@oculum/scanner 1.0.14 → 1.0.15

package/dist/detect/ast-rules/taint-fix-templates.js

@@ -0,0 +1,92 @@
+"use strict";
+/**
+ * Taint-Specific Fix Templates
+ *
+ * Provides context-specific fix steps for taint flow findings based on
+ * source type, sink type, and taint kind. Returns 3-5 actionable steps
+ * instead of generic "Sanitize or validate user input" advice.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getTaintFixSteps = getTaintFixSteps;
+// ============================================================================
+// Sink-Specific Fix Steps (primary axis)
+// ============================================================================
+const SINK_FIX_STEPS = {
+    sql: [
+        'Use parameterized queries or prepared statements (e.g., db.query("SELECT * FROM users WHERE id = $1", [id]))',
+        'Use ORM query builder methods (Prisma, Knex, Sequelize) instead of raw SQL',
+        'Never concatenate or interpolate user input into SQL strings',
+    ],
+    xss: [
+        'Escape output using your framework\'s built-in mechanism (React auto-escapes JSX, use textContent instead of innerHTML)',
+        'Sanitize HTML with DOMPurify.sanitize() before rendering dynamic content',
+        'Avoid dangerouslySetInnerHTML, innerHTML, and document.write with user data',
+    ],
+    command: [
+        'Use execFile() with an argument array instead of exec() with shell strings',
+        'Validate inputs against an allowlist of permitted values',
+        'Never pass user input directly to shell commands or eval()',
+    ],
+    ssrf: [
+        'Validate URLs against an allowlist of permitted domains',
+        'Reject requests to private/internal IP ranges (10.x, 172.16.x, 192.168.x, 169.254.x)',
+        'Parse the URL and verify the hostname before making the request',
+    ],
+    prompt: [
+        'Delimit user input with clear markers (e.g., <user_input>...</user_input>) in prompts',
+        'Use the structured messages API with separate system/user roles instead of string concatenation',
+        'Apply input length limits and content filtering before prompt construction',
+    ],
+    path: [
+        'Use path.resolve() and verify the result is within the allowed base directory',
+        'Reject inputs containing "../" or absolute paths',
+        'Use path.join() with a fixed base path and validate the resolved path stays within bounds',
+    ],
+};
+// ============================================================================
+// Source-Aware Prefix Steps (secondary axis)
+// ============================================================================
+const SOURCE_PREFIX = {
+    http_body: 'Validate request body with a schema library (zod, joi, yup) before use',
+    http_query: 'Validate and sanitize URL query parameters before use',
+    http_params: 'Validate URL path parameters (check format, length, allowlist)',
+    http_headers: 'Validate and sanitize request headers before use',
+    llm_output: 'Treat LLM output as untrusted — validate and sanitize before passing to sinks',
+    rag_retrieval: 'Sanitize retrieved documents before including in prompts or rendering',
+    tool_output: 'Validate tool/function call output before further processing',
+    tool_input: 'Validate tool input parameters before execution',
+    conversation_history: 'Sanitize conversation history entries before reuse in prompts',
+    websocket_message: 'Validate and sanitize WebSocket message payloads',
+    file_upload: 'Validate file upload content and metadata before processing',
+    cli_args: 'Validate CLI arguments against expected patterns before use',
+};
+// ============================================================================
+// Public API
+// ============================================================================
+/**
+ * Get context-specific fix steps for a taint finding.
+ *
+ * @param sourceType - The taint source type (e.g., 'http_body', 'llm_output')
+ * @param sinkType - The taint sink type (e.g., 'sql_query', 'eval')
+ * @param taintKind - The taint kind (e.g., 'sql', 'xss', 'command')
+ * @returns Array of 3-5 actionable fix steps
+ */
+function getTaintFixSteps(sourceType, sinkType, taintKind) {
+    const steps = [];
+    // Add source-aware prefix step if available
+    const prefix = SOURCE_PREFIX[sourceType];
+    if (prefix) {
