0
- package/src/__tests__/taint/sanitizer-registry.test.ts +304 -0
- package/src/__tests__/taint/sanitizer-regression.test.ts +111 -0
- package/src/__tests__/taint/sink-classifier.test.ts +537 -0
- package/src/__tests__/taint/source-classifier.test.ts +367 -0
- package/src/__tests__/taint/taint-pipeline.test.ts +418 -0
- package/src/__tests__/taint/taint-smoke.test.ts +400 -0
- package/src/__tests__/taint/taint-summary.test.ts +472 -0
- package/src/detect/ai-code/index.ts +6 -11
- package/src/detect/ast-rules/agent-tools-ast.ts +861 -0
- package/src/detect/ast-rules/ai-fingerprinting-ast.ts +451 -0
- package/src/detect/ast-rules/auth-patterns-ast.ts +304 -0
- package/src/detect/ast-rules/byok-ast.ts +195 -0
- package/src/detect/ast-rules/child-process-ast.ts +276 -0
- package/src/detect/ast-rules/dangerous-eval-ast.ts +227 -0
- package/src/detect/ast-rules/data-exposure-ast.ts +162 -0
- package/src/detect/ast-rules/dom-xss-ast.ts +260 -0
- package/src/detect/ast-rules/endpoint-protection-ast.ts +231 -0
- package/src/detect/ast-rules/entropy-ast.ts +268 -0
- package/src/detect/ast-rules/flask-debug-ast.ts +148 -0
- package/src/detect/ast-rules/framework-checks-ast.ts +200 -0
- package/src/detect/ast-rules/helpers/call-analysis.ts +256 -0
- package/src/detect/ast-rules/helpers/context-detection.ts +277 -0
- package/src/detect/ast-rules/helpers/control-flow.ts +179 -0
- package/src/detect/ast-rules/helpers/import-analysis.ts +185 -0
- package/src/detect/ast-rules/helpers/index.ts +133 -0
- package/src/detect/ast-rules/helpers/python-helpers.ts +1054 -0
- package/src/detect/ast-rules/helpers/scope-analysis.ts +224 -0
- package/src/detect/ast-rules/helpers/string-analysis.ts +215 -0
- package/src/detect/ast-rules/helpers/type-extraction.ts +138 -0
- package/src/detect/ast-rules/helpers/user-input.ts +256 -0
- package/src/detect/ast-rules/index.ts +311 -0
- package/src/detect/ast-rules/json-parse-ast.ts +162 -0
- package/src/detect/ast-rules/log-injection-ast.ts +243 -0
- package/src/detect/ast-rules/logic-gates-ast.ts +343 -0
- package/src/detect/ast-rules/mcp-security-ast.ts +808 -0
- package/src/detect/ast-rules/model-supply-chain-ast.ts +202 -0
- package/src/detect/ast-rules/package-hallucination-ast.ts +664 -0
- package/src/detect/ast-rules/prompt-hygiene-ast.ts +329 -0
- package/src/detect/ast-rules/rag-safety-ast.ts +689 -0
- package/src/detect/ast-rules/request-validation-ast.ts +122 -0
- package/src/detect/ast-rules/risky-imports-ast.ts +133 -0
- package/src/detect/ast-rules/schema-validation-ast.ts +244 -0
- package/src/detect/ast-rules/secret-patterns-ast.ts +223 -0
- package/src/detect/ast-rules/security-headers-ast.ts +206 -0
- package/src/detect/ast-rules/sql-injection-ast.ts +614 -0
- package/src/detect/ast-rules/ssrf-ast.ts +601 -0
- package/src/detect/ast-rules/taint-fix-templates.ts +108 -0
- package/src/detect/ast-rules/taint-flow-ast.ts +416 -0
- package/src/detect/ast-rules/variables-ast.ts +446 -0
- package/src/detect/ast-rules/weak-crypto-ast.ts +441 -0
- package/src/detect/ast-rules/xxe-ast.ts +184 -0
- package/src/detect/config/agent-skill-injection.ts +2 -24
- package/src/detect/config/index.ts +1 -0
- package/src/detect/config/osv-check.ts +6 -1
- package/src/detect/config/package-check.ts +6 -1
- package/src/detect/config/rules-file-backdoor.ts +438 -0
- package/src/detect/index.ts +146 -52
- package/src/detect/secrets/config-audit.ts +37 -3
- package/src/detect/secrets/entropy.ts +195 -0
- package/src/detect/secrets/index.ts +7 -16
- package/src/detect/structural/index.ts +23 -566
- package/src/index.ts +7 -0
- package/src/model/auth-helper-detector.ts +1 -7
- package/src/model/import-resolver.ts +104 -0
- package/src/model/imported-auth-detector.ts +1 -1
- package/src/model/index.ts +240 -80
- package/src/model/module-graph.ts +17 -5
- package/src/model/project-context.ts +28 -1
- package/src/model/route-auth-resolver.ts +18 -3
- package/src/model/route-discovery/index.ts +1 -1
- package/src/model/route-discovery/nextjs.ts +1 -1
- package/src/model/route-discovery/python.ts +156 -9
- package/src/model/route-discovery/types.ts +1 -1
- package/src/model/route-discovery/utils.ts +73 -0
- package/src/model/taint-types.ts +1 -6
- package/src/parse/ast.ts +271 -0
- package/src/parse/call-graph.ts +419 -0
- package/src/parse/file-classifier.ts +69 -15
- package/src/parse/node-index.ts +118 -0
- package/src/parse/type-extractor.ts +293 -0
- package/src/pipeline/config.ts +7 -0
- package/src/pipeline/index.ts +464 -199
- package/src/pipeline/modes/incremental.ts +1 -7
- package/src/postprocess/dedup.ts +48 -17
- package/src/report/build-result.ts +57 -29
- package/src/report/formatters/cli-terminal.ts +731 -415
- package/src/report/sanitize.ts +27 -0
- package/src/score/adjustments.ts +113 -40
- package/src/score/confidence.ts +10 -5
- package/src/score/evidence.ts +55 -0
- package/src/score/index.ts +27 -55
- package/src/score/types.ts +4 -0
- package/src/shared/category-filter.ts +12 -0
- package/src/shared/regex-utils.ts +4 -0
- package/src/shared/registry-clients.ts +106 -18
- package/src/shared/rules/__tests__/metadata.test.ts +5 -1
- package/src/shared/rules/metadata.ts +19 -0
- package/src/shared/types.ts +372 -253
- package/src/taint/async-flow.ts +301 -0
- package/src/taint/cfg-builder.ts +1127 -0
- package/src/taint/cfg-types.ts +110 -0
- package/src/taint/constant-propagation.ts +170 -0
- package/src/taint/cross-file-analyzer.ts +118 -0
- package/src/taint/cross-file-index.ts +275 -0
- package/src/taint/def-use.ts +556 -0
- package/src/taint/file-analysis-cache.ts +145 -0
- package/src/taint/framework-models.ts +313 -0
- package/src/taint/helpers.ts +138 -0
- package/src/taint/index.ts +71 -0
- package/src/taint/llm-registry.ts +174 -0
- package/src/taint/llm-risk-scoring.ts +412 -0
- package/src/taint/propagation-types.ts +188 -0
- package/src/taint/propagation.ts +1750 -0
- package/src/taint/sanitizer-registry.ts +490 -0
- package/src/taint/sink-classifier.ts +1402 -0
- package/src/taint/source-classifier.ts +859 -0
- package/src/taint/taint-analyzer.ts +112 -0
- package/src/taint/taint-summary.ts +341 -0
- package/src/taint/types.ts +86 -0
- package/src/validate/clients.ts +3 -2
- package/src/validate/index.ts +89 -53
- package/src/validate/prompts/modules/ai-patterns.ts +16 -0
- package/src/validate/prompts/modules/common.ts +12 -3
- package/src/validate/providers/anthropic.ts +254 -148
- package/src/validate/providers/openai.ts +363 -218
- package/src/validate/request-builder.ts +2 -45
- package/src/validate/types.ts +9 -0
- package/src/validate/utils/path-helpers.ts +2 -2
- package/src/validate/utils/response-parser.ts +32 -3
- package/src/validate/utils/retry.ts +19 -4
- package/dist/ai-context/index.d.ts +0 -6
- package/dist/ai-context/index.d.ts.map +0 -1
- package/dist/ai-context/index.js +0 -13
- package/dist/ai-context/index.js.map +0 -1
- package/dist/ai-context/manager.d.ts +0 -67
- package/dist/ai-context/manager.d.ts.map +0 -1
- package/dist/ai-context/manager.js +0 -104
- package/dist/ai-context/manager.js.map +0 -1
- package/dist/baseline/diff.d.ts +0 -32
- package/dist/baseline/diff.d.ts.map +0 -1
- package/dist/baseline/diff.js +0 -119
- package/dist/baseline/diff.js.map +0 -1
- package/dist/baseline/index.d.ts +0 -9
- package/dist/baseline/index.d.ts.map +0 -1
- package/dist/baseline/index.js +0 -19
- package/dist/baseline/index.js.map +0 -1
- package/dist/baseline/manager.d.ts +0 -67
- package/dist/baseline/manager.d.ts.map +0 -1
- package/dist/baseline/manager.js +0 -180
- package/dist/baseline/manager.js.map +0 -1
- package/dist/baseline/types.d.ts +0 -91
- package/dist/baseline/types.d.ts.map +0 -1
- package/dist/baseline/types.js +0 -12
- package/dist/baseline/types.js.map +0 -1
- package/dist/category-filter.d.ts +0 -125
- package/dist/category-filter.d.ts.map +0 -1
- package/dist/category-filter.js +0 -360
- package/dist/category-filter.js.map +0 -1
- package/dist/detect/ai-code/agent-tools.d.ts +0 -22
- package/dist/detect/ai-code/agent-tools.d.ts.map +0 -1
- package/dist/detect/ai-code/agent-tools.js +0 -1509
- package/dist/detect/ai-code/agent-tools.js.map +0 -1
- package/dist/detect/ai-code/byok-patterns.d.ts +0 -15
- package/dist/detect/ai-code/byok-patterns.d.ts.map +0 -1
- package/dist/detect/ai-code/byok-patterns.js +0 -313
- package/dist/detect/ai-code/byok-patterns.js.map +0 -1
- package/dist/detect/ai-code/endpoint-protection.d.ts +0 -38
- package/dist/detect/ai-code/endpoint-protection.d.ts.map +0 -1
- package/dist/detect/ai-code/endpoint-protection.js +0 -349
- package/dist/detect/ai-code/endpoint-protection.js.map +0 -1
- package/dist/detect/ai-code/execution-sinks.d.ts +0 -21
- package/dist/detect/ai-code/execution-sinks.d.ts.map +0 -1
- package/dist/detect/ai-code/execution-sinks.js +0 -1158
- package/dist/detect/ai-code/execution-sinks.js.map +0 -1
- package/dist/detect/ai-code/fingerprinting.d.ts +0 -10
- package/dist/detect/ai-code/fingerprinting.d.ts.map +0 -1
- package/dist/detect/ai-code/fingerprinting.js +0 -665
- package/dist/detect/ai-code/fingerprinting.js.map +0 -1
- package/dist/detect/ai-code/mcp-security.d.ts +0 -20
- package/dist/detect/ai-code/mcp-security.d.ts.map +0 -1
- package/dist/detect/ai-code/mcp-security.js +0 -880
- package/dist/detect/ai-code/mcp-security.js.map +0 -1
- package/dist/detect/ai-code/model-supply-chain.d.ts +0 -23
- package/dist/detect/ai-code/model-supply-chain.d.ts.map +0 -1
- package/dist/detect/ai-code/model-supply-chain.js +0 -447
- package/dist/detect/ai-code/model-supply-chain.js.map +0 -1
- package/dist/detect/ai-code/package-hallucination.d.ts +0 -22
- package/dist/detect/ai-code/package-hallucination.d.ts.map +0 -1
- package/dist/detect/ai-code/package-hallucination.js +0 -841
- package/dist/detect/ai-code/package-hallucination.js.map +0 -1
- package/dist/detect/ai-code/prompt-hygiene.d.ts +0 -22
- package/dist/detect/ai-code/prompt-hygiene.d.ts.map +0 -1
- package/dist/detect/ai-code/prompt-hygiene.js +0 -1177
- package/dist/detect/ai-code/prompt-hygiene.js.map +0 -1
- package/dist/detect/ai-code/rag-safety.d.ts +0 -24
- package/dist/detect/ai-code/rag-safety.d.ts.map +0 -1
- package/dist/detect/ai-code/rag-safety.js +0 -913
- package/dist/detect/ai-code/rag-safety.js.map +0 -1
- package/dist/detect/ai-code/schema-validation.d.ts +0 -28
- package/dist/detect/ai-code/schema-validation.d.ts.map +0 -1
- package/dist/detect/ai-code/schema-validation.js +0 -378
- package/dist/detect/ai-code/schema-validation.js.map +0 -1
- package/dist/detect/secrets/patterns.d.ts +0 -11
- package/dist/detect/secrets/patterns.d.ts.map +0 -1
- package/dist/detect/secrets/patterns.js +0 -518
- package/dist/detect/secrets/patterns.js.map +0 -1
- package/dist/detect/secrets/weak-crypto.d.ts +0 -10
- package/dist/detect/secrets/weak-crypto.d.ts.map +0 -1
