@trailofbits/vsix-audit 0.1.0

package/dist/scanner/checks/yara.js

@@ -0,0 +1,349 @@
+import { execFile } from "node:child_process";
+import { access, readdir, writeFile, rm } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+import { promisify } from "node:util";
+/**
+ * Binary file extensions that should be skipped for YARA scanning.
+ * These cause false positives because YARA pattern matching on binary
+ * content often matches arbitrary byte sequences.
+ */
+const BINARY_EXTENSIONS = new Set([
+    // Java
+    ".jar",
+    ".class",
+    ".war",
+    ".ear",
+    // Compiled
+    ".wasm",
+    ".pyc",
+    ".pyo",
+    // Images
+    ".png",
+    ".jpg",
+    ".jpeg",
+    ".gif",
+    ".bmp",
+    ".ico",
+    ".webp",
+    ".svg",
+    ".tiff",
+    ".tif",
+    // Fonts
+    ".ttf",
+    ".otf",
+    ".woff",
+    ".woff2",
+    ".eot",
+    // Audio/Video
+    ".mp3",
+    ".mp4",
+    ".wav",
+    ".ogg",
+    ".webm",
+    ".avi",
+    // Archives
+    ".zip",
+    ".tar",
+    ".gz",
+    ".bz2",
+    ".xz",
+    ".7z",
+    ".rar",
+    // Documents
+    ".pdf",
+    // Native binaries (scanned separately by checkNativeFiles)
+    ".node",
+    ".dll",
+    ".dylib",
+    ".so",
+    ".exe",
+    // Other binary
+    ".bin",
+    ".dat",
+]);
+/**
+ * Check if a file should be skipped for YARA scanning
+ */
+function shouldSkipForYara(filename) {
+    const ext = filename.slice(filename.lastIndexOf(".")).toLowerCase();
+    return BINARY_EXTENSIONS.has(ext);
+}
+const execFileAsync = promisify(execFile);
+const __dirname = dirname(fileURLToPath(import.meta.url));
+/**
+ * Find the YARA rules directory, checking multiple locations.
+ * Priority:
+ * 1. VSIX_AUDIT_ZOO_PATH environment variable + /signatures/yara
+ * 2. Development: ../../../zoo/signatures/yara relative to module
+ * 3. Installed: ../../zoo/signatures/yara relative to dist
+ */
+async function findYaraRulesDir() {
+    // Check environment variable first
+    const envPath = process.env["VSIX_AUDIT_ZOO_PATH"];
+    if (envPath) {
+        return join(envPath, "signatures", "yara");
+    }
+    // Development path: src/scanner/checks -> zoo/signatures/yara
+    const devPath = join(__dirname, "..", "..", "..", "zoo", "signatures", "yara");
+    try {
+        await access(devPath);
+        return devPath;
+    }
+    catch {
+        // Not found, try installed path
+    }
+    // Installed path: dist/scanner/checks -> zoo/signatures/yara
+    const installedPath = join(__dirname, "..", "..", "zoo", "signatures", "yara");
+    try {
+        await access(installedPath);
+        return installedPath;
+    }
+    catch {
+        // Fall back to dev path (will error with helpful message later)
+        return devPath;
+    }
+}
+// Cached result of findYaraRulesDir
+let cachedYaraRulesDir;
+/**
+ * Get the default YARA rules directory (cached)
+ */
+export async function getDefaultYaraRulesDir() {
+    if (!cachedYaraRulesDir) {
+        cachedYaraRulesDir = await findYaraRulesDir();
+    }
+    return cachedYaraRulesDir;
+}
+// For backwards compatibility - returns a path that may not exist until findYaraRulesDir is called
+export const DEFAULT_YARA_RULES_DIR = join(__dirname, "..", "..", "..", "zoo", "signatures", "yara");
+/**
+ * Check if YARA-X is installed and available
+ */
+export async function isYaraAvailable() {
+    try {
+        const { stdout } = await execFileAsync("yr", ["--version"]);
+        return stdout.trim().length > 0;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Get YARA-X version string
+ */
+export async function getYaraVersion() {
+    try {
+        const { stdout } = await execFileAsync("yr", ["--version"]);
+        return stdout.trim();
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * List all YARA rule files in a directory
+ */
+export async function listYaraRules(rulesDir) {
+    try {
+        const entries = await readdir(rulesDir);
+        return entries.filter((f) => f.endsWith(".yar") || f.endsWith(".yara"));
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * Parse YARA output into structured matches
+ */
+function parseYaraOutput(output) {
+    const matches = [];
