@trailofbits/vsix-audit 0.1.0

package/dist/scanner/checks/obfuscation.test.js

@@ -0,0 +1,399 @@
+import { describe, expect, it } from "vitest";
+import { checkObfuscation } from "./obfuscation.js";
+function makeContents(files) {
+    const manifest = {
+        name: "test-extension",
+        publisher: "test",
+        version: "1.0.0",
+    };
+    const fileMap = new Map();
+    for (const [name, content] of Object.entries(files)) {
+        fileMap.set(name, Buffer.from(content, "utf8"));
+    }
+    return { manifest, files: fileMap, basePath: "/test" };
+}
+describe("checkObfuscation", () => {
+    // ============================================================================
+    // ENTROPY DETECTION
+    // ============================================================================
+    describe("entropy detection", () => {
+        it("detects high entropy regions", () => {
+            // Generate high-entropy string using full alphanumeric charset (62 chars)
+            // Each char used ~equally = entropy near log2(62) ≈ 5.95 bits/char
+            // Threshold is 5.5, so this will trigger detection
+            const chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+            let highEntropy = "";
+            for (let i = 0; i < 300; i++) {
+                highEntropy += chars[i % chars.length];
+            }
+            const content = `const data = "${highEntropy}";`;
+            const contents = makeContents({ "extension.js": content });
+            const findings = checkObfuscation(contents);
+            expect(findings.some((f) => f.id === "OBFUSCATION_HIGH_ENTROPY")).toBe(true);
+        });
+        it("ignores normal code with low entropy", () => {
+            const content = `
+        function hello() {
+          console.log("Hello, World!");
+          return true;
+        }
+      `;
+            const contents = makeContents({ "extension.js": content });
+            const findings = checkObfuscation(contents);
+            expect(findings.some((f) => f.id === "OBFUSCATION_HIGH_ENTROPY")).toBe(false);
+        });
+    });
+    // ============================================================================
+    // UNICODE HIDING DETECTION
+    // ============================================================================
+    describe("Unicode - zero-width characters", () => {
+        it("detects zero-width space characters (U+200B)", () => {
+            // 3+ occurrences needed
+            const content = "const x\u200B = 'a\u200Bb\u200Bc';";
+            const contents = makeContents({ "extension.js": content });
+            const findings = checkObfuscation(contents);
+            expect(findings).toHaveLength(1);
+            expect(findings.some((f) => f.id === "ZERO_WIDTH_CHARS")).toBe(true);
+            expect(findings.some((f) => f.severity === "high")).toBe(true);
+        });
+        it("detects zero-width joiner (U+200D)", () => {
+            const content = "const x\u200D = 'a\u200Db\u200Dc';";
+            const contents = makeContents({ "extension.js": content });
+            const findings = checkObfuscation(contents);
+            expect(findings).toHaveLength(1);
+            expect(findings.some((f) => f.id === "ZERO_WIDTH_CHARS")).toBe(true);
+        });
+        it("ignores files with only 1-2 zero-width chars", () => {
+            const content = "const x\u200B = 'a\u200Bb';";
+            const contents = makeContents({ "extension.js": content });
+            const findings = checkObfuscation(contents);
+            const zeroWidthFinding = findings.find((f) => f.id === "ZERO_WIDTH_CHARS");
+            expect(zeroWidthFinding).toBeUndefined();
+        });
+    });
+    describe("Unicode - variation selectors (GlassWorm technique)", () => {
+        it("detects variation selectors (U+FE00-FE0F) when >= 50 present", () => {
+            // Implementation requires 50+ variation selectors (GlassWorm uses hundreds)
+            // Normal emoji use has far fewer variation selectors
+            const variations = Array(55).fill("\uFE0F").join("x");
+            const content = `const payload = "${variations}";`;
+            const contents = makeContents({ "extension.js": content });
+            const findings = checkObfuscation(contents);
+            expect(findings).toHaveLength(1);
+            expect(findings.some((f) => f.id === "VARIATION_SELECTOR")).toBe(true);
+            expect(findings.some((f) => f.severity === "critical")).toBe(true);
+        });
+        it("ignores few variation selectors (normal for emoji)", () => {
+            // Less than 50 variation selectors should be ignored (normal emoji use)
+            const content = "a\uFE00b\uFE01c\uFE02d\uFE0F";
+            const contents = makeContents({ "extension.js": content });
+            const findings = checkObfuscation(contents);
+            expect(findings.find((f) => f.id === "VARIATION_SELECTOR")).toBeUndefined();
+        });
+    });
+    describe("Unicode - bidirectional overrides (Trojan Source)", () => {