- package/dist/detect/secrets/weak-crypto.js +0 -432
- package/dist/detect/secrets/weak-crypto.js.map +0 -1
- package/dist/detect/structural/auth-patterns.d.ts +0 -22
- package/dist/detect/structural/auth-patterns.d.ts.map +0 -1
- package/dist/detect/structural/auth-patterns.js +0 -533
- package/dist/detect/structural/auth-patterns.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/child-process.d.ts +0 -16
- package/dist/detect/structural/dangerous-functions/child-process.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/child-process.js +0 -74
- package/dist/detect/structural/dangerous-functions/child-process.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/dom-xss.d.ts +0 -34
- package/dist/detect/structural/dangerous-functions/dom-xss.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/dom-xss.js +0 -230
- package/dist/detect/structural/dangerous-functions/dom-xss.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/index.d.ts +0 -16
- package/dist/detect/structural/dangerous-functions/index.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/index.js +0 -1193
- package/dist/detect/structural/dangerous-functions/index.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/json-parse.d.ts +0 -31
- package/dist/detect/structural/dangerous-functions/json-parse.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/json-parse.js +0 -326
- package/dist/detect/structural/dangerous-functions/json-parse.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/math-random.d.ts +0 -111
- package/dist/detect/structural/dangerous-functions/math-random.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/math-random.js +0 -684
- package/dist/detect/structural/dangerous-functions/math-random.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/patterns.d.ts +0 -21
- package/dist/detect/structural/dangerous-functions/patterns.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/patterns.js +0 -163
- package/dist/detect/structural/dangerous-functions/patterns.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/request-validation.d.ts +0 -13
- package/dist/detect/structural/dangerous-functions/request-validation.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/request-validation.js +0 -126
- package/dist/detect/structural/dangerous-functions/request-validation.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts +0 -24
- package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/utils/control-flow.js +0 -70
- package/dist/detect/structural/dangerous-functions/utils/control-flow.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts +0 -31
- package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/utils/helpers.js +0 -147
- package/dist/detect/structural/dangerous-functions/utils/helpers.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/utils/index.d.ts +0 -9
- package/dist/detect/structural/dangerous-functions/utils/index.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/utils/index.js +0 -23
- package/dist/detect/structural/dangerous-functions/utils/index.js.map +0 -1
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts +0 -22
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts.map +0 -1
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.js +0 -102
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.js.map +0 -1
- package/dist/detect/structural/data-exposure.d.ts +0 -19
- package/dist/detect/structural/data-exposure.d.ts.map +0 -1
- package/dist/detect/structural/data-exposure.js +0 -262
- package/dist/detect/structural/data-exposure.js.map +0 -1
- package/dist/detect/structural/framework-checks.d.ts +0 -10
- package/dist/detect/structural/framework-checks.d.ts.map +0 -1
- package/dist/detect/structural/framework-checks.js +0 -389
- package/dist/detect/structural/framework-checks.js.map +0 -1
- package/dist/detect/structural/log-injection.d.ts +0 -18
- package/dist/detect/structural/log-injection.d.ts.map +0 -1
- package/dist/detect/structural/log-injection.js +0 -217
- package/dist/detect/structural/log-injection.js.map +0 -1
- package/dist/detect/structural/logic-gates.d.ts +0 -10
- package/dist/detect/structural/logic-gates.d.ts.map +0 -1
- package/dist/detect/structural/logic-gates.js +0 -227
- package/dist/detect/structural/logic-gates.js.map +0 -1
- package/dist/detect/structural/risky-imports.d.ts +0 -10
- package/dist/detect/structural/risky-imports.d.ts.map +0 -1
- package/dist/detect/structural/risky-imports.js +0 -168
- package/dist/detect/structural/risky-imports.js.map +0 -1
- package/dist/detect/structural/security-headers.d.ts +0 -18
- package/dist/detect/structural/security-headers.d.ts.map +0 -1
- package/dist/detect/structural/security-headers.js +0 -196
- package/dist/detect/structural/security-headers.js.map +0 -1
- package/dist/detect/structural/ssrf-detection.d.ts +0 -18
- package/dist/detect/structural/ssrf-detection.d.ts.map +0 -1
- package/dist/detect/structural/ssrf-detection.js +0 -263
- package/dist/detect/structural/ssrf-detection.js.map +0 -1
- package/dist/detect/structural/variables.d.ts +0 -11
- package/dist/detect/structural/variables.d.ts.map +0 -1
- package/dist/detect/structural/variables.js +0 -159
- package/dist/detect/structural/variables.js.map +0 -1
- package/dist/detect/structural/xxe-detection.d.ts +0 -18
- package/dist/detect/structural/xxe-detection.d.ts.map +0 -1
- package/dist/detect/structural/xxe-detection.js +0 -245
- package/dist/detect/structural/xxe-detection.js.map +0 -1
- package/dist/filtering/context-adjustments.d.ts +0 -23
- package/dist/filtering/context-adjustments.d.ts.map +0 -1
- package/dist/filtering/context-adjustments.js +0 -100
- package/dist/filtering/context-adjustments.js.map +0 -1
- package/dist/filtering/index.d.ts +0 -3
- package/dist/filtering/index.d.ts.map +0 -1
- package/dist/filtering/index.js +0 -8
- package/dist/filtering/index.js.map +0 -1
- package/dist/filtering/pipeline.d.ts +0 -48
- package/dist/filtering/pipeline.d.ts.map +0 -1
- package/dist/filtering/pipeline.js +0 -76
- package/dist/filtering/pipeline.js.map +0 -1
- package/dist/formatters/ai-context.d.ts +0 -23
- package/dist/formatters/ai-context.d.ts.map +0 -1
- package/dist/formatters/ai-context.js +0 -238
- package/dist/formatters/ai-context.js.map +0 -1
- package/dist/formatters/cli-terminal.d.ts +0 -65
- package/dist/formatters/cli-terminal.d.ts.map +0 -1
- package/dist/formatters/cli-terminal.js +0 -735
- package/dist/formatters/cli-terminal.js.map +0 -1
- package/dist/formatters/github-comment.d.ts +0 -41
- package/dist/formatters/github-comment.d.ts.map +0 -1
- package/dist/formatters/github-comment.js +0 -370
- package/dist/formatters/github-comment.js.map +0 -1
- package/dist/formatters/grouping.d.ts +0 -52
- package/dist/formatters/grouping.d.ts.map +0 -1
- package/dist/formatters/grouping.js +0 -152
- package/dist/formatters/grouping.js.map +0 -1
- package/dist/formatters/ide/claude-code.d.ts +0 -17
- package/dist/formatters/ide/claude-code.d.ts.map +0 -1
- package/dist/formatters/ide/claude-code.js +0 -94
- package/dist/formatters/ide/claude-code.js.map +0 -1
- package/dist/formatters/ide/cursor.d.ts +0 -13
- package/dist/formatters/ide/cursor.d.ts.map +0 -1
- package/dist/formatters/ide/cursor.js +0 -125
- package/dist/formatters/ide/cursor.js.map +0 -1
- package/dist/formatters/ide/index.d.ts +0 -62
- package/dist/formatters/ide/index.d.ts.map +0 -1
- package/dist/formatters/ide/index.js +0 -184
- package/dist/formatters/ide/index.js.map +0 -1
- package/dist/formatters/ide/windsurf.d.ts +0 -13
- package/dist/formatters/ide/windsurf.d.ts.map +0 -1
- package/dist/formatters/ide/windsurf.js +0 -117
- package/dist/formatters/ide/windsurf.js.map +0 -1
- package/dist/formatters/index.d.ts +0 -11
- package/dist/formatters/index.d.ts.map +0 -1
- package/dist/formatters/index.js +0 -54
- package/dist/formatters/index.js.map +0 -1
- package/dist/formatters/vscode-diagnostic.d.ts +0 -103
- package/dist/formatters/vscode-diagnostic.d.ts.map +0 -1
- package/dist/formatters/vscode-diagnostic.js +0 -151
- package/dist/formatters/vscode-diagnostic.js.map +0 -1
- package/dist/layer1/comments.d.ts +0 -11
- package/dist/layer1/comments.d.ts.map +0 -1
- package/dist/layer1/comments.js +0 -203
- package/dist/layer1/comments.js.map +0 -1
- package/dist/layer1/config-audit.d.ts +0 -11
- package/dist/layer1/config-audit.d.ts.map +0 -1
- package/dist/layer1/config-audit.js +0 -311
- package/dist/layer1/config-audit.js.map +0 -1
- package/dist/layer1/config-mcp-audit.d.ts +0 -23
- package/dist/layer1/config-mcp-audit.d.ts.map +0 -1
- package/dist/layer1/config-mcp-audit.js +0 -239
- package/dist/layer1/config-mcp-audit.js.map +0 -1
- package/dist/layer1/entropy.d.ts +0 -11
- package/dist/layer1/entropy.d.ts.map +0 -1
- package/dist/layer1/entropy.js +0 -741
- package/dist/layer1/entropy.js.map +0 -1
- package/dist/layer1/file-flags.d.ts +0 -10
- package/dist/layer1/file-flags.d.ts.map +0 -1
- package/dist/layer1/file-flags.js +0 -119
- package/dist/layer1/file-flags.js.map +0 -1
- package/dist/layer1/index.d.ts +0 -38
- package/dist/layer1/index.d.ts.map +0 -1
- package/dist/layer1/index.js +0 -170
- package/dist/layer1/index.js.map +0 -1
- package/dist/layer1/patterns.d.ts +0 -11
- package/dist/layer1/patterns.d.ts.map +0 -1
- package/dist/layer1/patterns.js +0 -512
- package/dist/layer1/patterns.js.map +0 -1
- package/dist/layer1/urls.d.ts +0 -11
- package/dist/layer1/urls.d.ts.map +0 -1
- package/dist/layer1/urls.js +0 -444
- package/dist/layer1/urls.js.map +0 -1
- package/dist/layer1/weak-crypto.d.ts +0 -10
- package/dist/layer1/weak-crypto.d.ts.map +0 -1
- package/dist/layer1/weak-crypto.js +0 -428
- package/dist/layer1/weak-crypto.js.map +0 -1
- package/dist/layer2/ai-agent-tools.d.ts +0 -22
- package/dist/layer2/ai-agent-tools.d.ts.map +0 -1
- package/dist/layer2/ai-agent-tools.js +0 -1490
- package/dist/layer2/ai-agent-tools.js.map +0 -1
- package/dist/layer2/ai-endpoint-protection.d.ts +0 -38
- package/dist/layer2/ai-endpoint-protection.d.ts.map +0 -1
- package/dist/layer2/ai-endpoint-protection.js +0 -346
- package/dist/layer2/ai-endpoint-protection.js.map +0 -1
- package/dist/layer2/ai-execution-sinks.d.ts +0 -21
- package/dist/layer2/ai-execution-sinks.d.ts.map +0 -1
- package/dist/layer2/ai-execution-sinks.js +0 -1155
- package/dist/layer2/ai-execution-sinks.js.map +0 -1
- package/dist/layer2/ai-fingerprinting.d.ts +0 -10
- package/dist/layer2/ai-fingerprinting.d.ts.map +0 -1
- package/dist/layer2/ai-fingerprinting.js +0 -650
- package/dist/layer2/ai-fingerprinting.js.map +0 -1
- package/dist/layer2/ai-mcp-security.d.ts +0 -20
- package/dist/layer2/ai-mcp-security.d.ts.map +0 -1
- package/dist/layer2/ai-mcp-security.js +0 -877
- package/dist/layer2/ai-mcp-security.js.map +0 -1
- package/dist/layer2/ai-package-hallucination.d.ts +0 -22
