npm - @skillsmith/core - Versions diffs - 0.4.16 → 0.5.0 - Mend

@skillsmith/core 0.4.16 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (285) hide show

package/dist/src/security/index.d.ts CHANGED Viewed

@@ -16,6 +16,8 @@ export { AuditLogger } from './AuditLogger.js';
 export type { AuditLogEntry, AuditEventType, AuditActor, AuditResult, AuditQueryFilter, AuditStats, } from './AuditLogger.js';
 export { RateLimiter, InMemoryRateLimitStorage, RATE_LIMIT_PRESETS, createRateLimiterFromPreset, RateLimitQueueTimeoutError, RateLimitQueueFullError, } from './rate-limiter/index.js';
 export type { RateLimitConfig, RateLimitResult, RateLimitStorage, RateLimitMetrics, } from './rate-limiter/index.js';
+export { detectRiskTrend } from './risk-trend.js';
+export type { RiskTrendResult } from './risk-trend.js';
 export { SkillSandbox, SandboxUnavailableError, withSandbox } from './SkillSandbox.js';
 export type { SandboxOptions, ExecutionResult, SandboxFile, SandboxStatus } from './SkillSandbox.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/src/security/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AACpD,YAAY,EACV,eAAe,EACf,mBAAmB,EACnB,gBAAgB,EAChB,UAAU,EACV,cAAc,EACd,kBAAkB,GACnB,MAAM,oBAAoB,CAAA;AAG3B,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,YAAY,EACZ,WAAW,EACX,YAAY,EAEZ,eAAe,EACf,wBAAwB,EACxB,4BAA4B,EAC5B,qBAAqB,EACrB,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,mBAAmB,CAAA;AAG1B,OAAO,EACL,cAAc,EACd,qBAAqB,EACrB,UAAU,EACV,oBAAoB,GACrB,MAAM,qBAAqB,CAAA;AAC5B,YAAY,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAGtF,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAA;AAC9C,YAAY,EACV,aAAa,EACb,cAAc,EACd,UAAU,EACV,WAAW,EACX,gBAAgB,EAChB,UAAU,GACX,MAAM,kBAAkB,CAAA;AAGzB,OAAO,EACL,WAAW,EACX,wBAAwB,EACxB,kBAAkB,EAClB,2BAA2B,EAC3B,0BAA0B,EAC1B,uBAAuB,GACxB,MAAM,yBAAyB,CAAA;AAChC,YAAY,EACV,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,yBAAyB,CAAA;AAGhC,OAAO,EAAE,YAAY,EAAE,uBAAuB,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AACtF,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AACpD,YAAY,EACV,eAAe,EACf,mBAAmB,EACnB,gBAAgB,EAChB,UAAU,EACV,cAAc,EACd,kBAAkB,GACnB,MAAM,oBAAoB,CAAA;AAG3B,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,YAAY,EACZ,WAAW,EACX,YAAY,EAEZ,eAAe,EACf,wBAAwB,EACxB,4BAA4B,EAC5B,qBAAqB,EACrB,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,mBAAmB,CAAA;AAG1B,OAAO,EACL,cAAc,EACd,qBAAqB,EACrB,UAAU,EACV,oBAAoB,GACrB,MAAM,qBAAqB,CAAA;AAC5B,YAAY,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAA;AAGtF,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAA;AAC9C,YAAY,EACV,aAAa,EACb,cAAc,EACd,UAAU,EACV,WAAW,EACX,gBAAgB,EAChB,UAAU,GACX,MAAM,kBAAkB,CAAA;AAGzB,OAAO,EACL,WAAW,EACX,wBAAwB,EACxB,kBAAkB,EAClB,2BAA2B,EAC3B,0BAA0B,EAC1B,uBAAuB,GACxB,MAAM,yBAAyB,CAAA;AAChC,YAAY,EACV,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,yBAAyB,CAAA;AAGhC,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AACjD,YAAY,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AAGtD,OAAO,EAAE,YAAY,EAAE,uBAAuB,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AACtF,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA"}

package/dist/src/security/index.js CHANGED Viewed

@@ -19,6 +19,8 @@ export { validateDbPath, validateDbPathOrThrow, isPathSafe, DEFAULT_ALLOWED_DIRS
 export { AuditLogger } from './AuditLogger.js';
 // Rate limiter module
 export { RateLimiter, InMemoryRateLimitStorage, RATE_LIMIT_PRESETS, createRateLimiterFromPreset, RateLimitQueueTimeoutError, RateLimitQueueFullError, } from './rate-limiter/index.js';
+// SMI-3874: Risk trend detection
+export { detectRiskTrend } from './risk-trend.js';
 // SMI-1534: E2B Sandbox for skill testing
 export { SkillSandbox, SandboxUnavailableError, withSandbox } from './SkillSandbox.js';
 //# sourceMappingURL=index.js.map

package/dist/src/security/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,iBAAiB;AACjB,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AAUpD,eAAe;AACf,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,YAAY,EACZ,WAAW,EACX,YAAY;AACZ,iCAAiC;AACjC,eAAe,EACf,wBAAwB,EACxB,4BAA4B,EAC5B,qBAAqB,EACrB,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,mBAAmB,CAAA;AAE1B,kBAAkB;AAClB,OAAO,EACL,cAAc,EACd,qBAAqB,EACrB,UAAU,EACV,oBAAoB,GACrB,MAAM,qBAAqB,CAAA;AAG5B,eAAe;AACf,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAA;AAU9C,sBAAsB;AACtB,OAAO,EACL,WAAW,EACX,wBAAwB,EACxB,kBAAkB,EAClB,2BAA2B,EAC3B,0BAA0B,EAC1B,uBAAuB,GACxB,MAAM,yBAAyB,CAAA;AAQhC,0CAA0C;AAC1C,OAAO,EAAE,YAAY,EAAE,uBAAuB,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,iBAAiB;AACjB,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AAUpD,eAAe;AACf,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,YAAY,EACZ,WAAW,EACX,YAAY;AACZ,iCAAiC;AACjC,eAAe,EACf,wBAAwB,EACxB,4BAA4B,EAC5B,qBAAqB,EACrB,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,mBAAmB,CAAA;AAE1B,kBAAkB;AAClB,OAAO,EACL,cAAc,EACd,qBAAqB,EACrB,UAAU,EACV,oBAAoB,GACrB,MAAM,qBAAqB,CAAA;AAG5B,eAAe;AACf,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAA;AAU9C,sBAAsB;AACtB,OAAO,EACL,WAAW,EACX,wBAAwB,EACxB,kBAAkB,EAClB,2BAA2B,EAC3B,0BAA0B,EAC1B,uBAAuB,GACxB,MAAM,yBAAyB,CAAA;AAQhC,iCAAiC;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AAGjD,0CAA0C;AAC1C,OAAO,EAAE,YAAY,EAAE,uBAAuB,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA"}

