@surfinguard/core-engine 0.1.0 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/dist/analyzers/agent-comm.d.ts +22 -0
- package/dist/analyzers/agent-comm.d.ts.map +1 -0
- package/dist/analyzers/agent-comm.js +79 -0
- package/dist/analyzers/agent-comm.js.map +1 -0
- package/dist/analyzers/api-call.d.ts +21 -0
- package/dist/analyzers/api-call.d.ts.map +1 -0
- package/dist/analyzers/api-call.js +134 -0
- package/dist/analyzers/api-call.js.map +1 -0
- package/dist/analyzers/auth.d.ts +22 -0
- package/dist/analyzers/auth.d.ts.map +1 -0
- package/dist/analyzers/auth.js +97 -0
- package/dist/analyzers/auth.js.map +1 -0
- package/dist/analyzers/code.d.ts +32 -0
- package/dist/analyzers/code.d.ts.map +1 -0
- package/dist/analyzers/code.js +310 -0
- package/dist/analyzers/code.js.map +1 -0
- package/dist/analyzers/command.d.ts.map +1 -1
- package/dist/analyzers/command.js +91 -39
- package/dist/analyzers/command.js.map +1 -1
- package/dist/analyzers/data-pipeline.d.ts +23 -0
- package/dist/analyzers/data-pipeline.d.ts.map +1 -0
- package/dist/analyzers/data-pipeline.js +86 -0
- package/dist/analyzers/data-pipeline.js.map +1 -0
- package/dist/analyzers/document.d.ts +22 -0
- package/dist/analyzers/document.d.ts.map +1 -0
- package/dist/analyzers/document.js +77 -0
- package/dist/analyzers/document.js.map +1 -0
- package/dist/analyzers/file-read.d.ts.map +1 -1
- package/dist/analyzers/file-read.js +12 -3
- package/dist/analyzers/file-read.js.map +1 -1
- package/dist/analyzers/file-write.d.ts.map +1 -1
- package/dist/analyzers/file-write.js +12 -3
- package/dist/analyzers/file-write.js.map +1 -1
- package/dist/analyzers/git.d.ts +25 -0
- package/dist/analyzers/git.d.ts.map +1 -0
- package/dist/analyzers/git.js +126 -0
- package/dist/analyzers/git.js.map +1 -0
- package/dist/analyzers/index.d.ts +3 -0
- package/dist/analyzers/index.d.ts.map +1 -1
- package/dist/analyzers/index.js +3 -0
- package/dist/analyzers/index.js.map +1 -1
- package/dist/analyzers/infra.d.ts +30 -0
- package/dist/analyzers/infra.d.ts.map +1 -0
- package/dist/analyzers/infra.js +134 -0
- package/dist/analyzers/infra.js.map +1 -0
- package/dist/analyzers/iot.d.ts +22 -0
- package/dist/analyzers/iot.d.ts.map +1 -0
- package/dist/analyzers/iot.js +78 -0
- package/dist/analyzers/iot.js.map +1 -0
- package/dist/analyzers/message.d.ts +22 -0
- package/dist/analyzers/message.d.ts.map +1 -0
- package/dist/analyzers/message.js +106 -0
- package/dist/analyzers/message.js.map +1 -0
- package/dist/analyzers/query.d.ts +23 -0
- package/dist/analyzers/query.d.ts.map +1 -0
- package/dist/analyzers/query.js +183 -0
- package/dist/analyzers/query.js.map +1 -0
- package/dist/analyzers/text.d.ts.map +1 -1
- package/dist/analyzers/text.js +20 -3
- package/dist/analyzers/text.js.map +1 -1
- package/dist/analyzers/transaction.d.ts +23 -0
- package/dist/analyzers/transaction.d.ts.map +1 -0
- package/dist/analyzers/transaction.js +100 -0
- package/dist/analyzers/transaction.js.map +1 -0
- package/dist/analyzers/ui-action.d.ts +23 -0
- package/dist/analyzers/ui-action.d.ts.map +1 -0
- package/dist/analyzers/ui-action.js +92 -0
- package/dist/analyzers/ui-action.js.map +1 -0
- package/dist/analyzers/url.d.ts.map +1 -1
- package/dist/analyzers/url.js +6 -2
- package/dist/analyzers/url.js.map +1 -1
- package/dist/classifier.d.ts.map +1 -1
- package/dist/classifier.js +20 -1
- package/dist/classifier.js.map +1 -1
- package/dist/context.d.ts +6 -4
- package/dist/context.d.ts.map +1 -1
- package/dist/context.js +34 -5
- package/dist/context.js.map +1 -1
- package/dist/engine.d.ts +72 -3
- package/dist/engine.d.ts.map +1 -1
- package/dist/engine.js +313 -9
- package/dist/engine.js.map +1 -1
- package/dist/index.d.ts +18 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +17 -1
- package/dist/index.js.map +1 -1
- package/dist/patterns.d.ts +15 -1
- package/dist/patterns.d.ts.map +1 -1
- package/dist/patterns.js +70 -53
- package/dist/patterns.js.map +1 -1
- package/dist/policy-engine.d.ts +44 -0
- package/dist/policy-engine.d.ts.map +1 -0
- package/dist/policy-engine.js +225 -0
- package/dist/policy-engine.js.map +1 -0
- package/dist/session-tracker.d.ts +50 -0
- package/dist/session-tracker.d.ts.map +1 -0
- package/dist/session-tracker.js +286 -0
- package/dist/session-tracker.js.map +1 -0
- package/package.json +15 -12
- package/patterns/agent-comm.json +97 -0
- package/patterns/api-call.json +175 -0
- package/patterns/auth.json +116 -0
- package/patterns/chains.json +171 -0
- package/patterns/code.json +204 -0
- package/patterns/data-pipeline.json +116 -0
- package/patterns/document.json +110 -0
- package/patterns/git.json +118 -0
- package/patterns/infra.json +207 -0
- package/patterns/iot.json +105 -0
- package/patterns/message.json +122 -0
- package/patterns/query.json +134 -0
- package/patterns/transaction.json +120 -0
- package/patterns/ui-action.json +137 -0
|
@@ -0,0 +1,126 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Git Analyzer — detects dangerous git operations.
|
|
3
|
+
*
|
|
4
|
+
* Detects 6 threat patterns (V01-V06) mapped to 4 risk primitives.