- package/dist/layer2/ai-package-hallucination.d.ts.map +0 -1
- package/dist/layer2/ai-package-hallucination.js +0 -828
- package/dist/layer2/ai-package-hallucination.js.map +0 -1
- package/dist/layer2/ai-prompt-hygiene.d.ts +0 -22
- package/dist/layer2/ai-prompt-hygiene.d.ts.map +0 -1
- package/dist/layer2/ai-prompt-hygiene.js +0 -1156
- package/dist/layer2/ai-prompt-hygiene.js.map +0 -1
- package/dist/layer2/ai-rag-safety.d.ts +0 -24
- package/dist/layer2/ai-rag-safety.d.ts.map +0 -1
- package/dist/layer2/ai-rag-safety.js +0 -910
- package/dist/layer2/ai-rag-safety.js.map +0 -1
- package/dist/layer2/ai-schema-validation.d.ts +0 -28
- package/dist/layer2/ai-schema-validation.d.ts.map +0 -1
- package/dist/layer2/ai-schema-validation.js +0 -375
- package/dist/layer2/ai-schema-validation.js.map +0 -1
- package/dist/layer2/auth-antipatterns.d.ts +0 -22
- package/dist/layer2/auth-antipatterns.d.ts.map +0 -1
- package/dist/layer2/auth-antipatterns.js +0 -522
- package/dist/layer2/auth-antipatterns.js.map +0 -1
- package/dist/layer2/byok-patterns.d.ts +0 -15
- package/dist/layer2/byok-patterns.d.ts.map +0 -1
- package/dist/layer2/byok-patterns.js +0 -302
- package/dist/layer2/byok-patterns.js.map +0 -1
- package/dist/layer2/dangerous-functions/child-process.d.ts +0 -16
- package/dist/layer2/dangerous-functions/child-process.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/child-process.js +0 -74
- package/dist/layer2/dangerous-functions/child-process.js.map +0 -1
- package/dist/layer2/dangerous-functions/dom-xss.d.ts +0 -34
- package/dist/layer2/dangerous-functions/dom-xss.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/dom-xss.js +0 -230
- package/dist/layer2/dangerous-functions/dom-xss.js.map +0 -1
- package/dist/layer2/dangerous-functions/index.d.ts +0 -16
- package/dist/layer2/dangerous-functions/index.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/index.js +0 -1152
- package/dist/layer2/dangerous-functions/index.js.map +0 -1
- package/dist/layer2/dangerous-functions/json-parse.d.ts +0 -31
- package/dist/layer2/dangerous-functions/json-parse.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/json-parse.js +0 -319
- package/dist/layer2/dangerous-functions/json-parse.js.map +0 -1
- package/dist/layer2/dangerous-functions/math-random.d.ts +0 -111
- package/dist/layer2/dangerous-functions/math-random.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/math-random.js +0 -684
- package/dist/layer2/dangerous-functions/math-random.js.map +0 -1
- package/dist/layer2/dangerous-functions/patterns.d.ts +0 -21
- package/dist/layer2/dangerous-functions/patterns.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/patterns.js +0 -163
- package/dist/layer2/dangerous-functions/patterns.js.map +0 -1
- package/dist/layer2/dangerous-functions/request-validation.d.ts +0 -13
- package/dist/layer2/dangerous-functions/request-validation.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/request-validation.js +0 -119
- package/dist/layer2/dangerous-functions/request-validation.js.map +0 -1
- package/dist/layer2/dangerous-functions/utils/control-flow.d.ts +0 -24
- package/dist/layer2/dangerous-functions/utils/control-flow.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/utils/control-flow.js +0 -70
- package/dist/layer2/dangerous-functions/utils/control-flow.js.map +0 -1
- package/dist/layer2/dangerous-functions/utils/helpers.d.ts +0 -31
- package/dist/layer2/dangerous-functions/utils/helpers.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/utils/helpers.js +0 -147
- package/dist/layer2/dangerous-functions/utils/helpers.js.map +0 -1
- package/dist/layer2/dangerous-functions/utils/index.d.ts +0 -9
- package/dist/layer2/dangerous-functions/utils/index.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/utils/index.js +0 -23
- package/dist/layer2/dangerous-functions/utils/index.js.map +0 -1
- package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts +0 -22
- package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts.map +0 -1
- package/dist/layer2/dangerous-functions/utils/schema-validation.js +0 -102
- package/dist/layer2/dangerous-functions/utils/schema-validation.js.map +0 -1
- package/dist/layer2/data-exposure.d.ts +0 -19
- package/dist/layer2/data-exposure.d.ts.map +0 -1
- package/dist/layer2/data-exposure.js +0 -255
- package/dist/layer2/data-exposure.js.map +0 -1
- package/dist/layer2/framework-checks.d.ts +0 -10
- package/dist/layer2/framework-checks.d.ts.map +0 -1
- package/dist/layer2/framework-checks.js +0 -384
- package/dist/layer2/framework-checks.js.map +0 -1
- package/dist/layer2/index.d.ts +0 -74
- package/dist/layer2/index.d.ts.map +0 -1
- package/dist/layer2/index.js +0 -544
- package/dist/layer2/index.js.map +0 -1
- package/dist/layer2/log-injection.d.ts +0 -18
- package/dist/layer2/log-injection.d.ts.map +0 -1
- package/dist/layer2/log-injection.js +0 -214
- package/dist/layer2/log-injection.js.map +0 -1
- package/dist/layer2/logic-gates.d.ts +0 -10
- package/dist/layer2/logic-gates.d.ts.map +0 -1
- package/dist/layer2/logic-gates.js +0 -220
- package/dist/layer2/logic-gates.js.map +0 -1
- package/dist/layer2/model-supply-chain.d.ts +0 -23
- package/dist/layer2/model-supply-chain.d.ts.map +0 -1
- package/dist/layer2/model-supply-chain.js +0 -444
- package/dist/layer2/model-supply-chain.js.map +0 -1
- package/dist/layer2/risky-imports.d.ts +0 -10
- package/dist/layer2/risky-imports.d.ts.map +0 -1
- package/dist/layer2/risky-imports.js +0 -165
- package/dist/layer2/risky-imports.js.map +0 -1
- package/dist/layer2/security-headers.d.ts +0 -18
- package/dist/layer2/security-headers.d.ts.map +0 -1
- package/dist/layer2/security-headers.js +0 -187
- package/dist/layer2/security-headers.js.map +0 -1
- package/dist/layer2/ssrf-detection.d.ts +0 -18
- package/dist/layer2/ssrf-detection.d.ts.map +0 -1
- package/dist/layer2/ssrf-detection.js +0 -252
- package/dist/layer2/ssrf-detection.js.map +0 -1
- package/dist/layer2/variables.d.ts +0 -11
- package/dist/layer2/variables.d.ts.map +0 -1
- package/dist/layer2/variables.js +0 -156
- package/dist/layer2/variables.js.map +0 -1
- package/dist/layer2/xxe-detection.d.ts +0 -18
- package/dist/layer2/xxe-detection.d.ts.map +0 -1
- package/dist/layer2/xxe-detection.js +0 -242
- package/dist/layer2/xxe-detection.js.map +0 -1
- package/dist/layer3/anthropic/auto-dismiss.d.ts +0 -24
- package/dist/layer3/anthropic/auto-dismiss.d.ts.map +0 -1
- package/dist/layer3/anthropic/auto-dismiss.js +0 -199
- package/dist/layer3/anthropic/auto-dismiss.js.map +0 -1
- package/dist/layer3/anthropic/clients.d.ts +0 -44
- package/dist/layer3/anthropic/clients.d.ts.map +0 -1
- package/dist/layer3/anthropic/clients.js +0 -81
- package/dist/layer3/anthropic/clients.js.map +0 -1
- package/dist/layer3/anthropic/index.d.ts +0 -41
- package/dist/layer3/anthropic/index.d.ts.map +0 -1
- package/dist/layer3/anthropic/index.js +0 -141
- package/dist/layer3/anthropic/index.js.map +0 -1
- package/dist/layer3/anthropic/prompts/index.d.ts +0 -8
- package/dist/layer3/anthropic/prompts/index.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/index.js +0 -16
- package/dist/layer3/anthropic/prompts/index.js.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts +0 -19
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.js +0 -156
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.js.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts +0 -9
- package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/auth-access.js +0 -25
- package/dist/layer3/anthropic/prompts/modules/auth-access.js.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/common.d.ts +0 -11
- package/dist/layer3/anthropic/prompts/modules/common.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/common.js +0 -152
- package/dist/layer3/anthropic/prompts/modules/common.js.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/index.d.ts +0 -54
- package/dist/layer3/anthropic/prompts/modules/index.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/index.js +0 -185
- package/dist/layer3/anthropic/prompts/modules/index.js.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts +0 -8
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.js +0 -84
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.js.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts +0 -8
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js +0 -68
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts +0 -8
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.js +0 -22
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.js.map +0 -1
- package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts +0 -15
- package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/semantic-analysis.js +0 -169
- package/dist/layer3/anthropic/prompts/semantic-analysis.js.map +0 -1
- package/dist/layer3/anthropic/prompts/validation.d.ts +0 -18
- package/dist/layer3/anthropic/prompts/validation.d.ts.map +0 -1
- package/dist/layer3/anthropic/prompts/validation.js +0 -25
- package/dist/layer3/anthropic/prompts/validation.js.map +0 -1
- package/dist/layer3/anthropic/providers/anthropic.d.ts +0 -21
- package/dist/layer3/anthropic/providers/anthropic.d.ts.map +0 -1
- package/dist/layer3/anthropic/providers/anthropic.js +0 -269
- package/dist/layer3/anthropic/providers/anthropic.js.map +0 -1
- package/dist/layer3/anthropic/providers/index.d.ts +0 -8
- package/dist/layer3/anthropic/providers/index.d.ts.map +0 -1
- package/dist/layer3/anthropic/providers/index.js +0 -15
- package/dist/layer3/anthropic/providers/index.js.map +0 -1
- package/dist/layer3/anthropic/providers/openai.d.ts +0 -18
- package/dist/layer3/anthropic/providers/openai.d.ts.map +0 -1
- package/dist/layer3/anthropic/providers/openai.js +0 -343
- package/dist/layer3/anthropic/providers/openai.js.map +0 -1
- package/dist/layer3/anthropic/request-builder.d.ts +0 -27
- package/dist/layer3/anthropic/request-builder.d.ts.map +0 -1
- package/dist/layer3/anthropic/request-builder.js +0 -150
- package/dist/layer3/anthropic/request-builder.js.map +0 -1
- package/dist/layer3/anthropic/types.d.ts +0 -88
- package/dist/layer3/anthropic/types.d.ts.map +0 -1
- package/dist/layer3/anthropic/types.js +0 -38
- package/dist/layer3/anthropic/types.js.map +0 -1
- package/dist/layer3/anthropic/utils/context-extractor.d.ts +0 -55
- package/dist/layer3/anthropic/utils/context-extractor.d.ts.map +0 -1
- package/dist/layer3/anthropic/utils/context-extractor.js +0 -161
- package/dist/layer3/anthropic/utils/context-extractor.js.map +0 -1
- package/dist/layer3/anthropic/utils/index.d.ts +0 -11
- package/dist/layer3/anthropic/utils/index.d.ts.map +0 -1
- package/dist/layer3/anthropic/utils/index.js +0 -27
- package/dist/layer3/anthropic/utils/index.js.map +0 -1
- package/dist/layer3/anthropic/utils/path-helpers.d.ts +0 -21
- package/dist/layer3/anthropic/utils/path-helpers.d.ts.map +0 -1
