@oddessentials/odd-ai-reviewers 1.10.1 → 1.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. package/README.md +16 -9
  2. package/dist/agents/control_flow/types.d.ts +1 -1
  3. package/dist/agents/control_flow/types.js +1 -1
  4. package/dist/agents/index.d.ts +1 -0
  5. package/dist/agents/index.d.ts.map +1 -1
  6. package/dist/agents/index.js +2 -0
  7. package/dist/agents/index.js.map +1 -1
  8. package/dist/benchmark/adapter.d.ts.map +1 -1
  9. package/dist/benchmark/adapter.js +4 -2
  10. package/dist/benchmark/adapter.js.map +1 -1
  11. package/dist/cache/store.d.ts.map +1 -1
  12. package/dist/cache/store.js +26 -2
  13. package/dist/cache/store.js.map +1 -1
  14. package/dist/cli/commands/local-review.d.ts +13 -2
  15. package/dist/cli/commands/local-review.d.ts.map +1 -1
  16. package/dist/cli/commands/local-review.js +164 -33
  17. package/dist/cli/commands/local-review.js.map +1 -1
  18. package/dist/cli/execution-plan.d.ts +118 -0
  19. package/dist/cli/execution-plan.d.ts.map +1 -0
  20. package/dist/cli/execution-plan.js +260 -0
  21. package/dist/cli/execution-plan.js.map +1 -0
  22. package/dist/config/schemas.d.ts +103 -21
  23. package/dist/config/schemas.d.ts.map +1 -1
  24. package/dist/config/schemas.js +177 -10
  25. package/dist/config/schemas.js.map +1 -1
  26. package/dist/config.d.ts +8 -3
  27. package/dist/config.d.ts.map +1 -1
  28. package/dist/config.js +15 -6
  29. package/dist/config.js.map +1 -1
  30. package/dist/main.d.ts.map +1 -1
  31. package/dist/main.js +79 -8
  32. package/dist/main.js.map +1 -1
  33. package/dist/phases/execute.d.ts +3 -0
  34. package/dist/phases/execute.d.ts.map +1 -1
  35. package/dist/phases/execute.js +17 -5
  36. package/dist/phases/execute.js.map +1 -1
  37. package/dist/phases/index.d.ts +1 -1
  38. package/dist/phases/index.d.ts.map +1 -1
  39. package/dist/phases/index.js +1 -1
  40. package/dist/phases/index.js.map +1 -1
  41. package/dist/phases/report.d.ts +28 -4
  42. package/dist/phases/report.d.ts.map +1 -1
  43. package/dist/phases/report.js +86 -36
  44. package/dist/phases/report.js.map +1 -1
  45. package/dist/report/ado.d.ts +2 -1
  46. package/dist/report/ado.d.ts.map +1 -1
  47. package/dist/report/ado.js +9 -5
  48. package/dist/report/ado.js.map +1 -1
  49. package/dist/report/finding-validator.d.ts +1 -4
  50. package/dist/report/finding-validator.d.ts.map +1 -1
  51. package/dist/report/finding-validator.js +23 -54
  52. package/dist/report/finding-validator.js.map +1 -1
  53. package/dist/report/framework-pattern-filter.d.ts +1 -1
  54. package/dist/report/framework-pattern-filter.d.ts.map +1 -1
  55. package/dist/report/framework-pattern-filter.js +114 -99
  56. package/dist/report/framework-pattern-filter.js.map +1 -1
  57. package/dist/report/github.d.ts +2 -1
  58. package/dist/report/github.d.ts.map +1 -1
  59. package/dist/report/github.js +9 -5
  60. package/dist/report/github.js.map +1 -1
  61. package/dist/report/terminal.d.ts +42 -4
  62. package/dist/report/terminal.d.ts.map +1 -1
  63. package/dist/report/terminal.js +36 -8
  64. package/dist/report/terminal.js.map +1 -1
  65. package/dist/report/user-suppressions.d.ts +74 -0
  66. package/dist/report/user-suppressions.d.ts.map +1 -0
  67. package/dist/report/user-suppressions.js +264 -0
  68. package/dist/report/user-suppressions.js.map +1 -0
  69. package/dist/security-logger.d.ts +1 -1
  70. package/dist/security-logger.js +1 -1
  71. package/package.json +7 -6
  72. package/dist/__tests__/hermetic-setup.d.ts +0 -55
  73. package/dist/__tests__/hermetic-setup.d.ts.map +0 -1
  74. package/dist/__tests__/hermetic-setup.js +0 -62
  75. package/dist/__tests__/hermetic-setup.js.map +0 -1
package/dist/report/finding-validator.js CHANGED
@@ -67,7 +67,7 @@ const CAUTIONARY_ADVICE_PATTERNS = [
67
67
  * If the combined message+suggestion contains any of these, the finding
68
68
  * is treated as a legitimate concern, not hedging advice.
69
69
  */
70
- const SECURITY_BLOCKLIST = /\b(?:sql|injection|xss|cross.?site|sanitiz|escap|authenti|authoriz|csrf|ssrf|path.?traversal|command.?inject|exec\s*\(|eval\s*\(|deseria|privilege|encrypt|password|credential|secret|vulnerab|exploit|attack|malicious|buffer.?overflow|bypass|jwt|token|signature|session|cors|cookie|rate.?limit(?:ing)?|redirect)\b/i;
70
+ const SECURITY_BLOCKLIST = /\b(?:sql|injection|xss|cross.?site|sanitiz\w*|escap\w*|authenti\w*|authoriz\w*|csrf|ssrf|path.?traversal|command.?inject|exec\s*\(|eval\s*\(|deseria\w*|privilege|encrypt|password|credential|secret|vulnerab\w*|exploit|attack|malicious|buffer.?overflow|bypass|jwt|token|signature|session|cors|cookie|rate.?limit(?:ing)?|redirect)\b/i;
71
71
  /**
72
72
  * Check if a suggestion is actionable (contains concrete guidance beyond dismissive language).
73
73
  */
@@ -395,54 +395,9 @@ export function validateNormalizedFindings(findings, lineResolver, diffFiles) {
395
395
  }
396
396
  }
397
397
  }
398
- // Pass 3: Self-contradiction detection (all findings that passed Pass 2)
399
- for (const result of results) {
400
- if (!result.valid)
401
- continue;
402
- if (result.finding.severity !== 'info')
403
- continue;
404
- // FR-015: Normalize Unicode before matching to prevent zero-width character bypass
405
- const normalizedMessage = normalizeUnicode(result.finding.message);
406
- const matchedPattern = DISMISSIVE_PATTERNS.find((p) => p.test(normalizedMessage));
407
- if (!matchedPattern)
408
- continue;
409
- const normalizedSuggestion = result.finding.suggestion
410
- ? normalizeUnicode(result.finding.suggestion)
411
- : undefined;
412
- if (hasActionableSuggestion(normalizedSuggestion))
413
- continue;
414
- result.valid = false;
415
- result.filterReason = `Self-contradicting: info severity with dismissive language (${matchedPattern.source})`;
416
- result.filterType = 'self_contradicting';
417
- stats.filteredBySelfContradiction++;
418
- console.log('[router] [finding-validator] [filtered:semantic]', {
419
- file: result.finding.file,
420
- line: result.finding.line,
421
- reason: result.filterReason,
422
- });
423
- }
424
- // Pass 3.5: Cautionary advice detection (same as in validateFindingsSemantics)
425
- for (const result of results) {
426
- if (!result.valid)
427
- continue;
428
- if (result.finding.severity !== 'info')
429
- continue;
430
- const combinedText = normalizeUnicode(result.finding.message + ' ' + (result.finding.suggestion ?? ''));
431
- const matchedCautionary = CAUTIONARY_ADVICE_PATTERNS.find((p) => p.test(combinedText));
432
- if (!matchedCautionary)
433
- continue;
434
- if (SECURITY_BLOCKLIST.test(combinedText))
435
- continue;
436
- result.valid = false;
437
- result.filterReason = `Cautionary advice: info severity with hedging language (${matchedCautionary.source}) and no security concern`;
438
- result.filterType = 'cautionary_advice';
439
- stats.filteredByCautionaryAdvice++;
440
- console.log('[router] [finding-validator] [filtered:cautionary]', {
441
- file: result.finding.file,
442
- line: result.finding.line,
443
- reason: result.filterReason,
444
- });
445
- }
398
+ // FR-018: Pass 3 (self-contradiction) and Pass 3.5 (cautionary advice) REMOVED.
399
+ // These are now handled exclusively by validateFindingsSemantics() (Stage 1).
400
+ // Stage 2 only performs diff-bound validation (classification + line validation).
446
401
  // Build final arrays
447
402
  const validFindings = [];
448
403
  const filtered = [];
@@ -487,10 +442,7 @@ export function normalizeAndValidateFindings(findings, diffFiles, platform) {
487
442
  /**
488
443
  * Validate and classify findings, filtering out invalid lines and self-contradicting findings.
489
444
  *
490
- * Three-pass validation:
491
- * 1. Classify each finding (inline, file-level, global, cross-file)
492
- * 2. Validate line numbers for inline findings
493
- * 3. Detect self-contradicting findings (info + dismissive + no suggestion)
445
+ * Runs both Stage 1 (semantic validation) and Stage 2 (diff-bound validation) in sequence.
494
446
  *
495
447
  * @deprecated Use validateFindingsSemantics() in processFindings and
496
448
  * validateNormalizedFindings() in platform reporters after normalization.
@@ -502,6 +454,23 @@ export function normalizeAndValidateFindings(findings, diffFiles, platform) {
502
454
  * @returns Validation summary with valid findings, filtered findings, and stats
503
455
  */
504
456
  export function validateFindings(findings, lineResolver, diffFiles) {
505
- return validateNormalizedFindings(findings, lineResolver, diffFiles);
457
+ // FR-018: Stage 1 semantic validation first (self-contradiction, cautionary advice),
458
+ // then Stage 2 diff-bound validation (classification, line validation).