|
|
5
|
+
* Input: value = git command/operation description, metadata = { branch?, remote?, files? }
|
|
6
|
+
*/
|
|
7
|
+
export class GitAnalyzer {
|
|
8
|
+
actionType = 'git';
|
|
9
|
+
forcePushPatterns;
|
|
10
|
+
mergePatterns;
|
|
11
|
+
cicdPatterns;
|
|
12
|
+
releasePatterns;
|
|
13
|
+
branchDeletePatterns;
|
|
14
|
+
gitignorePatterns;
|
|
15
|
+
protectedBranches;
|
|
16
|
+
safePatterns;
|
|
17
|
+
constructor(patterns) {
|
|
18
|
+
this.forcePushPatterns = patterns.forcePushPatterns.map((p) => new RegExp(p, 'i'));
|
|
19
|
+
this.mergePatterns = patterns.mergePatterns.map((p) => new RegExp(p, 'i'));
|
|
20
|
+
this.cicdPatterns = patterns.cicdPatterns.map((p) => new RegExp(p, 'i'));
|
|
21
|
+
this.releasePatterns = patterns.releasePatterns.map((p) => new RegExp(p, 'i'));
|
|
22
|
+
this.branchDeletePatterns = patterns.branchDeletePatterns.map((p) => new RegExp(p, 'i'));
|
|
23
|
+
this.gitignorePatterns = patterns.gitignorePatterns.map((p) => new RegExp(p, 'i'));
|
|
24
|
+
this.protectedBranches = patterns.protectedBranches.map((b) => b.toLowerCase());
|
|
25
|
+
this.safePatterns = patterns.safePatterns.map((p) => new RegExp(p, 'i'));
|
|
26
|
+
}
|
|
27
|
+
analyze(value, metadata) {
|
|
28
|
+
const cmd = value.trim();
|
|
29
|
+
if (!cmd) {
|
|
30
|
+
return {
|
|
31
|
+
actionType: 'git',
|
|
32
|
+
findings: [],
|
|
33
|
+
shortCircuit: { safe: true, reason: 'Empty command' },
|
|
34
|
+
};
|
|
35
|
+
}
|
|
36
|
+
const lower = cmd.toLowerCase();
|
|
37
|
+
const branch = (metadata?.branch ?? '').toLowerCase();
|
|
38
|
+
// Safe short-circuit — also check files metadata for CI/CD paths
|
|
39
|
+
const files = metadata?.files;
|
|
40
|
+
const hasMetadataDanger = files?.some((f) => this.cicdPatterns.some((p) => p.test(f))) ?? false;
|
|
41
|
+
if (this.safePatterns.some((p) => p.test(lower)) &&
|
|
42
|
+
!this.hasDangerousPattern(lower) &&
|
|
43
|
+
!hasMetadataDanger) {
|
|
44
|
+
return {
|
|
45
|
+
actionType: 'git',
|
|
46
|
+
findings: [],
|
|
47
|
+
shortCircuit: { safe: true, reason: 'Safe git pattern' },
|
|
48
|
+
};
|
|
49
|
+
}
|
|
50
|
+
const findings = [];
|
|
51
|
+
const add = (primitive, score, reason, threatId) => {
|
|
52
|
+
findings.push({ primitive, score, reason, threatId });
|
|
53
|
+
};
|
|
54
|
+
const targetBranch = branch || this.extractBranchFromValue(lower);
|
|
55
|
+
const isProtected = this.isProtectedBranch(targetBranch);
|
|
56
|
+
// ── V01: Force push ──
|
|
57
|
+
if (this.forcePushPatterns.some((p) => p.test(lower))) {
|
|
58
|
+
const score = isProtected ? 10 : 8;
|
|
59
|
+
const reason = isProtected
|
|
60
|
+
? `Force push to protected branch '${targetBranch}' — overwrites remote history`
|
|
61
|
+
: 'Force push — overwrites remote history';
|
|
62
|
+
add('DESTRUCTION', score, reason, 'V01');
|
|
63
|
+
}
|
|
64
|
+
// ── V02: Unreviewed merge to main ──
|
|
65
|
+
if (this.mergePatterns.some((p) => p.test(lower)) && isProtected) {
|
|
66
|
+
const score = 9;
|
|
67
|
+
add('DESTRUCTION', score, `Unreviewed merge to protected branch '${targetBranch}'`, 'V02');
|
|
68
|
+
}
|
|
69
|
+
// ── V03: CI/CD pipeline modification ──
|
|
70
|
+
if (this.cicdPatterns.some((p) => p.test(lower))) {
|
|
71
|
+
add('PERSISTENCE', 8, 'CI/CD pipeline modification — agent modifying build/deploy configuration', 'V03');
|
|
72
|
+
}
|
|
73
|
+
// Also check files metadata for CI/CD paths
|
|
74
|
+
if (files && !findings.some((f) => f.threatId === 'V03')) {
|
|
75
|
+
if (files.some((f) => this.cicdPatterns.some((p) => p.test(f)))) {
|
|
76
|
+
add('PERSISTENCE', 8, 'CI/CD pipeline modification — commit includes pipeline config files', 'V03');
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
// ── V04: Unauthorized release ──
|
|
80
|
+
if (this.releasePatterns.some((p) => p.test(lower))) {
|
|
81
|
+
add('MANIPULATION', 7, 'Unauthorized release — agent creating tags or publishing packages', 'V04');
|
|
82
|
+
}
|
|
83
|
+
// ── V05: Branch deletion ──
|
|
84
|
+
if (this.branchDeletePatterns.some((p) => p.test(lower))) {
|
|
85
|
+
const score = isProtected ? 10 : 7;
|
|
86
|
+
const reason = isProtected
|
|
87
|
+
? `Deleting protected branch '${targetBranch}'`
|
|
88
|
+
: 'Branch deletion — agent deleting git branch';
|
|
89
|
+
add('DESTRUCTION', score, reason, 'V05');
|
|
90
|
+
}
|
|
91
|
+
// ── V06: Gitignore weakening ──
|
|
92
|
+
if (this.gitignorePatterns.some((p) => p.test(lower))) {
|
|
93
|
+
add('EXFILTRATION', 7, 'Gitignore weakening — removing or weakening .gitignore rules', 'V06');
|
|
94
|
+
}
|
|
95
|
+
return { actionType: 'git', findings };
|
|
96
|
+
}
|
|
97
|
+
hasDangerousPattern(text) {
|
|
98
|
+
return (this.forcePushPatterns.some((p) => p.test(text)) ||
|
|
99
|
+
this.mergePatterns.some((p) => p.test(text)) ||
|
|
100
|
+
this.cicdPatterns.some((p) => p.test(text)) ||
|
|
101
|
+
this.releasePatterns.some((p) => p.test(text)) ||
|
|
102
|
+
this.branchDeletePatterns.some((p) => p.test(text)) ||
|
|
103
|
+
this.gitignorePatterns.some((p) => p.test(text)));
|
|
104
|
+
}
|
|
105
|
+
isProtectedBranch(branch) {
|
|
106
|
+
if (!branch)
|
|
107
|
+
return false;
|
|
108
|
+
return this.protectedBranches.some((pb) => branch === pb || branch.endsWith(`/${pb}`));
|
|
109
|
+
}
|
|
110
|
+
extractBranchFromValue(text) {
|
|
111
|
+
// Try to extract branch name after push/merge keywords
|
|
112
|
+
for (const pb of this.protectedBranches) {
|
|
113
|
+
const patterns = [
|
|
114
|
+
new RegExp(`(?:push|merge|rebase).*\\b${pb}\\b`, 'i'),
|
|
115
|
+
new RegExp(`\\bto\\s+${pb}\\b`, 'i'),
|
|
116
|
+
new RegExp(`\\b${pb}\\b`, 'i'),
|
|
117
|
+
];
|
|
118
|
+
for (const p of patterns) {
|
|
119
|
+
if (p.test(text))
|
|
120
|
+
return pb;
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
return '';
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
//# sourceMappingURL=git.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"git.js","sourceRoot":"","sources":["../../src/analyzers/git.ts"],"names":[],"mappings":"AAGA;;;;;GAKG;AACH,MAAM,OAAO,WAAW;IACb,UAAU,GAAG,KAAc,CAAC;IAEpB,iBAAiB,CAAW;IAC5B,aAAa,CAAW;IACxB,YAAY,CAAW;IACvB,eAAe,CAAW;IAC1B,oBAAoB,CAAW;IAC/B,iBAAiB,CAAW;IAC5B,iBAAiB,CAAW;IAC5B,YAAY,CAAW;IAExC,YAAY,QAA4B;QACtC,IAAI,CAAC,iBAAiB,GAAG,QAAQ,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACnF,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3E,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACzE,IAAI,CAAC,eAAe,GAAG,QAAQ,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC/E,IAAI,CAAC,oBAAoB,GAAG,QAAQ,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACzF,IAAI,CAAC,iBAAiB,GAAG,QAAQ,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACnF,IAAI,CAAC,iBAAiB,GAAG,QAAQ,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAChF,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IAC3E,CAAC;IAED,OAAO,CAAC,KAAa,EAAE,QAAkC;QACvD,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QACzB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,QAAQ,EAAE,EAAE;gBACZ,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,eAAe,EAAE;aACtD,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,CAAE,QAAQ,EAAE,MAAiB,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAElE,iEAAiE;QACjE,MAAM,KAAK,GAAG,QAAQ,EAAE,KAA6B,CAAC;QACtD,MAAM,iBAAiB,GAAG,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC;QAChG,IACE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC5C,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC;YAChC,CAAC,iBAAiB,EAClB,CAAC;YACD,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,QAAQ,EAAE,EAAE;gBACZ,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,EAAE;aACzD,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAsB,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,CACV,SAAuC,EACvC,KAAa,EACb,MAAc,EACd,QAAgB,EAChB,EAAE;YACF,QAAQ,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QACxD,CAAC,CAAC;QAEF,MAAM,YAAY,GAAG,MAAM,IAAI,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;QAClE,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;QAEzD,wBAAwB;QACxB,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACtD,MAAM,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YACnC,MAAM,MAAM,GAAG,WAAW;gBACxB,CAAC,CAAC,mCAAmC,YAAY,+BAA+B;gBAChF,CAAC,CAAC,wCAAwC,CAAC;YAC7C,GAAG,CAAC,aAAa,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QAC3C,CAAC;QAED,sCAAsC;QACtC,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC;YACjE,MAAM,KAAK,GAAG,CAAC,CAAC;YAChB,GAAG,CAAC,aAAa,EAAE,KAAK,EAAE,yCAAyC,YAAY,GAAG,EAAE,KAAK,CAAC,CAAC;QAC7F,CAAC;QAED,yCAAyC;QACzC,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CACD,aAAa,EACb,CAAC,EACD,0EAA0E,EAC1E,KAAK,CACN,CAAC;QACJ,CAAC;QACD,4CAA4C;QAC5C,IAAI,KAAK,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,EAAE,CAAC;YACzD,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChE,GAAG,CACD,aAAa,EACb,CAAC,EACD,qEAAqE,EACrE,KAAK,CACN,CAAC;YACJ,CAAC;QACH,CAAC;QAED,kCAAkC;QAClC,IAAI,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACpD,GAAG,CACD,cAAc,EACd,CAAC,EACD,mEAAmE,EACnE,KAAK,CACN,CAAC;QACJ,CAAC;QAED,6BAA6B;QAC7B,IAAI,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACzD,MAAM,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YACnC,MAAM,MAAM,GAAG,WAAW;gBACxB,CAAC,CAAC,8BAA8B,YAAY,GAAG;gBAC/C,CAAC,CAAC,6CAA6C,CAAC;YAClD,GAAG,CAAC,aAAa,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QAC3C,CAAC;QAED,iCAAiC;QACjC,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACtD,GAAG,CAAC,cAAc,EAAE,CAAC,EAAE,8DAA8D,EAAE,KAAK,CAAC,CAAC;QAChG,CAAC;QAED,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;IACzC,CAAC;IAEO,mBAAmB,CAAC,IAAY;QACtC,OAAO,CACL,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChD,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5C,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC3C,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9C,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnD,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CACjD,CAAC;IACJ,CAAC;IAEO,iBAAiB,CAAC,MAAc;QACtC,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QAC1B,OAAO,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,MAAM,KAAK,EAAE,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;IACzF,CAAC;IAEO,sBAAsB,CAAC,IAAY;QACzC,uDAAuD;QACvD,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACxC,MAAM,QAAQ,GAAG;gBACf,IAAI,MAAM,CAAC,6BAA6B,EAAE,KAAK,EAAE,GAAG,CAAC;gBACrD,IAAI,MAAM,CAAC,YAAY,EAAE,KAAK,EAAE,GAAG,CAAC;gBACpC,IAAI,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,CAAC;aAC/B,CAAC;YACF,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;gBACzB,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;oBAAE,OAAO,EAAE,CAAC;YAC9B,CAAC;QACH,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;CACF"}
|
|
@@ -4,4 +4,7 @@ export { CommandAnalyzer } from './command.js';
|
|
|
4
4
|
export { TextAnalyzer } from './text.js';
|
|
5
5
|
export { FileReadAnalyzer } from './file-read.js';
|
|
6
6
|
export { FileWriteAnalyzer } from './file-write.js';
|
|
7
|
+
export { ApiCallAnalyzer } from './api-call.js';
|
|
8
|
+
export { QueryAnalyzer } from './query.js';
|
|
9
|
+
export { CodeAnalyzer } from './code.js';
|
|
7
10
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/analyzers/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,QAAQ,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3E,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACvC,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/analyzers/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,QAAQ,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3E,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACvC,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC"}
|
package/dist/analyzers/index.js
CHANGED
|
@@ -3,4 +3,7 @@ export { CommandAnalyzer } from './command.js';
|
|
|
3
3
|
export { TextAnalyzer } from './text.js';
|
|
4
4
|
export { FileReadAnalyzer } from './file-read.js';
|
|
5
5
|
export { FileWriteAnalyzer } from './file-write.js';
|
|
6
|
+
export { ApiCallAnalyzer } from './api-call.js';
|
|
7
|
+
export { QueryAnalyzer } from './query.js';
|
|
8
|
+
export { CodeAnalyzer } from './code.js';
|
|
6
9
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/analyzers/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACvC,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/analyzers/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACvC,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC"}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
import type { InfraPatternDatabase } from '@surfinguard/types';
|
|
2
|
+
import type { Analyzer, AnalyzerResult } from './base.js';
|
|
3
|
+
/**
|
|
4
|
+
* Infrastructure Analyzer — detects dangerous cloud/container operations.
|
|
5
|
+
*
|
|
6
|
+
* Detects 12 threat patterns (I01-I06, CL01-CL06) mapped to 4 risk primitives.
|
|
7
|
+
* Input: value = infrastructure command/action, metadata = { provider?, environment?, resource? }
|
|
8
|
+
*/
|
|
9
|
+
export declare class InfraAnalyzer implements Analyzer {
|
|
10
|
+
readonly actionType: "infra";
|
|
11
|
+
private readonly containerEscapePatterns;
|
|
12
|
+
private readonly iacModificationPatterns;
|
|
13
|
+
private readonly firewallPatterns;
|
|
14
|
+
private readonly certificatePatterns;
|
|
15
|
+
private readonly dnsModificationPatterns;
|
|
16
|
+
private readonly secretStorePatterns;
|
|
17
|
+
private readonly resourceProvisioningPatterns;
|
|
18
|
+
private readonly iamPatterns;
|
|
19
|
+
private readonly securityGroupPatterns;
|
|
20
|
+
private readonly backupDeletionPatterns;
|
|
21
|
+
private readonly productionDeployPatterns;
|
|
22
|
+
private readonly cloudSecretPatterns;
|
|
23
|
+
private readonly productionEnvironments;
|
|
24
|
+
private readonly safePatterns;
|
|
25
|
+
constructor(patterns: InfraPatternDatabase);
|
|
26
|
+
analyze(value: string, metadata?: Record<string, unknown>): AnalyzerResult;
|
|
27
|
+
private hasDangerousPattern;
|
|
28
|
+
private isProductionEnvironment;
|
|
29
|
+
}
|
|
30
|
+
//# sourceMappingURL=infra.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"infra.d.ts","sourceRoot":"","sources":["../../src/analyzers/infra.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC/D,OAAO,KAAK,EAAE,QAAQ,EAAmB,cAAc,EAAE,MAAM,WAAW,CAAC;AAE3E;;;;;GAKG;AACH,qBAAa,aAAc,YAAW,QAAQ;IAC5C,QAAQ,CAAC,UAAU,EAAG,OAAO,CAAU;IAEvC,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAW;IACnD,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAW;IACnD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAW;IAC5C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAW;IAC/C,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAW;IACnD,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAW;IAC/C,OAAO,CAAC,QAAQ,CAAC,4BAA4B,CAAW;IACxD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAW;IACvC,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAW;IACjD,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAW;IAClD,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAW;IACpD,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAW;IAC/C,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAW;IAClD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAW;gBAE5B,QAAQ,EAAE,oBAAoB;IAqB1C,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,cAAc;IAmK1E,OAAO,CAAC,mBAAmB;IAiB3B,OAAO,CAAC,uBAAuB;CAGhC"}
|
|
@@ -0,0 +1,134 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Infrastructure Analyzer — detects dangerous cloud/container operations.
|
|
3
|
+
*
|
|
4
|
+
* Detects 12 threat patterns (I01-I06, CL01-CL06) mapped to 4 risk primitives.