- package/dist/layer3/anthropic/utils/path-helpers.js +0 -69
- package/dist/layer3/anthropic/utils/path-helpers.js.map +0 -1
- package/dist/layer3/anthropic/utils/response-parser.d.ts +0 -40
- package/dist/layer3/anthropic/utils/response-parser.d.ts.map +0 -1
- package/dist/layer3/anthropic/utils/response-parser.js +0 -285
- package/dist/layer3/anthropic/utils/response-parser.js.map +0 -1
- package/dist/layer3/anthropic/utils/retry.d.ts +0 -15
- package/dist/layer3/anthropic/utils/retry.d.ts.map +0 -1
- package/dist/layer3/anthropic/utils/retry.js +0 -62
- package/dist/layer3/anthropic/utils/retry.js.map +0 -1
- package/dist/layer3/index.d.ts +0 -27
- package/dist/layer3/index.d.ts.map +0 -1
- package/dist/layer3/index.js +0 -150
- package/dist/layer3/index.js.map +0 -1
- package/dist/layer3/osv-check.d.ts +0 -75
- package/dist/layer3/osv-check.d.ts.map +0 -1
- package/dist/layer3/osv-check.js +0 -308
- package/dist/layer3/osv-check.js.map +0 -1
- package/dist/layer3/package-check.d.ts +0 -63
- package/dist/layer3/package-check.d.ts.map +0 -1
- package/dist/layer3/package-check.js +0 -508
- package/dist/layer3/package-check.js.map +0 -1
- package/dist/model/cross-file-taint.d.ts +0 -40
- package/dist/model/cross-file-taint.d.ts.map +0 -1
- package/dist/model/cross-file-taint.js +0 -290
- package/dist/model/cross-file-taint.js.map +0 -1
- package/dist/model/function-classifier.d.ts +0 -32
- package/dist/model/function-classifier.d.ts.map +0 -1
- package/dist/model/function-classifier.js +0 -143
- package/dist/model/function-classifier.js.map +0 -1
- package/dist/model/sanitiser-detection.d.ts +0 -27
- package/dist/model/sanitiser-detection.d.ts.map +0 -1
- package/dist/model/sanitiser-detection.js +0 -224
- package/dist/model/sanitiser-detection.js.map +0 -1
- package/dist/model/sink-matcher.d.ts +0 -17
- package/dist/model/sink-matcher.d.ts.map +0 -1
- package/dist/model/sink-matcher.js +0 -141
- package/dist/model/sink-matcher.js.map +0 -1
- package/dist/model/sink-patterns.d.ts +0 -19
- package/dist/model/sink-patterns.d.ts.map +0 -1
- package/dist/model/sink-patterns.js +0 -88
- package/dist/model/sink-patterns.js.map +0 -1
- package/dist/model/source-discovery.d.ts +0 -15
- package/dist/model/source-discovery.d.ts.map +0 -1
- package/dist/model/source-discovery.js +0 -170
- package/dist/model/source-discovery.js.map +0 -1
- package/dist/model/taint-tracker.d.ts +0 -21
- package/dist/model/taint-tracker.d.ts.map +0 -1
- package/dist/model/taint-tracker.js +0 -281
- package/dist/model/taint-tracker.js.map +0 -1
- package/dist/modes/incremental.d.ts +0 -66
- package/dist/modes/incremental.d.ts.map +0 -1
- package/dist/modes/incremental.js +0 -200
- package/dist/modes/incremental.js.map +0 -1
- package/dist/rules/framework-fixes.d.ts +0 -48
- package/dist/rules/framework-fixes.d.ts.map +0 -1
- package/dist/rules/framework-fixes.js +0 -439
- package/dist/rules/framework-fixes.js.map +0 -1
- package/dist/rules/index.d.ts +0 -8
- package/dist/rules/index.d.ts.map +0 -1
- package/dist/rules/index.js +0 -18
- package/dist/rules/index.js.map +0 -1
- package/dist/rules/metadata.d.ts +0 -43
- package/dist/rules/metadata.d.ts.map +0 -1
- package/dist/rules/metadata.js +0 -800
- package/dist/rules/metadata.js.map +0 -1
- package/dist/score/auto-dismiss.d.ts +0 -28
- package/dist/score/auto-dismiss.d.ts.map +0 -1
- package/dist/score/auto-dismiss.js +0 -200
- package/dist/score/auto-dismiss.js.map +0 -1
- package/dist/suppression/config-loader.d.ts +0 -74
- package/dist/suppression/config-loader.d.ts.map +0 -1
- package/dist/suppression/config-loader.js +0 -424
- package/dist/suppression/config-loader.js.map +0 -1
- package/dist/suppression/hash.d.ts +0 -48
- package/dist/suppression/hash.d.ts.map +0 -1
- package/dist/suppression/hash.js +0 -88
- package/dist/suppression/hash.js.map +0 -1
- package/dist/suppression/index.d.ts +0 -11
- package/dist/suppression/index.d.ts.map +0 -1
- package/dist/suppression/index.js +0 -39
- package/dist/suppression/index.js.map +0 -1
- package/dist/suppression/inline-parser.d.ts +0 -39
- package/dist/suppression/inline-parser.d.ts.map +0 -1
- package/dist/suppression/inline-parser.js +0 -218
- package/dist/suppression/inline-parser.js.map +0 -1
- package/dist/suppression/manager.d.ts +0 -94
- package/dist/suppression/manager.d.ts.map +0 -1
- package/dist/suppression/manager.js +0 -292
- package/dist/suppression/manager.js.map +0 -1
- package/dist/suppression/types.d.ts +0 -151
- package/dist/suppression/types.d.ts.map +0 -1
- package/dist/suppression/types.js +0 -28
- package/dist/suppression/types.js.map +0 -1
- package/dist/types.d.ts +0 -331
- package/dist/types.d.ts.map +0 -1
- package/dist/types.js +0 -124
- package/dist/types.js.map +0 -1
- package/dist/utils/auth-helper-detector.d.ts +0 -56
- package/dist/utils/auth-helper-detector.d.ts.map +0 -1
- package/dist/utils/auth-helper-detector.js +0 -360
- package/dist/utils/auth-helper-detector.js.map +0 -1
- package/dist/utils/code-analysis.d.ts +0 -39
- package/dist/utils/code-analysis.d.ts.map +0 -1
- package/dist/utils/code-analysis.js +0 -159
- package/dist/utils/code-analysis.js.map +0 -1
- package/dist/utils/comment-analyzer.d.ts +0 -38
- package/dist/utils/comment-analyzer.d.ts.map +0 -1
- package/dist/utils/comment-analyzer.js +0 -218
- package/dist/utils/comment-analyzer.js.map +0 -1
- package/dist/utils/context-helpers.d.ts +0 -219
- package/dist/utils/context-helpers.d.ts.map +0 -1
- package/dist/utils/context-helpers.js +0 -886
- package/dist/utils/context-helpers.js.map +0 -1
- package/dist/utils/diff-detector.d.ts +0 -53
- package/dist/utils/diff-detector.d.ts.map +0 -1
- package/dist/utils/diff-detector.js +0 -104
- package/dist/utils/diff-detector.js.map +0 -1
- package/dist/utils/diff-parser.d.ts +0 -80
- package/dist/utils/diff-parser.d.ts.map +0 -1
- package/dist/utils/diff-parser.js +0 -202
- package/dist/utils/diff-parser.js.map +0 -1
- package/dist/utils/environment-context.d.ts +0 -76
- package/dist/utils/environment-context.d.ts.map +0 -1
- package/dist/utils/environment-context.js +0 -271
- package/dist/utils/environment-context.js.map +0 -1
- package/dist/utils/imported-auth-detector.d.ts +0 -37
- package/dist/utils/imported-auth-detector.d.ts.map +0 -1
- package/dist/utils/imported-auth-detector.js +0 -251
- package/dist/utils/imported-auth-detector.js.map +0 -1
- package/dist/utils/intent-detector.d.ts +0 -66
- package/dist/utils/intent-detector.d.ts.map +0 -1
- package/dist/utils/intent-detector.js +0 -282
- package/dist/utils/intent-detector.js.map +0 -1
- package/dist/utils/middleware-detector.d.ts +0 -55
- package/dist/utils/middleware-detector.d.ts.map +0 -1
- package/dist/utils/middleware-detector.js +0 -260
- package/dist/utils/middleware-detector.js.map +0 -1
- package/dist/utils/oauth-flow-detector.d.ts +0 -41
- package/dist/utils/oauth-flow-detector.d.ts.map +0 -1
- package/dist/utils/oauth-flow-detector.js +0 -202
- package/dist/utils/oauth-flow-detector.js.map +0 -1
- package/dist/utils/parsed-file.d.ts +0 -51
- package/dist/utils/parsed-file.d.ts.map +0 -1
- package/dist/utils/parsed-file.js +0 -95
- package/dist/utils/parsed-file.js.map +0 -1
- package/dist/utils/path-exclusions.d.ts +0 -55
- package/dist/utils/path-exclusions.d.ts.map +0 -1
- package/dist/utils/path-exclusions.js +0 -224
- package/dist/utils/path-exclusions.js.map +0 -1
- package/dist/utils/project-context-builder.d.ts +0 -119
- package/dist/utils/project-context-builder.d.ts.map +0 -1
- package/dist/utils/project-context-builder.js +0 -534
- package/dist/utils/project-context-builder.js.map +0 -1
- package/dist/utils/registry-clients.d.ts +0 -93
- package/dist/utils/registry-clients.d.ts.map +0 -1
- package/dist/utils/registry-clients.js +0 -273
- package/dist/utils/registry-clients.js.map +0 -1
- package/dist/utils/route-hierarchy.d.ts +0 -50
- package/dist/utils/route-hierarchy.d.ts.map +0 -1
- package/dist/utils/route-hierarchy.js +0 -226
- package/dist/utils/route-hierarchy.js.map +0 -1
- package/dist/utils/schema-semantics.d.ts +0 -45
- package/dist/utils/schema-semantics.d.ts.map +0 -1
- package/dist/utils/schema-semantics.js +0 -193
- package/dist/utils/schema-semantics.js.map +0 -1
- package/dist/utils/trpc-analyzer.d.ts +0 -78
- package/dist/utils/trpc-analyzer.d.ts.map +0 -1
- package/dist/utils/trpc-analyzer.js +0 -297
- package/dist/utils/trpc-analyzer.js.map +0 -1
- package/src/__tests__/context-engine/cross-file-taint.test.ts +0 -284
- package/src/__tests__/context-engine/function-classifier.test.ts +0 -146
- package/src/__tests__/context-engine/integration.test.ts +0 -320
- package/src/__tests__/context-engine/sanitiser-detection.test.ts +0 -187
- package/src/__tests__/context-engine/sink-matcher.test.ts +0 -251
- package/src/__tests__/context-engine/source-discovery.test.ts +0 -186
- package/src/__tests__/context-engine/taint-tracker.test.ts +0 -182
- package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +0 -750
- package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +0 -555
- package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +0 -321
- package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +0 -439
- package/src/detect/ai-code/agent-tools.ts +0 -1662
- package/src/detect/ai-code/byok-patterns.ts +0 -354
- package/src/detect/ai-code/endpoint-protection.ts +0 -406
- package/src/detect/ai-code/execution-sinks.ts +0 -1310
- package/src/detect/ai-code/fingerprinting.ts +0 -774
- package/src/detect/ai-code/mcp-security.ts +0 -937
- package/src/detect/ai-code/model-supply-chain.ts +0 -535
- package/src/detect/ai-code/package-hallucination.ts +0 -955
- package/src/detect/ai-code/prompt-hygiene.ts +0 -1314
- package/src/detect/ai-code/rag-safety.ts +0 -977
- package/src/detect/ai-code/schema-validation.ts +0 -427
- package/src/detect/secrets/patterns.ts +0 -561
- package/src/detect/secrets/weak-crypto.ts +0 -485
- package/src/detect/structural/__tests__/math-random-enhanced.test.ts +0 -405
- package/src/detect/structural/auth-patterns.ts +0 -621
- package/src/detect/structural/dangerous-functions/child-process.ts +0 -98
- package/src/detect/structural/dangerous-functions/dom-xss.ts +0 -292
- package/src/detect/structural/dangerous-functions/index.ts +0 -1556
- package/src/detect/structural/dangerous-functions/json-parse.ts +0 -393
- package/src/detect/structural/dangerous-functions/math-random.ts +0 -789
- package/src/detect/structural/dangerous-functions/patterns.ts +0 -176
- package/src/detect/structural/dangerous-functions/request-validation.ts +0 -153
- package/src/detect/structural/dangerous-functions/utils/control-flow.ts +0 -35
- package/src/detect/structural/dangerous-functions/utils/helpers.ts +0 -170
- package/src/detect/structural/dangerous-functions/utils/index.ts +0 -25