459
+ const stage1 = validateFindingsSemantics(findings);
460
+ const stage2 = validateNormalizedFindings(stage1.validFindings, lineResolver, diffFiles);
461
+ // Merge stats from both stages
462
+ return {
463
+ validFindings: stage2.validFindings,
464
+ filtered: [...stage1.filtered, ...stage2.filtered],
465
+ stats: {
466
+ total: stage1.stats.total,
467
+ valid: stage2.stats.valid,
468
+ filteredByLine: stage2.stats.filteredByLine,
469
+ filteredBySelfContradiction: stage1.stats.filteredBySelfContradiction,
470
+ filteredByCautionaryAdvice: stage1.stats.filteredByCautionaryAdvice,
471
+ filteredByPRIntent: stage1.stats.filteredByPRIntent,
472
+ byClassification: stage2.stats.byClassification,
473
+ },
474
+ };
506
475
  }
507
476
  //# sourceMappingURL=finding-validator.js.map
package/dist/report/finding-validator.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"finding-validator.js","sourceRoot":"","sources":["../../src/report/finding-validator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EACxB,kBAAkB,EAClB,wBAAwB,GAIzB,MAAM,oBAAoB,CAAC;AA2C5B;;;;GAIG;AACH;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,oCAAoC,EAAE,EAAE,CAAC,CAAC;AAChE,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,mBAAmB,GAAa;IACpC,yBAAyB;IACzB,0BAA0B;IAC1B,mBAAmB;IACnB,uBAAuB;IACvB,qBAAqB;IACrB,0BAA0B;IAC1B,sBAAsB;IACtB,mBAAmB;IACnB,mBAAmB;CACpB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,MAAM,0BAA0B,GAAa;IAC3C,6DAA6D;IAC7D,4EAA4E;IAC5E,kEAAkE;IAClE,6DAA6D;CAC9D,CAAC;AAEF;;;;GAIG;AACH,MAAM,kBAAkB,GACtB,0TAA0T,CAAC;AAE7T;;GAEG;AACH,SAAS,uBAAuB,CAAC,UAA8B;IAC7D,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;IAClC,MAAM,mBAAmB,GAAG,mBAAmB,CAAC,GAAG,CACjD,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAC9C,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE5C,IAAI,mBAAmB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,QAAQ,GAAG,mBAAmB;SACjC,MAAM,CAAC,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,OAAO,CAAC;SAC1E,OAAO,CAAC,YAAY,EAAE,GAAG,CAAC;SAC1B,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;SACpB,IAAI,EAAE,CAAC;IAEV,OAAO,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED;;;GAGG;AACH,MAAM,iBAAiB,GAAG,mDAAmD,CAAC;AAE9E;;;GAGG;AACH,MAAM,6BAA6B,GAAG,IAAI,GAAG,CAAC;IAC5C,eAAe;IACf,OAAO;IACP,UAAU;IACV,aAAa;CACd,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,6BAA6B,GAA6B;IAC9D,GAAG,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;IACzB,MAAM,EAAE,CAAC,KAAK,EAAE,SAAS,CAAC;IAC1B,MAAM,EAAE,CAAC,QAAQ,EAAE,eAAe,CAAC;IACnC,QAAQ,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC7B,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,4BAA4B,CAC1C,QAAmB,EACnB,aAAqB,EACrB,mBAAmB,GAAG,IAAI;IAE1B,MAAM,QAAQ,GAA8B,EAAE,CAAC;IAE/C,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,OAAO,EAAE,SAAS,EAAE,CAAC,GAAG,QAAQ,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IACpD,CAAC;IAED,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACpD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,SAAS,EAAE,CAAC,GAAG,QAAQ,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IACpD,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAC5C,MAAM,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IACtD,MAAM,kBAAkB,GAAG,6BAA6B,CAAC,IAAI,CAAC,CAAC;IAE/D,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,OAAO,EAAE,SAAS,EAAE,CAAC,GAAG,QAAQ,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IACpD,CAAC;IAED,MAAM,SAAS,GAAc,EAAE,CAAC;IAEhC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,6BAA6B;QAC7B,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YAChC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxB,SAAS;QACX,CAAC;QAED,mGAAmG;QACnG,IAAI,QAAQ,GAAG,EAAE,CAAC;QAClB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;YAC1D,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC;gBAAE,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjD,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxB,SAAS;QACX,CAAC;QAED,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QAEnD,6EAA6E;QAC7E,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACtE,MAAM,eAAe,GACnB,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACxD,CAAC,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACzF,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxB,SAAS;QACX,CAAC;QAED,wDAAwD;QACxD,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QACtF,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxB,SAAS;QACX,CAAC;QAED,2CAA2C;QAC3C,OAAO,CAAC,GAAG,CAAC,mDAAmD,EAAE;YAC/D,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,QAAQ;YACR,MAAM,EAAE,IAAI;YACZ,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAC7B,iBAAiB,EAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC/E,cAAc,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;SAC9C,CAAC,CAAC;QAEH,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO;YACP,cAAc,EAAE,OAAO,CAAC,IAAI;gBAC1B,CAAC,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS;oBAC1B,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,YAAY;gBAChB,CAAC,CAAC,QAAQ;YACZ,KAAK,EAAE,KAAK;YACZ,YAAY,EAAE,qCAAqC,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,iCAAiC;YAChH,UAAU,EAAE,yBAAyB;SACtC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AACjC,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAmB,EACnB,aAAsB;IAEtB,MAAM,OAAO,GAA8B,EAAE,CAAC;IAC9C,MAAM,KAAK,GAAG;QACZ,KAAK,EAAE,QAAQ,CAAC,MAAM;QACtB,KAAK,EAAE,CAAC;QACR,cAAc,EAAE,CAAC;QACjB,2BAA2B,EAAE,CAAC;QAC9B,0BAA0B,EAAE,CAAC;QAC7B,kBAAkB,EAAE,CAAC;QACrB,gBAAgB,EAAE;YAChB,MAAM,EAAE,CAAC;YACT,YAAY,EAAE,CAAC;YACf,MAAM,EAAE,CAAC;YACT,YAAY,EAAE,CAAC;SACyB;KAC3C,CAAC;IAEF,mFAAmF;IACnF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,cAAqC,CAAC;QAE1C,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAClB,cAAc,GAAG,QAAQ,CAAC;QAC5B,CAAC;aAAM,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACtC,cAAc,GAAG,YAAY,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,cAAc,GAAG,QAAQ,CAAC;QAC5B,CAAC;QAED,KAAK,CAAC,gBAAgB,CAAC,cAAc,CAAC,EAAE,CAAC;QAEzC,OAAO,CAAC,IAAI,CAAC;YACX,OAAO;YACP,cAAc;YACd,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;IACL,CAAC;IAED,8EAA8E;IAE9E,uCAAuC;IACvC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,CAAC,MAAM,CAAC,KAAK;YAAE,SAAS;QAE5B,yDAAyD;QACzD,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,KAAK,MAAM;YAAE,SAAS;QAEjD,mFAAmF;QACnF,MAAM,iBAAiB,GAAG,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACnE,MAAM,cAAc,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;QAClF,IAAI,CAAC,cAAc;YAAE,SAAS;QAE9B,MAAM,oBAAoB,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU;YACpD,CAAC,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;YAC7C,CAAC,CAAC,SAAS,CAAC;QACd,IAAI,uBAAuB,CAAC,oBAAoB,CAAC;YAAE,SAAS;QAE5D,qEAAqE;QACrE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;QACrB,MAAM,CAAC,YAAY,GAAG,+DAA+D,cAAc,CAAC,MAAM,GAAG,CAAC;QAC9G,MAAM,CAAC,UAAU,GAAG,oBAAoB,CAAC;QACzC,KAAK,CAAC,2BAA2B,EAAE,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,kDAAkD,EAAE;YAC9D,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;YACzB,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;YACzB,MAAM,EAAE,MAAM,CAAC,YAAY;SAC5B,CAAC,CAAC;IACL,CAAC;IAED,wCAAwC;IACxC,oFAAoF;IACpF,gFAAgF;IAChF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,CAAC,MAAM,CAAC,KAAK;YAAE,SAAS;QAE5B,0DAA0D;QAC1D,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,KAAK,MAAM;YAAE,SAAS;QAEjD,MAAM,YAAY,GAAG,gBAAgB,CACnC,MAAM,CAAC,OAAO,CAAC,OAAO,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,IAAI,EAAE,CAAC,CACjE,CAAC;QAEF,iDAAiD;QACjD,MAAM,iBAAiB,GAAG,0BAA0B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QACvF,IAAI,CAAC,iBAAiB;YAAE,SAAS;QAEjC,kEAAkE;QAClE,IAAI,kBAAkB,CAAC,IAAI,