@trailofbits/vsix-audit 0.1.0

package/dist/scanner/checks/finding-quality.test.js

@@ -0,0 +1,164 @@
+/**
+ * Tests for finding quality and metadata completeness
+ *
+ * These tests verify that findings have sufficient context for human/agent triage.
+ * Run with: VSIX_AUDIT_INTEGRATION_TESTS=1 npm test -- finding-quality
+ */
+import { tmpdir } from "node:os";
+import { mkdir, rm } from "node:fs/promises";
+import { join } from "node:path";
+import { describe, it, expect, beforeAll, afterAll } from "vitest";
+import { downloadExtension } from "../download.js";
+import { scanExtension } from "../index.js";
+const INTEGRATION_TESTS_ENABLED = process.env["VSIX_AUDIT_INTEGRATION_TESTS"] === "1";
+const TEST_EXTENSIONS = [
+    { id: "esbenp.prettier-vscode", category: "baseline" },
+    { id: "ms-vscode-remote.remote-ssh", category: "edge-case", expectedPatterns: ["SSH"] },
+    { id: "eamodio.gitlens", category: "edge-case", expectedPatterns: ["child_process"] },
+];
+let workDir;
+const scanResults = new Map();
+describe.skipIf(!INTEGRATION_TESTS_ENABLED)("finding quality (integration)", () => {
+    beforeAll(async () => {
+        workDir = join(tmpdir(), `vsix-audit-test-${Date.now()}`);
+        await mkdir(workDir, { recursive: true });
+        // Download and scan all test extensions
+        for (const ext of TEST_EXTENSIONS) {
+            try {
+                const { path } = await downloadExtension(ext.id, { destDir: workDir });
+                const result = await scanExtension(path, {
+                    output: "json",
+                    severity: "low",
+                    network: false,
+                });
+                scanResults.set(ext.id, result);
+            }
+            catch (error) {
+                console.error(`Failed to scan ${ext.id}:`, error);
+            }
+        }
+    }, 120000); // 2 minute timeout for downloads
+    afterAll(async () => {
+        if (workDir) {
+            await rm(workDir, { recursive: true, force: true });
+        }
+    });
+    describe("metadata completeness", () => {
+        it("all findings have required fields", () => {
+            for (const [extId, result] of scanResults) {
+                for (const finding of result.findings) {
+                    expect(finding.id, `${extId}: finding missing id`).toBeDefined();
+                    expect(finding.title, `${extId}: finding missing title`).toBeDefined();
+                    expect(finding.description, `${extId}: finding missing description`).toBeDefined();
+                    expect(finding.severity, `${extId}: finding missing severity`).toMatch(/^(low|medium|high|critical)$/);
+                    expect(finding.category, `${extId}: finding missing category`).toBeDefined();
+                }
+            }
+        });
+        it("all findings have file location", () => {
+            for (const [extId, result] of scanResults) {
+                for (const finding of result.findings) {
+                    expect(finding.location?.file, `${extId} finding ${finding.id}: missing file location`).toBeDefined();
+                }
+            }
+        });
+        it("descriptions are meaningful (>50 chars)", () => {
+            for (const [extId, result] of scanResults) {
+                for (const finding of result.findings) {
+                    expect(finding.description.length, `${extId} finding ${finding.id}: description too short`).toBeGreaterThan(50);
+                }
+            }
+        });
+    });
+    describe("edge case documentation", () => {
+        it("remote-ssh findings explain legitimate SSH usage", () => {
+            const result = scanResults.get("ms-vscode-remote.remote-ssh");
+            if (!result)
+                return;
+            const sshFindings = result.findings.filter((f) => f.id.includes("SSH") || f.description.toLowerCase().includes("ssh"));
+            for (const finding of sshFindings) {
+                const hasContext = finding.description.toLowerCase().includes("legitimate") ||
+                    finding.description.toLowerCase().includes("common") ||
+                    finding.description.toLowerCase().includes("expected") ||
+                    finding.description.toLowerCase().includes("remote") ||