- package/src/detect/structural/dangerous-functions/utils/schema-validation.ts +0 -106
- package/src/detect/structural/data-exposure.ts +0 -302
- package/src/detect/structural/framework-checks.ts +0 -439
- package/src/detect/structural/log-injection.ts +0 -254
- package/src/detect/structural/logic-gates.ts +0 -256
- package/src/detect/structural/risky-imports.ts +0 -197
- package/src/detect/structural/security-headers.ts +0 -231
- package/src/detect/structural/ssrf-detection.ts +0 -300
- package/src/detect/structural/variables.ts +0 -177
- package/src/detect/structural/xxe-detection.ts +0 -295
- package/src/model/cross-file-taint.ts +0 -374
- package/src/model/function-classifier.ts +0 -184
- package/src/model/sanitiser-detection.ts +0 -268
- package/src/model/sink-matcher.ts +0 -178
- package/src/model/sink-patterns.ts +0 -109
- package/src/model/source-discovery.ts +0 -209
- package/src/model/taint-tracker.ts +0 -333
- package/src/score/auto-dismiss.ts +0 -224
|
@@ -1,282 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* Intent Detector Utility
|
|
4
|
-
* Detects the INTENT of code patterns, not just keywords
|
|
5
|
-
*
|
|
6
|
-
* This addresses false positives where:
|
|
7
|
-
* - setState() is flagged as a redirect (it's React state, not navigation)
|
|
8
|
-
* - Error codes like 'SAME_PASSWORD' are flagged as password exposure
|
|
9
|
-
* - Signed URLs are flagged as token exposure
|
|
10
|
-
* - React Hook Form's shouldValidate: false is flagged as bypass
|
|
11
|
-
*/
|
|
12
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
13
|
-
exports.isReactStateSetter = isReactStateSetter;
|
|
14
|
-
exports.isActualRedirect = isActualRedirect;
|
|
15
|
-
exports.classifyNavigationIntent = classifyNavigationIntent;
|
|
16
|
-
exports.isErrorCodeString = isErrorCodeString;
|
|
17
|
-
exports.hasPasswordValueInError = hasPasswordValueInError;
|
|
18
|
-
exports.isPasswordErrorCode = isPasswordErrorCode;
|
|
19
|
-
exports.isSignedUrlPattern = isSignedUrlPattern;
|
|
20
|
-
exports.isReactHookFormContext = isReactHookFormContext;
|
|
21
|
-
exports.isFormLibraryOptimization = isFormLibraryOptimization;
|
|
22
|
-
exports.analyzeSecurityIntent = analyzeSecurityIntent;
|
|
23
|
-
// ============================================================================
|
|
24
|
-
// Redirect vs State Setter Detection
|
|
25
|
-
// ============================================================================
|
|
26
|
-
/**
|
|
27
|
-
* React state setter patterns - these are NOT redirects
|
|
28
|
-
*/
|
|
29
|
-
const REACT_STATE_SETTER_PATTERNS = [
|
|
30
|
-
// useState setters: setFoo(value)
|
|
31
|
-
/\bset[A-Z][a-zA-Z]*\s*\(/,
|
|
32
|
-
// Zustand/state manager: store.setFoo()
|
|
33
|
-
/\.\s*set[A-Z][a-zA-Z]*\s*\(/,
|
|
34
|
-
// Redux dispatch pattern
|
|
35
|
-
/dispatch\s*\(/,
|
|
36
|
-
// Recoil/Jotai
|
|
37
|
-
/\buseSetRecoilState\b/,
|
|
38
|
-
/\bsetAtom\b/,
|
|
39
|
-
];
|
|
40
|
-
/**
|
|
41
|
-
* Actual redirect/navigation patterns
|
|
42
|
-
*/
|
|
43
|
-
const REDIRECT_PATTERNS = [
|
|
44
|
-
// Framework redirect functions
|
|
45
|
-
/\bredirect\s*\(/i,
|
|
46
|
-
/\bnavigate\s*\(/i,
|
|
47
|
-
// Next.js router
|
|
48
|
-
/router\.(push|replace)\s*\(/i,
|
|
49
|
-
/useRouter\(\)\.(push|replace)/i,
|
|
50
|
-
// React Router
|
|
51
|
-
/\buseNavigate\b/i,
|
|
52
|
-
// Window location
|
|
53
|
-
/window\.location\s*(=|\.href|\.assign|\.replace)/i,
|
|
54
|
-
// Response redirect
|
|
55
|
-
/Response\.redirect\s*\(/i,
|
|
56
|
-
/NextResponse\.redirect\s*\(/i,
|
|
57
|
-
// HTTP redirect
|
|
58
|
-
/res\.(redirect|send|status\(\d{3}\))/i,
|
|
59
|
-
];
|
|
60
|
-
/**
|
|
61
|
-
* Check if a line contains a React state setter (NOT a redirect)
|
|
62
|
-
*/
|
|
63
|
-
function isReactStateSetter(line) {
|
|
64
|
-
return REACT_STATE_SETTER_PATTERNS.some(pattern => pattern.test(line));
|
|
65
|
-
}
|
|
66
|
-
/**
|
|
67
|
-
* Check if a line contains an actual redirect/navigation
|
|
68
|
-
*/
|
|
69
|
-
function isActualRedirect(line) {
|
|
70
|
-
return REDIRECT_PATTERNS.some(pattern => pattern.test(line));
|
|
71
|
-
}
|
|
72
|
-
/**
|
|
73
|
-
* Determine if user input to this function is a security concern
|
|
74
|
-
* State setters with user input are NOT redirects
|
|
75
|
-
*
|
|
76
|
-
* @param line - The line content
|
|
77
|
-
* @returns 'state_setter' | 'redirect' | 'unknown'
|
|
78
|
-
*/
|
|
79
|
-
function classifyNavigationIntent(line) {
|
|
80
|
-
if (isReactStateSetter(line)) {
|
|
81
|
-
return 'state_setter';
|
|
82
|
-
}
|
|
83
|
-
if (isActualRedirect(line)) {
|
|
84
|
-
return 'redirect';
|
|
85
|
-
}
|
|
86
|
-
return 'unknown';
|
|
87
|
-
}
|
|
88
|
-
// ============================================================================
|
|
89
|
-
// Error Code vs Error Value Detection
|
|
90
|
-
// ============================================================================
|
|
91
|
-
/**
|
|
92
|
-
* Check if a string in an error is a CODE (like 'SAME_PASSWORD')
|
|
93
|
-
* vs an actual VALUE that might expose data
|
|
94
|
-
*/
|
|
95
|
-
function isErrorCodeString(line) {
|
|
96
|
-
// Error codes are SCREAMING_CASE strings
|
|
97
|
-
const errorCodePatterns = [
|
|
98
|
-
// throw new Error('SAME_PASSWORD')
|
|
99
|
-
/Error\s*\(\s*['"][A-Z][A-Z_0-9]*['"]\s*\)/,
|
|
100
|
-
// throw new Error('USER_NOT_FOUND')
|
|
101
|
-
/throw\s+.*['"][A-Z][A-Z_0-9]*['"]/,
|
|
102
|
-
// ChatSDKError('unauthorized:INVALID_TOKEN')
|
|
103
|
-
/Error\s*\(\s*['"][a-z]+:[A-Z_]+['"]\s*\)/,
|
|
104
|
-
];
|
|
105
|
-
return errorCodePatterns.some(pattern => pattern.test(line));
|
|
106
|
-
}
|
|
107
|
-
/**
|
|
108
|
-
* Check if an error message might contain actual password/secret value
|
|
109
|
-
*/
|
|
110
|
-
function hasPasswordValueInError(line) {
|
|
111
|
-
// Only flag if actual password variable is concatenated into error
|
|
112
|
-
const dangerousPatterns = [
|
|
113
|
-
// Error('Password is: ' + password)
|
|
114
|
-
/Error\s*\([^)]*\+\s*password[^)]*\)/i,
|
|
115
|
-
// Error(`Password is: ${password}`)
|
|
116
|
-
/Error\s*\([^)]*\$\{\s*password\s*\}[^)]*\)/i,
|
|
117
|
-
// Error(JSON.stringify({...password}))
|
|
118
|
-
/Error\s*\(\s*JSON\.stringify\s*\([^)]*password/i,
|
|
119
|
-
// Error(secret)
|
|
120
|
-
/Error\s*\(\s*(password|secret|token|apiKey)\s*\)/i,
|
|
121
|
-
];
|
|
122
|
-
return dangerousPatterns.some(pattern => pattern.test(line));
|
|
123
|
-
}
|
|
124
|
-
/**
|
|
125
|
-
* Check if "password" in error message is actually an error code/type
|
|
126
|
-
*/
|
|
127
|
-
function isPasswordErrorCode(line) {
|
|
128
|
-
// These are error CODES about passwords, not password VALUES
|
|
129
|
-
const passwordCodePatterns = [
|
|
130
|
-
/['"]SAME_PASSWORD['"]/i,
|
|
131
|
-
/['"]INVALID_PASSWORD['"]/i,
|
|
132
|
-
/['"]WEAK_PASSWORD['"]/i,
|
|
133
|
-
/['"]PASSWORD_REQUIRED['"]/i,
|
|
134
|
-
/['"]PASSWORD_MISMATCH['"]/i,
|
|
135
|
-
/['"]PASSWORD_TOO_SHORT['"]/i,
|
|
136
|
-
/['"]PASSWORD_TOO_LONG['"]/i,
|
|
137
|
-
/['"]PASSWORD_EXPIRED['"]/i,
|
|
138
|
-
/['"]password:[\w_]+['"]/i, // password:INVALID, password:MISMATCH
|
|
139
|
-
];
|
|
140
|
-
return passwordCodePatterns.some(pattern => pattern.test(line));
|
|
141
|
-
}
|
|
142
|
-
// ============================================================================
|
|
143
|
-
// Signed URL Detection
|
|
144
|
-
// ============================================================================
|
|
145
|
-
/**
|
|
146
|
-
* Check if a URL pattern is an intentional signed/presigned URL
|
|
147
|
-
* These are FEATURES, not vulnerabilities
|
|
148
|
-
*/
|
|
149
|
-
function isSignedUrlPattern(line) {
|
|
150
|
-
const signedUrlPatterns = [
|
|
151
|
-
// AWS S3 presigned URLs
|
|
152
|
-
/presign/i,
|
|
153
|
-
/getSignedUrl/i,
|
|
154
|
-
/presignedUrl/i,
|
|
155
|
-
/presigned/i,
|
|
156
|
-
// Azure SAS tokens
|
|
157
|
-
/sasToken/i,
|
|
158
|
-
/SharedAccessSignature/i,
|
|
159
|
-
// GCP signed URLs
|
|
160
|
-
/generateSignedUrl/i,
|
|
161
|
-
/signedUrl/i,
|
|
162
|
-
// Generic signed URL patterns
|
|
163
|
-
/signature\s*[=:]/i,
|
|
164
|
-
/signed\s*[=:]/i,
|
|
165
|
-
/token\s*=.*&expires/i,
|
|
166
|
-
/expires\s*=.*&signature/i,
|
|
167
|
-
];
|
|
168
|
-
return signedUrlPatterns.some(pattern => pattern.test(line));
|
|
169
|
-
}
|
|
170
|
-
// ============================================================================
|
|
171
|
-
// Form Library Context Detection
|
|
172
|
-
// ============================================================================
|
|
173
|
-
/**
|
|
174
|
-
* Check if shouldValidate: false is in a React Hook Form context
|
|
175
|
-
* In RHF, this is a PERFORMANCE optimization, not a security bypass
|
|
176
|
-
*/
|
|
177
|
-
function isReactHookFormContext(content, lineNumber) {
|
|
178
|
-
const lines = content.split('\n');
|
|
179
|
-
const contextStart = Math.max(0, lineNumber - 20);
|
|
180
|
-
const contextEnd = Math.min(lines.length, lineNumber + 5);
|
|
181
|
-
const context = lines.slice(contextStart, contextEnd).join('\n');
|
|
182
|
-
const rhfPatterns = [
|
|
183
|
-
// useForm hook
|
|
184
|
-
/useForm\s*[<(]/,
|
|
185
|
-
/useForm\(\)/,
|
|
186
|
-
// react-hook-form import
|
|
187
|
-
/from\s+['"]react-hook-form['"]/,
|
|
188
|
-
// Form methods
|
|
189
|
-
/\bform\.(setValue|watch|reset|getValues|trigger|clearErrors)\b/,
|
|
190
|
-
/\.(setValue|watch|reset|getValues|trigger|clearErrors)\s*\(/,
|
|
191
|
-
// Register pattern
|
|
192
|
-
/register\s*\(/,
|
|
193
|
-
// FormProvider
|
|
194
|
-
/FormProvider/,
|
|
195
|
-
// Control pattern
|
|
196
|
-
/control\s*=/,
|
|
197
|
-
];
|
|
198
|
-
return rhfPatterns.some(pattern => pattern.test(context));
|
|
199
|
-
}
|
|
200
|
-
/**
|
|
201
|
-
* Check if validation: false / validate: false is form library optimization
|
|
202
|
-
*/
|
|
203
|
-
function isFormLibraryOptimization(line, content, lineNumber) {
|
|
204
|
-
// If in React Hook Form context, it's optimization
|
|
205
|
-
if (isReactHookFormContext(content, lineNumber)) {
|
|
206
|
-
return true;
|
|
207
|
-
}
|
|
208
|
-
// Check for other form library contexts
|
|
209
|
-
const formLibraryPatterns = [
|
|
210
|
-
/formik/i,
|
|
211
|
-
/react-final-form/i,
|
|
212
|
-
/vee-validate/i,
|
|
213
|
-
/vuelidate/i,
|
|
214
|
-
];
|
|
215
|
-
const lines = content.split('\n');
|
|
216
|
-
const contextStart = Math.max(0, lineNumber - 20);
|
|
217
|
-
const context = lines.slice(contextStart, lineNumber + 5).join('\n');
|
|
218
|
-
return formLibraryPatterns.some(pattern => pattern.test(context));
|
|
219
|
-
}
|
|
220
|
-
/**
|
|
221
|
-
* Analyze a line for security intent based on multiple heuristics
|
|
222
|
-
*/
|
|
223
|
-
function analyzeSecurityIntent(line, content, lineNumber, patternType) {
|
|
224
|
-
switch (patternType) {
|
|
225
|
-
case 'redirect':
|
|
226
|
-
if (isReactStateSetter(line)) {
|
|