+        steps.push(prefix);
+    }
+    // Add sink-specific fix steps (primary guidance)
+    const sinkSteps = SINK_FIX_STEPS[taintKind];
+    if (sinkSteps) {
+        steps.push(...sinkSteps);
+    }
+    // Fallback for unknown combinations
+    if (steps.length === 0) {
+        steps.push('Validate and sanitize user input before passing to security-sensitive functions', 'Use framework-provided safe APIs instead of raw string manipulation', 'Apply the principle of least privilege when handling untrusted data');
+    }
+    return steps;
+}
+//# sourceMappingURL=taint-fix-templates.js.map

package/dist/detect/ast-rules/taint-fix-templates.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"taint-fix-templates.js","sourceRoot":"","sources":["../../../src/detect/ast-rules/taint-fix-templates.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAwEH,4CA6BC;AAjGD,+EAA+E;AAC/E,yCAAyC;AACzC,+EAA+E;AAE/E,MAAM,cAAc,GAAgC;IAClD,GAAG,EAAE;QACH,8GAA8G;QAC9G,4EAA4E;QAC5E,8DAA8D;KAC/D;IACD,GAAG,EAAE;QACH,yHAAyH;QACzH,0EAA0E;QAC1E,6EAA6E;KAC9E;IACD,OAAO,EAAE;QACP,4EAA4E;QAC5E,0DAA0D;QAC1D,4DAA4D;KAC7D;IACD,IAAI,EAAE;QACJ,yDAAyD;QACzD,sFAAsF;QACtF,iEAAiE;KAClE;IACD,MAAM,EAAE;QACN,uFAAuF;QACvF,iGAAiG;QACjG,4EAA4E;KAC7E;IACD,IAAI,EAAE;QACJ,+EAA+E;QAC/E,kDAAkD;QAClD,2FAA2F;KAC5F;CACF,CAAA;AAED,+EAA+E;AAC/E,6CAA6C;AAC7C,+EAA+E;AAE/E,MAAM,aAAa,GAA6C;IAC9D,SAAS,EAAE,wEAAwE;IACnF,UAAU,EAAE,uDAAuD;IACnE,WAAW,EAAE,gEAAgE;IAC7E,YAAY,EAAE,kDAAkD;IAChE,UAAU,EAAE,+EAA+E;IAC3F,aAAa,EAAE,uEAAuE;IACtF,WAAW,EAAE,8DAA8D;IAC3E,UAAU,EAAE,iDAAiD;IAC7D,oBAAoB,EAAE,+DAA+D;IACrF,iBAAiB,EAAE,kDAAkD;IACrE,WAAW,EAAE,6DAA6D;IAC1E,QAAQ,EAAE,6DAA6D;CACxE,CAAA;AAED,+EAA+E;AAC/E,aAAa;AACb,+EAA+E;AAE/E;;;;;;;GAOG;AACH,SAAgB,gBAAgB,CAC9B,UAAoC,EACpC,QAAgC,EAChC,SAAoB;IAEpB,MAAM,KAAK,GAAa,EAAE,CAAA;IAE1B,4CAA4C;IAC5C,MAAM,MAAM,GAAG,aAAa,CAAC,UAA6B,CAAC,CAAA;IAC3D,IAAI,MAAM,EAAE,CAAC;QACX,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IACpB,CAAC;IAED,iDAAiD;IACjD,MAAM,SAAS,GAAG,cAAc,CAAC,SAAS,CAAC,CAAA;IAC3C,IAAI,SAAS,EAAE,CAAC;QACd,KAAK,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,CAAA;IAC1B,CAAC;IAED,oCAAoC;IACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CACR,iFAAiF,EACjF,qEAAqE,EACrE,qEAAqE,CACtE,CAAA;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC"}

package/dist/detect/ast-rules/taint-flow-ast.d.ts

@@ -0,0 +1,24 @@
+/**
+ * AST-Based Taint Flow Detection
+ *
+ * Runs the v2 taint engine (CFG-based forward propagation) during AST detection
+ * and emits Vulnerability objects for confirmed taint flows from user input to
+ * dangerous sinks without sanitization.
+ *
+ * Registers one rule per TaintKind so each gets its own VulnerabilityCategory.
+ * Findings are cached per-file (by AST hash) so the taint engine only runs once
+ * even though 6 rules query results.
+ */
+import type { TaintFinding } from "../../taint/propagation-types";
+import type { TaintPathOutput } from "../../shared/types";
+/** Convert internal TaintFinding to serializable TaintPathOutput. */
+export declare function serializeTaintPath(finding: TaintFinding): TaintPathOutput;
+/**
+ * Pre-populate the cache with project-level cross-file taint findings.
+ * Called by detect/index.ts after running analyzeTaintsForProject().
+ * When set, the per-file fallback is skipped.
+ */
+export declare function setProjectFindings(findings: TaintFinding[]): void;
+/** Clear findings cache between scans. */
+export declare function clearTaintFlowCache(): void;
+//# sourceMappingURL=taint-flow-ast.d.ts.map

package/dist/detect/ast-rules/taint-flow-ast.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"taint-flow-ast.d.ts","sourceRoot":"","sources":["../../../src/detect/ast-rules/taint-flow-ast.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAElE,OAAO,KAAK,EAGV,eAAe,EAChB,MAAM,oBAAoB,CAAC;AA6C5B,qEAAqE;AACrE,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,YAAY,GAAG,eAAe,CAkBzE;AAcD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,YAAY,EAAE,GAAG,IAAI,CAQjE;AAiBD,0CAA0C;AAC1C,wBAAgB,mBAAmB,IAAI,IAAI,CAI1C"}

package/dist/detect/ast-rules/taint-flow-ast.js

@@ -0,0 +1,340 @@
+"use strict";
+/**
+ * AST-Based Taint Flow Detection
+ *
+ * Runs the v2 taint engine (CFG-based forward propagation) during AST detection
+ * and emits Vulnerability objects for confirmed taint flows from user input to
+ * dangerous sinks without sanitization.
