@oops-catcher/core 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config/loader.d.ts +5 -0
- package/dist/config/loader.d.ts.map +1 -0
- package/dist/config/loader.js +37 -0
- package/dist/config/loader.js.map +1 -0
- package/dist/config/schema.d.ts +117 -0
- package/dist/config/schema.d.ts.map +1 -0
- package/dist/config/schema.js +54 -0
- package/dist/config/schema.js.map +1 -0
- package/dist/engine/fingerprint.d.ts +2 -0
- package/dist/engine/fingerprint.d.ts.map +1 -0
- package/dist/engine/fingerprint.js +5 -0
- package/dist/engine/fingerprint.js.map +1 -0
- package/dist/engine/line.d.ts +2 -0
- package/dist/engine/line.d.ts.map +1 -0
- package/dist/engine/line.js +11 -0
- package/dist/engine/line.js.map +1 -0
- package/dist/engine/scan.d.ts +13 -0
- package/dist/engine/scan.d.ts.map +1 -0
- package/dist/engine/scan.js +57 -0
- package/dist/engine/scan.js.map +1 -0
- package/dist/engine/walker.d.ts +8 -0
- package/dist/engine/walker.d.ts.map +1 -0
- package/dist/engine/walker.js +42 -0
- package/dist/engine/walker.js.map +1 -0
- package/dist/index.d.ts +5 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +4 -0
- package/dist/index.js.map +1 -0
- package/dist/output/formatters.d.ts +4 -0
- package/dist/output/formatters.d.ts.map +1 -0
- package/dist/output/formatters.js +35 -0
- package/dist/output/formatters.js.map +1 -0
- package/dist/output/redact.d.ts +4 -0
- package/dist/output/redact.d.ts.map +1 -0
- package/dist/output/redact.js +14 -0
- package/dist/output/redact.js.map +1 -0
- package/dist/rules/ai_artifacts_v1.d.ts +3 -0
- package/dist/rules/ai_artifacts_v1.d.ts.map +1 -0
- package/dist/rules/ai_artifacts_v1.js +76 -0
- package/dist/rules/ai_artifacts_v1.js.map +1 -0
- package/dist/rules/containers_v1.d.ts +3 -0
- package/dist/rules/containers_v1.d.ts.map +1 -0
- package/dist/rules/containers_v1.js +392 -0
- package/dist/rules/containers_v1.js.map +1 -0
- package/dist/rules/registry.d.ts +4 -0
- package/dist/rules/registry.d.ts.map +1 -0
- package/dist/rules/registry.js +12 -0
- package/dist/rules/registry.js.map +1 -0
- package/dist/rules/secrets_v1.d.ts +9 -0
- package/dist/rules/secrets_v1.d.ts.map +1 -0
- package/dist/rules/secrets_v1.js +283 -0
- package/dist/rules/secrets_v1.js.map +1 -0
- package/dist/rules/types.d.ts +19 -0
- package/dist/rules/types.d.ts.map +1 -0
- package/dist/rules/types.js +2 -0
- package/dist/rules/types.js.map +1 -0
- package/dist/types.d.ts +41 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +2 -0
- package/dist/types.js.map +1 -0
- package/package.json +33 -0
|
@@ -0,0 +1,392 @@
|
|
|
1
|
+
import yaml from 'js-yaml';
|
|
2
|
+
import { lineForIndex } from '../engine/line.js';
|
|
3
|
+
import { redactExcerpt } from '../output/redact.js';
|
|
4
|
+
import { stableFingerprint } from '../engine/fingerprint.js';
|
|
5
|
+
// ── helpers ──────────────────────────────────────────────────────────────────
|
|
6
|
+
const DOCKER_SOCK = '/var/run/docker.sock';
|
|
7
|
+
const CRED_DIRS = ['/.ssh', '/.aws', '/.config/gcloud'];
|
|
8
|
+
const REMOTE_SCRIPT = /\b(curl|wget)\b[^|#\n]*\|\s*(ba)?sh/g;
|
|
9
|
+
function isComposeFile(path) {
|
|
10
|
+
return (path.endsWith('docker-compose.yml') ||
|
|
11
|
+
path.endsWith('docker-compose.yaml') ||
|
|
12
|
+
path.endsWith('compose.yml') ||
|
|
13
|
+
path.endsWith('compose.yaml'));
|
|
14
|
+
}
|
|
15
|
+
function isDevcontainer(path) {
|
|
16
|
+
return path.endsWith('devcontainer.json');
|
|
17
|
+
}
|
|
18
|
+
function isDockerfile(path) {
|
|
19
|
+
const base = path.split('/').pop() ?? path;
|
|
20
|
+
return base === 'Dockerfile' || base.startsWith('Dockerfile.');
|
|
21
|
+
}
|
|
22
|
+
function lineForText(content, text) {
|
|
23
|
+
const index = content.indexOf(text);
|
|
24
|
+
if (index === -1)
|
|
25
|
+
return undefined;
|
|
26
|
+
return lineForIndex(content, index);
|
|
27
|
+
}
|
|
28
|
+
function hasDockerSockMount(value) {
|
|
29
|
+
if (typeof value === 'string')
|
|
30
|
+
return value.includes(DOCKER_SOCK);
|
|
31
|
+
if (Array.isArray(value))