227
|
-
return {
|
|
228
|
-
intent: 'safe_pattern',
|
|
229
|
-
reason: 'React state setter, not a redirect',
|
|
230
|
-
action: 'skip',
|
|
231
|
-
};
|
|
232
|
-
}
|
|
233
|
-
if (isActualRedirect(line)) {
|
|
234
|
-
return {
|
|
235
|
-
intent: 'security_concern',
|
|
236
|
-
reason: 'Actual redirect/navigation function',
|
|
237
|
-
action: 'flag',
|
|
238
|
-
};
|
|
239
|
-
}
|
|
240
|
-
break;
|
|
241
|
-
case 'password_error':
|
|
242
|
-
if (isErrorCodeString(line) || isPasswordErrorCode(line)) {
|
|
243
|
-
return {
|
|
244
|
-
intent: 'safe_pattern',
|
|
245
|
-
reason: 'Error code string, not actual password value',
|
|
246
|
-
action: 'skip',
|
|
247
|
-
};
|
|
248
|
-
}
|
|
249
|
-
if (hasPasswordValueInError(line)) {
|
|
250
|
-
return {
|
|
251
|
-
intent: 'security_concern',
|
|
252
|
-
reason: 'Actual password value in error message',
|
|
253
|
-
action: 'flag',
|
|
254
|
-
};
|
|
255
|
-
}
|
|
256
|
-
break;
|
|
257
|
-
case 'token_url':
|
|
258
|
-
if (isSignedUrlPattern(line)) {
|
|
259
|
-
return {
|
|
260
|
-
intent: 'safe_pattern',
|
|
261
|
-
reason: 'Intentional signed/presigned URL pattern',
|
|
262
|
-
action: 'skip',
|
|
263
|
-
};
|
|
264
|
-
}
|
|
265
|
-
break;
|
|
266
|
-
case 'validation_bypass':
|
|
267
|
-
if (isFormLibraryOptimization(line, content, lineNumber)) {
|
|
268
|
-
return {
|
|
269
|
-
intent: 'safe_pattern',
|
|
270
|
-
reason: 'Form library performance optimization',
|
|
271
|
-
action: 'skip',
|
|
272
|
-
};
|
|
273
|
-
}
|
|
274
|
-
break;
|
|
275
|
-
}
|
|
276
|
-
return {
|
|
277
|
-
intent: 'unknown',
|
|
278
|
-
reason: 'Could not determine intent',
|
|
279
|
-
action: 'flag', // Conservative: flag if unknown
|
|
280
|
-
};
|
|
281
|
-
}
|
|
282
|
-
//# sourceMappingURL=intent-detector.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"intent-detector.js","sourceRoot":"","sources":["../../src/utils/intent-detector.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;AA6CH,gDAEC;AAKD,4CAEC;AASD,4DAUC;AAUD,8CAYC;AAKD,0DAcC;AAKD,kDAeC;AAUD,gDAqBC;AAUD,wDAwBC;AAKD,8DAmBC;AAkBD,sDAmEC;AAlTD,+EAA+E;AAC/E,qCAAqC;AACrC,+EAA+E;AAE/E;;GAEG;AACH,MAAM,2BAA2B,GAAG;IAClC,kCAAkC;IAClC,0BAA0B;IAC1B,wCAAwC;IACxC,6BAA6B;IAC7B,yBAAyB;IACzB,eAAe;IACf,eAAe;IACf,uBAAuB;IACvB,aAAa;CACd,CAAA;AAED;;GAEG;AACH,MAAM,iBAAiB,GAAG;IACxB,+BAA+B;IAC/B,kBAAkB;IAClB,kBAAkB;IAClB,iBAAiB;IACjB,8BAA8B;IAC9B,gCAAgC;IAChC,eAAe;IACf,kBAAkB;IAClB,kBAAkB;IAClB,mDAAmD;IACnD,oBAAoB;IACpB,0BAA0B;IAC1B,8BAA8B;IAC9B,gBAAgB;IAChB,uCAAuC;CACxC,CAAA;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAAC,IAAY;IAC7C,OAAO,2BAA2B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAA;AACxE,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,IAAY;IAC3C,OAAO,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAA;AAC9D,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,wBAAwB,CACtC,IAAY;IAEZ,IAAI,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7B,OAAO,cAAc,CAAA;IACvB,CAAC;IACD,IAAI,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,OAAO,UAAU,CAAA;IACnB,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,+EAA+E;AAC/E,sCAAsC;AACtC,+EAA+E;AAE/E;;;GAGG;AACH,SAAgB,iBAAiB,CAAC,IAAY;IAC5C,yCAAyC;IACzC,MAAM,iBAAiB,GAAG;QACxB,mCAAmC;QACnC,2CAA2C;QAC3C,oCAAoC;QACpC,mCAAmC;QACnC,6CAA6C;QAC7C,0CAA0C;KAC3C,CAAA;IAED,OAAO,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAA;AAC9D,CAAC;AAED;;GAEG;AACH,SAAgB,uBAAuB,CAAC,IAAY;IAClD,mEAAmE;IACnE,MAAM,iBAAiB,GAAG;QACxB,oCAAoC;QACpC,sCAAsC;QACtC,oCAAoC;QACpC,6CAA6C;QAC7C,uCAAuC;QACvC,iDAAiD;QACjD,gBAAgB;QAChB,mDAAmD;KACpD,CAAA;IAED,OAAO,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAA;AAC9D,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,IAAY;IAC9C,6DAA6D;IAC7D,MAAM,oBAAoB,GAAG;QAC3B,wBAAwB;QACxB,2BAA2B;QAC3B,wBAAwB;QACxB,4BAA4B;QAC5B,4BAA4B;QAC5B,6BAA6B;QAC7B,4BAA4B;QAC5B,2BAA2B;QAC3B,0BAA0B,EAAG,sCAAsC;KACpE,CAAA;IAED,OAAO,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAA;AACjE,CAAC;AAED,+EAA+E;AAC/E,uBAAuB;AACvB,+EAA+E;AAE/E;;;GAGG;AACH,SAAgB,kBAAkB,CAAC,IAAY;IAC7C,MAAM,iBAAiB,GAAG;QACxB,wBAAwB;QACxB,UAAU;QACV,eAAe;QACf,eAAe;QACf,YAAY;QACZ,mBAAmB;QACnB,WAAW;QACX,wBAAwB;QACxB,kBAAkB;QAClB,oBAAoB;QACpB,YAAY;QACZ,8BAA8B;QAC9B,mBAAmB;QACnB,gBAAgB;QAChB,sBAAsB;QACtB,0BAA0B;KAC3B,CAAA;IAED,OAAO,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAA;AAC9D,CAAC;AAED,+EAA+E;AAC/E,iCAAiC;AACjC,+EAA+E;AAE/E;;;GAGG;AACH,SAAgB,sBAAsB,CAAC,OAAe,EAAE,UAAkB;IACxE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,CAAC,CAAC,CAAA;IACzD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEhE,MAAM,WAAW,GAAG;QAClB,eAAe;QACf,gBAAgB;QAChB,aAAa;QACb,yBAAyB;QACzB,gCAAgC;QAChC,eAAe;QACf,gEAAgE;QAChE,6DAA6D;QAC7D,mBAAmB;QACnB,eAAe;QACf,eAAe;QACf,cAAc;QACd,kBAAkB;QAClB,aAAa;KACd,CAAA;IAED,OAAO,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AAC3D,CAAC;AAED;;GAEG;AACH,SAAgB,yBAAyB,CAAC,IAAY,EAAE,OAAe,EAAE,UAAkB;IACzF,mDAAmD;IACnD,IAAI,sBAAsB,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE,CAAC;QAChD,OAAO,IAAI,CAAA;IACb,CAAC;IAED,wCAAwC;IACxC,MAAM,mBAAmB,GAAG;QAC1B,SAAS;QACT,mBAAmB;QACnB,eAAe;QACf,YAAY;KACb,CAAA;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAA;IACjD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEpE,OAAO,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AACnE,CAAC;AAeD;;GAEG;AACH,SAAgB,qBAAqB,CACnC,IAAY,EACZ,OAAe,EACf,UAAkB,EAClB,WAA8E;IAE9E,QAAQ,WAAW,EAAE,CAAC;QACpB,KAAK,UAAU;YACb,IAAI,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,OAAO;oBACL,MAAM,EAAE,cAAc;oBACtB,MAAM,EAAE,oCAAoC;oBAC5C,MAAM,EAAE,MAAM;iBACf,CAAA;YACH,CAAC;YACD,IAAI,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3B,OAAO;oBACL,MAAM,EAAE,kBAAkB;oBAC1B,MAAM,EAAE,qCAAqC;oBAC7C,MAAM,EAAE,MAAM;iBACf,CAAA;YACH,CAAC;YACD,MAAK;QAEP,KAAK,gBAAgB;YACnB,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzD,OAAO;oBACL,MAAM,EAAE,cAAc;oBACtB,MAAM,EAAE,8CAA8C;oBACtD,MAAM,EAAE,MAAM;iBACf,CAAA;YACH,CAAC;YACD,IAAI,uBAAuB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClC,OAAO;oBACL,MAAM,EAAE,kBAAkB;oBAC1B,MAAM,EAAE,wCAAwC;oBAChD,MAAM,EAAE,MAAM;iBACf,CAAA;YACH,CAAC;YACD,MAAK;QAEP,KAAK,WAAW;YACd,IAAI,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,OAAO;oBACL,MAAM,EAAE,cAAc;oBACtB,MAAM,EAAE,0CAA0C;oBAClD,MAAM,EAAE,MAAM;iBACf,CAAA;YACH,CAAC;YACD,MAAK;QAEP,KAAK,mBAAmB;YACtB,IAAI,yBAAyB,CAAC,IAAI,EAAE,OAAO,EAAE,UAAU,CAAC,EAAE,CAAC;gBACzD,OAAO;oBACL,MAAM,EAAE,cAAc;oBACtB,MAAM,EAAE,uCAAuC;oBAC/C,MAAM,EAAE,MAAM;iBACf,CAAA;YACH,CAAC;YACD,MAAK;IACT,CAAC;IAED,OAAO;QACL,MAAM,EAAE,SAAS;QACjB,MAAM,EAAE,4BAA4B;QACpC,MAAM,EAAE,MAAM,EAAE,gCAAgC;KACjD,CAAA;AACH,CAAC"}
|
|
@@ -1,55 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Middleware Auth Detection
|
|
3
|
-
* Detects global authentication middleware (Next.js, Express, etc.)
|
|
4
|
-
* and determines which routes are protected
|
|
5
|
-
*/
|
|
6
|
-
import type { ScanFile } from '../types';
|
|
7
|
-
/**
|
|
8
|
-
* Configuration describing detected auth middleware
|
|
9
|
-
*/
|
|
10
|
-
export interface MiddlewareAuthConfig {
|
|
11
|
-
/** Whether auth middleware was detected */
|
|
12
|
-
hasAuthMiddleware: boolean;
|
|
13
|
-
/** The type of auth detected */
|
|
14
|
-
authType?: 'clerk' | 'nextauth' | 'auth0' | 'custom' | 'unknown';
|
|
15
|
-
/** File path where middleware was found */
|
|
16
|
-
middlewareFile?: string;
|
|
17
|
-
/** Protected path patterns (glob-like) */
|
|
18
|
-
protectedPaths: string[];
|
|
19
|
-
/** Public/excluded path patterns */
|
|
20
|
-
publicPaths: string[];
|
|
21
|
-
/** Raw matcher patterns found */
|
|
22
|
-
matchers: string[];
|
|
23
|
-
/** Additional context about the auth setup */
|
|
24
|
-
context: {
|
|
25
|
-
usesAuthProtect: boolean;
|
|
26
|
-
usesGetToken: boolean;
|
|
27
|
-
usesSession: boolean;
|
|
28
|
-
hasPublicRoutes: boolean;
|
|
29
|
-
};
|
|
30
|
-
}
|
|
31
|
-
/**
|
|
32
|
-
* Detect global auth middleware from scanned files
|
|
33
|
-
* Looks for Next.js middleware.ts, Express auth patterns, etc.
|
|
34
|
-
*/
|
|
35
|
-
export declare function detectGlobalAuthMiddleware(files: ScanFile[]): MiddlewareAuthConfig;
|
|
36
|
-
/**
|
|
37
|
-
* Check if a given route path is protected by the middleware
|
|
38
|
-
*/
|
|
39
|
-
export declare function isRouteProtectedByMiddleware(routePath: string, config: MiddlewareAuthConfig): {
|
|
40
|
-
isProtected: boolean;
|
|
41
|
-
reason: string;
|
|
42
|
-
};
|
|
43
|
-
/**
|
|
44
|
-
* Extract route path from a file path (e.g., app/api/users/route.ts -> /api/users)
|
|
45
|
-
*/
|
|
46
|
-
export declare function getRoutePathFromFile(filePath: string): string | null;
|
|
47
|
-
/**
|
|
48
|
-
* Get user-scoping patterns from file content
|
|
49
|
-
* Detects patterns like: user_id, userId, session.user.id
|
|
50
|
-
*/
|
|
51
|
-
export declare function detectUserScopingPatterns(content: string): {
|
|
52
|
-
hasUserScoping: boolean;
|
|
53
|
-
patterns: string[];
|
|
54
|
-
};
|
|
55
|
-
//# sourceMappingURL=middleware-detector.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"middleware-detector.d.ts","sourceRoot":"","sources":["../../src/utils/middleware-detector.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAA;AAExC;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,2CAA2C;IAC3C,iBAAiB,EAAE,OAAO,CAAA;IAC1B,gCAAgC;IAChC,QAAQ,CAAC,EAAE,OAAO,GAAG,UAAU,GAAG,OAAO,GAAG,QAAQ,GAAG,SAAS,CAAA;IAChE,2CAA2C;IAC3C,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,0CAA0C;IAC1C,cAAc,EAAE,MAAM,EAAE,CAAA;IACxB,oCAAoC;IACpC,WAAW,EAAE,MAAM,EAAE,CAAA;IACrB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,8CAA8C;IAC9C,OAAO,EAAE;QACP,eAAe,EAAE,OAAO,CAAA;QACxB,YAAY,EAAE,OAAO,CAAA;QACrB,WAAW,EAAE,OAAO,CAAA;QACpB,eAAe,EAAE,OAAO,CAAA;KACzB,CAAA;CACF;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,oBAAoB,CAwDlF;AA0GD;;GAEG;AACH,wBAAgB,4BAA4B,CAC1C,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,oBAAoB,GAC3B;IAAE,WAAW,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CA6C1C;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAgBpE;AA2BD;;;GAGG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG;IAC1D,cAAc,EAAE,OAAO,CAAA;IACvB,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB,CA2BA"}
|
|
@@ -1,260 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* Middleware Auth Detection
|
|
4
|
-
* Detects global authentication middleware (Next.js, Express, etc.)
|
|
5
|
-
* and determines which routes are protected
|
|
6
|
-
*/
|
|
7
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
8
|
-
exports.detectGlobalAuthMiddleware = detectGlobalAuthMiddleware;
|
|
9
|
-
exports.isRouteProtectedByMiddleware = isRouteProtectedByMiddleware;
|
|
10
|
-
exports.getRoutePathFromFile = getRoutePathFromFile;
|
|
11
|
-
exports.detectUserScopingPatterns = detectUserScopingPatterns;
|
|
12
|
-
/**
|
|
13
|
-
* Detect global auth middleware from scanned files
|
|
14
|
-
* Looks for Next.js middleware.ts, Express auth patterns, etc.