+    const lines = output.trim().split("\n").filter(Boolean);
+    for (const line of lines) {
+        // YARA output format: rule_name file_path
+        // With -s flag: rule_name file_path\n0xoffset:$string_name: string_content
+        const match = line.match(/^(\S+)\s+(.+)$/);
+        if (match) {
+            const [, rule, file] = match;
+            if (rule && file) {
+                matches.push({ rule, file });
+            }
+        }
+    }
+    return matches;
+}
+/**
+ * Cache for parsed YARA rule metadata to avoid re-reading files
+ */
+const ruleMetaCache = new Map();
+/**
+ * Parse YARA rule file and extract metadata for all rules
+ */
+async function parseRuleFile(ruleFile) {
+    if (ruleMetaCache.has(ruleFile)) {
+        return ruleMetaCache.get(ruleFile);
+    }
+    const { readFile } = await import("node:fs/promises");
+    const ruleMap = new Map();
+    try {
+        const content = await readFile(ruleFile, "utf8");
+        // Match rule blocks: rule NAME { meta: ... }
+        const rulePattern = /rule\s+(\w+)\s*\{[^}]*meta\s*:\s*([^}]+?)(?:strings|condition)\s*:/gs;
+        for (const match of content.matchAll(rulePattern)) {
+            const ruleName = match[1];
+            const metaBlock = match[2];
+            if (!ruleName || !metaBlock)
+                continue;
+            const meta = {};
+            // Extract severity from meta block
+            const severityMatch = metaBlock.match(/severity\s*=\s*["'](\w+)["']/);
+            if (severityMatch?.[1]) {
+                meta.severity = severityMatch[1];
+            }
+            // Extract description from meta block
+            const descMatch = metaBlock.match(/description\s*=\s*["']([^"']+)["']/);
+            if (descMatch?.[1]) {
+                meta.description = descMatch[1];
+            }
+            ruleMap.set(ruleName, meta);
+        }
+    }
+    catch {
+        // If we can't read the file, return empty map
+    }
+    ruleMetaCache.set(ruleFile, ruleMap);
+    return ruleMap;
+}
+/**
+ * Extract metadata from YARA rule file for a specific rule
+ */
+async function getRuleMeta(ruleFile, ruleName) {
+    const ruleMap = await parseRuleFile(ruleFile);
+    const meta = ruleMap.get(ruleName);
+    if (meta?.severity) {
+        return meta;
+    }
+    // Fallback: derive severity from rule name patterns
+    const result = {};
+    if (meta?.description) {
+        result.description = meta.description;
+    }
+    const lowerName = ruleName.toLowerCase();
+    if (lowerName.includes("critical") || lowerName.startsWith("mal_")) {
+        result.severity = "critical";
+    }
+    else if (lowerName.includes("stealth") ||
+        lowerName.startsWith("stealer_") ||
+        lowerName.startsWith("rat_") ||
+        lowerName.startsWith("c2_")) {
+        result.severity = "high";
+    }
+    else if (lowerName.startsWith("susp_") || lowerName.startsWith("loader_")) {
+        result.severity = "medium";
+    }
+    else {
+        result.severity = "medium"; // Default
+    }
+    return result;
+}
+/**
+ * Run YARA rules against extension contents
+ */
+export async function checkYara(contents, rulesDir) {
+    const findings = [];
+    const targetRulesDir = rulesDir ?? (await getDefaultYaraRulesDir());
+    // Check if YARA is available
+    const available = await isYaraAvailable();
+    if (!available) {
+        findings.push({
+            id: "YARA_NOT_INSTALLED",
+            title: "YARA-X scanner not available",
+            description: "YARA-X is not installed. Install with 'brew install yara-x' to enable advanced malware detection using signature rules.",
+            severity: "low",
+            category: "yara",
+            metadata: {
+                suggestion: "brew install yara-x",
+            },
+        });
+        return findings;
+    }
+    // Check if rules directory exists and has rules
+    const rules = await listYaraRules(targetRulesDir);
+    if (rules.length === 0) {
+        return findings;
+    }
+    // Create a temporary directory for scanning
+    const tempDir = join(tmpdir(), `vsix-audit-${Date.now()}`);
+    try {