|
|
32
|
+
return value.some(hasDockerSockMount);
|
|
33
|
+
if (value && typeof value === 'object') {
|
|
34
|
+
const obj = value;
|
|
35
|
+
return Object.values(obj).some(hasDockerSockMount);
|
|
36
|
+
}
|
|
37
|
+
return false;
|
|
38
|
+
}
|
|
39
|
+
function hasCredDirMount(value) {
|
|
40
|
+
if (typeof value === 'string') {
|
|
41
|
+
const hit = CRED_DIRS.find((d) => value.includes(d));
|
|
42
|
+
return hit ?? null;
|
|
43
|
+
}
|
|
44
|
+
if (Array.isArray(value)) {
|
|
45
|
+
for (const v of value) {
|
|
46
|
+
const hit = hasCredDirMount(v);
|
|
47
|
+
if (hit)
|
|
48
|
+
return hit;
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
if (value && typeof value === 'object') {
|
|
52
|
+
for (const v of Object.values(value)) {
|
|
53
|
+
const hit = hasCredDirMount(v);
|
|
54
|
+
if (hit)
|
|
55
|
+
return hit;
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
return null;
|
|
59
|
+
}
|
|
60
|
+
function deepSearch(value, predicate) {
|
|
61
|
+
if (typeof value === 'string')
|
|
62
|
+
return predicate(value);
|
|
63
|
+
if (Array.isArray(value))
|
|
64
|
+
return value.some((v) => deepSearch(v, predicate));
|
|
65
|
+
if (value && typeof value === 'object') {
|
|
66
|
+
return Object.values(value).some((v) => deepSearch(v, predicate));
|
|
67
|
+
}
|
|
68
|
+
return false;
|
|
69
|
+
}
|
|
70
|
+
function parseYaml(content) {
|
|
71
|
+
try {
|
|
72
|
+
return yaml.load(content);
|
|
73
|
+
}
|
|
74
|
+
catch {
|
|
75
|
+
return null;
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
function parseJson(content) {
|
|
79
|
+
try {
|
|
80
|
+
return JSON.parse(content);
|
|
81
|
+
}
|
|
82
|
+
catch {
|
|
83
|
+
return null;
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
// ── rules ─────────────────────────────────────────────────────────────────────
|
|
87
|
+
export const containersV1Rules = [
|
|
88
|
+
// CON001 — Docker socket mounted
|
|
89
|
+
{
|
|
90
|
+
id: 'CON001',
|
|
91
|
+
title: 'Docker socket mounted',
|
|
92
|
+
defaultSeverity: 'critical',
|
|
93
|
+
appliesTo: (path) => isDevcontainer(path) || isComposeFile(path),
|
|
94
|
+
run: (ctx) => {
|
|
95
|
+
const findings = [];
|
|
96
|
+
const line = lineForText(ctx.content, DOCKER_SOCK);
|
|
97
|
+
const redactedExcerpt = line !== undefined
|
|
98
|
+
? redactExcerpt(DOCKER_SOCK, ctx.config.output.redact)
|
|
99
|
+
: undefined;
|
|
100
|
+
if (isDevcontainer(ctx.path)) {
|
|
101
|
+
const parsed = parseJson(ctx.content);
|
|
102
|
+
if (!parsed)
|
|
103
|
+
return [];
|
|
104
|
+
if (hasDockerSockMount(parsed?.['mounts'])) {
|
|
105
|
+
findings.push({
|
|
106
|
+
ruleId: 'CON001',
|
|
107
|
+
severity: 'critical',
|
|
108
|
+
path: ctx.path,
|
|
109
|
+
line,
|
|
110
|
+
message: 'Docker socket mounted in devcontainer',
|
|
111
|
+
why: 'Mounting the Docker socket grants host-level control inside the container.',
|
|
112
|
+
fix: 'Remove the socket mount or switch to a safer build workflow.',
|
|
113
|
+
redactedExcerpt,
|
|
114
|
+
fingerprint: stableFingerprint(`CON001:${ctx.path}:${line ?? 0}:devcontainer`),
|
|
115
|
+
});
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
else {
|
|
119
|
+
const parsed = parseYaml(ctx.content);
|
|
120
|
+
if (!parsed)
|
|
121
|
+
return [];
|
|
122
|
+
const services = (parsed['services'] ?? {});
|
|
123
|
+
const hasSock = Object.values(services).some((service) => {
|
|
124
|
+
if (!service || typeof service !== 'object')
|
|
125
|
+
return false;
|
|
126
|
+
return hasDockerSockMount(service['volumes']);
|
|
127
|
+
});
|
|
128
|
+
if (hasSock) {
|
|
129
|
+
findings.push({
|
|
130
|
+
ruleId: 'CON001',
|
|
131
|
+
severity: 'critical',
|
|
132
|
+
path: ctx.path,
|
|
133
|
+
line,
|
|
134
|
+
message: 'Docker socket mounted in compose',
|
|
135
|
+
why: 'Mounting the Docker socket grants host-level control inside the container.',
|
|
136
|
+
fix: 'Remove the socket mount or use a safer build service.',
|
|
137
|
+
redactedExcerpt,
|
|
138
|
+
fingerprint: stableFingerprint(`CON001:${ctx.path}:${line ?? 0}:compose`),