|
|
15
|
-
*/
|
|
16
|
-
function detectGlobalAuthMiddleware(files) {
|
|
17
|
-
const result = {
|
|
18
|
-
hasAuthMiddleware: false,
|
|
19
|
-
protectedPaths: [],
|
|
20
|
-
publicPaths: [],
|
|
21
|
-
matchers: [],
|
|
22
|
-
context: {
|
|
23
|
-
usesAuthProtect: false,
|
|
24
|
-
usesGetToken: false,
|
|
25
|
-
usesSession: false,
|
|
26
|
-
hasPublicRoutes: false,
|
|
27
|
-
},
|
|
28
|
-
};
|
|
29
|
-
// Find middleware files
|
|
30
|
-
const middlewareFile = files.find(f => /^(src\/)?middleware\.(ts|js)$/.test(f.path) ||
|
|
31
|
-
f.path.endsWith('/middleware.ts') ||
|
|
32
|
-
f.path.endsWith('/middleware.js'));
|
|
33
|
-
if (!middlewareFile) {
|
|
34
|
-
return result;
|
|
35
|
-
}
|
|
36
|
-
result.middlewareFile = middlewareFile.path;
|
|
37
|
-
const content = middlewareFile.content;
|
|
38
|
-
// Detect auth provider type
|
|
39
|
-
result.authType = detectAuthType(content);
|
|
40
|
-
if (result.authType) {
|
|
41
|
-
result.hasAuthMiddleware = true;
|
|
42
|
-
}
|
|
43
|
-
// Extract protected path matchers
|
|
44
|
-
const { protectedPaths, publicPaths, matchers } = extractPathMatchers(content);
|
|
45
|
-
result.protectedPaths = protectedPaths;
|
|
46
|
-
result.publicPaths = publicPaths;
|
|
47
|
-
result.matchers = matchers;
|
|
48
|
-
// Detect specific auth patterns
|
|
49
|
-
result.context.usesAuthProtect = /auth\.protect\(\)|auth\(\)\.protect\(\)|requireAuth\(\)/i.test(content);
|
|
50
|
-
result.context.usesGetToken = /getToken\(|getAuth\(/i.test(content);
|
|
51
|
-
result.context.usesSession = /getSession\(|getServerSession\(/i.test(content);
|
|
52
|
-
result.context.hasPublicRoutes = /isPublicRoute|publicRoutes|ignoredRoutes|excludedPaths/i.test(content);
|
|
53
|
-
// If we found auth imports but no explicit matchers, assume /api/** is protected
|
|
54
|
-
if (result.hasAuthMiddleware && result.protectedPaths.length === 0) {
|
|
55
|
-
// Check if middleware runs on all routes or has default API protection
|
|
56
|
-
if (!result.context.hasPublicRoutes || /\/api/i.test(content)) {
|
|
57
|
-
result.protectedPaths.push('/api/**');
|
|
58
|
-
}
|
|
59
|
-
}
|
|
60
|
-
return result;
|
|
61
|
-
}
|
|
62
|
-
/**
|
|
63
|
-
* Detect which auth provider/library is being used
|
|
64
|
-
*/
|
|
65
|
-
function detectAuthType(content) {
|
|
66
|
-
// Clerk patterns
|
|
67
|
-
if (/clerkMiddleware|@clerk\/nextjs|clerkClient|auth\(\)\.protect/i.test(content)) {
|
|
68
|
-
return 'clerk';
|
|
69
|
-
}
|
|
70
|
-
// NextAuth patterns
|
|
71
|
-
if (/next-auth|NextAuth|getServerSession|withAuth\(/i.test(content)) {
|
|
72
|
-
return 'nextauth';
|
|
73
|
-
}
|
|
74
|
-
// Auth0 patterns
|
|
75
|
-
if (/@auth0\/nextjs|withPageAuthRequired|withApiAuthRequired/i.test(content)) {
|
|
76
|
-
return 'auth0';
|
|
77
|
-
}
|
|
78
|
-
// Generic auth middleware patterns
|
|
79
|
-
if (/authMiddleware|requireAuth|verifyToken|checkAuth|isAuthenticated/i.test(content)) {
|
|
80
|
-
return 'custom';
|
|
81
|
-
}
|
|
82
|
-
// Check for common auth imports/usage that suggest middleware is doing auth
|
|
83
|
-
if (/authorization|bearer|jwt|session\.user|getToken/i.test(content)) {
|
|
84
|
-
return 'unknown';
|
|
85
|
-
}
|
|
86
|
-
return undefined;
|
|
87
|
-
}
|
|
88
|
-
/**
|
|
89
|
-
* Extract path matchers from middleware config
|
|
90
|
-
*/
|
|
91
|
-
function extractPathMatchers(content) {
|
|
92
|
-
const protectedPaths = [];
|
|
93
|
-
const publicPaths = [];
|
|
94
|
-
const matchers = [];
|
|
95
|
-
// Next.js config.matcher pattern
|
|
96
|
-
// export const config = { matcher: [...] }
|
|
97
|
-
const matcherArrayMatch = content.match(/config\s*=\s*\{[^}]*matcher\s*:\s*\[([\s\S]*?)\]/m);
|
|
98
|
-
if (matcherArrayMatch) {
|
|
99
|
-
const matcherContent = matcherArrayMatch[1];
|
|
100
|
-
// Extract string patterns from the array
|
|
101
|
-
const patterns = matcherContent.match(/['"`]([^'"`]+)['"`]/g) || [];
|
|
102
|
-
for (const p of patterns) {
|
|
103
|
-
const path = p.replace(/['"`]/g, '');
|
|
104
|
-
matchers.push(path);
|
|
105
|
-
// Classify as protected or public based on common patterns
|
|
106
|
-
if (path.includes('/api') || path.includes('/(protected)') || path.includes('/dashboard')) {
|
|
107
|
-
protectedPaths.push(path);
|
|
108
|
-
}
|
|
109
|
-
}
|
|
110
|
-
}
|
|
111
|
-
// Single matcher pattern
|
|
112
|
-
// export const config = { matcher: '/api/:path*' }
|
|
113
|
-
const singleMatcherMatch = content.match(/config\s*=\s*\{[^}]*matcher\s*:\s*['"`]([^'"`]+)['"`]/m);
|
|
114
|
-
if (singleMatcherMatch) {
|
|
115
|
-
const path = singleMatcherMatch[1];
|
|
116
|
-
matchers.push(path);
|
|
117
|
-
if (path.includes('/api')) {
|
|
118
|
-
protectedPaths.push(path);
|
|
119
|
-
}
|
|
120
|
-
}
|
|
121
|
-
// Clerk-specific: createRouteMatcher for public routes
|
|
122
|
-
// const isPublicRoute = createRouteMatcher(['/sign-in', '/sign-up', ...])
|
|
123
|
-
const publicRouteMatch = content.match(/createRouteMatcher\s*\(\s*\[([\s\S]*?)\]/m);
|
|
124
|
-
if (publicRouteMatch) {
|
|
125
|
-
const routeContent = publicRouteMatch[1];
|
|
126
|
-
const patterns = routeContent.match(/['"`]([^'"`]+)['"`]/g) || [];
|
|
127
|
-
for (const p of patterns) {
|
|
128
|
-
const path = p.replace(/['"`]/g, '');
|
|
129
|
-
publicPaths.push(path);
|
|
130
|
-
}
|
|
131
|
-
}
|
|
132
|
-
// Look for publicRoutes/ignoredRoutes arrays
|
|
133
|
-
const publicRoutesMatch = content.match(/(publicRoutes|ignoredRoutes|excludedPaths)\s*[=:]\s*\[([\s\S]*?)\]/m);
|
|
134
|
-
if (publicRoutesMatch) {
|
|
135
|
-
const routeContent = publicRoutesMatch[2];
|
|
136
|
-
const patterns = routeContent.match(/['"`]([^'"`]+)['"`]/g) || [];
|
|
137
|
-
for (const p of patterns) {
|
|
138
|
-
const path = p.replace(/['"`]/g, '');
|
|
139
|
-
publicPaths.push(path);
|
|
140
|
-
}
|
|
141
|
-
}
|
|
142
|
-
// If we found public paths but no explicit protected paths,
|
|
143
|
-
// assume everything else under /api is protected
|
|
144
|
-
if (publicPaths.length > 0 && protectedPaths.length === 0) {
|
|
145
|
-
protectedPaths.push('/api/**');
|
|
146
|
-
}
|
|
147
|
-
return { protectedPaths, publicPaths, matchers };
|
|
148
|
-
}
|
|
149
|
-
/**
|
|
150
|
-
* Check if a given route path is protected by the middleware
|
|
151
|
-
*/
|
|
152
|
-
function isRouteProtectedByMiddleware(routePath, config) {
|
|
153
|
-
if (!config.hasAuthMiddleware) {
|
|
154
|
-
return { isProtected: false, reason: 'No auth middleware detected' };
|
|
155
|
-
}
|
|
156
|
-
// Normalize path
|
|
157
|
-
const normalizedPath = routePath.startsWith('/') ? routePath : `/${routePath}`;
|
|
158
|
-
// Check if explicitly public
|
|
159
|
-
for (const publicPath of config.publicPaths) {
|
|
160
|
-
if (matchPath(normalizedPath, publicPath)) {
|
|
161
|
-
return { isProtected: false, reason: `Matches public route pattern: ${publicPath}` };
|
|
162
|
-
}
|
|
163
|
-
}
|
|
164
|
-
// Check if explicitly protected
|
|
165
|
-
for (const protectedPath of config.protectedPaths) {
|
|
166
|
-
if (matchPath(normalizedPath, protectedPath)) {
|
|
167
|
-
return {
|
|
168
|
-
isProtected: true,
|
|
169
|
-
reason: `Protected by ${config.authType || 'auth'} middleware (matches: ${protectedPath})`,
|
|
170
|
-
};
|
|
171
|
-
}
|
|
172
|
-
}
|
|
173
|
-
// Check matchers
|
|
174
|
-
for (const matcher of config.matchers) {
|
|
175
|
-
if (matchPath(normalizedPath, matcher)) {
|
|
176
|
-
return {
|
|
177
|
-
isProtected: true,
|
|
178
|
-
reason: `Protected by middleware matcher: ${matcher}`,
|
|
179
|
-
};
|
|
180
|
-
}
|
|
181
|
-
}
|
|
182
|
-
// Default: if we have auth middleware and no explicit public match,
|
|
183
|
-
// consider API routes as protected
|
|
184
|
-
if (normalizedPath.startsWith('/api/')) {
|
|
185
|
-
return {
|
|
186
|
-
isProtected: true,
|
|
187
|
-
reason: `API route likely protected by ${config.authType || 'auth'} middleware`,
|
|
188
|
-
};
|
|
189
|
-
}
|
|
190
|
-
return { isProtected: false, reason: 'Route not covered by middleware matchers' };
|
|
191
|
-
}
|
|
192
|
-
/**
|
|
193
|
-
* Extract route path from a file path (e.g., app/api/users/route.ts -> /api/users)
|
|
194
|
-
*/
|
|
195
|
-
function getRoutePathFromFile(filePath) {
|
|
196
|
-
// Next.js App Router: app/api/users/route.ts -> /api/users
|
|
197
|
-
const appRouterMatch = filePath.match(/app(\/.*?)\/route\.(ts|js)$/i);
|
|
198
|
-
if (appRouterMatch) {
|
|
199
|
-
return appRouterMatch[1];
|
|
200
|
-
}
|
|
201
|
-
// Next.js Pages Router: pages/api/users.ts -> /api/users
|
|
202
|
-
const pagesRouterMatch = filePath.match(/pages(\/api\/.*?)\.(ts|js)$/i);
|
|
203
|
-
if (pagesRouterMatch) {
|
|
204
|
-
return pagesRouterMatch[1];
|
|
205
|
-
}
|
|
206
|
-
// Express-style routes: routes/users.ts (harder to determine path)
|
|
207
|
-
// Return null for now - would need more context
|
|
208
|
-
return null;
|
|
209
|
-
}
|
|
210
|
-
/**
|
|
211
|
-
* Simple glob-like path matching
|
|
212
|
-
* Supports: ** (any path), * (single segment), :param (path params)
|
|
213
|
-
*/
|
|
214
|
-
function matchPath(actualPath, pattern) {
|
|
215
|
-
// Normalize
|
|
216
|
-
const normActual = actualPath.replace(/\/+/g, '/');
|
|
217
|
-
let normPattern = pattern.replace(/\/+/g, '/');
|
|
218
|
-
// Handle Next.js :path* patterns
|
|
219
|
-
normPattern = normPattern
|
|
220
|
-
.replace(/:path\*/g, '**')
|
|
221
|
-
.replace(/:\w+/g, '[^/]+');
|
|
222
|
-
// Convert glob to regex
|
|
223
|
-
const regexPattern = normPattern
|
|
224
|
-
.replace(/\*\*/g, '<<<DOUBLESTAR>>>')
|
|
225
|
-
.replace(/\*/g, '[^/]*')
|
|
226
|
-
.replace(/<<<DOUBLESTAR>>>/g, '.*')
|
|
227
|
-
.replace(/\//g, '\\/');
|
|
228
|
-
const regex = new RegExp(`^${regexPattern}$`);
|
|
229
|
-
return regex.test(normActual);
|
|
230
|
-
}
|
|
231
|
-
/**
|
|
232
|
-
* Get user-scoping patterns from file content
|
|
233
|
-
* Detects patterns like: user_id, userId, session.user.id
|
|
234
|
-
*/
|
|
235
|
-
function detectUserScopingPatterns(content) {
|
|
236
|
-
const patterns = [];
|
|
237
|
-
// Common user ID patterns in queries/operations
|
|
238
|
-
const userIdPatterns = [
|
|
239
|
-
/\.eq\s*\(\s*['"`]user_id['"`]/i, // Supabase .eq('user_id', ...)