+                    finding.metadata?.["legitimateUses"]?.length;
+                expect(hasContext, `SSH finding ${finding.id} should mention legitimate uses for SSH extension`).toBe(true);
+            }
+        });
+        it("gitlens findings explain legitimate git CLI usage", () => {
+            const result = scanResults.get("eamodio.gitlens");
+            if (!result)
+                return;
+            const childProcessFindings = result.findings.filter((f) => f.id.includes("CHILD_PROCESS") ||
+                f.id.includes("EXEC") ||
+                f.description.toLowerCase().includes("child_process"));
+            for (const finding of childProcessFindings) {
+                const hasContext = finding.description.toLowerCase().includes("git") ||
+                    finding.description.toLowerCase().includes("cli") ||
+                    finding.description.toLowerCase().includes("legitimate") ||
+                    finding.description.toLowerCase().includes("common") ||
+                    finding.metadata?.["legitimateUses"]?.some((use) => use.toLowerCase().includes("git"));
+                expect(hasContext, `child_process finding ${finding.id} should mention git CLI as legitimate use`).toBe(true);
+            }
+        });
+    });
+    describe("baseline extensions", () => {
+        it("prettier-vscode has minimal findings", () => {
+            const result = scanResults.get("esbenp.prettier-vscode");
+            if (!result)
+                return;
+            // A simple formatter shouldn't have many security findings
+            // Allow some informational findings but no high/critical
+            const highSeverityFindings = result.findings.filter((f) => f.severity === "high" || f.severity === "critical");
+            expect(highSeverityFindings.length, `Simple formatter should not have high/critical findings: ${highSeverityFindings.map((f) => f.id).join(", ")}`).toBe(0);
+        });
+    });
+});
+describe("finding structure", () => {
+    function createMockFinding(overrides = {}) {
+        return {
+            id: "TEST_FINDING",
+            title: "Test finding title",
+            description: "This is a test finding with a description that is long enough to pass validation",
+            severity: "medium",
+            category: "pattern",
+            location: {
+                file: "test.js",
+                line: 42,
+            },
+            metadata: {
+                matched: "test pattern",
+                legitimateUses: ["Testing", "Documentation"],
+                redFlags: ["Combined with other suspicious patterns"],
+            },
+            ...overrides,
+        };
+    }
+    it("validates finding has all required fields", () => {
+        const finding = createMockFinding();
+        expect(finding.id).toBeDefined();
+        expect(finding.title).toBeDefined();
+        expect(finding.description).toBeDefined();
+        expect(finding.description.length).toBeGreaterThan(50);
+        expect(finding.severity).toMatch(/^(low|medium|high|critical)$/);
+        expect(finding.category).toBeDefined();
+        expect(finding.location?.file).toBeDefined();
+    });
+    it("validates metadata structure", () => {
+        const finding = createMockFinding();
+        expect(finding.metadata?.["matched"]).toBeDefined();
+        expect(finding.metadata?.["legitimateUses"]).toBeInstanceOf(Array);
+        expect(finding.metadata?.["redFlags"]).toBeInstanceOf(Array);
+    });
+    it("description mentions context for triage", () => {
+        const finding = createMockFinding({
+            description: "Code uses child_process module. Common in extensions that run CLI tools (git, compilers, linters). Review the commands being executed.",
+        });
+        const descLower = finding.description.toLowerCase();
+        const hasTriageContext = descLower.includes("common") ||
+            descLower.includes("legitimate") ||
+            descLower.includes("review");
+        expect(hasTriageContext).toBe(true);
+    });
+});
+//# sourceMappingURL=finding-quality.test.js.map