|
|
139
|
+
});
|
|
140
|
+
}
|
|
141
|
+
}
|
|
142
|
+
return findings;
|
|
143
|
+
},
|
|
144
|
+
},
|
|
145
|
+
// CON002 — Privileged container
|
|
146
|
+
{
|
|
147
|
+
id: 'CON002',
|
|
148
|
+
title: 'Privileged container',
|
|
149
|
+
defaultSeverity: 'critical',
|
|
150
|
+
appliesTo: (path) => isComposeFile(path) || isDevcontainer(path) || isDockerfile(path),
|
|
151
|
+
run: (ctx) => {
|
|
152
|
+
const findings = [];
|
|
153
|
+
if (isDockerfile(ctx.path)) {
|
|
154
|
+
if (/\bRUN\b[^\n]*--privileged/.test(ctx.content)) {
|
|
155
|
+
const line = lineForText(ctx.content, '--privileged');
|
|
156
|
+
findings.push({
|
|
157
|
+
ruleId: 'CON002',
|
|
158
|
+
severity: 'critical',
|
|
159
|
+
path: ctx.path,
|
|
160
|
+
line,
|
|
161
|
+
message: 'Privileged flag used in Dockerfile RUN',
|
|
162
|
+
why: 'Privileged containers bypass isolation and can escape to the host.',
|
|
163
|
+
fix: 'Remove the --privileged flag.',
|
|
164
|
+
fingerprint: stableFingerprint(`CON002:${ctx.path}:${line ?? 0}`),
|
|
165
|
+
});
|
|
166
|
+
}
|
|
167
|
+
return findings;
|
|
168
|
+
}
|
|
169
|
+
if (isDevcontainer(ctx.path)) {
|
|
170
|
+
const parsed = parseJson(ctx.content);
|
|
171
|
+
if (!parsed)
|
|
172
|
+
return [];
|
|
173
|
+
if (deepSearch(parsed, (s) => s.includes('--privileged'))) {
|
|
174
|
+
const line = lineForText(ctx.content, '--privileged');
|
|
175
|
+
findings.push({
|
|
176
|
+
ruleId: 'CON002',
|
|
177
|
+
severity: 'critical',
|
|
178
|
+
path: ctx.path,
|
|
179
|
+
line,
|
|
180
|
+
message: 'Privileged flag in devcontainer',
|
|
181
|
+
why: 'Privileged containers bypass isolation.',
|
|
182
|
+
fix: 'Remove the --privileged flag.',
|
|
183
|
+
fingerprint: stableFingerprint(`CON002:${ctx.path}:${line ?? 0}:devcontainer`),
|
|
184
|
+
});
|
|
185
|
+
}
|
|
186
|
+
return findings;
|
|
187
|
+
}
|
|
188
|
+
// Compose
|
|
189
|
+
const parsed = parseYaml(ctx.content);
|
|
190
|
+
if (!parsed)
|
|
191
|
+
return [];
|
|
192
|
+
const services = (parsed['services'] ?? {});
|
|
193
|
+
for (const [name, service] of Object.entries(services)) {
|
|
194
|
+
if (!service || typeof service !== 'object')
|
|
195
|
+
continue;
|
|
196
|
+
const svc = service;
|
|
197
|
+
if (svc['privileged'] === true) {
|
|
198
|
+
const line = lineForText(ctx.content, 'privileged: true');
|
|
199
|
+
findings.push({
|
|
200
|
+
ruleId: 'CON002',
|
|
201
|
+
severity: 'critical',
|
|
202
|
+
path: ctx.path,
|
|
203
|
+
line,
|
|
204
|
+
message: `Privileged container in service '${name}'`,
|
|
205
|
+
why: 'Privileged containers bypass isolation and can escape to the host.',
|
|
206
|
+
fix: 'Remove privileged: true from the service definition.',
|
|
207
|
+
fingerprint: stableFingerprint(`CON002:${ctx.path}:${name}`),
|
|
208
|
+
});
|
|
209
|
+
}
|
|
210
|
+
}
|
|
211
|
+
return findings;
|
|
212
|
+
},
|
|
213
|
+
},
|
|
214
|
+
// CON003 — Host networking
|
|
215
|
+
{
|
|
216
|
+
id: 'CON003',
|
|
217
|
+
title: 'Host networking enabled',
|
|
218
|
+
defaultSeverity: 'critical',
|
|
219
|
+
appliesTo: (path) => isComposeFile(path) || isDevcontainer(path),
|
|
220
|
+
run: (ctx) => {
|
|
221
|
+
const findings = [];
|
|
222
|
+
if (isDevcontainer(ctx.path)) {
|
|
223
|
+
const parsed = parseJson(ctx.content);
|
|
224
|
+
if (!parsed)
|
|
225
|
+
return [];
|
|
226
|
+
if (deepSearch(parsed, (s) => s === 'host')) {
|
|
227
|
+
const line = lineForText(ctx.content, 'host');
|
|
228
|
+
findings.push({
|
|
229
|
+
ruleId: 'CON003',
|
|
230
|
+
severity: 'critical',
|
|
231
|
+
path: ctx.path,
|
|
232
|
+
line,
|
|
233
|
+
message: 'Host networking in devcontainer',
|
|
234
|
+
why: 'Host networking reduces container isolation.',
|
|
235
|
+
fix: 'Use a bridge network instead.',
|
|
236
|
+
fingerprint: stableFingerprint(`CON003:${ctx.path}:devcontainer`),
|
|
237
|
+
});
|
|
238
|
+
}
|
|
239
|
+
return findings;
|
|
240
|
+
}
|
|
241
|
+
const parsed = parseYaml(ctx.content);
|
|
242
|
+
if (!parsed)
|
|
243
|
+
return [];
|
|
244
|
+
