@snovon/solast 0.2.0

package/dist/detectors/arbitrary-address-spoofing.js

@@ -0,0 +1,657 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ArbitraryAddressSpoofingDetector = void 0;
+const RULE_ID = 'arbitrary-address-spoofing';
+const ASSIGNMENT_OPERATORS = new Set(['=', '+=', '-=', '*=', '/=', '%=', '|=', '&=', '^=', '<<=', '>>=']);
+const AUTH_NAMES = new Set(['owner', 'admin', 'authority', 'operator', 'guardian']);
+const ROLE_MAPPING_NAMES = new Set(['approved', 'approvals', 'authorized', 'operators', 'admins', 'owners']);
+const TRANSFER_MEMBERS = new Set(['transfer', 'send', 'call']);
+const ROLE_HELPER_NAMES = new Set(['_checkRole', 'checkRole']);
+class ArbitraryAddressSpoofingDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    scanAst(ast, file) {
+        if (!ast || ast.type !== 'SourceUnit')
+            return [];
+        const findings = [];
+        for (const contract of ast.children || []) {
+            if (!isNode(contract, 'ContractDefinition'))
+                continue;
+            if (contract.kind === 'interface' || contract.kind === 'library')
+                continue;
+            const ctx = {
+                stateVars: collectStateVariables(contract),
+                modifiers: collectMembers(contract, 'ModifierDefinition'),
+                internalFunctions: collectInternalFunctions(contract),
+            };
+            for (const fn of contract.subNodes || []) {
+                if (!isNode(fn, 'FunctionDefinition'))
+                    continue;
+                if (!fn.body || fn.isConstructor || fn.kind === 'constructor')
+                    continue;
+                if (!isExternallyCallable(fn))
+                    continue;
+                if (isReadOnly(fn))
+                    continue;
+                const findingNode = this.findSpoofingSink(fn, ctx);
+                if (!findingNode)
+                    continue;
+                const loc = locOf(fn) || locOf(findingNode) || { line: 0, column: 0 };
+                const functionName = fn.name || '<anonymous>';
+                const contractName = contract.name || '<anonymous>';
+                findings.push({
+                    file,
+                    contract: contractName,
+                    'function': functionName,
+                    line: loc.line,
+                    endLine: loc.line,
+                    column: loc.column,
+                    pattern: RULE_ID,
+                    confidence: 'high',
+                    ruleId: RULE_ID,
+                    severity: 'high',
+                    message: `Arbitrary address spoofing risk in '${contractName}.${functionName}': a spoofable address value is used as effective authority or privileged identity before a sensitive operation.`,
+                    rationale: 'The function trusts a caller-supplied address, storage-derived address cast, or external-call return as actor/owner identity instead of binding authorization to msg.sender or a recognized authenticated path.',
+                    suggestedFix: 'Bind authorization checks to msg.sender or a role/owner guard, and only update owner/approval identity from authenticated functions or trusted initialization paths.',
+                    contractName,
+                    functionName,
+                    sourceLocation: loc,
+                    findingId: '',
+                    contractHash: '',
+                });
+            }
+        }
+        return findings;
+    }
+    findSpoofingSink(fn, ctx) {
+        const state = {
+            addressParams: collectAddressParameterNames(fn),
+            spoofableLocals: new Set(),
+            safeCallerGuard: hasModifierSafeCallerGuard(fn, ctx),
+            spoofedAuth: hasSpoofedModifierAuth(fn, ctx),
+            verifiedActorParams: new Set(),
+        };
+        let findingNode = null;
+        const visitor = (node) => {
+            if (findingNode)
+                return;
+            if (isNode(node, 'VariableDeclarationStatement')) {
+                this.recordSpoofableLocals(node, state, ctx);
+                return;
+            }
+            if (isRequireOrAssert(node)) {
+                if (isSpoofedAuthorizationPredicate(firstArg(node), state, ctx)) {