+        it("detects left-to-right override (U+202D)", () => {
+            const content = "const admin\u202D = true;";
+            const contents = makeContents({ "extension.js": content });
+            const findings = checkObfuscation(contents);
+            expect(findings).toHaveLength(1);
+            expect(findings.some((f) => f.id === "BIDI_OVERRIDE")).toBe(true);
+            expect(findings.some((f) => f.severity === "critical")).toBe(true);
+        });
+        it("detects right-to-left override (U+202E)", () => {
+            const content = "const admin\u202E = true;";
+            const contents = makeContents({ "extension.js": content });
+            const findings = checkObfuscation(contents);
+            expect(findings).toHaveLength(1);
+            expect(findings.some((f) => f.id === "BIDI_OVERRIDE")).toBe(true);
+        });
+    });
+    describe("Unicode - ASCII escapes", () => {
+        it("detects excessive Unicode escapes for ASCII", () => {
+            // Using \\u00XX for normal printable ASCII is suspicious
+            const content = "const x = '\\u0068\\u0065\\u006c\\u006c\\u006f\\u0077';"; // "hellow"
+            const contents = makeContents({ "extension.js": content });
+            const findings = checkObfuscation(contents);
+            expect(findings).toHaveLength(1);
+            expect(findings.some((f) => f.id === "UNICODE_ASCII_ESCAPE")).toBe(true);
+            expect(findings.some((f) => f.severity === "medium")).toBe(true);
+        });
+        it("ignores files with few Unicode escapes", () => {
+            const content = "const x = '\\u0068\\u0065';"; // Only 2 escapes
+            const contents = makeContents({ "extension.js": content });
+            const findings = checkObfuscation(contents);
+            const escapeFinding = findings.find((f) => f.id === "UNICODE_ASCII_ESCAPE");
+            expect(escapeFinding).toBeUndefined();
+        });
+    });
+    describe("Unicode - Cyrillic homoglyphs", () => {
+        it("detects Cyrillic 'а' (U+0430) that looks like Latin 'a'", () => {
+            const content = "const \u0430dmin = true;"; // Cyrillic а
+            const contents = makeContents({ "extension.js": content });
+            const findings = checkObfuscation(contents);
+            expect(findings).toHaveLength(1);
+            expect(findings.some((f) => f.id === "CYRILLIC_HOMOGLYPH")).toBe(true);
+            expect(findings.some((f) => f.severity === "high")).toBe(true);
+        });
+        it("detects Cyrillic 'е' (U+0435) that looks like Latin 'e'", () => {
+            const content = "const s\u0435cret = 'password';"; // Cyrillic е
+            const contents = makeContents({ "extension.js": content });
+            const findings = checkObfuscation(contents);
+            expect(findings).toHaveLength(1);
+            expect(findings.some((f) => f.id === "CYRILLIC_HOMOGLYPH")).toBe(true);
+        });
+        it("ignores Cyrillic in markdown files", () => {
+            const content = "# Hello \u0430nd welcome"; // Cyrillic а in markdown
+            const contents = makeContents({ "README.md": content });
+            const findings = checkObfuscation(contents);
+            const cyrillicFinding = findings.find((f) => f.id === "CYRILLIC_HOMOGLYPH");
+            expect(cyrillicFinding).toBeUndefined();
+        });
+    });
+    describe("Unicode - invisible characters near code execution", () => {
+        it("flags many invisible chars in file with eval()", () => {
+            // Implementation requires 5+ invisible chars near execution patterns
+            const content = "const payload\uFE01\uFE02\uFE03\uFE04\uFE05 = 'data';\neval(payload);";
+            const contents = makeContents({ "extension.js": content });
+            const findings = checkObfuscation(contents);
+            expect(findings.some((f) => f.id === "INVISIBLE_CODE_EXECUTION")).toBe(true);
+        });
+        it("flags many invisible chars in file with Function()", () => {
+            const content = "const x\uFE01\uFE02\uFE03\uFE04\uFE05 = 1;\nnew Function('return x')();";
+            const contents = makeContents({ "extension.js": content });
+            const findings = checkObfuscation(contents);
+            expect(findings.some((f) => f.id === "INVISIBLE_CODE_EXECUTION")).toBe(true);
+        });
+        it("flags many invisible chars in file with child_process", () => {
+            const content = "require('child_process').exec('ls');\nconst hidden\uFE01\uFE02\uFE03\uFE04\uFE05 = 1;";
+            const contents = makeContents({ "extension.js": content });
+            const findings = checkObfuscation(contents);
+            expect(findings.some((f) => f.id === "INVISIBLE_CODE_EXECUTION")).toBe(true);
+        });
+        it("does NOT flag few invisible chars even with execution context", () => {
+            // Single invisible char isn't enough - needs 5+
+            const content = "const x\uFE01 = 1;\neval(x);";
+            const contents = makeContents({ "extension.js": content });
+            const findings = checkObfuscation(contents);