const services = (parsed['services'] ?? {});
|
|
245
|
+
for (const [name, service] of Object.entries(services)) {
|
|
246
|
+
if (!service || typeof service !== 'object')
|
|
247
|
+
continue;
|
|
248
|
+
const svc = service;
|
|
249
|
+
if (svc['network_mode'] === 'host') {
|
|
250
|
+
const line = lineForText(ctx.content, 'network_mode: host');
|
|
251
|
+
findings.push({
|
|
252
|
+
ruleId: 'CON003',
|
|
253
|
+
severity: 'critical',
|
|
254
|
+
path: ctx.path,
|
|
255
|
+
line,
|
|
256
|
+
message: `Host networking in service '${name}'`,
|
|
257
|
+
why: 'Host networking reduces container isolation.',
|
|
258
|
+
fix: "Remove network_mode: host and use a bridge network.",
|
|
259
|
+
fingerprint: stableFingerprint(`CON003:${ctx.path}:${name}`),
|
|
260
|
+
});
|
|
261
|
+
}
|
|
262
|
+
}
|
|
263
|
+
return findings;
|
|
264
|
+
},
|
|
265
|
+
},
|
|
266
|
+
// CON004 — Container runs as root
|
|
267
|
+
{
|
|
268
|
+
id: 'CON004',
|
|
269
|
+
title: 'Container runs as root',
|
|
270
|
+
defaultSeverity: 'warning',
|
|
271
|
+
appliesTo: (path) => isDevcontainer(path) || isDockerfile(path),
|
|
272
|
+
run: (ctx) => {
|
|
273
|
+
if (isDockerfile(ctx.path)) {
|
|
274
|
+
// Heuristic: no USER instruction = runs as root
|
|
275
|
+
if (!/^\s*USER\s+/m.test(ctx.content)) {
|
|
276
|
+
return [
|
|
277
|
+
{
|
|
278
|
+
ruleId: 'CON004',
|
|
279
|
+
severity: 'warning',
|
|
280
|
+
path: ctx.path,
|
|
281
|
+
message: 'No USER instruction in Dockerfile (runs as root)',
|
|
282
|
+
why: 'Containers that run as root increase blast radius if compromised.',
|
|
283
|
+
fix: 'Add a USER instruction to run as a non-root user.',
|
|
284
|
+
fingerprint: stableFingerprint(`CON004:${ctx.path}:no-user`),
|
|
285
|
+
},
|
|
286
|
+
];
|
|
287
|
+
}
|
|
288
|
+
return [];
|
|
289
|
+
}
|
|
290
|
+
// devcontainer: remoteUser = root
|
|
291
|
+
const parsed = parseJson(ctx.content);
|
|
292
|
+
if (!parsed)
|
|
293
|
+
return [];
|
|
294
|
+
if (parsed['remoteUser'] === 'root') {
|
|
295
|
+
return [
|
|
296
|
+
{
|
|
297
|
+
ruleId: 'CON004',
|
|
298
|
+
severity: 'warning',
|
|
299
|
+
path: ctx.path,
|
|
300
|
+
message: 'remoteUser set to root in devcontainer',
|
|
301
|
+
why: 'Running as root in a container increases blast radius.',
|
|
302
|
+
fix: 'Set remoteUser to a non-root user.',
|
|
303
|
+
fingerprint: stableFingerprint(`CON004:${ctx.path}:remoteUser`),
|
|
304
|
+
},
|
|
305
|
+
];
|
|
306
|
+
}
|
|
307
|
+
return [];
|
|
308
|
+
},
|
|
309
|
+
},
|
|
310
|
+
// CON101 — Credential directories mounted
|
|
311
|
+
{
|
|
312
|
+
id: 'CON101',
|
|
313
|
+
title: 'Credential directory mounted',
|
|
314
|
+
defaultSeverity: 'warning',
|
|
315
|
+
appliesTo: (path) => isComposeFile(path) || isDevcontainer(path),
|
|
316
|
+
run: (ctx) => {
|
|
317
|
+
const findings = [];
|
|
318
|
+
if (isDevcontainer(ctx.path)) {
|
|
319
|
+
const parsed = parseJson(ctx.content);
|
|
320
|
+
if (!parsed)
|
|
321
|
+
return [];
|
|
322
|
+
const hit = hasCredDirMount(parsed);
|
|
323
|
+
if (hit) {
|
|
324
|
+
const line = lineForText(ctx.content, hit);
|
|
325
|
+
findings.push({
|
|
326
|
+
ruleId: 'CON101',
|
|
327
|
+
severity: 'warning',
|
|
328
|
+
path: ctx.path,
|
|
329
|
+
line,
|
|
330
|
+
message: `Credential directory mounted in devcontainer (${hit})`,
|
|
331
|
+
why: 'Mounting credential directories exposes host secrets inside containers.',
|
|
332
|
+
fix: 'Remove the mount or use short-lived credentials instead.',
|
|
333
|
+
fingerprint: stableFingerprint(`CON101:${ctx.path}:devcontainer:${hit}`),
|
|
334
|
+
});
|
|
335
|
+
}
|
|
336
|
+
return findings;
|
|
337
|
+
}
|
|
338
|
+
const parsed = parseYaml(ctx.content);
|
|
339
|
+
if (!parsed)
|
|
340
|
+
return [];
|
|
341
|
+
const services = (parsed['services'] ?? {});
|
|
342
|
+
for (const [name, service] of Object.entries(services)) {
|
|
343
|
+
if (!service || typeof service !== 'object')
|
|
344
|
+
continue;
|
|
345
|
+
const svc = service;
|
|
346
|
+
const hit = hasCredDirMount(svc['volumes']);
|
|
347
|
+