+                    state.spoofedAuth = true;
+                }
+                return;
+            }
+            if (isInternalCall(node, ctx)) {
+                if (internalCallHasSpoofedAuth(node, state, ctx)) {
+                    state.spoofedAuth = true;
+                }
+                return;
+            }
+            if (isAssignmentNode(node)) {
+                if (isVerifiedNoOpAssignment(node, state, ctx)) {
+                    return;
+                }
+                if (!state.safeCallerGuard && isPrivilegedIdentityAssignment(node, state, ctx)) {
+                    findingNode = node;
+                    return;
+                }
+                if (!state.safeCallerGuard && isSpoofedAuthorizationStateWrite(node, state, ctx)) {
+                    findingNode = node;
+                    return;
+                }
+            }
+            if (!state.safeCallerGuard && state.spoofedAuth && isSensitiveOperation(node, ctx)) {
+                findingNode = node;
+            }
+        };
+        const statements = (fn.body && fn.body.statements) || [];
+        for (const stmt of statements) {
+            if (findingNode)
+                break;
+            walk(stmt, visitor);
+            if (topLevelStatementIsSafeCallerGuard(stmt, ctx)) {
+                state.safeCallerGuard = true;
+            }
+            recordTopLevelSpoofedAuth(stmt, state, ctx);
+        }
+        return findingNode;
+    }
+    recordSpoofableLocals(node, state, ctx) {
+        if (!node.initialValue)
+            return;
+        if (!isExternalCall(node.initialValue, ctx) && !isSpoofableExpr(node.initialValue, state, ctx))
+            return;
+        for (const variable of node.variables || []) {
+            if (variable?.name)
+                state.spoofableLocals.add(variable.name);
+        }
+    }
+}
+exports.ArbitraryAddressSpoofingDetector = ArbitraryAddressSpoofingDetector;
+function collectStateVariables(contract) {
+    const vars = new Set();
+    for (const node of contract.subNodes || []) {
+        if (!isNode(node, 'StateVariableDeclaration'))
+            continue;
+        for (const variable of node.variables || []) {
+            if (variable?.name)
+                vars.add(variable.name);
+        }
+    }
+    return vars;
+}
+function collectMembers(contract, type) {
+    const members = new Map();
+    for (const node of contract.subNodes || []) {
+        if (isNode(node, type) && node.name)
+            members.set(node.name, node);
+    }
+    return members;
+}
+function collectInternalFunctions(contract) {
+    const fns = new Map();
+    for (const node of contract.subNodes || []) {
+        if (!isNode(node, 'FunctionDefinition') || !node.name || !node.body)
+            continue;
+        if (node.visibility === 'internal' || node.visibility === 'private' || !node.visibility) {
+            fns.set(node.name, node);
+        }
+    }
+    return fns;
+}
+function collectAddressParameterNames(fn) {
+    const params = new Set();
+    for (const param of fn.parameters || []) {
+        if (param?.name && isAddressType(param.typeName))
+            params.add(param.name);
+    }
+    return params;
+}
+function hasModifierSafeCallerGuard(fn, ctx) {
+    for (const modifier of fn.modifiers || []) {
+        const name = modifier?.name;
+        if (!name)
+            continue;
+        const normalized = name.toLowerCase();
+        if (normalized === 'onlyowner' || normalized === 'onlyrole') {
+            const definition = ctx.modifiers.get(name);
+            if (definition?.body) {
+                if (modifierBodyHasMandatoryCallerGuard(definition.body, ctx))
+                    return true;
+                continue;
+            }
+            if (invocationHasSpoofableArg(modifier, fn))
+                continue;
+            return true;
+        }
+        const definition = ctx.modifiers.get(name);
+        if (definition?.body && modifierBodyHasMandatoryCallerGuard(definition.body, ctx))
+            return true;
+    }
+    return false;
+}
+function invocationHasSpoofableArg(modifierInvocation, fn) {