package/dist/scanner/checks/finding-quality.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding-quality.test.js","sourceRoot":"","sources":["../../../src/scanner/checks/finding-quality.test.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAiC,MAAM,aAAa,CAAC;AAE3E,MAAM,yBAAyB,GAAG,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,KAAK,GAAG,CAAC;AAQtF,MAAM,eAAe,GAAoB;IACvC,EAAE,EAAE,EAAE,wBAAwB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACtD,EAAE,EAAE,EAAE,6BAA6B,EAAE,QAAQ,EAAE,WAAW,EAAE,gBAAgB,EAAE,CAAC,KAAK,CAAC,EAAE;IACvF,EAAE,EAAE,EAAE,iBAAiB,EAAE,QAAQ,EAAE,WAAW,EAAE,gBAAgB,EAAE,CAAC,eAAe,CAAC,EAAE;CACtF,CAAC;AAEF,IAAI,OAAe,CAAC;AACpB,MAAM,WAAW,GAAG,IAAI,GAAG,EAAsB,CAAC;AAElD,QAAQ,CAAC,MAAM,CAAC,CAAC,yBAAyB,CAAC,CAAC,+BAA+B,EAAE,GAAG,EAAE;IAChF,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,OAAO,GAAG,IAAI,CAAC,MAAM,EAAE,EAAE,mBAAmB,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC1D,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE1C,wCAAwC;QACxC,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;YAClC,IAAI,CAAC;gBACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;gBACvE,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE;oBACvC,MAAM,EAAE,MAAM;oBACd,QAAQ,EAAE,KAAK;oBACf,OAAO,EAAE,KAAK;iBACf,CAAC,CAAC;gBACH,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;YAClC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,kBAAkB,GAAG,CAAC,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;IACH,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,iCAAiC;IAE7C,QAAQ,CAAC,KAAK,IAAI,EAAE;QAClB,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;QACrC,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,KAAK,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;gBAC1C,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;oBACtC,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,GAAG,KAAK,sBAAsB,CAAC,CAAC,WAAW,EAAE,CAAC;oBACjE,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,KAAK,yBAAyB,CAAC,CAAC,WAAW,EAAE,CAAC;oBACvE,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,GAAG,KAAK,+BAA+B,CAAC,CAAC,WAAW,EAAE,CAAC;oBACnF,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,GAAG,KAAK,4BAA4B,CAAC,CAAC,OAAO,CACpE,8BAA8B,CAC/B,CAAC;oBACF,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,GAAG,KAAK,4BAA4B,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC/E,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,KAAK,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;gBAC1C,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;oBACtC,MAAM,CACJ,OAAO,CAAC,QAAQ,EAAE,IAAI,EACtB,GAAG,KAAK,YAAY,OAAO,CAAC,EAAE,yBAAyB,CACxD,CAAC,WAAW,EAAE,CAAC;gBAClB,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,KAAK,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;gBAC1C,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;oBACtC,MAAM,CACJ,OAAO,CAAC,WAAW,CAAC,MAAM,EAC1B,GAAG,KAAK,YAAY,OAAO,CAAC,EAAE,yBAAyB,CACxD,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;gBACxB,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACvC,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;YAC1D,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;YAC9D,IAAI,CAAC,MAAM;gBAAE,OAAO;YAEpB,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAC3E,CAAC;YAEF,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;gBAClC,MAAM,UAAU,GACd,OAAO,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC;oBACxD,OAAO,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBACpD,OAAO,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC;oBACtD,OAAO,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBACnD,OAAO,CAAC,QAAQ,EAAE,CAAC,gBAAgB,CAA0B,EAAE,MAAM,CAAC;gBAEzE,MAAM,CACJ,UAAU,EACV,eAAe,OAAO,CAAC,EAAE,mDAAmD,CAC7E,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACf,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;YAC3D,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YAClD,IAAI,CAAC,MAAM;gBAAE,OAAO;YAEpB,MAAM,oBAAoB,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CACjD,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC;gBAC9B,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACrB,CAAC,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC,CACxD,CAAC;YAEF,KAAK,MAAM,OAAO,IAAI,oBAAoB,EAAE,CAAC;gBAC3C,MAAM,UAAU,GACd,OAAO,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;oBACjD,OAAO,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;oBACjD,OAAO,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC;oBACxD,OAAO,