if (hit) {
|
|
348
|
+
const line = lineForText(ctx.content, hit);
|
|
349
|
+
findings.push({
|
|
350
|
+
ruleId: 'CON101',
|
|
351
|
+
severity: 'warning',
|
|
352
|
+
path: ctx.path,
|
|
353
|
+
line,
|
|
354
|
+
message: `Credential directory mounted in service '${name}' (${hit})`,
|
|
355
|
+
why: 'Mounting credential directories exposes host secrets inside containers.',
|
|
356
|
+
fix: 'Remove the mount or use short-lived credentials instead.',
|
|
357
|
+
fingerprint: stableFingerprint(`CON101:${ctx.path}:${name}:${hit}`),
|
|
358
|
+
});
|
|
359
|
+
}
|
|
360
|
+
}
|
|
361
|
+
return findings;
|
|
362
|
+
},
|
|
363
|
+
},
|
|
364
|
+
// CON102 — Remote script execution
|
|
365
|
+
{
|
|
366
|
+
id: 'CON102',
|
|
367
|
+
title: 'Remote script execution in dev setup',
|
|
368
|
+
defaultSeverity: 'warning',
|
|
369
|
+
appliesTo: (path) => isDockerfile(path) || isDevcontainer(path),
|
|
370
|
+
run: (ctx) => {
|
|
371
|
+
const findings = [];
|
|
372
|
+
for (const match of ctx.content.matchAll(REMOTE_SCRIPT)) {
|
|
373
|
+
const index = match.index ?? 0;
|
|
374
|
+
const line = lineForIndex(ctx.content, index);
|
|
375
|
+
const matched = match[0];
|
|
376
|
+
findings.push({
|
|
377
|
+
ruleId: 'CON102',
|
|
378
|
+
severity: 'warning',
|
|
379
|
+
path: ctx.path,
|
|
380
|
+
line,
|
|
381
|
+
message: `Remote script piped to shell: ${matched.slice(0, 60)}`,
|
|
382
|
+
why: 'Piping remote scripts to a shell is risky; the script could change without notice.',
|
|
383
|
+
fix: 'Pin the script URL to a specific commit hash and validate its checksum.',
|
|
384
|
+
redactedExcerpt: matched.slice(0, 80),
|
|
385
|
+
fingerprint: stableFingerprint(`CON102:${ctx.path}:${line}`),
|
|
386
|
+
});
|
|
387
|
+
}
|
|
388
|
+
return findings;
|
|
389
|
+
},
|
|
390
|
+
},
|
|
391
|
+
];
|
|
392
|
+
//# sourceMappingURL=containers_v1.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"containers_v1.js","sourceRoot":"","sources":["../../src/rules/containers_v1.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,SAAS,CAAC;AAG3B,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAE7D,gFAAgF;AAEhF,MAAM,WAAW,GAAG,sBAAsB,CAAC;AAE3C,MAAM,SAAS,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,iBAAiB,CAAC,CAAC;AAExD,MAAM,aAAa,GAAG,sCAAsC,CAAC;AAE7D,SAAS,aAAa,CAAC,IAAY;IACjC,OAAO,CACL,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC;QACnC,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC;QACpC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC;QAC5B,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,CAC9B,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IAClC,OAAO,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,YAAY,CAAC,IAAY;IAChC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC;IAC3C,OAAO,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;AACjE,CAAC;AAED,SAAS,WAAW,CAAC,OAAe,EAAE,IAAY;IAChD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACpC,IAAI,KAAK,KAAK,CAAC,CAAC;QAAE,OAAO,SAAS,CAAC;IACnC,OAAO,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;AACtC,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAc;IACxC,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAClE,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAChE,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,KAAgC,CAAC;QAC7C,OAAO,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QACrD,OAAO,GAAG,IAAI,IAAI,CAAC;IACrB,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,MAAM,GAAG,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;YAC/B,IAAI,GAAG;gBAAE,OAAO,GAAG,CAAC;QACtB,CAAC;IACH,CAAC;IACD,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,KAAgC,CAAC,EAAE,CAAC;YAChE,MAAM,GAAG,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;YAC/B,IAAI,GAAG;gBAAE,OAAO,GAAG,CAAC;QACtB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,UAAU,CAAC,KAAc,EAAE,SAAiC;IACnE,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC,KAAK,CAAC,CAAC;IACvD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;IAC7E,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvC,OAAO,MAAM,CAAC,MAAM,CAAC,KAAgC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;IAC/F,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,SAAS,CAAC,OAAe;IAChC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAA4B,CAAC;IACvD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,OAAe;IAChC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAA4B,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,iFAAiF;AAEjF,MAAM,CAAC,MAAM,iBAAiB,GAAW;IACvC,iCAAiC;IACjC;QACE,EAAE,EAAE,QAAQ;QACZ,KAAK,EAAE,uBAAuB;QAC9B,eAAe,EAAE,UAAU;QAC3B,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,aAAa,CAAC,IAAI,CAAC;QAChE,GAAG,EAAE,CAAC,GAAG,EAAE,EAAE;YACX,MAAM,QAAQ,GAAc,EAAE,CAAC;YAC/B,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YACnD,MAAM,eAAe,GAAG,IAAI,KAAK,SAAS;gBACxC,CAAC,CAAC,aAAa,CAAC,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC;gBACtD,CAAC,CAAC,SAAS,CAAC;YAEd,IAAI,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBACtC,IAAI,CAAC,MAAM;oBAAE,OAAO,EAAE,CAAC;gBACvB,IAAI,kBAAkB,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;oBAC3C,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,QAAQ;wBAChB,QAAQ,EAAE,UAAU;wBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,IAAI;wBACJ,OAAO,EAAE,uCAAuC;wBAChD,GAAG,EAAE,4EAA4E;wBACjF,GAAG,EAAE,8DAA8D;wBACnE,eAAe;wBACf,WAAW,EAAE,iBAAiB,CAAC,UAAU,GAAG,CAAC,IAAI,IAAI,IAAI,IAAI,CAAC,eAAe,CAAC;qBAC/E,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBACtC,IAAI,CAAC,MAAM;oBAAE,OAAO,EAAE,CAAC;gBACvB,MAAM,QAAQ,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,CAA4B,CAAC;gBACvE,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;oBACvD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ;wBAAE,OAAO,KAAK,CAAC;oBAC1D,OAAO,kBAAkB,CAAE,OAAmC,CAAC,SAAS,CAAC,CAAC,CAAC;gBAC7E,CAAC,CAAC,CAAC;gBACH,IAAI,OAAO,EAAE,CAAC;oBACZ,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,QAAQ;wBAChB,QAAQ,EAAE,UAAU;wBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,IAAI;wBACJ,OAAO,EAAE,kCAAkC;wBAC3C,GAAG,EAAE,4EAA4E;wBACjF,GAAG,EAAE,uDAAuD;wBAC5D,eAAe;wBACf,WAAW,EAAE,iBAAiB,CAAC,UAAU,GAAG,CAAC,IAAI,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC;qBAC1E,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;KACF;IAED,gCAAgC;IAChC;QACE,EAAE,EAAE,QAAQ;QACZ,KAAK,EAAE,sBAAsB;QAC7B,eAAe,EAAE,UAAU;QAC3B,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC;QACtF,GAAG,EAAE,CAAC,GAAG,EAAE,EAAE;YACX,MAAM,QAAQ,GAAc,EAAE,CAAC;YAE/B,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3B,IAAI,2BAA2B,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;oBAClD,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;oBACtD,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,QAAQ;wBAChB,QAAQ,EAAE,UAAU;wBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,IAAI;wBACJ,OAAO,EAAE,wCAAwC;wBACjD,GAAG,EAAE,oEAAoE;wBACzE,GAAG,EAAE,+BAA+B;wBACpC,WAAW,EAAE,iBAAiB,CAAC,UAAU,GAAG,CAAC,IAAI,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;qBAClE,CAAC,CAAC;gBACL,CAAC;gBACD,OAAO,QAAQ,CAAC;YAClB,CAAC;YAED,IAAI,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBACtC,IAAI,CAAC,MAAM;oBAAE,OAAO,EAAE,CAAC;gBACvB,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,EAAE,CAAC;oBAC1D,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;oBACtD,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,QAAQ;wBAChB,QAAQ,EAAE,UAAU;wBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,IAAI;wBACJ,OAAO,EAAE,iCAAiC;wBAC1C,GAAG,EAAE,yCAAyC;wBAC9C,GAAG,EAAE,+BAA+B;wBACpC,WAAW,EAAE,iBAAiB,CAAC,UAAU,GAAG,CAAC,IAAI,IAAI,IAAI,IAAI,CAAC,eAAe,CAAC;qBAC/E,CAAC,CAAC;gBACL,CAAC;gBACD,OAAO,QAAQ,CAAC;YAClB,CAAC;YAED,UAAU;YACV,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACtC,IAAI,CAAC,MAAM;gBAAE,OAAO,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,CAA4B,CAAC;YACvE,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACvD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ;oBAAE,SAAS;gBACtD,MAAM,GAAG,GAAG,OAAkC,CAAC;gBAC/C,IAAI,GAAG,CAAC,YAAY,CAAC,KAAK,IAAI,EAAE,CAAC;oBAC/B,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;oBAC1D,