package/dist/src/security/risk-trend.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+/**
+ * @fileoverview Risk trend detection for supply chain attack monitoring
+ * @module @skillsmith/core/security/risk-trend
+ * @see SMI-3874: Risk Trend Detection
+ */
+import type { RiskScoreSnapshot } from '../repositories/RiskScoreHistoryRepository.js';
+export interface RiskTrendResult {
+    anomaly: boolean;
+    message: string;
+    currentScore: number;
+    previousScore: number | null;
+    delta: number;
+}
+/**
+ * Detect anomalous risk score changes that may indicate supply chain attacks.
+ * Thresholds: 20pt warning, 35pt critical, 40pt boundary crossing.
+ */
+export declare function detectRiskTrend(currentScore: number, history: RiskScoreSnapshot[], options?: {
+    isNewCategoryBaseline?: boolean;
+}): RiskTrendResult;
+//# sourceMappingURL=risk-trend.d.ts.map

package/dist/src/security/risk-trend.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"risk-trend.d.ts","sourceRoot":"","sources":["../../../src/security/risk-trend.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,+CAA+C,CAAA;AAEtF,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,YAAY,EAAE,MAAM,CAAA;IACpB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,KAAK,EAAE,MAAM,CAAA;CACd;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAC7B,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,iBAAiB,EAAE,EAC5B,OAAO,CAAC,EAAE;IAAE,qBAAqB,CAAC,EAAE,OAAO,CAAA;CAAE,GAC5C,eAAe,CAyEjB"}

package/dist/src/security/risk-trend.js ADDED Viewed

@@ -0,0 +1,81 @@
+/**
+ * @fileoverview Risk trend detection for supply chain attack monitoring
+ * @module @skillsmith/core/security/risk-trend
+ * @see SMI-3874: Risk Trend Detection
+ */
+/**
+ * Detect anomalous risk score changes that may indicate supply chain attacks.
+ * Thresholds: 20pt warning, 35pt critical, 40pt boundary crossing.
+ */
+export function detectRiskTrend(currentScore, history, options) {
+    if (history.length === 0) {
+        return {
+            anomaly: false,
+            message: 'No prior scan history for comparison.',
+            currentScore,
+            previousScore: null,
+            delta: 0,
+        };
+    }
+    const previous = history[0];
+    const delta = currentScore - previous.riskScore;
+    if (options?.isNewCategoryBaseline) {
+        return {
+            anomaly: false,
+            message: 'New scanner category baseline (' +
+                previous.riskScore +
+                ' -> ' +
+                currentScore +
+                '). Not flagged as anomaly.',
+            currentScore,
+            previousScore: previous.riskScore,
+            delta,
+        };
+    }
+    const crossesBoundary = previous.riskScore < 40 && currentScore >= 40;
+    const isLargeJump = delta >= 20;
+    const isCriticalJump = delta >= 35;
+    const anomaly = isLargeJump || crossesBoundary;
+    let message;
+    if (isCriticalJump) {
+        message =
+            'CRITICAL: Risk score jumped from ' +
+                previous.riskScore +
+                ' to ' +
+                currentScore +
+                ' (+' +
+                delta +
+                '). Possible supply chain compromise.';
+    }
+    else if (crossesBoundary) {
+        message =
+            'WARNING: Risk score crossed safety threshold (' +
+                previous.riskScore +
+                ' -> ' +
+                currentScore +
+                '). Review recent changes.';
+    }
+    else if (isLargeJump) {
+        message =
+            'WARNING: Risk score increased by ' +
+                delta +
+                ' points (' +
+                previous.riskScore +
+                ' -> ' +
+                currentScore +
+                ').';
+    }
+    else {
+        message =
+            'Risk score stable (' +
+                previous.riskScore +
+                ' -> ' +
+                currentScore +
+                ', delta: ' +
+                (delta >= 0 ? '+' : '') +
+                delta +
+                ').';
+    }
+    return { anomaly, message, currentScore, previousScore: previous.riskScore, delta };
+}
+//# sourceMappingURL=risk-trend.js.map