|
|
240
|
-
/\.filter\s*\(\s*user_id\s*=/i, // Django-style
|
|
241
|
-
/where\s*\(\s*['"`]?user_id['"`]?\s*=/i, // SQL-like
|
|
242
|
-
/userId\s*[=:]/i, // Generic userId
|
|
243
|
-
/user\.id\s*[=:]/i, // user.id
|
|
244
|
-
/session\.user\.id/i, // Next.js session
|
|
245
|
-
/req\.user\.id/i, // Express req.user
|
|
246
|
-
/getCurrentUserId\s*\(/i, // Custom helper
|
|
247
|
-
/getAuthUser\s*\(/i, // Auth helper
|
|
248
|
-
/auth\(\).*\.userId/i, // Clerk auth().userId
|
|
249
|
-
];
|
|
250
|
-
for (const pattern of userIdPatterns) {
|
|
251
|
-
if (pattern.test(content)) {
|
|
252
|
-
patterns.push(pattern.source);
|
|
253
|
-
}
|
|
254
|
-
}
|
|
255
|
-
return {
|
|
256
|
-
hasUserScoping: patterns.length > 0,
|
|
257
|
-
patterns,
|
|
258
|
-
};
|
|
259
|
-
}
|
|
260
|
-
//# sourceMappingURL=middleware-detector.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"middleware-detector.js","sourceRoot":"","sources":["../../src/utils/middleware-detector.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAiCH,gEAwDC;AA6GD,oEAgDC;AAKD,oDAgBC;AA+BD,8DA8BC;AA3SD;;;GAGG;AACH,SAAgB,0BAA0B,CAAC,KAAiB;IAC1D,MAAM,MAAM,GAAyB;QACnC,iBAAiB,EAAE,KAAK;QACxB,cAAc,EAAE,EAAE;QAClB,WAAW,EAAE,EAAE;QACf,QAAQ,EAAE,EAAE;QACZ,OAAO,EAAE;YACP,eAAe,EAAE,KAAK;YACtB,YAAY,EAAE,KAAK;YACnB,WAAW,EAAE,KAAK;YAClB,eAAe,EAAE,KAAK;SACvB;KACF,CAAA;IAED,wBAAwB;IACxB,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACpC,+BAA+B,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;QAC5C,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QACjC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAClC,CAAA;IAED,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,MAAM,CAAA;IACf,CAAC;IAED,MAAM,CAAC,cAAc,GAAG,cAAc,CAAC,IAAI,CAAA;IAC3C,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAA;IAEtC,4BAA4B;IAC5B,MAAM,CAAC,QAAQ,GAAG,cAAc,CAAC,OAAO,CAAC,CAAA;IAEzC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAA;IACjC,CAAC;IAED,kCAAkC;IAClC,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAA;IAC9E,MAAM,CAAC,cAAc,GAAG,cAAc,CAAA;IACtC,MAAM,CAAC,WAAW,GAAG,WAAW,CAAA;IAChC,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAA;IAE1B,gCAAgC;IAChC,MAAM,CAAC,OAAO,CAAC,eAAe,GAAG,0DAA0D,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACzG,MAAM,CAAC,OAAO,CAAC,YAAY,GAAG,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACnE,MAAM,CAAC,OAAO,CAAC,WAAW,GAAG,kCAAkC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAC7E,MAAM,CAAC,OAAO,CAAC,eAAe,GAAG,yDAAyD,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAExG,iFAAiF;IACjF,IAAI,MAAM,CAAC,iBAAiB,IAAI,MAAM,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnE,uEAAuE;QACvE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,eAAe,IAAI,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9D,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;QACvC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,OAAe;IACrC,iBAAiB;IACjB,IAAI,+DAA+D,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAClF,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,oBAAoB;IACpB,IAAI,iDAAiD,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACpE,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,iBAAiB;IACjB,IAAI,0DAA0D,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7E,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,mCAAmC;IACnC,IAAI,mEAAmE,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACtF,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,4EAA4E;IAC5E,IAAI,kDAAkD,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACrE,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,OAAe;IAK1C,MAAM,cAAc,GAAa,EAAE,CAAA;IACnC,MAAM,WAAW,GAAa,EAAE,CAAA;IAChC,MAAM,QAAQ,GAAa,EAAE,CAAA;IAE7B,iCAAiC;IACjC,2CAA2C;IAC3C,MAAM,iBAAiB,GAAG,OAAO,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAA;IAC5F,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,cAAc,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAA;QAC3C,yCAAyC;QACzC,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAK,CAAC,sBAAsB,CAAC,IAAI,EAAE,CAAA;QACnE,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;YACpC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACnB,2DAA2D;YAC3D,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC1F,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAC3B,CAAC;QACH,CAAC;IACH,CAAC;IAED,yBAAyB;IACzB,mDAAmD;IACnD,MAAM,kBAAkB,GAAG,OAAO,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAA;IAClG,IAAI,kBAAkB,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAA;QAClC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACnB,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC3B,CAAC;IACH,CAAC;IAED,uDAAuD;IACvD,0EAA0E;IAC1E,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAA;IACnF,IAAI,gBAAgB,EAAE,CAAC;QACrB,MAAM,YAAY,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAA;QACxC,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,CAAC,sBAAsB,CAAC,IAAI,EAAE,CAAA;QACjE,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;YACpC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACxB,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,MAAM,iBAAiB,GAAG,OAAO,CAAC,KAAK,CAAC,qEAAqE,CAAC,CAAA;IAC9G,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,YAAY,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAA;QACzC,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,CAAC,sBAAsB,CAAC,IAAI,EAAE,CAAA;QACjE,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;YACpC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACxB,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,iDAAiD;IACjD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1D,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IAChC,CAAC;IAED,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAA;AAClD,CAAC;AAED;;GAEG;AACH,SAAgB,4BAA4B,CAC1C,SAAiB,EACjB,MAA4B;IAE5B,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;QAC9B,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAA;IACtE,CAAC;IAED,iBAAiB;IACjB,MAAM,cAAc,GAAG,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,SAAS,EAAE,CAAA;IAE9E,6BAA6B;IAC7B,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QAC5C,IAAI,SAAS,CAAC,cAAc,EAAE,UAAU,CAAC,EAAE,CAAC;YAC1C,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,EAAE,iCAAiC,UAAU,EAAE,EAAE,CAAA;QACtF,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,KAAK,MAAM,aAAa,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QAClD,IAAI,SAAS,CAAC,cAAc,EAAE,aAAa,CAAC,EAAE,CAAC;YAC7C,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,MAAM,EAAE,gBAAgB,MAAM,CAAC,QAAQ,IAAI,MAAM,yBAAyB,aAAa,GAAG;aAC3F,CAAA;QACH,CAAC;IACH,CAAC;IAED,iBAAiB;IACjB,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,IAAI,SAAS,CAAC,cAAc,EAAE,OAAO,CAAC,EAAE,CAAC;YACvC,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,MAAM,EAAE,oCAAoC,OAAO,EAAE;aACtD,CAAA;QACH,CAAC;IACH,CAAC;IAED,oEAAoE;IACpE,mCAAmC;IACnC,IAAI,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACvC,OAAO;YACL,WAAW,EAAE,IAAI;YACjB,MAAM,EAAE,iCAAiC,MAAM,CAAC,QAAQ,IAAI,MAAM,aAAa;SAChF,CAAA;IACH,CAAC;IAED,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,EAAE,0CAA0C,EAAE,CAAA;AACnF,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAAC,QAAgB;IACnD,2DAA2D;IAC3D,MAAM,cAAc,GAAG,QAAQ,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAA;IACrE,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO,cAAc,CAAC,CAAC,CAAC,CAAA;IAC1B,CAAC;IAED,yDAAyD;IACzD,MAAM,gBAAgB,GAAG,QAAQ,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAA;IACvE,IAAI,gBAAgB,EAAE,CAAC;QACrB,OAAO,gBAAgB,CAAC,CAAC,CAAC,CAAA;IAC5B,CAAC;IAED,mEAAmE;IACnE,gDAAgD;IAChD,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;GAGG;AACH,SAAS,SAAS,CAAC,UAAkB,EAAE,OAAe;IACpD,YAAY;IACZ,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAClD,IAAI,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAE9C,iCAAiC;IACjC,WAAW,GAAG,WAAW;SACtB,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC;SACzB,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;IAE5B,wBAAwB;IACxB,MAAM,YAAY,GAAG,WAAW;SAC7B,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;SACpC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC;SACvB,OAAO,CAAC,mBAAmB,EAAE,IAAI,CAAC;SAClC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;IAExB,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,YAAY,GAAG,CAAC,CAAA;IAC7C,OAAO,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;AAC/B,CAAC;AAED;;;GAGG;AACH,SAAgB,yBAAyB,CAAC,OAAe;IAIvD,MAAM,QAAQ,GAAa,EAAE,CAAA;IAE7B,gDAAgD;IAChD,MAAM,cAAc,GAAG;QACrB,gCAAgC,EAAS,+BAA+B;QACxE,8BAA8B,EAAY,eAAe;QACzD,uCAAuC,EAAG,WAAW;QACrD,gBAAgB,EAA2B,iBAAiB;QAC5D,kBAAkB,EAAyB,UAAU;QACrD,oBAAoB,EAAuB,kBAAkB;QAC7D,gBAAgB,EAA2B,mBAAmB;QAC9D,wBAAwB,EAAmB,gBAAgB;QAC3D,mBAAmB,EAAwB,cAAc;QACzD,qBAAqB,EAAsB,sBAAsB;KAClE,CAAA;IAED,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;QAC/B,CAAC;IACH,CAAC;IAED,OAAO;QACL,cAAc,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC;QACnC,QAAQ;KACT,CAAA;AACH,CAAC"}
|
|
@@ -1,41 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* OAuth Flow Detector
|
|
3
|
-
* Detects OAuth state generation and validation across multiple files
|
|
4
|
-
* to prevent false positives when state is implemented correctly but split across files.
|
|
5
|
-
*/
|
|
6
|
-
import type { ScanFile } from '../types';
|
|
7
|
-
export interface OAuthFlowContext {
|
|
8
|
-
/** Whether state generation is detected in any file */
|
|
9
|
-
hasStateGeneration: boolean;
|
|
10
|
-
/** File where state is generated */
|
|
11
|
-
stateGenerationFile?: string;
|
|
12
|
-
/** Line number where state is generated */
|
|
13
|
-
stateGenerationLine?: number;
|
|
14
|
-
/** Whether state validation is detected in any file */
|
|
15
|
-
hasStateValidation: boolean;
|
|
16
|
-
/** File where state is validated */
|
|
17
|
-
stateValidationFile?: string;
|
|
18
|
-
/** Line number where state is validated */
|
|
19
|
-
stateValidationLine?: number;
|
|
20
|
-
/** Whether PKCE code_verifier is used */
|
|
21
|
-
hasCodeVerifier: boolean;
|
|
22
|
-
/** File where code_verifier is generated */
|
|
23
|
-
codeVerifierFile?: string;
|
|
24
|
-
/** Detected OAuth flow type */
|
|
25
|
-
flowType: 'authorization_code' | 'client_credentials' | 'implicit' | 'pkce' | 'unknown';
|
|
26
|
-
/** OAuth providers detected */
|
|
27
|
-
providers: string[];
|
|
28
|
-
}
|
|
29
|
-
/**
|
|
30
|
-
* Detect OAuth flow patterns across multiple files
|
|
31
|
-
*/
|
|
32
|
-
export declare function detectOAuthFlow(files: ScanFile[]): OAuthFlowContext;
|
|
33
|
-
/**
|
|
34
|
-
* Check if OAuth state is properly implemented across files
|
|
35
|
-
*/
|
|
36
|
-
export declare function isOAuthStateImplemented(context: OAuthFlowContext): boolean;
|
|
37
|
-
/**
|
|
38
|
-
* Get a summary of the OAuth flow for logging/context
|
|
39
|
-
*/
|
|
40
|
-
export declare function getOAuthFlowSummary(context: OAuthFlowContext): string;
|
|
41
|
-
//# sourceMappingURL=oauth-flow-detector.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-flow-detector.d.ts","sourceRoot":"","sources":["../../src/utils/oauth-flow-detector.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAA;AAExC,MAAM,WAAW,gBAAgB;IAC/B,uDAAuD;IACvD,kBAAkB,EAAE,OAAO,CAAA;IAC3B,oCAAoC;IACpC,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,2CAA2C;IAC3C,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,uDAAuD;IACvD,kBAAkB,EAAE,OAAO,CAAA;IAC3B,oCAAoC;IACpC,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,2CAA2C;IAC3C,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,yCAAyC;IACzC,eAAe,EAAE,OAAO,CAAA;IACxB,4CAA4C;IAC5C,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,+BAA+B;IAC/B,QAAQ,EAAE,oBAAoB,GAAG,oBAAoB,GAAG,UAAU,GAAG,MAAM,GAAG,SAAS,CAAA;IACvF,+BAA+B;IAC/B,SAAS,EAAE,MAAM,EAAE,CAAA;CACpB;AAoFD;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,gBAAgB,CA4EnE;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAa1E;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,gBAAgB,GAAG,MAAM,CA8BrE"}
|