+ *
+ * Registers one rule per TaintKind so each gets its own VulnerabilityCategory.
+ * Findings are cached per-file (by AST hash) so the taint engine only runs once
+ * even though 6 rules query results.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.serializeTaintPath = serializeTaintPath;
+exports.setProjectFindings = setProjectFindings;
+exports.clearTaintFlowCache = clearTaintFlowCache;
+const index_1 = require("./index");
+const taint_fix_templates_1 = require("./taint-fix-templates");
+const taint_analyzer_1 = require("../../taint/taint-analyzer");
+const file_classifier_1 = require("../../parse/file-classifier");
+const llm_risk_scoring_1 = require("../../taint/llm-risk-scoring");
+// ============================================================================
+// TaintKind → Vulnerability Mapping
+// ============================================================================
+const KIND_TO_CATEGORY = {
+    sql: "sql_injection",
+    xss: "xss",
+    command: "command_injection",
+    ssrf: "ssrf",
+    prompt: "ai_prompt_injection",
+    path: "dangerous_function",
+};
+const KIND_TO_SEVERITY = {
+    sql: "high",
+    xss: "high",
+    command: "high",
+    ssrf: "high",
+    prompt: "medium",
+    path: "medium",
+};
+const KIND_TO_TITLE = {
+    sql: "SQL injection via unsanitized data flow",
+    xss: "Cross-site scripting via unsanitized data flow",
+    command: "Command injection via unsanitized data flow",
+    ssrf: "Server-side request forgery via unsanitized data flow",
+    prompt: "Prompt injection via unsanitized data flow",
+    path: "Path traversal via unsanitized data flow",
+};
+// ============================================================================
+// Taint Path Serialization
+// ============================================================================
+/** Convert internal TaintFinding to serializable TaintPathOutput. */
+function serializeTaintPath(finding) {
+    return {
+        sourceType: finding.source.sourceType,
+        sourceLine: finding.source.line,
+        sinkType: finding.sink.sinkType,
+        sinkLine: finding.sink.line,
+        taintKinds: [...finding.matchingKinds],
+        sanitized: false,
+        steps: finding.path.map((step) => ({
+            line: step.line,
+            variable: step.variable,
+            taintKinds: [...step.taintKinds],
+            description: step.description,
+            stepType: step.stepType,
+            ...(step.filePath ? { filePath: step.filePath } : {}),
+            ...(step.functionName ? { functionName: step.functionName } : {}),
+        })),
+    };
+}
+// ============================================================================
+// Per-file Findings Cache
+// ============================================================================
+/** IMPORTANT: Must call clearTaintFlowCache() between scans to prevent stale data. */
+const findingsCache = new Map();
+/** Project-level findings cache — keyed by filePath → findings in that file.
+ *  IMPORTANT: Must call clearTaintFlowCache() between scans to prevent stale data. */
+const projectFindingsCache = new Map();
+let hasProjectFindings = false;
+/**
+ * Pre-populate the cache with project-level cross-file taint findings.
+ * Called by detect/index.ts after running analyzeTaintsForProject().
+ * When set, the per-file fallback is skipped.
+ */
+function setProjectFindings(findings) {
+    projectFindingsCache.clear();
+    for (const f of findings) {
+        const existing = projectFindingsCache.get(f.filePath) ?? [];
+        existing.push(f);
+        projectFindingsCache.set(f.filePath, existing);
+    }
+    hasProjectFindings = true;
+}
+function getFindings(ast) {
+    // Prefer project-level cross-file findings when available
+    if (hasProjectFindings) {
+        return projectFindingsCache.get(ast.filePath) ?? [];
+    }
+    // Fallback: per-file analysis (no cross-file context)
+    const cached = findingsCache.get(ast.hash);
+    if (cached !== undefined)
+        return cached;
+    const findings = (0, taint_analyzer_1.analyzeTaintsForFile)(ast, ast.filePath);
+    findingsCache.set(ast.hash, findings);
+    return findings;
+}
+/** Clear findings cache between scans. */
+function clearTaintFlowCache() {
+    findingsCache.clear();
+    projectFindingsCache.clear();
+    hasProjectFindings = false;
+}
+// ============================================================================
+// LLM-Aware Category / Severity Routing
+// ============================================================================
+/** Source types that indicate LLM-related data flow */
+const LLM_SOURCE_TYPES = new Set([
+    "llm_output",
+    "tool_output",
+    "rag_retrieval",
+    "conversation_history",
+]);
+/** Sink types that are prompt-related */
+const PROMPT_SINK_TYPES = new Set(["prompt_construction", "system_prompt"]);
+/** LangChain message class names — LLM output wrapped in these is output packaging, not injection */
+const LANGCHAIN_MESSAGE_CLASS_RE = /AIMessage|HumanMessage|SystemMessage|ChatMessage|AIMessageChunk|HumanMessageChunk|BaseMessage/;