|
|
5
|
+
* Input: value = infrastructure command/action, metadata = { provider?, environment?, resource? }
|
|
6
|
+
*/
|
|
7
|
+
export class InfraAnalyzer {
|
|
8
|
+
actionType = 'infra';
|
|
9
|
+
containerEscapePatterns;
|
|
10
|
+
iacModificationPatterns;
|
|
11
|
+
firewallPatterns;
|
|
12
|
+
certificatePatterns;
|
|
13
|
+
dnsModificationPatterns;
|
|
14
|
+
secretStorePatterns;
|
|
15
|
+
resourceProvisioningPatterns;
|
|
16
|
+
iamPatterns;
|
|
17
|
+
securityGroupPatterns;
|
|
18
|
+
backupDeletionPatterns;
|
|
19
|
+
productionDeployPatterns;
|
|
20
|
+
cloudSecretPatterns;
|
|
21
|
+
productionEnvironments;
|
|
22
|
+
safePatterns;
|
|
23
|
+
constructor(patterns) {
|
|
24
|
+
this.containerEscapePatterns = patterns.containerEscapePatterns.map((p) => new RegExp(p, 'i'));
|
|
25
|
+
this.iacModificationPatterns = patterns.iacModificationPatterns.map((p) => new RegExp(p, 'i'));
|
|
26
|
+
this.firewallPatterns = patterns.firewallPatterns.map((p) => new RegExp(p, 'i'));
|
|
27
|
+
this.certificatePatterns = patterns.certificatePatterns.map((p) => new RegExp(p, 'i'));
|
|
28
|
+
this.dnsModificationPatterns = patterns.dnsModificationPatterns.map((p) => new RegExp(p, 'i'));
|
|
29
|
+
this.secretStorePatterns = patterns.secretStorePatterns.map((p) => new RegExp(p, 'i'));
|
|
30
|
+
this.resourceProvisioningPatterns = patterns.resourceProvisioningPatterns.map((p) => new RegExp(p, 'i'));
|
|
31
|
+
this.iamPatterns = patterns.iamPatterns.map((p) => new RegExp(p, 'i'));
|
|
32
|
+
this.securityGroupPatterns = patterns.securityGroupPatterns.map((p) => new RegExp(p, 'i'));
|
|
33
|
+
this.backupDeletionPatterns = patterns.backupDeletionPatterns.map((p) => new RegExp(p, 'i'));
|
|
34
|
+
this.productionDeployPatterns = patterns.productionDeployPatterns.map((p) => new RegExp(p, 'i'));
|
|
35
|
+
this.cloudSecretPatterns = patterns.cloudSecretPatterns.map((p) => new RegExp(p, 'i'));
|
|
36
|
+
this.productionEnvironments = patterns.productionEnvironments.map((e) => e.toLowerCase());
|
|
37
|
+
this.safePatterns = patterns.safePatterns.map((p) => new RegExp(p, 'i'));
|
|
38
|
+
}
|
|
39
|
+
analyze(value, metadata) {
|
|
40
|
+
const action = value.trim();
|
|
41
|
+
if (!action) {
|
|
42
|
+
return {
|
|
43
|
+
actionType: 'infra',
|
|
44
|
+
findings: [],
|
|
45
|
+
shortCircuit: { safe: true, reason: 'Empty action' },
|
|
46
|
+
};
|
|
47
|
+
}
|
|
48
|
+
const lower = action.toLowerCase();
|
|
49
|
+
const environment = (metadata?.environment ?? '').toLowerCase();
|
|
50
|
+
// Safe short-circuit — --dry-run and preview override dangerous patterns
|
|
51
|
+
const isDryRun = /--dry-run|preview/.test(lower);
|
|
52
|
+
if (isDryRun ||
|
|
53
|
+
(this.safePatterns.some((p) => p.test(lower)) && !this.hasDangerousPattern(lower))) {
|
|
54
|
+
return {
|
|
55
|
+
actionType: 'infra',
|
|
56
|
+
findings: [],
|
|
57
|
+
shortCircuit: { safe: true, reason: 'Safe infrastructure pattern' },
|
|
58
|
+
};
|
|
59
|
+
}
|
|
60
|
+
const findings = [];
|
|
61
|
+
const add = (primitive, score, reason, threatId) => {
|
|
62
|
+
findings.push({ primitive, score, reason, threatId });
|
|
63
|
+
};
|
|
64
|
+
const isProduction = this.isProductionEnvironment(environment) || this.isProductionEnvironment(lower);
|
|
65
|
+
const prodBoost = isProduction ? 2 : 0;
|
|
66
|
+
// ── I01: Docker escape ──
|
|
67
|
+
if (this.containerEscapePatterns.some((p) => p.test(lower))) {
|
|
68
|
+
add('ESCALATION', Math.min(10, 9 + prodBoost), 'Container escape — privileged mode, host mount, or nsenter detected', 'I01');
|
|
69
|
+
}
|
|
70
|
+
// ── I02: IaC modification ──
|
|
71
|
+
if (this.iacModificationPatterns.some((p) => p.test(lower))) {
|
|
72
|
+
add('DESTRUCTION', Math.min(10, 8 + prodBoost), 'IaC modification — Terraform/K8s/CloudFormation apply or destroy', 'I02');
|
|
73
|
+
}
|
|
74
|
+
// ── I03: Firewall rule changes ──
|
|
75
|
+
if (this.firewallPatterns.some((p) => p.test(lower))) {
|
|
76
|
+
add('ESCALATION', Math.min(10, 8 + prodBoost), 'Firewall rule changes — modifying network security rules', 'I03');
|
|
77
|
+
}
|
|
78
|
+
// ── I04: Certificate manipulation ──
|
|
79
|
+
if (this.certificatePatterns.some((p) => p.test(lower))) {
|
|
80
|
+
add('DESTRUCTION', Math.min(10, 8 + prodBoost), 'Certificate manipulation — deleting or replacing TLS certificates', 'I04');
|
|
81
|
+
}
|
|
82
|
+
// ── I05: DNS modification ──
|
|
83
|
+
if (this.dnsModificationPatterns.some((p) => p.test(lower))) {
|
|
84
|
+
add('MANIPULATION', Math.min(10, 8 + prodBoost), 'DNS modification — changing DNS records to redirect traffic', 'I05');
|
|
85
|
+
}
|
|
86
|
+
// ── I06: Secret store access ──
|
|
87
|
+
if (this.secretStorePatterns.some((p) => p.test(lower))) {
|
|
88
|
+
add('EXFILTRATION', Math.min(10, 7 + prodBoost), 'Secret store access — reading from Vault or secret managers', 'I06');
|
|
89
|
+
}
|
|
90
|
+
// ── CL01: Resource over-provisioning ──
|
|
91
|
+
if (this.resourceProvisioningPatterns.some((p) => p.test(lower))) {
|
|
92
|
+
add('DESTRUCTION', Math.min(10, 8 + prodBoost), 'Resource over-provisioning — creating excessive compute resources', 'CL01');
|
|
93
|
+
}
|
|
94
|
+
// ── CL02: IAM role modification ──
|
|
95
|
+
if (this.iamPatterns.some((p) => p.test(lower))) {
|
|
96
|
+
add('ESCALATION', Math.min(10, 9 + prodBoost), 'IAM role modification — escalating privileges via IAM changes', 'CL02');
|
|
97
|
+
}
|
|
98
|
+
// ── CL03: Security group opening ──
|
|
99
|
+
if (this.securityGroupPatterns.some((p) => p.test(lower))) {
|
|
100
|
+
add('ESCALATION', Math.min(10, 8 + prodBoost), 'Security group opening — exposing services to 0.0.0.0/0', 'CL03');
|
|
101
|
+
}
|
|
102
|
+
// ── CL04: Backup deletion ──
|
|
103
|
+
if (this.backupDeletionPatterns.some((p) => p.test(lower))) {
|
|
104
|
+
add('DESTRUCTION', Math.min(10, 9 + prodBoost), 'Backup deletion — removing snapshots or backups', 'CL04');
|
|
105
|
+
}
|
|
106
|
+
// ── CL05: Production deployment ──
|
|
107
|
+
if (this.productionDeployPatterns.some((p) => p.test(lower))) {
|
|
108
|
+
add('DESTRUCTION', Math.min(10, 7 + prodBoost), 'Production deployment — deploying to production environment', 'CL05');
|
|
109
|
+
}
|
|
110
|
+
// ── CL06: Cloud secret access ──
|
|
111
|
+
if (this.cloudSecretPatterns.some((p) => p.test(lower))) {
|
|
112
|
+
add('EXFILTRATION', Math.min(10, 7 + prodBoost), 'Cloud secret access — reading from cloud secret management services', 'CL06');
|
|
113
|
+
}
|
|
114
|
+
return { actionType: 'infra', findings };
|
|
115
|
+
}
|
|
116
|
+
hasDangerousPattern(text) {
|
|
117
|
+
return (this.containerEscapePatterns.some((p) => p.test(text)) ||
|
|
118
|
+
this.iacModificationPatterns.some((p) => p.test(text)) ||
|
|
119
|
+
this.firewallPatterns.some((p) => p.test(text)) ||
|
|
120
|
+
this.certificatePatterns.some((p) => p.test(text)) ||
|
|
121
|
+
this.dnsModificationPatterns.some((p) => p.test(text)) ||
|
|
122
|
+
this.secretStorePatterns.some((p) => p.test(text)) ||
|
|
123
|
+