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBACnD,OAAO,CAAC,QAAQ,EAAE,CAAC,gBAAgB,CAA0B,EAAE,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAC3E,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAClC,CAAC;gBAEJ,MAAM,CACJ,UAAU,EACV,yBAAyB,OAAO,CAAC,EAAE,2CAA2C,CAC/E,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACf,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACnC,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;YACzD,IAAI,CAAC,MAAM;gBAAE,OAAO;YAEpB,2DAA2D;YAC3D,yDAAyD;YACzD,MAAM,oBAAoB,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CACjD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU,CAC1D,CAAC;YAEF,MAAM,CACJ,oBAAoB,CAAC,MAAM,EAC3B,4DAA4D,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC/G,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,SAAS,iBAAiB,CAAC,YAA8B,EAAE;QACzD,OAAO;YACL,EAAE,EAAE,cAAc;YAClB,KAAK,EAAE,oBAAoB;YAC3B,WAAW,EACT,kFAAkF;YACpF,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE;gBACR,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,EAAE;aACT;YACD,QAAQ,EAAE;gBACR,OAAO,EAAE,cAAc;gBACvB,cAAc,EAAE,CAAC,SAAS,EAAE,eAAe,CAAC;gBAC5C,QAAQ,EAAE,CAAC,yCAAyC,CAAC;aACtD;YACD,GAAG,SAAS;SACb,CAAC;IACJ,CAAC;IAED,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,OAAO,GAAG,iBAAiB,EAAE,CAAC;QAEpC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QACjC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;QACpC,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;QAC1C,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,8BAA8B,CAAC,CAAC;QACjE,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,OAAO,GAAG,iBAAiB,EAAE,CAAC;QAEpC,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACpD,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QACnE,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,OAAO,GAAG,iBAAiB,CAAC;YAChC,WAAW,EACT,wIAAwI;SAC3I,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;QACpD,MAAM,gBAAgB,GACpB,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC5B,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC;YAChC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAE/B,MAAM,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/scanner/checks/ioc.d.ts

@@ -0,0 +1,20 @@
+import type { Finding, VsixContents, ZooData } from "../types.js";
+export declare function checkHashes(contents: VsixContents, knownHashes: Set<string>): Finding[];
+export declare function checkDomains(contents: VsixContents, knownDomains: Set<string>): Finding[];
+export declare function checkIps(contents: VsixContents, knownIps: Set<string>): Finding[];
+/**
+ * Validates whether a Base58 string is likely a real Solana address.
+ *
+ * Filters out:
+ * - JS identifiers without digits or only trailing digits
+ * - Git/SHA hashes (lowercase hex strings)
+ * - Identifiers with clustered numbers (like "Sha256Thumbprint")
+ *
+ * Real SOL addresses have:
+ * - Digits (1-9) distributed throughout
+ * - Uppercase letters mixed in (not pure lowercase hex)
+ */
+export declare function isLikelySolanaAddress(candidate: string): boolean;
+export declare function checkWallets(contents: VsixContents, knownWallets: Set<string>, blockchainAllowlist?: Set<string>): Finding[];
+export declare function checkIocs(contents: VsixContents, zooData: ZooData): Finding[];
+//# sourceMappingURL=ioc.d.ts.map

package/dist/scanner/checks/ioc.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ioc.d.ts","sourceRoot":"","sources":["../../../src/scanner/checks/ioc.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAiDlE,wBAAgB,WAAW,CAAC,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,EAAE,CAwBvF;AAED,wBAAgB,YAAY,CAAC,QAAQ,EAAE,YAAY,EAAE,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,EAAE,CA4BzF;AAED,wBAAgB,QAAQ,CAAC,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,EAAE,CA4BjF;AAsBD;;;;;;;;;;;GAWG;AACH,wBAAgB,qBAAqB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAwBhE;AAED,wBAAgB,YAAY,CAC1B,QAAQ,EAAE,YAAY,EACtB,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,EACzB,mBAAmB,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,GAChC,OAAO,EAAE,CAkEX;AAED,wBAAgB,SAAS,CAAC,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO,EAAE,CAO7E"}

package/dist/scanner/checks/ioc.js

@@ -0,0 +1,234 @@
+import { isScannable, SCANNABLE_EXTENSIONS_IOC } from "../constants.js";