+/** Check if a taint finding's sink involves LangChain message class wrapping (output packaging) */
+function isOutputPackaging(finding) {
+    const sinkExpr = finding.sink.expression;
+    return LANGCHAIN_MESSAGE_CLASS_RE.test(sinkExpr);
+}
+/** HTTP source types that represent direct user input */
+const HTTP_SOURCE_TYPES = new Set([
+    "http_body",
+    "http_query",
+    "http_params",
+    "http_header",
+    "form_input",
+    "url_param",
+]);
+function isHTTPSourceType(sourceType) {
+    return HTTP_SOURCE_TYPES.has(sourceType);
+}
+/** Check if a file path matches context builder / prompt template patterns */
+function isContextBuilderFile(filePath) {
+    return /context[-_]?builder|system[-_]?prompt|prompt[-_]?template|prompt[-_]?builder/i.test(filePath);
+}
+/**
+ * Determine category and severity for a taint finding, with LLM-aware routing:
+ *
+ * - User input → prompt sink → ai_prompt_injection (with risk scoring)
+ * - LLM output → execution sink → ai_unsafe_execution (with risk scoring)
+ * - Standard taint flow → original kind-based mapping
+ */
+function getCategoryAndSeverity(finding, kind, content) {
+    const isLLMSource = LLM_SOURCE_TYPES.has(finding.source.sourceType);
+    const isPromptSink = PROMPT_SINK_TYPES.has(finding.sink.sinkType);
+    // LLM output → prompt sink with LangChain message class wrapping → output packaging (info)
+    if (isLLMSource && isPromptSink && isOutputPackaging(finding)) {
+        return {
+            category: "ai_prompt_injection",
+            severity: "info",
+            note: `LLM output wrapped in message class (output packaging) at line ${finding.sink.line} — standard multi-turn conversation pattern.`,
+        };
+    }
+    // User input → prompt sink → ai_prompt_injection (with risk scoring)
+    if (kind === "prompt" && isPromptSink) {
+        // FP-49: Internal context builder — non-HTTP sources in prompt builder files
+        if (!isHTTPSourceType(finding.source.sourceType) &&
+            isContextBuilderFile(finding.filePath)) {
+            return {
+                category: "ai_prompt_injection",
+                severity: "info",
+                note: `Internal context builder: non-HTTP source flows to prompt construction in ${finding.filePath.split("/").pop()} — internal data assembly, not user-facing injection vector.`,
+            };
+        }
+        const risk = (0, llm_risk_scoring_1.assessPromptInjectionRisk)(finding, content);
+        return {
+            category: risk.adjustedCategory,
+            severity: risk.adjustedSeverity,
+            note: risk.note,
+        };
+    }
+    // LLM output → execution sink → ai_unsafe_execution (with risk scoring)
+    if (isLLMSource && !isPromptSink) {
+        const risk = (0, llm_risk_scoring_1.assessExecutionRisk)(finding, content);
+        return {
+            category: risk.adjustedCategory,
+            severity: risk.adjustedSeverity,
+            note: risk.note,
+        };
+    }
+    // LLM output → prompt sink → indirect prompt injection (multi-agent attack vector)
+    if (isLLMSource && isPromptSink) {
+        const sourceDesc = finding.source.sourceType.replace(/_/g, " ");
+        return {
+            category: "ai_prompt_injection",
+            severity: "medium",
+            note: `Indirect prompt injection: ${sourceDesc} at line ${finding.source.line} flows into another model's prompt at line ${finding.sink.line}. An attacker who controls the first model's output can manipulate the second model via injected instructions.`,
+        };
+    }
+    // Standard taint flow (unchanged)
+    const sourceDesc = finding.source.sourceType.replace(/_/g, " ");
+    const sinkDesc = finding.sink.sinkType.replace(/_/g, " ");
+    const pathLen = finding.path.length;
+    const note = `User input from ${sourceDesc} at line ${finding.source.line} flows to ${sinkDesc} (${kind}) through ${pathLen} step${pathLen === 1 ? "" : "s"} without sanitization`;
+    return {
+        category: KIND_TO_CATEGORY[kind],
+        severity: KIND_TO_SEVERITY[kind],
+        note,
+    };
+}
+// ============================================================================
+// Guard Clause / Early-Return Suppression
+// ============================================================================
+/**
+ * Validation keywords in if-conditions that indicate input validation or auth checks.
+ * Presence of these + early return/throw between source and sink suppresses the finding.
+ */
+const GUARD_VALIDATION_RE = /\.startsWith\(|\.startswith\(|\.includes\(|\.endsWith\(|\.endswith\(|\.indexOf\(|\.some\(|\.every\(|\.has\(|\bnot\s+in\b|\bin\s+(?:allowed|whitelist|allowlist)\b|!==\s*(?:\w*(?:userId|ownerId|user_id|owner_id))|(?:userId|ownerId|user_id|owner_id)\w*\s*!==|!\s*(?:args\.)?(?:approved|confirmed)|\.(?:approved|confirmed)\b|(?:allowed|whitelist|allowlist)\b/i;
+/**
+ * Check if there's a guard clause (validation + early exit) between/around
+ * a taint source and sink that would make the finding a false positive.