CAAC,YAAY,CAAC;YAAE,SAAS;QAEpD,6DAA6D;QAC7D,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;QACrB,MAAM,CAAC,YAAY,GAAG,2DAA2D,iBAAiB,CAAC,MAAM,2BAA2B,CAAC;QACrI,MAAM,CAAC,UAAU,GAAG,mBAAmB,CAAC;QACxC,KAAK,CAAC,0BAA0B,EAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,oDAAoD,EAAE;YAChE,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;YACzB,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;YACzB,MAAM,EAAE,MAAM,CAAC,YAAY;SAC5B,CAAC,CAAC;IACL,CAAC;IAED,qBAAqB;IACrB,IAAI,aAAa,GAAc,EAAE,CAAC;IAClC,MAAM,QAAQ,GAA8B,EAAE,CAAC;IAE/C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACnC,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,0FAA0F;IAC1F,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,cAAc,GAAG,4BAA4B,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;QAClF,aAAa,GAAG,cAAc,CAAC,SAAS,CAAC;QACzC,KAAK,MAAM,CAAC,IAAI,cAAc,CAAC,QAAQ,EAAE,CAAC;YACxC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACjB,KAAK,CAAC,kBAAkB,EAAE,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;AAC5C,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,0BAA0B,CACxC,QAAmB,EACnB,YAAiC,EACjC,SAAoB;IAEpB,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;IAC7C,MAAM,OAAO,GAA8B,EAAE,CAAC;IAC9C,MAAM,KAAK,GAAG;QACZ,KAAK,EAAE,QAAQ,CAAC,MAAM;QACtB,KAAK,EAAE,CAAC;QACR,cAAc,EAAE,CAAC;QACjB,2BAA2B,EAAE,CAAC;QAC9B,0BAA0B,EAAE,CAAC;QAC7B,kBAAkB,EAAE,CAAC;QACrB,gBAAgB,EAAE;YAChB,MAAM,EAAE,CAAC;YACT,YAAY,EAAE,CAAC;YACf,MAAM,EAAE,CAAC;YACT,YAAY,EAAE,CAAC;SACyB;KAC3C,CAAC;IAEF,gCAAgC;IAChC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,cAAqC,CAAC;QAE1C,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAClB,cAAc,GAAG,QAAQ,CAAC;QAC5B,CAAC;aAAM,IAAI,WAAW,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAClE,cAAc,GAAG,YAAY,CAAC;YAC9B,OAAO,CAAC,GAAG,CAAC,uDAAuD,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QACrF,CAAC;aAAM,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACtC,cAAc,GAAG,YAAY,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,cAAc,GAAG,QAAQ,CAAC;QAC5B,CAAC;QAED,KAAK,CAAC,gBAAgB,CAAC,cAAc,CAAC,EAAE,CAAC;QAEzC,OAAO,CAAC,IAAI,CAAC;YACX,OAAO;YACP,cAAc;YACd,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;IACL,CAAC;IAED,iDAAiD;IACjD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,cAAc,KAAK,QAAQ,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC5E,MAAM,UAAU,GAAG,YAAY,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACvF,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;gBACtB,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;gBACrB,MAAM,CAAC,YAAY,GAAG,QAAQ,MAAM,CAAC,OAAO,CAAC,IAAI,0BAA0B,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjG,MAAM,CAAC,UAAU,GAAG,cAAc,CAAC;gBACnC,KAAK,CAAC,cAAc,EAAE,CAAC;gBACvB,OAAO,CAAC,GAAG,CAAC,qDAAqD,EAAE;oBACjE,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;oBACzB,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;oBACzB,MAAM,EAAE,MAAM,CAAC,YAAY;iBAC5B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,CAAC,MAAM,CAAC,KAAK;YAAE,SAAS;QAE5B,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,KAAK,MAAM;YAAE,SAAS;QAEjD,mFAAmF;QACnF,MAAM,iBAAiB,GAAG,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACnE,MAAM,cAAc,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;QAClF,IAAI,CAAC,cAAc;YAAE,SAAS;QAE9B,MAAM,oBAAoB,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU;YACpD,CAAC,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;YAC7C,CAAC,CAAC,SAAS,CAAC;QACd,IAAI,uBAAuB,CAAC,oBAAoB,CAAC;YAAE,SAAS;QAE5D,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;QACrB,MAAM,CAAC,YAAY,GAAG,+DAA+D,cAAc,CAAC,MAAM,GAAG,CAAC;QAC9G,MAAM,CAAC,UAAU,GAAG,oBAAoB,CAAC;QACzC,KAAK,CAAC,2BAA2B,EAAE,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,kDAAkD,EAAE;YAC9D,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;YACzB,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;YACzB,MAAM,EAAE,MAAM,CAAC,YAAY;SAC5B,CAAC,CAAC;IACL,CAAC;IAED,+EAA+E;IAC/E,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,CAAC,MAAM,CAAC,KAAK;YAAE,SAAS;QAC5B,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,KAAK,MAAM;YAAE,SAAS;QAEjD,MAAM,YAAY,GAAG,gBAAgB,CACnC,MAAM,CAAC,OAAO,CAAC,OAAO,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,IAAI,EAAE,CAAC,CACjE,CAAC;QAEF,MAAM,iBAAiB,GAAG,0BAA0B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QACvF,IAAI,CAAC,iBAAiB;YAAE,SAAS;QAEjC,IAAI,kBAAkB,CAAC,IAAI,CAAC,YAAY,CAAC;YAAE,SAAS;QAEpD,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;QACrB,MAAM,CAAC,YAAY,GAAG,2DAA2D,iBAAiB,CAAC,MAAM,2BAA2B,CAAC;QACrI,MAAM,CAAC,UAAU,GAAG,mBAAmB,CAAC;QACxC,KAAK,CAAC,0BAA0B,EAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,oDAAoD,EAAE;YAChE,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;YACzB,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;YACzB,MAAM,EAAE,MAAM,CAAC,YAAY;SAC5B,CAAC,CAAC;IACL,CAAC;IAED,qBAAqB;IACrB,MAAM,aAAa,GAAc,EAAE,CAAC;IACpC,MAAM,QAAQ,GAA8B,EAAE,CAAC;IAE/C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACnC,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;AAC5C,CAAC;AAkBD,MAAM,UAAU,4BAA4B,CAC1C,QAAmB,EACnB,SAAqB,EACrB,QAAgB;IAEhB,MAAM,cAAc,GAAG,qBAAqB,CAAC,SAAS,CAAC,CAAC;IACxD,MAAM,YAAY,GAAG,iBAAiB,CAAC,cAAc,CAAC,CAAC;IACvD,MAAM,mBAAmB,GAAG,wBAAwB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAE7E,IAAI,mBAAmB,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,IAAI,mBAAmB,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;QACtF,OAAO,CAAC,GAAG,CACT,IAAI,QAAQ,sBAAsB,mBAAmB,CAAC,KAAK,CAAC,KAAK,UAAU;YACzE,GAAG,mBAAmB,CAAC,KAAK,CAAC,UAAU,gBAAgB,mBAAmB,CAAC,KAAK,CAAC,OAAO,UAAU,CACrG,CAAC;IACJ,CAAC;IAED,MAAM,aAAa,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACxD,MAAM,YAAY,GAAG,0BAA0B,CAC7C,mBAAmB,CAAC,QAAQ,EAC5B,YAAY,EACZ,aAAa,CACd,CAAC;IAEF,IAAI,YAAY,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrC,OAAO,CAAC,GAAG,CACT,IAAI,QAAQ,yBAAyB,YAAY,CAAC,KAAK,CAAC,KAAK,UAAU;YACrE,GAAG,YAAY,CAAC,KAAK,CAAC,cAAc,qBAAqB;YACzD,GAAG,YAAY,CAAC,KAAK,CAAC,2BAA2B,uBAAuB;YACxE,GAAG,YAAY,CAAC,KAAK,CAAC,0BAA0B,oBAAoB,CACvE,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,kBAAkB,CACpC,mBAAmB,CAAC,KAAK,EACzB,mBAAmB,CAAC,cAAc,CACnC,CAAC;IAEF,MAAM,iBAAiB,GAAG,wBAAwB,CAChD,mBAAmB,CAAC,KAAK,EACzB,mBAAmB,CAAC,cAAc,CACnC,CAAC;IAEF,OAAO;QACL,iBAAiB,EAAE,YAAY,CAAC,aAAa;QAC7C,cAAc;QACd,WAAW;QACX,iBAAiB;QACjB,kBAAkB,EAAE,mBAAmB,CAAC,KAAK;QAC7C,cAAc,EAAE,mBAAmB,CAAC,cAAc;KACnD,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAAmB,EACnB,YAAiC,EACjC,SAAoB;IAEpB,OAAO,0BAA0B,CAAC,QAAQ,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;AACvE,CAAC"}
1