+        // Write extension files to temp directory for YARA to scan
+        const { mkdir } = await import("node:fs/promises");
+        await mkdir(tempDir, { recursive: true });
+        for (const [filename, buffer] of contents.files) {
+            // Skip binary files that are too large
+            if (buffer.length > 10 * 1024 * 1024)
+                continue; // Skip files > 10MB
+            // Skip binary files that cause false positives
+            if (shouldSkipForYara(filename))
+                continue;
+            const filePath = join(tempDir, filename);
+            await mkdir(dirname(filePath), { recursive: true });
+            await writeFile(filePath, buffer);
+        }
+        // Run YARA against the temp directory with all rules
+        for (const ruleFile of rules) {
+            const rulePath = join(targetRulesDir, ruleFile);
+            try {
+                // Run YARA-X with recursive scanning
+                // Using execFile instead of exec to prevent command injection
+                const { stdout, stderr } = await execFileAsync("yr", ["scan", "-r", rulePath, tempDir], { maxBuffer: 10 * 1024 * 1024 });
+                if (stderr && !stderr.includes("warning")) {
+                    // YARA-X errors (not warnings) indicate rule issues
+                    continue;
+                }
+                const matches = parseYaraOutput(stdout);
+                for (const match of matches) {
+                    // Get rule metadata
+                    const meta = await getRuleMeta(rulePath, match.rule);
+                    // Convert temp path back to relative path
+                    const relativePath = match.file.replace(tempDir + "/", "");
+                    // Get file extension for metadata
+                    const fileExt = relativePath.slice(relativePath.lastIndexOf(".")).toLowerCase();
+                    findings.push({
+                        id: `YARA_${match.rule}`,
+                        title: `YARA rule match: ${match.rule}`,
+                        description: `YARA rule "${match.rule}" from ${ruleFile} matched this file. This indicates the file contains patterns associated with known malware or suspicious behavior.`,
+                        severity: meta.severity ?? "medium",
+                        category: "yara",
+                        location: {
+                            file: relativePath,
+                        },
+                        metadata: {
+                            rule: match.rule,
+                            ruleFile,
+                            fileType: fileExt,
+                        },
+                    });
+                }
+            }
+            catch (error) {
+                // YARA returns exit code 1 when no matches, which throws in exec
+                // Only log actual errors
+                if (error instanceof Error && !error.message.includes("exit code 1")) {
+                    // Silently ignore scan errors for individual rules
+                }
+            }
+        }
+    }
+    finally {
+        // Clean up temp directory
+        try {
+            await rm(tempDir, { recursive: true, force: true });
+        }
+        catch {
+            // Ignore cleanup errors
+        }
+    }
+    return findings;
+}
+//# sourceMappingURL=yara.js.map

package/dist/scanner/checks/yara.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"yara.js","sourceRoot":"","sources":["../../../src/scanner/checks/yara.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAClE,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAGtC;;;;GAIG;AACH,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,OAAO;IACP,MAAM;IACN,QAAQ;IACR,MAAM;IACN,MAAM;IACN,WAAW;IACX,OAAO;IACP,MAAM;IACN,MAAM;IACN,SAAS;IACT,MAAM;IACN,MAAM;IACN,OAAO;IACP,MAAM;IACN,MAAM;IACN,MAAM;IACN,OAAO;IACP,MAAM;IACN,OAAO;IACP,MAAM;IACN,QAAQ;IACR,MAAM;IACN,MAAM;IACN,OAAO;IACP,QAAQ;IACR,MAAM;IACN,cAAc;IACd,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,OAAO;IACP,MAAM;IACN,WAAW;IACX,MAAM;IACN,MAAM;IACN,KAAK;IACL,MAAM;IACN,KAAK;IACL,KAAK;IACL,MAAM;IACN,YAAY;IACZ,MAAM;IACN,2DAA2D;IAC3D,OAAO;IACP,MAAM;IACN,QAAQ;IACR,KAAK;IACL,MAAM;IACN,eAAe;IACf,MAAM;