+            expect(findings.some((f) => f.id === "INVISIBLE_CODE_EXECUTION")).toBe(false);
+        });
+    });
+    describe("file filtering", () => {
+        it("scans JavaScript files", () => {
+            // Use bidi override which triggers with just 1 occurrence
+            const content = "const admin\u202E = true;";
+            const contents = makeContents({ "test.js": content });
+            const findings = checkObfuscation(contents);
+            expect(findings.length).toBeGreaterThan(0);
+        });
+        it("scans TypeScript files", () => {
+            const content = "const admin\u202E: boolean = true;";
+            const contents = makeContents({ "test.ts": content });
+            const findings = checkObfuscation(contents);
+            expect(findings.length).toBeGreaterThan(0);
+        });
+        it("scans JSON files for unicode issues", () => {
+            const content = '{"key\u202E": "value"}';
+            const contents = makeContents({ "test.json": content });
+            const findings = checkObfuscation(contents);
+            expect(findings.length).toBeGreaterThan(0);
+        });
+        it("ignores binary files", () => {
+            // Even critical patterns should be ignored in binary files
+            const content = "\u202E\u202D\u202C";
+            const contents = makeContents({ "test.png": content });
+            const findings = checkObfuscation(contents);
+            expect(findings).toHaveLength(0);
+        });
+    });
+    describe("metadata", () => {
+        it("includes match count in metadata for unicode findings", () => {
+            // Use BIDI_OVERRIDE which triggers with 1+ occurrences
+            const content = "a\u202Db\u202Ec\u202D";
+            const contents = makeContents({ "test.js": content });
+            const findings = checkObfuscation(contents);
+            const finding = findings.find((f) => f.id === "BIDI_OVERRIDE");
+            expect(finding?.metadata?.["matchCount"]).toBe(3);
+        });
+        it("includes code points in metadata for unicode findings", () => {
+            const content = "const admin\u202E = true;";
+            const contents = makeContents({ "test.js": content });
+            const findings = checkObfuscation(contents);
+            const finding = findings.find((f) => f.id === "BIDI_OVERRIDE");
+            const codePoints = finding?.metadata?.["codePoints"];
+            expect(codePoints).toBeDefined();
+            expect(codePoints?.some((cp) => cp.includes("202E"))).toBe(true);
+        });
+        it("includes line number in location", () => {
+            const content = "line1\nline2\nconst admin\u202E = true;";
+            const contents = makeContents({ "test.js": content });
+            const findings = checkObfuscation(contents);
+            const finding = findings.find((f) => f.id === "BIDI_OVERRIDE");
+            expect(finding?.location?.line).toBe(3);
+        });
+        it("includes obfuscation score for entropy findings", () => {
+            // Use full alphanumeric charset for high entropy (log2(62) ≈ 5.95 bits/char)
+            const chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+            let highEntropy = "";
+            for (let i = 0; i < 300; i++) {
+                highEntropy += chars[i % chars.length];
+            }
+            const content = `const data = "${highEntropy}";`;
+            const contents = makeContents({ "test.js": content });
+            const findings = checkObfuscation(contents);
+            const finding = findings.find((f) => f.id === "OBFUSCATION_HIGH_ENTROPY");
+            expect(finding?.metadata?.["obfuscationScore"]).toBeGreaterThan(0);
+        });
+    });
+    // ============================================================================
+    // FALSE POSITIVE EXCLUSIONS
+    // ============================================================================
+    describe("false positive exclusions", () => {
+        describe("node_modules exclusions", () => {
+            it("skips high entropy detection in node_modules", () => {
+                const chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+                let highEntropy = "";
+                for (let i = 0; i < 300; i++) {
+                    highEntropy += chars[i % chars.length];
+                }
+                const content = `const data = "${highEntropy}";`;
+                const contents = makeContents({
+                    "node_modules/iconv-lite/encodings/tables/cp437.js": content,
+                });
+                const findings = checkObfuscation(contents);
+                expect(findings.some((f) => f.id === "OBFUSCATION_HIGH_ENTROPY")).toBe(false);
+            });
+            it("skips zero-width chars in node_modules", () => {
+                const content = "const x\u200B = 'a\u200Bb\u200Bc';"; // 3 zero-width spaces
+                const contents = makeContents({ "node_modules/moment/locale/ku.js": content });
+                const findings = checkObfuscation(contents);