+ {"version":3,"file":"finding-validator.js","sourceRoot":"","sources":["../../src/report/finding-validator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EACxB,kBAAkB,EAClB,wBAAwB,GAIzB,MAAM,oBAAoB,CAAC;AA2C5B;;;;GAIG;AACH;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,oCAAoC,EAAE,EAAE,CAAC,CAAC;AAChE,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,mBAAmB,GAAa;IACpC,yBAAyB;IACzB,0BAA0B;IAC1B,mBAAmB;IACnB,uBAAuB;IACvB,qBAAqB;IACrB,0BAA0B;IAC1B,sBAAsB;IACtB,mBAAmB;IACnB,mBAAmB;CACpB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,MAAM,0BAA0B,GAAa;IAC3C,6DAA6D;IAC7D,4EAA4E;IAC5E,kEAAkE;IAClE,6DAA6D;CAC9D,CAAC;AAEF;;;;GAIG;AACH,MAAM,kBAAkB,GACtB,4UAA4U,CAAC;AAE/U;;GAEG;AACH,SAAS,uBAAuB,CAAC,UAA8B;IAC7D,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;IAClC,MAAM,mBAAmB,GAAG,mBAAmB,CAAC,GAAG,CACjD,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAC9C,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE5C,IAAI,mBAAmB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,QAAQ,GAAG,mBAAmB;SACjC,MAAM,CAAC,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,OAAO,CAAC;SAC1E,OAAO,CAAC,YAAY,EAAE,GAAG,CAAC;SAC1B,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;SACpB,IAAI,EAAE,CAAC;IAEV,OAAO,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED;;;GAGG;AACH,MAAM,iBAAiB,GAAG,mDAAmD,CAAC;AAE9E;;;GAGG;AACH,MAAM,6BAA6B,GAAG,IAAI,GAAG,CAAC;IAC5C,eAAe;IACf,OAAO;IACP,UAAU;IACV,aAAa;CACd,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,6BAA6B,GAA6B;IAC9D,GAAG,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;IACzB,MAAM,EAAE,CAAC,KAAK,EAAE,SAAS,CAAC;IAC1B,MAAM,EAAE,CAAC,QAAQ,EAAE,eAAe,CAAC;IACnC,QAAQ,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC7B,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,4BAA4B,CAC1C,QAAmB,EACnB,aAAqB,EACrB,mBAAmB,GAAG,IAAI;IAE1B,MAAM,QAAQ,GAA8B,EAAE,CAAC;IAE/C,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,OAAO,EAAE,SAAS,EAAE,CAAC,GAAG,QAAQ,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IACpD,CAAC;IAED,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACpD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,SAAS,EAAE,CAAC,GAAG,QAAQ,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IACpD,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAC5C,MAAM,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IACtD,MAAM,kBAAkB,GAAG,6BAA6B,CAAC,IAAI,CAAC,CAAC;IAE/D,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,OAAO,EAAE,SAAS,EAAE,CAAC,GAAG,QAAQ,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IACpD,CAAC;IAED,MAAM,SAAS,GAAc,EAAE,CAAC;IAEhC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,6BAA6B;QAC7B,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YAChC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxB,SAAS;QACX,CAAC;QAED,mGAAmG;QACnG,IAAI,QAAQ,GAAG,EAAE,CAAC;QAClB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;YAC1D,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC;gBAAE,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjD,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxB,SAAS;QACX,CAAC;QAED,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QAEnD,6EAA6E;QAC7E,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACtE,MAAM,eAAe,GACnB,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACxD,CAAC,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACzF,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxB,SAAS;QACX,CAAC;QAED,wDAAwD;QACxD,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QACtF,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxB,SAAS;QACX,CAAC;QAED,2CAA2C;QAC3C,OAAO,CAAC,GAAG,CAAC,mDAAmD,EAAE;YAC/D,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,QAAQ;YACR,MAAM,EAAE,IAAI;YACZ,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAC7B,iBAAiB,EAAE,kBAAkB,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC/E,cAAc,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;SAC9C,CAAC,CAAC;QAEH,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO;YACP,cAAc,EAAE,OAAO,CAAC,IAAI;gBAC1B,CAAC,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS;oBAC1B,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,YAAY;gBAChB,CAAC,CAAC,QAAQ;YACZ,KAAK,EAAE,KAAK;YACZ,YAAY,EAAE,qCAAqC,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,iCAAiC;YAChH,UAAU,EAAE,yBAAyB;SACtC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AACjC,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAmB,EACnB,aAAsB;IAEtB,MAAM,OAAO,GAA8B,EAAE,CAAC;IAC9C,MAAM,KAAK,GAAG;QACZ,KAAK,EAAE,QAAQ,CAAC,MAAM;QACtB,KAAK,EAAE,CAAC;QACR,cAAc,EAAE,CAAC;QACjB,2BAA2B,EAAE,CAAC;QAC9B,0BAA0B,EAAE,CAAC;QAC7B,kBAAkB,EAAE,CAAC;QACrB,gBAAgB,EAAE;YAChB,MAAM,EAAE,CAAC;YACT,YAAY,EAAE,CAAC;YACf,MAAM,EAAE,CAAC;YACT,YAAY,EAAE,CAAC;SACyB;KAC3C,CAAC;IAEF,mFAAmF;IACnF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,cAAqC,CAAC;QAE1C,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAClB,cAAc,GAAG,QAAQ,CAAC;QAC5B,CAAC;aAAM,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACtC,cAAc,GAAG,YAAY,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,cAAc,GAAG,QAAQ,CAAC;QAC5B,CAAC;QAED,KAAK,CAAC,gBAAgB,CAAC,cAAc,CAAC,EAAE,CAAC;QAEzC,OAAO,CAAC,IAAI,CAAC;YACX,OAAO;YACP,cAAc;YACd,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;IACL,CAAC;IAED,8EAA8E;IAE9E,uCAAuC;IACvC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,CAAC,MAAM,CAAC,KAAK;YAAE,SAAS;QAE5B,yDAAyD;QACzD,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,KAAK,MAAM;YAAE,SAAS;QAEjD,mFAAmF;QACnF,MAAM,iBAAiB,GAAG,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACnE,MAAM,cAAc,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;QAClF,IAAI,CAAC,cAAc;YAAE,SAAS;QAE9B,MAAM,oBAAoB,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU;YACpD,CAAC,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;YAC7C,CAAC,CAAC,SAAS,CAAC;QACd,IAAI,uBAAuB,CAAC,oBAAoB,CAAC;YAAE,SAAS;QAE5D,qEAAqE;QACrE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;QACrB,MAAM,CAAC,YAAY,GAAG,+DAA+D,cAAc,CAAC,MAAM,GAAG,CAAC;QAC9G,MAAM,CAAC,UAAU,GAAG,oBAAoB,CAAC;QACzC,KAAK,CAAC,2BAA2B,EAAE,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,kDAAkD,EAAE;YAC9D,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;YACzB,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;YACzB,MAAM,EAAE,MAAM,CAAC,YAAY;SAC5B,CAAC,CAAC;IACL,CAAC;IAED,wCAAwC;IACxC,oFAAoF;IACpF,gFAAgF;IAChF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,CAAC,MAAM,CAAC,KAAK;YAAE,SAAS;QAE5B,0DAA0D;QAC1D,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,KAAK,MAAM;YAAE,SAAS;QAEjD,MAAM,YAAY,GAAG,gBAAgB,CACnC,MAAM,CAAC,OAAO,CAAC,OAAO,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,IAAI,EAAE,CAAC,CACjE,CAAC;QAEF,iDAAiD;QACjD,MAAM,iBAAiB,GAAG,0BAA0B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QACvF,IAAI,CAAC,iBAAiB;YAAE,SAAS;QAEjC,kEAAkE;QAClE,IAAI,kBAAkB,CAAC,IAAI,CAAC,YAAY,CAAC;YAAE,SAAS;QAEpD,6DAA6D;QAC7D,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;QACrB,MAAM,CAAC,YAAY,GAAG,2DAA2D,iBAAiB,CAAC,MAAM,2BAA2B,CAAC;QACrI,MAAM,CAAC,UAAU,GAAG,mBAAmB,CAAC;QACxC,KAAK,CAAC,0BAA0B,EAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,oDAAoD,EAAE;YAChE,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;YACzB,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;YACzB,MAAM,EAAE,MAAM,CAAC,YAAY;SAC5B,CAAC,CAAC;IACL,CAAC;IAED,qBAAqB;IACrB,IAAI,aAAa,GAAc,EAAE,CAAC;IAClC,MAAM,QAAQ,GAA8B,EAAE,CAAC;IAE/C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACnC,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,0FAA0F;IAC1F,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,cAAc,GAAG,4BAA4B,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;QAClF,aAAa,GAAG,cAAc,CAAC,SAAS,CAAC;QACzC,KAAK,MAAM,CAAC,IAAI,cAAc,CAAC,QAAQ,EAAE,CAAC;YACxC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACjB,KAAK,CAAC,kBAAkB,EAAE,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;AAC5C,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,0BAA0B,CACxC,QAAmB,EACnB,YAAiC,EACjC,SAAoB;IAEpB,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;IAC7C,MAAM,OAAO,GAA8B,EAAE,CAAC;IAC9C,MAAM,KAAK,GAAG;QACZ,KAAK,EAAE,QAAQ,CAAC,MAAM;QACtB,KAAK,EAAE,CAAC;QACR,cAAc,EAAE,CAAC;QACjB,2BAA2B,EAAE,CAAC;QAC9B,0BAA0B,EAAE,CAAC;QAC7B,kBAAkB,EAAE,CAAC;QACrB,gBAAgB,EAAE;YAChB,MAAM,EAAE,CAAC;YACT,YAAY,EAAE,CAAC;YACf,MAAM,EAAE,CAAC;YACT,YAAY,EAAE,CAAC;SACyB;KAC3C,CAAC;IAEF,gCAAgC;IAChC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,cAAqC,CAAC;QAE1C,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAClB,cAAc,GAAG,QAAQ,CAAC;QAC5B,CAAC;aAAM,IAAI,WAAW,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAClE,cAAc,GAAG,YAAY,CAAC;YAC9B,OAAO,CAAC,GAAG,CAAC,uDAAuD,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QACrF,CAAC;aAAM,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACtC,cAAc,GAAG,YAAY,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