@trailofbits/vsix-audit 0.1.0

package/dist/scanner/checks/obfuscation.js

@@ -0,0 +1,432 @@
+import { detectBundler } from "../bundler.js";
+import { isScannable, SCANNABLE_EXTENSIONS_PATTERN, SCANNABLE_EXTENSIONS_UNICODE, } from "../constants.js";
+import { findLineNumberByIndex } from "../utils.js";
+// ============================================================================
+// SHARED UTILITIES
+// ============================================================================
+/**
+ * Check if file is in node_modules (third-party dependencies).
+ * These are not extension code and generate many false positives.
+ */
+function isNodeModules(filename) {
+    return filename.includes("node_modules/") || filename.includes("node_modules\\");
+}
+// ============================================================================
+// ENTROPY ANALYSIS
+// ============================================================================
+/**
+ * Calculate Shannon entropy of a string.
+ * Higher entropy indicates more randomness, often a sign of obfuscation.
+ * Normal code: ~4.5 bits/char, obfuscated: >5.5
+ */
+function shannonEntropy(str) {
+    if (str.length === 0)
+        return 0;
+    const freq = {};
+    for (const char of str) {
+        freq[char] = (freq[char] ?? 0) + 1;
+    }
+    let entropy = 0;
+    const len = str.length;
+    for (const count of Object.values(freq)) {
+        const p = count / len;
+        entropy -= p * Math.log2(p);
+    }
+    return entropy;
+}
+/**
+ * Find high-entropy regions in code (potential obfuscation).
+ * Uses a sliding window approach.
+ */
+function findHighEntropyRegions(content, windowSize = 200, threshold = 5.5) {
+    const regions = [];
+    const step = 50;
+    for (let i = 0; i < content.length - windowSize; i += step) {
+        const window = content.slice(i, i + windowSize);
+        // Skip whitespace-heavy regions
+        const nonWhitespace = window.replace(/\s/g, "");
+        if (nonWhitespace.length < windowSize * 0.3)
+            continue;
+        const entropy = shannonEntropy(nonWhitespace);
+        if (entropy > threshold) {
+            // Merge with previous region if overlapping
+            const last = regions.at(-1);
+            if (last && i < last.end + step) {
+                last.end = i + windowSize;
+                last.entropy = Math.max(last.entropy, entropy);
+            }
+            else {
+                regions.push({ start: i, end: i + windowSize, entropy });
+            }
+        }
+    }
+    return regions;
+}
+function checkEntropy(contents) {
+    const findings = [];
+    const seenFindings = new Set();
+    for (const [filename, buffer] of contents.files) {
+        if (!isScannable(filename, SCANNABLE_EXTENSIONS_PATTERN))
+            continue;
+        // Skip node_modules - third-party deps generate many false positives
+        if (isNodeModules(filename))
+            continue;
+        const content = buffer.toString("utf8");
+        // Skip bundled code - minification naturally increases entropy
+        const bundlerInfo = detectBundler(content, filename);
+        if (bundlerInfo.isBundled)
+            continue;
+        const regions = findHighEntropyRegions(content);
+        if (regions.length === 0)
+            continue;
+        const key = `OBFUSCATION_HIGH_ENTROPY:${filename}`;
+        if (seenFindings.has(key))
+            continue;
+        seenFindings.add(key);
+        const firstRegion = regions[0];
+        if (!firstRegion)
+            continue;
+        const matches = regions.map((region) => ({
+            index: region.start,
+            matched: `Entropy: ${region.entropy.toFixed(2)} bits/char`,
+            score: Math.min(90, Math.floor(region.entropy * 15)),
+        }));
+        findings.push({
+            id: "OBFUSCATION_HIGH_ENTROPY",
+            title: "High entropy code region",
+            description: "Code region has unusually high Shannon entropy (randomness). This often indicates obfuscated or encoded content.",
+            severity: "medium",
+            category: "obfuscation",