IACN,MAAM;CACP,CAAC,CAAC;AAEH;;GAEG;AACH,SAAS,iBAAiB,CAAC,QAAgB;IACzC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IACpE,OAAO,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAE1D;;;;;;GAMG;AACH,KAAK,UAAU,gBAAgB;IAC7B,mCAAmC;IACnC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACnD,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC,OAAO,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;IAC7C,CAAC;IAED,8DAA8D;IAC9D,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;IAC/E,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;QACtB,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,gCAAgC;IAClC,CAAC;IAED,6DAA6D;IAC7D,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;IAC/E,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAC5B,OAAO,aAAa,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,gEAAgE;QAChE,OAAO,OAAO,CAAC;IACjB,CAAC;AACH,CAAC;AAED,oCAAoC;AACpC,IAAI,kBAAsC,CAAC;AAE3C;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAC1C,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,kBAAkB,GAAG,MAAM,gBAAgB,EAAE,CAAC;IAChD,CAAC;IACD,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED,mGAAmG;AACnG,MAAM,CAAC,MAAM,sBAAsB,GAAG,IAAI,CACxC,SAAS,EACT,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,KAAK,EACL,YAAY,EACZ,MAAM,CACP,CAAC;AASF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;QAC5D,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;QAC5D,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,QAAgB;IAClD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAC;QACxC,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,MAAc;IACrC,MAAM,OAAO,GAAgB,EAAE,CAAC;IAChC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAExD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,0CAA0C;QAC1C,2EAA2E;QAC3E,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAC3C,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,KAAK,CAAC;YAC7B,IAAI,IAAI,IAAI,IAAI,EAAE,CAAC;gBACjB,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,aAAa,GAAG,IAAI,GAAG,EAAoE,CAAC;AAElG;;GAEG;AACH,KAAK,UAAU,aAAa,CAC1B,QAAgB;IAEhB,IAAI,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChC,OAAO,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAC;IACtC,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;IACtD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAuD,CAAC;IAE/E,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAEjD,6CAA6C;QAC7C,MAAM,WAAW,GAAG,sEAAsE,CAAC;QAE3F,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAClD,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAE3B,IAAI,CAAC,QAAQ,IAAI,CAAC,SAAS;gBAAE,SAAS;YAEtC,MAAM,IAAI,GAAgD,EAAE,CAAC;YAE7D,mCAAmC;YACnC,MAAM,aAAa,GAAG,SAAS,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;YACtE,IAAI,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACvB,IAAI,CAAC,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;YACnC,CAAC;YAED,sCAAsC;YACtC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;YACxE,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACnB,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;YAClC,CAAC;YAED,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,8CAA8C;IAChD,CAAC;IAED,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACrC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,WAAW,CACxB,QAAgB,EAChB,QAAgB;IAEhB,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAEnC,IAAI,IAAI,EAAE,QAAQ,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,oDAAoD;IACpD,MAAM,MAAM,GAAgD,EAAE,CAAC;IAC/D,IAAI,IAAI,EAAE,WAAW,EAAE,CAAC;QACtB,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;IACxC,CAAC;IAED,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACzC,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACnE,MAAM,CAAC,QAAQ,GAAG,UAAU,CAAC;IAC/B,CAAC;SAAM,IACL,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC;QAC7B,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC;QAChC,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC;QAC5B,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC,EAC3B,CAAC;QACD,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC;IAC3B,CAAC;SAAM,IAAI,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5E,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC,CAAC,