this.resourceProvisioningPatterns.some((p) => p.test(text)) ||
|
|
124
|
+
this.iamPatterns.some((p) => p.test(text)) ||
|
|
125
|
+
this.securityGroupPatterns.some((p) => p.test(text)) ||
|
|
126
|
+
this.backupDeletionPatterns.some((p) => p.test(text)) ||
|
|
127
|
+
this.productionDeployPatterns.some((p) => p.test(text)) ||
|
|
128
|
+
this.cloudSecretPatterns.some((p) => p.test(text)));
|
|
129
|
+
}
|
|
130
|
+
isProductionEnvironment(text) {
|
|
131
|
+
return this.productionEnvironments.some((env) => text.includes(env));
|
|
132
|
+
}
|
|
133
|
+
}
|
|
134
|
+
//# sourceMappingURL=infra.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"infra.js","sourceRoot":"","sources":["../../src/analyzers/infra.ts"],"names":[],"mappings":"AAGA;;;;;GAKG;AACH,MAAM,OAAO,aAAa;IACf,UAAU,GAAG,OAAgB,CAAC;IAEtB,uBAAuB,CAAW;IAClC,uBAAuB,CAAW;IAClC,gBAAgB,CAAW;IAC3B,mBAAmB,CAAW;IAC9B,uBAAuB,CAAW;IAClC,mBAAmB,CAAW;IAC9B,4BAA4B,CAAW;IACvC,WAAW,CAAW;IACtB,qBAAqB,CAAW;IAChC,sBAAsB,CAAW;IACjC,wBAAwB,CAAW;IACnC,mBAAmB,CAAW;IAC9B,sBAAsB,CAAW;IACjC,YAAY,CAAW;IAExC,YAAY,QAA8B;QACxC,IAAI,CAAC,uBAAuB,GAAG,QAAQ,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC/F,IAAI,CAAC,uBAAuB,GAAG,QAAQ,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC/F,IAAI,CAAC,gBAAgB,GAAG,QAAQ,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACjF,IAAI,CAAC,mBAAmB,GAAG,QAAQ,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACvF,IAAI,CAAC,uBAAuB,GAAG,QAAQ,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC/F,IAAI,CAAC,mBAAmB,GAAG,QAAQ,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACvF,IAAI,CAAC,4BAA4B,GAAG,QAAQ,CAAC,4BAA4B,CAAC,GAAG,CAC3E,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAC1B,CAAC;QACF,IAAI,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACvE,IAAI,CAAC,qBAAqB,GAAG,QAAQ,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3F,IAAI,CAAC,sBAAsB,GAAG,QAAQ,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC7F,IAAI,CAAC,wBAAwB,GAAG,QAAQ,CAAC,wBAAwB,CAAC,GAAG,CACnE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAC1B,CAAC;QACF,IAAI,CAAC,mBAAmB,GAAG,QAAQ,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACvF,IAAI,CAAC,sBAAsB,GAAG,QAAQ,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAC1F,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IAC3E,CAAC;IAED,OAAO,CAAC,KAAa,EAAE,QAAkC;QACvD,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO;gBACL,UAAU,EAAE,OAAO;gBACnB,QAAQ,EAAE,EAAE;gBACZ,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE;aACrD,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;QACnC,MAAM,WAAW,GAAG,CAAE,QAAQ,EAAE,WAAsB,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAE5E,yEAAyE;QACzE,MAAM,QAAQ,GAAG,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjD,IACE,QAAQ;YACR,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,EAClF,CAAC;YACD,OAAO;gBACL,UAAU,EAAE,OAAO;gBACnB,QAAQ,EAAE,EAAE;gBACZ,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,6BAA6B,EAAE;aACpE,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAsB,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,CACV,SAAuC,EACvC,KAAa,EACb,MAAc,EACd,QAAgB,EAChB,EAAE;YACF,QAAQ,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QACxD,CAAC,CAAC;QAEF,MAAM,YAAY,GAChB,IAAI,CAAC,uBAAuB,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;QACnF,MAAM,SAAS,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAEvC,2BAA2B;QAC3B,IAAI,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC5D,GAAG,CACD,YAAY,EACZ,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,EAC3B,qEAAqE,EACrE,KAAK,CACN,CAAC;QACJ,CAAC;QAED,8BAA8B;QAC9B,IAAI,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC5D,GAAG,CACD,aAAa,EACb,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,EAC3B,kEAAkE,EAClE,KAAK,CACN,CAAC;QACJ,CAAC;QAED,mCAAmC;QACnC,IAAI,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACrD,GAAG,CACD,YAAY,EACZ,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,EAC3B,0DAA0D,EAC1D,KAAK,CACN,CAAC;QACJ,CAAC;QAED,sCAAsC;QACtC,IAAI,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACxD,GAAG,CACD,aAAa,EACb,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,EAC3B,mEAAmE,EACnE,KAAK,CACN,CAAC;QACJ,CAAC;QAED,8BAA8B;QAC9B,IAAI,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC5D,GAAG,CACD,cAAc,EACd,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,EAC3B,6DAA6D,EAC7D,KAAK,CACN,CAAC;QACJ,CAAC;QAED,iCAAiC;QACjC,IAAI,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACxD,GAAG,CACD,cAAc,EACd,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,EAC3B,6DAA6D,EAC7D,KAAK,CACN,CAAC;QACJ,CAAC;QAED,yCAAyC;QACzC,IAAI,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACjE,GAAG,CACD,aAAa,EACb,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,EAC3B,mEAAmE,EACnE,MAAM,CACP,CAAC;QACJ,CAAC;QAED,oCAAoC;QACpC,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAChD,GAAG,CACD,YAAY,EACZ,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,EAC3B,+DAA+D,EAC/D,MAAM,CACP,CAAC;QACJ,CAAC;QAED,qCAAqC;QACrC,IAAI,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC1D,GAAG,CACD,YAAY,EACZ,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,EAC3B,yDAAyD,EACzD,MAAM,CACP,CAAC;QACJ,CAAC;QAED,8BAA8B;QAC9B,IAAI,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC3D,GAAG,CACD,aAAa,EACb,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,EAC3B,iDAAiD,EACjD,MAAM,CACP,CAAC;QACJ,CAAC;QAED,oCAAoC;QACpC,IAAI,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC7D,GAAG,CACD,aAAa,EACb,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,EAC3B,6DAA6D,EAC7D,MAAM,CACP,CAAC;QACJ,CAAC;QAED,kCAAkC;QAClC,IAAI,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACxD,GAAG,CACD,cAAc,EACd,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,EAC3B,qEAAqE,EACrE,MAAM,CACP,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;IAC3C,CAAC;IAEO,mBAAmB,CAAC,IAAY;QACtC,OAAO,CACL,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtD,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtD,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/C,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClD,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtD,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClD,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC3D,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1C,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpD,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrD,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvD,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CACnD,CAAC;IACJ,CAAC;IAEO,uBAAuB,CAAC,IAAY;QAC1C,OAAO,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;IACvE,CAAC;CACF"}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import type { IotPatternDatabase } from '@surfinguard/types';
|
|
2
|
+
import type { Analyzer, AnalyzerResult } from './base.js';
|
|
3
|
+
/**
|
|
4
|
+
* IoT Analyzer — detects dangerous physical device and IoT operations.
|
|
5
|
+
*
|
|
6
|
+
* Detects 4 threat patterns (IOT01-IOT04) mapped to ESCALATION, DESTRUCTION, and MANIPULATION primitives.