+    const args = modifierInvocation?.arguments || [];
+    for (const arg of args) {
+        if (isSpoofableInvocationArgument(arg, fn))
+            return true;
+    }
+    return false;
+}
+function modifierBodyHasMandatoryCallerGuard(body, ctx) {
+    const statements = body?.statements || [];
+    for (const stmt of statements) {
+        if (topLevelStatementIsSafeCallerGuard(stmt, ctx))
+            return true;
+    }
+    return false;
+}
+function topLevelStatementIsSafeCallerGuard(stmt, ctx) {
+    if (isNode(stmt, 'IfStatement')) {
+        return !stmt.falseBody
+            && isRejectingNonAuthorityCallerPredicate(stmt.condition, ctx)
+            && consequentUnconditionallyReverts(stmt.trueBody);
+    }
+    if (!isNode(stmt, 'ExpressionStatement'))
+        return false;
+    const expr = stmt.expression;
+    if (!expr)
+        return false;
+    if (isRequireOrAssert(expr) && isSafeCallerPredicate(firstArg(expr), ctx))
+        return true;
+    if (isNode(expr, 'FunctionCall') && isRoleHelperSafeGuard(expr))
+        return true;
+    return false;
+}
+function recordTopLevelSpoofedAuth(stmt, state, ctx) {
+    if (isNode(stmt, 'IfStatement') && !stmt.falseBody && consequentUnconditionallyReverts(stmt.trueBody)) {
+        const verified = identifySpoofedAuthRejectingPredicate(stmt.condition, state, ctx);
+        if (verified) {
+            state.spoofedAuth = true;
+            state.verifiedActorParams.add(verified);
+        }
+        return;
+    }
+    if (isNode(stmt, 'ExpressionStatement') && isNode(stmt.expression, 'FunctionCall')) {
+        const expr = stmt.expression;
+        if (ROLE_HELPER_NAMES.has(getCallName(expr))) {
+            const args = expr.arguments || [];
+            if (args.length >= 2 && isSpoofableExpr(args[1], state, ctx)) {
+                state.spoofedAuth = true;
+            }
+        }
+    }
+}
+function identifySpoofedAuthRejectingPredicate(expr, state, ctx) {
+    if (!expr)
+        return null;
+    if (isNode(expr, 'TupleExpression')) {
+        const components = expr.components || [];
+        if (components.length === 1)
+            return identifySpoofedAuthRejectingPredicate(components[0], state, ctx);
+        return null;
+    }
+    if (!isNode(expr, 'BinaryOperation'))
+        return null;
+    if (expr.operator !== '!=' && expr.operator !== '!==')
+        return null;
+    if (isCallerReference(expr.left) || isCallerReference(expr.right))
+        return null;
+    if (isSpoofableExpr(expr.left, state, ctx) && isAuthorityExpr(expr.right, ctx)) {
+        return referenceRoot(expr.left);
+    }
+    if (isSpoofableExpr(expr.right, state, ctx) && isAuthorityExpr(expr.left, ctx)) {
+        return referenceRoot(expr.right);
+    }
+    return null;
+}
+function isVerifiedNoOpAssignment(node, state, ctx) {
+    const assignment = assignmentParts(node);
+    if (!assignment)
+        return false;
+    const leftRoot = referenceRoot(assignment.left);
+    if (!ctx.stateVars.has(leftRoot) || !isPrivilegedStateName(leftRoot))
+        return false;
+    const rightRoot = referenceRoot(assignment.right);
+    return !!rightRoot && state.verifiedActorParams.has(rightRoot);
+}
+function isRejectingNonAuthorityCallerPredicate(expr, ctx) {
+    if (!expr)
+        return false;
+    if (isNode(expr, 'TupleExpression')) {
+        const components = expr.components || [];
+        if (components.length === 1)
+            return isRejectingNonAuthorityCallerPredicate(components[0], ctx);
+        return false;
+    }
+    if (isNode(expr, 'UnaryOperation') && expr.operator === '!') {
+        return isSafeCallerPredicate(expr.subExpression, ctx);
+    }
+    if (!isNode(expr, 'BinaryOperation'))
+        return false;
+    const op = expr.operator;
+    if (op !== '!=' && op !== '!==')
+        return false;
+    const left = expr.left;
+    const right = expr.right;
+    return (isCallerReference(left) && isStableAuthorityExpr(right, ctx))
+        || (isCallerReference(right) && isStableAuthorityExpr(left, ctx));
+}
+function consequentUnconditionallyReverts(stmt) {
+    if (!stmt)
+        return false;
+    if (isNode(stmt, 'Block')) {
+        const statements = stmt.statements || [];