,cAAc,GAAG,QAAQ,CAAC;QAC5B,CAAC;QAED,KAAK,CAAC,gBAAgB,CAAC,cAAc,CAAC,EAAE,CAAC;QAEzC,OAAO,CAAC,IAAI,CAAC;YACX,OAAO;YACP,cAAc;YACd,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;IACL,CAAC;IAED,iDAAiD;IACjD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,cAAc,KAAK,QAAQ,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC5E,MAAM,UAAU,GAAG,YAAY,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACvF,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;gBACtB,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;gBACrB,MAAM,CAAC,YAAY,GAAG,QAAQ,MAAM,CAAC,OAAO,CAAC,IAAI,0BAA0B,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjG,MAAM,CAAC,UAAU,GAAG,cAAc,CAAC;gBACnC,KAAK,CAAC,cAAc,EAAE,CAAC;gBACvB,OAAO,CAAC,GAAG,CAAC,qDAAqD,EAAE;oBACjE,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;oBACzB,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI;oBACzB,MAAM,EAAE,MAAM,CAAC,YAAY;iBAC5B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,gFAAgF;IAChF,8EAA8E;IAC9E,kFAAkF;IAElF,qBAAqB;IACrB,MAAM,aAAa,GAAc,EAAE,CAAC;IACpC,MAAM,QAAQ,GAA8B,EAAE,CAAC;IAE/C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACnC,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;AAC5C,CAAC;AAkBD,MAAM,UAAU,4BAA4B,CAC1C,QAAmB,EACnB,SAAqB,EACrB,QAAgB;IAEhB,MAAM,cAAc,GAAG,qBAAqB,CAAC,SAAS,CAAC,CAAC;IACxD,MAAM,YAAY,GAAG,iBAAiB,CAAC,cAAc,CAAC,CAAC;IACvD,MAAM,mBAAmB,GAAG,wBAAwB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAE7E,IAAI,mBAAmB,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,IAAI,mBAAmB,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;QACtF,OAAO,CAAC,GAAG,CACT,IAAI,QAAQ,sBAAsB,mBAAmB,CAAC,KAAK,CAAC,KAAK,UAAU;YACzE,GAAG,mBAAmB,CAAC,KAAK,CAAC,UAAU,gBAAgB,mBAAmB,CAAC,KAAK,CAAC,OAAO,UAAU,CACrG,CAAC;IACJ,CAAC;IAED,MAAM,aAAa,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACxD,MAAM,YAAY,GAAG,0BAA0B,CAC7C,mBAAmB,CAAC,QAAQ,EAC5B,YAAY,EACZ,aAAa,CACd,CAAC;IAEF,IAAI,YAAY,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrC,OAAO,CAAC,GAAG,CACT,IAAI,QAAQ,yBAAyB,YAAY,CAAC,KAAK,CAAC,KAAK,UAAU;YACrE,GAAG,YAAY,CAAC,KAAK,CAAC,cAAc,qBAAqB;YACzD,GAAG,YAAY,CAAC,KAAK,CAAC,2BAA2B,uBAAuB;YACxE,GAAG,YAAY,CAAC,KAAK,CAAC,0BAA0B,oBAAoB,CACvE,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,kBAAkB,CACpC,mBAAmB,CAAC,KAAK,EACzB,mBAAmB,CAAC,cAAc,CACnC,CAAC;IAEF,MAAM,iBAAiB,GAAG,wBAAwB,CAChD,mBAAmB,CAAC,KAAK,EACzB,mBAAmB,CAAC,cAAc,CACnC,CAAC;IAEF,OAAO;QACL,iBAAiB,EAAE,YAAY,CAAC,aAAa;QAC7C,cAAc;QACd,WAAW;QACX,iBAAiB;QACjB,kBAAkB,EAAE,mBAAmB,CAAC,KAAK;QAC7C,cAAc,EAAE,mBAAmB,CAAC,cAAc;KACnD,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAAmB,EACnB,YAAiC,EACjC,SAAoB;IAEpB,qFAAqF;IACrF,wEAAwE;IACxE,MAAM,MAAM,GAAG,yBAAyB,CAAC,QAAQ,CAAC,CAAC;IACnD,MAAM,MAAM,GAAG,0BAA0B,CAAC,MAAM,CAAC,aAAa,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;IAEzF,+BAA+B;IAC/B,OAAO;QACL,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,QAAQ,EAAE,CAAC,GAAG,MAAM,CAAC,QAAQ,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC;QAClD,KAAK,EAAE;YACL,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK;YACzB,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK;YACzB,cAAc,EAAE,MAAM,CAAC,KAAK,CAAC,cAAc;YAC3C,2BAA2B,EAAE,MAAM,CAAC,KAAK,CAAC,2BAA2B;YACrE,0BAA0B,EAAE,MAAM,CAAC,KAAK,CAAC,0BAA0B;YACnE,kBAAkB,EAAE,MAAM,CAAC,KAAK,CAAC,kBAAkB;YACnD,gBAAgB,EAAE,MAAM,CAAC,KAAK,CAAC,gBAAgB;SAChD;KACF,CAAC;AACJ,CAAC"}
package/dist/report/framework-pattern-filter.d.ts CHANGED
@@ -45,7 +45,7 @@ export interface FrameworkFilterSummary {
45
45
  * @param diffContent - Raw diff content for evidence validation
46
46
  * @returns Summary with suppressed/passed findings and diagnostic details
47
47
  */
48
- export declare function filterFrameworkConventionFindings(findings: Finding[], diffContent: string): FrameworkFilterSummary;
48
+ export declare function filterFrameworkConventionFindings(findings: Finding[], diffContent: string, disableMatchers?: string[]): FrameworkFilterSummary;
49
49
  /**
50
50
  * Get the list of valid findings (non-suppressed) from a filter summary.
51
51
  */
package/dist/report/framework-pattern-filter.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"framework-pattern-filter.d.ts","sourceRoot":"","sources":["../../src/report/framework-pattern-filter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAMlD,MAAM,WAAW,uBAAuB;IACtC,gCAAgC;IAChC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,0BAA0B;IAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,0EAA0E;IAC1E,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC;;;;OAIG;IACH,iBAAiB,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,KAAK,OAAO,CAAC;IACtE,0DAA0D;IAC1D,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;CACpC;AAED,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,OAAO,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,qBAAqB,EAAE,CAAC;CAClC;AAqnBD;;;;;;;GAOG;AACH,wBAAgB,iCAAiC,CAC/C,QAAQ,EAAE,OAAO,EAAE,EACnB,WAAW,EAAE,MAAM,GAClB,sBAAsB,CAuCxB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,sBAAsB,GAAG,OAAO,EAAE,CAE3E"}
1
+ {"version":3,"file":"framework-pattern-filter.d.ts","sourceRoot":"","sources":["../../src/report/framework-pattern-filter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAMlD,MAAM,WAAW,uBAAuB;IACtC,gCAAgC;IAChC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,0BAA0B;IAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,0EAA0E;IAC1E,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC;;;;OAIG;IACH,iBAAiB,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,KAAK,OAAO,CAAC;IACtE,0DAA0D;IAC1D,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;CACpC;AAED,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,OAAO,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,qBAAqB,EAAE,CAAC;CAClC;AAwpBD;;;;;;;GAOG;AACH,wBAAgB,iCAAiC,CAC/C,QAAQ,EAAE,OAAO,EAAE,EACnB,WAAW,EAAE,MAAM,EACnB,eAAe,GAAE,MAAM,EAAO,GAC7B,sBAAsB,CA+CxB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,sBAAsB,GAAG,OAAO,EAAE,CAE3E"}
package/dist/report/framework-pattern-filter.js CHANGED
@@ -65,6 +65,33 @@ function extractLinesNearFinding(diffSection, findingLine, windowSize = 10) {
65
65
  }
66
66
  return result;
67
67
  }
68
+ /**
69
+ * Extract nearby context from a diff for a finding.
70
+ * Replaces the 4-line boilerplate pattern used in 8 of 9 matchers.
71
+ * Returns null if the finding's file is not found in the diff.
72
+ */
73
+ function extractNearbyContext(finding, diffContent, windowSize = 10) {
74
+ const fileSection = extractFileDiffSection(finding, diffContent);
75
+ if (!fileSection)
76
+ return null;
77
+ const nearbyLines = extractLinesNearFinding(fileSection, finding.line, windowSize);
78
+ const nearbyText = nearbyLines.join('\n');
79
+ return { fileSection, nearbyLines, nearbyText };
80
+ }
81
+ /**
82
+ * Build a RegExp that matches a word-bounded variable name followed by a suffix.
83
+ * Validates that varName contains only word characters to prevent regex injection.
84
+ * SAFETY: All call sites extract varName from \w+ regex matches.
85
+ */
86
+ function boundedVarPattern(varName, suffix) {
87
+ // eslint-disable-next-line security/detect-non-literal-regexp
88
+ return new RegExp('\\b' + varName + suffix);
89
+ }
90
+ /**
91
+ * Matches server-side HTTP response output calls: res.send(), res.write(), res.end().
92
+ * Extracted from 4 duplicate inline regexes across the error-object-xss matcher.
93
+ */
94
+ const RES_RESPONSE_SINK = /\bres\s*\.\s*(?:send|write|end)\s*\(/;
68
95
  // =============================================================================
69
96
  // Closed Matcher Table — DEFAULT DENY
70
97
  // Only these 9 matchers. No additions without spec change.