package/dist/src/security/risk-trend.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"risk-trend.js","sourceRoot":"","sources":["../../../src/security/risk-trend.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAYH;;;GAGG;AACH,MAAM,UAAU,eAAe,CAC7B,YAAoB,EACpB,OAA4B,EAC5B,OAA6C;IAE7C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,uCAAuC;YAChD,YAAY;YACZ,aAAa,EAAE,IAAI;YACnB,KAAK,EAAE,CAAC;SACT,CAAA;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;IAC3B,MAAM,KAAK,GAAG,YAAY,GAAG,QAAQ,CAAC,SAAS,CAAA;IAE/C,IAAI,OAAO,EAAE,qBAAqB,EAAE,CAAC;QACnC,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EACL,iCAAiC;gBACjC,QAAQ,CAAC,SAAS;gBAClB,MAAM;gBACN,YAAY;gBACZ,4BAA4B;YAC9B,YAAY;YACZ,aAAa,EAAE,QAAQ,CAAC,SAAS;YACjC,KAAK;SACN,CAAA;IACH,CAAC;IAED,MAAM,eAAe,GAAG,QAAQ,CAAC,SAAS,GAAG,EAAE,IAAI,YAAY,IAAI,EAAE,CAAA;IACrE,MAAM,WAAW,GAAG,KAAK,IAAI,EAAE,CAAA;IAC/B,MAAM,cAAc,GAAG,KAAK,IAAI,EAAE,CAAA;IAClC,MAAM,OAAO,GAAG,WAAW,IAAI,eAAe,CAAA;IAE9C,IAAI,OAAe,CAAA;IACnB,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO;YACL,mCAAmC;gBACnC,QAAQ,CAAC,SAAS;gBAClB,MAAM;gBACN,YAAY;gBACZ,KAAK;gBACL,KAAK;gBACL,sCAAsC,CAAA;IAC1C,CAAC;SAAM,IAAI,eAAe,EAAE,CAAC;QAC3B,OAAO;YACL,gDAAgD;gBAChD,QAAQ,CAAC,SAAS;gBAClB,MAAM;gBACN,YAAY;gBACZ,2BAA2B,CAAA;IAC/B,CAAC;SAAM,IAAI,WAAW,EAAE,CAAC;QACvB,OAAO;YACL,mCAAmC;gBACnC,KAAK;gBACL,WAAW;gBACX,QAAQ,CAAC,SAAS;gBAClB,MAAM;gBACN,YAAY;gBACZ,IAAI,CAAA;IACR,CAAC;SAAM,CAAC;QACN,OAAO;YACL,qBAAqB;gBACrB,QAAQ,CAAC,SAAS;gBAClB,MAAM;gBACN,YAAY;gBACZ,WAAW;gBACX,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACvB,KAAK;gBACL,IAAI,CAAA;IACR,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,CAAC,SAAS,EAAE,KAAK,EAAE,CAAA;AACrF,CAAC"}

package/dist/src/security/scanner/SecurityScanner.d.ts CHANGED Viewed

@@ -5,9 +5,11 @@
  */
 import type { ScanReport, ScannerOptions } from './types.js';
 import type { LineContext } from './SecurityScanner.helpers.js';
-import { isMultilinePattern, analyzeMarkdownContext, isDocumentationContext, calculateRiskScore } from './SecurityScanner.helpers.js';
+import { isMultilinePattern, analyzeMarkdownContext, isDocumentationContext, isWithinInlineCode, calculateRiskScore } from './SecurityScanner.helpers.js';
+import { scanSsrfPatterns } from './SecurityScanner.ssrf.js';
 import { toMinimalRefs, toSARIF, toGitHubAnnotations, toSummary } from './SecurityScanner.formatters.js';
-export { LineContext, isMultilinePattern, analyzeMarkdownContext, isDocumentationContext, calculateRiskScore, };
+export { LineContext, isMultilinePattern, analyzeMarkdownContext, isDocumentationContext, isWithinInlineCode, calculateRiskScore, };
+export { scanSsrfPatterns };
 export { toMinimalRefs, toSARIF, toGitHubAnnotations, toSummary };
 export declare class SecurityScanner {
     private allowedDomains;
@@ -25,6 +27,8 @@ export declare class SecurityScanner {
     private scanPromptLeaking;
     private scanDataExfiltration;
     private scanPrivilegeEscalation;
+    /** SMI-3864: Detect PII patterns. Email in YAML frontmatter gets low severity. */
+    private scanPiiPatterns;
     private scanAIDefenceVulnerabilities;
     /** @deprecated Use standalone calculateRiskScore function for new code */
     calculateRiskScore: typeof calculateRiskScore;