|
|
7
|
+
* Input: value = IoT/physical device command, metadata = { device_type?, device_id?, resource? }
|
|
8
|
+
*/
|
|
9
|
+
export declare class IotAnalyzer implements Analyzer {
|
|
10
|
+
readonly actionType: "iot";
|
|
11
|
+
private readonly smartLockPatterns;
|
|
12
|
+
private readonly industrialControlPatterns;
|
|
13
|
+
private readonly securityCameraPatterns;
|
|
14
|
+
private readonly vehicleCommandPatterns;
|
|
15
|
+
private readonly criticalDeviceTypes;
|
|
16
|
+
private readonly safePatterns;
|
|
17
|
+
constructor(patterns: IotPatternDatabase);
|
|
18
|
+
analyze(value: string, metadata?: Record<string, unknown>): AnalyzerResult;
|
|
19
|
+
private hasDangerousPattern;
|
|
20
|
+
private detectCriticalDevice;
|
|
21
|
+
}
|
|
22
|
+
//# sourceMappingURL=iot.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iot.d.ts","sourceRoot":"","sources":["../../src/analyzers/iot.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,KAAK,EAAE,QAAQ,EAAmB,cAAc,EAAE,MAAM,WAAW,CAAC;AAE3E;;;;;GAKG;AACH,qBAAa,WAAY,YAAW,QAAQ;IAC1C,QAAQ,CAAC,UAAU,EAAG,KAAK,CAAU;IAErC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAW;IAC7C,OAAO,CAAC,QAAQ,CAAC,yBAAyB,CAAW;IACrD,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAW;IAClD,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAW;IAClD,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAW;IAC/C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAW;gBAE5B,QAAQ,EAAE,kBAAkB;IAWxC,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,cAAc;IA6E1E,OAAO,CAAC,mBAAmB;IAS3B,OAAO,CAAC,oBAAoB;CAK7B"}
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* IoT Analyzer — detects dangerous physical device and IoT operations.
|
|
3
|
+
*
|
|
4
|
+
* Detects 4 threat patterns (IOT01-IOT04) mapped to ESCALATION, DESTRUCTION, and MANIPULATION primitives.
|
|
5
|
+
* Input: value = IoT/physical device command, metadata = { device_type?, device_id?, resource? }
|
|
6
|
+
*/
|
|
7
|
+
export class IotAnalyzer {
|
|
8
|
+
actionType = 'iot';
|
|
9
|
+
smartLockPatterns;
|
|
10
|
+
industrialControlPatterns;
|
|
11
|
+
securityCameraPatterns;
|
|
12
|
+
vehicleCommandPatterns;
|
|
13
|
+
criticalDeviceTypes;
|
|
14
|
+
safePatterns;
|
|
15
|
+
constructor(patterns) {
|
|
16
|
+
this.smartLockPatterns = patterns.smartLockPatterns.map((p) => new RegExp(p, 'i'));
|
|
17
|
+
this.industrialControlPatterns = patterns.industrialControlPatterns.map((p) => new RegExp(p, 'i'));
|
|
18
|
+
this.securityCameraPatterns = patterns.securityCameraPatterns.map((p) => new RegExp(p, 'i'));
|
|
19
|
+
this.vehicleCommandPatterns = patterns.vehicleCommandPatterns.map((p) => new RegExp(p, 'i'));
|
|
20
|
+
this.criticalDeviceTypes = patterns.criticalDeviceTypes.map((t) => t.toLowerCase());
|
|
21
|
+
this.safePatterns = patterns.safePatterns.map((p) => new RegExp(p, 'i'));
|
|
22
|
+
}
|
|
23
|
+
analyze(value, metadata) {
|
|
24
|
+
const command = value.trim();
|
|
25
|
+
if (!command) {
|
|
26
|
+
return {
|
|
27
|
+
actionType: 'iot',
|
|
28
|
+
findings: [],
|
|
29
|
+
shortCircuit: { safe: true, reason: 'Empty command' },
|
|
30
|
+
};
|
|
31
|
+
}
|
|
32
|
+
const lower = command.toLowerCase();
|
|
33
|
+
// Safe short-circuit
|
|
34
|
+
if (this.safePatterns.some((p) => p.test(lower)) && !this.hasDangerousPattern(lower)) {
|
|
35
|
+
return {
|
|
36
|
+
actionType: 'iot',
|
|
37
|
+
findings: [],
|
|
38
|
+
shortCircuit: { safe: true, reason: 'Safe IoT pattern' },
|
|
39
|
+
};
|
|
40
|
+
}
|
|
41
|
+
const findings = [];
|
|
42
|
+
const add = (primitive, score, reason, threatId) => {
|
|
43
|
+
findings.push({ primitive, score, reason, threatId });
|
|
44
|
+
};
|
|
45
|
+
const isCriticalDevice = this.detectCriticalDevice(metadata);
|
|
46
|
+
const deviceBoost = isCriticalDevice ? 1 : 0;
|
|
47
|
+
// IOT01: Smart lock manipulation
|
|
48
|
+
if (this.smartLockPatterns.some((p) => p.test(lower))) {
|
|
49
|
+
add('ESCALATION', Math.min(10, 9 + deviceBoost), 'Smart lock manipulation — unlocking doors or disabling alarms', 'IOT01');
|
|
50
|
+
}
|
|
51
|
+
// IOT02: Industrial control modification
|
|
52
|
+
if (this.industrialControlPatterns.some((p) => p.test(lower))) {
|
|
53
|
+
add('DESTRUCTION', Math.min(10, 9 + deviceBoost), 'Industrial control modification — overriding safety or modifying PLC/SCADA', 'IOT02');
|
|
54
|
+
}
|
|
55
|
+
// IOT03: Security camera disabling
|
|
56
|
+
if (this.securityCameraPatterns.some((p) => p.test(lower))) {
|
|
57
|
+
add('MANIPULATION', Math.min(10, 9), 'Security camera disabling — disabling cameras or stopping surveillance', 'IOT03');
|
|
58
|
+
}
|
|
59
|
+
// IOT04: Vehicle command injection
|
|
60
|
+
if (this.vehicleCommandPatterns.some((p) => p.test(lower))) {
|
|
61
|
+
add('DESTRUCTION', 10, 'Vehicle command injection — sending CAN bus or OBD commands', 'IOT04');
|
|
62
|
+
}
|
|
63
|
+
return { actionType: 'iot', findings };
|
|
64
|
+
}
|
|
65
|
+
hasDangerousPattern(text) {
|
|
66
|
+
return (this.smartLockPatterns.some((p) => p.test(text)) ||
|
|
67
|
+
this.industrialControlPatterns.some((p) => p.test(text)) ||
|
|
68
|
+
this.securityCameraPatterns.some((p) => p.test(text)) ||
|
|
69
|
+
this.vehicleCommandPatterns.some((p) => p.test(text)));
|
|
70
|
+
}
|
|
71
|
+
detectCriticalDevice(metadata) {
|
|
72
|
+
const deviceType = (metadata?.device_type ?? '').toLowerCase();
|
|
73
|
+
if (!deviceType)
|
|
74
|
+
return false;
|
|
75
|
+
return this.criticalDeviceTypes.some((t) => deviceType.includes(t));
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
//# sourceMappingURL=iot.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iot.js","sourceRoot":"","sources":["../../src/analyzers/iot.ts"],"names":[],"mappings":"AAGA;;;;;GAKG;AACH,MAAM,OAAO,WAAW;IACb,UAAU,GAAG,KAAc,CAAC;IAEpB,iBAAiB,CAAW;IAC5B,yBAAyB,CAAW;IACpC,sBAAsB,CAAW;IACjC,sBAAsB,CAAW;IACjC,mBAAmB,CAAW;IAC9B,YAAY,CAAW;IAExC,YAAY,QAA4B;QACtC,IAAI,CAAC,iBAAiB,GAAG,QAAQ,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACnF,IAAI,CAAC,yBAAyB,GAAG,QAAQ,CAAC,yBAAyB,CAAC,GAAG,CACrE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAC1B,CAAC;QACF,IAAI,CAAC,sBAAsB,GAAG,QAAQ,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC7F,IAAI,CAAC,sBAAsB,GAAG,QAAQ,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC7F,IAAI,CAAC,mBAAmB,GAAG,QAAQ,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QACpF,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IAC3E,CAAC;IAED,OAAO,CAAC,KAAa,EAAE,QAAkC;QACvD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,QAAQ,EAAE,EAAE;gBACZ,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,eAAe,EAAE;aACtD,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QAEpC,qBAAqB;QACrB,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,EAAE,CAAC;YACrF,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,QAAQ,EAAE,EAAE;gBACZ,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,EAAE;aACzD,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAsB,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,CACV,SAAuC,EACvC,KAAa,EACb,MAAc,EACd,QAAgB,EAChB,EAAE;YACF,QAAQ,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QACxD,CAAC,CAAC;QAEF,MAAM,gBAAgB,GAAG,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC;QAC7D,MAAM,WAAW,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAE7C,iCAAiC;QACjC,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACtD,GAAG,CACD,YAAY,EACZ,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,WAAW,CAAC,EAC7B,+DAA+D,EAC/D,OAAO,CACR,CAAC;QACJ,CAAC;QAED,yCAAyC;QACzC,IAAI,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC9D,GAAG,CACD,aAAa,EACb,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,WAAW,CAAC,EAC7B,4EAA4E,EAC5E,OAAO,CACR,CAAC;QACJ,CAAC;QAED,mCAAmC;QACnC,IAAI,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC3D,GAAG,CACD,cAAc,EACd,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,EACf,wEAAwE,EACxE,OAAO,CACR,CAAC;QACJ,CAAC;QAED,mCAAmC;QACnC,IAAI,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC3D,GAAG,CACD,aAAa,EACb,EAAE,EACF,6DAA6D,EAC7D,OAAO,CACR,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;IACzC,CAAC;IAEO,mBAAmB,CAAC,IAAY;QACtC,OAAO,CACL,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChD,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxD,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrD,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CACtD,CAAC;IACJ,CAAC;IAEO,oBAAoB,CAAC,QAAkC;QAC7D,MAAM,UAAU,GAAG,CAAE,QAAQ,EAAE,WAAsB,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC3E,IAAI,CAAC,UAAU;YAAE,OAAO,KAAK,CAAC;QAC9B,OAAO,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACtE,CAAC;CACF"}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import type { MessagePatternDatabase } from '@surfinguard/types';
|
|
2
|
+
import type { Analyzer, AnalyzerResult } from './base.js';
|
|
3
|
+
/**
|
|
4
|
+
* Message Analyzer — detects dangerous messaging patterns.