UAAU;IACxC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,QAAsB,EAAE,QAAiB;IACvE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,cAAc,GAAG,QAAQ,IAAI,CAAC,MAAM,sBAAsB,EAAE,CAAC,CAAC;IAEpE,6BAA6B;IAC7B,MAAM,SAAS,GAAG,MAAM,eAAe,EAAE,CAAC;IAC1C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,oBAAoB;YACxB,KAAK,EAAE,8BAA8B;YACrC,WAAW,EACT,yHAAyH;YAC3H,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE;gBACR,UAAU,EAAE,qBAAqB;aAClC;SACF,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,gDAAgD;IAChD,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,cAAc,CAAC,CAAC;IAClD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,4CAA4C;IAC5C,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,EAAE,EAAE,cAAc,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAE3D,IAAI,CAAC;QACH,2DAA2D;QAC3D,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QACnD,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE1C,KAAK,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;YAChD,uCAAuC;YACvC,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI;gBAAE,SAAS,CAAC,oBAAoB;YAEpE,+CAA+C;YAC/C,IAAI,iBAAiB,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAE1C,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YACzC,MAAM,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACpD,MAAM,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACpC,CAAC;QAED,qDAAqD;QACrD,KAAK,MAAM,QAAQ,IAAI,KAAK,EAAE,CAAC;YAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;YAEhD,IAAI,CAAC;gBACH,qCAAqC;gBACrC,8DAA8D;gBAC9D,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAC5C,IAAI,EACJ,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,EACjC,EAAE,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,CAChC,CAAC;gBAEF,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC1C,oDAAoD;oBACpD,SAAS;gBACX,CAAC;gBAED,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;gBAExC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;oBAC5B,oBAAoB;oBACpB,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;oBAErD,0CAA0C;oBAC1C,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,GAAG,EAAE,EAAE,CAAC,CAAC;oBAE3D,kCAAkC;oBAClC,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;oBAEhF,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,QAAQ,KAAK,CAAC,IAAI,EAAE;wBACxB,KAAK,EAAE,oBAAoB,KAAK,CAAC,IAAI,EAAE;wBACvC,WAAW,EAAE,cAAc,KAAK,CAAC,IAAI,UAAU,QAAQ,qHAAqH;wBAC5K,QAAQ,EAAG,IAAI,CAAC,QAAmD,IAAI,QAAQ;wBAC/E,QAAQ,EAAE,MAAM;wBAChB,QAAQ,EAAE;4BACR,IAAI,EAAE,YAAY;yBACnB;wBACD,QAAQ,EAAE;4BACR,IAAI,EAAE,KAAK,CAAC,IAAI;4BAChB,QAAQ;4BACR,QAAQ,EAAE,OAAO;yBAClB;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,iEAAiE;gBACjE,yBAAyB;gBACzB,IAAI,KAAK,YAAY,KAAK,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;oBACrE,mDAAmD;gBACrD,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;YAAS,CAAC;QACT,0BAA0B;QAC1B,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/scanner/checks/yara.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=yara.test.d.ts.map

package/dist/scanner/checks/yara.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"yara.test.d.ts","sourceRoot":"","sources":["../../../src/scanner/checks/yara.test.ts"],"names":[],"mappings":""}

package/dist/scanner/checks/yara.test.js

@@ -0,0 +1,126 @@
+import { describe, expect, it } from "vitest";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+import { checkYara, getYaraVersion, isYaraAvailable, listYaraRules } from "./yara.js";
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const ZOO_YARA_DIR = join(__dirname, "..", "..", "..", "zoo", "signatures", "yara");
+function makeContents(files) {
+    const manifest = {
+        name: "test-extension",
+        publisher: "test",
+        version: "1.0.0",
+    };
+    const fileMap = new Map();
+    for (const [name, content] of Object.entries(files)) {
+        fileMap.set(name, Buffer.from(content, "utf8"));
+    }
+    return { manifest, files: fileMap, basePath: "/test" };
+}
+describe("isYaraAvailable", () => {
+    it("returns boolean indicating YARA installation status", async () => {
+        const result = await isYaraAvailable();
+        // This will be true if yara is installed, false otherwise
