@surfinguard/core-engine 0.1.0 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/dist/analyzers/agent-comm.d.ts +22 -0
- package/dist/analyzers/agent-comm.d.ts.map +1 -0
- package/dist/analyzers/agent-comm.js +79 -0
- package/dist/analyzers/agent-comm.js.map +1 -0
- package/dist/analyzers/api-call.d.ts +21 -0
- package/dist/analyzers/api-call.d.ts.map +1 -0
- package/dist/analyzers/api-call.js +134 -0
- package/dist/analyzers/api-call.js.map +1 -0
- package/dist/analyzers/auth.d.ts +22 -0
- package/dist/analyzers/auth.d.ts.map +1 -0
- package/dist/analyzers/auth.js +97 -0
- package/dist/analyzers/auth.js.map +1 -0
- package/dist/analyzers/code.d.ts +32 -0
- package/dist/analyzers/code.d.ts.map +1 -0
- package/dist/analyzers/code.js +310 -0
- package/dist/analyzers/code.js.map +1 -0
- package/dist/analyzers/command.d.ts.map +1 -1
- package/dist/analyzers/command.js +91 -39
- package/dist/analyzers/command.js.map +1 -1
- package/dist/analyzers/data-pipeline.d.ts +23 -0
- package/dist/analyzers/data-pipeline.d.ts.map +1 -0
- package/dist/analyzers/data-pipeline.js +86 -0
- package/dist/analyzers/data-pipeline.js.map +1 -0
- package/dist/analyzers/document.d.ts +22 -0
- package/dist/analyzers/document.d.ts.map +1 -0
- package/dist/analyzers/document.js +77 -0
- package/dist/analyzers/document.js.map +1 -0
- package/dist/analyzers/file-read.d.ts.map +1 -1
- package/dist/analyzers/file-read.js +12 -3
- package/dist/analyzers/file-read.js.map +1 -1
- package/dist/analyzers/file-write.d.ts.map +1 -1
- package/dist/analyzers/file-write.js +12 -3
- package/dist/analyzers/file-write.js.map +1 -1
- package/dist/analyzers/git.d.ts +25 -0
- package/dist/analyzers/git.d.ts.map +1 -0
- package/dist/analyzers/git.js +126 -0
- package/dist/analyzers/git.js.map +1 -0
- package/dist/analyzers/index.d.ts +3 -0
- package/dist/analyzers/index.d.ts.map +1 -1
- package/dist/analyzers/index.js +3 -0
- package/dist/analyzers/index.js.map +1 -1
- package/dist/analyzers/infra.d.ts +30 -0
- package/dist/analyzers/infra.d.ts.map +1 -0
- package/dist/analyzers/infra.js +134 -0
- package/dist/analyzers/infra.js.map +1 -0
- package/dist/analyzers/iot.d.ts +22 -0
- package/dist/analyzers/iot.d.ts.map +1 -0
- package/dist/analyzers/iot.js +78 -0
- package/dist/analyzers/iot.js.map +1 -0
- package/dist/analyzers/message.d.ts +22 -0
- package/dist/analyzers/message.d.ts.map +1 -0
- package/dist/analyzers/message.js +106 -0
- package/dist/analyzers/message.js.map +1 -0
- package/dist/analyzers/query.d.ts +23 -0
- package/dist/analyzers/query.d.ts.map +1 -0
- package/dist/analyzers/query.js +183 -0
- package/dist/analyzers/query.js.map +1 -0
- package/dist/analyzers/text.d.ts.map +1 -1
- package/dist/analyzers/text.js +20 -3
- package/dist/analyzers/text.js.map +1 -1
- package/dist/analyzers/transaction.d.ts +23 -0
- package/dist/analyzers/transaction.d.ts.map +1 -0
- package/dist/analyzers/transaction.js +100 -0
- package/dist/analyzers/transaction.js.map +1 -0
- package/dist/analyzers/ui-action.d.ts +23 -0
- package/dist/analyzers/ui-action.d.ts.map +1 -0
- package/dist/analyzers/ui-action.js +92 -0
- package/dist/analyzers/ui-action.js.map +1 -0
- package/dist/analyzers/url.d.ts.map +1 -1
- package/dist/analyzers/url.js +6 -2
- package/dist/analyzers/url.js.map +1 -1
- package/dist/classifier.d.ts.map +1 -1
- package/dist/classifier.js +20 -1
- package/dist/classifier.js.map +1 -1
- package/dist/context.d.ts +6 -4
- package/dist/context.d.ts.map +1 -1
- package/dist/context.js +34 -5
- package/dist/context.js.map +1 -1
- package/dist/engine.d.ts +72 -3
- package/dist/engine.d.ts.map +1 -1
- package/dist/engine.js +313 -9
- package/dist/engine.js.map +1 -1
- package/dist/index.d.ts +18 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +17 -1
- package/dist/index.js.map +1 -1
- package/dist/patterns.d.ts +15 -1
- package/dist/patterns.d.ts.map +1 -1
- package/dist/patterns.js +70 -53
- package/dist/patterns.js.map +1 -1
- package/dist/policy-engine.d.ts +44 -0
- package/dist/policy-engine.d.ts.map +1 -0
- package/dist/policy-engine.js +225 -0
- package/dist/policy-engine.js.map +1 -0
- package/dist/session-tracker.d.ts +50 -0
- package/dist/session-tracker.d.ts.map +1 -0
- package/dist/session-tracker.js +286 -0
- package/dist/session-tracker.js.map +1 -0
- package/package.json +15 -12
- package/patterns/agent-comm.json +97 -0
- package/patterns/api-call.json +175 -0
- package/patterns/auth.json +116 -0
- package/patterns/chains.json +171 -0
- package/patterns/code.json +204 -0
- package/patterns/data-pipeline.json +116 -0
- package/patterns/document.json +110 -0
- package/patterns/git.json +118 -0
- package/patterns/infra.json +207 -0
- package/patterns/iot.json +105 -0
- package/patterns/message.json +122 -0
- package/patterns/query.json +134 -0
- package/patterns/transaction.json +120 -0
- package/patterns/ui-action.json +137 -0
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import type { QueryPatternDatabase } from '@surfinguard/types';
|
|
2
|
+
import type { Analyzer, AnalyzerResult } from './base.js';
|
|
3
|
+
/**
|
|
4
|
+
* Query Analyzer — detects dangerous SQL query patterns.
|
|
5
|
+
*
|
|
6
|
+
* Detects 7 threat patterns (D01-D07) mapped to 4 risk primitives.
|
|
7
|
+
* Lightweight regex-based (not a full SQL parser).
|
|
8
|
+
*/
|
|
9
|
+
export declare class QueryAnalyzer implements Analyzer {
|
|
10
|
+
readonly actionType: "query";
|
|
11
|
+
private readonly destructiveDdl;
|
|
12
|
+
private readonly destructiveDml;
|
|
13
|
+
private readonly exfiltrationPatterns;
|
|
14
|
+
private readonly escalationPatterns;
|
|
15
|
+
private readonly persistencePatterns;
|
|
16
|
+
private readonly obfuscationPatterns;
|
|
17
|
+
private readonly safeRegexes;
|
|
18
|
+
private readonly exfiltrationRegexes;
|
|
19
|
+
constructor(patterns: QueryPatternDatabase);
|
|
20
|
+
analyze(value: string): AnalyzerResult;
|
|
21
|
+
private splitStatements;
|
|
22
|
+
}
|
|
23
|
+
//# sourceMappingURL=query.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"query.d.ts","sourceRoot":"","sources":["../../src/analyzers/query.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC/D,OAAO,KAAK,EAAE,QAAQ,EAAmB,cAAc,EAAE,MAAM,WAAW,CAAC;AAE3E;;;;;GAKG;AACH,qBAAa,aAAc,YAAW,QAAQ;IAC5C,QAAQ,CAAC,UAAU,EAAG,OAAO,CAAU;IAEvC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAW;IAC1C,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAW;IAC1C,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAW;IAChD,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAW;IAC9C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAW;IAC/C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAW;IAC/C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAW;IAEvC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAW;gBAEnC,QAAQ,EAAE,oBAAoB;IAgC1C,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,cAAc;IA+HtC,OAAO,CAAC,eAAe;CA4BxB"}
|
|
@@ -0,0 +1,183 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Query Analyzer — detects dangerous SQL query patterns.
|
|
3
|
+
*
|
|
4
|
+
* Detects 7 threat patterns (D01-D07) mapped to 4 risk primitives.
|
|
5
|
+
* Lightweight regex-based (not a full SQL parser).