@@ -76,25 +103,21 @@ const FRAMEWORK_MATCHERS = [
76
103
  name: 'Express Error Middleware',
77
104
  messagePattern: /unused.*param|declared\s+but\s+never\s+referenced|dead\s+code.*never\s+called|parameter\s+not\s+referenced/i,
78
105
  evidenceValidator(finding, diffContent) {
79
- const fileSection = extractFileDiffSection(finding, diffContent);
80
- if (!fileSection)
106
+ const ctx = extractNearbyContext(finding, diffContent, 5);
107
+ if (!ctx)
81
108
  return false;
82
109
  // Must have a 4-parameter function near the finding line
83
110
  // Express error middleware signature: (err, req, res, next) or variants
84
- const nearbyLines = extractLinesNearFinding(fileSection, finding.line, 5);
85
- const nearbyText = nearbyLines.join('\n');
86
- // Match 4-param function: (param1, param2, param3, param4) with optional type annotations
87
111
  const fourParamPattern = /\(\s*\w+\s*(?::\s*[^,)]+)?\s*,\s*\w+\s*(?::\s*[^,)]+)?\s*,\s*\w+\s*(?::\s*[^,)]+)?\s*,\s*\w+\s*(?::\s*[^,)]+)?\s*\)/;
88
- const hasFourParams = fourParamPattern.test(nearbyText);
89
- if (!hasFourParams)
112
+ if (!fourParamPattern.test(ctx.nearbyText))
90
113
  return false;
91
114
  // At least one Express indicator required (in the file section):
92
115
  // - .use() middleware registration call
93
116
  // - import from 'express' package
94
117
  // - Express type annotations (Request, Response, NextFunction, ErrorRequestHandler)
95
- const hasUseCall = /\.use\s*\(/.test(fileSection);
96
- const hasExpressImport = /from\s+['"]express['"]/.test(fileSection);
97
- const hasExpressTypes = /:\s*(?:Request|Response|NextFunction|ErrorRequestHandler)\b/.test(nearbyText);
118
+ const hasUseCall = /\.use\s*\(/.test(ctx.fileSection);
119
+ const hasExpressImport = /from\s+['"]express['"]/.test(ctx.fileSection);
120
+ const hasExpressTypes = /:\s*(?:Request|Response|NextFunction|ErrorRequestHandler)\b/.test(ctx.nearbyText);
98
121
  return hasUseCall || hasExpressImport || hasExpressTypes;
99
122
  },
100
123
  suppressionReason: 'Express 4-param error middleware — unused params required by framework',
@@ -122,14 +145,12 @@ const FRAMEWORK_MATCHERS = [
122
145
  name: 'Exhaustive Switch',
123
146
  messagePattern: /missing.*case|unhandled.*case|default.*unreachable/i,
124
147
  evidenceValidator(finding, diffContent) {
125
- const fileSection = extractFileDiffSection(finding, diffContent);
126
- if (!fileSection)
148
+ const ctx = extractNearbyContext(finding, diffContent, 8);
149
+ if (!ctx)
127
150
  return false;
128
151
  // Scan near finding line for assertNever( or exhaustive throw
129
- const nearbyLines = extractLinesNearFinding(fileSection, finding.line, 8);
130
- const nearbyText = nearbyLines.join('\n');
131
- const hasAssertNever = /assertNever\s*\(/.test(nearbyText);
132
- const hasExhaustiveThrow = /throw\s+new\s+\w*[Ee]rror\s*\(\s*['"`].*(?:exhaustive|unreachable|unexpected)/i.test(nearbyText);
152
+ const hasAssertNever = /assertNever\s*\(/.test(ctx.nearbyText);
153
+ const hasExhaustiveThrow = /throw\s+new\s+\w*[Ee]rror\s*\(\s*['"`].*(?:exhaustive|unreachable|unexpected)/i.test(ctx.nearbyText);
133
154
  return hasAssertNever || hasExhaustiveThrow;
134
155
  },
135
156
  suppressionReason: 'Exhaustive switch with assertNever/throw — all cases handled at compile time',
@@ -140,19 +161,17 @@ const FRAMEWORK_MATCHERS = [
140
161
  name: 'React Query Advisory',
141
162
  messagePattern: /duplicate|double.?fetch|redundant.*query|multiple.*useQuery|(?:verify|ensure|validate).*(?:endpoint|api|fetch).*(?:return|format|response|error|handle)|missing.*error.*handling.*(?:fetch|query|useQuery)|error.?handling.*(?:useQuery|useSWR)/i,
142
163
  evidenceValidator(finding, diffContent) {
143
- const fileSection = extractFileDiffSection(finding, diffContent);
144
- if (!fileSection)
164
+ const ctx = extractNearbyContext(finding, diffContent, 10);
165
+ if (!ctx)
145
166
  return false;
146
167
  // Evidence 1: Query library import in file section
147
- const hasQueryImport = /from\s+['"]@tanstack\/react-query['"]/.test(fileSection) ||
148
- /from\s+['"]swr['"]/.test(fileSection) ||
149
- /from\s+['"]@apollo\/client['"]/.test(fileSection);
168
+ const hasQueryImport = /from\s+['"]@tanstack\/react-query['"]/.test(ctx.fileSection) ||
169
+ /from\s+['"]swr['"]/.test(ctx.fileSection) ||
170
+ /from\s+['"]@apollo\/client['"]/.test(ctx.fileSection);
150
171
  if (!hasQueryImport)
151
172
  return false;
152
173
  // Evidence 2: Query hook call near the finding line
153
- const nearbyLines = extractLinesNearFinding(fileSection, finding.line, 10);
154
- const nearbyText = nearbyLines.join('\n');
155
- const hasQueryHook = /\b(useQuery|useSWR|useInfiniteQuery)\s*\(/.test(nearbyText);
174
+ const hasQueryHook = /\b(useQuery|useSWR|useInfiniteQuery)\s*\(/.test(ctx.nearbyText);
156
175
  if (!hasQueryHook)
157
176
  return false;
158
177
  // Evidence 3: Exclude raw HTTP findings (not about library dedup)
@@ -172,7 +191,7 @@ const FRAMEWORK_MATCHERS = [
172
191
  const errorBindings = [];
173
192
  // Match shorthand `{ ..., error, ... }` or `{ ..., isError, ... }`
174
193
  // and aliased `{ ..., error: NAME, ... }` or `{ ..., isError: NAME, ... }`
175
- const destructuringBlock = nearbyText.match(/\{\s*([^}]*\b(?:error|isError)\b[^}]*)\}/);
194
+ const destructuringBlock = ctx.nearbyText.match(/\{\s*([^}]*\b(?:error|isError)\b[^}]*)\}/);
176
195
  if (!destructuringBlock?.[1])
177
196
  return false;
178
197
  const blockContent = destructuringBlock[1];
@@ -203,12 +222,12 @@ const FRAMEWORK_MATCHERS = [
203
222
  const hasErrorUsage = errorBindings.some((binding) => {
204
223
  // eslint-disable-next-line security/detect-non-literal-regexp
205
224
  const ifCheck = new RegExp('\\bif\\s*\\(\\s*' + binding + '\\b');
206
- // eslint-disable-next-line security/detect-non-literal-regexp
207
- const shortCircuit = new RegExp('\\b' + binding + '\\s*&&');
225
+ const shortCircuit = boundedVarPattern(binding, '\\s*&&');
208
226
  // Ternary: `binding ? ... : ...` — must exclude optional chaining `binding?.`
209
- // eslint-disable-next-line security/detect-non-literal-regexp
210
- const ternary = new RegExp('\\b' + binding + '\\s*\\?(?!\\.)');
211
- return (ifCheck.test(nearbyText) || shortCircuit.test(nearbyText) || ternary.test(nearbyText));
227
+ const ternary = boundedVarPattern(binding, '\\s*\\?(?!\\.)');
228
+ return (ifCheck.test(ctx.nearbyText) ||
229
+ shortCircuit.test(ctx.nearbyText) ||
230
+ ternary.test(ctx.nearbyText));
212
231
  });
213
232
  if (!hasErrorUsage)
214
233
  return false;
@@ -223,20 +242,18 @@ const FRAMEWORK_MATCHERS = [
223
242
  name: 'Promise.allSettled Convention',
224
243
  messagePattern: /allSettled.*(?:order|sequence|reject|unhandled|error.?handling|silent)|(?:order|sequence).*allSettled|(?:unhandled|missing|silent).*(?:reject|error|exception).*(?:promise|settled)|allSettled.*results.*not.*(?:match|correspond|align)|(?:additional|need).*error.*handling.*(?:promise|fetch|request|response|processing)|verify.*(?:fetch|request).*(?:error|handling|additional|response)/i,
225
244
  evidenceValidator(finding, diffContent) {
226
- const fileSection = extractFileDiffSection(finding, diffContent);
227
- if (!fileSection)
245
+ const ctx = extractNearbyContext(finding, diffContent, 10);
246
+ if (!ctx)
228
247
  return false;
229
248
  // Evidence 1: Promise.allSettled call near the finding line (not just file-wide)
230
- const nearbyLines = extractLinesNearFinding(fileSection, finding.line, 10);
231
- const nearbyText = nearbyLines.join('\n');
232
- if (!/Promise\.allSettled\s*\(/.test(nearbyText))
249
+ if (!/Promise\.allSettled\s*\(/.test(ctx.nearbyText))
233
250
  return false;
234
251
  // Evidence 2+3: Iteration and .status must be BOUND to the allSettled result variable.
235
252
  // Unscoped checks (any .forEach + any .status in nearbyText) allow false suppression
236
253
  // when unrelated iteration or HTTP .status references exist nearby.
237
254
  // Step 2a: Extract the result variable name.
238
255
  // Primary: `const/let/var X = await Promise.allSettled(...)`
239
- const allSettledVarMatch = nearbyText.match(/\b(?:const|let|var)\s+(\w+)\s*=\s*await\s+Promise\.allSettled\s*\(/);
256
+ const allSettledVarMatch = ctx.nearbyText.match(/\b(?:const|let|var)\s+(\w+)\s*=\s*await\s+Promise\.allSettled\s*\(/);
240
257
  let varName = allSettledVarMatch?.[1];
241
258
  // Fallback: `.then()` chain — `Promise.allSettled(...).then((X) => ...)` or
242
259
  // `.then(X => ...)` or `.then(function(X) { ... })`.
@@ -249,7 +266,7 @@ const FRAMEWORK_MATCHERS = [
249
266
  // - named function reference: `.then(handleResults)`
250
267
  // - generator patterns
251
268
  if (!varName) {
252
- const thenMatch = nearbyText.match(/Promise\.allSettled\s*\([\s\S]*?\)\.then\s*\(\s*(?:function\s*\(\s*(\w+)|(\w+)\s*=>|\(\s*(\w+)\s*\)\s*=>)/);
269
+ const thenMatch = ctx.nearbyText.match(/Promise\.allSettled\s*\([\s\S]*?\)\.then\s*\(\s*(?:function\s*\(\s*(\w+)|(\w+)\s*=>|\(\s*(\w+)\s*\)\s*=>)/);
253
270
  varName = thenMatch?.[1] ?? thenMatch?.[2] ?? thenMatch?.[3];
254
271
  }
255
272
  if (!varName)
@@ -266,36 +283,31 @@ const FRAMEWORK_MATCHERS = [
266
283
  '|\\b' +
267
284
  varName +
268
285
  '\\s*\\[');
269
- if (!iterationPattern.test(nearbyText))
286
+ if (!iterationPattern.test(ctx.nearbyText))
270
287
  return false;
271
288
  // Step 2c: .status check must appear on the iteration callback parameter,
272
289
  // not on an unrelated variable. Extract the callback/loop variable name
273
290
  // and require PARAM.status in nearbyText.