package/dist/src/security/scanner/SecurityScanner.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"SecurityScanner.d.ts","sourceRoot":"","sources":["../../../../src/security/scanner/SecurityScanner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAmB,UAAU,EAAE,cAAc,EAAqB,MAAM,YAAY,CAAA;~~AAehG~~,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAA;AAC/D,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,sBAAsB,EACtB,kBAAkB,~~EACnB~~,MAAM,8BAA8B,CAAA;AAGrC,OAAO,EACL,aAAa,EACb,OAAO,EACP,mBAAmB,EACnB,SAAS,EACV,MAAM,iCAAiC,CAAA;AAGxC,OAAO,EACL,WAAW,EACX,kBAAkB,EAClB,sBAAsB,EACtB,sBAAsB,EACtB,kBAAkB,GACnB,CAAA;AACD,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,mBAAmB,EAAE,SAAS,EAAE,CAAA;AAEjE,qBAAa,eAAe;IAC1B,OAAO,CAAC,cAAc,CAAa;IACnC,OAAO,CAAC,eAAe,CAAU;IACjC,OAAO,CAAC,gBAAgB,CAAQ;IAChC,OAAO,CAAC,aAAa,CAAQ;gBAEjB,OAAO,GAAE,cAAmB;IAOxC,OAAO,CAAC,WAAW;IAenB,OAAO,CAAC,eAAe;IAYvB,OAAO,CAAC,QAAQ;IAmBhB,OAAO,CAAC,kBAAkB;~~IA+B1B~~,OAAO,CAAC,qBAAqB;~~IAgC7B~~,OAAO,CAAC,sBAAsB;IAqC9B,OAAO,CAAC,qBAAqB;~~IAiC7B~~,OAAO,CAAC,iBAAiB;~~IAiCzB~~,OAAO,CAAC,oBAAoB;~~IAiC5B~~,OAAO,CAAC,uBAAuB;~~IAoC~~/B,OAAO,CAAC,4BAA4B;~~IAuEpC~~,0EAA0E;IAC1E,kBAAkB,4BAAqB;IAEvC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,UAAU;~~IAyClD~~,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAOpC,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAItC,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAKxC,MAAM,CAAC,aAAa,uBAAgB;IACpC,MAAM,CAAC,OAAO,iBAAU;IACxB,MAAM,CAAC,mBAAmB,6BAAsB;IAChD,MAAM,CAAC,SAAS,mBAAY;CAC7B;AAED,eAAe,eAAe,CAAA"}
1	+ {"version":3,"file":"SecurityScanner.d.ts","sourceRoot":"","sources":["../../../../src/security/scanner/SecurityScanner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAmB,UAAU,EAAE,cAAc,EAAqB,MAAM,YAAY,CAAA;AAgBhG,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAA;AAC/D,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,sBAAsB,EACtB,kBAAkB,EAClB,kBAAkB,EAEnB,MAAM,8BAA8B,CAAA;AAGrC,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAA;AAG5D,OAAO,EACL,aAAa,EACb,OAAO,EACP,mBAAmB,EACnB,SAAS,EACV,MAAM,iCAAiC,CAAA;AAGxC,OAAO,EACL,WAAW,EACX,kBAAkB,EAClB,sBAAsB,EACtB,sBAAsB,EACtB,kBAAkB,EAClB,kBAAkB,GACnB,CAAA;AACD,OAAO,EAAE,gBAAgB,EAAE,CAAA;AAC3B,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,mBAAmB,EAAE,SAAS,EAAE,CAAA;AAEjE,qBAAa,eAAe;IAC1B,OAAO,CAAC,cAAc,CAAa;IACnC,OAAO,CAAC,eAAe,CAAU;IACjC,OAAO,CAAC,gBAAgB,CAAQ;IAChC,OAAO,CAAC,aAAa,CAAQ;gBAEjB,OAAO,GAAE,cAAmB;IAOxC,OAAO,CAAC,WAAW;IAenB,OAAO,CAAC,eAAe;IAYvB,OAAO,CAAC,QAAQ;IAmBhB,OAAO,CAAC,kBAAkB;IAiC1B,OAAO,CAAC,qBAAqB;IAa7B,OAAO,CAAC,sBAAsB;IAqC9B,OAAO,CAAC,qBAAqB;IAkC7B,OAAO,CAAC,iBAAiB;IAkCzB,OAAO,CAAC,oBAAoB;IAkC5B,OAAO,CAAC,uBAAuB;IAqC/B,kFAAkF;IAClF,OAAO,CAAC,eAAe;IAiDvB,OAAO,CAAC,4BAA4B;IAgBpC,0EAA0E;IAC1E,kBAAkB,4BAAqB;IAEvC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,UAAU;IA2ClD,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAOpC,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAItC,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAKxC,MAAM,CAAC,aAAa,uBAAgB;IACpC,MAAM,CAAC,OAAO,iBAAU;IACxB,MAAM,CAAC,mBAAmB,6BAAsB;IAChD,MAAM,CAAC,SAAS,mBAAY;CAC7B;AAED,eAAe,eAAe,CAAA"}

package/dist/src/security/scanner/SecurityScanner.helpers.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@
  * Security Scanner Helper Functions
  * @module @skillsmith/core/security/scanner/SecurityScanner.helpers
  */
-import type { SecurityFinding, RiskScoreBreakdown } from './types.js';
+import type { SecurityFinding, SecurityFindingType, RiskScoreBreakdown, SecuritySeverity } from './types.js';
 /**
  * Context information for each line in markdown content
  */
@@ -25,9 +25,30 @@ export declare function isMultilinePattern(pattern: RegExp): boolean;
  */
 export declare function analyzeMarkdownContext(content: string): LineContext[];
 /**
- * Check if a line is in a documentation context (code block, table, example)
+ * Check if a line is in a documentation context (code block, table, example).
+ * Note: isInlineCode is intentionally excluded — it marks the entire line,
+ * but only specific match positions within backtick spans should reduce severity.
+ * Use isWithinInlineCode() for per-span granularity (SMI-3521).
  */
 export declare function isDocumentationContext(ctx: LineContext): boolean;
+/**
+ * SMI-3521: Check if a match position falls within an inline code span (backtick-delimited).
+ * Unlike the line-level isInlineCode flag, this provides per-span granularity:
+ * only content actually between backticks is considered inline code.
+ */
+export declare function isWithinInlineCode(line: string, matchIndex: number): boolean;
+interface MultilineScanConfig {
+    type: SecurityFindingType;
+    messagePrefix: string;
+    patterns: RegExp[];
+    /** Severity pair: [inDocContext, normalContext] */
+    severities: [SecuritySeverity, SecuritySeverity];
+}
+/**
+ * Scan content for patterns that may span multiple lines.
+ * Multi-line patterns are tested against full content; single-line patterns per-line.
+ */
+export declare function scanPatternsWithMultilineSupport(content: string, config: MultilineScanConfig, lineContexts?: LineContext[]): SecurityFinding[];
 /**
  * SMI-685: Calculate risk score from findings
  * SMI-1513: Accounts for confidence levels (low confidence = reduced weight)
@@ -37,4 +58,5 @@ export declare function calculateRiskScore(findings: SecurityFinding[]): {
     total: number;
     breakdown: RiskScoreBreakdown;
 };
+export {};
 //# sourceMappingURL=SecurityScanner.helpers.d.ts.map