+ *
+ * Looks for: if (validation_pattern) { return | throw | raise }
+ * within a window around the source-to-sink range.
+ */
+function hasGuardClause(content, finding) {
+    const lines = content.split("\n");
+    const startLine = Math.max(0, Math.min(finding.source.line, finding.sink.line) - 5);
+    const endLine = Math.min(lines.length, Math.max(finding.source.line, finding.sink.line) + 6);
+    for (let i = startLine; i < endLine; i++) {
+        const line = lines[i];
+        // Match if-statement line containing a validation keyword
+        if (/^\s*if\s*[\(\s]/.test(line) && GUARD_VALIDATION_RE.test(line)) {
+            // Check same line and next 3 lines for early exit
+            for (let j = i; j < Math.min(lines.length, i + 4); j++) {
+                if (/\b(?:return|throw)\b/.test(lines[j]))
+                    return true;
+            }
+        }
+        // Python: if ... : \n    return/raise
+        if (/^\s*if\s+/.test(line) &&
+            GUARD_VALIDATION_RE.test(line) &&
+            line.trimEnd().endsWith(":")) {
+            for (let j = i + 1; j < Math.min(lines.length, i + 3); j++) {
+                if (/^\s+(?:return|raise)\b/.test(lines[j]))
+                    return true;
+            }
+        }
+    }
+    return false;
+}
+// ============================================================================
+// Register One Rule Per TaintKind
+// ============================================================================
+const ALL_KINDS = [
+    "sql",
+    "xss",
+    "command",
+    "ssrf",
+    "prompt",
+    "path",
+];
+for (const kind of ALL_KINDS) {
+    (0, index_1.registerASTRule)({
+        id: `ast-taint-flow-${kind}`,
+        title: KIND_TO_TITLE[kind],
+        description: `User input flows to a ${kind}-vulnerable sink without proper sanitization`,
+        severity: KIND_TO_SEVERITY[kind],
+        category: KIND_TO_CATEGORY[kind],
+        suggestedFix: "Sanitize or validate user input before passing it to security-sensitive functions.",
+        languages: ["javascript", "typescript", "tsx", "python"],
+        confidence: "high",
+        baseConfidence: 0.7,
+        requiresAIValidation: false,
+        layer: 2,
+        source: "structural",
+        detect(ast, content) {
+            if ((0, file_classifier_1.isScannerOrFixtureFile)(ast.filePath))
+                return [];
+            if ((0, file_classifier_1.isTestOrMockFile)(ast.filePath))
+                return [];
+            const findings = getFindings(ast);
+            const matches = [];
+            // Dedup: one finding per sink line per taint kind.
+            // Multiple sources to the same sink are suppressed to reduce noise.
+            const emittedSinks = new Set();
+            for (const finding of findings) {
+                if (finding.matchingKinds.has(kind)) {
+                    if (emittedSinks.has(finding.sink.line))
+                        continue;
+                    // Suppress findings where source and sink originate from the same LLM call.
+                    // This happens when a function's return value is an llm_output source and
+                    // one of its input parameters hits a prompt sink — not a real data flow.
+                    // A path with only source→sink (2 steps) is trivially short, indicating
+                    // a same-expression or same-call scenario rather than a real data flow.
+                    const MAX_STEPS_SAME_CALL = 2;
+                    if (finding.source.line === finding.sink.line &&
+                        finding.path.length <= MAX_STEPS_SAME_CALL &&
+                        LLM_SOURCE_TYPES.has(finding.source.sourceType) &&
+                        PROMPT_SINK_TYPES.has(finding.sink.sinkType)) {
+                        continue;
+                    }
+                    // Suppress findings where source and sink originate from the same LLM call.
+                    // This happens when a function's return value is an llm_output source and
+                    // one of its input parameters hits a prompt sink — not a real data flow.