|
|
6
|
+
*/
|
|
7
|
+
export class QueryAnalyzer {
|
|
8
|
+
actionType = 'query';
|
|
9
|
+
destructiveDdl;
|
|
10
|
+
destructiveDml;
|
|
11
|
+
exfiltrationPatterns;
|
|
12
|
+
escalationPatterns;
|
|
13
|
+
persistencePatterns;
|
|
14
|
+
obfuscationPatterns;
|
|
15
|
+
safeRegexes;
|
|
16
|
+
exfiltrationRegexes;
|
|
17
|
+
constructor(patterns) {
|
|
18
|
+
this.destructiveDdl = patterns.destructiveDdl.map((p) => p.toLowerCase());
|
|
19
|
+
this.destructiveDml = patterns.destructiveDml.map((p) => p.toLowerCase());
|
|
20
|
+
this.escalationPatterns = patterns.escalationPatterns.map((p) => p.toLowerCase());
|
|
21
|
+
this.persistencePatterns = patterns.persistencePatterns.map((p) => p.toLowerCase());
|
|
22
|
+
this.obfuscationPatterns = patterns.obfuscationPatterns;
|
|
23
|
+
// Separate regex-like exfiltration patterns from plain strings
|
|
24
|
+
this.exfiltrationPatterns = [];
|
|
25
|
+
this.exfiltrationRegexes = [];
|
|
26
|
+
for (const p of patterns.exfiltrationPatterns) {
|
|
27
|
+
if (/[\\+*?{}[\]^$|]/.test(p)) {
|
|
28
|
+
try {
|
|
29
|
+
this.exfiltrationRegexes.push(new RegExp(p, 'i'));
|
|
30
|
+
}
|
|
31
|
+
catch {
|
|
32
|
+
this.exfiltrationPatterns.push(p.toLowerCase());
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
else {
|
|
36
|
+
this.exfiltrationPatterns.push(p.toLowerCase());
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
this.safeRegexes = [];
|
|
40
|
+
for (const p of patterns.safePatterns) {
|
|
41
|
+
try {
|
|
42
|
+
this.safeRegexes.push(new RegExp(p, 'i'));
|
|
43
|
+
}
|
|
44
|
+
catch {
|
|
45
|
+
// skip invalid regex
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
analyze(value) {
|
|
50
|
+
const raw = value.trim();
|
|
51
|
+
if (!raw) {
|
|
52
|
+
return {
|
|
53
|
+
actionType: 'query',
|
|
54
|
+
findings: [],
|
|
55
|
+
shortCircuit: { safe: true, reason: 'Empty query' },
|
|
56
|
+
};
|
|
57
|
+
}
|
|
58
|
+
// Normalize: lowercase, strip SQL comments, collapse whitespace
|
|
59
|
+
const stripped = raw.toLowerCase().replace(/\/\*.*?\*\//g, ' ');
|
|
60
|
+
const query = stripped.replace(/\s+/g, ' ').trim();
|
|
61
|
+
const findings = [];
|
|
62
|
+
const add = (primitive, score, reason, threatId) => {
|
|
63
|
+
findings.push({ primitive, score, reason, threatId });
|
|
64
|
+
};
|
|
65
|
+
// ── Safe short-circuit ──
|
|
66
|
+
// Only short-circuit simple single-statement queries with no dangerous patterns
|
|
67
|
+
const statements = this.splitStatements(query);
|
|
68
|
+
if (statements.length === 1) {
|
|
69
|
+
const hasDestructive = this.destructiveDdl.some((p) => query.includes(p));
|
|
70
|
+
const hasEscalation = this.escalationPatterns.some((p) => query.includes(p));
|
|
71
|
+
const hasPersistence = this.persistencePatterns.some((p) => query.includes(p));
|
|
72
|
+
const hasExfiltration = this.exfiltrationPatterns.some((p) => query.includes(p)) ||
|
|
73
|
+
this.exfiltrationRegexes.some((r) => r.test(query));
|
|
74
|
+
if (!hasDestructive && !hasEscalation && !hasPersistence && !hasExfiltration) {
|
|
75
|
+
if (this.safeRegexes.some((r) => r.test(query))) {
|
|
76
|
+
return {
|
|
77
|
+
actionType: 'query',
|
|
78
|
+
findings: [],
|
|
79
|
+
shortCircuit: { safe: true, reason: 'Safe query pattern' },
|
|
80
|
+
};
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
// ── D01: Destructive DDL ──
|
|
85
|
+
if (this.destructiveDdl.some((p) => query.includes(p))) {
|
|
86
|
+
const ddlMatch = this.destructiveDdl.find((p) => query.includes(p));
|
|
87
|
+
add('DESTRUCTION', 10, `Destructive DDL — ${ddlMatch?.toUpperCase()}`, 'D01');
|
|
88
|
+
}
|
|
89
|
+
// ── D02/D07: Mass deletion/update (DML without WHERE) ──
|
|
90
|
+
if (query.includes('delete from') && !query.includes('where')) {
|
|
91
|
+
add('DESTRUCTION', 9, 'Mass data deletion — DELETE FROM without WHERE clause', 'D02');
|
|
92
|
+
}
|
|
93
|
+
if (query.includes('update') && query.includes('set') && !query.includes('where')) {
|
|
94
|
+
// Exclude CREATE-related UPDATE keywords
|
|
95
|
+
if (!query.includes('create') && !query.includes('alter user')) {
|
|
96
|
+
add('DESTRUCTION', 9, 'Mass data update — UPDATE SET without WHERE clause', 'D07');
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
// ── D03: Schema modification ──
|
|
100
|
+
if (query.includes('alter table')) {
|
|
101
|
+
// Don't double-count if already caught by DDL
|
|
102
|
+
if (!findings.some((f) => f.threatId === 'D01')) {
|
|
103
|
+
add('DESTRUCTION', 7, 'Schema modification — ALTER TABLE', 'D03');
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
if (query.includes('drop column') || query.includes('drop index')) {
|
|
107
|
+
if (!findings.some((f) => f.threatId === 'D01')) {
|
|
108
|
+
add('DESTRUCTION', 7, 'Schema modification — DROP COLUMN/INDEX', 'D03');
|
|
109
|
+
}
|
|
110
|
+
}
|
|
111
|
+
// ── D04: Data exfiltration ──
|
|
112
|
+
const exfilStringMatch = this.exfiltrationPatterns.find((p) => query.includes(p));
|
|
113
|
+
const exfilRegexMatch = this.exfiltrationRegexes.some((r) => r.test(query));
|
|
114
|
+
if (exfilStringMatch) {
|
|
115
|
+
add('EXFILTRATION', 9, `Data exfiltration — ${exfilStringMatch}`, 'D04');
|
|
116
|
+
}
|
|
117
|
+
else if (exfilRegexMatch) {
|
|
118
|
+
add('EXFILTRATION', 9, 'Data exfiltration — regex pattern match', 'D04');
|
|
119
|
+
}
|
|
120
|
+
// ── D05: Privilege escalation ──
|
|
121
|
+
if (this.escalationPatterns.some((p) => query.includes(p))) {
|
|
122
|
+
const escalMatch = this.escalationPatterns.find((p) => query.includes(p));
|
|
123
|
+
add('ESCALATION', 9, `Privilege escalation — ${escalMatch?.toUpperCase()}`, 'D05');
|
|
124
|
+
}
|
|
125
|
+
// ── D06: Stored procedure injection ──
|
|
126
|
+
if (this.persistencePatterns.some((p) => query.includes(p))) {
|
|
127
|
+
const dangerousBody = ['exec', 'system', 'xp_cmdshell', 'os.system', 'subprocess', 'shell'];
|
|
128
|
+
if (dangerousBody.some((d) => query.includes(d))) {
|
|
129
|
+
add('PERSISTENCE', 8, 'Stored procedure injection — trigger/function with exec/system call', 'D06');
|
|
130
|
+
}
|
|
131
|
+
else {
|
|
132
|
+
// Still flag it but lower severity
|
|
133
|
+
add('PERSISTENCE', 5, 'Database persistence — CREATE TRIGGER/FUNCTION', 'D06');
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
// ── Multi-statement boost ──
|
|
137
|
+
if (statements.length > 1 && findings.length > 0) {
|
|
138
|
+
add('MANIPULATION', 2, 'Multi-statement query — potential stacked injection', 'D04');
|
|
139
|
+
}
|
|
140
|
+
// ── Obfuscation boost (check raw input, not stripped) ──
|
|
141
|
+
const rawLower = raw.toLowerCase();
|
|
142
|
+
if (this.obfuscationPatterns.some((p) => rawLower.includes(p.toLowerCase()))) {
|
|
143
|
+
if (findings.length > 0) {
|
|
144
|
+
add('MANIPULATION', 2, 'SQL obfuscation detected — comment injection or hex encoding', 'D04');
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
return { actionType: 'query', findings };
|
|
148
|
+
}
|
|
149
|
+
splitStatements(query) {
|
|
150
|
+
// Split on semicolons but not within quotes
|
|
151
|
+
const parts = [];
|
|
152
|
+
let current = '';
|
|
153
|
+
let inQuote = false;
|
|
154
|
+
let quoteChar = '';
|
|
155
|
+
for (let i = 0; i < query.length; i++) {