+        return statements.length === 1 && consequentUnconditionallyReverts(statements[0]);
+    }
+    if (isNode(stmt, 'ThrowStatement') || isNode(stmt, 'RevertStatement'))
+        return true;
+    if (isNode(stmt, 'ExpressionStatement')) {
+        return isNode(stmt.expression, 'FunctionCall') && getCallName(stmt.expression).toLowerCase() === 'revert';
+    }
+    return false;
+}
+function hasSpoofedModifierAuth(fn, ctx) {
+    for (const invocation of fn.modifiers || []) {
+        const definition = ctx.modifiers.get(invocation?.name);
+        if (!definition?.body)
+            continue;
+        const modifierParams = new Set((definition.parameters || []).map((param) => param?.name).filter(Boolean));
+        const spoofedParams = new Set();
+        const args = invocation.arguments || [];
+        const params = definition.parameters || [];
+        params.forEach((param, index) => {
+            if (param?.name && isSpoofableInvocationArgument(args[index], fn))
+                spoofedParams.add(param.name);
+        });
+        const state = {
+            addressParams: new Set([...modifierParams].filter(name => spoofedParams.has(name))),
+            spoofableLocals: new Set(),
+            safeCallerGuard: false,
+            spoofedAuth: false,
+            verifiedActorParams: new Set(),
+        };
+        let found = false;
+        walk(definition.body, node => {
+            if (found)
+                return;
+            if (isSpoofedAuthGuardNode(node, state, ctx))
+                found = true;
+        });
+        if (found)
+            return true;
+    }
+    return false;
+}
+function isSpoofableInvocationArgument(arg, fn) {
+    if (!arg)
+        return false;
+    const fnAddressParams = collectAddressParameterNames(fn);
+    return fnAddressParams.has(referenceRoot(arg));
+}
+function internalCallHasSpoofedAuth(call, state, ctx) {
+    const callee = ctx.internalFunctions.get(getCallName(call));
+    if (!callee?.body)
+        return false;
+    const localState = {
+        addressParams: new Set(),
+        spoofableLocals: new Set(),
+        safeCallerGuard: false,
+        spoofedAuth: false,
+        verifiedActorParams: new Set(),
+    };
+    const params = callee.parameters || [];
+    const args = call.arguments || [];
+    params.forEach((param, index) => {
+        if (param?.name && isSpoofableExpr(args[index], state, ctx)) {
+            localState.addressParams.add(param.name);
+        }
+    });
+    let found = false;
+    walk(callee.body, node => {
+        if (found)
+            return;
+        if (isSpoofedAuthGuardNode(node, localState, ctx))
+            found = true;
+    });
+    return found;
+}
+function isSpoofedAuthGuardNode(node, state, ctx) {
+    if (isRequireOrAssert(node)) {
+        return isSpoofedAuthorizationPredicate(firstArg(node), state, ctx);
+    }
+    return isNode(node, 'IfStatement')
+        && !node.falseBody
+        && consequentUnconditionallyReverts(node.trueBody)
+        && !!identifySpoofedAuthRejectingPredicate(node.condition, state, ctx);
+}
+function isSpoofedAuthorizationPredicate(expr, state, ctx) {
+    if (!expr)
+        return false;
+    if (isNode(expr, 'BinaryOperation')) {
+        const op = expr.operator;
+        const left = expr.left;
+        const right = expr.right;
+        if (op === '==' || op === '===') {
+            if (isCallerReference(left) || isCallerReference(right)) {
+                const other = isCallerReference(left) ? right : left;
+                return isStorageDerivedAddressCast(other, ctx);
+            }
+            return (isSpoofableExpr(left, state, ctx) && isAuthorityExpr(right, ctx))
+                || (isSpoofableExpr(right, state, ctx) && isAuthorityExpr(left, ctx));
+        }
+    }
+    if (isNode(expr, 'TupleExpression')) {
+        return (expr.components || []).some((component) => isSpoofedAuthorizationPredicate(component, state, ctx));
+    }
+    if (isNode(expr, 'FunctionCall')) {
+        const name = getCallName(expr);
+        if (['hasRole', '_checkRole', 'checkRole'].includes(name)) {
+            const args = expr.arguments || [];