+                    if (finding.source.line === finding.sink.line
+                        && finding.path.length <= 2
+                        && LLM_SOURCE_TYPES.has(finding.source.sourceType)
+                        && PROMPT_SINK_TYPES.has(finding.sink.sinkType)) {
+                        continue;
+                    }
+                    // Suppress findings where a guard clause (validation + early exit)
+                    // protects the sink from reaching tainted data
+                    if (hasGuardClause(content, finding))
+                        continue;
+                    emittedSinks.add(finding.sink.line);
+                    const resolved = getCategoryAndSeverity(finding, kind, content);
+                    const fixSteps = (0, taint_fix_templates_1.getTaintFixSteps)(finding.source.sourceType, finding.sink.sinkType, kind);
+                    matches.push({
+                        node: finding.sink.node,
+                        severity: resolved.severity,
+                        note: resolved.note,
+                        taintPath: serializeTaintPath(finding),
+                        evidenceLevel: "proven",
+                        fixSteps,
+                        // Override category when LLM routing changes it
+                        ...(resolved.category !== KIND_TO_CATEGORY[kind]
+                            ? { category: resolved.category }
+                            : {}),
+                    });
+                }
+            }
+            return matches;
+        },
+    });
+}
+//# sourceMappingURL=taint-flow-ast.js.map

package/dist/detect/ast-rules/taint-flow-ast.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"taint-flow-ast.js","sourceRoot":"","sources":["../../../src/detect/ast-rules/taint-flow-ast.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;AA0DH,gDAkBC;AAmBD,gDAQC;AAkBD,kDAIC;AA1HD,mCAA6D;AAC7D,+DAAyD;AACzD,+DAAkE;AAQlE,iEAGqC;AACrC,mEAGsC;AAEtC,+EAA+E;AAC/E,oCAAoC;AACpC,+EAA+E;AAE/E,MAAM,gBAAgB,GAA6C;IACjE,GAAG,EAAE,eAAe;IACpB,GAAG,EAAE,KAAK;IACV,OAAO,EAAE,mBAAmB;IAC5B,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,qBAAqB;IAC7B,IAAI,EAAE,oBAAoB;CAC3B,CAAC;AAEF,MAAM,gBAAgB,GAA6C;IACjE,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,MAAM;IACX,OAAO,EAAE,MAAM;IACf,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,IAAI,EAAE,QAAQ;CACf,CAAC;AAEF,MAAM,aAAa,GAA8B;IAC/C,GAAG,EAAE,yCAAyC;IAC9C,GAAG,EAAE,gDAAgD;IACrD,OAAO,EAAE,6CAA6C;IACtD,IAAI,EAAE,uDAAuD;IAC7D,MAAM,EAAE,4CAA4C;IACpD,IAAI,EAAE,0CAA0C;CACjD,CAAC;AAEF,+EAA+E;AAC/E,2BAA2B;AAC3B,+EAA+E;AAE/E,qEAAqE;AACrE,SAAgB,kBAAkB,CAAC,OAAqB;IACtD,OAAO;QACL,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU;QACrC,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI;QAC/B,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,QAAQ;QAC/B,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI;QAC3B,UAAU,EAAE,CAAC,GAAG,OAAO,CAAC,aAAa,CAAC;QACtC,SAAS,EAAE,KAAK;QAChB,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACjC,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,UAAU,EAAE,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC;YAChC,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACrD,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAClE,CAAC,CAAC;KACJ,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAE/E,sFAAsF;AACtF,MAAM,aAAa,GAAG,IAAI,GAAG,EAA0B,CAAC;AAExD;sFACsF;AACtF,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAA0B,CAAC;AAC/D,IAAI,kBAAkB,GAAG,KAAK,CAAC;AAE/B;;;;GAIG;AACH,SAAgB,kBAAkB,CAAC,QAAwB;IACzD,oBAAoB,CAAC,KAAK,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC5D,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjB,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACjD,CAAC;IACD,kBAAkB,GAAG,IAAI,CAAC;AAC5B,CAAC;AAED,SAAS,WAAW,CAAC,GAAc;IACjC,0DAA0D;IAC1D,IAAI,kBAAkB,EAAE,CAAC;QACvB,OAAO,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IACtD,CAAC;IAED,sDAAsD;IACtD,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC3C,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IAExC,MAAM,QAAQ,GAAG,IAAA,qCAAoB,EAAC,GAAG,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzD,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACtC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,0CAA0C;AAC1C,SAAgB,mBAAmB;IACjC,aAAa,CAAC,KAAK,EAAE,CAAC;IACtB,oBAAoB,CAAC,KAAK,EAAE,CAAC;IAC7B,kBAAkB,GAAG,KAAK,CAAC;AAC7B,CAAC;AAED,+EAA+E;AAC/E,wCAAwC;AACxC,+EAA+E;AAE/E,uDAAuD;AACvD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,YAAY;IACZ,aAAa;IACb,eAAe;IACf,sBAAsB;CACvB,CAAC,CAAC;AAEH,yCAAyC;AACzC,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,qBAAqB,EAAE,eAAe,CAAC,CAAC,CAAC;AAE5E,qGAAqG;AACrG,MAAM,0BAA0B,GAC9B,+FAA+F,CAAC;AAElG,mGAAmG;AACnG,SAAS,iBAAiB,CAAC,OAAqB;IAC9C,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC;IACzC,OAAO,0BAA0B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACnD,CAAC;AAED,yDAAyD;AACzD,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,WAAW;IACX,YAAY;IACZ,aAAa;IACb,aAAa;IACb,YAAY;IACZ,WAAW;CACZ,CAAC,CAAC;AAEH,SAAS,gBAAgB,CAAC,UAAkB;IAC1C,OAAO,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;AAC3C,CAAC;AAED,8EAA8E;AAC9E,SAAS,oBAAoB,CAAC,QAAgB;IAC5C,OAAO,+EAA+E,CAAC,IAAI,CACzF,QAAQ,CACT,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,sBAAsB,CAC7B,OAAqB,EACrB,IAAe,EACf,OAAe;IAMf,MAAM,WAAW,GAAG,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAElE,2FAA2F;IAC3F,IAAI,WAAW,IAAI,YAAY,IAAI,iBAAiB,CAAC,OAAO,CAAC,EAAE,CAAC;QAC9D,OAAO;YACL,QAAQ,EAAE,qBAAqB;YAC/B,QAAQ,EAAE,MAAM;YAChB,IAAI,EAAE,kEAAkE,OAAO,CAAC,IAAI,CAAC,IAAI,8CAA8C;SACxI,CAAC;IACJ,CAAC;IAED,qEAAqE;IACrE,IAAI,IAAI,KAAK,QAAQ,IAAI,YAAY,EAAE,CAAC;QACtC,6EAA6E;QAC7E,IACE,CAAC,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC;YAC5C,oBAAoB,CAAC,OAAO,CAAC,QAAQ,CAAC,EACtC,CAAC;YACD,OAAO;gBACL,QAAQ,EAAE,qBAAqB;gBAC/B,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,6EAA6E,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,8DAA8D;aACnL,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,IAAA,4CAAyB,EAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACzD,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,gBAAgB;YAC/B,QAAQ,EAAE,IAAI,CAAC,gBAAgB;YAC/B,IAAI,EAAE,IAAI,CAAC,IAAI;SAChB,CAAC;IACJ,CAAC;IAED,wEAAwE;IACxE,IAAI,WAAW,IAAI,CAAC,YAAY,EAAE,CAAC;QACjC,MAAM,IAAI,GAAG,IAAA,sCAAmB,EAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACnD,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,gBAAgB;YAC/B,QAAQ,EAAE,IAAI,CAAC,gBAAgB;YAC/B,IAAI,EAAE,IAAI,CAAC,IAAI;SAChB,CAAC;IACJ,CAAC;IAED,mFAAmF;IACnF,IAAI,WAAW,IAAI,YAAY,EAAE,CAAC;QAChC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAChE,OAAO;YACL,QAAQ,EAAE,qBAAqB;YAC/B,QAAQ,EAAE,QAAQ;YAClB,IAAI,EAAE,8BAA8B,UAAU,YAAY,OAAO,CAAC,MAAM,CAAC,IAAI,8CAA8C,OAAO,CAAC,IAAI,CAAC,IAAI,gHAAgH;SAC7P,CAAC;IACJ,CAAC;IAED,kCAAkC;IAClC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAChE,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC;IACpC,MAAM,IAAI,GAAG,mBAAmB,UAAU,YAAY,OAAO,CAAC,MAAM,CAAC,IAAI,aAAa,QAAQ,KAAK,IAAI,aAAa,OAAO,QAAQ,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,uBAAuB,CAAC;IAEnL,OAAO;QACL,QAAQ,EAAE,gBAAgB,CAAC,IAAI,CAAC;QAChC,QAAQ,EAAE,gBAAgB,CAAC,IAAI,CAAC;QAChC,IAAI;KACL,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,0CAA0C;AAC1C,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,mBAAmB,GACvB,qWAAqW,CAAC;AAExW;;;;;;GAMG;AACH,SAAS,cAAc,CAAC,OAAe,EAAE,OAAqB;IAC5D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CACxB,CAAC,EACD,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CACrD,CAAC;IACF,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CACtB,KAAK,CAAC,MAAM,EACZ,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CACrD,CAAC;IAEF,KAAK,IAAI,CAAC,GAAG,SAAS,EAAE,CAAC,GAAG,OAAO,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,0DAA0D;QAC1D,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnE,kDAAkD;YAClD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBACvD,IAAI,sBAAsB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAAE,OAAO,IAAI,CAAC;YACzD,CAAC;QACH,CAAC;QACD,sCAAsC;QACtC,IACE,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;YACtB,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9B,IAAI,CAAC,OAAO,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAC5B,CAAC;YACD,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3D,IAAI,wBAAwB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAAE,OAAO,IAAI,CAAC;YAC3D,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