+            location: {
+                file: filename,
+                line: findLineNumberByIndex(content, firstRegion.start),
+            },
+            metadata: {
+                matchCount: matches.length,
+                matched: matches[0]?.matched,
+                obfuscationScore: Math.max(...matches.map((m) => m.score)),
+                legitimateUses: ["Compressed data", "Base64 content", "Hash strings"],
+                redFlags: ["Near eval/Function", "Large continuous regions"],
+            },
+        });
+    }
+    return findings;
+}
+// ============================================================================
+// UNICODE HIDING DETECTION
+// ============================================================================
+function findLineAndColumn(content, index) {
+    const beforeMatch = content.slice(0, index);
+    const lines = beforeMatch.split("\n");
+    const line = lines.length;
+    const column = (lines.at(-1)?.length ?? 0) + 1;
+    return { line, column };
+}
+function getContext(content, index, length) {
+    const start = Math.max(0, index - 20);
+    const end = Math.min(content.length, index + length + 20);
+    let ctx = content.slice(start, end);
+    if (start > 0)
+        ctx = "..." + ctx;
+    if (end < content.length)
+        ctx = ctx + "...";
+    return ctx.replace(/[\n\r]/g, "\\n").slice(0, 80);
+}
+// Zero-width characters: U+200B-200D, U+FEFF
+const ZERO_WIDTH_REGEX = /[\u200B-\u200D\uFEFF]/g;
+// Variation selectors: U+FE00-FE0F (GlassWorm technique)
+const VARIATION_SELECTOR_REGEX = /[\uFE00-\uFE0F]/g;
+// Bidirectional overrides: U+202A-202E (Trojan Source attack)
+const BIDI_OVERRIDE_REGEX = /[\u202A-\u202E]/g;
+// Unicode escapes for ASCII: \u00XX where XX is 20-7E (printable ASCII)
+const UNICODE_ASCII_ESCAPE_REGEX = /\\u00[2-7][0-9a-fA-F]/g;
+// Cyrillic homoglyphs that look like Latin letters
+const CYRILLIC_LOOKALIKE_REGEX = /[\u0430\u0441\u0435\u043E\u0440\u0445\u0443\u0410\u0412\u0421\u0415\u041D\u041A\u041C\u041E\u0420\u0422\u0425]/g;
+// Additional invisible/confusable characters
+const OTHER_INVISIBLE_REGEX = /[\u00AD\u034F\u115F\u1160\u17B4\u17B5\u180E\u2060-\u2064\u206A-\u206F]/g;
+function detectUnicodePattern(content, regex, minMatches = 1) {
+    const matches = [];
+    const r = new RegExp(regex.source, regex.flags);
+    let match;
+    while ((match = r.exec(content)) !== null) {
+        const { line, column } = findLineAndColumn(content, match.index);
+        matches.push({
+            line,
+            column,
+            matched: match[0],
+            context: getContext(content, match.index, match[0].length),
+        });
+    }
+    return matches.length >= minMatches ? matches : [];
+}
+/**
+ * Check if the file appears to be primarily i18n/localization content.
+ */
+function isI18nFile(filename, content) {
+    const i18nPatterns = [
+        /locales?\//i,
+        /i18n\//i,
+        /translations?\//i,
+        /lang\//i,
+        /messages/i,
+        /\.l10n\./i,
+        /nls\./i,
+        // moment locale files (e.g., moment/locale/ku.js)
+        /moment\/.*locale/i,
+        // Encoding tables (iconv-lite encodings/tables/*.js)
+        /encodings?\/(tables|sbcs)/i,
+        // HTML entities data
+        /entities\.json$/i,
+        // Emoji data files
+        /emoji\.json$/i,
+        // CLI spinners data
+        /spinners\.json$/i,
+        // Public Suffix List
+        /psl\//i,
+        // VS Code NLS localization files (package.nls.*.json)
+        /package\.nls\.[a-z]{2}(-[a-z]{2})?\.json$/i,
+    ];
+    if (i18nPatterns.some((p) => p.test(filename))) {
+        return true;
+    }
+    if (filename.endsWith(".json")) {
+        const keyValuePairs = (content.match(/"[^"]+"\s*:\s*"[^"]+"/g) ?? []).length;
+        const lines = content.split("\n").length;
+        if (keyValuePairs / lines > 0.5 && keyValuePairs > 10) {
+            return true;
+        }
+    }
+    // Persian (Farsi) and Arabic scripts use zero-width non-joiner (U+200C) legitimately
+    // for proper text rendering. Detect these scripts by their Unicode ranges.