+import { findLineNumberByString } from "../utils.js";
+import { computeSha256 } from "../vsix.js";
+function extractDomains(content) {
+    const domainPattern = /(?:https?:\/\/)?([a-zA-Z0-9][-a-zA-Z0-9]*(?:\.[a-zA-Z0-9][-a-zA-Z0-9]*)+)/g;
+    const matches = [];
+    for (const match of content.matchAll(domainPattern)) {
+        const domain = match[1];
+        if (domain) {
+            matches.push(domain.toLowerCase());
+        }
+    }
+    return matches;
+}
+function extractIps(content) {
+    const ipPattern = /\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b/g;
+    const matches = [];
+    for (const match of content.matchAll(ipPattern)) {
+        const ip = match[1];
+        if (ip && isValidIp(ip)) {
+            matches.push(ip);
+        }
+    }
+    return matches;
+}
+function isValidIp(ip) {
+    const parts = ip.split(".");
+    if (parts.length !== 4)
+        return false;
+    for (const part of parts) {
+        const num = parseInt(part, 10);
+        if (isNaN(num) || num < 0 || num > 255)
+            return false;
+    }
+    if (ip === "0.0.0.0" || ip === "127.0.0.1" || ip.startsWith("192.168.") || ip.startsWith("10.")) {
+        return false;
+    }
+    return true;
+}
+export function checkHashes(contents, knownHashes) {
+    const findings = [];
+    for (const [filename, buffer] of contents.files) {
+        const hash = computeSha256(buffer);
+        if (knownHashes.has(hash)) {
+            findings.push({
+                id: "KNOWN_MALWARE_HASH",
+                title: "File matches known malware hash",
+                description: `File "${filename}" has SHA256 hash ${hash} which is in the malware database`,
+                severity: "critical",
+                category: "ioc",
+                location: {
+                    file: filename,
+                },
+                metadata: {
+                    sha256: hash,
+                },
+            });
+        }
+    }
+    return findings;
+}
+export function checkDomains(contents, knownDomains) {
+    const findings = [];
+    for (const [filename, buffer] of contents.files) {
+        if (!isScannable(filename, SCANNABLE_EXTENSIONS_IOC))
+            continue;
+        const content = buffer.toString("utf8");
+        const foundDomains = extractDomains(content);
+        for (const domain of foundDomains) {
+            if (knownDomains.has(domain)) {
+                const line = findLineNumberByString(content, domain);
+                findings.push({
+                    id: "KNOWN_C2_DOMAIN",
+                    title: "Known C2 domain detected",
+                    description: `File "${filename}" contains known C2 domain: ${domain}`,
+                    severity: "critical",
+                    category: "ioc",
+                    location: line !== undefined ? { file: filename, line } : { file: filename },
+                    metadata: {
+                        domain,
+                    },
+                });
+            }
+        }
+    }
+    return findings;
+}
+export function checkIps(contents, knownIps) {
+    const findings = [];
+    for (const [filename, buffer] of contents.files) {
+        if (!isScannable(filename, SCANNABLE_EXTENSIONS_IOC))
+            continue;
+        const content = buffer.toString("utf8");
+        const foundIps = extractIps(content);
+        for (const ip of foundIps) {
+            if (knownIps.has(ip)) {
+                const line = findLineNumberByString(content, ip);
+                findings.push({
+                    id: "KNOWN_C2_IP",
+                    title: "Known C2 IP address detected",
+                    description: `File "${filename}" contains known C2 IP: ${ip}`,
+                    severity: "critical",
+                    category: "ioc",
+                    location: line !== undefined ? { file: filename, line } : { file: filename },
+                    metadata: {
+                        ip,
+                    },
+                });
+            }
+        }
+    }
+    return findings;
+}
+// Wallet patterns ordered from most specific to least specific.
+// More specific patterns (BTC, ETH, XMR) are checked first to avoid
+// the broad Solana Base58 pattern from matching them.