+        expect(typeof result).toBe("boolean");
+    });
+});
+describe("getYaraVersion", () => {
+    it("returns version string or null", async () => {
+        const result = await getYaraVersion();
+        if (result !== null) {
+            // If YARA is installed, version should be a non-empty string
+            expect(result.length).toBeGreaterThan(0);
+        }
+    });
+});
+describe("listYaraRules", () => {
+    it("lists YARA rule files in zoo directory", async () => {
+        const rules = await listYaraRules(ZOO_YARA_DIR);
+        // We should have some YARA rules in the zoo
+        expect(Array.isArray(rules)).toBe(true);
+        // All files should have .yar or .yara extension
+        expect(rules.every((r) => r.endsWith(".yar") || r.endsWith(".yara"))).toBe(true);
+    });
+    it("returns empty array for non-existent directory", async () => {
+        const rules = await listYaraRules("/nonexistent/path");
+        expect(rules).toEqual([]);
+    });
+});
+describe("checkYara", () => {
+    it("returns appropriate result based on YARA availability", async () => {
+        const available = await isYaraAvailable();
+        const contents = makeContents({ "test.js": "console.log('test');" });
+        const findings = await checkYara(contents);
+        if (!available) {
+            // When YARA is not installed, should return informational finding
+            expect(findings).toHaveLength(1);
+            expect(findings.some((f) => f.id === "YARA_NOT_INSTALLED")).toBe(true);
+            expect(findings.some((f) => f.severity === "low")).toBe(true);
+            const finding = findings.find((f) => f.id === "YARA_NOT_INSTALLED");
+            expect(finding?.metadata?.["suggestion"]).toBe("brew install yara-x");
+        }
+        else {
+            // When YARA is installed, should return scan results (possibly empty)
+            expect(Array.isArray(findings)).toBe(true);
+        }
+    });
+    it("returns empty findings for clean extension when YARA is available", async () => {
+        const available = await isYaraAvailable();
+        if (!available)
+            return; // Skip if YARA not installed
+        const contents = makeContents({
+            "extension.js": "console.log('Hello, World!');",
+            "package.json": JSON.stringify({ name: "test", version: "1.0.0" }),
+        });
+        const findings = await checkYara(contents);
+        // Should not match any YARA rules for clean code
+        const yaraMatches = findings.filter((f) => f.id.startsWith("YARA_") && f.id !== "YARA_NOT_INSTALLED");
+        expect(yaraMatches).toHaveLength(0);
+    });
+    it("handles extension with potentially suspicious content", async () => {
+        const available = await isYaraAvailable();
+        if (!available)
+            return; // Skip if YARA not installed
+        // Create content that might match YARA rules
+        // This includes variation selectors (U+FE00-FE0F) and eval
+        const suspiciousContent = `
+      const payload = "test\uFE01\uFE02\uFE03";
+      eval(atob(payload));
+    `;
+        const contents = makeContents({
+            "extension.js": suspiciousContent,
+        });
+        const findings = await checkYara(contents);
+        // Should return array of findings (might match rules depending on rule content)
+        expect(Array.isArray(findings)).toBe(true);
+    });
+    it("includes metadata when rules match", async () => {
+        const available = await isYaraAvailable();
+        if (!available)
+            return; // Skip if YARA not installed
+        const contents = makeContents({
+            "extension.js": `
+        const wallet = "metamask";
+        const key = ".ssh/id_rsa";
+        eval(Buffer.from("Y29kZQ==", "base64").toString());
+      `,
+        });
+        const findings = await checkYara(contents);
+        // If any YARA rules matched, finding ID should include rule name
+        for (const finding of findings) {
+            if (finding.id !== "YARA_NOT_INSTALLED") {
+                expect(finding.id).toMatch(/^YARA_/);
+                expect(finding.metadata?.["rule"]).toBeDefined();
+            }
+        }