274
291
  let hasStatusCheck = false;
275
292
  // Pattern A: VARNAME.forEach((PARAM, ...) => { ... PARAM.status ... })
276
- const forEachParamMatch = nearbyText.match(
277
- // eslint-disable-next-line security/detect-non-literal-regexp
278
- new RegExp('\\b' + varName + '\\s*\\.\\s*forEach\\s*\\(\\s*(?:\\(\\s*)?(\\w+)'));
293
+ const forEachParamMatch = ctx.nearbyText.match(boundedVarPattern(varName, '\\s*\\.\\s*forEach\\s*\\(\\s*(?:\\(\\s*)?(\\w+)'));
279
294
  if (forEachParamMatch?.[1]) {
280
295
  const cbParam = forEachParamMatch[1];
281
- // eslint-disable-next-line security/detect-non-literal-regexp
282
- hasStatusCheck = new RegExp('\\b' + cbParam + '\\.status\\b').test(nearbyText);
296
+ hasStatusCheck = boundedVarPattern(cbParam, '\\.status\\b').test(ctx.nearbyText);
283
297
  }
284
298
  // Pattern B: for (const LOOPVAR of VARNAME) { ... LOOPVAR.status ... }
285
299
  if (!hasStatusCheck) {
286
- const forOfMatch = nearbyText.match(
300
+ const forOfMatch = ctx.nearbyText.match(
287
301
  // eslint-disable-next-line security/detect-non-literal-regexp
288
302
  new RegExp('for\\s*\\(\\s*(?:const|let|var)\\s+(\\w+)\\s+of\\s+' + varName + '\\b'));
289
303
  if (forOfMatch?.[1]) {
290
304
  const loopVar = forOfMatch[1];
291
- // eslint-disable-next-line security/detect-non-literal-regexp
292
- hasStatusCheck = new RegExp('\\b' + loopVar + '\\.status\\b').test(nearbyText);
305
+ hasStatusCheck = boundedVarPattern(loopVar, '\\.status\\b').test(ctx.nearbyText);
293
306
  }
294
307
  }
295
308
  // Pattern C: indexed access VARNAME[i].status
296
309
  if (!hasStatusCheck) {
297
- // eslint-disable-next-line security/detect-non-literal-regexp
298
- hasStatusCheck = new RegExp('\\b' + varName + '\\s*\\[\\w+\\]\\s*\\.\\s*status\\b').test(nearbyText);
310
+ hasStatusCheck = boundedVarPattern(varName, '\\s*\\[\\w+\\]\\s*\\.\\s*status\\b').test(ctx.nearbyText);
299
311
  }
300
312
  if (!hasStatusCheck)
301
313
  return false;
@@ -309,14 +321,13 @@ const FRAMEWORK_MATCHERS = [
309
321
  name: 'Safe Local File Read',
310
322
  messagePattern: /path.*traversal|directory.*traversal|local.*file.*read|file.*inclusion|readFileSync.*block|synchronous.*file.*read|block.*event.*loop.*(?:read|file)/i,
311
323
  evidenceValidator(finding, diffContent) {
312
- const fileSection = extractFileDiffSection(finding, diffContent);
313
- if (!fileSection)
324
+ const ctx = extractNearbyContext(finding, diffContent, 10);
325
+ if (!ctx)
314
326
  return false;
315
- const nearbyLines = extractLinesNearFinding(fileSection, finding.line, 10);
316
327
  // Single-line only: check each line individually (per FR-011 scope limitation)
317
328
  const canonicalPattern = /path\.(join|resolve)\s*\(\s*(?:__dirname|__filename|import\.meta\.(?:dirname|filename|url))\s*(?:,\s*(['"])[^'"]*\2\s*)*\)/;
318
329
  let match = null;
319
- for (const line of nearbyLines) {
330
+ for (const line of ctx.nearbyLines) {
320
331
  match = canonicalPattern.exec(line);
321
332
  if (match)
322
333
  break;
@@ -360,16 +371,15 @@ const FRAMEWORK_MATCHERS = [
360
371
  // Require that at least one nearby line is a module-top-level declaration
361
372
  // (starts with at most 2 spaces of indentation followed by const/let/var/export).
362
373
  // Lines indented ≥4 spaces are inside a function body (not top-level).
363
- const hasTopLevelDecl = nearbyLines.some((l) => /^\s{0,2}(?:export\s+)?(?:const|let|var)\s+\w+\s*=/.test(l));
374
+ const hasTopLevelDecl = ctx.nearbyLines.some((l) => /^\s{0,2}(?:export\s+)?(?:const|let|var)\s+\w+\s*=/.test(l));
364
375
  if (!hasTopLevelDecl)
365
376
  return false;
366
377
  // Reject if a request-handler, middleware, or event-listener pattern appears
367
378
  // anywhere within the ±10-line window (nearbyText).
368
- const nearbyText = nearbyLines.join('\n');
369
- if (/\b(?:app|router)\s*\.\s*(?:get|post|put|patch|delete|use|all)\s*\(/.test(nearbyText) ||
370
- /\.on\s*\(\s*['"]/.test(nearbyText) ||
371
- /addEventListener\s*\(/.test(nearbyText) ||
372
- /(?:req|request)\s*,\s*(?:res|response)\s*[,)]/.test(nearbyText))
379
+ if (/\b(?:app|router)\s*\.\s*(?:get|post|put|patch|delete|use|all)\s*\(/.test(ctx.nearbyText) ||
380
+ /\.on\s*\(\s*['"]/.test(ctx.nearbyText) ||
381
+ /addEventListener\s*\(/.test(ctx.nearbyText) ||
382
+ /(?:req|request)\s*,\s*(?:res|response)\s*[,)]/.test(ctx.nearbyText))
373
383
  return false;
374
384
  }
375
385
  return true;
@@ -382,24 +392,19 @@ const FRAMEWORK_MATCHERS = [
382
392
  name: 'Exhaustive Type-Narrowed Switch',
383
393
  messagePattern: /missing.*(?:case|default)|no.*default|add.*default|non-?exhaustive/i,
384
394
  evidenceValidator(finding, diffContent) {
385
- const fileSection = extractFileDiffSection(finding, diffContent);
386
- if (!fileSection)
395
+ const ctx = extractNearbyContext(finding, diffContent, 10);
396
+ if (!ctx)
387
397
  return false;
388
- const nearbyLines = extractLinesNearFinding(fileSection, finding.line, 10);
389
- const nearbyText = nearbyLines.join('\n');
390
398
  // Evidence 1: switch target must be a simple identifier (not a property access).
391
399
  // Property-access targets like switch(node.type) or switch(event.kind) cannot
392
400
  // have their type proven from a local annotation — fail open (do not suppress).
393
- const switchTargetMatch = nearbyText.match(/\bswitch\s*\((\w+)\)/);
394
- if (!switchTargetMatch)
401
+ const switchTargetMatch = ctx.nearbyText.match(/\bswitch\s*\((\w+)\)/);
402
+ if (!switchTargetMatch?.[1])
395
403
  return false;
396
404
  const varName = switchTargetMatch[1];
397
405
  // Safety constraint: reject if the switch target variable is typed as string or number.
398
406
  // A string/number-typed switch is inherently open-domain — not exhaustive.
399
- // SAFETY: varName is from \w+ match — only [a-zA-Z0-9_], no regex special chars.
400
- // eslint-disable-next-line security/detect-non-literal-regexp
401
- const varPrimitivePattern = new RegExp('\\b' + varName + '\\s*:\\s*(?:string|number)\\b');
402
- if (varPrimitivePattern.test(nearbyText))
407
+ if (boundedVarPattern(varName, '\\s*:\\s*(?:string|number)\\b').test(ctx.nearbyText))
403
408
  return false;
404
409
  // Evidence 2: the switch variable must have a named type annotation (PascalCase),
405
410
  // and that exact named type must be declared as a string-literal union in the
@@ -408,10 +413,7 @@ const FRAMEWORK_MATCHERS = [
408
413
  //
409
414
  // Step 2a: extract the type name from the variable's annotation in ±10 lines.
410
415
  // e.g., `function f(theme: Theme)` → typeName = 'Theme'
411
- // SAFETY: varName is from \w+ match — only [a-zA-Z0-9_], no regex special chars.
412
- // eslint-disable-next-line security/detect-non-literal-regexp
413
- const varTypePattern = new RegExp('\\b' + varName + '\\s*:\\s*([A-Z][\\w]*)');
414
- const typeNameMatch = nearbyText.match(varTypePattern);
416
+ const typeNameMatch = ctx.nearbyText.match(boundedVarPattern(varName, '\\s*:\\s*([A-Z][\\w]*)'));
415
417
  if (!typeNameMatch?.[1])
416
418
  return false; // no visible annotation → cannot prove union
417
419
  const typeName = typeNameMatch[1];
@@ -421,7 +423,7 @@ const FRAMEWORK_MATCHERS = [
421
423
  // SAFETY: typeName is from [A-Z][\w]* match — only [a-zA-Z0-9_], no regex special chars.
422
424
  // eslint-disable-next-line security/detect-non-literal-regexp
423
425
  const unionDeclarationPattern = new RegExp('\\btype\\s+' + typeName + '\\s*=\\s*((?:[\'"][^\'"]+[\'"]\\s*\\|?\\s*)+)');
424
- const unionMatch = fileSection.match(unionDeclarationPattern);
426
+ const unionMatch = ctx.fileSection.match(unionDeclarationPattern);
425
427
  if (!unionMatch?.[1])
426
428
  return false;
427
429
  // Step 2c: verify every union member VALUE has a corresponding case branch.