+const WALLET_PATTERNS = [
+    // Bitcoin Legacy (P2PKH) - starts with 1
+    { name: "BTC", pattern: /\b1[a-km-zA-HJ-NP-Z1-9]{25,34}\b/g },
+    // Bitcoin SegWit (P2SH) - starts with 3
+    { name: "BTC", pattern: /\b3[a-km-zA-HJ-NP-Z1-9]{25,34}\b/g },
+    // Bitcoin Bech32 (Native SegWit) - starts with bc1
+    { name: "BTC", pattern: /\bbc1[a-z0-9]{39,59}\b/g },
+    // Ethereum - 0x + 40 hex chars
+    { name: "ETH", pattern: /\b0x[a-fA-F0-9]{40}\b/g },
+    // Monero - starts with 4 or 8, 95 chars
+    { name: "XMR", pattern: /\b4[0-9AB][1-9A-HJ-NP-Za-km-z]{93}\b/g },
+    // Solana - Base58, 32-44 chars (common range for pubkeys)
+    // This is a broad pattern - checked last to avoid matching BTC addresses
+    // Post-match validation is done via isLikelySolanaAddress()
+    { name: "SOL", pattern: /\b[1-9A-HJ-NP-Za-km-z]{32,44}\b/g },
+];
+/**
+ * Validates whether a Base58 string is likely a real Solana address.
+ *
+ * Filters out:
+ * - JS identifiers without digits or only trailing digits
+ * - Git/SHA hashes (lowercase hex strings)
+ * - Identifiers with clustered numbers (like "Sha256Thumbprint")
+ *
+ * Real SOL addresses have:
+ * - Digits (1-9) distributed throughout
+ * - Uppercase letters mixed in (not pure lowercase hex)
+ */
+export function isLikelySolanaAddress(candidate) {
+    // Reject pure lowercase hex strings (git hashes, checksums)
+    // These match Base58 charset but are clearly not wallets
+    if (/^[a-f0-9]+$/.test(candidate)) {
+        return false;
+    }
+    // Must have at least 2 digits
+    const digits = candidate.match(/[1-9]/g) ?? [];
+    if (digits.length < 2)
+        return false;
+    // At least one digit must be in the first 75% of the string
+    // This filters out JS identifiers with only trailing numbers like "Type2"
+    const firstDigitIndex = candidate.search(/[1-9]/);
+    if (firstDigitIndex >= candidate.length * 0.75)
+        return false;
+    // Require at least one uppercase letter
+    // This filters out pure lowercase identifiers and hex strings
+    // Real Base58 addresses use full alphanumeric range
+    if (!/[A-HJ-NP-Z]/.test(candidate)) {
+        return false;
+    }
+    return true;
+}
+export function checkWallets(contents, knownWallets, blockchainAllowlist) {
+    // Skip wallet detection for allowlisted blockchain development extensions
+    const extensionId = `${contents.manifest.publisher}.${contents.manifest.name}`;
+    if (blockchainAllowlist?.has(extensionId)) {
+        return [];
+    }
+    const findings = [];
+    for (const [filename, buffer] of contents.files) {
+        if (!isScannable(filename, SCANNABLE_EXTENSIONS_IOC))
+            continue;
+        const content = buffer.toString("utf8");
+        // Track wallets already found in this file to avoid duplicate findings
+        // (e.g., BTC addresses matching both BTC and SOL patterns)
+        const seenWallets = new Set();
+        for (const { name, pattern } of WALLET_PATTERNS) {
+            // Reset regex state
+            pattern.lastIndex = 0;
+            for (const match of content.matchAll(pattern)) {
+                const wallet = match[0];
+                // Skip if we've already reported this wallet address
+                if (seenWallets.has(wallet))
+                    continue;
+                seenWallets.add(wallet);
+                // For SOL pattern, apply additional validation to filter out JS identifiers
+                if (name === "SOL" && !isLikelySolanaAddress(wallet)) {
+                    continue;
+                }
+                const line = findLineNumberByString(content, wallet);
+                const isKnownMalicious = knownWallets.has(wallet);
+                if (isKnownMalicious) {
+                    findings.push({
+                        id: "KNOWN_MALWARE_WALLET",
+                        title: "Known malware wallet address detected",
+                        description: `File "${filename}" contains known malicious ${name} wallet: ${wallet}. ` +
+                            "This wallet is associated with malware campaigns.",
+                        severity: "critical",
+                        category: "ioc",