+    });
+    it("handles empty extension gracefully", async () => {
+        const available = await isYaraAvailable();
+        if (!available)
+            return; // Skip if YARA not installed
+        const contents = makeContents({});
+        const findings = await checkYara(contents);
+        // Should not throw and should return array
+        expect(Array.isArray(findings)).toBe(true);
+    });
+});
+//# sourceMappingURL=yara.test.js.map

package/dist/scanner/checks/yara.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"yara.test.js","sourceRoot":"","sources":["../../../src/scanner/checks/yara.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAEtF,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC1D,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;AAEpF,SAAS,YAAY,CAAC,KAA6B;IACjD,MAAM,QAAQ,GAAiB;QAC7B,IAAI,EAAE,gBAAgB;QACtB,SAAS,EAAE,MAAM;QACjB,OAAO,EAAE,OAAO;KACjB,CAAC;IAEF,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC1C,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;IAClD,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;AACzD,CAAC;AAED,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;QACnE,MAAM,MAAM,GAAG,MAAM,eAAe,EAAE,CAAC;QAEvC,0DAA0D;QAC1D,MAAM,CAAC,OAAO,MAAM,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC9C,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE,CAAC;QAEtC,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,6DAA6D;YAC7D,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;QACtD,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,YAAY,CAAC,CAAC;QAEhD,4CAA4C;QAC5C,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxC,gDAAgD;QAChD,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,mBAAmB,CAAC,CAAC;QAEvD,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE;IACzB,EAAE,CAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;QACrE,MAAM,SAAS,GAAG,MAAM,eAAe,EAAE,CAAC;QAC1C,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,SAAS,EAAE,sBAAsB,EAAE,CAAC,CAAC;QACrE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC;QAE3C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,kEAAkE;YAClE,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACjC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9D,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAC;YACpE,MAAM,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QACxE,CAAC;aAAM,CAAC;YACN,sEAAsE;YACtE,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,MAAM,SAAS,GAAG,MAAM,eAAe,EAAE,CAAC;QAC1C,IAAI,CAAC,SAAS;YAAE,OAAO,CAAC,6BAA6B;QAErD,MAAM,QAAQ,GAAG,YAAY,CAAC;YAC5B,cAAc,EAAE,+BAA+B;YAC/C,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;SACnE,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC;QAE3C,iDAAiD;QACjD,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CACjC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,EAAE,KAAK,oBAAoB,CACjE,CAAC;QACF,MAAM,CAAC,WAAW,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;QACrE,MAAM,SAAS,GAAG,MAAM,eAAe,EAAE,CAAC;QAC1C,IAAI,CAAC,SAAS;YAAE,OAAO,CAAC,6BAA6B;QAErD,6CAA6C;QAC7C,2DAA2D;QAC3D,MAAM,iBAAiB,GAAG;;;KAGzB,CAAC;QAEF,MAAM,QAAQ,GAAG,YAAY,CAAC;YAC5B,cAAc,EAAE,iBAAiB;SAClC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC;QAE3C,gFAAgF;QAChF,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;QAClD,MAAM,SAAS,GAAG,MAAM,eAAe,EAAE,CAAC;QAC1C,IAAI,CAAC,SAAS;YAAE,OAAO,CAAC,6BAA6B;QAErD,MAAM,QAAQ,GAAG,YAAY,CAAC;YAC5B,cAAc,EAAE;;;;OAIf;SACF,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC;QAE3C,iEAAiE;QACjE,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,IAAI,OAAO,CAAC,EAAE,KAAK,oBAAoB,EAAE,CAAC;gBACxC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;gBACrC,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;YACnD,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;QAClD,MAAM,SAAS,GAAG,MAAM,eAAe,EAAE,CAAC;QAC1C,IAAI,CAAC,SAAS;YAAE,OAAO,CAAC,6BAA6B;QAErD,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,CAAC,CAAC;QAElC,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC;QAE3C,2CAA2C;QAC3C,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/scanner/constants.d.ts

@@ -0,0 +1,18 @@
+/**
+ * File extensions that can be scanned for code patterns.
+ * Used by pattern, IOC, and unicode checks.