+    const hasPersianArabicScript = /[\u0600-\u06FF\u0750-\u077F]/.test(content);
+    if (hasPersianArabicScript && filename.endsWith(".json")) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Check if file has legitimate RTL text support (math, diagrams, language files).
+ */
+function isRtlFile(filename) {
+    const rtlPatterns = [
+        /katex/i, // KaTeX math rendering
+        /mermaid/i, // Mermaid diagram library
+        /mathjax/i, // MathJax math rendering
+        /drawio.*\/(dia_he|dia_fa|dia_ar)/i, // DrawIO Hebrew/Farsi/Arabic language files
+        /_he\.txt$/i, // Hebrew language files
+        /_fa\.txt$/i, // Farsi language files
+        /_ar\.txt$/i, // Arabic language files
+    ];
+    return rtlPatterns.some((p) => p.test(filename));
+}
+/**
+ * Check if invisible characters are in proximity to execution patterns.
+ */
+function hasExecutionInProximity(content, invisibleIndex, proximityChars = 200) {
+    const start = Math.max(0, invisibleIndex - proximityChars);
+    const end = Math.min(content.length, invisibleIndex + proximityChars);
+    const region = content.slice(start, end);
+    const execPatterns = [
+        /eval\s*\(/i,
+        /Function\s*\(/i,
+        /exec\s*\(/i,
+        /spawn\s*\(/i,
+        /execSync\s*\(/i,
+        /child_process/i,
+        /\.\s*call\s*\(/,
+        /\.\s*apply\s*\(/,
+        /new\s+Function/i,
+        /atob\s*\(/i,
+        /Buffer\.from/i,
+    ];
+    return execPatterns.some((p) => p.test(region));
+}
+// Rules that should be skipped for bundled code and node_modules
+const SKIP_UNICODE_FOR_BUNDLED = new Set([
+    "ZERO_WIDTH_CHARS",
+    "CYRILLIC_HOMOGLYPH",
+    "OTHER_INVISIBLE_CHARS",
+    "UNICODE_ASCII_ESCAPE",
+]);
+// Rules that should be skipped for node_modules (third-party deps)
+// Critical rules (VARIATION_SELECTOR, BIDI_OVERRIDE, INVISIBLE_CODE_EXECUTION) still run
+const SKIP_UNICODE_FOR_NODE_MODULES = new Set([
+    "ZERO_WIDTH_CHARS",
+    "CYRILLIC_HOMOGLYPH",
+    "OTHER_INVISIBLE_CHARS",
+    "UNICODE_ASCII_ESCAPE",
+    "OBFUSCATION_HIGH_ENTROPY",
+]);
+const UNICODE_RULES = [
+    {
+        id: "ZERO_WIDTH_CHARS",
+        title: "Zero-width characters detected",
+        description: "File contains zero-width Unicode characters (U+200B-200D, U+FEFF). These invisible characters can hide malicious code or be used for steganography.",
+        severity: "high",
+        detect: (content, filename) => {
+            // Skip i18n files - Persian, Arabic, Kurdish etc. use U+200C (ZWNJ) legitimately
+            if (isI18nFile(filename, content))
+                return [];
+            return detectUnicodePattern(content, ZERO_WIDTH_REGEX, 3);
+        },
+    },
+    {
+        id: "VARIATION_SELECTOR",
+        title: "Unicode variation selectors detected (GlassWorm technique)",
+        description: "File contains many Unicode variation selectors (U+FE00-FE0F). GlassWorm malware uses these to hide executable code.",
+        severity: "critical",
+        detect: (content, filename) => {
+            // Skip emoji/entity data files that legitimately use variation selectors
+            const emojiDataPatterns = [
+                /emoji/i,
+                /entities/i,
+                /spinners/i,
+                /\.md$/i, // README files often have emoji
+                /gemoji/i, // GitHub emoji library
+                /twemoji/i, // Twitter emoji
+                /node-emoji/i, // node-emoji package
+                /unicode.*data/i, // Unicode data files
+                /emojis?\.(json|js|ts)$/i, // emoji data files
+            ];
+            if (emojiDataPatterns.some((p) => p.test(filename)))
+                return [];
+            // If file contains many actual emoji characters, it's likely legitimate emoji data
+            // Emoji ranges: Emoticons, Dingbats, Symbols, Flags, etc.