+                        location: line !== undefined ? { file: filename, line } : { file: filename },
+                        metadata: { wallet, currency: name, knownMalicious: true },
+                    });
+                }
+                else {
+                    findings.push({
+                        id: "CRYPTO_WALLET_DETECTED",
+                        title: "Cryptocurrency wallet address detected",
+                        description: `File "${filename}" contains ${name} wallet address: ${wallet}. ` +
+                            "VS Code extensions should not contain wallet addresses.",
+                        severity: "high",
+                        category: "ioc",
+                        location: line !== undefined ? { file: filename, line } : { file: filename },
+                        metadata: { wallet, currency: name, knownMalicious: false },
+                    });
+                }
+            }
+        }
+    }
+    return findings;
+}
+export function checkIocs(contents, zooData) {
+    return [
+        ...checkHashes(contents, zooData.hashes),
+        ...checkDomains(contents, zooData.domains),
+        ...checkIps(contents, zooData.ips),
+        ...checkWallets(contents, zooData.wallets, zooData.blockchainAllowlist),
+    ];
+}
+//# sourceMappingURL=ioc.js.map

package/dist/scanner/checks/ioc.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ioc.js","sourceRoot":"","sources":["../../../src/scanner/checks/ioc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AAExE,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE3C,SAAS,cAAc,CAAC,OAAe;IACrC,MAAM,aAAa,GACjB,4EAA4E,CAAC;IAC/E,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QACpD,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,UAAU,CAAC,OAAe;IACjC,MAAM,SAAS,GAAG,2CAA2C,CAAC;IAC9D,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAChD,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,EAAE,IAAI,SAAS,CAAC,EAAE,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,SAAS,CAAC,EAAU;IAC3B,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAErC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,IAAI,GAAG,GAAG,GAAG;YAAE,OAAO,KAAK,CAAC;IACvD,CAAC;IAED,IAAI,EAAE,KAAK,SAAS,IAAI,EAAE,KAAK,WAAW,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QAChG,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,QAAsB,EAAE,WAAwB;IAC1E,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,KAAK,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;QAChD,MAAM,IAAI,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QAEnC,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1B,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,oBAAoB;gBACxB,KAAK,EAAE,iCAAiC;gBACxC,WAAW,EAAE,SAAS,QAAQ,qBAAqB,IAAI,mCAAmC;gBAC1F,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;iBACf;gBACD,QAAQ,EAAE;oBACR,MAAM,EAAE,IAAI;iBACb;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAsB,EAAE,YAAyB;IAC5E,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,KAAK,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;QAChD,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,wBAAwB,CAAC;YAAE,SAAS;QAE/D,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,YAAY,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;QAE7C,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;YAClC,IAAI,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC7B,MAAM,IAAI,GAAG,sBAAsB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBACrD,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,iBAAiB;oBACrB,KAAK,EAAE,0BAA0B;oBACjC,WAAW,EAAE,SAAS,QAAQ,+BAA+B,MAAM,EAAE;oBACrE,QAAQ,EAAE,UAAU;oBACpB,QAAQ,EAAE,KAAK;oBACf,QAAQ,EAAE,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC5E,QAAQ,EAAE;wBACR,MAAM;qBACP;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,QAAsB,EAAE,QAAqB;IACpE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,KAAK,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;QAChD,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,wBAAwB,CAAC;YAAE,SAAS;QAE/D,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;QAErC,KAAK,MAAM,EAAE,IAAI,QAAQ,EAAE,CAAC;YAC1B,IAAI,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;gBACrB,MAAM,IAAI,GAAG,sBAAsB,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;gBACjD,