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,QAAQ;wBAChB,QAAQ,EAAE,UAAU;wBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,IAAI;wBACJ,OAAO,EAAE,oCAAoC,IAAI,GAAG;wBACpD,GAAG,EAAE,oEAAoE;wBACzE,GAAG,EAAE,sDAAsD;wBAC3D,WAAW,EAAE,iBAAiB,CAAC,UAAU,GAAG,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC;qBAC7D,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;KACF;IAED,2BAA2B;IAC3B;QACE,EAAE,EAAE,QAAQ;QACZ,KAAK,EAAE,yBAAyB;QAChC,eAAe,EAAE,UAAU;QAC3B,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC;QAChE,GAAG,EAAE,CAAC,GAAG,EAAE,EAAE;YACX,MAAM,QAAQ,GAAc,EAAE,CAAC;YAE/B,IAAI,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBACtC,IAAI,CAAC,MAAM;oBAAE,OAAO,EAAE,CAAC;gBACvB,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,EAAE,CAAC;oBAC5C,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;oBAC9C,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,QAAQ;wBAChB,QAAQ,EAAE,UAAU;wBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,IAAI;wBACJ,OAAO,EAAE,iCAAiC;wBAC1C,GAAG,EAAE,8CAA8C;wBACnD,GAAG,EAAE,+BAA+B;wBACpC,WAAW,EAAE,iBAAiB,CAAC,UAAU,GAAG,CAAC,IAAI,eAAe,CAAC;qBAClE,CAAC,CAAC;gBACL,CAAC;gBACD,OAAO,QAAQ,CAAC;YAClB,CAAC;YAED,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACtC,IAAI,CAAC,MAAM;gBAAE,OAAO,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,CAA4B,CAAC;YACvE,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACvD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ;oBAAE,SAAS;gBACtD,MAAM,GAAG,GAAG,OAAkC,CAAC;gBAC/C,IAAI,GAAG,CAAC,cAAc,CAAC,KAAK,MAAM,EAAE,CAAC;oBACnC,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;oBAC5D,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,QAAQ;wBAChB,QAAQ,EAAE,UAAU;wBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,IAAI;wBACJ,OAAO,EAAE,+BAA+B,IAAI,GAAG;wBAC/C,GAAG,EAAE,8CAA8C;wBACnD,GAAG,EAAE,qDAAqD;wBAC1D,WAAW,EAAE,iBAAiB,CAAC,UAAU,GAAG,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC;qBAC7D,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;KACF;IAED,kCAAkC;IAClC;QACE,EAAE,EAAE,QAAQ;QACZ,KAAK,EAAE,wBAAwB;QAC/B,eAAe,EAAE,SAAS;QAC1B,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC;QAC/D,GAAG,EAAE,CAAC,GAAG,EAAE,EAAE;YACX,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3B,gDAAgD;gBAChD,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtC,OAAO;wBACL;4BACE,MAAM,EAAE,QAAQ;4BAChB,QAAQ,EAAE,SAAS;4BACnB,IAAI,EAAE,GAAG,CAAC,IAAI;4BACd,OAAO,EAAE,kDAAkD;4BAC3D,GAAG,EAAE,mEAAmE;4BACxE,GAAG,EAAE,mDAAmD;4BACxD,WAAW,EAAE,iBAAiB,CAAC,UAAU,GAAG,CAAC,IAAI,UAAU,CAAC;yBAC7D;qBACF,CAAC;gBACJ,CAAC;gBACD,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,kCAAkC;YAClC,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACtC,IAAI,CAAC,MAAM;gBAAE,OAAO,EAAE,CAAC;YACvB,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,MAAM,EAAE,CAAC;gBACpC,OAAO;oBACL;wBACE,MAAM,EAAE,QAAQ;wBAChB,QAAQ,EAAE,SAAS;wBACnB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,OAAO,EAAE,wCAAwC;wBACjD,GAAG,EAAE,wDAAwD;wBAC7D,GAAG,EAAE,oCAAoC;wBACzC,WAAW,EAAE,iBAAiB,CAAC,UAAU,GAAG,CAAC,IAAI,aAAa,CAAC;qBAChE;iBACF,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,CAAC;QACZ,CAAC;KACF;IAED,0CAA0C;IAC1C;QACE,EAAE,EAAE,QAAQ;QACZ,KAAK,EAAE,8BAA8B;QACrC,eAAe,EAAE,SAAS;QAC1B,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC;QAChE,GAAG,EAAE,CAAC,GAAG,EAAE,EAAE;YACX,MAAM,QAAQ,GAAc,EAAE,CAAC;YAE/B,IAAI,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBACtC,IAAI,CAAC,MAAM;oBAAE,OAAO,EAAE,CAAC;gBACvB,MAAM,GAAG,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;gBACpC,IAAI,GAAG,EAAE,CAAC;oBACR,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;oBAC3C,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,QAAQ;wBAChB,QAAQ,EAAE,SAAS;wBACnB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,IAAI;wBACJ,OAAO,EAAE,iDAAiD,GAAG,GAAG;wBAChE,GAAG,EAAE,yEAAyE;wBAC9E,GAAG,EAAE,0DAA0D;wBAC/D,WAAW,EAAE,iBAAiB,CAAC,UAAU,GAAG,CAAC,IAAI,iBAAiB,GAAG,EAAE,CAAC;qBACzE,CAAC,CAAC;gBACL,CAAC;gBACD,OAAO,QAAQ,CAAC;YAClB,CAAC;YAED,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACtC,IAAI,CAAC,MAAM;gBAAE,OAAO,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,CAA4B,CAAC;YACvE,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACvD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ;oBAAE,SAAS;gBACtD,MAAM,GAAG,GAAG,OAAkC,CAAC;gBAC/C,MAAM,GAAG,GAAG,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;gBAC5C,IAAI,GAAG,EAAE,CAAC;oBACR,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;oBAC3C,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,QAAQ;wBAChB,QAAQ,EAAE,SAAS;wBACnB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,IAAI;wBACJ,OAAO,EAAE,4CAA4C,IAAI,MAAM,GAAG,GAAG;wBACrE,GAAG,EAAE,yEAAyE;wBAC9E,GAAG,EAAE,0DAA0D;wBAC/D,WAAW,EAAE,iBAAiB,CAAC,UAAU,GAAG,CAAC,IAAI,IAAI,IAAI,IAAI,GAAG,EAAE,CAAC;qBACpE,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;KACF;IAED,mCAAmC;IACnC;QACE,EAAE,EAAE,QAAQ;QACZ,KAAK,EAAE,sCAAsC;QAC7C,eAAe,EAAE,SAAS;QAC1B,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC;QAC/D,GAAG,EAAE,CAAC,GAAG,EAAE,EAAE;YACX,MAAM,QAAQ,GAAc,EAAE,CAAC;YAE/B,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBACxD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC;gBAC/B,MAAM,IAAI,GAAG,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;gBAC9C,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACzB,QAAQ,CAAC,IAAI,CAAC;oBACZ,MAAM,EAAE,QAAQ;oBAChB,QAAQ,EAAE,SAAS;oBACnB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,IAAI;oBACJ,OAAO,EAAE,iCAAiC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;oBAChE,GAAG,EAAE,oFAAoF;oBACzF,GAAG,EAAE,yEAAyE;oBAC9E,eAAe,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;oBACrC,WAAW,EAAE,iBAAiB,CAAC,UAAU,GAAG,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC;iBAC7D,CAAC,CAAC;YACL,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;KACF;CACF,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/rules/registry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAKrC,eAAO,MAAM,QAAQ,EAAE,OAAO,EAI7B,CAAC;AAEF,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,OAAO,EAAE,CAEpD"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { secretsV1Rules } from './secrets_v1.js';
|
|
2
|
+
import { containersV1Rules } from './containers_v1.js';
|
|
3
|
+
import { aiArtifactsV1Rules } from './ai_artifacts_v1.js';
|
|
4
|
+
export const RULESETS = [
|
|
5
|
+
{ id: 'secrets_v1', rules: secretsV1Rules },
|
|
6
|
+
{ id: 'containers_v1', rules: containersV1Rules },
|
|
7
|
+
{ id: 'ai_artifacts_v1', rules: aiArtifactsV1Rules },
|
|
8
|
+
];
|
|
9
|
+
export function getRulesets(ids) {
|
|
10
|
+
return RULESETS.filter((set) => ids.includes(set.id));
|
|
11
|
+
}
|
|
12
|
+
//# sourceMappingURL=registry.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/rules/registry.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,MAAM,CAAC,MAAM,QAAQ,GAAc;IACjC,EAAE,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,cAAc,EAAE;IAC3C,EAAE,EAAE,EAAE,eAAe,EAAE,KAAK,EAAE,iBAAiB,EAAE;IACjD,EAAE,EAAE,EAAE,iBAAiB,EAAE,KAAK,EAAE,kBAAkB,EAAE;CACrD,CAAC;AAEF,MAAM,UAAU,WAAW,CAAC,GAAa;IACvC,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;AACxD,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import { Rule } from './types.js';
|
|
2
|
+
declare const PRIVATE_KEY_BLOCK: RegExp;
|
|
3
|
+
declare const GITHUB_TOKEN: RegExp;
|
|
4
|
+
declare const AWS_ACCESS_KEY: RegExp;
|
|
5
|
+
declare const STRIPE_LIVE_KEY: RegExp;
|
|
6
|
+
declare const SLACK_TOKEN: RegExp;
|
|
7
|
+
export declare const secretsV1Rules: Rule[];
|
|
8
|
+
export { PRIVATE_KEY_BLOCK, GITHUB_TOKEN, AWS_ACCESS_KEY, STRIPE_LIVE_KEY, SLACK_TOKEN };
|
|
9
|
+
//# sourceMappingURL=secrets_v1.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secrets_v1.d.ts","sourceRoot":"","sources":["../../src/rules/secrets_v1.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAKlC,QAAA,MAAM,iBAAiB,QAA0D,CAAC;AAClF,QAAA,MAAM,YAAY,QAAwD,CAAC;AAC3E,QAAA,MAAM,cAAc,QAA4B,CAAC;AAEjD,QAAA,MAAM,eAAe,QAAoC,CAAC;AAC1D,QAAA,MAAM,WAAW,QAA0C,CAAC;AAmC5D,eAAO,MAAM,cAAc,EAAE,IAAI,EAuOhC,CAAC;AAGF,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,WAAW,EAAE,CAAC"}
|