|
|
5
|
+
*
|
|
6
|
+
* Detects 6 threat patterns (M01-M06) mapped to 2 risk primitives.
|
|
7
|
+
* Input: value = message body/content, metadata = { channel?, to?, subject? }
|
|
8
|
+
*/
|
|
9
|
+
export declare class MessageAnalyzer implements Analyzer {
|
|
10
|
+
readonly actionType: "message";
|
|
11
|
+
private readonly emailPatterns;
|
|
12
|
+
private readonly slackPatterns;
|
|
13
|
+
private readonly smsPatterns;
|
|
14
|
+
private readonly socialMediaPatterns;
|
|
15
|
+
private readonly sensitiveContentPatterns;
|
|
16
|
+
private readonly impersonationPatterns;
|
|
17
|
+
private readonly safePatterns;
|
|
18
|
+
constructor(patterns: MessagePatternDatabase);
|
|
19
|
+
analyze(value: string, metadata?: Record<string, unknown>): AnalyzerResult;
|
|
20
|
+
private hasSendingPattern;
|
|
21
|
+
}
|
|
22
|
+
//# sourceMappingURL=message.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"message.d.ts","sourceRoot":"","sources":["../../src/analyzers/message.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,KAAK,EAAE,QAAQ,EAAmB,cAAc,EAAE,MAAM,WAAW,CAAC;AAE3E;;;;;GAKG;AACH,qBAAa,eAAgB,YAAW,QAAQ;IAC9C,QAAQ,CAAC,UAAU,EAAG,SAAS,CAAU;IAEzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAW;IACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAW;IACzC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAW;IACvC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAW;IAC/C,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAW;IACpD,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAW;IACjD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAW;gBAE5B,QAAQ,EAAE,sBAAsB;IAY5C,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,cAAc;IAoH1E,OAAO,CAAC,iBAAiB;CAQ1B"}
|
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Message Analyzer — detects dangerous messaging patterns.
|
|
3
|
+
*
|
|
4
|
+
* Detects 6 threat patterns (M01-M06) mapped to 2 risk primitives.
|
|
5
|
+
* Input: value = message body/content, metadata = { channel?, to?, subject? }
|
|
6
|
+
*/
|
|
7
|
+
export class MessageAnalyzer {
|
|
8
|
+
actionType = 'message';
|
|
9
|
+
emailPatterns;
|
|
10
|
+
slackPatterns;
|
|
11
|
+
smsPatterns;
|
|
12
|
+
socialMediaPatterns;
|
|
13
|
+
sensitiveContentPatterns;
|
|
14
|
+
impersonationPatterns;
|
|
15
|
+
safePatterns;
|
|
16
|
+
constructor(patterns) {
|
|
17
|
+
this.emailPatterns = patterns.emailPatterns.map((p) => new RegExp(p, 'i'));
|
|
18
|
+
this.slackPatterns = patterns.slackPatterns.map((p) => new RegExp(p, 'i'));
|
|
19
|
+
this.smsPatterns = patterns.smsPatterns.map((p) => new RegExp(p, 'i'));
|
|
20
|
+
this.socialMediaPatterns = patterns.socialMediaPatterns.map((p) => new RegExp(p, 'i'));
|
|
21
|
+
this.sensitiveContentPatterns = patterns.sensitiveContentPatterns.map((p) => new RegExp(p, 'i'));
|
|
22
|
+
this.impersonationPatterns = patterns.impersonationPatterns.map((p) => new RegExp(p, 'i'));
|
|
23
|
+
this.safePatterns = patterns.safePatterns.map((p) => new RegExp(p, 'i'));
|
|
24
|
+
}
|
|
25
|
+
analyze(value, metadata) {
|
|
26
|
+
const body = value.trim();
|
|
27
|
+
if (!body) {
|
|
28
|
+
return {
|
|
29
|
+
actionType: 'message',
|
|
30
|
+
findings: [],
|
|
31
|
+
shortCircuit: { safe: true, reason: 'Empty message' },
|
|
32
|
+
};
|
|
33
|
+
}
|
|
34
|
+
const channel = (metadata?.channel ?? '').toLowerCase();
|
|
35
|
+
const to = (metadata?.to ?? '').toLowerCase();
|
|
36
|
+
const subject = (metadata?.subject ?? '').toLowerCase();
|
|
37
|
+
const combined = `${body} ${to} ${subject}`.toLowerCase();
|
|
38
|
+
// Safe short-circuit
|
|
39
|
+
if (channel === 'log' || channel === 'debug') {
|
|
40
|
+
return {
|
|
41
|
+
actionType: 'message',
|
|
42
|
+
findings: [],
|
|
43
|
+
shortCircuit: { safe: true, reason: 'Log/debug channel' },
|
|
44
|
+
};
|
|
45
|
+
}
|
|
46
|
+
if (this.safePatterns.some((p) => p.test(body)) &&
|
|
47
|
+
!this.hasSendingPattern(combined) &&
|
|
48
|
+
!this.impersonationPatterns.some((p) => p.test(combined))) {
|
|
49
|
+
return {
|
|
50
|
+
actionType: 'message',
|
|
51
|
+
findings: [],
|
|
52
|
+
shortCircuit: { safe: true, reason: 'Safe message pattern' },
|
|
53
|
+
};
|
|
54
|
+
}
|
|
55
|
+
const findings = [];
|
|
56
|
+
const add = (primitive, score, reason, threatId) => {
|
|
57
|
+
findings.push({ primitive, score, reason, threatId });
|
|
58
|
+
};
|
|
59
|
+
const hasSensitiveContent = this.sensitiveContentPatterns.some((p) => p.test(combined));
|
|
60
|
+
// ── M01: Unauthorized email sending ──
|
|
61
|
+
const hasEmailPattern = this.emailPatterns.some((p) => p.test(combined));
|
|
62
|
+
if (hasEmailPattern || (channel === 'email' && hasSensitiveContent)) {
|
|
63
|
+
const score = hasSensitiveContent ? 8 : 6;
|
|
64
|
+
add('EXFILTRATION', score, 'Unauthorized email sending — agent attempting to send email' +
|
|
65
|
+
(hasSensitiveContent ? ' with sensitive content' : ''), 'M01');
|
|
66
|
+
}
|
|
67
|
+
// ── M02: Slack/Teams message leakage ──
|
|
68
|
+
const hasSlackPattern = this.slackPatterns.some((p) => p.test(combined));
|
|
69
|
+
if (hasSlackPattern || (channel === 'slack' && hasSensitiveContent)) {
|
|
70
|
+
const score = hasSensitiveContent ? 8 : 6;
|
|
71
|
+
add('EXFILTRATION', score, 'Slack/Teams message leakage — agent posting to chat platform' +
|
|
72
|
+
(hasSensitiveContent ? ' with sensitive content' : ''), 'M02');
|
|
73
|
+
}
|
|
74
|
+
// ── M03: SMS/notification abuse ──
|
|
75
|
+
const hasSmsPattern = this.smsPatterns.some((p) => p.test(combined));
|
|
76
|
+
if (hasSmsPattern || channel === 'sms') {
|
|
77
|
+
add('MANIPULATION', 6, 'SMS/notification abuse — agent sending SMS or notifications', 'M03');
|
|
78
|
+
}
|
|
79
|
+
// ── M04: Social media posting ──
|
|
80
|
+
const hasSocialPattern = this.socialMediaPatterns.some((p) => p.test(combined));
|
|
81
|
+
if (hasSocialPattern || channel === 'social') {
|
|
82
|
+