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,aAAa;oBACjB,KAAK,EAAE,8BAA8B;oBACrC,WAAW,EAAE,SAAS,QAAQ,2BAA2B,EAAE,EAAE;oBAC7D,QAAQ,EAAE,UAAU;oBACpB,QAAQ,EAAE,KAAK;oBACf,QAAQ,EAAE,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC5E,QAAQ,EAAE;wBACR,EAAE;qBACH;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,gEAAgE;AAChE,oEAAoE;AACpE,sDAAsD;AACtD,MAAM,eAAe,GAA6C;IAChE,yCAAyC;IACzC,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,mCAAmC,EAAE;IAC7D,wCAAwC;IACxC,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,mCAAmC,EAAE;IAC7D,mDAAmD;IACnD,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,yBAAyB,EAAE;IACnD,+BAA+B;IAC/B,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,wBAAwB,EAAE;IAClD,wCAAwC;IACxC,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,uCAAuC,EAAE;IACjE,0DAA0D;IAC1D,yEAAyE;IACzE,4DAA4D;IAC5D,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,kCAAkC,EAAE;CAC7D,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,qBAAqB,CAAC,SAAiB;IACrD,4DAA4D;IAC5D,yDAAyD;IACzD,IAAI,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAClC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,8BAA8B;IAC9B,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC/C,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAEpC,4DAA4D;IAC5D,0EAA0E;IAC1E,MAAM,eAAe,GAAG,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAClD,IAAI,eAAe,IAAI,SAAS,CAAC,MAAM,GAAG,IAAI;QAAE,OAAO,KAAK,CAAC;IAE7D,wCAAwC;IACxC,8DAA8D;IAC9D,oDAAoD;IACpD,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QACnC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,QAAsB,EACtB,YAAyB,EACzB,mBAAiC;IAEjC,0EAA0E;IAC1E,MAAM,WAAW,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,SAAS,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC/E,IAAI,mBAAmB,EAAE,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAC1C,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,KAAK,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;QAChD,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,wBAAwB,CAAC;YAAE,SAAS;QAE/D,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACxC,uEAAuE;QACvE,2DAA2D;QAC3D,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;QAEtC,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,eAAe,EAAE,CAAC;YAChD,oBAAoB;YACpB,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YAEtB,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC9C,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAExB,qDAAqD;gBACrD,IAAI,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC;oBAAE,SAAS;gBACtC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAExB,4EAA4E;gBAC5E,IAAI,IAAI,KAAK,KAAK,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,EAAE,CAAC;oBACrD,SAAS;gBACX,CAAC;gBAED,MAAM,IAAI,GAAG,sBAAsB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBACrD,MAAM,gBAAgB,GAAG,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAElD,IAAI,gBAAgB,EAAE,CAAC;oBACrB,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,sBAAsB;wBAC1B,KAAK,EAAE,uCAAuC;wBAC9C,WAAW,EACT,SAAS,QAAQ,8BAA8B,IAAI,YAAY,MAAM,IAAI;4BACzE,mDAAmD;wBACrD,QAAQ,EAAE,UAAU;wBACpB,QAAQ,EAAE,KAAK;wBACf,QAAQ,EAAE,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE;wBAC5E,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE;qBAC3D,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,wBAAwB;wBAC5B,KAAK,EAAE,wCAAwC;wBAC/C,WAAW,EACT,SAAS,QAAQ,cAAc,IAAI,oBAAoB,MAAM,IAAI;4BACjE,yDAAyD;wBAC3D,QAAQ,EAAE,MAAM;wBAChB,QAAQ,EAAE,KAAK;wBACf,QAAQ,EAAE,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE;wBAC5E,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE;qBAC5D,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,QAAsB,EAAE,OAAgB;IAChE,OAAO;QACL,GAAG,WAAW,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC;QACxC,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC;QAC1C,GAAG,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC;QAClC,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,mBAAmB,CAAC;KACxE,CAAC;AACJ,CAAC"}

package/dist/scanner/checks/ioc.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=ioc.test.d.ts.map

package/dist/scanner/checks/ioc.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ioc.test.d.ts","sourceRoot":"","sources":["../../../src/scanner/checks/ioc.test.ts"],"names":[],"mappings":""}