|
|
156
|
+
const ch = query[i];
|
|
157
|
+
if (inQuote) {
|
|
158
|
+
current += ch;
|
|
159
|
+
if (ch === quoteChar)
|
|
160
|
+
inQuote = false;
|
|
161
|
+
}
|
|
162
|
+
else if (ch === "'" || ch === '"') {
|
|
163
|
+
current += ch;
|
|
164
|
+
inQuote = true;
|
|
165
|
+
quoteChar = ch;
|
|
166
|
+
}
|
|
167
|
+
else if (ch === ';') {
|
|
168
|
+
const trimmed = current.trim();
|
|
169
|
+
if (trimmed)
|
|
170
|
+
parts.push(trimmed);
|
|
171
|
+
current = '';
|
|
172
|
+
}
|
|
173
|
+
else {
|
|
174
|
+
current += ch;
|
|
175
|
+
}
|
|
176
|
+
}
|
|
177
|
+
const trimmed = current.trim();
|
|
178
|
+
if (trimmed)
|
|
179
|
+
parts.push(trimmed);
|
|
180
|
+
return parts;
|
|
181
|
+
}
|
|
182
|
+
}
|
|
183
|
+
//# sourceMappingURL=query.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"query.js","sourceRoot":"","sources":["../../src/analyzers/query.ts"],"names":[],"mappings":"AAGA;;;;;GAKG;AACH,MAAM,OAAO,aAAa;IACf,UAAU,GAAG,OAAgB,CAAC;IAEtB,cAAc,CAAW;IACzB,cAAc,CAAW;IACzB,oBAAoB,CAAW;IAC/B,kBAAkB,CAAW;IAC7B,mBAAmB,CAAW;IAC9B,mBAAmB,CAAW;IAC9B,WAAW,CAAW;IAEtB,mBAAmB,CAAW;IAE/C,YAAY,QAA8B;QACxC,IAAI,CAAC,cAAc,GAAG,QAAQ,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAC1E,IAAI,CAAC,cAAc,GAAG,QAAQ,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAC1E,IAAI,CAAC,kBAAkB,GAAG,QAAQ,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAClF,IAAI,CAAC,mBAAmB,GAAG,QAAQ,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QACpF,IAAI,CAAC,mBAAmB,GAAG,QAAQ,CAAC,mBAAmB,CAAC;QAExD,+DAA+D;QAC/D,IAAI,CAAC,oBAAoB,GAAG,EAAE,CAAC;QAC/B,IAAI,CAAC,mBAAmB,GAAG,EAAE,CAAC;QAC9B,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,oBAAoB,EAAE,CAAC;YAC9C,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC9B,IAAI,CAAC;oBACH,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;gBACpD,CAAC;gBAAC,MAAM,CAAC;oBACP,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;gBAClD,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,EAAE,CAAC;QACtB,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC5C,CAAC;YAAC,MAAM,CAAC;gBACP,qBAAqB;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,CAAC,KAAa;QACnB,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QACzB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO;gBACL,UAAU,EAAE,OAAO;gBACnB,QAAQ,EAAE,EAAE;gBACZ,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,aAAa,EAAE;aACpD,CAAC;QACJ,CAAC;QAED,gEAAgE;QAChE,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;QAChE,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QAEnD,MAAM,QAAQ,GAAsB,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,CACV,SAAuC,EACvC,KAAa,EACb,MAAc,EACd,QAAgB,EAChB,EAAE;YACF,QAAQ,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QACxD,CAAC,CAAC;QAEF,2BAA2B;QAC3B,gFAAgF;QAChF,MAAM,UAAU,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QAC/C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1E,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7E,MAAM,cAAc,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAC/E,MAAM,eAAe,GACnB,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;gBACxD,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YACtD,IAAI,CAAC,cAAc,IAAI,CAAC,aAAa,IAAI,CAAC,cAAc,IAAI,CAAC,eAAe,EAAE,CAAC;gBAC7E,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;oBAChD,OAAO;wBACL,UAAU,EAAE,OAAO;wBACnB,QAAQ,EAAE,EAAE;wBACZ,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,oBAAoB,EAAE;qBAC3D,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,IAAI,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACvD,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACpE,GAAG,CAAC,aAAa,EAAE,EAAE,EAAE,qBAAqB,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC;QAChF,CAAC;QAED,0DAA0D;QAC1D,IAAI,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9D,GAAG,CAAC,aAAa,EAAE,CAAC,EAAE,uDAAuD,EAAE,KAAK,CAAC,CAAC;QACxF,CAAC;QACD,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAClF,yCAAyC;YACzC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC/D,GAAG,CAAC,aAAa,EAAE,CAAC,EAAE,oDAAoD,EAAE,KAAK,CAAC,CAAC;YACrF,CAAC;QACH,CAAC;QAED,iCAAiC;QACjC,IAAI,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YAClC,8CAA8C;YAC9C,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,EAAE,CAAC;gBAChD,GAAG,CAAC,aAAa,EAAE,CAAC,EAAE,mCAAmC,EAAE,KAAK,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;QACD,IAAI,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YAClE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,EAAE,CAAC;gBAChD,GAAG,CAAC,aAAa,EAAE,CAAC,EAAE,yCAAyC,EAAE,KAAK,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,MAAM,gBAAgB,GAAG,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAClF,MAAM,eAAe,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5E,IAAI,gBAAgB,EAAE,CAAC;YACrB,GAAG,CAAC,cAAc,EAAE,CAAC,EAAE,uBAAuB,gBAAgB,EAAE,EAAE,KAAK,CAAC,CAAC;QAC3E,CAAC;aAAM,IAAI,eAAe,EAAE,CAAC;YAC3B,GAAG,CAAC,cAAc,EAAE,CAAC,EAAE,yCAAyC,EAAE,KAAK,CAAC,CAAC;QAC3E,CAAC;QAED,kCAAkC;QAClC,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3D,MAAM,UAAU,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1E,GAAG,CAAC,YAAY,EAAE,CAAC,EAAE,0BAA0B,UAAU,EAAE,WAAW,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC;QACrF,CAAC;QAED,wCAAwC;QACxC,IAAI,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5D,MAAM,aAAa,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,WAAW,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;YAC5F,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjD,GAAG,CACD,aAAa,EACb,CAAC,EACD,qEAAqE,EACrE,KAAK,CACN,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,mCAAmC;gBACnC,GAAG,CAAC,aAAa,EAAE,CAAC,EAAE,gDAAgD,EAAE,KAAK,CAAC,CAAC;YACjF,CAAC;QACH,CAAC;QAED,8BAA8B;QAC9B,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,cAAc,EAAE,CAAC,EAAE,qDAAqD,EAAE,KAAK,CAAC,CAAC;QACvF,CAAC;QAED,0DAA0D;QAC1D,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QACnC,IAAI,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;YAC7E,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,GAAG,CACD,cAAc,EACd,CAAC,EACD,8DAA8D,EAC9D,KAAK,CACN,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;IAC3C,CAAC;IAEO,eAAe,CAAC,KAAa;QACnC,4CAA4C;QAC5C,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,OAAO,GAAG,EAAE,CAAC;QACjB,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,IAAI,SAAS,GAAG,EAAE,CAAC;QAEnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACpB,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,IAAI,EAAE,CAAC;gBACd,IAAI,EAAE,KAAK,SAAS;oBAAE,OAAO,GAAG,KAAK,CAAC;YACxC,CAAC;iBAAM,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBACpC,OAAO,IAAI,EAAE,CAAC;gBACd,OAAO,GAAG,IAAI,CAAC;gBACf,SAAS,GAAG,EAAE,CAAC;YACjB,CAAC;iBAAM,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBACtB,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;gBAC/B,IAAI,OAAO;oBAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACjC,OAAO,GAAG,EAAE,CAAC;YACf,CAAC;iBAAM,CAAC;gBACN,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC/B,IAAI,OAAO;YAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACjC,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"text.d.ts","sourceRoot":"","sources":["../../src/analyzers/text.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,KAAK,EAAE,QAAQ,EAAmB,cAAc,EAAE,MAAM,WAAW,CAAC;AAE3E;;;;GAIG;AACH,qBAAa,YAAa,YAAW,QAAQ;IAC3C,QAAQ,CAAC,UAAU,EAAG,MAAM,CAAU;IAEtC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAW;IACxC,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAW;IACnD,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAW;IACjD,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAW;IACpD,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAW;IACpD,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAW;IACnD,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAW;IACvD,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAW;IACnD,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAAW;IACtD,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAW;IACnD,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAW;IAClD,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAW;gBAEtC,QAAQ,EAAE,mBAAmB;