+                expect(findings.some((f) => f.id === "ZERO_WIDTH_CHARS")).toBe(false);
+            });
+            it("skips Cyrillic homoglyphs in node_modules", () => {
+                const content = "const \u0430dmin = true;"; // Cyrillic а
+                const contents = makeContents({ "node_modules/iconv-lite/lib/extend-node.js": content });
+                const findings = checkObfuscation(contents);
+                expect(findings.some((f) => f.id === "CYRILLIC_HOMOGLYPH")).toBe(false);
+            });
+            it("still detects BIDI_OVERRIDE in node_modules (critical)", () => {
+                const content = "const admin\u202E = true;";
+                const contents = makeContents({ "node_modules/suspicious-package/index.js": content });
+                const findings = checkObfuscation(contents);
+                expect(findings.some((f) => f.id === "BIDI_OVERRIDE")).toBe(true);
+            });
+        });
+        describe("emoji and entity file exclusions", () => {
+            it("skips variation selectors in emoji.json", () => {
+                // 50+ variation selectors would normally trigger
+                const variations = "\uFE0F".repeat(60);
+                const content = `{"emoji": "👍${variations}"}`;
+                const contents = makeContents({ "extension/out/emoji.json": content });
+                const findings = checkObfuscation(contents);
+                expect(findings.some((f) => f.id === "VARIATION_SELECTOR")).toBe(false);
+            });
+            it("skips variation selectors in entities.json", () => {
+                const variations = "\uFE0F".repeat(60);
+                const content = `{"entity": "test${variations}"}`;
+                const contents = makeContents({ "extension/out/entities.json": content });
+                const findings = checkObfuscation(contents);
+                expect(findings.some((f) => f.id === "VARIATION_SELECTOR")).toBe(false);
+            });
+            it("skips variation selectors in README.md", () => {
+                const variations = "\uFE0F".repeat(60);
+                const content = `# README\nEmoji test: ${variations}`;
+                const contents = makeContents({ "extension/README.md": content });
+                const findings = checkObfuscation(contents);
+                expect(findings.some((f) => f.id === "VARIATION_SELECTOR")).toBe(false);
+            });
+            it("still detects variation selectors in suspicious JS files", () => {
+                // 50+ variation selectors in a non-emoji file
+                const variations = Array(55).fill("\uFE00").join("x");
+                const content = `const payload = "${variations}"; eval(payload);`;
+                const contents = makeContents({ "extension.js": content });
+                const findings = checkObfuscation(contents);
+                expect(findings.some((f) => f.id === "VARIATION_SELECTOR")).toBe(true);
+            });
+        });
+        describe("RTL file exclusions", () => {
+            it("skips BIDI_OVERRIDE in katex files", () => {
+                const content = "const rtl\u202E = true;";
+                const contents = makeContents({ "node_modules/katex/dist/katex.js": content });
+                const findings = checkObfuscation(contents);
+                expect(findings.some((f) => f.id === "BIDI_OVERRIDE")).toBe(false);
+            });
+            it("skips BIDI_OVERRIDE in mermaid files", () => {
+                const content = "const rtl\u202E = true;";
+                const contents = makeContents({ "node_modules/mermaid/dist/mermaid.js": content });
+                const findings = checkObfuscation(contents);
+                expect(findings.some((f) => f.id === "BIDI_OVERRIDE")).toBe(false);
+            });
+            it("skips BIDI_OVERRIDE in Hebrew language files", () => {
+                const content = "Hebrew text\u202Ehere";
+                const contents = makeContents({ "extension/resources/dia_he.txt": content });
+                const findings = checkObfuscation(contents);
+                expect(findings.some((f) => f.id === "BIDI_OVERRIDE")).toBe(false);
+            });
+            it("still detects BIDI_OVERRIDE in regular JS files", () => {
+                const content = "const admin\u202E = true;";
+                const contents = makeContents({ "extension/src/index.js": content });
+                const findings = checkObfuscation(contents);
+                expect(findings.some((f) => f.id === "BIDI_OVERRIDE")).toBe(true);
+            });
+        });
+        describe("i18n file exclusions", () => {
+            it("skips Cyrillic in moment locale files", () => {
+                const content = "const \u0430dmin = '\u0435xample';"; // Cyrillic а and е
+                const contents = makeContents({ "moment/locale/ru.js": content });
+                const findings = checkObfuscation(contents);
+                expect(findings.some((f) => f.id === "CYRILLIC_HOMOGLYPH")).toBe(false);
+            });