+ */
+/** Code files - JavaScript, TypeScript, and script files */
+export declare const CODE_EXTENSIONS: Set<string>;
+/** Data files that may contain IOCs */
+export declare const DATA_EXTENSIONS: Set<string>;
+/** Text files for unicode analysis */
+export declare const TEXT_EXTENSIONS: Set<string>;
+/** All scannable extensions for IOC checks (code + data) */
+export declare const SCANNABLE_EXTENSIONS_IOC: Set<string>;
+/** Scannable extensions for pattern checks (code only) */
+export declare const SCANNABLE_EXTENSIONS_PATTERN: Set<string>;
+/** Scannable extensions for unicode checks (code + data + text) */
+export declare const SCANNABLE_EXTENSIONS_UNICODE: Set<string>;
+export declare function isScannable(filename: string, extensions: Set<string>): boolean;
+//# sourceMappingURL=constants.d.ts.map

package/dist/scanner/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/scanner/constants.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,4DAA4D;AAC5D,eAAO,MAAM,eAAe,aAY1B,CAAC;AAEH,uCAAuC;AACvC,eAAO,MAAM,eAAe,aAAqB,CAAC;AAElD,sCAAsC;AACtC,eAAO,MAAM,eAAe,aAA2B,CAAC;AAExD,4DAA4D;AAC5D,eAAO,MAAM,wBAAwB,aAAoD,CAAC;AAE1F,0DAA0D;AAC1D,eAAO,MAAM,4BAA4B,aAAkB,CAAC;AAE5D,mEAAmE;AACnE,eAAO,MAAM,4BAA4B,aAIvC,CAAC;AAEH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,CAG9E"}

package/dist/scanner/constants.js

@@ -0,0 +1,37 @@
+/**
+ * File extensions that can be scanned for code patterns.
+ * Used by pattern, IOC, and unicode checks.
+ */
+/** Code files - JavaScript, TypeScript, and script files */
+export const CODE_EXTENSIONS = new Set([
+    ".js",
+    ".ts",
+    ".mjs",
+    ".cjs",
+    ".jsx",
+    ".tsx",
+    ".ps1",
+    ".sh",
+    ".bat",
+    ".cmd",
+    ".py",
+]);
+/** Data files that may contain IOCs */
+export const DATA_EXTENSIONS = new Set([".json"]);
+/** Text files for unicode analysis */
+export const TEXT_EXTENSIONS = new Set([".md", ".txt"]);
+/** All scannable extensions for IOC checks (code + data) */
+export const SCANNABLE_EXTENSIONS_IOC = new Set([...CODE_EXTENSIONS, ...DATA_EXTENSIONS]);
+/** Scannable extensions for pattern checks (code only) */
+export const SCANNABLE_EXTENSIONS_PATTERN = CODE_EXTENSIONS;
+/** Scannable extensions for unicode checks (code + data + text) */
+export const SCANNABLE_EXTENSIONS_UNICODE = new Set([
+    ...CODE_EXTENSIONS,
+    ...DATA_EXTENSIONS,
+    ...TEXT_EXTENSIONS,
+]);
+export function isScannable(filename, extensions) {
+    const ext = filename.slice(filename.lastIndexOf(".")).toLowerCase();
+    return extensions.has(ext);
+}
+//# sourceMappingURL=constants.js.map

package/dist/scanner/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/scanner/constants.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,4DAA4D;AAC5D,MAAM,CAAC,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IACrC,KAAK;IACL,KAAK;IACL,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,KAAK;IACL,MAAM;IACN,MAAM;IACN,KAAK;CACN,CAAC,CAAC;AAEH,uCAAuC;AACvC,MAAM,CAAC,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;AAElD,sCAAsC;AACtC,MAAM,CAAC,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;AAExD,4DAA4D;AAC5D,MAAM,CAAC,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,eAAe,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC;AAE1F,0DAA0D;AAC1D,MAAM,CAAC,MAAM,4BAA4B,GAAG,eAAe,CAAC;AAE5D,mEAAmE;AACnE,MAAM,CAAC,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAAC;IAClD,GAAG,eAAe;IAClB,GAAG,eAAe;IAClB,GAAG,eAAe;CACnB,CAAC,CAAC;AAEH,MAAM,UAAU,WAAW,CAAC,QAAgB,EAAE,UAAuB;IACnE,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IACpE,OAAO,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC"}

package/dist/scanner/detection-coverage.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=detection-coverage.test.d.ts.map

package/dist/scanner/detection-coverage.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"detection-coverage.test.d.ts","sourceRoot":"","sources":["../../src/scanner/detection-coverage.test.ts"],"names":[],"mappings":""}