|
|
1
|
+
{"version":3,"file":"text.d.ts","sourceRoot":"","sources":["../../src/analyzers/text.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,KAAK,EAAE,QAAQ,EAAmB,cAAc,EAAE,MAAM,WAAW,CAAC;AAE3E;;;;GAIG;AACH,qBAAa,YAAa,YAAW,QAAQ;IAC3C,QAAQ,CAAC,UAAU,EAAG,MAAM,CAAU;IAEtC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAW;IACxC,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAW;IACnD,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAW;IACjD,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAW;IACpD,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAW;IACpD,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAW;IACnD,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAW;IACvD,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAW;IACnD,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAAW;IACtD,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAW;IACnD,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAW;IAClD,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAW;gBAEtC,QAAQ,EAAE,mBAAmB;IAiCzC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,cAAc;IAgJtC;;;OAGG;IACH,OAAO,CAAC,uBAAuB;CAmBhC"}
|
package/dist/analyzers/text.js
CHANGED
|
@@ -49,7 +49,11 @@ export class TextAnalyzer {
|
|
|
49
49
|
analyze(value) {
|
|
50
50
|
const text = value.trim();
|
|
51
51
|
if (!text) {
|
|
52
|
-
return {
|
|
52
|
+
return {
|
|
53
|
+
actionType: 'text',
|
|
54
|
+
findings: [],
|
|
55
|
+
shortCircuit: { safe: true, reason: 'Empty text' },
|
|
56
|
+
};
|
|
53
57
|
}
|
|
54
58
|
const lower = text.toLowerCase();
|
|
55
59
|
const findings = [];
|
|
@@ -58,7 +62,11 @@ export class TextAnalyzer {
|
|
|
58
62
|
};
|
|
59
63
|
// ── Short-circuit safe: educational content about prompt injection ──
|
|
60
64
|
if (this.safePatterns.some((p) => lower.includes(p))) {
|
|
61
|
-
return {
|
|
65
|
+
return {
|
|
66
|
+
actionType: 'text',
|
|
67
|
+
findings: [],
|
|
68
|
+
shortCircuit: { safe: true, reason: 'Educational content about prompt injection' },
|
|
69
|
+
};
|
|
62
70
|
}
|
|
63
71
|
// ── 1. Direct injection (P01) ──────────────────────────────────────
|
|
64
72
|
if (this.directInjectionPatterns.some((p) => lower.includes(p))) {
|
|
@@ -132,7 +140,16 @@ export class TextAnalyzer {
|
|
|
132
140
|
return false;
|
|
133
141
|
// Check for common instruction words near non-Latin text
|
|
134
142
|
const lower = text.toLowerCase();
|
|
135
|
-
const instructionKeywords = [
|
|
143
|
+
const instructionKeywords = [
|
|
144
|
+
'ignore',
|
|
145
|
+
'execute',
|
|
146
|
+
'run',
|
|
147
|
+
'delete',
|
|
148
|
+
'send',
|
|
149
|
+
'override',
|
|
150
|
+
'system',
|
|
151
|
+
'admin',
|
|
152
|
+
];
|
|
136
153
|
return instructionKeywords.some((kw) => lower.includes(kw));
|
|
137
154
|
}
|
|
138
155
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"text.js","sourceRoot":"","sources":["../../src/analyzers/text.ts"],"names":[],"mappings":"AAGA;;;;GAIG;AACH,MAAM,OAAO,YAAY;IACd,UAAU,GAAG,MAAe,CAAC;IAErB,YAAY,CAAW;IACvB,uBAAuB,CAAW;IAClC,qBAAqB,CAAW;IAChC,wBAAwB,CAAW;IACnC,wBAAwB,CAAW;IACnC,uBAAuB,CAAW;IAClC,2BAA2B,CAAW;IACtC,uBAAuB,CAAW;IAClC,0BAA0B,CAAW;IACrC,uBAAuB,CAAW;IAClC,sBAAsB,CAAW;IACjC,sBAAsB,CAAW;IAElD,YAAY,QAA6B;QACvC,sDAAsD;QACtD,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QACtE,IAAI,CAAC,uBAAuB,GAAG,QAAQ,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAC5F,IAAI,CAAC,qBAAqB,GAAG,QAAQ,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QACxF,IAAI,CAAC,wBAAwB,GAAG,QAAQ,CAAC,wBAAwB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAC9F,IAAI,CAAC,2BAA2B,GAAG,QAAQ,CAAC,2BAA2B,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,
|
|
1
|
+
{"version":3,"file":"text.js","sourceRoot":"","sources":["../../src/analyzers/text.ts"],"names":[],"mappings":"AAGA;;;;GAIG;AACH,MAAM,OAAO,YAAY;IACd,UAAU,GAAG,MAAe,CAAC;IAErB,YAAY,CAAW;IACvB,uBAAuB,CAAW;IAClC,qBAAqB,CAAW;IAChC,wBAAwB,CAAW;IACnC,wBAAwB,CAAW;IACnC,uBAAuB,CAAW;IAClC,2BAA2B,CAAW;IACtC,uBAAuB,CAAW;IAClC,0BAA0B,CAAW;IACrC,uBAAuB,CAAW;IAClC,sBAAsB,CAAW;IACjC,sBAAsB,CAAW;IAElD,YAAY,QAA6B;QACvC,sDAAsD;QACtD,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QACtE,IAAI,CAAC,uBAAuB,GAAG,QAAQ,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAC5F,IAAI,CAAC,qBAAqB,GAAG,QAAQ,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QACxF,IAAI,CAAC,wBAAwB,GAAG,QAAQ,CAAC,wBAAwB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAC9F,IAAI,CAAC,2BAA2B,GAAG,QAAQ,CAAC,2BAA2B,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAChF,CAAC,CAAC,WAAW,EAAE,CAChB,CAAC;QACF,IAAI,CAAC,uBAAuB,GAAG,QAAQ,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAC5F,IAAI,CAAC,0BAA0B,GAAG,QAAQ,CAAC,0BAA0B,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAC9E,CAAC,CAAC,WAAW,EAAE,CAChB,CAAC;QACF,IAAI,CAAC,uBAAuB,GAAG,QAAQ,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAC5F,IAAI,CAAC,sBAAsB,GAAG,QAAQ,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAC1F,IAAI,CAAC,sBAAsB,GAAG,QAAQ,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAE1F,2EAA2E;QAC3E,IAAI,CAAC,wBAAwB,GAAG,EAAE,CAAC;QACnC,IAAI,CAAC,uBAAuB,GAAG,EAAE,CAAC;QAClC,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,wBAAwB,EAAE,CAAC;YAClD,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzC,IAAI,CAAC;oBACH,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;gBACxD,CAAC;gBAAC,MAAM,CAAC;oBACP,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;YACtD,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,CAAC,KAAa;QACnB,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAC1B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO;gBACL,UAAU,EAAE,MAAM;gBAClB,QAAQ,EAAE,EAAE;gBACZ,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE;aACnD,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACjC,MAAM,QAAQ,GAAsB,EAAE,CAAC;QAEvC,MAAM,GAAG,GAAG,CACV,SAAuC,EACvC,KAAa,EACb,MAAc,EACd,QAAiB,EACjB,EAAE;YACF,QAAQ,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QACxD,CAAC,CAAC;QAEF,uEAAuE;QACvE,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACrD,OAAO;gBACL,UAAU,EAAE,MAAM;gBAClB,QAAQ,EAAE,EAAE;gBACZ,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,4CAA4C,EAAE;aACnF,CAAC;QACJ,CAAC;QAED,sEAAsE;QACtE,IAAI,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAChE,GAAG,CACD,cAAc,EACd,CAAC,EACD,oEAAoE,EACpE,KAAK,CACN,CAAC;QACJ,CAAC;QAED,sEAAsE;QACtE,IAAI,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9D