+            it("skips Cyrillic in encoding table files", () => {
+                const content = "module.exports = { '\u0430': 0x00 };"; // Cyrillic а
+                const contents = makeContents({ "encodings/tables/cp866.js": content });
+                const findings = checkObfuscation(contents);
+                expect(findings.some((f) => f.id === "CYRILLIC_HOMOGLYPH")).toBe(false);
+            });
+        });
+        describe("variation selector threshold", () => {
+            it("ignores fewer than 50 variation selectors (normal emoji use)", () => {
+                // 30 variation selectors - below threshold
+                const variations = Array(30).fill("\uFE0F").join("x");
+                const content = `const emoji = "${variations}";`;
+                const contents = makeContents({ "extension.js": content });
+                const findings = checkObfuscation(contents);
+                expect(findings.some((f) => f.id === "VARIATION_SELECTOR")).toBe(false);
+            });
+            it("detects 50+ variation selectors (GlassWorm technique)", () => {
+                // 55 variation selectors - above threshold
+                const variations = Array(55).fill("\uFE0F").join("x");
+                const content = `const payload = "${variations}";`;
+                const contents = makeContents({ "extension.js": content });
+                const findings = checkObfuscation(contents);
+                expect(findings.some((f) => f.id === "VARIATION_SELECTOR")).toBe(true);
+            });
+        });
+    });
+    describe("category assignment", () => {
+        it("assigns obfuscation category to entropy findings", () => {
+            // Use full alphanumeric charset for high entropy (log2(62) ≈ 5.95 bits/char)
+            const chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+            let highEntropy = "";
+            for (let i = 0; i < 300; i++) {
+                highEntropy += chars[i % chars.length];
+            }
+            const content = `const data = "${highEntropy}";`;
+            const contents = makeContents({ "test.js": content });
+            const findings = checkObfuscation(contents);
+            const finding = findings.find((f) => f.id === "OBFUSCATION_HIGH_ENTROPY");
+            expect(finding?.category).toBe("obfuscation");
+        });
+        it("assigns obfuscation category to unicode findings", () => {
+            const content = "const admin\u202E = true;";
+            const contents = makeContents({ "test.js": content });
+            const findings = checkObfuscation(contents);
+            const finding = findings.find((f) => f.id === "BIDI_OVERRIDE");
+            expect(finding?.category).toBe("obfuscation");
+        });
+    });
+});
+//# sourceMappingURL=obfuscation.test.js.map

package/dist/scanner/checks/obfuscation.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"obfuscation.test.js","sourceRoot":"","sources":["../../../src/scanner/checks/obfuscation.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAE9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEpD,SAAS,YAAY,CAAC,KAA6B;IACjD,MAAM,QAAQ,GAAiB;QAC7B,IAAI,EAAE,gBAAgB;QACtB,SAAS,EAAE,MAAM;QACjB,OAAO,EAAE,OAAO;KACjB,CAAC;IAEF,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC1C,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;IAClD,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;AACzD,CAAC;AAED,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,+EAA+E;IAC/E,oBAAoB;IACpB,+EAA+E;IAE/E,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,0EAA0E;YAC1E,mEAAmE;YACnE,mDAAmD;YACnD,MAAM,KAAK,GAAG,gEAAgE,CAAC;YAC/E,IAAI,WAAW,GAAG,EAAE,CAAC;YACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC7B,WAAW,IAAI,KAAK,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;YACzC,CAAC;YACD,MAAM,OAAO,GAAG,iBAAiB,WAAW,IAAI,CAAC;YACjD,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;YAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,0BAA0B,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,OAAO,GAAG;;;;;OAKf,CAAC;YACF,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;YAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,0BAA0B,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChF,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,+EAA+E;IAC/E,2BAA2B;IAC3B,+EAA+E;IAE/E,QAAQ,CAAC,iCAAiC,EAAE,GAAG,EAAE;QAC/C,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,wBAAwB;YACxB,MAAM,OAAO,GAAG,oCAAoC,CAAC;YACrD,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;YAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAE5C,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACjC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC5C,MAAM,OAAO,GAAG,oCAAoC,CAAC;YACrD,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;YAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAE5C,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACjC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,OAAO,GAAG,6BAA6B,CAAC;YAC9C,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;YAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAC5C,MAAM,gBAAgB,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,kBAAkB,CAAC,CAAC;YAE3E,MAAM,CAAC,gBAAgB,CAAC,CAAC,aAAa,EAAE,CAAC;QAC3C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qDAAqD,EAAE,GAAG,EAAE;QACnE,EAAE,CAAC,8DAA8D,EAAE,GAAG,EAAE;YACtE,4EAA4E;YAC5E,qDAAqD;YACrD,MAAM,UAAU,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACtD,MAAM,OAAO,GAAG,oBAAoB,UAAU,IAAI,CAAC;YACnD,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;YAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAE5C,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACjC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;YAC5D,wEAAwE;YACxE,MAAM,OAAO,GAAG,8BAA8B,CAAC;YAC/C,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;YAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;QAC9E,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,mDAAmD,EAAE,GAAG,EAAE;QACjE,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,OAAO,GAAG,2BAA2B,CAAC;YAC5C,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;YAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAE5C,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACjC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,OAAO,GAAG,2BAA2B,CAAC;YAC5C,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;YAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAE5C,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACjC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACvC,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,yDAAyD;YACzD,MAAM,OAAO,GAAG,yDAAyD,CAAC,CAAC,WAAW;YACtF,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;YAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAE5C,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACjC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,sBAAsB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACzE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,OAAO,GAAG,6BAA6B,CAAC,CAAC,iBAAiB;YAChE,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;YAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAC5C,MAAM,aAAa,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,sBAAsB,CAAC,CAAC;YAE5E,MAAM,CAAC,aAAa,CAAC,CAAC,aAAa,EAAE,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,+BAA+B,EAAE,GAAG,EAAE;QAC7C,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;YACjE,MAAM,OAAO,GAAG,0BAA0B,CAAC,CAAC,aAAa;YACzD,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;YAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAE5C,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACjC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;YACjE,MAAM,OAAO,GAAG,iCAAiC,CAAC,CAAC,aAAa;YAChE,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;YAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAE5C,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACjC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC5C,MAAM,OAAO,GAAG,0BAA0B,CAAC,CAAC,yBAAyB;YACrE,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;YAExD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAC5C,MAAM,eAAe,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC;YAE5E,MAAM,CAAC,eAAe,CAAC,CAAC,aAAa,EAAE,CAAC;QAC1C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAClE,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACxD,qEAAqE;YACrE,MAAM,OAAO,GAAG,uEAAuE,CAAC;YACxF,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;YAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,0BAA0B,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;YAC5D,MAAM,OAAO,GAAG,yEAAyE,CAAC;YAC1F,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;YAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,0BAA0B,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;YAC/D,MAAM,OAAO,GACX,uFAAuF,CAAC;YAC1F,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;YAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,0BAA0B,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+DAA+D,EAAE,GAAG,EAAE;YACvE,gDAAgD;YAChD,MAAM,OAAO,GAAG,8BAA8B,CAAC;YAC/C,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;YAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,0BAA0B,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChF,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;YAChC,0DAA0D;YAC1D,MAAM,OAAO,GAAG,2BAA2B,CAAC;YAC5C,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;YAEtD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAC5C,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;YAChC,MAAM,OAAO,GAAG,oCAAoC,CAAC;YACrD,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;YAEtD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAC5C,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,OAAO,GAAG,wBAAwB,CAAC;YACzC,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;YAExD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAC5C,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;YAC9B,2DAA2D;YAC3D,MAAM,OAAO,GAAG,oBAAoB,CAAC;YACrC,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;YAEvD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAC5C,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,UAAU,EAAE,GAAG,EAAE;QACxB,