add('MANIPULATION', 7, 'Social media posting — agent posting to social media platform', 'M04');
|
|
83
|
+
}
|
|
84
|
+
// ── M05: GitHub issue/PR comments ──
|
|
85
|
+
const hasGithubPattern = /github\.com.*(?:issue|pull|comment)|create.*issue|post.*comment.*github/i.test(combined);
|
|
86
|
+
if (hasGithubPattern || channel === 'github') {
|
|
87
|
+
add('MANIPULATION', 5, 'GitHub issue/PR comment — agent posting on GitHub', 'M05');
|
|
88
|
+
}
|
|
89
|
+
// ── M06: Impersonation via messaging ──
|
|
90
|
+
if (this.impersonationPatterns.some((p) => p.test(combined))) {
|
|
91
|
+
add('MANIPULATION', 9, 'Impersonation via messaging — agent pretending to be another entity', 'M06');
|
|
92
|
+
}
|
|
93
|
+
// ── Bonus: sensitive content + any sending pattern ──
|
|
94
|
+
if (hasSensitiveContent && findings.length > 0 && !hasEmailPattern && !hasSlackPattern) {
|
|
95
|
+
add('EXFILTRATION', 2, 'Sensitive content detected in outgoing message', 'M01');
|
|
96
|
+
}
|
|
97
|
+
return { actionType: 'message', findings };
|
|
98
|
+
}
|
|
99
|
+
hasSendingPattern(text) {
|
|
100
|
+
return (this.emailPatterns.some((p) => p.test(text)) ||
|
|
101
|
+
this.slackPatterns.some((p) => p.test(text)) ||
|
|
102
|
+
this.smsPatterns.some((p) => p.test(text)) ||
|
|
103
|
+
this.socialMediaPatterns.some((p) => p.test(text)));
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
//# sourceMappingURL=message.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"message.js","sourceRoot":"","sources":["../../src/analyzers/message.ts"],"names":[],"mappings":"AAGA;;;;;GAKG;AACH,MAAM,OAAO,eAAe;IACjB,UAAU,GAAG,SAAkB,CAAC;IAExB,aAAa,CAAW;IACxB,aAAa,CAAW;IACxB,WAAW,CAAW;IACtB,mBAAmB,CAAW;IAC9B,wBAAwB,CAAW;IACnC,qBAAqB,CAAW;IAChC,YAAY,CAAW;IAExC,YAAY,QAAgC;QAC1C,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3E,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3E,IAAI,CAAC,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACvE,IAAI,CAAC,mBAAmB,GAAG,QAAQ,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACvF,IAAI,CAAC,wBAAwB,GAAG,QAAQ,CAAC,wBAAwB,CAAC,GAAG,CACnE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAC1B,CAAC;QACF,IAAI,CAAC,qBAAqB,GAAG,QAAQ,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3F,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IAC3E,CAAC;IAED,OAAO,CAAC,KAAa,EAAE,QAAkC;QACvD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAC1B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO;gBACL,UAAU,EAAE,SAAS;gBACrB,QAAQ,EAAE,EAAE;gBACZ,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,eAAe,EAAE;aACtD,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,CAAE,QAAQ,EAAE,OAAkB,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QACpE,MAAM,EAAE,GAAG,CAAE,QAAQ,EAAE,EAAa,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC1D,MAAM,OAAO,GAAG,CAAE,QAAQ,EAAE,OAAkB,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QACpE,MAAM,QAAQ,GAAG,GAAG,IAAI,IAAI,EAAE,IAAI,OAAO,EAAE,CAAC,WAAW,EAAE,CAAC;QAE1D,qBAAqB;QACrB,IAAI,OAAO,KAAK,KAAK,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;YAC7C,OAAO;gBACL,UAAU,EAAE,SAAS;gBACrB,QAAQ,EAAE,EAAE;gBACZ,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,mBAAmB,EAAE;aAC1D,CAAC;QACJ,CAAC;QAED,IACE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC3C,CAAC,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC;YACjC,CAAC,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EACzD,CAAC;YACD,OAAO;gBACL,UAAU,EAAE,SAAS;gBACrB,QAAQ,EAAE,EAAE;gBACZ,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,sBAAsB,EAAE;aAC7D,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAsB,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,CACV,SAAuC,EACvC,KAAa,EACb,MAAc,EACd,QAAgB,EAChB,EAAE;YACF,QAAQ,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QACxD,CAAC,CAAC;QAEF,MAAM,mBAAmB,GAAG,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAExF,wCAAwC;QACxC,MAAM,eAAe,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QACzE,IAAI,eAAe,IAAI,CAAC,OAAO,KAAK,OAAO,IAAI,mBAAmB,CAAC,EAAE,CAAC;YACpE,MAAM,KAAK,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1C,GAAG,CACD,cAAc,EACd,KAAK,EACL,6DAA6D;gBAC3D,CAAC,mBAAmB,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,EAAE,CAAC,EACxD,KAAK,CACN,CAAC;QACJ,CAAC;QAED,yCAAyC;QACzC,MAAM,eAAe,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QACzE,IAAI,eAAe,IAAI,CAAC,OAAO,KAAK,OAAO,IAAI,mBAAmB,CAAC,EAAE,CAAC;YACpE,MAAM,KAAK,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1C,GAAG,CACD,cAAc,EACd,KAAK,EACL,8DAA8D;gBAC5D,CAAC,mBAAmB,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,EAAE,CAAC,EACxD,KAAK,CACN,CAAC;QACJ,CAAC;QAED,oCAAoC;QACpC,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QACrE,IAAI,aAAa,IAAI,OAAO,KAAK,KAAK,EAAE,CAAC;YACvC,GAAG,CAAC,cAAc,EAAE,CAAC,EAAE,6DAA6D,EAAE,KAAK,CAAC,CAAC;QAC/F,CAAC;QAED,kCAAkC;QAClC,MAAM,gBAAgB,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAChF,IAAI,gBAAgB,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC7C,GAAG,CACD,cAAc,EACd,CAAC,EACD,+DAA+D,EAC/D,KAAK,CACN,CAAC;QACJ,CAAC;QAED,sCAAsC;QACtC,MAAM,gBAAgB,GACpB,0EAA0E,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC5F,IAAI,gBAAgB,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC7C,GAAG,CAAC,cAAc,EAAE,CAAC,EAAE,mDAAmD,EAAE,KAAK,CAAC,CAAC;QACrF,CAAC;QAED,yCAAyC;QACzC,IAAI,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YAC7D,GAAG,CACD,cAAc,EACd,CAAC,EACD,qEAAqE,EACrE,KAAK,CACN,CAAC;QACJ,CAAC;QAED,uDAAuD;QACvD,IAAI,mBAAmB,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,eAAe,EAAE,CAAC;YACvF,GAAG,CAAC,cAAc,EAAE,CAAC,EAAE,gDAAgD,EAAE,KAAK,CAAC,CAAC;QAClF,CAAC;QAED,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;IAC7C,CAAC;IAEO,iBAAiB,CAAC,IAAY;QACpC,OAAO,CACL,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5C,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5C,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1C,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CACnD,CAAC;IACJ,CAAC;CACF"}
|