,GAAG,CAAC,cAAc,EAAE,CAAC,EAAE,qDAAqD,EAAE,KAAK,CAAC,CAAC;QACvF,CAAC;QAED,sEAAsE;QACtE,MAAM,kBAAkB,GAAG,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QACxF,MAAM,iBAAiB,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACjF,IAAI,kBAAkB,IAAI,iBAAiB,EAAE,CAAC;YAC5C,GAAG,CACD,aAAa,EACb,CAAC,EACD,qEAAqE,EACrE,KAAK,CACN,CAAC;QACJ,CAAC;QAED,qEAAqE;QACrE,IAAI,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACjE,GAAG,CAAC,cAAc,EAAE,CAAC,EAAE,yDAAyD,EAAE,KAAK,CAAC,CAAC;QAC3F,CAAC;QAED,oEAAoE;QACpE,IAAI,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACpE,mDAAmD;YACnD,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,EAAE,CAAC;gBAChD,GAAG,CAAC,cAAc,EAAE,CAAC,EAAE,2DAA2D,EAAE,KAAK,CAAC,CAAC;YAC7F,CAAC;QACH,CAAC;QAED,qEAAqE;QACrE,IAAI,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAChE,GAAG,CACD,cAAc,EACd,CAAC,EACD,gEAAgE,EAChE,KAAK,CACN,CAAC;QACJ,CAAC;QAED,qEAAqE;QACrE,MAAM,SAAS,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9E,MAAM,YAAY,GAAG,4BAA4B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7D,IAAI,SAAS,IAAI,YAAY,EAAE,CAAC;YAC9B,GAAG,CACD,cAAc,EACd,CAAC,EACD,sEAAsE,EACtE,KAAK,CACN,CAAC;QACJ,CAAC;QAED,qEAAqE;QACrE,IAAI,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/D,GAAG,CACD,cAAc,EACd,CAAC,EACD,0EAA0E,EAC1E,KAAK,CACN,CAAC;QACJ,CAAC;QAED,qEAAqE;QACrE,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;YACvB,+DAA+D;YAC/D,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,0BAA0B,EAAE,CAAC;gBACxD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC;gBACjF,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gBACnC,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;oBACnC,GAAG,CACD,cAAc,EACd,CAAC,EACD,gEAAgE,EAChE,KAAK,CACN,CAAC;oBACF,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAED,qEAAqE;QACrE,IAAI,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/D,GAAG,CACD,aAAa,EACb,CAAC,EACD,iEAAiE,EACjE,KAAK,CACN,CAAC;QACJ,CAAC;QAED,qEAAqE;QACrE,IAAI,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,EAAE,CAAC;YACvC,GAAG,CACD,cAAc,EACd,CAAC,EACD,+DAA+D,EAC/D,KAAK,CACN,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;IAC1C,CAAC;IAED;;;OAGG;IACK,uBAAuB,CAAC,IAAY;QAC1C,gDAAgD;QAChD,MAAM,WAAW,GAAG,wDAAwD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxF,IAAI,CAAC,WAAW;YAAE,OAAO,KAAK,CAAC;QAE/B,yDAAyD;QACzD,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACjC,MAAM,mBAAmB,GAAG;YAC1B,QAAQ;YACR,SAAS;YACT,KAAK;YACL,QAAQ;YACR,MAAM;YACN,UAAU;YACV,QAAQ;YACR,OAAO;SACR,CAAC;QACF,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9D,CAAC;CACF"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import type { TransactionPatternDatabase } from '@surfinguard/types';
|
|
2
|
+
import type { Analyzer, AnalyzerResult } from './base.js';
|
|
3
|
+
/**
|
|
4
|
+
* Transaction Analyzer — detects dangerous financial transaction patterns.
|
|
5
|
+
*
|
|
6
|
+
* Detects 6 threat patterns (T01-T06) mapped to 3 risk primitives.
|
|
7
|
+
* Input: value = transaction description/API call, metadata = { amount?, currency?, recipient?, type? }
|
|
8
|
+
*/
|
|
9
|
+
export declare class TransactionAnalyzer implements Analyzer {
|
|
10
|
+
readonly actionType: "transaction";
|
|
11
|
+
private readonly paymentEndpoints;
|
|
12
|
+
private readonly transferPatterns;
|
|
13
|
+
private readonly cryptoPatterns;
|
|
14
|
+
private readonly tradingPatterns;
|
|
15
|
+
private readonly subscriptionPatterns;
|
|
16
|
+
private readonly pricingPatterns;
|
|
17
|
+
private readonly safePatterns;
|
|
18
|
+
private readonly highRiskAmountThreshold;
|
|
19
|
+
constructor(patterns: TransactionPatternDatabase);
|
|
20
|
+
analyze(value: string, metadata?: Record<string, unknown>): AnalyzerResult;
|
|
21
|
+
private hasActivePattern;
|
|
22
|
+
}
|
|
23
|
+
//# sourceMappingURL=transaction.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"transaction.d.ts","sourceRoot":"","sources":["../../src/analyzers/transaction.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,KAAK,EAAE,QAAQ,EAAmB,cAAc,EAAE,MAAM,WAAW,CAAC;AAE3E;;;;;GAKG;AACH,qBAAa,mBAAoB,YAAW,QAAQ;IAClD,QAAQ,CAAC,UAAU,EAAG,aAAa,CAAU;IAE7C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAW;IAC5C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAW;IAC5C,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAW;IAC1C,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAW;IAC3C,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAW;IAChD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAW;IAC3C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAW;IACxC,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAS;gBAErC,QAAQ,EAAE,0BAA0B;IAWhD,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,cAAc;IA8F1E,OAAO,CAAC,gBAAgB;CAWzB"}
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Transaction Analyzer — detects dangerous financial transaction patterns.
|
|
3
|
+
*
|
|
4
|
+
* Detects 6 threat patterns (T01-T06) mapped to 3 risk primitives.
|
|
5
|
+
* Input: value = transaction description/API call, metadata = { amount?, currency?, recipient?, type? }
|
|
6
|
+
*/
|
|
7
|
+
export class TransactionAnalyzer {
|
|
8
|
+
actionType = 'transaction';
|
|
9
|
+
paymentEndpoints;
|
|
10
|
+
transferPatterns;
|
|
11
|
+
cryptoPatterns;
|
|
12
|
+
tradingPatterns;
|
|
13
|
+
subscriptionPatterns;
|
|
14
|
+
pricingPatterns;
|
|
15
|
+
safePatterns;
|
|
16
|
+
highRiskAmountThreshold;
|
|
17
|
+
constructor(patterns) {
|
|
18
|
+
this.paymentEndpoints = patterns.paymentEndpoints.map((p) => new RegExp(p, 'i'));
|
|
19
|
+
this.transferPatterns = patterns.transferPatterns.map((p) => new RegExp(p, 'i'));
|
|
20
|
+
this.cryptoPatterns = patterns.cryptoPatterns.map((p) => new RegExp(p, 'i'));
|
|
21
|
+
this.tradingPatterns = patterns.tradingPatterns.map((p) => new RegExp(p, 'i'));
|
|
22
|
+
this.subscriptionPatterns = patterns.subscriptionPatterns.map((p) => new RegExp(p, 'i'));
|
|
23
|
+
this.pricingPatterns = patterns.pricingPatterns.map((p) => new RegExp(p, 'i'));
|
|
24
|
+
this.safePatterns = patterns.safePatterns.map((p) => new RegExp(p, 'i'));
|
|
25
|
+
this.highRiskAmountThreshold = patterns.highRiskAmountThreshold;
|
|
26
|
+
}
|
|
27
|
+
analyze(value, metadata) {
|
|
28
|
+
const description = value.trim();
|
|
29
|
+
if (!description) {
|
|
30
|
+
return {
|
|
31
|
+
actionType: 'transaction',
|
|
32
|
+
findings: [],
|
|
33
|
+
shortCircuit: { safe: true, reason: 'Empty description' },
|
|
34
|
+
};
|
|
35
|
+
}
|
|
36
|
+
const amount = metadata?.amount ?? undefined;
|
|
37
|
+
const txType = (metadata?.type ?? '').toLowerCase();
|
|
38
|
+
const lower = description.toLowerCase();
|
|
39
|
+
// Safe short-circuit: read-only patterns
|
|
40
|
+
if (this.safePatterns.some((p) => p.test(lower)) && !this.hasActivePattern(lower)) {
|
|
41
|
+
return {
|
|
42
|
+
actionType: 'transaction',
|
|
43
|
+
findings: [],
|
|
44
|
+
shortCircuit: { safe: true, reason: 'Safe read-only transaction pattern' },
|
|
45
|
+
};
|
|
46
|
+
}
|
|
47
|
+
const findings = [];
|
|
48
|
+
const add = (primitive, score, reason, threatId) => {
|
|
49
|
+
findings.push({ primitive, score, reason, threatId });
|
|
50
|
+
};
|
|
51
|
+
// ── T01: Unauthorized purchase ──
|
|
52
|
+