+            // eslint-disable-next-line no-misleading-character-class
+            const emojiPattern = /[\u{1F300}-\u{1F9FF}\u{2600}-\u{26FF}\u{2700}-\u{27BF}]/gu;
+            const emojiMatches = content.match(emojiPattern);
+            if (emojiMatches && emojiMatches.length > 100)
+                return [];
+            // GlassWorm uses hundreds of variation selectors; 50 is well above normal emoji use
+            return detectUnicodePattern(content, VARIATION_SELECTOR_REGEX, 50);
+        },
+    },
+    {
+        id: "BIDI_OVERRIDE",
+        title: "Bidirectional text override detected (Trojan Source)",
+        description: "File contains Unicode bidirectional override characters (U+202A-202E). This is the Trojan Source attack technique.",
+        severity: "critical",
+        detect: (content, filename) => {
+            // Skip files with legitimate RTL text support (math, diagrams, language files)
+            if (isRtlFile(filename))
+                return [];
+            return detectUnicodePattern(content, BIDI_OVERRIDE_REGEX, 1);
+        },
+    },
+    {
+        id: "UNICODE_ASCII_ESCAPE",
+        title: "Unicode escape sequences for ASCII characters",
+        description: "File uses Unicode escape sequences (\\u00XX) for normal ASCII characters. This is a common obfuscation technique.",
+        severity: "medium",
+        detect: (content) => detectUnicodePattern(content, UNICODE_ASCII_ESCAPE_REGEX, 5),
+    },
+    {
+        id: "CYRILLIC_HOMOGLYPH",
+        title: "Cyrillic homoglyph characters detected",
+        description: "File contains Cyrillic characters that visually resemble Latin letters. This can be used for homoglyph attacks.",
+        severity: "high",
+        detect: (content, filename) => {
+            if (filename.endsWith(".md") || filename.endsWith(".txt")) {
+                return [];
+            }
+            if (isI18nFile(filename, content)) {
+                return [];
+            }
+            return detectUnicodePattern(content, CYRILLIC_LOOKALIKE_REGEX, 1);
+        },
+    },
+    {
+        id: "OTHER_INVISIBLE_CHARS",
+        title: "Other invisible Unicode characters detected",
+        description: "File contains invisible Unicode characters (soft hyphens, combining marks, format controls).",
+        severity: "medium",
+        detect: (content) => detectUnicodePattern(content, OTHER_INVISIBLE_REGEX, 3),
+    },
+    {
+        id: "INVISIBLE_CODE_EXECUTION",
+        title: "Invisible characters near code execution",
+        description: "File contains many invisible Unicode characters in proximity to code execution functions. Strong indicator of hidden malicious code.",
+        severity: "critical",
+        detect: (content, filename) => {
+            if (isI18nFile(filename, content)) {
+                return [];
+            }
+            const suspiciousInvisible = new RegExp(`${VARIATION_SELECTOR_REGEX.source}|${BIDI_OVERRIDE_REGEX.source}`, "g");
+            const matches = detectUnicodePattern(content, suspiciousInvisible, 5);
+            return matches.filter((m) => {
+                const matchIndex = content.slice(0, m.line).split("\n").length > 1
+                    ? content
+                        .split("\n")
+                        .slice(0, m.line - 1)
+                        .join("\n").length + m.column
+                    : m.column;
+                return hasExecutionInProximity(content, matchIndex);
+            });
+        },
+    },
+];
+function checkUnicodeHiding(contents) {
+    const findings = [];
+    const seenFindings = new Set();
+    for (const [filename, buffer] of contents.files) {
+        if (!isScannable(filename, SCANNABLE_EXTENSIONS_UNICODE))
+            continue;