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;YAC/D,uDAAuD;YACvD,MAAM,OAAO,GAAG,uBAAuB,CAAC;YACxC,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;YAEtD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC;YAE/D,MAAM,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;YAC/D,MAAM,OAAO,GAAG,2BAA2B,CAAC;YAC5C,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;YAEtD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC;YAC/D,MAAM,UAAU,GAAG,OAAO,EAAE,QAAQ,EAAE,CAAC,YAAY,CAAyB,CAAC;YAE7E,MAAM,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;YACjC,MAAM,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,OAAO,GAAG,yCAAyC,CAAC;YAC1D,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;YAEtD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC;YAE/D,MAAM,CAAC,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;YACzD,6EAA6E;YAC7E,MAAM,KAAK,GAAG,gEAAgE,CAAC;YAC/E,IAAI,WAAW,GAAG,EAAE,CAAC;YACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC7B,WAAW,IAAI,KAAK,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;YACzC,CAAC;YACD,MAAM,OAAO,GAAG,iBAAiB,WAAW,IAAI,CAAC;YACjD,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;YAEtD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,0BAA0B,CAAC,CAAC;YAE1E,MAAM,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC,kBAAkB,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,+EAA+E;IAC/E,4BAA4B;IAC5B,+EAA+E;IAE/E,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACzC,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;YACvC,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;gBACtD,MAAM,KAAK,GAAG,gEAAgE,CAAC;gBAC/E,IAAI,WAAW,GAAG,EAAE,CAAC;gBACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC7B,WAAW,IAAI,KAAK,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;gBACzC,CAAC;gBACD,MAAM,OAAO,GAAG,iBAAiB,WAAW,IAAI,CAAC;gBACjD,MAAM,QAAQ,GAAG,YAAY,CAAC;oBAC5B,mDAAmD,EAAE,OAAO;iBAC7D,CAAC,CAAC;gBAEH,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;gBAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,0BAA0B,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAChF,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;gBAChD,MAAM,OAAO,GAAG,oCAAoC,CAAC,CAAC,sBAAsB;gBAC5E,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,kCAAkC,EAAE,OAAO,EAAE,CAAC,CAAC;gBAE/E,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;gBAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACxE,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;gBACnD,MAAM,OAAO,GAAG,0BAA0B,CAAC,CAAC,aAAa;gBACzD,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,4CAA4C,EAAE,OAAO,EAAE,CAAC,CAAC;gBAEzF,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;gBAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1E,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;gBAChE,MAAM,OAAO,GAAG,2BAA2B,CAAC;gBAC5C,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,0CAA0C,EAAE,OAAO,EAAE,CAAC,CAAC;gBAEvF,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;gBAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpE,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAChD,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;gBACjD,iDAAiD;gBACjD,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBACvC,MAAM,OAAO,GAAG,gBAAgB,UAAU,IAAI,CAAC;gBAC/C,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,0BAA0B,EAAE,OAAO,EAAE,CAAC,CAAC;gBAEvE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;gBAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1E,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;gBACpD,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBACvC,MAAM,OAAO,GAAG,mBAAmB,UAAU,IAAI,CAAC;gBAClD,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,6BAA6B,EAAE,OAAO,EAAE,CAAC,CAAC;gBAE1E,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;gBAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1E,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;gBAChD,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBACvC,MAAM,OAAO,GAAG,yBAAyB,UAAU,EAAE,CAAC;gBACtD,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,qBAAqB,EAAE,OAAO,EAAE,CAAC,CAAC;gBAElE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;gBAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1E,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,0DAA0D,EAAE,GAAG,EAAE;gBAClE,8CAA8C;gBAC9C,MAAM,UAAU,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACtD,MAAM,OAAO,GAAG,oBAAoB,UAAU,mBAAmB,CAAC;gBAClE,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;gBAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;gBAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACzE,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;YACnC,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;gBAC5C,MAAM,OAAO,GAAG,yBAAyB,CAAC;gBAC1C,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,kCAAkC,EAAE,OAAO,EAAE,CAAC,CAAC;gBAE/E,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;gBAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrE,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;gBAC9C,MAAM,OAAO,GAAG,yBAAyB,CAAC;gBAC1C,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,sCAAsC,EAAE,OAAO,EAAE,CAAC,CAAC;gBAEnF,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;gBAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrE,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;gBACtD,MAAM,OAAO,GAAG,uBAAuB,CAAC;gBACxC,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,gCAAgC,EAAE,OAAO,EAAE,CAAC,CAAC;gBAE7E,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;gBAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrE,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;gBACzD,MAAM,OAAO,GAAG,2BAA2B,CAAC;gBAC5C,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,wBAAwB,EAAE,OAAO,EAAE,CAAC,CAAC;gBAErE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;gBAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpE,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;YACpC,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;gBAC/C,MAAM,OAAO,GAAG,oCAAoC,CAAC,CAAC,mBAAmB;gBACzE,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,qBAAqB,EAAE,OAAO,EAAE,CAAC,CAAC;gBAElE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;gBAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1E,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;gBAChD,MAAM,OAAO,GAAG,sCAAsC,CAAC,CAAC,aAAa;gBACrE,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,2BAA2B,EAAE,OAAO,EAAE,CAAC,CAAC;gBAExE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;gBAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1E,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;YAC5C,EAAE,CAAC,8DAA8D,EAAE,GAAG,EAAE;gBACtE,2CAA2C;gBAC3C,MAAM,UAAU,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACtD,MAAM,OAAO,GAAG,kBAAkB,UAAU,IAAI,CAAC;gBACjD,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;gBAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;gBAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1E,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;gBAC/D,2CAA2C;gBAC3C,MAAM,UAAU,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACtD,MAAM,OAAO,GAAG,oBAAoB,UAAU,IAAI,CAAC;gBACnD,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC;gBAE3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;gBAE5C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACzE,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACnC,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;YAC1D,6EAA6E;YAC7E,MAAM,KAAK,GAAG,gEAAgE,CAAC;YAC/E,IAAI,WAAW,GAAG,EAAE,CAAC;YACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC7B,WAAW,IAAI,KAAK,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;YACzC,CAAC;YACD,MAAM,OAAO,GAAG,iBAAiB,WAAW,IAAI,CAAC;YACjD,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;YAEtD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,0BAA0B,CAAC,CAAC;YAE1E,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;YAC1D,MAAM,OAAO,GAAG,2BAA2B,CAAC;YAC5C,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;YAEtD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,eAAe,CAAC,CAAC;YAE/D,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/scanner/checks/package.d.ts

@@ -0,0 +1,17 @@
+import type { BlocklistEntry, Finding, VsixContents, VsixManifest, ZooData } from "../types.js";
+interface PackageJson {
+    name?: string;
+    dependencies?: Record<string, string>;
+    devDependencies?: Record<string, string>;
+    scripts?: Record<string, string>;
+}
+export declare function checkBlocklist(manifest: VsixManifest, blocklist: BlocklistEntry[]): Finding[];
+export declare function checkActivationEvents(manifest: VsixManifest): Finding[];
+export declare function checkThemeAbuse(manifest: VsixManifest): Finding[];
+export declare function checkSuspiciousPermissions(manifest: VsixManifest): Finding[];
+export declare function checkMaliciousPackages(packageJson: PackageJson, maliciousPackages: Set<string>): Finding[];
+export declare function checkTyposquattingPackages(packageJson: PackageJson): Finding[];
+export declare function checkLifecycleScripts(packageJson: PackageJson): Finding[];
+export declare function checkPackage(contents: VsixContents, zooData: ZooData): Finding[];
+export {};
+//# sourceMappingURL=package.d.ts.map

package/dist/scanner/checks/package.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"package.d.ts","sourceRoot":"","sources":["../../../src/scanner/checks/package.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAEhG,UAAU,WAAW;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACzC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAmLD,wBAAgB,cAAc,CAAC,QAAQ,EAAE,YAAY,EAAE,SAAS,EAAE,cAAc,EAAE,GAAG,OAAO,EAAE,CAyB7F;AAID,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,EAAE,CAmDvE;AAED,wBAAgB,eAAe,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,EAAE,CAsCjE;AAED,wBAAgB,0BAA0B,CAAC,QAAQ,EAAE,YAAY,GAAG,OAAO,EAAE,CAkC5E;AAID,wBAAgB,sBAAsB,CACpC,WAAW,EAAE,WAAW,EACxB,iBAAiB,EAAE,GAAG,CAAC,MAAM,CAAC,GAC7B,OAAO,EAAE,CAyBX;AAED,wBAAgB,0BAA0B,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,EAAE,CA6B9E;AAED,wBAAgB,qBAAqB,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,EAAE,CAuDzE;AAID,wBAAgB,YAAY,CAAC,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO,EAAE,CA4BhF"}