if (this.paymentEndpoints.some((p) => p.test(lower)) || txType === 'purchase') {
|
|
53
|
+
add('DESTRUCTION', 8, 'Unauthorized purchase — agent creating a charge or payment', 'T01');
|
|
54
|
+
}
|
|
55
|
+
// ── T02: Money transfer ──
|
|
56
|
+
const hasTransfer = this.transferPatterns.some((p) => p.test(lower));
|
|
57
|
+
const hasCryptoTransfer = this.cryptoPatterns.some((p) => p.test(lower));
|
|
58
|
+
if ((hasTransfer || hasCryptoTransfer) && !this.tradingPatterns.some((p) => p.test(lower))) {
|
|
59
|
+
add('EXFILTRATION', 9, 'Money transfer — agent transferring funds or cryptocurrency', 'T02');
|
|
60
|
+
}
|
|
61
|
+
// ── T03: Invoice approval ──
|
|
62
|
+
if (/approve.*invoice|confirm.*payment|authorize.*payment/i.test(lower)) {
|
|
63
|
+
add('MANIPULATION', 7, 'Invoice approval — agent approving invoices or confirming payments', 'T03');
|
|
64
|
+
}
|
|
65
|
+
// ── T04: Service subscription ──
|
|
66
|
+
if (this.subscriptionPatterns.some((p) => p.test(lower)) || txType === 'subscription') {
|
|
67
|
+
add('DESTRUCTION', 6, 'Service subscription — agent creating recurring subscription', 'T04');
|
|
68
|
+
}
|
|
69
|
+
// ── T05: Stock/crypto trading ──
|
|
70
|
+
const hasTrading = this.tradingPatterns.some((p) => p.test(lower));
|
|
71
|
+
const hasCryptoTrading = hasCryptoTransfer && /swap|trade|buy|sell/i.test(lower);
|
|
72
|
+
if (hasTrading || hasCryptoTrading || txType === 'trade') {
|
|
73
|
+
add('DESTRUCTION', 9, 'Stock/crypto trading — agent executing trades', 'T05');
|
|
74
|
+
}
|
|
75
|
+
// ── T06: Pricing/billing modification ──
|
|
76
|
+
if (this.pricingPatterns.some((p) => p.test(lower))) {
|
|
77
|
+
add('DESTRUCTION', 8, 'Pricing/billing modification — agent changing pricing or billing', 'T06');
|
|
78
|
+
}
|
|
79
|
+
// ── Amount boost ──
|
|
80
|
+
if (amount !== undefined && findings.length > 0) {
|
|
81
|
+
if (amount > 1000) {
|
|
82
|
+
add('DESTRUCTION', 3, `High amount: ${amount} — significantly above threshold`, 'T01');
|
|
83
|
+
}
|
|
84
|
+
else if (amount > this.highRiskAmountThreshold) {
|
|
85
|
+
add('DESTRUCTION', 2, `Amount ${amount} exceeds risk threshold of ${this.highRiskAmountThreshold}`, 'T01');
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
return { actionType: 'transaction', findings };
|
|
89
|
+
}
|
|
90
|
+
hasActivePattern(text) {
|
|
91
|
+
return (this.paymentEndpoints.some((p) => p.test(text)) ||
|
|
92
|
+
this.transferPatterns.some((p) => p.test(text)) ||
|
|
93
|
+
this.cryptoPatterns.some((p) => p.test(text)) ||
|
|
94
|
+
this.tradingPatterns.some((p) => p.test(text)) ||
|
|
95
|
+
this.subscriptionPatterns.some((p) => p.test(text)) ||
|
|
96
|
+
this.pricingPatterns.some((p) => p.test(text)) ||
|
|
97
|
+
/approve.*invoice|confirm.*payment|authorize.*payment/i.test(text));
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
//# sourceMappingURL=transaction.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"transaction.js","sourceRoot":"","sources":["../../src/analyzers/transaction.ts"],"names":[],"mappings":"AAGA;;;;;GAKG;AACH,MAAM,OAAO,mBAAmB;IACrB,UAAU,GAAG,aAAsB,CAAC;IAE5B,gBAAgB,CAAW;IAC3B,gBAAgB,CAAW;IAC3B,cAAc,CAAW;IACzB,eAAe,CAAW;IAC1B,oBAAoB,CAAW;IAC/B,eAAe,CAAW;IAC1B,YAAY,CAAW;IACvB,uBAAuB,CAAS;IAEjD,YAAY,QAAoC;QAC9C,IAAI,CAAC,gBAAgB,GAAG,QAAQ,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACjF,IAAI,CAAC,gBAAgB,GAAG,QAAQ,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACjF,IAAI,CAAC,cAAc,GAAG,QAAQ,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC7E,IAAI,CAAC,eAAe,GAAG,QAAQ,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC/E,IAAI,CAAC,oBAAoB,GAAG,QAAQ,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACzF,IAAI,CAAC,eAAe,GAAG,QAAQ,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC/E,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACzE,IAAI,CAAC,uBAAuB,GAAG,QAAQ,CAAC,uBAAuB,CAAC;IAClE,CAAC;IAED,OAAO,CAAC,KAAa,EAAE,QAAkC;QACvD,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QACjC,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO;gBACL,UAAU,EAAE,aAAa;gBACzB,QAAQ,EAAE,EAAE;gBACZ,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,mBAAmB,EAAE;aAC1D,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAI,QAAQ,EAAE,MAAiB,IAAI,SAAS,CAAC;QACzD,MAAM,MAAM,GAAG,CAAE,QAAQ,EAAE,IAAe,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAChE,MAAM,KAAK,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;QAExC,yCAAyC;QACzC,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,EAAE,CAAC;YAClF,OAAO;gBACL,UAAU,EAAE,aAAa;gBACzB,QAAQ,EAAE,EAAE;gBACZ,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,oCAAoC,EAAE;aAC3E,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAsB,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,CACV,SAAuC,EACvC,KAAa,EACb,MAAc,EACd,QAAgB,EAChB,EAAE;YACF,QAAQ,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QACxD,CAAC,CAAC;QAEF,mCAAmC;QACnC,IAAI,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;YAC9E,GAAG,CAAC,aAAa,EAAE,CAAC,EAAE,4DAA4D,EAAE,KAAK,CAAC,CAAC;QAC7F,CAAC;QAED,4BAA4B;QAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QACrE,MAAM,iBAAiB,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QACzE,IAAI,CAAC,WAAW,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC3F,GAAG,CAAC,cAAc,EAAE,CAAC,EAAE,6DAA6D,EAAE,KAAK,CAAC,CAAC;QAC/F,CAAC;QAED,8BAA8B;QAC9B,IAAI,uDAAuD,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACxE,GAAG,CACD,cAAc,EACd,CAAC,EACD,oEAAoE,EACpE,KAAK,CACN,CAAC;QACJ,CAAC;QAED,kCAAkC;QAClC,IAAI,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,MAAM,KAAK,cAAc,EAAE,CAAC;YACtF,GAAG,CAAC,aAAa,EAAE,CAAC,EAAE,8DAA8D,EAAE,KAAK,CAAC,CAAC;QAC/F,CAAC;QAED,kCAAkC;QAClC,MAAM,UAAU,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QACnE,MAAM,gBAAgB,GAAG,iBAAiB,IAAI,sBAAsB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjF,IAAI,UAAU,IAAI,gBAAgB,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;YACzD,GAAG,CAAC,aAAa,EAAE,CAAC,EAAE,+CAA+C,EAAE,KAAK,CAAC,CAAC;QAChF,CAAC;QAED,0CAA0C;QAC1C,IAAI,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACpD,GAAG,CACD,aAAa,EACb,CAAC,EACD,kEAAkE,EAClE,KAAK,CACN,CAAC;QACJ,CAAC;QAED,qBAAqB;QACrB,IAAI,MAAM,KAAK,SAAS,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChD,IAAI,MAAM,GAAG,IAAI,EAAE,CAAC;gBAClB,GAAG,CAAC,aAAa,EAAE,CAAC,EAAE,gBAAgB,MAAM,kCAAkC,EAAE,KAAK,CAAC,CAAC;YACzF,CAAC;iBAAM,IAAI,MAAM,GAAG,IAAI,CAAC,uBAAuB,EAAE,CAAC;gBACjD,GAAG,CACD,aAAa,EACb,CAAC,EACD,UAAU,MAAM,8BAA8B,IAAI,CAAC,uBAAuB,EAAE,EAC5E,KAAK,CACN,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,QAAQ,EAAE,CAAC;IACjD,CAAC;IAEO,gBAAgB,CAAC,IAAY;QACnC,OAAO,CACL,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/C,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/C,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7C,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9C,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnD,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9C,uDAAuD,CAAC,IAAI,CAAC,IAAI,CAAC,CACnE,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import type { UiActionPatternDatabase } from '@surfinguard/types';
|
|
2
|
+
import type { Analyzer, AnalyzerResult } from './base.js';
|
|
3
|
+
/**
|
|
4
|
+
* UI Action Analyzer — detects dangerous browser/UI interactions.