package/dist/src/security/scanner/SecurityScanner.helpers.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"SecurityScanner.helpers.d.ts","sourceRoot":"","sources":["../../../../src/security/scanner/SecurityScanner.helpers.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,~~EAAE~~,eAAe,~~EAAE~~,kBAAkB,~~EAAqB~~,MAAM,YAAY,CAAA;~~AAOxF~~;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAA;IAClB,WAAW,EAAE,OAAO,CAAA;IACpB,OAAO,EAAE,OAAO,CAAA;IAChB,cAAc,EAAE,OAAO,CAAA;IACvB,YAAY,EAAE,OAAO,CAAA;CACtB;AAMD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAK3D;AAMD;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,EAAE,CAqCrE;AAED~~;;GAEG~~;AACH,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAEhE;AAMD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,eAAe,EAAE,GAAG;IAC/D,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE,kBAAkB,CAAA;CAC9B,~~CAmFA~~"}
1	+ {"version":3,"file":"SecurityScanner.helpers.d.ts","sourceRoot":"","sources":["../../../../src/security/scanner/SecurityScanner.helpers.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EACV,eAAe,EACf,mBAAmB,EACnB,kBAAkB,EAElB,gBAAgB,EACjB,MAAM,YAAY,CAAA;AAQnB;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAA;IAClB,WAAW,EAAE,OAAO,CAAA;IACpB,OAAO,EAAE,OAAO,CAAA;IAChB,cAAc,EAAE,OAAO,CAAA;IACvB,YAAY,EAAE,OAAO,CAAA;CACtB;AAMD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAK3D;AAMD;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,EAAE,CAqCrE;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAEhE;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAW5E;AAMD,UAAU,mBAAmB;IAC3B,IAAI,EAAE,mBAAmB,CAAA;IACzB,aAAa,EAAE,MAAM,CAAA;IACrB,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,mDAAmD;IACnD,UAAU,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,CAAC,CAAA;CACjD;AAED;;;GAGG;AACH,wBAAgB,gCAAgC,CAC9C,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,mBAAmB,EAC3B,YAAY,CAAC,EAAE,WAAW,EAAE,GAC3B,eAAe,EAAE,CAoEnB;AAMD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,eAAe,EAAE,GAAG;IAC/D,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE,kBAAkB,CAAA;CAC9B,CA+FA"}

package/dist/src/security/scanner/SecurityScanner.helpers.js CHANGED Viewed

@@ -3,6 +3,7 @@
  * @module @skillsmith/core/security/scanner/SecurityScanner.helpers
  */
 import { SEVERITY_WEIGHTS, CATEGORY_WEIGHTS } from './weights.js';
+import { safeRegexTest } from './regex-utils.js';
 // ============================================================================
 // Pattern Helpers
 // ============================================================================
@@ -53,11 +54,100 @@ export function analyzeMarkdownContext(content) {
     return contexts;
 }
 /**
- * Check if a line is in a documentation context (code block, table, example)
+ * Check if a line is in a documentation context (code block, table, example).
+ * Note: isInlineCode is intentionally excluded — it marks the entire line,
+ * but only specific match positions within backtick spans should reduce severity.
+ * Use isWithinInlineCode() for per-span granularity (SMI-3521).
  */
 export function isDocumentationContext(ctx) {
     return ctx.inCodeBlock || ctx.inTable || ctx.isIndentedCode;
 }
+/**
+ * SMI-3521: Check if a match position falls within an inline code span (backtick-delimited).
+ * Unlike the line-level isInlineCode flag, this provides per-span granularity:
+ * only content actually between backticks is considered inline code.
+ */
+export function isWithinInlineCode(line, matchIndex) {
+    const backtickRegex = /`([^`]+)`/g;
+    let match;
+    while ((match = backtickRegex.exec(line)) !== null) {
+        const spanStart = match.index;
+        const spanEnd = match.index + match[0].length;
+        if (matchIndex >= spanStart && matchIndex < spanEnd) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Scan content for patterns that may span multiple lines.
+ * Multi-line patterns are tested against full content; single-line patterns per-line.
+ */
+export function scanPatternsWithMultilineSupport(content, config, lineContexts) {
+    const findings = [];
+    const lines = content.split('\n');
+    const contexts = lineContexts ?? analyzeMarkdownContext(content);
+    const flaggedLines = new Set();
+    // First pass: multi-line patterns against full content
+    for (const pattern of config.patterns) {
+        if (isMultilinePattern(pattern)) {
+            const match = safeRegexTest(pattern, content);
+            if (match) {
+                const matchIndex = content.indexOf(match[0]);
+                const lineNumber = content.slice(0, matchIndex).split('\n').length;
+                const ctx = contexts[lineNumber - 1];
+                const matchLine = lines[lineNumber - 1] ?? '';
+                const lineOffset = content.lastIndexOf('\n', matchIndex - 1) + 1;
+                const matchCol = matchIndex - lineOffset;
+                const inInlineCode = ctx?.isInlineCode && isWithinInlineCode(matchLine, matchCol);
+                const inDocContext = ctx ? isDocumentationContext(ctx) || inInlineCode : false;
+                const confidence = inDocContext ? 'low' : 'high';
+                const severity = inDocContext ? config.severities[0] : config.severities[1];
+                const truncated = match[0].slice(0, 50);
+                findings.push({
+                    type: config.type,
+                    severity,
+                    message: `${config.messagePrefix}: "${truncated}${match[0].length > 50 ? '...' : ''}"`,
+                    location: match[0].trim().slice(0, 100),
+                    lineNumber,
+                    category: config.type,
+                    inDocumentationContext: inDocContext,
+                    confidence,
+                });
+                flaggedLines.add(lineNumber);
+            }
+        }
+    }
+    // Second pass: single-line patterns per-line
+    lines.forEach((line, index) => {
+        if (flaggedLines.has(index + 1))
+            return;
+        const ctx = contexts[index];
+        for (const pattern of config.patterns) {
+            if (isMultilinePattern(pattern))
+                continue;
+            const match = safeRegexTest(pattern, line);
+            if (match) {
+                const inInlineCode = ctx?.isInlineCode && isWithinInlineCode(line, match.index ?? 0);
+                const inDocContext = ctx ? isDocumentationContext(ctx) || inInlineCode : false;
+                const confidence = inDocContext ? 'low' : 'high';
+                const severity = inDocContext ? config.severities[0] : config.severities[1];
+                findings.push({
+                    type: config.type,
+                    severity,
+                    message: `${config.messagePrefix}: "${match[0].slice(0, 50)}${match[0].length > 50 ? '...' : ''}"`,
+                    location: line.trim().slice(0, 100),
+                    lineNumber: index + 1,
+                    category: config.type,
+                    inDocumentationContext: inDocContext,
+                    confidence,
+                });
+                break;
+            }
+        }
+    });
+    return findings;
+}
 // ============================================================================
 // Risk Score Calculation
 // ============================================================================
@@ -77,6 +167,8 @@ export function calculateRiskScore(findings) {
         sensitivePaths: 0,
         externalUrls: 0,
         aiDefence: 0,
+        ssrf: 0,
+        pii: 0,
     };
     const confidenceWeights = {
         high: 1.0,
@@ -116,6 +208,12 @@ export function calculateRiskScore(findings) {
             case 'ai_defence':
                 breakdown.aiDefence += score;
                 break;
+            case 'ssrf':
+                breakdown.ssrf += score;
+                break;
+            case 'pii':
+                breakdown.pii += score;
+                break;
         }
     }
     // Cap each category at 100
@@ -128,15 +226,19 @@ export function calculateRiskScore(findings) {
     breakdown.sensitivePaths = Math.min(100, breakdown.sensitivePaths);
     breakdown.externalUrls = Math.min(100, breakdown.externalUrls);
     breakdown.aiDefence = Math.min(100, breakdown.aiDefence);
-    const total = Math.min(100, Math.round(breakdown.jailbreak * 0.22 +
-        breakdown.socialEngineering * 0.12 +
-        breakdown.promptLeaking * 0.12 +
-        breakdown.dataExfiltration * 0.1 +
+    breakdown.ssrf = Math.min(100, breakdown.ssrf);
+    breakdown.pii = Math.min(100, breakdown.pii);
+    const total = Math.min(100, Math.round(breakdown.jailbreak * 0.2 +
+        breakdown.socialEngineering * 0.11 +
+        breakdown.promptLeaking * 0.11 +
+        breakdown.dataExfiltration * 0.08 +
         breakdown.privilegeEscalation * 0.11 +
-        breakdown.suspiciousCode * 0.08 +
-        breakdown.sensitivePaths * 0.05 +
-        breakdown.externalUrls * 0.05 +
-        breakdown.aiDefence * 0.15));
+        breakdown.suspiciousCode * 0.07 +
+        breakdown.sensitivePaths * 0.04 +
+        breakdown.externalUrls * 0.04 +
+        breakdown.aiDefence * 0.12 +
+        breakdown.ssrf * 0.04 +
+        breakdown.pii * 0.08));
     return { total, breakdown };
 }
 //# sourceMappingURL=SecurityScanner.helpers.js.map