+        const content = buffer.toString("utf8");
+        const bundlerInfo = detectBundler(content, filename);
+        const inNodeModules = isNodeModules(filename);
+        for (const rule of UNICODE_RULES) {
+            // Skip non-critical rules for bundled code
+            if (bundlerInfo.isBundled && SKIP_UNICODE_FOR_BUNDLED.has(rule.id)) {
+                continue;
+            }
+            // Skip non-critical rules for node_modules (third-party deps)
+            if (inNodeModules && SKIP_UNICODE_FOR_NODE_MODULES.has(rule.id)) {
+                continue;
+            }
+            const matches = rule.detect(content, filename);
+            if (matches.length === 0)
+                continue;
+            const key = `${rule.id}:${filename}`;
+            if (seenFindings.has(key))
+                continue;
+            seenFindings.add(key);
+            const firstMatch = matches[0];
+            if (!firstMatch)
+                continue;
+            findings.push({
+                id: rule.id,
+                title: rule.title,
+                description: rule.description,
+                severity: rule.severity,
+                category: "obfuscation",
+                location: {
+                    file: filename,
+                    line: firstMatch.line,
+                    column: firstMatch.column,
+                },
+                metadata: {
+                    matchCount: matches.length,
+                    firstMatch: firstMatch.context,
+                    codePoints: matches
+                        .slice(0, 5)
+                        .map((m) => [...m.matched]
+                        .map((c) => `U+${c.codePointAt(0)?.toString(16).toUpperCase().padStart(4, "0")}`)
+                        .join(", ")),
+                },
+            });
+        }
+    }
+    return findings;
+}
+// ============================================================================
+// MAIN EXPORT
+// ============================================================================
+export function checkObfuscation(contents) {
+    const findings = [];
+    // Check entropy in code files (1 rule - YARA can't calculate entropy)
+    findings.push(...checkEntropy(contents));
+    // Check Unicode hiding in all text files (7 rules)
+    findings.push(...checkUnicodeHiding(contents));
+    return findings;
+}
+//# sourceMappingURL=obfuscation.js.map

package/dist/scanner/checks/obfuscation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"obfuscation.js","sourceRoot":"","sources":["../../../src/scanner/checks/obfuscation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EACL,WAAW,EACX,4BAA4B,EAC5B,4BAA4B,GAC7B,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAoCpD,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;;GAGG;AACH,SAAS,aAAa,CAAC,QAAgB;IACrC,OAAO,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;AACnF,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;;;GAIG;AACH,SAAS,cAAc,CAAC,GAAW;IACjC,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IAE/B,MAAM,IAAI,GAA2B,EAAE,CAAC;IACxC,KAAK,MAAM,IAAI,IAAI,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACrC,CAAC;IAED,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC;IACvB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,MAAM,CAAC,GAAG,KAAK,GAAG,GAAG,CAAC;QACtB,OAAO,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAC7B,OAAe,EACf,UAAU,GAAG,GAAG,EAChB,SAAS,GAAG,GAAG;IAEf,MAAM,OAAO,GAAsD,EAAE,CAAC;IACtE,MAAM,IAAI,GAAG,EAAE,CAAC;IAEhB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC;QAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,CAAC;QAEhD,gCAAgC;QAChC,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAChD,IAAI,aAAa,CAAC,MAAM,GAAG,UAAU,GAAG,GAAG;YAAE,SAAS;QAEtD,MAAM,OAAO,GAAG,cAAc,CAAC,aAAa,CAAC,CAAC;QAC9C,IAAI,OAAO,GAAG,SAAS,EAAE,CAAC;YACxB,4CAA4C;YAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5B,IAAI,IAAI,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,GAAG,IAAI,EAAE,CAAC;gBAChC,IAAI,CAAC,GAAG,GAAG,CAAC,GAAG,UAAU,CAAC;gBAC1B,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,YAAY,CAAC,QAAsB;IAC1C,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IAEvC,KAAK,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;QAChD,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,4BAA4B,CAAC;YAAE,SAAS;QACnE,qEAAqE;QACrE,IAAI,aAAa,CAAC,QAAQ,CAAC;YAAE,SAAS;QAEtC,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAExC,+DAA+D;QAC/D,MAAM,WAAW,GAAG,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACrD,IAAI,WAAW,CAAC,SAAS;YAAE,SAAS;QAEpC,MAAM,OAAO,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAChD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEnC,MAAM,GAAG,GAAG,4BAA4B,QAAQ,EAAE,CAAC;QACnD,IAAI,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QACpC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAEtB,MAAM,WAAW,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAC/B,IAAI,CAAC,WAAW;YAAE,SAAS;QAE3B,MAAM,OAAO,GAAmB,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YACvD,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,OAAO,EAAE,YAAY,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY;YAC1D,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC;SACrD,CAAC,CAAC,CAAC;QAEJ,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,0BAA0B;YAC9B,KAAK,EAAE,0BAA0B;YACjC,WAAW,EACT,kHAAkH;YACpH,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,aAAa;YACvB,QAAQ,EAAE;gBACR,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,qBAAqB,CAAC,OAAO,EAAE,WAAW,CAAC,KAAK,CAAC;aACxD;YACD,QAAQ,EAAE;gBACR,UAAU,EAAE,OAAO,CAAC,MAAM;gBAC1B,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO;gBAC5B,gBAAgB,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;gBAC1D,cAAc,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,EAAE,cAAc,CAAC;gBACrE,QAAQ,EAAE,CAAC,oBAAoB,EAAE,0BAA0B,CAAC;aAC7D;SACF,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,+EAA+E;AAC/E,2BAA2B;AAC3B,+EAA+E;AAE/E,SAAS,iBAAiB,CAAC,OAAe,EAAE,KAAa;IACvD,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAC5C,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC;IAC1B,MAAM,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAC/C,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;AAC1B,CAAC;AAED,SAAS,UAAU,CAAC,OAAe,EAAE,KAAa,EAAE,MAAc;IAChE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,EAAE,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,EAAE,CAAC,CAAC;IAC1D,IAAI,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACpC,IAAI,KAAK,GAAG,CAAC;QAAE,GAAG,GAAG,KAAK,GAAG,GAAG,CAAC;IACjC,IAAI,GAAG,GAAG,OAAO,CAAC,MAAM;QAAE,GAAG,GAAG,GAAG,GAAG,KAAK,CAAC;IAC5C,OAAO,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACpD,CAAC;AAED,6CAA6C;AAC7C,MAAM,gBAAgB,GAAG,wBAAwB,CAAC;AAElD,yDAAyD;AACzD,MAAM,wBAAwB,GAAG,kBAAkB,CAAC;AAEpD,8DAA8D;AAC9D,MAAM,mBAAmB,GAAG,kBAAkB,CAAC;AAE/C,wEAAwE;AACxE,MAAM,0BAA0B,GAAG,wBAAwB,CAAC;AAE5D,mDAAmD;AACnD,MAAM,wBAAwB,GAC5B,iHAAiH,CAAC;AAEpH,6CAA6C;AAC7C,MAAM,qBAAqB,GACzB,yEAAyE,CAAC;AAE5E,SAAS,oBAAoB,CAAC,OAAe,EAAE,KAAa,EAAE,UAAU,GAAG,CAAC;IAC1E,MAAM,OAAO,GAAmB,EAAE,CAAC;IACnC,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;IAChD,IAAI,KAA6B,CAAC;IAElC,OAAO,CAAC,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC1C,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,iBAAiB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QACjE,OAAO,CAAC,IAAI,CAAC;YACX,IAAI;YACJ,MAAM;YACN,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;YACjB,OAAO,EAAE,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;SAC3D,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;AACrD,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