|
|
5
|
+
*
|
|
6
|
+
* Detects 6 threat patterns (UI01-UI06) mapped to 3 risk primitives.
|
|
7
|
+
* Input: value = UI action description, metadata = { element?, url?, application? }
|
|
8
|
+
*/
|
|
9
|
+
export declare class UiActionAnalyzer implements Analyzer {
|
|
10
|
+
readonly actionType: "ui_action";
|
|
11
|
+
private readonly destructiveButtonPatterns;
|
|
12
|
+
private readonly formCorruptionPatterns;
|
|
13
|
+
private readonly dialogAcceptancePatterns;
|
|
14
|
+
private readonly paymentFormPatterns;
|
|
15
|
+
private readonly maliciousDownloadPatterns;
|
|
16
|
+
private readonly screenCapturePatterns;
|
|
17
|
+
private readonly sensitiveElements;
|
|
18
|
+
private readonly safePatterns;
|
|
19
|
+
constructor(patterns: UiActionPatternDatabase);
|
|
20
|
+
analyze(value: string, metadata?: Record<string, unknown>): AnalyzerResult;
|
|
21
|
+
private hasDangerousPattern;
|
|
22
|
+
}
|
|
23
|
+
//# sourceMappingURL=ui-action.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ui-action.d.ts","sourceRoot":"","sources":["../../src/analyzers/ui-action.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,KAAK,EAAE,QAAQ,EAAmB,cAAc,EAAE,MAAM,WAAW,CAAC;AAE3E;;;;;GAKG;AACH,qBAAa,gBAAiB,YAAW,QAAQ;IAC/C,QAAQ,CAAC,UAAU,EAAG,WAAW,CAAU;IAE3C,OAAO,CAAC,QAAQ,CAAC,yBAAyB,CAAW;IACrD,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAW;IAClD,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAW;IACpD,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAW;IAC/C,OAAO,CAAC,QAAQ,CAAC,yBAAyB,CAAW;IACrD,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAW;IACjD,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAW;IAC7C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAW;gBAE5B,QAAQ,EAAE,uBAAuB;IAiB7C,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,cAAc;IAkG1E,OAAO,CAAC,mBAAmB;CAU5B"}
|
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* UI Action Analyzer — detects dangerous browser/UI interactions.
|
|
3
|
+
*
|
|
4
|
+
* Detects 6 threat patterns (UI01-UI06) mapped to 3 risk primitives.
|
|
5
|
+
* Input: value = UI action description, metadata = { element?, url?, application? }
|
|
6
|
+
*/
|
|
7
|
+
export class UiActionAnalyzer {
|
|
8
|
+
actionType = 'ui_action';
|
|
9
|
+
destructiveButtonPatterns;
|
|
10
|
+
formCorruptionPatterns;
|
|
11
|
+
dialogAcceptancePatterns;
|
|
12
|
+
paymentFormPatterns;
|
|
13
|
+
maliciousDownloadPatterns;
|
|
14
|
+
screenCapturePatterns;
|
|
15
|
+
sensitiveElements;
|
|
16
|
+
safePatterns;
|
|
17
|
+
constructor(patterns) {
|
|
18
|
+
this.destructiveButtonPatterns = patterns.destructiveButtonPatterns.map((p) => new RegExp(p, 'i'));
|
|
19
|
+
this.formCorruptionPatterns = patterns.formCorruptionPatterns.map((p) => new RegExp(p, 'i'));
|
|
20
|
+
this.dialogAcceptancePatterns = patterns.dialogAcceptancePatterns.map((p) => new RegExp(p, 'i'));
|
|
21
|
+
this.paymentFormPatterns = patterns.paymentFormPatterns.map((p) => new RegExp(p, 'i'));
|
|
22
|
+
this.maliciousDownloadPatterns = patterns.maliciousDownloadPatterns.map((p) => new RegExp(p, 'i'));
|
|
23
|
+
this.screenCapturePatterns = patterns.screenCapturePatterns.map((p) => new RegExp(p, 'i'));
|
|
24
|
+
this.sensitiveElements = patterns.sensitiveElements.map((p) => new RegExp(p, 'i'));
|
|
25
|
+
this.safePatterns = patterns.safePatterns.map((p) => new RegExp(p, 'i'));
|
|
26
|
+
}
|
|
27
|
+
analyze(value, metadata) {
|
|
28
|
+
const action = value.trim();
|
|
29
|
+
if (!action) {
|
|
30
|
+
return {
|
|
31
|
+
actionType: 'ui_action',
|
|
32
|
+
findings: [],
|
|
33
|
+
shortCircuit: { safe: true, reason: 'Empty action' },
|
|
34
|
+
};
|
|
35
|
+
}
|
|
36
|
+
const lower = action.toLowerCase();
|
|
37
|
+
const element = (metadata?.element ?? '').toLowerCase();
|
|
38
|
+
const combined = `${lower} ${element}`;
|
|
39
|
+
// Safe short-circuit
|
|
40
|
+
if (this.safePatterns.some((p) => p.test(lower)) && !this.hasDangerousPattern(lower)) {
|
|
41
|
+
return {
|
|
42
|
+
actionType: 'ui_action',
|
|
43
|
+
findings: [],
|
|
44
|
+
shortCircuit: { safe: true, reason: 'Safe UI action' },
|
|
45
|
+
};
|
|
46
|
+
}
|
|
47
|
+
const findings = [];
|
|
48
|
+
const add = (primitive, score, reason, threatId) => {
|
|
49
|
+
findings.push({ primitive, score, reason, threatId });
|
|
50
|
+
};
|
|
51
|
+
const hasSensitive = this.sensitiveElements.some((p) => p.test(combined));
|
|
52
|
+
// ── UI01: Destructive button click ──
|
|
53
|
+
if (this.destructiveButtonPatterns.some((p) => p.test(combined))) {
|
|
54
|
+
const score = hasSensitive ? 10 : 8;
|
|
55
|
+
add('DESTRUCTION', score, 'Destructive button click — agent clicking delete/wipe/destroy controls', 'UI01');
|
|
56
|
+
}
|
|
57
|
+
// ── UI02: Form data corruption ──
|
|
58
|
+
if (this.formCorruptionPatterns.some((p) => p.test(combined))) {
|
|
59
|
+
const score = hasSensitive ? 9 : 7;
|
|
60
|
+
add('MANIPULATION', score, 'Form data corruption — agent manipulating form inputs', 'UI02');
|
|
61
|
+
}
|
|
62
|
+
// ── UI03: Dialog auto-acceptance ──
|
|
63
|
+
if (this.dialogAcceptancePatterns.some((p) => p.test(combined))) {
|
|
64
|
+
const score = hasSensitive ? 10 : 8;
|
|
65
|
+
add('DESTRUCTION', score, 'Dialog auto-acceptance — agent auto-confirming destructive dialogs', 'UI03');
|
|
66
|
+
}
|
|
67
|
+
// ── UI04: Payment form submission ──
|
|
68
|
+
if (this.paymentFormPatterns.some((p) => p.test(combined))) {
|
|
69
|
+
const score = hasSensitive ? 10 : 8;
|
|
70
|
+
add('DESTRUCTION', score, 'Payment form submission — agent interacting with payment/checkout forms', 'UI04');
|
|
71
|
+
}
|
|
72
|
+
// ── UI05: Malicious file download+open ──
|
|
73
|
+
if (this.maliciousDownloadPatterns.some((p) => p.test(combined))) {
|
|
74
|
+
add('DESTRUCTION', 8, 'Malicious file download — agent downloading and executing files', 'UI05');
|
|
75
|
+
}
|
|
76
|
+
// ── UI06: Screen/clipboard capture ──
|
|
77
|
+
if (this.screenCapturePatterns.some((p) => p.test(combined))) {
|
|
78
|
+
const score = hasSensitive ? 10 : 8;
|
|
79
|
+
add('EXFILTRATION', score, 'Screen/clipboard capture — agent capturing sensitive screen data', 'UI06');
|
|
80
|
+
}
|
|
81
|
+
return { actionType: 'ui_action', findings };
|
|
82
|
+
}
|
|
83
|
+
hasDangerousPattern(text) {
|
|
84
|
+
return (this.destructiveButtonPatterns.some((p) => p.test(text)) ||
|
|
85
|
+
this.formCorruptionPatterns.some((p) => p.test(text)) ||
|
|
86
|
+
this.dialogAcceptancePatterns.some((p) => p.test(text)) ||
|
|
87
|
+
this.paymentFormPatterns.some((p) => p.test(text)) ||
|
|
88
|
+
this.maliciousDownloadPatterns.some((p) => p.test(text)) ||
|
|
89
|
+
this.screenCapturePatterns.some((p) => p.test(text)));
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