+EAA+E;AAC/E,kCAAkC;AAClC,+EAA+E;AAE/E,MAAM,SAAS,GAAgB;IAC7B,KAAK;IACL,KAAK;IACL,SAAS;IACT,MAAM;IACN,QAAQ;IACR,MAAM;CACP,CAAC;AAEF,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;IAC7B,IAAA,uBAAe,EAAC;QACd,EAAE,EAAE,kBAAkB,IAAI,EAAE;QAC5B,KAAK,EAAE,aAAa,CAAC,IAAI,CAAC;QAC1B,WAAW,EAAE,yBAAyB,IAAI,8CAA8C;QACxF,QAAQ,EAAE,gBAAgB,CAAC,IAAI,CAAC;QAChC,QAAQ,EAAE,gBAAgB,CAAC,IAAI,CAAC;QAChC,YAAY,EACV,oFAAoF;QACtF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,KAAK,EAAE,QAAQ,CAAC;QACxD,UAAU,EAAE,MAAM;QAClB,cAAc,EAAE,GAAG;QACnB,oBAAoB,EAAE,KAAK;QAC3B,KAAK,EAAE,CAAC;QACR,MAAM,EAAE,YAAY;QACpB,MAAM,CAAC,GAAc,EAAE,OAAe;YACpC,IAAI,IAAA,wCAAsB,EAAC,GAAG,CAAC,QAAQ,CAAC;gBAAE,OAAO,EAAE,CAAC;YACpD,IAAI,IAAA,kCAAgB,EAAC,GAAG,CAAC,QAAQ,CAAC;gBAAE,OAAO,EAAE,CAAC;YAE9C,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;YAClC,MAAM,OAAO,GAAmB,EAAE,CAAC;YACnC,mDAAmD;YACnD,oEAAoE;YACpE,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;YAEvC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,IAAI,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBACpC,IAAI,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;wBAAE,SAAS;oBAElD,4EAA4E;oBAC5E,0EAA0E;oBAC1E,yEAAyE;oBACzE,wEAAwE;oBACxE,wEAAwE;oBACxE,MAAM,mBAAmB,GAAG,CAAC,CAAC;oBAC9B,IACE,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,IAAI;wBACzC,OAAO,CAAC,IAAI,CAAC,MAAM,IAAI,mBAAmB;wBAC1C,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC;wBAC/C,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAC5C,CAAC;wBACD,SAAS;oBACX,CAAC;oBAED,4EAA4E;oBAC5E,0EAA0E;oBAC1E,yEAAyE;oBACzE,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,IAAI;2BACtC,OAAO,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC;2BACxB,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC;2BAC/C,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACpD,SAAQ;oBACV,CAAC;oBAED,mEAAmE;oBACnE,+CAA+C;oBAC/C,IAAI,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC;wBAAE,SAAS;oBAE/C,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAEpC,MAAM,QAAQ,GAAG,sBAAsB,CAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;oBAChE,MAAM,QAAQ,GAAG,IAAA,sCAAgB,EAC/B,OAAO,CAAC,MAAM,CAAC,UAAU,EACzB,OAAO,CAAC,IAAI,CAAC,QAAQ,EACrB,IAAI,CACL,CAAC;oBACF,OAAO,CAAC,IAAI,CAAC;wBACX,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI;wBACvB,QAAQ,EAAE,QAAQ,CAAC,QAAQ;wBAC3B,IAAI,EAAE,QAAQ,CAAC,IAAI;wBACnB,SAAS,EAAE,kBAAkB,CAAC,OAAO,CAAC;wBACtC,aAAa,EAAE,QAAQ;wBACvB,QAAQ;wBACR,gDAAgD;wBAChD,GAAG,CAAC,QAAQ,CAAC,QAAQ,KAAK,gBAAgB,CAAC,IAAI,CAAC;4BAC9C,CAAC,CAAC,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAE;4BACjC,CAAC,CAAC,EAAE,CAAC;qBACR,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,OAAO,OAAO,CAAC;QACjB,CAAC;KACF,CAAC,CAAC;AACL,CAAC"}

package/dist/detect/ast-rules/variables-ast.d.ts

@@ -0,0 +1,24 @@
+/**
+ * AST-Based Sensitive Variable Detection
+ *
+ * Migrates structural/variables.ts from regex to AST.
+ * Detects variable declarations/assignments with sensitive names
+ * that have hardcoded string values.
+ *
+ * AST advantages over regex:
+ * - Understands declaration structure (skips type annotations, interfaces)
+ * - Resolves destructured assignments
+ * - Skips comments at the AST level (no regex heuristic)
+ * - Handles multi-line declarations
+ */
+import type Parser from "tree-sitter";
+/**
+ * Unified value classifier: returns true if the value is NOT an actual secret.
+ * Covers: empty strings, template expressions, env var refs, UPPER_SNAKE_CASE names,
+ * known placeholders, permission scope identifiers, and template literals with
+ * runtime interpolations.
+ */
+export declare function isNotActualSecretValue(value: string, valueNode: Parser.SyntaxNode, options?: {
+    highSensitivity?: boolean;
+}): boolean;
+//# sourceMappingURL=variables-ast.d.ts.map

package/dist/detect/ast-rules/variables-ast.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"variables-ast.d.ts","sourceRoot":"","sources":["../../../src/detect/ast-rules/variables-ast.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AASH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AA0KtC;;;;;GAKG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,CAAC,UAAU,EAC5B,OAAO,CAAC,EAAE;IAAE,eAAe,CAAC,EAAE,OAAO,CAAA;CAAE,GACtC,OAAO,CAsDT"}