package/dist/src/security/scanner/SecurityScanner.helpers.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"SecurityScanner.helpers.js","sourceRoot":"","sources":["../../../../src/security/scanner/SecurityScanner.helpers.ts"],"names":[],"mappings":"AAAA;;;GAGG;~~AAGH~~,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAA;~~AAiBjE~~,+EAA+E;AAC/E,kBAAkB;AAClB,+EAA+E;AAE/E;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAA;IACjC,OAAO,CACL,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,WAAW,CAAC,CAC/F,CAAA;AACH,CAAC;AAED,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAe;IACpD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,QAAQ,GAAkB,EAAE,CAAA;IAClC,IAAI,iBAAiB,GAAG,KAAK,CAAA;IAE7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACrB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;QAE/B,sDAAsD;QACtD,IAAI,gBAAgB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACvC,iBAAiB,GAAG,CAAC,iBAAiB,CAAA;QACxC,CAAC;QAED,sCAAsC;QACtC,MAAM,OAAO,GAAG,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;QAE3C,yEAAyE;QACzE,MAAM,cAAc,GAClB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;YACxB,CAAC,iBAAiB;YAClB,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC;YAC5B,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;QAE9B,iEAAiE;QACjE,MAAM,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAA;QAE/D,QAAQ,CAAC,IAAI,CAAC;YACZ,UAAU,EAAE,CAAC,GAAG,CAAC;YACjB,WAAW,EAAE,iBAAiB;YAC9B,OAAO;YACP,cAAc;YACd,YAAY;SACb,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED~~;;GAEG~~;AACH,MAAM,UAAU,sBAAsB,CAAC,GAAgB;IACrD,OAAO,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,cAAc,CAAA;AAC7D,CAAC;AAED,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAA2B;IAI5D,MAAM,SAAS,GAAuB;QACpC,SAAS,EAAE,CAAC;QACZ,iBAAiB,EAAE,CAAC;QACpB,aAAa,EAAE,CAAC;QAChB,gBAAgB,EAAE,CAAC;QACnB,mBAAmB,EAAE,CAAC;QACtB,cAAc,EAAE,CAAC;QACjB,cAAc,EAAE,CAAC;QACjB,YAAY,EAAE,CAAC;QACf,SAAS,EAAE,CAAC;~~KACb~~,CAAA;IAED,MAAM,iBAAiB,GAAsC;QAC3D,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,GAAG;QACX,GAAG,EAAE,GAAG;KACT,CAAA;IAED,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QACzD,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,GAAG,CAAA;QAC5D,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,OAAO,CAAC,UAAU,IAAI,MAAM,CAAC,CAAA;QACxE,MAAM,KAAK,GAAG,cAAc,GAAG,cAAc,GAAG,gBAAgB,CAAA;QAEhE,QAAQ,OAAO,CAAC,IAAI,EAAE,CAAC;YACrB,KAAK,WAAW;gBACd,SAAS,CAAC,SAAS,IAAI,KAAK,CAAA;gBAC5B,MAAK;YACP,KAAK,oBAAoB;gBACvB,SAAS,CAAC,iBAAiB,IAAI,KAAK,CAAA;gBACpC,MAAK;YACP,KAAK,gBAAgB;gBACnB,SAAS,CAAC,aAAa,IAAI,KAAK,CAAA;gBAChC,MAAK;YACP,KAAK,mBAAmB;gBACtB,SAAS,CAAC,gBAAgB,IAAI,KAAK,CAAA;gBACnC,MAAK;YACP,KAAK,sBAAsB;gBACzB,SAAS,CAAC,mBAAmB,IAAI,KAAK,CAAA;gBACtC,MAAK;YACP,KAAK,oBAAoB;gBACvB,SAAS,CAAC,cAAc,IAAI,KAAK,CAAA;gBACjC,MAAK;YACP,KAAK,gBAAgB;gBACnB,SAAS,CAAC,cAAc,IAAI,KAAK,CAAA;gBACjC,MAAK;YACP,KAAK,KAAK;gBACR,SAAS,CAAC,YAAY,IAAI,KAAK,CAAA;gBAC/B,MAAK;YACP,KAAK,YAAY;gBACf,SAAS,CAAC,SAAS,IAAI,KAAK,CAAA;gBAC5B,MAAK;QACT,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;IACxD,SAAS,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,iBAAiB,CAAC,CAAA;IACxE,SAAS,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,aAAa,CAAC,CAAA;IAChE,SAAS,CAAC,gBAAgB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,gBAAgB,CAAC,CAAA;IACtE,SAAS,CAAC,mBAAmB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,mBAAmB,CAAC,CAAA;IAC5E,SAAS,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,cAAc,CAAC,CAAA;IAClE,SAAS,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,cAAc,CAAC,CAAA;IAClE,SAAS,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,YAAY,CAAC,CAAA;IAC9D,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;~~IAExD~~,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CACpB,GAAG,EACH,IAAI,CAAC,KAAK,CACR,SAAS,CAAC,SAAS,GAAG,~~IAAI~~;~~QACxB~~,SAAS,CAAC,iBAAiB,GAAG,IAAI;QAClC,SAAS,CAAC,aAAa,GAAG,IAAI;QAC9B,SAAS,CAAC,gBAAgB,GAAG,~~GAAG~~;~~QAChC~~,SAAS,CAAC,mBAAmB,GAAG,IAAI;QACpC,SAAS,CAAC,cAAc,GAAG,IAAI;QAC/B,SAAS,CAAC,cAAc,GAAG,IAAI;QAC/B,SAAS,CAAC,YAAY,GAAG,IAAI;QAC7B,SAAS,CAAC,SAAS,GAAG,IAAI,~~CAC7B~~,CACF,CAAA;IAED,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAA;AAC7B,CAAC"}