+            return args.length >= 2 && isSpoofableExpr(args[1], state, ctx);
+        }
+    }
+    return childNodes(expr).some(child => isSpoofedAuthorizationPredicate(child, state, ctx));
+}
+function isSafeCallerPredicate(expr, ctx) {
+    if (!expr)
+        return false;
+    if (isNode(expr, 'TupleExpression')) {
+        const components = expr.components || [];
+        if (components.length === 1)
+            return isSafeCallerPredicate(components[0], ctx);
+        return false;
+    }
+    if (isNode(expr, 'FunctionCall')) {
+        return isRoleHelperSafeGuard(expr);
+    }
+    if (isNode(expr, 'BinaryOperation')) {
+        const op = expr.operator;
+        if (op === '&&') {
+            return isSafeCallerPredicate(expr.left, ctx) || isSafeCallerPredicate(expr.right, ctx);
+        }
+        if (op === '||') {
+            return false;
+        }
+        if (op === '==' || op === '===') {
+            const left = expr.left;
+            const right = expr.right;
+            return (isCallerReference(left) && isStableAuthorityExpr(right, ctx))
+                || (isCallerReference(right) && isStableAuthorityExpr(left, ctx));
+        }
+    }
+    return false;
+}
+function isRoleHelperSafeGuard(expr) {
+    const name = getCallName(expr);
+    if (!['hasRole', '_checkRole', 'checkRole'].includes(name))
+        return false;
+    const args = expr.arguments || [];
+    if (name === 'hasRole') {
+        return args.length >= 2 && isCallerReference(args[1]);
+    }
+    if (args.length <= 1)
+        return true;
+    return isCallerReference(args[1]);
+}
+function isPrivilegedIdentityAssignment(node, state, ctx) {
+    const assignment = assignmentParts(node);
+    if (!assignment)
+        return false;
+    const leftRoot = referenceRoot(assignment.left);
+    if (!ctx.stateVars.has(leftRoot) || !isPrivilegedStateName(leftRoot))
+        return false;
+    return isSpoofableExpr(assignment.right, state, ctx);
+}
+function isSpoofedAuthorizationStateWrite(node, state, ctx) {
+    const assignment = assignmentParts(node);
+    if (!assignment)
+        return false;
+    if (!isNode(assignment.left, 'IndexAccess'))
+        return false;
+    const base = referenceRoot(assignment.left.base);
+    if (!ctx.stateVars.has(base) || !ROLE_MAPPING_NAMES.has(base.toLowerCase()))
+        return false;
+    return isSpoofableExpr(assignment.left.index, state, ctx);
+}
+function isSensitiveOperation(node, ctx) {
+    if (isAssignmentNode(node)) {
+        const assignment = assignmentParts(node);
+        if (!assignment)
+            return false;
+        return ctx.stateVars.has(referenceRoot(assignment.left));
+    }
+    if (isNode(node, 'UnaryOperation') && node.operator === 'delete') {
+        return ctx.stateVars.has(referenceRoot(node.subExpression));
+    }
+    if (isNode(node, 'FunctionCall')) {
+        const expr = node.expression;
+        if (isNode(expr, 'MemberAccess') && TRANSFER_MEMBERS.has(expr.memberName))
+            return true;
+    }
+    return false;
+}
+function isSpoofableExpr(expr, state, ctx) {
+    if (!expr)
+        return false;
+    const root = referenceRoot(expr);
+    if (state.addressParams.has(root) || state.spoofableLocals.has(root))
+        return true;
+    return isStorageDerivedAddressCast(expr, ctx);
+}
+function isAuthorityExpr(expr, ctx) {
+    if (!expr)
+        return false;
+    const root = referenceRoot(expr);
+    if (ctx.stateVars.has(root))
+        return true;
+    if (isNode(expr, 'FunctionCall')) {
+        const name = getCallName(expr).toLowerCase();
+        if (name.startsWith('ownerof') || AUTH_NAMES.has(name))
+            return true;
+    }
+    return false;
+}
+function isStableAuthorityExpr(expr, ctx) {
+    if (isStorageDerivedAddressCast(expr, ctx))
+        return false;
+    return isAuthorityExpr(expr, ctx);
+}
+function isStorageDerivedAddressCast(expr, ctx) {
+    if (!isNode(expr, 'FunctionCall'))
+        return false;
+    const name = getCallName(expr).toLowerCase();
+    if (!['address', 'payable', 'uint160', 'uint256', 'bytes32'].includes(name))
+        return false;
+    return containsStateRead(expr, ctx);
+}
+function containsStateRead(expr, ctx) {