//# sourceMappingURL=ui-action.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ui-action.js","sourceRoot":"","sources":["../../src/analyzers/ui-action.ts"],"names":[],"mappings":"AAGA;;;;;GAKG;AACH,MAAM,OAAO,gBAAgB;IAClB,UAAU,GAAG,WAAoB,CAAC;IAE1B,yBAAyB,CAAW;IACpC,sBAAsB,CAAW;IACjC,wBAAwB,CAAW;IACnC,mBAAmB,CAAW;IAC9B,yBAAyB,CAAW;IACpC,qBAAqB,CAAW;IAChC,iBAAiB,CAAW;IAC5B,YAAY,CAAW;IAExC,YAAY,QAAiC;QAC3C,IAAI,CAAC,yBAAyB,GAAG,QAAQ,CAAC,yBAAyB,CAAC,GAAG,CACrE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAC1B,CAAC;QACF,IAAI,CAAC,sBAAsB,GAAG,QAAQ,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC7F,IAAI,CAAC,wBAAwB,GAAG,QAAQ,CAAC,wBAAwB,CAAC,GAAG,CACnE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAC1B,CAAC;QACF,IAAI,CAAC,mBAAmB,GAAG,QAAQ,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACvF,IAAI,CAAC,yBAAyB,GAAG,QAAQ,CAAC,yBAAyB,CAAC,GAAG,CACrE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAC1B,CAAC;QACF,IAAI,CAAC,qBAAqB,GAAG,QAAQ,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3F,IAAI,CAAC,iBAAiB,GAAG,QAAQ,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACnF,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IAC3E,CAAC;IAED,OAAO,CAAC,KAAa,EAAE,QAAkC;QACvD,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO;gBACL,UAAU,EAAE,WAAW;gBACvB,QAAQ,EAAE,EAAE;gBACZ,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE;aACrD,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,CAAE,QAAQ,EAAE,OAAkB,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QACpE,MAAM,QAAQ,GAAG,GAAG,KAAK,IAAI,OAAO,EAAE,CAAC;QAEvC,qBAAqB;QACrB,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,EAAE,CAAC;YACrF,OAAO;gBACL,UAAU,EAAE,WAAW;gBACvB,QAAQ,EAAE,EAAE;gBACZ,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,gBAAgB,EAAE;aACvD,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAsB,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,CACV,SAAuC,EACvC,KAAa,EACb,MAAc,EACd,QAAgB,EAChB,EAAE;YACF,QAAQ,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QACxD,CAAC,CAAC;QAEF,MAAM,YAAY,GAAG,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE1E,uCAAuC;QACvC,IAAI,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YACjE,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YACpC,GAAG,CACD,aAAa,EACb,KAAK,EACL,wEAAwE,EACxE,MAAM,CACP,CAAC;QACJ,CAAC;QAED,mCAAmC;QACnC,IAAI,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YAC9D,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACnC,GAAG,CAAC,cAAc,EAAE,KAAK,EAAE,uDAAuD,EAAE,MAAM,CAAC,CAAC;QAC9F,CAAC;QAED,qCAAqC;QACrC,IAAI,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YAChE,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YACpC,GAAG,CACD,aAAa,EACb,KAAK,EACL,oEAAoE,EACpE,MAAM,CACP,CAAC;QACJ,CAAC;QAED,sCAAsC;QACtC,IAAI,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YAC3D,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YACpC,GAAG,CACD,aAAa,EACb,KAAK,EACL,yEAAyE,EACzE,MAAM,CACP,CAAC;QACJ,CAAC;QAED,2CAA2C;QAC3C,IAAI,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YACjE,GAAG,CACD,aAAa,EACb,CAAC,EACD,iEAAiE,EACjE,MAAM,CACP,CAAC;QACJ,CAAC;QAED,uCAAuC;QACvC,IAAI,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YAC7D,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YACpC,GAAG,CACD,cAAc,EACd,KAAK,EACL,kEAAkE,EAClE,MAAM,CACP,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC;IAC/C,CAAC;IAEO,mBAAmB,CAAC,IAAY;QACtC,OAAO,CACL,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxD,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrD,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvD,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClD,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxD,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CACrD,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"url.d.ts","sourceRoot":"","sources":["../../src/analyzers/url.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,oBAAoB,EAAc,MAAM,oBAAoB,CAAC;AAC/F,OAAO,KAAK,EAAE,QAAQ,EAAmB,cAAc,EAAE,MAAM,WAAW,CAAC;AAK3E;;;;;GAKG;AACH,qBAAa,WAAY,YAAW,QAAQ;IAC1C,QAAQ,CAAC,UAAU,EAAG,KAAK,CAAU;IAErC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAc;IAC7C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAc;IAC5C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAc;IACzC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAc;IACnD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAc;IACxC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAc;IAChD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAW;IAC5C,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAW;IAChD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAW;IAC5C,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAc;IACrD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAe;gBAE1B,WAAW,EAAE,kBAAkB,EAAE,aAAa,EAAE,oBAAoB;IAchF,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,cAAc;
|
|
1
|
+
{"version":3,"file":"url.d.ts","sourceRoot":"","sources":["../../src/analyzers/url.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,oBAAoB,EAAc,MAAM,oBAAoB,CAAC;AAC/F,OAAO,KAAK,EAAE,QAAQ,EAAmB,cAAc,EAAE,MAAM,WAAW,CAAC;AAK3E;;;;;GAKG;AACH,qBAAa,WAAY,YAAW,QAAQ;IAC1C,QAAQ,CAAC,UAAU,EAAG,KAAK,CAAU;IAErC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAc;IAC7C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAc;IAC5C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAc;IACzC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAc;IACnD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAc;IACxC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAc;IAChD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAW;IAC5C,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAW;IAChD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAW;IAC5C,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAc;IACrD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAe;gBAE1B,WAAW,EAAE,kBAAkB,EAAE,aAAa,EAAE,oBAAoB;IAchF,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,cAAc;IAuOtC,OAAO,CAAC,cAAc;IAStB,OAAO,CAAC,YAAY;IAIpB,OAAO,CAAC,WAAW;IAQnB,OAAO,CAAC,mBAAmB;IAS3B,OAAO,CAAC,uBAAuB;IAY/B,OAAO,CAAC,uBAAuB;IAiC/B,OAAO,CAAC,gBAAgB;IAyBxB,OAAO,CAAC,eAAe;CAgBxB"}
|
package/dist/analyzers/url.js
CHANGED
|
@@ -72,7 +72,8 @@ export class UrlAnalyzer {
|
|
|
72
72
|
}
|
|
73
73
|
// ── HIGH SEVERITY (5-8 pts) ───────────────────────────────────────
|
|
74
74
|
// @ symbol in URL (credential theft / URL obfuscation)
|
|
75
|
-
if (trimmedUrl.includes('@') &&
|
|
75
|
+
if (trimmedUrl.includes('@') &&
|
|
76
|
+
trimmedUrl.substring(0, trimmedUrl.indexOf('@')).includes('://')) {
|
|
76
77
|
add('MANIPULATION', 6, "URL uses '@' to disguise real destination", 'U05');
|
|
77
78
|
}
|
|
78
79
|
// IP address instead of domain
|
|
@@ -263,7 +264,10 @@ export class UrlAnalyzer {
|
|
|
263
264
|
continue;
|
|
264
265
|
// Check for obvious typosquatting variants
|
|
265
266
|
if (brand.variants.some((v) => normalizedHost.includes(v))) {
|
|
266
|
-
return {
|
|
267
|
+
return {
|
|
268
|
+
score: 7,
|
|
269
|
+
reason: `Possible impersonation of ${brand.brand} (suspicious spelling)`,
|
|
270
|
+
};
|
|
267
271
|
}
|
|
268
272
|
// Check if brand name appears on non-official domain
|
|
269
273
|
if (normalizedHost.includes(brand.brand)) {
|