1	+ {"version":3,"file":"SecurityScanner.helpers.js","sourceRoot":"","sources":["../../../../src/security/scanner/SecurityScanner.helpers.ts"],"names":[],"mappings":"AAAA;;;GAGG;AASH,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAA;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAA;AAiBhD,+EAA+E;AAC/E,kBAAkB;AAClB,+EAA+E;AAE/E;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAA;IACjC,OAAO,CACL,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,WAAW,CAAC,CAC/F,CAAA;AACH,CAAC;AAED,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAe;IACpD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,QAAQ,GAAkB,EAAE,CAAA;IAClC,IAAI,iBAAiB,GAAG,KAAK,CAAA;IAE7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACrB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,CAAA;QAE/B,sDAAsD;QACtD,IAAI,gBAAgB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACvC,iBAAiB,GAAG,CAAC,iBAAiB,CAAA;QACxC,CAAC;QAED,sCAAsC;QACtC,MAAM,OAAO,GAAG,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;QAE3C,yEAAyE;QACzE,MAAM,cAAc,GAClB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;YACxB,CAAC,iBAAiB;YAClB,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC;YAC5B,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;QAE9B,iEAAiE;QACjE,MAAM,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAA;QAE/D,QAAQ,CAAC,IAAI,CAAC;YACZ,UAAU,EAAE,CAAC,GAAG,CAAC;YACjB,WAAW,EAAE,iBAAiB;YAC9B,OAAO;YACP,cAAc;YACd,YAAY;SACb,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,GAAgB;IACrD,OAAO,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,cAAc,CAAA;AAC7D,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAY,EAAE,UAAkB;IACjE,MAAM,aAAa,GAAG,YAAY,CAAA;IAClC,IAAI,KAAK,CAAA;IACT,OAAO,CAAC,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACnD,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAA;QAC7B,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAA;QAC7C,IAAI,UAAU,IAAI,SAAS,IAAI,UAAU,GAAG,OAAO,EAAE,CAAC;YACpD,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAcD;;;GAGG;AACH,MAAM,UAAU,gCAAgC,CAC9C,OAAe,EACf,MAA2B,EAC3B,YAA4B;IAE5B,MAAM,QAAQ,GAAsB,EAAE,CAAA;IACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,QAAQ,GAAG,YAAY,IAAI,sBAAsB,CAAC,OAAO,CAAC,CAAA;IAChE,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAA;IAEtC,uDAAuD;IACvD,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,IAAI,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;YAChC,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;YAC7C,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;gBAC5C,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAA;gBAClE,MAAM,GAAG,GAAG,QAAQ,CAAC,UAAU,GAAG,CAAC,CAAC,CAAA;gBACpC,MAAM,SAAS,GAAG,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE,CAAA;gBAC7C,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,CAAA;gBAChE,MAAM,QAAQ,GAAG,UAAU,GAAG,UAAU,CAAA;gBACxC,MAAM,YAAY,GAAG,GAAG,EAAE,YAAY,IAAI,kBAAkB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAA;gBACjF,MAAM,YAAY,GAAG,GAAG,CAAC,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,CAAA;gBAC9E,MAAM,UAAU,GAAsB,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAA;gBACnE,MAAM,QAAQ,GAAG,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;gBAC3E,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;gBAEvC,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,QAAQ;oBACR,OAAO,EAAE,GAAG,MAAM,CAAC,aAAa,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG;oBACtF,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBACvC,UAAU;oBACV,QAAQ,EAAE,MAAM,CAAC,IAAI;oBACrB,sBAAsB,EAAE,YAAY;oBACpC,UAAU;iBACX,CAAC,CAAA;gBACF,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC;YAAE,OAAM;QACvC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAA;QAE3B,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,IAAI,kBAAkB,CAAC,OAAO,CAAC;gBAAE,SAAQ;YACzC,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;YAC1C,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,YAAY,GAAG,GAAG,EAAE,YAAY,IAAI,kBAAkB,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,CAAA;gBACpF,MAAM,YAAY,GAAG,GAAG,CAAC,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,CAAA;gBAC9E,MAAM,UAAU,GAAsB,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAA;gBACnE,MAAM,QAAQ,GAAG,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;gBAE3E,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,QAAQ;oBACR,OAAO,EAAE,GAAG,MAAM,CAAC,aAAa,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG;oBAClG,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBACnC,UAAU,EAAE,KAAK,GAAG,CAAC;oBACrB,QAAQ,EAAE,MAAM,CAAC,IAAI;oBACrB,sBAAsB,EAAE,YAAY;oBACpC,UAAU;iBACX,CAAC,CAAA;gBACF,MAAK;YACP,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAA2B;IAI5D,MAAM,SAAS,GAAuB;QACpC,SAAS,EAAE,CAAC;QACZ,iBAAiB,EAAE,CAAC;QACpB,aAAa,EAAE,CAAC;QAChB,gBAAgB,EAAE,CAAC;QACnB,mBAAmB,EAAE,CAAC;QACtB,cAAc,EAAE,CAAC;QACjB,cAAc,EAAE,CAAC;QACjB,YAAY,EAAE,CAAC;QACf,SAAS,EAAE,CAAC;QACZ,IAAI,EAAE,CAAC;QACP,GAAG,EAAE,CAAC;KACP,CAAA;IAED,MAAM,iBAAiB,GAAsC;QAC3D,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,GAAG;QACX,GAAG,EAAE,GAAG;KACT,CAAA;IAED,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QACzD,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,GAAG,CAAA;QAC5D,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,OAAO,CAAC,UAAU,IAAI,MAAM,CAAC,CAAA;QACxE,MAAM,KAAK,GAAG,cAAc,GAAG,cAAc,GAAG,gBAAgB,CAAA;QAEhE,QAAQ,OAAO,CAAC,IAAI,EAAE,CAAC;YACrB,KAAK,WAAW;gBACd,SAAS,CAAC,SAAS,IAAI,KAAK,CAAA;gBAC5B,MAAK;YACP,KAAK,oBAAoB;gBACvB,SAAS,CAAC,iBAAiB,IAAI,KAAK,CAAA;gBACpC,MAAK;YACP,KAAK,gBAAgB;gBACnB,SAAS,CAAC,aAAa,IAAI,KAAK,CAAA;gBAChC,MAAK;YACP,KAAK,mBAAmB;gBACtB,SAAS,CAAC,gBAAgB,IAAI,KAAK,CAAA;gBACnC,MAAK;YACP,KAAK,sBAAsB;gBACzB,SAAS,CAAC,mBAAmB,IAAI,KAAK,CAAA;gBACtC,MAAK;YACP,KAAK,oBAAoB;gBACvB,SAAS,CAAC,cAAc,IAAI,KAAK,CAAA;gBACjC,MAAK;YACP,KAAK,gBAAgB;gBACnB,SAAS,CAAC,cAAc,IAAI,KAAK,CAAA;gBACjC,MAAK;YACP,KAAK,KAAK;gBACR,SAAS,CAAC,YAAY,IAAI,KAAK,CAAA;gBAC/B,MAAK;YACP,KAAK,YAAY;gBACf,SAAS,CAAC,SAAS,IAAI,KAAK,CAAA;gBAC5B,MAAK;YACP,KAAK,MAAM;gBACT,SAAS,CAAC,IAAI,IAAI,KAAK,CAAA;gBACvB,MAAK;YACP,KAAK,KAAK;gBACR,SAAS,CAAC,GAAG,IAAI,KAAK,CAAA;gBACtB,MAAK;QACT,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;IACxD,SAAS,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,iBAAiB,CAAC,CAAA;IACxE,SAAS,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,aAAa,CAAC,CAAA;IAChE,SAAS,CAAC,gBAAgB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,gBAAgB,CAAC,CAAA;IACtE,SAAS,CAAC,mBAAmB,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,mBAAmB,CAAC,CAAA;IAC5E,SAAS,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,cAAc,CAAC,CAAA;IAClE,SAAS,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,cAAc,CAAC,CAAA;IAClE,SAAS,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,YAAY,CAAC,CAAA;IAC9D,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,SAAS,CAAC,CAAA;IACxD,SAAS,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,IAAI,CAAC,CAAA;IAC9C,SAAS,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG,CAAC,CAAA;IAE5C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CACpB,GAAG,EACH,IAAI,CAAC,KAAK,CACR,SAAS,CAAC,SAAS,GAAG,GAAG;QACvB,SAAS,CAAC,iBAAiB,GAAG,IAAI;QAClC,SAAS,CAAC,aAAa,GAAG,IAAI;QAC9B,SAAS,CAAC,gBAAgB,GAAG,IAAI;QACjC,SAAS,CAAC,mBAAmB,GAAG,IAAI;QACpC,SAAS,CAAC,cAAc,GAAG,IAAI;QAC/B,SAAS,CAAC,cAAc,GAAG,IAAI;QAC/B,SAAS,CAAC,YAAY,GAAG,IAAI;QAC7B,SAAS,CAAC,SAAS,GAAG,IAAI;QAC1B,SAAS,CAAC,IAAI,GAAG,IAAI;QACrB,SAAS,CAAC,GAAG,GAAG,IAAI,CACvB,CACF,CAAA;IAED,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAA;AAC7B,CAAC"}