,QAAgB,EAAE,OAAe;IACnD,MAAM,YAAY,GAAG;QACnB,aAAa;QACb,SAAS;QACT,kBAAkB;QAClB,SAAS;QACT,WAAW;QACX,WAAW;QACX,QAAQ;QACR,kDAAkD;QAClD,mBAAmB;QACnB,qDAAqD;QACrD,4BAA4B;QAC5B,qBAAqB;QACrB,kBAAkB;QAClB,mBAAmB;QACnB,eAAe;QACf,oBAAoB;QACpB,kBAAkB;QAClB,qBAAqB;QACrB,QAAQ;QACR,sDAAsD;QACtD,4CAA4C;KAC7C,CAAC;IACF,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,MAAM,aAAa,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QAC7E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;QACzC,IAAI,aAAa,GAAG,KAAK,GAAG,GAAG,IAAI,aAAa,GAAG,EAAE,EAAE,CAAC;YACtD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,qFAAqF;IACrF,2EAA2E;IAC3E,MAAM,sBAAsB,GAAG,8BAA8B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC5E,IAAI,sBAAsB,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACzD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,SAAS,CAAC,QAAgB;IACjC,MAAM,WAAW,GAAG;QAClB,QAAQ,EAAE,uBAAuB;QACjC,UAAU,EAAE,0BAA0B;QACtC,UAAU,EAAE,yBAAyB;QACrC,mCAAmC,EAAE,4CAA4C;QACjF,YAAY,EAAE,wBAAwB;QACtC,YAAY,EAAE,uBAAuB;QACrC,YAAY,EAAE,wBAAwB;KACvC,CAAC;IACF,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;AACnD,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAC9B,OAAe,EACf,cAAsB,EACtB,cAAc,GAAG,GAAG;IAEpB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,cAAc,GAAG,cAAc,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,cAAc,GAAG,cAAc,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAEzC,MAAM,YAAY,GAAG;QACnB,YAAY;QACZ,gBAAgB;QAChB,YAAY;QACZ,aAAa;QACb,gBAAgB;QAChB,gBAAgB;QAChB,gBAAgB;QAChB,iBAAiB;QACjB,iBAAiB;QACjB,YAAY;QACZ,eAAe;KAChB,CAAC;IACF,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;AAClD,CAAC;AAED,iEAAiE;AACjE,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC;IACvC,kBAAkB;IAClB,oBAAoB;IACpB,uBAAuB;IACvB,sBAAsB;CACvB,CAAC,CAAC;AAEH,mEAAmE;AACnE,yFAAyF;AACzF,MAAM,6BAA6B,GAAG,IAAI,GAAG,CAAC;IAC5C,kBAAkB;IAClB,oBAAoB;IACpB,uBAAuB;IACvB,sBAAsB;IACtB,0BAA0B;CAC3B,CAAC,CAAC;AAEH,MAAM,aAAa,GAAkB;IACnC;QACE,EAAE,EAAE,kBAAkB;QACtB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,qJAAqJ;QACvJ,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,EAAE;YAC5B,iFAAiF;YACjF,IAAI,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC;gBAAE,OAAO,EAAE,CAAC;YAC7C,OAAO,oBAAoB,CAAC,OAAO,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAAC;QAC5D,CAAC;KACF;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,4DAA4D;QACnE,WAAW,EACT,qHAAqH;QACvH,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,EAAE;YAC5B,yEAAyE;YACzE,MAAM,iBAAiB,GAAG;gBACxB,QAAQ;gBACR,WAAW;gBACX,WAAW;gBACX,QAAQ,EAAE,gCAAgC;gBAC1C,SAAS,EAAE,uBAAuB;gBAClC,UAAU,EAAE,gBAAgB;gBAC5B,aAAa,EAAE,qBAAqB;gBACpC,gBAAgB,EAAE,qBAAqB;gBACvC,yBAAyB,EAAE,mBAAmB;aAC/C,CAAC;YACF,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAAE,OAAO,EAAE,CAAC;YAE/D,mFAAmF;YACnF,0DAA0D;YAC1D,yDAAyD;YACzD,MAAM,YAAY,GAAG,2DAA2D,CAAC;YACjF,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YACjD,IAAI,YAAY,IAAI,YAAY,CAAC,MAAM,GAAG,GAAG;gBAAE,OAAO,EAAE,CAAC;YAEzD,oFAAoF;YACpF,OAAO,oBAAoB,CAAC,OAAO,EAAE,wBAAwB,EAAE,EAAE,CAAC,CAAC;QACrE,CAAC;KACF;IACD;QACE,EAAE,EAAE,eAAe;QACnB,KAAK,EAAE,sDAAsD;QAC7D,WAAW,EACT,oHAAoH;QACtH,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,EAAE;YAC5B,+EAA+E;YAC/E,IAAI,SAAS,CAAC,QAAQ,CAAC;gBAAE,OAAO,EAAE,CAAC;YACnC,OAAO,oBAAoB,CAAC,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC;QAC/D,CAAC;KACF;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,KAAK,EAAE,+CAA+C;QACtD,WAAW,EACT,mHAAmH;QACrH,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,oBAAoB,CAAC,OAAO,EAAE,0BAA0B,EAAE,CAAC,CAAC;KAClF;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,wCAAwC;QAC/C,WAAW,EACT,iHAAiH;QACnH,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,EAAE;YAC5B,IAAI,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC1D,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