+    let found = false;
+    walk(expr, node => {
+        if (found)
+            return;
+        if (isNode(node, 'Identifier') && ctx.stateVars.has(node.name))
+            found = true;
+    });
+    return found;
+}
+function isExternalCall(expr, ctx) {
+    if (!isNode(expr, 'FunctionCall'))
+        return false;
+    const callee = expr.expression;
+    if (!isNode(callee, 'MemberAccess'))
+        return false;
+    const root = referenceRoot(callee.expression);
+    return !!root && ctx.stateVars.has(root);
+}
+function isInternalCall(node, ctx) {
+    return isNode(node, 'FunctionCall') && ctx.internalFunctions.has(getCallName(node));
+}
+function firstArg(call) {
+    return (call.arguments || [])[0];
+}
+function isRequireOrAssert(node) {
+    return isNode(node, 'FunctionCall') && ['require', 'assert'].includes(getCallName(node));
+}
+function getCallName(call) {
+    const expr = call?.expression;
+    if (isNode(expr, 'Identifier') || isNode(expr, 'ElementaryTypeName'))
+        return expr.name || '';
+    if (isNode(expr, 'MemberAccess'))
+        return expr.memberName || '';
+    return '';
+}
+function isCallerReference(expr) {
+    return isNode(expr, 'MemberAccess')
+        && expr.memberName === 'sender'
+        && isNode(expr.expression, 'Identifier')
+        && expr.expression.name === 'msg';
+}
+function isPrivilegedStateName(name) {
+    const lower = name.toLowerCase();
+    return AUTH_NAMES.has(lower) || lower.endsWith('owner') || lower.endsWith('admin');
+}
+function isAssignmentNode(node) {
+    const parts = assignmentParts(node);
+    return !!parts && ASSIGNMENT_OPERATORS.has(parts.operator);
+}
+function assignmentParts(node) {
+    const expr = isNode(node, 'ExpressionStatement') ? node.expression : node;
+    if (!expr)
+        return null;
+    if (isNode(expr, 'Assignment'))
+        return { left: expr.left, right: expr.right, operator: expr.operator || '=' };
+    if (isNode(expr, 'BinaryOperation') && ASSIGNMENT_OPERATORS.has(expr.operator)) {
+        return { left: expr.left, right: expr.right, operator: expr.operator };
+    }
+    return null;
+}
+function referenceRoot(expr) {
+    if (!expr)
+        return '';
+    if (isNode(expr, 'Identifier'))
+        return expr.name || '';
+    if (isNode(expr, 'MemberAccess'))
+        return referenceRoot(expr.expression);
+    if (isNode(expr, 'IndexAccess'))
+        return referenceRoot(expr.base);
+    if (isNode(expr, 'FunctionCall'))
+        return referenceRoot((expr.arguments || [])[0]);
+    return '';
+}
+function isAddressType(typeName) {
+    if (!typeName)
+        return false;
+    if (typeName.name === 'address')
+        return true;
+    if (typeName.type === 'ElementaryTypeName' && String(typeName.name || '').startsWith('address'))
+        return true;
+    return String(typeName.namePath || '').toLowerCase() === 'address';
+}
+function isExternallyCallable(fn) {
+    return fn.visibility === 'external' || fn.visibility === 'public' || !fn.visibility;
+}
+function isReadOnly(fn) {
+    const mutability = String(fn.stateMutability || '').toLowerCase();
+    return mutability === 'view' || mutability === 'pure';
+}
+function isNode(node, type) {
+    return !!node && typeof node === 'object' && node.type === type;
+}
+function locOf(node) {
+    const start = node?.loc?.start;
+    if (!start)
+        return null;
+    return { line: start.line || 0, column: start.column || 0 };
+}
+function walk(node, cb) {
+    if (!node || typeof node !== 'object')
+        return;
+    cb(node);
+    for (const child of childNodes(node))
+        walk(child, cb);
+}
+function childNodes(node) {
+    const out = [];
+    for (const key of Object.keys(node || {})) {
+        if (key === 'loc' || key === 'range')
+            continue;
+        const value = node[key];
+        if (Array.isArray(value)) {
+            for (const child of value) {
+                if (child && typeof child === 'object')
+                    out.push(child);
+            }
+        }
+        else if (value && typeof value === 'object') {
+            out.push(value);
+        }
+    }
+    return out;
+}
+//# sourceMappingURL=arbitrary-address-spoofing.js.map