@@ -434,7 +436,7 @@ const FRAMEWORK_MATCHERS = [
434
436
  // Extract raw string values (without quotes) from union members
435
437
  const unionMemberValues = unionMemberQuoted.map((m) => m.slice(1, -1));
436
438
  // Extract raw string values from case branches (deduplicated via Set)
437
- const caseBranchMatches = nearbyText.match(/\bcase\s+['"]([^'"]+)['"]\s*:/g) ?? [];
439
+ const caseBranchMatches = ctx.nearbyText.match(/\bcase\s+['"]([^'"]+)['"]\s*:/g) ?? [];
438
440
  const caseValues = new Set(caseBranchMatches.map((m) => {
439
441
  const val = m.match(/['"]([^'"]+)['"]/);
440
442
  return val?.[1] ?? '';
@@ -453,45 +455,53 @@ const FRAMEWORK_MATCHERS = [
453
455
  name: 'Error Object XSS',
454
456
  messagePattern: /(?:xss|inject).*(?:error|err)\b.*(?:message|\.message)|(?:error|err)\b.*(?:message|\.message).*(?:xss|inject|innerHTML|template)|(?:xss|inject).*error.*(?:directly|message)|error\s+message.*(?:xss|inject|innerHTML)/i,
455
457
  evidenceValidator(finding, diffContent) {
456
- const fileSection = extractFileDiffSection(finding, diffContent);
457
- if (!fileSection)
458
+ const ctx = extractNearbyContext(finding, diffContent, 10);
459
+ if (!ctx)
458
460
  return false;
459
- const nearbyLines = extractLinesNearFinding(fileSection, finding.line, 10);
460
- const nearbyText = nearbyLines.join('\n');
461
461
  // MANDATORY: catch clause visible (structural proof of error origin)
462
462
  // No naming heuristics, no function-name matching (security-engineer mandate)
463
- if (!/\bcatch\s*\(\s*\w+/.test(nearbyText))
463
+ if (!/\bcatch\s*\(\s*\w+/.test(ctx.nearbyText))
464
464
  return false;
465
465
  // MANDATORY: error.message usage visible (the flagged construct)
466
- if (!/\.\s*message\b/.test(nearbyText))
466
+ if (!/\.\s*message\b/.test(ctx.nearbyText))
467
467
  return false;
468
468
  // REJECT: error constructed from user input or external API data.
469
469
  // Errors built from req.body, query params, or external input can contain
470
470
  // attacker-controlled data — suppression would hide real XSS.
471
- if (/new\s+(?:\w+)?Error\s*\(\s*(?:req\.|request\.|body\.|params\.|query\.|input\.|data\.|payload\.)/.test(nearbyText))
471
+ if (/new\s+(?:\w+)?Error\s*\(\s*(?:req\.|request\.|body\.|params\.|query\.|input\.|data\.|payload\.)/.test(ctx.nearbyText))
472
472
  return false;
473
473
  // REJECT: direct DOM manipulation (browser-side sinks)
474
- if (/\.innerHTML\s*=|\.outerHTML\s*=|document\.write\s*\(|insertAdjacentHTML\s*\(/.test(nearbyText))
474
+ if (/\.innerHTML\s*=|\.outerHTML\s*=|document\.write\s*\(|insertAdjacentHTML\s*\(/.test(ctx.nearbyText))
475
475
  return false;
476
476
  // REJECT: React dangerouslySetInnerHTML (always renders raw HTML)
477
- if (/dangerouslySetInnerHTML/.test(nearbyText))
477
+ if (/dangerouslySetInnerHTML/.test(ctx.nearbyText))
478
478
  return false;
479
479
  // REJECT: server-side HTTP response sinks that render error.message as HTML.
480
480
  // Only triggers when BOTH a response output call AND .message appear within
481
481
  // the same ±10-line window (nearbyText), proving the error data flows into
482
482
  // the response. Plain-text responses (res.send(err.message) without HTML
483
483
  // markup) are excluded by requiring an HTML indicator (< or template literal).
484
- if (/\bres\s*\.\s*(?:send|write|end)\s*\(/.test(nearbyText)) {
484
+ if (RES_RESPONSE_SINK.test(ctx.nearbyText)) {
485
485
  // Check for HTML evidence: template literal with tags, or string with '<'
486
- const hasHtmlInResponse = /\bres\s*\.\s*(?:send|write|end)\s*\(\s*`[^`]*</.test(nearbyText) ||
487
- /\bres\s*\.\s*(?:send|write|end)\s*\([^)]*['"][^'"]*</.test(nearbyText) ||
488
- /\bres\s*\.\s*(?:send|write|end)\s*\([^)]*\+[^)]*['"]?\s*</.test(nearbyText);
486
+ const hasHtmlInResponse = /\bres\s*\.\s*(?:send|write|end)\s*\(\s*`[^`]*</.test(ctx.nearbyText) ||
487
+ /\bres\s*\.\s*(?:send|write|end)\s*\([^)]*['"][^'"]*</.test(ctx.nearbyText) ||
488
+ /\bres\s*\.\s*(?:send|write|end)\s*\([^)]*\+[^)]*['"]?\s*</.test(ctx.nearbyText);
489
489
  if (hasHtmlInResponse)
490
490
  return false;
491
+ // FR-015: Variable-backed HTML detection.
492
+ // Catches: `const html = `<p>${err}</p>`; res.send(html);`
493
+ // Extract variable name from res.send(varName) and check if the variable
494
+ // was assigned HTML-containing content in the nearby text.
495
+ const varMatch = ctx.nearbyText.match(/\bres\s*\.\s*(?:send|write|end)\s*\(\s*(\w+)\s*\)/);
496
+ if (varMatch?.[1]) {
497
+ const sendVarName = varMatch[1];
498
+ if (boundedVarPattern(sendVarName, '\\s*=\\s*(?:`[^`]*<|[\'"][^\'"]*<)').test(ctx.nearbyText))
499
+ return false;
500
+ }
491
501
  }
492
502
  // REJECT: template engine render calls (always produce HTML output)
493
- if (/\bres\s*\.\s*render\s*\(/.test(nearbyText) ||
494
- /\b(?:ejs|pug|handlebars|hbs|nunjucks|mustache)\s*[.(]/.test(nearbyText))
503
+ if (/\bres\s*\.\s*render\s*\(/.test(ctx.nearbyText) ||
504
+ /\b(?:ejs|pug|handlebars|hbs|nunjucks|mustache)\s*[.(]/.test(ctx.nearbyText))
495
505
  return false;
496
506
  return true;
497
507
  },
@@ -503,26 +513,24 @@ const FRAMEWORK_MATCHERS = [
503
513
  name: 'Thin Wrapper Stdlib',
504
514
  messagePattern: /(?:missing|add|no).*try.?catch|(?:could|may|might).*throw|unhandled.*(?:error|exception).*(?:JSON\.parse|parseInt|parseFloat|new\s+URL|Buffer\.from|decodeURI)|directly.*(?:return|call).*(?:JSON\.parse|parseInt|parseFloat)/i,
505
515
  evidenceValidator(finding, diffContent) {
506
- const fileSection = extractFileDiffSection(finding, diffContent);
507
- if (!fileSection)
516
+ const ctx = extractNearbyContext(finding, diffContent, 5);
517
+ if (!ctx)
508
518
  return false;
509
- const nearbyLines = extractLinesNearFinding(fileSection, finding.line, 5);
510
- const nearbyText = nearbyLines.join('\n');
511
519
  // Evidence 1: WHITELISTED stdlib call present (no open patterns)
512
520
  const SAFE_STDLIB = /\b(?:JSON\.parse|JSON\.stringify|parseInt|parseFloat|Number\(|new\s+URL|Buffer\.from|decodeURIComponent|decodeURI|atob|btoa)\s*\(/;
513
- if (!SAFE_STDLIB.test(nearbyText))
521
+ if (!SAFE_STDLIB.test(ctx.nearbyText))
514
522
  return false;
515
523
  // Evidence 2: thin wrapper structure (return + stdlib)
516
- if (!/\breturn\s+/.test(nearbyText))
524
+ if (!/\breturn\s+/.test(ctx.nearbyText))
517
525
  return false;
518
526
  // REJECT: I/O operations (not pure stdlib delegation)
519
- if (/\b(?:fs\.|fetch\s*\(|await\s|\.readFile|\.writeFile|database|\.query\s*\()/.test(nearbyText))
527
+ if (/\b(?:fs\.|fetch\s*\(|await\s|\.readFile|\.writeFile|database|\.query\s*\()/.test(ctx.nearbyText))
520
528
  return false;
521
529
  // REJECT: conditional logic (not a thin wrapper)
522
- if (/\b(?:if\s*\(|else\b|switch\s*\()/.test(nearbyText))
530
+ if (/\b(?:if\s*\(|else\b|switch\s*\()/.test(ctx.nearbyText))
523
531
  return false;
524
532
  // REJECT: request handler context (caller responsibility matters here)
525
- if (/\b(?:req\.|request\.|res\.|response\.|app\.\w+\(|router\.\w+\()/.test(nearbyText))
533
+ if (/\b(?:req\.|request\.|res\.|response\.|app\.\w+\(|router\.\w+\()/.test(ctx.nearbyText))
526
534
  return false;
527
535
  return true;
528
536
  },
@@ -540,12 +548,19 @@ const FRAMEWORK_MATCHERS = [
540
548
  * @param diffContent - Raw diff content for evidence validation
541
549
  * @returns Summary with suppressed/passed findings and diagnostic details
542
550
  */
543
- export function filterFrameworkConventionFindings(findings, diffContent) {
551
+ export function filterFrameworkConventionFindings(findings, diffContent, disableMatchers = []) {
552
+ const disabledSet = new Set(disableMatchers);
544
553
  const results = [];
545
554
  let suppressed = 0;
555
+ if (disabledSet.size > 0) {
556
+ console.error(`[router] [framework-filter] Disabled matchers: ${[...disabledSet].join(', ')}`);
557
+ }
546
558
  for (const finding of findings) {
547
559
  let matched = false;
548
560
  for (const matcher of FRAMEWORK_MATCHERS) {
561
+ // Skip disabled matchers (FR-022 disable_matchers)
562
+ if (disabledSet.has(matcher.id))
563
+ continue;
549
564
  // Step 1: Does the message pattern match?
550
565
  if (!matcher.messagePattern.test(finding.message))
551
566
  continue;