,IAAI,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;gBAClC,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,OAAO,oBAAoB,CAAC,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC,CAAC;QACpE,CAAC;KACF;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,KAAK,EAAE,6CAA6C;QACpD,WAAW,EACT,8FAA8F;QAChG,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,oBAAoB,CAAC,OAAO,EAAE,qBAAqB,EAAE,CAAC,CAAC;KAC7E;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,KAAK,EAAE,0CAA0C;QACjD,WAAW,EACT,sIAAsI;QACxI,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,EAAE;YAC5B,IAAI,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;gBAClC,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,MAAM,mBAAmB,GAAG,IAAI,MAAM,CACpC,GAAG,wBAAwB,CAAC,MAAM,IAAI,mBAAmB,CAAC,MAAM,EAAE,EAClE,GAAG,CACJ,CAAC;YACF,MAAM,OAAO,GAAG,oBAAoB,CAAC,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC;YAEtE,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;gBAC1B,MAAM,UAAU,GACd,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;oBAC7C,CAAC,CAAC,OAAO;yBACJ,KAAK,CAAC,IAAI,CAAC;yBACX,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;yBACpB,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM;oBACjC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBACf,OAAO,uBAAuB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;YACtD,CAAC,CAAC,CAAC;QACL,CAAC;KACF;CACF,CAAC;AAEF,SAAS,kBAAkB,CAAC,QAAsB;IAChD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IAEvC,KAAK,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;QAChD,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,4BAA4B,CAAC;YAAE,SAAS;QAEnE,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,WAAW,GAAG,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACrD,MAAM,aAAa,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;QAE9C,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,2CAA2C;YAC3C,IAAI,WAAW,CAAC,SAAS,IAAI,wBAAwB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBACnE,SAAS;YACX,CAAC;YACD,8DAA8D;YAC9D,IAAI,aAAa,IAAI,6BAA6B,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBAChE,SAAS;YACX,CAAC;YAED,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAC/C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAEnC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,EAAE,IAAI,QAAQ,EAAE,CAAC;YACrC,IAAI,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YACpC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAEtB,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YAC9B,IAAI,CAAC,UAAU;gBAAE,SAAS;YAE1B,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,aAAa;gBACvB,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,UAAU,CAAC,IAAI;oBACrB,MAAM,EAAE,UAAU,CAAC,MAAM;iBAC1B;gBACD,QAAQ,EAAE;oBACR,UAAU,EAAE,OAAO,CAAC,MAAM;oBAC1B,UAAU,EAAE,UAAU,CAAC,OAAO;oBAC9B,UAAU,EAAE,OAAO;yBAChB,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;yBACX,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACT,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC;yBACX,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;yBAChF,IAAI,CAAC,IAAI,CAAC,CACd;iBACJ;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,+EAA+E;AAC/E,cAAc;AACd,+EAA+E;AAE/E,MAAM,UAAU,gBAAgB,CAAC,QAAsB;IACrD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,sEAAsE;IACtE,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEzC,mDAAmD;IACnD,QAAQ,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC;IAE/C,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/scanner/checks/obfuscation.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=obfuscation.test.d.ts.map

package/dist/scanner/checks/obfuscation.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"obfuscation.test.d.ts","sourceRoot":"","sources":["../../../src/scanner/checks/obfuscation.test.ts"],"names":[],"mappings":""}